xmrig | a479585e8716c2fc8efbf0fd1c9257372a1f8dac72d404900cad3e9915590f42

Analysis

max time kernel
120s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
Size

3.3MB
MD5

110c3576380bdcd380eb48700201bb80
SHA1

194b4775ed03b6ac1fafd472f89d5ab9460459f5
SHA256

a479585e8716c2fc8efbf0fd1c9257372a1f8dac72d404900cad3e9915590f42
SHA512

861d4da1be5945722d36eb47521dfa960270ec686b521fdb398cb7e825ffd7064a2d9b635f303d3f8d24b8b424c2eebebecf2aaf79686ddac3cbba819e0efe24
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWV:SbBeSFkJ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4372-0-0x00007FF6CDF00000-0x00007FF6CE2F6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023424-5.dat	xmrig
behavioral2/memory/2772-15-0x00007FF6FDC90000-0x00007FF6FE086000-memory.dmp	xmrig
behavioral2/files/0x000700000002342b-25.dat	xmrig
behavioral2/files/0x000700000002342d-36.dat	xmrig
behavioral2/files/0x000700000002342e-41.dat	xmrig
behavioral2/files/0x0007000000023435-78.dat	xmrig
behavioral2/files/0x0008000000023434-94.dat	xmrig
behavioral2/files/0x000700000002343a-110.dat	xmrig
behavioral2/memory/2368-127-0x00007FF6748E0000-0x00007FF674CD6000-memory.dmp	xmrig
behavioral2/files/0x000700000002343d-136.dat	xmrig
behavioral2/memory/4712-141-0x00007FF763920000-0x00007FF763D16000-memory.dmp	xmrig
behavioral2/memory/60-143-0x00007FF77CCE0000-0x00007FF77D0D6000-memory.dmp	xmrig
behavioral2/memory/4848-146-0x00007FF7D5260000-0x00007FF7D5656000-memory.dmp	xmrig
behavioral2/memory/460-147-0x00007FF701DC0000-0x00007FF7021B6000-memory.dmp	xmrig
behavioral2/memory/668-145-0x00007FF6F13F0000-0x00007FF6F17E6000-memory.dmp	xmrig
behavioral2/memory/4912-144-0x00007FF7B0F90000-0x00007FF7B1386000-memory.dmp	xmrig
behavioral2/memory/944-142-0x00007FF60F490000-0x00007FF60F886000-memory.dmp	xmrig
behavioral2/memory/1800-140-0x00007FF618300000-0x00007FF6186F6000-memory.dmp	xmrig
behavioral2/memory/1564-139-0x00007FF7C1BD0000-0x00007FF7C1FC6000-memory.dmp	xmrig
behavioral2/memory/4672-138-0x00007FF738970000-0x00007FF738D66000-memory.dmp	xmrig
behavioral2/files/0x000700000002343b-134.dat	xmrig
behavioral2/memory/1812-133-0x00007FF740B20000-0x00007FF740F16000-memory.dmp	xmrig
behavioral2/files/0x000700000002343c-129.dat	xmrig
behavioral2/memory/2240-128-0x00007FF7474E0000-0x00007FF7478D6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023439-125.dat	xmrig
behavioral2/files/0x0007000000023438-123.dat	xmrig
behavioral2/files/0x0007000000023437-120.dat	xmrig
behavioral2/memory/5048-118-0x00007FF790230000-0x00007FF790626000-memory.dmp	xmrig
behavioral2/memory/2812-112-0x00007FF607E80000-0x00007FF608276000-memory.dmp	xmrig
behavioral2/files/0x0007000000023436-106.dat	xmrig
behavioral2/memory/2548-97-0x00007FF6522C0000-0x00007FF6526B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023432-90.dat	xmrig
behavioral2/files/0x0007000000023430-81.dat	xmrig
behavioral2/memory/1900-77-0x00007FF7C84F0000-0x00007FF7C88E6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023431-73.dat	xmrig
behavioral2/files/0x000700000002342f-69.dat	xmrig
behavioral2/memory/3476-51-0x00007FF79F9A0000-0x00007FF79FD96000-memory.dmp	xmrig
behavioral2/memory/452-42-0x00007FF7D8560000-0x00007FF7D8956000-memory.dmp	xmrig
behavioral2/files/0x000700000002342c-46.dat	xmrig
behavioral2/memory/1808-39-0x00007FF7D1AC0000-0x00007FF7D1EB6000-memory.dmp	xmrig
behavioral2/files/0x000700000002342a-35.dat	xmrig
behavioral2/memory/4576-31-0x00007FF7507E0000-0x00007FF750BD6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023429-26.dat	xmrig
behavioral2/files/0x0007000000023428-20.dat	xmrig
behavioral2/files/0x0008000000023433-155.dat	xmrig
behavioral2/memory/1060-158-0x00007FF6CB0D0000-0x00007FF6CB4C6000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-168.dat	xmrig
behavioral2/files/0x0007000000023440-175.dat	xmrig
behavioral2/files/0x000700000002343f-172.dat	xmrig
behavioral2/files/0x0007000000023443-183.dat	xmrig
behavioral2/files/0x0007000000023446-205.dat	xmrig
behavioral2/files/0x0007000000023445-197.dat	xmrig
behavioral2/files/0x0007000000023444-195.dat	xmrig
behavioral2/files/0x0007000000023441-180.dat	xmrig
behavioral2/memory/3088-166-0x00007FF628C00000-0x00007FF628FF6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023425-161.dat	xmrig
behavioral2/memory/4372-1677-0x00007FF6CDF00000-0x00007FF6CE2F6000-memory.dmp	xmrig
behavioral2/memory/4576-1681-0x00007FF7507E0000-0x00007FF750BD6000-memory.dmp	xmrig
behavioral2/memory/3476-1692-0x00007FF79F9A0000-0x00007FF79FD96000-memory.dmp	xmrig
behavioral2/memory/452-1690-0x00007FF7D8560000-0x00007FF7D8956000-memory.dmp	xmrig
behavioral2/memory/2772-1680-0x00007FF6FDC90000-0x00007FF6FE086000-memory.dmp	xmrig
behavioral2/memory/1060-2157-0x00007FF6CB0D0000-0x00007FF6CB4C6000-memory.dmp	xmrig
behavioral2/memory/1808-2159-0x00007FF7D1AC0000-0x00007FF7D1EB6000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
9	1996	powershell.exe
11	1996	powershell.exe
16	1996	powershell.exe
17	1996	powershell.exe
19	1996	powershell.exe
29	1996	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1996	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2772	NGMkaDV.exe
4576	slvYbJI.exe
1808	gesdefS.exe
1900	AZxfzOy.exe
452	PpkhMXr.exe
2548	oQBMuui.exe
3476	QffdZYJ.exe
2812	hSGrNnQ.exe
5048	oxoyvZN.exe
60	VruLioX.exe
2368	lAbyIfI.exe
2240	cOsxhmO.exe
1812	rXIBULN.exe
4912	YdoJKnZ.exe
4672	ZMUFGmT.exe
668	OEsOvpH.exe
1564	YYqGQJV.exe
1800	JLYEehq.exe
4712	pOEgZGL.exe
4848	QRDfWzj.exe
460	oKBOYch.exe
944	RDqlfme.exe
1060	PLuMsRa.exe
3088	tdSVyma.exe
2864	fdrQWlE.exe
2496	rvKQcTF.exe
2580	byxyFtJ.exe
3204	kvuTlMc.exe
2724	FZToAGi.exe
1328	PbZVshh.exe
5072	yEjjqXK.exe
4416	ODhMzxv.exe
2280	kjApCPQ.exe
1972	PRsxORR.exe
4288	cmIRAUs.exe
4476	vwjozbx.exe
1892	EvCzdHb.exe
4316	IGCbCpa.exe
4996	YVfbrLI.exe
5096	hyoMMDl.exe
2880	wRAQrEs.exe
4964	ANXKgpZ.exe
2472	mzLMnbq.exe
3796	RCdEAoj.exe
3924	MWLAAwu.exe
1316	kIkuuDm.exe
5080	wSlQmbh.exe
2868	oailhTb.exe
4240	UWsJlTf.exe
2108	chEeusy.exe
1600	ajirafR.exe
4168	LaXjwTM.exe
1520	YDHifuY.exe
3784	yawtzTK.exe
4456	dogpbiE.exe
1976	ZjgXpEX.exe
4260	zWgYtUh.exe
1284	klNgYBi.exe
4332	bMkuuqL.exe
3532	RyUboJU.exe
4804	SkyIfVL.exe
4516	pwIBtjp.exe
4328	RveIbff.exe
428	QWrSdaf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4372-0-0x00007FF6CDF00000-0x00007FF6CE2F6000-memory.dmp	upx
behavioral2/files/0x0008000000023424-5.dat	upx
behavioral2/memory/2772-15-0x00007FF6FDC90000-0x00007FF6FE086000-memory.dmp	upx
behavioral2/files/0x000700000002342b-25.dat	upx
behavioral2/files/0x000700000002342d-36.dat	upx
behavioral2/files/0x000700000002342e-41.dat	upx
behavioral2/files/0x0007000000023435-78.dat	upx
behavioral2/files/0x0008000000023434-94.dat	upx
behavioral2/files/0x000700000002343a-110.dat	upx
behavioral2/memory/2368-127-0x00007FF6748E0000-0x00007FF674CD6000-memory.dmp	upx
behavioral2/files/0x000700000002343d-136.dat	upx
behavioral2/memory/4712-141-0x00007FF763920000-0x00007FF763D16000-memory.dmp	upx
behavioral2/memory/60-143-0x00007FF77CCE0000-0x00007FF77D0D6000-memory.dmp	upx
behavioral2/memory/4848-146-0x00007FF7D5260000-0x00007FF7D5656000-memory.dmp	upx
behavioral2/memory/460-147-0x00007FF701DC0000-0x00007FF7021B6000-memory.dmp	upx
behavioral2/memory/668-145-0x00007FF6F13F0000-0x00007FF6F17E6000-memory.dmp	upx
behavioral2/memory/4912-144-0x00007FF7B0F90000-0x00007FF7B1386000-memory.dmp	upx
behavioral2/memory/944-142-0x00007FF60F490000-0x00007FF60F886000-memory.dmp	upx
behavioral2/memory/1800-140-0x00007FF618300000-0x00007FF6186F6000-memory.dmp	upx
behavioral2/memory/1564-139-0x00007FF7C1BD0000-0x00007FF7C1FC6000-memory.dmp	upx
behavioral2/memory/4672-138-0x00007FF738970000-0x00007FF738D66000-memory.dmp	upx
behavioral2/files/0x000700000002343b-134.dat	upx
behavioral2/memory/1812-133-0x00007FF740B20000-0x00007FF740F16000-memory.dmp	upx
behavioral2/files/0x000700000002343c-129.dat	upx
behavioral2/memory/2240-128-0x00007FF7474E0000-0x00007FF7478D6000-memory.dmp	upx
behavioral2/files/0x0007000000023439-125.dat	upx
behavioral2/files/0x0007000000023438-123.dat	upx
behavioral2/files/0x0007000000023437-120.dat	upx
behavioral2/memory/5048-118-0x00007FF790230000-0x00007FF790626000-memory.dmp	upx
behavioral2/memory/2812-112-0x00007FF607E80000-0x00007FF608276000-memory.dmp	upx
behavioral2/files/0x0007000000023436-106.dat	upx
behavioral2/memory/2548-97-0x00007FF6522C0000-0x00007FF6526B6000-memory.dmp	upx
behavioral2/files/0x0007000000023432-90.dat	upx
behavioral2/files/0x0007000000023430-81.dat	upx
behavioral2/memory/1900-77-0x00007FF7C84F0000-0x00007FF7C88E6000-memory.dmp	upx
behavioral2/files/0x0007000000023431-73.dat	upx
behavioral2/files/0x000700000002342f-69.dat	upx
behavioral2/memory/3476-51-0x00007FF79F9A0000-0x00007FF79FD96000-memory.dmp	upx
behavioral2/memory/452-42-0x00007FF7D8560000-0x00007FF7D8956000-memory.dmp	upx
behavioral2/files/0x000700000002342c-46.dat	upx
behavioral2/memory/1808-39-0x00007FF7D1AC0000-0x00007FF7D1EB6000-memory.dmp	upx
behavioral2/files/0x000700000002342a-35.dat	upx
behavioral2/memory/4576-31-0x00007FF7507E0000-0x00007FF750BD6000-memory.dmp	upx
behavioral2/files/0x0007000000023429-26.dat	upx
behavioral2/files/0x0007000000023428-20.dat	upx
behavioral2/files/0x0008000000023433-155.dat	upx
behavioral2/memory/1060-158-0x00007FF6CB0D0000-0x00007FF6CB4C6000-memory.dmp	upx
behavioral2/files/0x000700000002343e-168.dat	upx
behavioral2/files/0x0007000000023440-175.dat	upx
behavioral2/files/0x000700000002343f-172.dat	upx
behavioral2/files/0x0007000000023443-183.dat	upx
behavioral2/files/0x0007000000023446-205.dat	upx
behavioral2/files/0x0007000000023445-197.dat	upx
behavioral2/files/0x0007000000023444-195.dat	upx
behavioral2/files/0x0007000000023441-180.dat	upx
behavioral2/memory/3088-166-0x00007FF628C00000-0x00007FF628FF6000-memory.dmp	upx
behavioral2/files/0x0008000000023425-161.dat	upx
behavioral2/memory/4372-1677-0x00007FF6CDF00000-0x00007FF6CE2F6000-memory.dmp	upx
behavioral2/memory/4576-1681-0x00007FF7507E0000-0x00007FF750BD6000-memory.dmp	upx
behavioral2/memory/3476-1692-0x00007FF79F9A0000-0x00007FF79FD96000-memory.dmp	upx
behavioral2/memory/452-1690-0x00007FF7D8560000-0x00007FF7D8956000-memory.dmp	upx
behavioral2/memory/2772-1680-0x00007FF6FDC90000-0x00007FF6FE086000-memory.dmp	upx
behavioral2/memory/1060-2157-0x00007FF6CB0D0000-0x00007FF6CB4C6000-memory.dmp	upx
behavioral2/memory/1808-2159-0x00007FF7D1AC0000-0x00007FF7D1EB6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BeDfgxE.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\AZxfzOy.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\xWBegtf.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\zQZwLzw.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\Zfcvmdk.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\dIoDDSI.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\TkudWxZ.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\KWDbpdT.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\eEYruQx.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\rsieUMQ.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\fiKdKkJ.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\biLsEMZ.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\zSWzjlh.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\lKkxlNl.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\nHAtoFT.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\DbxiABY.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\QRtZwPG.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\PpkhMXr.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\zdfJVYt.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\PEvOTGE.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\XaEOGWn.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\ouDKCaX.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\EnwwTYA.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\QWrSdaf.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\THUTKmB.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\OHyrFUK.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\rKksJfO.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\lunfVPg.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\ncmHmfM.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\OsbEKNk.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\xAwpfqh.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\QSuihvp.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\sboETHK.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\HRLVtzt.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\JBgpDwM.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\bihZGoe.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\UKQIwOy.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\QffdZYJ.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\HczEPdB.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\zkijnyD.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\PRAkfQw.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\DjTYwLt.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\uaKzlaT.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\lkszXzC.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\SYXoVjx.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\SkyIfVL.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\KtkSakG.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\trUhHHa.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\QRpDcDy.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\dEWOsuw.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\CdJXBpB.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\BOPcoDt.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\RveIbff.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\bZWxuEQ.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\CGbDUaJ.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\hlMsHae.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\XWaNEQH.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\OytRdzj.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\pZBpwsl.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\ZizVJiC.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\rXIBULN.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\xskJKVO.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\SFceTFV.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
File created	C:\Windows\System\daaFVwm.exe	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1996	powershell.exe
1996	powershell.exe
1996	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
Token: SeDebugPrivilege	1996	powershell.exe
Token: SeLockMemoryPrivilege	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 1996	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	84
PID 4372 wrote to memory of 1996	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	84
PID 4372 wrote to memory of 2772	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	85
PID 4372 wrote to memory of 2772	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	85
PID 4372 wrote to memory of 1808	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	86
PID 4372 wrote to memory of 1808	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	86
PID 4372 wrote to memory of 4576	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	87
PID 4372 wrote to memory of 4576	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	87
PID 4372 wrote to memory of 452	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	88
PID 4372 wrote to memory of 452	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	88
PID 4372 wrote to memory of 1900	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	89
PID 4372 wrote to memory of 1900	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	89
PID 4372 wrote to memory of 2548	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	90
PID 4372 wrote to memory of 2548	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	90
PID 4372 wrote to memory of 3476	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	91
PID 4372 wrote to memory of 3476	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	91
PID 4372 wrote to memory of 2812	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	92
PID 4372 wrote to memory of 2812	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	92
PID 4372 wrote to memory of 5048	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	93
PID 4372 wrote to memory of 5048	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	93
PID 4372 wrote to memory of 60	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	94
PID 4372 wrote to memory of 60	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	94
PID 4372 wrote to memory of 2368	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	95
PID 4372 wrote to memory of 2368	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	95
PID 4372 wrote to memory of 1812	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	96
PID 4372 wrote to memory of 1812	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	96
PID 4372 wrote to memory of 2240	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	97
PID 4372 wrote to memory of 2240	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	97
PID 4372 wrote to memory of 4912	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	98
PID 4372 wrote to memory of 4912	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	98
PID 4372 wrote to memory of 4672	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	99
PID 4372 wrote to memory of 4672	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	99
PID 4372 wrote to memory of 668	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	100
PID 4372 wrote to memory of 668	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	100
PID 4372 wrote to memory of 1564	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	101
PID 4372 wrote to memory of 1564	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	101
PID 4372 wrote to memory of 1800	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	102
PID 4372 wrote to memory of 1800	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	102
PID 4372 wrote to memory of 4712	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	103
PID 4372 wrote to memory of 4712	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	103
PID 4372 wrote to memory of 460	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	104
PID 4372 wrote to memory of 460	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	104
PID 4372 wrote to memory of 4848	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	105
PID 4372 wrote to memory of 4848	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	105
PID 4372 wrote to memory of 944	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	106
PID 4372 wrote to memory of 944	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	106
PID 4372 wrote to memory of 1060	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	107
PID 4372 wrote to memory of 1060	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	107
PID 4372 wrote to memory of 3088	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	108
PID 4372 wrote to memory of 3088	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	108
PID 4372 wrote to memory of 2864	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	109
PID 4372 wrote to memory of 2864	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	109
PID 4372 wrote to memory of 2496	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	110
PID 4372 wrote to memory of 2496	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	110
PID 4372 wrote to memory of 2580	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	111
PID 4372 wrote to memory of 2580	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	111
PID 4372 wrote to memory of 3204	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	112
PID 4372 wrote to memory of 3204	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	112
PID 4372 wrote to memory of 2724	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	113
PID 4372 wrote to memory of 2724	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	113
PID 4372 wrote to memory of 1328	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	114
PID 4372 wrote to memory of 1328	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	114
PID 4372 wrote to memory of 5072	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	115
PID 4372 wrote to memory of 5072	4372	110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\110c3576380bdcd380eb48700201bb80_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1996
- C:\Windows\System\NGMkaDV.exe
  C:\Windows\System\NGMkaDV.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\gesdefS.exe
  C:\Windows\System\gesdefS.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\slvYbJI.exe
  C:\Windows\System\slvYbJI.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\PpkhMXr.exe
  C:\Windows\System\PpkhMXr.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\AZxfzOy.exe
  C:\Windows\System\AZxfzOy.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\oQBMuui.exe
  C:\Windows\System\oQBMuui.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\QffdZYJ.exe
  C:\Windows\System\QffdZYJ.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\hSGrNnQ.exe
  C:\Windows\System\hSGrNnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\oxoyvZN.exe
  C:\Windows\System\oxoyvZN.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\VruLioX.exe
  C:\Windows\System\VruLioX.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\lAbyIfI.exe
  C:\Windows\System\lAbyIfI.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\rXIBULN.exe
  C:\Windows\System\rXIBULN.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\cOsxhmO.exe
  C:\Windows\System\cOsxhmO.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\YdoJKnZ.exe
  C:\Windows\System\YdoJKnZ.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\ZMUFGmT.exe
  C:\Windows\System\ZMUFGmT.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\OEsOvpH.exe
  C:\Windows\System\OEsOvpH.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\YYqGQJV.exe
  C:\Windows\System\YYqGQJV.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\JLYEehq.exe
  C:\Windows\System\JLYEehq.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\pOEgZGL.exe
  C:\Windows\System\pOEgZGL.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\oKBOYch.exe
  C:\Windows\System\oKBOYch.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\QRDfWzj.exe
  C:\Windows\System\QRDfWzj.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\RDqlfme.exe
  C:\Windows\System\RDqlfme.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\PLuMsRa.exe
  C:\Windows\System\PLuMsRa.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\tdSVyma.exe
  C:\Windows\System\tdSVyma.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\fdrQWlE.exe
  C:\Windows\System\fdrQWlE.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\rvKQcTF.exe
  C:\Windows\System\rvKQcTF.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\byxyFtJ.exe
  C:\Windows\System\byxyFtJ.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\kvuTlMc.exe
  C:\Windows\System\kvuTlMc.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\FZToAGi.exe
  C:\Windows\System\FZToAGi.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\PbZVshh.exe
  C:\Windows\System\PbZVshh.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\yEjjqXK.exe
  C:\Windows\System\yEjjqXK.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\ODhMzxv.exe
  C:\Windows\System\ODhMzxv.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\kjApCPQ.exe
  C:\Windows\System\kjApCPQ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\PRsxORR.exe
  C:\Windows\System\PRsxORR.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\cmIRAUs.exe
  C:\Windows\System\cmIRAUs.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\vwjozbx.exe
  C:\Windows\System\vwjozbx.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\EvCzdHb.exe
  C:\Windows\System\EvCzdHb.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\IGCbCpa.exe
  C:\Windows\System\IGCbCpa.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\YVfbrLI.exe
  C:\Windows\System\YVfbrLI.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\hyoMMDl.exe
  C:\Windows\System\hyoMMDl.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\wRAQrEs.exe
  C:\Windows\System\wRAQrEs.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ANXKgpZ.exe
  C:\Windows\System\ANXKgpZ.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\mzLMnbq.exe
  C:\Windows\System\mzLMnbq.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\RCdEAoj.exe
  C:\Windows\System\RCdEAoj.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\MWLAAwu.exe
  C:\Windows\System\MWLAAwu.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\kIkuuDm.exe
  C:\Windows\System\kIkuuDm.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\wSlQmbh.exe
  C:\Windows\System\wSlQmbh.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\oailhTb.exe
  C:\Windows\System\oailhTb.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\UWsJlTf.exe
  C:\Windows\System\UWsJlTf.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\chEeusy.exe
  C:\Windows\System\chEeusy.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ajirafR.exe
  C:\Windows\System\ajirafR.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\LaXjwTM.exe
  C:\Windows\System\LaXjwTM.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\YDHifuY.exe
  C:\Windows\System\YDHifuY.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\yawtzTK.exe
  C:\Windows\System\yawtzTK.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\dogpbiE.exe
  C:\Windows\System\dogpbiE.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\ZjgXpEX.exe
  C:\Windows\System\ZjgXpEX.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\zWgYtUh.exe
  C:\Windows\System\zWgYtUh.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\klNgYBi.exe
  C:\Windows\System\klNgYBi.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\bMkuuqL.exe
  C:\Windows\System\bMkuuqL.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\RyUboJU.exe
  C:\Windows\System\RyUboJU.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\SkyIfVL.exe
  C:\Windows\System\SkyIfVL.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\pwIBtjp.exe
  C:\Windows\System\pwIBtjp.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\RveIbff.exe
  C:\Windows\System\RveIbff.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\QWrSdaf.exe
  C:\Windows\System\QWrSdaf.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\bSyKYNT.exe
  C:\Windows\System\bSyKYNT.exe
  2⤵
  PID:1392
- C:\Windows\System\LWsKzab.exe
  C:\Windows\System\LWsKzab.exe
  2⤵
  PID:3120
- C:\Windows\System\mutVqOM.exe
  C:\Windows\System\mutVqOM.exe
  2⤵
  PID:1168
- C:\Windows\System\kATarWw.exe
  C:\Windows\System\kATarWw.exe
  2⤵
  PID:3932
- C:\Windows\System\WabvuCc.exe
  C:\Windows\System\WabvuCc.exe
  2⤵
  PID:3748
- C:\Windows\System\jjMVMGe.exe
  C:\Windows\System\jjMVMGe.exe
  2⤵
  PID:3224
- C:\Windows\System\ycGrmAJ.exe
  C:\Windows\System\ycGrmAJ.exe
  2⤵
  PID:4980
- C:\Windows\System\SPAKZNe.exe
  C:\Windows\System\SPAKZNe.exe
  2⤵
  PID:4692
- C:\Windows\System\wnnuysh.exe
  C:\Windows\System\wnnuysh.exe
  2⤵
  PID:856
- C:\Windows\System\xTplTqr.exe
  C:\Windows\System\xTplTqr.exe
  2⤵
  PID:956
- C:\Windows\System\sLGdyci.exe
  C:\Windows\System\sLGdyci.exe
  2⤵
  PID:3460
- C:\Windows\System\xurFEbD.exe
  C:\Windows\System\xurFEbD.exe
  2⤵
  PID:820
- C:\Windows\System\dwjXbFa.exe
  C:\Windows\System\dwjXbFa.exe
  2⤵
  PID:2196
- C:\Windows\System\IhLDcGX.exe
  C:\Windows\System\IhLDcGX.exe
  2⤵
  PID:5144
- C:\Windows\System\bZWxuEQ.exe
  C:\Windows\System\bZWxuEQ.exe
  2⤵
  PID:5200
- C:\Windows\System\FgmdMBi.exe
  C:\Windows\System\FgmdMBi.exe
  2⤵
  PID:5220
- C:\Windows\System\uXKtNeH.exe
  C:\Windows\System\uXKtNeH.exe
  2⤵
  PID:5236
- C:\Windows\System\LTiicoa.exe
  C:\Windows\System\LTiicoa.exe
  2⤵
  PID:5264
- C:\Windows\System\TxtMCNM.exe
  C:\Windows\System\TxtMCNM.exe
  2⤵
  PID:5316
- C:\Windows\System\kmFWMIh.exe
  C:\Windows\System\kmFWMIh.exe
  2⤵
  PID:5348
- C:\Windows\System\TptveSc.exe
  C:\Windows\System\TptveSc.exe
  2⤵
  PID:5384
- C:\Windows\System\NZDjTJM.exe
  C:\Windows\System\NZDjTJM.exe
  2⤵
  PID:5408
- C:\Windows\System\XkoDFWs.exe
  C:\Windows\System\XkoDFWs.exe
  2⤵
  PID:5440
- C:\Windows\System\AVqIfwX.exe
  C:\Windows\System\AVqIfwX.exe
  2⤵
  PID:5476
- C:\Windows\System\JIZtUde.exe
  C:\Windows\System\JIZtUde.exe
  2⤵
  PID:5508
- C:\Windows\System\HczEPdB.exe
  C:\Windows\System\HczEPdB.exe
  2⤵
  PID:5524
- C:\Windows\System\lunfVPg.exe
  C:\Windows\System\lunfVPg.exe
  2⤵
  PID:5560
- C:\Windows\System\DFtodBM.exe
  C:\Windows\System\DFtodBM.exe
  2⤵
  PID:5608
- C:\Windows\System\enXzIRF.exe
  C:\Windows\System\enXzIRF.exe
  2⤵
  PID:5644
- C:\Windows\System\pPXQyRh.exe
  C:\Windows\System\pPXQyRh.exe
  2⤵
  PID:5692
- C:\Windows\System\AQrYNGQ.exe
  C:\Windows\System\AQrYNGQ.exe
  2⤵
  PID:5748
- C:\Windows\System\TaEvNwN.exe
  C:\Windows\System\TaEvNwN.exe
  2⤵
  PID:5780
- C:\Windows\System\lvpWjCh.exe
  C:\Windows\System\lvpWjCh.exe
  2⤵
  PID:5816
- C:\Windows\System\xWBegtf.exe
  C:\Windows\System\xWBegtf.exe
  2⤵
  PID:5844
- C:\Windows\System\aMmdzud.exe
  C:\Windows\System\aMmdzud.exe
  2⤵
  PID:5892
- C:\Windows\System\DroQWzK.exe
  C:\Windows\System\DroQWzK.exe
  2⤵
  PID:5912
- C:\Windows\System\gvHafHA.exe
  C:\Windows\System\gvHafHA.exe
  2⤵
  PID:5948
- C:\Windows\System\imrjMmy.exe
  C:\Windows\System\imrjMmy.exe
  2⤵
  PID:5980
- C:\Windows\System\fALtlzi.exe
  C:\Windows\System\fALtlzi.exe
  2⤵
  PID:6008
- C:\Windows\System\pECecrk.exe
  C:\Windows\System\pECecrk.exe
  2⤵
  PID:6044
- C:\Windows\System\hlMsHae.exe
  C:\Windows\System\hlMsHae.exe
  2⤵
  PID:6080
- C:\Windows\System\KtsKIiQ.exe
  C:\Windows\System\KtsKIiQ.exe
  2⤵
  PID:6108
- C:\Windows\System\OlploQA.exe
  C:\Windows\System\OlploQA.exe
  2⤵
  PID:6140
- C:\Windows\System\wDZcKMr.exe
  C:\Windows\System\wDZcKMr.exe
  2⤵
  PID:5140
- C:\Windows\System\hFueflX.exe
  C:\Windows\System\hFueflX.exe
  2⤵
  PID:5228
- C:\Windows\System\lKkxlNl.exe
  C:\Windows\System\lKkxlNl.exe
  2⤵
  PID:5288
- C:\Windows\System\YfHPqXB.exe
  C:\Windows\System\YfHPqXB.exe
  2⤵
  PID:5372
- C:\Windows\System\QSuihvp.exe
  C:\Windows\System\QSuihvp.exe
  2⤵
  PID:1336
- C:\Windows\System\VpDqMCK.exe
  C:\Windows\System\VpDqMCK.exe
  2⤵
  PID:5432
- C:\Windows\System\ytlYZhn.exe
  C:\Windows\System\ytlYZhn.exe
  2⤵
  PID:5484
- C:\Windows\System\knXjIkb.exe
  C:\Windows\System\knXjIkb.exe
  2⤵
  PID:5548
- C:\Windows\System\RHiqoBT.exe
  C:\Windows\System\RHiqoBT.exe
  2⤵
  PID:2244
- C:\Windows\System\SGPopNz.exe
  C:\Windows\System\SGPopNz.exe
  2⤵
  PID:5720
- C:\Windows\System\JhRSwsM.exe
  C:\Windows\System\JhRSwsM.exe
  2⤵
  PID:5776
- C:\Windows\System\ZjjZZuN.exe
  C:\Windows\System\ZjjZZuN.exe
  2⤵
  PID:5864
- C:\Windows\System\AVDSucK.exe
  C:\Windows\System\AVDSucK.exe
  2⤵
  PID:5936
- C:\Windows\System\FanVQbR.exe
  C:\Windows\System\FanVQbR.exe
  2⤵
  PID:5972
- C:\Windows\System\KtkSakG.exe
  C:\Windows\System\KtkSakG.exe
  2⤵
  PID:6004
- C:\Windows\System\TTbNxAB.exe
  C:\Windows\System\TTbNxAB.exe
  2⤵
  PID:6068
- C:\Windows\System\xskJKVO.exe
  C:\Windows\System\xskJKVO.exe
  2⤵
  PID:6136
- C:\Windows\System\hzKnHys.exe
  C:\Windows\System\hzKnHys.exe
  2⤵
  PID:3760
- C:\Windows\System\zTDhgOT.exe
  C:\Windows\System\zTDhgOT.exe
  2⤵
  PID:5336
- C:\Windows\System\ejeTdDR.exe
  C:\Windows\System\ejeTdDR.exe
  2⤵
  PID:5500
- C:\Windows\System\PAnzpdQ.exe
  C:\Windows\System\PAnzpdQ.exe
  2⤵
  PID:2736
- C:\Windows\System\jqtWAqw.exe
  C:\Windows\System\jqtWAqw.exe
  2⤵
  PID:5740
- C:\Windows\System\qQxaJQd.exe
  C:\Windows\System\qQxaJQd.exe
  2⤵
  PID:5908
- C:\Windows\System\HRLVtzt.exe
  C:\Windows\System\HRLVtzt.exe
  2⤵
  PID:6056
- C:\Windows\System\WUoRCvg.exe
  C:\Windows\System\WUoRCvg.exe
  2⤵
  PID:6132
- C:\Windows\System\PRFDjiE.exe
  C:\Windows\System\PRFDjiE.exe
  2⤵
  PID:5688
- C:\Windows\System\EPRBlQL.exe
  C:\Windows\System\EPRBlQL.exe
  2⤵
  PID:5216
- C:\Windows\System\CtMeqrW.exe
  C:\Windows\System\CtMeqrW.exe
  2⤵
  PID:6172
- C:\Windows\System\JiisCjW.exe
  C:\Windows\System\JiisCjW.exe
  2⤵
  PID:6200
- C:\Windows\System\BeDfgxE.exe
  C:\Windows\System\BeDfgxE.exe
  2⤵
  PID:6244
- C:\Windows\System\RGrzyfZ.exe
  C:\Windows\System\RGrzyfZ.exe
  2⤵
  PID:6260
- C:\Windows\System\JZKIlZv.exe
  C:\Windows\System\JZKIlZv.exe
  2⤵
  PID:6320
- C:\Windows\System\ApMOImi.exe
  C:\Windows\System\ApMOImi.exe
  2⤵
  PID:6372
- C:\Windows\System\KRCpHUk.exe
  C:\Windows\System\KRCpHUk.exe
  2⤵
  PID:6420
- C:\Windows\System\SqDXVEF.exe
  C:\Windows\System\SqDXVEF.exe
  2⤵
  PID:6452
- C:\Windows\System\CWevBep.exe
  C:\Windows\System\CWevBep.exe
  2⤵
  PID:6480
- C:\Windows\System\rcIwTOb.exe
  C:\Windows\System\rcIwTOb.exe
  2⤵
  PID:6508
- C:\Windows\System\CPwlADi.exe
  C:\Windows\System\CPwlADi.exe
  2⤵
  PID:6536
- C:\Windows\System\NNbDkDw.exe
  C:\Windows\System\NNbDkDw.exe
  2⤵
  PID:6568
- C:\Windows\System\duefwIL.exe
  C:\Windows\System\duefwIL.exe
  2⤵
  PID:6600
- C:\Windows\System\EHWHkac.exe
  C:\Windows\System\EHWHkac.exe
  2⤵
  PID:6636
- C:\Windows\System\yTvPfFq.exe
  C:\Windows\System\yTvPfFq.exe
  2⤵
  PID:6672
- C:\Windows\System\SYarLDm.exe
  C:\Windows\System\SYarLDm.exe
  2⤵
  PID:6704
- C:\Windows\System\LJtTZJX.exe
  C:\Windows\System\LJtTZJX.exe
  2⤵
  PID:6736
- C:\Windows\System\WTdbWnD.exe
  C:\Windows\System\WTdbWnD.exe
  2⤵
  PID:6764
- C:\Windows\System\zyNHxzg.exe
  C:\Windows\System\zyNHxzg.exe
  2⤵
  PID:6792
- C:\Windows\System\CPnXEgU.exe
  C:\Windows\System\CPnXEgU.exe
  2⤵
  PID:6812
- C:\Windows\System\HEdEDhy.exe
  C:\Windows\System\HEdEDhy.exe
  2⤵
  PID:6844
- C:\Windows\System\chirFtZ.exe
  C:\Windows\System\chirFtZ.exe
  2⤵
  PID:6868
- C:\Windows\System\dDLhVUH.exe
  C:\Windows\System\dDLhVUH.exe
  2⤵
  PID:6904
- C:\Windows\System\PMjljoN.exe
  C:\Windows\System\PMjljoN.exe
  2⤵
  PID:6924
- C:\Windows\System\PUyiTna.exe
  C:\Windows\System\PUyiTna.exe
  2⤵
  PID:6960
- C:\Windows\System\rsieUMQ.exe
  C:\Windows\System\rsieUMQ.exe
  2⤵
  PID:7004
- C:\Windows\System\HsDxvwT.exe
  C:\Windows\System\HsDxvwT.exe
  2⤵
  PID:7020
- C:\Windows\System\PFtOGbT.exe
  C:\Windows\System\PFtOGbT.exe
  2⤵
  PID:7052
- C:\Windows\System\axQtzWI.exe
  C:\Windows\System\axQtzWI.exe
  2⤵
  PID:7084
- C:\Windows\System\nHAtoFT.exe
  C:\Windows\System\nHAtoFT.exe
  2⤵
  PID:7116
- C:\Windows\System\uCbHaXH.exe
  C:\Windows\System\uCbHaXH.exe
  2⤵
  PID:7148
- C:\Windows\System\pCvKAlT.exe
  C:\Windows\System\pCvKAlT.exe
  2⤵
  PID:5884
- C:\Windows\System\XzdNfRN.exe
  C:\Windows\System\XzdNfRN.exe
  2⤵
  PID:6224
- C:\Windows\System\kAZgmsF.exe
  C:\Windows\System\kAZgmsF.exe
  2⤵
  PID:6332
- C:\Windows\System\SOBmDDA.exe
  C:\Windows\System\SOBmDDA.exe
  2⤵
  PID:6448
- C:\Windows\System\bHQxNBp.exe
  C:\Windows\System\bHQxNBp.exe
  2⤵
  PID:6500
- C:\Windows\System\puXWJlY.exe
  C:\Windows\System\puXWJlY.exe
  2⤵
  PID:6560
- C:\Windows\System\MBcCDSP.exe
  C:\Windows\System\MBcCDSP.exe
  2⤵
  PID:6628
- C:\Windows\System\xLRwfXL.exe
  C:\Windows\System\xLRwfXL.exe
  2⤵
  PID:5504
- C:\Windows\System\jhxxgSN.exe
  C:\Windows\System\jhxxgSN.exe
  2⤵
  PID:6776
- C:\Windows\System\GpuIoNK.exe
  C:\Windows\System\GpuIoNK.exe
  2⤵
  PID:6832
- C:\Windows\System\wNrXDFZ.exe
  C:\Windows\System\wNrXDFZ.exe
  2⤵
  PID:6892
- C:\Windows\System\vRsZfcA.exe
  C:\Windows\System\vRsZfcA.exe
  2⤵
  PID:6968
- C:\Windows\System\PtHdVGe.exe
  C:\Windows\System\PtHdVGe.exe
  2⤵
  PID:7040
- C:\Windows\System\ehkKXpo.exe
  C:\Windows\System\ehkKXpo.exe
  2⤵
  PID:7104
- C:\Windows\System\EkymHpf.exe
  C:\Windows\System\EkymHpf.exe
  2⤵
  PID:6152
- C:\Windows\System\qXUiNhZ.exe
  C:\Windows\System\qXUiNhZ.exe
  2⤵
  PID:6468
- C:\Windows\System\gQTVHXF.exe
  C:\Windows\System\gQTVHXF.exe
  2⤵
  PID:6548
- C:\Windows\System\iXBqfkq.exe
  C:\Windows\System\iXBqfkq.exe
  2⤵
  PID:6748
- C:\Windows\System\qRTRlpK.exe
  C:\Windows\System\qRTRlpK.exe
  2⤵
  PID:6920
- C:\Windows\System\UkEEzRx.exe
  C:\Windows\System\UkEEzRx.exe
  2⤵
  PID:7032
- C:\Windows\System\ncmHmfM.exe
  C:\Windows\System\ncmHmfM.exe
  2⤵
  PID:5904
- C:\Windows\System\SozshHi.exe
  C:\Windows\System\SozshHi.exe
  2⤵
  PID:6692
- C:\Windows\System\fiKdKkJ.exe
  C:\Windows\System\fiKdKkJ.exe
  2⤵
  PID:6980
- C:\Windows\System\IAqNhMC.exe
  C:\Windows\System\IAqNhMC.exe
  2⤵
  PID:6972
- C:\Windows\System\aPczTct.exe
  C:\Windows\System\aPczTct.exe
  2⤵
  PID:6520
- C:\Windows\System\QoQwWVr.exe
  C:\Windows\System\QoQwWVr.exe
  2⤵
  PID:7184
- C:\Windows\System\URLwDeG.exe
  C:\Windows\System\URLwDeG.exe
  2⤵
  PID:7212
- C:\Windows\System\DHHwspu.exe
  C:\Windows\System\DHHwspu.exe
  2⤵
  PID:7240
- C:\Windows\System\rtBKcga.exe
  C:\Windows\System\rtBKcga.exe
  2⤵
  PID:7268
- C:\Windows\System\fXVdRIZ.exe
  C:\Windows\System\fXVdRIZ.exe
  2⤵
  PID:7284
- C:\Windows\System\Fcbtsep.exe
  C:\Windows\System\Fcbtsep.exe
  2⤵
  PID:7312
- C:\Windows\System\rgXypHj.exe
  C:\Windows\System\rgXypHj.exe
  2⤵
  PID:7352
- C:\Windows\System\OfHGFBn.exe
  C:\Windows\System\OfHGFBn.exe
  2⤵
  PID:7392
- C:\Windows\System\izzqFIf.exe
  C:\Windows\System\izzqFIf.exe
  2⤵
  PID:7412
- C:\Windows\System\YMpKEqs.exe
  C:\Windows\System\YMpKEqs.exe
  2⤵
  PID:7428
- C:\Windows\System\oNeZghp.exe
  C:\Windows\System\oNeZghp.exe
  2⤵
  PID:7468
- C:\Windows\System\LIKcuOJ.exe
  C:\Windows\System\LIKcuOJ.exe
  2⤵
  PID:7504
- C:\Windows\System\epSblHe.exe
  C:\Windows\System\epSblHe.exe
  2⤵
  PID:7524
- C:\Windows\System\JBgpDwM.exe
  C:\Windows\System\JBgpDwM.exe
  2⤵
  PID:7564
- C:\Windows\System\KcVOcck.exe
  C:\Windows\System\KcVOcck.exe
  2⤵
  PID:7592
- C:\Windows\System\MAmwmEn.exe
  C:\Windows\System\MAmwmEn.exe
  2⤵
  PID:7612
- C:\Windows\System\KAZiTtK.exe
  C:\Windows\System\KAZiTtK.exe
  2⤵
  PID:7640
- C:\Windows\System\oFyPfTG.exe
  C:\Windows\System\oFyPfTG.exe
  2⤵
  PID:7668
- C:\Windows\System\THUTKmB.exe
  C:\Windows\System\THUTKmB.exe
  2⤵
  PID:7704
- C:\Windows\System\FRtcIns.exe
  C:\Windows\System\FRtcIns.exe
  2⤵
  PID:7740
- C:\Windows\System\KpneYYZ.exe
  C:\Windows\System\KpneYYZ.exe
  2⤵
  PID:7764
- C:\Windows\System\JYaGqfk.exe
  C:\Windows\System\JYaGqfk.exe
  2⤵
  PID:7792
- C:\Windows\System\gfViZZH.exe
  C:\Windows\System\gfViZZH.exe
  2⤵
  PID:7820
- C:\Windows\System\cvLdCEH.exe
  C:\Windows\System\cvLdCEH.exe
  2⤵
  PID:7852
- C:\Windows\System\trUhHHa.exe
  C:\Windows\System\trUhHHa.exe
  2⤵
  PID:7880
- C:\Windows\System\XBVeJWM.exe
  C:\Windows\System\XBVeJWM.exe
  2⤵
  PID:7916
- C:\Windows\System\TKfrKIi.exe
  C:\Windows\System\TKfrKIi.exe
  2⤵
  PID:7968
- C:\Windows\System\NKQymgx.exe
  C:\Windows\System\NKQymgx.exe
  2⤵
  PID:7984
- C:\Windows\System\zdfJVYt.exe
  C:\Windows\System\zdfJVYt.exe
  2⤵
  PID:8036
- C:\Windows\System\aVFXDrG.exe
  C:\Windows\System\aVFXDrG.exe
  2⤵
  PID:8056
- C:\Windows\System\kWrfLlC.exe
  C:\Windows\System\kWrfLlC.exe
  2⤵
  PID:8088
- C:\Windows\System\zSWzjlh.exe
  C:\Windows\System\zSWzjlh.exe
  2⤵
  PID:8120
- C:\Windows\System\YNTasWw.exe
  C:\Windows\System\YNTasWw.exe
  2⤵
  PID:8148
- C:\Windows\System\GgEgthe.exe
  C:\Windows\System\GgEgthe.exe
  2⤵
  PID:8176
- C:\Windows\System\SFceTFV.exe
  C:\Windows\System\SFceTFV.exe
  2⤵
  PID:7224
- C:\Windows\System\oolmGxI.exe
  C:\Windows\System\oolmGxI.exe
  2⤵
  PID:7260
- C:\Windows\System\iByhMGJ.exe
  C:\Windows\System\iByhMGJ.exe
  2⤵
  PID:7340
- C:\Windows\System\ZXSpqqM.exe
  C:\Windows\System\ZXSpqqM.exe
  2⤵
  PID:7400
- C:\Windows\System\kXvNbsk.exe
  C:\Windows\System\kXvNbsk.exe
  2⤵
  PID:7480
- C:\Windows\System\tKpCUMc.exe
  C:\Windows\System\tKpCUMc.exe
  2⤵
  PID:7520
- C:\Windows\System\DbxiABY.exe
  C:\Windows\System\DbxiABY.exe
  2⤵
  PID:7580
- C:\Windows\System\zzXeRmA.exe
  C:\Windows\System\zzXeRmA.exe
  2⤵
  PID:7652
- C:\Windows\System\dgVNJvO.exe
  C:\Windows\System\dgVNJvO.exe
  2⤵
  PID:7692
- C:\Windows\System\zQZwLzw.exe
  C:\Windows\System\zQZwLzw.exe
  2⤵
  PID:7784
- C:\Windows\System\QRpDcDy.exe
  C:\Windows\System\QRpDcDy.exe
  2⤵
  PID:7840
- C:\Windows\System\ZzMWnnQ.exe
  C:\Windows\System\ZzMWnnQ.exe
  2⤵
  PID:7912
- C:\Windows\System\UvIpZlQ.exe
  C:\Windows\System\UvIpZlQ.exe
  2⤵
  PID:7980
- C:\Windows\System\elNbqSZ.exe
  C:\Windows\System\elNbqSZ.exe
  2⤵
  PID:8068
- C:\Windows\System\QDfCWyj.exe
  C:\Windows\System\QDfCWyj.exe
  2⤵
  PID:8160
- C:\Windows\System\DKLLFSj.exe
  C:\Windows\System\DKLLFSj.exe
  2⤵
  PID:7176
- C:\Windows\System\bpHmZdn.exe
  C:\Windows\System\bpHmZdn.exe
  2⤵
  PID:7364
- C:\Windows\System\LrgmKMr.exe
  C:\Windows\System\LrgmKMr.exe
  2⤵
  PID:7516
- C:\Windows\System\aeBcvja.exe
  C:\Windows\System\aeBcvja.exe
  2⤵
  PID:7700
- C:\Windows\System\UNVjqTD.exe
  C:\Windows\System\UNVjqTD.exe
  2⤵
  PID:7372
- C:\Windows\System\Zfcvmdk.exe
  C:\Windows\System\Zfcvmdk.exe
  2⤵
  PID:8008
- C:\Windows\System\FHzJZBr.exe
  C:\Windows\System\FHzJZBr.exe
  2⤵
  PID:8128
- C:\Windows\System\MrJcHKr.exe
  C:\Windows\System\MrJcHKr.exe
  2⤵
  PID:2928
- C:\Windows\System\bnWftfh.exe
  C:\Windows\System\bnWftfh.exe
  2⤵
  PID:7544
- C:\Windows\System\EhTFGda.exe
  C:\Windows\System\EhTFGda.exe
  2⤵
  PID:7952
- C:\Windows\System\rlpoSfs.exe
  C:\Windows\System\rlpoSfs.exe
  2⤵
  PID:7748
- C:\Windows\System\ghHHKas.exe
  C:\Windows\System\ghHHKas.exe
  2⤵
  PID:7496
- C:\Windows\System\FUmiemX.exe
  C:\Windows\System\FUmiemX.exe
  2⤵
  PID:8220
- C:\Windows\System\zkijnyD.exe
  C:\Windows\System\zkijnyD.exe
  2⤵
  PID:8248
- C:\Windows\System\nrEOEYj.exe
  C:\Windows\System\nrEOEYj.exe
  2⤵
  PID:8276
- C:\Windows\System\fNgPvSB.exe
  C:\Windows\System\fNgPvSB.exe
  2⤵
  PID:8304
- C:\Windows\System\FZIoWvT.exe
  C:\Windows\System\FZIoWvT.exe
  2⤵
  PID:8332
- C:\Windows\System\ZVzPToI.exe
  C:\Windows\System\ZVzPToI.exe
  2⤵
  PID:8360
- C:\Windows\System\QFSWtgJ.exe
  C:\Windows\System\QFSWtgJ.exe
  2⤵
  PID:8388
- C:\Windows\System\TQvBTGL.exe
  C:\Windows\System\TQvBTGL.exe
  2⤵
  PID:8404
- C:\Windows\System\tFsIFwq.exe
  C:\Windows\System\tFsIFwq.exe
  2⤵
  PID:8444
- C:\Windows\System\KkaawYL.exe
  C:\Windows\System\KkaawYL.exe
  2⤵
  PID:8472
- C:\Windows\System\tYgxRBw.exe
  C:\Windows\System\tYgxRBw.exe
  2⤵
  PID:8500
- C:\Windows\System\PRAkfQw.exe
  C:\Windows\System\PRAkfQw.exe
  2⤵
  PID:8528
- C:\Windows\System\dIoDDSI.exe
  C:\Windows\System\dIoDDSI.exe
  2⤵
  PID:8556
- C:\Windows\System\DRGqgMN.exe
  C:\Windows\System\DRGqgMN.exe
  2⤵
  PID:8584
- C:\Windows\System\lcZNrtr.exe
  C:\Windows\System\lcZNrtr.exe
  2⤵
  PID:8612
- C:\Windows\System\SkKKbmT.exe
  C:\Windows\System\SkKKbmT.exe
  2⤵
  PID:8640
- C:\Windows\System\XWaNEQH.exe
  C:\Windows\System\XWaNEQH.exe
  2⤵
  PID:8668
- C:\Windows\System\dJUTedW.exe
  C:\Windows\System\dJUTedW.exe
  2⤵
  PID:8696
- C:\Windows\System\MufWRcd.exe
  C:\Windows\System\MufWRcd.exe
  2⤵
  PID:8724
- C:\Windows\System\oDNfRQr.exe
  C:\Windows\System\oDNfRQr.exe
  2⤵
  PID:8752
- C:\Windows\System\pulRwGv.exe
  C:\Windows\System\pulRwGv.exe
  2⤵
  PID:8780
- C:\Windows\System\YgmLIkM.exe
  C:\Windows\System\YgmLIkM.exe
  2⤵
  PID:8796
- C:\Windows\System\IpKNqXz.exe
  C:\Windows\System\IpKNqXz.exe
  2⤵
  PID:8824
- C:\Windows\System\iIFpZgg.exe
  C:\Windows\System\iIFpZgg.exe
  2⤵
  PID:8864
- C:\Windows\System\oGzKYfk.exe
  C:\Windows\System\oGzKYfk.exe
  2⤵
  PID:8892
- C:\Windows\System\hfsBoFi.exe
  C:\Windows\System\hfsBoFi.exe
  2⤵
  PID:8920
- C:\Windows\System\DjTYwLt.exe
  C:\Windows\System\DjTYwLt.exe
  2⤵
  PID:8948
- C:\Windows\System\LmpgVwg.exe
  C:\Windows\System\LmpgVwg.exe
  2⤵
  PID:8976
- C:\Windows\System\sdUkBGM.exe
  C:\Windows\System\sdUkBGM.exe
  2⤵
  PID:9004
- C:\Windows\System\gKXlaPM.exe
  C:\Windows\System\gKXlaPM.exe
  2⤵
  PID:9032
- C:\Windows\System\KntFJYw.exe
  C:\Windows\System\KntFJYw.exe
  2⤵
  PID:9060
- C:\Windows\System\DgFlVAD.exe
  C:\Windows\System\DgFlVAD.exe
  2⤵
  PID:9092
- C:\Windows\System\daaFVwm.exe
  C:\Windows\System\daaFVwm.exe
  2⤵
  PID:9120
- C:\Windows\System\ZLPJalI.exe
  C:\Windows\System\ZLPJalI.exe
  2⤵
  PID:9148
- C:\Windows\System\YgmUOVt.exe
  C:\Windows\System\YgmUOVt.exe
  2⤵
  PID:9176
- C:\Windows\System\JTebkgi.exe
  C:\Windows\System\JTebkgi.exe
  2⤵
  PID:9204
- C:\Windows\System\MfneSqh.exe
  C:\Windows\System\MfneSqh.exe
  2⤵
  PID:8240
- C:\Windows\System\GvbwZhP.exe
  C:\Windows\System\GvbwZhP.exe
  2⤵
  PID:8316
- C:\Windows\System\xZmtPDQ.exe
  C:\Windows\System\xZmtPDQ.exe
  2⤵
  PID:8384
- C:\Windows\System\tfthayo.exe
  C:\Windows\System\tfthayo.exe
  2⤵
  PID:8440
- C:\Windows\System\ksXeehB.exe
  C:\Windows\System\ksXeehB.exe
  2⤵
  PID:8496
- C:\Windows\System\NbIWZyf.exe
  C:\Windows\System\NbIWZyf.exe
  2⤵
  PID:8568
- C:\Windows\System\PHFDjtw.exe
  C:\Windows\System\PHFDjtw.exe
  2⤵
  PID:4112
- C:\Windows\System\hcgFTob.exe
  C:\Windows\System\hcgFTob.exe
  2⤵
  PID:8688
- C:\Windows\System\gFSfQkR.exe
  C:\Windows\System\gFSfQkR.exe
  2⤵
  PID:8748
- C:\Windows\System\NyzOyRk.exe
  C:\Windows\System\NyzOyRk.exe
  2⤵
  PID:8904
- C:\Windows\System\egyzHfK.exe
  C:\Windows\System\egyzHfK.exe
  2⤵
  PID:9000
- C:\Windows\System\RwLrMyW.exe
  C:\Windows\System\RwLrMyW.exe
  2⤵
  PID:9088
- C:\Windows\System\XKnLmHN.exe
  C:\Windows\System\XKnLmHN.exe
  2⤵
  PID:8264
- C:\Windows\System\XGcpfUD.exe
  C:\Windows\System\XGcpfUD.exe
  2⤵
  PID:8428
- C:\Windows\System\SmzWzJp.exe
  C:\Windows\System\SmzWzJp.exe
  2⤵
  PID:8596
- C:\Windows\System\syHWrSt.exe
  C:\Windows\System\syHWrSt.exe
  2⤵
  PID:8680
- C:\Windows\System\RNLnhVP.exe
  C:\Windows\System\RNLnhVP.exe
  2⤵
  PID:8744
- C:\Windows\System\bihZGoe.exe
  C:\Windows\System\bihZGoe.exe
  2⤵
  PID:8988
- C:\Windows\System\izaOsvL.exe
  C:\Windows\System\izaOsvL.exe
  2⤵
  PID:8344
- C:\Windows\System\uaKzlaT.exe
  C:\Windows\System\uaKzlaT.exe
  2⤵
  PID:8736
- C:\Windows\System\BsJDbsP.exe
  C:\Windows\System\BsJDbsP.exe
  2⤵
  PID:8652
- C:\Windows\System\UKQIwOy.exe
  C:\Windows\System\UKQIwOy.exe
  2⤵
  PID:9240
- C:\Windows\System\XMuTfSN.exe
  C:\Windows\System\XMuTfSN.exe
  2⤵
  PID:9284
- C:\Windows\System\zcbBnKX.exe
  C:\Windows\System\zcbBnKX.exe
  2⤵
  PID:9304
- C:\Windows\System\TkudWxZ.exe
  C:\Windows\System\TkudWxZ.exe
  2⤵
  PID:9332
- C:\Windows\System\lkszXzC.exe
  C:\Windows\System\lkszXzC.exe
  2⤵
  PID:9360
- C:\Windows\System\ihENArd.exe
  C:\Windows\System\ihENArd.exe
  2⤵
  PID:9388
- C:\Windows\System\NDjJEmt.exe
  C:\Windows\System\NDjJEmt.exe
  2⤵
  PID:9420
- C:\Windows\System\gTcdFSy.exe
  C:\Windows\System\gTcdFSy.exe
  2⤵
  PID:9448
- C:\Windows\System\MDnZzaG.exe
  C:\Windows\System\MDnZzaG.exe
  2⤵
  PID:9476
- C:\Windows\System\UXBnxXl.exe
  C:\Windows\System\UXBnxXl.exe
  2⤵
  PID:9512
- C:\Windows\System\PbmXvZv.exe
  C:\Windows\System\PbmXvZv.exe
  2⤵
  PID:9540
- C:\Windows\System\YvkseIZ.exe
  C:\Windows\System\YvkseIZ.exe
  2⤵
  PID:9588
- C:\Windows\System\zrMsxsC.exe
  C:\Windows\System\zrMsxsC.exe
  2⤵
  PID:9624
- C:\Windows\System\fPXdedm.exe
  C:\Windows\System\fPXdedm.exe
  2⤵
  PID:9652
- C:\Windows\System\dAqUJdD.exe
  C:\Windows\System\dAqUJdD.exe
  2⤵
  PID:9680
- C:\Windows\System\KWDbpdT.exe
  C:\Windows\System\KWDbpdT.exe
  2⤵
  PID:9708
- C:\Windows\System\RIAQEWZ.exe
  C:\Windows\System\RIAQEWZ.exe
  2⤵
  PID:9740
- C:\Windows\System\VZDxDrN.exe
  C:\Windows\System\VZDxDrN.exe
  2⤵
  PID:9772
- C:\Windows\System\uggwgbR.exe
  C:\Windows\System\uggwgbR.exe
  2⤵
  PID:9800
- C:\Windows\System\aHigcyK.exe
  C:\Windows\System\aHigcyK.exe
  2⤵
  PID:9832
- C:\Windows\System\gONHLZZ.exe
  C:\Windows\System\gONHLZZ.exe
  2⤵
  PID:9860
- C:\Windows\System\qbgSkJA.exe
  C:\Windows\System\qbgSkJA.exe
  2⤵
  PID:9888
- C:\Windows\System\xtGIBhm.exe
  C:\Windows\System\xtGIBhm.exe
  2⤵
  PID:9916
- C:\Windows\System\hXhkNXm.exe
  C:\Windows\System\hXhkNXm.exe
  2⤵
  PID:9944
- C:\Windows\System\nyHYBWH.exe
  C:\Windows\System\nyHYBWH.exe
  2⤵
  PID:9972
- C:\Windows\System\RxqvElf.exe
  C:\Windows\System\RxqvElf.exe
  2⤵
  PID:10000
- C:\Windows\System\qigqZVA.exe
  C:\Windows\System\qigqZVA.exe
  2⤵
  PID:10032
- C:\Windows\System\ApXnzwG.exe
  C:\Windows\System\ApXnzwG.exe
  2⤵
  PID:10060
- C:\Windows\System\bZLcZlT.exe
  C:\Windows\System\bZLcZlT.exe
  2⤵
  PID:10100
- C:\Windows\System\nmEplwP.exe
  C:\Windows\System\nmEplwP.exe
  2⤵
  PID:10116
- C:\Windows\System\dpmDTFW.exe
  C:\Windows\System\dpmDTFW.exe
  2⤵
  PID:10144
- C:\Windows\System\XFLlRWM.exe
  C:\Windows\System\XFLlRWM.exe
  2⤵
  PID:10172
- C:\Windows\System\NpGMJjj.exe
  C:\Windows\System\NpGMJjj.exe
  2⤵
  PID:10188
- C:\Windows\System\vcwhWBv.exe
  C:\Windows\System\vcwhWBv.exe
  2⤵
  PID:10212
- C:\Windows\System\zBESSfz.exe
  C:\Windows\System\zBESSfz.exe
  2⤵
  PID:10232
- C:\Windows\System\gPQWfbh.exe
  C:\Windows\System\gPQWfbh.exe
  2⤵
  PID:9272
- C:\Windows\System\CLaUhJr.exe
  C:\Windows\System\CLaUhJr.exe
  2⤵
  PID:9324
- C:\Windows\System\TKGomFB.exe
  C:\Windows\System\TKGomFB.exe
  2⤵
  PID:9400
- C:\Windows\System\KODJZYy.exe
  C:\Windows\System\KODJZYy.exe
  2⤵
  PID:9468
- C:\Windows\System\pPNZVYf.exe
  C:\Windows\System\pPNZVYf.exe
  2⤵
  PID:9552
- C:\Windows\System\eDIGWXg.exe
  C:\Windows\System\eDIGWXg.exe
  2⤵
  PID:9668
- C:\Windows\System\bfpFpfd.exe
  C:\Windows\System\bfpFpfd.exe
  2⤵
  PID:9732
- C:\Windows\System\sibqDFw.exe
  C:\Windows\System\sibqDFw.exe
  2⤵
  PID:9812
- C:\Windows\System\hptIlIb.exe
  C:\Windows\System\hptIlIb.exe
  2⤵
  PID:9884
- C:\Windows\System\MqUreXh.exe
  C:\Windows\System\MqUreXh.exe
  2⤵
  PID:9940
- C:\Windows\System\sQrVVWO.exe
  C:\Windows\System\sQrVVWO.exe
  2⤵
  PID:10024
- C:\Windows\System\rjzopjV.exe
  C:\Windows\System\rjzopjV.exe
  2⤵
  PID:9560
- C:\Windows\System\cmFQmga.exe
  C:\Windows\System\cmFQmga.exe
  2⤵
  PID:9768
- C:\Windows\System\JComzYh.exe
  C:\Windows\System\JComzYh.exe
  2⤵
  PID:10136
- C:\Windows\System\xJzOhEl.exe
  C:\Windows\System\xJzOhEl.exe
  2⤵
  PID:9236
- C:\Windows\System\slJVuCe.exe
  C:\Windows\System\slJVuCe.exe
  2⤵
  PID:4320
- C:\Windows\System\wZVAhGI.exe
  C:\Windows\System\wZVAhGI.exe
  2⤵
  PID:9536
- C:\Windows\System\DdPBDGH.exe
  C:\Windows\System\DdPBDGH.exe
  2⤵
  PID:9692
- C:\Windows\System\NizNvbJ.exe
  C:\Windows\System\NizNvbJ.exe
  2⤵
  PID:9872
- C:\Windows\System\ispPtVU.exe
  C:\Windows\System\ispPtVU.exe
  2⤵
  PID:10096
- C:\Windows\System\CJImBJC.exe
  C:\Windows\System\CJImBJC.exe
  2⤵
  PID:9600
- C:\Windows\System\AgDaHkh.exe
  C:\Windows\System\AgDaHkh.exe
  2⤵
  PID:4684
- C:\Windows\System\wXbfXKW.exe
  C:\Windows\System\wXbfXKW.exe
  2⤵
  PID:9844
- C:\Windows\System\xitXDNi.exe
  C:\Windows\System\xitXDNi.exe
  2⤵
  PID:10160
- C:\Windows\System\eEYruQx.exe
  C:\Windows\System\eEYruQx.exe
  2⤵
  PID:10012
- C:\Windows\System\FIwtnaC.exe
  C:\Windows\System\FIwtnaC.exe
  2⤵
  PID:9828
- C:\Windows\System\wWkmUek.exe
  C:\Windows\System\wWkmUek.exe
  2⤵
  PID:10260
- C:\Windows\System\lQoRzld.exe
  C:\Windows\System\lQoRzld.exe
  2⤵
  PID:10288
- C:\Windows\System\nHAIMcH.exe
  C:\Windows\System\nHAIMcH.exe
  2⤵
  PID:10316
- C:\Windows\System\GbVgHjO.exe
  C:\Windows\System\GbVgHjO.exe
  2⤵
  PID:10344
- C:\Windows\System\ZBurwNP.exe
  C:\Windows\System\ZBurwNP.exe
  2⤵
  PID:10376
- C:\Windows\System\HBjbZYd.exe
  C:\Windows\System\HBjbZYd.exe
  2⤵
  PID:10404
- C:\Windows\System\qEaTcEg.exe
  C:\Windows\System\qEaTcEg.exe
  2⤵
  PID:10436
- C:\Windows\System\UXIkDJG.exe
  C:\Windows\System\UXIkDJG.exe
  2⤵
  PID:10464
- C:\Windows\System\QsXBjsu.exe
  C:\Windows\System\QsXBjsu.exe
  2⤵
  PID:10492
- C:\Windows\System\tNoHQiD.exe
  C:\Windows\System\tNoHQiD.exe
  2⤵
  PID:10520
- C:\Windows\System\tTRlMBh.exe
  C:\Windows\System\tTRlMBh.exe
  2⤵
  PID:10548
- C:\Windows\System\kYneAZH.exe
  C:\Windows\System\kYneAZH.exe
  2⤵
  PID:10576
- C:\Windows\System\fQZidBY.exe
  C:\Windows\System\fQZidBY.exe
  2⤵
  PID:10608
- C:\Windows\System\ouOtybK.exe
  C:\Windows\System\ouOtybK.exe
  2⤵
  PID:10636
- C:\Windows\System\joJjPua.exe
  C:\Windows\System\joJjPua.exe
  2⤵
  PID:10664
- C:\Windows\System\LOkGqEY.exe
  C:\Windows\System\LOkGqEY.exe
  2⤵
  PID:10692
- C:\Windows\System\SYXoVjx.exe
  C:\Windows\System\SYXoVjx.exe
  2⤵
  PID:10720
- C:\Windows\System\CGgjdQG.exe
  C:\Windows\System\CGgjdQG.exe
  2⤵
  PID:10748
- C:\Windows\System\NMwpRVk.exe
  C:\Windows\System\NMwpRVk.exe
  2⤵
  PID:10776
- C:\Windows\System\KFXvipG.exe
  C:\Windows\System\KFXvipG.exe
  2⤵
  PID:10804
- C:\Windows\System\GnQLJoq.exe
  C:\Windows\System\GnQLJoq.exe
  2⤵
  PID:10836
- C:\Windows\System\hcuZpgq.exe
  C:\Windows\System\hcuZpgq.exe
  2⤵
  PID:10864
- C:\Windows\System\KwtJxHb.exe
  C:\Windows\System\KwtJxHb.exe
  2⤵
  PID:10892
- C:\Windows\System\SrqTdBe.exe
  C:\Windows\System\SrqTdBe.exe
  2⤵
  PID:10920
- C:\Windows\System\ikPSIxi.exe
  C:\Windows\System\ikPSIxi.exe
  2⤵
  PID:10952
- C:\Windows\System\ntjxVwA.exe
  C:\Windows\System\ntjxVwA.exe
  2⤵
  PID:10980
- C:\Windows\System\ZJfPlRt.exe
  C:\Windows\System\ZJfPlRt.exe
  2⤵
  PID:11008
- C:\Windows\System\YNzodol.exe
  C:\Windows\System\YNzodol.exe
  2⤵
  PID:11036
- C:\Windows\System\bUbhFeh.exe
  C:\Windows\System\bUbhFeh.exe
  2⤵
  PID:11064
- C:\Windows\System\mKZaJJy.exe
  C:\Windows\System\mKZaJJy.exe
  2⤵
  PID:11092
- C:\Windows\System\rqusqkM.exe
  C:\Windows\System\rqusqkM.exe
  2⤵
  PID:11132
- C:\Windows\System\APxjAIy.exe
  C:\Windows\System\APxjAIy.exe
  2⤵
  PID:11148
- C:\Windows\System\ILiZRiy.exe
  C:\Windows\System\ILiZRiy.exe
  2⤵
  PID:11176
- C:\Windows\System\EUQdWCG.exe
  C:\Windows\System\EUQdWCG.exe
  2⤵
  PID:11212
- C:\Windows\System\skdEGPE.exe
  C:\Windows\System\skdEGPE.exe
  2⤵
  PID:11240
- C:\Windows\System\htlemca.exe
  C:\Windows\System\htlemca.exe
  2⤵
  PID:10244
- C:\Windows\System\FJkjiRN.exe
  C:\Windows\System\FJkjiRN.exe
  2⤵
  PID:10312
- C:\Windows\System\ogJUDhz.exe
  C:\Windows\System\ogJUDhz.exe
  2⤵
  PID:10428
- C:\Windows\System\SEgEesd.exe
  C:\Windows\System\SEgEesd.exe
  2⤵
  PID:10460
- C:\Windows\System\pEqdLqR.exe
  C:\Windows\System\pEqdLqR.exe
  2⤵
  PID:10532
- C:\Windows\System\PEvOTGE.exe
  C:\Windows\System\PEvOTGE.exe
  2⤵
  PID:10620
- C:\Windows\System\obZxvFU.exe
  C:\Windows\System\obZxvFU.exe
  2⤵
  PID:10676
- C:\Windows\System\ixryBuI.exe
  C:\Windows\System\ixryBuI.exe
  2⤵
  PID:10768
- C:\Windows\System\CWMTwNW.exe
  C:\Windows\System\CWMTwNW.exe
  2⤵
  PID:3616
- C:\Windows\System\iHVFOcB.exe
  C:\Windows\System\iHVFOcB.exe
  2⤵
  PID:10832
- C:\Windows\System\oxSfesn.exe
  C:\Windows\System\oxSfesn.exe
  2⤵
  PID:10904
- C:\Windows\System\uJApQHb.exe
  C:\Windows\System\uJApQHb.exe
  2⤵
  PID:10944
- C:\Windows\System\WpfdrMA.exe
  C:\Windows\System\WpfdrMA.exe
  2⤵
  PID:11060
- C:\Windows\System\iSwnoqi.exe
  C:\Windows\System\iSwnoqi.exe
  2⤵
  PID:9384
- C:\Windows\System\ErGbZFJ.exe
  C:\Windows\System\ErGbZFJ.exe
  2⤵
  PID:9316
- C:\Windows\System\tMhotkn.exe
  C:\Windows\System\tMhotkn.exe
  2⤵
  PID:11168
- C:\Windows\System\kHZmnXU.exe
  C:\Windows\System\kHZmnXU.exe
  2⤵
  PID:11252
- C:\Windows\System\BojvKSn.exe
  C:\Windows\System\BojvKSn.exe
  2⤵
  PID:10400
- C:\Windows\System\RjnPgTZ.exe
  C:\Windows\System\RjnPgTZ.exe
  2⤵
  PID:10456
- C:\Windows\System\YkkUPSy.exe
  C:\Windows\System\YkkUPSy.exe
  2⤵
  PID:10716
- C:\Windows\System\hUxNfhB.exe
  C:\Windows\System\hUxNfhB.exe
  2⤵
  PID:10860
- C:\Windows\System\GaMHdXr.exe
  C:\Windows\System\GaMHdXr.exe
  2⤵
  PID:10424
- C:\Windows\System\WsbKPWl.exe
  C:\Windows\System\WsbKPWl.exe
  2⤵
  PID:10204
- C:\Windows\System\vGfPOKL.exe
  C:\Windows\System\vGfPOKL.exe
  2⤵
  PID:10356
- C:\Windows\System\VMWGHcA.exe
  C:\Windows\System\VMWGHcA.exe
  2⤵
  PID:11204
- C:\Windows\System\idKKaJi.exe
  C:\Windows\System\idKKaJi.exe
  2⤵
  PID:10560
- C:\Windows\System\XaEOGWn.exe
  C:\Windows\System\XaEOGWn.exe
  2⤵
  PID:10816
- C:\Windows\System\egxGkcW.exe
  C:\Windows\System\egxGkcW.exe
  2⤵
  PID:10300
- C:\Windows\System\kqOeeaN.exe
  C:\Windows\System\kqOeeaN.exe
  2⤵
  PID:10388
- C:\Windows\System\dEWOsuw.exe
  C:\Windows\System\dEWOsuw.exe
  2⤵
  PID:10336
- C:\Windows\System\qxNjrhi.exe
  C:\Windows\System\qxNjrhi.exe
  2⤵
  PID:5724
- C:\Windows\System\muhqTms.exe
  C:\Windows\System\muhqTms.exe
  2⤵
  PID:5620
- C:\Windows\System\vHKtnao.exe
  C:\Windows\System\vHKtnao.exe
  2⤵
  PID:5836
- C:\Windows\System\deZMsDN.exe
  C:\Windows\System\deZMsDN.exe
  2⤵
  PID:11020
- C:\Windows\System\VbSKvlS.exe
  C:\Windows\System\VbSKvlS.exe
  2⤵
  PID:3152
- C:\Windows\System\ETuRgwl.exe
  C:\Windows\System\ETuRgwl.exe
  2⤵
  PID:11292
- C:\Windows\System\siChnpb.exe
  C:\Windows\System\siChnpb.exe
  2⤵
  PID:11324
- C:\Windows\System\qeCpKKA.exe
  C:\Windows\System\qeCpKKA.exe
  2⤵
  PID:11352
- C:\Windows\System\ptkgEQg.exe
  C:\Windows\System\ptkgEQg.exe
  2⤵
  PID:11380
- C:\Windows\System\TPrzVaI.exe
  C:\Windows\System\TPrzVaI.exe
  2⤵
  PID:11408
- C:\Windows\System\wkEDGuS.exe
  C:\Windows\System\wkEDGuS.exe
  2⤵
  PID:11424
- C:\Windows\System\jefmQFe.exe
  C:\Windows\System\jefmQFe.exe
  2⤵
  PID:11444
- C:\Windows\System\iCEcDgo.exe
  C:\Windows\System\iCEcDgo.exe
  2⤵
  PID:11472
- C:\Windows\System\RAuaFpl.exe
  C:\Windows\System\RAuaFpl.exe
  2⤵
  PID:11492
- C:\Windows\System\ouDKCaX.exe
  C:\Windows\System\ouDKCaX.exe
  2⤵
  PID:11512
- C:\Windows\System\cPUzFlm.exe
  C:\Windows\System\cPUzFlm.exe
  2⤵
  PID:11536
- C:\Windows\System\feDSiwG.exe
  C:\Windows\System\feDSiwG.exe
  2⤵
  PID:11556
- C:\Windows\System\sboETHK.exe
  C:\Windows\System\sboETHK.exe
  2⤵
  PID:11576
- C:\Windows\System\HeWdYMs.exe
  C:\Windows\System\HeWdYMs.exe
  2⤵
  PID:11612
- C:\Windows\System\AuYLpDf.exe
  C:\Windows\System\AuYLpDf.exe
  2⤵
  PID:11632
- C:\Windows\System\OYuwITn.exe
  C:\Windows\System\OYuwITn.exe
  2⤵
  PID:11660
- C:\Windows\System\xIQxkBN.exe
  C:\Windows\System\xIQxkBN.exe
  2⤵
  PID:11692
- C:\Windows\System\JplkzcK.exe
  C:\Windows\System\JplkzcK.exe
  2⤵
  PID:11716
- C:\Windows\System\BAuSkir.exe
  C:\Windows\System\BAuSkir.exe
  2⤵
  PID:11764
- C:\Windows\System\dwrfZdT.exe
  C:\Windows\System\dwrfZdT.exe
  2⤵
  PID:11784
- C:\Windows\System\abrlQFo.exe
  C:\Windows\System\abrlQFo.exe
  2⤵
  PID:11828
- C:\Windows\System\QquHqLW.exe
  C:\Windows\System\QquHqLW.exe
  2⤵
  PID:11880
- C:\Windows\System\OsbEKNk.exe
  C:\Windows\System\OsbEKNk.exe
  2⤵
  PID:11912
- C:\Windows\System\SOAoXrX.exe
  C:\Windows\System\SOAoXrX.exe
  2⤵
  PID:11980
- C:\Windows\System\Mqxxugr.exe
  C:\Windows\System\Mqxxugr.exe
  2⤵
  PID:11996
- C:\Windows\System\tdebDti.exe
  C:\Windows\System\tdebDti.exe
  2⤵
  PID:12024
- C:\Windows\System\puMgaUe.exe
  C:\Windows\System\puMgaUe.exe
  2⤵
  PID:12048
- C:\Windows\System\VrVyyZk.exe
  C:\Windows\System\VrVyyZk.exe
  2⤵
  PID:12080
- C:\Windows\System\WUJmRfR.exe
  C:\Windows\System\WUJmRfR.exe
  2⤵
  PID:12108
- C:\Windows\System\TMwARTz.exe
  C:\Windows\System\TMwARTz.exe
  2⤵
  PID:12136
- C:\Windows\System\DLWvxVj.exe
  C:\Windows\System\DLWvxVj.exe
  2⤵
  PID:12164
- C:\Windows\System\KVJhaxS.exe
  C:\Windows\System\KVJhaxS.exe
  2⤵
  PID:12192
- C:\Windows\System\oIENWef.exe
  C:\Windows\System\oIENWef.exe
  2⤵
  PID:12220
- C:\Windows\System\lipIQtM.exe
  C:\Windows\System\lipIQtM.exe
  2⤵
  PID:12252
- C:\Windows\System\lhlbBIV.exe
  C:\Windows\System\lhlbBIV.exe
  2⤵
  PID:12280
- C:\Windows\System\dKIYCiU.exe
  C:\Windows\System\dKIYCiU.exe
  2⤵
  PID:11304
- C:\Windows\System\wgWBEzh.exe
  C:\Windows\System\wgWBEzh.exe
  2⤵
  PID:11364
- C:\Windows\System\JTFYioO.exe
  C:\Windows\System\JTFYioO.exe
  2⤵
  PID:11468
- C:\Windows\System\OPcOrcK.exe
  C:\Windows\System\OPcOrcK.exe
  2⤵
  PID:11564
- C:\Windows\System\xAwpfqh.exe
  C:\Windows\System\xAwpfqh.exe
  2⤵
  PID:11624
- C:\Windows\System\NUDyJuh.exe
  C:\Windows\System\NUDyJuh.exe
  2⤵
  PID:11592
- C:\Windows\System\SsEsDji.exe
  C:\Windows\System\SsEsDji.exe
  2⤵
  PID:11776
- C:\Windows\System\ETlSFGJ.exe
  C:\Windows\System\ETlSFGJ.exe
  2⤵
  PID:11700
- C:\Windows\System\cBIpafO.exe
  C:\Windows\System\cBIpafO.exe
  2⤵
  PID:11812
- C:\Windows\System\rLgiXkw.exe
  C:\Windows\System\rLgiXkw.exe
  2⤵
  PID:11864
- C:\Windows\System\ybaOMTS.exe
  C:\Windows\System\ybaOMTS.exe
  2⤵
  PID:11976
- C:\Windows\System\KvGymbg.exe
  C:\Windows\System\KvGymbg.exe
  2⤵
  PID:12040
- C:\Windows\System\yqwXpuY.exe
  C:\Windows\System\yqwXpuY.exe
  2⤵
  PID:12100
- C:\Windows\System\bxPIvCh.exe
  C:\Windows\System\bxPIvCh.exe
  2⤵
  PID:12176
- C:\Windows\System\IgRbeXg.exe
  C:\Windows\System\IgRbeXg.exe
  2⤵
  PID:11456
- C:\Windows\System\Liepgwb.exe
  C:\Windows\System\Liepgwb.exe
  2⤵
  PID:11284
- C:\Windows\System\IyWGvGL.exe
  C:\Windows\System\IyWGvGL.exe
  2⤵
  PID:11348
- C:\Windows\System\QGkFrRE.exe
  C:\Windows\System\QGkFrRE.exe
  2⤵
  PID:11520
- C:\Windows\System\NTyFppu.exe
  C:\Windows\System\NTyFppu.exe
  2⤵
  PID:11640
- C:\Windows\System\OHyrFUK.exe
  C:\Windows\System\OHyrFUK.exe
  2⤵
  PID:11752
- C:\Windows\System\DLOvQVt.exe
  C:\Windows\System\DLOvQVt.exe
  2⤵
  PID:11968
- C:\Windows\System\CAyRjwA.exe
  C:\Windows\System\CAyRjwA.exe
  2⤵
  PID:12072
- C:\Windows\System\IhVecVI.exe
  C:\Windows\System\IhVecVI.exe
  2⤵
  PID:5712
- C:\Windows\System\plUNuHa.exe
  C:\Windows\System\plUNuHa.exe
  2⤵
  PID:11544
- C:\Windows\System\PtjkzxR.exe
  C:\Windows\System\PtjkzxR.exe
  2⤵
  PID:11904
- C:\Windows\System\neoPOvM.exe
  C:\Windows\System\neoPOvM.exe
  2⤵
  PID:12212
- C:\Windows\System\biLsEMZ.exe
  C:\Windows\System\biLsEMZ.exe
  2⤵
  PID:11452
- C:\Windows\System\XgyrvXz.exe
  C:\Windows\System\XgyrvXz.exe
  2⤵
  PID:12132
- C:\Windows\System\XSCLANH.exe
  C:\Windows\System\XSCLANH.exe
  2⤵
  PID:12308
- C:\Windows\System\CUaCYYQ.exe
  C:\Windows\System\CUaCYYQ.exe
  2⤵
  PID:12336
- C:\Windows\System\QfpkxHo.exe
  C:\Windows\System\QfpkxHo.exe
  2⤵
  PID:12364
- C:\Windows\System\yualwlY.exe
  C:\Windows\System\yualwlY.exe
  2⤵
  PID:12392
- C:\Windows\System\DnEhSpj.exe
  C:\Windows\System\DnEhSpj.exe
  2⤵
  PID:12420
- C:\Windows\System\qAgfxCH.exe
  C:\Windows\System\qAgfxCH.exe
  2⤵
  PID:12448
- C:\Windows\System\qDUnVPT.exe
  C:\Windows\System\qDUnVPT.exe
  2⤵
  PID:12476
- C:\Windows\System\kpTEWUB.exe
  C:\Windows\System\kpTEWUB.exe
  2⤵
  PID:12504
- C:\Windows\System\OytRdzj.exe
  C:\Windows\System\OytRdzj.exe
  2⤵
  PID:12532
- C:\Windows\System\WarRYRy.exe
  C:\Windows\System\WarRYRy.exe
  2⤵
  PID:12560
- C:\Windows\System\XGvUdvt.exe
  C:\Windows\System\XGvUdvt.exe
  2⤵
  PID:12588
- C:\Windows\System\VqRBFvq.exe
  C:\Windows\System\VqRBFvq.exe
  2⤵
  PID:12616
- C:\Windows\System\HtOwsFp.exe
  C:\Windows\System\HtOwsFp.exe
  2⤵
  PID:12644
- C:\Windows\System\tmJwRXf.exe
  C:\Windows\System\tmJwRXf.exe
  2⤵
  PID:12672
- C:\Windows\System\HhFjnsB.exe
  C:\Windows\System\HhFjnsB.exe
  2⤵
  PID:12696
- C:\Windows\System\TxFMlBQ.exe
  C:\Windows\System\TxFMlBQ.exe
  2⤵
  PID:12728
- C:\Windows\System\wVgpHqE.exe
  C:\Windows\System\wVgpHqE.exe
  2⤵
  PID:12756
- C:\Windows\System\ELwJoHi.exe
  C:\Windows\System\ELwJoHi.exe
  2⤵
  PID:12784
- C:\Windows\System\BjjnPlX.exe
  C:\Windows\System\BjjnPlX.exe
  2⤵
  PID:12812
- C:\Windows\System\TDmllvW.exe
  C:\Windows\System\TDmllvW.exe
  2⤵
  PID:12840
- C:\Windows\System\xFoHLWF.exe
  C:\Windows\System\xFoHLWF.exe
  2⤵
  PID:12860
- C:\Windows\System\ULlMnkz.exe
  C:\Windows\System\ULlMnkz.exe
  2⤵
  PID:12896
- C:\Windows\System\UbmvJOt.exe
  C:\Windows\System\UbmvJOt.exe
  2⤵
  PID:12924
- C:\Windows\System\yFkdWaG.exe
  C:\Windows\System\yFkdWaG.exe
  2⤵
  PID:12964
- C:\Windows\System\AgJUlUh.exe
  C:\Windows\System\AgJUlUh.exe
  2⤵
  PID:12980
- C:\Windows\System\ZdcOQAN.exe
  C:\Windows\System\ZdcOQAN.exe
  2⤵
  PID:13016
- C:\Windows\System\HZxChKx.exe
  C:\Windows\System\HZxChKx.exe
  2⤵
  PID:13044
- C:\Windows\System\FomEgHV.exe
  C:\Windows\System\FomEgHV.exe
  2⤵
  PID:13072
- C:\Windows\System\agfHDbs.exe
  C:\Windows\System\agfHDbs.exe
  2⤵
  PID:13100
- C:\Windows\System\hMzVLRl.exe
  C:\Windows\System\hMzVLRl.exe
  2⤵
  PID:13128
- C:\Windows\System\hSLOVOG.exe
  C:\Windows\System\hSLOVOG.exe
  2⤵
  PID:13156
- C:\Windows\System\nmqFwmq.exe
  C:\Windows\System\nmqFwmq.exe
  2⤵
  PID:13188
- C:\Windows\System\RqeLVUN.exe
  C:\Windows\System\RqeLVUN.exe
  2⤵
  PID:13216
- C:\Windows\System\RqkWjME.exe
  C:\Windows\System\RqkWjME.exe
  2⤵
  PID:13240
- C:\Windows\System\isuoErO.exe
  C:\Windows\System\isuoErO.exe
  2⤵
  PID:13284
- C:\Windows\System\AwONRbp.exe
  C:\Windows\System\AwONRbp.exe
  2⤵
  PID:12296
- C:\Windows\System\dAqzKNS.exe
  C:\Windows\System\dAqzKNS.exe
  2⤵
  PID:12324
- C:\Windows\System\vvoiKOu.exe
  C:\Windows\System\vvoiKOu.exe
  2⤵
  PID:12412
- C:\Windows\System\vHywOHR.exe
  C:\Windows\System\vHywOHR.exe
  2⤵
  PID:12460
- C:\Windows\System\kwZcHaG.exe
  C:\Windows\System\kwZcHaG.exe
  2⤵
  PID:12488
- C:\Windows\System\XdPRUbs.exe
  C:\Windows\System\XdPRUbs.exe
  2⤵
  PID:12516
- C:\Windows\System\IuGDDil.exe
  C:\Windows\System\IuGDDil.exe
  2⤵
  PID:3188
- C:\Windows\System\PxzcVFk.exe
  C:\Windows\System\PxzcVFk.exe
  2⤵
  PID:12572
- C:\Windows\System\ZHKoeYt.exe
  C:\Windows\System\ZHKoeYt.exe
  2⤵
  PID:12636
- C:\Windows\System\DZbXBuG.exe
  C:\Windows\System\DZbXBuG.exe
  2⤵
  PID:12708
- C:\Windows\System\OXJCoaG.exe
  C:\Windows\System\OXJCoaG.exe
  2⤵
  PID:12848
- C:\Windows\System\wpDayDy.exe
  C:\Windows\System\wpDayDy.exe
  2⤵
  PID:12888
- C:\Windows\System\EKeSOKp.exe
  C:\Windows\System\EKeSOKp.exe
  2⤵
  PID:12960
- C:\Windows\System\slXFqzr.exe
  C:\Windows\System\slXFqzr.exe
  2⤵
  PID:13040
- C:\Windows\System\YVqUzeb.exe
  C:\Windows\System\YVqUzeb.exe
  2⤵
  PID:13096
- C:\Windows\System\RtXaILv.exe
  C:\Windows\System\RtXaILv.exe
  2⤵
  PID:13176
- C:\Windows\System\nsPOAKN.exe
  C:\Windows\System\nsPOAKN.exe
  2⤵
  PID:13236
- C:\Windows\System\yWwYfDs.exe
  C:\Windows\System\yWwYfDs.exe
  2⤵
  PID:100
- C:\Windows\System\LIXxvzt.exe
  C:\Windows\System\LIXxvzt.exe
  2⤵
  PID:4256
- C:\Windows\System\UhaYkrG.exe
  C:\Windows\System\UhaYkrG.exe
  2⤵
  PID:11312
- C:\Windows\System\veNhWVz.exe
  C:\Windows\System\veNhWVz.exe
  2⤵
  PID:6116
- C:\Windows\System\TsaByTe.exe
  C:\Windows\System\TsaByTe.exe
  2⤵
  PID:2780
- C:\Windows\System\MGLPTlB.exe
  C:\Windows\System\MGLPTlB.exe
  2⤵
  PID:12376
- C:\Windows\System\ZhHPmvo.exe
  C:\Windows\System\ZhHPmvo.exe
  2⤵
  PID:1348
- C:\Windows\System\FwWcJgy.exe
  C:\Windows\System\FwWcJgy.exe
  2⤵
  PID:12664
- C:\Windows\System\wjhJZru.exe
  C:\Windows\System\wjhJZru.exe
  2⤵
  PID:12712
- C:\Windows\System\wfdAMXw.exe
  C:\Windows\System\wfdAMXw.exe
  2⤵
  PID:12868
- C:\Windows\System\ubcoKUL.exe
  C:\Windows\System\ubcoKUL.exe
  2⤵
  PID:13012
- C:\Windows\System\BDtPxWm.exe
  C:\Windows\System\BDtPxWm.exe
  2⤵
  PID:13140
- C:\Windows\System\ndVWgno.exe
  C:\Windows\System\ndVWgno.exe
  2⤵
  PID:3092
- C:\Windows\System\nUjWuUF.exe
  C:\Windows\System\nUjWuUF.exe
  2⤵
  PID:544
- C:\Windows\System\eLbFHdQ.exe
  C:\Windows\System\eLbFHdQ.exe
  2⤵
  PID:13308
- C:\Windows\System\lQNEstD.exe
  C:\Windows\System\lQNEstD.exe
  2⤵
  PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mineq50v.rqy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AZxfzOy.exe

Filesize
3.3MB

MD5
0d587198fdfc8c5e40219a1938eab11c

SHA1
73fd2870d5d35ef9f26c6efdec23b7a99cb65596

SHA256
06659cb27054600ebf451cbf80629b7ee6a209d7fd5a825f7a3276304c08f70d

SHA512
d297b7559cffae9d4fd1b3107863721ba6c9fd154ba7f64e09b23bc31468bc2cdea47f2750ebe3e97f13ec9ef1c34e9bd058b5c89303ac5db704c5dfe66cb958

Download Submit
C:\Windows\System\FZToAGi.exe

Filesize
3.3MB

MD5
2a03a64b0bdcc3174bce8587733b2c8d

SHA1
0db6bc988371b8d99c575710b48e8427862e9cd2

SHA256
64587e0931328511e38edb48b963614a0e00b44ebf23254c06d09ad1daf1b1fa

SHA512
7880aa21dcb393d3a5c5b03f760b800da6631a07b311c47c3efeb6f97a96f2315941c6db6f723aca7fc28fb1fc5c687609ac16aeb241867495f5e9b780a1db76

Download Submit
C:\Windows\System\JLYEehq.exe

Filesize
3.3MB

MD5
38c88198fe7b4bb650715f589f338cbf

SHA1
ccc85612fa15d7dd0d1d2361f7ae3e5e9760c56d

SHA256
8e53923da21eec0b9126232799de04413369ccb97be41c323b3d6f5511da7ffe

SHA512
83e697b9815cc2afb1a62a36d012d7b83c754fdc6693024cb349c8a07d53be223cd0866d3b73a97919e2e8ed8cf13164bf28929c28497c82002d569f7ef5dbca

Download Submit
C:\Windows\System\JdhVBsj.exe

Filesize
8B

MD5
15346819ff8fa41ba09b4b158ccc6a1f

SHA1
7545b29aff65a4f11c2f9028d7c2758bb9479288

SHA256
973c6e88d92b0feae06eb69fe3c461c08eeef50f51341c498e36cf3c55d4779a

SHA512
7fe97753d995f1b737c3fe1205c6754004aab9c91cd7e5a54c9aeb16042211e24aa40b3ad43e380a1346989fb2ade820094998b45b5606b9a85f87edfed0e438

Download Submit
C:\Windows\System\NGMkaDV.exe

Filesize
3.3MB

MD5
e19830293cb293ed1bc04079d5b0cfb1

SHA1
08b082271577a7b4b65269eebe81ce1b2dca093a

SHA256
896662b76bfbdc5c861ce503f6baa5141f44e9c105cd40122efb420ec1739248

SHA512
354975a27149c1850c4aabab134f776af8aca227081142f8a27ba9aaf6d742b72603e78dc02c891fab6a4bdfbb5c80ae02d15660310f530eb84db4e7f9ac2945

Download Submit
C:\Windows\System\ODhMzxv.exe

Filesize
3.3MB

MD5
e31c42ddfdf40f76d05406488e026600

SHA1
ae4d4d7ddc43eb8471c2819ac0d36796937970d6

SHA256
a68a31d83e6ff1b5d3d91ca524252ab347c666c02a5a58c6f20e14e63c28565e

SHA512
190444386bec0a72c9e6cdefb8352f1e4bcc176eb92ea6bef3414bd5542cb624284306fa5d012c78358d0b4fee1f3f83d594d56f7d3a6ac74b382539b5698d66

Download Submit
C:\Windows\System\OEsOvpH.exe

Filesize
3.3MB

MD5
61006739e754b951369c88fcc1f28c59

SHA1
8dad6287ff6aa395418b1554fd36d55f74b85e63

SHA256
0e929482bc1573cb6ec22038dc90544e76d847a22ff9c079777da8320b772633

SHA512
bd0d5891a92dc5c9ff9668a00058476d740851b15da8736fa14d8a01dcbb1bd183a7c98a89d426f7c213d397cd40b2ac2d8864f87b5443d55c2332a069679b3a

Download Submit
C:\Windows\System\PLuMsRa.exe

Filesize
3.3MB

MD5
008674f421730bfc570e9980f4a08fda

SHA1
3742bb0e7d4924a69962a57c6acb3265163c910b

SHA256
ea884cc7d7df782e6f8bda876ced08899de0e51f66f79e438a55a7e47440de87

SHA512
b5b928f93be72d7ab67ce6c3e9a3f72e6c08a8a037e81d36107bf3800737831610c9aba6361998e75e69d9fbd3bd64f509b433ee50ad04ae9c68b61e622c3111

Download Submit
C:\Windows\System\PbZVshh.exe

Filesize
3.3MB

MD5
2859f7a88c87c399b2dd2269aa8516b1

SHA1
c56d24ff0f90d67c588dee4e7f65d73b355ab6b4

SHA256
54e77b3ee6c22e6cd807e60ac160f942a5ba9cea020b965ef12b63175dfe4509

SHA512
e66e031149dc9264c7414970cc889bdc449612cbb99fe48c35ff63a90d5b8d6ceb6a9faaf8931db2900e9daf38c7fa39846f5124a1dd4392249e36e1e9c3cdbb

Download Submit
C:\Windows\System\PpkhMXr.exe

Filesize
3.3MB

MD5
373b1327b4efeb2a027383ce738325af

SHA1
e493de24b694ad5f32ea9efe60a58d9c086018fe

SHA256
e836debb2dec6efe21523ed42bef8c7ee74adacdbcd07b09910ba9d6c6256088

SHA512
291fc14407713c3d887c7bc90e5ff8eb93d2cc22aa36d485a84954fc451c15260ac9ffebd09fb6d10748752dca823edca3aeb0e2f6a02f7e00223627bea25c02

Download Submit
C:\Windows\System\QRDfWzj.exe

Filesize
3.3MB

MD5
ac0a4dc5e473bc986fe45f3c6e96b035

SHA1
a52c391377addebcb96727d8c9d3188b3145c1cb

SHA256
83ab3e575c7ada5c34cda852fa47326b9c4a9b0726356b2a576febf2020c14e7

SHA512
faab55154f8b197767b37dd7149c4f5b2933c67d42e3de88967fbdd8fcc4b3287ed6771e233ab227dbe649333b1d877bebe249b71e844725a497e6f7320571f1

Download Submit
C:\Windows\System\QffdZYJ.exe

Filesize
3.3MB

MD5
a93199b522a88f33f4c592687c581f68

SHA1
0b848fca5c4d400690bf3694559570a33d808ed4

SHA256
c2ccfbb9ceed8f29e71c28f891aeb07447bc7a19099ffc7f8244e912326db984

SHA512
2eab4197379245e30ba8e48de34d4e03f24eb1b8a606b67233a918b74e8acdbe0a42b823eb9870706a817edadd5a5ede136a0b59bb19f05d039192450af6b97d

Download Submit
C:\Windows\System\RDqlfme.exe

Filesize
3.3MB

MD5
c57297ecfdc44c7f30d7722ec3f95996

SHA1
55d102cbab292f7bde9d39d4483a9cadfc8e5a77

SHA256
e5cdaa267e202727e69b6d36c598842e711c36cfa67fc87829fd1adc03cc69a3

SHA512
d58afb981ea1d4e1412166e2abe58ba9ff301b9badcdbc21ddb5d7691334470d696b4e303c1fa727078ac8cdb48cdc1caf79e3691b59dfb1e4984a8587472aa9

Download Submit
C:\Windows\System\VruLioX.exe

Filesize
3.3MB

MD5
c72d251549e1074e857b5f4010415e78

SHA1
c98f0fda31a46b447b3c6f902df4d2a225ba4e1b

SHA256
56e06d451e8979e0fd48d704559a942abceaeba62dff5d8e16c439bbcbf79595

SHA512
4028fa2d7ceefe15deff41f2ae0bb246c63302ceb538979c9fce4de04acfae8c7cf21705721f5cfa3a83ffbd9b6871997f6c8d54ed3111f3fc0034d2aee14d49

Download Submit
C:\Windows\System\YYqGQJV.exe

Filesize
3.3MB

MD5
7defa41df3ad800d6f393e1171fa3a4b

SHA1
a2b12b7f39d980103fd1f154c8f4fdacdccb8941

SHA256
880e6cb70d778a58d61763a6d0a49a2ed4fe8d6d39f1caa0ccf929402cc26de3

SHA512
c3999fc318ffff33e9dfff6e548c3db42b9d538f4a5eb02da0b1fda5917eac28a5033aa7b9dcc3e93d5a6b8e8f2b3c4892a04c381efe3caa2662c7b853ff3fc3

Download Submit
C:\Windows\System\YdoJKnZ.exe

Filesize
3.3MB

MD5
0b4bc9659515e22d8518956a55529375

SHA1
81145c8cf26ed34f5ed968c653f122a3b5b66010

SHA256
b6cbea278cac7ae9851ad0c7291bdad4c583d431bf1ea089b6c0cfd99e518402

SHA512
e3c9a809485ebfb8c3b5314b34eeaef70009a0fba2f792757416d62a5276a95bece82368e642167c1e0ad490536763e947e806e5d9f0994cca1a7be5599822cf

Download Submit
C:\Windows\System\ZMUFGmT.exe

Filesize
3.3MB

MD5
2c2aa7d036fc1b407955d8d458194c04

SHA1
a0ba4865df0491b0d222cc0420e392059d048119

SHA256
c486481ccfc52165de47af60b493346e3a5e7600b2e1b53f9dbdb29130af821d

SHA512
786853da2a6131c274c54ee9e8fb146ad75f2a17cf5e99842e83b90a275d6995f5da59d9d250387f5ddd79937598820b8c767e320877417a67882dda787d1074

Download Submit
C:\Windows\System\byxyFtJ.exe

Filesize
3.3MB

MD5
a5263852523b18c67cdecc344f7ff5c0

SHA1
fba0a7727e3d9c702f484f04b44361171e17dda1

SHA256
dc256b854f79d205d75f3af14c88e33669d78b5c934928981726be6968157a0c

SHA512
164ed62e2c98ac798a6c5d0d8c0326fed58a1c65eb9e7829818b51122f8912848683be59c3dcb178a4e7fcd942c9bc34e09872d019aa2b10d309edb0b15321c1

Download Submit
C:\Windows\System\cOsxhmO.exe

Filesize
3.3MB

MD5
2b7f336b77a332926f10d6a930a6c457

SHA1
e8eb4940474ec53d4e3e4324e80dbcb9300c3a19

SHA256
31e3b667e8c7ae3dadfd9a0dcd30b848c4157d55632a4291c4032b73f2153687

SHA512
a78a8ac204334f33ae12dd45ce13d840be0823a226184bd677387d839dac2ee277556ffb5fe83fee079c71e9ff320a7a323a17f08047436a02618879b4ad03cc

Download Submit
C:\Windows\System\fdrQWlE.exe

Filesize
3.3MB

MD5
6a25e952b0945a1525c4f2ebc095b107

SHA1
ae6bd009b288cd1667bd5a18f1d7fae72cb782e0

SHA256
9baf5d0add7cdd6cce3e0cb7fad15976c491f330acacb35e3e66a87f3cd1e722

SHA512
8b6db6ab494e82e0c28f6959acb13832ae6fdd56933408e2cef5fd03477edd107ebe063dfd6880e21eaae2f647c56d2c4c913dd0e6c5c72d4c293ea8213c8e4c

Download Submit
C:\Windows\System\gesdefS.exe

Filesize
3.3MB

MD5
a258b1c62e79cd29c45194648faaa1a0

SHA1
d74f7b0efe6df0ded69f098fe4b90dd8936ca4ea

SHA256
318cbbf37cd09253c613737190f84e86302725e3544891c3c5452edec1a31ec7

SHA512
358d71adbfd66227d7485d1eee614956769352ee6166ba1e103195ce7fd9c2d990b58a06962d602a8e6087f97a2f654b3aab32b1f0a4aa1b905845ff83e83f31

Download Submit
C:\Windows\System\hSGrNnQ.exe

Filesize
3.3MB

MD5
dfae5c4d1f01fc7c9f495bd6efa7b0b3

SHA1
e577f2266de5542a0d3a98a2c176a00b10d64887

SHA256
55d676017384892b6574fa178ef8fd51d354900046088e933fb28854694dbcf2

SHA512
f27b7f8f813e3c9f554ca5dfd44b41041ebf02657c261f2a50c76688b1382e5082e1fbf12fd53b0e82543685931636a06c068d10e44f4ba46431590663fb0c32

Download Submit
C:\Windows\System\kvuTlMc.exe

Filesize
3.3MB

MD5
b97579bed4d28c9e4906b1b81d22e010

SHA1
3a1b4ac6c001719663b52ff0926d8e4fbf96dfc7

SHA256
2a6a0a7971a4d8a8847eb56ec90ad668ef332ae6fc9a5745f5cc9e3bf48ff3b1

SHA512
f17f42731184339d07cecf37e43081df7fcbba9486d73e48d67368170d609e5fce2d1815de824bc9c77cb018b4f1a8ff9455712cfbf491f4abe1ec1a758d46c1

Download Submit
C:\Windows\System\lAbyIfI.exe

Filesize
3.3MB

MD5
dee69f107432fe99329ae032fa44ac46

SHA1
fd64bfb69a8626cf79631434e92ef4662f496746

SHA256
717acdd8edc473a270f23b9ba00327e922747e1c49b46c3a0c63e805be3bb0cd

SHA512
e8bc1f9ea608621c1eb372db4c72c03555f815e3280df48d1b852b51f4d2eecfae4d6ab94f08b23dfc0201dee55da2bd3d20d1f31c23d91d593372cb2a720a9f

Download Submit
C:\Windows\System\oKBOYch.exe

Filesize
3.3MB

MD5
b911b272ccec80af253309d3a3c311d6

SHA1
d2a15fdf3a2850a2bcf960918b517ebad0c01105

SHA256
4f2a0a52ac51e8e072bf4c3d38212d6528f3f0fbd9d2a4d8d4a5730fe65f8641

SHA512
df281861fd2f29e2a0a041437703e3931115b9f7ad74f41ed74facb3c46081a2377a9d642f7c613f22aa5d7861bd25b7f6bee2dcf46ffd2d0ea8c6fec498d6b7

Download Submit
C:\Windows\System\oQBMuui.exe

Filesize
3.3MB

MD5
38ec513fdb1b9b42ffa226549c819ad4

SHA1
fa2199b8b457d88af4be837d36de72f2b8fe06a2

SHA256
6e17b4438b63f24170e0fa103524f9ce13b91ebc66753ae26ed96ef322d5ff49

SHA512
645ad7f729ce0013fe36619c2c1ac29dde7e515a5884ec089b23da94e125d6a75da89a0e9136e2a208ff7b8d49d36f04b0fae0d26cb0537328dd883295630f51

Download Submit
C:\Windows\System\oxoyvZN.exe

Filesize
3.3MB

MD5
308fe446fa347904885efc00977b8e71

SHA1
1bd67219bbdef7633fa0557f17f1700b11b4b766

SHA256
177dd2deb377275a02309cb2ddec2358eea40ba5f40dadb93c55302fc47ad1dd

SHA512
6c0458b67c2898f274de6f32a9ff02303f8635e969d48b0fac294d6a50c266f3f6892f1db004f8c4f092dbc0149867188a2ac2f38b946928bf59d35532e3644d

Download Submit
C:\Windows\System\pOEgZGL.exe

Filesize
3.3MB

MD5
f061c1dcb914ae5b293756c8a3045a41

SHA1
874524e15f0a0d01028915b8c5bc957d5dc8ebfe

SHA256
7e5b5d3279500f497d1a6ac387e580712fc0c21164a41a5f68a5f1d7a22285ed

SHA512
f74749fa1b3d5ae10462c5087518784fbb13a87a99fff40f72554b483763f5f27cbff52cb2c7b20a627787cbb26d4329647b729357324f6146e1ceabcd1e3911

Download Submit
C:\Windows\System\rXIBULN.exe

Filesize
3.3MB

MD5
7b661b3f28c0c42554adda20106aeabb

SHA1
b9fba94b3b82ca20c83a67d65c823d3be452635e

SHA256
70c8bc91f503f0b1d4246799320397324e73c9f6ebeaa205d4725ffadde416c2

SHA512
ee831e26eaadeef2302533ac02f21026e5457e9fcd37c15a5b4ef7b4ce6fba1fc75ea3f8e58977b5a00eca52dd32b4ff0d83b3858d8842ef755e053f23a06d3a

Download Submit
C:\Windows\System\rvKQcTF.exe

Filesize
3.3MB

MD5
5a69a825f50925658a8832aed7f25806

SHA1
bc1b0bf62449c7dbd0f22c2e27eb48fe564f346d

SHA256
50a788a03806959eac5b536566afe4c6e3719234645fbbe3b5346f817ee20b54

SHA512
a35d1faf10f8b442592c00716223d03b1085b56052285b4f4d87b57d3c3314f225c162d10e49f8a017a07c3c756529ddba3c40d24dba0abaf34a7ecdbad9d57e

Download Submit
C:\Windows\System\slvYbJI.exe

Filesize
3.3MB

MD5
aee2c0a9e9a977fe234809c7a3af2260

SHA1
22b9a8d63fae8bb8cfa99f308888fa1b702ba2ff

SHA256
4330dad4c6f072ff24f3f705db65a36470b0b68be1cb6fa1903df8a3c5ddbe08

SHA512
aae88e29e4d3395adc009a2ac2595b7a5197d2f082a528cb9faff29d3ff4144ac3a1a7fdf87dd7c663fde09a8b12eb604ebb10af464e26f1e7c2012f432b5689

Download Submit
C:\Windows\System\tdSVyma.exe

Filesize
3.3MB

MD5
560b96ce858b512efda90611157969fb

SHA1
60ce25999f2618a12e8b22b0f4de81ba88a2a9df

SHA256
9fa751ad14a784c4f684c5823ab8e2b055ded016cc54e853889d519472e1a6bb

SHA512
8d67ca42f3af41135ae366c75671a82da859f131be9b098f9e95b495532664bdd402eac31416b7a559538ba24d62cbfd5aee3527b288d1b10fe9e34df6cd2d9f

Download Submit
C:\Windows\System\yEjjqXK.exe

Filesize
3.3MB

MD5
9c4cb343ab1726273af0eb1e3fb6ec62

SHA1
2748ee52182253cdb9eed95390a088283bed344f

SHA256
dfe3a78aec313c50f2cde9de78ca640883329ee05c92646149273cd64c26c984

SHA512
3cdca9e549f18c2132a80860853933f241bb4aaedbbb40837404b5549989f46150c51daba76eaaf5d55839e94c89ecba32fec5d532597b3efb6d8dba412fc32c

Download Submit
memory/60-143-0x00007FF77CCE0000-0x00007FF77D0D6000-memory.dmp

Filesize
4.0MB

Download
memory/60-2168-0x00007FF77CCE0000-0x00007FF77D0D6000-memory.dmp

Filesize
4.0MB

Download
memory/452-2162-0x00007FF7D8560000-0x00007FF7D8956000-memory.dmp

Filesize
4.0MB

Download
memory/452-42-0x00007FF7D8560000-0x00007FF7D8956000-memory.dmp

Filesize
4.0MB

Download
memory/452-1690-0x00007FF7D8560000-0x00007FF7D8956000-memory.dmp

Filesize
4.0MB

Download
memory/460-147-0x00007FF701DC0000-0x00007FF7021B6000-memory.dmp

Filesize
4.0MB

Download
memory/460-2178-0x00007FF701DC0000-0x00007FF7021B6000-memory.dmp

Filesize
4.0MB

Download
memory/668-2173-0x00007FF6F13F0000-0x00007FF6F17E6000-memory.dmp

Filesize
4.0MB

Download
memory/668-145-0x00007FF6F13F0000-0x00007FF6F17E6000-memory.dmp

Filesize
4.0MB

Download
memory/944-2179-0x00007FF60F490000-0x00007FF60F886000-memory.dmp

Filesize
4.0MB

Download
memory/944-142-0x00007FF60F490000-0x00007FF60F886000-memory.dmp

Filesize
4.0MB

Download
memory/1060-158-0x00007FF6CB0D0000-0x00007FF6CB4C6000-memory.dmp

Filesize
4.0MB

Download
memory/1060-2157-0x00007FF6CB0D0000-0x00007FF6CB4C6000-memory.dmp

Filesize
4.0MB

Download
memory/1060-2181-0x00007FF6CB0D0000-0x00007FF6CB4C6000-memory.dmp

Filesize
4.0MB

Download
memory/1564-139-0x00007FF7C1BD0000-0x00007FF7C1FC6000-memory.dmp

Filesize
4.0MB

Download
memory/1564-2175-0x00007FF7C1BD0000-0x00007FF7C1FC6000-memory.dmp

Filesize
4.0MB

Download
memory/1800-2174-0x00007FF618300000-0x00007FF6186F6000-memory.dmp

Filesize
4.0MB

Download
memory/1800-140-0x00007FF618300000-0x00007FF6186F6000-memory.dmp

Filesize
4.0MB

Download
memory/1808-39-0x00007FF7D1AC0000-0x00007FF7D1EB6000-memory.dmp

Filesize
4.0MB

Download
memory/1808-2159-0x00007FF7D1AC0000-0x00007FF7D1EB6000-memory.dmp

Filesize
4.0MB

Download
memory/1812-133-0x00007FF740B20000-0x00007FF740F16000-memory.dmp

Filesize
4.0MB

Download
memory/1812-2169-0x00007FF740B20000-0x00007FF740F16000-memory.dmp

Filesize
4.0MB

Download
memory/1900-2161-0x00007FF7C84F0000-0x00007FF7C88E6000-memory.dmp

Filesize
4.0MB

Download
memory/1900-77-0x00007FF7C84F0000-0x00007FF7C88E6000-memory.dmp

Filesize
4.0MB

Download
memory/1996-1993-0x000001A57B6E0000-0x000001A57B6F0000-memory.dmp

Filesize
64KB

Download
memory/1996-148-0x000001A57C510000-0x000001A57CCB6000-memory.dmp

Filesize
7.6MB

Download
memory/1996-16-0x000001A57B6E0000-0x000001A57B6F0000-memory.dmp

Filesize
64KB

Download
memory/1996-53-0x00007FF825643000-0x00007FF825645000-memory.dmp

Filesize
8KB

Download
memory/1996-63-0x000001A57B990000-0x000001A57B9B2000-memory.dmp

Filesize
136KB

Download
memory/1996-17-0x000001A57B6E0000-0x000001A57B6F0000-memory.dmp

Filesize
64KB

Download
memory/1996-2156-0x00007FF825643000-0x00007FF825645000-memory.dmp

Filesize
8KB

Download
memory/2240-2171-0x00007FF7474E0000-0x00007FF7478D6000-memory.dmp

Filesize
4.0MB

Download
memory/2240-128-0x00007FF7474E0000-0x00007FF7478D6000-memory.dmp

Filesize
4.0MB

Download
memory/2368-127-0x00007FF6748E0000-0x00007FF674CD6000-memory.dmp

Filesize
4.0MB

Download
memory/2368-2167-0x00007FF6748E0000-0x00007FF674CD6000-memory.dmp

Filesize
4.0MB

Download
memory/2548-97-0x00007FF6522C0000-0x00007FF6526B6000-memory.dmp

Filesize
4.0MB

Download
memory/2548-2164-0x00007FF6522C0000-0x00007FF6526B6000-memory.dmp

Filesize
4.0MB

Download
memory/2772-1680-0x00007FF6FDC90000-0x00007FF6FE086000-memory.dmp

Filesize
4.0MB

Download
memory/2772-2158-0x00007FF6FDC90000-0x00007FF6FE086000-memory.dmp

Filesize
4.0MB

Download
memory/2772-15-0x00007FF6FDC90000-0x00007FF6FE086000-memory.dmp

Filesize
4.0MB

Download
memory/2812-112-0x00007FF607E80000-0x00007FF608276000-memory.dmp

Filesize
4.0MB

Download
memory/2812-2165-0x00007FF607E80000-0x00007FF608276000-memory.dmp

Filesize
4.0MB

Download
memory/3088-2180-0x00007FF628C00000-0x00007FF628FF6000-memory.dmp

Filesize
4.0MB

Download
memory/3088-166-0x00007FF628C00000-0x00007FF628FF6000-memory.dmp

Filesize
4.0MB

Download
memory/3476-2163-0x00007FF79F9A0000-0x00007FF79FD96000-memory.dmp

Filesize
4.0MB

Download
memory/3476-1692-0x00007FF79F9A0000-0x00007FF79FD96000-memory.dmp

Filesize
4.0MB

Download
memory/3476-51-0x00007FF79F9A0000-0x00007FF79FD96000-memory.dmp

Filesize
4.0MB

Download
memory/4372-1677-0x00007FF6CDF00000-0x00007FF6CE2F6000-memory.dmp

Filesize
4.0MB

Download
memory/4372-0-0x00007FF6CDF00000-0x00007FF6CE2F6000-memory.dmp

Filesize
4.0MB

Download
memory/4372-1-0x000001CCDE470000-0x000001CCDE480000-memory.dmp

Filesize
64KB

Download
memory/4576-2160-0x00007FF7507E0000-0x00007FF750BD6000-memory.dmp

Filesize
4.0MB

Download
memory/4576-1681-0x00007FF7507E0000-0x00007FF750BD6000-memory.dmp

Filesize
4.0MB

Download
memory/4576-31-0x00007FF7507E0000-0x00007FF750BD6000-memory.dmp

Filesize
4.0MB

Download
memory/4672-138-0x00007FF738970000-0x00007FF738D66000-memory.dmp

Filesize
4.0MB

Download
memory/4672-2172-0x00007FF738970000-0x00007FF738D66000-memory.dmp

Filesize
4.0MB

Download
memory/4712-2177-0x00007FF763920000-0x00007FF763D16000-memory.dmp

Filesize
4.0MB

Download
memory/4712-141-0x00007FF763920000-0x00007FF763D16000-memory.dmp

Filesize
4.0MB

Download
memory/4848-2176-0x00007FF7D5260000-0x00007FF7D5656000-memory.dmp

Filesize
4.0MB

Download
memory/4848-146-0x00007FF7D5260000-0x00007FF7D5656000-memory.dmp

Filesize
4.0MB

Download
memory/4912-2170-0x00007FF7B0F90000-0x00007FF7B1386000-memory.dmp

Filesize
4.0MB

Download
memory/4912-144-0x00007FF7B0F90000-0x00007FF7B1386000-memory.dmp

Filesize
4.0MB

Download
memory/5048-2166-0x00007FF790230000-0x00007FF790626000-memory.dmp

Filesize
4.0MB

Download
memory/5048-118-0x00007FF790230000-0x00007FF790626000-memory.dmp

Filesize
4.0MB

Download