xmrig | 79d8ed9bf3902c1edac9743f2963e18798662d0c7fc485a4317b6d6eca45a03b

Analysis

max time kernel
121s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
Size

1.6MB
MD5

4f6efead7446e56606f46187b76ad690
SHA1

d8a038f24b3a60da144be4fddfed1b9fdc340e17
SHA256

79d8ed9bf3902c1edac9743f2963e18798662d0c7fc485a4317b6d6eca45a03b
SHA512

8a93a143a3f2d02870bb82fcba659e47b539b050c83172d288091fa0ac85a05217454cc08da3979ee832b6bd3bdc776ae0354a0deee9431fc688863c3e0b401a
SSDEEP

24576:zv3/fTLF671TilQFG4P5PxtG8PEpklLvYl8UywjwCIlaa+eCppUmgjaw272kB7i5:Lz071uv4BPjGhql0lQGQBC38javikC

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/2236-125-0x00007FF6796A0000-0x00007FF679A92000-memory.dmp	xmrig
behavioral2/memory/412-129-0x00007FF6D80A0000-0x00007FF6D8492000-memory.dmp	xmrig
behavioral2/memory/4368-133-0x00007FF74F8F0000-0x00007FF74FCE2000-memory.dmp	xmrig
behavioral2/memory/4676-525-0x00007FF700650000-0x00007FF700A42000-memory.dmp	xmrig
behavioral2/memory/652-527-0x00007FF7AB320000-0x00007FF7AB712000-memory.dmp	xmrig
behavioral2/memory/3800-526-0x00007FF697BC0000-0x00007FF697FB2000-memory.dmp	xmrig
behavioral2/memory/4164-524-0x00007FF64A770000-0x00007FF64AB62000-memory.dmp	xmrig
behavioral2/memory/812-135-0x00007FF6B97D0000-0x00007FF6B9BC2000-memory.dmp	xmrig
behavioral2/memory/1776-134-0x00007FF66D1D0000-0x00007FF66D5C2000-memory.dmp	xmrig
behavioral2/memory/4028-132-0x00007FF691460000-0x00007FF691852000-memory.dmp	xmrig
behavioral2/memory/2440-131-0x00007FF6259F0000-0x00007FF625DE2000-memory.dmp	xmrig
behavioral2/memory/4144-130-0x00007FF7B7800000-0x00007FF7B7BF2000-memory.dmp	xmrig
behavioral2/memory/4812-128-0x00007FF6E5DA0000-0x00007FF6E6192000-memory.dmp	xmrig
behavioral2/memory/4612-127-0x00007FF67C1F0000-0x00007FF67C5E2000-memory.dmp	xmrig
behavioral2/memory/532-126-0x00007FF75D070000-0x00007FF75D462000-memory.dmp	xmrig
behavioral2/memory/1628-124-0x00007FF6F7A90000-0x00007FF6F7E82000-memory.dmp	xmrig
behavioral2/memory/4912-121-0x00007FF7283D0000-0x00007FF7287C2000-memory.dmp	xmrig
behavioral2/memory/2180-120-0x00007FF7C0110000-0x00007FF7C0502000-memory.dmp	xmrig
behavioral2/memory/4200-117-0x00007FF692B30000-0x00007FF692F22000-memory.dmp	xmrig
behavioral2/memory/4184-112-0x00007FF63B080000-0x00007FF63B472000-memory.dmp	xmrig
behavioral2/memory/4928-105-0x00007FF6585E0000-0x00007FF6589D2000-memory.dmp	xmrig
behavioral2/memory/1536-92-0x00007FF697D00000-0x00007FF6980F2000-memory.dmp	xmrig
behavioral2/memory/3184-39-0x00007FF668960000-0x00007FF668D52000-memory.dmp	xmrig
behavioral2/memory/2356-33-0x00007FF6BF0A0000-0x00007FF6BF492000-memory.dmp	xmrig
behavioral2/memory/3184-2148-0x00007FF668960000-0x00007FF668D52000-memory.dmp	xmrig
behavioral2/memory/1536-2151-0x00007FF697D00000-0x00007FF6980F2000-memory.dmp	xmrig
behavioral2/memory/4144-2153-0x00007FF7B7800000-0x00007FF7B7BF2000-memory.dmp	xmrig
behavioral2/memory/4028-2158-0x00007FF691460000-0x00007FF691852000-memory.dmp	xmrig
behavioral2/memory/4184-2164-0x00007FF63B080000-0x00007FF63B472000-memory.dmp	xmrig
behavioral2/memory/4912-2167-0x00007FF7283D0000-0x00007FF7287C2000-memory.dmp	xmrig
behavioral2/memory/2180-2169-0x00007FF7C0110000-0x00007FF7C0502000-memory.dmp	xmrig
behavioral2/memory/4928-2165-0x00007FF6585E0000-0x00007FF6589D2000-memory.dmp	xmrig
behavioral2/memory/4200-2162-0x00007FF692B30000-0x00007FF692F22000-memory.dmp	xmrig
behavioral2/memory/2440-2160-0x00007FF6259F0000-0x00007FF625DE2000-memory.dmp	xmrig
behavioral2/memory/2356-2156-0x00007FF6BF0A0000-0x00007FF6BF492000-memory.dmp	xmrig
behavioral2/memory/3800-2191-0x00007FF697BC0000-0x00007FF697FB2000-memory.dmp	xmrig
behavioral2/memory/4676-2193-0x00007FF700650000-0x00007FF700A42000-memory.dmp	xmrig
behavioral2/memory/652-2196-0x00007FF7AB320000-0x00007FF7AB712000-memory.dmp	xmrig
behavioral2/memory/4164-2190-0x00007FF64A770000-0x00007FF64AB62000-memory.dmp	xmrig
behavioral2/memory/4612-2186-0x00007FF67C1F0000-0x00007FF67C5E2000-memory.dmp	xmrig
behavioral2/memory/1776-2184-0x00007FF66D1D0000-0x00007FF66D5C2000-memory.dmp	xmrig
behavioral2/memory/412-2182-0x00007FF6D80A0000-0x00007FF6D8492000-memory.dmp	xmrig
behavioral2/memory/4812-2178-0x00007FF6E5DA0000-0x00007FF6E6192000-memory.dmp	xmrig
behavioral2/memory/532-2176-0x00007FF75D070000-0x00007FF75D462000-memory.dmp	xmrig
behavioral2/memory/1628-2173-0x00007FF6F7A90000-0x00007FF6F7E82000-memory.dmp	xmrig
behavioral2/memory/812-2188-0x00007FF6B97D0000-0x00007FF6B9BC2000-memory.dmp	xmrig
behavioral2/memory/4368-2180-0x00007FF74F8F0000-0x00007FF74FCE2000-memory.dmp	xmrig
behavioral2/memory/2236-2172-0x00007FF6796A0000-0x00007FF679A92000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
4	2708	powershell.exe
8	2708	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2708	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4144	kEaraBP.exe
2356	UQPRIYD.exe
3184	SxTWSMG.exe
1536	WdWuRew.exe
4928	oOBvEaX.exe
2440	DfITCLd.exe
4184	VrFhZRZ.exe
4028	yCDIdAf.exe
4200	LTUWxWk.exe
2180	udaZzbQ.exe
4912	nLztqkw.exe
1628	xJSBYwM.exe
2236	ZRCHlyj.exe
532	yzkeZYg.exe
4612	fUceNxt.exe
4812	Unwskbo.exe
4368	qaMRUFD.exe
412	WWxLSVY.exe
1776	LlLrBTK.exe
812	CYSRFbC.exe
4164	cBQikOO.exe
4676	paRgKND.exe
3800	LwPavbX.exe
652	TzxasZa.exe
2584	UCxMtkO.exe
3440	SQxRZbt.exe
880	EdxdMAI.exe
5044	lVbBwpJ.exe
3676	lakgRIN.exe
4452	jCPndqB.exe
2404	RZvdVnH.exe
2324	IgcErax.exe
1640	JQzoyLN.exe
4524	NIZvpMG.exe
3668	NSYtFcG.exe
1032	XIHPPRF.exe
1204	VXfZppK.exe
4556	qGjuByd.exe
376	pfLtQUA.exe
1328	RKlcYRG.exe
3112	KZvrxam.exe
4440	OCnfZIH.exe
4476	IKhOPhP.exe
3036	gAIdkZu.exe
464	hZwxGWR.exe
2004	mcKPwnd.exe
1404	XuTBtMZ.exe
1044	oiQeCTP.exe
2400	qrWfcJC.exe
4348	zmPVobz.exe
1792	RZUszfj.exe
1712	suONcMb.exe
3124	EchtMhR.exe
4932	LQgfRzS.exe
4068	WhtxdCu.exe
1936	asiOuZN.exe
2612	qvUBYBK.exe
1304	lJchHkg.exe
1916	obhhCNG.exe
3460	iQYfpDo.exe
3052	kXZfyAq.exe
3608	Nvgtocb.exe
3332	dRfmlSR.exe
5040	jJjXTtg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5016-0-0x00007FF6DEA00000-0x00007FF6DEDF2000-memory.dmp	upx
behavioral2/files/0x0007000000023410-6.dat	upx
behavioral2/files/0x000700000002340f-21.dat	upx
behavioral2/files/0x0007000000023414-35.dat	upx
behavioral2/files/0x0007000000023415-40.dat	upx
behavioral2/files/0x0007000000023416-54.dat	upx
behavioral2/files/0x0007000000023417-66.dat	upx
behavioral2/files/0x0007000000023418-77.dat	upx
behavioral2/files/0x000700000002341c-107.dat	upx
behavioral2/files/0x000700000002341f-114.dat	upx
behavioral2/files/0x0007000000023422-118.dat	upx
behavioral2/memory/2236-125-0x00007FF6796A0000-0x00007FF679A92000-memory.dmp	upx
behavioral2/memory/412-129-0x00007FF6D80A0000-0x00007FF6D8492000-memory.dmp	upx
behavioral2/memory/4368-133-0x00007FF74F8F0000-0x00007FF74FCE2000-memory.dmp	upx
behavioral2/files/0x0009000000023406-142.dat	upx
behavioral2/files/0x0007000000023423-154.dat	upx
behavioral2/files/0x0007000000023428-171.dat	upx
behavioral2/files/0x000700000002342b-186.dat	upx
behavioral2/memory/4676-525-0x00007FF700650000-0x00007FF700A42000-memory.dmp	upx
behavioral2/memory/652-527-0x00007FF7AB320000-0x00007FF7AB712000-memory.dmp	upx
behavioral2/memory/3800-526-0x00007FF697BC0000-0x00007FF697FB2000-memory.dmp	upx
behavioral2/memory/4164-524-0x00007FF64A770000-0x00007FF64AB62000-memory.dmp	upx
behavioral2/files/0x000700000002342d-196.dat	upx
behavioral2/files/0x000700000002342c-191.dat	upx
behavioral2/files/0x000700000002342a-189.dat	upx
behavioral2/files/0x0007000000023429-184.dat	upx
behavioral2/files/0x0007000000023427-174.dat	upx
behavioral2/files/0x0007000000023426-169.dat	upx
behavioral2/files/0x0007000000023425-164.dat	upx
behavioral2/files/0x0007000000023424-159.dat	upx
behavioral2/files/0x000800000002341d-147.dat	upx
behavioral2/memory/812-135-0x00007FF6B97D0000-0x00007FF6B9BC2000-memory.dmp	upx
behavioral2/memory/1776-134-0x00007FF66D1D0000-0x00007FF66D5C2000-memory.dmp	upx
behavioral2/memory/4028-132-0x00007FF691460000-0x00007FF691852000-memory.dmp	upx
behavioral2/memory/2440-131-0x00007FF6259F0000-0x00007FF625DE2000-memory.dmp	upx
behavioral2/memory/4144-130-0x00007FF7B7800000-0x00007FF7B7BF2000-memory.dmp	upx
behavioral2/memory/4812-128-0x00007FF6E5DA0000-0x00007FF6E6192000-memory.dmp	upx
behavioral2/memory/4612-127-0x00007FF67C1F0000-0x00007FF67C5E2000-memory.dmp	upx
behavioral2/memory/532-126-0x00007FF75D070000-0x00007FF75D462000-memory.dmp	upx
behavioral2/memory/1628-124-0x00007FF6F7A90000-0x00007FF6F7E82000-memory.dmp	upx
behavioral2/files/0x000800000002341e-122.dat	upx
behavioral2/memory/4912-121-0x00007FF7283D0000-0x00007FF7287C2000-memory.dmp	upx
behavioral2/memory/2180-120-0x00007FF7C0110000-0x00007FF7C0502000-memory.dmp	upx
behavioral2/memory/4200-117-0x00007FF692B30000-0x00007FF692F22000-memory.dmp	upx
behavioral2/memory/4184-112-0x00007FF63B080000-0x00007FF63B472000-memory.dmp	upx
behavioral2/memory/4928-105-0x00007FF6585E0000-0x00007FF6589D2000-memory.dmp	upx
behavioral2/files/0x0007000000023421-101.dat	upx
behavioral2/files/0x0007000000023420-99.dat	upx
behavioral2/files/0x000700000002341b-95.dat	upx
behavioral2/files/0x000700000002341a-93.dat	upx
behavioral2/memory/1536-92-0x00007FF697D00000-0x00007FF6980F2000-memory.dmp	upx
behavioral2/files/0x0007000000023419-81.dat	upx
behavioral2/files/0x0007000000023413-47.dat	upx
behavioral2/memory/3184-39-0x00007FF668960000-0x00007FF668D52000-memory.dmp	upx
behavioral2/memory/2356-33-0x00007FF6BF0A0000-0x00007FF6BF492000-memory.dmp	upx
behavioral2/files/0x0007000000023412-32.dat	upx
behavioral2/files/0x0007000000023411-18.dat	upx
behavioral2/files/0x0008000000022f51-13.dat	upx
behavioral2/memory/3184-2148-0x00007FF668960000-0x00007FF668D52000-memory.dmp	upx
behavioral2/memory/1536-2151-0x00007FF697D00000-0x00007FF6980F2000-memory.dmp	upx
behavioral2/memory/4144-2153-0x00007FF7B7800000-0x00007FF7B7BF2000-memory.dmp	upx
behavioral2/memory/4028-2158-0x00007FF691460000-0x00007FF691852000-memory.dmp	upx
behavioral2/memory/4184-2164-0x00007FF63B080000-0x00007FF63B472000-memory.dmp	upx
behavioral2/memory/4912-2167-0x00007FF7283D0000-0x00007FF7287C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BBcyDFO.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\odONpgP.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\RkjCzbW.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\XhbFBiq.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\LfGlTHJ.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\UaNRgtg.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\wdmHvoe.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\JQzoyLN.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\FDURWER.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\FVpLfVx.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\DmOOnVh.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\EjfazUQ.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\YwDMSbC.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\ckTIhUJ.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\hNeAdZE.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\hqQpNaA.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\wgdkxTy.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\wwdvXFx.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\RxmixZC.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\fZFamuR.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\fHYDRHX.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\exkBXoc.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\AmkiQVu.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\OyUuKqE.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\bNYSnFy.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\ZoQLebX.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\rezngdL.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\pfLtQUA.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\ELDcQkK.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\qcINpap.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\RXmAYky.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\FnhdhsH.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\rUEBhuq.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\zAMsKNN.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\fuEVHLQ.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\aZNiKWd.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\qJvvOmg.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\MPXKDnF.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\yEshmXE.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\PhDsvVE.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\PtRPDSZ.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\qxVyNSz.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\wKxeuDg.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\CYSRFbC.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\VjKwyTi.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\SKmeLYT.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\rLnpZmk.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\XFihQcq.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\SIgulEq.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\FNeZmNf.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\rauqcEV.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\VrFhZRZ.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\TcAGJLU.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\AqdRNXz.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\FdkiJOA.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\DONvQNJ.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\IiZiEfL.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\GcdjNzU.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\ZBVTGvy.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\AmSJVfT.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\dDrsWBV.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\asiOuZN.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\HkwgbPO.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
File created	C:\Windows\System\gXtUJrx.exe	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2708	powershell.exe
2708	powershell.exe
2708	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
Token: SeDebugPrivilege	2708	powershell.exe
Token: SeLockMemoryPrivilege	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 2708	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	84
PID 5016 wrote to memory of 2708	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	84
PID 5016 wrote to memory of 3184	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	85
PID 5016 wrote to memory of 3184	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	85
PID 5016 wrote to memory of 4144	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	86
PID 5016 wrote to memory of 4144	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	86
PID 5016 wrote to memory of 2356	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	87
PID 5016 wrote to memory of 2356	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	87
PID 5016 wrote to memory of 1536	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	88
PID 5016 wrote to memory of 1536	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	88
PID 5016 wrote to memory of 4928	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	89
PID 5016 wrote to memory of 4928	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	89
PID 5016 wrote to memory of 4184	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	90
PID 5016 wrote to memory of 4184	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	90
PID 5016 wrote to memory of 2440	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	91
PID 5016 wrote to memory of 2440	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	91
PID 5016 wrote to memory of 4028	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	92
PID 5016 wrote to memory of 4028	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	92
PID 5016 wrote to memory of 4200	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	93
PID 5016 wrote to memory of 4200	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	93
PID 5016 wrote to memory of 2236	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	94
PID 5016 wrote to memory of 2236	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	94
PID 5016 wrote to memory of 2180	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	95
PID 5016 wrote to memory of 2180	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	95
PID 5016 wrote to memory of 4912	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	96
PID 5016 wrote to memory of 4912	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	96
PID 5016 wrote to memory of 1628	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	97
PID 5016 wrote to memory of 1628	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	97
PID 5016 wrote to memory of 532	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	98
PID 5016 wrote to memory of 532	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	98
PID 5016 wrote to memory of 4612	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	99
PID 5016 wrote to memory of 4612	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	99
PID 5016 wrote to memory of 4812	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	100
PID 5016 wrote to memory of 4812	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	100
PID 5016 wrote to memory of 4368	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	101
PID 5016 wrote to memory of 4368	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	101
PID 5016 wrote to memory of 412	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	102
PID 5016 wrote to memory of 412	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	102
PID 5016 wrote to memory of 1776	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	103
PID 5016 wrote to memory of 1776	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	103
PID 5016 wrote to memory of 812	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	104
PID 5016 wrote to memory of 812	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	104
PID 5016 wrote to memory of 4164	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	105
PID 5016 wrote to memory of 4164	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	105
PID 5016 wrote to memory of 4676	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	106
PID 5016 wrote to memory of 4676	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	106
PID 5016 wrote to memory of 3800	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	107
PID 5016 wrote to memory of 3800	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	107
PID 5016 wrote to memory of 652	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	108
PID 5016 wrote to memory of 652	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	108
PID 5016 wrote to memory of 2584	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	109
PID 5016 wrote to memory of 2584	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	109
PID 5016 wrote to memory of 3440	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	110
PID 5016 wrote to memory of 3440	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	110
PID 5016 wrote to memory of 880	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	111
PID 5016 wrote to memory of 880	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	111
PID 5016 wrote to memory of 5044	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	112
PID 5016 wrote to memory of 5044	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	112
PID 5016 wrote to memory of 3676	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	113
PID 5016 wrote to memory of 3676	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	113
PID 5016 wrote to memory of 4452	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	114
PID 5016 wrote to memory of 4452	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	114
PID 5016 wrote to memory of 2404	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	115
PID 5016 wrote to memory of 2404	5016	4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f6efead7446e56606f46187b76ad690_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2708
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2708" "2964" "2908" "2968" "0" "0" "2972" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13280
- C:\Windows\System\SxTWSMG.exe
  C:\Windows\System\SxTWSMG.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\kEaraBP.exe
  C:\Windows\System\kEaraBP.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\UQPRIYD.exe
  C:\Windows\System\UQPRIYD.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\WdWuRew.exe
  C:\Windows\System\WdWuRew.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\oOBvEaX.exe
  C:\Windows\System\oOBvEaX.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\VrFhZRZ.exe
  C:\Windows\System\VrFhZRZ.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\DfITCLd.exe
  C:\Windows\System\DfITCLd.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\yCDIdAf.exe
  C:\Windows\System\yCDIdAf.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\LTUWxWk.exe
  C:\Windows\System\LTUWxWk.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\ZRCHlyj.exe
  C:\Windows\System\ZRCHlyj.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\udaZzbQ.exe
  C:\Windows\System\udaZzbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\nLztqkw.exe
  C:\Windows\System\nLztqkw.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\xJSBYwM.exe
  C:\Windows\System\xJSBYwM.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\yzkeZYg.exe
  C:\Windows\System\yzkeZYg.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\fUceNxt.exe
  C:\Windows\System\fUceNxt.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\Unwskbo.exe
  C:\Windows\System\Unwskbo.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\qaMRUFD.exe
  C:\Windows\System\qaMRUFD.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\WWxLSVY.exe
  C:\Windows\System\WWxLSVY.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\LlLrBTK.exe
  C:\Windows\System\LlLrBTK.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\CYSRFbC.exe
  C:\Windows\System\CYSRFbC.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\cBQikOO.exe
  C:\Windows\System\cBQikOO.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\paRgKND.exe
  C:\Windows\System\paRgKND.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\LwPavbX.exe
  C:\Windows\System\LwPavbX.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\TzxasZa.exe
  C:\Windows\System\TzxasZa.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\UCxMtkO.exe
  C:\Windows\System\UCxMtkO.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\SQxRZbt.exe
  C:\Windows\System\SQxRZbt.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\EdxdMAI.exe
  C:\Windows\System\EdxdMAI.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\lVbBwpJ.exe
  C:\Windows\System\lVbBwpJ.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\lakgRIN.exe
  C:\Windows\System\lakgRIN.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\jCPndqB.exe
  C:\Windows\System\jCPndqB.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\RZvdVnH.exe
  C:\Windows\System\RZvdVnH.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\IgcErax.exe
  C:\Windows\System\IgcErax.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\JQzoyLN.exe
  C:\Windows\System\JQzoyLN.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\NIZvpMG.exe
  C:\Windows\System\NIZvpMG.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\NSYtFcG.exe
  C:\Windows\System\NSYtFcG.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\XIHPPRF.exe
  C:\Windows\System\XIHPPRF.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\VXfZppK.exe
  C:\Windows\System\VXfZppK.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\qGjuByd.exe
  C:\Windows\System\qGjuByd.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\pfLtQUA.exe
  C:\Windows\System\pfLtQUA.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\RKlcYRG.exe
  C:\Windows\System\RKlcYRG.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\KZvrxam.exe
  C:\Windows\System\KZvrxam.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\OCnfZIH.exe
  C:\Windows\System\OCnfZIH.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\IKhOPhP.exe
  C:\Windows\System\IKhOPhP.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\gAIdkZu.exe
  C:\Windows\System\gAIdkZu.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\hZwxGWR.exe
  C:\Windows\System\hZwxGWR.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\mcKPwnd.exe
  C:\Windows\System\mcKPwnd.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\XuTBtMZ.exe
  C:\Windows\System\XuTBtMZ.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\oiQeCTP.exe
  C:\Windows\System\oiQeCTP.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\qrWfcJC.exe
  C:\Windows\System\qrWfcJC.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\zmPVobz.exe
  C:\Windows\System\zmPVobz.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\RZUszfj.exe
  C:\Windows\System\RZUszfj.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\suONcMb.exe
  C:\Windows\System\suONcMb.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\EchtMhR.exe
  C:\Windows\System\EchtMhR.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\LQgfRzS.exe
  C:\Windows\System\LQgfRzS.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\WhtxdCu.exe
  C:\Windows\System\WhtxdCu.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\asiOuZN.exe
  C:\Windows\System\asiOuZN.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\qvUBYBK.exe
  C:\Windows\System\qvUBYBK.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\lJchHkg.exe
  C:\Windows\System\lJchHkg.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\obhhCNG.exe
  C:\Windows\System\obhhCNG.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\iQYfpDo.exe
  C:\Windows\System\iQYfpDo.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\kXZfyAq.exe
  C:\Windows\System\kXZfyAq.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\Nvgtocb.exe
  C:\Windows\System\Nvgtocb.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\dRfmlSR.exe
  C:\Windows\System\dRfmlSR.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\jJjXTtg.exe
  C:\Windows\System\jJjXTtg.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\SZJuTtg.exe
  C:\Windows\System\SZJuTtg.exe
  2⤵
  PID:576
- C:\Windows\System\qOnxHhf.exe
  C:\Windows\System\qOnxHhf.exe
  2⤵
  PID:556
- C:\Windows\System\umQgaiv.exe
  C:\Windows\System\umQgaiv.exe
  2⤵
  PID:3284
- C:\Windows\System\tEIGOiE.exe
  C:\Windows\System\tEIGOiE.exe
  2⤵
  PID:1308
- C:\Windows\System\FpMJEiW.exe
  C:\Windows\System\FpMJEiW.exe
  2⤵
  PID:5124
- C:\Windows\System\RjcVxBg.exe
  C:\Windows\System\RjcVxBg.exe
  2⤵
  PID:5148
- C:\Windows\System\YYaUFIa.exe
  C:\Windows\System\YYaUFIa.exe
  2⤵
  PID:5180
- C:\Windows\System\LhBewOM.exe
  C:\Windows\System\LhBewOM.exe
  2⤵
  PID:5208
- C:\Windows\System\gKPAWwc.exe
  C:\Windows\System\gKPAWwc.exe
  2⤵
  PID:5240
- C:\Windows\System\EhhglGF.exe
  C:\Windows\System\EhhglGF.exe
  2⤵
  PID:5264
- C:\Windows\System\FnhdhsH.exe
  C:\Windows\System\FnhdhsH.exe
  2⤵
  PID:5296
- C:\Windows\System\nEFRCvq.exe
  C:\Windows\System\nEFRCvq.exe
  2⤵
  PID:5324
- C:\Windows\System\tvlDbmr.exe
  C:\Windows\System\tvlDbmr.exe
  2⤵
  PID:5352
- C:\Windows\System\mKiUglk.exe
  C:\Windows\System\mKiUglk.exe
  2⤵
  PID:5380
- C:\Windows\System\PjhPXuW.exe
  C:\Windows\System\PjhPXuW.exe
  2⤵
  PID:5408
- C:\Windows\System\LcpYspx.exe
  C:\Windows\System\LcpYspx.exe
  2⤵
  PID:5432
- C:\Windows\System\dDrsWBV.exe
  C:\Windows\System\dDrsWBV.exe
  2⤵
  PID:5460
- C:\Windows\System\zauRPYm.exe
  C:\Windows\System\zauRPYm.exe
  2⤵
  PID:5488
- C:\Windows\System\NsuJafT.exe
  C:\Windows\System\NsuJafT.exe
  2⤵
  PID:5516
- C:\Windows\System\KAcmJco.exe
  C:\Windows\System\KAcmJco.exe
  2⤵
  PID:5548
- C:\Windows\System\COaLcVq.exe
  C:\Windows\System\COaLcVq.exe
  2⤵
  PID:5576
- C:\Windows\System\JBqPDgS.exe
  C:\Windows\System\JBqPDgS.exe
  2⤵
  PID:5604
- C:\Windows\System\YEsLpvd.exe
  C:\Windows\System\YEsLpvd.exe
  2⤵
  PID:5632
- C:\Windows\System\qCKovTu.exe
  C:\Windows\System\qCKovTu.exe
  2⤵
  PID:5660
- C:\Windows\System\GNjbZnb.exe
  C:\Windows\System\GNjbZnb.exe
  2⤵
  PID:5688
- C:\Windows\System\EAVHPnf.exe
  C:\Windows\System\EAVHPnf.exe
  2⤵
  PID:5716
- C:\Windows\System\ejwBgoL.exe
  C:\Windows\System\ejwBgoL.exe
  2⤵
  PID:5744
- C:\Windows\System\mFHFAIj.exe
  C:\Windows\System\mFHFAIj.exe
  2⤵
  PID:5772
- C:\Windows\System\nnfKYgj.exe
  C:\Windows\System\nnfKYgj.exe
  2⤵
  PID:5800
- C:\Windows\System\UksBiyC.exe
  C:\Windows\System\UksBiyC.exe
  2⤵
  PID:5828
- C:\Windows\System\AqdRNXz.exe
  C:\Windows\System\AqdRNXz.exe
  2⤵
  PID:5856
- C:\Windows\System\bzUXWyk.exe
  C:\Windows\System\bzUXWyk.exe
  2⤵
  PID:5884
- C:\Windows\System\xqntMAO.exe
  C:\Windows\System\xqntMAO.exe
  2⤵
  PID:5912
- C:\Windows\System\BmkXQMZ.exe
  C:\Windows\System\BmkXQMZ.exe
  2⤵
  PID:5940
- C:\Windows\System\RkjCzbW.exe
  C:\Windows\System\RkjCzbW.exe
  2⤵
  PID:5968
- C:\Windows\System\PuyDhQb.exe
  C:\Windows\System\PuyDhQb.exe
  2⤵
  PID:5996
- C:\Windows\System\NgyHWsV.exe
  C:\Windows\System\NgyHWsV.exe
  2⤵
  PID:6024
- C:\Windows\System\PdHDVJi.exe
  C:\Windows\System\PdHDVJi.exe
  2⤵
  PID:6052
- C:\Windows\System\YAIsyyR.exe
  C:\Windows\System\YAIsyyR.exe
  2⤵
  PID:6080
- C:\Windows\System\wgdkxTy.exe
  C:\Windows\System\wgdkxTy.exe
  2⤵
  PID:6108
- C:\Windows\System\aJwomua.exe
  C:\Windows\System\aJwomua.exe
  2⤵
  PID:6136
- C:\Windows\System\VjKwyTi.exe
  C:\Windows\System\VjKwyTi.exe
  2⤵
  PID:2360
- C:\Windows\System\eVnZBUb.exe
  C:\Windows\System\eVnZBUb.exe
  2⤵
  PID:4648
- C:\Windows\System\DQlLwOv.exe
  C:\Windows\System\DQlLwOv.exe
  2⤵
  PID:1040
- C:\Windows\System\nHZMMUD.exe
  C:\Windows\System\nHZMMUD.exe
  2⤵
  PID:4816
- C:\Windows\System\abcoWJS.exe
  C:\Windows\System\abcoWJS.exe
  2⤵
  PID:5140
- C:\Windows\System\gDtGQgY.exe
  C:\Windows\System\gDtGQgY.exe
  2⤵
  PID:5196
- C:\Windows\System\bAdGGXe.exe
  C:\Windows\System\bAdGGXe.exe
  2⤵
  PID:5260
- C:\Windows\System\lLzvocG.exe
  C:\Windows\System\lLzvocG.exe
  2⤵
  PID:428
- C:\Windows\System\ZayFHGs.exe
  C:\Windows\System\ZayFHGs.exe
  2⤵
  PID:5344
- C:\Windows\System\BrRnnPP.exe
  C:\Windows\System\BrRnnPP.exe
  2⤵
  PID:5420
- C:\Windows\System\JcYbOkr.exe
  C:\Windows\System\JcYbOkr.exe
  2⤵
  PID:5476
- C:\Windows\System\uKrqhLO.exe
  C:\Windows\System\uKrqhLO.exe
  2⤵
  PID:3080
- C:\Windows\System\jUmcTlL.exe
  C:\Windows\System\jUmcTlL.exe
  2⤵
  PID:5568
- C:\Windows\System\exkBXoc.exe
  C:\Windows\System\exkBXoc.exe
  2⤵
  PID:5620
- C:\Windows\System\mNVJzLs.exe
  C:\Windows\System\mNVJzLs.exe
  2⤵
  PID:5680
- C:\Windows\System\OaozTVj.exe
  C:\Windows\System\OaozTVj.exe
  2⤵
  PID:5736
- C:\Windows\System\fHYDRHX.exe
  C:\Windows\System\fHYDRHX.exe
  2⤵
  PID:5812
- C:\Windows\System\VyQViMe.exe
  C:\Windows\System\VyQViMe.exe
  2⤵
  PID:3216
- C:\Windows\System\xAkywjC.exe
  C:\Windows\System\xAkywjC.exe
  2⤵
  PID:5924
- C:\Windows\System\MbOCMlD.exe
  C:\Windows\System\MbOCMlD.exe
  2⤵
  PID:5984
- C:\Windows\System\FdkiJOA.exe
  C:\Windows\System\FdkiJOA.exe
  2⤵
  PID:6016
- C:\Windows\System\BYyzWph.exe
  C:\Windows\System\BYyzWph.exe
  2⤵
  PID:6092
- C:\Windows\System\zNqdfMY.exe
  C:\Windows\System\zNqdfMY.exe
  2⤵
  PID:316
- C:\Windows\System\mRtbKcS.exe
  C:\Windows\System\mRtbKcS.exe
  2⤵
  PID:1584
- C:\Windows\System\onknABl.exe
  C:\Windows\System\onknABl.exe
  2⤵
  PID:1064
- C:\Windows\System\UfdrmyS.exe
  C:\Windows\System\UfdrmyS.exe
  2⤵
  PID:5164
- C:\Windows\System\aQtnKkk.exe
  C:\Windows\System\aQtnKkk.exe
  2⤵
  PID:4508
- C:\Windows\System\JLqvqwi.exe
  C:\Windows\System\JLqvqwi.exe
  2⤵
  PID:5372
- C:\Windows\System\PUuPDAs.exe
  C:\Windows\System\PUuPDAs.exe
  2⤵
  PID:5504
- C:\Windows\System\iJuqXgj.exe
  C:\Windows\System\iJuqXgj.exe
  2⤵
  PID:3244
- C:\Windows\System\HbanTJj.exe
  C:\Windows\System\HbanTJj.exe
  2⤵
  PID:5596
- C:\Windows\System\XewgTCU.exe
  C:\Windows\System\XewgTCU.exe
  2⤵
  PID:5784
- C:\Windows\System\HkwgbPO.exe
  C:\Windows\System\HkwgbPO.exe
  2⤵
  PID:5844
- C:\Windows\System\TYHwwNU.exe
  C:\Windows\System\TYHwwNU.exe
  2⤵
  PID:5100
- C:\Windows\System\AlZyCdD.exe
  C:\Windows\System\AlZyCdD.exe
  2⤵
  PID:6064
- C:\Windows\System\lkIcnox.exe
  C:\Windows\System\lkIcnox.exe
  2⤵
  PID:1036
- C:\Windows\System\gunTCBg.exe
  C:\Windows\System\gunTCBg.exe
  2⤵
  PID:4720
- C:\Windows\System\USHGISH.exe
  C:\Windows\System\USHGISH.exe
  2⤵
  PID:3236
- C:\Windows\System\ZsJcpct.exe
  C:\Windows\System\ZsJcpct.exe
  2⤵
  PID:2160
- C:\Windows\System\xClpUHj.exe
  C:\Windows\System\xClpUHj.exe
  2⤵
  PID:4084
- C:\Windows\System\OqPXEIG.exe
  C:\Windows\System\OqPXEIG.exe
  2⤵
  PID:2388
- C:\Windows\System\bKyxMUG.exe
  C:\Windows\System\bKyxMUG.exe
  2⤵
  PID:4796
- C:\Windows\System\QMrEhHK.exe
  C:\Windows\System\QMrEhHK.exe
  2⤵
  PID:5956
- C:\Windows\System\buDgxwg.exe
  C:\Windows\System\buDgxwg.exe
  2⤵
  PID:3808
- C:\Windows\System\aTtFXOS.exe
  C:\Windows\System\aTtFXOS.exe
  2⤵
  PID:5008
- C:\Windows\System\WkbuWDz.exe
  C:\Windows\System\WkbuWDz.exe
  2⤵
  PID:1608
- C:\Windows\System\XWMBHxo.exe
  C:\Windows\System\XWMBHxo.exe
  2⤵
  PID:3516
- C:\Windows\System\McScdos.exe
  C:\Windows\System\McScdos.exe
  2⤵
  PID:1448
- C:\Windows\System\dudUmsk.exe
  C:\Windows\System\dudUmsk.exe
  2⤵
  PID:3748
- C:\Windows\System\nXQlYWA.exe
  C:\Windows\System\nXQlYWA.exe
  2⤵
  PID:4688
- C:\Windows\System\wVyeWOR.exe
  C:\Windows\System\wVyeWOR.exe
  2⤵
  PID:6120
- C:\Windows\System\QWijFiD.exe
  C:\Windows\System\QWijFiD.exe
  2⤵
  PID:4804
- C:\Windows\System\rrjkXWj.exe
  C:\Windows\System\rrjkXWj.exe
  2⤵
  PID:6156
- C:\Windows\System\wwdvXFx.exe
  C:\Windows\System\wwdvXFx.exe
  2⤵
  PID:6172
- C:\Windows\System\iUTpqvJ.exe
  C:\Windows\System\iUTpqvJ.exe
  2⤵
  PID:6200
- C:\Windows\System\KAYUZOi.exe
  C:\Windows\System\KAYUZOi.exe
  2⤵
  PID:6216
- C:\Windows\System\AmkiQVu.exe
  C:\Windows\System\AmkiQVu.exe
  2⤵
  PID:6260
- C:\Windows\System\YsuPJWY.exe
  C:\Windows\System\YsuPJWY.exe
  2⤵
  PID:6288
- C:\Windows\System\EcHtLGd.exe
  C:\Windows\System\EcHtLGd.exe
  2⤵
  PID:6304
- C:\Windows\System\NzVFoEX.exe
  C:\Windows\System\NzVFoEX.exe
  2⤵
  PID:6340
- C:\Windows\System\xUZVtfQ.exe
  C:\Windows\System\xUZVtfQ.exe
  2⤵
  PID:6360
- C:\Windows\System\UWPtoDr.exe
  C:\Windows\System\UWPtoDr.exe
  2⤵
  PID:6380
- C:\Windows\System\xmInXCk.exe
  C:\Windows\System\xmInXCk.exe
  2⤵
  PID:6424
- C:\Windows\System\PBInNBm.exe
  C:\Windows\System\PBInNBm.exe
  2⤵
  PID:6468
- C:\Windows\System\WPNVsyo.exe
  C:\Windows\System\WPNVsyo.exe
  2⤵
  PID:6496
- C:\Windows\System\gXtUJrx.exe
  C:\Windows\System\gXtUJrx.exe
  2⤵
  PID:6536
- C:\Windows\System\DONvQNJ.exe
  C:\Windows\System\DONvQNJ.exe
  2⤵
  PID:6552
- C:\Windows\System\fCSkKeU.exe
  C:\Windows\System\fCSkKeU.exe
  2⤵
  PID:6576
- C:\Windows\System\KzASDyO.exe
  C:\Windows\System\KzASDyO.exe
  2⤵
  PID:6592
- C:\Windows\System\BYEKWrz.exe
  C:\Windows\System\BYEKWrz.exe
  2⤵
  PID:6612
- C:\Windows\System\YxaBgUK.exe
  C:\Windows\System\YxaBgUK.exe
  2⤵
  PID:6632
- C:\Windows\System\aPeVTBW.exe
  C:\Windows\System\aPeVTBW.exe
  2⤵
  PID:6664
- C:\Windows\System\iVedrOk.exe
  C:\Windows\System\iVedrOk.exe
  2⤵
  PID:6680
- C:\Windows\System\IQHpvwB.exe
  C:\Windows\System\IQHpvwB.exe
  2⤵
  PID:6728
- C:\Windows\System\QeVGfWz.exe
  C:\Windows\System\QeVGfWz.exe
  2⤵
  PID:6760
- C:\Windows\System\eXMPGlF.exe
  C:\Windows\System\eXMPGlF.exe
  2⤵
  PID:6780
- C:\Windows\System\ECGmVuh.exe
  C:\Windows\System\ECGmVuh.exe
  2⤵
  PID:6796
- C:\Windows\System\SKmeLYT.exe
  C:\Windows\System\SKmeLYT.exe
  2⤵
  PID:6816
- C:\Windows\System\RthoGhd.exe
  C:\Windows\System\RthoGhd.exe
  2⤵
  PID:6836
- C:\Windows\System\bFnCWLg.exe
  C:\Windows\System\bFnCWLg.exe
  2⤵
  PID:6856
- C:\Windows\System\fuIwdTY.exe
  C:\Windows\System\fuIwdTY.exe
  2⤵
  PID:6880
- C:\Windows\System\SQQtzrU.exe
  C:\Windows\System\SQQtzrU.exe
  2⤵
  PID:6900
- C:\Windows\System\aZNiKWd.exe
  C:\Windows\System\aZNiKWd.exe
  2⤵
  PID:6924
- C:\Windows\System\GlDxzzv.exe
  C:\Windows\System\GlDxzzv.exe
  2⤵
  PID:6940
- C:\Windows\System\OcqIVbJ.exe
  C:\Windows\System\OcqIVbJ.exe
  2⤵
  PID:6964
- C:\Windows\System\yEshmXE.exe
  C:\Windows\System\yEshmXE.exe
  2⤵
  PID:7008
- C:\Windows\System\JDGXEDO.exe
  C:\Windows\System\JDGXEDO.exe
  2⤵
  PID:7112
- C:\Windows\System\EtTHhih.exe
  C:\Windows\System\EtTHhih.exe
  2⤵
  PID:7132
- C:\Windows\System\kOqVrjE.exe
  C:\Windows\System\kOqVrjE.exe
  2⤵
  PID:7152
- C:\Windows\System\JPaermz.exe
  C:\Windows\System\JPaermz.exe
  2⤵
  PID:6164
- C:\Windows\System\YFveAtF.exe
  C:\Windows\System\YFveAtF.exe
  2⤵
  PID:6148
- C:\Windows\System\ZLtJhuI.exe
  C:\Windows\System\ZLtJhuI.exe
  2⤵
  PID:2184
- C:\Windows\System\GFhCUNP.exe
  C:\Windows\System\GFhCUNP.exe
  2⤵
  PID:6332
- C:\Windows\System\AbIlpXI.exe
  C:\Windows\System\AbIlpXI.exe
  2⤵
  PID:6372
- C:\Windows\System\WksAYYg.exe
  C:\Windows\System\WksAYYg.exe
  2⤵
  PID:6512
- C:\Windows\System\GvCGaCk.exe
  C:\Windows\System\GvCGaCk.exe
  2⤵
  PID:6572
- C:\Windows\System\IKbRtMJ.exe
  C:\Windows\System\IKbRtMJ.exe
  2⤵
  PID:6620
- C:\Windows\System\QzWKAjX.exe
  C:\Windows\System\QzWKAjX.exe
  2⤵
  PID:6672
- C:\Windows\System\rLnpZmk.exe
  C:\Windows\System\rLnpZmk.exe
  2⤵
  PID:6656
- C:\Windows\System\LXnyAfZ.exe
  C:\Windows\System\LXnyAfZ.exe
  2⤵
  PID:6812
- C:\Windows\System\AyGovvk.exe
  C:\Windows\System\AyGovvk.exe
  2⤵
  PID:6832
- C:\Windows\System\vaoGMYE.exe
  C:\Windows\System\vaoGMYE.exe
  2⤵
  PID:6772
- C:\Windows\System\KiuLvne.exe
  C:\Windows\System\KiuLvne.exe
  2⤵
  PID:6872
- C:\Windows\System\HAxgBju.exe
  C:\Windows\System\HAxgBju.exe
  2⤵
  PID:7016
- C:\Windows\System\okRQINU.exe
  C:\Windows\System\okRQINU.exe
  2⤵
  PID:7144
- C:\Windows\System\kyJiIBw.exe
  C:\Windows\System\kyJiIBw.exe
  2⤵
  PID:1316
- C:\Windows\System\LcJxPFd.exe
  C:\Windows\System\LcJxPFd.exe
  2⤵
  PID:6316
- C:\Windows\System\XsRlfYg.exe
  C:\Windows\System\XsRlfYg.exe
  2⤵
  PID:6440
- C:\Windows\System\YrpjiWt.exe
  C:\Windows\System\YrpjiWt.exe
  2⤵
  PID:6548
- C:\Windows\System\RGviutO.exe
  C:\Windows\System\RGviutO.exe
  2⤵
  PID:6708
- C:\Windows\System\AChCcDb.exe
  C:\Windows\System\AChCcDb.exe
  2⤵
  PID:6808
- C:\Windows\System\MPXKDnF.exe
  C:\Windows\System\MPXKDnF.exe
  2⤵
  PID:7000
- C:\Windows\System\NDlyKCS.exe
  C:\Windows\System\NDlyKCS.exe
  2⤵
  PID:7140
- C:\Windows\System\OmrZOoT.exe
  C:\Windows\System\OmrZOoT.exe
  2⤵
  PID:6776
- C:\Windows\System\nWedYKc.exe
  C:\Windows\System\nWedYKc.exe
  2⤵
  PID:6804
- C:\Windows\System\MINASIK.exe
  C:\Windows\System\MINASIK.exe
  2⤵
  PID:6608
- C:\Windows\System\SuleDQV.exe
  C:\Windows\System\SuleDQV.exe
  2⤵
  PID:7176
- C:\Windows\System\aivyNaK.exe
  C:\Windows\System\aivyNaK.exe
  2⤵
  PID:7196
- C:\Windows\System\EsnLPgo.exe
  C:\Windows\System\EsnLPgo.exe
  2⤵
  PID:7220
- C:\Windows\System\hXfUeUC.exe
  C:\Windows\System\hXfUeUC.exe
  2⤵
  PID:7280
- C:\Windows\System\WcHCFCp.exe
  C:\Windows\System\WcHCFCp.exe
  2⤵
  PID:7308
- C:\Windows\System\rzGbYvP.exe
  C:\Windows\System\rzGbYvP.exe
  2⤵
  PID:7328
- C:\Windows\System\irfRbqr.exe
  C:\Windows\System\irfRbqr.exe
  2⤵
  PID:7348
- C:\Windows\System\cFwTcBy.exe
  C:\Windows\System\cFwTcBy.exe
  2⤵
  PID:7396
- C:\Windows\System\MYyyAcx.exe
  C:\Windows\System\MYyyAcx.exe
  2⤵
  PID:7416
- C:\Windows\System\uMNjNvk.exe
  C:\Windows\System\uMNjNvk.exe
  2⤵
  PID:7432
- C:\Windows\System\OyUuKqE.exe
  C:\Windows\System\OyUuKqE.exe
  2⤵
  PID:7456
- C:\Windows\System\hCakIaP.exe
  C:\Windows\System\hCakIaP.exe
  2⤵
  PID:7472
- C:\Windows\System\jmMtnKU.exe
  C:\Windows\System\jmMtnKU.exe
  2⤵
  PID:7496
- C:\Windows\System\YQczWzu.exe
  C:\Windows\System\YQczWzu.exe
  2⤵
  PID:7532
- C:\Windows\System\AIyVSHu.exe
  C:\Windows\System\AIyVSHu.exe
  2⤵
  PID:7552
- C:\Windows\System\gpPKOOX.exe
  C:\Windows\System\gpPKOOX.exe
  2⤵
  PID:7604
- C:\Windows\System\IkaVsCC.exe
  C:\Windows\System\IkaVsCC.exe
  2⤵
  PID:7624
- C:\Windows\System\kzenQpu.exe
  C:\Windows\System\kzenQpu.exe
  2⤵
  PID:7644
- C:\Windows\System\JJrUCNx.exe
  C:\Windows\System\JJrUCNx.exe
  2⤵
  PID:7672
- C:\Windows\System\sVrMhxP.exe
  C:\Windows\System\sVrMhxP.exe
  2⤵
  PID:7688
- C:\Windows\System\KulARvd.exe
  C:\Windows\System\KulARvd.exe
  2⤵
  PID:7728
- C:\Windows\System\OEogRNa.exe
  C:\Windows\System\OEogRNa.exe
  2⤵
  PID:7748
- C:\Windows\System\vNMHHXT.exe
  C:\Windows\System\vNMHHXT.exe
  2⤵
  PID:7768
- C:\Windows\System\erqbRby.exe
  C:\Windows\System\erqbRby.exe
  2⤵
  PID:7844
- C:\Windows\System\zAgpqdm.exe
  C:\Windows\System\zAgpqdm.exe
  2⤵
  PID:7884
- C:\Windows\System\oPKxHAd.exe
  C:\Windows\System\oPKxHAd.exe
  2⤵
  PID:7900
- C:\Windows\System\wAxHRoj.exe
  C:\Windows\System\wAxHRoj.exe
  2⤵
  PID:7920
- C:\Windows\System\xJLfQod.exe
  C:\Windows\System\xJLfQod.exe
  2⤵
  PID:7956
- C:\Windows\System\zdERtrs.exe
  C:\Windows\System\zdERtrs.exe
  2⤵
  PID:7976
- C:\Windows\System\lcbNhjw.exe
  C:\Windows\System\lcbNhjw.exe
  2⤵
  PID:8016
- C:\Windows\System\LSxEcUv.exe
  C:\Windows\System\LSxEcUv.exe
  2⤵
  PID:8036
- C:\Windows\System\MWMcTlI.exe
  C:\Windows\System\MWMcTlI.exe
  2⤵
  PID:8056
- C:\Windows\System\oEjQJOm.exe
  C:\Windows\System\oEjQJOm.exe
  2⤵
  PID:8096
- C:\Windows\System\wUvKFsD.exe
  C:\Windows\System\wUvKFsD.exe
  2⤵
  PID:8120
- C:\Windows\System\eZulOPO.exe
  C:\Windows\System\eZulOPO.exe
  2⤵
  PID:8144
- C:\Windows\System\nXkHXnb.exe
  C:\Windows\System\nXkHXnb.exe
  2⤵
  PID:8168
- C:\Windows\System\csPizIa.exe
  C:\Windows\System\csPizIa.exe
  2⤵
  PID:6528
- C:\Windows\System\hlEEheK.exe
  C:\Windows\System\hlEEheK.exe
  2⤵
  PID:7172
- C:\Windows\System\CqvSCJZ.exe
  C:\Windows\System\CqvSCJZ.exe
  2⤵
  PID:7244
- C:\Windows\System\rnITNcp.exe
  C:\Windows\System\rnITNcp.exe
  2⤵
  PID:7324
- C:\Windows\System\GnLXRdv.exe
  C:\Windows\System\GnLXRdv.exe
  2⤵
  PID:7376
- C:\Windows\System\wKVvhom.exe
  C:\Windows\System\wKVvhom.exe
  2⤵
  PID:7448
- C:\Windows\System\ETlhGQf.exe
  C:\Windows\System\ETlhGQf.exe
  2⤵
  PID:7468
- C:\Windows\System\qkUdtBJ.exe
  C:\Windows\System\qkUdtBJ.exe
  2⤵
  PID:7620
- C:\Windows\System\oqCxdXO.exe
  C:\Windows\System\oqCxdXO.exe
  2⤵
  PID:7652
- C:\Windows\System\oRthmld.exe
  C:\Windows\System\oRthmld.exe
  2⤵
  PID:7756
- C:\Windows\System\bNYSnFy.exe
  C:\Windows\System\bNYSnFy.exe
  2⤵
  PID:7792
- C:\Windows\System\dQeaTWL.exe
  C:\Windows\System\dQeaTWL.exe
  2⤵
  PID:7824
- C:\Windows\System\EjfazUQ.exe
  C:\Windows\System\EjfazUQ.exe
  2⤵
  PID:7932
- C:\Windows\System\iafYzRB.exe
  C:\Windows\System\iafYzRB.exe
  2⤵
  PID:7996
- C:\Windows\System\eDLOKfu.exe
  C:\Windows\System\eDLOKfu.exe
  2⤵
  PID:8072
- C:\Windows\System\xQjIMbg.exe
  C:\Windows\System\xQjIMbg.exe
  2⤵
  PID:8116
- C:\Windows\System\udqhkqF.exe
  C:\Windows\System\udqhkqF.exe
  2⤵
  PID:8156
- C:\Windows\System\kNYSsyL.exe
  C:\Windows\System\kNYSsyL.exe
  2⤵
  PID:7464
- C:\Windows\System\HRFvdxr.exe
  C:\Windows\System\HRFvdxr.exe
  2⤵
  PID:7428
- C:\Windows\System\WdrOXtq.exe
  C:\Windows\System\WdrOXtq.exe
  2⤵
  PID:7564
- C:\Windows\System\DTsogQt.exe
  C:\Windows\System\DTsogQt.exe
  2⤵
  PID:7864
- C:\Windows\System\VjuAetY.exe
  C:\Windows\System\VjuAetY.exe
  2⤵
  PID:7896
- C:\Windows\System\kvfmuWt.exe
  C:\Windows\System\kvfmuWt.exe
  2⤵
  PID:7972
- C:\Windows\System\MEbRIKD.exe
  C:\Windows\System\MEbRIKD.exe
  2⤵
  PID:8176
- C:\Windows\System\cnKyfQy.exe
  C:\Windows\System\cnKyfQy.exe
  2⤵
  PID:7272
- C:\Windows\System\pEfoQiU.exe
  C:\Windows\System\pEfoQiU.exe
  2⤵
  PID:7544
- C:\Windows\System\DAFKttf.exe
  C:\Windows\System\DAFKttf.exe
  2⤵
  PID:7548
- C:\Windows\System\rUEBhuq.exe
  C:\Windows\System\rUEBhuq.exe
  2⤵
  PID:7988
- C:\Windows\System\bqcMaRK.exe
  C:\Windows\System\bqcMaRK.exe
  2⤵
  PID:8200
- C:\Windows\System\UoQECiL.exe
  C:\Windows\System\UoQECiL.exe
  2⤵
  PID:8216
- C:\Windows\System\pCLdSit.exe
  C:\Windows\System\pCLdSit.exe
  2⤵
  PID:8236
- C:\Windows\System\YPVtJUr.exe
  C:\Windows\System\YPVtJUr.exe
  2⤵
  PID:8268
- C:\Windows\System\LOSxkhG.exe
  C:\Windows\System\LOSxkhG.exe
  2⤵
  PID:8284
- C:\Windows\System\oxJfJIR.exe
  C:\Windows\System\oxJfJIR.exe
  2⤵
  PID:8304
- C:\Windows\System\RCQWOpC.exe
  C:\Windows\System\RCQWOpC.exe
  2⤵
  PID:8332
- C:\Windows\System\SVbcIFQ.exe
  C:\Windows\System\SVbcIFQ.exe
  2⤵
  PID:8396
- C:\Windows\System\ZoQLebX.exe
  C:\Windows\System\ZoQLebX.exe
  2⤵
  PID:8412
- C:\Windows\System\UfkvVBW.exe
  C:\Windows\System\UfkvVBW.exe
  2⤵
  PID:8476
- C:\Windows\System\RYEATaW.exe
  C:\Windows\System\RYEATaW.exe
  2⤵
  PID:8516
- C:\Windows\System\wHGOfOT.exe
  C:\Windows\System\wHGOfOT.exe
  2⤵
  PID:8540
- C:\Windows\System\bkcwreS.exe
  C:\Windows\System\bkcwreS.exe
  2⤵
  PID:8580
- C:\Windows\System\EHHRYUU.exe
  C:\Windows\System\EHHRYUU.exe
  2⤵
  PID:8600
- C:\Windows\System\GXdAQok.exe
  C:\Windows\System\GXdAQok.exe
  2⤵
  PID:8636
- C:\Windows\System\LWUtLJx.exe
  C:\Windows\System\LWUtLJx.exe
  2⤵
  PID:8652
- C:\Windows\System\HpSvkFv.exe
  C:\Windows\System\HpSvkFv.exe
  2⤵
  PID:8668
- C:\Windows\System\whyZZtW.exe
  C:\Windows\System\whyZZtW.exe
  2⤵
  PID:8688
- C:\Windows\System\xPfTKUu.exe
  C:\Windows\System\xPfTKUu.exe
  2⤵
  PID:8736
- C:\Windows\System\fWOpqML.exe
  C:\Windows\System\fWOpqML.exe
  2⤵
  PID:8784
- C:\Windows\System\RGwfQwQ.exe
  C:\Windows\System\RGwfQwQ.exe
  2⤵
  PID:8804
- C:\Windows\System\sqOtcno.exe
  C:\Windows\System\sqOtcno.exe
  2⤵
  PID:8844
- C:\Windows\System\UNIuSLY.exe
  C:\Windows\System\UNIuSLY.exe
  2⤵
  PID:8864
- C:\Windows\System\RVYURyZ.exe
  C:\Windows\System\RVYURyZ.exe
  2⤵
  PID:8888
- C:\Windows\System\jqQjlnU.exe
  C:\Windows\System\jqQjlnU.exe
  2⤵
  PID:8908
- C:\Windows\System\uGsWemM.exe
  C:\Windows\System\uGsWemM.exe
  2⤵
  PID:8932
- C:\Windows\System\lhYRybk.exe
  C:\Windows\System\lhYRybk.exe
  2⤵
  PID:8952
- C:\Windows\System\hSCFJki.exe
  C:\Windows\System\hSCFJki.exe
  2⤵
  PID:8976
- C:\Windows\System\mSlGnHZ.exe
  C:\Windows\System\mSlGnHZ.exe
  2⤵
  PID:9020
- C:\Windows\System\ELDcQkK.exe
  C:\Windows\System\ELDcQkK.exe
  2⤵
  PID:9040
- C:\Windows\System\SMXYcwi.exe
  C:\Windows\System\SMXYcwi.exe
  2⤵
  PID:9060
- C:\Windows\System\xmRjkEs.exe
  C:\Windows\System\xmRjkEs.exe
  2⤵
  PID:9092
- C:\Windows\System\jMhWLQc.exe
  C:\Windows\System\jMhWLQc.exe
  2⤵
  PID:9140
- C:\Windows\System\flVMsPy.exe
  C:\Windows\System\flVMsPy.exe
  2⤵
  PID:9160
- C:\Windows\System\DcezdDB.exe
  C:\Windows\System\DcezdDB.exe
  2⤵
  PID:9196
- C:\Windows\System\kRXecGK.exe
  C:\Windows\System\kRXecGK.exe
  2⤵
  PID:7260
- C:\Windows\System\LpdTgjC.exe
  C:\Windows\System\LpdTgjC.exe
  2⤵
  PID:8212
- C:\Windows\System\IiZiEfL.exe
  C:\Windows\System\IiZiEfL.exe
  2⤵
  PID:7948
- C:\Windows\System\yDVgDbB.exe
  C:\Windows\System\yDVgDbB.exe
  2⤵
  PID:8276
- C:\Windows\System\tMfIeQU.exe
  C:\Windows\System\tMfIeQU.exe
  2⤵
  PID:8364
- C:\Windows\System\CCuOIEG.exe
  C:\Windows\System\CCuOIEG.exe
  2⤵
  PID:8392
- C:\Windows\System\FZDiZHk.exe
  C:\Windows\System\FZDiZHk.exe
  2⤵
  PID:8532
- C:\Windows\System\RRzddNJ.exe
  C:\Windows\System\RRzddNJ.exe
  2⤵
  PID:8568
- C:\Windows\System\cZLmCuF.exe
  C:\Windows\System\cZLmCuF.exe
  2⤵
  PID:8660
- C:\Windows\System\IEJYWJR.exe
  C:\Windows\System\IEJYWJR.exe
  2⤵
  PID:8796
- C:\Windows\System\ApXrAIk.exe
  C:\Windows\System\ApXrAIk.exe
  2⤵
  PID:8836
- C:\Windows\System\EcucEbc.exe
  C:\Windows\System\EcucEbc.exe
  2⤵
  PID:8884
- C:\Windows\System\ZBWXqnD.exe
  C:\Windows\System\ZBWXqnD.exe
  2⤵
  PID:8948
- C:\Windows\System\BhyqScN.exe
  C:\Windows\System\BhyqScN.exe
  2⤵
  PID:220
- C:\Windows\System\OsEvJxj.exe
  C:\Windows\System\OsEvJxj.exe
  2⤵
  PID:9016
- C:\Windows\System\RigYnrk.exe
  C:\Windows\System\RigYnrk.exe
  2⤵
  PID:9148
- C:\Windows\System\oIzKrhv.exe
  C:\Windows\System\oIzKrhv.exe
  2⤵
  PID:3220
- C:\Windows\System\jYUuJfw.exe
  C:\Windows\System\jYUuJfw.exe
  2⤵
  PID:8328
- C:\Windows\System\qrECRdV.exe
  C:\Windows\System\qrECRdV.exe
  2⤵
  PID:8444
- C:\Windows\System\pPTOyUq.exe
  C:\Windows\System\pPTOyUq.exe
  2⤵
  PID:8484
- C:\Windows\System\RoWCrSy.exe
  C:\Windows\System\RoWCrSy.exe
  2⤵
  PID:8624
- C:\Windows\System\fMyCOlp.exe
  C:\Windows\System\fMyCOlp.exe
  2⤵
  PID:8728
- C:\Windows\System\rezngdL.exe
  C:\Windows\System\rezngdL.exe
  2⤵
  PID:8960
- C:\Windows\System\DsNjBGt.exe
  C:\Windows\System\DsNjBGt.exe
  2⤵
  PID:9136
- C:\Windows\System\GcdjNzU.exe
  C:\Windows\System\GcdjNzU.exe
  2⤵
  PID:8224
- C:\Windows\System\bBCrNfd.exe
  C:\Windows\System\bBCrNfd.exe
  2⤵
  PID:8472
- C:\Windows\System\PAHPIhj.exe
  C:\Windows\System\PAHPIhj.exe
  2⤵
  PID:8708
- C:\Windows\System\AqiJVGd.exe
  C:\Windows\System\AqiJVGd.exe
  2⤵
  PID:9052
- C:\Windows\System\qjUdoOt.exe
  C:\Windows\System\qjUdoOt.exe
  2⤵
  PID:9240
- C:\Windows\System\ImuJUgA.exe
  C:\Windows\System\ImuJUgA.exe
  2⤵
  PID:9260
- C:\Windows\System\gQSWSRV.exe
  C:\Windows\System\gQSWSRV.exe
  2⤵
  PID:9296
- C:\Windows\System\tvzyypl.exe
  C:\Windows\System\tvzyypl.exe
  2⤵
  PID:9316
- C:\Windows\System\hXRFAKg.exe
  C:\Windows\System\hXRFAKg.exe
  2⤵
  PID:9336
- C:\Windows\System\sOicPPV.exe
  C:\Windows\System\sOicPPV.exe
  2⤵
  PID:9360
- C:\Windows\System\ptdPPpO.exe
  C:\Windows\System\ptdPPpO.exe
  2⤵
  PID:9404
- C:\Windows\System\iKEBtvw.exe
  C:\Windows\System\iKEBtvw.exe
  2⤵
  PID:9436
- C:\Windows\System\bMmdebI.exe
  C:\Windows\System\bMmdebI.exe
  2⤵
  PID:9456
- C:\Windows\System\eBtvztt.exe
  C:\Windows\System\eBtvztt.exe
  2⤵
  PID:9492
- C:\Windows\System\AHmJkKk.exe
  C:\Windows\System\AHmJkKk.exe
  2⤵
  PID:9512
- C:\Windows\System\shvmcLD.exe
  C:\Windows\System\shvmcLD.exe
  2⤵
  PID:9536
- C:\Windows\System\oGpmstr.exe
  C:\Windows\System\oGpmstr.exe
  2⤵
  PID:9556
- C:\Windows\System\mUbApka.exe
  C:\Windows\System\mUbApka.exe
  2⤵
  PID:9588
- C:\Windows\System\HpqrDtN.exe
  C:\Windows\System\HpqrDtN.exe
  2⤵
  PID:9604
- C:\Windows\System\SarNlHy.exe
  C:\Windows\System\SarNlHy.exe
  2⤵
  PID:9624
- C:\Windows\System\ZOWLxaU.exe
  C:\Windows\System\ZOWLxaU.exe
  2⤵
  PID:9644
- C:\Windows\System\LuMuzOX.exe
  C:\Windows\System\LuMuzOX.exe
  2⤵
  PID:9676
- C:\Windows\System\ZpsZgcR.exe
  C:\Windows\System\ZpsZgcR.exe
  2⤵
  PID:9696
- C:\Windows\System\AgNxHeZ.exe
  C:\Windows\System\AgNxHeZ.exe
  2⤵
  PID:9720
- C:\Windows\System\PhDsvVE.exe
  C:\Windows\System\PhDsvVE.exe
  2⤵
  PID:9740
- C:\Windows\System\zNoOsya.exe
  C:\Windows\System\zNoOsya.exe
  2⤵
  PID:9808
- C:\Windows\System\IbLvsOx.exe
  C:\Windows\System\IbLvsOx.exe
  2⤵
  PID:9844
- C:\Windows\System\GVLbcxY.exe
  C:\Windows\System\GVLbcxY.exe
  2⤵
  PID:9864
- C:\Windows\System\majUGKy.exe
  C:\Windows\System\majUGKy.exe
  2⤵
  PID:9904
- C:\Windows\System\XFihQcq.exe
  C:\Windows\System\XFihQcq.exe
  2⤵
  PID:9960
- C:\Windows\System\aMsssSS.exe
  C:\Windows\System\aMsssSS.exe
  2⤵
  PID:9980
- C:\Windows\System\KBMDTjn.exe
  C:\Windows\System\KBMDTjn.exe
  2⤵
  PID:10004
- C:\Windows\System\ZjrtVmA.exe
  C:\Windows\System\ZjrtVmA.exe
  2⤵
  PID:10024
- C:\Windows\System\sKNmKhJ.exe
  C:\Windows\System\sKNmKhJ.exe
  2⤵
  PID:10080
- C:\Windows\System\JknrESS.exe
  C:\Windows\System\JknrESS.exe
  2⤵
  PID:10096
- C:\Windows\System\pabNIDd.exe
  C:\Windows\System\pabNIDd.exe
  2⤵
  PID:10116
- C:\Windows\System\FoXZiIK.exe
  C:\Windows\System\FoXZiIK.exe
  2⤵
  PID:10144
- C:\Windows\System\vxCpBZS.exe
  C:\Windows\System\vxCpBZS.exe
  2⤵
  PID:10168
- C:\Windows\System\XPoDBsG.exe
  C:\Windows\System\XPoDBsG.exe
  2⤵
  PID:10188
- C:\Windows\System\vvSopEd.exe
  C:\Windows\System\vvSopEd.exe
  2⤵
  PID:10216
- C:\Windows\System\FHPSEoE.exe
  C:\Windows\System\FHPSEoE.exe
  2⤵
  PID:9308
- C:\Windows\System\dMGPKSE.exe
  C:\Windows\System\dMGPKSE.exe
  2⤵
  PID:9412
- C:\Windows\System\DKPjoVK.exe
  C:\Windows\System\DKPjoVK.exe
  2⤵
  PID:4756
- C:\Windows\System\DKOwMcq.exe
  C:\Windows\System\DKOwMcq.exe
  2⤵
  PID:1060
- C:\Windows\System\hdrVgww.exe
  C:\Windows\System\hdrVgww.exe
  2⤵
  PID:5088
- C:\Windows\System\BBcyDFO.exe
  C:\Windows\System\BBcyDFO.exe
  2⤵
  PID:9616
- C:\Windows\System\AxAmwVV.exe
  C:\Windows\System\AxAmwVV.exe
  2⤵
  PID:9736
- C:\Windows\System\ButtVKM.exe
  C:\Windows\System\ButtVKM.exe
  2⤵
  PID:2268
- C:\Windows\System\HoEZLSu.exe
  C:\Windows\System\HoEZLSu.exe
  2⤵
  PID:9692
- C:\Windows\System\zWRzcxW.exe
  C:\Windows\System\zWRzcxW.exe
  2⤵
  PID:9652
- C:\Windows\System\uNSkggS.exe
  C:\Windows\System\uNSkggS.exe
  2⤵
  PID:9804
- C:\Windows\System\RUXjloS.exe
  C:\Windows\System\RUXjloS.exe
  2⤵
  PID:9716
- C:\Windows\System\VoBfrLS.exe
  C:\Windows\System\VoBfrLS.exe
  2⤵
  PID:9780
- C:\Windows\System\snjYFax.exe
  C:\Windows\System\snjYFax.exe
  2⤵
  PID:9876
- C:\Windows\System\ktLomTc.exe
  C:\Windows\System\ktLomTc.exe
  2⤵
  PID:9924
- C:\Windows\System\wQFSMxg.exe
  C:\Windows\System\wQFSMxg.exe
  2⤵
  PID:9944
- C:\Windows\System\RxmixZC.exe
  C:\Windows\System\RxmixZC.exe
  2⤵
  PID:9988
- C:\Windows\System\XapeHNs.exe
  C:\Windows\System\XapeHNs.exe
  2⤵
  PID:10020
- C:\Windows\System\pXsZkvk.exe
  C:\Windows\System\pXsZkvk.exe
  2⤵
  PID:10060
- C:\Windows\System\LmTfuOQ.exe
  C:\Windows\System\LmTfuOQ.exe
  2⤵
  PID:10140
- C:\Windows\System\mioxUVF.exe
  C:\Windows\System\mioxUVF.exe
  2⤵
  PID:10164
- C:\Windows\System\kVNBOBQ.exe
  C:\Windows\System\kVNBOBQ.exe
  2⤵
  PID:10212
- C:\Windows\System\tBqEuHS.exe
  C:\Windows\System\tBqEuHS.exe
  2⤵
  PID:9584
- C:\Windows\System\tjvaVzv.exe
  C:\Windows\System\tjvaVzv.exe
  2⤵
  PID:9620
- C:\Windows\System\lahiIDe.exe
  C:\Windows\System\lahiIDe.exe
  2⤵
  PID:8132
- C:\Windows\System\gqabUPG.exe
  C:\Windows\System\gqabUPG.exe
  2⤵
  PID:9428
- C:\Windows\System\pDPKNVw.exe
  C:\Windows\System\pDPKNVw.exe
  2⤵
  PID:9528
- C:\Windows\System\WZJtAzY.exe
  C:\Windows\System\WZJtAzY.exe
  2⤵
  PID:8596
- C:\Windows\System\XhbFBiq.exe
  C:\Windows\System\XhbFBiq.exe
  2⤵
  PID:9548
- C:\Windows\System\noGbpWd.exe
  C:\Windows\System\noGbpWd.exe
  2⤵
  PID:9784
- C:\Windows\System\xcTfZCO.exe
  C:\Windows\System\xcTfZCO.exe
  2⤵
  PID:8820
- C:\Windows\System\IXHvegT.exe
  C:\Windows\System\IXHvegT.exe
  2⤵
  PID:4464
- C:\Windows\System\LsHOOjY.exe
  C:\Windows\System\LsHOOjY.exe
  2⤵
  PID:4384
- C:\Windows\System\AQWCkLC.exe
  C:\Windows\System\AQWCkLC.exe
  2⤵
  PID:9552
- C:\Windows\System\BYBWtfE.exe
  C:\Windows\System\BYBWtfE.exe
  2⤵
  PID:10264
- C:\Windows\System\fLtubHv.exe
  C:\Windows\System\fLtubHv.exe
  2⤵
  PID:10284
- C:\Windows\System\zGNiVpC.exe
  C:\Windows\System\zGNiVpC.exe
  2⤵
  PID:10316
- C:\Windows\System\xKIcgaH.exe
  C:\Windows\System\xKIcgaH.exe
  2⤵
  PID:10364
- C:\Windows\System\NrxpDNt.exe
  C:\Windows\System\NrxpDNt.exe
  2⤵
  PID:10416
- C:\Windows\System\GdHwvlF.exe
  C:\Windows\System\GdHwvlF.exe
  2⤵
  PID:10432
- C:\Windows\System\VghrwyQ.exe
  C:\Windows\System\VghrwyQ.exe
  2⤵
  PID:10480
- C:\Windows\System\haLbbVI.exe
  C:\Windows\System\haLbbVI.exe
  2⤵
  PID:10496
- C:\Windows\System\JVJUTrI.exe
  C:\Windows\System\JVJUTrI.exe
  2⤵
  PID:10516
- C:\Windows\System\OemvRBs.exe
  C:\Windows\System\OemvRBs.exe
  2⤵
  PID:10556
- C:\Windows\System\eQzVwnR.exe
  C:\Windows\System\eQzVwnR.exe
  2⤵
  PID:10580
- C:\Windows\System\otEOxNU.exe
  C:\Windows\System\otEOxNU.exe
  2⤵
  PID:10604
- C:\Windows\System\PtRPDSZ.exe
  C:\Windows\System\PtRPDSZ.exe
  2⤵
  PID:10648
- C:\Windows\System\ajGvZGa.exe
  C:\Windows\System\ajGvZGa.exe
  2⤵
  PID:10676
- C:\Windows\System\YcvkGBx.exe
  C:\Windows\System\YcvkGBx.exe
  2⤵
  PID:10692
- C:\Windows\System\tGUkcZW.exe
  C:\Windows\System\tGUkcZW.exe
  2⤵
  PID:10716
- C:\Windows\System\gvVENNk.exe
  C:\Windows\System\gvVENNk.exe
  2⤵
  PID:10740
- C:\Windows\System\RSRNKet.exe
  C:\Windows\System\RSRNKet.exe
  2⤵
  PID:10756
- C:\Windows\System\QFJPYWW.exe
  C:\Windows\System\QFJPYWW.exe
  2⤵
  PID:10772
- C:\Windows\System\VFaKbfA.exe
  C:\Windows\System\VFaKbfA.exe
  2⤵
  PID:10800
- C:\Windows\System\PMOEFyZ.exe
  C:\Windows\System\PMOEFyZ.exe
  2⤵
  PID:10820
- C:\Windows\System\FDURWER.exe
  C:\Windows\System\FDURWER.exe
  2⤵
  PID:10852
- C:\Windows\System\PtyPcXl.exe
  C:\Windows\System\PtyPcXl.exe
  2⤵
  PID:10884
- C:\Windows\System\FsOCOOn.exe
  C:\Windows\System\FsOCOOn.exe
  2⤵
  PID:10908
- C:\Windows\System\KMfxWEs.exe
  C:\Windows\System\KMfxWEs.exe
  2⤵
  PID:10928
- C:\Windows\System\aVFIqxA.exe
  C:\Windows\System\aVFIqxA.exe
  2⤵
  PID:10960
- C:\Windows\System\QFwemIC.exe
  C:\Windows\System\QFwemIC.exe
  2⤵
  PID:10988
- C:\Windows\System\QXtCpEX.exe
  C:\Windows\System\QXtCpEX.exe
  2⤵
  PID:11008
- C:\Windows\System\xxKBudZ.exe
  C:\Windows\System\xxKBudZ.exe
  2⤵
  PID:11028
- C:\Windows\System\hcSpKNk.exe
  C:\Windows\System\hcSpKNk.exe
  2⤵
  PID:11044
- C:\Windows\System\vWuEshL.exe
  C:\Windows\System\vWuEshL.exe
  2⤵
  PID:11068
- C:\Windows\System\rCYzhKh.exe
  C:\Windows\System\rCYzhKh.exe
  2⤵
  PID:11092
- C:\Windows\System\AoZIWXP.exe
  C:\Windows\System\AoZIWXP.exe
  2⤵
  PID:11116
- C:\Windows\System\uNBmrwr.exe
  C:\Windows\System\uNBmrwr.exe
  2⤵
  PID:11156
- C:\Windows\System\poOtrkr.exe
  C:\Windows\System\poOtrkr.exe
  2⤵
  PID:11236
- C:\Windows\System\UxMAFZO.exe
  C:\Windows\System\UxMAFZO.exe
  2⤵
  PID:11252
- C:\Windows\System\nuPImyr.exe
  C:\Windows\System\nuPImyr.exe
  2⤵
  PID:9348
- C:\Windows\System\xVLUeYC.exe
  C:\Windows\System\xVLUeYC.exe
  2⤵
  PID:10308
- C:\Windows\System\fHHJDNq.exe
  C:\Windows\System\fHHJDNq.exe
  2⤵
  PID:10360
- C:\Windows\System\BSwCjtF.exe
  C:\Windows\System\BSwCjtF.exe
  2⤵
  PID:10504
- C:\Windows\System\YKJWNcG.exe
  C:\Windows\System\YKJWNcG.exe
  2⤵
  PID:10488
- C:\Windows\System\BUGRsPw.exe
  C:\Windows\System\BUGRsPw.exe
  2⤵
  PID:10636
- C:\Windows\System\wBJyFFi.exe
  C:\Windows\System\wBJyFFi.exe
  2⤵
  PID:10684
- C:\Windows\System\PJfLCnq.exe
  C:\Windows\System\PJfLCnq.exe
  2⤵
  PID:10708
- C:\Windows\System\HEMDDQG.exe
  C:\Windows\System\HEMDDQG.exe
  2⤵
  PID:10848
- C:\Windows\System\JdGgXCy.exe
  C:\Windows\System\JdGgXCy.exe
  2⤵
  PID:10792
- C:\Windows\System\HKSDKBV.exe
  C:\Windows\System\HKSDKBV.exe
  2⤵
  PID:10892
- C:\Windows\System\mePuHMT.exe
  C:\Windows\System\mePuHMT.exe
  2⤵
  PID:796
- C:\Windows\System\ymgsrLO.exe
  C:\Windows\System\ymgsrLO.exe
  2⤵
  PID:10968
- C:\Windows\System\qxVyNSz.exe
  C:\Windows\System\qxVyNSz.exe
  2⤵
  PID:11176
- C:\Windows\System\LfGlTHJ.exe
  C:\Windows\System\LfGlTHJ.exe
  2⤵
  PID:11192
- C:\Windows\System\XjOHacc.exe
  C:\Windows\System\XjOHacc.exe
  2⤵
  PID:11204
- C:\Windows\System\JBMbGLx.exe
  C:\Windows\System\JBMbGLx.exe
  2⤵
  PID:9100
- C:\Windows\System\qxVefAD.exe
  C:\Windows\System\qxVefAD.exe
  2⤵
  PID:10472
- C:\Windows\System\JEfePFH.exe
  C:\Windows\System\JEfePFH.exe
  2⤵
  PID:10596
- C:\Windows\System\VuPPVfd.exe
  C:\Windows\System\VuPPVfd.exe
  2⤵
  PID:10660
- C:\Windows\System\lILADJr.exe
  C:\Windows\System\lILADJr.exe
  2⤵
  PID:10752
- C:\Windows\System\JgbfqdL.exe
  C:\Windows\System\JgbfqdL.exe
  2⤵
  PID:3656
- C:\Windows\System\AtXNvSF.exe
  C:\Windows\System\AtXNvSF.exe
  2⤵
  PID:11080
- C:\Windows\System\vWknpfn.exe
  C:\Windows\System\vWknpfn.exe
  2⤵
  PID:11260
- C:\Windows\System\rIChwVA.exe
  C:\Windows\System\rIChwVA.exe
  2⤵
  PID:10428
- C:\Windows\System\WioIYkm.exe
  C:\Windows\System\WioIYkm.exe
  2⤵
  PID:10656
- C:\Windows\System\OerMijl.exe
  C:\Windows\System\OerMijl.exe
  2⤵
  PID:10248
- C:\Windows\System\WZmQmTJ.exe
  C:\Windows\System\WZmQmTJ.exe
  2⤵
  PID:10572
- C:\Windows\System\IGoJFuM.exe
  C:\Windows\System\IGoJFuM.exe
  2⤵
  PID:11276
- C:\Windows\System\mQtQQGW.exe
  C:\Windows\System\mQtQQGW.exe
  2⤵
  PID:11332
- C:\Windows\System\PiZSdci.exe
  C:\Windows\System\PiZSdci.exe
  2⤵
  PID:11356
- C:\Windows\System\FVpLfVx.exe
  C:\Windows\System\FVpLfVx.exe
  2⤵
  PID:11384
- C:\Windows\System\rYTCccP.exe
  C:\Windows\System\rYTCccP.exe
  2⤵
  PID:11412
- C:\Windows\System\bEfFurm.exe
  C:\Windows\System\bEfFurm.exe
  2⤵
  PID:11444
- C:\Windows\System\PMzWseh.exe
  C:\Windows\System\PMzWseh.exe
  2⤵
  PID:11484
- C:\Windows\System\eIulTIN.exe
  C:\Windows\System\eIulTIN.exe
  2⤵
  PID:11512
- C:\Windows\System\qcINpap.exe
  C:\Windows\System\qcINpap.exe
  2⤵
  PID:11532
- C:\Windows\System\AaggURe.exe
  C:\Windows\System\AaggURe.exe
  2⤵
  PID:11556
- C:\Windows\System\PZtewlR.exe
  C:\Windows\System\PZtewlR.exe
  2⤵
  PID:11576
- C:\Windows\System\qsTUmDF.exe
  C:\Windows\System\qsTUmDF.exe
  2⤵
  PID:11616
- C:\Windows\System\CenrVWU.exe
  C:\Windows\System\CenrVWU.exe
  2⤵
  PID:11636
- C:\Windows\System\TlrsQOF.exe
  C:\Windows\System\TlrsQOF.exe
  2⤵
  PID:11672
- C:\Windows\System\SIgulEq.exe
  C:\Windows\System\SIgulEq.exe
  2⤵
  PID:11708
- C:\Windows\System\huEqzMA.exe
  C:\Windows\System\huEqzMA.exe
  2⤵
  PID:11728
- C:\Windows\System\rhLtPdJ.exe
  C:\Windows\System\rhLtPdJ.exe
  2⤵
  PID:11760
- C:\Windows\System\NbYcHqe.exe
  C:\Windows\System\NbYcHqe.exe
  2⤵
  PID:11780
- C:\Windows\System\YXHmTPz.exe
  C:\Windows\System\YXHmTPz.exe
  2⤵
  PID:11824
- C:\Windows\System\gNFoMBO.exe
  C:\Windows\System\gNFoMBO.exe
  2⤵
  PID:11852
- C:\Windows\System\GcvxNDU.exe
  C:\Windows\System\GcvxNDU.exe
  2⤵
  PID:11868
- C:\Windows\System\oYoWCGM.exe
  C:\Windows\System\oYoWCGM.exe
  2⤵
  PID:11888
- C:\Windows\System\pgvXObX.exe
  C:\Windows\System\pgvXObX.exe
  2⤵
  PID:11928
- C:\Windows\System\FNeZmNf.exe
  C:\Windows\System\FNeZmNf.exe
  2⤵
  PID:11948
- C:\Windows\System\yDDjJax.exe
  C:\Windows\System\yDDjJax.exe
  2⤵
  PID:11984
- C:\Windows\System\wNyVQBP.exe
  C:\Windows\System\wNyVQBP.exe
  2⤵
  PID:12000
- C:\Windows\System\XxmwyxY.exe
  C:\Windows\System\XxmwyxY.exe
  2⤵
  PID:12028
- C:\Windows\System\XtSBFyN.exe
  C:\Windows\System\XtSBFyN.exe
  2⤵
  PID:12044
- C:\Windows\System\XgmEOfB.exe
  C:\Windows\System\XgmEOfB.exe
  2⤵
  PID:12068
- C:\Windows\System\PkftgEh.exe
  C:\Windows\System\PkftgEh.exe
  2⤵
  PID:12132
- C:\Windows\System\DWPfqwC.exe
  C:\Windows\System\DWPfqwC.exe
  2⤵
  PID:12148
- C:\Windows\System\vDuvmSr.exe
  C:\Windows\System\vDuvmSr.exe
  2⤵
  PID:12168
- C:\Windows\System\FJTBMSz.exe
  C:\Windows\System\FJTBMSz.exe
  2⤵
  PID:12184
- C:\Windows\System\VYattKs.exe
  C:\Windows\System\VYattKs.exe
  2⤵
  PID:12208
- C:\Windows\System\UaNRgtg.exe
  C:\Windows\System\UaNRgtg.exe
  2⤵
  PID:12228
- C:\Windows\System\IdmUabC.exe
  C:\Windows\System\IdmUabC.exe
  2⤵
  PID:10788
- C:\Windows\System\nTjcXaF.exe
  C:\Windows\System\nTjcXaF.exe
  2⤵
  PID:11348
- C:\Windows\System\viNzUnq.exe
  C:\Windows\System\viNzUnq.exe
  2⤵
  PID:11376
- C:\Windows\System\XTZXmCr.exe
  C:\Windows\System\XTZXmCr.exe
  2⤵
  PID:11480
- C:\Windows\System\WoAdjyT.exe
  C:\Windows\System\WoAdjyT.exe
  2⤵
  PID:11496
- C:\Windows\System\MjJvHNE.exe
  C:\Windows\System\MjJvHNE.exe
  2⤵
  PID:11596
- C:\Windows\System\xZqkPZm.exe
  C:\Windows\System\xZqkPZm.exe
  2⤵
  PID:11572
- C:\Windows\System\eiIRLzR.exe
  C:\Windows\System\eiIRLzR.exe
  2⤵
  PID:11696
- C:\Windows\System\YtgsTOn.exe
  C:\Windows\System\YtgsTOn.exe
  2⤵
  PID:11756
- C:\Windows\System\PTovzUc.exe
  C:\Windows\System\PTovzUc.exe
  2⤵
  PID:11776
- C:\Windows\System\ekMdCFL.exe
  C:\Windows\System\ekMdCFL.exe
  2⤵
  PID:11884
- C:\Windows\System\OUlymWY.exe
  C:\Windows\System\OUlymWY.exe
  2⤵
  PID:11996
- C:\Windows\System\gZlCQAU.exe
  C:\Windows\System\gZlCQAU.exe
  2⤵
  PID:12076
- C:\Windows\System\iQAXYPy.exe
  C:\Windows\System\iQAXYPy.exe
  2⤵
  PID:12120
- C:\Windows\System\TIlbXNS.exe
  C:\Windows\System\TIlbXNS.exe
  2⤵
  PID:12176
- C:\Windows\System\CaJQDrM.exe
  C:\Windows\System\CaJQDrM.exe
  2⤵
  PID:12272
- C:\Windows\System\SeyWVZN.exe
  C:\Windows\System\SeyWVZN.exe
  2⤵
  PID:10724
- C:\Windows\System\qJvvOmg.exe
  C:\Windows\System\qJvvOmg.exe
  2⤵
  PID:11320
- C:\Windows\System\LNXJtyW.exe
  C:\Windows\System\LNXJtyW.exe
  2⤵
  PID:11372
- C:\Windows\System\nrbAByN.exe
  C:\Windows\System\nrbAByN.exe
  2⤵
  PID:11700
- C:\Windows\System\NsUqOYq.exe
  C:\Windows\System\NsUqOYq.exe
  2⤵
  PID:11820
- C:\Windows\System\kljeySd.exe
  C:\Windows\System\kljeySd.exe
  2⤵
  PID:11940
- C:\Windows\System\qQOSgzb.exe
  C:\Windows\System\qQOSgzb.exe
  2⤵
  PID:8
- C:\Windows\System\YwDMSbC.exe
  C:\Windows\System\YwDMSbC.exe
  2⤵
  PID:12016
- C:\Windows\System\AggsNSp.exe
  C:\Windows\System\AggsNSp.exe
  2⤵
  PID:12100
- C:\Windows\System\qJOZVjm.exe
  C:\Windows\System\qJOZVjm.exe
  2⤵
  PID:11456
- C:\Windows\System\cXowLxg.exe
  C:\Windows\System\cXowLxg.exe
  2⤵
  PID:11768
- C:\Windows\System\WgRsGSO.exe
  C:\Windows\System\WgRsGSO.exe
  2⤵
  PID:1880
- C:\Windows\System\odONpgP.exe
  C:\Windows\System\odONpgP.exe
  2⤵
  PID:1180
- C:\Windows\System\qaMMONb.exe
  C:\Windows\System\qaMMONb.exe
  2⤵
  PID:12260
- C:\Windows\System\eunAQwd.exe
  C:\Windows\System\eunAQwd.exe
  2⤵
  PID:12108
- C:\Windows\System\RJgyCEM.exe
  C:\Windows\System\RJgyCEM.exe
  2⤵
  PID:12308
- C:\Windows\System\KXMPOjr.exe
  C:\Windows\System\KXMPOjr.exe
  2⤵
  PID:12336
- C:\Windows\System\uWDMlUF.exe
  C:\Windows\System\uWDMlUF.exe
  2⤵
  PID:12360
- C:\Windows\System\DBUODGx.exe
  C:\Windows\System\DBUODGx.exe
  2⤵
  PID:12380
- C:\Windows\System\LMcDeZF.exe
  C:\Windows\System\LMcDeZF.exe
  2⤵
  PID:12396
- C:\Windows\System\rcugsrb.exe
  C:\Windows\System\rcugsrb.exe
  2⤵
  PID:12412
- C:\Windows\System\aujCbVg.exe
  C:\Windows\System\aujCbVg.exe
  2⤵
  PID:12428
- C:\Windows\System\rYstiZs.exe
  C:\Windows\System\rYstiZs.exe
  2⤵
  PID:12456
- C:\Windows\System\fUTTGbe.exe
  C:\Windows\System\fUTTGbe.exe
  2⤵
  PID:12476
- C:\Windows\System\JcDIaEK.exe
  C:\Windows\System\JcDIaEK.exe
  2⤵
  PID:12492
- C:\Windows\System\HbPQnlc.exe
  C:\Windows\System\HbPQnlc.exe
  2⤵
  PID:12572
- C:\Windows\System\fuhahDn.exe
  C:\Windows\System\fuhahDn.exe
  2⤵
  PID:12636
- C:\Windows\System\RoQSDBH.exe
  C:\Windows\System\RoQSDBH.exe
  2⤵
  PID:12680
- C:\Windows\System\pxoHiUs.exe
  C:\Windows\System\pxoHiUs.exe
  2⤵
  PID:12696
- C:\Windows\System\MyJBXCk.exe
  C:\Windows\System\MyJBXCk.exe
  2⤵
  PID:12716
- C:\Windows\System\aRxVSwX.exe
  C:\Windows\System\aRxVSwX.exe
  2⤵
  PID:12740
- C:\Windows\System\TsCpXpT.exe
  C:\Windows\System\TsCpXpT.exe
  2⤵
  PID:12768
- C:\Windows\System\paBUAJc.exe
  C:\Windows\System\paBUAJc.exe
  2⤵
  PID:12788
- C:\Windows\System\FUBAVQj.exe
  C:\Windows\System\FUBAVQj.exe
  2⤵
  PID:12824
- C:\Windows\System\ywNOEcR.exe
  C:\Windows\System\ywNOEcR.exe
  2⤵
  PID:12852
- C:\Windows\System\hLuIjxt.exe
  C:\Windows\System\hLuIjxt.exe
  2⤵
  PID:12868
- C:\Windows\System\ckTIhUJ.exe
  C:\Windows\System\ckTIhUJ.exe
  2⤵
  PID:12940
- C:\Windows\System\NNEUsaj.exe
  C:\Windows\System\NNEUsaj.exe
  2⤵
  PID:12960
- C:\Windows\System\rtsfhLa.exe
  C:\Windows\System\rtsfhLa.exe
  2⤵
  PID:13000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1zjtzuf0.0hu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CYSRFbC.exe

Filesize
1.6MB

MD5
74bf704bc6e40b9e74bc4a21dc429a89

SHA1
95e47c9fb9b147bd2da4e58418be4b1d7b6418dd

SHA256
253b92e4ad33d8da5e39d51082ff25a251e62e9995fe7e3a10b22d939e8825c1

SHA512
bdee6a4287e6bccbf8798ec2e4423a75872c21239e43b7232bb92af19d615da8e78390744e8346c8a64077c821a0660496fc77e3f73a2ca0d5837b56382e393a

Download Submit
C:\Windows\System\DfITCLd.exe

Filesize
1.6MB

MD5
355c5080c44526b44325bb39e4ec24da

SHA1
6ec571a5a856a32d21e9363bca001945bf008908

SHA256
efe49c5d362818ad5e0fec52d321ed3cb91f42bd720508fc8a004f20524b4046

SHA512
7346190769f09bbbc21443d8c411cda371e1e70cab97adce5e2524ee0a5630cca644909ad313527fe83df3a9b6eeb120b1b1002aa9c5ae7f9b80fb1dc54ae83b

Download Submit
C:\Windows\System\EdxdMAI.exe

Filesize
1.6MB

MD5
204f3431fc4a7533c4d89a1ec565d965

SHA1
ef0a109105ede7b50bffd2bd4ebea6a1c753071a

SHA256
466907b41e779aaa64a07e2b02539cfdb057b100df78e5b2dcbb053826a27ef3

SHA512
d59e37da4a68cff541424f669ce3f77929b0c0c1c759bdc748d1029992924f8e6e9de4e2cd380746baa7dedce1d075d5df326986357f8210ebbd330c0b2a3c51

Download Submit
C:\Windows\System\IgcErax.exe

Filesize
1.6MB

MD5
ce21af8d4e5662f8abde3904993e4ec0

SHA1
2cce50c265f6a46b3cd780083a2dd933f347017e

SHA256
7d7c71679e276d3b13ce3358571800ff026fc1ea8e6bf955dd3f3f980017107d

SHA512
600c83fa7cb07780f207511a25e95c05eb2982646ad27b1be68a8c47761ce43690884f297f9f090db1da8937881e6f671f5ec9521328d29646f609447cf057d1

Download Submit
C:\Windows\System\JQzoyLN.exe

Filesize
1.6MB

MD5
167cf215fe738ef549f6cab7c198e775

SHA1
61a3856b8b7535277a0250b602fcbd06cc7f49f5

SHA256
a6973ddd5ac37f10b014580c5e7326a2a467985954cde76fc7729a7c2e69296b

SHA512
5c4ef4e5260fd36553a21893fde48c8452b1eb5fd6dd7f45fe63160356460b94c0ef03a68777f80a4c863cb72e89875845452644286e531103a943e72b48b6ed

Download Submit
C:\Windows\System\LTUWxWk.exe

Filesize
1.6MB

MD5
ff068fe5439d3327a732cca2670e2b74

SHA1
ecd551b12255bf626e46fd3085ca60094f062d74

SHA256
cce96599dbe4a916b9deea8d5ab764a1fcdb37921d5db9c0402d58813e51102e

SHA512
5b6bc3f5f3bb308a756ba6b4088e151897e19d3dce8924f831bfea99fa366d1f421fd943902327b9be4ab01cdb9632851ca98f29ceb4ad11e43d5da399e2976d

Download Submit
C:\Windows\System\LlLrBTK.exe

Filesize
1.6MB

MD5
efc7bdff8751a68ec2b769d38f449d77

SHA1
6b5e3129f373f5d6da286cada3c346ce0fe28a1f

SHA256
60f3ac22c78c1018ea72e14af10c35c1e6fbf3d42d28c95c0dea37f6e713e29d

SHA512
d772bd56f6db09b5fb1f41c3c79bcfe99d04366d631de505e6ae363c143c8fd3496426e25ac75df2b4b7a871f5588286b8e4b6d9c3e16860e589191421c00f8e

Download Submit
C:\Windows\System\LwPavbX.exe

Filesize
1.6MB

MD5
2acd15e467871157012f17740623ce47

SHA1
767828ac90932f5ec327ed8f706c91da22cddb51

SHA256
bf61f90bb13453c6b94c864889ff5950796f9f48136363adc385d85bb05ddfae

SHA512
6a25d512ed77895c3d95358bed3b55f369197c5e97565e86647af99902c266fbe0d4707456761b1a72bf8d4e2120bb15518b7b3505651f6909ec213a7209973f

Download Submit
C:\Windows\System\NCDaHOO.exe

Filesize
18B

MD5
ad283effbdeeef72cf78c58ec3459c7b

SHA1
70f9a026880d19d2bdbdbacc33c6dd9af8184d85

SHA256
a93917c7e83f12b0c273c84a2302370404b8779e7cb42a4db5b54ccff94236b5

SHA512
587496b4d793e0072f5ea24d9cbfd276ea889eb5d0ea03b41418a09b260754957b7164533669d9353aab438e18be561b915a819bffc480e6b44f03451c24cf3b

Download Submit
C:\Windows\System\RZvdVnH.exe

Filesize
1.6MB

MD5
1b5ac67fbe95379806f904b77aee2c54

SHA1
86a0d36cea591f79647908d350ec8eadfafd096e

SHA256
c39ddae88fb1f45587fb025131406330ec507eec5883f0e73aaae10183250124

SHA512
6ccb2ba10010edb9df6bf2375b49449bf7521b92d0078af09e48cd366a128af2dffb4ad6ed166585d77ba01b2444abad710a15dc390006a1cb1be83d2a9f89a2

Download Submit
C:\Windows\System\SQxRZbt.exe

Filesize
1.6MB

MD5
874982743ff6059fa252d781b5284993

SHA1
11436d08c44ef308bdb6e4ee412b0d4a69fccc29

SHA256
4587305740a2e090256b099b7055ee1fd62ca7de1586883ba2a26693743f871d

SHA512
7d2daa44248df568e160d0f79a3c74a7af99e00b66973fbc8e6f9559cdd389bd4f51a26e20eddb090a6585e490c4962ca150f92ca0d4201f0cdc60102477df07

Download Submit
C:\Windows\System\SxTWSMG.exe

Filesize
1.6MB

MD5
4907bcbc8281b05c1715af51242ba05d

SHA1
640a6bfa2d4a5b1931ab4b78f72bac4c3edcff68

SHA256
c7dd84e3316430a6093f320bdfa8f4b9a7ad9ae403e422f0d7c0f3c3a4ee271a

SHA512
db07f1e352813a7201aed6547f4d9bfcaae60682b863ddfe75c95ca1b62f55e45681da1b8b717836e7edca4569a4e194116fab3c9a6a87e571ab0af807869f1f

Download Submit
C:\Windows\System\TzxasZa.exe

Filesize
1.6MB

MD5
50e8bef4156ca045ebf09050a4e251d3

SHA1
c3c2727a20cb9a75fe9424035f97d5f7692cdb64

SHA256
fbdcb1bc7b97cad1866b041bdc79cbfda28f729d36ba81265a0c3e4bf1bf01c9

SHA512
7c7157d98f4cef0d0209af5b77033df805ebc56022872f98f3d357768c101292777f629935751a98c89813f1dd7e94795691710bab2b6f19d1acfef5a0a0c621

Download Submit
C:\Windows\System\UCxMtkO.exe

Filesize
1.6MB

MD5
18fbf70b34b3f31ef8c77b31a3dbf7c8

SHA1
0ac24543d6e925b697aa18dab65ac0276486d9af

SHA256
d88535561a4134042f050cca17a308290f2b37cc9be23aef6b9edfe2a7911049

SHA512
1e9b4d1308533f9a4a8bcd6f7cfda066f078813c50d053a9cdfaca87650d45100a364dbdb24f0cbf7074611569178572789f9059a748de2a2d60214b4927b685

Download Submit
C:\Windows\System\UQPRIYD.exe

Filesize
1.6MB

MD5
4e0ff0befe41bf3a56bea1666bbce344

SHA1
390b0f46565c3fac275aa11b90c33d21b3c09de9

SHA256
77b3466a80a868a4d65e99b4280ff6b99d7bafbac267dbb5af823ce23e8489a5

SHA512
74aa37124a4a4b32c782bc11d0efe6870f0bec97e539c0bb05731bd161515e2134433b2e6c35e7e9eb0df3f0dd04f60f7a7056ede74b4ad13a83afbf1ab8b76a

Download Submit
C:\Windows\System\Unwskbo.exe

Filesize
1.6MB

MD5
85d2d378258c9067447e4b9fe2ff1eec

SHA1
08b8281d5e2075db90ead74305b25c9250cc999b

SHA256
60be8eb7c7be453aae0910207fd7d370633805b55d3f8732a76b1fe03db59441

SHA512
28d77a82d8b61047faf2e0650cd81811011ae802fa80fbddc7a9500fc075a0217a04ac50ad62feb33cf7c4bc60b0c4e4b5e1edf28b5dfa787f06937c9c002333

Download Submit
C:\Windows\System\VrFhZRZ.exe

Filesize
1.6MB

MD5
e0c9b827de3cc21cf5b34500e342e5b3

SHA1
e6ffb6a89961a73ced82e1b27a50a5f2715a8c95

SHA256
024d3f93689f830e0e8d1fd3f53ee4cb6e5d6a75c82dad212c2fc84fb7c20e90

SHA512
044b5ad2b1b517f7f7cc040d1517fcb08282110e2e35a64fe168d6c065e0ee9e16b7ff52d409f7856adf03a81868728487ec3f5c6fe8333a9b73873eef62fcbe

Download Submit
C:\Windows\System\WWxLSVY.exe

Filesize
1.6MB

MD5
c24a3b0cdf4895219a7318c602bd5bc6

SHA1
c1f9f4b9414a4f9ea5c4ecdb3294d34ed727d613

SHA256
eee356344f68d256d86689abdfec6616e642963a1d598be8af5883221d785095

SHA512
dda769a6ab2853edb1afe9cb32c727127a548932a32b5bf8be6f2370dddb5923236d6d747bf95856bfa351154a0be6cca2d5190b1f9767c1bef54e100a367798

Download Submit
C:\Windows\System\WdWuRew.exe

Filesize
1.6MB

MD5
427fce88f7eb75b9e244faf46f17e9dc

SHA1
6ebc6d978416bd35c8f103f7874079217d8dc11f

SHA256
cfe284a5e761326b08e5215c66e94013a0cdb79ca2bb8bfe8647d9f89b9245c9

SHA512
11c0231363fa576e124c42a7629277541f42d42670cd0a07c5ee56405bbbff13bd8d3fb90a19d632d28947fa7b7080972cd35c1e1670e050cdb7930cfe3992c7

Download Submit
C:\Windows\System\ZRCHlyj.exe

Filesize
1.6MB

MD5
520945575e48d24fa891147c86da16e4

SHA1
eccb1d801433ac452c2ad551356fd0cf6fefa5e9

SHA256
057cd5b8f2b50a1a8303067e54acb468a96c5040f2d1d5167e91f7b5fc5dd22e

SHA512
7df95d98599c3fa1370afb2da9b30a53c15611de985682bafdd2357cc6c60b46bec6b916a907221b8339939a3df9a2d1d71df092d8ef09cdc7a85c2a13f3f9fb

Download Submit
C:\Windows\System\cBQikOO.exe

Filesize
1.6MB

MD5
4f1e32c31d730ab6094bcdb53129a549

SHA1
20fcd2168715001aefcdb2571eedbd4f9e6a6628

SHA256
d3c14a9f0d6ba8316d82d8fcf1d3c58d3ef260bde01a2933d8dc9016666683e9

SHA512
139627dd5d89815f0e754789210b6887e9a287fbff20dc41090664cef7af3b50239c47dc664ea3801772ceb91a4dd3d4852940ceca5f82b39c1210c4f2297a3b

Download Submit
C:\Windows\System\fUceNxt.exe

Filesize
1.6MB

MD5
ec0e6cfdbf4a521fd86e1cb96f67b6ad

SHA1
98793be28fc78d4c6c59927f5accf8ba13c5ff8d

SHA256
c9a79af8a5faf029e8e7c110816da6ac42e90289adcb79774152d8ed7a3bb187

SHA512
712616a806f8c7fdf0d74d14598d99dd6ff34c3a8cd06cb8284df4f8a0ae6b5887341a86b08ce1ea5aa0e8b4b35abe329ba43002e1b21760c58da4de9d9bef18

Download Submit
C:\Windows\System\jCPndqB.exe

Filesize
1.6MB

MD5
621e17235578dcaf9ed58ac62763ec50

SHA1
4468b0ef9f63e9dc388ff683cad5d1e7d0bbef47

SHA256
b8a4e320383127e711089a7246f17f54912b8356da6528cd0de37fea85a4885e

SHA512
00ffa1e0e718f54a1f7f8b2b988ea82af9d3bf4b345508e6b94db8d634a986f0a9ed0e555c458744d5ce59836d9f6a8d404d5015403bf3fb99fa6b3338665f42

Download Submit
C:\Windows\System\kEaraBP.exe

Filesize
1.6MB

MD5
7551c4ccb038705f379bf0a3f5e01962

SHA1
65f0a57ea99f77ba4270f3a13c04b08c97de67d7

SHA256
17189a94616040ee0ffe267c8435ab9e1cb316b519ecca2c1b54dcb962b32de4

SHA512
ee10d8a1167909675ebafc6f5794278b282385a8379bc2b5633c0c3e0f1fbae8cbb8faf82ed34a523a1ec4df2b7305dba0f4206fbbfae6ee190cbc4e29ced684

Download Submit
C:\Windows\System\lVbBwpJ.exe

Filesize
1.6MB

MD5
29d6f3bcbfc25ad82656474b142f3138

SHA1
8237645d52f630d3aa434dec1e0d6c3c59aaf2a1

SHA256
ef9c996d12570dd20affe2272ff0e8267384b89c25decce5d5d3bb4846bae6d2

SHA512
307be35c6baf20a5054061f898e0b9d85dc222f15e756f12ab4255c1a7b13389e6d4897ab3ae1d43b27e40dad3cedd4b31c12c8e67edb42cdd676dcff097ee23

Download Submit
C:\Windows\System\lakgRIN.exe

Filesize
1.6MB

MD5
dcb39cad06faf98f56bccbef3545cbef

SHA1
a74e84bb6be5bcc31498d23cb2720548993791a8

SHA256
871408ffec530af2625db10544b6c4565ff665d452f26f922b8ab7523cb11040

SHA512
ea017507602b4b040cebd1230887d864a65b27c6b17fad9ac0c4e593bee846f3e1bbae25f51d1a74161664cb66bc3a440a69c318e5f65e3c060a67bd7a46843f

Download Submit
C:\Windows\System\nLztqkw.exe

Filesize
1.6MB

MD5
8c39c9bae7327c6b6952b9635c5ebeaa

SHA1
a4ea0530bb1b9a56ceddbdd3bbaa4980484c88b5

SHA256
935afade3fee89bfd8d75333ba625d9a42eb3b80dc50e643750167bf0fa66006

SHA512
83541c203436592003262ccfd63b55142ba13ffd74cf9b65fa1036c8a41603a9981d5a4b718d50ced94483ccbb6901e740bd46566fbc6053f3ca550851900266

Download Submit
C:\Windows\System\oOBvEaX.exe

Filesize
1.6MB

MD5
0a6ed1ae964a0ccd10d2de50687bc0e2

SHA1
f583fc2ad405419bab0ced54eb2e2e3973ff7531

SHA256
787a1b8942dbf865477a215f36e45d6f50af47a4c0373b388afdc5d5e67575e3

SHA512
ea5ffbe33f496915aef641d3841ca0f1cf414fa158a605c1342804653d35f5aee5a05feb9a6f9ce6d85cd6b32152beadadfd18d6295bf8f7242881c7c229be39

Download Submit
C:\Windows\System\paRgKND.exe

Filesize
1.6MB

MD5
bcbb39237ca17b3def563c870f9fd838

SHA1
d72567eb28e25086f92362eb45ad39c0e18e1d1e

SHA256
1ca1edc54ed0ecd00c43945d7882cb1b01c51574fba4dbd417225a45bb312a52

SHA512
497617588a323f5a7385d97a5e44824f3ad46d166e8749a1e85b8ccb0459a7db7038f1b1e71fa8313011874c94ce4ced4be33968bd715cc447354241d35182b9

Download Submit
C:\Windows\System\qaMRUFD.exe

Filesize
1.6MB

MD5
b56b7dc756a6382b1c752afcc908787f

SHA1
94da7e1eabbdb6b3fd0ac70bc6a06ffb004dfbd6

SHA256
882fdeb70d1c45074994966dc87ab05ea217e9f3b0e55632eb7bba45710a9596

SHA512
b7f1eaba02107d3c17f06060929b3d35508f88c4592f2f4cc1d975e33c00692e6d863e302a3228690ac1a293152ab9eba52a0621642a8200fed173327d36c13b

Download Submit
C:\Windows\System\sggULOU.exe

Filesize
8B

MD5
021537eebb28958a3505101570fe7dc8

SHA1
f947c15a323c665ac0d3483adfedaec35f89a794

SHA256
015a1fe8cb25d60b059febdcce62d1d8b9f4df716580af49c67244c0800332ca

SHA512
041cbf36001bfc8b73482fea5910c690afaa7faa8e87e3684c5e3f8956353c29d2c16a5b5ae9aaf819125a6a450b03c8853d7ec7c1016bafaf16a90097470c38

Download Submit
C:\Windows\System\udaZzbQ.exe

Filesize
1.6MB

MD5
db1f7109f80fadaf330c78975a40e75a

SHA1
f695cd760fb8be2e75961f3db0d42b099f722022

SHA256
a7e4e15414d018706edf32aa112eac10ad8d2c1ae1c6e770f32e6761017574dc

SHA512
56a86a7bc7c9adda9b0a35537cc019d4249765f77290e36749e08e75150c49f4734b15181a2a5ab0497b19b2a7f5584c9520e9e2207da4c062397e3798fa8bc9

Download Submit
C:\Windows\System\xJSBYwM.exe

Filesize
1.6MB

MD5
56dd4050627abf593d52255abc300a47

SHA1
5beaa365837128d0da20b1ae4dc028599422cba1

SHA256
cb94f40349965598e12a7ce1fac5e3266abe068f7fa77847dfb225cbf2389ca1

SHA512
d6522d71bed02fc1621fd15dbcc357f9b806119353f494acc903cf1c066cca6503f797606e2fd1f86107a98fe2116780120e160fc7bcd622dd6f197f6a8e8b5e

Download Submit
C:\Windows\System\yCDIdAf.exe

Filesize
1.6MB

MD5
5a561545ad97553ce1e1c8ffb99e4468

SHA1
6c0cb1094d8cfb1d80279dbbe5f4bf2889c00731

SHA256
81bcedeb45edbe27e015660971e3b5e3d1d89befa69e01088425bccea67b8f76

SHA512
1343d0a464a82e0e3b80997e7fe73d7c9689d3375cee74d5ff58d81b5ca33c997ba5823970adb2affc8dfa82e583bfac8da53fbf0bd71735a8742e1db41fc253

Download Submit
C:\Windows\System\yzkeZYg.exe

Filesize
1.6MB

MD5
44cd675f8e42e92fcd1675e5495cb283

SHA1
2b9ca651414945ff1ccf1bf62a8fa54d7825c2bd

SHA256
4f9946451da9a4f18bf302705d27e2378b5ff52f1441973b2f5bf1d4aa0a95cd

SHA512
29ccde5fe596c76713bc9932f56200107a3d483d9ec20cb4c643ea49a3741da29aa19a2f12eaa65dd864e626932d0832d98c64ede0fcbfea595533da0a46d929

Download Submit
memory/412-2182-0x00007FF6D80A0000-0x00007FF6D8492000-memory.dmp

Filesize
3.9MB

Download
memory/412-129-0x00007FF6D80A0000-0x00007FF6D8492000-memory.dmp

Filesize
3.9MB

Download
memory/532-126-0x00007FF75D070000-0x00007FF75D462000-memory.dmp

Filesize
3.9MB

Download
memory/532-2176-0x00007FF75D070000-0x00007FF75D462000-memory.dmp

Filesize
3.9MB

Download
memory/652-2196-0x00007FF7AB320000-0x00007FF7AB712000-memory.dmp

Filesize
3.9MB

Download
memory/652-527-0x00007FF7AB320000-0x00007FF7AB712000-memory.dmp

Filesize
3.9MB

Download
memory/812-135-0x00007FF6B97D0000-0x00007FF6B9BC2000-memory.dmp

Filesize
3.9MB

Download
memory/812-2188-0x00007FF6B97D0000-0x00007FF6B9BC2000-memory.dmp

Filesize
3.9MB

Download
memory/1536-92-0x00007FF697D00000-0x00007FF6980F2000-memory.dmp

Filesize
3.9MB

Download
memory/1536-2151-0x00007FF697D00000-0x00007FF6980F2000-memory.dmp

Filesize
3.9MB

Download
memory/1628-124-0x00007FF6F7A90000-0x00007FF6F7E82000-memory.dmp

Filesize
3.9MB

Download
memory/1628-2173-0x00007FF6F7A90000-0x00007FF6F7E82000-memory.dmp

Filesize
3.9MB

Download
memory/1776-134-0x00007FF66D1D0000-0x00007FF66D5C2000-memory.dmp

Filesize
3.9MB

Download
memory/1776-2184-0x00007FF66D1D0000-0x00007FF66D5C2000-memory.dmp

Filesize
3.9MB

Download
memory/2180-2169-0x00007FF7C0110000-0x00007FF7C0502000-memory.dmp

Filesize
3.9MB

Download
memory/2180-120-0x00007FF7C0110000-0x00007FF7C0502000-memory.dmp

Filesize
3.9MB

Download
memory/2236-125-0x00007FF6796A0000-0x00007FF679A92000-memory.dmp

Filesize
3.9MB

Download
memory/2236-2172-0x00007FF6796A0000-0x00007FF679A92000-memory.dmp

Filesize
3.9MB

Download
memory/2356-2156-0x00007FF6BF0A0000-0x00007FF6BF492000-memory.dmp

Filesize
3.9MB

Download
memory/2356-33-0x00007FF6BF0A0000-0x00007FF6BF492000-memory.dmp

Filesize
3.9MB

Download
memory/2440-2160-0x00007FF6259F0000-0x00007FF625DE2000-memory.dmp

Filesize
3.9MB

Download
memory/2440-131-0x00007FF6259F0000-0x00007FF625DE2000-memory.dmp

Filesize
3.9MB

Download
memory/2708-2122-0x00007FFDAE390000-0x00007FFDAEE51000-memory.dmp

Filesize
10.8MB

Download
memory/2708-2113-0x00007FFDAE393000-0x00007FFDAE395000-memory.dmp

Filesize
8KB

Download
memory/2708-63-0x00007FFDAE390000-0x00007FFDAEE51000-memory.dmp

Filesize
10.8MB

Download
memory/2708-22-0x00007FFDAE390000-0x00007FFDAEE51000-memory.dmp

Filesize
10.8MB

Download
memory/2708-116-0x0000028F58640000-0x0000028F58662000-memory.dmp

Filesize
136KB

Download
memory/2708-7-0x00007FFDAE393000-0x00007FFDAE395000-memory.dmp

Filesize
8KB

Download
memory/2708-530-0x0000028F591A0000-0x0000028F59946000-memory.dmp

Filesize
7.6MB

Download
memory/3184-2148-0x00007FF668960000-0x00007FF668D52000-memory.dmp

Filesize
3.9MB

Download
memory/3184-39-0x00007FF668960000-0x00007FF668D52000-memory.dmp

Filesize
3.9MB

Download
memory/3800-526-0x00007FF697BC0000-0x00007FF697FB2000-memory.dmp

Filesize
3.9MB

Download
memory/3800-2191-0x00007FF697BC0000-0x00007FF697FB2000-memory.dmp

Filesize
3.9MB

Download
memory/4028-132-0x00007FF691460000-0x00007FF691852000-memory.dmp

Filesize
3.9MB

Download
memory/4028-2158-0x00007FF691460000-0x00007FF691852000-memory.dmp

Filesize
3.9MB

Download
memory/4144-130-0x00007FF7B7800000-0x00007FF7B7BF2000-memory.dmp

Filesize
3.9MB

Download
memory/4144-2153-0x00007FF7B7800000-0x00007FF7B7BF2000-memory.dmp

Filesize
3.9MB

Download
memory/4164-2190-0x00007FF64A770000-0x00007FF64AB62000-memory.dmp

Filesize
3.9MB

Download
memory/4164-524-0x00007FF64A770000-0x00007FF64AB62000-memory.dmp

Filesize
3.9MB

Download
memory/4184-112-0x00007FF63B080000-0x00007FF63B472000-memory.dmp

Filesize
3.9MB

Download
memory/4184-2164-0x00007FF63B080000-0x00007FF63B472000-memory.dmp

Filesize
3.9MB

Download
memory/4200-2162-0x00007FF692B30000-0x00007FF692F22000-memory.dmp

Filesize
3.9MB

Download
memory/4200-117-0x00007FF692B30000-0x00007FF692F22000-memory.dmp

Filesize
3.9MB

Download
memory/4368-2180-0x00007FF74F8F0000-0x00007FF74FCE2000-memory.dmp

Filesize
3.9MB

Download
memory/4368-133-0x00007FF74F8F0000-0x00007FF74FCE2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-2186-0x00007FF67C1F0000-0x00007FF67C5E2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-127-0x00007FF67C1F0000-0x00007FF67C5E2000-memory.dmp

Filesize
3.9MB

Download
memory/4676-2193-0x00007FF700650000-0x00007FF700A42000-memory.dmp

Filesize
3.9MB

Download
memory/4676-525-0x00007FF700650000-0x00007FF700A42000-memory.dmp

Filesize
3.9MB

Download
memory/4812-128-0x00007FF6E5DA0000-0x00007FF6E6192000-memory.dmp

Filesize
3.9MB

Download
memory/4812-2178-0x00007FF6E5DA0000-0x00007FF6E6192000-memory.dmp

Filesize
3.9MB

Download
memory/4912-2167-0x00007FF7283D0000-0x00007FF7287C2000-memory.dmp

Filesize
3.9MB

Download
memory/4912-121-0x00007FF7283D0000-0x00007FF7287C2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2165-0x00007FF6585E0000-0x00007FF6589D2000-memory.dmp

Filesize
3.9MB

Download
memory/4928-105-0x00007FF6585E0000-0x00007FF6589D2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-0-0x00007FF6DEA00000-0x00007FF6DEDF2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-1-0x000001A2602B0000-0x000001A2602C0000-memory.dmp

Filesize
64KB

Download