xmrig | 99ca004a804a7e454fd7e8d72c3178222c80909f161de2a8c536b0a958f4fd58

Analysis

max time kernel
131s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
Size

1.6MB
MD5

9a81b969f592aeea08846469024ff800
SHA1

2e41498b2a2429d49686b61666f2c02fdfe7090c
SHA256

99ca004a804a7e454fd7e8d72c3178222c80909f161de2a8c536b0a958f4fd58
SHA512

482fa6955699188feb3d314b273202c39f20db05e237676c2265c2e9079e8f78534990b92e49389167b54e496d6207a271dbdaf8acdd299c978cebe806859fd9
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvj7NaVNqd9OeSZXCdzvd4/iooIXsLL0evy:Lz071uv4BPMkHC0IaSEzQR4iRLEea

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral2/memory/3936-16-0x00007FF732670000-0x00007FF732A62000-memory.dmp	xmrig
behavioral2/memory/2856-63-0x00007FF6C5E50000-0x00007FF6C6242000-memory.dmp	xmrig
behavioral2/memory/4036-68-0x00007FF71FD10000-0x00007FF720102000-memory.dmp	xmrig
behavioral2/memory/736-135-0x00007FF6B4150000-0x00007FF6B4542000-memory.dmp	xmrig
behavioral2/memory/556-157-0x00007FF73EBE0000-0x00007FF73EFD2000-memory.dmp	xmrig
behavioral2/memory/1300-182-0x00007FF6A2D90000-0x00007FF6A3182000-memory.dmp	xmrig
behavioral2/memory/5036-176-0x00007FF76F160000-0x00007FF76F552000-memory.dmp	xmrig
behavioral2/memory/5032-175-0x00007FF70CA30000-0x00007FF70CE22000-memory.dmp	xmrig
behavioral2/memory/3076-169-0x00007FF764130000-0x00007FF764522000-memory.dmp	xmrig
behavioral2/memory/3884-163-0x00007FF716270000-0x00007FF716662000-memory.dmp	xmrig
behavioral2/memory/3468-151-0x00007FF60D7F0000-0x00007FF60DBE2000-memory.dmp	xmrig
behavioral2/memory/1588-145-0x00007FF631950000-0x00007FF631D42000-memory.dmp	xmrig
behavioral2/memory/1196-139-0x00007FF6F9390000-0x00007FF6F9782000-memory.dmp	xmrig
behavioral2/memory/4748-134-0x00007FF7C5B20000-0x00007FF7C5F12000-memory.dmp	xmrig
behavioral2/memory/3668-128-0x00007FF7A0E50000-0x00007FF7A1242000-memory.dmp	xmrig
behavioral2/memory/4104-119-0x00007FF7774B0000-0x00007FF7778A2000-memory.dmp	xmrig
behavioral2/memory/4304-115-0x00007FF7CC6C0000-0x00007FF7CCAB2000-memory.dmp	xmrig
behavioral2/memory/1580-107-0x00007FF64DD60000-0x00007FF64E152000-memory.dmp	xmrig
behavioral2/memory/4348-102-0x00007FF719EE0000-0x00007FF71A2D2000-memory.dmp	xmrig
behavioral2/memory/5056-97-0x00007FF7C23A0000-0x00007FF7C2792000-memory.dmp	xmrig
behavioral2/memory/3756-87-0x00007FF66DA10000-0x00007FF66DE02000-memory.dmp	xmrig
behavioral2/memory/2940-82-0x00007FF6160A0000-0x00007FF616492000-memory.dmp	xmrig
behavioral2/memory/4240-79-0x00007FF7E5CD0000-0x00007FF7E60C2000-memory.dmp	xmrig
behavioral2/memory/3704-81-0x00007FF70E020000-0x00007FF70E412000-memory.dmp	xmrig
behavioral2/memory/4232-1974-0x00007FF7F61B0000-0x00007FF7F65A2000-memory.dmp	xmrig
behavioral2/memory/3936-2009-0x00007FF732670000-0x00007FF732A62000-memory.dmp	xmrig
behavioral2/memory/3936-2022-0x00007FF732670000-0x00007FF732A62000-memory.dmp	xmrig
behavioral2/memory/2856-2047-0x00007FF6C5E50000-0x00007FF6C6242000-memory.dmp	xmrig
behavioral2/memory/4036-2049-0x00007FF71FD10000-0x00007FF720102000-memory.dmp	xmrig
behavioral2/memory/4240-2068-0x00007FF7E5CD0000-0x00007FF7E60C2000-memory.dmp	xmrig
behavioral2/memory/2940-2067-0x00007FF6160A0000-0x00007FF616492000-memory.dmp	xmrig
behavioral2/memory/5056-2070-0x00007FF7C23A0000-0x00007FF7C2792000-memory.dmp	xmrig
behavioral2/memory/3668-2064-0x00007FF7A0E50000-0x00007FF7A1242000-memory.dmp	xmrig
behavioral2/memory/3756-2063-0x00007FF66DA10000-0x00007FF66DE02000-memory.dmp	xmrig
behavioral2/memory/4348-2059-0x00007FF719EE0000-0x00007FF71A2D2000-memory.dmp	xmrig
behavioral2/memory/3704-2061-0x00007FF70E020000-0x00007FF70E412000-memory.dmp	xmrig
behavioral2/memory/1588-2077-0x00007FF631950000-0x00007FF631D42000-memory.dmp	xmrig
behavioral2/memory/1196-2080-0x00007FF6F9390000-0x00007FF6F9782000-memory.dmp	xmrig
behavioral2/memory/4748-2084-0x00007FF7C5B20000-0x00007FF7C5F12000-memory.dmp	xmrig
behavioral2/memory/736-2082-0x00007FF6B4150000-0x00007FF6B4542000-memory.dmp	xmrig
behavioral2/memory/4104-2078-0x00007FF7774B0000-0x00007FF7778A2000-memory.dmp	xmrig
behavioral2/memory/1580-2074-0x00007FF64DD60000-0x00007FF64E152000-memory.dmp	xmrig
behavioral2/memory/4304-2073-0x00007FF7CC6C0000-0x00007FF7CCAB2000-memory.dmp	xmrig
behavioral2/memory/3884-2086-0x00007FF716270000-0x00007FF716662000-memory.dmp	xmrig
behavioral2/memory/3076-2103-0x00007FF764130000-0x00007FF764522000-memory.dmp	xmrig
behavioral2/memory/5036-2096-0x00007FF76F160000-0x00007FF76F552000-memory.dmp	xmrig
behavioral2/memory/5032-2095-0x00007FF70CA30000-0x00007FF70CE22000-memory.dmp	xmrig
behavioral2/memory/3468-2092-0x00007FF60D7F0000-0x00007FF60DBE2000-memory.dmp	xmrig
behavioral2/memory/1300-2091-0x00007FF6A2D90000-0x00007FF6A3182000-memory.dmp	xmrig
behavioral2/memory/556-2088-0x00007FF73EBE0000-0x00007FF73EFD2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	3064	powershell.exe
11	3064	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3064	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3936	WAcAxuv.exe
2856	POfEzoo.exe
4036	PkRSVfQ.exe
3668	fPdRDQz.exe
4240	QCXGfQF.exe
3704	WeyrZLI.exe
2940	kqcRhBv.exe
3756	SKbwEXw.exe
5056	mOGMFUF.exe
4348	afUQcpx.exe
4748	OzBrWru.exe
1580	QBMcXtD.exe
4304	uYETuhu.exe
736	GQBzPhO.exe
1196	wCjJcxY.exe
1588	XfRiYDm.exe
4104	QGqWGyZ.exe
3468	UrdtfyC.exe
556	cJzkdmq.exe
3884	qKanQGH.exe
3076	mJCnqMl.exe
5032	teLHvbZ.exe
5036	SkNhENN.exe
1300	LXaPndB.exe
4120	IsdNAbN.exe
4784	hgVrcro.exe
768	MDuXInh.exe
804	jJPFpDH.exe
1092	Ijeybyk.exe
4040	tbEcSYP.exe
4684	bDLxiyU.exe
4148	uCjPBDj.exe
2148	mgpvHvm.exe
1268	WBiVDsW.exe
3136	HWBnHrC.exe
3312	aZsufVF.exe
2188	eLsdCip.exe
3888	RtzrbTq.exe
1824	rsgikPB.exe
2760	gOCdQws.exe
4500	krktMpQ.exe
2108	nyErmNS.exe
1028	ocGmRXP.exe
1800	hXSCKtX.exe
5052	UestaYc.exe
4936	FgPxQND.exe
4064	TQhFOgJ.exe
2828	KaKTWkd.exe
2560	oCzWuov.exe
4156	tQrOAxD.exe
1640	SizWFOo.exe
4236	GzDpfqb.exe
1076	lWRLLkH.exe
4332	MRWcPGy.exe
2012	HgZPgNF.exe
832	rlMQQpT.exe
2272	nAyNyUM.exe
2184	YjHAAIA.exe
4860	VEDJMwh.exe
2224	hTHQHqT.exe
1860	ddhzTsX.exe
932	yQUDIaF.exe
4448	HRUTTPc.exe
1876	wLEHxKP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4232-0-0x00007FF7F61B0000-0x00007FF7F65A2000-memory.dmp	upx
behavioral2/files/0x0008000000023462-6.dat	upx
behavioral2/files/0x0007000000023467-14.dat	upx
behavioral2/files/0x0007000000023466-13.dat	upx
behavioral2/memory/3936-16-0x00007FF732670000-0x00007FF732A62000-memory.dmp	upx
behavioral2/files/0x000700000002346a-34.dat	upx
behavioral2/files/0x0007000000023469-38.dat	upx
behavioral2/memory/2856-63-0x00007FF6C5E50000-0x00007FF6C6242000-memory.dmp	upx
behavioral2/memory/4036-68-0x00007FF71FD10000-0x00007FF720102000-memory.dmp	upx
behavioral2/files/0x0007000000023472-85.dat	upx
behavioral2/files/0x0007000000023474-92.dat	upx
behavioral2/files/0x0008000000023463-103.dat	upx
behavioral2/files/0x0007000000023475-112.dat	upx
behavioral2/files/0x0007000000023476-123.dat	upx
behavioral2/memory/736-135-0x00007FF6B4150000-0x00007FF6B4542000-memory.dmp	upx
behavioral2/memory/556-157-0x00007FF73EBE0000-0x00007FF73EFD2000-memory.dmp	upx
behavioral2/files/0x000700000002347e-166.dat	upx
behavioral2/files/0x000700000002347f-172.dat	upx
behavioral2/memory/1300-182-0x00007FF6A2D90000-0x00007FF6A3182000-memory.dmp	upx
behavioral2/files/0x0007000000023482-190.dat	upx
behavioral2/files/0x0007000000023484-200.dat	upx
behavioral2/files/0x0007000000023483-195.dat	upx
behavioral2/files/0x0007000000023481-193.dat	upx
behavioral2/files/0x0007000000023480-188.dat	upx
behavioral2/memory/5036-176-0x00007FF76F160000-0x00007FF76F552000-memory.dmp	upx
behavioral2/memory/5032-175-0x00007FF70CA30000-0x00007FF70CE22000-memory.dmp	upx
behavioral2/files/0x000700000002347d-170.dat	upx
behavioral2/memory/3076-169-0x00007FF764130000-0x00007FF764522000-memory.dmp	upx
behavioral2/files/0x000700000002347c-164.dat	upx
behavioral2/memory/3884-163-0x00007FF716270000-0x00007FF716662000-memory.dmp	upx
behavioral2/files/0x000700000002347b-158.dat	upx
behavioral2/files/0x000700000002347a-152.dat	upx
behavioral2/memory/3468-151-0x00007FF60D7F0000-0x00007FF60DBE2000-memory.dmp	upx
behavioral2/files/0x0007000000023479-146.dat	upx
behavioral2/memory/1588-145-0x00007FF631950000-0x00007FF631D42000-memory.dmp	upx
behavioral2/files/0x0007000000023478-140.dat	upx
behavioral2/memory/1196-139-0x00007FF6F9390000-0x00007FF6F9782000-memory.dmp	upx
behavioral2/memory/4748-134-0x00007FF7C5B20000-0x00007FF7C5F12000-memory.dmp	upx
behavioral2/memory/3668-128-0x00007FF7A0E50000-0x00007FF7A1242000-memory.dmp	upx
behavioral2/files/0x0007000000023477-126.dat	upx
behavioral2/memory/4104-119-0x00007FF7774B0000-0x00007FF7778A2000-memory.dmp	upx
behavioral2/memory/4304-115-0x00007FF7CC6C0000-0x00007FF7CCAB2000-memory.dmp	upx
behavioral2/files/0x0008000000023471-110.dat	upx
behavioral2/files/0x0008000000023470-108.dat	upx
behavioral2/memory/1580-107-0x00007FF64DD60000-0x00007FF64E152000-memory.dmp	upx
behavioral2/memory/4348-102-0x00007FF719EE0000-0x00007FF71A2D2000-memory.dmp	upx
behavioral2/memory/5056-97-0x00007FF7C23A0000-0x00007FF7C2792000-memory.dmp	upx
behavioral2/files/0x000700000002346f-90.dat	upx
behavioral2/memory/3756-87-0x00007FF66DA10000-0x00007FF66DE02000-memory.dmp	upx
behavioral2/files/0x0007000000023473-83.dat	upx
behavioral2/memory/2940-82-0x00007FF6160A0000-0x00007FF616492000-memory.dmp	upx
behavioral2/memory/4240-79-0x00007FF7E5CD0000-0x00007FF7E60C2000-memory.dmp	upx
behavioral2/memory/3704-81-0x00007FF70E020000-0x00007FF70E412000-memory.dmp	upx
behavioral2/files/0x000700000002346d-62.dat	upx
behavioral2/files/0x000700000002346c-59.dat	upx
behavioral2/files/0x000700000002346b-49.dat	upx
behavioral2/files/0x000700000002346e-46.dat	upx
behavioral2/files/0x0007000000023468-42.dat	upx
behavioral2/memory/4232-1974-0x00007FF7F61B0000-0x00007FF7F65A2000-memory.dmp	upx
behavioral2/memory/3936-2009-0x00007FF732670000-0x00007FF732A62000-memory.dmp	upx
behavioral2/memory/3936-2022-0x00007FF732670000-0x00007FF732A62000-memory.dmp	upx
behavioral2/memory/2856-2047-0x00007FF6C5E50000-0x00007FF6C6242000-memory.dmp	upx
behavioral2/memory/4036-2049-0x00007FF71FD10000-0x00007FF720102000-memory.dmp	upx
behavioral2/memory/4240-2068-0x00007FF7E5CD0000-0x00007FF7E60C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wbuFEHo.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\hBXZBck.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\qmNKgDc.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\EhPkazN.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\KqBDRDH.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\zwywVvq.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\OJJfxab.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\fSoLJox.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\kGUNYIG.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\CbZEIRX.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\bVsxyOm.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\lPzKDGJ.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\QIsipBY.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\afYAjuz.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\iIHJfed.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\geEwMQe.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\BGZzqqz.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\KUSRXrD.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\CwzjXMh.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\etHlGjg.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\aqkcYgT.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\vECySGg.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\yPlQHKB.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\ivUDnCb.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\WaPBCRe.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\WNMmfBn.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\AGsfDWh.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\OWEJKBQ.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\SFmfxkF.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\QjQIRAM.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\slSlZnh.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\xHUFiRn.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\ANuhFXM.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\SlrvDfE.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\fPdRDQz.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\tpzPIlg.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\ACKWCKM.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\qpzLrjr.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\HIliliw.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\noKGelH.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\dUWNnJX.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\wLEHxKP.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\WAYVWsu.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\DItAWia.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\bFsnwkS.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\DDMpjue.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\eLsdCip.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\pwrCxgC.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\wGfkPPi.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\zXJWVow.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\hvqCcVn.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\btMUtjm.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\VMSucCs.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\VbvVDqZ.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\bQcVYFF.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\IPXtKYW.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\VgzurRi.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\GmawYyl.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\rJssYvm.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\gwzMRql.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\ytpwuzh.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\DhQXnBE.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\tbkJfEA.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
File created	C:\Windows\System\atZhrZw.exe	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3064	powershell.exe
3064	powershell.exe
3064	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
Token: SeDebugPrivilege	3064	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 3064	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	84
PID 4232 wrote to memory of 3064	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	84
PID 4232 wrote to memory of 3936	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	85
PID 4232 wrote to memory of 3936	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	85
PID 4232 wrote to memory of 2856	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	86
PID 4232 wrote to memory of 2856	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	86
PID 4232 wrote to memory of 4036	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	87
PID 4232 wrote to memory of 4036	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	87
PID 4232 wrote to memory of 4240	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	88
PID 4232 wrote to memory of 4240	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	88
PID 4232 wrote to memory of 3668	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	89
PID 4232 wrote to memory of 3668	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	89
PID 4232 wrote to memory of 3704	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	90
PID 4232 wrote to memory of 3704	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	90
PID 4232 wrote to memory of 2940	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	91
PID 4232 wrote to memory of 2940	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	91
PID 4232 wrote to memory of 3756	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	92
PID 4232 wrote to memory of 3756	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	92
PID 4232 wrote to memory of 5056	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	93
PID 4232 wrote to memory of 5056	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	93
PID 4232 wrote to memory of 4348	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	94
PID 4232 wrote to memory of 4348	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	94
PID 4232 wrote to memory of 4748	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	95
PID 4232 wrote to memory of 4748	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	95
PID 4232 wrote to memory of 4304	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	96
PID 4232 wrote to memory of 4304	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	96
PID 4232 wrote to memory of 1580	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	97
PID 4232 wrote to memory of 1580	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	97
PID 4232 wrote to memory of 736	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	98
PID 4232 wrote to memory of 736	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	98
PID 4232 wrote to memory of 1196	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	99
PID 4232 wrote to memory of 1196	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	99
PID 4232 wrote to memory of 1588	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	100
PID 4232 wrote to memory of 1588	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	100
PID 4232 wrote to memory of 4104	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	101
PID 4232 wrote to memory of 4104	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	101
PID 4232 wrote to memory of 3468	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	102
PID 4232 wrote to memory of 3468	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	102
PID 4232 wrote to memory of 556	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	103
PID 4232 wrote to memory of 556	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	103
PID 4232 wrote to memory of 3884	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	104
PID 4232 wrote to memory of 3884	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	104
PID 4232 wrote to memory of 3076	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	105
PID 4232 wrote to memory of 3076	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	105
PID 4232 wrote to memory of 5032	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	106
PID 4232 wrote to memory of 5032	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	106
PID 4232 wrote to memory of 5036	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	107
PID 4232 wrote to memory of 5036	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	107
PID 4232 wrote to memory of 1300	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	108
PID 4232 wrote to memory of 1300	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	108
PID 4232 wrote to memory of 4120	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	109
PID 4232 wrote to memory of 4120	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	109
PID 4232 wrote to memory of 4784	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	110
PID 4232 wrote to memory of 4784	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	110
PID 4232 wrote to memory of 768	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	111
PID 4232 wrote to memory of 768	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	111
PID 4232 wrote to memory of 804	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	112
PID 4232 wrote to memory of 804	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	112
PID 4232 wrote to memory of 1092	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	113
PID 4232 wrote to memory of 1092	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	113
PID 4232 wrote to memory of 4040	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	114
PID 4232 wrote to memory of 4040	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	114
PID 4232 wrote to memory of 4684	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	115
PID 4232 wrote to memory of 4684	4232	9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9a81b969f592aeea08846469024ff800_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3064
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3064" "2896" "2828" "2900" "0" "0" "2904" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12980
- C:\Windows\System\WAcAxuv.exe
  C:\Windows\System\WAcAxuv.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\POfEzoo.exe
  C:\Windows\System\POfEzoo.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\PkRSVfQ.exe
  C:\Windows\System\PkRSVfQ.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\QCXGfQF.exe
  C:\Windows\System\QCXGfQF.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\fPdRDQz.exe
  C:\Windows\System\fPdRDQz.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\WeyrZLI.exe
  C:\Windows\System\WeyrZLI.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\kqcRhBv.exe
  C:\Windows\System\kqcRhBv.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SKbwEXw.exe
  C:\Windows\System\SKbwEXw.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\mOGMFUF.exe
  C:\Windows\System\mOGMFUF.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\afUQcpx.exe
  C:\Windows\System\afUQcpx.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\OzBrWru.exe
  C:\Windows\System\OzBrWru.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\uYETuhu.exe
  C:\Windows\System\uYETuhu.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\QBMcXtD.exe
  C:\Windows\System\QBMcXtD.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\GQBzPhO.exe
  C:\Windows\System\GQBzPhO.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\wCjJcxY.exe
  C:\Windows\System\wCjJcxY.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\XfRiYDm.exe
  C:\Windows\System\XfRiYDm.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\QGqWGyZ.exe
  C:\Windows\System\QGqWGyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\UrdtfyC.exe
  C:\Windows\System\UrdtfyC.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\cJzkdmq.exe
  C:\Windows\System\cJzkdmq.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\qKanQGH.exe
  C:\Windows\System\qKanQGH.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\mJCnqMl.exe
  C:\Windows\System\mJCnqMl.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\teLHvbZ.exe
  C:\Windows\System\teLHvbZ.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\SkNhENN.exe
  C:\Windows\System\SkNhENN.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\LXaPndB.exe
  C:\Windows\System\LXaPndB.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\IsdNAbN.exe
  C:\Windows\System\IsdNAbN.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\hgVrcro.exe
  C:\Windows\System\hgVrcro.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\MDuXInh.exe
  C:\Windows\System\MDuXInh.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\jJPFpDH.exe
  C:\Windows\System\jJPFpDH.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\Ijeybyk.exe
  C:\Windows\System\Ijeybyk.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\tbEcSYP.exe
  C:\Windows\System\tbEcSYP.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\bDLxiyU.exe
  C:\Windows\System\bDLxiyU.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\uCjPBDj.exe
  C:\Windows\System\uCjPBDj.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\mgpvHvm.exe
  C:\Windows\System\mgpvHvm.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\WBiVDsW.exe
  C:\Windows\System\WBiVDsW.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\HWBnHrC.exe
  C:\Windows\System\HWBnHrC.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\aZsufVF.exe
  C:\Windows\System\aZsufVF.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\eLsdCip.exe
  C:\Windows\System\eLsdCip.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\RtzrbTq.exe
  C:\Windows\System\RtzrbTq.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\rsgikPB.exe
  C:\Windows\System\rsgikPB.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\gOCdQws.exe
  C:\Windows\System\gOCdQws.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\krktMpQ.exe
  C:\Windows\System\krktMpQ.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\nyErmNS.exe
  C:\Windows\System\nyErmNS.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ocGmRXP.exe
  C:\Windows\System\ocGmRXP.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\hXSCKtX.exe
  C:\Windows\System\hXSCKtX.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\UestaYc.exe
  C:\Windows\System\UestaYc.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\FgPxQND.exe
  C:\Windows\System\FgPxQND.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\TQhFOgJ.exe
  C:\Windows\System\TQhFOgJ.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\KaKTWkd.exe
  C:\Windows\System\KaKTWkd.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\oCzWuov.exe
  C:\Windows\System\oCzWuov.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\tQrOAxD.exe
  C:\Windows\System\tQrOAxD.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\SizWFOo.exe
  C:\Windows\System\SizWFOo.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\GzDpfqb.exe
  C:\Windows\System\GzDpfqb.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\lWRLLkH.exe
  C:\Windows\System\lWRLLkH.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\MRWcPGy.exe
  C:\Windows\System\MRWcPGy.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\HgZPgNF.exe
  C:\Windows\System\HgZPgNF.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\rlMQQpT.exe
  C:\Windows\System\rlMQQpT.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\nAyNyUM.exe
  C:\Windows\System\nAyNyUM.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\YjHAAIA.exe
  C:\Windows\System\YjHAAIA.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\VEDJMwh.exe
  C:\Windows\System\VEDJMwh.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\hTHQHqT.exe
  C:\Windows\System\hTHQHqT.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\ddhzTsX.exe
  C:\Windows\System\ddhzTsX.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\yQUDIaF.exe
  C:\Windows\System\yQUDIaF.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\HRUTTPc.exe
  C:\Windows\System\HRUTTPc.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\wLEHxKP.exe
  C:\Windows\System\wLEHxKP.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\iyxpWgL.exe
  C:\Windows\System\iyxpWgL.exe
  2⤵
  PID:452
- C:\Windows\System\yBjutqj.exe
  C:\Windows\System\yBjutqj.exe
  2⤵
  PID:3972
- C:\Windows\System\rJssYvm.exe
  C:\Windows\System\rJssYvm.exe
  2⤵
  PID:3644
- C:\Windows\System\NqbpRGE.exe
  C:\Windows\System\NqbpRGE.exe
  2⤵
  PID:5084
- C:\Windows\System\OWEJKBQ.exe
  C:\Windows\System\OWEJKBQ.exe
  2⤵
  PID:2800
- C:\Windows\System\pGpBbxH.exe
  C:\Windows\System\pGpBbxH.exe
  2⤵
  PID:3276
- C:\Windows\System\mIosgcs.exe
  C:\Windows\System\mIosgcs.exe
  2⤵
  PID:1068
- C:\Windows\System\VMSucCs.exe
  C:\Windows\System\VMSucCs.exe
  2⤵
  PID:468
- C:\Windows\System\XzhuCLr.exe
  C:\Windows\System\XzhuCLr.exe
  2⤵
  PID:4564
- C:\Windows\System\pjnfPNP.exe
  C:\Windows\System\pjnfPNP.exe
  2⤵
  PID:1736
- C:\Windows\System\roZOsgF.exe
  C:\Windows\System\roZOsgF.exe
  2⤵
  PID:2872
- C:\Windows\System\rTcyGPN.exe
  C:\Windows\System\rTcyGPN.exe
  2⤵
  PID:2648
- C:\Windows\System\kLinoGX.exe
  C:\Windows\System\kLinoGX.exe
  2⤵
  PID:4888
- C:\Windows\System\hGNqvaf.exe
  C:\Windows\System\hGNqvaf.exe
  2⤵
  PID:4804
- C:\Windows\System\pJDelGm.exe
  C:\Windows\System\pJDelGm.exe
  2⤵
  PID:1432
- C:\Windows\System\GbyuaCg.exe
  C:\Windows\System\GbyuaCg.exe
  2⤵
  PID:5128
- C:\Windows\System\GPzGVmZ.exe
  C:\Windows\System\GPzGVmZ.exe
  2⤵
  PID:5144
- C:\Windows\System\BcpuIlw.exe
  C:\Windows\System\BcpuIlw.exe
  2⤵
  PID:5168
- C:\Windows\System\wqHuRID.exe
  C:\Windows\System\wqHuRID.exe
  2⤵
  PID:5184
- C:\Windows\System\fLPjmYL.exe
  C:\Windows\System\fLPjmYL.exe
  2⤵
  PID:5200
- C:\Windows\System\SpzUiMJ.exe
  C:\Windows\System\SpzUiMJ.exe
  2⤵
  PID:5224
- C:\Windows\System\thhdrDL.exe
  C:\Windows\System\thhdrDL.exe
  2⤵
  PID:5240
- C:\Windows\System\PHkYDqX.exe
  C:\Windows\System\PHkYDqX.exe
  2⤵
  PID:5260
- C:\Windows\System\ArgTyQk.exe
  C:\Windows\System\ArgTyQk.exe
  2⤵
  PID:5276
- C:\Windows\System\AhkXwoA.exe
  C:\Windows\System\AhkXwoA.exe
  2⤵
  PID:5296
- C:\Windows\System\nKQJcMT.exe
  C:\Windows\System\nKQJcMT.exe
  2⤵
  PID:5316
- C:\Windows\System\gruUOet.exe
  C:\Windows\System\gruUOet.exe
  2⤵
  PID:5336
- C:\Windows\System\KUSRXrD.exe
  C:\Windows\System\KUSRXrD.exe
  2⤵
  PID:5356
- C:\Windows\System\pWbWKbo.exe
  C:\Windows\System\pWbWKbo.exe
  2⤵
  PID:5380
- C:\Windows\System\DVozykc.exe
  C:\Windows\System\DVozykc.exe
  2⤵
  PID:5396
- C:\Windows\System\jGWWGxC.exe
  C:\Windows\System\jGWWGxC.exe
  2⤵
  PID:5416
- C:\Windows\System\SfnzhEI.exe
  C:\Windows\System\SfnzhEI.exe
  2⤵
  PID:5432
- C:\Windows\System\uqKZueP.exe
  C:\Windows\System\uqKZueP.exe
  2⤵
  PID:5452
- C:\Windows\System\blXBcMq.exe
  C:\Windows\System\blXBcMq.exe
  2⤵
  PID:5472
- C:\Windows\System\xEZPRNS.exe
  C:\Windows\System\xEZPRNS.exe
  2⤵
  PID:5492
- C:\Windows\System\NhQCzsZ.exe
  C:\Windows\System\NhQCzsZ.exe
  2⤵
  PID:5508
- C:\Windows\System\WYyAamt.exe
  C:\Windows\System\WYyAamt.exe
  2⤵
  PID:5700
- C:\Windows\System\ltVCDjq.exe
  C:\Windows\System\ltVCDjq.exe
  2⤵
  PID:5724
- C:\Windows\System\hFpHsZF.exe
  C:\Windows\System\hFpHsZF.exe
  2⤵
  PID:5744
- C:\Windows\System\VpSRgpd.exe
  C:\Windows\System\VpSRgpd.exe
  2⤵
  PID:5864
- C:\Windows\System\kuxhlum.exe
  C:\Windows\System\kuxhlum.exe
  2⤵
  PID:5892
- C:\Windows\System\WNFWPFj.exe
  C:\Windows\System\WNFWPFj.exe
  2⤵
  PID:5916
- C:\Windows\System\WkEJEUN.exe
  C:\Windows\System\WkEJEUN.exe
  2⤵
  PID:5932
- C:\Windows\System\gwzMRql.exe
  C:\Windows\System\gwzMRql.exe
  2⤵
  PID:5948
- C:\Windows\System\akaSfXq.exe
  C:\Windows\System\akaSfXq.exe
  2⤵
  PID:5964
- C:\Windows\System\PQZuhlO.exe
  C:\Windows\System\PQZuhlO.exe
  2⤵
  PID:5984
- C:\Windows\System\WXIUOjw.exe
  C:\Windows\System\WXIUOjw.exe
  2⤵
  PID:6024
- C:\Windows\System\klyStrm.exe
  C:\Windows\System\klyStrm.exe
  2⤵
  PID:6068
- C:\Windows\System\GrfqTJr.exe
  C:\Windows\System\GrfqTJr.exe
  2⤵
  PID:6084
- C:\Windows\System\gerMQdn.exe
  C:\Windows\System\gerMQdn.exe
  2⤵
  PID:6108
- C:\Windows\System\QQgqcTa.exe
  C:\Windows\System\QQgqcTa.exe
  2⤵
  PID:640
- C:\Windows\System\MgYpvFQ.exe
  C:\Windows\System\MgYpvFQ.exe
  2⤵
  PID:2004
- C:\Windows\System\GwVfgnr.exe
  C:\Windows\System\GwVfgnr.exe
  2⤵
  PID:4496
- C:\Windows\System\NsIKBjI.exe
  C:\Windows\System\NsIKBjI.exe
  2⤵
  PID:2704
- C:\Windows\System\vgakflW.exe
  C:\Windows\System\vgakflW.exe
  2⤵
  PID:2300
- C:\Windows\System\DNfiGzc.exe
  C:\Windows\System\DNfiGzc.exe
  2⤵
  PID:4624
- C:\Windows\System\evzySgy.exe
  C:\Windows\System\evzySgy.exe
  2⤵
  PID:2052
- C:\Windows\System\SktuJhX.exe
  C:\Windows\System\SktuJhX.exe
  2⤵
  PID:4456
- C:\Windows\System\JfxejTA.exe
  C:\Windows\System\JfxejTA.exe
  2⤵
  PID:5332
- C:\Windows\System\DdVWCmW.exe
  C:\Windows\System\DdVWCmW.exe
  2⤵
  PID:5176
- C:\Windows\System\RBntKHx.exe
  C:\Windows\System\RBntKHx.exe
  2⤵
  PID:5304
- C:\Windows\System\nMxpshY.exe
  C:\Windows\System\nMxpshY.exe
  2⤵
  PID:5268
- C:\Windows\System\zwywVvq.exe
  C:\Windows\System\zwywVvq.exe
  2⤵
  PID:5308
- C:\Windows\System\sbDTpIX.exe
  C:\Windows\System\sbDTpIX.exe
  2⤵
  PID:5348
- C:\Windows\System\gwGbPcp.exe
  C:\Windows\System\gwGbPcp.exe
  2⤵
  PID:5548
- C:\Windows\System\JatoNRh.exe
  C:\Windows\System\JatoNRh.exe
  2⤵
  PID:5736
- C:\Windows\System\okhSxXV.exe
  C:\Windows\System\okhSxXV.exe
  2⤵
  PID:5784
- C:\Windows\System\VbvVDqZ.exe
  C:\Windows\System\VbvVDqZ.exe
  2⤵
  PID:5588
- C:\Windows\System\yPlQHKB.exe
  C:\Windows\System\yPlQHKB.exe
  2⤵
  PID:5856
- C:\Windows\System\OdUtpFf.exe
  C:\Windows\System\OdUtpFf.exe
  2⤵
  PID:5904
- C:\Windows\System\HDffktQ.exe
  C:\Windows\System\HDffktQ.exe
  2⤵
  PID:2876
- C:\Windows\System\RgrrzWX.exe
  C:\Windows\System\RgrrzWX.exe
  2⤵
  PID:5956
- C:\Windows\System\vQpVfPA.exe
  C:\Windows\System\vQpVfPA.exe
  2⤵
  PID:4592
- C:\Windows\System\AojKWdU.exe
  C:\Windows\System\AojKWdU.exe
  2⤵
  PID:6100
- C:\Windows\System\hzSXlCT.exe
  C:\Windows\System\hzSXlCT.exe
  2⤵
  PID:6104
- C:\Windows\System\JqYPRkW.exe
  C:\Windows\System\JqYPRkW.exe
  2⤵
  PID:4724
- C:\Windows\System\IXJasCP.exe
  C:\Windows\System\IXJasCP.exe
  2⤵
  PID:3828
- C:\Windows\System\HIliliw.exe
  C:\Windows\System\HIliliw.exe
  2⤵
  PID:5000
- C:\Windows\System\KxChuSq.exe
  C:\Windows\System\KxChuSq.exe
  2⤵
  PID:5220
- C:\Windows\System\hNJdKBd.exe
  C:\Windows\System\hNJdKBd.exe
  2⤵
  PID:3908
- C:\Windows\System\uAiXRHu.exe
  C:\Windows\System\uAiXRHu.exe
  2⤵
  PID:5096
- C:\Windows\System\jXGljDz.exe
  C:\Windows\System\jXGljDz.exe
  2⤵
  PID:5232
- C:\Windows\System\gZKQnun.exe
  C:\Windows\System\gZKQnun.exe
  2⤵
  PID:5344
- C:\Windows\System\qhsIgwG.exe
  C:\Windows\System\qhsIgwG.exe
  2⤵
  PID:5652
- C:\Windows\System\vWSgxTI.exe
  C:\Windows\System\vWSgxTI.exe
  2⤵
  PID:3060
- C:\Windows\System\kXOgHdj.exe
  C:\Windows\System\kXOgHdj.exe
  2⤵
  PID:2748
- C:\Windows\System\yVrgSSL.exe
  C:\Windows\System\yVrgSSL.exe
  2⤵
  PID:5256
- C:\Windows\System\WswxrIH.exe
  C:\Windows\System\WswxrIH.exe
  2⤵
  PID:5212
- C:\Windows\System\funmgsd.exe
  C:\Windows\System\funmgsd.exe
  2⤵
  PID:6092
- C:\Windows\System\iiBKqph.exe
  C:\Windows\System\iiBKqph.exe
  2⤵
  PID:4008
- C:\Windows\System\RFThbcc.exe
  C:\Windows\System\RFThbcc.exe
  2⤵
  PID:4204
- C:\Windows\System\vECySGg.exe
  C:\Windows\System\vECySGg.exe
  2⤵
  PID:5292
- C:\Windows\System\gTimFYw.exe
  C:\Windows\System\gTimFYw.exe
  2⤵
  PID:752
- C:\Windows\System\PLcobqS.exe
  C:\Windows\System\PLcobqS.exe
  2⤵
  PID:5976
- C:\Windows\System\tMYpRap.exe
  C:\Windows\System\tMYpRap.exe
  2⤵
  PID:5680
- C:\Windows\System\iWErHmI.exe
  C:\Windows\System\iWErHmI.exe
  2⤵
  PID:6208
- C:\Windows\System\uUfbijK.exe
  C:\Windows\System\uUfbijK.exe
  2⤵
  PID:6224
- C:\Windows\System\ssWwoYT.exe
  C:\Windows\System\ssWwoYT.exe
  2⤵
  PID:6248
- C:\Windows\System\gVfuGUi.exe
  C:\Windows\System\gVfuGUi.exe
  2⤵
  PID:6268
- C:\Windows\System\mOgOMVz.exe
  C:\Windows\System\mOgOMVz.exe
  2⤵
  PID:6288
- C:\Windows\System\ucJTkLS.exe
  C:\Windows\System\ucJTkLS.exe
  2⤵
  PID:6308
- C:\Windows\System\YcceAQz.exe
  C:\Windows\System\YcceAQz.exe
  2⤵
  PID:6352
- C:\Windows\System\RtuhENk.exe
  C:\Windows\System\RtuhENk.exe
  2⤵
  PID:6372
- C:\Windows\System\fSUPqHq.exe
  C:\Windows\System\fSUPqHq.exe
  2⤵
  PID:6460
- C:\Windows\System\jZqTTCx.exe
  C:\Windows\System\jZqTTCx.exe
  2⤵
  PID:6476
- C:\Windows\System\pKQDjtE.exe
  C:\Windows\System\pKQDjtE.exe
  2⤵
  PID:6500
- C:\Windows\System\EakuLNY.exe
  C:\Windows\System\EakuLNY.exe
  2⤵
  PID:6516
- C:\Windows\System\etBHFtd.exe
  C:\Windows\System\etBHFtd.exe
  2⤵
  PID:6540
- C:\Windows\System\kVieqVb.exe
  C:\Windows\System\kVieqVb.exe
  2⤵
  PID:6560
- C:\Windows\System\gArxqku.exe
  C:\Windows\System\gArxqku.exe
  2⤵
  PID:6580
- C:\Windows\System\sjrnSHc.exe
  C:\Windows\System\sjrnSHc.exe
  2⤵
  PID:6600
- C:\Windows\System\QacROef.exe
  C:\Windows\System\QacROef.exe
  2⤵
  PID:6620
- C:\Windows\System\oQKwdQK.exe
  C:\Windows\System\oQKwdQK.exe
  2⤵
  PID:6704
- C:\Windows\System\UySFeGg.exe
  C:\Windows\System\UySFeGg.exe
  2⤵
  PID:6728
- C:\Windows\System\TYHJJvk.exe
  C:\Windows\System\TYHJJvk.exe
  2⤵
  PID:6764
- C:\Windows\System\wqEnAxn.exe
  C:\Windows\System\wqEnAxn.exe
  2⤵
  PID:6780
- C:\Windows\System\HhLflDK.exe
  C:\Windows\System\HhLflDK.exe
  2⤵
  PID:6804
- C:\Windows\System\KnZWAqd.exe
  C:\Windows\System\KnZWAqd.exe
  2⤵
  PID:6824
- C:\Windows\System\atPzaAs.exe
  C:\Windows\System\atPzaAs.exe
  2⤵
  PID:6844
- C:\Windows\System\LQUeOAJ.exe
  C:\Windows\System\LQUeOAJ.exe
  2⤵
  PID:6872
- C:\Windows\System\HuIQSXy.exe
  C:\Windows\System\HuIQSXy.exe
  2⤵
  PID:6896
- C:\Windows\System\NPZGQap.exe
  C:\Windows\System\NPZGQap.exe
  2⤵
  PID:6912
- C:\Windows\System\jYleNtw.exe
  C:\Windows\System\jYleNtw.exe
  2⤵
  PID:6936
- C:\Windows\System\kKOlxIi.exe
  C:\Windows\System\kKOlxIi.exe
  2⤵
  PID:6992
- C:\Windows\System\ubWjMuT.exe
  C:\Windows\System\ubWjMuT.exe
  2⤵
  PID:7024
- C:\Windows\System\XMrMprm.exe
  C:\Windows\System\XMrMprm.exe
  2⤵
  PID:7048
- C:\Windows\System\ivUDnCb.exe
  C:\Windows\System\ivUDnCb.exe
  2⤵
  PID:7068
- C:\Windows\System\NwjToqn.exe
  C:\Windows\System\NwjToqn.exe
  2⤵
  PID:7088
- C:\Windows\System\JmqJlCZ.exe
  C:\Windows\System\JmqJlCZ.exe
  2⤵
  PID:7104
- C:\Windows\System\VaFBEbP.exe
  C:\Windows\System\VaFBEbP.exe
  2⤵
  PID:7128
- C:\Windows\System\ZmMjpvX.exe
  C:\Windows\System\ZmMjpvX.exe
  2⤵
  PID:5180
- C:\Windows\System\bvzRCoE.exe
  C:\Windows\System\bvzRCoE.exe
  2⤵
  PID:6300
- C:\Windows\System\XdPyDSh.exe
  C:\Windows\System\XdPyDSh.exe
  2⤵
  PID:6264
- C:\Windows\System\mhayEkN.exe
  C:\Windows\System\mhayEkN.exe
  2⤵
  PID:6384
- C:\Windows\System\ehlMAoV.exe
  C:\Windows\System\ehlMAoV.exe
  2⤵
  PID:6404
- C:\Windows\System\Zjljopd.exe
  C:\Windows\System\Zjljopd.exe
  2⤵
  PID:6456
- C:\Windows\System\pBblRuu.exe
  C:\Windows\System\pBblRuu.exe
  2⤵
  PID:6576
- C:\Windows\System\UshvDpJ.exe
  C:\Windows\System\UshvDpJ.exe
  2⤵
  PID:6616
- C:\Windows\System\btMUtjm.exe
  C:\Windows\System\btMUtjm.exe
  2⤵
  PID:6656
- C:\Windows\System\TtXsKqN.exe
  C:\Windows\System\TtXsKqN.exe
  2⤵
  PID:6716
- C:\Windows\System\BgyXCTz.exe
  C:\Windows\System\BgyXCTz.exe
  2⤵
  PID:6760
- C:\Windows\System\PeYLecA.exe
  C:\Windows\System\PeYLecA.exe
  2⤵
  PID:6840
- C:\Windows\System\YZtlNzr.exe
  C:\Windows\System\YZtlNzr.exe
  2⤵
  PID:6904
- C:\Windows\System\FNpThPO.exe
  C:\Windows\System\FNpThPO.exe
  2⤵
  PID:6932
- C:\Windows\System\slSlZnh.exe
  C:\Windows\System\slSlZnh.exe
  2⤵
  PID:7064
- C:\Windows\System\JsBYtZF.exe
  C:\Windows\System\JsBYtZF.exe
  2⤵
  PID:7116
- C:\Windows\System\JGasXwP.exe
  C:\Windows\System\JGasXwP.exe
  2⤵
  PID:7080
- C:\Windows\System\UKhOoqe.exe
  C:\Windows\System\UKhOoqe.exe
  2⤵
  PID:6164
- C:\Windows\System\NRqvPPf.exe
  C:\Windows\System\NRqvPPf.exe
  2⤵
  PID:6284
- C:\Windows\System\aafQcRI.exe
  C:\Windows\System\aafQcRI.exe
  2⤵
  PID:6400
- C:\Windows\System\MMRlFrV.exe
  C:\Windows\System\MMRlFrV.exe
  2⤵
  PID:6568
- C:\Windows\System\BgWfDUq.exe
  C:\Windows\System\BgWfDUq.exe
  2⤵
  PID:6720
- C:\Windows\System\EbqvhZQ.exe
  C:\Windows\System\EbqvhZQ.exe
  2⤵
  PID:6868
- C:\Windows\System\VczqLqf.exe
  C:\Windows\System\VczqLqf.exe
  2⤵
  PID:6984
- C:\Windows\System\KViFyGv.exe
  C:\Windows\System\KViFyGv.exe
  2⤵
  PID:7120
- C:\Windows\System\TPZsGvH.exe
  C:\Windows\System\TPZsGvH.exe
  2⤵
  PID:6260
- C:\Windows\System\baLSepr.exe
  C:\Windows\System\baLSepr.exe
  2⤵
  PID:6392
- C:\Windows\System\mpHdoLq.exe
  C:\Windows\System\mpHdoLq.exe
  2⤵
  PID:7192
- C:\Windows\System\JTqoKJu.exe
  C:\Windows\System\JTqoKJu.exe
  2⤵
  PID:7208
- C:\Windows\System\rDnmvUQ.exe
  C:\Windows\System\rDnmvUQ.exe
  2⤵
  PID:7224
- C:\Windows\System\wSUCmOS.exe
  C:\Windows\System\wSUCmOS.exe
  2⤵
  PID:7248
- C:\Windows\System\noKGelH.exe
  C:\Windows\System\noKGelH.exe
  2⤵
  PID:7280
- C:\Windows\System\vrPoKmm.exe
  C:\Windows\System\vrPoKmm.exe
  2⤵
  PID:7296
- C:\Windows\System\NvnHuAe.exe
  C:\Windows\System\NvnHuAe.exe
  2⤵
  PID:7320
- C:\Windows\System\TyqlCkq.exe
  C:\Windows\System\TyqlCkq.exe
  2⤵
  PID:7336
- C:\Windows\System\JMWMRga.exe
  C:\Windows\System\JMWMRga.exe
  2⤵
  PID:7364
- C:\Windows\System\PKGQJPE.exe
  C:\Windows\System\PKGQJPE.exe
  2⤵
  PID:7404
- C:\Windows\System\WaPBCRe.exe
  C:\Windows\System\WaPBCRe.exe
  2⤵
  PID:7428
- C:\Windows\System\pwrCxgC.exe
  C:\Windows\System\pwrCxgC.exe
  2⤵
  PID:7444
- C:\Windows\System\BMpcShd.exe
  C:\Windows\System\BMpcShd.exe
  2⤵
  PID:7464
- C:\Windows\System\KXBLcjd.exe
  C:\Windows\System\KXBLcjd.exe
  2⤵
  PID:7500
- C:\Windows\System\nXmbCiO.exe
  C:\Windows\System\nXmbCiO.exe
  2⤵
  PID:7548
- C:\Windows\System\bQcVYFF.exe
  C:\Windows\System\bQcVYFF.exe
  2⤵
  PID:7572
- C:\Windows\System\QUstdeh.exe
  C:\Windows\System\QUstdeh.exe
  2⤵
  PID:7596
- C:\Windows\System\AveESqf.exe
  C:\Windows\System\AveESqf.exe
  2⤵
  PID:7616
- C:\Windows\System\AmfTCZw.exe
  C:\Windows\System\AmfTCZw.exe
  2⤵
  PID:7632
- C:\Windows\System\HdKKcxl.exe
  C:\Windows\System\HdKKcxl.exe
  2⤵
  PID:7656
- C:\Windows\System\lMJRvOz.exe
  C:\Windows\System\lMJRvOz.exe
  2⤵
  PID:7708
- C:\Windows\System\LCQnlPi.exe
  C:\Windows\System\LCQnlPi.exe
  2⤵
  PID:7728
- C:\Windows\System\jnBtaMg.exe
  C:\Windows\System\jnBtaMg.exe
  2⤵
  PID:7748
- C:\Windows\System\xvmtorF.exe
  C:\Windows\System\xvmtorF.exe
  2⤵
  PID:7800
- C:\Windows\System\IGuTozT.exe
  C:\Windows\System\IGuTozT.exe
  2⤵
  PID:7828
- C:\Windows\System\nenqisx.exe
  C:\Windows\System\nenqisx.exe
  2⤵
  PID:7848
- C:\Windows\System\ktzNxed.exe
  C:\Windows\System\ktzNxed.exe
  2⤵
  PID:7872
- C:\Windows\System\wNxzELL.exe
  C:\Windows\System\wNxzELL.exe
  2⤵
  PID:7892
- C:\Windows\System\QZuOecW.exe
  C:\Windows\System\QZuOecW.exe
  2⤵
  PID:7912
- C:\Windows\System\IPXtKYW.exe
  C:\Windows\System\IPXtKYW.exe
  2⤵
  PID:7932
- C:\Windows\System\kLniJMI.exe
  C:\Windows\System\kLniJMI.exe
  2⤵
  PID:7952
- C:\Windows\System\LIAroFU.exe
  C:\Windows\System\LIAroFU.exe
  2⤵
  PID:7976
- C:\Windows\System\NckgKKU.exe
  C:\Windows\System\NckgKKU.exe
  2⤵
  PID:7992
- C:\Windows\System\cOZzKmw.exe
  C:\Windows\System\cOZzKmw.exe
  2⤵
  PID:8028
- C:\Windows\System\WAYVWsu.exe
  C:\Windows\System\WAYVWsu.exe
  2⤵
  PID:8052
- C:\Windows\System\EsDhQXu.exe
  C:\Windows\System\EsDhQXu.exe
  2⤵
  PID:8068
- C:\Windows\System\yTiRGyB.exe
  C:\Windows\System\yTiRGyB.exe
  2⤵
  PID:8088
- C:\Windows\System\udgnQvg.exe
  C:\Windows\System\udgnQvg.exe
  2⤵
  PID:8144
- C:\Windows\System\QkaXSts.exe
  C:\Windows\System\QkaXSts.exe
  2⤵
  PID:6696
- C:\Windows\System\cWvXZvt.exe
  C:\Windows\System\cWvXZvt.exe
  2⤵
  PID:7204
- C:\Windows\System\NdcEwUB.exe
  C:\Windows\System\NdcEwUB.exe
  2⤵
  PID:7332
- C:\Windows\System\QIsipBY.exe
  C:\Windows\System\QIsipBY.exe
  2⤵
  PID:7272
- C:\Windows\System\KTdyktL.exe
  C:\Windows\System\KTdyktL.exe
  2⤵
  PID:7348
- C:\Windows\System\WjyOTPJ.exe
  C:\Windows\System\WjyOTPJ.exe
  2⤵
  PID:7388
- C:\Windows\System\dmZITRR.exe
  C:\Windows\System\dmZITRR.exe
  2⤵
  PID:7496
- C:\Windows\System\uosgrZL.exe
  C:\Windows\System\uosgrZL.exe
  2⤵
  PID:7584
- C:\Windows\System\PdiTfmZ.exe
  C:\Windows\System\PdiTfmZ.exe
  2⤵
  PID:7692
- C:\Windows\System\zQhfPRm.exe
  C:\Windows\System\zQhfPRm.exe
  2⤵
  PID:7768
- C:\Windows\System\DUzhVgZ.exe
  C:\Windows\System\DUzhVgZ.exe
  2⤵
  PID:7816
- C:\Windows\System\qpzLrjr.exe
  C:\Windows\System\qpzLrjr.exe
  2⤵
  PID:7840
- C:\Windows\System\NMLgefC.exe
  C:\Windows\System\NMLgefC.exe
  2⤵
  PID:7968
- C:\Windows\System\dGBMqRC.exe
  C:\Windows\System\dGBMqRC.exe
  2⤵
  PID:8060
- C:\Windows\System\EiuqlYn.exe
  C:\Windows\System\EiuqlYn.exe
  2⤵
  PID:8064
- C:\Windows\System\XorIvnm.exe
  C:\Windows\System\XorIvnm.exe
  2⤵
  PID:8188
- C:\Windows\System\JQBxviD.exe
  C:\Windows\System\JQBxviD.exe
  2⤵
  PID:6556
- C:\Windows\System\AClhTHO.exe
  C:\Windows\System\AClhTHO.exe
  2⤵
  PID:7328
- C:\Windows\System\eZUxqTr.exe
  C:\Windows\System\eZUxqTr.exe
  2⤵
  PID:7556
- C:\Windows\System\YLvjFrc.exe
  C:\Windows\System\YLvjFrc.exe
  2⤵
  PID:7688
- C:\Windows\System\kSmoGcA.exe
  C:\Windows\System\kSmoGcA.exe
  2⤵
  PID:7780
- C:\Windows\System\MVQUzlc.exe
  C:\Windows\System\MVQUzlc.exe
  2⤵
  PID:7888
- C:\Windows\System\gFXCWrI.exe
  C:\Windows\System\gFXCWrI.exe
  2⤵
  PID:8128
- C:\Windows\System\hPrMApy.exe
  C:\Windows\System\hPrMApy.exe
  2⤵
  PID:7372
- C:\Windows\System\eTETyqX.exe
  C:\Windows\System\eTETyqX.exe
  2⤵
  PID:7716
- C:\Windows\System\DItAWia.exe
  C:\Windows\System\DItAWia.exe
  2⤵
  PID:8020
- C:\Windows\System\YTScdOA.exe
  C:\Windows\System\YTScdOA.exe
  2⤵
  PID:7360
- C:\Windows\System\AWfojvN.exe
  C:\Windows\System\AWfojvN.exe
  2⤵
  PID:8200
- C:\Windows\System\VCHcCqz.exe
  C:\Windows\System\VCHcCqz.exe
  2⤵
  PID:8224
- C:\Windows\System\BoQnvMk.exe
  C:\Windows\System\BoQnvMk.exe
  2⤵
  PID:8288
- C:\Windows\System\afYAjuz.exe
  C:\Windows\System\afYAjuz.exe
  2⤵
  PID:8316
- C:\Windows\System\DAMuEUp.exe
  C:\Windows\System\DAMuEUp.exe
  2⤵
  PID:8332
- C:\Windows\System\YrWaImH.exe
  C:\Windows\System\YrWaImH.exe
  2⤵
  PID:8352
- C:\Windows\System\pmhNCZC.exe
  C:\Windows\System\pmhNCZC.exe
  2⤵
  PID:8392
- C:\Windows\System\VgzurRi.exe
  C:\Windows\System\VgzurRi.exe
  2⤵
  PID:8420
- C:\Windows\System\szqIazd.exe
  C:\Windows\System\szqIazd.exe
  2⤵
  PID:8440
- C:\Windows\System\BHsSCnu.exe
  C:\Windows\System\BHsSCnu.exe
  2⤵
  PID:8464
- C:\Windows\System\JIvCcEg.exe
  C:\Windows\System\JIvCcEg.exe
  2⤵
  PID:8484
- C:\Windows\System\itkVPGR.exe
  C:\Windows\System\itkVPGR.exe
  2⤵
  PID:8500
- C:\Windows\System\WNMmfBn.exe
  C:\Windows\System\WNMmfBn.exe
  2⤵
  PID:8516
- C:\Windows\System\iIHJfed.exe
  C:\Windows\System\iIHJfed.exe
  2⤵
  PID:8536
- C:\Windows\System\bFsnwkS.exe
  C:\Windows\System\bFsnwkS.exe
  2⤵
  PID:8556
- C:\Windows\System\TYNCzpB.exe
  C:\Windows\System\TYNCzpB.exe
  2⤵
  PID:8632
- C:\Windows\System\TfImwPr.exe
  C:\Windows\System\TfImwPr.exe
  2⤵
  PID:8680
- C:\Windows\System\QjQIRAM.exe
  C:\Windows\System\QjQIRAM.exe
  2⤵
  PID:8712
- C:\Windows\System\uOAibcz.exe
  C:\Windows\System\uOAibcz.exe
  2⤵
  PID:8736
- C:\Windows\System\WgHhvXr.exe
  C:\Windows\System\WgHhvXr.exe
  2⤵
  PID:8760
- C:\Windows\System\TePUkDf.exe
  C:\Windows\System\TePUkDf.exe
  2⤵
  PID:8780
- C:\Windows\System\xRlNoNm.exe
  C:\Windows\System\xRlNoNm.exe
  2⤵
  PID:8800
- C:\Windows\System\UAPTZfb.exe
  C:\Windows\System\UAPTZfb.exe
  2⤵
  PID:8816
- C:\Windows\System\OVioQmr.exe
  C:\Windows\System\OVioQmr.exe
  2⤵
  PID:8836
- C:\Windows\System\rDLjHXb.exe
  C:\Windows\System\rDLjHXb.exe
  2⤵
  PID:8856
- C:\Windows\System\xUDYTUZ.exe
  C:\Windows\System\xUDYTUZ.exe
  2⤵
  PID:8896
- C:\Windows\System\zVpreGq.exe
  C:\Windows\System\zVpreGq.exe
  2⤵
  PID:8968
- C:\Windows\System\wQpFTxk.exe
  C:\Windows\System\wQpFTxk.exe
  2⤵
  PID:8992
- C:\Windows\System\HsaclSh.exe
  C:\Windows\System\HsaclSh.exe
  2⤵
  PID:9008
- C:\Windows\System\tRwrlKb.exe
  C:\Windows\System\tRwrlKb.exe
  2⤵
  PID:9032
- C:\Windows\System\JySLngh.exe
  C:\Windows\System\JySLngh.exe
  2⤵
  PID:9048
- C:\Windows\System\ywFtEYM.exe
  C:\Windows\System\ywFtEYM.exe
  2⤵
  PID:9068
- C:\Windows\System\xFmMtwo.exe
  C:\Windows\System\xFmMtwo.exe
  2⤵
  PID:9104
- C:\Windows\System\AGsfDWh.exe
  C:\Windows\System\AGsfDWh.exe
  2⤵
  PID:9124
- C:\Windows\System\yySezFR.exe
  C:\Windows\System\yySezFR.exe
  2⤵
  PID:9148
- C:\Windows\System\jjRoyQH.exe
  C:\Windows\System\jjRoyQH.exe
  2⤵
  PID:9164
- C:\Windows\System\NHSKFEp.exe
  C:\Windows\System\NHSKFEp.exe
  2⤵
  PID:9204
- C:\Windows\System\QZhyqHK.exe
  C:\Windows\System\QZhyqHK.exe
  2⤵
  PID:8240
- C:\Windows\System\yNIcSMA.exe
  C:\Windows\System\yNIcSMA.exe
  2⤵
  PID:8324
- C:\Windows\System\yZVXQPW.exe
  C:\Windows\System\yZVXQPW.exe
  2⤵
  PID:8436
- C:\Windows\System\tbZNDhY.exe
  C:\Windows\System\tbZNDhY.exe
  2⤵
  PID:8472
- C:\Windows\System\ouLYLld.exe
  C:\Windows\System\ouLYLld.exe
  2⤵
  PID:8460
- C:\Windows\System\ysUtnOz.exe
  C:\Windows\System\ysUtnOz.exe
  2⤵
  PID:8624
- C:\Windows\System\WqSbZCR.exe
  C:\Windows\System\WqSbZCR.exe
  2⤵
  PID:8676
- C:\Windows\System\GmawYyl.exe
  C:\Windows\System\GmawYyl.exe
  2⤵
  PID:8724
- C:\Windows\System\ppYjEZn.exe
  C:\Windows\System\ppYjEZn.exe
  2⤵
  PID:8752
- C:\Windows\System\xGxjfec.exe
  C:\Windows\System\xGxjfec.exe
  2⤵
  PID:8776
- C:\Windows\System\wbuFEHo.exe
  C:\Windows\System\wbuFEHo.exe
  2⤵
  PID:8808
- C:\Windows\System\GpRVrVn.exe
  C:\Windows\System\GpRVrVn.exe
  2⤵
  PID:8884
- C:\Windows\System\GQDtvCK.exe
  C:\Windows\System\GQDtvCK.exe
  2⤵
  PID:8976
- C:\Windows\System\lDoAHNg.exe
  C:\Windows\System\lDoAHNg.exe
  2⤵
  PID:9040
- C:\Windows\System\DIkWovs.exe
  C:\Windows\System\DIkWovs.exe
  2⤵
  PID:1696
- C:\Windows\System\qKWvlNR.exe
  C:\Windows\System\qKWvlNR.exe
  2⤵
  PID:9200
- C:\Windows\System\kGUNYIG.exe
  C:\Windows\System\kGUNYIG.exe
  2⤵
  PID:8276
- C:\Windows\System\WagyeTV.exe
  C:\Windows\System\WagyeTV.exe
  2⤵
  PID:8300
- C:\Windows\System\xooYgDA.exe
  C:\Windows\System\xooYgDA.exe
  2⤵
  PID:8452
- C:\Windows\System\cRFSCxZ.exe
  C:\Windows\System\cRFSCxZ.exe
  2⤵
  PID:8508
- C:\Windows\System\wGfkPPi.exe
  C:\Windows\System\wGfkPPi.exe
  2⤵
  PID:8616
- C:\Windows\System\GGyrNyN.exe
  C:\Windows\System\GGyrNyN.exe
  2⤵
  PID:8852
- C:\Windows\System\NXdUspB.exe
  C:\Windows\System\NXdUspB.exe
  2⤵
  PID:2512
- C:\Windows\System\zXJWVow.exe
  C:\Windows\System\zXJWVow.exe
  2⤵
  PID:9064
- C:\Windows\System\jKeDPby.exe
  C:\Windows\System\jKeDPby.exe
  2⤵
  PID:8400
- C:\Windows\System\vzYtofd.exe
  C:\Windows\System\vzYtofd.exe
  2⤵
  PID:8408
- C:\Windows\System\AGhALqz.exe
  C:\Windows\System\AGhALqz.exe
  2⤵
  PID:8548
- C:\Windows\System\WGISJOx.exe
  C:\Windows\System\WGISJOx.exe
  2⤵
  PID:8796
- C:\Windows\System\XvNWAom.exe
  C:\Windows\System\XvNWAom.exe
  2⤵
  PID:9224
- C:\Windows\System\syTINrE.exe
  C:\Windows\System\syTINrE.exe
  2⤵
  PID:9296
- C:\Windows\System\xXURnuq.exe
  C:\Windows\System\xXURnuq.exe
  2⤵
  PID:9320
- C:\Windows\System\AGubIbA.exe
  C:\Windows\System\AGubIbA.exe
  2⤵
  PID:9456
- C:\Windows\System\MsNNCCe.exe
  C:\Windows\System\MsNNCCe.exe
  2⤵
  PID:9476
- C:\Windows\System\HMBhQmt.exe
  C:\Windows\System\HMBhQmt.exe
  2⤵
  PID:9492
- C:\Windows\System\PgZGadg.exe
  C:\Windows\System\PgZGadg.exe
  2⤵
  PID:9508
- C:\Windows\System\EsWacGs.exe
  C:\Windows\System\EsWacGs.exe
  2⤵
  PID:9524
- C:\Windows\System\FLqajZK.exe
  C:\Windows\System\FLqajZK.exe
  2⤵
  PID:9540
- C:\Windows\System\YPDvrGN.exe
  C:\Windows\System\YPDvrGN.exe
  2⤵
  PID:9556
- C:\Windows\System\cRoYSON.exe
  C:\Windows\System\cRoYSON.exe
  2⤵
  PID:9572
- C:\Windows\System\umxdpqU.exe
  C:\Windows\System\umxdpqU.exe
  2⤵
  PID:9588
- C:\Windows\System\IaHLNwS.exe
  C:\Windows\System\IaHLNwS.exe
  2⤵
  PID:9604
- C:\Windows\System\QElIXfG.exe
  C:\Windows\System\QElIXfG.exe
  2⤵
  PID:9620
- C:\Windows\System\AcekjyW.exe
  C:\Windows\System\AcekjyW.exe
  2⤵
  PID:9636
- C:\Windows\System\gnKJFGQ.exe
  C:\Windows\System\gnKJFGQ.exe
  2⤵
  PID:9656
- C:\Windows\System\uLygzLM.exe
  C:\Windows\System\uLygzLM.exe
  2⤵
  PID:9672
- C:\Windows\System\DEjfTli.exe
  C:\Windows\System\DEjfTli.exe
  2⤵
  PID:9688
- C:\Windows\System\wauDRMS.exe
  C:\Windows\System\wauDRMS.exe
  2⤵
  PID:9704
- C:\Windows\System\cYrwJMU.exe
  C:\Windows\System\cYrwJMU.exe
  2⤵
  PID:9720
- C:\Windows\System\GHcaLti.exe
  C:\Windows\System\GHcaLti.exe
  2⤵
  PID:9768
- C:\Windows\System\LyxghXG.exe
  C:\Windows\System\LyxghXG.exe
  2⤵
  PID:9804
- C:\Windows\System\iYXfkrB.exe
  C:\Windows\System\iYXfkrB.exe
  2⤵
  PID:9820
- C:\Windows\System\OIOJUIq.exe
  C:\Windows\System\OIOJUIq.exe
  2⤵
  PID:9836
- C:\Windows\System\PVhuQOJ.exe
  C:\Windows\System\PVhuQOJ.exe
  2⤵
  PID:9928
- C:\Windows\System\cYxwcSS.exe
  C:\Windows\System\cYxwcSS.exe
  2⤵
  PID:10040
- C:\Windows\System\xeivKXh.exe
  C:\Windows\System\xeivKXh.exe
  2⤵
  PID:10120
- C:\Windows\System\uDjdXZX.exe
  C:\Windows\System\uDjdXZX.exe
  2⤵
  PID:10160
- C:\Windows\System\mrMuSCg.exe
  C:\Windows\System\mrMuSCg.exe
  2⤵
  PID:10188
- C:\Windows\System\snnyNQd.exe
  C:\Windows\System\snnyNQd.exe
  2⤵
  PID:10204
- C:\Windows\System\akVzjkK.exe
  C:\Windows\System\akVzjkK.exe
  2⤵
  PID:10232
- C:\Windows\System\EIPKFZB.exe
  C:\Windows\System\EIPKFZB.exe
  2⤵
  PID:7948
- C:\Windows\System\KjxEGMg.exe
  C:\Windows\System\KjxEGMg.exe
  2⤵
  PID:7908
- C:\Windows\System\DUadHCZ.exe
  C:\Windows\System\DUadHCZ.exe
  2⤵
  PID:9488
- C:\Windows\System\lUNqNDk.exe
  C:\Windows\System\lUNqNDk.exe
  2⤵
  PID:9312
- C:\Windows\System\QyFARgm.exe
  C:\Windows\System\QyFARgm.exe
  2⤵
  PID:2944
- C:\Windows\System\yyDPXIt.exe
  C:\Windows\System\yyDPXIt.exe
  2⤵
  PID:9440
- C:\Windows\System\QffLGNb.exe
  C:\Windows\System\QffLGNb.exe
  2⤵
  PID:9504
- C:\Windows\System\SFmfxkF.exe
  C:\Windows\System\SFmfxkF.exe
  2⤵
  PID:9532
- C:\Windows\System\kCDddqW.exe
  C:\Windows\System\kCDddqW.exe
  2⤵
  PID:9580
- C:\Windows\System\OLiWsVT.exe
  C:\Windows\System\OLiWsVT.exe
  2⤵
  PID:9632
- C:\Windows\System\gqpoSju.exe
  C:\Windows\System\gqpoSju.exe
  2⤵
  PID:9716
- C:\Windows\System\QkpCWCl.exe
  C:\Windows\System\QkpCWCl.exe
  2⤵
  PID:9796
- C:\Windows\System\eBVWsAi.exe
  C:\Windows\System\eBVWsAi.exe
  2⤵
  PID:9500
- C:\Windows\System\CEzsTae.exe
  C:\Windows\System\CEzsTae.exe
  2⤵
  PID:9764
- C:\Windows\System\MPPaxLf.exe
  C:\Windows\System\MPPaxLf.exe
  2⤵
  PID:10032
- C:\Windows\System\ddgSYzU.exe
  C:\Windows\System\ddgSYzU.exe
  2⤵
  PID:9884
- C:\Windows\System\FyTgrli.exe
  C:\Windows\System\FyTgrli.exe
  2⤵
  PID:9944
- C:\Windows\System\MTgMVBi.exe
  C:\Windows\System\MTgMVBi.exe
  2⤵
  PID:10028
- C:\Windows\System\vxaSJrQ.exe
  C:\Windows\System\vxaSJrQ.exe
  2⤵
  PID:10168
- C:\Windows\System\jHcGlKN.exe
  C:\Windows\System\jHcGlKN.exe
  2⤵
  PID:10196
- C:\Windows\System\hBXZBck.exe
  C:\Windows\System\hBXZBck.exe
  2⤵
  PID:9020
- C:\Windows\System\WIwzxkr.exe
  C:\Windows\System\WIwzxkr.exe
  2⤵
  PID:8208
- C:\Windows\System\WwSPbzr.exe
  C:\Windows\System\WwSPbzr.exe
  2⤵
  PID:9360
- C:\Windows\System\ujFDPCi.exe
  C:\Windows\System\ujFDPCi.exe
  2⤵
  PID:9548
- C:\Windows\System\RZXHcpX.exe
  C:\Windows\System\RZXHcpX.exe
  2⤵
  PID:9664
- C:\Windows\System\MtekzTP.exe
  C:\Windows\System\MtekzTP.exe
  2⤵
  PID:9700
- C:\Windows\System\XUIrEyt.exe
  C:\Windows\System\XUIrEyt.exe
  2⤵
  PID:9792
- C:\Windows\System\uwUiBqy.exe
  C:\Windows\System\uwUiBqy.exe
  2⤵
  PID:9980
- C:\Windows\System\bZpDEPa.exe
  C:\Windows\System\bZpDEPa.exe
  2⤵
  PID:10004
- C:\Windows\System\XyQhoaN.exe
  C:\Windows\System\XyQhoaN.exe
  2⤵
  PID:10140
- C:\Windows\System\kJimlhn.exe
  C:\Windows\System\kJimlhn.exe
  2⤵
  PID:8260
- C:\Windows\System\XIPBOtb.exe
  C:\Windows\System\XIPBOtb.exe
  2⤵
  PID:9872
- C:\Windows\System\qpQRrkf.exe
  C:\Windows\System\qpQRrkf.exe
  2⤵
  PID:10020
- C:\Windows\System\qmNKgDc.exe
  C:\Windows\System\qmNKgDc.exe
  2⤵
  PID:10152
- C:\Windows\System\uVOrPFl.exe
  C:\Windows\System\uVOrPFl.exe
  2⤵
  PID:9904
- C:\Windows\System\OiZURPB.exe
  C:\Windows\System\OiZURPB.exe
  2⤵
  PID:9444
- C:\Windows\System\hvqCcVn.exe
  C:\Windows\System\hvqCcVn.exe
  2⤵
  PID:10264
- C:\Windows\System\AyjGlHa.exe
  C:\Windows\System\AyjGlHa.exe
  2⤵
  PID:10284
- C:\Windows\System\yISFdfk.exe
  C:\Windows\System\yISFdfk.exe
  2⤵
  PID:10320
- C:\Windows\System\MsKfhHM.exe
  C:\Windows\System\MsKfhHM.exe
  2⤵
  PID:10348
- C:\Windows\System\HZddraN.exe
  C:\Windows\System\HZddraN.exe
  2⤵
  PID:10364
- C:\Windows\System\exnRYfd.exe
  C:\Windows\System\exnRYfd.exe
  2⤵
  PID:10384
- C:\Windows\System\uzqJcCy.exe
  C:\Windows\System\uzqJcCy.exe
  2⤵
  PID:10408
- C:\Windows\System\uylClfN.exe
  C:\Windows\System\uylClfN.exe
  2⤵
  PID:10428
- C:\Windows\System\uVrvaER.exe
  C:\Windows\System\uVrvaER.exe
  2⤵
  PID:10448
- C:\Windows\System\dMTHwnU.exe
  C:\Windows\System\dMTHwnU.exe
  2⤵
  PID:10468
- C:\Windows\System\txgUtDu.exe
  C:\Windows\System\txgUtDu.exe
  2⤵
  PID:10516
- C:\Windows\System\vNCPfaN.exe
  C:\Windows\System\vNCPfaN.exe
  2⤵
  PID:10540
- C:\Windows\System\wQIBkLc.exe
  C:\Windows\System\wQIBkLc.exe
  2⤵
  PID:10584
- C:\Windows\System\staPDnn.exe
  C:\Windows\System\staPDnn.exe
  2⤵
  PID:10628
- C:\Windows\System\DhdBvQL.exe
  C:\Windows\System\DhdBvQL.exe
  2⤵
  PID:10672
- C:\Windows\System\emmNSxJ.exe
  C:\Windows\System\emmNSxJ.exe
  2⤵
  PID:10692
- C:\Windows\System\hIYAdNp.exe
  C:\Windows\System\hIYAdNp.exe
  2⤵
  PID:10712
- C:\Windows\System\VBvUiSI.exe
  C:\Windows\System\VBvUiSI.exe
  2⤵
  PID:10744
- C:\Windows\System\nnaUcXg.exe
  C:\Windows\System\nnaUcXg.exe
  2⤵
  PID:10788
- C:\Windows\System\NjSDivk.exe
  C:\Windows\System\NjSDivk.exe
  2⤵
  PID:10816
- C:\Windows\System\TNOESDT.exe
  C:\Windows\System\TNOESDT.exe
  2⤵
  PID:10840
- C:\Windows\System\qFJODgs.exe
  C:\Windows\System\qFJODgs.exe
  2⤵
  PID:10888
- C:\Windows\System\JUYrsxt.exe
  C:\Windows\System\JUYrsxt.exe
  2⤵
  PID:10912
- C:\Windows\System\mGIwQsd.exe
  C:\Windows\System\mGIwQsd.exe
  2⤵
  PID:10936
- C:\Windows\System\egKygUx.exe
  C:\Windows\System\egKygUx.exe
  2⤵
  PID:10952
- C:\Windows\System\ZFcqIki.exe
  C:\Windows\System\ZFcqIki.exe
  2⤵
  PID:10972
- C:\Windows\System\TWdgNrF.exe
  C:\Windows\System\TWdgNrF.exe
  2⤵
  PID:11008
- C:\Windows\System\IdJriKS.exe
  C:\Windows\System\IdJriKS.exe
  2⤵
  PID:11048
- C:\Windows\System\igsZWvb.exe
  C:\Windows\System\igsZWvb.exe
  2⤵
  PID:11068
- C:\Windows\System\FtDQsrK.exe
  C:\Windows\System\FtDQsrK.exe
  2⤵
  PID:11108
- C:\Windows\System\CbZEIRX.exe
  C:\Windows\System\CbZEIRX.exe
  2⤵
  PID:11132
- C:\Windows\System\wInXeqA.exe
  C:\Windows\System\wInXeqA.exe
  2⤵
  PID:11148
- C:\Windows\System\zoGNQxz.exe
  C:\Windows\System\zoGNQxz.exe
  2⤵
  PID:11164
- C:\Windows\System\fHdYlbm.exe
  C:\Windows\System\fHdYlbm.exe
  2⤵
  PID:11200
- C:\Windows\System\DGvWJDa.exe
  C:\Windows\System\DGvWJDa.exe
  2⤵
  PID:11228
- C:\Windows\System\EhPkazN.exe
  C:\Windows\System\EhPkazN.exe
  2⤵
  PID:9352
- C:\Windows\System\ZFwmQaR.exe
  C:\Windows\System\ZFwmQaR.exe
  2⤵
  PID:10244
- C:\Windows\System\hBjWkts.exe
  C:\Windows\System\hBjWkts.exe
  2⤵
  PID:10360
- C:\Windows\System\ZzXRXXe.exe
  C:\Windows\System\ZzXRXXe.exe
  2⤵
  PID:10404
- C:\Windows\System\ytpwuzh.exe
  C:\Windows\System\ytpwuzh.exe
  2⤵
  PID:10484
- C:\Windows\System\LzerSWu.exe
  C:\Windows\System\LzerSWu.exe
  2⤵
  PID:10524
- C:\Windows\System\aMQWVhT.exe
  C:\Windows\System\aMQWVhT.exe
  2⤵
  PID:10556
- C:\Windows\System\rdLQqZp.exe
  C:\Windows\System\rdLQqZp.exe
  2⤵
  PID:10648
- C:\Windows\System\ATanAae.exe
  C:\Windows\System\ATanAae.exe
  2⤵
  PID:10700
- C:\Windows\System\iOcRsLu.exe
  C:\Windows\System\iOcRsLu.exe
  2⤵
  PID:10760
- C:\Windows\System\CwzjXMh.exe
  C:\Windows\System\CwzjXMh.exe
  2⤵
  PID:10808
- C:\Windows\System\geEwMQe.exe
  C:\Windows\System\geEwMQe.exe
  2⤵
  PID:10908
- C:\Windows\System\AQdBqJu.exe
  C:\Windows\System\AQdBqJu.exe
  2⤵
  PID:10984
- C:\Windows\System\JuOatGu.exe
  C:\Windows\System\JuOatGu.exe
  2⤵
  PID:11064
- C:\Windows\System\yGXdjqh.exe
  C:\Windows\System\yGXdjqh.exe
  2⤵
  PID:11124
- C:\Windows\System\uEVODrc.exe
  C:\Windows\System\uEVODrc.exe
  2⤵
  PID:11156
- C:\Windows\System\ibgQDWS.exe
  C:\Windows\System\ibgQDWS.exe
  2⤵
  PID:11192
- C:\Windows\System\WUsIGXr.exe
  C:\Windows\System\WUsIGXr.exe
  2⤵
  PID:10396
- C:\Windows\System\tJKaxAY.exe
  C:\Windows\System\tJKaxAY.exe
  2⤵
  PID:10464
- C:\Windows\System\mqRUrAy.exe
  C:\Windows\System\mqRUrAy.exe
  2⤵
  PID:10604
- C:\Windows\System\jPxHIES.exe
  C:\Windows\System\jPxHIES.exe
  2⤵
  PID:10736
- C:\Windows\System\PtKPyCf.exe
  C:\Windows\System\PtKPyCf.exe
  2⤵
  PID:11036
- C:\Windows\System\xGyzuIL.exe
  C:\Windows\System\xGyzuIL.exe
  2⤵
  PID:10896
- C:\Windows\System\NVtVRGR.exe
  C:\Windows\System\NVtVRGR.exe
  2⤵
  PID:11184
- C:\Windows\System\BfhbKiW.exe
  C:\Windows\System\BfhbKiW.exe
  2⤵
  PID:10272
- C:\Windows\System\hUFJWby.exe
  C:\Windows\System\hUFJWby.exe
  2⤵
  PID:10536
- C:\Windows\System\ZnXuzFv.exe
  C:\Windows\System\ZnXuzFv.exe
  2⤵
  PID:11120
- C:\Windows\System\vvhHmJU.exe
  C:\Windows\System\vvhHmJU.exe
  2⤵
  PID:11140
- C:\Windows\System\zbofqwL.exe
  C:\Windows\System\zbofqwL.exe
  2⤵
  PID:11280
- C:\Windows\System\nuYdOkt.exe
  C:\Windows\System\nuYdOkt.exe
  2⤵
  PID:11300
- C:\Windows\System\WvVsFDY.exe
  C:\Windows\System\WvVsFDY.exe
  2⤵
  PID:11336
- C:\Windows\System\BnaDZwq.exe
  C:\Windows\System\BnaDZwq.exe
  2⤵
  PID:11356
- C:\Windows\System\MBuYNXR.exe
  C:\Windows\System\MBuYNXR.exe
  2⤵
  PID:11388
- C:\Windows\System\EWUUSdP.exe
  C:\Windows\System\EWUUSdP.exe
  2⤵
  PID:11420
- C:\Windows\System\DhQXnBE.exe
  C:\Windows\System\DhQXnBE.exe
  2⤵
  PID:11440
- C:\Windows\System\qLOowhe.exe
  C:\Windows\System\qLOowhe.exe
  2⤵
  PID:11468
- C:\Windows\System\chZYCkI.exe
  C:\Windows\System\chZYCkI.exe
  2⤵
  PID:11496
- C:\Windows\System\POboyOx.exe
  C:\Windows\System\POboyOx.exe
  2⤵
  PID:11528
- C:\Windows\System\YirLrVL.exe
  C:\Windows\System\YirLrVL.exe
  2⤵
  PID:11564
- C:\Windows\System\uVYAJGm.exe
  C:\Windows\System\uVYAJGm.exe
  2⤵
  PID:11580
- C:\Windows\System\KxtjrPm.exe
  C:\Windows\System\KxtjrPm.exe
  2⤵
  PID:11624
- C:\Windows\System\TsJuXSU.exe
  C:\Windows\System\TsJuXSU.exe
  2⤵
  PID:11648
- C:\Windows\System\WRAhJuW.exe
  C:\Windows\System\WRAhJuW.exe
  2⤵
  PID:11664
- C:\Windows\System\BPXgoyx.exe
  C:\Windows\System\BPXgoyx.exe
  2⤵
  PID:11700
- C:\Windows\System\hZNBdaL.exe
  C:\Windows\System\hZNBdaL.exe
  2⤵
  PID:11716
- C:\Windows\System\vzALoth.exe
  C:\Windows\System\vzALoth.exe
  2⤵
  PID:11752
- C:\Windows\System\jQGjWFL.exe
  C:\Windows\System\jQGjWFL.exe
  2⤵
  PID:11780
- C:\Windows\System\AGnLBcV.exe
  C:\Windows\System\AGnLBcV.exe
  2⤵
  PID:11800
- C:\Windows\System\maOJEgo.exe
  C:\Windows\System\maOJEgo.exe
  2⤵
  PID:11828
- C:\Windows\System\TiRwsJe.exe
  C:\Windows\System\TiRwsJe.exe
  2⤵
  PID:11852
- C:\Windows\System\WGWuJqj.exe
  C:\Windows\System\WGWuJqj.exe
  2⤵
  PID:11876
- C:\Windows\System\AQjmEqk.exe
  C:\Windows\System\AQjmEqk.exe
  2⤵
  PID:11932
- C:\Windows\System\sgXdxaN.exe
  C:\Windows\System\sgXdxaN.exe
  2⤵
  PID:11948
- C:\Windows\System\ScaqjLO.exe
  C:\Windows\System\ScaqjLO.exe
  2⤵
  PID:11968
- C:\Windows\System\vfLDaBf.exe
  C:\Windows\System\vfLDaBf.exe
  2⤵
  PID:11992
- C:\Windows\System\nnpRIfx.exe
  C:\Windows\System\nnpRIfx.exe
  2⤵
  PID:12012
- C:\Windows\System\BGZzqqz.exe
  C:\Windows\System\BGZzqqz.exe
  2⤵
  PID:12032
- C:\Windows\System\mbcOXAk.exe
  C:\Windows\System\mbcOXAk.exe
  2⤵
  PID:12052
- C:\Windows\System\tpzPIlg.exe
  C:\Windows\System\tpzPIlg.exe
  2⤵
  PID:12124
- C:\Windows\System\oSIURqj.exe
  C:\Windows\System\oSIURqj.exe
  2⤵
  PID:12144
- C:\Windows\System\zmrgPhl.exe
  C:\Windows\System\zmrgPhl.exe
  2⤵
  PID:12164
- C:\Windows\System\nUxuBmz.exe
  C:\Windows\System\nUxuBmz.exe
  2⤵
  PID:12224
- C:\Windows\System\GcnmbER.exe
  C:\Windows\System\GcnmbER.exe
  2⤵
  PID:12248
- C:\Windows\System\XnWkmkJ.exe
  C:\Windows\System\XnWkmkJ.exe
  2⤵
  PID:12276
- C:\Windows\System\pWjvMkc.exe
  C:\Windows\System\pWjvMkc.exe
  2⤵
  PID:10872
- C:\Windows\System\egRUokf.exe
  C:\Windows\System\egRUokf.exe
  2⤵
  PID:11344
- C:\Windows\System\ACKWCKM.exe
  C:\Windows\System\ACKWCKM.exe
  2⤵
  PID:11384
- C:\Windows\System\FZnjMwI.exe
  C:\Windows\System\FZnjMwI.exe
  2⤵
  PID:11456
- C:\Windows\System\dLoNcoY.exe
  C:\Windows\System\dLoNcoY.exe
  2⤵
  PID:11516
- C:\Windows\System\MrVwTAf.exe
  C:\Windows\System\MrVwTAf.exe
  2⤵
  PID:11600
- C:\Windows\System\xYCatKd.exe
  C:\Windows\System\xYCatKd.exe
  2⤵
  PID:11640
- C:\Windows\System\bVsxyOm.exe
  C:\Windows\System\bVsxyOm.exe
  2⤵
  PID:11724
- C:\Windows\System\lSUmNSW.exe
  C:\Windows\System\lSUmNSW.exe
  2⤵
  PID:11744
- C:\Windows\System\KqBDRDH.exe
  C:\Windows\System\KqBDRDH.exe
  2⤵
  PID:11868
- C:\Windows\System\tbkJfEA.exe
  C:\Windows\System\tbkJfEA.exe
  2⤵
  PID:5024
- C:\Windows\System\EouovqF.exe
  C:\Windows\System\EouovqF.exe
  2⤵
  PID:116
- C:\Windows\System\VYVkUAO.exe
  C:\Windows\System\VYVkUAO.exe
  2⤵
  PID:11960
- C:\Windows\System\ZGeybJU.exe
  C:\Windows\System\ZGeybJU.exe
  2⤵
  PID:12004
- C:\Windows\System\WNJppXW.exe
  C:\Windows\System\WNJppXW.exe
  2⤵
  PID:12132
- C:\Windows\System\HeZtuwC.exe
  C:\Windows\System\HeZtuwC.exe
  2⤵
  PID:12184
- C:\Windows\System\lKTKTZL.exe
  C:\Windows\System\lKTKTZL.exe
  2⤵
  PID:12236
- C:\Windows\System\VLsTxIl.exe
  C:\Windows\System\VLsTxIl.exe
  2⤵
  PID:10340
- C:\Windows\System\HzYPikI.exe
  C:\Windows\System\HzYPikI.exe
  2⤵
  PID:11432
- C:\Windows\System\RXiiEgc.exe
  C:\Windows\System\RXiiEgc.exe
  2⤵
  PID:11572
- C:\Windows\System\xQraami.exe
  C:\Windows\System\xQraami.exe
  2⤵
  PID:11676
- C:\Windows\System\EARGaJp.exe
  C:\Windows\System\EARGaJp.exe
  2⤵
  PID:11964
- C:\Windows\System\eqHTNXK.exe
  C:\Windows\System\eqHTNXK.exe
  2⤵
  PID:12020
- C:\Windows\System\YLZUfoy.exe
  C:\Windows\System\YLZUfoy.exe
  2⤵
  PID:12008
- C:\Windows\System\RJqauKO.exe
  C:\Windows\System\RJqauKO.exe
  2⤵
  PID:11332
- C:\Windows\System\PoJapNb.exe
  C:\Windows\System\PoJapNb.exe
  2⤵
  PID:11484
- C:\Windows\System\NDBclUM.exe
  C:\Windows\System\NDBclUM.exe
  2⤵
  PID:11772
- C:\Windows\System\GGEYBXN.exe
  C:\Windows\System\GGEYBXN.exe
  2⤵
  PID:11884
- C:\Windows\System\EOYtNxp.exe
  C:\Windows\System\EOYtNxp.exe
  2⤵
  PID:12220
- C:\Windows\System\hbwbeXP.exe
  C:\Windows\System\hbwbeXP.exe
  2⤵
  PID:11796
- C:\Windows\System\jUDbqts.exe
  C:\Windows\System\jUDbqts.exe
  2⤵
  PID:12296
- C:\Windows\System\pLvYjet.exe
  C:\Windows\System\pLvYjet.exe
  2⤵
  PID:12348
- C:\Windows\System\LRKLRNg.exe
  C:\Windows\System\LRKLRNg.exe
  2⤵
  PID:12368
- C:\Windows\System\QzvdSSb.exe
  C:\Windows\System\QzvdSSb.exe
  2⤵
  PID:12396
- C:\Windows\System\NLkkpbm.exe
  C:\Windows\System\NLkkpbm.exe
  2⤵
  PID:12416
- C:\Windows\System\xHUFiRn.exe
  C:\Windows\System\xHUFiRn.exe
  2⤵
  PID:12452
- C:\Windows\System\YLOxlgf.exe
  C:\Windows\System\YLOxlgf.exe
  2⤵
  PID:12480
- C:\Windows\System\NRcAMsq.exe
  C:\Windows\System\NRcAMsq.exe
  2⤵
  PID:12500
- C:\Windows\System\ykuhrhN.exe
  C:\Windows\System\ykuhrhN.exe
  2⤵
  PID:12520
- C:\Windows\System\tySyIee.exe
  C:\Windows\System\tySyIee.exe
  2⤵
  PID:12536
- C:\Windows\System\beRoNbw.exe
  C:\Windows\System\beRoNbw.exe
  2⤵
  PID:12556
- C:\Windows\System\wNtYjLT.exe
  C:\Windows\System\wNtYjLT.exe
  2⤵
  PID:12576
- C:\Windows\System\lPzKDGJ.exe
  C:\Windows\System\lPzKDGJ.exe
  2⤵
  PID:12596
- C:\Windows\System\yVIMuJx.exe
  C:\Windows\System\yVIMuJx.exe
  2⤵
  PID:12664
- C:\Windows\System\ZRlhHPp.exe
  C:\Windows\System\ZRlhHPp.exe
  2⤵
  PID:12712
- C:\Windows\System\mrowtCd.exe
  C:\Windows\System\mrowtCd.exe
  2⤵
  PID:12744
- C:\Windows\System\TSIbzHM.exe
  C:\Windows\System\TSIbzHM.exe
  2⤵
  PID:12772
- C:\Windows\System\lrXxBYu.exe
  C:\Windows\System\lrXxBYu.exe
  2⤵
  PID:12804
- C:\Windows\System\mGRviwv.exe
  C:\Windows\System\mGRviwv.exe
  2⤵
  PID:12824
- C:\Windows\System\FjfVrQL.exe
  C:\Windows\System\FjfVrQL.exe
  2⤵
  PID:12848
- C:\Windows\System\FCxRdFh.exe
  C:\Windows\System\FCxRdFh.exe
  2⤵
  PID:12896
- C:\Windows\System\RkynsZi.exe
  C:\Windows\System\RkynsZi.exe
  2⤵
  PID:12944
- C:\Windows\System\TUFoYQl.exe
  C:\Windows\System\TUFoYQl.exe
  2⤵
  PID:12964
- C:\Windows\System\vxkdFGj.exe
  C:\Windows\System\vxkdFGj.exe
  2⤵
  PID:12980
- C:\Windows\System\ANuhFXM.exe
  C:\Windows\System\ANuhFXM.exe
  2⤵
  PID:13000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xw0ch2e1.scn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\GQBzPhO.exe

Filesize
1.6MB

MD5
3ae28db6b2efbd50992b0dc2d2f660c2

SHA1
7b4e33d6fbe53e7d6167778377f0c243671b13ef

SHA256
cc448b800e95fef3ef67b2fd44473a90203f8145549e3644713455c45bb94d70

SHA512
31056e687333530a48e981e9b49933625280d0219fc508963fe290c5b604804fa18d4b096ea9a944b57af4a87a0a2fd6577eefdedf11b0f55726e98a6ea297ec

Download Submit
C:\Windows\System\Ijeybyk.exe

Filesize
1.6MB

MD5
d5a5aaf215268362fddf23a00c93c8a7

SHA1
d53541827896dedfa5e52081d55764ca535f787d

SHA256
6259b872350d8e7639ad35d8348e18cb1481f32eaccc49438d447696b1174cb8

SHA512
81204969003fb09a7cfb0c8b088c7e466b7d5f92114db3c4322b2f39642679e474bcf3c94fe4f459b3a71549044cb7e55795a64b57ec90f2710beb24aa0856dc

Download Submit
C:\Windows\System\IsdNAbN.exe

Filesize
1.6MB

MD5
e2efd699ada2c794b8acf9b362e86edf

SHA1
b2bd3e8a845e3a020da30b9492ef5b9d93778392

SHA256
af562b3f8423f926bc9c1263b951b90a0e4917d180618777c9b9815dddc76796

SHA512
6c1ee4f2150abc469abd42f99f2d028287b61993bdc063154be1dced616e64249c96e493cd7c56540b74856b2ff084c3dbc572f51faff8234c14995f5b0a6752

Download Submit
C:\Windows\System\LXaPndB.exe

Filesize
1.6MB

MD5
35606de766e528e078b1ea2003663efc

SHA1
eaed35566e43b4730f93c731c6faf3166569cc15

SHA256
f7c08c7faf6cb9ff6f3091d79c75ab074d15b1e90c87f2cd058f22855fb808e1

SHA512
e6a3a156bc70adeb36455829eee5bc89e294d7956976dad2ec0ddbe77d8a6ceb8f0f258bc20b7b5cb5b3c7ab59eab0d9c799b5cb7979de4a4ef22b429b543759

Download Submit
C:\Windows\System\MDuXInh.exe

Filesize
1.6MB

MD5
0a3a7cd4ef9fb9e945aef11cbd83a1a3

SHA1
85e5f7ed71d64a749a9f99e8cebe0c12f17c74fb

SHA256
038efed44106935d9c5459ab9eb3c3389dfecabcf4a3bc04baa16f779a8dc704

SHA512
1bd93b55a6fe3b92b4eb53beba29b8a1a18da2d2b2e7e6a1dde6d18f9890cf4b53fd5f821ab80b99f90c83796e323d09ee86904b922dedfcbb3c9a70a6e2394a

Download Submit
C:\Windows\System\OzBrWru.exe

Filesize
1.6MB

MD5
55ab0631487d13f64ff4122ec877c939

SHA1
c3227ef7dfd859b4c95dd6d76c216c4d1223fb21

SHA256
9f9c0da19385783e614b4fa71c3366b7c256cd48a96066a3794b47c11b55d797

SHA512
f467b40bde74c08c999806e81ee35ff5882d7b5a351cf718a8b4f1452d1cb24dcd0ce9a1043cff30c57f7e8cdfb1f3f1dd39f3ce15e51325499c6280454ccd5f

Download Submit
C:\Windows\System\POfEzoo.exe

Filesize
1.6MB

MD5
baa1d91fe2e9236f2c4fc36fddfcd2be

SHA1
d303575f5cf21b2463e1078ea6e343bb84d4b73b

SHA256
cfe1ac2ed8d3773ce36661add4b1b1dba839c7c784dc0a01ce799c3643f9e0df

SHA512
1cd30128ddcaeb978dffcaee961133152774164af5eb217fb1f71a4bef9bb0d7c1b12d2a3dc6c53276b5a049985aeb5453038e8ce14d57af6a06215251ac1f99

Download Submit
C:\Windows\System\PkRSVfQ.exe

Filesize
1.6MB

MD5
7212ba1b4ecba2b09cc7c41cd0b49614

SHA1
56260eb4810226105f79c677c544d41e0e8f221b

SHA256
be8a550b4b4fe6c2168b4c6c9b64c6367d3a4f6beab24bae188b59aab3cd10e4

SHA512
7424e31ba791c5dff223afad39e6315cc7b86759592fdc186fb7b604d866f9951c11935481bd926681d4fa846e3825f26d45705d0316357bda883083fb12ee58

Download Submit
C:\Windows\System\QBMcXtD.exe

Filesize
1.6MB

MD5
ce309b16da9fd3e5d80e680d6f5c2ed0

SHA1
7516c6b42f0474eb4504ca67f22a9a63449389c2

SHA256
674cf19dc5dc4cc69031a0aae9cdadd36a7b2593a4c94da338e9be415b120a78

SHA512
09b27f19b65d2dd4ab0376d5e4b03290ca0e6260dc28ef049ba8ad6ec1b4b698ccfed3848735eaecd71b7b6420339da285a2ee61309b2d523c5bdcbe005600a0

Download Submit
C:\Windows\System\QCXGfQF.exe

Filesize
1.6MB

MD5
8d1fba4ba1064a3337b2c388875fe58e

SHA1
f7f9fc881764f77f9afc38736a562b0767c2692d

SHA256
0c23304a60c62dd381e87dcd3124edd2a34985498312876f65476389b398f8b8

SHA512
6916b7cd310866d6f1533acca0f2370c33564d478c80233af4cc52bcec60441a31719da330d3c20176ddfc4b2667a9d7ba47ae10283ef91cc8d892f179294902

Download Submit
C:\Windows\System\QGqWGyZ.exe

Filesize
1.6MB

MD5
04aa0538728fffa172928b746156caf4

SHA1
65caba99a274e0e4df0108c5cd7ced94b49b3849

SHA256
72708154c3da7d84f1b63f60a42930bcb480f3ffac14d66e247e1509ed93d0fe

SHA512
4baff66a137954f6404bd32dcb58b83176ead5beaeffbda7691f488be35115578eeac6dbcdf212b86056d11c445fd9991f8a019367d72671528662433da02b3d

Download Submit
C:\Windows\System\SKbwEXw.exe

Filesize
1.6MB

MD5
db1d289aa913164d77db22950b475edb

SHA1
f3f9a0899a5536b5e991e89f56c8add9454725fa

SHA256
00f8c03cc7922df63f873e807e04b289e31dc1d04fc0dfb2c95cdeb709d78d5e

SHA512
79708b82d7fe0742b6c7bb3532dcd8d2d6e4aa9b04c76d58e1a85d13964a5073730de4911eefe28191be3a296c71719a583807d86cf16bcbae4ed3fc0f75e2eb

Download Submit
C:\Windows\System\SkNhENN.exe

Filesize
1.6MB

MD5
48acce8a74af22c5ae34a846d885ff85

SHA1
e9f1ca62a6c334f05b1d56417c3ddafd004307ae

SHA256
3b06a45013bdac711f35e119eb7f1ffffe3cd41708eba22f0673f0e3f490bd96

SHA512
975d39d605b1c4b22c2da5cbf7f2548e8e8aa84833f6cbd26c6a5f29968475d8f1d7f64fabaf6c174a442704d982726f8e22e088dc0ff558961a35382fbbcca9

Download Submit
C:\Windows\System\UQhpmkG.exe

Filesize
8B

MD5
b4264996759d988d82730e6958cf8074

SHA1
7bbc1f74a3ce00994d790da4622d87f15f45b523

SHA256
8ec7039187958fcd27e56e585c4d65242972777fffc8821de830bc1ff1727bca

SHA512
90e2f3e49d27ab4d11cbf031af514cf6fc3a8851362bc0086d9e25b2d97c3341159ec901fb19a665474ceb995371e4f69eda62c3d14f844ace445c61339d139c

Download Submit
C:\Windows\System\UrdtfyC.exe

Filesize
1.6MB

MD5
6a865fc192fd73a5987c23af9cdcced5

SHA1
af0cd2256a7648ce8516562b71195ac505bf9297

SHA256
b61d073fc32cad313d696ed4174d117c8ee35f555518138b7f65dffe5b758c02

SHA512
fd78af7b159c76d8775e6e78aa127af5732c7f62c75670b38bdb0319dc519c1c07515f88fb3a4f19c24da44136e92cbe20902811334c8feeddc2761f4e184233

Download Submit
C:\Windows\System\WAcAxuv.exe

Filesize
1.6MB

MD5
81a91f3dbab75def8e531e6085b4b67b

SHA1
11db51aa6aa390959f62665f1c50485241131a12

SHA256
c4c279424be42246685a483fb649adb69831e70879a7d7d7980431f9e99f73f8

SHA512
f0ccedb554b953d52f4390f700be293fc2dedeac04764280b557195d26cbc3248f4a1d9c59da354d3a4343e5355e0dcd08b2f7097560549d7db6cc09b18d63a6

Download Submit
C:\Windows\System\WeyrZLI.exe

Filesize
1.6MB

MD5
618a4f222e8ec259c6afbd80e68b0dcc

SHA1
98fd34c3834cd64ab216e8bdfe11506214737dd6

SHA256
611aaf81614a7db738fac568314574615d26bed0d77b49b14db7ef1e3f605122

SHA512
38c8525fe7c2e908d18d10b22eef5f9848f1171e5b8ac1fc218ac62489114bc671e6ce265b1c7f43ebd9e94078a90a7560a551713398e0084385329e6cf1d395

Download Submit
C:\Windows\System\XfRiYDm.exe

Filesize
1.6MB

MD5
56adeb9541361e4274e50d0050da8b0f

SHA1
178cc5398bb22b03cbe664c849e553fdbc399306

SHA256
031722f27340813fc1deb90a6f3e7bb1db379c4e6b247b02827a407d6474a01c

SHA512
8ec861ee8143ee4b5ec846b21bcf6868b12f31757ec442b3de4a3b385d8b33fa27e6b2dd7a5541417fa1e55785cd9a097a45bdd810a7e5b686500d4a868f28f9

Download Submit
C:\Windows\System\afUQcpx.exe

Filesize
1.6MB

MD5
29fdbbc03381a125cefbfed8ac22ebe8

SHA1
70efba939c0cc8291567852a96cca379647edd2a

SHA256
bdcc4df2433a93c2b910bc03c047e7ccabca7f0aa7c7c2226783f4f22d3131ea

SHA512
b74322d2e167e47354d5759147b3cb91074623a02b122469adcc8495820114d4482804ba2540a735371892b1dce6d6891cc2538dadf19a099f68757be455be1a

Download Submit
C:\Windows\System\bDLxiyU.exe

Filesize
1.6MB

MD5
c4e8aba5b072080cd779f48db8a2a572

SHA1
37afde83967cb724ba93ab252e90a707621deec7

SHA256
2daa8336c19a4b6568b45c4387904fa88abe3bf3cdac5699213b03206ce01481

SHA512
c23fa3036be7fa48083b522dfa8ccf369d5ffc99cd7401b4aa11ad3120a3ebe040a9703263d8dcdbf03e794442d317ce5f5186936abef57bff155f4ffb7b5ed7

Download Submit
C:\Windows\System\cJzkdmq.exe

Filesize
1.6MB

MD5
8b7ed1ae9459a93b2072cfe9a615b4ac

SHA1
bea27bdf68db6161ff3f4933abe77c75ba754dc5

SHA256
f06e4922db27728dbb662872da7e800fbfa50f09066466de376c657af4f05f43

SHA512
5f1b4e4bd9eb74932590a30739d1b00641a355ddeeff7b65440fe764d0602503732446dd0f92d9e541fe47a585bfd46142b0fddf02292344636ef00e6aee7172

Download Submit
C:\Windows\System\fPdRDQz.exe

Filesize
1.6MB

MD5
4b19c513ffe2bd835ef6438484e6d23f

SHA1
b54d2471c03b7e44a1bf9033a24a02757a5dedb8

SHA256
0573db4f9392d747e3e8f35ee18df6440564a4ab55370a8503d96bcd7988ec82

SHA512
83e1123ea79a9a60742bff175dc1bb25f92e359c9e2ec69ee69c7ee9abcf6deb087431d896d05dce23ed7ef9eb0afd30c975ac504e5c1cd47c84b80af0e3c842

Download Submit
C:\Windows\System\hgVrcro.exe

Filesize
1.6MB

MD5
e38d552432037469223b21531d1af2c3

SHA1
d8c527264528ed829ca60e4bab9d15f5687a19cb

SHA256
903b43113e83dfaed7902e62108ac8265a2d2f7a4b30ccf82fd7cc00452f8c2e

SHA512
e9d3feadb11d492b2e413e46dfd1103094ae729a242e23dda451825a71b026f403748fa75cdfc0eae7ca963ddb57954060e5c248b91a641f5d4194c5c8eab3c4

Download Submit
C:\Windows\System\jJPFpDH.exe

Filesize
1.6MB

MD5
721d6f0e66588320ed094377986d14dc

SHA1
dd52bcbef36fcbc5179308c8b92b4f655819f6a3

SHA256
99ef8af3c727561fac1dcc8ca23dd07ef8be0f74e16eea99de572fe4a51f086b

SHA512
672eba83742011cdc8a8a6e5114fcb6390c2eb89559cebcbf5f4f0b0b57d61d5157b1d0e55d4e740cbdd3bee20f2d0634af662f6b7001481072bacdc8791adaf

Download Submit
C:\Windows\System\kqcRhBv.exe

Filesize
1.6MB

MD5
cf64c6fc727a95f939e66bd791b8a04c

SHA1
f1cb5630d7f8e2e223e96e82d195403cbe624026

SHA256
3b2a9b03497048047fc09d984937ceb0f166f06d9b076ddb9691fededdbe3c76

SHA512
fad6f9340bd1f86697f23412fa195a2de83158ddfe96f964247209aceb1bd0c54c65f8ad314b390d839b68b610e9fc9783daf20e1ef0c8293fd42ba3db25181e

Download Submit
C:\Windows\System\mJCnqMl.exe

Filesize
1.6MB

MD5
d6e2d5d6cc486afbd6d3bc1e2eb9107c

SHA1
5c222b20a3632f87f185fd8b5723eceb0f943d91

SHA256
5c6b715f188b43b53f1867ee4b1e5dcc21f859442352d8aec3f6c55aa38cea39

SHA512
3ec7e942842f64bedced015152d4c7958503748d023f10288d3a9f53b99a828af68236e43ff41342dc3c6603dc02cf2cee0e7dfc6cb99547f10c61f344520767

Download Submit
C:\Windows\System\mOGMFUF.exe

Filesize
1.6MB

MD5
133b42bd4dc0392bd0ba771777648b6e

SHA1
4653bd1bd17b31cf4e96bfc71b3c14d9fb48ac44

SHA256
73bb1b63d165441ad328708b37641325271dc80b7430502ee0a92363181da8e0

SHA512
2fad96688a6217d7669ef2a757de71d5f7af849d36bda7d97ff904bfcd954e61c66863a239e5173dab29959472c68634f8d5581b0684b544c140e974f35b68f1

Download Submit
C:\Windows\System\mgpvHvm.exe

Filesize
1.6MB

MD5
17d6b8159ce6d17b18784aded445f2e6

SHA1
2926447b6b2557cf7d09f0bafd99b6f8dc331492

SHA256
0d6f2ffb4f656301649fc9e0e27e9a57a919534285ef7e56c2286a4ac7e8952f

SHA512
27da893e580e283ecf2572c7ef38ca9b38557c50a8944424c51fdffadafc47adfe7441fe18499babd2e7828e1e8b36405f2dc73227fd382292b07c8fab172d0d

Download Submit
C:\Windows\System\qKanQGH.exe

Filesize
1.6MB

MD5
459651e06da40d7cfd966013ffc002f5

SHA1
d3e951b264cb55537dcbc7f81025cd2f5df9efd5

SHA256
7fdd8fba0f9570474b089c28f3a4a240a674fd7ca826c4cefd2cd2532e946e35

SHA512
b7522c85337c564786243a3017f97bff79ab952d96e7fb83afd656a0fa2cd4803a1bd7a739640f5f0285574645e018e6ee4fdcd7229b2077149e83d939835b2f

Download Submit
C:\Windows\System\tbEcSYP.exe

Filesize
1.6MB

MD5
2c412f191a09c95c2fddf4bb929604b5

SHA1
4ae618636d18562008d0b67e6cc1574c8b6f42a9

SHA256
15b59fb88af720136498e58c06c2c4938cfd1320c3e34a2e1b3d9b96d2a43e0d

SHA512
5372a26fc5966482e1b1e8660333a1ab06afb60d4cbb64fdaa57a5a2e2a4f7bdfd040d36cb4b2637972eeff17fdbeadc4d588d502ebb8f8e6caf8dd3beef9df2

Download Submit
C:\Windows\System\teLHvbZ.exe

Filesize
1.6MB

MD5
e023250dcee3b085adfa93d1905b478c

SHA1
efc64b5ce3c9ef4cb4b6608011ae71bd84c83522

SHA256
faef11c040cc37da9a1b5cceb1a98b1fa6c8663d7b8f2c0442bd3d345a4c54e7

SHA512
089d58a69b35a951a6f22e0dc90b049349cc550fa593cc18ef9e81ca6f02776ca4a6baf7b505f15a1c641bb994a3aba9d1945872dd97d55ed01947a851845730

Download Submit
C:\Windows\System\uCjPBDj.exe

Filesize
1.6MB

MD5
74fda464d0c006b83740cc9025bdd12f

SHA1
03340caee39353e4eefcdd9daa2d9037fd963d62

SHA256
bdb1102e5cb64b8b0a195a8556a5682ec8ba9c3b83adca548c222c37f933a03c

SHA512
8b64e53e169711fadc8da535171d9683fe55e99b16c47bace6672f2cf1b4aa11782b06cf6a676e6907ae7115c002fd95aa5332ae39a622575563857175671453

Download Submit
C:\Windows\System\uYETuhu.exe

Filesize
1.6MB

MD5
78b9a7dab257ae947f6acf8af35b3ee2

SHA1
8a56fecac550a49898e610ea010c0ac8d8f45d74

SHA256
cf57d87571ddaf13e875244fc518b3442cf5ea40460b9685ab3b5a5aa9e6462a

SHA512
bcfd1780811a65da17c5390c65563265352ce37195e02a39a0ae7874886d5adc2ddb92c7cd461f97957a001dc971ff28c7020a35bb4a8fc83ff4932661dff2bc

Download Submit
C:\Windows\System\wCjJcxY.exe

Filesize
1.6MB

MD5
6c85f27af8a2100c20a63d4cd8cba11c

SHA1
a8d79e1bb5dd339624b09f0365ad67bf64d468c4

SHA256
e228ae9b423830a117c3712a53186cfb092e16ff790f1d6f1a556bee1cf943fc

SHA512
334b92150839a77893faeb487e890c756bf5239f7ac5732590a0d99ea411e62856ef710ea6ec44f5f9017b6eeabff9d957ab3139c7e7da68dc8104edbae3fcb5

Download Submit
memory/556-157-0x00007FF73EBE0000-0x00007FF73EFD2000-memory.dmp

Filesize
3.9MB

Download
memory/556-2088-0x00007FF73EBE0000-0x00007FF73EFD2000-memory.dmp

Filesize
3.9MB

Download
memory/736-2082-0x00007FF6B4150000-0x00007FF6B4542000-memory.dmp

Filesize
3.9MB

Download
memory/736-135-0x00007FF6B4150000-0x00007FF6B4542000-memory.dmp

Filesize
3.9MB

Download
memory/1196-139-0x00007FF6F9390000-0x00007FF6F9782000-memory.dmp

Filesize
3.9MB

Download
memory/1196-2080-0x00007FF6F9390000-0x00007FF6F9782000-memory.dmp

Filesize
3.9MB

Download
memory/1300-182-0x00007FF6A2D90000-0x00007FF6A3182000-memory.dmp

Filesize
3.9MB

Download
memory/1300-2091-0x00007FF6A2D90000-0x00007FF6A3182000-memory.dmp

Filesize
3.9MB

Download
memory/1580-107-0x00007FF64DD60000-0x00007FF64E152000-memory.dmp

Filesize
3.9MB

Download
memory/1580-2074-0x00007FF64DD60000-0x00007FF64E152000-memory.dmp

Filesize
3.9MB

Download
memory/1588-2077-0x00007FF631950000-0x00007FF631D42000-memory.dmp

Filesize
3.9MB

Download
memory/1588-145-0x00007FF631950000-0x00007FF631D42000-memory.dmp

Filesize
3.9MB

Download
memory/2856-63-0x00007FF6C5E50000-0x00007FF6C6242000-memory.dmp

Filesize
3.9MB

Download
memory/2856-2047-0x00007FF6C5E50000-0x00007FF6C6242000-memory.dmp

Filesize
3.9MB

Download
memory/2940-82-0x00007FF6160A0000-0x00007FF616492000-memory.dmp

Filesize
3.9MB

Download
memory/2940-2067-0x00007FF6160A0000-0x00007FF616492000-memory.dmp

Filesize
3.9MB

Download
memory/3064-2020-0x00007FF8FF6F0000-0x00007FF9001B1000-memory.dmp

Filesize
10.8MB

Download
memory/3064-125-0x00007FF8FF6F0000-0x00007FF9001B1000-memory.dmp

Filesize
10.8MB

Download
memory/3064-45-0x00007FF8FF6F0000-0x00007FF9001B1000-memory.dmp

Filesize
10.8MB

Download
memory/3064-358-0x00000270E90C0000-0x00000270E9866000-memory.dmp

Filesize
7.6MB

Download
memory/3064-5-0x00007FF8FF6F3000-0x00007FF8FF6F5000-memory.dmp

Filesize
8KB

Download
memory/3064-2010-0x00007FF8FF6F0000-0x00007FF9001B1000-memory.dmp

Filesize
10.8MB

Download
memory/3064-76-0x00000270E7A30000-0x00000270E7A52000-memory.dmp

Filesize
136KB

Download
memory/3064-2008-0x00007FF8FF6F3000-0x00007FF8FF6F5000-memory.dmp

Filesize
8KB

Download
memory/3076-2103-0x00007FF764130000-0x00007FF764522000-memory.dmp

Filesize
3.9MB

Download
memory/3076-169-0x00007FF764130000-0x00007FF764522000-memory.dmp

Filesize
3.9MB

Download
memory/3468-151-0x00007FF60D7F0000-0x00007FF60DBE2000-memory.dmp

Filesize
3.9MB

Download
memory/3468-2092-0x00007FF60D7F0000-0x00007FF60DBE2000-memory.dmp

Filesize
3.9MB

Download
memory/3668-128-0x00007FF7A0E50000-0x00007FF7A1242000-memory.dmp

Filesize
3.9MB

Download
memory/3668-2064-0x00007FF7A0E50000-0x00007FF7A1242000-memory.dmp

Filesize
3.9MB

Download
memory/3704-2061-0x00007FF70E020000-0x00007FF70E412000-memory.dmp

Filesize
3.9MB

Download
memory/3704-81-0x00007FF70E020000-0x00007FF70E412000-memory.dmp

Filesize
3.9MB

Download
memory/3756-87-0x00007FF66DA10000-0x00007FF66DE02000-memory.dmp

Filesize
3.9MB

Download
memory/3756-2063-0x00007FF66DA10000-0x00007FF66DE02000-memory.dmp

Filesize
3.9MB

Download
memory/3884-2086-0x00007FF716270000-0x00007FF716662000-memory.dmp

Filesize
3.9MB

Download
memory/3884-163-0x00007FF716270000-0x00007FF716662000-memory.dmp

Filesize
3.9MB

Download
memory/3936-2022-0x00007FF732670000-0x00007FF732A62000-memory.dmp

Filesize
3.9MB

Download
memory/3936-2009-0x00007FF732670000-0x00007FF732A62000-memory.dmp

Filesize
3.9MB

Download
memory/3936-16-0x00007FF732670000-0x00007FF732A62000-memory.dmp

Filesize
3.9MB

Download
memory/4036-2049-0x00007FF71FD10000-0x00007FF720102000-memory.dmp

Filesize
3.9MB

Download
memory/4036-68-0x00007FF71FD10000-0x00007FF720102000-memory.dmp

Filesize
3.9MB

Download
memory/4104-2078-0x00007FF7774B0000-0x00007FF7778A2000-memory.dmp

Filesize
3.9MB

Download
memory/4104-119-0x00007FF7774B0000-0x00007FF7778A2000-memory.dmp

Filesize
3.9MB

Download
memory/4232-1974-0x00007FF7F61B0000-0x00007FF7F65A2000-memory.dmp

Filesize
3.9MB

Download
memory/4232-0-0x00007FF7F61B0000-0x00007FF7F65A2000-memory.dmp

Filesize
3.9MB

Download
memory/4232-1-0x000002377B620000-0x000002377B630000-memory.dmp

Filesize
64KB

Download
memory/4240-2068-0x00007FF7E5CD0000-0x00007FF7E60C2000-memory.dmp

Filesize
3.9MB

Download
memory/4240-79-0x00007FF7E5CD0000-0x00007FF7E60C2000-memory.dmp

Filesize
3.9MB

Download
memory/4304-2073-0x00007FF7CC6C0000-0x00007FF7CCAB2000-memory.dmp

Filesize
3.9MB

Download
memory/4304-115-0x00007FF7CC6C0000-0x00007FF7CCAB2000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2059-0x00007FF719EE0000-0x00007FF71A2D2000-memory.dmp

Filesize
3.9MB

Download
memory/4348-102-0x00007FF719EE0000-0x00007FF71A2D2000-memory.dmp

Filesize
3.9MB

Download
memory/4748-134-0x00007FF7C5B20000-0x00007FF7C5F12000-memory.dmp

Filesize
3.9MB

Download
memory/4748-2084-0x00007FF7C5B20000-0x00007FF7C5F12000-memory.dmp

Filesize
3.9MB

Download
memory/5032-2095-0x00007FF70CA30000-0x00007FF70CE22000-memory.dmp

Filesize
3.9MB

Download
memory/5032-175-0x00007FF70CA30000-0x00007FF70CE22000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2096-0x00007FF76F160000-0x00007FF76F552000-memory.dmp

Filesize
3.9MB

Download
memory/5036-176-0x00007FF76F160000-0x00007FF76F552000-memory.dmp

Filesize
3.9MB

Download
memory/5056-2070-0x00007FF7C23A0000-0x00007FF7C2792000-memory.dmp

Filesize
3.9MB

Download
memory/5056-97-0x00007FF7C23A0000-0x00007FF7C2792000-memory.dmp

Filesize
3.9MB

Download