xmrig | f76ba8898f191311e03fa4ec1528366b908580721d5f1cc21d6d7eb673b36d75

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
Size

1.8MB
MD5

144250e8971d6d2553bb043d152bad30
SHA1

fee48e5edcfb676f58623fccebf085e773ea1f09
SHA256

f76ba8898f191311e03fa4ec1528366b908580721d5f1cc21d6d7eb673b36d75
SHA512

92f87840e7015331330ab489508eaf54dcb7750d549fe548afb1a9eff4c802f5abad4761949d84271bb61a62dfc7d52c92b295471df864a486468fd1d8ba4d47
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4povho0N4:NAB/

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/1744-130-0x00007FF67E3B0000-0x00007FF67E7A2000-memory.dmp	xmrig
behavioral2/memory/2944-135-0x00007FF71D120000-0x00007FF71D512000-memory.dmp	xmrig
behavioral2/memory/2344-144-0x00007FF7B80B0000-0x00007FF7B84A2000-memory.dmp	xmrig
behavioral2/memory/5012-167-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp	xmrig
behavioral2/memory/3356-161-0x00007FF716820000-0x00007FF716C12000-memory.dmp	xmrig
behavioral2/memory/1816-160-0x00007FF6B1450000-0x00007FF6B1842000-memory.dmp	xmrig
behavioral2/memory/844-154-0x00007FF6D3180000-0x00007FF6D3572000-memory.dmp	xmrig
behavioral2/memory/3212-148-0x00007FF726140000-0x00007FF726532000-memory.dmp	xmrig
behavioral2/memory/4512-140-0x00007FF658CC0000-0x00007FF6590B2000-memory.dmp	xmrig
behavioral2/memory/4484-137-0x00007FF729650000-0x00007FF729A42000-memory.dmp	xmrig
behavioral2/memory/3752-129-0x00007FF681220000-0x00007FF681612000-memory.dmp	xmrig
behavioral2/memory/2584-128-0x00007FF72EF00000-0x00007FF72F2F2000-memory.dmp	xmrig
behavioral2/memory/3988-124-0x00007FF64CF90000-0x00007FF64D382000-memory.dmp	xmrig
behavioral2/memory/2300-119-0x00007FF7C33B0000-0x00007FF7C37A2000-memory.dmp	xmrig
behavioral2/memory/1476-115-0x00007FF671DB0000-0x00007FF6721A2000-memory.dmp	xmrig
behavioral2/memory/2172-98-0x00007FF759600000-0x00007FF7599F2000-memory.dmp	xmrig
behavioral2/memory/2608-94-0x00007FF7A5210000-0x00007FF7A5602000-memory.dmp	xmrig
behavioral2/memory/4880-88-0x00007FF72CCC0000-0x00007FF72D0B2000-memory.dmp	xmrig
behavioral2/memory/5056-82-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp	xmrig
behavioral2/memory/1876-77-0x00007FF70B270000-0x00007FF70B662000-memory.dmp	xmrig
behavioral2/memory/2140-71-0x00007FF639AF0000-0x00007FF639EE2000-memory.dmp	xmrig
behavioral2/memory/2136-65-0x00007FF7F1B50000-0x00007FF7F1F42000-memory.dmp	xmrig
behavioral2/memory/2060-56-0x00007FF7785B0000-0x00007FF7789A2000-memory.dmp	xmrig
behavioral2/memory/5084-50-0x00007FF781110000-0x00007FF781502000-memory.dmp	xmrig
behavioral2/memory/5084-2506-0x00007FF781110000-0x00007FF781502000-memory.dmp	xmrig
behavioral2/memory/2060-2508-0x00007FF7785B0000-0x00007FF7789A2000-memory.dmp	xmrig
behavioral2/memory/2136-2510-0x00007FF7F1B50000-0x00007FF7F1F42000-memory.dmp	xmrig
behavioral2/memory/1876-2514-0x00007FF70B270000-0x00007FF70B662000-memory.dmp	xmrig
behavioral2/memory/2140-2513-0x00007FF639AF0000-0x00007FF639EE2000-memory.dmp	xmrig
behavioral2/memory/1476-2516-0x00007FF671DB0000-0x00007FF6721A2000-memory.dmp	xmrig
behavioral2/memory/5056-2524-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp	xmrig
behavioral2/memory/3988-2523-0x00007FF64CF90000-0x00007FF64D382000-memory.dmp	xmrig
behavioral2/memory/4880-2520-0x00007FF72CCC0000-0x00007FF72D0B2000-memory.dmp	xmrig
behavioral2/memory/2584-2526-0x00007FF72EF00000-0x00007FF72F2F2000-memory.dmp	xmrig
behavioral2/memory/2608-2528-0x00007FF7A5210000-0x00007FF7A5602000-memory.dmp	xmrig
behavioral2/memory/2300-2519-0x00007FF7C33B0000-0x00007FF7C37A2000-memory.dmp	xmrig
behavioral2/memory/2172-2531-0x00007FF759600000-0x00007FF7599F2000-memory.dmp	xmrig
behavioral2/memory/1744-2532-0x00007FF67E3B0000-0x00007FF67E7A2000-memory.dmp	xmrig
behavioral2/memory/3752-2534-0x00007FF681220000-0x00007FF681612000-memory.dmp	xmrig
behavioral2/memory/2944-2536-0x00007FF71D120000-0x00007FF71D512000-memory.dmp	xmrig
behavioral2/memory/2344-2540-0x00007FF7B80B0000-0x00007FF7B84A2000-memory.dmp	xmrig
behavioral2/memory/4484-2539-0x00007FF729650000-0x00007FF729A42000-memory.dmp	xmrig
behavioral2/memory/844-2546-0x00007FF6D3180000-0x00007FF6D3572000-memory.dmp	xmrig
behavioral2/memory/4512-2545-0x00007FF658CC0000-0x00007FF6590B2000-memory.dmp	xmrig
behavioral2/memory/3212-2543-0x00007FF726140000-0x00007FF726532000-memory.dmp	xmrig
behavioral2/memory/3356-2552-0x00007FF716820000-0x00007FF716C12000-memory.dmp	xmrig
behavioral2/memory/5012-2555-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp	xmrig
behavioral2/memory/1816-2551-0x00007FF6B1450000-0x00007FF6B1842000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	2068	powershell.exe
11	2068	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2068	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
5084	jWKavof.exe
2060	Vyyzxyv.exe
2136	LOwrgwT.exe
2140	onfRZYY.exe
1876	MkAACOQ.exe
1476	bkuDxtd.exe
5056	kNmYovp.exe
4880	Ebijjjz.exe
2300	LsJQHxt.exe
3988	mHKogwE.exe
2608	kbwBxIG.exe
2584	KfvmOTF.exe
3752	abuZDWD.exe
2172	oUsmJXm.exe
1744	pMIiEOd.exe
2944	aqupmyL.exe
4484	tfFiMcq.exe
4512	DhxmDsk.exe
2344	kOJbTda.exe
3212	EGHFfao.exe
844	TSJQlXX.exe
1816	ujTKCZF.exe
3356	mTSEWOg.exe
5012	SwkXiEq.exe
384	ArEFCgB.exe
1940	qdzzUUR.exe
3820	RTeXoDI.exe
1796	iTpGVKg.exe
3984	WFGlhsF.exe
4840	ATnCCBF.exe
1492	oGkMHkL.exe
1060	mDKfsMN.exe
3992	EvUVqNI.exe
432	jhCPpmv.exe
4860	RBDEKJu.exe
1148	rXaRyQm.exe
4300	xpRuuFk.exe
996	dcEbzRa.exe
4828	LWvLTst.exe
1644	MBZtJdU.exe
2460	mkbgKBo.exe
3256	MVZJtib.exe
4068	MVNlCLe.exe
1096	iyRwSGr.exe
3624	BUdPcXa.exe
2264	WhJDyYN.exe
4800	DFtDOcG.exe
3468	zcpmMiR.exe
2952	YzRFGdQ.exe
2784	sgDDPwI.exe
1760	lxCSbju.exe
4492	GnsBYbx.exe
2196	usnNAzK.exe
1000	iSbxqFL.exe
3872	Xapldtm.exe
4416	hhXibKf.exe
948	zGZBKBI.exe
1900	dwVSfvL.exe
3768	vFYsMxO.exe
4592	OuvYmaB.exe
1208	ohmMTME.exe
2308	luRJDIm.exe
3080	zbrkjVE.exe
3432	FOhHdqT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3164-0-0x00007FF73DF80000-0x00007FF73E372000-memory.dmp	upx
behavioral2/files/0x0008000000023401-7.dat	upx
behavioral2/files/0x0007000000023403-9.dat	upx
behavioral2/files/0x0007000000023402-14.dat	upx
behavioral2/files/0x0007000000023404-22.dat	upx
behavioral2/files/0x0007000000023405-24.dat	upx
behavioral2/files/0x0007000000023407-46.dat	upx
behavioral2/files/0x0007000000023408-47.dat	upx
behavioral2/files/0x0007000000023409-53.dat	upx
behavioral2/files/0x000800000002340b-60.dat	upx
behavioral2/files/0x000700000002340d-73.dat	upx
behavioral2/files/0x000700000002340e-80.dat	upx
behavioral2/files/0x000700000002340c-85.dat	upx
behavioral2/files/0x000800000002340a-91.dat	upx
behavioral2/files/0x0007000000023411-107.dat	upx
behavioral2/files/0x00090000000233fb-112.dat	upx
behavioral2/files/0x0007000000023412-116.dat	upx
behavioral2/files/0x0007000000023414-131.dat	upx
behavioral2/memory/1744-130-0x00007FF67E3B0000-0x00007FF67E7A2000-memory.dmp	upx
behavioral2/memory/2944-135-0x00007FF71D120000-0x00007FF71D512000-memory.dmp	upx
behavioral2/memory/2344-144-0x00007FF7B80B0000-0x00007FF7B84A2000-memory.dmp	upx
behavioral2/files/0x0007000000023415-149.dat	upx
behavioral2/files/0x0007000000023418-168.dat	upx
behavioral2/files/0x000700000002341e-198.dat	upx
behavioral2/files/0x0007000000023420-200.dat	upx
behavioral2/files/0x000700000002341f-195.dat	upx
behavioral2/files/0x000700000002341d-193.dat	upx
behavioral2/files/0x000700000002341c-188.dat	upx
behavioral2/files/0x000700000002341b-183.dat	upx
behavioral2/files/0x000700000002341a-178.dat	upx
behavioral2/files/0x0007000000023419-173.dat	upx
behavioral2/memory/5012-167-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp	upx
behavioral2/files/0x0007000000023417-162.dat	upx
behavioral2/memory/3356-161-0x00007FF716820000-0x00007FF716C12000-memory.dmp	upx
behavioral2/memory/1816-160-0x00007FF6B1450000-0x00007FF6B1842000-memory.dmp	upx
behavioral2/files/0x0007000000023416-155.dat	upx
behavioral2/memory/844-154-0x00007FF6D3180000-0x00007FF6D3572000-memory.dmp	upx
behavioral2/memory/3212-148-0x00007FF726140000-0x00007FF726532000-memory.dmp	upx
behavioral2/memory/4512-140-0x00007FF658CC0000-0x00007FF6590B2000-memory.dmp	upx
behavioral2/memory/4484-137-0x00007FF729650000-0x00007FF729A42000-memory.dmp	upx
behavioral2/files/0x0007000000023413-133.dat	upx
behavioral2/memory/3752-129-0x00007FF681220000-0x00007FF681612000-memory.dmp	upx
behavioral2/memory/2584-128-0x00007FF72EF00000-0x00007FF72F2F2000-memory.dmp	upx
behavioral2/memory/3988-124-0x00007FF64CF90000-0x00007FF64D382000-memory.dmp	upx
behavioral2/memory/2300-119-0x00007FF7C33B0000-0x00007FF7C37A2000-memory.dmp	upx
behavioral2/memory/1476-115-0x00007FF671DB0000-0x00007FF6721A2000-memory.dmp	upx
behavioral2/files/0x0007000000023410-105.dat	upx
behavioral2/files/0x000700000002340f-100.dat	upx
behavioral2/memory/2172-98-0x00007FF759600000-0x00007FF7599F2000-memory.dmp	upx
behavioral2/memory/2608-94-0x00007FF7A5210000-0x00007FF7A5602000-memory.dmp	upx
behavioral2/memory/4880-88-0x00007FF72CCC0000-0x00007FF72D0B2000-memory.dmp	upx
behavioral2/memory/5056-82-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp	upx
behavioral2/memory/1876-77-0x00007FF70B270000-0x00007FF70B662000-memory.dmp	upx
behavioral2/memory/2140-71-0x00007FF639AF0000-0x00007FF639EE2000-memory.dmp	upx
behavioral2/memory/2136-65-0x00007FF7F1B50000-0x00007FF7F1F42000-memory.dmp	upx
behavioral2/memory/2060-56-0x00007FF7785B0000-0x00007FF7789A2000-memory.dmp	upx
behavioral2/files/0x0007000000023406-51.dat	upx
behavioral2/memory/5084-50-0x00007FF781110000-0x00007FF781502000-memory.dmp	upx
behavioral2/memory/5084-2506-0x00007FF781110000-0x00007FF781502000-memory.dmp	upx
behavioral2/memory/2060-2508-0x00007FF7785B0000-0x00007FF7789A2000-memory.dmp	upx
behavioral2/memory/2136-2510-0x00007FF7F1B50000-0x00007FF7F1F42000-memory.dmp	upx
behavioral2/memory/1876-2514-0x00007FF70B270000-0x00007FF70B662000-memory.dmp	upx
behavioral2/memory/2140-2513-0x00007FF639AF0000-0x00007FF639EE2000-memory.dmp	upx
behavioral2/memory/1476-2516-0x00007FF671DB0000-0x00007FF6721A2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wNurNvF.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\lRpjhlg.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\jjTmPzY.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\MLAYOlE.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\FOhHdqT.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\dPGuHjh.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\jkcVVJb.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\Xapldtm.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\qzhnHVJ.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\SwkXiEq.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\MefmmJT.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\piCqKqJ.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\uwCdZuL.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\WhJDyYN.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\LOfubPe.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\YuEWRxM.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\lURGBDe.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\bEFLMed.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\UYHMqWS.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\dHhmsHO.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\EQPZNDa.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\mHKogwE.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\qDKNWwv.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\owafrFp.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\RuGnALA.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\ouUjejk.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\IChkgCk.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\EvUVqNI.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\ViafZaq.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\CzTdtOd.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\BFIWskc.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\tanbJYm.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\TBgMNju.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\VHzEgwx.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\pVOLjgm.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\raDUtvc.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\BHtHLPn.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\SgIudKK.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\gwomjbo.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\aLDMIYP.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\mgiYfqB.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\OCAkQup.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\gTwGtEf.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\gLsuyLT.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\AZSBfeq.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\TaRpjdV.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\xkjWZBA.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\zHcWwfy.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\gnSSFPB.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\maRhtHf.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\lgHTpHP.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\UfUwDAn.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\PTyDIgp.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\isoNGgd.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\AbdIqeo.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\ViVyZpv.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\GhlivDs.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\aXgICvN.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\DPJlTho.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\vKcasLw.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\jamWrEP.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\huyfIZd.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\WKNhwRJ.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
File created	C:\Windows\System\GeeHYkK.exe	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2068	powershell.exe
2068	powershell.exe
2068	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
Token: SeDebugPrivilege	2068	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 2068	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	86
PID 3164 wrote to memory of 2068	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	86
PID 3164 wrote to memory of 5084	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	87
PID 3164 wrote to memory of 5084	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	87
PID 3164 wrote to memory of 2060	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	88
PID 3164 wrote to memory of 2060	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	88
PID 3164 wrote to memory of 2136	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	89
PID 3164 wrote to memory of 2136	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	89
PID 3164 wrote to memory of 2140	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	90
PID 3164 wrote to memory of 2140	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	90
PID 3164 wrote to memory of 1876	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	91
PID 3164 wrote to memory of 1876	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	91
PID 3164 wrote to memory of 1476	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	92
PID 3164 wrote to memory of 1476	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	92
PID 3164 wrote to memory of 5056	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	93
PID 3164 wrote to memory of 5056	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	93
PID 3164 wrote to memory of 4880	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	94
PID 3164 wrote to memory of 4880	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	94
PID 3164 wrote to memory of 2300	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	95
PID 3164 wrote to memory of 2300	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	95
PID 3164 wrote to memory of 3988	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	96
PID 3164 wrote to memory of 3988	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	96
PID 3164 wrote to memory of 2608	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	97
PID 3164 wrote to memory of 2608	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	97
PID 3164 wrote to memory of 2584	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	98
PID 3164 wrote to memory of 2584	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	98
PID 3164 wrote to memory of 3752	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	99
PID 3164 wrote to memory of 3752	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	99
PID 3164 wrote to memory of 2172	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	100
PID 3164 wrote to memory of 2172	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	100
PID 3164 wrote to memory of 1744	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	101
PID 3164 wrote to memory of 1744	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	101
PID 3164 wrote to memory of 2944	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	102
PID 3164 wrote to memory of 2944	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	102
PID 3164 wrote to memory of 4484	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	103
PID 3164 wrote to memory of 4484	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	103
PID 3164 wrote to memory of 4512	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	104
PID 3164 wrote to memory of 4512	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	104
PID 3164 wrote to memory of 2344	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	105
PID 3164 wrote to memory of 2344	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	105
PID 3164 wrote to memory of 3212	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	106
PID 3164 wrote to memory of 3212	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	106
PID 3164 wrote to memory of 844	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	107
PID 3164 wrote to memory of 844	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	107
PID 3164 wrote to memory of 1816	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	108
PID 3164 wrote to memory of 1816	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	108
PID 3164 wrote to memory of 3356	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	109
PID 3164 wrote to memory of 3356	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	109
PID 3164 wrote to memory of 5012	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	110
PID 3164 wrote to memory of 5012	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	110
PID 3164 wrote to memory of 384	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	111
PID 3164 wrote to memory of 384	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	111
PID 3164 wrote to memory of 1940	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	112
PID 3164 wrote to memory of 1940	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	112
PID 3164 wrote to memory of 3820	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	113
PID 3164 wrote to memory of 3820	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	113
PID 3164 wrote to memory of 1796	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	114
PID 3164 wrote to memory of 1796	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	114
PID 3164 wrote to memory of 3984	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	115
PID 3164 wrote to memory of 3984	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	115
PID 3164 wrote to memory of 4840	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	116
PID 3164 wrote to memory of 4840	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	116
PID 3164 wrote to memory of 1492	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	117
PID 3164 wrote to memory of 1492	3164	144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe	117

C:\Users\Admin\AppData\Local\Temp\144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\144250e8971d6d2553bb043d152bad30_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2068
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2068" "2928" "2852" "2932" "0" "0" "2936" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12060
- C:\Windows\System\jWKavof.exe
  C:\Windows\System\jWKavof.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\Vyyzxyv.exe
  C:\Windows\System\Vyyzxyv.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\LOwrgwT.exe
  C:\Windows\System\LOwrgwT.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\onfRZYY.exe
  C:\Windows\System\onfRZYY.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\MkAACOQ.exe
  C:\Windows\System\MkAACOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\bkuDxtd.exe
  C:\Windows\System\bkuDxtd.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\kNmYovp.exe
  C:\Windows\System\kNmYovp.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\Ebijjjz.exe
  C:\Windows\System\Ebijjjz.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\LsJQHxt.exe
  C:\Windows\System\LsJQHxt.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\mHKogwE.exe
  C:\Windows\System\mHKogwE.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\kbwBxIG.exe
  C:\Windows\System\kbwBxIG.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\KfvmOTF.exe
  C:\Windows\System\KfvmOTF.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\abuZDWD.exe
  C:\Windows\System\abuZDWD.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\oUsmJXm.exe
  C:\Windows\System\oUsmJXm.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\pMIiEOd.exe
  C:\Windows\System\pMIiEOd.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\aqupmyL.exe
  C:\Windows\System\aqupmyL.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\tfFiMcq.exe
  C:\Windows\System\tfFiMcq.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\DhxmDsk.exe
  C:\Windows\System\DhxmDsk.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\kOJbTda.exe
  C:\Windows\System\kOJbTda.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\EGHFfao.exe
  C:\Windows\System\EGHFfao.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\TSJQlXX.exe
  C:\Windows\System\TSJQlXX.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\ujTKCZF.exe
  C:\Windows\System\ujTKCZF.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\mTSEWOg.exe
  C:\Windows\System\mTSEWOg.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\SwkXiEq.exe
  C:\Windows\System\SwkXiEq.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\ArEFCgB.exe
  C:\Windows\System\ArEFCgB.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\qdzzUUR.exe
  C:\Windows\System\qdzzUUR.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\RTeXoDI.exe
  C:\Windows\System\RTeXoDI.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\iTpGVKg.exe
  C:\Windows\System\iTpGVKg.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\WFGlhsF.exe
  C:\Windows\System\WFGlhsF.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\ATnCCBF.exe
  C:\Windows\System\ATnCCBF.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\oGkMHkL.exe
  C:\Windows\System\oGkMHkL.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\mDKfsMN.exe
  C:\Windows\System\mDKfsMN.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\EvUVqNI.exe
  C:\Windows\System\EvUVqNI.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\jhCPpmv.exe
  C:\Windows\System\jhCPpmv.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\RBDEKJu.exe
  C:\Windows\System\RBDEKJu.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\rXaRyQm.exe
  C:\Windows\System\rXaRyQm.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\xpRuuFk.exe
  C:\Windows\System\xpRuuFk.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\dcEbzRa.exe
  C:\Windows\System\dcEbzRa.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\LWvLTst.exe
  C:\Windows\System\LWvLTst.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\MBZtJdU.exe
  C:\Windows\System\MBZtJdU.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\mkbgKBo.exe
  C:\Windows\System\mkbgKBo.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\MVZJtib.exe
  C:\Windows\System\MVZJtib.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\MVNlCLe.exe
  C:\Windows\System\MVNlCLe.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\iyRwSGr.exe
  C:\Windows\System\iyRwSGr.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\BUdPcXa.exe
  C:\Windows\System\BUdPcXa.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\WhJDyYN.exe
  C:\Windows\System\WhJDyYN.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\DFtDOcG.exe
  C:\Windows\System\DFtDOcG.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\zcpmMiR.exe
  C:\Windows\System\zcpmMiR.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\YzRFGdQ.exe
  C:\Windows\System\YzRFGdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\sgDDPwI.exe
  C:\Windows\System\sgDDPwI.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\lxCSbju.exe
  C:\Windows\System\lxCSbju.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\GnsBYbx.exe
  C:\Windows\System\GnsBYbx.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\usnNAzK.exe
  C:\Windows\System\usnNAzK.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\iSbxqFL.exe
  C:\Windows\System\iSbxqFL.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\Xapldtm.exe
  C:\Windows\System\Xapldtm.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\hhXibKf.exe
  C:\Windows\System\hhXibKf.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\zGZBKBI.exe
  C:\Windows\System\zGZBKBI.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\dwVSfvL.exe
  C:\Windows\System\dwVSfvL.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\vFYsMxO.exe
  C:\Windows\System\vFYsMxO.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\OuvYmaB.exe
  C:\Windows\System\OuvYmaB.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\ohmMTME.exe
  C:\Windows\System\ohmMTME.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\luRJDIm.exe
  C:\Windows\System\luRJDIm.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\zbrkjVE.exe
  C:\Windows\System\zbrkjVE.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\FOhHdqT.exe
  C:\Windows\System\FOhHdqT.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\WDXAvLb.exe
  C:\Windows\System\WDXAvLb.exe
  2⤵
  PID:5144
- C:\Windows\System\DkqqmQv.exe
  C:\Windows\System\DkqqmQv.exe
  2⤵
  PID:5176
- C:\Windows\System\VgtUhvG.exe
  C:\Windows\System\VgtUhvG.exe
  2⤵
  PID:5192
- C:\Windows\System\PsRFBVc.exe
  C:\Windows\System\PsRFBVc.exe
  2⤵
  PID:5220
- C:\Windows\System\cdZDVsE.exe
  C:\Windows\System\cdZDVsE.exe
  2⤵
  PID:5248
- C:\Windows\System\bHLhTuy.exe
  C:\Windows\System\bHLhTuy.exe
  2⤵
  PID:5272
- C:\Windows\System\MRnElwD.exe
  C:\Windows\System\MRnElwD.exe
  2⤵
  PID:5304
- C:\Windows\System\xJwkByw.exe
  C:\Windows\System\xJwkByw.exe
  2⤵
  PID:5332
- C:\Windows\System\LBhPVDb.exe
  C:\Windows\System\LBhPVDb.exe
  2⤵
  PID:5360
- C:\Windows\System\SJovQuh.exe
  C:\Windows\System\SJovQuh.exe
  2⤵
  PID:5388
- C:\Windows\System\yapbodm.exe
  C:\Windows\System\yapbodm.exe
  2⤵
  PID:5420
- C:\Windows\System\pcrQfNm.exe
  C:\Windows\System\pcrQfNm.exe
  2⤵
  PID:5444
- C:\Windows\System\GwHInkx.exe
  C:\Windows\System\GwHInkx.exe
  2⤵
  PID:5472
- C:\Windows\System\OOHwnyw.exe
  C:\Windows\System\OOHwnyw.exe
  2⤵
  PID:5496
- C:\Windows\System\fJdNEkj.exe
  C:\Windows\System\fJdNEkj.exe
  2⤵
  PID:5528
- C:\Windows\System\fvjMAIK.exe
  C:\Windows\System\fvjMAIK.exe
  2⤵
  PID:5560
- C:\Windows\System\htjdIRe.exe
  C:\Windows\System\htjdIRe.exe
  2⤵
  PID:5584
- C:\Windows\System\FNdGWkm.exe
  C:\Windows\System\FNdGWkm.exe
  2⤵
  PID:5612
- C:\Windows\System\zCXjlMZ.exe
  C:\Windows\System\zCXjlMZ.exe
  2⤵
  PID:5636
- C:\Windows\System\OaITxLv.exe
  C:\Windows\System\OaITxLv.exe
  2⤵
  PID:5668
- C:\Windows\System\WAJOZaj.exe
  C:\Windows\System\WAJOZaj.exe
  2⤵
  PID:5696
- C:\Windows\System\nvVJvvy.exe
  C:\Windows\System\nvVJvvy.exe
  2⤵
  PID:5724
- C:\Windows\System\AlKmHtX.exe
  C:\Windows\System\AlKmHtX.exe
  2⤵
  PID:5752
- C:\Windows\System\fvdEudF.exe
  C:\Windows\System\fvdEudF.exe
  2⤵
  PID:5784
- C:\Windows\System\FFqOIds.exe
  C:\Windows\System\FFqOIds.exe
  2⤵
  PID:5808
- C:\Windows\System\ayyrLtB.exe
  C:\Windows\System\ayyrLtB.exe
  2⤵
  PID:5836
- C:\Windows\System\NMBuSGj.exe
  C:\Windows\System\NMBuSGj.exe
  2⤵
  PID:5856
- C:\Windows\System\LOfubPe.exe
  C:\Windows\System\LOfubPe.exe
  2⤵
  PID:5888
- C:\Windows\System\GrPYzoa.exe
  C:\Windows\System\GrPYzoa.exe
  2⤵
  PID:5992
- C:\Windows\System\JznVFXU.exe
  C:\Windows\System\JznVFXU.exe
  2⤵
  PID:6008
- C:\Windows\System\ekPnaMM.exe
  C:\Windows\System\ekPnaMM.exe
  2⤵
  PID:6032
- C:\Windows\System\xVhyTEd.exe
  C:\Windows\System\xVhyTEd.exe
  2⤵
  PID:6068
- C:\Windows\System\XsKHHdi.exe
  C:\Windows\System\XsKHHdi.exe
  2⤵
  PID:6104
- C:\Windows\System\GkVOcLR.exe
  C:\Windows\System\GkVOcLR.exe
  2⤵
  PID:6120
- C:\Windows\System\UrNAJOc.exe
  C:\Windows\System\UrNAJOc.exe
  2⤵
  PID:3168
- C:\Windows\System\KkEYPGo.exe
  C:\Windows\System\KkEYPGo.exe
  2⤵
  PID:3252
- C:\Windows\System\pBSHxaQ.exe
  C:\Windows\System\pBSHxaQ.exe
  2⤵
  PID:3512
- C:\Windows\System\MPuPSrF.exe
  C:\Windows\System\MPuPSrF.exe
  2⤵
  PID:460
- C:\Windows\System\IQWAbjz.exe
  C:\Windows\System\IQWAbjz.exe
  2⤵
  PID:1400
- C:\Windows\System\GjgMVnD.exe
  C:\Windows\System\GjgMVnD.exe
  2⤵
  PID:5168
- C:\Windows\System\MeZwPyi.exe
  C:\Windows\System\MeZwPyi.exe
  2⤵
  PID:5236
- C:\Windows\System\favlhIh.exe
  C:\Windows\System\favlhIh.exe
  2⤵
  PID:3852
- C:\Windows\System\qmHgaHm.exe
  C:\Windows\System\qmHgaHm.exe
  2⤵
  PID:5376
- C:\Windows\System\zNfSKHg.exe
  C:\Windows\System\zNfSKHg.exe
  2⤵
  PID:5456
- C:\Windows\System\yBERqzD.exe
  C:\Windows\System\yBERqzD.exe
  2⤵
  PID:5516
- C:\Windows\System\rcaRbqr.exe
  C:\Windows\System\rcaRbqr.exe
  2⤵
  PID:5576
- C:\Windows\System\sKjYjnV.exe
  C:\Windows\System\sKjYjnV.exe
  2⤵
  PID:5600
- C:\Windows\System\qzhnHVJ.exe
  C:\Windows\System\qzhnHVJ.exe
  2⤵
  PID:5652
- C:\Windows\System\htITOSS.exe
  C:\Windows\System\htITOSS.exe
  2⤵
  PID:5688
- C:\Windows\System\bEFLMed.exe
  C:\Windows\System\bEFLMed.exe
  2⤵
  PID:5736
- C:\Windows\System\CWJViAI.exe
  C:\Windows\System\CWJViAI.exe
  2⤵
  PID:5792
- C:\Windows\System\YvudHAB.exe
  C:\Windows\System\YvudHAB.exe
  2⤵
  PID:5868
- C:\Windows\System\UFbdMuL.exe
  C:\Windows\System\UFbdMuL.exe
  2⤵
  PID:5924
- C:\Windows\System\CWKBtsa.exe
  C:\Windows\System\CWKBtsa.exe
  2⤵
  PID:4856
- C:\Windows\System\WtTadLA.exe
  C:\Windows\System\WtTadLA.exe
  2⤵
  PID:2512
- C:\Windows\System\fdiPJVQ.exe
  C:\Windows\System\fdiPJVQ.exe
  2⤵
  PID:4712
- C:\Windows\System\jamWrEP.exe
  C:\Windows\System\jamWrEP.exe
  2⤵
  PID:2316
- C:\Windows\System\NDIzewo.exe
  C:\Windows\System\NDIzewo.exe
  2⤵
  PID:224
- C:\Windows\System\yYSVGhW.exe
  C:\Windows\System\yYSVGhW.exe
  2⤵
  PID:1388
- C:\Windows\System\QToMLFX.exe
  C:\Windows\System\QToMLFX.exe
  2⤵
  PID:6048
- C:\Windows\System\tUISvyf.exe
  C:\Windows\System\tUISvyf.exe
  2⤵
  PID:6028
- C:\Windows\System\grxAcsE.exe
  C:\Windows\System\grxAcsE.exe
  2⤵
  PID:6112
- C:\Windows\System\axztQqv.exe
  C:\Windows\System\axztQqv.exe
  2⤵
  PID:4320
- C:\Windows\System\bKsHluM.exe
  C:\Windows\System\bKsHluM.exe
  2⤵
  PID:4136
- C:\Windows\System\lcVgCrD.exe
  C:\Windows\System\lcVgCrD.exe
  2⤵
  PID:1728
- C:\Windows\System\Mcqsret.exe
  C:\Windows\System\Mcqsret.exe
  2⤵
  PID:5188
- C:\Windows\System\FTUkyWm.exe
  C:\Windows\System\FTUkyWm.exe
  2⤵
  PID:5404
- C:\Windows\System\KYkdnAA.exe
  C:\Windows\System\KYkdnAA.exe
  2⤵
  PID:372
- C:\Windows\System\DMxNcZo.exe
  C:\Windows\System\DMxNcZo.exe
  2⤵
  PID:5716
- C:\Windows\System\iytUXwS.exe
  C:\Windows\System\iytUXwS.exe
  2⤵
  PID:2528
- C:\Windows\System\MhFpjKE.exe
  C:\Windows\System\MhFpjKE.exe
  2⤵
  PID:3308
- C:\Windows\System\MIRncSK.exe
  C:\Windows\System\MIRncSK.exe
  2⤵
  PID:5880
- C:\Windows\System\mBqEtiM.exe
  C:\Windows\System\mBqEtiM.exe
  2⤵
  PID:4504
- C:\Windows\System\EIBwXkH.exe
  C:\Windows\System\EIBwXkH.exe
  2⤵
  PID:4772
- C:\Windows\System\LpKrgFG.exe
  C:\Windows\System\LpKrgFG.exe
  2⤵
  PID:6020
- C:\Windows\System\IBATqZD.exe
  C:\Windows\System\IBATqZD.exe
  2⤵
  PID:1820
- C:\Windows\System\lvfZnqp.exe
  C:\Windows\System\lvfZnqp.exe
  2⤵
  PID:5436
- C:\Windows\System\dPGuHjh.exe
  C:\Windows\System\dPGuHjh.exe
  2⤵
  PID:1544
- C:\Windows\System\oRfkHoc.exe
  C:\Windows\System\oRfkHoc.exe
  2⤵
  PID:2712
- C:\Windows\System\FVveTvX.exe
  C:\Windows\System\FVveTvX.exe
  2⤵
  PID:5080
- C:\Windows\System\qjnFZuy.exe
  C:\Windows\System\qjnFZuy.exe
  2⤵
  PID:5920
- C:\Windows\System\NWBZpUa.exe
  C:\Windows\System\NWBZpUa.exe
  2⤵
  PID:4792
- C:\Windows\System\hxJtmDy.exe
  C:\Windows\System\hxJtmDy.exe
  2⤵
  PID:3420
- C:\Windows\System\ARClVtc.exe
  C:\Windows\System\ARClVtc.exe
  2⤵
  PID:5804
- C:\Windows\System\rjAkNcN.exe
  C:\Windows\System\rjAkNcN.exe
  2⤵
  PID:6096
- C:\Windows\System\zvBjCvK.exe
  C:\Windows\System\zvBjCvK.exe
  2⤵
  PID:6192
- C:\Windows\System\iqKLXCJ.exe
  C:\Windows\System\iqKLXCJ.exe
  2⤵
  PID:6212
- C:\Windows\System\GQiUuud.exe
  C:\Windows\System\GQiUuud.exe
  2⤵
  PID:6264
- C:\Windows\System\fLNwUfP.exe
  C:\Windows\System\fLNwUfP.exe
  2⤵
  PID:6288
- C:\Windows\System\VrMaFir.exe
  C:\Windows\System\VrMaFir.exe
  2⤵
  PID:6308
- C:\Windows\System\qOCwlhv.exe
  C:\Windows\System\qOCwlhv.exe
  2⤵
  PID:6332
- C:\Windows\System\TdiCbMk.exe
  C:\Windows\System\TdiCbMk.exe
  2⤵
  PID:6368
- C:\Windows\System\QvvqVTg.exe
  C:\Windows\System\QvvqVTg.exe
  2⤵
  PID:6388
- C:\Windows\System\eCxlmmy.exe
  C:\Windows\System\eCxlmmy.exe
  2⤵
  PID:6408
- C:\Windows\System\huyfIZd.exe
  C:\Windows\System\huyfIZd.exe
  2⤵
  PID:6428
- C:\Windows\System\OAwzWDr.exe
  C:\Windows\System\OAwzWDr.exe
  2⤵
  PID:6460
- C:\Windows\System\vUpQCOH.exe
  C:\Windows\System\vUpQCOH.exe
  2⤵
  PID:6484
- C:\Windows\System\YUurPSx.exe
  C:\Windows\System\YUurPSx.exe
  2⤵
  PID:6536
- C:\Windows\System\RPKzwHS.exe
  C:\Windows\System\RPKzwHS.exe
  2⤵
  PID:6552
- C:\Windows\System\pgwayha.exe
  C:\Windows\System\pgwayha.exe
  2⤵
  PID:6576
- C:\Windows\System\iXeuAYg.exe
  C:\Windows\System\iXeuAYg.exe
  2⤵
  PID:6600
- C:\Windows\System\QmJcWKj.exe
  C:\Windows\System\QmJcWKj.exe
  2⤵
  PID:6616
- C:\Windows\System\KZPpJZX.exe
  C:\Windows\System\KZPpJZX.exe
  2⤵
  PID:6636
- C:\Windows\System\uECjJww.exe
  C:\Windows\System\uECjJww.exe
  2⤵
  PID:6672
- C:\Windows\System\tcQIyob.exe
  C:\Windows\System\tcQIyob.exe
  2⤵
  PID:6692
- C:\Windows\System\wIoHgdz.exe
  C:\Windows\System\wIoHgdz.exe
  2⤵
  PID:6728
- C:\Windows\System\utjppbz.exe
  C:\Windows\System\utjppbz.exe
  2⤵
  PID:6752
- C:\Windows\System\MYzRYKw.exe
  C:\Windows\System\MYzRYKw.exe
  2⤵
  PID:6780
- C:\Windows\System\KNmlFCV.exe
  C:\Windows\System\KNmlFCV.exe
  2⤵
  PID:6832
- C:\Windows\System\ErgUbdY.exe
  C:\Windows\System\ErgUbdY.exe
  2⤵
  PID:6888
- C:\Windows\System\qDKNWwv.exe
  C:\Windows\System\qDKNWwv.exe
  2⤵
  PID:6912
- C:\Windows\System\rppmpvC.exe
  C:\Windows\System\rppmpvC.exe
  2⤵
  PID:6940
- C:\Windows\System\lDAppRX.exe
  C:\Windows\System\lDAppRX.exe
  2⤵
  PID:6964
- C:\Windows\System\cKWVVcT.exe
  C:\Windows\System\cKWVVcT.exe
  2⤵
  PID:6980
- C:\Windows\System\kqAPdIP.exe
  C:\Windows\System\kqAPdIP.exe
  2⤵
  PID:7028
- C:\Windows\System\GhlivDs.exe
  C:\Windows\System\GhlivDs.exe
  2⤵
  PID:7052
- C:\Windows\System\NHZMQAx.exe
  C:\Windows\System\NHZMQAx.exe
  2⤵
  PID:7072
- C:\Windows\System\PiuiBBH.exe
  C:\Windows\System\PiuiBBH.exe
  2⤵
  PID:7112
- C:\Windows\System\mgiYfqB.exe
  C:\Windows\System\mgiYfqB.exe
  2⤵
  PID:7136
- C:\Windows\System\bTYybQn.exe
  C:\Windows\System\bTYybQn.exe
  2⤵
  PID:7164
- C:\Windows\System\GqTkCZw.exe
  C:\Windows\System\GqTkCZw.exe
  2⤵
  PID:4036
- C:\Windows\System\CbGvhIG.exe
  C:\Windows\System\CbGvhIG.exe
  2⤵
  PID:6152
- C:\Windows\System\eeHIVLy.exe
  C:\Windows\System\eeHIVLy.exe
  2⤵
  PID:6180
- C:\Windows\System\nIGsiGk.exe
  C:\Windows\System\nIGsiGk.exe
  2⤵
  PID:6252
- C:\Windows\System\klCIDrL.exe
  C:\Windows\System\klCIDrL.exe
  2⤵
  PID:6304
- C:\Windows\System\qIJIEai.exe
  C:\Windows\System\qIJIEai.exe
  2⤵
  PID:6376
- C:\Windows\System\pXfHzER.exe
  C:\Windows\System\pXfHzER.exe
  2⤵
  PID:6404
- C:\Windows\System\rcueQte.exe
  C:\Windows\System\rcueQte.exe
  2⤵
  PID:6420
- C:\Windows\System\kMRIqxy.exe
  C:\Windows\System\kMRIqxy.exe
  2⤵
  PID:6544
- C:\Windows\System\eZpBwIf.exe
  C:\Windows\System\eZpBwIf.exe
  2⤵
  PID:6596
- C:\Windows\System\zXbSIVT.exe
  C:\Windows\System\zXbSIVT.exe
  2⤵
  PID:6632
- C:\Windows\System\VEAGYwW.exe
  C:\Windows\System\VEAGYwW.exe
  2⤵
  PID:6712
- C:\Windows\System\gYkFPaB.exe
  C:\Windows\System\gYkFPaB.exe
  2⤵
  PID:6724
- C:\Windows\System\KdMzJAK.exe
  C:\Windows\System\KdMzJAK.exe
  2⤵
  PID:6844
- C:\Windows\System\nokWArw.exe
  C:\Windows\System\nokWArw.exe
  2⤵
  PID:6936
- C:\Windows\System\RKhMywJ.exe
  C:\Windows\System\RKhMywJ.exe
  2⤵
  PID:7004
- C:\Windows\System\isoNGgd.exe
  C:\Windows\System\isoNGgd.exe
  2⤵
  PID:7044
- C:\Windows\System\sVGospu.exe
  C:\Windows\System\sVGospu.exe
  2⤵
  PID:7152
- C:\Windows\System\OTqujws.exe
  C:\Windows\System\OTqujws.exe
  2⤵
  PID:2212
- C:\Windows\System\PGyeUmr.exe
  C:\Windows\System\PGyeUmr.exe
  2⤵
  PID:1368
- C:\Windows\System\FXTJjTu.exe
  C:\Windows\System\FXTJjTu.exe
  2⤵
  PID:6276
- C:\Windows\System\sQLlJxK.exe
  C:\Windows\System\sQLlJxK.exe
  2⤵
  PID:6400
- C:\Windows\System\GafofSn.exe
  C:\Windows\System\GafofSn.exe
  2⤵
  PID:6476
- C:\Windows\System\ZmaqFNo.exe
  C:\Windows\System\ZmaqFNo.exe
  2⤵
  PID:6652
- C:\Windows\System\OMjBFFd.exe
  C:\Windows\System\OMjBFFd.exe
  2⤵
  PID:7024
- C:\Windows\System\HlYagDb.exe
  C:\Windows\System\HlYagDb.exe
  2⤵
  PID:5968
- C:\Windows\System\otBDrZH.exe
  C:\Windows\System\otBDrZH.exe
  2⤵
  PID:6244
- C:\Windows\System\GQawjYV.exe
  C:\Windows\System\GQawjYV.exe
  2⤵
  PID:6608
- C:\Windows\System\ikuURaT.exe
  C:\Windows\System\ikuURaT.exe
  2⤵
  PID:5324
- C:\Windows\System\wXGHEFJ.exe
  C:\Windows\System\wXGHEFJ.exe
  2⤵
  PID:6588
- C:\Windows\System\QPHeUwW.exe
  C:\Windows\System\QPHeUwW.exe
  2⤵
  PID:7144
- C:\Windows\System\Lnxnezn.exe
  C:\Windows\System\Lnxnezn.exe
  2⤵
  PID:7172
- C:\Windows\System\gEZSCjM.exe
  C:\Windows\System\gEZSCjM.exe
  2⤵
  PID:7208
- C:\Windows\System\qTJfxeB.exe
  C:\Windows\System\qTJfxeB.exe
  2⤵
  PID:7236
- C:\Windows\System\mqXlfQj.exe
  C:\Windows\System\mqXlfQj.exe
  2⤵
  PID:7252
- C:\Windows\System\ALKGBcg.exe
  C:\Windows\System\ALKGBcg.exe
  2⤵
  PID:7276
- C:\Windows\System\EFWXkeD.exe
  C:\Windows\System\EFWXkeD.exe
  2⤵
  PID:7300
- C:\Windows\System\idkBVTz.exe
  C:\Windows\System\idkBVTz.exe
  2⤵
  PID:7320
- C:\Windows\System\JbvfgMk.exe
  C:\Windows\System\JbvfgMk.exe
  2⤵
  PID:7364
- C:\Windows\System\VgCzOGS.exe
  C:\Windows\System\VgCzOGS.exe
  2⤵
  PID:7384
- C:\Windows\System\uUdHolH.exe
  C:\Windows\System\uUdHolH.exe
  2⤵
  PID:7416
- C:\Windows\System\wXvbSuK.exe
  C:\Windows\System\wXvbSuK.exe
  2⤵
  PID:7436
- C:\Windows\System\IEuVMXe.exe
  C:\Windows\System\IEuVMXe.exe
  2⤵
  PID:7480
- C:\Windows\System\dHhmsHO.exe
  C:\Windows\System\dHhmsHO.exe
  2⤵
  PID:7496
- C:\Windows\System\WylUTkW.exe
  C:\Windows\System\WylUTkW.exe
  2⤵
  PID:7520
- C:\Windows\System\UERFxDw.exe
  C:\Windows\System\UERFxDw.exe
  2⤵
  PID:7540
- C:\Windows\System\MKZeVsT.exe
  C:\Windows\System\MKZeVsT.exe
  2⤵
  PID:7572
- C:\Windows\System\BOYAFkl.exe
  C:\Windows\System\BOYAFkl.exe
  2⤵
  PID:7596
- C:\Windows\System\DhRdGNX.exe
  C:\Windows\System\DhRdGNX.exe
  2⤵
  PID:7616
- C:\Windows\System\fPQdpmH.exe
  C:\Windows\System\fPQdpmH.exe
  2⤵
  PID:7660
- C:\Windows\System\ctKKBmV.exe
  C:\Windows\System\ctKKBmV.exe
  2⤵
  PID:7708
- C:\Windows\System\hmwhdmU.exe
  C:\Windows\System\hmwhdmU.exe
  2⤵
  PID:7732
- C:\Windows\System\gGbxrdU.exe
  C:\Windows\System\gGbxrdU.exe
  2⤵
  PID:7776
- C:\Windows\System\NeIvUjw.exe
  C:\Windows\System\NeIvUjw.exe
  2⤵
  PID:7796
- C:\Windows\System\JrCwYiQ.exe
  C:\Windows\System\JrCwYiQ.exe
  2⤵
  PID:7824
- C:\Windows\System\LgrLowU.exe
  C:\Windows\System\LgrLowU.exe
  2⤵
  PID:7844
- C:\Windows\System\pstraBf.exe
  C:\Windows\System\pstraBf.exe
  2⤵
  PID:7868
- C:\Windows\System\zWuerWe.exe
  C:\Windows\System\zWuerWe.exe
  2⤵
  PID:7884
- C:\Windows\System\RmScsNX.exe
  C:\Windows\System\RmScsNX.exe
  2⤵
  PID:7908
- C:\Windows\System\sItEKMC.exe
  C:\Windows\System\sItEKMC.exe
  2⤵
  PID:7964
- C:\Windows\System\jGHpgaM.exe
  C:\Windows\System\jGHpgaM.exe
  2⤵
  PID:7980
- C:\Windows\System\fGkQXrE.exe
  C:\Windows\System\fGkQXrE.exe
  2⤵
  PID:8008
- C:\Windows\System\SzyvUAW.exe
  C:\Windows\System\SzyvUAW.exe
  2⤵
  PID:8052
- C:\Windows\System\RDBbizj.exe
  C:\Windows\System\RDBbizj.exe
  2⤵
  PID:8076
- C:\Windows\System\mheSoEB.exe
  C:\Windows\System\mheSoEB.exe
  2⤵
  PID:8104
- C:\Windows\System\aGPmoQN.exe
  C:\Windows\System\aGPmoQN.exe
  2⤵
  PID:8128
- C:\Windows\System\JQvOYiv.exe
  C:\Windows\System\JQvOYiv.exe
  2⤵
  PID:8164
- C:\Windows\System\jMdNXwM.exe
  C:\Windows\System\jMdNXwM.exe
  2⤵
  PID:7188
- C:\Windows\System\VHzEgwx.exe
  C:\Windows\System\VHzEgwx.exe
  2⤵
  PID:7204
- C:\Windows\System\xhzYuCu.exe
  C:\Windows\System\xhzYuCu.exe
  2⤵
  PID:7288
- C:\Windows\System\kAImUoW.exe
  C:\Windows\System\kAImUoW.exe
  2⤵
  PID:7308
- C:\Windows\System\tUPPUXS.exe
  C:\Windows\System\tUPPUXS.exe
  2⤵
  PID:7432
- C:\Windows\System\QUVNQlI.exe
  C:\Windows\System\QUVNQlI.exe
  2⤵
  PID:7552
- C:\Windows\System\jZjFmZv.exe
  C:\Windows\System\jZjFmZv.exe
  2⤵
  PID:7508
- C:\Windows\System\bFNHJrC.exe
  C:\Windows\System\bFNHJrC.exe
  2⤵
  PID:7584
- C:\Windows\System\AbdIqeo.exe
  C:\Windows\System\AbdIqeo.exe
  2⤵
  PID:2520
- C:\Windows\System\mCblfnM.exe
  C:\Windows\System\mCblfnM.exe
  2⤵
  PID:7704
- C:\Windows\System\KPBjMit.exe
  C:\Windows\System\KPBjMit.exe
  2⤵
  PID:7792
- C:\Windows\System\fnYgTcI.exe
  C:\Windows\System\fnYgTcI.exe
  2⤵
  PID:7860
- C:\Windows\System\pEkhgLt.exe
  C:\Windows\System\pEkhgLt.exe
  2⤵
  PID:7900
- C:\Windows\System\BPfWmnk.exe
  C:\Windows\System\BPfWmnk.exe
  2⤵
  PID:7948
- C:\Windows\System\OfmqECz.exe
  C:\Windows\System\OfmqECz.exe
  2⤵
  PID:8040
- C:\Windows\System\HedYrAa.exe
  C:\Windows\System\HedYrAa.exe
  2⤵
  PID:8096
- C:\Windows\System\iqpOzNa.exe
  C:\Windows\System\iqpOzNa.exe
  2⤵
  PID:8152
- C:\Windows\System\YxtgsQo.exe
  C:\Windows\System\YxtgsQo.exe
  2⤵
  PID:7260
- C:\Windows\System\nhdBidh.exe
  C:\Windows\System\nhdBidh.exe
  2⤵
  PID:7340
- C:\Windows\System\JyHRFFO.exe
  C:\Windows\System\JyHRFFO.exe
  2⤵
  PID:7504
- C:\Windows\System\oDsJMKz.exe
  C:\Windows\System\oDsJMKz.exe
  2⤵
  PID:7672
- C:\Windows\System\nRZWLmO.exe
  C:\Windows\System\nRZWLmO.exe
  2⤵
  PID:7808
- C:\Windows\System\QFFCArl.exe
  C:\Windows\System\QFFCArl.exe
  2⤵
  PID:7936
- C:\Windows\System\SKFaRji.exe
  C:\Windows\System\SKFaRji.exe
  2⤵
  PID:8036
- C:\Windows\System\JCKErOI.exe
  C:\Windows\System\JCKErOI.exe
  2⤵
  PID:7492
- C:\Windows\System\PiHXtwL.exe
  C:\Windows\System\PiHXtwL.exe
  2⤵
  PID:8024
- C:\Windows\System\NeMbjMc.exe
  C:\Windows\System\NeMbjMc.exe
  2⤵
  PID:8236
- C:\Windows\System\pIWxfBO.exe
  C:\Windows\System\pIWxfBO.exe
  2⤵
  PID:8252
- C:\Windows\System\aXgICvN.exe
  C:\Windows\System\aXgICvN.exe
  2⤵
  PID:8268
- C:\Windows\System\WBWoaEQ.exe
  C:\Windows\System\WBWoaEQ.exe
  2⤵
  PID:8284
- C:\Windows\System\goGnQeR.exe
  C:\Windows\System\goGnQeR.exe
  2⤵
  PID:8304
- C:\Windows\System\PUDcWOF.exe
  C:\Windows\System\PUDcWOF.exe
  2⤵
  PID:8384
- C:\Windows\System\CpgXdBk.exe
  C:\Windows\System\CpgXdBk.exe
  2⤵
  PID:8404
- C:\Windows\System\bIYWuxL.exe
  C:\Windows\System\bIYWuxL.exe
  2⤵
  PID:8420
- C:\Windows\System\PbRSqpv.exe
  C:\Windows\System\PbRSqpv.exe
  2⤵
  PID:8436
- C:\Windows\System\MgVIGMj.exe
  C:\Windows\System\MgVIGMj.exe
  2⤵
  PID:8452
- C:\Windows\System\CSfZyti.exe
  C:\Windows\System\CSfZyti.exe
  2⤵
  PID:8468
- C:\Windows\System\qkWKfFL.exe
  C:\Windows\System\qkWKfFL.exe
  2⤵
  PID:8488
- C:\Windows\System\hPKKOdg.exe
  C:\Windows\System\hPKKOdg.exe
  2⤵
  PID:8536
- C:\Windows\System\JXmxPjj.exe
  C:\Windows\System\JXmxPjj.exe
  2⤵
  PID:8624
- C:\Windows\System\QLvqPZy.exe
  C:\Windows\System\QLvqPZy.exe
  2⤵
  PID:8644
- C:\Windows\System\gTDUKpl.exe
  C:\Windows\System\gTDUKpl.exe
  2⤵
  PID:8660
- C:\Windows\System\jmSAOJQ.exe
  C:\Windows\System\jmSAOJQ.exe
  2⤵
  PID:8684
- C:\Windows\System\WrPwbkW.exe
  C:\Windows\System\WrPwbkW.exe
  2⤵
  PID:8708
- C:\Windows\System\qRsYScI.exe
  C:\Windows\System\qRsYScI.exe
  2⤵
  PID:8748
- C:\Windows\System\ViafZaq.exe
  C:\Windows\System\ViafZaq.exe
  2⤵
  PID:8784
- C:\Windows\System\pxbAtnI.exe
  C:\Windows\System\pxbAtnI.exe
  2⤵
  PID:8816
- C:\Windows\System\AvdVRVg.exe
  C:\Windows\System\AvdVRVg.exe
  2⤵
  PID:8868
- C:\Windows\System\CMlxPfm.exe
  C:\Windows\System\CMlxPfm.exe
  2⤵
  PID:8884
- C:\Windows\System\PVvziYp.exe
  C:\Windows\System\PVvziYp.exe
  2⤵
  PID:8940
- C:\Windows\System\icIzsSW.exe
  C:\Windows\System\icIzsSW.exe
  2⤵
  PID:8968
- C:\Windows\System\LGHLLmp.exe
  C:\Windows\System\LGHLLmp.exe
  2⤵
  PID:8988
- C:\Windows\System\FkVYqGI.exe
  C:\Windows\System\FkVYqGI.exe
  2⤵
  PID:9012
- C:\Windows\System\SgIudKK.exe
  C:\Windows\System\SgIudKK.exe
  2⤵
  PID:9036
- C:\Windows\System\dXmJonD.exe
  C:\Windows\System\dXmJonD.exe
  2⤵
  PID:9056
- C:\Windows\System\rpkqwsk.exe
  C:\Windows\System\rpkqwsk.exe
  2⤵
  PID:9104
- C:\Windows\System\LqKCQmD.exe
  C:\Windows\System\LqKCQmD.exe
  2⤵
  PID:9136
- C:\Windows\System\vAYZMrc.exe
  C:\Windows\System\vAYZMrc.exe
  2⤵
  PID:9156
- C:\Windows\System\AVGSkHc.exe
  C:\Windows\System\AVGSkHc.exe
  2⤵
  PID:9176
- C:\Windows\System\GKPWOvm.exe
  C:\Windows\System\GKPWOvm.exe
  2⤵
  PID:9204
- C:\Windows\System\dwGEYpE.exe
  C:\Windows\System\dwGEYpE.exe
  2⤵
  PID:7564
- C:\Windows\System\eAStbgJ.exe
  C:\Windows\System\eAStbgJ.exe
  2⤵
  PID:8196
- C:\Windows\System\whnnnMd.exe
  C:\Windows\System\whnnnMd.exe
  2⤵
  PID:8328
- C:\Windows\System\pVOLjgm.exe
  C:\Windows\System\pVOLjgm.exe
  2⤵
  PID:1484
- C:\Windows\System\akFyyAo.exe
  C:\Windows\System\akFyyAo.exe
  2⤵
  PID:8396
- C:\Windows\System\tITyQNA.exe
  C:\Windows\System\tITyQNA.exe
  2⤵
  PID:2232
- C:\Windows\System\VROyeXW.exe
  C:\Windows\System\VROyeXW.exe
  2⤵
  PID:8344
- C:\Windows\System\vYGFztG.exe
  C:\Windows\System\vYGFztG.exe
  2⤵
  PID:8484
- C:\Windows\System\JxMbLaS.exe
  C:\Windows\System\JxMbLaS.exe
  2⤵
  PID:8376
- C:\Windows\System\Usnawux.exe
  C:\Windows\System\Usnawux.exe
  2⤵
  PID:8520
- C:\Windows\System\SZMbjiT.exe
  C:\Windows\System\SZMbjiT.exe
  2⤵
  PID:8588
- C:\Windows\System\JpqrTwp.exe
  C:\Windows\System\JpqrTwp.exe
  2⤵
  PID:8724
- C:\Windows\System\QSUaHxZ.exe
  C:\Windows\System\QSUaHxZ.exe
  2⤵
  PID:8656
- C:\Windows\System\HaUKizb.exe
  C:\Windows\System\HaUKizb.exe
  2⤵
  PID:8828
- C:\Windows\System\pdLrPVX.exe
  C:\Windows\System\pdLrPVX.exe
  2⤵
  PID:8880
- C:\Windows\System\XBqLIAW.exe
  C:\Windows\System\XBqLIAW.exe
  2⤵
  PID:8960
- C:\Windows\System\jRWgrNr.exe
  C:\Windows\System\jRWgrNr.exe
  2⤵
  PID:9000
- C:\Windows\System\liLAAzn.exe
  C:\Windows\System\liLAAzn.exe
  2⤵
  PID:9096
- C:\Windows\System\fwwjcnQ.exe
  C:\Windows\System\fwwjcnQ.exe
  2⤵
  PID:9148
- C:\Windows\System\XLvIDXW.exe
  C:\Windows\System\XLvIDXW.exe
  2⤵
  PID:9212
- C:\Windows\System\pytnNZk.exe
  C:\Windows\System\pytnNZk.exe
  2⤵
  PID:8248
- C:\Windows\System\xJTVVtX.exe
  C:\Windows\System\xJTVVtX.exe
  2⤵
  PID:8224
- C:\Windows\System\OxQtBXU.exe
  C:\Windows\System\OxQtBXU.exe
  2⤵
  PID:796
- C:\Windows\System\PtpqymI.exe
  C:\Windows\System\PtpqymI.exe
  2⤵
  PID:8340
- C:\Windows\System\xXVfnvf.exe
  C:\Windows\System\xXVfnvf.exe
  2⤵
  PID:8812
- C:\Windows\System\HGUcTlP.exe
  C:\Windows\System\HGUcTlP.exe
  2⤵
  PID:8952
- C:\Windows\System\OkCZPac.exe
  C:\Windows\System\OkCZPac.exe
  2⤵
  PID:9192
- C:\Windows\System\eezIiFZ.exe
  C:\Windows\System\eezIiFZ.exe
  2⤵
  PID:8204
- C:\Windows\System\jkcVVJb.exe
  C:\Windows\System\jkcVVJb.exe
  2⤵
  PID:8216
- C:\Windows\System\basoCJc.exe
  C:\Windows\System\basoCJc.exe
  2⤵
  PID:8444
- C:\Windows\System\CFnnxwW.exe
  C:\Windows\System\CFnnxwW.exe
  2⤵
  PID:8904
- C:\Windows\System\UkVkFeN.exe
  C:\Windows\System\UkVkFeN.exe
  2⤵
  PID:8244
- C:\Windows\System\rxSXLLB.exe
  C:\Windows\System\rxSXLLB.exe
  2⤵
  PID:4440
- C:\Windows\System\ICJIZrQ.exe
  C:\Windows\System\ICJIZrQ.exe
  2⤵
  PID:8364
- C:\Windows\System\VCtWzCi.exe
  C:\Windows\System\VCtWzCi.exe
  2⤵
  PID:8292
- C:\Windows\System\HPGelYo.exe
  C:\Windows\System\HPGelYo.exe
  2⤵
  PID:9240
- C:\Windows\System\HLGhHUv.exe
  C:\Windows\System\HLGhHUv.exe
  2⤵
  PID:9272
- C:\Windows\System\LpKMZHk.exe
  C:\Windows\System\LpKMZHk.exe
  2⤵
  PID:9292
- C:\Windows\System\JxyvRhi.exe
  C:\Windows\System\JxyvRhi.exe
  2⤵
  PID:9324
- C:\Windows\System\bBMhGzp.exe
  C:\Windows\System\bBMhGzp.exe
  2⤵
  PID:9352
- C:\Windows\System\dWPfVbv.exe
  C:\Windows\System\dWPfVbv.exe
  2⤵
  PID:9384
- C:\Windows\System\FMolZbK.exe
  C:\Windows\System\FMolZbK.exe
  2⤵
  PID:9404
- C:\Windows\System\pAxLNwY.exe
  C:\Windows\System\pAxLNwY.exe
  2⤵
  PID:9432
- C:\Windows\System\QooQbLZ.exe
  C:\Windows\System\QooQbLZ.exe
  2⤵
  PID:9452
- C:\Windows\System\shteJuE.exe
  C:\Windows\System\shteJuE.exe
  2⤵
  PID:9476
- C:\Windows\System\ohAfalF.exe
  C:\Windows\System\ohAfalF.exe
  2⤵
  PID:9508
- C:\Windows\System\HEcWtlQ.exe
  C:\Windows\System\HEcWtlQ.exe
  2⤵
  PID:9528
- C:\Windows\System\gXbjbqw.exe
  C:\Windows\System\gXbjbqw.exe
  2⤵
  PID:9556
- C:\Windows\System\UzYiSsk.exe
  C:\Windows\System\UzYiSsk.exe
  2⤵
  PID:9576
- C:\Windows\System\zfdWyWc.exe
  C:\Windows\System\zfdWyWc.exe
  2⤵
  PID:9608
- C:\Windows\System\wcWXNgb.exe
  C:\Windows\System\wcWXNgb.exe
  2⤵
  PID:9624
- C:\Windows\System\GmiCtwY.exe
  C:\Windows\System\GmiCtwY.exe
  2⤵
  PID:9640
- C:\Windows\System\jCcigvA.exe
  C:\Windows\System\jCcigvA.exe
  2⤵
  PID:9668
- C:\Windows\System\CheLUOW.exe
  C:\Windows\System\CheLUOW.exe
  2⤵
  PID:9688
- C:\Windows\System\zyCApCd.exe
  C:\Windows\System\zyCApCd.exe
  2⤵
  PID:9708
- C:\Windows\System\xGletYx.exe
  C:\Windows\System\xGletYx.exe
  2⤵
  PID:9732
- C:\Windows\System\YaimBHY.exe
  C:\Windows\System\YaimBHY.exe
  2⤵
  PID:9752
- C:\Windows\System\zJTiSCh.exe
  C:\Windows\System\zJTiSCh.exe
  2⤵
  PID:9772
- C:\Windows\System\ouUjejk.exe
  C:\Windows\System\ouUjejk.exe
  2⤵
  PID:9792
- C:\Windows\System\ohYcQoq.exe
  C:\Windows\System\ohYcQoq.exe
  2⤵
  PID:9872
- C:\Windows\System\ZcoEXuk.exe
  C:\Windows\System\ZcoEXuk.exe
  2⤵
  PID:9912
- C:\Windows\System\mqwIFwO.exe
  C:\Windows\System\mqwIFwO.exe
  2⤵
  PID:9932
- C:\Windows\System\hXBVjQU.exe
  C:\Windows\System\hXBVjQU.exe
  2⤵
  PID:9972
- C:\Windows\System\yYlunjY.exe
  C:\Windows\System\yYlunjY.exe
  2⤵
  PID:9996
- C:\Windows\System\QutvfXn.exe
  C:\Windows\System\QutvfXn.exe
  2⤵
  PID:10024
- C:\Windows\System\mXbdxCs.exe
  C:\Windows\System\mXbdxCs.exe
  2⤵
  PID:10044
- C:\Windows\System\oPGPbPr.exe
  C:\Windows\System\oPGPbPr.exe
  2⤵
  PID:10068
- C:\Windows\System\QvViudt.exe
  C:\Windows\System\QvViudt.exe
  2⤵
  PID:10120
- C:\Windows\System\RXukzaG.exe
  C:\Windows\System\RXukzaG.exe
  2⤵
  PID:10152
- C:\Windows\System\uJioxZE.exe
  C:\Windows\System\uJioxZE.exe
  2⤵
  PID:10172
- C:\Windows\System\UBmXBSh.exe
  C:\Windows\System\UBmXBSh.exe
  2⤵
  PID:10192
- C:\Windows\System\vdOpEgG.exe
  C:\Windows\System\vdOpEgG.exe
  2⤵
  PID:10220
- C:\Windows\System\HnoRTYk.exe
  C:\Windows\System\HnoRTYk.exe
  2⤵
  PID:9252
- C:\Windows\System\znOIXEx.exe
  C:\Windows\System\znOIXEx.exe
  2⤵
  PID:9336
- C:\Windows\System\TIAnVrt.exe
  C:\Windows\System\TIAnVrt.exe
  2⤵
  PID:9400
- C:\Windows\System\uPiVYWO.exe
  C:\Windows\System\uPiVYWO.exe
  2⤵
  PID:9448
- C:\Windows\System\UBXRqSK.exe
  C:\Windows\System\UBXRqSK.exe
  2⤵
  PID:9492
- C:\Windows\System\CjFHeHI.exe
  C:\Windows\System\CjFHeHI.exe
  2⤵
  PID:9564
- C:\Windows\System\dXVNfio.exe
  C:\Windows\System\dXVNfio.exe
  2⤵
  PID:9656
- C:\Windows\System\sXkibxM.exe
  C:\Windows\System\sXkibxM.exe
  2⤵
  PID:9724
- C:\Windows\System\CzTdtOd.exe
  C:\Windows\System\CzTdtOd.exe
  2⤵
  PID:9844
- C:\Windows\System\hoUbAix.exe
  C:\Windows\System\hoUbAix.exe
  2⤵
  PID:9748
- C:\Windows\System\ZmCXgzv.exe
  C:\Windows\System\ZmCXgzv.exe
  2⤵
  PID:9784
- C:\Windows\System\wZsfrlP.exe
  C:\Windows\System\wZsfrlP.exe
  2⤵
  PID:10004
- C:\Windows\System\AZHEVPe.exe
  C:\Windows\System\AZHEVPe.exe
  2⤵
  PID:10036
- C:\Windows\System\wWkVhdH.exe
  C:\Windows\System\wWkVhdH.exe
  2⤵
  PID:10080
- C:\Windows\System\xNEWFSF.exe
  C:\Windows\System\xNEWFSF.exe
  2⤵
  PID:10188
- C:\Windows\System\NcgwlgO.exe
  C:\Windows\System\NcgwlgO.exe
  2⤵
  PID:9268
- C:\Windows\System\HsevakE.exe
  C:\Windows\System\HsevakE.exe
  2⤵
  PID:9444
- C:\Windows\System\cOECZdT.exe
  C:\Windows\System\cOECZdT.exe
  2⤵
  PID:9600
- C:\Windows\System\LfGSLsU.exe
  C:\Windows\System\LfGSLsU.exe
  2⤵
  PID:9788
- C:\Windows\System\rTdJYWS.exe
  C:\Windows\System\rTdJYWS.exe
  2⤵
  PID:9768
- C:\Windows\System\mhDCJZl.exe
  C:\Windows\System\mhDCJZl.exe
  2⤵
  PID:10032
- C:\Windows\System\UYHMqWS.exe
  C:\Windows\System\UYHMqWS.exe
  2⤵
  PID:10168
- C:\Windows\System\vXzlhKu.exe
  C:\Windows\System\vXzlhKu.exe
  2⤵
  PID:9428
- C:\Windows\System\qwGRxSD.exe
  C:\Windows\System\qwGRxSD.exe
  2⤵
  PID:9684
- C:\Windows\System\LMXucvi.exe
  C:\Windows\System\LMXucvi.exe
  2⤵
  PID:9744
- C:\Windows\System\mmQYSAi.exe
  C:\Windows\System\mmQYSAi.exe
  2⤵
  PID:9460
- C:\Windows\System\kPsnvlo.exe
  C:\Windows\System\kPsnvlo.exe
  2⤵
  PID:10244
- C:\Windows\System\JQUqYJd.exe
  C:\Windows\System\JQUqYJd.exe
  2⤵
  PID:10268
- C:\Windows\System\owafrFp.exe
  C:\Windows\System\owafrFp.exe
  2⤵
  PID:10284
- C:\Windows\System\GkDVUpu.exe
  C:\Windows\System\GkDVUpu.exe
  2⤵
  PID:10304
- C:\Windows\System\mTdFevh.exe
  C:\Windows\System\mTdFevh.exe
  2⤵
  PID:10348
- C:\Windows\System\fVYHgvy.exe
  C:\Windows\System\fVYHgvy.exe
  2⤵
  PID:10392
- C:\Windows\System\bsmndoh.exe
  C:\Windows\System\bsmndoh.exe
  2⤵
  PID:10420
- C:\Windows\System\BXEicyz.exe
  C:\Windows\System\BXEicyz.exe
  2⤵
  PID:10448
- C:\Windows\System\zorHJmA.exe
  C:\Windows\System\zorHJmA.exe
  2⤵
  PID:10476
- C:\Windows\System\hqCmDaU.exe
  C:\Windows\System\hqCmDaU.exe
  2⤵
  PID:10504
- C:\Windows\System\TserNjC.exe
  C:\Windows\System\TserNjC.exe
  2⤵
  PID:10524
- C:\Windows\System\GRkVVJP.exe
  C:\Windows\System\GRkVVJP.exe
  2⤵
  PID:10552
- C:\Windows\System\LKbefHy.exe
  C:\Windows\System\LKbefHy.exe
  2⤵
  PID:10580
- C:\Windows\System\ezwvZSt.exe
  C:\Windows\System\ezwvZSt.exe
  2⤵
  PID:10600
- C:\Windows\System\hKXXPAl.exe
  C:\Windows\System\hKXXPAl.exe
  2⤵
  PID:10628
- C:\Windows\System\NrZpVvt.exe
  C:\Windows\System\NrZpVvt.exe
  2⤵
  PID:10664
- C:\Windows\System\qFDQqoC.exe
  C:\Windows\System\qFDQqoC.exe
  2⤵
  PID:10692
- C:\Windows\System\fUPeFWS.exe
  C:\Windows\System\fUPeFWS.exe
  2⤵
  PID:10716
- C:\Windows\System\FDMETTp.exe
  C:\Windows\System\FDMETTp.exe
  2⤵
  PID:10760
- C:\Windows\System\ezBzTsh.exe
  C:\Windows\System\ezBzTsh.exe
  2⤵
  PID:10780
- C:\Windows\System\QYgdtcG.exe
  C:\Windows\System\QYgdtcG.exe
  2⤵
  PID:10812
- C:\Windows\System\opZrJXT.exe
  C:\Windows\System\opZrJXT.exe
  2⤵
  PID:10832
- C:\Windows\System\KCCgAUN.exe
  C:\Windows\System\KCCgAUN.exe
  2⤵
  PID:10856
- C:\Windows\System\AxErBDW.exe
  C:\Windows\System\AxErBDW.exe
  2⤵
  PID:10900
- C:\Windows\System\yHmTPgr.exe
  C:\Windows\System\yHmTPgr.exe
  2⤵
  PID:10932
- C:\Windows\System\bLvEIHG.exe
  C:\Windows\System\bLvEIHG.exe
  2⤵
  PID:10960
- C:\Windows\System\EZQMYrD.exe
  C:\Windows\System\EZQMYrD.exe
  2⤵
  PID:10980
- C:\Windows\System\DPDxWtd.exe
  C:\Windows\System\DPDxWtd.exe
  2⤵
  PID:11000
- C:\Windows\System\WeulTfe.exe
  C:\Windows\System\WeulTfe.exe
  2⤵
  PID:11020
- C:\Windows\System\KWADGSq.exe
  C:\Windows\System\KWADGSq.exe
  2⤵
  PID:11048
- C:\Windows\System\QnokxwK.exe
  C:\Windows\System\QnokxwK.exe
  2⤵
  PID:11068
- C:\Windows\System\ydhRMti.exe
  C:\Windows\System\ydhRMti.exe
  2⤵
  PID:11104
- C:\Windows\System\qeEiOKR.exe
  C:\Windows\System\qeEiOKR.exe
  2⤵
  PID:11128
- C:\Windows\System\tuaoFvC.exe
  C:\Windows\System\tuaoFvC.exe
  2⤵
  PID:11152
- C:\Windows\System\BSofDpQ.exe
  C:\Windows\System\BSofDpQ.exe
  2⤵
  PID:11184
- C:\Windows\System\KJwDqFF.exe
  C:\Windows\System\KJwDqFF.exe
  2⤵
  PID:11208
- C:\Windows\System\TYLyVnn.exe
  C:\Windows\System\TYLyVnn.exe
  2⤵
  PID:11236
- C:\Windows\System\GhHhLVU.exe
  C:\Windows\System\GhHhLVU.exe
  2⤵
  PID:10280
- C:\Windows\System\QzmWrNe.exe
  C:\Windows\System\QzmWrNe.exe
  2⤵
  PID:10324
- C:\Windows\System\bCunwZQ.exe
  C:\Windows\System\bCunwZQ.exe
  2⤵
  PID:10408
- C:\Windows\System\SIUOjnY.exe
  C:\Windows\System\SIUOjnY.exe
  2⤵
  PID:10464
- C:\Windows\System\sCZievP.exe
  C:\Windows\System\sCZievP.exe
  2⤵
  PID:10516
- C:\Windows\System\TrQNXlB.exe
  C:\Windows\System\TrQNXlB.exe
  2⤵
  PID:10568
- C:\Windows\System\AWRuNeG.exe
  C:\Windows\System\AWRuNeG.exe
  2⤵
  PID:10624
- C:\Windows\System\dINWlgQ.exe
  C:\Windows\System\dINWlgQ.exe
  2⤵
  PID:10672
- C:\Windows\System\MJQKQjA.exe
  C:\Windows\System\MJQKQjA.exe
  2⤵
  PID:10712
- C:\Windows\System\szsOwIR.exe
  C:\Windows\System\szsOwIR.exe
  2⤵
  PID:10796
- C:\Windows\System\KfCzCNu.exe
  C:\Windows\System\KfCzCNu.exe
  2⤵
  PID:10880
- C:\Windows\System\qBvdZTP.exe
  C:\Windows\System\qBvdZTP.exe
  2⤵
  PID:10896
- C:\Windows\System\rtQMfrB.exe
  C:\Windows\System\rtQMfrB.exe
  2⤵
  PID:11044
- C:\Windows\System\csRSvDW.exe
  C:\Windows\System\csRSvDW.exe
  2⤵
  PID:11092
- C:\Windows\System\OpoAekA.exe
  C:\Windows\System\OpoAekA.exe
  2⤵
  PID:11136
- C:\Windows\System\VMygsDq.exe
  C:\Windows\System\VMygsDq.exe
  2⤵
  PID:11228
- C:\Windows\System\wzgzFAm.exe
  C:\Windows\System\wzgzFAm.exe
  2⤵
  PID:10296
- C:\Windows\System\ECZaJhy.exe
  C:\Windows\System\ECZaJhy.exe
  2⤵
  PID:10436
- C:\Windows\System\ddiNFjS.exe
  C:\Windows\System\ddiNFjS.exe
  2⤵
  PID:10544
- C:\Windows\System\NRKCveZ.exe
  C:\Windows\System\NRKCveZ.exe
  2⤵
  PID:10708
- C:\Windows\System\zlKtGrk.exe
  C:\Windows\System\zlKtGrk.exe
  2⤵
  PID:10824
- C:\Windows\System\BHzjcfG.exe
  C:\Windows\System\BHzjcfG.exe
  2⤵
  PID:11040
- C:\Windows\System\kbqLDOV.exe
  C:\Windows\System\kbqLDOV.exe
  2⤵
  PID:9700
- C:\Windows\System\cWMGfaK.exe
  C:\Windows\System\cWMGfaK.exe
  2⤵
  PID:10276
- C:\Windows\System\wssmCfB.exe
  C:\Windows\System\wssmCfB.exe
  2⤵
  PID:10520
- C:\Windows\System\oRzngGE.exe
  C:\Windows\System\oRzngGE.exe
  2⤵
  PID:4596
- C:\Windows\System\IChkgCk.exe
  C:\Windows\System\IChkgCk.exe
  2⤵
  PID:11284
- C:\Windows\System\iBivuAL.exe
  C:\Windows\System\iBivuAL.exe
  2⤵
  PID:11300
- C:\Windows\System\pmtGHKG.exe
  C:\Windows\System\pmtGHKG.exe
  2⤵
  PID:11332
- C:\Windows\System\ihjuiXK.exe
  C:\Windows\System\ihjuiXK.exe
  2⤵
  PID:11404
- C:\Windows\System\rsuYnDy.exe
  C:\Windows\System\rsuYnDy.exe
  2⤵
  PID:11444
- C:\Windows\System\PossVei.exe
  C:\Windows\System\PossVei.exe
  2⤵
  PID:11460
- C:\Windows\System\SAaudIO.exe
  C:\Windows\System\SAaudIO.exe
  2⤵
  PID:11484
- C:\Windows\System\OnQhBik.exe
  C:\Windows\System\OnQhBik.exe
  2⤵
  PID:11512
- C:\Windows\System\lBUHOIA.exe
  C:\Windows\System\lBUHOIA.exe
  2⤵
  PID:11532
- C:\Windows\System\QogBJEe.exe
  C:\Windows\System\QogBJEe.exe
  2⤵
  PID:11556
- C:\Windows\System\dGLWvRk.exe
  C:\Windows\System\dGLWvRk.exe
  2⤵
  PID:11576
- C:\Windows\System\bmbtLzD.exe
  C:\Windows\System\bmbtLzD.exe
  2⤵
  PID:11608
- C:\Windows\System\DDUlpEV.exe
  C:\Windows\System\DDUlpEV.exe
  2⤵
  PID:11632
- C:\Windows\System\YzUKimk.exe
  C:\Windows\System\YzUKimk.exe
  2⤵
  PID:11652
- C:\Windows\System\paCPtEZ.exe
  C:\Windows\System\paCPtEZ.exe
  2⤵
  PID:11692
- C:\Windows\System\UGVKIzk.exe
  C:\Windows\System\UGVKIzk.exe
  2⤵
  PID:11720
- C:\Windows\System\HPhFHNW.exe
  C:\Windows\System\HPhFHNW.exe
  2⤵
  PID:11748
- C:\Windows\System\aDojiDq.exe
  C:\Windows\System\aDojiDq.exe
  2⤵
  PID:11768
- C:\Windows\System\JXHZFAs.exe
  C:\Windows\System\JXHZFAs.exe
  2⤵
  PID:11796
- C:\Windows\System\CIZSYux.exe
  C:\Windows\System\CIZSYux.exe
  2⤵
  PID:11812
- C:\Windows\System\UPekWKx.exe
  C:\Windows\System\UPekWKx.exe
  2⤵
  PID:11840
- C:\Windows\System\GRMDnge.exe
  C:\Windows\System\GRMDnge.exe
  2⤵
  PID:11880
- C:\Windows\System\GIdgvsZ.exe
  C:\Windows\System\GIdgvsZ.exe
  2⤵
  PID:11928
- C:\Windows\System\ycVYbAU.exe
  C:\Windows\System\ycVYbAU.exe
  2⤵
  PID:11944
- C:\Windows\System\JIKsaJj.exe
  C:\Windows\System\JIKsaJj.exe
  2⤵
  PID:11972
- C:\Windows\System\mJynRbP.exe
  C:\Windows\System\mJynRbP.exe
  2⤵
  PID:12024
- C:\Windows\System\cCOjouq.exe
  C:\Windows\System\cCOjouq.exe
  2⤵
  PID:12044
- C:\Windows\System\rKkEYia.exe
  C:\Windows\System\rKkEYia.exe
  2⤵
  PID:12068
- C:\Windows\System\ZxBhqRw.exe
  C:\Windows\System\ZxBhqRw.exe
  2⤵
  PID:12088
- C:\Windows\System\rbAVaMf.exe
  C:\Windows\System\rbAVaMf.exe
  2⤵
  PID:12116
- C:\Windows\System\jPtYPlv.exe
  C:\Windows\System\jPtYPlv.exe
  2⤵
  PID:12144
- C:\Windows\System\jIitkBK.exe
  C:\Windows\System\jIitkBK.exe
  2⤵
  PID:12176
- C:\Windows\System\abcOuao.exe
  C:\Windows\System\abcOuao.exe
  2⤵
  PID:12212
- C:\Windows\System\WjJzCtR.exe
  C:\Windows\System\WjJzCtR.exe
  2⤵
  PID:12244
- C:\Windows\System\MITUwLI.exe
  C:\Windows\System\MITUwLI.exe
  2⤵
  PID:12272
- C:\Windows\System\gxnOgid.exe
  C:\Windows\System\gxnOgid.exe
  2⤵
  PID:11080
- C:\Windows\System\ISJmjAf.exe
  C:\Windows\System\ISJmjAf.exe
  2⤵
  PID:10384
- C:\Windows\System\DPJlTho.exe
  C:\Windows\System\DPJlTho.exe
  2⤵
  PID:10892
- C:\Windows\System\qUFuRXO.exe
  C:\Windows\System\qUFuRXO.exe
  2⤵
  PID:11360
- C:\Windows\System\eFMizyi.exe
  C:\Windows\System\eFMizyi.exe
  2⤵
  PID:11440
- C:\Windows\System\fsLOjzD.exe
  C:\Windows\System\fsLOjzD.exe
  2⤵
  PID:11420
- C:\Windows\System\UpyEQXw.exe
  C:\Windows\System\UpyEQXw.exe
  2⤵
  PID:11480
- C:\Windows\System\FirOMvW.exe
  C:\Windows\System\FirOMvW.exe
  2⤵
  PID:11544
- C:\Windows\System\vByJqpP.exe
  C:\Windows\System\vByJqpP.exe
  2⤵
  PID:11624
- C:\Windows\System\DTkfRuJ.exe
  C:\Windows\System\DTkfRuJ.exe
  2⤵
  PID:11672
- C:\Windows\System\GhGlekT.exe
  C:\Windows\System\GhGlekT.exe
  2⤵
  PID:11732
- C:\Windows\System\wuEWEjs.exe
  C:\Windows\System\wuEWEjs.exe
  2⤵
  PID:11764
- C:\Windows\System\AALdrBi.exe
  C:\Windows\System\AALdrBi.exe
  2⤵
  PID:11784
- C:\Windows\System\GsSjDDa.exe
  C:\Windows\System\GsSjDDa.exe
  2⤵
  PID:11836
- C:\Windows\System\JegqOaU.exe
  C:\Windows\System\JegqOaU.exe
  2⤵
  PID:11912
- C:\Windows\System\BPEMvFE.exe
  C:\Windows\System\BPEMvFE.exe
  2⤵
  PID:12000
- C:\Windows\System\UXdMbUO.exe
  C:\Windows\System\UXdMbUO.exe
  2⤵
  PID:12052
- C:\Windows\System\ZxXpvQi.exe
  C:\Windows\System\ZxXpvQi.exe
  2⤵
  PID:12184
- C:\Windows\System\oHIWtuO.exe
  C:\Windows\System\oHIWtuO.exe
  2⤵
  PID:12252
- C:\Windows\System\bCFCYGl.exe
  C:\Windows\System\bCFCYGl.exe
  2⤵
  PID:10996
- C:\Windows\System\XHMPQxN.exe
  C:\Windows\System\XHMPQxN.exe
  2⤵
  PID:11268
- C:\Windows\System\WZYgkil.exe
  C:\Windows\System\WZYgkil.exe
  2⤵
  PID:11344
- C:\Windows\System\KsIZjIH.exe
  C:\Windows\System\KsIZjIH.exe
  2⤵
  PID:11504
- C:\Windows\System\iBKTIrj.exe
  C:\Windows\System\iBKTIrj.exe
  2⤵
  PID:11688
- C:\Windows\System\zHcWwfy.exe
  C:\Windows\System\zHcWwfy.exe
  2⤵
  PID:3040
- C:\Windows\System\uUcYYKF.exe
  C:\Windows\System\uUcYYKF.exe
  2⤵
  PID:11904
- C:\Windows\System\BHOVDAB.exe
  C:\Windows\System\BHOVDAB.exe
  2⤵
  PID:12020
- C:\Windows\System\XzLDetl.exe
  C:\Windows\System\XzLDetl.exe
  2⤵
  PID:12204
- C:\Windows\System\MIzCxpH.exe
  C:\Windows\System\MIzCxpH.exe
  2⤵
  PID:11356
- C:\Windows\System\vSnKFGl.exe
  C:\Windows\System\vSnKFGl.exe
  2⤵
  PID:11940
- C:\Windows\System\dAHCiuT.exe
  C:\Windows\System\dAHCiuT.exe
  2⤵
  PID:5060
- C:\Windows\System\jSpHKTg.exe
  C:\Windows\System\jSpHKTg.exe
  2⤵
  PID:2996
- C:\Windows\System\oWdCaij.exe
  C:\Windows\System\oWdCaij.exe
  2⤵
  PID:11832
- C:\Windows\System\yuBuKIr.exe
  C:\Windows\System\yuBuKIr.exe
  2⤵
  PID:12292
- C:\Windows\System\NNlrTzf.exe
  C:\Windows\System\NNlrTzf.exe
  2⤵
  PID:12312
- C:\Windows\System\yUQqjvF.exe
  C:\Windows\System\yUQqjvF.exe
  2⤵
  PID:12328
- C:\Windows\System\gnSSFPB.exe
  C:\Windows\System\gnSSFPB.exe
  2⤵
  PID:12352
- C:\Windows\System\pECAayY.exe
  C:\Windows\System\pECAayY.exe
  2⤵
  PID:12400
- C:\Windows\System\ynoHtWE.exe
  C:\Windows\System\ynoHtWE.exe
  2⤵
  PID:12424
- C:\Windows\System\LrLZzzl.exe
  C:\Windows\System\LrLZzzl.exe
  2⤵
  PID:12460
- C:\Windows\System\bIVMjET.exe
  C:\Windows\System\bIVMjET.exe
  2⤵
  PID:12500
- C:\Windows\System\hOucBDJ.exe
  C:\Windows\System\hOucBDJ.exe
  2⤵
  PID:12528
- C:\Windows\System\wTZykbJ.exe
  C:\Windows\System\wTZykbJ.exe
  2⤵
  PID:12548
- C:\Windows\System\DZefkHl.exe
  C:\Windows\System\DZefkHl.exe
  2⤵
  PID:12572
- C:\Windows\System\Zsalpxr.exe
  C:\Windows\System\Zsalpxr.exe
  2⤵
  PID:12596
- C:\Windows\System\iyfdaay.exe
  C:\Windows\System\iyfdaay.exe
  2⤵
  PID:12620
- C:\Windows\System\jjTmPzY.exe
  C:\Windows\System\jjTmPzY.exe
  2⤵
  PID:12644
- C:\Windows\System\iXeuNiA.exe
  C:\Windows\System\iXeuNiA.exe
  2⤵
  PID:12672
- C:\Windows\System\wAXdHig.exe
  C:\Windows\System\wAXdHig.exe
  2⤵
  PID:12692
- C:\Windows\System\EQPZNDa.exe
  C:\Windows\System\EQPZNDa.exe
  2⤵
  PID:12756
- C:\Windows\System\TaRpjdV.exe
  C:\Windows\System\TaRpjdV.exe
  2⤵
  PID:12772
- C:\Windows\System\ZKXtLiq.exe
  C:\Windows\System\ZKXtLiq.exe
  2⤵
  PID:12828
- C:\Windows\System\YnLnCYQ.exe
  C:\Windows\System\YnLnCYQ.exe
  2⤵
  PID:12852
- C:\Windows\System\CDxZimX.exe
  C:\Windows\System\CDxZimX.exe
  2⤵
  PID:12872
- C:\Windows\System\HVuoDTs.exe
  C:\Windows\System\HVuoDTs.exe
  2⤵
  PID:12908
- C:\Windows\System\HvsNwUs.exe
  C:\Windows\System\HvsNwUs.exe
  2⤵
  PID:12948
- C:\Windows\System\ynSwNGI.exe
  C:\Windows\System\ynSwNGI.exe
  2⤵
  PID:12972
- C:\Windows\System\qdujDRx.exe
  C:\Windows\System\qdujDRx.exe
  2⤵
  PID:13000
- C:\Windows\System\BZfOHOU.exe
  C:\Windows\System\BZfOHOU.exe
  2⤵
  PID:13028
- C:\Windows\System\HcGWajb.exe
  C:\Windows\System\HcGWajb.exe
  2⤵
  PID:13044
- C:\Windows\System\rsrjXSs.exe
  C:\Windows\System\rsrjXSs.exe
  2⤵
  PID:13068
- C:\Windows\System\SsZLqVY.exe
  C:\Windows\System\SsZLqVY.exe
  2⤵
  PID:13100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5j04svjx.3fv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ATnCCBF.exe

Filesize
1.8MB

MD5
b7732dedc5234e92ccc13ca419d52b9c

SHA1
5f2bc604ca0d919fe80165e1589de4abbbfed180

SHA256
b92d34ce55c2c5f611267a641b1e962561709424c04aa14910e870e74847ca51

SHA512
1517631d5054364537c12a37984331c309ea3a0c7563932814625ca2916dbd13d7626b7db5e728b99883ec227c21e119925e1cf3c148ff75976c16cabcce02ec

Download Submit
C:\Windows\System\ArEFCgB.exe

Filesize
1.8MB

MD5
cefe39b3344fecd14245ac3a79f8a4c4

SHA1
835ecddf208a81b7a56bbec1c922d287eae99430

SHA256
4d0148310bf25717bf661e08b189858c143d97cfd8a7dc9042dae1cbb99f00eb

SHA512
a54d421f452a22347355dbddd0a10e71ed43023e5b0d62185c4fecd0a8746ec59e7dc4616b44fd9a00c9984590a02f52d911e0e1d662bf6d26017b49f9afe4c2

Download Submit
C:\Windows\System\DhxmDsk.exe

Filesize
1.8MB

MD5
ed85f569b1f1751a90d9d529fdbf1aba

SHA1
56abdb513e0f70182f356062cdb5a8a926cb5c81

SHA256
648e5cd90a52423b753f5e3d7b1ece039a38c414c9a6742fcc885d1a78f10094

SHA512
c1fa0b3693a8d4b3de53e517042b1953cbce00616e30c78b060ecc593ecc401b0edd9e90820a7c068e1b663ece22f4d68cd39d4ff16f65a7b85c23b02ab85a28

Download Submit
C:\Windows\System\EGHFfao.exe

Filesize
1.8MB

MD5
a73e2c49dc53668b795029e209277abb

SHA1
4ec237ce8d82ca9b4d2a464a1b558b287b663e3e

SHA256
e8e75f938100a8e73482b9eab89df400f1a7d0e54abb925259434e93b170b7d1

SHA512
2f5292a8f06547ec8c3411649f2c68ad676474abdec097bbe674f069687bffc34e5d7b225a7670bfbd086ca105e47d5bd653831d883dbd1cef8c2ce6984f86cc

Download Submit
C:\Windows\System\Ebijjjz.exe

Filesize
1.8MB

MD5
2720eb12dee6ae01d2caec25d43236e0

SHA1
91ca6732184d3750e1eacc8e766824b49c9f1e26

SHA256
48b0904cba719e973a2d5070156344f52893996e32087a7780d929a76295e03c

SHA512
c1ba5ca33ae649afe6a373a0a4d61dc87cc8284c414869566605a2ae6a9f427249f61ae81a9bc243e7cc97f9879890b783d3b98e042fd0997e4a4fa00a0c20d3

Download Submit
C:\Windows\System\EvUVqNI.exe

Filesize
1.8MB

MD5
15fc555f7c2b8a4c10dff654f5e709e2

SHA1
a5d4220b64b8e9aaee6d4107d194b260864695bb

SHA256
24943ae9d43042c37d9b8f1361ab614e25884acfbf7ffb5936be399cc472b4c7

SHA512
d25296e30fe4c3257e9d8782aa3b2b9ff7e6824d7fb3ad7b8da742c8c148e6e7e9b4f88b7128588f448f322a8265d4d7d9488a999f905b11292a1e1af7be6c5e

Download Submit
C:\Windows\System\EzqMzlE.exe

Filesize
8B

MD5
0b02220145771e90ebe4310a5742c9eb

SHA1
9bd568d96b03bd5446f96a7b59c08196eb5a57c3

SHA256
6135f164d0697be47c97ab606a7a1adcbc1eb3846ae4debecafb1a6ccfd23e4e

SHA512
cb08dee7f4e4dd1bb8de836a2364c078d9de5aef5dcb329e7e0b8e1cc2bfaa06c42f8b8ddf04bdb30392074759beef091a761854b0812b9a726b3c820c99a5a8

Download Submit
C:\Windows\System\KfvmOTF.exe

Filesize
1.8MB

MD5
d0e71c795283dbed2d96767e0002af09

SHA1
28137f4bca64ec03f304f3b7917a88f3446090ca

SHA256
85f008ee6abc4c80b3889eba9873bcc3a316c0b665b5a8dd42b4d16c4d474d33

SHA512
3a0e3d2aa2192574bed00347916c96b888b3bbe8e3a61cd9b5efeaba8e9c68d8c4f855906e5367a57fbcf10c9cd08ee2db25787dbbd1bdd4d405a1b94842a9f5

Download Submit
C:\Windows\System\LOwrgwT.exe

Filesize
1.8MB

MD5
907230c6a51c09a40ba27e784751544d

SHA1
3f74db17d2dc8860f4309b44b3040dfe5b60de74

SHA256
47e35fc7cfcd1684c45c8043323d627c29bc10f4495a141efd4231503be1630b

SHA512
455a89da9b529b19f3e5da857caae934707026c79f55bb118d939885a6171a8c087ddb90d5e92eba676b1f7c8fdf999fd7d3c130e5ca86d46e324c58ef03baaa

Download Submit
C:\Windows\System\LsJQHxt.exe

Filesize
1.8MB

MD5
b0d3f798f2cacc6049aae3e653d10594

SHA1
b0bebd1caf5e65d4289bd07e26142efaecb09c66

SHA256
5828680a175e0e8523aeb61d351bf3632e3c5cf959541fe658c6f2bef19bc783

SHA512
74195bcffec7dc425a4d5690e6f96efe849425d1170a8f9f1596a8f1c13029f3e7b7720cbec8b0aa83b2a5e39ad96b0a1c2226bc131be08d9c84a7ebd8b46316

Download Submit
C:\Windows\System\MkAACOQ.exe

Filesize
1.8MB

MD5
d8210e8e7821849075018aeb6ddf8203

SHA1
cfbe10e6edfc13284f0b7b526de2b8b0da0a0111

SHA256
f1d46a69ae19c4d8e086a17d0720e867e797a5268ac4e4bcf689c99a68faaa5b

SHA512
deaed53438e34fefbe1ae9b68a64fd03a0d4e07b25fdb56231ef4f69490ed70301386285e4e56d4ae79d0c7c7273c1955c987951b44b10fd5d5cca4690cc4133

Download Submit
C:\Windows\System\RTeXoDI.exe

Filesize
1.8MB

MD5
245832b146702e6651489a1ac2f3e385

SHA1
5c96107fe51dc7154766238ba49e37987d7109cb

SHA256
efd6dc0d3ad6e4dec57d4b54eaf382928ec5fa793c64e6f66252dde940d286e4

SHA512
85c162efa509fbc88abd9a30b0d3e863632920895a9b7ac2955bd44f484578add8f6162c30b12dae19aec77ced4cc890a9488ad8c5189e472e137f88f9a03800

Download Submit
C:\Windows\System\SwkXiEq.exe

Filesize
1.8MB

MD5
1f91cf6f82f24bf612defde1db3a4334

SHA1
00aef3db6a9e409240471ab5527c73853b0bf898

SHA256
9fcfdbff2e53035a85f549cc2bd0d802d3df5ab10617039d2d1631922daacbeb

SHA512
24445c5b8167a1739dc048c9bd8409bcab4aed8da1884de02b41918f339725bc1b506cdff6b0d1243877a8445e2eb9211224aa91252d29465cb1bdd982ad2a28

Download Submit
C:\Windows\System\TSJQlXX.exe

Filesize
1.8MB

MD5
aeef76dced1790b967613c22d8cd2663

SHA1
df17b005cc9adf060f9282ca69bdeb75956a4ac5

SHA256
bec7f9e1f60a9878762dafff7298f7a58f6cb17382d71fe3e826aa6ec73db14c

SHA512
ff51d265ad15f136b5ce3a9697db3be9290dd577e5ee1e841e3106e7d2077b931e54e9de63320a596180f97592e55eaa05b4a040f3477e18078f1eda49734618

Download Submit
C:\Windows\System\Vyyzxyv.exe

Filesize
1.8MB

MD5
6c7f012de9b76f589b8c00bc55390170

SHA1
821a2c75407715280838e2d525695f01fa835e29

SHA256
45b82dcb55e50bffd428196a4a7b229349451a47885adc0bc01d37b486ef4f6e

SHA512
818cb431bf9c4c8508c88a422eca23190b33f3305db051fc1626f0a6e836168cd1efb72c793c63cfd89bd7ca6e8aa35a59de3b3b9f142dce497f2d000580e89b

Download Submit
C:\Windows\System\WFGlhsF.exe

Filesize
1.8MB

MD5
b0e61a0531ae0daf97fd353e87e247e4

SHA1
1fa41bd65dc0e0fd1712ee21b8c36020dc1a60f2

SHA256
34be0df7722d1c571769c202be6ac128216ced19589554236cccec1e4d6bf128

SHA512
1e1ac4743941027303c3be8f7f81b433315e457c12fc26afef1bfa308e1c088e382e26a3581427f7c5bf103a2efb8e1232a232f41143856f29fc21ab93549a88

Download Submit
C:\Windows\System\abuZDWD.exe

Filesize
1.8MB

MD5
9aa942bcaf970292caae499482034d86

SHA1
cb1e097352a8c47f8c23029ccdffb1fcd484f044

SHA256
abbdb9066f85a642603abf01a6c139b98d8cdc589e82a8598396adf952367f19

SHA512
f396f48c4ec99ba94188d445625079fa29b24b2b47785209f35f92e5bbc52c1885582d3e054e8a4fde85469126c1b49a9ec4c611296c860136178e7894ee58d9

Download Submit
C:\Windows\System\aqupmyL.exe

Filesize
1.8MB

MD5
3faac7c0b90a0e37b76bb9a16d0bda05

SHA1
5b47830ac584d67f69aa9ddd1441b248c800b058

SHA256
8a016aa14756f20a900e2e53757ef59c8f725011eeeb85841a113f1e5135672d

SHA512
bfce80e235d1c1e5cbc52b979097de9414c34c6aa81ad64d6f175ed9685750f1751bacde2379255cbc2315572819d6efd08bf842262ae4778b7b67d9cd269251

Download Submit
C:\Windows\System\bkuDxtd.exe

Filesize
1.8MB

MD5
d13787d1b8f55a3e755b47f341febf12

SHA1
262827c3aa722723cbfe8a131950a98d21d3d678

SHA256
2a34a66bed5af29548fbd07190444c8275a90402413dc58294c98eaf92b66565

SHA512
adb2ab4b64193b3da5c2eaa5a8b0f730a21e55c4f6528032aa65192fff29d0c01e30932f2f8135f42bdc5c5ecfd8e3be1361ec24abe216901224614317125eef

Download Submit
C:\Windows\System\iTpGVKg.exe

Filesize
1.8MB

MD5
f60faade286c1c891d70aeecd7919de4

SHA1
b82381b6ead4e941d3fa38167750f35adf6d90e7

SHA256
3915fe33edc19a5f414d22adfc0486fa7d2984675d97a7624ae7fa7273e8975d

SHA512
b0a4877055584de2ca40732b2ca7deb280c158cb583992fd46fc41d4c955401ff6beaacab045ca7b5b2ca42367ffd2ad094cb07c3227decaa7d5870dbdba8680

Download Submit
C:\Windows\System\jWKavof.exe

Filesize
1.8MB

MD5
17ce8362561de971468da813dfb4fd4c

SHA1
fb2242e414a3fc6a130d84727ff254ae290abc46

SHA256
5405a6b53fe8a16ce4f978fc4b113f56fad7922dfce6b4993ca79cc47c6e174b

SHA512
6e727bd1ad50645ac6226ec4fde42dc447ee68dd4d00fcd89acc0250b783583a12d4ca324408f9401f2c30ccc94e2a1dd90a1ad91dfc5fa16dd98aceeb885070

Download Submit
C:\Windows\System\kNmYovp.exe

Filesize
1.8MB

MD5
262cdbd6c83ceb5aa6106b627e773ae9

SHA1
cbfb3cba7c9e19ec629f831ee9520e4ad0ed6ed6

SHA256
77ed61cebbdfbcba64cce8dd8997bc1596cc3cd03c75a4ad692142f78dc91287

SHA512
4a5687f8a8b5770ae72846aebd412b7f9cec46f906bfeda8cf116910f10d46c35354067cb106478446a109fed9bb0d919e918e3b7389e66b2933872174b4c79a

Download Submit
C:\Windows\System\kOJbTda.exe

Filesize
1.8MB

MD5
69bd2198897834ed17fa9e7e4847fb1e

SHA1
2d90bee53e542b702af62d55b7edde27f6062112

SHA256
e32d96826b450c58b2d0c696fecc4d68df09d3429e7ada913976bea1f106ae96

SHA512
5df62899cc6b8d7c8214879afeeb1cbbcbac4c6ee24a915a41c8f2f08739592ba3fac4e6701ecb71f0025192f5cd7859fa42966a00cc83e45da3bfa54762816a

Download Submit
C:\Windows\System\kbwBxIG.exe

Filesize
1.8MB

MD5
3efe30555e939dc206309fdfa64880d8

SHA1
aaf67be9a65c95b95706364dcac27fead3f14568

SHA256
c20e97595b8524bb4b0bf833d8b301a2bbeb1c10290a8d81d5f6b53fc70590e6

SHA512
fe91b3749f791e5d396788708e651a4417eae42881adbeebe31056a9e77a60611cc6d1f841c70589591b2640696f55f90e2a02476e74bfcee1b68b588a8abf40

Download Submit
C:\Windows\System\mDKfsMN.exe

Filesize
1.8MB

MD5
d996bcb136c3192d7782117d4e3aa561

SHA1
bc5ec9d4e037b9e1fa20f7ba1fcbf1b782595139

SHA256
a773591b240dfc9f4a3918c82396b7103ce5a29a9135b9566ccacb8e931c35dc

SHA512
cc1a22ddae69c1fb62259a669eb5e4e371e55ca215c0cbd1dabf3e4d910607f0718b2f67793ce63f29d9dcbaba78e6e455704e023b655b3def22051c1c5efe06

Download Submit
C:\Windows\System\mHKogwE.exe

Filesize
1.8MB

MD5
c7381b440ed87bcd39ae27eb2fd1dd73

SHA1
3a26c71f1c5cc7be4b0f71a76610196fc20420b6

SHA256
87eda22c6e15cdc84cd6e51ccacccc7958661b33dd78486c55a1e59cdb19b447

SHA512
be2df52c4ab23ce781bd3b9c41747d61bc8fd481ab8e750857a75c81bde58d8c396303ab4e087f709888154e4484587ea837ed53f730ee12d3fa789259b959d2

Download Submit
C:\Windows\System\mTSEWOg.exe

Filesize
1.8MB

MD5
7717201a009bfc0fd7d3eab4606a0c2f

SHA1
fabd58384882fe87652c2c0721a9da61a34ebd2a

SHA256
96b870b812178773aa877f8f5da56931697a2aff340ce71876bf4ac3b51aa722

SHA512
77af16e034e058e827a3a62428d851cc4eb14a01e5018a7befc2ac0ad028c3370d0b3adcd4a41efd2e67dc94a3d0928ada33b04ff6c418336fe438daaeb6acdf

Download Submit
C:\Windows\System\oGkMHkL.exe

Filesize
1.8MB

MD5
9cf3ff51ceaa15da7ab9c65f5b8822d0

SHA1
2630149f65ee8971ca1c8cf9d9901f7b2f6e6126

SHA256
edf3bf3808293f9f3882bff4808bd51fada8d37ef31f6c0a83d0c9c73905ae32

SHA512
b34666901b8f0ca4ea0209b1df9f91c4b03c0b2f8593f56dbf1255825ca0d6e10352054c0341d5b4a1a4dc87143cd204010b86c302cfe1344227d03896b7d718

Download Submit
C:\Windows\System\oUsmJXm.exe

Filesize
1.8MB

MD5
553129ddd48d32dc91cd409792710d8a

SHA1
573d5329d9326d5d5af851944c7e6388a1a9250c

SHA256
bc98d32a5340ee965bef0b4c8c5c052e7f013469e4b2cf82bb02abcffe501faa

SHA512
3932949333c348c412556a97a744b42a903eda1c4893d851278e94d0196b43a6c1861b73bdcc46b3763462f273542b616582397820fd6b10e8b31d5bff0b3085

Download Submit
C:\Windows\System\onfRZYY.exe

Filesize
1.8MB

MD5
ed812fd8ee6dbd578c962866199fa78f

SHA1
2efcb6b0f55734a2a7df0cdfe1457658b8a0e5c7

SHA256
0d7218e0ca078016ff8a34612b27dd16755210cc96c5f46d614a25d86bce67c0

SHA512
9fe8e4ae543b24652cda1abfa2ddf648b9f312ffbf098a4d38b186eed63271254efca23ee86f39ba9dd1414f03a8e004f7175c80683df5a73d6765b405ecf689

Download Submit
C:\Windows\System\pMIiEOd.exe

Filesize
1.8MB

MD5
a639c8be3f415c20d12005cc47471096

SHA1
0bb2dc9075d2b1304c7d2c6dddf2bf19d1329c07

SHA256
890978a20297df9797dd3afbbbb27435a19ae06f66352d58274d657a165b4b2a

SHA512
e70c5c2cd4ec6244a082caf2b32e7dfa81e0ea5e49bfd11706484b3e52f3af038f14b39e8c476d1f03ed0436ac769792192146e993ee2d1cdc5cff114f3cec84

Download Submit
C:\Windows\System\qdzzUUR.exe

Filesize
1.8MB

MD5
0613f5fa5d91be307558ee2a6dd332c5

SHA1
8ad42ff61b81b9a8d5ac5e1293d6da24141c8fda

SHA256
066e94b72face032fd91f75d7ffc45032a993b3838525391a4f7f42dcaed3cbf

SHA512
cbcea6d4a62ffdefd9ae7a36d42b54bf77dc8037d7c9000bf8dc0947ec33669941c37a608a2bd2a39420fd4af1e4e3e4c5c6ba4b5995cd31e18839c4bacd258d

Download Submit
C:\Windows\System\tfFiMcq.exe

Filesize
1.8MB

MD5
3936b6565f2e87985e970400f783047f

SHA1
a586c0eadab5a17f5357eff27a59fc04f5564516

SHA256
34df2290a4e10944bb697762785bc2a0000776f9b09eaf9566cdef6964018bb0

SHA512
2d0a1207821b1b77281ae097bb9552e2c647f20b46a0dbe203e753c48747f1249d3d13d335e4e40346a176e004d5cee2abaf2f932d0bc92c684ca0ff70d472bd

Download Submit
C:\Windows\System\ujTKCZF.exe

Filesize
1.8MB

MD5
489342315de612e05875cf8e64a6372d

SHA1
a0c9fbae55de2fe140eecb097a8f229544224ef6

SHA256
c920a8317cdf29bd4e96f16abb26cbb3626bb539c628b800d294e5fc1278307f

SHA512
5bd88a5c9b6f5bdcbb2f02bb94d7b44393b9a0f5f5ee4b5a7da6c852415c1697ea294d188fb8695a44324e40a6ec82d7f8a744254d02cc093ea1966fbc3a76fc

Download Submit
memory/844-154-0x00007FF6D3180000-0x00007FF6D3572000-memory.dmp

Filesize
3.9MB

Download
memory/844-2546-0x00007FF6D3180000-0x00007FF6D3572000-memory.dmp

Filesize
3.9MB

Download
memory/1476-2516-0x00007FF671DB0000-0x00007FF6721A2000-memory.dmp

Filesize
3.9MB

Download
memory/1476-115-0x00007FF671DB0000-0x00007FF6721A2000-memory.dmp

Filesize
3.9MB

Download
memory/1744-2532-0x00007FF67E3B0000-0x00007FF67E7A2000-memory.dmp

Filesize
3.9MB

Download
memory/1744-130-0x00007FF67E3B0000-0x00007FF67E7A2000-memory.dmp

Filesize
3.9MB

Download
memory/1816-160-0x00007FF6B1450000-0x00007FF6B1842000-memory.dmp

Filesize
3.9MB

Download
memory/1816-2551-0x00007FF6B1450000-0x00007FF6B1842000-memory.dmp

Filesize
3.9MB

Download
memory/1876-2514-0x00007FF70B270000-0x00007FF70B662000-memory.dmp

Filesize
3.9MB

Download
memory/1876-77-0x00007FF70B270000-0x00007FF70B662000-memory.dmp

Filesize
3.9MB

Download
memory/2060-2508-0x00007FF7785B0000-0x00007FF7789A2000-memory.dmp

Filesize
3.9MB

Download
memory/2060-56-0x00007FF7785B0000-0x00007FF7789A2000-memory.dmp

Filesize
3.9MB

Download
memory/2068-2489-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

Filesize
10.8MB

Download
memory/2068-111-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

Filesize
10.8MB

Download
memory/2068-6-0x00007FFF67033000-0x00007FFF67035000-memory.dmp

Filesize
8KB

Download
memory/2068-2447-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

Filesize
10.8MB

Download
memory/2068-2463-0x00007FFF67033000-0x00007FFF67035000-memory.dmp

Filesize
8KB

Download
memory/2068-374-0x000001D777DC0000-0x000001D778566000-memory.dmp

Filesize
7.6MB

Download
memory/2068-64-0x000001D777220000-0x000001D777242000-memory.dmp

Filesize
136KB

Download
memory/2068-2464-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

Filesize
10.8MB

Download
memory/2068-25-0x00007FFF67030000-0x00007FFF67AF1000-memory.dmp

Filesize
10.8MB

Download
memory/2136-65-0x00007FF7F1B50000-0x00007FF7F1F42000-memory.dmp

Filesize
3.9MB

Download
memory/2136-2510-0x00007FF7F1B50000-0x00007FF7F1F42000-memory.dmp

Filesize
3.9MB

Download
memory/2140-71-0x00007FF639AF0000-0x00007FF639EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2140-2513-0x00007FF639AF0000-0x00007FF639EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2172-98-0x00007FF759600000-0x00007FF7599F2000-memory.dmp

Filesize
3.9MB

Download
memory/2172-2531-0x00007FF759600000-0x00007FF7599F2000-memory.dmp

Filesize
3.9MB

Download
memory/2300-2519-0x00007FF7C33B0000-0x00007FF7C37A2000-memory.dmp

Filesize
3.9MB

Download
memory/2300-119-0x00007FF7C33B0000-0x00007FF7C37A2000-memory.dmp

Filesize
3.9MB

Download
memory/2344-2540-0x00007FF7B80B0000-0x00007FF7B84A2000-memory.dmp

Filesize
3.9MB

Download
memory/2344-144-0x00007FF7B80B0000-0x00007FF7B84A2000-memory.dmp

Filesize
3.9MB

Download
memory/2584-2526-0x00007FF72EF00000-0x00007FF72F2F2000-memory.dmp

Filesize
3.9MB

Download
memory/2584-128-0x00007FF72EF00000-0x00007FF72F2F2000-memory.dmp

Filesize
3.9MB

Download
memory/2608-2528-0x00007FF7A5210000-0x00007FF7A5602000-memory.dmp

Filesize
3.9MB

Download
memory/2608-94-0x00007FF7A5210000-0x00007FF7A5602000-memory.dmp

Filesize
3.9MB

Download
memory/2944-135-0x00007FF71D120000-0x00007FF71D512000-memory.dmp

Filesize
3.9MB

Download
memory/2944-2536-0x00007FF71D120000-0x00007FF71D512000-memory.dmp

Filesize
3.9MB

Download
memory/3164-0-0x00007FF73DF80000-0x00007FF73E372000-memory.dmp

Filesize
3.9MB

Download
memory/3164-1-0x000001CCCF040000-0x000001CCCF050000-memory.dmp

Filesize
64KB

Download
memory/3212-2543-0x00007FF726140000-0x00007FF726532000-memory.dmp

Filesize
3.9MB

Download
memory/3212-148-0x00007FF726140000-0x00007FF726532000-memory.dmp

Filesize
3.9MB

Download
memory/3356-161-0x00007FF716820000-0x00007FF716C12000-memory.dmp

Filesize
3.9MB

Download
memory/3356-2552-0x00007FF716820000-0x00007FF716C12000-memory.dmp

Filesize
3.9MB

Download
memory/3752-2534-0x00007FF681220000-0x00007FF681612000-memory.dmp

Filesize
3.9MB

Download
memory/3752-129-0x00007FF681220000-0x00007FF681612000-memory.dmp

Filesize
3.9MB

Download
memory/3988-2523-0x00007FF64CF90000-0x00007FF64D382000-memory.dmp

Filesize
3.9MB

Download
memory/3988-124-0x00007FF64CF90000-0x00007FF64D382000-memory.dmp

Filesize
3.9MB

Download
memory/4484-2539-0x00007FF729650000-0x00007FF729A42000-memory.dmp

Filesize
3.9MB

Download
memory/4484-137-0x00007FF729650000-0x00007FF729A42000-memory.dmp

Filesize
3.9MB

Download
memory/4512-140-0x00007FF658CC0000-0x00007FF6590B2000-memory.dmp

Filesize
3.9MB

Download
memory/4512-2545-0x00007FF658CC0000-0x00007FF6590B2000-memory.dmp

Filesize
3.9MB

Download
memory/4880-88-0x00007FF72CCC0000-0x00007FF72D0B2000-memory.dmp

Filesize
3.9MB

Download
memory/4880-2520-0x00007FF72CCC0000-0x00007FF72D0B2000-memory.dmp

Filesize
3.9MB

Download
memory/5012-167-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp

Filesize
3.9MB

Download
memory/5012-2555-0x00007FF6DEFF0000-0x00007FF6DF3E2000-memory.dmp

Filesize
3.9MB

Download
memory/5056-82-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp

Filesize
3.9MB

Download
memory/5056-2524-0x00007FF7A39F0000-0x00007FF7A3DE2000-memory.dmp

Filesize
3.9MB

Download
memory/5084-2506-0x00007FF781110000-0x00007FF781502000-memory.dmp

Filesize
3.9MB

Download
memory/5084-50-0x00007FF781110000-0x00007FF781502000-memory.dmp

Filesize
3.9MB

Download