xmrig | 8cf1841ff812930ff57aa13b3501f1a436b98e854a2823b7d7347a3324c50d69

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
Size

1.3MB
MD5

a1950eec022841a93179fe998558e0b0
SHA1

1c7095a70f423cbe0f65ec24958a044b2e7d7932
SHA256

8cf1841ff812930ff57aa13b3501f1a436b98e854a2823b7d7347a3324c50d69
SHA512

e32d8c1a27e103bc4870ce530394398e6457b746a92d48aa876d7db0e0cbe451c582753b8563bcabed972b6d127e420154ae70bb39f84f54250a99a010d6b5af
SSDEEP

24576:zv3/fTLF671TilQFG4P5PxtG8PEpklLvYl8UywjwCIlaa+Tr:Lz071uv4BPjGhql0lQGQG

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4640-11-0x00007FF751740000-0x00007FF751B32000-memory.dmp	xmrig
behavioral2/memory/3604-93-0x00007FF60E830000-0x00007FF60EC22000-memory.dmp	xmrig
behavioral2/memory/4964-100-0x00007FF687520000-0x00007FF687912000-memory.dmp	xmrig
behavioral2/memory/744-106-0x00007FF6DD210000-0x00007FF6DD602000-memory.dmp	xmrig
behavioral2/memory/2064-111-0x00007FF7C3990000-0x00007FF7C3D82000-memory.dmp	xmrig
behavioral2/memory/1388-114-0x00007FF6BC8B0000-0x00007FF6BCCA2000-memory.dmp	xmrig
behavioral2/memory/4056-167-0x00007FF6BC9B0000-0x00007FF6BCDA2000-memory.dmp	xmrig
behavioral2/memory/3256-161-0x00007FF6333A0000-0x00007FF633792000-memory.dmp	xmrig
behavioral2/memory/3100-122-0x00007FF7B4EC0000-0x00007FF7B52B2000-memory.dmp	xmrig
behavioral2/memory/4748-118-0x00007FF65D570000-0x00007FF65D962000-memory.dmp	xmrig
behavioral2/memory/4356-115-0x00007FF771910000-0x00007FF771D02000-memory.dmp	xmrig
behavioral2/memory/2616-113-0x00007FF6D3E10000-0x00007FF6D4202000-memory.dmp	xmrig
behavioral2/memory/3696-112-0x00007FF6F8350000-0x00007FF6F8742000-memory.dmp	xmrig
behavioral2/memory/4392-110-0x00007FF63FC00000-0x00007FF63FFF2000-memory.dmp	xmrig
behavioral2/memory/1164-107-0x00007FF7BAF00000-0x00007FF7BB2F2000-memory.dmp	xmrig
behavioral2/memory/680-94-0x00007FF68C290000-0x00007FF68C682000-memory.dmp	xmrig
behavioral2/memory/3140-89-0x00007FF76B1D0000-0x00007FF76B5C2000-memory.dmp	xmrig
behavioral2/memory/3920-82-0x00007FF6121C0000-0x00007FF6125B2000-memory.dmp	xmrig
behavioral2/memory/3056-78-0x00007FF6A5BB0000-0x00007FF6A5FA2000-memory.dmp	xmrig
behavioral2/memory/2588-1938-0x00007FF7F5E40000-0x00007FF7F6232000-memory.dmp	xmrig
behavioral2/memory/2640-1970-0x00007FF710D10000-0x00007FF711102000-memory.dmp	xmrig
behavioral2/memory/1952-1969-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	xmrig
behavioral2/memory/4332-1973-0x00007FF7957A0000-0x00007FF795B92000-memory.dmp	xmrig
behavioral2/memory/4304-1974-0x00007FF711310000-0x00007FF711702000-memory.dmp	xmrig
behavioral2/memory/4640-1998-0x00007FF751740000-0x00007FF751B32000-memory.dmp	xmrig
behavioral2/memory/2064-2000-0x00007FF7C3990000-0x00007FF7C3D82000-memory.dmp	xmrig
behavioral2/memory/3696-2002-0x00007FF6F8350000-0x00007FF6F8742000-memory.dmp	xmrig
behavioral2/memory/3920-2005-0x00007FF6121C0000-0x00007FF6125B2000-memory.dmp	xmrig
behavioral2/memory/3140-2010-0x00007FF76B1D0000-0x00007FF76B5C2000-memory.dmp	xmrig
behavioral2/memory/2616-2008-0x00007FF6D3E10000-0x00007FF6D4202000-memory.dmp	xmrig
behavioral2/memory/3056-2006-0x00007FF6A5BB0000-0x00007FF6A5FA2000-memory.dmp	xmrig
behavioral2/memory/4356-2029-0x00007FF771910000-0x00007FF771D02000-memory.dmp	xmrig
behavioral2/memory/1388-2030-0x00007FF6BC8B0000-0x00007FF6BCCA2000-memory.dmp	xmrig
behavioral2/memory/3100-2026-0x00007FF7B4EC0000-0x00007FF7B52B2000-memory.dmp	xmrig
behavioral2/memory/4748-2025-0x00007FF65D570000-0x00007FF65D962000-memory.dmp	xmrig
behavioral2/memory/744-2022-0x00007FF6DD210000-0x00007FF6DD602000-memory.dmp	xmrig
behavioral2/memory/4392-2021-0x00007FF63FC00000-0x00007FF63FFF2000-memory.dmp	xmrig
behavioral2/memory/3604-2019-0x00007FF60E830000-0x00007FF60EC22000-memory.dmp	xmrig
behavioral2/memory/680-2017-0x00007FF68C290000-0x00007FF68C682000-memory.dmp	xmrig
behavioral2/memory/4964-2015-0x00007FF687520000-0x00007FF687912000-memory.dmp	xmrig
behavioral2/memory/1164-2013-0x00007FF7BAF00000-0x00007FF7BB2F2000-memory.dmp	xmrig
behavioral2/memory/4332-2061-0x00007FF7957A0000-0x00007FF795B92000-memory.dmp	xmrig
behavioral2/memory/3256-2047-0x00007FF6333A0000-0x00007FF633792000-memory.dmp	xmrig
behavioral2/memory/4056-2046-0x00007FF6BC9B0000-0x00007FF6BCDA2000-memory.dmp	xmrig
behavioral2/memory/4304-2041-0x00007FF711310000-0x00007FF711702000-memory.dmp	xmrig
behavioral2/memory/1952-2037-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	xmrig
behavioral2/memory/2640-2043-0x00007FF710D10000-0x00007FF711102000-memory.dmp	xmrig
behavioral2/memory/2588-2039-0x00007FF7F5E40000-0x00007FF7F6232000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	5052	powershell.exe
5	5052	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
5052	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4640	BVWCCyv.exe
2064	QPuaKbh.exe
3696	IivlUAp.exe
3056	mrmLdHM.exe
3920	bOcGqpA.exe
2616	dvXQujq.exe
3140	PGKWopQ.exe
3604	LtieEYa.exe
680	cBNtPCK.exe
4964	WJJLtcI.exe
744	Snzydww.exe
1164	bDOWGlP.exe
4392	FsaclnR.exe
1388	tILsvLg.exe
4356	uRaKgbw.exe
4748	oZPHEIp.exe
3100	UgYmLxi.exe
2588	anchqRx.exe
1952	xaowuGe.exe
4332	YPoSWck.exe
2640	LjxYoPw.exe
4304	GFElgAm.exe
3256	KhkMdgv.exe
4056	PTdocHn.exe
4376	GrwJOMv.exe
1924	hvOyaMU.exe
1944	cJTIRCg.exe
2088	KZRaTUZ.exe
3452	AYHGcFW.exe
4728	GLlBjCI.exe
2488	iNGIDMp.exe
228	UVsVdGd.exe
2704	tvlrSSa.exe
3672	olbPjIn.exe
1264	KDyqMxp.exe
4572	DHjljnJ.exe
4776	nTZlsDA.exe
2256	ZDXyvhq.exe
2780	bJANgYs.exe
224	udhoDth.exe
2552	IRMJgSd.exe
1284	bSvfOac.exe
4904	fsWPGvN.exe
64	PWlnOPD.exe
4196	cKOJwpT.exe
368	CmkOhXn.exe
3832	qFqDFvo.exe
4412	GBCKBjA.exe
5056	zvGqXei.exe
1616	hKKyYta.exe
2772	Xuuynhm.exe
2068	lVpfUWc.exe
2056	gANeoFh.exe
916	fqUWJHH.exe
1200	ojzuyMi.exe
2036	hMZXjRF.exe
2176	IbjQmqJ.exe
1792	FuyOVHm.exe
4732	MOjcrfO.exe
3692	KpDwcWe.exe
3280	TvpzzGs.exe
3372	lrlDbcW.exe
4016	mzdgQAx.exe
60	vNdjktg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3012-0-0x00007FF628810000-0x00007FF628C02000-memory.dmp	upx
behavioral2/files/0x0007000000023278-5.dat	upx
behavioral2/files/0x00080000000233b6-10.dat	upx
behavioral2/memory/4640-11-0x00007FF751740000-0x00007FF751B32000-memory.dmp	upx
behavioral2/files/0x00070000000233bb-20.dat	upx
behavioral2/files/0x00070000000233bc-41.dat	upx
behavioral2/files/0x00070000000233c0-45.dat	upx
behavioral2/files/0x00070000000233c3-68.dat	upx
behavioral2/files/0x00070000000233c6-76.dat	upx
behavioral2/memory/3604-93-0x00007FF60E830000-0x00007FF60EC22000-memory.dmp	upx
behavioral2/memory/4964-100-0x00007FF687520000-0x00007FF687912000-memory.dmp	upx
behavioral2/memory/744-106-0x00007FF6DD210000-0x00007FF6DD602000-memory.dmp	upx
behavioral2/memory/2064-111-0x00007FF7C3990000-0x00007FF7C3D82000-memory.dmp	upx
behavioral2/memory/1388-114-0x00007FF6BC8B0000-0x00007FF6BCCA2000-memory.dmp	upx
behavioral2/files/0x00070000000233c8-119.dat	upx
behavioral2/files/0x00070000000233ca-129.dat	upx
behavioral2/files/0x00070000000233cb-135.dat	upx
behavioral2/memory/2640-149-0x00007FF710D10000-0x00007FF711102000-memory.dmp	upx
behavioral2/files/0x00070000000233cd-156.dat	upx
behavioral2/files/0x00070000000233d1-170.dat	upx
behavioral2/files/0x00070000000233d4-185.dat	upx
behavioral2/files/0x00070000000233d7-200.dat	upx
behavioral2/files/0x00070000000233d5-198.dat	upx
behavioral2/files/0x00070000000233d6-195.dat	upx
behavioral2/files/0x00070000000233d3-188.dat	upx
behavioral2/files/0x00070000000233d2-183.dat	upx
behavioral2/files/0x00070000000233d0-173.dat	upx
behavioral2/files/0x00070000000233cf-168.dat	upx
behavioral2/memory/4056-167-0x00007FF6BC9B0000-0x00007FF6BCDA2000-memory.dmp	upx
behavioral2/files/0x00070000000233ce-162.dat	upx
behavioral2/memory/3256-161-0x00007FF6333A0000-0x00007FF633792000-memory.dmp	upx
behavioral2/memory/4304-155-0x00007FF711310000-0x00007FF711702000-memory.dmp	upx
behavioral2/files/0x00070000000233cc-150.dat	upx
behavioral2/memory/4332-138-0x00007FF7957A0000-0x00007FF795B92000-memory.dmp	upx
behavioral2/files/0x00070000000233c9-133.dat	upx
behavioral2/memory/1952-132-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	upx
behavioral2/memory/2588-126-0x00007FF7F5E40000-0x00007FF7F6232000-memory.dmp	upx
behavioral2/memory/3100-122-0x00007FF7B4EC0000-0x00007FF7B52B2000-memory.dmp	upx
behavioral2/memory/4748-118-0x00007FF65D570000-0x00007FF65D962000-memory.dmp	upx
behavioral2/memory/4356-115-0x00007FF771910000-0x00007FF771D02000-memory.dmp	upx
behavioral2/memory/2616-113-0x00007FF6D3E10000-0x00007FF6D4202000-memory.dmp	upx
behavioral2/memory/3696-112-0x00007FF6F8350000-0x00007FF6F8742000-memory.dmp	upx
behavioral2/memory/4392-110-0x00007FF63FC00000-0x00007FF63FFF2000-memory.dmp	upx
behavioral2/files/0x00080000000233b7-108.dat	upx
behavioral2/memory/1164-107-0x00007FF7BAF00000-0x00007FF7BB2F2000-memory.dmp	upx
behavioral2/files/0x00070000000233c7-104.dat	upx
behavioral2/files/0x00080000000233be-102.dat	upx
behavioral2/files/0x00080000000233bd-95.dat	upx
behavioral2/memory/680-94-0x00007FF68C290000-0x00007FF68C682000-memory.dmp	upx
behavioral2/memory/3140-89-0x00007FF76B1D0000-0x00007FF76B5C2000-memory.dmp	upx
behavioral2/memory/3920-82-0x00007FF6121C0000-0x00007FF6125B2000-memory.dmp	upx
behavioral2/memory/3056-78-0x00007FF6A5BB0000-0x00007FF6A5FA2000-memory.dmp	upx
behavioral2/files/0x00070000000233c5-75.dat	upx
behavioral2/files/0x00070000000233c4-74.dat	upx
behavioral2/files/0x00070000000233c2-70.dat	upx
behavioral2/files/0x00070000000233c1-66.dat	upx
behavioral2/files/0x00070000000233bf-48.dat	upx
behavioral2/files/0x00070000000233ba-21.dat	upx
behavioral2/memory/2588-1938-0x00007FF7F5E40000-0x00007FF7F6232000-memory.dmp	upx
behavioral2/memory/2640-1970-0x00007FF710D10000-0x00007FF711102000-memory.dmp	upx
behavioral2/memory/1952-1969-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	upx
behavioral2/memory/4332-1973-0x00007FF7957A0000-0x00007FF795B92000-memory.dmp	upx
behavioral2/memory/4304-1974-0x00007FF711310000-0x00007FF711702000-memory.dmp	upx
behavioral2/memory/4640-1998-0x00007FF751740000-0x00007FF751B32000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nQrTDhN.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\fhWZGTm.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\Pddifus.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\bPzgwFo.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\aUtsNom.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\lWXufXN.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\VEWKJtB.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\cDYZaYF.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\FzJxjZd.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\AJNTCfA.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\rFUGJTw.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\DZCeewN.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\lukmDZp.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\gMoTcoh.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\QEwuWJi.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\wBmeBQu.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\WJJLtcI.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\nSdnaCd.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\crGJmFh.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\HMenHMN.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\gCMaJYC.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\agAxnBa.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\gDanSji.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\rUXrtCA.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\DMtchsX.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\eFThakk.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\IUeILhL.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\fJVUTLJ.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\iHraRfF.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\TFHmvAm.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\eAYMldz.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\xACeluZ.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\qemooFf.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\bqHXMyV.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\BVWCCyv.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\TAUBaqB.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\XmuOvZt.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\qoSAoXq.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\UbpRUTM.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\MgJNyfh.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\GBCKBjA.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\waGvbbJ.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\DxyOczX.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\MmgtMpv.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\QkfCCIS.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\VaAqVxd.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\wzgeSvw.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\mIjvRNw.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\rtAxFrB.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\tQPkCWl.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\uloBGXg.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\dvlZnLS.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\rbCBQPm.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\BoKKbCs.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\EbttYJO.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\GhBNBrZ.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\MqbmViS.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\jHtiPMp.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\xnUJlnL.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\iKzfnOB.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\nvdQLbu.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\GrwJOMv.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\PWlnOPD.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
File created	C:\Windows\System\GZYXdUZ.exe	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5052	powershell.exe
5052	powershell.exe
5052	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
Token: SeDebugPrivilege	5052	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 5052	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	84
PID 3012 wrote to memory of 5052	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	84
PID 3012 wrote to memory of 4640	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	85
PID 3012 wrote to memory of 4640	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	85
PID 3012 wrote to memory of 2064	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	86
PID 3012 wrote to memory of 2064	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	86
PID 3012 wrote to memory of 3696	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	87
PID 3012 wrote to memory of 3696	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	87
PID 3012 wrote to memory of 3056	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	88
PID 3012 wrote to memory of 3056	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	88
PID 3012 wrote to memory of 3920	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	89
PID 3012 wrote to memory of 3920	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	89
PID 3012 wrote to memory of 2616	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	90
PID 3012 wrote to memory of 2616	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	90
PID 3012 wrote to memory of 3140	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	91
PID 3012 wrote to memory of 3140	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	91
PID 3012 wrote to memory of 3604	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	92
PID 3012 wrote to memory of 3604	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	92
PID 3012 wrote to memory of 4964	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	93
PID 3012 wrote to memory of 4964	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	93
PID 3012 wrote to memory of 680	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	94
PID 3012 wrote to memory of 680	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	94
PID 3012 wrote to memory of 744	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	95
PID 3012 wrote to memory of 744	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	95
PID 3012 wrote to memory of 1164	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	96
PID 3012 wrote to memory of 1164	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	96
PID 3012 wrote to memory of 4392	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	97
PID 3012 wrote to memory of 4392	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	97
PID 3012 wrote to memory of 1388	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	98
PID 3012 wrote to memory of 1388	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	98
PID 3012 wrote to memory of 4356	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	99
PID 3012 wrote to memory of 4356	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	99
PID 3012 wrote to memory of 4748	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	100
PID 3012 wrote to memory of 4748	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	100
PID 3012 wrote to memory of 3100	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	101
PID 3012 wrote to memory of 3100	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	101
PID 3012 wrote to memory of 2588	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	102
PID 3012 wrote to memory of 2588	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	102
PID 3012 wrote to memory of 1952	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	103
PID 3012 wrote to memory of 1952	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	103
PID 3012 wrote to memory of 4332	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	104
PID 3012 wrote to memory of 4332	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	104
PID 3012 wrote to memory of 2640	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	105
PID 3012 wrote to memory of 2640	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	105
PID 3012 wrote to memory of 4304	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	106
PID 3012 wrote to memory of 4304	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	106
PID 3012 wrote to memory of 3256	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	107
PID 3012 wrote to memory of 3256	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	107
PID 3012 wrote to memory of 4056	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	108
PID 3012 wrote to memory of 4056	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	108
PID 3012 wrote to memory of 4376	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	109
PID 3012 wrote to memory of 4376	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	109
PID 3012 wrote to memory of 1924	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	110
PID 3012 wrote to memory of 1924	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	110
PID 3012 wrote to memory of 1944	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	111
PID 3012 wrote to memory of 1944	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	111
PID 3012 wrote to memory of 2088	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	112
PID 3012 wrote to memory of 2088	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	112
PID 3012 wrote to memory of 3452	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	113
PID 3012 wrote to memory of 3452	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	113
PID 3012 wrote to memory of 4728	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	114
PID 3012 wrote to memory of 4728	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	114
PID 3012 wrote to memory of 2488	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	115
PID 3012 wrote to memory of 2488	3012	a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a1950eec022841a93179fe998558e0b0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5052
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5052" "2964" "2892" "2968" "0" "0" "2972" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12920
- C:\Windows\System\BVWCCyv.exe
  C:\Windows\System\BVWCCyv.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\QPuaKbh.exe
  C:\Windows\System\QPuaKbh.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\IivlUAp.exe
  C:\Windows\System\IivlUAp.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\mrmLdHM.exe
  C:\Windows\System\mrmLdHM.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\bOcGqpA.exe
  C:\Windows\System\bOcGqpA.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\dvXQujq.exe
  C:\Windows\System\dvXQujq.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\PGKWopQ.exe
  C:\Windows\System\PGKWopQ.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\LtieEYa.exe
  C:\Windows\System\LtieEYa.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\WJJLtcI.exe
  C:\Windows\System\WJJLtcI.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\cBNtPCK.exe
  C:\Windows\System\cBNtPCK.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\Snzydww.exe
  C:\Windows\System\Snzydww.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\bDOWGlP.exe
  C:\Windows\System\bDOWGlP.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\FsaclnR.exe
  C:\Windows\System\FsaclnR.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\tILsvLg.exe
  C:\Windows\System\tILsvLg.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\uRaKgbw.exe
  C:\Windows\System\uRaKgbw.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\oZPHEIp.exe
  C:\Windows\System\oZPHEIp.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\UgYmLxi.exe
  C:\Windows\System\UgYmLxi.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\anchqRx.exe
  C:\Windows\System\anchqRx.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\xaowuGe.exe
  C:\Windows\System\xaowuGe.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\YPoSWck.exe
  C:\Windows\System\YPoSWck.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\LjxYoPw.exe
  C:\Windows\System\LjxYoPw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\GFElgAm.exe
  C:\Windows\System\GFElgAm.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\KhkMdgv.exe
  C:\Windows\System\KhkMdgv.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\PTdocHn.exe
  C:\Windows\System\PTdocHn.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\GrwJOMv.exe
  C:\Windows\System\GrwJOMv.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\hvOyaMU.exe
  C:\Windows\System\hvOyaMU.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\cJTIRCg.exe
  C:\Windows\System\cJTIRCg.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\KZRaTUZ.exe
  C:\Windows\System\KZRaTUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\AYHGcFW.exe
  C:\Windows\System\AYHGcFW.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\GLlBjCI.exe
  C:\Windows\System\GLlBjCI.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\iNGIDMp.exe
  C:\Windows\System\iNGIDMp.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\UVsVdGd.exe
  C:\Windows\System\UVsVdGd.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\tvlrSSa.exe
  C:\Windows\System\tvlrSSa.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\olbPjIn.exe
  C:\Windows\System\olbPjIn.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\KDyqMxp.exe
  C:\Windows\System\KDyqMxp.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\DHjljnJ.exe
  C:\Windows\System\DHjljnJ.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\nTZlsDA.exe
  C:\Windows\System\nTZlsDA.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\ZDXyvhq.exe
  C:\Windows\System\ZDXyvhq.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\bJANgYs.exe
  C:\Windows\System\bJANgYs.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\udhoDth.exe
  C:\Windows\System\udhoDth.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\IRMJgSd.exe
  C:\Windows\System\IRMJgSd.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\bSvfOac.exe
  C:\Windows\System\bSvfOac.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\fsWPGvN.exe
  C:\Windows\System\fsWPGvN.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\PWlnOPD.exe
  C:\Windows\System\PWlnOPD.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\cKOJwpT.exe
  C:\Windows\System\cKOJwpT.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\CmkOhXn.exe
  C:\Windows\System\CmkOhXn.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\qFqDFvo.exe
  C:\Windows\System\qFqDFvo.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\GBCKBjA.exe
  C:\Windows\System\GBCKBjA.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\zvGqXei.exe
  C:\Windows\System\zvGqXei.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\hKKyYta.exe
  C:\Windows\System\hKKyYta.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\Xuuynhm.exe
  C:\Windows\System\Xuuynhm.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\lVpfUWc.exe
  C:\Windows\System\lVpfUWc.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\gANeoFh.exe
  C:\Windows\System\gANeoFh.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\fqUWJHH.exe
  C:\Windows\System\fqUWJHH.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\ojzuyMi.exe
  C:\Windows\System\ojzuyMi.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\hMZXjRF.exe
  C:\Windows\System\hMZXjRF.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\IbjQmqJ.exe
  C:\Windows\System\IbjQmqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\FuyOVHm.exe
  C:\Windows\System\FuyOVHm.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\MOjcrfO.exe
  C:\Windows\System\MOjcrfO.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\KpDwcWe.exe
  C:\Windows\System\KpDwcWe.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\TvpzzGs.exe
  C:\Windows\System\TvpzzGs.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\lrlDbcW.exe
  C:\Windows\System\lrlDbcW.exe
  2⤵
  - Executes dropped EXE
  PID:3372
- C:\Windows\System\mzdgQAx.exe
  C:\Windows\System\mzdgQAx.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\vNdjktg.exe
  C:\Windows\System\vNdjktg.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\QxvgyJV.exe
  C:\Windows\System\QxvgyJV.exe
  2⤵
  PID:4592
- C:\Windows\System\oyoZCuo.exe
  C:\Windows\System\oyoZCuo.exe
  2⤵
  PID:4484
- C:\Windows\System\wYiMhcd.exe
  C:\Windows\System\wYiMhcd.exe
  2⤵
  PID:2436
- C:\Windows\System\sLXVASG.exe
  C:\Windows\System\sLXVASG.exe
  2⤵
  PID:4844
- C:\Windows\System\aJhLdCb.exe
  C:\Windows\System\aJhLdCb.exe
  2⤵
  PID:1296
- C:\Windows\System\CeGjESS.exe
  C:\Windows\System\CeGjESS.exe
  2⤵
  PID:3688
- C:\Windows\System\xMsJHJS.exe
  C:\Windows\System\xMsJHJS.exe
  2⤵
  PID:3220
- C:\Windows\System\jpxGGqn.exe
  C:\Windows\System\jpxGGqn.exe
  2⤵
  PID:5144
- C:\Windows\System\QLvXZUO.exe
  C:\Windows\System\QLvXZUO.exe
  2⤵
  PID:5172
- C:\Windows\System\ICdvHha.exe
  C:\Windows\System\ICdvHha.exe
  2⤵
  PID:5204
- C:\Windows\System\uKDPvOa.exe
  C:\Windows\System\uKDPvOa.exe
  2⤵
  PID:5228
- C:\Windows\System\CBGhiIJ.exe
  C:\Windows\System\CBGhiIJ.exe
  2⤵
  PID:5260
- C:\Windows\System\YrPudsW.exe
  C:\Windows\System\YrPudsW.exe
  2⤵
  PID:5292
- C:\Windows\System\ktOcILW.exe
  C:\Windows\System\ktOcILW.exe
  2⤵
  PID:5320
- C:\Windows\System\JsfogvI.exe
  C:\Windows\System\JsfogvI.exe
  2⤵
  PID:5344
- C:\Windows\System\KApHVBD.exe
  C:\Windows\System\KApHVBD.exe
  2⤵
  PID:5376
- C:\Windows\System\QQZPuXB.exe
  C:\Windows\System\QQZPuXB.exe
  2⤵
  PID:5404
- C:\Windows\System\vheqgpx.exe
  C:\Windows\System\vheqgpx.exe
  2⤵
  PID:5428
- C:\Windows\System\waGvbbJ.exe
  C:\Windows\System\waGvbbJ.exe
  2⤵
  PID:5460
- C:\Windows\System\VaAqVxd.exe
  C:\Windows\System\VaAqVxd.exe
  2⤵
  PID:5488
- C:\Windows\System\rdSWFxb.exe
  C:\Windows\System\rdSWFxb.exe
  2⤵
  PID:5512
- C:\Windows\System\VSggRny.exe
  C:\Windows\System\VSggRny.exe
  2⤵
  PID:5544
- C:\Windows\System\eizvCNb.exe
  C:\Windows\System\eizvCNb.exe
  2⤵
  PID:5572
- C:\Windows\System\MXsmHId.exe
  C:\Windows\System\MXsmHId.exe
  2⤵
  PID:5596
- C:\Windows\System\WbXdxxu.exe
  C:\Windows\System\WbXdxxu.exe
  2⤵
  PID:5628
- C:\Windows\System\AAwHReL.exe
  C:\Windows\System\AAwHReL.exe
  2⤵
  PID:5656
- C:\Windows\System\WiEJmip.exe
  C:\Windows\System\WiEJmip.exe
  2⤵
  PID:5680
- C:\Windows\System\DZCeewN.exe
  C:\Windows\System\DZCeewN.exe
  2⤵
  PID:5708
- C:\Windows\System\wzgeSvw.exe
  C:\Windows\System\wzgeSvw.exe
  2⤵
  PID:5740
- C:\Windows\System\nqieHvT.exe
  C:\Windows\System\nqieHvT.exe
  2⤵
  PID:5764
- C:\Windows\System\idbGRLt.exe
  C:\Windows\System\idbGRLt.exe
  2⤵
  PID:5792
- C:\Windows\System\zrcCLRD.exe
  C:\Windows\System\zrcCLRD.exe
  2⤵
  PID:5824
- C:\Windows\System\DPYKDqs.exe
  C:\Windows\System\DPYKDqs.exe
  2⤵
  PID:5848
- C:\Windows\System\RNMEulu.exe
  C:\Windows\System\RNMEulu.exe
  2⤵
  PID:5876
- C:\Windows\System\SbhzbJB.exe
  C:\Windows\System\SbhzbJB.exe
  2⤵
  PID:5908
- C:\Windows\System\xjHAvfm.exe
  C:\Windows\System\xjHAvfm.exe
  2⤵
  PID:5940
- C:\Windows\System\lukmDZp.exe
  C:\Windows\System\lukmDZp.exe
  2⤵
  PID:5972
- C:\Windows\System\nSdnaCd.exe
  C:\Windows\System\nSdnaCd.exe
  2⤵
  PID:6000
- C:\Windows\System\GbfCOoY.exe
  C:\Windows\System\GbfCOoY.exe
  2⤵
  PID:6036
- C:\Windows\System\DqfyHrG.exe
  C:\Windows\System\DqfyHrG.exe
  2⤵
  PID:6056
- C:\Windows\System\BhyYPOY.exe
  C:\Windows\System\BhyYPOY.exe
  2⤵
  PID:6080
- C:\Windows\System\WCZtKCi.exe
  C:\Windows\System\WCZtKCi.exe
  2⤵
  PID:6104
- C:\Windows\System\yDrYhFq.exe
  C:\Windows\System\yDrYhFq.exe
  2⤵
  PID:6140
- C:\Windows\System\YXJRVrr.exe
  C:\Windows\System\YXJRVrr.exe
  2⤵
  PID:4176
- C:\Windows\System\EzqhGQJ.exe
  C:\Windows\System\EzqhGQJ.exe
  2⤵
  PID:3124
- C:\Windows\System\rVdtFja.exe
  C:\Windows\System\rVdtFja.exe
  2⤵
  PID:4988
- C:\Windows\System\xNBemoH.exe
  C:\Windows\System\xNBemoH.exe
  2⤵
  PID:2720
- C:\Windows\System\IXwyWhY.exe
  C:\Windows\System\IXwyWhY.exe
  2⤵
  PID:2204
- C:\Windows\System\CEqBqqV.exe
  C:\Windows\System\CEqBqqV.exe
  2⤵
  PID:5140
- C:\Windows\System\wqYJMUW.exe
  C:\Windows\System\wqYJMUW.exe
  2⤵
  PID:5192
- C:\Windows\System\zLfUCBa.exe
  C:\Windows\System\zLfUCBa.exe
  2⤵
  PID:5252
- C:\Windows\System\HBfozMU.exe
  C:\Windows\System\HBfozMU.exe
  2⤵
  PID:5336
- C:\Windows\System\SazIYoy.exe
  C:\Windows\System\SazIYoy.exe
  2⤵
  PID:5392
- C:\Windows\System\NvKvKnj.exe
  C:\Windows\System\NvKvKnj.exe
  2⤵
  PID:5448
- C:\Windows\System\NLHofZM.exe
  C:\Windows\System\NLHofZM.exe
  2⤵
  PID:5508
- C:\Windows\System\HJPTEcg.exe
  C:\Windows\System\HJPTEcg.exe
  2⤵
  PID:5580
- C:\Windows\System\eOCvrmW.exe
  C:\Windows\System\eOCvrmW.exe
  2⤵
  PID:5636
- C:\Windows\System\SrZrMan.exe
  C:\Windows\System\SrZrMan.exe
  2⤵
  PID:5696
- C:\Windows\System\uRasUwp.exe
  C:\Windows\System\uRasUwp.exe
  2⤵
  PID:5756
- C:\Windows\System\dXRPpOw.exe
  C:\Windows\System\dXRPpOw.exe
  2⤵
  PID:3864
- C:\Windows\System\QHydvgD.exe
  C:\Windows\System\QHydvgD.exe
  2⤵
  PID:5840
- C:\Windows\System\BsmnmMG.exe
  C:\Windows\System\BsmnmMG.exe
  2⤵
  PID:5904
- C:\Windows\System\KIlHLBl.exe
  C:\Windows\System\KIlHLBl.exe
  2⤵
  PID:5964
- C:\Windows\System\WajBRoY.exe
  C:\Windows\System\WajBRoY.exe
  2⤵
  PID:6032
- C:\Windows\System\bhhEpDb.exe
  C:\Windows\System\bhhEpDb.exe
  2⤵
  PID:6096
- C:\Windows\System\ujwIydU.exe
  C:\Windows\System\ujwIydU.exe
  2⤵
  PID:1036
- C:\Windows\System\piwYOaR.exe
  C:\Windows\System\piwYOaR.exe
  2⤵
  PID:4324
- C:\Windows\System\msaexzu.exe
  C:\Windows\System\msaexzu.exe
  2⤵
  PID:2968
- C:\Windows\System\DMtchsX.exe
  C:\Windows\System\DMtchsX.exe
  2⤵
  PID:1472
- C:\Windows\System\jLXhBFA.exe
  C:\Windows\System\jLXhBFA.exe
  2⤵
  PID:5168
- C:\Windows\System\GUHhcQE.exe
  C:\Windows\System\GUHhcQE.exe
  2⤵
  PID:5244
- C:\Windows\System\BoKKbCs.exe
  C:\Windows\System\BoKKbCs.exe
  2⤵
  PID:5360
- C:\Windows\System\aZpsDHb.exe
  C:\Windows\System\aZpsDHb.exe
  2⤵
  PID:3436
- C:\Windows\System\JdZBvxX.exe
  C:\Windows\System\JdZBvxX.exe
  2⤵
  PID:2336
- C:\Windows\System\UtqxRsW.exe
  C:\Windows\System\UtqxRsW.exe
  2⤵
  PID:5612
- C:\Windows\System\NorXPHy.exe
  C:\Windows\System\NorXPHy.exe
  2⤵
  PID:3296
- C:\Windows\System\VGipUNL.exe
  C:\Windows\System\VGipUNL.exe
  2⤵
  PID:5776
- C:\Windows\System\byTCTeC.exe
  C:\Windows\System\byTCTeC.exe
  2⤵
  PID:5868
- C:\Windows\System\EYBRGxT.exe
  C:\Windows\System\EYBRGxT.exe
  2⤵
  PID:6016
- C:\Windows\System\rGAbJnV.exe
  C:\Windows\System\rGAbJnV.exe
  2⤵
  PID:6132
- C:\Windows\System\zynDtpr.exe
  C:\Windows\System\zynDtpr.exe
  2⤵
  PID:3416
- C:\Windows\System\nPTTOTZ.exe
  C:\Windows\System\nPTTOTZ.exe
  2⤵
  PID:1560
- C:\Windows\System\cBXjQyw.exe
  C:\Windows\System\cBXjQyw.exe
  2⤵
  PID:5496
- C:\Windows\System\CDozBoY.exe
  C:\Windows\System\CDozBoY.exe
  2⤵
  PID:4580
- C:\Windows\System\UGBkZVL.exe
  C:\Windows\System\UGBkZVL.exe
  2⤵
  PID:5832
- C:\Windows\System\TnJdOpt.exe
  C:\Windows\System\TnJdOpt.exe
  2⤵
  PID:1564
- C:\Windows\System\ldjsdoG.exe
  C:\Windows\System\ldjsdoG.exe
  2⤵
  PID:2760
- C:\Windows\System\HpulmuP.exe
  C:\Windows\System\HpulmuP.exe
  2⤵
  PID:6168
- C:\Windows\System\mIjvRNw.exe
  C:\Windows\System\mIjvRNw.exe
  2⤵
  PID:6228
- C:\Windows\System\PcNckaa.exe
  C:\Windows\System\PcNckaa.exe
  2⤵
  PID:6284
- C:\Windows\System\HBMNrYi.exe
  C:\Windows\System\HBMNrYi.exe
  2⤵
  PID:6312
- C:\Windows\System\PHUcOYo.exe
  C:\Windows\System\PHUcOYo.exe
  2⤵
  PID:6340
- C:\Windows\System\vBYbHrb.exe
  C:\Windows\System\vBYbHrb.exe
  2⤵
  PID:6368
- C:\Windows\System\BGoVMvB.exe
  C:\Windows\System\BGoVMvB.exe
  2⤵
  PID:6392
- C:\Windows\System\SndGIOM.exe
  C:\Windows\System\SndGIOM.exe
  2⤵
  PID:6428
- C:\Windows\System\gMoTcoh.exe
  C:\Windows\System\gMoTcoh.exe
  2⤵
  PID:6452
- C:\Windows\System\ywAwuKZ.exe
  C:\Windows\System\ywAwuKZ.exe
  2⤵
  PID:6484
- C:\Windows\System\UBQxnru.exe
  C:\Windows\System\UBQxnru.exe
  2⤵
  PID:6512
- C:\Windows\System\crGJmFh.exe
  C:\Windows\System\crGJmFh.exe
  2⤵
  PID:6536
- C:\Windows\System\fNsVcua.exe
  C:\Windows\System\fNsVcua.exe
  2⤵
  PID:6560
- C:\Windows\System\RnVDuEv.exe
  C:\Windows\System\RnVDuEv.exe
  2⤵
  PID:6592
- C:\Windows\System\gnoCjSS.exe
  C:\Windows\System\gnoCjSS.exe
  2⤵
  PID:6636
- C:\Windows\System\KteCJPW.exe
  C:\Windows\System\KteCJPW.exe
  2⤵
  PID:6656
- C:\Windows\System\pejoSZs.exe
  C:\Windows\System\pejoSZs.exe
  2⤵
  PID:6676
- C:\Windows\System\EbttYJO.exe
  C:\Windows\System\EbttYJO.exe
  2⤵
  PID:6700
- C:\Windows\System\aZxzNXJ.exe
  C:\Windows\System\aZxzNXJ.exe
  2⤵
  PID:6756
- C:\Windows\System\eFThakk.exe
  C:\Windows\System\eFThakk.exe
  2⤵
  PID:6784
- C:\Windows\System\VEWKJtB.exe
  C:\Windows\System\VEWKJtB.exe
  2⤵
  PID:6800
- C:\Windows\System\CHpZIIC.exe
  C:\Windows\System\CHpZIIC.exe
  2⤵
  PID:6816
- C:\Windows\System\IVdmeFX.exe
  C:\Windows\System\IVdmeFX.exe
  2⤵
  PID:6832
- C:\Windows\System\oexDBEB.exe
  C:\Windows\System\oexDBEB.exe
  2⤵
  PID:6856
- C:\Windows\System\XhpzqMg.exe
  C:\Windows\System\XhpzqMg.exe
  2⤵
  PID:6892
- C:\Windows\System\iuySDZi.exe
  C:\Windows\System\iuySDZi.exe
  2⤵
  PID:6912
- C:\Windows\System\MxsQQlD.exe
  C:\Windows\System\MxsQQlD.exe
  2⤵
  PID:6968
- C:\Windows\System\oYvhRyK.exe
  C:\Windows\System\oYvhRyK.exe
  2⤵
  PID:6996
- C:\Windows\System\MmOrkli.exe
  C:\Windows\System\MmOrkli.exe
  2⤵
  PID:7028
- C:\Windows\System\SKomgol.exe
  C:\Windows\System\SKomgol.exe
  2⤵
  PID:7048
- C:\Windows\System\GhBNBrZ.exe
  C:\Windows\System\GhBNBrZ.exe
  2⤵
  PID:7080
- C:\Windows\System\GQzUwQh.exe
  C:\Windows\System\GQzUwQh.exe
  2⤵
  PID:7096
- C:\Windows\System\ThETRtb.exe
  C:\Windows\System\ThETRtb.exe
  2⤵
  PID:7116
- C:\Windows\System\MGiNCSB.exe
  C:\Windows\System\MGiNCSB.exe
  2⤵
  PID:7132
- C:\Windows\System\szIYrOo.exe
  C:\Windows\System\szIYrOo.exe
  2⤵
  PID:7160
- C:\Windows\System\tRLJFWF.exe
  C:\Windows\System\tRLJFWF.exe
  2⤵
  PID:5564
- C:\Windows\System\bPzgwFo.exe
  C:\Windows\System\bPzgwFo.exe
  2⤵
  PID:1596
- C:\Windows\System\Lvljqmi.exe
  C:\Windows\System\Lvljqmi.exe
  2⤵
  PID:6204
- C:\Windows\System\cDYZaYF.exe
  C:\Windows\System\cDYZaYF.exe
  2⤵
  PID:4488
- C:\Windows\System\peNnjtz.exe
  C:\Windows\System\peNnjtz.exe
  2⤵
  PID:2596
- C:\Windows\System\xnMGHhd.exe
  C:\Windows\System\xnMGHhd.exe
  2⤵
  PID:684
- C:\Windows\System\JunOwbC.exe
  C:\Windows\System\JunOwbC.exe
  2⤵
  PID:3520
- C:\Windows\System\yYHEadM.exe
  C:\Windows\System\yYHEadM.exe
  2⤵
  PID:6336
- C:\Windows\System\jigfjCm.exe
  C:\Windows\System\jigfjCm.exe
  2⤵
  PID:6448
- C:\Windows\System\kCFQnkO.exe
  C:\Windows\System\kCFQnkO.exe
  2⤵
  PID:6520
- C:\Windows\System\qdfZIkD.exe
  C:\Windows\System\qdfZIkD.exe
  2⤵
  PID:6568
- C:\Windows\System\YAMBjKp.exe
  C:\Windows\System\YAMBjKp.exe
  2⤵
  PID:6652
- C:\Windows\System\IKeQmPU.exe
  C:\Windows\System\IKeQmPU.exe
  2⤵
  PID:6716
- C:\Windows\System\wuiOHca.exe
  C:\Windows\System\wuiOHca.exe
  2⤵
  PID:6764
- C:\Windows\System\UNQomie.exe
  C:\Windows\System\UNQomie.exe
  2⤵
  PID:4616
- C:\Windows\System\MMSTKzI.exe
  C:\Windows\System\MMSTKzI.exe
  2⤵
  PID:6840
- C:\Windows\System\ovGOPMB.exe
  C:\Windows\System\ovGOPMB.exe
  2⤵
  PID:6812
- C:\Windows\System\MsMefli.exe
  C:\Windows\System\MsMefli.exe
  2⤵
  PID:6872
- C:\Windows\System\HnYzAgC.exe
  C:\Windows\System\HnYzAgC.exe
  2⤵
  PID:6952
- C:\Windows\System\ilAmfwJ.exe
  C:\Windows\System\ilAmfwJ.exe
  2⤵
  PID:7012
- C:\Windows\System\maTvifs.exe
  C:\Windows\System\maTvifs.exe
  2⤵
  PID:7040
- C:\Windows\System\lXHgpDQ.exe
  C:\Windows\System\lXHgpDQ.exe
  2⤵
  PID:1272
- C:\Windows\System\SNdtCWE.exe
  C:\Windows\System\SNdtCWE.exe
  2⤵
  PID:5136
- C:\Windows\System\DACgEur.exe
  C:\Windows\System\DACgEur.exe
  2⤵
  PID:2832
- C:\Windows\System\uoaCBhR.exe
  C:\Windows\System\uoaCBhR.exe
  2⤵
  PID:4480
- C:\Windows\System\vglvGnC.exe
  C:\Windows\System\vglvGnC.exe
  2⤵
  PID:4564
- C:\Windows\System\umjWJBz.exe
  C:\Windows\System\umjWJBz.exe
  2⤵
  PID:6476
- C:\Windows\System\EOGJOiK.exe
  C:\Windows\System\EOGJOiK.exe
  2⤵
  PID:6664
- C:\Windows\System\UwXQdzk.exe
  C:\Windows\System\UwXQdzk.exe
  2⤵
  PID:6808
- C:\Windows\System\oPevFmC.exe
  C:\Windows\System\oPevFmC.exe
  2⤵
  PID:6796
- C:\Windows\System\FOTUaFd.exe
  C:\Windows\System\FOTUaFd.exe
  2⤵
  PID:7108
- C:\Windows\System\JfJRWWB.exe
  C:\Windows\System\JfJRWWB.exe
  2⤵
  PID:7140
- C:\Windows\System\FgzKIPI.exe
  C:\Windows\System\FgzKIPI.exe
  2⤵
  PID:1624
- C:\Windows\System\ExKkvHl.exe
  C:\Windows\System\ExKkvHl.exe
  2⤵
  PID:4168
- C:\Windows\System\iujjcYn.exe
  C:\Windows\System\iujjcYn.exe
  2⤵
  PID:6588
- C:\Windows\System\tjWyPSh.exe
  C:\Windows\System\tjWyPSh.exe
  2⤵
  PID:1948
- C:\Windows\System\liLrBLq.exe
  C:\Windows\System\liLrBLq.exe
  2⤵
  PID:7060
- C:\Windows\System\mXqxtFg.exe
  C:\Windows\System\mXqxtFg.exe
  2⤵
  PID:7216
- C:\Windows\System\cSoTzII.exe
  C:\Windows\System\cSoTzII.exe
  2⤵
  PID:7236
- C:\Windows\System\QLebJGa.exe
  C:\Windows\System\QLebJGa.exe
  2⤵
  PID:7260
- C:\Windows\System\DxyOczX.exe
  C:\Windows\System\DxyOczX.exe
  2⤵
  PID:7284
- C:\Windows\System\FzJxjZd.exe
  C:\Windows\System\FzJxjZd.exe
  2⤵
  PID:7320
- C:\Windows\System\aUtsNom.exe
  C:\Windows\System\aUtsNom.exe
  2⤵
  PID:7360
- C:\Windows\System\ohgjuda.exe
  C:\Windows\System\ohgjuda.exe
  2⤵
  PID:7388
- C:\Windows\System\wFFYmUw.exe
  C:\Windows\System\wFFYmUw.exe
  2⤵
  PID:7412
- C:\Windows\System\lOezQha.exe
  C:\Windows\System\lOezQha.exe
  2⤵
  PID:7432
- C:\Windows\System\QFYXuPy.exe
  C:\Windows\System\QFYXuPy.exe
  2⤵
  PID:7452
- C:\Windows\System\sPMNJFJ.exe
  C:\Windows\System\sPMNJFJ.exe
  2⤵
  PID:7476
- C:\Windows\System\tyFTYMS.exe
  C:\Windows\System\tyFTYMS.exe
  2⤵
  PID:7496
- C:\Windows\System\lzkcDLi.exe
  C:\Windows\System\lzkcDLi.exe
  2⤵
  PID:7532
- C:\Windows\System\BKbKpBJ.exe
  C:\Windows\System\BKbKpBJ.exe
  2⤵
  PID:7560
- C:\Windows\System\xKfSJTX.exe
  C:\Windows\System\xKfSJTX.exe
  2⤵
  PID:7584
- C:\Windows\System\usBndTJ.exe
  C:\Windows\System\usBndTJ.exe
  2⤵
  PID:7624
- C:\Windows\System\EVJXaod.exe
  C:\Windows\System\EVJXaod.exe
  2⤵
  PID:7664
- C:\Windows\System\xKKglza.exe
  C:\Windows\System\xKKglza.exe
  2⤵
  PID:7684
- C:\Windows\System\aPrnXOg.exe
  C:\Windows\System\aPrnXOg.exe
  2⤵
  PID:7708
- C:\Windows\System\HIiijQy.exe
  C:\Windows\System\HIiijQy.exe
  2⤵
  PID:7724
- C:\Windows\System\IUeILhL.exe
  C:\Windows\System\IUeILhL.exe
  2⤵
  PID:7768
- C:\Windows\System\MmgtMpv.exe
  C:\Windows\System\MmgtMpv.exe
  2⤵
  PID:7784
- C:\Windows\System\QFRhZyy.exe
  C:\Windows\System\QFRhZyy.exe
  2⤵
  PID:7812
- C:\Windows\System\vicfYjw.exe
  C:\Windows\System\vicfYjw.exe
  2⤵
  PID:7844
- C:\Windows\System\AwcbZLu.exe
  C:\Windows\System\AwcbZLu.exe
  2⤵
  PID:7868
- C:\Windows\System\luKguVT.exe
  C:\Windows\System\luKguVT.exe
  2⤵
  PID:7884
- C:\Windows\System\wachFXq.exe
  C:\Windows\System\wachFXq.exe
  2⤵
  PID:7940
- C:\Windows\System\OPXVlqB.exe
  C:\Windows\System\OPXVlqB.exe
  2⤵
  PID:7956
- C:\Windows\System\poqjQEz.exe
  C:\Windows\System\poqjQEz.exe
  2⤵
  PID:7976
- C:\Windows\System\MqbmViS.exe
  C:\Windows\System\MqbmViS.exe
  2⤵
  PID:8008
- C:\Windows\System\aKmJnKH.exe
  C:\Windows\System\aKmJnKH.exe
  2⤵
  PID:8032
- C:\Windows\System\kWleVIg.exe
  C:\Windows\System\kWleVIg.exe
  2⤵
  PID:8052
- C:\Windows\System\nSDIfaj.exe
  C:\Windows\System\nSDIfaj.exe
  2⤵
  PID:8104
- C:\Windows\System\TxtqGDt.exe
  C:\Windows\System\TxtqGDt.exe
  2⤵
  PID:8120
- C:\Windows\System\fMIDpjM.exe
  C:\Windows\System\fMIDpjM.exe
  2⤵
  PID:8148
- C:\Windows\System\jSTyryc.exe
  C:\Windows\System\jSTyryc.exe
  2⤵
  PID:8164
- C:\Windows\System\mxZgrMv.exe
  C:\Windows\System\mxZgrMv.exe
  2⤵
  PID:8188
- C:\Windows\System\ixFXHwU.exe
  C:\Windows\System\ixFXHwU.exe
  2⤵
  PID:7020
- C:\Windows\System\YjWTWLY.exe
  C:\Windows\System\YjWTWLY.exe
  2⤵
  PID:7228
- C:\Windows\System\QkOtqgy.exe
  C:\Windows\System\QkOtqgy.exe
  2⤵
  PID:7304
- C:\Windows\System\dzwygeF.exe
  C:\Windows\System\dzwygeF.exe
  2⤵
  PID:7376
- C:\Windows\System\BOcmLAv.exe
  C:\Windows\System\BOcmLAv.exe
  2⤵
  PID:7440
- C:\Windows\System\tVHBtxS.exe
  C:\Windows\System\tVHBtxS.exe
  2⤵
  PID:7620
- C:\Windows\System\lEyskIu.exe
  C:\Windows\System\lEyskIu.exe
  2⤵
  PID:7616
- C:\Windows\System\GRaYnKd.exe
  C:\Windows\System\GRaYnKd.exe
  2⤵
  PID:7696
- C:\Windows\System\rMpiHIB.exe
  C:\Windows\System\rMpiHIB.exe
  2⤵
  PID:7780
- C:\Windows\System\NFatpKS.exe
  C:\Windows\System\NFatpKS.exe
  2⤵
  PID:7756
- C:\Windows\System\EshXDQs.exe
  C:\Windows\System\EshXDQs.exe
  2⤵
  PID:7808
- C:\Windows\System\VjMUNkg.exe
  C:\Windows\System\VjMUNkg.exe
  2⤵
  PID:7932
- C:\Windows\System\hlQpZxf.exe
  C:\Windows\System\hlQpZxf.exe
  2⤵
  PID:8016
- C:\Windows\System\SzsiFFI.exe
  C:\Windows\System\SzsiFFI.exe
  2⤵
  PID:8172
- C:\Windows\System\KqDuhKS.exe
  C:\Windows\System\KqDuhKS.exe
  2⤵
  PID:8136
- C:\Windows\System\fDvZGsC.exe
  C:\Windows\System\fDvZGsC.exe
  2⤵
  PID:6888
- C:\Windows\System\rtAxFrB.exe
  C:\Windows\System\rtAxFrB.exe
  2⤵
  PID:7232
- C:\Windows\System\hGQGnra.exe
  C:\Windows\System\hGQGnra.exe
  2⤵
  PID:7424
- C:\Windows\System\nBotThA.exe
  C:\Windows\System\nBotThA.exe
  2⤵
  PID:7528
- C:\Windows\System\SUdxfWe.exe
  C:\Windows\System\SUdxfWe.exe
  2⤵
  PID:7716
- C:\Windows\System\khHSiDg.exe
  C:\Windows\System\khHSiDg.exe
  2⤵
  PID:7660
- C:\Windows\System\UqrqQot.exe
  C:\Windows\System\UqrqQot.exe
  2⤵
  PID:7840
- C:\Windows\System\cVoLsTX.exe
  C:\Windows\System\cVoLsTX.exe
  2⤵
  PID:8000
- C:\Windows\System\EIqejpx.exe
  C:\Windows\System\EIqejpx.exe
  2⤵
  PID:8160
- C:\Windows\System\ASAsNiP.exe
  C:\Windows\System\ASAsNiP.exe
  2⤵
  PID:8184
- C:\Windows\System\SZZNvsc.exe
  C:\Windows\System\SZZNvsc.exe
  2⤵
  PID:7648
- C:\Windows\System\ommLkEm.exe
  C:\Windows\System\ommLkEm.exe
  2⤵
  PID:7776
- C:\Windows\System\eGKjFrk.exe
  C:\Windows\System\eGKjFrk.exe
  2⤵
  PID:8224
- C:\Windows\System\aRFclWG.exe
  C:\Windows\System\aRFclWG.exe
  2⤵
  PID:8256
- C:\Windows\System\exeIuGb.exe
  C:\Windows\System\exeIuGb.exe
  2⤵
  PID:8276
- C:\Windows\System\cOAMWOl.exe
  C:\Windows\System\cOAMWOl.exe
  2⤵
  PID:8296
- C:\Windows\System\KvjjcCi.exe
  C:\Windows\System\KvjjcCi.exe
  2⤵
  PID:8356
- C:\Windows\System\ZMbdkdl.exe
  C:\Windows\System\ZMbdkdl.exe
  2⤵
  PID:8376
- C:\Windows\System\QAMuvsd.exe
  C:\Windows\System\QAMuvsd.exe
  2⤵
  PID:8396
- C:\Windows\System\naVoNhk.exe
  C:\Windows\System\naVoNhk.exe
  2⤵
  PID:8436
- C:\Windows\System\TAUBaqB.exe
  C:\Windows\System\TAUBaqB.exe
  2⤵
  PID:8456
- C:\Windows\System\nNEEusJ.exe
  C:\Windows\System\nNEEusJ.exe
  2⤵
  PID:8488
- C:\Windows\System\HMenHMN.exe
  C:\Windows\System\HMenHMN.exe
  2⤵
  PID:8524
- C:\Windows\System\hraJxBx.exe
  C:\Windows\System\hraJxBx.exe
  2⤵
  PID:8552
- C:\Windows\System\VGKVvPK.exe
  C:\Windows\System\VGKVvPK.exe
  2⤵
  PID:8572
- C:\Windows\System\GEqLpAM.exe
  C:\Windows\System\GEqLpAM.exe
  2⤵
  PID:8588
- C:\Windows\System\VBVLiky.exe
  C:\Windows\System\VBVLiky.exe
  2⤵
  PID:8608
- C:\Windows\System\grSwzqY.exe
  C:\Windows\System\grSwzqY.exe
  2⤵
  PID:8628
- C:\Windows\System\DtHQtJn.exe
  C:\Windows\System\DtHQtJn.exe
  2⤵
  PID:8648
- C:\Windows\System\YavBUAJ.exe
  C:\Windows\System\YavBUAJ.exe
  2⤵
  PID:8672
- C:\Windows\System\NxQzCYT.exe
  C:\Windows\System\NxQzCYT.exe
  2⤵
  PID:8696
- C:\Windows\System\zwLslXr.exe
  C:\Windows\System\zwLslXr.exe
  2⤵
  PID:8716
- C:\Windows\System\YjuDnYT.exe
  C:\Windows\System\YjuDnYT.exe
  2⤵
  PID:8740
- C:\Windows\System\XxGfwPD.exe
  C:\Windows\System\XxGfwPD.exe
  2⤵
  PID:8804
- C:\Windows\System\dhZgrsp.exe
  C:\Windows\System\dhZgrsp.exe
  2⤵
  PID:8820
- C:\Windows\System\kllfRwN.exe
  C:\Windows\System\kllfRwN.exe
  2⤵
  PID:8868
- C:\Windows\System\jyugqmK.exe
  C:\Windows\System\jyugqmK.exe
  2⤵
  PID:8892
- C:\Windows\System\morthTo.exe
  C:\Windows\System\morthTo.exe
  2⤵
  PID:8920
- C:\Windows\System\eIAzjNk.exe
  C:\Windows\System\eIAzjNk.exe
  2⤵
  PID:8948
- C:\Windows\System\oAJyFaa.exe
  C:\Windows\System\oAJyFaa.exe
  2⤵
  PID:8988
- C:\Windows\System\vmRguJc.exe
  C:\Windows\System\vmRguJc.exe
  2⤵
  PID:9032
- C:\Windows\System\KEMJEWC.exe
  C:\Windows\System\KEMJEWC.exe
  2⤵
  PID:9052
- C:\Windows\System\sblfjUM.exe
  C:\Windows\System\sblfjUM.exe
  2⤵
  PID:9080
- C:\Windows\System\fGWbEPo.exe
  C:\Windows\System\fGWbEPo.exe
  2⤵
  PID:9116
- C:\Windows\System\uRNxgMM.exe
  C:\Windows\System\uRNxgMM.exe
  2⤵
  PID:9140
- C:\Windows\System\NlZNdWe.exe
  C:\Windows\System\NlZNdWe.exe
  2⤵
  PID:9160
- C:\Windows\System\ygQWMam.exe
  C:\Windows\System\ygQWMam.exe
  2⤵
  PID:9176
- C:\Windows\System\VppuijC.exe
  C:\Windows\System\VppuijC.exe
  2⤵
  PID:9196
- C:\Windows\System\DeZjZLI.exe
  C:\Windows\System\DeZjZLI.exe
  2⤵
  PID:7880
- C:\Windows\System\zVIgJCi.exe
  C:\Windows\System\zVIgJCi.exe
  2⤵
  PID:8196
- C:\Windows\System\MadnzLu.exe
  C:\Windows\System\MadnzLu.exe
  2⤵
  PID:8288
- C:\Windows\System\pPfULIs.exe
  C:\Windows\System\pPfULIs.exe
  2⤵
  PID:8416
- C:\Windows\System\LbtfAxU.exe
  C:\Windows\System\LbtfAxU.exe
  2⤵
  PID:8468
- C:\Windows\System\uoUKWMs.exe
  C:\Windows\System\uoUKWMs.exe
  2⤵
  PID:8484
- C:\Windows\System\TCuEwht.exe
  C:\Windows\System\TCuEwht.exe
  2⤵
  PID:8548
- C:\Windows\System\UAoqdyT.exe
  C:\Windows\System\UAoqdyT.exe
  2⤵
  PID:8568
- C:\Windows\System\gXxjOKO.exe
  C:\Windows\System\gXxjOKO.exe
  2⤵
  PID:8624
- C:\Windows\System\pfMwtJU.exe
  C:\Windows\System\pfMwtJU.exe
  2⤵
  PID:8668
- C:\Windows\System\zWodJmO.exe
  C:\Windows\System\zWodJmO.exe
  2⤵
  PID:8764
- C:\Windows\System\yYRGuoi.exe
  C:\Windows\System\yYRGuoi.exe
  2⤵
  PID:8784
- C:\Windows\System\mHLtcSc.exe
  C:\Windows\System\mHLtcSc.exe
  2⤵
  PID:8856
- C:\Windows\System\sCMriIB.exe
  C:\Windows\System\sCMriIB.exe
  2⤵
  PID:8884
- C:\Windows\System\aKprSSn.exe
  C:\Windows\System\aKprSSn.exe
  2⤵
  PID:9004
- C:\Windows\System\TeYpgnj.exe
  C:\Windows\System\TeYpgnj.exe
  2⤵
  PID:9096
- C:\Windows\System\XmuOvZt.exe
  C:\Windows\System\XmuOvZt.exe
  2⤵
  PID:9128
- C:\Windows\System\VgQTUmu.exe
  C:\Windows\System\VgQTUmu.exe
  2⤵
  PID:9104
- C:\Windows\System\iHraRfF.exe
  C:\Windows\System\iHraRfF.exe
  2⤵
  PID:7760
- C:\Windows\System\xaCVPfX.exe
  C:\Windows\System\xaCVPfX.exe
  2⤵
  PID:7200
- C:\Windows\System\WYLwhEm.exe
  C:\Windows\System\WYLwhEm.exe
  2⤵
  PID:8244
- C:\Windows\System\TKdqnFO.exe
  C:\Windows\System\TKdqnFO.exe
  2⤵
  PID:7212
- C:\Windows\System\MAzvtva.exe
  C:\Windows\System\MAzvtva.exe
  2⤵
  PID:8600
- C:\Windows\System\xioAIIq.exe
  C:\Windows\System\xioAIIq.exe
  2⤵
  PID:8912
- C:\Windows\System\EtZSnVg.exe
  C:\Windows\System\EtZSnVg.exe
  2⤵
  PID:9048
- C:\Windows\System\fWwwGeX.exe
  C:\Windows\System\fWwwGeX.exe
  2⤵
  PID:9184
- C:\Windows\System\esASdRq.exe
  C:\Windows\System\esASdRq.exe
  2⤵
  PID:8580
- C:\Windows\System\KfqCoIp.exe
  C:\Windows\System\KfqCoIp.exe
  2⤵
  PID:9252
- C:\Windows\System\kxSQaGw.exe
  C:\Windows\System\kxSQaGw.exe
  2⤵
  PID:9316
- C:\Windows\System\vNDkJKu.exe
  C:\Windows\System\vNDkJKu.exe
  2⤵
  PID:9340
- C:\Windows\System\WJuGfDd.exe
  C:\Windows\System\WJuGfDd.exe
  2⤵
  PID:9360
- C:\Windows\System\rfhtoqn.exe
  C:\Windows\System\rfhtoqn.exe
  2⤵
  PID:9392
- C:\Windows\System\vAaeqzR.exe
  C:\Windows\System\vAaeqzR.exe
  2⤵
  PID:9416
- C:\Windows\System\xsUDuvl.exe
  C:\Windows\System\xsUDuvl.exe
  2⤵
  PID:9452
- C:\Windows\System\oBlzJhK.exe
  C:\Windows\System\oBlzJhK.exe
  2⤵
  PID:9468
- C:\Windows\System\lkiaZRu.exe
  C:\Windows\System\lkiaZRu.exe
  2⤵
  PID:9500
- C:\Windows\System\GCswIot.exe
  C:\Windows\System\GCswIot.exe
  2⤵
  PID:9524
- C:\Windows\System\Npsrzwb.exe
  C:\Windows\System\Npsrzwb.exe
  2⤵
  PID:9608
- C:\Windows\System\QkfCCIS.exe
  C:\Windows\System\QkfCCIS.exe
  2⤵
  PID:9624
- C:\Windows\System\GfJbavE.exe
  C:\Windows\System\GfJbavE.exe
  2⤵
  PID:9640
- C:\Windows\System\drhjwfc.exe
  C:\Windows\System\drhjwfc.exe
  2⤵
  PID:9660
- C:\Windows\System\AJNTCfA.exe
  C:\Windows\System\AJNTCfA.exe
  2⤵
  PID:9688
- C:\Windows\System\RNjXFgL.exe
  C:\Windows\System\RNjXFgL.exe
  2⤵
  PID:9712
- C:\Windows\System\FnwgvrS.exe
  C:\Windows\System\FnwgvrS.exe
  2⤵
  PID:9732
- C:\Windows\System\DAAZAwJ.exe
  C:\Windows\System\DAAZAwJ.exe
  2⤵
  PID:9756
- C:\Windows\System\yUhwOFS.exe
  C:\Windows\System\yUhwOFS.exe
  2⤵
  PID:9776
- C:\Windows\System\GZYXdUZ.exe
  C:\Windows\System\GZYXdUZ.exe
  2⤵
  PID:9800
- C:\Windows\System\aKOeSzZ.exe
  C:\Windows\System\aKOeSzZ.exe
  2⤵
  PID:9844
- C:\Windows\System\wrnhhrN.exe
  C:\Windows\System\wrnhhrN.exe
  2⤵
  PID:9872
- C:\Windows\System\UPuBPrr.exe
  C:\Windows\System\UPuBPrr.exe
  2⤵
  PID:9908
- C:\Windows\System\iPyFuJL.exe
  C:\Windows\System\iPyFuJL.exe
  2⤵
  PID:9944
- C:\Windows\System\UNTCrht.exe
  C:\Windows\System\UNTCrht.exe
  2⤵
  PID:9964
- C:\Windows\System\sYXVNvr.exe
  C:\Windows\System\sYXVNvr.exe
  2⤵
  PID:9984
- C:\Windows\System\zfBhkIT.exe
  C:\Windows\System\zfBhkIT.exe
  2⤵
  PID:10000
- C:\Windows\System\GlGMIZH.exe
  C:\Windows\System\GlGMIZH.exe
  2⤵
  PID:10024
- C:\Windows\System\IQXjdID.exe
  C:\Windows\System\IQXjdID.exe
  2⤵
  PID:10056
- C:\Windows\System\JhNnaOw.exe
  C:\Windows\System\JhNnaOw.exe
  2⤵
  PID:10092
- C:\Windows\System\uRnnygD.exe
  C:\Windows\System\uRnnygD.exe
  2⤵
  PID:10108
- C:\Windows\System\SdxPkFr.exe
  C:\Windows\System\SdxPkFr.exe
  2⤵
  PID:10128
- C:\Windows\System\JgomFoy.exe
  C:\Windows\System\JgomFoy.exe
  2⤵
  PID:10152
- C:\Windows\System\CCtbwgr.exe
  C:\Windows\System\CCtbwgr.exe
  2⤵
  PID:10196
- C:\Windows\System\aGFJmxq.exe
  C:\Windows\System\aGFJmxq.exe
  2⤵
  PID:8708
- C:\Windows\System\iOTqiug.exe
  C:\Windows\System\iOTqiug.exe
  2⤵
  PID:9244
- C:\Windows\System\hfRquil.exe
  C:\Windows\System\hfRquil.exe
  2⤵
  PID:9284
- C:\Windows\System\fDWAkNf.exe
  C:\Windows\System\fDWAkNf.exe
  2⤵
  PID:9372
- C:\Windows\System\asziLog.exe
  C:\Windows\System\asziLog.exe
  2⤵
  PID:9384
- C:\Windows\System\sbMtmCa.exe
  C:\Windows\System\sbMtmCa.exe
  2⤵
  PID:9444
- C:\Windows\System\lAIRuMk.exe
  C:\Windows\System\lAIRuMk.exe
  2⤵
  PID:9496
- C:\Windows\System\rKdQkyU.exe
  C:\Windows\System\rKdQkyU.exe
  2⤵
  PID:9520
- C:\Windows\System\iMdMigX.exe
  C:\Windows\System\iMdMigX.exe
  2⤵
  PID:9568
- C:\Windows\System\zmMKCCU.exe
  C:\Windows\System\zmMKCCU.exe
  2⤵
  PID:9548
- C:\Windows\System\gTRYaJV.exe
  C:\Windows\System\gTRYaJV.exe
  2⤵
  PID:9668
- C:\Windows\System\ZPghGBl.exe
  C:\Windows\System\ZPghGBl.exe
  2⤵
  PID:9696
- C:\Windows\System\YuyPDnw.exe
  C:\Windows\System\YuyPDnw.exe
  2⤵
  PID:9740
- C:\Windows\System\tQPkCWl.exe
  C:\Windows\System\tQPkCWl.exe
  2⤵
  PID:9748
- C:\Windows\System\rBpXaTT.exe
  C:\Windows\System\rBpXaTT.exe
  2⤵
  PID:9836
- C:\Windows\System\tRFuHYk.exe
  C:\Windows\System\tRFuHYk.exe
  2⤵
  PID:9960
- C:\Windows\System\SYsXcKN.exe
  C:\Windows\System\SYsXcKN.exe
  2⤵
  PID:9980
- C:\Windows\System\cooBOJi.exe
  C:\Windows\System\cooBOJi.exe
  2⤵
  PID:10068
- C:\Windows\System\aGGlbeR.exe
  C:\Windows\System\aGGlbeR.exe
  2⤵
  PID:10052
- C:\Windows\System\rDZAptT.exe
  C:\Windows\System\rDZAptT.exe
  2⤵
  PID:10124
- C:\Windows\System\tpemfed.exe
  C:\Windows\System\tpemfed.exe
  2⤵
  PID:9300
- C:\Windows\System\fJSESBK.exe
  C:\Windows\System\fJSESBK.exe
  2⤵
  PID:9820
- C:\Windows\System\rFUGJTw.exe
  C:\Windows\System\rFUGJTw.exe
  2⤵
  PID:9684
- C:\Windows\System\rznWDrw.exe
  C:\Windows\System\rznWDrw.exe
  2⤵
  PID:9788
- C:\Windows\System\BrHtBZr.exe
  C:\Windows\System\BrHtBZr.exe
  2⤵
  PID:9380
- C:\Windows\System\bMjlmPs.exe
  C:\Windows\System\bMjlmPs.exe
  2⤵
  PID:8968
- C:\Windows\System\UOidDqe.exe
  C:\Windows\System\UOidDqe.exe
  2⤵
  PID:10192
- C:\Windows\System\bHaEyCh.exe
  C:\Windows\System\bHaEyCh.exe
  2⤵
  PID:9336
- C:\Windows\System\rtXVWed.exe
  C:\Windows\System\rtXVWed.exe
  2⤵
  PID:9400
- C:\Windows\System\ylstFuO.exe
  C:\Windows\System\ylstFuO.exe
  2⤵
  PID:9884
- C:\Windows\System\cRCymLr.exe
  C:\Windows\System\cRCymLr.exe
  2⤵
  PID:10268
- C:\Windows\System\giMydKh.exe
  C:\Windows\System\giMydKh.exe
  2⤵
  PID:10284
- C:\Windows\System\EuJhTCZ.exe
  C:\Windows\System\EuJhTCZ.exe
  2⤵
  PID:10316
- C:\Windows\System\HRzTnND.exe
  C:\Windows\System\HRzTnND.exe
  2⤵
  PID:10348
- C:\Windows\System\TSMvBrL.exe
  C:\Windows\System\TSMvBrL.exe
  2⤵
  PID:10388
- C:\Windows\System\YWxgSiY.exe
  C:\Windows\System\YWxgSiY.exe
  2⤵
  PID:10404
- C:\Windows\System\XKAQASO.exe
  C:\Windows\System\XKAQASO.exe
  2⤵
  PID:10428
- C:\Windows\System\DOSysSq.exe
  C:\Windows\System\DOSysSq.exe
  2⤵
  PID:10484
- C:\Windows\System\nnnuDgA.exe
  C:\Windows\System\nnnuDgA.exe
  2⤵
  PID:10504
- C:\Windows\System\HTrGynd.exe
  C:\Windows\System\HTrGynd.exe
  2⤵
  PID:10524
- C:\Windows\System\MnlEWYv.exe
  C:\Windows\System\MnlEWYv.exe
  2⤵
  PID:10548
- C:\Windows\System\voKgYtE.exe
  C:\Windows\System\voKgYtE.exe
  2⤵
  PID:10596
- C:\Windows\System\uloBGXg.exe
  C:\Windows\System\uloBGXg.exe
  2⤵
  PID:10612
- C:\Windows\System\EpBMfGp.exe
  C:\Windows\System\EpBMfGp.exe
  2⤵
  PID:10628
- C:\Windows\System\cGOACQx.exe
  C:\Windows\System\cGOACQx.exe
  2⤵
  PID:10656
- C:\Windows\System\RtuZxHb.exe
  C:\Windows\System\RtuZxHb.exe
  2⤵
  PID:10692
- C:\Windows\System\aZqCYMS.exe
  C:\Windows\System\aZqCYMS.exe
  2⤵
  PID:10728
- C:\Windows\System\lWXufXN.exe
  C:\Windows\System\lWXufXN.exe
  2⤵
  PID:10748
- C:\Windows\System\gCMaJYC.exe
  C:\Windows\System\gCMaJYC.exe
  2⤵
  PID:10776
- C:\Windows\System\RpCCDRh.exe
  C:\Windows\System\RpCCDRh.exe
  2⤵
  PID:10792
- C:\Windows\System\FLwHXEn.exe
  C:\Windows\System\FLwHXEn.exe
  2⤵
  PID:10840
- C:\Windows\System\rVIAAIy.exe
  C:\Windows\System\rVIAAIy.exe
  2⤵
  PID:10856
- C:\Windows\System\fQSwtbQ.exe
  C:\Windows\System\fQSwtbQ.exe
  2⤵
  PID:10872
- C:\Windows\System\CJIDfqf.exe
  C:\Windows\System\CJIDfqf.exe
  2⤵
  PID:10888
- C:\Windows\System\USxCzxg.exe
  C:\Windows\System\USxCzxg.exe
  2⤵
  PID:10912
- C:\Windows\System\mQDZlUA.exe
  C:\Windows\System\mQDZlUA.exe
  2⤵
  PID:10928
- C:\Windows\System\DDrHywx.exe
  C:\Windows\System\DDrHywx.exe
  2⤵
  PID:10948
- C:\Windows\System\vJmFBVj.exe
  C:\Windows\System\vJmFBVj.exe
  2⤵
  PID:10972
- C:\Windows\System\qoSAoXq.exe
  C:\Windows\System\qoSAoXq.exe
  2⤵
  PID:10996
- C:\Windows\System\uJupbBv.exe
  C:\Windows\System\uJupbBv.exe
  2⤵
  PID:11020
- C:\Windows\System\LhlycPE.exe
  C:\Windows\System\LhlycPE.exe
  2⤵
  PID:11072
- C:\Windows\System\oImxqtQ.exe
  C:\Windows\System\oImxqtQ.exe
  2⤵
  PID:11092
- C:\Windows\System\HOmwkZL.exe
  C:\Windows\System\HOmwkZL.exe
  2⤵
  PID:11132
- C:\Windows\System\FLodHRq.exe
  C:\Windows\System\FLodHRq.exe
  2⤵
  PID:11152
- C:\Windows\System\LMxAYuh.exe
  C:\Windows\System\LMxAYuh.exe
  2⤵
  PID:11184
- C:\Windows\System\MfYGJvK.exe
  C:\Windows\System\MfYGJvK.exe
  2⤵
  PID:11212
- C:\Windows\System\iYAGVll.exe
  C:\Windows\System\iYAGVll.exe
  2⤵
  PID:10236
- C:\Windows\System\UynncSB.exe
  C:\Windows\System\UynncSB.exe
  2⤵
  PID:10292
- C:\Windows\System\TqHnoYz.exe
  C:\Windows\System\TqHnoYz.exe
  2⤵
  PID:10308
- C:\Windows\System\TFHmvAm.exe
  C:\Windows\System\TFHmvAm.exe
  2⤵
  PID:10356
- C:\Windows\System\ExRlrOS.exe
  C:\Windows\System\ExRlrOS.exe
  2⤵
  PID:10424
- C:\Windows\System\ZhvETUQ.exe
  C:\Windows\System\ZhvETUQ.exe
  2⤵
  PID:10544
- C:\Windows\System\OkCIgnw.exe
  C:\Windows\System\OkCIgnw.exe
  2⤵
  PID:10644
- C:\Windows\System\cRwFEzY.exe
  C:\Windows\System\cRwFEzY.exe
  2⤵
  PID:10720
- C:\Windows\System\WWpmStL.exe
  C:\Windows\System\WWpmStL.exe
  2⤵
  PID:10740
- C:\Windows\System\SnghckX.exe
  C:\Windows\System\SnghckX.exe
  2⤵
  PID:10852
- C:\Windows\System\xACeluZ.exe
  C:\Windows\System\xACeluZ.exe
  2⤵
  PID:10944
- C:\Windows\System\esqRRFS.exe
  C:\Windows\System\esqRRFS.exe
  2⤵
  PID:10980
- C:\Windows\System\cTpJYGb.exe
  C:\Windows\System\cTpJYGb.exe
  2⤵
  PID:10924
- C:\Windows\System\WHOzxQy.exe
  C:\Windows\System\WHOzxQy.exe
  2⤵
  PID:11012
- C:\Windows\System\UbpRUTM.exe
  C:\Windows\System\UbpRUTM.exe
  2⤵
  PID:11160
- C:\Windows\System\LOaLmoq.exe
  C:\Windows\System\LOaLmoq.exe
  2⤵
  PID:11180
- C:\Windows\System\DhUdqeA.exe
  C:\Windows\System\DhUdqeA.exe
  2⤵
  PID:11252
- C:\Windows\System\qNcEBkT.exe
  C:\Windows\System\qNcEBkT.exe
  2⤵
  PID:10084
- C:\Windows\System\uSSkZHc.exe
  C:\Windows\System\uSSkZHc.exe
  2⤵
  PID:10380
- C:\Windows\System\TsqkvLG.exe
  C:\Windows\System\TsqkvLG.exe
  2⤵
  PID:10532
- C:\Windows\System\dNvyIWd.exe
  C:\Windows\System\dNvyIWd.exe
  2⤵
  PID:10568
- C:\Windows\System\mtqxYDt.exe
  C:\Windows\System\mtqxYDt.exe
  2⤵
  PID:10680
- C:\Windows\System\PKBCqdS.exe
  C:\Windows\System\PKBCqdS.exe
  2⤵
  PID:10900
- C:\Windows\System\KQJePYK.exe
  C:\Windows\System\KQJePYK.exe
  2⤵
  PID:11052
- C:\Windows\System\lxnSSdf.exe
  C:\Windows\System\lxnSSdf.exe
  2⤵
  PID:11208
- C:\Windows\System\GmDhOBh.exe
  C:\Windows\System\GmDhOBh.exe
  2⤵
  PID:10332
- C:\Windows\System\RKYmhIj.exe
  C:\Windows\System\RKYmhIj.exe
  2⤵
  PID:10784
- C:\Windows\System\JqZryhB.exe
  C:\Windows\System\JqZryhB.exe
  2⤵
  PID:10868
- C:\Windows\System\igOMmZP.exe
  C:\Windows\System\igOMmZP.exe
  2⤵
  PID:11276
- C:\Windows\System\pakMRMr.exe
  C:\Windows\System\pakMRMr.exe
  2⤵
  PID:11304
- C:\Windows\System\ltIJqRL.exe
  C:\Windows\System\ltIJqRL.exe
  2⤵
  PID:11348
- C:\Windows\System\agAxnBa.exe
  C:\Windows\System\agAxnBa.exe
  2⤵
  PID:11372
- C:\Windows\System\tFDhxxD.exe
  C:\Windows\System\tFDhxxD.exe
  2⤵
  PID:11392
- C:\Windows\System\wepQDZB.exe
  C:\Windows\System\wepQDZB.exe
  2⤵
  PID:11416
- C:\Windows\System\fjiKhbr.exe
  C:\Windows\System\fjiKhbr.exe
  2⤵
  PID:11440
- C:\Windows\System\GsoEWBF.exe
  C:\Windows\System\GsoEWBF.exe
  2⤵
  PID:11460
- C:\Windows\System\xvWlWWr.exe
  C:\Windows\System\xvWlWWr.exe
  2⤵
  PID:11480
- C:\Windows\System\dvlZnLS.exe
  C:\Windows\System\dvlZnLS.exe
  2⤵
  PID:11512
- C:\Windows\System\VanYbSK.exe
  C:\Windows\System\VanYbSK.exe
  2⤵
  PID:11552
- C:\Windows\System\jKzjOQe.exe
  C:\Windows\System\jKzjOQe.exe
  2⤵
  PID:11624
- C:\Windows\System\rLcXCDl.exe
  C:\Windows\System\rLcXCDl.exe
  2⤵
  PID:11644
- C:\Windows\System\rIpjEIh.exe
  C:\Windows\System\rIpjEIh.exe
  2⤵
  PID:11664
- C:\Windows\System\mFuxFqm.exe
  C:\Windows\System\mFuxFqm.exe
  2⤵
  PID:11728
- C:\Windows\System\IvWJzWG.exe
  C:\Windows\System\IvWJzWG.exe
  2⤵
  PID:11748
- C:\Windows\System\jHtiPMp.exe
  C:\Windows\System\jHtiPMp.exe
  2⤵
  PID:11780
- C:\Windows\System\grmzpwU.exe
  C:\Windows\System\grmzpwU.exe
  2⤵
  PID:11804
- C:\Windows\System\FmHhtLk.exe
  C:\Windows\System\FmHhtLk.exe
  2⤵
  PID:11824
- C:\Windows\System\BvwKtyB.exe
  C:\Windows\System\BvwKtyB.exe
  2⤵
  PID:11840
- C:\Windows\System\zEddwHS.exe
  C:\Windows\System\zEddwHS.exe
  2⤵
  PID:11892
- C:\Windows\System\eXWNpZu.exe
  C:\Windows\System\eXWNpZu.exe
  2⤵
  PID:11948
- C:\Windows\System\nQrTDhN.exe
  C:\Windows\System\nQrTDhN.exe
  2⤵
  PID:11972
- C:\Windows\System\SxCMaRe.exe
  C:\Windows\System\SxCMaRe.exe
  2⤵
  PID:11996
- C:\Windows\System\HVJtRAW.exe
  C:\Windows\System\HVJtRAW.exe
  2⤵
  PID:12040
- C:\Windows\System\mEpSozK.exe
  C:\Windows\System\mEpSozK.exe
  2⤵
  PID:12064
- C:\Windows\System\HcSahIe.exe
  C:\Windows\System\HcSahIe.exe
  2⤵
  PID:12084
- C:\Windows\System\OhSrdfk.exe
  C:\Windows\System\OhSrdfk.exe
  2⤵
  PID:12120
- C:\Windows\System\RzhFvzZ.exe
  C:\Windows\System\RzhFvzZ.exe
  2⤵
  PID:12148
- C:\Windows\System\WLkAmAk.exe
  C:\Windows\System\WLkAmAk.exe
  2⤵
  PID:12184
- C:\Windows\System\WspNVHT.exe
  C:\Windows\System\WspNVHT.exe
  2⤵
  PID:12220
- C:\Windows\System\dgHuCcA.exe
  C:\Windows\System\dgHuCcA.exe
  2⤵
  PID:12240
- C:\Windows\System\tiVjMsn.exe
  C:\Windows\System\tiVjMsn.exe
  2⤵
  PID:12260
- C:\Windows\System\gDanSji.exe
  C:\Windows\System\gDanSji.exe
  2⤵
  PID:12276
- C:\Windows\System\rbCBQPm.exe
  C:\Windows\System\rbCBQPm.exe
  2⤵
  PID:10260
- C:\Windows\System\QEwuWJi.exe
  C:\Windows\System\QEwuWJi.exe
  2⤵
  PID:11296
- C:\Windows\System\VpNKnOB.exe
  C:\Windows\System\VpNKnOB.exe
  2⤵
  PID:11368
- C:\Windows\System\gGdIrzF.exe
  C:\Windows\System\gGdIrzF.exe
  2⤵
  PID:11388
- C:\Windows\System\KvPlVlX.exe
  C:\Windows\System\KvPlVlX.exe
  2⤵
  PID:11432
- C:\Windows\System\eAYMldz.exe
  C:\Windows\System\eAYMldz.exe
  2⤵
  PID:11568
- C:\Windows\System\YgQepUD.exe
  C:\Windows\System\YgQepUD.exe
  2⤵
  PID:11576
- C:\Windows\System\suoNCuO.exe
  C:\Windows\System\suoNCuO.exe
  2⤵
  PID:11700
- C:\Windows\System\SZQfTlI.exe
  C:\Windows\System\SZQfTlI.exe
  2⤵
  PID:11696
- C:\Windows\System\QffTNyZ.exe
  C:\Windows\System\QffTNyZ.exe
  2⤵
  PID:11772
- C:\Windows\System\CvfUeSm.exe
  C:\Windows\System\CvfUeSm.exe
  2⤵
  PID:11880
- C:\Windows\System\mpgnHZQ.exe
  C:\Windows\System\mpgnHZQ.exe
  2⤵
  PID:11940
- C:\Windows\System\fhWZGTm.exe
  C:\Windows\System\fhWZGTm.exe
  2⤵
  PID:4384
- C:\Windows\System\TUKEaSy.exe
  C:\Windows\System\TUKEaSy.exe
  2⤵
  PID:12008
- C:\Windows\System\EiOqsfR.exe
  C:\Windows\System\EiOqsfR.exe
  2⤵
  PID:12100
- C:\Windows\System\QvasTKs.exe
  C:\Windows\System\QvasTKs.exe
  2⤵
  PID:12140
- C:\Windows\System\pHCFhsy.exe
  C:\Windows\System\pHCFhsy.exe
  2⤵
  PID:12192
- C:\Windows\System\FmvtKYi.exe
  C:\Windows\System\FmvtKYi.exe
  2⤵
  PID:10880
- C:\Windows\System\xnUJlnL.exe
  C:\Windows\System\xnUJlnL.exe
  2⤵
  PID:11340
- C:\Windows\System\dkBzrui.exe
  C:\Windows\System\dkBzrui.exe
  2⤵
  PID:11528
- C:\Windows\System\ZGNPrFE.exe
  C:\Windows\System\ZGNPrFE.exe
  2⤵
  PID:11536
- C:\Windows\System\HwneTIw.exe
  C:\Windows\System\HwneTIw.exe
  2⤵
  PID:11684
- C:\Windows\System\qemooFf.exe
  C:\Windows\System\qemooFf.exe
  2⤵
  PID:11992
- C:\Windows\System\DWEERYw.exe
  C:\Windows\System\DWEERYw.exe
  2⤵
  PID:10828
- C:\Windows\System\tmkVMYE.exe
  C:\Windows\System\tmkVMYE.exe
  2⤵
  PID:3740
- C:\Windows\System\gLZksyA.exe
  C:\Windows\System\gLZksyA.exe
  2⤵
  PID:12092
- C:\Windows\System\rUXrtCA.exe
  C:\Windows\System\rUXrtCA.exe
  2⤵
  PID:11540
- C:\Windows\System\wWADULP.exe
  C:\Windows\System\wWADULP.exe
  2⤵
  PID:11736
- C:\Windows\System\FvoLlCt.exe
  C:\Windows\System\FvoLlCt.exe
  2⤵
  PID:12252
- C:\Windows\System\wBmeBQu.exe
  C:\Windows\System\wBmeBQu.exe
  2⤵
  PID:11612
- C:\Windows\System\YBkZvKu.exe
  C:\Windows\System\YBkZvKu.exe
  2⤵
  PID:12304
- C:\Windows\System\bqHXMyV.exe
  C:\Windows\System\bqHXMyV.exe
  2⤵
  PID:12328
- C:\Windows\System\Bpsznrs.exe
  C:\Windows\System\Bpsznrs.exe
  2⤵
  PID:12344
- C:\Windows\System\iKzfnOB.exe
  C:\Windows\System\iKzfnOB.exe
  2⤵
  PID:12360
- C:\Windows\System\ZfHjuRH.exe
  C:\Windows\System\ZfHjuRH.exe
  2⤵
  PID:12420
- C:\Windows\System\zONOzjo.exe
  C:\Windows\System\zONOzjo.exe
  2⤵
  PID:12460
- C:\Windows\System\AszUWod.exe
  C:\Windows\System\AszUWod.exe
  2⤵
  PID:12476
- C:\Windows\System\BQzDtcq.exe
  C:\Windows\System\BQzDtcq.exe
  2⤵
  PID:12504
- C:\Windows\System\uIUhnsm.exe
  C:\Windows\System\uIUhnsm.exe
  2⤵
  PID:12524
- C:\Windows\System\aSNAkNb.exe
  C:\Windows\System\aSNAkNb.exe
  2⤵
  PID:12540
- C:\Windows\System\HehRpEv.exe
  C:\Windows\System\HehRpEv.exe
  2⤵
  PID:12580
- C:\Windows\System\dcXyfLh.exe
  C:\Windows\System\dcXyfLh.exe
  2⤵
  PID:12612
- C:\Windows\System\RIkJGxK.exe
  C:\Windows\System\RIkJGxK.exe
  2⤵
  PID:12632
- C:\Windows\System\RhucetD.exe
  C:\Windows\System\RhucetD.exe
  2⤵
  PID:12664
- C:\Windows\System\JYhKsFn.exe
  C:\Windows\System\JYhKsFn.exe
  2⤵
  PID:12688
- C:\Windows\System\HyfnaLj.exe
  C:\Windows\System\HyfnaLj.exe
  2⤵
  PID:12708
- C:\Windows\System\nvdQLbu.exe
  C:\Windows\System\nvdQLbu.exe
  2⤵
  PID:12792
- C:\Windows\System\JjGMvqo.exe
  C:\Windows\System\JjGMvqo.exe
  2⤵
  PID:12808
- C:\Windows\System\TryScdF.exe
  C:\Windows\System\TryScdF.exe
  2⤵
  PID:12828
- C:\Windows\System\fpUWmVy.exe
  C:\Windows\System\fpUWmVy.exe
  2⤵
  PID:12844
- C:\Windows\System\NENvgCi.exe
  C:\Windows\System\NENvgCi.exe
  2⤵
  PID:12864
- C:\Windows\System\VDRpvxU.exe
  C:\Windows\System\VDRpvxU.exe
  2⤵
  PID:12904
- C:\Windows\System\ILciBIb.exe
  C:\Windows\System\ILciBIb.exe
  2⤵
  PID:12928
- C:\Windows\System\tqlrKks.exe
  C:\Windows\System\tqlrKks.exe
  2⤵
  PID:12960
- C:\Windows\System\WcYWBuq.exe
  C:\Windows\System\WcYWBuq.exe
  2⤵
  PID:12976
- C:\Windows\System\sLGXSuN.exe
  C:\Windows\System\sLGXSuN.exe
  2⤵
  PID:13032
- C:\Windows\System\mnFIKqh.exe
  C:\Windows\System\mnFIKqh.exe
  2⤵
  PID:13096
- C:\Windows\System\GzgByqd.exe
  C:\Windows\System\GzgByqd.exe
  2⤵
  PID:13116
- C:\Windows\System\yxyDRcA.exe
  C:\Windows\System\yxyDRcA.exe
  2⤵
  PID:13136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y31l5gk2.dph.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AYHGcFW.exe

Filesize
1.3MB

MD5
0ad7cb1a0861e0ff06001fa313369796

SHA1
11b507e10a6365225a3cd32fb235a98584a2b1fd

SHA256
4476473007c8ee8c0f55df92fe8ccd6a428bbeb5d84b45f7a281bc44d7ad60ea

SHA512
2e376daebf69488cb2958af9f8bcd9b5f9f66168977c78da7d29496ef79bc4d3d259f63a4a70d1f977a6731c9d4898878654262ef9758f54323a56fd630759ef

Download Submit
C:\Windows\System\BVWCCyv.exe

Filesize
1.3MB

MD5
7a60a023a3f04ff77435ad72b6a686bd

SHA1
ae9b6bc20d1368019e6d1622b484d800e5e8121f

SHA256
bbf6b524cad908955a28dd9ef073230f05d589cd3c8d96ce74159feea14e1766

SHA512
f38d33697d8b843b362b13d89bb6cd46485b35119a92dbaec6edab98dcf6c8b101478c139fe4d2c289aca111c2d4cfc974162bb19e38dbf3a0c56c6b9ff37f27

Download Submit
C:\Windows\System\FsaclnR.exe

Filesize
1.3MB

MD5
dbd9b0f533d6a5317fe83a4315462692

SHA1
8cb5f9e3ec29cfa2e11daf0eff55dcab84cafac5

SHA256
4b2afb95468c123abe5132c8b125cbee188d62356e9255eaa762198984c0ce1e

SHA512
40dd5e185718951373ea7077a6889156e54adc947c0084ff693c9efda6b93eecc93b89113c0e77c989ad861442881177e8e9e3583b3005f7c26f301e1b274d75

Download Submit
C:\Windows\System\GFElgAm.exe

Filesize
1.3MB

MD5
6d4dd73aa5cea5c08f671fd751665c76

SHA1
196d9aeec1497ec4d7acd238bc0d36af4c0d4c8a

SHA256
93924c30f15e5ea09caf5085f6579c3cbd381f88b8e1796eed92732af0b2fb01

SHA512
b56ee0bb0252382344c4639e013e6b3f9ec92951f70f593098b770132bc72d1b8404a6cdfbaa33653fcab306d44cf66d45939a08c3f37dbd163b3ff48c7e64ed

Download Submit
C:\Windows\System\GLlBjCI.exe

Filesize
1.3MB

MD5
e54fefd2dc661d05c5909e77517962bb

SHA1
208d4f12f683f4a333afcee312351e2737c422c1

SHA256
15151c680e15416f3b51d203d12cbb562068fe20eb3761983cf4a71c0c230f30

SHA512
85b67d37cfe71a30e25007782db6928c73a9512ffae82577b6a0779d22a1b3937907f7704321e37f7f4491da51e886b2ce3132679cc1572da9897362c3f40531

Download Submit
C:\Windows\System\GrwJOMv.exe

Filesize
1.3MB

MD5
d67085542af1417732d22447a63ecb2e

SHA1
bcbe4e102fc508cc9dd04cc3ac85ca915b9b64c0

SHA256
769d3d4fa5573b2c2099bb6b7ee0bc8e46cff50c00eab1b667e7599c08949350

SHA512
5f013331e3323351dd6c36a62a8bf6dc5de6f39feeefeabcedc66a15d0bc0eea5599dcd9ba7ddfa9640148761aabf4081e0a3b6760a11251217433ea548903e9

Download Submit
C:\Windows\System\IivlUAp.exe

Filesize
1.3MB

MD5
8ef06849c7d4b060e9678671e40fb624

SHA1
e0b4f76dae3ea5f0f82060e337e3507ddb390bf2

SHA256
2a02b764a19a3da71248041a02aade891a8abbc9e82395fbbf49721862abe897

SHA512
b065190615be7fe90a5ff0cec0777a9c0e8c9a40e53455158c2ecd5ab929dbd9f6f1785437039ff903eb561f7d383fccf0d3ed01fa2f34e20796ee0756d47d00

Download Submit
C:\Windows\System\KZRaTUZ.exe

Filesize
1.3MB

MD5
08789c1a9e79432ab3ca0b823a26e18f

SHA1
fc81b3d866cbcfcc3b34e0da7a49da9459410e69

SHA256
5f8ed540dfcb5ca7eee23fbbee63fc0e0f822bd233f0f4b0c6df4212283bb9e5

SHA512
7023379d147453486bbecd5d7d9cb464e33725690a9c90c4c2eb364a396e35463df783843156bdadf646d98a11f1417ce73b33b6c02690944cdc0da7a4e1618c

Download Submit
C:\Windows\System\KhkMdgv.exe

Filesize
1.3MB

MD5
e6962183c69719e2b8950352a20f89bf

SHA1
39b322589bee8abf8fb4922604f02c29a2575ba8

SHA256
74dc548a3ec5a1a6d099dc1069fd141bd4ceeae73f31b24d3d63f2c10ee980e2

SHA512
02c7bd1ec2567b2fdabc201cf4820b1416682f24a68805f27cde43bb7bbfde1afa185e8fb575e93b9e58b3f134e87a59fb3e077b70a2461574bb8d495fc3e14b

Download Submit
C:\Windows\System\LSVYlKj.exe

Filesize
8B

MD5
734f4e2aa6020a4e36e8aac2b80335b0

SHA1
495fd911ffce0d34c3b5c447caa8821cf1213a38

SHA256
4afe390a2cf774258e21bac9247b2c1b16a61f0532f6924113a0b98393dc05f9

SHA512
55da15ddc2424b55f158c5ee657a59b5b50fa87fe307726937207d2e1fdf03f48521b5a7d7c47198d739a7b857c683873da6e32cfac061a3ac1684923533b290

Download Submit
C:\Windows\System\LjxYoPw.exe

Filesize
1.3MB

MD5
da7768964f2db2aaaaca141d7e737c0e

SHA1
322a445a6432a74091c6fefcafdc216db0e28764

SHA256
0a2d0bcca438cd762c44f8625d913fbae97811678997cbf22259aabb812477e5

SHA512
579f1dfbdd30a214a6f44a40b9621156908438911bf50976b5bb63d1f18bfd07a693da912b0bdcee935a3d1ad22db9c6dd88f9be58ea9ac5b48f45d5cf739e6b

Download Submit
C:\Windows\System\LtieEYa.exe

Filesize
1.3MB

MD5
5b6feffa3fcad42ac3affcef6440eadd

SHA1
adf6dac1c948290c5ea590b23a0421a065caf43c

SHA256
ee219792c2c3db9aa5aef83c4f086c8d3af92e947f2d649c0215eac4d15db938

SHA512
9dcdb3e17ff3f8987704763575b2c5d0f8dc4db30a509b4ce116ffb5e74e706873a4af92f5335d2b7a33a0eaebcdf1408a58efe7bd7f256f6fc01fb7dae079c1

Download Submit
C:\Windows\System\PGKWopQ.exe

Filesize
1.3MB

MD5
ea9c8d3e1447fbae640b1822fe34a87d

SHA1
9017d6ceddb81d52e2a173ec2de1e13caee7e340

SHA256
664dd32458b11e2284802f4b6cee4b163b736868a6bd6179c9da92d5388d1eed

SHA512
372a9fde23a61c8fe3436731516e5ea7f6fd706c805c5ae2cf21a3286c51ac0219cdd5e15f1dca743cc7a7b0cd4c665c2e8e707c243a6b0c36ccccb2ab2a9b3c

Download Submit
C:\Windows\System\PTdocHn.exe

Filesize
1.3MB

MD5
eabd43e998dd32206e4cc66b13f935df

SHA1
e633f52819de34bb2858773643833e549c38b5b8

SHA256
79d41b94f70a8c38df8f1816b192b9b2de019170dca067b06ad41533792be783

SHA512
3aeff9fc607440e6c6b898dc8a4ec84410425ffbfbc6174ff224481797b882ae081385913433e769b451c48f2671a96c542a2f048750ae29582b37b2c085db46

Download Submit
C:\Windows\System\QPuaKbh.exe

Filesize
1.3MB

MD5
ce73e86055754c6988ef78f58d5a65f9

SHA1
fff8a9617dec9543e5f6d317d26048e542bc34f7

SHA256
79c1c40a016d56dcec4c3df29b18f4fa5f234a4f5ae2dda13ea8c5a7a75ef6bf

SHA512
cea9a2460bc3a3f30eea5d87f81b51a4587ec1fe42515919decbc181c10fe9de446e4bd89f6b9b525e9eeac677942821b3c20b76ccd38d8e55bda3a6c07c9e6d

Download Submit
C:\Windows\System\Snzydww.exe

Filesize
1.3MB

MD5
3d0dbcdf582d2e3c792dca894e99785f

SHA1
42f3f03aa17bfd527f1c0e14fa7f30560e7d8507

SHA256
70b535d8ca39ba69053cb334cc3c1e1ee28d9a23dc29b0af05b41afb5f444d92

SHA512
30f9a24b579370b4a7a1c1c908b79abee4d87846badb7bea214e337d126f4375517d1b1696e3f5f884018de21dfacee8d7dcbb35f09b51db9c8695fd605ee7ec

Download Submit
C:\Windows\System\UVsVdGd.exe

Filesize
1.3MB

MD5
5be0be8066e06cb129de19583bcbbed2

SHA1
9bf8bb3f2b4bb7049e8c2e253b4da759b928491d

SHA256
a5391f8140c5f42162af15b242cfc9608d110f80e3c1c6c936448e0119d5897c

SHA512
afa20ae722a790c9a9dc7dd34cd0b358528b5d3b35d9d870c376996cb05f28f32364c6500d8b221aa13d25423b8bb3a827ba9a375680e7a69dc0332fa8215824

Download Submit
C:\Windows\System\UgYmLxi.exe

Filesize
1.3MB

MD5
9e00db89177220612aeb9191d3fb6aab

SHA1
2b20a43f95806d5634aaa8b9194a21deded32d6b

SHA256
7c9835c3576212d644ae0de5d94c64544981cf37c6709a2787435a42904cf3c9

SHA512
543de49af26c78ac11025a201cd80e7504a354e2ce28c5fcc09b268a86c1b28ac483b4212a23d4f7da5f45b2eb492b13e1a0276ffbfc43538bcb04bb937ce69f

Download Submit
C:\Windows\System\WJJLtcI.exe

Filesize
1.3MB

MD5
185c79d86d1e14b63364e77c53afc485

SHA1
f1097090a9fed310783972cb5bebd63bf058dbac

SHA256
c358fa8f415ded7681948bc2d3696c665331452f3e28823135093678932cba81

SHA512
c6f6cefc364b276a5c23b20f148f195e7fecdcdda68b3b6367a91545a6eb7a447816a05893deae2d8d261a914743a8facbd05024f1950f7fdaa15a95c52fbc89

Download Submit
C:\Windows\System\YPoSWck.exe

Filesize
1.3MB

MD5
36eca58e9309e94610abd683f902b84e

SHA1
098ed16fdd7cbc7bc1ee378d067f0b712826a24f

SHA256
f9024928f337392bb8f3c8ef2ae336d8015cd33fc5d41859c3e91a9e63479d3d

SHA512
f641fc21dce156a42ddda341511b633792a3318586de8948be212ff73ea9daf8f717c75d3398c1974df03f27e467c563a84f916432b8f1838d24d4500de0299a

Download Submit
C:\Windows\System\anchqRx.exe

Filesize
1.3MB

MD5
27f24e2aeda78c58112ae9a215bed1e2

SHA1
a140a4b550c36b213db2dc49721d9d9a80343862

SHA256
48ec13951e1b9b0983930583a6842e62d44fae9d94e2ac181d05443202dbfdb6

SHA512
b1e83d00b4b78788e8cedcfb0ce92febcc92d77257951be17c18d8d11b47ddedb732d234cff603ce0150c1ffee31a5e1f39c9afadb8f45e3e668fdcef6f2959b

Download Submit
C:\Windows\System\bDOWGlP.exe

Filesize
1.3MB

MD5
509f6baeb1e2b7934236cdebfcdb91c9

SHA1
b6649c4f08c73aa45b391acbb7af41d16ca30e7a

SHA256
74bc15a7be6435fa24c5726197523e2df8c37600f96eb9cb30138ab7bed139cb

SHA512
ea444a5baee07b3c72e8ea8743a8e5e75f5633c65d4cd25696e37828048147ba27f529dd90eb40e9903f8d6d13b2e48fff3e02e8bacc6f51743d619d3f457e80

Download Submit
C:\Windows\System\bOcGqpA.exe

Filesize
1.3MB

MD5
63b93c75a062f7201cc4e0afb638533f

SHA1
e809c8c6f59c8ffd3dd165cf9fb62cfff32f9f3e

SHA256
684f810e8a5f95a2d32c02d68f776338d3074a1f03bbd5d3b3e326eed965722d

SHA512
bd36aebc5c96030732f2b0ee189a5412f85945848d7b92035841bddff0a41c107dcf9473d56038e2f172867358d5bf73fada4a611e3d38c0483ccee3ab4dce7a

Download Submit
C:\Windows\System\cBNtPCK.exe

Filesize
1.3MB

MD5
c60bbba4999554df1ce480d4bd48d1fb

SHA1
1ace7f349e912f93f31b05d62e9fb3d2067a8533

SHA256
5fe63e156de4794944995e39475a3f8e47ef37004a64692b1a96e40f5e148b73

SHA512
a806c501802e72dfd8f31645a1b1b9a552e13dafe0e60150ed11f8da2f38aced2ad30a81e95c221486d62f5beae00429296bbd825af94cfc1f6167f2ec045021

Download Submit
C:\Windows\System\cJTIRCg.exe

Filesize
1.3MB

MD5
1b21448e1e19eee3b0239d208e7c7ec2

SHA1
9634004730a8df4affcd1994e2f21cba134e2749

SHA256
dbda0d09794d08f9cc0ba0e413d8b96cdf8649c6d2ffd3bb6ae818a3acf8fa0d

SHA512
017e49754b9dd3ca5aa6cdf43daccf07fa37e26f7eda77b15b3269e39cb033cf4581185fec7e30846cbfbb8a00037b897314112b400f9bd4212b5b54ab233e0d

Download Submit
C:\Windows\System\dvXQujq.exe

Filesize
1.3MB

MD5
5701ee238b742495d419355c5181bc6c

SHA1
364a2c2d59ed6aee15f3f1d8435ec36917ba81aa

SHA256
35d58117f5bf734c2e50c7660eba793bd92dc4130e610c997e20a72768b55b8a

SHA512
43407ee7f99aa5ed9d5571377d8cbb89c496576c66a834fd3f39244c35e39fae43a450464aa33d3969a7bb18bb93ff11fe9dbe3c20c45c2d897cae219f87be05

Download Submit
C:\Windows\System\hvOyaMU.exe

Filesize
1.3MB

MD5
3cc53c6a0cfe421f4300228b64d9d599

SHA1
071c6fc401b5a16c8e69343fd72653de2cd519b6

SHA256
312944c167e3644bbf1d3abffbbaf140034cae01e155d53c608aea6a70050662

SHA512
c792b86d28fa7d76d4f927576ed94d3c0d342bc93a2d447166e5fc891fdd5765c9c70e645159097ed826ca8ed22304624591d19468fde87b8dd4dc83dce6eb17

Download Submit
C:\Windows\System\iNGIDMp.exe

Filesize
1.3MB

MD5
5d2e72ec09f63d48fb42034aea00eba3

SHA1
869056df55dc975f6b3efd422ac79554d81b2d31

SHA256
b6e5600fa7129ce0e0b996efd412df2fc962de841182199575029d0d6f3e104d

SHA512
1594ef48d4a5d52cff33d76e7a69435deea00754b1031131af437cfab36ed2435421c348f698f57743c66e57e349c1366c84807f9f9bfb5b0cacb66093f0286a

Download Submit
C:\Windows\System\mrmLdHM.exe

Filesize
1.3MB

MD5
fcd4455057901cceb33ae92f9cac4167

SHA1
faa2af7920b50d4364a67be3cd3fec8b4b121d07

SHA256
79b45fb1d2c90eddf351534f205c017ca410fa110f844ef6381b0ba3e1169fc1

SHA512
f2e3e624a7d4c835171fea8974dfab909fd6ef73f36992483a3c2e77f509992a8fea1dc99da1eb79e93184ea12fe4430ca679130de10187c8bef767b3901143e

Download Submit
C:\Windows\System\oZPHEIp.exe

Filesize
1.3MB

MD5
24ced4161e57e6c9e4278f252fe4ed63

SHA1
81d3e1126ddcadc7eb2aa82dfb0b0f6660a05239

SHA256
113d70a2ba743e36c0d152b96248414193659b6ccb2722f563d6192f1cbe34eb

SHA512
c9574a9ccda0ad2e43f1aeb06c38aaf3aa2da85696eddc82f4c23b4008fb05cdf7328991b14ab91b708db8e029ffbda8a80778892652fcb14dfedd8009fba3b0

Download Submit
C:\Windows\System\tILsvLg.exe

Filesize
1.3MB

MD5
84e5464a38a8548e62abdddb21d3b285

SHA1
322ae306b54c41fd820f8550ad0a885dc2dd4693

SHA256
d317dc2ff91b8b940d61dbcb84082df99d857d37baac7e4635dc598ad5b74091

SHA512
5e1d06aebf073d6ff4cb236569b52a88785049540ab4236fc26b9bede1d57fd552b8f717b553c11c7b9c8d98e0f6f111ef8b075193ecb30a27f6c93cbdb6a8c8

Download Submit
C:\Windows\System\tvlrSSa.exe

Filesize
1.3MB

MD5
3af4ece109db2328cf7fdf0be01e8a6e

SHA1
f0963a2c1aa6a266fb8c7532fedc738f4c3834f1

SHA256
79802fbf23a787a269ad100e36df6f5241177e700ef45f0216abbbf850649202

SHA512
8ff110480515c68bff2b94534c8c897621626177bb9d60e24a3d7f19a38362668689063dbacb1ac6d386eccb3861ed484e5fe42fac2493e8fa1ec0fb8ab32f00

Download Submit
C:\Windows\System\uRaKgbw.exe

Filesize
1.3MB

MD5
3daadc301a109cd42771ac4f5b4bceae

SHA1
e1a33ed23c976c6cf6c2bb2647335d08a32f312e

SHA256
ce584f22a42bf89f3f3194438005e3b3b94489a88b896c1f4ada5011a52a3d41

SHA512
0f96888c03d1afbfe069d2f13023775e7ec99c2726bd1bc91974fcf388f101c83187c23a595085387972d4720cd80f76622bbc2c9e78883c4fa444e95b6fbc60

Download Submit
C:\Windows\System\xaowuGe.exe

Filesize
1.3MB

MD5
c46ff7dfd0ab5567820c4301b1233b08

SHA1
eaf7004d557c553fc224fbc3065be8ee210e34a7

SHA256
9af8c82ce68d2f4e5255d1d1b3cc1fedba251a2bf7a00a357906e66b86f10858

SHA512
858d49a878baa99c84587760db7379f09129ea0086a034f9ab7cecae4afeed27db3f96f1a21441e9eb86f336e4ba16fbc2c904a24b17fd90e14317864fa8357a

Download Submit
memory/680-94-0x00007FF68C290000-0x00007FF68C682000-memory.dmp

Filesize
3.9MB

Download
memory/680-2017-0x00007FF68C290000-0x00007FF68C682000-memory.dmp

Filesize
3.9MB

Download
memory/744-106-0x00007FF6DD210000-0x00007FF6DD602000-memory.dmp

Filesize
3.9MB

Download
memory/744-2022-0x00007FF6DD210000-0x00007FF6DD602000-memory.dmp

Filesize
3.9MB

Download
memory/1164-2013-0x00007FF7BAF00000-0x00007FF7BB2F2000-memory.dmp

Filesize
3.9MB

Download
memory/1164-107-0x00007FF7BAF00000-0x00007FF7BB2F2000-memory.dmp

Filesize
3.9MB

Download
memory/1388-114-0x00007FF6BC8B0000-0x00007FF6BCCA2000-memory.dmp

Filesize
3.9MB

Download
memory/1388-2030-0x00007FF6BC8B0000-0x00007FF6BCCA2000-memory.dmp

Filesize
3.9MB

Download
memory/1952-1969-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp

Filesize
3.9MB

Download
memory/1952-132-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp

Filesize
3.9MB

Download
memory/1952-2037-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp

Filesize
3.9MB

Download
memory/2064-2000-0x00007FF7C3990000-0x00007FF7C3D82000-memory.dmp

Filesize
3.9MB

Download
memory/2064-111-0x00007FF7C3990000-0x00007FF7C3D82000-memory.dmp

Filesize
3.9MB

Download
memory/2588-1938-0x00007FF7F5E40000-0x00007FF7F6232000-memory.dmp

Filesize
3.9MB

Download
memory/2588-126-0x00007FF7F5E40000-0x00007FF7F6232000-memory.dmp

Filesize
3.9MB

Download
memory/2588-2039-0x00007FF7F5E40000-0x00007FF7F6232000-memory.dmp

Filesize
3.9MB

Download
memory/2616-113-0x00007FF6D3E10000-0x00007FF6D4202000-memory.dmp

Filesize
3.9MB

Download
memory/2616-2008-0x00007FF6D3E10000-0x00007FF6D4202000-memory.dmp

Filesize
3.9MB

Download
memory/2640-1970-0x00007FF710D10000-0x00007FF711102000-memory.dmp

Filesize
3.9MB

Download
memory/2640-2043-0x00007FF710D10000-0x00007FF711102000-memory.dmp

Filesize
3.9MB

Download
memory/2640-149-0x00007FF710D10000-0x00007FF711102000-memory.dmp

Filesize
3.9MB

Download
memory/3012-0-0x00007FF628810000-0x00007FF628C02000-memory.dmp

Filesize
3.9MB

Download
memory/3012-1-0x00000189E97A0000-0x00000189E97B0000-memory.dmp

Filesize
64KB

Download
memory/3056-2006-0x00007FF6A5BB0000-0x00007FF6A5FA2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-78-0x00007FF6A5BB0000-0x00007FF6A5FA2000-memory.dmp

Filesize
3.9MB

Download
memory/3100-122-0x00007FF7B4EC0000-0x00007FF7B52B2000-memory.dmp

Filesize
3.9MB

Download
memory/3100-2026-0x00007FF7B4EC0000-0x00007FF7B52B2000-memory.dmp

Filesize
3.9MB

Download
memory/3140-2010-0x00007FF76B1D0000-0x00007FF76B5C2000-memory.dmp

Filesize
3.9MB

Download
memory/3140-89-0x00007FF76B1D0000-0x00007FF76B5C2000-memory.dmp

Filesize
3.9MB

Download
memory/3256-2047-0x00007FF6333A0000-0x00007FF633792000-memory.dmp

Filesize
3.9MB

Download
memory/3256-161-0x00007FF6333A0000-0x00007FF633792000-memory.dmp

Filesize
3.9MB

Download
memory/3604-2019-0x00007FF60E830000-0x00007FF60EC22000-memory.dmp

Filesize
3.9MB

Download
memory/3604-93-0x00007FF60E830000-0x00007FF60EC22000-memory.dmp

Filesize
3.9MB

Download
memory/3696-2002-0x00007FF6F8350000-0x00007FF6F8742000-memory.dmp

Filesize
3.9MB

Download
memory/3696-112-0x00007FF6F8350000-0x00007FF6F8742000-memory.dmp

Filesize
3.9MB

Download
memory/3920-82-0x00007FF6121C0000-0x00007FF6125B2000-memory.dmp

Filesize
3.9MB

Download
memory/3920-2005-0x00007FF6121C0000-0x00007FF6125B2000-memory.dmp

Filesize
3.9MB

Download
memory/4056-2046-0x00007FF6BC9B0000-0x00007FF6BCDA2000-memory.dmp

Filesize
3.9MB

Download
memory/4056-167-0x00007FF6BC9B0000-0x00007FF6BCDA2000-memory.dmp

Filesize
3.9MB

Download
memory/4304-2041-0x00007FF711310000-0x00007FF711702000-memory.dmp

Filesize
3.9MB

Download
memory/4304-1974-0x00007FF711310000-0x00007FF711702000-memory.dmp

Filesize
3.9MB

Download
memory/4304-155-0x00007FF711310000-0x00007FF711702000-memory.dmp

Filesize
3.9MB

Download
memory/4332-1973-0x00007FF7957A0000-0x00007FF795B92000-memory.dmp

Filesize
3.9MB

Download
memory/4332-138-0x00007FF7957A0000-0x00007FF795B92000-memory.dmp

Filesize
3.9MB

Download
memory/4332-2061-0x00007FF7957A0000-0x00007FF795B92000-memory.dmp

Filesize
3.9MB

Download
memory/4356-115-0x00007FF771910000-0x00007FF771D02000-memory.dmp

Filesize
3.9MB

Download
memory/4356-2029-0x00007FF771910000-0x00007FF771D02000-memory.dmp

Filesize
3.9MB

Download
memory/4392-110-0x00007FF63FC00000-0x00007FF63FFF2000-memory.dmp

Filesize
3.9MB

Download
memory/4392-2021-0x00007FF63FC00000-0x00007FF63FFF2000-memory.dmp

Filesize
3.9MB

Download
memory/4640-11-0x00007FF751740000-0x00007FF751B32000-memory.dmp

Filesize
3.9MB

Download
memory/4640-1998-0x00007FF751740000-0x00007FF751B32000-memory.dmp

Filesize
3.9MB

Download
memory/4748-2025-0x00007FF65D570000-0x00007FF65D962000-memory.dmp

Filesize
3.9MB

Download
memory/4748-118-0x00007FF65D570000-0x00007FF65D962000-memory.dmp

Filesize
3.9MB

Download
memory/4964-2015-0x00007FF687520000-0x00007FF687912000-memory.dmp

Filesize
3.9MB

Download
memory/4964-100-0x00007FF687520000-0x00007FF687912000-memory.dmp

Filesize
3.9MB

Download
memory/5052-35-0x00007FF8CE580000-0x00007FF8CF041000-memory.dmp

Filesize
10.8MB

Download
memory/5052-417-0x00000206007B0000-0x0000020600F56000-memory.dmp

Filesize
7.6MB

Download
memory/5052-1981-0x00007FF8CE580000-0x00007FF8CF041000-memory.dmp

Filesize
10.8MB

Download
memory/5052-1936-0x00007FF8CE583000-0x00007FF8CE585000-memory.dmp

Filesize
8KB

Download
memory/5052-1935-0x00007FF8CE580000-0x00007FF8CF041000-memory.dmp

Filesize
10.8MB

Download
memory/5052-1903-0x00007FF8CE580000-0x00007FF8CF041000-memory.dmp

Filesize
10.8MB

Download
memory/5052-77-0x00007FF8CE580000-0x00007FF8CF041000-memory.dmp

Filesize
10.8MB

Download
memory/5052-51-0x00000205FFDC0000-0x00000205FFDE2000-memory.dmp

Filesize
136KB

Download
memory/5052-12-0x00007FF8CE583000-0x00007FF8CE585000-memory.dmp

Filesize
8KB

Download