xmrig | 3ef82713d883f0c3cbb7f3afe4b71abaa41fda7c418eb971da3b1144bfcacc85

Analysis

max time kernel
60s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
Size

3.1MB
MD5

7d605251181cea68a3298cb3a5bf3860
SHA1

c0e05ef90cdfbe402c2f057bf1e554a211d67c20
SHA256

3ef82713d883f0c3cbb7f3afe4b71abaa41fda7c418eb971da3b1144bfcacc85
SHA512

868da285779a2454c8a7557c802c60e4348d297ec14851155b6621b49fd910ece066fa5c7871acbba92597e29ab2238f862bd38c527612c35497217136dbcd12
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWK:7bBeSFk+

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1020-0-0x00007FF600970000-0x00007FF600D66000-memory.dmp	xmrig
behavioral2/files/0x0008000000022f51-5.dat	xmrig
behavioral2/files/0x0007000000023413-7.dat	xmrig
behavioral2/files/0x0007000000023414-18.dat	xmrig
behavioral2/files/0x0007000000023415-27.dat	xmrig
behavioral2/files/0x0007000000023416-34.dat	xmrig
behavioral2/files/0x000700000002341b-61.dat	xmrig
behavioral2/memory/400-68-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp	xmrig
behavioral2/memory/3052-71-0x00007FF65A880000-0x00007FF65AC76000-memory.dmp	xmrig
behavioral2/memory/2988-75-0x00007FF763C80000-0x00007FF764076000-memory.dmp	xmrig
behavioral2/files/0x0008000000023419-79.dat	xmrig
behavioral2/memory/1428-80-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp	xmrig
behavioral2/memory/1912-86-0x00007FF638190000-0x00007FF638586000-memory.dmp	xmrig
behavioral2/files/0x000700000002341d-91.dat	xmrig
behavioral2/memory/5060-96-0x00007FF7195F0000-0x00007FF7199E6000-memory.dmp	xmrig
behavioral2/memory/2208-97-0x00007FF7B0DA0000-0x00007FF7B1196000-memory.dmp	xmrig
behavioral2/memory/2340-99-0x00007FF7ACBE0000-0x00007FF7ACFD6000-memory.dmp	xmrig
behavioral2/memory/2964-98-0x00007FF6F1A40000-0x00007FF6F1E36000-memory.dmp	xmrig
behavioral2/files/0x0007000000023425-135.dat	xmrig
behavioral2/files/0x0007000000023428-150.dat	xmrig
behavioral2/files/0x000700000002342b-165.dat	xmrig
behavioral2/files/0x000700000002342d-183.dat	xmrig
behavioral2/memory/996-733-0x00007FF6203E0000-0x00007FF6207D6000-memory.dmp	xmrig
behavioral2/memory/2076-735-0x00007FF6B6040000-0x00007FF6B6436000-memory.dmp	xmrig
behavioral2/memory/1760-736-0x00007FF728010000-0x00007FF728406000-memory.dmp	xmrig
behavioral2/memory/812-734-0x00007FF65C4C0000-0x00007FF65C8B6000-memory.dmp	xmrig
behavioral2/memory/2360-737-0x00007FF651480000-0x00007FF651876000-memory.dmp	xmrig
behavioral2/memory/3328-738-0x00007FF6C9390000-0x00007FF6C9786000-memory.dmp	xmrig
behavioral2/memory/3760-739-0x00007FF744520000-0x00007FF744916000-memory.dmp	xmrig
behavioral2/memory/2160-740-0x00007FF7EAD90000-0x00007FF7EB186000-memory.dmp	xmrig
behavioral2/memory/3012-741-0x00007FF68FB40000-0x00007FF68FF36000-memory.dmp	xmrig
behavioral2/memory/4568-742-0x00007FF7A5FE0000-0x00007FF7A63D6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023430-190.dat	xmrig
behavioral2/files/0x000700000002342e-188.dat	xmrig
behavioral2/files/0x000700000002342f-185.dat	xmrig
behavioral2/files/0x000700000002342c-178.dat	xmrig
behavioral2/files/0x000700000002342a-168.dat	xmrig
behavioral2/files/0x0007000000023429-163.dat	xmrig
behavioral2/files/0x0007000000023427-153.dat	xmrig
behavioral2/files/0x0007000000023426-148.dat	xmrig
behavioral2/files/0x0007000000023424-138.dat	xmrig
behavioral2/files/0x0007000000023423-131.dat	xmrig
behavioral2/files/0x0007000000023422-126.dat	xmrig
behavioral2/files/0x0007000000023421-121.dat	xmrig
behavioral2/files/0x0007000000023420-116.dat	xmrig
behavioral2/files/0x000700000002341f-111.dat	xmrig
behavioral2/files/0x000700000002341e-106.dat	xmrig
behavioral2/files/0x0008000000023410-94.dat	xmrig
behavioral2/memory/396-93-0x00007FF66C3E0000-0x00007FF66C7D6000-memory.dmp	xmrig
behavioral2/memory/2420-90-0x00007FF7B10F0000-0x00007FF7B14E6000-memory.dmp	xmrig
behavioral2/memory/1972-78-0x00007FF6C1A40000-0x00007FF6C1E36000-memory.dmp	xmrig
behavioral2/files/0x000700000002341c-73.dat	xmrig
behavioral2/files/0x000800000002341a-69.dat	xmrig
behavioral2/memory/4980-1890-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp	xmrig
behavioral2/memory/916-62-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023418-59.dat	xmrig
behavioral2/files/0x0007000000023417-55.dat	xmrig
behavioral2/files/0x000900000002340c-19.dat	xmrig
behavioral2/memory/4980-11-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp	xmrig
behavioral2/memory/4980-1891-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp	xmrig
behavioral2/memory/1428-1892-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp	xmrig
behavioral2/memory/1912-1893-0x00007FF638190000-0x00007FF638586000-memory.dmp	xmrig
behavioral2/memory/916-1894-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp	xmrig
behavioral2/memory/400-1895-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3096	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4980	GqKcJoP.exe
1428	fkmsaWY.exe
1912	QXjyUQh.exe
916	hPUtASx.exe
400	XmLlTvy.exe
3052	GipOXwX.exe
2420	WyqRAkx.exe
2988	zbnHNUB.exe
396	KXZitdA.exe
1972	SPGEkVR.exe
5060	tuPzapb.exe
2208	NOSYCSR.exe
2964	gbarzIT.exe
2340	ajMDpaF.exe
996	ubGGDCE.exe
812	MDvnTsp.exe
2076	lvAVSkp.exe
1760	nmSXkWU.exe
2360	yoJxbkO.exe
3328	skwyCwp.exe
3760	GEzhXTo.exe
2160	pxgxJWv.exe
3012	lhIoLXK.exe
4568	szHisWt.exe
4040	EqaTGFE.exe
2004	XHbXDie.exe
2768	WhHKUOe.exe
4724	JvkTOqO.exe
1800	wYLiVKd.exe
1680	qHXmVgf.exe
3572	omOPayt.exe
3748	TSZGlBL.exe
4948	DwfiTIO.exe
3124	ETJqrwQ.exe
2008	aDihukc.exe
3960	mJJuWdj.exe
4012	dLFIiQT.exe
2156	zIIwaye.exe
2068	yYJMxPE.exe
2560	sdTohUA.exe
3884	itwCvrh.exe
4132	YrKjyhQ.exe
2784	zqZYRzW.exe
4760	VTnxzAm.exe
4644	GFrKWOA.exe
4612	jOXemxH.exe
1312	TUqsqZL.exe
552	FiAUoAl.exe
712	UGtsusq.exe
3132	fdDDccZ.exe
3392	jePXwUJ.exe
2424	pVNczZS.exe
4428	nxMsirr.exe
2872	UBjIqYo.exe
3184	RFdgBwi.exe
4716	KPCZDXE.exe
668	CleWTiz.exe
3164	rjmZtNq.exe
2192	TEErefZ.exe
3552	rnAKvku.exe
3296	luSbPwX.exe
1452	sPcFPYZ.exe
2820	jgNroSx.exe
4776	VJBPTAx.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1020-0-0x00007FF600970000-0x00007FF600D66000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-5.dat	upx
behavioral2/files/0x0007000000023413-7.dat	upx
behavioral2/files/0x0007000000023414-18.dat	upx
behavioral2/files/0x0007000000023415-27.dat	upx
behavioral2/files/0x0007000000023416-34.dat	upx
behavioral2/files/0x000700000002341b-61.dat	upx
behavioral2/memory/400-68-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp	upx
behavioral2/memory/3052-71-0x00007FF65A880000-0x00007FF65AC76000-memory.dmp	upx
behavioral2/memory/2988-75-0x00007FF763C80000-0x00007FF764076000-memory.dmp	upx
behavioral2/files/0x0008000000023419-79.dat	upx
behavioral2/memory/1428-80-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp	upx
behavioral2/memory/1912-86-0x00007FF638190000-0x00007FF638586000-memory.dmp	upx
behavioral2/files/0x000700000002341d-91.dat	upx
behavioral2/memory/5060-96-0x00007FF7195F0000-0x00007FF7199E6000-memory.dmp	upx
behavioral2/memory/2208-97-0x00007FF7B0DA0000-0x00007FF7B1196000-memory.dmp	upx
behavioral2/memory/2340-99-0x00007FF7ACBE0000-0x00007FF7ACFD6000-memory.dmp	upx
behavioral2/memory/2964-98-0x00007FF6F1A40000-0x00007FF6F1E36000-memory.dmp	upx
behavioral2/files/0x0007000000023425-135.dat	upx
behavioral2/files/0x0007000000023428-150.dat	upx
behavioral2/files/0x000700000002342b-165.dat	upx
behavioral2/files/0x000700000002342d-183.dat	upx
behavioral2/memory/996-733-0x00007FF6203E0000-0x00007FF6207D6000-memory.dmp	upx
behavioral2/memory/2076-735-0x00007FF6B6040000-0x00007FF6B6436000-memory.dmp	upx
behavioral2/memory/1760-736-0x00007FF728010000-0x00007FF728406000-memory.dmp	upx
behavioral2/memory/812-734-0x00007FF65C4C0000-0x00007FF65C8B6000-memory.dmp	upx
behavioral2/memory/2360-737-0x00007FF651480000-0x00007FF651876000-memory.dmp	upx
behavioral2/memory/3328-738-0x00007FF6C9390000-0x00007FF6C9786000-memory.dmp	upx
behavioral2/memory/3760-739-0x00007FF744520000-0x00007FF744916000-memory.dmp	upx
behavioral2/memory/2160-740-0x00007FF7EAD90000-0x00007FF7EB186000-memory.dmp	upx
behavioral2/memory/3012-741-0x00007FF68FB40000-0x00007FF68FF36000-memory.dmp	upx
behavioral2/memory/4568-742-0x00007FF7A5FE0000-0x00007FF7A63D6000-memory.dmp	upx
behavioral2/files/0x0007000000023430-190.dat	upx
behavioral2/files/0x000700000002342e-188.dat	upx
behavioral2/files/0x000700000002342f-185.dat	upx
behavioral2/files/0x000700000002342c-178.dat	upx
behavioral2/files/0x000700000002342a-168.dat	upx
behavioral2/files/0x0007000000023429-163.dat	upx
behavioral2/files/0x0007000000023427-153.dat	upx
behavioral2/files/0x0007000000023426-148.dat	upx
behavioral2/files/0x0007000000023424-138.dat	upx
behavioral2/files/0x0007000000023423-131.dat	upx
behavioral2/files/0x0007000000023422-126.dat	upx
behavioral2/files/0x0007000000023421-121.dat	upx
behavioral2/files/0x0007000000023420-116.dat	upx
behavioral2/files/0x000700000002341f-111.dat	upx
behavioral2/files/0x000700000002341e-106.dat	upx
behavioral2/files/0x0008000000023410-94.dat	upx
behavioral2/memory/396-93-0x00007FF66C3E0000-0x00007FF66C7D6000-memory.dmp	upx
behavioral2/memory/2420-90-0x00007FF7B10F0000-0x00007FF7B14E6000-memory.dmp	upx
behavioral2/memory/1972-78-0x00007FF6C1A40000-0x00007FF6C1E36000-memory.dmp	upx
behavioral2/files/0x000700000002341c-73.dat	upx
behavioral2/files/0x000800000002341a-69.dat	upx
behavioral2/memory/4980-1890-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp	upx
behavioral2/memory/916-62-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp	upx
behavioral2/files/0x0007000000023418-59.dat	upx
behavioral2/files/0x0007000000023417-55.dat	upx
behavioral2/files/0x000900000002340c-19.dat	upx
behavioral2/memory/4980-11-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp	upx
behavioral2/memory/4980-1891-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp	upx
behavioral2/memory/1428-1892-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp	upx
behavioral2/memory/1912-1893-0x00007FF638190000-0x00007FF638586000-memory.dmp	upx
behavioral2/memory/916-1894-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp	upx
behavioral2/memory/400-1895-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GfxOphr.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\DUrMZpe.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\ezXFhxW.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\gyLqFaz.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\eHCYmVm.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\wyYLvmA.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\GLBciox.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\tguCAyi.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\qJAkNhc.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\xIFfqrV.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\mOugoju.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\lujLPyD.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\fMxFIsT.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\ubGGDCE.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\LDviduX.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\LCEXQLa.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\UEOZCuN.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\GYITzpb.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\lYrXfhi.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\FCICYtv.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\sFPPPbE.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\GJqGbFe.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\szHisWt.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\HNRPsKt.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\QHrYItd.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\UBjIqYo.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\YsNJeqQ.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\zdGmFlR.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\xAtiBSZ.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\wpYxNLa.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\rPduNik.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\zbnHNUB.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\hOLssas.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\KoMnyfP.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\uRJAAJc.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\HcDyfDj.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\yjAviJf.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\fyxQret.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\LJDpNSl.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\ToqsoPG.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\UoeXzqM.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\aobucpp.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\bxooYzL.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\RDRLaEi.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\TuvBbUH.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\hprRwRt.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\BaZJgRH.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\FEDlAmO.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\dDHUTsD.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\CXCqqwy.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\kOxjGnG.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\aGIURWk.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\XzGTnBO.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\sMUMVWA.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\IWLueQK.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\vxrVpCe.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\EZGMzNV.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\wDFyUTf.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\QXjyUQh.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\itwCvrh.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\oNuQItY.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\VFSqvma.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\BivFzAa.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
File created	C:\Windows\System\kbjwiCq.exe	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3096	powershell.exe
3096	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
Token: SeDebugPrivilege	3096	powershell.exe
Token: SeLockMemoryPrivilege	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 3096	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	83
PID 1020 wrote to memory of 3096	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	83
PID 1020 wrote to memory of 4980	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	84
PID 1020 wrote to memory of 4980	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	84
PID 1020 wrote to memory of 1428	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	85
PID 1020 wrote to memory of 1428	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	85
PID 1020 wrote to memory of 1912	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	86
PID 1020 wrote to memory of 1912	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	86
PID 1020 wrote to memory of 916	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	87
PID 1020 wrote to memory of 916	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	87
PID 1020 wrote to memory of 400	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	88
PID 1020 wrote to memory of 400	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	88
PID 1020 wrote to memory of 3052	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	89
PID 1020 wrote to memory of 3052	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	89
PID 1020 wrote to memory of 2420	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	90
PID 1020 wrote to memory of 2420	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	90
PID 1020 wrote to memory of 2988	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	91
PID 1020 wrote to memory of 2988	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	91
PID 1020 wrote to memory of 396	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	92
PID 1020 wrote to memory of 396	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	92
PID 1020 wrote to memory of 1972	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	93
PID 1020 wrote to memory of 1972	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	93
PID 1020 wrote to memory of 5060	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	94
PID 1020 wrote to memory of 5060	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	94
PID 1020 wrote to memory of 2208	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	95
PID 1020 wrote to memory of 2208	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	95
PID 1020 wrote to memory of 2964	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	96
PID 1020 wrote to memory of 2964	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	96
PID 1020 wrote to memory of 2340	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	97
PID 1020 wrote to memory of 2340	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	97
PID 1020 wrote to memory of 996	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	98
PID 1020 wrote to memory of 996	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	98
PID 1020 wrote to memory of 812	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	99
PID 1020 wrote to memory of 812	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	99
PID 1020 wrote to memory of 2076	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	100
PID 1020 wrote to memory of 2076	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	100
PID 1020 wrote to memory of 1760	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	101
PID 1020 wrote to memory of 1760	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	101
PID 1020 wrote to memory of 2360	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	102
PID 1020 wrote to memory of 2360	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	102
PID 1020 wrote to memory of 3328	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	103
PID 1020 wrote to memory of 3328	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	103
PID 1020 wrote to memory of 3760	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	104
PID 1020 wrote to memory of 3760	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	104
PID 1020 wrote to memory of 2160	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	105
PID 1020 wrote to memory of 2160	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	105
PID 1020 wrote to memory of 3012	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	106
PID 1020 wrote to memory of 3012	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	106
PID 1020 wrote to memory of 4568	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	107
PID 1020 wrote to memory of 4568	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	107
PID 1020 wrote to memory of 4040	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	108
PID 1020 wrote to memory of 4040	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	108
PID 1020 wrote to memory of 2004	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	109
PID 1020 wrote to memory of 2004	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	109
PID 1020 wrote to memory of 2768	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	110
PID 1020 wrote to memory of 2768	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	110
PID 1020 wrote to memory of 4724	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	111
PID 1020 wrote to memory of 4724	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	111
PID 1020 wrote to memory of 1800	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	112
PID 1020 wrote to memory of 1800	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	112
PID 1020 wrote to memory of 1680	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	113
PID 1020 wrote to memory of 1680	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	113
PID 1020 wrote to memory of 3572	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	114
PID 1020 wrote to memory of 3572	1020	7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe	114

C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d605251181cea68a3298cb3a5bf3860_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3096
- C:\Windows\System\GqKcJoP.exe
  C:\Windows\System\GqKcJoP.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\fkmsaWY.exe
  C:\Windows\System\fkmsaWY.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\QXjyUQh.exe
  C:\Windows\System\QXjyUQh.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\hPUtASx.exe
  C:\Windows\System\hPUtASx.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\XmLlTvy.exe
  C:\Windows\System\XmLlTvy.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\GipOXwX.exe
  C:\Windows\System\GipOXwX.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\WyqRAkx.exe
  C:\Windows\System\WyqRAkx.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\zbnHNUB.exe
  C:\Windows\System\zbnHNUB.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\KXZitdA.exe
  C:\Windows\System\KXZitdA.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\SPGEkVR.exe
  C:\Windows\System\SPGEkVR.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\tuPzapb.exe
  C:\Windows\System\tuPzapb.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\NOSYCSR.exe
  C:\Windows\System\NOSYCSR.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\gbarzIT.exe
  C:\Windows\System\gbarzIT.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ajMDpaF.exe
  C:\Windows\System\ajMDpaF.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\ubGGDCE.exe
  C:\Windows\System\ubGGDCE.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\MDvnTsp.exe
  C:\Windows\System\MDvnTsp.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\lvAVSkp.exe
  C:\Windows\System\lvAVSkp.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\nmSXkWU.exe
  C:\Windows\System\nmSXkWU.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\yoJxbkO.exe
  C:\Windows\System\yoJxbkO.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\skwyCwp.exe
  C:\Windows\System\skwyCwp.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\GEzhXTo.exe
  C:\Windows\System\GEzhXTo.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\pxgxJWv.exe
  C:\Windows\System\pxgxJWv.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\lhIoLXK.exe
  C:\Windows\System\lhIoLXK.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\szHisWt.exe
  C:\Windows\System\szHisWt.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\EqaTGFE.exe
  C:\Windows\System\EqaTGFE.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\XHbXDie.exe
  C:\Windows\System\XHbXDie.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\WhHKUOe.exe
  C:\Windows\System\WhHKUOe.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\JvkTOqO.exe
  C:\Windows\System\JvkTOqO.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\wYLiVKd.exe
  C:\Windows\System\wYLiVKd.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\qHXmVgf.exe
  C:\Windows\System\qHXmVgf.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\omOPayt.exe
  C:\Windows\System\omOPayt.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\TSZGlBL.exe
  C:\Windows\System\TSZGlBL.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\DwfiTIO.exe
  C:\Windows\System\DwfiTIO.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\ETJqrwQ.exe
  C:\Windows\System\ETJqrwQ.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\aDihukc.exe
  C:\Windows\System\aDihukc.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\mJJuWdj.exe
  C:\Windows\System\mJJuWdj.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\dLFIiQT.exe
  C:\Windows\System\dLFIiQT.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\zIIwaye.exe
  C:\Windows\System\zIIwaye.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\yYJMxPE.exe
  C:\Windows\System\yYJMxPE.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\sdTohUA.exe
  C:\Windows\System\sdTohUA.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\itwCvrh.exe
  C:\Windows\System\itwCvrh.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\YrKjyhQ.exe
  C:\Windows\System\YrKjyhQ.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\zqZYRzW.exe
  C:\Windows\System\zqZYRzW.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\VTnxzAm.exe
  C:\Windows\System\VTnxzAm.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\GFrKWOA.exe
  C:\Windows\System\GFrKWOA.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\jOXemxH.exe
  C:\Windows\System\jOXemxH.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\TUqsqZL.exe
  C:\Windows\System\TUqsqZL.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\FiAUoAl.exe
  C:\Windows\System\FiAUoAl.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\UGtsusq.exe
  C:\Windows\System\UGtsusq.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\fdDDccZ.exe
  C:\Windows\System\fdDDccZ.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\jePXwUJ.exe
  C:\Windows\System\jePXwUJ.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\pVNczZS.exe
  C:\Windows\System\pVNczZS.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\nxMsirr.exe
  C:\Windows\System\nxMsirr.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\UBjIqYo.exe
  C:\Windows\System\UBjIqYo.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\RFdgBwi.exe
  C:\Windows\System\RFdgBwi.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\KPCZDXE.exe
  C:\Windows\System\KPCZDXE.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\CleWTiz.exe
  C:\Windows\System\CleWTiz.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\rjmZtNq.exe
  C:\Windows\System\rjmZtNq.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\TEErefZ.exe
  C:\Windows\System\TEErefZ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\rnAKvku.exe
  C:\Windows\System\rnAKvku.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\luSbPwX.exe
  C:\Windows\System\luSbPwX.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\sPcFPYZ.exe
  C:\Windows\System\sPcFPYZ.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\jgNroSx.exe
  C:\Windows\System\jgNroSx.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\VJBPTAx.exe
  C:\Windows\System\VJBPTAx.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\datzeaT.exe
  C:\Windows\System\datzeaT.exe
  2⤵
  PID:1748
- C:\Windows\System\PMFFLTK.exe
  C:\Windows\System\PMFFLTK.exe
  2⤵
  PID:404
- C:\Windows\System\eiywfwI.exe
  C:\Windows\System\eiywfwI.exe
  2⤵
  PID:1376
- C:\Windows\System\ykyEhPb.exe
  C:\Windows\System\ykyEhPb.exe
  2⤵
  PID:4412
- C:\Windows\System\bxapFpF.exe
  C:\Windows\System\bxapFpF.exe
  2⤵
  PID:2320
- C:\Windows\System\ZfYMiGG.exe
  C:\Windows\System\ZfYMiGG.exe
  2⤵
  PID:1392
- C:\Windows\System\SlnhegM.exe
  C:\Windows\System\SlnhegM.exe
  2⤵
  PID:2292
- C:\Windows\System\IxvLVwu.exe
  C:\Windows\System\IxvLVwu.exe
  2⤵
  PID:2088
- C:\Windows\System\rtNFYlA.exe
  C:\Windows\System\rtNFYlA.exe
  2⤵
  PID:1612
- C:\Windows\System\ADtHfzm.exe
  C:\Windows\System\ADtHfzm.exe
  2⤵
  PID:3464
- C:\Windows\System\irQGRRZ.exe
  C:\Windows\System\irQGRRZ.exe
  2⤵
  PID:4940
- C:\Windows\System\VlriWAk.exe
  C:\Windows\System\VlriWAk.exe
  2⤵
  PID:3372
- C:\Windows\System\OmOOEND.exe
  C:\Windows\System\OmOOEND.exe
  2⤵
  PID:5144
- C:\Windows\System\GVjLKnC.exe
  C:\Windows\System\GVjLKnC.exe
  2⤵
  PID:5172
- C:\Windows\System\zjnXCBM.exe
  C:\Windows\System\zjnXCBM.exe
  2⤵
  PID:5200
- C:\Windows\System\isuORXj.exe
  C:\Windows\System\isuORXj.exe
  2⤵
  PID:5228
- C:\Windows\System\yjAviJf.exe
  C:\Windows\System\yjAviJf.exe
  2⤵
  PID:5256
- C:\Windows\System\aobucpp.exe
  C:\Windows\System\aobucpp.exe
  2⤵
  PID:5284
- C:\Windows\System\oRYLDMp.exe
  C:\Windows\System\oRYLDMp.exe
  2⤵
  PID:5312
- C:\Windows\System\hUNCniH.exe
  C:\Windows\System\hUNCniH.exe
  2⤵
  PID:5340
- C:\Windows\System\PRfVQFk.exe
  C:\Windows\System\PRfVQFk.exe
  2⤵
  PID:5368
- C:\Windows\System\HfBDfOc.exe
  C:\Windows\System\HfBDfOc.exe
  2⤵
  PID:5396
- C:\Windows\System\QmwDpwY.exe
  C:\Windows\System\QmwDpwY.exe
  2⤵
  PID:5424
- C:\Windows\System\jAZIMIx.exe
  C:\Windows\System\jAZIMIx.exe
  2⤵
  PID:5452
- C:\Windows\System\ouRyNIv.exe
  C:\Windows\System\ouRyNIv.exe
  2⤵
  PID:5480
- C:\Windows\System\tgFPXLW.exe
  C:\Windows\System\tgFPXLW.exe
  2⤵
  PID:5508
- C:\Windows\System\LCLvLNr.exe
  C:\Windows\System\LCLvLNr.exe
  2⤵
  PID:5536
- C:\Windows\System\YULMXoR.exe
  C:\Windows\System\YULMXoR.exe
  2⤵
  PID:5564
- C:\Windows\System\hmUThUF.exe
  C:\Windows\System\hmUThUF.exe
  2⤵
  PID:5588
- C:\Windows\System\GTZiuiD.exe
  C:\Windows\System\GTZiuiD.exe
  2⤵
  PID:5616
- C:\Windows\System\LOlMMkb.exe
  C:\Windows\System\LOlMMkb.exe
  2⤵
  PID:5648
- C:\Windows\System\TRxBFMn.exe
  C:\Windows\System\TRxBFMn.exe
  2⤵
  PID:5676
- C:\Windows\System\NrkqDuF.exe
  C:\Windows\System\NrkqDuF.exe
  2⤵
  PID:5704
- C:\Windows\System\APXxdHl.exe
  C:\Windows\System\APXxdHl.exe
  2⤵
  PID:5732
- C:\Windows\System\MUIYOOt.exe
  C:\Windows\System\MUIYOOt.exe
  2⤵
  PID:5760
- C:\Windows\System\GGYVKbk.exe
  C:\Windows\System\GGYVKbk.exe
  2⤵
  PID:5788
- C:\Windows\System\GYITzpb.exe
  C:\Windows\System\GYITzpb.exe
  2⤵
  PID:5816
- C:\Windows\System\RxlaBom.exe
  C:\Windows\System\RxlaBom.exe
  2⤵
  PID:5844
- C:\Windows\System\XlOWRdn.exe
  C:\Windows\System\XlOWRdn.exe
  2⤵
  PID:5872
- C:\Windows\System\YsNJeqQ.exe
  C:\Windows\System\YsNJeqQ.exe
  2⤵
  PID:5900
- C:\Windows\System\PpASIZK.exe
  C:\Windows\System\PpASIZK.exe
  2⤵
  PID:5928
- C:\Windows\System\cTSMgyG.exe
  C:\Windows\System\cTSMgyG.exe
  2⤵
  PID:5956
- C:\Windows\System\qpuaKLp.exe
  C:\Windows\System\qpuaKLp.exe
  2⤵
  PID:5984
- C:\Windows\System\ODnoiBS.exe
  C:\Windows\System\ODnoiBS.exe
  2⤵
  PID:6012
- C:\Windows\System\MMNysUA.exe
  C:\Windows\System\MMNysUA.exe
  2⤵
  PID:6040
- C:\Windows\System\oNuQItY.exe
  C:\Windows\System\oNuQItY.exe
  2⤵
  PID:6068
- C:\Windows\System\ufAaBVF.exe
  C:\Windows\System\ufAaBVF.exe
  2⤵
  PID:6092
- C:\Windows\System\ppjaFqg.exe
  C:\Windows\System\ppjaFqg.exe
  2⤵
  PID:6124
- C:\Windows\System\gyLqFaz.exe
  C:\Windows\System\gyLqFaz.exe
  2⤵
  PID:2808
- C:\Windows\System\hYrLFdt.exe
  C:\Windows\System\hYrLFdt.exe
  2⤵
  PID:3984
- C:\Windows\System\FwZKuao.exe
  C:\Windows\System\FwZKuao.exe
  2⤵
  PID:4508
- C:\Windows\System\BNkMooD.exe
  C:\Windows\System\BNkMooD.exe
  2⤵
  PID:5040
- C:\Windows\System\qshAupw.exe
  C:\Windows\System\qshAupw.exe
  2⤵
  PID:2704
- C:\Windows\System\BaZJgRH.exe
  C:\Windows\System\BaZJgRH.exe
  2⤵
  PID:5136
- C:\Windows\System\esQSxbo.exe
  C:\Windows\System\esQSxbo.exe
  2⤵
  PID:5212
- C:\Windows\System\SAeknLf.exe
  C:\Windows\System\SAeknLf.exe
  2⤵
  PID:5272
- C:\Windows\System\PKkDgsX.exe
  C:\Windows\System\PKkDgsX.exe
  2⤵
  PID:5332
- C:\Windows\System\vfNZXtn.exe
  C:\Windows\System\vfNZXtn.exe
  2⤵
  PID:5408
- C:\Windows\System\qAcfUik.exe
  C:\Windows\System\qAcfUik.exe
  2⤵
  PID:5472
- C:\Windows\System\oeXeBwu.exe
  C:\Windows\System\oeXeBwu.exe
  2⤵
  PID:5528
- C:\Windows\System\RRhxIgC.exe
  C:\Windows\System\RRhxIgC.exe
  2⤵
  PID:5604
- C:\Windows\System\lJWMqYG.exe
  C:\Windows\System\lJWMqYG.exe
  2⤵
  PID:5664
- C:\Windows\System\wHNXmpC.exe
  C:\Windows\System\wHNXmpC.exe
  2⤵
  PID:5724
- C:\Windows\System\LXmyaDO.exe
  C:\Windows\System\LXmyaDO.exe
  2⤵
  PID:5800
- C:\Windows\System\iljyqFE.exe
  C:\Windows\System\iljyqFE.exe
  2⤵
  PID:5860
- C:\Windows\System\yoVlVXL.exe
  C:\Windows\System\yoVlVXL.exe
  2⤵
  PID:5924
- C:\Windows\System\LPutnft.exe
  C:\Windows\System\LPutnft.exe
  2⤵
  PID:5996
- C:\Windows\System\YkGnaxS.exe
  C:\Windows\System\YkGnaxS.exe
  2⤵
  PID:6052
- C:\Windows\System\KFawNtd.exe
  C:\Windows\System\KFawNtd.exe
  2⤵
  PID:6112
- C:\Windows\System\bqWuZEI.exe
  C:\Windows\System\bqWuZEI.exe
  2⤵
  PID:4092
- C:\Windows\System\IvDtRVX.exe
  C:\Windows\System\IvDtRVX.exe
  2⤵
  PID:3136
- C:\Windows\System\kInuKzh.exe
  C:\Windows\System\kInuKzh.exe
  2⤵
  PID:5188
- C:\Windows\System\SeVzPxx.exe
  C:\Windows\System\SeVzPxx.exe
  2⤵
  PID:5360
- C:\Windows\System\ypJPsDR.exe
  C:\Windows\System\ypJPsDR.exe
  2⤵
  PID:5496
- C:\Windows\System\PBdOBVe.exe
  C:\Windows\System\PBdOBVe.exe
  2⤵
  PID:5636
- C:\Windows\System\jDKoyzE.exe
  C:\Windows\System\jDKoyzE.exe
  2⤵
  PID:5776
- C:\Windows\System\vlNHnBL.exe
  C:\Windows\System\vlNHnBL.exe
  2⤵
  PID:5948
- C:\Windows\System\oyuQOWQ.exe
  C:\Windows\System\oyuQOWQ.exe
  2⤵
  PID:6088
- C:\Windows\System\FVvcQSy.exe
  C:\Windows\System\FVvcQSy.exe
  2⤵
  PID:652
- C:\Windows\System\YOynswI.exe
  C:\Windows\System\YOynswI.exe
  2⤵
  PID:6152
- C:\Windows\System\VXAGBsO.exe
  C:\Windows\System\VXAGBsO.exe
  2⤵
  PID:6180
- C:\Windows\System\xIFfqrV.exe
  C:\Windows\System\xIFfqrV.exe
  2⤵
  PID:6208
- C:\Windows\System\aHVAdXG.exe
  C:\Windows\System\aHVAdXG.exe
  2⤵
  PID:6236
- C:\Windows\System\YwFCtee.exe
  C:\Windows\System\YwFCtee.exe
  2⤵
  PID:6264
- C:\Windows\System\MHgQTiv.exe
  C:\Windows\System\MHgQTiv.exe
  2⤵
  PID:6300
- C:\Windows\System\yMQIdDJ.exe
  C:\Windows\System\yMQIdDJ.exe
  2⤵
  PID:6332
- C:\Windows\System\yGHXIBP.exe
  C:\Windows\System\yGHXIBP.exe
  2⤵
  PID:6356
- C:\Windows\System\WrcwQae.exe
  C:\Windows\System\WrcwQae.exe
  2⤵
  PID:6388
- C:\Windows\System\SJHQMBP.exe
  C:\Windows\System\SJHQMBP.exe
  2⤵
  PID:6412
- C:\Windows\System\rnUmIGB.exe
  C:\Windows\System\rnUmIGB.exe
  2⤵
  PID:6444
- C:\Windows\System\MQzOMII.exe
  C:\Windows\System\MQzOMII.exe
  2⤵
  PID:6468
- C:\Windows\System\OgZSXQs.exe
  C:\Windows\System\OgZSXQs.exe
  2⤵
  PID:6496
- C:\Windows\System\ioSVQCH.exe
  C:\Windows\System\ioSVQCH.exe
  2⤵
  PID:6524
- C:\Windows\System\UJiGKtM.exe
  C:\Windows\System\UJiGKtM.exe
  2⤵
  PID:6556
- C:\Windows\System\bReotUL.exe
  C:\Windows\System\bReotUL.exe
  2⤵
  PID:6580
- C:\Windows\System\jpKezeh.exe
  C:\Windows\System\jpKezeh.exe
  2⤵
  PID:6608
- C:\Windows\System\MeDxvGw.exe
  C:\Windows\System\MeDxvGw.exe
  2⤵
  PID:6628
- C:\Windows\System\vAxaMZe.exe
  C:\Windows\System\vAxaMZe.exe
  2⤵
  PID:6656
- C:\Windows\System\VFSqvma.exe
  C:\Windows\System\VFSqvma.exe
  2⤵
  PID:6684
- C:\Windows\System\fyxQret.exe
  C:\Windows\System\fyxQret.exe
  2⤵
  PID:6712
- C:\Windows\System\OmgoiRd.exe
  C:\Windows\System\OmgoiRd.exe
  2⤵
  PID:6740
- C:\Windows\System\pcIYQGM.exe
  C:\Windows\System\pcIYQGM.exe
  2⤵
  PID:6768
- C:\Windows\System\SRRgetP.exe
  C:\Windows\System\SRRgetP.exe
  2⤵
  PID:6796
- C:\Windows\System\UEQxQDq.exe
  C:\Windows\System\UEQxQDq.exe
  2⤵
  PID:6824
- C:\Windows\System\DkDPVUH.exe
  C:\Windows\System\DkDPVUH.exe
  2⤵
  PID:6852
- C:\Windows\System\LXeXPiq.exe
  C:\Windows\System\LXeXPiq.exe
  2⤵
  PID:6880
- C:\Windows\System\BaEmFOH.exe
  C:\Windows\System\BaEmFOH.exe
  2⤵
  PID:6908
- C:\Windows\System\tvpMYOL.exe
  C:\Windows\System\tvpMYOL.exe
  2⤵
  PID:6936
- C:\Windows\System\hRjNISD.exe
  C:\Windows\System\hRjNISD.exe
  2⤵
  PID:6964
- C:\Windows\System\XMzqjuC.exe
  C:\Windows\System\XMzqjuC.exe
  2⤵
  PID:6992
- C:\Windows\System\HNRPsKt.exe
  C:\Windows\System\HNRPsKt.exe
  2⤵
  PID:7020
- C:\Windows\System\BivFzAa.exe
  C:\Windows\System\BivFzAa.exe
  2⤵
  PID:7048
- C:\Windows\System\uKnlwRg.exe
  C:\Windows\System\uKnlwRg.exe
  2⤵
  PID:7076
- C:\Windows\System\wIDpTwk.exe
  C:\Windows\System\wIDpTwk.exe
  2⤵
  PID:7104
- C:\Windows\System\TGXkcWw.exe
  C:\Windows\System\TGXkcWw.exe
  2⤵
  PID:7132
- C:\Windows\System\HklgZcM.exe
  C:\Windows\System\HklgZcM.exe
  2⤵
  PID:7160
- C:\Windows\System\NttSbag.exe
  C:\Windows\System\NttSbag.exe
  2⤵
  PID:4820
- C:\Windows\System\HLueWPe.exe
  C:\Windows\System\HLueWPe.exe
  2⤵
  PID:5752
- C:\Windows\System\EdiIFDH.exe
  C:\Windows\System\EdiIFDH.exe
  2⤵
  PID:2948
- C:\Windows\System\gnLFYlA.exe
  C:\Windows\System\gnLFYlA.exe
  2⤵
  PID:6168
- C:\Windows\System\KOuHkYT.exe
  C:\Windows\System\KOuHkYT.exe
  2⤵
  PID:6228
- C:\Windows\System\jAgTToT.exe
  C:\Windows\System\jAgTToT.exe
  2⤵
  PID:6292
- C:\Windows\System\dQBizjK.exe
  C:\Windows\System\dQBizjK.exe
  2⤵
  PID:6344
- C:\Windows\System\STkWLWZ.exe
  C:\Windows\System\STkWLWZ.exe
  2⤵
  PID:6404
- C:\Windows\System\CYFYYfD.exe
  C:\Windows\System\CYFYYfD.exe
  2⤵
  PID:6464
- C:\Windows\System\DNSaYyj.exe
  C:\Windows\System\DNSaYyj.exe
  2⤵
  PID:920
- C:\Windows\System\YOkvLFY.exe
  C:\Windows\System\YOkvLFY.exe
  2⤵
  PID:6596
- C:\Windows\System\wVfSuhG.exe
  C:\Windows\System\wVfSuhG.exe
  2⤵
  PID:6668
- C:\Windows\System\gXnaidV.exe
  C:\Windows\System\gXnaidV.exe
  2⤵
  PID:6704
- C:\Windows\System\mCafRzG.exe
  C:\Windows\System\mCafRzG.exe
  2⤵
  PID:6780
- C:\Windows\System\YZbwNKU.exe
  C:\Windows\System\YZbwNKU.exe
  2⤵
  PID:6816
- C:\Windows\System\oIpqGAR.exe
  C:\Windows\System\oIpqGAR.exe
  2⤵
  PID:2972
- C:\Windows\System\EZGMzNV.exe
  C:\Windows\System\EZGMzNV.exe
  2⤵
  PID:6952
- C:\Windows\System\ZNGwIHU.exe
  C:\Windows\System\ZNGwIHU.exe
  2⤵
  PID:7012
- C:\Windows\System\kRCJDrn.exe
  C:\Windows\System\kRCJDrn.exe
  2⤵
  PID:7072
- C:\Windows\System\kMEXliH.exe
  C:\Windows\System\kMEXliH.exe
  2⤵
  PID:7116
- C:\Windows\System\SmvOlLT.exe
  C:\Windows\System\SmvOlLT.exe
  2⤵
  PID:7152
- C:\Windows\System\cIpZCjW.exe
  C:\Windows\System\cIpZCjW.exe
  2⤵
  PID:6024
- C:\Windows\System\gEndLzJ.exe
  C:\Windows\System\gEndLzJ.exe
  2⤵
  PID:6196
- C:\Windows\System\bxMuOHh.exe
  C:\Windows\System\bxMuOHh.exe
  2⤵
  PID:2300
- C:\Windows\System\BSiHXrR.exe
  C:\Windows\System\BSiHXrR.exe
  2⤵
  PID:6432
- C:\Windows\System\kbjwiCq.exe
  C:\Windows\System\kbjwiCq.exe
  2⤵
  PID:6516
- C:\Windows\System\EmyerLT.exe
  C:\Windows\System\EmyerLT.exe
  2⤵
  PID:6672
- C:\Windows\System\hVaSZlP.exe
  C:\Windows\System\hVaSZlP.exe
  2⤵
  PID:6788
- C:\Windows\System\mOugoju.exe
  C:\Windows\System\mOugoju.exe
  2⤵
  PID:6924
- C:\Windows\System\zREChIn.exe
  C:\Windows\System\zREChIn.exe
  2⤵
  PID:7060
- C:\Windows\System\IaFucdC.exe
  C:\Windows\System\IaFucdC.exe
  2⤵
  PID:4668
- C:\Windows\System\IyLGiWm.exe
  C:\Windows\System\IyLGiWm.exe
  2⤵
  PID:4656
- C:\Windows\System\lqdlXjA.exe
  C:\Windows\System\lqdlXjA.exe
  2⤵
  PID:2860
- C:\Windows\System\wnSVzya.exe
  C:\Windows\System\wnSVzya.exe
  2⤵
  PID:6572
- C:\Windows\System\NJoAOLq.exe
  C:\Windows\System\NJoAOLq.exe
  2⤵
  PID:6868
- C:\Windows\System\lujLPyD.exe
  C:\Windows\System\lujLPyD.exe
  2⤵
  PID:1064
- C:\Windows\System\WXEbqXn.exe
  C:\Windows\System\WXEbqXn.exe
  2⤵
  PID:6456
- C:\Windows\System\oeIrTZK.exe
  C:\Windows\System\oeIrTZK.exe
  2⤵
  PID:6756
- C:\Windows\System\IfQbudm.exe
  C:\Windows\System\IfQbudm.exe
  2⤵
  PID:7212
- C:\Windows\System\AHJwWMo.exe
  C:\Windows\System\AHJwWMo.exe
  2⤵
  PID:7240
- C:\Windows\System\WksyYWD.exe
  C:\Windows\System\WksyYWD.exe
  2⤵
  PID:7268
- C:\Windows\System\XDWbGpu.exe
  C:\Windows\System\XDWbGpu.exe
  2⤵
  PID:7296
- C:\Windows\System\lPyInpW.exe
  C:\Windows\System\lPyInpW.exe
  2⤵
  PID:7324
- C:\Windows\System\XLEheAO.exe
  C:\Windows\System\XLEheAO.exe
  2⤵
  PID:7348
- C:\Windows\System\xvFNzjM.exe
  C:\Windows\System\xvFNzjM.exe
  2⤵
  PID:7380
- C:\Windows\System\aGIURWk.exe
  C:\Windows\System\aGIURWk.exe
  2⤵
  PID:7412
- C:\Windows\System\dsZGmqF.exe
  C:\Windows\System\dsZGmqF.exe
  2⤵
  PID:7440
- C:\Windows\System\iJpjPVP.exe
  C:\Windows\System\iJpjPVP.exe
  2⤵
  PID:7456
- C:\Windows\System\fGADGVS.exe
  C:\Windows\System\fGADGVS.exe
  2⤵
  PID:7480
- C:\Windows\System\nzxHOSJ.exe
  C:\Windows\System\nzxHOSJ.exe
  2⤵
  PID:7496
- C:\Windows\System\LDviduX.exe
  C:\Windows\System\LDviduX.exe
  2⤵
  PID:7528
- C:\Windows\System\rcXXAjb.exe
  C:\Windows\System\rcXXAjb.exe
  2⤵
  PID:7544
- C:\Windows\System\IVgAJVM.exe
  C:\Windows\System\IVgAJVM.exe
  2⤵
  PID:7564
- C:\Windows\System\LJDpNSl.exe
  C:\Windows\System\LJDpNSl.exe
  2⤵
  PID:7596
- C:\Windows\System\jTioGMr.exe
  C:\Windows\System\jTioGMr.exe
  2⤵
  PID:7632
- C:\Windows\System\NxOwltI.exe
  C:\Windows\System\NxOwltI.exe
  2⤵
  PID:7668
- C:\Windows\System\GWqRBGA.exe
  C:\Windows\System\GWqRBGA.exe
  2⤵
  PID:7740
- C:\Windows\System\ESIFUNd.exe
  C:\Windows\System\ESIFUNd.exe
  2⤵
  PID:7764
- C:\Windows\System\RyRQSEB.exe
  C:\Windows\System\RyRQSEB.exe
  2⤵
  PID:7780
- C:\Windows\System\sQbbWYn.exe
  C:\Windows\System\sQbbWYn.exe
  2⤵
  PID:7816
- C:\Windows\System\lYrXfhi.exe
  C:\Windows\System\lYrXfhi.exe
  2⤵
  PID:7848
- C:\Windows\System\iCYmDXd.exe
  C:\Windows\System\iCYmDXd.exe
  2⤵
  PID:7876
- C:\Windows\System\pqmzQyE.exe
  C:\Windows\System\pqmzQyE.exe
  2⤵
  PID:7928
- C:\Windows\System\GKgEuBS.exe
  C:\Windows\System\GKgEuBS.exe
  2⤵
  PID:7960
- C:\Windows\System\nfXOuqS.exe
  C:\Windows\System\nfXOuqS.exe
  2⤵
  PID:7988
- C:\Windows\System\zyZgjiS.exe
  C:\Windows\System\zyZgjiS.exe
  2⤵
  PID:8032
- C:\Windows\System\IiHWxcv.exe
  C:\Windows\System\IiHWxcv.exe
  2⤵
  PID:8064
- C:\Windows\System\rTABgHf.exe
  C:\Windows\System\rTABgHf.exe
  2⤵
  PID:8112
- C:\Windows\System\iWeAMIk.exe
  C:\Windows\System\iWeAMIk.exe
  2⤵
  PID:8152
- C:\Windows\System\aSsfdaK.exe
  C:\Windows\System\aSsfdaK.exe
  2⤵
  PID:8180
- C:\Windows\System\zCimRMC.exe
  C:\Windows\System\zCimRMC.exe
  2⤵
  PID:1240
- C:\Windows\System\RsEaJxe.exe
  C:\Windows\System\RsEaJxe.exe
  2⤵
  PID:4228
- C:\Windows\System\ONKSExj.exe
  C:\Windows\System\ONKSExj.exe
  2⤵
  PID:4456
- C:\Windows\System\XYlhpAl.exe
  C:\Windows\System\XYlhpAl.exe
  2⤵
  PID:1672
- C:\Windows\System\QghckDG.exe
  C:\Windows\System\QghckDG.exe
  2⤵
  PID:7236
- C:\Windows\System\iBNkYSA.exe
  C:\Windows\System\iBNkYSA.exe
  2⤵
  PID:3192
- C:\Windows\System\EUWByvA.exe
  C:\Windows\System\EUWByvA.exe
  2⤵
  PID:7392
- C:\Windows\System\AdzzPpI.exe
  C:\Windows\System\AdzzPpI.exe
  2⤵
  PID:7476
- C:\Windows\System\ZoElVfa.exe
  C:\Windows\System\ZoElVfa.exe
  2⤵
  PID:7556
- C:\Windows\System\JXSyNJu.exe
  C:\Windows\System\JXSyNJu.exe
  2⤵
  PID:7616
- C:\Windows\System\qrLWuMP.exe
  C:\Windows\System\qrLWuMP.exe
  2⤵
  PID:7728
- C:\Windows\System\ucRXeEA.exe
  C:\Windows\System\ucRXeEA.exe
  2⤵
  PID:7804
- C:\Windows\System\qBIxhqU.exe
  C:\Windows\System\qBIxhqU.exe
  2⤵
  PID:7892
- C:\Windows\System\TtpCKQz.exe
  C:\Windows\System\TtpCKQz.exe
  2⤵
  PID:628
- C:\Windows\System\sRfRzyN.exe
  C:\Windows\System\sRfRzyN.exe
  2⤵
  PID:7984
- C:\Windows\System\hNaWuKL.exe
  C:\Windows\System\hNaWuKL.exe
  2⤵
  PID:8096
- C:\Windows\System\EQFaPxP.exe
  C:\Windows\System\EQFaPxP.exe
  2⤵
  PID:2376
- C:\Windows\System\odQIqAv.exe
  C:\Windows\System\odQIqAv.exe
  2⤵
  PID:4032
- C:\Windows\System\ycPIhRB.exe
  C:\Windows\System\ycPIhRB.exe
  2⤵
  PID:7264
- C:\Windows\System\GaahGft.exe
  C:\Windows\System\GaahGft.exe
  2⤵
  PID:8048
- C:\Windows\System\ObDTRum.exe
  C:\Windows\System\ObDTRum.exe
  2⤵
  PID:8012
- C:\Windows\System\CxzLvdt.exe
  C:\Windows\System\CxzLvdt.exe
  2⤵
  PID:7620
- C:\Windows\System\swirCQS.exe
  C:\Windows\System\swirCQS.exe
  2⤵
  PID:7792
- C:\Windows\System\pXHQexI.exe
  C:\Windows\System\pXHQexI.exe
  2⤵
  PID:7908
- C:\Windows\System\aqrGhuB.exe
  C:\Windows\System\aqrGhuB.exe
  2⤵
  PID:8024
- C:\Windows\System\WLQqiYa.exe
  C:\Windows\System\WLQqiYa.exe
  2⤵
  PID:4648
- C:\Windows\System\hOLssas.exe
  C:\Windows\System\hOLssas.exe
  2⤵
  PID:7428
- C:\Windows\System\zGnyAWR.exe
  C:\Windows\System\zGnyAWR.exe
  2⤵
  PID:7868
- C:\Windows\System\ufEgsfy.exe
  C:\Windows\System\ufEgsfy.exe
  2⤵
  PID:8160
- C:\Windows\System\XzGTnBO.exe
  C:\Windows\System\XzGTnBO.exe
  2⤵
  PID:4276
- C:\Windows\System\zAvOoCh.exe
  C:\Windows\System\zAvOoCh.exe
  2⤵
  PID:8212
- C:\Windows\System\xeYWYXi.exe
  C:\Windows\System\xeYWYXi.exe
  2⤵
  PID:8240
- C:\Windows\System\MIWTeps.exe
  C:\Windows\System\MIWTeps.exe
  2⤵
  PID:8272
- C:\Windows\System\FZJOqGt.exe
  C:\Windows\System\FZJOqGt.exe
  2⤵
  PID:8300
- C:\Windows\System\eZoJhiT.exe
  C:\Windows\System\eZoJhiT.exe
  2⤵
  PID:8336
- C:\Windows\System\sMUMVWA.exe
  C:\Windows\System\sMUMVWA.exe
  2⤵
  PID:8364
- C:\Windows\System\FgdtHzT.exe
  C:\Windows\System\FgdtHzT.exe
  2⤵
  PID:8392
- C:\Windows\System\aFOfXsu.exe
  C:\Windows\System\aFOfXsu.exe
  2⤵
  PID:8420
- C:\Windows\System\AoZoLVg.exe
  C:\Windows\System\AoZoLVg.exe
  2⤵
  PID:8448
- C:\Windows\System\dRDJbCq.exe
  C:\Windows\System\dRDJbCq.exe
  2⤵
  PID:8476
- C:\Windows\System\STYsPFC.exe
  C:\Windows\System\STYsPFC.exe
  2⤵
  PID:8504
- C:\Windows\System\GMwyOWZ.exe
  C:\Windows\System\GMwyOWZ.exe
  2⤵
  PID:8520
- C:\Windows\System\TGFNQjN.exe
  C:\Windows\System\TGFNQjN.exe
  2⤵
  PID:8564
- C:\Windows\System\OUqBIjU.exe
  C:\Windows\System\OUqBIjU.exe
  2⤵
  PID:8580
- C:\Windows\System\tJQZxog.exe
  C:\Windows\System\tJQZxog.exe
  2⤵
  PID:8620
- C:\Windows\System\biznVTP.exe
  C:\Windows\System\biznVTP.exe
  2⤵
  PID:8648
- C:\Windows\System\KyQVwun.exe
  C:\Windows\System\KyQVwun.exe
  2⤵
  PID:8676
- C:\Windows\System\iYIAQBj.exe
  C:\Windows\System\iYIAQBj.exe
  2⤵
  PID:8704
- C:\Windows\System\FGFwNxv.exe
  C:\Windows\System\FGFwNxv.exe
  2⤵
  PID:8732
- C:\Windows\System\nzmEPNa.exe
  C:\Windows\System\nzmEPNa.exe
  2⤵
  PID:8760
- C:\Windows\System\vIRMsSk.exe
  C:\Windows\System\vIRMsSk.exe
  2⤵
  PID:8788
- C:\Windows\System\uLTsesA.exe
  C:\Windows\System\uLTsesA.exe
  2⤵
  PID:8816
- C:\Windows\System\GynuQwK.exe
  C:\Windows\System\GynuQwK.exe
  2⤵
  PID:8844
- C:\Windows\System\LCEXQLa.exe
  C:\Windows\System\LCEXQLa.exe
  2⤵
  PID:8872
- C:\Windows\System\eqRuevJ.exe
  C:\Windows\System\eqRuevJ.exe
  2⤵
  PID:8900
- C:\Windows\System\PImwxZW.exe
  C:\Windows\System\PImwxZW.exe
  2⤵
  PID:8928
- C:\Windows\System\eHCYmVm.exe
  C:\Windows\System\eHCYmVm.exe
  2⤵
  PID:8956
- C:\Windows\System\LDLJWHx.exe
  C:\Windows\System\LDLJWHx.exe
  2⤵
  PID:8984
- C:\Windows\System\hdlAOpb.exe
  C:\Windows\System\hdlAOpb.exe
  2⤵
  PID:9012
- C:\Windows\System\FEDlAmO.exe
  C:\Windows\System\FEDlAmO.exe
  2⤵
  PID:9040
- C:\Windows\System\qFTRFGf.exe
  C:\Windows\System\qFTRFGf.exe
  2⤵
  PID:9068
- C:\Windows\System\JJuWsEi.exe
  C:\Windows\System\JJuWsEi.exe
  2⤵
  PID:9096
- C:\Windows\System\gNcJcap.exe
  C:\Windows\System\gNcJcap.exe
  2⤵
  PID:9128
- C:\Windows\System\JhgpUkL.exe
  C:\Windows\System\JhgpUkL.exe
  2⤵
  PID:9156
- C:\Windows\System\NNUhDcJ.exe
  C:\Windows\System\NNUhDcJ.exe
  2⤵
  PID:9184
- C:\Windows\System\DvPiyyP.exe
  C:\Windows\System\DvPiyyP.exe
  2⤵
  PID:9212
- C:\Windows\System\xCYiTmG.exe
  C:\Windows\System\xCYiTmG.exe
  2⤵
  PID:8256
- C:\Windows\System\dDHUTsD.exe
  C:\Windows\System\dDHUTsD.exe
  2⤵
  PID:8328
- C:\Windows\System\PdlURJB.exe
  C:\Windows\System\PdlURJB.exe
  2⤵
  PID:8388
- C:\Windows\System\uGztMyd.exe
  C:\Windows\System\uGztMyd.exe
  2⤵
  PID:8468
- C:\Windows\System\JcgNNpm.exe
  C:\Windows\System\JcgNNpm.exe
  2⤵
  PID:8512
- C:\Windows\System\DhttCjh.exe
  C:\Windows\System\DhttCjh.exe
  2⤵
  PID:8596
- C:\Windows\System\JViIWgb.exe
  C:\Windows\System\JViIWgb.exe
  2⤵
  PID:8660
- C:\Windows\System\NEqpxqa.exe
  C:\Windows\System\NEqpxqa.exe
  2⤵
  PID:8724
- C:\Windows\System\wyYLvmA.exe
  C:\Windows\System\wyYLvmA.exe
  2⤵
  PID:8780
- C:\Windows\System\kRDVkVZ.exe
  C:\Windows\System\kRDVkVZ.exe
  2⤵
  PID:8840
- C:\Windows\System\dMUxeXJ.exe
  C:\Windows\System\dMUxeXJ.exe
  2⤵
  PID:8912
- C:\Windows\System\mkvjgka.exe
  C:\Windows\System\mkvjgka.exe
  2⤵
  PID:8976
- C:\Windows\System\Twyolyv.exe
  C:\Windows\System\Twyolyv.exe
  2⤵
  PID:9036
- C:\Windows\System\FaMokNp.exe
  C:\Windows\System\FaMokNp.exe
  2⤵
  PID:9112
- C:\Windows\System\MNRxAdP.exe
  C:\Windows\System\MNRxAdP.exe
  2⤵
  PID:9172
- C:\Windows\System\KVPKhPp.exe
  C:\Windows\System\KVPKhPp.exe
  2⤵
  PID:8224
- C:\Windows\System\yjwQxfh.exe
  C:\Windows\System\yjwQxfh.exe
  2⤵
  PID:8376
- C:\Windows\System\FkNiNVF.exe
  C:\Windows\System\FkNiNVF.exe
  2⤵
  PID:8516
- C:\Windows\System\RCqBWqt.exe
  C:\Windows\System\RCqBWqt.exe
  2⤵
  PID:8644
- C:\Windows\System\HbUCYcu.exe
  C:\Windows\System\HbUCYcu.exe
  2⤵
  PID:8808
- C:\Windows\System\UBuuFuL.exe
  C:\Windows\System\UBuuFuL.exe
  2⤵
  PID:8952
- C:\Windows\System\yCrfhUr.exe
  C:\Windows\System\yCrfhUr.exe
  2⤵
  PID:9092
- C:\Windows\System\DANVEWb.exe
  C:\Windows\System\DANVEWb.exe
  2⤵
  PID:3880
- C:\Windows\System\KoMnyfP.exe
  C:\Windows\System\KoMnyfP.exe
  2⤵
  PID:8444
- C:\Windows\System\UUCpDRq.exe
  C:\Windows\System\UUCpDRq.exe
  2⤵
  PID:8772
- C:\Windows\System\XsSwVLH.exe
  C:\Windows\System\XsSwVLH.exe
  2⤵
  PID:9088
- C:\Windows\System\IMnYFsW.exe
  C:\Windows\System\IMnYFsW.exe
  2⤵
  PID:5028
- C:\Windows\System\txLSYEM.exe
  C:\Windows\System\txLSYEM.exe
  2⤵
  PID:3492
- C:\Windows\System\yIlRZXC.exe
  C:\Windows\System\yIlRZXC.exe
  2⤵
  PID:540
- C:\Windows\System\SYxTeMo.exe
  C:\Windows\System\SYxTeMo.exe
  2⤵
  PID:9244
- C:\Windows\System\sJsgIlM.exe
  C:\Windows\System\sJsgIlM.exe
  2⤵
  PID:9272
- C:\Windows\System\feuQZhi.exe
  C:\Windows\System\feuQZhi.exe
  2⤵
  PID:9300
- C:\Windows\System\JEPKJdR.exe
  C:\Windows\System\JEPKJdR.exe
  2⤵
  PID:9328
- C:\Windows\System\Gxdkdcm.exe
  C:\Windows\System\Gxdkdcm.exe
  2⤵
  PID:9356
- C:\Windows\System\KRyKMiU.exe
  C:\Windows\System\KRyKMiU.exe
  2⤵
  PID:9384
- C:\Windows\System\YxczOwg.exe
  C:\Windows\System\YxczOwg.exe
  2⤵
  PID:9412
- C:\Windows\System\woEUmsK.exe
  C:\Windows\System\woEUmsK.exe
  2⤵
  PID:9440
- C:\Windows\System\fKAlIFe.exe
  C:\Windows\System\fKAlIFe.exe
  2⤵
  PID:9468
- C:\Windows\System\WwUcRDu.exe
  C:\Windows\System\WwUcRDu.exe
  2⤵
  PID:9496
- C:\Windows\System\MdxGdJZ.exe
  C:\Windows\System\MdxGdJZ.exe
  2⤵
  PID:9524
- C:\Windows\System\uUntYhn.exe
  C:\Windows\System\uUntYhn.exe
  2⤵
  PID:9552
- C:\Windows\System\nNlUehj.exe
  C:\Windows\System\nNlUehj.exe
  2⤵
  PID:9580
- C:\Windows\System\dSfrAHe.exe
  C:\Windows\System\dSfrAHe.exe
  2⤵
  PID:9608
- C:\Windows\System\NVfxght.exe
  C:\Windows\System\NVfxght.exe
  2⤵
  PID:9636
- C:\Windows\System\SCeaQdC.exe
  C:\Windows\System\SCeaQdC.exe
  2⤵
  PID:9664
- C:\Windows\System\wPmucCz.exe
  C:\Windows\System\wPmucCz.exe
  2⤵
  PID:9692
- C:\Windows\System\vFcWVxc.exe
  C:\Windows\System\vFcWVxc.exe
  2⤵
  PID:9720
- C:\Windows\System\CgBRTuk.exe
  C:\Windows\System\CgBRTuk.exe
  2⤵
  PID:9748
- C:\Windows\System\jQdExAD.exe
  C:\Windows\System\jQdExAD.exe
  2⤵
  PID:9776
- C:\Windows\System\ansbDVE.exe
  C:\Windows\System\ansbDVE.exe
  2⤵
  PID:9804
- C:\Windows\System\jxsIBIn.exe
  C:\Windows\System\jxsIBIn.exe
  2⤵
  PID:9832
- C:\Windows\System\yGKBDuY.exe
  C:\Windows\System\yGKBDuY.exe
  2⤵
  PID:9860
- C:\Windows\System\xmJZAxI.exe
  C:\Windows\System\xmJZAxI.exe
  2⤵
  PID:9888
- C:\Windows\System\NUcxlWk.exe
  C:\Windows\System\NUcxlWk.exe
  2⤵
  PID:9916
- C:\Windows\System\DpmkCGH.exe
  C:\Windows\System\DpmkCGH.exe
  2⤵
  PID:9944
- C:\Windows\System\lvUhyjE.exe
  C:\Windows\System\lvUhyjE.exe
  2⤵
  PID:9972
- C:\Windows\System\bxooYzL.exe
  C:\Windows\System\bxooYzL.exe
  2⤵
  PID:10000
- C:\Windows\System\MKwnloo.exe
  C:\Windows\System\MKwnloo.exe
  2⤵
  PID:10028
- C:\Windows\System\todrIVL.exe
  C:\Windows\System\todrIVL.exe
  2⤵
  PID:10056
- C:\Windows\System\DbkSLVD.exe
  C:\Windows\System\DbkSLVD.exe
  2⤵
  PID:10084
- C:\Windows\System\gmRazBE.exe
  C:\Windows\System\gmRazBE.exe
  2⤵
  PID:10112
- C:\Windows\System\TdhJpgj.exe
  C:\Windows\System\TdhJpgj.exe
  2⤵
  PID:10140
- C:\Windows\System\eVDNcfq.exe
  C:\Windows\System\eVDNcfq.exe
  2⤵
  PID:10168
- C:\Windows\System\CGwCKvc.exe
  C:\Windows\System\CGwCKvc.exe
  2⤵
  PID:10196
- C:\Windows\System\BByQrnH.exe
  C:\Windows\System\BByQrnH.exe
  2⤵
  PID:10224
- C:\Windows\System\odbmrBq.exe
  C:\Windows\System\odbmrBq.exe
  2⤵
  PID:9240
- C:\Windows\System\PpkxFRh.exe
  C:\Windows\System\PpkxFRh.exe
  2⤵
  PID:9296
- C:\Windows\System\LhKwBaw.exe
  C:\Windows\System\LhKwBaw.exe
  2⤵
  PID:9372
- C:\Windows\System\gQcZYhu.exe
  C:\Windows\System\gQcZYhu.exe
  2⤵
  PID:9424
- C:\Windows\System\deHxfUR.exe
  C:\Windows\System\deHxfUR.exe
  2⤵
  PID:9464
- C:\Windows\System\kisZJDn.exe
  C:\Windows\System\kisZJDn.exe
  2⤵
  PID:9540
- C:\Windows\System\uRJAAJc.exe
  C:\Windows\System\uRJAAJc.exe
  2⤵
  PID:9596
- C:\Windows\System\qHaOWnz.exe
  C:\Windows\System\qHaOWnz.exe
  2⤵
  PID:9656
- C:\Windows\System\UJvAecC.exe
  C:\Windows\System\UJvAecC.exe
  2⤵
  PID:9712
- C:\Windows\System\pzCSHsL.exe
  C:\Windows\System\pzCSHsL.exe
  2⤵
  PID:9768
- C:\Windows\System\pTaSAUU.exe
  C:\Windows\System\pTaSAUU.exe
  2⤵
  PID:9828
- C:\Windows\System\UhMHmbG.exe
  C:\Windows\System\UhMHmbG.exe
  2⤵
  PID:9884
- C:\Windows\System\egWtAiv.exe
  C:\Windows\System\egWtAiv.exe
  2⤵
  PID:9956
- C:\Windows\System\brYKHRe.exe
  C:\Windows\System\brYKHRe.exe
  2⤵
  PID:10020
- C:\Windows\System\XTJsrLQ.exe
  C:\Windows\System\XTJsrLQ.exe
  2⤵
  PID:10080
- C:\Windows\System\mjLZDvq.exe
  C:\Windows\System\mjLZDvq.exe
  2⤵
  PID:10152
- C:\Windows\System\dKJecUJ.exe
  C:\Windows\System\dKJecUJ.exe
  2⤵
  PID:10216
- C:\Windows\System\FxUHfHk.exe
  C:\Windows\System\FxUHfHk.exe
  2⤵
  PID:9348
- C:\Windows\System\jpOrtyl.exe
  C:\Windows\System\jpOrtyl.exe
  2⤵
  PID:5096
- C:\Windows\System\JRrsTNZ.exe
  C:\Windows\System\JRrsTNZ.exe
  2⤵
  PID:9548
- C:\Windows\System\bCkhteZ.exe
  C:\Windows\System\bCkhteZ.exe
  2⤵
  PID:9688
- C:\Windows\System\nDneIOb.exe
  C:\Windows\System\nDneIOb.exe
  2⤵
  PID:9800
- C:\Windows\System\XAWjCXh.exe
  C:\Windows\System\XAWjCXh.exe
  2⤵
  PID:9932
- C:\Windows\System\sClgILb.exe
  C:\Windows\System\sClgILb.exe
  2⤵
  PID:10068
- C:\Windows\System\ZpYmRdP.exe
  C:\Windows\System\ZpYmRdP.exe
  2⤵
  PID:10212
- C:\Windows\System\odsFmSj.exe
  C:\Windows\System\odsFmSj.exe
  2⤵
  PID:908
- C:\Windows\System\zrYvsGQ.exe
  C:\Windows\System\zrYvsGQ.exe
  2⤵
  PID:3948
- C:\Windows\System\GLBciox.exe
  C:\Windows\System\GLBciox.exe
  2⤵
  PID:9408
- C:\Windows\System\CXCqqwy.exe
  C:\Windows\System\CXCqqwy.exe
  2⤵
  PID:1796
- C:\Windows\System\fsjorLz.exe
  C:\Windows\System\fsjorLz.exe
  2⤵
  PID:10016
- C:\Windows\System\jrzLfsQ.exe
  C:\Windows\System\jrzLfsQ.exe
  2⤵
  PID:792
- C:\Windows\System\gHUdRLJ.exe
  C:\Windows\System\gHUdRLJ.exe
  2⤵
  PID:9520
- C:\Windows\System\qscprni.exe
  C:\Windows\System\qscprni.exe
  2⤵
  PID:2788
- C:\Windows\System\tguCAyi.exe
  C:\Windows\System\tguCAyi.exe
  2⤵
  PID:10180
- C:\Windows\System\OyLsSXZ.exe
  C:\Windows\System\OyLsSXZ.exe
  2⤵
  PID:10256
- C:\Windows\System\GTRIxkf.exe
  C:\Windows\System\GTRIxkf.exe
  2⤵
  PID:10284
- C:\Windows\System\xHoGVDd.exe
  C:\Windows\System\xHoGVDd.exe
  2⤵
  PID:10312
- C:\Windows\System\huBOMEt.exe
  C:\Windows\System\huBOMEt.exe
  2⤵
  PID:10340
- C:\Windows\System\gKVFQkU.exe
  C:\Windows\System\gKVFQkU.exe
  2⤵
  PID:10368
- C:\Windows\System\GfxOphr.exe
  C:\Windows\System\GfxOphr.exe
  2⤵
  PID:10396
- C:\Windows\System\OZKaYhr.exe
  C:\Windows\System\OZKaYhr.exe
  2⤵
  PID:10424
- C:\Windows\System\qXxeLfU.exe
  C:\Windows\System\qXxeLfU.exe
  2⤵
  PID:10452
- C:\Windows\System\ctMxlCe.exe
  C:\Windows\System\ctMxlCe.exe
  2⤵
  PID:10480
- C:\Windows\System\ARjLToN.exe
  C:\Windows\System\ARjLToN.exe
  2⤵
  PID:10508
- C:\Windows\System\SMQxiDS.exe
  C:\Windows\System\SMQxiDS.exe
  2⤵
  PID:10536
- C:\Windows\System\EyQqHJB.exe
  C:\Windows\System\EyQqHJB.exe
  2⤵
  PID:10564
- C:\Windows\System\ThOVgMr.exe
  C:\Windows\System\ThOVgMr.exe
  2⤵
  PID:10592
- C:\Windows\System\fAqfnWw.exe
  C:\Windows\System\fAqfnWw.exe
  2⤵
  PID:10620
- C:\Windows\System\HSglnuh.exe
  C:\Windows\System\HSglnuh.exe
  2⤵
  PID:10648
- C:\Windows\System\bXwuGyJ.exe
  C:\Windows\System\bXwuGyJ.exe
  2⤵
  PID:10676
- C:\Windows\System\ETtqXHt.exe
  C:\Windows\System\ETtqXHt.exe
  2⤵
  PID:10704
- C:\Windows\System\JqoEFxY.exe
  C:\Windows\System\JqoEFxY.exe
  2⤵
  PID:10732
- C:\Windows\System\iNzgqeu.exe
  C:\Windows\System\iNzgqeu.exe
  2⤵
  PID:10760
- C:\Windows\System\HcDyfDj.exe
  C:\Windows\System\HcDyfDj.exe
  2⤵
  PID:10788
- C:\Windows\System\xmrSOTo.exe
  C:\Windows\System\xmrSOTo.exe
  2⤵
  PID:10816
- C:\Windows\System\IyvKcAd.exe
  C:\Windows\System\IyvKcAd.exe
  2⤵
  PID:10844
- C:\Windows\System\pTrEFyZ.exe
  C:\Windows\System\pTrEFyZ.exe
  2⤵
  PID:10872
- C:\Windows\System\KeJCOZl.exe
  C:\Windows\System\KeJCOZl.exe
  2⤵
  PID:10900
- C:\Windows\System\gWAgPkz.exe
  C:\Windows\System\gWAgPkz.exe
  2⤵
  PID:10928
- C:\Windows\System\RDRLaEi.exe
  C:\Windows\System\RDRLaEi.exe
  2⤵
  PID:10960
- C:\Windows\System\VuHHIsp.exe
  C:\Windows\System\VuHHIsp.exe
  2⤵
  PID:10988
- C:\Windows\System\ziyQeVe.exe
  C:\Windows\System\ziyQeVe.exe
  2⤵
  PID:11016
- C:\Windows\System\SUvKnFG.exe
  C:\Windows\System\SUvKnFG.exe
  2⤵
  PID:11044
- C:\Windows\System\QdBNAKn.exe
  C:\Windows\System\QdBNAKn.exe
  2⤵
  PID:11072
- C:\Windows\System\ZySdQry.exe
  C:\Windows\System\ZySdQry.exe
  2⤵
  PID:11100
- C:\Windows\System\xAtiBSZ.exe
  C:\Windows\System\xAtiBSZ.exe
  2⤵
  PID:11128
- C:\Windows\System\fMxFIsT.exe
  C:\Windows\System\fMxFIsT.exe
  2⤵
  PID:11156
- C:\Windows\System\tCfxnqG.exe
  C:\Windows\System\tCfxnqG.exe
  2⤵
  PID:11184
- C:\Windows\System\XYarenj.exe
  C:\Windows\System\XYarenj.exe
  2⤵
  PID:11212
- C:\Windows\System\UEncmKZ.exe
  C:\Windows\System\UEncmKZ.exe
  2⤵
  PID:11240
- C:\Windows\System\MOCgKZO.exe
  C:\Windows\System\MOCgKZO.exe
  2⤵
  PID:10248
- C:\Windows\System\nIYqWvp.exe
  C:\Windows\System\nIYqWvp.exe
  2⤵
  PID:10308
- C:\Windows\System\ZNezbYs.exe
  C:\Windows\System\ZNezbYs.exe
  2⤵
  PID:10380
- C:\Windows\System\fNAqknB.exe
  C:\Windows\System\fNAqknB.exe
  2⤵
  PID:10444
- C:\Windows\System\zMavGbk.exe
  C:\Windows\System\zMavGbk.exe
  2⤵
  PID:10504
- C:\Windows\System\LmQWzxG.exe
  C:\Windows\System\LmQWzxG.exe
  2⤵
  PID:10576
- C:\Windows\System\usdIxyj.exe
  C:\Windows\System\usdIxyj.exe
  2⤵
  PID:10636
- C:\Windows\System\uKhuPwc.exe
  C:\Windows\System\uKhuPwc.exe
  2⤵
  PID:10696
- C:\Windows\System\RpWndPf.exe
  C:\Windows\System\RpWndPf.exe
  2⤵
  PID:10756
- C:\Windows\System\ugaZaKT.exe
  C:\Windows\System\ugaZaKT.exe
  2⤵
  PID:10832
- C:\Windows\System\QitIyom.exe
  C:\Windows\System\QitIyom.exe
  2⤵
  PID:10892
- C:\Windows\System\QXddgZF.exe
  C:\Windows\System\QXddgZF.exe
  2⤵
  PID:10956
- C:\Windows\System\DFVOxvX.exe
  C:\Windows\System\DFVOxvX.exe
  2⤵
  PID:11032
- C:\Windows\System\QJYvIdH.exe
  C:\Windows\System\QJYvIdH.exe
  2⤵
  PID:11092
- C:\Windows\System\ogxNXci.exe
  C:\Windows\System\ogxNXci.exe
  2⤵
  PID:3576
- C:\Windows\System\ziWpGQa.exe
  C:\Windows\System\ziWpGQa.exe
  2⤵
  PID:11152
- C:\Windows\System\CHLweob.exe
  C:\Windows\System\CHLweob.exe
  2⤵
  PID:11228
- C:\Windows\System\rqIObYq.exe
  C:\Windows\System\rqIObYq.exe
  2⤵
  PID:10296
- C:\Windows\System\pGZTpAX.exe
  C:\Windows\System\pGZTpAX.exe
  2⤵
  PID:10436
- C:\Windows\System\WQwWqlV.exe
  C:\Windows\System\WQwWqlV.exe
  2⤵
  PID:10588
- C:\Windows\System\wDFyUTf.exe
  C:\Windows\System\wDFyUTf.exe
  2⤵
  PID:10744
- C:\Windows\System\gCcEXac.exe
  C:\Windows\System\gCcEXac.exe
  2⤵
  PID:10884
- C:\Windows\System\uqMkHjl.exe
  C:\Windows\System\uqMkHjl.exe
  2⤵
  PID:11056
- C:\Windows\System\KjzWQpk.exe
  C:\Windows\System\KjzWQpk.exe
  2⤵
  PID:3644
- C:\Windows\System\AyadlRj.exe
  C:\Windows\System\AyadlRj.exe
  2⤵
  PID:10276
- C:\Windows\System\fQBPoIs.exe
  C:\Windows\System\fQBPoIs.exe
  2⤵
  PID:10672
- C:\Windows\System\IWLueQK.exe
  C:\Windows\System\IWLueQK.exe
  2⤵
  PID:11008
- C:\Windows\System\qXgTQww.exe
  C:\Windows\System\qXgTQww.exe
  2⤵
  PID:9984
- C:\Windows\System\QHrYItd.exe
  C:\Windows\System\QHrYItd.exe
  2⤵
  PID:2348
- C:\Windows\System\BJBgnCe.exe
  C:\Windows\System\BJBgnCe.exe
  2⤵
  PID:10560
- C:\Windows\System\HaGRhQG.exe
  C:\Windows\System\HaGRhQG.exe
  2⤵
  PID:11284
- C:\Windows\System\kVGTaFu.exe
  C:\Windows\System\kVGTaFu.exe
  2⤵
  PID:11300
- C:\Windows\System\FVIdKMl.exe
  C:\Windows\System\FVIdKMl.exe
  2⤵
  PID:11336
- C:\Windows\System\FCICYtv.exe
  C:\Windows\System\FCICYtv.exe
  2⤵
  PID:11368
- C:\Windows\System\WYHNVNL.exe
  C:\Windows\System\WYHNVNL.exe
  2⤵
  PID:11396
- C:\Windows\System\lmOolkL.exe
  C:\Windows\System\lmOolkL.exe
  2⤵
  PID:11424
- C:\Windows\System\yvSUjTG.exe
  C:\Windows\System\yvSUjTG.exe
  2⤵
  PID:11452
- C:\Windows\System\DUrMZpe.exe
  C:\Windows\System\DUrMZpe.exe
  2⤵
  PID:11480
- C:\Windows\System\sKQDOLf.exe
  C:\Windows\System\sKQDOLf.exe
  2⤵
  PID:11508
- C:\Windows\System\FkdhCvs.exe
  C:\Windows\System\FkdhCvs.exe
  2⤵
  PID:11540
- C:\Windows\System\SQVZkYH.exe
  C:\Windows\System\SQVZkYH.exe
  2⤵
  PID:11568
- C:\Windows\System\jKXYvHY.exe
  C:\Windows\System\jKXYvHY.exe
  2⤵
  PID:11596
- C:\Windows\System\esHtUhu.exe
  C:\Windows\System\esHtUhu.exe
  2⤵
  PID:11624
- C:\Windows\System\EFCsDcU.exe
  C:\Windows\System\EFCsDcU.exe
  2⤵
  PID:11652
- C:\Windows\System\ulgYmYA.exe
  C:\Windows\System\ulgYmYA.exe
  2⤵
  PID:11680
- C:\Windows\System\DNOzbdl.exe
  C:\Windows\System\DNOzbdl.exe
  2⤵
  PID:11708
- C:\Windows\System\ezXFhxW.exe
  C:\Windows\System\ezXFhxW.exe
  2⤵
  PID:11736
- C:\Windows\System\jlNeCkN.exe
  C:\Windows\System\jlNeCkN.exe
  2⤵
  PID:11764
- C:\Windows\System\zdGmFlR.exe
  C:\Windows\System\zdGmFlR.exe
  2⤵
  PID:11792
- C:\Windows\System\xwzTBNW.exe
  C:\Windows\System\xwzTBNW.exe
  2⤵
  PID:11820
- C:\Windows\System\MrhSBKE.exe
  C:\Windows\System\MrhSBKE.exe
  2⤵
  PID:11848
- C:\Windows\System\YXQsxnT.exe
  C:\Windows\System\YXQsxnT.exe
  2⤵
  PID:11876
- C:\Windows\System\BPMwlSp.exe
  C:\Windows\System\BPMwlSp.exe
  2⤵
  PID:11904
- C:\Windows\System\ELjJUym.exe
  C:\Windows\System\ELjJUym.exe
  2⤵
  PID:11932
- C:\Windows\System\ToqsoPG.exe
  C:\Windows\System\ToqsoPG.exe
  2⤵
  PID:11960
- C:\Windows\System\UEOZCuN.exe
  C:\Windows\System\UEOZCuN.exe
  2⤵
  PID:11988
- C:\Windows\System\QZaXzll.exe
  C:\Windows\System\QZaXzll.exe
  2⤵
  PID:12016
- C:\Windows\System\qiQDoFh.exe
  C:\Windows\System\qiQDoFh.exe
  2⤵
  PID:12044
- C:\Windows\System\vWboAWy.exe
  C:\Windows\System\vWboAWy.exe
  2⤵
  PID:12072
- C:\Windows\System\kytXwIt.exe
  C:\Windows\System\kytXwIt.exe
  2⤵
  PID:12100
- C:\Windows\System\rcdfduv.exe
  C:\Windows\System\rcdfduv.exe
  2⤵
  PID:12128
- C:\Windows\System\bYwpZAf.exe
  C:\Windows\System\bYwpZAf.exe
  2⤵
  PID:12156
- C:\Windows\System\cTyIauz.exe
  C:\Windows\System\cTyIauz.exe
  2⤵
  PID:12184
- C:\Windows\System\TwzSoYW.exe
  C:\Windows\System\TwzSoYW.exe
  2⤵
  PID:12212
- C:\Windows\System\ApSAsiZ.exe
  C:\Windows\System\ApSAsiZ.exe
  2⤵
  PID:12240
- C:\Windows\System\DyMFfKZ.exe
  C:\Windows\System\DyMFfKZ.exe
  2⤵
  PID:12268
- C:\Windows\System\IPkyQZj.exe
  C:\Windows\System\IPkyQZj.exe
  2⤵
  PID:11280
- C:\Windows\System\DiMPgnc.exe
  C:\Windows\System\DiMPgnc.exe
  2⤵
  PID:11352
- C:\Windows\System\diuDlSf.exe
  C:\Windows\System\diuDlSf.exe
  2⤵
  PID:11416
- C:\Windows\System\TuvBbUH.exe
  C:\Windows\System\TuvBbUH.exe
  2⤵
  PID:11476
- C:\Windows\System\RowlXya.exe
  C:\Windows\System\RowlXya.exe
  2⤵
  PID:11552
- C:\Windows\System\pLCnGGM.exe
  C:\Windows\System\pLCnGGM.exe
  2⤵
  PID:4312
- C:\Windows\System\wGpNbRz.exe
  C:\Windows\System\wGpNbRz.exe
  2⤵
  PID:11676
- C:\Windows\System\dGJvGRm.exe
  C:\Windows\System\dGJvGRm.exe
  2⤵
  PID:11732
- C:\Windows\System\DyftApP.exe
  C:\Windows\System\DyftApP.exe
  2⤵
  PID:11808
- C:\Windows\System\PwdTRUa.exe
  C:\Windows\System\PwdTRUa.exe
  2⤵
  PID:11868
- C:\Windows\System\rhwoCLD.exe
  C:\Windows\System\rhwoCLD.exe
  2⤵
  PID:11924
- C:\Windows\System\NrjjlSO.exe
  C:\Windows\System\NrjjlSO.exe
  2⤵
  PID:11984
- C:\Windows\System\UGjvzpV.exe
  C:\Windows\System\UGjvzpV.exe
  2⤵
  PID:12056
- C:\Windows\System\vvaqqOP.exe
  C:\Windows\System\vvaqqOP.exe
  2⤵
  PID:12120
- C:\Windows\System\vxrVpCe.exe
  C:\Windows\System\vxrVpCe.exe
  2⤵
  PID:12180
- C:\Windows\System\FWlZbcF.exe
  C:\Windows\System\FWlZbcF.exe
  2⤵
  PID:12252
- C:\Windows\System\SVcVxUY.exe
  C:\Windows\System\SVcVxUY.exe
  2⤵
  PID:11332
- C:\Windows\System\xnnmeFn.exe
  C:\Windows\System\xnnmeFn.exe
  2⤵
  PID:11472
- C:\Windows\System\sFPPPbE.exe
  C:\Windows\System\sFPPPbE.exe
  2⤵
  PID:11636
- C:\Windows\System\UoeXzqM.exe
  C:\Windows\System\UoeXzqM.exe
  2⤵
  PID:11780
- C:\Windows\System\RnrnKCA.exe
  C:\Windows\System\RnrnKCA.exe
  2⤵
  PID:4964
- C:\Windows\System\horibOA.exe
  C:\Windows\System\horibOA.exe
  2⤵
  PID:12084
- C:\Windows\System\jxzEnAa.exe
  C:\Windows\System\jxzEnAa.exe
  2⤵
  PID:12236
- C:\Windows\System\NNmCkIS.exe
  C:\Windows\System\NNmCkIS.exe
  2⤵
  PID:11464
- C:\Windows\System\LsjQwBe.exe
  C:\Windows\System\LsjQwBe.exe
  2⤵
  PID:4540
- C:\Windows\System\UReQrWM.exe
  C:\Windows\System\UReQrWM.exe
  2⤵
  PID:12040
- C:\Windows\System\GeYmfOP.exe
  C:\Windows\System\GeYmfOP.exe
  2⤵
  PID:11608
- C:\Windows\System\SKMcRUN.exe
  C:\Windows\System\SKMcRUN.exe
  2⤵
  PID:11392
- C:\Windows\System\Iiszmpa.exe
  C:\Windows\System\Iiszmpa.exe
  2⤵
  PID:12296
- C:\Windows\System\PZIpRcC.exe
  C:\Windows\System\PZIpRcC.exe
  2⤵
  PID:12324
- C:\Windows\System\MwJJQmq.exe
  C:\Windows\System\MwJJQmq.exe
  2⤵
  PID:12352
- C:\Windows\System\jrjEgUd.exe
  C:\Windows\System\jrjEgUd.exe
  2⤵
  PID:12380
- C:\Windows\System\HmWstjQ.exe
  C:\Windows\System\HmWstjQ.exe
  2⤵
  PID:12408
- C:\Windows\System\SINLryW.exe
  C:\Windows\System\SINLryW.exe
  2⤵
  PID:12436
- C:\Windows\System\gxosbXk.exe
  C:\Windows\System\gxosbXk.exe
  2⤵
  PID:12464
- C:\Windows\System\kdBCbbe.exe
  C:\Windows\System\kdBCbbe.exe
  2⤵
  PID:12492
- C:\Windows\System\WSDLwvP.exe
  C:\Windows\System\WSDLwvP.exe
  2⤵
  PID:12520
- C:\Windows\System\qbyRjtx.exe
  C:\Windows\System\qbyRjtx.exe
  2⤵
  PID:12548
- C:\Windows\System\iGMiAcH.exe
  C:\Windows\System\iGMiAcH.exe
  2⤵
  PID:12576
- C:\Windows\System\yVFTwfW.exe
  C:\Windows\System\yVFTwfW.exe
  2⤵
  PID:12604
- C:\Windows\System\HFVAbNb.exe
  C:\Windows\System\HFVAbNb.exe
  2⤵
  PID:12632
- C:\Windows\System\GRTCzIb.exe
  C:\Windows\System\GRTCzIb.exe
  2⤵
  PID:12660
- C:\Windows\System\HtTVVMC.exe
  C:\Windows\System\HtTVVMC.exe
  2⤵
  PID:12688
- C:\Windows\System\uXrebra.exe
  C:\Windows\System\uXrebra.exe
  2⤵
  PID:12716
- C:\Windows\System\meHAZng.exe
  C:\Windows\System\meHAZng.exe
  2⤵
  PID:12744
- C:\Windows\System\fqLgujx.exe
  C:\Windows\System\fqLgujx.exe
  2⤵
  PID:12772
- C:\Windows\System\eSjDIQS.exe
  C:\Windows\System\eSjDIQS.exe
  2⤵
  PID:12800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ntf2cmt2.qbp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DwfiTIO.exe

Filesize
3.1MB

MD5
29fa78cec66d218db37a5fc919102b44

SHA1
6c275a4067bc084681798c452190a586e572ef21

SHA256
ff275977c58066a0b85728638a5610525973c387def240a633bfd5047194fdc1

SHA512
3f7358d325ecfd053398c9efed3195980488580e91cfa7f7ed2d4d7a3a69b4117ad3cfe7f40895b73fcaa7311e1549b025995592f84d8c623c99b1381868eaed

Download Submit
C:\Windows\System\EqaTGFE.exe

Filesize
3.1MB

MD5
1d813a6526d4e2350bb3226337f4207e

SHA1
9cac62849b153760aeb3b46ab8005901ef0037f3

SHA256
ee0c3e39166aca0b0ff7c5331dbd76e4b53c1fdb3cd90d5b5e355fb179506d0d

SHA512
32000eb7648f9749b51fc90ddeb71c58570eed80cfb8bcf8eeffef33e97d2b36574644c38a81fcbe765a09a7f84aaf6699bc19f0e98df7413177e20249c190a5

Download Submit
C:\Windows\System\GEzhXTo.exe

Filesize
3.1MB

MD5
e4db2d00df144f1e596f0e42b71aca68

SHA1
8cdae81b925b21f3a6275e56314888e827583e6e

SHA256
780c12042550b620baa956be090eb1da35a027e243b9099aa5bcc567625d6eba

SHA512
706a9ce338f9b683c72acd807a792f237ddc1f4943f821b53cb5148a45f5e34550334bee48a9bc2ae015d3e5f8709ec91ffc48d353f530a4881131927dab85c5

Download Submit
C:\Windows\System\GipOXwX.exe

Filesize
3.1MB

MD5
00bc5844597d85bc9ebbaae1e3b253d9

SHA1
ebfcdee0d0b4c1d39f383e781fb990e78b2e6890

SHA256
75ea8919e462eef994ba5a8009e49fc41cb3b7c6b88da80db76e083953e4e7fc

SHA512
c0acf7ad6696780419cb5b80c2f4b5c04ced8150dd75240d9d3526f3505f07a9a258f42a8a72777aaa09aabdb9611fc06e05422b42f28109a7b3c62eb65f2fd6

Download Submit
C:\Windows\System\GqKcJoP.exe

Filesize
3.1MB

MD5
9a711d8946779c78837cdab4c7b82f38

SHA1
ca0ee88bb19926ff7b162496889256a04fc584df

SHA256
43be55c93c7e87877e0f1ea0a6e6e8370b16ec8d8b37d77065486c2d8e0ee091

SHA512
f1dddc036f42b7197438822cab107b5e92d495073e5d14b40636dd0a8fa1314ce997773326ef6ee448b96098f41a45529a9c5229e20fd60ad1a6981bde197a78

Download Submit
C:\Windows\System\JvkTOqO.exe

Filesize
3.1MB

MD5
c091327c84e9d033d2ebb171ea17594d

SHA1
5dd3367608f05c16bb76ae33f1bc5b4131bcbdf0

SHA256
684a583c96e871b7079204e7c69eebe2363344962d03fedefa4c180e08e59a1e

SHA512
e828a3a3c8cef542acf55f8a66b095e0ce15eeeccf21d17428baf3de84bd7fc8643052dce2fffcdde8b5e83a6f7ce0d7010255fc190170b56a7548eaa7ad9e52

Download Submit
C:\Windows\System\KXZitdA.exe

Filesize
3.1MB

MD5
1adcbae2ae8dab5f9e2b8930a25fa8eb

SHA1
603a8603f77025d0957723477e087a5afb99b276

SHA256
3c634350864007f3bc14de59971e5b2ec2b07bc72ca89a9dac4086f2f8523b65

SHA512
8a89b2650c84d2fd7e150f7413bbec93aa550ad216389f28826c387413a69b0476807ce3264be85afe7907188578a42773f1ff19c5e98d27328c57fabcb1b13d

Download Submit
C:\Windows\System\MDvnTsp.exe

Filesize
3.1MB

MD5
bb8d6023733ff3c42d32592f18cf8454

SHA1
f40d8f5c04dbdb31305417b4eecdc4d48eb6f32f

SHA256
a4e1a838a66006ac40da07e2173905eb59ddd928a06161097c4597a4f459031d

SHA512
aeaf5abc4122656136ad3abc672d739791aa6b6058bad8578c0093793924070207c9e94d137e0c5622c20e9d0e821ad0b202e71d468f2d12f470a9e602c3fb76

Download Submit
C:\Windows\System\NOSYCSR.exe

Filesize
3.1MB

MD5
0eb8d220f331bb647d9ddebd227f292e

SHA1
9c6722bdc43f8d0aacc769fc8bb1585698732538

SHA256
cda14d05943d9c1ab68689035d249239a335dde8fd71fab20ab2178e89074a95

SHA512
9ffcc63039e097c77cd61048ecd2a1bc9b071b72b6e5b2f48af6335bdfa3af206f84a4c52c711c7d28ed9976101c9967dddefcc1d28e704b69db834917e65e2f

Download Submit
C:\Windows\System\QXjyUQh.exe

Filesize
3.1MB

MD5
9dd48c6c452f92fc85de5f05a613d01b

SHA1
029e000442bb02d65ec37316b97220522cc6a3bf

SHA256
dc4077b8a284418311125ac543be013d148823120359ec96b978d1ab78f8dc4e

SHA512
bcd2a1d99a5feb6c712f5532afc3d03d607532c09044da130c159d766c670ec4d401e76bfc8ffc778e30cd7d4d6f5a8de449343f93d5b58b6a3396e3f22376fc

Download Submit
C:\Windows\System\SPGEkVR.exe

Filesize
3.1MB

MD5
1ef4b0af3ddf3987456a3bdb68d8ddf9

SHA1
33d138601bf8af65e7e7adbef5ae7cd9a3750065

SHA256
081b5d909948cf2558068e36eb869dc174a2e086aa5ee8ca6ace9f3f43236f7e

SHA512
53ea1880903ccbad0b7c0a0f25a91932776c9aed335bfa59334c86e36c7692655a0ae1efbee5283678dc48ba40cdba95b51bdcfece77f6154e946f5605842263

Download Submit
C:\Windows\System\TSZGlBL.exe

Filesize
3.1MB

MD5
53f41b0b6f8a8e340ec21abf3a5a9580

SHA1
b40d120ece5b1f145e25db6a5c3024f5c3bfd19f

SHA256
b9695f95e2b36f86699bc6041bd6f60315f66b638eb85fa1e864c93379a3a2ae

SHA512
60e7aa56bd946fbe8722a27409c9fe8ae640ae00f33c7cce172d13f955142c09d42f0f1340e428b356cb25f234d138968c5850fb5528ddbb8187df17c32416a3

Download Submit
C:\Windows\System\WhHKUOe.exe

Filesize
3.1MB

MD5
5c5ad2ed1552527a9b843e3cf5a06b92

SHA1
aae918e45d01e30ab7d8b705582f34cfe15c46a7

SHA256
eba65874a37e6480f0a6fcd95e9b3cc61c4902bb648ce60f9b935bdb6cae995d

SHA512
4ffff36fb35659e1d601acf7471c79f88f3c29d60949ef2645c6a9fbf672108d9a94f32a28e5d57cda5cd6f1c4bbc20da221ea1c67b53705cc3105ede1d722c8

Download Submit
C:\Windows\System\WyqRAkx.exe

Filesize
3.1MB

MD5
bef7e72ada0c8449cb6364f062a9c5bc

SHA1
84324431e86ca475971aaa8e42e20491b87b5bb8

SHA256
4cc5de8d6e1873d3141ded54544c022a6068f258cb579d961170b2d87fb6011b

SHA512
778c1144988768cafbe6a44066b4db1a876ae9b2b2373410af176e0d8ee1348434f5f14067f62b8355b6a7913498e683189436c209b94a7dfbe2ceb3ca44b259

Download Submit
C:\Windows\System\XHbXDie.exe

Filesize
3.1MB

MD5
3cb5e71db5163f57b401f20d5b6b4a58

SHA1
5ae23158ac1ba4483b46235a2bb30116f4178e35

SHA256
cdfc69ff48236ffbb28472ecc31aa021f7db682f594d424fed1b559b32dafeed

SHA512
5df31d8884a77e67cdef50b7dc3c8b61e7153236cc499c6376cf4142f435c83192c2a13ed6cb1167280b0efb79adcbfcc4e1416886552cc07d6d87230e2e14b5

Download Submit
C:\Windows\System\XmLlTvy.exe

Filesize
3.1MB

MD5
f8eb5f8c4b0294256a166c829af7721d

SHA1
8f021f2a4109073b5bb48e62800cc9331f79751d

SHA256
f7106ac31bea07f44e624dd43cca252c324a51cdcef88f2bed6b7c22058d16eb

SHA512
88965c7b39de68109a892a4549803e8c67dbb7e94f135ee52cba01e89f8beb515fc06c0b30658f3c8cc44c83e67ea3d5a604483c370b9cd705ccde968b8a84e5

Download Submit
C:\Windows\System\ajMDpaF.exe

Filesize
3.1MB

MD5
92a43e5fb1d031e5a399310d6b632cdb

SHA1
ec209b097afd89e98046600822b391aa4c1c205c

SHA256
47648e63d98ff02c4aa09149dfea719481ee33d07471185fef1c24f5015877dc

SHA512
5483de3df783ec6e7b701746669ab6f6cd6ae14e4d9220162999e3ca53766bef06e37e4e8525c8b231e62844e0de0eb739f044489af387227e7d5533f498aefd

Download Submit
C:\Windows\System\fkmsaWY.exe

Filesize
3.1MB

MD5
e709bd9afec24b0c042cc7125b574032

SHA1
b824963c6f84339398e8dd3911103fef92d2e2ae

SHA256
b4fbd747351f198491f468fd833d431285934725ccaaedc17e1b906995e9746d

SHA512
96472ba156354ebd1f2788aa477759fbd6b80f3a3a9b4b5b6150dbc8fcb4b915f7887c8e9d5d66a9fc5a9ec8cd19d1c3c40a6abee79db01f188d5f81c7724b48

Download Submit
C:\Windows\System\gbarzIT.exe

Filesize
3.1MB

MD5
b4a75c8b05f68b5b2a589b6d3d6a4e0c

SHA1
ed296e0361d1de592ec17ce9296c1e38db6a6dfd

SHA256
7291cfc794c8793c86a86c717cbe3eb4715c5ccf8d5520bf9d3d0724b3b9e783

SHA512
f4b422e124f22fab0e543b55fc4484232b4788588efdac3ddfbe685d67a2222a0dc37489b09c6131e792012a0180b1f83696243d78b425030aff69c96a2bf8b9

Download Submit
C:\Windows\System\hPUtASx.exe

Filesize
3.1MB

MD5
0ff72916dbd80484097ff462a22aba18

SHA1
e34b271f5f0b603d2ce859f23f058db54faaec2e

SHA256
2c5b2c54909a418e96d1853ab8335a720dba0e94572a9030da8d5592120ef57f

SHA512
1bcbff4bc62fbe1a302313ffa59a3142609647601f7a7d8a1436733b8f5f3330f4ea489241c31ffad0b0bfd6be8706a7b99ca74c8fbf9d39a13813fd8e1eb7e4

Download Submit
C:\Windows\System\lhIoLXK.exe

Filesize
3.1MB

MD5
ff018c37aa7274ad18985c20a60af282

SHA1
88df7fa493aeecad248caf839262dbf431291b45

SHA256
24afee36730fe2169b087ce67a9c79bca4e4ef45089585fc047e33fbfb63b21d

SHA512
a2197e8bf3fde42d67fc0e283ff9b9bb87cbc8536c3a268e57468b7a35826dc62a55fbc51a49dd11cf424ff177c0e2c3c012785e0066689adeed41b07fd110f2

Download Submit
C:\Windows\System\lvAVSkp.exe

Filesize
3.1MB

MD5
d3444c79912ce338a7d9eefc08ecc8e8

SHA1
0e3065976ee614110bd33788914a406ec12ea81e

SHA256
cfabdc91228bb3cf736c163dc781624121f1f87be7417bef032bf3d809fc73a0

SHA512
7d4c7e7fa2e30fbfc5817e18a6e64c08b47c02038e95b82b63b150bd9de6d3c052e20ec95c0cc9dceb848f68a706c53dcd0aaf8a489f7deed4a0a988cc2426b2

Download Submit
C:\Windows\System\nmSXkWU.exe

Filesize
3.1MB

MD5
b447d1273906958cc04e5da1622e4b16

SHA1
5a4ebb4a88f6131d923a94e2f9ad9d587622398b

SHA256
e3bb1b050739f0ee083b3143b1e8ddd2e577dafcee86ca69f99ddcbe1e675de0

SHA512
687cf47411e2d37afc699897509de16267fba7412eeb15096ba5951e8bd832c0126bc2282c95992e220b106062d8896eb4bfe2c2f4a33abc1b0daeec8fe5333c

Download Submit
C:\Windows\System\omOPayt.exe

Filesize
3.1MB

MD5
002a581ed3da78c6ca2469ab409c98ce

SHA1
311c9b82554cb88266fbeffc1a18de510fe8edd4

SHA256
e3b688c810840918c34f0051b6e1e1cca74edce53c8826e95bd3e8ae9b26be53

SHA512
1b27fd5dc9b0c8bf15b5119daccf79a239f40575f894d50901769a60947b378c15677ac2f6de779b7ff3533638c456f03b97aa9beacd6af5d94e4b7deec63a7c

Download Submit
C:\Windows\System\pxgxJWv.exe

Filesize
3.1MB

MD5
1dc1439e64dd4d9597b3e4387c400999

SHA1
c6914794db31ae78760c90239d75119d06e07d42

SHA256
03ae178057b9673a82ce2d5a985b7ee251e15801d2797193dcee21ea586b089e

SHA512
0db4ef932325613f3596f3b89f09439f696cf86a9a48eb1d9df6bf7a15c05340d00590806a59b66d936aed5f6acda3c6e25c66412293f9b3e250c6107df9fe27

Download Submit
C:\Windows\System\qHXmVgf.exe

Filesize
3.1MB

MD5
e0c83e5cad2393b35c97fcf2a4ce81b6

SHA1
edefc62ded1cd544e33463d9a12087176dc441e4

SHA256
1635f30e20691aba03fa51052ae0ea773f3e7a92a184bd0e566906731ff279cc

SHA512
fef9017a51c1f5764fce5e2adfb6356b12b7911f5d510f4ae1ef624fcea3040311d80a41bb2d7b4e3c254df95deb920809b5bbad77cec15f833f9f898b4bb63f

Download Submit
C:\Windows\System\skwyCwp.exe

Filesize
3.1MB

MD5
20fea29e085b4a2ab40a34568c8aa61c

SHA1
d35eb6eaa1a1c27cb24e5a3082959fa2ac347357

SHA256
5e659ded9e6e66443721992c5d6ee4c421377c83919f2f3f631ab5fe9766a458

SHA512
d2933556ea667f0484c5560d728bde41b5f9fd039122da0746c2fbcc108923086517bdec7f31f77176aa02fc8d63329d500ffe5df01850bc9e059d223d139f46

Download Submit
C:\Windows\System\szHisWt.exe

Filesize
3.1MB

MD5
586ecf3dadfdb11c99b63830bec49195

SHA1
2cf21a3a98135968c65646aecb018e7f5c4b4287

SHA256
132207481aa2d22129a316e902062d0633ce1555fdb96da83393320b1369dc20

SHA512
f9c2b8e910b32569ed3046a61903025943af77f738776d5cf69d55f5942c8152bbf244bb1e3c053021e494f0528834abf3b0eb5a21123d3b41370da87731310b

Download Submit
C:\Windows\System\tuPzapb.exe

Filesize
3.1MB

MD5
48cf940a8804244f32d06e9f82389561

SHA1
4daabe6a74857088a37f550b6d901ae318da8325

SHA256
db14ead74938f67c7ea00d540ed9523d4064b6dba578e50c5c212babe3162695

SHA512
aff7612c62bd7536f01feabf5a5c2c0cfbb9b057fb016ca789a8e3c1e7400d5994e4ef0cb84b68f8b060e95f5fbadd16ad5b197acc70feaca62540f76718cf13

Download Submit
C:\Windows\System\ubGGDCE.exe

Filesize
3.1MB

MD5
6b91eaa279712374006cf2b0e4504a3e

SHA1
c718d25dee567ac7051796715ba80a818e7557ce

SHA256
4c4791efb18b416bb69da932e207e368ae5468f22d3a7e27b76f9334a285072c

SHA512
5437821586719e3fc0235ebbc02edb52d2cd5ef425f1353f6bbca1ef4b359ff23ddd6c295271045bee4480da2d1e107df9ec5848a8ee50745445cf52f5e71fac

Download Submit
C:\Windows\System\wYLiVKd.exe

Filesize
3.1MB

MD5
3566b643f4782aa6ea6e976a3c97e2de

SHA1
c7b5ba96e29419b57c8133dde493114fb3d03c81

SHA256
f3dcde10a0824882c2b2bde69674fd17a5cd3a2536c95bb468f44a52d7b38379

SHA512
c35f69f6af686dd2bcf1e511480738254bcaa02513270adb658096abf3780094e2c3100e9bf1fc7a755e26cf118ae37a678dc28482a7d2e46c69fd17d8c70234

Download Submit
C:\Windows\System\yoJxbkO.exe

Filesize
3.1MB

MD5
be6f019d7a0bfd160a324076a5d75551

SHA1
d7b2c7ae8977a2228d710ea6337271e6a237beab

SHA256
6a95897753430ea99d162573ab3ba2e445cfa51fad2b67f9a3650cf038ce1990

SHA512
cbe1a0dae1e675886f8400483b5db07702f4b23ce84c46079a12cd40ae2d5def93d3a1941274b6f3729b86fa384609595ec8aa4b19dd2e22f0e8bc9879996f01

Download Submit
C:\Windows\System\zbnHNUB.exe

Filesize
3.1MB

MD5
e277287c16c81d51ceeb8967e0623550

SHA1
db10b06a2c9dbf3994be9d89cf94f2626f997804

SHA256
6c449170abd7026e22f0f86855dcf919169a9dac78d75a161b2727a68b90a9dd

SHA512
107f02f867ee9b44ddf947f250ddf79e45eb44f61a223fd467355683487ddd8e6235b9c6b6aef85caeeff5a98b67ef55ea1527c0215e5b36fb0ac84109fa7418

Download Submit
memory/396-93-0x00007FF66C3E0000-0x00007FF66C7D6000-memory.dmp

Filesize
4.0MB

Download
memory/396-1901-0x00007FF66C3E0000-0x00007FF66C7D6000-memory.dmp

Filesize
4.0MB

Download
memory/400-1895-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp

Filesize
4.0MB

Download
memory/400-68-0x00007FF6CABC0000-0x00007FF6CAFB6000-memory.dmp

Filesize
4.0MB

Download
memory/812-1906-0x00007FF65C4C0000-0x00007FF65C8B6000-memory.dmp

Filesize
4.0MB

Download
memory/812-734-0x00007FF65C4C0000-0x00007FF65C8B6000-memory.dmp

Filesize
4.0MB

Download
memory/916-1894-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp

Filesize
4.0MB

Download
memory/916-62-0x00007FF615F00000-0x00007FF6162F6000-memory.dmp

Filesize
4.0MB

Download
memory/996-733-0x00007FF6203E0000-0x00007FF6207D6000-memory.dmp

Filesize
4.0MB

Download
memory/996-1905-0x00007FF6203E0000-0x00007FF6207D6000-memory.dmp

Filesize
4.0MB

Download
memory/1020-0-0x00007FF600970000-0x00007FF600D66000-memory.dmp

Filesize
4.0MB

Download
memory/1020-1-0x000002CC2A1A0000-0x000002CC2A1B0000-memory.dmp

Filesize
64KB

Download
memory/1428-80-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp

Filesize
4.0MB

Download
memory/1428-1892-0x00007FF68C700000-0x00007FF68CAF6000-memory.dmp

Filesize
4.0MB

Download
memory/1760-1907-0x00007FF728010000-0x00007FF728406000-memory.dmp

Filesize
4.0MB

Download
memory/1760-736-0x00007FF728010000-0x00007FF728406000-memory.dmp

Filesize
4.0MB

Download
memory/1912-1893-0x00007FF638190000-0x00007FF638586000-memory.dmp

Filesize
4.0MB

Download
memory/1912-86-0x00007FF638190000-0x00007FF638586000-memory.dmp

Filesize
4.0MB

Download
memory/1972-1899-0x00007FF6C1A40000-0x00007FF6C1E36000-memory.dmp

Filesize
4.0MB

Download
memory/1972-78-0x00007FF6C1A40000-0x00007FF6C1E36000-memory.dmp

Filesize
4.0MB

Download
memory/2076-1908-0x00007FF6B6040000-0x00007FF6B6436000-memory.dmp

Filesize
4.0MB

Download
memory/2076-735-0x00007FF6B6040000-0x00007FF6B6436000-memory.dmp

Filesize
4.0MB

Download
memory/2160-740-0x00007FF7EAD90000-0x00007FF7EB186000-memory.dmp

Filesize
4.0MB

Download
memory/2160-1912-0x00007FF7EAD90000-0x00007FF7EB186000-memory.dmp

Filesize
4.0MB

Download
memory/2208-97-0x00007FF7B0DA0000-0x00007FF7B1196000-memory.dmp

Filesize
4.0MB

Download
memory/2208-1902-0x00007FF7B0DA0000-0x00007FF7B1196000-memory.dmp

Filesize
4.0MB

Download
memory/2340-99-0x00007FF7ACBE0000-0x00007FF7ACFD6000-memory.dmp

Filesize
4.0MB

Download
memory/2340-1904-0x00007FF7ACBE0000-0x00007FF7ACFD6000-memory.dmp

Filesize
4.0MB

Download
memory/2360-737-0x00007FF651480000-0x00007FF651876000-memory.dmp

Filesize
4.0MB

Download
memory/2360-1909-0x00007FF651480000-0x00007FF651876000-memory.dmp

Filesize
4.0MB

Download
memory/2420-1898-0x00007FF7B10F0000-0x00007FF7B14E6000-memory.dmp

Filesize
4.0MB

Download
memory/2420-90-0x00007FF7B10F0000-0x00007FF7B14E6000-memory.dmp

Filesize
4.0MB

Download
memory/2964-1903-0x00007FF6F1A40000-0x00007FF6F1E36000-memory.dmp

Filesize
4.0MB

Download
memory/2964-98-0x00007FF6F1A40000-0x00007FF6F1E36000-memory.dmp

Filesize
4.0MB

Download
memory/2988-75-0x00007FF763C80000-0x00007FF764076000-memory.dmp

Filesize
4.0MB

Download
memory/2988-1897-0x00007FF763C80000-0x00007FF764076000-memory.dmp

Filesize
4.0MB

Download
memory/3012-741-0x00007FF68FB40000-0x00007FF68FF36000-memory.dmp

Filesize
4.0MB

Download
memory/3012-1913-0x00007FF68FB40000-0x00007FF68FF36000-memory.dmp

Filesize
4.0MB

Download
memory/3052-71-0x00007FF65A880000-0x00007FF65AC76000-memory.dmp

Filesize
4.0MB

Download
memory/3052-1896-0x00007FF65A880000-0x00007FF65AC76000-memory.dmp

Filesize
4.0MB

Download
memory/3096-51-0x00000270CCF20000-0x00000270CCF42000-memory.dmp

Filesize
136KB

Download
memory/3096-1889-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

Filesize
10.8MB

Download
memory/3096-12-0x00007FF8B1453000-0x00007FF8B1455000-memory.dmp

Filesize
8KB

Download
memory/3096-30-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

Filesize
10.8MB

Download
memory/3096-53-0x00007FF8B1450000-0x00007FF8B1F11000-memory.dmp

Filesize
10.8MB

Download
memory/3328-1910-0x00007FF6C9390000-0x00007FF6C9786000-memory.dmp

Filesize
4.0MB

Download
memory/3328-738-0x00007FF6C9390000-0x00007FF6C9786000-memory.dmp

Filesize
4.0MB

Download
memory/3760-1911-0x00007FF744520000-0x00007FF744916000-memory.dmp

Filesize
4.0MB

Download
memory/3760-739-0x00007FF744520000-0x00007FF744916000-memory.dmp

Filesize
4.0MB

Download
memory/4568-742-0x00007FF7A5FE0000-0x00007FF7A63D6000-memory.dmp

Filesize
4.0MB

Download
memory/4568-1914-0x00007FF7A5FE0000-0x00007FF7A63D6000-memory.dmp

Filesize
4.0MB

Download
memory/4980-1890-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp

Filesize
4.0MB

Download
memory/4980-1891-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp

Filesize
4.0MB

Download
memory/4980-11-0x00007FF7CFFE0000-0x00007FF7D03D6000-memory.dmp

Filesize
4.0MB

Download
memory/5060-1900-0x00007FF7195F0000-0x00007FF7199E6000-memory.dmp

Filesize
4.0MB

Download
memory/5060-96-0x00007FF7195F0000-0x00007FF7199E6000-memory.dmp

Filesize
4.0MB

Download