xmrig | 9cb58a11ffaa0120f3647a51a540591a64eca92eb2dee099a1612600f4618027

Analysis

max time kernel
132s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
Size

3.0MB
MD5

0875f5a33c42d1402b721166f2d2b060
SHA1

3d74a954c83fcbd8ede30870805273bcc98e1aa1
SHA256

9cb58a11ffaa0120f3647a51a540591a64eca92eb2dee099a1612600f4618027
SHA512

dc4c14bb663aeae066aa24e852bb01bc56818f4e2d820c4988cde9dccf51c40837b3fc8652ea09eb987129e7c23e7d2b7f83e0767a55543b17395acd130ab9cb
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMki8CnfZFOzV:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R+

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2396-0-0x00007FF6D4010000-0x00007FF6D4406000-memory.dmp	xmrig
behavioral2/files/0x0008000000023286-5.dat	xmrig
behavioral2/files/0x0007000000023420-7.dat	xmrig
behavioral2/files/0x000800000002341c-20.dat	xmrig
behavioral2/files/0x0007000000023421-22.dat	xmrig
behavioral2/files/0x0007000000023422-25.dat	xmrig
behavioral2/files/0x0007000000023425-48.dat	xmrig
behavioral2/files/0x0007000000023424-53.dat	xmrig
behavioral2/files/0x0007000000023428-61.dat	xmrig
behavioral2/files/0x0008000000023426-70.dat	xmrig
behavioral2/files/0x000700000002342b-86.dat	xmrig
behavioral2/files/0x000700000002342c-92.dat	xmrig
behavioral2/files/0x000700000002342f-101.dat	xmrig
behavioral2/files/0x0007000000023437-143.dat	xmrig
behavioral2/files/0x000700000002343a-158.dat	xmrig
behavioral2/memory/1880-610-0x00007FF7E32E0000-0x00007FF7E36D6000-memory.dmp	xmrig
behavioral2/memory/1488-620-0x00007FF60A450000-0x00007FF60A846000-memory.dmp	xmrig
behavioral2/memory/4524-628-0x00007FF6CE9F0000-0x00007FF6CEDE6000-memory.dmp	xmrig
behavioral2/memory/3320-638-0x00007FF7F3FA0000-0x00007FF7F4396000-memory.dmp	xmrig
behavioral2/memory/4052-632-0x00007FF6B9E00000-0x00007FF6BA1F6000-memory.dmp	xmrig
behavioral2/memory/4828-624-0x00007FF79B030000-0x00007FF79B426000-memory.dmp	xmrig
behavioral2/memory/2508-611-0x00007FF743EB0000-0x00007FF7442A6000-memory.dmp	xmrig
behavioral2/memory/872-658-0x00007FF6466A0000-0x00007FF646A96000-memory.dmp	xmrig
behavioral2/memory/1072-673-0x00007FF62B820000-0x00007FF62BC16000-memory.dmp	xmrig
behavioral2/memory/3148-675-0x00007FF75B590000-0x00007FF75B986000-memory.dmp	xmrig
behavioral2/memory/4464-685-0x00007FF7EE350000-0x00007FF7EE746000-memory.dmp	xmrig
behavioral2/memory/4428-686-0x00007FF6D3920000-0x00007FF6D3D16000-memory.dmp	xmrig
behavioral2/memory/392-682-0x00007FF64CFF0000-0x00007FF64D3E6000-memory.dmp	xmrig
behavioral2/memory/1276-672-0x00007FF6DC130000-0x00007FF6DC526000-memory.dmp	xmrig
behavioral2/memory/4216-665-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp	xmrig
behavioral2/memory/1616-662-0x00007FF7136E0000-0x00007FF713AD6000-memory.dmp	xmrig
behavioral2/memory/1560-654-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp	xmrig
behavioral2/memory/772-646-0x00007FF7373A0000-0x00007FF737796000-memory.dmp	xmrig
behavioral2/memory/2820-692-0x00007FF625870000-0x00007FF625C66000-memory.dmp	xmrig
behavioral2/memory/1268-695-0x00007FF78EDB0000-0x00007FF78F1A6000-memory.dmp	xmrig
behavioral2/memory/464-689-0x00007FF691E30000-0x00007FF692226000-memory.dmp	xmrig
behavioral2/files/0x000700000002343e-176.dat	xmrig
behavioral2/files/0x000700000002343c-172.dat	xmrig
behavioral2/files/0x000700000002343d-171.dat	xmrig
behavioral2/files/0x000700000002343b-167.dat	xmrig
behavioral2/files/0x0007000000023439-156.dat	xmrig
behavioral2/files/0x0007000000023438-152.dat	xmrig
behavioral2/files/0x0007000000023436-141.dat	xmrig
behavioral2/files/0x0007000000023435-137.dat	xmrig
behavioral2/files/0x0007000000023434-131.dat	xmrig
behavioral2/files/0x0007000000023433-127.dat	xmrig
behavioral2/files/0x0007000000023432-122.dat	xmrig
behavioral2/files/0x0007000000023431-117.dat	xmrig
behavioral2/files/0x0007000000023430-111.dat	xmrig
behavioral2/files/0x000700000002342e-102.dat	xmrig
behavioral2/files/0x000700000002342d-97.dat	xmrig
behavioral2/files/0x000700000002342a-79.dat	xmrig
behavioral2/files/0x0007000000023429-71.dat	xmrig
behavioral2/files/0x0008000000023427-65.dat	xmrig
behavioral2/files/0x0007000000023423-49.dat	xmrig
behavioral2/memory/2536-699-0x00007FF6F47D0000-0x00007FF6F4BC6000-memory.dmp	xmrig
behavioral2/memory/1976-701-0x00007FF645880000-0x00007FF645C76000-memory.dmp	xmrig
behavioral2/memory/1988-10-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp	xmrig
behavioral2/memory/1988-2142-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp	xmrig
behavioral2/memory/1988-2147-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp	xmrig
behavioral2/memory/1880-2148-0x00007FF7E32E0000-0x00007FF7E36D6000-memory.dmp	xmrig
behavioral2/memory/2536-2149-0x00007FF6F47D0000-0x00007FF6F4BC6000-memory.dmp	xmrig
behavioral2/memory/4828-2151-0x00007FF79B030000-0x00007FF79B426000-memory.dmp	xmrig
behavioral2/memory/1488-2152-0x00007FF60A450000-0x00007FF60A846000-memory.dmp	xmrig

Blocklisted process makes network request 26 IoCs

flow	pid	Process
7	2216	powershell.exe
9	2216	powershell.exe
25	2216	powershell.exe
26	2216	powershell.exe
27	2216	powershell.exe
29	2216	powershell.exe
30	2216	powershell.exe
31	2216	powershell.exe
32	2216	powershell.exe
33	2216	powershell.exe
34	2216	powershell.exe
35	2216	powershell.exe
36	2216	powershell.exe
37	2216	powershell.exe
38	2216	powershell.exe
39	2216	powershell.exe
40	2216	powershell.exe
41	2216	powershell.exe
42	2216	powershell.exe
43	2216	powershell.exe
44	2216	powershell.exe
45	2216	powershell.exe
46	2216	powershell.exe
47	2216	powershell.exe
48	2216	powershell.exe
49	2216	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2216	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1988	cCjiTxR.exe
2536	anehQea.exe
1880	yqUSNoq.exe
2508	OOfXRMw.exe
1488	JuQDRoI.exe
4828	tRRtERu.exe
1976	LAItzEF.exe
4524	dmQWjwp.exe
4052	TQZclEt.exe
3320	fjnGdrQ.exe
772	GxSPauZ.exe
1560	qVEwWOV.exe
872	oSrWUQN.exe
1616	qOZNAbY.exe
4216	KtSLvJl.exe
1276	nZjyxqg.exe
1072	hcExauJ.exe
3148	NwAxrYS.exe
392	UWqCtTZ.exe
4464	ZocdCkT.exe
4428	Stiyppa.exe
464	vVvJgQH.exe
2820	mTlDUhv.exe
1268	YicUZvi.exe
1364	NXfWTCv.exe
4396	YFmOSjz.exe
4140	mIKxYSl.exe
3948	MnKeCQP.exe
1688	sSgePtN.exe
2692	NdGlKYz.exe
1648	ZhNSKCV.exe
2964	kvMyNCe.exe
1600	AvhuoGU.exe
3516	roPwgWk.exe
2552	kNCDSdR.exe
1900	xaUBWbH.exe
2248	BvAxlmv.exe
1556	PyJAhFJ.exe
3980	BVGsvLn.exe
4556	ftrcRlp.exe
3256	KHJFRzi.exe
4684	uiamcvK.exe
5104	FmOkELp.exe
4856	wKtVovD.exe
3116	LuJUUCn.exe
2204	DmHHryw.exe
3388	ZXhVDEj.exe
2036	fytgSsy.exe
1008	KmvZeJl.exe
1368	gmZfTSU.exe
1124	BTtvyml.exe
228	rdchDhr.exe
3052	MpvNLGY.exe
744	TzAVgFC.exe
3772	WUdYzbF.exe
1500	YWrQqNt.exe
2168	gnIwbXj.exe
4028	ACISyFT.exe
1696	duFFgZX.exe
4220	etngxzX.exe
4172	lzWrKhL.exe
4580	EFCKAnA.exe
3844	xXFsIyT.exe
3648	CvKoQLu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2396-0-0x00007FF6D4010000-0x00007FF6D4406000-memory.dmp	upx
behavioral2/files/0x0008000000023286-5.dat	upx
behavioral2/files/0x0007000000023420-7.dat	upx
behavioral2/files/0x000800000002341c-20.dat	upx
behavioral2/files/0x0007000000023421-22.dat	upx
behavioral2/files/0x0007000000023422-25.dat	upx
behavioral2/files/0x0007000000023425-48.dat	upx
behavioral2/files/0x0007000000023424-53.dat	upx
behavioral2/files/0x0007000000023428-61.dat	upx
behavioral2/files/0x0008000000023426-70.dat	upx
behavioral2/files/0x000700000002342b-86.dat	upx
behavioral2/files/0x000700000002342c-92.dat	upx
behavioral2/files/0x000700000002342f-101.dat	upx
behavioral2/files/0x0007000000023437-143.dat	upx
behavioral2/files/0x000700000002343a-158.dat	upx
behavioral2/memory/1880-610-0x00007FF7E32E0000-0x00007FF7E36D6000-memory.dmp	upx
behavioral2/memory/1488-620-0x00007FF60A450000-0x00007FF60A846000-memory.dmp	upx
behavioral2/memory/4524-628-0x00007FF6CE9F0000-0x00007FF6CEDE6000-memory.dmp	upx
behavioral2/memory/3320-638-0x00007FF7F3FA0000-0x00007FF7F4396000-memory.dmp	upx
behavioral2/memory/4052-632-0x00007FF6B9E00000-0x00007FF6BA1F6000-memory.dmp	upx
behavioral2/memory/4828-624-0x00007FF79B030000-0x00007FF79B426000-memory.dmp	upx
behavioral2/memory/2508-611-0x00007FF743EB0000-0x00007FF7442A6000-memory.dmp	upx
behavioral2/memory/872-658-0x00007FF6466A0000-0x00007FF646A96000-memory.dmp	upx
behavioral2/memory/1072-673-0x00007FF62B820000-0x00007FF62BC16000-memory.dmp	upx
behavioral2/memory/3148-675-0x00007FF75B590000-0x00007FF75B986000-memory.dmp	upx
behavioral2/memory/4464-685-0x00007FF7EE350000-0x00007FF7EE746000-memory.dmp	upx
behavioral2/memory/4428-686-0x00007FF6D3920000-0x00007FF6D3D16000-memory.dmp	upx
behavioral2/memory/392-682-0x00007FF64CFF0000-0x00007FF64D3E6000-memory.dmp	upx
behavioral2/memory/1276-672-0x00007FF6DC130000-0x00007FF6DC526000-memory.dmp	upx
behavioral2/memory/4216-665-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp	upx
behavioral2/memory/1616-662-0x00007FF7136E0000-0x00007FF713AD6000-memory.dmp	upx
behavioral2/memory/1560-654-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp	upx
behavioral2/memory/772-646-0x00007FF7373A0000-0x00007FF737796000-memory.dmp	upx
behavioral2/memory/2820-692-0x00007FF625870000-0x00007FF625C66000-memory.dmp	upx
behavioral2/memory/1268-695-0x00007FF78EDB0000-0x00007FF78F1A6000-memory.dmp	upx
behavioral2/memory/464-689-0x00007FF691E30000-0x00007FF692226000-memory.dmp	upx
behavioral2/files/0x000700000002343e-176.dat	upx
behavioral2/files/0x000700000002343c-172.dat	upx
behavioral2/files/0x000700000002343d-171.dat	upx
behavioral2/files/0x000700000002343b-167.dat	upx
behavioral2/files/0x0007000000023439-156.dat	upx
behavioral2/files/0x0007000000023438-152.dat	upx
behavioral2/files/0x0007000000023436-141.dat	upx
behavioral2/files/0x0007000000023435-137.dat	upx
behavioral2/files/0x0007000000023434-131.dat	upx
behavioral2/files/0x0007000000023433-127.dat	upx
behavioral2/files/0x0007000000023432-122.dat	upx
behavioral2/files/0x0007000000023431-117.dat	upx
behavioral2/files/0x0007000000023430-111.dat	upx
behavioral2/files/0x000700000002342e-102.dat	upx
behavioral2/files/0x000700000002342d-97.dat	upx
behavioral2/files/0x000700000002342a-79.dat	upx
behavioral2/files/0x0007000000023429-71.dat	upx
behavioral2/files/0x0008000000023427-65.dat	upx
behavioral2/files/0x0007000000023423-49.dat	upx
behavioral2/memory/2536-699-0x00007FF6F47D0000-0x00007FF6F4BC6000-memory.dmp	upx
behavioral2/memory/1976-701-0x00007FF645880000-0x00007FF645C76000-memory.dmp	upx
behavioral2/memory/1988-10-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp	upx
behavioral2/memory/1988-2142-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp	upx
behavioral2/memory/1988-2147-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp	upx
behavioral2/memory/1880-2148-0x00007FF7E32E0000-0x00007FF7E36D6000-memory.dmp	upx
behavioral2/memory/2536-2149-0x00007FF6F47D0000-0x00007FF6F4BC6000-memory.dmp	upx
behavioral2/memory/4828-2151-0x00007FF79B030000-0x00007FF79B426000-memory.dmp	upx
behavioral2/memory/1488-2152-0x00007FF60A450000-0x00007FF60A846000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wdQxHVw.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\uujKAMA.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\pCnBWKZ.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\QeAKKqv.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\ltjTzRL.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\DsqjwoV.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\IIafLdr.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\sKidOcw.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\iZVpXHG.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\rVEbLwN.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\fKcZqQJ.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\yfiQznU.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\diyPhCo.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\KbtFwQR.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\LjHHXMK.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\Wsvnfjd.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\lCMyhru.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\mJnoybV.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\ZtYrCXA.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\aGemQzV.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\YHHcgEh.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\nxvrAUH.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\poCxgXW.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\OwqFUqx.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\kOaJaII.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\QMDzaDu.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\LDRwTIW.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\PRQIHmV.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\dwRHkpa.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\hWyrfjb.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\EkGNSIq.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\Mbkjpxd.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\EisQZIF.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\IuAozYe.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\jrfKeFn.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\bydgUOv.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\KzQCfnW.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\scyNFEG.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\LiYqaxV.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\iRhqTPu.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\zHkINsE.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\ZATKUnZ.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\qnAzpSg.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\SVhmJaX.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\mPUJqjz.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\fUcooNS.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\KEiqFwz.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\QsFJGKf.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\zFLETMt.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\UVxGrsL.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\DXLqmgI.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\hTDUBZJ.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\TAQuqjZ.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\tacWLTv.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\AwpHinO.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\KUNwlpB.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\PwPqNaB.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\bDUFFlT.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\quxNsEQ.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\PaWJFlP.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\KjIwXQg.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\DVgSKpZ.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\VYvdVok.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
File created	C:\Windows\System\OOYFTYA.exe	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2216	powershell.exe
2216	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2216	powershell.exe
Token: SeLockMemoryPrivilege	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2216	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	84
PID 2396 wrote to memory of 2216	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	84
PID 2396 wrote to memory of 1988	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	85
PID 2396 wrote to memory of 1988	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	85
PID 2396 wrote to memory of 2536	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	86
PID 2396 wrote to memory of 2536	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	86
PID 2396 wrote to memory of 1880	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	87
PID 2396 wrote to memory of 1880	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	87
PID 2396 wrote to memory of 2508	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	88
PID 2396 wrote to memory of 2508	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	88
PID 2396 wrote to memory of 1488	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	89
PID 2396 wrote to memory of 1488	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	89
PID 2396 wrote to memory of 4828	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	90
PID 2396 wrote to memory of 4828	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	90
PID 2396 wrote to memory of 1976	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	91
PID 2396 wrote to memory of 1976	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	91
PID 2396 wrote to memory of 4524	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	92
PID 2396 wrote to memory of 4524	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	92
PID 2396 wrote to memory of 4052	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	93
PID 2396 wrote to memory of 4052	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	93
PID 2396 wrote to memory of 3320	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	94
PID 2396 wrote to memory of 3320	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	94
PID 2396 wrote to memory of 772	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	95
PID 2396 wrote to memory of 772	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	95
PID 2396 wrote to memory of 1560	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	96
PID 2396 wrote to memory of 1560	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	96
PID 2396 wrote to memory of 872	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	97
PID 2396 wrote to memory of 872	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	97
PID 2396 wrote to memory of 1616	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	98
PID 2396 wrote to memory of 1616	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	98
PID 2396 wrote to memory of 4216	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	99
PID 2396 wrote to memory of 4216	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	99
PID 2396 wrote to memory of 1276	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	100
PID 2396 wrote to memory of 1276	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	100
PID 2396 wrote to memory of 1072	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	101
PID 2396 wrote to memory of 1072	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	101
PID 2396 wrote to memory of 3148	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	102
PID 2396 wrote to memory of 3148	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	102
PID 2396 wrote to memory of 392	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	103
PID 2396 wrote to memory of 392	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	103
PID 2396 wrote to memory of 4464	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	104
PID 2396 wrote to memory of 4464	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	104
PID 2396 wrote to memory of 4428	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	105
PID 2396 wrote to memory of 4428	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	105
PID 2396 wrote to memory of 464	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	106
PID 2396 wrote to memory of 464	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	106
PID 2396 wrote to memory of 2820	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	107
PID 2396 wrote to memory of 2820	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	107
PID 2396 wrote to memory of 1268	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	108
PID 2396 wrote to memory of 1268	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	108
PID 2396 wrote to memory of 1364	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	109
PID 2396 wrote to memory of 1364	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	109
PID 2396 wrote to memory of 4396	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	110
PID 2396 wrote to memory of 4396	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	110
PID 2396 wrote to memory of 4140	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	111
PID 2396 wrote to memory of 4140	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	111
PID 2396 wrote to memory of 3948	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	112
PID 2396 wrote to memory of 3948	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	112
PID 2396 wrote to memory of 1688	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	113
PID 2396 wrote to memory of 1688	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	113
PID 2396 wrote to memory of 2692	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	114
PID 2396 wrote to memory of 2692	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	114
PID 2396 wrote to memory of 1648	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	115
PID 2396 wrote to memory of 1648	2396	0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0875f5a33c42d1402b721166f2d2b060_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2216
- C:\Windows\System\cCjiTxR.exe
  C:\Windows\System\cCjiTxR.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\anehQea.exe
  C:\Windows\System\anehQea.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\yqUSNoq.exe
  C:\Windows\System\yqUSNoq.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\OOfXRMw.exe
  C:\Windows\System\OOfXRMw.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\JuQDRoI.exe
  C:\Windows\System\JuQDRoI.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\tRRtERu.exe
  C:\Windows\System\tRRtERu.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\LAItzEF.exe
  C:\Windows\System\LAItzEF.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\dmQWjwp.exe
  C:\Windows\System\dmQWjwp.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\TQZclEt.exe
  C:\Windows\System\TQZclEt.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\fjnGdrQ.exe
  C:\Windows\System\fjnGdrQ.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\GxSPauZ.exe
  C:\Windows\System\GxSPauZ.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\qVEwWOV.exe
  C:\Windows\System\qVEwWOV.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\oSrWUQN.exe
  C:\Windows\System\oSrWUQN.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\qOZNAbY.exe
  C:\Windows\System\qOZNAbY.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\KtSLvJl.exe
  C:\Windows\System\KtSLvJl.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\nZjyxqg.exe
  C:\Windows\System\nZjyxqg.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\hcExauJ.exe
  C:\Windows\System\hcExauJ.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\NwAxrYS.exe
  C:\Windows\System\NwAxrYS.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\UWqCtTZ.exe
  C:\Windows\System\UWqCtTZ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\ZocdCkT.exe
  C:\Windows\System\ZocdCkT.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\Stiyppa.exe
  C:\Windows\System\Stiyppa.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\vVvJgQH.exe
  C:\Windows\System\vVvJgQH.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\mTlDUhv.exe
  C:\Windows\System\mTlDUhv.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\YicUZvi.exe
  C:\Windows\System\YicUZvi.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\NXfWTCv.exe
  C:\Windows\System\NXfWTCv.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\YFmOSjz.exe
  C:\Windows\System\YFmOSjz.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\mIKxYSl.exe
  C:\Windows\System\mIKxYSl.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\MnKeCQP.exe
  C:\Windows\System\MnKeCQP.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\sSgePtN.exe
  C:\Windows\System\sSgePtN.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\NdGlKYz.exe
  C:\Windows\System\NdGlKYz.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ZhNSKCV.exe
  C:\Windows\System\ZhNSKCV.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\kvMyNCe.exe
  C:\Windows\System\kvMyNCe.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\AvhuoGU.exe
  C:\Windows\System\AvhuoGU.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\roPwgWk.exe
  C:\Windows\System\roPwgWk.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\kNCDSdR.exe
  C:\Windows\System\kNCDSdR.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\xaUBWbH.exe
  C:\Windows\System\xaUBWbH.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\BvAxlmv.exe
  C:\Windows\System\BvAxlmv.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\PyJAhFJ.exe
  C:\Windows\System\PyJAhFJ.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\BVGsvLn.exe
  C:\Windows\System\BVGsvLn.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\ftrcRlp.exe
  C:\Windows\System\ftrcRlp.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\KHJFRzi.exe
  C:\Windows\System\KHJFRzi.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\uiamcvK.exe
  C:\Windows\System\uiamcvK.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\FmOkELp.exe
  C:\Windows\System\FmOkELp.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\wKtVovD.exe
  C:\Windows\System\wKtVovD.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\LuJUUCn.exe
  C:\Windows\System\LuJUUCn.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\DmHHryw.exe
  C:\Windows\System\DmHHryw.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\ZXhVDEj.exe
  C:\Windows\System\ZXhVDEj.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\fytgSsy.exe
  C:\Windows\System\fytgSsy.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\KmvZeJl.exe
  C:\Windows\System\KmvZeJl.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\gmZfTSU.exe
  C:\Windows\System\gmZfTSU.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\BTtvyml.exe
  C:\Windows\System\BTtvyml.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\rdchDhr.exe
  C:\Windows\System\rdchDhr.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\MpvNLGY.exe
  C:\Windows\System\MpvNLGY.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\TzAVgFC.exe
  C:\Windows\System\TzAVgFC.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\WUdYzbF.exe
  C:\Windows\System\WUdYzbF.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\YWrQqNt.exe
  C:\Windows\System\YWrQqNt.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\gnIwbXj.exe
  C:\Windows\System\gnIwbXj.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ACISyFT.exe
  C:\Windows\System\ACISyFT.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\duFFgZX.exe
  C:\Windows\System\duFFgZX.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\etngxzX.exe
  C:\Windows\System\etngxzX.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\lzWrKhL.exe
  C:\Windows\System\lzWrKhL.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\EFCKAnA.exe
  C:\Windows\System\EFCKAnA.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\xXFsIyT.exe
  C:\Windows\System\xXFsIyT.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\CvKoQLu.exe
  C:\Windows\System\CvKoQLu.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\oPXdPnG.exe
  C:\Windows\System\oPXdPnG.exe
  2⤵
  PID:1144
- C:\Windows\System\ixTllaq.exe
  C:\Windows\System\ixTllaq.exe
  2⤵
  PID:4484
- C:\Windows\System\LDxHyOp.exe
  C:\Windows\System\LDxHyOp.exe
  2⤵
  PID:220
- C:\Windows\System\Ikaqxtg.exe
  C:\Windows\System\Ikaqxtg.exe
  2⤵
  PID:3864
- C:\Windows\System\FjVVHeF.exe
  C:\Windows\System\FjVVHeF.exe
  2⤵
  PID:5040
- C:\Windows\System\NRECxQx.exe
  C:\Windows\System\NRECxQx.exe
  2⤵
  PID:3620
- C:\Windows\System\VprMrRB.exe
  C:\Windows\System\VprMrRB.exe
  2⤵
  PID:1676
- C:\Windows\System\NJlaZMI.exe
  C:\Windows\System\NJlaZMI.exe
  2⤵
  PID:3280
- C:\Windows\System\ahmpmbD.exe
  C:\Windows\System\ahmpmbD.exe
  2⤵
  PID:3944
- C:\Windows\System\TmhCUMJ.exe
  C:\Windows\System\TmhCUMJ.exe
  2⤵
  PID:2076
- C:\Windows\System\PBfblGw.exe
  C:\Windows\System\PBfblGw.exe
  2⤵
  PID:1936
- C:\Windows\System\UFtsrCy.exe
  C:\Windows\System\UFtsrCy.exe
  2⤵
  PID:4544
- C:\Windows\System\khkJAYt.exe
  C:\Windows\System\khkJAYt.exe
  2⤵
  PID:5140
- C:\Windows\System\tWZUxtv.exe
  C:\Windows\System\tWZUxtv.exe
  2⤵
  PID:5164
- C:\Windows\System\qhUqrYI.exe
  C:\Windows\System\qhUqrYI.exe
  2⤵
  PID:5192
- C:\Windows\System\adeWbvc.exe
  C:\Windows\System\adeWbvc.exe
  2⤵
  PID:5224
- C:\Windows\System\lcAPRVF.exe
  C:\Windows\System\lcAPRVF.exe
  2⤵
  PID:5256
- C:\Windows\System\HaPMJVc.exe
  C:\Windows\System\HaPMJVc.exe
  2⤵
  PID:5288
- C:\Windows\System\BKgtqQH.exe
  C:\Windows\System\BKgtqQH.exe
  2⤵
  PID:5320
- C:\Windows\System\WfBebMw.exe
  C:\Windows\System\WfBebMw.exe
  2⤵
  PID:5344
- C:\Windows\System\ghOfPoM.exe
  C:\Windows\System\ghOfPoM.exe
  2⤵
  PID:5376
- C:\Windows\System\QWfSPrl.exe
  C:\Windows\System\QWfSPrl.exe
  2⤵
  PID:5404
- C:\Windows\System\hENlBTO.exe
  C:\Windows\System\hENlBTO.exe
  2⤵
  PID:5432
- C:\Windows\System\vSPHDAF.exe
  C:\Windows\System\vSPHDAF.exe
  2⤵
  PID:5460
- C:\Windows\System\pZuHbzV.exe
  C:\Windows\System\pZuHbzV.exe
  2⤵
  PID:5484
- C:\Windows\System\gFTriWK.exe
  C:\Windows\System\gFTriWK.exe
  2⤵
  PID:5512
- C:\Windows\System\nhDFepO.exe
  C:\Windows\System\nhDFepO.exe
  2⤵
  PID:5544
- C:\Windows\System\LjQlCdv.exe
  C:\Windows\System\LjQlCdv.exe
  2⤵
  PID:5572
- C:\Windows\System\WBUIsKO.exe
  C:\Windows\System\WBUIsKO.exe
  2⤵
  PID:5600
- C:\Windows\System\tCPgase.exe
  C:\Windows\System\tCPgase.exe
  2⤵
  PID:5628
- C:\Windows\System\YQkkIeH.exe
  C:\Windows\System\YQkkIeH.exe
  2⤵
  PID:5656
- C:\Windows\System\BmBIPva.exe
  C:\Windows\System\BmBIPva.exe
  2⤵
  PID:5684
- C:\Windows\System\aZMpfYp.exe
  C:\Windows\System\aZMpfYp.exe
  2⤵
  PID:5712
- C:\Windows\System\alUQJWh.exe
  C:\Windows\System\alUQJWh.exe
  2⤵
  PID:5740
- C:\Windows\System\XJGibuo.exe
  C:\Windows\System\XJGibuo.exe
  2⤵
  PID:5768
- C:\Windows\System\mpCKRjS.exe
  C:\Windows\System\mpCKRjS.exe
  2⤵
  PID:5796
- C:\Windows\System\CRjOVGL.exe
  C:\Windows\System\CRjOVGL.exe
  2⤵
  PID:5824
- C:\Windows\System\GgmpJKA.exe
  C:\Windows\System\GgmpJKA.exe
  2⤵
  PID:5852
- C:\Windows\System\rqiRVsA.exe
  C:\Windows\System\rqiRVsA.exe
  2⤵
  PID:5884
- C:\Windows\System\XjrUfNw.exe
  C:\Windows\System\XjrUfNw.exe
  2⤵
  PID:5908
- C:\Windows\System\KkIsLHa.exe
  C:\Windows\System\KkIsLHa.exe
  2⤵
  PID:5936
- C:\Windows\System\UuamRuJ.exe
  C:\Windows\System\UuamRuJ.exe
  2⤵
  PID:5964
- C:\Windows\System\SvBPtpe.exe
  C:\Windows\System\SvBPtpe.exe
  2⤵
  PID:5992
- C:\Windows\System\KJrXGfG.exe
  C:\Windows\System\KJrXGfG.exe
  2⤵
  PID:6020
- C:\Windows\System\CLxBMCM.exe
  C:\Windows\System\CLxBMCM.exe
  2⤵
  PID:6048
- C:\Windows\System\WujDlhJ.exe
  C:\Windows\System\WujDlhJ.exe
  2⤵
  PID:6076
- C:\Windows\System\zAaYeOR.exe
  C:\Windows\System\zAaYeOR.exe
  2⤵
  PID:6104
- C:\Windows\System\fnmXxXo.exe
  C:\Windows\System\fnmXxXo.exe
  2⤵
  PID:6128
- C:\Windows\System\QAKkHWp.exe
  C:\Windows\System\QAKkHWp.exe
  2⤵
  PID:2632
- C:\Windows\System\SIAvZuW.exe
  C:\Windows\System\SIAvZuW.exe
  2⤵
  PID:332
- C:\Windows\System\VemTjzY.exe
  C:\Windows\System\VemTjzY.exe
  2⤵
  PID:2012
- C:\Windows\System\uigzLXQ.exe
  C:\Windows\System\uigzLXQ.exe
  2⤵
  PID:4936
- C:\Windows\System\vyMoQOA.exe
  C:\Windows\System\vyMoQOA.exe
  2⤵
  PID:5244
- C:\Windows\System\ihiOSfE.exe
  C:\Windows\System\ihiOSfE.exe
  2⤵
  PID:5216
- C:\Windows\System\ZNtmFmy.exe
  C:\Windows\System\ZNtmFmy.exe
  2⤵
  PID:5280
- C:\Windows\System\TBOEVvO.exe
  C:\Windows\System\TBOEVvO.exe
  2⤵
  PID:5364
- C:\Windows\System\cILTdBL.exe
  C:\Windows\System\cILTdBL.exe
  2⤵
  PID:5444
- C:\Windows\System\dnXyNic.exe
  C:\Windows\System\dnXyNic.exe
  2⤵
  PID:5476
- C:\Windows\System\bcUEstj.exe
  C:\Windows\System\bcUEstj.exe
  2⤵
  PID:5536
- C:\Windows\System\ptdiaAi.exe
  C:\Windows\System\ptdiaAi.exe
  2⤵
  PID:5612
- C:\Windows\System\fEmfrpl.exe
  C:\Windows\System\fEmfrpl.exe
  2⤵
  PID:5672
- C:\Windows\System\khzvJkZ.exe
  C:\Windows\System\khzvJkZ.exe
  2⤵
  PID:5728
- C:\Windows\System\jweWSdU.exe
  C:\Windows\System\jweWSdU.exe
  2⤵
  PID:5788
- C:\Windows\System\gvheUmp.exe
  C:\Windows\System\gvheUmp.exe
  2⤵
  PID:5864
- C:\Windows\System\bCkIhDi.exe
  C:\Windows\System\bCkIhDi.exe
  2⤵
  PID:5920
- C:\Windows\System\wlKnVFg.exe
  C:\Windows\System\wlKnVFg.exe
  2⤵
  PID:5976
- C:\Windows\System\paITUvh.exe
  C:\Windows\System\paITUvh.exe
  2⤵
  PID:6040
- C:\Windows\System\zJWffIz.exe
  C:\Windows\System\zJWffIz.exe
  2⤵
  PID:6116
- C:\Windows\System\URmBKFT.exe
  C:\Windows\System\URmBKFT.exe
  2⤵
  PID:3956
- C:\Windows\System\ulgTgEA.exe
  C:\Windows\System\ulgTgEA.exe
  2⤵
  PID:3632
- C:\Windows\System\fFDbSbL.exe
  C:\Windows\System\fFDbSbL.exe
  2⤵
  PID:5252
- C:\Windows\System\gbhjjkX.exe
  C:\Windows\System\gbhjjkX.exe
  2⤵
  PID:5340
- C:\Windows\System\hChfysA.exe
  C:\Windows\System\hChfysA.exe
  2⤵
  PID:5508
- C:\Windows\System\SrRJvQD.exe
  C:\Windows\System\SrRJvQD.exe
  2⤵
  PID:5644
- C:\Windows\System\GDrEoLw.exe
  C:\Windows\System\GDrEoLw.exe
  2⤵
  PID:5780
- C:\Windows\System\KgnwKTi.exe
  C:\Windows\System\KgnwKTi.exe
  2⤵
  PID:2112
- C:\Windows\System\exQvwoP.exe
  C:\Windows\System\exQvwoP.exe
  2⤵
  PID:6068
- C:\Windows\System\oGCiESO.exe
  C:\Windows\System\oGCiESO.exe
  2⤵
  PID:6164
- C:\Windows\System\BgMelBy.exe
  C:\Windows\System\BgMelBy.exe
  2⤵
  PID:6192
- C:\Windows\System\jOtUMUe.exe
  C:\Windows\System\jOtUMUe.exe
  2⤵
  PID:6220
- C:\Windows\System\AcZhlVM.exe
  C:\Windows\System\AcZhlVM.exe
  2⤵
  PID:6248
- C:\Windows\System\MLuCDxH.exe
  C:\Windows\System\MLuCDxH.exe
  2⤵
  PID:6276
- C:\Windows\System\cvgqqIi.exe
  C:\Windows\System\cvgqqIi.exe
  2⤵
  PID:6300
- C:\Windows\System\WSQsyxs.exe
  C:\Windows\System\WSQsyxs.exe
  2⤵
  PID:6328
- C:\Windows\System\YPEmWiK.exe
  C:\Windows\System\YPEmWiK.exe
  2⤵
  PID:6360
- C:\Windows\System\QdbSFcy.exe
  C:\Windows\System\QdbSFcy.exe
  2⤵
  PID:6388
- C:\Windows\System\QqCZPiV.exe
  C:\Windows\System\QqCZPiV.exe
  2⤵
  PID:6416
- C:\Windows\System\EHCNqJu.exe
  C:\Windows\System\EHCNqJu.exe
  2⤵
  PID:6444
- C:\Windows\System\NiPNuBG.exe
  C:\Windows\System\NiPNuBG.exe
  2⤵
  PID:6472
- C:\Windows\System\DsEeLUu.exe
  C:\Windows\System\DsEeLUu.exe
  2⤵
  PID:6500
- C:\Windows\System\hcPnjDY.exe
  C:\Windows\System\hcPnjDY.exe
  2⤵
  PID:6528
- C:\Windows\System\qLTylEb.exe
  C:\Windows\System\qLTylEb.exe
  2⤵
  PID:6556
- C:\Windows\System\DhzSobh.exe
  C:\Windows\System\DhzSobh.exe
  2⤵
  PID:6584
- C:\Windows\System\lDWbpuB.exe
  C:\Windows\System\lDWbpuB.exe
  2⤵
  PID:6612
- C:\Windows\System\wTEyMDf.exe
  C:\Windows\System\wTEyMDf.exe
  2⤵
  PID:6640
- C:\Windows\System\rvulwwQ.exe
  C:\Windows\System\rvulwwQ.exe
  2⤵
  PID:6668
- C:\Windows\System\obfNwzc.exe
  C:\Windows\System\obfNwzc.exe
  2⤵
  PID:6692
- C:\Windows\System\XgHweBb.exe
  C:\Windows\System\XgHweBb.exe
  2⤵
  PID:6724
- C:\Windows\System\RHRexUV.exe
  C:\Windows\System\RHRexUV.exe
  2⤵
  PID:6752
- C:\Windows\System\DEJGmch.exe
  C:\Windows\System\DEJGmch.exe
  2⤵
  PID:6780
- C:\Windows\System\mQVqSGk.exe
  C:\Windows\System\mQVqSGk.exe
  2⤵
  PID:6808
- C:\Windows\System\FCxzgqy.exe
  C:\Windows\System\FCxzgqy.exe
  2⤵
  PID:6836
- C:\Windows\System\KiSOITA.exe
  C:\Windows\System\KiSOITA.exe
  2⤵
  PID:6864
- C:\Windows\System\JnOzFNk.exe
  C:\Windows\System\JnOzFNk.exe
  2⤵
  PID:6892
- C:\Windows\System\FoPtzll.exe
  C:\Windows\System\FoPtzll.exe
  2⤵
  PID:6916
- C:\Windows\System\EEMUqwi.exe
  C:\Windows\System\EEMUqwi.exe
  2⤵
  PID:6944
- C:\Windows\System\flnEjPQ.exe
  C:\Windows\System\flnEjPQ.exe
  2⤵
  PID:6972
- C:\Windows\System\ExBeCNr.exe
  C:\Windows\System\ExBeCNr.exe
  2⤵
  PID:7000
- C:\Windows\System\DGhEPCC.exe
  C:\Windows\System\DGhEPCC.exe
  2⤵
  PID:7036
- C:\Windows\System\qRhFpil.exe
  C:\Windows\System\qRhFpil.exe
  2⤵
  PID:7068
- C:\Windows\System\dIwInWK.exe
  C:\Windows\System\dIwInWK.exe
  2⤵
  PID:7088
- C:\Windows\System\eKekJdw.exe
  C:\Windows\System\eKekJdw.exe
  2⤵
  PID:7116
- C:\Windows\System\KpeLXyz.exe
  C:\Windows\System\KpeLXyz.exe
  2⤵
  PID:7144
- C:\Windows\System\hXjWrWO.exe
  C:\Windows\System\hXjWrWO.exe
  2⤵
  PID:5588
- C:\Windows\System\PuOyELn.exe
  C:\Windows\System\PuOyELn.exe
  2⤵
  PID:6148
- C:\Windows\System\gDlpUzT.exe
  C:\Windows\System\gDlpUzT.exe
  2⤵
  PID:4512
- C:\Windows\System\MVULdGC.exe
  C:\Windows\System\MVULdGC.exe
  2⤵
  PID:6268
- C:\Windows\System\IzJnbys.exe
  C:\Windows\System\IzJnbys.exe
  2⤵
  PID:6320
- C:\Windows\System\YCfXoKm.exe
  C:\Windows\System\YCfXoKm.exe
  2⤵
  PID:6352
- C:\Windows\System\fhkrsPP.exe
  C:\Windows\System\fhkrsPP.exe
  2⤵
  PID:6408
- C:\Windows\System\VqEwgUS.exe
  C:\Windows\System\VqEwgUS.exe
  2⤵
  PID:4632
- C:\Windows\System\liCBJmj.exe
  C:\Windows\System\liCBJmj.exe
  2⤵
  PID:6516
- C:\Windows\System\yARuDxv.exe
  C:\Windows\System\yARuDxv.exe
  2⤵
  PID:6596
- C:\Windows\System\MRZdJsr.exe
  C:\Windows\System\MRZdJsr.exe
  2⤵
  PID:6656
- C:\Windows\System\OLMVwSE.exe
  C:\Windows\System\OLMVwSE.exe
  2⤵
  PID:6740
- C:\Windows\System\AquMhPt.exe
  C:\Windows\System\AquMhPt.exe
  2⤵
  PID:6820
- C:\Windows\System\JBVFlNQ.exe
  C:\Windows\System\JBVFlNQ.exe
  2⤵
  PID:6880
- C:\Windows\System\sFTiDwt.exe
  C:\Windows\System\sFTiDwt.exe
  2⤵
  PID:6988
- C:\Windows\System\XeCQxZB.exe
  C:\Windows\System\XeCQxZB.exe
  2⤵
  PID:5004
- C:\Windows\System\UaFoKYP.exe
  C:\Windows\System\UaFoKYP.exe
  2⤵
  PID:2640
- C:\Windows\System\WrDdOMN.exe
  C:\Windows\System\WrDdOMN.exe
  2⤵
  PID:5248
- C:\Windows\System\OyQsLIZ.exe
  C:\Windows\System\OyQsLIZ.exe
  2⤵
  PID:1656
- C:\Windows\System\tZmZNuH.exe
  C:\Windows\System\tZmZNuH.exe
  2⤵
  PID:3760
- C:\Windows\System\GdpJReB.exe
  C:\Windows\System\GdpJReB.exe
  2⤵
  PID:2844
- C:\Windows\System\aJPvLGt.exe
  C:\Windows\System\aJPvLGt.exe
  2⤵
  PID:6152
- C:\Windows\System\hBAUdIz.exe
  C:\Windows\System\hBAUdIz.exe
  2⤵
  PID:6032
- C:\Windows\System\RSxBzXl.exe
  C:\Windows\System\RSxBzXl.exe
  2⤵
  PID:6316
- C:\Windows\System\zpNPGli.exe
  C:\Windows\System\zpNPGli.exe
  2⤵
  PID:6400
- C:\Windows\System\vqLRoLM.exe
  C:\Windows\System\vqLRoLM.exe
  2⤵
  PID:6492
- C:\Windows\System\gjZJvGN.exe
  C:\Windows\System\gjZJvGN.exe
  2⤵
  PID:6712
- C:\Windows\System\ayADrnN.exe
  C:\Windows\System\ayADrnN.exe
  2⤵
  PID:6848
- C:\Windows\System\bhoexTH.exe
  C:\Windows\System\bhoexTH.exe
  2⤵
  PID:6968
- C:\Windows\System\NipSpsO.exe
  C:\Windows\System\NipSpsO.exe
  2⤵
  PID:7064
- C:\Windows\System\jyuIWEM.exe
  C:\Windows\System\jyuIWEM.exe
  2⤵
  PID:1032
- C:\Windows\System\ADccwXu.exe
  C:\Windows\System\ADccwXu.exe
  2⤵
  PID:6008
- C:\Windows\System\aZHLhBz.exe
  C:\Windows\System\aZHLhBz.exe
  2⤵
  PID:6456
- C:\Windows\System\hqQSfEz.exe
  C:\Windows\System\hqQSfEz.exe
  2⤵
  PID:6908
- C:\Windows\System\rxwCXPX.exe
  C:\Windows\System\rxwCXPX.exe
  2⤵
  PID:7060
- C:\Windows\System\CfmopbO.exe
  C:\Windows\System\CfmopbO.exe
  2⤵
  PID:1596
- C:\Windows\System\ZlQjQCL.exe
  C:\Windows\System\ZlQjQCL.exe
  2⤵
  PID:2244
- C:\Windows\System\giQFonu.exe
  C:\Windows\System\giQFonu.exe
  2⤵
  PID:2100
- C:\Windows\System\rrMJFGA.exe
  C:\Windows\System\rrMJFGA.exe
  2⤵
  PID:4880
- C:\Windows\System\WzgwHFS.exe
  C:\Windows\System\WzgwHFS.exe
  2⤵
  PID:5452
- C:\Windows\System\vXopBiH.exe
  C:\Windows\System\vXopBiH.exe
  2⤵
  PID:7208
- C:\Windows\System\GwukhVz.exe
  C:\Windows\System\GwukhVz.exe
  2⤵
  PID:7228
- C:\Windows\System\ijDTRMS.exe
  C:\Windows\System\ijDTRMS.exe
  2⤵
  PID:7276
- C:\Windows\System\SvViRLB.exe
  C:\Windows\System\SvViRLB.exe
  2⤵
  PID:7300
- C:\Windows\System\yHJCNZa.exe
  C:\Windows\System\yHJCNZa.exe
  2⤵
  PID:7344
- C:\Windows\System\cFZCLaH.exe
  C:\Windows\System\cFZCLaH.exe
  2⤵
  PID:7364
- C:\Windows\System\kKBYiom.exe
  C:\Windows\System\kKBYiom.exe
  2⤵
  PID:7404
- C:\Windows\System\JsUeknr.exe
  C:\Windows\System\JsUeknr.exe
  2⤵
  PID:7436
- C:\Windows\System\SgNabwC.exe
  C:\Windows\System\SgNabwC.exe
  2⤵
  PID:7460
- C:\Windows\System\gqbivRK.exe
  C:\Windows\System\gqbivRK.exe
  2⤵
  PID:7480
- C:\Windows\System\MulMGDj.exe
  C:\Windows\System\MulMGDj.exe
  2⤵
  PID:7508
- C:\Windows\System\EZLxLdG.exe
  C:\Windows\System\EZLxLdG.exe
  2⤵
  PID:7536
- C:\Windows\System\bnpOsOf.exe
  C:\Windows\System\bnpOsOf.exe
  2⤵
  PID:7576
- C:\Windows\System\IyvBiEv.exe
  C:\Windows\System\IyvBiEv.exe
  2⤵
  PID:7612
- C:\Windows\System\dpNRbIx.exe
  C:\Windows\System\dpNRbIx.exe
  2⤵
  PID:7640
- C:\Windows\System\sogVJlX.exe
  C:\Windows\System\sogVJlX.exe
  2⤵
  PID:7668
- C:\Windows\System\qLeRAKz.exe
  C:\Windows\System\qLeRAKz.exe
  2⤵
  PID:7696
- C:\Windows\System\ZNgDUhY.exe
  C:\Windows\System\ZNgDUhY.exe
  2⤵
  PID:7724
- C:\Windows\System\jzABcBk.exe
  C:\Windows\System\jzABcBk.exe
  2⤵
  PID:7752
- C:\Windows\System\HaIFXtR.exe
  C:\Windows\System\HaIFXtR.exe
  2⤵
  PID:7780
- C:\Windows\System\doHGMhI.exe
  C:\Windows\System\doHGMhI.exe
  2⤵
  PID:7820
- C:\Windows\System\bpzcafL.exe
  C:\Windows\System\bpzcafL.exe
  2⤵
  PID:7852
- C:\Windows\System\CCRUwsx.exe
  C:\Windows\System\CCRUwsx.exe
  2⤵
  PID:7896
- C:\Windows\System\veLuFzF.exe
  C:\Windows\System\veLuFzF.exe
  2⤵
  PID:7928
- C:\Windows\System\bEcEFCK.exe
  C:\Windows\System\bEcEFCK.exe
  2⤵
  PID:7956
- C:\Windows\System\DERTEDY.exe
  C:\Windows\System\DERTEDY.exe
  2⤵
  PID:7972
- C:\Windows\System\rPUvUNG.exe
  C:\Windows\System\rPUvUNG.exe
  2⤵
  PID:8012
- C:\Windows\System\TJbIKhs.exe
  C:\Windows\System\TJbIKhs.exe
  2⤵
  PID:8040
- C:\Windows\System\nchIyMg.exe
  C:\Windows\System\nchIyMg.exe
  2⤵
  PID:8068
- C:\Windows\System\vjqmakh.exe
  C:\Windows\System\vjqmakh.exe
  2⤵
  PID:8108
- C:\Windows\System\yHJZbQl.exe
  C:\Windows\System\yHJZbQl.exe
  2⤵
  PID:8124
- C:\Windows\System\RTiFeVL.exe
  C:\Windows\System\RTiFeVL.exe
  2⤵
  PID:8164
- C:\Windows\System\abnWYar.exe
  C:\Windows\System\abnWYar.exe
  2⤵
  PID:8184
- C:\Windows\System\kVeOrRt.exe
  C:\Windows\System\kVeOrRt.exe
  2⤵
  PID:7240
- C:\Windows\System\fpxwfpT.exe
  C:\Windows\System\fpxwfpT.exe
  2⤵
  PID:7084
- C:\Windows\System\IgefIiU.exe
  C:\Windows\System\IgefIiU.exe
  2⤵
  PID:7336
- C:\Windows\System\BmimLPs.exe
  C:\Windows\System\BmimLPs.exe
  2⤵
  PID:7416
- C:\Windows\System\HtNFfHb.exe
  C:\Windows\System\HtNFfHb.exe
  2⤵
  PID:7476
- C:\Windows\System\elQkXfa.exe
  C:\Windows\System\elQkXfa.exe
  2⤵
  PID:7532
- C:\Windows\System\bJFpsgz.exe
  C:\Windows\System\bJFpsgz.exe
  2⤵
  PID:7604
- C:\Windows\System\OJXXTXz.exe
  C:\Windows\System\OJXXTXz.exe
  2⤵
  PID:7632
- C:\Windows\System\dxJOAlY.exe
  C:\Windows\System\dxJOAlY.exe
  2⤵
  PID:7680
- C:\Windows\System\hCCyaaX.exe
  C:\Windows\System\hCCyaaX.exe
  2⤵
  PID:2176
- C:\Windows\System\DnEOQvQ.exe
  C:\Windows\System\DnEOQvQ.exe
  2⤵
  PID:7748
- C:\Windows\System\vEnUUqy.exe
  C:\Windows\System\vEnUUqy.exe
  2⤵
  PID:7800
- C:\Windows\System\AwpHinO.exe
  C:\Windows\System\AwpHinO.exe
  2⤵
  PID:2756
- C:\Windows\System\AiaTrDl.exe
  C:\Windows\System\AiaTrDl.exe
  2⤵
  PID:7916
- C:\Windows\System\kaXYynY.exe
  C:\Windows\System\kaXYynY.exe
  2⤵
  PID:7964
- C:\Windows\System\iFdruwC.exe
  C:\Windows\System\iFdruwC.exe
  2⤵
  PID:8052
- C:\Windows\System\XiZTwGu.exe
  C:\Windows\System\XiZTwGu.exe
  2⤵
  PID:8120
- C:\Windows\System\PhNSeCb.exe
  C:\Windows\System\PhNSeCb.exe
  2⤵
  PID:8156
- C:\Windows\System\xCWivmJ.exe
  C:\Windows\System\xCWivmJ.exe
  2⤵
  PID:6432
- C:\Windows\System\TXfutXo.exe
  C:\Windows\System\TXfutXo.exe
  2⤵
  PID:7444
- C:\Windows\System\OQHHjoO.exe
  C:\Windows\System\OQHHjoO.exe
  2⤵
  PID:1332
- C:\Windows\System\cKbwokk.exe
  C:\Windows\System\cKbwokk.exe
  2⤵
  PID:6996
- C:\Windows\System\UaXIZHn.exe
  C:\Windows\System\UaXIZHn.exe
  2⤵
  PID:7772
- C:\Windows\System\rYsmjBY.exe
  C:\Windows\System\rYsmjBY.exe
  2⤵
  PID:7908
- C:\Windows\System\YDSMggc.exe
  C:\Windows\System\YDSMggc.exe
  2⤵
  PID:8024
- C:\Windows\System\BbFByYR.exe
  C:\Windows\System\BbFByYR.exe
  2⤵
  PID:7296
- C:\Windows\System\jESAUYv.exe
  C:\Windows\System\jESAUYv.exe
  2⤵
  PID:6296
- C:\Windows\System\OUntqaS.exe
  C:\Windows\System\OUntqaS.exe
  2⤵
  PID:7624
- C:\Windows\System\LbcVSOz.exe
  C:\Windows\System\LbcVSOz.exe
  2⤵
  PID:5420
- C:\Windows\System\tAVIQaX.exe
  C:\Windows\System\tAVIQaX.exe
  2⤵
  PID:7128
- C:\Windows\System\asmfujt.exe
  C:\Windows\System\asmfujt.exe
  2⤵
  PID:8032
- C:\Windows\System\KRvZGEW.exe
  C:\Windows\System\KRvZGEW.exe
  2⤵
  PID:8220
- C:\Windows\System\BWpcyyU.exe
  C:\Windows\System\BWpcyyU.exe
  2⤵
  PID:8248
- C:\Windows\System\FWgwkyn.exe
  C:\Windows\System\FWgwkyn.exe
  2⤵
  PID:8276
- C:\Windows\System\DPnsKPC.exe
  C:\Windows\System\DPnsKPC.exe
  2⤵
  PID:8304
- C:\Windows\System\ySVTEWD.exe
  C:\Windows\System\ySVTEWD.exe
  2⤵
  PID:8332
- C:\Windows\System\gjvawnu.exe
  C:\Windows\System\gjvawnu.exe
  2⤵
  PID:8356
- C:\Windows\System\XyoqIYy.exe
  C:\Windows\System\XyoqIYy.exe
  2⤵
  PID:8388
- C:\Windows\System\vdCjtZh.exe
  C:\Windows\System\vdCjtZh.exe
  2⤵
  PID:8416
- C:\Windows\System\fizrkyf.exe
  C:\Windows\System\fizrkyf.exe
  2⤵
  PID:8444
- C:\Windows\System\iLxQVZF.exe
  C:\Windows\System\iLxQVZF.exe
  2⤵
  PID:8472
- C:\Windows\System\tYWujcc.exe
  C:\Windows\System\tYWujcc.exe
  2⤵
  PID:8500
- C:\Windows\System\YoXeool.exe
  C:\Windows\System\YoXeool.exe
  2⤵
  PID:8516
- C:\Windows\System\ystVKRn.exe
  C:\Windows\System\ystVKRn.exe
  2⤵
  PID:8540
- C:\Windows\System\itavvei.exe
  C:\Windows\System\itavvei.exe
  2⤵
  PID:8584
- C:\Windows\System\bYDitzH.exe
  C:\Windows\System\bYDitzH.exe
  2⤵
  PID:8612
- C:\Windows\System\AXyHqKc.exe
  C:\Windows\System\AXyHqKc.exe
  2⤵
  PID:8632
- C:\Windows\System\CMWAtwG.exe
  C:\Windows\System\CMWAtwG.exe
  2⤵
  PID:8660
- C:\Windows\System\tqwVeuk.exe
  C:\Windows\System\tqwVeuk.exe
  2⤵
  PID:8696
- C:\Windows\System\RGJZMmf.exe
  C:\Windows\System\RGJZMmf.exe
  2⤵
  PID:8724
- C:\Windows\System\oFKVbAl.exe
  C:\Windows\System\oFKVbAl.exe
  2⤵
  PID:8796
- C:\Windows\System\pPDlwVv.exe
  C:\Windows\System\pPDlwVv.exe
  2⤵
  PID:8812
- C:\Windows\System\FFMZXeC.exe
  C:\Windows\System\FFMZXeC.exe
  2⤵
  PID:8840
- C:\Windows\System\poTbQhf.exe
  C:\Windows\System\poTbQhf.exe
  2⤵
  PID:8856
- C:\Windows\System\prxCJhS.exe
  C:\Windows\System\prxCJhS.exe
  2⤵
  PID:8884
- C:\Windows\System\PGEZPlU.exe
  C:\Windows\System\PGEZPlU.exe
  2⤵
  PID:8928
- C:\Windows\System\BjXHVTi.exe
  C:\Windows\System\BjXHVTi.exe
  2⤵
  PID:8956
- C:\Windows\System\Lzraeow.exe
  C:\Windows\System\Lzraeow.exe
  2⤵
  PID:8984
- C:\Windows\System\pzBwfIc.exe
  C:\Windows\System\pzBwfIc.exe
  2⤵
  PID:9012
- C:\Windows\System\GJiyaWb.exe
  C:\Windows\System\GJiyaWb.exe
  2⤵
  PID:9028
- C:\Windows\System\vvmspXX.exe
  C:\Windows\System\vvmspXX.exe
  2⤵
  PID:9068
- C:\Windows\System\SbuBiwV.exe
  C:\Windows\System\SbuBiwV.exe
  2⤵
  PID:9096
- C:\Windows\System\GDlOaPo.exe
  C:\Windows\System\GDlOaPo.exe
  2⤵
  PID:9124
- C:\Windows\System\KJTWvJI.exe
  C:\Windows\System\KJTWvJI.exe
  2⤵
  PID:9152
- C:\Windows\System\gEatPkg.exe
  C:\Windows\System\gEatPkg.exe
  2⤵
  PID:9180
- C:\Windows\System\zoPUPMb.exe
  C:\Windows\System\zoPUPMb.exe
  2⤵
  PID:9208
- C:\Windows\System\wbHihmp.exe
  C:\Windows\System\wbHihmp.exe
  2⤵
  PID:8232
- C:\Windows\System\yBTkyYG.exe
  C:\Windows\System\yBTkyYG.exe
  2⤵
  PID:8300
- C:\Windows\System\FRxNaym.exe
  C:\Windows\System\FRxNaym.exe
  2⤵
  PID:8364
- C:\Windows\System\aqsxPEJ.exe
  C:\Windows\System\aqsxPEJ.exe
  2⤵
  PID:8412
- C:\Windows\System\bsRSsJh.exe
  C:\Windows\System\bsRSsJh.exe
  2⤵
  PID:8484
- C:\Windows\System\muIZQxT.exe
  C:\Windows\System\muIZQxT.exe
  2⤵
  PID:8532
- C:\Windows\System\xdOJqmD.exe
  C:\Windows\System\xdOJqmD.exe
  2⤵
  PID:8608
- C:\Windows\System\QWOgKKP.exe
  C:\Windows\System\QWOgKKP.exe
  2⤵
  PID:8680
- C:\Windows\System\sTPnkcd.exe
  C:\Windows\System\sTPnkcd.exe
  2⤵
  PID:8748
- C:\Windows\System\cbXPybe.exe
  C:\Windows\System\cbXPybe.exe
  2⤵
  PID:8808
- C:\Windows\System\mXxMHuK.exe
  C:\Windows\System\mXxMHuK.exe
  2⤵
  PID:8916
- C:\Windows\System\VQnZZCE.exe
  C:\Windows\System\VQnZZCE.exe
  2⤵
  PID:8948
- C:\Windows\System\IFJwUxH.exe
  C:\Windows\System\IFJwUxH.exe
  2⤵
  PID:9040
- C:\Windows\System\ozDVxoI.exe
  C:\Windows\System\ozDVxoI.exe
  2⤵
  PID:9108
- C:\Windows\System\ENnNvBV.exe
  C:\Windows\System\ENnNvBV.exe
  2⤵
  PID:9172
- C:\Windows\System\FsjUHwE.exe
  C:\Windows\System\FsjUHwE.exe
  2⤵
  PID:8212
- C:\Windows\System\RnYMrZR.exe
  C:\Windows\System\RnYMrZR.exe
  2⤵
  PID:8400
- C:\Windows\System\nmvDqUU.exe
  C:\Windows\System\nmvDqUU.exe
  2⤵
  PID:8512
- C:\Windows\System\SGygjie.exe
  C:\Windows\System\SGygjie.exe
  2⤵
  PID:8656
- C:\Windows\System\MFjJecs.exe
  C:\Windows\System\MFjJecs.exe
  2⤵
  PID:8876
- C:\Windows\System\gpoFIZk.exe
  C:\Windows\System\gpoFIZk.exe
  2⤵
  PID:8980
- C:\Windows\System\qZQslUC.exe
  C:\Windows\System\qZQslUC.exe
  2⤵
  PID:9164
- C:\Windows\System\KNAyRfC.exe
  C:\Windows\System\KNAyRfC.exe
  2⤵
  PID:8292
- C:\Windows\System\yxLEfai.exe
  C:\Windows\System\yxLEfai.exe
  2⤵
  PID:8640
- C:\Windows\System\ZXefbBh.exe
  C:\Windows\System\ZXefbBh.exe
  2⤵
  PID:9148
- C:\Windows\System\HeCMqcR.exe
  C:\Windows\System\HeCMqcR.exe
  2⤵
  PID:8096
- C:\Windows\System\XLAnjWv.exe
  C:\Windows\System\XLAnjWv.exe
  2⤵
  PID:9008
- C:\Windows\System\tutVjan.exe
  C:\Windows\System\tutVjan.exe
  2⤵
  PID:9244
- C:\Windows\System\HAaDTeI.exe
  C:\Windows\System\HAaDTeI.exe
  2⤵
  PID:9272
- C:\Windows\System\bYtpfFt.exe
  C:\Windows\System\bYtpfFt.exe
  2⤵
  PID:9292
- C:\Windows\System\aGemQzV.exe
  C:\Windows\System\aGemQzV.exe
  2⤵
  PID:9328
- C:\Windows\System\gVfjwec.exe
  C:\Windows\System\gVfjwec.exe
  2⤵
  PID:9356
- C:\Windows\System\SUrNXmT.exe
  C:\Windows\System\SUrNXmT.exe
  2⤵
  PID:9372
- C:\Windows\System\jOnvFRT.exe
  C:\Windows\System\jOnvFRT.exe
  2⤵
  PID:9408
- C:\Windows\System\RxbCKZn.exe
  C:\Windows\System\RxbCKZn.exe
  2⤵
  PID:9440
- C:\Windows\System\ZoRiWXX.exe
  C:\Windows\System\ZoRiWXX.exe
  2⤵
  PID:9472
- C:\Windows\System\JNBIVla.exe
  C:\Windows\System\JNBIVla.exe
  2⤵
  PID:9488
- C:\Windows\System\SeYaVsI.exe
  C:\Windows\System\SeYaVsI.exe
  2⤵
  PID:9528
- C:\Windows\System\aWBBbml.exe
  C:\Windows\System\aWBBbml.exe
  2⤵
  PID:9556
- C:\Windows\System\yGFMfbg.exe
  C:\Windows\System\yGFMfbg.exe
  2⤵
  PID:9584
- C:\Windows\System\ekrSeLp.exe
  C:\Windows\System\ekrSeLp.exe
  2⤵
  PID:9612
- C:\Windows\System\hMzgDtW.exe
  C:\Windows\System\hMzgDtW.exe
  2⤵
  PID:9640
- C:\Windows\System\lwmXxBz.exe
  C:\Windows\System\lwmXxBz.exe
  2⤵
  PID:9668
- C:\Windows\System\TFwlryr.exe
  C:\Windows\System\TFwlryr.exe
  2⤵
  PID:9696
- C:\Windows\System\YzspEFA.exe
  C:\Windows\System\YzspEFA.exe
  2⤵
  PID:9712
- C:\Windows\System\UrmuapK.exe
  C:\Windows\System\UrmuapK.exe
  2⤵
  PID:9748
- C:\Windows\System\UBvOMTG.exe
  C:\Windows\System\UBvOMTG.exe
  2⤵
  PID:9780
- C:\Windows\System\sfnFqZK.exe
  C:\Windows\System\sfnFqZK.exe
  2⤵
  PID:9808
- C:\Windows\System\MUTYbKC.exe
  C:\Windows\System\MUTYbKC.exe
  2⤵
  PID:9836
- C:\Windows\System\hFAQjXg.exe
  C:\Windows\System\hFAQjXg.exe
  2⤵
  PID:9864
- C:\Windows\System\LpRnGzd.exe
  C:\Windows\System\LpRnGzd.exe
  2⤵
  PID:9892
- C:\Windows\System\BntkELW.exe
  C:\Windows\System\BntkELW.exe
  2⤵
  PID:9920
- C:\Windows\System\XXgHjhJ.exe
  C:\Windows\System\XXgHjhJ.exe
  2⤵
  PID:9948
- C:\Windows\System\UuIElcD.exe
  C:\Windows\System\UuIElcD.exe
  2⤵
  PID:9976
- C:\Windows\System\qsdhfeZ.exe
  C:\Windows\System\qsdhfeZ.exe
  2⤵
  PID:10004
- C:\Windows\System\SnIKPht.exe
  C:\Windows\System\SnIKPht.exe
  2⤵
  PID:10032
- C:\Windows\System\IrCKlPw.exe
  C:\Windows\System\IrCKlPw.exe
  2⤵
  PID:10056
- C:\Windows\System\BVoJpzm.exe
  C:\Windows\System\BVoJpzm.exe
  2⤵
  PID:10088
- C:\Windows\System\urLgDxB.exe
  C:\Windows\System\urLgDxB.exe
  2⤵
  PID:10116
- C:\Windows\System\FMNIpXx.exe
  C:\Windows\System\FMNIpXx.exe
  2⤵
  PID:10144
- C:\Windows\System\fDtgMbA.exe
  C:\Windows\System\fDtgMbA.exe
  2⤵
  PID:10168
- C:\Windows\System\opLxnMK.exe
  C:\Windows\System\opLxnMK.exe
  2⤵
  PID:10200
- C:\Windows\System\GAhPubo.exe
  C:\Windows\System\GAhPubo.exe
  2⤵
  PID:10228
- C:\Windows\System\CfyZUUJ.exe
  C:\Windows\System\CfyZUUJ.exe
  2⤵
  PID:9224
- C:\Windows\System\qvLdmtU.exe
  C:\Windows\System\qvLdmtU.exe
  2⤵
  PID:9316
- C:\Windows\System\WUtMUgs.exe
  C:\Windows\System\WUtMUgs.exe
  2⤵
  PID:9348
- C:\Windows\System\rcHqkLn.exe
  C:\Windows\System\rcHqkLn.exe
  2⤵
  PID:9436
- C:\Windows\System\kdvdjyo.exe
  C:\Windows\System\kdvdjyo.exe
  2⤵
  PID:9508
- C:\Windows\System\rqvEHEe.exe
  C:\Windows\System\rqvEHEe.exe
  2⤵
  PID:9548
- C:\Windows\System\oBNOVLB.exe
  C:\Windows\System\oBNOVLB.exe
  2⤵
  PID:9636
- C:\Windows\System\sWibAeH.exe
  C:\Windows\System\sWibAeH.exe
  2⤵
  PID:9708
- C:\Windows\System\wBfzlXL.exe
  C:\Windows\System\wBfzlXL.exe
  2⤵
  PID:9776
- C:\Windows\System\YskKThA.exe
  C:\Windows\System\YskKThA.exe
  2⤵
  PID:9824
- C:\Windows\System\txfjNeN.exe
  C:\Windows\System\txfjNeN.exe
  2⤵
  PID:9860
- C:\Windows\System\NSVqrjt.exe
  C:\Windows\System\NSVqrjt.exe
  2⤵
  PID:9960
- C:\Windows\System\EcYVvAc.exe
  C:\Windows\System\EcYVvAc.exe
  2⤵
  PID:10024
- C:\Windows\System\kkYMnNd.exe
  C:\Windows\System\kkYMnNd.exe
  2⤵
  PID:10080
- C:\Windows\System\PvIbFPa.exe
  C:\Windows\System\PvIbFPa.exe
  2⤵
  PID:10160
- C:\Windows\System\UosNDYO.exe
  C:\Windows\System\UosNDYO.exe
  2⤵
  PID:10216
- C:\Windows\System\wFtbeYV.exe
  C:\Windows\System\wFtbeYV.exe
  2⤵
  PID:9304
- C:\Windows\System\sBZUXfr.exe
  C:\Windows\System\sBZUXfr.exe
  2⤵
  PID:9464
- C:\Windows\System\rgVcCjz.exe
  C:\Windows\System\rgVcCjz.exe
  2⤵
  PID:9632
- C:\Windows\System\CQGqJBc.exe
  C:\Windows\System\CQGqJBc.exe
  2⤵
  PID:9756
- C:\Windows\System\iBCWMbe.exe
  C:\Windows\System\iBCWMbe.exe
  2⤵
  PID:9944
- C:\Windows\System\oDayZsT.exe
  C:\Windows\System\oDayZsT.exe
  2⤵
  PID:10128
- C:\Windows\System\LMvMzil.exe
  C:\Windows\System\LMvMzil.exe
  2⤵
  PID:9604
- C:\Windows\System\VdBhqGW.exe
  C:\Windows\System\VdBhqGW.exe
  2⤵
  PID:10016
- C:\Windows\System\nqKQuCX.exe
  C:\Windows\System\nqKQuCX.exe
  2⤵
  PID:10248
- C:\Windows\System\KzxhLmE.exe
  C:\Windows\System\KzxhLmE.exe
  2⤵
  PID:10264
- C:\Windows\System\QVvjwHa.exe
  C:\Windows\System\QVvjwHa.exe
  2⤵
  PID:10292
- C:\Windows\System\meipGsR.exe
  C:\Windows\System\meipGsR.exe
  2⤵
  PID:10312
- C:\Windows\System\LKAxPBw.exe
  C:\Windows\System\LKAxPBw.exe
  2⤵
  PID:10348
- C:\Windows\System\coXjuLJ.exe
  C:\Windows\System\coXjuLJ.exe
  2⤵
  PID:10376
- C:\Windows\System\GpuXlWW.exe
  C:\Windows\System\GpuXlWW.exe
  2⤵
  PID:10404
- C:\Windows\System\RzrvOQL.exe
  C:\Windows\System\RzrvOQL.exe
  2⤵
  PID:10432
- C:\Windows\System\QwCmjvF.exe
  C:\Windows\System\QwCmjvF.exe
  2⤵
  PID:10460
- C:\Windows\System\rPfdYKT.exe
  C:\Windows\System\rPfdYKT.exe
  2⤵
  PID:10488
- C:\Windows\System\cZFdcxt.exe
  C:\Windows\System\cZFdcxt.exe
  2⤵
  PID:10508
- C:\Windows\System\JmfrTNs.exe
  C:\Windows\System\JmfrTNs.exe
  2⤵
  PID:10544
- C:\Windows\System\sgWuQbB.exe
  C:\Windows\System\sgWuQbB.exe
  2⤵
  PID:10560
- C:\Windows\System\zxRmGKX.exe
  C:\Windows\System\zxRmGKX.exe
  2⤵
  PID:10600
- C:\Windows\System\EHrBWGv.exe
  C:\Windows\System\EHrBWGv.exe
  2⤵
  PID:10628
- C:\Windows\System\kupwBhK.exe
  C:\Windows\System\kupwBhK.exe
  2⤵
  PID:10656
- C:\Windows\System\YrIfpvA.exe
  C:\Windows\System\YrIfpvA.exe
  2⤵
  PID:10688
- C:\Windows\System\qyFYbqX.exe
  C:\Windows\System\qyFYbqX.exe
  2⤵
  PID:10716
- C:\Windows\System\cASVZPV.exe
  C:\Windows\System\cASVZPV.exe
  2⤵
  PID:10744
- C:\Windows\System\jyijdvI.exe
  C:\Windows\System\jyijdvI.exe
  2⤵
  PID:10760
- C:\Windows\System\dgjqFJf.exe
  C:\Windows\System\dgjqFJf.exe
  2⤵
  PID:10800
- C:\Windows\System\gmADBNc.exe
  C:\Windows\System\gmADBNc.exe
  2⤵
  PID:10828
- C:\Windows\System\xDBPsmv.exe
  C:\Windows\System\xDBPsmv.exe
  2⤵
  PID:10864
- C:\Windows\System\YmJaiYR.exe
  C:\Windows\System\YmJaiYR.exe
  2⤵
  PID:10880
- C:\Windows\System\mBpavto.exe
  C:\Windows\System\mBpavto.exe
  2⤵
  PID:10940
- C:\Windows\System\lmMircw.exe
  C:\Windows\System\lmMircw.exe
  2⤵
  PID:10960
- C:\Windows\System\pPmHXnJ.exe
  C:\Windows\System\pPmHXnJ.exe
  2⤵
  PID:10988
- C:\Windows\System\KMQtwVD.exe
  C:\Windows\System\KMQtwVD.exe
  2⤵
  PID:11020
- C:\Windows\System\MkBstkf.exe
  C:\Windows\System\MkBstkf.exe
  2⤵
  PID:11056
- C:\Windows\System\ekwVjTU.exe
  C:\Windows\System\ekwVjTU.exe
  2⤵
  PID:11084
- C:\Windows\System\EAqRHDr.exe
  C:\Windows\System\EAqRHDr.exe
  2⤵
  PID:11112
- C:\Windows\System\JHxyEFp.exe
  C:\Windows\System\JHxyEFp.exe
  2⤵
  PID:11128
- C:\Windows\System\ZGNutIR.exe
  C:\Windows\System\ZGNutIR.exe
  2⤵
  PID:11168
- C:\Windows\System\aATDmFy.exe
  C:\Windows\System\aATDmFy.exe
  2⤵
  PID:11196
- C:\Windows\System\gZAFXpr.exe
  C:\Windows\System\gZAFXpr.exe
  2⤵
  PID:11224
- C:\Windows\System\WuFAXDJ.exe
  C:\Windows\System\WuFAXDJ.exe
  2⤵
  PID:11256
- C:\Windows\System\ivQplrL.exe
  C:\Windows\System\ivQplrL.exe
  2⤵
  PID:10300
- C:\Windows\System\jbencxT.exe
  C:\Windows\System\jbencxT.exe
  2⤵
  PID:10388
- C:\Windows\System\ULGeqXt.exe
  C:\Windows\System\ULGeqXt.exe
  2⤵
  PID:10444
- C:\Windows\System\KSPjeRt.exe
  C:\Windows\System\KSPjeRt.exe
  2⤵
  PID:10496
- C:\Windows\System\mVqeQWX.exe
  C:\Windows\System\mVqeQWX.exe
  2⤵
  PID:10552
- C:\Windows\System\DxKecAs.exe
  C:\Windows\System\DxKecAs.exe
  2⤵
  PID:10640
- C:\Windows\System\XHsXRtg.exe
  C:\Windows\System\XHsXRtg.exe
  2⤵
  PID:10700
- C:\Windows\System\KDOXoiM.exe
  C:\Windows\System\KDOXoiM.exe
  2⤵
  PID:10756
- C:\Windows\System\cxeUDTh.exe
  C:\Windows\System\cxeUDTh.exe
  2⤵
  PID:10860
- C:\Windows\System\DsqjwoV.exe
  C:\Windows\System\DsqjwoV.exe
  2⤵
  PID:10952
- C:\Windows\System\JlMSTIx.exe
  C:\Windows\System\JlMSTIx.exe
  2⤵
  PID:11000
- C:\Windows\System\qptceRY.exe
  C:\Windows\System\qptceRY.exe
  2⤵
  PID:11124
- C:\Windows\System\TghaquC.exe
  C:\Windows\System\TghaquC.exe
  2⤵
  PID:11188
- C:\Windows\System\VDgkaRk.exe
  C:\Windows\System\VDgkaRk.exe
  2⤵
  PID:10332
- C:\Windows\System\qHpUnPz.exe
  C:\Windows\System\qHpUnPz.exe
  2⤵
  PID:10536
- C:\Windows\System\gNSNgVr.exe
  C:\Windows\System\gNSNgVr.exe
  2⤵
  PID:10732
- C:\Windows\System\mJnoybV.exe
  C:\Windows\System\mJnoybV.exe
  2⤵
  PID:11004
- C:\Windows\System\MbFBled.exe
  C:\Windows\System\MbFBled.exe
  2⤵
  PID:11240
- C:\Windows\System\dwRHkpa.exe
  C:\Windows\System\dwRHkpa.exe
  2⤵
  PID:10900
- C:\Windows\System\BeHwbCv.exe
  C:\Windows\System\BeHwbCv.exe
  2⤵
  PID:11268
- C:\Windows\System\HHAeHBE.exe
  C:\Windows\System\HHAeHBE.exe
  2⤵
  PID:11308
- C:\Windows\System\xNJOHhq.exe
  C:\Windows\System\xNJOHhq.exe
  2⤵
  PID:11340
- C:\Windows\System\jGLaXzV.exe
  C:\Windows\System\jGLaXzV.exe
  2⤵
  PID:11388
- C:\Windows\System\zNvpyOd.exe
  C:\Windows\System\zNvpyOd.exe
  2⤵
  PID:11424
- C:\Windows\System\ejMxmmp.exe
  C:\Windows\System\ejMxmmp.exe
  2⤵
  PID:11460
- C:\Windows\System\QVtIwIS.exe
  C:\Windows\System\QVtIwIS.exe
  2⤵
  PID:11488
- C:\Windows\System\OBdHhtm.exe
  C:\Windows\System\OBdHhtm.exe
  2⤵
  PID:11520
- C:\Windows\System\bWxoXtX.exe
  C:\Windows\System\bWxoXtX.exe
  2⤵
  PID:11536
- C:\Windows\System\NfGZwDr.exe
  C:\Windows\System\NfGZwDr.exe
  2⤵
  PID:11560
- C:\Windows\System\pCnBWKZ.exe
  C:\Windows\System\pCnBWKZ.exe
  2⤵
  PID:11592
- C:\Windows\System\tKJLAQD.exe
  C:\Windows\System\tKJLAQD.exe
  2⤵
  PID:11620
- C:\Windows\System\SKcbDHf.exe
  C:\Windows\System\SKcbDHf.exe
  2⤵
  PID:11648
- C:\Windows\System\OoqgSsu.exe
  C:\Windows\System\OoqgSsu.exe
  2⤵
  PID:11680
- C:\Windows\System\BUwIbCe.exe
  C:\Windows\System\BUwIbCe.exe
  2⤵
  PID:11716
- C:\Windows\System\LXODWjA.exe
  C:\Windows\System\LXODWjA.exe
  2⤵
  PID:11748
- C:\Windows\System\eGKTokT.exe
  C:\Windows\System\eGKTokT.exe
  2⤵
  PID:11776
- C:\Windows\System\gaLBgtA.exe
  C:\Windows\System\gaLBgtA.exe
  2⤵
  PID:11804
- C:\Windows\System\SkdcBUL.exe
  C:\Windows\System\SkdcBUL.exe
  2⤵
  PID:11836
- C:\Windows\System\NTNnuPT.exe
  C:\Windows\System\NTNnuPT.exe
  2⤵
  PID:11896
- C:\Windows\System\ivVNumB.exe
  C:\Windows\System\ivVNumB.exe
  2⤵
  PID:11924
- C:\Windows\System\FxyzKlA.exe
  C:\Windows\System\FxyzKlA.exe
  2⤵
  PID:11960
- C:\Windows\System\OtONSyi.exe
  C:\Windows\System\OtONSyi.exe
  2⤵
  PID:11996
- C:\Windows\System\juChkHv.exe
  C:\Windows\System\juChkHv.exe
  2⤵
  PID:12016
- C:\Windows\System\gEYaXxg.exe
  C:\Windows\System\gEYaXxg.exe
  2⤵
  PID:12044
- C:\Windows\System\lcFXNIe.exe
  C:\Windows\System\lcFXNIe.exe
  2⤵
  PID:12072
- C:\Windows\System\cmzRdvp.exe
  C:\Windows\System\cmzRdvp.exe
  2⤵
  PID:12100
- C:\Windows\System\kwbyqaW.exe
  C:\Windows\System\kwbyqaW.exe
  2⤵
  PID:12128
- C:\Windows\System\SdcXgCH.exe
  C:\Windows\System\SdcXgCH.exe
  2⤵
  PID:12164
- C:\Windows\System\ewHTwHN.exe
  C:\Windows\System\ewHTwHN.exe
  2⤵
  PID:12180
- C:\Windows\System\ogpSMTy.exe
  C:\Windows\System\ogpSMTy.exe
  2⤵
  PID:12244
- C:\Windows\System\TJjaOWJ.exe
  C:\Windows\System\TJjaOWJ.exe
  2⤵
  PID:12272
- C:\Windows\System\bknwQIB.exe
  C:\Windows\System\bknwQIB.exe
  2⤵
  PID:11304
- C:\Windows\System\JOlYdop.exe
  C:\Windows\System\JOlYdop.exe
  2⤵
  PID:11380
- C:\Windows\System\hdLeIWw.exe
  C:\Windows\System\hdLeIWw.exe
  2⤵
  PID:11448
- C:\Windows\System\ZopUasB.exe
  C:\Windows\System\ZopUasB.exe
  2⤵
  PID:11528
- C:\Windows\System\kLwYHRH.exe
  C:\Windows\System\kLwYHRH.exe
  2⤵
  PID:11584
- C:\Windows\System\JWBSVFY.exe
  C:\Windows\System\JWBSVFY.exe
  2⤵
  PID:11644
- C:\Windows\System\wTODtHX.exe
  C:\Windows\System\wTODtHX.exe
  2⤵
  PID:11712
- C:\Windows\System\mXceiBk.exe
  C:\Windows\System\mXceiBk.exe
  2⤵
  PID:11788
- C:\Windows\System\hTJaJLz.exe
  C:\Windows\System\hTJaJLz.exe
  2⤵
  PID:11880
- C:\Windows\System\NJUrKsw.exe
  C:\Windows\System\NJUrKsw.exe
  2⤵
  PID:9596
- C:\Windows\System\izOrQzR.exe
  C:\Windows\System\izOrQzR.exe
  2⤵
  PID:8076
- C:\Windows\System\XpYVqFv.exe
  C:\Windows\System\XpYVqFv.exe
  2⤵
  PID:11980
- C:\Windows\System\CdshpQV.exe
  C:\Windows\System\CdshpQV.exe
  2⤵
  PID:12040
- C:\Windows\System\JoSVQFS.exe
  C:\Windows\System\JoSVQFS.exe
  2⤵
  PID:12112
- C:\Windows\System\xSROrxu.exe
  C:\Windows\System\xSROrxu.exe
  2⤵
  PID:12176
- C:\Windows\System\iWQGGii.exe
  C:\Windows\System\iWQGGii.exe
  2⤵
  PID:12268
- C:\Windows\System\IqgSfHP.exe
  C:\Windows\System\IqgSfHP.exe
  2⤵
  PID:11356
- C:\Windows\System\WPzkKJw.exe
  C:\Windows\System\WPzkKJw.exe
  2⤵
  PID:11552
- C:\Windows\System\tcMexDw.exe
  C:\Windows\System\tcMexDw.exe
  2⤵
  PID:11704
- C:\Windows\System\MxxIrsU.exe
  C:\Windows\System\MxxIrsU.exe
  2⤵
  PID:11860
- C:\Windows\System\kmeFeef.exe
  C:\Windows\System\kmeFeef.exe
  2⤵
  PID:11956
- C:\Windows\System\HfPpMPb.exe
  C:\Windows\System\HfPpMPb.exe
  2⤵
  PID:12092
- C:\Windows\System\XhJGSWo.exe
  C:\Windows\System\XhJGSWo.exe
  2⤵
  PID:12160
- C:\Windows\System\ruSoYtV.exe
  C:\Windows\System\ruSoYtV.exe
  2⤵
  PID:11376
- C:\Windows\System\ZGsQJBD.exe
  C:\Windows\System\ZGsQJBD.exe
  2⤵
  PID:4656
- C:\Windows\System\jvsPdao.exe
  C:\Windows\System\jvsPdao.exe
  2⤵
  PID:12156
- C:\Windows\System\wfrIiNW.exe
  C:\Windows\System\wfrIiNW.exe
  2⤵
  PID:12068
- C:\Windows\System\kkkJfhY.exe
  C:\Windows\System\kkkJfhY.exe
  2⤵
  PID:7216
- C:\Windows\System\XfNPQxE.exe
  C:\Windows\System\XfNPQxE.exe
  2⤵
  PID:2040
- C:\Windows\System\NkCusMr.exe
  C:\Windows\System\NkCusMr.exe
  2⤵
  PID:3144
- C:\Windows\System\gJCLJxd.exe
  C:\Windows\System\gJCLJxd.exe
  2⤵
  PID:12308
- C:\Windows\System\QCUdIUu.exe
  C:\Windows\System\QCUdIUu.exe
  2⤵
  PID:12336
- C:\Windows\System\ZlPOUIl.exe
  C:\Windows\System\ZlPOUIl.exe
  2⤵
  PID:12364
- C:\Windows\System\xMFWTwH.exe
  C:\Windows\System\xMFWTwH.exe
  2⤵
  PID:12392
- C:\Windows\System\oHYgYHC.exe
  C:\Windows\System\oHYgYHC.exe
  2⤵
  PID:12416
- C:\Windows\System\TDjMnRX.exe
  C:\Windows\System\TDjMnRX.exe
  2⤵
  PID:12464
- C:\Windows\System\vByUQFS.exe
  C:\Windows\System\vByUQFS.exe
  2⤵
  PID:12480
- C:\Windows\System\gSxHIUB.exe
  C:\Windows\System\gSxHIUB.exe
  2⤵
  PID:12512
- C:\Windows\System\IClCenP.exe
  C:\Windows\System\IClCenP.exe
  2⤵
  PID:12544
- C:\Windows\System\bDWxsLz.exe
  C:\Windows\System\bDWxsLz.exe
  2⤵
  PID:12572
- C:\Windows\System\vlYJFnZ.exe
  C:\Windows\System\vlYJFnZ.exe
  2⤵
  PID:12588
- C:\Windows\System\KAnOnGh.exe
  C:\Windows\System\KAnOnGh.exe
  2⤵
  PID:12616
- C:\Windows\System\GhUoutq.exe
  C:\Windows\System\GhUoutq.exe
  2⤵
  PID:12648
- C:\Windows\System\HUYvnDr.exe
  C:\Windows\System\HUYvnDr.exe
  2⤵
  PID:12676
- C:\Windows\System\KVkKygB.exe
  C:\Windows\System\KVkKygB.exe
  2⤵
  PID:12712
- C:\Windows\System\QDLRiTp.exe
  C:\Windows\System\QDLRiTp.exe
  2⤵
  PID:12756
- C:\Windows\System\SnTSPKC.exe
  C:\Windows\System\SnTSPKC.exe
  2⤵
  PID:12788
- C:\Windows\System\avuXwvf.exe
  C:\Windows\System\avuXwvf.exe
  2⤵
  PID:12816
- C:\Windows\System\ZLtFaAY.exe
  C:\Windows\System\ZLtFaAY.exe
  2⤵
  PID:12836
- C:\Windows\System\IMkpLyC.exe
  C:\Windows\System\IMkpLyC.exe
  2⤵
  PID:12860
- C:\Windows\System\TyTpLvE.exe
  C:\Windows\System\TyTpLvE.exe
  2⤵
  PID:12900
- C:\Windows\System\mdCuFzx.exe
  C:\Windows\System\mdCuFzx.exe
  2⤵
  PID:12932
- C:\Windows\System\KkzgPBo.exe
  C:\Windows\System\KkzgPBo.exe
  2⤵
  PID:12960
- C:\Windows\System\Jcpooww.exe
  C:\Windows\System\Jcpooww.exe
  2⤵
  PID:12988
- C:\Windows\System\kpcdoqk.exe
  C:\Windows\System\kpcdoqk.exe
  2⤵
  PID:13016
- C:\Windows\System\FOAddYo.exe
  C:\Windows\System\FOAddYo.exe
  2⤵
  PID:13044
- C:\Windows\System\XHafqEn.exe
  C:\Windows\System\XHafqEn.exe
  2⤵
  PID:13072
- C:\Windows\System\LtKInsI.exe
  C:\Windows\System\LtKInsI.exe
  2⤵
  PID:13116
- C:\Windows\System\tPEFGVZ.exe
  C:\Windows\System\tPEFGVZ.exe
  2⤵
  PID:13140
- C:\Windows\System\HgYPtXv.exe
  C:\Windows\System\HgYPtXv.exe
  2⤵
  PID:13172
- C:\Windows\System\JCDtYmy.exe
  C:\Windows\System\JCDtYmy.exe
  2⤵
  PID:13216
- C:\Windows\System\UVxGrsL.exe
  C:\Windows\System\UVxGrsL.exe
  2⤵
  PID:13248
- C:\Windows\System\QqYGtLk.exe
  C:\Windows\System\QqYGtLk.exe
  2⤵
  PID:13280
- C:\Windows\System\MgYUfSZ.exe
  C:\Windows\System\MgYUfSZ.exe
  2⤵
  PID:13300
- C:\Windows\System\wQPFWUe.exe
  C:\Windows\System\wQPFWUe.exe
  2⤵
  PID:12388
- C:\Windows\System\czGKOTN.exe
  C:\Windows\System\czGKOTN.exe
  2⤵
  PID:12440
- C:\Windows\System\vpedkrJ.exe
  C:\Windows\System\vpedkrJ.exe
  2⤵
  PID:12532
- C:\Windows\System\lRdUvvw.exe
  C:\Windows\System\lRdUvvw.exe
  2⤵
  PID:12732
- C:\Windows\System\bFhohDE.exe
  C:\Windows\System\bFhohDE.exe
  2⤵
  PID:12748
- C:\Windows\System\YXofJJD.exe
  C:\Windows\System\YXofJJD.exe
  2⤵
  PID:12880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_h442j5qd.zx5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AvhuoGU.exe

Filesize
3.0MB

MD5
f415727faa7be1aca99b9d6133451a69

SHA1
639f293a901664b690dee64f287e223aaa197f93

SHA256
35c690836a1f6a62acd16aef2a50cd6a68b7b01bedc7c77082d75fc89fc531b1

SHA512
b9d1b257c8e5647d0dee386de251025e50d325f9e338e9733fb180cf6b5c22602d9c0315f37f95d6bf30dac5e25622667a5bfb527998607ff192a80b084611b3

Download Submit
C:\Windows\System\GxSPauZ.exe

Filesize
3.0MB

MD5
30263f7e2f5738e3cd0533e2d486b546

SHA1
157acef8f62017f0baa9b4c5c0f0a886edac4b9e

SHA256
44e045da84a84a8196f4e74174baabcfee9632896f9460ccbc96e1d86a188a06

SHA512
e8aea7396e67b3d6ded70dd70c33f38fa5141b14900b4f8fdd89d808ae6c2bf789984fd72c35fef00ef784fcb9dab6a426b873d6e6196991814fb4e4af3d9c99

Download Submit
C:\Windows\System\JuQDRoI.exe

Filesize
3.0MB

MD5
f7cd470652420ab7f13ed9e2e35faa82

SHA1
4907090efc4a43ae3acf670124c1923cc1f8fe3d

SHA256
b1931c1054136639beca545f4fe3d6e0917b7844b9420d2dd6ae35a4cd537e15

SHA512
433d2c0b6a4f3280135bc62a3bbe89a26c56f71acaeefea3cb749a94d2925e314eb3454911507fa6fd9861ad3abfb15e20a4afbd6789fec4581a66e7ce58da4d

Download Submit
C:\Windows\System\KtSLvJl.exe

Filesize
3.0MB

MD5
46fdae547f86e6299cae4bc4dd00066a

SHA1
751f9466bc3d43a84e85f7d34d122f4e2e098366

SHA256
7ac41b756cae030ec8db0fa9611efe5433ee8f969026d040c011f8aa9c923168

SHA512
16d1974e6fa10c3ed4d991ffab732e2f4779512fd276496a7a93f9dd1fcab858f578ce30e1d393a2c626548848ceebf6998d5b5fd810d5438e1ffc2462c9352e

Download Submit
C:\Windows\System\LAItzEF.exe

Filesize
3.0MB

MD5
f4bbe127193a69c17021305b67395536

SHA1
8dc6304247cc7f5dac9608489077d5096c4cc2df

SHA256
e8d7e158cd35a005e149a92ca72cee96816ad343d878f2211e51c3142f49c5d0

SHA512
44103c2faa458d9203ebd93a4c70c048070f41cb88c1c4c2b8c2c5e0f335be744fe44cf4fc31ba5922e93d647dc6f5fb6ced7cefc07a23fcbab3816d62bf95f5

Download Submit
C:\Windows\System\MnKeCQP.exe

Filesize
3.0MB

MD5
0244a0e373ce1835db8cdaf52ecdc4e0

SHA1
50af59530d3cad21174bb5626dc4a172b69412d1

SHA256
9e68413c3cacfabc7722fbeaa325e8581da0a26e540b6c3bbbf03220768d56f7

SHA512
4e47e0ebf8b1acb7693fe015b0cc71b22e3abcb5b59f0bf209ef2911fcd2f2df537398ec44ee723a620be913c880f3673f8d431eab70f3f52c9bb2e3dd2eec2d

Download Submit
C:\Windows\System\NXfWTCv.exe

Filesize
3.0MB

MD5
07e50b047acb4ba857ed6c169cd99611

SHA1
f49d3b5c252451ff2abeceba9a5fd47939a71563

SHA256
d68b25208cc24a9fd07acac27565bbdfe5bd49d008aca084daaa1e5ab8c3942a

SHA512
c45852a047349173b88e6e641e0a8860d7991a98078e1bbd7f6db27de313896fcb09a3a2c4306c14c646fc4a35cb05d0069fe14969a7e554ab0850ca78890c55

Download Submit
C:\Windows\System\NdGlKYz.exe

Filesize
3.0MB

MD5
8c88e92818d7f833f90dcbe4bf289858

SHA1
0902114eef4bd1cde4db06f25fca54ab35e1c9a1

SHA256
da01ef921c16842f69fe8db37e7b2dae940b27a0cc4692c674a2c6a2d6cc1635

SHA512
4ccf108f22fbb677f543861d81e85b855b263bcc9cd5a3705305281bae18ff6e54aab6c9d370a8efd874d9234a483d801cfb41777d01723c7e074c68070dc0b4

Download Submit
C:\Windows\System\NwAxrYS.exe

Filesize
3.0MB

MD5
cfea57111d7924177e2e18686b18cf74

SHA1
61fce42feb662834131d720a29c6f892f36ef430

SHA256
d0124e98a20cc65ec1d81e2bf0cd3881745ebb6a3cb4a44bdb42695113dc8090

SHA512
4d40a8c5ca024e67a1962aa004d8bcf5e84f646efcb135becb14882ee0e065db3514034fec7437f2ec7ea68e5674e6e38a9c8aa974054bb3d89cd05351008533

Download Submit
C:\Windows\System\OOfXRMw.exe

Filesize
3.0MB

MD5
db7e79371138e922c22c389aa72f9a71

SHA1
6d3518e65c48a083782ed10757b8ea0477760fa6

SHA256
3a7567152319a602b54c79157be6692991eafc74546cdb124ab16df831f53b23

SHA512
98531229264527f3955bd58b216381eba2c8802a570bbb44fd42713a277642f8f205d7852266d97ed01b40da2630f683f3dd64542443ddb73084f0e96609863b

Download Submit
C:\Windows\System\Stiyppa.exe

Filesize
3.0MB

MD5
7d019c9926504de3ecacd421c346d1d7

SHA1
bb5890c8cbb1328c2d5b62d7ea729da3e9b4885b

SHA256
e24be95138e7fdf5b46b3a9ad9cddc232d3e0b6fe5da403ef9d64eea541a79d8

SHA512
de0a0c2c15aca8ccb5e9367431bdd554c65a56c7255e8fe45fb11ad34af11549a6943e1cbb59c3b18f4fb5868766ec17ec5869b827110ddfa0d3e2b5de639f10

Download Submit
C:\Windows\System\TQZclEt.exe

Filesize
3.0MB

MD5
8cd5b8fe553ff1510250b3f23e8e8bc3

SHA1
90371b74f793ecc293dedcb028dadf3aa7d02b7d

SHA256
66b28b92194cccd3e09dce70cad379178490f79c95179017bccbd49436cd0396

SHA512
5f19f0d83ad3a68e9b8533d0915b2645e2e7bff7f580cfbe8385ccc2aa6871f577e08ae590a2705a88bd89df53b835a7598a27f431eee23cdc0aade4b73e2235

Download Submit
C:\Windows\System\UWqCtTZ.exe

Filesize
3.0MB

MD5
9c3928e06d72b980c96db7a7b2707721

SHA1
c06ec4b1e663342845205e6a6e3669cd71cdc721

SHA256
0e3fa3801b47bf96661f8ac5e2daa7c2f9f75c701ca4d4ec5d954fd82d293d3a

SHA512
5bee2a116e686531b594b382ced7f4dafe8335fe9f9145545aa6da5030b0b8ded4ba5af5fd8b8306110a28266205686dc96490f8b001981b12b7bc89faa19fd3

Download Submit
C:\Windows\System\YFmOSjz.exe

Filesize
3.0MB

MD5
134cc5d6a30e85ea2dd54228caaacbc3

SHA1
7afe23341d799ddc4f04715e4e2285b1dc6d655f

SHA256
cb502c0860ffc388b87c2eab1d0098a5037f78358e099ab1a559391ba44df199

SHA512
17a26105936100b663622de50a4b062fc1766b71d1c016c16a9998e142b5fa7cba43f1e2d43632bf1e9f9a84fa513202166ceaac8606b8cad4f8ea95e511c9ca

Download Submit
C:\Windows\System\YicUZvi.exe

Filesize
3.0MB

MD5
9c1325105df9aae430528b33527454ad

SHA1
4c04b2146247be27c155e8273bef0ed68794742f

SHA256
28a2c1c237cbdad5e97fc1e6b97075739f1b5f0ca958da87df395f0bdd8337d3

SHA512
1e9dec3bbb05b8cb6cee5712698876795d556fe5392240596559cfbdb945b4d2df9bebbe4eeebd7c312a6e63caf62a94cdaa966310fbc3bdc8223cf4c439e0cd

Download Submit
C:\Windows\System\ZhNSKCV.exe

Filesize
3.0MB

MD5
0539a26b90b85c1705986d5de0727c7f

SHA1
badb75b3cd5a00395aa913372ab45216c9e4177e

SHA256
d5957836e3b680f4be8aa55a8633d5c7635b74b6c8f6af7f4865b746ea9f5449

SHA512
45916fb741bf4e04024efc3cc6333ebaec2fa4d3ca42909716d7daf463fd33a0b1328ef1411449a052b776fcd28ccbfb9fda10da66c6b1bdadd04aae94626feb

Download Submit
C:\Windows\System\ZocdCkT.exe

Filesize
3.0MB

MD5
955932a3d44b49f269b6776f777fccff

SHA1
abbe63f40ca5437020af2cb8c00cfcedaabcfb98

SHA256
431c962c400b1f71e6dd63abb2f57e5fa2974a70f472d4228f4331b7274f25e2

SHA512
eee26fa11bbf4c95e0ef5c2d6430d21e926cb49395162dd59162367ed9740cb70ff464ec3ae550cc52ec246208b067d9bb099bcebaa9e6eb4fe25b2d8cadb64e

Download Submit
C:\Windows\System\anehQea.exe

Filesize
3.0MB

MD5
c4fce3c37973a847a64b4e50ac39faf6

SHA1
b7004a4d4f61e198264318c0df5dc72b61a091b2

SHA256
d2b1527a003e34c85395044eda3380fe217300582900b093dcd1e49cb0ad049e

SHA512
8ce03fa95774bddd0ef46af88a701fe303837df0da8812c90a3ea6f590e0f505459405c8736d8d1a0bdc9200a11205b797d82f9c6bb12af866172b9d324e0797

Download Submit
C:\Windows\System\cCjiTxR.exe

Filesize
3.0MB

MD5
ea265352b5b7978102fad8b36646ff8c

SHA1
e32ad62724bd2d5461456a905034c5dc07474144

SHA256
c7425869a3ab18634b9d06454704f02528d78c9898e672e3f62d6f6dea734583

SHA512
683180bf0d8aab3140243a736db99859d036f0134a9ce0363e8971d0e5e30ba18cb5d4bfd4363a86f4b9ef8e3a8eb0b7928408cf7ad44495c8b33753a35343a8

Download Submit
C:\Windows\System\dmQWjwp.exe

Filesize
3.0MB

MD5
e94a5b125277d4f9041765831cead576

SHA1
c87e966467152d025ee813fc913a15abfb4fd449

SHA256
d8c2c0a18139b80266fa65661c68ba52344182d83645edeb5132792e7282abe6

SHA512
efbd959d5ae24b5d0bf421f841c537fb4ccc7b96b3afbd8ca146b5a9eb1dab47deeded8a38b36872e05594980e47f48d76ace5f2d46c6ba8903d926264006227

Download Submit
C:\Windows\System\fjnGdrQ.exe

Filesize
3.0MB

MD5
d80d26617f88c2c3883bf23048d38273

SHA1
3cfa73a82c6f5c5bf17f7f66f374310b6f5c3678

SHA256
1e8dbb6f19eb6c0b628f5cdb622b0612a4059d391e6aad74de9dd56d7e49e0c4

SHA512
5fe4f0c628738dea9fa936f09e7c80a1ac893c8343a3089b3c2256286bcb50eb0fdf3074db424a0eb0b9e1f3a5b4be3119b9d8d93547255ddc44e4d55b3076e4

Download Submit
C:\Windows\System\hcExauJ.exe

Filesize
3.0MB

MD5
f0f7aa5b572779ed63ec7905c883d25b

SHA1
3a8f70f98d5b181280a2e555bdf522537265d27d

SHA256
c7d9be72092d03fbbdd5892606bacc25ddc03c997ea6f63c07d363bf80563dd1

SHA512
f0536648f13fd5676db0be4fbe47d7b33b39151fd62486d46c690b16fe8dbede1604a74350e1e8977b110cd3d10c55fc80732c44d0a26bf4767882c7309602fd

Download Submit
C:\Windows\System\iwasctf.exe

Filesize
8B

MD5
9962fa9c120fa4be5b0a3f7a74dbcadf

SHA1
b6f88aa1c093b2340de068ac2ff30cce108e3fc6

SHA256
945d12760562a76bb5610a082b9c7801a49c6c9de534141d0c528ee6828f8992

SHA512
b2eeefcd3c65dccb02eb4079fd8fe88b36ae6927cd8ddb4de7afd16b396b895522c8feb1cc1373ad7adcb7732e1d37129de60c1aaea95865a3c1e13ac02b6cac

Download Submit
C:\Windows\System\kvMyNCe.exe

Filesize
3.0MB

MD5
ec3182042e89f2096c0dc830d8fe8e76

SHA1
bb0a240e57fcda8101b0a003f9249b194e4d015b

SHA256
708db02ca34794949e58783cf0479be154f23944412815a9ad01fa1d1a6a8ce0

SHA512
970d28c1773ea95b1c19b81b4db9bb9d95c64510d461dda1956219fef3b3c993209f3a342ce3c575c02416b37446ce89c2e6884e7cae2057034396e1813f0a07

Download Submit
C:\Windows\System\mIKxYSl.exe

Filesize
3.0MB

MD5
d8e261c4611010362ba94fc58c2780de

SHA1
44938ae45356712778b2597867cea0be4312fca6

SHA256
f95cabe080d0303ff9927932d39c62ab32f6a2a64eadf08530228d78fdc1d8f5

SHA512
e0d91ffc0329908240e138bc9ee1035a9519d8d6001d7123076ff7d92c1d18d25598f24e715a3c61e8d818f239a328969b3c99c8c4d456bee7f73d853092994f

Download Submit
C:\Windows\System\mTlDUhv.exe

Filesize
3.0MB

MD5
52fb239aaa5e5d580f6835db66f39b72

SHA1
2a51dad6edcf8748acda159c6c261f5689dd5d0f

SHA256
f814bc509ca4096f727bd6b6231441f99606d595692bec72f4f50bb2c5f3b61d

SHA512
e7d8e7883f659293766afd84bc99fa7f27ecb18c356953f0519c3b695bfd0088afb83fec7a65e886c25a0c7a9859aa31c94ceed4b098cf1ade84123194355b0e

Download Submit
C:\Windows\System\nZjyxqg.exe

Filesize
3.0MB

MD5
647136dd7a0c1316141e9850499eb274

SHA1
9ae7d54e9c6ea9a6fdd52ad6d0ca1ab5bafc17b9

SHA256
0223ff5c617676a6b0eb3e45402ede1be78f8f61254c935e151489106bfe70be

SHA512
a554be7772d3f22488fd6dc3a5af3494f1c8b3ab852215245d8d72ec6a91fccfa995f9eb5d12146b10ad09340c81614c379103cdce4ca91b7f43135c95c1c7de

Download Submit
C:\Windows\System\oSrWUQN.exe

Filesize
3.0MB

MD5
7944c16192c4b5c7430652d3f3667941

SHA1
374f76e469252459f64035eae59dc8fc91d2b5c1

SHA256
3d4a37a80c160f903ec29d382fdabc250508d6b5b70b2f21ea7fb4485434037d

SHA512
17e22866ab7131789d7710389de6117498e1badce741190a10dd441a6f92cba2fb9e470eafbe497bd90d5f905f067ecf7c9bc05cd7d2d3f465755ed4947b7d1c

Download Submit
C:\Windows\System\qOZNAbY.exe

Filesize
3.0MB

MD5
612bdcdc00f720b0a61d35d1075ecc29

SHA1
bb93d44aa531a8286a48b429feb5bee1a8921bc7

SHA256
d2de855250331244308c0e8764c239fb0de442d608954811a6e25f6f1b0c3740

SHA512
753d9e7037105e22fb57755b9a88bd8f15baa2bcafb2031bcaa8f31384ac1b4c4aacdb7362ab6bfd7a591a3dbce2dac3c9a58454b17731ea24819a5acf65b522

Download Submit
C:\Windows\System\qVEwWOV.exe

Filesize
3.0MB

MD5
26e1fec6c346976bf9263e27e3a476cc

SHA1
8977b8e0c85fb38f113834b0e77d67069822b4bd

SHA256
34fe9e5acf7229894d28c44c69d4b692f77306dc8b9c23e6cb493d36b15e4f41

SHA512
6778ecf83b7e0491d8671e5c8723c64f2a06b69f2a79b2b4b8caa09e79a079dd3af67161acd3c3437071568be55a61023547db6428e1c34762d90e22de5d9b5f

Download Submit
C:\Windows\System\sSgePtN.exe

Filesize
3.0MB

MD5
643f2c0805f99812351a753cd1654cdf

SHA1
1310934eb688cfe5f2ab0bce79f66a5a29c8d5f9

SHA256
2666dfd943e3e0c22c2d5006fdd2ecf0fa84627e8fc2e40e1723daa448b2ca3e

SHA512
c55b58981c85af1e2a41e4c171532ddd59ae59739a2ee580588a35a4f60f70a04d580cd2f1013b052b64688f67a608699665d65bf69a4de9c357a0d8d3202ee9

Download Submit
C:\Windows\System\tRRtERu.exe

Filesize
3.0MB

MD5
5961a6fb71f96f26206a91f716861dbd

SHA1
6cc10c2f2d06cd9d78d8ed1c1df9e0988391e7ce

SHA256
e01412d565d575f72957de363aaf0bc57551413f658a95620b144b1cde3f7fe1

SHA512
d6f3362ec7f6f2bf85c7e414a81896d7b88243be3b657acf11acea60498a728b2d8c4ef5a273d26dc32f0024413fadc2b2823f52d3d124dfe8c44ed506834ced

Download Submit
C:\Windows\System\vVvJgQH.exe

Filesize
3.0MB

MD5
900d524cae34678aacc1fe1373e296ee

SHA1
7ce5018b4dd2f79bbf8294deb16175a89e678c18

SHA256
48d791ac6cf63d2ed0bad775bd1c7fbe64c082e0c957ff18b9ae37ff2e3bdf35

SHA512
8e2366d71ebbf3beb4eec21f68f50ef0830c3ecb2b0f766702e7635a569c19adcac61cfdd195cef646f2f6daa37f2bdf3f83d7b8f01f7b33ab79d263ba91e428

Download Submit
C:\Windows\System\yqUSNoq.exe

Filesize
3.0MB

MD5
749f79f7e4063e35b8830b77effc5713

SHA1
5f53ce023a2ea85af797151bf9ad6a9245354f55

SHA256
2cacbe2b1f0f43294649d2151d31f0bf83024d51ffc239fa691a80dab5bd8fe2

SHA512
d9fcce03ddb412090d9637d77775e4e4db0b1dcebb038e66712ff0639f7ff2e3f7580a86b673ad903994115de7d760a200fe9c7b89a1d76c6d63c80fbe32fca0

Download Submit
memory/392-682-0x00007FF64CFF0000-0x00007FF64D3E6000-memory.dmp

Filesize
4.0MB

Download
memory/392-2169-0x00007FF64CFF0000-0x00007FF64D3E6000-memory.dmp

Filesize
4.0MB

Download
memory/464-2164-0x00007FF691E30000-0x00007FF692226000-memory.dmp

Filesize
4.0MB

Download
memory/464-689-0x00007FF691E30000-0x00007FF692226000-memory.dmp

Filesize
4.0MB

Download
memory/772-646-0x00007FF7373A0000-0x00007FF737796000-memory.dmp

Filesize
4.0MB

Download
memory/772-2159-0x00007FF7373A0000-0x00007FF737796000-memory.dmp

Filesize
4.0MB

Download
memory/872-658-0x00007FF6466A0000-0x00007FF646A96000-memory.dmp

Filesize
4.0MB

Download
memory/872-2158-0x00007FF6466A0000-0x00007FF646A96000-memory.dmp

Filesize
4.0MB

Download
memory/1072-673-0x00007FF62B820000-0x00007FF62BC16000-memory.dmp

Filesize
4.0MB

Download
memory/1072-2165-0x00007FF62B820000-0x00007FF62BC16000-memory.dmp

Filesize
4.0MB

Download
memory/1268-695-0x00007FF78EDB0000-0x00007FF78F1A6000-memory.dmp

Filesize
4.0MB

Download
memory/1268-2170-0x00007FF78EDB0000-0x00007FF78F1A6000-memory.dmp

Filesize
4.0MB

Download
memory/1276-2167-0x00007FF6DC130000-0x00007FF6DC526000-memory.dmp

Filesize
4.0MB

Download
memory/1276-672-0x00007FF6DC130000-0x00007FF6DC526000-memory.dmp

Filesize
4.0MB

Download
memory/1488-2152-0x00007FF60A450000-0x00007FF60A846000-memory.dmp

Filesize
4.0MB

Download
memory/1488-620-0x00007FF60A450000-0x00007FF60A846000-memory.dmp

Filesize
4.0MB

Download
memory/1560-2157-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp

Filesize
4.0MB

Download
memory/1560-654-0x00007FF7319F0000-0x00007FF731DE6000-memory.dmp

Filesize
4.0MB

Download
memory/1616-2160-0x00007FF7136E0000-0x00007FF713AD6000-memory.dmp

Filesize
4.0MB

Download
memory/1616-662-0x00007FF7136E0000-0x00007FF713AD6000-memory.dmp

Filesize
4.0MB

Download
memory/1880-2148-0x00007FF7E32E0000-0x00007FF7E36D6000-memory.dmp

Filesize
4.0MB

Download
memory/1880-610-0x00007FF7E32E0000-0x00007FF7E36D6000-memory.dmp

Filesize
4.0MB

Download
memory/1976-701-0x00007FF645880000-0x00007FF645C76000-memory.dmp

Filesize
4.0MB

Download
memory/1976-2150-0x00007FF645880000-0x00007FF645C76000-memory.dmp

Filesize
4.0MB

Download
memory/1988-2147-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp

Filesize
4.0MB

Download
memory/1988-10-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp

Filesize
4.0MB

Download
memory/1988-2142-0x00007FF6D5190000-0x00007FF6D5586000-memory.dmp

Filesize
4.0MB

Download
memory/2216-34-0x00007FFB32EF0000-0x00007FFB339B1000-memory.dmp

Filesize
10.8MB

Download
memory/2216-75-0x000001E8E6320000-0x000001E8E6342000-memory.dmp

Filesize
136KB

Download
memory/2216-609-0x00007FFB32EF0000-0x00007FFB339B1000-memory.dmp

Filesize
10.8MB

Download
memory/2216-13-0x00007FFB32EF3000-0x00007FFB32EF5000-memory.dmp

Filesize
8KB

Download
memory/2216-311-0x000001E8E6E40000-0x000001E8E75E6000-memory.dmp

Filesize
7.6MB

Download
memory/2216-2141-0x00007FFB32EF0000-0x00007FFB339B1000-memory.dmp

Filesize
10.8MB

Download
memory/2216-2143-0x00007FFB32EF3000-0x00007FFB32EF5000-memory.dmp

Filesize
8KB

Download
memory/2216-2146-0x00007FFB32EF0000-0x00007FFB339B1000-memory.dmp

Filesize
10.8MB

Download
memory/2396-0-0x00007FF6D4010000-0x00007FF6D4406000-memory.dmp

Filesize
4.0MB

Download
memory/2396-1-0x0000023796980000-0x0000023796990000-memory.dmp

Filesize
64KB

Download
memory/2508-611-0x00007FF743EB0000-0x00007FF7442A6000-memory.dmp

Filesize
4.0MB

Download
memory/2508-2153-0x00007FF743EB0000-0x00007FF7442A6000-memory.dmp

Filesize
4.0MB

Download
memory/2536-2149-0x00007FF6F47D0000-0x00007FF6F4BC6000-memory.dmp

Filesize
4.0MB

Download
memory/2536-699-0x00007FF6F47D0000-0x00007FF6F4BC6000-memory.dmp

Filesize
4.0MB

Download
memory/2820-2162-0x00007FF625870000-0x00007FF625C66000-memory.dmp

Filesize
4.0MB

Download
memory/2820-692-0x00007FF625870000-0x00007FF625C66000-memory.dmp

Filesize
4.0MB

Download
memory/3148-2166-0x00007FF75B590000-0x00007FF75B986000-memory.dmp

Filesize
4.0MB

Download
memory/3148-675-0x00007FF75B590000-0x00007FF75B986000-memory.dmp

Filesize
4.0MB

Download
memory/3320-2156-0x00007FF7F3FA0000-0x00007FF7F4396000-memory.dmp

Filesize
4.0MB

Download
memory/3320-638-0x00007FF7F3FA0000-0x00007FF7F4396000-memory.dmp

Filesize
4.0MB

Download
memory/4052-2155-0x00007FF6B9E00000-0x00007FF6BA1F6000-memory.dmp

Filesize
4.0MB

Download
memory/4052-632-0x00007FF6B9E00000-0x00007FF6BA1F6000-memory.dmp

Filesize
4.0MB

Download
memory/4216-2161-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp

Filesize
4.0MB

Download
memory/4216-665-0x00007FF6537A0000-0x00007FF653B96000-memory.dmp

Filesize
4.0MB

Download
memory/4428-686-0x00007FF6D3920000-0x00007FF6D3D16000-memory.dmp

Filesize
4.0MB

Download
memory/4428-2163-0x00007FF6D3920000-0x00007FF6D3D16000-memory.dmp

Filesize
4.0MB

Download
memory/4464-2168-0x00007FF7EE350000-0x00007FF7EE746000-memory.dmp

Filesize
4.0MB

Download
memory/4464-685-0x00007FF7EE350000-0x00007FF7EE746000-memory.dmp

Filesize
4.0MB

Download
memory/4524-628-0x00007FF6CE9F0000-0x00007FF6CEDE6000-memory.dmp

Filesize
4.0MB

Download
memory/4524-2154-0x00007FF6CE9F0000-0x00007FF6CEDE6000-memory.dmp

Filesize
4.0MB

Download
memory/4828-624-0x00007FF79B030000-0x00007FF79B426000-memory.dmp

Filesize
4.0MB

Download
memory/4828-2151-0x00007FF79B030000-0x00007FF79B426000-memory.dmp

Filesize
4.0MB

Download