xmrig | f0dafe494bf6aae2260ddf96ab36aa9e53197d33c692410bf0793716de53cb72

Analysis

max time kernel
120s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
Size

2.9MB
MD5

9158c43c6416e4f849974611c87b53b0
SHA1

f9a99ac251f84876909947f15e4794b8c89bb4eb
SHA256

f0dafe494bf6aae2260ddf96ab36aa9e53197d33c692410bf0793716de53cb72
SHA512

356fb0ab17056d5459cfcbf9582049ebd5e9331202234e46e36e15df1bc00b929f823c7d395872ef947808ba8f7205bfa58a33e083793499c7a3ba5bc065e077
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hm6lg6EW7EzxsEov:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Ry

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4344-0-0x00007FF706D80000-0x00007FF707176000-memory.dmp	xmrig
behavioral2/files/0x00070000000233fa-9.dat	xmrig
behavioral2/files/0x00090000000233f3-6.dat	xmrig
behavioral2/files/0x00070000000233fb-8.dat	xmrig
behavioral2/files/0x00070000000233fd-27.dat	xmrig
behavioral2/files/0x00070000000233ff-37.dat	xmrig
behavioral2/files/0x0007000000023404-65.dat	xmrig
behavioral2/files/0x0007000000023408-83.dat	xmrig
behavioral2/files/0x0008000000023400-110.dat	xmrig
behavioral2/memory/4316-114-0x00007FF7BAC80000-0x00007FF7BB076000-memory.dmp	xmrig
behavioral2/memory/2104-116-0x00007FF7CF820000-0x00007FF7CFC16000-memory.dmp	xmrig
behavioral2/memory/4424-120-0x00007FF6AF8B0000-0x00007FF6AFCA6000-memory.dmp	xmrig
behavioral2/memory/1612-122-0x00007FF6DC5F0000-0x00007FF6DC9E6000-memory.dmp	xmrig
behavioral2/memory/620-125-0x00007FF719410000-0x00007FF719806000-memory.dmp	xmrig
behavioral2/memory/5004-129-0x00007FF61D7F0000-0x00007FF61DBE6000-memory.dmp	xmrig
behavioral2/memory/1204-128-0x00007FF685760000-0x00007FF685B56000-memory.dmp	xmrig
behavioral2/memory/3880-127-0x00007FF63B140000-0x00007FF63B536000-memory.dmp	xmrig
behavioral2/memory/1252-126-0x00007FF6D06C0000-0x00007FF6D0AB6000-memory.dmp	xmrig
behavioral2/memory/3332-124-0x00007FF6A67E0000-0x00007FF6A6BD6000-memory.dmp	xmrig
behavioral2/memory/3020-123-0x00007FF623930000-0x00007FF623D26000-memory.dmp	xmrig
behavioral2/memory/4644-121-0x00007FF74B740000-0x00007FF74BB36000-memory.dmp	xmrig
behavioral2/memory/2420-119-0x00007FF6EF890000-0x00007FF6EFC86000-memory.dmp	xmrig
behavioral2/memory/2144-118-0x00007FF7E13E0000-0x00007FF7E17D6000-memory.dmp	xmrig
behavioral2/memory/1384-117-0x00007FF6C0140000-0x00007FF6C0536000-memory.dmp	xmrig
behavioral2/memory/1484-115-0x00007FF65D050000-0x00007FF65D446000-memory.dmp	xmrig
behavioral2/memory/1012-113-0x00007FF7EE550000-0x00007FF7EE946000-memory.dmp	xmrig
behavioral2/memory/1400-112-0x00007FF69E8A0000-0x00007FF69EC96000-memory.dmp	xmrig
behavioral2/files/0x000700000002340c-108.dat	xmrig
behavioral2/files/0x000700000002340b-106.dat	xmrig
behavioral2/files/0x000700000002340a-104.dat	xmrig
behavioral2/memory/1404-103-0x00007FF72C800000-0x00007FF72CBF6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023409-101.dat	xmrig
behavioral2/files/0x0007000000023403-74.dat	xmrig
behavioral2/files/0x0007000000023406-73.dat	xmrig
behavioral2/files/0x0007000000023407-78.dat	xmrig
behavioral2/files/0x0007000000023405-70.dat	xmrig
behavioral2/files/0x00070000000233fe-57.dat	xmrig
behavioral2/files/0x0007000000023402-54.dat	xmrig
behavioral2/files/0x00070000000233fc-19.dat	xmrig
behavioral2/files/0x0008000000023401-338.dat	xmrig
behavioral2/files/0x00080000000233f7-348.dat	xmrig
behavioral2/files/0x000700000002345e-355.dat	xmrig
behavioral2/memory/2976-364-0x00007FF755180000-0x00007FF755576000-memory.dmp	xmrig
behavioral2/files/0x0007000000023469-385.dat	xmrig
behavioral2/files/0x0007000000023467-390.dat	xmrig
behavioral2/files/0x000700000002346b-395.dat	xmrig
behavioral2/memory/936-402-0x00007FF79A2D0000-0x00007FF79A6C6000-memory.dmp	xmrig
behavioral2/files/0x000700000002346f-431.dat	xmrig
behavioral2/files/0x000700000002347f-430.dat	xmrig
behavioral2/files/0x000700000002347d-429.dat	xmrig
behavioral2/files/0x000700000002347b-428.dat	xmrig
behavioral2/files/0x000700000002347a-427.dat	xmrig
behavioral2/files/0x0007000000023479-425.dat	xmrig
behavioral2/files/0x0007000000023477-423.dat	xmrig
behavioral2/memory/2344-414-0x00007FF783C80000-0x00007FF784076000-memory.dmp	xmrig
behavioral2/files/0x0007000000023461-377.dat	xmrig
behavioral2/files/0x0007000000023463-371.dat	xmrig
behavioral2/memory/2968-369-0x00007FF741880000-0x00007FF741C76000-memory.dmp	xmrig
behavioral2/memory/3136-358-0x00007FF79B260000-0x00007FF79B656000-memory.dmp	xmrig
behavioral2/files/0x000700000002345d-354.dat	xmrig
behavioral2/memory/4344-1897-0x00007FF706D80000-0x00007FF707176000-memory.dmp	xmrig
behavioral2/memory/936-2180-0x00007FF79A2D0000-0x00007FF79A6C6000-memory.dmp	xmrig
behavioral2/memory/1204-2181-0x00007FF685760000-0x00007FF685B56000-memory.dmp	xmrig
behavioral2/memory/1012-2183-0x00007FF7EE550000-0x00007FF7EE946000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
7	3984	powershell.exe
9	3984	powershell.exe
11	3984	powershell.exe
12	3984	powershell.exe
14	3984	powershell.exe
15	3984	powershell.exe
16	3984	powershell.exe
22	3984	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3984	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1204	ZjRlksD.exe
1404	xqDhgNr.exe
1400	DNGJtVO.exe
1012	EvUpiYT.exe
4316	vIZZJIW.exe
1484	ppbAaUm.exe
2104	OtFeDcU.exe
1384	ooKvpgA.exe
2144	VnDreLQ.exe
2420	GKVYTeC.exe
4424	qsXIikK.exe
5004	toDqCAD.exe
4644	fpJkzIb.exe
1612	OgklnAJ.exe
3020	ysiOPYw.exe
3332	gqTMudf.exe
620	XKiPjtk.exe
1252	HCffYQU.exe
3880	CgRAeHs.exe
3136	pDqbXbd.exe
2976	XmHMulr.exe
2968	hFyNMFi.exe
936	FeLngwZ.exe
2344	cAnfZUE.exe
760	GKASAcD.exe
3584	RyaOGYd.exe
2116	iYHlkNt.exe
4852	xFCVMZS.exe
3436	dgKiRQx.exe
2624	spJbUeL.exe
2428	nMlnujV.exe
1108	RUCFmRj.exe
3440	YyfPALA.exe
4076	HLWcTGv.exe
3488	mcsRoto.exe
4320	AoQSiaD.exe
1968	RaWUyBP.exe
2352	PgFOAGS.exe
1028	heuLhYy.exe
3188	vJKSqfi.exe
2260	zCtKZhG.exe
5084	NisWPhu.exe
1692	TfSLzUs.exe
4624	rhMfhDQ.exe
640	elAtPkl.exe
3692	yAKGMBk.exe
3520	nXhrbgu.exe
664	TKreRXJ.exe
8	xJRrcoV.exe
4088	RIyjhGt.exe
4856	fpRGltp.exe
3264	ZepjOmT.exe
4360	yTFJiJo.exe
4628	rwqtkYE.exe
1976	NeywYfg.exe
3296	ArDDYIq.exe
4100	ZxbdapG.exe
1796	FmbTQNG.exe
2788	umXtRUN.exe
5072	DvEIaBk.exe
220	pBmxQcL.exe
2848	YUplCer.exe
3776	DPGRvEU.exe
1188	zbqOfuQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4344-0-0x00007FF706D80000-0x00007FF707176000-memory.dmp	upx
behavioral2/files/0x00070000000233fa-9.dat	upx
behavioral2/files/0x00090000000233f3-6.dat	upx
behavioral2/files/0x00070000000233fb-8.dat	upx
behavioral2/files/0x00070000000233fd-27.dat	upx
behavioral2/files/0x00070000000233ff-37.dat	upx
behavioral2/files/0x0007000000023404-65.dat	upx
behavioral2/files/0x0007000000023408-83.dat	upx
behavioral2/files/0x0008000000023400-110.dat	upx
behavioral2/memory/4316-114-0x00007FF7BAC80000-0x00007FF7BB076000-memory.dmp	upx
behavioral2/memory/2104-116-0x00007FF7CF820000-0x00007FF7CFC16000-memory.dmp	upx
behavioral2/memory/4424-120-0x00007FF6AF8B0000-0x00007FF6AFCA6000-memory.dmp	upx
behavioral2/memory/1612-122-0x00007FF6DC5F0000-0x00007FF6DC9E6000-memory.dmp	upx
behavioral2/memory/620-125-0x00007FF719410000-0x00007FF719806000-memory.dmp	upx
behavioral2/memory/5004-129-0x00007FF61D7F0000-0x00007FF61DBE6000-memory.dmp	upx
behavioral2/memory/1204-128-0x00007FF685760000-0x00007FF685B56000-memory.dmp	upx
behavioral2/memory/3880-127-0x00007FF63B140000-0x00007FF63B536000-memory.dmp	upx
behavioral2/memory/1252-126-0x00007FF6D06C0000-0x00007FF6D0AB6000-memory.dmp	upx
behavioral2/memory/3332-124-0x00007FF6A67E0000-0x00007FF6A6BD6000-memory.dmp	upx
behavioral2/memory/3020-123-0x00007FF623930000-0x00007FF623D26000-memory.dmp	upx
behavioral2/memory/4644-121-0x00007FF74B740000-0x00007FF74BB36000-memory.dmp	upx
behavioral2/memory/2420-119-0x00007FF6EF890000-0x00007FF6EFC86000-memory.dmp	upx
behavioral2/memory/2144-118-0x00007FF7E13E0000-0x00007FF7E17D6000-memory.dmp	upx
behavioral2/memory/1384-117-0x00007FF6C0140000-0x00007FF6C0536000-memory.dmp	upx
behavioral2/memory/1484-115-0x00007FF65D050000-0x00007FF65D446000-memory.dmp	upx
behavioral2/memory/1012-113-0x00007FF7EE550000-0x00007FF7EE946000-memory.dmp	upx
behavioral2/memory/1400-112-0x00007FF69E8A0000-0x00007FF69EC96000-memory.dmp	upx
behavioral2/files/0x000700000002340c-108.dat	upx
behavioral2/files/0x000700000002340b-106.dat	upx
behavioral2/files/0x000700000002340a-104.dat	upx
behavioral2/memory/1404-103-0x00007FF72C800000-0x00007FF72CBF6000-memory.dmp	upx
behavioral2/files/0x0007000000023409-101.dat	upx
behavioral2/files/0x0007000000023403-74.dat	upx
behavioral2/files/0x0007000000023406-73.dat	upx
behavioral2/files/0x0007000000023407-78.dat	upx
behavioral2/files/0x0007000000023405-70.dat	upx
behavioral2/files/0x00070000000233fe-57.dat	upx
behavioral2/files/0x0007000000023402-54.dat	upx
behavioral2/files/0x00070000000233fc-19.dat	upx
behavioral2/files/0x0008000000023401-338.dat	upx
behavioral2/files/0x00080000000233f7-348.dat	upx
behavioral2/files/0x000700000002345e-355.dat	upx
behavioral2/memory/2976-364-0x00007FF755180000-0x00007FF755576000-memory.dmp	upx
behavioral2/files/0x0007000000023469-385.dat	upx
behavioral2/files/0x0007000000023467-390.dat	upx
behavioral2/files/0x000700000002346b-395.dat	upx
behavioral2/memory/936-402-0x00007FF79A2D0000-0x00007FF79A6C6000-memory.dmp	upx
behavioral2/files/0x000700000002346f-431.dat	upx
behavioral2/files/0x000700000002347f-430.dat	upx
behavioral2/files/0x000700000002347d-429.dat	upx
behavioral2/files/0x000700000002347b-428.dat	upx
behavioral2/files/0x000700000002347a-427.dat	upx
behavioral2/files/0x0007000000023479-425.dat	upx
behavioral2/files/0x0007000000023477-423.dat	upx
behavioral2/memory/2344-414-0x00007FF783C80000-0x00007FF784076000-memory.dmp	upx
behavioral2/files/0x0007000000023461-377.dat	upx
behavioral2/files/0x0007000000023463-371.dat	upx
behavioral2/memory/2968-369-0x00007FF741880000-0x00007FF741C76000-memory.dmp	upx
behavioral2/memory/3136-358-0x00007FF79B260000-0x00007FF79B656000-memory.dmp	upx
behavioral2/files/0x000700000002345d-354.dat	upx
behavioral2/memory/4344-1897-0x00007FF706D80000-0x00007FF707176000-memory.dmp	upx
behavioral2/memory/936-2180-0x00007FF79A2D0000-0x00007FF79A6C6000-memory.dmp	upx
behavioral2/memory/1204-2181-0x00007FF685760000-0x00007FF685B56000-memory.dmp	upx
behavioral2/memory/1012-2183-0x00007FF7EE550000-0x00007FF7EE946000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dXJApZD.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\uosXmyB.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\SjUADWi.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\gJChzqn.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\JtXQsqr.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\fbtXdwW.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\fhyaFId.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\PedLfsE.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\IiUYHme.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\MAfmalC.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\ShCnliy.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\hnMvzRC.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\FfXClrT.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\qZrllgK.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\gyRoVun.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\gfcZHXQ.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\WsMqoTt.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\JVGwPWT.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\IrjKVvz.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\gBWrxPo.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\zeVBryu.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\wKeiNEN.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\XBPfMAB.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\CisrYqZ.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\AIogZXq.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\VAZsgRz.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\hDqAgML.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\LolBLJf.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\hZHhBlW.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\gjkTWTz.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\cjthIKw.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\QvfNfwV.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\RIWAALx.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\jnzvRDO.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\WGHWztU.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\rFFAQqt.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\qQTDvtl.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\mwrNBSf.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\CNsSRlH.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\ejZcVnv.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\VrTzxtW.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\nZlvyee.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\xJRrcoV.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\jLDfuFN.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\cMEhaCO.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\UybSXuy.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\fnMQhMQ.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\SjoKxXP.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\BMtTrec.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\FNmJgBo.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\bZxZehG.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\OgklnAJ.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\pXiSumh.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\GrxHhcC.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\SqXErPi.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\bQJNSmF.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\XrkIGOO.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\TjkEqqM.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\mVZTBZV.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\fpJkzIb.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\FQRhUTo.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\hCsqNMV.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\ohMdYBP.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
File created	C:\Windows\System\bppnuAT.exe	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3984	powershell.exe
3984	powershell.exe
3984	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3984	powershell.exe
Token: SeLockMemoryPrivilege	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 3984	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	84
PID 4344 wrote to memory of 3984	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	84
PID 4344 wrote to memory of 1204	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	85
PID 4344 wrote to memory of 1204	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	85
PID 4344 wrote to memory of 1404	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	86
PID 4344 wrote to memory of 1404	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	86
PID 4344 wrote to memory of 1400	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	87
PID 4344 wrote to memory of 1400	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	87
PID 4344 wrote to memory of 1012	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	88
PID 4344 wrote to memory of 1012	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	88
PID 4344 wrote to memory of 4316	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	89
PID 4344 wrote to memory of 4316	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	89
PID 4344 wrote to memory of 1484	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	90
PID 4344 wrote to memory of 1484	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	90
PID 4344 wrote to memory of 2104	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	91
PID 4344 wrote to memory of 2104	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	91
PID 4344 wrote to memory of 1384	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	92
PID 4344 wrote to memory of 1384	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	92
PID 4344 wrote to memory of 5004	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	93
PID 4344 wrote to memory of 5004	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	93
PID 4344 wrote to memory of 2144	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	94
PID 4344 wrote to memory of 2144	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	94
PID 4344 wrote to memory of 2420	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	95
PID 4344 wrote to memory of 2420	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	95
PID 4344 wrote to memory of 4424	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	96
PID 4344 wrote to memory of 4424	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	96
PID 4344 wrote to memory of 4644	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	97
PID 4344 wrote to memory of 4644	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	97
PID 4344 wrote to memory of 1612	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	98
PID 4344 wrote to memory of 1612	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	98
PID 4344 wrote to memory of 3020	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	99
PID 4344 wrote to memory of 3020	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	99
PID 4344 wrote to memory of 3332	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	100
PID 4344 wrote to memory of 3332	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	100
PID 4344 wrote to memory of 620	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	101
PID 4344 wrote to memory of 620	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	101
PID 4344 wrote to memory of 1252	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	102
PID 4344 wrote to memory of 1252	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	102
PID 4344 wrote to memory of 3880	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	103
PID 4344 wrote to memory of 3880	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	103
PID 4344 wrote to memory of 3136	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	104
PID 4344 wrote to memory of 3136	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	104
PID 4344 wrote to memory of 2976	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	105
PID 4344 wrote to memory of 2976	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	105
PID 4344 wrote to memory of 2968	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	106
PID 4344 wrote to memory of 2968	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	106
PID 4344 wrote to memory of 936	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	107
PID 4344 wrote to memory of 936	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	107
PID 4344 wrote to memory of 2344	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	108
PID 4344 wrote to memory of 2344	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	108
PID 4344 wrote to memory of 760	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	109
PID 4344 wrote to memory of 760	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	109
PID 4344 wrote to memory of 3584	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	110
PID 4344 wrote to memory of 3584	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	110
PID 4344 wrote to memory of 2116	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	111
PID 4344 wrote to memory of 2116	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	111
PID 4344 wrote to memory of 4852	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	112
PID 4344 wrote to memory of 4852	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	112
PID 4344 wrote to memory of 3436	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	113
PID 4344 wrote to memory of 3436	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	113
PID 4344 wrote to memory of 2624	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	114
PID 4344 wrote to memory of 2624	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	114
PID 4344 wrote to memory of 2428	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	115
PID 4344 wrote to memory of 2428	4344	9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9158c43c6416e4f849974611c87b53b0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3984
- C:\Windows\System\ZjRlksD.exe
  C:\Windows\System\ZjRlksD.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\xqDhgNr.exe
  C:\Windows\System\xqDhgNr.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\DNGJtVO.exe
  C:\Windows\System\DNGJtVO.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\EvUpiYT.exe
  C:\Windows\System\EvUpiYT.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\vIZZJIW.exe
  C:\Windows\System\vIZZJIW.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\ppbAaUm.exe
  C:\Windows\System\ppbAaUm.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\OtFeDcU.exe
  C:\Windows\System\OtFeDcU.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ooKvpgA.exe
  C:\Windows\System\ooKvpgA.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\toDqCAD.exe
  C:\Windows\System\toDqCAD.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\VnDreLQ.exe
  C:\Windows\System\VnDreLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\GKVYTeC.exe
  C:\Windows\System\GKVYTeC.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\qsXIikK.exe
  C:\Windows\System\qsXIikK.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\fpJkzIb.exe
  C:\Windows\System\fpJkzIb.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\OgklnAJ.exe
  C:\Windows\System\OgklnAJ.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ysiOPYw.exe
  C:\Windows\System\ysiOPYw.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\gqTMudf.exe
  C:\Windows\System\gqTMudf.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\XKiPjtk.exe
  C:\Windows\System\XKiPjtk.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\HCffYQU.exe
  C:\Windows\System\HCffYQU.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\CgRAeHs.exe
  C:\Windows\System\CgRAeHs.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\pDqbXbd.exe
  C:\Windows\System\pDqbXbd.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\XmHMulr.exe
  C:\Windows\System\XmHMulr.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\hFyNMFi.exe
  C:\Windows\System\hFyNMFi.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\FeLngwZ.exe
  C:\Windows\System\FeLngwZ.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\cAnfZUE.exe
  C:\Windows\System\cAnfZUE.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\GKASAcD.exe
  C:\Windows\System\GKASAcD.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\RyaOGYd.exe
  C:\Windows\System\RyaOGYd.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\iYHlkNt.exe
  C:\Windows\System\iYHlkNt.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\xFCVMZS.exe
  C:\Windows\System\xFCVMZS.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\dgKiRQx.exe
  C:\Windows\System\dgKiRQx.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\spJbUeL.exe
  C:\Windows\System\spJbUeL.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\nMlnujV.exe
  C:\Windows\System\nMlnujV.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\RUCFmRj.exe
  C:\Windows\System\RUCFmRj.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\YyfPALA.exe
  C:\Windows\System\YyfPALA.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\HLWcTGv.exe
  C:\Windows\System\HLWcTGv.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\mcsRoto.exe
  C:\Windows\System\mcsRoto.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\AoQSiaD.exe
  C:\Windows\System\AoQSiaD.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\RaWUyBP.exe
  C:\Windows\System\RaWUyBP.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\PgFOAGS.exe
  C:\Windows\System\PgFOAGS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\heuLhYy.exe
  C:\Windows\System\heuLhYy.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\vJKSqfi.exe
  C:\Windows\System\vJKSqfi.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\zCtKZhG.exe
  C:\Windows\System\zCtKZhG.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\NisWPhu.exe
  C:\Windows\System\NisWPhu.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\TfSLzUs.exe
  C:\Windows\System\TfSLzUs.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\rhMfhDQ.exe
  C:\Windows\System\rhMfhDQ.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\elAtPkl.exe
  C:\Windows\System\elAtPkl.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\yAKGMBk.exe
  C:\Windows\System\yAKGMBk.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\nXhrbgu.exe
  C:\Windows\System\nXhrbgu.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\TKreRXJ.exe
  C:\Windows\System\TKreRXJ.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\xJRrcoV.exe
  C:\Windows\System\xJRrcoV.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\RIyjhGt.exe
  C:\Windows\System\RIyjhGt.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\fpRGltp.exe
  C:\Windows\System\fpRGltp.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\ZepjOmT.exe
  C:\Windows\System\ZepjOmT.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\yTFJiJo.exe
  C:\Windows\System\yTFJiJo.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\rwqtkYE.exe
  C:\Windows\System\rwqtkYE.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\NeywYfg.exe
  C:\Windows\System\NeywYfg.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\ArDDYIq.exe
  C:\Windows\System\ArDDYIq.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\ZxbdapG.exe
  C:\Windows\System\ZxbdapG.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\FmbTQNG.exe
  C:\Windows\System\FmbTQNG.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\umXtRUN.exe
  C:\Windows\System\umXtRUN.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\DvEIaBk.exe
  C:\Windows\System\DvEIaBk.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\pBmxQcL.exe
  C:\Windows\System\pBmxQcL.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\YUplCer.exe
  C:\Windows\System\YUplCer.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\DPGRvEU.exe
  C:\Windows\System\DPGRvEU.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\zbqOfuQ.exe
  C:\Windows\System\zbqOfuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\PedLfsE.exe
  C:\Windows\System\PedLfsE.exe
  2⤵
  PID:2408
- C:\Windows\System\nHAlHOd.exe
  C:\Windows\System\nHAlHOd.exe
  2⤵
  PID:3516
- C:\Windows\System\AKlkqcV.exe
  C:\Windows\System\AKlkqcV.exe
  2⤵
  PID:4884
- C:\Windows\System\jbZwOGO.exe
  C:\Windows\System\jbZwOGO.exe
  2⤵
  PID:116
- C:\Windows\System\ZOyIgdt.exe
  C:\Windows\System\ZOyIgdt.exe
  2⤵
  PID:4972
- C:\Windows\System\utrxlnO.exe
  C:\Windows\System\utrxlnO.exe
  2⤵
  PID:3972
- C:\Windows\System\gMOoGSl.exe
  C:\Windows\System\gMOoGSl.exe
  2⤵
  PID:1784
- C:\Windows\System\PEydOYc.exe
  C:\Windows\System\PEydOYc.exe
  2⤵
  PID:2120
- C:\Windows\System\FfaZsxy.exe
  C:\Windows\System\FfaZsxy.exe
  2⤵
  PID:1424
- C:\Windows\System\ipaNKUb.exe
  C:\Windows\System\ipaNKUb.exe
  2⤵
  PID:4580
- C:\Windows\System\CpqrEgi.exe
  C:\Windows\System\CpqrEgi.exe
  2⤵
  PID:4220
- C:\Windows\System\fjGslIe.exe
  C:\Windows\System\fjGslIe.exe
  2⤵
  PID:1816
- C:\Windows\System\odHVJmV.exe
  C:\Windows\System\odHVJmV.exe
  2⤵
  PID:4044
- C:\Windows\System\ETtVVCi.exe
  C:\Windows\System\ETtVVCi.exe
  2⤵
  PID:1268
- C:\Windows\System\xVvqDNV.exe
  C:\Windows\System\xVvqDNV.exe
  2⤵
  PID:3836
- C:\Windows\System\NmHECZW.exe
  C:\Windows\System\NmHECZW.exe
  2⤵
  PID:5128
- C:\Windows\System\GgInFpM.exe
  C:\Windows\System\GgInFpM.exe
  2⤵
  PID:5160
- C:\Windows\System\orTTKJJ.exe
  C:\Windows\System\orTTKJJ.exe
  2⤵
  PID:5180
- C:\Windows\System\YHmQDps.exe
  C:\Windows\System\YHmQDps.exe
  2⤵
  PID:5208
- C:\Windows\System\jtrGVKW.exe
  C:\Windows\System\jtrGVKW.exe
  2⤵
  PID:5244
- C:\Windows\System\REXujRP.exe
  C:\Windows\System\REXujRP.exe
  2⤵
  PID:5288
- C:\Windows\System\vAkUQcj.exe
  C:\Windows\System\vAkUQcj.exe
  2⤵
  PID:5308
- C:\Windows\System\CJGhkzz.exe
  C:\Windows\System\CJGhkzz.exe
  2⤵
  PID:5324
- C:\Windows\System\bkjQNQS.exe
  C:\Windows\System\bkjQNQS.exe
  2⤵
  PID:5340
- C:\Windows\System\IeywjZH.exe
  C:\Windows\System\IeywjZH.exe
  2⤵
  PID:5392
- C:\Windows\System\wQqBefv.exe
  C:\Windows\System\wQqBefv.exe
  2⤵
  PID:5420
- C:\Windows\System\TPoHdMd.exe
  C:\Windows\System\TPoHdMd.exe
  2⤵
  PID:5436
- C:\Windows\System\ohMdYBP.exe
  C:\Windows\System\ohMdYBP.exe
  2⤵
  PID:5484
- C:\Windows\System\SEwbOyl.exe
  C:\Windows\System\SEwbOyl.exe
  2⤵
  PID:5508
- C:\Windows\System\wNdXXFZ.exe
  C:\Windows\System\wNdXXFZ.exe
  2⤵
  PID:5536
- C:\Windows\System\jVcpXcn.exe
  C:\Windows\System\jVcpXcn.exe
  2⤵
  PID:5572
- C:\Windows\System\gXBDIZj.exe
  C:\Windows\System\gXBDIZj.exe
  2⤵
  PID:5608
- C:\Windows\System\uxFQocP.exe
  C:\Windows\System\uxFQocP.exe
  2⤵
  PID:5632
- C:\Windows\System\emphFtF.exe
  C:\Windows\System\emphFtF.exe
  2⤵
  PID:5680
- C:\Windows\System\kSRAdmf.exe
  C:\Windows\System\kSRAdmf.exe
  2⤵
  PID:5716
- C:\Windows\System\YuewMFg.exe
  C:\Windows\System\YuewMFg.exe
  2⤵
  PID:5736
- C:\Windows\System\QEsCqjX.exe
  C:\Windows\System\QEsCqjX.exe
  2⤵
  PID:5760
- C:\Windows\System\VhPqyeB.exe
  C:\Windows\System\VhPqyeB.exe
  2⤵
  PID:5780
- C:\Windows\System\bkJWwaz.exe
  C:\Windows\System\bkJWwaz.exe
  2⤵
  PID:5812
- C:\Windows\System\lLgsriG.exe
  C:\Windows\System\lLgsriG.exe
  2⤵
  PID:5860
- C:\Windows\System\RMQaftK.exe
  C:\Windows\System\RMQaftK.exe
  2⤵
  PID:5892
- C:\Windows\System\LbHnQUL.exe
  C:\Windows\System\LbHnQUL.exe
  2⤵
  PID:5924
- C:\Windows\System\Tpzouql.exe
  C:\Windows\System\Tpzouql.exe
  2⤵
  PID:5944
- C:\Windows\System\baDFczF.exe
  C:\Windows\System\baDFczF.exe
  2⤵
  PID:5984
- C:\Windows\System\dXJApZD.exe
  C:\Windows\System\dXJApZD.exe
  2⤵
  PID:6008
- C:\Windows\System\jqzPjzR.exe
  C:\Windows\System\jqzPjzR.exe
  2⤵
  PID:6032
- C:\Windows\System\zdbulPa.exe
  C:\Windows\System\zdbulPa.exe
  2⤵
  PID:6064
- C:\Windows\System\nmPYOYN.exe
  C:\Windows\System\nmPYOYN.exe
  2⤵
  PID:6088
- C:\Windows\System\xoVjImd.exe
  C:\Windows\System\xoVjImd.exe
  2⤵
  PID:6116
- C:\Windows\System\pXiSumh.exe
  C:\Windows\System\pXiSumh.exe
  2⤵
  PID:5140
- C:\Windows\System\bRpStyc.exe
  C:\Windows\System\bRpStyc.exe
  2⤵
  PID:5204
- C:\Windows\System\wlPtmky.exe
  C:\Windows\System\wlPtmky.exe
  2⤵
  PID:5272
- C:\Windows\System\sgSJPSK.exe
  C:\Windows\System\sgSJPSK.exe
  2⤵
  PID:5332
- C:\Windows\System\SwBYFsf.exe
  C:\Windows\System\SwBYFsf.exe
  2⤵
  PID:5352
- C:\Windows\System\FEQfEyX.exe
  C:\Windows\System\FEQfEyX.exe
  2⤵
  PID:5428
- C:\Windows\System\RIWAALx.exe
  C:\Windows\System\RIWAALx.exe
  2⤵
  PID:5548
- C:\Windows\System\agogZTO.exe
  C:\Windows\System\agogZTO.exe
  2⤵
  PID:5620
- C:\Windows\System\wwLAQYq.exe
  C:\Windows\System\wwLAQYq.exe
  2⤵
  PID:5724
- C:\Windows\System\PFtVvkf.exe
  C:\Windows\System\PFtVvkf.exe
  2⤵
  PID:5800
- C:\Windows\System\axSdLqu.exe
  C:\Windows\System\axSdLqu.exe
  2⤵
  PID:5852
- C:\Windows\System\QLfyIev.exe
  C:\Windows\System\QLfyIev.exe
  2⤵
  PID:5932
- C:\Windows\System\ojpGaBi.exe
  C:\Windows\System\ojpGaBi.exe
  2⤵
  PID:5996
- C:\Windows\System\FhzLtXk.exe
  C:\Windows\System\FhzLtXk.exe
  2⤵
  PID:6056
- C:\Windows\System\TmqaamC.exe
  C:\Windows\System\TmqaamC.exe
  2⤵
  PID:6128
- C:\Windows\System\GrxHhcC.exe
  C:\Windows\System\GrxHhcC.exe
  2⤵
  PID:5264
- C:\Windows\System\QkpKssm.exe
  C:\Windows\System\QkpKssm.exe
  2⤵
  PID:2140
- C:\Windows\System\suVbRkf.exe
  C:\Windows\System\suVbRkf.exe
  2⤵
  PID:5468
- C:\Windows\System\kKhJWrh.exe
  C:\Windows\System\kKhJWrh.exe
  2⤵
  PID:5772
- C:\Windows\System\AIogZXq.exe
  C:\Windows\System\AIogZXq.exe
  2⤵
  PID:5908
- C:\Windows\System\RzrdFhT.exe
  C:\Windows\System\RzrdFhT.exe
  2⤵
  PID:5192
- C:\Windows\System\xNBNwAs.exe
  C:\Windows\System\xNBNwAs.exe
  2⤵
  PID:5412
- C:\Windows\System\njzIuhD.exe
  C:\Windows\System\njzIuhD.exe
  2⤵
  PID:5888
- C:\Windows\System\LMgVidy.exe
  C:\Windows\System\LMgVidy.exe
  2⤵
  PID:5336
- C:\Windows\System\jKNYQcF.exe
  C:\Windows\System\jKNYQcF.exe
  2⤵
  PID:6184
- C:\Windows\System\KsHqULV.exe
  C:\Windows\System\KsHqULV.exe
  2⤵
  PID:6232
- C:\Windows\System\SjoKxXP.exe
  C:\Windows\System\SjoKxXP.exe
  2⤵
  PID:6268
- C:\Windows\System\NcxgWuy.exe
  C:\Windows\System\NcxgWuy.exe
  2⤵
  PID:6304
- C:\Windows\System\EgKkAsN.exe
  C:\Windows\System\EgKkAsN.exe
  2⤵
  PID:6336
- C:\Windows\System\TYTdUSQ.exe
  C:\Windows\System\TYTdUSQ.exe
  2⤵
  PID:6360
- C:\Windows\System\ZOHMdXw.exe
  C:\Windows\System\ZOHMdXw.exe
  2⤵
  PID:6404
- C:\Windows\System\rUBHgcC.exe
  C:\Windows\System\rUBHgcC.exe
  2⤵
  PID:6444
- C:\Windows\System\qjdPtYB.exe
  C:\Windows\System\qjdPtYB.exe
  2⤵
  PID:6468
- C:\Windows\System\rZggfMM.exe
  C:\Windows\System\rZggfMM.exe
  2⤵
  PID:6516
- C:\Windows\System\wlTwjSQ.exe
  C:\Windows\System\wlTwjSQ.exe
  2⤵
  PID:6552
- C:\Windows\System\XxZkGbf.exe
  C:\Windows\System\XxZkGbf.exe
  2⤵
  PID:6576
- C:\Windows\System\rZhXUiQ.exe
  C:\Windows\System\rZhXUiQ.exe
  2⤵
  PID:6604
- C:\Windows\System\ResNsGb.exe
  C:\Windows\System\ResNsGb.exe
  2⤵
  PID:6644
- C:\Windows\System\qrsOMmw.exe
  C:\Windows\System\qrsOMmw.exe
  2⤵
  PID:6676
- C:\Windows\System\QfytSSA.exe
  C:\Windows\System\QfytSSA.exe
  2⤵
  PID:6716
- C:\Windows\System\SKeszUF.exe
  C:\Windows\System\SKeszUF.exe
  2⤵
  PID:6732
- C:\Windows\System\wPDKQoj.exe
  C:\Windows\System\wPDKQoj.exe
  2⤵
  PID:6760
- C:\Windows\System\iVhPVKB.exe
  C:\Windows\System\iVhPVKB.exe
  2⤵
  PID:6800
- C:\Windows\System\LXDpaSV.exe
  C:\Windows\System\LXDpaSV.exe
  2⤵
  PID:6836
- C:\Windows\System\natKjwU.exe
  C:\Windows\System\natKjwU.exe
  2⤵
  PID:6860
- C:\Windows\System\qvufToB.exe
  C:\Windows\System\qvufToB.exe
  2⤵
  PID:6892
- C:\Windows\System\cGlmcqW.exe
  C:\Windows\System\cGlmcqW.exe
  2⤵
  PID:6932
- C:\Windows\System\PyxYdiY.exe
  C:\Windows\System\PyxYdiY.exe
  2⤵
  PID:6968
- C:\Windows\System\mgJexKp.exe
  C:\Windows\System\mgJexKp.exe
  2⤵
  PID:6988
- C:\Windows\System\bgXIDah.exe
  C:\Windows\System\bgXIDah.exe
  2⤵
  PID:7024
- C:\Windows\System\CRMwaEa.exe
  C:\Windows\System\CRMwaEa.exe
  2⤵
  PID:7052
- C:\Windows\System\fGnYJyO.exe
  C:\Windows\System\fGnYJyO.exe
  2⤵
  PID:7072
- C:\Windows\System\Vnzewml.exe
  C:\Windows\System\Vnzewml.exe
  2⤵
  PID:7092
- C:\Windows\System\DzMwfAr.exe
  C:\Windows\System\DzMwfAr.exe
  2⤵
  PID:7140
- C:\Windows\System\uosXmyB.exe
  C:\Windows\System\uosXmyB.exe
  2⤵
  PID:7164
- C:\Windows\System\iYVcxli.exe
  C:\Windows\System\iYVcxli.exe
  2⤵
  PID:6228
- C:\Windows\System\YwDdPQX.exe
  C:\Windows\System\YwDdPQX.exe
  2⤵
  PID:6332
- C:\Windows\System\HgZVTKG.exe
  C:\Windows\System\HgZVTKG.exe
  2⤵
  PID:6392
- C:\Windows\System\FBNtLSm.exe
  C:\Windows\System\FBNtLSm.exe
  2⤵
  PID:6504
- C:\Windows\System\MIGOlzb.exe
  C:\Windows\System\MIGOlzb.exe
  2⤵
  PID:6584
- C:\Windows\System\nFzLRdc.exe
  C:\Windows\System\nFzLRdc.exe
  2⤵
  PID:6660
- C:\Windows\System\VAZsgRz.exe
  C:\Windows\System\VAZsgRz.exe
  2⤵
  PID:6756
- C:\Windows\System\UqAXivB.exe
  C:\Windows\System\UqAXivB.exe
  2⤵
  PID:6820
- C:\Windows\System\npbeIrF.exe
  C:\Windows\System\npbeIrF.exe
  2⤵
  PID:6880
- C:\Windows\System\gBWrxPo.exe
  C:\Windows\System\gBWrxPo.exe
  2⤵
  PID:6952
- C:\Windows\System\shVKosT.exe
  C:\Windows\System\shVKosT.exe
  2⤵
  PID:7012
- C:\Windows\System\ayZnaBT.exe
  C:\Windows\System\ayZnaBT.exe
  2⤵
  PID:7060
- C:\Windows\System\CpYpXMS.exe
  C:\Windows\System\CpYpXMS.exe
  2⤵
  PID:7132
- C:\Windows\System\XSEevoj.exe
  C:\Windows\System\XSEevoj.exe
  2⤵
  PID:6244
- C:\Windows\System\vPGNYtH.exe
  C:\Windows\System\vPGNYtH.exe
  2⤵
  PID:6384
- C:\Windows\System\TuSilEK.exe
  C:\Windows\System\TuSilEK.exe
  2⤵
  PID:6544
- C:\Windows\System\KcYyxcU.exe
  C:\Windows\System\KcYyxcU.exe
  2⤵
  PID:6728
- C:\Windows\System\eugFDWJ.exe
  C:\Windows\System\eugFDWJ.exe
  2⤵
  PID:6912
- C:\Windows\System\kkQDMpD.exe
  C:\Windows\System\kkQDMpD.exe
  2⤵
  PID:3012
- C:\Windows\System\LheQnWl.exe
  C:\Windows\System\LheQnWl.exe
  2⤵
  PID:7152
- C:\Windows\System\LgcMLtj.exe
  C:\Windows\System\LgcMLtj.exe
  2⤵
  PID:6292
- C:\Windows\System\CHoeKAe.exe
  C:\Windows\System\CHoeKAe.exe
  2⤵
  PID:6640
- C:\Windows\System\wEGYohS.exe
  C:\Windows\System\wEGYohS.exe
  2⤵
  PID:468
- C:\Windows\System\zYabTZP.exe
  C:\Windows\System\zYabTZP.exe
  2⤵
  PID:6480
- C:\Windows\System\ExTjbfZ.exe
  C:\Windows\System\ExTjbfZ.exe
  2⤵
  PID:6980
- C:\Windows\System\GEIQwAW.exe
  C:\Windows\System\GEIQwAW.exe
  2⤵
  PID:7160
- C:\Windows\System\dKiqKHx.exe
  C:\Windows\System\dKiqKHx.exe
  2⤵
  PID:7176
- C:\Windows\System\PCwZmgS.exe
  C:\Windows\System\PCwZmgS.exe
  2⤵
  PID:7212
- C:\Windows\System\PWoAdTz.exe
  C:\Windows\System\PWoAdTz.exe
  2⤵
  PID:7248
- C:\Windows\System\tmhUdTF.exe
  C:\Windows\System\tmhUdTF.exe
  2⤵
  PID:7272
- C:\Windows\System\srzkziQ.exe
  C:\Windows\System\srzkziQ.exe
  2⤵
  PID:7292
- C:\Windows\System\SKRflcm.exe
  C:\Windows\System\SKRflcm.exe
  2⤵
  PID:7332
- C:\Windows\System\jzddoZu.exe
  C:\Windows\System\jzddoZu.exe
  2⤵
  PID:7360
- C:\Windows\System\hDqAgML.exe
  C:\Windows\System\hDqAgML.exe
  2⤵
  PID:7388
- C:\Windows\System\qSBVywb.exe
  C:\Windows\System\qSBVywb.exe
  2⤵
  PID:7408
- C:\Windows\System\rFFAQqt.exe
  C:\Windows\System\rFFAQqt.exe
  2⤵
  PID:7448
- C:\Windows\System\CbdbNcm.exe
  C:\Windows\System\CbdbNcm.exe
  2⤵
  PID:7472
- C:\Windows\System\DWmiHNY.exe
  C:\Windows\System\DWmiHNY.exe
  2⤵
  PID:7512
- C:\Windows\System\ypGGlif.exe
  C:\Windows\System\ypGGlif.exe
  2⤵
  PID:7552
- C:\Windows\System\KBlhmjE.exe
  C:\Windows\System\KBlhmjE.exe
  2⤵
  PID:7572
- C:\Windows\System\SdBNuDK.exe
  C:\Windows\System\SdBNuDK.exe
  2⤵
  PID:7608
- C:\Windows\System\oHkLHAM.exe
  C:\Windows\System\oHkLHAM.exe
  2⤵
  PID:7636
- C:\Windows\System\uDcFpxS.exe
  C:\Windows\System\uDcFpxS.exe
  2⤵
  PID:7664
- C:\Windows\System\mDONqET.exe
  C:\Windows\System\mDONqET.exe
  2⤵
  PID:7696
- C:\Windows\System\dtkavON.exe
  C:\Windows\System\dtkavON.exe
  2⤵
  PID:7720
- C:\Windows\System\CnlcETj.exe
  C:\Windows\System\CnlcETj.exe
  2⤵
  PID:7752
- C:\Windows\System\bcekIMk.exe
  C:\Windows\System\bcekIMk.exe
  2⤵
  PID:7776
- C:\Windows\System\GiTMBtZ.exe
  C:\Windows\System\GiTMBtZ.exe
  2⤵
  PID:7804
- C:\Windows\System\niuwdDm.exe
  C:\Windows\System\niuwdDm.exe
  2⤵
  PID:7832
- C:\Windows\System\ZEwMPKG.exe
  C:\Windows\System\ZEwMPKG.exe
  2⤵
  PID:7860
- C:\Windows\System\daeGeSJ.exe
  C:\Windows\System\daeGeSJ.exe
  2⤵
  PID:7896
- C:\Windows\System\JYZgBKZ.exe
  C:\Windows\System\JYZgBKZ.exe
  2⤵
  PID:7916
- C:\Windows\System\YarwTUM.exe
  C:\Windows\System\YarwTUM.exe
  2⤵
  PID:7944
- C:\Windows\System\QtjTPSl.exe
  C:\Windows\System\QtjTPSl.exe
  2⤵
  PID:7976
- C:\Windows\System\bnLTIgt.exe
  C:\Windows\System\bnLTIgt.exe
  2⤵
  PID:8004
- C:\Windows\System\IwBlrRV.exe
  C:\Windows\System\IwBlrRV.exe
  2⤵
  PID:8036
- C:\Windows\System\NltPhXB.exe
  C:\Windows\System\NltPhXB.exe
  2⤵
  PID:8072
- C:\Windows\System\GGCocRp.exe
  C:\Windows\System\GGCocRp.exe
  2⤵
  PID:8092
- C:\Windows\System\SqXErPi.exe
  C:\Windows\System\SqXErPi.exe
  2⤵
  PID:8128
- C:\Windows\System\GqxbdDd.exe
  C:\Windows\System\GqxbdDd.exe
  2⤵
  PID:8156
- C:\Windows\System\iQfeZfQ.exe
  C:\Windows\System\iQfeZfQ.exe
  2⤵
  PID:7172
- C:\Windows\System\PbHsyCS.exe
  C:\Windows\System\PbHsyCS.exe
  2⤵
  PID:7208
- C:\Windows\System\xUGgOlL.exe
  C:\Windows\System\xUGgOlL.exe
  2⤵
  PID:7284
- C:\Windows\System\jhYeTAr.exe
  C:\Windows\System\jhYeTAr.exe
  2⤵
  PID:7352
- C:\Windows\System\tVilbhP.exe
  C:\Windows\System\tVilbhP.exe
  2⤵
  PID:7416
- C:\Windows\System\iRErIhJ.exe
  C:\Windows\System\iRErIhJ.exe
  2⤵
  PID:7508
- C:\Windows\System\LGIvCUd.exe
  C:\Windows\System\LGIvCUd.exe
  2⤵
  PID:7560
- C:\Windows\System\xSarbpB.exe
  C:\Windows\System\xSarbpB.exe
  2⤵
  PID:7656
- C:\Windows\System\nhgyzTP.exe
  C:\Windows\System\nhgyzTP.exe
  2⤵
  PID:7744
- C:\Windows\System\srPSsuE.exe
  C:\Windows\System\srPSsuE.exe
  2⤵
  PID:7824
- C:\Windows\System\xJqgHUJ.exe
  C:\Windows\System\xJqgHUJ.exe
  2⤵
  PID:7884
- C:\Windows\System\JFCuwXH.exe
  C:\Windows\System\JFCuwXH.exe
  2⤵
  PID:7932
- C:\Windows\System\THFndor.exe
  C:\Windows\System\THFndor.exe
  2⤵
  PID:8016
- C:\Windows\System\QnQgVKP.exe
  C:\Windows\System\QnQgVKP.exe
  2⤵
  PID:8084
- C:\Windows\System\VtDcJnh.exe
  C:\Windows\System\VtDcJnh.exe
  2⤵
  PID:8152
- C:\Windows\System\pQVauJk.exe
  C:\Windows\System\pQVauJk.exe
  2⤵
  PID:7204
- C:\Windows\System\cxbiRli.exe
  C:\Windows\System\cxbiRli.exe
  2⤵
  PID:7380
- C:\Windows\System\fpVylHI.exe
  C:\Windows\System\fpVylHI.exe
  2⤵
  PID:7536
- C:\Windows\System\AlrJErl.exe
  C:\Windows\System\AlrJErl.exe
  2⤵
  PID:7732
- C:\Windows\System\gSXtZSX.exe
  C:\Windows\System\gSXtZSX.exe
  2⤵
  PID:7852
- C:\Windows\System\rmQSwoW.exe
  C:\Windows\System\rmQSwoW.exe
  2⤵
  PID:8000
- C:\Windows\System\pobDUxs.exe
  C:\Windows\System\pobDUxs.exe
  2⤵
  PID:8180
- C:\Windows\System\JPNpOYK.exe
  C:\Windows\System\JPNpOYK.exe
  2⤵
  PID:2324
- C:\Windows\System\NmmLEid.exe
  C:\Windows\System\NmmLEid.exe
  2⤵
  PID:7704
- C:\Windows\System\qQTDvtl.exe
  C:\Windows\System\qQTDvtl.exe
  2⤵
  PID:7992
- C:\Windows\System\mwrNBSf.exe
  C:\Windows\System\mwrNBSf.exe
  2⤵
  PID:7628
- C:\Windows\System\icMfbDw.exe
  C:\Windows\System\icMfbDw.exe
  2⤵
  PID:8208
- C:\Windows\System\riXcqoE.exe
  C:\Windows\System\riXcqoE.exe
  2⤵
  PID:8224
- C:\Windows\System\bQJNSmF.exe
  C:\Windows\System\bQJNSmF.exe
  2⤵
  PID:8252
- C:\Windows\System\wAIGptx.exe
  C:\Windows\System\wAIGptx.exe
  2⤵
  PID:8280
- C:\Windows\System\ulQDqjt.exe
  C:\Windows\System\ulQDqjt.exe
  2⤵
  PID:8308
- C:\Windows\System\FwyjudE.exe
  C:\Windows\System\FwyjudE.exe
  2⤵
  PID:8336
- C:\Windows\System\CPcRmBi.exe
  C:\Windows\System\CPcRmBi.exe
  2⤵
  PID:8364
- C:\Windows\System\MmWJhUd.exe
  C:\Windows\System\MmWJhUd.exe
  2⤵
  PID:8392
- C:\Windows\System\xCVeOPM.exe
  C:\Windows\System\xCVeOPM.exe
  2⤵
  PID:8420
- C:\Windows\System\CNsSRlH.exe
  C:\Windows\System\CNsSRlH.exe
  2⤵
  PID:8448
- C:\Windows\System\trhvftY.exe
  C:\Windows\System\trhvftY.exe
  2⤵
  PID:8476
- C:\Windows\System\PDXwPLT.exe
  C:\Windows\System\PDXwPLT.exe
  2⤵
  PID:8504
- C:\Windows\System\enZxSaI.exe
  C:\Windows\System\enZxSaI.exe
  2⤵
  PID:8532
- C:\Windows\System\ClykUxA.exe
  C:\Windows\System\ClykUxA.exe
  2⤵
  PID:8560
- C:\Windows\System\jxqLSDu.exe
  C:\Windows\System\jxqLSDu.exe
  2⤵
  PID:8592
- C:\Windows\System\PetGNSY.exe
  C:\Windows\System\PetGNSY.exe
  2⤵
  PID:8620
- C:\Windows\System\LPsuuiI.exe
  C:\Windows\System\LPsuuiI.exe
  2⤵
  PID:8648
- C:\Windows\System\voLykkA.exe
  C:\Windows\System\voLykkA.exe
  2⤵
  PID:8676
- C:\Windows\System\jpQmVqe.exe
  C:\Windows\System\jpQmVqe.exe
  2⤵
  PID:8704
- C:\Windows\System\SjUADWi.exe
  C:\Windows\System\SjUADWi.exe
  2⤵
  PID:8732
- C:\Windows\System\dYEOdjz.exe
  C:\Windows\System\dYEOdjz.exe
  2⤵
  PID:8748
- C:\Windows\System\HKckMbT.exe
  C:\Windows\System\HKckMbT.exe
  2⤵
  PID:8784
- C:\Windows\System\PSnRGva.exe
  C:\Windows\System\PSnRGva.exe
  2⤵
  PID:8816
- C:\Windows\System\qjgUEYv.exe
  C:\Windows\System\qjgUEYv.exe
  2⤵
  PID:8844
- C:\Windows\System\yUKxwXm.exe
  C:\Windows\System\yUKxwXm.exe
  2⤵
  PID:8872
- C:\Windows\System\yVifTvS.exe
  C:\Windows\System\yVifTvS.exe
  2⤵
  PID:8900
- C:\Windows\System\bjNJxMp.exe
  C:\Windows\System\bjNJxMp.exe
  2⤵
  PID:8928
- C:\Windows\System\PKfYlSL.exe
  C:\Windows\System\PKfYlSL.exe
  2⤵
  PID:8956
- C:\Windows\System\qoryxKC.exe
  C:\Windows\System\qoryxKC.exe
  2⤵
  PID:8984
- C:\Windows\System\vgJIiZx.exe
  C:\Windows\System\vgJIiZx.exe
  2⤵
  PID:9012
- C:\Windows\System\VgEKXgC.exe
  C:\Windows\System\VgEKXgC.exe
  2⤵
  PID:9040
- C:\Windows\System\bppnuAT.exe
  C:\Windows\System\bppnuAT.exe
  2⤵
  PID:9068
- C:\Windows\System\OojNJIC.exe
  C:\Windows\System\OojNJIC.exe
  2⤵
  PID:9096
- C:\Windows\System\vCPcXar.exe
  C:\Windows\System\vCPcXar.exe
  2⤵
  PID:9128
- C:\Windows\System\eyEIOvM.exe
  C:\Windows\System\eyEIOvM.exe
  2⤵
  PID:9156
- C:\Windows\System\uUxOQNM.exe
  C:\Windows\System\uUxOQNM.exe
  2⤵
  PID:9184
- C:\Windows\System\RrwoGii.exe
  C:\Windows\System\RrwoGii.exe
  2⤵
  PID:9212
- C:\Windows\System\sAtRbJq.exe
  C:\Windows\System\sAtRbJq.exe
  2⤵
  PID:8248
- C:\Windows\System\NpgCkVV.exe
  C:\Windows\System\NpgCkVV.exe
  2⤵
  PID:8320
- C:\Windows\System\fgessZg.exe
  C:\Windows\System\fgessZg.exe
  2⤵
  PID:8384
- C:\Windows\System\xqDzRec.exe
  C:\Windows\System\xqDzRec.exe
  2⤵
  PID:8444
- C:\Windows\System\RWueWrf.exe
  C:\Windows\System\RWueWrf.exe
  2⤵
  PID:8516
- C:\Windows\System\zctkqIm.exe
  C:\Windows\System\zctkqIm.exe
  2⤵
  PID:8584
- C:\Windows\System\TGLBYwf.exe
  C:\Windows\System\TGLBYwf.exe
  2⤵
  PID:8640
- C:\Windows\System\gfcZHXQ.exe
  C:\Windows\System\gfcZHXQ.exe
  2⤵
  PID:8700
- C:\Windows\System\vdiFKzF.exe
  C:\Windows\System\vdiFKzF.exe
  2⤵
  PID:8760
- C:\Windows\System\ShYSDxG.exe
  C:\Windows\System\ShYSDxG.exe
  2⤵
  PID:8828
- C:\Windows\System\EuNEDPJ.exe
  C:\Windows\System\EuNEDPJ.exe
  2⤵
  PID:8896
- C:\Windows\System\oUNEutc.exe
  C:\Windows\System\oUNEutc.exe
  2⤵
  PID:8952
- C:\Windows\System\doxOopx.exe
  C:\Windows\System\doxOopx.exe
  2⤵
  PID:9024
- C:\Windows\System\RrivVZq.exe
  C:\Windows\System\RrivVZq.exe
  2⤵
  PID:9088
- C:\Windows\System\EdqNsXk.exe
  C:\Windows\System\EdqNsXk.exe
  2⤵
  PID:9152
- C:\Windows\System\yoOlQgi.exe
  C:\Windows\System\yoOlQgi.exe
  2⤵
  PID:8216
- C:\Windows\System\LolBLJf.exe
  C:\Windows\System\LolBLJf.exe
  2⤵
  PID:8304
- C:\Windows\System\eiULSjV.exe
  C:\Windows\System\eiULSjV.exe
  2⤵
  PID:8412
- C:\Windows\System\guahPmu.exe
  C:\Windows\System\guahPmu.exe
  2⤵
  PID:8472
- C:\Windows\System\avTEEJo.exe
  C:\Windows\System\avTEEJo.exe
  2⤵
  PID:8576
- C:\Windows\System\izNQrOe.exe
  C:\Windows\System\izNQrOe.exe
  2⤵
  PID:8812
- C:\Windows\System\XtqRXNO.exe
  C:\Windows\System\XtqRXNO.exe
  2⤵
  PID:9004
- C:\Windows\System\QlKGDhi.exe
  C:\Windows\System\QlKGDhi.exe
  2⤵
  PID:9148
- C:\Windows\System\fpyfnVp.exe
  C:\Windows\System\fpyfnVp.exe
  2⤵
  PID:4204
- C:\Windows\System\alJcYpy.exe
  C:\Windows\System\alJcYpy.exe
  2⤵
  PID:8632
- C:\Windows\System\xBHWCor.exe
  C:\Windows\System\xBHWCor.exe
  2⤵
  PID:8980
- C:\Windows\System\AUsOZAt.exe
  C:\Windows\System\AUsOZAt.exe
  2⤵
  PID:8376
- C:\Windows\System\mjuVOhU.exe
  C:\Windows\System\mjuVOhU.exe
  2⤵
  PID:3240
- C:\Windows\System\OcGuYer.exe
  C:\Windows\System\OcGuYer.exe
  2⤵
  PID:9224
- C:\Windows\System\xOxhhsG.exe
  C:\Windows\System\xOxhhsG.exe
  2⤵
  PID:9252
- C:\Windows\System\yDpsVIQ.exe
  C:\Windows\System\yDpsVIQ.exe
  2⤵
  PID:9280
- C:\Windows\System\TInEAoN.exe
  C:\Windows\System\TInEAoN.exe
  2⤵
  PID:9308
- C:\Windows\System\wvkQLlr.exe
  C:\Windows\System\wvkQLlr.exe
  2⤵
  PID:9336
- C:\Windows\System\pAybaUd.exe
  C:\Windows\System\pAybaUd.exe
  2⤵
  PID:9364
- C:\Windows\System\hZHhBlW.exe
  C:\Windows\System\hZHhBlW.exe
  2⤵
  PID:9392
- C:\Windows\System\wkamKwy.exe
  C:\Windows\System\wkamKwy.exe
  2⤵
  PID:9420
- C:\Windows\System\BwRHbfI.exe
  C:\Windows\System\BwRHbfI.exe
  2⤵
  PID:9448
- C:\Windows\System\FQsANEr.exe
  C:\Windows\System\FQsANEr.exe
  2⤵
  PID:9476
- C:\Windows\System\kIuhvfT.exe
  C:\Windows\System\kIuhvfT.exe
  2⤵
  PID:9504
- C:\Windows\System\zhtGASt.exe
  C:\Windows\System\zhtGASt.exe
  2⤵
  PID:9532
- C:\Windows\System\QiCyPso.exe
  C:\Windows\System\QiCyPso.exe
  2⤵
  PID:9560
- C:\Windows\System\JDAjGjw.exe
  C:\Windows\System\JDAjGjw.exe
  2⤵
  PID:9588
- C:\Windows\System\isPBgbO.exe
  C:\Windows\System\isPBgbO.exe
  2⤵
  PID:9616
- C:\Windows\System\zeVBryu.exe
  C:\Windows\System\zeVBryu.exe
  2⤵
  PID:9644
- C:\Windows\System\QnzpRjU.exe
  C:\Windows\System\QnzpRjU.exe
  2⤵
  PID:9672
- C:\Windows\System\WljRjYH.exe
  C:\Windows\System\WljRjYH.exe
  2⤵
  PID:9700
- C:\Windows\System\sbFuJdT.exe
  C:\Windows\System\sbFuJdT.exe
  2⤵
  PID:9728
- C:\Windows\System\khdlPfg.exe
  C:\Windows\System\khdlPfg.exe
  2⤵
  PID:9756
- C:\Windows\System\mTtJuFQ.exe
  C:\Windows\System\mTtJuFQ.exe
  2⤵
  PID:9800
- C:\Windows\System\Npspsav.exe
  C:\Windows\System\Npspsav.exe
  2⤵
  PID:9816
- C:\Windows\System\lhDOYVA.exe
  C:\Windows\System\lhDOYVA.exe
  2⤵
  PID:9844
- C:\Windows\System\IWhhsgt.exe
  C:\Windows\System\IWhhsgt.exe
  2⤵
  PID:9872
- C:\Windows\System\tnTfopB.exe
  C:\Windows\System\tnTfopB.exe
  2⤵
  PID:9900
- C:\Windows\System\ahfaAUV.exe
  C:\Windows\System\ahfaAUV.exe
  2⤵
  PID:9928
- C:\Windows\System\uLXdxny.exe
  C:\Windows\System\uLXdxny.exe
  2⤵
  PID:9956
- C:\Windows\System\DuZbzgj.exe
  C:\Windows\System\DuZbzgj.exe
  2⤵
  PID:9984
- C:\Windows\System\HiPqbxf.exe
  C:\Windows\System\HiPqbxf.exe
  2⤵
  PID:10012
- C:\Windows\System\LamCVVv.exe
  C:\Windows\System\LamCVVv.exe
  2⤵
  PID:10040
- C:\Windows\System\IgmZSlm.exe
  C:\Windows\System\IgmZSlm.exe
  2⤵
  PID:10076
- C:\Windows\System\LbiaaIo.exe
  C:\Windows\System\LbiaaIo.exe
  2⤵
  PID:10104
- C:\Windows\System\PgWptok.exe
  C:\Windows\System\PgWptok.exe
  2⤵
  PID:10140
- C:\Windows\System\FsHwmwX.exe
  C:\Windows\System\FsHwmwX.exe
  2⤵
  PID:10168
- C:\Windows\System\KZoJTna.exe
  C:\Windows\System\KZoJTna.exe
  2⤵
  PID:10212
- C:\Windows\System\NslVDmS.exe
  C:\Windows\System\NslVDmS.exe
  2⤵
  PID:8948
- C:\Windows\System\RcUdJjn.exe
  C:\Windows\System\RcUdJjn.exe
  2⤵
  PID:2148
- C:\Windows\System\kaqaNBa.exe
  C:\Windows\System\kaqaNBa.exe
  2⤵
  PID:9376
- C:\Windows\System\VPIfWMT.exe
  C:\Windows\System\VPIfWMT.exe
  2⤵
  PID:9432
- C:\Windows\System\rCohIbL.exe
  C:\Windows\System\rCohIbL.exe
  2⤵
  PID:9488
- C:\Windows\System\XaxjYcc.exe
  C:\Windows\System\XaxjYcc.exe
  2⤵
  PID:9524
- C:\Windows\System\WsMqoTt.exe
  C:\Windows\System\WsMqoTt.exe
  2⤵
  PID:9608
- C:\Windows\System\BOaRtVU.exe
  C:\Windows\System\BOaRtVU.exe
  2⤵
  PID:9740
- C:\Windows\System\ostEmUa.exe
  C:\Windows\System\ostEmUa.exe
  2⤵
  PID:2196
- C:\Windows\System\MtFBiSO.exe
  C:\Windows\System\MtFBiSO.exe
  2⤵
  PID:3184
- C:\Windows\System\CdoXOZU.exe
  C:\Windows\System\CdoXOZU.exe
  2⤵
  PID:9776
- C:\Windows\System\lmLkKLL.exe
  C:\Windows\System\lmLkKLL.exe
  2⤵
  PID:9808
- C:\Windows\System\FtoxlPB.exe
  C:\Windows\System\FtoxlPB.exe
  2⤵
  PID:9864
- C:\Windows\System\COhuZNp.exe
  C:\Windows\System\COhuZNp.exe
  2⤵
  PID:9952
- C:\Windows\System\ZceKWVy.exe
  C:\Windows\System\ZceKWVy.exe
  2⤵
  PID:9996
- C:\Windows\System\QGmXpFh.exe
  C:\Windows\System\QGmXpFh.exe
  2⤵
  PID:10032
- C:\Windows\System\zLyQmjW.exe
  C:\Windows\System\zLyQmjW.exe
  2⤵
  PID:10072
- C:\Windows\System\vOAWPFv.exe
  C:\Windows\System\vOAWPFv.exe
  2⤵
  PID:10136
- C:\Windows\System\cNhJMmj.exe
  C:\Windows\System\cNhJMmj.exe
  2⤵
  PID:10180
- C:\Windows\System\wgeLSBS.exe
  C:\Windows\System\wgeLSBS.exe
  2⤵
  PID:9320
- C:\Windows\System\joypsff.exe
  C:\Windows\System\joypsff.exe
  2⤵
  PID:9628
- C:\Windows\System\snMwXEZ.exe
  C:\Windows\System\snMwXEZ.exe
  2⤵
  PID:9748
- C:\Windows\System\BWcXPhP.exe
  C:\Windows\System\BWcXPhP.exe
  2⤵
  PID:2588
- C:\Windows\System\uOLSkLP.exe
  C:\Windows\System\uOLSkLP.exe
  2⤵
  PID:9948
- C:\Windows\System\gjkTWTz.exe
  C:\Windows\System\gjkTWTz.exe
  2⤵
  PID:10124
- C:\Windows\System\tOjbNMs.exe
  C:\Windows\System\tOjbNMs.exe
  2⤵
  PID:8200
- C:\Windows\System\FUQOvoE.exe
  C:\Windows\System\FUQOvoE.exe
  2⤵
  PID:10024
- C:\Windows\System\whVKFJI.exe
  C:\Windows\System\whVKFJI.exe
  2⤵
  PID:9980
- C:\Windows\System\tTSFBGw.exe
  C:\Windows\System\tTSFBGw.exe
  2⤵
  PID:9832
- C:\Windows\System\DRllnRN.exe
  C:\Windows\System\DRllnRN.exe
  2⤵
  PID:10248
- C:\Windows\System\lptxHOo.exe
  C:\Windows\System\lptxHOo.exe
  2⤵
  PID:10276
- C:\Windows\System\gqDQyBV.exe
  C:\Windows\System\gqDQyBV.exe
  2⤵
  PID:10300
- C:\Windows\System\JjntDII.exe
  C:\Windows\System\JjntDII.exe
  2⤵
  PID:10320
- C:\Windows\System\yQksvFH.exe
  C:\Windows\System\yQksvFH.exe
  2⤵
  PID:10360
- C:\Windows\System\plQJIVr.exe
  C:\Windows\System\plQJIVr.exe
  2⤵
  PID:10388
- C:\Windows\System\lFHDCKj.exe
  C:\Windows\System\lFHDCKj.exe
  2⤵
  PID:10416
- C:\Windows\System\tSVZhEV.exe
  C:\Windows\System\tSVZhEV.exe
  2⤵
  PID:10444
- C:\Windows\System\pmOIgTD.exe
  C:\Windows\System\pmOIgTD.exe
  2⤵
  PID:10476
- C:\Windows\System\YECPkmL.exe
  C:\Windows\System\YECPkmL.exe
  2⤵
  PID:10504
- C:\Windows\System\OIKDOoR.exe
  C:\Windows\System\OIKDOoR.exe
  2⤵
  PID:10532
- C:\Windows\System\PezwVoc.exe
  C:\Windows\System\PezwVoc.exe
  2⤵
  PID:10560
- C:\Windows\System\XZcLrGm.exe
  C:\Windows\System\XZcLrGm.exe
  2⤵
  PID:10588
- C:\Windows\System\eVzYvmd.exe
  C:\Windows\System\eVzYvmd.exe
  2⤵
  PID:10616
- C:\Windows\System\SsBufro.exe
  C:\Windows\System\SsBufro.exe
  2⤵
  PID:10644
- C:\Windows\System\ZYGuYtV.exe
  C:\Windows\System\ZYGuYtV.exe
  2⤵
  PID:10672
- C:\Windows\System\phEjovG.exe
  C:\Windows\System\phEjovG.exe
  2⤵
  PID:10700
- C:\Windows\System\PoEPCyi.exe
  C:\Windows\System\PoEPCyi.exe
  2⤵
  PID:10728
- C:\Windows\System\uiMNJmr.exe
  C:\Windows\System\uiMNJmr.exe
  2⤵
  PID:10744
- C:\Windows\System\ICMnjZX.exe
  C:\Windows\System\ICMnjZX.exe
  2⤵
  PID:10784
- C:\Windows\System\bZhqpzL.exe
  C:\Windows\System\bZhqpzL.exe
  2⤵
  PID:10812
- C:\Windows\System\gJChzqn.exe
  C:\Windows\System\gJChzqn.exe
  2⤵
  PID:10840
- C:\Windows\System\hcYPkqu.exe
  C:\Windows\System\hcYPkqu.exe
  2⤵
  PID:10868
- C:\Windows\System\wFYQsWW.exe
  C:\Windows\System\wFYQsWW.exe
  2⤵
  PID:10896
- C:\Windows\System\xlZrzSr.exe
  C:\Windows\System\xlZrzSr.exe
  2⤵
  PID:10920
- C:\Windows\System\nMQVwnn.exe
  C:\Windows\System\nMQVwnn.exe
  2⤵
  PID:10952
- C:\Windows\System\BMtTrec.exe
  C:\Windows\System\BMtTrec.exe
  2⤵
  PID:10980
- C:\Windows\System\ZcolLjG.exe
  C:\Windows\System\ZcolLjG.exe
  2⤵
  PID:11008
- C:\Windows\System\FBNrEwm.exe
  C:\Windows\System\FBNrEwm.exe
  2⤵
  PID:11036
- C:\Windows\System\kIaaZEc.exe
  C:\Windows\System\kIaaZEc.exe
  2⤵
  PID:11064
- C:\Windows\System\LPKiurp.exe
  C:\Windows\System\LPKiurp.exe
  2⤵
  PID:11092
- C:\Windows\System\CkcifjP.exe
  C:\Windows\System\CkcifjP.exe
  2⤵
  PID:11120
- C:\Windows\System\EdzeeEw.exe
  C:\Windows\System\EdzeeEw.exe
  2⤵
  PID:11148
- C:\Windows\System\uEMLrME.exe
  C:\Windows\System\uEMLrME.exe
  2⤵
  PID:11176
- C:\Windows\System\yGtFDbT.exe
  C:\Windows\System\yGtFDbT.exe
  2⤵
  PID:11204
- C:\Windows\System\AhcjyYg.exe
  C:\Windows\System\AhcjyYg.exe
  2⤵
  PID:11232
- C:\Windows\System\bmKgUhy.exe
  C:\Windows\System\bmKgUhy.exe
  2⤵
  PID:11260
- C:\Windows\System\XSFCgvN.exe
  C:\Windows\System\XSFCgvN.exe
  2⤵
  PID:10292
- C:\Windows\System\tgatMOf.exe
  C:\Windows\System\tgatMOf.exe
  2⤵
  PID:10344
- C:\Windows\System\HkDuwHK.exe
  C:\Windows\System\HkDuwHK.exe
  2⤵
  PID:10384
- C:\Windows\System\FeBwrzb.exe
  C:\Windows\System\FeBwrzb.exe
  2⤵
  PID:10436
- C:\Windows\System\vfWTfuK.exe
  C:\Windows\System\vfWTfuK.exe
  2⤵
  PID:10496
- C:\Windows\System\PJCVNgR.exe
  C:\Windows\System\PJCVNgR.exe
  2⤵
  PID:10584
- C:\Windows\System\JtXQsqr.exe
  C:\Windows\System\JtXQsqr.exe
  2⤵
  PID:10656
- C:\Windows\System\mHLXaXA.exe
  C:\Windows\System\mHLXaXA.exe
  2⤵
  PID:10720
- C:\Windows\System\CEiYmKt.exe
  C:\Windows\System\CEiYmKt.exe
  2⤵
  PID:10768
- C:\Windows\System\hQIPJTK.exe
  C:\Windows\System\hQIPJTK.exe
  2⤵
  PID:10880
- C:\Windows\System\rPCykwa.exe
  C:\Windows\System\rPCykwa.exe
  2⤵
  PID:10944
- C:\Windows\System\MMTsiWB.exe
  C:\Windows\System\MMTsiWB.exe
  2⤵
  PID:11004
- C:\Windows\System\MTxnbVf.exe
  C:\Windows\System\MTxnbVf.exe
  2⤵
  PID:11076
- C:\Windows\System\lDTOFRV.exe
  C:\Windows\System\lDTOFRV.exe
  2⤵
  PID:11140
- C:\Windows\System\dZPrVwB.exe
  C:\Windows\System\dZPrVwB.exe
  2⤵
  PID:11200
- C:\Windows\System\FNmJgBo.exe
  C:\Windows\System\FNmJgBo.exe
  2⤵
  PID:10260
- C:\Windows\System\HVQYwXZ.exe
  C:\Windows\System\HVQYwXZ.exe
  2⤵
  PID:10332
- C:\Windows\System\qRJUwPe.exe
  C:\Windows\System\qRJUwPe.exe
  2⤵
  PID:10472
- C:\Windows\System\qmIVJgQ.exe
  C:\Windows\System\qmIVJgQ.exe
  2⤵
  PID:10736
- C:\Windows\System\ejZcVnv.exe
  C:\Windows\System\ejZcVnv.exe
  2⤵
  PID:10824
- C:\Windows\System\xAdzOUR.exe
  C:\Windows\System\xAdzOUR.exe
  2⤵
  PID:10992
- C:\Windows\System\pDxiTrD.exe
  C:\Windows\System\pDxiTrD.exe
  2⤵
  PID:11168
- C:\Windows\System\eBMmCfY.exe
  C:\Windows\System\eBMmCfY.exe
  2⤵
  PID:10308
- C:\Windows\System\mQQdeLg.exe
  C:\Windows\System\mQQdeLg.exe
  2⤵
  PID:10696
- C:\Windows\System\pwGbixw.exe
  C:\Windows\System\pwGbixw.exe
  2⤵
  PID:11228
- C:\Windows\System\GzQgiqN.exe
  C:\Windows\System\GzQgiqN.exe
  2⤵
  PID:10636
- C:\Windows\System\VgGIcXO.exe
  C:\Windows\System\VgGIcXO.exe
  2⤵
  PID:10408
- C:\Windows\System\bSmwlNj.exe
  C:\Windows\System\bSmwlNj.exe
  2⤵
  PID:11288
- C:\Windows\System\HFEaGUP.exe
  C:\Windows\System\HFEaGUP.exe
  2⤵
  PID:11316
- C:\Windows\System\mNuMKjC.exe
  C:\Windows\System\mNuMKjC.exe
  2⤵
  PID:11344
- C:\Windows\System\GpJPJca.exe
  C:\Windows\System\GpJPJca.exe
  2⤵
  PID:11372
- C:\Windows\System\tPQeQMc.exe
  C:\Windows\System\tPQeQMc.exe
  2⤵
  PID:11400
- C:\Windows\System\cNIIYjA.exe
  C:\Windows\System\cNIIYjA.exe
  2⤵
  PID:11428
- C:\Windows\System\Ompkyqq.exe
  C:\Windows\System\Ompkyqq.exe
  2⤵
  PID:11456
- C:\Windows\System\NrIvYgZ.exe
  C:\Windows\System\NrIvYgZ.exe
  2⤵
  PID:11484
- C:\Windows\System\VLJtCNO.exe
  C:\Windows\System\VLJtCNO.exe
  2⤵
  PID:11512
- C:\Windows\System\wxwdCRR.exe
  C:\Windows\System\wxwdCRR.exe
  2⤵
  PID:11540
- C:\Windows\System\ALjFnoz.exe
  C:\Windows\System\ALjFnoz.exe
  2⤵
  PID:11568
- C:\Windows\System\YiqCXzz.exe
  C:\Windows\System\YiqCXzz.exe
  2⤵
  PID:11596
- C:\Windows\System\ZyunHLo.exe
  C:\Windows\System\ZyunHLo.exe
  2⤵
  PID:11624
- C:\Windows\System\gzwiHSu.exe
  C:\Windows\System\gzwiHSu.exe
  2⤵
  PID:11652
- C:\Windows\System\lJZSLLw.exe
  C:\Windows\System\lJZSLLw.exe
  2⤵
  PID:11680
- C:\Windows\System\tDdSZkV.exe
  C:\Windows\System\tDdSZkV.exe
  2⤵
  PID:11708
- C:\Windows\System\uParVZv.exe
  C:\Windows\System\uParVZv.exe
  2⤵
  PID:11736
- C:\Windows\System\fbtXdwW.exe
  C:\Windows\System\fbtXdwW.exe
  2⤵
  PID:11764
- C:\Windows\System\cYbgMRC.exe
  C:\Windows\System\cYbgMRC.exe
  2⤵
  PID:11792
- C:\Windows\System\LeQruAm.exe
  C:\Windows\System\LeQruAm.exe
  2⤵
  PID:11820
- C:\Windows\System\GtNdsUK.exe
  C:\Windows\System\GtNdsUK.exe
  2⤵
  PID:11848
- C:\Windows\System\ikpGQkt.exe
  C:\Windows\System\ikpGQkt.exe
  2⤵
  PID:11876
- C:\Windows\System\oxZXhqR.exe
  C:\Windows\System\oxZXhqR.exe
  2⤵
  PID:11896
- C:\Windows\System\pGallPL.exe
  C:\Windows\System\pGallPL.exe
  2⤵
  PID:11932
- C:\Windows\System\lfgIAQd.exe
  C:\Windows\System\lfgIAQd.exe
  2⤵
  PID:11960
- C:\Windows\System\qWZSvrV.exe
  C:\Windows\System\qWZSvrV.exe
  2⤵
  PID:11988
- C:\Windows\System\MEfKIfa.exe
  C:\Windows\System\MEfKIfa.exe
  2⤵
  PID:12016
- C:\Windows\System\rKszpDU.exe
  C:\Windows\System\rKszpDU.exe
  2⤵
  PID:12044
- C:\Windows\System\xeZmVKi.exe
  C:\Windows\System\xeZmVKi.exe
  2⤵
  PID:12072
- C:\Windows\System\mRynfwb.exe
  C:\Windows\System\mRynfwb.exe
  2⤵
  PID:12100
- C:\Windows\System\xtKqXHX.exe
  C:\Windows\System\xtKqXHX.exe
  2⤵
  PID:12128
- C:\Windows\System\cjthIKw.exe
  C:\Windows\System\cjthIKw.exe
  2⤵
  PID:12156
- C:\Windows\System\ExsLlxb.exe
  C:\Windows\System\ExsLlxb.exe
  2⤵
  PID:12184
- C:\Windows\System\ZdQYkHC.exe
  C:\Windows\System\ZdQYkHC.exe
  2⤵
  PID:12212
- C:\Windows\System\yDLxWIP.exe
  C:\Windows\System\yDLxWIP.exe
  2⤵
  PID:12240
- C:\Windows\System\HBseWsi.exe
  C:\Windows\System\HBseWsi.exe
  2⤵
  PID:12280
- C:\Windows\System\UybSXuy.exe
  C:\Windows\System\UybSXuy.exe
  2⤵
  PID:11272
- C:\Windows\System\bmKXFGY.exe
  C:\Windows\System\bmKXFGY.exe
  2⤵
  PID:11336
- C:\Windows\System\bqKRnQF.exe
  C:\Windows\System\bqKRnQF.exe
  2⤵
  PID:11396
- C:\Windows\System\GTlAXDz.exe
  C:\Windows\System\GTlAXDz.exe
  2⤵
  PID:11468
- C:\Windows\System\fhyaFId.exe
  C:\Windows\System\fhyaFId.exe
  2⤵
  PID:11528
- C:\Windows\System\fqHOycI.exe
  C:\Windows\System\fqHOycI.exe
  2⤵
  PID:11612
- C:\Windows\System\JlcNbIk.exe
  C:\Windows\System\JlcNbIk.exe
  2⤵
  PID:11676
- C:\Windows\System\JVGwPWT.exe
  C:\Windows\System\JVGwPWT.exe
  2⤵
  PID:11748
- C:\Windows\System\bSNkGJz.exe
  C:\Windows\System\bSNkGJz.exe
  2⤵
  PID:11816
- C:\Windows\System\lMpCxhx.exe
  C:\Windows\System\lMpCxhx.exe
  2⤵
  PID:11872
- C:\Windows\System\LgsskvO.exe
  C:\Windows\System\LgsskvO.exe
  2⤵
  PID:11952
- C:\Windows\System\QvfNfwV.exe
  C:\Windows\System\QvfNfwV.exe
  2⤵
  PID:12012
- C:\Windows\System\NCtJENk.exe
  C:\Windows\System\NCtJENk.exe
  2⤵
  PID:12084
- C:\Windows\System\MQrbUkZ.exe
  C:\Windows\System\MQrbUkZ.exe
  2⤵
  PID:12148
- C:\Windows\System\dnVxamk.exe
  C:\Windows\System\dnVxamk.exe
  2⤵
  PID:12180
- C:\Windows\System\aYpbauD.exe
  C:\Windows\System\aYpbauD.exe
  2⤵
  PID:10464
- C:\Windows\System\yubMNYC.exe
  C:\Windows\System\yubMNYC.exe
  2⤵
  PID:11364
- C:\Windows\System\FDbTTid.exe
  C:\Windows\System\FDbTTid.exe
  2⤵
  PID:2944
- C:\Windows\System\WGHWztU.exe
  C:\Windows\System\WGHWztU.exe
  2⤵
  PID:11452
- C:\Windows\System\LaNEJxe.exe
  C:\Windows\System\LaNEJxe.exe
  2⤵
  PID:11640
- C:\Windows\System\oiGBVIU.exe
  C:\Windows\System\oiGBVIU.exe
  2⤵
  PID:11668
- C:\Windows\System\TJVOCzY.exe
  C:\Windows\System\TJVOCzY.exe
  2⤵
  PID:5704
- C:\Windows\System\VrTzxtW.exe
  C:\Windows\System\VrTzxtW.exe
  2⤵
  PID:11804
- C:\Windows\System\EicXlks.exe
  C:\Windows\System\EicXlks.exe
  2⤵
  PID:12004
- C:\Windows\System\uHkaftI.exe
  C:\Windows\System\uHkaftI.exe
  2⤵
  PID:12112
- C:\Windows\System\sDNAXsX.exe
  C:\Windows\System\sDNAXsX.exe
  2⤵
  PID:12260
- C:\Windows\System\nADZmza.exe
  C:\Windows\System\nADZmza.exe
  2⤵
  PID:11448
- C:\Windows\System\jLNifLt.exe
  C:\Windows\System\jLNifLt.exe
  2⤵
  PID:5688
- C:\Windows\System\fnMQhMQ.exe
  C:\Windows\System\fnMQhMQ.exe
  2⤵
  PID:1260
- C:\Windows\System\PzmTJNg.exe
  C:\Windows\System\PzmTJNg.exe
  2⤵
  PID:12208
- C:\Windows\System\pwnUwzu.exe
  C:\Windows\System\pwnUwzu.exe
  2⤵
  PID:6028
- C:\Windows\System\IrjKVvz.exe
  C:\Windows\System\IrjKVvz.exe
  2⤵
  PID:11584
- C:\Windows\System\jnzvRDO.exe
  C:\Windows\System\jnzvRDO.exe
  2⤵
  PID:12304
- C:\Windows\System\sdhkWnw.exe
  C:\Windows\System\sdhkWnw.exe
  2⤵
  PID:12320
- C:\Windows\System\ldzADOm.exe
  C:\Windows\System\ldzADOm.exe
  2⤵
  PID:12356
- C:\Windows\System\mdaXUwn.exe
  C:\Windows\System\mdaXUwn.exe
  2⤵
  PID:12388
- C:\Windows\System\RAVQzIM.exe
  C:\Windows\System\RAVQzIM.exe
  2⤵
  PID:12416
- C:\Windows\System\HnJtFLT.exe
  C:\Windows\System\HnJtFLT.exe
  2⤵
  PID:12436
- C:\Windows\System\mKtcBoM.exe
  C:\Windows\System\mKtcBoM.exe
  2⤵
  PID:12456
- C:\Windows\System\lKmAUAd.exe
  C:\Windows\System\lKmAUAd.exe
  2⤵
  PID:12480
- C:\Windows\System\xcPmzsA.exe
  C:\Windows\System\xcPmzsA.exe
  2⤵
  PID:12496
- C:\Windows\System\SoJUcPu.exe
  C:\Windows\System\SoJUcPu.exe
  2⤵
  PID:12516
- C:\Windows\System\eHpxOXV.exe
  C:\Windows\System\eHpxOXV.exe
  2⤵
  PID:12536
- C:\Windows\System\XrkIGOO.exe
  C:\Windows\System\XrkIGOO.exe
  2⤵
  PID:12556
- C:\Windows\System\cQBXFJw.exe
  C:\Windows\System\cQBXFJw.exe
  2⤵
  PID:12576
- C:\Windows\System\sBBaUJS.exe
  C:\Windows\System\sBBaUJS.exe
  2⤵
  PID:12600
- C:\Windows\System\DbYvMhN.exe
  C:\Windows\System\DbYvMhN.exe
  2⤵
  PID:12620
- C:\Windows\System\jGxzSZY.exe
  C:\Windows\System\jGxzSZY.exe
  2⤵
  PID:12640
- C:\Windows\System\onMenNH.exe
  C:\Windows\System\onMenNH.exe
  2⤵
  PID:12664
- C:\Windows\System\dLuogkP.exe
  C:\Windows\System\dLuogkP.exe
  2⤵
  PID:12692
- C:\Windows\System\xYBhpmt.exe
  C:\Windows\System\xYBhpmt.exe
  2⤵
  PID:12720
- C:\Windows\System\NZvFFzC.exe
  C:\Windows\System\NZvFFzC.exe
  2⤵
  PID:12740
- C:\Windows\System\xYYpYDZ.exe
  C:\Windows\System\xYYpYDZ.exe
  2⤵
  PID:12756
- C:\Windows\System\HZQrzWl.exe
  C:\Windows\System\HZQrzWl.exe
  2⤵
  PID:12784
- C:\Windows\System\LMaNKZX.exe
  C:\Windows\System\LMaNKZX.exe
  2⤵
  PID:12828
- C:\Windows\System\tTlOtmS.exe
  C:\Windows\System\tTlOtmS.exe
  2⤵
  PID:12844
- C:\Windows\System\YEpdSYv.exe
  C:\Windows\System\YEpdSYv.exe
  2⤵
  PID:12884
- C:\Windows\System\IiUYHme.exe
  C:\Windows\System\IiUYHme.exe
  2⤵
  PID:12908
- C:\Windows\System\EAAlrcd.exe
  C:\Windows\System\EAAlrcd.exe
  2⤵
  PID:12968
- C:\Windows\System\zjqyOYh.exe
  C:\Windows\System\zjqyOYh.exe
  2⤵
  PID:13004
- C:\Windows\System\wKeiNEN.exe
  C:\Windows\System\wKeiNEN.exe
  2⤵
  PID:13060
- C:\Windows\System\aggoxSN.exe
  C:\Windows\System\aggoxSN.exe
  2⤵
  PID:13092
- C:\Windows\System\vHmSXCq.exe
  C:\Windows\System\vHmSXCq.exe
  2⤵
  PID:13120
- C:\Windows\System\bZxZehG.exe
  C:\Windows\System\bZxZehG.exe
  2⤵
  PID:13140
- C:\Windows\System\XHgmCPz.exe
  C:\Windows\System\XHgmCPz.exe
  2⤵
  PID:13172
- C:\Windows\System\KazdsbZ.exe
  C:\Windows\System\KazdsbZ.exe
  2⤵
  PID:13212
- C:\Windows\System\gyRoVun.exe
  C:\Windows\System\gyRoVun.exe
  2⤵
  PID:13256
- C:\Windows\System\SUTuHnJ.exe
  C:\Windows\System\SUTuHnJ.exe
  2⤵
  PID:13280
- C:\Windows\System\lAVxJay.exe
  C:\Windows\System\lAVxJay.exe
  2⤵
  PID:12316
- C:\Windows\System\JcEwteD.exe
  C:\Windows\System\JcEwteD.exe
  2⤵
  PID:12340
- C:\Windows\System\rnjeHNK.exe
  C:\Windows\System\rnjeHNK.exe
  2⤵
  PID:12488
- C:\Windows\System\uBzNtsX.exe
  C:\Windows\System\uBzNtsX.exe
  2⤵
  PID:12444
- C:\Windows\System\yzVUqCL.exe
  C:\Windows\System\yzVUqCL.exe
  2⤵
  PID:12472
- C:\Windows\System\BfpJlhg.exe
  C:\Windows\System\BfpJlhg.exe
  2⤵
  PID:12528
- C:\Windows\System\nWLIQSM.exe
  C:\Windows\System\nWLIQSM.exe
  2⤵
  PID:12616
- C:\Windows\System\vMEbfZs.exe
  C:\Windows\System\vMEbfZs.exe
  2⤵
  PID:12708
- C:\Windows\System\GLFoIFa.exe
  C:\Windows\System\GLFoIFa.exe
  2⤵
  PID:12764
- C:\Windows\System\kQznvol.exe
  C:\Windows\System\kQznvol.exe
  2⤵
  PID:13032
- C:\Windows\System\rHDtjvY.exe
  C:\Windows\System\rHDtjvY.exe
  2⤵
  PID:13132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dwozdniy.onu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CgRAeHs.exe

Filesize
2.9MB

MD5
32bef4659b0aa54fe4b27c19caa3b35c

SHA1
1765ec63d4d659deccf99709ff795830ab05d478

SHA256
62443e3c2694c3052542614b7d9e6a96103d2d0ae5bd66eeb4f64761ebeb32b9

SHA512
95de81b1870c677f55021e7cedfba2a2a4fc8218fac6e77e8d1fd1986943ee05d58df5c9ba00818b0877f6a564ff03ab5cb36647032fe9ea80660613bf6edc54

Download Submit
C:\Windows\System\DNGJtVO.exe

Filesize
2.9MB

MD5
3da4a966bfb1b71d9a2b3614e8a84b8c

SHA1
67ea69665a5a705f24a17156fdb2677bae1a13a1

SHA256
703dd338f3452cc3a9b590f9e386308aa45048d98d04ca83b71855a0d24c5625

SHA512
3bfb489e19b047fdedb9b2618cf679c1409b2a991cf6d941b505fe572006a9235aa6ed24c12c10c1e6220cfdce67f201b3e0640976daae5ee063b212e9c78b2a

Download Submit
C:\Windows\System\EvUpiYT.exe

Filesize
2.9MB

MD5
357dd27841ad0ae1f4e6313c35c0f728

SHA1
bc5ad2806f1295d477859d6e6cc04f04b9bfa90b

SHA256
8f137040f8c549a27b4c8f5af91562fd00774b27c57a8d6ef4f8637e538f15ee

SHA512
8c77e23eb39c8576844153b18c3b05d0bc8857f8868ae79fbaf0ad48f2e386303c9032cd33da358171477a92c30ad6c2a7b932825882ad058bfd87f22cefec50

Download Submit
C:\Windows\System\FeLngwZ.exe

Filesize
2.9MB

MD5
27d9143a93ab65184924a7048c1cc343

SHA1
4a8cc2d7fc0037712c167df153fe902c14ebcfca

SHA256
43764c568007151ccdca5c52ea0fd06f5b2df513e5de1ebccf2ae16196b952c5

SHA512
31756385c73ea2c9ddc76b16adba4c2a1102e3d108b3a34b1df8e2217b3a4ae8344f9ceea3f3e25e84298985f5e4b99559998b943f9235aec43104b4f60fd79e

Download Submit
C:\Windows\System\GKASAcD.exe

Filesize
2.9MB

MD5
40e5ae12999a655dc6f3f4b4b77858cb

SHA1
8239fa0612a408a1b67c89bfb6f3a73e8eaa71d2

SHA256
916417edeacff2f9059e8417f9db420a1eb5e1df99f1152e4051dca260deb5f1

SHA512
916755a464ebd5d0abc5cbc7991364fd3a9d605ac47a06f935d5d6edd7bb22442ba9584787164e3a898efa2352e95abd221b7f8b0ed97f78fb538845a19f57b3

Download Submit
C:\Windows\System\GKVYTeC.exe

Filesize
2.9MB

MD5
9de6a47cc12ef407772d231c54510a9a

SHA1
8d4c90eecee8bbae512288442072781288587d54

SHA256
3d3bd49cfb38757e73404900d25c7e00a26418746806edeb63db1ebddd9e19cc

SHA512
b1afa2b102a6123868592d4c92ca680532095c1edd5bf216714a2f2890de3fc57fa1716e31801cbcdd887d61737875324a765bb138b251fe9e89bf0610fd6476

Download Submit
C:\Windows\System\HCffYQU.exe

Filesize
2.9MB

MD5
b65576a6741f60aff820073ec5514b6f

SHA1
ead06eef25655c269924a8628d41553d8d450350

SHA256
ee29c839951dfc375312b77a8df27a1056bcde0acb1f2756e4fea5423dda4bd8

SHA512
fb3572e00d545ed91fdd4d923bf23d3612049a5764360ff2447139911b5a2e03e8070ce062ae66df71ea7784e2f65fe3024cd31b6738bcce17e3840e3145d10e

Download Submit
C:\Windows\System\HLWcTGv.exe

Filesize
2.9MB

MD5
f712b5564dff93d4c2c5bb62e0b93d00

SHA1
222d36262760eef5f262cd41733c63439ee5a92d

SHA256
6acf84eb36cb6fb1cc8fdfc185c3eb7397885114d4f8b3da3b31d2c37f3ee690

SHA512
ea195fa443e5bd70cb342069b449fad328b1d6442342f90053ce0f20f745afce744a3e51f77f0d8cdabbb1bbd2844f1132c0dd2c7ebcbe51016e679ae355b3e0

Download Submit
C:\Windows\System\KeasEJJ.exe

Filesize
8B

MD5
97db82559538e82fa3e3e16b4f1effb0

SHA1
1434c2f68ee2195ffe73bf0c8dae4e48e1d6a6a0

SHA256
05f59fd1229bca220b900297bc5c005f46c4da8714ac86605dba6f61017d6963

SHA512
c5c7fbdbcc5a5f76b1845cfff57930626b18c1520ce9a06fc994e30cb62deb94adce5e544104d38b108864d109c240e528ecdd4dde385caaff5817eba04f1326

Download Submit
C:\Windows\System\OgklnAJ.exe

Filesize
2.9MB

MD5
e094c9eb4db35b6c7db9b5219bf2b455

SHA1
0909f2fdc405f0fd1b08fde1ab91f6e2d2838998

SHA256
a9fa1fd473a76197ca5840b1249dc5e717c1ee9302e8f3f964ffff7ef0043d3e

SHA512
13b3f6e619e4fa6c4a3352eeff8214b17d83ac91f277e60f575652a2f0019bc850c5b64be2ee667dbdd65274d1594dcf36f298494de553f96595f79d8957d42d

Download Submit
C:\Windows\System\OtFeDcU.exe

Filesize
2.9MB

MD5
9beb636d0145b3abc445b21321bb123b

SHA1
8e89b352d7661a76f817e36f303ec72945b2a954

SHA256
4d6e5e5f490cbd96b4d2220247baa1b8c989d96b4cc4e08adfe6e8ab0080b2af

SHA512
e43d27648f61b1abdf804c187da9aba73691b5682d42549280c84145e132897a336a406648d7ac5b8867c0813886396ac24f5aac83bedacb3ace6af784dee00a

Download Submit
C:\Windows\System\RUCFmRj.exe

Filesize
2.9MB

MD5
fe1a17de524083c342ca968ea7fcc1d3

SHA1
72ea3b4f52c9da826c4de9b4e0a3da8e0ffd669e

SHA256
0f05cbea4b637d8c43aae3ff25106fead5dff5ed07a012cd9d9faaf0fe3b6fc3

SHA512
ee0d06618007456f2e8c675ae5120a82af5df22f18ac4ecb21f9d22b6082c5608a404a637ac687a1b2a6c66c190c8db6da9acee67ca68acb927deb05d8ee7235

Download Submit
C:\Windows\System\RyaOGYd.exe

Filesize
2.9MB

MD5
61a71d171b2414cc10c97a22b8df7547

SHA1
dfda6d5446bec82a5f392c98f4166e6427b85351

SHA256
1fc3c7a0e5e030417e18b4444e285fd30c8b863874f6fe5d89cd920595021682

SHA512
d6bcd3de1da0c5d979591e006e8d784eb4f238cb9adf36a00b70c4520283e76f868da62386d5fd1a5bd232668781faa4c0d63fb9917374f5c8f9a5df22e3e22a

Download Submit
C:\Windows\System\VnDreLQ.exe

Filesize
2.9MB

MD5
432dfa4e36d24d6b6d3dec2e774c98fc

SHA1
8ec19ea98fee0e7bc676d0cfc27f75b07fdeb8bb

SHA256
80c9ec0fc87622ce5ecb342be28aa2b2bf74e81cb5c9140d2c7ed552b678a10c

SHA512
b93130ccc515b4d2de87d0c2fb168bb3e47d41004db61869b9d03a5e44e11f5ecbf21315aee4dab2ddcae30b951bbd67f107020d05708adc062778f3cd32c83a

Download Submit
C:\Windows\System\XKiPjtk.exe

Filesize
2.9MB

MD5
6ccdbece3b1a812f412223dfee992254

SHA1
5dc1c66f76ff7b4d0db5e803333a2a4115d66839

SHA256
ae235e609d2e71941e57bd396a9c0d06dec7361e448ac638fa86d46ad2da9afb

SHA512
df3eff6ed95172806acb0843fa1c59fdd3842bc5406388cb498c87746d8d30e640ab9e4efc9d9b04a311018646c42cf5e17d4ed3b2ffdd29fba770e11b2f2590

Download Submit
C:\Windows\System\XmHMulr.exe

Filesize
2.9MB

MD5
5154d090b57365c9e2af2bf5e030b957

SHA1
6966142c58d8a9bbe5ae4ab1c37ca4b708bb6ca3

SHA256
a2f3510b85988e04cabb01f68f033d8c67159d206c8a6045dc7789f82d40903a

SHA512
848d607253adadd7d8b7f9878b5e76221625069340b7d5b1e866d78572a33c309b3a7344d71f8e30fd4539d32427bb17a4555089d5f89d23e9542c1757579dc7

Download Submit
C:\Windows\System\YyfPALA.exe

Filesize
2.9MB

MD5
db3da2a1f211499e7bac70b76804f68b

SHA1
2c675afbf855f1639b4b75d8639648c6bfc6fa8f

SHA256
e64c99bee145f17f3d0dab5da62f07cdf538caf98fbfc56179d83a2b367e560b

SHA512
9f018005876084697f64654836f2348217b1fc645d0fd4fa7879135ae52ff1c15be5e7b8a39146942f95fbd992809345970ccda79b708687b3a971577c579a08

Download Submit
C:\Windows\System\ZjRlksD.exe

Filesize
2.9MB

MD5
4f442a1fd7dd8052d7db6407fc250458

SHA1
c03824e4645d6696ffd5b6088729b770650f5f91

SHA256
59e2c9a21f86ae881d3d10b2c168ed5cbefc8c96b998e64474e1f2bdb0a1fad5

SHA512
db79972ddeceb68031141fbe516a255c264fba7ce1eb33086e32b219d70f619d4dcda893e1466cd9c36a433d21403ba110ffa81b584b5985047cdc250cd85cf6

Download Submit
C:\Windows\System\cAnfZUE.exe

Filesize
2.9MB

MD5
db35cdf356773fd670bb758e1123709b

SHA1
bbaeea9014e3102418e7e9f6482c1133e80063dc

SHA256
61167c17be5125a0a5d2a253bb8ce6e4c5328f0eb0a28980e31a6c9e67f989c3

SHA512
22e9ce7d6aff9dae260f92388740dfb8f943aba743267028fc71c160f8e2bdeb41ffd38edbe61606e18763eb496db93cfb21ae7a86f0c73e9abe4c730e8815ae

Download Submit
C:\Windows\System\dgKiRQx.exe

Filesize
2.9MB

MD5
6376048a696d5cec4aa1f3ee77f0716c

SHA1
d50684b5e0e53ef346174d816aec3036e3108a2c

SHA256
59bfb6c44e2be8aa346f6864221687eb2a470e2e5ad372ad973a21d9fa0752d7

SHA512
0c30e8d9869e8c5b63f63e09041c03256c2e454e655bf2cf05d44ed8bbe2de6f5da09789ec912de35daf846c4ba89d489c7848843ee53b70d5b57101cfe80795

Download Submit
C:\Windows\System\fpJkzIb.exe

Filesize
2.9MB

MD5
a240badda63ec9065024d2d2df734228

SHA1
452a488e14d8083dc9619d6ff640bbdf579710d9

SHA256
803c4c62ef000a3e4ca23c30bce7400cf9f42e2ca60e2c84a39263c81086a507

SHA512
ec076ee1b5b5fb0df3d9c25459b0d289ccada0fb386cd63d32ccc540c9089ce5ad673457315a717c57990e43f80958499d1253a4fe4f2f08a4b66372f47c0e3e

Download Submit
C:\Windows\System\gqTMudf.exe

Filesize
2.9MB

MD5
150d0294523d0c7a2a44647b2fbdd593

SHA1
7fd2cdaa67e5d47d95384177a25d1ae271766588

SHA256
b0672764296eb0867e20e5d5efec122ce9f9ed5d148e09bb113d41aa7f024875

SHA512
da6c48f85fc518c5e48da6a19821644dd1eeb29808e05e658706f0a6a758f44774126097f58f716616dbcebb0889ae8d8f213844de18cd1d6167d20cd68b982e

Download Submit
C:\Windows\System\hFyNMFi.exe

Filesize
2.9MB

MD5
b3057cdf70cef3adf37c656c4e80a01b

SHA1
c26b94c948bb79ae037e4953be727d51008c87ef

SHA256
9b9eeb46f0b1ce596165f1a9f188b7e0f2db51cb4cf40c59e4bcd9ac7fa4bf5e

SHA512
390769b544da9d1fa2bb0d3e7d766be84113d5f7c87909f923ed93e9227ea484f7dba5ad67729d16843eef679310ecfcdc472cf9f4a94c61fac048f5e9e93e57

Download Submit
C:\Windows\System\iYHlkNt.exe

Filesize
2.9MB

MD5
f8291fa2b2e1fad33bd203c98c534590

SHA1
6ffb62969b76eec7711daf6029ebbc834dbf7d95

SHA256
48c409e98fb440ae09630905cabfac49ef9646a422f059ea28bca85d36d1e8ee

SHA512
010475f4ccacb4d5f8272a7b4f2fabb81995f82ee04648e7edea724797d8fc8683f3976fd519c44b361f5cbac96c4f57ab8a9b79a4c637e5ec4f9f25f2ec1568

Download Submit
C:\Windows\System\mcsRoto.exe

Filesize
2.9MB

MD5
55341dd22c1406cb590bf1ab9b81a90c

SHA1
678ec466f4ebdb3be2b5997ec29ccc0e39afd1b8

SHA256
d302fc650ba3462d9db9b30c19afa1da570bcaacfa3ec03629aa0754043460a5

SHA512
3fbc8e4939825efdf8cd2c98b8958ae9d734736e4ade677e58cb0e748415c3e87d5a4d46a060d6443f7f3e4ca6d13e51fc7083c8544f3e76c407c3e5d076d10b

Download Submit
C:\Windows\System\nMlnujV.exe

Filesize
2.9MB

MD5
dfa00a61f16b63e6fc2a913eceb20fbc

SHA1
def3fc83dd5254c79fe7272c6d87dd6e2435120f

SHA256
81a9502885c8a8dd37b812ae047d8a25aa5a01cbf22834fedac5146b0a9a293c

SHA512
10505e0600e287840c6da80e67a91a2aecc1a128d8936b69af3e9f1d5d256db36eb9c8076281c86c14f567cedc5a0395f494f36c7152fe488e878514039d8fb8

Download Submit
C:\Windows\System\ooKvpgA.exe

Filesize
2.9MB

MD5
ccc61ecb99ebc16041fb46b5c3815501

SHA1
f4cbed16d5abc4ab3e58850c89b259e551eda5b0

SHA256
bbd0ee0ca1794ffa2fbdd963c3966efaa23d81053a2847c6ee3dfd2b0e31f8f6

SHA512
4f02ced04a7d8f83884c0034a4e61e3eb0414eb567bda7e695d381baa950ca0bce0e7d23d1e00b14c70aa7333b4a76e70bb4860b337f1caf7a073859944daa79

Download Submit
C:\Windows\System\pDqbXbd.exe

Filesize
2.9MB

MD5
37233cf6f2b0935f2b5d19dfc41dac65

SHA1
957513e3471eea86425128a72daf68d81e620ab3

SHA256
fbf41d2609224156384eee3db60160e95e6b6a8a36942ec7f493b9d3fb98f8fc

SHA512
d5bde1275cb9e169c64acde993e5d36fa9af32b72b9eca2fbce97d824b78e949ebef2ddca167f4d4ac14d12b77032a62daf1ea2ec61d732a0d0930e5d8ddbf73

Download Submit
C:\Windows\System\ppbAaUm.exe

Filesize
2.9MB

MD5
42386b9d82db54f742f0c76d30c923fe

SHA1
9c69074fda4ba98f50b55e8b69a31d6b39f25c28

SHA256
fb131cd9996ced3ed66ebcc125de25e7a74ace6e5e2b5fb5c37d4010914d1296

SHA512
4730d7b651089c0e257fd2be7a2667731c3ab3afa48e6667b37f68d1c6696c7a794bf1f2c992ea09900c57e4f9761ead5c74be13ee29ca6c497dfa05967c4774

Download Submit
C:\Windows\System\qsXIikK.exe

Filesize
2.9MB

MD5
07d2ce4f3f676745a924dd8ea4ec6455

SHA1
1325df797d0b358c0d59fa910827293a9acaedcb

SHA256
9c657a759d8a8a9b3aeb666a086f37d80e586a4e9211e4b57d1feea947615b5c

SHA512
8d7573d0f6a8cde6555f36fcc981ba3f7bb40f326f18014f81a4653f851592347266dc6756e34f186a4971f19686346acb6e2662a5ab9e408977fdc55fc1ad5a

Download Submit
C:\Windows\System\spJbUeL.exe

Filesize
2.9MB

MD5
3a77f546b9e2842855481d4b0157667b

SHA1
8a4bb11c059002b4f5495f6534a82ef55051e87c

SHA256
e8ece0c6ef1784abe0b7eb232730d4ab52588f52b792d5d6d8e1ba3637226210

SHA512
e1a0b5ff0bc074e9ba9a961d077bdb3b9c000d06876b20f5304ef0f9b90a600f2d9f64254490d8498cf15bbc81e0eaa6d186a4fbe80849b34c6dcd5f5a1c1c3e

Download Submit
C:\Windows\System\toDqCAD.exe

Filesize
2.9MB

MD5
a69730bbb812acd46118a777e008ef36

SHA1
9974def6ea25b790150f6e447d52a70c6afde705

SHA256
32c73c4c29fd1a268104f942e28e3930675f0b6db390aa010729ad16832963a2

SHA512
67962f0336e8813272c1e4265267f2e7a526f8acd0e29a9294ceaf2bde4ca21c7cac87a365d5dd0f0f4dfed4c5f9f8aea2a454e50eb993389ed80d27e826843e

Download Submit
C:\Windows\System\vIZZJIW.exe

Filesize
2.9MB

MD5
e3592e1bae613f1715f5cf04406a8302

SHA1
25a83a5a3c3a202b42f6ea74b8679e5ba9308646

SHA256
ba4374aa9e71121dcb058fa8343cae94eac9d45e76ef6480291abac82c1110fe

SHA512
81c4c2093c8115bc7ab838844163f38872594c2fb797be053753de49a1fb6f109f1c258de6fc301e0222b00061d05d409e5cd0e062aa7611fd08c939afcc3ce0

Download Submit
C:\Windows\System\xFCVMZS.exe

Filesize
2.9MB

MD5
041d4e6d895b70728f4ac8c62b6793b7

SHA1
e7e26f55f87113f19884e2b35f661e0476544ac3

SHA256
d4a0a68a30f0561321608219b2248fdd9feab68d8b5466060b86710e853c24b6

SHA512
cbebe1ba490c3bdbf945a65fe1faaf53a8048867b418bede719e398d7bf5f72ad18a244b206c3b48bf404ee6d21f199a833d3bdc30135390240c531cc9e8aae9

Download Submit
C:\Windows\System\xqDhgNr.exe

Filesize
2.9MB

MD5
61a105982756299fcdafcdce1f5884fb

SHA1
eb3e845dec2410d12698d8dc189f526a79519de4

SHA256
88b7306e117e94591bb8630f660b57e901ed493b5f61449e17b5c749d8058602

SHA512
d3228ec714cf56cabee9bae9c1e859a35538cb13832b1138b469c98115663e2ea858381edee4dfaca4b61aa8457eff986e04b7898ba93da2947c11ac268cb8aa

Download Submit
C:\Windows\System\ysiOPYw.exe

Filesize
2.9MB

MD5
e45f4cb1aeeb598fee27251e4ff93867

SHA1
995dab92ffc0c138a6ed181de410bdf947e17bea

SHA256
28b0a1943c22fef0cd4be463a459764c343854545193fa1f862a349c118faade

SHA512
a638032639a5ee4c1d6e01b3d9cd68a3b81c1976bdcc84afdb32f9ca2c8eebe3f34b8c8e3f675ed7f5d44f3786c92f0223b456f5bf7625643e53a80b4687fdd8

Download Submit
memory/620-2198-0x00007FF719410000-0x00007FF719806000-memory.dmp

Filesize
4.0MB

Download
memory/620-125-0x00007FF719410000-0x00007FF719806000-memory.dmp

Filesize
4.0MB

Download
memory/936-2180-0x00007FF79A2D0000-0x00007FF79A6C6000-memory.dmp

Filesize
4.0MB

Download
memory/936-402-0x00007FF79A2D0000-0x00007FF79A6C6000-memory.dmp

Filesize
4.0MB

Download
memory/936-2204-0x00007FF79A2D0000-0x00007FF79A6C6000-memory.dmp

Filesize
4.0MB

Download
memory/1012-2183-0x00007FF7EE550000-0x00007FF7EE946000-memory.dmp

Filesize
4.0MB

Download
memory/1012-113-0x00007FF7EE550000-0x00007FF7EE946000-memory.dmp

Filesize
4.0MB

Download
memory/1204-2181-0x00007FF685760000-0x00007FF685B56000-memory.dmp

Filesize
4.0MB

Download
memory/1204-128-0x00007FF685760000-0x00007FF685B56000-memory.dmp

Filesize
4.0MB

Download
memory/1252-126-0x00007FF6D06C0000-0x00007FF6D0AB6000-memory.dmp

Filesize
4.0MB

Download
memory/1252-2196-0x00007FF6D06C0000-0x00007FF6D0AB6000-memory.dmp

Filesize
4.0MB

Download
memory/1384-117-0x00007FF6C0140000-0x00007FF6C0536000-memory.dmp

Filesize
4.0MB

Download
memory/1384-2188-0x00007FF6C0140000-0x00007FF6C0536000-memory.dmp

Filesize
4.0MB

Download
memory/1400-112-0x00007FF69E8A0000-0x00007FF69EC96000-memory.dmp

Filesize
4.0MB

Download
memory/1400-2189-0x00007FF69E8A0000-0x00007FF69EC96000-memory.dmp

Filesize
4.0MB

Download
memory/1404-2182-0x00007FF72C800000-0x00007FF72CBF6000-memory.dmp

Filesize
4.0MB

Download
memory/1404-103-0x00007FF72C800000-0x00007FF72CBF6000-memory.dmp

Filesize
4.0MB

Download
memory/1484-2186-0x00007FF65D050000-0x00007FF65D446000-memory.dmp

Filesize
4.0MB

Download
memory/1484-115-0x00007FF65D050000-0x00007FF65D446000-memory.dmp

Filesize
4.0MB

Download
memory/1612-2193-0x00007FF6DC5F0000-0x00007FF6DC9E6000-memory.dmp

Filesize
4.0MB

Download
memory/1612-122-0x00007FF6DC5F0000-0x00007FF6DC9E6000-memory.dmp

Filesize
4.0MB

Download
memory/2104-2190-0x00007FF7CF820000-0x00007FF7CFC16000-memory.dmp

Filesize
4.0MB

Download
memory/2104-116-0x00007FF7CF820000-0x00007FF7CFC16000-memory.dmp

Filesize
4.0MB

Download
memory/2144-2185-0x00007FF7E13E0000-0x00007FF7E17D6000-memory.dmp

Filesize
4.0MB

Download
memory/2144-118-0x00007FF7E13E0000-0x00007FF7E17D6000-memory.dmp

Filesize
4.0MB

Download
memory/2344-414-0x00007FF783C80000-0x00007FF784076000-memory.dmp

Filesize
4.0MB

Download
memory/2344-2203-0x00007FF783C80000-0x00007FF784076000-memory.dmp

Filesize
4.0MB

Download
memory/2420-2184-0x00007FF6EF890000-0x00007FF6EFC86000-memory.dmp

Filesize
4.0MB

Download
memory/2420-119-0x00007FF6EF890000-0x00007FF6EFC86000-memory.dmp

Filesize
4.0MB

Download
memory/2968-369-0x00007FF741880000-0x00007FF741C76000-memory.dmp

Filesize
4.0MB

Download
memory/2968-2202-0x00007FF741880000-0x00007FF741C76000-memory.dmp

Filesize
4.0MB

Download
memory/2976-2201-0x00007FF755180000-0x00007FF755576000-memory.dmp

Filesize
4.0MB

Download
memory/2976-364-0x00007FF755180000-0x00007FF755576000-memory.dmp

Filesize
4.0MB

Download
memory/3020-123-0x00007FF623930000-0x00007FF623D26000-memory.dmp

Filesize
4.0MB

Download
memory/3020-2199-0x00007FF623930000-0x00007FF623D26000-memory.dmp

Filesize
4.0MB

Download
memory/3136-358-0x00007FF79B260000-0x00007FF79B656000-memory.dmp

Filesize
4.0MB

Download
memory/3136-2200-0x00007FF79B260000-0x00007FF79B656000-memory.dmp

Filesize
4.0MB

Download
memory/3332-2197-0x00007FF6A67E0000-0x00007FF6A6BD6000-memory.dmp

Filesize
4.0MB

Download
memory/3332-124-0x00007FF6A67E0000-0x00007FF6A6BD6000-memory.dmp

Filesize
4.0MB

Download
memory/3880-2195-0x00007FF63B140000-0x00007FF63B536000-memory.dmp

Filesize
4.0MB

Download
memory/3880-127-0x00007FF63B140000-0x00007FF63B536000-memory.dmp

Filesize
4.0MB

Download
memory/3984-95-0x00007FF816410000-0x00007FF816ED1000-memory.dmp

Filesize
10.8MB

Download
memory/3984-2179-0x00007FF816413000-0x00007FF816415000-memory.dmp

Filesize
8KB

Download
memory/3984-48-0x00007FF816410000-0x00007FF816ED1000-memory.dmp

Filesize
10.8MB

Download
memory/3984-130-0x0000024553F30000-0x00000245546D6000-memory.dmp

Filesize
7.6MB

Download
memory/3984-100-0x0000024553400000-0x0000024553422000-memory.dmp

Filesize
136KB

Download
memory/3984-5-0x00007FF816413000-0x00007FF816415000-memory.dmp

Filesize
8KB

Download
memory/3984-1907-0x00007FF816410000-0x00007FF816ED1000-memory.dmp

Filesize
10.8MB

Download
memory/4316-114-0x00007FF7BAC80000-0x00007FF7BB076000-memory.dmp

Filesize
4.0MB

Download
memory/4316-2187-0x00007FF7BAC80000-0x00007FF7BB076000-memory.dmp

Filesize
4.0MB

Download
memory/4344-1897-0x00007FF706D80000-0x00007FF707176000-memory.dmp

Filesize
4.0MB

Download
memory/4344-0-0x00007FF706D80000-0x00007FF707176000-memory.dmp

Filesize
4.0MB

Download
memory/4344-1-0x00000131DF1B0000-0x00000131DF1C0000-memory.dmp

Filesize
64KB

Download
memory/4424-2194-0x00007FF6AF8B0000-0x00007FF6AFCA6000-memory.dmp

Filesize
4.0MB

Download
memory/4424-120-0x00007FF6AF8B0000-0x00007FF6AFCA6000-memory.dmp

Filesize
4.0MB

Download
memory/4644-2192-0x00007FF74B740000-0x00007FF74BB36000-memory.dmp

Filesize
4.0MB

Download
memory/4644-121-0x00007FF74B740000-0x00007FF74BB36000-memory.dmp

Filesize
4.0MB

Download
memory/5004-2191-0x00007FF61D7F0000-0x00007FF61DBE6000-memory.dmp

Filesize
4.0MB

Download
memory/5004-129-0x00007FF61D7F0000-0x00007FF61DBE6000-memory.dmp

Filesize
4.0MB

Download