xmrig | 98a8665dde812c68f5f66a05106bdd551e858856b1d65c27c5652500f01d0e1b

Analysis

max time kernel
125s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
Size

1.4MB
MD5

ebe216c23c110aac77cfeeea1e196f60
SHA1

1f5579de6084cdc0c7d3d85711361ef4cdf39ba7
SHA256

98a8665dde812c68f5f66a05106bdd551e858856b1d65c27c5652500f01d0e1b
SHA512

32cfb9308a28073c1ea3d4121e7bb226d8442d558385c623bcc98e3b17981ac8e43bbbc2e159355ddae2757a1c7a051091491fd9ede45450766ec7c98c1edfe6
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t46xKQEFfG07:Lz071uv4BPMkFfdk2awGc

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/3868-64-0x00007FF702490000-0x00007FF702882000-memory.dmp	xmrig
behavioral2/memory/2808-79-0x00007FF7B1FA0000-0x00007FF7B2392000-memory.dmp	xmrig
behavioral2/memory/1956-93-0x00007FF7EE600000-0x00007FF7EE9F2000-memory.dmp	xmrig
behavioral2/memory/1812-164-0x00007FF643880000-0x00007FF643C72000-memory.dmp	xmrig
behavioral2/memory/4508-124-0x00007FF7A43E0000-0x00007FF7A47D2000-memory.dmp	xmrig
behavioral2/memory/4864-118-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp	xmrig
behavioral2/memory/1052-114-0x00007FF781ED0000-0x00007FF7822C2000-memory.dmp	xmrig
behavioral2/memory/1500-108-0x00007FF7C1C00000-0x00007FF7C1FF2000-memory.dmp	xmrig
behavioral2/memory/4640-105-0x00007FF768960000-0x00007FF768D52000-memory.dmp	xmrig
behavioral2/memory/2236-104-0x00007FF7ECC50000-0x00007FF7ED042000-memory.dmp	xmrig
behavioral2/memory/4488-100-0x00007FF7D4F60000-0x00007FF7D5352000-memory.dmp	xmrig
behavioral2/memory/3068-94-0x00007FF704110000-0x00007FF704502000-memory.dmp	xmrig
behavioral2/memory/384-89-0x00007FF7575E0000-0x00007FF7579D2000-memory.dmp	xmrig
behavioral2/memory/4064-80-0x00007FF6EE8E0000-0x00007FF6EECD2000-memory.dmp	xmrig
behavioral2/memory/1116-55-0x00007FF6A9920000-0x00007FF6A9D12000-memory.dmp	xmrig
behavioral2/memory/2452-1268-0x00007FF601110000-0x00007FF601502000-memory.dmp	xmrig
behavioral2/memory/3112-1910-0x00007FF7F4DC0000-0x00007FF7F51B2000-memory.dmp	xmrig
behavioral2/memory/1012-1977-0x00007FF712290000-0x00007FF712682000-memory.dmp	xmrig
behavioral2/memory/3672-1979-0x00007FF778AC0000-0x00007FF778EB2000-memory.dmp	xmrig
behavioral2/memory/4684-1980-0x00007FF6D05B0000-0x00007FF6D09A2000-memory.dmp	xmrig
behavioral2/memory/3664-1981-0x00007FF69AE00000-0x00007FF69B1F2000-memory.dmp	xmrig
behavioral2/memory/4012-2014-0x00007FF7CCCC0000-0x00007FF7CD0B2000-memory.dmp	xmrig
behavioral2/memory/4644-2015-0x00007FF7BBAB0000-0x00007FF7BBEA2000-memory.dmp	xmrig
behavioral2/memory/2076-2016-0x00007FF642560000-0x00007FF642952000-memory.dmp	xmrig
behavioral2/memory/2684-2028-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp	xmrig
behavioral2/memory/3112-2047-0x00007FF7F4DC0000-0x00007FF7F51B2000-memory.dmp	xmrig
behavioral2/memory/1012-2049-0x00007FF712290000-0x00007FF712682000-memory.dmp	xmrig
behavioral2/memory/3672-2051-0x00007FF778AC0000-0x00007FF778EB2000-memory.dmp	xmrig
behavioral2/memory/3868-2054-0x00007FF702490000-0x00007FF702882000-memory.dmp	xmrig
behavioral2/memory/3664-2059-0x00007FF69AE00000-0x00007FF69B1F2000-memory.dmp	xmrig
behavioral2/memory/4684-2058-0x00007FF6D05B0000-0x00007FF6D09A2000-memory.dmp	xmrig
behavioral2/memory/1116-2056-0x00007FF6A9920000-0x00007FF6A9D12000-memory.dmp	xmrig
behavioral2/memory/4064-2071-0x00007FF6EE8E0000-0x00007FF6EECD2000-memory.dmp	xmrig
behavioral2/memory/4488-2069-0x00007FF7D4F60000-0x00007FF7D5352000-memory.dmp	xmrig
behavioral2/memory/2808-2075-0x00007FF7B1FA0000-0x00007FF7B2392000-memory.dmp	xmrig
behavioral2/memory/384-2073-0x00007FF7575E0000-0x00007FF7579D2000-memory.dmp	xmrig
behavioral2/memory/2236-2067-0x00007FF7ECC50000-0x00007FF7ED042000-memory.dmp	xmrig
behavioral2/memory/3068-2063-0x00007FF704110000-0x00007FF704502000-memory.dmp	xmrig
behavioral2/memory/4640-2062-0x00007FF768960000-0x00007FF768D52000-memory.dmp	xmrig
behavioral2/memory/1956-2066-0x00007FF7EE600000-0x00007FF7EE9F2000-memory.dmp	xmrig
behavioral2/memory/1500-2089-0x00007FF7C1C00000-0x00007FF7C1FF2000-memory.dmp	xmrig
behavioral2/memory/4644-2091-0x00007FF7BBAB0000-0x00007FF7BBEA2000-memory.dmp	xmrig
behavioral2/memory/2684-2088-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp	xmrig
behavioral2/memory/4508-2086-0x00007FF7A43E0000-0x00007FF7A47D2000-memory.dmp	xmrig
behavioral2/memory/4012-2084-0x00007FF7CCCC0000-0x00007FF7CD0B2000-memory.dmp	xmrig
behavioral2/memory/2076-2082-0x00007FF642560000-0x00007FF642952000-memory.dmp	xmrig
behavioral2/memory/4864-2078-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp	xmrig
behavioral2/memory/1052-2080-0x00007FF781ED0000-0x00007FF7822C2000-memory.dmp	xmrig
behavioral2/memory/1812-2094-0x00007FF643880000-0x00007FF643C72000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	3980	powershell.exe
10	3980	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3980	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3112	iiazcsA.exe
1012	DWtxCcA.exe
3672	RrzfXsL.exe
3664	fCdSiZb.exe
1116	rGZZKDZ.exe
4684	VwkBxUJ.exe
3868	fhZAYpE.exe
4488	EgJWWMM.exe
2808	sXWBupR.exe
4064	RTTrGyF.exe
384	mhqYUXl.exe
2236	QOitRbe.exe
4640	rDQHFzj.exe
1956	FbYPnHS.exe
3068	qmValdj.exe
1500	LzfKbTS.exe
1052	ZYbinhR.exe
4864	zbGSzfx.exe
4508	ieoyizN.exe
4012	ZdaFcQJ.exe
4644	gFgjTpr.exe
2076	VMGEtar.exe
2684	HXOKCpU.exe
1812	fEOLEYO.exe
3216	OdYSHJq.exe
1100	fKFjMjn.exe
2596	BiUOqxG.exe
1628	iMukwbk.exe
4988	zRqhfMf.exe
1204	aAnzYEg.exe
4520	FdkFAVZ.exe
4492	HBNHQmq.exe
1684	nNvaNpT.exe
5104	uBJrtOt.exe
4468	yQJIZtC.exe
920	JRqPZQL.exe
2904	IEeoxcf.exe
1220	DmmSwdJ.exe
4324	RoQOhQx.exe
1484	BZYzGFP.exe
1164	LBPBzmT.exe
5136	PzfdtEO.exe
5168	MrtMOxp.exe
5196	DstTPrS.exe
5236	jpSgUDr.exe
5260	bvAcPQh.exe
5292	xxEUoOV.exe
5320	xOMnwFw.exe
5348	PxeyAIx.exe
5376	eLQunlt.exe
5408	aegFihD.exe
5436	AaPMRNW.exe
5464	bgDQMdl.exe
5492	MASqZIn.exe
5520	totVGOY.exe
5544	haanNgw.exe
5576	aHfSJCN.exe
5604	CJWuNYT.exe
5632	UDUWNSt.exe
5660	GzsNMqR.exe
5688	toBcMIu.exe
5712	bKnCDHK.exe
5744	gmWgQvr.exe
5772	TIXtnsd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2452-0-0x00007FF601110000-0x00007FF601502000-memory.dmp	upx
behavioral2/files/0x000800000002351f-5.dat	upx
behavioral2/files/0x0007000000023523-9.dat	upx
behavioral2/files/0x0007000000023525-21.dat	upx
behavioral2/files/0x0007000000023526-23.dat	upx
behavioral2/files/0x0007000000023528-36.dat	upx
behavioral2/files/0x000700000002352e-70.dat	upx
behavioral2/memory/3868-64-0x00007FF702490000-0x00007FF702882000-memory.dmp	upx
behavioral2/memory/2808-79-0x00007FF7B1FA0000-0x00007FF7B2392000-memory.dmp	upx
behavioral2/files/0x0007000000023530-85.dat	upx
behavioral2/memory/1956-93-0x00007FF7EE600000-0x00007FF7EE9F2000-memory.dmp	upx
behavioral2/files/0x0007000000023531-96.dat	upx
behavioral2/files/0x0008000000023520-109.dat	upx
behavioral2/files/0x0007000000023533-119.dat	upx
behavioral2/files/0x0007000000023536-127.dat	upx
behavioral2/memory/2684-158-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp	upx
behavioral2/files/0x000700000002353e-185.dat	upx
behavioral2/files/0x000800000002353a-197.dat	upx
behavioral2/files/0x0007000000023540-195.dat	upx
behavioral2/files/0x0007000000023541-192.dat	upx
behavioral2/files/0x000700000002353f-190.dat	upx
behavioral2/files/0x000700000002353d-180.dat	upx
behavioral2/files/0x000800000002353b-175.dat	upx
behavioral2/files/0x000700000002353c-170.dat	upx
behavioral2/files/0x0007000000023539-165.dat	upx
behavioral2/memory/1812-164-0x00007FF643880000-0x00007FF643C72000-memory.dmp	upx
behavioral2/files/0x0007000000023538-159.dat	upx
behavioral2/files/0x0007000000023537-153.dat	upx
behavioral2/memory/2076-152-0x00007FF642560000-0x00007FF642952000-memory.dmp	upx
behavioral2/memory/4644-136-0x00007FF7BBAB0000-0x00007FF7BBEA2000-memory.dmp	upx
behavioral2/files/0x0007000000023535-131.dat	upx
behavioral2/memory/4012-130-0x00007FF7CCCC0000-0x00007FF7CD0B2000-memory.dmp	upx
behavioral2/files/0x0007000000023534-125.dat	upx
behavioral2/memory/4508-124-0x00007FF7A43E0000-0x00007FF7A47D2000-memory.dmp	upx
behavioral2/memory/4864-118-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp	upx
behavioral2/memory/1052-114-0x00007FF781ED0000-0x00007FF7822C2000-memory.dmp	upx
behavioral2/memory/1500-108-0x00007FF7C1C00000-0x00007FF7C1FF2000-memory.dmp	upx
behavioral2/memory/4640-105-0x00007FF768960000-0x00007FF768D52000-memory.dmp	upx
behavioral2/memory/2236-104-0x00007FF7ECC50000-0x00007FF7ED042000-memory.dmp	upx
behavioral2/files/0x0007000000023532-102.dat	upx
behavioral2/memory/4488-100-0x00007FF7D4F60000-0x00007FF7D5352000-memory.dmp	upx
behavioral2/memory/3068-94-0x00007FF704110000-0x00007FF704502000-memory.dmp	upx
behavioral2/memory/384-89-0x00007FF7575E0000-0x00007FF7579D2000-memory.dmp	upx
behavioral2/files/0x000700000002352f-83.dat	upx
behavioral2/files/0x000700000002352d-74.dat	upx
behavioral2/files/0x000700000002352c-73.dat	upx
behavioral2/memory/4064-80-0x00007FF6EE8E0000-0x00007FF6EECD2000-memory.dmp	upx
behavioral2/files/0x000700000002352b-71.dat	upx
behavioral2/files/0x000700000002352a-59.dat	upx
behavioral2/files/0x0007000000023529-58.dat	upx
behavioral2/memory/1116-55-0x00007FF6A9920000-0x00007FF6A9D12000-memory.dmp	upx
behavioral2/memory/4684-48-0x00007FF6D05B0000-0x00007FF6D09A2000-memory.dmp	upx
behavioral2/files/0x0007000000023527-37.dat	upx
behavioral2/memory/3664-33-0x00007FF69AE00000-0x00007FF69B1F2000-memory.dmp	upx
behavioral2/files/0x0007000000023524-28.dat	upx
behavioral2/memory/3672-25-0x00007FF778AC0000-0x00007FF778EB2000-memory.dmp	upx
behavioral2/memory/1012-10-0x00007FF712290000-0x00007FF712682000-memory.dmp	upx
behavioral2/memory/3112-6-0x00007FF7F4DC0000-0x00007FF7F51B2000-memory.dmp	upx
behavioral2/memory/2452-1268-0x00007FF601110000-0x00007FF601502000-memory.dmp	upx
behavioral2/memory/3112-1910-0x00007FF7F4DC0000-0x00007FF7F51B2000-memory.dmp	upx
behavioral2/memory/1012-1977-0x00007FF712290000-0x00007FF712682000-memory.dmp	upx
behavioral2/memory/3672-1979-0x00007FF778AC0000-0x00007FF778EB2000-memory.dmp	upx
behavioral2/memory/4684-1980-0x00007FF6D05B0000-0x00007FF6D09A2000-memory.dmp	upx
behavioral2/memory/3664-1981-0x00007FF69AE00000-0x00007FF69B1F2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hsocwBo.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\qMKBDUF.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\nyObnnQ.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\qHpXMjG.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\QNHqODY.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\FxDjFpG.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\klNItJm.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\TuWrOvd.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\HSIlPLR.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\WDnEIDS.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\mgkVbYc.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\fhZAYpE.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\BZYzGFP.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\jlFkQMD.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\EdUUqQf.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\cYIoswW.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\YyxaUfE.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\LMRpiDG.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\tmFgxCt.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\KhGtfMo.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\kVdrBHM.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\lBQehlk.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\mYpXcBv.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\HXOKCpU.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\rfXsnby.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\IiZxFzT.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\SaWClxX.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\FHzwEeU.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\tzrHdTQ.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\VLbvhAw.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\wNkIHrF.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\DwTCBjT.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\WbiZGkC.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\sLCMpUI.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\RttyvNa.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\NrVFuyF.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\dBSlnXk.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\oitpGuW.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\hobfzQu.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\NGeTDLt.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\oKmVjkV.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\zMdAtop.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\uCrwvfG.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\mghppwG.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\WOvPfLu.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\eeLzvbb.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\qioinNo.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\gmWgQvr.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\ZXEqFut.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\fZFUSjl.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\FUzLLcv.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\uqiywCv.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\cODkiHC.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\gGxdjWw.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\cYVaryl.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\FEvjdzP.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\tIzWZFw.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\teDNtGj.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\oAmfolB.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\sORSLFh.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\MfIBiFv.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\wKzaOes.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\lcqKRGi.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
File created	C:\Windows\System\kFZBPtM.exe	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3980	powershell.exe
3980	powershell.exe
3980	powershell.exe
3980	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
Token: SeDebugPrivilege	3980	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 3980	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	92
PID 2452 wrote to memory of 3980	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	92
PID 2452 wrote to memory of 3112	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	93
PID 2452 wrote to memory of 3112	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	93
PID 2452 wrote to memory of 1012	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	94
PID 2452 wrote to memory of 1012	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	94
PID 2452 wrote to memory of 3672	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	95
PID 2452 wrote to memory of 3672	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	95
PID 2452 wrote to memory of 3664	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	96
PID 2452 wrote to memory of 3664	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	96
PID 2452 wrote to memory of 1116	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	97
PID 2452 wrote to memory of 1116	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	97
PID 2452 wrote to memory of 4684	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	98
PID 2452 wrote to memory of 4684	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	98
PID 2452 wrote to memory of 3868	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	99
PID 2452 wrote to memory of 3868	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	99
PID 2452 wrote to memory of 4488	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	100
PID 2452 wrote to memory of 4488	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	100
PID 2452 wrote to memory of 2808	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	101
PID 2452 wrote to memory of 2808	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	101
PID 2452 wrote to memory of 4064	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	102
PID 2452 wrote to memory of 4064	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	102
PID 2452 wrote to memory of 384	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	103
PID 2452 wrote to memory of 384	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	103
PID 2452 wrote to memory of 2236	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	104
PID 2452 wrote to memory of 2236	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	104
PID 2452 wrote to memory of 4640	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	105
PID 2452 wrote to memory of 4640	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	105
PID 2452 wrote to memory of 1956	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	106
PID 2452 wrote to memory of 1956	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	106
PID 2452 wrote to memory of 3068	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	107
PID 2452 wrote to memory of 3068	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	107
PID 2452 wrote to memory of 1500	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	108
PID 2452 wrote to memory of 1500	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	108
PID 2452 wrote to memory of 1052	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	109
PID 2452 wrote to memory of 1052	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	109
PID 2452 wrote to memory of 4864	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	110
PID 2452 wrote to memory of 4864	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	110
PID 2452 wrote to memory of 4508	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	111
PID 2452 wrote to memory of 4508	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	111
PID 2452 wrote to memory of 4012	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	112
PID 2452 wrote to memory of 4012	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	112
PID 2452 wrote to memory of 4644	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	113
PID 2452 wrote to memory of 4644	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	113
PID 2452 wrote to memory of 2076	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	114
PID 2452 wrote to memory of 2076	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	114
PID 2452 wrote to memory of 2684	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	115
PID 2452 wrote to memory of 2684	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	115
PID 2452 wrote to memory of 1812	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	116
PID 2452 wrote to memory of 1812	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	116
PID 2452 wrote to memory of 3216	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	117
PID 2452 wrote to memory of 3216	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	117
PID 2452 wrote to memory of 1100	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	118
PID 2452 wrote to memory of 1100	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	118
PID 2452 wrote to memory of 2596	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	119
PID 2452 wrote to memory of 2596	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	119
PID 2452 wrote to memory of 1628	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	120
PID 2452 wrote to memory of 1628	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	120
PID 2452 wrote to memory of 4988	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	121
PID 2452 wrote to memory of 4988	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	121
PID 2452 wrote to memory of 1204	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	122
PID 2452 wrote to memory of 1204	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	122
PID 2452 wrote to memory of 4520	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	123
PID 2452 wrote to memory of 4520	2452	ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe	123

C:\Users\Admin\AppData\Local\Temp\ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ebe216c23c110aac77cfeeea1e196f60_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3980
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3980" "2960" "2892" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:14276
- C:\Windows\System\iiazcsA.exe
  C:\Windows\System\iiazcsA.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\DWtxCcA.exe
  C:\Windows\System\DWtxCcA.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\RrzfXsL.exe
  C:\Windows\System\RrzfXsL.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\fCdSiZb.exe
  C:\Windows\System\fCdSiZb.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\rGZZKDZ.exe
  C:\Windows\System\rGZZKDZ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\VwkBxUJ.exe
  C:\Windows\System\VwkBxUJ.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\fhZAYpE.exe
  C:\Windows\System\fhZAYpE.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\EgJWWMM.exe
  C:\Windows\System\EgJWWMM.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\sXWBupR.exe
  C:\Windows\System\sXWBupR.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\RTTrGyF.exe
  C:\Windows\System\RTTrGyF.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\mhqYUXl.exe
  C:\Windows\System\mhqYUXl.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\QOitRbe.exe
  C:\Windows\System\QOitRbe.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\rDQHFzj.exe
  C:\Windows\System\rDQHFzj.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\FbYPnHS.exe
  C:\Windows\System\FbYPnHS.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\qmValdj.exe
  C:\Windows\System\qmValdj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\LzfKbTS.exe
  C:\Windows\System\LzfKbTS.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ZYbinhR.exe
  C:\Windows\System\ZYbinhR.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\zbGSzfx.exe
  C:\Windows\System\zbGSzfx.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\ieoyizN.exe
  C:\Windows\System\ieoyizN.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\ZdaFcQJ.exe
  C:\Windows\System\ZdaFcQJ.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\gFgjTpr.exe
  C:\Windows\System\gFgjTpr.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\VMGEtar.exe
  C:\Windows\System\VMGEtar.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\HXOKCpU.exe
  C:\Windows\System\HXOKCpU.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\fEOLEYO.exe
  C:\Windows\System\fEOLEYO.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\OdYSHJq.exe
  C:\Windows\System\OdYSHJq.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\fKFjMjn.exe
  C:\Windows\System\fKFjMjn.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\BiUOqxG.exe
  C:\Windows\System\BiUOqxG.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\iMukwbk.exe
  C:\Windows\System\iMukwbk.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\zRqhfMf.exe
  C:\Windows\System\zRqhfMf.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\aAnzYEg.exe
  C:\Windows\System\aAnzYEg.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\FdkFAVZ.exe
  C:\Windows\System\FdkFAVZ.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\HBNHQmq.exe
  C:\Windows\System\HBNHQmq.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\nNvaNpT.exe
  C:\Windows\System\nNvaNpT.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\uBJrtOt.exe
  C:\Windows\System\uBJrtOt.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\yQJIZtC.exe
  C:\Windows\System\yQJIZtC.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\JRqPZQL.exe
  C:\Windows\System\JRqPZQL.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\IEeoxcf.exe
  C:\Windows\System\IEeoxcf.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\DmmSwdJ.exe
  C:\Windows\System\DmmSwdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\RoQOhQx.exe
  C:\Windows\System\RoQOhQx.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\BZYzGFP.exe
  C:\Windows\System\BZYzGFP.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LBPBzmT.exe
  C:\Windows\System\LBPBzmT.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\PzfdtEO.exe
  C:\Windows\System\PzfdtEO.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\MrtMOxp.exe
  C:\Windows\System\MrtMOxp.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\DstTPrS.exe
  C:\Windows\System\DstTPrS.exe
  2⤵
  - Executes dropped EXE
  PID:5196
- C:\Windows\System\jpSgUDr.exe
  C:\Windows\System\jpSgUDr.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System\bvAcPQh.exe
  C:\Windows\System\bvAcPQh.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\xxEUoOV.exe
  C:\Windows\System\xxEUoOV.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System\xOMnwFw.exe
  C:\Windows\System\xOMnwFw.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System\PxeyAIx.exe
  C:\Windows\System\PxeyAIx.exe
  2⤵
  - Executes dropped EXE
  PID:5348
- C:\Windows\System\eLQunlt.exe
  C:\Windows\System\eLQunlt.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System\aegFihD.exe
  C:\Windows\System\aegFihD.exe
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\System\AaPMRNW.exe
  C:\Windows\System\AaPMRNW.exe
  2⤵
  - Executes dropped EXE
  PID:5436
- C:\Windows\System\bgDQMdl.exe
  C:\Windows\System\bgDQMdl.exe
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Windows\System\MASqZIn.exe
  C:\Windows\System\MASqZIn.exe
  2⤵
  - Executes dropped EXE
  PID:5492
- C:\Windows\System\totVGOY.exe
  C:\Windows\System\totVGOY.exe
  2⤵
  - Executes dropped EXE
  PID:5520
- C:\Windows\System\haanNgw.exe
  C:\Windows\System\haanNgw.exe
  2⤵
  - Executes dropped EXE
  PID:5544
- C:\Windows\System\aHfSJCN.exe
  C:\Windows\System\aHfSJCN.exe
  2⤵
  - Executes dropped EXE
  PID:5576
- C:\Windows\System\CJWuNYT.exe
  C:\Windows\System\CJWuNYT.exe
  2⤵
  - Executes dropped EXE
  PID:5604
- C:\Windows\System\UDUWNSt.exe
  C:\Windows\System\UDUWNSt.exe
  2⤵
  - Executes dropped EXE
  PID:5632
- C:\Windows\System\GzsNMqR.exe
  C:\Windows\System\GzsNMqR.exe
  2⤵
  - Executes dropped EXE
  PID:5660
- C:\Windows\System\toBcMIu.exe
  C:\Windows\System\toBcMIu.exe
  2⤵
  - Executes dropped EXE
  PID:5688
- C:\Windows\System\bKnCDHK.exe
  C:\Windows\System\bKnCDHK.exe
  2⤵
  - Executes dropped EXE
  PID:5712
- C:\Windows\System\gmWgQvr.exe
  C:\Windows\System\gmWgQvr.exe
  2⤵
  - Executes dropped EXE
  PID:5744
- C:\Windows\System\TIXtnsd.exe
  C:\Windows\System\TIXtnsd.exe
  2⤵
  - Executes dropped EXE
  PID:5772
- C:\Windows\System\rhuTwes.exe
  C:\Windows\System\rhuTwes.exe
  2⤵
  PID:5800
- C:\Windows\System\jwkXbhl.exe
  C:\Windows\System\jwkXbhl.exe
  2⤵
  PID:5828
- C:\Windows\System\TcaySgD.exe
  C:\Windows\System\TcaySgD.exe
  2⤵
  PID:5856
- C:\Windows\System\JICwbfh.exe
  C:\Windows\System\JICwbfh.exe
  2⤵
  PID:5888
- C:\Windows\System\GcoYadX.exe
  C:\Windows\System\GcoYadX.exe
  2⤵
  PID:5916
- C:\Windows\System\lcqKRGi.exe
  C:\Windows\System\lcqKRGi.exe
  2⤵
  PID:5940
- C:\Windows\System\dOKqwlP.exe
  C:\Windows\System\dOKqwlP.exe
  2⤵
  PID:5972
- C:\Windows\System\bKXsnlP.exe
  C:\Windows\System\bKXsnlP.exe
  2⤵
  PID:6000
- C:\Windows\System\uBThAxo.exe
  C:\Windows\System\uBThAxo.exe
  2⤵
  PID:6028
- C:\Windows\System\VPxuMBT.exe
  C:\Windows\System\VPxuMBT.exe
  2⤵
  PID:6052
- C:\Windows\System\TzlPZbH.exe
  C:\Windows\System\TzlPZbH.exe
  2⤵
  PID:6088
- C:\Windows\System\kVcakVA.exe
  C:\Windows\System\kVcakVA.exe
  2⤵
  PID:6124
- C:\Windows\System\rmqmmYu.exe
  C:\Windows\System\rmqmmYu.exe
  2⤵
  PID:4396
- C:\Windows\System\MBGucBA.exe
  C:\Windows\System\MBGucBA.exe
  2⤵
  PID:2020
- C:\Windows\System\Pjsusdm.exe
  C:\Windows\System\Pjsusdm.exe
  2⤵
  PID:4040
- C:\Windows\System\CtDOZHl.exe
  C:\Windows\System\CtDOZHl.exe
  2⤵
  PID:2812
- C:\Windows\System\aNBXrwt.exe
  C:\Windows\System\aNBXrwt.exe
  2⤵
  PID:5156
- C:\Windows\System\OFViAHB.exe
  C:\Windows\System\OFViAHB.exe
  2⤵
  PID:5228
- C:\Windows\System\XGchcQu.exe
  C:\Windows\System\XGchcQu.exe
  2⤵
  PID:5284
- C:\Windows\System\AGAlLwM.exe
  C:\Windows\System\AGAlLwM.exe
  2⤵
  PID:5360
- C:\Windows\System\KfZgKdX.exe
  C:\Windows\System\KfZgKdX.exe
  2⤵
  PID:5420
- C:\Windows\System\gqPItAW.exe
  C:\Windows\System\gqPItAW.exe
  2⤵
  PID:5476
- C:\Windows\System\mzTpvur.exe
  C:\Windows\System\mzTpvur.exe
  2⤵
  PID:5536
- C:\Windows\System\mTzTRfJ.exe
  C:\Windows\System\mTzTRfJ.exe
  2⤵
  PID:5588
- C:\Windows\System\IuDcZWl.exe
  C:\Windows\System\IuDcZWl.exe
  2⤵
  PID:5652
- C:\Windows\System\XXvFsCB.exe
  C:\Windows\System\XXvFsCB.exe
  2⤵
  PID:5700
- C:\Windows\System\ftzclJU.exe
  C:\Windows\System\ftzclJU.exe
  2⤵
  PID:5764
- C:\Windows\System\SLEeACq.exe
  C:\Windows\System\SLEeACq.exe
  2⤵
  PID:5840
- C:\Windows\System\fMrOlUh.exe
  C:\Windows\System\fMrOlUh.exe
  2⤵
  PID:5900
- C:\Windows\System\KYQvVYq.exe
  C:\Windows\System\KYQvVYq.exe
  2⤵
  PID:5956
- C:\Windows\System\KUudvFL.exe
  C:\Windows\System\KUudvFL.exe
  2⤵
  PID:6020
- C:\Windows\System\FOHYpfx.exe
  C:\Windows\System\FOHYpfx.exe
  2⤵
  PID:6100
- C:\Windows\System\SKPgrCo.exe
  C:\Windows\System\SKPgrCo.exe
  2⤵
  PID:6140
- C:\Windows\System\CmxkITw.exe
  C:\Windows\System\CmxkITw.exe
  2⤵
  PID:2400
- C:\Windows\System\vbhVHIX.exe
  C:\Windows\System\vbhVHIX.exe
  2⤵
  PID:5152
- C:\Windows\System\PQmXnIt.exe
  C:\Windows\System\PQmXnIt.exe
  2⤵
  PID:1584
- C:\Windows\System\DDPRlrg.exe
  C:\Windows\System\DDPRlrg.exe
  2⤵
  PID:5392
- C:\Windows\System\MTIEmWF.exe
  C:\Windows\System\MTIEmWF.exe
  2⤵
  PID:5456
- C:\Windows\System\XwqYhMf.exe
  C:\Windows\System\XwqYhMf.exe
  2⤵
  PID:444
- C:\Windows\System\GCeISpw.exe
  C:\Windows\System\GCeISpw.exe
  2⤵
  PID:3900
- C:\Windows\System\YyxaUfE.exe
  C:\Windows\System\YyxaUfE.exe
  2⤵
  PID:5852
- C:\Windows\System\zDmtfMr.exe
  C:\Windows\System\zDmtfMr.exe
  2⤵
  PID:5988
- C:\Windows\System\IiLYsrW.exe
  C:\Windows\System\IiLYsrW.exe
  2⤵
  PID:6048
- C:\Windows\System\aLMkKWi.exe
  C:\Windows\System\aLMkKWi.exe
  2⤵
  PID:3636
- C:\Windows\System\WvQuczL.exe
  C:\Windows\System\WvQuczL.exe
  2⤵
  PID:5256
- C:\Windows\System\ZQPbEjp.exe
  C:\Windows\System\ZQPbEjp.exe
  2⤵
  PID:608
- C:\Windows\System\ngDqAwk.exe
  C:\Windows\System\ngDqAwk.exe
  2⤵
  PID:5680
- C:\Windows\System\MMicyur.exe
  C:\Windows\System\MMicyur.exe
  2⤵
  PID:460
- C:\Windows\System\xkcFDBt.exe
  C:\Windows\System\xkcFDBt.exe
  2⤵
  PID:6168
- C:\Windows\System\rMGpfhn.exe
  C:\Windows\System\rMGpfhn.exe
  2⤵
  PID:6200
- C:\Windows\System\QDhEmhe.exe
  C:\Windows\System\QDhEmhe.exe
  2⤵
  PID:6232
- C:\Windows\System\IZsuuHy.exe
  C:\Windows\System\IZsuuHy.exe
  2⤵
  PID:6260
- C:\Windows\System\RDiiUax.exe
  C:\Windows\System\RDiiUax.exe
  2⤵
  PID:6292
- C:\Windows\System\hPfYzJS.exe
  C:\Windows\System\hPfYzJS.exe
  2⤵
  PID:6320
- C:\Windows\System\rfXsnby.exe
  C:\Windows\System\rfXsnby.exe
  2⤵
  PID:6352
- C:\Windows\System\WPDeRXw.exe
  C:\Windows\System\WPDeRXw.exe
  2⤵
  PID:6380
- C:\Windows\System\IQAYjIm.exe
  C:\Windows\System\IQAYjIm.exe
  2⤵
  PID:6408
- C:\Windows\System\LbqlhQw.exe
  C:\Windows\System\LbqlhQw.exe
  2⤵
  PID:6436
- C:\Windows\System\xwapxXT.exe
  C:\Windows\System\xwapxXT.exe
  2⤵
  PID:6464
- C:\Windows\System\tpnzojm.exe
  C:\Windows\System\tpnzojm.exe
  2⤵
  PID:6488
- C:\Windows\System\fliokAV.exe
  C:\Windows\System\fliokAV.exe
  2⤵
  PID:6520
- C:\Windows\System\mGSGcAm.exe
  C:\Windows\System\mGSGcAm.exe
  2⤵
  PID:6588
- C:\Windows\System\SereMOO.exe
  C:\Windows\System\SereMOO.exe
  2⤵
  PID:6612
- C:\Windows\System\JCYEtDq.exe
  C:\Windows\System\JCYEtDq.exe
  2⤵
  PID:6656
- C:\Windows\System\LgpApBO.exe
  C:\Windows\System\LgpApBO.exe
  2⤵
  PID:6728
- C:\Windows\System\ZXEqFut.exe
  C:\Windows\System\ZXEqFut.exe
  2⤵
  PID:6744
- C:\Windows\System\NGeTDLt.exe
  C:\Windows\System\NGeTDLt.exe
  2⤵
  PID:6768
- C:\Windows\System\kFZBPtM.exe
  C:\Windows\System\kFZBPtM.exe
  2⤵
  PID:6788
- C:\Windows\System\tEDuXGj.exe
  C:\Windows\System\tEDuXGj.exe
  2⤵
  PID:6824
- C:\Windows\System\WbnClpz.exe
  C:\Windows\System\WbnClpz.exe
  2⤵
  PID:6852
- C:\Windows\System\BFKgwJz.exe
  C:\Windows\System\BFKgwJz.exe
  2⤵
  PID:6884
- C:\Windows\System\iiynChW.exe
  C:\Windows\System\iiynChW.exe
  2⤵
  PID:6904
- C:\Windows\System\eepGpar.exe
  C:\Windows\System\eepGpar.exe
  2⤵
  PID:6924
- C:\Windows\System\Vknvfyb.exe
  C:\Windows\System\Vknvfyb.exe
  2⤵
  PID:6956
- C:\Windows\System\zDZlIfv.exe
  C:\Windows\System\zDZlIfv.exe
  2⤵
  PID:6972
- C:\Windows\System\xIVTudG.exe
  C:\Windows\System\xIVTudG.exe
  2⤵
  PID:7008
- C:\Windows\System\vKgUJEn.exe
  C:\Windows\System\vKgUJEn.exe
  2⤵
  PID:7024
- C:\Windows\System\JVKBjxG.exe
  C:\Windows\System\JVKBjxG.exe
  2⤵
  PID:7044
- C:\Windows\System\GoBuCFz.exe
  C:\Windows\System\GoBuCFz.exe
  2⤵
  PID:7068
- C:\Windows\System\hsocwBo.exe
  C:\Windows\System\hsocwBo.exe
  2⤵
  PID:7088
- C:\Windows\System\BifHsDp.exe
  C:\Windows\System\BifHsDp.exe
  2⤵
  PID:7116
- C:\Windows\System\hoEozGZ.exe
  C:\Windows\System\hoEozGZ.exe
  2⤵
  PID:7148
- C:\Windows\System\zShSbDi.exe
  C:\Windows\System\zShSbDi.exe
  2⤵
  PID:5928
- C:\Windows\System\ZWXIZkU.exe
  C:\Windows\System\ZWXIZkU.exe
  2⤵
  PID:2868
- C:\Windows\System\ouXfaji.exe
  C:\Windows\System\ouXfaji.exe
  2⤵
  PID:4384
- C:\Windows\System\FWCtaDa.exe
  C:\Windows\System\FWCtaDa.exe
  2⤵
  PID:5812
- C:\Windows\System\PlusskL.exe
  C:\Windows\System\PlusskL.exe
  2⤵
  PID:6188
- C:\Windows\System\BXpaAOj.exe
  C:\Windows\System\BXpaAOj.exe
  2⤵
  PID:4108
- C:\Windows\System\oKmVjkV.exe
  C:\Windows\System\oKmVjkV.exe
  2⤵
  PID:6288
- C:\Windows\System\wFVqYDa.exe
  C:\Windows\System\wFVqYDa.exe
  2⤵
  PID:6316
- C:\Windows\System\EufBFwl.exe
  C:\Windows\System\EufBFwl.exe
  2⤵
  PID:6344
- C:\Windows\System\wNkIHrF.exe
  C:\Windows\System\wNkIHrF.exe
  2⤵
  PID:6376
- C:\Windows\System\LUlaYry.exe
  C:\Windows\System\LUlaYry.exe
  2⤵
  PID:4800
- C:\Windows\System\bsQniZI.exe
  C:\Windows\System\bsQniZI.exe
  2⤵
  PID:3396
- C:\Windows\System\siqdBuz.exe
  C:\Windows\System\siqdBuz.exe
  2⤵
  PID:6500
- C:\Windows\System\LwqUfjq.exe
  C:\Windows\System\LwqUfjq.exe
  2⤵
  PID:1112
- C:\Windows\System\eWIvWPp.exe
  C:\Windows\System\eWIvWPp.exe
  2⤵
  PID:6516
- C:\Windows\System\DkJXlvV.exe
  C:\Windows\System\DkJXlvV.exe
  2⤵
  PID:6652
- C:\Windows\System\LMRpiDG.exe
  C:\Windows\System\LMRpiDG.exe
  2⤵
  PID:3580
- C:\Windows\System\cupLOFg.exe
  C:\Windows\System\cupLOFg.exe
  2⤵
  PID:4616
- C:\Windows\System\SvNMbxj.exe
  C:\Windows\System\SvNMbxj.exe
  2⤵
  PID:396
- C:\Windows\System\zjQDEjG.exe
  C:\Windows\System\zjQDEjG.exe
  2⤵
  PID:2956
- C:\Windows\System\KHSWNtV.exe
  C:\Windows\System\KHSWNtV.exe
  2⤵
  PID:6760
- C:\Windows\System\vklyvEc.exe
  C:\Windows\System\vklyvEc.exe
  2⤵
  PID:6832
- C:\Windows\System\DzteVVm.exe
  C:\Windows\System\DzteVVm.exe
  2⤵
  PID:6872
- C:\Windows\System\KZzzznD.exe
  C:\Windows\System\KZzzznD.exe
  2⤵
  PID:7000
- C:\Windows\System\MudCMrS.exe
  C:\Windows\System\MudCMrS.exe
  2⤵
  PID:7060
- C:\Windows\System\yRmxwej.exe
  C:\Windows\System\yRmxwej.exe
  2⤵
  PID:7108
- C:\Windows\System\EJjTtHm.exe
  C:\Windows\System\EJjTtHm.exe
  2⤵
  PID:7140
- C:\Windows\System\hsMjrrS.exe
  C:\Windows\System\hsMjrrS.exe
  2⤵
  PID:5564
- C:\Windows\System\KqMkBQF.exe
  C:\Windows\System\KqMkBQF.exe
  2⤵
  PID:6224
- C:\Windows\System\rIVfiaQ.exe
  C:\Windows\System\rIVfiaQ.exe
  2⤵
  PID:6340
- C:\Windows\System\ZytThzN.exe
  C:\Windows\System\ZytThzN.exe
  2⤵
  PID:4680
- C:\Windows\System\jOGvUcX.exe
  C:\Windows\System\jOGvUcX.exe
  2⤵
  PID:6456
- C:\Windows\System\aeycYln.exe
  C:\Windows\System\aeycYln.exe
  2⤵
  PID:6604
- C:\Windows\System\uzbISmu.exe
  C:\Windows\System\uzbISmu.exe
  2⤵
  PID:4168
- C:\Windows\System\nWmvFTb.exe
  C:\Windows\System\nWmvFTb.exe
  2⤵
  PID:4972
- C:\Windows\System\itWHZPL.exe
  C:\Windows\System\itWHZPL.exe
  2⤵
  PID:6764
- C:\Windows\System\WFPscKo.exe
  C:\Windows\System\WFPscKo.exe
  2⤵
  PID:6844
- C:\Windows\System\LehTDKI.exe
  C:\Windows\System\LehTDKI.exe
  2⤵
  PID:7020
- C:\Windows\System\XDUpljo.exe
  C:\Windows\System\XDUpljo.exe
  2⤵
  PID:844
- C:\Windows\System\TuWrOvd.exe
  C:\Windows\System\TuWrOvd.exe
  2⤵
  PID:6256
- C:\Windows\System\KlYHKcf.exe
  C:\Windows\System\KlYHKcf.exe
  2⤵
  PID:5008
- C:\Windows\System\WKBBfEX.exe
  C:\Windows\System\WKBBfEX.exe
  2⤵
  PID:4996
- C:\Windows\System\BwMreXc.exe
  C:\Windows\System\BwMreXc.exe
  2⤵
  PID:6940
- C:\Windows\System\SRrSxVL.exe
  C:\Windows\System\SRrSxVL.exe
  2⤵
  PID:7036
- C:\Windows\System\BSSIFZJ.exe
  C:\Windows\System\BSSIFZJ.exe
  2⤵
  PID:4828
- C:\Windows\System\jlFkQMD.exe
  C:\Windows\System\jlFkQMD.exe
  2⤵
  PID:5044
- C:\Windows\System\TqiBlhv.exe
  C:\Windows\System\TqiBlhv.exe
  2⤵
  PID:7176
- C:\Windows\System\oAscxqz.exe
  C:\Windows\System\oAscxqz.exe
  2⤵
  PID:7200
- C:\Windows\System\DlmNlMa.exe
  C:\Windows\System\DlmNlMa.exe
  2⤵
  PID:7220
- C:\Windows\System\CIjrjsr.exe
  C:\Windows\System\CIjrjsr.exe
  2⤵
  PID:7236
- C:\Windows\System\YJQGCue.exe
  C:\Windows\System\YJQGCue.exe
  2⤵
  PID:7260
- C:\Windows\System\hhjblZA.exe
  C:\Windows\System\hhjblZA.exe
  2⤵
  PID:7284
- C:\Windows\System\PQsmQXw.exe
  C:\Windows\System\PQsmQXw.exe
  2⤵
  PID:7332
- C:\Windows\System\QXBRubO.exe
  C:\Windows\System\QXBRubO.exe
  2⤵
  PID:7352
- C:\Windows\System\rmXjBMz.exe
  C:\Windows\System\rmXjBMz.exe
  2⤵
  PID:7424
- C:\Windows\System\QGqSQHW.exe
  C:\Windows\System\QGqSQHW.exe
  2⤵
  PID:7452
- C:\Windows\System\PHyopxy.exe
  C:\Windows\System\PHyopxy.exe
  2⤵
  PID:7484
- C:\Windows\System\tmFgxCt.exe
  C:\Windows\System\tmFgxCt.exe
  2⤵
  PID:7504
- C:\Windows\System\PbojpAP.exe
  C:\Windows\System\PbojpAP.exe
  2⤵
  PID:7536
- C:\Windows\System\gNFgLCt.exe
  C:\Windows\System\gNFgLCt.exe
  2⤵
  PID:7560
- C:\Windows\System\PXFagPT.exe
  C:\Windows\System\PXFagPT.exe
  2⤵
  PID:7584
- C:\Windows\System\sgttYeV.exe
  C:\Windows\System\sgttYeV.exe
  2⤵
  PID:7600
- C:\Windows\System\lBagQgK.exe
  C:\Windows\System\lBagQgK.exe
  2⤵
  PID:7620
- C:\Windows\System\TdgNDRr.exe
  C:\Windows\System\TdgNDRr.exe
  2⤵
  PID:7640
- C:\Windows\System\CUXxXKx.exe
  C:\Windows\System\CUXxXKx.exe
  2⤵
  PID:7660
- C:\Windows\System\MmuUfqZ.exe
  C:\Windows\System\MmuUfqZ.exe
  2⤵
  PID:7684
- C:\Windows\System\JmxZZpE.exe
  C:\Windows\System\JmxZZpE.exe
  2⤵
  PID:7708
- C:\Windows\System\IiZxFzT.exe
  C:\Windows\System\IiZxFzT.exe
  2⤵
  PID:7724
- C:\Windows\System\NjHjgUg.exe
  C:\Windows\System\NjHjgUg.exe
  2⤵
  PID:7756
- C:\Windows\System\DwTCBjT.exe
  C:\Windows\System\DwTCBjT.exe
  2⤵
  PID:7816
- C:\Windows\System\GpTzNUd.exe
  C:\Windows\System\GpTzNUd.exe
  2⤵
  PID:7836
- C:\Windows\System\oJcAyUh.exe
  C:\Windows\System\oJcAyUh.exe
  2⤵
  PID:7884
- C:\Windows\System\psskzSZ.exe
  C:\Windows\System\psskzSZ.exe
  2⤵
  PID:7916
- C:\Windows\System\EVgaPBk.exe
  C:\Windows\System\EVgaPBk.exe
  2⤵
  PID:7932
- C:\Windows\System\jijQFea.exe
  C:\Windows\System\jijQFea.exe
  2⤵
  PID:7956
- C:\Windows\System\mCaDycH.exe
  C:\Windows\System\mCaDycH.exe
  2⤵
  PID:7976
- C:\Windows\System\YnUZPgC.exe
  C:\Windows\System\YnUZPgC.exe
  2⤵
  PID:7996
- C:\Windows\System\cYVaryl.exe
  C:\Windows\System\cYVaryl.exe
  2⤵
  PID:8020
- C:\Windows\System\IyNObWr.exe
  C:\Windows\System\IyNObWr.exe
  2⤵
  PID:8048
- C:\Windows\System\XrWIMOg.exe
  C:\Windows\System\XrWIMOg.exe
  2⤵
  PID:8088
- C:\Windows\System\euODDsI.exe
  C:\Windows\System\euODDsI.exe
  2⤵
  PID:8112
- C:\Windows\System\OniDzTQ.exe
  C:\Windows\System\OniDzTQ.exe
  2⤵
  PID:8132
- C:\Windows\System\IVHJbXt.exe
  C:\Windows\System\IVHJbXt.exe
  2⤵
  PID:8156
- C:\Windows\System\nLHNOCQ.exe
  C:\Windows\System\nLHNOCQ.exe
  2⤵
  PID:2008
- C:\Windows\System\uJmtMEY.exe
  C:\Windows\System\uJmtMEY.exe
  2⤵
  PID:7192
- C:\Windows\System\LnBHOqW.exe
  C:\Windows\System\LnBHOqW.exe
  2⤵
  PID:7212
- C:\Windows\System\rHDfybQ.exe
  C:\Windows\System\rHDfybQ.exe
  2⤵
  PID:7312
- C:\Windows\System\tPEXluV.exe
  C:\Windows\System\tPEXluV.exe
  2⤵
  PID:7376
- C:\Windows\System\wbkGpwY.exe
  C:\Windows\System\wbkGpwY.exe
  2⤵
  PID:7472
- C:\Windows\System\IXzajXV.exe
  C:\Windows\System\IXzajXV.exe
  2⤵
  PID:7528
- C:\Windows\System\tFGFBiz.exe
  C:\Windows\System\tFGFBiz.exe
  2⤵
  PID:7572
- C:\Windows\System\aDEubJf.exe
  C:\Windows\System\aDEubJf.exe
  2⤵
  PID:7648
- C:\Windows\System\jbLixoq.exe
  C:\Windows\System\jbLixoq.exe
  2⤵
  PID:7632
- C:\Windows\System\FRkRLRZ.exe
  C:\Windows\System\FRkRLRZ.exe
  2⤵
  PID:7792
- C:\Windows\System\WnceDea.exe
  C:\Windows\System\WnceDea.exe
  2⤵
  PID:7824
- C:\Windows\System\fpeWbCX.exe
  C:\Windows\System\fpeWbCX.exe
  2⤵
  PID:8016
- C:\Windows\System\vzAqEPX.exe
  C:\Windows\System\vzAqEPX.exe
  2⤵
  PID:8044
- C:\Windows\System\CgVWtDj.exe
  C:\Windows\System\CgVWtDj.exe
  2⤵
  PID:8148
- C:\Windows\System\QfztAqw.exe
  C:\Windows\System\QfztAqw.exe
  2⤵
  PID:7184
- C:\Windows\System\eSLtvhs.exe
  C:\Windows\System\eSLtvhs.exe
  2⤵
  PID:7292
- C:\Windows\System\rGOrAyf.exe
  C:\Windows\System\rGOrAyf.exe
  2⤵
  PID:8188
- C:\Windows\System\OxESWTy.exe
  C:\Windows\System\OxESWTy.exe
  2⤵
  PID:7448
- C:\Windows\System\reyLjDj.exe
  C:\Windows\System\reyLjDj.exe
  2⤵
  PID:7592
- C:\Windows\System\ziYaZaj.exe
  C:\Windows\System\ziYaZaj.exe
  2⤵
  PID:7656
- C:\Windows\System\zoHbRky.exe
  C:\Windows\System\zoHbRky.exe
  2⤵
  PID:7928
- C:\Windows\System\cyRzmzd.exe
  C:\Windows\System\cyRzmzd.exe
  2⤵
  PID:7992
- C:\Windows\System\yQqohpw.exe
  C:\Windows\System\yQqohpw.exe
  2⤵
  PID:7416
- C:\Windows\System\ADSXNkU.exe
  C:\Windows\System\ADSXNkU.exe
  2⤵
  PID:7828
- C:\Windows\System\FhEiRuG.exe
  C:\Windows\System\FhEiRuG.exe
  2⤵
  PID:7952
- C:\Windows\System\QdyDhZO.exe
  C:\Windows\System\QdyDhZO.exe
  2⤵
  PID:8012
- C:\Windows\System\ezmytPq.exe
  C:\Windows\System\ezmytPq.exe
  2⤵
  PID:8196
- C:\Windows\System\ixWkzZQ.exe
  C:\Windows\System\ixWkzZQ.exe
  2⤵
  PID:8244
- C:\Windows\System\MmAWtVW.exe
  C:\Windows\System\MmAWtVW.exe
  2⤵
  PID:8260
- C:\Windows\System\crjVXFX.exe
  C:\Windows\System\crjVXFX.exe
  2⤵
  PID:8280
- C:\Windows\System\GDoMOFn.exe
  C:\Windows\System\GDoMOFn.exe
  2⤵
  PID:8308
- C:\Windows\System\eqxDNKa.exe
  C:\Windows\System\eqxDNKa.exe
  2⤵
  PID:8332
- C:\Windows\System\HSIlPLR.exe
  C:\Windows\System\HSIlPLR.exe
  2⤵
  PID:8384
- C:\Windows\System\axhtsdW.exe
  C:\Windows\System\axhtsdW.exe
  2⤵
  PID:8424
- C:\Windows\System\OOWriHI.exe
  C:\Windows\System\OOWriHI.exe
  2⤵
  PID:8440
- C:\Windows\System\OJqbKjL.exe
  C:\Windows\System\OJqbKjL.exe
  2⤵
  PID:8460
- C:\Windows\System\HpblLfE.exe
  C:\Windows\System\HpblLfE.exe
  2⤵
  PID:8488
- C:\Windows\System\lTLtynB.exe
  C:\Windows\System\lTLtynB.exe
  2⤵
  PID:8508
- C:\Windows\System\mKXRPrK.exe
  C:\Windows\System\mKXRPrK.exe
  2⤵
  PID:8540
- C:\Windows\System\oLWoiok.exe
  C:\Windows\System\oLWoiok.exe
  2⤵
  PID:8584
- C:\Windows\System\dqAHWOJ.exe
  C:\Windows\System\dqAHWOJ.exe
  2⤵
  PID:8604
- C:\Windows\System\OFenbXM.exe
  C:\Windows\System\OFenbXM.exe
  2⤵
  PID:8620
- C:\Windows\System\jIBxHxv.exe
  C:\Windows\System\jIBxHxv.exe
  2⤵
  PID:8644
- C:\Windows\System\FbIfpDP.exe
  C:\Windows\System\FbIfpDP.exe
  2⤵
  PID:8668
- C:\Windows\System\qTuDpIa.exe
  C:\Windows\System\qTuDpIa.exe
  2⤵
  PID:8704
- C:\Windows\System\YNPEJxO.exe
  C:\Windows\System\YNPEJxO.exe
  2⤵
  PID:8736
- C:\Windows\System\bXQgRGk.exe
  C:\Windows\System\bXQgRGk.exe
  2⤵
  PID:8752
- C:\Windows\System\opeexxg.exe
  C:\Windows\System\opeexxg.exe
  2⤵
  PID:8780
- C:\Windows\System\JrsXUkZ.exe
  C:\Windows\System\JrsXUkZ.exe
  2⤵
  PID:8796
- C:\Windows\System\RaPAfkO.exe
  C:\Windows\System\RaPAfkO.exe
  2⤵
  PID:8820
- C:\Windows\System\WbiZGkC.exe
  C:\Windows\System\WbiZGkC.exe
  2⤵
  PID:8848
- C:\Windows\System\jeEdGkL.exe
  C:\Windows\System\jeEdGkL.exe
  2⤵
  PID:8892
- C:\Windows\System\FvJBPYv.exe
  C:\Windows\System\FvJBPYv.exe
  2⤵
  PID:8912
- C:\Windows\System\tJpgVRY.exe
  C:\Windows\System\tJpgVRY.exe
  2⤵
  PID:8932
- C:\Windows\System\SIKAXvk.exe
  C:\Windows\System\SIKAXvk.exe
  2⤵
  PID:8956
- C:\Windows\System\XQfEWHP.exe
  C:\Windows\System\XQfEWHP.exe
  2⤵
  PID:8996
- C:\Windows\System\NrCuRfj.exe
  C:\Windows\System\NrCuRfj.exe
  2⤵
  PID:9016
- C:\Windows\System\ZUBqZxc.exe
  C:\Windows\System\ZUBqZxc.exe
  2⤵
  PID:9040
- C:\Windows\System\nwcdhma.exe
  C:\Windows\System\nwcdhma.exe
  2⤵
  PID:9056
- C:\Windows\System\rHbnJxC.exe
  C:\Windows\System\rHbnJxC.exe
  2⤵
  PID:9084
- C:\Windows\System\hpsPGFh.exe
  C:\Windows\System\hpsPGFh.exe
  2⤵
  PID:9196
- C:\Windows\System\VIibZaw.exe
  C:\Windows\System\VIibZaw.exe
  2⤵
  PID:7692
- C:\Windows\System\WDnEIDS.exe
  C:\Windows\System\WDnEIDS.exe
  2⤵
  PID:8232
- C:\Windows\System\MGJoTZi.exe
  C:\Windows\System\MGJoTZi.exe
  2⤵
  PID:8276
- C:\Windows\System\Rbgzvof.exe
  C:\Windows\System\Rbgzvof.exe
  2⤵
  PID:8304
- C:\Windows\System\SkJWXof.exe
  C:\Windows\System\SkJWXof.exe
  2⤵
  PID:1388
- C:\Windows\System\BukwKbr.exe
  C:\Windows\System\BukwKbr.exe
  2⤵
  PID:8468
- C:\Windows\System\IziFEUm.exe
  C:\Windows\System\IziFEUm.exe
  2⤵
  PID:8496
- C:\Windows\System\EZvRIbN.exe
  C:\Windows\System\EZvRIbN.exe
  2⤵
  PID:8528
- C:\Windows\System\AoXbomH.exe
  C:\Windows\System\AoXbomH.exe
  2⤵
  PID:8636
- C:\Windows\System\SaWClxX.exe
  C:\Windows\System\SaWClxX.exe
  2⤵
  PID:8696
- C:\Windows\System\JGbiCTh.exe
  C:\Windows\System\JGbiCTh.exe
  2⤵
  PID:8760
- C:\Windows\System\WnNkhSI.exe
  C:\Windows\System\WnNkhSI.exe
  2⤵
  PID:8744
- C:\Windows\System\XzccnMX.exe
  C:\Windows\System\XzccnMX.exe
  2⤵
  PID:8920
- C:\Windows\System\MEWxcKQ.exe
  C:\Windows\System\MEWxcKQ.exe
  2⤵
  PID:8888
- C:\Windows\System\zhaMErs.exe
  C:\Windows\System\zhaMErs.exe
  2⤵
  PID:9032
- C:\Windows\System\dsrTVkx.exe
  C:\Windows\System\dsrTVkx.exe
  2⤵
  PID:9152
- C:\Windows\System\zMdAtop.exe
  C:\Windows\System\zMdAtop.exe
  2⤵
  PID:9204
- C:\Windows\System\tkIyJoz.exe
  C:\Windows\System\tkIyJoz.exe
  2⤵
  PID:4348
- C:\Windows\System\HyQEoBV.exe
  C:\Windows\System\HyQEoBV.exe
  2⤵
  PID:8372
- C:\Windows\System\eOQLcTS.exe
  C:\Windows\System\eOQLcTS.exe
  2⤵
  PID:8452
- C:\Windows\System\uCrwvfG.exe
  C:\Windows\System\uCrwvfG.exe
  2⤵
  PID:8560
- C:\Windows\System\RAnBIYy.exe
  C:\Windows\System\RAnBIYy.exe
  2⤵
  PID:8684
- C:\Windows\System\GfWsibF.exe
  C:\Windows\System\GfWsibF.exe
  2⤵
  PID:8984
- C:\Windows\System\LXupVDc.exe
  C:\Windows\System\LXupVDc.exe
  2⤵
  PID:9136
- C:\Windows\System\weINRXX.exe
  C:\Windows\System\weINRXX.exe
  2⤵
  PID:9144
- C:\Windows\System\PBdjqqc.exe
  C:\Windows\System\PBdjqqc.exe
  2⤵
  PID:8612
- C:\Windows\System\nsJrJoG.exe
  C:\Windows\System\nsJrJoG.exe
  2⤵
  PID:8844
- C:\Windows\System\nzJMUwj.exe
  C:\Windows\System\nzJMUwj.exe
  2⤵
  PID:8880
- C:\Windows\System\teMsrxP.exe
  C:\Windows\System\teMsrxP.exe
  2⤵
  PID:8224
- C:\Windows\System\KTwrQpV.exe
  C:\Windows\System\KTwrQpV.exe
  2⤵
  PID:9236
- C:\Windows\System\DMXaSDw.exe
  C:\Windows\System\DMXaSDw.exe
  2⤵
  PID:9276
- C:\Windows\System\tDmFaWY.exe
  C:\Windows\System\tDmFaWY.exe
  2⤵
  PID:9296
- C:\Windows\System\tVefmiE.exe
  C:\Windows\System\tVefmiE.exe
  2⤵
  PID:9324
- C:\Windows\System\AuuYMfT.exe
  C:\Windows\System\AuuYMfT.exe
  2⤵
  PID:9348
- C:\Windows\System\BWeUoEt.exe
  C:\Windows\System\BWeUoEt.exe
  2⤵
  PID:9392
- C:\Windows\System\cXUzOzj.exe
  C:\Windows\System\cXUzOzj.exe
  2⤵
  PID:9412
- C:\Windows\System\AYJjPzI.exe
  C:\Windows\System\AYJjPzI.exe
  2⤵
  PID:9448
- C:\Windows\System\fZFUSjl.exe
  C:\Windows\System\fZFUSjl.exe
  2⤵
  PID:9480
- C:\Windows\System\dKeyaqM.exe
  C:\Windows\System\dKeyaqM.exe
  2⤵
  PID:9500
- C:\Windows\System\mgkVbYc.exe
  C:\Windows\System\mgkVbYc.exe
  2⤵
  PID:9528
- C:\Windows\System\UQTrgqG.exe
  C:\Windows\System\UQTrgqG.exe
  2⤵
  PID:9552
- C:\Windows\System\VNPYrMD.exe
  C:\Windows\System\VNPYrMD.exe
  2⤵
  PID:9576
- C:\Windows\System\CpeXBvI.exe
  C:\Windows\System\CpeXBvI.exe
  2⤵
  PID:9592
- C:\Windows\System\oLeLonn.exe
  C:\Windows\System\oLeLonn.exe
  2⤵
  PID:9612
- C:\Windows\System\TIBoXrO.exe
  C:\Windows\System\TIBoXrO.exe
  2⤵
  PID:9644
- C:\Windows\System\KyKOaYp.exe
  C:\Windows\System\KyKOaYp.exe
  2⤵
  PID:9720
- C:\Windows\System\yWlcIzq.exe
  C:\Windows\System\yWlcIzq.exe
  2⤵
  PID:9736
- C:\Windows\System\syBeFYe.exe
  C:\Windows\System\syBeFYe.exe
  2⤵
  PID:9756
- C:\Windows\System\WTzASwU.exe
  C:\Windows\System\WTzASwU.exe
  2⤵
  PID:9792
- C:\Windows\System\biwCGqC.exe
  C:\Windows\System\biwCGqC.exe
  2⤵
  PID:9808
- C:\Windows\System\qHpXMjG.exe
  C:\Windows\System\qHpXMjG.exe
  2⤵
  PID:9848
- C:\Windows\System\Czzvgef.exe
  C:\Windows\System\Czzvgef.exe
  2⤵
  PID:9868
- C:\Windows\System\KhGtfMo.exe
  C:\Windows\System\KhGtfMo.exe
  2⤵
  PID:9920
- C:\Windows\System\PlpnXuP.exe
  C:\Windows\System\PlpnXuP.exe
  2⤵
  PID:9940
- C:\Windows\System\HnYnYLk.exe
  C:\Windows\System\HnYnYLk.exe
  2⤵
  PID:9956
- C:\Windows\System\ZPvocsE.exe
  C:\Windows\System\ZPvocsE.exe
  2⤵
  PID:9980
- C:\Windows\System\oAmfolB.exe
  C:\Windows\System\oAmfolB.exe
  2⤵
  PID:10032
- C:\Windows\System\tQVGzUN.exe
  C:\Windows\System\tQVGzUN.exe
  2⤵
  PID:10052
- C:\Windows\System\dwvNaHf.exe
  C:\Windows\System\dwvNaHf.exe
  2⤵
  PID:10072
- C:\Windows\System\gjaCWYs.exe
  C:\Windows\System\gjaCWYs.exe
  2⤵
  PID:10092
- C:\Windows\System\CKVAcOg.exe
  C:\Windows\System\CKVAcOg.exe
  2⤵
  PID:10112
- C:\Windows\System\kCqEufx.exe
  C:\Windows\System\kCqEufx.exe
  2⤵
  PID:10132
- C:\Windows\System\fImwvCb.exe
  C:\Windows\System\fImwvCb.exe
  2⤵
  PID:10172
- C:\Windows\System\oJulaIZ.exe
  C:\Windows\System\oJulaIZ.exe
  2⤵
  PID:10192
- C:\Windows\System\XAMvqex.exe
  C:\Windows\System\XAMvqex.exe
  2⤵
  PID:7676
- C:\Windows\System\MbaBLvO.exe
  C:\Windows\System\MbaBLvO.exe
  2⤵
  PID:9232
- C:\Windows\System\XzlDkKV.exe
  C:\Windows\System\XzlDkKV.exe
  2⤵
  PID:9292
- C:\Windows\System\hTQWWAn.exe
  C:\Windows\System\hTQWWAn.exe
  2⤵
  PID:9384
- C:\Windows\System\GRyLZRG.exe
  C:\Windows\System\GRyLZRG.exe
  2⤵
  PID:9404
- C:\Windows\System\EdUUqQf.exe
  C:\Windows\System\EdUUqQf.exe
  2⤵
  PID:9492
- C:\Windows\System\SMYNZEt.exe
  C:\Windows\System\SMYNZEt.exe
  2⤵
  PID:9536
- C:\Windows\System\zdjNlZZ.exe
  C:\Windows\System\zdjNlZZ.exe
  2⤵
  PID:9496
- C:\Windows\System\pLtFuVS.exe
  C:\Windows\System\pLtFuVS.exe
  2⤵
  PID:9604
- C:\Windows\System\LsLMUyR.exe
  C:\Windows\System\LsLMUyR.exe
  2⤵
  PID:9628
- C:\Windows\System\CfYpAHP.exe
  C:\Windows\System\CfYpAHP.exe
  2⤵
  PID:9728
- C:\Windows\System\bGiDMBa.exe
  C:\Windows\System\bGiDMBa.exe
  2⤵
  PID:9780
- C:\Windows\System\sORSLFh.exe
  C:\Windows\System\sORSLFh.exe
  2⤵
  PID:9936
- C:\Windows\System\xnGEJLz.exe
  C:\Windows\System\xnGEJLz.exe
  2⤵
  PID:9972
- C:\Windows\System\GToPOPd.exe
  C:\Windows\System\GToPOPd.exe
  2⤵
  PID:10004
- C:\Windows\System\hqSNTBG.exe
  C:\Windows\System\hqSNTBG.exe
  2⤵
  PID:10044
- C:\Windows\System\JQkqweX.exe
  C:\Windows\System\JQkqweX.exe
  2⤵
  PID:10088
- C:\Windows\System\ePOAIih.exe
  C:\Windows\System\ePOAIih.exe
  2⤵
  PID:10144
- C:\Windows\System\NWCnlTP.exe
  C:\Windows\System\NWCnlTP.exe
  2⤵
  PID:10188
- C:\Windows\System\qSEuUlP.exe
  C:\Windows\System\qSEuUlP.exe
  2⤵
  PID:8812
- C:\Windows\System\NIjreHh.exe
  C:\Windows\System\NIjreHh.exe
  2⤵
  PID:9520
- C:\Windows\System\RBDmACK.exe
  C:\Windows\System\RBDmACK.exe
  2⤵
  PID:9600
- C:\Windows\System\ZukDgrx.exe
  C:\Windows\System\ZukDgrx.exe
  2⤵
  PID:9752
- C:\Windows\System\fkGhnRM.exe
  C:\Windows\System\fkGhnRM.exe
  2⤵
  PID:9540
- C:\Windows\System\igyQzDq.exe
  C:\Windows\System\igyQzDq.exe
  2⤵
  PID:10244
- C:\Windows\System\okRZZay.exe
  C:\Windows\System\okRZZay.exe
  2⤵
  PID:10336
- C:\Windows\System\NsOkVdJ.exe
  C:\Windows\System\NsOkVdJ.exe
  2⤵
  PID:10352
- C:\Windows\System\HEUrnLU.exe
  C:\Windows\System\HEUrnLU.exe
  2⤵
  PID:10396
- C:\Windows\System\FUzLLcv.exe
  C:\Windows\System\FUzLLcv.exe
  2⤵
  PID:10424
- C:\Windows\System\cWFsztQ.exe
  C:\Windows\System\cWFsztQ.exe
  2⤵
  PID:10448
- C:\Windows\System\JrSrrMu.exe
  C:\Windows\System\JrSrrMu.exe
  2⤵
  PID:10464
- C:\Windows\System\imQGClY.exe
  C:\Windows\System\imQGClY.exe
  2⤵
  PID:10488
- C:\Windows\System\jnMJVhZ.exe
  C:\Windows\System\jnMJVhZ.exe
  2⤵
  PID:10540
- C:\Windows\System\VeAecQy.exe
  C:\Windows\System\VeAecQy.exe
  2⤵
  PID:10560
- C:\Windows\System\dBSlnXk.exe
  C:\Windows\System\dBSlnXk.exe
  2⤵
  PID:10596
- C:\Windows\System\zrSSoMJ.exe
  C:\Windows\System\zrSSoMJ.exe
  2⤵
  PID:10628
- C:\Windows\System\lEOXUnZ.exe
  C:\Windows\System\lEOXUnZ.exe
  2⤵
  PID:10648
- C:\Windows\System\ByStatL.exe
  C:\Windows\System\ByStatL.exe
  2⤵
  PID:10672
- C:\Windows\System\XLSfoRy.exe
  C:\Windows\System\XLSfoRy.exe
  2⤵
  PID:10692
- C:\Windows\System\FEvjdzP.exe
  C:\Windows\System\FEvjdzP.exe
  2⤵
  PID:10736
- C:\Windows\System\gPrwZjz.exe
  C:\Windows\System\gPrwZjz.exe
  2⤵
  PID:10756
- C:\Windows\System\seYysBb.exe
  C:\Windows\System\seYysBb.exe
  2⤵
  PID:10832
- C:\Windows\System\ZWdDrrl.exe
  C:\Windows\System\ZWdDrrl.exe
  2⤵
  PID:10872
- C:\Windows\System\NcOvRIK.exe
  C:\Windows\System\NcOvRIK.exe
  2⤵
  PID:10888
- C:\Windows\System\dLQGEKf.exe
  C:\Windows\System\dLQGEKf.exe
  2⤵
  PID:10904
- C:\Windows\System\sLCMpUI.exe
  C:\Windows\System\sLCMpUI.exe
  2⤵
  PID:10936
- C:\Windows\System\QNHqODY.exe
  C:\Windows\System\QNHqODY.exe
  2⤵
  PID:10960
- C:\Windows\System\DXwgjMw.exe
  C:\Windows\System\DXwgjMw.exe
  2⤵
  PID:10984
- C:\Windows\System\NAtdrSK.exe
  C:\Windows\System\NAtdrSK.exe
  2⤵
  PID:11004
- C:\Windows\System\wJkqdxE.exe
  C:\Windows\System\wJkqdxE.exe
  2⤵
  PID:11024
- C:\Windows\System\xYHgeXZ.exe
  C:\Windows\System\xYHgeXZ.exe
  2⤵
  PID:11044
- C:\Windows\System\euoGfUF.exe
  C:\Windows\System\euoGfUF.exe
  2⤵
  PID:11100
- C:\Windows\System\LWeQAzp.exe
  C:\Windows\System\LWeQAzp.exe
  2⤵
  PID:11116
- C:\Windows\System\ltJcwJx.exe
  C:\Windows\System\ltJcwJx.exe
  2⤵
  PID:11136
- C:\Windows\System\ZmZofVL.exe
  C:\Windows\System\ZmZofVL.exe
  2⤵
  PID:11152
- C:\Windows\System\tJZBTsv.exe
  C:\Windows\System\tJZBTsv.exe
  2⤵
  PID:11220
- C:\Windows\System\oitpGuW.exe
  C:\Windows\System\oitpGuW.exe
  2⤵
  PID:11244
- C:\Windows\System\kVdrBHM.exe
  C:\Windows\System\kVdrBHM.exe
  2⤵
  PID:9660
- C:\Windows\System\doFFplQ.exe
  C:\Windows\System\doFFplQ.exe
  2⤵
  PID:10084
- C:\Windows\System\RttyvNa.exe
  C:\Windows\System\RttyvNa.exe
  2⤵
  PID:9708
- C:\Windows\System\KVeMpfY.exe
  C:\Windows\System\KVeMpfY.exe
  2⤵
  PID:10068
- C:\Windows\System\WyirrBN.exe
  C:\Windows\System\WyirrBN.exe
  2⤵
  PID:9252
- C:\Windows\System\Sicjmrv.exe
  C:\Windows\System\Sicjmrv.exe
  2⤵
  PID:10284
- C:\Windows\System\eOQZsDP.exe
  C:\Windows\System\eOQZsDP.exe
  2⤵
  PID:10160
- C:\Windows\System\mbSXPjP.exe
  C:\Windows\System\mbSXPjP.exe
  2⤵
  PID:10500
- C:\Windows\System\FHzwEeU.exe
  C:\Windows\System\FHzwEeU.exe
  2⤵
  PID:10460
- C:\Windows\System\wgYykwN.exe
  C:\Windows\System\wgYykwN.exe
  2⤵
  PID:10532
- C:\Windows\System\yPUIMSQ.exe
  C:\Windows\System\yPUIMSQ.exe
  2⤵
  PID:10620
- C:\Windows\System\tIzWZFw.exe
  C:\Windows\System\tIzWZFw.exe
  2⤵
  PID:10712
- C:\Windows\System\teDNtGj.exe
  C:\Windows\System\teDNtGj.exe
  2⤵
  PID:10752
- C:\Windows\System\YPALEcz.exe
  C:\Windows\System\YPALEcz.exe
  2⤵
  PID:10808
- C:\Windows\System\BeHIfDX.exe
  C:\Windows\System\BeHIfDX.exe
  2⤵
  PID:10944
- C:\Windows\System\UmxSOuF.exe
  C:\Windows\System\UmxSOuF.exe
  2⤵
  PID:10992
- C:\Windows\System\obsRcyv.exe
  C:\Windows\System\obsRcyv.exe
  2⤵
  PID:11040
- C:\Windows\System\AzYVmMi.exe
  C:\Windows\System\AzYVmMi.exe
  2⤵
  PID:11072
- C:\Windows\System\BlZhPkB.exe
  C:\Windows\System\BlZhPkB.exe
  2⤵
  PID:11144
- C:\Windows\System\pOGViRx.exe
  C:\Windows\System\pOGViRx.exe
  2⤵
  PID:11192
- C:\Windows\System\LZlwOmy.exe
  C:\Windows\System\LZlwOmy.exe
  2⤵
  PID:9608
- C:\Windows\System\xdSVuLk.exe
  C:\Windows\System\xdSVuLk.exe
  2⤵
  PID:10064
- C:\Windows\System\iWaCAAi.exe
  C:\Windows\System\iWaCAAi.exe
  2⤵
  PID:10048
- C:\Windows\System\yaysaCC.exe
  C:\Windows\System\yaysaCC.exe
  2⤵
  PID:10304
- C:\Windows\System\KLBNoKi.exe
  C:\Windows\System\KLBNoKi.exe
  2⤵
  PID:10328
- C:\Windows\System\edYmFlS.exe
  C:\Windows\System\edYmFlS.exe
  2⤵
  PID:10480
- C:\Windows\System\oMLKngr.exe
  C:\Windows\System\oMLKngr.exe
  2⤵
  PID:10864
- C:\Windows\System\MfIBiFv.exe
  C:\Windows\System\MfIBiFv.exe
  2⤵
  PID:11076
- C:\Windows\System\XhRVhyC.exe
  C:\Windows\System\XhRVhyC.exe
  2⤵
  PID:11160
- C:\Windows\System\IBItQjk.exe
  C:\Windows\System\IBItQjk.exe
  2⤵
  PID:10320
- C:\Windows\System\nivbHWz.exe
  C:\Windows\System\nivbHWz.exe
  2⤵
  PID:10592
- C:\Windows\System\RWiSRRi.exe
  C:\Windows\System\RWiSRRi.exe
  2⤵
  PID:11020
- C:\Windows\System\srBoSZv.exe
  C:\Windows\System\srBoSZv.exe
  2⤵
  PID:10952
- C:\Windows\System\nTNlQXw.exe
  C:\Windows\System\nTNlQXw.exe
  2⤵
  PID:9704
- C:\Windows\System\NEmBeHe.exe
  C:\Windows\System\NEmBeHe.exe
  2⤵
  PID:11084
- C:\Windows\System\lAOBdWO.exe
  C:\Windows\System\lAOBdWO.exe
  2⤵
  PID:11272
- C:\Windows\System\PEFBCRg.exe
  C:\Windows\System\PEFBCRg.exe
  2⤵
  PID:11308
- C:\Windows\System\mghppwG.exe
  C:\Windows\System\mghppwG.exe
  2⤵
  PID:11328
- C:\Windows\System\aWPaOfI.exe
  C:\Windows\System\aWPaOfI.exe
  2⤵
  PID:11348
- C:\Windows\System\brxALNn.exe
  C:\Windows\System\brxALNn.exe
  2⤵
  PID:11380
- C:\Windows\System\yzHjCoH.exe
  C:\Windows\System\yzHjCoH.exe
  2⤵
  PID:11416
- C:\Windows\System\GoMihcw.exe
  C:\Windows\System\GoMihcw.exe
  2⤵
  PID:11452
- C:\Windows\System\PLqBens.exe
  C:\Windows\System\PLqBens.exe
  2⤵
  PID:11468
- C:\Windows\System\BpoJXio.exe
  C:\Windows\System\BpoJXio.exe
  2⤵
  PID:11492
- C:\Windows\System\JvOmlkq.exe
  C:\Windows\System\JvOmlkq.exe
  2⤵
  PID:11528
- C:\Windows\System\AisWnKY.exe
  C:\Windows\System\AisWnKY.exe
  2⤵
  PID:11560
- C:\Windows\System\rdCGESI.exe
  C:\Windows\System\rdCGESI.exe
  2⤵
  PID:11592
- C:\Windows\System\uNFeOMp.exe
  C:\Windows\System\uNFeOMp.exe
  2⤵
  PID:11624
- C:\Windows\System\qDSiHVF.exe
  C:\Windows\System\qDSiHVF.exe
  2⤵
  PID:11656
- C:\Windows\System\DCObZxW.exe
  C:\Windows\System\DCObZxW.exe
  2⤵
  PID:11672
- C:\Windows\System\kwogpel.exe
  C:\Windows\System\kwogpel.exe
  2⤵
  PID:11700
- C:\Windows\System\KsrLvYr.exe
  C:\Windows\System\KsrLvYr.exe
  2⤵
  PID:11728
- C:\Windows\System\GbcZUxf.exe
  C:\Windows\System\GbcZUxf.exe
  2⤵
  PID:11760
- C:\Windows\System\ofFnpmJ.exe
  C:\Windows\System\ofFnpmJ.exe
  2⤵
  PID:11780
- C:\Windows\System\lxMseoJ.exe
  C:\Windows\System\lxMseoJ.exe
  2⤵
  PID:11800
- C:\Windows\System\qMKBDUF.exe
  C:\Windows\System\qMKBDUF.exe
  2⤵
  PID:11848
- C:\Windows\System\MixgaTo.exe
  C:\Windows\System\MixgaTo.exe
  2⤵
  PID:11908
- C:\Windows\System\usEdFoM.exe
  C:\Windows\System\usEdFoM.exe
  2⤵
  PID:11924
- C:\Windows\System\OwVqasp.exe
  C:\Windows\System\OwVqasp.exe
  2⤵
  PID:11940
- C:\Windows\System\UPTQXdY.exe
  C:\Windows\System\UPTQXdY.exe
  2⤵
  PID:11964
- C:\Windows\System\NBRngZU.exe
  C:\Windows\System\NBRngZU.exe
  2⤵
  PID:11988
- C:\Windows\System\weHroGN.exe
  C:\Windows\System\weHroGN.exe
  2⤵
  PID:12012
- C:\Windows\System\UrEYAfB.exe
  C:\Windows\System\UrEYAfB.exe
  2⤵
  PID:12028
- C:\Windows\System\yAeInNo.exe
  C:\Windows\System\yAeInNo.exe
  2⤵
  PID:12064
- C:\Windows\System\mbmhYeO.exe
  C:\Windows\System\mbmhYeO.exe
  2⤵
  PID:12084
- C:\Windows\System\DXKCwod.exe
  C:\Windows\System\DXKCwod.exe
  2⤵
  PID:12116
- C:\Windows\System\XrWvwcR.exe
  C:\Windows\System\XrWvwcR.exe
  2⤵
  PID:12140
- C:\Windows\System\utECkHK.exe
  C:\Windows\System\utECkHK.exe
  2⤵
  PID:12168
- C:\Windows\System\LeJrDdq.exe
  C:\Windows\System\LeJrDdq.exe
  2⤵
  PID:12188
- C:\Windows\System\QxEQXvR.exe
  C:\Windows\System\QxEQXvR.exe
  2⤵
  PID:12224
- C:\Windows\System\IFsgcxz.exe
  C:\Windows\System\IFsgcxz.exe
  2⤵
  PID:12256
- C:\Windows\System\igRPXeJ.exe
  C:\Windows\System\igRPXeJ.exe
  2⤵
  PID:11300
- C:\Windows\System\CVcmOAg.exe
  C:\Windows\System\CVcmOAg.exe
  2⤵
  PID:11344
- C:\Windows\System\bUddsnp.exe
  C:\Windows\System\bUddsnp.exe
  2⤵
  PID:11396
- C:\Windows\System\JWxPKRB.exe
  C:\Windows\System\JWxPKRB.exe
  2⤵
  PID:11412
- C:\Windows\System\rcpcyXl.exe
  C:\Windows\System\rcpcyXl.exe
  2⤵
  PID:11536
- C:\Windows\System\oOMTctA.exe
  C:\Windows\System\oOMTctA.exe
  2⤵
  PID:11644
- C:\Windows\System\heTMwbY.exe
  C:\Windows\System\heTMwbY.exe
  2⤵
  PID:11668
- C:\Windows\System\bfhBDjP.exe
  C:\Windows\System\bfhBDjP.exe
  2⤵
  PID:11748
- C:\Windows\System\cENwLIp.exe
  C:\Windows\System\cENwLIp.exe
  2⤵
  PID:11776
- C:\Windows\System\YzuwZiW.exe
  C:\Windows\System\YzuwZiW.exe
  2⤵
  PID:11796
- C:\Windows\System\IbqxAGO.exe
  C:\Windows\System\IbqxAGO.exe
  2⤵
  PID:11876
- C:\Windows\System\kmXgpRh.exe
  C:\Windows\System\kmXgpRh.exe
  2⤵
  PID:11916
- C:\Windows\System\urEjSts.exe
  C:\Windows\System\urEjSts.exe
  2⤵
  PID:11956
- C:\Windows\System\rrXvapB.exe
  C:\Windows\System\rrXvapB.exe
  2⤵
  PID:4852
- C:\Windows\System\YVwRsmy.exe
  C:\Windows\System\YVwRsmy.exe
  2⤵
  PID:12004
- C:\Windows\System\CuDdezE.exe
  C:\Windows\System\CuDdezE.exe
  2⤵
  PID:12024
- C:\Windows\System\MAaDBbN.exe
  C:\Windows\System\MAaDBbN.exe
  2⤵
  PID:12108
- C:\Windows\System\hkIEJil.exe
  C:\Windows\System\hkIEJil.exe
  2⤵
  PID:12268
- C:\Windows\System\kqYFNEi.exe
  C:\Windows\System\kqYFNEi.exe
  2⤵
  PID:12220
- C:\Windows\System\IiFqlsF.exe
  C:\Windows\System\IiFqlsF.exe
  2⤵
  PID:11376
- C:\Windows\System\rTJVsXz.exe
  C:\Windows\System\rTJVsXz.exe
  2⤵
  PID:11580
- C:\Windows\System\yciLpuz.exe
  C:\Windows\System\yciLpuz.exe
  2⤵
  PID:1096
- C:\Windows\System\iyjdmiR.exe
  C:\Windows\System\iyjdmiR.exe
  2⤵
  PID:11828
- C:\Windows\System\CJYEcGc.exe
  C:\Windows\System\CJYEcGc.exe
  2⤵
  PID:2044
- C:\Windows\System\yPZFSIe.exe
  C:\Windows\System\yPZFSIe.exe
  2⤵
  PID:11996
- C:\Windows\System\wDOKkfe.exe
  C:\Windows\System\wDOKkfe.exe
  2⤵
  PID:12160
- C:\Windows\System\wKzaOes.exe
  C:\Windows\System\wKzaOes.exe
  2⤵
  PID:12276
- C:\Windows\System\wHjARUZ.exe
  C:\Windows\System\wHjARUZ.exe
  2⤵
  PID:11340
- C:\Windows\System\VAzYpUM.exe
  C:\Windows\System\VAzYpUM.exe
  2⤵
  PID:11620
- C:\Windows\System\cpTzsXt.exe
  C:\Windows\System\cpTzsXt.exe
  2⤵
  PID:12128
- C:\Windows\System\OKFuBnW.exe
  C:\Windows\System\OKFuBnW.exe
  2⤵
  PID:5020
- C:\Windows\System\GDvTBRK.exe
  C:\Windows\System\GDvTBRK.exe
  2⤵
  PID:11408
- C:\Windows\System\IjsSiGO.exe
  C:\Windows\System\IjsSiGO.exe
  2⤵
  PID:12296
- C:\Windows\System\vCGZMob.exe
  C:\Windows\System\vCGZMob.exe
  2⤵
  PID:12312
- C:\Windows\System\KxBDnVJ.exe
  C:\Windows\System\KxBDnVJ.exe
  2⤵
  PID:12336
- C:\Windows\System\htZEwOf.exe
  C:\Windows\System\htZEwOf.exe
  2⤵
  PID:12360
- C:\Windows\System\aTSuLdq.exe
  C:\Windows\System\aTSuLdq.exe
  2⤵
  PID:12384
- C:\Windows\System\CXUbAzp.exe
  C:\Windows\System\CXUbAzp.exe
  2⤵
  PID:12448
- C:\Windows\System\ySGosHE.exe
  C:\Windows\System\ySGosHE.exe
  2⤵
  PID:12464
- C:\Windows\System\hQZUZho.exe
  C:\Windows\System\hQZUZho.exe
  2⤵
  PID:12492
- C:\Windows\System\BrJMSiH.exe
  C:\Windows\System\BrJMSiH.exe
  2⤵
  PID:12540
- C:\Windows\System\oekovtm.exe
  C:\Windows\System\oekovtm.exe
  2⤵
  PID:12560
- C:\Windows\System\pKCrbLg.exe
  C:\Windows\System\pKCrbLg.exe
  2⤵
  PID:12588
- C:\Windows\System\NrVFuyF.exe
  C:\Windows\System\NrVFuyF.exe
  2⤵
  PID:12604
- C:\Windows\System\GSrOkhF.exe
  C:\Windows\System\GSrOkhF.exe
  2⤵
  PID:12632
- C:\Windows\System\LSBiOvL.exe
  C:\Windows\System\LSBiOvL.exe
  2⤵
  PID:12656
- C:\Windows\System\lBQehlk.exe
  C:\Windows\System\lBQehlk.exe
  2⤵
  PID:12688
- C:\Windows\System\TJtOzKF.exe
  C:\Windows\System\TJtOzKF.exe
  2⤵
  PID:12764
- C:\Windows\System\tjixjnV.exe
  C:\Windows\System\tjixjnV.exe
  2⤵
  PID:12792
- C:\Windows\System\nXCMkAq.exe
  C:\Windows\System\nXCMkAq.exe
  2⤵
  PID:12812
- C:\Windows\System\BsAqaKk.exe
  C:\Windows\System\BsAqaKk.exe
  2⤵
  PID:12852
- C:\Windows\System\VpXSBFA.exe
  C:\Windows\System\VpXSBFA.exe
  2⤵
  PID:12872
- C:\Windows\System\sKNfcaJ.exe
  C:\Windows\System\sKNfcaJ.exe
  2⤵
  PID:12892
- C:\Windows\System\jsnZsWz.exe
  C:\Windows\System\jsnZsWz.exe
  2⤵
  PID:12920
- C:\Windows\System\yvJsGCq.exe
  C:\Windows\System\yvJsGCq.exe
  2⤵
  PID:12936
- C:\Windows\System\rbcqClS.exe
  C:\Windows\System\rbcqClS.exe
  2⤵
  PID:12980
- C:\Windows\System\yYPDNgn.exe
  C:\Windows\System\yYPDNgn.exe
  2⤵
  PID:13004
- C:\Windows\System\MinOtcD.exe
  C:\Windows\System\MinOtcD.exe
  2⤵
  PID:13032
- C:\Windows\System\StWjDLr.exe
  C:\Windows\System\StWjDLr.exe
  2⤵
  PID:13060
- C:\Windows\System\vEeYosw.exe
  C:\Windows\System\vEeYosw.exe
  2⤵
  PID:13100
- C:\Windows\System\uqiywCv.exe
  C:\Windows\System\uqiywCv.exe
  2⤵
  PID:13144
- C:\Windows\System\xNLevdH.exe
  C:\Windows\System\xNLevdH.exe
  2⤵
  PID:13168
- C:\Windows\System\bucQKmR.exe
  C:\Windows\System\bucQKmR.exe
  2⤵
  PID:13184
- C:\Windows\System\qYUkdeD.exe
  C:\Windows\System\qYUkdeD.exe
  2⤵
  PID:13216
- C:\Windows\System\MywUTRA.exe
  C:\Windows\System\MywUTRA.exe
  2⤵
  PID:13244
- C:\Windows\System\KUJtqJj.exe
  C:\Windows\System\KUJtqJj.exe
  2⤵
  PID:13268
- C:\Windows\System\XjxoITu.exe
  C:\Windows\System\XjxoITu.exe
  2⤵
  PID:13288
- C:\Windows\System\WwGmXeH.exe
  C:\Windows\System\WwGmXeH.exe
  2⤵
  PID:11448
- C:\Windows\System\JxgnGeA.exe
  C:\Windows\System\JxgnGeA.exe
  2⤵
  PID:11720
- C:\Windows\System\MaoYrKV.exe
  C:\Windows\System\MaoYrKV.exe
  2⤵
  PID:12444
- C:\Windows\System\WOEiCJr.exe
  C:\Windows\System\WOEiCJr.exe
  2⤵
  PID:12528
- C:\Windows\System\dmzUNTT.exe
  C:\Windows\System\dmzUNTT.exe
  2⤵
  PID:12600
- C:\Windows\System\DmnhfHO.exe
  C:\Windows\System\DmnhfHO.exe
  2⤵
  PID:12644
- C:\Windows\System\MQYpVpZ.exe
  C:\Windows\System\MQYpVpZ.exe
  2⤵
  PID:12580
- C:\Windows\System\OuMVqBe.exe
  C:\Windows\System\OuMVqBe.exe
  2⤵
  PID:12532
- C:\Windows\System\aDoLHHJ.exe
  C:\Windows\System\aDoLHHJ.exe
  2⤵
  PID:12672
- C:\Windows\System\KtuTbwt.exe
  C:\Windows\System\KtuTbwt.exe
  2⤵
  PID:2664
- C:\Windows\System\oQrrqKW.exe
  C:\Windows\System\oQrrqKW.exe
  2⤵
  PID:3480
- C:\Windows\System\WOvPfLu.exe
  C:\Windows\System\WOvPfLu.exe
  2⤵
  PID:12804
- C:\Windows\System\FkYqpRF.exe
  C:\Windows\System\FkYqpRF.exe
  2⤵
  PID:12864
- C:\Windows\System\DRVxLMV.exe
  C:\Windows\System\DRVxLMV.exe
  2⤵
  PID:13044
- C:\Windows\System\JfINAJL.exe
  C:\Windows\System\JfINAJL.exe
  2⤵
  PID:13028
- C:\Windows\System\vrvQFJC.exe
  C:\Windows\System\vrvQFJC.exe
  2⤵
  PID:13160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4176,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
1⤵
PID:6572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_osctaetq.nae.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BiUOqxG.exe

Filesize
1.4MB

MD5
70d82d012693e61ff5e1acc0f1f14350

SHA1
26447830cac5f6ddbc7950a8b74863d441804571

SHA256
eeddd91059accfcd3871b7ad0e5f565d29dfd1d3dcc5f75353a82524ffa189d6

SHA512
6411727f65c889a0809298cee72db6dd854774ab5a50afb7ed648cf7bf311ed4da53bd5e097bc14229e3874c4948306c71bc1682e9f1fece2f16fa69b1907a8e

Download Submit
C:\Windows\System\DWtxCcA.exe

Filesize
1.4MB

MD5
6a7273eda6893b86489ba0ec8af106e1

SHA1
8c2874705d0ce34df076902326c629b77e5a2aed

SHA256
1e673aa4eddd4ee3f7cac7eeb5078a9fea2e712da12812ec00742ff32ad84936

SHA512
519db9702dd036be5c8a31ca2f9266b7fc51e474f9533cb60ffcccf1fadd095ca42921fd0d0eee6e9726a1aafbc7b6c04fae0c7f12009b702523d5ef63a4d428

Download Submit
C:\Windows\System\EgJWWMM.exe

Filesize
1.4MB

MD5
ef186d147f204e1784071d1c1ddb13f5

SHA1
febf6da3ad0acbebefe47dc04d82b4117d3ca6bc

SHA256
5b269acf69fea85bd5b6ecda078a8a3f1f6bbd959536ec90ace4b7b299c4527b

SHA512
4c5e07fc35f7fa703d5395b52c579ad68b753895d90f309cff82962eb2b51c41b07bb11c49742747f4130dcfc3e5413d09239f7de8eb913bb15a7533c7c45173

Download Submit
C:\Windows\System\FbYPnHS.exe

Filesize
1.4MB

MD5
462029ffe6e7ab888a06b8fe53c27621

SHA1
04a94383637f4c2f1d20e3344456b98d52542b3b

SHA256
72bf149f7db5c3a7733eb737e26be2be0557d34395206c854a18e6b0cc7c997c

SHA512
c770bc301e949021d8c08cdb83ad54567068533ecfb7e77102f833f87882861052179ad3e4e2a2a48514effdbe9fd61f26697621600947130f35d980a756700a

Download Submit
C:\Windows\System\FdkFAVZ.exe

Filesize
1.4MB

MD5
b4eeb10f13771c8759ca2555781ad1fa

SHA1
f4c05ade1d7ce7378ac98db1dae9f10bf5989f6c

SHA256
9d12bd58499e6736a037c09db643662e3eef9c13bb42fbbe81a5c7a8ea053e83

SHA512
d087b7ca0680134ddb06c86296889a59e0330296d6fdb88d8c087f2a6dcedc0d56da85c01c45e757be83507b89d6d76772650dd7b1f17590b8a6be5040629c72

Download Submit
C:\Windows\System\HBNHQmq.exe

Filesize
1.4MB

MD5
7c76c2b16965a8a746563e98afcadc17

SHA1
5c3e911da7475589a34cb133821866875a297bf0

SHA256
cc3cb842d5af3bf561ce1f25ebe4c4a925b58336de1dbb9071f8b5d938abbe28

SHA512
204ccc3be34d0ed057731d6c3345c15d61ace0951a3dae459d5e59db580ef80bae8014d596b7e493db8bf3a1adf750d1e395fb31c1a119122c0f3e9fb29f3a3e

Download Submit
C:\Windows\System\HXOKCpU.exe

Filesize
1.4MB

MD5
b623ba58c83381f2b156d7dabf166588

SHA1
70c0d0b3364e7c17dbd3b7bcbd5b80aec4900237

SHA256
5f9e4abb4554c4d6df3eb3c74ad314ef34acbbf80fe1387c8b80154a2b84a482

SHA512
00f1347a987e36a0678633020c72312a09026cf5436ad61f226977f7516284f7ad1bbce765b90f32d64771c4b86178913c037a669b9566f284a3b09f5aaf3737

Download Submit
C:\Windows\System\LzfKbTS.exe

Filesize
1.4MB

MD5
26884ffd251af7c8d4a5390cbf85b870

SHA1
6b6d9d2108e049ce9d9e7b325e80c2e0ccbd25c5

SHA256
bbce1cb97cf6298ecc9bdce799b689c30056c5e9086221e0527b69c3c6a9c05e

SHA512
f06f4a5e9e7963b4b880cec5b14f2e0630ea28f87201ba7f933d1db6369504c8a491b3185d3650618a4d4d9caef338aa4635036955a144cf370ed7a69d8845e2

Download Submit
C:\Windows\System\OdYSHJq.exe

Filesize
1.4MB

MD5
4f0e9cc90c2f10cf245d39216540882d

SHA1
79384f9c383bc0c06d4193ee4071411d22c8ac78

SHA256
5b9e249ae421569ad346187056c956e5a171961676a67552a1aa2430c78032cd

SHA512
f5f231b89521bf446aeee99ed38d454a8e7f2a334160ebed9dfb2a1e8f1ec5721f3d554f8c50d34053dcd666423e2d05a47cb4a1f467989349836da0aacb890d

Download Submit
C:\Windows\System\QOitRbe.exe

Filesize
1.4MB

MD5
9f9bd39cc8ad47b81a38861c628b4ee0

SHA1
aa6eda9aae277bde57b76f69ddb15669b831a7bc

SHA256
b01e7748cd4ad991c5c909358f676cd11e79fe681ba3b8e091ae9eb37bef4702

SHA512
a73305b5c4585ee956235bccbeb028b1b892055ef95612dcd382a91ee1c52b19ed3ebe15f5524a74b3ab2c7b5c16832e8353886a1d17e3e68f3cba35e28e2900

Download Submit
C:\Windows\System\QotAyFP.exe

Filesize
8B

MD5
76860bc6bcf1b962e8a2e2eb292a4bf6

SHA1
eb87db8a1bc4e53a442a3f1452dad31ebf337320

SHA256
0c7d1822ddaeb86897a410445e7015124a04f518d6418bfc26f4a46336cbbf53

SHA512
4a411de28e286563ff5d02d738b10b02f1034fd988f1bef2002f2765356449f6b3486aa93dfc28c44550060a88590f8f6e516156b12db24d65a9d99e449df45a

Download Submit
C:\Windows\System\RTTrGyF.exe

Filesize
1.4MB

MD5
71dbc7da5b37fd028ea07a51f828404c

SHA1
39ed06b47a34effc30a2ddcd622016fd39b96172

SHA256
d2b5edf66680248737efdcb82787b5149944a599ba2b57101e269cdda1f6502b

SHA512
4b9d0a8df032073b2c0790aa811bbac9123f1e58196913ff3c3f97dbe148478fc0dc4d185645e0108f347ca51d1264238340e5aa21f2cb3949c5b2bbc3f19abe

Download Submit
C:\Windows\System\RrzfXsL.exe

Filesize
1.4MB

MD5
50a6cbb2901b358f4f1f410d2076fb62

SHA1
e9f6c2bec03712751fc0d67976b2237df8b0c439

SHA256
c220b005dd12c77bc20c42b7f8f47ad55759250193c39578009673b96370d03e

SHA512
6df0ba3bd06b87968f44a14de07de0bd25cf44fd90ecfe1a9bde0c4198973d2431e62e0dbdf9617a1b626486695a98024311e43d37aa41f8d167c22d652d0e5e

Download Submit
C:\Windows\System\VMGEtar.exe

Filesize
1.4MB

MD5
9dbf7f8452fe7f16d841540c94bd3651

SHA1
28a105af47c293737c130ea09a3b118b7be76373

SHA256
64fc93dcc632b1f2b4154931111981b969a4d434029b3f6c6a3291d374af5294

SHA512
3b77baf7890e31f234fd12019520952cfab860925a6966fbb4bf49b666e980e53a6c6f9390debede0cdff84aa07277028938548f03cb14ccf129579120c87d89

Download Submit
C:\Windows\System\VwkBxUJ.exe

Filesize
1.4MB

MD5
6278fde058ccc745499e017216739033

SHA1
a8199becc497bfa8fe60d2864d121430e572cbcf

SHA256
4c2e4251b5e17b12be6e31551c1fe4c1f51b6a8a04b4024374bfd5889581468c

SHA512
b2c46cf5cfae52315a83d3886e44ad74702b3194ab6d0b4b7a061e818b1384b5a9ec1ab168f3528680be60097bd8d12f0f1e2228d40cc3024c93399f7d9daba3

Download Submit
C:\Windows\System\ZYbinhR.exe

Filesize
1.4MB

MD5
4cf851aeee4b4cf789598e113d3270aa

SHA1
b17fa4a261349e89f79d2bcc1c893681f9d11b07

SHA256
5ec034b5147798c410db133c655cd4780dd16f127eede4d35b466f22a0f51e28

SHA512
c6d08690ab20e5e471b28dc3502143f389db70e196f575cf59f644e67e82193c05b8c576f32f281085e7004c6ffc0b0822da6fa8e52ad16755779c65d1c46b13

Download Submit
C:\Windows\System\ZdaFcQJ.exe

Filesize
1.4MB

MD5
78e19ee6d458ee1799d69a26a6500fef

SHA1
434c7c923f4b7874d7237d7735a9adefc410c4e7

SHA256
4473cf5c31a067463ec7b5f2ab7a15bf2f770cd09b4dc34f4ca4cfab44f172b6

SHA512
f9019c709e162027786dacbb731dddc91c3db9e42e23b9b3920cff32e7803cb9ce4c86e7ab7c12035c11ebab3e52a033f349cba3c05b4ce3eac2ae9421bfe344

Download Submit
C:\Windows\System\aAnzYEg.exe

Filesize
1.4MB

MD5
b690bd4163854dd4af010db04a57a913

SHA1
e68c447d2b11afaace237b06e1d79679e57bc80f

SHA256
c6e329be21ab5d594418973f24e720e49f9c4043b9f16bf0795b1f7e3efd139c

SHA512
5e9b9ae92970fb6d2bd369725546954bac217db93d5c14fb460f5b2badbed398a9121e362be365c5ece399bff2d1792089aeeec0e1d3dac6f2e358e3bc15507a

Download Submit
C:\Windows\System\fCdSiZb.exe

Filesize
1.4MB

MD5
f291ac65a66cd23db2c8a07e1bafe68d

SHA1
cc12e49a2a3fbe6a913c698cf3a24000dd30f97e

SHA256
178efe387372d9b155664ebac03c1cdc583f4da61db9361e50461712f77ecb2a

SHA512
783f909f04f70d5cf2a15422b5cc2642b8918bde60171e81eb4bae23440c0d70f3e8bec578b4aad311cdb71337c41b097383ca528940f065dcd2be8fcb21e7fd

Download Submit
C:\Windows\System\fEOLEYO.exe

Filesize
1.4MB

MD5
b752c1ffff59c5b9dcc2a3acf14c3f55

SHA1
792af5bda4f12bdff6684641dadefc7b527fffd1

SHA256
7879d8d3cf70291c0163659727a0093c8185ce9855a2eae606279e92f6d8fbc6

SHA512
299176d40392fc5db9ba6da326645b69d3201496e47c3c3f5671beb4cb1abfca5b929f70dabbaadcd0f38cef641f6820417fc54452dba9fd602d27eae7db693c

Download Submit
C:\Windows\System\fKFjMjn.exe

Filesize
1.4MB

MD5
327a06e28ea9b82b3961a9340b28deab

SHA1
545e68f8fde74aa4541dea831048aec751c1f7bf

SHA256
b9a532e5aacb7c0e4bbd6b1df5ff637408e71952e8c31a2752413d8818805340

SHA512
47d17e9b6cb3a02a51495fe04a1782a381c16ccd3b097eb366ea4a789900d64bcd5d0ae44d8e419210365d53c981f9affc9d46d3569fc64cb01e5c3c9ddd4d92

Download Submit
C:\Windows\System\fhZAYpE.exe

Filesize
1.4MB

MD5
4ab4efc51a1f8ce97c2810d29215eeae

SHA1
cbccb9fe19069925f2249b456625477eaedb79d3

SHA256
dac199170b0f947410ace76f35c741e81bf06565d70cbc0f09b2fa55fd2e6f62

SHA512
186cf8efe9f194cdde897b0c8e960413ea101461e6b3d2e209ef0f10c1d50a082ac7b0cad13cad4fb93e3d7945ef6a096c9dc09a5cbef7e21e6ce98ad88937a8

Download Submit
C:\Windows\System\gFgjTpr.exe

Filesize
1.4MB

MD5
2102230725c8121072adc26daf143d82

SHA1
31b4227815fc1484b9e0588190e4077535ced3cf

SHA256
0e226f070df6d18e7f6530b64118e1fdfa0bbcf22f003882f0250c4848884aa9

SHA512
73935db61b3a9c72d5d817564b1ccc252c869e98d8938d59f6994933bb1a99a7f402e349d2b46d674c001978fd1aaac920214a447b9eb0c61d8bda28b1480f6a

Download Submit
C:\Windows\System\iMukwbk.exe

Filesize
1.4MB

MD5
f6cb2212dc2f08e88827f0d38b61aa10

SHA1
751d81ea51a778488cfabc7dc2978631c2f91243

SHA256
93657bcddfe59674af0fdbb9a849698665f4a1d53d50a29cda157c009db46233

SHA512
a3a0ba14bfde75b3a9af29fa9734655941fee83f929ff76c4f5f31e728e8c29b35d985626f28083d95ef4b16aa7d6669e490b8d73bec55cbc7a5a56a44f26cf2

Download Submit
C:\Windows\System\ieoyizN.exe

Filesize
1.4MB

MD5
4e90ce6f09329836aa03e737e04e7e9f

SHA1
97ac2ad961dd8db291aa2f380f6804bdb6d61dd1

SHA256
e5e23dc176a8044a68033aeeb1f72a88258fd391923f8676281add1eb4ae2f8b

SHA512
9f3960efd71a97ac28ccf0b9963da0e366d63e7b029c2332092135000231298f2bd6fbded74fa987a0f80223b3afe001d8052fab67eccd786d748c2835c4078b

Download Submit
C:\Windows\System\iiazcsA.exe

Filesize
1.4MB

MD5
93bac17f24a57871a0450276f4e76588

SHA1
36abb2f11a8ac68a32eee040ffb74363e291d099

SHA256
2149fa2e765a938815b231f57db7f562c950fbf44fd4415712eaf1c6126f1d9d

SHA512
b35348e920f0cf9e0e989679e5755d0c4419b64c30020dd3471a6241e977c5922dd95c1b653932e8f3eb7756b087a51f83bf1126f712801a46f0cdc26f1716ce

Download Submit
C:\Windows\System\mhqYUXl.exe

Filesize
1.4MB

MD5
6c548afab077ef454a31276b1b367799

SHA1
b17daff5f5e4fc76487f7280d3676af988a4cbe1

SHA256
5e58f9f4e1e3d64ae64da00417c6cbf3ad5e9aede1c972a1f2901dc9d0b65978

SHA512
d3edee27eb8a12f80f4b8cce1c954ad93981847732f632ca0d3a86e42fa9d91e2630fae5bd2944c366be76d9f0c3c30df5b01ac43b5a036588087f3ec3eefa31

Download Submit
C:\Windows\System\nNvaNpT.exe

Filesize
1.4MB

MD5
7a8338c6a4e114357702629af20d41af

SHA1
1bc3897a3ea60ff07c4b6baffe7b892fc005d6d9

SHA256
83649aa1189ec987e4515977055c37ee927cb07ddc97355635bb0920f4664d55

SHA512
84c61ed018f81a30bef536b561c6c5ace33f6b09c7994b9c161f3bc7792d2b5f9710e750abd7d2745a0ec424de965be5bf94ec40eb7afc5abbc49359726cffb4

Download Submit
C:\Windows\System\qmValdj.exe

Filesize
1.4MB

MD5
d6533246656a4531e60b559a0501c965

SHA1
9d061a4de1e442894a2dd68c5c04dc841082fafb

SHA256
28c0644852eacaf75a9d1d101d77e7876d465aaaec3d051782ac83d2181143ed

SHA512
8d6079d811c94d2b5662d51562aae1601aec7f239f1c2c3a2c85bbd3b707144284a6f276f2f1dd021439dd4a3109cc790bc1f29bf74b33aae1e0e329ce55c064

Download Submit
C:\Windows\System\rDQHFzj.exe

Filesize
1.4MB

MD5
5c73d4a85c693f0b63a525f0175358d5

SHA1
ba49756cd292124c5053bc6578ed1f35eb37c37d

SHA256
a30461266048626d2cf07f592ba328fc610895b415cfd6da592362b908fdb4df

SHA512
f666aa5e4047e6878238b77d19fa7f65acacf110de127e8fd2cb0060ec14744f2f0551079a4191eb2d8562e80519e2daec6fe9d4a02e569268fb8c9f8527464c

Download Submit
C:\Windows\System\rGZZKDZ.exe

Filesize
1.4MB

MD5
00a8d1fa15193666f4bbf6afd9704050

SHA1
4bdd73646303f48ab35f8d4e2125fa18fd86879b

SHA256
39f68f5814d3a6c6eb93c4166f37e569d607713e821ae9fd4b4430d002c5b157

SHA512
ca3713ee9e368af1ccefc0f9896726fe79421136d5d8f85f474517501c2f7cd821fb888abc851bbdddf761a293e59eb1ca00873276b901fd9a8258e107ca76ba

Download Submit
C:\Windows\System\sXWBupR.exe

Filesize
1.4MB

MD5
1e9a01ccc3fd2f850cea15f921a427b3

SHA1
7e2d12979525514e9460897917b1bbf7ca967bf3

SHA256
4103cb64580c12968b1259d084b58cf60e7ea9f3bc25627f1cbd9bae063474bd

SHA512
0db2bf2c87d2705058351fcdafef5e8890af5f768e677a6b8701c7339c2a37c9597f066887869dd9245c739bf62cf201665e6293b49a748b3f1ddf421d07cdd9

Download Submit
C:\Windows\System\zRqhfMf.exe

Filesize
1.4MB

MD5
8825dcaf146f218e43333917420bbba5

SHA1
d9a6d55ee70c8d35dbb3a6d553c12e6916f84f20

SHA256
d5ff4324672951e884f221da5b13df0930af47d7d94e81c5b5841665d1cea6b4

SHA512
079b43f62306a8ac7a2fd07bc8f719f3e076fe923098da34f4c9b10e07689d0d2859aa93b4d0e347acf54d74b22d5816c2dbce7e3618853fdc0ed982faaf26ca

Download Submit
C:\Windows\System\zbGSzfx.exe

Filesize
1.4MB

MD5
bc844d2df08943206b81d86a1462402f

SHA1
73a9a7bd2edddd9bbe588b1eff15a61cbe34a3b9

SHA256
48aa360aef3c9ac4eff239dcf3d11e83ae05815a3b2efd231cd4f0b7add9f2fa

SHA512
2c353c2727b79b49e38b344c06e002ff9df844fb9217f0404cc3e9cc83c5cd9f9f8e19bd3b8eb21b5214ebb5ed444a56176eeb1a251bbfe3501c36ec44e600fd

Download Submit
memory/384-2073-0x00007FF7575E0000-0x00007FF7579D2000-memory.dmp

Filesize
3.9MB

Download
memory/384-89-0x00007FF7575E0000-0x00007FF7579D2000-memory.dmp

Filesize
3.9MB

Download
memory/1012-1977-0x00007FF712290000-0x00007FF712682000-memory.dmp

Filesize
3.9MB

Download
memory/1012-2049-0x00007FF712290000-0x00007FF712682000-memory.dmp

Filesize
3.9MB

Download
memory/1012-10-0x00007FF712290000-0x00007FF712682000-memory.dmp

Filesize
3.9MB

Download
memory/1052-114-0x00007FF781ED0000-0x00007FF7822C2000-memory.dmp

Filesize
3.9MB

Download
memory/1052-2080-0x00007FF781ED0000-0x00007FF7822C2000-memory.dmp

Filesize
3.9MB

Download
memory/1116-2056-0x00007FF6A9920000-0x00007FF6A9D12000-memory.dmp

Filesize
3.9MB

Download
memory/1116-55-0x00007FF6A9920000-0x00007FF6A9D12000-memory.dmp

Filesize
3.9MB

Download
memory/1500-108-0x00007FF7C1C00000-0x00007FF7C1FF2000-memory.dmp

Filesize
3.9MB

Download
memory/1500-2089-0x00007FF7C1C00000-0x00007FF7C1FF2000-memory.dmp

Filesize
3.9MB

Download
memory/1812-164-0x00007FF643880000-0x00007FF643C72000-memory.dmp

Filesize
3.9MB

Download
memory/1812-2094-0x00007FF643880000-0x00007FF643C72000-memory.dmp

Filesize
3.9MB

Download
memory/1956-2066-0x00007FF7EE600000-0x00007FF7EE9F2000-memory.dmp

Filesize
3.9MB

Download
memory/1956-93-0x00007FF7EE600000-0x00007FF7EE9F2000-memory.dmp

Filesize
3.9MB

Download
memory/2076-2082-0x00007FF642560000-0x00007FF642952000-memory.dmp

Filesize
3.9MB

Download
memory/2076-2016-0x00007FF642560000-0x00007FF642952000-memory.dmp

Filesize
3.9MB

Download
memory/2076-152-0x00007FF642560000-0x00007FF642952000-memory.dmp

Filesize
3.9MB

Download
memory/2236-104-0x00007FF7ECC50000-0x00007FF7ED042000-memory.dmp

Filesize
3.9MB

Download
memory/2236-2067-0x00007FF7ECC50000-0x00007FF7ED042000-memory.dmp

Filesize
3.9MB

Download
memory/2452-0-0x00007FF601110000-0x00007FF601502000-memory.dmp

Filesize
3.9MB

Download
memory/2452-1-0x00000286EA6A0000-0x00000286EA6B0000-memory.dmp

Filesize
64KB

Download
memory/2452-1268-0x00007FF601110000-0x00007FF601502000-memory.dmp

Filesize
3.9MB

Download
memory/2684-158-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp

Filesize
3.9MB

Download
memory/2684-2088-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp

Filesize
3.9MB

Download
memory/2684-2028-0x00007FF7C8450000-0x00007FF7C8842000-memory.dmp

Filesize
3.9MB

Download
memory/2808-79-0x00007FF7B1FA0000-0x00007FF7B2392000-memory.dmp

Filesize
3.9MB

Download
memory/2808-2075-0x00007FF7B1FA0000-0x00007FF7B2392000-memory.dmp

Filesize
3.9MB

Download
memory/3068-94-0x00007FF704110000-0x00007FF704502000-memory.dmp

Filesize
3.9MB

Download
memory/3068-2063-0x00007FF704110000-0x00007FF704502000-memory.dmp

Filesize
3.9MB

Download
memory/3112-6-0x00007FF7F4DC0000-0x00007FF7F51B2000-memory.dmp

Filesize
3.9MB

Download
memory/3112-1910-0x00007FF7F4DC0000-0x00007FF7F51B2000-memory.dmp

Filesize
3.9MB

Download
memory/3112-2047-0x00007FF7F4DC0000-0x00007FF7F51B2000-memory.dmp

Filesize
3.9MB

Download
memory/3664-33-0x00007FF69AE00000-0x00007FF69B1F2000-memory.dmp

Filesize
3.9MB

Download
memory/3664-2059-0x00007FF69AE00000-0x00007FF69B1F2000-memory.dmp

Filesize
3.9MB

Download
memory/3664-1981-0x00007FF69AE00000-0x00007FF69B1F2000-memory.dmp

Filesize
3.9MB

Download
memory/3672-25-0x00007FF778AC0000-0x00007FF778EB2000-memory.dmp

Filesize
3.9MB

Download
memory/3672-2051-0x00007FF778AC0000-0x00007FF778EB2000-memory.dmp

Filesize
3.9MB

Download
memory/3672-1979-0x00007FF778AC0000-0x00007FF778EB2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-64-0x00007FF702490000-0x00007FF702882000-memory.dmp

Filesize
3.9MB

Download
memory/3868-2054-0x00007FF702490000-0x00007FF702882000-memory.dmp

Filesize
3.9MB

Download
memory/3980-437-0x000001D5D8180000-0x000001D5D8926000-memory.dmp

Filesize
7.6MB

Download
memory/3980-146-0x000001D5D75C0000-0x000001D5D75E2000-memory.dmp

Filesize
136KB

Download
memory/4012-2014-0x00007FF7CCCC0000-0x00007FF7CD0B2000-memory.dmp

Filesize
3.9MB

Download
memory/4012-2084-0x00007FF7CCCC0000-0x00007FF7CD0B2000-memory.dmp

Filesize
3.9MB

Download
memory/4012-130-0x00007FF7CCCC0000-0x00007FF7CD0B2000-memory.dmp

Filesize
3.9MB

Download
memory/4064-2071-0x00007FF6EE8E0000-0x00007FF6EECD2000-memory.dmp

Filesize
3.9MB

Download
memory/4064-80-0x00007FF6EE8E0000-0x00007FF6EECD2000-memory.dmp

Filesize
3.9MB

Download
memory/4488-2069-0x00007FF7D4F60000-0x00007FF7D5352000-memory.dmp

Filesize
3.9MB

Download
memory/4488-100-0x00007FF7D4F60000-0x00007FF7D5352000-memory.dmp

Filesize
3.9MB

Download
memory/4508-2086-0x00007FF7A43E0000-0x00007FF7A47D2000-memory.dmp

Filesize
3.9MB

Download
memory/4508-124-0x00007FF7A43E0000-0x00007FF7A47D2000-memory.dmp

Filesize
3.9MB

Download
memory/4640-2062-0x00007FF768960000-0x00007FF768D52000-memory.dmp

Filesize
3.9MB

Download
memory/4640-105-0x00007FF768960000-0x00007FF768D52000-memory.dmp

Filesize
3.9MB

Download
memory/4644-2091-0x00007FF7BBAB0000-0x00007FF7BBEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4644-136-0x00007FF7BBAB0000-0x00007FF7BBEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4644-2015-0x00007FF7BBAB0000-0x00007FF7BBEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4684-1980-0x00007FF6D05B0000-0x00007FF6D09A2000-memory.dmp

Filesize
3.9MB

Download
memory/4684-48-0x00007FF6D05B0000-0x00007FF6D09A2000-memory.dmp

Filesize
3.9MB

Download
memory/4684-2058-0x00007FF6D05B0000-0x00007FF6D09A2000-memory.dmp

Filesize
3.9MB

Download
memory/4864-118-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp

Filesize
3.9MB

Download
memory/4864-2078-0x00007FF65CBA0000-0x00007FF65CF92000-memory.dmp

Filesize
3.9MB

Download