xmrig | c552d0a3b2404624b98d8fbaff57cc0992504f0fc85af3902e4a41b2bcbaea73

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
Size

3.0MB
MD5

28e78c37c1a70aa3d7099ccf3c99bbb0
SHA1

168414ab76e99983ed4fba5de1c755a3e4ba4c02
SHA256

c552d0a3b2404624b98d8fbaff57cc0992504f0fc85af3902e4a41b2bcbaea73
SHA512

42d377f7aeb3ab0340ad234e6c15a6b72519eb3a55e2fa2306d0eae7aaf1e538e988874494989fb67ee8f1d943b2be65ca10edcf150f893c2d4da6877c7bd8d1
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/mi1:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R6

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/336-0-0x00007FF68CCC0000-0x00007FF68D0B6000-memory.dmp	xmrig
behavioral2/memory/1944-7-0x00007FF6EA200000-0x00007FF6EA5F6000-memory.dmp	xmrig
behavioral2/files/0x000a00000002346a-13.dat	xmrig
behavioral2/files/0x0007000000023473-14.dat	xmrig
behavioral2/files/0x0007000000023472-16.dat	xmrig
behavioral2/files/0x0007000000023474-23.dat	xmrig
behavioral2/files/0x0007000000023475-33.dat	xmrig
behavioral2/files/0x0007000000023476-35.dat	xmrig
behavioral2/memory/1432-50-0x00007FF6DFB00000-0x00007FF6DFEF6000-memory.dmp	xmrig
behavioral2/files/0x000700000002347a-56.dat	xmrig
behavioral2/files/0x0007000000023477-54.dat	xmrig
behavioral2/files/0x0008000000023479-60.dat	xmrig
behavioral2/files/0x000700000002347c-73.dat	xmrig
behavioral2/files/0x000700000002347f-93.dat	xmrig
behavioral2/files/0x0007000000023482-109.dat	xmrig
behavioral2/files/0x0007000000023488-135.dat	xmrig
behavioral2/files/0x000700000002348b-154.dat	xmrig
behavioral2/files/0x0007000000023490-175.dat	xmrig
behavioral2/memory/3212-946-0x00007FF64C520000-0x00007FF64C916000-memory.dmp	xmrig
behavioral2/files/0x0007000000023491-178.dat	xmrig
behavioral2/files/0x000700000002348f-173.dat	xmrig
behavioral2/files/0x000700000002348e-169.dat	xmrig
behavioral2/files/0x000700000002348d-164.dat	xmrig
behavioral2/files/0x000700000002348c-159.dat	xmrig
behavioral2/files/0x000700000002348a-149.dat	xmrig
behavioral2/files/0x0007000000023489-144.dat	xmrig
behavioral2/files/0x0007000000023487-133.dat	xmrig
behavioral2/files/0x0007000000023486-129.dat	xmrig
behavioral2/files/0x0007000000023485-124.dat	xmrig
behavioral2/files/0x0007000000023484-119.dat	xmrig
behavioral2/files/0x0007000000023483-113.dat	xmrig
behavioral2/files/0x0007000000023481-104.dat	xmrig
behavioral2/files/0x0007000000023480-99.dat	xmrig
behavioral2/files/0x000700000002347e-89.dat	xmrig
behavioral2/files/0x000700000002347d-84.dat	xmrig
behavioral2/files/0x000700000002347b-74.dat	xmrig
behavioral2/files/0x0008000000023478-69.dat	xmrig
behavioral2/memory/4020-29-0x00007FF7BF6C0000-0x00007FF7BFAB6000-memory.dmp	xmrig
behavioral2/memory/4664-955-0x00007FF795CC0000-0x00007FF7960B6000-memory.dmp	xmrig
behavioral2/memory/3624-959-0x00007FF7C6080000-0x00007FF7C6476000-memory.dmp	xmrig
behavioral2/memory/2268-962-0x00007FF7421A0000-0x00007FF742596000-memory.dmp	xmrig
behavioral2/memory/5020-966-0x00007FF6F0630000-0x00007FF6F0A26000-memory.dmp	xmrig
behavioral2/memory/4976-971-0x00007FF6EC280000-0x00007FF6EC676000-memory.dmp	xmrig
behavioral2/memory/3076-963-0x00007FF640450000-0x00007FF640846000-memory.dmp	xmrig
behavioral2/memory/5064-952-0x00007FF60FCB0000-0x00007FF6100A6000-memory.dmp	xmrig
behavioral2/memory/2548-976-0x00007FF74E0D0000-0x00007FF74E4C6000-memory.dmp	xmrig
behavioral2/memory/4284-977-0x00007FF6AF980000-0x00007FF6AFD76000-memory.dmp	xmrig
behavioral2/memory/5028-981-0x00007FF6002D0000-0x00007FF6006C6000-memory.dmp	xmrig
behavioral2/memory/3672-992-0x00007FF641960000-0x00007FF641D56000-memory.dmp	xmrig
behavioral2/memory/4580-994-0x00007FF733B20000-0x00007FF733F16000-memory.dmp	xmrig
behavioral2/memory/3800-995-0x00007FF6752B0000-0x00007FF6756A6000-memory.dmp	xmrig
behavioral2/memory/1368-989-0x00007FF6A9FF0000-0x00007FF6AA3E6000-memory.dmp	xmrig
behavioral2/memory/4156-987-0x00007FF73DE40000-0x00007FF73E236000-memory.dmp	xmrig
behavioral2/memory/4092-1006-0x00007FF654F00000-0x00007FF6552F6000-memory.dmp	xmrig
behavioral2/memory/2564-1015-0x00007FF70B340000-0x00007FF70B736000-memory.dmp	xmrig
behavioral2/memory/540-1019-0x00007FF724280000-0x00007FF724676000-memory.dmp	xmrig
behavioral2/memory/1880-1016-0x00007FF69FC80000-0x00007FF6A0076000-memory.dmp	xmrig
behavioral2/memory/376-1003-0x00007FF79CF40000-0x00007FF79D336000-memory.dmp	xmrig
behavioral2/memory/1944-2081-0x00007FF6EA200000-0x00007FF6EA5F6000-memory.dmp	xmrig
behavioral2/memory/1432-2082-0x00007FF6DFB00000-0x00007FF6DFEF6000-memory.dmp	xmrig
behavioral2/memory/3212-2085-0x00007FF64C520000-0x00007FF64C916000-memory.dmp	xmrig
behavioral2/memory/2564-2084-0x00007FF70B340000-0x00007FF70B736000-memory.dmp	xmrig
behavioral2/memory/4020-2086-0x00007FF7BF6C0000-0x00007FF7BFAB6000-memory.dmp	xmrig
behavioral2/memory/5064-2087-0x00007FF60FCB0000-0x00007FF6100A6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
7	3184	powershell.exe
12	3184	powershell.exe
22	3184	powershell.exe
21	3184	powershell.exe
25	3184	powershell.exe
27	3184	powershell.exe
28	3184	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3184	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1944	eBNlWSZ.exe
4020	nshqxvp.exe
1432	uypsynr.exe
3212	EPlfOQY.exe
2564	umonIQo.exe
1880	QiCXsiR.exe
5064	ySGMdpg.exe
540	kIwjBpG.exe
4664	ODRGysZ.exe
3624	wDATWNt.exe
2268	IeilJni.exe
3076	sEYnjvs.exe
5020	RMsyxHy.exe
4976	FHlLTjL.exe
2548	ruvRajs.exe
4284	ilDpHGk.exe
5028	JzepLdl.exe
4156	VjWcMtY.exe
1368	qKePVQQ.exe
3672	RLEhqYy.exe
4580	iitsHeC.exe
3800	eAYChkK.exe
376	QCpdtvt.exe
4092	JeFErpb.exe
3592	CWfBvew.exe
3092	FNzkYgu.exe
116	kWUMAtC.exe
3228	lUHIbfY.exe
3424	ndNYDvN.exe
4036	qXrRapn.exe
1848	qckQZBV.exe
448	wfYSiyv.exe
4204	JsoyZAg.exe
4808	mzHonfw.exe
4636	wvoAOtu.exe
4576	yOeGFZp.exe
372	xJteBfX.exe
3952	MEjgVJW.exe
4540	WOHLUKS.exe
2452	OUCoMOZ.exe
1032	wXzWXQd.exe
1168	GrFBBgj.exe
2556	cFizRlm.exe
4332	LFyYcLz.exe
4768	WMveKcL.exe
796	JGeTwLm.exe
3036	fuRZpUo.exe
4912	EwLVQQQ.exe
4356	aJWjoGT.exe
1016	eJPoIzg.exe
5052	mDaCYJx.exe
1568	BvnqzFU.exe
4964	AsDUbjY.exe
2440	ThiYzGW.exe
2028	nypldwh.exe
2672	WxKPwnb.exe
3852	JQaVGzr.exe
1812	RrdqwUm.exe
3104	iOZLzIH.exe
4804	eDKYuUP.exe
4684	OAfemCw.exe
2924	WPYyKBf.exe
1876	qAHAGEF.exe
4688	NYasnlH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/336-0-0x00007FF68CCC0000-0x00007FF68D0B6000-memory.dmp	upx
behavioral2/memory/1944-7-0x00007FF6EA200000-0x00007FF6EA5F6000-memory.dmp	upx
behavioral2/files/0x000a00000002346a-13.dat	upx
behavioral2/files/0x0007000000023473-14.dat	upx
behavioral2/files/0x0007000000023472-16.dat	upx
behavioral2/files/0x0007000000023474-23.dat	upx
behavioral2/files/0x0007000000023475-33.dat	upx
behavioral2/files/0x0007000000023476-35.dat	upx
behavioral2/memory/1432-50-0x00007FF6DFB00000-0x00007FF6DFEF6000-memory.dmp	upx
behavioral2/files/0x000700000002347a-56.dat	upx
behavioral2/files/0x0007000000023477-54.dat	upx
behavioral2/files/0x0008000000023479-60.dat	upx
behavioral2/files/0x000700000002347c-73.dat	upx
behavioral2/files/0x000700000002347f-93.dat	upx
behavioral2/files/0x0007000000023482-109.dat	upx
behavioral2/files/0x0007000000023488-135.dat	upx
behavioral2/files/0x000700000002348b-154.dat	upx
behavioral2/files/0x0007000000023490-175.dat	upx
behavioral2/memory/3212-946-0x00007FF64C520000-0x00007FF64C916000-memory.dmp	upx
behavioral2/files/0x0007000000023491-178.dat	upx
behavioral2/files/0x000700000002348f-173.dat	upx
behavioral2/files/0x000700000002348e-169.dat	upx
behavioral2/files/0x000700000002348d-164.dat	upx
behavioral2/files/0x000700000002348c-159.dat	upx
behavioral2/files/0x000700000002348a-149.dat	upx
behavioral2/files/0x0007000000023489-144.dat	upx
behavioral2/files/0x0007000000023487-133.dat	upx
behavioral2/files/0x0007000000023486-129.dat	upx
behavioral2/files/0x0007000000023485-124.dat	upx
behavioral2/files/0x0007000000023484-119.dat	upx
behavioral2/files/0x0007000000023483-113.dat	upx
behavioral2/files/0x0007000000023481-104.dat	upx
behavioral2/files/0x0007000000023480-99.dat	upx
behavioral2/files/0x000700000002347e-89.dat	upx
behavioral2/files/0x000700000002347d-84.dat	upx
behavioral2/files/0x000700000002347b-74.dat	upx
behavioral2/files/0x0008000000023478-69.dat	upx
behavioral2/memory/4020-29-0x00007FF7BF6C0000-0x00007FF7BFAB6000-memory.dmp	upx
behavioral2/memory/4664-955-0x00007FF795CC0000-0x00007FF7960B6000-memory.dmp	upx
behavioral2/memory/3624-959-0x00007FF7C6080000-0x00007FF7C6476000-memory.dmp	upx
behavioral2/memory/2268-962-0x00007FF7421A0000-0x00007FF742596000-memory.dmp	upx
behavioral2/memory/5020-966-0x00007FF6F0630000-0x00007FF6F0A26000-memory.dmp	upx
behavioral2/memory/4976-971-0x00007FF6EC280000-0x00007FF6EC676000-memory.dmp	upx
behavioral2/memory/3076-963-0x00007FF640450000-0x00007FF640846000-memory.dmp	upx
behavioral2/memory/5064-952-0x00007FF60FCB0000-0x00007FF6100A6000-memory.dmp	upx
behavioral2/memory/2548-976-0x00007FF74E0D0000-0x00007FF74E4C6000-memory.dmp	upx
behavioral2/memory/4284-977-0x00007FF6AF980000-0x00007FF6AFD76000-memory.dmp	upx
behavioral2/memory/5028-981-0x00007FF6002D0000-0x00007FF6006C6000-memory.dmp	upx
behavioral2/memory/3672-992-0x00007FF641960000-0x00007FF641D56000-memory.dmp	upx
behavioral2/memory/4580-994-0x00007FF733B20000-0x00007FF733F16000-memory.dmp	upx
behavioral2/memory/3800-995-0x00007FF6752B0000-0x00007FF6756A6000-memory.dmp	upx
behavioral2/memory/1368-989-0x00007FF6A9FF0000-0x00007FF6AA3E6000-memory.dmp	upx
behavioral2/memory/4156-987-0x00007FF73DE40000-0x00007FF73E236000-memory.dmp	upx
behavioral2/memory/4092-1006-0x00007FF654F00000-0x00007FF6552F6000-memory.dmp	upx
behavioral2/memory/2564-1015-0x00007FF70B340000-0x00007FF70B736000-memory.dmp	upx
behavioral2/memory/540-1019-0x00007FF724280000-0x00007FF724676000-memory.dmp	upx
behavioral2/memory/1880-1016-0x00007FF69FC80000-0x00007FF6A0076000-memory.dmp	upx
behavioral2/memory/376-1003-0x00007FF79CF40000-0x00007FF79D336000-memory.dmp	upx
behavioral2/memory/1944-2081-0x00007FF6EA200000-0x00007FF6EA5F6000-memory.dmp	upx
behavioral2/memory/1432-2082-0x00007FF6DFB00000-0x00007FF6DFEF6000-memory.dmp	upx
behavioral2/memory/3212-2085-0x00007FF64C520000-0x00007FF64C916000-memory.dmp	upx
behavioral2/memory/2564-2084-0x00007FF70B340000-0x00007FF70B736000-memory.dmp	upx
behavioral2/memory/4020-2086-0x00007FF7BF6C0000-0x00007FF7BFAB6000-memory.dmp	upx
behavioral2/memory/5064-2087-0x00007FF60FCB0000-0x00007FF6100A6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kAAerdJ.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\tsbDIUd.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\HzbkyVf.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\gjqaJjW.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\bWhPyvL.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\BBhwKUO.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\KLhBbfK.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\tgTzqrS.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\SVFYvbv.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\mOOKHRy.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\QiCXsiR.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\BvnqzFU.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\ftYROoz.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\kwakVCH.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\DRJyGrG.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\QSLKemw.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\mOTFzYH.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\cBMzYyS.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\AsDUbjY.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\euDHlmU.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\pmuhqBr.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\zGZcOXZ.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\nszvvzt.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\PgstUGs.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\LyYmPUT.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\RMsyxHy.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\PfBGluw.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\awgcZih.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\nNTjehL.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\eDKYuUP.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\ROBKvgl.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\QYKfFcI.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\fFfJGDd.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\ToAamkw.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\TfSZguk.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\YLkdkxE.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\IZHnxjH.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\ruvRajs.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\xAdKzHB.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\kkLDskj.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\ewRSBZv.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\ZWoWxsy.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\jweRPJu.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\JGxmAzs.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\yKNhXcN.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\vtakHwP.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\fMfwqwy.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\mCRtfIC.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\LkXXSMn.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\qYLdxge.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\WogEhuO.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\rFBiRbA.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\QJpYiHi.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\qCdZTJg.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\uONUjca.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\fiaUNby.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\mwTHqHI.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\mGIEWln.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\nVFPCdV.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\pngZKzG.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\agaQuMy.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\JCprANu.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\KKkSEHK.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
File created	C:\Windows\System\UKirvXa.exe	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3184	powershell.exe
3184	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3184	powershell.exe
Token: SeLockMemoryPrivilege	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 3184	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	84
PID 336 wrote to memory of 3184	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	84
PID 336 wrote to memory of 1944	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	85
PID 336 wrote to memory of 1944	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	85
PID 336 wrote to memory of 4020	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	86
PID 336 wrote to memory of 4020	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	86
PID 336 wrote to memory of 1432	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	87
PID 336 wrote to memory of 1432	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	87
PID 336 wrote to memory of 3212	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	88
PID 336 wrote to memory of 3212	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	88
PID 336 wrote to memory of 2564	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	89
PID 336 wrote to memory of 2564	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	89
PID 336 wrote to memory of 1880	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	90
PID 336 wrote to memory of 1880	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	90
PID 336 wrote to memory of 5064	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	91
PID 336 wrote to memory of 5064	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	91
PID 336 wrote to memory of 540	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	92
PID 336 wrote to memory of 540	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	92
PID 336 wrote to memory of 4664	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	93
PID 336 wrote to memory of 4664	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	93
PID 336 wrote to memory of 3624	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	94
PID 336 wrote to memory of 3624	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	94
PID 336 wrote to memory of 2268	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	95
PID 336 wrote to memory of 2268	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	95
PID 336 wrote to memory of 3076	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	96
PID 336 wrote to memory of 3076	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	96
PID 336 wrote to memory of 5020	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	97
PID 336 wrote to memory of 5020	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	97
PID 336 wrote to memory of 4976	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	98
PID 336 wrote to memory of 4976	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	98
PID 336 wrote to memory of 2548	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	99
PID 336 wrote to memory of 2548	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	99
PID 336 wrote to memory of 4284	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	100
PID 336 wrote to memory of 4284	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	100
PID 336 wrote to memory of 5028	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	101
PID 336 wrote to memory of 5028	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	101
PID 336 wrote to memory of 4156	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	102
PID 336 wrote to memory of 4156	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	102
PID 336 wrote to memory of 1368	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	103
PID 336 wrote to memory of 1368	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	103
PID 336 wrote to memory of 3672	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	104
PID 336 wrote to memory of 3672	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	104
PID 336 wrote to memory of 4580	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	105
PID 336 wrote to memory of 4580	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	105
PID 336 wrote to memory of 3800	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	106
PID 336 wrote to memory of 3800	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	106
PID 336 wrote to memory of 376	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	107
PID 336 wrote to memory of 376	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	107
PID 336 wrote to memory of 4092	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	108
PID 336 wrote to memory of 4092	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	108
PID 336 wrote to memory of 3592	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	109
PID 336 wrote to memory of 3592	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	109
PID 336 wrote to memory of 3092	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	110
PID 336 wrote to memory of 3092	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	110
PID 336 wrote to memory of 116	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	111
PID 336 wrote to memory of 116	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	111
PID 336 wrote to memory of 3228	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	112
PID 336 wrote to memory of 3228	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	112
PID 336 wrote to memory of 3424	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	113
PID 336 wrote to memory of 3424	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	113
PID 336 wrote to memory of 4036	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	114
PID 336 wrote to memory of 4036	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	114
PID 336 wrote to memory of 1848	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	115
PID 336 wrote to memory of 1848	336	28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\28e78c37c1a70aa3d7099ccf3c99bbb0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:336
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3184
- C:\Windows\System\eBNlWSZ.exe
  C:\Windows\System\eBNlWSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\nshqxvp.exe
  C:\Windows\System\nshqxvp.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\uypsynr.exe
  C:\Windows\System\uypsynr.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\EPlfOQY.exe
  C:\Windows\System\EPlfOQY.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\umonIQo.exe
  C:\Windows\System\umonIQo.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\QiCXsiR.exe
  C:\Windows\System\QiCXsiR.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\ySGMdpg.exe
  C:\Windows\System\ySGMdpg.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\kIwjBpG.exe
  C:\Windows\System\kIwjBpG.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\ODRGysZ.exe
  C:\Windows\System\ODRGysZ.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\wDATWNt.exe
  C:\Windows\System\wDATWNt.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\IeilJni.exe
  C:\Windows\System\IeilJni.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\sEYnjvs.exe
  C:\Windows\System\sEYnjvs.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\RMsyxHy.exe
  C:\Windows\System\RMsyxHy.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\FHlLTjL.exe
  C:\Windows\System\FHlLTjL.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\ruvRajs.exe
  C:\Windows\System\ruvRajs.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\ilDpHGk.exe
  C:\Windows\System\ilDpHGk.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\JzepLdl.exe
  C:\Windows\System\JzepLdl.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\VjWcMtY.exe
  C:\Windows\System\VjWcMtY.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\qKePVQQ.exe
  C:\Windows\System\qKePVQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\RLEhqYy.exe
  C:\Windows\System\RLEhqYy.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\iitsHeC.exe
  C:\Windows\System\iitsHeC.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\eAYChkK.exe
  C:\Windows\System\eAYChkK.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\QCpdtvt.exe
  C:\Windows\System\QCpdtvt.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\JeFErpb.exe
  C:\Windows\System\JeFErpb.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\CWfBvew.exe
  C:\Windows\System\CWfBvew.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\FNzkYgu.exe
  C:\Windows\System\FNzkYgu.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\kWUMAtC.exe
  C:\Windows\System\kWUMAtC.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\lUHIbfY.exe
  C:\Windows\System\lUHIbfY.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\ndNYDvN.exe
  C:\Windows\System\ndNYDvN.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\qXrRapn.exe
  C:\Windows\System\qXrRapn.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\qckQZBV.exe
  C:\Windows\System\qckQZBV.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\wfYSiyv.exe
  C:\Windows\System\wfYSiyv.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\JsoyZAg.exe
  C:\Windows\System\JsoyZAg.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\mzHonfw.exe
  C:\Windows\System\mzHonfw.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\wvoAOtu.exe
  C:\Windows\System\wvoAOtu.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\yOeGFZp.exe
  C:\Windows\System\yOeGFZp.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\xJteBfX.exe
  C:\Windows\System\xJteBfX.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\MEjgVJW.exe
  C:\Windows\System\MEjgVJW.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\WOHLUKS.exe
  C:\Windows\System\WOHLUKS.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\OUCoMOZ.exe
  C:\Windows\System\OUCoMOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\wXzWXQd.exe
  C:\Windows\System\wXzWXQd.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\GrFBBgj.exe
  C:\Windows\System\GrFBBgj.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\cFizRlm.exe
  C:\Windows\System\cFizRlm.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\LFyYcLz.exe
  C:\Windows\System\LFyYcLz.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\WMveKcL.exe
  C:\Windows\System\WMveKcL.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\JGeTwLm.exe
  C:\Windows\System\JGeTwLm.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\fuRZpUo.exe
  C:\Windows\System\fuRZpUo.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\EwLVQQQ.exe
  C:\Windows\System\EwLVQQQ.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\aJWjoGT.exe
  C:\Windows\System\aJWjoGT.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\eJPoIzg.exe
  C:\Windows\System\eJPoIzg.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\mDaCYJx.exe
  C:\Windows\System\mDaCYJx.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\BvnqzFU.exe
  C:\Windows\System\BvnqzFU.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\AsDUbjY.exe
  C:\Windows\System\AsDUbjY.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\ThiYzGW.exe
  C:\Windows\System\ThiYzGW.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\nypldwh.exe
  C:\Windows\System\nypldwh.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\WxKPwnb.exe
  C:\Windows\System\WxKPwnb.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\JQaVGzr.exe
  C:\Windows\System\JQaVGzr.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\RrdqwUm.exe
  C:\Windows\System\RrdqwUm.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\iOZLzIH.exe
  C:\Windows\System\iOZLzIH.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\eDKYuUP.exe
  C:\Windows\System\eDKYuUP.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\OAfemCw.exe
  C:\Windows\System\OAfemCw.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\WPYyKBf.exe
  C:\Windows\System\WPYyKBf.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\qAHAGEF.exe
  C:\Windows\System\qAHAGEF.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\NYasnlH.exe
  C:\Windows\System\NYasnlH.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\RHvRoCQ.exe
  C:\Windows\System\RHvRoCQ.exe
  2⤵
  PID:2056
- C:\Windows\System\mJVEVxr.exe
  C:\Windows\System\mJVEVxr.exe
  2⤵
  PID:1956
- C:\Windows\System\KiGFzUg.exe
  C:\Windows\System\KiGFzUg.exe
  2⤵
  PID:1644
- C:\Windows\System\TJzfHJq.exe
  C:\Windows\System\TJzfHJq.exe
  2⤵
  PID:2700
- C:\Windows\System\zusxlRy.exe
  C:\Windows\System\zusxlRy.exe
  2⤵
  PID:2292
- C:\Windows\System\Emnwunq.exe
  C:\Windows\System\Emnwunq.exe
  2⤵
  PID:3112
- C:\Windows\System\YJJbjpf.exe
  C:\Windows\System\YJJbjpf.exe
  2⤵
  PID:5144
- C:\Windows\System\vwtwnaq.exe
  C:\Windows\System\vwtwnaq.exe
  2⤵
  PID:5172
- C:\Windows\System\KxiWCAN.exe
  C:\Windows\System\KxiWCAN.exe
  2⤵
  PID:5200
- C:\Windows\System\ZXwhBlK.exe
  C:\Windows\System\ZXwhBlK.exe
  2⤵
  PID:5232
- C:\Windows\System\vpGZFIY.exe
  C:\Windows\System\vpGZFIY.exe
  2⤵
  PID:5256
- C:\Windows\System\mpVrzcZ.exe
  C:\Windows\System\mpVrzcZ.exe
  2⤵
  PID:5288
- C:\Windows\System\UniTsuA.exe
  C:\Windows\System\UniTsuA.exe
  2⤵
  PID:5316
- C:\Windows\System\lnDbyXh.exe
  C:\Windows\System\lnDbyXh.exe
  2⤵
  PID:5340
- C:\Windows\System\MkXSDpu.exe
  C:\Windows\System\MkXSDpu.exe
  2⤵
  PID:5372
- C:\Windows\System\jqMQejG.exe
  C:\Windows\System\jqMQejG.exe
  2⤵
  PID:5400
- C:\Windows\System\EpwRUwI.exe
  C:\Windows\System\EpwRUwI.exe
  2⤵
  PID:5424
- C:\Windows\System\agaQuMy.exe
  C:\Windows\System\agaQuMy.exe
  2⤵
  PID:5452
- C:\Windows\System\ZlysOyY.exe
  C:\Windows\System\ZlysOyY.exe
  2⤵
  PID:5484
- C:\Windows\System\jYjPSPj.exe
  C:\Windows\System\jYjPSPj.exe
  2⤵
  PID:5512
- C:\Windows\System\gaanpxs.exe
  C:\Windows\System\gaanpxs.exe
  2⤵
  PID:5540
- C:\Windows\System\DVtjIVE.exe
  C:\Windows\System\DVtjIVE.exe
  2⤵
  PID:5568
- C:\Windows\System\DoSkZEp.exe
  C:\Windows\System\DoSkZEp.exe
  2⤵
  PID:5596
- C:\Windows\System\vuLrnno.exe
  C:\Windows\System\vuLrnno.exe
  2⤵
  PID:5624
- C:\Windows\System\gKchFKZ.exe
  C:\Windows\System\gKchFKZ.exe
  2⤵
  PID:5652
- C:\Windows\System\FupVpEK.exe
  C:\Windows\System\FupVpEK.exe
  2⤵
  PID:5680
- C:\Windows\System\lGucXNu.exe
  C:\Windows\System\lGucXNu.exe
  2⤵
  PID:5708
- C:\Windows\System\BQhMmsK.exe
  C:\Windows\System\BQhMmsK.exe
  2⤵
  PID:5736
- C:\Windows\System\UbUnkUA.exe
  C:\Windows\System\UbUnkUA.exe
  2⤵
  PID:5764
- C:\Windows\System\ItnlWaC.exe
  C:\Windows\System\ItnlWaC.exe
  2⤵
  PID:5788
- C:\Windows\System\PwdoTeY.exe
  C:\Windows\System\PwdoTeY.exe
  2⤵
  PID:5820
- C:\Windows\System\pXGKTMW.exe
  C:\Windows\System\pXGKTMW.exe
  2⤵
  PID:5848
- C:\Windows\System\ciYiZme.exe
  C:\Windows\System\ciYiZme.exe
  2⤵
  PID:5876
- C:\Windows\System\fiaUNby.exe
  C:\Windows\System\fiaUNby.exe
  2⤵
  PID:5904
- C:\Windows\System\lJALdhH.exe
  C:\Windows\System\lJALdhH.exe
  2⤵
  PID:5932
- C:\Windows\System\FkaLKwu.exe
  C:\Windows\System\FkaLKwu.exe
  2⤵
  PID:5960
- C:\Windows\System\dZDweFY.exe
  C:\Windows\System\dZDweFY.exe
  2⤵
  PID:5988
- C:\Windows\System\UtuGjwq.exe
  C:\Windows\System\UtuGjwq.exe
  2⤵
  PID:6016
- C:\Windows\System\hQWhkhf.exe
  C:\Windows\System\hQWhkhf.exe
  2⤵
  PID:6044
- C:\Windows\System\jJKAglN.exe
  C:\Windows\System\jJKAglN.exe
  2⤵
  PID:6072
- C:\Windows\System\VUYNujm.exe
  C:\Windows\System\VUYNujm.exe
  2⤵
  PID:6100
- C:\Windows\System\iXXrrgH.exe
  C:\Windows\System\iXXrrgH.exe
  2⤵
  PID:6128
- C:\Windows\System\WogEhuO.exe
  C:\Windows\System\WogEhuO.exe
  2⤵
  PID:4824
- C:\Windows\System\PFjXGyB.exe
  C:\Windows\System\PFjXGyB.exe
  2⤵
  PID:3572
- C:\Windows\System\CchxHtV.exe
  C:\Windows\System\CchxHtV.exe
  2⤵
  PID:4880
- C:\Windows\System\rFBiRbA.exe
  C:\Windows\System\rFBiRbA.exe
  2⤵
  PID:2688
- C:\Windows\System\nszvvzt.exe
  C:\Windows\System\nszvvzt.exe
  2⤵
  PID:4760
- C:\Windows\System\jweRPJu.exe
  C:\Windows\System\jweRPJu.exe
  2⤵
  PID:3488
- C:\Windows\System\xkejVzK.exe
  C:\Windows\System\xkejVzK.exe
  2⤵
  PID:3116
- C:\Windows\System\oPbWcdb.exe
  C:\Windows\System\oPbWcdb.exe
  2⤵
  PID:5168
- C:\Windows\System\GTplSia.exe
  C:\Windows\System\GTplSia.exe
  2⤵
  PID:5244
- C:\Windows\System\PgstUGs.exe
  C:\Windows\System\PgstUGs.exe
  2⤵
  PID:5308
- C:\Windows\System\MbpnRaF.exe
  C:\Windows\System\MbpnRaF.exe
  2⤵
  PID:5384
- C:\Windows\System\YbpSoxr.exe
  C:\Windows\System\YbpSoxr.exe
  2⤵
  PID:5444
- C:\Windows\System\UbaDfwf.exe
  C:\Windows\System\UbaDfwf.exe
  2⤵
  PID:5504
- C:\Windows\System\wvrQvtZ.exe
  C:\Windows\System\wvrQvtZ.exe
  2⤵
  PID:5580
- C:\Windows\System\xzsMsDV.exe
  C:\Windows\System\xzsMsDV.exe
  2⤵
  PID:5640
- C:\Windows\System\nzgkdUM.exe
  C:\Windows\System\nzgkdUM.exe
  2⤵
  PID:5700
- C:\Windows\System\mykrase.exe
  C:\Windows\System\mykrase.exe
  2⤵
  PID:5776
- C:\Windows\System\gVtXnpG.exe
  C:\Windows\System\gVtXnpG.exe
  2⤵
  PID:5836
- C:\Windows\System\MgGsFlT.exe
  C:\Windows\System\MgGsFlT.exe
  2⤵
  PID:5896
- C:\Windows\System\RLUFqhM.exe
  C:\Windows\System\RLUFqhM.exe
  2⤵
  PID:5956
- C:\Windows\System\wExeRjL.exe
  C:\Windows\System\wExeRjL.exe
  2⤵
  PID:6028
- C:\Windows\System\NQMNbnk.exe
  C:\Windows\System\NQMNbnk.exe
  2⤵
  PID:6092
- C:\Windows\System\qhlHddh.exe
  C:\Windows\System\qhlHddh.exe
  2⤵
  PID:2092
- C:\Windows\System\fFfJGDd.exe
  C:\Windows\System\fFfJGDd.exe
  2⤵
  PID:2560
- C:\Windows\System\UqieMHS.exe
  C:\Windows\System\UqieMHS.exe
  2⤵
  PID:3916
- C:\Windows\System\iUAWWtT.exe
  C:\Windows\System\iUAWWtT.exe
  2⤵
  PID:5216
- C:\Windows\System\uOUzmQI.exe
  C:\Windows\System\uOUzmQI.exe
  2⤵
  PID:5356
- C:\Windows\System\TnsrVkS.exe
  C:\Windows\System\TnsrVkS.exe
  2⤵
  PID:5496
- C:\Windows\System\RqRBCYl.exe
  C:\Windows\System\RqRBCYl.exe
  2⤵
  PID:5668
- C:\Windows\System\xvdqhLr.exe
  C:\Windows\System\xvdqhLr.exe
  2⤵
  PID:6148
- C:\Windows\System\loznkPH.exe
  C:\Windows\System\loznkPH.exe
  2⤵
  PID:6176
- C:\Windows\System\AbjknOg.exe
  C:\Windows\System\AbjknOg.exe
  2⤵
  PID:6204
- C:\Windows\System\sYcCMBL.exe
  C:\Windows\System\sYcCMBL.exe
  2⤵
  PID:6232
- C:\Windows\System\UIDAljM.exe
  C:\Windows\System\UIDAljM.exe
  2⤵
  PID:6260
- C:\Windows\System\Nkfpbaa.exe
  C:\Windows\System\Nkfpbaa.exe
  2⤵
  PID:6288
- C:\Windows\System\xkOtOel.exe
  C:\Windows\System\xkOtOel.exe
  2⤵
  PID:6316
- C:\Windows\System\BnoBhdP.exe
  C:\Windows\System\BnoBhdP.exe
  2⤵
  PID:6344
- C:\Windows\System\xfAMWdC.exe
  C:\Windows\System\xfAMWdC.exe
  2⤵
  PID:6372
- C:\Windows\System\bqGyCvl.exe
  C:\Windows\System\bqGyCvl.exe
  2⤵
  PID:6400
- C:\Windows\System\MElHxZG.exe
  C:\Windows\System\MElHxZG.exe
  2⤵
  PID:6428
- C:\Windows\System\SiJdaVx.exe
  C:\Windows\System\SiJdaVx.exe
  2⤵
  PID:6456
- C:\Windows\System\pmbHMNn.exe
  C:\Windows\System\pmbHMNn.exe
  2⤵
  PID:6480
- C:\Windows\System\LMhuCtT.exe
  C:\Windows\System\LMhuCtT.exe
  2⤵
  PID:6512
- C:\Windows\System\vIfONVk.exe
  C:\Windows\System\vIfONVk.exe
  2⤵
  PID:6540
- C:\Windows\System\qTbabTd.exe
  C:\Windows\System\qTbabTd.exe
  2⤵
  PID:6564
- C:\Windows\System\VtHefny.exe
  C:\Windows\System\VtHefny.exe
  2⤵
  PID:6596
- C:\Windows\System\ZbCfWuZ.exe
  C:\Windows\System\ZbCfWuZ.exe
  2⤵
  PID:6624
- C:\Windows\System\aiujeEt.exe
  C:\Windows\System\aiujeEt.exe
  2⤵
  PID:6652
- C:\Windows\System\sGWMulK.exe
  C:\Windows\System\sGWMulK.exe
  2⤵
  PID:6676
- C:\Windows\System\oEIipdr.exe
  C:\Windows\System\oEIipdr.exe
  2⤵
  PID:6708
- C:\Windows\System\aNODhKM.exe
  C:\Windows\System\aNODhKM.exe
  2⤵
  PID:6736
- C:\Windows\System\qkcHhSk.exe
  C:\Windows\System\qkcHhSk.exe
  2⤵
  PID:6764
- C:\Windows\System\xAdKzHB.exe
  C:\Windows\System\xAdKzHB.exe
  2⤵
  PID:6792
- C:\Windows\System\YmlHrHW.exe
  C:\Windows\System\YmlHrHW.exe
  2⤵
  PID:6820
- C:\Windows\System\pRYCqfL.exe
  C:\Windows\System\pRYCqfL.exe
  2⤵
  PID:6848
- C:\Windows\System\dPPUHck.exe
  C:\Windows\System\dPPUHck.exe
  2⤵
  PID:6872
- C:\Windows\System\nGIFnLN.exe
  C:\Windows\System\nGIFnLN.exe
  2⤵
  PID:6904
- C:\Windows\System\kjKPFVL.exe
  C:\Windows\System\kjKPFVL.exe
  2⤵
  PID:6932
- C:\Windows\System\ToAamkw.exe
  C:\Windows\System\ToAamkw.exe
  2⤵
  PID:6960
- C:\Windows\System\TPKDQCN.exe
  C:\Windows\System\TPKDQCN.exe
  2⤵
  PID:6976
- C:\Windows\System\McmRmoS.exe
  C:\Windows\System\McmRmoS.exe
  2⤵
  PID:7012
- C:\Windows\System\JCprANu.exe
  C:\Windows\System\JCprANu.exe
  2⤵
  PID:7044
- C:\Windows\System\ulJdDGZ.exe
  C:\Windows\System\ulJdDGZ.exe
  2⤵
  PID:7072
- C:\Windows\System\bqQORCP.exe
  C:\Windows\System\bqQORCP.exe
  2⤵
  PID:7100
- C:\Windows\System\RCPVcAL.exe
  C:\Windows\System\RCPVcAL.exe
  2⤵
  PID:7128
- C:\Windows\System\neiHKxC.exe
  C:\Windows\System\neiHKxC.exe
  2⤵
  PID:7156
- C:\Windows\System\cHZVXUY.exe
  C:\Windows\System\cHZVXUY.exe
  2⤵
  PID:5888
- C:\Windows\System\kEgXoyy.exe
  C:\Windows\System\kEgXoyy.exe
  2⤵
  PID:6008
- C:\Windows\System\cgmTKBh.exe
  C:\Windows\System\cgmTKBh.exe
  2⤵
  PID:1464
- C:\Windows\System\pxTsCfQ.exe
  C:\Windows\System\pxTsCfQ.exe
  2⤵
  PID:5160
- C:\Windows\System\rRPKYQz.exe
  C:\Windows\System\rRPKYQz.exe
  2⤵
  PID:5556
- C:\Windows\System\Dodsgor.exe
  C:\Windows\System\Dodsgor.exe
  2⤵
  PID:6164
- C:\Windows\System\YODXFMb.exe
  C:\Windows\System\YODXFMb.exe
  2⤵
  PID:6224
- C:\Windows\System\hKvGDFn.exe
  C:\Windows\System\hKvGDFn.exe
  2⤵
  PID:6300
- C:\Windows\System\DRJyGrG.exe
  C:\Windows\System\DRJyGrG.exe
  2⤵
  PID:6360
- C:\Windows\System\gCBqyej.exe
  C:\Windows\System\gCBqyej.exe
  2⤵
  PID:6416
- C:\Windows\System\ddzskzn.exe
  C:\Windows\System\ddzskzn.exe
  2⤵
  PID:6476
- C:\Windows\System\vHaBcfz.exe
  C:\Windows\System\vHaBcfz.exe
  2⤵
  PID:6556
- C:\Windows\System\bDzxjWO.exe
  C:\Windows\System\bDzxjWO.exe
  2⤵
  PID:6612
- C:\Windows\System\TTqtapS.exe
  C:\Windows\System\TTqtapS.exe
  2⤵
  PID:6668
- C:\Windows\System\IhJbURk.exe
  C:\Windows\System\IhJbURk.exe
  2⤵
  PID:6748
- C:\Windows\System\ltoglYh.exe
  C:\Windows\System\ltoglYh.exe
  2⤵
  PID:6808
- C:\Windows\System\znftfuv.exe
  C:\Windows\System\znftfuv.exe
  2⤵
  PID:6864
- C:\Windows\System\VxdXPEL.exe
  C:\Windows\System\VxdXPEL.exe
  2⤵
  PID:6944
- C:\Windows\System\hlJdytH.exe
  C:\Windows\System\hlJdytH.exe
  2⤵
  PID:6996
- C:\Windows\System\KLhBbfK.exe
  C:\Windows\System\KLhBbfK.exe
  2⤵
  PID:7064
- C:\Windows\System\IdDXXzM.exe
  C:\Windows\System\IdDXXzM.exe
  2⤵
  PID:7120
- C:\Windows\System\mwTHqHI.exe
  C:\Windows\System\mwTHqHI.exe
  2⤵
  PID:5948
- C:\Windows\System\rlNqcXM.exe
  C:\Windows\System\rlNqcXM.exe
  2⤵
  PID:1860
- C:\Windows\System\JfTqmAW.exe
  C:\Windows\System\JfTqmAW.exe
  2⤵
  PID:5752
- C:\Windows\System\jpuRKwX.exe
  C:\Windows\System\jpuRKwX.exe
  2⤵
  PID:6328
- C:\Windows\System\mKidfAF.exe
  C:\Windows\System\mKidfAF.exe
  2⤵
  PID:6448
- C:\Windows\System\CYWMXiN.exe
  C:\Windows\System\CYWMXiN.exe
  2⤵
  PID:6588
- C:\Windows\System\YyvzSyI.exe
  C:\Windows\System\YyvzSyI.exe
  2⤵
  PID:6724
- C:\Windows\System\owsDYUU.exe
  C:\Windows\System\owsDYUU.exe
  2⤵
  PID:6896
- C:\Windows\System\gldWZNi.exe
  C:\Windows\System\gldWZNi.exe
  2⤵
  PID:7196
- C:\Windows\System\qyhPUna.exe
  C:\Windows\System\qyhPUna.exe
  2⤵
  PID:7224
- C:\Windows\System\ZECgIFu.exe
  C:\Windows\System\ZECgIFu.exe
  2⤵
  PID:7252
- C:\Windows\System\wtjmdjF.exe
  C:\Windows\System\wtjmdjF.exe
  2⤵
  PID:7276
- C:\Windows\System\clCBAVL.exe
  C:\Windows\System\clCBAVL.exe
  2⤵
  PID:7304
- C:\Windows\System\ZQJJqVC.exe
  C:\Windows\System\ZQJJqVC.exe
  2⤵
  PID:7332
- C:\Windows\System\lWvXscW.exe
  C:\Windows\System\lWvXscW.exe
  2⤵
  PID:7364
- C:\Windows\System\WztCxtS.exe
  C:\Windows\System\WztCxtS.exe
  2⤵
  PID:7400
- C:\Windows\System\UKirvXa.exe
  C:\Windows\System\UKirvXa.exe
  2⤵
  PID:7428
- C:\Windows\System\pmuhqBr.exe
  C:\Windows\System\pmuhqBr.exe
  2⤵
  PID:7456
- C:\Windows\System\qlrlEed.exe
  C:\Windows\System\qlrlEed.exe
  2⤵
  PID:7484
- C:\Windows\System\EieFHqa.exe
  C:\Windows\System\EieFHqa.exe
  2⤵
  PID:7512
- C:\Windows\System\TblakZr.exe
  C:\Windows\System\TblakZr.exe
  2⤵
  PID:7540
- C:\Windows\System\lEsiyCa.exe
  C:\Windows\System\lEsiyCa.exe
  2⤵
  PID:7568
- C:\Windows\System\SAZJyEA.exe
  C:\Windows\System\SAZJyEA.exe
  2⤵
  PID:7596
- C:\Windows\System\hqFEQBb.exe
  C:\Windows\System\hqFEQBb.exe
  2⤵
  PID:7624
- C:\Windows\System\AqpQCOG.exe
  C:\Windows\System\AqpQCOG.exe
  2⤵
  PID:7652
- C:\Windows\System\hcVwIrE.exe
  C:\Windows\System\hcVwIrE.exe
  2⤵
  PID:7680
- C:\Windows\System\LyYmPUT.exe
  C:\Windows\System\LyYmPUT.exe
  2⤵
  PID:7708
- C:\Windows\System\KWmKFSg.exe
  C:\Windows\System\KWmKFSg.exe
  2⤵
  PID:7736
- C:\Windows\System\vsVQRJU.exe
  C:\Windows\System\vsVQRJU.exe
  2⤵
  PID:7756
- C:\Windows\System\WePuZit.exe
  C:\Windows\System\WePuZit.exe
  2⤵
  PID:7772
- C:\Windows\System\MdfILwe.exe
  C:\Windows\System\MdfILwe.exe
  2⤵
  PID:7816
- C:\Windows\System\jOSDtXZ.exe
  C:\Windows\System\jOSDtXZ.exe
  2⤵
  PID:7840
- C:\Windows\System\cYPAhmX.exe
  C:\Windows\System\cYPAhmX.exe
  2⤵
  PID:7868
- C:\Windows\System\rehQZRQ.exe
  C:\Windows\System\rehQZRQ.exe
  2⤵
  PID:7896
- C:\Windows\System\mUHAyKx.exe
  C:\Windows\System\mUHAyKx.exe
  2⤵
  PID:7924
- C:\Windows\System\WbLsmsG.exe
  C:\Windows\System\WbLsmsG.exe
  2⤵
  PID:7952
- C:\Windows\System\uGWJKYT.exe
  C:\Windows\System\uGWJKYT.exe
  2⤵
  PID:7980
- C:\Windows\System\PUDIyWP.exe
  C:\Windows\System\PUDIyWP.exe
  2⤵
  PID:8004
- C:\Windows\System\lyaSkeg.exe
  C:\Windows\System\lyaSkeg.exe
  2⤵
  PID:8036
- C:\Windows\System\GoTgyzL.exe
  C:\Windows\System\GoTgyzL.exe
  2⤵
  PID:8064
- C:\Windows\System\KAyMulP.exe
  C:\Windows\System\KAyMulP.exe
  2⤵
  PID:8092
- C:\Windows\System\GnWKbzw.exe
  C:\Windows\System\GnWKbzw.exe
  2⤵
  PID:8120
- C:\Windows\System\icdSsvp.exe
  C:\Windows\System\icdSsvp.exe
  2⤵
  PID:8148
- C:\Windows\System\HGEwMYz.exe
  C:\Windows\System\HGEwMYz.exe
  2⤵
  PID:8176
- C:\Windows\System\JocyhUd.exe
  C:\Windows\System\JocyhUd.exe
  2⤵
  PID:3780
- C:\Windows\System\DVdBzGs.exe
  C:\Windows\System\DVdBzGs.exe
  2⤵
  PID:7116
- C:\Windows\System\HAzslba.exe
  C:\Windows\System\HAzslba.exe
  2⤵
  PID:5416
- C:\Windows\System\eTAukEe.exe
  C:\Windows\System\eTAukEe.exe
  2⤵
  PID:6388
- C:\Windows\System\gRFuwxH.exe
  C:\Windows\System\gRFuwxH.exe
  2⤵
  PID:1704
- C:\Windows\System\sQnmbDh.exe
  C:\Windows\System\sQnmbDh.exe
  2⤵
  PID:7184
- C:\Windows\System\yKNhXcN.exe
  C:\Windows\System\yKNhXcN.exe
  2⤵
  PID:7240
- C:\Windows\System\uyEqLsv.exe
  C:\Windows\System\uyEqLsv.exe
  2⤵
  PID:7300
- C:\Windows\System\wTyEVTR.exe
  C:\Windows\System\wTyEVTR.exe
  2⤵
  PID:7376
- C:\Windows\System\CIxbqxC.exe
  C:\Windows\System\CIxbqxC.exe
  2⤵
  PID:7444
- C:\Windows\System\pfYrizi.exe
  C:\Windows\System\pfYrizi.exe
  2⤵
  PID:7500
- C:\Windows\System\yAqYcJK.exe
  C:\Windows\System\yAqYcJK.exe
  2⤵
  PID:7560
- C:\Windows\System\JirzLvR.exe
  C:\Windows\System\JirzLvR.exe
  2⤵
  PID:7616
- C:\Windows\System\gTJLarA.exe
  C:\Windows\System\gTJLarA.exe
  2⤵
  PID:7672
- C:\Windows\System\qdYviPe.exe
  C:\Windows\System\qdYviPe.exe
  2⤵
  PID:7732
- C:\Windows\System\kFjySwD.exe
  C:\Windows\System\kFjySwD.exe
  2⤵
  PID:4996
- C:\Windows\System\APqWeLg.exe
  C:\Windows\System\APqWeLg.exe
  2⤵
  PID:7856
- C:\Windows\System\ibQqsSH.exe
  C:\Windows\System\ibQqsSH.exe
  2⤵
  PID:7916
- C:\Windows\System\mZdGygt.exe
  C:\Windows\System\mZdGygt.exe
  2⤵
  PID:7992
- C:\Windows\System\BybBjFa.exe
  C:\Windows\System\BybBjFa.exe
  2⤵
  PID:8052
- C:\Windows\System\PCepBbf.exe
  C:\Windows\System\PCepBbf.exe
  2⤵
  PID:8112
- C:\Windows\System\kmybktz.exe
  C:\Windows\System\kmybktz.exe
  2⤵
  PID:8168
- C:\Windows\System\rAitnLg.exe
  C:\Windows\System\rAitnLg.exe
  2⤵
  PID:7036
- C:\Windows\System\NDnXWxj.exe
  C:\Windows\System\NDnXWxj.exe
  2⤵
  PID:6252
- C:\Windows\System\ByNAOOG.exe
  C:\Windows\System\ByNAOOG.exe
  2⤵
  PID:7212
- C:\Windows\System\WzvJZjg.exe
  C:\Windows\System\WzvJZjg.exe
  2⤵
  PID:2304
- C:\Windows\System\ATvckiW.exe
  C:\Windows\System\ATvckiW.exe
  2⤵
  PID:7472
- C:\Windows\System\SyXJNtL.exe
  C:\Windows\System\SyXJNtL.exe
  2⤵
  PID:7532
- C:\Windows\System\qDtpOIV.exe
  C:\Windows\System\qDtpOIV.exe
  2⤵
  PID:7648
- C:\Windows\System\GLpgTHJ.exe
  C:\Windows\System\GLpgTHJ.exe
  2⤵
  PID:7824
- C:\Windows\System\GoxJQrT.exe
  C:\Windows\System\GoxJQrT.exe
  2⤵
  PID:7964
- C:\Windows\System\cxdnLux.exe
  C:\Windows\System\cxdnLux.exe
  2⤵
  PID:8104
- C:\Windows\System\jwzXDmU.exe
  C:\Windows\System\jwzXDmU.exe
  2⤵
  PID:6116
- C:\Windows\System\wlTkMsE.exe
  C:\Windows\System\wlTkMsE.exe
  2⤵
  PID:6840
- C:\Windows\System\vpILPsz.exe
  C:\Windows\System\vpILPsz.exe
  2⤵
  PID:7416
- C:\Windows\System\oZgomPV.exe
  C:\Windows\System\oZgomPV.exe
  2⤵
  PID:8220
- C:\Windows\System\SsmfEKm.exe
  C:\Windows\System\SsmfEKm.exe
  2⤵
  PID:8248
- C:\Windows\System\NeSGqrl.exe
  C:\Windows\System\NeSGqrl.exe
  2⤵
  PID:8276
- C:\Windows\System\XxZpRGy.exe
  C:\Windows\System\XxZpRGy.exe
  2⤵
  PID:8304
- C:\Windows\System\qGfwoJy.exe
  C:\Windows\System\qGfwoJy.exe
  2⤵
  PID:8332
- C:\Windows\System\iIkikXR.exe
  C:\Windows\System\iIkikXR.exe
  2⤵
  PID:8360
- C:\Windows\System\vtakHwP.exe
  C:\Windows\System\vtakHwP.exe
  2⤵
  PID:8384
- C:\Windows\System\gZfZqqb.exe
  C:\Windows\System\gZfZqqb.exe
  2⤵
  PID:8416
- C:\Windows\System\xOsmHSA.exe
  C:\Windows\System\xOsmHSA.exe
  2⤵
  PID:8444
- C:\Windows\System\FEjODZv.exe
  C:\Windows\System\FEjODZv.exe
  2⤵
  PID:8468
- C:\Windows\System\LyudaaB.exe
  C:\Windows\System\LyudaaB.exe
  2⤵
  PID:8500
- C:\Windows\System\atZUqKl.exe
  C:\Windows\System\atZUqKl.exe
  2⤵
  PID:8528
- C:\Windows\System\kBJSxeB.exe
  C:\Windows\System\kBJSxeB.exe
  2⤵
  PID:8556
- C:\Windows\System\DmiGzTf.exe
  C:\Windows\System\DmiGzTf.exe
  2⤵
  PID:8584
- C:\Windows\System\WdhtYNs.exe
  C:\Windows\System\WdhtYNs.exe
  2⤵
  PID:8612
- C:\Windows\System\mGIEWln.exe
  C:\Windows\System\mGIEWln.exe
  2⤵
  PID:8640
- C:\Windows\System\wHnCVOv.exe
  C:\Windows\System\wHnCVOv.exe
  2⤵
  PID:8668
- C:\Windows\System\GDWQnpD.exe
  C:\Windows\System\GDWQnpD.exe
  2⤵
  PID:8696
- C:\Windows\System\ZhynrRj.exe
  C:\Windows\System\ZhynrRj.exe
  2⤵
  PID:8788
- C:\Windows\System\YhYQRyr.exe
  C:\Windows\System\YhYQRyr.exe
  2⤵
  PID:8828
- C:\Windows\System\PkZaOSw.exe
  C:\Windows\System\PkZaOSw.exe
  2⤵
  PID:8864
- C:\Windows\System\YeLGOsc.exe
  C:\Windows\System\YeLGOsc.exe
  2⤵
  PID:8896
- C:\Windows\System\lGQIHCT.exe
  C:\Windows\System\lGQIHCT.exe
  2⤵
  PID:8924
- C:\Windows\System\CBGyzBS.exe
  C:\Windows\System\CBGyzBS.exe
  2⤵
  PID:8968
- C:\Windows\System\rAGdNIQ.exe
  C:\Windows\System\rAGdNIQ.exe
  2⤵
  PID:9012
- C:\Windows\System\nqozjtQ.exe
  C:\Windows\System\nqozjtQ.exe
  2⤵
  PID:9048
- C:\Windows\System\tgTzqrS.exe
  C:\Windows\System\tgTzqrS.exe
  2⤵
  PID:9120
- C:\Windows\System\xsMCksj.exe
  C:\Windows\System\xsMCksj.exe
  2⤵
  PID:9140
- C:\Windows\System\wYmosFb.exe
  C:\Windows\System\wYmosFb.exe
  2⤵
  PID:9160
- C:\Windows\System\iilPHFY.exe
  C:\Windows\System\iilPHFY.exe
  2⤵
  PID:9188
- C:\Windows\System\bLWouLd.exe
  C:\Windows\System\bLWouLd.exe
  2⤵
  PID:1084
- C:\Windows\System\YiKYDEh.exe
  C:\Windows\System\YiKYDEh.exe
  2⤵
  PID:6216
- C:\Windows\System\oimVyOo.exe
  C:\Windows\System\oimVyOo.exe
  2⤵
  PID:7352
- C:\Windows\System\LgQITKE.exe
  C:\Windows\System\LgQITKE.exe
  2⤵
  PID:8212
- C:\Windows\System\xpLhcnn.exe
  C:\Windows\System\xpLhcnn.exe
  2⤵
  PID:3276
- C:\Windows\System\nzxWdud.exe
  C:\Windows\System\nzxWdud.exe
  2⤵
  PID:8316
- C:\Windows\System\kqmdTPG.exe
  C:\Windows\System\kqmdTPG.exe
  2⤵
  PID:8348
- C:\Windows\System\fMfwqwy.exe
  C:\Windows\System\fMfwqwy.exe
  2⤵
  PID:8380
- C:\Windows\System\CMQMFjY.exe
  C:\Windows\System\CMQMFjY.exe
  2⤵
  PID:8404
- C:\Windows\System\zGZcOXZ.exe
  C:\Windows\System\zGZcOXZ.exe
  2⤵
  PID:8460
- C:\Windows\System\YGtZuKc.exe
  C:\Windows\System\YGtZuKc.exe
  2⤵
  PID:8604
- C:\Windows\System\wcapDXU.exe
  C:\Windows\System\wcapDXU.exe
  2⤵
  PID:5112
- C:\Windows\System\lgYAQPY.exe
  C:\Windows\System\lgYAQPY.exe
  2⤵
  PID:3768
- C:\Windows\System\fbVkvpm.exe
  C:\Windows\System\fbVkvpm.exe
  2⤵
  PID:1148
- C:\Windows\System\iWZAfzM.exe
  C:\Windows\System\iWZAfzM.exe
  2⤵
  PID:3588
- C:\Windows\System\SnMoztQ.exe
  C:\Windows\System\SnMoztQ.exe
  2⤵
  PID:3944
- C:\Windows\System\SKdCxyY.exe
  C:\Windows\System\SKdCxyY.exe
  2⤵
  PID:8804
- C:\Windows\System\euDHlmU.exe
  C:\Windows\System\euDHlmU.exe
  2⤵
  PID:8892
- C:\Windows\System\WMTuUhz.exe
  C:\Windows\System\WMTuUhz.exe
  2⤵
  PID:8980
- C:\Windows\System\JnEvxtD.exe
  C:\Windows\System\JnEvxtD.exe
  2⤵
  PID:9064
- C:\Windows\System\uzacTHb.exe
  C:\Windows\System\uzacTHb.exe
  2⤵
  PID:9180
- C:\Windows\System\ROBKvgl.exe
  C:\Windows\System\ROBKvgl.exe
  2⤵
  PID:8880
- C:\Windows\System\hAOianU.exe
  C:\Windows\System\hAOianU.exe
  2⤵
  PID:9152
- C:\Windows\System\negCOAV.exe
  C:\Windows\System\negCOAV.exe
  2⤵
  PID:4956
- C:\Windows\System\asQBhAx.exe
  C:\Windows\System\asQBhAx.exe
  2⤵
  PID:3644
- C:\Windows\System\nsPeFPU.exe
  C:\Windows\System\nsPeFPU.exe
  2⤵
  PID:624
- C:\Windows\System\QoBUMGZ.exe
  C:\Windows\System\QoBUMGZ.exe
  2⤵
  PID:1620
- C:\Windows\System\WgoITxw.exe
  C:\Windows\System\WgoITxw.exe
  2⤵
  PID:1648
- C:\Windows\System\zLbCpsW.exe
  C:\Windows\System\zLbCpsW.exe
  2⤵
  PID:2468
- C:\Windows\System\mCRtfIC.exe
  C:\Windows\System\mCRtfIC.exe
  2⤵
  PID:8576
- C:\Windows\System\WxCdtpt.exe
  C:\Windows\System\WxCdtpt.exe
  2⤵
  PID:8624
- C:\Windows\System\RtgjkbU.exe
  C:\Windows\System\RtgjkbU.exe
  2⤵
  PID:4928
- C:\Windows\System\EAhJrCU.exe
  C:\Windows\System\EAhJrCU.exe
  2⤵
  PID:8080
- C:\Windows\System\SnErdyo.exe
  C:\Windows\System\SnErdyo.exe
  2⤵
  PID:8876
- C:\Windows\System\xAtPxLe.exe
  C:\Windows\System\xAtPxLe.exe
  2⤵
  PID:8956
- C:\Windows\System\OFMHdSI.exe
  C:\Windows\System\OFMHdSI.exe
  2⤵
  PID:9024
- C:\Windows\System\zYxHtyb.exe
  C:\Windows\System\zYxHtyb.exe
  2⤵
  PID:3760
- C:\Windows\System\QSWvTqp.exe
  C:\Windows\System\QSWvTqp.exe
  2⤵
  PID:4028
- C:\Windows\System\rOmYZEG.exe
  C:\Windows\System\rOmYZEG.exe
  2⤵
  PID:8524
- C:\Windows\System\eyvzmlp.exe
  C:\Windows\System\eyvzmlp.exe
  2⤵
  PID:1044
- C:\Windows\System\FMdElRW.exe
  C:\Windows\System\FMdElRW.exe
  2⤵
  PID:3264
- C:\Windows\System\XijkQOv.exe
  C:\Windows\System\XijkQOv.exe
  2⤵
  PID:8908
- C:\Windows\System\JGxmAzs.exe
  C:\Windows\System\JGxmAzs.exe
  2⤵
  PID:5088
- C:\Windows\System\raoYjNc.exe
  C:\Windows\System\raoYjNc.exe
  2⤵
  PID:676
- C:\Windows\System\TfSZguk.exe
  C:\Windows\System\TfSZguk.exe
  2⤵
  PID:856
- C:\Windows\System\ZdeoSsi.exe
  C:\Windows\System\ZdeoSsi.exe
  2⤵
  PID:8996
- C:\Windows\System\jILhRgS.exe
  C:\Windows\System\jILhRgS.exe
  2⤵
  PID:9236
- C:\Windows\System\IkcTKMs.exe
  C:\Windows\System\IkcTKMs.exe
  2⤵
  PID:9260
- C:\Windows\System\aZIRNzV.exe
  C:\Windows\System\aZIRNzV.exe
  2⤵
  PID:9288
- C:\Windows\System\aDshFoV.exe
  C:\Windows\System\aDshFoV.exe
  2⤵
  PID:9312
- C:\Windows\System\sCKEfoL.exe
  C:\Windows\System\sCKEfoL.exe
  2⤵
  PID:9360
- C:\Windows\System\kuXIUGU.exe
  C:\Windows\System\kuXIUGU.exe
  2⤵
  PID:9396
- C:\Windows\System\AMFawmX.exe
  C:\Windows\System\AMFawmX.exe
  2⤵
  PID:9456
- C:\Windows\System\qHGuFxP.exe
  C:\Windows\System\qHGuFxP.exe
  2⤵
  PID:9504
- C:\Windows\System\qpGtRQi.exe
  C:\Windows\System\qpGtRQi.exe
  2⤵
  PID:9544
- C:\Windows\System\qDhVPET.exe
  C:\Windows\System\qDhVPET.exe
  2⤵
  PID:9592
- C:\Windows\System\npareey.exe
  C:\Windows\System\npareey.exe
  2⤵
  PID:9640
- C:\Windows\System\lMxVxoN.exe
  C:\Windows\System\lMxVxoN.exe
  2⤵
  PID:9684
- C:\Windows\System\SVFYvbv.exe
  C:\Windows\System\SVFYvbv.exe
  2⤵
  PID:9736
- C:\Windows\System\KKkSEHK.exe
  C:\Windows\System\KKkSEHK.exe
  2⤵
  PID:9764
- C:\Windows\System\FbToccl.exe
  C:\Windows\System\FbToccl.exe
  2⤵
  PID:9816
- C:\Windows\System\XgQllxE.exe
  C:\Windows\System\XgQllxE.exe
  2⤵
  PID:9844
- C:\Windows\System\voqXjDf.exe
  C:\Windows\System\voqXjDf.exe
  2⤵
  PID:9896
- C:\Windows\System\uRzuCJZ.exe
  C:\Windows\System\uRzuCJZ.exe
  2⤵
  PID:9948
- C:\Windows\System\mmOXuSd.exe
  C:\Windows\System\mmOXuSd.exe
  2⤵
  PID:9980
- C:\Windows\System\OrzEBuV.exe
  C:\Windows\System\OrzEBuV.exe
  2⤵
  PID:10032
- C:\Windows\System\VecOGQR.exe
  C:\Windows\System\VecOGQR.exe
  2⤵
  PID:10056
- C:\Windows\System\jPuWaZq.exe
  C:\Windows\System\jPuWaZq.exe
  2⤵
  PID:10092
- C:\Windows\System\ctccRMa.exe
  C:\Windows\System\ctccRMa.exe
  2⤵
  PID:10112
- C:\Windows\System\LhNdgXv.exe
  C:\Windows\System\LhNdgXv.exe
  2⤵
  PID:10132
- C:\Windows\System\zOeckns.exe
  C:\Windows\System\zOeckns.exe
  2⤵
  PID:10168
- C:\Windows\System\WDdSBPq.exe
  C:\Windows\System\WDdSBPq.exe
  2⤵
  PID:10200
- C:\Windows\System\KJPLXop.exe
  C:\Windows\System\KJPLXop.exe
  2⤵
  PID:10228
- C:\Windows\System\kAAerdJ.exe
  C:\Windows\System\kAAerdJ.exe
  2⤵
  PID:9304
- C:\Windows\System\qOuFWOt.exe
  C:\Windows\System\qOuFWOt.exe
  2⤵
  PID:9352
- C:\Windows\System\hpUbaPI.exe
  C:\Windows\System\hpUbaPI.exe
  2⤵
  PID:9372
- C:\Windows\System\jxqMtbF.exe
  C:\Windows\System\jxqMtbF.exe
  2⤵
  PID:9500
- C:\Windows\System\fdnYXqI.exe
  C:\Windows\System\fdnYXqI.exe
  2⤵
  PID:9528
- C:\Windows\System\qPyGdQu.exe
  C:\Windows\System\qPyGdQu.exe
  2⤵
  PID:9568
- C:\Windows\System\cEDbVaL.exe
  C:\Windows\System\cEDbVaL.exe
  2⤵
  PID:9668
- C:\Windows\System\OHiHeSx.exe
  C:\Windows\System\OHiHeSx.exe
  2⤵
  PID:9724
- C:\Windows\System\ROYswSY.exe
  C:\Windows\System\ROYswSY.exe
  2⤵
  PID:9772
- C:\Windows\System\GgoYXdr.exe
  C:\Windows\System\GgoYXdr.exe
  2⤵
  PID:9796
- C:\Windows\System\kcdWUIE.exe
  C:\Windows\System\kcdWUIE.exe
  2⤵
  PID:9884
- C:\Windows\System\XXghSeD.exe
  C:\Windows\System\XXghSeD.exe
  2⤵
  PID:9872
- C:\Windows\System\TFldgdM.exe
  C:\Windows\System\TFldgdM.exe
  2⤵
  PID:9972
- C:\Windows\System\awgcZih.exe
  C:\Windows\System\awgcZih.exe
  2⤵
  PID:9964
- C:\Windows\System\JgcKAVo.exe
  C:\Windows\System\JgcKAVo.exe
  2⤵
  PID:10192
- C:\Windows\System\GRjqDrR.exe
  C:\Windows\System\GRjqDrR.exe
  2⤵
  PID:10184
- C:\Windows\System\WcNIhho.exe
  C:\Windows\System\WcNIhho.exe
  2⤵
  PID:2952
- C:\Windows\System\WYlWoJS.exe
  C:\Windows\System\WYlWoJS.exe
  2⤵
  PID:9356
- C:\Windows\System\fQdbjDJ.exe
  C:\Windows\System\fQdbjDJ.exe
  2⤵
  PID:9472
- C:\Windows\System\XqFbTWT.exe
  C:\Windows\System\XqFbTWT.exe
  2⤵
  PID:9536
- C:\Windows\System\vpenOMw.exe
  C:\Windows\System\vpenOMw.exe
  2⤵
  PID:9680
- C:\Windows\System\hTOTaei.exe
  C:\Windows\System\hTOTaei.exe
  2⤵
  PID:9864
- C:\Windows\System\raOhGSH.exe
  C:\Windows\System\raOhGSH.exe
  2⤵
  PID:9996
- C:\Windows\System\KQNMIPw.exe
  C:\Windows\System\KQNMIPw.exe
  2⤵
  PID:10120
- C:\Windows\System\vYSvzEG.exe
  C:\Windows\System\vYSvzEG.exe
  2⤵
  PID:10180
- C:\Windows\System\vFpWhGC.exe
  C:\Windows\System\vFpWhGC.exe
  2⤵
  PID:9280
- C:\Windows\System\jVNgKnC.exe
  C:\Windows\System\jVNgKnC.exe
  2⤵
  PID:9440
- C:\Windows\System\zGuJIRf.exe
  C:\Windows\System\zGuJIRf.exe
  2⤵
  PID:9524
- C:\Windows\System\BJhMQsj.exe
  C:\Windows\System\BJhMQsj.exe
  2⤵
  PID:9616
- C:\Windows\System\ZJIDtgo.exe
  C:\Windows\System\ZJIDtgo.exe
  2⤵
  PID:9936
- C:\Windows\System\QSLKemw.exe
  C:\Windows\System\QSLKemw.exe
  2⤵
  PID:10064
- C:\Windows\System\PfBGluw.exe
  C:\Windows\System\PfBGluw.exe
  2⤵
  PID:10188
- C:\Windows\System\dVhkLCk.exe
  C:\Windows\System\dVhkLCk.exe
  2⤵
  PID:9608
- C:\Windows\System\hQFZjbK.exe
  C:\Windows\System\hQFZjbK.exe
  2⤵
  PID:10160
- C:\Windows\System\invWWCf.exe
  C:\Windows\System\invWWCf.exe
  2⤵
  PID:10148
- C:\Windows\System\xvBdVzX.exe
  C:\Windows\System\xvBdVzX.exe
  2⤵
  PID:10040
- C:\Windows\System\DHQShce.exe
  C:\Windows\System\DHQShce.exe
  2⤵
  PID:9748
- C:\Windows\System\Ayrpkvg.exe
  C:\Windows\System\Ayrpkvg.exe
  2⤵
  PID:10256
- C:\Windows\System\IwLmfdI.exe
  C:\Windows\System\IwLmfdI.exe
  2⤵
  PID:10284
- C:\Windows\System\uKPoAMF.exe
  C:\Windows\System\uKPoAMF.exe
  2⤵
  PID:10324
- C:\Windows\System\vXGSnor.exe
  C:\Windows\System\vXGSnor.exe
  2⤵
  PID:10364
- C:\Windows\System\ACNfjZq.exe
  C:\Windows\System\ACNfjZq.exe
  2⤵
  PID:10416
- C:\Windows\System\tQGkMfN.exe
  C:\Windows\System\tQGkMfN.exe
  2⤵
  PID:10444
- C:\Windows\System\FBTWlgj.exe
  C:\Windows\System\FBTWlgj.exe
  2⤵
  PID:10472
- C:\Windows\System\vfASfEh.exe
  C:\Windows\System\vfASfEh.exe
  2⤵
  PID:10492
- C:\Windows\System\yRhzUUm.exe
  C:\Windows\System\yRhzUUm.exe
  2⤵
  PID:10528
- C:\Windows\System\IVPNeOw.exe
  C:\Windows\System\IVPNeOw.exe
  2⤵
  PID:10592
- C:\Windows\System\kdFPXNr.exe
  C:\Windows\System\kdFPXNr.exe
  2⤵
  PID:10628
- C:\Windows\System\WJqxkJd.exe
  C:\Windows\System\WJqxkJd.exe
  2⤵
  PID:10664
- C:\Windows\System\aAZBuaZ.exe
  C:\Windows\System\aAZBuaZ.exe
  2⤵
  PID:10708
- C:\Windows\System\OOnJphE.exe
  C:\Windows\System\OOnJphE.exe
  2⤵
  PID:10740
- C:\Windows\System\XixuqDw.exe
  C:\Windows\System\XixuqDw.exe
  2⤵
  PID:10776
- C:\Windows\System\lOdKHIz.exe
  C:\Windows\System\lOdKHIz.exe
  2⤵
  PID:10804
- C:\Windows\System\DENbKKt.exe
  C:\Windows\System\DENbKKt.exe
  2⤵
  PID:10832
- C:\Windows\System\OAVIocp.exe
  C:\Windows\System\OAVIocp.exe
  2⤵
  PID:10868
- C:\Windows\System\lnYrYNo.exe
  C:\Windows\System\lnYrYNo.exe
  2⤵
  PID:10904
- C:\Windows\System\tgvEOht.exe
  C:\Windows\System\tgvEOht.exe
  2⤵
  PID:10932
- C:\Windows\System\CzcxXBh.exe
  C:\Windows\System\CzcxXBh.exe
  2⤵
  PID:10968
- C:\Windows\System\hZKopdg.exe
  C:\Windows\System\hZKopdg.exe
  2⤵
  PID:11000
- C:\Windows\System\IgxQKuR.exe
  C:\Windows\System\IgxQKuR.exe
  2⤵
  PID:11020
- C:\Windows\System\gTGnOLt.exe
  C:\Windows\System\gTGnOLt.exe
  2⤵
  PID:11060
- C:\Windows\System\YMhwcoU.exe
  C:\Windows\System\YMhwcoU.exe
  2⤵
  PID:11080
- C:\Windows\System\RvLCVts.exe
  C:\Windows\System\RvLCVts.exe
  2⤵
  PID:11120
- C:\Windows\System\VHjUSkA.exe
  C:\Windows\System\VHjUSkA.exe
  2⤵
  PID:11164
- C:\Windows\System\yxOQPoS.exe
  C:\Windows\System\yxOQPoS.exe
  2⤵
  PID:11200
- C:\Windows\System\jWrjMKB.exe
  C:\Windows\System\jWrjMKB.exe
  2⤵
  PID:11232
- C:\Windows\System\fWstixk.exe
  C:\Windows\System\fWstixk.exe
  2⤵
  PID:11252
- C:\Windows\System\skFNaxm.exe
  C:\Windows\System\skFNaxm.exe
  2⤵
  PID:10044
- C:\Windows\System\fVlVUuV.exe
  C:\Windows\System\fVlVUuV.exe
  2⤵
  PID:10280
- C:\Windows\System\MzRzqtA.exe
  C:\Windows\System\MzRzqtA.exe
  2⤵
  PID:10372
- C:\Windows\System\SauZJCs.exe
  C:\Windows\System\SauZJCs.exe
  2⤵
  PID:10428
- C:\Windows\System\iZnPCok.exe
  C:\Windows\System\iZnPCok.exe
  2⤵
  PID:10464
- C:\Windows\System\hVfdLmB.exe
  C:\Windows\System\hVfdLmB.exe
  2⤵
  PID:10500
- C:\Windows\System\OQppMQR.exe
  C:\Windows\System\OQppMQR.exe
  2⤵
  PID:10580
- C:\Windows\System\avkUCEa.exe
  C:\Windows\System\avkUCEa.exe
  2⤵
  PID:10724
- C:\Windows\System\EGlftLb.exe
  C:\Windows\System\EGlftLb.exe
  2⤵
  PID:10788
- C:\Windows\System\kJyFCBu.exe
  C:\Windows\System\kJyFCBu.exe
  2⤵
  PID:10844
- C:\Windows\System\RXtrvKW.exe
  C:\Windows\System\RXtrvKW.exe
  2⤵
  PID:10884
- C:\Windows\System\rLtEQmt.exe
  C:\Windows\System\rLtEQmt.exe
  2⤵
  PID:10992
- C:\Windows\System\xcJSKOg.exe
  C:\Windows\System\xcJSKOg.exe
  2⤵
  PID:11056
- C:\Windows\System\srFBtEY.exe
  C:\Windows\System\srFBtEY.exe
  2⤵
  PID:11112
- C:\Windows\System\PFdfyfV.exe
  C:\Windows\System\PFdfyfV.exe
  2⤵
  PID:11192
- C:\Windows\System\urpCQKl.exe
  C:\Windows\System\urpCQKl.exe
  2⤵
  PID:11260
- C:\Windows\System\rgklNhk.exe
  C:\Windows\System\rgklNhk.exe
  2⤵
  PID:10316
- C:\Windows\System\qhrzsvt.exe
  C:\Windows\System\qhrzsvt.exe
  2⤵
  PID:10360
- C:\Windows\System\eUodHfX.exe
  C:\Windows\System\eUodHfX.exe
  2⤵
  PID:10536
- C:\Windows\System\tsAirxg.exe
  C:\Windows\System\tsAirxg.exe
  2⤵
  PID:10752
- C:\Windows\System\tUYGzTJ.exe
  C:\Windows\System\tUYGzTJ.exe
  2⤵
  PID:10820
- C:\Windows\System\tsbDIUd.exe
  C:\Windows\System\tsbDIUd.exe
  2⤵
  PID:10920
- C:\Windows\System\YXjGfhV.exe
  C:\Windows\System\YXjGfhV.exe
  2⤵
  PID:11092
- C:\Windows\System\OhFAKic.exe
  C:\Windows\System\OhFAKic.exe
  2⤵
  PID:10276
- C:\Windows\System\YfxOvea.exe
  C:\Windows\System\YfxOvea.exe
  2⤵
  PID:10488
- C:\Windows\System\xgkOOiU.exe
  C:\Windows\System\xgkOOiU.exe
  2⤵
  PID:10856
- C:\Windows\System\ErcrcqJ.exe
  C:\Windows\System\ErcrcqJ.exe
  2⤵
  PID:11176
- C:\Windows\System\Ticjjqu.exe
  C:\Windows\System\Ticjjqu.exe
  2⤵
  PID:10480
- C:\Windows\System\sMpCrRA.exe
  C:\Windows\System\sMpCrRA.exe
  2⤵
  PID:11016
- C:\Windows\System\wwjUhPJ.exe
  C:\Windows\System\wwjUhPJ.exe
  2⤵
  PID:10952
- C:\Windows\System\InmycfD.exe
  C:\Windows\System\InmycfD.exe
  2⤵
  PID:11296
- C:\Windows\System\TfZkNQB.exe
  C:\Windows\System\TfZkNQB.exe
  2⤵
  PID:11328
- C:\Windows\System\sWKiddf.exe
  C:\Windows\System\sWKiddf.exe
  2⤵
  PID:11360
- C:\Windows\System\styPVsQ.exe
  C:\Windows\System\styPVsQ.exe
  2⤵
  PID:11404
- C:\Windows\System\GEehrPr.exe
  C:\Windows\System\GEehrPr.exe
  2⤵
  PID:11448
- C:\Windows\System\LkXXSMn.exe
  C:\Windows\System\LkXXSMn.exe
  2⤵
  PID:11484
- C:\Windows\System\ysPZksT.exe
  C:\Windows\System\ysPZksT.exe
  2⤵
  PID:11548
- C:\Windows\System\yeTfOom.exe
  C:\Windows\System\yeTfOom.exe
  2⤵
  PID:11564
- C:\Windows\System\YLkdkxE.exe
  C:\Windows\System\YLkdkxE.exe
  2⤵
  PID:11580
- C:\Windows\System\vlpVpOK.exe
  C:\Windows\System\vlpVpOK.exe
  2⤵
  PID:11620
- C:\Windows\System\gWfZJPQ.exe
  C:\Windows\System\gWfZJPQ.exe
  2⤵
  PID:11656
- C:\Windows\System\QUrESdz.exe
  C:\Windows\System\QUrESdz.exe
  2⤵
  PID:11700
- C:\Windows\System\UfHqDdC.exe
  C:\Windows\System\UfHqDdC.exe
  2⤵
  PID:11744
- C:\Windows\System\lFGIvEd.exe
  C:\Windows\System\lFGIvEd.exe
  2⤵
  PID:11776
- C:\Windows\System\ZWoaJQD.exe
  C:\Windows\System\ZWoaJQD.exe
  2⤵
  PID:11796
- C:\Windows\System\IeiBBPJ.exe
  C:\Windows\System\IeiBBPJ.exe
  2⤵
  PID:11832
- C:\Windows\System\NfVQLIh.exe
  C:\Windows\System\NfVQLIh.exe
  2⤵
  PID:11880
- C:\Windows\System\zwEotwT.exe
  C:\Windows\System\zwEotwT.exe
  2⤵
  PID:11908
- C:\Windows\System\XcCwIiY.exe
  C:\Windows\System\XcCwIiY.exe
  2⤵
  PID:11936
- C:\Windows\System\jgLhobt.exe
  C:\Windows\System\jgLhobt.exe
  2⤵
  PID:11964
- C:\Windows\System\trTndWG.exe
  C:\Windows\System\trTndWG.exe
  2⤵
  PID:11996
- C:\Windows\System\NFLPnCv.exe
  C:\Windows\System\NFLPnCv.exe
  2⤵
  PID:12024
- C:\Windows\System\PsyRQnR.exe
  C:\Windows\System\PsyRQnR.exe
  2⤵
  PID:12048
- C:\Windows\System\noBIbxS.exe
  C:\Windows\System\noBIbxS.exe
  2⤵
  PID:12068
- C:\Windows\System\nNTjehL.exe
  C:\Windows\System\nNTjehL.exe
  2⤵
  PID:12100
- C:\Windows\System\ZdxnfOb.exe
  C:\Windows\System\ZdxnfOb.exe
  2⤵
  PID:12120
- C:\Windows\System\GzMvGOm.exe
  C:\Windows\System\GzMvGOm.exe
  2⤵
  PID:12168
- C:\Windows\System\DAfmQSV.exe
  C:\Windows\System\DAfmQSV.exe
  2⤵
  PID:12196
- C:\Windows\System\OOPjDiY.exe
  C:\Windows\System\OOPjDiY.exe
  2⤵
  PID:12232
- C:\Windows\System\DDChbDt.exe
  C:\Windows\System\DDChbDt.exe
  2⤵
  PID:12272
- C:\Windows\System\IGTgiqN.exe
  C:\Windows\System\IGTgiqN.exe
  2⤵
  PID:11284
- C:\Windows\System\mOTFzYH.exe
  C:\Windows\System\mOTFzYH.exe
  2⤵
  PID:11352
- C:\Windows\System\oYQynNP.exe
  C:\Windows\System\oYQynNP.exe
  2⤵
  PID:11480
- C:\Windows\System\TNYbgMi.exe
  C:\Windows\System\TNYbgMi.exe
  2⤵
  PID:11560
- C:\Windows\System\eDkBXIw.exe
  C:\Windows\System\eDkBXIw.exe
  2⤵
  PID:5096
- C:\Windows\System\veTdPGY.exe
  C:\Windows\System\veTdPGY.exe
  2⤵
  PID:1968
- C:\Windows\System\ftYROoz.exe
  C:\Windows\System\ftYROoz.exe
  2⤵
  PID:11732
- C:\Windows\System\keORWNI.exe
  C:\Windows\System\keORWNI.exe
  2⤵
  PID:11840
- C:\Windows\System\tbhZLaa.exe
  C:\Windows\System\tbhZLaa.exe
  2⤵
  PID:11904
- C:\Windows\System\rAtuZXC.exe
  C:\Windows\System\rAtuZXC.exe
  2⤵
  PID:11960
- C:\Windows\System\uGTHuCG.exe
  C:\Windows\System\uGTHuCG.exe
  2⤵
  PID:12040
- C:\Windows\System\NStiINk.exe
  C:\Windows\System\NStiINk.exe
  2⤵
  PID:12132
- C:\Windows\System\cpVgLht.exe
  C:\Windows\System\cpVgLht.exe
  2⤵
  PID:12156
- C:\Windows\System\YngpOAz.exe
  C:\Windows\System\YngpOAz.exe
  2⤵
  PID:12244
- C:\Windows\System\udoxqMg.exe
  C:\Windows\System\udoxqMg.exe
  2⤵
  PID:12280
- C:\Windows\System\wrCQeFY.exe
  C:\Windows\System\wrCQeFY.exe
  2⤵
  PID:11536
- C:\Windows\System\crtQDPd.exe
  C:\Windows\System\crtQDPd.exe
  2⤵
  PID:11628
- C:\Windows\System\TtUrhVU.exe
  C:\Windows\System\TtUrhVU.exe
  2⤵
  PID:11860
- C:\Windows\System\YPGFOBn.exe
  C:\Windows\System\YPGFOBn.exe
  2⤵
  PID:12084
- C:\Windows\System\WtgRrWT.exe
  C:\Windows\System\WtgRrWT.exe
  2⤵
  PID:12256
- C:\Windows\System\mOOKHRy.exe
  C:\Windows\System\mOOKHRy.exe
  2⤵
  PID:11504
- C:\Windows\System\qCdZTJg.exe
  C:\Windows\System\qCdZTJg.exe
  2⤵
  PID:12220
- C:\Windows\System\pxZDkCF.exe
  C:\Windows\System\pxZDkCF.exe
  2⤵
  PID:12316
- C:\Windows\System\WszkBrn.exe
  C:\Windows\System\WszkBrn.exe
  2⤵
  PID:12332
- C:\Windows\System\nCFJbja.exe
  C:\Windows\System\nCFJbja.exe
  2⤵
  PID:12356
- C:\Windows\System\JnnfRhQ.exe
  C:\Windows\System\JnnfRhQ.exe
  2⤵
  PID:12388
- C:\Windows\System\QOJAbDO.exe
  C:\Windows\System\QOJAbDO.exe
  2⤵
  PID:12428
- C:\Windows\System\GjTUGxb.exe
  C:\Windows\System\GjTUGxb.exe
  2⤵
  PID:12456
- C:\Windows\System\HDMrNUX.exe
  C:\Windows\System\HDMrNUX.exe
  2⤵
  PID:12484
- C:\Windows\System\IZHnxjH.exe
  C:\Windows\System\IZHnxjH.exe
  2⤵
  PID:12512
- C:\Windows\System\hYrqgdY.exe
  C:\Windows\System\hYrqgdY.exe
  2⤵
  PID:12544
- C:\Windows\System\hLtnSBC.exe
  C:\Windows\System\hLtnSBC.exe
  2⤵
  PID:12572
- C:\Windows\System\ZaWpWMj.exe
  C:\Windows\System\ZaWpWMj.exe
  2⤵
  PID:12600
- C:\Windows\System\AieIuaC.exe
  C:\Windows\System\AieIuaC.exe
  2⤵
  PID:12620
- C:\Windows\System\jMkwyhu.exe
  C:\Windows\System\jMkwyhu.exe
  2⤵
  PID:12656
- C:\Windows\System\GKlmUzN.exe
  C:\Windows\System\GKlmUzN.exe
  2⤵
  PID:12676
- C:\Windows\System\hUibWVD.exe
  C:\Windows\System\hUibWVD.exe
  2⤵
  PID:12704
- C:\Windows\System\edtuyzJ.exe
  C:\Windows\System\edtuyzJ.exe
  2⤵
  PID:12740
- C:\Windows\System\qYLdxge.exe
  C:\Windows\System\qYLdxge.exe
  2⤵
  PID:12768
- C:\Windows\System\vqLyuTo.exe
  C:\Windows\System\vqLyuTo.exe
  2⤵
  PID:12796
- C:\Windows\System\pTXbSPQ.exe
  C:\Windows\System\pTXbSPQ.exe
  2⤵
  PID:12824
- C:\Windows\System\zcagXSl.exe
  C:\Windows\System\zcagXSl.exe
  2⤵
  PID:12856
- C:\Windows\System\cZwpzVI.exe
  C:\Windows\System\cZwpzVI.exe
  2⤵
  PID:12884
- C:\Windows\System\vlCttqp.exe
  C:\Windows\System\vlCttqp.exe
  2⤵
  PID:12900
- C:\Windows\System\oCqAFgG.exe
  C:\Windows\System\oCqAFgG.exe
  2⤵
  PID:12936
- C:\Windows\System\huXUXSb.exe
  C:\Windows\System\huXUXSb.exe
  2⤵
  PID:12960
- C:\Windows\System\HtoldzC.exe
  C:\Windows\System\HtoldzC.exe
  2⤵
  PID:12996
- C:\Windows\System\emVOddI.exe
  C:\Windows\System\emVOddI.exe
  2⤵
  PID:13024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yqarmeis.gky.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CWfBvew.exe

Filesize
3.0MB

MD5
53138f12db7b1c06c6fd90b0b0ae6fee

SHA1
33599208cc3c90ef5015ed4e6eed89c8a51f2f04

SHA256
8bc6aef386a8b48090cf83eaef2bb0beba77c28016f2e84841d991096554ead1

SHA512
4a0a2e7f00d37b43f6b70f4d41014cefade2031f07f3013f0fcb1061aaa2d902800009f75105a94b9155a70640ba8a5e70baedb0be79299fc11d579004706499

Download Submit
C:\Windows\System\EPlfOQY.exe

Filesize
3.0MB

MD5
946f4dcd723057b0e95df331cb4c4716

SHA1
94bfd704f0d2bec29d57d431d1148f35420e1521

SHA256
ab4a0d1ed39e1040835897b111e990c0538eefe2f5e1333a55f0b153b3f13104

SHA512
a3644a30082f3fa597c4641a9ec1e8f9b894f72d5a484da9e1fbc4fd00ee75a9d55dcdb8da392dd1724d0fd1318568995abf9bddb8fb6bb6bd5d46d90f2acd6e

Download Submit
C:\Windows\System\FHlLTjL.exe

Filesize
3.0MB

MD5
a8d48f2ff7f55104b08d5c4c652b1fd0

SHA1
1059ae601782d276441dc4802d37762a86bdf5be

SHA256
58c1ca19749485ce5030b6bd8a00b5e76314982c9028fa8898d96830070bc7b7

SHA512
0a534c227330144acdfa73666a25e39b8671f058cc83d28a38a7bfe14167c46d0967e3f11bb07d4feb101e8a1ffd482a885cd469cf63efe68c9d5ac01946288d

Download Submit
C:\Windows\System\FNzkYgu.exe

Filesize
3.0MB

MD5
ca738fb1df234e88e4bf23c7c15f40ad

SHA1
700705ec6ef4eb0ef2e8ce3a448e6754d89b1e63

SHA256
670f2ed4c7dfec0bbf55663711741619087a6fdb74bfba3a42727eb9e122e9b0

SHA512
fbe1062ae8df016014a3ad59b13bbed74a5e8da2b57228692ae6f32c6ac49c8a9617ce99f22f7eb97101d2bfabde9280395521f2e52eebc4a65690ccd7a27d13

Download Submit
C:\Windows\System\IeilJni.exe

Filesize
3.0MB

MD5
86130cdadc70c93a9428c1bbb888dc58

SHA1
e8d43d1c9b3d498f949301facbcac35da2847488

SHA256
19b81b3977f3b03198f790e8471e9fe23a1d069690f9e1934d7c6ccaf5c780ce

SHA512
746464b9bc7a70bc26aa0f082973d0be0729bb70c0726b92b3ee1a3d7e3758c9f4f1965ab8616fcf6d05b41017ef165bf3d4540206afe1208b7aaba99e83fb55

Download Submit
C:\Windows\System\JeFErpb.exe

Filesize
3.0MB

MD5
c1b90c56c5816883727714efd5cf134f

SHA1
13415a7f81e368b5854afd810d6753b0d40b66ea

SHA256
0e7222b5f40e015376566167ba3d6cbc4f016fdbc457393f0d02517e97c77970

SHA512
80766c75335eadb4119679c2e19e4c96dc676e6dbe5f32dade3bc8f9200f9df383a0f989b6534ed4874d2fa05952ef2b00f060f2c5590266a573d2681fced968

Download Submit
C:\Windows\System\JsoyZAg.exe

Filesize
3.0MB

MD5
2a04d88bb126851aba9c39da2114e984

SHA1
69b90c5011865b3bff8ee365c89b62b28b227313

SHA256
645ff57a3869fc4d2fdb27702b6759ee29fc40758e024107b4b2bde3d4564fc0

SHA512
016e413a6d8864bd292101b11315d4882f959e5565d5d7382215039c1ace4886adcd56b4e36fdbef2bf61da016ebf10b46a5bed727786f9f34d30d523ecc396f

Download Submit
C:\Windows\System\JzepLdl.exe

Filesize
3.0MB

MD5
ad02bc8212ecf5bdc581209a008b24d0

SHA1
e0e215b9db076346b39d2dcd66aadfe490a22db4

SHA256
c8d8b26999633b347a4243d723665d40594dc9416a2e1e45877dd9a96c681512

SHA512
2f159ab8d51bc7a4c71980263585488807d15c6df52c805c7e09e2f76822658fa3becfd199c44786f3ce440877c62b36dcaeae27f5a14b10d51052838dee10a0

Download Submit
C:\Windows\System\ODRGysZ.exe

Filesize
3.0MB

MD5
397539cfebb3fedb114a7292b57725b9

SHA1
761bb300d4c892dc9fcf6115a2f4fd74cba198a0

SHA256
70bfd41ab10abd25e5cccf90bfbaa507fa556c76f26214812bc36d4200eb0863

SHA512
749ee180c4176b3145b579eb12d11f7217523332b6652e0fd1e468071ade3fa198212f651ff0ed8df02f6388a60d829c828dd32486066fc081f7680944ff964e

Download Submit
C:\Windows\System\QCpdtvt.exe

Filesize
3.0MB

MD5
d6a0d5db1c3e1b5cf91489e7511a5a70

SHA1
7be6a0e39551a85f4b99e9ae7adddef9e4d4da8b

SHA256
b5d324fea4d79de7cfc33eeadbc205e17b247805e1131601f8d6156998ad9fac

SHA512
d50eb5a0e1ec933f82aaa5fe8cacd7393e19e86d3bcd4b017c9e8bdaf5bf1baca9e3dcdc644b2a501180937113bb5aa0b49830f7d946c55eaf280f1c80951a40

Download Submit
C:\Windows\System\QiCXsiR.exe

Filesize
3.0MB

MD5
e480cb7f86915dcf9cfbb46604f8087a

SHA1
84e20daff23a5cd2915e52a30f11f2a30454a629

SHA256
500df70657f96f2fb973c3df825024b6518d2d9272018e09535abcb18e63b407

SHA512
d9ac8d9d6d5833502a51d2691cce9621ab4de651484857296a6cea07ce7bdb175fed0bca5480b521308cd3a836e391ab30e9b8d7375b4f6a94732bc11c8865ee

Download Submit
C:\Windows\System\RLEhqYy.exe

Filesize
3.0MB

MD5
eacb9ff5cb6b7d065a078dc65ff9261b

SHA1
07afacb42088c699314fab837821eb4e1b4e6ae1

SHA256
7483900b47ee08a8bbfb7b23e73bfd46e538fdb705d2ac4cb84993643d37a395

SHA512
c1925e039257471e8afda9ae3d364a439d2d90aa069a41383dc3301cce21fd68d09ba73860f0a0d9e809966858f06dc45d050a6201c92b70c3d231b81e95005b

Download Submit
C:\Windows\System\RMsyxHy.exe

Filesize
3.0MB

MD5
3d989293128730d245ae61e1ca809af4

SHA1
6db2dce7b2a3378c64178cef5787b24007bd03c0

SHA256
6a5505740fbac119b06201c37572e00c66508e0c8d96b94a8f3b8b9a54ad4c2b

SHA512
d19221381c0e139953d50f5b416cfcceea6102f3786266df78a92a2b6460a59cafe2a9b829fb8deb195eebaa7a93ed4d51d9247047f687e45fff0767188c5335

Download Submit
C:\Windows\System\VjWcMtY.exe

Filesize
3.0MB

MD5
461aa8b20fd202592315fc69389ab980

SHA1
30896d075823b134e079a06b2f4f2a0eebe8483a

SHA256
fc440339759193b913d1668ab71e31de89e7380e036687e793499a86a87afff1

SHA512
cde0c61b72865a1624b1d651f25883028a74f884c85d406ab2d9dd33071707d444a59c7bed64fa6617132463cfd56f5b0cc3b1b7d076bf82475c455938d62823

Download Submit
C:\Windows\System\eAYChkK.exe

Filesize
3.0MB

MD5
ddf14f4beb9cbf53ca3cc74430be8a37

SHA1
2e63acb6992352e5b0f841bc329c5b228aa70c22

SHA256
17e6bce7123af75cb58f4c383ec3a67c1aae93daa07d8e5027a5d636cbdb59e8

SHA512
9cebf79a8698d391443a59a9086a930d31538e14d0d395d220d8f3b3e49365eb58c292a9552f8e6310cee47a453074cd471fb3039755cc3903a8a93a664d3b5f

Download Submit
C:\Windows\System\eBNlWSZ.exe

Filesize
3.0MB

MD5
09c0e1b5e0845072333be2a2a82fb390

SHA1
a722dbc1a9750d55545ca33bd942705604c18e76

SHA256
55359cf9908e25f3db9e1dc370e125163de611b37865729f3c8a3e5584ae377a

SHA512
4b616ec54440b5116d1794752ff39bd7e88176aa2af08d209538b752c00b22344832a34935d4e13c212d276a620bbac8a1014b60284c01ffbedbb61bcfbd450f

Download Submit
C:\Windows\System\iitsHeC.exe

Filesize
3.0MB

MD5
b5cb05b4d33eb90906b6b2648188d2e6

SHA1
557835117c151da37bc6a3e55e0e4a6153fcbb20

SHA256
4fde44d764ff7ecbecabbe0b7a89ee52ffee5f2a379f1eccdf5d4434300ff613

SHA512
6f792022457c70cf1cfd3b196284d75a020785cb77d99afc375db6a16ffabae862a8857e2a087cc096709287bca4b856777eac2a9094852e8f582d79a23d503e

Download Submit
C:\Windows\System\ilDpHGk.exe

Filesize
3.0MB

MD5
87bba09f6802ce41e6f576ffe6de2a63

SHA1
b19663e1a73847b008b800163edd9b1861540f60

SHA256
e97a02e59a56c2784118146272970881ca9e0d6ac10faa7510f8271d0d509671

SHA512
493eae463c2fed5365c700752ec8645cd4c02381d516c37e46c6392ec224bbf43c4145416a6a5a218f87ead04267331f21d52555c1a38807159d7c1487bf2659

Download Submit
C:\Windows\System\kIwjBpG.exe

Filesize
3.0MB

MD5
6db53cc187badbba6079853468729404

SHA1
f05001941f5c5950dc83990155e39f6d3aeb34f9

SHA256
d04b520d5f867841d685ef3dbd8b66d4ac2d973e8732f08c1970f78fad8bbf82

SHA512
5d25fae99cccef5c7a7c61cce1970013ca81335f53211e986a0f4326393297ec2bf42da06f24223de2747fdc10ddcb03fcd77d9f2c0de1085d59c3fb48098418

Download Submit
C:\Windows\System\kWUMAtC.exe

Filesize
3.0MB

MD5
6ff148f290fd829713339401423ca220

SHA1
668f2228c1248552dfec9aaece29be6c7bb40680

SHA256
986d1f94ce74ed82cca2017450dc1d16ffa6d90bfac5f7976ff7dadbd0b08629

SHA512
a96133de1ac18a90d520ffd26f1b03eb9b212a624e087d833c15937200ebf257715ed61bf6aa9a478b0bdaee738bbdc357a641e9199172a5aa7027c3bd3b9504

Download Submit
C:\Windows\System\lUHIbfY.exe

Filesize
3.0MB

MD5
f1065a3b4f73bb367f0fb8a0c5a19ae8

SHA1
6dc9fa3177b57dfe8adc45a25415191d06164ba4

SHA256
87498f03aadd556a3cb882c307790d7eba4d799d5b110e3cb62b1ea83d7131fb

SHA512
1b910a3e4b03dd36e33c7a040f951c20cc9e262425751397350093fccd3503faf1b6ac17038434d3b46f7f9537dcf9da0ed9732e5bad0e2e241cce096b70f671

Download Submit
C:\Windows\System\ndNYDvN.exe

Filesize
3.0MB

MD5
2064adb421dc3fe43e4cb93a9739c265

SHA1
4d7310beb2c4735f6e3675aa1da9a611a6ab2799

SHA256
6331e8ea08dd79f729d7405c8751b9f464e5e9dd45fe4d79f866875f46b3f505

SHA512
9f417b96a4ae792eb60dab24acca9badaacccc7b60f9f5ed93c261d13f2ffbeb15dad1ef612ba95775cafa36a61ac92455a04fd9166505a80efac84836bfeaaf

Download Submit
C:\Windows\System\nshqxvp.exe

Filesize
3.0MB

MD5
109811a08cacfe2f04c8a79bf584f8ed

SHA1
a8f8ac26bbc4f9a3c82841456f7ecae48d48ed2d

SHA256
2420e7f8de3b5ff091e01cfe1aa6a0514055154aa69dfacafee281760cd1f920

SHA512
4381bd352b4936675cf1792a7c4c762b3fffb363240dde601a9683622e5de854e3c14e3ac11e65bba8809b9098b2a74c407b3816200cdb69882ce558f3c08051

Download Submit
C:\Windows\System\qKePVQQ.exe

Filesize
3.0MB

MD5
d2855165c7397d6cac398af056506b2f

SHA1
000ee6e0aaeafa5bbc5bd74d1a90765d400202f6

SHA256
356a07aad6a2fb1fe3f3a3c933fda4d7b9fd8f157de32b6ab1f35eb3b8f09ba8

SHA512
eeab189e50752cbf56c5c21ba927da0344449e0759e94681b7c2da4d49f52a66cdc491cb09db3f5e6fe641459ba1f9557e6d2c047fa7bb7b719959d146e64df6

Download Submit
C:\Windows\System\qXrRapn.exe

Filesize
3.0MB

MD5
c4521ca0304a19d39d1a93a68cf4119c

SHA1
3954414d87fb7cfcbb689b3feb8ebed6b65bdab9

SHA256
1af9e22672c6d57023d5ea2cab9cdfa22f0c1640575812802442e788be7bb5be

SHA512
b0a2b1b88044db85646edc46f0450b551a9cafc80b017376946b4be8c7b962b89dd26c1e528e27effe2e979ad06ef857d69ae1f2bc3005381d6fea6c49918566

Download Submit
C:\Windows\System\qckQZBV.exe

Filesize
3.0MB

MD5
034ecb44535b43ad51720e862b6907ec

SHA1
dc19e8e609566485d1cb5db6a1469fd653ffc843

SHA256
4ce797469c9db3af1917440b28c18aaeb393dac46ae718310574720b19155f49

SHA512
f26d6e6bed6fbcd550c4896e7fd392b83e7c1d7e4f968cd1468f54ef4506cda334a3ffd5c3a77f984af27bfa0fa40b0490f07311b53600efd1c975c7be51a802

Download Submit
C:\Windows\System\ruvRajs.exe

Filesize
3.0MB

MD5
b20d15ea2a011f717f1ca333f5c569e2

SHA1
abcb883425d111ef8f671688617f6c8c178e9ca6

SHA256
44d0b4a0827f79ba94f5bdf5fd499363eec718831c99e4a2c05a4acfed7d85f2

SHA512
d7a5562b624d4c76756e337c16b3b6ba760314ed19d2d7efaeea4baf21a4af760b3a0ad5ed539ffd2ade97507ba490342f8b477a57dae60ed5ef0334b4567af6

Download Submit
C:\Windows\System\sEYnjvs.exe

Filesize
3.0MB

MD5
c2d08e7f622fb2b1c846cbc6a8bb3e93

SHA1
2fef2911b8893433483b47045d639e09da23b9ae

SHA256
1a4793f63382ce5c66f9f32a75201eeae2a004cb01e063e2bf85dd6f4640fc6c

SHA512
1765db37a315415eb96f611d13d85b0e1a5723dd2d64f1184c6a26362b2d38dbde69044887348052871486a5ea8ef201fdd0f755872c3b08a0aac4e705dc0768

Download Submit
C:\Windows\System\umonIQo.exe

Filesize
3.0MB

MD5
31a1d36ed2a9aecdd4c72e5cf0ee0cf5

SHA1
bd21c75c1b9a5c07c6c604657d43758559ce2763

SHA256
3a4a6274ad3d0e0904043cb96af7b8e0d57697998fce1a84688493cb44ebc4ed

SHA512
52644538d0b6783fb244a42fa1a113eaf7f1946038bd952ef8685de6b1508ba566438d43753aee560f28c1da2e60faad657b78d2e062dbdf1a26c70f2e5ded4a

Download Submit
C:\Windows\System\uypsynr.exe

Filesize
3.0MB

MD5
e8b8c48c69cde5f95640b317ae2feb4d

SHA1
d712a97f3ac28bc74b876da0b16bab97bcd4810f

SHA256
f30eefbe5ef101ddbda6d2ddacb8ba938de1934c42277450c3a99143a0bc78c1

SHA512
5389cb03f0b33926a1f03e4fef3e165192958bf97238de7ae5417ae879d6d529838f1a93cad720ddbc92cb14c07dc4b8882f1e1e49d1f17512b70b6f317a75c9

Download Submit
C:\Windows\System\wDATWNt.exe

Filesize
3.0MB

MD5
9d7d9b3fa7e1768cd4bebe959630d146

SHA1
d9536202d12b7b8c4cee832c5c951b4360d17f68

SHA256
8afe1001263f8313878c2af6c49e31f33f3c37324f0853f60554fb48e2d1e4d4

SHA512
d4fb844df0412a7702845b00e6b84443f9c915a2760f87883302ff9df8ebc6c0bb6c67e5ca74921c069422cd62db277f919ee256dc13d5c28e8d401e9c66bf30

Download Submit
C:\Windows\System\wfYSiyv.exe

Filesize
3.0MB

MD5
8b5f60613173dc9a762a4efabe7eaaa1

SHA1
5ea2a848bb8d8aa75f2de614951ecc2dd232a512

SHA256
507db592a84adbfb270f5514e04db1218603e9ec8313855c8df16bfb19d3dccd

SHA512
05453ce6e4ca15490cdf626a4b363f1d63205b8d0965d5ba681f127ecf756ac84c07d52224ca137b7840b9d20641bc0687ae4186bce47ce38b97f48a7eeae7dd

Download Submit
C:\Windows\System\ySGMdpg.exe

Filesize
3.0MB

MD5
630c019d2627833e9fbb460c91e1ce63

SHA1
42a4285648c56e3717fff001935aead7cc565457

SHA256
b0959643191e41f5e8f78f34700ef93d725b10c26457ce92cf23b7856b8dc7a3

SHA512
2ff4b5ce6bff2cd74c6dce024d03063cd32d1f3fc42927baeae59587f971514efbd884f819e2fe591c9a3e26b770ba99b843a014f2f819b5610a662922f7f293

Download Submit
memory/336-0-0x00007FF68CCC0000-0x00007FF68D0B6000-memory.dmp

Filesize
4.0MB

Download
memory/336-1-0x00000259330B0000-0x00000259330C0000-memory.dmp

Filesize
64KB

Download
memory/376-1003-0x00007FF79CF40000-0x00007FF79D336000-memory.dmp

Filesize
4.0MB

Download
memory/376-2104-0x00007FF79CF40000-0x00007FF79D336000-memory.dmp

Filesize
4.0MB

Download
memory/540-2088-0x00007FF724280000-0x00007FF724676000-memory.dmp

Filesize
4.0MB

Download
memory/540-1019-0x00007FF724280000-0x00007FF724676000-memory.dmp

Filesize
4.0MB

Download
memory/1368-2092-0x00007FF6A9FF0000-0x00007FF6AA3E6000-memory.dmp

Filesize
4.0MB

Download
memory/1368-989-0x00007FF6A9FF0000-0x00007FF6AA3E6000-memory.dmp

Filesize
4.0MB

Download
memory/1432-50-0x00007FF6DFB00000-0x00007FF6DFEF6000-memory.dmp

Filesize
4.0MB

Download
memory/1432-2082-0x00007FF6DFB00000-0x00007FF6DFEF6000-memory.dmp

Filesize
4.0MB

Download
memory/1880-2083-0x00007FF69FC80000-0x00007FF6A0076000-memory.dmp

Filesize
4.0MB

Download
memory/1880-1016-0x00007FF69FC80000-0x00007FF6A0076000-memory.dmp

Filesize
4.0MB

Download
memory/1944-2081-0x00007FF6EA200000-0x00007FF6EA5F6000-memory.dmp

Filesize
4.0MB

Download
memory/1944-7-0x00007FF6EA200000-0x00007FF6EA5F6000-memory.dmp

Filesize
4.0MB

Download
memory/2268-962-0x00007FF7421A0000-0x00007FF742596000-memory.dmp

Filesize
4.0MB

Download
memory/2268-2099-0x00007FF7421A0000-0x00007FF742596000-memory.dmp

Filesize
4.0MB

Download
memory/2548-2089-0x00007FF74E0D0000-0x00007FF74E4C6000-memory.dmp

Filesize
4.0MB

Download
memory/2548-976-0x00007FF74E0D0000-0x00007FF74E4C6000-memory.dmp

Filesize
4.0MB

Download
memory/2564-2084-0x00007FF70B340000-0x00007FF70B736000-memory.dmp

Filesize
4.0MB

Download
memory/2564-1015-0x00007FF70B340000-0x00007FF70B736000-memory.dmp

Filesize
4.0MB

Download
memory/3076-963-0x00007FF640450000-0x00007FF640846000-memory.dmp

Filesize
4.0MB

Download
memory/3076-2098-0x00007FF640450000-0x00007FF640846000-memory.dmp

Filesize
4.0MB

Download
memory/3184-2079-0x00007FFA8F233000-0x00007FFA8F235000-memory.dmp

Filesize
8KB

Download
memory/3184-2080-0x00007FFA8F230000-0x00007FFA8FCF1000-memory.dmp

Filesize
10.8MB

Download
memory/3184-1001-0x00000200007B0000-0x0000020000F56000-memory.dmp

Filesize
7.6MB

Download
memory/3184-24-0x00007FFA8F230000-0x00007FFA8FCF1000-memory.dmp

Filesize
10.8MB

Download
memory/3184-1009-0x00007FFA8F230000-0x00007FFA8FCF1000-memory.dmp

Filesize
10.8MB

Download
memory/3184-43-0x000001FFFF930000-0x000001FFFF952000-memory.dmp

Filesize
136KB

Download
memory/3184-5-0x00007FFA8F233000-0x00007FFA8F235000-memory.dmp

Filesize
8KB

Download
memory/3184-2105-0x00007FFA8F230000-0x00007FFA8FCF1000-memory.dmp

Filesize
10.8MB

Download
memory/3212-2085-0x00007FF64C520000-0x00007FF64C916000-memory.dmp

Filesize
4.0MB

Download
memory/3212-946-0x00007FF64C520000-0x00007FF64C916000-memory.dmp

Filesize
4.0MB

Download
memory/3624-2100-0x00007FF7C6080000-0x00007FF7C6476000-memory.dmp

Filesize
4.0MB

Download
memory/3624-959-0x00007FF7C6080000-0x00007FF7C6476000-memory.dmp

Filesize
4.0MB

Download
memory/3672-992-0x00007FF641960000-0x00007FF641D56000-memory.dmp

Filesize
4.0MB

Download
memory/3672-2091-0x00007FF641960000-0x00007FF641D56000-memory.dmp

Filesize
4.0MB

Download
memory/3800-995-0x00007FF6752B0000-0x00007FF6756A6000-memory.dmp

Filesize
4.0MB

Download
memory/3800-2102-0x00007FF6752B0000-0x00007FF6756A6000-memory.dmp

Filesize
4.0MB

Download
memory/4020-29-0x00007FF7BF6C0000-0x00007FF7BFAB6000-memory.dmp

Filesize
4.0MB

Download
memory/4020-2086-0x00007FF7BF6C0000-0x00007FF7BFAB6000-memory.dmp

Filesize
4.0MB

Download
memory/4092-2103-0x00007FF654F00000-0x00007FF6552F6000-memory.dmp

Filesize
4.0MB

Download
memory/4092-1006-0x00007FF654F00000-0x00007FF6552F6000-memory.dmp

Filesize
4.0MB

Download
memory/4156-987-0x00007FF73DE40000-0x00007FF73E236000-memory.dmp

Filesize
4.0MB

Download
memory/4156-2093-0x00007FF73DE40000-0x00007FF73E236000-memory.dmp

Filesize
4.0MB

Download
memory/4284-977-0x00007FF6AF980000-0x00007FF6AFD76000-memory.dmp

Filesize
4.0MB

Download
memory/4284-2095-0x00007FF6AF980000-0x00007FF6AFD76000-memory.dmp

Filesize
4.0MB

Download
memory/4580-2090-0x00007FF733B20000-0x00007FF733F16000-memory.dmp

Filesize
4.0MB

Download
memory/4580-994-0x00007FF733B20000-0x00007FF733F16000-memory.dmp

Filesize
4.0MB

Download
memory/4664-955-0x00007FF795CC0000-0x00007FF7960B6000-memory.dmp

Filesize
4.0MB

Download
memory/4664-2101-0x00007FF795CC0000-0x00007FF7960B6000-memory.dmp

Filesize
4.0MB

Download
memory/4976-971-0x00007FF6EC280000-0x00007FF6EC676000-memory.dmp

Filesize
4.0MB

Download
memory/4976-2096-0x00007FF6EC280000-0x00007FF6EC676000-memory.dmp

Filesize
4.0MB

Download
memory/5020-966-0x00007FF6F0630000-0x00007FF6F0A26000-memory.dmp

Filesize
4.0MB

Download
memory/5020-2097-0x00007FF6F0630000-0x00007FF6F0A26000-memory.dmp

Filesize
4.0MB

Download
memory/5028-2094-0x00007FF6002D0000-0x00007FF6006C6000-memory.dmp

Filesize
4.0MB

Download
memory/5028-981-0x00007FF6002D0000-0x00007FF6006C6000-memory.dmp

Filesize
4.0MB

Download
memory/5064-952-0x00007FF60FCB0000-0x00007FF6100A6000-memory.dmp

Filesize
4.0MB

Download
memory/5064-2087-0x00007FF60FCB0000-0x00007FF6100A6000-memory.dmp

Filesize
4.0MB

Download