xmrig | 0bffcc649f0e3e6ab31d8b07df72ff2b6d73363964025ef030095674c1e58697

Analysis

max time kernel
92s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
Size

3.1MB
MD5

30fb86387fda2e3e5f88d90dc451aef0
SHA1

ce275a9eb197fb2df511497704409fa442412848
SHA256

0bffcc649f0e3e6ab31d8b07df72ff2b6d73363964025ef030095674c1e58697
SHA512

170f118a0502993fb8c42d09ea4c0cf73b70f9593defa8f1bcb9dd8e72295b23eb1a19f3863eed6e8b9baea99d9e109a70dc5b6dbf71f21a51188b4e85c88013
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWe:SbBeSFkK

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2700-0-0x00007FF7C4BB0000-0x00007FF7C4FA6000-memory.dmp	xmrig
behavioral2/files/0x0006000000023278-5.dat	xmrig
behavioral2/files/0x00080000000233fb-10.dat	xmrig
behavioral2/files/0x00070000000233fc-9.dat	xmrig
behavioral2/files/0x00070000000233ff-31.dat	xmrig
behavioral2/files/0x00070000000233fd-35.dat	xmrig
behavioral2/files/0x0007000000023403-47.dat	xmrig
behavioral2/files/0x0007000000023404-61.dat	xmrig
behavioral2/files/0x0007000000023406-67.dat	xmrig
behavioral2/files/0x0007000000023409-82.dat	xmrig
behavioral2/memory/2080-99-0x00007FF611670000-0x00007FF611A66000-memory.dmp	xmrig
behavioral2/memory/1056-108-0x00007FF742100000-0x00007FF7424F6000-memory.dmp	xmrig
behavioral2/memory/5040-128-0x00007FF7774D0000-0x00007FF7778C6000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-131.dat	xmrig
behavioral2/memory/2676-136-0x00007FF65A430000-0x00007FF65A826000-memory.dmp	xmrig
behavioral2/memory/5100-139-0x00007FF7E5AD0000-0x00007FF7E5EC6000-memory.dmp	xmrig
behavioral2/memory/1392-143-0x00007FF760D50000-0x00007FF761146000-memory.dmp	xmrig
behavioral2/files/0x0007000000023414-179.dat	xmrig
behavioral2/files/0x000700000002341d-207.dat	xmrig
behavioral2/memory/4896-227-0x00007FF6AF970000-0x00007FF6AFD66000-memory.dmp	xmrig
behavioral2/memory/904-236-0x00007FF67F410000-0x00007FF67F806000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-222.dat	xmrig
behavioral2/files/0x000700000002341f-221.dat	xmrig
behavioral2/files/0x000800000002340f-216.dat	xmrig
behavioral2/files/0x000700000002341e-210.dat	xmrig
behavioral2/files/0x000700000002341c-204.dat	xmrig
behavioral2/files/0x000700000002341b-203.dat	xmrig
behavioral2/files/0x000700000002341a-198.dat	xmrig
behavioral2/files/0x0007000000023419-197.dat	xmrig
behavioral2/files/0x0007000000023418-192.dat	xmrig
behavioral2/files/0x0007000000023416-184.dat	xmrig
behavioral2/files/0x0007000000023415-182.dat	xmrig
behavioral2/files/0x0008000000023410-173.dat	xmrig
behavioral2/files/0x0007000000023412-156.dat	xmrig
behavioral2/files/0x0007000000023411-154.dat	xmrig
behavioral2/memory/224-147-0x00007FF69EB40000-0x00007FF69EF36000-memory.dmp	xmrig
behavioral2/memory/2036-146-0x00007FF796DC0000-0x00007FF7971B6000-memory.dmp	xmrig
behavioral2/memory/3620-145-0x00007FF7BA7A0000-0x00007FF7BAB96000-memory.dmp	xmrig
behavioral2/memory/1712-144-0x00007FF605CD0000-0x00007FF6060C6000-memory.dmp	xmrig
behavioral2/memory/2492-142-0x00007FF612600000-0x00007FF6129F6000-memory.dmp	xmrig
behavioral2/memory/1640-141-0x00007FF6485A0000-0x00007FF648996000-memory.dmp	xmrig
behavioral2/memory/3576-140-0x00007FF613700000-0x00007FF613AF6000-memory.dmp	xmrig
behavioral2/memory/880-138-0x00007FF714170000-0x00007FF714566000-memory.dmp	xmrig
behavioral2/memory/2388-137-0x00007FF7159D0000-0x00007FF715DC6000-memory.dmp	xmrig
behavioral2/memory/5104-135-0x00007FF623010000-0x00007FF623406000-memory.dmp	xmrig
behavioral2/memory/4900-134-0x00007FF6505B0000-0x00007FF6509A6000-memory.dmp	xmrig
behavioral2/memory/1008-133-0x00007FF7E85F0000-0x00007FF7E89E6000-memory.dmp	xmrig
behavioral2/memory/2112-130-0x00007FF7BFBC0000-0x00007FF7BFFB6000-memory.dmp	xmrig
behavioral2/memory/4780-127-0x00007FF6B1430000-0x00007FF6B1826000-memory.dmp	xmrig
behavioral2/files/0x000700000002340d-125.dat	xmrig
behavioral2/files/0x000700000002340c-123.dat	xmrig
behavioral2/files/0x000700000002340b-118.dat	xmrig
behavioral2/files/0x00090000000233f4-106.dat	xmrig
behavioral2/files/0x000700000002340a-104.dat	xmrig
behavioral2/files/0x0007000000023408-100.dat	xmrig
behavioral2/files/0x0007000000023407-95.dat	xmrig
behavioral2/files/0x0007000000023405-85.dat	xmrig
behavioral2/files/0x0007000000023401-56.dat	xmrig
behavioral2/files/0x0007000000023402-54.dat	xmrig
behavioral2/files/0x00070000000233fe-42.dat	xmrig
behavioral2/files/0x0007000000023400-40.dat	xmrig
behavioral2/memory/4224-25-0x00007FF7C9BA0000-0x00007FF7C9F96000-memory.dmp	xmrig
behavioral2/memory/2876-13-0x00007FF6A7E70000-0x00007FF6A8266000-memory.dmp	xmrig
behavioral2/memory/2700-2074-0x00007FF7C4BB0000-0x00007FF7C4FA6000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
4	1684	powershell.exe
8	1684	powershell.exe
14	1684	powershell.exe
15	1684	powershell.exe
16	1684	powershell.exe
17	1684	powershell.exe
20	1684	powershell.exe
32	1684	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1684	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2876	EdibAxS.exe
2492	dvHITLU.exe
4224	MiXYqtR.exe
1392	TzTostn.exe
2080	JhffJQp.exe
1056	akXWsAn.exe
1712	yefAgcQ.exe
4780	srVaGRX.exe
5040	aDpjXXT.exe
2112	bjzZlLC.exe
1008	mzRMVEu.exe
4900	wzSZmzd.exe
3620	lQDMlni.exe
5104	DiXAgkb.exe
2676	juMzjQA.exe
2388	ziwJfwf.exe
880	NlgTZPR.exe
5100	NlsGExP.exe
2036	LaWHujF.exe
3576	FNZxedV.exe
1640	cGowJZF.exe
224	gckINnI.exe
4896	sLjWjWf.exe
904	HREYsMS.exe
2920	HZUJrxD.exe
3632	aNhkAxf.exe
4108	LFWDqKS.exe
5084	DvQimpF.exe
4296	lHkxcxd.exe
2468	PPrpnIJ.exe
4456	Uvgylwe.exe
3356	XvMdrWS.exe
4256	vXpGwBN.exe
832	CigsBuP.exe
3388	THgrEUZ.exe
1744	knpGjJd.exe
4444	qfbkSWz.exe
2156	WttnjwG.exe
392	MGJJcGe.exe
960	aiYwpmU.exe
3764	qitKMPZ.exe
3180	Cepxisw.exe
4372	fUDOwSG.exe
2832	IILbtea.exe
4476	TvMuOCL.exe
2460	UZDpGgh.exe
2272	ZbZTKMl.exe
380	pZPOgCv.exe
2140	RNsGydu.exe
3448	wSeCmrA.exe
2420	XUNDsyD.exe
3020	mkWRAGp.exe
1372	qcAJmai.exe
4324	stXXUvo.exe
3436	AoRSqzE.exe
3520	ZusZPaY.exe
3972	AUqaqQR.exe
2556	nHVhRsu.exe
4024	kEvBwds.exe
3852	TYYSRXr.exe
1916	MIhOtYM.exe
1956	LSnPEWT.exe
4644	bXWzxjr.exe
2936	OfNZAdG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2700-0-0x00007FF7C4BB0000-0x00007FF7C4FA6000-memory.dmp	upx
behavioral2/files/0x0006000000023278-5.dat	upx
behavioral2/files/0x00080000000233fb-10.dat	upx
behavioral2/files/0x00070000000233fc-9.dat	upx
behavioral2/files/0x00070000000233ff-31.dat	upx
behavioral2/files/0x00070000000233fd-35.dat	upx
behavioral2/files/0x0007000000023403-47.dat	upx
behavioral2/files/0x0007000000023404-61.dat	upx
behavioral2/files/0x0007000000023406-67.dat	upx
behavioral2/files/0x0007000000023409-82.dat	upx
behavioral2/memory/2080-99-0x00007FF611670000-0x00007FF611A66000-memory.dmp	upx
behavioral2/memory/1056-108-0x00007FF742100000-0x00007FF7424F6000-memory.dmp	upx
behavioral2/memory/5040-128-0x00007FF7774D0000-0x00007FF7778C6000-memory.dmp	upx
behavioral2/files/0x000700000002340e-131.dat	upx
behavioral2/memory/2676-136-0x00007FF65A430000-0x00007FF65A826000-memory.dmp	upx
behavioral2/memory/5100-139-0x00007FF7E5AD0000-0x00007FF7E5EC6000-memory.dmp	upx
behavioral2/memory/1392-143-0x00007FF760D50000-0x00007FF761146000-memory.dmp	upx
behavioral2/files/0x0007000000023414-179.dat	upx
behavioral2/files/0x000700000002341d-207.dat	upx
behavioral2/memory/4896-227-0x00007FF6AF970000-0x00007FF6AFD66000-memory.dmp	upx
behavioral2/memory/904-236-0x00007FF67F410000-0x00007FF67F806000-memory.dmp	upx
behavioral2/files/0x0007000000023413-222.dat	upx
behavioral2/files/0x000700000002341f-221.dat	upx
behavioral2/files/0x000800000002340f-216.dat	upx
behavioral2/files/0x000700000002341e-210.dat	upx
behavioral2/files/0x000700000002341c-204.dat	upx
behavioral2/files/0x000700000002341b-203.dat	upx
behavioral2/files/0x000700000002341a-198.dat	upx
behavioral2/files/0x0007000000023419-197.dat	upx
behavioral2/files/0x0007000000023418-192.dat	upx
behavioral2/files/0x0007000000023416-184.dat	upx
behavioral2/files/0x0007000000023415-182.dat	upx
behavioral2/files/0x0008000000023410-173.dat	upx
behavioral2/files/0x0007000000023412-156.dat	upx
behavioral2/files/0x0007000000023411-154.dat	upx
behavioral2/memory/224-147-0x00007FF69EB40000-0x00007FF69EF36000-memory.dmp	upx
behavioral2/memory/2036-146-0x00007FF796DC0000-0x00007FF7971B6000-memory.dmp	upx
behavioral2/memory/3620-145-0x00007FF7BA7A0000-0x00007FF7BAB96000-memory.dmp	upx
behavioral2/memory/1712-144-0x00007FF605CD0000-0x00007FF6060C6000-memory.dmp	upx
behavioral2/memory/2492-142-0x00007FF612600000-0x00007FF6129F6000-memory.dmp	upx
behavioral2/memory/1640-141-0x00007FF6485A0000-0x00007FF648996000-memory.dmp	upx
behavioral2/memory/3576-140-0x00007FF613700000-0x00007FF613AF6000-memory.dmp	upx
behavioral2/memory/880-138-0x00007FF714170000-0x00007FF714566000-memory.dmp	upx
behavioral2/memory/2388-137-0x00007FF7159D0000-0x00007FF715DC6000-memory.dmp	upx
behavioral2/memory/5104-135-0x00007FF623010000-0x00007FF623406000-memory.dmp	upx
behavioral2/memory/4900-134-0x00007FF6505B0000-0x00007FF6509A6000-memory.dmp	upx
behavioral2/memory/1008-133-0x00007FF7E85F0000-0x00007FF7E89E6000-memory.dmp	upx
behavioral2/memory/2112-130-0x00007FF7BFBC0000-0x00007FF7BFFB6000-memory.dmp	upx
behavioral2/memory/4780-127-0x00007FF6B1430000-0x00007FF6B1826000-memory.dmp	upx
behavioral2/files/0x000700000002340d-125.dat	upx
behavioral2/files/0x000700000002340c-123.dat	upx
behavioral2/files/0x000700000002340b-118.dat	upx
behavioral2/files/0x00090000000233f4-106.dat	upx
behavioral2/files/0x000700000002340a-104.dat	upx
behavioral2/files/0x0007000000023408-100.dat	upx
behavioral2/files/0x0007000000023407-95.dat	upx
behavioral2/files/0x0007000000023405-85.dat	upx
behavioral2/files/0x0007000000023401-56.dat	upx
behavioral2/files/0x0007000000023402-54.dat	upx
behavioral2/files/0x00070000000233fe-42.dat	upx
behavioral2/files/0x0007000000023400-40.dat	upx
behavioral2/memory/4224-25-0x00007FF7C9BA0000-0x00007FF7C9F96000-memory.dmp	upx
behavioral2/memory/2876-13-0x00007FF6A7E70000-0x00007FF6A8266000-memory.dmp	upx
behavioral2/memory/2700-2074-0x00007FF7C4BB0000-0x00007FF7C4FA6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
2	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hIoUqbY.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\SuCRqlb.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\oPoUoCc.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\qcAJmai.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\iiYAgul.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\pGPdVwZ.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\DvQimpF.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\LgfzqXO.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\CExCSAO.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\ypIdgKm.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\nBUQTOz.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\juMzjQA.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\sLjWjWf.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\GqdFRPT.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\gKWsorh.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\MgHksAA.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\zAZHZdo.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\lEKgYxr.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\FUqjqry.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\ofgRSYW.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\LNfxfwk.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\KzduXpx.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\ThRkpRg.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\XmBViMF.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\aneYSbL.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\ZpKYcrP.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\QUpxGXU.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\yWIBqQz.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\MVqtlxq.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\rBoYhdH.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\BhBqpOr.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\qfbkSWz.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\RqruQMe.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\jqXUboc.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\MiXYqtR.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\DFKWkQx.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\QHNZGUn.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\lZzjOpx.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\HbmhkaH.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\FYcqzNT.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\loiJSUR.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\WUgboPX.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\hRZypSG.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\ziwJfwf.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\DoxsgTG.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\AvXvXZd.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\Fvgpewc.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\SlBCNtk.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\rPSvrOB.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\fIbbynk.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\gckINnI.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\aNhkAxf.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\OfNZAdG.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\BCJMckK.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\dBTYqjo.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\cNrnPly.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\SCtfgpu.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\LrWRkKZ.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\CQRXdxL.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\iZFcrmD.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\dzUnMwo.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\RgOjvGM.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\vdATwOO.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
File created	C:\Windows\System\vpVtzPQ.exe	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1684	powershell.exe
1684	powershell.exe
1684	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
Token: SeDebugPrivilege	1684	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 1684	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	83
PID 2700 wrote to memory of 1684	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	83
PID 2700 wrote to memory of 2876	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	84
PID 2700 wrote to memory of 2876	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	84
PID 2700 wrote to memory of 2492	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	85
PID 2700 wrote to memory of 2492	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	85
PID 2700 wrote to memory of 4224	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	86
PID 2700 wrote to memory of 4224	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	86
PID 2700 wrote to memory of 1392	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	87
PID 2700 wrote to memory of 1392	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	87
PID 2700 wrote to memory of 2080	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	88
PID 2700 wrote to memory of 2080	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	88
PID 2700 wrote to memory of 1056	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	89
PID 2700 wrote to memory of 1056	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	89
PID 2700 wrote to memory of 1712	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	90
PID 2700 wrote to memory of 1712	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	90
PID 2700 wrote to memory of 4780	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	91
PID 2700 wrote to memory of 4780	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	91
PID 2700 wrote to memory of 5040	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	92
PID 2700 wrote to memory of 5040	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	92
PID 2700 wrote to memory of 2112	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	93
PID 2700 wrote to memory of 2112	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	93
PID 2700 wrote to memory of 1008	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	94
PID 2700 wrote to memory of 1008	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	94
PID 2700 wrote to memory of 4900	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	95
PID 2700 wrote to memory of 4900	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	95
PID 2700 wrote to memory of 3620	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	96
PID 2700 wrote to memory of 3620	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	96
PID 2700 wrote to memory of 5104	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	97
PID 2700 wrote to memory of 5104	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	97
PID 2700 wrote to memory of 2676	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	98
PID 2700 wrote to memory of 2676	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	98
PID 2700 wrote to memory of 2388	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	99
PID 2700 wrote to memory of 2388	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	99
PID 2700 wrote to memory of 880	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	100
PID 2700 wrote to memory of 880	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	100
PID 2700 wrote to memory of 5100	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	101
PID 2700 wrote to memory of 5100	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	101
PID 2700 wrote to memory of 2036	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	102
PID 2700 wrote to memory of 2036	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	102
PID 2700 wrote to memory of 3576	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	103
PID 2700 wrote to memory of 3576	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	103
PID 2700 wrote to memory of 1640	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	104
PID 2700 wrote to memory of 1640	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	104
PID 2700 wrote to memory of 224	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	105
PID 2700 wrote to memory of 224	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	105
PID 2700 wrote to memory of 4896	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	106
PID 2700 wrote to memory of 4896	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	106
PID 2700 wrote to memory of 904	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	107
PID 2700 wrote to memory of 904	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	107
PID 2700 wrote to memory of 2920	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	108
PID 2700 wrote to memory of 2920	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	108
PID 2700 wrote to memory of 3632	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	109
PID 2700 wrote to memory of 3632	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	109
PID 2700 wrote to memory of 4108	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	110
PID 2700 wrote to memory of 4108	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	110
PID 2700 wrote to memory of 5084	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	111
PID 2700 wrote to memory of 5084	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	111
PID 2700 wrote to memory of 4296	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	112
PID 2700 wrote to memory of 4296	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	112
PID 2700 wrote to memory of 2468	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	113
PID 2700 wrote to memory of 2468	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	113
PID 2700 wrote to memory of 2832	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	114
PID 2700 wrote to memory of 2832	2700	30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30fb86387fda2e3e5f88d90dc451aef0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1684
- C:\Windows\System\EdibAxS.exe
  C:\Windows\System\EdibAxS.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\dvHITLU.exe
  C:\Windows\System\dvHITLU.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\MiXYqtR.exe
  C:\Windows\System\MiXYqtR.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\TzTostn.exe
  C:\Windows\System\TzTostn.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\JhffJQp.exe
  C:\Windows\System\JhffJQp.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\akXWsAn.exe
  C:\Windows\System\akXWsAn.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\yefAgcQ.exe
  C:\Windows\System\yefAgcQ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\srVaGRX.exe
  C:\Windows\System\srVaGRX.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\aDpjXXT.exe
  C:\Windows\System\aDpjXXT.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\bjzZlLC.exe
  C:\Windows\System\bjzZlLC.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\mzRMVEu.exe
  C:\Windows\System\mzRMVEu.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\wzSZmzd.exe
  C:\Windows\System\wzSZmzd.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\lQDMlni.exe
  C:\Windows\System\lQDMlni.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\DiXAgkb.exe
  C:\Windows\System\DiXAgkb.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\juMzjQA.exe
  C:\Windows\System\juMzjQA.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ziwJfwf.exe
  C:\Windows\System\ziwJfwf.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\NlgTZPR.exe
  C:\Windows\System\NlgTZPR.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\NlsGExP.exe
  C:\Windows\System\NlsGExP.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\LaWHujF.exe
  C:\Windows\System\LaWHujF.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\FNZxedV.exe
  C:\Windows\System\FNZxedV.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\cGowJZF.exe
  C:\Windows\System\cGowJZF.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\gckINnI.exe
  C:\Windows\System\gckINnI.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\sLjWjWf.exe
  C:\Windows\System\sLjWjWf.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\HREYsMS.exe
  C:\Windows\System\HREYsMS.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\HZUJrxD.exe
  C:\Windows\System\HZUJrxD.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\aNhkAxf.exe
  C:\Windows\System\aNhkAxf.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\LFWDqKS.exe
  C:\Windows\System\LFWDqKS.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\DvQimpF.exe
  C:\Windows\System\DvQimpF.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\lHkxcxd.exe
  C:\Windows\System\lHkxcxd.exe
  2⤵
  - Executes dropped EXE
  PID:4296
- C:\Windows\System\PPrpnIJ.exe
  C:\Windows\System\PPrpnIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\IILbtea.exe
  C:\Windows\System\IILbtea.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\Uvgylwe.exe
  C:\Windows\System\Uvgylwe.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\XvMdrWS.exe
  C:\Windows\System\XvMdrWS.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\vXpGwBN.exe
  C:\Windows\System\vXpGwBN.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\CigsBuP.exe
  C:\Windows\System\CigsBuP.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\THgrEUZ.exe
  C:\Windows\System\THgrEUZ.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\knpGjJd.exe
  C:\Windows\System\knpGjJd.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\qfbkSWz.exe
  C:\Windows\System\qfbkSWz.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\WttnjwG.exe
  C:\Windows\System\WttnjwG.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\MGJJcGe.exe
  C:\Windows\System\MGJJcGe.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\aiYwpmU.exe
  C:\Windows\System\aiYwpmU.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\qitKMPZ.exe
  C:\Windows\System\qitKMPZ.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\Cepxisw.exe
  C:\Windows\System\Cepxisw.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\fUDOwSG.exe
  C:\Windows\System\fUDOwSG.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\TvMuOCL.exe
  C:\Windows\System\TvMuOCL.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\UZDpGgh.exe
  C:\Windows\System\UZDpGgh.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\ZbZTKMl.exe
  C:\Windows\System\ZbZTKMl.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\pZPOgCv.exe
  C:\Windows\System\pZPOgCv.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\RNsGydu.exe
  C:\Windows\System\RNsGydu.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\wSeCmrA.exe
  C:\Windows\System\wSeCmrA.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\XUNDsyD.exe
  C:\Windows\System\XUNDsyD.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\mkWRAGp.exe
  C:\Windows\System\mkWRAGp.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\qcAJmai.exe
  C:\Windows\System\qcAJmai.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\stXXUvo.exe
  C:\Windows\System\stXXUvo.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\AoRSqzE.exe
  C:\Windows\System\AoRSqzE.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\ZusZPaY.exe
  C:\Windows\System\ZusZPaY.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\AUqaqQR.exe
  C:\Windows\System\AUqaqQR.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\nHVhRsu.exe
  C:\Windows\System\nHVhRsu.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\kEvBwds.exe
  C:\Windows\System\kEvBwds.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\TYYSRXr.exe
  C:\Windows\System\TYYSRXr.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\MIhOtYM.exe
  C:\Windows\System\MIhOtYM.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\LSnPEWT.exe
  C:\Windows\System\LSnPEWT.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\bXWzxjr.exe
  C:\Windows\System\bXWzxjr.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\OfNZAdG.exe
  C:\Windows\System\OfNZAdG.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\phjeqqF.exe
  C:\Windows\System\phjeqqF.exe
  2⤵
  PID:3700
- C:\Windows\System\jfwqBgB.exe
  C:\Windows\System\jfwqBgB.exe
  2⤵
  PID:6020
- C:\Windows\System\nxIiQBA.exe
  C:\Windows\System\nxIiQBA.exe
  2⤵
  PID:6064
- C:\Windows\System\hIvILTu.exe
  C:\Windows\System\hIvILTu.exe
  2⤵
  PID:6132
- C:\Windows\System\ifFPUqX.exe
  C:\Windows\System\ifFPUqX.exe
  2⤵
  PID:116
- C:\Windows\System\ojJVMgt.exe
  C:\Windows\System\ojJVMgt.exe
  2⤵
  PID:4620
- C:\Windows\System\MLbTEah.exe
  C:\Windows\System\MLbTEah.exe
  2⤵
  PID:3956
- C:\Windows\System\BCJMckK.exe
  C:\Windows\System\BCJMckK.exe
  2⤵
  PID:4276
- C:\Windows\System\sjWZCWp.exe
  C:\Windows\System\sjWZCWp.exe
  2⤵
  PID:2136
- C:\Windows\System\uhLpzSU.exe
  C:\Windows\System\uhLpzSU.exe
  2⤵
  PID:5272
- C:\Windows\System\fPqbRRb.exe
  C:\Windows\System\fPqbRRb.exe
  2⤵
  PID:3544
- C:\Windows\System\sOEcIeh.exe
  C:\Windows\System\sOEcIeh.exe
  2⤵
  PID:1932
- C:\Windows\System\HOYDCWq.exe
  C:\Windows\System\HOYDCWq.exe
  2⤵
  PID:3440
- C:\Windows\System\UvNGIhf.exe
  C:\Windows\System\UvNGIhf.exe
  2⤵
  PID:5396
- C:\Windows\System\jPCMOJq.exe
  C:\Windows\System\jPCMOJq.exe
  2⤵
  PID:5404
- C:\Windows\System\wplhxuO.exe
  C:\Windows\System\wplhxuO.exe
  2⤵
  PID:4028
- C:\Windows\System\qIbqbJD.exe
  C:\Windows\System\qIbqbJD.exe
  2⤵
  PID:912
- C:\Windows\System\LhBvqlM.exe
  C:\Windows\System\LhBvqlM.exe
  2⤵
  PID:5480
- C:\Windows\System\ofgRSYW.exe
  C:\Windows\System\ofgRSYW.exe
  2⤵
  PID:5508
- C:\Windows\System\xBWubxC.exe
  C:\Windows\System\xBWubxC.exe
  2⤵
  PID:5540
- C:\Windows\System\krItbpK.exe
  C:\Windows\System\krItbpK.exe
  2⤵
  PID:5552
- C:\Windows\System\ddicdrV.exe
  C:\Windows\System\ddicdrV.exe
  2⤵
  PID:3192
- C:\Windows\System\SjXKxNw.exe
  C:\Windows\System\SjXKxNw.exe
  2⤵
  PID:5584
- C:\Windows\System\VRuouuZ.exe
  C:\Windows\System\VRuouuZ.exe
  2⤵
  PID:692
- C:\Windows\System\BrFFrpp.exe
  C:\Windows\System\BrFFrpp.exe
  2⤵
  PID:4388
- C:\Windows\System\WYWPVnu.exe
  C:\Windows\System\WYWPVnu.exe
  2⤵
  PID:4416
- C:\Windows\System\dHntjjs.exe
  C:\Windows\System\dHntjjs.exe
  2⤵
  PID:5664
- C:\Windows\System\jkaKQWc.exe
  C:\Windows\System\jkaKQWc.exe
  2⤵
  PID:5708
- C:\Windows\System\LpXztSU.exe
  C:\Windows\System\LpXztSU.exe
  2⤵
  PID:2000
- C:\Windows\System\kPMAbmt.exe
  C:\Windows\System\kPMAbmt.exe
  2⤵
  PID:3484
- C:\Windows\System\MXYoRAH.exe
  C:\Windows\System\MXYoRAH.exe
  2⤵
  PID:5076
- C:\Windows\System\dBTYqjo.exe
  C:\Windows\System\dBTYqjo.exe
  2⤵
  PID:1312
- C:\Windows\System\FNgGIZO.exe
  C:\Windows\System\FNgGIZO.exe
  2⤵
  PID:4832
- C:\Windows\System\jSHoBSk.exe
  C:\Windows\System\jSHoBSk.exe
  2⤵
  PID:5860
- C:\Windows\System\PztBims.exe
  C:\Windows\System\PztBims.exe
  2⤵
  PID:5900
- C:\Windows\System\iBAANkJ.exe
  C:\Windows\System\iBAANkJ.exe
  2⤵
  PID:5952
- C:\Windows\System\RtNbDJz.exe
  C:\Windows\System\RtNbDJz.exe
  2⤵
  PID:1656
- C:\Windows\System\YEBhoUy.exe
  C:\Windows\System\YEBhoUy.exe
  2⤵
  PID:5976
- C:\Windows\System\uhLmgil.exe
  C:\Windows\System\uhLmgil.exe
  2⤵
  PID:6108
- C:\Windows\System\zwtSUCn.exe
  C:\Windows\System\zwtSUCn.exe
  2⤵
  PID:6128
- C:\Windows\System\qZWiwKA.exe
  C:\Windows\System\qZWiwKA.exe
  2⤵
  PID:2332
- C:\Windows\System\WYkysTD.exe
  C:\Windows\System\WYkysTD.exe
  2⤵
  PID:2720
- C:\Windows\System\jzoQbuI.exe
  C:\Windows\System\jzoQbuI.exe
  2⤵
  PID:1496
- C:\Windows\System\OvuwpSM.exe
  C:\Windows\System\OvuwpSM.exe
  2⤵
  PID:3788
- C:\Windows\System\vMNJKAT.exe
  C:\Windows\System\vMNJKAT.exe
  2⤵
  PID:3148
- C:\Windows\System\buCXylL.exe
  C:\Windows\System\buCXylL.exe
  2⤵
  PID:2664
- C:\Windows\System\RqruQMe.exe
  C:\Windows\System\RqruQMe.exe
  2⤵
  PID:764
- C:\Windows\System\XZznbqG.exe
  C:\Windows\System\XZznbqG.exe
  2⤵
  PID:5448
- C:\Windows\System\iNeDGZc.exe
  C:\Windows\System\iNeDGZc.exe
  2⤵
  PID:5516
- C:\Windows\System\gpQzsvS.exe
  C:\Windows\System\gpQzsvS.exe
  2⤵
  PID:5576
- C:\Windows\System\GAAUTqK.exe
  C:\Windows\System\GAAUTqK.exe
  2⤵
  PID:5500
- C:\Windows\System\jqeFPlm.exe
  C:\Windows\System\jqeFPlm.exe
  2⤵
  PID:5580
- C:\Windows\System\yKWEdYu.exe
  C:\Windows\System\yKWEdYu.exe
  2⤵
  PID:5644
- C:\Windows\System\CgIBORe.exe
  C:\Windows\System\CgIBORe.exe
  2⤵
  PID:1208
- C:\Windows\System\QDfeoHn.exe
  C:\Windows\System\QDfeoHn.exe
  2⤵
  PID:5788
- C:\Windows\System\MgHksAA.exe
  C:\Windows\System\MgHksAA.exe
  2⤵
  PID:5776
- C:\Windows\System\tGgaWxR.exe
  C:\Windows\System\tGgaWxR.exe
  2⤵
  PID:5884
- C:\Windows\System\jnLlTbE.exe
  C:\Windows\System\jnLlTbE.exe
  2⤵
  PID:5828
- C:\Windows\System\yCCgCbF.exe
  C:\Windows\System\yCCgCbF.exe
  2⤵
  PID:5992
- C:\Windows\System\XlWObhx.exe
  C:\Windows\System\XlWObhx.exe
  2⤵
  PID:6080
- C:\Windows\System\zAZHZdo.exe
  C:\Windows\System\zAZHZdo.exe
  2⤵
  PID:4932
- C:\Windows\System\DFKWkQx.exe
  C:\Windows\System\DFKWkQx.exe
  2⤵
  PID:3716
- C:\Windows\System\TUrfjQI.exe
  C:\Windows\System\TUrfjQI.exe
  2⤵
  PID:3592
- C:\Windows\System\yNHvurf.exe
  C:\Windows\System\yNHvurf.exe
  2⤵
  PID:5328
- C:\Windows\System\MlSNQcV.exe
  C:\Windows\System\MlSNQcV.exe
  2⤵
  PID:4848
- C:\Windows\System\RELfZxN.exe
  C:\Windows\System\RELfZxN.exe
  2⤵
  PID:5536
- C:\Windows\System\KFNCLce.exe
  C:\Windows\System\KFNCLce.exe
  2⤵
  PID:5616
- C:\Windows\System\JvikqOW.exe
  C:\Windows\System\JvikqOW.exe
  2⤵
  PID:5600
- C:\Windows\System\iCXdhMc.exe
  C:\Windows\System\iCXdhMc.exe
  2⤵
  PID:1364
- C:\Windows\System\jqXUboc.exe
  C:\Windows\System\jqXUboc.exe
  2⤵
  PID:5880
- C:\Windows\System\bDGDJdW.exe
  C:\Windows\System\bDGDJdW.exe
  2⤵
  PID:6040
- C:\Windows\System\arRbDDU.exe
  C:\Windows\System\arRbDDU.exe
  2⤵
  PID:5988
- C:\Windows\System\wNNURCH.exe
  C:\Windows\System\wNNURCH.exe
  2⤵
  PID:3920
- C:\Windows\System\hQIPQEx.exe
  C:\Windows\System\hQIPQEx.exe
  2⤵
  PID:1936
- C:\Windows\System\ktzjTUr.exe
  C:\Windows\System\ktzjTUr.exe
  2⤵
  PID:5424
- C:\Windows\System\iPsXJzd.exe
  C:\Windows\System\iPsXJzd.exe
  2⤵
  PID:3996
- C:\Windows\System\ZNRoMHr.exe
  C:\Windows\System\ZNRoMHr.exe
  2⤵
  PID:5732
- C:\Windows\System\OndUnSH.exe
  C:\Windows\System\OndUnSH.exe
  2⤵
  PID:5760
- C:\Windows\System\EzjJCET.exe
  C:\Windows\System\EzjJCET.exe
  2⤵
  PID:5820
- C:\Windows\System\dprTBcs.exe
  C:\Windows\System\dprTBcs.exe
  2⤵
  PID:3680
- C:\Windows\System\gJhRNva.exe
  C:\Windows\System\gJhRNva.exe
  2⤵
  PID:4116
- C:\Windows\System\OXqGeUQ.exe
  C:\Windows\System\OXqGeUQ.exe
  2⤵
  PID:5868
- C:\Windows\System\EmjyYca.exe
  C:\Windows\System\EmjyYca.exe
  2⤵
  PID:6092
- C:\Windows\System\iZFcrmD.exe
  C:\Windows\System\iZFcrmD.exe
  2⤵
  PID:3880
- C:\Windows\System\TxQRctt.exe
  C:\Windows\System\TxQRctt.exe
  2⤵
  PID:6172
- C:\Windows\System\DpKzgok.exe
  C:\Windows\System\DpKzgok.exe
  2⤵
  PID:6196
- C:\Windows\System\xRpaTtG.exe
  C:\Windows\System\xRpaTtG.exe
  2⤵
  PID:6220
- C:\Windows\System\maBCZPq.exe
  C:\Windows\System\maBCZPq.exe
  2⤵
  PID:6248
- C:\Windows\System\REowPbr.exe
  C:\Windows\System\REowPbr.exe
  2⤵
  PID:6288
- C:\Windows\System\mUeEDAD.exe
  C:\Windows\System\mUeEDAD.exe
  2⤵
  PID:6308
- C:\Windows\System\HWdRGmR.exe
  C:\Windows\System\HWdRGmR.exe
  2⤵
  PID:6344
- C:\Windows\System\exxmmox.exe
  C:\Windows\System\exxmmox.exe
  2⤵
  PID:6360
- C:\Windows\System\NdAbXXp.exe
  C:\Windows\System\NdAbXXp.exe
  2⤵
  PID:6400
- C:\Windows\System\jDwHHJa.exe
  C:\Windows\System\jDwHHJa.exe
  2⤵
  PID:6428
- C:\Windows\System\IyctYXs.exe
  C:\Windows\System\IyctYXs.exe
  2⤵
  PID:6456
- C:\Windows\System\lwHHdiE.exe
  C:\Windows\System\lwHHdiE.exe
  2⤵
  PID:6476
- C:\Windows\System\VmWDgOG.exe
  C:\Windows\System\VmWDgOG.exe
  2⤵
  PID:6508
- C:\Windows\System\DNhczeR.exe
  C:\Windows\System\DNhczeR.exe
  2⤵
  PID:6540
- C:\Windows\System\TyfoQAr.exe
  C:\Windows\System\TyfoQAr.exe
  2⤵
  PID:6568
- C:\Windows\System\XuqmBKO.exe
  C:\Windows\System\XuqmBKO.exe
  2⤵
  PID:6596
- C:\Windows\System\xlailgP.exe
  C:\Windows\System\xlailgP.exe
  2⤵
  PID:6632
- C:\Windows\System\wQqDJQV.exe
  C:\Windows\System\wQqDJQV.exe
  2⤵
  PID:6660
- C:\Windows\System\QIHJUOp.exe
  C:\Windows\System\QIHJUOp.exe
  2⤵
  PID:6688
- C:\Windows\System\CvBwKYO.exe
  C:\Windows\System\CvBwKYO.exe
  2⤵
  PID:6716
- C:\Windows\System\gjzFmTx.exe
  C:\Windows\System\gjzFmTx.exe
  2⤵
  PID:6740
- C:\Windows\System\QcjRpbi.exe
  C:\Windows\System\QcjRpbi.exe
  2⤵
  PID:6768
- C:\Windows\System\QhASpDE.exe
  C:\Windows\System\QhASpDE.exe
  2⤵
  PID:6804
- C:\Windows\System\LgfzqXO.exe
  C:\Windows\System\LgfzqXO.exe
  2⤵
  PID:6828
- C:\Windows\System\ueSxDle.exe
  C:\Windows\System\ueSxDle.exe
  2⤵
  PID:6856
- C:\Windows\System\YmfhRHm.exe
  C:\Windows\System\YmfhRHm.exe
  2⤵
  PID:6884
- C:\Windows\System\LQnCliQ.exe
  C:\Windows\System\LQnCliQ.exe
  2⤵
  PID:6912
- C:\Windows\System\wdTSvgf.exe
  C:\Windows\System\wdTSvgf.exe
  2⤵
  PID:6940
- C:\Windows\System\WIEPSSf.exe
  C:\Windows\System\WIEPSSf.exe
  2⤵
  PID:6968
- C:\Windows\System\UlJxeGv.exe
  C:\Windows\System\UlJxeGv.exe
  2⤵
  PID:6984
- C:\Windows\System\cNrnPly.exe
  C:\Windows\System\cNrnPly.exe
  2⤵
  PID:7008
- C:\Windows\System\Zjsgxdw.exe
  C:\Windows\System\Zjsgxdw.exe
  2⤵
  PID:7044
- C:\Windows\System\NgJMqRJ.exe
  C:\Windows\System\NgJMqRJ.exe
  2⤵
  PID:7076
- C:\Windows\System\tOrqrpl.exe
  C:\Windows\System\tOrqrpl.exe
  2⤵
  PID:7096
- C:\Windows\System\eNnqFIH.exe
  C:\Windows\System\eNnqFIH.exe
  2⤵
  PID:7112
- C:\Windows\System\CnyFStj.exe
  C:\Windows\System\CnyFStj.exe
  2⤵
  PID:7128
- C:\Windows\System\jKwpFrC.exe
  C:\Windows\System\jKwpFrC.exe
  2⤵
  PID:5532
- C:\Windows\System\zEDjheE.exe
  C:\Windows\System\zEDjheE.exe
  2⤵
  PID:6216
- C:\Windows\System\YmupekN.exe
  C:\Windows\System\YmupekN.exe
  2⤵
  PID:4656
- C:\Windows\System\MNrOlHT.exe
  C:\Windows\System\MNrOlHT.exe
  2⤵
  PID:6356
- C:\Windows\System\rWCiPUn.exe
  C:\Windows\System\rWCiPUn.exe
  2⤵
  PID:6452
- C:\Windows\System\ooDpooo.exe
  C:\Windows\System\ooDpooo.exe
  2⤵
  PID:6484
- C:\Windows\System\oMmioVt.exe
  C:\Windows\System\oMmioVt.exe
  2⤵
  PID:6532
- C:\Windows\System\yhJYCfn.exe
  C:\Windows\System\yhJYCfn.exe
  2⤵
  PID:6640
- C:\Windows\System\EMsUiAR.exe
  C:\Windows\System\EMsUiAR.exe
  2⤵
  PID:4192
- C:\Windows\System\HSCieFA.exe
  C:\Windows\System\HSCieFA.exe
  2⤵
  PID:6724
- C:\Windows\System\cvnrgiq.exe
  C:\Windows\System\cvnrgiq.exe
  2⤵
  PID:6796
- C:\Windows\System\farzoOL.exe
  C:\Windows\System\farzoOL.exe
  2⤵
  PID:6868
- C:\Windows\System\bqORIVz.exe
  C:\Windows\System\bqORIVz.exe
  2⤵
  PID:6948
- C:\Windows\System\jULkCOI.exe
  C:\Windows\System\jULkCOI.exe
  2⤵
  PID:6996
- C:\Windows\System\LKwylVx.exe
  C:\Windows\System\LKwylVx.exe
  2⤵
  PID:7060
- C:\Windows\System\ncxZvMY.exe
  C:\Windows\System\ncxZvMY.exe
  2⤵
  PID:7124
- C:\Windows\System\ZHTyvXV.exe
  C:\Windows\System\ZHTyvXV.exe
  2⤵
  PID:6152
- C:\Windows\System\roJiGUM.exe
  C:\Windows\System\roJiGUM.exe
  2⤵
  PID:6340
- C:\Windows\System\dQKFCLC.exe
  C:\Windows\System\dQKFCLC.exe
  2⤵
  PID:6552
- C:\Windows\System\ewPadVN.exe
  C:\Windows\System\ewPadVN.exe
  2⤵
  PID:6668
- C:\Windows\System\DuuEMQY.exe
  C:\Windows\System\DuuEMQY.exe
  2⤵
  PID:6784
- C:\Windows\System\yHYeqVc.exe
  C:\Windows\System\yHYeqVc.exe
  2⤵
  PID:6932
- C:\Windows\System\rLnHska.exe
  C:\Windows\System\rLnHska.exe
  2⤵
  PID:7068
- C:\Windows\System\aOmLSAl.exe
  C:\Windows\System\aOmLSAl.exe
  2⤵
  PID:7140
- C:\Windows\System\oOWffPN.exe
  C:\Windows\System\oOWffPN.exe
  2⤵
  PID:6164
- C:\Windows\System\nhMTUXy.exe
  C:\Windows\System\nhMTUXy.exe
  2⤵
  PID:6704
- C:\Windows\System\VOHgTWI.exe
  C:\Windows\System\VOHgTWI.exe
  2⤵
  PID:6592
- C:\Windows\System\BXzycVN.exe
  C:\Windows\System\BXzycVN.exe
  2⤵
  PID:6424
- C:\Windows\System\XEdqBcI.exe
  C:\Windows\System\XEdqBcI.exe
  2⤵
  PID:7216
- C:\Windows\System\bJZyDGr.exe
  C:\Windows\System\bJZyDGr.exe
  2⤵
  PID:7232
- C:\Windows\System\ObrHAvA.exe
  C:\Windows\System\ObrHAvA.exe
  2⤵
  PID:7260
- C:\Windows\System\CExCSAO.exe
  C:\Windows\System\CExCSAO.exe
  2⤵
  PID:7300
- C:\Windows\System\XElEOJW.exe
  C:\Windows\System\XElEOJW.exe
  2⤵
  PID:7316
- C:\Windows\System\VNYzKlX.exe
  C:\Windows\System\VNYzKlX.exe
  2⤵
  PID:7344
- C:\Windows\System\AuvvXQY.exe
  C:\Windows\System\AuvvXQY.exe
  2⤵
  PID:7384
- C:\Windows\System\KIIGEXV.exe
  C:\Windows\System\KIIGEXV.exe
  2⤵
  PID:7400
- C:\Windows\System\uJwNkeG.exe
  C:\Windows\System\uJwNkeG.exe
  2⤵
  PID:7432
- C:\Windows\System\bJTeDNv.exe
  C:\Windows\System\bJTeDNv.exe
  2⤵
  PID:7456
- C:\Windows\System\zrqOiTF.exe
  C:\Windows\System\zrqOiTF.exe
  2⤵
  PID:7496
- C:\Windows\System\tAUpNhP.exe
  C:\Windows\System\tAUpNhP.exe
  2⤵
  PID:7512
- C:\Windows\System\unvAHQO.exe
  C:\Windows\System\unvAHQO.exe
  2⤵
  PID:7552
- C:\Windows\System\WaUtEZJ.exe
  C:\Windows\System\WaUtEZJ.exe
  2⤵
  PID:7568
- C:\Windows\System\YqypXqF.exe
  C:\Windows\System\YqypXqF.exe
  2⤵
  PID:7608
- C:\Windows\System\BeSoSBv.exe
  C:\Windows\System\BeSoSBv.exe
  2⤵
  PID:7632
- C:\Windows\System\OtvzAny.exe
  C:\Windows\System\OtvzAny.exe
  2⤵
  PID:7660
- C:\Windows\System\dAZACMp.exe
  C:\Windows\System\dAZACMp.exe
  2⤵
  PID:7680
- C:\Windows\System\YLuNEql.exe
  C:\Windows\System\YLuNEql.exe
  2⤵
  PID:7712
- C:\Windows\System\IzWhWdb.exe
  C:\Windows\System\IzWhWdb.exe
  2⤵
  PID:7744
- C:\Windows\System\QEqwcgy.exe
  C:\Windows\System\QEqwcgy.exe
  2⤵
  PID:7772
- C:\Windows\System\WYGSkRB.exe
  C:\Windows\System\WYGSkRB.exe
  2⤵
  PID:7856
- C:\Windows\System\YccxRvC.exe
  C:\Windows\System\YccxRvC.exe
  2⤵
  PID:8004
- C:\Windows\System\dUreWVt.exe
  C:\Windows\System\dUreWVt.exe
  2⤵
  PID:8024
- C:\Windows\System\qNwABtI.exe
  C:\Windows\System\qNwABtI.exe
  2⤵
  PID:8064
- C:\Windows\System\rNUHkrK.exe
  C:\Windows\System\rNUHkrK.exe
  2⤵
  PID:8104
- C:\Windows\System\HRKBtQD.exe
  C:\Windows\System\HRKBtQD.exe
  2⤵
  PID:8132
- C:\Windows\System\gbATRue.exe
  C:\Windows\System\gbATRue.exe
  2⤵
  PID:8148
- C:\Windows\System\SqbBRxz.exe
  C:\Windows\System\SqbBRxz.exe
  2⤵
  PID:8180
- C:\Windows\System\TOotTYS.exe
  C:\Windows\System\TOotTYS.exe
  2⤵
  PID:7224
- C:\Windows\System\mAmNJnm.exe
  C:\Windows\System\mAmNJnm.exe
  2⤵
  PID:7288
- C:\Windows\System\ZbiYHyy.exe
  C:\Windows\System\ZbiYHyy.exe
  2⤵
  PID:7356
- C:\Windows\System\ogAvpZi.exe
  C:\Windows\System\ogAvpZi.exe
  2⤵
  PID:7448
- C:\Windows\System\iPVokFV.exe
  C:\Windows\System\iPVokFV.exe
  2⤵
  PID:7536
- C:\Windows\System\WjFjqmc.exe
  C:\Windows\System\WjFjqmc.exe
  2⤵
  PID:7560
- C:\Windows\System\tMiMeNA.exe
  C:\Windows\System\tMiMeNA.exe
  2⤵
  PID:7616
- C:\Windows\System\fSrZpyn.exe
  C:\Windows\System\fSrZpyn.exe
  2⤵
  PID:7732
- C:\Windows\System\iSykuYo.exe
  C:\Windows\System\iSykuYo.exe
  2⤵
  PID:7756
- C:\Windows\System\xnnEwoz.exe
  C:\Windows\System\xnnEwoz.exe
  2⤵
  PID:7816
- C:\Windows\System\jJHWaLS.exe
  C:\Windows\System\jJHWaLS.exe
  2⤵
  PID:7832
- C:\Windows\System\qKnPOUd.exe
  C:\Windows\System\qKnPOUd.exe
  2⤵
  PID:7872
- C:\Windows\System\bOTJURQ.exe
  C:\Windows\System\bOTJURQ.exe
  2⤵
  PID:7896
- C:\Windows\System\bbkFYQP.exe
  C:\Windows\System\bbkFYQP.exe
  2⤵
  PID:7912
- C:\Windows\System\teYnXHB.exe
  C:\Windows\System\teYnXHB.exe
  2⤵
  PID:7952
- C:\Windows\System\XqYDbUW.exe
  C:\Windows\System\XqYDbUW.exe
  2⤵
  PID:7984
- C:\Windows\System\pthfpbJ.exe
  C:\Windows\System\pthfpbJ.exe
  2⤵
  PID:8036
- C:\Windows\System\eJOXKjJ.exe
  C:\Windows\System\eJOXKjJ.exe
  2⤵
  PID:8120
- C:\Windows\System\WcrXabs.exe
  C:\Windows\System\WcrXabs.exe
  2⤵
  PID:6580
- C:\Windows\System\erFLwpx.exe
  C:\Windows\System\erFLwpx.exe
  2⤵
  PID:7208
- C:\Windows\System\dlGXFhl.exe
  C:\Windows\System\dlGXFhl.exe
  2⤵
  PID:7336
- C:\Windows\System\NUsyBmj.exe
  C:\Windows\System\NUsyBmj.exe
  2⤵
  PID:7480
- C:\Windows\System\LvSlxJz.exe
  C:\Windows\System\LvSlxJz.exe
  2⤵
  PID:7640
- C:\Windows\System\bXQZFSF.exe
  C:\Windows\System\bXQZFSF.exe
  2⤵
  PID:7792
- C:\Windows\System\RBTwGsO.exe
  C:\Windows\System\RBTwGsO.exe
  2⤵
  PID:7880
- C:\Windows\System\FYcqzNT.exe
  C:\Windows\System\FYcqzNT.exe
  2⤵
  PID:7924
- C:\Windows\System\TARxZbW.exe
  C:\Windows\System\TARxZbW.exe
  2⤵
  PID:8000
- C:\Windows\System\QHNZGUn.exe
  C:\Windows\System\QHNZGUn.exe
  2⤵
  PID:8164
- C:\Windows\System\MVqtlxq.exe
  C:\Windows\System\MVqtlxq.exe
  2⤵
  PID:7588
- C:\Windows\System\kSpwLJd.exe
  C:\Windows\System\kSpwLJd.exe
  2⤵
  PID:7720
- C:\Windows\System\TYdiYUM.exe
  C:\Windows\System\TYdiYUM.exe
  2⤵
  PID:7800
- C:\Windows\System\tCJPAcV.exe
  C:\Windows\System\tCJPAcV.exe
  2⤵
  PID:7200
- C:\Windows\System\AJznrUP.exe
  C:\Windows\System\AJznrUP.exe
  2⤵
  PID:7796
- C:\Windows\System\RzzVIgx.exe
  C:\Windows\System\RzzVIgx.exe
  2⤵
  PID:8080
- C:\Windows\System\txkokUb.exe
  C:\Windows\System\txkokUb.exe
  2⤵
  PID:8212
- C:\Windows\System\tgXOZus.exe
  C:\Windows\System\tgXOZus.exe
  2⤵
  PID:8248
- C:\Windows\System\ZkKSiei.exe
  C:\Windows\System\ZkKSiei.exe
  2⤵
  PID:8296
- C:\Windows\System\hkjbgVT.exe
  C:\Windows\System\hkjbgVT.exe
  2⤵
  PID:8312
- C:\Windows\System\eTSkBYp.exe
  C:\Windows\System\eTSkBYp.exe
  2⤵
  PID:8328
- C:\Windows\System\OcaQFlF.exe
  C:\Windows\System\OcaQFlF.exe
  2⤵
  PID:8364
- C:\Windows\System\scaMAFK.exe
  C:\Windows\System\scaMAFK.exe
  2⤵
  PID:8400
- C:\Windows\System\CruTJOy.exe
  C:\Windows\System\CruTJOy.exe
  2⤵
  PID:8428
- C:\Windows\System\DXNqpnn.exe
  C:\Windows\System\DXNqpnn.exe
  2⤵
  PID:8460
- C:\Windows\System\TzelaZI.exe
  C:\Windows\System\TzelaZI.exe
  2⤵
  PID:8488
- C:\Windows\System\deYhfuB.exe
  C:\Windows\System\deYhfuB.exe
  2⤵
  PID:8524
- C:\Windows\System\TjXbllf.exe
  C:\Windows\System\TjXbllf.exe
  2⤵
  PID:8540
- C:\Windows\System\kGxJnaB.exe
  C:\Windows\System\kGxJnaB.exe
  2⤵
  PID:8580
- C:\Windows\System\JqfBmPY.exe
  C:\Windows\System\JqfBmPY.exe
  2⤵
  PID:8600
- C:\Windows\System\qoYNFDo.exe
  C:\Windows\System\qoYNFDo.exe
  2⤵
  PID:8636
- C:\Windows\System\vHNIQqB.exe
  C:\Windows\System\vHNIQqB.exe
  2⤵
  PID:8664
- C:\Windows\System\hqdFuBc.exe
  C:\Windows\System\hqdFuBc.exe
  2⤵
  PID:8680
- C:\Windows\System\dXhXxlH.exe
  C:\Windows\System\dXhXxlH.exe
  2⤵
  PID:8712
- C:\Windows\System\oSrebmq.exe
  C:\Windows\System\oSrebmq.exe
  2⤵
  PID:8736
- C:\Windows\System\MJYhgUy.exe
  C:\Windows\System\MJYhgUy.exe
  2⤵
  PID:8776
- C:\Windows\System\GEvIzdc.exe
  C:\Windows\System\GEvIzdc.exe
  2⤵
  PID:8808
- C:\Windows\System\KAIvKXD.exe
  C:\Windows\System\KAIvKXD.exe
  2⤵
  PID:8836
- C:\Windows\System\sOKVByi.exe
  C:\Windows\System\sOKVByi.exe
  2⤵
  PID:8864
- C:\Windows\System\AlZDLjG.exe
  C:\Windows\System\AlZDLjG.exe
  2⤵
  PID:8892
- C:\Windows\System\loiJSUR.exe
  C:\Windows\System\loiJSUR.exe
  2⤵
  PID:8908
- C:\Windows\System\dZXYWUx.exe
  C:\Windows\System\dZXYWUx.exe
  2⤵
  PID:8928
- C:\Windows\System\sznaKbu.exe
  C:\Windows\System\sznaKbu.exe
  2⤵
  PID:8964
- C:\Windows\System\oZsIVkP.exe
  C:\Windows\System\oZsIVkP.exe
  2⤵
  PID:8992
- C:\Windows\System\tJZrYws.exe
  C:\Windows\System\tJZrYws.exe
  2⤵
  PID:9020
- C:\Windows\System\xgaOsQD.exe
  C:\Windows\System\xgaOsQD.exe
  2⤵
  PID:9056
- C:\Windows\System\CsDIJhV.exe
  C:\Windows\System\CsDIJhV.exe
  2⤵
  PID:9076
- C:\Windows\System\YvzohdM.exe
  C:\Windows\System\YvzohdM.exe
  2⤵
  PID:9116
- C:\Windows\System\aiycBMV.exe
  C:\Windows\System\aiycBMV.exe
  2⤵
  PID:9132
- C:\Windows\System\nBMPFFe.exe
  C:\Windows\System\nBMPFFe.exe
  2⤵
  PID:9160
- C:\Windows\System\sPCRZPQ.exe
  C:\Windows\System\sPCRZPQ.exe
  2⤵
  PID:9188
- C:\Windows\System\zTDIuRt.exe
  C:\Windows\System\zTDIuRt.exe
  2⤵
  PID:9204
- C:\Windows\System\LNfxfwk.exe
  C:\Windows\System\LNfxfwk.exe
  2⤵
  PID:7848
- C:\Windows\System\tFdVHuF.exe
  C:\Windows\System\tFdVHuF.exe
  2⤵
  PID:8264
- C:\Windows\System\JdTusKF.exe
  C:\Windows\System\JdTusKF.exe
  2⤵
  PID:8020
- C:\Windows\System\aMYpPTs.exe
  C:\Windows\System\aMYpPTs.exe
  2⤵
  PID:8372
- C:\Windows\System\LjqmTjC.exe
  C:\Windows\System\LjqmTjC.exe
  2⤵
  PID:8484
- C:\Windows\System\ZaZiDOZ.exe
  C:\Windows\System\ZaZiDOZ.exe
  2⤵
  PID:8536
- C:\Windows\System\oqmkDeo.exe
  C:\Windows\System\oqmkDeo.exe
  2⤵
  PID:8628
- C:\Windows\System\kxYFUEa.exe
  C:\Windows\System\kxYFUEa.exe
  2⤵
  PID:8700
- C:\Windows\System\FUPUWim.exe
  C:\Windows\System\FUPUWim.exe
  2⤵
  PID:8756
- C:\Windows\System\CvAicOT.exe
  C:\Windows\System\CvAicOT.exe
  2⤵
  PID:8820
- C:\Windows\System\COFCZxF.exe
  C:\Windows\System\COFCZxF.exe
  2⤵
  PID:8900
- C:\Windows\System\kRaeefP.exe
  C:\Windows\System\kRaeefP.exe
  2⤵
  PID:8920
- C:\Windows\System\npargmH.exe
  C:\Windows\System\npargmH.exe
  2⤵
  PID:9016
- C:\Windows\System\GZBzFFq.exe
  C:\Windows\System\GZBzFFq.exe
  2⤵
  PID:9100
- C:\Windows\System\RdrvkdG.exe
  C:\Windows\System\RdrvkdG.exe
  2⤵
  PID:9152
- C:\Windows\System\VRHOgJD.exe
  C:\Windows\System\VRHOgJD.exe
  2⤵
  PID:9172
- C:\Windows\System\HjMrJdR.exe
  C:\Windows\System\HjMrJdR.exe
  2⤵
  PID:7844
- C:\Windows\System\HDDMPdp.exe
  C:\Windows\System\HDDMPdp.exe
  2⤵
  PID:8392
- C:\Windows\System\DoxsgTG.exe
  C:\Windows\System\DoxsgTG.exe
  2⤵
  PID:8656
- C:\Windows\System\ltvoeCn.exe
  C:\Windows\System\ltvoeCn.exe
  2⤵
  PID:8876
- C:\Windows\System\KvJEhnw.exe
  C:\Windows\System\KvJEhnw.exe
  2⤵
  PID:9004
- C:\Windows\System\oZUdVfB.exe
  C:\Windows\System\oZUdVfB.exe
  2⤵
  PID:9088
- C:\Windows\System\rPSvrOB.exe
  C:\Windows\System\rPSvrOB.exe
  2⤵
  PID:8532
- C:\Windows\System\OcqilQs.exe
  C:\Windows\System\OcqilQs.exe
  2⤵
  PID:8692
- C:\Windows\System\jbUadSd.exe
  C:\Windows\System\jbUadSd.exe
  2⤵
  PID:8344
- C:\Windows\System\pxruBVa.exe
  C:\Windows\System\pxruBVa.exe
  2⤵
  PID:8748
- C:\Windows\System\VBPgghn.exe
  C:\Windows\System\VBPgghn.exe
  2⤵
  PID:8320
- C:\Windows\System\EJXbrdc.exe
  C:\Windows\System\EJXbrdc.exe
  2⤵
  PID:9236
- C:\Windows\System\wSruvtH.exe
  C:\Windows\System\wSruvtH.exe
  2⤵
  PID:9264
- C:\Windows\System\YClwaPo.exe
  C:\Windows\System\YClwaPo.exe
  2⤵
  PID:9288
- C:\Windows\System\ImaCAmv.exe
  C:\Windows\System\ImaCAmv.exe
  2⤵
  PID:9316
- C:\Windows\System\hMhMQxe.exe
  C:\Windows\System\hMhMQxe.exe
  2⤵
  PID:9348
- C:\Windows\System\uHfQxCu.exe
  C:\Windows\System\uHfQxCu.exe
  2⤵
  PID:9372
- C:\Windows\System\iiYAgul.exe
  C:\Windows\System\iiYAgul.exe
  2⤵
  PID:9388
- C:\Windows\System\vUlcjwH.exe
  C:\Windows\System\vUlcjwH.exe
  2⤵
  PID:9404
- C:\Windows\System\GqdFRPT.exe
  C:\Windows\System\GqdFRPT.exe
  2⤵
  PID:9428
- C:\Windows\System\ylZKuIt.exe
  C:\Windows\System\ylZKuIt.exe
  2⤵
  PID:9460
- C:\Windows\System\cmYXlSS.exe
  C:\Windows\System\cmYXlSS.exe
  2⤵
  PID:9496
- C:\Windows\System\FjUZCZc.exe
  C:\Windows\System\FjUZCZc.exe
  2⤵
  PID:9532
- C:\Windows\System\AnbljbG.exe
  C:\Windows\System\AnbljbG.exe
  2⤵
  PID:9560
- C:\Windows\System\rIvXrWx.exe
  C:\Windows\System\rIvXrWx.exe
  2⤵
  PID:9584
- C:\Windows\System\mRaOFIh.exe
  C:\Windows\System\mRaOFIh.exe
  2⤵
  PID:9624
- C:\Windows\System\UzpvtBx.exe
  C:\Windows\System\UzpvtBx.exe
  2⤵
  PID:9652
- C:\Windows\System\fyRJDCI.exe
  C:\Windows\System\fyRJDCI.exe
  2⤵
  PID:9688
- C:\Windows\System\DcDrReH.exe
  C:\Windows\System\DcDrReH.exe
  2⤵
  PID:9708
- C:\Windows\System\gNrQAGv.exe
  C:\Windows\System\gNrQAGv.exe
  2⤵
  PID:9736
- C:\Windows\System\FkAPfgE.exe
  C:\Windows\System\FkAPfgE.exe
  2⤵
  PID:9764
- C:\Windows\System\ftwUfjw.exe
  C:\Windows\System\ftwUfjw.exe
  2⤵
  PID:9796
- C:\Windows\System\QjRJNZW.exe
  C:\Windows\System\QjRJNZW.exe
  2⤵
  PID:9828
- C:\Windows\System\dQguonF.exe
  C:\Windows\System\dQguonF.exe
  2⤵
  PID:9860
- C:\Windows\System\CJDKLzy.exe
  C:\Windows\System\CJDKLzy.exe
  2⤵
  PID:9888
- C:\Windows\System\AvXvXZd.exe
  C:\Windows\System\AvXvXZd.exe
  2⤵
  PID:9916
- C:\Windows\System\XXghGtJ.exe
  C:\Windows\System\XXghGtJ.exe
  2⤵
  PID:9936
- C:\Windows\System\jGWPAzs.exe
  C:\Windows\System\jGWPAzs.exe
  2⤵
  PID:9964
- C:\Windows\System\yolMQFL.exe
  C:\Windows\System\yolMQFL.exe
  2⤵
  PID:9988
- C:\Windows\System\rBoYhdH.exe
  C:\Windows\System\rBoYhdH.exe
  2⤵
  PID:10028
- C:\Windows\System\xRrkpMV.exe
  C:\Windows\System\xRrkpMV.exe
  2⤵
  PID:10056
- C:\Windows\System\NoHvTEN.exe
  C:\Windows\System\NoHvTEN.exe
  2⤵
  PID:10084
- C:\Windows\System\VcGQNNW.exe
  C:\Windows\System\VcGQNNW.exe
  2⤵
  PID:10112
- C:\Windows\System\VnUCupp.exe
  C:\Windows\System\VnUCupp.exe
  2⤵
  PID:10128
- C:\Windows\System\hIoUqbY.exe
  C:\Windows\System\hIoUqbY.exe
  2⤵
  PID:10168
- C:\Windows\System\tvlKjTV.exe
  C:\Windows\System\tvlKjTV.exe
  2⤵
  PID:10196
- C:\Windows\System\oTBjpiF.exe
  C:\Windows\System\oTBjpiF.exe
  2⤵
  PID:10224
- C:\Windows\System\eXvoKlP.exe
  C:\Windows\System\eXvoKlP.exe
  2⤵
  PID:9052
- C:\Windows\System\wQUxqmu.exe
  C:\Windows\System\wQUxqmu.exe
  2⤵
  PID:9280
- C:\Windows\System\ljxZmXP.exe
  C:\Windows\System\ljxZmXP.exe
  2⤵
  PID:9336
- C:\Windows\System\vdATwOO.exe
  C:\Windows\System\vdATwOO.exe
  2⤵
  PID:9384
- C:\Windows\System\ePuMghc.exe
  C:\Windows\System\ePuMghc.exe
  2⤵
  PID:9396
- C:\Windows\System\dlvzsRP.exe
  C:\Windows\System\dlvzsRP.exe
  2⤵
  PID:9456
- C:\Windows\System\rjXEdPr.exe
  C:\Windows\System\rjXEdPr.exe
  2⤵
  PID:9604
- C:\Windows\System\bbTMutR.exe
  C:\Windows\System\bbTMutR.exe
  2⤵
  PID:9640
- C:\Windows\System\fyPgwxZ.exe
  C:\Windows\System\fyPgwxZ.exe
  2⤵
  PID:9748
- C:\Windows\System\zXsrDMO.exe
  C:\Windows\System\zXsrDMO.exe
  2⤵
  PID:9820
- C:\Windows\System\grhFJti.exe
  C:\Windows\System\grhFJti.exe
  2⤵
  PID:9844
- C:\Windows\System\GMSbzmb.exe
  C:\Windows\System\GMSbzmb.exe
  2⤵
  PID:9928
- C:\Windows\System\ZqmKgTg.exe
  C:\Windows\System\ZqmKgTg.exe
  2⤵
  PID:10012
- C:\Windows\System\JBHDNVx.exe
  C:\Windows\System\JBHDNVx.exe
  2⤵
  PID:10076
- C:\Windows\System\FcqxBXp.exe
  C:\Windows\System\FcqxBXp.exe
  2⤵
  PID:10148
- C:\Windows\System\fIbbynk.exe
  C:\Windows\System\fIbbynk.exe
  2⤵
  PID:10216
- C:\Windows\System\WtdpbYP.exe
  C:\Windows\System\WtdpbYP.exe
  2⤵
  PID:9272
- C:\Windows\System\CUzPTkh.exe
  C:\Windows\System\CUzPTkh.exe
  2⤵
  PID:9416
- C:\Windows\System\NOxzwit.exe
  C:\Windows\System\NOxzwit.exe
  2⤵
  PID:9576
- C:\Windows\System\dLISjxZ.exe
  C:\Windows\System\dLISjxZ.exe
  2⤵
  PID:9700
- C:\Windows\System\sHHhOaV.exe
  C:\Windows\System\sHHhOaV.exe
  2⤵
  PID:9880
- C:\Windows\System\mSbjxQL.exe
  C:\Windows\System\mSbjxQL.exe
  2⤵
  PID:9952
- C:\Windows\System\lZzjOpx.exe
  C:\Windows\System\lZzjOpx.exe
  2⤵
  PID:10212
- C:\Windows\System\UwxiFsA.exe
  C:\Windows\System\UwxiFsA.exe
  2⤵
  PID:9444
- C:\Windows\System\SwCDjrZ.exe
  C:\Windows\System\SwCDjrZ.exe
  2⤵
  PID:9752
- C:\Windows\System\yrJhukV.exe
  C:\Windows\System\yrJhukV.exe
  2⤵
  PID:10164
- C:\Windows\System\lzXVBdL.exe
  C:\Windows\System\lzXVBdL.exe
  2⤵
  PID:9784
- C:\Windows\System\GfqsLZp.exe
  C:\Windows\System\GfqsLZp.exe
  2⤵
  PID:9380
- C:\Windows\System\jEEkHpu.exe
  C:\Windows\System\jEEkHpu.exe
  2⤵
  PID:10264
- C:\Windows\System\waFILru.exe
  C:\Windows\System\waFILru.exe
  2⤵
  PID:10300
- C:\Windows\System\yUIjhjS.exe
  C:\Windows\System\yUIjhjS.exe
  2⤵
  PID:10316
- C:\Windows\System\Fvgpewc.exe
  C:\Windows\System\Fvgpewc.exe
  2⤵
  PID:10344
- C:\Windows\System\HbmhkaH.exe
  C:\Windows\System\HbmhkaH.exe
  2⤵
  PID:10372
- C:\Windows\System\NMAbfwx.exe
  C:\Windows\System\NMAbfwx.exe
  2⤵
  PID:10404
- C:\Windows\System\ZAiQCAe.exe
  C:\Windows\System\ZAiQCAe.exe
  2⤵
  PID:10428
- C:\Windows\System\hAwmDBH.exe
  C:\Windows\System\hAwmDBH.exe
  2⤵
  PID:10444
- C:\Windows\System\jJVhzyK.exe
  C:\Windows\System\jJVhzyK.exe
  2⤵
  PID:10472
- C:\Windows\System\bCvfeqP.exe
  C:\Windows\System\bCvfeqP.exe
  2⤵
  PID:10492
- C:\Windows\System\UyTcSnG.exe
  C:\Windows\System\UyTcSnG.exe
  2⤵
  PID:10520
- C:\Windows\System\OyDRMAL.exe
  C:\Windows\System\OyDRMAL.exe
  2⤵
  PID:10548
- C:\Windows\System\YydGYLC.exe
  C:\Windows\System\YydGYLC.exe
  2⤵
  PID:10584
- C:\Windows\System\mIBLcas.exe
  C:\Windows\System\mIBLcas.exe
  2⤵
  PID:10612
- C:\Windows\System\wTvzzVQ.exe
  C:\Windows\System\wTvzzVQ.exe
  2⤵
  PID:10644
- C:\Windows\System\vnWMCxF.exe
  C:\Windows\System\vnWMCxF.exe
  2⤵
  PID:10664
- C:\Windows\System\eZJAoFm.exe
  C:\Windows\System\eZJAoFm.exe
  2⤵
  PID:10708
- C:\Windows\System\eCkaQcS.exe
  C:\Windows\System\eCkaQcS.exe
  2⤵
  PID:10748
- C:\Windows\System\TVWDwyC.exe
  C:\Windows\System\TVWDwyC.exe
  2⤵
  PID:10772
- C:\Windows\System\XJvlHEq.exe
  C:\Windows\System\XJvlHEq.exe
  2⤵
  PID:10792
- C:\Windows\System\HBHAGbW.exe
  C:\Windows\System\HBHAGbW.exe
  2⤵
  PID:10828
- C:\Windows\System\FaQEFUA.exe
  C:\Windows\System\FaQEFUA.exe
  2⤵
  PID:10848
- C:\Windows\System\hqTBdtU.exe
  C:\Windows\System\hqTBdtU.exe
  2⤵
  PID:10888
- C:\Windows\System\vpVtzPQ.exe
  C:\Windows\System\vpVtzPQ.exe
  2⤵
  PID:10920
- C:\Windows\System\PdZQgDz.exe
  C:\Windows\System\PdZQgDz.exe
  2⤵
  PID:10948
- C:\Windows\System\ChkEJyq.exe
  C:\Windows\System\ChkEJyq.exe
  2⤵
  PID:10976
- C:\Windows\System\lMeQzxZ.exe
  C:\Windows\System\lMeQzxZ.exe
  2⤵
  PID:11004
- C:\Windows\System\qFhrmUo.exe
  C:\Windows\System\qFhrmUo.exe
  2⤵
  PID:11020
- C:\Windows\System\kHLzBrD.exe
  C:\Windows\System\kHLzBrD.exe
  2⤵
  PID:11052
- C:\Windows\System\gKWsorh.exe
  C:\Windows\System\gKWsorh.exe
  2⤵
  PID:11084
- C:\Windows\System\icvctCq.exe
  C:\Windows\System\icvctCq.exe
  2⤵
  PID:11112
- C:\Windows\System\wQbbWgN.exe
  C:\Windows\System\wQbbWgN.exe
  2⤵
  PID:11132
- C:\Windows\System\SlBCNtk.exe
  C:\Windows\System\SlBCNtk.exe
  2⤵
  PID:11152
- C:\Windows\System\KClQPsJ.exe
  C:\Windows\System\KClQPsJ.exe
  2⤵
  PID:11192
- C:\Windows\System\WiKjnJO.exe
  C:\Windows\System\WiKjnJO.exe
  2⤵
  PID:11216
- C:\Windows\System\mBTdxGW.exe
  C:\Windows\System\mBTdxGW.exe
  2⤵
  PID:11244
- C:\Windows\System\LdlJGid.exe
  C:\Windows\System\LdlJGid.exe
  2⤵
  PID:10252
- C:\Windows\System\KwaPvQv.exe
  C:\Windows\System\KwaPvQv.exe
  2⤵
  PID:10312
- C:\Windows\System\ypIdgKm.exe
  C:\Windows\System\ypIdgKm.exe
  2⤵
  PID:10360
- C:\Windows\System\JGFBlKx.exe
  C:\Windows\System\JGFBlKx.exe
  2⤵
  PID:10456
- C:\Windows\System\HHkRWOP.exe
  C:\Windows\System\HHkRWOP.exe
  2⤵
  PID:10464
- C:\Windows\System\ZJGrckI.exe
  C:\Windows\System\ZJGrckI.exe
  2⤵
  PID:10572
- C:\Windows\System\BqGztfd.exe
  C:\Windows\System\BqGztfd.exe
  2⤵
  PID:10652
- C:\Windows\System\vifjxNL.exe
  C:\Windows\System\vifjxNL.exe
  2⤵
  PID:10720
- C:\Windows\System\ruhgUoB.exe
  C:\Windows\System\ruhgUoB.exe
  2⤵
  PID:10804
- C:\Windows\System\WLIMVZE.exe
  C:\Windows\System\WLIMVZE.exe
  2⤵
  PID:10880
- C:\Windows\System\bnqhpMs.exe
  C:\Windows\System\bnqhpMs.exe
  2⤵
  PID:10932
- C:\Windows\System\bqIWbKp.exe
  C:\Windows\System\bqIWbKp.exe
  2⤵
  PID:10992
- C:\Windows\System\KwaEftH.exe
  C:\Windows\System\KwaEftH.exe
  2⤵
  PID:11076
- C:\Windows\System\VUSXyOs.exe
  C:\Windows\System\VUSXyOs.exe
  2⤵
  PID:11144
- C:\Windows\System\sFHWuFL.exe
  C:\Windows\System\sFHWuFL.exe
  2⤵
  PID:11168
- C:\Windows\System\SCtfgpu.exe
  C:\Windows\System\SCtfgpu.exe
  2⤵
  PID:11240
- C:\Windows\System\xJBlOlH.exe
  C:\Windows\System\xJBlOlH.exe
  2⤵
  PID:10308
- C:\Windows\System\hiCdyzw.exe
  C:\Windows\System\hiCdyzw.exe
  2⤵
  PID:10508
- C:\Windows\System\tYlChQm.exe
  C:\Windows\System\tYlChQm.exe
  2⤵
  PID:10680
- C:\Windows\System\WUgboPX.exe
  C:\Windows\System\WUgboPX.exe
  2⤵
  PID:9568
- C:\Windows\System\nWwYIFG.exe
  C:\Windows\System\nWwYIFG.exe
  2⤵
  PID:10972
- C:\Windows\System\gTVncGm.exe
  C:\Windows\System\gTVncGm.exe
  2⤵
  PID:11048
- C:\Windows\System\xWzvAKw.exe
  C:\Windows\System\xWzvAKw.exe
  2⤵
  PID:10108
- C:\Windows\System\SwvcWvj.exe
  C:\Windows\System\SwvcWvj.exe
  2⤵
  PID:10764
- C:\Windows\System\DJgtMIm.exe
  C:\Windows\System\DJgtMIm.exe
  2⤵
  PID:11060
- C:\Windows\System\GxClWNA.exe
  C:\Windows\System\GxClWNA.exe
  2⤵
  PID:10364
- C:\Windows\System\QYmNCtt.exe
  C:\Windows\System\QYmNCtt.exe
  2⤵
  PID:11260
- C:\Windows\System\CGblzwm.exe
  C:\Windows\System\CGblzwm.exe
  2⤵
  PID:11288
- C:\Windows\System\SoODgFb.exe
  C:\Windows\System\SoODgFb.exe
  2⤵
  PID:11308
- C:\Windows\System\BhBqpOr.exe
  C:\Windows\System\BhBqpOr.exe
  2⤵
  PID:11348
- C:\Windows\System\vAHRxGG.exe
  C:\Windows\System\vAHRxGG.exe
  2⤵
  PID:11376
- C:\Windows\System\LrWRkKZ.exe
  C:\Windows\System\LrWRkKZ.exe
  2⤵
  PID:11392
- C:\Windows\System\WVWCUDT.exe
  C:\Windows\System\WVWCUDT.exe
  2⤵
  PID:11408
- C:\Windows\System\BXXguRw.exe
  C:\Windows\System\BXXguRw.exe
  2⤵
  PID:11424
- C:\Windows\System\ZpKYcrP.exe
  C:\Windows\System\ZpKYcrP.exe
  2⤵
  PID:11448
- C:\Windows\System\fCQNNGB.exe
  C:\Windows\System\fCQNNGB.exe
  2⤵
  PID:11492
- C:\Windows\System\XGSQGpr.exe
  C:\Windows\System\XGSQGpr.exe
  2⤵
  PID:11520
- C:\Windows\System\OCEvamv.exe
  C:\Windows\System\OCEvamv.exe
  2⤵
  PID:11556
- C:\Windows\System\UPeSBfo.exe
  C:\Windows\System\UPeSBfo.exe
  2⤵
  PID:11600
- C:\Windows\System\FpIgTZX.exe
  C:\Windows\System\FpIgTZX.exe
  2⤵
  PID:11616
- C:\Windows\System\MYigewS.exe
  C:\Windows\System\MYigewS.exe
  2⤵
  PID:11644
- C:\Windows\System\glBZHdZ.exe
  C:\Windows\System\glBZHdZ.exe
  2⤵
  PID:11680
- C:\Windows\System\sQWlBrT.exe
  C:\Windows\System\sQWlBrT.exe
  2⤵
  PID:11700
- C:\Windows\System\FYsCcJP.exe
  C:\Windows\System\FYsCcJP.exe
  2⤵
  PID:11728
- C:\Windows\System\MhiWOPy.exe
  C:\Windows\System\MhiWOPy.exe
  2⤵
  PID:11748
- C:\Windows\System\fjzkPHV.exe
  C:\Windows\System\fjzkPHV.exe
  2⤵
  PID:11788
- C:\Windows\System\SuCRqlb.exe
  C:\Windows\System\SuCRqlb.exe
  2⤵
  PID:11820
- C:\Windows\System\LlVfHlI.exe
  C:\Windows\System\LlVfHlI.exe
  2⤵
  PID:11840
- C:\Windows\System\ZUsQQMl.exe
  C:\Windows\System\ZUsQQMl.exe
  2⤵
  PID:11868
- C:\Windows\System\qfAxLFs.exe
  C:\Windows\System\qfAxLFs.exe
  2⤵
  PID:11900
- C:\Windows\System\UUZsdTc.exe
  C:\Windows\System\UUZsdTc.exe
  2⤵
  PID:11936
- C:\Windows\System\YObuNJx.exe
  C:\Windows\System\YObuNJx.exe
  2⤵
  PID:11964
- C:\Windows\System\idEQePP.exe
  C:\Windows\System\idEQePP.exe
  2⤵
  PID:11980
- C:\Windows\System\DlmMclv.exe
  C:\Windows\System\DlmMclv.exe
  2⤵
  PID:12020
- C:\Windows\System\jjDrppe.exe
  C:\Windows\System\jjDrppe.exe
  2⤵
  PID:12048
- C:\Windows\System\rcUefTi.exe
  C:\Windows\System\rcUefTi.exe
  2⤵
  PID:12064
- C:\Windows\System\uBpjcKY.exe
  C:\Windows\System\uBpjcKY.exe
  2⤵
  PID:12104
- C:\Windows\System\HcBpQFX.exe
  C:\Windows\System\HcBpQFX.exe
  2⤵
  PID:12132
- C:\Windows\System\KzduXpx.exe
  C:\Windows\System\KzduXpx.exe
  2⤵
  PID:12160
- C:\Windows\System\GuQwhHr.exe
  C:\Windows\System\GuQwhHr.exe
  2⤵
  PID:12188
- C:\Windows\System\bYPoxMG.exe
  C:\Windows\System\bYPoxMG.exe
  2⤵
  PID:12208
- C:\Windows\System\QCVlQJp.exe
  C:\Windows\System\QCVlQJp.exe
  2⤵
  PID:12240
- C:\Windows\System\ouIaQee.exe
  C:\Windows\System\ouIaQee.exe
  2⤵
  PID:12260
- C:\Windows\System\dzUnMwo.exe
  C:\Windows\System\dzUnMwo.exe
  2⤵
  PID:10908
- C:\Windows\System\JvKiatc.exe
  C:\Windows\System\JvKiatc.exe
  2⤵
  PID:11336
- C:\Windows\System\uxZaBRr.exe
  C:\Windows\System\uxZaBRr.exe
  2⤵
  PID:11404
- C:\Windows\System\hRZypSG.exe
  C:\Windows\System\hRZypSG.exe
  2⤵
  PID:11416
- C:\Windows\System\LBXmYMj.exe
  C:\Windows\System\LBXmYMj.exe
  2⤵
  PID:11532
- C:\Windows\System\GYfJmDI.exe
  C:\Windows\System\GYfJmDI.exe
  2⤵
  PID:11584
- C:\Windows\System\elJvMcF.exe
  C:\Windows\System\elJvMcF.exe
  2⤵
  PID:11660
- C:\Windows\System\rBaNrXV.exe
  C:\Windows\System\rBaNrXV.exe
  2⤵
  PID:11712
- C:\Windows\System\pUyTrGF.exe
  C:\Windows\System\pUyTrGF.exe
  2⤵
  PID:11772
- C:\Windows\System\didkjbp.exe
  C:\Windows\System\didkjbp.exe
  2⤵
  PID:11860
- C:\Windows\System\AhufIZh.exe
  C:\Windows\System\AhufIZh.exe
  2⤵
  PID:11908
- C:\Windows\System\ThRkpRg.exe
  C:\Windows\System\ThRkpRg.exe
  2⤵
  PID:11960
- C:\Windows\System\OSGnxRI.exe
  C:\Windows\System\OSGnxRI.exe
  2⤵
  PID:12036
- C:\Windows\System\qDsBwzA.exe
  C:\Windows\System\qDsBwzA.exe
  2⤵
  PID:12076
- C:\Windows\System\jTxMjUA.exe
  C:\Windows\System\jTxMjUA.exe
  2⤵
  PID:12176
- C:\Windows\System\ieVAwJo.exe
  C:\Windows\System\ieVAwJo.exe
  2⤵
  PID:3028
- C:\Windows\System\eEmbZgV.exe
  C:\Windows\System\eEmbZgV.exe
  2⤵
  PID:12272
- C:\Windows\System\OrAdUWA.exe
  C:\Windows\System\OrAdUWA.exe
  2⤵
  PID:11316
- C:\Windows\System\MlOpaAN.exe
  C:\Windows\System\MlOpaAN.exe
  2⤵
  PID:11400
- C:\Windows\System\aRICifU.exe
  C:\Windows\System\aRICifU.exe
  2⤵
  PID:11564
- C:\Windows\System\KNURiXL.exe
  C:\Windows\System\KNURiXL.exe
  2⤵
  PID:11760
- C:\Windows\System\mPhJbbi.exe
  C:\Windows\System\mPhJbbi.exe
  2⤵
  PID:11784
- C:\Windows\System\QUNCHWu.exe
  C:\Windows\System\QUNCHWu.exe
  2⤵
  PID:12056
- C:\Windows\System\EkchMaO.exe
  C:\Windows\System\EkchMaO.exe
  2⤵
  PID:12120
- C:\Windows\System\TnvHvsg.exe
  C:\Windows\System\TnvHvsg.exe
  2⤵
  PID:12284
- C:\Windows\System\CQRXdxL.exe
  C:\Windows\System\CQRXdxL.exe
  2⤵
  PID:11636
- C:\Windows\System\tELgDJq.exe
  C:\Windows\System\tELgDJq.exe
  2⤵
  PID:11992
- C:\Windows\System\cMkcRSE.exe
  C:\Windows\System\cMkcRSE.exe
  2⤵
  PID:12204
- C:\Windows\System\SmwlFKt.exe
  C:\Windows\System\SmwlFKt.exe
  2⤵
  PID:12004
- C:\Windows\System\wVNMEvS.exe
  C:\Windows\System\wVNMEvS.exe
  2⤵
  PID:12304
- C:\Windows\System\oPoUoCc.exe
  C:\Windows\System\oPoUoCc.exe
  2⤵
  PID:12324
- C:\Windows\System\khvinFR.exe
  C:\Windows\System\khvinFR.exe
  2⤵
  PID:12356
- C:\Windows\System\fWFCZGn.exe
  C:\Windows\System\fWFCZGn.exe
  2⤵
  PID:12388
- C:\Windows\System\LvxHrXR.exe
  C:\Windows\System\LvxHrXR.exe
  2⤵
  PID:12416
- C:\Windows\System\vGNuTNZ.exe
  C:\Windows\System\vGNuTNZ.exe
  2⤵
  PID:12444
- C:\Windows\System\GxlZVbh.exe
  C:\Windows\System\GxlZVbh.exe
  2⤵
  PID:12472
- C:\Windows\System\cpUnprK.exe
  C:\Windows\System\cpUnprK.exe
  2⤵
  PID:12492
- C:\Windows\System\ifrETXM.exe
  C:\Windows\System\ifrETXM.exe
  2⤵
  PID:12516
- C:\Windows\System\WZIQaCb.exe
  C:\Windows\System\WZIQaCb.exe
  2⤵
  PID:12544
- C:\Windows\System\XNqzaOO.exe
  C:\Windows\System\XNqzaOO.exe
  2⤵
  PID:12572
- C:\Windows\System\OXYsNSk.exe
  C:\Windows\System\OXYsNSk.exe
  2⤵
  PID:12608
- C:\Windows\System\XNJGvqW.exe
  C:\Windows\System\XNJGvqW.exe
  2⤵
  PID:12640
- C:\Windows\System\CLMdgCe.exe
  C:\Windows\System\CLMdgCe.exe
  2⤵
  PID:12656
- C:\Windows\System\xoRafjn.exe
  C:\Windows\System\xoRafjn.exe
  2⤵
  PID:12680
- C:\Windows\System\jTqaYUw.exe
  C:\Windows\System\jTqaYUw.exe
  2⤵
  PID:12716
- C:\Windows\System\bfQRSQx.exe
  C:\Windows\System\bfQRSQx.exe
  2⤵
  PID:12740
- C:\Windows\System\JrFGZwq.exe
  C:\Windows\System\JrFGZwq.exe
  2⤵
  PID:12780
- C:\Windows\System\EAipJDf.exe
  C:\Windows\System\EAipJDf.exe
  2⤵
  PID:12796
- C:\Windows\System\QUpxGXU.exe
  C:\Windows\System\QUpxGXU.exe
  2⤵
  PID:12820
- C:\Windows\System\sRHHhJE.exe
  C:\Windows\System\sRHHhJE.exe
  2⤵
  PID:12972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hqaynyh0.0dj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CigsBuP.exe

Filesize
3.1MB

MD5
269f7b8129529b4fe1e4a6157708a85c

SHA1
ceef20967f50b15adaecc02baef37b50604c1b2d

SHA256
d5b14335c189b2667e6d8cd63a9cfe1b4ea2a0fa73ac85df2d4ae8b6d21afc62

SHA512
214fe6753e860a15d9e851461882d8fecfa149e5650d6f8eeed0fad58329c903054227c67ea477b659863c1c686de36b687afdaa93326a6e22414ddbe9abc1ce

Download Submit
C:\Windows\System\DiXAgkb.exe

Filesize
3.1MB

MD5
436331a8f22a24f2f5dc3452a3f7b0a2

SHA1
6e5a821877c703e960a6f808bdfdc48bb65d1fe9

SHA256
db4d637c6f3a4a45fd111781ccb2a8920ccd5467158aebd5312c2cdbfbd888ff

SHA512
9125e9ae081e6efeedf5ede93efe92acdbe4707ab8d466461f1df62dbfbd638cb50606090b889eb9a71873b9d19b947e902dfb9a770f26171b170805b4f0c44b

Download Submit
C:\Windows\System\DvQimpF.exe

Filesize
3.1MB

MD5
853a48bd14624aba04476e38ed222e80

SHA1
3b40e32283cd1645fbcba539e910d7d91eabae28

SHA256
a9196ab7033657520a26ca9967c0d3599eff576235c13b370b1e39f84b6ff6b5

SHA512
e17012972e45ffd8e7ba8ebb223cb775847296e3b083ad9c5f0e01df27155359376c27fa1e0095467b10aaa8fc83a6b799afc654c892525298f8fcfec9e0dc9f

Download Submit
C:\Windows\System\EdibAxS.exe

Filesize
3.1MB

MD5
d27865a2e16195ec3dfa079f01548695

SHA1
ab1a8728bef76383d9311e8009e0b39c92b213a6

SHA256
a27860e5016cfab7424402932a245c4e9fff8cd4d58923145e08226f4d2c706a

SHA512
3291c2d5d613ce25820ea1b20a86a154bd3beb75578e31de08d5b553d1726bb11f3f5b9332313337b6155c14e2f22f453d7562bbbd33973a881d0c8dc1cfeb0b

Download Submit
C:\Windows\System\FNZxedV.exe

Filesize
3.1MB

MD5
d259f3c9843ac997b6c7844de5423def

SHA1
effff05639e60642bc6cb92e05750e33b023518d

SHA256
ba99b593aa2a212c49fa2cdbef3ccaba7f01c87a6ae10333c0e68ab16874b6c8

SHA512
f00ab269bc204b9873ba14f23052aeb1b26a4151f9a26c282d925b4fb382a6d552e7817e9aa02d21bc56946ec863f235904e7cc59c8d5edb16473f1047883873

Download Submit
C:\Windows\System\HREYsMS.exe

Filesize
3.1MB

MD5
066e2bf3444d2a1d7ca2871231fa978f

SHA1
b892e398ccfb1fa208c725680a88ad1f813c4be8

SHA256
650f084a7b46f7c6deba6c359b472399f0033e49bcf9bf6e098d7f635bd475fe

SHA512
48711c88feaa356531ade20341d1d57fead6578ddeb06c3b8ec74a4f8cb1828aafb87eeafb5ad91d462e8aa982ab4ea721df1b5502f6590a9ebde1a9293f4bc5

Download Submit
C:\Windows\System\HZUJrxD.exe

Filesize
3.1MB

MD5
fe7242cd647d260294c3fc2fe514f381

SHA1
5953dc002193d45cfcd11ad7424bcad3ed660f80

SHA256
fe3098fa9fb532c1feea36e9ab5736f0d3a90cb542d2f324c1fc23a21fcfec34

SHA512
c3429417092724084e063f02e0e707c63c2121eec466ba5c77f03252b6ac5b4398db1d1f19b0c0c3587d760c0831dd4a38beea396b4f86de7cfa960d1361c9ff

Download Submit
C:\Windows\System\JhffJQp.exe

Filesize
3.1MB

MD5
e31a77b936fcc3e9e504fa4642cd6546

SHA1
59cbaaec29fa6ddb3f885e3af99665b510e5de27

SHA256
dad33510c3f5af1fd9ab2aab927929adc4d4f0b1ba022ce9a5e03c9ffa9675e8

SHA512
da28a0086fd8cfc741908257e8dbf868e0c29ca9185916825b6a28706d0dbb6ad2fd9bf36c538a815a1a07d6fc917db773112bbe2c9eb93ce459863e7a32d16c

Download Submit
C:\Windows\System\LFWDqKS.exe

Filesize
3.1MB

MD5
53366bafb2057679ccef4128c8054f0b

SHA1
c80b338ffa8e7afd6a2d42162a631372f9895ecf

SHA256
73de333db863bc9eb46365280841f8d04e2dfcc8cb02f886973aa3ba42e6ee14

SHA512
4943266a0736babdd663b32ab1825ec0d28127b5f5b90f2e194cb9c9fd5a1cf94d9e5331ce36fb8881b0b24098e9d5aee3daba41aa2d2ef5be8d8d3034799b18

Download Submit
C:\Windows\System\LaWHujF.exe

Filesize
3.1MB

MD5
eaec57e91f4192eb12cead04d5cd4bcb

SHA1
0f567174537924f1efa2e581576e57a98486c919

SHA256
48c937bc448d49e9ce6a40c4a0794aa77b31efaeafaef7386ad588006fa30ee8

SHA512
f2551a7edc0898d10fe1cf789088ebbfc4233ffe159028efe7f7af61baf23621f5f82f95b0e58ed55c721f1e288ffdfeb48ce406982cfebab89c0753363ac47b

Download Submit
C:\Windows\System\MiXYqtR.exe

Filesize
3.1MB

MD5
62193b540bfe3eb63712d669bfae55b5

SHA1
4ade3ce3fec8c45e12efe79d113e8f8ee0411792

SHA256
f11f116cc75d2af004e9477ebcfdadc009e9bc01604cde346b8fddc5a846dad0

SHA512
13d4127b52cbc65a35bd6f80cceb1a5d66181de4da706952da700f19ca68245275739a84f5acaa064d161ad2cb1917c345cf794498e13fe427a76dd5b3fcc2a6

Download Submit
C:\Windows\System\NlgTZPR.exe

Filesize
3.1MB

MD5
37410964b8d3b53fdd13845374150a5f

SHA1
2855734f962ee7d4e099a71a402a1c9a88f3ca57

SHA256
e90fd1b84cb615c386e8038cdd8421f9f45cdbc0636d6e0e39188c250fef06d5

SHA512
d11eea77fe0b439e59063565b4de9da2931637db7760cd3fe7e2a0f4528a4ebbe70552153619839f58c881b1d8743f9417a4dafe6fa45ce0d5807e18357e3369

Download Submit
C:\Windows\System\NlsGExP.exe

Filesize
3.1MB

MD5
3aa60d437ca76ec072785cf04ba763bf

SHA1
aa93a0cb8dbb44a2977580820b5e64d27d24f7d0

SHA256
ff84d4980595bf2a35d5975ccadd4a18170710e0469c7fbdd651e29e0fa7a59b

SHA512
3444c8a7f1f6b0c00e192b99eae476b8693b61d5b11a8f988cd769d109d8e060395ee8eace30e23299d1641952ed11f45ede075fb388c42ec365ef0929a2cf45

Download Submit
C:\Windows\System\PPrpnIJ.exe

Filesize
3.1MB

MD5
64b8cfbaa57029e8410f72822c39122a

SHA1
8ae98ac579c264217654d83971c25c385abd58a2

SHA256
6e4f9f34572897a8b1a87fbd7f971e4543d0e3d3961028a7c207f47360e215d1

SHA512
0ccfa9b9755d6e585336a9ae82ffb9666db50d1eeca9b388da74fea9fa0fe92e3a43941b557f9394bf4a6b58c30482181f2c4eaf9fa8f80f91dc295c40435b7f

Download Submit
C:\Windows\System\THgrEUZ.exe

Filesize
3.1MB

MD5
2d693f11ad7bf6e92ebbd7bdd54d28c2

SHA1
d1831ba79dbd4ee381ddb5a91ded32411b630a5d

SHA256
376835a80fa110369538fff99e29cc9cc3f5b6d67692183ee383b40ac2d68307

SHA512
7ac4de8610955913f30ca59fd1ca42968c14f30ecc5943d12c48b3ed805de424d8abde3e38b043389a6ac363e88f257ffdcf8a4e6727341b118d116a681ddf3e

Download Submit
C:\Windows\System\TzTostn.exe

Filesize
3.1MB

MD5
b2f0ccdaf8d5f45fe4a1b00dd9f968ce

SHA1
deeb0ca6dd3f2ab3a0e0d87454fb518dbaff3153

SHA256
21c1d50cc144964f2a880b11cbd4411c61af6ac98add696dd2b00c326ebb2ba1

SHA512
d9eda598daf26a964e85e5de0b81493ee026b2d102418ed70c2c8d56bded44829f30ce19689bd5253470b6f4fc1e7cef4395bd565bb10e8e4888ef34df64b248

Download Submit
C:\Windows\System\Uvgylwe.exe

Filesize
3.1MB

MD5
19c59bcebd5c05c1e775ad3186924e3d

SHA1
ad76e62dd92ac01b7522bffafb74cda530818708

SHA256
ffded0b6d736b1a54a85a89fddb3ed60250e89e66b15067c3660834774b382b9

SHA512
53fe4d71c814c758af2a40856ea56ac2dee6f06a138cec951bc5581af676bdfcb132a9913b0da5eae6f2f0880323ddc28d94104a03738659718488caeb6f97e3

Download Submit
C:\Windows\System\WttnjwG.exe

Filesize
3.1MB

MD5
9c84fb547b6184ede3cae8161845beea

SHA1
e3068763d7a11c1b2980c66a4e2229e8f2f0a22d

SHA256
82560145cf9c77b86d0588cacda928ff4cab3ec5ebfdc15fc6823d00abea6728

SHA512
23cbd6fb14b8ec8de9141ad6073f74170ce0d2e8adb62f781e2688280abe326c18c5d700d07a33f7562541a8a213c972a9845d69e75d3dbf8a0cf9430fb14cb4

Download Submit
C:\Windows\System\XvMdrWS.exe

Filesize
3.1MB

MD5
d9d8d4bae627aab82fc5f9c209aa6dc0

SHA1
605b95fe3d913e45e4a937e665fa556795c53425

SHA256
878c9eb78b738798b20509a8aa3289ea0ddf00cc1cee3851b94703ba8ed7d3f1

SHA512
962b2c30822d36b246195d349a5dd8fe0214619bcbfc5ce47e4ecec55a21fcaeca5a36f47d6a86cd80bfbd0bb224c3e59594306f6d5772470d24276a1d6b88f5

Download Submit
C:\Windows\System\aDpjXXT.exe

Filesize
3.1MB

MD5
9b0aca68627d96b411328d62ac3f0ea2

SHA1
899838de7d8d8e8ade88033f4d8d1fcac55e75b3

SHA256
c95a379cc18990dcbecb7470f1f6d28eece4efa8a0a646c07c13abe87c4d0dd7

SHA512
c6c980bfd53186c26c073fc0ba7ceaf69d2b26ad91aa0c7dd02722f4e9868b6191d50aaaf9c2858e69414a0887f2519cf21f85c3f0ee7689f0c036f042eeb01e

Download Submit
C:\Windows\System\aNhkAxf.exe

Filesize
3.1MB

MD5
8e52e2b406eed5481631456fe9e55dd5

SHA1
2b26c077321a0eda4132cf9d2fa8429c75235ccd

SHA256
11f031631bb19086323c76983f7bb88fe0735c3d0c68615f47de0aba48a60cb2

SHA512
f697c4bee9048cfff759cb75eed46deef80ebd6aca1ee321b18621c79d1979235b3a625b46fc7dfe5b165ecc05552d4cdfaee8d971d36ab1c23cfcce0af1328d

Download Submit
C:\Windows\System\akXWsAn.exe

Filesize
3.1MB

MD5
fa51e2ba8c36f5f02bf2192e37155cca

SHA1
dbb6413287a0eb9229fa4a4c13ec78f92468a649

SHA256
554462549ecd598822aa01b5d07e8063dde519f4aaf9f192dae3b0ae2dd7533c

SHA512
432b2447c7c444b9429388d9f0682e278f0f1e4cf8328864aba51c59541e5118b7921e31bf8be6e5a129831f208535aadc724429c09fabfc4b5c5814f530213e

Download Submit
C:\Windows\System\bjzZlLC.exe

Filesize
3.1MB

MD5
918292a6b51e0cf102f0abddb4e27ea5

SHA1
8e16bcadf6ab89a894874989750926ae2440a07a

SHA256
7c83b07105eeda0691936be943f545fbcb95a87b9a504a95ac5082e4244cd77c

SHA512
0e6adb86e05a602824153870421f762c915b20d3325f9b0bb97dc4a38b6aa25a72841f1891ea57a88e3cedde24ef088b2f0d254f288c095593d0786f0c1cedd1

Download Submit
C:\Windows\System\cGowJZF.exe

Filesize
3.1MB

MD5
4018aebd02905252ace9aa6b26a837f4

SHA1
1c2923bccc46a7ebf546202d48387e3d62d29546

SHA256
7a761a0e8ca8ea065bdc0821bca55a1b86fb9072683d8089ba05c087cbdc0e0a

SHA512
fc94a5289bfcb4a0cf8f830ddaa792248af1aad0c7f82814796ed36b496a9129f801e602933561d95b03a07ea19e1168b430acf0783eba90f7f7864e1bc94229

Download Submit
C:\Windows\System\dvHITLU.exe

Filesize
3.1MB

MD5
8d5946705381f4a71d5996b7d9e16b88

SHA1
8702cebd36ecef820d8a2068cb1e4c20b5e38ed4

SHA256
7f7ce8c34ea8b4bdd8757d50a41a69facf8f9c7404142004c5b22d0b9405965c

SHA512
d899aa4da2fe910f276246e9d3a49239f046b59f98a29d9a8ff621651966f39c0a3763f9f2f980d0298c95e4bd7cf9dfb63af14bbe9c62d7a01db1ed83d7f717

Download Submit
C:\Windows\System\gckINnI.exe

Filesize
3.1MB

MD5
960a5b06e6a85663d7afa292e3d0621d

SHA1
114616fd917f3984c56c1120a4e151a8c56a5a8c

SHA256
b288dbd1f25afda0e1a802da79c31829b863de8dbff691968b61f2a30cc272a7

SHA512
2b6ce933ad1409240eb5c2fb8ee93481a573f0c27c1a9ae3b31cd810959d735a120845121ec7cfe13b00cec378aa982978246ebe61196389c048b75446bd8497

Download Submit
C:\Windows\System\juMzjQA.exe

Filesize
3.1MB

MD5
6a9fb85c05f45f304f80e6d19090d763

SHA1
11103ed3da0aef9240bbf5c1d13fe80cd4df9f02

SHA256
fdf0f1d51770788e1e0941092cc5d5e9f16a6727ba3622d35dd2cc7ad6f0b909

SHA512
b9082e0ac12314f6aaafd9786bed6cf1fc4ecf061e31465a5eef0e1e51007183e6a11da6e1f0fe9bf477ae2cd4b8709daac49c03fdbd17dcd2b8dde44618d423

Download Submit
C:\Windows\System\knpGjJd.exe

Filesize
3.1MB

MD5
c419d7b6c74c8af5518ddc78abb8cf1d

SHA1
dec9bb6a3fef90fd8f6f8e16171c8b5332a039ed

SHA256
d7c8290f05e10c5c2532e94e47bb831a4f29d84938840f3b0d769f507bb174fe

SHA512
9f5bd0e596ba690fda107804c470794c4c3de0c3c5ed482b464435c5bcbeb1a831e441a9243dcc899b83ddfd49e91bb1dafdb4a238ab205033ab11c4b5298dde

Download Submit
C:\Windows\System\lHkxcxd.exe

Filesize
3.1MB

MD5
ecf1fa3d040b5cacc9d268d25f5f2c8d

SHA1
eaca2ce487f96839ad34d9bd008dcfd7bfbe890c

SHA256
1ded290e5ace4842d2277d792818c602760cfb835523adda800adb5bc17bdc95

SHA512
dc64436804fbf23bcb72b7f922aafa68855dee75c3b5b046501541fb5acc364174a3bb80f7ee5ebb42cbb024584b4765c3d68ab74446a65debb22323341cd18f

Download Submit
C:\Windows\System\lQDMlni.exe

Filesize
3.1MB

MD5
0af2c7608755a4c71a113fd7861111be

SHA1
e1d8024777bda3ca4c558657ad1bdf3610dd197c

SHA256
dc557ce86bca89249696031025babfd287ed5a108753fbf6961827bd44150582

SHA512
2c76fd7f57ebc3eaa1de73caad6b209c48cf401db4d52d925b52287456de6c3363d351a2048b0473943338ca74e0c4e4fd55cc1fa161e89c9fddb231635355f9

Download Submit
C:\Windows\System\mzRMVEu.exe

Filesize
3.1MB

MD5
12c5bc14a55e9f614ff838b938737043

SHA1
d62bc95810318217b80c4303957c79730d3201bb

SHA256
b8c0b1e57e6794dbf3355263ef9d3c68ac7602226147ab290fcaa6d241192cf5

SHA512
ade8491632a745f2b328024563e4830041100f491f890365af674f4438e0031da92f432095c60d698c6221a1ded46bbc1290b6d1f7e21ac480227bbdd423afc0

Download Submit
C:\Windows\System\qfbkSWz.exe

Filesize
3.1MB

MD5
3124b7f9f4ff226c95da79e1571cda85

SHA1
1fa1c672b7bd05f4bfab5fa848dd016dbd285b9c

SHA256
2aa054e448153293f6191e9c4ac5cfdb4f04ab316a60f528fe37f3fb2de01742

SHA512
7108b32d28248b0c80103cc1e3f590cb6e05fd28fc6ef6e2e1eaea19af87a4585a784b4cff508f5c709d8d05b879c1c6fa0c044e06310eafa47705c3a605ebae

Download Submit
C:\Windows\System\sLjWjWf.exe

Filesize
3.1MB

MD5
2e9af970138a2b5d11a6756ce25b32c3

SHA1
e4dcae4ede6ae0053bf572fc7af977628ec59ec4

SHA256
6ece3fe570c029c9d6f02c097761672b6071b289d65ffadcf09f4a525c651004

SHA512
2cbf43957e59956425669fd4923c3344d10079dcc704e33aedbd5d4e9b6c25077ad8019bbb3b6d62b72b6649c950cd96a8a2825bca006211329520c66bdfff61

Download Submit
C:\Windows\System\srVaGRX.exe

Filesize
3.1MB

MD5
c3b7658b9cfd7e7af9c93c4a63446984

SHA1
7e0458d50a7b51de8a7eee9bc57222543019be62

SHA256
6c69401f230f101a4da20eb66ac2c89b57643b59649acdb71b4b7fa2dd0aab86

SHA512
77203519f36036f1f2f940f3bf59e63becff4ba3fa7eb9921b8167e9e746eddd23aa52eea0f483d923bb4d78c07874384469cbfce69572a355d749ba8583cb4a

Download Submit
C:\Windows\System\vXpGwBN.exe

Filesize
3.1MB

MD5
834ae9685eea4fcb5ae8011369918ed8

SHA1
a24452dc0fb85ec9ac3393b8d3f04ee854e80b89

SHA256
c602259f312583afaae34444d680fad021c01b6fae6fda3745109a4eca886c47

SHA512
38b934829bad2d29d8cbb404c8afc09f29ece131d44644d24230209ff1a8371af218aad25dd6018121da87f03918fa1b073c026586226c84197d26d4008abd0d

Download Submit
C:\Windows\System\wzSZmzd.exe

Filesize
3.1MB

MD5
873e7ec187854f9791fa6acfd60fa638

SHA1
b5d7e78f4f18bad0bd847bc5cf7824c8ee3d3001

SHA256
64fdddaf6cc12792830d31de55ad708f6897189023d308f482227b6a157c41ab

SHA512
ed8630464f95ecfa83638f2d5527afb6afea8c957381b4edd0405d2f95e958fae6ee4fcacab8ff481add864c5ead29366dee34c23cd0519c350dc60ba27828b3

Download Submit
C:\Windows\System\yefAgcQ.exe

Filesize
3.1MB

MD5
8b4c45e2f53f42d5131513a4b2990b31

SHA1
00071f12d8c0d19c2b7e42481d9ed427de2cadc6

SHA256
a0fc30888de394952fe866a468cc3e80e6e98d127c610c47a279c6cf89eae8f2

SHA512
f032eef570b7f125d1f967ecfdd2e05d2b89af38c9d88de35b55c1348ff24ea2de2028bbbcfc07a2a01b5c84fd4d77884554e217bbe30023564884f034e1c2f9

Download Submit
C:\Windows\System\ziwJfwf.exe

Filesize
3.1MB

MD5
0fc05d0160481d018b6be5ea7948e79d

SHA1
d6f11ad6a5a386ac39999b86795c1cf2b44740c6

SHA256
dd4e366dad7229491c9da373dc92e3d8ee2460850f8f74331c6958df45d935d6

SHA512
a32baf19216d065af4f892f0265c13845d3bb389f185dbc7634fec9e2f56b433274f9435471f03f6f0cb280358f53a9d3bf5110902cdc9814b3fcf642c5ef4be

Download Submit
memory/224-147-0x00007FF69EB40000-0x00007FF69EF36000-memory.dmp

Filesize
4.0MB

Download
memory/224-2091-0x00007FF69EB40000-0x00007FF69EF36000-memory.dmp

Filesize
4.0MB

Download
memory/880-2090-0x00007FF714170000-0x00007FF714566000-memory.dmp

Filesize
4.0MB

Download
memory/880-138-0x00007FF714170000-0x00007FF714566000-memory.dmp

Filesize
4.0MB

Download
memory/904-2098-0x00007FF67F410000-0x00007FF67F806000-memory.dmp

Filesize
4.0MB

Download
memory/904-236-0x00007FF67F410000-0x00007FF67F806000-memory.dmp

Filesize
4.0MB

Download
memory/1008-133-0x00007FF7E85F0000-0x00007FF7E89E6000-memory.dmp

Filesize
4.0MB

Download
memory/1008-2085-0x00007FF7E85F0000-0x00007FF7E89E6000-memory.dmp

Filesize
4.0MB

Download
memory/1056-2083-0x00007FF742100000-0x00007FF7424F6000-memory.dmp

Filesize
4.0MB

Download
memory/1056-108-0x00007FF742100000-0x00007FF7424F6000-memory.dmp

Filesize
4.0MB

Download
memory/1392-2080-0x00007FF760D50000-0x00007FF761146000-memory.dmp

Filesize
4.0MB

Download
memory/1392-143-0x00007FF760D50000-0x00007FF761146000-memory.dmp

Filesize
4.0MB

Download
memory/1640-141-0x00007FF6485A0000-0x00007FF648996000-memory.dmp

Filesize
4.0MB

Download
memory/1640-2093-0x00007FF6485A0000-0x00007FF648996000-memory.dmp

Filesize
4.0MB

Download
memory/1684-2077-0x00007FFBBBC03000-0x00007FFBBBC05000-memory.dmp

Filesize
8KB

Download
memory/1684-119-0x00000223DE420000-0x00000223DE442000-memory.dmp

Filesize
136KB

Download
memory/1684-2076-0x00007FFBBBC00000-0x00007FFBBC6C1000-memory.dmp

Filesize
10.8MB

Download
memory/1684-90-0x00007FFBBBC00000-0x00007FFBBC6C1000-memory.dmp

Filesize
10.8MB

Download
memory/1684-66-0x00007FFBBBC00000-0x00007FFBBC6C1000-memory.dmp

Filesize
10.8MB

Download
memory/1684-298-0x00000223DEFF0000-0x00000223DF796000-memory.dmp

Filesize
7.6MB

Download
memory/1684-21-0x00007FFBBBC03000-0x00007FFBBBC05000-memory.dmp

Filesize
8KB

Download
memory/1712-2081-0x00007FF605CD0000-0x00007FF6060C6000-memory.dmp

Filesize
4.0MB

Download
memory/1712-144-0x00007FF605CD0000-0x00007FF6060C6000-memory.dmp

Filesize
4.0MB

Download
memory/2036-146-0x00007FF796DC0000-0x00007FF7971B6000-memory.dmp

Filesize
4.0MB

Download
memory/2036-2092-0x00007FF796DC0000-0x00007FF7971B6000-memory.dmp

Filesize
4.0MB

Download
memory/2080-99-0x00007FF611670000-0x00007FF611A66000-memory.dmp

Filesize
4.0MB

Download
memory/2080-2082-0x00007FF611670000-0x00007FF611A66000-memory.dmp

Filesize
4.0MB

Download
memory/2112-2086-0x00007FF7BFBC0000-0x00007FF7BFFB6000-memory.dmp

Filesize
4.0MB

Download
memory/2112-130-0x00007FF7BFBC0000-0x00007FF7BFFB6000-memory.dmp

Filesize
4.0MB

Download
memory/2388-2095-0x00007FF7159D0000-0x00007FF715DC6000-memory.dmp

Filesize
4.0MB

Download
memory/2388-137-0x00007FF7159D0000-0x00007FF715DC6000-memory.dmp

Filesize
4.0MB

Download
memory/2492-142-0x00007FF612600000-0x00007FF6129F6000-memory.dmp

Filesize
4.0MB

Download
memory/2676-136-0x00007FF65A430000-0x00007FF65A826000-memory.dmp

Filesize
4.0MB

Download
memory/2676-2096-0x00007FF65A430000-0x00007FF65A826000-memory.dmp

Filesize
4.0MB

Download
memory/2700-2074-0x00007FF7C4BB0000-0x00007FF7C4FA6000-memory.dmp

Filesize
4.0MB

Download
memory/2700-0-0x00007FF7C4BB0000-0x00007FF7C4FA6000-memory.dmp

Filesize
4.0MB

Download
memory/2700-1-0x0000028CB29D0000-0x0000028CB29E0000-memory.dmp

Filesize
64KB

Download
memory/2876-2078-0x00007FF6A7E70000-0x00007FF6A8266000-memory.dmp

Filesize
4.0MB

Download
memory/2876-13-0x00007FF6A7E70000-0x00007FF6A8266000-memory.dmp

Filesize
4.0MB

Download
memory/3576-2100-0x00007FF613700000-0x00007FF613AF6000-memory.dmp

Filesize
4.0MB

Download
memory/3576-140-0x00007FF613700000-0x00007FF613AF6000-memory.dmp

Filesize
4.0MB

Download
memory/3620-145-0x00007FF7BA7A0000-0x00007FF7BAB96000-memory.dmp

Filesize
4.0MB

Download
memory/3620-2084-0x00007FF7BA7A0000-0x00007FF7BAB96000-memory.dmp

Filesize
4.0MB

Download
memory/4224-2079-0x00007FF7C9BA0000-0x00007FF7C9F96000-memory.dmp

Filesize
4.0MB

Download
memory/4224-25-0x00007FF7C9BA0000-0x00007FF7C9F96000-memory.dmp

Filesize
4.0MB

Download
memory/4224-2075-0x00007FF7C9BA0000-0x00007FF7C9F96000-memory.dmp

Filesize
4.0MB

Download
memory/4780-2087-0x00007FF6B1430000-0x00007FF6B1826000-memory.dmp

Filesize
4.0MB

Download
memory/4780-127-0x00007FF6B1430000-0x00007FF6B1826000-memory.dmp

Filesize
4.0MB

Download
memory/4896-2099-0x00007FF6AF970000-0x00007FF6AFD66000-memory.dmp

Filesize
4.0MB

Download
memory/4896-227-0x00007FF6AF970000-0x00007FF6AFD66000-memory.dmp

Filesize
4.0MB

Download
memory/4900-134-0x00007FF6505B0000-0x00007FF6509A6000-memory.dmp

Filesize
4.0MB

Download
memory/4900-2089-0x00007FF6505B0000-0x00007FF6509A6000-memory.dmp

Filesize
4.0MB

Download
memory/5040-2088-0x00007FF7774D0000-0x00007FF7778C6000-memory.dmp

Filesize
4.0MB

Download
memory/5040-128-0x00007FF7774D0000-0x00007FF7778C6000-memory.dmp

Filesize
4.0MB

Download
memory/5100-2094-0x00007FF7E5AD0000-0x00007FF7E5EC6000-memory.dmp

Filesize
4.0MB

Download
memory/5100-139-0x00007FF7E5AD0000-0x00007FF7E5EC6000-memory.dmp

Filesize
4.0MB

Download
memory/5104-135-0x00007FF623010000-0x00007FF623406000-memory.dmp

Filesize
4.0MB

Download
memory/5104-2097-0x00007FF623010000-0x00007FF623406000-memory.dmp

Filesize
4.0MB

Download