xmrig | df17354b3a09f9f65ea4bdc756f4798abf0194291558ecc7046b93a87ba78230

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
Size

3.2MB
MD5

5e119ef1a7c9165f67d4c46983c3ebd0
SHA1

0a81151cdb19f21c5657eff4b989a3ea541815b5
SHA256

df17354b3a09f9f65ea4bdc756f4798abf0194291558ecc7046b93a87ba78230
SHA512

439dd7f24f425ae5344022c644629b6cbb9aa45647a63070067822acd864f5dc6c2ef4d22d55c7147965053a9159f49ad3c35c1ebd923585189d727e63914679
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWU:7bBeSFk4

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1172-0-0x00007FF719780000-0x00007FF719B76000-memory.dmp	xmrig
behavioral2/files/0x00080000000233f9-6.dat	xmrig
behavioral2/files/0x00070000000233fe-9.dat	xmrig
behavioral2/files/0x00070000000233fd-11.dat	xmrig
behavioral2/files/0x00070000000233ff-22.dat	xmrig
behavioral2/files/0x0008000000023402-42.dat	xmrig
behavioral2/files/0x0007000000023403-48.dat	xmrig
behavioral2/files/0x0007000000023400-49.dat	xmrig
behavioral2/files/0x0007000000023404-56.dat	xmrig
behavioral2/files/0x0007000000023405-69.dat	xmrig
behavioral2/files/0x0007000000023407-76.dat	xmrig
behavioral2/files/0x000700000002340b-101.dat	xmrig
behavioral2/files/0x000700000002340c-111.dat	xmrig
behavioral2/files/0x000700000002340d-122.dat	xmrig
behavioral2/files/0x0007000000023414-154.dat	xmrig
behavioral2/files/0x0007000000023416-166.dat	xmrig
behavioral2/files/0x0007000000023418-178.dat	xmrig
behavioral2/memory/1784-208-0x00007FF675820000-0x00007FF675C16000-memory.dmp	xmrig
behavioral2/memory/4232-205-0x00007FF7A8C70000-0x00007FF7A9066000-memory.dmp	xmrig
behavioral2/memory/716-201-0x00007FF733490000-0x00007FF733886000-memory.dmp	xmrig
behavioral2/memory/3116-197-0x00007FF6142A0000-0x00007FF614696000-memory.dmp	xmrig
behavioral2/files/0x000700000002341b-196.dat	xmrig
behavioral2/files/0x0007000000023419-194.dat	xmrig
behavioral2/memory/516-193-0x00007FF6BB830000-0x00007FF6BBC26000-memory.dmp	xmrig
behavioral2/files/0x000700000002341a-190.dat	xmrig
behavioral2/memory/4808-187-0x00007FF668B40000-0x00007FF668F36000-memory.dmp	xmrig
behavioral2/files/0x0007000000023417-182.dat	xmrig
behavioral2/memory/2656-181-0x00007FF6BAFB0000-0x00007FF6BB3A6000-memory.dmp	xmrig
behavioral2/memory/3056-175-0x00007FF7875F0000-0x00007FF7879E6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023415-170.dat	xmrig
behavioral2/memory/4400-169-0x00007FF71CCC0000-0x00007FF71D0B6000-memory.dmp	xmrig
behavioral2/memory/3644-163-0x00007FF7AB790000-0x00007FF7ABB86000-memory.dmp	xmrig
behavioral2/files/0x0007000000023413-158.dat	xmrig
behavioral2/memory/3536-157-0x00007FF7BA740000-0x00007FF7BAB36000-memory.dmp	xmrig
behavioral2/files/0x0007000000023412-152.dat	xmrig
behavioral2/memory/4280-151-0x00007FF712880000-0x00007FF712C76000-memory.dmp	xmrig
behavioral2/files/0x0007000000023411-146.dat	xmrig
behavioral2/memory/1456-145-0x00007FF7C15C0000-0x00007FF7C19B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023410-140.dat	xmrig
behavioral2/memory/1708-139-0x00007FF702740000-0x00007FF702B36000-memory.dmp	xmrig
behavioral2/files/0x000700000002340f-134.dat	xmrig
behavioral2/memory/3068-133-0x00007FF742AE0000-0x00007FF742ED6000-memory.dmp	xmrig
behavioral2/files/0x000700000002340e-129.dat	xmrig
behavioral2/memory/3848-127-0x00007FF696BE0000-0x00007FF696FD6000-memory.dmp	xmrig
behavioral2/memory/4896-120-0x00007FF7B2BC0000-0x00007FF7B2FB6000-memory.dmp	xmrig
behavioral2/memory/4088-116-0x00007FF77C9B0000-0x00007FF77CDA6000-memory.dmp	xmrig
behavioral2/memory/3668-110-0x00007FF7E1A90000-0x00007FF7E1E86000-memory.dmp	xmrig
behavioral2/memory/1760-105-0x00007FF621110000-0x00007FF621506000-memory.dmp	xmrig
behavioral2/files/0x000700000002340a-100.dat	xmrig
behavioral2/files/0x00080000000233fa-96.dat	xmrig
behavioral2/files/0x0007000000023409-91.dat	xmrig
behavioral2/files/0x0007000000023408-85.dat	xmrig
behavioral2/files/0x0007000000023406-72.dat	xmrig
behavioral2/files/0x0008000000023401-65.dat	xmrig
behavioral2/memory/1404-44-0x00007FF756AC0000-0x00007FF756EB6000-memory.dmp	xmrig
behavioral2/memory/4172-43-0x00007FF7031F0000-0x00007FF7035E6000-memory.dmp	xmrig
behavioral2/memory/3912-36-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp	xmrig
behavioral2/memory/2484-23-0x00007FF6C20B0000-0x00007FF6C24A6000-memory.dmp	xmrig
behavioral2/memory/4172-1955-0x00007FF7031F0000-0x00007FF7035E6000-memory.dmp	xmrig
behavioral2/memory/3912-1957-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp	xmrig
behavioral2/memory/1404-1958-0x00007FF756AC0000-0x00007FF756EB6000-memory.dmp	xmrig
behavioral2/memory/1760-1968-0x00007FF621110000-0x00007FF621506000-memory.dmp	xmrig
behavioral2/memory/2484-1969-0x00007FF6C20B0000-0x00007FF6C24A6000-memory.dmp	xmrig
behavioral2/memory/3912-1970-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
10	2596	powershell.exe
12	2596	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2596	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1760	rOEoxNl.exe
2484	BhZqRen.exe
3912	YtIAgKf.exe
4172	nPRglzP.exe
3668	rYhxAgU.exe
1404	NNiLhVp.exe
3056	UPPOdCQ.exe
4088	mjDPoOS.exe
4896	WPuFVte.exe
3848	eXaqETM.exe
3068	JarzWFI.exe
1708	HMgNBHv.exe
1456	yDmiLxJ.exe
4280	ikkIHId.exe
3536	fBolyrP.exe
3644	FLTUqZb.exe
4400	hJPMRpv.exe
2656	CaYudNw.exe
4808	eotfWwe.exe
516	wkuNrbx.exe
3116	WCFgAMb.exe
716	QVWrfdK.exe
4232	oBmyClS.exe
1784	NSEuMNn.exe
1816	csQnINb.exe
2760	dFMtOKZ.exe
3792	IbLRDwZ.exe
868	toKidCp.exe
3652	twAlBCZ.exe
3508	zAXefRA.exe
1572	fuspuIB.exe
3148	zhrWTQi.exe
2164	fOIXDbk.exe
2428	HNWKDHq.exe
4116	sDYNFhG.exe
3908	cizuxMK.exe
4960	NvJzjki.exe
2644	GbCPxpn.exe
1428	UuLHcTW.exe
2500	lxTfvkV.exe
4668	iWbOsyF.exe
4552	NkTxvjp.exe
1192	SYJyABu.exe
2552	QXkjyMc.exe
1976	iAttDkb.exe
4220	cpqNfAA.exe
1928	UIfwQSH.exe
3552	HbVkckL.exe
1768	ZpATYnl.exe
1440	XfFrnxR.exe
1640	HCWScsg.exe
392	muZlMRJ.exe
1676	pkeXBPM.exe
2508	tUfQMpD.exe
4528	iOqOILp.exe
216	UMjHAmo.exe
3468	fNvyAJh.exe
4164	RYSEaIE.exe
3384	WwxUuKl.exe
4356	BykDKye.exe
2264	xWudydU.exe
4972	zBxbEKe.exe
2952	YqwgATF.exe
5036	SliKKXh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1172-0-0x00007FF719780000-0x00007FF719B76000-memory.dmp	upx
behavioral2/files/0x00080000000233f9-6.dat	upx
behavioral2/files/0x00070000000233fe-9.dat	upx
behavioral2/files/0x00070000000233fd-11.dat	upx
behavioral2/files/0x00070000000233ff-22.dat	upx
behavioral2/files/0x0008000000023402-42.dat	upx
behavioral2/files/0x0007000000023403-48.dat	upx
behavioral2/files/0x0007000000023400-49.dat	upx
behavioral2/files/0x0007000000023404-56.dat	upx
behavioral2/files/0x0007000000023405-69.dat	upx
behavioral2/files/0x0007000000023407-76.dat	upx
behavioral2/files/0x000700000002340b-101.dat	upx
behavioral2/files/0x000700000002340c-111.dat	upx
behavioral2/files/0x000700000002340d-122.dat	upx
behavioral2/files/0x0007000000023414-154.dat	upx
behavioral2/files/0x0007000000023416-166.dat	upx
behavioral2/files/0x0007000000023418-178.dat	upx
behavioral2/memory/1784-208-0x00007FF675820000-0x00007FF675C16000-memory.dmp	upx
behavioral2/memory/4232-205-0x00007FF7A8C70000-0x00007FF7A9066000-memory.dmp	upx
behavioral2/memory/716-201-0x00007FF733490000-0x00007FF733886000-memory.dmp	upx
behavioral2/memory/3116-197-0x00007FF6142A0000-0x00007FF614696000-memory.dmp	upx
behavioral2/files/0x000700000002341b-196.dat	upx
behavioral2/files/0x0007000000023419-194.dat	upx
behavioral2/memory/516-193-0x00007FF6BB830000-0x00007FF6BBC26000-memory.dmp	upx
behavioral2/files/0x000700000002341a-190.dat	upx
behavioral2/memory/4808-187-0x00007FF668B40000-0x00007FF668F36000-memory.dmp	upx
behavioral2/files/0x0007000000023417-182.dat	upx
behavioral2/memory/2656-181-0x00007FF6BAFB0000-0x00007FF6BB3A6000-memory.dmp	upx
behavioral2/memory/3056-175-0x00007FF7875F0000-0x00007FF7879E6000-memory.dmp	upx
behavioral2/files/0x0007000000023415-170.dat	upx
behavioral2/memory/4400-169-0x00007FF71CCC0000-0x00007FF71D0B6000-memory.dmp	upx
behavioral2/memory/3644-163-0x00007FF7AB790000-0x00007FF7ABB86000-memory.dmp	upx
behavioral2/files/0x0007000000023413-158.dat	upx
behavioral2/memory/3536-157-0x00007FF7BA740000-0x00007FF7BAB36000-memory.dmp	upx
behavioral2/files/0x0007000000023412-152.dat	upx
behavioral2/memory/4280-151-0x00007FF712880000-0x00007FF712C76000-memory.dmp	upx
behavioral2/files/0x0007000000023411-146.dat	upx
behavioral2/memory/1456-145-0x00007FF7C15C0000-0x00007FF7C19B6000-memory.dmp	upx
behavioral2/files/0x0007000000023410-140.dat	upx
behavioral2/memory/1708-139-0x00007FF702740000-0x00007FF702B36000-memory.dmp	upx
behavioral2/files/0x000700000002340f-134.dat	upx
behavioral2/memory/3068-133-0x00007FF742AE0000-0x00007FF742ED6000-memory.dmp	upx
behavioral2/files/0x000700000002340e-129.dat	upx
behavioral2/memory/3848-127-0x00007FF696BE0000-0x00007FF696FD6000-memory.dmp	upx
behavioral2/memory/4896-120-0x00007FF7B2BC0000-0x00007FF7B2FB6000-memory.dmp	upx
behavioral2/memory/4088-116-0x00007FF77C9B0000-0x00007FF77CDA6000-memory.dmp	upx
behavioral2/memory/3668-110-0x00007FF7E1A90000-0x00007FF7E1E86000-memory.dmp	upx
behavioral2/memory/1760-105-0x00007FF621110000-0x00007FF621506000-memory.dmp	upx
behavioral2/files/0x000700000002340a-100.dat	upx
behavioral2/files/0x00080000000233fa-96.dat	upx
behavioral2/files/0x0007000000023409-91.dat	upx
behavioral2/files/0x0007000000023408-85.dat	upx
behavioral2/files/0x0007000000023406-72.dat	upx
behavioral2/files/0x0008000000023401-65.dat	upx
behavioral2/memory/1404-44-0x00007FF756AC0000-0x00007FF756EB6000-memory.dmp	upx
behavioral2/memory/4172-43-0x00007FF7031F0000-0x00007FF7035E6000-memory.dmp	upx
behavioral2/memory/3912-36-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp	upx
behavioral2/memory/2484-23-0x00007FF6C20B0000-0x00007FF6C24A6000-memory.dmp	upx
behavioral2/memory/4172-1955-0x00007FF7031F0000-0x00007FF7035E6000-memory.dmp	upx
behavioral2/memory/3912-1957-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp	upx
behavioral2/memory/1404-1958-0x00007FF756AC0000-0x00007FF756EB6000-memory.dmp	upx
behavioral2/memory/1760-1968-0x00007FF621110000-0x00007FF621506000-memory.dmp	upx
behavioral2/memory/2484-1969-0x00007FF6C20B0000-0x00007FF6C24A6000-memory.dmp	upx
behavioral2/memory/3912-1970-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PDxElma.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\XIXszVf.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\JrIUMfR.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\khlbydX.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\UAIFdDN.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\DlFnTZc.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\FvChCnW.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\vXSutbk.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\ARjUuVk.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\arlXPfa.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\KvwhELD.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\WSwDkXU.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\uqzUhfo.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\QypIxXC.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\gBvInqe.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\BmqRhLx.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\viewsyQ.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\yNjGYgS.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\aPHbDtx.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\eaVIuhW.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\UHjAHbJ.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\WAOxTes.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\zLUBqlQ.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\xtEQccA.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\zqqwmHs.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\HqPVTbm.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\OBpeKGq.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\ButkykV.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\JsUQOrz.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\xIvJWGt.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\rmXcVHf.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\gTWjdif.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\gEvzjdF.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\SDuuMTR.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\JpnAoLs.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\IzpbzGy.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\gXtcLxa.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\rJiAlAr.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\hhEgTZN.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\DjbzfLx.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\lCObKbF.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\NBwzIxI.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\KxOhulB.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\ChXzQbA.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\BmMLaRM.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\PUvPMLD.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\CgUmsuH.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\NmyPrOx.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\tYrTdyE.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\dGcMMOR.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\KiDMlSy.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\XMYmybB.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\XYHnWbv.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\huGbmcV.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\BTtjAAp.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\fZYsPCG.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\QnTOTyZ.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\jVFyYfz.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\JlyRZYx.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\SdsYpLP.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\JwKdgex.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\gDVZmWZ.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\NZXUtsT.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
File created	C:\Windows\System\AYGqRtR.exe	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2596	powershell.exe
2596	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2596	powershell.exe
Token: SeLockMemoryPrivilege	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 2596	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	84
PID 1172 wrote to memory of 2596	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	84
PID 1172 wrote to memory of 1760	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	85
PID 1172 wrote to memory of 1760	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	85
PID 1172 wrote to memory of 2484	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	86
PID 1172 wrote to memory of 2484	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	86
PID 1172 wrote to memory of 3912	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	87
PID 1172 wrote to memory of 3912	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	87
PID 1172 wrote to memory of 4172	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	88
PID 1172 wrote to memory of 4172	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	88
PID 1172 wrote to memory of 3668	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	89
PID 1172 wrote to memory of 3668	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	89
PID 1172 wrote to memory of 1404	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	90
PID 1172 wrote to memory of 1404	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	90
PID 1172 wrote to memory of 3056	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	91
PID 1172 wrote to memory of 3056	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	91
PID 1172 wrote to memory of 4088	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	92
PID 1172 wrote to memory of 4088	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	92
PID 1172 wrote to memory of 4896	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	93
PID 1172 wrote to memory of 4896	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	93
PID 1172 wrote to memory of 3848	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	94
PID 1172 wrote to memory of 3848	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	94
PID 1172 wrote to memory of 3068	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	95
PID 1172 wrote to memory of 3068	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	95
PID 1172 wrote to memory of 1708	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	96
PID 1172 wrote to memory of 1708	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	96
PID 1172 wrote to memory of 1456	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	97
PID 1172 wrote to memory of 1456	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	97
PID 1172 wrote to memory of 4280	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	98
PID 1172 wrote to memory of 4280	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	98
PID 1172 wrote to memory of 3536	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	99
PID 1172 wrote to memory of 3536	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	99
PID 1172 wrote to memory of 3644	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	100
PID 1172 wrote to memory of 3644	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	100
PID 1172 wrote to memory of 4400	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	101
PID 1172 wrote to memory of 4400	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	101
PID 1172 wrote to memory of 2656	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	102
PID 1172 wrote to memory of 2656	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	102
PID 1172 wrote to memory of 4808	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	103
PID 1172 wrote to memory of 4808	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	103
PID 1172 wrote to memory of 516	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	104
PID 1172 wrote to memory of 516	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	104
PID 1172 wrote to memory of 3116	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	105
PID 1172 wrote to memory of 3116	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	105
PID 1172 wrote to memory of 716	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	106
PID 1172 wrote to memory of 716	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	106
PID 1172 wrote to memory of 4232	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	107
PID 1172 wrote to memory of 4232	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	107
PID 1172 wrote to memory of 1784	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	108
PID 1172 wrote to memory of 1784	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	108
PID 1172 wrote to memory of 1816	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	109
PID 1172 wrote to memory of 1816	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	109
PID 1172 wrote to memory of 2760	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	110
PID 1172 wrote to memory of 2760	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	110
PID 1172 wrote to memory of 3792	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	111
PID 1172 wrote to memory of 3792	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	111
PID 1172 wrote to memory of 868	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	112
PID 1172 wrote to memory of 868	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	112
PID 1172 wrote to memory of 3652	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	113
PID 1172 wrote to memory of 3652	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	113
PID 1172 wrote to memory of 3508	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	114
PID 1172 wrote to memory of 3508	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	114
PID 1172 wrote to memory of 1572	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	115
PID 1172 wrote to memory of 1572	1172	5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e119ef1a7c9165f67d4c46983c3ebd0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2596
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2596" "2940" "2844" "2944" "0" "0" "2948" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12936
- C:\Windows\System\rOEoxNl.exe
  C:\Windows\System\rOEoxNl.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\BhZqRen.exe
  C:\Windows\System\BhZqRen.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\YtIAgKf.exe
  C:\Windows\System\YtIAgKf.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\nPRglzP.exe
  C:\Windows\System\nPRglzP.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\rYhxAgU.exe
  C:\Windows\System\rYhxAgU.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\NNiLhVp.exe
  C:\Windows\System\NNiLhVp.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\UPPOdCQ.exe
  C:\Windows\System\UPPOdCQ.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\mjDPoOS.exe
  C:\Windows\System\mjDPoOS.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\WPuFVte.exe
  C:\Windows\System\WPuFVte.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\eXaqETM.exe
  C:\Windows\System\eXaqETM.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\JarzWFI.exe
  C:\Windows\System\JarzWFI.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\HMgNBHv.exe
  C:\Windows\System\HMgNBHv.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\yDmiLxJ.exe
  C:\Windows\System\yDmiLxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\ikkIHId.exe
  C:\Windows\System\ikkIHId.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\fBolyrP.exe
  C:\Windows\System\fBolyrP.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\FLTUqZb.exe
  C:\Windows\System\FLTUqZb.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\hJPMRpv.exe
  C:\Windows\System\hJPMRpv.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\CaYudNw.exe
  C:\Windows\System\CaYudNw.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\eotfWwe.exe
  C:\Windows\System\eotfWwe.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\wkuNrbx.exe
  C:\Windows\System\wkuNrbx.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\WCFgAMb.exe
  C:\Windows\System\WCFgAMb.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\QVWrfdK.exe
  C:\Windows\System\QVWrfdK.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\oBmyClS.exe
  C:\Windows\System\oBmyClS.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\NSEuMNn.exe
  C:\Windows\System\NSEuMNn.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\csQnINb.exe
  C:\Windows\System\csQnINb.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\dFMtOKZ.exe
  C:\Windows\System\dFMtOKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\IbLRDwZ.exe
  C:\Windows\System\IbLRDwZ.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\toKidCp.exe
  C:\Windows\System\toKidCp.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\twAlBCZ.exe
  C:\Windows\System\twAlBCZ.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\zAXefRA.exe
  C:\Windows\System\zAXefRA.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\fuspuIB.exe
  C:\Windows\System\fuspuIB.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\zhrWTQi.exe
  C:\Windows\System\zhrWTQi.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\fOIXDbk.exe
  C:\Windows\System\fOIXDbk.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\HNWKDHq.exe
  C:\Windows\System\HNWKDHq.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\sDYNFhG.exe
  C:\Windows\System\sDYNFhG.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\cizuxMK.exe
  C:\Windows\System\cizuxMK.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\NvJzjki.exe
  C:\Windows\System\NvJzjki.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\GbCPxpn.exe
  C:\Windows\System\GbCPxpn.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\UuLHcTW.exe
  C:\Windows\System\UuLHcTW.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\lxTfvkV.exe
  C:\Windows\System\lxTfvkV.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\iWbOsyF.exe
  C:\Windows\System\iWbOsyF.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\NkTxvjp.exe
  C:\Windows\System\NkTxvjp.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\SYJyABu.exe
  C:\Windows\System\SYJyABu.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\QXkjyMc.exe
  C:\Windows\System\QXkjyMc.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\iAttDkb.exe
  C:\Windows\System\iAttDkb.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\cpqNfAA.exe
  C:\Windows\System\cpqNfAA.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\UIfwQSH.exe
  C:\Windows\System\UIfwQSH.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\HbVkckL.exe
  C:\Windows\System\HbVkckL.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\ZpATYnl.exe
  C:\Windows\System\ZpATYnl.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\XfFrnxR.exe
  C:\Windows\System\XfFrnxR.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\HCWScsg.exe
  C:\Windows\System\HCWScsg.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\muZlMRJ.exe
  C:\Windows\System\muZlMRJ.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\pkeXBPM.exe
  C:\Windows\System\pkeXBPM.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\tUfQMpD.exe
  C:\Windows\System\tUfQMpD.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\iOqOILp.exe
  C:\Windows\System\iOqOILp.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\UMjHAmo.exe
  C:\Windows\System\UMjHAmo.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\fNvyAJh.exe
  C:\Windows\System\fNvyAJh.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\RYSEaIE.exe
  C:\Windows\System\RYSEaIE.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\WwxUuKl.exe
  C:\Windows\System\WwxUuKl.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\BykDKye.exe
  C:\Windows\System\BykDKye.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\xWudydU.exe
  C:\Windows\System\xWudydU.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\zBxbEKe.exe
  C:\Windows\System\zBxbEKe.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\YqwgATF.exe
  C:\Windows\System\YqwgATF.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\SliKKXh.exe
  C:\Windows\System\SliKKXh.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\AozoeKy.exe
  C:\Windows\System\AozoeKy.exe
  2⤵
  PID:1500
- C:\Windows\System\VLwhmIi.exe
  C:\Windows\System\VLwhmIi.exe
  2⤵
  PID:5148
- C:\Windows\System\xGkNrNp.exe
  C:\Windows\System\xGkNrNp.exe
  2⤵
  PID:5176
- C:\Windows\System\uNnRqqd.exe
  C:\Windows\System\uNnRqqd.exe
  2⤵
  PID:5204
- C:\Windows\System\TNkkerb.exe
  C:\Windows\System\TNkkerb.exe
  2⤵
  PID:5232
- C:\Windows\System\YgNcLzF.exe
  C:\Windows\System\YgNcLzF.exe
  2⤵
  PID:5260
- C:\Windows\System\jnGrrMn.exe
  C:\Windows\System\jnGrrMn.exe
  2⤵
  PID:5288
- C:\Windows\System\LGwNmsr.exe
  C:\Windows\System\LGwNmsr.exe
  2⤵
  PID:5316
- C:\Windows\System\OsYRuqQ.exe
  C:\Windows\System\OsYRuqQ.exe
  2⤵
  PID:5352
- C:\Windows\System\yzKhpln.exe
  C:\Windows\System\yzKhpln.exe
  2⤵
  PID:5384
- C:\Windows\System\vLesHvj.exe
  C:\Windows\System\vLesHvj.exe
  2⤵
  PID:5412
- C:\Windows\System\jAPdyyA.exe
  C:\Windows\System\jAPdyyA.exe
  2⤵
  PID:5440
- C:\Windows\System\mLPHBjx.exe
  C:\Windows\System\mLPHBjx.exe
  2⤵
  PID:5464
- C:\Windows\System\LwxTIWV.exe
  C:\Windows\System\LwxTIWV.exe
  2⤵
  PID:5496
- C:\Windows\System\kIAKKxp.exe
  C:\Windows\System\kIAKKxp.exe
  2⤵
  PID:5524
- C:\Windows\System\mtRfwAT.exe
  C:\Windows\System\mtRfwAT.exe
  2⤵
  PID:5556
- C:\Windows\System\rLSKdId.exe
  C:\Windows\System\rLSKdId.exe
  2⤵
  PID:5580
- C:\Windows\System\cXwOYsY.exe
  C:\Windows\System\cXwOYsY.exe
  2⤵
  PID:5608
- C:\Windows\System\vFcCVac.exe
  C:\Windows\System\vFcCVac.exe
  2⤵
  PID:5636
- C:\Windows\System\uEeHcKO.exe
  C:\Windows\System\uEeHcKO.exe
  2⤵
  PID:5664
- C:\Windows\System\rZUzDzL.exe
  C:\Windows\System\rZUzDzL.exe
  2⤵
  PID:5692
- C:\Windows\System\YwKPzdu.exe
  C:\Windows\System\YwKPzdu.exe
  2⤵
  PID:5720
- C:\Windows\System\RGWtXfu.exe
  C:\Windows\System\RGWtXfu.exe
  2⤵
  PID:5748
- C:\Windows\System\RrqENfB.exe
  C:\Windows\System\RrqENfB.exe
  2⤵
  PID:5772
- C:\Windows\System\uZEBYmP.exe
  C:\Windows\System\uZEBYmP.exe
  2⤵
  PID:5800
- C:\Windows\System\UgmlGWK.exe
  C:\Windows\System\UgmlGWK.exe
  2⤵
  PID:5828
- C:\Windows\System\WocTXlq.exe
  C:\Windows\System\WocTXlq.exe
  2⤵
  PID:5856
- C:\Windows\System\LAuyxIA.exe
  C:\Windows\System\LAuyxIA.exe
  2⤵
  PID:5888
- C:\Windows\System\DDWDqxG.exe
  C:\Windows\System\DDWDqxG.exe
  2⤵
  PID:5916
- C:\Windows\System\CROUeqK.exe
  C:\Windows\System\CROUeqK.exe
  2⤵
  PID:5944
- C:\Windows\System\VdNgkcI.exe
  C:\Windows\System\VdNgkcI.exe
  2⤵
  PID:5968
- C:\Windows\System\UsQgNHb.exe
  C:\Windows\System\UsQgNHb.exe
  2⤵
  PID:6000
- C:\Windows\System\BaaOKuR.exe
  C:\Windows\System\BaaOKuR.exe
  2⤵
  PID:6028
- C:\Windows\System\ZaRwexC.exe
  C:\Windows\System\ZaRwexC.exe
  2⤵
  PID:6052
- C:\Windows\System\zWEFDgx.exe
  C:\Windows\System\zWEFDgx.exe
  2⤵
  PID:6072
- C:\Windows\System\EvceTxM.exe
  C:\Windows\System\EvceTxM.exe
  2⤵
  PID:6100
- C:\Windows\System\lQzLRZY.exe
  C:\Windows\System\lQzLRZY.exe
  2⤵
  PID:6128
- C:\Windows\System\SwZmNKj.exe
  C:\Windows\System\SwZmNKj.exe
  2⤵
  PID:4548
- C:\Windows\System\ddLTFmL.exe
  C:\Windows\System\ddLTFmL.exe
  2⤵
  PID:4028
- C:\Windows\System\cewnQBj.exe
  C:\Windows\System\cewnQBj.exe
  2⤵
  PID:3796
- C:\Windows\System\JhSJpBt.exe
  C:\Windows\System\JhSJpBt.exe
  2⤵
  PID:1424
- C:\Windows\System\ZoSVZXf.exe
  C:\Windows\System\ZoSVZXf.exe
  2⤵
  PID:1904
- C:\Windows\System\saKsCBI.exe
  C:\Windows\System\saKsCBI.exe
  2⤵
  PID:904
- C:\Windows\System\mukrTPH.exe
  C:\Windows\System\mukrTPH.exe
  2⤵
  PID:5168
- C:\Windows\System\MLupIeL.exe
  C:\Windows\System\MLupIeL.exe
  2⤵
  PID:5248
- C:\Windows\System\osZkzeb.exe
  C:\Windows\System\osZkzeb.exe
  2⤵
  PID:5308
- C:\Windows\System\mNWrCeB.exe
  C:\Windows\System\mNWrCeB.exe
  2⤵
  PID:5376
- C:\Windows\System\PlBTOpu.exe
  C:\Windows\System\PlBTOpu.exe
  2⤵
  PID:5432
- C:\Windows\System\sJvcRcn.exe
  C:\Windows\System\sJvcRcn.exe
  2⤵
  PID:5508
- C:\Windows\System\TKymMwD.exe
  C:\Windows\System\TKymMwD.exe
  2⤵
  PID:5592
- C:\Windows\System\eylRWSi.exe
  C:\Windows\System\eylRWSi.exe
  2⤵
  PID:5652
- C:\Windows\System\pQhxGai.exe
  C:\Windows\System\pQhxGai.exe
  2⤵
  PID:5732
- C:\Windows\System\KfErYAY.exe
  C:\Windows\System\KfErYAY.exe
  2⤵
  PID:5792
- C:\Windows\System\qNylJsU.exe
  C:\Windows\System\qNylJsU.exe
  2⤵
  PID:5872
- C:\Windows\System\qOMqMyt.exe
  C:\Windows\System\qOMqMyt.exe
  2⤵
  PID:5932
- C:\Windows\System\uMdkHAw.exe
  C:\Windows\System\uMdkHAw.exe
  2⤵
  PID:5992
- C:\Windows\System\smUhUfA.exe
  C:\Windows\System\smUhUfA.exe
  2⤵
  PID:6064
- C:\Windows\System\gXKezqs.exe
  C:\Windows\System\gXKezqs.exe
  2⤵
  PID:6120
- C:\Windows\System\PSEPPoJ.exe
  C:\Windows\System\PSEPPoJ.exe
  2⤵
  PID:2568
- C:\Windows\System\nyVySUn.exe
  C:\Windows\System\nyVySUn.exe
  2⤵
  PID:384
- C:\Windows\System\czQCNky.exe
  C:\Windows\System\czQCNky.exe
  2⤵
  PID:5224
- C:\Windows\System\FqelAXu.exe
  C:\Windows\System\FqelAXu.exe
  2⤵
  PID:5684
- C:\Windows\System\KPYZgCg.exe
  C:\Windows\System\KPYZgCg.exe
  2⤵
  PID:5540
- C:\Windows\System\LEGJhXh.exe
  C:\Windows\System\LEGJhXh.exe
  2⤵
  PID:5704
- C:\Windows\System\GucBzcz.exe
  C:\Windows\System\GucBzcz.exe
  2⤵
  PID:6148
- C:\Windows\System\yKfOENE.exe
  C:\Windows\System\yKfOENE.exe
  2⤵
  PID:6176
- C:\Windows\System\CkREEHd.exe
  C:\Windows\System\CkREEHd.exe
  2⤵
  PID:6204
- C:\Windows\System\XnILyeL.exe
  C:\Windows\System\XnILyeL.exe
  2⤵
  PID:6232
- C:\Windows\System\WcEdRqJ.exe
  C:\Windows\System\WcEdRqJ.exe
  2⤵
  PID:6260
- C:\Windows\System\gqLlgii.exe
  C:\Windows\System\gqLlgii.exe
  2⤵
  PID:6288
- C:\Windows\System\DurXgYC.exe
  C:\Windows\System\DurXgYC.exe
  2⤵
  PID:6316
- C:\Windows\System\kaeMRwm.exe
  C:\Windows\System\kaeMRwm.exe
  2⤵
  PID:6344
- C:\Windows\System\IbMUOpX.exe
  C:\Windows\System\IbMUOpX.exe
  2⤵
  PID:6372
- C:\Windows\System\aPXGXmc.exe
  C:\Windows\System\aPXGXmc.exe
  2⤵
  PID:6400
- C:\Windows\System\FGVDJZc.exe
  C:\Windows\System\FGVDJZc.exe
  2⤵
  PID:6428
- C:\Windows\System\FaodQul.exe
  C:\Windows\System\FaodQul.exe
  2⤵
  PID:6452
- C:\Windows\System\mphTRxj.exe
  C:\Windows\System\mphTRxj.exe
  2⤵
  PID:6484
- C:\Windows\System\iYpyYdW.exe
  C:\Windows\System\iYpyYdW.exe
  2⤵
  PID:6512
- C:\Windows\System\KvOfBvA.exe
  C:\Windows\System\KvOfBvA.exe
  2⤵
  PID:6540
- C:\Windows\System\vPXAPTy.exe
  C:\Windows\System\vPXAPTy.exe
  2⤵
  PID:6568
- C:\Windows\System\PswVwoo.exe
  C:\Windows\System\PswVwoo.exe
  2⤵
  PID:6596
- C:\Windows\System\GktfUGs.exe
  C:\Windows\System\GktfUGs.exe
  2⤵
  PID:6624
- C:\Windows\System\QbYgWrP.exe
  C:\Windows\System\QbYgWrP.exe
  2⤵
  PID:6648
- C:\Windows\System\WAOxTes.exe
  C:\Windows\System\WAOxTes.exe
  2⤵
  PID:6676
- C:\Windows\System\TosvAGq.exe
  C:\Windows\System\TosvAGq.exe
  2⤵
  PID:6708
- C:\Windows\System\qqdaGuk.exe
  C:\Windows\System\qqdaGuk.exe
  2⤵
  PID:6736
- C:\Windows\System\IuKsAKQ.exe
  C:\Windows\System\IuKsAKQ.exe
  2⤵
  PID:6760
- C:\Windows\System\YqVkLAW.exe
  C:\Windows\System\YqVkLAW.exe
  2⤵
  PID:6788
- C:\Windows\System\upGQAcw.exe
  C:\Windows\System\upGQAcw.exe
  2⤵
  PID:6808
- C:\Windows\System\jnZcUxa.exe
  C:\Windows\System\jnZcUxa.exe
  2⤵
  PID:6836
- C:\Windows\System\POqHRYe.exe
  C:\Windows\System\POqHRYe.exe
  2⤵
  PID:6864
- C:\Windows\System\zQVVJfD.exe
  C:\Windows\System\zQVVJfD.exe
  2⤵
  PID:6892
- C:\Windows\System\BTtjAAp.exe
  C:\Windows\System\BTtjAAp.exe
  2⤵
  PID:6920
- C:\Windows\System\csgSpRZ.exe
  C:\Windows\System\csgSpRZ.exe
  2⤵
  PID:6948
- C:\Windows\System\UjsLRFc.exe
  C:\Windows\System\UjsLRFc.exe
  2⤵
  PID:6976
- C:\Windows\System\OMzZaZK.exe
  C:\Windows\System\OMzZaZK.exe
  2⤵
  PID:7004
- C:\Windows\System\gdCYpyG.exe
  C:\Windows\System\gdCYpyG.exe
  2⤵
  PID:7032
- C:\Windows\System\XcBoXKJ.exe
  C:\Windows\System\XcBoXKJ.exe
  2⤵
  PID:7060
- C:\Windows\System\FfBPbVG.exe
  C:\Windows\System\FfBPbVG.exe
  2⤵
  PID:7088
- C:\Windows\System\paUWtTr.exe
  C:\Windows\System\paUWtTr.exe
  2⤵
  PID:7116
- C:\Windows\System\srJFlCS.exe
  C:\Windows\System\srJFlCS.exe
  2⤵
  PID:7144
- C:\Windows\System\DYCSwTA.exe
  C:\Windows\System\DYCSwTA.exe
  2⤵
  PID:5848
- C:\Windows\System\FkazXaN.exe
  C:\Windows\System\FkazXaN.exe
  2⤵
  PID:6020
- C:\Windows\System\ftqOKVk.exe
  C:\Windows\System\ftqOKVk.exe
  2⤵
  PID:624
- C:\Windows\System\NwHFSwm.exe
  C:\Windows\System\NwHFSwm.exe
  2⤵
  PID:5164
- C:\Windows\System\hYhIDun.exe
  C:\Windows\System\hYhIDun.exe
  2⤵
  PID:5484
- C:\Windows\System\qBXAlQo.exe
  C:\Windows\System\qBXAlQo.exe
  2⤵
  PID:6160
- C:\Windows\System\nxDXgcL.exe
  C:\Windows\System\nxDXgcL.exe
  2⤵
  PID:6220
- C:\Windows\System\lbwcDPf.exe
  C:\Windows\System\lbwcDPf.exe
  2⤵
  PID:6276
- C:\Windows\System\yvOTLSS.exe
  C:\Windows\System\yvOTLSS.exe
  2⤵
  PID:6336
- C:\Windows\System\glsybsc.exe
  C:\Windows\System\glsybsc.exe
  2⤵
  PID:6412
- C:\Windows\System\cYWRKdc.exe
  C:\Windows\System\cYWRKdc.exe
  2⤵
  PID:6472
- C:\Windows\System\IgUplfG.exe
  C:\Windows\System\IgUplfG.exe
  2⤵
  PID:6532
- C:\Windows\System\rieunFb.exe
  C:\Windows\System\rieunFb.exe
  2⤵
  PID:6616
- C:\Windows\System\ETBhmaX.exe
  C:\Windows\System\ETBhmaX.exe
  2⤵
  PID:6668
- C:\Windows\System\CRQcctQ.exe
  C:\Windows\System\CRQcctQ.exe
  2⤵
  PID:6728
- C:\Windows\System\yvCIWgK.exe
  C:\Windows\System\yvCIWgK.exe
  2⤵
  PID:6800
- C:\Windows\System\ghsiLoO.exe
  C:\Windows\System\ghsiLoO.exe
  2⤵
  PID:6856
- C:\Windows\System\wqMVhVw.exe
  C:\Windows\System\wqMVhVw.exe
  2⤵
  PID:6932
- C:\Windows\System\GVwXcRC.exe
  C:\Windows\System\GVwXcRC.exe
  2⤵
  PID:6992
- C:\Windows\System\HqPDTFj.exe
  C:\Windows\System\HqPDTFj.exe
  2⤵
  PID:7052
- C:\Windows\System\evPldzH.exe
  C:\Windows\System\evPldzH.exe
  2⤵
  PID:7128
- C:\Windows\System\UAMglNp.exe
  C:\Windows\System\UAMglNp.exe
  2⤵
  PID:5960
- C:\Windows\System\dJmNiAt.exe
  C:\Windows\System\dJmNiAt.exe
  2⤵
  PID:4556
- C:\Windows\System\MyTJmtT.exe
  C:\Windows\System\MyTJmtT.exe
  2⤵
  PID:6188
- C:\Windows\System\BtlXfyD.exe
  C:\Windows\System\BtlXfyD.exe
  2⤵
  PID:6308
- C:\Windows\System\ebnmPlw.exe
  C:\Windows\System\ebnmPlw.exe
  2⤵
  PID:6448
- C:\Windows\System\IYfvzbv.exe
  C:\Windows\System\IYfvzbv.exe
  2⤵
  PID:6588
- C:\Windows\System\abYdoWd.exe
  C:\Windows\System\abYdoWd.exe
  2⤵
  PID:6756
- C:\Windows\System\BXficig.exe
  C:\Windows\System\BXficig.exe
  2⤵
  PID:7196
- C:\Windows\System\yDiaroA.exe
  C:\Windows\System\yDiaroA.exe
  2⤵
  PID:7224
- C:\Windows\System\FMDFVye.exe
  C:\Windows\System\FMDFVye.exe
  2⤵
  PID:7252
- C:\Windows\System\dvFsuIG.exe
  C:\Windows\System\dvFsuIG.exe
  2⤵
  PID:7280
- C:\Windows\System\OoMvVGz.exe
  C:\Windows\System\OoMvVGz.exe
  2⤵
  PID:7308
- C:\Windows\System\JwDrFlC.exe
  C:\Windows\System\JwDrFlC.exe
  2⤵
  PID:7336
- C:\Windows\System\hLAVzAI.exe
  C:\Windows\System\hLAVzAI.exe
  2⤵
  PID:7364
- C:\Windows\System\TtDfnte.exe
  C:\Windows\System\TtDfnte.exe
  2⤵
  PID:7392
- C:\Windows\System\iEUGarw.exe
  C:\Windows\System\iEUGarw.exe
  2⤵
  PID:7420
- C:\Windows\System\ftBsdas.exe
  C:\Windows\System\ftBsdas.exe
  2⤵
  PID:7448
- C:\Windows\System\McMWEbb.exe
  C:\Windows\System\McMWEbb.exe
  2⤵
  PID:7476
- C:\Windows\System\NLLpKpP.exe
  C:\Windows\System\NLLpKpP.exe
  2⤵
  PID:7504
- C:\Windows\System\LCUKYpv.exe
  C:\Windows\System\LCUKYpv.exe
  2⤵
  PID:7532
- C:\Windows\System\pJnAszb.exe
  C:\Windows\System\pJnAszb.exe
  2⤵
  PID:7560
- C:\Windows\System\yLKDMEr.exe
  C:\Windows\System\yLKDMEr.exe
  2⤵
  PID:7588
- C:\Windows\System\ABlnytz.exe
  C:\Windows\System\ABlnytz.exe
  2⤵
  PID:7616
- C:\Windows\System\njaXiri.exe
  C:\Windows\System\njaXiri.exe
  2⤵
  PID:7644
- C:\Windows\System\sGwsBHC.exe
  C:\Windows\System\sGwsBHC.exe
  2⤵
  PID:7672
- C:\Windows\System\cGbrfzf.exe
  C:\Windows\System\cGbrfzf.exe
  2⤵
  PID:7700
- C:\Windows\System\zJZSucf.exe
  C:\Windows\System\zJZSucf.exe
  2⤵
  PID:7728
- C:\Windows\System\FgWKulO.exe
  C:\Windows\System\FgWKulO.exe
  2⤵
  PID:7756
- C:\Windows\System\VNzEYXC.exe
  C:\Windows\System\VNzEYXC.exe
  2⤵
  PID:7780
- C:\Windows\System\WFEmaZW.exe
  C:\Windows\System\WFEmaZW.exe
  2⤵
  PID:7816
- C:\Windows\System\gkbOLrN.exe
  C:\Windows\System\gkbOLrN.exe
  2⤵
  PID:7848
- C:\Windows\System\VkdNHbQ.exe
  C:\Windows\System\VkdNHbQ.exe
  2⤵
  PID:7868
- C:\Windows\System\XkYqonB.exe
  C:\Windows\System\XkYqonB.exe
  2⤵
  PID:7896
- C:\Windows\System\paPshnk.exe
  C:\Windows\System\paPshnk.exe
  2⤵
  PID:7924
- C:\Windows\System\iYABjVE.exe
  C:\Windows\System\iYABjVE.exe
  2⤵
  PID:7952
- C:\Windows\System\KotAAIx.exe
  C:\Windows\System\KotAAIx.exe
  2⤵
  PID:7980
- C:\Windows\System\hZlKGbF.exe
  C:\Windows\System\hZlKGbF.exe
  2⤵
  PID:8008
- C:\Windows\System\SdyDcTY.exe
  C:\Windows\System\SdyDcTY.exe
  2⤵
  PID:8036
- C:\Windows\System\dHlvDQB.exe
  C:\Windows\System\dHlvDQB.exe
  2⤵
  PID:8064
- C:\Windows\System\sbOXKqv.exe
  C:\Windows\System\sbOXKqv.exe
  2⤵
  PID:8092
- C:\Windows\System\opCIIii.exe
  C:\Windows\System\opCIIii.exe
  2⤵
  PID:8120
- C:\Windows\System\NQWOOTe.exe
  C:\Windows\System\NQWOOTe.exe
  2⤵
  PID:8148
- C:\Windows\System\fjAFvBu.exe
  C:\Windows\System\fjAFvBu.exe
  2⤵
  PID:8176
- C:\Windows\System\ujCBrKJ.exe
  C:\Windows\System\ujCBrKJ.exe
  2⤵
  PID:6828
- C:\Windows\System\BSTsoor.exe
  C:\Windows\System\BSTsoor.exe
  2⤵
  PID:6964
- C:\Windows\System\SdkSChX.exe
  C:\Windows\System\SdkSChX.exe
  2⤵
  PID:7104
- C:\Windows\System\bSEISsT.exe
  C:\Windows\System\bSEISsT.exe
  2⤵
  PID:5428
- C:\Windows\System\kaYMYsn.exe
  C:\Windows\System\kaYMYsn.exe
  2⤵
  PID:6388
- C:\Windows\System\nNemhjc.exe
  C:\Windows\System\nNemhjc.exe
  2⤵
  PID:6644
- C:\Windows\System\FKwMpan.exe
  C:\Windows\System\FKwMpan.exe
  2⤵
  PID:7212
- C:\Windows\System\mFHRvbB.exe
  C:\Windows\System\mFHRvbB.exe
  2⤵
  PID:7272
- C:\Windows\System\JtLCneF.exe
  C:\Windows\System\JtLCneF.exe
  2⤵
  PID:7348
- C:\Windows\System\lNYlQSU.exe
  C:\Windows\System\lNYlQSU.exe
  2⤵
  PID:7408
- C:\Windows\System\PMjRvEk.exe
  C:\Windows\System\PMjRvEk.exe
  2⤵
  PID:2660
- C:\Windows\System\qHcJGHx.exe
  C:\Windows\System\qHcJGHx.exe
  2⤵
  PID:7520
- C:\Windows\System\PHERASf.exe
  C:\Windows\System\PHERASf.exe
  2⤵
  PID:7580
- C:\Windows\System\nNSAUyv.exe
  C:\Windows\System\nNSAUyv.exe
  2⤵
  PID:7656
- C:\Windows\System\AtJJZtT.exe
  C:\Windows\System\AtJJZtT.exe
  2⤵
  PID:7692
- C:\Windows\System\GJdkxQW.exe
  C:\Windows\System\GJdkxQW.exe
  2⤵
  PID:7748
- C:\Windows\System\sIJwPtF.exe
  C:\Windows\System\sIJwPtF.exe
  2⤵
  PID:7812
- C:\Windows\System\PEDVBCF.exe
  C:\Windows\System\PEDVBCF.exe
  2⤵
  PID:7884
- C:\Windows\System\TjsgyBX.exe
  C:\Windows\System\TjsgyBX.exe
  2⤵
  PID:7944
- C:\Windows\System\QUJJOpv.exe
  C:\Windows\System\QUJJOpv.exe
  2⤵
  PID:8020
- C:\Windows\System\YkZjFTl.exe
  C:\Windows\System\YkZjFTl.exe
  2⤵
  PID:8080
- C:\Windows\System\QPoMFNW.exe
  C:\Windows\System\QPoMFNW.exe
  2⤵
  PID:8140
- C:\Windows\System\mPYlJFr.exe
  C:\Windows\System\mPYlJFr.exe
  2⤵
  PID:6904
- C:\Windows\System\bpPbkan.exe
  C:\Windows\System\bpPbkan.exe
  2⤵
  PID:7164
- C:\Windows\System\LkzGlWx.exe
  C:\Windows\System\LkzGlWx.exe
  2⤵
  PID:6524
- C:\Windows\System\IOAflOR.exe
  C:\Windows\System\IOAflOR.exe
  2⤵
  PID:7240
- C:\Windows\System\lpQOWBw.exe
  C:\Windows\System\lpQOWBw.exe
  2⤵
  PID:464
- C:\Windows\System\APnGEOg.exe
  C:\Windows\System\APnGEOg.exe
  2⤵
  PID:7492
- C:\Windows\System\EskfZNf.exe
  C:\Windows\System\EskfZNf.exe
  2⤵
  PID:4520
- C:\Windows\System\WnPhPQu.exe
  C:\Windows\System\WnPhPQu.exe
  2⤵
  PID:7776
- C:\Windows\System\xfRPEke.exe
  C:\Windows\System\xfRPEke.exe
  2⤵
  PID:7860
- C:\Windows\System\UgCBIpp.exe
  C:\Windows\System\UgCBIpp.exe
  2⤵
  PID:7992
- C:\Windows\System\ONLYyDU.exe
  C:\Windows\System\ONLYyDU.exe
  2⤵
  PID:8212
- C:\Windows\System\NNScyXr.exe
  C:\Windows\System\NNScyXr.exe
  2⤵
  PID:8240
- C:\Windows\System\ZNOxBHl.exe
  C:\Windows\System\ZNOxBHl.exe
  2⤵
  PID:8268
- C:\Windows\System\IzpbzGy.exe
  C:\Windows\System\IzpbzGy.exe
  2⤵
  PID:8296
- C:\Windows\System\xvuvwPT.exe
  C:\Windows\System\xvuvwPT.exe
  2⤵
  PID:8324
- C:\Windows\System\YGpDCSD.exe
  C:\Windows\System\YGpDCSD.exe
  2⤵
  PID:8348
- C:\Windows\System\RVqapBS.exe
  C:\Windows\System\RVqapBS.exe
  2⤵
  PID:8380
- C:\Windows\System\MvmVlVr.exe
  C:\Windows\System\MvmVlVr.exe
  2⤵
  PID:8408
- C:\Windows\System\pXqpraN.exe
  C:\Windows\System\pXqpraN.exe
  2⤵
  PID:8436
- C:\Windows\System\SerNKcP.exe
  C:\Windows\System\SerNKcP.exe
  2⤵
  PID:8464
- C:\Windows\System\qjNMKhD.exe
  C:\Windows\System\qjNMKhD.exe
  2⤵
  PID:8492
- C:\Windows\System\vBAiQbi.exe
  C:\Windows\System\vBAiQbi.exe
  2⤵
  PID:8520
- C:\Windows\System\lXUNqbS.exe
  C:\Windows\System\lXUNqbS.exe
  2⤵
  PID:8548
- C:\Windows\System\wjxeaKn.exe
  C:\Windows\System\wjxeaKn.exe
  2⤵
  PID:8576
- C:\Windows\System\XIYlqVC.exe
  C:\Windows\System\XIYlqVC.exe
  2⤵
  PID:8604
- C:\Windows\System\KjGTORH.exe
  C:\Windows\System\KjGTORH.exe
  2⤵
  PID:8632
- C:\Windows\System\yYCBwgN.exe
  C:\Windows\System\yYCBwgN.exe
  2⤵
  PID:8660
- C:\Windows\System\bPQTgsp.exe
  C:\Windows\System\bPQTgsp.exe
  2⤵
  PID:8688
- C:\Windows\System\ZKYSswN.exe
  C:\Windows\System\ZKYSswN.exe
  2⤵
  PID:8716
- C:\Windows\System\TrWtWXP.exe
  C:\Windows\System\TrWtWXP.exe
  2⤵
  PID:8744
- C:\Windows\System\LWtUDhy.exe
  C:\Windows\System\LWtUDhy.exe
  2⤵
  PID:8772
- C:\Windows\System\vQyWJhK.exe
  C:\Windows\System\vQyWJhK.exe
  2⤵
  PID:8800
- C:\Windows\System\gwbXMts.exe
  C:\Windows\System\gwbXMts.exe
  2⤵
  PID:8828
- C:\Windows\System\jCUGNdJ.exe
  C:\Windows\System\jCUGNdJ.exe
  2⤵
  PID:8856
- C:\Windows\System\TqQfawV.exe
  C:\Windows\System\TqQfawV.exe
  2⤵
  PID:8884
- C:\Windows\System\oOudeyS.exe
  C:\Windows\System\oOudeyS.exe
  2⤵
  PID:8912
- C:\Windows\System\PLxQoTY.exe
  C:\Windows\System\PLxQoTY.exe
  2⤵
  PID:8940
- C:\Windows\System\DFfmFWD.exe
  C:\Windows\System\DFfmFWD.exe
  2⤵
  PID:8968
- C:\Windows\System\pPzXeFP.exe
  C:\Windows\System\pPzXeFP.exe
  2⤵
  PID:8996
- C:\Windows\System\eHgynKd.exe
  C:\Windows\System\eHgynKd.exe
  2⤵
  PID:9024
- C:\Windows\System\RCnuPfO.exe
  C:\Windows\System\RCnuPfO.exe
  2⤵
  PID:9052
- C:\Windows\System\RUvkqEw.exe
  C:\Windows\System\RUvkqEw.exe
  2⤵
  PID:9080
- C:\Windows\System\eBlxCiL.exe
  C:\Windows\System\eBlxCiL.exe
  2⤵
  PID:9108
- C:\Windows\System\ALfskuS.exe
  C:\Windows\System\ALfskuS.exe
  2⤵
  PID:9136
- C:\Windows\System\UZTxgLC.exe
  C:\Windows\System\UZTxgLC.exe
  2⤵
  PID:9164
- C:\Windows\System\XIPQRZy.exe
  C:\Windows\System\XIPQRZy.exe
  2⤵
  PID:9192
- C:\Windows\System\vxRuKek.exe
  C:\Windows\System\vxRuKek.exe
  2⤵
  PID:8056
- C:\Windows\System\QzkGEot.exe
  C:\Windows\System\QzkGEot.exe
  2⤵
  PID:8188
- C:\Windows\System\QHfotFg.exe
  C:\Windows\System\QHfotFg.exe
  2⤵
  PID:3120
- C:\Windows\System\TjKUImd.exe
  C:\Windows\System\TjKUImd.exe
  2⤵
  PID:2704
- C:\Windows\System\ayVaCEq.exe
  C:\Windows\System\ayVaCEq.exe
  2⤵
  PID:7608
- C:\Windows\System\njPJwpY.exe
  C:\Windows\System\njPJwpY.exe
  2⤵
  PID:3740
- C:\Windows\System\bxFjDKk.exe
  C:\Windows\System\bxFjDKk.exe
  2⤵
  PID:3260
- C:\Windows\System\WMOCBLZ.exe
  C:\Windows\System\WMOCBLZ.exe
  2⤵
  PID:8256
- C:\Windows\System\OSiSvaI.exe
  C:\Windows\System\OSiSvaI.exe
  2⤵
  PID:8308
- C:\Windows\System\skrVLYy.exe
  C:\Windows\System\skrVLYy.exe
  2⤵
  PID:8340
- C:\Windows\System\wMdRSpS.exe
  C:\Windows\System\wMdRSpS.exe
  2⤵
  PID:8396
- C:\Windows\System\NzwClil.exe
  C:\Windows\System\NzwClil.exe
  2⤵
  PID:8452
- C:\Windows\System\KSERIvU.exe
  C:\Windows\System\KSERIvU.exe
  2⤵
  PID:8512
- C:\Windows\System\wCJAUYK.exe
  C:\Windows\System\wCJAUYK.exe
  2⤵
  PID:4676
- C:\Windows\System\rCQHCQX.exe
  C:\Windows\System\rCQHCQX.exe
  2⤵
  PID:8620
- C:\Windows\System\GGuQxmf.exe
  C:\Windows\System\GGuQxmf.exe
  2⤵
  PID:8680
- C:\Windows\System\OLYDWCC.exe
  C:\Windows\System\OLYDWCC.exe
  2⤵
  PID:8736
- C:\Windows\System\wQxxvZb.exe
  C:\Windows\System\wQxxvZb.exe
  2⤵
  PID:4536
- C:\Windows\System\shaAdHe.exe
  C:\Windows\System\shaAdHe.exe
  2⤵
  PID:8848
- C:\Windows\System\pOXqgep.exe
  C:\Windows\System\pOXqgep.exe
  2⤵
  PID:8904
- C:\Windows\System\GlLgXbk.exe
  C:\Windows\System\GlLgXbk.exe
  2⤵
  PID:8960
- C:\Windows\System\nwABEzm.exe
  C:\Windows\System\nwABEzm.exe
  2⤵
  PID:9036
- C:\Windows\System\BEOUCzc.exe
  C:\Windows\System\BEOUCzc.exe
  2⤵
  PID:9072
- C:\Windows\System\jqsnXnz.exe
  C:\Windows\System\jqsnXnz.exe
  2⤵
  PID:9124
- C:\Windows\System\vvZHowI.exe
  C:\Windows\System\vvZHowI.exe
  2⤵
  PID:9184
- C:\Windows\System\iJmHggW.exe
  C:\Windows\System\iJmHggW.exe
  2⤵
  PID:2872
- C:\Windows\System\OSFJrfH.exe
  C:\Windows\System\OSFJrfH.exe
  2⤵
  PID:4404
- C:\Windows\System\SNrNUtD.exe
  C:\Windows\System\SNrNUtD.exe
  2⤵
  PID:7740
- C:\Windows\System\zptSbyy.exe
  C:\Windows\System\zptSbyy.exe
  2⤵
  PID:8232
- C:\Windows\System\muPJLWo.exe
  C:\Windows\System\muPJLWo.exe
  2⤵
  PID:8284
- C:\Windows\System\JtCjiJV.exe
  C:\Windows\System\JtCjiJV.exe
  2⤵
  PID:3236
- C:\Windows\System\nERXCYq.exe
  C:\Windows\System\nERXCYq.exe
  2⤵
  PID:1868
- C:\Windows\System\japyrFk.exe
  C:\Windows\System\japyrFk.exe
  2⤵
  PID:8544
- C:\Windows\System\tQHkhRY.exe
  C:\Windows\System\tQHkhRY.exe
  2⤵
  PID:8596
- C:\Windows\System\juHiVsd.exe
  C:\Windows\System\juHiVsd.exe
  2⤵
  PID:8932
- C:\Windows\System\DIujBMg.exe
  C:\Windows\System\DIujBMg.exe
  2⤵
  PID:9012
- C:\Windows\System\QMCMqkX.exe
  C:\Windows\System\QMCMqkX.exe
  2⤵
  PID:9100
- C:\Windows\System\VihLYmo.exe
  C:\Windows\System\VihLYmo.exe
  2⤵
  PID:3084
- C:\Windows\System\dFtHGEa.exe
  C:\Windows\System\dFtHGEa.exe
  2⤵
  PID:7436
- C:\Windows\System\ngGlmjD.exe
  C:\Windows\System\ngGlmjD.exe
  2⤵
  PID:3812
- C:\Windows\System\ZIWZHfF.exe
  C:\Windows\System\ZIWZHfF.exe
  2⤵
  PID:4904
- C:\Windows\System\gJSyMIH.exe
  C:\Windows\System\gJSyMIH.exe
  2⤵
  PID:2528
- C:\Windows\System\UpHvJRt.exe
  C:\Windows\System\UpHvJRt.exe
  2⤵
  PID:5032
- C:\Windows\System\WRsWrxZ.exe
  C:\Windows\System\WRsWrxZ.exe
  2⤵
  PID:60
- C:\Windows\System\tIIpONs.exe
  C:\Windows\System\tIIpONs.exe
  2⤵
  PID:2368
- C:\Windows\System\jcGjTWs.exe
  C:\Windows\System\jcGjTWs.exe
  2⤵
  PID:1580
- C:\Windows\System\yHUkSDa.exe
  C:\Windows\System\yHUkSDa.exe
  2⤵
  PID:8200
- C:\Windows\System\IwkXsUi.exe
  C:\Windows\System\IwkXsUi.exe
  2⤵
  PID:816
- C:\Windows\System\hkCZyNZ.exe
  C:\Windows\System\hkCZyNZ.exe
  2⤵
  PID:1824
- C:\Windows\System\DtaFQVC.exe
  C:\Windows\System\DtaFQVC.exe
  2⤵
  PID:6960
- C:\Windows\System\tNFfHIu.exe
  C:\Windows\System\tNFfHIu.exe
  2⤵
  PID:8784
- C:\Windows\System\nNZMcFM.exe
  C:\Windows\System\nNZMcFM.exe
  2⤵
  PID:1032
- C:\Windows\System\RfBtoey.exe
  C:\Windows\System\RfBtoey.exe
  2⤵
  PID:9220
- C:\Windows\System\MRNluCf.exe
  C:\Windows\System\MRNluCf.exe
  2⤵
  PID:9236
- C:\Windows\System\PaKHlmw.exe
  C:\Windows\System\PaKHlmw.exe
  2⤵
  PID:9276
- C:\Windows\System\LaMRvuP.exe
  C:\Windows\System\LaMRvuP.exe
  2⤵
  PID:9292
- C:\Windows\System\axoGkXm.exe
  C:\Windows\System\axoGkXm.exe
  2⤵
  PID:9320
- C:\Windows\System\vzLjjlb.exe
  C:\Windows\System\vzLjjlb.exe
  2⤵
  PID:9344
- C:\Windows\System\vSXOcpP.exe
  C:\Windows\System\vSXOcpP.exe
  2⤵
  PID:9364
- C:\Windows\System\vmvsrmJ.exe
  C:\Windows\System\vmvsrmJ.exe
  2⤵
  PID:9408
- C:\Windows\System\YzKowLm.exe
  C:\Windows\System\YzKowLm.exe
  2⤵
  PID:9436
- C:\Windows\System\oPCZtKp.exe
  C:\Windows\System\oPCZtKp.exe
  2⤵
  PID:9472
- C:\Windows\System\yzOGHpK.exe
  C:\Windows\System\yzOGHpK.exe
  2⤵
  PID:9504
- C:\Windows\System\cccDxkM.exe
  C:\Windows\System\cccDxkM.exe
  2⤵
  PID:9524
- C:\Windows\System\xWOXmqp.exe
  C:\Windows\System\xWOXmqp.exe
  2⤵
  PID:9560
- C:\Windows\System\tlQMItO.exe
  C:\Windows\System\tlQMItO.exe
  2⤵
  PID:9588
- C:\Windows\System\iSKZltW.exe
  C:\Windows\System\iSKZltW.exe
  2⤵
  PID:9616
- C:\Windows\System\zzChgBU.exe
  C:\Windows\System\zzChgBU.exe
  2⤵
  PID:9644
- C:\Windows\System\kefdVvn.exe
  C:\Windows\System\kefdVvn.exe
  2⤵
  PID:9660
- C:\Windows\System\KxpgYaR.exe
  C:\Windows\System\KxpgYaR.exe
  2⤵
  PID:9688
- C:\Windows\System\evzsrTR.exe
  C:\Windows\System\evzsrTR.exe
  2⤵
  PID:9728
- C:\Windows\System\XIgHdxq.exe
  C:\Windows\System\XIgHdxq.exe
  2⤵
  PID:9744
- C:\Windows\System\ERllHZp.exe
  C:\Windows\System\ERllHZp.exe
  2⤵
  PID:9760
- C:\Windows\System\aoARIWT.exe
  C:\Windows\System\aoARIWT.exe
  2⤵
  PID:9812
- C:\Windows\System\WKnZeTO.exe
  C:\Windows\System\WKnZeTO.exe
  2⤵
  PID:9828
- C:\Windows\System\QmtqEkj.exe
  C:\Windows\System\QmtqEkj.exe
  2⤵
  PID:9868
- C:\Windows\System\CvSXYqL.exe
  C:\Windows\System\CvSXYqL.exe
  2⤵
  PID:9896
- C:\Windows\System\HiRAPnP.exe
  C:\Windows\System\HiRAPnP.exe
  2⤵
  PID:9924
- C:\Windows\System\LGYxQid.exe
  C:\Windows\System\LGYxQid.exe
  2⤵
  PID:9940
- C:\Windows\System\SQlLHTw.exe
  C:\Windows\System\SQlLHTw.exe
  2⤵
  PID:9968
- C:\Windows\System\TCvpFgB.exe
  C:\Windows\System\TCvpFgB.exe
  2⤵
  PID:10012
- C:\Windows\System\kBPNDbi.exe
  C:\Windows\System\kBPNDbi.exe
  2⤵
  PID:10040
- C:\Windows\System\vtOEvPq.exe
  C:\Windows\System\vtOEvPq.exe
  2⤵
  PID:10056
- C:\Windows\System\ccsQeKe.exe
  C:\Windows\System\ccsQeKe.exe
  2⤵
  PID:10088
- C:\Windows\System\DauPRdj.exe
  C:\Windows\System\DauPRdj.exe
  2⤵
  PID:10116
- C:\Windows\System\Ymyqtqs.exe
  C:\Windows\System\Ymyqtqs.exe
  2⤵
  PID:10140
- C:\Windows\System\VwZssIH.exe
  C:\Windows\System\VwZssIH.exe
  2⤵
  PID:10180
- C:\Windows\System\zccIrOL.exe
  C:\Windows\System\zccIrOL.exe
  2⤵
  PID:10208
- C:\Windows\System\yfXURmZ.exe
  C:\Windows\System\yfXURmZ.exe
  2⤵
  PID:10236
- C:\Windows\System\ZvEDgmE.exe
  C:\Windows\System\ZvEDgmE.exe
  2⤵
  PID:9268
- C:\Windows\System\NFAoaDo.exe
  C:\Windows\System\NFAoaDo.exe
  2⤵
  PID:9312
- C:\Windows\System\MYGiGZj.exe
  C:\Windows\System\MYGiGZj.exe
  2⤵
  PID:9376
- C:\Windows\System\qMisyNl.exe
  C:\Windows\System\qMisyNl.exe
  2⤵
  PID:9484
- C:\Windows\System\NxzJTuq.exe
  C:\Windows\System\NxzJTuq.exe
  2⤵
  PID:9520
- C:\Windows\System\NtleIKP.exe
  C:\Windows\System\NtleIKP.exe
  2⤵
  PID:9584
- C:\Windows\System\XMYWNTs.exe
  C:\Windows\System\XMYWNTs.exe
  2⤵
  PID:9628
- C:\Windows\System\VvgcHrL.exe
  C:\Windows\System\VvgcHrL.exe
  2⤵
  PID:9712
- C:\Windows\System\NqEDyXc.exe
  C:\Windows\System\NqEDyXc.exe
  2⤵
  PID:9792
- C:\Windows\System\XFXrQBt.exe
  C:\Windows\System\XFXrQBt.exe
  2⤵
  PID:9840
- C:\Windows\System\NmyPrOx.exe
  C:\Windows\System\NmyPrOx.exe
  2⤵
  PID:9912
- C:\Windows\System\WDswpsn.exe
  C:\Windows\System\WDswpsn.exe
  2⤵
  PID:9952
- C:\Windows\System\KxOhulB.exe
  C:\Windows\System\KxOhulB.exe
  2⤵
  PID:10004
- C:\Windows\System\cwqwLnH.exe
  C:\Windows\System\cwqwLnH.exe
  2⤵
  PID:10072
- C:\Windows\System\GGzYnLc.exe
  C:\Windows\System\GGzYnLc.exe
  2⤵
  PID:10132
- C:\Windows\System\SamDehv.exe
  C:\Windows\System\SamDehv.exe
  2⤵
  PID:10204
- C:\Windows\System\PAJocOB.exe
  C:\Windows\System\PAJocOB.exe
  2⤵
  PID:9288
- C:\Windows\System\DVVSnVN.exe
  C:\Windows\System\DVVSnVN.exe
  2⤵
  PID:9448
- C:\Windows\System\ouGHLgO.exe
  C:\Windows\System\ouGHLgO.exe
  2⤵
  PID:9580
- C:\Windows\System\NXuRIzc.exe
  C:\Windows\System\NXuRIzc.exe
  2⤵
  PID:9736
- C:\Windows\System\kkgnCKg.exe
  C:\Windows\System\kkgnCKg.exe
  2⤵
  PID:9820
- C:\Windows\System\EWdQbRq.exe
  C:\Windows\System\EWdQbRq.exe
  2⤵
  PID:10048
- C:\Windows\System\DREaOTx.exe
  C:\Windows\System\DREaOTx.exe
  2⤵
  PID:10200
- C:\Windows\System\eAzsaZE.exe
  C:\Windows\System\eAzsaZE.exe
  2⤵
  PID:9360
- C:\Windows\System\fEaScxQ.exe
  C:\Windows\System\fEaScxQ.exe
  2⤵
  PID:9788
- C:\Windows\System\HZzOSsk.exe
  C:\Windows\System\HZzOSsk.exe
  2⤵
  PID:10124
- C:\Windows\System\LqOFsUG.exe
  C:\Windows\System\LqOFsUG.exe
  2⤵
  PID:10108
- C:\Windows\System\djKcqpP.exe
  C:\Windows\System\djKcqpP.exe
  2⤵
  PID:10244
- C:\Windows\System\aQaVeky.exe
  C:\Windows\System\aQaVeky.exe
  2⤵
  PID:10264
- C:\Windows\System\DizHExl.exe
  C:\Windows\System\DizHExl.exe
  2⤵
  PID:10288
- C:\Windows\System\IJvsAvT.exe
  C:\Windows\System\IJvsAvT.exe
  2⤵
  PID:10320
- C:\Windows\System\nDyKPMY.exe
  C:\Windows\System\nDyKPMY.exe
  2⤵
  PID:10356
- C:\Windows\System\ENySVrT.exe
  C:\Windows\System\ENySVrT.exe
  2⤵
  PID:10388
- C:\Windows\System\jShmQzR.exe
  C:\Windows\System\jShmQzR.exe
  2⤵
  PID:10416
- C:\Windows\System\ROUnGXN.exe
  C:\Windows\System\ROUnGXN.exe
  2⤵
  PID:10444
- C:\Windows\System\snWQOpx.exe
  C:\Windows\System\snWQOpx.exe
  2⤵
  PID:10476
- C:\Windows\System\yKfmBrO.exe
  C:\Windows\System\yKfmBrO.exe
  2⤵
  PID:10492
- C:\Windows\System\XnHhIVq.exe
  C:\Windows\System\XnHhIVq.exe
  2⤵
  PID:10532
- C:\Windows\System\vPELIQA.exe
  C:\Windows\System\vPELIQA.exe
  2⤵
  PID:10548
- C:\Windows\System\nXfmXVs.exe
  C:\Windows\System\nXfmXVs.exe
  2⤵
  PID:10584
- C:\Windows\System\dAMoVdB.exe
  C:\Windows\System\dAMoVdB.exe
  2⤵
  PID:10616
- C:\Windows\System\ltfpEew.exe
  C:\Windows\System\ltfpEew.exe
  2⤵
  PID:10632
- C:\Windows\System\XPGspjC.exe
  C:\Windows\System\XPGspjC.exe
  2⤵
  PID:10672
- C:\Windows\System\UtmZrnY.exe
  C:\Windows\System\UtmZrnY.exe
  2⤵
  PID:10692
- C:\Windows\System\caRQQnf.exe
  C:\Windows\System\caRQQnf.exe
  2⤵
  PID:10724
- C:\Windows\System\AnOqiQS.exe
  C:\Windows\System\AnOqiQS.exe
  2⤵
  PID:10744
- C:\Windows\System\WYbQIof.exe
  C:\Windows\System\WYbQIof.exe
  2⤵
  PID:10776
- C:\Windows\System\zOsjBXM.exe
  C:\Windows\System\zOsjBXM.exe
  2⤵
  PID:10800
- C:\Windows\System\rSDSnLm.exe
  C:\Windows\System\rSDSnLm.exe
  2⤵
  PID:10840
- C:\Windows\System\JwsBTmX.exe
  C:\Windows\System\JwsBTmX.exe
  2⤵
  PID:10868
- C:\Windows\System\bflZIkX.exe
  C:\Windows\System\bflZIkX.exe
  2⤵
  PID:10884
- C:\Windows\System\nzrJgHI.exe
  C:\Windows\System\nzrJgHI.exe
  2⤵
  PID:10924
- C:\Windows\System\DiskOXG.exe
  C:\Windows\System\DiskOXG.exe
  2⤵
  PID:10952
- C:\Windows\System\qYyoPkW.exe
  C:\Windows\System\qYyoPkW.exe
  2⤵
  PID:10980
- C:\Windows\System\jkfuZie.exe
  C:\Windows\System\jkfuZie.exe
  2⤵
  PID:11008
- C:\Windows\System\gjTGqpi.exe
  C:\Windows\System\gjTGqpi.exe
  2⤵
  PID:11040
- C:\Windows\System\HQdfMRg.exe
  C:\Windows\System\HQdfMRg.exe
  2⤵
  PID:11060
- C:\Windows\System\hlkXSTj.exe
  C:\Windows\System\hlkXSTj.exe
  2⤵
  PID:11096
- C:\Windows\System\lDKvGAV.exe
  C:\Windows\System\lDKvGAV.exe
  2⤵
  PID:11120
- C:\Windows\System\KOUpWJC.exe
  C:\Windows\System\KOUpWJC.exe
  2⤵
  PID:11140
- C:\Windows\System\zqvkziX.exe
  C:\Windows\System\zqvkziX.exe
  2⤵
  PID:11168
- C:\Windows\System\pIAOkcY.exe
  C:\Windows\System\pIAOkcY.exe
  2⤵
  PID:11208
- C:\Windows\System\GimpStf.exe
  C:\Windows\System\GimpStf.exe
  2⤵
  PID:11228
- C:\Windows\System\AsKYrfr.exe
  C:\Windows\System\AsKYrfr.exe
  2⤵
  PID:1812
- C:\Windows\System\UjsoNIi.exe
  C:\Windows\System\UjsoNIi.exe
  2⤵
  PID:10300
- C:\Windows\System\qGGOcRh.exe
  C:\Windows\System\qGGOcRh.exe
  2⤵
  PID:10384
- C:\Windows\System\ekBOhPW.exe
  C:\Windows\System\ekBOhPW.exe
  2⤵
  PID:10436
- C:\Windows\System\GmFqmCl.exe
  C:\Windows\System\GmFqmCl.exe
  2⤵
  PID:10524
- C:\Windows\System\OweiqEA.exe
  C:\Windows\System\OweiqEA.exe
  2⤵
  PID:10564
- C:\Windows\System\EbOcQuP.exe
  C:\Windows\System\EbOcQuP.exe
  2⤵
  PID:10624
- C:\Windows\System\pLeqgnZ.exe
  C:\Windows\System\pLeqgnZ.exe
  2⤵
  PID:10668
- C:\Windows\System\PhwAdEa.exe
  C:\Windows\System\PhwAdEa.exe
  2⤵
  PID:10716
- C:\Windows\System\invwlpe.exe
  C:\Windows\System\invwlpe.exe
  2⤵
  PID:10760
- C:\Windows\System\lLpsIbO.exe
  C:\Windows\System\lLpsIbO.exe
  2⤵
  PID:10900
- C:\Windows\System\qGGNvrw.exe
  C:\Windows\System\qGGNvrw.exe
  2⤵
  PID:10940
- C:\Windows\System\ByxwjUr.exe
  C:\Windows\System\ByxwjUr.exe
  2⤵
  PID:10996
- C:\Windows\System\MPeqcVu.exe
  C:\Windows\System\MPeqcVu.exe
  2⤵
  PID:11068
- C:\Windows\System\rcvYTVn.exe
  C:\Windows\System\rcvYTVn.exe
  2⤵
  PID:11152
- C:\Windows\System\ZjiLYpx.exe
  C:\Windows\System\ZjiLYpx.exe
  2⤵
  PID:11216
- C:\Windows\System\ilJTPjw.exe
  C:\Windows\System\ilJTPjw.exe
  2⤵
  PID:4912
- C:\Windows\System\OvvpJWq.exe
  C:\Windows\System\OvvpJWq.exe
  2⤵
  PID:10344
- C:\Windows\System\XMVURja.exe
  C:\Windows\System\XMVURja.exe
  2⤵
  PID:10456
- C:\Windows\System\nTqGjSK.exe
  C:\Windows\System\nTqGjSK.exe
  2⤵
  PID:10608
- C:\Windows\System\PdRZOaN.exe
  C:\Windows\System\PdRZOaN.exe
  2⤵
  PID:10768
- C:\Windows\System\vwQHVmN.exe
  C:\Windows\System\vwQHVmN.exe
  2⤵
  PID:10876
- C:\Windows\System\xyXLFeM.exe
  C:\Windows\System\xyXLFeM.exe
  2⤵
  PID:11104
- C:\Windows\System\bZcNsul.exe
  C:\Windows\System\bZcNsul.exe
  2⤵
  PID:11224
- C:\Windows\System\zatxHoJ.exe
  C:\Windows\System\zatxHoJ.exe
  2⤵
  PID:9532
- C:\Windows\System\mPqBCBp.exe
  C:\Windows\System\mPqBCBp.exe
  2⤵
  PID:10684
- C:\Windows\System\fQCWYdb.exe
  C:\Windows\System\fQCWYdb.exe
  2⤵
  PID:10976
- C:\Windows\System\bjQjiun.exe
  C:\Windows\System\bjQjiun.exe
  2⤵
  PID:9388
- C:\Windows\System\uvcHnNt.exe
  C:\Windows\System\uvcHnNt.exe
  2⤵
  PID:10816
- C:\Windows\System\tPPoJyt.exe
  C:\Windows\System\tPPoJyt.exe
  2⤵
  PID:788
- C:\Windows\System\WjAyJTK.exe
  C:\Windows\System\WjAyJTK.exe
  2⤵
  PID:11284
- C:\Windows\System\YwZThlE.exe
  C:\Windows\System\YwZThlE.exe
  2⤵
  PID:11300
- C:\Windows\System\naBJQRE.exe
  C:\Windows\System\naBJQRE.exe
  2⤵
  PID:11328
- C:\Windows\System\BjCjRlR.exe
  C:\Windows\System\BjCjRlR.exe
  2⤵
  PID:11356
- C:\Windows\System\ddSrIvj.exe
  C:\Windows\System\ddSrIvj.exe
  2⤵
  PID:11396
- C:\Windows\System\KWxMiXP.exe
  C:\Windows\System\KWxMiXP.exe
  2⤵
  PID:11412
- C:\Windows\System\BXcIHgR.exe
  C:\Windows\System\BXcIHgR.exe
  2⤵
  PID:11464
- C:\Windows\System\lcrbYVm.exe
  C:\Windows\System\lcrbYVm.exe
  2⤵
  PID:11480
- C:\Windows\System\AnzGbdc.exe
  C:\Windows\System\AnzGbdc.exe
  2⤵
  PID:11508
- C:\Windows\System\kaPPito.exe
  C:\Windows\System\kaPPito.exe
  2⤵
  PID:11548
- C:\Windows\System\dVGbawm.exe
  C:\Windows\System\dVGbawm.exe
  2⤵
  PID:11564
- C:\Windows\System\ZZpnUkH.exe
  C:\Windows\System\ZZpnUkH.exe
  2⤵
  PID:11604
- C:\Windows\System\hriyXYb.exe
  C:\Windows\System\hriyXYb.exe
  2⤵
  PID:11632
- C:\Windows\System\DRHFLXP.exe
  C:\Windows\System\DRHFLXP.exe
  2⤵
  PID:11660
- C:\Windows\System\KrFthQW.exe
  C:\Windows\System\KrFthQW.exe
  2⤵
  PID:11676
- C:\Windows\System\umMgLiZ.exe
  C:\Windows\System\umMgLiZ.exe
  2⤵
  PID:11716
- C:\Windows\System\HXeuKXB.exe
  C:\Windows\System\HXeuKXB.exe
  2⤵
  PID:11744
- C:\Windows\System\zLShThB.exe
  C:\Windows\System\zLShThB.exe
  2⤵
  PID:11760
- C:\Windows\System\EAAmUMW.exe
  C:\Windows\System\EAAmUMW.exe
  2⤵
  PID:11796
- C:\Windows\System\fwKBXHl.exe
  C:\Windows\System\fwKBXHl.exe
  2⤵
  PID:11816
- C:\Windows\System\esEOCWQ.exe
  C:\Windows\System\esEOCWQ.exe
  2⤵
  PID:11856
- C:\Windows\System\NFrZJce.exe
  C:\Windows\System\NFrZJce.exe
  2⤵
  PID:11884
- C:\Windows\System\VvqjPcp.exe
  C:\Windows\System\VvqjPcp.exe
  2⤵
  PID:11908
- C:\Windows\System\NZJYlEF.exe
  C:\Windows\System\NZJYlEF.exe
  2⤵
  PID:11940
- C:\Windows\System\xycVAka.exe
  C:\Windows\System\xycVAka.exe
  2⤵
  PID:11968
- C:\Windows\System\aXXFyCA.exe
  C:\Windows\System\aXXFyCA.exe
  2⤵
  PID:11988
- C:\Windows\System\pZbsoxX.exe
  C:\Windows\System\pZbsoxX.exe
  2⤵
  PID:12024
- C:\Windows\System\ewATKNA.exe
  C:\Windows\System\ewATKNA.exe
  2⤵
  PID:12052
- C:\Windows\System\YAtPgMY.exe
  C:\Windows\System\YAtPgMY.exe
  2⤵
  PID:12080
- C:\Windows\System\PjsFnFX.exe
  C:\Windows\System\PjsFnFX.exe
  2⤵
  PID:12108
- C:\Windows\System\itQobND.exe
  C:\Windows\System\itQobND.exe
  2⤵
  PID:12140
- C:\Windows\System\biKOwLK.exe
  C:\Windows\System\biKOwLK.exe
  2⤵
  PID:12180
- C:\Windows\System\EyQWCgT.exe
  C:\Windows\System\EyQWCgT.exe
  2⤵
  PID:12196
- C:\Windows\System\GOPKlqw.exe
  C:\Windows\System\GOPKlqw.exe
  2⤵
  PID:12224
- C:\Windows\System\uetOLTp.exe
  C:\Windows\System\uetOLTp.exe
  2⤵
  PID:12240
- C:\Windows\System\DAIAHlW.exe
  C:\Windows\System\DAIAHlW.exe
  2⤵
  PID:12280
- C:\Windows\System\seqVdno.exe
  C:\Windows\System\seqVdno.exe
  2⤵
  PID:11272
- C:\Windows\System\DVwoOFA.exe
  C:\Windows\System\DVwoOFA.exe
  2⤵
  PID:11344
- C:\Windows\System\AvjINsp.exe
  C:\Windows\System\AvjINsp.exe
  2⤵
  PID:11432
- C:\Windows\System\MKHjGGz.exe
  C:\Windows\System\MKHjGGz.exe
  2⤵
  PID:11504
- C:\Windows\System\HKvEJuX.exe
  C:\Windows\System\HKvEJuX.exe
  2⤵
  PID:11588
- C:\Windows\System\txKSKwE.exe
  C:\Windows\System\txKSKwE.exe
  2⤵
  PID:11624
- C:\Windows\System\FgMClsj.exe
  C:\Windows\System\FgMClsj.exe
  2⤵
  PID:11708
- C:\Windows\System\ZcasJFX.exe
  C:\Windows\System\ZcasJFX.exe
  2⤵
  PID:11772
- C:\Windows\System\MVSRvBT.exe
  C:\Windows\System\MVSRvBT.exe
  2⤵
  PID:11812
- C:\Windows\System\EmwFBny.exe
  C:\Windows\System\EmwFBny.exe
  2⤵
  PID:11880
- C:\Windows\System\VcpcVmf.exe
  C:\Windows\System\VcpcVmf.exe
  2⤵
  PID:11936
- C:\Windows\System\nZQYZfB.exe
  C:\Windows\System\nZQYZfB.exe
  2⤵
  PID:12036
- C:\Windows\System\hFVBTKp.exe
  C:\Windows\System\hFVBTKp.exe
  2⤵
  PID:12096
- C:\Windows\System\LfzLZIX.exe
  C:\Windows\System\LfzLZIX.exe
  2⤵
  PID:12160
- C:\Windows\System\CyeOBMr.exe
  C:\Windows\System\CyeOBMr.exe
  2⤵
  PID:1488
- C:\Windows\System\oEHjYqK.exe
  C:\Windows\System\oEHjYqK.exe
  2⤵
  PID:12208
- C:\Windows\System\IaQHDhk.exe
  C:\Windows\System\IaQHDhk.exe
  2⤵
  PID:12252
- C:\Windows\System\NBNUaDg.exe
  C:\Windows\System\NBNUaDg.exe
  2⤵
  PID:11372
- C:\Windows\System\GKgtzqy.exe
  C:\Windows\System\GKgtzqy.exe
  2⤵
  PID:11560
- C:\Windows\System\sybLXQq.exe
  C:\Windows\System\sybLXQq.exe
  2⤵
  PID:11736
- C:\Windows\System\SnRwRqB.exe
  C:\Windows\System\SnRwRqB.exe
  2⤵
  PID:11916
- C:\Windows\System\dbxsFTa.exe
  C:\Windows\System\dbxsFTa.exe
  2⤵
  PID:11960
- C:\Windows\System\XEIdGGw.exe
  C:\Windows\System\XEIdGGw.exe
  2⤵
  PID:12164
- C:\Windows\System\IPPWJTF.exe
  C:\Windows\System\IPPWJTF.exe
  2⤵
  PID:12236
- C:\Windows\System\hzdKGTe.exe
  C:\Windows\System\hzdKGTe.exe
  2⤵
  PID:11460
- C:\Windows\System\uyTcubu.exe
  C:\Windows\System\uyTcubu.exe
  2⤵
  PID:11672
- C:\Windows\System\ZyyGgGU.exe
  C:\Windows\System\ZyyGgGU.exe
  2⤵
  PID:12188
- C:\Windows\System\aEGUUmM.exe
  C:\Windows\System\aEGUUmM.exe
  2⤵
  PID:11932
- C:\Windows\System\BaiDnsB.exe
  C:\Windows\System\BaiDnsB.exe
  2⤵
  PID:11688
- C:\Windows\System\AGBfpMt.exe
  C:\Windows\System\AGBfpMt.exe
  2⤵
  PID:12308
- C:\Windows\System\qbFmDsa.exe
  C:\Windows\System\qbFmDsa.exe
  2⤵
  PID:12324
- C:\Windows\System\lOXietP.exe
  C:\Windows\System\lOXietP.exe
  2⤵
  PID:12364
- C:\Windows\System\kDCAIYZ.exe
  C:\Windows\System\kDCAIYZ.exe
  2⤵
  PID:12392
- C:\Windows\System\XgnHMuA.exe
  C:\Windows\System\XgnHMuA.exe
  2⤵
  PID:12412
- C:\Windows\System\ICBtQFN.exe
  C:\Windows\System\ICBtQFN.exe
  2⤵
  PID:12436
- C:\Windows\System\adJgbQk.exe
  C:\Windows\System\adJgbQk.exe
  2⤵
  PID:12464
- C:\Windows\System\pUZJbIk.exe
  C:\Windows\System\pUZJbIk.exe
  2⤵
  PID:12488
- C:\Windows\System\CfJfEeF.exe
  C:\Windows\System\CfJfEeF.exe
  2⤵
  PID:12524
- C:\Windows\System\OhoezGG.exe
  C:\Windows\System\OhoezGG.exe
  2⤵
  PID:12548
- C:\Windows\System\pPqfRaf.exe
  C:\Windows\System\pPqfRaf.exe
  2⤵
  PID:12584
- C:\Windows\System\TUUrizu.exe
  C:\Windows\System\TUUrizu.exe
  2⤵
  PID:12612
- C:\Windows\System\GUJtwbm.exe
  C:\Windows\System\GUJtwbm.exe
  2⤵
  PID:12636
- C:\Windows\System\WVitbul.exe
  C:\Windows\System\WVitbul.exe
  2⤵
  PID:12652
- C:\Windows\System\XJubWOP.exe
  C:\Windows\System\XJubWOP.exe
  2⤵
  PID:12728
- C:\Windows\System\NZShDKj.exe
  C:\Windows\System\NZShDKj.exe
  2⤵
  PID:12756
- C:\Windows\System\tYrTdyE.exe
  C:\Windows\System\tYrTdyE.exe
  2⤵
  PID:12784
- C:\Windows\System\SXxfNpO.exe
  C:\Windows\System\SXxfNpO.exe
  2⤵
  PID:12828
- C:\Windows\System\cQFfgCW.exe
  C:\Windows\System\cQFfgCW.exe
  2⤵
  PID:12856
- C:\Windows\System\FAyzeXG.exe
  C:\Windows\System\FAyzeXG.exe
  2⤵
  PID:12884
- C:\Windows\System\rnRzwbA.exe
  C:\Windows\System\rnRzwbA.exe
  2⤵
  PID:12908
- C:\Windows\System\GdARWTi.exe
  C:\Windows\System\GdARWTi.exe
  2⤵
  PID:12940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_k5zl14jd.51c.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BhZqRen.exe

Filesize
3.2MB

MD5
796740c422084c00cf7f8ee2464204c7

SHA1
1c79aff3515f31cbb0eb4f7152374ed7fe75a17b

SHA256
e113064ed9c4dd9ca0d88b9c7dc8f499b22c3fb2951d8f663bf3744d3f8281be

SHA512
1b0e41ca7acc6f41be50b42d1d3ba4edf40c30a7b83d785a3b26a84e46aff7b61d62bf4303d2f638f4c1966184600d3b1e054691cb1da95442a149ed0472c547

Download Submit
C:\Windows\System\CaYudNw.exe

Filesize
3.2MB

MD5
42614fe69994aa9022f1e3e34f326db0

SHA1
d55c687da3172b1091deb5b08972a0f8aba3cd0f

SHA256
4a5b61873b134b7ea6eecf516ca2e3e99e696f1b0f8813264899e2a7af41b12c

SHA512
8235210f889f03bc8bc4bcdea074346062f394ac005ad5da12c278657efb65861cd522fb33e35ee7924ae501ecc376fdaf824be60032c7b124b63999c946b53f

Download Submit
C:\Windows\System\FLTUqZb.exe

Filesize
3.2MB

MD5
839a71b277d018aa7cb2a4bec708141d

SHA1
e1b5121f18a23159189314e330b7b0cb1e85d6d4

SHA256
c37edd6d3e83cf95135505e9729f4876d74d6b591d9ba241794071f2fe10454a

SHA512
3a4582bc4d0baea25fd50d832e9fec5f4ae7148fe5829876ede50345bc1414579b106fbd232d00c50352898987c5e28a41fb8f47b9feb866e05aed9e325af5cb

Download Submit
C:\Windows\System\HMgNBHv.exe

Filesize
3.2MB

MD5
740814e0454114412fa026fb5b2820e2

SHA1
999fa03eb7431b470a4f21807bae56796088e687

SHA256
a5c038697e7f7a61224c80a9db33a2dbde1cddcf0b6759afd6d8ce571de2ba94

SHA512
0e8af5d54a140cefbf0a4655defe57a8a268fc54da32b2d547c7b793abe17201628fa89d2518297060a5c8efe8729501546b030c6ae2f177d04606a08369dfbb

Download Submit
C:\Windows\System\IbLRDwZ.exe

Filesize
3.2MB

MD5
22ce15e82150171688b44ef82c53ee44

SHA1
610768c431ae85b82fa5c7d510efc1f7dfa1483f

SHA256
87119766ec2f322127bfd7f832d53a595a10154bb4141a49615fa307249e489f

SHA512
2d133acbe03c3d9fa442dada1534f3451695f5aa6025bbd3e7970cc6ea43de09c3b081f23ff25822a79c02bbcb4ce205d5b401adc56776168cc45167e92c6c61

Download Submit
C:\Windows\System\JarzWFI.exe

Filesize
3.2MB

MD5
464792b5f8754c3e798e03e91fd4b552

SHA1
b460b00545e67ea344df66de2d19f2770165166a

SHA256
b929453e6b5e095e23bbb0db588ab36abf75ce655d5b67561de725ed7aec2de3

SHA512
c28dbacb12a4d840aac085b6a53c076a6ec9b33d61b420fadad283c42b9ad796caa50c158d519396f4a269200e96cf0c121770ce5a0e019c08f5f40852f17de7

Download Submit
C:\Windows\System\NNiLhVp.exe

Filesize
3.2MB

MD5
639a18982aac49dac7ed300c97a96d25

SHA1
85a711014b8a878ee264b38e50a69528f0ed5a52

SHA256
5c852abb15b102d838a05ad554fa235e4eb27a41c8da51834cf8623d0457b8da

SHA512
08ae1e8abf6904b33e641d378fc4c27a1046116c97746139968ab8c73f804c9dbe8d7f7280f42632efaa3ac81575fe005cdd639e1726747372745bb76f889fee

Download Submit
C:\Windows\System\NSEuMNn.exe

Filesize
3.2MB

MD5
10fbcc0f4ef5d9b8e122029fd5398f9a

SHA1
9579cf9b7871f347cbdede6f5fb312fd0ef0eff5

SHA256
c2448537c757113f638e756bd10d70706f76ec1d8bbc7be622c4c473a76a2dfd

SHA512
506c29eeee2e0fa87d7dc9eb28c3cd54fcbce841ad4c1943f159b3a5d3286f25b5736372688d6511b9a53a024280596ffc3a5c6977fe8960258c529b22a34419

Download Submit
C:\Windows\System\QVWrfdK.exe

Filesize
3.2MB

MD5
99492f455fdeb69b48fb9b13b03a330b

SHA1
24005fb6c9ed88eb69f620583e4b5067694df27c

SHA256
e2e77456fd424420ace550040c58745592aad13bf54f1cf0e895839924ba97a2

SHA512
82ec3883118def464c6189483777000c8630a408136103e915d0048c8bcf7d9c8179dd0f188bac81d0d41e10bd6482666bea9b5b7405be90b7131854f641f7b5

Download Submit
C:\Windows\System\UPPOdCQ.exe

Filesize
3.2MB

MD5
fc29bfc8b595212bc3f8d59768f021b3

SHA1
36af9f57022be83423e63d32b6ce7ec0232f6bac

SHA256
9b49223c9dbb695ead63724b86a0b462a0f233d1a56f5fedecbcc742f8ac39ad

SHA512
4f9c62197c921362525b40ce68acbc07a0a85ebacb68ffc1215fb9db2b7ed0f561be0414b387371296f923b959d2de1053d330a4432c02e214b2936844639dfe

Download Submit
C:\Windows\System\WCFgAMb.exe

Filesize
3.2MB

MD5
e092558ed271074252a2384327b0ff3b

SHA1
d912c534fe3d2a3c426b9e25aabd4b6686f63eb9

SHA256
00989213851bc90a1751692827f2d4ebe81d20e3d718bc0eb18d4f92c65238f0

SHA512
3baec3237747ddc0506c4e87ac8dc65ef3c4fdc002974af196171741d330bd72a869b61cc6ddd1782cbd42ca77ef15c8ece7372b8d581e4e682ebdc0f08d57cc

Download Submit
C:\Windows\System\WPuFVte.exe

Filesize
3.2MB

MD5
d6f1b0b048c6b2d16a144798b2ca89dc

SHA1
45c2048181e9ba85436ea6308f2892a998743012

SHA256
cb024f1bdcd5b5f8d25b71fee881dc6ed0e8423deeebe307a6f479db4d01a341

SHA512
1bed7d4746922ae9aca229fedbdc03d23eb39990e9d1b346d8fe1f3f9ed6fabaf5c977d772bbd69437d2be874b3241a9169f9ed640ec196966cf35e4d9957e2e

Download Submit
C:\Windows\System\YtIAgKf.exe

Filesize
3.2MB

MD5
69a2863175873da5aeed9dc772763667

SHA1
7b609b5c679dab3688b8185794b2800d14ca99e4

SHA256
1a32a23fb3b8d1f14f142f2d5b6e005a8f66575c0946e5b5e6124395035f1644

SHA512
85ec8c4d5877837a034f829927ad01cb70bde14fe09d47f2c809720bc22b1b169bd6d94af899f0e325d4886513ee8a53ee9055351f8f4ca31026deebb57adc9b

Download Submit
C:\Windows\System\csQnINb.exe

Filesize
3.2MB

MD5
a68b3985221f03b33bdab66a3f56957d

SHA1
ceec4dca3c784150ebf2d1dab122332542774698

SHA256
a07a3fc278090bd3a8bda6691a3bc39cb61eb08e4a70451d656f4643e454e9e5

SHA512
9ad91939f140d3b44d86d8269bfcf1d02d9fe093a16ecd496e92c7f82ad6bf6c3756770790d0f685d70811935abd97edc19bf3dedf0e0d2015ab8ddecf5731f6

Download Submit
C:\Windows\System\dFMtOKZ.exe

Filesize
3.2MB

MD5
953a1e6ec5c8c75938ae02e77b962dbe

SHA1
6fb5a0e4b3d41ad7ad93fdf5c3a572510d2fed55

SHA256
42074298c03ae081678e6eb9bd71d69aac640fc71af0db63019b7e64fa20069f

SHA512
91d205c1c230ae8d1bbc4e40bf82bee3d9f6ccacf2749a23cfb5c1b18abc037220d0d76f85e63e769b10e8d0f38b5c0bf1cde6b789b07fb8d6ab81f5abd66f11

Download Submit
C:\Windows\System\eXaqETM.exe

Filesize
3.2MB

MD5
9592d986ea3cf786f9d36ccc5d3ff551

SHA1
00b75efb0fe366363b8d7069a54f722ccbcb8063

SHA256
0e187af343e90bd3723484afe4060040f04e4da9f6d0b02eb3498717fa528d8b

SHA512
18572b4b7f93d83006155d066a8ea9b3a11794400d2d2b9d083d6da51b5817a728267d50d65437a3f35596d4d0e37d92b1caa27f3ed7c6172b59371c04a2372d

Download Submit
C:\Windows\System\eotfWwe.exe

Filesize
3.2MB

MD5
c9030e8a892134e14e77ef5183c626ba

SHA1
8b12c22ef432cfde088d581fd550e6a93db082c6

SHA256
c7a96cacbd9b2656cdfe4673202823da8d1df2d1c7881e24f09a9fd098d34758

SHA512
6d702be66cec2bff70a57211e96062e05a796ce346555342ce3f8bed1c9e55e4472e3aad734f4ae952718456027458586967969b794a1a7b91fceb3eb56c56f3

Download Submit
C:\Windows\System\fBolyrP.exe

Filesize
3.2MB

MD5
47bd07a18380ff671abc6c1a6201f579

SHA1
c9cb20f976049e8c1149d992c6dd710ef47a369d

SHA256
ad589cbc2e1772cbfd1efcb412818fa636625b916b0efc0e54bba13345babbe5

SHA512
c1fe6b7bd35fdb1066d46837ae2c85057972271f2450f67da751ebdac3292c52a2ed0d79ff9ddb85382685a956e9ec3ed807d7ec54f96233a756ea981a23c812

Download Submit
C:\Windows\System\fOIXDbk.exe

Filesize
3.2MB

MD5
5a2720082431e2cfb0b85aedefc79cd5

SHA1
57681c535739f075a32726560d71eba2d8780ebf

SHA256
48f4478efb289168522d64e784dc74ff88506f051c97a7fff64823c89e8e2ddf

SHA512
349417869c20c3f4ca17ef2d82df5587a8f3b0592836bc8bffa9016a2a3230e46bc2bd0b881ee29612720dc2eb2cdf5e9c9344d3b9b061dde2dc8b0a222ac24a

Download Submit
C:\Windows\System\fuspuIB.exe

Filesize
3.2MB

MD5
e095dc5e31195a2d33246ecde4a0907b

SHA1
4af89b425b0dfba12a3ad6947b5c2f1627d3e179

SHA256
72a81f2934cad7267f0028330371dac7fd8c349a037c082e16f0be697c80da31

SHA512
cf8ed5b36f29b451db62a38340417e21f0854d9f7dab1cab70e1e5e734f777b0d4bea67554d41936516a9e404b28f6c84df332eecb1a6a226505b6f092a10729

Download Submit
C:\Windows\System\hJPMRpv.exe

Filesize
3.2MB

MD5
dc1db4bf7bc3873c102b748a90bd56bc

SHA1
9206228f7dd8e76667af75150aca225e9050499e

SHA256
8ef26f04468deaea276fe848b03096870ddd11921ef6fbbed1f0d6dcdcb8889b

SHA512
a41dc3ad488cc39499e7a3e7ca38076aa2218dc0b53dbcfc99ef951d51196b0a02ae31b91a6d8d99d4e14cab54ff2d69bd459fc6f201467e25a5d4a663cb4147

Download Submit
C:\Windows\System\ikkIHId.exe

Filesize
3.2MB

MD5
4e5e8b26310acdfbeeaf916e9f45e854

SHA1
dbb43abd8b5dfa7b7f500b64673cd5050bb5b89a

SHA256
0ade95b8be3b71547cff2f8bb3b9892c19fce752fbb89e6f0187c0e381db75b0

SHA512
cf3f78be5ea7275b231ca8776580003f3d2dbeb16469a43c648a853b114a8e0f1b927daa1986bbdfeaf02bb2ff1a934678c27e53fa4d785b33bbe73f15f97d2b

Download Submit
C:\Windows\System\mjDPoOS.exe

Filesize
3.2MB

MD5
baf1239203e87c92181fbb493a16dc82

SHA1
bbef9ba96902c3a5d0ee376fe68b83e4d20ee33f

SHA256
34145273528b169d9b0e5c3c7f63a43cd34128d43d1f834c0d89c88a665c5d36

SHA512
1919094dfdc757c7e418ab750a8c633e6cf775ef874ad6dd0e38dca77601342fefae0143c1047b6b8cda5152ac460d387fe4d3922b20a5e87b5cde801b3ef3ca

Download Submit
C:\Windows\System\nPRglzP.exe

Filesize
3.2MB

MD5
36b0a981b47c00586ddb589ff3ee3575

SHA1
952cea0684a661ee9eba5096fe3d367e3b28331b

SHA256
d01f1c05172ea649d7d3b368367185e1428dfb6204161186dca7698407e98086

SHA512
144095d722564cae6405b98193b811828bc1ba55ee5dc41b4104e595d3a0c966b8b03e91dd018a6567cd0ea7d5b90ff6cc66037325b8c34e08d01472754aff8f

Download Submit
C:\Windows\System\oBmyClS.exe

Filesize
3.2MB

MD5
f6fd323e51916dc66cfad9b89684b81e

SHA1
d7d4bf9380bb8e5702dcf998acef1af0cb18b567

SHA256
fd0942d4ebb3fc82bea4c43e41af985a0e1bb2421854006768caf77bee4820ec

SHA512
8521017f8b5220e0c8b0e500fc02405597d5d1f6eb1f3d598935310aa6ba39319fb98eb2cde7f58f523b212f742ceac03421da864a0b35cde8d2b2d5bb8dff92

Download Submit
C:\Windows\System\owUCAjx.exe

Filesize
8B

MD5
7e1e9fcc71af27d4f3a70b3e20ac77b9

SHA1
09ec64762a6dbe9e03ecdb61ea5de2d274d170f0

SHA256
2f18658787aeca4d305f9fde7c9bc7343e5969bd51ec0e2c8583a2e506b9b404

SHA512
3beada4b1cd8ead153972e6e1293d504f7cea2d7323223a87897681d13a0872baba6942b9d88c8943892c0ad02e1f51ed3730edd702cc7d53ab31d006770ca91

Download Submit
C:\Windows\System\rOEoxNl.exe

Filesize
3.2MB

MD5
96c465e1bb73004e5ccb065be3a60698

SHA1
0422b59b5f67b8d121eb512b96854c6a72b428cf

SHA256
64a089fa6ec8b5aa2ec4b3114d14ab2918053b9bf69c623b7d01dc246dea5f44

SHA512
7441b447f97921adb825ea78a657cb98c6e9fd8a7f5f436cc9610187682c00617f652ea1d073dcc0eac96ed97d8a17d6ed81b5fb90434416d22c2493e447396e

Download Submit
C:\Windows\System\rYhxAgU.exe

Filesize
3.2MB

MD5
0b5a4054dab676f95815861973a08820

SHA1
d0b82b30ebb7f36ad7732167c39f9a688f976841

SHA256
e07391ee76d09d619941a6189a8859f09af860e0240c1c4a1d868f02a1ab3bdc

SHA512
a1e81241afd94385c1b14bb700d9336f309bc9d2b16e57522a5b5ba244bce58545b8242b7e365bf120ecba90eed1bd82c5f3ac0a96120d3c83d1b39289654773

Download Submit
C:\Windows\System\toKidCp.exe

Filesize
3.2MB

MD5
029733d121b3ac7f30d27cac5213b4b0

SHA1
3fedff7ef5224e05a28efe5e00d64e3a478390fc

SHA256
a1bd3e28d52e126c0e0ba46d40aa4fa3c16582ab93db67c936d080c3488661d1

SHA512
7f35f7e150c54e068085eb50337c9afb1928196b828c349cc3698f65d06d78caa24cecfeade6b15e56cb3bd09dfdd1eed65ac523c07d71a5d0c4cd79c393168c

Download Submit
C:\Windows\System\twAlBCZ.exe

Filesize
3.2MB

MD5
e53a7d4069bc91c8bf215ca8a6a745c1

SHA1
2ab42ad86dfc31624735bddf4f5ed7bbb9052180

SHA256
1529e112adb01920364b35ad1406027728e300651daed45958a5f6d10b8fd87a

SHA512
1d0553c0cc7a457d2bdcc19f0ed44e0b3e71f736dfe545a7ec1a721dc3d441aca4d741df0b910704984192ec854d9d5888be990fbf7a15fb99855f1ebd9ce82d

Download Submit
C:\Windows\System\wkuNrbx.exe

Filesize
3.2MB

MD5
23af769c95681be14dbb31bf56d90156

SHA1
e5fc5a3eb2424753bf86e9833a13045c6db9b47b

SHA256
75e07095b718ec77fa89d2cc8dfd9c5856e97beef57c1995a582a8b9311a6c69

SHA512
1d84ece979d59a016a0284c3ccd362df3ed4664bbd74507efed417410d0c647d24d9d836a3a95913d6e5fae6970819358395b1b7a1af4893846366c23f811d21

Download Submit
C:\Windows\System\yDmiLxJ.exe

Filesize
3.2MB

MD5
76bcc9a075a9d6cec68986c582c31712

SHA1
9f293722a0bb697cbe336c2b02a23a46ce348f57

SHA256
cdf0b44c7eb9c3ecc9130255b58863c0fb3eff34a0a5081d3e451e7c60285516

SHA512
966a6b58bf1f6832fee5f00b6b1582deb8b5d10c084186ddf8160e0e4eae19bd03e3cf07444eeacd3437b059bc1387fa167b49a679435c6f3c4b16228f48a3d7

Download Submit
C:\Windows\System\zAXefRA.exe

Filesize
3.2MB

MD5
11f8c28fc6c4c1e7c205086baa7bf8df

SHA1
7060f0e0e473dc58bb2f43a5b6381bcea5870204

SHA256
d6fc88e9984e5e646d25dee1ff7293bbe49be3dba917c7065691b80289fba49e

SHA512
61e51956156281156dbee813096c584a4e10442ca7c6c8fb485da6eb52bb9bba53ed2915a0098ea38c99fa450f219c3dbd7ce01ee842c6d46d6fd4375ef9d95a

Download Submit
C:\Windows\System\zhrWTQi.exe

Filesize
3.2MB

MD5
928f004ac5c22d844ceb2c04c8ecd8b0

SHA1
361d5dc30faaa12bb03925b5c2704f4427e51747

SHA256
924331dc542fb6a01fcdda664ce54c250c617b6c1e914537aad59c57fb7294b3

SHA512
479a5bfabde2dfe6acde14fc9d897fa27f532afa40bae0cf3466e99dbc72624003aa091666ff846e169e719e622d001316a2e37252f7f540a745ef72bb6f8a78

Download Submit
memory/516-1986-0x00007FF6BB830000-0x00007FF6BBC26000-memory.dmp

Filesize
4.0MB

Download
memory/516-193-0x00007FF6BB830000-0x00007FF6BBC26000-memory.dmp

Filesize
4.0MB

Download
memory/716-201-0x00007FF733490000-0x00007FF733886000-memory.dmp

Filesize
4.0MB

Download
memory/716-1990-0x00007FF733490000-0x00007FF733886000-memory.dmp

Filesize
4.0MB

Download
memory/1172-1-0x000001C5F9AD0000-0x000001C5F9AE0000-memory.dmp

Filesize
64KB

Download
memory/1172-0-0x00007FF719780000-0x00007FF719B76000-memory.dmp

Filesize
4.0MB

Download
memory/1404-1973-0x00007FF756AC0000-0x00007FF756EB6000-memory.dmp

Filesize
4.0MB

Download
memory/1404-44-0x00007FF756AC0000-0x00007FF756EB6000-memory.dmp

Filesize
4.0MB

Download
memory/1404-1958-0x00007FF756AC0000-0x00007FF756EB6000-memory.dmp

Filesize
4.0MB

Download
memory/1456-1982-0x00007FF7C15C0000-0x00007FF7C19B6000-memory.dmp

Filesize
4.0MB

Download
memory/1456-145-0x00007FF7C15C0000-0x00007FF7C19B6000-memory.dmp

Filesize
4.0MB

Download
memory/1708-139-0x00007FF702740000-0x00007FF702B36000-memory.dmp

Filesize
4.0MB

Download
memory/1708-1979-0x00007FF702740000-0x00007FF702B36000-memory.dmp

Filesize
4.0MB

Download
memory/1760-1968-0x00007FF621110000-0x00007FF621506000-memory.dmp

Filesize
4.0MB

Download
memory/1760-105-0x00007FF621110000-0x00007FF621506000-memory.dmp

Filesize
4.0MB

Download
memory/1784-208-0x00007FF675820000-0x00007FF675C16000-memory.dmp

Filesize
4.0MB

Download
memory/2484-1969-0x00007FF6C20B0000-0x00007FF6C24A6000-memory.dmp

Filesize
4.0MB

Download
memory/2484-23-0x00007FF6C20B0000-0x00007FF6C24A6000-memory.dmp

Filesize
4.0MB

Download
memory/2596-1954-0x00007FFAD9F90000-0x00007FFADAA51000-memory.dmp

Filesize
10.8MB

Download
memory/2596-79-0x00007FFAD9F90000-0x00007FFADAA51000-memory.dmp

Filesize
10.8MB

Download
memory/2596-438-0x000001A535890000-0x000001A536036000-memory.dmp

Filesize
7.6MB

Download
memory/2596-5-0x00007FFAD9F93000-0x00007FFAD9F95000-memory.dmp

Filesize
8KB

Download
memory/2596-1956-0x00007FFAD9F93000-0x00007FFAD9F95000-memory.dmp

Filesize
8KB

Download
memory/2596-1967-0x00007FFAD9F90000-0x00007FFADAA51000-memory.dmp

Filesize
10.8MB

Download
memory/2596-25-0x000001A51C1C0000-0x000001A51C1E2000-memory.dmp

Filesize
136KB

Download
memory/2596-16-0x00007FFAD9F90000-0x00007FFADAA51000-memory.dmp

Filesize
10.8MB

Download
memory/2656-181-0x00007FF6BAFB0000-0x00007FF6BB3A6000-memory.dmp

Filesize
4.0MB

Download
memory/2656-1989-0x00007FF6BAFB0000-0x00007FF6BB3A6000-memory.dmp

Filesize
4.0MB

Download
memory/3056-175-0x00007FF7875F0000-0x00007FF7879E6000-memory.dmp

Filesize
4.0MB

Download
memory/3056-1978-0x00007FF7875F0000-0x00007FF7879E6000-memory.dmp

Filesize
4.0MB

Download
memory/3068-133-0x00007FF742AE0000-0x00007FF742ED6000-memory.dmp

Filesize
4.0MB

Download
memory/3068-1974-0x00007FF742AE0000-0x00007FF742ED6000-memory.dmp

Filesize
4.0MB

Download
memory/3116-1984-0x00007FF6142A0000-0x00007FF614696000-memory.dmp

Filesize
4.0MB

Download
memory/3116-197-0x00007FF6142A0000-0x00007FF614696000-memory.dmp

Filesize
4.0MB

Download
memory/3536-157-0x00007FF7BA740000-0x00007FF7BAB36000-memory.dmp

Filesize
4.0MB

Download
memory/3536-1980-0x00007FF7BA740000-0x00007FF7BAB36000-memory.dmp

Filesize
4.0MB

Download
memory/3644-163-0x00007FF7AB790000-0x00007FF7ABB86000-memory.dmp

Filesize
4.0MB

Download
memory/3644-1987-0x00007FF7AB790000-0x00007FF7ABB86000-memory.dmp

Filesize
4.0MB

Download
memory/3668-110-0x00007FF7E1A90000-0x00007FF7E1E86000-memory.dmp

Filesize
4.0MB

Download
memory/3668-1972-0x00007FF7E1A90000-0x00007FF7E1E86000-memory.dmp

Filesize
4.0MB

Download
memory/3848-127-0x00007FF696BE0000-0x00007FF696FD6000-memory.dmp

Filesize
4.0MB

Download
memory/3848-1975-0x00007FF696BE0000-0x00007FF696FD6000-memory.dmp

Filesize
4.0MB

Download
memory/3912-1970-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp

Filesize
4.0MB

Download
memory/3912-36-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp

Filesize
4.0MB

Download
memory/3912-1957-0x00007FF718CC0000-0x00007FF7190B6000-memory.dmp

Filesize
4.0MB

Download
memory/4088-1977-0x00007FF77C9B0000-0x00007FF77CDA6000-memory.dmp

Filesize
4.0MB

Download
memory/4088-116-0x00007FF77C9B0000-0x00007FF77CDA6000-memory.dmp

Filesize
4.0MB

Download
memory/4172-43-0x00007FF7031F0000-0x00007FF7035E6000-memory.dmp

Filesize
4.0MB

Download
memory/4172-1955-0x00007FF7031F0000-0x00007FF7035E6000-memory.dmp

Filesize
4.0MB

Download
memory/4172-1971-0x00007FF7031F0000-0x00007FF7035E6000-memory.dmp

Filesize
4.0MB

Download
memory/4232-205-0x00007FF7A8C70000-0x00007FF7A9066000-memory.dmp

Filesize
4.0MB

Download
memory/4232-1988-0x00007FF7A8C70000-0x00007FF7A9066000-memory.dmp

Filesize
4.0MB

Download
memory/4280-1981-0x00007FF712880000-0x00007FF712C76000-memory.dmp

Filesize
4.0MB

Download
memory/4280-151-0x00007FF712880000-0x00007FF712C76000-memory.dmp

Filesize
4.0MB

Download
memory/4400-1983-0x00007FF71CCC0000-0x00007FF71D0B6000-memory.dmp

Filesize
4.0MB

Download
memory/4400-169-0x00007FF71CCC0000-0x00007FF71D0B6000-memory.dmp

Filesize
4.0MB

Download
memory/4808-187-0x00007FF668B40000-0x00007FF668F36000-memory.dmp

Filesize
4.0MB

Download
memory/4808-1985-0x00007FF668B40000-0x00007FF668F36000-memory.dmp

Filesize
4.0MB

Download
memory/4896-120-0x00007FF7B2BC0000-0x00007FF7B2FB6000-memory.dmp

Filesize
4.0MB

Download
memory/4896-1976-0x00007FF7B2BC0000-0x00007FF7B2FB6000-memory.dmp

Filesize
4.0MB

Download