xmrig | a55ca0f5f225f0a7795d33ee5e2f419403c45df39a257e33cb17cb8bac834bc9

Analysis

max time kernel
92s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
Size

2.9MB
MD5

e14516d67e6e077f0e2008d8862d8810
SHA1

9f2c1a27f76436cd6c0e366328c71a0e7a6f2141
SHA256

a55ca0f5f225f0a7795d33ee5e2f419403c45df39a257e33cb17cb8bac834bc9
SHA512

3bf55ae61dd21bf9b734432394e4b9328ac05678433e7544475764c4bff1fc6f821c812cb12441282eb1c05e192f9cde32959a2bbdf2380699154a064e48932d
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkFfdk2a2yKmk9:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R6

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2124-0-0x00007FF6C6420000-0x00007FF6C6816000-memory.dmp	xmrig
behavioral2/files/0x00080000000233bd-5.dat	xmrig
behavioral2/files/0x00070000000233be-12.dat	xmrig
behavioral2/memory/992-18-0x00007FF658350000-0x00007FF658746000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c0-19.dat	xmrig
behavioral2/files/0x00070000000233c1-25.dat	xmrig
behavioral2/files/0x00070000000233c2-36.dat	xmrig
behavioral2/files/0x00070000000233c3-35.dat	xmrig
behavioral2/files/0x00070000000233c4-43.dat	xmrig
behavioral2/files/0x00070000000233c5-60.dat	xmrig
behavioral2/memory/4188-63-0x00007FF7A4B50000-0x00007FF7A4F46000-memory.dmp	xmrig
behavioral2/memory/556-65-0x00007FF663070000-0x00007FF663466000-memory.dmp	xmrig
behavioral2/memory/3700-66-0x00007FF77A770000-0x00007FF77AB66000-memory.dmp	xmrig
behavioral2/memory/1444-68-0x00007FF665310000-0x00007FF665706000-memory.dmp	xmrig
behavioral2/memory/1456-69-0x00007FF6DD4D0000-0x00007FF6DD8C6000-memory.dmp	xmrig
behavioral2/memory/1152-67-0x00007FF7AC910000-0x00007FF7ACD06000-memory.dmp	xmrig
behavioral2/memory/1644-64-0x00007FF6F7490000-0x00007FF6F7886000-memory.dmp	xmrig
behavioral2/files/0x00070000000233bf-23.dat	xmrig
behavioral2/memory/4504-11-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233c6-72.dat	xmrig
behavioral2/files/0x00080000000233bb-78.dat	xmrig
behavioral2/files/0x00070000000233c9-93.dat	xmrig
behavioral2/files/0x00070000000233cb-102.dat	xmrig
behavioral2/files/0x00070000000233cd-109.dat	xmrig
behavioral2/files/0x00070000000233cf-123.dat	xmrig
behavioral2/files/0x00070000000233d3-146.dat	xmrig
behavioral2/files/0x00070000000233d0-147.dat	xmrig
behavioral2/files/0x00070000000233d4-163.dat	xmrig
behavioral2/files/0x00070000000233d8-181.dat	xmrig
behavioral2/files/0x00070000000233d9-187.dat	xmrig
behavioral2/files/0x00070000000233dc-202.dat	xmrig
behavioral2/files/0x00070000000233da-200.dat	xmrig
behavioral2/files/0x00070000000233db-197.dat	xmrig
behavioral2/files/0x00070000000233d7-185.dat	xmrig
behavioral2/memory/1424-184-0x00007FF674EE0000-0x00007FF6752D6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d6-179.dat	xmrig
behavioral2/memory/436-178-0x00007FF6B7DE0000-0x00007FF6B81D6000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d5-173.dat	xmrig
behavioral2/memory/1484-172-0x00007FF7A3290000-0x00007FF7A3686000-memory.dmp	xmrig
behavioral2/memory/1300-168-0x00007FF632DA0000-0x00007FF633196000-memory.dmp	xmrig
behavioral2/memory/1088-162-0x00007FF7E0F10000-0x00007FF7E1306000-memory.dmp	xmrig
behavioral2/memory/3448-159-0x00007FF608720000-0x00007FF608B16000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d2-153.dat	xmrig
behavioral2/memory/4468-152-0x00007FF701360000-0x00007FF701756000-memory.dmp	xmrig
behavioral2/files/0x00070000000233d1-144.dat	xmrig
behavioral2/memory/3164-138-0x00007FF639F80000-0x00007FF63A376000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ce-141.dat	xmrig
behavioral2/memory/4004-131-0x00007FF71CF20000-0x00007FF71D316000-memory.dmp	xmrig
behavioral2/files/0x00070000000233cc-127.dat	xmrig
behavioral2/memory/4580-124-0x00007FF64B280000-0x00007FF64B676000-memory.dmp	xmrig
behavioral2/memory/4884-117-0x00007FF6095D0000-0x00007FF6099C6000-memory.dmp	xmrig
behavioral2/memory/2408-110-0x00007FF7A0110000-0x00007FF7A0506000-memory.dmp	xmrig
behavioral2/files/0x00070000000233ca-106.dat	xmrig
behavioral2/memory/1060-103-0x00007FF7D6CA0000-0x00007FF7D7096000-memory.dmp	xmrig
behavioral2/files/0x00080000000233c8-97.dat	xmrig
behavioral2/memory/3188-94-0x00007FF7D10E0000-0x00007FF7D14D6000-memory.dmp	xmrig
behavioral2/files/0x00080000000233c7-89.dat	xmrig
behavioral2/memory/532-87-0x00007FF65ABE0000-0x00007FF65AFD6000-memory.dmp	xmrig
behavioral2/memory/4504-2006-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp	xmrig
behavioral2/memory/2408-2009-0x00007FF7A0110000-0x00007FF7A0506000-memory.dmp	xmrig
behavioral2/memory/4884-2010-0x00007FF6095D0000-0x00007FF6099C6000-memory.dmp	xmrig
behavioral2/memory/4580-2011-0x00007FF64B280000-0x00007FF64B676000-memory.dmp	xmrig
behavioral2/memory/4504-2021-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp	xmrig
behavioral2/memory/1152-2022-0x00007FF7AC910000-0x00007FF7ACD06000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	1100	powershell.exe
10	1100	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1100	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4504	vGQvxcb.exe
1152	oBuCIRi.exe
992	oQenhxA.exe
1444	gVYpqMC.exe
1456	sRzLTwg.exe
4188	ylXzxDn.exe
1644	zUsFqHG.exe
556	bsglEks.exe
3700	knUBYYW.exe
532	wlQppqo.exe
3188	rOjIXei.exe
1060	MnufQik.exe
4004	TjdWHPl.exe
2408	pEeunSk.exe
3164	YQZdvvC.exe
4884	ZGQJnpY.exe
4468	PIevAcE.exe
3448	xriIUwX.exe
4580	WTYXtBE.exe
1088	DXWUVHc.exe
436	FiYsVbM.exe
1300	onGgPeT.exe
1424	SWHzDDY.exe
1484	dwxqsrL.exe
2088	mUclOuk.exe
1948	TKjupBS.exe
4964	VvFYRzJ.exe
2264	tXKMPGr.exe
3068	SfpvaFW.exe
1620	HJXIZOZ.exe
2516	sZaOhIj.exe
2964	KQNidXr.exe
2532	hZpoOZq.exe
2300	iBeNfqW.exe
4304	HstADnX.exe
1588	XkhOSbK.exe
4660	aQZunxP.exe
4840	wghkciz.exe
888	PSCGUek.exe
3808	ODhiyNi.exe
1136	YDjzair.exe
3708	YSqhHEE.exe
2456	dRkfocq.exe
1664	THBeYoC.exe
4060	dZWoEbk.exe
3952	aMNAZNj.exe
440	jqvlshg.exe
748	LuUMyLw.exe
2068	xMVjKxT.exe
3452	HkkEgxK.exe
4112	fcWTsxP.exe
4320	HRiFEzk.exe
3204	StODeAm.exe
2308	VQSgIod.exe
4684	PuJmhae.exe
4324	ZrEFRxJ.exe
1936	FByfiNE.exe
1488	FVwOIZZ.exe
4000	JgJLHxU.exe
4880	MfIkxXc.exe
4944	RQEeLMg.exe
904	icqwfhG.exe
3092	uNyYzFH.exe
3892	DaNaVtH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2124-0-0x00007FF6C6420000-0x00007FF6C6816000-memory.dmp	upx
behavioral2/files/0x00080000000233bd-5.dat	upx
behavioral2/files/0x00070000000233be-12.dat	upx
behavioral2/memory/992-18-0x00007FF658350000-0x00007FF658746000-memory.dmp	upx
behavioral2/files/0x00070000000233c0-19.dat	upx
behavioral2/files/0x00070000000233c1-25.dat	upx
behavioral2/files/0x00070000000233c2-36.dat	upx
behavioral2/files/0x00070000000233c3-35.dat	upx
behavioral2/files/0x00070000000233c4-43.dat	upx
behavioral2/files/0x00070000000233c5-60.dat	upx
behavioral2/memory/4188-63-0x00007FF7A4B50000-0x00007FF7A4F46000-memory.dmp	upx
behavioral2/memory/556-65-0x00007FF663070000-0x00007FF663466000-memory.dmp	upx
behavioral2/memory/3700-66-0x00007FF77A770000-0x00007FF77AB66000-memory.dmp	upx
behavioral2/memory/1444-68-0x00007FF665310000-0x00007FF665706000-memory.dmp	upx
behavioral2/memory/1456-69-0x00007FF6DD4D0000-0x00007FF6DD8C6000-memory.dmp	upx
behavioral2/memory/1152-67-0x00007FF7AC910000-0x00007FF7ACD06000-memory.dmp	upx
behavioral2/memory/1644-64-0x00007FF6F7490000-0x00007FF6F7886000-memory.dmp	upx
behavioral2/files/0x00070000000233bf-23.dat	upx
behavioral2/memory/4504-11-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp	upx
behavioral2/files/0x00070000000233c6-72.dat	upx
behavioral2/files/0x00080000000233bb-78.dat	upx
behavioral2/files/0x00070000000233c9-93.dat	upx
behavioral2/files/0x00070000000233cb-102.dat	upx
behavioral2/files/0x00070000000233cd-109.dat	upx
behavioral2/files/0x00070000000233cf-123.dat	upx
behavioral2/files/0x00070000000233d3-146.dat	upx
behavioral2/files/0x00070000000233d0-147.dat	upx
behavioral2/files/0x00070000000233d4-163.dat	upx
behavioral2/files/0x00070000000233d8-181.dat	upx
behavioral2/files/0x00070000000233d9-187.dat	upx
behavioral2/files/0x00070000000233dc-202.dat	upx
behavioral2/files/0x00070000000233da-200.dat	upx
behavioral2/files/0x00070000000233db-197.dat	upx
behavioral2/files/0x00070000000233d7-185.dat	upx
behavioral2/memory/1424-184-0x00007FF674EE0000-0x00007FF6752D6000-memory.dmp	upx
behavioral2/files/0x00070000000233d6-179.dat	upx
behavioral2/memory/436-178-0x00007FF6B7DE0000-0x00007FF6B81D6000-memory.dmp	upx
behavioral2/files/0x00070000000233d5-173.dat	upx
behavioral2/memory/1484-172-0x00007FF7A3290000-0x00007FF7A3686000-memory.dmp	upx
behavioral2/memory/1300-168-0x00007FF632DA0000-0x00007FF633196000-memory.dmp	upx
behavioral2/memory/1088-162-0x00007FF7E0F10000-0x00007FF7E1306000-memory.dmp	upx
behavioral2/memory/3448-159-0x00007FF608720000-0x00007FF608B16000-memory.dmp	upx
behavioral2/files/0x00070000000233d2-153.dat	upx
behavioral2/memory/4468-152-0x00007FF701360000-0x00007FF701756000-memory.dmp	upx
behavioral2/files/0x00070000000233d1-144.dat	upx
behavioral2/memory/3164-138-0x00007FF639F80000-0x00007FF63A376000-memory.dmp	upx
behavioral2/files/0x00070000000233ce-141.dat	upx
behavioral2/memory/4004-131-0x00007FF71CF20000-0x00007FF71D316000-memory.dmp	upx
behavioral2/files/0x00070000000233cc-127.dat	upx
behavioral2/memory/4580-124-0x00007FF64B280000-0x00007FF64B676000-memory.dmp	upx
behavioral2/memory/4884-117-0x00007FF6095D0000-0x00007FF6099C6000-memory.dmp	upx
behavioral2/memory/2408-110-0x00007FF7A0110000-0x00007FF7A0506000-memory.dmp	upx
behavioral2/files/0x00070000000233ca-106.dat	upx
behavioral2/memory/1060-103-0x00007FF7D6CA0000-0x00007FF7D7096000-memory.dmp	upx
behavioral2/files/0x00080000000233c8-97.dat	upx
behavioral2/memory/3188-94-0x00007FF7D10E0000-0x00007FF7D14D6000-memory.dmp	upx
behavioral2/files/0x00080000000233c7-89.dat	upx
behavioral2/memory/532-87-0x00007FF65ABE0000-0x00007FF65AFD6000-memory.dmp	upx
behavioral2/memory/4504-2006-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp	upx
behavioral2/memory/2408-2009-0x00007FF7A0110000-0x00007FF7A0506000-memory.dmp	upx
behavioral2/memory/4884-2010-0x00007FF6095D0000-0x00007FF6099C6000-memory.dmp	upx
behavioral2/memory/4580-2011-0x00007FF64B280000-0x00007FF64B676000-memory.dmp	upx
behavioral2/memory/4504-2021-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp	upx
behavioral2/memory/1152-2022-0x00007FF7AC910000-0x00007FF7ACD06000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NOrOgIO.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\kqoJOkH.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\MVXXxdl.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\iArEOiV.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\OPXCAFD.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\cIovbnZ.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\NCfBSVx.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\EkCBBrK.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\dUtfDYx.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\RuTbkeK.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\YSaKTgO.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\iPmFnbx.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\WOpZnbA.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\itqHADZ.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\ZDSMsSo.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\AuJtSIc.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\LZetsPC.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\vibtQFR.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\BSwyEWd.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\HcSYEvk.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\mrluGCB.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\qkUrEkO.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\vaUtvSN.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\nhaKYRe.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\aBiUUgn.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\XYwWeuV.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\wFTKAKQ.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\lBxZEQs.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\boGdeJg.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\jyHAJmw.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\VkTMDAJ.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\IrwUXMP.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\EXKiRxs.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\awfTGQi.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\yfEUhGt.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\ujNJaow.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\TppVKsG.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\nQVRvSq.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\ISjxtLA.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\RGjqIZR.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\gVYpqMC.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\uzWZWQV.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\EvTaYuU.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\OtrtYOE.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\aOsBIXZ.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\SvSGXhw.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\DaQFEpb.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\jSTBoNq.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\XIVETPP.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\lOgtDqb.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\eNMPPta.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\LCQzClq.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\TEmBixa.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\plNtjvr.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\cNXBojK.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\QGipWuv.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\SLnXTkk.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\VMrDdCe.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\mcZUoop.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\wlQppqo.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\DXWUVHc.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\sFountR.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\gStJhMk.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
File created	C:\Windows\System\nGSNNlF.exe	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1100	powershell.exe
1100	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
Token: SeDebugPrivilege	1100	powershell.exe
Token: SeLockMemoryPrivilege	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1100	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	84
PID 2124 wrote to memory of 1100	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	84
PID 2124 wrote to memory of 4504	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	85
PID 2124 wrote to memory of 4504	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	85
PID 2124 wrote to memory of 1152	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	86
PID 2124 wrote to memory of 1152	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	86
PID 2124 wrote to memory of 992	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	87
PID 2124 wrote to memory of 992	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	87
PID 2124 wrote to memory of 1444	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	88
PID 2124 wrote to memory of 1444	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	88
PID 2124 wrote to memory of 1456	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	89
PID 2124 wrote to memory of 1456	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	89
PID 2124 wrote to memory of 4188	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	90
PID 2124 wrote to memory of 4188	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	90
PID 2124 wrote to memory of 1644	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	91
PID 2124 wrote to memory of 1644	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	91
PID 2124 wrote to memory of 556	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	92
PID 2124 wrote to memory of 556	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	92
PID 2124 wrote to memory of 3700	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	93
PID 2124 wrote to memory of 3700	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	93
PID 2124 wrote to memory of 532	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	94
PID 2124 wrote to memory of 532	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	94
PID 2124 wrote to memory of 3188	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	95
PID 2124 wrote to memory of 3188	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	95
PID 2124 wrote to memory of 1060	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	96
PID 2124 wrote to memory of 1060	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	96
PID 2124 wrote to memory of 4004	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	97
PID 2124 wrote to memory of 4004	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	97
PID 2124 wrote to memory of 2408	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	98
PID 2124 wrote to memory of 2408	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	98
PID 2124 wrote to memory of 3164	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	99
PID 2124 wrote to memory of 3164	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	99
PID 2124 wrote to memory of 4884	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	100
PID 2124 wrote to memory of 4884	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	100
PID 2124 wrote to memory of 3448	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	101
PID 2124 wrote to memory of 3448	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	101
PID 2124 wrote to memory of 4468	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	102
PID 2124 wrote to memory of 4468	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	102
PID 2124 wrote to memory of 4580	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	103
PID 2124 wrote to memory of 4580	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	103
PID 2124 wrote to memory of 1088	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	104
PID 2124 wrote to memory of 1088	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	104
PID 2124 wrote to memory of 436	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	105
PID 2124 wrote to memory of 436	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	105
PID 2124 wrote to memory of 1300	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	106
PID 2124 wrote to memory of 1300	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	106
PID 2124 wrote to memory of 1424	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	107
PID 2124 wrote to memory of 1424	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	107
PID 2124 wrote to memory of 1484	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	108
PID 2124 wrote to memory of 1484	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	108
PID 2124 wrote to memory of 2088	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	109
PID 2124 wrote to memory of 2088	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	109
PID 2124 wrote to memory of 1948	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	110
PID 2124 wrote to memory of 1948	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	110
PID 2124 wrote to memory of 4964	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	111
PID 2124 wrote to memory of 4964	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	111
PID 2124 wrote to memory of 2264	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	112
PID 2124 wrote to memory of 2264	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	112
PID 2124 wrote to memory of 3068	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	113
PID 2124 wrote to memory of 3068	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	113
PID 2124 wrote to memory of 1620	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	114
PID 2124 wrote to memory of 1620	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	114
PID 2124 wrote to memory of 2516	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	115
PID 2124 wrote to memory of 2516	2124	e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e14516d67e6e077f0e2008d8862d8810_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1100
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1100" "2960" "1600" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12388
- C:\Windows\System\vGQvxcb.exe
  C:\Windows\System\vGQvxcb.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\oBuCIRi.exe
  C:\Windows\System\oBuCIRi.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\oQenhxA.exe
  C:\Windows\System\oQenhxA.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\gVYpqMC.exe
  C:\Windows\System\gVYpqMC.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\sRzLTwg.exe
  C:\Windows\System\sRzLTwg.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ylXzxDn.exe
  C:\Windows\System\ylXzxDn.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\zUsFqHG.exe
  C:\Windows\System\zUsFqHG.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\bsglEks.exe
  C:\Windows\System\bsglEks.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\knUBYYW.exe
  C:\Windows\System\knUBYYW.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\wlQppqo.exe
  C:\Windows\System\wlQppqo.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\rOjIXei.exe
  C:\Windows\System\rOjIXei.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\MnufQik.exe
  C:\Windows\System\MnufQik.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\TjdWHPl.exe
  C:\Windows\System\TjdWHPl.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\pEeunSk.exe
  C:\Windows\System\pEeunSk.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\YQZdvvC.exe
  C:\Windows\System\YQZdvvC.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\ZGQJnpY.exe
  C:\Windows\System\ZGQJnpY.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\xriIUwX.exe
  C:\Windows\System\xriIUwX.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\PIevAcE.exe
  C:\Windows\System\PIevAcE.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\WTYXtBE.exe
  C:\Windows\System\WTYXtBE.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\DXWUVHc.exe
  C:\Windows\System\DXWUVHc.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\FiYsVbM.exe
  C:\Windows\System\FiYsVbM.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\onGgPeT.exe
  C:\Windows\System\onGgPeT.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\SWHzDDY.exe
  C:\Windows\System\SWHzDDY.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\dwxqsrL.exe
  C:\Windows\System\dwxqsrL.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\mUclOuk.exe
  C:\Windows\System\mUclOuk.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\TKjupBS.exe
  C:\Windows\System\TKjupBS.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\VvFYRzJ.exe
  C:\Windows\System\VvFYRzJ.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\tXKMPGr.exe
  C:\Windows\System\tXKMPGr.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\SfpvaFW.exe
  C:\Windows\System\SfpvaFW.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\HJXIZOZ.exe
  C:\Windows\System\HJXIZOZ.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\sZaOhIj.exe
  C:\Windows\System\sZaOhIj.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\KQNidXr.exe
  C:\Windows\System\KQNidXr.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\hZpoOZq.exe
  C:\Windows\System\hZpoOZq.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\iBeNfqW.exe
  C:\Windows\System\iBeNfqW.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\HstADnX.exe
  C:\Windows\System\HstADnX.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\XkhOSbK.exe
  C:\Windows\System\XkhOSbK.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\aQZunxP.exe
  C:\Windows\System\aQZunxP.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\wghkciz.exe
  C:\Windows\System\wghkciz.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\PSCGUek.exe
  C:\Windows\System\PSCGUek.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ODhiyNi.exe
  C:\Windows\System\ODhiyNi.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\YDjzair.exe
  C:\Windows\System\YDjzair.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\YSqhHEE.exe
  C:\Windows\System\YSqhHEE.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\dRkfocq.exe
  C:\Windows\System\dRkfocq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\THBeYoC.exe
  C:\Windows\System\THBeYoC.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\dZWoEbk.exe
  C:\Windows\System\dZWoEbk.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\aMNAZNj.exe
  C:\Windows\System\aMNAZNj.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\jqvlshg.exe
  C:\Windows\System\jqvlshg.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\LuUMyLw.exe
  C:\Windows\System\LuUMyLw.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\xMVjKxT.exe
  C:\Windows\System\xMVjKxT.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\HkkEgxK.exe
  C:\Windows\System\HkkEgxK.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\fcWTsxP.exe
  C:\Windows\System\fcWTsxP.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\HRiFEzk.exe
  C:\Windows\System\HRiFEzk.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\StODeAm.exe
  C:\Windows\System\StODeAm.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\VQSgIod.exe
  C:\Windows\System\VQSgIod.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\PuJmhae.exe
  C:\Windows\System\PuJmhae.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\ZrEFRxJ.exe
  C:\Windows\System\ZrEFRxJ.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\FByfiNE.exe
  C:\Windows\System\FByfiNE.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\FVwOIZZ.exe
  C:\Windows\System\FVwOIZZ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\JgJLHxU.exe
  C:\Windows\System\JgJLHxU.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\MfIkxXc.exe
  C:\Windows\System\MfIkxXc.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\RQEeLMg.exe
  C:\Windows\System\RQEeLMg.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\icqwfhG.exe
  C:\Windows\System\icqwfhG.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\uNyYzFH.exe
  C:\Windows\System\uNyYzFH.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\DaNaVtH.exe
  C:\Windows\System\DaNaVtH.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\VdHXeuR.exe
  C:\Windows\System\VdHXeuR.exe
  2⤵
  PID:1116
- C:\Windows\System\lNKdIkf.exe
  C:\Windows\System\lNKdIkf.exe
  2⤵
  PID:2304
- C:\Windows\System\uzWZWQV.exe
  C:\Windows\System\uzWZWQV.exe
  2⤵
  PID:2976
- C:\Windows\System\KZitXew.exe
  C:\Windows\System\KZitXew.exe
  2⤵
  PID:4712
- C:\Windows\System\QPLfDbW.exe
  C:\Windows\System\QPLfDbW.exe
  2⤵
  PID:2544
- C:\Windows\System\VdFuHII.exe
  C:\Windows\System\VdFuHII.exe
  2⤵
  PID:4164
- C:\Windows\System\RQfQBEq.exe
  C:\Windows\System\RQfQBEq.exe
  2⤵
  PID:2488
- C:\Windows\System\uUJlWmx.exe
  C:\Windows\System\uUJlWmx.exe
  2⤵
  PID:5140
- C:\Windows\System\XSQTloy.exe
  C:\Windows\System\XSQTloy.exe
  2⤵
  PID:5168
- C:\Windows\System\dnaaDNb.exe
  C:\Windows\System\dnaaDNb.exe
  2⤵
  PID:5196
- C:\Windows\System\qjSEWgK.exe
  C:\Windows\System\qjSEWgK.exe
  2⤵
  PID:5224
- C:\Windows\System\hfUtHCh.exe
  C:\Windows\System\hfUtHCh.exe
  2⤵
  PID:5252
- C:\Windows\System\rmUWesm.exe
  C:\Windows\System\rmUWesm.exe
  2⤵
  PID:5280
- C:\Windows\System\EnFUwgl.exe
  C:\Windows\System\EnFUwgl.exe
  2⤵
  PID:5308
- C:\Windows\System\wDMMrwO.exe
  C:\Windows\System\wDMMrwO.exe
  2⤵
  PID:5336
- C:\Windows\System\mCTUeRP.exe
  C:\Windows\System\mCTUeRP.exe
  2⤵
  PID:5364
- C:\Windows\System\PofCOaP.exe
  C:\Windows\System\PofCOaP.exe
  2⤵
  PID:5392
- C:\Windows\System\VpVvGdQ.exe
  C:\Windows\System\VpVvGdQ.exe
  2⤵
  PID:5420
- C:\Windows\System\vSMsJhO.exe
  C:\Windows\System\vSMsJhO.exe
  2⤵
  PID:5448
- C:\Windows\System\kqoJOkH.exe
  C:\Windows\System\kqoJOkH.exe
  2⤵
  PID:5476
- C:\Windows\System\wAqryYo.exe
  C:\Windows\System\wAqryYo.exe
  2⤵
  PID:5504
- C:\Windows\System\DUaOikC.exe
  C:\Windows\System\DUaOikC.exe
  2⤵
  PID:5532
- C:\Windows\System\phFQIFP.exe
  C:\Windows\System\phFQIFP.exe
  2⤵
  PID:5560
- C:\Windows\System\dZJLLJE.exe
  C:\Windows\System\dZJLLJE.exe
  2⤵
  PID:5588
- C:\Windows\System\SWcSpHX.exe
  C:\Windows\System\SWcSpHX.exe
  2⤵
  PID:5620
- C:\Windows\System\OSZRmTR.exe
  C:\Windows\System\OSZRmTR.exe
  2⤵
  PID:5644
- C:\Windows\System\JKoWXRq.exe
  C:\Windows\System\JKoWXRq.exe
  2⤵
  PID:5672
- C:\Windows\System\IqLaAkj.exe
  C:\Windows\System\IqLaAkj.exe
  2⤵
  PID:5700
- C:\Windows\System\KCinmQi.exe
  C:\Windows\System\KCinmQi.exe
  2⤵
  PID:5728
- C:\Windows\System\LnFBcWC.exe
  C:\Windows\System\LnFBcWC.exe
  2⤵
  PID:5756
- C:\Windows\System\JxLEatB.exe
  C:\Windows\System\JxLEatB.exe
  2⤵
  PID:5784
- C:\Windows\System\ArhhUsY.exe
  C:\Windows\System\ArhhUsY.exe
  2⤵
  PID:5812
- C:\Windows\System\WVmuPuK.exe
  C:\Windows\System\WVmuPuK.exe
  2⤵
  PID:5840
- C:\Windows\System\HtRgZZX.exe
  C:\Windows\System\HtRgZZX.exe
  2⤵
  PID:5868
- C:\Windows\System\huLlJnM.exe
  C:\Windows\System\huLlJnM.exe
  2⤵
  PID:5896
- C:\Windows\System\BuJoctD.exe
  C:\Windows\System\BuJoctD.exe
  2⤵
  PID:5924
- C:\Windows\System\ErKnLmP.exe
  C:\Windows\System\ErKnLmP.exe
  2⤵
  PID:5952
- C:\Windows\System\liayGmG.exe
  C:\Windows\System\liayGmG.exe
  2⤵
  PID:5980
- C:\Windows\System\ualaZQc.exe
  C:\Windows\System\ualaZQc.exe
  2⤵
  PID:6008
- C:\Windows\System\MXtNxgo.exe
  C:\Windows\System\MXtNxgo.exe
  2⤵
  PID:6036
- C:\Windows\System\QTQGVjb.exe
  C:\Windows\System\QTQGVjb.exe
  2⤵
  PID:6064
- C:\Windows\System\eBxMsEd.exe
  C:\Windows\System\eBxMsEd.exe
  2⤵
  PID:6092
- C:\Windows\System\KncUbUI.exe
  C:\Windows\System\KncUbUI.exe
  2⤵
  PID:6120
- C:\Windows\System\iLblZNQ.exe
  C:\Windows\System\iLblZNQ.exe
  2⤵
  PID:3180
- C:\Windows\System\RqIwkbF.exe
  C:\Windows\System\RqIwkbF.exe
  2⤵
  PID:828
- C:\Windows\System\OcwCXNK.exe
  C:\Windows\System\OcwCXNK.exe
  2⤵
  PID:2216
- C:\Windows\System\bKUPMdb.exe
  C:\Windows\System\bKUPMdb.exe
  2⤵
  PID:2416
- C:\Windows\System\vibtQFR.exe
  C:\Windows\System\vibtQFR.exe
  2⤵
  PID:3104
- C:\Windows\System\fKkcgWa.exe
  C:\Windows\System\fKkcgWa.exe
  2⤵
  PID:5152
- C:\Windows\System\BUZgHKK.exe
  C:\Windows\System\BUZgHKK.exe
  2⤵
  PID:5212
- C:\Windows\System\QtdzttU.exe
  C:\Windows\System\QtdzttU.exe
  2⤵
  PID:5272
- C:\Windows\System\DLWMZPt.exe
  C:\Windows\System\DLWMZPt.exe
  2⤵
  PID:5348
- C:\Windows\System\kkJgLPQ.exe
  C:\Windows\System\kkJgLPQ.exe
  2⤵
  PID:5408
- C:\Windows\System\vEVsLln.exe
  C:\Windows\System\vEVsLln.exe
  2⤵
  PID:5468
- C:\Windows\System\rRnFcFK.exe
  C:\Windows\System\rRnFcFK.exe
  2⤵
  PID:5544
- C:\Windows\System\prDpWPN.exe
  C:\Windows\System\prDpWPN.exe
  2⤵
  PID:5604
- C:\Windows\System\njSZDTI.exe
  C:\Windows\System\njSZDTI.exe
  2⤵
  PID:5664
- C:\Windows\System\auqqglu.exe
  C:\Windows\System\auqqglu.exe
  2⤵
  PID:5740
- C:\Windows\System\EEQmwJq.exe
  C:\Windows\System\EEQmwJq.exe
  2⤵
  PID:5800
- C:\Windows\System\gKUGYWZ.exe
  C:\Windows\System\gKUGYWZ.exe
  2⤵
  PID:5860
- C:\Windows\System\yWUOMgY.exe
  C:\Windows\System\yWUOMgY.exe
  2⤵
  PID:5936
- C:\Windows\System\ozcKASr.exe
  C:\Windows\System\ozcKASr.exe
  2⤵
  PID:5996
- C:\Windows\System\LvVQAJM.exe
  C:\Windows\System\LvVQAJM.exe
  2⤵
  PID:6056
- C:\Windows\System\TWmrgQO.exe
  C:\Windows\System\TWmrgQO.exe
  2⤵
  PID:6132
- C:\Windows\System\CfyvcWV.exe
  C:\Windows\System\CfyvcWV.exe
  2⤵
  PID:4432
- C:\Windows\System\CYQHrXQ.exe
  C:\Windows\System\CYQHrXQ.exe
  2⤵
  PID:3652
- C:\Windows\System\sJfuVgx.exe
  C:\Windows\System\sJfuVgx.exe
  2⤵
  PID:5188
- C:\Windows\System\skoeaDn.exe
  C:\Windows\System\skoeaDn.exe
  2⤵
  PID:5376
- C:\Windows\System\MbpZmhQ.exe
  C:\Windows\System\MbpZmhQ.exe
  2⤵
  PID:5516
- C:\Windows\System\awfTGQi.exe
  C:\Windows\System\awfTGQi.exe
  2⤵
  PID:5656
- C:\Windows\System\BMmsMbj.exe
  C:\Windows\System\BMmsMbj.exe
  2⤵
  PID:5828
- C:\Windows\System\BCYUqNW.exe
  C:\Windows\System\BCYUqNW.exe
  2⤵
  PID:4556
- C:\Windows\System\FJRCiCX.exe
  C:\Windows\System\FJRCiCX.exe
  2⤵
  PID:6104
- C:\Windows\System\FEWrTLO.exe
  C:\Windows\System\FEWrTLO.exe
  2⤵
  PID:6168
- C:\Windows\System\RuTbkeK.exe
  C:\Windows\System\RuTbkeK.exe
  2⤵
  PID:6196
- C:\Windows\System\lPlZiAA.exe
  C:\Windows\System\lPlZiAA.exe
  2⤵
  PID:6224
- C:\Windows\System\jHFtfRa.exe
  C:\Windows\System\jHFtfRa.exe
  2⤵
  PID:6252
- C:\Windows\System\RrojUhs.exe
  C:\Windows\System\RrojUhs.exe
  2⤵
  PID:6280
- C:\Windows\System\UtaBbgD.exe
  C:\Windows\System\UtaBbgD.exe
  2⤵
  PID:6308
- C:\Windows\System\wXvHPwK.exe
  C:\Windows\System\wXvHPwK.exe
  2⤵
  PID:6336
- C:\Windows\System\FcYIhzt.exe
  C:\Windows\System\FcYIhzt.exe
  2⤵
  PID:6364
- C:\Windows\System\UIlObbL.exe
  C:\Windows\System\UIlObbL.exe
  2⤵
  PID:6392
- C:\Windows\System\MyiEsBD.exe
  C:\Windows\System\MyiEsBD.exe
  2⤵
  PID:6420
- C:\Windows\System\YSaKTgO.exe
  C:\Windows\System\YSaKTgO.exe
  2⤵
  PID:6448
- C:\Windows\System\kgaluRg.exe
  C:\Windows\System\kgaluRg.exe
  2⤵
  PID:6476
- C:\Windows\System\RWySqsv.exe
  C:\Windows\System\RWySqsv.exe
  2⤵
  PID:6504
- C:\Windows\System\fLnUtub.exe
  C:\Windows\System\fLnUtub.exe
  2⤵
  PID:6532
- C:\Windows\System\hEWrNfg.exe
  C:\Windows\System\hEWrNfg.exe
  2⤵
  PID:6560
- C:\Windows\System\axPFMSc.exe
  C:\Windows\System\axPFMSc.exe
  2⤵
  PID:6588
- C:\Windows\System\dEgLdFQ.exe
  C:\Windows\System\dEgLdFQ.exe
  2⤵
  PID:6616
- C:\Windows\System\PjwuwTB.exe
  C:\Windows\System\PjwuwTB.exe
  2⤵
  PID:6644
- C:\Windows\System\FlPtBYe.exe
  C:\Windows\System\FlPtBYe.exe
  2⤵
  PID:6672
- C:\Windows\System\PHRrRgS.exe
  C:\Windows\System\PHRrRgS.exe
  2⤵
  PID:6700
- C:\Windows\System\yWHrLol.exe
  C:\Windows\System\yWHrLol.exe
  2⤵
  PID:6728
- C:\Windows\System\tykTzRs.exe
  C:\Windows\System\tykTzRs.exe
  2⤵
  PID:6756
- C:\Windows\System\icrMKWA.exe
  C:\Windows\System\icrMKWA.exe
  2⤵
  PID:6784
- C:\Windows\System\WqjlVlB.exe
  C:\Windows\System\WqjlVlB.exe
  2⤵
  PID:6812
- C:\Windows\System\xGdCxkT.exe
  C:\Windows\System\xGdCxkT.exe
  2⤵
  PID:6840
- C:\Windows\System\rbvalGU.exe
  C:\Windows\System\rbvalGU.exe
  2⤵
  PID:6868
- C:\Windows\System\moBoLxh.exe
  C:\Windows\System\moBoLxh.exe
  2⤵
  PID:6896
- C:\Windows\System\OtpXGeT.exe
  C:\Windows\System\OtpXGeT.exe
  2⤵
  PID:6924
- C:\Windows\System\uouGNZH.exe
  C:\Windows\System\uouGNZH.exe
  2⤵
  PID:6952
- C:\Windows\System\jqwKGIG.exe
  C:\Windows\System\jqwKGIG.exe
  2⤵
  PID:6980
- C:\Windows\System\kEncWqJ.exe
  C:\Windows\System\kEncWqJ.exe
  2⤵
  PID:7008
- C:\Windows\System\HGMFAtO.exe
  C:\Windows\System\HGMFAtO.exe
  2⤵
  PID:7036
- C:\Windows\System\mjOyQwC.exe
  C:\Windows\System\mjOyQwC.exe
  2⤵
  PID:7064
- C:\Windows\System\vkhkppR.exe
  C:\Windows\System\vkhkppR.exe
  2⤵
  PID:7092
- C:\Windows\System\brMNmZg.exe
  C:\Windows\System\brMNmZg.exe
  2⤵
  PID:7120
- C:\Windows\System\lmrKnwm.exe
  C:\Windows\System\lmrKnwm.exe
  2⤵
  PID:7148
- C:\Windows\System\tjTNnma.exe
  C:\Windows\System\tjTNnma.exe
  2⤵
  PID:804
- C:\Windows\System\yXIidLz.exe
  C:\Windows\System\yXIidLz.exe
  2⤵
  PID:5264
- C:\Windows\System\DNVWImh.exe
  C:\Windows\System\DNVWImh.exe
  2⤵
  PID:5576
- C:\Windows\System\IlCtbtb.exe
  C:\Windows\System\IlCtbtb.exe
  2⤵
  PID:5908
- C:\Windows\System\RywaNMV.exe
  C:\Windows\System\RywaNMV.exe
  2⤵
  PID:6160
- C:\Windows\System\OEFfhaJ.exe
  C:\Windows\System\OEFfhaJ.exe
  2⤵
  PID:6236
- C:\Windows\System\GtagjOn.exe
  C:\Windows\System\GtagjOn.exe
  2⤵
  PID:6296
- C:\Windows\System\SkBEmSq.exe
  C:\Windows\System\SkBEmSq.exe
  2⤵
  PID:6356
- C:\Windows\System\xUzaXZG.exe
  C:\Windows\System\xUzaXZG.exe
  2⤵
  PID:6432
- C:\Windows\System\XIVETPP.exe
  C:\Windows\System\XIVETPP.exe
  2⤵
  PID:6488
- C:\Windows\System\xInIlJN.exe
  C:\Windows\System\xInIlJN.exe
  2⤵
  PID:6548
- C:\Windows\System\TKVMYgB.exe
  C:\Windows\System\TKVMYgB.exe
  2⤵
  PID:6608
- C:\Windows\System\XVOmSWX.exe
  C:\Windows\System\XVOmSWX.exe
  2⤵
  PID:6684
- C:\Windows\System\DqxkRRE.exe
  C:\Windows\System\DqxkRRE.exe
  2⤵
  PID:6740
- C:\Windows\System\HJoiviI.exe
  C:\Windows\System\HJoiviI.exe
  2⤵
  PID:6800
- C:\Windows\System\HuKSxYT.exe
  C:\Windows\System\HuKSxYT.exe
  2⤵
  PID:6860
- C:\Windows\System\MRBJxlL.exe
  C:\Windows\System\MRBJxlL.exe
  2⤵
  PID:400
- C:\Windows\System\SSjSOMK.exe
  C:\Windows\System\SSjSOMK.exe
  2⤵
  PID:6972
- C:\Windows\System\oEIrZMw.exe
  C:\Windows\System\oEIrZMw.exe
  2⤵
  PID:7048
- C:\Windows\System\dmQciry.exe
  C:\Windows\System\dmQciry.exe
  2⤵
  PID:7104
- C:\Windows\System\gtAkMuI.exe
  C:\Windows\System\gtAkMuI.exe
  2⤵
  PID:7160
- C:\Windows\System\bBpamfJ.exe
  C:\Windows\System\bBpamfJ.exe
  2⤵
  PID:3720
- C:\Windows\System\QgGgpeQ.exe
  C:\Windows\System\QgGgpeQ.exe
  2⤵
  PID:6028
- C:\Windows\System\wNtPIkm.exe
  C:\Windows\System\wNtPIkm.exe
  2⤵
  PID:6264
- C:\Windows\System\yYhtNiC.exe
  C:\Windows\System\yYhtNiC.exe
  2⤵
  PID:6384
- C:\Windows\System\QUNxgIW.exe
  C:\Windows\System\QUNxgIW.exe
  2⤵
  PID:6464
- C:\Windows\System\xjtOpgT.exe
  C:\Windows\System\xjtOpgT.exe
  2⤵
  PID:6576
- C:\Windows\System\GlZjrxi.exe
  C:\Windows\System\GlZjrxi.exe
  2⤵
  PID:6716
- C:\Windows\System\jbPSyRt.exe
  C:\Windows\System\jbPSyRt.exe
  2⤵
  PID:6828
- C:\Windows\System\AIxhxYK.exe
  C:\Windows\System\AIxhxYK.exe
  2⤵
  PID:6912
- C:\Windows\System\bPaSuAM.exe
  C:\Windows\System\bPaSuAM.exe
  2⤵
  PID:7076
- C:\Windows\System\LpXXzRz.exe
  C:\Windows\System\LpXXzRz.exe
  2⤵
  PID:2332
- C:\Windows\System\tmPfSgZ.exe
  C:\Windows\System\tmPfSgZ.exe
  2⤵
  PID:5716
- C:\Windows\System\WYRTgpe.exe
  C:\Windows\System\WYRTgpe.exe
  2⤵
  PID:3300
- C:\Windows\System\jjVBnEk.exe
  C:\Windows\System\jjVBnEk.exe
  2⤵
  PID:832
- C:\Windows\System\ZpkYcFI.exe
  C:\Windows\System\ZpkYcFI.exe
  2⤵
  PID:2004
- C:\Windows\System\LqvAOmf.exe
  C:\Windows\System\LqvAOmf.exe
  2⤵
  PID:4356
- C:\Windows\System\qERrxKo.exe
  C:\Windows\System\qERrxKo.exe
  2⤵
  PID:4168
- C:\Windows\System\vaEMBxI.exe
  C:\Windows\System\vaEMBxI.exe
  2⤵
  PID:7188
- C:\Windows\System\lJPDQib.exe
  C:\Windows\System\lJPDQib.exe
  2⤵
  PID:7216
- C:\Windows\System\KoauyDV.exe
  C:\Windows\System\KoauyDV.exe
  2⤵
  PID:7244
- C:\Windows\System\fmIYrpS.exe
  C:\Windows\System\fmIYrpS.exe
  2⤵
  PID:7272
- C:\Windows\System\iNVeOBf.exe
  C:\Windows\System\iNVeOBf.exe
  2⤵
  PID:7332
- C:\Windows\System\gfugMzP.exe
  C:\Windows\System\gfugMzP.exe
  2⤵
  PID:7356
- C:\Windows\System\MQpArPu.exe
  C:\Windows\System\MQpArPu.exe
  2⤵
  PID:7396
- C:\Windows\System\dqlWLel.exe
  C:\Windows\System\dqlWLel.exe
  2⤵
  PID:7424
- C:\Windows\System\psTBXyZ.exe
  C:\Windows\System\psTBXyZ.exe
  2⤵
  PID:7452
- C:\Windows\System\JrWiTrh.exe
  C:\Windows\System\JrWiTrh.exe
  2⤵
  PID:7480
- C:\Windows\System\YpkyWVZ.exe
  C:\Windows\System\YpkyWVZ.exe
  2⤵
  PID:7500
- C:\Windows\System\HTMbtvR.exe
  C:\Windows\System\HTMbtvR.exe
  2⤵
  PID:7540
- C:\Windows\System\xfCZDLR.exe
  C:\Windows\System\xfCZDLR.exe
  2⤵
  PID:7556
- C:\Windows\System\QTnZYWR.exe
  C:\Windows\System\QTnZYWR.exe
  2⤵
  PID:7596
- C:\Windows\System\wKfzszD.exe
  C:\Windows\System\wKfzszD.exe
  2⤵
  PID:7624
- C:\Windows\System\eCBOEKX.exe
  C:\Windows\System\eCBOEKX.exe
  2⤵
  PID:7644
- C:\Windows\System\VqkNuLk.exe
  C:\Windows\System\VqkNuLk.exe
  2⤵
  PID:7680
- C:\Windows\System\mYmWvPC.exe
  C:\Windows\System\mYmWvPC.exe
  2⤵
  PID:7712
- C:\Windows\System\daROlSG.exe
  C:\Windows\System\daROlSG.exe
  2⤵
  PID:7732
- C:\Windows\System\zKCbEWq.exe
  C:\Windows\System\zKCbEWq.exe
  2⤵
  PID:7768
- C:\Windows\System\IfuqmFF.exe
  C:\Windows\System\IfuqmFF.exe
  2⤵
  PID:7784
- C:\Windows\System\BSwyEWd.exe
  C:\Windows\System\BSwyEWd.exe
  2⤵
  PID:7816
- C:\Windows\System\uDQjeVK.exe
  C:\Windows\System\uDQjeVK.exe
  2⤵
  PID:7852
- C:\Windows\System\dKsIllf.exe
  C:\Windows\System\dKsIllf.exe
  2⤵
  PID:7880
- C:\Windows\System\LPJKgil.exe
  C:\Windows\System\LPJKgil.exe
  2⤵
  PID:7908
- C:\Windows\System\mUYwIla.exe
  C:\Windows\System\mUYwIla.exe
  2⤵
  PID:7936
- C:\Windows\System\iblKqKz.exe
  C:\Windows\System\iblKqKz.exe
  2⤵
  PID:7952
- C:\Windows\System\LIwXqIo.exe
  C:\Windows\System\LIwXqIo.exe
  2⤵
  PID:7980
- C:\Windows\System\MKXJoUy.exe
  C:\Windows\System\MKXJoUy.exe
  2⤵
  PID:8016
- C:\Windows\System\HkMPzOh.exe
  C:\Windows\System\HkMPzOh.exe
  2⤵
  PID:8048
- C:\Windows\System\IPpENXw.exe
  C:\Windows\System\IPpENXw.exe
  2⤵
  PID:8076
- C:\Windows\System\cKjFImO.exe
  C:\Windows\System\cKjFImO.exe
  2⤵
  PID:8092
- C:\Windows\System\MDFlFSM.exe
  C:\Windows\System\MDFlFSM.exe
  2⤵
  PID:8132
- C:\Windows\System\OPXCAFD.exe
  C:\Windows\System\OPXCAFD.exe
  2⤵
  PID:8160
- C:\Windows\System\dwwZYCE.exe
  C:\Windows\System\dwwZYCE.exe
  2⤵
  PID:8176
- C:\Windows\System\YfGFULC.exe
  C:\Windows\System\YfGFULC.exe
  2⤵
  PID:6408
- C:\Windows\System\aYgfHrM.exe
  C:\Windows\System\aYgfHrM.exe
  2⤵
  PID:6656
- C:\Windows\System\nooRWux.exe
  C:\Windows\System\nooRWux.exe
  2⤵
  PID:6888
- C:\Windows\System\lOgtDqb.exe
  C:\Windows\System\lOgtDqb.exe
  2⤵
  PID:1304
- C:\Windows\System\vaUtvSN.exe
  C:\Windows\System\vaUtvSN.exe
  2⤵
  PID:3916
- C:\Windows\System\sFountR.exe
  C:\Windows\System\sFountR.exe
  2⤵
  PID:1448
- C:\Windows\System\NkRwQfi.exe
  C:\Windows\System\NkRwQfi.exe
  2⤵
  PID:1564
- C:\Windows\System\ToaQbfw.exe
  C:\Windows\System\ToaQbfw.exe
  2⤵
  PID:4040
- C:\Windows\System\IJFhNJG.exe
  C:\Windows\System\IJFhNJG.exe
  2⤵
  PID:1380
- C:\Windows\System\ZxgypQC.exe
  C:\Windows\System\ZxgypQC.exe
  2⤵
  PID:2716
- C:\Windows\System\XpyvZPx.exe
  C:\Windows\System\XpyvZPx.exe
  2⤵
  PID:548
- C:\Windows\System\rjVdgRY.exe
  C:\Windows\System\rjVdgRY.exe
  2⤵
  PID:7348
- C:\Windows\System\ezahnjM.exe
  C:\Windows\System\ezahnjM.exe
  2⤵
  PID:7376
- C:\Windows\System\iQAPQHW.exe
  C:\Windows\System\iQAPQHW.exe
  2⤵
  PID:1704
- C:\Windows\System\GlKjRsf.exe
  C:\Windows\System\GlKjRsf.exe
  2⤵
  PID:7472
- C:\Windows\System\UgrtdSX.exe
  C:\Windows\System\UgrtdSX.exe
  2⤵
  PID:7536
- C:\Windows\System\lUXPcfm.exe
  C:\Windows\System\lUXPcfm.exe
  2⤵
  PID:7592
- C:\Windows\System\JRLrybz.exe
  C:\Windows\System\JRLrybz.exe
  2⤵
  PID:7632
- C:\Windows\System\ksNQxPX.exe
  C:\Windows\System\ksNQxPX.exe
  2⤵
  PID:7704
- C:\Windows\System\doqlosb.exe
  C:\Windows\System\doqlosb.exe
  2⤵
  PID:7796
- C:\Windows\System\hnNiIvp.exe
  C:\Windows\System\hnNiIvp.exe
  2⤵
  PID:7836
- C:\Windows\System\YHPvqnm.exe
  C:\Windows\System\YHPvqnm.exe
  2⤵
  PID:7896
- C:\Windows\System\QGipWuv.exe
  C:\Windows\System\QGipWuv.exe
  2⤵
  PID:7992
- C:\Windows\System\HuVgshs.exe
  C:\Windows\System\HuVgshs.exe
  2⤵
  PID:8060
- C:\Windows\System\WjbCysq.exe
  C:\Windows\System\WjbCysq.exe
  2⤵
  PID:8156
- C:\Windows\System\OFYmCcq.exe
  C:\Windows\System\OFYmCcq.exe
  2⤵
  PID:8188
- C:\Windows\System\justMVG.exe
  C:\Windows\System\justMVG.exe
  2⤵
  PID:7112
- C:\Windows\System\LdiGfwl.exe
  C:\Windows\System\LdiGfwl.exe
  2⤵
  PID:7208
- C:\Windows\System\tdFJtnI.exe
  C:\Windows\System\tdFJtnI.exe
  2⤵
  PID:2384
- C:\Windows\System\IiJgsIP.exe
  C:\Windows\System\IiJgsIP.exe
  2⤵
  PID:3412
- C:\Windows\System\TxdrZPO.exe
  C:\Windows\System\TxdrZPO.exe
  2⤵
  PID:7388
- C:\Windows\System\lOZIXTt.exe
  C:\Windows\System\lOZIXTt.exe
  2⤵
  PID:7464
- C:\Windows\System\uWdJJWt.exe
  C:\Windows\System\uWdJJWt.exe
  2⤵
  PID:7576
- C:\Windows\System\DExgpjH.exe
  C:\Windows\System\DExgpjH.exe
  2⤵
  PID:7724
- C:\Windows\System\Amdpcfb.exe
  C:\Windows\System\Amdpcfb.exe
  2⤵
  PID:7868
- C:\Windows\System\dzfITiA.exe
  C:\Windows\System\dzfITiA.exe
  2⤵
  PID:8008
- C:\Windows\System\rjwVhQw.exe
  C:\Windows\System\rjwVhQw.exe
  2⤵
  PID:3008
- C:\Windows\System\IHXSRCz.exe
  C:\Windows\System\IHXSRCz.exe
  2⤵
  PID:7180
- C:\Windows\System\wAYsnbQ.exe
  C:\Windows\System\wAYsnbQ.exe
  2⤵
  PID:3148
- C:\Windows\System\UbFjnLn.exe
  C:\Windows\System\UbFjnLn.exe
  2⤵
  PID:7512
- C:\Windows\System\RMsoILg.exe
  C:\Windows\System\RMsoILg.exe
  2⤵
  PID:7944
- C:\Windows\System\cRbGWtV.exe
  C:\Windows\System\cRbGWtV.exe
  2⤵
  PID:8104
- C:\Windows\System\qwrWXRe.exe
  C:\Windows\System\qwrWXRe.exe
  2⤵
  PID:7316
- C:\Windows\System\PYjnhKz.exe
  C:\Windows\System\PYjnhKz.exe
  2⤵
  PID:7572
- C:\Windows\System\mDUJaWL.exe
  C:\Windows\System\mDUJaWL.exe
  2⤵
  PID:7412
- C:\Windows\System\bEsLCLq.exe
  C:\Windows\System\bEsLCLq.exe
  2⤵
  PID:8232
- C:\Windows\System\JlwEGRh.exe
  C:\Windows\System\JlwEGRh.exe
  2⤵
  PID:8252
- C:\Windows\System\jMZcldm.exe
  C:\Windows\System\jMZcldm.exe
  2⤵
  PID:8272
- C:\Windows\System\COAGfTX.exe
  C:\Windows\System\COAGfTX.exe
  2⤵
  PID:8320
- C:\Windows\System\ABTjVRF.exe
  C:\Windows\System\ABTjVRF.exe
  2⤵
  PID:8340
- C:\Windows\System\tRrEMdL.exe
  C:\Windows\System\tRrEMdL.exe
  2⤵
  PID:8364
- C:\Windows\System\eNMPPta.exe
  C:\Windows\System\eNMPPta.exe
  2⤵
  PID:8380
- C:\Windows\System\cDxmzGo.exe
  C:\Windows\System\cDxmzGo.exe
  2⤵
  PID:8432
- C:\Windows\System\lUlpLKM.exe
  C:\Windows\System\lUlpLKM.exe
  2⤵
  PID:8460
- C:\Windows\System\ngKJkaR.exe
  C:\Windows\System\ngKJkaR.exe
  2⤵
  PID:8480
- C:\Windows\System\iHPMTAm.exe
  C:\Windows\System\iHPMTAm.exe
  2⤵
  PID:8520
- C:\Windows\System\HhEkEOP.exe
  C:\Windows\System\HhEkEOP.exe
  2⤵
  PID:8544
- C:\Windows\System\JRgMJua.exe
  C:\Windows\System\JRgMJua.exe
  2⤵
  PID:8576
- C:\Windows\System\dHCeruh.exe
  C:\Windows\System\dHCeruh.exe
  2⤵
  PID:8596
- C:\Windows\System\VZfNAxb.exe
  C:\Windows\System\VZfNAxb.exe
  2⤵
  PID:8632
- C:\Windows\System\baDXtPe.exe
  C:\Windows\System\baDXtPe.exe
  2⤵
  PID:8648
- C:\Windows\System\hxkrkcZ.exe
  C:\Windows\System\hxkrkcZ.exe
  2⤵
  PID:8676
- C:\Windows\System\dAGFMIw.exe
  C:\Windows\System\dAGFMIw.exe
  2⤵
  PID:8708
- C:\Windows\System\XQhZxKq.exe
  C:\Windows\System\XQhZxKq.exe
  2⤵
  PID:8748
- C:\Windows\System\VGDHsFf.exe
  C:\Windows\System\VGDHsFf.exe
  2⤵
  PID:8764
- C:\Windows\System\wuEtzBP.exe
  C:\Windows\System\wuEtzBP.exe
  2⤵
  PID:8800
- C:\Windows\System\JHKaFCK.exe
  C:\Windows\System\JHKaFCK.exe
  2⤵
  PID:8820
- C:\Windows\System\oafrrvD.exe
  C:\Windows\System\oafrrvD.exe
  2⤵
  PID:8868
- C:\Windows\System\MIAGdOy.exe
  C:\Windows\System\MIAGdOy.exe
  2⤵
  PID:8884
- C:\Windows\System\AgDgAqf.exe
  C:\Windows\System\AgDgAqf.exe
  2⤵
  PID:8924
- C:\Windows\System\EtOqBnN.exe
  C:\Windows\System\EtOqBnN.exe
  2⤵
  PID:8944
- C:\Windows\System\kzDNKjS.exe
  C:\Windows\System\kzDNKjS.exe
  2⤵
  PID:8972
- C:\Windows\System\NMrAsgv.exe
  C:\Windows\System\NMrAsgv.exe
  2⤵
  PID:9000
- C:\Windows\System\GrqgbMA.exe
  C:\Windows\System\GrqgbMA.exe
  2⤵
  PID:9040
- C:\Windows\System\wMMKRRJ.exe
  C:\Windows\System\wMMKRRJ.exe
  2⤵
  PID:9056
- C:\Windows\System\ToHMvtQ.exe
  C:\Windows\System\ToHMvtQ.exe
  2⤵
  PID:9092
- C:\Windows\System\uzwgdTv.exe
  C:\Windows\System\uzwgdTv.exe
  2⤵
  PID:9112
- C:\Windows\System\XAhQUiz.exe
  C:\Windows\System\XAhQUiz.exe
  2⤵
  PID:9128
- C:\Windows\System\kslfoPI.exe
  C:\Windows\System\kslfoPI.exe
  2⤵
  PID:9184
- C:\Windows\System\JxcVpgK.exe
  C:\Windows\System\JxcVpgK.exe
  2⤵
  PID:9200
- C:\Windows\System\CUJulJQ.exe
  C:\Windows\System\CUJulJQ.exe
  2⤵
  PID:7580
- C:\Windows\System\iWqIraH.exe
  C:\Windows\System\iWqIraH.exe
  2⤵
  PID:8304
- C:\Windows\System\ywQPYXZ.exe
  C:\Windows\System\ywQPYXZ.exe
  2⤵
  PID:8336
- C:\Windows\System\cfnXcqx.exe
  C:\Windows\System\cfnXcqx.exe
  2⤵
  PID:8444
- C:\Windows\System\idaSChc.exe
  C:\Windows\System\idaSChc.exe
  2⤵
  PID:8536
- C:\Windows\System\kAPiLTu.exe
  C:\Windows\System\kAPiLTu.exe
  2⤵
  PID:8564
- C:\Windows\System\mdAdPXG.exe
  C:\Windows\System\mdAdPXG.exe
  2⤵
  PID:8644
- C:\Windows\System\JabKfsA.exe
  C:\Windows\System\JabKfsA.exe
  2⤵
  PID:8660
- C:\Windows\System\JGYWseo.exe
  C:\Windows\System\JGYWseo.exe
  2⤵
  PID:8720
- C:\Windows\System\qdZmnoQ.exe
  C:\Windows\System\qdZmnoQ.exe
  2⤵
  PID:8812
- C:\Windows\System\oHPHBcA.exe
  C:\Windows\System\oHPHBcA.exe
  2⤵
  PID:8876
- C:\Windows\System\EvTaYuU.exe
  C:\Windows\System\EvTaYuU.exe
  2⤵
  PID:8920
- C:\Windows\System\oAgHcIo.exe
  C:\Windows\System\oAgHcIo.exe
  2⤵
  PID:9036
- C:\Windows\System\zGCpnCX.exe
  C:\Windows\System\zGCpnCX.exe
  2⤵
  PID:9084
- C:\Windows\System\dnCHRgN.exe
  C:\Windows\System\dnCHRgN.exe
  2⤵
  PID:8856
- C:\Windows\System\ToYiZeX.exe
  C:\Windows\System\ToYiZeX.exe
  2⤵
  PID:8220
- C:\Windows\System\gNmwdhH.exe
  C:\Windows\System\gNmwdhH.exe
  2⤵
  PID:8316
- C:\Windows\System\ZxTBCZO.exe
  C:\Windows\System\ZxTBCZO.exe
  2⤵
  PID:8472
- C:\Windows\System\glzHVRh.exe
  C:\Windows\System\glzHVRh.exe
  2⤵
  PID:2748
- C:\Windows\System\KffMOIy.exe
  C:\Windows\System\KffMOIy.exe
  2⤵
  PID:8572
- C:\Windows\System\aidXarD.exe
  C:\Windows\System\aidXarD.exe
  2⤵
  PID:8792
- C:\Windows\System\djCccoy.exe
  C:\Windows\System\djCccoy.exe
  2⤵
  PID:8956
- C:\Windows\System\ygkhijW.exe
  C:\Windows\System\ygkhijW.exe
  2⤵
  PID:9052
- C:\Windows\System\HCSgEcC.exe
  C:\Windows\System\HCSgEcC.exe
  2⤵
  PID:9120
- C:\Windows\System\gZrGYVU.exe
  C:\Windows\System\gZrGYVU.exe
  2⤵
  PID:8248
- C:\Windows\System\AlxCIjA.exe
  C:\Windows\System\AlxCIjA.exe
  2⤵
  PID:8616
- C:\Windows\System\RdawjuZ.exe
  C:\Windows\System\RdawjuZ.exe
  2⤵
  PID:8908
- C:\Windows\System\XENWJRy.exe
  C:\Windows\System\XENWJRy.exe
  2⤵
  PID:8392
- C:\Windows\System\rjpDCWC.exe
  C:\Windows\System\rjpDCWC.exe
  2⤵
  PID:8408
- C:\Windows\System\jeWaGxJ.exe
  C:\Windows\System\jeWaGxJ.exe
  2⤵
  PID:9236
- C:\Windows\System\tdXtRWY.exe
  C:\Windows\System\tdXtRWY.exe
  2⤵
  PID:9252
- C:\Windows\System\TqjztKo.exe
  C:\Windows\System\TqjztKo.exe
  2⤵
  PID:9292
- C:\Windows\System\kOmaOBW.exe
  C:\Windows\System\kOmaOBW.exe
  2⤵
  PID:9336
- C:\Windows\System\CodrDcJ.exe
  C:\Windows\System\CodrDcJ.exe
  2⤵
  PID:9352
- C:\Windows\System\MxLPJGC.exe
  C:\Windows\System\MxLPJGC.exe
  2⤵
  PID:9380
- C:\Windows\System\LxVPbeC.exe
  C:\Windows\System\LxVPbeC.exe
  2⤵
  PID:9408
- C:\Windows\System\jyHAJmw.exe
  C:\Windows\System\jyHAJmw.exe
  2⤵
  PID:9444
- C:\Windows\System\CYFcKPs.exe
  C:\Windows\System\CYFcKPs.exe
  2⤵
  PID:9464
- C:\Windows\System\dGyxLHN.exe
  C:\Windows\System\dGyxLHN.exe
  2⤵
  PID:9504
- C:\Windows\System\UXwDUVj.exe
  C:\Windows\System\UXwDUVj.exe
  2⤵
  PID:9520
- C:\Windows\System\hOfjLLA.exe
  C:\Windows\System\hOfjLLA.exe
  2⤵
  PID:9560
- C:\Windows\System\wKWVWop.exe
  C:\Windows\System\wKWVWop.exe
  2⤵
  PID:9592
- C:\Windows\System\tqzjEjj.exe
  C:\Windows\System\tqzjEjj.exe
  2⤵
  PID:9608
- C:\Windows\System\CurxSnN.exe
  C:\Windows\System\CurxSnN.exe
  2⤵
  PID:9648
- C:\Windows\System\PXcQhIW.exe
  C:\Windows\System\PXcQhIW.exe
  2⤵
  PID:9676
- C:\Windows\System\QrXGkBB.exe
  C:\Windows\System\QrXGkBB.exe
  2⤵
  PID:9704
- C:\Windows\System\yTvygrR.exe
  C:\Windows\System\yTvygrR.exe
  2⤵
  PID:9732
- C:\Windows\System\UsiKjEW.exe
  C:\Windows\System\UsiKjEW.exe
  2⤵
  PID:9748
- C:\Windows\System\oCvaClp.exe
  C:\Windows\System\oCvaClp.exe
  2⤵
  PID:9764
- C:\Windows\System\DnYKyby.exe
  C:\Windows\System\DnYKyby.exe
  2⤵
  PID:9816
- C:\Windows\System\BCUUwtw.exe
  C:\Windows\System\BCUUwtw.exe
  2⤵
  PID:9844
- C:\Windows\System\LrcwRjW.exe
  C:\Windows\System\LrcwRjW.exe
  2⤵
  PID:9860
- C:\Windows\System\RkNhlHG.exe
  C:\Windows\System\RkNhlHG.exe
  2⤵
  PID:9900
- C:\Windows\System\HACymmL.exe
  C:\Windows\System\HACymmL.exe
  2⤵
  PID:9928
- C:\Windows\System\fwprdfL.exe
  C:\Windows\System\fwprdfL.exe
  2⤵
  PID:9956
- C:\Windows\System\suonlkL.exe
  C:\Windows\System\suonlkL.exe
  2⤵
  PID:9984
- C:\Windows\System\QvkZUFT.exe
  C:\Windows\System\QvkZUFT.exe
  2⤵
  PID:10012
- C:\Windows\System\lwdqMMi.exe
  C:\Windows\System\lwdqMMi.exe
  2⤵
  PID:10028
- C:\Windows\System\jnpTpGT.exe
  C:\Windows\System\jnpTpGT.exe
  2⤵
  PID:10068
- C:\Windows\System\PzwrIsr.exe
  C:\Windows\System\PzwrIsr.exe
  2⤵
  PID:10096
- C:\Windows\System\HVbSLrC.exe
  C:\Windows\System\HVbSLrC.exe
  2⤵
  PID:10124
- C:\Windows\System\bJpZxrl.exe
  C:\Windows\System\bJpZxrl.exe
  2⤵
  PID:10140
- C:\Windows\System\GVymWmM.exe
  C:\Windows\System\GVymWmM.exe
  2⤵
  PID:10168
- C:\Windows\System\hhcvyEH.exe
  C:\Windows\System\hhcvyEH.exe
  2⤵
  PID:10208
- C:\Windows\System\goOKvNU.exe
  C:\Windows\System\goOKvNU.exe
  2⤵
  PID:10224
- C:\Windows\System\kBQblhz.exe
  C:\Windows\System\kBQblhz.exe
  2⤵
  PID:9220
- C:\Windows\System\mkvKcuN.exe
  C:\Windows\System\mkvKcuN.exe
  2⤵
  PID:9280
- C:\Windows\System\wYxoLFu.exe
  C:\Windows\System\wYxoLFu.exe
  2⤵
  PID:9392
- C:\Windows\System\jhdBPwm.exe
  C:\Windows\System\jhdBPwm.exe
  2⤵
  PID:9420
- C:\Windows\System\SwzCkyz.exe
  C:\Windows\System\SwzCkyz.exe
  2⤵
  PID:9460
- C:\Windows\System\FufNLAB.exe
  C:\Windows\System\FufNLAB.exe
  2⤵
  PID:9512
- C:\Windows\System\MeclaGl.exe
  C:\Windows\System\MeclaGl.exe
  2⤵
  PID:9572
- C:\Windows\System\fptvbxH.exe
  C:\Windows\System\fptvbxH.exe
  2⤵
  PID:9672
- C:\Windows\System\aYkdfMh.exe
  C:\Windows\System\aYkdfMh.exe
  2⤵
  PID:9756
- C:\Windows\System\QgSueBt.exe
  C:\Windows\System\QgSueBt.exe
  2⤵
  PID:9812
- C:\Windows\System\ZeeSnRG.exe
  C:\Windows\System\ZeeSnRG.exe
  2⤵
  PID:9876
- C:\Windows\System\YJEjJpU.exe
  C:\Windows\System\YJEjJpU.exe
  2⤵
  PID:9968
- C:\Windows\System\SrXnPmG.exe
  C:\Windows\System\SrXnPmG.exe
  2⤵
  PID:10024
- C:\Windows\System\YkTFIBX.exe
  C:\Windows\System\YkTFIBX.exe
  2⤵
  PID:10092
- C:\Windows\System\DDrWvbG.exe
  C:\Windows\System\DDrWvbG.exe
  2⤵
  PID:10164
- C:\Windows\System\MMevIqy.exe
  C:\Windows\System\MMevIqy.exe
  2⤵
  PID:10236
- C:\Windows\System\YwXibwA.exe
  C:\Windows\System\YwXibwA.exe
  2⤵
  PID:9244
- C:\Windows\System\qbtuaUE.exe
  C:\Windows\System\qbtuaUE.exe
  2⤵
  PID:9436
- C:\Windows\System\bKNygHj.exe
  C:\Windows\System\bKNygHj.exe
  2⤵
  PID:9600
- C:\Windows\System\yfEUhGt.exe
  C:\Windows\System\yfEUhGt.exe
  2⤵
  PID:9660
- C:\Windows\System\JCFrwQv.exe
  C:\Windows\System\JCFrwQv.exe
  2⤵
  PID:9912
- C:\Windows\System\KNVKPkM.exe
  C:\Windows\System\KNVKPkM.exe
  2⤵
  PID:10064
- C:\Windows\System\FNWPhfD.exe
  C:\Windows\System\FNWPhfD.exe
  2⤵
  PID:9332
- C:\Windows\System\nyCWIla.exe
  C:\Windows\System\nyCWIla.exe
  2⤵
  PID:8860
- C:\Windows\System\omqhYxo.exe
  C:\Windows\System\omqhYxo.exe
  2⤵
  PID:9776
- C:\Windows\System\sGNwvpO.exe
  C:\Windows\System\sGNwvpO.exe
  2⤵
  PID:10020
- C:\Windows\System\fCUoItR.exe
  C:\Windows\System\fCUoItR.exe
  2⤵
  PID:9724
- C:\Windows\System\cUDsZmM.exe
  C:\Windows\System\cUDsZmM.exe
  2⤵
  PID:10216
- C:\Windows\System\yEBqEhe.exe
  C:\Windows\System\yEBqEhe.exe
  2⤵
  PID:10260
- C:\Windows\System\KvJuqnW.exe
  C:\Windows\System\KvJuqnW.exe
  2⤵
  PID:10276
- C:\Windows\System\GMWPXmf.exe
  C:\Windows\System\GMWPXmf.exe
  2⤵
  PID:10316
- C:\Windows\System\QnzDSeG.exe
  C:\Windows\System\QnzDSeG.exe
  2⤵
  PID:10332
- C:\Windows\System\omSuHHh.exe
  C:\Windows\System\omSuHHh.exe
  2⤵
  PID:10372
- C:\Windows\System\FJprftf.exe
  C:\Windows\System\FJprftf.exe
  2⤵
  PID:10400
- C:\Windows\System\JHsJBrF.exe
  C:\Windows\System\JHsJBrF.exe
  2⤵
  PID:10428
- C:\Windows\System\DfvlxPp.exe
  C:\Windows\System\DfvlxPp.exe
  2⤵
  PID:10444
- C:\Windows\System\ahJsuTj.exe
  C:\Windows\System\ahJsuTj.exe
  2⤵
  PID:10460
- C:\Windows\System\ImcIEoM.exe
  C:\Windows\System\ImcIEoM.exe
  2⤵
  PID:10508
- C:\Windows\System\VHqOWju.exe
  C:\Windows\System\VHqOWju.exe
  2⤵
  PID:10536
- C:\Windows\System\OreTqhi.exe
  C:\Windows\System\OreTqhi.exe
  2⤵
  PID:10564
- C:\Windows\System\OKViBGs.exe
  C:\Windows\System\OKViBGs.exe
  2⤵
  PID:10584
- C:\Windows\System\tFIsCXW.exe
  C:\Windows\System\tFIsCXW.exe
  2⤵
  PID:10620
- C:\Windows\System\XkkIWaX.exe
  C:\Windows\System\XkkIWaX.exe
  2⤵
  PID:10644
- C:\Windows\System\nXvUYht.exe
  C:\Windows\System\nXvUYht.exe
  2⤵
  PID:10660
- C:\Windows\System\VlNCQQq.exe
  C:\Windows\System\VlNCQQq.exe
  2⤵
  PID:10708
- C:\Windows\System\LZyuVnt.exe
  C:\Windows\System\LZyuVnt.exe
  2⤵
  PID:10748
- C:\Windows\System\YEupubA.exe
  C:\Windows\System\YEupubA.exe
  2⤵
  PID:10764
- C:\Windows\System\WdryoDZ.exe
  C:\Windows\System\WdryoDZ.exe
  2⤵
  PID:10792
- C:\Windows\System\OtrtYOE.exe
  C:\Windows\System\OtrtYOE.exe
  2⤵
  PID:10820
- C:\Windows\System\kBeQcuM.exe
  C:\Windows\System\kBeQcuM.exe
  2⤵
  PID:10848
- C:\Windows\System\DTukSox.exe
  C:\Windows\System\DTukSox.exe
  2⤵
  PID:10876
- C:\Windows\System\rvNMDYn.exe
  C:\Windows\System\rvNMDYn.exe
  2⤵
  PID:10904
- C:\Windows\System\cvBGQDV.exe
  C:\Windows\System\cvBGQDV.exe
  2⤵
  PID:10932
- C:\Windows\System\TcpXUUd.exe
  C:\Windows\System\TcpXUUd.exe
  2⤵
  PID:10960
- C:\Windows\System\fxcTNAs.exe
  C:\Windows\System\fxcTNAs.exe
  2⤵
  PID:10988
- C:\Windows\System\qqtDgsL.exe
  C:\Windows\System\qqtDgsL.exe
  2⤵
  PID:11016
- C:\Windows\System\XLCmAkr.exe
  C:\Windows\System\XLCmAkr.exe
  2⤵
  PID:11032
- C:\Windows\System\NaepykH.exe
  C:\Windows\System\NaepykH.exe
  2⤵
  PID:11072
- C:\Windows\System\sFZhIAh.exe
  C:\Windows\System\sFZhIAh.exe
  2⤵
  PID:11096
- C:\Windows\System\UiNuTTk.exe
  C:\Windows\System\UiNuTTk.exe
  2⤵
  PID:11136
- C:\Windows\System\BJicuyw.exe
  C:\Windows\System\BJicuyw.exe
  2⤵
  PID:11160
- C:\Windows\System\GPosWOc.exe
  C:\Windows\System\GPosWOc.exe
  2⤵
  PID:11180
- C:\Windows\System\rBZRkvd.exe
  C:\Windows\System\rBZRkvd.exe
  2⤵
  PID:11220
- C:\Windows\System\OJfrFmJ.exe
  C:\Windows\System\OJfrFmJ.exe
  2⤵
  PID:11244
- C:\Windows\System\qBnunBy.exe
  C:\Windows\System\qBnunBy.exe
  2⤵
  PID:10248
- C:\Windows\System\BIZTUqL.exe
  C:\Windows\System\BIZTUqL.exe
  2⤵
  PID:10392
- C:\Windows\System\AnlANsD.exe
  C:\Windows\System\AnlANsD.exe
  2⤵
  PID:10520
- C:\Windows\System\BvKEGPo.exe
  C:\Windows\System\BvKEGPo.exe
  2⤵
  PID:10556
- C:\Windows\System\LFiLzju.exe
  C:\Windows\System\LFiLzju.exe
  2⤵
  PID:10632
- C:\Windows\System\MuPLBdE.exe
  C:\Windows\System\MuPLBdE.exe
  2⤵
  PID:10716
- C:\Windows\System\nGNWOZE.exe
  C:\Windows\System\nGNWOZE.exe
  2⤵
  PID:10816
- C:\Windows\System\zcGRPTh.exe
  C:\Windows\System\zcGRPTh.exe
  2⤵
  PID:10844
- C:\Windows\System\TIUUxEK.exe
  C:\Windows\System\TIUUxEK.exe
  2⤵
  PID:10916
- C:\Windows\System\Phlekrn.exe
  C:\Windows\System\Phlekrn.exe
  2⤵
  PID:10972
- C:\Windows\System\HcSYEvk.exe
  C:\Windows\System\HcSYEvk.exe
  2⤵
  PID:11068
- C:\Windows\System\lXqfVCT.exe
  C:\Windows\System\lXqfVCT.exe
  2⤵
  PID:11108
- C:\Windows\System\XDLqsAi.exe
  C:\Windows\System\XDLqsAi.exe
  2⤵
  PID:11168
- C:\Windows\System\nyTLRDd.exe
  C:\Windows\System\nyTLRDd.exe
  2⤵
  PID:11204
- C:\Windows\System\iVhnqWC.exe
  C:\Windows\System\iVhnqWC.exe
  2⤵
  PID:10356
- C:\Windows\System\fQCIptK.exe
  C:\Windows\System\fQCIptK.exe
  2⤵
  PID:2496
- C:\Windows\System\vxMFmmS.exe
  C:\Windows\System\vxMFmmS.exe
  2⤵
  PID:10840
- C:\Windows\System\OWPmtit.exe
  C:\Windows\System\OWPmtit.exe
  2⤵
  PID:10956
- C:\Windows\System\qvgswSk.exe
  C:\Windows\System\qvgswSk.exe
  2⤵
  PID:11116
- C:\Windows\System\mjAoDAv.exe
  C:\Windows\System\mjAoDAv.exe
  2⤵
  PID:11236
- C:\Windows\System\ISDXEGJ.exe
  C:\Windows\System\ISDXEGJ.exe
  2⤵
  PID:10436
- C:\Windows\System\Sdgdnwe.exe
  C:\Windows\System\Sdgdnwe.exe
  2⤵
  PID:11092
- C:\Windows\System\BtCzvgu.exe
  C:\Windows\System\BtCzvgu.exe
  2⤵
  PID:10328
- C:\Windows\System\wLJWlLa.exe
  C:\Windows\System\wLJWlLa.exe
  2⤵
  PID:5076
- C:\Windows\System\CWLbAHL.exe
  C:\Windows\System\CWLbAHL.exe
  2⤵
  PID:11276
- C:\Windows\System\xboYciV.exe
  C:\Windows\System\xboYciV.exe
  2⤵
  PID:11316
- C:\Windows\System\APoyNtQ.exe
  C:\Windows\System\APoyNtQ.exe
  2⤵
  PID:11352
- C:\Windows\System\NDbtemu.exe
  C:\Windows\System\NDbtemu.exe
  2⤵
  PID:11380
- C:\Windows\System\oXTbNXs.exe
  C:\Windows\System\oXTbNXs.exe
  2⤵
  PID:11400
- C:\Windows\System\QLwFWhg.exe
  C:\Windows\System\QLwFWhg.exe
  2⤵
  PID:11436
- C:\Windows\System\onYYVrl.exe
  C:\Windows\System\onYYVrl.exe
  2⤵
  PID:11452
- C:\Windows\System\WrcprVg.exe
  C:\Windows\System\WrcprVg.exe
  2⤵
  PID:11480
- C:\Windows\System\CurURDM.exe
  C:\Windows\System\CurURDM.exe
  2⤵
  PID:11520
- C:\Windows\System\idMFRrp.exe
  C:\Windows\System\idMFRrp.exe
  2⤵
  PID:11536
- C:\Windows\System\bPZbGgo.exe
  C:\Windows\System\bPZbGgo.exe
  2⤵
  PID:11564
- C:\Windows\System\DehBbQF.exe
  C:\Windows\System\DehBbQF.exe
  2⤵
  PID:11608
- C:\Windows\System\IxoimtO.exe
  C:\Windows\System\IxoimtO.exe
  2⤵
  PID:11624
- C:\Windows\System\TBYaDVO.exe
  C:\Windows\System\TBYaDVO.exe
  2⤵
  PID:11664
- C:\Windows\System\xvWLQbq.exe
  C:\Windows\System\xvWLQbq.exe
  2⤵
  PID:11680
- C:\Windows\System\yoVfeiu.exe
  C:\Windows\System\yoVfeiu.exe
  2⤵
  PID:11708
- C:\Windows\System\ujuivQz.exe
  C:\Windows\System\ujuivQz.exe
  2⤵
  PID:11748
- C:\Windows\System\mgRnYtT.exe
  C:\Windows\System\mgRnYtT.exe
  2⤵
  PID:11776
- C:\Windows\System\aBbWZNA.exe
  C:\Windows\System\aBbWZNA.exe
  2⤵
  PID:11808
- C:\Windows\System\AlrHBSw.exe
  C:\Windows\System\AlrHBSw.exe
  2⤵
  PID:11840
- C:\Windows\System\OgDYldF.exe
  C:\Windows\System\OgDYldF.exe
  2⤵
  PID:11864
- C:\Windows\System\ZcuBeuF.exe
  C:\Windows\System\ZcuBeuF.exe
  2⤵
  PID:11892
- C:\Windows\System\WFuAtZQ.exe
  C:\Windows\System\WFuAtZQ.exe
  2⤵
  PID:11916
- C:\Windows\System\eZDQrcS.exe
  C:\Windows\System\eZDQrcS.exe
  2⤵
  PID:11944
- C:\Windows\System\RNPRgcG.exe
  C:\Windows\System\RNPRgcG.exe
  2⤵
  PID:11992
- C:\Windows\System\CcTcRdC.exe
  C:\Windows\System\CcTcRdC.exe
  2⤵
  PID:12020
- C:\Windows\System\ohaLFFI.exe
  C:\Windows\System\ohaLFFI.exe
  2⤵
  PID:12048
- C:\Windows\System\mHitoAu.exe
  C:\Windows\System\mHitoAu.exe
  2⤵
  PID:12064
- C:\Windows\System\cHPbyCY.exe
  C:\Windows\System\cHPbyCY.exe
  2⤵
  PID:12104
- C:\Windows\System\APHKtgq.exe
  C:\Windows\System\APHKtgq.exe
  2⤵
  PID:12120
- C:\Windows\System\VssnVyU.exe
  C:\Windows\System\VssnVyU.exe
  2⤵
  PID:12172
- C:\Windows\System\qNtqdKy.exe
  C:\Windows\System\qNtqdKy.exe
  2⤵
  PID:12196
- C:\Windows\System\PMRGzsH.exe
  C:\Windows\System\PMRGzsH.exe
  2⤵
  PID:12236
- C:\Windows\System\FlvELww.exe
  C:\Windows\System\FlvELww.exe
  2⤵
  PID:12268
- C:\Windows\System\FAxqLYg.exe
  C:\Windows\System\FAxqLYg.exe
  2⤵
  PID:10804
- C:\Windows\System\SADGCDO.exe
  C:\Windows\System\SADGCDO.exe
  2⤵
  PID:11408
- C:\Windows\System\mKlkwoR.exe
  C:\Windows\System\mKlkwoR.exe
  2⤵
  PID:11512
- C:\Windows\System\tsQJZVk.exe
  C:\Windows\System\tsQJZVk.exe
  2⤵
  PID:11616
- C:\Windows\System\EqwdSHB.exe
  C:\Windows\System\EqwdSHB.exe
  2⤵
  PID:11672
- C:\Windows\System\uesuYyw.exe
  C:\Windows\System\uesuYyw.exe
  2⤵
  PID:11760
- C:\Windows\System\VkTMDAJ.exe
  C:\Windows\System\VkTMDAJ.exe
  2⤵
  PID:11876
- C:\Windows\System\HoMFwcW.exe
  C:\Windows\System\HoMFwcW.exe
  2⤵
  PID:11936
- C:\Windows\System\wAXHNjo.exe
  C:\Windows\System\wAXHNjo.exe
  2⤵
  PID:3984
- C:\Windows\System\snMVEua.exe
  C:\Windows\System\snMVEua.exe
  2⤵
  PID:12040
- C:\Windows\System\LWFRVer.exe
  C:\Windows\System\LWFRVer.exe
  2⤵
  PID:12096
- C:\Windows\System\LrCZWrm.exe
  C:\Windows\System\LrCZWrm.exe
  2⤵
  PID:12164
- C:\Windows\System\QCePTXd.exe
  C:\Windows\System\QCePTXd.exe
  2⤵
  PID:12248
- C:\Windows\System\XIGRDvf.exe
  C:\Windows\System\XIGRDvf.exe
  2⤵
  PID:11372
- C:\Windows\System\xveNOgb.exe
  C:\Windows\System\xveNOgb.exe
  2⤵
  PID:11576
- C:\Windows\System\IrwUXMP.exe
  C:\Windows\System\IrwUXMP.exe
  2⤵
  PID:11648
- C:\Windows\System\mQMONyR.exe
  C:\Windows\System\mQMONyR.exe
  2⤵
  PID:11904
- C:\Windows\System\mVRZzvK.exe
  C:\Windows\System\mVRZzvK.exe
  2⤵
  PID:3996
- C:\Windows\System\GYvqtMH.exe
  C:\Windows\System\GYvqtMH.exe
  2⤵
  PID:12116
- C:\Windows\System\TqoYwob.exe
  C:\Windows\System\TqoYwob.exe
  2⤵
  PID:12276
- C:\Windows\System\wMHdmTp.exe
  C:\Windows\System\wMHdmTp.exe
  2⤵
  PID:11468
- C:\Windows\System\BvWqiqV.exe
  C:\Windows\System\BvWqiqV.exe
  2⤵
  PID:12308
- C:\Windows\System\XxPEEVw.exe
  C:\Windows\System\XxPEEVw.exe
  2⤵
  PID:12328
- C:\Windows\System\tOMfoKU.exe
  C:\Windows\System\tOMfoKU.exe
  2⤵
  PID:12364
- C:\Windows\System\FatVjtF.exe
  C:\Windows\System\FatVjtF.exe
  2⤵
  PID:12396
- C:\Windows\System\fQyMnXR.exe
  C:\Windows\System\fQyMnXR.exe
  2⤵
  PID:12412
- C:\Windows\System\FCJRhDB.exe
  C:\Windows\System\FCJRhDB.exe
  2⤵
  PID:12440
- C:\Windows\System\TzFgKon.exe
  C:\Windows\System\TzFgKon.exe
  2⤵
  PID:12456
- C:\Windows\System\fcBoOfe.exe
  C:\Windows\System\fcBoOfe.exe
  2⤵
  PID:12472
- C:\Windows\System\ktDwaon.exe
  C:\Windows\System\ktDwaon.exe
  2⤵
  PID:12500
- C:\Windows\System\HIHwdOB.exe
  C:\Windows\System\HIHwdOB.exe
  2⤵
  PID:12532
- C:\Windows\System\ZZGSymB.exe
  C:\Windows\System\ZZGSymB.exe
  2⤵
  PID:12548
- C:\Windows\System\edbSRUK.exe
  C:\Windows\System\edbSRUK.exe
  2⤵
  PID:12600
- C:\Windows\System\EllwOWI.exe
  C:\Windows\System\EllwOWI.exe
  2⤵
  PID:12656
- C:\Windows\System\oFZKMIU.exe
  C:\Windows\System\oFZKMIU.exe
  2⤵
  PID:12676
- C:\Windows\System\SFAYkTd.exe
  C:\Windows\System\SFAYkTd.exe
  2⤵
  PID:12704
- C:\Windows\System\gaOjcPP.exe
  C:\Windows\System\gaOjcPP.exe
  2⤵
  PID:12736
- C:\Windows\System\sUAAwmI.exe
  C:\Windows\System\sUAAwmI.exe
  2⤵
  PID:12776
- C:\Windows\System\JMjZfSv.exe
  C:\Windows\System\JMjZfSv.exe
  2⤵
  PID:12804
- C:\Windows\System\QNmHAWp.exe
  C:\Windows\System\QNmHAWp.exe
  2⤵
  PID:12820
- C:\Windows\System\juHXVlm.exe
  C:\Windows\System\juHXVlm.exe
  2⤵
  PID:12840
- C:\Windows\System\oDYgYFU.exe
  C:\Windows\System\oDYgYFU.exe
  2⤵
  PID:12864
- C:\Windows\System\xujJkJc.exe
  C:\Windows\System\xujJkJc.exe
  2⤵
  PID:12920
- C:\Windows\System\jBVoSXg.exe
  C:\Windows\System\jBVoSXg.exe
  2⤵
  PID:12944
- C:\Windows\System\bcjGzKL.exe
  C:\Windows\System\bcjGzKL.exe
  2⤵
  PID:12964
- C:\Windows\System\paHJGtQ.exe
  C:\Windows\System\paHJGtQ.exe
  2⤵
  PID:12984
- C:\Windows\System\CnRlbXO.exe
  C:\Windows\System\CnRlbXO.exe
  2⤵
  PID:13012
- C:\Windows\System\voRTfdF.exe
  C:\Windows\System\voRTfdF.exe
  2⤵
  PID:13044
- C:\Windows\System\ccMTbTp.exe
  C:\Windows\System\ccMTbTp.exe
  2⤵
  PID:13076
- C:\Windows\System\ZFytAbD.exe
  C:\Windows\System\ZFytAbD.exe
  2⤵
  PID:13116
- C:\Windows\System\xLtTKsh.exe
  C:\Windows\System\xLtTKsh.exe
  2⤵
  PID:13156
- C:\Windows\System\nhggsek.exe
  C:\Windows\System\nhggsek.exe
  2⤵
  PID:13184
- C:\Windows\System\LCWZBeF.exe
  C:\Windows\System\LCWZBeF.exe
  2⤵
  PID:13200
- C:\Windows\System\VEWKCCy.exe
  C:\Windows\System\VEWKCCy.exe
  2⤵
  PID:13240
- C:\Windows\System\VIYxwhJ.exe
  C:\Windows\System\VIYxwhJ.exe
  2⤵
  PID:12540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ve0mnjvq.mnr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DXWUVHc.exe

Filesize
2.9MB

MD5
4be3a7cc4772f89a7c5bc0414e6f6182

SHA1
0810aa415715372fa4e81bab720dda4455850379

SHA256
dea42e9d958bf05201dd6d1ed1472ecd1f0b953126c889212001a67473839e72

SHA512
c307956a4772455d35d28f02dc4ff5ed1e17c965fa9c9c6989c7c79f11c2a73323bfe4334fd6d60d064daf4e7961634775951a79dcbf6062433630c903da4cc4

Download Submit
C:\Windows\System\FiYsVbM.exe

Filesize
2.9MB

MD5
bf57f40d90c08851f5e37e0d7b3738ca

SHA1
0a2c34f86e9e27a5e5afb44b2d02d1f2bd646aad

SHA256
92ff295fc47ee9561395cb39473531924aaa0dfea18c913f2c2fedfca9481533

SHA512
f65a44cf3f88889a94eac1475a4d10f590b390f96186ef008ec85c10be88c2ce1764b8982775133609e87b7f55fa2229d98e6c9aec1e81ca2c1b20e58d8d2530

Download Submit
C:\Windows\System\HJXIZOZ.exe

Filesize
2.9MB

MD5
70481a0c8b5454cadd132d9d22a36636

SHA1
ae159895550cedebbe2e1ff770b4742b5933731e

SHA256
c941022278a83c7b552f7b0623157d43ba2fa076e63a4ba9697cc04a5d931abe

SHA512
c68b682500fee1e5cf999a8e7159f7da0db35fc76d980ff9d1e9671b9eb0a1e6636c872682621ec76583fef5cf1a5183f11f381db841321e13a73fc0a0194913

Download Submit
C:\Windows\System\KQNidXr.exe

Filesize
2.9MB

MD5
e7269722d5b59bb9a57259618d4dbfa5

SHA1
37ac308bf5551575e0fad7d2b21fcaa40f9a51ca

SHA256
411a0fe9ce850a0e536a29385f2f65dcd8f2d4770d5bc147cad9f84e2e0977df

SHA512
aaa8595d4160978b5e543b2b32336d9ea974fbd6c7c2af7f2e543396e8cf11b344f566350524289613321ca65df08e5952e03ecbda94a867730223ca793df75d

Download Submit
C:\Windows\System\MnufQik.exe

Filesize
2.9MB

MD5
e161017c21edbf2af8902a8b708e9e96

SHA1
cbb524aeb8725d504144a1f7c8c013321f23ff8f

SHA256
6e1678adf1c7983c4382c3fa0df5f8a4660b5b6ae5280ce6716ef72a30716176

SHA512
527b3c7a30905aa7c29ce6d369f3ac32ae8ed3ee7d07eb11f3a04c1c693534f74e6edbe0931ff89c24586fad5362fd65d5240c9d7883d5019e827bad8f47387c

Download Submit
C:\Windows\System\PIevAcE.exe

Filesize
2.9MB

MD5
3a6d28c90226e678b70efb1490be9d88

SHA1
de2646f411fd4da7a55ea30791917f997b7aee2d

SHA256
02337b7a2fbfe86b472646c5980fef13093823452e3e1ffa55b0fa05050e8cdb

SHA512
ce69173b9a4d199a3b9de7923adae5bbaace5fd538c73c2d3c2a656aff0d6e99c7c3d2a5d8874a7697b2a732b2886a1408febe652b708b6ae5cec99d9a1cef42

Download Submit
C:\Windows\System\SWHzDDY.exe

Filesize
2.9MB

MD5
2a56a5072b6bb0d5d2479d47a4f187f5

SHA1
71fad79525090500ec3cfbe41871ec8ed14f968d

SHA256
5fc01841ef9ad666a05c92f5c849fe7e73c59e214a8503b01bd4675089da7802

SHA512
da426208d3711b821eefc29830880a896d5c6e20a1e7b9fd879bded087d85adc3c00863bbb2274ccb64802b887f1aa1025382c2ebd0caca5a08b8315e0130a3b

Download Submit
C:\Windows\System\SfpvaFW.exe

Filesize
2.9MB

MD5
4e2687968b9f7bc694eff92f5505b65c

SHA1
c28be7e9b2d874b841f63a2eb7e0d8550276a316

SHA256
64efefe46817fec269879382e92842d353984d2e0cf9d3e645605ce8215769c6

SHA512
82ff2eaefc8bcfde11fc29aebe53c0e494401b0c362753292630357b750e6c0c517adc126138fde9f2bf5a64f4b46f0555855676ae11e9fc730aed1d2386e6cd

Download Submit
C:\Windows\System\TKjupBS.exe

Filesize
2.9MB

MD5
a8c9499b68d17aece2b651430ee7302c

SHA1
5c1446a2ca0db8ec3c1aedb708277b539061514a

SHA256
654db9f4f514f89bdb9152c3117f3558267757b92f6b4bec5c7935ee1069a342

SHA512
6e11f7a9e8893bb033b468b1dac2469b7489de91f4103e99a0445c0cd8995e38add2958592d27df4e580f149a7a87dbe779c875a127e6921d8106e743bb650ad

Download Submit
C:\Windows\System\TjdWHPl.exe

Filesize
2.9MB

MD5
1a345ed8d27722816d17c0bcbdc0fa94

SHA1
b3e97cb9aef062dc5a225ddbddea6139e1cc292c

SHA256
31617bc404c026193a83a00cf5fde8ac40fcf77c14753f7b5cd09166cf8af41d

SHA512
888d5631584042c2ca7b3108b3d5de8c4910c4330876f30e9c94ce254b46f9cf5c28c0e79265934e0738012a973d50269697e0462269d649637c4004ac1a2606

Download Submit
C:\Windows\System\VvFYRzJ.exe

Filesize
2.9MB

MD5
ac6a2a3a88ece479213dd17d9ebc7440

SHA1
d920b7dcdaf81f6b322fad06942178db6c77b62a

SHA256
cf3d0a3b7317a36b488f53ef41db2392ae42d864f2a9da9416700fbcda44fbc0

SHA512
27a99483720ab02457883ac31fc8dbea2c7201f0f0cad3eccce2d001d07897125801a7582d35af4686c589aecf3c08c67e61fbc5a2c60f113aa27bdd461c284e

Download Submit
C:\Windows\System\WTYXtBE.exe

Filesize
2.9MB

MD5
df5df5cdd123f539c5cdd1d6b78245ff

SHA1
c51c342e880d475a5929c131f7689f9db029cf7e

SHA256
2f4c23157412b6e38611cb9b32371d8bf77869157c608eb36f1e0dba84dee25f

SHA512
1f74d7dd8cd44c0e462e545dbe2f4c84bb17f8461ccf4da8ae6f2ca1ae3ca5a2755b2c7c2cb0f36dde64aab088668127c8aa2f1764c3163141c40e6545a384d9

Download Submit
C:\Windows\System\YQZdvvC.exe

Filesize
2.9MB

MD5
e318b3d95c8371b8bdbfc0fc6b4a7edd

SHA1
95dbd25356aa06eec508e14d8bdcba272e8b16b1

SHA256
043316282e6a1e71d532cc7174b8d7dc15e5c1c066506751e2610b8d60bf75ea

SHA512
c0247311968b81c9a3b13042260c2be8942bd4ecdfd7c34da58f44a5b5339c773747bff1c180500de149e43f41fe9c93188978c33ee6596a4ad92aff52fcd627

Download Submit
C:\Windows\System\ZGQJnpY.exe

Filesize
2.9MB

MD5
2355d89728e07dc2acf0fa15cc68ddf1

SHA1
3a82b02f381bcc0b6cd44a046fe840fc6c24c027

SHA256
58cd06ad1f65339e41af9513c50aae40075815cf99896a5af9f7985e0d30e59c

SHA512
febb582da1f89d297103ff406aad1bdd5a751d1452b7a5cbf523b3df70f8b8645a4be45803124f1f97822b7e397e30d7f976893b0d71ec828cd090db27b369cf

Download Submit
C:\Windows\System\bsglEks.exe

Filesize
2.9MB

MD5
9ba2f70459cc6549ea801e0fbbf001c7

SHA1
ec52a64b1f5a55ec69452150f2653c29ccb7c356

SHA256
2952e4d4bcb7c3360b96c935bd6baa72bca52fce216a89e9bb048f5fed5bc5b6

SHA512
2bea422cc834054293012faae0eacf6dc20b6faa0ac16ed6be66fdb751726b339d2cc49434ca119e5d83185243254e249818acc97c2cfcfba4d5e9e36da1e014

Download Submit
C:\Windows\System\dwxqsrL.exe

Filesize
2.9MB

MD5
df62c7bc8a59a6a54ac27e86d9342fbb

SHA1
1d2264bad68539c0c79d03c8b1494e7c00adef19

SHA256
8400e660e2d8f1314d08b34f805b843386e73b22d02a4f30f01e93abceef37f7

SHA512
de5869d2131ef97ffc83c450b2ef9244124a1c71c136b105630e644c130c6b3861f8e8b4bc24b7e39bfa2184bcbda547404bde46e973dee872da6a3fde6946d0

Download Submit
C:\Windows\System\gVYpqMC.exe

Filesize
2.9MB

MD5
f3689f0a1f0840f8bf7db38e29d0fbfa

SHA1
ddea74c217bb10ad2a04a4244222f2e8a77f8cbd

SHA256
141b2a912e486eb05af4632a48f7dfeea256e3fca3ada662666e67b5750abb5c

SHA512
73e07b063e11f89ece67ff28f112f992616daf4cfa3cae1d6ad3c8da57a0bb58895c62eca88722d58968ec465495f12065e6eed39766aa3d6fe5f96ee421b74f

Download Submit
C:\Windows\System\hZpoOZq.exe

Filesize
2.9MB

MD5
4f47ebc48f7a2f851ea32657aaf14855

SHA1
6fbd25f129c815b4b88773a8515e101ef5ce73fa

SHA256
031ac39eb476b1e8dc098daab730fae07bf1918e642dfd894f36d00cfb9c8ba8

SHA512
e2ea1c365fb03e8b1d51266068ce1f590e4f04440c5a02fe87c4a5406685ccc6e32d08cb6ca4225d3863ce7e4ae89fe6775b62f74913442ea20bca7dfe7a64e7

Download Submit
C:\Windows\System\knUBYYW.exe

Filesize
2.9MB

MD5
77ec38935a277a5f368a67a643852385

SHA1
b06186410e29ad2f83fc6d2d95fd7eede1a96acd

SHA256
a1a47edaf99162ff3fbfde5e6aeadd2e5ee346a00fa111a14f641a271a6c42d1

SHA512
cfc02206132791bd3827d859f6192faede8197838b7453e8e4af84558b2dfc274ecf3fc28251f1cdc8528ec1a7bb20330a243abedee3dd1b595d8a7f94e33efa

Download Submit
C:\Windows\System\mUclOuk.exe

Filesize
2.9MB

MD5
5450b57e2980c02f3c542f118fba8727

SHA1
72a63688cf91b9f2541d6a2732455f3385ca34cd

SHA256
7f771ec89860eac245f6d27f1a89d20654e47841322a6742f095ad257a0046c7

SHA512
a26d7a1edaa4cd3dce5e47366930688660d7de8918c5d20e1e696c6cdcef74d1f22d8cd284a59bbd48f3ace5457deb96eb540b2558ffc67b83e44d56880e32f7

Download Submit
C:\Windows\System\oBuCIRi.exe

Filesize
2.9MB

MD5
1a40395cddf7428c3638b40738a08e16

SHA1
263f7226ac21c0d3b8fb1aac7878481432ff2c24

SHA256
256f7439d383c4e945943ae7623d77085ac2f6f3b8e4fccd72a2118523bc57e5

SHA512
14110b2f55688f8428b9331f956d818f327af28f06928b6130d9901268699cbde00a6c59885c546d1612c94d2de6fbf0b728e971a106274151a663bd9ee1b6c4

Download Submit
C:\Windows\System\oQenhxA.exe

Filesize
2.9MB

MD5
46155a90ca0d0996c31471cc77361560

SHA1
a5b2adc3cf98a8a1ee06f35fffc6f1d9d8fb4676

SHA256
323692e4b96b88b65e25f0e78173e2a0807ef4f8521cd83eae4f8c3219df1ec8

SHA512
257b94f1277e3ea2294ff991d11e7d7296e41d566b5525eb7ec5705f48fab2f9af4adeadc81b0ee0355f791c9541fab6306c2b362677bc6863ec4e9f3fb84052

Download Submit
C:\Windows\System\onGgPeT.exe

Filesize
2.9MB

MD5
d114dace4004c6da7919a6817cfa008d

SHA1
34686d1eb58ff493fcfe927113630b3d04f874ff

SHA256
2dd20138122ca02a62c09f41db802f1d2a807df5e9440d04de5ae4d1c76c8c88

SHA512
6b121b5bea9882a54019cc9dccedd80cef9687f7785a0f88e8a58d3de23d0fcb26b8e4a2ad41fbb30551142db9403057e2c265758d0f7d6764a36c8af71e9d76

Download Submit
C:\Windows\System\pEeunSk.exe

Filesize
2.9MB

MD5
534becf7dae405ea582c665b289e9213

SHA1
78cf2016bde253fe45fb8eeb9512dc5d5ea3e18f

SHA256
53340b7ff84edeca37682297868c7d46a58871059efb178262696056bd689943

SHA512
130ddf4df805c1d7a9b230fb2bc463df7a195670cb8170415e0dcde027324e0359d26ed2230f4fd6f174b4ca0b3cbb4014e97b77840864be2a31009a6768740b

Download Submit
C:\Windows\System\qqdQFjI.exe

Filesize
8B

MD5
8df5d7cea6f17e33b828ee09a4f8c91e

SHA1
6aaff1a3a288a0aba2a3023d517e314fe986f730

SHA256
cebffee933f857324d8ea2bd5fb8dad33034c7e30f8e9b644e83274baeadc1d6

SHA512
aee4f16c452925a2700f8c6c545adb516dd855069c67839327087aebe75765ec2637a168ea26305bfaf7ca090b0abc3820134331985dd395f3751e82867cb7ea

Download Submit
C:\Windows\System\rOjIXei.exe

Filesize
2.9MB

MD5
daf8e122e3e54ae7ae012576e07a126b

SHA1
1a9dffcaef99a71e952c7746b5d98b694bb72a8b

SHA256
4a854f948c6492043d2eacb2a283857cfea05989a907ca05a91536f8b809c43d

SHA512
edfa79249e2dcf17c9997faf7c36b6b33c8b19714c2e8bec45c6f7d3798e30157c20ba5cab7ff1eb42c0d6d9820a06f3a6e74e29f4df5b610e6a139f761fa554

Download Submit
C:\Windows\System\sRzLTwg.exe

Filesize
2.9MB

MD5
195fe0c3d8b149fd1ea1e703309ca658

SHA1
77ab0ddda4f6932fedca1730b880713a45aae16c

SHA256
61efb42fce1d56d4fe1c24ad9bff61d221ae7e7e3660c76322c4b4e80d3322b0

SHA512
fbf76803e04ef2994e8a8676400171f8397ff8130db9889418d13e75ed79454b37f01f25817fb1acd153dfc8769ebbe7213725a74269680a06530bd8eb4727a3

Download Submit
C:\Windows\System\sZaOhIj.exe

Filesize
2.9MB

MD5
fa54d23df661c381f1d7dce60dcd9f23

SHA1
59e52e43d279be008466eb11cb703a35f886e6f0

SHA256
b7f08b97df05f98a0780c29ae100ee93cf01922881dc514eebcd75589347e6a5

SHA512
0b1ab15f6eaea90b19c9bd7da9486364e6e0d7755132a32688e67e4ac2f02a9c33cfc63deb29daae10336aba4cad659e59a3db6426e40a6b82ab9c37107af3c7

Download Submit
C:\Windows\System\tXKMPGr.exe

Filesize
2.9MB

MD5
ca7ce53bd34b0e6bdc9f29f4cd8d059e

SHA1
c7589843a6ce52e6385339ebebf5fe3177aafd3a

SHA256
76c56029ce247a068866ccf7b12c8c54262c5dcd4ac5c3fb591f5666e3ff09da

SHA512
1895b7c8a33ab40decaa75c61593913139d9a917909caafd6935fdd4f1446415ea3b3d74c086acf8bee58e4b436b9a574d0923581114fb44cb96ca81271b4508

Download Submit
C:\Windows\System\vGQvxcb.exe

Filesize
2.9MB

MD5
595d85865dcdfdc4440d8b9dc225d077

SHA1
133c788f3f776b48b5334699b3d566cb85b2ce85

SHA256
f9b2a6e1ec25a813bbd122cc7c2cc6bcb3d8b023bc4891fce6f09ff36394f11c

SHA512
b987a8ab95b671199d5f785a82c62147e468648749d50c782e14fd7884aaef5cb259119ae247cee48c66e03c6c357cfbd058076fe0dce659afdde1e0d7dc8286

Download Submit
C:\Windows\System\wlQppqo.exe

Filesize
2.9MB

MD5
f8866131dfd9787d451df490d00a1fd3

SHA1
9c237ac5b0e5ca9e97964b1be898d62c899f4876

SHA256
522aecc58911a4bbf8794d34204eb70995d813306ce93f79466ee79dc66579b5

SHA512
d0029b068f355bf37b24179a4648a4fddfce0fbe69e8392c64d15950f59e3ddd7fbe90d86cd24181ed09fa849de79b50787910a84ce573318f820228387b96bb

Download Submit
C:\Windows\System\xriIUwX.exe

Filesize
2.9MB

MD5
54be480a976bd365737e670232628385

SHA1
98bc33edac24f21fb551b6f2a853ba3051c0c07e

SHA256
7072db2c8a2cd877f93f2e5d80a4d98c36c94cc21536569a237bd10f98a34a04

SHA512
cdaee6f9e7d22e3c5660bc9edfc6cb93ac45c5cec98941dc99bf9df8d990b683dc4dbd0a0e3f18d3bc05d168aee8379c4fcb38e34cc7d1efee86220cd738a7de

Download Submit
C:\Windows\System\ylXzxDn.exe

Filesize
2.9MB

MD5
852bdacebe1f157769a2574277e4a363

SHA1
893a0c4e8e8f85f483ae9ee9efb34ec5c1669bb5

SHA256
ab3da408d9352e222180ce40298923284fff3c1032fbe2fc786d88cf90c5e7e8

SHA512
2bb04f59efcd5285ec597aaa8d7398dfec264ef64b6c57a9ec3debe966f2ea6c5d15b0d0d8863c2e48682d34da965d9393aaeae1a3f2f1d54964e9815dbe0a66

Download Submit
C:\Windows\System\zUsFqHG.exe

Filesize
2.9MB

MD5
5f3d70eb7462fce5ababe8ae805c100d

SHA1
5508347919de03f95ac63c1adbdbf8b25beb8972

SHA256
78a212152948a5b05287cc279cf425953bfb653db826df6138042dbab4840d8a

SHA512
216bf8074d9368b31dd540144b411eebc22365682788b4d7767b683e6041a547483031d5e237f855c136eefbe9f53f5dfb323ab3bc010c39492e45268f088509

Download Submit
memory/436-2043-0x00007FF6B7DE0000-0x00007FF6B81D6000-memory.dmp

Filesize
4.0MB

Download
memory/436-178-0x00007FF6B7DE0000-0x00007FF6B81D6000-memory.dmp

Filesize
4.0MB

Download
memory/532-87-0x00007FF65ABE0000-0x00007FF65AFD6000-memory.dmp

Filesize
4.0MB

Download
memory/532-2032-0x00007FF65ABE0000-0x00007FF65AFD6000-memory.dmp

Filesize
4.0MB

Download
memory/556-2028-0x00007FF663070000-0x00007FF663466000-memory.dmp

Filesize
4.0MB

Download
memory/556-65-0x00007FF663070000-0x00007FF663466000-memory.dmp

Filesize
4.0MB

Download
memory/992-18-0x00007FF658350000-0x00007FF658746000-memory.dmp

Filesize
4.0MB

Download
memory/992-2023-0x00007FF658350000-0x00007FF658746000-memory.dmp

Filesize
4.0MB

Download
memory/1060-2031-0x00007FF7D6CA0000-0x00007FF7D7096000-memory.dmp

Filesize
4.0MB

Download
memory/1060-103-0x00007FF7D6CA0000-0x00007FF7D7096000-memory.dmp

Filesize
4.0MB

Download
memory/1088-2040-0x00007FF7E0F10000-0x00007FF7E1306000-memory.dmp

Filesize
4.0MB

Download
memory/1088-162-0x00007FF7E0F10000-0x00007FF7E1306000-memory.dmp

Filesize
4.0MB

Download
memory/1100-62-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/1100-56-0x0000024B3F0B0000-0x0000024B3F0D2000-memory.dmp

Filesize
136KB

Download
memory/1100-22-0x00007FFD5B973000-0x00007FFD5B975000-memory.dmp

Filesize
8KB

Download
memory/1100-59-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/1100-2007-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/1100-133-0x0000024B3FCD0000-0x0000024B40476000-memory.dmp

Filesize
7.6MB

Download
memory/1100-2008-0x00007FFD5B973000-0x00007FFD5B975000-memory.dmp

Filesize
8KB

Download
memory/1100-2020-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/1152-67-0x00007FF7AC910000-0x00007FF7ACD06000-memory.dmp

Filesize
4.0MB

Download
memory/1152-2022-0x00007FF7AC910000-0x00007FF7ACD06000-memory.dmp

Filesize
4.0MB

Download
memory/1300-2041-0x00007FF632DA0000-0x00007FF633196000-memory.dmp

Filesize
4.0MB

Download
memory/1300-168-0x00007FF632DA0000-0x00007FF633196000-memory.dmp

Filesize
4.0MB

Download
memory/1424-2039-0x00007FF674EE0000-0x00007FF6752D6000-memory.dmp

Filesize
4.0MB

Download
memory/1424-184-0x00007FF674EE0000-0x00007FF6752D6000-memory.dmp

Filesize
4.0MB

Download
memory/1444-68-0x00007FF665310000-0x00007FF665706000-memory.dmp

Filesize
4.0MB

Download
memory/1444-2025-0x00007FF665310000-0x00007FF665706000-memory.dmp

Filesize
4.0MB

Download
memory/1456-69-0x00007FF6DD4D0000-0x00007FF6DD8C6000-memory.dmp

Filesize
4.0MB

Download
memory/1456-2024-0x00007FF6DD4D0000-0x00007FF6DD8C6000-memory.dmp

Filesize
4.0MB

Download
memory/1484-2044-0x00007FF7A3290000-0x00007FF7A3686000-memory.dmp

Filesize
4.0MB

Download
memory/1484-172-0x00007FF7A3290000-0x00007FF7A3686000-memory.dmp

Filesize
4.0MB

Download
memory/1644-64-0x00007FF6F7490000-0x00007FF6F7886000-memory.dmp

Filesize
4.0MB

Download
memory/1644-2029-0x00007FF6F7490000-0x00007FF6F7886000-memory.dmp

Filesize
4.0MB

Download
memory/2124-0-0x00007FF6C6420000-0x00007FF6C6816000-memory.dmp

Filesize
4.0MB

Download
memory/2124-1-0x000001F24B180000-0x000001F24B190000-memory.dmp

Filesize
64KB

Download
memory/2408-2009-0x00007FF7A0110000-0x00007FF7A0506000-memory.dmp

Filesize
4.0MB

Download
memory/2408-2033-0x00007FF7A0110000-0x00007FF7A0506000-memory.dmp

Filesize
4.0MB

Download
memory/2408-110-0x00007FF7A0110000-0x00007FF7A0506000-memory.dmp

Filesize
4.0MB

Download
memory/3164-138-0x00007FF639F80000-0x00007FF63A376000-memory.dmp

Filesize
4.0MB

Download
memory/3164-2036-0x00007FF639F80000-0x00007FF63A376000-memory.dmp

Filesize
4.0MB

Download
memory/3188-2030-0x00007FF7D10E0000-0x00007FF7D14D6000-memory.dmp

Filesize
4.0MB

Download
memory/3188-94-0x00007FF7D10E0000-0x00007FF7D14D6000-memory.dmp

Filesize
4.0MB

Download
memory/3448-159-0x00007FF608720000-0x00007FF608B16000-memory.dmp

Filesize
4.0MB

Download
memory/3448-2037-0x00007FF608720000-0x00007FF608B16000-memory.dmp

Filesize
4.0MB

Download
memory/3700-2026-0x00007FF77A770000-0x00007FF77AB66000-memory.dmp

Filesize
4.0MB

Download
memory/3700-66-0x00007FF77A770000-0x00007FF77AB66000-memory.dmp

Filesize
4.0MB

Download
memory/4004-131-0x00007FF71CF20000-0x00007FF71D316000-memory.dmp

Filesize
4.0MB

Download
memory/4004-2035-0x00007FF71CF20000-0x00007FF71D316000-memory.dmp

Filesize
4.0MB

Download
memory/4188-2027-0x00007FF7A4B50000-0x00007FF7A4F46000-memory.dmp

Filesize
4.0MB

Download
memory/4188-63-0x00007FF7A4B50000-0x00007FF7A4F46000-memory.dmp

Filesize
4.0MB

Download
memory/4468-152-0x00007FF701360000-0x00007FF701756000-memory.dmp

Filesize
4.0MB

Download
memory/4468-2038-0x00007FF701360000-0x00007FF701756000-memory.dmp

Filesize
4.0MB

Download
memory/4504-2021-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp

Filesize
4.0MB

Download
memory/4504-11-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp

Filesize
4.0MB

Download
memory/4504-2006-0x00007FF7BF7B0000-0x00007FF7BFBA6000-memory.dmp

Filesize
4.0MB

Download
memory/4580-2011-0x00007FF64B280000-0x00007FF64B676000-memory.dmp

Filesize
4.0MB

Download
memory/4580-2042-0x00007FF64B280000-0x00007FF64B676000-memory.dmp

Filesize
4.0MB

Download
memory/4580-124-0x00007FF64B280000-0x00007FF64B676000-memory.dmp

Filesize
4.0MB

Download
memory/4884-2010-0x00007FF6095D0000-0x00007FF6099C6000-memory.dmp

Filesize
4.0MB

Download
memory/4884-2034-0x00007FF6095D0000-0x00007FF6099C6000-memory.dmp

Filesize
4.0MB

Download
memory/4884-117-0x00007FF6095D0000-0x00007FF6099C6000-memory.dmp

Filesize
4.0MB

Download