xmrig | e2c38b6fa71acff3dbc15b6b37285b16d283afb8be1fa914a2480efae1ae2987

Analysis

max time kernel
125s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
Size

2.8MB
MD5

e2ed6c686341dba8e3486bd7b50037c0
SHA1

261aa5bb77ef6fef4a76f3c8ec2c374eeb1e827d
SHA256

e2c38b6fa71acff3dbc15b6b37285b16d283afb8be1fa914a2480efae1ae2987
SHA512

49313152e435f52512a35567796838deeeb9f6c4d457b589a5cfe65321c97c02b962ade73b318f4da97e98dc4ade5a3b16c4919078308bcec201af905b3e57cb
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdgIZohtei:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R1

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2912-0-0x00007FF7C5420000-0x00007FF7C5816000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b8f-9.dat	xmrig
behavioral2/files/0x000b000000023b8b-15.dat	xmrig
behavioral2/files/0x000a000000023b90-21.dat	xmrig
behavioral2/files/0x000a000000023b91-28.dat	xmrig
behavioral2/files/0x000a000000023b92-50.dat	xmrig
behavioral2/files/0x000b000000023b94-60.dat	xmrig
behavioral2/memory/4524-61-0x00007FF7E5590000-0x00007FF7E5986000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b93-72.dat	xmrig
behavioral2/memory/2104-77-0x00007FF7524E0000-0x00007FF7528D6000-memory.dmp	xmrig
behavioral2/memory/4188-79-0x00007FF6E1150000-0x00007FF6E1546000-memory.dmp	xmrig
behavioral2/memory/2708-81-0x00007FF7F07D0000-0x00007FF7F0BC6000-memory.dmp	xmrig
behavioral2/memory/4592-80-0x00007FF6DE020000-0x00007FF6DE416000-memory.dmp	xmrig
behavioral2/memory/3300-78-0x00007FF7B0270000-0x00007FF7B0666000-memory.dmp	xmrig
behavioral2/memory/1972-76-0x00007FF68DBD0000-0x00007FF68DFC6000-memory.dmp	xmrig
behavioral2/files/0x000b000000023b95-74.dat	xmrig
behavioral2/files/0x000a000000023b97-67.dat	xmrig
behavioral2/memory/2684-66-0x00007FF619720000-0x00007FF619B16000-memory.dmp	xmrig
behavioral2/files/0x000a000000023b96-58.dat	xmrig
behavioral2/memory/2228-54-0x00007FF687070000-0x00007FF687466000-memory.dmp	xmrig
behavioral2/memory/2460-49-0x00007FF661D60000-0x00007FF662156000-memory.dmp	xmrig
behavioral2/memory/908-10-0x00007FF723970000-0x00007FF723D66000-memory.dmp	xmrig
behavioral2/files/0x000e000000023b87-6.dat	xmrig
behavioral2/files/0x000a000000023b98-113.dat	xmrig
behavioral2/files/0x000a000000023ba5-148.dat	xmrig
behavioral2/memory/4756-155-0x00007FF73C4B0000-0x00007FF73C8A6000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb0-167.dat	xmrig
behavioral2/files/0x0031000000023bb5-197.dat	xmrig
behavioral2/files/0x000a000000023bb8-203.dat	xmrig
behavioral2/files/0x0031000000023bb4-206.dat	xmrig
behavioral2/files/0x000a000000023bba-222.dat	xmrig
behavioral2/files/0x000a000000023bbd-238.dat	xmrig
behavioral2/memory/3684-243-0x00007FF69DD50000-0x00007FF69E146000-memory.dmp	xmrig
behavioral2/memory/3188-254-0x00007FF79A3F0000-0x00007FF79A7E6000-memory.dmp	xmrig
behavioral2/memory/2696-255-0x00007FF65DF50000-0x00007FF65E346000-memory.dmp	xmrig
behavioral2/memory/3172-247-0x00007FF7620B0000-0x00007FF7624A6000-memory.dmp	xmrig
behavioral2/memory/1828-239-0x00007FF748250000-0x00007FF748646000-memory.dmp	xmrig
behavioral2/memory/2124-233-0x00007FF74EBA0000-0x00007FF74EF96000-memory.dmp	xmrig
behavioral2/memory/4548-217-0x00007FF6FD770000-0x00007FF6FDB66000-memory.dmp	xmrig
behavioral2/memory/3856-204-0x00007FF6CA7D0000-0x00007FF6CABC6000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bb1-198.dat	xmrig
behavioral2/memory/1200-189-0x00007FF6AFE70000-0x00007FF6B0266000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bad-177.dat	xmrig
behavioral2/files/0x000a000000023ba3-171.dat	xmrig
behavioral2/memory/4836-168-0x00007FF68F720000-0x00007FF68FB16000-memory.dmp	xmrig
behavioral2/files/0x000a000000023baa-175.dat	xmrig
behavioral2/memory/3748-152-0x00007FF6390E0000-0x00007FF6394D6000-memory.dmp	xmrig
behavioral2/files/0x000a000000023bc3-371.dat	xmrig
behavioral2/files/0x0008000000023c61-378.dat	xmrig
behavioral2/files/0x0016000000023c79-393.dat	xmrig
behavioral2/files/0x0008000000023c91-401.dat	xmrig
behavioral2/files/0x0008000000023c83-395.dat	xmrig
behavioral2/memory/1392-390-0x00007FF6597F0000-0x00007FF659BE6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c95-425.dat	xmrig
behavioral2/files/0x0007000000023cb3-434.dat	xmrig
behavioral2/files/0x0007000000023cb2-432.dat	xmrig
behavioral2/files/0x0007000000023cb4-441.dat	xmrig
behavioral2/memory/2912-1669-0x00007FF7C5420000-0x00007FF7C5816000-memory.dmp	xmrig
behavioral2/memory/4836-2290-0x00007FF68F720000-0x00007FF68FB16000-memory.dmp	xmrig
behavioral2/memory/3856-2295-0x00007FF6CA7D0000-0x00007FF6CABC6000-memory.dmp	xmrig
behavioral2/memory/1200-2293-0x00007FF6AFE70000-0x00007FF6B0266000-memory.dmp	xmrig
behavioral2/memory/3748-2289-0x00007FF6390E0000-0x00007FF6394D6000-memory.dmp	xmrig
behavioral2/memory/4756-2433-0x00007FF73C4B0000-0x00007FF73C8A6000-memory.dmp	xmrig
behavioral2/memory/4548-2434-0x00007FF6FD770000-0x00007FF6FDB66000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	4844	powershell.exe
10	4844	powershell.exe
12	4844	powershell.exe
13	4844	powershell.exe
15	4844	powershell.exe
26	4844	powershell.exe
27	4844	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4844	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
908	bAqcNWu.exe
3300	DlGCLvF.exe
2460	ulhQGld.exe
2228	IuSbcaZ.exe
4188	BaaaTht.exe
4524	hhcBESh.exe
4592	aHHyVSk.exe
2684	qodvTbq.exe
1972	sWOTQND.exe
2104	FjldXfn.exe
2708	bEZGJlS.exe
3748	igLbZyy.exe
2124	slzEvOo.exe
4756	eSRNMlf.exe
4836	QPtoWwg.exe
1828	JBSZCwL.exe
1200	KUhLwgp.exe
3684	wlADhUH.exe
3856	PdbYXZF.exe
3172	xpNWMma.exe
4548	FmDBikR.exe
3188	JlSxhWb.exe
2696	cMUDFIm.exe
1392	tPxYFjv.exe
4512	OYHMpxc.exe
4628	Qhsfqfu.exe
4064	OXCarUB.exe
5068	YOvTTrz.exe
4376	npriiNU.exe
2712	eUjxzqZ.exe
436	TwwnKHf.exe
3160	QPepOge.exe
4260	QGKRhXq.exe
3972	gtsyPBI.exe
2792	LQOyaJM.exe
2140	OaGyXzf.exe
4220	KRWHaoY.exe
2528	ozgXMJB.exe
3192	OIVOdgs.exe
2160	azzgRGu.exe
2352	ttiXmLy.exe
2744	IkJaPuR.exe
212	irLaurc.exe
4748	piBNmZO.exe
3604	VvpExXq.exe
4952	UNCOsFk.exe
3044	zmiteKw.exe
5084	lpXVIoK.exe
2800	PfCDmWP.exe
5100	FKkhORE.exe
2236	bWulQsr.exe
2464	bpmcdjW.exe
3000	TDTnzmA.exe
4240	CIviJSp.exe
3968	cpOSsVu.exe
3692	kfiPcCJ.exe
2592	QqdyCEN.exe
3992	PbqwpTf.exe
1192	VjbHZgl.exe
5036	EnnPEiB.exe
1576	DevdBOU.exe
3636	bTVdBtu.exe
5044	TIObeTl.exe
4468	RdPSbjk.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2912-0-0x00007FF7C5420000-0x00007FF7C5816000-memory.dmp	upx
behavioral2/files/0x000a000000023b8f-9.dat	upx
behavioral2/files/0x000b000000023b8b-15.dat	upx
behavioral2/files/0x000a000000023b90-21.dat	upx
behavioral2/files/0x000a000000023b91-28.dat	upx
behavioral2/files/0x000a000000023b92-50.dat	upx
behavioral2/files/0x000b000000023b94-60.dat	upx
behavioral2/memory/4524-61-0x00007FF7E5590000-0x00007FF7E5986000-memory.dmp	upx
behavioral2/files/0x000a000000023b93-72.dat	upx
behavioral2/memory/2104-77-0x00007FF7524E0000-0x00007FF7528D6000-memory.dmp	upx
behavioral2/memory/4188-79-0x00007FF6E1150000-0x00007FF6E1546000-memory.dmp	upx
behavioral2/memory/2708-81-0x00007FF7F07D0000-0x00007FF7F0BC6000-memory.dmp	upx
behavioral2/memory/4592-80-0x00007FF6DE020000-0x00007FF6DE416000-memory.dmp	upx
behavioral2/memory/3300-78-0x00007FF7B0270000-0x00007FF7B0666000-memory.dmp	upx
behavioral2/memory/1972-76-0x00007FF68DBD0000-0x00007FF68DFC6000-memory.dmp	upx
behavioral2/files/0x000b000000023b95-74.dat	upx
behavioral2/files/0x000a000000023b97-67.dat	upx
behavioral2/memory/2684-66-0x00007FF619720000-0x00007FF619B16000-memory.dmp	upx
behavioral2/files/0x000a000000023b96-58.dat	upx
behavioral2/memory/2228-54-0x00007FF687070000-0x00007FF687466000-memory.dmp	upx
behavioral2/memory/2460-49-0x00007FF661D60000-0x00007FF662156000-memory.dmp	upx
behavioral2/memory/908-10-0x00007FF723970000-0x00007FF723D66000-memory.dmp	upx
behavioral2/files/0x000e000000023b87-6.dat	upx
behavioral2/files/0x000a000000023b98-113.dat	upx
behavioral2/files/0x000a000000023ba5-148.dat	upx
behavioral2/memory/4756-155-0x00007FF73C4B0000-0x00007FF73C8A6000-memory.dmp	upx
behavioral2/files/0x000a000000023bb0-167.dat	upx
behavioral2/files/0x0031000000023bb5-197.dat	upx
behavioral2/files/0x000a000000023bb8-203.dat	upx
behavioral2/files/0x0031000000023bb4-206.dat	upx
behavioral2/files/0x000a000000023bba-222.dat	upx
behavioral2/files/0x000a000000023bbd-238.dat	upx
behavioral2/memory/3684-243-0x00007FF69DD50000-0x00007FF69E146000-memory.dmp	upx
behavioral2/memory/3188-254-0x00007FF79A3F0000-0x00007FF79A7E6000-memory.dmp	upx
behavioral2/memory/2696-255-0x00007FF65DF50000-0x00007FF65E346000-memory.dmp	upx
behavioral2/memory/3172-247-0x00007FF7620B0000-0x00007FF7624A6000-memory.dmp	upx
behavioral2/memory/1828-239-0x00007FF748250000-0x00007FF748646000-memory.dmp	upx
behavioral2/memory/2124-233-0x00007FF74EBA0000-0x00007FF74EF96000-memory.dmp	upx
behavioral2/memory/4548-217-0x00007FF6FD770000-0x00007FF6FDB66000-memory.dmp	upx
behavioral2/memory/3856-204-0x00007FF6CA7D0000-0x00007FF6CABC6000-memory.dmp	upx
behavioral2/files/0x000a000000023bb1-198.dat	upx
behavioral2/memory/1200-189-0x00007FF6AFE70000-0x00007FF6B0266000-memory.dmp	upx
behavioral2/files/0x000a000000023bad-177.dat	upx
behavioral2/files/0x000a000000023ba3-171.dat	upx
behavioral2/memory/4836-168-0x00007FF68F720000-0x00007FF68FB16000-memory.dmp	upx
behavioral2/files/0x000a000000023baa-175.dat	upx
behavioral2/memory/3748-152-0x00007FF6390E0000-0x00007FF6394D6000-memory.dmp	upx
behavioral2/files/0x000a000000023bc3-371.dat	upx
behavioral2/files/0x0008000000023c61-378.dat	upx
behavioral2/files/0x0016000000023c79-393.dat	upx
behavioral2/files/0x0008000000023c91-401.dat	upx
behavioral2/files/0x0008000000023c83-395.dat	upx
behavioral2/memory/1392-390-0x00007FF6597F0000-0x00007FF659BE6000-memory.dmp	upx
behavioral2/files/0x0008000000023c95-425.dat	upx
behavioral2/files/0x0007000000023cb3-434.dat	upx
behavioral2/files/0x0007000000023cb2-432.dat	upx
behavioral2/files/0x0007000000023cb4-441.dat	upx
behavioral2/memory/2912-1669-0x00007FF7C5420000-0x00007FF7C5816000-memory.dmp	upx
behavioral2/memory/4836-2290-0x00007FF68F720000-0x00007FF68FB16000-memory.dmp	upx
behavioral2/memory/3856-2295-0x00007FF6CA7D0000-0x00007FF6CABC6000-memory.dmp	upx
behavioral2/memory/1200-2293-0x00007FF6AFE70000-0x00007FF6B0266000-memory.dmp	upx
behavioral2/memory/3748-2289-0x00007FF6390E0000-0x00007FF6394D6000-memory.dmp	upx
behavioral2/memory/4756-2433-0x00007FF73C4B0000-0x00007FF73C8A6000-memory.dmp	upx
behavioral2/memory/4548-2434-0x00007FF6FD770000-0x00007FF6FDB66000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OIDWTOj.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\hfCQGOp.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\acLLcik.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\HPhkHGT.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\QNnRudP.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\kfBDdoB.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\WhzHiiQ.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\jVbyIWT.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\odiucHt.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\NPqLEaL.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\zDiYBnt.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\hwgImnt.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\uxwAmvj.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\pxLaGZp.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\BgUylCS.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\uckHOFa.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\UnmmbXv.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\TdmMKBc.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\kqiSyUg.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\jrjuUHX.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\uzKRZzy.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\vIgNFlK.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\OkVpLLX.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\rruWocX.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\UkClaRA.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\rEhHZwp.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\eQQmJnU.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\UqCXuzn.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\BaaaTht.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\SZYXruD.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\TDTnzmA.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\VjbHZgl.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\flBcmnx.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\yaHWmQA.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\NfbSAyx.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\dFIsVGO.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\xqCwRNs.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\JBOAtqD.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\DxxDMzi.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\wnBQBci.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\gBBzxUM.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\AmsDons.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\grLIRWe.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\qIwZGWj.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\YSIjxQD.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\RwgwBkJ.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\TqomjDP.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\NCJZUcv.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\bpmcdjW.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\NPtNTRs.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\YeDwuiF.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\WKZSPNb.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\IPuZWXp.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\umwodKA.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\Ahfpysx.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\lVENRGa.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\qCtInoH.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\GSPOGDl.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\JjNSvCx.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\OYHMpxc.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\awsjfFa.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\ZWqrmGc.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\BLYGFrK.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
File created	C:\Windows\System\TVyVUGv.exe	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4844	powershell.exe
4844	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
Token: SeLockMemoryPrivilege	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
Token: SeDebugPrivilege	4844	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 4844	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	84
PID 2912 wrote to memory of 4844	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	84
PID 2912 wrote to memory of 908	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	85
PID 2912 wrote to memory of 908	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	85
PID 2912 wrote to memory of 3300	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	86
PID 2912 wrote to memory of 3300	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	86
PID 2912 wrote to memory of 2228	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	87
PID 2912 wrote to memory of 2228	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	87
PID 2912 wrote to memory of 2460	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	88
PID 2912 wrote to memory of 2460	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	88
PID 2912 wrote to memory of 4188	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	89
PID 2912 wrote to memory of 4188	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	89
PID 2912 wrote to memory of 4524	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	90
PID 2912 wrote to memory of 4524	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	90
PID 2912 wrote to memory of 4592	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	91
PID 2912 wrote to memory of 4592	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	91
PID 2912 wrote to memory of 2684	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	92
PID 2912 wrote to memory of 2684	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	92
PID 2912 wrote to memory of 1972	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	93
PID 2912 wrote to memory of 1972	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	93
PID 2912 wrote to memory of 2104	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	94
PID 2912 wrote to memory of 2104	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	94
PID 2912 wrote to memory of 2708	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	95
PID 2912 wrote to memory of 2708	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	95
PID 2912 wrote to memory of 3748	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	96
PID 2912 wrote to memory of 3748	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	96
PID 2912 wrote to memory of 2124	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	97
PID 2912 wrote to memory of 2124	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	97
PID 2912 wrote to memory of 4756	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	98
PID 2912 wrote to memory of 4756	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	98
PID 2912 wrote to memory of 4836	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	99
PID 2912 wrote to memory of 4836	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	99
PID 2912 wrote to memory of 1828	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	100
PID 2912 wrote to memory of 1828	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	100
PID 2912 wrote to memory of 1200	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	101
PID 2912 wrote to memory of 1200	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	101
PID 2912 wrote to memory of 3684	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	102
PID 2912 wrote to memory of 3684	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	102
PID 2912 wrote to memory of 3856	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	103
PID 2912 wrote to memory of 3856	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	103
PID 2912 wrote to memory of 3172	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	104
PID 2912 wrote to memory of 3172	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	104
PID 2912 wrote to memory of 4548	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	105
PID 2912 wrote to memory of 4548	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	105
PID 2912 wrote to memory of 3188	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	106
PID 2912 wrote to memory of 3188	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	106
PID 2912 wrote to memory of 2696	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	107
PID 2912 wrote to memory of 2696	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	107
PID 2912 wrote to memory of 1392	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	110
PID 2912 wrote to memory of 1392	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	110
PID 2912 wrote to memory of 4512	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	112
PID 2912 wrote to memory of 4512	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	112
PID 2912 wrote to memory of 4628	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	113
PID 2912 wrote to memory of 4628	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	113
PID 2912 wrote to memory of 4064	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	114
PID 2912 wrote to memory of 4064	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	114
PID 2912 wrote to memory of 5068	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	115
PID 2912 wrote to memory of 5068	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	115
PID 2912 wrote to memory of 4376	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	117
PID 2912 wrote to memory of 4376	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	117
PID 2912 wrote to memory of 2712	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	120
PID 2912 wrote to memory of 2712	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	120
PID 2912 wrote to memory of 436	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	121
PID 2912 wrote to memory of 436	2912	e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe	121

C:\Users\Admin\AppData\Local\Temp\e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\e2ed6c686341dba8e3486bd7b50037c0_NEIKI.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4844
- C:\Windows\System\bAqcNWu.exe
  C:\Windows\System\bAqcNWu.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\DlGCLvF.exe
  C:\Windows\System\DlGCLvF.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\IuSbcaZ.exe
  C:\Windows\System\IuSbcaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ulhQGld.exe
  C:\Windows\System\ulhQGld.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\BaaaTht.exe
  C:\Windows\System\BaaaTht.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\hhcBESh.exe
  C:\Windows\System\hhcBESh.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\aHHyVSk.exe
  C:\Windows\System\aHHyVSk.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\qodvTbq.exe
  C:\Windows\System\qodvTbq.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\sWOTQND.exe
  C:\Windows\System\sWOTQND.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\FjldXfn.exe
  C:\Windows\System\FjldXfn.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\bEZGJlS.exe
  C:\Windows\System\bEZGJlS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\igLbZyy.exe
  C:\Windows\System\igLbZyy.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\slzEvOo.exe
  C:\Windows\System\slzEvOo.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\eSRNMlf.exe
  C:\Windows\System\eSRNMlf.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\QPtoWwg.exe
  C:\Windows\System\QPtoWwg.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\JBSZCwL.exe
  C:\Windows\System\JBSZCwL.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\KUhLwgp.exe
  C:\Windows\System\KUhLwgp.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\wlADhUH.exe
  C:\Windows\System\wlADhUH.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\PdbYXZF.exe
  C:\Windows\System\PdbYXZF.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\xpNWMma.exe
  C:\Windows\System\xpNWMma.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\FmDBikR.exe
  C:\Windows\System\FmDBikR.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\JlSxhWb.exe
  C:\Windows\System\JlSxhWb.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\cMUDFIm.exe
  C:\Windows\System\cMUDFIm.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\tPxYFjv.exe
  C:\Windows\System\tPxYFjv.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\OYHMpxc.exe
  C:\Windows\System\OYHMpxc.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\Qhsfqfu.exe
  C:\Windows\System\Qhsfqfu.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\OXCarUB.exe
  C:\Windows\System\OXCarUB.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\YOvTTrz.exe
  C:\Windows\System\YOvTTrz.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\npriiNU.exe
  C:\Windows\System\npriiNU.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\eUjxzqZ.exe
  C:\Windows\System\eUjxzqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\TwwnKHf.exe
  C:\Windows\System\TwwnKHf.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\QPepOge.exe
  C:\Windows\System\QPepOge.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\QGKRhXq.exe
  C:\Windows\System\QGKRhXq.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\gtsyPBI.exe
  C:\Windows\System\gtsyPBI.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\LQOyaJM.exe
  C:\Windows\System\LQOyaJM.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\OaGyXzf.exe
  C:\Windows\System\OaGyXzf.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\KRWHaoY.exe
  C:\Windows\System\KRWHaoY.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\ozgXMJB.exe
  C:\Windows\System\ozgXMJB.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\OIVOdgs.exe
  C:\Windows\System\OIVOdgs.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\azzgRGu.exe
  C:\Windows\System\azzgRGu.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\ttiXmLy.exe
  C:\Windows\System\ttiXmLy.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\IkJaPuR.exe
  C:\Windows\System\IkJaPuR.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\irLaurc.exe
  C:\Windows\System\irLaurc.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\piBNmZO.exe
  C:\Windows\System\piBNmZO.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\VvpExXq.exe
  C:\Windows\System\VvpExXq.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\UNCOsFk.exe
  C:\Windows\System\UNCOsFk.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\zmiteKw.exe
  C:\Windows\System\zmiteKw.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\lpXVIoK.exe
  C:\Windows\System\lpXVIoK.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\PfCDmWP.exe
  C:\Windows\System\PfCDmWP.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\FKkhORE.exe
  C:\Windows\System\FKkhORE.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\bWulQsr.exe
  C:\Windows\System\bWulQsr.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\bpmcdjW.exe
  C:\Windows\System\bpmcdjW.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\TDTnzmA.exe
  C:\Windows\System\TDTnzmA.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\CIviJSp.exe
  C:\Windows\System\CIviJSp.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\cpOSsVu.exe
  C:\Windows\System\cpOSsVu.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\kfiPcCJ.exe
  C:\Windows\System\kfiPcCJ.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\QqdyCEN.exe
  C:\Windows\System\QqdyCEN.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\PbqwpTf.exe
  C:\Windows\System\PbqwpTf.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\VjbHZgl.exe
  C:\Windows\System\VjbHZgl.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\EnnPEiB.exe
  C:\Windows\System\EnnPEiB.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\DevdBOU.exe
  C:\Windows\System\DevdBOU.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\bTVdBtu.exe
  C:\Windows\System\bTVdBtu.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\TIObeTl.exe
  C:\Windows\System\TIObeTl.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\RdPSbjk.exe
  C:\Windows\System\RdPSbjk.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\rruWocX.exe
  C:\Windows\System\rruWocX.exe
  2⤵
  PID:2480
- C:\Windows\System\FSzbOzh.exe
  C:\Windows\System\FSzbOzh.exe
  2⤵
  PID:3420
- C:\Windows\System\SXKSYXs.exe
  C:\Windows\System\SXKSYXs.exe
  2⤵
  PID:5168
- C:\Windows\System\tDtIsSp.exe
  C:\Windows\System\tDtIsSp.exe
  2⤵
  PID:5196
- C:\Windows\System\iFeLHKE.exe
  C:\Windows\System\iFeLHKE.exe
  2⤵
  PID:5224
- C:\Windows\System\DPAAkFb.exe
  C:\Windows\System\DPAAkFb.exe
  2⤵
  PID:5244
- C:\Windows\System\sGukxfc.exe
  C:\Windows\System\sGukxfc.exe
  2⤵
  PID:5272
- C:\Windows\System\zxcwNYZ.exe
  C:\Windows\System\zxcwNYZ.exe
  2⤵
  PID:5300
- C:\Windows\System\WsbMsDu.exe
  C:\Windows\System\WsbMsDu.exe
  2⤵
  PID:5324
- C:\Windows\System\sAjhNMN.exe
  C:\Windows\System\sAjhNMN.exe
  2⤵
  PID:5356
- C:\Windows\System\QGlvygF.exe
  C:\Windows\System\QGlvygF.exe
  2⤵
  PID:5392
- C:\Windows\System\BFuOGzK.exe
  C:\Windows\System\BFuOGzK.exe
  2⤵
  PID:5408
- C:\Windows\System\qzNGTMt.exe
  C:\Windows\System\qzNGTMt.exe
  2⤵
  PID:5436
- C:\Windows\System\uzxLQTu.exe
  C:\Windows\System\uzxLQTu.exe
  2⤵
  PID:5452
- C:\Windows\System\rrMXdPn.exe
  C:\Windows\System\rrMXdPn.exe
  2⤵
  PID:5504
- C:\Windows\System\mgyafBI.exe
  C:\Windows\System\mgyafBI.exe
  2⤵
  PID:5532
- C:\Windows\System\tyewLsM.exe
  C:\Windows\System\tyewLsM.exe
  2⤵
  PID:5560
- C:\Windows\System\nTviRXt.exe
  C:\Windows\System\nTviRXt.exe
  2⤵
  PID:5576
- C:\Windows\System\gTgWCNt.exe
  C:\Windows\System\gTgWCNt.exe
  2⤵
  PID:5616
- C:\Windows\System\GkBQJfa.exe
  C:\Windows\System\GkBQJfa.exe
  2⤵
  PID:5644
- C:\Windows\System\qFMTKdl.exe
  C:\Windows\System\qFMTKdl.exe
  2⤵
  PID:5676
- C:\Windows\System\bXrkaOb.exe
  C:\Windows\System\bXrkaOb.exe
  2⤵
  PID:5700
- C:\Windows\System\LXOmLct.exe
  C:\Windows\System\LXOmLct.exe
  2⤵
  PID:5728
- C:\Windows\System\PZPDMUY.exe
  C:\Windows\System\PZPDMUY.exe
  2⤵
  PID:5756
- C:\Windows\System\FiLGaKa.exe
  C:\Windows\System\FiLGaKa.exe
  2⤵
  PID:5780
- C:\Windows\System\BFlSiOv.exe
  C:\Windows\System\BFlSiOv.exe
  2⤵
  PID:5816
- C:\Windows\System\sBNSRsD.exe
  C:\Windows\System\sBNSRsD.exe
  2⤵
  PID:5832
- C:\Windows\System\xoUnRPB.exe
  C:\Windows\System\xoUnRPB.exe
  2⤵
  PID:5872
- C:\Windows\System\GZLXXDs.exe
  C:\Windows\System\GZLXXDs.exe
  2⤵
  PID:5888
- C:\Windows\System\PhqXhLL.exe
  C:\Windows\System\PhqXhLL.exe
  2⤵
  PID:5916
- C:\Windows\System\yLIDiFU.exe
  C:\Windows\System\yLIDiFU.exe
  2⤵
  PID:5952
- C:\Windows\System\VzYbbYg.exe
  C:\Windows\System\VzYbbYg.exe
  2⤵
  PID:5972
- C:\Windows\System\xiqkyWN.exe
  C:\Windows\System\xiqkyWN.exe
  2⤵
  PID:6012
- C:\Windows\System\aLLVOrr.exe
  C:\Windows\System\aLLVOrr.exe
  2⤵
  PID:6040
- C:\Windows\System\FYgXiRe.exe
  C:\Windows\System\FYgXiRe.exe
  2⤵
  PID:6068
- C:\Windows\System\YxzARxt.exe
  C:\Windows\System\YxzARxt.exe
  2⤵
  PID:6096
- C:\Windows\System\QMCYASc.exe
  C:\Windows\System\QMCYASc.exe
  2⤵
  PID:6116
- C:\Windows\System\EWlQAxO.exe
  C:\Windows\System\EWlQAxO.exe
  2⤵
  PID:6140
- C:\Windows\System\clTMyeM.exe
  C:\Windows\System\clTMyeM.exe
  2⤵
  PID:5160
- C:\Windows\System\CukUUus.exe
  C:\Windows\System\CukUUus.exe
  2⤵
  PID:5256
- C:\Windows\System\HqGMSWd.exe
  C:\Windows\System\HqGMSWd.exe
  2⤵
  PID:5340
- C:\Windows\System\NBnmYYg.exe
  C:\Windows\System\NBnmYYg.exe
  2⤵
  PID:5388
- C:\Windows\System\MBCbFHA.exe
  C:\Windows\System\MBCbFHA.exe
  2⤵
  PID:5428
- C:\Windows\System\UKvoIhV.exe
  C:\Windows\System\UKvoIhV.exe
  2⤵
  PID:5544
- C:\Windows\System\bvhlpoC.exe
  C:\Windows\System\bvhlpoC.exe
  2⤵
  PID:5588
- C:\Windows\System\kwWklLT.exe
  C:\Windows\System\kwWklLT.exe
  2⤵
  PID:5668
- C:\Windows\System\QLlzNEl.exe
  C:\Windows\System\QLlzNEl.exe
  2⤵
  PID:5748
- C:\Windows\System\IQEPACv.exe
  C:\Windows\System\IQEPACv.exe
  2⤵
  PID:5800
- C:\Windows\System\VmIahos.exe
  C:\Windows\System\VmIahos.exe
  2⤵
  PID:5868
- C:\Windows\System\bjxamrB.exe
  C:\Windows\System\bjxamrB.exe
  2⤵
  PID:5928
- C:\Windows\System\DiRGbXO.exe
  C:\Windows\System\DiRGbXO.exe
  2⤵
  PID:6008
- C:\Windows\System\TdmMKBc.exe
  C:\Windows\System\TdmMKBc.exe
  2⤵
  PID:6064
- C:\Windows\System\hCnexIk.exe
  C:\Windows\System\hCnexIk.exe
  2⤵
  PID:6132
- C:\Windows\System\WWNmRNH.exe
  C:\Windows\System\WWNmRNH.exe
  2⤵
  PID:5316
- C:\Windows\System\bjvtPpp.exe
  C:\Windows\System\bjvtPpp.exe
  2⤵
  PID:5448
- C:\Windows\System\VsNVAup.exe
  C:\Windows\System\VsNVAup.exe
  2⤵
  PID:5612
- C:\Windows\System\QjMTgxm.exe
  C:\Windows\System\QjMTgxm.exe
  2⤵
  PID:5776
- C:\Windows\System\CPIQzjR.exe
  C:\Windows\System\CPIQzjR.exe
  2⤵
  PID:5904
- C:\Windows\System\IcmHLRs.exe
  C:\Windows\System\IcmHLRs.exe
  2⤵
  PID:6124
- C:\Windows\System\xUPvUqX.exe
  C:\Windows\System\xUPvUqX.exe
  2⤵
  PID:5208
- C:\Windows\System\OHlACbr.exe
  C:\Windows\System\OHlACbr.exe
  2⤵
  PID:5524
- C:\Windows\System\NPqLEaL.exe
  C:\Windows\System\NPqLEaL.exe
  2⤵
  PID:6036
- C:\Windows\System\klXhdfQ.exe
  C:\Windows\System\klXhdfQ.exe
  2⤵
  PID:6080
- C:\Windows\System\YpZVGIP.exe
  C:\Windows\System\YpZVGIP.exe
  2⤵
  PID:5824
- C:\Windows\System\nvXiQGc.exe
  C:\Windows\System\nvXiQGc.exe
  2⤵
  PID:6168
- C:\Windows\System\CeLJSMm.exe
  C:\Windows\System\CeLJSMm.exe
  2⤵
  PID:6196
- C:\Windows\System\XpTlcqa.exe
  C:\Windows\System\XpTlcqa.exe
  2⤵
  PID:6228
- C:\Windows\System\tbSXNOZ.exe
  C:\Windows\System\tbSXNOZ.exe
  2⤵
  PID:6252
- C:\Windows\System\NPtNTRs.exe
  C:\Windows\System\NPtNTRs.exe
  2⤵
  PID:6268
- C:\Windows\System\VnOSHnZ.exe
  C:\Windows\System\VnOSHnZ.exe
  2⤵
  PID:6296
- C:\Windows\System\zygZPwv.exe
  C:\Windows\System\zygZPwv.exe
  2⤵
  PID:6328
- C:\Windows\System\bCDrwbS.exe
  C:\Windows\System\bCDrwbS.exe
  2⤵
  PID:6352
- C:\Windows\System\hfCQGOp.exe
  C:\Windows\System\hfCQGOp.exe
  2⤵
  PID:6380
- C:\Windows\System\CxlekMt.exe
  C:\Windows\System\CxlekMt.exe
  2⤵
  PID:6416
- C:\Windows\System\nlwUHYe.exe
  C:\Windows\System\nlwUHYe.exe
  2⤵
  PID:6452
- C:\Windows\System\iMbMdMV.exe
  C:\Windows\System\iMbMdMV.exe
  2⤵
  PID:6472
- C:\Windows\System\DQPCzTE.exe
  C:\Windows\System\DQPCzTE.exe
  2⤵
  PID:6512
- C:\Windows\System\OVgcfiV.exe
  C:\Windows\System\OVgcfiV.exe
  2⤵
  PID:6528
- C:\Windows\System\uxFeCXC.exe
  C:\Windows\System\uxFeCXC.exe
  2⤵
  PID:6568
- C:\Windows\System\jbLtRTK.exe
  C:\Windows\System\jbLtRTK.exe
  2⤵
  PID:6584
- C:\Windows\System\qSpZEsz.exe
  C:\Windows\System\qSpZEsz.exe
  2⤵
  PID:6600
- C:\Windows\System\xRhumxd.exe
  C:\Windows\System\xRhumxd.exe
  2⤵
  PID:6640
- C:\Windows\System\LNQyGqT.exe
  C:\Windows\System\LNQyGqT.exe
  2⤵
  PID:6668
- C:\Windows\System\cKiwAre.exe
  C:\Windows\System\cKiwAre.exe
  2⤵
  PID:6708
- C:\Windows\System\VJciWUW.exe
  C:\Windows\System\VJciWUW.exe
  2⤵
  PID:6736
- C:\Windows\System\GmaeWDn.exe
  C:\Windows\System\GmaeWDn.exe
  2⤵
  PID:6788
- C:\Windows\System\fkdcvsL.exe
  C:\Windows\System\fkdcvsL.exe
  2⤵
  PID:6804
- C:\Windows\System\TkUXAIn.exe
  C:\Windows\System\TkUXAIn.exe
  2⤵
  PID:6832
- C:\Windows\System\NmAvVkn.exe
  C:\Windows\System\NmAvVkn.exe
  2⤵
  PID:6860
- C:\Windows\System\pBSKXDK.exe
  C:\Windows\System\pBSKXDK.exe
  2⤵
  PID:6876
- C:\Windows\System\JKAnZuP.exe
  C:\Windows\System\JKAnZuP.exe
  2⤵
  PID:6920
- C:\Windows\System\qXDKnnn.exe
  C:\Windows\System\qXDKnnn.exe
  2⤵
  PID:6944
- C:\Windows\System\rdWgAox.exe
  C:\Windows\System\rdWgAox.exe
  2⤵
  PID:6972
- C:\Windows\System\UkClaRA.exe
  C:\Windows\System\UkClaRA.exe
  2⤵
  PID:6988
- C:\Windows\System\qRihwmQ.exe
  C:\Windows\System\qRihwmQ.exe
  2⤵
  PID:7028
- C:\Windows\System\BflnVOf.exe
  C:\Windows\System\BflnVOf.exe
  2⤵
  PID:7060
- C:\Windows\System\UPAzimw.exe
  C:\Windows\System\UPAzimw.exe
  2⤵
  PID:7084
- C:\Windows\System\WGdmdkz.exe
  C:\Windows\System\WGdmdkz.exe
  2⤵
  PID:7100
- C:\Windows\System\NgqpPXb.exe
  C:\Windows\System\NgqpPXb.exe
  2⤵
  PID:7128
- C:\Windows\System\qySIdcf.exe
  C:\Windows\System\qySIdcf.exe
  2⤵
  PID:6152
- C:\Windows\System\NmVXarN.exe
  C:\Windows\System\NmVXarN.exe
  2⤵
  PID:6208
- C:\Windows\System\djTbiup.exe
  C:\Windows\System\djTbiup.exe
  2⤵
  PID:6288
- C:\Windows\System\zxTxSTn.exe
  C:\Windows\System\zxTxSTn.exe
  2⤵
  PID:6344
- C:\Windows\System\NNdFDEb.exe
  C:\Windows\System\NNdFDEb.exe
  2⤵
  PID:6444
- C:\Windows\System\vRzUagr.exe
  C:\Windows\System\vRzUagr.exe
  2⤵
  PID:6504
- C:\Windows\System\gDNUBIk.exe
  C:\Windows\System\gDNUBIk.exe
  2⤵
  PID:6540
- C:\Windows\System\xIWattl.exe
  C:\Windows\System\xIWattl.exe
  2⤵
  PID:6560
- C:\Windows\System\RgSxxSc.exe
  C:\Windows\System\RgSxxSc.exe
  2⤵
  PID:6692
- C:\Windows\System\HrNrVvz.exe
  C:\Windows\System\HrNrVvz.exe
  2⤵
  PID:6716
- C:\Windows\System\YeDwuiF.exe
  C:\Windows\System\YeDwuiF.exe
  2⤵
  PID:6800
- C:\Windows\System\WqvzKGO.exe
  C:\Windows\System\WqvzKGO.exe
  2⤵
  PID:6908
- C:\Windows\System\mDQeIBW.exe
  C:\Windows\System\mDQeIBW.exe
  2⤵
  PID:6940
- C:\Windows\System\vPEsNGN.exe
  C:\Windows\System\vPEsNGN.exe
  2⤵
  PID:7068
- C:\Windows\System\oLRBPoo.exe
  C:\Windows\System\oLRBPoo.exe
  2⤵
  PID:7164
- C:\Windows\System\miTJnjz.exe
  C:\Windows\System\miTJnjz.exe
  2⤵
  PID:6464
- C:\Windows\System\zscWJAO.exe
  C:\Windows\System\zscWJAO.exe
  2⤵
  PID:6524
- C:\Windows\System\BandcAn.exe
  C:\Windows\System\BandcAn.exe
  2⤵
  PID:6656
- C:\Windows\System\DDtGggV.exe
  C:\Windows\System\DDtGggV.exe
  2⤵
  PID:6928
- C:\Windows\System\znJeYVm.exe
  C:\Windows\System\znJeYVm.exe
  2⤵
  PID:7000
- C:\Windows\System\pRAoQtP.exe
  C:\Windows\System\pRAoQtP.exe
  2⤵
  PID:5792
- C:\Windows\System\ITEIdHs.exe
  C:\Windows\System\ITEIdHs.exe
  2⤵
  PID:7176
- C:\Windows\System\zzFkiNE.exe
  C:\Windows\System\zzFkiNE.exe
  2⤵
  PID:7200
- C:\Windows\System\XisRoIh.exe
  C:\Windows\System\XisRoIh.exe
  2⤵
  PID:7244
- C:\Windows\System\HypRueF.exe
  C:\Windows\System\HypRueF.exe
  2⤵
  PID:7284
- C:\Windows\System\XROYkuP.exe
  C:\Windows\System\XROYkuP.exe
  2⤵
  PID:7304
- C:\Windows\System\GRCgeTV.exe
  C:\Windows\System\GRCgeTV.exe
  2⤵
  PID:7328
- C:\Windows\System\mTqZfDm.exe
  C:\Windows\System\mTqZfDm.exe
  2⤵
  PID:7360
- C:\Windows\System\lxGqmnP.exe
  C:\Windows\System\lxGqmnP.exe
  2⤵
  PID:7400
- C:\Windows\System\AuSqIAp.exe
  C:\Windows\System\AuSqIAp.exe
  2⤵
  PID:7428
- C:\Windows\System\SeMgmjN.exe
  C:\Windows\System\SeMgmjN.exe
  2⤵
  PID:7452
- C:\Windows\System\LsTRVzB.exe
  C:\Windows\System\LsTRVzB.exe
  2⤵
  PID:7472
- C:\Windows\System\FpFQJHJ.exe
  C:\Windows\System\FpFQJHJ.exe
  2⤵
  PID:7504
- C:\Windows\System\HRApQLe.exe
  C:\Windows\System\HRApQLe.exe
  2⤵
  PID:7520
- C:\Windows\System\YthbJar.exe
  C:\Windows\System\YthbJar.exe
  2⤵
  PID:7536
- C:\Windows\System\yROmIxC.exe
  C:\Windows\System\yROmIxC.exe
  2⤵
  PID:7580
- C:\Windows\System\dHaGQIs.exe
  C:\Windows\System\dHaGQIs.exe
  2⤵
  PID:7600
- C:\Windows\System\QqqnyFn.exe
  C:\Windows\System\QqqnyFn.exe
  2⤵
  PID:7620
- C:\Windows\System\neXQnJW.exe
  C:\Windows\System\neXQnJW.exe
  2⤵
  PID:7668
- C:\Windows\System\xnXbVnF.exe
  C:\Windows\System\xnXbVnF.exe
  2⤵
  PID:7712
- C:\Windows\System\StpNAxQ.exe
  C:\Windows\System\StpNAxQ.exe
  2⤵
  PID:7740
- C:\Windows\System\LCIGQWU.exe
  C:\Windows\System\LCIGQWU.exe
  2⤵
  PID:7768
- C:\Windows\System\vuIMBgf.exe
  C:\Windows\System\vuIMBgf.exe
  2⤵
  PID:7796
- C:\Windows\System\ihjhWfF.exe
  C:\Windows\System\ihjhWfF.exe
  2⤵
  PID:7840
- C:\Windows\System\RSjtnwl.exe
  C:\Windows\System\RSjtnwl.exe
  2⤵
  PID:7864
- C:\Windows\System\OQpcMAO.exe
  C:\Windows\System\OQpcMAO.exe
  2⤵
  PID:7904
- C:\Windows\System\RsLULhS.exe
  C:\Windows\System\RsLULhS.exe
  2⤵
  PID:7920
- C:\Windows\System\JHkbyOO.exe
  C:\Windows\System\JHkbyOO.exe
  2⤵
  PID:7936
- C:\Windows\System\PaocTIV.exe
  C:\Windows\System\PaocTIV.exe
  2⤵
  PID:7972
- C:\Windows\System\awsjfFa.exe
  C:\Windows\System\awsjfFa.exe
  2⤵
  PID:8012
- C:\Windows\System\xgvzgXi.exe
  C:\Windows\System\xgvzgXi.exe
  2⤵
  PID:8044
- C:\Windows\System\QLilekg.exe
  C:\Windows\System\QLilekg.exe
  2⤵
  PID:8060
- C:\Windows\System\WfERlWc.exe
  C:\Windows\System\WfERlWc.exe
  2⤵
  PID:8088
- C:\Windows\System\SpXPEKw.exe
  C:\Windows\System\SpXPEKw.exe
  2⤵
  PID:8128
- C:\Windows\System\vRHLpyb.exe
  C:\Windows\System\vRHLpyb.exe
  2⤵
  PID:8156
- C:\Windows\System\tXGpJCp.exe
  C:\Windows\System\tXGpJCp.exe
  2⤵
  PID:8184
- C:\Windows\System\UBIMGzt.exe
  C:\Windows\System\UBIMGzt.exe
  2⤵
  PID:7220
- C:\Windows\System\cQaryTk.exe
  C:\Windows\System\cQaryTk.exe
  2⤵
  PID:7232
- C:\Windows\System\DlpBtqx.exe
  C:\Windows\System\DlpBtqx.exe
  2⤵
  PID:7324
- C:\Windows\System\OcmbZtx.exe
  C:\Windows\System\OcmbZtx.exe
  2⤵
  PID:7380
- C:\Windows\System\jjSMHGM.exe
  C:\Windows\System\jjSMHGM.exe
  2⤵
  PID:7468
- C:\Windows\System\nTYgRiu.exe
  C:\Windows\System\nTYgRiu.exe
  2⤵
  PID:7528
- C:\Windows\System\pgXAiCR.exe
  C:\Windows\System\pgXAiCR.exe
  2⤵
  PID:7616
- C:\Windows\System\MoAQYLI.exe
  C:\Windows\System\MoAQYLI.exe
  2⤵
  PID:7652
- C:\Windows\System\kGlkwzE.exe
  C:\Windows\System\kGlkwzE.exe
  2⤵
  PID:7788
- C:\Windows\System\ktMrupP.exe
  C:\Windows\System\ktMrupP.exe
  2⤵
  PID:7764
- C:\Windows\System\DGQiXnp.exe
  C:\Windows\System\DGQiXnp.exe
  2⤵
  PID:7880
- C:\Windows\System\PnVxpAt.exe
  C:\Windows\System\PnVxpAt.exe
  2⤵
  PID:7932
- C:\Windows\System\bsObfUQ.exe
  C:\Windows\System\bsObfUQ.exe
  2⤵
  PID:7980
- C:\Windows\System\KeDvInh.exe
  C:\Windows\System\KeDvInh.exe
  2⤵
  PID:8076
- C:\Windows\System\aArvmHK.exe
  C:\Windows\System\aArvmHK.exe
  2⤵
  PID:8140
- C:\Windows\System\IytlxcY.exe
  C:\Windows\System\IytlxcY.exe
  2⤵
  PID:8180
- C:\Windows\System\qUPaVbX.exe
  C:\Windows\System\qUPaVbX.exe
  2⤵
  PID:7356
- C:\Windows\System\iiAGCgm.exe
  C:\Windows\System\iiAGCgm.exe
  2⤵
  PID:7488
- C:\Windows\System\ShGfhIX.exe
  C:\Windows\System\ShGfhIX.exe
  2⤵
  PID:7572
- C:\Windows\System\svavtAq.exe
  C:\Windows\System\svavtAq.exe
  2⤵
  PID:7732
- C:\Windows\System\anzmwTP.exe
  C:\Windows\System\anzmwTP.exe
  2⤵
  PID:7888
- C:\Windows\System\PWldFIh.exe
  C:\Windows\System\PWldFIh.exe
  2⤵
  PID:8056
- C:\Windows\System\sYRVlfs.exe
  C:\Windows\System\sYRVlfs.exe
  2⤵
  PID:7212
- C:\Windows\System\TXUMgit.exe
  C:\Windows\System\TXUMgit.exe
  2⤵
  PID:7588
- C:\Windows\System\YwHXaXD.exe
  C:\Windows\System\YwHXaXD.exe
  2⤵
  PID:7892
- C:\Windows\System\AJXWguH.exe
  C:\Windows\System\AJXWguH.exe
  2⤵
  PID:8172
- C:\Windows\System\hdLEmuS.exe
  C:\Windows\System\hdLEmuS.exe
  2⤵
  PID:8120
- C:\Windows\System\IipnQmk.exe
  C:\Windows\System\IipnQmk.exe
  2⤵
  PID:3924
- C:\Windows\System\fWCopSS.exe
  C:\Windows\System\fWCopSS.exe
  2⤵
  PID:8220
- C:\Windows\System\VVhjVRd.exe
  C:\Windows\System\VVhjVRd.exe
  2⤵
  PID:8248
- C:\Windows\System\eblKaRy.exe
  C:\Windows\System\eblKaRy.exe
  2⤵
  PID:8276
- C:\Windows\System\AHOfvtY.exe
  C:\Windows\System\AHOfvtY.exe
  2⤵
  PID:8304
- C:\Windows\System\tbEyfyL.exe
  C:\Windows\System\tbEyfyL.exe
  2⤵
  PID:8336
- C:\Windows\System\yvnaOYk.exe
  C:\Windows\System\yvnaOYk.exe
  2⤵
  PID:8360
- C:\Windows\System\peXELdu.exe
  C:\Windows\System\peXELdu.exe
  2⤵
  PID:8380
- C:\Windows\System\FkGgPfU.exe
  C:\Windows\System\FkGgPfU.exe
  2⤵
  PID:8408
- C:\Windows\System\saOnbcd.exe
  C:\Windows\System\saOnbcd.exe
  2⤵
  PID:8452
- C:\Windows\System\tWWNGyB.exe
  C:\Windows\System\tWWNGyB.exe
  2⤵
  PID:8476
- C:\Windows\System\ozrlKhO.exe
  C:\Windows\System\ozrlKhO.exe
  2⤵
  PID:8504
- C:\Windows\System\tyaPHSp.exe
  C:\Windows\System\tyaPHSp.exe
  2⤵
  PID:8532
- C:\Windows\System\XFaafno.exe
  C:\Windows\System\XFaafno.exe
  2⤵
  PID:8560
- C:\Windows\System\sQvlmzF.exe
  C:\Windows\System\sQvlmzF.exe
  2⤵
  PID:8588
- C:\Windows\System\wteQJNk.exe
  C:\Windows\System\wteQJNk.exe
  2⤵
  PID:8616
- C:\Windows\System\qKCNgDs.exe
  C:\Windows\System\qKCNgDs.exe
  2⤵
  PID:8644
- C:\Windows\System\GslWIjw.exe
  C:\Windows\System\GslWIjw.exe
  2⤵
  PID:8672
- C:\Windows\System\duEeNjJ.exe
  C:\Windows\System\duEeNjJ.exe
  2⤵
  PID:8692
- C:\Windows\System\egFrzBl.exe
  C:\Windows\System\egFrzBl.exe
  2⤵
  PID:8728
- C:\Windows\System\yuyXgMl.exe
  C:\Windows\System\yuyXgMl.exe
  2⤵
  PID:8756
- C:\Windows\System\oxVJsmS.exe
  C:\Windows\System\oxVJsmS.exe
  2⤵
  PID:8784
- C:\Windows\System\VQVQpSa.exe
  C:\Windows\System\VQVQpSa.exe
  2⤵
  PID:8812
- C:\Windows\System\lANLNDZ.exe
  C:\Windows\System\lANLNDZ.exe
  2⤵
  PID:8840
- C:\Windows\System\DjfGRwr.exe
  C:\Windows\System\DjfGRwr.exe
  2⤵
  PID:8876
- C:\Windows\System\TNWeGHf.exe
  C:\Windows\System\TNWeGHf.exe
  2⤵
  PID:8900
- C:\Windows\System\MkbTTEA.exe
  C:\Windows\System\MkbTTEA.exe
  2⤵
  PID:8932
- C:\Windows\System\InFatPi.exe
  C:\Windows\System\InFatPi.exe
  2⤵
  PID:8956
- C:\Windows\System\OFoMDUL.exe
  C:\Windows\System\OFoMDUL.exe
  2⤵
  PID:8984
- C:\Windows\System\efwDgtg.exe
  C:\Windows\System\efwDgtg.exe
  2⤵
  PID:9012
- C:\Windows\System\HMAcJIL.exe
  C:\Windows\System\HMAcJIL.exe
  2⤵
  PID:9040
- C:\Windows\System\xoVDlcB.exe
  C:\Windows\System\xoVDlcB.exe
  2⤵
  PID:9068
- C:\Windows\System\JoNZDFe.exe
  C:\Windows\System\JoNZDFe.exe
  2⤵
  PID:9100
- C:\Windows\System\zytgahe.exe
  C:\Windows\System\zytgahe.exe
  2⤵
  PID:9132
- C:\Windows\System\rarikwd.exe
  C:\Windows\System\rarikwd.exe
  2⤵
  PID:9160
- C:\Windows\System\cNjuPHV.exe
  C:\Windows\System\cNjuPHV.exe
  2⤵
  PID:9188
- C:\Windows\System\bxEEuRN.exe
  C:\Windows\System\bxEEuRN.exe
  2⤵
  PID:7824
- C:\Windows\System\zNiFpre.exe
  C:\Windows\System\zNiFpre.exe
  2⤵
  PID:8244
- C:\Windows\System\CscXYzM.exe
  C:\Windows\System\CscXYzM.exe
  2⤵
  PID:8300
- C:\Windows\System\tUVdbge.exe
  C:\Windows\System\tUVdbge.exe
  2⤵
  PID:8368
- C:\Windows\System\jGDkknR.exe
  C:\Windows\System\jGDkknR.exe
  2⤵
  PID:8396
- C:\Windows\System\QYKyiUP.exe
  C:\Windows\System\QYKyiUP.exe
  2⤵
  PID:8580
- C:\Windows\System\SYVwnOo.exe
  C:\Windows\System\SYVwnOo.exe
  2⤵
  PID:8628
- C:\Windows\System\zvRrzDJ.exe
  C:\Windows\System\zvRrzDJ.exe
  2⤵
  PID:8712
- C:\Windows\System\RVikqBQ.exe
  C:\Windows\System\RVikqBQ.exe
  2⤵
  PID:8748
- C:\Windows\System\IjLSiFJ.exe
  C:\Windows\System\IjLSiFJ.exe
  2⤵
  PID:8824
- C:\Windows\System\KXqHSGU.exe
  C:\Windows\System\KXqHSGU.exe
  2⤵
  PID:8892
- C:\Windows\System\pzlkacM.exe
  C:\Windows\System\pzlkacM.exe
  2⤵
  PID:8968
- C:\Windows\System\vCoMuBX.exe
  C:\Windows\System\vCoMuBX.exe
  2⤵
  PID:9036
- C:\Windows\System\rXqqzLj.exe
  C:\Windows\System\rXqqzLj.exe
  2⤵
  PID:9172
- C:\Windows\System\DBYpYKn.exe
  C:\Windows\System\DBYpYKn.exe
  2⤵
  PID:8232
- C:\Windows\System\TlwyFbJ.exe
  C:\Windows\System\TlwyFbJ.exe
  2⤵
  PID:8288
- C:\Windows\System\adYuyap.exe
  C:\Windows\System\adYuyap.exe
  2⤵
  PID:8392
- C:\Windows\System\cveOHAt.exe
  C:\Windows\System\cveOHAt.exe
  2⤵
  PID:8656
- C:\Windows\System\benTIzT.exe
  C:\Windows\System\benTIzT.exe
  2⤵
  PID:8776
- C:\Windows\System\sTGSSDJ.exe
  C:\Windows\System\sTGSSDJ.exe
  2⤵
  PID:8948
- C:\Windows\System\DHSCDGi.exe
  C:\Windows\System\DHSCDGi.exe
  2⤵
  PID:2204
- C:\Windows\System\YOXXKzZ.exe
  C:\Windows\System\YOXXKzZ.exe
  2⤵
  PID:9032
- C:\Windows\System\mTsxTGF.exe
  C:\Windows\System\mTsxTGF.exe
  2⤵
  PID:964
- C:\Windows\System\SQAqTlu.exe
  C:\Windows\System\SQAqTlu.exe
  2⤵
  PID:4304
- C:\Windows\System\rXuoFfV.exe
  C:\Windows\System\rXuoFfV.exe
  2⤵
  PID:8612
- C:\Windows\System\JjoriWA.exe
  C:\Windows\System\JjoriWA.exe
  2⤵
  PID:8868
- C:\Windows\System\ORDJMXZ.exe
  C:\Windows\System\ORDJMXZ.exe
  2⤵
  PID:3884
- C:\Windows\System\PKeCeFX.exe
  C:\Windows\System\PKeCeFX.exe
  2⤵
  PID:8428
- C:\Windows\System\JWGnvGl.exe
  C:\Windows\System\JWGnvGl.exe
  2⤵
  PID:4668
- C:\Windows\System\YDIVrdz.exe
  C:\Windows\System\YDIVrdz.exe
  2⤵
  PID:4456
- C:\Windows\System\fEcajne.exe
  C:\Windows\System\fEcajne.exe
  2⤵
  PID:9236
- C:\Windows\System\tQthLzN.exe
  C:\Windows\System\tQthLzN.exe
  2⤵
  PID:9264
- C:\Windows\System\zFrzGco.exe
  C:\Windows\System\zFrzGco.exe
  2⤵
  PID:9296
- C:\Windows\System\sOxDjSk.exe
  C:\Windows\System\sOxDjSk.exe
  2⤵
  PID:9324
- C:\Windows\System\AJQIhIX.exe
  C:\Windows\System\AJQIhIX.exe
  2⤵
  PID:9356
- C:\Windows\System\QAOEOja.exe
  C:\Windows\System\QAOEOja.exe
  2⤵
  PID:9384
- C:\Windows\System\YngHhza.exe
  C:\Windows\System\YngHhza.exe
  2⤵
  PID:9408
- C:\Windows\System\jWLeInB.exe
  C:\Windows\System\jWLeInB.exe
  2⤵
  PID:9436
- C:\Windows\System\jdRKLcR.exe
  C:\Windows\System\jdRKLcR.exe
  2⤵
  PID:9464
- C:\Windows\System\ZsPaLtZ.exe
  C:\Windows\System\ZsPaLtZ.exe
  2⤵
  PID:9496
- C:\Windows\System\BkCCZoI.exe
  C:\Windows\System\BkCCZoI.exe
  2⤵
  PID:9520
- C:\Windows\System\srRyAgv.exe
  C:\Windows\System\srRyAgv.exe
  2⤵
  PID:9548
- C:\Windows\System\frxKQYG.exe
  C:\Windows\System\frxKQYG.exe
  2⤵
  PID:9576
- C:\Windows\System\NLVvgEF.exe
  C:\Windows\System\NLVvgEF.exe
  2⤵
  PID:9604
- C:\Windows\System\fpwEKQe.exe
  C:\Windows\System\fpwEKQe.exe
  2⤵
  PID:9636
- C:\Windows\System\NhrARch.exe
  C:\Windows\System\NhrARch.exe
  2⤵
  PID:9660
- C:\Windows\System\pognPyz.exe
  C:\Windows\System\pognPyz.exe
  2⤵
  PID:9688
- C:\Windows\System\YtqcnPt.exe
  C:\Windows\System\YtqcnPt.exe
  2⤵
  PID:9716
- C:\Windows\System\lgJcPfm.exe
  C:\Windows\System\lgJcPfm.exe
  2⤵
  PID:9748
- C:\Windows\System\ayGcMrs.exe
  C:\Windows\System\ayGcMrs.exe
  2⤵
  PID:9772
- C:\Windows\System\mGRfXIS.exe
  C:\Windows\System\mGRfXIS.exe
  2⤵
  PID:9800
- C:\Windows\System\rFgVEhL.exe
  C:\Windows\System\rFgVEhL.exe
  2⤵
  PID:9828
- C:\Windows\System\ETweHcl.exe
  C:\Windows\System\ETweHcl.exe
  2⤵
  PID:9864
- C:\Windows\System\flBcmnx.exe
  C:\Windows\System\flBcmnx.exe
  2⤵
  PID:9892
- C:\Windows\System\ezHIpIR.exe
  C:\Windows\System\ezHIpIR.exe
  2⤵
  PID:9920
- C:\Windows\System\iJGaPPG.exe
  C:\Windows\System\iJGaPPG.exe
  2⤵
  PID:9948
- C:\Windows\System\NIXTNsm.exe
  C:\Windows\System\NIXTNsm.exe
  2⤵
  PID:9980
- C:\Windows\System\ynCNHKb.exe
  C:\Windows\System\ynCNHKb.exe
  2⤵
  PID:10008
- C:\Windows\System\aEXnsCJ.exe
  C:\Windows\System\aEXnsCJ.exe
  2⤵
  PID:10036
- C:\Windows\System\qFWGYpI.exe
  C:\Windows\System\qFWGYpI.exe
  2⤵
  PID:10052
- C:\Windows\System\yrldPNv.exe
  C:\Windows\System\yrldPNv.exe
  2⤵
  PID:10080
- C:\Windows\System\HBpkQrW.exe
  C:\Windows\System\HBpkQrW.exe
  2⤵
  PID:10120
- C:\Windows\System\pElUYKu.exe
  C:\Windows\System\pElUYKu.exe
  2⤵
  PID:10148
- C:\Windows\System\ICbtmCR.exe
  C:\Windows\System\ICbtmCR.exe
  2⤵
  PID:10176
- C:\Windows\System\QfFILJu.exe
  C:\Windows\System\QfFILJu.exe
  2⤵
  PID:10204
- C:\Windows\System\STGtKXL.exe
  C:\Windows\System\STGtKXL.exe
  2⤵
  PID:10232
- C:\Windows\System\YQLQgKK.exe
  C:\Windows\System\YQLQgKK.exe
  2⤵
  PID:9260
- C:\Windows\System\VZyEgti.exe
  C:\Windows\System\VZyEgti.exe
  2⤵
  PID:9336
- C:\Windows\System\EiSMWxV.exe
  C:\Windows\System\EiSMWxV.exe
  2⤵
  PID:9404
- C:\Windows\System\MAnOWBD.exe
  C:\Windows\System\MAnOWBD.exe
  2⤵
  PID:9460
- C:\Windows\System\yogEXne.exe
  C:\Windows\System\yogEXne.exe
  2⤵
  PID:9532
- C:\Windows\System\TGmDsye.exe
  C:\Windows\System\TGmDsye.exe
  2⤵
  PID:9588
- C:\Windows\System\FVnBxup.exe
  C:\Windows\System\FVnBxup.exe
  2⤵
  PID:9652
- C:\Windows\System\QmGwmIx.exe
  C:\Windows\System\QmGwmIx.exe
  2⤵
  PID:9712
- C:\Windows\System\aagtqhq.exe
  C:\Windows\System\aagtqhq.exe
  2⤵
  PID:9784
- C:\Windows\System\oOlxZZG.exe
  C:\Windows\System\oOlxZZG.exe
  2⤵
  PID:9856
- C:\Windows\System\wsAGNDh.exe
  C:\Windows\System\wsAGNDh.exe
  2⤵
  PID:9908
- C:\Windows\System\ZaaeEXn.exe
  C:\Windows\System\ZaaeEXn.exe
  2⤵
  PID:9976
- C:\Windows\System\YKeuflx.exe
  C:\Windows\System\YKeuflx.exe
  2⤵
  PID:10044
- C:\Windows\System\GTNrbqH.exe
  C:\Windows\System\GTNrbqH.exe
  2⤵
  PID:10100
- C:\Windows\System\vYeTLKY.exe
  C:\Windows\System\vYeTLKY.exe
  2⤵
  PID:10160
- C:\Windows\System\SHmxbWj.exe
  C:\Windows\System\SHmxbWj.exe
  2⤵
  PID:10224
- C:\Windows\System\wWhoPwe.exe
  C:\Windows\System\wWhoPwe.exe
  2⤵
  PID:9320
- C:\Windows\System\ebYsDKi.exe
  C:\Windows\System\ebYsDKi.exe
  2⤵
  PID:9488
- C:\Windows\System\HoIIoge.exe
  C:\Windows\System\HoIIoge.exe
  2⤵
  PID:9628
- C:\Windows\System\aKOmzBQ.exe
  C:\Windows\System\aKOmzBQ.exe
  2⤵
  PID:9768
- C:\Windows\System\LGIQQdl.exe
  C:\Windows\System\LGIQQdl.exe
  2⤵
  PID:9944
- C:\Windows\System\fBTFmQW.exe
  C:\Windows\System\fBTFmQW.exe
  2⤵
  PID:10092
- C:\Windows\System\qobqbKS.exe
  C:\Windows\System\qobqbKS.exe
  2⤵
  PID:10216
- C:\Windows\System\AULfNZY.exe
  C:\Windows\System\AULfNZY.exe
  2⤵
  PID:9448
- C:\Windows\System\mdyIJFc.exe
  C:\Windows\System\mdyIJFc.exe
  2⤵
  PID:9756
- C:\Windows\System\ytzTlQA.exe
  C:\Windows\System\ytzTlQA.exe
  2⤵
  PID:10200
- C:\Windows\System\HQWmAzu.exe
  C:\Windows\System\HQWmAzu.exe
  2⤵
  PID:10032
- C:\Windows\System\ngOoZeG.exe
  C:\Windows\System\ngOoZeG.exe
  2⤵
  PID:9392
- C:\Windows\System\RiNkkxa.exe
  C:\Windows\System\RiNkkxa.exe
  2⤵
  PID:10256
- C:\Windows\System\yIhmIvd.exe
  C:\Windows\System\yIhmIvd.exe
  2⤵
  PID:10296
- C:\Windows\System\CHJIxCi.exe
  C:\Windows\System\CHJIxCi.exe
  2⤵
  PID:10324
- C:\Windows\System\wDcbmWk.exe
  C:\Windows\System\wDcbmWk.exe
  2⤵
  PID:10348
- C:\Windows\System\dfAAkeE.exe
  C:\Windows\System\dfAAkeE.exe
  2⤵
  PID:10380
- C:\Windows\System\AgeaIsf.exe
  C:\Windows\System\AgeaIsf.exe
  2⤵
  PID:10408
- C:\Windows\System\YAgtrcs.exe
  C:\Windows\System\YAgtrcs.exe
  2⤵
  PID:10428
- C:\Windows\System\QDeCmRW.exe
  C:\Windows\System\QDeCmRW.exe
  2⤵
  PID:10464
- C:\Windows\System\ZiYvCKg.exe
  C:\Windows\System\ZiYvCKg.exe
  2⤵
  PID:10504
- C:\Windows\System\hlGhxWZ.exe
  C:\Windows\System\hlGhxWZ.exe
  2⤵
  PID:10520
- C:\Windows\System\ZvxOwjP.exe
  C:\Windows\System\ZvxOwjP.exe
  2⤵
  PID:10548
- C:\Windows\System\rwddPFF.exe
  C:\Windows\System\rwddPFF.exe
  2⤵
  PID:10580
- C:\Windows\System\lyzJnsN.exe
  C:\Windows\System\lyzJnsN.exe
  2⤵
  PID:10608
- C:\Windows\System\qENutjl.exe
  C:\Windows\System\qENutjl.exe
  2⤵
  PID:10644
- C:\Windows\System\stoqTKA.exe
  C:\Windows\System\stoqTKA.exe
  2⤵
  PID:10676
- C:\Windows\System\POYPKoA.exe
  C:\Windows\System\POYPKoA.exe
  2⤵
  PID:10704
- C:\Windows\System\vgdAkGI.exe
  C:\Windows\System\vgdAkGI.exe
  2⤵
  PID:10732
- C:\Windows\System\tbiZpaD.exe
  C:\Windows\System\tbiZpaD.exe
  2⤵
  PID:10760
- C:\Windows\System\rTfmjEq.exe
  C:\Windows\System\rTfmjEq.exe
  2⤵
  PID:10788
- C:\Windows\System\pCxLKMa.exe
  C:\Windows\System\pCxLKMa.exe
  2⤵
  PID:10816
- C:\Windows\System\FQGvycT.exe
  C:\Windows\System\FQGvycT.exe
  2⤵
  PID:10844
- C:\Windows\System\KcpiKww.exe
  C:\Windows\System\KcpiKww.exe
  2⤵
  PID:10864
- C:\Windows\System\SmPeHUS.exe
  C:\Windows\System\SmPeHUS.exe
  2⤵
  PID:10892
- C:\Windows\System\VUAbeOW.exe
  C:\Windows\System\VUAbeOW.exe
  2⤵
  PID:10920
- C:\Windows\System\BbYJFUT.exe
  C:\Windows\System\BbYJFUT.exe
  2⤵
  PID:10952
- C:\Windows\System\KgvbWSB.exe
  C:\Windows\System\KgvbWSB.exe
  2⤵
  PID:10984
- C:\Windows\System\vOeUzSW.exe
  C:\Windows\System\vOeUzSW.exe
  2⤵
  PID:11020
- C:\Windows\System\ehemxPp.exe
  C:\Windows\System\ehemxPp.exe
  2⤵
  PID:11048
- C:\Windows\System\bIGzzBR.exe
  C:\Windows\System\bIGzzBR.exe
  2⤵
  PID:11068
- C:\Windows\System\rpjZLSa.exe
  C:\Windows\System\rpjZLSa.exe
  2⤵
  PID:11104
- C:\Windows\System\xpfDyyP.exe
  C:\Windows\System\xpfDyyP.exe
  2⤵
  PID:11132
- C:\Windows\System\KtoJCPf.exe
  C:\Windows\System\KtoJCPf.exe
  2⤵
  PID:11160
- C:\Windows\System\fxtmaES.exe
  C:\Windows\System\fxtmaES.exe
  2⤵
  PID:11192
- C:\Windows\System\mzreFXq.exe
  C:\Windows\System\mzreFXq.exe
  2⤵
  PID:11228
- C:\Windows\System\spaeZcx.exe
  C:\Windows\System\spaeZcx.exe
  2⤵
  PID:11256
- C:\Windows\System\CjfgGTo.exe
  C:\Windows\System\CjfgGTo.exe
  2⤵
  PID:10272
- C:\Windows\System\UAVrXra.exe
  C:\Windows\System\UAVrXra.exe
  2⤵
  PID:10340
- C:\Windows\System\dZNanfX.exe
  C:\Windows\System\dZNanfX.exe
  2⤵
  PID:10404
- C:\Windows\System\SQegnjc.exe
  C:\Windows\System\SQegnjc.exe
  2⤵
  PID:10480
- C:\Windows\System\yVCayvF.exe
  C:\Windows\System\yVCayvF.exe
  2⤵
  PID:10544
- C:\Windows\System\bmxKFjb.exe
  C:\Windows\System\bmxKFjb.exe
  2⤵
  PID:10600
- C:\Windows\System\Clywnrt.exe
  C:\Windows\System\Clywnrt.exe
  2⤵
  PID:10688
- C:\Windows\System\EmXnYdU.exe
  C:\Windows\System\EmXnYdU.exe
  2⤵
  PID:2804
- C:\Windows\System\xYPBtAe.exe
  C:\Windows\System\xYPBtAe.exe
  2⤵
  PID:10812
- C:\Windows\System\adeNHSJ.exe
  C:\Windows\System\adeNHSJ.exe
  2⤵
  PID:10880
- C:\Windows\System\fkiRRSR.exe
  C:\Windows\System\fkiRRSR.exe
  2⤵
  PID:10940
- C:\Windows\System\qczEUxH.exe
  C:\Windows\System\qczEUxH.exe
  2⤵
  PID:11000
- C:\Windows\System\PRFjaSR.exe
  C:\Windows\System\PRFjaSR.exe
  2⤵
  PID:11064
- C:\Windows\System\KeCCpcu.exe
  C:\Windows\System\KeCCpcu.exe
  2⤵
  PID:11128
- C:\Windows\System\wNOFbDx.exe
  C:\Windows\System\wNOFbDx.exe
  2⤵
  PID:7196
- C:\Windows\System\GTsaZUU.exe
  C:\Windows\System\GTsaZUU.exe
  2⤵
  PID:11248
- C:\Windows\System\dSkDzXE.exe
  C:\Windows\System\dSkDzXE.exe
  2⤵
  PID:10336
- C:\Windows\System\CLPqawi.exe
  C:\Windows\System\CLPqawi.exe
  2⤵
  PID:10488
- C:\Windows\System\ZNzZhIj.exe
  C:\Windows\System\ZNzZhIj.exe
  2⤵
  PID:10664
- C:\Windows\System\jwYZfjt.exe
  C:\Windows\System\jwYZfjt.exe
  2⤵
  PID:10776
- C:\Windows\System\aNMqyVm.exe
  C:\Windows\System\aNMqyVm.exe
  2⤵
  PID:10968
- C:\Windows\System\kYKbvDY.exe
  C:\Windows\System\kYKbvDY.exe
  2⤵
  PID:11092
- C:\Windows\System\XWiQddf.exe
  C:\Windows\System\XWiQddf.exe
  2⤵
  PID:11240
- C:\Windows\System\zgHddXt.exe
  C:\Windows\System\zgHddXt.exe
  2⤵
  PID:10460
- C:\Windows\System\SPnOrEZ.exe
  C:\Windows\System\SPnOrEZ.exe
  2⤵
  PID:1208
- C:\Windows\System\BgQEyud.exe
  C:\Windows\System\BgQEyud.exe
  2⤵
  PID:11180
- C:\Windows\System\xOmveHQ.exe
  C:\Windows\System\xOmveHQ.exe
  2⤵
  PID:10772
- C:\Windows\System\CRKcUPq.exe
  C:\Windows\System\CRKcUPq.exe
  2⤵
  PID:11148
- C:\Windows\System\levrEhK.exe
  C:\Windows\System\levrEhK.exe
  2⤵
  PID:11288
- C:\Windows\System\MOIhfbq.exe
  C:\Windows\System\MOIhfbq.exe
  2⤵
  PID:11316
- C:\Windows\System\BxVTVWn.exe
  C:\Windows\System\BxVTVWn.exe
  2⤵
  PID:11344
- C:\Windows\System\HFNmiKV.exe
  C:\Windows\System\HFNmiKV.exe
  2⤵
  PID:11364
- C:\Windows\System\kisdHHx.exe
  C:\Windows\System\kisdHHx.exe
  2⤵
  PID:11380
- C:\Windows\System\BZoZFav.exe
  C:\Windows\System\BZoZFav.exe
  2⤵
  PID:11424
- C:\Windows\System\gLAgJaq.exe
  C:\Windows\System\gLAgJaq.exe
  2⤵
  PID:11440
- C:\Windows\System\YPBGbMZ.exe
  C:\Windows\System\YPBGbMZ.exe
  2⤵
  PID:11472
- C:\Windows\System\jTOzVII.exe
  C:\Windows\System\jTOzVII.exe
  2⤵
  PID:11528
- C:\Windows\System\cBWQcRf.exe
  C:\Windows\System\cBWQcRf.exe
  2⤵
  PID:11548
- C:\Windows\System\LGEEkmq.exe
  C:\Windows\System\LGEEkmq.exe
  2⤵
  PID:11580
- C:\Windows\System\jKHSodV.exe
  C:\Windows\System\jKHSodV.exe
  2⤵
  PID:11612
- C:\Windows\System\GumclbX.exe
  C:\Windows\System\GumclbX.exe
  2⤵
  PID:11628
- C:\Windows\System\tJtRjaW.exe
  C:\Windows\System\tJtRjaW.exe
  2⤵
  PID:11652
- C:\Windows\System\fiHEFed.exe
  C:\Windows\System\fiHEFed.exe
  2⤵
  PID:11700
- C:\Windows\System\ShFLjUl.exe
  C:\Windows\System\ShFLjUl.exe
  2⤵
  PID:11716
- C:\Windows\System\UolDMRd.exe
  C:\Windows\System\UolDMRd.exe
  2⤵
  PID:11752
- C:\Windows\System\FLQAbtd.exe
  C:\Windows\System\FLQAbtd.exe
  2⤵
  PID:11776
- C:\Windows\System\EgbkHQG.exe
  C:\Windows\System\EgbkHQG.exe
  2⤵
  PID:11796
- C:\Windows\System\DOpCXzD.exe
  C:\Windows\System\DOpCXzD.exe
  2⤵
  PID:11836
- C:\Windows\System\ALOUfKD.exe
  C:\Windows\System\ALOUfKD.exe
  2⤵
  PID:11864
- C:\Windows\System\behExDG.exe
  C:\Windows\System\behExDG.exe
  2⤵
  PID:11884
- C:\Windows\System\JVHbmjR.exe
  C:\Windows\System\JVHbmjR.exe
  2⤵
  PID:11924
- C:\Windows\System\VqQkVxD.exe
  C:\Windows\System\VqQkVxD.exe
  2⤵
  PID:11960
- C:\Windows\System\XobTvIo.exe
  C:\Windows\System\XobTvIo.exe
  2⤵
  PID:12008
- C:\Windows\System\MxHRLtY.exe
  C:\Windows\System\MxHRLtY.exe
  2⤵
  PID:12032
- C:\Windows\System\ljslCml.exe
  C:\Windows\System\ljslCml.exe
  2⤵
  PID:12060
- C:\Windows\System\cxoVySU.exe
  C:\Windows\System\cxoVySU.exe
  2⤵
  PID:12100
- C:\Windows\System\wtbGiEL.exe
  C:\Windows\System\wtbGiEL.exe
  2⤵
  PID:12120
- C:\Windows\System\LANsKXL.exe
  C:\Windows\System\LANsKXL.exe
  2⤵
  PID:12152
- C:\Windows\System\lbXajHE.exe
  C:\Windows\System\lbXajHE.exe
  2⤵
  PID:12172
- C:\Windows\System\UdrRrTf.exe
  C:\Windows\System\UdrRrTf.exe
  2⤵
  PID:12212
- C:\Windows\System\rEbHltO.exe
  C:\Windows\System\rEbHltO.exe
  2⤵
  PID:12232
- C:\Windows\System\OsemPuq.exe
  C:\Windows\System\OsemPuq.exe
  2⤵
  PID:12272
- C:\Windows\System\zDiYBnt.exe
  C:\Windows\System\zDiYBnt.exe
  2⤵
  PID:11300
- C:\Windows\System\qDjpIQJ.exe
  C:\Windows\System\qDjpIQJ.exe
  2⤵
  PID:11360
- C:\Windows\System\OleXwwg.exe
  C:\Windows\System\OleXwwg.exe
  2⤵
  PID:11436
- C:\Windows\System\jVbyIWT.exe
  C:\Windows\System\jVbyIWT.exe
  2⤵
  PID:11460
- C:\Windows\System\dCSThdS.exe
  C:\Windows\System\dCSThdS.exe
  2⤵
  PID:11512
- C:\Windows\System\VgAiaGD.exe
  C:\Windows\System\VgAiaGD.exe
  2⤵
  PID:11560
- C:\Windows\System\fmSQbIo.exe
  C:\Windows\System\fmSQbIo.exe
  2⤵
  PID:11624
- C:\Windows\System\lunQfMM.exe
  C:\Windows\System\lunQfMM.exe
  2⤵
  PID:11708
- C:\Windows\System\vgrChah.exe
  C:\Windows\System\vgrChah.exe
  2⤵
  PID:11740
- C:\Windows\System\xKQvkhY.exe
  C:\Windows\System\xKQvkhY.exe
  2⤵
  PID:11852
- C:\Windows\System\GoyNiDK.exe
  C:\Windows\System\GoyNiDK.exe
  2⤵
  PID:11876
- C:\Windows\System\zYodtpe.exe
  C:\Windows\System\zYodtpe.exe
  2⤵
  PID:11980
- C:\Windows\System\zXJpdPS.exe
  C:\Windows\System\zXJpdPS.exe
  2⤵
  PID:12044
- C:\Windows\System\YubQlSg.exe
  C:\Windows\System\YubQlSg.exe
  2⤵
  PID:12092
- C:\Windows\System\HVAdsqp.exe
  C:\Windows\System\HVAdsqp.exe
  2⤵
  PID:12144
- C:\Windows\System\sTAZFry.exe
  C:\Windows\System\sTAZFry.exe
  2⤵
  PID:12188
- C:\Windows\System\VWSgLai.exe
  C:\Windows\System\VWSgLai.exe
  2⤵
  PID:11276
- C:\Windows\System\wmZOgZS.exe
  C:\Windows\System\wmZOgZS.exe
  2⤵
  PID:1376
- C:\Windows\System\xafAJcd.exe
  C:\Windows\System\xafAJcd.exe
  2⤵
  PID:11644
- C:\Windows\System\sPhWdef.exe
  C:\Windows\System\sPhWdef.exe
  2⤵
  PID:11792
- C:\Windows\System\BNgVPnI.exe
  C:\Windows\System\BNgVPnI.exe
  2⤵
  PID:11936
- C:\Windows\System\YpyNFJk.exe
  C:\Windows\System\YpyNFJk.exe
  2⤵
  PID:12132
- C:\Windows\System\oVnixzh.exe
  C:\Windows\System\oVnixzh.exe
  2⤵
  PID:12264
- C:\Windows\System\JUecJSv.exe
  C:\Windows\System\JUecJSv.exe
  2⤵
  PID:11908
- C:\Windows\System\BbUxhpq.exe
  C:\Windows\System\BbUxhpq.exe
  2⤵
  PID:980
- C:\Windows\System\fVAwcqO.exe
  C:\Windows\System\fVAwcqO.exe
  2⤵
  PID:1144
- C:\Windows\System\ekhTXvk.exe
  C:\Windows\System\ekhTXvk.exe
  2⤵
  PID:11828
- C:\Windows\System\ytfKIEE.exe
  C:\Windows\System\ytfKIEE.exe
  2⤵
  PID:12256
- C:\Windows\System\CpayWfk.exe
  C:\Windows\System\CpayWfk.exe
  2⤵
  PID:4388
- C:\Windows\System\RIVOTMG.exe
  C:\Windows\System\RIVOTMG.exe
  2⤵
  PID:12200
- C:\Windows\System\izYMHaw.exe
  C:\Windows\System\izYMHaw.exe
  2⤵
  PID:11732
- C:\Windows\System\vsYVZtl.exe
  C:\Windows\System\vsYVZtl.exe
  2⤵
  PID:12336
- C:\Windows\System\oOEtcin.exe
  C:\Windows\System\oOEtcin.exe
  2⤵
  PID:12364
- C:\Windows\System\WbeBXPr.exe
  C:\Windows\System\WbeBXPr.exe
  2⤵
  PID:12392
- C:\Windows\System\pnizyzJ.exe
  C:\Windows\System\pnizyzJ.exe
  2⤵
  PID:12428
- C:\Windows\System\rzQHZUb.exe
  C:\Windows\System\rzQHZUb.exe
  2⤵
  PID:12456
- C:\Windows\System\RLfFUMC.exe
  C:\Windows\System\RLfFUMC.exe
  2⤵
  PID:12484
- C:\Windows\System\pcIattB.exe
  C:\Windows\System\pcIattB.exe
  2⤵
  PID:12516
- C:\Windows\System\uEBZAKx.exe
  C:\Windows\System\uEBZAKx.exe
  2⤵
  PID:12544
- C:\Windows\System\cWVXxDq.exe
  C:\Windows\System\cWVXxDq.exe
  2⤵
  PID:12572
- C:\Windows\System\UTmFPwy.exe
  C:\Windows\System\UTmFPwy.exe
  2⤵
  PID:12600
- C:\Windows\System\DAhhgZU.exe
  C:\Windows\System\DAhhgZU.exe
  2⤵
  PID:12628
- C:\Windows\System\FnqlqEd.exe
  C:\Windows\System\FnqlqEd.exe
  2⤵
  PID:12656
- C:\Windows\System\QEKNLOk.exe
  C:\Windows\System\QEKNLOk.exe
  2⤵
  PID:12684
- C:\Windows\System\CnvxUlB.exe
  C:\Windows\System\CnvxUlB.exe
  2⤵
  PID:12700
- C:\Windows\System\YWobNxa.exe
  C:\Windows\System\YWobNxa.exe
  2⤵
  PID:12740
- C:\Windows\System\fdqgeFv.exe
  C:\Windows\System\fdqgeFv.exe
  2⤵
  PID:12768
- C:\Windows\System\rEhHZwp.exe
  C:\Windows\System\rEhHZwp.exe
  2⤵
  PID:12784
- C:\Windows\System\eyPzBkU.exe
  C:\Windows\System\eyPzBkU.exe
  2⤵
  PID:12824
- C:\Windows\System\DpiWUoF.exe
  C:\Windows\System\DpiWUoF.exe
  2⤵
  PID:12856
- C:\Windows\System\AzQZWbk.exe
  C:\Windows\System\AzQZWbk.exe
  2⤵
  PID:12884
- C:\Windows\System\UhtelEy.exe
  C:\Windows\System\UhtelEy.exe
  2⤵
  PID:12912
- C:\Windows\System\dcnOFuF.exe
  C:\Windows\System\dcnOFuF.exe
  2⤵
  PID:12940
- C:\Windows\System\AFOWzZz.exe
  C:\Windows\System\AFOWzZz.exe
  2⤵
  PID:12968
- C:\Windows\System\jMJUITU.exe
  C:\Windows\System\jMJUITU.exe
  2⤵
  PID:12996
- C:\Windows\System\kKvcdeQ.exe
  C:\Windows\System\kKvcdeQ.exe
  2⤵
  PID:13024
- C:\Windows\System\GCEsWhy.exe
  C:\Windows\System\GCEsWhy.exe
  2⤵
  PID:13052
- C:\Windows\System\nwertID.exe
  C:\Windows\System\nwertID.exe
  2⤵
  PID:13080
- C:\Windows\System\lQFudlN.exe
  C:\Windows\System\lQFudlN.exe
  2⤵
  PID:13108
- C:\Windows\System\OIDWTOj.exe
  C:\Windows\System\OIDWTOj.exe
  2⤵
  PID:13136
- C:\Windows\System\fUfXvFK.exe
  C:\Windows\System\fUfXvFK.exe
  2⤵
  PID:13164
- C:\Windows\System\rWYOXsT.exe
  C:\Windows\System\rWYOXsT.exe
  2⤵
  PID:13196
- C:\Windows\System\PYmCVWD.exe
  C:\Windows\System\PYmCVWD.exe
  2⤵
  PID:13224
- C:\Windows\System\yCliKMh.exe
  C:\Windows\System\yCliKMh.exe
  2⤵
  PID:13252
- C:\Windows\System\nEJbKZm.exe
  C:\Windows\System\nEJbKZm.exe
  2⤵
  PID:13280
- C:\Windows\System\bVPYTDH.exe
  C:\Windows\System\bVPYTDH.exe
  2⤵
  PID:13308
- C:\Windows\System\TJfwJAL.exe
  C:\Windows\System\TJfwJAL.exe
  2⤵
  PID:12356
- C:\Windows\System\sRUSxTi.exe
  C:\Windows\System\sRUSxTi.exe
  2⤵
  PID:12424
- C:\Windows\System\nOAkmLZ.exe
  C:\Windows\System\nOAkmLZ.exe
  2⤵
  PID:12500
- C:\Windows\System\xSIogNB.exe
  C:\Windows\System\xSIogNB.exe
  2⤵
  PID:12556
- C:\Windows\System\fmtWVTq.exe
  C:\Windows\System\fmtWVTq.exe
  2⤵
  PID:12620
- C:\Windows\System\TkjVbkt.exe
  C:\Windows\System\TkjVbkt.exe
  2⤵
  PID:12696
- C:\Windows\System\EbfNVzL.exe
  C:\Windows\System\EbfNVzL.exe
  2⤵
  PID:12752
- C:\Windows\System\pTgkxci.exe
  C:\Windows\System\pTgkxci.exe
  2⤵
  PID:12820
- C:\Windows\System\EZWwuSl.exe
  C:\Windows\System\EZWwuSl.exe
  2⤵
  PID:12904
- C:\Windows\System\YPJmoaN.exe
  C:\Windows\System\YPJmoaN.exe
  2⤵
  PID:12964
- C:\Windows\System\bdRzjko.exe
  C:\Windows\System\bdRzjko.exe
  2⤵
  PID:13040
- C:\Windows\System\CDAUMEY.exe
  C:\Windows\System\CDAUMEY.exe
  2⤵
  PID:13100
- C:\Windows\System\ltXhrha.exe
  C:\Windows\System\ltXhrha.exe
  2⤵
  PID:13160
- C:\Windows\System\zvzEEzq.exe
  C:\Windows\System\zvzEEzq.exe
  2⤵
  PID:13236
- C:\Windows\System\kIpgozA.exe
  C:\Windows\System\kIpgozA.exe
  2⤵
  PID:13304
- C:\Windows\System\YtqDErF.exe
  C:\Windows\System\YtqDErF.exe
  2⤵
  PID:12420
- C:\Windows\System\dFIsVGO.exe
  C:\Windows\System\dFIsVGO.exe
  2⤵
  PID:12528
- C:\Windows\System\QTCvBJb.exe
  C:\Windows\System\QTCvBJb.exe
  2⤵
  PID:12672
- C:\Windows\System\xXvwPjc.exe
  C:\Windows\System\xXvwPjc.exe
  2⤵
  PID:12932
- C:\Windows\System\SNtYuEa.exe
  C:\Windows\System\SNtYuEa.exe
  2⤵
  PID:13072
- C:\Windows\System\JVYMJLd.exe
  C:\Windows\System\JVYMJLd.exe
  2⤵
  PID:13216
- C:\Windows\System\ARPVmcx.exe
  C:\Windows\System\ARPVmcx.exe
  2⤵
  PID:12476
- C:\Windows\System\KgiiOXu.exe
  C:\Windows\System\KgiiOXu.exe
  2⤵
  PID:12668
- C:\Windows\System\JeMpsMc.exe
  C:\Windows\System\JeMpsMc.exe
  2⤵
  PID:13220
- C:\Windows\System\aBVISlw.exe
  C:\Windows\System\aBVISlw.exe
  2⤵
  PID:13020
- C:\Windows\System\tcIFShQ.exe
  C:\Windows\System\tcIFShQ.exe
  2⤵
  PID:13776
- C:\Windows\System\YInjKJI.exe
  C:\Windows\System\YInjKJI.exe
  2⤵
  PID:12808
- C:\Windows\System\YnYXpRl.exe
  C:\Windows\System\YnYXpRl.exe
  2⤵
  PID:13340
- C:\Windows\System\BFFmxIO.exe
  C:\Windows\System\BFFmxIO.exe
  2⤵
  PID:13324
- C:\Windows\System\jfljkfj.exe
  C:\Windows\System\jfljkfj.exe
  2⤵
  PID:13380
- C:\Windows\System\PSlQlDl.exe
  C:\Windows\System\PSlQlDl.exe
  2⤵
  PID:13408
- C:\Windows\System\GCvvGSf.exe
  C:\Windows\System\GCvvGSf.exe
  2⤵
  PID:13440
- C:\Windows\System\TTNnGRm.exe
  C:\Windows\System\TTNnGRm.exe
  2⤵
  PID:2232
- C:\Windows\System\veUAxPV.exe
  C:\Windows\System\veUAxPV.exe
  2⤵
  PID:4724
- C:\Windows\System\lFQfhaV.exe
  C:\Windows\System\lFQfhaV.exe
  2⤵
  PID:13484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BB8X2UQ6\site-d059d883a114[1].css

Filesize
66KB

MD5
06ad9bc6321c6fed15c64dd375c36d90

SHA1
2abef97ab0621a1d832c6ca784721adad5bc8315

SHA256
74439e916848a6d30f2933b4e7c5a88b41d8ca3a1593f68a82596379806d4ae6

SHA512
d059d883a114193dd05c54c9d3db4f1552bba29320d529b3abed354152a17bcd773dfdec46afc8c2f2d7fd7f13ff85042fa697d761cb7a3447a8488349c81e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z1x4hyeb.cud.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BaaaTht.exe

Filesize
2.8MB

MD5
93f980f0ceeb6c22b9c582c789b69c06

SHA1
a1a7d07618eccecfdb397a1d12f4c38843a5bf19

SHA256
9720895ad6fe5dd6352f58a1f559912207f5c01a1bea415e15d4ef5e1cebd7cd

SHA512
65396591477062ee6208a0b9c2290cbaf33f259d1b53fb18a1838a31d3f858e4ce80d2614b2f6b4dbd52ee00413d214dd9c897cde513773fa4c8a11ec1ab419f

Download Submit
C:\Windows\System\DlGCLvF.exe

Filesize
2.8MB

MD5
1d96913a869c9ebbdc0a214fa93cdbf4

SHA1
830847712c0a83ba0a5fd9fc17a7dd7f290462f4

SHA256
f75f2ddb26f2e4e0c395446384284a489602ec3b4b2f683c52ec3e6141369f5f

SHA512
44b136817b888e28bc32aafbcabcc8c3f33aeaff5f5236af321ed6bac92f734b56c25bfe735fec52659c6ab37308c79e44bc43079b01f01bd45a9d628674a9de

Download Submit
C:\Windows\System\FjldXfn.exe

Filesize
2.8MB

MD5
7f6b03759ed1050bb8912268e3815084

SHA1
6cfbd265e58f50febe7b6854a7b6e827e2f9ddcc

SHA256
6e0a6b82b5ee6b4cd1a3fc32662fd8c240f2b806e22c46dcaad61b7e19f05d80

SHA512
9c4ed595f758fae184e7757fd171d843ed4305839754d9c5d3fdd27a75d42d81a9941c38bfabb5ecb790909d5705ffc68271f346c4339f3dbf75247e1a89868c

Download Submit
C:\Windows\System\FmDBikR.exe

Filesize
2.8MB

MD5
8202e0b62ce5e446acfe5accc8e9b47c

SHA1
c273e4a37cc5a011b65dda0b35205025b0326428

SHA256
794f8a375a1946ededd342d2b2a909968df08c5fd6cadf9c0952b679b567afb8

SHA512
6a77ff17c991b6185e4e5ec3f5dc505f92236fe87222251cdae3ae3f33b445df46e8be123e028aee0778ee57c511ef4bb6d27395694bb1f2998dacb8966ba5dd

Download Submit
C:\Windows\System\IuSbcaZ.exe

Filesize
2.8MB

MD5
53b346e08600746afef7811c2a23433d

SHA1
a87826328ada0977430d74c23a8404241fd2ac1a

SHA256
3925a1c1b7a35963a479b9f889f7e9c456d177ae65d0956ed9521d0e6e294a05

SHA512
1912aa1318ae66df53cf6729fb74de0774221d7ebab91178daad9d19148f6725cd8bf36b267f512d65f85dcf95827f4746a1ea9e12f9a836fa749a7b996f3b58

Download Submit
C:\Windows\System\JBSZCwL.exe

Filesize
2.8MB

MD5
cec162bb8fd3d96f60e1655225d24806

SHA1
47aabe4d14992ae20ff93783a0e97aef229ba0b9

SHA256
aea72f50a6d0b8036439448fb8d07d1a27806eebcbb70faf8b17fccfaff5a6a4

SHA512
89a076d7a6083352ceb369733c60c1b8d8ef6aa30879b3d7b57e29e31fcd3c6d2accace85f0eced60a6014222c69f24518ba8793fc7292af92a99b3c49b69237

Download Submit
C:\Windows\System\JlSxhWb.exe

Filesize
2.8MB

MD5
b90e72d9507de5da7bc2ca04f7fa67fb

SHA1
48ce21c0179311b0d4fe46ea87a62972b626b61f

SHA256
71375b29ac8f428b40aec36f7d3ff7b0d62fce8abdbb9af2c94a45d8050f0c2d

SHA512
db65772cae75d4c49e42dcce5148132f7e667240685e10d8d36a8833a5fbf2d1d323c4723e10c25891665da8feac58a8d155f13cfa28cd76bcdd75857d3a3a35

Download Submit
C:\Windows\System\KUhLwgp.exe

Filesize
2.8MB

MD5
eea98c2fc4df04ac845af9777f172f55

SHA1
31980b550d8efc2576d771edd02fac7c5c0c4cd6

SHA256
e2aba899df91fde82cf8817504c68d3de15601b932a6b1735a19e8936e2d8bde

SHA512
2f974e8e469f549940484e4e7a0df014290151d1fc1cdd38dd6395919d4a88b7e27a378c99894a7617c2df61e1f6f9e8545b6dbd9d819360eb45f3130fed4030

Download Submit
C:\Windows\System\OXCarUB.exe

Filesize
2.8MB

MD5
412767919595716570b4372bb02f7443

SHA1
8429e577c7b11a32b8bcb1c9a20588e8b39ba33d

SHA256
e2eb7a3c564cbb314a2f0ad76b79d862942850f1cb3bf3a28adcee08fc23827c

SHA512
0afacfb6c9d6458a419facbe73a181f6b55081390df8c771d95423266ee8cf19929024e46cd0dffa3d25211815f925c1fd780c4625fa0a405c0da1f99a2e0ee9

Download Submit
C:\Windows\System\OYHMpxc.exe

Filesize
2.8MB

MD5
778f770c9e2d320d4ced48e358090756

SHA1
a4ae2c4dfe6b059f8dccb50b80eb60127cebc728

SHA256
06bd71111391098aa56eb0ddbe072ddf54256de9df58fd67d39aa6437688c396

SHA512
7d4988412538d8030e6b1912f06ba584e271704af4716f6193a607310318b68efefdd2a2ed08615ac14d395712f3dc1e2dcd0f960c55223b6ca33886296c6b9a

Download Submit
C:\Windows\System\PdbYXZF.exe

Filesize
2.8MB

MD5
8182a8c2aa02b67ee9e98c834a974201

SHA1
5d4527801171dd078c6d12773e5fda5087b18f14

SHA256
9528e4cc483118061b6cf60e89a4e85e47ee6afbef26153daa632b682ee24982

SHA512
4e5a4f82f82c050faddde2941348a15dbcf59aa648085ddd705aa25c503023249036bd00bfc3f79a4dbe997168228bddfab63be8642aba3c546a375d1a1f44ea

Download Submit
C:\Windows\System\QPepOge.exe

Filesize
2.8MB

MD5
9ba32c2853d6828f107a068ad1d55320

SHA1
52a50899781afc58d00151f0ce1c3629bfe65634

SHA256
9bc22deec31986e60d0632ac3b0805e298d26d9219a2a4215cba25e455bc481a

SHA512
410de294c94a7727620aab52ba4f94bce1c1c22e5ea8a35ff06059595994d25c2468ce45c031f624dc53c982c05c3ae57d971abd792f4d9baf6b7b6a6dae2703

Download Submit
C:\Windows\System\QPtoWwg.exe

Filesize
2.8MB

MD5
ced616865e09331c76c8464039b435c5

SHA1
d4649634a62eddc038882905ebb0def883718149

SHA256
b6114c9fc8bd56333c9d13a0d1a2ef280813a760c53e2b9e4f4cc9857351b3c3

SHA512
b1d71485677049855353031a440b3844e8b413a043d1574aed5ac36e4c8fd2c514889a9ab02ee5c7e7c4047df5c9070ef20c7d673422f76bc1ee09fe447d7783

Download Submit
C:\Windows\System\Qhsfqfu.exe

Filesize
2.8MB

MD5
bfa17c81fd1f2ab7f6cdfb050e510a67

SHA1
84d543de0d3d01f54cb585eef8726e69df890452

SHA256
bc62f49e6e6e59f608a36acc3882bfcff618dc437d29ef7ce93e3b15a5b3091c

SHA512
a3f5ea9a274a6e21b5b202da20bf622747386e068bfa78253af0c8ab984b0a2ed0369ff0a192d8fc51602cdbb754a23cee724f4f00ce44c904973abfba1431f5

Download Submit
C:\Windows\System\TwwnKHf.exe

Filesize
2.8MB

MD5
841dfd6aeae3c6f8384e1f741a2966fe

SHA1
d5b5eb7f9b001fd44dc0e9b6f8b8c3941f9aee93

SHA256
781eed691b7c94e185ff028f3c93cedfacd376910bd17b6ce14bb160cbc396ef

SHA512
f901bebee1a8a52c764f67d5f6ce3406482e48beaf4c48321631493762bb4c2c2c239ffd5f18cc20c88f01ec08b4cb28ea29df1c9033cc2a12238233df0e24b3

Download Submit
C:\Windows\System\YOvTTrz.exe

Filesize
2.8MB

MD5
63c2eaf264b2b2aeac743cbd8240e8b2

SHA1
02e365548d66ad72b7f84731a2918b63724c8060

SHA256
dbc3fce8ec9af64768e564bcd0d16d1c4ffaf75dfafa1d75dfb03e85798e8334

SHA512
614ef524edd447cf94b1fb0e09998b209745da6baf2200ee032e5e0334a8713ecd0efaec5e0f83469d437fc5aaccaf079ce83db4b73bd254a601880458bbba0c

Download Submit
C:\Windows\System\aHHyVSk.exe

Filesize
2.8MB

MD5
5df8756b1b37f88fb6ce95ecf25b7760

SHA1
c1129fc2774d462792a8dd8a8f78caa605c0e845

SHA256
14e15141136685656f8db1c090ca8c240c810721e5d0fff988b0607a2d8179ff

SHA512
6f6cf4f2ba01897b796abaf1ac70efb98d0acde206c6b6dbe9e59b9bd4d18671466bbf20ae53b4ed405c2e90d66dde4280316aa7d1be42449a7b654cf84ec645

Download Submit
C:\Windows\System\bAqcNWu.exe

Filesize
2.8MB

MD5
f5cf6bdde4251e2e02caa04ff1264c73

SHA1
6f490aa3d1c792fbb6e502f45eadfede0ca8cef0

SHA256
d4e610a140b4fe9f8c11109187b0fdcce8cf81e785e0791a6f4196eccb13dd3f

SHA512
6978dee4e45ba1eacc53420c87c1c1dbfa6c4285344bac2019b6c101e6a7ffbeb16d8a1c91c647aad40ee1ecc5c5bc9181c4434bd3e8174a044106540ebe1579

Download Submit
C:\Windows\System\bEZGJlS.exe

Filesize
2.8MB

MD5
7af5bfaa2ac5defd8d71f8b321e3ba0a

SHA1
9f778ff63e48d5f78bde5989a89d936a7c1da204

SHA256
eb2d2a309d530121d26fa0fd8bb7dec79c3aa8addf1f39a646bc7937b3c982a6

SHA512
69f55c3d197c5eee2e0b95032d5516b010a2d10cd4911616d8a067a4296c748f97c7eb6cf00801ff1f4ee5aaf83798f0e51b0cb9b20ed8287d7a0f3f025dbcda

Download Submit
C:\Windows\System\cMUDFIm.exe

Filesize
2.8MB

MD5
5120a36f9d0f87b4d55264e0fd7246c3

SHA1
91811864f204ce7b8aaca08f039832e9c646c03b

SHA256
5c2166bb981440407b3804a7d478f2198cfe091a8aa8492fa72da87f5cb56a1e

SHA512
377266dc9191e88e4cf169b503b4cc667cc80afdf679d4a079b4900a31c7b03695048f7ca1ba7aa482eaa5827af17fbd9863689d97bd6335551b8e161d8944e3

Download Submit
C:\Windows\System\eSRNMlf.exe

Filesize
2.8MB

MD5
fb9f1a77c44eebd95e02b21d6a8a12fd

SHA1
f7cb71c18be5a98a72c408b3abd8ee2c987b5507

SHA256
486c627d772ac7310e272d6fe772c6b23259cb02ab42d565a4015e7d32bbf9b8

SHA512
f240d2bd853e884d7a0bae395724b65cdcd33c9e6d8731ea433645073605a1ebeb39dd76a3d24b608e3061715130cdacdd8234ab9d12f4f6b8b0bc372a293647

Download Submit
C:\Windows\System\eUjxzqZ.exe

Filesize
2.8MB

MD5
bffe446d500e15d1705f960fc8bb68c2

SHA1
d23205aeb54cd7a08899931ff721d570d5b59b9c

SHA256
386a39de130eedb96d8ae947a522ed62df45f4b16d6e2afd7666f16a58c6cf80

SHA512
2a9ddfee16e1055d78361d5f1b5944a913ac124c9ee919f62afbf4caf3558194954f75a6ee50db32ac5ac4851cebff8508852bd8e03b4f98688089b655153731

Download Submit
C:\Windows\System\hhcBESh.exe

Filesize
2.8MB

MD5
f3f7012310b5c5e0f1b86bc491344a31

SHA1
fa76a98547e04969c10677b1b5f6aa3a33cfbf5b

SHA256
10c64e72a4312162eb8995a3a83110eeb9303be33722f7947de446d3bb9810bf

SHA512
45d394114a6ffacbbe7bb01f0d8d11d986b81c4cff1aa6f0a1ca715f4e64ae9be79e6475b36a99194dbc8fad6320bcd501225127fbecd76cb1628167eb7e2e47

Download Submit
C:\Windows\System\igLbZyy.exe

Filesize
2.8MB

MD5
c9e3e93689391ed72f73fa0c95ff4253

SHA1
32a46fb364ed62f73b2fbe7bee20b7bdface5b7c

SHA256
8e7f217e4cfc9a308daa4a4ef8c0683085c5244532b5cab4165eec72f8a0858c

SHA512
aba0ebd147550216ab52621f4bbcd88779bb87156396d890a8a858abb0d8f814d036cad3ae83f6061f3f730186eacf08c6bf181b0eaa980ec2dc3e1b9269547f

Download Submit
C:\Windows\System\jyECmIL.exe

Filesize
8B

MD5
f249cce64f1edf5dc7bee5be6e2d5ad9

SHA1
0d569e38ec2ee4118bd367894784a63582261e47

SHA256
c376b4c1019dfb02d31ea3137efb150405ef95ba0305dcf5e026248ffc8d7cc2

SHA512
fdeb5b006eba899c911e624dadfb6c7b2eb030236757e187df8ba8d194a5a42df30b590d0fcf3f859b2532e60fc00c33154f75c1e6481913447ff2fa15b08be2

Download Submit
C:\Windows\System\npriiNU.exe

Filesize
2.8MB

MD5
cdfa10010d845e82057cc797ce5b7330

SHA1
23f31c6d91af7426945971b780d8274def7607f7

SHA256
6a63e7979fbec8cc29fa09e6823c88beb2fc377e3c500c4eea21634e09782428

SHA512
a73bcdc762e84f8fe3cf91268c56371bd052d60fdd41694172c5068901b543ca518b2223bd9940c4b848ebc3b2b664aea6e69edda03001490db4b8a3803aa7ef

Download Submit
C:\Windows\System\qodvTbq.exe

Filesize
2.8MB

MD5
7d95e0c9ba4bd79b18b64bc3c09e1a9c

SHA1
07f0d071f854ae8a5cec8e9470f04af87fc9f4c7

SHA256
35d21128b68f78b13029a35e02a7b047926d9f2a45161a966f85ea747a5562ec

SHA512
51de81d5df7e527f2609f68a129c97d34fb05da4eeed37c3baf1d70168d7d3914d25f23df34837e1fd420bde57f5c7b07b2390f3be139a7373f3bb8f2273bd23

Download Submit
C:\Windows\System\sWOTQND.exe

Filesize
2.8MB

MD5
b9e10d811b7f2ed0030f365606a8cb82

SHA1
4e09ba794326eb3b179baebe94ee30f6b8626642

SHA256
7b589a67f79842552d3f10e3741c252a44018b968ecc4f96736ff38cbd9a8785

SHA512
04d98e713dd3d2e8d73573940ecc5ba3bec18f90a78478ee7974a69406d286fac6e9e3db5f0d388d6963a63a9543b9cd376893252210433deb14c4c842bc5567

Download Submit
C:\Windows\System\slzEvOo.exe

Filesize
2.8MB

MD5
337ba40fd9bf6d441e2cfc9f3d85f7e9

SHA1
0122934450dc4088c2f76c6db01edbb7f93a176a

SHA256
584fe741e6e7a8896fcb1626a7650b68de1332913b8fc8edda63ab7f76de9f5f

SHA512
aaef5428d3bd9fdc66cee4a52f266002206300e3f58f441744554331fe2169fd0dadee8118113c289f907c84b1f6c8b574f6e20ff1ff3ef8c4465056021c6301

Download Submit
C:\Windows\System\tPxYFjv.exe

Filesize
2.8MB

MD5
bda85b2d10ca2ab4864be10d12844c3c

SHA1
6713fd790a2ae29ead412f5f560c3d0780f2de7c

SHA256
fc0874dea610227762bf0980d3483824e46a95494520efd1478339a0b287149c

SHA512
df7d81907833e418120ecb3110e5419f1c884735d39480a8cb823c3dad0aa2544bf044b489135f8c3ca94c46bb9505c24d489519e4f09a60c41de3f0d0776fdc

Download Submit
C:\Windows\System\ulhQGld.exe

Filesize
2.8MB

MD5
2e9084acde80b5e5bbc696ce453c6b47

SHA1
1dedcdcb7b76e20be5c30ea7e1821ab1458225a6

SHA256
88bd22a95ffd42d333727ad6b42a3158044fc2cc805c4f6672d10ed288afd9ce

SHA512
4db8cabd763da2cccd64b1c03b093fb315e8b216bd67dca53bd2ac32fc3469ca6930c5a994421c2bab64a934f9e2d31a0138373995a1d3fe9f35910c47d64f58

Download Submit
C:\Windows\System\wlADhUH.exe

Filesize
2.8MB

MD5
ca3ebdd98ce4cbc13d07ae49a470b672

SHA1
9e29dde456e4f4a9a6c9e17d7fb2a12c4931efc4

SHA256
5fd8f986e7bec3a8e0df22bf775eac5b94476a0250f72d068157ed730cdc1cf7

SHA512
e783803da6edc96cbb3891883a81b4b0741139c15e1596f4c7832e43547541c374166206836141a1e94a44ba465fec436d9d57c73e748633e00bbe84a81a978d

Download Submit
C:\Windows\System\xpNWMma.exe

Filesize
2.8MB

MD5
b8ebb12046c116923e960371174f3296

SHA1
9fcb12c85198b2362186adc7f28b1d141001d574

SHA256
47c979800a46879d2ac23d375fe48f3de1fca8d6e1ac566b929a83113c795f1a

SHA512
e515350abcdf8f7b849b8d6d65dae05f69f50bbfe670e7a07f0ba176decd36893647c241eee13bde592d49d1dbf5753e5b6299f9d29793d575047fd43eb29cc7

Download Submit
memory/908-2437-0x00007FF723970000-0x00007FF723D66000-memory.dmp

Filesize
4.0MB

Download
memory/908-10-0x00007FF723970000-0x00007FF723D66000-memory.dmp

Filesize
4.0MB

Download
memory/1200-189-0x00007FF6AFE70000-0x00007FF6B0266000-memory.dmp

Filesize
4.0MB

Download
memory/1200-2457-0x00007FF6AFE70000-0x00007FF6B0266000-memory.dmp

Filesize
4.0MB

Download
memory/1200-2293-0x00007FF6AFE70000-0x00007FF6B0266000-memory.dmp

Filesize
4.0MB

Download
memory/1392-2448-0x00007FF6597F0000-0x00007FF659BE6000-memory.dmp

Filesize
4.0MB

Download
memory/1392-2461-0x00007FF6597F0000-0x00007FF659BE6000-memory.dmp

Filesize
4.0MB

Download
memory/1392-390-0x00007FF6597F0000-0x00007FF659BE6000-memory.dmp

Filesize
4.0MB

Download
memory/1828-239-0x00007FF748250000-0x00007FF748646000-memory.dmp

Filesize
4.0MB

Download
memory/1828-2451-0x00007FF748250000-0x00007FF748646000-memory.dmp

Filesize
4.0MB

Download
memory/1972-76-0x00007FF68DBD0000-0x00007FF68DFC6000-memory.dmp

Filesize
4.0MB

Download
memory/1972-2445-0x00007FF68DBD0000-0x00007FF68DFC6000-memory.dmp

Filesize
4.0MB

Download
memory/2104-77-0x00007FF7524E0000-0x00007FF7528D6000-memory.dmp

Filesize
4.0MB

Download
memory/2104-2443-0x00007FF7524E0000-0x00007FF7528D6000-memory.dmp

Filesize
4.0MB

Download
memory/2124-233-0x00007FF74EBA0000-0x00007FF74EF96000-memory.dmp

Filesize
4.0MB

Download
memory/2124-2453-0x00007FF74EBA0000-0x00007FF74EF96000-memory.dmp

Filesize
4.0MB

Download
memory/2228-54-0x00007FF687070000-0x00007FF687466000-memory.dmp

Filesize
4.0MB

Download
memory/2228-2439-0x00007FF687070000-0x00007FF687466000-memory.dmp

Filesize
4.0MB

Download
memory/2460-2440-0x00007FF661D60000-0x00007FF662156000-memory.dmp

Filesize
4.0MB

Download
memory/2460-49-0x00007FF661D60000-0x00007FF662156000-memory.dmp

Filesize
4.0MB

Download
memory/2684-66-0x00007FF619720000-0x00007FF619B16000-memory.dmp

Filesize
4.0MB

Download
memory/2684-2444-0x00007FF619720000-0x00007FF619B16000-memory.dmp

Filesize
4.0MB

Download
memory/2696-2436-0x00007FF65DF50000-0x00007FF65E346000-memory.dmp

Filesize
4.0MB

Download
memory/2696-2459-0x00007FF65DF50000-0x00007FF65E346000-memory.dmp

Filesize
4.0MB

Download
memory/2696-255-0x00007FF65DF50000-0x00007FF65E346000-memory.dmp

Filesize
4.0MB

Download
memory/2708-81-0x00007FF7F07D0000-0x00007FF7F0BC6000-memory.dmp

Filesize
4.0MB

Download
memory/2708-2447-0x00007FF7F07D0000-0x00007FF7F0BC6000-memory.dmp

Filesize
4.0MB

Download
memory/2912-0-0x00007FF7C5420000-0x00007FF7C5816000-memory.dmp

Filesize
4.0MB

Download
memory/2912-1-0x0000020792880000-0x0000020792890000-memory.dmp

Filesize
64KB

Download
memory/2912-1669-0x00007FF7C5420000-0x00007FF7C5816000-memory.dmp

Filesize
4.0MB

Download
memory/3172-247-0x00007FF7620B0000-0x00007FF7624A6000-memory.dmp

Filesize
4.0MB

Download
memory/3172-2455-0x00007FF7620B0000-0x00007FF7624A6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-2435-0x00007FF79A3F0000-0x00007FF79A7E6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-2460-0x00007FF79A3F0000-0x00007FF79A7E6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-254-0x00007FF79A3F0000-0x00007FF79A7E6000-memory.dmp

Filesize
4.0MB

Download
memory/3300-2438-0x00007FF7B0270000-0x00007FF7B0666000-memory.dmp

Filesize
4.0MB

Download
memory/3300-78-0x00007FF7B0270000-0x00007FF7B0666000-memory.dmp

Filesize
4.0MB

Download
memory/3684-243-0x00007FF69DD50000-0x00007FF69E146000-memory.dmp

Filesize
4.0MB

Download
memory/3684-2456-0x00007FF69DD50000-0x00007FF69E146000-memory.dmp

Filesize
4.0MB

Download
memory/3748-2449-0x00007FF6390E0000-0x00007FF6394D6000-memory.dmp

Filesize
4.0MB

Download
memory/3748-2289-0x00007FF6390E0000-0x00007FF6394D6000-memory.dmp

Filesize
4.0MB

Download
memory/3748-152-0x00007FF6390E0000-0x00007FF6394D6000-memory.dmp

Filesize
4.0MB

Download
memory/3856-2458-0x00007FF6CA7D0000-0x00007FF6CABC6000-memory.dmp

Filesize
4.0MB

Download
memory/3856-204-0x00007FF6CA7D0000-0x00007FF6CABC6000-memory.dmp

Filesize
4.0MB

Download
memory/3856-2295-0x00007FF6CA7D0000-0x00007FF6CABC6000-memory.dmp

Filesize
4.0MB

Download
memory/4188-79-0x00007FF6E1150000-0x00007FF6E1546000-memory.dmp

Filesize
4.0MB

Download
memory/4188-2442-0x00007FF6E1150000-0x00007FF6E1546000-memory.dmp

Filesize
4.0MB

Download
memory/4524-61-0x00007FF7E5590000-0x00007FF7E5986000-memory.dmp

Filesize
4.0MB

Download
memory/4524-2441-0x00007FF7E5590000-0x00007FF7E5986000-memory.dmp

Filesize
4.0MB

Download
memory/4548-217-0x00007FF6FD770000-0x00007FF6FDB66000-memory.dmp

Filesize
4.0MB

Download
memory/4548-2434-0x00007FF6FD770000-0x00007FF6FDB66000-memory.dmp

Filesize
4.0MB

Download
memory/4548-2454-0x00007FF6FD770000-0x00007FF6FDB66000-memory.dmp

Filesize
4.0MB

Download
memory/4592-2446-0x00007FF6DE020000-0x00007FF6DE416000-memory.dmp

Filesize
4.0MB

Download
memory/4592-80-0x00007FF6DE020000-0x00007FF6DE416000-memory.dmp

Filesize
4.0MB

Download
memory/4756-155-0x00007FF73C4B0000-0x00007FF73C8A6000-memory.dmp

Filesize
4.0MB

Download
memory/4756-2433-0x00007FF73C4B0000-0x00007FF73C8A6000-memory.dmp

Filesize
4.0MB

Download
memory/4756-2450-0x00007FF73C4B0000-0x00007FF73C8A6000-memory.dmp

Filesize
4.0MB

Download
memory/4836-168-0x00007FF68F720000-0x00007FF68FB16000-memory.dmp

Filesize
4.0MB

Download
memory/4836-2452-0x00007FF68F720000-0x00007FF68FB16000-memory.dmp

Filesize
4.0MB

Download
memory/4836-2290-0x00007FF68F720000-0x00007FF68FB16000-memory.dmp

Filesize
4.0MB

Download
memory/4844-82-0x0000022F50730000-0x0000022F50ED6000-memory.dmp

Filesize
7.6MB

Download
memory/4844-44-0x0000022F4FAD0000-0x0000022F4FAF2000-memory.dmp

Filesize
136KB

Download
memory/4844-2010-0x00007FF93FD83000-0x00007FF93FD85000-memory.dmp

Filesize
8KB

Download
memory/4844-32-0x00007FF93FD80000-0x00007FF940841000-memory.dmp

Filesize
10.8MB

Download
memory/4844-1676-0x00007FF93FD80000-0x00007FF940841000-memory.dmp

Filesize
10.8MB

Download
memory/4844-27-0x00007FF93FD80000-0x00007FF940841000-memory.dmp

Filesize
10.8MB

Download
memory/4844-11-0x00007FF93FD83000-0x00007FF93FD85000-memory.dmp

Filesize
8KB

Download