xmrig | 9acd8eec024ae1eedac45d8a153145cfd91343cd628839998c6cb98623323f39

Analysis

max time kernel
125s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
Size

2.6MB
MD5

d1c34b1a21a04754496521760a59d980
SHA1

df3e4b28c00ad1cca0f498ec125508e1bfa824f8
SHA256

9acd8eec024ae1eedac45d8a153145cfd91343cd628839998c6cb98623323f39
SHA512

9cf2370fbc0ddc91f50175777d7be705b2a88e6248b732d38a116a90edbb745b946608c76f97a38178c92b159db0f70e35453c4c2268b19f027738e555bc74a9
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/RK:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R9

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1756-0-0x00007FF6D9FC0000-0x00007FF6DA3B6000-memory.dmp	xmrig
behavioral2/files/0x0009000000023547-5.dat	xmrig
behavioral2/memory/2832-20-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp	xmrig
behavioral2/files/0x000700000002354e-28.dat	xmrig
behavioral2/files/0x0007000000023551-38.dat	xmrig
behavioral2/files/0x0007000000023554-48.dat	xmrig
behavioral2/files/0x0007000000023555-52.dat	xmrig
behavioral2/files/0x0007000000023556-59.dat	xmrig
behavioral2/files/0x0007000000023557-70.dat	xmrig
behavioral2/files/0x0007000000023559-74.dat	xmrig
behavioral2/files/0x000700000002355b-84.dat	xmrig
behavioral2/files/0x000700000002356a-164.dat	xmrig
behavioral2/memory/544-776-0x00007FF7292D0000-0x00007FF7296C6000-memory.dmp	xmrig
behavioral2/memory/3684-779-0x00007FF7FDA30000-0x00007FF7FDE26000-memory.dmp	xmrig
behavioral2/memory/2892-778-0x00007FF7B6670000-0x00007FF7B6A66000-memory.dmp	xmrig
behavioral2/memory/3412-777-0x00007FF73FFB0000-0x00007FF7403A6000-memory.dmp	xmrig
behavioral2/files/0x000700000002356d-179.dat	xmrig
behavioral2/files/0x000700000002356b-177.dat	xmrig
behavioral2/files/0x000700000002356c-172.dat	xmrig
behavioral2/files/0x0007000000023569-167.dat	xmrig
behavioral2/files/0x0007000000023568-162.dat	xmrig
behavioral2/files/0x0007000000023567-157.dat	xmrig
behavioral2/files/0x0008000000023564-152.dat	xmrig
behavioral2/files/0x0007000000023566-147.dat	xmrig
behavioral2/files/0x0007000000023565-142.dat	xmrig
behavioral2/files/0x0007000000023562-137.dat	xmrig
behavioral2/files/0x0007000000023561-128.dat	xmrig
behavioral2/files/0x0007000000023560-123.dat	xmrig
behavioral2/files/0x000700000002355f-112.dat	xmrig
behavioral2/files/0x000700000002355e-107.dat	xmrig
behavioral2/files/0x000700000002355d-102.dat	xmrig
behavioral2/files/0x000700000002355c-97.dat	xmrig
behavioral2/files/0x000700000002355a-87.dat	xmrig
behavioral2/files/0x0007000000023558-77.dat	xmrig
behavioral2/files/0x0007000000023552-55.dat	xmrig
behavioral2/files/0x0007000000023553-50.dat	xmrig
behavioral2/memory/2928-49-0x00007FF618CD0000-0x00007FF6190C6000-memory.dmp	xmrig
behavioral2/memory/2564-41-0x00007FF6F2150000-0x00007FF6F2546000-memory.dmp	xmrig
behavioral2/memory/3668-36-0x00007FF627110000-0x00007FF627506000-memory.dmp	xmrig
behavioral2/files/0x0007000000023550-34.dat	xmrig
behavioral2/files/0x000700000002354f-30.dat	xmrig
behavioral2/memory/2448-27-0x00007FF69BCD0000-0x00007FF69C0C6000-memory.dmp	xmrig
behavioral2/files/0x000800000002354d-23.dat	xmrig
behavioral2/memory/4596-11-0x00007FF67F130000-0x00007FF67F526000-memory.dmp	xmrig
behavioral2/memory/3732-781-0x00007FF7FD670000-0x00007FF7FDA66000-memory.dmp	xmrig
behavioral2/memory/4356-780-0x00007FF644CB0000-0x00007FF6450A6000-memory.dmp	xmrig
behavioral2/memory/2220-794-0x00007FF68B090000-0x00007FF68B486000-memory.dmp	xmrig
behavioral2/memory/896-830-0x00007FF671380000-0x00007FF671776000-memory.dmp	xmrig
behavioral2/memory/1128-853-0x00007FF723E40000-0x00007FF724236000-memory.dmp	xmrig
behavioral2/memory/2060-865-0x00007FF7437E0000-0x00007FF743BD6000-memory.dmp	xmrig
behavioral2/memory/4100-871-0x00007FF716830000-0x00007FF716C26000-memory.dmp	xmrig
behavioral2/memory/4020-875-0x00007FF6B8BF0000-0x00007FF6B8FE6000-memory.dmp	xmrig
behavioral2/memory/4976-869-0x00007FF744C50000-0x00007FF745046000-memory.dmp	xmrig
behavioral2/memory/4524-844-0x00007FF68D330000-0x00007FF68D726000-memory.dmp	xmrig
behavioral2/memory/4848-843-0x00007FF72A360000-0x00007FF72A756000-memory.dmp	xmrig
behavioral2/memory/1716-822-0x00007FF683780000-0x00007FF683B76000-memory.dmp	xmrig
behavioral2/memory/4520-809-0x00007FF62CA60000-0x00007FF62CE56000-memory.dmp	xmrig
behavioral2/memory/1544-800-0x00007FF6722B0000-0x00007FF6726A6000-memory.dmp	xmrig
behavioral2/memory/2832-1901-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp	xmrig
behavioral2/memory/2448-1902-0x00007FF69BCD0000-0x00007FF69C0C6000-memory.dmp	xmrig
behavioral2/memory/3668-1903-0x00007FF627110000-0x00007FF627506000-memory.dmp	xmrig
behavioral2/memory/544-1904-0x00007FF7292D0000-0x00007FF7296C6000-memory.dmp	xmrig
behavioral2/memory/4596-1914-0x00007FF67F130000-0x00007FF67F526000-memory.dmp	xmrig
behavioral2/memory/2832-1915-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
4	3884	powershell.exe
7	3884	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3884	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4596	bcsofTT.exe
2832	oGwJGAY.exe
2564	ybsbuMX.exe
2448	jYNTKGD.exe
2928	YUUliMe.exe
3668	tJWQfih.exe
4100	HknXIhL.exe
544	nfcisoW.exe
3412	YMXhIdi.exe
4020	jdHrRiI.exe
2892	xRujkGb.exe
3684	cexQjvl.exe
4356	ARKSVPp.exe
3732	ofSqvDw.exe
2220	bhnMjkz.exe
1544	PJQPTAG.exe
4520	NCQvBfJ.exe
1716	gBfNruO.exe
896	ZYBdyDp.exe
4848	iLarVqJ.exe
4524	babjrtp.exe
1128	NzVbzoc.exe
2060	YQFkoMd.exe
4976	IuyoHbk.exe
1080	OcQGFLq.exe
3496	zChHmAg.exe
3076	gyrwqwy.exe
2180	KCGTBDT.exe
4360	cZedWNV.exe
2476	JXEGwqh.exe
2368	NKXFAgg.exe
4328	kOQTocY.exe
3436	QLzUwZE.exe
3188	TmXoxAP.exe
404	BKChJME.exe
4156	aANgxwH.exe
3516	tMjcPic.exe
4944	EIVMQmw.exe
3456	BOfcHDb.exe
2536	cEZEJjk.exe
4676	gcUGzBF.exe
3852	QXZazPw.exe
1764	DUFZkJv.exe
4472	ucpmccu.exe
1540	eRxFqYt.exe
4028	OUniJCd.exe
1172	SnWmfvJ.exe
2096	YZppdNs.exe
3540	AGRcxgd.exe
4600	YcpltLK.exe
5124	ubbOlVD.exe
5148	AwFNNol.exe
5184	EKWsQlW.exe
5204	WnStwjT.exe
5232	cvnSkBa.exe
5260	uEkbsVa.exe
5296	NNllGuQ.exe
5320	rvxzqbo.exe
5348	JlocMNC.exe
5376	EdHXlYO.exe
5404	rAJtffC.exe
5432	NbrqDbf.exe
5460	cAEwwiJ.exe
5488	ZDPoqMP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1756-0-0x00007FF6D9FC0000-0x00007FF6DA3B6000-memory.dmp	upx
behavioral2/files/0x0009000000023547-5.dat	upx
behavioral2/memory/2832-20-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp	upx
behavioral2/files/0x000700000002354e-28.dat	upx
behavioral2/files/0x0007000000023551-38.dat	upx
behavioral2/files/0x0007000000023554-48.dat	upx
behavioral2/files/0x0007000000023555-52.dat	upx
behavioral2/files/0x0007000000023556-59.dat	upx
behavioral2/files/0x0007000000023557-70.dat	upx
behavioral2/files/0x0007000000023559-74.dat	upx
behavioral2/files/0x000700000002355b-84.dat	upx
behavioral2/files/0x000700000002356a-164.dat	upx
behavioral2/memory/544-776-0x00007FF7292D0000-0x00007FF7296C6000-memory.dmp	upx
behavioral2/memory/3684-779-0x00007FF7FDA30000-0x00007FF7FDE26000-memory.dmp	upx
behavioral2/memory/2892-778-0x00007FF7B6670000-0x00007FF7B6A66000-memory.dmp	upx
behavioral2/memory/3412-777-0x00007FF73FFB0000-0x00007FF7403A6000-memory.dmp	upx
behavioral2/files/0x000700000002356d-179.dat	upx
behavioral2/files/0x000700000002356b-177.dat	upx
behavioral2/files/0x000700000002356c-172.dat	upx
behavioral2/files/0x0007000000023569-167.dat	upx
behavioral2/files/0x0007000000023568-162.dat	upx
behavioral2/files/0x0007000000023567-157.dat	upx
behavioral2/files/0x0008000000023564-152.dat	upx
behavioral2/files/0x0007000000023566-147.dat	upx
behavioral2/files/0x0007000000023565-142.dat	upx
behavioral2/files/0x0007000000023562-137.dat	upx
behavioral2/files/0x0007000000023561-128.dat	upx
behavioral2/files/0x0007000000023560-123.dat	upx
behavioral2/files/0x000700000002355f-112.dat	upx
behavioral2/files/0x000700000002355e-107.dat	upx
behavioral2/files/0x000700000002355d-102.dat	upx
behavioral2/files/0x000700000002355c-97.dat	upx
behavioral2/files/0x000700000002355a-87.dat	upx
behavioral2/files/0x0007000000023558-77.dat	upx
behavioral2/files/0x0007000000023552-55.dat	upx
behavioral2/files/0x0007000000023553-50.dat	upx
behavioral2/memory/2928-49-0x00007FF618CD0000-0x00007FF6190C6000-memory.dmp	upx
behavioral2/memory/2564-41-0x00007FF6F2150000-0x00007FF6F2546000-memory.dmp	upx
behavioral2/memory/3668-36-0x00007FF627110000-0x00007FF627506000-memory.dmp	upx
behavioral2/files/0x0007000000023550-34.dat	upx
behavioral2/files/0x000700000002354f-30.dat	upx
behavioral2/memory/2448-27-0x00007FF69BCD0000-0x00007FF69C0C6000-memory.dmp	upx
behavioral2/files/0x000800000002354d-23.dat	upx
behavioral2/memory/4596-11-0x00007FF67F130000-0x00007FF67F526000-memory.dmp	upx
behavioral2/memory/3732-781-0x00007FF7FD670000-0x00007FF7FDA66000-memory.dmp	upx
behavioral2/memory/4356-780-0x00007FF644CB0000-0x00007FF6450A6000-memory.dmp	upx
behavioral2/memory/2220-794-0x00007FF68B090000-0x00007FF68B486000-memory.dmp	upx
behavioral2/memory/896-830-0x00007FF671380000-0x00007FF671776000-memory.dmp	upx
behavioral2/memory/1128-853-0x00007FF723E40000-0x00007FF724236000-memory.dmp	upx
behavioral2/memory/2060-865-0x00007FF7437E0000-0x00007FF743BD6000-memory.dmp	upx
behavioral2/memory/4100-871-0x00007FF716830000-0x00007FF716C26000-memory.dmp	upx
behavioral2/memory/4020-875-0x00007FF6B8BF0000-0x00007FF6B8FE6000-memory.dmp	upx
behavioral2/memory/4976-869-0x00007FF744C50000-0x00007FF745046000-memory.dmp	upx
behavioral2/memory/4524-844-0x00007FF68D330000-0x00007FF68D726000-memory.dmp	upx
behavioral2/memory/4848-843-0x00007FF72A360000-0x00007FF72A756000-memory.dmp	upx
behavioral2/memory/1716-822-0x00007FF683780000-0x00007FF683B76000-memory.dmp	upx
behavioral2/memory/4520-809-0x00007FF62CA60000-0x00007FF62CE56000-memory.dmp	upx
behavioral2/memory/1544-800-0x00007FF6722B0000-0x00007FF6726A6000-memory.dmp	upx
behavioral2/memory/2832-1901-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp	upx
behavioral2/memory/2448-1902-0x00007FF69BCD0000-0x00007FF69C0C6000-memory.dmp	upx
behavioral2/memory/3668-1903-0x00007FF627110000-0x00007FF627506000-memory.dmp	upx
behavioral2/memory/544-1904-0x00007FF7292D0000-0x00007FF7296C6000-memory.dmp	upx
behavioral2/memory/4596-1914-0x00007FF67F130000-0x00007FF67F526000-memory.dmp	upx
behavioral2/memory/2832-1915-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HkXSrIB.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\kJkcxJd.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\rArrobw.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\AMuGixu.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\ZZQlYhR.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\dkjTPij.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\xYyCIAS.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\ThgXCRa.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\SdbuFUx.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\lsnhsPs.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\XJubPOf.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\ngZUVvR.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\xPKDFCZ.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\zlHwDtC.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\COAAeUu.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\bncgapj.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\TFpIFYZ.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\kOskywE.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\DPaIrVE.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\cxGmHEI.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\GOEZDHY.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\wYXrMZI.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\GNRRUIn.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\sRMkdHy.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\yiHnpBs.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\iHphiHQ.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\lFShppz.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\papWoPc.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\SpbdiKw.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\OEewWMm.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\brKXJHE.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\fYCroJs.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\QJubQFn.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\clQMBUj.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\BWRnHxb.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\rBkKotN.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\kDeuQHe.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\wmjaPKq.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\zynriZO.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\NzEscGB.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\wZbGBIR.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\IKpUfRi.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\ZYBdyDp.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\lXMcDAT.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\RuorwIH.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\caZOuMt.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\geAPoMQ.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\hrgwGZC.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\gwFkXDF.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\JhGCebU.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\qCuDXQc.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\JiSgvbV.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\toSefeu.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\xydZtTP.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\ykugroO.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\akbELqk.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\ClLCZPa.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\fCxBzyk.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\IUyMKJH.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\dJLjOCR.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\qIWnxja.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\QeTPBIf.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\hcSuGQv.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
File created	C:\Windows\System\yXnDcMB.exe	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3884	powershell.exe
3884	powershell.exe
3884	powershell.exe
3884	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
Token: SeDebugPrivilege	3884	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 3884	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	90
PID 1756 wrote to memory of 3884	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	90
PID 1756 wrote to memory of 4596	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	92
PID 1756 wrote to memory of 4596	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	92
PID 1756 wrote to memory of 2832	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	93
PID 1756 wrote to memory of 2832	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	93
PID 1756 wrote to memory of 2564	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	94
PID 1756 wrote to memory of 2564	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	94
PID 1756 wrote to memory of 2448	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	95
PID 1756 wrote to memory of 2448	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	95
PID 1756 wrote to memory of 2928	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	96
PID 1756 wrote to memory of 2928	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	96
PID 1756 wrote to memory of 3668	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	97
PID 1756 wrote to memory of 3668	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	97
PID 1756 wrote to memory of 544	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	98
PID 1756 wrote to memory of 544	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	98
PID 1756 wrote to memory of 4100	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	99
PID 1756 wrote to memory of 4100	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	99
PID 1756 wrote to memory of 3412	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	100
PID 1756 wrote to memory of 3412	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	100
PID 1756 wrote to memory of 4020	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	101
PID 1756 wrote to memory of 4020	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	101
PID 1756 wrote to memory of 2892	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	102
PID 1756 wrote to memory of 2892	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	102
PID 1756 wrote to memory of 3684	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	103
PID 1756 wrote to memory of 3684	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	103
PID 1756 wrote to memory of 4356	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	104
PID 1756 wrote to memory of 4356	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	104
PID 1756 wrote to memory of 3732	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	105
PID 1756 wrote to memory of 3732	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	105
PID 1756 wrote to memory of 2220	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	106
PID 1756 wrote to memory of 2220	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	106
PID 1756 wrote to memory of 1544	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	107
PID 1756 wrote to memory of 1544	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	107
PID 1756 wrote to memory of 4520	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	108
PID 1756 wrote to memory of 4520	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	108
PID 1756 wrote to memory of 1716	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	109
PID 1756 wrote to memory of 1716	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	109
PID 1756 wrote to memory of 896	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	110
PID 1756 wrote to memory of 896	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	110
PID 1756 wrote to memory of 4848	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	111
PID 1756 wrote to memory of 4848	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	111
PID 1756 wrote to memory of 4524	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	112
PID 1756 wrote to memory of 4524	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	112
PID 1756 wrote to memory of 1128	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	113
PID 1756 wrote to memory of 1128	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	113
PID 1756 wrote to memory of 2060	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	114
PID 1756 wrote to memory of 2060	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	114
PID 1756 wrote to memory of 4976	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	115
PID 1756 wrote to memory of 4976	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	115
PID 1756 wrote to memory of 1080	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	116
PID 1756 wrote to memory of 1080	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	116
PID 1756 wrote to memory of 3496	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	117
PID 1756 wrote to memory of 3496	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	117
PID 1756 wrote to memory of 3076	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	118
PID 1756 wrote to memory of 3076	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	118
PID 1756 wrote to memory of 2180	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	119
PID 1756 wrote to memory of 2180	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	119
PID 1756 wrote to memory of 4360	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	120
PID 1756 wrote to memory of 4360	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	120
PID 1756 wrote to memory of 2476	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	121
PID 1756 wrote to memory of 2476	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	121
PID 1756 wrote to memory of 2368	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	122
PID 1756 wrote to memory of 2368	1756	d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe	122

C:\Users\Admin\AppData\Local\Temp\d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d1c34b1a21a04754496521760a59d980_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3884
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3884" "2948" "2744" "2952" "0" "0" "2956" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13464
- C:\Windows\System\bcsofTT.exe
  C:\Windows\System\bcsofTT.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\oGwJGAY.exe
  C:\Windows\System\oGwJGAY.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ybsbuMX.exe
  C:\Windows\System\ybsbuMX.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\jYNTKGD.exe
  C:\Windows\System\jYNTKGD.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\YUUliMe.exe
  C:\Windows\System\YUUliMe.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\tJWQfih.exe
  C:\Windows\System\tJWQfih.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\nfcisoW.exe
  C:\Windows\System\nfcisoW.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\HknXIhL.exe
  C:\Windows\System\HknXIhL.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\YMXhIdi.exe
  C:\Windows\System\YMXhIdi.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\jdHrRiI.exe
  C:\Windows\System\jdHrRiI.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\xRujkGb.exe
  C:\Windows\System\xRujkGb.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\cexQjvl.exe
  C:\Windows\System\cexQjvl.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\ARKSVPp.exe
  C:\Windows\System\ARKSVPp.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\ofSqvDw.exe
  C:\Windows\System\ofSqvDw.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\bhnMjkz.exe
  C:\Windows\System\bhnMjkz.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\PJQPTAG.exe
  C:\Windows\System\PJQPTAG.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\NCQvBfJ.exe
  C:\Windows\System\NCQvBfJ.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\gBfNruO.exe
  C:\Windows\System\gBfNruO.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ZYBdyDp.exe
  C:\Windows\System\ZYBdyDp.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\iLarVqJ.exe
  C:\Windows\System\iLarVqJ.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\babjrtp.exe
  C:\Windows\System\babjrtp.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\NzVbzoc.exe
  C:\Windows\System\NzVbzoc.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\YQFkoMd.exe
  C:\Windows\System\YQFkoMd.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\IuyoHbk.exe
  C:\Windows\System\IuyoHbk.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\OcQGFLq.exe
  C:\Windows\System\OcQGFLq.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\zChHmAg.exe
  C:\Windows\System\zChHmAg.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\gyrwqwy.exe
  C:\Windows\System\gyrwqwy.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\KCGTBDT.exe
  C:\Windows\System\KCGTBDT.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\cZedWNV.exe
  C:\Windows\System\cZedWNV.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\JXEGwqh.exe
  C:\Windows\System\JXEGwqh.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\NKXFAgg.exe
  C:\Windows\System\NKXFAgg.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\kOQTocY.exe
  C:\Windows\System\kOQTocY.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\QLzUwZE.exe
  C:\Windows\System\QLzUwZE.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\TmXoxAP.exe
  C:\Windows\System\TmXoxAP.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\BKChJME.exe
  C:\Windows\System\BKChJME.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\aANgxwH.exe
  C:\Windows\System\aANgxwH.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\tMjcPic.exe
  C:\Windows\System\tMjcPic.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\EIVMQmw.exe
  C:\Windows\System\EIVMQmw.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\BOfcHDb.exe
  C:\Windows\System\BOfcHDb.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\cEZEJjk.exe
  C:\Windows\System\cEZEJjk.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\gcUGzBF.exe
  C:\Windows\System\gcUGzBF.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\QXZazPw.exe
  C:\Windows\System\QXZazPw.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\DUFZkJv.exe
  C:\Windows\System\DUFZkJv.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ucpmccu.exe
  C:\Windows\System\ucpmccu.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\eRxFqYt.exe
  C:\Windows\System\eRxFqYt.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\OUniJCd.exe
  C:\Windows\System\OUniJCd.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\SnWmfvJ.exe
  C:\Windows\System\SnWmfvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\YZppdNs.exe
  C:\Windows\System\YZppdNs.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\AGRcxgd.exe
  C:\Windows\System\AGRcxgd.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\YcpltLK.exe
  C:\Windows\System\YcpltLK.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\ubbOlVD.exe
  C:\Windows\System\ubbOlVD.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\AwFNNol.exe
  C:\Windows\System\AwFNNol.exe
  2⤵
  - Executes dropped EXE
  PID:5148
- C:\Windows\System\EKWsQlW.exe
  C:\Windows\System\EKWsQlW.exe
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Windows\System\WnStwjT.exe
  C:\Windows\System\WnStwjT.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\cvnSkBa.exe
  C:\Windows\System\cvnSkBa.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\uEkbsVa.exe
  C:\Windows\System\uEkbsVa.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\NNllGuQ.exe
  C:\Windows\System\NNllGuQ.exe
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Windows\System\rvxzqbo.exe
  C:\Windows\System\rvxzqbo.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System\JlocMNC.exe
  C:\Windows\System\JlocMNC.exe
  2⤵
  - Executes dropped EXE
  PID:5348
- C:\Windows\System\EdHXlYO.exe
  C:\Windows\System\EdHXlYO.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System\rAJtffC.exe
  C:\Windows\System\rAJtffC.exe
  2⤵
  - Executes dropped EXE
  PID:5404
- C:\Windows\System\NbrqDbf.exe
  C:\Windows\System\NbrqDbf.exe
  2⤵
  - Executes dropped EXE
  PID:5432
- C:\Windows\System\cAEwwiJ.exe
  C:\Windows\System\cAEwwiJ.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Windows\System\ZDPoqMP.exe
  C:\Windows\System\ZDPoqMP.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System\ZhLcmZl.exe
  C:\Windows\System\ZhLcmZl.exe
  2⤵
  PID:5516
- C:\Windows\System\tRWCrHh.exe
  C:\Windows\System\tRWCrHh.exe
  2⤵
  PID:5544
- C:\Windows\System\eRQodPG.exe
  C:\Windows\System\eRQodPG.exe
  2⤵
  PID:5572
- C:\Windows\System\sxKYxUz.exe
  C:\Windows\System\sxKYxUz.exe
  2⤵
  PID:5600
- C:\Windows\System\vFWFZWr.exe
  C:\Windows\System\vFWFZWr.exe
  2⤵
  PID:5628
- C:\Windows\System\MJBQjdU.exe
  C:\Windows\System\MJBQjdU.exe
  2⤵
  PID:5656
- C:\Windows\System\VuzdPVQ.exe
  C:\Windows\System\VuzdPVQ.exe
  2⤵
  PID:5684
- C:\Windows\System\GFFTIWm.exe
  C:\Windows\System\GFFTIWm.exe
  2⤵
  PID:5712
- C:\Windows\System\UUgtwgG.exe
  C:\Windows\System\UUgtwgG.exe
  2⤵
  PID:5740
- C:\Windows\System\ZAcWGdI.exe
  C:\Windows\System\ZAcWGdI.exe
  2⤵
  PID:5768
- C:\Windows\System\BNvSWap.exe
  C:\Windows\System\BNvSWap.exe
  2⤵
  PID:5796
- C:\Windows\System\HfGHSXr.exe
  C:\Windows\System\HfGHSXr.exe
  2⤵
  PID:5824
- C:\Windows\System\XnJvjMj.exe
  C:\Windows\System\XnJvjMj.exe
  2⤵
  PID:5856
- C:\Windows\System\kwRWzJE.exe
  C:\Windows\System\kwRWzJE.exe
  2⤵
  PID:5884
- C:\Windows\System\alwWeoe.exe
  C:\Windows\System\alwWeoe.exe
  2⤵
  PID:5908
- C:\Windows\System\UBeXJWm.exe
  C:\Windows\System\UBeXJWm.exe
  2⤵
  PID:5936
- C:\Windows\System\nbeOmBw.exe
  C:\Windows\System\nbeOmBw.exe
  2⤵
  PID:5964
- C:\Windows\System\ADOrViX.exe
  C:\Windows\System\ADOrViX.exe
  2⤵
  PID:5992
- C:\Windows\System\GHfkbwV.exe
  C:\Windows\System\GHfkbwV.exe
  2⤵
  PID:6020
- C:\Windows\System\ulDlYmI.exe
  C:\Windows\System\ulDlYmI.exe
  2⤵
  PID:6048
- C:\Windows\System\EVCaHlr.exe
  C:\Windows\System\EVCaHlr.exe
  2⤵
  PID:6076
- C:\Windows\System\ICKIxiI.exe
  C:\Windows\System\ICKIxiI.exe
  2⤵
  PID:6104
- C:\Windows\System\cUrsnmR.exe
  C:\Windows\System\cUrsnmR.exe
  2⤵
  PID:6132
- C:\Windows\System\madJdvH.exe
  C:\Windows\System\madJdvH.exe
  2⤵
  PID:2960
- C:\Windows\System\fgAfFyQ.exe
  C:\Windows\System\fgAfFyQ.exe
  2⤵
  PID:636
- C:\Windows\System\VKMTVsB.exe
  C:\Windows\System\VKMTVsB.exe
  2⤵
  PID:3220
- C:\Windows\System\oLqZzhl.exe
  C:\Windows\System\oLqZzhl.exe
  2⤵
  PID:1792
- C:\Windows\System\GvOTYQf.exe
  C:\Windows\System\GvOTYQf.exe
  2⤵
  PID:5132
- C:\Windows\System\BbrHSCj.exe
  C:\Windows\System\BbrHSCj.exe
  2⤵
  PID:5196
- C:\Windows\System\vUjsrZg.exe
  C:\Windows\System\vUjsrZg.exe
  2⤵
  PID:5252
- C:\Windows\System\TpzTubb.exe
  C:\Windows\System\TpzTubb.exe
  2⤵
  PID:5316
- C:\Windows\System\XJubPOf.exe
  C:\Windows\System\XJubPOf.exe
  2⤵
  PID:5392
- C:\Windows\System\MdeKmEi.exe
  C:\Windows\System\MdeKmEi.exe
  2⤵
  PID:5452
- C:\Windows\System\EqiBqmB.exe
  C:\Windows\System\EqiBqmB.exe
  2⤵
  PID:5528
- C:\Windows\System\VRluMBo.exe
  C:\Windows\System\VRluMBo.exe
  2⤵
  PID:5588
- C:\Windows\System\qxkDjPz.exe
  C:\Windows\System\qxkDjPz.exe
  2⤵
  PID:5648
- C:\Windows\System\GEYZRwb.exe
  C:\Windows\System\GEYZRwb.exe
  2⤵
  PID:5724
- C:\Windows\System\SsXnrjv.exe
  C:\Windows\System\SsXnrjv.exe
  2⤵
  PID:5784
- C:\Windows\System\MfnogHf.exe
  C:\Windows\System\MfnogHf.exe
  2⤵
  PID:5836
- C:\Windows\System\LabAWhV.exe
  C:\Windows\System\LabAWhV.exe
  2⤵
  PID:5900
- C:\Windows\System\IrynQPM.exe
  C:\Windows\System\IrynQPM.exe
  2⤵
  PID:5976
- C:\Windows\System\AKhqHuA.exe
  C:\Windows\System\AKhqHuA.exe
  2⤵
  PID:6036
- C:\Windows\System\lgUOIIw.exe
  C:\Windows\System\lgUOIIw.exe
  2⤵
  PID:6096
- C:\Windows\System\uPbqoMm.exe
  C:\Windows\System\uPbqoMm.exe
  2⤵
  PID:3916
- C:\Windows\System\dUdBxvE.exe
  C:\Windows\System\dUdBxvE.exe
  2⤵
  PID:2728
- C:\Windows\System\rQLPzEA.exe
  C:\Windows\System\rQLPzEA.exe
  2⤵
  PID:5168
- C:\Windows\System\ffuTNME.exe
  C:\Windows\System\ffuTNME.exe
  2⤵
  PID:5360
- C:\Windows\System\XpknavD.exe
  C:\Windows\System\XpknavD.exe
  2⤵
  PID:5500
- C:\Windows\System\QbnqDDU.exe
  C:\Windows\System\QbnqDDU.exe
  2⤵
  PID:5640
- C:\Windows\System\UsdrzBw.exe
  C:\Windows\System\UsdrzBw.exe
  2⤵
  PID:5812
- C:\Windows\System\yAVVAIA.exe
  C:\Windows\System\yAVVAIA.exe
  2⤵
  PID:6164
- C:\Windows\System\KnZrblR.exe
  C:\Windows\System\KnZrblR.exe
  2⤵
  PID:6188
- C:\Windows\System\bAvFmGI.exe
  C:\Windows\System\bAvFmGI.exe
  2⤵
  PID:6216
- C:\Windows\System\smiwyvT.exe
  C:\Windows\System\smiwyvT.exe
  2⤵
  PID:6248
- C:\Windows\System\McOfJWA.exe
  C:\Windows\System\McOfJWA.exe
  2⤵
  PID:6276
- C:\Windows\System\buvnOky.exe
  C:\Windows\System\buvnOky.exe
  2⤵
  PID:6304
- C:\Windows\System\jfrwQNA.exe
  C:\Windows\System\jfrwQNA.exe
  2⤵
  PID:6328
- C:\Windows\System\vyOBwDU.exe
  C:\Windows\System\vyOBwDU.exe
  2⤵
  PID:6356
- C:\Windows\System\npVXTWH.exe
  C:\Windows\System\npVXTWH.exe
  2⤵
  PID:6388
- C:\Windows\System\tJIIWsU.exe
  C:\Windows\System\tJIIWsU.exe
  2⤵
  PID:6420
- C:\Windows\System\ACazbGd.exe
  C:\Windows\System\ACazbGd.exe
  2⤵
  PID:6448
- C:\Windows\System\THXwgZf.exe
  C:\Windows\System\THXwgZf.exe
  2⤵
  PID:6472
- C:\Windows\System\dHzVtDp.exe
  C:\Windows\System\dHzVtDp.exe
  2⤵
  PID:6504
- C:\Windows\System\SRriDOJ.exe
  C:\Windows\System\SRriDOJ.exe
  2⤵
  PID:6532
- C:\Windows\System\jPhNMGv.exe
  C:\Windows\System\jPhNMGv.exe
  2⤵
  PID:6560
- C:\Windows\System\hyRPVDI.exe
  C:\Windows\System\hyRPVDI.exe
  2⤵
  PID:6588
- C:\Windows\System\KdTUQnP.exe
  C:\Windows\System\KdTUQnP.exe
  2⤵
  PID:6616
- C:\Windows\System\rrgqqFb.exe
  C:\Windows\System\rrgqqFb.exe
  2⤵
  PID:6644
- C:\Windows\System\OUxfdYd.exe
  C:\Windows\System\OUxfdYd.exe
  2⤵
  PID:6672
- C:\Windows\System\gaTKZrb.exe
  C:\Windows\System\gaTKZrb.exe
  2⤵
  PID:6700
- C:\Windows\System\hqzpJwm.exe
  C:\Windows\System\hqzpJwm.exe
  2⤵
  PID:6728
- C:\Windows\System\cYDaiWc.exe
  C:\Windows\System\cYDaiWc.exe
  2⤵
  PID:6756
- C:\Windows\System\EADfXxu.exe
  C:\Windows\System\EADfXxu.exe
  2⤵
  PID:6784
- C:\Windows\System\OKSLkYf.exe
  C:\Windows\System\OKSLkYf.exe
  2⤵
  PID:6812
- C:\Windows\System\FssRaKR.exe
  C:\Windows\System\FssRaKR.exe
  2⤵
  PID:6840
- C:\Windows\System\zZRnAiJ.exe
  C:\Windows\System\zZRnAiJ.exe
  2⤵
  PID:6868
- C:\Windows\System\prgcipX.exe
  C:\Windows\System\prgcipX.exe
  2⤵
  PID:6892
- C:\Windows\System\dOrkBuZ.exe
  C:\Windows\System\dOrkBuZ.exe
  2⤵
  PID:6920
- C:\Windows\System\VNwijuw.exe
  C:\Windows\System\VNwijuw.exe
  2⤵
  PID:6948
- C:\Windows\System\ZNAXhNU.exe
  C:\Windows\System\ZNAXhNU.exe
  2⤵
  PID:6980
- C:\Windows\System\mESAPBP.exe
  C:\Windows\System\mESAPBP.exe
  2⤵
  PID:7008
- C:\Windows\System\fRWEwiy.exe
  C:\Windows\System\fRWEwiy.exe
  2⤵
  PID:7036
- C:\Windows\System\WBuwKOo.exe
  C:\Windows\System\WBuwKOo.exe
  2⤵
  PID:7064
- C:\Windows\System\bMmKCVf.exe
  C:\Windows\System\bMmKCVf.exe
  2⤵
  PID:7092
- C:\Windows\System\EPgRbqw.exe
  C:\Windows\System\EPgRbqw.exe
  2⤵
  PID:7120
- C:\Windows\System\pmGSvTo.exe
  C:\Windows\System\pmGSvTo.exe
  2⤵
  PID:7148
- C:\Windows\System\YMoiNmx.exe
  C:\Windows\System\YMoiNmx.exe
  2⤵
  PID:5876
- C:\Windows\System\rBINooo.exe
  C:\Windows\System\rBINooo.exe
  2⤵
  PID:6064
- C:\Windows\System\hUOvfAz.exe
  C:\Windows\System\hUOvfAz.exe
  2⤵
  PID:1472
- C:\Windows\System\RQnvpwd.exe
  C:\Windows\System\RQnvpwd.exe
  2⤵
  PID:5304
- C:\Windows\System\IulyMOJ.exe
  C:\Windows\System\IulyMOJ.exe
  2⤵
  PID:5700
- C:\Windows\System\ARdpWoX.exe
  C:\Windows\System\ARdpWoX.exe
  2⤵
  PID:6176
- C:\Windows\System\mPrEmAn.exe
  C:\Windows\System\mPrEmAn.exe
  2⤵
  PID:6236
- C:\Windows\System\taoCCTK.exe
  C:\Windows\System\taoCCTK.exe
  2⤵
  PID:6296
- C:\Windows\System\DYVDGZi.exe
  C:\Windows\System\DYVDGZi.exe
  2⤵
  PID:6372
- C:\Windows\System\iHAjrIw.exe
  C:\Windows\System\iHAjrIw.exe
  2⤵
  PID:6432
- C:\Windows\System\SwXWIWE.exe
  C:\Windows\System\SwXWIWE.exe
  2⤵
  PID:6492
- C:\Windows\System\bBxBYkh.exe
  C:\Windows\System\bBxBYkh.exe
  2⤵
  PID:6552
- C:\Windows\System\wrxaNnC.exe
  C:\Windows\System\wrxaNnC.exe
  2⤵
  PID:6628
- C:\Windows\System\DvqUQGs.exe
  C:\Windows\System\DvqUQGs.exe
  2⤵
  PID:6688
- C:\Windows\System\mmJxwmt.exe
  C:\Windows\System\mmJxwmt.exe
  2⤵
  PID:6768
- C:\Windows\System\pdwIBdi.exe
  C:\Windows\System\pdwIBdi.exe
  2⤵
  PID:6804
- C:\Windows\System\IigZLuD.exe
  C:\Windows\System\IigZLuD.exe
  2⤵
  PID:6880
- C:\Windows\System\ZfVjMov.exe
  C:\Windows\System\ZfVjMov.exe
  2⤵
  PID:6940
- C:\Windows\System\pByuhci.exe
  C:\Windows\System\pByuhci.exe
  2⤵
  PID:7000
- C:\Windows\System\KfYSHhW.exe
  C:\Windows\System\KfYSHhW.exe
  2⤵
  PID:7076
- C:\Windows\System\fdPHChj.exe
  C:\Windows\System\fdPHChj.exe
  2⤵
  PID:7136
- C:\Windows\System\qLXfEeW.exe
  C:\Windows\System\qLXfEeW.exe
  2⤵
  PID:6008
- C:\Windows\System\vRQSgLV.exe
  C:\Windows\System\vRQSgLV.exe
  2⤵
  PID:5444
- C:\Windows\System\oohVfUy.exe
  C:\Windows\System\oohVfUy.exe
  2⤵
  PID:6208
- C:\Windows\System\FgFFSIa.exe
  C:\Windows\System\FgFFSIa.exe
  2⤵
  PID:6348
- C:\Windows\System\dwgxsbF.exe
  C:\Windows\System\dwgxsbF.exe
  2⤵
  PID:6520
- C:\Windows\System\GhOqTAb.exe
  C:\Windows\System\GhOqTAb.exe
  2⤵
  PID:6656
- C:\Windows\System\qaNIDEs.exe
  C:\Windows\System\qaNIDEs.exe
  2⤵
  PID:6800
- C:\Windows\System\WTAMfZM.exe
  C:\Windows\System\WTAMfZM.exe
  2⤵
  PID:6968
- C:\Windows\System\eKfmxpQ.exe
  C:\Windows\System\eKfmxpQ.exe
  2⤵
  PID:7188
- C:\Windows\System\JifNNXM.exe
  C:\Windows\System\JifNNXM.exe
  2⤵
  PID:7216
- C:\Windows\System\TXBtLlr.exe
  C:\Windows\System\TXBtLlr.exe
  2⤵
  PID:7244
- C:\Windows\System\pffmlBC.exe
  C:\Windows\System\pffmlBC.exe
  2⤵
  PID:7272
- C:\Windows\System\EOSDuLE.exe
  C:\Windows\System\EOSDuLE.exe
  2⤵
  PID:7300
- C:\Windows\System\piqckOo.exe
  C:\Windows\System\piqckOo.exe
  2⤵
  PID:7328
- C:\Windows\System\RcUrrTf.exe
  C:\Windows\System\RcUrrTf.exe
  2⤵
  PID:7356
- C:\Windows\System\UPaabDz.exe
  C:\Windows\System\UPaabDz.exe
  2⤵
  PID:7384
- C:\Windows\System\HhYKRXT.exe
  C:\Windows\System\HhYKRXT.exe
  2⤵
  PID:7412
- C:\Windows\System\EweIouu.exe
  C:\Windows\System\EweIouu.exe
  2⤵
  PID:7440
- C:\Windows\System\aPRAsGk.exe
  C:\Windows\System\aPRAsGk.exe
  2⤵
  PID:7468
- C:\Windows\System\MfxIBaA.exe
  C:\Windows\System\MfxIBaA.exe
  2⤵
  PID:7496
- C:\Windows\System\WWPoCAJ.exe
  C:\Windows\System\WWPoCAJ.exe
  2⤵
  PID:7524
- C:\Windows\System\rWVnxyt.exe
  C:\Windows\System\rWVnxyt.exe
  2⤵
  PID:7552
- C:\Windows\System\AysvIwJ.exe
  C:\Windows\System\AysvIwJ.exe
  2⤵
  PID:7576
- C:\Windows\System\IQvQZPT.exe
  C:\Windows\System\IQvQZPT.exe
  2⤵
  PID:7604
- C:\Windows\System\WxdVTxM.exe
  C:\Windows\System\WxdVTxM.exe
  2⤵
  PID:7636
- C:\Windows\System\TuPiqPi.exe
  C:\Windows\System\TuPiqPi.exe
  2⤵
  PID:7664
- C:\Windows\System\pjmZXvG.exe
  C:\Windows\System\pjmZXvG.exe
  2⤵
  PID:7692
- C:\Windows\System\GfKoHyM.exe
  C:\Windows\System\GfKoHyM.exe
  2⤵
  PID:7720
- C:\Windows\System\xydZtTP.exe
  C:\Windows\System\xydZtTP.exe
  2⤵
  PID:7748
- C:\Windows\System\eGYGxJn.exe
  C:\Windows\System\eGYGxJn.exe
  2⤵
  PID:7776
- C:\Windows\System\KrHxAvs.exe
  C:\Windows\System\KrHxAvs.exe
  2⤵
  PID:7804
- C:\Windows\System\xJuoeGb.exe
  C:\Windows\System\xJuoeGb.exe
  2⤵
  PID:7828
- C:\Windows\System\gPuNZkb.exe
  C:\Windows\System\gPuNZkb.exe
  2⤵
  PID:7856
- C:\Windows\System\WOYICTW.exe
  C:\Windows\System\WOYICTW.exe
  2⤵
  PID:7888
- C:\Windows\System\EJyPvOJ.exe
  C:\Windows\System\EJyPvOJ.exe
  2⤵
  PID:7916
- C:\Windows\System\peurwGy.exe
  C:\Windows\System\peurwGy.exe
  2⤵
  PID:7944
- C:\Windows\System\BaifJtd.exe
  C:\Windows\System\BaifJtd.exe
  2⤵
  PID:7968
- C:\Windows\System\WahTDMy.exe
  C:\Windows\System\WahTDMy.exe
  2⤵
  PID:8000
- C:\Windows\System\lkfVYXb.exe
  C:\Windows\System\lkfVYXb.exe
  2⤵
  PID:8028
- C:\Windows\System\aqYmiVN.exe
  C:\Windows\System\aqYmiVN.exe
  2⤵
  PID:8056
- C:\Windows\System\tEjYkaL.exe
  C:\Windows\System\tEjYkaL.exe
  2⤵
  PID:8084
- C:\Windows\System\EYjbxkH.exe
  C:\Windows\System\EYjbxkH.exe
  2⤵
  PID:8112
- C:\Windows\System\iPsZEfd.exe
  C:\Windows\System\iPsZEfd.exe
  2⤵
  PID:8140
- C:\Windows\System\CNaGjQt.exe
  C:\Windows\System\CNaGjQt.exe
  2⤵
  PID:8168
- C:\Windows\System\riLhUNL.exe
  C:\Windows\System\riLhUNL.exe
  2⤵
  PID:6992
- C:\Windows\System\IqvHJFJ.exe
  C:\Windows\System\IqvHJFJ.exe
  2⤵
  PID:5872
- C:\Windows\System\huPevwm.exe
  C:\Windows\System\huPevwm.exe
  2⤵
  PID:6148
- C:\Windows\System\TkRjLog.exe
  C:\Windows\System\TkRjLog.exe
  2⤵
  PID:6460
- C:\Windows\System\OfaELaz.exe
  C:\Windows\System\OfaELaz.exe
  2⤵
  PID:6720
- C:\Windows\System\WNTtLGN.exe
  C:\Windows\System\WNTtLGN.exe
  2⤵
  PID:2792
- C:\Windows\System\JZTfrzt.exe
  C:\Windows\System\JZTfrzt.exe
  2⤵
  PID:7232
- C:\Windows\System\gcFNpVe.exe
  C:\Windows\System\gcFNpVe.exe
  2⤵
  PID:7288
- C:\Windows\System\nDenMbX.exe
  C:\Windows\System\nDenMbX.exe
  2⤵
  PID:7340
- C:\Windows\System\IbunwHW.exe
  C:\Windows\System\IbunwHW.exe
  2⤵
  PID:7396
- C:\Windows\System\KKwFsDQ.exe
  C:\Windows\System\KKwFsDQ.exe
  2⤵
  PID:7456
- C:\Windows\System\aLwWGqW.exe
  C:\Windows\System\aLwWGqW.exe
  2⤵
  PID:7516
- C:\Windows\System\papWoPc.exe
  C:\Windows\System\papWoPc.exe
  2⤵
  PID:7572
- C:\Windows\System\FrVtYhE.exe
  C:\Windows\System\FrVtYhE.exe
  2⤵
  PID:7648
- C:\Windows\System\pTqCbDK.exe
  C:\Windows\System\pTqCbDK.exe
  2⤵
  PID:7684
- C:\Windows\System\dpgVSoz.exe
  C:\Windows\System\dpgVSoz.exe
  2⤵
  PID:7736
- C:\Windows\System\ienSkoI.exe
  C:\Windows\System\ienSkoI.exe
  2⤵
  PID:7796
- C:\Windows\System\XNsWJbc.exe
  C:\Windows\System\XNsWJbc.exe
  2⤵
  PID:7872
- C:\Windows\System\cDnRhBa.exe
  C:\Windows\System\cDnRhBa.exe
  2⤵
  PID:4416
- C:\Windows\System\LargWeR.exe
  C:\Windows\System\LargWeR.exe
  2⤵
  PID:8068
- C:\Windows\System\soKSzLP.exe
  C:\Windows\System\soKSzLP.exe
  2⤵
  PID:8104
- C:\Windows\System\fSsGFPx.exe
  C:\Windows\System\fSsGFPx.exe
  2⤵
  PID:3092
- C:\Windows\System\vpiVvfx.exe
  C:\Windows\System\vpiVvfx.exe
  2⤵
  PID:8156
- C:\Windows\System\kpSGCCs.exe
  C:\Windows\System\kpSGCCs.exe
  2⤵
  PID:3408
- C:\Windows\System\rNcCLDN.exe
  C:\Windows\System\rNcCLDN.exe
  2⤵
  PID:7204
- C:\Windows\System\gbIMChr.exe
  C:\Windows\System\gbIMChr.exe
  2⤵
  PID:7260
- C:\Windows\System\nTStPXi.exe
  C:\Windows\System\nTStPXi.exe
  2⤵
  PID:7316
- C:\Windows\System\JFPnIau.exe
  C:\Windows\System\JFPnIau.exe
  2⤵
  PID:4152
- C:\Windows\System\OCXDywT.exe
  C:\Windows\System\OCXDywT.exe
  2⤵
  PID:1940
- C:\Windows\System\exkWpBO.exe
  C:\Windows\System\exkWpBO.exe
  2⤵
  PID:1460
- C:\Windows\System\TLaHgWk.exe
  C:\Windows\System\TLaHgWk.exe
  2⤵
  PID:2948
- C:\Windows\System\MKzXPPM.exe
  C:\Windows\System\MKzXPPM.exe
  2⤵
  PID:7788
- C:\Windows\System\rdJnirk.exe
  C:\Windows\System\rdJnirk.exe
  2⤵
  PID:1160
- C:\Windows\System\pCgBHCF.exe
  C:\Windows\System\pCgBHCF.exe
  2⤵
  PID:7960
- C:\Windows\System\fFxwTEz.exe
  C:\Windows\System\fFxwTEz.exe
  2⤵
  PID:416
- C:\Windows\System\JokcZZd.exe
  C:\Windows\System\JokcZZd.exe
  2⤵
  PID:4892
- C:\Windows\System\OhmrwJx.exe
  C:\Windows\System\OhmrwJx.exe
  2⤵
  PID:8132
- C:\Windows\System\osntiPB.exe
  C:\Windows\System\osntiPB.exe
  2⤵
  PID:6404
- C:\Windows\System\aINtjCk.exe
  C:\Windows\System\aINtjCk.exe
  2⤵
  PID:7368
- C:\Windows\System\HjQJUDX.exe
  C:\Windows\System\HjQJUDX.exe
  2⤵
  PID:2304
- C:\Windows\System\VijpZEP.exe
  C:\Windows\System\VijpZEP.exe
  2⤵
  PID:4196
- C:\Windows\System\QeTPBIf.exe
  C:\Windows\System\QeTPBIf.exe
  2⤵
  PID:7732
- C:\Windows\System\WxsbQVB.exe
  C:\Windows\System\WxsbQVB.exe
  2⤵
  PID:8096
- C:\Windows\System\qCuDXQc.exe
  C:\Windows\System\qCuDXQc.exe
  2⤵
  PID:4496
- C:\Windows\System\bggrznA.exe
  C:\Windows\System\bggrznA.exe
  2⤵
  PID:3888
- C:\Windows\System\kuCUEuI.exe
  C:\Windows\System\kuCUEuI.exe
  2⤵
  PID:8200
- C:\Windows\System\ItkmUdx.exe
  C:\Windows\System\ItkmUdx.exe
  2⤵
  PID:8232
- C:\Windows\System\rwvIzLm.exe
  C:\Windows\System\rwvIzLm.exe
  2⤵
  PID:8248
- C:\Windows\System\WOrcFFl.exe
  C:\Windows\System\WOrcFFl.exe
  2⤵
  PID:8280
- C:\Windows\System\lXvzrob.exe
  C:\Windows\System\lXvzrob.exe
  2⤵
  PID:8400
- C:\Windows\System\pWBaQfP.exe
  C:\Windows\System\pWBaQfP.exe
  2⤵
  PID:8436
- C:\Windows\System\roPeoMY.exe
  C:\Windows\System\roPeoMY.exe
  2⤵
  PID:8480
- C:\Windows\System\euBRZQB.exe
  C:\Windows\System\euBRZQB.exe
  2⤵
  PID:8504
- C:\Windows\System\aInjQez.exe
  C:\Windows\System\aInjQez.exe
  2⤵
  PID:8520
- C:\Windows\System\DgYQgIq.exe
  C:\Windows\System\DgYQgIq.exe
  2⤵
  PID:8560
- C:\Windows\System\zMRusad.exe
  C:\Windows\System\zMRusad.exe
  2⤵
  PID:8588
- C:\Windows\System\ofgqvlk.exe
  C:\Windows\System\ofgqvlk.exe
  2⤵
  PID:8608
- C:\Windows\System\odKDyuF.exe
  C:\Windows\System\odKDyuF.exe
  2⤵
  PID:8656
- C:\Windows\System\CrPWJcy.exe
  C:\Windows\System\CrPWJcy.exe
  2⤵
  PID:8684
- C:\Windows\System\UBvRXIQ.exe
  C:\Windows\System\UBvRXIQ.exe
  2⤵
  PID:8712
- C:\Windows\System\MYynwmG.exe
  C:\Windows\System\MYynwmG.exe
  2⤵
  PID:8728
- C:\Windows\System\OXedDXV.exe
  C:\Windows\System\OXedDXV.exe
  2⤵
  PID:8768
- C:\Windows\System\pIAqXVB.exe
  C:\Windows\System\pIAqXVB.exe
  2⤵
  PID:8792
- C:\Windows\System\JSCbPad.exe
  C:\Windows\System\JSCbPad.exe
  2⤵
  PID:8812
- C:\Windows\System\SuvwxLw.exe
  C:\Windows\System\SuvwxLw.exe
  2⤵
  PID:8852
- C:\Windows\System\MUOmSgo.exe
  C:\Windows\System\MUOmSgo.exe
  2⤵
  PID:8868
- C:\Windows\System\leiRWOW.exe
  C:\Windows\System\leiRWOW.exe
  2⤵
  PID:8884
- C:\Windows\System\lgUzjDV.exe
  C:\Windows\System\lgUzjDV.exe
  2⤵
  PID:8904
- C:\Windows\System\WKoxHfc.exe
  C:\Windows\System\WKoxHfc.exe
  2⤵
  PID:8944
- C:\Windows\System\VPYGaJx.exe
  C:\Windows\System\VPYGaJx.exe
  2⤵
  PID:8972
- C:\Windows\System\lVkZASP.exe
  C:\Windows\System\lVkZASP.exe
  2⤵
  PID:9032
- C:\Windows\System\qBIcQAB.exe
  C:\Windows\System\qBIcQAB.exe
  2⤵
  PID:9048
- C:\Windows\System\sXsaees.exe
  C:\Windows\System\sXsaees.exe
  2⤵
  PID:9088
- C:\Windows\System\EvrGQfR.exe
  C:\Windows\System\EvrGQfR.exe
  2⤵
  PID:9120
- C:\Windows\System\cCbhobo.exe
  C:\Windows\System\cCbhobo.exe
  2⤵
  PID:9148
- C:\Windows\System\XKohIdJ.exe
  C:\Windows\System\XKohIdJ.exe
  2⤵
  PID:9164
- C:\Windows\System\ttHOLeR.exe
  C:\Windows\System\ttHOLeR.exe
  2⤵
  PID:9192
- C:\Windows\System\DLKZdde.exe
  C:\Windows\System\DLKZdde.exe
  2⤵
  PID:9208
- C:\Windows\System\epLtvrd.exe
  C:\Windows\System\epLtvrd.exe
  2⤵
  PID:8216
- C:\Windows\System\cQaBVAI.exe
  C:\Windows\System\cQaBVAI.exe
  2⤵
  PID:8276
- C:\Windows\System\xnhcQAX.exe
  C:\Windows\System\xnhcQAX.exe
  2⤵
  PID:8392
- C:\Windows\System\vBAkjtX.exe
  C:\Windows\System\vBAkjtX.exe
  2⤵
  PID:4116
- C:\Windows\System\JWvwIaI.exe
  C:\Windows\System\JWvwIaI.exe
  2⤵
  PID:8492
- C:\Windows\System\jhmAKkQ.exe
  C:\Windows\System\jhmAKkQ.exe
  2⤵
  PID:8572
- C:\Windows\System\nVeyRvj.exe
  C:\Windows\System\nVeyRvj.exe
  2⤵
  PID:8644
- C:\Windows\System\PNTlDwX.exe
  C:\Windows\System\PNTlDwX.exe
  2⤵
  PID:8708
- C:\Windows\System\XjsjRhM.exe
  C:\Windows\System\XjsjRhM.exe
  2⤵
  PID:8784
- C:\Windows\System\ALtLhSD.exe
  C:\Windows\System\ALtLhSD.exe
  2⤵
  PID:8860
- C:\Windows\System\TNYLAXy.exe
  C:\Windows\System\TNYLAXy.exe
  2⤵
  PID:8924
- C:\Windows\System\oejnxEa.exe
  C:\Windows\System\oejnxEa.exe
  2⤵
  PID:8964
- C:\Windows\System\gHCBxbi.exe
  C:\Windows\System\gHCBxbi.exe
  2⤵
  PID:8988
- C:\Windows\System\rylVhLy.exe
  C:\Windows\System\rylVhLy.exe
  2⤵
  PID:9080
- C:\Windows\System\oaBduJP.exe
  C:\Windows\System\oaBduJP.exe
  2⤵
  PID:9160
- C:\Windows\System\CIRhjUL.exe
  C:\Windows\System\CIRhjUL.exe
  2⤵
  PID:516
- C:\Windows\System\JZlLnOo.exe
  C:\Windows\System\JZlLnOo.exe
  2⤵
  PID:8316
- C:\Windows\System\jWQBNoX.exe
  C:\Windows\System\jWQBNoX.exe
  2⤵
  PID:8388
- C:\Windows\System\maIKkLC.exe
  C:\Windows\System\maIKkLC.exe
  2⤵
  PID:8544
- C:\Windows\System\KKUlmES.exe
  C:\Windows\System\KKUlmES.exe
  2⤵
  PID:8676
- C:\Windows\System\rQzRgaa.exe
  C:\Windows\System\rQzRgaa.exe
  2⤵
  PID:8844
- C:\Windows\System\sEtKDMp.exe
  C:\Windows\System\sEtKDMp.exe
  2⤵
  PID:9004
- C:\Windows\System\ieGhJtT.exe
  C:\Windows\System\ieGhJtT.exe
  2⤵
  PID:4484
- C:\Windows\System\SGPJVwS.exe
  C:\Windows\System\SGPJVwS.exe
  2⤵
  PID:8460
- C:\Windows\System\bODMegB.exe
  C:\Windows\System\bODMegB.exe
  2⤵
  PID:8604
- C:\Windows\System\LQBreEb.exe
  C:\Windows\System\LQBreEb.exe
  2⤵
  PID:9184
- C:\Windows\System\MRruSXL.exe
  C:\Windows\System\MRruSXL.exe
  2⤵
  PID:6324
- C:\Windows\System\ieAhIAW.exe
  C:\Windows\System\ieAhIAW.exe
  2⤵
  PID:8824
- C:\Windows\System\fiPOhLW.exe
  C:\Windows\System\fiPOhLW.exe
  2⤵
  PID:9232
- C:\Windows\System\ySyrGas.exe
  C:\Windows\System\ySyrGas.exe
  2⤵
  PID:9268
- C:\Windows\System\poYGtkx.exe
  C:\Windows\System\poYGtkx.exe
  2⤵
  PID:9300
- C:\Windows\System\oyNOYyh.exe
  C:\Windows\System\oyNOYyh.exe
  2⤵
  PID:9324
- C:\Windows\System\LsrQAHt.exe
  C:\Windows\System\LsrQAHt.exe
  2⤵
  PID:9344
- C:\Windows\System\OmiRHWE.exe
  C:\Windows\System\OmiRHWE.exe
  2⤵
  PID:9372
- C:\Windows\System\ZZSaWMJ.exe
  C:\Windows\System\ZZSaWMJ.exe
  2⤵
  PID:9412
- C:\Windows\System\RSwWbxk.exe
  C:\Windows\System\RSwWbxk.exe
  2⤵
  PID:9428
- C:\Windows\System\kkayugE.exe
  C:\Windows\System\kkayugE.exe
  2⤵
  PID:9456
- C:\Windows\System\YXsgTOy.exe
  C:\Windows\System\YXsgTOy.exe
  2⤵
  PID:9480
- C:\Windows\System\OpDqtnA.exe
  C:\Windows\System\OpDqtnA.exe
  2⤵
  PID:9520
- C:\Windows\System\eoPzadF.exe
  C:\Windows\System\eoPzadF.exe
  2⤵
  PID:9552
- C:\Windows\System\jcvGZRv.exe
  C:\Windows\System\jcvGZRv.exe
  2⤵
  PID:9568
- C:\Windows\System\eireqob.exe
  C:\Windows\System\eireqob.exe
  2⤵
  PID:9608
- C:\Windows\System\mOipqix.exe
  C:\Windows\System\mOipqix.exe
  2⤵
  PID:9624
- C:\Windows\System\iwUJgiV.exe
  C:\Windows\System\iwUJgiV.exe
  2⤵
  PID:9664
- C:\Windows\System\qQrqYvn.exe
  C:\Windows\System\qQrqYvn.exe
  2⤵
  PID:9680
- C:\Windows\System\GDefJcx.exe
  C:\Windows\System\GDefJcx.exe
  2⤵
  PID:9712
- C:\Windows\System\FggNsVm.exe
  C:\Windows\System\FggNsVm.exe
  2⤵
  PID:9748
- C:\Windows\System\EJVeLag.exe
  C:\Windows\System\EJVeLag.exe
  2⤵
  PID:9776
- C:\Windows\System\JmutuSy.exe
  C:\Windows\System\JmutuSy.exe
  2⤵
  PID:9792
- C:\Windows\System\WExXWCN.exe
  C:\Windows\System\WExXWCN.exe
  2⤵
  PID:9820
- C:\Windows\System\olqbfub.exe
  C:\Windows\System\olqbfub.exe
  2⤵
  PID:9852
- C:\Windows\System\RGqejWb.exe
  C:\Windows\System\RGqejWb.exe
  2⤵
  PID:9888
- C:\Windows\System\zcCjGAP.exe
  C:\Windows\System\zcCjGAP.exe
  2⤵
  PID:9904
- C:\Windows\System\WvYnQuU.exe
  C:\Windows\System\WvYnQuU.exe
  2⤵
  PID:9932
- C:\Windows\System\eaZESvs.exe
  C:\Windows\System\eaZESvs.exe
  2⤵
  PID:9972
- C:\Windows\System\XnlKKof.exe
  C:\Windows\System\XnlKKof.exe
  2⤵
  PID:9988
- C:\Windows\System\vxjNQMe.exe
  C:\Windows\System\vxjNQMe.exe
  2⤵
  PID:10020
- C:\Windows\System\tKItRmh.exe
  C:\Windows\System\tKItRmh.exe
  2⤵
  PID:10044
- C:\Windows\System\wEeZdyI.exe
  C:\Windows\System\wEeZdyI.exe
  2⤵
  PID:10072
- C:\Windows\System\QLyrvZT.exe
  C:\Windows\System\QLyrvZT.exe
  2⤵
  PID:10100
- C:\Windows\System\hFHoqfr.exe
  C:\Windows\System\hFHoqfr.exe
  2⤵
  PID:10128
- C:\Windows\System\AAYEodd.exe
  C:\Windows\System\AAYEodd.exe
  2⤵
  PID:10148
- C:\Windows\System\NNfkqVt.exe
  C:\Windows\System\NNfkqVt.exe
  2⤵
  PID:10184
- C:\Windows\System\lWrJPpe.exe
  C:\Windows\System\lWrJPpe.exe
  2⤵
  PID:10224
- C:\Windows\System\QIdrfJl.exe
  C:\Windows\System\QIdrfJl.exe
  2⤵
  PID:9228
- C:\Windows\System\nguYiWE.exe
  C:\Windows\System\nguYiWE.exe
  2⤵
  PID:9292
- C:\Windows\System\cAkyexE.exe
  C:\Windows\System\cAkyexE.exe
  2⤵
  PID:9364
- C:\Windows\System\nKPcNyK.exe
  C:\Windows\System\nKPcNyK.exe
  2⤵
  PID:9420
- C:\Windows\System\pDfmUTY.exe
  C:\Windows\System\pDfmUTY.exe
  2⤵
  PID:9496
- C:\Windows\System\GCajTqe.exe
  C:\Windows\System\GCajTqe.exe
  2⤵
  PID:9560
- C:\Windows\System\jaMgiBg.exe
  C:\Windows\System\jaMgiBg.exe
  2⤵
  PID:9616
- C:\Windows\System\qOTsOhL.exe
  C:\Windows\System\qOTsOhL.exe
  2⤵
  PID:9692
- C:\Windows\System\oxhGLxD.exe
  C:\Windows\System\oxhGLxD.exe
  2⤵
  PID:9768
- C:\Windows\System\ZdWrUSG.exe
  C:\Windows\System\ZdWrUSG.exe
  2⤵
  PID:9812
- C:\Windows\System\fDNwxYe.exe
  C:\Windows\System\fDNwxYe.exe
  2⤵
  PID:9872
- C:\Windows\System\RKFAuOF.exe
  C:\Windows\System\RKFAuOF.exe
  2⤵
  PID:9948
- C:\Windows\System\QRWSAjY.exe
  C:\Windows\System\QRWSAjY.exe
  2⤵
  PID:10036
- C:\Windows\System\UxUfYZM.exe
  C:\Windows\System\UxUfYZM.exe
  2⤵
  PID:10064
- C:\Windows\System\DzCxupn.exe
  C:\Windows\System\DzCxupn.exe
  2⤵
  PID:10112
- C:\Windows\System\htqhpox.exe
  C:\Windows\System\htqhpox.exe
  2⤵
  PID:10212
- C:\Windows\System\LHbNtkx.exe
  C:\Windows\System\LHbNtkx.exe
  2⤵
  PID:9320
- C:\Windows\System\EWYBCnl.exe
  C:\Windows\System\EWYBCnl.exe
  2⤵
  PID:9464
- C:\Windows\System\gCApbIj.exe
  C:\Windows\System\gCApbIj.exe
  2⤵
  PID:9592
- C:\Windows\System\zTmGIWr.exe
  C:\Windows\System\zTmGIWr.exe
  2⤵
  PID:9676
- C:\Windows\System\HKgVaoS.exe
  C:\Windows\System\HKgVaoS.exe
  2⤵
  PID:9920
- C:\Windows\System\DenAzAf.exe
  C:\Windows\System\DenAzAf.exe
  2⤵
  PID:10092
- C:\Windows\System\jEQoGEO.exe
  C:\Windows\System\jEQoGEO.exe
  2⤵
  PID:10120
- C:\Windows\System\cEcZlGd.exe
  C:\Windows\System\cEcZlGd.exe
  2⤵
  PID:9528
- C:\Windows\System\ZhYxvZe.exe
  C:\Windows\System\ZhYxvZe.exe
  2⤵
  PID:9808
- C:\Windows\System\tixHrHP.exe
  C:\Windows\System\tixHrHP.exe
  2⤵
  PID:10216
- C:\Windows\System\NqYyMsy.exe
  C:\Windows\System\NqYyMsy.exe
  2⤵
  PID:9744
- C:\Windows\System\yfSwLgI.exe
  C:\Windows\System\yfSwLgI.exe
  2⤵
  PID:10248
- C:\Windows\System\wmjaPKq.exe
  C:\Windows\System\wmjaPKq.exe
  2⤵
  PID:10272
- C:\Windows\System\uVCxqoF.exe
  C:\Windows\System\uVCxqoF.exe
  2⤵
  PID:10292
- C:\Windows\System\MgvOXEi.exe
  C:\Windows\System\MgvOXEi.exe
  2⤵
  PID:10328
- C:\Windows\System\CHADROI.exe
  C:\Windows\System\CHADROI.exe
  2⤵
  PID:10360
- C:\Windows\System\IfpYnbV.exe
  C:\Windows\System\IfpYnbV.exe
  2⤵
  PID:10388
- C:\Windows\System\KsLlCIP.exe
  C:\Windows\System\KsLlCIP.exe
  2⤵
  PID:10416
- C:\Windows\System\gDkMkvv.exe
  C:\Windows\System\gDkMkvv.exe
  2⤵
  PID:10444
- C:\Windows\System\yRIePNx.exe
  C:\Windows\System\yRIePNx.exe
  2⤵
  PID:10460
- C:\Windows\System\RlgzwZb.exe
  C:\Windows\System\RlgzwZb.exe
  2⤵
  PID:10488
- C:\Windows\System\xcihLkD.exe
  C:\Windows\System\xcihLkD.exe
  2⤵
  PID:10516
- C:\Windows\System\mhCJrNO.exe
  C:\Windows\System\mhCJrNO.exe
  2⤵
  PID:10544
- C:\Windows\System\QzruyBK.exe
  C:\Windows\System\QzruyBK.exe
  2⤵
  PID:10584
- C:\Windows\System\BFxiURc.exe
  C:\Windows\System\BFxiURc.exe
  2⤵
  PID:10612
- C:\Windows\System\apUcIoa.exe
  C:\Windows\System\apUcIoa.exe
  2⤵
  PID:10640
- C:\Windows\System\bwsoyDg.exe
  C:\Windows\System\bwsoyDg.exe
  2⤵
  PID:10656
- C:\Windows\System\mYBJxNs.exe
  C:\Windows\System\mYBJxNs.exe
  2⤵
  PID:10696
- C:\Windows\System\Znsublq.exe
  C:\Windows\System\Znsublq.exe
  2⤵
  PID:10724
- C:\Windows\System\SYhlBMM.exe
  C:\Windows\System\SYhlBMM.exe
  2⤵
  PID:10752
- C:\Windows\System\OOTQbOC.exe
  C:\Windows\System\OOTQbOC.exe
  2⤵
  PID:10780
- C:\Windows\System\MxMsEdF.exe
  C:\Windows\System\MxMsEdF.exe
  2⤵
  PID:10808
- C:\Windows\System\eILuACi.exe
  C:\Windows\System\eILuACi.exe
  2⤵
  PID:10836
- C:\Windows\System\nnhjtpK.exe
  C:\Windows\System\nnhjtpK.exe
  2⤵
  PID:10864
- C:\Windows\System\NKiGetJ.exe
  C:\Windows\System\NKiGetJ.exe
  2⤵
  PID:10892
- C:\Windows\System\MJpASbN.exe
  C:\Windows\System\MJpASbN.exe
  2⤵
  PID:10920
- C:\Windows\System\oiuGPiH.exe
  C:\Windows\System\oiuGPiH.exe
  2⤵
  PID:10948
- C:\Windows\System\XFvCDmt.exe
  C:\Windows\System\XFvCDmt.exe
  2⤵
  PID:10976
- C:\Windows\System\MeQptVp.exe
  C:\Windows\System\MeQptVp.exe
  2⤵
  PID:11004
- C:\Windows\System\NFGaioc.exe
  C:\Windows\System\NFGaioc.exe
  2⤵
  PID:11032
- C:\Windows\System\WeYPPgR.exe
  C:\Windows\System\WeYPPgR.exe
  2⤵
  PID:11060
- C:\Windows\System\RgjsSyx.exe
  C:\Windows\System\RgjsSyx.exe
  2⤵
  PID:11088
- C:\Windows\System\DpUbhHl.exe
  C:\Windows\System\DpUbhHl.exe
  2⤵
  PID:11104
- C:\Windows\System\OEMlZpu.exe
  C:\Windows\System\OEMlZpu.exe
  2⤵
  PID:11144
- C:\Windows\System\lmGflAA.exe
  C:\Windows\System\lmGflAA.exe
  2⤵
  PID:11164
- C:\Windows\System\LIAPAmw.exe
  C:\Windows\System\LIAPAmw.exe
  2⤵
  PID:11188
- C:\Windows\System\DBZbjWO.exe
  C:\Windows\System\DBZbjWO.exe
  2⤵
  PID:11216
- C:\Windows\System\lvQwqmA.exe
  C:\Windows\System\lvQwqmA.exe
  2⤵
  PID:11240
- C:\Windows\System\rsKCybZ.exe
  C:\Windows\System\rsKCybZ.exe
  2⤵
  PID:10284
- C:\Windows\System\UtAEGIR.exe
  C:\Windows\System\UtAEGIR.exe
  2⤵
  PID:10308
- C:\Windows\System\TLavkOT.exe
  C:\Windows\System\TLavkOT.exe
  2⤵
  PID:10400
- C:\Windows\System\pbvlihl.exe
  C:\Windows\System\pbvlihl.exe
  2⤵
  PID:10452
- C:\Windows\System\ILywigy.exe
  C:\Windows\System\ILywigy.exe
  2⤵
  PID:10540
- C:\Windows\System\MbqjaZa.exe
  C:\Windows\System\MbqjaZa.exe
  2⤵
  PID:10636
- C:\Windows\System\oZlkaOI.exe
  C:\Windows\System\oZlkaOI.exe
  2⤵
  PID:10688
- C:\Windows\System\YmfrWkB.exe
  C:\Windows\System\YmfrWkB.exe
  2⤵
  PID:10716
- C:\Windows\System\CEErgga.exe
  C:\Windows\System\CEErgga.exe
  2⤵
  PID:10764
- C:\Windows\System\UQRwJQk.exe
  C:\Windows\System\UQRwJQk.exe
  2⤵
  PID:10876
- C:\Windows\System\qMdEQGN.exe
  C:\Windows\System\qMdEQGN.exe
  2⤵
  PID:10940
- C:\Windows\System\vSFzXGd.exe
  C:\Windows\System\vSFzXGd.exe
  2⤵
  PID:9960
- C:\Windows\System\rKbBRcs.exe
  C:\Windows\System\rKbBRcs.exe
  2⤵
  PID:11056
- C:\Windows\System\ojLEUkg.exe
  C:\Windows\System\ojLEUkg.exe
  2⤵
  PID:11124
- C:\Windows\System\PhgvwwT.exe
  C:\Windows\System\PhgvwwT.exe
  2⤵
  PID:11172
- C:\Windows\System\TFHkBop.exe
  C:\Windows\System\TFHkBop.exe
  2⤵
  PID:11208
- C:\Windows\System\HmOcrRq.exe
  C:\Windows\System\HmOcrRq.exe
  2⤵
  PID:10304
- C:\Windows\System\KzxOfBs.exe
  C:\Windows\System\KzxOfBs.exe
  2⤵
  PID:10532
- C:\Windows\System\xBIDnyh.exe
  C:\Windows\System\xBIDnyh.exe
  2⤵
  PID:10712
- C:\Windows\System\WpaAhKn.exe
  C:\Windows\System\WpaAhKn.exe
  2⤵
  PID:10820
- C:\Windows\System\WnaBmLF.exe
  C:\Windows\System\WnaBmLF.exe
  2⤵
  PID:10932
- C:\Windows\System\tbJVAQL.exe
  C:\Windows\System\tbJVAQL.exe
  2⤵
  PID:11152
- C:\Windows\System\NfQRmOl.exe
  C:\Windows\System\NfQRmOl.exe
  2⤵
  PID:9660
- C:\Windows\System\JfRZaUL.exe
  C:\Windows\System\JfRZaUL.exe
  2⤵
  PID:10528
- C:\Windows\System\BQKLMtb.exe
  C:\Windows\System\BQKLMtb.exe
  2⤵
  PID:10916
- C:\Windows\System\oYfgbcD.exe
  C:\Windows\System\oYfgbcD.exe
  2⤵
  PID:11204
- C:\Windows\System\qlcrulm.exe
  C:\Windows\System\qlcrulm.exe
  2⤵
  PID:11020
- C:\Windows\System\ecnlcCz.exe
  C:\Windows\System\ecnlcCz.exe
  2⤵
  PID:11288
- C:\Windows\System\bJmkrlU.exe
  C:\Windows\System\bJmkrlU.exe
  2⤵
  PID:11328
- C:\Windows\System\JiSgvbV.exe
  C:\Windows\System\JiSgvbV.exe
  2⤵
  PID:11344
- C:\Windows\System\xVRQZGT.exe
  C:\Windows\System\xVRQZGT.exe
  2⤵
  PID:11384
- C:\Windows\System\ggTsWXp.exe
  C:\Windows\System\ggTsWXp.exe
  2⤵
  PID:11412
- C:\Windows\System\WDFGWFA.exe
  C:\Windows\System\WDFGWFA.exe
  2⤵
  PID:11440
- C:\Windows\System\bfuJQdx.exe
  C:\Windows\System\bfuJQdx.exe
  2⤵
  PID:11468
- C:\Windows\System\JrrRbHH.exe
  C:\Windows\System\JrrRbHH.exe
  2⤵
  PID:11496
- C:\Windows\System\IppQlcW.exe
  C:\Windows\System\IppQlcW.exe
  2⤵
  PID:11512
- C:\Windows\System\OAangAV.exe
  C:\Windows\System\OAangAV.exe
  2⤵
  PID:11540
- C:\Windows\System\UbETcIS.exe
  C:\Windows\System\UbETcIS.exe
  2⤵
  PID:11572
- C:\Windows\System\MCkuFpR.exe
  C:\Windows\System\MCkuFpR.exe
  2⤵
  PID:11608
- C:\Windows\System\ytjkedZ.exe
  C:\Windows\System\ytjkedZ.exe
  2⤵
  PID:11632
- C:\Windows\System\suFAWnZ.exe
  C:\Windows\System\suFAWnZ.exe
  2⤵
  PID:11656
- C:\Windows\System\zoGMSHp.exe
  C:\Windows\System\zoGMSHp.exe
  2⤵
  PID:11692
- C:\Windows\System\AwbKvdt.exe
  C:\Windows\System\AwbKvdt.exe
  2⤵
  PID:11708
- C:\Windows\System\mQYuVHs.exe
  C:\Windows\System\mQYuVHs.exe
  2⤵
  PID:11748
- C:\Windows\System\ESMekpL.exe
  C:\Windows\System\ESMekpL.exe
  2⤵
  PID:11776
- C:\Windows\System\CPUeZpN.exe
  C:\Windows\System\CPUeZpN.exe
  2⤵
  PID:11808
- C:\Windows\System\okpQBOy.exe
  C:\Windows\System\okpQBOy.exe
  2⤵
  PID:11828
- C:\Windows\System\AgzUiCh.exe
  C:\Windows\System\AgzUiCh.exe
  2⤵
  PID:11852
- C:\Windows\System\ELBgdAb.exe
  C:\Windows\System\ELBgdAb.exe
  2⤵
  PID:11908
- C:\Windows\System\RmQxjCT.exe
  C:\Windows\System\RmQxjCT.exe
  2⤵
  PID:11924
- C:\Windows\System\COmcfBJ.exe
  C:\Windows\System\COmcfBJ.exe
  2⤵
  PID:11952
- C:\Windows\System\TJKTgSY.exe
  C:\Windows\System\TJKTgSY.exe
  2⤵
  PID:11980
- C:\Windows\System\ZeyXhBd.exe
  C:\Windows\System\ZeyXhBd.exe
  2⤵
  PID:12008
- C:\Windows\System\CdDdaKZ.exe
  C:\Windows\System\CdDdaKZ.exe
  2⤵
  PID:12036
- C:\Windows\System\TXBLSex.exe
  C:\Windows\System\TXBLSex.exe
  2⤵
  PID:12064
- C:\Windows\System\tSruENS.exe
  C:\Windows\System\tSruENS.exe
  2⤵
  PID:12092
- C:\Windows\System\eHYOiHM.exe
  C:\Windows\System\eHYOiHM.exe
  2⤵
  PID:12120
- C:\Windows\System\CXEoqRB.exe
  C:\Windows\System\CXEoqRB.exe
  2⤵
  PID:12136
- C:\Windows\System\NIDpbQV.exe
  C:\Windows\System\NIDpbQV.exe
  2⤵
  PID:12176
- C:\Windows\System\ByPJasg.exe
  C:\Windows\System\ByPJasg.exe
  2⤵
  PID:12204
- C:\Windows\System\wSqFpFz.exe
  C:\Windows\System\wSqFpFz.exe
  2⤵
  PID:12220
- C:\Windows\System\WfstCXt.exe
  C:\Windows\System\WfstCXt.exe
  2⤵
  PID:12248
- C:\Windows\System\GelAsxD.exe
  C:\Windows\System\GelAsxD.exe
  2⤵
  PID:12276
- C:\Windows\System\draTKfM.exe
  C:\Windows\System\draTKfM.exe
  2⤵
  PID:11308
- C:\Windows\System\wQBaAyU.exe
  C:\Windows\System\wQBaAyU.exe
  2⤵
  PID:11340
- C:\Windows\System\VrxxusR.exe
  C:\Windows\System\VrxxusR.exe
  2⤵
  PID:11428
- C:\Windows\System\EAdBAdY.exe
  C:\Windows\System\EAdBAdY.exe
  2⤵
  PID:11460
- C:\Windows\System\IReATvs.exe
  C:\Windows\System\IReATvs.exe
  2⤵
  PID:11552
- C:\Windows\System\fFSywXb.exe
  C:\Windows\System\fFSywXb.exe
  2⤵
  PID:11628
- C:\Windows\System\NxBSREf.exe
  C:\Windows\System\NxBSREf.exe
  2⤵
  PID:11668
- C:\Windows\System\KQIGFaR.exe
  C:\Windows\System\KQIGFaR.exe
  2⤵
  PID:11724
- C:\Windows\System\pRbqzaJ.exe
  C:\Windows\System\pRbqzaJ.exe
  2⤵
  PID:11816
- C:\Windows\System\GHZdwRl.exe
  C:\Windows\System\GHZdwRl.exe
  2⤵
  PID:7936
- C:\Windows\System\LAqeCAn.exe
  C:\Windows\System\LAqeCAn.exe
  2⤵
  PID:11840
- C:\Windows\System\oUywLpp.exe
  C:\Windows\System\oUywLpp.exe
  2⤵
  PID:4056
- C:\Windows\System\zjnLHRN.exe
  C:\Windows\System\zjnLHRN.exe
  2⤵
  PID:11948
- C:\Windows\System\tWQRyST.exe
  C:\Windows\System\tWQRyST.exe
  2⤵
  PID:11992
- C:\Windows\System\wAmyljT.exe
  C:\Windows\System\wAmyljT.exe
  2⤵
  PID:12080
- C:\Windows\System\YflnBVT.exe
  C:\Windows\System\YflnBVT.exe
  2⤵
  PID:12132
- C:\Windows\System\ILtyFwM.exe
  C:\Windows\System\ILtyFwM.exe
  2⤵
  PID:12212
- C:\Windows\System\HdopfYj.exe
  C:\Windows\System\HdopfYj.exe
  2⤵
  PID:12272
- C:\Windows\System\dolJOuq.exe
  C:\Windows\System\dolJOuq.exe
  2⤵
  PID:11396
- C:\Windows\System\VqPZoIK.exe
  C:\Windows\System\VqPZoIK.exe
  2⤵
  PID:11504
- C:\Windows\System\DXIAFAA.exe
  C:\Windows\System\DXIAFAA.exe
  2⤵
  PID:11728
- C:\Windows\System\sSsNjqu.exe
  C:\Windows\System\sSsNjqu.exe
  2⤵
  PID:5020
- C:\Windows\System\SWOiOci.exe
  C:\Windows\System\SWOiOci.exe
  2⤵
  PID:11944
- C:\Windows\System\ZKSUtur.exe
  C:\Windows\System\ZKSUtur.exe
  2⤵
  PID:12060
- C:\Windows\System\hqyIZbb.exe
  C:\Windows\System\hqyIZbb.exe
  2⤵
  PID:12188
- C:\Windows\System\hPeXUvc.exe
  C:\Windows\System\hPeXUvc.exe
  2⤵
  PID:12260
- C:\Windows\System\EXubLor.exe
  C:\Windows\System\EXubLor.exe
  2⤵
  PID:11492
- C:\Windows\System\VMRjSaN.exe
  C:\Windows\System\VMRjSaN.exe
  2⤵
  PID:11760
- C:\Windows\System\PCNgBiO.exe
  C:\Windows\System\PCNgBiO.exe
  2⤵
  PID:12232
- C:\Windows\System\memTHJY.exe
  C:\Windows\System\memTHJY.exe
  2⤵
  PID:12332
- C:\Windows\System\ryemhjL.exe
  C:\Windows\System\ryemhjL.exe
  2⤵
  PID:12360
- C:\Windows\System\OGsAtvE.exe
  C:\Windows\System\OGsAtvE.exe
  2⤵
  PID:12400
- C:\Windows\System\iTHIJtQ.exe
  C:\Windows\System\iTHIJtQ.exe
  2⤵
  PID:12416
- C:\Windows\System\ZvbKDqI.exe
  C:\Windows\System\ZvbKDqI.exe
  2⤵
  PID:12444
- C:\Windows\System\GbTsdsc.exe
  C:\Windows\System\GbTsdsc.exe
  2⤵
  PID:12472
- C:\Windows\System\aCmOvbx.exe
  C:\Windows\System\aCmOvbx.exe
  2⤵
  PID:12500
- C:\Windows\System\IdRkXFj.exe
  C:\Windows\System\IdRkXFj.exe
  2⤵
  PID:12528
- C:\Windows\System\WiwOhSg.exe
  C:\Windows\System\WiwOhSg.exe
  2⤵
  PID:12548
- C:\Windows\System\rRyDqvn.exe
  C:\Windows\System\rRyDqvn.exe
  2⤵
  PID:12588
- C:\Windows\System\jDEQekc.exe
  C:\Windows\System\jDEQekc.exe
  2⤵
  PID:12604
- C:\Windows\System\TtfDcjb.exe
  C:\Windows\System\TtfDcjb.exe
  2⤵
  PID:12652
- C:\Windows\System\kYfvIse.exe
  C:\Windows\System\kYfvIse.exe
  2⤵
  PID:12672
- C:\Windows\System\tcyGGFw.exe
  C:\Windows\System\tcyGGFw.exe
  2⤵
  PID:12712
- C:\Windows\System\XfNMVIU.exe
  C:\Windows\System\XfNMVIU.exe
  2⤵
  PID:12728
- C:\Windows\System\sxCNZvM.exe
  C:\Windows\System\sxCNZvM.exe
  2⤵
  PID:12768
- C:\Windows\System\hbNRaJb.exe
  C:\Windows\System\hbNRaJb.exe
  2⤵
  PID:12784
- C:\Windows\System\RZfnLnV.exe
  C:\Windows\System\RZfnLnV.exe
  2⤵
  PID:12800
- C:\Windows\System\gCZOWoS.exe
  C:\Windows\System\gCZOWoS.exe
  2⤵
  PID:12840
- C:\Windows\System\rGfpRLb.exe
  C:\Windows\System\rGfpRLb.exe
  2⤵
  PID:12880
- C:\Windows\System\oDSIpdg.exe
  C:\Windows\System\oDSIpdg.exe
  2⤵
  PID:12908
- C:\Windows\System\pKhpUaX.exe
  C:\Windows\System\pKhpUaX.exe
  2⤵
  PID:12936
- C:\Windows\System\GplOBuK.exe
  C:\Windows\System\GplOBuK.exe
  2⤵
  PID:12952
- C:\Windows\System\wKNEWks.exe
  C:\Windows\System\wKNEWks.exe
  2⤵
  PID:12992
- C:\Windows\System\lAilERx.exe
  C:\Windows\System\lAilERx.exe
  2⤵
  PID:13020
- C:\Windows\System\pcDMjXy.exe
  C:\Windows\System\pcDMjXy.exe
  2⤵
  PID:13048
- C:\Windows\System\rMJujSC.exe
  C:\Windows\System\rMJujSC.exe
  2⤵
  PID:13076
- C:\Windows\System\VCcpcyD.exe
  C:\Windows\System\VCcpcyD.exe
  2⤵
  PID:13104
- C:\Windows\System\zhmWbYj.exe
  C:\Windows\System\zhmWbYj.exe
  2⤵
  PID:13132
- C:\Windows\System\JCjGZeZ.exe
  C:\Windows\System\JCjGZeZ.exe
  2⤵
  PID:13160
- C:\Windows\System\yBBfZWX.exe
  C:\Windows\System\yBBfZWX.exe
  2⤵
  PID:13188
- C:\Windows\System\RMZaOeP.exe
  C:\Windows\System\RMZaOeP.exe
  2⤵
  PID:13204
- C:\Windows\System\iRaEeQo.exe
  C:\Windows\System\iRaEeQo.exe
  2⤵
  PID:13244
- C:\Windows\System\zkwLlZo.exe
  C:\Windows\System\zkwLlZo.exe
  2⤵
  PID:13272
- C:\Windows\System\iUsLIPk.exe
  C:\Windows\System\iUsLIPk.exe
  2⤵
  PID:13288
- C:\Windows\System\DVDpIlm.exe
  C:\Windows\System\DVDpIlm.exe
  2⤵
  PID:11900
- C:\Windows\System\iRGMthE.exe
  C:\Windows\System\iRGMthE.exe
  2⤵
  PID:2228
- C:\Windows\System\ohHBsGG.exe
  C:\Windows\System\ohHBsGG.exe
  2⤵
  PID:60
- C:\Windows\System\gVIKlbb.exe
  C:\Windows\System\gVIKlbb.exe
  2⤵
  PID:12384
- C:\Windows\System\YsCEODT.exe
  C:\Windows\System\YsCEODT.exe
  2⤵
  PID:12432
- C:\Windows\System\oqiTfqd.exe
  C:\Windows\System\oqiTfqd.exe
  2⤵
  PID:12512
- C:\Windows\System\izZMKBL.exe
  C:\Windows\System\izZMKBL.exe
  2⤵
  PID:12524
- C:\Windows\System\hzEJkQm.exe
  C:\Windows\System\hzEJkQm.exe
  2⤵
  PID:12600
- C:\Windows\System\yffAJOj.exe
  C:\Windows\System\yffAJOj.exe
  2⤵
  PID:12632
- C:\Windows\System\uPkVrJM.exe
  C:\Windows\System\uPkVrJM.exe
  2⤵
  PID:12756
- C:\Windows\System\sEybyXe.exe
  C:\Windows\System\sEybyXe.exe
  2⤵
  PID:12796
- C:\Windows\System\piyIwwD.exe
  C:\Windows\System\piyIwwD.exe
  2⤵
  PID:12892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4612,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
1⤵
PID:7988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0qjzxlwa.e5q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ARKSVPp.exe

Filesize
2.6MB

MD5
d29d6636d885165e191b528cdf47aaf3

SHA1
3deaefd63586fa0ccd821e813030ab08be4286ae

SHA256
b8a11a5a3e20a9ba55b71bc1e42c34412ba43db6ec349fe542a69f889bca9d78

SHA512
447094edde587fd878797dcfdc3fbf9e9a9e4148e564e88bd0267677a323a426c9371ca84d121f6efa9ddb1e23856d2004cd4c1a964d6dad2e13753721bb1eae

Download Submit
C:\Windows\System\HknXIhL.exe

Filesize
2.6MB

MD5
a7e0d4069860216d14d26bba30e57be4

SHA1
7a120233d3d9d8b7391b316400a63541f291d246

SHA256
c9c9fde130dd19982af99064691b6b2910185ce3eeea0a8842f8ae215f501377

SHA512
aac6babf4c056260929341d8ee688dc7bb8607e977f31bd7203d71983ecf82034a25c4ff8e7d726a47e661cdad53fbf2feee1e96ba3490affb4182459b075866

Download Submit
C:\Windows\System\IuyoHbk.exe

Filesize
2.6MB

MD5
8a8f6d9c09d813a8caa4d4a529fb3c46

SHA1
a2e7abd1abf928f1b503d2a5e9cac43878da4169

SHA256
0f1a66308ca921313b42d6df7ed31423c0323c7d302be11d171df01264266159

SHA512
d79b9ac2524df6191d55e8f94be2f94479e988214450480b91c8d615fdc1936fdf8676d24d326029f1301ceb3f702988f3407ffa704bbe4528bcb313889f79e6

Download Submit
C:\Windows\System\JXEGwqh.exe

Filesize
2.6MB

MD5
a7c5131a4c1265229f0e411b0f9d8bac

SHA1
64f43a0fde40f3ca4230e9062a73a96abdf2b2e4

SHA256
600677c99c8d1b8ad650a5f13d7925f4dcdf9b3e2702acfe7d975405b512036b

SHA512
af5382d0856c714d3c03423094936b5bc36c154bde97bec0e15465f91494406a66cc7a35600a4fbaae2c6b919c9b9a1381e7ba60c259a354d09a35979ddfc3f7

Download Submit
C:\Windows\System\KCGTBDT.exe

Filesize
2.6MB

MD5
62e43ac56b83b19c96ca617a58be17d4

SHA1
a3f05475c1a1f5da844fb57d81f1c9ddaa3925b4

SHA256
05a958f63bafae39954f5aa4ccd439d383e9a65a65649f2e5482fed60840e04d

SHA512
7d1e37eb6dd9f4fead8a1f6d213d3330e2eefc995be0ee4c1fb4b836c146a68bb4873091d83c3aecd49fbcf32f50d25578182dae271c8c4641f444489fce5b85

Download Submit
C:\Windows\System\NCQvBfJ.exe

Filesize
2.6MB

MD5
63543e8102f0b4b455792386086bb992

SHA1
83d67740d5fdf8ab1f1cea926a08435a405f0436

SHA256
89af63bf1bf644a0d3c1544fc184a9066dd2c42ec67d31bf3162d33b4835b3c3

SHA512
c85181bd905027f563d1b133959f7ebbc4129b215e7feca8cc8efafe31b2c30d29b43f482ad316c7b9c52f97ead12c7890e0f7d0eab590403c94e678b83a2d1c

Download Submit
C:\Windows\System\NKXFAgg.exe

Filesize
2.6MB

MD5
392a21923a17ffd8dbd6bcbca9533eac

SHA1
2616b2fc07da9f3108c9cb5590f82eebdc04ccca

SHA256
8b4034dedbb57453538d77fa3134ebaa2ee8792fb68e42b71ea8d27e2a82a1f2

SHA512
948cef59401ae80e7ec225d3bfd0daf9cf1ed95d8fc132691c15916778f49d1426933d75f618c085aba02e36154ba7396fb121cf848320684699fa655acacefd

Download Submit
C:\Windows\System\NzVbzoc.exe

Filesize
2.6MB

MD5
cce2a5e9bdeef0c2bd9a7104285ef2d1

SHA1
19b231e722a303c11e0a22f83704af20daff3f89

SHA256
127e108c0be1f92189277fa9dfdbd8658a6b4e4981de4d958cb6cc67532d0ffc

SHA512
b20b9e83abc0b1d0e7fd8c3dcdf8630758e68db1f0ab22e9d5d28f260b65f511f65c71eb5c4e6d341271659357fac9d57b28f63e19ceeb36837800efbec6fc21

Download Submit
C:\Windows\System\OcQGFLq.exe

Filesize
2.6MB

MD5
b51a89622d5e86cb95e71ac2bb13f198

SHA1
e9d131725e318ed8e98e99b30b19891a26548847

SHA256
271564cd3ec8e4f9efa665106297d3f61ddfe6b8318da3a0502270ebad6ff933

SHA512
eac88275bdf926a1f17aa556f10983d2fcb5e8fb420614780db1a0cfc2c75246f283f35c86586366597882fb46ff8e81a469d006ddf3301544a2edc02eebbcd6

Download Submit
C:\Windows\System\PJQPTAG.exe

Filesize
2.6MB

MD5
c8820d18c4e396e4534095806151df3a

SHA1
772c7575e12adbb91c4470716a5829ee2bf8713a

SHA256
9f828179f9d1477de8d420cc76a74dd3d83642ea178945713a2cc2331fadb590

SHA512
083d318a0fa576c098d69f78da02b443ae1ee02aaae4d368ac7219f32a0b6e22664377335da61dca147f6f05e9c89797aa2ad9ebaca00736a1049bbd994a1b46

Download Submit
C:\Windows\System\QLzUwZE.exe

Filesize
2.6MB

MD5
a5541eae23f51676dbb6ee48c1320261

SHA1
4572a6239c266dab90763de9f0d443b0317cf429

SHA256
ab0d7353ee2ed8c8118e37b1d08dff40b4180734e1f7aaae034bc79fb9aecb04

SHA512
c17e80741820ac3558228b019938b7e797b7920dbf0c21d4119fd854712fd46c61255a001e4484239a77d7822866e27390dd19e7aab55a28f0b2c048fbb4f9ce

Download Submit
C:\Windows\System\YMXhIdi.exe

Filesize
2.6MB

MD5
989a8fb9219687dcaaf4d69551509c51

SHA1
0f2ae8d6c3bc4b8244166c70a3ca2d86e08a6609

SHA256
c777635d9f7ed03f6961b92920336f76b9961b5033ee51318f74ca547e4d7fd5

SHA512
4d866c62800fa53fd4116bcb8b56deb8a9df392267af084eece3934dc6efe281fc791ff7de9acdbee084003646e11a18f76d9ecca9815539e66a6c250e41bb09

Download Submit
C:\Windows\System\YQFkoMd.exe

Filesize
2.6MB

MD5
f17d50a76cf218f8daab172449b32d83

SHA1
339f4517e6e89656bf1ad75b5c411c9f4f1a1a8b

SHA256
76702c19a6b647589a1c6c58a9bd2ff205889b829ff25af9eece30a7c88b0739

SHA512
31cfb0fcd8eeeb537f8f0875924e74b352cc6a1304bc6c931556082d37363e605be2793899d020fc0d2b890fa779a9ba52033921a09e483142756517c1442eda

Download Submit
C:\Windows\System\YUUliMe.exe

Filesize
2.6MB

MD5
f259841dd7be1875a993696f32869b3a

SHA1
5cb984f4f66b555ffc47ac39ff4e21d5a42618d7

SHA256
b4aa5bdfe194025d38dbf6f591f2322c34829d66e9302f1219e5a1d74c66ec9a

SHA512
8d758805bd8db0c042210b808c8832c2c99792ecb7b7d761514ba4e8b1a30ea4349b5a0bb56cc52385bb4c7addbeecf71419b62da7feb5d8ef5200b6cde6bad9

Download Submit
C:\Windows\System\ZYBdyDp.exe

Filesize
2.6MB

MD5
36975ad3023130cfd19f827950a99e3c

SHA1
40288330820627a82e1098c36b65593636ab9178

SHA256
508e7c530eaa3466153939f843baa66ffa70b27ad558caa14a8df279690469b2

SHA512
0bc7724718d8e44b42b87bc8aa6fd901d526693b60dc9e80f1b34c92091ae99ad3c978e5ce8d9806d58cf6aa92726558b940628e20df6dd4c9755589ddbcb5a6

Download Submit
C:\Windows\System\babjrtp.exe

Filesize
2.6MB

MD5
e30f68f483ec02ebd3218274a3ad162e

SHA1
49c4a8a982434593bacb4755a942c86c046edde5

SHA256
591050fc2c819849c9af1a2c89e56deb81c7e34c79d46c827b239fa67379d59e

SHA512
bd1589a30dc74ad7bd42f59a07ba0322e3bcb232f63763a9ce8bca5eb82d5fbfd634d41dd46a5fea79b9dfebbd8ef88c619a42c31f709539546eb5d777c388b9

Download Submit
C:\Windows\System\bcsofTT.exe

Filesize
2.6MB

MD5
1b4f118ae1f301920a3af772446d4595

SHA1
4310cf5c28089bf02dbb59bba35f39d7e2822f7f

SHA256
d1f174ab8b535075fae38234a6262748085020f5baf91f67cee9a14cd86c03c5

SHA512
cc5e20efb5716eac2b0470efe8dd2186cbca292ef3ddbaa31815469f8eb3c40faa56f4ea372bd7a3370e36179043226eb3652c9328e7343527b05e01872a5dab

Download Submit
C:\Windows\System\bhnMjkz.exe

Filesize
2.6MB

MD5
114bb02e3e362c2a612c73c02ca38a64

SHA1
7e651b6647c3bb11f200a96fb087fee51059d930

SHA256
2742a239fa6e3eefda8098a377e6eede7398925eeb095c881843d9b49b26cfeb

SHA512
1ac2ec5502dedff3ea40c7ff867f1d2b1a4b1e4e04c225f79f9796062749db380b18b22731d22feda530c72ee953c4bfb01fe91edf734cdaee7467bbb8b9de55

Download Submit
C:\Windows\System\cZedWNV.exe

Filesize
2.6MB

MD5
31a874fb203cc3cf8f2a672035947db7

SHA1
c299469ccf637299a26472a2ad9d9b549538add7

SHA256
f95b34151b9a98ca7fa943d59c744bbe7ee0c3582bc351a3e51f7a3e4cecec88

SHA512
6791e5097d5787f1176f14c603f3d15ae6a80ff394c05557e4c6772716c8c1449c40d3b25e8c1b9da6bf031e004942ca0e403bb948c62a1fcb2e6c26851913cc

Download Submit
C:\Windows\System\cexQjvl.exe

Filesize
2.6MB

MD5
2444b6de663f59c5ce75aa5863154757

SHA1
3dc3b1add859cf477e48749e30dea4527935c6f2

SHA256
802c67e2d1c0fd5562d949e8e2a22adeffeb1b28d7520dff11ba392c454bcdf4

SHA512
a8573635f74d558c414ccb36774c78c81ddbbfede51bf7cfdb1756b41cd98f7fb978162904d7d29319d56bfa64119f2d41dd27fa9db3aff3fa8d8e9803adac29

Download Submit
C:\Windows\System\gBfNruO.exe

Filesize
2.6MB

MD5
c09787713a70ca2936f4dc6323a9bb29

SHA1
40d931971700bad6c0d11333fc2da512cf135030

SHA256
08353cfa88b39733d976a47b6d79b967c16918bd699ffe285dc30c1de9299e93

SHA512
0a822d2373f1f4accc882eada71390f88ca0f61c2a75ec1d0c8a17b25ddb62fe3199a45d9e77337b5c1f888b3cde174c5891b6de80b67f16503ce8a77540d14e

Download Submit
C:\Windows\System\gyrwqwy.exe

Filesize
2.6MB

MD5
e619b573ebe34e8bf4120c528246e061

SHA1
fd6034ab2335857a9d1abc56c2d7ab3b1165f4a4

SHA256
d282cf7e8ded749635dccb5cd208a0ab95db7cf6f8839f72dd29ab168f0a9236

SHA512
9108647f4ff86bcf3373f942e1b3d01a4d3791c52e93bc5fc77a9351d249bf8f8fda12ccb0b2b003563c9f20760da342423fd4b2e6e9a521b7dd7bfa9536762d

Download Submit
C:\Windows\System\iLarVqJ.exe

Filesize
2.6MB

MD5
557c11e304e88fa86d8d7214ed1e9820

SHA1
76024c1917dcd9dd5a8fd89bcfa3bf3773453aa4

SHA256
9dad71b76b17808808105c1d71bff38069d4d89157fa3167c989ca590b4821f6

SHA512
176fbaee0157278fb41ec3fc79245b0aef51c9a6dcb5dfcac2b6cced3c336e6769a176f4a852a2d6a95890db3830ccbe2a64ee1ab86952c93c58209fba682091

Download Submit
C:\Windows\System\jYNTKGD.exe

Filesize
2.6MB

MD5
37d75680d22836c8544fee04855df8a8

SHA1
23491b8ea376b2adb9ac6ba661fe26489130a38c

SHA256
b5e0a701c8ad0e38233b97d7a82cb4cfa564db11305b11114e3ca6cdcf57eb42

SHA512
19fbefb391326e05af40a1298241ff06feff3b2261cf06e5a2c264d29236bce44a417dd0ae1986efe3be4f7e00dc62e44a70923f454c5cf16d42bf6ddddcc92a

Download Submit
C:\Windows\System\jdHrRiI.exe

Filesize
2.6MB

MD5
9ed54b3275777b5d0cd144e6b563fdf7

SHA1
dc9f1d74ad36f187e794aeb25f7a472caa6e85ca

SHA256
1d4496e1df4ddcf199654611ff3f9cc2b05a39c240293745f14a0d76a696251c

SHA512
ffe8685ecd69936e17aa4e719906c12bcd36c8ce151991a03b32cd30e3e55df184d45bee620b3ddc1bbe42f0a16b9e32aa0e8ca96fb7055661bff5263c563044

Download Submit
C:\Windows\System\kOQTocY.exe

Filesize
2.6MB

MD5
71a0668304eb907c8156295c64c037b9

SHA1
a861128d1e208db590c4366cb9bb94d3dd4bf44e

SHA256
70e3b019dc2250eabd9e3364116f9f3ed031c2d456af38a3f355d71ef6ab5b07

SHA512
a76b8a25443791f1f5f65fa3f6ab27174fc05fa0ff62af95ffc92217a31d0d50861a2a3bb9c1db69f918e7e96e98861b8e56b47e6ba86273ca67a90dc269cf3a

Download Submit
C:\Windows\System\nfcisoW.exe

Filesize
2.6MB

MD5
be43a3cc2025838f6a603ac39cf937fd

SHA1
f4b085ef27652e93515686fad7405f798bef44a7

SHA256
56fc1d50f97c1a5fa65d56909b532a5068826cb3eb97aa1e1e51bad9ce75b0b3

SHA512
9bf44d431ae2d90fe6c9f5cb89a0d61b7bf2cce4533074cda6a8e192facd06e211a1426c4c9dc4e85f01aaea9b232ac994ff9d5cce59a11bc39cee1ee9e3f9d6

Download Submit
C:\Windows\System\oGwJGAY.exe

Filesize
2.6MB

MD5
5f2b99d217c53fa30bd944a3fd72a537

SHA1
fd17ced83f8caa289481271ec5c0eec5d5fbf600

SHA256
d2097a9deb2f5ed56711f5f950d01e5f5bb8ecb1ad2a6eae4478dfdfd67c29c2

SHA512
3de039c38472b88b958b0c6307f6bea2fdcf1d74aaf788f6176196ec504982639850ef9d5a86d17966fc404bbae8efa8f87087a072b6e71d5920573545f17516

Download Submit
C:\Windows\System\ofSqvDw.exe

Filesize
2.6MB

MD5
85d1c2dbcf71aba2f9f481b55f123ec5

SHA1
582e2cdb8c5913048626541c126f129882c57eff

SHA256
e60f00b5f24250c56bab9ef1ebfd265e7bc358aa96aa34eb4967895304dc6541

SHA512
04bd51c3f165cf4eb4145b5d46755ba0d392214cf2f03b748aeb0bc0a6497f9bc76067aaaa364813c911737f6b1c8d109e5ada9fab960972e529541d8fafd064

Download Submit
C:\Windows\System\sCEMvRp.exe

Filesize
8B

MD5
b4264996759d988d82730e6958cf8074

SHA1
7bbc1f74a3ce00994d790da4622d87f15f45b523

SHA256
8ec7039187958fcd27e56e585c4d65242972777fffc8821de830bc1ff1727bca

SHA512
90e2f3e49d27ab4d11cbf031af514cf6fc3a8851362bc0086d9e25b2d97c3341159ec901fb19a665474ceb995371e4f69eda62c3d14f844ace445c61339d139c

Download Submit
C:\Windows\System\tJWQfih.exe

Filesize
2.6MB

MD5
dd16058eecc0ce192724624203d216b6

SHA1
5525d812d6b7889631e751e3bb82277bd2287107

SHA256
a2ae62f5b1125757f3526a4568fbd6e23b9c1ff5852e4660cf9f34064be6a022

SHA512
33205a1641e98b632f146c3f5aba9b93f31d44dcee7c77dca109f670c613d389bf4a7c4559f5aca3bed79b8a56d3d9ca96967911fea6d90007105e3441092782

Download Submit
C:\Windows\System\xRujkGb.exe

Filesize
2.6MB

MD5
07d26ce20744e5fc05785904f44f8ac5

SHA1
184f14c39b92b1c3390b10791634356533527acb

SHA256
fac00c14a295338c38da9f266714010927ef27c48b44fb957a5bc4d2d8035f68

SHA512
222d293b7b94ea85e112a69de62728092ec440c0e4a370c68deb6fa4e2039de72735d556b5229622b2da2cf9444872ac33c373f0e3e72e3b45087104da1daa2c

Download Submit
C:\Windows\System\ybsbuMX.exe

Filesize
2.6MB

MD5
e970faa17e57fb0928a89e32a14760f7

SHA1
06134e2bd27f50eeae299f40bfec48716871f246

SHA256
4324d6b255109eb5bbac151e05200e895e6a09469e8180919ead9eedfe9c3449

SHA512
240b70c743aa9de20fbcfdfb4b0b01e39bad378c8a4d97d21bf2ef97f4aa2fc25cc8816f5537042209d65b379034669d1c76c5efad98dd23f73efbef8b60c9ad

Download Submit
C:\Windows\System\zChHmAg.exe

Filesize
2.6MB

MD5
21b21d12af15f7ec10594985a9f694ce

SHA1
0b9672557d7d8a14f5c09df65a85b708ed8537a6

SHA256
7115d8fc85bbe9b46026ae17e1c7842f2afefdd2bce20e87d20e893a766413fd

SHA512
9bdcabe95aed191e347f48e62b274cf2d0c9fa0524831a583794c90d7dd27e149ab4b854585044975339c477e2878c87e71da8af52f6a89d8d3c1b2de75e5754

Download Submit
memory/544-1904-0x00007FF7292D0000-0x00007FF7296C6000-memory.dmp

Filesize
4.0MB

Download
memory/544-776-0x00007FF7292D0000-0x00007FF7296C6000-memory.dmp

Filesize
4.0MB

Download
memory/544-1922-0x00007FF7292D0000-0x00007FF7296C6000-memory.dmp

Filesize
4.0MB

Download
memory/896-1928-0x00007FF671380000-0x00007FF671776000-memory.dmp

Filesize
4.0MB

Download
memory/896-830-0x00007FF671380000-0x00007FF671776000-memory.dmp

Filesize
4.0MB

Download
memory/1128-1936-0x00007FF723E40000-0x00007FF724236000-memory.dmp

Filesize
4.0MB

Download
memory/1128-853-0x00007FF723E40000-0x00007FF724236000-memory.dmp

Filesize
4.0MB

Download
memory/1544-1930-0x00007FF6722B0000-0x00007FF6726A6000-memory.dmp

Filesize
4.0MB

Download
memory/1544-800-0x00007FF6722B0000-0x00007FF6726A6000-memory.dmp

Filesize
4.0MB

Download
memory/1716-1923-0x00007FF683780000-0x00007FF683B76000-memory.dmp

Filesize
4.0MB

Download
memory/1716-822-0x00007FF683780000-0x00007FF683B76000-memory.dmp

Filesize
4.0MB

Download
memory/1756-0-0x00007FF6D9FC0000-0x00007FF6DA3B6000-memory.dmp

Filesize
4.0MB

Download
memory/1756-1-0x00000252A2BE0000-0x00000252A2BF0000-memory.dmp

Filesize
64KB

Download
memory/2060-1935-0x00007FF7437E0000-0x00007FF743BD6000-memory.dmp

Filesize
4.0MB

Download
memory/2060-865-0x00007FF7437E0000-0x00007FF743BD6000-memory.dmp

Filesize
4.0MB

Download
memory/2220-1931-0x00007FF68B090000-0x00007FF68B486000-memory.dmp

Filesize
4.0MB

Download
memory/2220-794-0x00007FF68B090000-0x00007FF68B486000-memory.dmp

Filesize
4.0MB

Download
memory/2448-27-0x00007FF69BCD0000-0x00007FF69C0C6000-memory.dmp

Filesize
4.0MB

Download
memory/2448-1916-0x00007FF69BCD0000-0x00007FF69C0C6000-memory.dmp

Filesize
4.0MB

Download
memory/2448-1902-0x00007FF69BCD0000-0x00007FF69C0C6000-memory.dmp

Filesize
4.0MB

Download
memory/2564-1917-0x00007FF6F2150000-0x00007FF6F2546000-memory.dmp

Filesize
4.0MB

Download
memory/2564-41-0x00007FF6F2150000-0x00007FF6F2546000-memory.dmp

Filesize
4.0MB

Download
memory/2832-20-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp

Filesize
4.0MB

Download
memory/2832-1901-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp

Filesize
4.0MB

Download
memory/2832-1915-0x00007FF615AE0000-0x00007FF615ED6000-memory.dmp

Filesize
4.0MB

Download
memory/2892-778-0x00007FF7B6670000-0x00007FF7B6A66000-memory.dmp

Filesize
4.0MB

Download
memory/2892-1926-0x00007FF7B6670000-0x00007FF7B6A66000-memory.dmp

Filesize
4.0MB

Download
memory/2928-1919-0x00007FF618CD0000-0x00007FF6190C6000-memory.dmp

Filesize
4.0MB

Download
memory/2928-49-0x00007FF618CD0000-0x00007FF6190C6000-memory.dmp

Filesize
4.0MB

Download
memory/3412-777-0x00007FF73FFB0000-0x00007FF7403A6000-memory.dmp

Filesize
4.0MB

Download
memory/3412-1921-0x00007FF73FFB0000-0x00007FF7403A6000-memory.dmp

Filesize
4.0MB

Download
memory/3668-1918-0x00007FF627110000-0x00007FF627506000-memory.dmp

Filesize
4.0MB

Download
memory/3668-36-0x00007FF627110000-0x00007FF627506000-memory.dmp

Filesize
4.0MB

Download
memory/3668-1903-0x00007FF627110000-0x00007FF627506000-memory.dmp

Filesize
4.0MB

Download
memory/3684-779-0x00007FF7FDA30000-0x00007FF7FDE26000-memory.dmp

Filesize
4.0MB

Download
memory/3684-1925-0x00007FF7FDA30000-0x00007FF7FDE26000-memory.dmp

Filesize
4.0MB

Download
memory/3732-781-0x00007FF7FD670000-0x00007FF7FDA66000-memory.dmp

Filesize
4.0MB

Download
memory/3732-1932-0x00007FF7FD670000-0x00007FF7FDA66000-memory.dmp

Filesize
4.0MB

Download
memory/3884-119-0x000001E541130000-0x000001E541152000-memory.dmp

Filesize
136KB

Download
memory/3884-940-0x000001E55BFF0000-0x000001E55C796000-memory.dmp

Filesize
7.6MB

Download
memory/4020-1927-0x00007FF6B8BF0000-0x00007FF6B8FE6000-memory.dmp

Filesize
4.0MB

Download
memory/4020-875-0x00007FF6B8BF0000-0x00007FF6B8FE6000-memory.dmp

Filesize
4.0MB

Download
memory/4100-1920-0x00007FF716830000-0x00007FF716C26000-memory.dmp

Filesize
4.0MB

Download
memory/4100-871-0x00007FF716830000-0x00007FF716C26000-memory.dmp

Filesize
4.0MB

Download
memory/4356-780-0x00007FF644CB0000-0x00007FF6450A6000-memory.dmp

Filesize
4.0MB

Download
memory/4356-1924-0x00007FF644CB0000-0x00007FF6450A6000-memory.dmp

Filesize
4.0MB

Download
memory/4520-809-0x00007FF62CA60000-0x00007FF62CE56000-memory.dmp

Filesize
4.0MB

Download
memory/4520-1929-0x00007FF62CA60000-0x00007FF62CE56000-memory.dmp

Filesize
4.0MB

Download
memory/4524-1937-0x00007FF68D330000-0x00007FF68D726000-memory.dmp

Filesize
4.0MB

Download
memory/4524-844-0x00007FF68D330000-0x00007FF68D726000-memory.dmp

Filesize
4.0MB

Download
memory/4596-1914-0x00007FF67F130000-0x00007FF67F526000-memory.dmp

Filesize
4.0MB

Download
memory/4596-11-0x00007FF67F130000-0x00007FF67F526000-memory.dmp

Filesize
4.0MB

Download
memory/4848-1933-0x00007FF72A360000-0x00007FF72A756000-memory.dmp

Filesize
4.0MB

Download
memory/4848-843-0x00007FF72A360000-0x00007FF72A756000-memory.dmp

Filesize
4.0MB

Download
memory/4976-869-0x00007FF744C50000-0x00007FF745046000-memory.dmp

Filesize
4.0MB

Download
memory/4976-1934-0x00007FF744C50000-0x00007FF745046000-memory.dmp

Filesize
4.0MB

Download