xmrig | 9ff2e109801b61a6edbb6fdc33033ad0a9d381d190c013ac2eee602bf6013c16

Analysis

max time kernel
126s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
Size

2.6MB
MD5

8eb57ce74dae8e219911acc795500170
SHA1

706f7ad4c60043cf3bd533f84aaed952fe81e40c
SHA256

9ff2e109801b61a6edbb6fdc33033ad0a9d381d190c013ac2eee602bf6013c16
SHA512

e82cd575532fd12d3308a8758288cfbee06eb36874031d00e228fd902f047f2da07c1b79c66063b0ed4251f5c22a2a55ef19f64aa707bc38d29090f9b4bfbf8d
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkyW10/w16BvZ+I+:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2RE

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1052-0-0x00007FF7EFA90000-0x00007FF7EFE86000-memory.dmp	xmrig
behavioral2/files/0x0006000000022fa8-5.dat	xmrig
behavioral2/files/0x000700000002349a-10.dat	xmrig
behavioral2/files/0x000700000002349b-9.dat	xmrig
behavioral2/files/0x000700000002349c-19.dat	xmrig
behavioral2/files/0x000700000002349d-38.dat	xmrig
behavioral2/files/0x00070000000234a2-53.dat	xmrig
behavioral2/files/0x00080000000234a0-67.dat	xmrig
behavioral2/files/0x000800000002349f-70.dat	xmrig
behavioral2/files/0x00070000000234a9-111.dat	xmrig
behavioral2/files/0x00070000000234b1-132.dat	xmrig
behavioral2/files/0x00070000000234b6-177.dat	xmrig
behavioral2/memory/2240-182-0x00007FF7AD820000-0x00007FF7ADC16000-memory.dmp	xmrig
behavioral2/memory/4604-186-0x00007FF6A68B0000-0x00007FF6A6CA6000-memory.dmp	xmrig
behavioral2/memory/4912-189-0x00007FF699590000-0x00007FF699986000-memory.dmp	xmrig
behavioral2/memory/1760-193-0x00007FF7C1100000-0x00007FF7C14F6000-memory.dmp	xmrig
behavioral2/memory/540-194-0x00007FF7F6F20000-0x00007FF7F7316000-memory.dmp	xmrig
behavioral2/memory/4544-192-0x00007FF765FE0000-0x00007FF7663D6000-memory.dmp	xmrig
behavioral2/memory/1988-191-0x00007FF6EF910000-0x00007FF6EFD06000-memory.dmp	xmrig
behavioral2/memory/4360-190-0x00007FF71A690000-0x00007FF71AA86000-memory.dmp	xmrig
behavioral2/memory/4780-188-0x00007FF7FC5B0000-0x00007FF7FC9A6000-memory.dmp	xmrig
behavioral2/memory/1572-187-0x00007FF7C0930000-0x00007FF7C0D26000-memory.dmp	xmrig
behavioral2/memory/1304-185-0x00007FF709E10000-0x00007FF70A206000-memory.dmp	xmrig
behavioral2/memory/660-184-0x00007FF77CE10000-0x00007FF77D206000-memory.dmp	xmrig
behavioral2/memory/4484-183-0x00007FF645130000-0x00007FF645526000-memory.dmp	xmrig
behavioral2/memory/1752-181-0x00007FF6E4B10000-0x00007FF6E4F06000-memory.dmp	xmrig
behavioral2/files/0x00070000000234b7-179.dat	xmrig
behavioral2/files/0x00070000000234b5-175.dat	xmrig
behavioral2/memory/636-174-0x00007FF6CEF50000-0x00007FF6CF346000-memory.dmp	xmrig
behavioral2/memory/4064-173-0x00007FF7F5630000-0x00007FF7F5A26000-memory.dmp	xmrig
behavioral2/files/0x00070000000234b4-171.dat	xmrig
behavioral2/files/0x00070000000234b3-169.dat	xmrig
behavioral2/files/0x00070000000234b2-167.dat	xmrig
behavioral2/memory/2376-166-0x00007FF767B30000-0x00007FF767F26000-memory.dmp	xmrig
behavioral2/files/0x00070000000234b0-162.dat	xmrig
behavioral2/memory/3388-161-0x00007FF666AF0000-0x00007FF666EE6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234ae-159.dat	xmrig
behavioral2/files/0x00070000000234ad-156.dat	xmrig
behavioral2/files/0x00070000000234ab-152.dat	xmrig
behavioral2/memory/2140-148-0x00007FF7BF790000-0x00007FF7BFB86000-memory.dmp	xmrig
behavioral2/memory/3816-147-0x00007FF719D70000-0x00007FF71A166000-memory.dmp	xmrig
behavioral2/files/0x00070000000234aa-143.dat	xmrig
behavioral2/files/0x00070000000234ac-138.dat	xmrig
behavioral2/memory/1672-128-0x00007FF60CF50000-0x00007FF60D346000-memory.dmp	xmrig
behavioral2/files/0x00070000000234af-124.dat	xmrig
behavioral2/files/0x00070000000234a7-121.dat	xmrig
behavioral2/memory/2720-107-0x00007FF798640000-0x00007FF798A36000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a8-105.dat	xmrig
behavioral2/memory/3536-102-0x00007FF6AF280000-0x00007FF6AF676000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a6-110.dat	xmrig
behavioral2/files/0x00070000000234aa-100.dat	xmrig
behavioral2/files/0x00070000000234a4-97.dat	xmrig
behavioral2/files/0x00070000000234a5-85.dat	xmrig
behavioral2/files/0x00070000000234a3-65.dat	xmrig
behavioral2/memory/212-61-0x00007FF6A9920000-0x00007FF6A9D16000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a1-51.dat	xmrig
behavioral2/files/0x000700000002349e-49.dat	xmrig
behavioral2/files/0x00070000000234da-307.dat	xmrig
behavioral2/files/0x00070000000234b8-304.dat	xmrig
behavioral2/memory/212-2052-0x00007FF6A9920000-0x00007FF6A9D16000-memory.dmp	xmrig
behavioral2/memory/3536-2053-0x00007FF6AF280000-0x00007FF6AF676000-memory.dmp	xmrig
behavioral2/memory/4912-2054-0x00007FF699590000-0x00007FF699986000-memory.dmp	xmrig
behavioral2/memory/1672-2058-0x00007FF60CF50000-0x00007FF60D346000-memory.dmp	xmrig
behavioral2/memory/2376-2062-0x00007FF767B30000-0x00007FF767F26000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
7	3636	powershell.exe
9	3636	powershell.exe
11	3636	powershell.exe
12	3636	powershell.exe
14	3636	powershell.exe
24	3636	powershell.exe
26	3636	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3636	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
212	HmUfXfs.exe
4912	nbNXcXZ.exe
3536	XRMQqbr.exe
2720	ElkwAGP.exe
1672	xfHPswE.exe
4360	sGUhaUq.exe
3816	HSSYuQg.exe
2140	eAkTmnR.exe
1988	wnPAwFk.exe
3388	ZjdIhvf.exe
2376	tDHkElh.exe
4064	oPknAdo.exe
636	KcGvFok.exe
1752	SfMMhoB.exe
2240	IoKcRMB.exe
4544	OMqKlsu.exe
4484	xgFUHLP.exe
1760	REgvinx.exe
660	rMWZwxr.exe
1304	DiEZndg.exe
4604	VyOOWol.exe
1572	ZdcKWVr.exe
4780	fvUKMKV.exe
540	cYHyeyb.exe
3672	lxBGyjE.exe
1220	CSIrEaB.exe
4472	xTxtAhs.exe
516	RpeibuF.exe
4800	IJcWDmf.exe
2968	PhptZpH.exe
5040	hTcKVLV.exe
2408	rhycflr.exe
4468	IONpbpy.exe
4496	ieAdlCx.exe
5072	iHrSnbp.exe
1232	ADFEhQA.exe
1360	OUBXYmm.exe
2756	OwopJGu.exe
4388	uePTbEl.exe
4288	VKpSQfk.exe
4772	vBOPpkQ.exe
1600	pnDLnrg.exe
3988	rIooShc.exe
4204	MlfBIvb.exe
3700	nzmztcX.exe
1628	YKTEDat.exe
1116	zXouafX.exe
5000	gWbfABL.exe
472	VauHLhZ.exe
2596	teHbvCl.exe
4592	AOAWefh.exe
2804	jjZUDjc.exe
2492	BeXjHyL.exe
2788	StxADaJ.exe
3472	LoOrGrj.exe
4728	wZKzbXE.exe
2544	gAfipYj.exe
3732	IzNuXhl.exe
2004	waJEawu.exe
456	BAIcRpn.exe
852	LHCzPzM.exe
5032	KTQszHs.exe
3468	YszRThB.exe
2652	VdqObCU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1052-0-0x00007FF7EFA90000-0x00007FF7EFE86000-memory.dmp	upx
behavioral2/files/0x0006000000022fa8-5.dat	upx
behavioral2/files/0x000700000002349a-10.dat	upx
behavioral2/files/0x000700000002349b-9.dat	upx
behavioral2/files/0x000700000002349c-19.dat	upx
behavioral2/files/0x000700000002349d-38.dat	upx
behavioral2/files/0x00070000000234a2-53.dat	upx
behavioral2/files/0x00080000000234a0-67.dat	upx
behavioral2/files/0x000800000002349f-70.dat	upx
behavioral2/files/0x00070000000234a9-111.dat	upx
behavioral2/files/0x00070000000234b1-132.dat	upx
behavioral2/files/0x00070000000234b6-177.dat	upx
behavioral2/memory/2240-182-0x00007FF7AD820000-0x00007FF7ADC16000-memory.dmp	upx
behavioral2/memory/4604-186-0x00007FF6A68B0000-0x00007FF6A6CA6000-memory.dmp	upx
behavioral2/memory/4912-189-0x00007FF699590000-0x00007FF699986000-memory.dmp	upx
behavioral2/memory/1760-193-0x00007FF7C1100000-0x00007FF7C14F6000-memory.dmp	upx
behavioral2/memory/540-194-0x00007FF7F6F20000-0x00007FF7F7316000-memory.dmp	upx
behavioral2/memory/4544-192-0x00007FF765FE0000-0x00007FF7663D6000-memory.dmp	upx
behavioral2/memory/1988-191-0x00007FF6EF910000-0x00007FF6EFD06000-memory.dmp	upx
behavioral2/memory/4360-190-0x00007FF71A690000-0x00007FF71AA86000-memory.dmp	upx
behavioral2/memory/4780-188-0x00007FF7FC5B0000-0x00007FF7FC9A6000-memory.dmp	upx
behavioral2/memory/1572-187-0x00007FF7C0930000-0x00007FF7C0D26000-memory.dmp	upx
behavioral2/memory/1304-185-0x00007FF709E10000-0x00007FF70A206000-memory.dmp	upx
behavioral2/memory/660-184-0x00007FF77CE10000-0x00007FF77D206000-memory.dmp	upx
behavioral2/memory/4484-183-0x00007FF645130000-0x00007FF645526000-memory.dmp	upx
behavioral2/memory/1752-181-0x00007FF6E4B10000-0x00007FF6E4F06000-memory.dmp	upx
behavioral2/files/0x00070000000234b7-179.dat	upx
behavioral2/files/0x00070000000234b5-175.dat	upx
behavioral2/memory/636-174-0x00007FF6CEF50000-0x00007FF6CF346000-memory.dmp	upx
behavioral2/memory/4064-173-0x00007FF7F5630000-0x00007FF7F5A26000-memory.dmp	upx
behavioral2/files/0x00070000000234b4-171.dat	upx
behavioral2/files/0x00070000000234b3-169.dat	upx
behavioral2/files/0x00070000000234b2-167.dat	upx
behavioral2/memory/2376-166-0x00007FF767B30000-0x00007FF767F26000-memory.dmp	upx
behavioral2/files/0x00070000000234b0-162.dat	upx
behavioral2/memory/3388-161-0x00007FF666AF0000-0x00007FF666EE6000-memory.dmp	upx
behavioral2/files/0x00070000000234ae-159.dat	upx
behavioral2/files/0x00070000000234ad-156.dat	upx
behavioral2/files/0x00070000000234ab-152.dat	upx
behavioral2/memory/2140-148-0x00007FF7BF790000-0x00007FF7BFB86000-memory.dmp	upx
behavioral2/memory/3816-147-0x00007FF719D70000-0x00007FF71A166000-memory.dmp	upx
behavioral2/files/0x00070000000234aa-143.dat	upx
behavioral2/files/0x00070000000234ac-138.dat	upx
behavioral2/memory/1672-128-0x00007FF60CF50000-0x00007FF60D346000-memory.dmp	upx
behavioral2/files/0x00070000000234af-124.dat	upx
behavioral2/files/0x00070000000234a7-121.dat	upx
behavioral2/memory/2720-107-0x00007FF798640000-0x00007FF798A36000-memory.dmp	upx
behavioral2/files/0x00070000000234a8-105.dat	upx
behavioral2/memory/3536-102-0x00007FF6AF280000-0x00007FF6AF676000-memory.dmp	upx
behavioral2/files/0x00070000000234a6-110.dat	upx
behavioral2/files/0x00070000000234aa-100.dat	upx
behavioral2/files/0x00070000000234a4-97.dat	upx
behavioral2/files/0x00070000000234a5-85.dat	upx
behavioral2/files/0x00070000000234a3-65.dat	upx
behavioral2/memory/212-61-0x00007FF6A9920000-0x00007FF6A9D16000-memory.dmp	upx
behavioral2/files/0x00070000000234a1-51.dat	upx
behavioral2/files/0x000700000002349e-49.dat	upx
behavioral2/files/0x00070000000234da-307.dat	upx
behavioral2/files/0x00070000000234b8-304.dat	upx
behavioral2/memory/212-2052-0x00007FF6A9920000-0x00007FF6A9D16000-memory.dmp	upx
behavioral2/memory/3536-2053-0x00007FF6AF280000-0x00007FF6AF676000-memory.dmp	upx
behavioral2/memory/4912-2054-0x00007FF699590000-0x00007FF699986000-memory.dmp	upx
behavioral2/memory/1672-2058-0x00007FF60CF50000-0x00007FF60D346000-memory.dmp	upx
behavioral2/memory/2376-2062-0x00007FF767B30000-0x00007FF767F26000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
6	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nbNXcXZ.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\ZJXZfnp.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\usNTtXG.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\NlscdEi.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\lskuZSD.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\nyuowlF.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\PBgmPcy.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\ZLyrBRF.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\AvbOtoa.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\btFETjl.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\oVwhLic.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\ZLbpQCq.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\iZstpEg.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\IdMXFEd.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\bnncOrC.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\DiEZndg.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\yhMEjrz.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\xqdnOoG.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\vfNuNfI.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\RKyVepU.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\qyHpAtb.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\ZNStuky.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\XvpuYof.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\lxBGyjE.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\RfjALpR.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\dwjJwct.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\zLHPFcz.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\nHkfVDI.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\abPGYvp.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\TxGrOuQ.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\WBVfhhw.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\rAXefIP.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\HYcclhZ.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\QsUpNbq.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\nlbPYeU.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\OKNIrAl.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\tanBunR.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\alQLwRd.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\gpxfNFQ.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\SkkzmxE.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\fszXTHP.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\JLKFmiZ.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\qwYAxdO.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\VwJCagL.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\gAfipYj.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\HPZDHKp.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\JuARiaQ.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\jLiVdwv.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\pdVifjW.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\RpeibuF.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\ncHNUqV.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\WEVHhIR.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\JzphSMP.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\QBuSBvT.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\PsyYwdi.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\qCCHuma.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\MurNYtS.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\JnAvPpK.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\iBGMNyH.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\eOwtQYJ.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\nyuaWMR.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\FsQkqOa.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\XFmDIsI.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
File created	C:\Windows\System\PhptZpH.exe	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3636	powershell.exe
3636	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
Token: SeDebugPrivilege	3636	powershell.exe
Token: SeLockMemoryPrivilege	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
Token: SeCreateGlobalPrivilege	10700	dwm.exe
Token: SeChangeNotifyPrivilege	10700	dwm.exe
Token: 33	10700	dwm.exe
Token: SeIncBasePriorityPrivilege	10700	dwm.exe
Token: SeShutdownPrivilege	10700	dwm.exe
Token: SeCreatePagefilePrivilege	10700	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3636	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	87
PID 1052 wrote to memory of 3636	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	87
PID 1052 wrote to memory of 212	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	88
PID 1052 wrote to memory of 212	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	88
PID 1052 wrote to memory of 4912	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	89
PID 1052 wrote to memory of 4912	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	89
PID 1052 wrote to memory of 3536	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	90
PID 1052 wrote to memory of 3536	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	90
PID 1052 wrote to memory of 2720	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	91
PID 1052 wrote to memory of 2720	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	91
PID 1052 wrote to memory of 1672	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	92
PID 1052 wrote to memory of 1672	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	92
PID 1052 wrote to memory of 4360	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	93
PID 1052 wrote to memory of 4360	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	93
PID 1052 wrote to memory of 3816	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	94
PID 1052 wrote to memory of 3816	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	94
PID 1052 wrote to memory of 2140	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	95
PID 1052 wrote to memory of 2140	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	95
PID 1052 wrote to memory of 1988	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	96
PID 1052 wrote to memory of 1988	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	96
PID 1052 wrote to memory of 3388	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	97
PID 1052 wrote to memory of 3388	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	97
PID 1052 wrote to memory of 2376	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	98
PID 1052 wrote to memory of 2376	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	98
PID 1052 wrote to memory of 4064	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	99
PID 1052 wrote to memory of 4064	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	99
PID 1052 wrote to memory of 636	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	100
PID 1052 wrote to memory of 636	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	100
PID 1052 wrote to memory of 1752	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	101
PID 1052 wrote to memory of 1752	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	101
PID 1052 wrote to memory of 2240	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	102
PID 1052 wrote to memory of 2240	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	102
PID 1052 wrote to memory of 4544	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	103
PID 1052 wrote to memory of 4544	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	103
PID 1052 wrote to memory of 1760	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	104
PID 1052 wrote to memory of 1760	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	104
PID 1052 wrote to memory of 4484	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	105
PID 1052 wrote to memory of 4484	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	105
PID 1052 wrote to memory of 660	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	106
PID 1052 wrote to memory of 660	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	106
PID 1052 wrote to memory of 1304	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	107
PID 1052 wrote to memory of 1304	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	107
PID 1052 wrote to memory of 4604	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	108
PID 1052 wrote to memory of 4604	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	108
PID 1052 wrote to memory of 1572	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	109
PID 1052 wrote to memory of 1572	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	109
PID 1052 wrote to memory of 4780	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	110
PID 1052 wrote to memory of 4780	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	110
PID 1052 wrote to memory of 540	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	111
PID 1052 wrote to memory of 540	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	111
PID 1052 wrote to memory of 3672	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	112
PID 1052 wrote to memory of 3672	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	112
PID 1052 wrote to memory of 1220	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	113
PID 1052 wrote to memory of 1220	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	113
PID 1052 wrote to memory of 4472	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	114
PID 1052 wrote to memory of 4472	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	114
PID 1052 wrote to memory of 516	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	115
PID 1052 wrote to memory of 516	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	115
PID 1052 wrote to memory of 4800	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	116
PID 1052 wrote to memory of 4800	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	116
PID 1052 wrote to memory of 2968	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	117
PID 1052 wrote to memory of 2968	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	117
PID 1052 wrote to memory of 5040	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	118
PID 1052 wrote to memory of 5040	1052	8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe	118

C:\Users\Admin\AppData\Local\Temp\8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8eb57ce74dae8e219911acc795500170_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3636
- C:\Windows\System\HmUfXfs.exe
  C:\Windows\System\HmUfXfs.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\nbNXcXZ.exe
  C:\Windows\System\nbNXcXZ.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\XRMQqbr.exe
  C:\Windows\System\XRMQqbr.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\ElkwAGP.exe
  C:\Windows\System\ElkwAGP.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\xfHPswE.exe
  C:\Windows\System\xfHPswE.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\sGUhaUq.exe
  C:\Windows\System\sGUhaUq.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\HSSYuQg.exe
  C:\Windows\System\HSSYuQg.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\eAkTmnR.exe
  C:\Windows\System\eAkTmnR.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\wnPAwFk.exe
  C:\Windows\System\wnPAwFk.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\ZjdIhvf.exe
  C:\Windows\System\ZjdIhvf.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\tDHkElh.exe
  C:\Windows\System\tDHkElh.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\oPknAdo.exe
  C:\Windows\System\oPknAdo.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\KcGvFok.exe
  C:\Windows\System\KcGvFok.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\SfMMhoB.exe
  C:\Windows\System\SfMMhoB.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\IoKcRMB.exe
  C:\Windows\System\IoKcRMB.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\OMqKlsu.exe
  C:\Windows\System\OMqKlsu.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\REgvinx.exe
  C:\Windows\System\REgvinx.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\xgFUHLP.exe
  C:\Windows\System\xgFUHLP.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\rMWZwxr.exe
  C:\Windows\System\rMWZwxr.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\DiEZndg.exe
  C:\Windows\System\DiEZndg.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\VyOOWol.exe
  C:\Windows\System\VyOOWol.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\ZdcKWVr.exe
  C:\Windows\System\ZdcKWVr.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\fvUKMKV.exe
  C:\Windows\System\fvUKMKV.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\cYHyeyb.exe
  C:\Windows\System\cYHyeyb.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\lxBGyjE.exe
  C:\Windows\System\lxBGyjE.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\CSIrEaB.exe
  C:\Windows\System\CSIrEaB.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\xTxtAhs.exe
  C:\Windows\System\xTxtAhs.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\RpeibuF.exe
  C:\Windows\System\RpeibuF.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\IJcWDmf.exe
  C:\Windows\System\IJcWDmf.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\PhptZpH.exe
  C:\Windows\System\PhptZpH.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\hTcKVLV.exe
  C:\Windows\System\hTcKVLV.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\rhycflr.exe
  C:\Windows\System\rhycflr.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\IONpbpy.exe
  C:\Windows\System\IONpbpy.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\ieAdlCx.exe
  C:\Windows\System\ieAdlCx.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\iHrSnbp.exe
  C:\Windows\System\iHrSnbp.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\ADFEhQA.exe
  C:\Windows\System\ADFEhQA.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\OUBXYmm.exe
  C:\Windows\System\OUBXYmm.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\OwopJGu.exe
  C:\Windows\System\OwopJGu.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\uePTbEl.exe
  C:\Windows\System\uePTbEl.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\VKpSQfk.exe
  C:\Windows\System\VKpSQfk.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\vBOPpkQ.exe
  C:\Windows\System\vBOPpkQ.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\pnDLnrg.exe
  C:\Windows\System\pnDLnrg.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\rIooShc.exe
  C:\Windows\System\rIooShc.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\MlfBIvb.exe
  C:\Windows\System\MlfBIvb.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\nzmztcX.exe
  C:\Windows\System\nzmztcX.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\YKTEDat.exe
  C:\Windows\System\YKTEDat.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\zXouafX.exe
  C:\Windows\System\zXouafX.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\gWbfABL.exe
  C:\Windows\System\gWbfABL.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\VauHLhZ.exe
  C:\Windows\System\VauHLhZ.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\teHbvCl.exe
  C:\Windows\System\teHbvCl.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\AOAWefh.exe
  C:\Windows\System\AOAWefh.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\jjZUDjc.exe
  C:\Windows\System\jjZUDjc.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\BeXjHyL.exe
  C:\Windows\System\BeXjHyL.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\StxADaJ.exe
  C:\Windows\System\StxADaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\LoOrGrj.exe
  C:\Windows\System\LoOrGrj.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\wZKzbXE.exe
  C:\Windows\System\wZKzbXE.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\gAfipYj.exe
  C:\Windows\System\gAfipYj.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\IzNuXhl.exe
  C:\Windows\System\IzNuXhl.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\waJEawu.exe
  C:\Windows\System\waJEawu.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\BAIcRpn.exe
  C:\Windows\System\BAIcRpn.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\LHCzPzM.exe
  C:\Windows\System\LHCzPzM.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\KTQszHs.exe
  C:\Windows\System\KTQszHs.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\YszRThB.exe
  C:\Windows\System\YszRThB.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\VdqObCU.exe
  C:\Windows\System\VdqObCU.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\ovbRXLp.exe
  C:\Windows\System\ovbRXLp.exe
  2⤵
  PID:1420
- C:\Windows\System\lQSbCbz.exe
  C:\Windows\System\lQSbCbz.exe
  2⤵
  PID:624
- C:\Windows\System\AwvhxxS.exe
  C:\Windows\System\AwvhxxS.exe
  2⤵
  PID:1132
- C:\Windows\System\fRIpmiq.exe
  C:\Windows\System\fRIpmiq.exe
  2⤵
  PID:1236
- C:\Windows\System\ncHNUqV.exe
  C:\Windows\System\ncHNUqV.exe
  2⤵
  PID:4212
- C:\Windows\System\MmUOJzc.exe
  C:\Windows\System\MmUOJzc.exe
  2⤵
  PID:4108
- C:\Windows\System\PBgmPcy.exe
  C:\Windows\System\PBgmPcy.exe
  2⤵
  PID:3160
- C:\Windows\System\RNykYPv.exe
  C:\Windows\System\RNykYPv.exe
  2⤵
  PID:4348
- C:\Windows\System\yprhHsb.exe
  C:\Windows\System\yprhHsb.exe
  2⤵
  PID:3620
- C:\Windows\System\yLomQOn.exe
  C:\Windows\System\yLomQOn.exe
  2⤵
  PID:1932
- C:\Windows\System\TzxmjyA.exe
  C:\Windows\System\TzxmjyA.exe
  2⤵
  PID:3228
- C:\Windows\System\mXeCEjW.exe
  C:\Windows\System\mXeCEjW.exe
  2⤵
  PID:940
- C:\Windows\System\YCIyqfE.exe
  C:\Windows\System\YCIyqfE.exe
  2⤵
  PID:1028
- C:\Windows\System\qnkXeUs.exe
  C:\Windows\System\qnkXeUs.exe
  2⤵
  PID:4972
- C:\Windows\System\cxMDkUk.exe
  C:\Windows\System\cxMDkUk.exe
  2⤵
  PID:4328
- C:\Windows\System\gJaywBi.exe
  C:\Windows\System\gJaywBi.exe
  2⤵
  PID:4316
- C:\Windows\System\irYrvwZ.exe
  C:\Windows\System\irYrvwZ.exe
  2⤵
  PID:2364
- C:\Windows\System\MGMZGxg.exe
  C:\Windows\System\MGMZGxg.exe
  2⤵
  PID:1824
- C:\Windows\System\LFRlfgH.exe
  C:\Windows\System\LFRlfgH.exe
  2⤵
  PID:5140
- C:\Windows\System\NbEuRHr.exe
  C:\Windows\System\NbEuRHr.exe
  2⤵
  PID:5184
- C:\Windows\System\LyfkqjB.exe
  C:\Windows\System\LyfkqjB.exe
  2⤵
  PID:5224
- C:\Windows\System\JzphSMP.exe
  C:\Windows\System\JzphSMP.exe
  2⤵
  PID:5256
- C:\Windows\System\NAFfEwv.exe
  C:\Windows\System\NAFfEwv.exe
  2⤵
  PID:5296
- C:\Windows\System\IdzvGhg.exe
  C:\Windows\System\IdzvGhg.exe
  2⤵
  PID:5332
- C:\Windows\System\lmsLzXW.exe
  C:\Windows\System\lmsLzXW.exe
  2⤵
  PID:5356
- C:\Windows\System\ZLyrBRF.exe
  C:\Windows\System\ZLyrBRF.exe
  2⤵
  PID:5396
- C:\Windows\System\EBLNxCf.exe
  C:\Windows\System\EBLNxCf.exe
  2⤵
  PID:5428
- C:\Windows\System\tFkkhAP.exe
  C:\Windows\System\tFkkhAP.exe
  2⤵
  PID:5448
- C:\Windows\System\nXMqCYi.exe
  C:\Windows\System\nXMqCYi.exe
  2⤵
  PID:5488
- C:\Windows\System\YdQzNvJ.exe
  C:\Windows\System\YdQzNvJ.exe
  2⤵
  PID:5540
- C:\Windows\System\ynAKNfO.exe
  C:\Windows\System\ynAKNfO.exe
  2⤵
  PID:5572
- C:\Windows\System\GZbcXgx.exe
  C:\Windows\System\GZbcXgx.exe
  2⤵
  PID:5604
- C:\Windows\System\oKtSEJe.exe
  C:\Windows\System\oKtSEJe.exe
  2⤵
  PID:5636
- C:\Windows\System\YaopryX.exe
  C:\Windows\System\YaopryX.exe
  2⤵
  PID:5664
- C:\Windows\System\alQLwRd.exe
  C:\Windows\System\alQLwRd.exe
  2⤵
  PID:5712
- C:\Windows\System\HNTjQXh.exe
  C:\Windows\System\HNTjQXh.exe
  2⤵
  PID:5736
- C:\Windows\System\HPZDHKp.exe
  C:\Windows\System\HPZDHKp.exe
  2⤵
  PID:5764
- C:\Windows\System\RCVMYHb.exe
  C:\Windows\System\RCVMYHb.exe
  2⤵
  PID:5784
- C:\Windows\System\sYlpjdI.exe
  C:\Windows\System\sYlpjdI.exe
  2⤵
  PID:5824
- C:\Windows\System\QaSHsje.exe
  C:\Windows\System\QaSHsje.exe
  2⤵
  PID:5860
- C:\Windows\System\ifNFDko.exe
  C:\Windows\System\ifNFDko.exe
  2⤵
  PID:5888
- C:\Windows\System\AvbOtoa.exe
  C:\Windows\System\AvbOtoa.exe
  2⤵
  PID:5920
- C:\Windows\System\iVjwHQJ.exe
  C:\Windows\System\iVjwHQJ.exe
  2⤵
  PID:5960
- C:\Windows\System\HGmJWdW.exe
  C:\Windows\System\HGmJWdW.exe
  2⤵
  PID:5996
- C:\Windows\System\VcrlgYL.exe
  C:\Windows\System\VcrlgYL.exe
  2⤵
  PID:6012
- C:\Windows\System\RrvMDao.exe
  C:\Windows\System\RrvMDao.exe
  2⤵
  PID:6032
- C:\Windows\System\iKwvJmk.exe
  C:\Windows\System\iKwvJmk.exe
  2⤵
  PID:6064
- C:\Windows\System\pMfenMV.exe
  C:\Windows\System\pMfenMV.exe
  2⤵
  PID:6096
- C:\Windows\System\CIMuYlz.exe
  C:\Windows\System\CIMuYlz.exe
  2⤵
  PID:6124
- C:\Windows\System\dHpEbRC.exe
  C:\Windows\System\dHpEbRC.exe
  2⤵
  PID:5212
- C:\Windows\System\caqyKuV.exe
  C:\Windows\System\caqyKuV.exe
  2⤵
  PID:2220
- C:\Windows\System\JBuApIK.exe
  C:\Windows\System\JBuApIK.exe
  2⤵
  PID:5308
- C:\Windows\System\mDFXfwd.exe
  C:\Windows\System\mDFXfwd.exe
  2⤵
  PID:3024
- C:\Windows\System\KZEqUww.exe
  C:\Windows\System\KZEqUww.exe
  2⤵
  PID:5388
- C:\Windows\System\vybxIyV.exe
  C:\Windows\System\vybxIyV.exe
  2⤵
  PID:5456
- C:\Windows\System\xaGgZlO.exe
  C:\Windows\System\xaGgZlO.exe
  2⤵
  PID:5552
- C:\Windows\System\BlRzlVO.exe
  C:\Windows\System\BlRzlVO.exe
  2⤵
  PID:5616
- C:\Windows\System\yhMEjrz.exe
  C:\Windows\System\yhMEjrz.exe
  2⤵
  PID:5696
- C:\Windows\System\mQTaOLf.exe
  C:\Windows\System\mQTaOLf.exe
  2⤵
  PID:5748
- C:\Windows\System\WEVHhIR.exe
  C:\Windows\System\WEVHhIR.exe
  2⤵
  PID:5812
- C:\Windows\System\OIxKExD.exe
  C:\Windows\System\OIxKExD.exe
  2⤵
  PID:5884
- C:\Windows\System\ZHPbFNH.exe
  C:\Windows\System\ZHPbFNH.exe
  2⤵
  PID:5928
- C:\Windows\System\LuhlfBp.exe
  C:\Windows\System\LuhlfBp.exe
  2⤵
  PID:6008
- C:\Windows\System\OvooPSc.exe
  C:\Windows\System\OvooPSc.exe
  2⤵
  PID:6004
- C:\Windows\System\sVoUAKU.exe
  C:\Windows\System\sVoUAKU.exe
  2⤵
  PID:3992
- C:\Windows\System\gUZahPA.exe
  C:\Windows\System\gUZahPA.exe
  2⤵
  PID:6116
- C:\Windows\System\ZJXZfnp.exe
  C:\Windows\System\ZJXZfnp.exe
  2⤵
  PID:5292
- C:\Windows\System\SGTrOXa.exe
  C:\Windows\System\SGTrOXa.exe
  2⤵
  PID:5436
- C:\Windows\System\yfMPmvy.exe
  C:\Windows\System\yfMPmvy.exe
  2⤵
  PID:5568
- C:\Windows\System\GnTQIgn.exe
  C:\Windows\System\GnTQIgn.exe
  2⤵
  PID:5756
- C:\Windows\System\iEqMSyO.exe
  C:\Windows\System\iEqMSyO.exe
  2⤵
  PID:1692
- C:\Windows\System\uBGgqjd.exe
  C:\Windows\System\uBGgqjd.exe
  2⤵
  PID:6024
- C:\Windows\System\TkCXnAP.exe
  C:\Windows\System\TkCXnAP.exe
  2⤵
  PID:4012
- C:\Windows\System\ModExNr.exe
  C:\Windows\System\ModExNr.exe
  2⤵
  PID:5424
- C:\Windows\System\BWtkUHr.exe
  C:\Windows\System\BWtkUHr.exe
  2⤵
  PID:5720
- C:\Windows\System\nkBnoKO.exe
  C:\Windows\System\nkBnoKO.exe
  2⤵
  PID:5968
- C:\Windows\System\bSgQvjz.exe
  C:\Windows\System\bSgQvjz.exe
  2⤵
  PID:5236
- C:\Windows\System\soEfUBo.exe
  C:\Windows\System\soEfUBo.exe
  2⤵
  PID:5936
- C:\Windows\System\qzKGQGU.exe
  C:\Windows\System\qzKGQGU.exe
  2⤵
  PID:5880
- C:\Windows\System\nbTmHlW.exe
  C:\Windows\System\nbTmHlW.exe
  2⤵
  PID:6152
- C:\Windows\System\LLQhoEK.exe
  C:\Windows\System\LLQhoEK.exe
  2⤵
  PID:6184
- C:\Windows\System\cWJloQA.exe
  C:\Windows\System\cWJloQA.exe
  2⤵
  PID:6216
- C:\Windows\System\ntKksYv.exe
  C:\Windows\System\ntKksYv.exe
  2⤵
  PID:6248
- C:\Windows\System\SfbBfPE.exe
  C:\Windows\System\SfbBfPE.exe
  2⤵
  PID:6276
- C:\Windows\System\HBNihPj.exe
  C:\Windows\System\HBNihPj.exe
  2⤵
  PID:6304
- C:\Windows\System\wmSFLJN.exe
  C:\Windows\System\wmSFLJN.exe
  2⤵
  PID:6336
- C:\Windows\System\myytMAi.exe
  C:\Windows\System\myytMAi.exe
  2⤵
  PID:6364
- C:\Windows\System\WtFgpkJ.exe
  C:\Windows\System\WtFgpkJ.exe
  2⤵
  PID:6392
- C:\Windows\System\DUyQtuu.exe
  C:\Windows\System\DUyQtuu.exe
  2⤵
  PID:6424
- C:\Windows\System\FaCbJVZ.exe
  C:\Windows\System\FaCbJVZ.exe
  2⤵
  PID:6452
- C:\Windows\System\dZyRRDC.exe
  C:\Windows\System\dZyRRDC.exe
  2⤵
  PID:6480
- C:\Windows\System\kWZsnFK.exe
  C:\Windows\System\kWZsnFK.exe
  2⤵
  PID:6508
- C:\Windows\System\wXuRojc.exe
  C:\Windows\System\wXuRojc.exe
  2⤵
  PID:6536
- C:\Windows\System\kwfWVuM.exe
  C:\Windows\System\kwfWVuM.exe
  2⤵
  PID:6568
- C:\Windows\System\hiLUyCB.exe
  C:\Windows\System\hiLUyCB.exe
  2⤵
  PID:6596
- C:\Windows\System\BvFkWiH.exe
  C:\Windows\System\BvFkWiH.exe
  2⤵
  PID:6628
- C:\Windows\System\floAxzH.exe
  C:\Windows\System\floAxzH.exe
  2⤵
  PID:6660
- C:\Windows\System\zRWnAuY.exe
  C:\Windows\System\zRWnAuY.exe
  2⤵
  PID:6692
- C:\Windows\System\YBbrzAQ.exe
  C:\Windows\System\YBbrzAQ.exe
  2⤵
  PID:6712
- C:\Windows\System\UIMIbXU.exe
  C:\Windows\System\UIMIbXU.exe
  2⤵
  PID:6748
- C:\Windows\System\UbnmMmE.exe
  C:\Windows\System\UbnmMmE.exe
  2⤵
  PID:6772
- C:\Windows\System\vVuxcHV.exe
  C:\Windows\System\vVuxcHV.exe
  2⤵
  PID:6808
- C:\Windows\System\ULbgHtF.exe
  C:\Windows\System\ULbgHtF.exe
  2⤵
  PID:6848
- C:\Windows\System\BJtjezY.exe
  C:\Windows\System\BJtjezY.exe
  2⤵
  PID:6872
- C:\Windows\System\IGJDthN.exe
  C:\Windows\System\IGJDthN.exe
  2⤵
  PID:6920
- C:\Windows\System\VaJxqhX.exe
  C:\Windows\System\VaJxqhX.exe
  2⤵
  PID:6960
- C:\Windows\System\bBnrYLq.exe
  C:\Windows\System\bBnrYLq.exe
  2⤵
  PID:6988
- C:\Windows\System\RnoGlhH.exe
  C:\Windows\System\RnoGlhH.exe
  2⤵
  PID:7012
- C:\Windows\System\FzVPOMi.exe
  C:\Windows\System\FzVPOMi.exe
  2⤵
  PID:7040
- C:\Windows\System\RfjALpR.exe
  C:\Windows\System\RfjALpR.exe
  2⤵
  PID:7056
- C:\Windows\System\zmXZxbj.exe
  C:\Windows\System\zmXZxbj.exe
  2⤵
  PID:7080
- C:\Windows\System\OYNvEGu.exe
  C:\Windows\System\OYNvEGu.exe
  2⤵
  PID:7096
- C:\Windows\System\RVeebrb.exe
  C:\Windows\System\RVeebrb.exe
  2⤵
  PID:7120
- C:\Windows\System\xqdnOoG.exe
  C:\Windows\System\xqdnOoG.exe
  2⤵
  PID:7136
- C:\Windows\System\RthEpOV.exe
  C:\Windows\System\RthEpOV.exe
  2⤵
  PID:7164
- C:\Windows\System\dwjJwct.exe
  C:\Windows\System\dwjJwct.exe
  2⤵
  PID:6180
- C:\Windows\System\wLEVBmt.exe
  C:\Windows\System\wLEVBmt.exe
  2⤵
  PID:6208
- C:\Windows\System\gezgBcI.exe
  C:\Windows\System\gezgBcI.exe
  2⤵
  PID:6272
- C:\Windows\System\FsQkqOa.exe
  C:\Windows\System\FsQkqOa.exe
  2⤵
  PID:6328
- C:\Windows\System\TIzYNAy.exe
  C:\Windows\System\TIzYNAy.exe
  2⤵
  PID:6356
- C:\Windows\System\xizFNIX.exe
  C:\Windows\System\xizFNIX.exe
  2⤵
  PID:6416
- C:\Windows\System\EBdILYM.exe
  C:\Windows\System\EBdILYM.exe
  2⤵
  PID:6520
- C:\Windows\System\ZtvslbM.exe
  C:\Windows\System\ZtvslbM.exe
  2⤵
  PID:6604
- C:\Windows\System\WRWzmeZ.exe
  C:\Windows\System\WRWzmeZ.exe
  2⤵
  PID:6680
- C:\Windows\System\LnalLwh.exe
  C:\Windows\System\LnalLwh.exe
  2⤵
  PID:6792
- C:\Windows\System\iSWGUdr.exe
  C:\Windows\System\iSWGUdr.exe
  2⤵
  PID:6884
- C:\Windows\System\qsWxQbq.exe
  C:\Windows\System\qsWxQbq.exe
  2⤵
  PID:6948
- C:\Windows\System\ryPatHT.exe
  C:\Windows\System\ryPatHT.exe
  2⤵
  PID:7028
- C:\Windows\System\aHeRxLs.exe
  C:\Windows\System\aHeRxLs.exe
  2⤵
  PID:7064
- C:\Windows\System\rplJgDy.exe
  C:\Windows\System\rplJgDy.exe
  2⤵
  PID:5204
- C:\Windows\System\vUNUMmc.exe
  C:\Windows\System\vUNUMmc.exe
  2⤵
  PID:7128
- C:\Windows\System\vfNuNfI.exe
  C:\Windows\System\vfNuNfI.exe
  2⤵
  PID:6472
- C:\Windows\System\etuHrFD.exe
  C:\Windows\System\etuHrFD.exe
  2⤵
  PID:6564
- C:\Windows\System\bwufVmM.exe
  C:\Windows\System\bwufVmM.exe
  2⤵
  PID:6592
- C:\Windows\System\AnEcgOU.exe
  C:\Windows\System\AnEcgOU.exe
  2⤵
  PID:6780
- C:\Windows\System\iizbNXL.exe
  C:\Windows\System\iizbNXL.exe
  2⤵
  PID:6976
- C:\Windows\System\meBagfh.exe
  C:\Windows\System\meBagfh.exe
  2⤵
  PID:7092
- C:\Windows\System\LEHMxZz.exe
  C:\Windows\System\LEHMxZz.exe
  2⤵
  PID:6164
- C:\Windows\System\geOlLUp.exe
  C:\Windows\System\geOlLUp.exe
  2⤵
  PID:7152
- C:\Windows\System\DqPppXn.exe
  C:\Windows\System\DqPppXn.exe
  2⤵
  PID:6528
- C:\Windows\System\bDFZhnD.exe
  C:\Windows\System\bDFZhnD.exe
  2⤵
  PID:6996
- C:\Windows\System\ZFocjlJ.exe
  C:\Windows\System\ZFocjlJ.exe
  2⤵
  PID:6212
- C:\Windows\System\ftnbgmO.exe
  C:\Windows\System\ftnbgmO.exe
  2⤵
  PID:1660
- C:\Windows\System\PIKxIKB.exe
  C:\Windows\System\PIKxIKB.exe
  2⤵
  PID:7184
- C:\Windows\System\dHnLTxo.exe
  C:\Windows\System\dHnLTxo.exe
  2⤵
  PID:7224
- C:\Windows\System\IEIMQIl.exe
  C:\Windows\System\IEIMQIl.exe
  2⤵
  PID:7264
- C:\Windows\System\sCwGNoH.exe
  C:\Windows\System\sCwGNoH.exe
  2⤵
  PID:7300
- C:\Windows\System\KElomGa.exe
  C:\Windows\System\KElomGa.exe
  2⤵
  PID:7328
- C:\Windows\System\ratCmPS.exe
  C:\Windows\System\ratCmPS.exe
  2⤵
  PID:7356
- C:\Windows\System\JtDjcNQ.exe
  C:\Windows\System\JtDjcNQ.exe
  2⤵
  PID:7384
- C:\Windows\System\JYbIZxz.exe
  C:\Windows\System\JYbIZxz.exe
  2⤵
  PID:7412
- C:\Windows\System\cnZYuLi.exe
  C:\Windows\System\cnZYuLi.exe
  2⤵
  PID:7440
- C:\Windows\System\glwPweo.exe
  C:\Windows\System\glwPweo.exe
  2⤵
  PID:7468
- C:\Windows\System\ezEhwwY.exe
  C:\Windows\System\ezEhwwY.exe
  2⤵
  PID:7496
- C:\Windows\System\uLKvfZQ.exe
  C:\Windows\System\uLKvfZQ.exe
  2⤵
  PID:7524
- C:\Windows\System\dWCpGUH.exe
  C:\Windows\System\dWCpGUH.exe
  2⤵
  PID:7552
- C:\Windows\System\QNebZKu.exe
  C:\Windows\System\QNebZKu.exe
  2⤵
  PID:7588
- C:\Windows\System\DUNzlzS.exe
  C:\Windows\System\DUNzlzS.exe
  2⤵
  PID:7616
- C:\Windows\System\uyiIffp.exe
  C:\Windows\System\uyiIffp.exe
  2⤵
  PID:7644
- C:\Windows\System\RkSmQxE.exe
  C:\Windows\System\RkSmQxE.exe
  2⤵
  PID:7680
- C:\Windows\System\JNAPyGm.exe
  C:\Windows\System\JNAPyGm.exe
  2⤵
  PID:7704
- C:\Windows\System\nqFVUaB.exe
  C:\Windows\System\nqFVUaB.exe
  2⤵
  PID:7732
- C:\Windows\System\KTUNZqn.exe
  C:\Windows\System\KTUNZqn.exe
  2⤵
  PID:7760
- C:\Windows\System\oLwyAql.exe
  C:\Windows\System\oLwyAql.exe
  2⤵
  PID:7788
- C:\Windows\System\iBGMNyH.exe
  C:\Windows\System\iBGMNyH.exe
  2⤵
  PID:7816
- C:\Windows\System\zMXSRVo.exe
  C:\Windows\System\zMXSRVo.exe
  2⤵
  PID:7844
- C:\Windows\System\zegBcGD.exe
  C:\Windows\System\zegBcGD.exe
  2⤵
  PID:7872
- C:\Windows\System\uxFpbDW.exe
  C:\Windows\System\uxFpbDW.exe
  2⤵
  PID:7900
- C:\Windows\System\BUffslI.exe
  C:\Windows\System\BUffslI.exe
  2⤵
  PID:7928
- C:\Windows\System\SfUvSDR.exe
  C:\Windows\System\SfUvSDR.exe
  2⤵
  PID:7956
- C:\Windows\System\welOXza.exe
  C:\Windows\System\welOXza.exe
  2⤵
  PID:7984
- C:\Windows\System\uYlMMMl.exe
  C:\Windows\System\uYlMMMl.exe
  2⤵
  PID:8016
- C:\Windows\System\hIRIuAt.exe
  C:\Windows\System\hIRIuAt.exe
  2⤵
  PID:8044
- C:\Windows\System\HcGSsaw.exe
  C:\Windows\System\HcGSsaw.exe
  2⤵
  PID:8072
- C:\Windows\System\EquEFzg.exe
  C:\Windows\System\EquEFzg.exe
  2⤵
  PID:8100
- C:\Windows\System\gpxfNFQ.exe
  C:\Windows\System\gpxfNFQ.exe
  2⤵
  PID:8128
- C:\Windows\System\PDHIVQp.exe
  C:\Windows\System\PDHIVQp.exe
  2⤵
  PID:8156
- C:\Windows\System\BXDuQDS.exe
  C:\Windows\System\BXDuQDS.exe
  2⤵
  PID:8184
- C:\Windows\System\mJqKzpN.exe
  C:\Windows\System\mJqKzpN.exe
  2⤵
  PID:7220
- C:\Windows\System\EfLjXNW.exe
  C:\Windows\System\EfLjXNW.exe
  2⤵
  PID:7340
- C:\Windows\System\ulxTGIB.exe
  C:\Windows\System\ulxTGIB.exe
  2⤵
  PID:7492
- C:\Windows\System\tjKUmLX.exe
  C:\Windows\System\tjKUmLX.exe
  2⤵
  PID:7564
- C:\Windows\System\KqwXhFE.exe
  C:\Windows\System\KqwXhFE.exe
  2⤵
  PID:7656
- C:\Windows\System\VpVcgTX.exe
  C:\Windows\System\VpVcgTX.exe
  2⤵
  PID:7716
- C:\Windows\System\HExpOqV.exe
  C:\Windows\System\HExpOqV.exe
  2⤵
  PID:7812
- C:\Windows\System\HYcclhZ.exe
  C:\Windows\System\HYcclhZ.exe
  2⤵
  PID:7892
- C:\Windows\System\oAMszWA.exe
  C:\Windows\System\oAMszWA.exe
  2⤵
  PID:7976
- C:\Windows\System\MhblnmH.exe
  C:\Windows\System\MhblnmH.exe
  2⤵
  PID:8012
- C:\Windows\System\UpsadnH.exe
  C:\Windows\System\UpsadnH.exe
  2⤵
  PID:8068
- C:\Windows\System\CKUrDMh.exe
  C:\Windows\System\CKUrDMh.exe
  2⤵
  PID:8124
- C:\Windows\System\DuTHqTJ.exe
  C:\Windows\System\DuTHqTJ.exe
  2⤵
  PID:7292
- C:\Windows\System\RgwemEq.exe
  C:\Windows\System\RgwemEq.exe
  2⤵
  PID:7608
- C:\Windows\System\jhrSrmG.exe
  C:\Windows\System\jhrSrmG.exe
  2⤵
  PID:7856
- C:\Windows\System\LpDqJXr.exe
  C:\Windows\System\LpDqJXr.exe
  2⤵
  PID:8176
- C:\Windows\System\GtEjzNf.exe
  C:\Windows\System\GtEjzNf.exe
  2⤵
  PID:7544
- C:\Windows\System\SkkzmxE.exe
  C:\Windows\System\SkkzmxE.exe
  2⤵
  PID:8196
- C:\Windows\System\WcfPqMv.exe
  C:\Windows\System\WcfPqMv.exe
  2⤵
  PID:8216
- C:\Windows\System\ndsDBTG.exe
  C:\Windows\System\ndsDBTG.exe
  2⤵
  PID:8256
- C:\Windows\System\tydBwMz.exe
  C:\Windows\System\tydBwMz.exe
  2⤵
  PID:8300
- C:\Windows\System\wlGlYPV.exe
  C:\Windows\System\wlGlYPV.exe
  2⤵
  PID:8332
- C:\Windows\System\IdMXFEd.exe
  C:\Windows\System\IdMXFEd.exe
  2⤵
  PID:8356
- C:\Windows\System\SyLUMkO.exe
  C:\Windows\System\SyLUMkO.exe
  2⤵
  PID:8372
- C:\Windows\System\vhRtuuj.exe
  C:\Windows\System\vhRtuuj.exe
  2⤵
  PID:8388
- C:\Windows\System\JHUfWzf.exe
  C:\Windows\System\JHUfWzf.exe
  2⤵
  PID:8412
- C:\Windows\System\PXjeDyS.exe
  C:\Windows\System\PXjeDyS.exe
  2⤵
  PID:8444
- C:\Windows\System\hFrWCvB.exe
  C:\Windows\System\hFrWCvB.exe
  2⤵
  PID:8468
- C:\Windows\System\eOwtQYJ.exe
  C:\Windows\System\eOwtQYJ.exe
  2⤵
  PID:8520
- C:\Windows\System\LvXPvvZ.exe
  C:\Windows\System\LvXPvvZ.exe
  2⤵
  PID:8544
- C:\Windows\System\jqSbSUY.exe
  C:\Windows\System\jqSbSUY.exe
  2⤵
  PID:8580
- C:\Windows\System\FMZuybk.exe
  C:\Windows\System\FMZuybk.exe
  2⤵
  PID:8608
- C:\Windows\System\mywnAje.exe
  C:\Windows\System\mywnAje.exe
  2⤵
  PID:8648
- C:\Windows\System\wZsRKCa.exe
  C:\Windows\System\wZsRKCa.exe
  2⤵
  PID:8684
- C:\Windows\System\zNzZzbM.exe
  C:\Windows\System\zNzZzbM.exe
  2⤵
  PID:8712
- C:\Windows\System\SEXVSqp.exe
  C:\Windows\System\SEXVSqp.exe
  2⤵
  PID:8740
- C:\Windows\System\TObNzNu.exe
  C:\Windows\System\TObNzNu.exe
  2⤵
  PID:8776
- C:\Windows\System\enjXOWW.exe
  C:\Windows\System\enjXOWW.exe
  2⤵
  PID:8792
- C:\Windows\System\IvKzLoL.exe
  C:\Windows\System\IvKzLoL.exe
  2⤵
  PID:8828
- C:\Windows\System\ofcahgP.exe
  C:\Windows\System\ofcahgP.exe
  2⤵
  PID:8864
- C:\Windows\System\DfkNwKu.exe
  C:\Windows\System\DfkNwKu.exe
  2⤵
  PID:8900
- C:\Windows\System\luKDhJZ.exe
  C:\Windows\System\luKDhJZ.exe
  2⤵
  PID:8928
- C:\Windows\System\mybswkI.exe
  C:\Windows\System\mybswkI.exe
  2⤵
  PID:8956
- C:\Windows\System\koPQLzk.exe
  C:\Windows\System\koPQLzk.exe
  2⤵
  PID:8984
- C:\Windows\System\CmRUlSn.exe
  C:\Windows\System\CmRUlSn.exe
  2⤵
  PID:9012
- C:\Windows\System\livUsoF.exe
  C:\Windows\System\livUsoF.exe
  2⤵
  PID:9040
- C:\Windows\System\ZhSXIYb.exe
  C:\Windows\System\ZhSXIYb.exe
  2⤵
  PID:9068
- C:\Windows\System\PxSWzKW.exe
  C:\Windows\System\PxSWzKW.exe
  2⤵
  PID:9096
- C:\Windows\System\dbCjSNZ.exe
  C:\Windows\System\dbCjSNZ.exe
  2⤵
  PID:9124
- C:\Windows\System\XaEpQDf.exe
  C:\Windows\System\XaEpQDf.exe
  2⤵
  PID:9156
- C:\Windows\System\dmbpriF.exe
  C:\Windows\System\dmbpriF.exe
  2⤵
  PID:9184
- C:\Windows\System\avzVuJC.exe
  C:\Windows\System\avzVuJC.exe
  2⤵
  PID:9212
- C:\Windows\System\tmNuetw.exe
  C:\Windows\System\tmNuetw.exe
  2⤵
  PID:8212
- C:\Windows\System\fszXTHP.exe
  C:\Windows\System\fszXTHP.exe
  2⤵
  PID:8328
- C:\Windows\System\YDmsnHM.exe
  C:\Windows\System\YDmsnHM.exe
  2⤵
  PID:8348
- C:\Windows\System\bOYxcUW.exe
  C:\Windows\System\bOYxcUW.exe
  2⤵
  PID:8500
- C:\Windows\System\daRLouW.exe
  C:\Windows\System\daRLouW.exe
  2⤵
  PID:8540
- C:\Windows\System\qKzDLIR.exe
  C:\Windows\System\qKzDLIR.exe
  2⤵
  PID:8636
- C:\Windows\System\dLnTFDE.exe
  C:\Windows\System\dLnTFDE.exe
  2⤵
  PID:8668
- C:\Windows\System\olVohho.exe
  C:\Windows\System\olVohho.exe
  2⤵
  PID:8748
- C:\Windows\System\vWNhOAW.exe
  C:\Windows\System\vWNhOAW.exe
  2⤵
  PID:8820
- C:\Windows\System\XFmDIsI.exe
  C:\Windows\System\XFmDIsI.exe
  2⤵
  PID:8912
- C:\Windows\System\gxLKBCU.exe
  C:\Windows\System\gxLKBCU.exe
  2⤵
  PID:8976
- C:\Windows\System\rDycguC.exe
  C:\Windows\System\rDycguC.exe
  2⤵
  PID:9036
- C:\Windows\System\IENnnJA.exe
  C:\Windows\System\IENnnJA.exe
  2⤵
  PID:9092
- C:\Windows\System\FmrqPJN.exe
  C:\Windows\System\FmrqPJN.exe
  2⤵
  PID:9136
- C:\Windows\System\NFwkFqJ.exe
  C:\Windows\System\NFwkFqJ.exe
  2⤵
  PID:9208
- C:\Windows\System\QsUpNbq.exe
  C:\Windows\System\QsUpNbq.exe
  2⤵
  PID:1244
- C:\Windows\System\pZMUZiX.exe
  C:\Windows\System\pZMUZiX.exe
  2⤵
  PID:8488
- C:\Windows\System\TAqztuX.exe
  C:\Windows\System\TAqztuX.exe
  2⤵
  PID:8644
- C:\Windows\System\wqThoBp.exe
  C:\Windows\System\wqThoBp.exe
  2⤵
  PID:8788
- C:\Windows\System\vwUPNbK.exe
  C:\Windows\System\vwUPNbK.exe
  2⤵
  PID:9004
- C:\Windows\System\LBnDjZM.exe
  C:\Windows\System\LBnDjZM.exe
  2⤵
  PID:9120
- C:\Windows\System\pJrnBEm.exe
  C:\Windows\System\pJrnBEm.exe
  2⤵
  PID:8352
- C:\Windows\System\WUQbayh.exe
  C:\Windows\System\WUQbayh.exe
  2⤵
  PID:8604
- C:\Windows\System\RKyVepU.exe
  C:\Windows\System\RKyVepU.exe
  2⤵
  PID:9032
- C:\Windows\System\mQgqYdy.exe
  C:\Windows\System\mQgqYdy.exe
  2⤵
  PID:8564
- C:\Windows\System\kHvVCtN.exe
  C:\Windows\System\kHvVCtN.exe
  2⤵
  PID:8460
- C:\Windows\System\fbzBGrJ.exe
  C:\Windows\System\fbzBGrJ.exe
  2⤵
  PID:9232
- C:\Windows\System\zLHPFcz.exe
  C:\Windows\System\zLHPFcz.exe
  2⤵
  PID:9260
- C:\Windows\System\pcBYJrB.exe
  C:\Windows\System\pcBYJrB.exe
  2⤵
  PID:9288
- C:\Windows\System\MpCEHVh.exe
  C:\Windows\System\MpCEHVh.exe
  2⤵
  PID:9316
- C:\Windows\System\feUCEqX.exe
  C:\Windows\System\feUCEqX.exe
  2⤵
  PID:9344
- C:\Windows\System\Zaaozvm.exe
  C:\Windows\System\Zaaozvm.exe
  2⤵
  PID:9372
- C:\Windows\System\QVOAMto.exe
  C:\Windows\System\QVOAMto.exe
  2⤵
  PID:9400
- C:\Windows\System\uXznlXa.exe
  C:\Windows\System\uXznlXa.exe
  2⤵
  PID:9428
- C:\Windows\System\tvSAjPW.exe
  C:\Windows\System\tvSAjPW.exe
  2⤵
  PID:9456
- C:\Windows\System\OCkKVgc.exe
  C:\Windows\System\OCkKVgc.exe
  2⤵
  PID:9484
- C:\Windows\System\btFETjl.exe
  C:\Windows\System\btFETjl.exe
  2⤵
  PID:9512
- C:\Windows\System\xANrIMz.exe
  C:\Windows\System\xANrIMz.exe
  2⤵
  PID:9540
- C:\Windows\System\oVwhLic.exe
  C:\Windows\System\oVwhLic.exe
  2⤵
  PID:9568
- C:\Windows\System\zuaJaMi.exe
  C:\Windows\System\zuaJaMi.exe
  2⤵
  PID:9596
- C:\Windows\System\MsxMuxO.exe
  C:\Windows\System\MsxMuxO.exe
  2⤵
  PID:9624
- C:\Windows\System\MQZUBQL.exe
  C:\Windows\System\MQZUBQL.exe
  2⤵
  PID:9652
- C:\Windows\System\feIIOum.exe
  C:\Windows\System\feIIOum.exe
  2⤵
  PID:9680
- C:\Windows\System\DLvXkKw.exe
  C:\Windows\System\DLvXkKw.exe
  2⤵
  PID:9708
- C:\Windows\System\oDFEBHF.exe
  C:\Windows\System\oDFEBHF.exe
  2⤵
  PID:9736
- C:\Windows\System\JHyOCtA.exe
  C:\Windows\System\JHyOCtA.exe
  2⤵
  PID:9764
- C:\Windows\System\cSyohcW.exe
  C:\Windows\System\cSyohcW.exe
  2⤵
  PID:9792
- C:\Windows\System\cLDBtSj.exe
  C:\Windows\System\cLDBtSj.exe
  2⤵
  PID:9820
- C:\Windows\System\QBuSBvT.exe
  C:\Windows\System\QBuSBvT.exe
  2⤵
  PID:9848
- C:\Windows\System\tpOalNW.exe
  C:\Windows\System\tpOalNW.exe
  2⤵
  PID:9876
- C:\Windows\System\WZDvjxP.exe
  C:\Windows\System\WZDvjxP.exe
  2⤵
  PID:9904
- C:\Windows\System\usNTtXG.exe
  C:\Windows\System\usNTtXG.exe
  2⤵
  PID:9932
- C:\Windows\System\JlYyggw.exe
  C:\Windows\System\JlYyggw.exe
  2⤵
  PID:9960
- C:\Windows\System\bLaSSUR.exe
  C:\Windows\System\bLaSSUR.exe
  2⤵
  PID:9988
- C:\Windows\System\oIFkWLe.exe
  C:\Windows\System\oIFkWLe.exe
  2⤵
  PID:10016
- C:\Windows\System\UQtGRBJ.exe
  C:\Windows\System\UQtGRBJ.exe
  2⤵
  PID:10044
- C:\Windows\System\RmbVDzm.exe
  C:\Windows\System\RmbVDzm.exe
  2⤵
  PID:10072
- C:\Windows\System\ezLlnvi.exe
  C:\Windows\System\ezLlnvi.exe
  2⤵
  PID:10100
- C:\Windows\System\sNRczoR.exe
  C:\Windows\System\sNRczoR.exe
  2⤵
  PID:10128
- C:\Windows\System\sWYToXS.exe
  C:\Windows\System\sWYToXS.exe
  2⤵
  PID:10156
- C:\Windows\System\MVOpxwv.exe
  C:\Windows\System\MVOpxwv.exe
  2⤵
  PID:10184
- C:\Windows\System\JuARiaQ.exe
  C:\Windows\System\JuARiaQ.exe
  2⤵
  PID:10216
- C:\Windows\System\gAalNGe.exe
  C:\Windows\System\gAalNGe.exe
  2⤵
  PID:9224
- C:\Windows\System\fefRAjF.exe
  C:\Windows\System\fefRAjF.exe
  2⤵
  PID:9284
- C:\Windows\System\thKZMDB.exe
  C:\Windows\System\thKZMDB.exe
  2⤵
  PID:9356
- C:\Windows\System\aQKImvo.exe
  C:\Windows\System\aQKImvo.exe
  2⤵
  PID:9420
- C:\Windows\System\uawCIXT.exe
  C:\Windows\System\uawCIXT.exe
  2⤵
  PID:9476
- C:\Windows\System\ZLbpQCq.exe
  C:\Windows\System\ZLbpQCq.exe
  2⤵
  PID:9552
- C:\Windows\System\AzGMBKZ.exe
  C:\Windows\System\AzGMBKZ.exe
  2⤵
  PID:9616
- C:\Windows\System\ofYPcDG.exe
  C:\Windows\System\ofYPcDG.exe
  2⤵
  PID:9676
- C:\Windows\System\asWyuYi.exe
  C:\Windows\System\asWyuYi.exe
  2⤵
  PID:9732
- C:\Windows\System\XCUQvqi.exe
  C:\Windows\System\XCUQvqi.exe
  2⤵
  PID:9776
- C:\Windows\System\MOnigot.exe
  C:\Windows\System\MOnigot.exe
  2⤵
  PID:9816
- C:\Windows\System\uoJypnt.exe
  C:\Windows\System\uoJypnt.exe
  2⤵
  PID:9872
- C:\Windows\System\oHkRJLQ.exe
  C:\Windows\System\oHkRJLQ.exe
  2⤵
  PID:9972
- C:\Windows\System\JMnZLel.exe
  C:\Windows\System\JMnZLel.exe
  2⤵
  PID:10036
- C:\Windows\System\jsFuGFz.exe
  C:\Windows\System\jsFuGFz.exe
  2⤵
  PID:10112
- C:\Windows\System\Kyjukmi.exe
  C:\Windows\System\Kyjukmi.exe
  2⤵
  PID:10208
- C:\Windows\System\NnkAfIp.exe
  C:\Windows\System\NnkAfIp.exe
  2⤵
  PID:9336
- C:\Windows\System\eyqUIyb.exe
  C:\Windows\System\eyqUIyb.exe
  2⤵
  PID:9508
- C:\Windows\System\HrTqudQ.exe
  C:\Windows\System\HrTqudQ.exe
  2⤵
  PID:9756
- C:\Windows\System\XibYuSr.exe
  C:\Windows\System\XibYuSr.exe
  2⤵
  PID:10008
- C:\Windows\System\jYMOCXW.exe
  C:\Windows\System\jYMOCXW.exe
  2⤵
  PID:10068
- C:\Windows\System\jLiVdwv.exe
  C:\Windows\System\jLiVdwv.exe
  2⤵
  PID:9272
- C:\Windows\System\QdguqFP.exe
  C:\Windows\System\QdguqFP.exe
  2⤵
  PID:9648
- C:\Windows\System\FCPffQj.exe
  C:\Windows\System\FCPffQj.exe
  2⤵
  PID:10168
- C:\Windows\System\gGqPFNS.exe
  C:\Windows\System\gGqPFNS.exe
  2⤵
  PID:9952
- C:\Windows\System\iWMouzK.exe
  C:\Windows\System\iWMouzK.exe
  2⤵
  PID:10248
- C:\Windows\System\UKQGHFg.exe
  C:\Windows\System\UKQGHFg.exe
  2⤵
  PID:10280
- C:\Windows\System\nlbPYeU.exe
  C:\Windows\System\nlbPYeU.exe
  2⤵
  PID:10308
- C:\Windows\System\ZRXNVyW.exe
  C:\Windows\System\ZRXNVyW.exe
  2⤵
  PID:10336
- C:\Windows\System\UDgaXUH.exe
  C:\Windows\System\UDgaXUH.exe
  2⤵
  PID:10356
- C:\Windows\System\gxcBaqj.exe
  C:\Windows\System\gxcBaqj.exe
  2⤵
  PID:10380
- C:\Windows\System\VTDvFjo.exe
  C:\Windows\System\VTDvFjo.exe
  2⤵
  PID:10396
- C:\Windows\System\NlscdEi.exe
  C:\Windows\System\NlscdEi.exe
  2⤵
  PID:10432
- C:\Windows\System\mkYzFoE.exe
  C:\Windows\System\mkYzFoE.exe
  2⤵
  PID:10460
- C:\Windows\System\epKfYsr.exe
  C:\Windows\System\epKfYsr.exe
  2⤵
  PID:10496
- C:\Windows\System\cnBglPG.exe
  C:\Windows\System\cnBglPG.exe
  2⤵
  PID:10524
- C:\Windows\System\UegThcJ.exe
  C:\Windows\System\UegThcJ.exe
  2⤵
  PID:10556
- C:\Windows\System\WEQEdnf.exe
  C:\Windows\System\WEQEdnf.exe
  2⤵
  PID:10584
- C:\Windows\System\vEfjKBT.exe
  C:\Windows\System\vEfjKBT.exe
  2⤵
  PID:10616
- C:\Windows\System\laigmIG.exe
  C:\Windows\System\laigmIG.exe
  2⤵
  PID:10648
- C:\Windows\System\VVagCjC.exe
  C:\Windows\System\VVagCjC.exe
  2⤵
  PID:10692
- C:\Windows\System\svklyKt.exe
  C:\Windows\System\svklyKt.exe
  2⤵
  PID:10724
- C:\Windows\System\hnhYcYM.exe
  C:\Windows\System\hnhYcYM.exe
  2⤵
  PID:10760
- C:\Windows\System\pwlYatK.exe
  C:\Windows\System\pwlYatK.exe
  2⤵
  PID:10804
- C:\Windows\System\CjqueiG.exe
  C:\Windows\System\CjqueiG.exe
  2⤵
  PID:10836
- C:\Windows\System\BfOcUmn.exe
  C:\Windows\System\BfOcUmn.exe
  2⤵
  PID:10864
- C:\Windows\System\nHkfVDI.exe
  C:\Windows\System\nHkfVDI.exe
  2⤵
  PID:10896
- C:\Windows\System\AEbpjdH.exe
  C:\Windows\System\AEbpjdH.exe
  2⤵
  PID:10924
- C:\Windows\System\aZzmTcv.exe
  C:\Windows\System\aZzmTcv.exe
  2⤵
  PID:10952
- C:\Windows\System\mDHSMkH.exe
  C:\Windows\System\mDHSMkH.exe
  2⤵
  PID:10980
- C:\Windows\System\vDutQQV.exe
  C:\Windows\System\vDutQQV.exe
  2⤵
  PID:11008
- C:\Windows\System\xNunrIi.exe
  C:\Windows\System\xNunrIi.exe
  2⤵
  PID:11036
- C:\Windows\System\jWEZQAi.exe
  C:\Windows\System\jWEZQAi.exe
  2⤵
  PID:11064
- C:\Windows\System\goTOkXc.exe
  C:\Windows\System\goTOkXc.exe
  2⤵
  PID:11092
- C:\Windows\System\EdGCqmd.exe
  C:\Windows\System\EdGCqmd.exe
  2⤵
  PID:11120
- C:\Windows\System\AjCmutr.exe
  C:\Windows\System\AjCmutr.exe
  2⤵
  PID:11136
- C:\Windows\System\yhSvSzL.exe
  C:\Windows\System\yhSvSzL.exe
  2⤵
  PID:11156
- C:\Windows\System\ywyeXgH.exe
  C:\Windows\System\ywyeXgH.exe
  2⤵
  PID:11188
- C:\Windows\System\fyFwCCH.exe
  C:\Windows\System\fyFwCCH.exe
  2⤵
  PID:11216
- C:\Windows\System\jpsFMai.exe
  C:\Windows\System\jpsFMai.exe
  2⤵
  PID:11260
- C:\Windows\System\BhjqCfV.exe
  C:\Windows\System\BhjqCfV.exe
  2⤵
  PID:10300
- C:\Windows\System\pdVifjW.exe
  C:\Windows\System\pdVifjW.exe
  2⤵
  PID:10352
- C:\Windows\System\gdXhvLI.exe
  C:\Windows\System\gdXhvLI.exe
  2⤵
  PID:10428
- C:\Windows\System\BNweMwV.exe
  C:\Windows\System\BNweMwV.exe
  2⤵
  PID:10508
- C:\Windows\System\EJOFxrL.exe
  C:\Windows\System\EJOFxrL.exe
  2⤵
  PID:10572
- C:\Windows\System\nyuaWMR.exe
  C:\Windows\System\nyuaWMR.exe
  2⤵
  PID:10676
- C:\Windows\System\UMaZLjh.exe
  C:\Windows\System\UMaZLjh.exe
  2⤵
  PID:10720
- C:\Windows\System\dLHcLXQ.exe
  C:\Windows\System\dLHcLXQ.exe
  2⤵
  PID:10816
- C:\Windows\System\XROekCS.exe
  C:\Windows\System\XROekCS.exe
  2⤵
  PID:10880
- C:\Windows\System\gOrAHsy.exe
  C:\Windows\System\gOrAHsy.exe
  2⤵
  PID:10944
- C:\Windows\System\eLVwsGV.exe
  C:\Windows\System\eLVwsGV.exe
  2⤵
  PID:11004
- C:\Windows\System\kRZBQoB.exe
  C:\Windows\System\kRZBQoB.exe
  2⤵
  PID:11076
- C:\Windows\System\YfXlaQw.exe
  C:\Windows\System\YfXlaQw.exe
  2⤵
  PID:11128
- C:\Windows\System\JLKFmiZ.exe
  C:\Windows\System\JLKFmiZ.exe
  2⤵
  PID:11176
- C:\Windows\System\wyxluVn.exe
  C:\Windows\System\wyxluVn.exe
  2⤵
  PID:11244
- C:\Windows\System\ZQiDBSd.exe
  C:\Windows\System\ZQiDBSd.exe
  2⤵
  PID:10388
- C:\Windows\System\qtoSReO.exe
  C:\Windows\System\qtoSReO.exe
  2⤵
  PID:10516
- C:\Windows\System\voZtodU.exe
  C:\Windows\System\voZtodU.exe
  2⤵
  PID:10708
- C:\Windows\System\CnHtwJN.exe
  C:\Windows\System\CnHtwJN.exe
  2⤵
  PID:10852
- C:\Windows\System\oxywJKo.exe
  C:\Windows\System\oxywJKo.exe
  2⤵
  PID:11032
- C:\Windows\System\pvlsIjo.exe
  C:\Windows\System\pvlsIjo.exe
  2⤵
  PID:11168
- C:\Windows\System\TrrXzDa.exe
  C:\Windows\System\TrrXzDa.exe
  2⤵
  PID:10344
- C:\Windows\System\UNuJbqj.exe
  C:\Windows\System\UNuJbqj.exe
  2⤵
  PID:10752
- C:\Windows\System\ztfJsJO.exe
  C:\Windows\System\ztfJsJO.exe
  2⤵
  PID:11116
- C:\Windows\System\idotBvm.exe
  C:\Windows\System\idotBvm.exe
  2⤵
  PID:10644
- C:\Windows\System\obdebiD.exe
  C:\Windows\System\obdebiD.exe
  2⤵
  PID:10204
- C:\Windows\System\ZSCLMVu.exe
  C:\Windows\System\ZSCLMVu.exe
  2⤵
  PID:11288
- C:\Windows\System\Hujcmfu.exe
  C:\Windows\System\Hujcmfu.exe
  2⤵
  PID:11316
- C:\Windows\System\DqNeTAr.exe
  C:\Windows\System\DqNeTAr.exe
  2⤵
  PID:11344
- C:\Windows\System\OKNIrAl.exe
  C:\Windows\System\OKNIrAl.exe
  2⤵
  PID:11372
- C:\Windows\System\JYYTCLE.exe
  C:\Windows\System\JYYTCLE.exe
  2⤵
  PID:11400
- C:\Windows\System\nBxJpvS.exe
  C:\Windows\System\nBxJpvS.exe
  2⤵
  PID:11428
- C:\Windows\System\abPGYvp.exe
  C:\Windows\System\abPGYvp.exe
  2⤵
  PID:11456
- C:\Windows\System\qyHpAtb.exe
  C:\Windows\System\qyHpAtb.exe
  2⤵
  PID:11484
- C:\Windows\System\tRcFFJQ.exe
  C:\Windows\System\tRcFFJQ.exe
  2⤵
  PID:11512
- C:\Windows\System\AoxGrMo.exe
  C:\Windows\System\AoxGrMo.exe
  2⤵
  PID:11540
- C:\Windows\System\LvpNUfV.exe
  C:\Windows\System\LvpNUfV.exe
  2⤵
  PID:11584
- C:\Windows\System\BVZbAzH.exe
  C:\Windows\System\BVZbAzH.exe
  2⤵
  PID:11616
- C:\Windows\System\OcmfSwb.exe
  C:\Windows\System\OcmfSwb.exe
  2⤵
  PID:11644
- C:\Windows\System\ftRTLvW.exe
  C:\Windows\System\ftRTLvW.exe
  2⤵
  PID:11672
- C:\Windows\System\CNiPwwi.exe
  C:\Windows\System\CNiPwwi.exe
  2⤵
  PID:11700
- C:\Windows\System\rAQJAPp.exe
  C:\Windows\System\rAQJAPp.exe
  2⤵
  PID:11728
- C:\Windows\System\NBnshXA.exe
  C:\Windows\System\NBnshXA.exe
  2⤵
  PID:11756
- C:\Windows\System\DgXOuux.exe
  C:\Windows\System\DgXOuux.exe
  2⤵
  PID:11784
- C:\Windows\System\vMtdTHQ.exe
  C:\Windows\System\vMtdTHQ.exe
  2⤵
  PID:11812
- C:\Windows\System\ncSnzCV.exe
  C:\Windows\System\ncSnzCV.exe
  2⤵
  PID:11832
- C:\Windows\System\xZENWEZ.exe
  C:\Windows\System\xZENWEZ.exe
  2⤵
  PID:11852
- C:\Windows\System\TxGrOuQ.exe
  C:\Windows\System\TxGrOuQ.exe
  2⤵
  PID:11884
- C:\Windows\System\zvABfHz.exe
  C:\Windows\System\zvABfHz.exe
  2⤵
  PID:11924
- C:\Windows\System\cakripG.exe
  C:\Windows\System\cakripG.exe
  2⤵
  PID:11952
- C:\Windows\System\fVtewHO.exe
  C:\Windows\System\fVtewHO.exe
  2⤵
  PID:11980
- C:\Windows\System\iZstpEg.exe
  C:\Windows\System\iZstpEg.exe
  2⤵
  PID:12008
- C:\Windows\System\cmSfbFk.exe
  C:\Windows\System\cmSfbFk.exe
  2⤵
  PID:12036
- C:\Windows\System\uumzMcJ.exe
  C:\Windows\System\uumzMcJ.exe
  2⤵
  PID:12064
- C:\Windows\System\dqpgHKc.exe
  C:\Windows\System\dqpgHKc.exe
  2⤵
  PID:12092
- C:\Windows\System\lwhcXwN.exe
  C:\Windows\System\lwhcXwN.exe
  2⤵
  PID:12120
- C:\Windows\System\fkAEpwO.exe
  C:\Windows\System\fkAEpwO.exe
  2⤵
  PID:12148
- C:\Windows\System\vZHlJrm.exe
  C:\Windows\System\vZHlJrm.exe
  2⤵
  PID:12176
- C:\Windows\System\rABlLbi.exe
  C:\Windows\System\rABlLbi.exe
  2⤵
  PID:12204
- C:\Windows\System\PsyYwdi.exe
  C:\Windows\System\PsyYwdi.exe
  2⤵
  PID:12232
- C:\Windows\System\lskuZSD.exe
  C:\Windows\System\lskuZSD.exe
  2⤵
  PID:12260
- C:\Windows\System\DgPHCmj.exe
  C:\Windows\System\DgPHCmj.exe
  2⤵
  PID:10688
- C:\Windows\System\nqnjWPy.exe
  C:\Windows\System\nqnjWPy.exe
  2⤵
  PID:11328
- C:\Windows\System\CqzIota.exe
  C:\Windows\System\CqzIota.exe
  2⤵
  PID:11392
- C:\Windows\System\FuxSnbS.exe
  C:\Windows\System\FuxSnbS.exe
  2⤵
  PID:11452
- C:\Windows\System\DOGoKkm.exe
  C:\Windows\System\DOGoKkm.exe
  2⤵
  PID:11524
- C:\Windows\System\NASkHqp.exe
  C:\Windows\System\NASkHqp.exe
  2⤵
  PID:11664
- C:\Windows\System\TQnoPng.exe
  C:\Windows\System\TQnoPng.exe
  2⤵
  PID:11696
- C:\Windows\System\FIADvLU.exe
  C:\Windows\System\FIADvLU.exe
  2⤵
  PID:11752
- C:\Windows\System\qVhMhST.exe
  C:\Windows\System\qVhMhST.exe
  2⤵
  PID:11768
- C:\Windows\System\qAimTcy.exe
  C:\Windows\System\qAimTcy.exe
  2⤵
  PID:11824
- C:\Windows\System\QcWQCsc.exe
  C:\Windows\System\QcWQCsc.exe
  2⤵
  PID:11904
- C:\Windows\System\yonyWOk.exe
  C:\Windows\System\yonyWOk.exe
  2⤵
  PID:11968
- C:\Windows\System\rvJjpWq.exe
  C:\Windows\System\rvJjpWq.exe
  2⤵
  PID:10452
- C:\Windows\System\WBVfhhw.exe
  C:\Windows\System\WBVfhhw.exe
  2⤵
  PID:12084
- C:\Windows\System\DvdYCfa.exe
  C:\Windows\System\DvdYCfa.exe
  2⤵
  PID:12140
- C:\Windows\System\OQBelYK.exe
  C:\Windows\System\OQBelYK.exe
  2⤵
  PID:12216
- C:\Windows\System\mwcvNjL.exe
  C:\Windows\System\mwcvNjL.exe
  2⤵
  PID:12280
- C:\Windows\System\XqLFZli.exe
  C:\Windows\System\XqLFZli.exe
  2⤵
  PID:11384
- C:\Windows\System\KyQMYdV.exe
  C:\Windows\System\KyQMYdV.exe
  2⤵
  PID:11552
- C:\Windows\System\bnncOrC.exe
  C:\Windows\System\bnncOrC.exe
  2⤵
  PID:11748
- C:\Windows\System\PKZwIFz.exe
  C:\Windows\System\PKZwIFz.exe
  2⤵
  PID:11848
- C:\Windows\System\aIKgABj.exe
  C:\Windows\System\aIKgABj.exe
  2⤵
  PID:12000
- C:\Windows\System\KJJKnsr.exe
  C:\Windows\System\KJJKnsr.exe
  2⤵
  PID:12132
- C:\Windows\System\RiZKPRb.exe
  C:\Windows\System\RiZKPRb.exe
  2⤵
  PID:12200
- C:\Windows\System\qMkfnuj.exe
  C:\Windows\System\qMkfnuj.exe
  2⤵
  PID:11308
- C:\Windows\System\nkhmRGw.exe
  C:\Windows\System\nkhmRGw.exe
  2⤵
  PID:11600
- C:\Windows\System\YaIZGJN.exe
  C:\Windows\System\YaIZGJN.exe
  2⤵
  PID:11940
- C:\Windows\System\qwYAxdO.exe
  C:\Windows\System\qwYAxdO.exe
  2⤵
  PID:12172
- C:\Windows\System\SGanDgn.exe
  C:\Windows\System\SGanDgn.exe
  2⤵
  PID:11480
- C:\Windows\System\nyuowlF.exe
  C:\Windows\System\nyuowlF.exe
  2⤵
  PID:12324
- C:\Windows\System\MbieiPy.exe
  C:\Windows\System\MbieiPy.exe
  2⤵
  PID:12352
- C:\Windows\System\ykSwrgw.exe
  C:\Windows\System\ykSwrgw.exe
  2⤵
  PID:12392
- C:\Windows\System\YSZWJbB.exe
  C:\Windows\System\YSZWJbB.exe
  2⤵
  PID:12420
- C:\Windows\System\oyXJmDx.exe
  C:\Windows\System\oyXJmDx.exe
  2⤵
  PID:12448
- C:\Windows\System\XvpuYof.exe
  C:\Windows\System\XvpuYof.exe
  2⤵
  PID:12488
- C:\Windows\System\pBrctzV.exe
  C:\Windows\System\pBrctzV.exe
  2⤵
  PID:12516
- C:\Windows\System\BiDHMxj.exe
  C:\Windows\System\BiDHMxj.exe
  2⤵
  PID:12544
- C:\Windows\System\CqujbJh.exe
  C:\Windows\System\CqujbJh.exe
  2⤵
  PID:12564
- C:\Windows\System\qCCHuma.exe
  C:\Windows\System\qCCHuma.exe
  2⤵
  PID:12588
- C:\Windows\System\efMVGdA.exe
  C:\Windows\System\efMVGdA.exe
  2⤵
  PID:12620
- C:\Windows\System\DiSjDFo.exe
  C:\Windows\System\DiSjDFo.exe
  2⤵
  PID:12656
- C:\Windows\System\hAuNXXF.exe
  C:\Windows\System\hAuNXXF.exe
  2⤵
  PID:12684
- C:\Windows\System\PlPucci.exe
  C:\Windows\System\PlPucci.exe
  2⤵
  PID:12712
- C:\Windows\System\zcPoEtk.exe
  C:\Windows\System\zcPoEtk.exe
  2⤵
  PID:12740
- C:\Windows\System\FjPRhju.exe
  C:\Windows\System\FjPRhju.exe
  2⤵
  PID:12768
- C:\Windows\System\qMElJpY.exe
  C:\Windows\System\qMElJpY.exe
  2⤵
  PID:12796
- C:\Windows\System\LNzxFSv.exe
  C:\Windows\System\LNzxFSv.exe
  2⤵
  PID:12824
- C:\Windows\System\qIbinfx.exe
  C:\Windows\System\qIbinfx.exe
  2⤵
  PID:12852
- C:\Windows\System\JKwpBxD.exe
  C:\Windows\System\JKwpBxD.exe
  2⤵
  PID:12880
- C:\Windows\System\LHcEhDq.exe
  C:\Windows\System\LHcEhDq.exe
  2⤵
  PID:12908
- C:\Windows\System\ioJmMbd.exe
  C:\Windows\System\ioJmMbd.exe
  2⤵
  PID:12936
- C:\Windows\System\vjxCcfx.exe
  C:\Windows\System\vjxCcfx.exe
  2⤵
  PID:12964
- C:\Windows\System\zXSOItU.exe
  C:\Windows\System\zXSOItU.exe
  2⤵
  PID:12992
- C:\Windows\System\TdHHSLo.exe
  C:\Windows\System\TdHHSLo.exe
  2⤵
  PID:13024
- C:\Windows\System\rztSbxi.exe
  C:\Windows\System\rztSbxi.exe
  2⤵
  PID:13064
- C:\Windows\System\nKyfBNF.exe
  C:\Windows\System\nKyfBNF.exe
  2⤵
  PID:13092
- C:\Windows\System\VYpbYwc.exe
  C:\Windows\System\VYpbYwc.exe
  2⤵
  PID:13276

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:10700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dsanl5l4.hqj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CSIrEaB.exe

Filesize
2.6MB

MD5
9a492a84921ff66f51db8ec5ace28c4f

SHA1
375f38d632fa28858e495d2b40f9a6614ce8a5bf

SHA256
bd9b6ab9e0457af9af74c2d833c8ed2dd84ab1069f4445406b9ecb7ca9c3be06

SHA512
12d721350d05b3e601c0eaf378aaef402aa509e64ce1f5a136a657877b20b75a606c15506fa2c27ca168a310f2f024461936b3149e8c8076b138f01f90d84051

Download Submit
C:\Windows\System\DiEZndg.exe

Filesize
2.6MB

MD5
d5af34ccaa53690d2e28b337df214d12

SHA1
ebb96fe02ed3e768edfdd64fcca4b54e3fd56727

SHA256
48d39ab1c906083e36901ebcf17894a93e9db87314eb9ca4e06f4a6b231e399f

SHA512
e34670d9f8b4aa865c522a24ac497847bafdf2408319f098ef4362db6638efe6d9916b2a6d3301b5433e169246aa52fdcfb0b0c605f861fcb06da98adce94d43

Download Submit
C:\Windows\System\ElkwAGP.exe

Filesize
2.6MB

MD5
47be4638796ae40c236c11bba2dfd746

SHA1
29415eefcca961e1cf849537cf575b1576d4cdb6

SHA256
d8bb1b191e230a5460394451b5e0b5f7131de58e7427c762a255052f3cb05a18

SHA512
a8fd56c881179914fda991cbc8511f3e2f7a6efbf2646c51a498f91e12ced3af08758740bec61df97019395633441979893cb030e70d2b76a89d6d0085410d84

Download Submit
C:\Windows\System\HSSYuQg.exe

Filesize
2.6MB

MD5
611eb560358706e12b9d081fcd7d160d

SHA1
74aa0826db5ba1e51019448c565f790c0f419cb2

SHA256
205bf1939d547ada32802e29b4b5a7acb002b4793080fe261533042be210c508

SHA512
8217e4e473a109e1cf210c86ae950025506ede6c9d4112596b8b8bf89b28df4b3862211a6027406a788815d8f201548f88f3b4794ff4b3db8fa46fdf368d3e87

Download Submit
C:\Windows\System\HmUfXfs.exe

Filesize
2.6MB

MD5
8aaf0cc66c41ed418dd3b4f8b9383a6a

SHA1
746112432d66a42114d8b7ffae160e267856851f

SHA256
8987e0be40fda6504fd44d5b569d6fc9093228510362d1e69796d383887d750c

SHA512
460456573c57f345e368ede1de7492d5de066a7f34eddab2d76c89740b1855d8a07fb525e0565ceb9b843e605f21a73952dfd3194debd93d5181e9d5f8335d81

Download Submit
C:\Windows\System\IJcWDmf.exe

Filesize
2.6MB

MD5
371ba07f8f4064047beb4c97a3748972

SHA1
4e8a92a3fb0e6ef925bd71872ca4ae40c254b4f9

SHA256
628df730376ca04bb2b8ad997d4345e39f7c234f8d18206e0314e2f686ecf4b0

SHA512
65117169f90d5d54d20b4ecdf8b4d2a2f7749e4d7b485ce7f350eab50b18f2febbca0ea8f3314f12375bee14202acb945a49ec8bf1b445bbfbc61e666ea9dd85

Download Submit
C:\Windows\System\IONpbpy.exe

Filesize
2.6MB

MD5
50f3a3bc5fa0fdb43a46d814ca5a2f62

SHA1
7cd6cda4d01bcfb2b8e3ea2ce26afdaed3e4d5de

SHA256
2cab00e6f9a4314968b0e67062f47ef4fbd9521b9efde65c961cee990b18eacf

SHA512
49ff5fb124baab63a30274d60218f1275fcaab79576267c3fdecacb263e7d384be2b2336902fa135eaff238f85cdd61d28cfbf8034a5b02ba0fa4e2a965186a5

Download Submit
C:\Windows\System\IoKcRMB.exe

Filesize
2.6MB

MD5
86ccac76b421e879bfc5436aa4d4eb3d

SHA1
0721128b55aecd8fb76fa22d529f6d466786f13b

SHA256
8fbfb9dcf65de50f7466ada12356b761d98bf75aac8f571e350a10ab5c5d80b4

SHA512
361dcc28db6d934335c5270756dfc89b91c016713bdc8838c3a5038759938e05a5b9f153c1708822235bd53c70bd0fed477b1a2ed14238c82c169e886cf2e7e6

Download Submit
C:\Windows\System\KcGvFok.exe

Filesize
2.6MB

MD5
cfef2b546ec24c0253d4d6030ab56928

SHA1
898c789b82b810bc5e8a7dc8d47b7df67bec25fd

SHA256
8fcee66b9056c2501ac3034d3086bfb9172739e75c291be8524c41b0bb8d593e

SHA512
aa4ffbc737f687f2bb92a8ba9489847d235b0163ce35818c9a19db651b6c814b901c634c83cddf321f743eefe35b43e28254b7a654b46e91af42a616107ecb00

Download Submit
C:\Windows\System\OMqKlsu.exe

Filesize
2.6MB

MD5
87636f138108d2490285bf6410fdd6c9

SHA1
625455ab1b8b4e5c2a6601ea38e002fd2cf8a369

SHA256
19c442c451ab9c962879dd5c9174236fb5ee229460b33c1ec4efa3f5c4a64c86

SHA512
9f2b2c32db6ff6b7817ea2f926dd392fd00685855ef2ea3871e091825c0c28574e72d686ea492341ae9ff4eabb69237e15d64ca760cb847760c4bbc974605809

Download Submit
C:\Windows\System\PhptZpH.exe

Filesize
2.6MB

MD5
c24a2eda94dc1d00bfbc1b2f8f6ff8c8

SHA1
e5165d41ec4fe901d7c07d0f8e1d71bf8c8a93fe

SHA256
fb37e65a206b7786745b76228876fd5dae7b5225255c99492ea03cb2b7555472

SHA512
e130bbdae956eeb3a5476ba33a10bc9185d3748785198c02d243f39a60d3e39fd408891a9cd5e7eaecff23f66d6eadfb7277d35fae3a72319ad98fb7bbdcd9c7

Download Submit
C:\Windows\System\REgvinx.exe

Filesize
2.6MB

MD5
401884222505e6fcf638717bf96cd180

SHA1
e60fb9057ca4d707c2aacf69f681f6c885bba92d

SHA256
27827b078602759b4421a9d66de21d12786c593c404686af53d4c8de5018c1b8

SHA512
20073c0c873652cbfdb142c6447f221310d8629fe243ca93045a31f640c12b6c7d0dc2d3fc90ea6eeeffdc19c51b30a09c2095a63c5f480e60c60f3c572d28dc

Download Submit
C:\Windows\System\RpeibuF.exe

Filesize
2.6MB

MD5
e69d62a62ce038bcc7664d3929ee294b

SHA1
13523fc2a4852715b5c219efa8166e9bfefc66b0

SHA256
f10a31531e774aa5db1f38cbf040205be23ef185845fe5ee5e805cab1da5fa21

SHA512
fdd058dd341816e99e2e84cf452da74f4137ed9114e419bd7ceb2eef9e980eae01b97ed8c263936973e59c66b8d6275b791886864381bdf42a8ab9a28d260f77

Download Submit
C:\Windows\System\SfMMhoB.exe

Filesize
2.6MB

MD5
e2cefb0f869a3b5ea8faeabe2bcad405

SHA1
0257aac2299db81ee453599a3ff50d4bf1af6c94

SHA256
5b234ef65cf21232749358907d9a31cf583909b048a6f3979edd6fcb80c6243c

SHA512
cf6792d243c84589541be51c3c8f44f1aa9aba7e8b24893c0a1b96c49c592373056e0312592cd7370ef1bceba220e44fe881fa910b2976433a8b24ac2d2ac85d

Download Submit
C:\Windows\System\VyOOWol.exe

Filesize
2.6MB

MD5
075901aa3050f4a540f61fef10ce6a64

SHA1
6ebb72495100d73de114ba899db6ab88c386b949

SHA256
7fd1f0d5d6926bd36afef1325b77a495eeb10accfe081558e8f5e89f6d19dcc2

SHA512
1f037146b7a346e72bc06c664635fcde2b4daf08fa535067f729665dc762d1f7b27aa4b69f7bfb0b8728e4d8685e6267cc63eb366d0e2eb9f89ebde8b5cc1b94

Download Submit
C:\Windows\System\XRMQqbr.exe

Filesize
2.6MB

MD5
b3e96b2f4fe253f562a86cefc43cdf00

SHA1
2909091a4ae07f04d0ef93148062f84b14b5e30b

SHA256
51fa499765a29fb7356b6cfec20903baf78a0da2d088e061f7f9a3f8cfd91c11

SHA512
da194f46153c710376a33c9cde153f50e3ab82c6660b7d97e77f97379c69cf4337751ee42425a610b4df193071dbea23a35f31ae409802bf71023c6204f0cb81

Download Submit
C:\Windows\System\ZdcKWVr.exe

Filesize
2.6MB

MD5
e0ef83adf0e39f3406a74ba460397dee

SHA1
cd574c807fe4bd46e616ec6c2db77a5df0e74eb7

SHA256
510de65f85c87a73f0a00363c3aaa8fea402765b682f41b74de2e000d8d3791a

SHA512
a112df8bae787907b738903231629a713791f0700e4ca13a878c5e7712bb992a9cbc5314795ad904a8efde334f8234c5aae5f1f59a73148a06aeaa381811a6e0

Download Submit
C:\Windows\System\ZjdIhvf.exe

Filesize
2.6MB

MD5
fbe15d2b4e23041a6c92e01bf507604b

SHA1
7fd05f2e56317b693d38e0f379959e78a5249587

SHA256
ed10c1344791d1b59792ccf6ec448aa7b213ca5872672a5fd4006823a430cd5e

SHA512
ca7161ebf93aa12c3689eaa942ec121760b60d0d33468fa0e5ac10fc53ccb947014e83bd516d427db5e103dc2e3ae5fb6d4af5eb0a895cf0c7784ae0a9ad07f3

Download Submit
C:\Windows\System\cYHyeyb.exe

Filesize
2.6MB

MD5
ac2841c1cfd04ad0459671d5c1b0dfbc

SHA1
f99d443d26a0fea68854d9cbcc7658c592365bb2

SHA256
28ccf8ed1791d2c7e256c0340e4b3312303b40ecdf4fba4a7225440c4a45b08e

SHA512
d454c1560e87be4ee0c1bb24828c5080895693f2053090fb6fd9f4d98f7e70bf9c456752ff6464be78c6c32bfdce41780509d4c488f728c259578932eb4bb819

Download Submit
C:\Windows\System\eAkTmnR.exe

Filesize
2.6MB

MD5
698fcef8a73861e7134648a1c37a4af6

SHA1
1c22b64cd70ca287a1ffe763abc089be45d545d5

SHA256
e430c9aed5be4cdafedec9452bb3f953b80f562834a1ad1d54df5572c0d9dad1

SHA512
419288425672ada01c6834458730a224df28ad158c4b603ce890f0314cc4979328863cec868bcf6f11c1d2b49ad6a1e5c095439b727ae41e6758581a4f26f506

Download Submit
C:\Windows\System\fvUKMKV.exe

Filesize
2.6MB

MD5
5d874bf27bde896519df569f6fae594f

SHA1
66f1389d1b8ca6794df4b565043d3e75fa281d91

SHA256
4ef9790a9e108d94ac44e84dba468f5aace294ebe7707808ecc6fdbd3cdc6924

SHA512
85f3937c81b651bfa458c976d304eaf6732894ebd6967e2679480cf125589d78a92c0cc120e36549650b19da79304b40f95dd996c2e2aab7fbfb7c69c267954a

Download Submit
C:\Windows\System\hTcKVLV.exe

Filesize
2.6MB

MD5
e01457049e3f48807a59b8d1c34846ed

SHA1
c6953fbac6f499e34d8bac4f5f5728cd3f19fd4d

SHA256
bf2ef9bc7458d22f2bfef0284bf038ce93c822ff7e1083ec046a8a83075cc569

SHA512
c132090c02ac326cf7cf1818eee50f5f0653a159fb45cc5b83dc0cabc937b05683591c1a128020b1675c893d2ef9056791821ff8d26a368049a806ad60ce85d8

Download Submit
C:\Windows\System\lxBGyjE.exe

Filesize
2.6MB

MD5
4a02f06ab4181ab09515e3af8bbcf3b1

SHA1
eee7c8c3268c97a8e378cbd67ea7bb0d1e9574aa

SHA256
f0e9dd9b08cee178666ebd9f31fbcd0cd03bccb59f8b706b604639bd3ab7b190

SHA512
9e22bb3d809b72d3e75e744d1d13876ce6c8816c416263155775071c90358fb73ea2be39184ec0aa6a07a6aeb647cb402d7fb4eae7f9c13bb381ba5de9685885

Download Submit
C:\Windows\System\nbNXcXZ.exe

Filesize
2.6MB

MD5
fe80e5f9241394a757d33e7d9a3a25ce

SHA1
60bc9494b8c67df41a5ac18be37b66380bc7d906

SHA256
ed67bdf67eaabc0be979997719d4e6e0d926475e3605b5fd1004fbd5b183c2ff

SHA512
91d4ee3307f8d77c74ee661f235b28174e9ea69b7ebd63d8e32f015b9933282234211bdf216f87ed874dfd48d80c4c562ba8da6ea5c94c5ec4844bddd976bb45

Download Submit
C:\Windows\System\oPknAdo.exe

Filesize
2.6MB

MD5
c92df250d24635725b852d7961dac0b8

SHA1
c610462880480bec82e6167140cc434180b17d96

SHA256
b1b247e851f01dd705bc019acb32cd1250c8d8d8f2da52f34d0e116b7dfbce9d

SHA512
c87fb4e90352eb6ddbef1c1ed271c0f065b66e93190d127c08930b37af9fea540da4bd9e52a709629dfa01291374a3be71be7e0acc0555a821e61d220ef2b486

Download Submit
C:\Windows\System\rMWZwxr.exe

Filesize
2.6MB

MD5
f5088fcb7fd55343b0cf0d7e79469d57

SHA1
51de692ddd6a5b3b91311389388a5593dc0916d1

SHA256
d64915ae70d4b4c62ad409fed4d39ac409b5ea62d323112721867c86eabf44c8

SHA512
b6f3ea244a4840821b53f505b1a04eb7f4080d6d2e77193cce72e1235374e4e33fc0930102cbfc02f6d52c019efdc1be36b198c114945820330e1a0762719c44

Download Submit
C:\Windows\System\rhycflr.exe

Filesize
2.6MB

MD5
ab769da60b46659a22d55a3280bcdc76

SHA1
d09d9c2ba57237e01ac16839c4afb5aa01f62beb

SHA256
87b6b89d5717147ff7d58aeee30ff8fa6d4ee92535af0fd0f6bc2e0aca5f9955

SHA512
25755a6463283a30d5811b4d8c379d416af968afcd0bdcf4664b0ba7ec0cc205c27ed968a293e4be7b925db00a35869fef966df26be7e52283a968b5ef9be232

Download Submit
C:\Windows\System\sGUhaUq.exe

Filesize
2.6MB

MD5
33aa5607ad042c4941e4a05c865500d1

SHA1
58ae9c9b3ebad515574536307e9299295701d048

SHA256
db082e39cc73b4aede976dc62fcee5b93d5cfbda342cf011b5762af58a8e5c9c

SHA512
54b0e47811f65f36877f389327c37f6a872cbadb0cbe4f0a3100153c5efe77d16811399b0e88dcf33c1d4433b75502911a55f1a528f73ab7e3c96c6ddd0ddebc

Download Submit
C:\Windows\System\tDHkElh.exe

Filesize
2.6MB

MD5
9b11b5b26f46a04bd3d59c00f2f473d6

SHA1
7efddea8f3c80eb5025d211a593e3492d0be9d9f

SHA256
c3e064f7f5eefc3c4ae119da6adbfada2fbb3cbedff94b2f606b3d61dbf212ba

SHA512
195d04f6652bb1e5facc86d5b9fb7ecc627ec39bd01279793bd0ed1e5be06c56440963024057e39291536bdbe88c337b9e04e7191127ffbbf81fd21130affe27

Download Submit
C:\Windows\System\wnPAwFk.exe

Filesize
2.6MB

MD5
6bcb44a80c45767c51076ffa4b37086d

SHA1
caefbe735bff6373f327f8a5e71c1bca309a9bc6

SHA256
0255fb487cf6bcf68b313b78081f823266fc0ab1ef4ffa680b52c256749d5699

SHA512
0640cc7c8a3889af2f51eca18c2c35b7253b47c8681918b594e9f928581b5ffd975a0dc2e37233ee6d21affab819a4e01337f8f8cc33ef019b1efd8f8db02a1d

Download Submit
C:\Windows\System\xTxtAhs.exe

Filesize
2.6MB

MD5
c65f4900f8e9f752b8b3681334d838e7

SHA1
046ced338c40947499475c3a19c0e2eb587870a6

SHA256
75121d61d89b8e470181af6bbac5c87b55ed6d2b22524758e71c3cabb45cc1b6

SHA512
e5caff9e980e4e25665ce6c6cbcf5aab3ea31b4ddf15f45a479b4b6eb19cf5397c0fa6f6ab6064cf3bc42041b11a350fbec6d3412c88432277eee6c98a9014a6

Download Submit
C:\Windows\System\xfHPswE.exe

Filesize
2.6MB

MD5
c8eb2112807f21bdb0dcfc8b9dcf93b1

SHA1
8b151f686a6d5f7438943c876f6ac44b680fd662

SHA256
bb7db543f6c5d2d3a7dc3dc95ebac22d5420cf204921011e568e6db947e695f0

SHA512
ced4d969163c46d9f7071b1f4ba8651e65b3388785e08669cd109c9d6a86943314fe9a607dc753530c8bffc39f81b2943380d68ffa87b6c441d7e50a29206312

Download Submit
C:\Windows\System\xgFUHLP.exe

Filesize
2.6MB

MD5
51ad5ae441efe05f75d5d8c09d2e2a12

SHA1
75b07815a32d4ef7f7b60ea2ba543ea6df81fd19

SHA256
4bd7fa6d30a0c0e35683deccfa0613e3c871abc70d52105564fd8b365e54f708

SHA512
fc2c8854d8702198181ac7bf56e5e6475c1792fba309bd71ee0fea2710a7d6358e2febc1c3d1cdbd5b7035e231323edf5e06913ea18486a105a7a6d6c7793ac3

Download Submit
C:\Windows\System\xgFUHLP.exe

Filesize
1.4MB

MD5
a6fca15c6f1b82902fa40217551a5dce

SHA1
cdbac7c814c5f3e71e2a153b641e40ce0589d501

SHA256
3ba6d22fa35dab250eefff04c343188557e3ed286fb6145ed4c2ea6f1a6e8775

SHA512
f28ec9135e630578e081aa0ac646039b1e580e8f68a413da70116b3f6a995b67d0d7dcc852a928bc57ac964e5b406c473a2e1622f62eb2e6e1afba8aeddee041

Download Submit
memory/212-61-0x00007FF6A9920000-0x00007FF6A9D16000-memory.dmp

Filesize
4.0MB

Download
memory/212-2052-0x00007FF6A9920000-0x00007FF6A9D16000-memory.dmp

Filesize
4.0MB

Download
memory/540-2069-0x00007FF7F6F20000-0x00007FF7F7316000-memory.dmp

Filesize
4.0MB

Download
memory/540-194-0x00007FF7F6F20000-0x00007FF7F7316000-memory.dmp

Filesize
4.0MB

Download
memory/636-174-0x00007FF6CEF50000-0x00007FF6CF346000-memory.dmp

Filesize
4.0MB

Download
memory/636-2060-0x00007FF6CEF50000-0x00007FF6CF346000-memory.dmp

Filesize
4.0MB

Download
memory/660-184-0x00007FF77CE10000-0x00007FF77D206000-memory.dmp

Filesize
4.0MB

Download
memory/660-2071-0x00007FF77CE10000-0x00007FF77D206000-memory.dmp

Filesize
4.0MB

Download
memory/1052-0-0x00007FF7EFA90000-0x00007FF7EFE86000-memory.dmp

Filesize
4.0MB

Download
memory/1052-1-0x0000026413B00000-0x0000026413B10000-memory.dmp

Filesize
64KB

Download
memory/1304-185-0x00007FF709E10000-0x00007FF70A206000-memory.dmp

Filesize
4.0MB

Download
memory/1304-2073-0x00007FF709E10000-0x00007FF70A206000-memory.dmp

Filesize
4.0MB

Download
memory/1572-187-0x00007FF7C0930000-0x00007FF7C0D26000-memory.dmp

Filesize
4.0MB

Download
memory/1572-2066-0x00007FF7C0930000-0x00007FF7C0D26000-memory.dmp

Filesize
4.0MB

Download
memory/1672-128-0x00007FF60CF50000-0x00007FF60D346000-memory.dmp

Filesize
4.0MB

Download
memory/1672-2058-0x00007FF60CF50000-0x00007FF60D346000-memory.dmp

Filesize
4.0MB

Download
memory/1752-181-0x00007FF6E4B10000-0x00007FF6E4F06000-memory.dmp

Filesize
4.0MB

Download
memory/1752-2074-0x00007FF6E4B10000-0x00007FF6E4F06000-memory.dmp

Filesize
4.0MB

Download
memory/1760-2072-0x00007FF7C1100000-0x00007FF7C14F6000-memory.dmp

Filesize
4.0MB

Download
memory/1760-193-0x00007FF7C1100000-0x00007FF7C14F6000-memory.dmp

Filesize
4.0MB

Download
memory/1988-2061-0x00007FF6EF910000-0x00007FF6EFD06000-memory.dmp

Filesize
4.0MB

Download
memory/1988-191-0x00007FF6EF910000-0x00007FF6EFD06000-memory.dmp

Filesize
4.0MB

Download
memory/2140-148-0x00007FF7BF790000-0x00007FF7BFB86000-memory.dmp

Filesize
4.0MB

Download
memory/2140-2056-0x00007FF7BF790000-0x00007FF7BFB86000-memory.dmp

Filesize
4.0MB

Download
memory/2240-2075-0x00007FF7AD820000-0x00007FF7ADC16000-memory.dmp

Filesize
4.0MB

Download
memory/2240-182-0x00007FF7AD820000-0x00007FF7ADC16000-memory.dmp

Filesize
4.0MB

Download
memory/2376-166-0x00007FF767B30000-0x00007FF767F26000-memory.dmp

Filesize
4.0MB

Download
memory/2376-2062-0x00007FF767B30000-0x00007FF767F26000-memory.dmp

Filesize
4.0MB

Download
memory/2720-2055-0x00007FF798640000-0x00007FF798A36000-memory.dmp

Filesize
4.0MB

Download
memory/2720-107-0x00007FF798640000-0x00007FF798A36000-memory.dmp

Filesize
4.0MB

Download
memory/3388-161-0x00007FF666AF0000-0x00007FF666EE6000-memory.dmp

Filesize
4.0MB

Download
memory/3388-2063-0x00007FF666AF0000-0x00007FF666EE6000-memory.dmp

Filesize
4.0MB

Download
memory/3536-2053-0x00007FF6AF280000-0x00007FF6AF676000-memory.dmp

Filesize
4.0MB

Download
memory/3536-102-0x00007FF6AF280000-0x00007FF6AF676000-memory.dmp

Filesize
4.0MB

Download
memory/3636-2051-0x00007FFB06F83000-0x00007FFB06F85000-memory.dmp

Filesize
8KB

Download
memory/3636-2050-0x00007FFB06F80000-0x00007FFB07A41000-memory.dmp

Filesize
10.8MB

Download
memory/3636-6-0x00007FFB06F83000-0x00007FFB06F85000-memory.dmp

Filesize
8KB

Download
memory/3636-37-0x0000028C258A0000-0x0000028C258C2000-memory.dmp

Filesize
136KB

Download
memory/3636-41-0x00007FFB06F80000-0x00007FFB07A41000-memory.dmp

Filesize
10.8MB

Download
memory/3636-195-0x0000028C26470000-0x0000028C26C16000-memory.dmp

Filesize
7.6MB

Download
memory/3636-87-0x00007FFB06F80000-0x00007FFB07A41000-memory.dmp

Filesize
10.8MB

Download
memory/3816-2057-0x00007FF719D70000-0x00007FF71A166000-memory.dmp

Filesize
4.0MB

Download
memory/3816-147-0x00007FF719D70000-0x00007FF71A166000-memory.dmp

Filesize
4.0MB

Download
memory/4064-173-0x00007FF7F5630000-0x00007FF7F5A26000-memory.dmp

Filesize
4.0MB

Download
memory/4064-2065-0x00007FF7F5630000-0x00007FF7F5A26000-memory.dmp

Filesize
4.0MB

Download
memory/4360-2059-0x00007FF71A690000-0x00007FF71AA86000-memory.dmp

Filesize
4.0MB

Download
memory/4360-190-0x00007FF71A690000-0x00007FF71AA86000-memory.dmp

Filesize
4.0MB

Download
memory/4484-2070-0x00007FF645130000-0x00007FF645526000-memory.dmp

Filesize
4.0MB

Download
memory/4484-183-0x00007FF645130000-0x00007FF645526000-memory.dmp

Filesize
4.0MB

Download
memory/4544-192-0x00007FF765FE0000-0x00007FF7663D6000-memory.dmp

Filesize
4.0MB

Download
memory/4544-2067-0x00007FF765FE0000-0x00007FF7663D6000-memory.dmp

Filesize
4.0MB

Download
memory/4604-2064-0x00007FF6A68B0000-0x00007FF6A6CA6000-memory.dmp

Filesize
4.0MB

Download
memory/4604-186-0x00007FF6A68B0000-0x00007FF6A6CA6000-memory.dmp

Filesize
4.0MB

Download
memory/4780-2068-0x00007FF7FC5B0000-0x00007FF7FC9A6000-memory.dmp

Filesize
4.0MB

Download
memory/4780-188-0x00007FF7FC5B0000-0x00007FF7FC9A6000-memory.dmp

Filesize
4.0MB

Download
memory/4912-189-0x00007FF699590000-0x00007FF699986000-memory.dmp

Filesize
4.0MB

Download
memory/4912-2054-0x00007FF699590000-0x00007FF699986000-memory.dmp

Filesize
4.0MB

Download