xmrig | c5d7a89c8a53f86bfba722a9307544de73213bcc2deae924cc861854da91eb6e

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
Size

2.9MB
MD5

59651fb0d82582ad87b7632b88fb9830
SHA1

6c4f0bdf746532e1f7128ba902540c5676313983
SHA256

c5d7a89c8a53f86bfba722a9307544de73213bcc2deae924cc861854da91eb6e
SHA512

9535f83b7541b9b1c8c1d3ee5760ddd58bed1055dce54036ff3b1457a2cb0244ff9c873f79dde6058a69037e86c0ec9c0749cd18f271cdeeeaa6131da56dee73
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/z+O:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rm

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1624-0-0x00007FF6372F0000-0x00007FF6376E6000-memory.dmp	xmrig
behavioral2/files/0x000700000002326f-6.dat	xmrig
behavioral2/files/0x00070000000233cf-10.dat	xmrig
behavioral2/files/0x00070000000233ce-14.dat	xmrig
behavioral2/files/0x00070000000233d0-22.dat	xmrig
behavioral2/files/0x00070000000233d1-25.dat	xmrig
behavioral2/files/0x00070000000233d2-42.dat	xmrig
behavioral2/files/0x00080000000233d4-47.dat	xmrig
behavioral2/memory/3676-54-0x00007FF670E50000-0x00007FF671246000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d5-61.dat	xmrig
behavioral2/memory/548-68-0x00007FF656B90000-0x00007FF656F86000-memory.dmp	xmrig
behavioral2/memory/4524-69-0x00007FF60E880000-0x00007FF60EC76000-memory.dmp	xmrig
behavioral2/files/0x00080000000233d3-64.dat	xmrig
behavioral2/memory/2132-63-0x00007FF62CD50000-0x00007FF62D146000-memory.dmp	xmrig
behavioral2/memory/4336-60-0x00007FF7DF0F0000-0x00007FF7DF4E6000-memory.dmp	xmrig
behavioral2/memory/4776-58-0x00007FF6B4500000-0x00007FF6B48F6000-memory.dmp	xmrig
behavioral2/memory/3092-49-0x00007FF6177D0000-0x00007FF617BC6000-memory.dmp	xmrig
behavioral2/memory/1400-48-0x00007FF72EDB0000-0x00007FF72F1A6000-memory.dmp	xmrig
behavioral2/memory/2896-46-0x00007FF603160000-0x00007FF603556000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d6-72.dat	xmrig
behavioral2/files/0x00090000000233c4-78.dat	xmrig
behavioral2/files/0x00070000000233d7-85.dat	xmrig
behavioral2/memory/1712-92-0x00007FF650300000-0x00007FF6506F6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d9-87.dat	xmrig
behavioral2/files/0x00070000000233d8-86.dat	xmrig
behavioral2/files/0x00070000000233da-96.dat	xmrig
behavioral2/files/0x00070000000233dd-111.dat	xmrig
behavioral2/files/0x00070000000233e0-129.dat	xmrig
behavioral2/memory/4580-131-0x00007FF77ADB0000-0x00007FF77B1A6000-memory.dmp	xmrig
behavioral2/memory/1544-135-0x00007FF7A5890000-0x00007FF7A5C86000-memory.dmp	xmrig
behavioral2/memory/804-136-0x00007FF65F140000-0x00007FF65F536000-memory.dmp	xmrig
behavioral2/memory/460-137-0x00007FF7D8B20000-0x00007FF7D8F16000-memory.dmp	xmrig
behavioral2/memory/1180-138-0x00007FF6ECD30000-0x00007FF6ED126000-memory.dmp	xmrig
behavioral2/files/0x00070000000233df-133.dat	xmrig
behavioral2/files/0x00070000000233de-132.dat	xmrig
behavioral2/memory/1660-130-0x00007FF73E8B0000-0x00007FF73ECA6000-memory.dmp	xmrig
behavioral2/memory/4640-123-0x00007FF7CB910000-0x00007FF7CBD06000-memory.dmp	xmrig
behavioral2/files/0x00070000000233dc-120.dat	xmrig
behavioral2/memory/1696-112-0x00007FF645E70000-0x00007FF646266000-memory.dmp	xmrig
behavioral2/memory/4900-108-0x00007FF6490C0000-0x00007FF6494B6000-memory.dmp	xmrig
behavioral2/memory/3804-100-0x00007FF61BB70000-0x00007FF61BF66000-memory.dmp	xmrig
behavioral2/files/0x00070000000233db-99.dat	xmrig
behavioral2/memory/3404-89-0x00007FF6FA0E0000-0x00007FF6FA4D6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233e1-238.dat	xmrig
behavioral2/files/0x0007000000023408-272.dat	xmrig
behavioral2/files/0x0007000000023404-275.dat	xmrig
behavioral2/files/0x0007000000023409-281.dat	xmrig
behavioral2/files/0x000700000002340c-292.dat	xmrig
behavioral2/files/0x0007000000023407-279.dat	xmrig
behavioral2/files/0x0007000000023406-277.dat	xmrig
behavioral2/memory/1984-263-0x00007FF602C70000-0x00007FF603066000-memory.dmp	xmrig
behavioral2/files/0x0007000000023405-264.dat	xmrig
behavioral2/memory/3972-255-0x00007FF7D25D0000-0x00007FF7D29C6000-memory.dmp	xmrig
behavioral2/memory/4804-252-0x00007FF733610000-0x00007FF733A06000-memory.dmp	xmrig
behavioral2/files/0x0007000000023403-250.dat	xmrig
behavioral2/files/0x000700000002340f-394.dat	xmrig
behavioral2/files/0x0007000000023435-402.dat	xmrig
behavioral2/memory/1624-1039-0x00007FF6372F0000-0x00007FF6376E6000-memory.dmp	xmrig
behavioral2/memory/4336-1633-0x00007FF7DF0F0000-0x00007FF7DF4E6000-memory.dmp	xmrig
behavioral2/memory/3804-1922-0x00007FF61BB70000-0x00007FF61BF66000-memory.dmp	xmrig
behavioral2/memory/1544-2295-0x00007FF7A5890000-0x00007FF7A5C86000-memory.dmp	xmrig
behavioral2/memory/804-2296-0x00007FF65F140000-0x00007FF65F536000-memory.dmp	xmrig
behavioral2/memory/3676-2297-0x00007FF670E50000-0x00007FF671246000-memory.dmp	xmrig
behavioral2/memory/2896-2298-0x00007FF603160000-0x00007FF603556000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
7	4044	powershell.exe
12	4044	powershell.exe
14	4044	powershell.exe
15	4044	powershell.exe
17	4044	powershell.exe
21	4044	powershell.exe
22	4044	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4044	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3676	acfJHaQ.exe
2896	AJYdfGI.exe
1400	kMtTJxE.exe
3092	GcjqacK.exe
4776	ADpOaEs.exe
4336	LiYpaWJ.exe
2132	bDzWBeJ.exe
548	eEdePnJ.exe
4524	ERyXGHJ.exe
3404	XksmQlo.exe
1696	EzhLKqV.exe
4640	HvhMSPQ.exe
1712	pWEmCuC.exe
3804	pNSXoYH.exe
1660	uOfEWNJ.exe
4900	TiApRnv.exe
4580	vTYLBGq.exe
460	akeCSsR.exe
1180	foScPvk.exe
1544	yASWRrg.exe
804	IFBcnbH.exe
4804	ifTpesK.exe
3972	ISrYrcw.exe
1984	CrueNeA.exe
4568	dKEMjQD.exe
224	HtDpIIS.exe
1076	fyQFsVW.exe
3420	Nywhcpg.exe
4420	tJHjcIQ.exe
3508	uxxZPjZ.exe
2892	bdKVvxA.exe
2916	WQfzAzs.exe
4948	ecEhomV.exe
2264	XQGsdYi.exe
2652	WoLYoOw.exe
3920	OuKpLGG.exe
3656	xlElkZM.exe
3608	XxkJVuA.exe
3184	GgXVEPV.exe
4864	UrWKsTD.exe
1888	kMmRjko.exe
3468	ugoZvbv.exe
3232	HJUAzwB.exe
4608	vmlaAbd.exe
1568	GHHKVxE.exe
3240	ddEbJOo.exe
452	SIvoDke.exe
4468	yInOmOS.exe
648	IRMeCbx.exe
4500	hrkwnsf.exe
1700	KpcNGIp.exe
4172	jukxzWA.exe
4480	tdTrTXP.exe
4976	fTREoRZ.exe
3764	zIpkuEM.exe
1500	cOzESlO.exe
4352	wpIaGqI.exe
5096	JpYskpb.exe
2980	AUAmrWt.exe
4836	RoMmMOu.exe
676	SfZrSZK.exe
5084	PBdaJYh.exe
748	ZmQDrdI.exe
4120	FsRMPWy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1624-0-0x00007FF6372F0000-0x00007FF6376E6000-memory.dmp	upx
behavioral2/files/0x000700000002326f-6.dat	upx
behavioral2/files/0x00070000000233cf-10.dat	upx
behavioral2/files/0x00070000000233ce-14.dat	upx
behavioral2/files/0x00070000000233d0-22.dat	upx
behavioral2/files/0x00070000000233d1-25.dat	upx
behavioral2/files/0x00070000000233d2-42.dat	upx
behavioral2/files/0x00080000000233d4-47.dat	upx
behavioral2/memory/3676-54-0x00007FF670E50000-0x00007FF671246000-memory.dmp	upx
behavioral2/files/0x00070000000233d5-61.dat	upx
behavioral2/memory/548-68-0x00007FF656B90000-0x00007FF656F86000-memory.dmp	upx
behavioral2/memory/4524-69-0x00007FF60E880000-0x00007FF60EC76000-memory.dmp	upx
behavioral2/files/0x00080000000233d3-64.dat	upx
behavioral2/memory/2132-63-0x00007FF62CD50000-0x00007FF62D146000-memory.dmp	upx
behavioral2/memory/4336-60-0x00007FF7DF0F0000-0x00007FF7DF4E6000-memory.dmp	upx
behavioral2/memory/4776-58-0x00007FF6B4500000-0x00007FF6B48F6000-memory.dmp	upx
behavioral2/memory/3092-49-0x00007FF6177D0000-0x00007FF617BC6000-memory.dmp	upx
behavioral2/memory/1400-48-0x00007FF72EDB0000-0x00007FF72F1A6000-memory.dmp	upx
behavioral2/memory/2896-46-0x00007FF603160000-0x00007FF603556000-memory.dmp	upx
behavioral2/files/0x00070000000233d6-72.dat	upx
behavioral2/files/0x00090000000233c4-78.dat	upx
behavioral2/files/0x00070000000233d7-85.dat	upx
behavioral2/memory/1712-92-0x00007FF650300000-0x00007FF6506F6000-memory.dmp	upx
behavioral2/files/0x00070000000233d9-87.dat	upx
behavioral2/files/0x00070000000233d8-86.dat	upx
behavioral2/files/0x00070000000233da-96.dat	upx
behavioral2/files/0x00070000000233dd-111.dat	upx
behavioral2/files/0x00070000000233e0-129.dat	upx
behavioral2/memory/4580-131-0x00007FF77ADB0000-0x00007FF77B1A6000-memory.dmp	upx
behavioral2/memory/1544-135-0x00007FF7A5890000-0x00007FF7A5C86000-memory.dmp	upx
behavioral2/memory/804-136-0x00007FF65F140000-0x00007FF65F536000-memory.dmp	upx
behavioral2/memory/460-137-0x00007FF7D8B20000-0x00007FF7D8F16000-memory.dmp	upx
behavioral2/memory/1180-138-0x00007FF6ECD30000-0x00007FF6ED126000-memory.dmp	upx
behavioral2/files/0x00070000000233df-133.dat	upx
behavioral2/files/0x00070000000233de-132.dat	upx
behavioral2/memory/1660-130-0x00007FF73E8B0000-0x00007FF73ECA6000-memory.dmp	upx
behavioral2/memory/4640-123-0x00007FF7CB910000-0x00007FF7CBD06000-memory.dmp	upx
behavioral2/files/0x00070000000233dc-120.dat	upx
behavioral2/memory/1696-112-0x00007FF645E70000-0x00007FF646266000-memory.dmp	upx
behavioral2/memory/4900-108-0x00007FF6490C0000-0x00007FF6494B6000-memory.dmp	upx
behavioral2/memory/3804-100-0x00007FF61BB70000-0x00007FF61BF66000-memory.dmp	upx
behavioral2/files/0x00070000000233db-99.dat	upx
behavioral2/memory/3404-89-0x00007FF6FA0E0000-0x00007FF6FA4D6000-memory.dmp	upx
behavioral2/files/0x00070000000233e1-238.dat	upx
behavioral2/files/0x0007000000023408-272.dat	upx
behavioral2/files/0x0007000000023404-275.dat	upx
behavioral2/files/0x0007000000023409-281.dat	upx
behavioral2/files/0x000700000002340c-292.dat	upx
behavioral2/files/0x0007000000023407-279.dat	upx
behavioral2/files/0x0007000000023406-277.dat	upx
behavioral2/memory/1984-263-0x00007FF602C70000-0x00007FF603066000-memory.dmp	upx
behavioral2/files/0x0007000000023405-264.dat	upx
behavioral2/memory/3972-255-0x00007FF7D25D0000-0x00007FF7D29C6000-memory.dmp	upx
behavioral2/memory/4804-252-0x00007FF733610000-0x00007FF733A06000-memory.dmp	upx
behavioral2/files/0x0007000000023403-250.dat	upx
behavioral2/files/0x000700000002340f-394.dat	upx
behavioral2/files/0x0007000000023435-402.dat	upx
behavioral2/memory/1624-1039-0x00007FF6372F0000-0x00007FF6376E6000-memory.dmp	upx
behavioral2/memory/4336-1633-0x00007FF7DF0F0000-0x00007FF7DF4E6000-memory.dmp	upx
behavioral2/memory/3804-1922-0x00007FF61BB70000-0x00007FF61BF66000-memory.dmp	upx
behavioral2/memory/1544-2295-0x00007FF7A5890000-0x00007FF7A5C86000-memory.dmp	upx
behavioral2/memory/804-2296-0x00007FF65F140000-0x00007FF65F536000-memory.dmp	upx
behavioral2/memory/3676-2297-0x00007FF670E50000-0x00007FF671246000-memory.dmp	upx
behavioral2/memory/2896-2298-0x00007FF603160000-0x00007FF603556000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
6	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RLFgawS.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\ENOJlFQ.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\kvJJMXC.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\FXwdOQQ.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\UbxAmBe.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\smPHtqZ.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\aAIiiRV.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\uMgkUux.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\AIHldVw.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\itNEjlv.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\PiyetxJ.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\uRRqnGe.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\zhghAua.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\PNJQgoV.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\ficexNP.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\JznpNkq.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\wabNuPn.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\UIiwQWp.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\rktWEGk.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\fhFoWQT.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\YomtPQS.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\biJZJGj.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\KsweHid.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\JFFkxUO.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\XQGsdYi.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\QENhFtk.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\EkHPFSt.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\zwrOoiB.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\fMLkFOz.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\xHPKjUx.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\slZYjIZ.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\imIvukY.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\dxLrpdE.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\TWueTVB.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\KhfknwD.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\BHSKqlr.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\fhRmTTO.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\pvFcFBQ.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\cJTqxbX.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\LfBeRFU.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\MxHePer.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\AiyQfUz.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\eSFqqCN.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\sMDJJRq.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\tlUfeWo.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\eRdCajf.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\DGefyZE.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\eZnZdGr.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\VZrazJE.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\YtCuFHi.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\ugoZvbv.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\RHjkYvo.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\RJCEpNR.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\BNLaveB.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\AFGOjRn.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\hBDJlgQ.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\adIzyFw.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\SDFnGmn.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\gsDhNjs.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\kUmUEPx.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\cOzESlO.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\ZmQDrdI.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\efeQlLC.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
File created	C:\Windows\System\eQZqSvu.exe	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4044	powershell.exe
4044	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
Token: SeDebugPrivilege	4044	powershell.exe
Token: SeLockMemoryPrivilege	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 4044	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	83
PID 1624 wrote to memory of 4044	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	83
PID 1624 wrote to memory of 3676	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	84
PID 1624 wrote to memory of 3676	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	84
PID 1624 wrote to memory of 2896	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	85
PID 1624 wrote to memory of 2896	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	85
PID 1624 wrote to memory of 1400	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	86
PID 1624 wrote to memory of 1400	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	86
PID 1624 wrote to memory of 3092	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	87
PID 1624 wrote to memory of 3092	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	87
PID 1624 wrote to memory of 4776	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	88
PID 1624 wrote to memory of 4776	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	88
PID 1624 wrote to memory of 4336	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	89
PID 1624 wrote to memory of 4336	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	89
PID 1624 wrote to memory of 2132	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	90
PID 1624 wrote to memory of 2132	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	90
PID 1624 wrote to memory of 548	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	91
PID 1624 wrote to memory of 548	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	91
PID 1624 wrote to memory of 4524	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	92
PID 1624 wrote to memory of 4524	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	92
PID 1624 wrote to memory of 3404	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	93
PID 1624 wrote to memory of 3404	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	93
PID 1624 wrote to memory of 1696	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	94
PID 1624 wrote to memory of 1696	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	94
PID 1624 wrote to memory of 4640	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	95
PID 1624 wrote to memory of 4640	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	95
PID 1624 wrote to memory of 1712	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	96
PID 1624 wrote to memory of 1712	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	96
PID 1624 wrote to memory of 3804	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	97
PID 1624 wrote to memory of 3804	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	97
PID 1624 wrote to memory of 1660	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	98
PID 1624 wrote to memory of 1660	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	98
PID 1624 wrote to memory of 4900	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	99
PID 1624 wrote to memory of 4900	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	99
PID 1624 wrote to memory of 4580	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	100
PID 1624 wrote to memory of 4580	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	100
PID 1624 wrote to memory of 460	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	101
PID 1624 wrote to memory of 460	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	101
PID 1624 wrote to memory of 1180	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	102
PID 1624 wrote to memory of 1180	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	102
PID 1624 wrote to memory of 1544	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	103
PID 1624 wrote to memory of 1544	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	103
PID 1624 wrote to memory of 804	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	104
PID 1624 wrote to memory of 804	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	104
PID 1624 wrote to memory of 4804	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	105
PID 1624 wrote to memory of 4804	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	105
PID 1624 wrote to memory of 3972	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	106
PID 1624 wrote to memory of 3972	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	106
PID 1624 wrote to memory of 1984	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	107
PID 1624 wrote to memory of 1984	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	107
PID 1624 wrote to memory of 4568	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	108
PID 1624 wrote to memory of 4568	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	108
PID 1624 wrote to memory of 224	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	109
PID 1624 wrote to memory of 224	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	109
PID 1624 wrote to memory of 1076	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	110
PID 1624 wrote to memory of 1076	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	110
PID 1624 wrote to memory of 3420	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	111
PID 1624 wrote to memory of 3420	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	111
PID 1624 wrote to memory of 4420	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	112
PID 1624 wrote to memory of 4420	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	112
PID 1624 wrote to memory of 3508	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	113
PID 1624 wrote to memory of 3508	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	113
PID 1624 wrote to memory of 2892	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	114
PID 1624 wrote to memory of 2892	1624	59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\59651fb0d82582ad87b7632b88fb9830_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4044
- C:\Windows\System\acfJHaQ.exe
  C:\Windows\System\acfJHaQ.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\AJYdfGI.exe
  C:\Windows\System\AJYdfGI.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\kMtTJxE.exe
  C:\Windows\System\kMtTJxE.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\GcjqacK.exe
  C:\Windows\System\GcjqacK.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\ADpOaEs.exe
  C:\Windows\System\ADpOaEs.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\LiYpaWJ.exe
  C:\Windows\System\LiYpaWJ.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\bDzWBeJ.exe
  C:\Windows\System\bDzWBeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\eEdePnJ.exe
  C:\Windows\System\eEdePnJ.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\ERyXGHJ.exe
  C:\Windows\System\ERyXGHJ.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\XksmQlo.exe
  C:\Windows\System\XksmQlo.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\EzhLKqV.exe
  C:\Windows\System\EzhLKqV.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\HvhMSPQ.exe
  C:\Windows\System\HvhMSPQ.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\pWEmCuC.exe
  C:\Windows\System\pWEmCuC.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\pNSXoYH.exe
  C:\Windows\System\pNSXoYH.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\uOfEWNJ.exe
  C:\Windows\System\uOfEWNJ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\TiApRnv.exe
  C:\Windows\System\TiApRnv.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\vTYLBGq.exe
  C:\Windows\System\vTYLBGq.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\akeCSsR.exe
  C:\Windows\System\akeCSsR.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\foScPvk.exe
  C:\Windows\System\foScPvk.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\yASWRrg.exe
  C:\Windows\System\yASWRrg.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\IFBcnbH.exe
  C:\Windows\System\IFBcnbH.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\ifTpesK.exe
  C:\Windows\System\ifTpesK.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\ISrYrcw.exe
  C:\Windows\System\ISrYrcw.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\CrueNeA.exe
  C:\Windows\System\CrueNeA.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\dKEMjQD.exe
  C:\Windows\System\dKEMjQD.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\HtDpIIS.exe
  C:\Windows\System\HtDpIIS.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\fyQFsVW.exe
  C:\Windows\System\fyQFsVW.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\Nywhcpg.exe
  C:\Windows\System\Nywhcpg.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\tJHjcIQ.exe
  C:\Windows\System\tJHjcIQ.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\uxxZPjZ.exe
  C:\Windows\System\uxxZPjZ.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\bdKVvxA.exe
  C:\Windows\System\bdKVvxA.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\WQfzAzs.exe
  C:\Windows\System\WQfzAzs.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ecEhomV.exe
  C:\Windows\System\ecEhomV.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\XQGsdYi.exe
  C:\Windows\System\XQGsdYi.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\WoLYoOw.exe
  C:\Windows\System\WoLYoOw.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\OuKpLGG.exe
  C:\Windows\System\OuKpLGG.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\xlElkZM.exe
  C:\Windows\System\xlElkZM.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\XxkJVuA.exe
  C:\Windows\System\XxkJVuA.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\GgXVEPV.exe
  C:\Windows\System\GgXVEPV.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\UrWKsTD.exe
  C:\Windows\System\UrWKsTD.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\kMmRjko.exe
  C:\Windows\System\kMmRjko.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\ugoZvbv.exe
  C:\Windows\System\ugoZvbv.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\HJUAzwB.exe
  C:\Windows\System\HJUAzwB.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\vmlaAbd.exe
  C:\Windows\System\vmlaAbd.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\GHHKVxE.exe
  C:\Windows\System\GHHKVxE.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\ddEbJOo.exe
  C:\Windows\System\ddEbJOo.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\SIvoDke.exe
  C:\Windows\System\SIvoDke.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\yInOmOS.exe
  C:\Windows\System\yInOmOS.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\IRMeCbx.exe
  C:\Windows\System\IRMeCbx.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\hrkwnsf.exe
  C:\Windows\System\hrkwnsf.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\KpcNGIp.exe
  C:\Windows\System\KpcNGIp.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\jukxzWA.exe
  C:\Windows\System\jukxzWA.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\tdTrTXP.exe
  C:\Windows\System\tdTrTXP.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\fTREoRZ.exe
  C:\Windows\System\fTREoRZ.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\zIpkuEM.exe
  C:\Windows\System\zIpkuEM.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\cOzESlO.exe
  C:\Windows\System\cOzESlO.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\wpIaGqI.exe
  C:\Windows\System\wpIaGqI.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\JpYskpb.exe
  C:\Windows\System\JpYskpb.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\AUAmrWt.exe
  C:\Windows\System\AUAmrWt.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\RoMmMOu.exe
  C:\Windows\System\RoMmMOu.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\SfZrSZK.exe
  C:\Windows\System\SfZrSZK.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\PBdaJYh.exe
  C:\Windows\System\PBdaJYh.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\ZmQDrdI.exe
  C:\Windows\System\ZmQDrdI.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\FsRMPWy.exe
  C:\Windows\System\FsRMPWy.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\sVbnVVc.exe
  C:\Windows\System\sVbnVVc.exe
  2⤵
  PID:2812
- C:\Windows\System\AxLyCYy.exe
  C:\Windows\System\AxLyCYy.exe
  2⤵
  PID:1396
- C:\Windows\System\INEZVFq.exe
  C:\Windows\System\INEZVFq.exe
  2⤵
  PID:1876
- C:\Windows\System\cRfPBKI.exe
  C:\Windows\System\cRfPBKI.exe
  2⤵
  PID:3456
- C:\Windows\System\fIiXQLo.exe
  C:\Windows\System\fIiXQLo.exe
  2⤵
  PID:4416
- C:\Windows\System\NQtzkgC.exe
  C:\Windows\System\NQtzkgC.exe
  2⤵
  PID:904
- C:\Windows\System\eODQOdw.exe
  C:\Windows\System\eODQOdw.exe
  2⤵
  PID:4316
- C:\Windows\System\QJRyzfM.exe
  C:\Windows\System\QJRyzfM.exe
  2⤵
  PID:1872
- C:\Windows\System\LSjntEv.exe
  C:\Windows\System\LSjntEv.exe
  2⤵
  PID:5056
- C:\Windows\System\EnwZiUo.exe
  C:\Windows\System\EnwZiUo.exe
  2⤵
  PID:3520
- C:\Windows\System\RLFgawS.exe
  C:\Windows\System\RLFgawS.exe
  2⤵
  PID:4708
- C:\Windows\System\dppGVII.exe
  C:\Windows\System\dppGVII.exe
  2⤵
  PID:2392
- C:\Windows\System\PqhqDSM.exe
  C:\Windows\System\PqhqDSM.exe
  2⤵
  PID:4440
- C:\Windows\System\IWTetTJ.exe
  C:\Windows\System\IWTetTJ.exe
  2⤵
  PID:2092
- C:\Windows\System\EaunOks.exe
  C:\Windows\System\EaunOks.exe
  2⤵
  PID:2216
- C:\Windows\System\cBOjDfL.exe
  C:\Windows\System\cBOjDfL.exe
  2⤵
  PID:1992
- C:\Windows\System\UjWdGru.exe
  C:\Windows\System\UjWdGru.exe
  2⤵
  PID:5000
- C:\Windows\System\snmvNlF.exe
  C:\Windows\System\snmvNlF.exe
  2⤵
  PID:372
- C:\Windows\System\ARbfWFT.exe
  C:\Windows\System\ARbfWFT.exe
  2⤵
  PID:2848
- C:\Windows\System\MqdNUdg.exe
  C:\Windows\System\MqdNUdg.exe
  2⤵
  PID:1072
- C:\Windows\System\skIzBEF.exe
  C:\Windows\System\skIzBEF.exe
  2⤵
  PID:4688
- C:\Windows\System\UXKfFxE.exe
  C:\Windows\System\UXKfFxE.exe
  2⤵
  PID:2400
- C:\Windows\System\TMNXXKY.exe
  C:\Windows\System\TMNXXKY.exe
  2⤵
  PID:1884
- C:\Windows\System\PruSuRC.exe
  C:\Windows\System\PruSuRC.exe
  2⤵
  PID:4328
- C:\Windows\System\JznpNkq.exe
  C:\Windows\System\JznpNkq.exe
  2⤵
  PID:4644
- C:\Windows\System\XTYJTGe.exe
  C:\Windows\System\XTYJTGe.exe
  2⤵
  PID:2228
- C:\Windows\System\eOJPtzf.exe
  C:\Windows\System\eOJPtzf.exe
  2⤵
  PID:5140
- C:\Windows\System\wAifCqY.exe
  C:\Windows\System\wAifCqY.exe
  2⤵
  PID:5168
- C:\Windows\System\VYwvxjY.exe
  C:\Windows\System\VYwvxjY.exe
  2⤵
  PID:5192
- C:\Windows\System\VtolzqA.exe
  C:\Windows\System\VtolzqA.exe
  2⤵
  PID:5212
- C:\Windows\System\IQSEFfm.exe
  C:\Windows\System\IQSEFfm.exe
  2⤵
  PID:5256
- C:\Windows\System\QpFTldN.exe
  C:\Windows\System\QpFTldN.exe
  2⤵
  PID:5280
- C:\Windows\System\IAGokMT.exe
  C:\Windows\System\IAGokMT.exe
  2⤵
  PID:5300
- C:\Windows\System\ZnDOmKL.exe
  C:\Windows\System\ZnDOmKL.exe
  2⤵
  PID:5324
- C:\Windows\System\kskEbTq.exe
  C:\Windows\System\kskEbTq.exe
  2⤵
  PID:5352
- C:\Windows\System\kZboTPe.exe
  C:\Windows\System\kZboTPe.exe
  2⤵
  PID:5392
- C:\Windows\System\oMpafyt.exe
  C:\Windows\System\oMpafyt.exe
  2⤵
  PID:5420
- C:\Windows\System\KhfknwD.exe
  C:\Windows\System\KhfknwD.exe
  2⤵
  PID:5452
- C:\Windows\System\bYCipkx.exe
  C:\Windows\System\bYCipkx.exe
  2⤵
  PID:5480
- C:\Windows\System\wzMznDF.exe
  C:\Windows\System\wzMznDF.exe
  2⤵
  PID:5500
- C:\Windows\System\mWeYhKC.exe
  C:\Windows\System\mWeYhKC.exe
  2⤵
  PID:5532
- C:\Windows\System\jcZMWwU.exe
  C:\Windows\System\jcZMWwU.exe
  2⤵
  PID:5564
- C:\Windows\System\PSUqspj.exe
  C:\Windows\System\PSUqspj.exe
  2⤵
  PID:5600
- C:\Windows\System\kJMymWM.exe
  C:\Windows\System\kJMymWM.exe
  2⤵
  PID:5620
- C:\Windows\System\JmGIZtN.exe
  C:\Windows\System\JmGIZtN.exe
  2⤵
  PID:5648
- C:\Windows\System\uiXheKG.exe
  C:\Windows\System\uiXheKG.exe
  2⤵
  PID:5676
- C:\Windows\System\VrrzQrr.exe
  C:\Windows\System\VrrzQrr.exe
  2⤵
  PID:5704
- C:\Windows\System\rwCMxYO.exe
  C:\Windows\System\rwCMxYO.exe
  2⤵
  PID:5732
- C:\Windows\System\RHjkYvo.exe
  C:\Windows\System\RHjkYvo.exe
  2⤵
  PID:5752
- C:\Windows\System\NptCASu.exe
  C:\Windows\System\NptCASu.exe
  2⤵
  PID:5776
- C:\Windows\System\MxHePer.exe
  C:\Windows\System\MxHePer.exe
  2⤵
  PID:5804
- C:\Windows\System\aZRZzse.exe
  C:\Windows\System\aZRZzse.exe
  2⤵
  PID:5844
- C:\Windows\System\pVGrWzC.exe
  C:\Windows\System\pVGrWzC.exe
  2⤵
  PID:5872
- C:\Windows\System\FSJGhJE.exe
  C:\Windows\System\FSJGhJE.exe
  2⤵
  PID:5900
- C:\Windows\System\FDTZVoo.exe
  C:\Windows\System\FDTZVoo.exe
  2⤵
  PID:5920
- C:\Windows\System\aycGBQb.exe
  C:\Windows\System\aycGBQb.exe
  2⤵
  PID:5956
- C:\Windows\System\KJOVsXb.exe
  C:\Windows\System\KJOVsXb.exe
  2⤵
  PID:5984
- C:\Windows\System\RJCEpNR.exe
  C:\Windows\System\RJCEpNR.exe
  2⤵
  PID:6012
- C:\Windows\System\DtKVZfj.exe
  C:\Windows\System\DtKVZfj.exe
  2⤵
  PID:6044
- C:\Windows\System\OqWXdEX.exe
  C:\Windows\System\OqWXdEX.exe
  2⤵
  PID:6072
- C:\Windows\System\bxYgZQy.exe
  C:\Windows\System\bxYgZQy.exe
  2⤵
  PID:6100
- C:\Windows\System\BBjZAoQ.exe
  C:\Windows\System\BBjZAoQ.exe
  2⤵
  PID:6128
- C:\Windows\System\SvhyPPd.exe
  C:\Windows\System\SvhyPPd.exe
  2⤵
  PID:5124
- C:\Windows\System\myjZFao.exe
  C:\Windows\System\myjZFao.exe
  2⤵
  PID:5204
- C:\Windows\System\jbxTHyY.exe
  C:\Windows\System\jbxTHyY.exe
  2⤵
  PID:5268
- C:\Windows\System\ggqNVWO.exe
  C:\Windows\System\ggqNVWO.exe
  2⤵
  PID:5316
- C:\Windows\System\EQrlLjj.exe
  C:\Windows\System\EQrlLjj.exe
  2⤵
  PID:5340
- C:\Windows\System\SDFnGmn.exe
  C:\Windows\System\SDFnGmn.exe
  2⤵
  PID:5412
- C:\Windows\System\RAOboam.exe
  C:\Windows\System\RAOboam.exe
  2⤵
  PID:5464
- C:\Windows\System\NnwHIdQ.exe
  C:\Windows\System\NnwHIdQ.exe
  2⤵
  PID:5516
- C:\Windows\System\eZBdLnz.exe
  C:\Windows\System\eZBdLnz.exe
  2⤵
  PID:5584
- C:\Windows\System\aBERhMp.exe
  C:\Windows\System\aBERhMp.exe
  2⤵
  PID:5644
- C:\Windows\System\nMyBgzt.exe
  C:\Windows\System\nMyBgzt.exe
  2⤵
  PID:1092
- C:\Windows\System\kvxEdHP.exe
  C:\Windows\System\kvxEdHP.exe
  2⤵
  PID:5700
- C:\Windows\System\JqJpTvZ.exe
  C:\Windows\System\JqJpTvZ.exe
  2⤵
  PID:5788
- C:\Windows\System\VYvxfkX.exe
  C:\Windows\System\VYvxfkX.exe
  2⤵
  PID:5912
- C:\Windows\System\IsWdFSY.exe
  C:\Windows\System\IsWdFSY.exe
  2⤵
  PID:6096
- C:\Windows\System\gMKsgBX.exe
  C:\Windows\System\gMKsgBX.exe
  2⤵
  PID:6136
- C:\Windows\System\fMLkFOz.exe
  C:\Windows\System\fMLkFOz.exe
  2⤵
  PID:5272
- C:\Windows\System\kWZJiAB.exe
  C:\Windows\System\kWZJiAB.exe
  2⤵
  PID:5384
- C:\Windows\System\efeQlLC.exe
  C:\Windows\System\efeQlLC.exe
  2⤵
  PID:3488
- C:\Windows\System\dYhHtLr.exe
  C:\Windows\System\dYhHtLr.exe
  2⤵
  PID:3532
- C:\Windows\System\DtUiajQ.exe
  C:\Windows\System\DtUiajQ.exe
  2⤵
  PID:5884
- C:\Windows\System\UcruNSY.exe
  C:\Windows\System\UcruNSY.exe
  2⤵
  PID:6008
- C:\Windows\System\TJwegNF.exe
  C:\Windows\System\TJwegNF.exe
  2⤵
  PID:5264
- C:\Windows\System\HEbSfEx.exe
  C:\Windows\System\HEbSfEx.exe
  2⤵
  PID:5760
- C:\Windows\System\HXiPKIU.exe
  C:\Windows\System\HXiPKIU.exe
  2⤵
  PID:5748
- C:\Windows\System\uapZkhF.exe
  C:\Windows\System\uapZkhF.exe
  2⤵
  PID:6140
- C:\Windows\System\JANzqnt.exe
  C:\Windows\System\JANzqnt.exe
  2⤵
  PID:5660
- C:\Windows\System\CXqZImw.exe
  C:\Windows\System\CXqZImw.exe
  2⤵
  PID:6156
- C:\Windows\System\xEiJISy.exe
  C:\Windows\System\xEiJISy.exe
  2⤵
  PID:6184
- C:\Windows\System\wifuOGt.exe
  C:\Windows\System\wifuOGt.exe
  2⤵
  PID:6248
- C:\Windows\System\whBObmH.exe
  C:\Windows\System\whBObmH.exe
  2⤵
  PID:6284
- C:\Windows\System\iedGBgb.exe
  C:\Windows\System\iedGBgb.exe
  2⤵
  PID:6308
- C:\Windows\System\zwhMVkC.exe
  C:\Windows\System\zwhMVkC.exe
  2⤵
  PID:6356
- C:\Windows\System\YsiwPkA.exe
  C:\Windows\System\YsiwPkA.exe
  2⤵
  PID:6372
- C:\Windows\System\QEBQvdB.exe
  C:\Windows\System\QEBQvdB.exe
  2⤵
  PID:6392
- C:\Windows\System\KFogMxa.exe
  C:\Windows\System\KFogMxa.exe
  2⤵
  PID:6436
- C:\Windows\System\haZyPUO.exe
  C:\Windows\System\haZyPUO.exe
  2⤵
  PID:6464
- C:\Windows\System\zFqYKvi.exe
  C:\Windows\System\zFqYKvi.exe
  2⤵
  PID:6480
- C:\Windows\System\OpqCPAo.exe
  C:\Windows\System\OpqCPAo.exe
  2⤵
  PID:6516
- C:\Windows\System\SqzUpgz.exe
  C:\Windows\System\SqzUpgz.exe
  2⤵
  PID:6548
- C:\Windows\System\BXjtsPA.exe
  C:\Windows\System\BXjtsPA.exe
  2⤵
  PID:6576
- C:\Windows\System\TPFwcct.exe
  C:\Windows\System\TPFwcct.exe
  2⤵
  PID:6608
- C:\Windows\System\EgAlnzs.exe
  C:\Windows\System\EgAlnzs.exe
  2⤵
  PID:6640
- C:\Windows\System\DGefyZE.exe
  C:\Windows\System\DGefyZE.exe
  2⤵
  PID:6684
- C:\Windows\System\fupnBWQ.exe
  C:\Windows\System\fupnBWQ.exe
  2⤵
  PID:6700
- C:\Windows\System\KMdVzTE.exe
  C:\Windows\System\KMdVzTE.exe
  2⤵
  PID:6728
- C:\Windows\System\QENhFtk.exe
  C:\Windows\System\QENhFtk.exe
  2⤵
  PID:6764
- C:\Windows\System\BEhxJKB.exe
  C:\Windows\System\BEhxJKB.exe
  2⤵
  PID:6796
- C:\Windows\System\pjNttcw.exe
  C:\Windows\System\pjNttcw.exe
  2⤵
  PID:6832
- C:\Windows\System\WrUlgnB.exe
  C:\Windows\System\WrUlgnB.exe
  2⤵
  PID:6868
- C:\Windows\System\YensJvG.exe
  C:\Windows\System\YensJvG.exe
  2⤵
  PID:6896
- C:\Windows\System\AiyQfUz.exe
  C:\Windows\System\AiyQfUz.exe
  2⤵
  PID:6916
- C:\Windows\System\ZkmXuMk.exe
  C:\Windows\System\ZkmXuMk.exe
  2⤵
  PID:6944
- C:\Windows\System\LVXLuAI.exe
  C:\Windows\System\LVXLuAI.exe
  2⤵
  PID:7000
- C:\Windows\System\zUKqpjP.exe
  C:\Windows\System\zUKqpjP.exe
  2⤵
  PID:7024
- C:\Windows\System\ZpLOwET.exe
  C:\Windows\System\ZpLOwET.exe
  2⤵
  PID:7048
- C:\Windows\System\jCzlEzk.exe
  C:\Windows\System\jCzlEzk.exe
  2⤵
  PID:7084
- C:\Windows\System\XItTepN.exe
  C:\Windows\System\XItTepN.exe
  2⤵
  PID:7120
- C:\Windows\System\VXzCwMu.exe
  C:\Windows\System\VXzCwMu.exe
  2⤵
  PID:7152
- C:\Windows\System\HCgEqno.exe
  C:\Windows\System\HCgEqno.exe
  2⤵
  PID:5944
- C:\Windows\System\xFvKwZX.exe
  C:\Windows\System\xFvKwZX.exe
  2⤵
  PID:6232
- C:\Windows\System\YoqNNtH.exe
  C:\Windows\System\YoqNNtH.exe
  2⤵
  PID:2172
- C:\Windows\System\cBXyWsH.exe
  C:\Windows\System\cBXyWsH.exe
  2⤵
  PID:6340
- C:\Windows\System\wabNuPn.exe
  C:\Windows\System\wabNuPn.exe
  2⤵
  PID:2056
- C:\Windows\System\phwHpqO.exe
  C:\Windows\System\phwHpqO.exe
  2⤵
  PID:6432
- C:\Windows\System\TbUxLHJ.exe
  C:\Windows\System\TbUxLHJ.exe
  2⤵
  PID:6504
- C:\Windows\System\LeGwoeF.exe
  C:\Windows\System\LeGwoeF.exe
  2⤵
  PID:6596
- C:\Windows\System\SpChuyb.exe
  C:\Windows\System\SpChuyb.exe
  2⤵
  PID:6680
- C:\Windows\System\fiWmCce.exe
  C:\Windows\System\fiWmCce.exe
  2⤵
  PID:6784
- C:\Windows\System\WNtcXtV.exe
  C:\Windows\System\WNtcXtV.exe
  2⤵
  PID:6860
- C:\Windows\System\qrffNef.exe
  C:\Windows\System\qrffNef.exe
  2⤵
  PID:6936
- C:\Windows\System\tWSAzUx.exe
  C:\Windows\System\tWSAzUx.exe
  2⤵
  PID:6988
- C:\Windows\System\eRdCajf.exe
  C:\Windows\System\eRdCajf.exe
  2⤵
  PID:7064
- C:\Windows\System\borIMNc.exe
  C:\Windows\System\borIMNc.exe
  2⤵
  PID:6168
- C:\Windows\System\BCPFxhb.exe
  C:\Windows\System\BCPFxhb.exe
  2⤵
  PID:6364
- C:\Windows\System\bDKiWuI.exe
  C:\Windows\System\bDKiWuI.exe
  2⤵
  PID:6428
- C:\Windows\System\EfOKyzv.exe
  C:\Windows\System\EfOKyzv.exe
  2⤵
  PID:6352
- C:\Windows\System\pQnugXb.exe
  C:\Windows\System\pQnugXb.exe
  2⤵
  PID:6960
- C:\Windows\System\RJboJHy.exe
  C:\Windows\System\RJboJHy.exe
  2⤵
  PID:6268
- C:\Windows\System\VeGGbhy.exe
  C:\Windows\System\VeGGbhy.exe
  2⤵
  PID:6408
- C:\Windows\System\XZNSfGj.exe
  C:\Windows\System\XZNSfGj.exe
  2⤵
  PID:6564
- C:\Windows\System\rDEmSFU.exe
  C:\Windows\System\rDEmSFU.exe
  2⤵
  PID:7060
- C:\Windows\System\iYkogiX.exe
  C:\Windows\System\iYkogiX.exe
  2⤵
  PID:6492
- C:\Windows\System\ycQSuVH.exe
  C:\Windows\System\ycQSuVH.exe
  2⤵
  PID:7220
- C:\Windows\System\aPdlvOr.exe
  C:\Windows\System\aPdlvOr.exe
  2⤵
  PID:7244
- C:\Windows\System\NWekqON.exe
  C:\Windows\System\NWekqON.exe
  2⤵
  PID:7284
- C:\Windows\System\VmQRcTv.exe
  C:\Windows\System\VmQRcTv.exe
  2⤵
  PID:7324
- C:\Windows\System\fmSnMKb.exe
  C:\Windows\System\fmSnMKb.exe
  2⤵
  PID:7352
- C:\Windows\System\smZRYQV.exe
  C:\Windows\System\smZRYQV.exe
  2⤵
  PID:7384
- C:\Windows\System\BHVgbyv.exe
  C:\Windows\System\BHVgbyv.exe
  2⤵
  PID:7412
- C:\Windows\System\DisfSZw.exe
  C:\Windows\System\DisfSZw.exe
  2⤵
  PID:7436
- C:\Windows\System\MaUMCpY.exe
  C:\Windows\System\MaUMCpY.exe
  2⤵
  PID:7476
- C:\Windows\System\DpcPfaq.exe
  C:\Windows\System\DpcPfaq.exe
  2⤵
  PID:7508
- C:\Windows\System\UJuPigt.exe
  C:\Windows\System\UJuPigt.exe
  2⤵
  PID:7536
- C:\Windows\System\GhGtveT.exe
  C:\Windows\System\GhGtveT.exe
  2⤵
  PID:7564
- C:\Windows\System\rvVZzcS.exe
  C:\Windows\System\rvVZzcS.exe
  2⤵
  PID:7600
- C:\Windows\System\aUtthPp.exe
  C:\Windows\System\aUtthPp.exe
  2⤵
  PID:7628
- C:\Windows\System\QqIAmsi.exe
  C:\Windows\System\QqIAmsi.exe
  2⤵
  PID:7656
- C:\Windows\System\cZzDdhk.exe
  C:\Windows\System\cZzDdhk.exe
  2⤵
  PID:7684
- C:\Windows\System\ruOZjYH.exe
  C:\Windows\System\ruOZjYH.exe
  2⤵
  PID:7712
- C:\Windows\System\GfXNQHM.exe
  C:\Windows\System\GfXNQHM.exe
  2⤵
  PID:7752
- C:\Windows\System\HWQaVtP.exe
  C:\Windows\System\HWQaVtP.exe
  2⤵
  PID:7772
- C:\Windows\System\fZHKRaO.exe
  C:\Windows\System\fZHKRaO.exe
  2⤵
  PID:7804
- C:\Windows\System\DQNyqeu.exe
  C:\Windows\System\DQNyqeu.exe
  2⤵
  PID:7832
- C:\Windows\System\FsjhzAj.exe
  C:\Windows\System\FsjhzAj.exe
  2⤵
  PID:7860
- C:\Windows\System\eZnZdGr.exe
  C:\Windows\System\eZnZdGr.exe
  2⤵
  PID:7884
- C:\Windows\System\IPccgqa.exe
  C:\Windows\System\IPccgqa.exe
  2⤵
  PID:7900
- C:\Windows\System\uDHFnDK.exe
  C:\Windows\System\uDHFnDK.exe
  2⤵
  PID:7928
- C:\Windows\System\VwhjUsK.exe
  C:\Windows\System\VwhjUsK.exe
  2⤵
  PID:7944
- C:\Windows\System\hMZcYfn.exe
  C:\Windows\System\hMZcYfn.exe
  2⤵
  PID:7980
- C:\Windows\System\KsweHid.exe
  C:\Windows\System\KsweHid.exe
  2⤵
  PID:8012
- C:\Windows\System\cKdbozr.exe
  C:\Windows\System\cKdbozr.exe
  2⤵
  PID:8044
- C:\Windows\System\RrcMYYe.exe
  C:\Windows\System\RrcMYYe.exe
  2⤵
  PID:8064
- C:\Windows\System\JdDOJCq.exe
  C:\Windows\System\JdDOJCq.exe
  2⤵
  PID:8088
- C:\Windows\System\ENOJlFQ.exe
  C:\Windows\System\ENOJlFQ.exe
  2⤵
  PID:8132
- C:\Windows\System\eWDpyCr.exe
  C:\Windows\System\eWDpyCr.exe
  2⤵
  PID:8156
- C:\Windows\System\BSaXugy.exe
  C:\Windows\System\BSaXugy.exe
  2⤵
  PID:7020
- C:\Windows\System\QSEKgLG.exe
  C:\Windows\System\QSEKgLG.exe
  2⤵
  PID:7236
- C:\Windows\System\BCikqfa.exe
  C:\Windows\System\BCikqfa.exe
  2⤵
  PID:7260
- C:\Windows\System\NhzILxr.exe
  C:\Windows\System\NhzILxr.exe
  2⤵
  PID:7336
- C:\Windows\System\DBlhOkN.exe
  C:\Windows\System\DBlhOkN.exe
  2⤵
  PID:7408
- C:\Windows\System\rYPXTxO.exe
  C:\Windows\System\rYPXTxO.exe
  2⤵
  PID:7456
- C:\Windows\System\iRlpcPR.exe
  C:\Windows\System\iRlpcPR.exe
  2⤵
  PID:7520
- C:\Windows\System\tTTvtdZ.exe
  C:\Windows\System\tTTvtdZ.exe
  2⤵
  PID:7612
- C:\Windows\System\jfxEgjt.exe
  C:\Windows\System\jfxEgjt.exe
  2⤵
  PID:7676
- C:\Windows\System\AIHldVw.exe
  C:\Windows\System\AIHldVw.exe
  2⤵
  PID:7736
- C:\Windows\System\UMGaksX.exe
  C:\Windows\System\UMGaksX.exe
  2⤵
  PID:7812
- C:\Windows\System\IUGPAtH.exe
  C:\Windows\System\IUGPAtH.exe
  2⤵
  PID:7876
- C:\Windows\System\BHSKqlr.exe
  C:\Windows\System\BHSKqlr.exe
  2⤵
  PID:7940
- C:\Windows\System\CuixzNj.exe
  C:\Windows\System\CuixzNj.exe
  2⤵
  PID:8076
- C:\Windows\System\IlcnUxh.exe
  C:\Windows\System\IlcnUxh.exe
  2⤵
  PID:8144
- C:\Windows\System\ophAcJT.exe
  C:\Windows\System\ophAcJT.exe
  2⤵
  PID:8172
- C:\Windows\System\dSyCejn.exe
  C:\Windows\System\dSyCejn.exe
  2⤵
  PID:7316
- C:\Windows\System\vgLyfnL.exe
  C:\Windows\System\vgLyfnL.exe
  2⤵
  PID:7444
- C:\Windows\System\nsUmfXR.exe
  C:\Windows\System\nsUmfXR.exe
  2⤵
  PID:7732
- C:\Windows\System\nyBTKCD.exe
  C:\Windows\System\nyBTKCD.exe
  2⤵
  PID:7916
- C:\Windows\System\AaweBqi.exe
  C:\Windows\System\AaweBqi.exe
  2⤵
  PID:8056
- C:\Windows\System\ThHnDzK.exe
  C:\Windows\System\ThHnDzK.exe
  2⤵
  PID:8140
- C:\Windows\System\PSiuKaV.exe
  C:\Windows\System\PSiuKaV.exe
  2⤵
  PID:7696
- C:\Windows\System\iBEgUqz.exe
  C:\Windows\System\iBEgUqz.exe
  2⤵
  PID:7788
- C:\Windows\System\uDfCFvO.exe
  C:\Windows\System\uDfCFvO.exe
  2⤵
  PID:7640
- C:\Windows\System\vdmYAwO.exe
  C:\Windows\System\vdmYAwO.exe
  2⤵
  PID:7988
- C:\Windows\System\hVJLRES.exe
  C:\Windows\System\hVJLRES.exe
  2⤵
  PID:8212
- C:\Windows\System\vdtzCkM.exe
  C:\Windows\System\vdtzCkM.exe
  2⤵
  PID:8240
- C:\Windows\System\gcOScRa.exe
  C:\Windows\System\gcOScRa.exe
  2⤵
  PID:8256
- C:\Windows\System\tpbrInG.exe
  C:\Windows\System\tpbrInG.exe
  2⤵
  PID:8296
- C:\Windows\System\GtMbdzj.exe
  C:\Windows\System\GtMbdzj.exe
  2⤵
  PID:8324
- C:\Windows\System\VDoVMEm.exe
  C:\Windows\System\VDoVMEm.exe
  2⤵
  PID:8352
- C:\Windows\System\EkHPFSt.exe
  C:\Windows\System\EkHPFSt.exe
  2⤵
  PID:8384
- C:\Windows\System\LukgdcN.exe
  C:\Windows\System\LukgdcN.exe
  2⤵
  PID:8408
- C:\Windows\System\KcQkVej.exe
  C:\Windows\System\KcQkVej.exe
  2⤵
  PID:8436
- C:\Windows\System\gsDhNjs.exe
  C:\Windows\System\gsDhNjs.exe
  2⤵
  PID:8464
- C:\Windows\System\mKmdRKd.exe
  C:\Windows\System\mKmdRKd.exe
  2⤵
  PID:8492
- C:\Windows\System\fbkqXbz.exe
  C:\Windows\System\fbkqXbz.exe
  2⤵
  PID:8508
- C:\Windows\System\qIGhmSw.exe
  C:\Windows\System\qIGhmSw.exe
  2⤵
  PID:8544
- C:\Windows\System\dobvhmn.exe
  C:\Windows\System\dobvhmn.exe
  2⤵
  PID:8568
- C:\Windows\System\kUmUEPx.exe
  C:\Windows\System\kUmUEPx.exe
  2⤵
  PID:8592
- C:\Windows\System\SNnWplG.exe
  C:\Windows\System\SNnWplG.exe
  2⤵
  PID:8632
- C:\Windows\System\gnXcHjy.exe
  C:\Windows\System\gnXcHjy.exe
  2⤵
  PID:8660
- C:\Windows\System\ideeYOJ.exe
  C:\Windows\System\ideeYOJ.exe
  2⤵
  PID:8688
- C:\Windows\System\PQvEINQ.exe
  C:\Windows\System\PQvEINQ.exe
  2⤵
  PID:8720
- C:\Windows\System\rDqXzMd.exe
  C:\Windows\System\rDqXzMd.exe
  2⤵
  PID:8748
- C:\Windows\System\GbaGLvK.exe
  C:\Windows\System\GbaGLvK.exe
  2⤵
  PID:8776
- C:\Windows\System\ORjOwxC.exe
  C:\Windows\System\ORjOwxC.exe
  2⤵
  PID:8804
- C:\Windows\System\ZPcnnpE.exe
  C:\Windows\System\ZPcnnpE.exe
  2⤵
  PID:8832
- C:\Windows\System\RojZaeH.exe
  C:\Windows\System\RojZaeH.exe
  2⤵
  PID:8860
- C:\Windows\System\jDodzVB.exe
  C:\Windows\System\jDodzVB.exe
  2⤵
  PID:8896
- C:\Windows\System\hOSGmEy.exe
  C:\Windows\System\hOSGmEy.exe
  2⤵
  PID:8928
- C:\Windows\System\JpAnZtX.exe
  C:\Windows\System\JpAnZtX.exe
  2⤵
  PID:8956
- C:\Windows\System\HdIFrhg.exe
  C:\Windows\System\HdIFrhg.exe
  2⤵
  PID:8984
- C:\Windows\System\tuCoVgg.exe
  C:\Windows\System\tuCoVgg.exe
  2⤵
  PID:9012
- C:\Windows\System\sCMjhtG.exe
  C:\Windows\System\sCMjhtG.exe
  2⤵
  PID:9040
- C:\Windows\System\DaqbQnP.exe
  C:\Windows\System\DaqbQnP.exe
  2⤵
  PID:9068
- C:\Windows\System\OxGdTGn.exe
  C:\Windows\System\OxGdTGn.exe
  2⤵
  PID:9096
- C:\Windows\System\zPwvmkc.exe
  C:\Windows\System\zPwvmkc.exe
  2⤵
  PID:9124
- C:\Windows\System\xeTWpIx.exe
  C:\Windows\System\xeTWpIx.exe
  2⤵
  PID:9152
- C:\Windows\System\bUiQrOH.exe
  C:\Windows\System\bUiQrOH.exe
  2⤵
  PID:9180
- C:\Windows\System\TlmXTjV.exe
  C:\Windows\System\TlmXTjV.exe
  2⤵
  PID:9208
- C:\Windows\System\AxoEwNf.exe
  C:\Windows\System\AxoEwNf.exe
  2⤵
  PID:8232
- C:\Windows\System\TkNqrOE.exe
  C:\Windows\System\TkNqrOE.exe
  2⤵
  PID:8284
- C:\Windows\System\heNHaIf.exe
  C:\Windows\System\heNHaIf.exe
  2⤵
  PID:8364
- C:\Windows\System\TUfmZpF.exe
  C:\Windows\System\TUfmZpF.exe
  2⤵
  PID:8428
- C:\Windows\System\KWWbUcr.exe
  C:\Windows\System\KWWbUcr.exe
  2⤵
  PID:8488
- C:\Windows\System\nWdbRFr.exe
  C:\Windows\System\nWdbRFr.exe
  2⤵
  PID:8520
- C:\Windows\System\slZYjIZ.exe
  C:\Windows\System\slZYjIZ.exe
  2⤵
  PID:8612
- C:\Windows\System\vDNwevt.exe
  C:\Windows\System\vDNwevt.exe
  2⤵
  PID:8680
- C:\Windows\System\HXaeTNA.exe
  C:\Windows\System\HXaeTNA.exe
  2⤵
  PID:8740
- C:\Windows\System\aaRVcPF.exe
  C:\Windows\System\aaRVcPF.exe
  2⤵
  PID:8800
- C:\Windows\System\nEjZFGh.exe
  C:\Windows\System\nEjZFGh.exe
  2⤵
  PID:8872
- C:\Windows\System\okzDDDZ.exe
  C:\Windows\System\okzDDDZ.exe
  2⤵
  PID:8948
- C:\Windows\System\HitzMZk.exe
  C:\Windows\System\HitzMZk.exe
  2⤵
  PID:9024
- C:\Windows\System\hSKLgVq.exe
  C:\Windows\System\hSKLgVq.exe
  2⤵
  PID:9108
- C:\Windows\System\DmxejGg.exe
  C:\Windows\System\DmxejGg.exe
  2⤵
  PID:9200
- C:\Windows\System\IoMcozb.exe
  C:\Windows\System\IoMcozb.exe
  2⤵
  PID:8280
- C:\Windows\System\OFRcfuy.exe
  C:\Windows\System\OFRcfuy.exe
  2⤵
  PID:8420
- C:\Windows\System\RgJTrmJ.exe
  C:\Windows\System\RgJTrmJ.exe
  2⤵
  PID:8576
- C:\Windows\System\uRRqnGe.exe
  C:\Windows\System\uRRqnGe.exe
  2⤵
  PID:8716
- C:\Windows\System\pgcuCHa.exe
  C:\Windows\System\pgcuCHa.exe
  2⤵
  PID:8856
- C:\Windows\System\mUVxmgq.exe
  C:\Windows\System\mUVxmgq.exe
  2⤵
  PID:9088
- C:\Windows\System\iTfIfLE.exe
  C:\Windows\System\iTfIfLE.exe
  2⤵
  PID:8276
- C:\Windows\System\jfMnmcK.exe
  C:\Windows\System\jfMnmcK.exe
  2⤵
  PID:8644
- C:\Windows\System\GVHBkyx.exe
  C:\Windows\System\GVHBkyx.exe
  2⤵
  PID:9008
- C:\Windows\System\XxLRhFI.exe
  C:\Windows\System\XxLRhFI.exe
  2⤵
  PID:4920
- C:\Windows\System\wKZpPbU.exe
  C:\Windows\System\wKZpPbU.exe
  2⤵
  PID:8980
- C:\Windows\System\QBXGCYY.exe
  C:\Windows\System\QBXGCYY.exe
  2⤵
  PID:9236
- C:\Windows\System\mKGgzQe.exe
  C:\Windows\System\mKGgzQe.exe
  2⤵
  PID:9264
- C:\Windows\System\zLydWac.exe
  C:\Windows\System\zLydWac.exe
  2⤵
  PID:9292
- C:\Windows\System\PoLBLyL.exe
  C:\Windows\System\PoLBLyL.exe
  2⤵
  PID:9312
- C:\Windows\System\nPtPEvJ.exe
  C:\Windows\System\nPtPEvJ.exe
  2⤵
  PID:9336
- C:\Windows\System\qPOjOBy.exe
  C:\Windows\System\qPOjOBy.exe
  2⤵
  PID:9356
- C:\Windows\System\rvqCKDY.exe
  C:\Windows\System\rvqCKDY.exe
  2⤵
  PID:9408
- C:\Windows\System\sMfwbIy.exe
  C:\Windows\System\sMfwbIy.exe
  2⤵
  PID:9436
- C:\Windows\System\VIIFxCQ.exe
  C:\Windows\System\VIIFxCQ.exe
  2⤵
  PID:9452
- C:\Windows\System\rdwpoBN.exe
  C:\Windows\System\rdwpoBN.exe
  2⤵
  PID:9488
- C:\Windows\System\PWgeDxB.exe
  C:\Windows\System\PWgeDxB.exe
  2⤵
  PID:9504
- C:\Windows\System\aTedUWO.exe
  C:\Windows\System\aTedUWO.exe
  2⤵
  PID:9536
- C:\Windows\System\xHpGyYa.exe
  C:\Windows\System\xHpGyYa.exe
  2⤵
  PID:9568
- C:\Windows\System\YmAgANd.exe
  C:\Windows\System\YmAgANd.exe
  2⤵
  PID:9584
- C:\Windows\System\Vruggxb.exe
  C:\Windows\System\Vruggxb.exe
  2⤵
  PID:9612
- C:\Windows\System\GINlVvn.exe
  C:\Windows\System\GINlVvn.exe
  2⤵
  PID:9664
- C:\Windows\System\szEBOMP.exe
  C:\Windows\System\szEBOMP.exe
  2⤵
  PID:9684
- C:\Windows\System\xtSrfwT.exe
  C:\Windows\System\xtSrfwT.exe
  2⤵
  PID:9708
- C:\Windows\System\wMkyNca.exe
  C:\Windows\System\wMkyNca.exe
  2⤵
  PID:9752
- C:\Windows\System\xMGdwkd.exe
  C:\Windows\System\xMGdwkd.exe
  2⤵
  PID:9776
- C:\Windows\System\ZeUlqJY.exe
  C:\Windows\System\ZeUlqJY.exe
  2⤵
  PID:9804
- C:\Windows\System\NSAHcEy.exe
  C:\Windows\System\NSAHcEy.exe
  2⤵
  PID:9832
- C:\Windows\System\xpgvUvt.exe
  C:\Windows\System\xpgvUvt.exe
  2⤵
  PID:9860
- C:\Windows\System\JThzBhP.exe
  C:\Windows\System\JThzBhP.exe
  2⤵
  PID:9888
- C:\Windows\System\cdGMXta.exe
  C:\Windows\System\cdGMXta.exe
  2⤵
  PID:9916
- C:\Windows\System\DGtanCs.exe
  C:\Windows\System\DGtanCs.exe
  2⤵
  PID:9956
- C:\Windows\System\itNEjlv.exe
  C:\Windows\System\itNEjlv.exe
  2⤵
  PID:9972
- C:\Windows\System\JFFkxUO.exe
  C:\Windows\System\JFFkxUO.exe
  2⤵
  PID:10000
- C:\Windows\System\TKgjbPz.exe
  C:\Windows\System\TKgjbPz.exe
  2⤵
  PID:10028
- C:\Windows\System\YomtPQS.exe
  C:\Windows\System\YomtPQS.exe
  2⤵
  PID:10056
- C:\Windows\System\PqWykhb.exe
  C:\Windows\System\PqWykhb.exe
  2⤵
  PID:10084
- C:\Windows\System\lgGcRQI.exe
  C:\Windows\System\lgGcRQI.exe
  2⤵
  PID:10112
- C:\Windows\System\smPHtqZ.exe
  C:\Windows\System\smPHtqZ.exe
  2⤵
  PID:10168
- C:\Windows\System\jWOAyDX.exe
  C:\Windows\System\jWOAyDX.exe
  2⤵
  PID:10224
- C:\Windows\System\wVHPGHK.exe
  C:\Windows\System\wVHPGHK.exe
  2⤵
  PID:8912
- C:\Windows\System\XNDfaPA.exe
  C:\Windows\System\XNDfaPA.exe
  2⤵
  PID:9284
- C:\Windows\System\yJnrpPN.exe
  C:\Windows\System\yJnrpPN.exe
  2⤵
  PID:9348
- C:\Windows\System\UoZrVXe.exe
  C:\Windows\System\UoZrVXe.exe
  2⤵
  PID:9428
- C:\Windows\System\ztTZLpO.exe
  C:\Windows\System\ztTZLpO.exe
  2⤵
  PID:9496
- C:\Windows\System\AYTPFag.exe
  C:\Windows\System\AYTPFag.exe
  2⤵
  PID:9556
- C:\Windows\System\XdhzMAF.exe
  C:\Windows\System\XdhzMAF.exe
  2⤵
  PID:9644
- C:\Windows\System\XyAJqpP.exe
  C:\Windows\System\XyAJqpP.exe
  2⤵
  PID:9700
- C:\Windows\System\mIyErKC.exe
  C:\Windows\System\mIyErKC.exe
  2⤵
  PID:9760
- C:\Windows\System\WvlAeXm.exe
  C:\Windows\System\WvlAeXm.exe
  2⤵
  PID:9824
- C:\Windows\System\OCHAHKW.exe
  C:\Windows\System\OCHAHKW.exe
  2⤵
  PID:9884
- C:\Windows\System\xBnIWNS.exe
  C:\Windows\System\xBnIWNS.exe
  2⤵
  PID:9988
- C:\Windows\System\pvFcFBQ.exe
  C:\Windows\System\pvFcFBQ.exe
  2⤵
  PID:10096
- C:\Windows\System\mMXTdHi.exe
  C:\Windows\System\mMXTdHi.exe
  2⤵
  PID:10216
- C:\Windows\System\HEpKnND.exe
  C:\Windows\System\HEpKnND.exe
  2⤵
  PID:9276
- C:\Windows\System\ugpekAV.exe
  C:\Windows\System\ugpekAV.exe
  2⤵
  PID:9424
- C:\Windows\System\pOxbEHY.exe
  C:\Windows\System\pOxbEHY.exe
  2⤵
  PID:9580
- C:\Windows\System\fllQkXe.exe
  C:\Windows\System\fllQkXe.exe
  2⤵
  PID:9740
- C:\Windows\System\JaDXWOi.exe
  C:\Windows\System\JaDXWOi.exe
  2⤵
  PID:9912
- C:\Windows\System\CYyrfKy.exe
  C:\Windows\System\CYyrfKy.exe
  2⤵
  PID:4620
- C:\Windows\System\xqsqBuz.exe
  C:\Windows\System\xqsqBuz.exe
  2⤵
  PID:9564
- C:\Windows\System\BdYKvXS.exe
  C:\Windows\System\BdYKvXS.exe
  2⤵
  PID:9476
- C:\Windows\System\CTdNBSv.exe
  C:\Windows\System\CTdNBSv.exe
  2⤵
  PID:9880
- C:\Windows\System\oUOcMyI.exe
  C:\Windows\System\oUOcMyI.exe
  2⤵
  PID:9400
- C:\Windows\System\RWXESmt.exe
  C:\Windows\System\RWXESmt.exe
  2⤵
  PID:9260
- C:\Windows\System\SUvakiC.exe
  C:\Windows\System\SUvakiC.exe
  2⤵
  PID:10256
- C:\Windows\System\EBbtfAm.exe
  C:\Windows\System\EBbtfAm.exe
  2⤵
  PID:10284
- C:\Windows\System\xMDDmxv.exe
  C:\Windows\System\xMDDmxv.exe
  2⤵
  PID:10312
- C:\Windows\System\fKaGQzy.exe
  C:\Windows\System\fKaGQzy.exe
  2⤵
  PID:10340
- C:\Windows\System\AFGOjRn.exe
  C:\Windows\System\AFGOjRn.exe
  2⤵
  PID:10368
- C:\Windows\System\gbkKDyn.exe
  C:\Windows\System\gbkKDyn.exe
  2⤵
  PID:10396
- C:\Windows\System\WbJSpuS.exe
  C:\Windows\System\WbJSpuS.exe
  2⤵
  PID:10428
- C:\Windows\System\pcrTFNs.exe
  C:\Windows\System\pcrTFNs.exe
  2⤵
  PID:10460
- C:\Windows\System\bYeJPeB.exe
  C:\Windows\System\bYeJPeB.exe
  2⤵
  PID:10488
- C:\Windows\System\WreSgvV.exe
  C:\Windows\System\WreSgvV.exe
  2⤵
  PID:10516
- C:\Windows\System\HbZTNVc.exe
  C:\Windows\System\HbZTNVc.exe
  2⤵
  PID:10544
- C:\Windows\System\CqeUqiN.exe
  C:\Windows\System\CqeUqiN.exe
  2⤵
  PID:10572
- C:\Windows\System\uIXyQEB.exe
  C:\Windows\System\uIXyQEB.exe
  2⤵
  PID:10600
- C:\Windows\System\JGaChru.exe
  C:\Windows\System\JGaChru.exe
  2⤵
  PID:10628
- C:\Windows\System\Piapydy.exe
  C:\Windows\System\Piapydy.exe
  2⤵
  PID:10656
- C:\Windows\System\WipLjyG.exe
  C:\Windows\System\WipLjyG.exe
  2⤵
  PID:10684
- C:\Windows\System\tOvvTcY.exe
  C:\Windows\System\tOvvTcY.exe
  2⤵
  PID:10712
- C:\Windows\System\qgGtRQv.exe
  C:\Windows\System\qgGtRQv.exe
  2⤵
  PID:10744
- C:\Windows\System\MXYmyXl.exe
  C:\Windows\System\MXYmyXl.exe
  2⤵
  PID:10772
- C:\Windows\System\uibBuST.exe
  C:\Windows\System\uibBuST.exe
  2⤵
  PID:10800
- C:\Windows\System\Jfsjvka.exe
  C:\Windows\System\Jfsjvka.exe
  2⤵
  PID:10832
- C:\Windows\System\LLGaxCC.exe
  C:\Windows\System\LLGaxCC.exe
  2⤵
  PID:10860
- C:\Windows\System\CRndsPw.exe
  C:\Windows\System\CRndsPw.exe
  2⤵
  PID:10888
- C:\Windows\System\UIiwQWp.exe
  C:\Windows\System\UIiwQWp.exe
  2⤵
  PID:10916
- C:\Windows\System\KrMBHQp.exe
  C:\Windows\System\KrMBHQp.exe
  2⤵
  PID:10944
- C:\Windows\System\bofAnoP.exe
  C:\Windows\System\bofAnoP.exe
  2⤵
  PID:10972
- C:\Windows\System\XHiqLWi.exe
  C:\Windows\System\XHiqLWi.exe
  2⤵
  PID:11000
- C:\Windows\System\VUcKfuw.exe
  C:\Windows\System\VUcKfuw.exe
  2⤵
  PID:11028
- C:\Windows\System\mUDzwfu.exe
  C:\Windows\System\mUDzwfu.exe
  2⤵
  PID:11056
- C:\Windows\System\WqvVfFa.exe
  C:\Windows\System\WqvVfFa.exe
  2⤵
  PID:11088
- C:\Windows\System\bckgbUw.exe
  C:\Windows\System\bckgbUw.exe
  2⤵
  PID:11116
- C:\Windows\System\YEOGkxn.exe
  C:\Windows\System\YEOGkxn.exe
  2⤵
  PID:11144
- C:\Windows\System\mxRnsmW.exe
  C:\Windows\System\mxRnsmW.exe
  2⤵
  PID:11172
- C:\Windows\System\KpFtHJb.exe
  C:\Windows\System\KpFtHJb.exe
  2⤵
  PID:11200
- C:\Windows\System\ASQRnvL.exe
  C:\Windows\System\ASQRnvL.exe
  2⤵
  PID:11228
- C:\Windows\System\THUdKsa.exe
  C:\Windows\System\THUdKsa.exe
  2⤵
  PID:11256
- C:\Windows\System\hBDJlgQ.exe
  C:\Windows\System\hBDJlgQ.exe
  2⤵
  PID:10272
- C:\Windows\System\AQszDOS.exe
  C:\Windows\System\AQszDOS.exe
  2⤵
  PID:10332
- C:\Windows\System\GwfpYDr.exe
  C:\Windows\System\GwfpYDr.exe
  2⤵
  PID:10388
- C:\Windows\System\HJDvniJ.exe
  C:\Windows\System\HJDvniJ.exe
  2⤵
  PID:10456
- C:\Windows\System\OaWqeoj.exe
  C:\Windows\System\OaWqeoj.exe
  2⤵
  PID:10532
- C:\Windows\System\eQZqSvu.exe
  C:\Windows\System\eQZqSvu.exe
  2⤵
  PID:10564
- C:\Windows\System\UNVnhZh.exe
  C:\Windows\System\UNVnhZh.exe
  2⤵
  PID:10652
- C:\Windows\System\SegTMSE.exe
  C:\Windows\System\SegTMSE.exe
  2⤵
  PID:10724
- C:\Windows\System\Xfcvcae.exe
  C:\Windows\System\Xfcvcae.exe
  2⤵
  PID:10792
- C:\Windows\System\ljlavSm.exe
  C:\Windows\System\ljlavSm.exe
  2⤵
  PID:10856
- C:\Windows\System\LNLNtQC.exe
  C:\Windows\System\LNLNtQC.exe
  2⤵
  PID:10928
- C:\Windows\System\Zyvmvos.exe
  C:\Windows\System\Zyvmvos.exe
  2⤵
  PID:10992
- C:\Windows\System\BIAuClu.exe
  C:\Windows\System\BIAuClu.exe
  2⤵
  PID:11052
- C:\Windows\System\tEvOOoX.exe
  C:\Windows\System\tEvOOoX.exe
  2⤵
  PID:11132
- C:\Windows\System\LyxPuAt.exe
  C:\Windows\System\LyxPuAt.exe
  2⤵
  PID:10160
- C:\Windows\System\NKewWAD.exe
  C:\Windows\System\NKewWAD.exe
  2⤵
  PID:1260
- C:\Windows\System\pQOBXTW.exe
  C:\Windows\System\pQOBXTW.exe
  2⤵
  PID:5112
- C:\Windows\System\FqHuDlf.exe
  C:\Windows\System\FqHuDlf.exe
  2⤵
  PID:11220
- C:\Windows\System\FROzpEy.exe
  C:\Windows\System\FROzpEy.exe
  2⤵
  PID:10452
- C:\Windows\System\GxcfBlW.exe
  C:\Windows\System\GxcfBlW.exe
  2⤵
  PID:10480
- C:\Windows\System\WBKvHpC.exe
  C:\Windows\System\WBKvHpC.exe
  2⤵
  PID:10900
- C:\Windows\System\ImzWRQL.exe
  C:\Windows\System\ImzWRQL.exe
  2⤵
  PID:10304
- C:\Windows\System\THRiain.exe
  C:\Windows\System\THRiain.exe
  2⤵
  PID:10968
- C:\Windows\System\yvklqkU.exe
  C:\Windows\System\yvklqkU.exe
  2⤵
  PID:9164
- C:\Windows\System\EZcAsZc.exe
  C:\Windows\System\EZcAsZc.exe
  2⤵
  PID:10828
- C:\Windows\System\mDJUNGC.exe
  C:\Windows\System\mDJUNGC.exe
  2⤵
  PID:2140
- C:\Windows\System\kRbbKgT.exe
  C:\Windows\System\kRbbKgT.exe
  2⤵
  PID:2012
- C:\Windows\System\TvwfDxC.exe
  C:\Windows\System\TvwfDxC.exe
  2⤵
  PID:10508
- C:\Windows\System\bmBuMEQ.exe
  C:\Windows\System\bmBuMEQ.exe
  2⤵
  PID:11168
- C:\Windows\System\RoAVTHK.exe
  C:\Windows\System\RoAVTHK.exe
  2⤵
  PID:4508
- C:\Windows\System\WpncGNe.exe
  C:\Windows\System\WpncGNe.exe
  2⤵
  PID:11044
- C:\Windows\System\hTkgSsB.exe
  C:\Windows\System\hTkgSsB.exe
  2⤵
  PID:10620
- C:\Windows\System\AHYnATQ.exe
  C:\Windows\System\AHYnATQ.exe
  2⤵
  PID:11272
- C:\Windows\System\ASGVCIx.exe
  C:\Windows\System\ASGVCIx.exe
  2⤵
  PID:11300
- C:\Windows\System\bJJhbQG.exe
  C:\Windows\System\bJJhbQG.exe
  2⤵
  PID:11328
- C:\Windows\System\qsVxJcD.exe
  C:\Windows\System\qsVxJcD.exe
  2⤵
  PID:11356
- C:\Windows\System\VZrazJE.exe
  C:\Windows\System\VZrazJE.exe
  2⤵
  PID:11384
- C:\Windows\System\LXGrSCY.exe
  C:\Windows\System\LXGrSCY.exe
  2⤵
  PID:11412
- C:\Windows\System\imIvukY.exe
  C:\Windows\System\imIvukY.exe
  2⤵
  PID:11440
- C:\Windows\System\edJrJbl.exe
  C:\Windows\System\edJrJbl.exe
  2⤵
  PID:11468
- C:\Windows\System\nnbAxZa.exe
  C:\Windows\System\nnbAxZa.exe
  2⤵
  PID:11496
- C:\Windows\System\YbIPHUG.exe
  C:\Windows\System\YbIPHUG.exe
  2⤵
  PID:11524
- C:\Windows\System\kvDZLvH.exe
  C:\Windows\System\kvDZLvH.exe
  2⤵
  PID:11552
- C:\Windows\System\BZZtvmw.exe
  C:\Windows\System\BZZtvmw.exe
  2⤵
  PID:11580
- C:\Windows\System\yKnKARi.exe
  C:\Windows\System\yKnKARi.exe
  2⤵
  PID:11608
- C:\Windows\System\nqtqEKI.exe
  C:\Windows\System\nqtqEKI.exe
  2⤵
  PID:11648
- C:\Windows\System\fDwPWzr.exe
  C:\Windows\System\fDwPWzr.exe
  2⤵
  PID:11664
- C:\Windows\System\EfvYmWa.exe
  C:\Windows\System\EfvYmWa.exe
  2⤵
  PID:11692
- C:\Windows\System\YtyBBKf.exe
  C:\Windows\System\YtyBBKf.exe
  2⤵
  PID:11720
- C:\Windows\System\mTQCFwT.exe
  C:\Windows\System\mTQCFwT.exe
  2⤵
  PID:11752
- C:\Windows\System\PPaVsDV.exe
  C:\Windows\System\PPaVsDV.exe
  2⤵
  PID:11780
- C:\Windows\System\LysmIoy.exe
  C:\Windows\System\LysmIoy.exe
  2⤵
  PID:11820
- C:\Windows\System\AbMPays.exe
  C:\Windows\System\AbMPays.exe
  2⤵
  PID:11860
- C:\Windows\System\LODsYhX.exe
  C:\Windows\System\LODsYhX.exe
  2⤵
  PID:11908
- C:\Windows\System\zIJELMA.exe
  C:\Windows\System\zIJELMA.exe
  2⤵
  PID:11936
- C:\Windows\System\ybyXWAb.exe
  C:\Windows\System\ybyXWAb.exe
  2⤵
  PID:11972
- C:\Windows\System\TzJHYxj.exe
  C:\Windows\System\TzJHYxj.exe
  2⤵
  PID:12004
- C:\Windows\System\TtRedGk.exe
  C:\Windows\System\TtRedGk.exe
  2⤵
  PID:12020
- C:\Windows\System\EHaJBFd.exe
  C:\Windows\System\EHaJBFd.exe
  2⤵
  PID:12064
- C:\Windows\System\ZjMNpmx.exe
  C:\Windows\System\ZjMNpmx.exe
  2⤵
  PID:12092
- C:\Windows\System\Htkzdze.exe
  C:\Windows\System\Htkzdze.exe
  2⤵
  PID:12112
- C:\Windows\System\JQZgGpj.exe
  C:\Windows\System\JQZgGpj.exe
  2⤵
  PID:12128
- C:\Windows\System\HPyItPZ.exe
  C:\Windows\System\HPyItPZ.exe
  2⤵
  PID:12156
- C:\Windows\System\rktWEGk.exe
  C:\Windows\System\rktWEGk.exe
  2⤵
  PID:12184
- C:\Windows\System\RgxpHAb.exe
  C:\Windows\System\RgxpHAb.exe
  2⤵
  PID:12240
- C:\Windows\System\PxxeXrl.exe
  C:\Windows\System\PxxeXrl.exe
  2⤵
  PID:12260
- C:\Windows\System\BfnbpJP.exe
  C:\Windows\System\BfnbpJP.exe
  2⤵
  PID:12280
- C:\Windows\System\esWmdBm.exe
  C:\Windows\System\esWmdBm.exe
  2⤵
  PID:11284
- C:\Windows\System\eLCytgR.exe
  C:\Windows\System\eLCytgR.exe
  2⤵
  PID:11352
- C:\Windows\System\EGhcWNQ.exe
  C:\Windows\System\EGhcWNQ.exe
  2⤵
  PID:11488
- C:\Windows\System\HFcGXTC.exe
  C:\Windows\System\HFcGXTC.exe
  2⤵
  PID:11520
- C:\Windows\System\aEcPFzv.exe
  C:\Windows\System\aEcPFzv.exe
  2⤵
  PID:11572
- C:\Windows\System\xFyXknt.exe
  C:\Windows\System\xFyXknt.exe
  2⤵
  PID:11656
- C:\Windows\System\SfUlMzx.exe
  C:\Windows\System\SfUlMzx.exe
  2⤵
  PID:11716
- C:\Windows\System\SsFusKN.exe
  C:\Windows\System\SsFusKN.exe
  2⤵
  PID:11800
- C:\Windows\System\jujLQLT.exe
  C:\Windows\System\jujLQLT.exe
  2⤵
  PID:11888
- C:\Windows\System\HboaRoH.exe
  C:\Windows\System\HboaRoH.exe
  2⤵
  PID:11968
- C:\Windows\System\RmtxkTg.exe
  C:\Windows\System\RmtxkTg.exe
  2⤵
  PID:12040
- C:\Windows\System\cJTqxbX.exe
  C:\Windows\System\cJTqxbX.exe
  2⤵
  PID:12108
- C:\Windows\System\dLlpeuD.exe
  C:\Windows\System\dLlpeuD.exe
  2⤵
  PID:12200
- C:\Windows\System\rjZPizc.exe
  C:\Windows\System\rjZPizc.exe
  2⤵
  PID:12256
- C:\Windows\System\DTZarqS.exe
  C:\Windows\System\DTZarqS.exe
  2⤵
  PID:10048
- C:\Windows\System\JzUiFCf.exe
  C:\Windows\System\JzUiFCf.exe
  2⤵
  PID:10020
- C:\Windows\System\iXgGQMq.exe
  C:\Windows\System\iXgGQMq.exe
  2⤵
  PID:11424
- C:\Windows\System\PNJQgoV.exe
  C:\Windows\System\PNJQgoV.exe
  2⤵
  PID:11544
- C:\Windows\System\pDhLLBN.exe
  C:\Windows\System\pDhLLBN.exe
  2⤵
  PID:11680
- C:\Windows\System\ztzASix.exe
  C:\Windows\System\ztzASix.exe
  2⤵
  PID:11856
- C:\Windows\System\LpQPXWh.exe
  C:\Windows\System\LpQPXWh.exe
  2⤵
  PID:12124
- C:\Windows\System\XLAVXjM.exe
  C:\Windows\System\XLAVXjM.exe
  2⤵
  PID:12216
- C:\Windows\System\AKxPhng.exe
  C:\Windows\System\AKxPhng.exe
  2⤵
  PID:11324
- C:\Windows\System\xjGsKoe.exe
  C:\Windows\System\xjGsKoe.exe
  2⤵
  PID:2520
- C:\Windows\System\cXSVeot.exe
  C:\Windows\System\cXSVeot.exe
  2⤵
  PID:12084
- C:\Windows\System\CddnfoS.exe
  C:\Windows\System\CddnfoS.exe
  2⤵
  PID:12276
- C:\Windows\System\rLPbWwm.exe
  C:\Windows\System\rLPbWwm.exe
  2⤵
  PID:12268
- C:\Windows\System\XkHRGmg.exe
  C:\Windows\System\XkHRGmg.exe
  2⤵
  PID:11944
- C:\Windows\System\wczgnzU.exe
  C:\Windows\System\wczgnzU.exe
  2⤵
  PID:4808
- C:\Windows\System\nUasOZM.exe
  C:\Windows\System\nUasOZM.exe
  2⤵
  PID:740
- C:\Windows\System\yFvkKDx.exe
  C:\Windows\System\yFvkKDx.exe
  2⤵
  PID:12316
- C:\Windows\System\lwwOvDa.exe
  C:\Windows\System\lwwOvDa.exe
  2⤵
  PID:12344
- C:\Windows\System\WGHeqsH.exe
  C:\Windows\System\WGHeqsH.exe
  2⤵
  PID:12360
- C:\Windows\System\ruDRdXn.exe
  C:\Windows\System\ruDRdXn.exe
  2⤵
  PID:12376
- C:\Windows\System\ZMnlIok.exe
  C:\Windows\System\ZMnlIok.exe
  2⤵
  PID:12416
- C:\Windows\System\djYOABv.exe
  C:\Windows\System\djYOABv.exe
  2⤵
  PID:12448
- C:\Windows\System\SBxYQnC.exe
  C:\Windows\System\SBxYQnC.exe
  2⤵
  PID:12476
- C:\Windows\System\zwrOoiB.exe
  C:\Windows\System\zwrOoiB.exe
  2⤵
  PID:12520
- C:\Windows\System\mjezGvY.exe
  C:\Windows\System\mjezGvY.exe
  2⤵
  PID:12548
- C:\Windows\System\HFZUncI.exe
  C:\Windows\System\HFZUncI.exe
  2⤵
  PID:12564
- C:\Windows\System\byphhcZ.exe
  C:\Windows\System\byphhcZ.exe
  2⤵
  PID:12604
- C:\Windows\System\zHsbhIY.exe
  C:\Windows\System\zHsbhIY.exe
  2⤵
  PID:12628
- C:\Windows\System\CQfYODl.exe
  C:\Windows\System\CQfYODl.exe
  2⤵
  PID:12660
- C:\Windows\System\tRMwGWk.exe
  C:\Windows\System\tRMwGWk.exe
  2⤵
  PID:12688
- C:\Windows\System\UbxAmBe.exe
  C:\Windows\System\UbxAmBe.exe
  2⤵
  PID:12716
- C:\Windows\System\KlhexJW.exe
  C:\Windows\System\KlhexJW.exe
  2⤵
  PID:12732
- C:\Windows\System\jZGqWXH.exe
  C:\Windows\System\jZGqWXH.exe
  2⤵
  PID:12772
- C:\Windows\System\exbuMDi.exe
  C:\Windows\System\exbuMDi.exe
  2⤵
  PID:12800
- C:\Windows\System\cDtfdnh.exe
  C:\Windows\System\cDtfdnh.exe
  2⤵
  PID:12828
- C:\Windows\System\ffeCrfI.exe
  C:\Windows\System\ffeCrfI.exe
  2⤵
  PID:12856
- C:\Windows\System\xduRrCn.exe
  C:\Windows\System\xduRrCn.exe
  2⤵
  PID:12884
- C:\Windows\System\vPXSsWg.exe
  C:\Windows\System\vPXSsWg.exe
  2⤵
  PID:12912
- C:\Windows\System\kDqBode.exe
  C:\Windows\System\kDqBode.exe
  2⤵
  PID:12940
- C:\Windows\System\LFrTBUH.exe
  C:\Windows\System\LFrTBUH.exe
  2⤵
  PID:12968
- C:\Windows\System\XQnXILl.exe
  C:\Windows\System\XQnXILl.exe
  2⤵
  PID:12996
- C:\Windows\System\GHyqLEG.exe
  C:\Windows\System\GHyqLEG.exe
  2⤵
  PID:13024
- C:\Windows\System\iwRWQbB.exe
  C:\Windows\System\iwRWQbB.exe
  2⤵
  PID:13052
- C:\Windows\System\euhSeDq.exe
  C:\Windows\System\euhSeDq.exe
  2⤵
  PID:13080
- C:\Windows\System\aXzwZkP.exe
  C:\Windows\System\aXzwZkP.exe
  2⤵
  PID:13108
- C:\Windows\System\tyNTQsu.exe
  C:\Windows\System\tyNTQsu.exe
  2⤵
  PID:13136
- C:\Windows\System\JiDNALH.exe
  C:\Windows\System\JiDNALH.exe
  2⤵
  PID:13164
- C:\Windows\System\bajeONz.exe
  C:\Windows\System\bajeONz.exe
  2⤵
  PID:13192
- C:\Windows\System\BRyMvcC.exe
  C:\Windows\System\BRyMvcC.exe
  2⤵
  PID:13220
- C:\Windows\System\SOxftij.exe
  C:\Windows\System\SOxftij.exe
  2⤵
  PID:13248
- C:\Windows\System\vumlVWO.exe
  C:\Windows\System\vumlVWO.exe
  2⤵
  PID:13276
- C:\Windows\System\UgpTjLg.exe
  C:\Windows\System\UgpTjLg.exe
  2⤵
  PID:13304
- C:\Windows\System\yOknpeO.exe
  C:\Windows\System\yOknpeO.exe
  2⤵
  PID:12332
- C:\Windows\System\pozZhyO.exe
  C:\Windows\System\pozZhyO.exe
  2⤵
  PID:12368
- C:\Windows\System\biJZJGj.exe
  C:\Windows\System\biJZJGj.exe
  2⤵
  PID:12468
- C:\Windows\System\ficexNP.exe
  C:\Windows\System\ficexNP.exe
  2⤵
  PID:12544
- C:\Windows\System\aucjhym.exe
  C:\Windows\System\aucjhym.exe
  2⤵
  PID:12588
- C:\Windows\System\BIEGmOo.exe
  C:\Windows\System\BIEGmOo.exe
  2⤵
  PID:6092
- C:\Windows\System\Algoybh.exe
  C:\Windows\System\Algoybh.exe
  2⤵
  PID:12648
- C:\Windows\System\xKjIQDj.exe
  C:\Windows\System\xKjIQDj.exe
  2⤵
  PID:12392
- C:\Windows\System\ywumhqN.exe
  C:\Windows\System\ywumhqN.exe
  2⤵
  PID:4340
- C:\Windows\System\kvJJMXC.exe
  C:\Windows\System\kvJJMXC.exe
  2⤵
  PID:12768
- C:\Windows\System\DEmIyiP.exe
  C:\Windows\System\DEmIyiP.exe
  2⤵
  PID:12840
- C:\Windows\System\AoTEKsA.exe
  C:\Windows\System\AoTEKsA.exe
  2⤵
  PID:12904
- C:\Windows\System\EqPeRja.exe
  C:\Windows\System\EqPeRja.exe
  2⤵
  PID:12964
- C:\Windows\System\elcCwrV.exe
  C:\Windows\System\elcCwrV.exe
  2⤵
  PID:13036
- C:\Windows\System\JLMZnbs.exe
  C:\Windows\System\JLMZnbs.exe
  2⤵
  PID:13128
- C:\Windows\System\QqOaBnp.exe
  C:\Windows\System\QqOaBnp.exe
  2⤵
  PID:13156
- C:\Windows\System\nJxGwUT.exe
  C:\Windows\System\nJxGwUT.exe
  2⤵
  PID:13216
- C:\Windows\System\OlxKwLS.exe
  C:\Windows\System\OlxKwLS.exe
  2⤵
  PID:13288
- C:\Windows\System\SfpuKdO.exe
  C:\Windows\System\SfpuKdO.exe
  2⤵
  PID:12400
- C:\Windows\System\EYgjqCv.exe
  C:\Windows\System\EYgjqCv.exe
  2⤵
  PID:12540
- C:\Windows\System\ivRpjdj.exe
  C:\Windows\System\ivRpjdj.exe
  2⤵
  PID:12636
- C:\Windows\System\ExHnyfp.exe
  C:\Windows\System\ExHnyfp.exe
  2⤵
  PID:5160
- C:\Windows\System\UBrmBIm.exe
  C:\Windows\System\UBrmBIm.exe
  2⤵
  PID:12824
- C:\Windows\System\BUbOBzR.exe
  C:\Windows\System\BUbOBzR.exe
  2⤵
  PID:12960
- C:\Windows\System\jTUTgIK.exe
  C:\Windows\System\jTUTgIK.exe
  2⤵
  PID:13132
- C:\Windows\System\nmpUEOb.exe
  C:\Windows\System\nmpUEOb.exe
  2⤵
  PID:12580
- C:\Windows\System\EXQxqTI.exe
  C:\Windows\System\EXQxqTI.exe
  2⤵
  PID:12756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nm1vfjvw.o1c.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ADpOaEs.exe

Filesize
2.9MB

MD5
9e7536c4f22bf179543207d445376a28

SHA1
896046e195605b2cdfec73f3cbec10a9056f0e42

SHA256
ef5b89c32ac747730a6db1df71a115ec7fa18fa0248b120da05757f324e36b63

SHA512
b67022c864c48780622721388b3a567e80a5c2e9189d1246597130748f297c438c4a1ca6515f72c3b491f0a724c1abd5a8cf5f98c0b861fa65d0dd481f6e6beb

Download Submit
C:\Windows\System\AJYdfGI.exe

Filesize
2.9MB

MD5
22ac34ab8c80db5b12a67013c4d79d27

SHA1
acce645a2c790511c939d1dcb77d2aa52ee98826

SHA256
e7835a6a593de27c51c0490932ffd384990841d39b78c32f0a31f0f9b2b7d692

SHA512
1ef93fff39499d769c335fd026790e1ebd611166bf5ee6c6104bbfaec50ec800e6b3bdc98fec89f4c808ba03fb951331c7ee3b435fe9cb294f3690755e6f3787

Download Submit
C:\Windows\System\CrueNeA.exe

Filesize
2.9MB

MD5
500898e94e5ddbceef7c137992e6256a

SHA1
b6aa03b351d2391a5914eaa0e424f2dec3b7bd3f

SHA256
12732bfa035fd419792488f0296f8339f70720a6e7f023dbbf6dfa096bbb999f

SHA512
e2674aa00241eab4fa88dfc935913a598b61652954ad82231ead04a0f209d24e31a6aa9d7ed0aca1097de2111a6b1fc875229fa88d54ffdc8e0b9a6f01963783

Download Submit
C:\Windows\System\ERyXGHJ.exe

Filesize
2.9MB

MD5
610bc3cd621537799c475d8a51c11e3e

SHA1
136472d34a57c470b5af3f1af32230a474410fa5

SHA256
4b4f78ee096d386a2fcd93a38a5310db58209ad967466e4934df0e7701fba1b8

SHA512
23512c767e20e6695351d48b7007039947238914cfffcbb66029959a821a0c126a777a41054d014b60060c81c596b7c9edd16cc28fbb715294b1d867bd5ba839

Download Submit
C:\Windows\System\EzhLKqV.exe

Filesize
2.9MB

MD5
9148d3b2828f7c41de8472f9c2c53ad2

SHA1
2a49893e44955df7eab480e197a8e33957a57b47

SHA256
76a438ca32973ddd4b88eb7de3521a092b83242814e20f0b0542c2d6d59c095a

SHA512
4081587b00753a6ddc81ce6dea10ed669c400af546923caca3b230866569729d2abd6be4caba3290accfdf4be9d6864020248159ae3989fadd15071b48ec2265

Download Submit
C:\Windows\System\GcjqacK.exe

Filesize
2.9MB

MD5
45c79bbfc9d925806f781368cfc2fd87

SHA1
e29a7f947324422e2e04f4a6a5d41ccbe545dc60

SHA256
759450525cb46bdfc7a359d9809fa8516ee37d0d732e0c37d185ebe054e9759d

SHA512
af185c737f90c8f345aefdeb25b1fb264262b8bfe136c4f1473f58a826d0fe39f83804c55dcb97176af04f97d66cd98293604335b164fe66666d6a0b6abb1b88

Download Submit
C:\Windows\System\HtDpIIS.exe

Filesize
2.9MB

MD5
6d89695931f7a7243980d3dd464933ac

SHA1
089fb5fa6b3eed9370eeed25a8437b20abb58961

SHA256
cd34d2116dd00e413dafd2cf369c15d6f9056866b1893f319904e8c87533c479

SHA512
5270dbaf151b909fa5ba70227555fd79b87457150634be31b6b78efb6cb5f34c988da92e554b4e8e389a901082c01ce29fb151c0e4d479daec43f31106c779b5

Download Submit
C:\Windows\System\HvhMSPQ.exe

Filesize
2.9MB

MD5
16dad5f41717d6a1563fea6a9749d105

SHA1
7b9684f38f604e2ea2d45a12f429a7ee36e7b6fb

SHA256
3fea2bd2437fae66dbee82d29b51181f9bbca7945c2976c90db94c3c657efdba

SHA512
41a696da9d6dcce294eaf211f1327b434e1d007b5feadbf659071c36fc89f8fd00ea650684ce735520947a7d4c6202f996d80f6752e84c8b9d65f5abdd716f28

Download Submit
C:\Windows\System\IFBcnbH.exe

Filesize
2.9MB

MD5
a21e8e0eab49487d6a22be8bef862e1f

SHA1
c25ba9cbee9df45103cdd56641cbff636e7d7109

SHA256
f29034f26d3a8ee896cb8c48a57b7e499da5084acde494ce1276530802050057

SHA512
5e2dbe9c91df87efd4cfce022330eb32197c25e284530d9f42fbad927fcba11a4623c7df53c49d841fa59e98ef65ed59c06a5197618f20380ab46d6f21224dc0

Download Submit
C:\Windows\System\ISrYrcw.exe

Filesize
2.9MB

MD5
740cc79cc273640704e25b3507da0330

SHA1
555210fa1085a0aeee3edf3a2d93f4029b824a09

SHA256
79abf354b0f1e9308ded6630c27c3f7d4993689bae6c0c23f5f9ddb5c43e7d06

SHA512
a0e61b28bedf09ec53ddd5824f1e6cd6d4beae87dfb9dcb14df2da1ed4ff970d7b01e4ffbac3a084ae3e1af75525c8921913d9c76d197edf8f555813d0621282

Download Submit
C:\Windows\System\LiYpaWJ.exe

Filesize
2.9MB

MD5
4e90d2647093f15d9ce105643ac5013c

SHA1
a79527be1e47c898285b8558435c3a87442c9f93

SHA256
5906324c311cbbab7c93789fda50d3f60f067e92c145a38517f8014a692e576d

SHA512
db12366baaad1a63e1daddcbbf37e86360ba61991a712eeabde609aa96578430d84befdecc3b75eb5e2b28054330585a4ea35c39ab13e141dfbe1cd8187b338c

Download Submit
C:\Windows\System\Nywhcpg.exe

Filesize
2.9MB

MD5
1b777afa9e11a131061203744d0e71ae

SHA1
e2423f1e3620c8daed29fcdfe2b82f179b800805

SHA256
1382f8432fa78dbadffb98f0bf980d03e1ade56d56e5373b1b8cbc8d9b66b145

SHA512
193ab8fa4eaa32d06f5547a973bb008f325d75e0e6dd21c5c8922f473dd1d9c95030603336d3d86e40b2860ed643cb7e935ee5a710d2d053b5e5495cb574f378

Download Submit
C:\Windows\System\TiApRnv.exe

Filesize
2.9MB

MD5
fb669028bfcec293faf658be6960d371

SHA1
5ba963f733c35fc95c580933cc16a84c3e7eea69

SHA256
4c06b23b20be791af680c3f3021eadb3df8ffd0c03a5efcbd8517d3e9547c5d1

SHA512
95e89f15ffb8148ccd590bceb3948546cdf6b644646c07798963c1ec224c500ec751daf87cc18759a585197bd6094c0d885092b0451fd7267ef25e743800b510

Download Submit
C:\Windows\System\WQfzAzs.exe

Filesize
2.9MB

MD5
b9d9b71fc9584579ce1c950423d0d146

SHA1
77e8fff87e789b7a36872219b89acceb875051b2

SHA256
90bdbd65e3cfac75b374467bd6dd646548b6f8c372fd7c5351eefca60735bf6a

SHA512
b3c97b7101065c080ab4503ac1205a5691e924773a4904b1c25dba329d2382c7ffceeb02c8fd1f200408bb42c12bd646873a4809ef04944257a7d469fbfd1483

Download Submit
C:\Windows\System\XksmQlo.exe

Filesize
2.9MB

MD5
ba51eb055b9591187b2338367259d0b6

SHA1
dd3e0377112250d0c908e0bbc5efe85f006af2ab

SHA256
50e1900e07b399892e451cff50b6025356e2b17905d0bdca8203bc2423068e90

SHA512
d19ccab64976d4ecae2cb6b3385a197b31c0429c8f00ae0e5ba39fe0f984f327715278b6ec354d556848f4ca9b56141d79c61b30478ebb118db6a3902d15c97b

Download Submit
C:\Windows\System\acfJHaQ.exe

Filesize
2.9MB

MD5
fd6b41d791bd753cdfdad2b69743d6f8

SHA1
6d9385dd72add5a1cec5b606631b518d45203139

SHA256
a039cf2a5eae159d33b032454df17e553cebb57af2ef2bb912fa69c9ae164fc5

SHA512
483465e1a172ed29b95b0d41a45c49683d2ae3a71fa0866ce93bb4328a059f6e43e69efa6316396ab34423e4ab3fbc3fed5eb4e97632e556d55c6b2497c08877

Download Submit
C:\Windows\System\akeCSsR.exe

Filesize
2.9MB

MD5
46568d0496a2bf6963f26a5f5d5bae06

SHA1
d46476717816df9f7b89c1d26bd1195bfd10851c

SHA256
66d0013774495dce5017d376b005ed3790576e251a5bd71170845138891174cc

SHA512
d5c35098c873a7f3b4de908ac1cfd20bdad257ec89c5763c8e3f2de6493c026862a16591ab8f1d43f4aaf66a665d079a06248db33e236d70bb202310b3feb441

Download Submit
C:\Windows\System\bDzWBeJ.exe

Filesize
2.9MB

MD5
35f285a52385312bc2cc8aa2887f4980

SHA1
fa87dc9aa3585d0692364c97b16b7f7e419122f4

SHA256
60300af5c007520f3656b90215d79d911f2b2171b3641d019987222871da90fc

SHA512
1853731c6b861e1fc131486db0f3a65a9d3ffdaba72814ffbcf9f6938948e6cefb6198e52025542cc585d6ca4ea042b3f6255467ff82d4a7f2df689951c98088

Download Submit
C:\Windows\System\bdKVvxA.exe

Filesize
2.9MB

MD5
6a36fc52c1f0af8855c67fbf6de9a001

SHA1
34a1d268f3fd7df86250922316f8d74e99fd9754

SHA256
ed366b5c2baf5d808f01c6ff5fe9502fe2bfb4ca075075d36994491dbb96bb28

SHA512
8f19ff476e59ab206c3e62b9b4b360d175d4f173781691368b5a75490c09a54cb9f69c0bd70950e0a6802da6e0005d7091647a5b1f4faca79cc007bb9dd0ec18

Download Submit
C:\Windows\System\dKEMjQD.exe

Filesize
2.9MB

MD5
6f2e948f618dfa67598410fae96ff92c

SHA1
7fcf3111b6926920ebf4cee597ff297d514ebecc

SHA256
80f4818721907091004d5c13bff989ef33c0ef3b246762da8c56659da023f44b

SHA512
f64d7f8794c5c5ec78946d83f643ac584947434a0bdd1c4883569eacd1a9e96eb655f2e8313045627641ea4b242591632e048d87de7ae9df599bc7f6caba689b

Download Submit
C:\Windows\System\eEdePnJ.exe

Filesize
2.9MB

MD5
423e011f327f068267e55d28f412f19e

SHA1
74dbb19eb03f57230a3ef8e51b0be1adafe5855c

SHA256
9ed5cd0ad90ddba1ec85e7fa5703abf4a58c991e5b4da1286711ef7d9d3dd2af

SHA512
cf281fa410379ac34fa86da96fb511a0575552b44344c046a6b0de1560c2a329cbf3433d715dfa0d94fea187a91c826a66c924cd542f1c1a74c391b29f094ca9

Download Submit
C:\Windows\System\foScPvk.exe

Filesize
2.9MB

MD5
5e846467701b057b649a45692727154a

SHA1
72d353b2f6eff280ebc2031b3fa767f0ef244465

SHA256
2572eb15d50ed5bd8c8420b267619aa4ecb9eac306fd17e6291d2bb23c36df15

SHA512
76e90d94160929ad16176b99de64a39488266bf79ed37f1c38674e6706c48253ab4fa832aba985aa41c7f380d22cd2ba4ac5c3e00d4b225d90405a49f9adeb55

Download Submit
C:\Windows\System\fyQFsVW.exe

Filesize
2.9MB

MD5
114a8a1099f372c996b922c7a788a551

SHA1
2418cff0470d57dbdfc95818e75352cbc47caa2d

SHA256
c1a60fbb0b33bbc22bc7188a9b3c63002df1bf61aa90346b140b43223caf5256

SHA512
91dac1d2a52ec96f3872bd7099ff6cfc45448d62699363979f4af260c12aa0ab572150e7e6b71823a98cb6fae63433a9cfd88e750ad6b79c1e0b3168d403aecf

Download Submit
C:\Windows\System\ifTpesK.exe

Filesize
2.9MB

MD5
2b11d03b2ed4a908ee9a81c9dc6ba2ed

SHA1
94bff164ec1bd32b76a3d7184c3cedcc1414a462

SHA256
8dd905e0b130829f05a0c90e7de32474c4448f5e16be9c1dc1a99f6e5a574d1c

SHA512
294f93b9b4d114176ddedd5a98b5e4850064ad19d76b1ba24fbb3738c14d9d5d8fe04045b77b42d25fb92cb30cdeca2bde467f970e5cb6d00cade25af877300f

Download Submit
C:\Windows\System\kMtTJxE.exe

Filesize
2.9MB

MD5
1e15240fb99ae60da7c0cc34768d4499

SHA1
60ca958c6423054d06fe378d35522cf75a0fc40a

SHA256
49a2718fe5ccdd1ec5687354cbeb1cf406ce476a279258c526958d830d49ca8d

SHA512
ce4311571ee61362ce45d5406c3c4e216d0b06d785719f60d8aeb939db16dd697dd7bb1747c24c71feec4d92b19f56778eb8621078b15112a20ac4b1143a5031

Download Submit
C:\Windows\System\pNSXoYH.exe

Filesize
2.9MB

MD5
847e6d7da850f63b990aebc59cacf1c3

SHA1
1bc7828cdbca52274f6d4278c686064468abdf66

SHA256
9867adc3a3a58e60266d22c2b80ce77b32ec5bf98e088a635241e45098a7c666

SHA512
038f65c9df92c3258560721a67b0f8437a7657885569ffda298c9d8bc45d6e5c2b00d79d98fd014f3f8265c2de410ef0c738eccf0ac9a688c4f6617e1ff14423

Download Submit
C:\Windows\System\pWEmCuC.exe

Filesize
2.9MB

MD5
1a3d2b391a40b77844188e85a99ac1f4

SHA1
47f81c8cd346ed625fed3971a7ccc34d535e2d21

SHA256
bbcfe47e2b67ee1957c169860295889a06fcb0e1242d011c23faf0b8b2c3596b

SHA512
cdcd7134e1a056e0c82c0b24e3638d9221f78205840e4cc2d32c6b58314992a4404202ad2cb4845a9a793ab47a3f0b7ff94dbefff48e9a018874342f028093a5

Download Submit
C:\Windows\System\tJHjcIQ.exe

Filesize
2.9MB

MD5
b206f74bc91bc6eac7f80dd814b023ff

SHA1
a9f0d72fbe02b36c4d4a4c40b95d09e8da777712

SHA256
d517627d257b596873bdc293a7af1b14b82ff6dad1df5f81916d448e077cb48d

SHA512
40816ba9f5e336c066705dc5f6cd9244601d212e777420cd67d9e26806d58b25d5c5bf5dba280cb37e5c4feb2a32d85f5511df538627f8e7f937c82f98b00efe

Download Submit
C:\Windows\System\uOfEWNJ.exe

Filesize
2.9MB

MD5
79137174afea027a0d06792b5242059d

SHA1
8a4d02c91f40d88ebf8de139b8327e599c3617c9

SHA256
d98845333fe4de4b263439c46662b2689cde217e0ada9fd255be8ded57f4c825

SHA512
7c6b7cf4b33798fe27812f1bd2a4ce7277731201d526a994ac4133a39a71e30495dad8e13fd6f9d50e4758fafa0356314b798fe638df30338f67a82790b74c57

Download Submit
C:\Windows\System\uxxZPjZ.exe

Filesize
2.9MB

MD5
f4fe435d96678e5bcfadaa6a7524c63e

SHA1
2a8e53a4617770c4b51727978691faeb0a56bb65

SHA256
6a8ab013b231675cd757c520ca76dc4be358ee790882674430c2282811e8a1d7

SHA512
040f5b2fd199bc7263eb7d60a0282aa9eb4f55f902570a1f8638a05fb8f978b3b8bb38872ad71415ff2ca6a41549d7660eba5de2c0d7d783aadecb862370ec0f

Download Submit
C:\Windows\System\vTYLBGq.exe

Filesize
2.9MB

MD5
705642df99fac488d7542dd3f69e93d3

SHA1
aa5efe38ca77ae8f736c12cb8554a3002cc37b40

SHA256
80c8fef6346916009905e9104067675d4fa42bd73fcf190355d0d08d99c635e0

SHA512
8f7ce450032ad5b1561f735cc32151ba44507b60b9415b0e358715a72934bd3b2d868187087012f07fb103e184956f41e6ec6c08211b63e96731e4cac21d4384

Download Submit
C:\Windows\System\yASWRrg.exe

Filesize
2.9MB

MD5
027a326aeb4fd0aa2cba6ac66faac625

SHA1
64a28a7de41454a702cda184d00116306583d21f

SHA256
b9dcf96c926265664fd25f41443447dea1985594363a627163967b1319f862c5

SHA512
a2a7af115628fcb28e4d3e000e6e972b0b81927c1c90eef3ebb9c3cf61068ecdf797ce3a89463a97a4b5dc6e92111a55b11bb721bcf719b7b9e875a75fed15bc

Download Submit
memory/460-2315-0x00007FF7D8B20000-0x00007FF7D8F16000-memory.dmp

Filesize
4.0MB

Download
memory/460-137-0x00007FF7D8B20000-0x00007FF7D8F16000-memory.dmp

Filesize
4.0MB

Download
memory/548-68-0x00007FF656B90000-0x00007FF656F86000-memory.dmp

Filesize
4.0MB

Download
memory/548-2303-0x00007FF656B90000-0x00007FF656F86000-memory.dmp

Filesize
4.0MB

Download
memory/804-2319-0x00007FF65F140000-0x00007FF65F536000-memory.dmp

Filesize
4.0MB

Download
memory/804-136-0x00007FF65F140000-0x00007FF65F536000-memory.dmp

Filesize
4.0MB

Download
memory/804-2296-0x00007FF65F140000-0x00007FF65F536000-memory.dmp

Filesize
4.0MB

Download
memory/1180-2305-0x00007FF6ECD30000-0x00007FF6ED126000-memory.dmp

Filesize
4.0MB

Download
memory/1180-138-0x00007FF6ECD30000-0x00007FF6ED126000-memory.dmp

Filesize
4.0MB

Download
memory/1180-2320-0x00007FF6ECD30000-0x00007FF6ED126000-memory.dmp

Filesize
4.0MB

Download
memory/1400-2299-0x00007FF72EDB0000-0x00007FF72F1A6000-memory.dmp

Filesize
4.0MB

Download
memory/1400-48-0x00007FF72EDB0000-0x00007FF72F1A6000-memory.dmp

Filesize
4.0MB

Download
memory/1544-135-0x00007FF7A5890000-0x00007FF7A5C86000-memory.dmp

Filesize
4.0MB

Download
memory/1544-2318-0x00007FF7A5890000-0x00007FF7A5C86000-memory.dmp

Filesize
4.0MB

Download
memory/1544-2295-0x00007FF7A5890000-0x00007FF7A5C86000-memory.dmp

Filesize
4.0MB

Download
memory/1624-1039-0x00007FF6372F0000-0x00007FF6376E6000-memory.dmp

Filesize
4.0MB

Download
memory/1624-1-0x00000243FAA90000-0x00000243FAAA0000-memory.dmp

Filesize
64KB

Download
memory/1624-0-0x00007FF6372F0000-0x00007FF6376E6000-memory.dmp

Filesize
4.0MB

Download
memory/1660-2317-0x00007FF73E8B0000-0x00007FF73ECA6000-memory.dmp

Filesize
4.0MB

Download
memory/1660-130-0x00007FF73E8B0000-0x00007FF73ECA6000-memory.dmp

Filesize
4.0MB

Download
memory/1696-2313-0x00007FF645E70000-0x00007FF646266000-memory.dmp

Filesize
4.0MB

Download
memory/1696-112-0x00007FF645E70000-0x00007FF646266000-memory.dmp

Filesize
4.0MB

Download
memory/1712-2314-0x00007FF650300000-0x00007FF6506F6000-memory.dmp

Filesize
4.0MB

Download
memory/1712-92-0x00007FF650300000-0x00007FF6506F6000-memory.dmp

Filesize
4.0MB

Download
memory/1984-2308-0x00007FF602C70000-0x00007FF603066000-memory.dmp

Filesize
4.0MB

Download
memory/1984-263-0x00007FF602C70000-0x00007FF603066000-memory.dmp

Filesize
4.0MB

Download
memory/1984-2323-0x00007FF602C70000-0x00007FF603066000-memory.dmp

Filesize
4.0MB

Download
memory/2132-63-0x00007FF62CD50000-0x00007FF62D146000-memory.dmp

Filesize
4.0MB

Download
memory/2132-2302-0x00007FF62CD50000-0x00007FF62D146000-memory.dmp

Filesize
4.0MB

Download
memory/2896-2298-0x00007FF603160000-0x00007FF603556000-memory.dmp

Filesize
4.0MB

Download
memory/2896-46-0x00007FF603160000-0x00007FF603556000-memory.dmp

Filesize
4.0MB

Download
memory/3092-49-0x00007FF6177D0000-0x00007FF617BC6000-memory.dmp

Filesize
4.0MB

Download
memory/3092-2300-0x00007FF6177D0000-0x00007FF617BC6000-memory.dmp

Filesize
4.0MB

Download
memory/3404-2309-0x00007FF6FA0E0000-0x00007FF6FA4D6000-memory.dmp

Filesize
4.0MB

Download
memory/3404-89-0x00007FF6FA0E0000-0x00007FF6FA4D6000-memory.dmp

Filesize
4.0MB

Download
memory/3676-54-0x00007FF670E50000-0x00007FF671246000-memory.dmp

Filesize
4.0MB

Download
memory/3676-2297-0x00007FF670E50000-0x00007FF671246000-memory.dmp

Filesize
4.0MB

Download
memory/3804-2311-0x00007FF61BB70000-0x00007FF61BF66000-memory.dmp

Filesize
4.0MB

Download
memory/3804-1922-0x00007FF61BB70000-0x00007FF61BF66000-memory.dmp

Filesize
4.0MB

Download
memory/3804-100-0x00007FF61BB70000-0x00007FF61BF66000-memory.dmp

Filesize
4.0MB

Download
memory/3972-2322-0x00007FF7D25D0000-0x00007FF7D29C6000-memory.dmp

Filesize
4.0MB

Download
memory/3972-255-0x00007FF7D25D0000-0x00007FF7D29C6000-memory.dmp

Filesize
4.0MB

Download
memory/3972-2307-0x00007FF7D25D0000-0x00007FF7D29C6000-memory.dmp

Filesize
4.0MB

Download
memory/4044-5-0x00007FFE7DFB3000-0x00007FFE7DFB5000-memory.dmp

Filesize
8KB

Download
memory/4044-19-0x00007FFE7DFB0000-0x00007FFE7EA71000-memory.dmp

Filesize
10.8MB

Download
memory/4044-37-0x000001777A520000-0x000001777A542000-memory.dmp

Filesize
136KB

Download
memory/4044-142-0x000001777D410000-0x000001777DBB6000-memory.dmp

Filesize
7.6MB

Download
memory/4044-1342-0x00007FFE7DFB3000-0x00007FFE7DFB5000-memory.dmp

Filesize
8KB

Download
memory/4044-1051-0x00007FFE7DFB0000-0x00007FFE7EA71000-memory.dmp

Filesize
10.8MB

Download
memory/4044-38-0x00007FFE7DFB0000-0x00007FFE7EA71000-memory.dmp

Filesize
10.8MB

Download
memory/4044-742-0x00007FFE7DFB0000-0x00007FFE7EA71000-memory.dmp

Filesize
10.8MB

Download
memory/4336-60-0x00007FF7DF0F0000-0x00007FF7DF4E6000-memory.dmp

Filesize
4.0MB

Download
memory/4336-2306-0x00007FF7DF0F0000-0x00007FF7DF4E6000-memory.dmp

Filesize
4.0MB

Download
memory/4336-1633-0x00007FF7DF0F0000-0x00007FF7DF4E6000-memory.dmp

Filesize
4.0MB

Download
memory/4524-69-0x00007FF60E880000-0x00007FF60EC76000-memory.dmp

Filesize
4.0MB

Download
memory/4524-2304-0x00007FF60E880000-0x00007FF60EC76000-memory.dmp

Filesize
4.0MB

Download
memory/4580-2316-0x00007FF77ADB0000-0x00007FF77B1A6000-memory.dmp

Filesize
4.0MB

Download
memory/4580-131-0x00007FF77ADB0000-0x00007FF77B1A6000-memory.dmp

Filesize
4.0MB

Download
memory/4640-2310-0x00007FF7CB910000-0x00007FF7CBD06000-memory.dmp

Filesize
4.0MB

Download
memory/4640-123-0x00007FF7CB910000-0x00007FF7CBD06000-memory.dmp

Filesize
4.0MB

Download
memory/4776-58-0x00007FF6B4500000-0x00007FF6B48F6000-memory.dmp

Filesize
4.0MB

Download
memory/4776-2301-0x00007FF6B4500000-0x00007FF6B48F6000-memory.dmp

Filesize
4.0MB

Download
memory/4804-252-0x00007FF733610000-0x00007FF733A06000-memory.dmp

Filesize
4.0MB

Download
memory/4804-2321-0x00007FF733610000-0x00007FF733A06000-memory.dmp

Filesize
4.0MB

Download
memory/4900-2312-0x00007FF6490C0000-0x00007FF6494B6000-memory.dmp

Filesize
4.0MB

Download
memory/4900-108-0x00007FF6490C0000-0x00007FF6494B6000-memory.dmp

Filesize
4.0MB

Download