xmrig | 1f8508731a5748455c5096416b9e8c68aa9c0fa30b1aa8afc2b65875c1ff8cd1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
Size

1.7MB
MD5

680b2608895de70df9db50780f70e7a0
SHA1

84a28d839239663109bbb7f927dfcb44a373f580
SHA256

1f8508731a5748455c5096416b9e8c68aa9c0fa30b1aa8afc2b65875c1ff8cd1
SHA512

bd6265209409f681ca89dfb0b36084d6f61f74ab89ade87fdd0c5dd65cacb7f4118b06bc39d38775e350572a139238f3f9aaca192774acf459c396b57d56c94b
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjpbc8nJwbomvu2Nrlum7+a7EtLgCPimzB:Lz071uv4BPMkHC0IBcAUNRSa7kj5zB

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/1516-86-0x00007FF7B55A0000-0x00007FF7B5992000-memory.dmp	xmrig
behavioral2/memory/2720-127-0x00007FF74BE80000-0x00007FF74C272000-memory.dmp	xmrig
behavioral2/memory/2696-182-0x00007FF64FF30000-0x00007FF650322000-memory.dmp	xmrig
behavioral2/memory/264-176-0x00007FF7A0CD0000-0x00007FF7A10C2000-memory.dmp	xmrig
behavioral2/memory/3584-170-0x00007FF613340000-0x00007FF613732000-memory.dmp	xmrig
behavioral2/memory/4856-164-0x00007FF755A20000-0x00007FF755E12000-memory.dmp	xmrig
behavioral2/memory/3888-158-0x00007FF7F5340000-0x00007FF7F5732000-memory.dmp	xmrig
behavioral2/memory/1812-157-0x00007FF60A780000-0x00007FF60AB72000-memory.dmp	xmrig
behavioral2/memory/1448-151-0x00007FF7FD960000-0x00007FF7FDD52000-memory.dmp	xmrig
behavioral2/memory/4300-145-0x00007FF670520000-0x00007FF670912000-memory.dmp	xmrig
behavioral2/memory/4636-139-0x00007FF7FCAC0000-0x00007FF7FCEB2000-memory.dmp	xmrig
behavioral2/memory/4560-133-0x00007FF74D1A0000-0x00007FF74D592000-memory.dmp	xmrig
behavioral2/memory/3244-126-0x00007FF74EDD0000-0x00007FF74F1C2000-memory.dmp	xmrig
behavioral2/memory/2136-120-0x00007FF7F9D30000-0x00007FF7FA122000-memory.dmp	xmrig
behavioral2/memory/1584-114-0x00007FF6B7180000-0x00007FF6B7572000-memory.dmp	xmrig
behavioral2/memory/3708-99-0x00007FF62C500000-0x00007FF62C8F2000-memory.dmp	xmrig
behavioral2/memory/5032-96-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp	xmrig
behavioral2/memory/4932-84-0x00007FF62E900000-0x00007FF62ECF2000-memory.dmp	xmrig
behavioral2/memory/1796-71-0x00007FF68D890000-0x00007FF68DC82000-memory.dmp	xmrig
behavioral2/memory/3132-64-0x00007FF62BDD0000-0x00007FF62C1C2000-memory.dmp	xmrig
behavioral2/memory/3252-59-0x00007FF757530000-0x00007FF757922000-memory.dmp	xmrig
behavioral2/memory/4012-1952-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp	xmrig
behavioral2/memory/1764-1953-0x00007FF648F30000-0x00007FF649322000-memory.dmp	xmrig
behavioral2/memory/4028-1954-0x00007FF6F7040000-0x00007FF6F7432000-memory.dmp	xmrig
behavioral2/memory/5032-1972-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp	xmrig
behavioral2/memory/4012-2016-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp	xmrig
behavioral2/memory/3708-2018-0x00007FF62C500000-0x00007FF62C8F2000-memory.dmp	xmrig
behavioral2/memory/1764-2020-0x00007FF648F30000-0x00007FF649322000-memory.dmp	xmrig
behavioral2/memory/1584-2022-0x00007FF6B7180000-0x00007FF6B7572000-memory.dmp	xmrig
behavioral2/memory/3252-2024-0x00007FF757530000-0x00007FF757922000-memory.dmp	xmrig
behavioral2/memory/3132-2026-0x00007FF62BDD0000-0x00007FF62C1C2000-memory.dmp	xmrig
behavioral2/memory/1796-2028-0x00007FF68D890000-0x00007FF68DC82000-memory.dmp	xmrig
behavioral2/memory/4932-2030-0x00007FF62E900000-0x00007FF62ECF2000-memory.dmp	xmrig
behavioral2/memory/1516-2032-0x00007FF7B55A0000-0x00007FF7B5992000-memory.dmp	xmrig
behavioral2/memory/3244-2036-0x00007FF74EDD0000-0x00007FF74F1C2000-memory.dmp	xmrig
behavioral2/memory/2136-2035-0x00007FF7F9D30000-0x00007FF7FA122000-memory.dmp	xmrig
behavioral2/memory/5032-2041-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp	xmrig
behavioral2/memory/2720-2044-0x00007FF74BE80000-0x00007FF74C272000-memory.dmp	xmrig
behavioral2/memory/4028-2043-0x00007FF6F7040000-0x00007FF6F7432000-memory.dmp	xmrig
behavioral2/memory/4560-2039-0x00007FF74D1A0000-0x00007FF74D592000-memory.dmp	xmrig
behavioral2/memory/4636-2055-0x00007FF7FCAC0000-0x00007FF7FCEB2000-memory.dmp	xmrig
behavioral2/memory/3584-2058-0x00007FF613340000-0x00007FF613732000-memory.dmp	xmrig
behavioral2/memory/264-2060-0x00007FF7A0CD0000-0x00007FF7A10C2000-memory.dmp	xmrig
behavioral2/memory/4300-2057-0x00007FF670520000-0x00007FF670912000-memory.dmp	xmrig
behavioral2/memory/1448-2053-0x00007FF7FD960000-0x00007FF7FDD52000-memory.dmp	xmrig
behavioral2/memory/4856-2049-0x00007FF755A20000-0x00007FF755E12000-memory.dmp	xmrig
behavioral2/memory/1812-2046-0x00007FF60A780000-0x00007FF60AB72000-memory.dmp	xmrig
behavioral2/memory/3888-2051-0x00007FF7F5340000-0x00007FF7F5732000-memory.dmp	xmrig
behavioral2/memory/2696-2065-0x00007FF64FF30000-0x00007FF650322000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
7	4368	powershell.exe
9	4368	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4368	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4012	BzCiXdK.exe
1764	AATxshT.exe
3708	xNegwRC.exe
1584	kGRkguO.exe
3252	ohHeqhO.exe
3132	LOSQlSD.exe
1796	KlJLNrP.exe
4932	kUczpmB.exe
1516	TowBOIw.exe
2136	vTrOytW.exe
3244	VgsqOFa.exe
2720	hLRHaYy.exe
4028	lIoAPYU.exe
5032	OVSwNHP.exe
4560	lDadSnM.exe
4300	gBLNwJI.exe
4636	lCXamFV.exe
1448	VqijrpF.exe
1812	oUuldWq.exe
3888	ttjLJua.exe
4856	lwRomxK.exe
3584	ISZlzhv.exe
264	TYmzsYw.exe
2696	xOuOVHS.exe
1800	jOFoWdY.exe
4604	VMhnaxn.exe
4672	IsNpNyZ.exe
744	pIwjmog.exe
3760	sYahvAK.exe
4752	SzbHMYg.exe
2648	jvXqhuv.exe
3276	VcnkBYm.exe
4572	AJyfTgm.exe
3456	QqGolAq.exe
2664	csSRFxQ.exe
1416	PapVvjq.exe
4696	urbbXCx.exe
736	nRUWGpE.exe
2976	ggHHrdV.exe
1564	MoMRfym.exe
2864	wdzxLYX.exe
1296	woxwoOX.exe
1592	EtdDquR.exe
4344	TwYSYrw.exe
1400	urmHCwY.exe
3300	jOtmEFK.exe
3660	dPKLsuR.exe
2916	RgyBREt.exe
3820	IMwtQKy.exe
5104	PISjFXZ.exe
4248	rIwkRtZ.exe
3336	xNoardk.exe
4616	jOvptnD.exe
4632	DdbxOhl.exe
4372	fnjZrHt.exe
428	InXTfTd.exe
2512	rlBPGHf.exe
3152	JRAgprS.exe
4544	VUZpXfG.exe
3200	Hjgirnj.exe
1880	fzNlLDE.exe
3452	eIMIQgD.exe
1844	PzzWNqy.exe
3332	yrccUhV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3120-0-0x00007FF731CC0000-0x00007FF7320B2000-memory.dmp	upx
behavioral2/files/0x0007000000023419-6.dat	upx
behavioral2/files/0x00090000000233fd-7.dat	upx
behavioral2/files/0x000700000002341a-20.dat	upx
behavioral2/files/0x000700000002341b-37.dat	upx
behavioral2/files/0x000700000002341c-45.dat	upx
behavioral2/files/0x000700000002341f-56.dat	upx
behavioral2/files/0x0007000000023422-76.dat	upx
behavioral2/memory/1516-86-0x00007FF7B55A0000-0x00007FF7B5992000-memory.dmp	upx
behavioral2/files/0x0007000000023423-93.dat	upx
behavioral2/files/0x0007000000023427-111.dat	upx
behavioral2/memory/2720-127-0x00007FF74BE80000-0x00007FF74C272000-memory.dmp	upx
behavioral2/files/0x000700000002342b-136.dat	upx
behavioral2/files/0x000700000002342c-152.dat	upx
behavioral2/files/0x000700000002342f-161.dat	upx
behavioral2/files/0x0007000000023431-173.dat	upx
behavioral2/files/0x0007000000023436-200.dat	upx
behavioral2/files/0x0007000000023434-198.dat	upx
behavioral2/files/0x0007000000023435-195.dat	upx
behavioral2/files/0x0007000000023433-193.dat	upx
behavioral2/files/0x0007000000023432-188.dat	upx
behavioral2/memory/2696-182-0x00007FF64FF30000-0x00007FF650322000-memory.dmp	upx
behavioral2/files/0x0007000000023430-177.dat	upx
behavioral2/memory/264-176-0x00007FF7A0CD0000-0x00007FF7A10C2000-memory.dmp	upx
behavioral2/memory/3584-170-0x00007FF613340000-0x00007FF613732000-memory.dmp	upx
behavioral2/files/0x000700000002342e-165.dat	upx
behavioral2/memory/4856-164-0x00007FF755A20000-0x00007FF755E12000-memory.dmp	upx
behavioral2/files/0x000700000002342d-159.dat	upx
behavioral2/memory/3888-158-0x00007FF7F5340000-0x00007FF7F5732000-memory.dmp	upx
behavioral2/memory/1812-157-0x00007FF60A780000-0x00007FF60AB72000-memory.dmp	upx
behavioral2/memory/1448-151-0x00007FF7FD960000-0x00007FF7FDD52000-memory.dmp	upx
behavioral2/memory/4300-145-0x00007FF670520000-0x00007FF670912000-memory.dmp	upx
behavioral2/files/0x000700000002342a-140.dat	upx
behavioral2/memory/4636-139-0x00007FF7FCAC0000-0x00007FF7FCEB2000-memory.dmp	upx
behavioral2/files/0x0007000000023429-134.dat	upx
behavioral2/memory/4560-133-0x00007FF74D1A0000-0x00007FF74D592000-memory.dmp	upx
behavioral2/files/0x0007000000023428-128.dat	upx
behavioral2/memory/3244-126-0x00007FF74EDD0000-0x00007FF74F1C2000-memory.dmp	upx
behavioral2/memory/2136-120-0x00007FF7F9D30000-0x00007FF7FA122000-memory.dmp	upx
behavioral2/files/0x0008000000023415-115.dat	upx
behavioral2/memory/1584-114-0x00007FF6B7180000-0x00007FF6B7572000-memory.dmp	upx
behavioral2/files/0x0007000000023426-109.dat	upx
behavioral2/files/0x0007000000023425-100.dat	upx
behavioral2/memory/3708-99-0x00007FF62C500000-0x00007FF62C8F2000-memory.dmp	upx
behavioral2/memory/5032-96-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp	upx
behavioral2/memory/4028-89-0x00007FF6F7040000-0x00007FF6F7432000-memory.dmp	upx
behavioral2/files/0x0007000000023424-85.dat	upx
behavioral2/memory/4932-84-0x00007FF62E900000-0x00007FF62ECF2000-memory.dmp	upx
behavioral2/files/0x0007000000023421-80.dat	upx
behavioral2/memory/1796-71-0x00007FF68D890000-0x00007FF68DC82000-memory.dmp	upx
behavioral2/files/0x000800000002341d-68.dat	upx
behavioral2/memory/3132-64-0x00007FF62BDD0000-0x00007FF62C1C2000-memory.dmp	upx
behavioral2/files/0x0007000000023420-66.dat	upx
behavioral2/memory/3252-59-0x00007FF757530000-0x00007FF757922000-memory.dmp	upx
behavioral2/files/0x000800000002341e-53.dat	upx
behavioral2/memory/1764-14-0x00007FF648F30000-0x00007FF649322000-memory.dmp	upx
behavioral2/memory/4012-12-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp	upx
behavioral2/files/0x0007000000023418-17.dat	upx
behavioral2/memory/4012-1952-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp	upx
behavioral2/memory/1764-1953-0x00007FF648F30000-0x00007FF649322000-memory.dmp	upx
behavioral2/memory/4028-1954-0x00007FF6F7040000-0x00007FF6F7432000-memory.dmp	upx
behavioral2/memory/5032-1972-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp	upx
behavioral2/memory/4012-2016-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp	upx
behavioral2/memory/3708-2018-0x00007FF62C500000-0x00007FF62C8F2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mYPYPMN.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\QAJefEy.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\MVhGbNg.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\xmjXZWs.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\kUczpmB.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\xxazWcm.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\fuFKVDe.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\lvdIKCX.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\nOAwdZg.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\lCXamFV.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\HYaBYnl.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\HyCUlDI.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\yDuuKki.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\JrSwnLv.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\xCZGGBl.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\ovVSEvW.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\UAVmLTr.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\NEPTqyd.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\kBfGsao.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\CXhVrTt.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\EUwOTgO.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\xNoardk.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\GdMBSQb.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\oYxWduo.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\LzfSOQe.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\CpOvGeb.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\USjSGEu.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\vCfTeOG.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\YWlFvuu.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\pYIlHvk.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\ZWIXVas.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\bAlmKXf.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\qQLAwhf.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\BymImLf.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\tMylCVs.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\IHqNltb.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\dhNOGfd.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\fqtiLsj.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\sVKcsUM.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\XRiBwUJ.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\dmpuXah.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\CaPWdep.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\PzzWNqy.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\ivsWbzu.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\bcQMofA.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\sREWWRJ.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\SQLdZhG.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\edhSFpC.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\PFkKEce.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\VLcdBWG.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\AofyPXu.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\tdUgPPZ.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\pUdAsPv.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\QvtzkkZ.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\KGhtyBP.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\eJipAbU.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\yceaXYr.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\pqEttuQ.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\IMwtQKy.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\zUcGPuq.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\fYJajyc.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\FWtugre.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\wTMrHsi.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
File created	C:\Windows\System\fpTljDT.exe	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4368	powershell.exe
4368	powershell.exe
4368	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	powershell.exe
Token: SeLockMemoryPrivilege	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 4368	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	84
PID 3120 wrote to memory of 4368	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	84
PID 3120 wrote to memory of 4012	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	85
PID 3120 wrote to memory of 4012	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	85
PID 3120 wrote to memory of 1764	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	86
PID 3120 wrote to memory of 1764	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	86
PID 3120 wrote to memory of 3708	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	87
PID 3120 wrote to memory of 3708	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	87
PID 3120 wrote to memory of 1584	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	88
PID 3120 wrote to memory of 1584	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	88
PID 3120 wrote to memory of 3252	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	89
PID 3120 wrote to memory of 3252	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	89
PID 3120 wrote to memory of 3132	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	90
PID 3120 wrote to memory of 3132	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	90
PID 3120 wrote to memory of 1796	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	91
PID 3120 wrote to memory of 1796	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	91
PID 3120 wrote to memory of 1516	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	92
PID 3120 wrote to memory of 1516	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	92
PID 3120 wrote to memory of 4932	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	93
PID 3120 wrote to memory of 4932	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	93
PID 3120 wrote to memory of 2136	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	94
PID 3120 wrote to memory of 2136	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	94
PID 3120 wrote to memory of 3244	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	95
PID 3120 wrote to memory of 3244	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	95
PID 3120 wrote to memory of 2720	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	96
PID 3120 wrote to memory of 2720	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	96
PID 3120 wrote to memory of 4028	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	97
PID 3120 wrote to memory of 4028	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	97
PID 3120 wrote to memory of 5032	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	98
PID 3120 wrote to memory of 5032	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	98
PID 3120 wrote to memory of 4560	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	99
PID 3120 wrote to memory of 4560	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	99
PID 3120 wrote to memory of 4300	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	100
PID 3120 wrote to memory of 4300	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	100
PID 3120 wrote to memory of 4636	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	101
PID 3120 wrote to memory of 4636	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	101
PID 3120 wrote to memory of 1448	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	102
PID 3120 wrote to memory of 1448	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	102
PID 3120 wrote to memory of 1812	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	103
PID 3120 wrote to memory of 1812	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	103
PID 3120 wrote to memory of 3888	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	104
PID 3120 wrote to memory of 3888	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	104
PID 3120 wrote to memory of 4856	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	105
PID 3120 wrote to memory of 4856	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	105
PID 3120 wrote to memory of 3584	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	106
PID 3120 wrote to memory of 3584	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	106
PID 3120 wrote to memory of 264	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	107
PID 3120 wrote to memory of 264	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	107
PID 3120 wrote to memory of 2696	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	108
PID 3120 wrote to memory of 2696	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	108
PID 3120 wrote to memory of 1800	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	109
PID 3120 wrote to memory of 1800	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	109
PID 3120 wrote to memory of 4604	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	110
PID 3120 wrote to memory of 4604	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	110
PID 3120 wrote to memory of 4672	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	111
PID 3120 wrote to memory of 4672	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	111
PID 3120 wrote to memory of 744	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	112
PID 3120 wrote to memory of 744	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	112
PID 3120 wrote to memory of 3760	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	113
PID 3120 wrote to memory of 3760	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	113
PID 3120 wrote to memory of 4752	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	114
PID 3120 wrote to memory of 4752	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	114
PID 3120 wrote to memory of 2648	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	115
PID 3120 wrote to memory of 2648	3120	680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\680b2608895de70df9db50780f70e7a0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4368
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4368" "2940" "2800" "2944" "0" "0" "2948" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12380
- C:\Windows\System\BzCiXdK.exe
  C:\Windows\System\BzCiXdK.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\AATxshT.exe
  C:\Windows\System\AATxshT.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\xNegwRC.exe
  C:\Windows\System\xNegwRC.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\kGRkguO.exe
  C:\Windows\System\kGRkguO.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\ohHeqhO.exe
  C:\Windows\System\ohHeqhO.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\LOSQlSD.exe
  C:\Windows\System\LOSQlSD.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\KlJLNrP.exe
  C:\Windows\System\KlJLNrP.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\TowBOIw.exe
  C:\Windows\System\TowBOIw.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\kUczpmB.exe
  C:\Windows\System\kUczpmB.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\vTrOytW.exe
  C:\Windows\System\vTrOytW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\VgsqOFa.exe
  C:\Windows\System\VgsqOFa.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\hLRHaYy.exe
  C:\Windows\System\hLRHaYy.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\lIoAPYU.exe
  C:\Windows\System\lIoAPYU.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\OVSwNHP.exe
  C:\Windows\System\OVSwNHP.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\lDadSnM.exe
  C:\Windows\System\lDadSnM.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\gBLNwJI.exe
  C:\Windows\System\gBLNwJI.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\lCXamFV.exe
  C:\Windows\System\lCXamFV.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\VqijrpF.exe
  C:\Windows\System\VqijrpF.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\oUuldWq.exe
  C:\Windows\System\oUuldWq.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ttjLJua.exe
  C:\Windows\System\ttjLJua.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\lwRomxK.exe
  C:\Windows\System\lwRomxK.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\ISZlzhv.exe
  C:\Windows\System\ISZlzhv.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\TYmzsYw.exe
  C:\Windows\System\TYmzsYw.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\xOuOVHS.exe
  C:\Windows\System\xOuOVHS.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\jOFoWdY.exe
  C:\Windows\System\jOFoWdY.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\VMhnaxn.exe
  C:\Windows\System\VMhnaxn.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\IsNpNyZ.exe
  C:\Windows\System\IsNpNyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\pIwjmog.exe
  C:\Windows\System\pIwjmog.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\sYahvAK.exe
  C:\Windows\System\sYahvAK.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\SzbHMYg.exe
  C:\Windows\System\SzbHMYg.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\jvXqhuv.exe
  C:\Windows\System\jvXqhuv.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\VcnkBYm.exe
  C:\Windows\System\VcnkBYm.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\AJyfTgm.exe
  C:\Windows\System\AJyfTgm.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\QqGolAq.exe
  C:\Windows\System\QqGolAq.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\csSRFxQ.exe
  C:\Windows\System\csSRFxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\PapVvjq.exe
  C:\Windows\System\PapVvjq.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\urbbXCx.exe
  C:\Windows\System\urbbXCx.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\nRUWGpE.exe
  C:\Windows\System\nRUWGpE.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\ggHHrdV.exe
  C:\Windows\System\ggHHrdV.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\MoMRfym.exe
  C:\Windows\System\MoMRfym.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\wdzxLYX.exe
  C:\Windows\System\wdzxLYX.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\woxwoOX.exe
  C:\Windows\System\woxwoOX.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\EtdDquR.exe
  C:\Windows\System\EtdDquR.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\TwYSYrw.exe
  C:\Windows\System\TwYSYrw.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\urmHCwY.exe
  C:\Windows\System\urmHCwY.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\jOtmEFK.exe
  C:\Windows\System\jOtmEFK.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\dPKLsuR.exe
  C:\Windows\System\dPKLsuR.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\RgyBREt.exe
  C:\Windows\System\RgyBREt.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\IMwtQKy.exe
  C:\Windows\System\IMwtQKy.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\PISjFXZ.exe
  C:\Windows\System\PISjFXZ.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\rIwkRtZ.exe
  C:\Windows\System\rIwkRtZ.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\xNoardk.exe
  C:\Windows\System\xNoardk.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\jOvptnD.exe
  C:\Windows\System\jOvptnD.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\DdbxOhl.exe
  C:\Windows\System\DdbxOhl.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\fnjZrHt.exe
  C:\Windows\System\fnjZrHt.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\InXTfTd.exe
  C:\Windows\System\InXTfTd.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\rlBPGHf.exe
  C:\Windows\System\rlBPGHf.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\JRAgprS.exe
  C:\Windows\System\JRAgprS.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\VUZpXfG.exe
  C:\Windows\System\VUZpXfG.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\Hjgirnj.exe
  C:\Windows\System\Hjgirnj.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\fzNlLDE.exe
  C:\Windows\System\fzNlLDE.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\eIMIQgD.exe
  C:\Windows\System\eIMIQgD.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\PzzWNqy.exe
  C:\Windows\System\PzzWNqy.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\yrccUhV.exe
  C:\Windows\System\yrccUhV.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\ockVkOx.exe
  C:\Windows\System\ockVkOx.exe
  2⤵
  PID:3524
- C:\Windows\System\hCZfBRJ.exe
  C:\Windows\System\hCZfBRJ.exe
  2⤵
  PID:2684
- C:\Windows\System\tNhCtqQ.exe
  C:\Windows\System\tNhCtqQ.exe
  2⤵
  PID:4264
- C:\Windows\System\UCzeLPN.exe
  C:\Windows\System\UCzeLPN.exe
  2⤵
  PID:4164
- C:\Windows\System\sXNyJvu.exe
  C:\Windows\System\sXNyJvu.exe
  2⤵
  PID:3756
- C:\Windows\System\XEnJYDb.exe
  C:\Windows\System\XEnJYDb.exe
  2⤵
  PID:4596
- C:\Windows\System\iunKOhg.exe
  C:\Windows\System\iunKOhg.exe
  2⤵
  PID:3068
- C:\Windows\System\IcdyJTZ.exe
  C:\Windows\System\IcdyJTZ.exe
  2⤵
  PID:2448
- C:\Windows\System\FfORuHd.exe
  C:\Windows\System\FfORuHd.exe
  2⤵
  PID:3324
- C:\Windows\System\DmeiFah.exe
  C:\Windows\System\DmeiFah.exe
  2⤵
  PID:384
- C:\Windows\System\rPpZciH.exe
  C:\Windows\System\rPpZciH.exe
  2⤵
  PID:5140
- C:\Windows\System\sZdPHwn.exe
  C:\Windows\System\sZdPHwn.exe
  2⤵
  PID:5168
- C:\Windows\System\BcTdIeV.exe
  C:\Windows\System\BcTdIeV.exe
  2⤵
  PID:5196
- C:\Windows\System\XorWObK.exe
  C:\Windows\System\XorWObK.exe
  2⤵
  PID:5220
- C:\Windows\System\RtGhFjM.exe
  C:\Windows\System\RtGhFjM.exe
  2⤵
  PID:5252
- C:\Windows\System\VLcdBWG.exe
  C:\Windows\System\VLcdBWG.exe
  2⤵
  PID:5280
- C:\Windows\System\yAkrufo.exe
  C:\Windows\System\yAkrufo.exe
  2⤵
  PID:5308
- C:\Windows\System\sMwobAH.exe
  C:\Windows\System\sMwobAH.exe
  2⤵
  PID:5336
- C:\Windows\System\JKDRATq.exe
  C:\Windows\System\JKDRATq.exe
  2⤵
  PID:5360
- C:\Windows\System\RcOEthC.exe
  C:\Windows\System\RcOEthC.exe
  2⤵
  PID:5388
- C:\Windows\System\fNhbXdd.exe
  C:\Windows\System\fNhbXdd.exe
  2⤵
  PID:5416
- C:\Windows\System\ixJUgiL.exe
  C:\Windows\System\ixJUgiL.exe
  2⤵
  PID:5444
- C:\Windows\System\qUglNPS.exe
  C:\Windows\System\qUglNPS.exe
  2⤵
  PID:5476
- C:\Windows\System\UWHbfYv.exe
  C:\Windows\System\UWHbfYv.exe
  2⤵
  PID:5504
- C:\Windows\System\fXfhXjs.exe
  C:\Windows\System\fXfhXjs.exe
  2⤵
  PID:5528
- C:\Windows\System\lvdIKCX.exe
  C:\Windows\System\lvdIKCX.exe
  2⤵
  PID:5560
- C:\Windows\System\mgoizCD.exe
  C:\Windows\System\mgoizCD.exe
  2⤵
  PID:5592
- C:\Windows\System\zUcGPuq.exe
  C:\Windows\System\zUcGPuq.exe
  2⤵
  PID:5620
- C:\Windows\System\zwkizFX.exe
  C:\Windows\System\zwkizFX.exe
  2⤵
  PID:5648
- C:\Windows\System\yJQUthU.exe
  C:\Windows\System\yJQUthU.exe
  2⤵
  PID:5676
- C:\Windows\System\FnOXDZL.exe
  C:\Windows\System\FnOXDZL.exe
  2⤵
  PID:5704
- C:\Windows\System\AMjLwWC.exe
  C:\Windows\System\AMjLwWC.exe
  2⤵
  PID:5732
- C:\Windows\System\ZmMkDPX.exe
  C:\Windows\System\ZmMkDPX.exe
  2⤵
  PID:5760
- C:\Windows\System\reCczbK.exe
  C:\Windows\System\reCczbK.exe
  2⤵
  PID:5788
- C:\Windows\System\klzNTgM.exe
  C:\Windows\System\klzNTgM.exe
  2⤵
  PID:5816
- C:\Windows\System\yncQyue.exe
  C:\Windows\System\yncQyue.exe
  2⤵
  PID:5836
- C:\Windows\System\LBcHjVR.exe
  C:\Windows\System\LBcHjVR.exe
  2⤵
  PID:5868
- C:\Windows\System\kXRBHMR.exe
  C:\Windows\System\kXRBHMR.exe
  2⤵
  PID:5900
- C:\Windows\System\cUouVLi.exe
  C:\Windows\System\cUouVLi.exe
  2⤵
  PID:5924
- C:\Windows\System\EODBqsC.exe
  C:\Windows\System\EODBqsC.exe
  2⤵
  PID:5960
- C:\Windows\System\sboXJRL.exe
  C:\Windows\System\sboXJRL.exe
  2⤵
  PID:5988
- C:\Windows\System\tHfwSAa.exe
  C:\Windows\System\tHfwSAa.exe
  2⤵
  PID:6020
- C:\Windows\System\PUbSODG.exe
  C:\Windows\System\PUbSODG.exe
  2⤵
  PID:6048
- C:\Windows\System\OhLVWvt.exe
  C:\Windows\System\OhLVWvt.exe
  2⤵
  PID:6080
- C:\Windows\System\VBOaYtg.exe
  C:\Windows\System\VBOaYtg.exe
  2⤵
  PID:6108
- C:\Windows\System\AIEIrVF.exe
  C:\Windows\System\AIEIrVF.exe
  2⤵
  PID:6136
- C:\Windows\System\nOfdWkb.exe
  C:\Windows\System\nOfdWkb.exe
  2⤵
  PID:1688
- C:\Windows\System\rCrxszv.exe
  C:\Windows\System\rCrxszv.exe
  2⤵
  PID:4388
- C:\Windows\System\fjaQTdX.exe
  C:\Windows\System\fjaQTdX.exe
  2⤵
  PID:2296
- C:\Windows\System\xxazWcm.exe
  C:\Windows\System\xxazWcm.exe
  2⤵
  PID:2572
- C:\Windows\System\TsTbMcV.exe
  C:\Windows\System\TsTbMcV.exe
  2⤵
  PID:3704
- C:\Windows\System\YaIVjSm.exe
  C:\Windows\System\YaIVjSm.exe
  2⤵
  PID:5160
- C:\Windows\System\pDDVPUH.exe
  C:\Windows\System\pDDVPUH.exe
  2⤵
  PID:5208
- C:\Windows\System\TRMeyfO.exe
  C:\Windows\System\TRMeyfO.exe
  2⤵
  PID:5268
- C:\Windows\System\XKgqVir.exe
  C:\Windows\System\XKgqVir.exe
  2⤵
  PID:4488
- C:\Windows\System\XNJrCHB.exe
  C:\Windows\System\XNJrCHB.exe
  2⤵
  PID:5380
- C:\Windows\System\PFPDYZP.exe
  C:\Windows\System\PFPDYZP.exe
  2⤵
  PID:5440
- C:\Windows\System\yIPqDxu.exe
  C:\Windows\System\yIPqDxu.exe
  2⤵
  PID:3752
- C:\Windows\System\AQfKqMR.exe
  C:\Windows\System\AQfKqMR.exe
  2⤵
  PID:5552
- C:\Windows\System\GHnQlgJ.exe
  C:\Windows\System\GHnQlgJ.exe
  2⤵
  PID:5632
- C:\Windows\System\ZqZEvKE.exe
  C:\Windows\System\ZqZEvKE.exe
  2⤵
  PID:5688
- C:\Windows\System\yhQhPwP.exe
  C:\Windows\System\yhQhPwP.exe
  2⤵
  PID:5748
- C:\Windows\System\HMoFisf.exe
  C:\Windows\System\HMoFisf.exe
  2⤵
  PID:3896
- C:\Windows\System\SQLdZhG.exe
  C:\Windows\System\SQLdZhG.exe
  2⤵
  PID:5948
- C:\Windows\System\rGzTYEc.exe
  C:\Windows\System\rGzTYEc.exe
  2⤵
  PID:5916
- C:\Windows\System\YFOVrjg.exe
  C:\Windows\System\YFOVrjg.exe
  2⤵
  PID:5956
- C:\Windows\System\YNFlLsc.exe
  C:\Windows\System\YNFlLsc.exe
  2⤵
  PID:6004
- C:\Windows\System\sUiXuIn.exe
  C:\Windows\System\sUiXuIn.exe
  2⤵
  PID:6068
- C:\Windows\System\exyTDgH.exe
  C:\Windows\System\exyTDgH.exe
  2⤵
  PID:216
- C:\Windows\System\bMipgIG.exe
  C:\Windows\System\bMipgIG.exe
  2⤵
  PID:4104
- C:\Windows\System\GOiNlbp.exe
  C:\Windows\System\GOiNlbp.exe
  2⤵
  PID:1044
- C:\Windows\System\sVKcsUM.exe
  C:\Windows\System\sVKcsUM.exe
  2⤵
  PID:5152
- C:\Windows\System\mAeuqws.exe
  C:\Windows\System\mAeuqws.exe
  2⤵
  PID:5240
- C:\Windows\System\GMoqBNR.exe
  C:\Windows\System\GMoqBNR.exe
  2⤵
  PID:5356
- C:\Windows\System\rqLyBph.exe
  C:\Windows\System\rqLyBph.exe
  2⤵
  PID:5488
- C:\Windows\System\MNaDuAk.exe
  C:\Windows\System\MNaDuAk.exe
  2⤵
  PID:2488
- C:\Windows\System\oYxWduo.exe
  C:\Windows\System\oYxWduo.exe
  2⤵
  PID:5720
- C:\Windows\System\XZcgOKM.exe
  C:\Windows\System\XZcgOKM.exe
  2⤵
  PID:5832
- C:\Windows\System\FtgvDGD.exe
  C:\Windows\System\FtgvDGD.exe
  2⤵
  PID:5896
- C:\Windows\System\UkdmOqR.exe
  C:\Windows\System\UkdmOqR.exe
  2⤵
  PID:5980
- C:\Windows\System\MojjoYT.exe
  C:\Windows\System\MojjoYT.exe
  2⤵
  PID:4992
- C:\Windows\System\aDxbkdW.exe
  C:\Windows\System\aDxbkdW.exe
  2⤵
  PID:3736
- C:\Windows\System\BvgqfeY.exe
  C:\Windows\System\BvgqfeY.exe
  2⤵
  PID:5128
- C:\Windows\System\aaPZgsf.exe
  C:\Windows\System\aaPZgsf.exe
  2⤵
  PID:4276
- C:\Windows\System\ahdgrCm.exe
  C:\Windows\System\ahdgrCm.exe
  2⤵
  PID:2752
- C:\Windows\System\wzbGHym.exe
  C:\Windows\System\wzbGHym.exe
  2⤵
  PID:5664
- C:\Windows\System\VyUaEmw.exe
  C:\Windows\System\VyUaEmw.exe
  2⤵
  PID:1716
- C:\Windows\System\LzfSOQe.exe
  C:\Windows\System\LzfSOQe.exe
  2⤵
  PID:2868
- C:\Windows\System\zPoJWNQ.exe
  C:\Windows\System\zPoJWNQ.exe
  2⤵
  PID:1476
- C:\Windows\System\svQmexE.exe
  C:\Windows\System\svQmexE.exe
  2⤵
  PID:2884
- C:\Windows\System\GETfJxX.exe
  C:\Windows\System\GETfJxX.exe
  2⤵
  PID:2456
- C:\Windows\System\SzKIqTr.exe
  C:\Windows\System\SzKIqTr.exe
  2⤵
  PID:2228
- C:\Windows\System\UgTgPjX.exe
  C:\Windows\System\UgTgPjX.exe
  2⤵
  PID:2468
- C:\Windows\System\egmBpef.exe
  C:\Windows\System\egmBpef.exe
  2⤵
  PID:5800
- C:\Windows\System\zhnkXdj.exe
  C:\Windows\System\zhnkXdj.exe
  2⤵
  PID:5432
- C:\Windows\System\FJSIXUt.exe
  C:\Windows\System\FJSIXUt.exe
  2⤵
  PID:3032
- C:\Windows\System\DOADyvb.exe
  C:\Windows\System\DOADyvb.exe
  2⤵
  PID:5780
- C:\Windows\System\FHFiRxM.exe
  C:\Windows\System\FHFiRxM.exe
  2⤵
  PID:5612
- C:\Windows\System\qrtHJhr.exe
  C:\Windows\System\qrtHJhr.exe
  2⤵
  PID:6152
- C:\Windows\System\EGojLBL.exe
  C:\Windows\System\EGojLBL.exe
  2⤵
  PID:6192
- C:\Windows\System\ezBFYrj.exe
  C:\Windows\System\ezBFYrj.exe
  2⤵
  PID:6224
- C:\Windows\System\GYALXuC.exe
  C:\Windows\System\GYALXuC.exe
  2⤵
  PID:6244
- C:\Windows\System\ELWzeBL.exe
  C:\Windows\System\ELWzeBL.exe
  2⤵
  PID:6308
- C:\Windows\System\DYxtGIP.exe
  C:\Windows\System\DYxtGIP.exe
  2⤵
  PID:6360
- C:\Windows\System\qvrPWGq.exe
  C:\Windows\System\qvrPWGq.exe
  2⤵
  PID:6384
- C:\Windows\System\ORtJwgH.exe
  C:\Windows\System\ORtJwgH.exe
  2⤵
  PID:6404
- C:\Windows\System\hPELGrB.exe
  C:\Windows\System\hPELGrB.exe
  2⤵
  PID:6428
- C:\Windows\System\mYPYPMN.exe
  C:\Windows\System\mYPYPMN.exe
  2⤵
  PID:6448
- C:\Windows\System\XPOOFsO.exe
  C:\Windows\System\XPOOFsO.exe
  2⤵
  PID:6484
- C:\Windows\System\lklKkgk.exe
  C:\Windows\System\lklKkgk.exe
  2⤵
  PID:6512
- C:\Windows\System\mTdxDSh.exe
  C:\Windows\System\mTdxDSh.exe
  2⤵
  PID:6532
- C:\Windows\System\cTXnQTv.exe
  C:\Windows\System\cTXnQTv.exe
  2⤵
  PID:6572
- C:\Windows\System\nUtpRYn.exe
  C:\Windows\System\nUtpRYn.exe
  2⤵
  PID:6592
- C:\Windows\System\WGRZbco.exe
  C:\Windows\System\WGRZbco.exe
  2⤵
  PID:6624
- C:\Windows\System\uEGmvSi.exe
  C:\Windows\System\uEGmvSi.exe
  2⤵
  PID:6640
- C:\Windows\System\boeAtnk.exe
  C:\Windows\System\boeAtnk.exe
  2⤵
  PID:6660
- C:\Windows\System\ysTavPR.exe
  C:\Windows\System\ysTavPR.exe
  2⤵
  PID:6696
- C:\Windows\System\LfuBtyv.exe
  C:\Windows\System\LfuBtyv.exe
  2⤵
  PID:6720
- C:\Windows\System\SDDzSZF.exe
  C:\Windows\System\SDDzSZF.exe
  2⤵
  PID:6740
- C:\Windows\System\EbwAVWK.exe
  C:\Windows\System\EbwAVWK.exe
  2⤵
  PID:6760
- C:\Windows\System\QUiuVnX.exe
  C:\Windows\System\QUiuVnX.exe
  2⤵
  PID:6788
- C:\Windows\System\qIiMepR.exe
  C:\Windows\System\qIiMepR.exe
  2⤵
  PID:6812
- C:\Windows\System\awCUzkd.exe
  C:\Windows\System\awCUzkd.exe
  2⤵
  PID:6828
- C:\Windows\System\VQISqum.exe
  C:\Windows\System\VQISqum.exe
  2⤵
  PID:6856
- C:\Windows\System\SIZwAna.exe
  C:\Windows\System\SIZwAna.exe
  2⤵
  PID:6912
- C:\Windows\System\SgVloNS.exe
  C:\Windows\System\SgVloNS.exe
  2⤵
  PID:6936
- C:\Windows\System\UOyIatl.exe
  C:\Windows\System\UOyIatl.exe
  2⤵
  PID:6952
- C:\Windows\System\AofyPXu.exe
  C:\Windows\System\AofyPXu.exe
  2⤵
  PID:6980
- C:\Windows\System\raYRmFW.exe
  C:\Windows\System\raYRmFW.exe
  2⤵
  PID:7000
- C:\Windows\System\lgcxRsF.exe
  C:\Windows\System\lgcxRsF.exe
  2⤵
  PID:7024
- C:\Windows\System\aJfMWsx.exe
  C:\Windows\System\aJfMWsx.exe
  2⤵
  PID:7068
- C:\Windows\System\mQIUiex.exe
  C:\Windows\System\mQIUiex.exe
  2⤵
  PID:7140
- C:\Windows\System\jrThjSm.exe
  C:\Windows\System\jrThjSm.exe
  2⤵
  PID:4944
- C:\Windows\System\XRiBwUJ.exe
  C:\Windows\System\XRiBwUJ.exe
  2⤵
  PID:1424
- C:\Windows\System\rozyndG.exe
  C:\Windows\System\rozyndG.exe
  2⤵
  PID:4980
- C:\Windows\System\WdObsjc.exe
  C:\Windows\System\WdObsjc.exe
  2⤵
  PID:6216
- C:\Windows\System\YTvqZlb.exe
  C:\Windows\System\YTvqZlb.exe
  2⤵
  PID:6324
- C:\Windows\System\UbakqOq.exe
  C:\Windows\System\UbakqOq.exe
  2⤵
  PID:4656
- C:\Windows\System\iOEjECs.exe
  C:\Windows\System\iOEjECs.exe
  2⤵
  PID:6440
- C:\Windows\System\EPtFVBc.exe
  C:\Windows\System\EPtFVBc.exe
  2⤵
  PID:6500
- C:\Windows\System\lpzNEUc.exe
  C:\Windows\System\lpzNEUc.exe
  2⤵
  PID:6560
- C:\Windows\System\pZYdQOj.exe
  C:\Windows\System\pZYdQOj.exe
  2⤵
  PID:3544
- C:\Windows\System\OAfijmr.exe
  C:\Windows\System\OAfijmr.exe
  2⤵
  PID:6676
- C:\Windows\System\WKlNQvB.exe
  C:\Windows\System\WKlNQvB.exe
  2⤵
  PID:1704
- C:\Windows\System\eWYadFd.exe
  C:\Windows\System\eWYadFd.exe
  2⤵
  PID:6704
- C:\Windows\System\iFGfCLs.exe
  C:\Windows\System\iFGfCLs.exe
  2⤵
  PID:6820
- C:\Windows\System\nZxUjrE.exe
  C:\Windows\System\nZxUjrE.exe
  2⤵
  PID:6784
- C:\Windows\System\TpKVBEP.exe
  C:\Windows\System\TpKVBEP.exe
  2⤵
  PID:6928
- C:\Windows\System\ZeppFjs.exe
  C:\Windows\System\ZeppFjs.exe
  2⤵
  PID:2536
- C:\Windows\System\CSKHmvc.exe
  C:\Windows\System\CSKHmvc.exe
  2⤵
  PID:6968
- C:\Windows\System\xCZGGBl.exe
  C:\Windows\System\xCZGGBl.exe
  2⤵
  PID:7060
- C:\Windows\System\knTpBWK.exe
  C:\Windows\System\knTpBWK.exe
  2⤵
  PID:7164
- C:\Windows\System\cgiDsPg.exe
  C:\Windows\System\cgiDsPg.exe
  2⤵
  PID:2396
- C:\Windows\System\xSvkPlL.exe
  C:\Windows\System\xSvkPlL.exe
  2⤵
  PID:2548
- C:\Windows\System\cQVuEFU.exe
  C:\Windows\System\cQVuEFU.exe
  2⤵
  PID:6556
- C:\Windows\System\ajBJgwo.exe
  C:\Windows\System\ajBJgwo.exe
  2⤵
  PID:6768
- C:\Windows\System\ksMPpQE.exe
  C:\Windows\System\ksMPpQE.exe
  2⤵
  PID:6716
- C:\Windows\System\auGhfif.exe
  C:\Windows\System\auGhfif.exe
  2⤵
  PID:7040
- C:\Windows\System\axCcmVC.exe
  C:\Windows\System\axCcmVC.exe
  2⤵
  PID:7080
- C:\Windows\System\IWRmvDR.exe
  C:\Windows\System\IWRmvDR.exe
  2⤵
  PID:6472
- C:\Windows\System\RDqWYCn.exe
  C:\Windows\System\RDqWYCn.exe
  2⤵
  PID:6728
- C:\Windows\System\yQNUAMs.exe
  C:\Windows\System\yQNUAMs.exe
  2⤵
  PID:6988
- C:\Windows\System\HJxBANb.exe
  C:\Windows\System\HJxBANb.exe
  2⤵
  PID:6368
- C:\Windows\System\griRzJW.exe
  C:\Windows\System\griRzJW.exe
  2⤵
  PID:6212
- C:\Windows\System\MZqseSj.exe
  C:\Windows\System\MZqseSj.exe
  2⤵
  PID:7184
- C:\Windows\System\dThwStS.exe
  C:\Windows\System\dThwStS.exe
  2⤵
  PID:7204
- C:\Windows\System\hoCUlPH.exe
  C:\Windows\System\hoCUlPH.exe
  2⤵
  PID:7252
- C:\Windows\System\VfbTXeG.exe
  C:\Windows\System\VfbTXeG.exe
  2⤵
  PID:7296
- C:\Windows\System\khLjScV.exe
  C:\Windows\System\khLjScV.exe
  2⤵
  PID:7312
- C:\Windows\System\tALXzLO.exe
  C:\Windows\System\tALXzLO.exe
  2⤵
  PID:7332
- C:\Windows\System\hOhFvhK.exe
  C:\Windows\System\hOhFvhK.exe
  2⤵
  PID:7364
- C:\Windows\System\PplKrwl.exe
  C:\Windows\System\PplKrwl.exe
  2⤵
  PID:7392
- C:\Windows\System\URifURd.exe
  C:\Windows\System\URifURd.exe
  2⤵
  PID:7412
- C:\Windows\System\ffbCIMO.exe
  C:\Windows\System\ffbCIMO.exe
  2⤵
  PID:7432
- C:\Windows\System\FTilTfO.exe
  C:\Windows\System\FTilTfO.exe
  2⤵
  PID:7472
- C:\Windows\System\HNLioOM.exe
  C:\Windows\System\HNLioOM.exe
  2⤵
  PID:7488
- C:\Windows\System\THrmdwX.exe
  C:\Windows\System\THrmdwX.exe
  2⤵
  PID:7512
- C:\Windows\System\ZWIXVas.exe
  C:\Windows\System\ZWIXVas.exe
  2⤵
  PID:7532
- C:\Windows\System\fsZLLCE.exe
  C:\Windows\System\fsZLLCE.exe
  2⤵
  PID:7560
- C:\Windows\System\edhSFpC.exe
  C:\Windows\System\edhSFpC.exe
  2⤵
  PID:7584
- C:\Windows\System\mRuZeAY.exe
  C:\Windows\System\mRuZeAY.exe
  2⤵
  PID:7604
- C:\Windows\System\wrzoKhj.exe
  C:\Windows\System\wrzoKhj.exe
  2⤵
  PID:7656
- C:\Windows\System\PjfnNUq.exe
  C:\Windows\System\PjfnNUq.exe
  2⤵
  PID:7680
- C:\Windows\System\tWBikLm.exe
  C:\Windows\System\tWBikLm.exe
  2⤵
  PID:7700
- C:\Windows\System\xQHYASr.exe
  C:\Windows\System\xQHYASr.exe
  2⤵
  PID:7724
- C:\Windows\System\VfhHlDp.exe
  C:\Windows\System\VfhHlDp.exe
  2⤵
  PID:7784
- C:\Windows\System\qQLAwhf.exe
  C:\Windows\System\qQLAwhf.exe
  2⤵
  PID:7804
- C:\Windows\System\VQCzFnz.exe
  C:\Windows\System\VQCzFnz.exe
  2⤵
  PID:7824
- C:\Windows\System\WKRmqjK.exe
  C:\Windows\System\WKRmqjK.exe
  2⤵
  PID:7852
- C:\Windows\System\TUkQnSh.exe
  C:\Windows\System\TUkQnSh.exe
  2⤵
  PID:7872
- C:\Windows\System\VDZxAra.exe
  C:\Windows\System\VDZxAra.exe
  2⤵
  PID:7904
- C:\Windows\System\NFWQdrq.exe
  C:\Windows\System\NFWQdrq.exe
  2⤵
  PID:7928
- C:\Windows\System\cNTlrzA.exe
  C:\Windows\System\cNTlrzA.exe
  2⤵
  PID:7952
- C:\Windows\System\hDwWwOT.exe
  C:\Windows\System\hDwWwOT.exe
  2⤵
  PID:7968
- C:\Windows\System\OFyahDw.exe
  C:\Windows\System\OFyahDw.exe
  2⤵
  PID:7992
- C:\Windows\System\vHyXynv.exe
  C:\Windows\System\vHyXynv.exe
  2⤵
  PID:8052
- C:\Windows\System\fpTljDT.exe
  C:\Windows\System\fpTljDT.exe
  2⤵
  PID:8080
- C:\Windows\System\AFLXOaz.exe
  C:\Windows\System\AFLXOaz.exe
  2⤵
  PID:8104
- C:\Windows\System\gsifkPe.exe
  C:\Windows\System\gsifkPe.exe
  2⤵
  PID:8124
- C:\Windows\System\fydEJRx.exe
  C:\Windows\System\fydEJRx.exe
  2⤵
  PID:8152
- C:\Windows\System\eoHVmum.exe
  C:\Windows\System\eoHVmum.exe
  2⤵
  PID:8188
- C:\Windows\System\YBYWsWq.exe
  C:\Windows\System\YBYWsWq.exe
  2⤵
  PID:7180
- C:\Windows\System\ApApbFy.exe
  C:\Windows\System\ApApbFy.exe
  2⤵
  PID:7228
- C:\Windows\System\CHOHWJQ.exe
  C:\Windows\System\CHOHWJQ.exe
  2⤵
  PID:7304
- C:\Windows\System\tJEBWQi.exe
  C:\Windows\System\tJEBWQi.exe
  2⤵
  PID:7360
- C:\Windows\System\bShZWmB.exe
  C:\Windows\System\bShZWmB.exe
  2⤵
  PID:7452
- C:\Windows\System\bkJTaSq.exe
  C:\Windows\System\bkJTaSq.exe
  2⤵
  PID:7592
- C:\Windows\System\CcxgHfD.exe
  C:\Windows\System\CcxgHfD.exe
  2⤵
  PID:7600
- C:\Windows\System\MqaoVHT.exe
  C:\Windows\System\MqaoVHT.exe
  2⤵
  PID:7664
- C:\Windows\System\RongUoy.exe
  C:\Windows\System\RongUoy.exe
  2⤵
  PID:7696
- C:\Windows\System\criAYKd.exe
  C:\Windows\System\criAYKd.exe
  2⤵
  PID:7796
- C:\Windows\System\lfGcNnC.exe
  C:\Windows\System\lfGcNnC.exe
  2⤵
  PID:7844
- C:\Windows\System\ezggDZU.exe
  C:\Windows\System\ezggDZU.exe
  2⤵
  PID:7940
- C:\Windows\System\CDnAuIH.exe
  C:\Windows\System\CDnAuIH.exe
  2⤵
  PID:7988
- C:\Windows\System\GdMBSQb.exe
  C:\Windows\System\GdMBSQb.exe
  2⤵
  PID:8060
- C:\Windows\System\DITKdVJ.exe
  C:\Windows\System\DITKdVJ.exe
  2⤵
  PID:8144
- C:\Windows\System\usRtNGU.exe
  C:\Windows\System\usRtNGU.exe
  2⤵
  PID:8172
- C:\Windows\System\tGlkZYs.exe
  C:\Windows\System\tGlkZYs.exe
  2⤵
  PID:7172
- C:\Windows\System\yceaXYr.exe
  C:\Windows\System\yceaXYr.exe
  2⤵
  PID:7220
- C:\Windows\System\KumOtKF.exe
  C:\Windows\System\KumOtKF.exe
  2⤵
  PID:7648
- C:\Windows\System\vxmrniO.exe
  C:\Windows\System\vxmrniO.exe
  2⤵
  PID:7792
- C:\Windows\System\javIELq.exe
  C:\Windows\System\javIELq.exe
  2⤵
  PID:7924
- C:\Windows\System\tHrDEtt.exe
  C:\Windows\System\tHrDEtt.exe
  2⤵
  PID:8028
- C:\Windows\System\CXgpAEe.exe
  C:\Windows\System\CXgpAEe.exe
  2⤵
  PID:8120
- C:\Windows\System\ULOJwyf.exe
  C:\Windows\System\ULOJwyf.exe
  2⤵
  PID:7408
- C:\Windows\System\mpvPTBB.exe
  C:\Windows\System\mpvPTBB.exe
  2⤵
  PID:7596
- C:\Windows\System\unhlsqd.exe
  C:\Windows\System\unhlsqd.exe
  2⤵
  PID:7896
- C:\Windows\System\oCNyKQG.exe
  C:\Windows\System\oCNyKQG.exe
  2⤵
  PID:8204
- C:\Windows\System\ZHCQggR.exe
  C:\Windows\System\ZHCQggR.exe
  2⤵
  PID:8228
- C:\Windows\System\BcwAopW.exe
  C:\Windows\System\BcwAopW.exe
  2⤵
  PID:8256
- C:\Windows\System\jzbRjlT.exe
  C:\Windows\System\jzbRjlT.exe
  2⤵
  PID:8276
- C:\Windows\System\FWtugre.exe
  C:\Windows\System\FWtugre.exe
  2⤵
  PID:8296
- C:\Windows\System\vVdlYhj.exe
  C:\Windows\System\vVdlYhj.exe
  2⤵
  PID:8348
- C:\Windows\System\ivsWbzu.exe
  C:\Windows\System\ivsWbzu.exe
  2⤵
  PID:8364
- C:\Windows\System\kJCcUlk.exe
  C:\Windows\System\kJCcUlk.exe
  2⤵
  PID:8388
- C:\Windows\System\wpQPFZM.exe
  C:\Windows\System\wpQPFZM.exe
  2⤵
  PID:8420
- C:\Windows\System\QAJefEy.exe
  C:\Windows\System\QAJefEy.exe
  2⤵
  PID:8444
- C:\Windows\System\ZDXOuMA.exe
  C:\Windows\System\ZDXOuMA.exe
  2⤵
  PID:8464
- C:\Windows\System\EUAYRVD.exe
  C:\Windows\System\EUAYRVD.exe
  2⤵
  PID:8488
- C:\Windows\System\lXXLBzf.exe
  C:\Windows\System\lXXLBzf.exe
  2⤵
  PID:8508
- C:\Windows\System\RAhqorf.exe
  C:\Windows\System\RAhqorf.exe
  2⤵
  PID:8532
- C:\Windows\System\UrXPPqO.exe
  C:\Windows\System\UrXPPqO.exe
  2⤵
  PID:8556
- C:\Windows\System\ogDhkAI.exe
  C:\Windows\System\ogDhkAI.exe
  2⤵
  PID:8604
- C:\Windows\System\mUCKxuv.exe
  C:\Windows\System\mUCKxuv.exe
  2⤵
  PID:8636
- C:\Windows\System\BKtsjgJ.exe
  C:\Windows\System\BKtsjgJ.exe
  2⤵
  PID:8664
- C:\Windows\System\CupWqFL.exe
  C:\Windows\System\CupWqFL.exe
  2⤵
  PID:8684
- C:\Windows\System\UAVmLTr.exe
  C:\Windows\System\UAVmLTr.exe
  2⤵
  PID:8700
- C:\Windows\System\EJvRQuj.exe
  C:\Windows\System\EJvRQuj.exe
  2⤵
  PID:8732
- C:\Windows\System\vXNKaEm.exe
  C:\Windows\System\vXNKaEm.exe
  2⤵
  PID:8780
- C:\Windows\System\uzzklbm.exe
  C:\Windows\System\uzzklbm.exe
  2⤵
  PID:8800
- C:\Windows\System\BIlAhFP.exe
  C:\Windows\System\BIlAhFP.exe
  2⤵
  PID:8824
- C:\Windows\System\OqeOTxL.exe
  C:\Windows\System\OqeOTxL.exe
  2⤵
  PID:8872
- C:\Windows\System\YMkBQNv.exe
  C:\Windows\System\YMkBQNv.exe
  2⤵
  PID:8896
- C:\Windows\System\MAQbdjU.exe
  C:\Windows\System\MAQbdjU.exe
  2⤵
  PID:8916
- C:\Windows\System\rKHSNJD.exe
  C:\Windows\System\rKHSNJD.exe
  2⤵
  PID:8944
- C:\Windows\System\JqxEEVN.exe
  C:\Windows\System\JqxEEVN.exe
  2⤵
  PID:8984
- C:\Windows\System\ByPBrkB.exe
  C:\Windows\System\ByPBrkB.exe
  2⤵
  PID:9040
- C:\Windows\System\AyFAUer.exe
  C:\Windows\System\AyFAUer.exe
  2⤵
  PID:9068
- C:\Windows\System\hNkstPl.exe
  C:\Windows\System\hNkstPl.exe
  2⤵
  PID:9096
- C:\Windows\System\yrDxwQk.exe
  C:\Windows\System\yrDxwQk.exe
  2⤵
  PID:9124
- C:\Windows\System\pTTGXSJ.exe
  C:\Windows\System\pTTGXSJ.exe
  2⤵
  PID:9148
- C:\Windows\System\mnjtLzl.exe
  C:\Windows\System\mnjtLzl.exe
  2⤵
  PID:9176
- C:\Windows\System\OCmaMVC.exe
  C:\Windows\System\OCmaMVC.exe
  2⤵
  PID:9192
- C:\Windows\System\fitpqox.exe
  C:\Windows\System\fitpqox.exe
  2⤵
  PID:7200
- C:\Windows\System\dbnbFYk.exe
  C:\Windows\System\dbnbFYk.exe
  2⤵
  PID:8272
- C:\Windows\System\bAlmKXf.exe
  C:\Windows\System\bAlmKXf.exe
  2⤵
  PID:8320
- C:\Windows\System\xUddbGp.exe
  C:\Windows\System\xUddbGp.exe
  2⤵
  PID:8356
- C:\Windows\System\XmsjRyz.exe
  C:\Windows\System\XmsjRyz.exe
  2⤵
  PID:8472
- C:\Windows\System\gZZKiaG.exe
  C:\Windows\System\gZZKiaG.exe
  2⤵
  PID:8500
- C:\Windows\System\xisMSWb.exe
  C:\Windows\System\xisMSWb.exe
  2⤵
  PID:8544
- C:\Windows\System\ZrvvkCg.exe
  C:\Windows\System\ZrvvkCg.exe
  2⤵
  PID:8612
- C:\Windows\System\KGhtyBP.exe
  C:\Windows\System\KGhtyBP.exe
  2⤵
  PID:8616
- C:\Windows\System\MVhGbNg.exe
  C:\Windows\System\MVhGbNg.exe
  2⤵
  PID:8716
- C:\Windows\System\SbUnzvb.exe
  C:\Windows\System\SbUnzvb.exe
  2⤵
  PID:8820
- C:\Windows\System\bqqopnE.exe
  C:\Windows\System\bqqopnE.exe
  2⤵
  PID:8940
- C:\Windows\System\njXncip.exe
  C:\Windows\System\njXncip.exe
  2⤵
  PID:7880
- C:\Windows\System\OBTEaly.exe
  C:\Windows\System\OBTEaly.exe
  2⤵
  PID:9028
- C:\Windows\System\irmTGyU.exe
  C:\Windows\System\irmTGyU.exe
  2⤵
  PID:9136
- C:\Windows\System\LFFIWPT.exe
  C:\Windows\System\LFFIWPT.exe
  2⤵
  PID:9144
- C:\Windows\System\WsmXqvE.exe
  C:\Windows\System\WsmXqvE.exe
  2⤵
  PID:8220
- C:\Windows\System\giqGkMP.exe
  C:\Windows\System\giqGkMP.exe
  2⤵
  PID:8380
- C:\Windows\System\YOomPBL.exe
  C:\Windows\System\YOomPBL.exe
  2⤵
  PID:8428
- C:\Windows\System\qhjWLUL.exe
  C:\Windows\System\qhjWLUL.exe
  2⤵
  PID:8656
- C:\Windows\System\jDNpocp.exe
  C:\Windows\System\jDNpocp.exe
  2⤵
  PID:8764
- C:\Windows\System\MBjAVPK.exe
  C:\Windows\System\MBjAVPK.exe
  2⤵
  PID:8888
- C:\Windows\System\poWybUM.exe
  C:\Windows\System\poWybUM.exe
  2⤵
  PID:9032
- C:\Windows\System\Gjptclf.exe
  C:\Windows\System\Gjptclf.exe
  2⤵
  PID:8720
- C:\Windows\System\jAbVFvO.exe
  C:\Windows\System\jAbVFvO.exe
  2⤵
  PID:9252
- C:\Windows\System\XdrqLqG.exe
  C:\Windows\System\XdrqLqG.exe
  2⤵
  PID:9268
- C:\Windows\System\MKmYDlc.exe
  C:\Windows\System\MKmYDlc.exe
  2⤵
  PID:9360
- C:\Windows\System\RRpKkSE.exe
  C:\Windows\System\RRpKkSE.exe
  2⤵
  PID:9376
- C:\Windows\System\FAqWfUF.exe
  C:\Windows\System\FAqWfUF.exe
  2⤵
  PID:9396
- C:\Windows\System\JNapXEo.exe
  C:\Windows\System\JNapXEo.exe
  2⤵
  PID:9460
- C:\Windows\System\VDwPAgW.exe
  C:\Windows\System\VDwPAgW.exe
  2⤵
  PID:9488
- C:\Windows\System\GQaYkTj.exe
  C:\Windows\System\GQaYkTj.exe
  2⤵
  PID:9508
- C:\Windows\System\AsuWJVx.exe
  C:\Windows\System\AsuWJVx.exe
  2⤵
  PID:9540
- C:\Windows\System\OHtHFqt.exe
  C:\Windows\System\OHtHFqt.exe
  2⤵
  PID:9556
- C:\Windows\System\OdFajiw.exe
  C:\Windows\System\OdFajiw.exe
  2⤵
  PID:9600
- C:\Windows\System\CRagbPM.exe
  C:\Windows\System\CRagbPM.exe
  2⤵
  PID:9620
- C:\Windows\System\qaeHSlo.exe
  C:\Windows\System\qaeHSlo.exe
  2⤵
  PID:9644
- C:\Windows\System\CaERnOF.exe
  C:\Windows\System\CaERnOF.exe
  2⤵
  PID:9704
- C:\Windows\System\kOMlnAB.exe
  C:\Windows\System\kOMlnAB.exe
  2⤵
  PID:9760
- C:\Windows\System\BAzVmPP.exe
  C:\Windows\System\BAzVmPP.exe
  2⤵
  PID:9792
- C:\Windows\System\BdeQuKg.exe
  C:\Windows\System\BdeQuKg.exe
  2⤵
  PID:9816
- C:\Windows\System\ezmFqLa.exe
  C:\Windows\System\ezmFqLa.exe
  2⤵
  PID:9832
- C:\Windows\System\kABwmAx.exe
  C:\Windows\System\kABwmAx.exe
  2⤵
  PID:9852
- C:\Windows\System\WsdotZG.exe
  C:\Windows\System\WsdotZG.exe
  2⤵
  PID:9888
- C:\Windows\System\LVtujwM.exe
  C:\Windows\System\LVtujwM.exe
  2⤵
  PID:9908
- C:\Windows\System\qrAcsBb.exe
  C:\Windows\System\qrAcsBb.exe
  2⤵
  PID:9952
- C:\Windows\System\srgDJIr.exe
  C:\Windows\System\srgDJIr.exe
  2⤵
  PID:9976
- C:\Windows\System\dQFYbbA.exe
  C:\Windows\System\dQFYbbA.exe
  2⤵
  PID:9996
- C:\Windows\System\xHURJPV.exe
  C:\Windows\System\xHURJPV.exe
  2⤵
  PID:10044
- C:\Windows\System\uwxnnnN.exe
  C:\Windows\System\uwxnnnN.exe
  2⤵
  PID:10068
- C:\Windows\System\ivFNapl.exe
  C:\Windows\System\ivFNapl.exe
  2⤵
  PID:10084
- C:\Windows\System\eJipAbU.exe
  C:\Windows\System\eJipAbU.exe
  2⤵
  PID:10104
- C:\Windows\System\XeXJkbr.exe
  C:\Windows\System\XeXJkbr.exe
  2⤵
  PID:10124
- C:\Windows\System\IzXpnpO.exe
  C:\Windows\System\IzXpnpO.exe
  2⤵
  PID:10156
- C:\Windows\System\Wpukugq.exe
  C:\Windows\System\Wpukugq.exe
  2⤵
  PID:10184
- C:\Windows\System\JMShRPP.exe
  C:\Windows\System\JMShRPP.exe
  2⤵
  PID:8976
- C:\Windows\System\zXjocKN.exe
  C:\Windows\System\zXjocKN.exe
  2⤵
  PID:8292
- C:\Windows\System\rtNbheq.exe
  C:\Windows\System\rtNbheq.exe
  2⤵
  PID:9228
- C:\Windows\System\mdVLwZp.exe
  C:\Windows\System\mdVLwZp.exe
  2⤵
  PID:8772
- C:\Windows\System\CpOvGeb.exe
  C:\Windows\System\CpOvGeb.exe
  2⤵
  PID:9340
- C:\Windows\System\ttBjcSI.exe
  C:\Windows\System\ttBjcSI.exe
  2⤵
  PID:9060
- C:\Windows\System\hxKHQbx.exe
  C:\Windows\System\hxKHQbx.exe
  2⤵
  PID:9232
- C:\Windows\System\FwYRuIK.exe
  C:\Windows\System\FwYRuIK.exe
  2⤵
  PID:9260
- C:\Windows\System\JeklqjJ.exe
  C:\Windows\System\JeklqjJ.exe
  2⤵
  PID:9392
- C:\Windows\System\dXsTsii.exe
  C:\Windows\System\dXsTsii.exe
  2⤵
  PID:9456
- C:\Windows\System\ZteJUZa.exe
  C:\Windows\System\ZteJUZa.exe
  2⤵
  PID:9584
- C:\Windows\System\trijwHd.exe
  C:\Windows\System\trijwHd.exe
  2⤵
  PID:9596
- C:\Windows\System\kcBmfta.exe
  C:\Windows\System\kcBmfta.exe
  2⤵
  PID:9676
- C:\Windows\System\mWAXszC.exe
  C:\Windows\System\mWAXszC.exe
  2⤵
  PID:9696
- C:\Windows\System\BymImLf.exe
  C:\Windows\System\BymImLf.exe
  2⤵
  PID:9784
- C:\Windows\System\lfcrwGE.exe
  C:\Windows\System\lfcrwGE.exe
  2⤵
  PID:9900
- C:\Windows\System\HPQXQOm.exe
  C:\Windows\System\HPQXQOm.exe
  2⤵
  PID:10004
- C:\Windows\System\rYITetQ.exe
  C:\Windows\System\rYITetQ.exe
  2⤵
  PID:10060
- C:\Windows\System\cBPaAXV.exe
  C:\Windows\System\cBPaAXV.exe
  2⤵
  PID:10096
- C:\Windows\System\eHAaaQF.exe
  C:\Windows\System\eHAaaQF.exe
  2⤵
  PID:10136
- C:\Windows\System\tElGuaV.exe
  C:\Windows\System\tElGuaV.exe
  2⤵
  PID:10224
- C:\Windows\System\mlHUFGU.exe
  C:\Windows\System\mlHUFGU.exe
  2⤵
  PID:9240
- C:\Windows\System\UGNllPp.exe
  C:\Windows\System\UGNllPp.exe
  2⤵
  PID:9316
- C:\Windows\System\edDtQva.exe
  C:\Windows\System\edDtQva.exe
  2⤵
  PID:5876
- C:\Windows\System\hsLRHKw.exe
  C:\Windows\System\hsLRHKw.exe
  2⤵
  PID:9536
- C:\Windows\System\upJObjO.exe
  C:\Windows\System\upJObjO.exe
  2⤵
  PID:9720
- C:\Windows\System\jyxLard.exe
  C:\Windows\System\jyxLard.exe
  2⤵
  PID:9628
- C:\Windows\System\NmpImNP.exe
  C:\Windows\System\NmpImNP.exe
  2⤵
  PID:9824
- C:\Windows\System\tdUgPPZ.exe
  C:\Windows\System\tdUgPPZ.exe
  2⤵
  PID:10028
- C:\Windows\System\ZWtMOGF.exe
  C:\Windows\System\ZWtMOGF.exe
  2⤵
  PID:10148
- C:\Windows\System\YqwbAOk.exe
  C:\Windows\System\YqwbAOk.exe
  2⤵
  PID:9280
- C:\Windows\System\YtjneNC.exe
  C:\Windows\System\YtjneNC.exe
  2⤵
  PID:8252
- C:\Windows\System\qpRazVZ.exe
  C:\Windows\System\qpRazVZ.exe
  2⤵
  PID:9968
- C:\Windows\System\rNpWblW.exe
  C:\Windows\System\rNpWblW.exe
  2⤵
  PID:10116
- C:\Windows\System\UBCWxZl.exe
  C:\Windows\System\UBCWxZl.exe
  2⤵
  PID:9964
- C:\Windows\System\JrsRPTN.exe
  C:\Windows\System\JrsRPTN.exe
  2⤵
  PID:10172
- C:\Windows\System\RAZkdQB.exe
  C:\Windows\System\RAZkdQB.exe
  2⤵
  PID:10260
- C:\Windows\System\mkBxvnr.exe
  C:\Windows\System\mkBxvnr.exe
  2⤵
  PID:10288
- C:\Windows\System\jQNEHSE.exe
  C:\Windows\System\jQNEHSE.exe
  2⤵
  PID:10324
- C:\Windows\System\mMKFbfK.exe
  C:\Windows\System\mMKFbfK.exe
  2⤵
  PID:10356
- C:\Windows\System\FgvyYti.exe
  C:\Windows\System\FgvyYti.exe
  2⤵
  PID:10384
- C:\Windows\System\JzfLEuk.exe
  C:\Windows\System\JzfLEuk.exe
  2⤵
  PID:10408
- C:\Windows\System\qMiElcW.exe
  C:\Windows\System\qMiElcW.exe
  2⤵
  PID:10428
- C:\Windows\System\dMKYgSD.exe
  C:\Windows\System\dMKYgSD.exe
  2⤵
  PID:10452
- C:\Windows\System\mZmhBEe.exe
  C:\Windows\System\mZmhBEe.exe
  2⤵
  PID:10500
- C:\Windows\System\lqoHmyK.exe
  C:\Windows\System\lqoHmyK.exe
  2⤵
  PID:10516
- C:\Windows\System\OdLyvRR.exe
  C:\Windows\System\OdLyvRR.exe
  2⤵
  PID:10560
- C:\Windows\System\wTMrHsi.exe
  C:\Windows\System\wTMrHsi.exe
  2⤵
  PID:10584
- C:\Windows\System\hyQGFhX.exe
  C:\Windows\System\hyQGFhX.exe
  2⤵
  PID:10608
- C:\Windows\System\ovVSEvW.exe
  C:\Windows\System\ovVSEvW.exe
  2⤵
  PID:10632
- C:\Windows\System\RZQzOjB.exe
  C:\Windows\System\RZQzOjB.exe
  2⤵
  PID:10668
- C:\Windows\System\USjSGEu.exe
  C:\Windows\System\USjSGEu.exe
  2⤵
  PID:10712
- C:\Windows\System\kEmoIfN.exe
  C:\Windows\System\kEmoIfN.exe
  2⤵
  PID:10740
- C:\Windows\System\VkdJnJw.exe
  C:\Windows\System\VkdJnJw.exe
  2⤵
  PID:10760
- C:\Windows\System\pRWOuIv.exe
  C:\Windows\System\pRWOuIv.exe
  2⤵
  PID:10792
- C:\Windows\System\XdxDyDO.exe
  C:\Windows\System\XdxDyDO.exe
  2⤵
  PID:10808
- C:\Windows\System\jCaRWCs.exe
  C:\Windows\System\jCaRWCs.exe
  2⤵
  PID:10832
- C:\Windows\System\dmpuXah.exe
  C:\Windows\System\dmpuXah.exe
  2⤵
  PID:10872
- C:\Windows\System\JPLCuJY.exe
  C:\Windows\System\JPLCuJY.exe
  2⤵
  PID:10900
- C:\Windows\System\cnPMHNK.exe
  C:\Windows\System\cnPMHNK.exe
  2⤵
  PID:10940
- C:\Windows\System\yxyAqiz.exe
  C:\Windows\System\yxyAqiz.exe
  2⤵
  PID:10960
- C:\Windows\System\cgfonJD.exe
  C:\Windows\System\cgfonJD.exe
  2⤵
  PID:10984
- C:\Windows\System\wmlWenj.exe
  C:\Windows\System\wmlWenj.exe
  2⤵
  PID:11004
- C:\Windows\System\tMylCVs.exe
  C:\Windows\System\tMylCVs.exe
  2⤵
  PID:11036
- C:\Windows\System\YTuQblr.exe
  C:\Windows\System\YTuQblr.exe
  2⤵
  PID:11072
- C:\Windows\System\kMhWIpm.exe
  C:\Windows\System\kMhWIpm.exe
  2⤵
  PID:11096
- C:\Windows\System\FWJViIv.exe
  C:\Windows\System\FWJViIv.exe
  2⤵
  PID:11116
- C:\Windows\System\WAJPJKI.exe
  C:\Windows\System\WAJPJKI.exe
  2⤵
  PID:11144
- C:\Windows\System\ClDrLTz.exe
  C:\Windows\System\ClDrLTz.exe
  2⤵
  PID:11168
- C:\Windows\System\gasMgIB.exe
  C:\Windows\System\gasMgIB.exe
  2⤵
  PID:11208
- C:\Windows\System\FoSaOCO.exe
  C:\Windows\System\FoSaOCO.exe
  2⤵
  PID:11232
- C:\Windows\System\YeWdAZY.exe
  C:\Windows\System\YeWdAZY.exe
  2⤵
  PID:10252
- C:\Windows\System\NEPTqyd.exe
  C:\Windows\System\NEPTqyd.exe
  2⤵
  PID:10348
- C:\Windows\System\SMSzvNI.exe
  C:\Windows\System\SMSzvNI.exe
  2⤵
  PID:10380
- C:\Windows\System\dYWJtHz.exe
  C:\Windows\System\dYWJtHz.exe
  2⤵
  PID:10420
- C:\Windows\System\RSCVztm.exe
  C:\Windows\System\RSCVztm.exe
  2⤵
  PID:10448
- C:\Windows\System\RPwXwzQ.exe
  C:\Windows\System\RPwXwzQ.exe
  2⤵
  PID:10508
- C:\Windows\System\lVqawUx.exe
  C:\Windows\System\lVqawUx.exe
  2⤵
  PID:10576
- C:\Windows\System\xHbbHZe.exe
  C:\Windows\System\xHbbHZe.exe
  2⤵
  PID:10616
- C:\Windows\System\xjKsRGx.exe
  C:\Windows\System\xjKsRGx.exe
  2⤵
  PID:10748
- C:\Windows\System\juytiKI.exe
  C:\Windows\System\juytiKI.exe
  2⤵
  PID:10804
- C:\Windows\System\kyjqOzg.exe
  C:\Windows\System\kyjqOzg.exe
  2⤵
  PID:10856
- C:\Windows\System\hzuOTxK.exe
  C:\Windows\System\hzuOTxK.exe
  2⤵
  PID:10916
- C:\Windows\System\dKjyuQx.exe
  C:\Windows\System\dKjyuQx.exe
  2⤵
  PID:10952
- C:\Windows\System\WOQwJPD.exe
  C:\Windows\System\WOQwJPD.exe
  2⤵
  PID:11044
- C:\Windows\System\aRIJhuC.exe
  C:\Windows\System\aRIJhuC.exe
  2⤵
  PID:11112
- C:\Windows\System\RfLTdAO.exe
  C:\Windows\System\RfLTdAO.exe
  2⤵
  PID:8548
- C:\Windows\System\XVxrpkv.exe
  C:\Windows\System\XVxrpkv.exe
  2⤵
  PID:11192
- C:\Windows\System\kBfGsao.exe
  C:\Windows\System\kBfGsao.exe
  2⤵
  PID:11224
- C:\Windows\System\CaPWdep.exe
  C:\Windows\System\CaPWdep.exe
  2⤵
  PID:2936
- C:\Windows\System\fYJajyc.exe
  C:\Windows\System\fYJajyc.exe
  2⤵
  PID:10376
- C:\Windows\System\xmjXZWs.exe
  C:\Windows\System\xmjXZWs.exe
  2⤵
  PID:10336
- C:\Windows\System\myJURQZ.exe
  C:\Windows\System\myJURQZ.exe
  2⤵
  PID:10664
- C:\Windows\System\frXpTAZ.exe
  C:\Windows\System\frXpTAZ.exe
  2⤵
  PID:10968
- C:\Windows\System\XWMyUrL.exe
  C:\Windows\System\XWMyUrL.exe
  2⤵
  PID:10976
- C:\Windows\System\THabSmM.exe
  C:\Windows\System\THabSmM.exe
  2⤵
  PID:11160
- C:\Windows\System\sVyjQhH.exe
  C:\Windows\System\sVyjQhH.exe
  2⤵
  PID:10784
- C:\Windows\System\JijYWpZ.exe
  C:\Windows\System\JijYWpZ.exe
  2⤵
  PID:10896
- C:\Windows\System\IHqNltb.exe
  C:\Windows\System\IHqNltb.exe
  2⤵
  PID:11108
- C:\Windows\System\EMtgdyf.exe
  C:\Windows\System\EMtgdyf.exe
  2⤵
  PID:10640
- C:\Windows\System\lGEzHIc.exe
  C:\Windows\System\lGEzHIc.exe
  2⤵
  PID:11276
- C:\Windows\System\AluLibh.exe
  C:\Windows\System\AluLibh.exe
  2⤵
  PID:11332
- C:\Windows\System\XWcHPWL.exe
  C:\Windows\System\XWcHPWL.exe
  2⤵
  PID:11356
- C:\Windows\System\vYZSYjd.exe
  C:\Windows\System\vYZSYjd.exe
  2⤵
  PID:11372
- C:\Windows\System\dpBImoF.exe
  C:\Windows\System\dpBImoF.exe
  2⤵
  PID:11392
- C:\Windows\System\GOrxfQu.exe
  C:\Windows\System\GOrxfQu.exe
  2⤵
  PID:11428
- C:\Windows\System\PGlMLaM.exe
  C:\Windows\System\PGlMLaM.exe
  2⤵
  PID:11476
- C:\Windows\System\jLyPulo.exe
  C:\Windows\System\jLyPulo.exe
  2⤵
  PID:11492
- C:\Windows\System\lkZgdKd.exe
  C:\Windows\System\lkZgdKd.exe
  2⤵
  PID:11512
- C:\Windows\System\cnZhUXV.exe
  C:\Windows\System\cnZhUXV.exe
  2⤵
  PID:11528
- C:\Windows\System\pUdAsPv.exe
  C:\Windows\System\pUdAsPv.exe
  2⤵
  PID:11572
- C:\Windows\System\INIEuMf.exe
  C:\Windows\System\INIEuMf.exe
  2⤵
  PID:11588
- C:\Windows\System\HWLPvET.exe
  C:\Windows\System\HWLPvET.exe
  2⤵
  PID:11616
- C:\Windows\System\KhAiLiW.exe
  C:\Windows\System\KhAiLiW.exe
  2⤵
  PID:11636
- C:\Windows\System\QIMUxDT.exe
  C:\Windows\System\QIMUxDT.exe
  2⤵
  PID:11656
- C:\Windows\System\CXhVrTt.exe
  C:\Windows\System\CXhVrTt.exe
  2⤵
  PID:11692
- C:\Windows\System\QlzSebr.exe
  C:\Windows\System\QlzSebr.exe
  2⤵
  PID:11728
- C:\Windows\System\XlPTzDB.exe
  C:\Windows\System\XlPTzDB.exe
  2⤵
  PID:11748
- C:\Windows\System\ECoZcqt.exe
  C:\Windows\System\ECoZcqt.exe
  2⤵
  PID:11788
- C:\Windows\System\jqYWqPV.exe
  C:\Windows\System\jqYWqPV.exe
  2⤵
  PID:11832
- C:\Windows\System\KagRgyw.exe
  C:\Windows\System\KagRgyw.exe
  2⤵
  PID:11852
- C:\Windows\System\MBdRpDb.exe
  C:\Windows\System\MBdRpDb.exe
  2⤵
  PID:11868
- C:\Windows\System\NcuhEAa.exe
  C:\Windows\System\NcuhEAa.exe
  2⤵
  PID:11892
- C:\Windows\System\GLooUHd.exe
  C:\Windows\System\GLooUHd.exe
  2⤵
  PID:11916
- C:\Windows\System\wyrDaws.exe
  C:\Windows\System\wyrDaws.exe
  2⤵
  PID:11960
- C:\Windows\System\zEXhxLu.exe
  C:\Windows\System\zEXhxLu.exe
  2⤵
  PID:12000
- C:\Windows\System\qsXoqzp.exe
  C:\Windows\System\qsXoqzp.exe
  2⤵
  PID:12016
- C:\Windows\System\chrJMKO.exe
  C:\Windows\System\chrJMKO.exe
  2⤵
  PID:12040
- C:\Windows\System\EUwOTgO.exe
  C:\Windows\System\EUwOTgO.exe
  2⤵
  PID:12088
- C:\Windows\System\rWyVlJW.exe
  C:\Windows\System\rWyVlJW.exe
  2⤵
  PID:12120
- C:\Windows\System\tdGiBub.exe
  C:\Windows\System\tdGiBub.exe
  2⤵
  PID:12140
- C:\Windows\System\sPgknBF.exe
  C:\Windows\System\sPgknBF.exe
  2⤵
  PID:12180
- C:\Windows\System\pqEttuQ.exe
  C:\Windows\System\pqEttuQ.exe
  2⤵
  PID:12196
- C:\Windows\System\tBZgupB.exe
  C:\Windows\System\tBZgupB.exe
  2⤵
  PID:12216
- C:\Windows\System\fuFKVDe.exe
  C:\Windows\System\fuFKVDe.exe
  2⤵
  PID:12236
- C:\Windows\System\HyCUlDI.exe
  C:\Windows\System\HyCUlDI.exe
  2⤵
  PID:12260
- C:\Windows\System\dFtEGwr.exe
  C:\Windows\System\dFtEGwr.exe
  2⤵
  PID:11252
- C:\Windows\System\BRlYqnl.exe
  C:\Windows\System\BRlYqnl.exe
  2⤵
  PID:11084
- C:\Windows\System\qejxoJA.exe
  C:\Windows\System\qejxoJA.exe
  2⤵
  PID:11352
- C:\Windows\System\LdGoHII.exe
  C:\Windows\System\LdGoHII.exe
  2⤵
  PID:11388
- C:\Windows\System\hnPGeGU.exe
  C:\Windows\System\hnPGeGU.exe
  2⤵
  PID:11416
- C:\Windows\System\kKdEwpb.exe
  C:\Windows\System\kKdEwpb.exe
  2⤵
  PID:11444
- C:\Windows\System\UDPMQWr.exe
  C:\Windows\System\UDPMQWr.exe
  2⤵
  PID:11508
- C:\Windows\System\NtexVOl.exe
  C:\Windows\System\NtexVOl.exe
  2⤵
  PID:11608
- C:\Windows\System\WPJHcuC.exe
  C:\Windows\System\WPJHcuC.exe
  2⤵
  PID:11628
- C:\Windows\System\bthGHwk.exe
  C:\Windows\System\bthGHwk.exe
  2⤵
  PID:11776
- C:\Windows\System\ekWVpvq.exe
  C:\Windows\System\ekWVpvq.exe
  2⤵
  PID:11744
- C:\Windows\System\GVXIbZK.exe
  C:\Windows\System\GVXIbZK.exe
  2⤵
  PID:11864
- C:\Windows\System\Btfksnr.exe
  C:\Windows\System\Btfksnr.exe
  2⤵
  PID:11908
- C:\Windows\System\LwSAIic.exe
  C:\Windows\System\LwSAIic.exe
  2⤵
  PID:12076
- C:\Windows\System\dhNOGfd.exe
  C:\Windows\System\dhNOGfd.exe
  2⤵
  PID:12156
- C:\Windows\System\pLYQImo.exe
  C:\Windows\System\pLYQImo.exe
  2⤵
  PID:12228
- C:\Windows\System\XMNyDBT.exe
  C:\Windows\System\XMNyDBT.exe
  2⤵
  PID:11268
- C:\Windows\System\wvufHKB.exe
  C:\Windows\System\wvufHKB.exe
  2⤵
  PID:11348
- C:\Windows\System\DwIoyxS.exe
  C:\Windows\System\DwIoyxS.exe
  2⤵
  PID:11420
- C:\Windows\System\nOAwdZg.exe
  C:\Windows\System\nOAwdZg.exe
  2⤵
  PID:3800
- C:\Windows\System\efdkuvH.exe
  C:\Windows\System\efdkuvH.exe
  2⤵
  PID:11596
- C:\Windows\System\RbDqmKE.exe
  C:\Windows\System\RbDqmKE.exe
  2⤵
  PID:11740
- C:\Windows\System\sXUndKc.exe
  C:\Windows\System\sXUndKc.exe
  2⤵
  PID:11956
- C:\Windows\System\yDuuKki.exe
  C:\Windows\System\yDuuKki.exe
  2⤵
  PID:12012
- C:\Windows\System\isFaops.exe
  C:\Windows\System\isFaops.exe
  2⤵
  PID:12208
- C:\Windows\System\OMUEBPF.exe
  C:\Windows\System\OMUEBPF.exe
  2⤵
  PID:11368
- C:\Windows\System\WTYMguG.exe
  C:\Windows\System\WTYMguG.exe
  2⤵
  PID:11520
- C:\Windows\System\iZSUXkG.exe
  C:\Windows\System\iZSUXkG.exe
  2⤵
  PID:11800
- C:\Windows\System\TdbTFGM.exe
  C:\Windows\System\TdbTFGM.exe
  2⤵
  PID:4824
- C:\Windows\System\ipAJHvL.exe
  C:\Windows\System\ipAJHvL.exe
  2⤵
  PID:11816
- C:\Windows\System\bhLgwob.exe
  C:\Windows\System\bhLgwob.exe
  2⤵
  PID:2356
- C:\Windows\System\ZxuHIqL.exe
  C:\Windows\System\ZxuHIqL.exe
  2⤵
  PID:12296
- C:\Windows\System\ZgRwCPQ.exe
  C:\Windows\System\ZgRwCPQ.exe
  2⤵
  PID:12324
- C:\Windows\System\gJvkGNN.exe
  C:\Windows\System\gJvkGNN.exe
  2⤵
  PID:12348
- C:\Windows\System\QvtzkkZ.exe
  C:\Windows\System\QvtzkkZ.exe
  2⤵
  PID:12364
- C:\Windows\System\XrSSQSf.exe
  C:\Windows\System\XrSSQSf.exe
  2⤵
  PID:12396
- C:\Windows\System\vcYfdPh.exe
  C:\Windows\System\vcYfdPh.exe
  2⤵
  PID:12436
- C:\Windows\System\Annvphn.exe
  C:\Windows\System\Annvphn.exe
  2⤵
  PID:12464
- C:\Windows\System\vCfTeOG.exe
  C:\Windows\System\vCfTeOG.exe
  2⤵
  PID:12488
- C:\Windows\System\ZeDkvNj.exe
  C:\Windows\System\ZeDkvNj.exe
  2⤵
  PID:12536
- C:\Windows\System\NwwCUea.exe
  C:\Windows\System\NwwCUea.exe
  2⤵
  PID:12568
- C:\Windows\System\uEKfXAj.exe
  C:\Windows\System\uEKfXAj.exe
  2⤵
  PID:12584
- C:\Windows\System\fihUCjB.exe
  C:\Windows\System\fihUCjB.exe
  2⤵
  PID:12600
- C:\Windows\System\HYaBYnl.exe
  C:\Windows\System\HYaBYnl.exe
  2⤵
  PID:12620
- C:\Windows\System\uWoUWCp.exe
  C:\Windows\System\uWoUWCp.exe
  2⤵
  PID:12648
- C:\Windows\System\ixygtls.exe
  C:\Windows\System\ixygtls.exe
  2⤵
  PID:12688
- C:\Windows\System\hEqlTmk.exe
  C:\Windows\System\hEqlTmk.exe
  2⤵
  PID:12728
- C:\Windows\System\nFRQFyj.exe
  C:\Windows\System\nFRQFyj.exe
  2⤵
  PID:12748
- C:\Windows\System\yoZFIhn.exe
  C:\Windows\System\yoZFIhn.exe
  2⤵
  PID:12776
- C:\Windows\System\iFxczCj.exe
  C:\Windows\System\iFxczCj.exe
  2⤵
  PID:12812
- C:\Windows\System\ZfvPVfv.exe
  C:\Windows\System\ZfvPVfv.exe
  2⤵
  PID:12836
- C:\Windows\System\Nzllvop.exe
  C:\Windows\System\Nzllvop.exe
  2⤵
  PID:12856
- C:\Windows\System\iPzMmtC.exe
  C:\Windows\System\iPzMmtC.exe
  2⤵
  PID:12884
- C:\Windows\System\GbCNtJZ.exe
  C:\Windows\System\GbCNtJZ.exe
  2⤵
  PID:12912
- C:\Windows\System\aTdvzpZ.exe
  C:\Windows\System\aTdvzpZ.exe
  2⤵
  PID:12936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zto2oy3w.0b5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AATxshT.exe

Filesize
1.7MB

MD5
edaaebccecccbda7cdb9390515266bd3

SHA1
71f2cd2c5acc20a384b79e380d475308a518d94b

SHA256
27cc2851c5dc75a2a42f988bbf69706dfe11838831d023fca08d602c7e8bf4e9

SHA512
74cd6bfdd63a62f7d32e0903fadd2ebb68cbaa483eac0283cfcb23e11bd673ab0b72ec2bc28003d7aada96dc398c11502b3cacedbc822070984a16348820837a

Download Submit
C:\Windows\System\AJyfTgm.exe

Filesize
1.8MB

MD5
d91725a8db4d2b78802b6d3fd7fedd4e

SHA1
fe2d5c4b279c84966030d839f0c8716463e41517

SHA256
b3669209ccb71acb608dd5c6097d97193ca5d523fd048a700b51fd6538f6200e

SHA512
e8b819f61f8ac15ef32c88b97dd5f8cb4d752e210357d25bbc11a9c06eae9e8d8f1a32eb624d40ed074cf3b84bda1590c01e73f365feef4d3cad409e9324ae6f

Download Submit
C:\Windows\System\BzCiXdK.exe

Filesize
1.7MB

MD5
cf1ee63f3b3e220cc3a4f076ba8c50f5

SHA1
cf97d3d12c08afdd0a3da9189e4923600a079e8b

SHA256
816947a9975562d2e8c48781930c93419cf7004d1f5a4433ac0ad026dc8267e4

SHA512
8f1574c540ddd8677fb5bf34c4917ad3eeeb4e604fa5833827b9ee9356ff4c9a843489c88b63422c8541040eb45830d979ec35e0a30701d2b30d93d9d8210d31

Download Submit
C:\Windows\System\ISZlzhv.exe

Filesize
1.8MB

MD5
76e9758b9b915b05c94068a264e05f32

SHA1
a40f2e71a51c9cfcb363c71b0c51018cb84215d8

SHA256
99296a2f18f7207417a450d5837a3c870e7f9fc2dfae3fbfa70c336a65a40660

SHA512
17bf37a365b072daf4ee57ae6401eb55e624a9dbb3e0cf47f055c002f67233d6330bc5dfb8a9f86e157ae633763738a81af49466fa36ec6666c7abb481dd16d5

Download Submit
C:\Windows\System\IsNpNyZ.exe

Filesize
1.8MB

MD5
37fe027d46d612e0ac1a494d1569c28c

SHA1
2db7d82ad3009ce8357f943886fad40e7aa03d34

SHA256
7aed38b5d2d093e8d9d31cc4b2538384e0c82634bcf67731723401aa41ba31fd

SHA512
ac8a0485d5face54a81b35fb38446c2e2fda401c525a969e82f5989c49b00c4e712512632feccc0eab9220452794beef1490081b0bcc7ceff5edeb6846c8d44c

Download Submit
C:\Windows\System\JrSwnLv.exe

Filesize
8B

MD5
03f6c06cbca2116586dcb830cb1e7df2

SHA1
21959527eb4bdd4f1722864fa3a0565158da0f4e

SHA256
7c68cc08ed1401c0caafd3e73d5d856fc875748ed5e62a3ad679b5b0fee4938f

SHA512
39de7a17d12a7e9cc23a1b27c4c49944527213fbd572a6002483088201aba931dcd3d50b2479479e5c47888eeed5c23ce039cc4e68daaf253fbac40894ca1f2b

Download Submit
C:\Windows\System\KlJLNrP.exe

Filesize
1.8MB

MD5
ac1b9b7cc43a4a569465a40eac26c268

SHA1
b82bdcceca52dffea6b23fac1c8b85bcfd24e7bc

SHA256
10dfe8cded85877898aaf2d5211100197f7a6acbaa0a7056ef55ad2a5a3f6dd5

SHA512
e3afd0573599a408132890696550a6cd89d057df33d819b1822611c5379375264c3f9535e8559b827b7d564e9edd88789561781edd7d284e6342f18d7f634b32

Download Submit
C:\Windows\System\LOSQlSD.exe

Filesize
1.8MB

MD5
81e84e6ee44304d0409459eeb1d49f45

SHA1
f2c374d15f57d5809d583fa67ffb3d16ac508104

SHA256
2d76936c639590d484bce8ea6364cc2a6ce8edada68d8d7581adbb44d8d93b98

SHA512
0171a8608111a5d956f3626e00de7d780a3bdaf1f1481c9755c9675844777c5063a514409d0797800ad3a3fb87a4af6c2ea485e6c992009d360574d65a2cbe93

Download Submit
C:\Windows\System\OVSwNHP.exe

Filesize
1.8MB

MD5
0f365c87355a9f1a7f6c3b2c026a9c64

SHA1
3a09275253407a6e2f407b9ad7afe5c791236841

SHA256
642c878220ef39976b856a021a81b77ca1caab2c5b2cb23bd1357ae1d65dd1b9

SHA512
f2458032c06d07f9c0e45e81af99924ba826529c51616341034e8c9cfc83970db0920b5a48d35dc2547a909e7f822fe1d444e8aa8bcb76c6b458e585d6fd6ceb

Download Submit
C:\Windows\System\SzbHMYg.exe

Filesize
1.8MB

MD5
9d4e18639fdc35dac6797cf5e40675a4

SHA1
2deff8e5f9ceed57ad4e0bcb934500c7cb44939b

SHA256
2f467ce51448c5609897926bbd74f57c85a87bffa9507d7ef4e4f6af2289f255

SHA512
75524681a98ed7a827ef0068eea42cb955c923809e359fdec08efc0b958a65416db46e1617de42b099a96b98c138958f9a7493090a8d6fad11f9964dcd959a66

Download Submit
C:\Windows\System\TYmzsYw.exe

Filesize
1.8MB

MD5
50e433aeb901ce6ca1dd52b2a879a3fd

SHA1
b7d4625ef3a5d49a15c8f88975034c8fc5769892

SHA256
f92b5e93fa279022973143e6b52e5fba638e53d1b583d1347141557906158225

SHA512
368366eec8e5812d457fe99e4c031d3b727e5eb6e2d44204beb6b985d36e924fbec7d5867df2752113c5994b4e06892bb3182fa1ac0a6cb287fd9629a03db0bc

Download Submit
C:\Windows\System\TowBOIw.exe

Filesize
1.8MB

MD5
c51469e013e2d21538fad562e34a7f64

SHA1
b37b6f8c5ab8cd77635a32bf2ee74cb27298ebe7

SHA256
f854f4c0c1b416aec72ead82c7564a95f4a98a02bbc01795862ac74a3f2c9304

SHA512
15881a6c69c1b7de35aa1a8484703359c4f08107e2159a56031539b03326d5a97b6961a3b3ffe98f1ef665ba49802a2a5c64045d1dd3fe6553c1bc94e098379d

Download Submit
C:\Windows\System\VMhnaxn.exe

Filesize
1.8MB

MD5
93b349bcd7a1ad6d2f2aa2bc7f10bb62

SHA1
03e2c65d0917d1f866d3825f5f5d2a3e34a999a1

SHA256
672b3897d41e4768d19d612966e2c2fdf50485d5180844b34b2d7e588e783211

SHA512
5f2427255d9082f369aa2e830dab9efdc0d7f5922a2c38c45d5b18c78bb6db4ec503b96d557b49ebd421df337511c13af308d1df892519162aa4eb16769af85c

Download Submit
C:\Windows\System\VcnkBYm.exe

Filesize
1.8MB

MD5
eafb70a0a0304e48bda2a5ddb72e8f46

SHA1
0c62b74f818242d5fe9087f9fffa8712091c4a52

SHA256
8cdc4220e2a44a98027eb8454f32079a17534df5cc876a9fa2bf26006c461c76

SHA512
198bb1eff9e9ee7a9a8ebd404b900b233b659bed003a7cfcbcc83597141b8ce7975c4a8f1e440013ad800c057346d4290a26a51cd12304c7a7e548c082338890

Download Submit
C:\Windows\System\VgsqOFa.exe

Filesize
1.8MB

MD5
400ba83f943d7d41b9ac7e580bc94eea

SHA1
d6a6d1a333a1e590801b94540a7d6abef761f7bc

SHA256
a94912dbb6806bb989c4b341764683882258b31e07c05bd09abb9af24c9101a8

SHA512
e999cda1ce56f9c00432554dfd9126a5092fd208ae314702ccafafc9ab3892460d99c85f48166b48618c25f28baed6a7e504257a5de89f782cbae5567ed977dc

Download Submit
C:\Windows\System\VqijrpF.exe

Filesize
1.8MB

MD5
aee63029f97010a9bef7341d8aebfa32

SHA1
4052277e851cb3f47232b3db95bfd40dfc22fe07

SHA256
3aa30cd87b04204067feff60b9360a78caec2894ce8704c99666024d7b577fde

SHA512
bd541e1f54d2a13f440f394b665e834307c209dd84335182193b93609c9685cccdb2fdd50b46eac1b2cfb76aa1976a8acfed0ad7261aa4feba8c96ee04812311

Download Submit
C:\Windows\System\gBLNwJI.exe

Filesize
1.8MB

MD5
b14afa3391571b730615975f977d068c

SHA1
7cbadd9d9800e4ecba27a2423ef51d235ed58f4f

SHA256
547c2f5ad07e937989465671371992b5ce4376cc6bb6a3d40227818c786fa665

SHA512
d9c88991fd14e8a7d50d3e2927fa8694781ed20b11d2da49ae7fd89d9a8b1ce15df09bd73d74b08b49f6611d12d295ce23c43741432396f551cda4b0aadefad5

Download Submit
C:\Windows\System\hLRHaYy.exe

Filesize
1.8MB

MD5
86aa5a1d2320bffd38d3774ff6fc3d35

SHA1
7e7134c2771c281e25c92f6a1a469e4b8b483a08

SHA256
990b7a696fd75296d086122830151930db7edf41eb4b3313016295842c02197f

SHA512
c4ce09410743f1d7ff7b109185eb252eb3c5f38a750fe7370c28a775b79ec288bb2d7d40b4e772815febec97a785e03806283cd2fe14f97dace94ffbb8403e06

Download Submit
C:\Windows\System\jOFoWdY.exe

Filesize
1.8MB

MD5
21a0646a077a13d4ebaad282b786504a

SHA1
6de43da4f317e3541b84cbda5f09b7bd29984e2f

SHA256
d74963abdf6ca33db2d60ea767d74c3a5b39d2ea7c2ff894422d9663bbd31c4b

SHA512
7e2224d5001b5763f5f74edd4a802f2a567821dfde4be2495dc2a6a72feb5c76117af85da4f37613bb49010c14dfae4eed62cf4c190ee92c99110cd3b4b88d2c

Download Submit
C:\Windows\System\jvXqhuv.exe

Filesize
1.8MB

MD5
92c27c0dc65680eba044438f07e57b51

SHA1
e4affd8e41adb4a116d5e18a89d5ec9502be5fe2

SHA256
65ccc6d4010fd56194408553ae5837e98b38eb0f75d3bdf0900a16f399277212

SHA512
de7c535831208cf880a07bddb3ad721e754d3a60982d21231b72d13bf1d252c4f42c51b869464a3999c68be63d3cb36a0dac72b3f75d0447028d93dd28b154ec

Download Submit
C:\Windows\System\kGRkguO.exe

Filesize
1.7MB

MD5
cbe15e55be907150c568c616373e6a0e

SHA1
6019beb066d9a2282eb931063adc30c4f04bea6f

SHA256
eac94f18167ebca8c5c5bb31b2598fb0e3a1e4222671e56444716073c8d4e1be

SHA512
bf309ccc72435eea21df0db9dbdfbd3627f450238c7bb74ff775a31975cfabb1b7b2f8bc64364dbf1cc01031bd3d3d5c0ba5f6e0bbb3a0582a9cac2577b8612e

Download Submit
C:\Windows\System\kUczpmB.exe

Filesize
1.8MB

MD5
93673488a03aa7f316c08264e20420f1

SHA1
2bc6abd603da4f868db833f810be95af4ffa2e24

SHA256
d2b82c1485c7e916f581e65f2bb22679c5d58b8f342383d19e4a5c3c2823ceee

SHA512
2a3200b9bb9d06bd6ed7b5d2df7dcd6fe6b8444296b4c692f827b7c8e6b67ace47963adee5d5d3d0fa87811c93727beb3cce8b5afacf88eed6cc48c8c48d1559

Download Submit
C:\Windows\System\lCXamFV.exe

Filesize
1.8MB

MD5
df8476b64968bbe81eb3db938211139e

SHA1
471d2c26ffeb013991a0e28b518276c640dd9881

SHA256
7b0364234450db6d4b71f4cb633e2b1d924d103de528fcfaf89d4914ffcefeda

SHA512
dcd77b6faf0fca6b502c4d7ce59797bdd13ce576681308391c4734962a345ffc5541d50a09dded965d5fbdd9a7146389e0e9f239ac0b5b779b2a0e9f7d2cc5ca

Download Submit
C:\Windows\System\lDadSnM.exe

Filesize
1.8MB

MD5
7bae49dcdf97bc9126f739ad3075ede3

SHA1
fc68ec0fc74dd9e4df560679b82613783572a362

SHA256
94b322f1ed4108948940eeeb0dbff04377cb5716c780fef203f2c53a58ee261b

SHA512
035156916118831eb3d53cc55d2354e00fbc52cb6755e5a7a83b474a06d8a65e413c44835dbba16aa6b99e36d53a13ad607782999722e3681c10a07f39e8ab11

Download Submit
C:\Windows\System\lIoAPYU.exe

Filesize
1.8MB

MD5
eef8cb1c0434110f3fe0007b9291df62

SHA1
9ce992389928ba231ea69b6675cd83921d2f1c0e

SHA256
52260ee92f8448e4211f9dfb573a695edc8ebd5f895e8951bbb3f65679c54cff

SHA512
0eb6c8a7cc7c8abaff7781d280753b3c9f17576f0b7fe09e355a0ef19065541bb538988338def949b49da5afa348c432a75392c21eb1ff6dd716cb51aa432cc5

Download Submit
C:\Windows\System\lwRomxK.exe

Filesize
1.8MB

MD5
aab8ec7295d5adf003e7a26016835b45

SHA1
09b9ddfd57a6fc4f2cc4eccab9c60a15ed9fd096

SHA256
87fd9c2092f246314e58326c06cf971248a3e8efd2a3d76b63459d4d2f1a7a50

SHA512
413e0db9898dcc75fb5472843671664e758eee427028c9109ac443e9f6630fd66ae504bbe498ee93d019bf03ad652f50f308b9417a3d6893d2a7103da33ef776

Download Submit
C:\Windows\System\oUuldWq.exe

Filesize
1.8MB

MD5
ad7eba5de68ec09cb04f86934d4366ba

SHA1
a6192a6afd89d0b42609cbd2daa1b271c4398866

SHA256
660d1830e69767a38f287bd13717538aca81430a3c1f4996ba95b2c021de840a

SHA512
600b00a25583ddb0aca6a7f6a2ad57a5c049204782803b79ffb9dfd6c4a1ec621beb50f3014a594d9d35ae201843883f37967fe808883203795fbbd13328ebe7

Download Submit
C:\Windows\System\ohHeqhO.exe

Filesize
1.8MB

MD5
625ff532bc384552f92abb757a75ab3b

SHA1
5a35415ad79c294d8090380748688099ff7dc42e

SHA256
67dfeb6d0a1c5e58033ceee7b5b0c242aa9ecfe8836276c584b8330cb2a0a2b2

SHA512
fc635ef283ae7ee94f6b8e9e9fa559f015f942ff6c108190fef278f34af2e281b67c8f9585e6b6542dfe1cac91f5373e28483c2185a70bfa14d3ed3fb9357b93

Download Submit
C:\Windows\System\pIwjmog.exe

Filesize
1.8MB

MD5
f43f03f3915c8ee2a61de1ac429e4a58

SHA1
116253a05630a32b7b41a46bfb1d42b3eef38403

SHA256
ac3c8f266be32fd28bda3e9ea14af957ada25010cbe8a9c6a5db0dad7a33e151

SHA512
0ea9342cb84501aaf3a8f758b789fbabb477a8b64f076436a016bba9eb12abd292ea5db7d03d5d3ca5f45b8076a4f496027e55128ebeeb680212842001f4c507

Download Submit
C:\Windows\System\sYahvAK.exe

Filesize
1.8MB

MD5
4f1d32ae1bad70da5af8c391b239bea1

SHA1
6ad589c8ea98fb23740f5f86907a664df9cf7d73

SHA256
c65027a99c3a8c8fafbb0aa1e52d422558ae50a9f94062dee2924a844c95ad4e

SHA512
984b8b82d9398a3bbdd6412828fd98758d68509b15cf8022f9e2aaf611c55be5700eb715cc58afe6cfdfa620e44b740e4b12a48d53c7d36eb66ec0bfcc983142

Download Submit
C:\Windows\System\ttjLJua.exe

Filesize
1.8MB

MD5
8e1b93117793d4fcfca8d787ef9e1141

SHA1
fa66a4d493accfab270b18b07fd634a9d0d20081

SHA256
9c04460b268d853b999aaa69bf9e2875158763b5fc24e6da2964a0e71996351f

SHA512
0d16ea31b01353169fb1271ffa0b39d4af659a2aa438bf46fa04fc73d2e050e3360878c53bf4abadeef07877990d300414928910172fdc7c6c42482b2bf6c6ef

Download Submit
C:\Windows\System\vTrOytW.exe

Filesize
1.8MB

MD5
4e405accda282df73904a934f4c990a2

SHA1
2867d0fe800d4aa7bc0389e410221da879761eb5

SHA256
d65e33ded6555f4ae23ee7c25b696868f9257175624a89cf454fac21b9fae764

SHA512
53e1e30d8edc40aa8b811eacec43e47c3d2583fa16915cf826ac08e0181ffef01720748a4692a814628a55333677cf78dbf56935c887fb3e579ca3b85a236674

Download Submit
C:\Windows\System\xNegwRC.exe

Filesize
1.7MB

MD5
d2ba30766ca003132111c59fd809edee

SHA1
2f9a09121e9c385631d1370c7b12a9aaaacceb1a

SHA256
bdd444003bb9964d71c30a7bdd7c8bb0b7c14c7503e21b419be7103c7ccb2a02

SHA512
d30c58695e79d707f9c5a81b0435ad333aba73aeaa70b96e9f014cdaa943f0f757c9df496cb5670ee6dca9572c26c5ba477d344bb28c662811c6f7030ef12671

Download Submit
C:\Windows\System\xOuOVHS.exe

Filesize
1.8MB

MD5
4152ff43b302923afd3c984402fa3f3a

SHA1
26e5756f91ef6068fc1e14a580492ab468b704d3

SHA256
7a3b0e110484a1dce3e41d68863302bedd7be6b67cfa76a94f5ade9187f16c98

SHA512
2bee67f1fb1b0756af93ea56270d0039c0ac597439167843d4cabe3e006a29839d63be46bb601a09d8ec97920a4401fae646325f7f03d7aca12f16f637668e5f

Download Submit
memory/264-2060-0x00007FF7A0CD0000-0x00007FF7A10C2000-memory.dmp

Filesize
3.9MB

Download
memory/264-176-0x00007FF7A0CD0000-0x00007FF7A10C2000-memory.dmp

Filesize
3.9MB

Download
memory/1448-2053-0x00007FF7FD960000-0x00007FF7FDD52000-memory.dmp

Filesize
3.9MB

Download
memory/1448-151-0x00007FF7FD960000-0x00007FF7FDD52000-memory.dmp

Filesize
3.9MB

Download
memory/1516-86-0x00007FF7B55A0000-0x00007FF7B5992000-memory.dmp

Filesize
3.9MB

Download
memory/1516-2032-0x00007FF7B55A0000-0x00007FF7B5992000-memory.dmp

Filesize
3.9MB

Download
memory/1584-2022-0x00007FF6B7180000-0x00007FF6B7572000-memory.dmp

Filesize
3.9MB

Download
memory/1584-114-0x00007FF6B7180000-0x00007FF6B7572000-memory.dmp

Filesize
3.9MB

Download
memory/1764-1953-0x00007FF648F30000-0x00007FF649322000-memory.dmp

Filesize
3.9MB

Download
memory/1764-2020-0x00007FF648F30000-0x00007FF649322000-memory.dmp

Filesize
3.9MB

Download
memory/1764-14-0x00007FF648F30000-0x00007FF649322000-memory.dmp

Filesize
3.9MB

Download
memory/1796-71-0x00007FF68D890000-0x00007FF68DC82000-memory.dmp

Filesize
3.9MB

Download
memory/1796-2028-0x00007FF68D890000-0x00007FF68DC82000-memory.dmp

Filesize
3.9MB

Download
memory/1812-2046-0x00007FF60A780000-0x00007FF60AB72000-memory.dmp

Filesize
3.9MB

Download
memory/1812-157-0x00007FF60A780000-0x00007FF60AB72000-memory.dmp

Filesize
3.9MB

Download
memory/2136-120-0x00007FF7F9D30000-0x00007FF7FA122000-memory.dmp

Filesize
3.9MB

Download
memory/2136-2035-0x00007FF7F9D30000-0x00007FF7FA122000-memory.dmp

Filesize
3.9MB

Download
memory/2696-182-0x00007FF64FF30000-0x00007FF650322000-memory.dmp

Filesize
3.9MB

Download
memory/2696-2065-0x00007FF64FF30000-0x00007FF650322000-memory.dmp

Filesize
3.9MB

Download
memory/2720-2044-0x00007FF74BE80000-0x00007FF74C272000-memory.dmp

Filesize
3.9MB

Download
memory/2720-127-0x00007FF74BE80000-0x00007FF74C272000-memory.dmp

Filesize
3.9MB

Download
memory/3120-1-0x000001AD71BB0000-0x000001AD71BC0000-memory.dmp

Filesize
64KB

Download
memory/3120-0-0x00007FF731CC0000-0x00007FF7320B2000-memory.dmp

Filesize
3.9MB

Download
memory/3132-64-0x00007FF62BDD0000-0x00007FF62C1C2000-memory.dmp

Filesize
3.9MB

Download
memory/3132-2026-0x00007FF62BDD0000-0x00007FF62C1C2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-126-0x00007FF74EDD0000-0x00007FF74F1C2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-2036-0x00007FF74EDD0000-0x00007FF74F1C2000-memory.dmp

Filesize
3.9MB

Download
memory/3252-59-0x00007FF757530000-0x00007FF757922000-memory.dmp

Filesize
3.9MB

Download
memory/3252-2024-0x00007FF757530000-0x00007FF757922000-memory.dmp

Filesize
3.9MB

Download
memory/3584-2058-0x00007FF613340000-0x00007FF613732000-memory.dmp

Filesize
3.9MB

Download
memory/3584-170-0x00007FF613340000-0x00007FF613732000-memory.dmp

Filesize
3.9MB

Download
memory/3708-99-0x00007FF62C500000-0x00007FF62C8F2000-memory.dmp

Filesize
3.9MB

Download
memory/3708-2018-0x00007FF62C500000-0x00007FF62C8F2000-memory.dmp

Filesize
3.9MB

Download
memory/3888-2051-0x00007FF7F5340000-0x00007FF7F5732000-memory.dmp

Filesize
3.9MB

Download
memory/3888-158-0x00007FF7F5340000-0x00007FF7F5732000-memory.dmp

Filesize
3.9MB

Download
memory/4012-12-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp

Filesize
3.9MB

Download
memory/4012-1952-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp

Filesize
3.9MB

Download
memory/4012-2016-0x00007FF6F2440000-0x00007FF6F2832000-memory.dmp

Filesize
3.9MB

Download
memory/4028-89-0x00007FF6F7040000-0x00007FF6F7432000-memory.dmp

Filesize
3.9MB

Download
memory/4028-2043-0x00007FF6F7040000-0x00007FF6F7432000-memory.dmp

Filesize
3.9MB

Download
memory/4028-1954-0x00007FF6F7040000-0x00007FF6F7432000-memory.dmp

Filesize
3.9MB

Download
memory/4300-145-0x00007FF670520000-0x00007FF670912000-memory.dmp

Filesize
3.9MB

Download
memory/4300-2057-0x00007FF670520000-0x00007FF670912000-memory.dmp

Filesize
3.9MB

Download
memory/4368-50-0x0000025B705C0000-0x0000025B705E2000-memory.dmp

Filesize
136KB

Download
memory/4368-1971-0x00007FFE30513000-0x00007FFE30515000-memory.dmp

Filesize
8KB

Download
memory/4368-1951-0x00007FFE30510000-0x00007FFE30FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4368-19-0x00007FFE30513000-0x00007FFE30515000-memory.dmp

Filesize
8KB

Download
memory/4368-401-0x0000025B71140000-0x0000025B718E6000-memory.dmp

Filesize
7.6MB

Download
memory/4368-54-0x00007FFE30510000-0x00007FFE30FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4368-1996-0x00007FFE30510000-0x00007FFE30FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4368-108-0x00007FFE30510000-0x00007FFE30FD1000-memory.dmp

Filesize
10.8MB

Download
memory/4560-133-0x00007FF74D1A0000-0x00007FF74D592000-memory.dmp

Filesize
3.9MB

Download
memory/4560-2039-0x00007FF74D1A0000-0x00007FF74D592000-memory.dmp

Filesize
3.9MB

Download
memory/4636-2055-0x00007FF7FCAC0000-0x00007FF7FCEB2000-memory.dmp

Filesize
3.9MB

Download
memory/4636-139-0x00007FF7FCAC0000-0x00007FF7FCEB2000-memory.dmp

Filesize
3.9MB

Download
memory/4856-2049-0x00007FF755A20000-0x00007FF755E12000-memory.dmp

Filesize
3.9MB

Download
memory/4856-164-0x00007FF755A20000-0x00007FF755E12000-memory.dmp

Filesize
3.9MB

Download
memory/4932-84-0x00007FF62E900000-0x00007FF62ECF2000-memory.dmp

Filesize
3.9MB

Download
memory/4932-2030-0x00007FF62E900000-0x00007FF62ECF2000-memory.dmp

Filesize
3.9MB

Download
memory/5032-2041-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp

Filesize
3.9MB

Download
memory/5032-96-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp

Filesize
3.9MB

Download
memory/5032-1972-0x00007FF63ADC0000-0x00007FF63B1B2000-memory.dmp

Filesize
3.9MB

Download