xmrig | b6e75d826e93645cc16ede0bd95473deff3c734adab101b9ab3f819e56c80645

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
Size

1.6MB
MD5

75fc81cd74065ea5df0ecdcb5a1b41c0
SHA1

930ab4b7d814a5efac533671862d3fa21caf03c2
SHA256

b6e75d826e93645cc16ede0bd95473deff3c734adab101b9ab3f819e56c80645
SHA512

bf8f92265ec33f474fa5e5ef036d579c9cd473beae72052a8f9cd5476486c95c56d79e9d32376d1b6fd93c29d85e25c99ee8afbeef380e1ff8aaa85a8e616d5a
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5GqlfiQzf0Y098dx:Lz071uv4BPMkHC0I6Gz3N1pHVfyH1DHS

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/1272-9-0x00007FF799220000-0x00007FF799612000-memory.dmp	xmrig
behavioral2/memory/1576-117-0x00007FF7DA120000-0x00007FF7DA512000-memory.dmp	xmrig
behavioral2/memory/1036-336-0x00007FF61EA50000-0x00007FF61EE42000-memory.dmp	xmrig
behavioral2/memory/1672-338-0x00007FF7589B0000-0x00007FF758DA2000-memory.dmp	xmrig
behavioral2/memory/2068-339-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp	xmrig
behavioral2/memory/2704-337-0x00007FF72E5D0000-0x00007FF72E9C2000-memory.dmp	xmrig
behavioral2/memory/1500-340-0x00007FF6C2D00000-0x00007FF6C30F2000-memory.dmp	xmrig
behavioral2/memory/3156-341-0x00007FF628650000-0x00007FF628A42000-memory.dmp	xmrig
behavioral2/memory/3872-342-0x00007FF7A6370000-0x00007FF7A6762000-memory.dmp	xmrig
behavioral2/memory/2924-116-0x00007FF654320000-0x00007FF654712000-memory.dmp	xmrig
behavioral2/memory/4360-115-0x00007FF63B110000-0x00007FF63B502000-memory.dmp	xmrig
behavioral2/memory/2292-112-0x00007FF7FC8D0000-0x00007FF7FCCC2000-memory.dmp	xmrig
behavioral2/memory/2828-111-0x00007FF70CED0000-0x00007FF70D2C2000-memory.dmp	xmrig
behavioral2/memory/1252-108-0x00007FF686960000-0x00007FF686D52000-memory.dmp	xmrig
behavioral2/memory/2604-106-0x00007FF6773B0000-0x00007FF6777A2000-memory.dmp	xmrig
behavioral2/memory/836-100-0x00007FF742AE0000-0x00007FF742ED2000-memory.dmp	xmrig
behavioral2/memory/3660-99-0x00007FF653E80000-0x00007FF654272000-memory.dmp	xmrig
behavioral2/memory/5112-91-0x00007FF78E500000-0x00007FF78E8F2000-memory.dmp	xmrig
behavioral2/memory/4488-81-0x00007FF7B47B0000-0x00007FF7B4BA2000-memory.dmp	xmrig
behavioral2/memory/3060-73-0x00007FF7EF010000-0x00007FF7EF402000-memory.dmp	xmrig
behavioral2/memory/1588-72-0x00007FF667160000-0x00007FF667552000-memory.dmp	xmrig
behavioral2/memory/1272-2271-0x00007FF799220000-0x00007FF799612000-memory.dmp	xmrig
behavioral2/memory/1732-2273-0x00007FF781800000-0x00007FF781BF2000-memory.dmp	xmrig
behavioral2/memory/2400-2274-0x00007FF6311D0000-0x00007FF6315C2000-memory.dmp	xmrig
behavioral2/memory/1980-2275-0x00007FF7F3DB0000-0x00007FF7F41A2000-memory.dmp	xmrig
behavioral2/memory/1272-2324-0x00007FF799220000-0x00007FF799612000-memory.dmp	xmrig
behavioral2/memory/1588-2326-0x00007FF667160000-0x00007FF667552000-memory.dmp	xmrig
behavioral2/memory/1732-2328-0x00007FF781800000-0x00007FF781BF2000-memory.dmp	xmrig
behavioral2/memory/2400-2330-0x00007FF6311D0000-0x00007FF6315C2000-memory.dmp	xmrig
behavioral2/memory/4488-2333-0x00007FF7B47B0000-0x00007FF7B4BA2000-memory.dmp	xmrig
behavioral2/memory/3060-2334-0x00007FF7EF010000-0x00007FF7EF402000-memory.dmp	xmrig
behavioral2/memory/1980-2336-0x00007FF7F3DB0000-0x00007FF7F41A2000-memory.dmp	xmrig
behavioral2/memory/5112-2338-0x00007FF78E500000-0x00007FF78E8F2000-memory.dmp	xmrig
behavioral2/memory/2604-2343-0x00007FF6773B0000-0x00007FF6777A2000-memory.dmp	xmrig
behavioral2/memory/2828-2354-0x00007FF70CED0000-0x00007FF70D2C2000-memory.dmp	xmrig
behavioral2/memory/2292-2353-0x00007FF7FC8D0000-0x00007FF7FCCC2000-memory.dmp	xmrig
behavioral2/memory/1576-2356-0x00007FF7DA120000-0x00007FF7DA512000-memory.dmp	xmrig
behavioral2/memory/1252-2347-0x00007FF686960000-0x00007FF686D52000-memory.dmp	xmrig
behavioral2/memory/3660-2351-0x00007FF653E80000-0x00007FF654272000-memory.dmp	xmrig
behavioral2/memory/836-2349-0x00007FF742AE0000-0x00007FF742ED2000-memory.dmp	xmrig
behavioral2/memory/4360-2341-0x00007FF63B110000-0x00007FF63B502000-memory.dmp	xmrig
behavioral2/memory/2924-2344-0x00007FF654320000-0x00007FF654712000-memory.dmp	xmrig
behavioral2/memory/1500-2361-0x00007FF6C2D00000-0x00007FF6C30F2000-memory.dmp	xmrig
behavioral2/memory/2068-2362-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp	xmrig
behavioral2/memory/3156-2370-0x00007FF628650000-0x00007FF628A42000-memory.dmp	xmrig
behavioral2/memory/3872-2368-0x00007FF7A6370000-0x00007FF7A6762000-memory.dmp	xmrig
behavioral2/memory/2704-2366-0x00007FF72E5D0000-0x00007FF72E9C2000-memory.dmp	xmrig
behavioral2/memory/1672-2364-0x00007FF7589B0000-0x00007FF758DA2000-memory.dmp	xmrig
behavioral2/memory/1036-2359-0x00007FF61EA50000-0x00007FF61EE42000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

7 2840 powershell.exe
9 2840 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2840 powershell.exe

flow	pid	process
7	2840	powershell.exe
9	2840	powershell.exe

pid	process
2840	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

ykBgsJa.exepHNBabU.exeRwuTQwp.exeTVtGIDA.exeYmPzZNJ.exeBwlZEqz.exetYPtkub.exelLhJoPk.exesUTURkR.exefhgITgd.exeiXukbgW.exeCRQouOU.exevWelabe.exeEvvsuRR.exeQTbLxMi.exejowGnfT.exepViiyuM.exeoYoMqso.exeBMrfWeS.exejxgGpny.exeXxXhJtg.exeufsdUgP.exeuHgpvrP.exeZynhovU.exezGaOiJv.exexbwVVWR.exeIxfOSyR.exeuvmQoFi.exesLuAcrn.execxdXUpH.exeMHnEPlM.exeRRNlJIY.exeqVHRjXw.exeqtpZDLx.exeYSmPlkT.exeEEZgxVK.exexwiuivw.exeskksWQR.exeGxvihnx.exebrxqnzy.exehbjRtqv.exelDFqVRN.exeOwkcezO.exePRgzDbw.exeSwxJUlg.exeDjxkJJC.exekHYyNPL.exeSAOJSwb.exepyeattj.exeyzpwGap.exemkCQjci.exeROzepGf.exeUKSqIar.exewEVrzfO.exefPPbJcn.exeofcXOIv.exeCiflKph.exejSMBDIw.exePgkDrgv.exeBVlZuAt.exedGhVVeK.exeHYBItou.exeLQVVQRm.exeBQophcQ.exe

pid	process
1272	ykBgsJa.exe
1588	pHNBabU.exe
1732	RwuTQwp.exe
2400	TVtGIDA.exe
3060	YmPzZNJ.exe
4488	BwlZEqz.exe
1980	tYPtkub.exe
5112	lLhJoPk.exe
2828	sUTURkR.exe
3660	fhgITgd.exe
2292	iXukbgW.exe
836	CRQouOU.exe
2604	vWelabe.exe
4360	EvvsuRR.exe
1252	QTbLxMi.exe
2924	jowGnfT.exe
1576	pViiyuM.exe
1036	oYoMqso.exe
2704	BMrfWeS.exe
1672	jxgGpny.exe
2068	XxXhJtg.exe
1500	ufsdUgP.exe
3156	uHgpvrP.exe
3872	ZynhovU.exe
928	zGaOiJv.exe
4252	xbwVVWR.exe
3548	IxfOSyR.exe
4072	uvmQoFi.exe
3472	sLuAcrn.exe
4920	cxdXUpH.exe
3736	MHnEPlM.exe
1228	RRNlJIY.exe
4480	qVHRjXw.exe
3844	qtpZDLx.exe
528	YSmPlkT.exe
4404	EEZgxVK.exe
2884	xwiuivw.exe
4708	skksWQR.exe
2600	Gxvihnx.exe
1528	brxqnzy.exe
3692	hbjRtqv.exe
3620	lDFqVRN.exe
3116	OwkcezO.exe
1952	PRgzDbw.exe
1048	SwxJUlg.exe
2988	DjxkJJC.exe
3960	kHYyNPL.exe
4840	SAOJSwb.exe
1104	pyeattj.exe
4344	yzpwGap.exe
216	mkCQjci.exe
4712	ROzepGf.exe
4056	UKSqIar.exe
4412	wEVrzfO.exe
640	fPPbJcn.exe
4608	ofcXOIv.exe
2864	CiflKph.exe
1640	jSMBDIw.exe
4144	PgkDrgv.exe
4448	BVlZuAt.exe
2700	dGhVVeK.exe
5128	HYBItou.exe
5160	LQVVQRm.exe
5184	BQophcQ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4456-0-0x00007FF76CAD0000-0x00007FF76CEC2000-memory.dmp	upx
C:\Windows\System\ykBgsJa.exe	upx
behavioral2/memory/1272-9-0x00007FF799220000-0x00007FF799612000-memory.dmp	upx
C:\Windows\System\RwuTQwp.exe	upx
behavioral2/memory/1732-30-0x00007FF781800000-0x00007FF781BF2000-memory.dmp	upx
behavioral2/memory/2400-37-0x00007FF6311D0000-0x00007FF6315C2000-memory.dmp	upx
C:\Windows\System\tYPtkub.exe	upx
C:\Windows\System\TVtGIDA.exe	upx
C:\Windows\System\BwlZEqz.exe	upx
C:\Windows\System\YmPzZNJ.exe	upx
C:\Windows\System\pHNBabU.exe	upx
C:\Windows\System\vWelabe.exe	upx
C:\Windows\System\iXukbgW.exe	upx
C:\Windows\System\QTbLxMi.exe	upx
C:\Windows\System\jowGnfT.exe	upx
C:\Windows\System\pViiyuM.exe	upx
behavioral2/memory/1576-117-0x00007FF7DA120000-0x00007FF7DA512000-memory.dmp	upx
C:\Windows\System\oYoMqso.exe	upx
C:\Windows\System\XxXhJtg.exe	upx
C:\Windows\System\cxdXUpH.exe	upx
C:\Windows\System\MHnEPlM.exe	upx
behavioral2/memory/1036-336-0x00007FF61EA50000-0x00007FF61EE42000-memory.dmp	upx
behavioral2/memory/1672-338-0x00007FF7589B0000-0x00007FF758DA2000-memory.dmp	upx
behavioral2/memory/2068-339-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp	upx
behavioral2/memory/2704-337-0x00007FF72E5D0000-0x00007FF72E9C2000-memory.dmp	upx
behavioral2/memory/1500-340-0x00007FF6C2D00000-0x00007FF6C30F2000-memory.dmp	upx
behavioral2/memory/3156-341-0x00007FF628650000-0x00007FF628A42000-memory.dmp	upx
behavioral2/memory/3872-342-0x00007FF7A6370000-0x00007FF7A6762000-memory.dmp	upx
C:\Windows\System\qVHRjXw.exe	upx
C:\Windows\System\RRNlJIY.exe	upx
C:\Windows\System\sLuAcrn.exe	upx
C:\Windows\System\uvmQoFi.exe	upx
C:\Windows\System\IxfOSyR.exe	upx
C:\Windows\System\xbwVVWR.exe	upx
C:\Windows\System\zGaOiJv.exe	upx
C:\Windows\System\ZynhovU.exe	upx
C:\Windows\System\uHgpvrP.exe	upx
C:\Windows\System\ufsdUgP.exe	upx
C:\Windows\System\jxgGpny.exe	upx
C:\Windows\System\BMrfWeS.exe	upx
behavioral2/memory/2924-116-0x00007FF654320000-0x00007FF654712000-memory.dmp	upx
behavioral2/memory/4360-115-0x00007FF63B110000-0x00007FF63B502000-memory.dmp	upx
behavioral2/memory/2292-112-0x00007FF7FC8D0000-0x00007FF7FCCC2000-memory.dmp	upx
behavioral2/memory/2828-111-0x00007FF70CED0000-0x00007FF70D2C2000-memory.dmp	upx
behavioral2/memory/1252-108-0x00007FF686960000-0x00007FF686D52000-memory.dmp	upx
behavioral2/memory/2604-106-0x00007FF6773B0000-0x00007FF6777A2000-memory.dmp	upx
behavioral2/memory/836-100-0x00007FF742AE0000-0x00007FF742ED2000-memory.dmp	upx
behavioral2/memory/3660-99-0x00007FF653E80000-0x00007FF654272000-memory.dmp	upx
C:\Windows\System\EvvsuRR.exe	upx
behavioral2/memory/5112-91-0x00007FF78E500000-0x00007FF78E8F2000-memory.dmp	upx
C:\Windows\System\fhgITgd.exe	upx
behavioral2/memory/4488-81-0x00007FF7B47B0000-0x00007FF7B4BA2000-memory.dmp	upx
C:\Windows\System\sUTURkR.exe	upx
C:\Windows\System\CRQouOU.exe	upx
behavioral2/memory/3060-73-0x00007FF7EF010000-0x00007FF7EF402000-memory.dmp	upx
C:\Windows\System\lLhJoPk.exe	upx
behavioral2/memory/1588-72-0x00007FF667160000-0x00007FF667552000-memory.dmp	upx
behavioral2/memory/1980-58-0x00007FF7F3DB0000-0x00007FF7F41A2000-memory.dmp	upx
behavioral2/memory/1272-2271-0x00007FF799220000-0x00007FF799612000-memory.dmp	upx
behavioral2/memory/1732-2273-0x00007FF781800000-0x00007FF781BF2000-memory.dmp	upx
behavioral2/memory/2400-2274-0x00007FF6311D0000-0x00007FF6315C2000-memory.dmp	upx
behavioral2/memory/1980-2275-0x00007FF7F3DB0000-0x00007FF7F41A2000-memory.dmp	upx
behavioral2/memory/1272-2324-0x00007FF799220000-0x00007FF799612000-memory.dmp	upx
behavioral2/memory/1588-2326-0x00007FF667160000-0x00007FF667552000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

6 raw.githubusercontent.com
7 raw.githubusercontent.com

flow	ioc
6	raw.githubusercontent.com
7	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\ILovINQ.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\LFJcyxD.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\hZVJtQJ.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\gPMvcEu.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\lIsdlGG.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\GeFVITa.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\PfukNnv.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\hIEtOoh.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\JFJBfGb.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\WDlrOLB.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\sQhyyDW.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\iFZqfhK.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\IRilljt.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\VtEIJEK.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\qsRTLiq.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\yWjQoGo.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\rCPyNkK.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\wCIxhHy.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\vnSEOuY.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\OsvWHqI.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\dwAOMQX.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\mkCQjci.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\vJaVAKv.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\OLxJvZe.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\ZmaaGkh.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\nJCnOMO.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\nouqIPV.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\YxaRdvh.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\DiYbfRF.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\geuJpqv.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\nkEYsFg.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\BoyqzwS.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\toTlATE.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\gIjmsLg.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\jygEEsc.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\jHKNqRk.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\DCmCdUq.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\PxtETyr.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\wpSzmPA.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\xEPhAFT.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\lKgWoEv.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\uqPlaUS.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\HtGzgzu.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\QGsnUhN.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\LQVVQRm.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\xuKqdRh.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\SprwrvS.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\JePmdRj.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\GjxAXYN.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\mroEHvM.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\byVJVlv.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\QTbLxMi.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\SfSSwrU.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\ikAakFL.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\zqsOdWX.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\ApJERHc.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\JpMKvhA.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\dUrCuDs.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\xbwVVWR.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\TpBylqq.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\TVsNLYC.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\EqeZBid.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\pViiyuM.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
File created	C:\Windows\System\dyqeVUd.exe	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

2840 powershell.exe
2840 powershell.exe
2840 powershell.exe

pid	process
2840	powershell.exe
2840	powershell.exe
2840	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
Token: SeDebugPrivilege	2840	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe

description	pid	process	target process
PID 4456 wrote to memory of 2840	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	powershell.exe
PID 4456 wrote to memory of 2840	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	powershell.exe
PID 4456 wrote to memory of 1272	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	ykBgsJa.exe
PID 4456 wrote to memory of 1272	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	ykBgsJa.exe
PID 4456 wrote to memory of 1588	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	pHNBabU.exe
PID 4456 wrote to memory of 1588	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	pHNBabU.exe
PID 4456 wrote to memory of 1732	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	RwuTQwp.exe
PID 4456 wrote to memory of 1732	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	RwuTQwp.exe
PID 4456 wrote to memory of 2400	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	TVtGIDA.exe
PID 4456 wrote to memory of 2400	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	TVtGIDA.exe
PID 4456 wrote to memory of 3060	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	YmPzZNJ.exe
PID 4456 wrote to memory of 3060	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	YmPzZNJ.exe
PID 4456 wrote to memory of 4488	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	BwlZEqz.exe
PID 4456 wrote to memory of 4488	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	BwlZEqz.exe
PID 4456 wrote to memory of 1980	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	tYPtkub.exe
PID 4456 wrote to memory of 1980	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	tYPtkub.exe
PID 4456 wrote to memory of 5112	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	lLhJoPk.exe
PID 4456 wrote to memory of 5112	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	lLhJoPk.exe
PID 4456 wrote to memory of 2828	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	sUTURkR.exe
PID 4456 wrote to memory of 2828	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	sUTURkR.exe
PID 4456 wrote to memory of 3660	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	fhgITgd.exe
PID 4456 wrote to memory of 3660	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	fhgITgd.exe
PID 4456 wrote to memory of 2292	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	iXukbgW.exe
PID 4456 wrote to memory of 2292	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	iXukbgW.exe
PID 4456 wrote to memory of 836	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	CRQouOU.exe
PID 4456 wrote to memory of 836	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	CRQouOU.exe
PID 4456 wrote to memory of 2604	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	vWelabe.exe
PID 4456 wrote to memory of 2604	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	vWelabe.exe
PID 4456 wrote to memory of 4360	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	EvvsuRR.exe
PID 4456 wrote to memory of 4360	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	EvvsuRR.exe
PID 4456 wrote to memory of 1252	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	QTbLxMi.exe
PID 4456 wrote to memory of 1252	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	QTbLxMi.exe
PID 4456 wrote to memory of 2924	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	jowGnfT.exe
PID 4456 wrote to memory of 2924	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	jowGnfT.exe
PID 4456 wrote to memory of 1576	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	pViiyuM.exe
PID 4456 wrote to memory of 1576	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	pViiyuM.exe
PID 4456 wrote to memory of 1036	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	oYoMqso.exe
PID 4456 wrote to memory of 1036	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	oYoMqso.exe
PID 4456 wrote to memory of 2704	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	BMrfWeS.exe
PID 4456 wrote to memory of 2704	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	BMrfWeS.exe
PID 4456 wrote to memory of 1672	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	jxgGpny.exe
PID 4456 wrote to memory of 1672	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	jxgGpny.exe
PID 4456 wrote to memory of 2068	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	XxXhJtg.exe
PID 4456 wrote to memory of 2068	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	XxXhJtg.exe
PID 4456 wrote to memory of 1500	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	ufsdUgP.exe
PID 4456 wrote to memory of 1500	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	ufsdUgP.exe
PID 4456 wrote to memory of 3156	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	uHgpvrP.exe
PID 4456 wrote to memory of 3156	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	uHgpvrP.exe
PID 4456 wrote to memory of 3872	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	ZynhovU.exe
PID 4456 wrote to memory of 3872	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	ZynhovU.exe
PID 4456 wrote to memory of 928	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	zGaOiJv.exe
PID 4456 wrote to memory of 928	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	zGaOiJv.exe
PID 4456 wrote to memory of 4252	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	xbwVVWR.exe
PID 4456 wrote to memory of 4252	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	xbwVVWR.exe
PID 4456 wrote to memory of 3548	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	IxfOSyR.exe
PID 4456 wrote to memory of 3548	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	IxfOSyR.exe
PID 4456 wrote to memory of 4072	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	uvmQoFi.exe
PID 4456 wrote to memory of 4072	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	uvmQoFi.exe
PID 4456 wrote to memory of 3472	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	sLuAcrn.exe
PID 4456 wrote to memory of 3472	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	sLuAcrn.exe
PID 4456 wrote to memory of 4920	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	cxdXUpH.exe
PID 4456 wrote to memory of 4920	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	cxdXUpH.exe
PID 4456 wrote to memory of 3736	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	MHnEPlM.exe
PID 4456 wrote to memory of 3736	4456	75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe	MHnEPlM.exe

C:\Users\Admin\AppData\Local\Temp\75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75fc81cd74065ea5df0ecdcb5a1b41c0_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4456

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2840

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "2840" "2960" "2900" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"
3⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:4112

C:\Windows\System\ykBgsJa.exe
C:\Windows\System\ykBgsJa.exe
2⤵
- Executes dropped EXE
PID:1272

C:\Windows\System\pHNBabU.exe
C:\Windows\System\pHNBabU.exe
2⤵
- Executes dropped EXE
PID:1588

C:\Windows\System\RwuTQwp.exe
C:\Windows\System\RwuTQwp.exe
2⤵
- Executes dropped EXE
PID:1732

C:\Windows\System\TVtGIDA.exe
C:\Windows\System\TVtGIDA.exe
2⤵
- Executes dropped EXE
PID:2400

C:\Windows\System\YmPzZNJ.exe
C:\Windows\System\YmPzZNJ.exe
2⤵
- Executes dropped EXE
PID:3060

C:\Windows\System\BwlZEqz.exe
C:\Windows\System\BwlZEqz.exe
2⤵
- Executes dropped EXE
PID:4488

C:\Windows\System\tYPtkub.exe
C:\Windows\System\tYPtkub.exe
2⤵
- Executes dropped EXE
PID:1980

C:\Windows\System\lLhJoPk.exe
C:\Windows\System\lLhJoPk.exe
2⤵
- Executes dropped EXE
PID:5112

C:\Windows\System\sUTURkR.exe
C:\Windows\System\sUTURkR.exe
2⤵
- Executes dropped EXE
PID:2828

C:\Windows\System\fhgITgd.exe
C:\Windows\System\fhgITgd.exe
2⤵
- Executes dropped EXE
PID:3660

C:\Windows\System\iXukbgW.exe
C:\Windows\System\iXukbgW.exe
2⤵
- Executes dropped EXE
PID:2292

C:\Windows\System\CRQouOU.exe
C:\Windows\System\CRQouOU.exe
2⤵
- Executes dropped EXE
PID:836

C:\Windows\System\vWelabe.exe
C:\Windows\System\vWelabe.exe
2⤵
- Executes dropped EXE
PID:2604

C:\Windows\System\EvvsuRR.exe
C:\Windows\System\EvvsuRR.exe
2⤵
- Executes dropped EXE
PID:4360

C:\Windows\System\QTbLxMi.exe
C:\Windows\System\QTbLxMi.exe
2⤵
- Executes dropped EXE
PID:1252

C:\Windows\System\jowGnfT.exe
C:\Windows\System\jowGnfT.exe
2⤵
- Executes dropped EXE
PID:2924

C:\Windows\System\pViiyuM.exe
C:\Windows\System\pViiyuM.exe
2⤵
- Executes dropped EXE
PID:1576

C:\Windows\System\oYoMqso.exe
C:\Windows\System\oYoMqso.exe
2⤵
- Executes dropped EXE
PID:1036

C:\Windows\System\BMrfWeS.exe
C:\Windows\System\BMrfWeS.exe
2⤵
- Executes dropped EXE
PID:2704

C:\Windows\System\jxgGpny.exe
C:\Windows\System\jxgGpny.exe
2⤵
- Executes dropped EXE
PID:1672

C:\Windows\System\XxXhJtg.exe
C:\Windows\System\XxXhJtg.exe
2⤵
- Executes dropped EXE
PID:2068

C:\Windows\System\ufsdUgP.exe
C:\Windows\System\ufsdUgP.exe
2⤵
- Executes dropped EXE
PID:1500

C:\Windows\System\uHgpvrP.exe
C:\Windows\System\uHgpvrP.exe
2⤵
- Executes dropped EXE
PID:3156

C:\Windows\System\ZynhovU.exe
C:\Windows\System\ZynhovU.exe
2⤵
- Executes dropped EXE
PID:3872

C:\Windows\System\zGaOiJv.exe
C:\Windows\System\zGaOiJv.exe
2⤵
- Executes dropped EXE
PID:928

C:\Windows\System\xbwVVWR.exe
C:\Windows\System\xbwVVWR.exe
2⤵
- Executes dropped EXE
PID:4252

C:\Windows\System\IxfOSyR.exe
C:\Windows\System\IxfOSyR.exe
2⤵
- Executes dropped EXE
PID:3548

C:\Windows\System\uvmQoFi.exe
C:\Windows\System\uvmQoFi.exe
2⤵
- Executes dropped EXE
PID:4072

C:\Windows\System\sLuAcrn.exe
C:\Windows\System\sLuAcrn.exe
2⤵
- Executes dropped EXE
PID:3472

C:\Windows\System\cxdXUpH.exe
C:\Windows\System\cxdXUpH.exe
2⤵
- Executes dropped EXE
PID:4920

C:\Windows\System\MHnEPlM.exe
C:\Windows\System\MHnEPlM.exe
2⤵
- Executes dropped EXE
PID:3736

C:\Windows\System\RRNlJIY.exe
C:\Windows\System\RRNlJIY.exe
2⤵
- Executes dropped EXE
PID:1228

C:\Windows\System\qVHRjXw.exe
C:\Windows\System\qVHRjXw.exe
2⤵
- Executes dropped EXE
PID:4480

C:\Windows\System\qtpZDLx.exe
C:\Windows\System\qtpZDLx.exe
2⤵
- Executes dropped EXE
PID:3844

C:\Windows\System\YSmPlkT.exe
C:\Windows\System\YSmPlkT.exe
2⤵
- Executes dropped EXE
PID:528

C:\Windows\System\EEZgxVK.exe
C:\Windows\System\EEZgxVK.exe
2⤵
- Executes dropped EXE
PID:4404

C:\Windows\System\xwiuivw.exe
C:\Windows\System\xwiuivw.exe
2⤵
- Executes dropped EXE
PID:2884

C:\Windows\System\skksWQR.exe
C:\Windows\System\skksWQR.exe
2⤵
- Executes dropped EXE
PID:4708

C:\Windows\System\Gxvihnx.exe
C:\Windows\System\Gxvihnx.exe
2⤵
- Executes dropped EXE
PID:2600

C:\Windows\System\brxqnzy.exe
C:\Windows\System\brxqnzy.exe
2⤵
- Executes dropped EXE
PID:1528

C:\Windows\System\hbjRtqv.exe
C:\Windows\System\hbjRtqv.exe
2⤵
- Executes dropped EXE
PID:3692

C:\Windows\System\lDFqVRN.exe
C:\Windows\System\lDFqVRN.exe
2⤵
- Executes dropped EXE
PID:3620

C:\Windows\System\OwkcezO.exe
C:\Windows\System\OwkcezO.exe
2⤵
- Executes dropped EXE
PID:3116

C:\Windows\System\PRgzDbw.exe
C:\Windows\System\PRgzDbw.exe
2⤵
- Executes dropped EXE
PID:1952

C:\Windows\System\SwxJUlg.exe
C:\Windows\System\SwxJUlg.exe
2⤵
- Executes dropped EXE
PID:1048

C:\Windows\System\DjxkJJC.exe
C:\Windows\System\DjxkJJC.exe
2⤵
- Executes dropped EXE
PID:2988

C:\Windows\System\kHYyNPL.exe
C:\Windows\System\kHYyNPL.exe
2⤵
- Executes dropped EXE
PID:3960

C:\Windows\System\SAOJSwb.exe
C:\Windows\System\SAOJSwb.exe
2⤵
- Executes dropped EXE
PID:4840

C:\Windows\System\pyeattj.exe
C:\Windows\System\pyeattj.exe
2⤵
- Executes dropped EXE
PID:1104

C:\Windows\System\yzpwGap.exe
C:\Windows\System\yzpwGap.exe
2⤵
- Executes dropped EXE
PID:4344

C:\Windows\System\mkCQjci.exe
C:\Windows\System\mkCQjci.exe
2⤵
- Executes dropped EXE
PID:216

C:\Windows\System\ROzepGf.exe
C:\Windows\System\ROzepGf.exe
2⤵
- Executes dropped EXE
PID:4712

C:\Windows\System\UKSqIar.exe
C:\Windows\System\UKSqIar.exe
2⤵
- Executes dropped EXE
PID:4056

C:\Windows\System\wEVrzfO.exe
C:\Windows\System\wEVrzfO.exe
2⤵
- Executes dropped EXE
PID:4412

C:\Windows\System\fPPbJcn.exe
C:\Windows\System\fPPbJcn.exe
2⤵
- Executes dropped EXE
PID:640

C:\Windows\System\ofcXOIv.exe
C:\Windows\System\ofcXOIv.exe
2⤵
- Executes dropped EXE
PID:4608

C:\Windows\System\CiflKph.exe
C:\Windows\System\CiflKph.exe
2⤵
- Executes dropped EXE
PID:2864

C:\Windows\System\jSMBDIw.exe
C:\Windows\System\jSMBDIw.exe
2⤵
- Executes dropped EXE
PID:1640

C:\Windows\System\PgkDrgv.exe
C:\Windows\System\PgkDrgv.exe
2⤵
- Executes dropped EXE
PID:4144

C:\Windows\System\BVlZuAt.exe
C:\Windows\System\BVlZuAt.exe
2⤵
- Executes dropped EXE
PID:4448

C:\Windows\System\dGhVVeK.exe
C:\Windows\System\dGhVVeK.exe
2⤵
- Executes dropped EXE
PID:2700

C:\Windows\System\HYBItou.exe
C:\Windows\System\HYBItou.exe
2⤵
- Executes dropped EXE
PID:5128

C:\Windows\System\LQVVQRm.exe
C:\Windows\System\LQVVQRm.exe
2⤵
- Executes dropped EXE
PID:5160

C:\Windows\System\BQophcQ.exe
C:\Windows\System\BQophcQ.exe
2⤵
- Executes dropped EXE
PID:5184

C:\Windows\System\CgRQkwG.exe
C:\Windows\System\CgRQkwG.exe
2⤵
PID:5212

C:\Windows\System\SeQWKPv.exe
C:\Windows\System\SeQWKPv.exe
2⤵
PID:5240

C:\Windows\System\yTOxYjr.exe
C:\Windows\System\yTOxYjr.exe
2⤵
PID:5264

C:\Windows\System\iBRDiZI.exe
C:\Windows\System\iBRDiZI.exe
2⤵
PID:5296

C:\Windows\System\knfenbz.exe
C:\Windows\System\knfenbz.exe
2⤵
PID:5324

C:\Windows\System\Hkhlbam.exe
C:\Windows\System\Hkhlbam.exe
2⤵
PID:5352

C:\Windows\System\bPbgzWy.exe
C:\Windows\System\bPbgzWy.exe
2⤵
PID:5384

C:\Windows\System\CkerSpE.exe
C:\Windows\System\CkerSpE.exe
2⤵
PID:5412

C:\Windows\System\MBGhxQW.exe
C:\Windows\System\MBGhxQW.exe
2⤵
PID:5436

C:\Windows\System\YJtTwOY.exe
C:\Windows\System\YJtTwOY.exe
2⤵
PID:5468

C:\Windows\System\TToRvBa.exe
C:\Windows\System\TToRvBa.exe
2⤵
PID:5496

C:\Windows\System\rHLiDPG.exe
C:\Windows\System\rHLiDPG.exe
2⤵
PID:5524

C:\Windows\System\xJSLszx.exe
C:\Windows\System\xJSLszx.exe
2⤵
PID:5552

C:\Windows\System\TudLfVQ.exe
C:\Windows\System\TudLfVQ.exe
2⤵
PID:5580

C:\Windows\System\SsAZCzN.exe
C:\Windows\System\SsAZCzN.exe
2⤵
PID:5608

C:\Windows\System\SERSUqF.exe
C:\Windows\System\SERSUqF.exe
2⤵
PID:5636

C:\Windows\System\PQxxhts.exe
C:\Windows\System\PQxxhts.exe
2⤵
PID:5660

C:\Windows\System\dLnRNRR.exe
C:\Windows\System\dLnRNRR.exe
2⤵
PID:5748

C:\Windows\System\cNOKrzC.exe
C:\Windows\System\cNOKrzC.exe
2⤵
PID:5772

C:\Windows\System\ejgblXp.exe
C:\Windows\System\ejgblXp.exe
2⤵
PID:5796

C:\Windows\System\yuCCGrI.exe
C:\Windows\System\yuCCGrI.exe
2⤵
PID:5812

C:\Windows\System\hKuoDEi.exe
C:\Windows\System\hKuoDEi.exe
2⤵
PID:5828

C:\Windows\System\mvzIMRr.exe
C:\Windows\System\mvzIMRr.exe
2⤵
PID:5848

C:\Windows\System\XngeJCX.exe
C:\Windows\System\XngeJCX.exe
2⤵
PID:5864

C:\Windows\System\lLMeDWK.exe
C:\Windows\System\lLMeDWK.exe
2⤵
PID:5896

C:\Windows\System\jHKNqRk.exe
C:\Windows\System\jHKNqRk.exe
2⤵
PID:5952

C:\Windows\System\arCXuRc.exe
C:\Windows\System\arCXuRc.exe
2⤵
PID:5968

C:\Windows\System\hBbCTOp.exe
C:\Windows\System\hBbCTOp.exe
2⤵
PID:6032

C:\Windows\System\WWeKtbM.exe
C:\Windows\System\WWeKtbM.exe
2⤵
PID:6064

C:\Windows\System\SBCOLaH.exe
C:\Windows\System\SBCOLaH.exe
2⤵
PID:6124

C:\Windows\System\TzdwQUH.exe
C:\Windows\System\TzdwQUH.exe
2⤵
PID:4400

C:\Windows\System\LVlLHmM.exe
C:\Windows\System\LVlLHmM.exe
2⤵
PID:2848

C:\Windows\System\QldUFoe.exe
C:\Windows\System\QldUFoe.exe
2⤵
PID:3788

C:\Windows\System\RSaWOaa.exe
C:\Windows\System\RSaWOaa.exe
2⤵
PID:3096

C:\Windows\System\LvxJYSm.exe
C:\Windows\System\LvxJYSm.exe
2⤵
PID:812

C:\Windows\System\wArHudZ.exe
C:\Windows\System\wArHudZ.exe
2⤵
PID:5180

C:\Windows\System\ZBesexI.exe
C:\Windows\System\ZBesexI.exe
2⤵
PID:5228

C:\Windows\System\vVWsfKu.exe
C:\Windows\System\vVWsfKu.exe
2⤵
PID:5280

C:\Windows\System\DGDeIzN.exe
C:\Windows\System\DGDeIzN.exe
2⤵
PID:5316

C:\Windows\System\PiwEpJd.exe
C:\Windows\System\PiwEpJd.exe
2⤵
PID:5424

C:\Windows\System\YSSTdRd.exe
C:\Windows\System\YSSTdRd.exe
2⤵
PID:5460

C:\Windows\System\yzSEPTi.exe
C:\Windows\System\yzSEPTi.exe
2⤵
PID:5512

C:\Windows\System\WFSrAiH.exe
C:\Windows\System\WFSrAiH.exe
2⤵
PID:4236

C:\Windows\System\DCmCdUq.exe
C:\Windows\System\DCmCdUq.exe
2⤵
PID:5540

C:\Windows\System\zlbgSEX.exe
C:\Windows\System\zlbgSEX.exe
2⤵
PID:5652

C:\Windows\System\hZLhSla.exe
C:\Windows\System\hZLhSla.exe
2⤵
PID:5700

C:\Windows\System\nRunkUM.exe
C:\Windows\System\nRunkUM.exe
2⤵
PID:2660

C:\Windows\System\dVoTEsi.exe
C:\Windows\System\dVoTEsi.exe
2⤵
PID:4808

C:\Windows\System\QSWMPKd.exe
C:\Windows\System\QSWMPKd.exe
2⤵
PID:2276

C:\Windows\System\VIGFsaW.exe
C:\Windows\System\VIGFsaW.exe
2⤵
PID:3468

C:\Windows\System\DGPXyoi.exe
C:\Windows\System\DGPXyoi.exe
2⤵
PID:5108

C:\Windows\System\pMwPTBQ.exe
C:\Windows\System\pMwPTBQ.exe
2⤵
PID:2168

C:\Windows\System\MCqKaQR.exe
C:\Windows\System\MCqKaQR.exe
2⤵
PID:4976

C:\Windows\System\VYpJgms.exe
C:\Windows\System\VYpJgms.exe
2⤵
PID:5784

C:\Windows\System\ChdTSZU.exe
C:\Windows\System\ChdTSZU.exe
2⤵
PID:5768

C:\Windows\System\QVooSeU.exe
C:\Windows\System\QVooSeU.exe
2⤵
PID:5844

C:\Windows\System\TdFnuls.exe
C:\Windows\System\TdFnuls.exe
2⤵
PID:5872

C:\Windows\System\dyqeVUd.exe
C:\Windows\System\dyqeVUd.exe
2⤵
PID:6000

C:\Windows\System\YCsrYwo.exe
C:\Windows\System\YCsrYwo.exe
2⤵
PID:6052

C:\Windows\System\QZGwQhM.exe
C:\Windows\System\QZGwQhM.exe
2⤵
PID:4172

C:\Windows\System\tCUuxRG.exe
C:\Windows\System\tCUuxRG.exe
2⤵
PID:6108

C:\Windows\System\YjeIoFH.exe
C:\Windows\System\YjeIoFH.exe
2⤵
PID:1476

C:\Windows\System\zxhADuD.exe
C:\Windows\System\zxhADuD.exe
2⤵
PID:516

C:\Windows\System\LItVpHN.exe
C:\Windows\System\LItVpHN.exe
2⤵
PID:2876

C:\Windows\System\ZVlHUDO.exe
C:\Windows\System\ZVlHUDO.exe
2⤵
PID:5044

C:\Windows\System\nkEYsFg.exe
C:\Windows\System\nkEYsFg.exe
2⤵
PID:5256

C:\Windows\System\kVEHeAh.exe
C:\Windows\System\kVEHeAh.exe
2⤵
PID:5400

C:\Windows\System\nOBWhoR.exe
C:\Windows\System\nOBWhoR.exe
2⤵
PID:5508

C:\Windows\System\cpkygqF.exe
C:\Windows\System\cpkygqF.exe
2⤵
PID:5564

C:\Windows\System\XFBgHSR.exe
C:\Windows\System\XFBgHSR.exe
2⤵
PID:2556

C:\Windows\System\eXShfCy.exe
C:\Windows\System\eXShfCy.exe
2⤵
PID:4684

C:\Windows\System\kRsRHCu.exe
C:\Windows\System\kRsRHCu.exe
2⤵
PID:3980

C:\Windows\System\hHtMYjc.exe
C:\Windows\System\hHtMYjc.exe
2⤵
PID:1248

C:\Windows\System\AADPMVy.exe
C:\Windows\System\AADPMVy.exe
2⤵
PID:5884

C:\Windows\System\sATPJlg.exe
C:\Windows\System\sATPJlg.exe
2⤵
PID:6008

C:\Windows\System\LywbxLw.exe
C:\Windows\System\LywbxLw.exe
2⤵
PID:4536

C:\Windows\System\gbEexoG.exe
C:\Windows\System\gbEexoG.exe
2⤵
PID:3656

C:\Windows\System\VfKhlsA.exe
C:\Windows\System\VfKhlsA.exe
2⤵
PID:4312

C:\Windows\System\ijTcrax.exe
C:\Windows\System\ijTcrax.exe
2⤵
PID:876

C:\Windows\System\RprarHK.exe
C:\Windows\System\RprarHK.exe
2⤵
PID:5728

C:\Windows\System\UFqHhMg.exe
C:\Windows\System\UFqHhMg.exe
2⤵
PID:5596

C:\Windows\System\uqPlaUS.exe
C:\Windows\System\uqPlaUS.exe
2⤵
PID:5012

C:\Windows\System\YxaRdvh.exe
C:\Windows\System\YxaRdvh.exe
2⤵
PID:5996

C:\Windows\System\bJjiqjk.exe
C:\Windows\System\bJjiqjk.exe
2⤵
PID:6140

C:\Windows\System\JqqowVQ.exe
C:\Windows\System\JqqowVQ.exe
2⤵
PID:900

C:\Windows\System\jDfJaEq.exe
C:\Windows\System\jDfJaEq.exe
2⤵
PID:2808

C:\Windows\System\UPNJQaE.exe
C:\Windows\System\UPNJQaE.exe
2⤵
PID:5716

C:\Windows\System\MbngkeI.exe
C:\Windows\System\MbngkeI.exe
2⤵
PID:6204

C:\Windows\System\BtlQkWV.exe
C:\Windows\System\BtlQkWV.exe
2⤵
PID:6236

C:\Windows\System\ZXNFJZT.exe
C:\Windows\System\ZXNFJZT.exe
2⤵
PID:6256

C:\Windows\System\vJaVAKv.exe
C:\Windows\System\vJaVAKv.exe
2⤵
PID:6276

C:\Windows\System\nZHiKcM.exe
C:\Windows\System\nZHiKcM.exe
2⤵
PID:6296

C:\Windows\System\VoUTsAV.exe
C:\Windows\System\VoUTsAV.exe
2⤵
PID:6312

C:\Windows\System\WeSoiOJ.exe
C:\Windows\System\WeSoiOJ.exe
2⤵
PID:6356

C:\Windows\System\oquqhDj.exe
C:\Windows\System\oquqhDj.exe
2⤵
PID:6376

C:\Windows\System\pQulfaD.exe
C:\Windows\System\pQulfaD.exe
2⤵
PID:6416

C:\Windows\System\sgurXkR.exe
C:\Windows\System\sgurXkR.exe
2⤵
PID:6444

C:\Windows\System\cilQAbH.exe
C:\Windows\System\cilQAbH.exe
2⤵
PID:6460

C:\Windows\System\TDZzBWL.exe
C:\Windows\System\TDZzBWL.exe
2⤵
PID:6500

C:\Windows\System\TDoWyJA.exe
C:\Windows\System\TDoWyJA.exe
2⤵
PID:6516

C:\Windows\System\mGYKkOA.exe
C:\Windows\System\mGYKkOA.exe
2⤵
PID:6540

C:\Windows\System\UfAGZIY.exe
C:\Windows\System\UfAGZIY.exe
2⤵
PID:6560

C:\Windows\System\VeVBLrV.exe
C:\Windows\System\VeVBLrV.exe
2⤵
PID:6580

C:\Windows\System\GENXwED.exe
C:\Windows\System\GENXwED.exe
2⤵
PID:6608

C:\Windows\System\ILovINQ.exe
C:\Windows\System\ILovINQ.exe
2⤵
PID:6636

C:\Windows\System\bKwGQzy.exe
C:\Windows\System\bKwGQzy.exe
2⤵
PID:6656

C:\Windows\System\PxtETyr.exe
C:\Windows\System\PxtETyr.exe
2⤵
PID:6676

C:\Windows\System\mkfAfMV.exe
C:\Windows\System\mkfAfMV.exe
2⤵
PID:6696

C:\Windows\System\YRjbdbU.exe
C:\Windows\System\YRjbdbU.exe
2⤵
PID:6732

C:\Windows\System\qEDUEEr.exe
C:\Windows\System\qEDUEEr.exe
2⤵
PID:6756

C:\Windows\System\YxTOzEr.exe
C:\Windows\System\YxTOzEr.exe
2⤵
PID:6796

C:\Windows\System\IRihkqp.exe
C:\Windows\System\IRihkqp.exe
2⤵
PID:6868

C:\Windows\System\icRBFLl.exe
C:\Windows\System\icRBFLl.exe
2⤵
PID:6896

C:\Windows\System\QERusXV.exe
C:\Windows\System\QERusXV.exe
2⤵
PID:6920

C:\Windows\System\hYOvcSg.exe
C:\Windows\System\hYOvcSg.exe
2⤵
PID:6944

C:\Windows\System\XLZKSTV.exe
C:\Windows\System\XLZKSTV.exe
2⤵
PID:6972

C:\Windows\System\rCPyNkK.exe
C:\Windows\System\rCPyNkK.exe
2⤵
PID:7032

C:\Windows\System\wCIxhHy.exe
C:\Windows\System\wCIxhHy.exe
2⤵
PID:7048

C:\Windows\System\ThiKGiC.exe
C:\Windows\System\ThiKGiC.exe
2⤵
PID:7108

C:\Windows\System\MLBekyd.exe
C:\Windows\System\MLBekyd.exe
2⤵
PID:7124

C:\Windows\System\PKiTLhM.exe
C:\Windows\System\PKiTLhM.exe
2⤵
PID:7160

C:\Windows\System\XCSNFpV.exe
C:\Windows\System\XCSNFpV.exe
2⤵
PID:5824

C:\Windows\System\OXhzDxc.exe
C:\Windows\System\OXhzDxc.exe
2⤵
PID:6180

C:\Windows\System\VgKaLWt.exe
C:\Windows\System\VgKaLWt.exe
2⤵
PID:6216

C:\Windows\System\OLxJvZe.exe
C:\Windows\System\OLxJvZe.exe
2⤵
PID:6252

C:\Windows\System\rTlzLql.exe
C:\Windows\System\rTlzLql.exe
2⤵
PID:6272

C:\Windows\System\qdQazeW.exe
C:\Windows\System\qdQazeW.exe
2⤵
PID:6368

C:\Windows\System\JXaKekK.exe
C:\Windows\System\JXaKekK.exe
2⤵
PID:6588

C:\Windows\System\PRgIoxD.exe
C:\Windows\System\PRgIoxD.exe
2⤵
PID:6572

C:\Windows\System\AHRmtRI.exe
C:\Windows\System\AHRmtRI.exe
2⤵
PID:6644

C:\Windows\System\dLiWCWv.exe
C:\Windows\System\dLiWCWv.exe
2⤵
PID:6632

C:\Windows\System\rxzfPJz.exe
C:\Windows\System\rxzfPJz.exe
2⤵
PID:6776

C:\Windows\System\VqOrUTf.exe
C:\Windows\System\VqOrUTf.exe
2⤵
PID:6844

C:\Windows\System\NADVCBO.exe
C:\Windows\System\NADVCBO.exe
2⤵
PID:6860

C:\Windows\System\npkGeST.exe
C:\Windows\System\npkGeST.exe
2⤵
PID:2460

C:\Windows\System\atAMZcY.exe
C:\Windows\System\atAMZcY.exe
2⤵
PID:7068

C:\Windows\System\xCOhoqM.exe
C:\Windows\System\xCOhoqM.exe
2⤵
PID:6200

C:\Windows\System\xfykqJw.exe
C:\Windows\System\xfykqJw.exe
2⤵
PID:6196

C:\Windows\System\ogfiSpa.exe
C:\Windows\System\ogfiSpa.exe
2⤵
PID:6284

C:\Windows\System\krFGHnA.exe
C:\Windows\System\krFGHnA.exe
2⤵
PID:6552

C:\Windows\System\XBulzCD.exe
C:\Windows\System\XBulzCD.exe
2⤵
PID:6528

C:\Windows\System\RpWmUoS.exe
C:\Windows\System\RpWmUoS.exe
2⤵
PID:6984

C:\Windows\System\ocajwkm.exe
C:\Windows\System\ocajwkm.exe
2⤵
PID:7028

C:\Windows\System\wxJrcdf.exe
C:\Windows\System\wxJrcdf.exe
2⤵
PID:6432

C:\Windows\System\KcfvZmK.exe
C:\Windows\System\KcfvZmK.exe
2⤵
PID:6704

C:\Windows\System\HQJrlcR.exe
C:\Windows\System\HQJrlcR.exe
2⤵
PID:6940

C:\Windows\System\HZbRWvz.exe
C:\Windows\System\HZbRWvz.exe
2⤵
PID:6228

C:\Windows\System\KeGJCfo.exe
C:\Windows\System\KeGJCfo.exe
2⤵
PID:6812

C:\Windows\System\dywbVCP.exe
C:\Windows\System\dywbVCP.exe
2⤵
PID:7188

C:\Windows\System\XVYplTb.exe
C:\Windows\System\XVYplTb.exe
2⤵
PID:7236

C:\Windows\System\YOJVtCX.exe
C:\Windows\System\YOJVtCX.exe
2⤵
PID:7252

C:\Windows\System\KjHiVdk.exe
C:\Windows\System\KjHiVdk.exe
2⤵
PID:7280

C:\Windows\System\flKawia.exe
C:\Windows\System\flKawia.exe
2⤵
PID:7296

C:\Windows\System\vzBaqbA.exe
C:\Windows\System\vzBaqbA.exe
2⤵
PID:7328

C:\Windows\System\NavkoYY.exe
C:\Windows\System\NavkoYY.exe
2⤵
PID:7352

C:\Windows\System\PCXhFNF.exe
C:\Windows\System\PCXhFNF.exe
2⤵
PID:7404

C:\Windows\System\YmLulnI.exe
C:\Windows\System\YmLulnI.exe
2⤵
PID:7424

C:\Windows\System\ApJERHc.exe
C:\Windows\System\ApJERHc.exe
2⤵
PID:7452

C:\Windows\System\QSTfTtx.exe
C:\Windows\System\QSTfTtx.exe
2⤵
PID:7472

C:\Windows\System\HMJAiEd.exe
C:\Windows\System\HMJAiEd.exe
2⤵
PID:7508

C:\Windows\System\yATTNEN.exe
C:\Windows\System\yATTNEN.exe
2⤵
PID:7556

C:\Windows\System\LmEvwCP.exe
C:\Windows\System\LmEvwCP.exe
2⤵
PID:7580

C:\Windows\System\SfSSwrU.exe
C:\Windows\System\SfSSwrU.exe
2⤵
PID:7600

C:\Windows\System\DiYbfRF.exe
C:\Windows\System\DiYbfRF.exe
2⤵
PID:7620

C:\Windows\System\ivWkQgC.exe
C:\Windows\System\ivWkQgC.exe
2⤵
PID:7644

C:\Windows\System\zDAKauk.exe
C:\Windows\System\zDAKauk.exe
2⤵
PID:7672

C:\Windows\System\hyDrfrj.exe
C:\Windows\System\hyDrfrj.exe
2⤵
PID:7696

C:\Windows\System\uCbOahM.exe
C:\Windows\System\uCbOahM.exe
2⤵
PID:7732

C:\Windows\System\DdymMUY.exe
C:\Windows\System\DdymMUY.exe
2⤵
PID:7768

C:\Windows\System\wUAxuYZ.exe
C:\Windows\System\wUAxuYZ.exe
2⤵
PID:7788

C:\Windows\System\shuNxkS.exe
C:\Windows\System\shuNxkS.exe
2⤵
PID:7804

C:\Windows\System\qoLwpsF.exe
C:\Windows\System\qoLwpsF.exe
2⤵
PID:7828

C:\Windows\System\JpMKvhA.exe
C:\Windows\System\JpMKvhA.exe
2⤵
PID:7856

C:\Windows\System\hiXOTzR.exe
C:\Windows\System\hiXOTzR.exe
2⤵
PID:7884

C:\Windows\System\vWsDjpX.exe
C:\Windows\System\vWsDjpX.exe
2⤵
PID:7904

C:\Windows\System\LFJcyxD.exe
C:\Windows\System\LFJcyxD.exe
2⤵
PID:7936

C:\Windows\System\qkMYHrN.exe
C:\Windows\System\qkMYHrN.exe
2⤵
PID:7956

C:\Windows\System\rIpMmyI.exe
C:\Windows\System\rIpMmyI.exe
2⤵
PID:8028

C:\Windows\System\KSNjXWx.exe
C:\Windows\System\KSNjXWx.exe
2⤵
PID:8056

C:\Windows\System\LBtPIMU.exe
C:\Windows\System\LBtPIMU.exe
2⤵
PID:8076

C:\Windows\System\HxdnvBL.exe
C:\Windows\System\HxdnvBL.exe
2⤵
PID:8104

C:\Windows\System\QhapzQu.exe
C:\Windows\System\QhapzQu.exe
2⤵
PID:8132

C:\Windows\System\qKTvnjB.exe
C:\Windows\System\qKTvnjB.exe
2⤵
PID:8160

C:\Windows\System\stTYwbt.exe
C:\Windows\System\stTYwbt.exe
2⤵
PID:8176

C:\Windows\System\MNKZgBK.exe
C:\Windows\System\MNKZgBK.exe
2⤵
PID:840

C:\Windows\System\dyHojQY.exe
C:\Windows\System\dyHojQY.exe
2⤵
PID:7260

C:\Windows\System\UYyIgEL.exe
C:\Windows\System\UYyIgEL.exe
2⤵
PID:7304

C:\Windows\System\sQhyyDW.exe
C:\Windows\System\sQhyyDW.exe
2⤵
PID:7344

C:\Windows\System\nayDnPq.exe
C:\Windows\System\nayDnPq.exe
2⤵
PID:7320

C:\Windows\System\dcotSiJ.exe
C:\Windows\System\dcotSiJ.exe
2⤵
PID:7444

C:\Windows\System\aheuezK.exe
C:\Windows\System\aheuezK.exe
2⤵
PID:7504

C:\Windows\System\nGJzyrd.exe
C:\Windows\System\nGJzyrd.exe
2⤵
PID:7632

C:\Windows\System\qFmcIje.exe
C:\Windows\System\qFmcIje.exe
2⤵
PID:7636

C:\Windows\System\WwrtMqU.exe
C:\Windows\System\WwrtMqU.exe
2⤵
PID:7796

C:\Windows\System\XBSlAHj.exe
C:\Windows\System\XBSlAHj.exe
2⤵
PID:7864

C:\Windows\System\MKpEqvW.exe
C:\Windows\System\MKpEqvW.exe
2⤵
PID:7920

C:\Windows\System\KWRUJOn.exe
C:\Windows\System\KWRUJOn.exe
2⤵
PID:8024

C:\Windows\System\hkFNZdQ.exe
C:\Windows\System\hkFNZdQ.exe
2⤵
PID:8036

C:\Windows\System\btVVWpx.exe
C:\Windows\System\btVVWpx.exe
2⤵
PID:8096

C:\Windows\System\skQQavI.exe
C:\Windows\System\skQQavI.exe
2⤵
PID:8140

C:\Windows\System\DsDxoVk.exe
C:\Windows\System\DsDxoVk.exe
2⤵
PID:7244

C:\Windows\System\maqhJkF.exe
C:\Windows\System\maqhJkF.exe
2⤵
PID:7392

C:\Windows\System\pIMlUMn.exe
C:\Windows\System\pIMlUMn.exe
2⤵
PID:7420

C:\Windows\System\QqdIhTI.exe
C:\Windows\System\QqdIhTI.exe
2⤵
PID:7568

C:\Windows\System\aPKxwnf.exe
C:\Windows\System\aPKxwnf.exe
2⤵
PID:7728

C:\Windows\System\GhCtWvt.exe
C:\Windows\System\GhCtWvt.exe
2⤵
PID:7824

C:\Windows\System\YaMciqd.exe
C:\Windows\System\YaMciqd.exe
2⤵
PID:7912

C:\Windows\System\XhVwXFq.exe
C:\Windows\System\XhVwXFq.exe
2⤵
PID:7416

C:\Windows\System\XQHGCEB.exe
C:\Windows\System\XQHGCEB.exe
2⤵
PID:7812

C:\Windows\System\UNrVapr.exe
C:\Windows\System\UNrVapr.exe
2⤵
PID:7900

C:\Windows\System\XYNKEeY.exe
C:\Windows\System\XYNKEeY.exe
2⤵
PID:8212

C:\Windows\System\LYbGDKq.exe
C:\Windows\System\LYbGDKq.exe
2⤵
PID:8260

C:\Windows\System\xBWaIsV.exe
C:\Windows\System\xBWaIsV.exe
2⤵
PID:8276

C:\Windows\System\RBbcpiJ.exe
C:\Windows\System\RBbcpiJ.exe
2⤵
PID:8300

C:\Windows\System\autsZTP.exe
C:\Windows\System\autsZTP.exe
2⤵
PID:8316

C:\Windows\System\ICElsxs.exe
C:\Windows\System\ICElsxs.exe
2⤵
PID:8360

C:\Windows\System\oLtlpGY.exe
C:\Windows\System\oLtlpGY.exe
2⤵
PID:8384

C:\Windows\System\ZaaXZPV.exe
C:\Windows\System\ZaaXZPV.exe
2⤵
PID:8516

C:\Windows\System\LGaIWst.exe
C:\Windows\System\LGaIWst.exe
2⤵
PID:8588

C:\Windows\System\WdqCYZP.exe
C:\Windows\System\WdqCYZP.exe
2⤵
PID:8604

C:\Windows\System\XMGNlcv.exe
C:\Windows\System\XMGNlcv.exe
2⤵
PID:8624

C:\Windows\System\tJPSVCk.exe
C:\Windows\System\tJPSVCk.exe
2⤵
PID:8640

C:\Windows\System\BfCnQvH.exe
C:\Windows\System\BfCnQvH.exe
2⤵
PID:8656

C:\Windows\System\huIkbMe.exe
C:\Windows\System\huIkbMe.exe
2⤵
PID:8672

C:\Windows\System\eRvzfwO.exe
C:\Windows\System\eRvzfwO.exe
2⤵
PID:8688

C:\Windows\System\DGlaZWS.exe
C:\Windows\System\DGlaZWS.exe
2⤵
PID:8704

C:\Windows\System\iChuJWk.exe
C:\Windows\System\iChuJWk.exe
2⤵
PID:8744

C:\Windows\System\ysTScYD.exe
C:\Windows\System\ysTScYD.exe
2⤵
PID:8792

C:\Windows\System\Xvqwers.exe
C:\Windows\System\Xvqwers.exe
2⤵
PID:8820

C:\Windows\System\gIjmsLg.exe
C:\Windows\System\gIjmsLg.exe
2⤵
PID:8840

C:\Windows\System\AlIPPae.exe
C:\Windows\System\AlIPPae.exe
2⤵
PID:8888

C:\Windows\System\yvnKZbE.exe
C:\Windows\System\yvnKZbE.exe
2⤵
PID:8904

C:\Windows\System\ctGMoqR.exe
C:\Windows\System\ctGMoqR.exe
2⤵
PID:8924

C:\Windows\System\pjwFPjn.exe
C:\Windows\System\pjwFPjn.exe
2⤵
PID:8944

C:\Windows\System\lZkeFTF.exe
C:\Windows\System\lZkeFTF.exe
2⤵
PID:8972

C:\Windows\System\FNvbDja.exe
C:\Windows\System\FNvbDja.exe
2⤵
PID:8988

C:\Windows\System\KkyzjcQ.exe
C:\Windows\System\KkyzjcQ.exe
2⤵
PID:9036

C:\Windows\System\CgOClWh.exe
C:\Windows\System\CgOClWh.exe
2⤵
PID:9068

C:\Windows\System\kyTYqVA.exe
C:\Windows\System\kyTYqVA.exe
2⤵
PID:9120

C:\Windows\System\rJyQaWU.exe
C:\Windows\System\rJyQaWU.exe
2⤵
PID:9148

C:\Windows\System\TpBylqq.exe
C:\Windows\System\TpBylqq.exe
2⤵
PID:9168

C:\Windows\System\ekeKyCm.exe
C:\Windows\System\ekeKyCm.exe
2⤵
PID:9192

C:\Windows\System\UHVwdDu.exe
C:\Windows\System\UHVwdDu.exe
2⤵
PID:9212

C:\Windows\System\xvQoDFY.exe
C:\Windows\System\xvQoDFY.exe
2⤵
PID:7724

C:\Windows\System\TVsNLYC.exe
C:\Windows\System\TVsNLYC.exe
2⤵
PID:8252

C:\Windows\System\POzDQNG.exe
C:\Windows\System\POzDQNG.exe
2⤵
PID:8332

C:\Windows\System\bNSTszd.exe
C:\Windows\System\bNSTszd.exe
2⤵
PID:8476

C:\Windows\System\ILjfKqk.exe
C:\Windows\System\ILjfKqk.exe
2⤵
PID:8460

C:\Windows\System\zaxepEE.exe
C:\Windows\System\zaxepEE.exe
2⤵
PID:8580

C:\Windows\System\vltosMG.exe
C:\Windows\System\vltosMG.exe
2⤵
PID:8652

C:\Windows\System\iFZqfhK.exe
C:\Windows\System\iFZqfhK.exe
2⤵
PID:8700

C:\Windows\System\xCIVBrw.exe
C:\Windows\System\xCIVBrw.exe
2⤵
PID:8584

C:\Windows\System\smkzJuY.exe
C:\Windows\System\smkzJuY.exe
2⤵
PID:8548

C:\Windows\System\kvSxRdt.exe
C:\Windows\System\kvSxRdt.exe
2⤵
PID:8612

C:\Windows\System\lYXdiWX.exe
C:\Windows\System\lYXdiWX.exe
2⤵
PID:8724

C:\Windows\System\FApdQPQ.exe
C:\Windows\System\FApdQPQ.exe
2⤵
PID:8804

C:\Windows\System\voEXZce.exe
C:\Windows\System\voEXZce.exe
2⤵
PID:8936

C:\Windows\System\XGGZVZr.exe
C:\Windows\System\XGGZVZr.exe
2⤵
PID:8952

C:\Windows\System\BGzhYYO.exe
C:\Windows\System\BGzhYYO.exe
2⤵
PID:9020

C:\Windows\System\AsijFsr.exe
C:\Windows\System\AsijFsr.exe
2⤵
PID:9128

C:\Windows\System\GeFVITa.exe
C:\Windows\System\GeFVITa.exe
2⤵
PID:9184

C:\Windows\System\UvGMVPj.exe
C:\Windows\System\UvGMVPj.exe
2⤵
PID:8456

C:\Windows\System\ZmaaGkh.exe
C:\Windows\System\ZmaaGkh.exe
2⤵
PID:8452

C:\Windows\System\OTuIUZs.exe
C:\Windows\System\OTuIUZs.exe
2⤵
PID:8532

C:\Windows\System\ievsILS.exe
C:\Windows\System\ievsILS.exe
2⤵
PID:8552

C:\Windows\System\jAHXTox.exe
C:\Windows\System\jAHXTox.exe
2⤵
PID:8776

C:\Windows\System\SvyxNQb.exe
C:\Windows\System\SvyxNQb.exe
2⤵
PID:8900

C:\Windows\System\NqoADKO.exe
C:\Windows\System\NqoADKO.exe
2⤵
PID:9028

C:\Windows\System\BoyqzwS.exe
C:\Windows\System\BoyqzwS.exe
2⤵
PID:8308

C:\Windows\System\KfFSwJV.exe
C:\Windows\System\KfFSwJV.exe
2⤵
PID:8480

C:\Windows\System\KyBDswY.exe
C:\Windows\System\KyBDswY.exe
2⤵
PID:8600

C:\Windows\System\utHTkbA.exe
C:\Windows\System\utHTkbA.exe
2⤵
PID:8832

C:\Windows\System\yGOTSRd.exe
C:\Windows\System\yGOTSRd.exe
2⤵
PID:8376

C:\Windows\System\hvrsqdJ.exe
C:\Windows\System\hvrsqdJ.exe
2⤵
PID:8396

C:\Windows\System\LnoLNSc.exe
C:\Windows\System\LnoLNSc.exe
2⤵
PID:9264

C:\Windows\System\qzoBkdc.exe
C:\Windows\System\qzoBkdc.exe
2⤵
PID:9288

C:\Windows\System\ZAuKFsu.exe
C:\Windows\System\ZAuKFsu.exe
2⤵
PID:9312

C:\Windows\System\czSFYVh.exe
C:\Windows\System\czSFYVh.exe
2⤵
PID:9336

C:\Windows\System\eoIJarn.exe
C:\Windows\System\eoIJarn.exe
2⤵
PID:9356

C:\Windows\System\OiOoyqe.exe
C:\Windows\System\OiOoyqe.exe
2⤵
PID:9380

C:\Windows\System\KCkMDBn.exe
C:\Windows\System\KCkMDBn.exe
2⤵
PID:9400

C:\Windows\System\bVxhHUk.exe
C:\Windows\System\bVxhHUk.exe
2⤵
PID:9420

C:\Windows\System\FPNszGN.exe
C:\Windows\System\FPNszGN.exe
2⤵
PID:9436

C:\Windows\System\muDOrlW.exe
C:\Windows\System\muDOrlW.exe
2⤵
PID:9460

C:\Windows\System\uZnlWWN.exe
C:\Windows\System\uZnlWWN.exe
2⤵
PID:9480

C:\Windows\System\rfJgEWV.exe
C:\Windows\System\rfJgEWV.exe
2⤵
PID:9500

C:\Windows\System\lvhxKtr.exe
C:\Windows\System\lvhxKtr.exe
2⤵
PID:9524

C:\Windows\System\TxUIFln.exe
C:\Windows\System\TxUIFln.exe
2⤵
PID:9548

C:\Windows\System\hZVJtQJ.exe
C:\Windows\System\hZVJtQJ.exe
2⤵
PID:9564

C:\Windows\System\mFTuJAV.exe
C:\Windows\System\mFTuJAV.exe
2⤵
PID:9588

C:\Windows\System\qBgTMyH.exe
C:\Windows\System\qBgTMyH.exe
2⤵
PID:9608

C:\Windows\System\XziptnK.exe
C:\Windows\System\XziptnK.exe
2⤵
PID:9628

C:\Windows\System\EXPcbYl.exe
C:\Windows\System\EXPcbYl.exe
2⤵
PID:9652

C:\Windows\System\oTeUBba.exe
C:\Windows\System\oTeUBba.exe
2⤵
PID:9720

C:\Windows\System\dtcOzxW.exe
C:\Windows\System\dtcOzxW.exe
2⤵
PID:9740

C:\Windows\System\mUbCTXw.exe
C:\Windows\System\mUbCTXw.exe
2⤵
PID:9772

C:\Windows\System\nbxEQQL.exe
C:\Windows\System\nbxEQQL.exe
2⤵
PID:9792

C:\Windows\System\utaVOgl.exe
C:\Windows\System\utaVOgl.exe
2⤵
PID:9808

C:\Windows\System\aIqhiIy.exe
C:\Windows\System\aIqhiIy.exe
2⤵
PID:9832

C:\Windows\System\GUhhlfU.exe
C:\Windows\System\GUhhlfU.exe
2⤵
PID:9856

C:\Windows\System\njODdEi.exe
C:\Windows\System\njODdEi.exe
2⤵
PID:9876

C:\Windows\System\dJwVnop.exe
C:\Windows\System\dJwVnop.exe
2⤵
PID:9896

C:\Windows\System\rqaresm.exe
C:\Windows\System\rqaresm.exe
2⤵
PID:9920

C:\Windows\System\SYocpIY.exe
C:\Windows\System\SYocpIY.exe
2⤵
PID:9952

C:\Windows\System\DnqnUud.exe
C:\Windows\System\DnqnUud.exe
2⤵
PID:10008

C:\Windows\System\avItpIP.exe
C:\Windows\System\avItpIP.exe
2⤵
PID:10088

C:\Windows\System\eArqlGm.exe
C:\Windows\System\eArqlGm.exe
2⤵
PID:10172

C:\Windows\System\eYLSCqy.exe
C:\Windows\System\eYLSCqy.exe
2⤵
PID:10188

C:\Windows\System\XngrxgZ.exe
C:\Windows\System\XngrxgZ.exe
2⤵
PID:10212

C:\Windows\System\QoUDCyc.exe
C:\Windows\System\QoUDCyc.exe
2⤵
PID:9176

C:\Windows\System\LeJJFmW.exe
C:\Windows\System\LeJJFmW.exe
2⤵
PID:9276

C:\Windows\System\sjAvLiS.exe
C:\Windows\System\sjAvLiS.exe
2⤵
PID:9320

C:\Windows\System\dUrCuDs.exe
C:\Windows\System\dUrCuDs.exe
2⤵
PID:9344

C:\Windows\System\FMoAKaH.exe
C:\Windows\System\FMoAKaH.exe
2⤵
PID:9396

C:\Windows\System\cFBNUjD.exe
C:\Windows\System\cFBNUjD.exe
2⤵
PID:9496

C:\Windows\System\MFNigDU.exe
C:\Windows\System\MFNigDU.exe
2⤵
PID:9640

C:\Windows\System\NVsbSvp.exe
C:\Windows\System\NVsbSvp.exe
2⤵
PID:9572

C:\Windows\System\SITHxIP.exe
C:\Windows\System\SITHxIP.exe
2⤵
PID:9596

C:\Windows\System\CEsLRaa.exe
C:\Windows\System\CEsLRaa.exe
2⤵
PID:9816

C:\Windows\System\UPCUEhe.exe
C:\Windows\System\UPCUEhe.exe
2⤵
PID:9768

C:\Windows\System\bkggJez.exe
C:\Windows\System\bkggJez.exe
2⤵
PID:9848

C:\Windows\System\InfBACp.exe
C:\Windows\System\InfBACp.exe
2⤵
PID:9888

C:\Windows\System\mHhSSgV.exe
C:\Windows\System\mHhSSgV.exe
2⤵
PID:9764

C:\Windows\System\asiYAxY.exe
C:\Windows\System\asiYAxY.exe
2⤵
PID:10024

C:\Windows\System\HqfwShd.exe
C:\Windows\System\HqfwShd.exe
2⤵
PID:10076

C:\Windows\System\geuJpqv.exe
C:\Windows\System\geuJpqv.exe
2⤵
PID:10120

C:\Windows\System\BqFKuLa.exe
C:\Windows\System\BqFKuLa.exe
2⤵
PID:10160

C:\Windows\System\ImBJNXv.exe
C:\Windows\System\ImBJNXv.exe
2⤵
PID:9296

C:\Windows\System\UfuuUlN.exe
C:\Windows\System\UfuuUlN.exe
2⤵
PID:9584

C:\Windows\System\tJWurRA.exe
C:\Windows\System\tJWurRA.exe
2⤵
PID:9688

C:\Windows\System\bjtpsaK.exe
C:\Windows\System\bjtpsaK.exe
2⤵
PID:9716

C:\Windows\System\lbOPpZB.exe
C:\Windows\System\lbOPpZB.exe
2⤵
PID:9828

C:\Windows\System\EdQbwAs.exe
C:\Windows\System\EdQbwAs.exe
2⤵
PID:9996

C:\Windows\System\AaWXKvG.exe
C:\Windows\System\AaWXKvG.exe
2⤵
PID:10052

C:\Windows\System\Trpydhk.exe
C:\Windows\System\Trpydhk.exe
2⤵
PID:9468

C:\Windows\System\OotZoeW.exe
C:\Windows\System\OotZoeW.exe
2⤵
PID:9332

C:\Windows\System\HdAzGPy.exe
C:\Windows\System\HdAzGPy.exe
2⤵
PID:9916

C:\Windows\System\vYDvzih.exe
C:\Windows\System\vYDvzih.exe
2⤵
PID:10288

C:\Windows\System\COoFUgj.exe
C:\Windows\System\COoFUgj.exe
2⤵
PID:10308

C:\Windows\System\IFInFAg.exe
C:\Windows\System\IFInFAg.exe
2⤵
PID:10336

C:\Windows\System\JTSPMxv.exe
C:\Windows\System\JTSPMxv.exe
2⤵
PID:10356

C:\Windows\System\fmgVoYB.exe
C:\Windows\System\fmgVoYB.exe
2⤵
PID:10376

C:\Windows\System\ArvNfiJ.exe
C:\Windows\System\ArvNfiJ.exe
2⤵
PID:10396

C:\Windows\System\NMtgpys.exe
C:\Windows\System\NMtgpys.exe
2⤵
PID:10424

C:\Windows\System\LPeVcAL.exe
C:\Windows\System\LPeVcAL.exe
2⤵
PID:10464

C:\Windows\System\hIdQeLf.exe
C:\Windows\System\hIdQeLf.exe
2⤵
PID:10484

C:\Windows\System\bHuIVhs.exe
C:\Windows\System\bHuIVhs.exe
2⤵
PID:10504

C:\Windows\System\EYYJGhe.exe
C:\Windows\System\EYYJGhe.exe
2⤵
PID:10560

C:\Windows\System\RuRNyGG.exe
C:\Windows\System\RuRNyGG.exe
2⤵
PID:10580

C:\Windows\System\onRAXxM.exe
C:\Windows\System\onRAXxM.exe
2⤵
PID:10620

C:\Windows\System\LTrawGQ.exe
C:\Windows\System\LTrawGQ.exe
2⤵
PID:10648

C:\Windows\System\GfChKTe.exe
C:\Windows\System\GfChKTe.exe
2⤵
PID:10680

C:\Windows\System\tJbpkbs.exe
C:\Windows\System\tJbpkbs.exe
2⤵
PID:10696

C:\Windows\System\mUmSvHm.exe
C:\Windows\System\mUmSvHm.exe
2⤵
PID:10736

C:\Windows\System\KoQwKkN.exe
C:\Windows\System\KoQwKkN.exe
2⤵
PID:10772

C:\Windows\System\ybPZCVa.exe
C:\Windows\System\ybPZCVa.exe
2⤵
PID:10796

C:\Windows\System\NqJBNzt.exe
C:\Windows\System\NqJBNzt.exe
2⤵
PID:10828

C:\Windows\System\FYTQzUI.exe
C:\Windows\System\FYTQzUI.exe
2⤵
PID:10848

C:\Windows\System\YrzDfbb.exe
C:\Windows\System\YrzDfbb.exe
2⤵
PID:10864

C:\Windows\System\nxcUjVO.exe
C:\Windows\System\nxcUjVO.exe
2⤵
PID:10908

C:\Windows\System\oOsGVuG.exe
C:\Windows\System\oOsGVuG.exe
2⤵
PID:10928

C:\Windows\System\PWBOjix.exe
C:\Windows\System\PWBOjix.exe
2⤵
PID:10944

C:\Windows\System\XrKfyez.exe
C:\Windows\System\XrKfyez.exe
2⤵
PID:10968

C:\Windows\System\RwPubZk.exe
C:\Windows\System\RwPubZk.exe
2⤵
PID:10988

C:\Windows\System\oGmNVTw.exe
C:\Windows\System\oGmNVTw.exe
2⤵
PID:11012

C:\Windows\System\uXOziuD.exe
C:\Windows\System\uXOziuD.exe
2⤵
PID:11032

C:\Windows\System\lsLIyDR.exe
C:\Windows\System\lsLIyDR.exe
2⤵
PID:11056

C:\Windows\System\OTuFFEL.exe
C:\Windows\System\OTuFFEL.exe
2⤵
PID:11072

C:\Windows\System\RvCyGcp.exe
C:\Windows\System\RvCyGcp.exe
2⤵
PID:11092

C:\Windows\System\pxMJBkj.exe
C:\Windows\System\pxMJBkj.exe
2⤵
PID:11132

C:\Windows\System\YJesjTB.exe
C:\Windows\System\YJesjTB.exe
2⤵
PID:11164

C:\Windows\System\gmQAJOY.exe
C:\Windows\System\gmQAJOY.exe
2⤵
PID:11200

C:\Windows\System\PepiFHv.exe
C:\Windows\System\PepiFHv.exe
2⤵
PID:11248

C:\Windows\System\bsPnvWf.exe
C:\Windows\System\bsPnvWf.exe
2⤵
PID:9328

C:\Windows\System\MgGLuGR.exe
C:\Windows\System\MgGLuGR.exe
2⤵
PID:10276

C:\Windows\System\owBXNUE.exe
C:\Windows\System\owBXNUE.exe
2⤵
PID:10124

C:\Windows\System\cohcHOs.exe
C:\Windows\System\cohcHOs.exe
2⤵
PID:10316

C:\Windows\System\fSQpTOI.exe
C:\Windows\System\fSQpTOI.exe
2⤵
PID:10372

C:\Windows\System\yBGgELr.exe
C:\Windows\System\yBGgELr.exe
2⤵
PID:10500

C:\Windows\System\eKJOMPB.exe
C:\Windows\System\eKJOMPB.exe
2⤵
PID:10536

C:\Windows\System\LTAzhiK.exe
C:\Windows\System\LTAzhiK.exe
2⤵
PID:10608

C:\Windows\System\RrLRgnm.exe
C:\Windows\System\RrLRgnm.exe
2⤵
PID:10612

C:\Windows\System\tWrnRVJ.exe
C:\Windows\System\tWrnRVJ.exe
2⤵
PID:10660

C:\Windows\System\WEkPSUP.exe
C:\Windows\System\WEkPSUP.exe
2⤵
PID:10692

C:\Windows\System\QioACiN.exe
C:\Windows\System\QioACiN.exe
2⤵
PID:10784

C:\Windows\System\GbtiNMe.exe
C:\Windows\System\GbtiNMe.exe
2⤵
PID:10920

C:\Windows\System\cvwXPRy.exe
C:\Windows\System\cvwXPRy.exe
2⤵
PID:11124

C:\Windows\System\ORlUzBL.exe
C:\Windows\System\ORlUzBL.exe
2⤵
PID:11220

C:\Windows\System\kZlPlUq.exe
C:\Windows\System\kZlPlUq.exe
2⤵
PID:10436

C:\Windows\System\nIZJYgk.exe
C:\Windows\System\nIZJYgk.exe
2⤵
PID:10352

C:\Windows\System\DGQRKpL.exe
C:\Windows\System\DGQRKpL.exe
2⤵
PID:10348

C:\Windows\System\mNheswB.exe
C:\Windows\System\mNheswB.exe
2⤵
PID:10716

C:\Windows\System\pFcKBXR.exe
C:\Windows\System\pFcKBXR.exe
2⤵
PID:10516

C:\Windows\System\iDJNZga.exe
C:\Windows\System\iDJNZga.exe
2⤵
PID:10576

C:\Windows\System\dVuXtpt.exe
C:\Windows\System\dVuXtpt.exe
2⤵
PID:10940

C:\Windows\System\PbDJXPN.exe
C:\Windows\System\PbDJXPN.exe
2⤵
PID:11240

C:\Windows\System\XuvVTxl.exe
C:\Windows\System\XuvVTxl.exe
2⤵
PID:10792

C:\Windows\System\drvGVlo.exe
C:\Windows\System\drvGVlo.exe
2⤵
PID:10856

C:\Windows\System\JKYizCO.exe
C:\Windows\System\JKYizCO.exe
2⤵
PID:11272

C:\Windows\System\NqMFxbb.exe
C:\Windows\System\NqMFxbb.exe
2⤵
PID:11288

C:\Windows\System\qqmazvN.exe
C:\Windows\System\qqmazvN.exe
2⤵
PID:11304

C:\Windows\System\ZsJLnAh.exe
C:\Windows\System\ZsJLnAh.exe
2⤵
PID:11340

C:\Windows\System\fNpjxby.exe
C:\Windows\System\fNpjxby.exe
2⤵
PID:11360

C:\Windows\System\XrbYyaZ.exe
C:\Windows\System\XrbYyaZ.exe
2⤵
PID:11380

C:\Windows\System\VtEIJEK.exe
C:\Windows\System\VtEIJEK.exe
2⤵
PID:11400

C:\Windows\System\HLZkEij.exe
C:\Windows\System\HLZkEij.exe
2⤵
PID:11432

C:\Windows\System\xcUPkxQ.exe
C:\Windows\System\xcUPkxQ.exe
2⤵
PID:11456

C:\Windows\System\vnNdHDt.exe
C:\Windows\System\vnNdHDt.exe
2⤵
PID:11532

C:\Windows\System\BVHxBuA.exe
C:\Windows\System\BVHxBuA.exe
2⤵
PID:11560

C:\Windows\System\gGRrUTl.exe
C:\Windows\System\gGRrUTl.exe
2⤵
PID:11600

C:\Windows\System\WuHSSCW.exe
C:\Windows\System\WuHSSCW.exe
2⤵
PID:11616

C:\Windows\System\FwUetYw.exe
C:\Windows\System\FwUetYw.exe
2⤵
PID:11636

C:\Windows\System\tmlCvfG.exe
C:\Windows\System\tmlCvfG.exe
2⤵
PID:11660

C:\Windows\System\GAJmbIj.exe
C:\Windows\System\GAJmbIj.exe
2⤵
PID:11708

C:\Windows\System\DmEihnm.exe
C:\Windows\System\DmEihnm.exe
2⤵
PID:11728

C:\Windows\System\hcZWdEV.exe
C:\Windows\System\hcZWdEV.exe
2⤵
PID:11748

C:\Windows\System\MEABfNp.exe
C:\Windows\System\MEABfNp.exe
2⤵
PID:11764

C:\Windows\System\RGCLwkD.exe
C:\Windows\System\RGCLwkD.exe
2⤵
PID:11792

C:\Windows\System\qmytxEq.exe
C:\Windows\System\qmytxEq.exe
2⤵
PID:11824

C:\Windows\System\viIxzDz.exe
C:\Windows\System\viIxzDz.exe
2⤵
PID:11868

C:\Windows\System\qOAaKAo.exe
C:\Windows\System\qOAaKAo.exe
2⤵
PID:11900

C:\Windows\System\BKUntHg.exe
C:\Windows\System\BKUntHg.exe
2⤵
PID:11924

C:\Windows\System\VbNgXJi.exe
C:\Windows\System\VbNgXJi.exe
2⤵
PID:11944

C:\Windows\System\vlHhVQY.exe
C:\Windows\System\vlHhVQY.exe
2⤵
PID:11976

C:\Windows\System\PfukNnv.exe
C:\Windows\System\PfukNnv.exe
2⤵
PID:12000

C:\Windows\System\dntvayJ.exe
C:\Windows\System\dntvayJ.exe
2⤵
PID:12024

C:\Windows\System\Utzfgjz.exe
C:\Windows\System\Utzfgjz.exe
2⤵
PID:12076

C:\Windows\System\yvcdass.exe
C:\Windows\System\yvcdass.exe
2⤵
PID:12092

C:\Windows\System\tcXbnOB.exe
C:\Windows\System\tcXbnOB.exe
2⤵
PID:12112

C:\Windows\System\RPOHEsN.exe
C:\Windows\System\RPOHEsN.exe
2⤵
PID:12136

C:\Windows\System\oEIMuah.exe
C:\Windows\System\oEIMuah.exe
2⤵
PID:12156

C:\Windows\System\heGLYuB.exe
C:\Windows\System\heGLYuB.exe
2⤵
PID:12196

C:\Windows\System\mNQoRHa.exe
C:\Windows\System\mNQoRHa.exe
2⤵
PID:12224

C:\Windows\System\RgkdEGz.exe
C:\Windows\System\RgkdEGz.exe
2⤵
PID:12240

C:\Windows\System\CZSLvRH.exe
C:\Windows\System\CZSLvRH.exe
2⤵
PID:12264

C:\Windows\System\tBcEIGX.exe
C:\Windows\System\tBcEIGX.exe
2⤵
PID:11260

C:\Windows\System\LAbtzSo.exe
C:\Windows\System\LAbtzSo.exe
2⤵
PID:11296

C:\Windows\System\ZCWFFav.exe
C:\Windows\System\ZCWFFav.exe
2⤵
PID:11332

C:\Windows\System\vIbWzNM.exe
C:\Windows\System\vIbWzNM.exe
2⤵
PID:11368

C:\Windows\System\hIcMugA.exe
C:\Windows\System\hIcMugA.exe
2⤵
PID:11472

C:\Windows\System\ilxqtMm.exe
C:\Windows\System\ilxqtMm.exe
2⤵
PID:11500

C:\Windows\System\ikRPNPT.exe
C:\Windows\System\ikRPNPT.exe
2⤵
PID:11580

C:\Windows\System\BQxDKBD.exe
C:\Windows\System\BQxDKBD.exe
2⤵
PID:11592

C:\Windows\System\JFJBfGb.exe
C:\Windows\System\JFJBfGb.exe
2⤵
PID:11656

C:\Windows\System\EqeZBid.exe
C:\Windows\System\EqeZBid.exe
2⤵
PID:11800

C:\Windows\System\bPmFcGy.exe
C:\Windows\System\bPmFcGy.exe
2⤵
PID:11852

C:\Windows\System\edimdMN.exe
C:\Windows\System\edimdMN.exe
2⤵
PID:11952

C:\Windows\System\xSfTmmH.exe
C:\Windows\System\xSfTmmH.exe
2⤵
PID:11964

C:\Windows\System\wpSzmPA.exe
C:\Windows\System\wpSzmPA.exe
2⤵
PID:12016

C:\Windows\System\sMnjkge.exe
C:\Windows\System\sMnjkge.exe
2⤵
PID:12072

C:\Windows\System\LTsFxff.exe
C:\Windows\System\LTsFxff.exe
2⤵
PID:12124

C:\Windows\System\EIfHmhu.exe
C:\Windows\System\EIfHmhu.exe
2⤵
PID:12192

C:\Windows\System\mEByjdj.exe
C:\Windows\System\mEByjdj.exe
2⤵
PID:11552

C:\Windows\System\cPYgMqj.exe
C:\Windows\System\cPYgMqj.exe
2⤵
PID:11428

C:\Windows\System\votjKHy.exe
C:\Windows\System\votjKHy.exe
2⤵
PID:11648

C:\Windows\System\xTmlxCz.exe
C:\Windows\System\xTmlxCz.exe
2⤵
PID:11716

C:\Windows\System\HRxcRQa.exe
C:\Windows\System\HRxcRQa.exe
2⤵
PID:11908

C:\Windows\System\gkylOdv.exe
C:\Windows\System\gkylOdv.exe
2⤵
PID:12176

C:\Windows\System\Wgjskiq.exe
C:\Windows\System\Wgjskiq.exe
2⤵
PID:12104

C:\Windows\System\skAtGiK.exe
C:\Windows\System\skAtGiK.exe
2⤵
PID:12284

C:\Windows\System\vejPwoK.exe
C:\Windows\System\vejPwoK.exe
2⤵
PID:12276

C:\Windows\System\LyzPgCz.exe
C:\Windows\System\LyzPgCz.exe
2⤵
PID:3856

C:\Windows\System\yzueFXR.exe
C:\Windows\System\yzueFXR.exe
2⤵
PID:11508

C:\Windows\System\lxhlNKD.exe
C:\Windows\System\lxhlNKD.exe
2⤵
PID:11840

C:\Windows\System\gNyHgQc.exe
C:\Windows\System\gNyHgQc.exe
2⤵
PID:11408

C:\Windows\System\eIAcFQg.exe
C:\Windows\System\eIAcFQg.exe
2⤵
PID:12292

C:\Windows\System\TPgiAAP.exe
C:\Windows\System\TPgiAAP.exe
2⤵
PID:12316

C:\Windows\System\dEloXIX.exe
C:\Windows\System\dEloXIX.exe
2⤵
PID:12340

C:\Windows\System\BvrWEZh.exe
C:\Windows\System\BvrWEZh.exe
2⤵
PID:12364

C:\Windows\System\VlVdIbp.exe
C:\Windows\System\VlVdIbp.exe
2⤵
PID:12384

C:\Windows\System\ILNAygN.exe
C:\Windows\System\ILNAygN.exe
2⤵
PID:12412

C:\Windows\System\hVOemxV.exe
C:\Windows\System\hVOemxV.exe
2⤵
PID:12432

C:\Windows\System\ayHzvUy.exe
C:\Windows\System\ayHzvUy.exe
2⤵
PID:12460

C:\Windows\System\qIrnIqi.exe
C:\Windows\System\qIrnIqi.exe
2⤵
PID:12480

C:\Windows\System\QOaYkcH.exe
C:\Windows\System\QOaYkcH.exe
2⤵
PID:12516

C:\Windows\System\AhEOlkK.exe
C:\Windows\System\AhEOlkK.exe
2⤵
PID:12564

C:\Windows\System\ACpznLt.exe
C:\Windows\System\ACpznLt.exe
2⤵
PID:12588

C:\Windows\System\bnrIrOv.exe
C:\Windows\System\bnrIrOv.exe
2⤵
PID:12620

C:\Windows\System\tqscLrt.exe
C:\Windows\System\tqscLrt.exe
2⤵
PID:12648

C:\Windows\System\jpkcjyO.exe
C:\Windows\System\jpkcjyO.exe
2⤵
PID:12672

C:\Windows\System\lIJXlwO.exe
C:\Windows\System\lIJXlwO.exe
2⤵
PID:12692

C:\Windows\System\hUvRune.exe
C:\Windows\System\hUvRune.exe
2⤵
PID:12728

C:\Windows\System\qsRTLiq.exe
C:\Windows\System\qsRTLiq.exe
2⤵
PID:12744

C:\Windows\System\OmEfstJ.exe
C:\Windows\System\OmEfstJ.exe
2⤵
PID:12788

C:\Windows\System\HswURWD.exe
C:\Windows\System\HswURWD.exe
2⤵
PID:12808

C:\Windows\System\juUJLnZ.exe
C:\Windows\System\juUJLnZ.exe
2⤵
PID:12832

C:\Windows\System\gsmKLrJ.exe
C:\Windows\System\gsmKLrJ.exe
2⤵
PID:12864

C:\Windows\System\QxbINpt.exe
C:\Windows\System\QxbINpt.exe
2⤵
PID:12884

C:\Windows\System\UCHsekN.exe
C:\Windows\System\UCHsekN.exe
2⤵
PID:12928

C:\Windows\System\aQylEIY.exe
C:\Windows\System\aQylEIY.exe
2⤵
PID:12948

C:\Windows\System\CQtblZu.exe
C:\Windows\System\CQtblZu.exe
2⤵
PID:12980

C:\Windows\System\RzECMpK.exe
C:\Windows\System\RzECMpK.exe
2⤵
PID:13000

C:\Windows\System\zyueXEh.exe
C:\Windows\System\zyueXEh.exe
2⤵
PID:13020

C:\Windows\System\KcmarJl.exe
C:\Windows\System\KcmarJl.exe
2⤵
PID:13040

C:\Windows\System\aCgLqoG.exe
C:\Windows\System\aCgLqoG.exe
2⤵
PID:13104

C:\Windows\System\xEPhAFT.exe
C:\Windows\System\xEPhAFT.exe
2⤵
PID:13140

C:\Windows\System\UtGxkxc.exe
C:\Windows\System\UtGxkxc.exe
2⤵
PID:13164

C:\Windows\System\xuKqdRh.exe
C:\Windows\System\xuKqdRh.exe
2⤵
PID:13192

C:\Windows\System\YlzGhhc.exe
C:\Windows\System\YlzGhhc.exe
2⤵
PID:13208

C:\Windows\System\bLkXnaE.exe
C:\Windows\System\bLkXnaE.exe
2⤵
PID:13252

C:\Windows\System\zKntEkQ.exe
C:\Windows\System\zKntEkQ.exe
2⤵
PID:13292

C:\Windows\System\wlPtrdl.exe
C:\Windows\System\wlPtrdl.exe
2⤵
PID:12252

C:\Windows\System\FSXdMrR.exe
C:\Windows\System\FSXdMrR.exe
2⤵
PID:12312

C:\Windows\System\pooaoVo.exe
C:\Windows\System\pooaoVo.exe
2⤵
PID:12488

C:\Windows\System\acdVqCN.exe
C:\Windows\System\acdVqCN.exe
2⤵
PID:12448

C:\Windows\System\gGMxeyC.exe
C:\Windows\System\gGMxeyC.exe
2⤵
PID:12512

C:\Windows\System\TDwfJwS.exe
C:\Windows\System\TDwfJwS.exe
2⤵
PID:12556

C:\Windows\System\vFQKntW.exe
C:\Windows\System\vFQKntW.exe
2⤵
PID:12596

C:\Windows\System\yHBKwII.exe
C:\Windows\System\yHBKwII.exe
2⤵
PID:12716

C:\Windows\System\bpMzwEb.exe
C:\Windows\System\bpMzwEb.exe
2⤵
PID:12724

C:\Windows\System\JyPnRCj.exe
C:\Windows\System\JyPnRCj.exe
2⤵
PID:12872

C:\Windows\System\gPMvcEu.exe
C:\Windows\System\gPMvcEu.exe
2⤵
PID:12876

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_r5ooqdnu.2vk.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BMrfWeS.exe
Filesize
1.6MB

MD5
761a03e20ffd47ec8ef401a6e5ea9977

SHA1
90be8f86d4b25aca470bf70ab02e9fbc4d8d0f6d

SHA256
ce7c79aa288984d57224c6f219b45f6d66e891f6a26b0ec1414c0cf08d4e44de

SHA512
90afc503b3dd1a6188a3e85e796bb91c1d4df7ee50f3a52743d4bf6f476bad5bb9f05b5c5135f09c127d3d7c645440feca755dbd006d6b8ad149bb0447f3e213

Download Submit
C:\Windows\System\BwlZEqz.exe
Filesize
1.6MB

MD5
09c4a7972e92ab194256353c9f1d9866

SHA1
bbe1b6bc41e19627ec57ebe73db7956e7b0a9c17

SHA256
d1d63137f4d2ee6af358c2a51e441f080a2fe86d7fde74bbd38cfddd2b8fedf1

SHA512
00bf89bde5718a6b454899951d949de61e7bfe27de55da2ce4d3566b8eec9b84b64fda5cfdffcf361d071ccd0ec78a91cec50faafca904b666cadd130de3df70

Download Submit
C:\Windows\System\CRQouOU.exe
Filesize
1.6MB

MD5
075baa86b362d4e4562ae68cb278ab22

SHA1
614794204eca7d58a84a33cdccc5c9da149468d5

SHA256
f2e06c7376f61c926beb6fc457dfc7feaa8e03ecfd623feecff34602b3745d86

SHA512
ce26b0a33552188d142070a345bc74e774cbebbd3e5eeffed9c25d40a1696301cc0e4df27683aa211e259ec5e393d798cc97b6de8a0a3c32ef3124c2e3e38a43

Download Submit
C:\Windows\System\EvvsuRR.exe
Filesize
1.6MB

MD5
8c6e9c7d25effc4a1c45ccdd700a599e

SHA1
b5e2ddd2acb292de59262f4c22449d292f109bcb

SHA256
88cc1f1d00e21cc29c2850afcbd2404f5a2c1002e8cc3ae7323361825cf3221b

SHA512
3ef332bae696ba4bdb064d3435f40613dd19b8cd3fdfc0311cdb2cf302232c8a7139fa760118b5a8c46009c3cdb44ddb89df22e9e6145617544e83080decd8e0

Download Submit
C:\Windows\System\IxfOSyR.exe
Filesize
1.6MB

MD5
1bde98d2613d2e4655736b14c59e12d9

SHA1
66fb0abd3a0d958efc1a1fff451a911d7fa272c8

SHA256
8f084b7cd20b6e98a211ae82ec55a094f8eeebea730fcfa31c917dc86ed8fca8

SHA512
c0874cab34b8cd93b91030609b7daa65e30db265931d7d4595153918c743fe8e269d5b57919ab2d4b3170064fb7b60e8493b528e8be2b4a8258ae81bb25025f8

Download Submit
C:\Windows\System\MGpljIq.exe
Filesize
8B

MD5
68703642e5faeaf00b4b9f791a04a7f5

SHA1
2e8f5d51bda54b6b227caed2cb4535020c7a482c

SHA256
76bc446e18daed4e6417440c778e757728762c893f014de08ffa5f0fe98668bd

SHA512
0c1919485a30576b5fdf963204dc04b356f524c23dfb4ffaecdbb8a8ea4a0993cf3ac05bee011edf07b5b637ac7455499983eac22f5cdd87cd869e7a046115a5

Download Submit
C:\Windows\System\MHnEPlM.exe
Filesize
1.6MB

MD5
1aff8b0b31fa0290eb7471fea41fa026

SHA1
a6c799b606777743bf0a48c2f3399156b3e73cb9

SHA256
be6a28c6150823636d1179dbb73c1331636d3762c858736e977ee63dcfeaa87e

SHA512
7e6a8e7a15772323c9ef6572dfc4a0b3f5265ca53136a20d5d6255c6437a2d1f30118e06e52a3263a8c7258c06e6806e4cc1cdfefdc24f757c4eca5094ab1712

Download Submit
C:\Windows\System\QTbLxMi.exe
Filesize
1.6MB

MD5
6697570e5403776806ea97b1a98afbb7

SHA1
831236710df2447d01f86ad21a2f071c65db801d

SHA256
e14acaebc7cda2c5011b765bff9aabaab74ef546dc6d68e830a958c815b52bcd

SHA512
edfabb6c4d07560b5d63bba8f2b0f67d725cd88aca941c50c7df3d2b70bb270aad4b1e28c7f7ab95a36a408969edbd54f9f14cf5eeb008dd5eb6b84dad89746a

Download Submit
C:\Windows\System\RRNlJIY.exe
Filesize
1.6MB

MD5
e2eadf8ab2ffb6131dec338b7cab1cc6

SHA1
6b79732af123afb953be0333562830dab27e1c42

SHA256
845c7b4d32f7d3e04f75bff4fbf06cc825a58fd97b5d70589016343dd364e07f

SHA512
ab4b26f50be8733f7db0def66435c810c4183a5e13a54ddbb13470c83664461e2e5205349968c21c4c27aa876b8028a367d39a9d989f29cf0ba8fc66d0d09a29

Download Submit
C:\Windows\System\RwuTQwp.exe
Filesize
1.6MB

MD5
17dc6f00c4e31e0ca49b87bd7cd0d80f

SHA1
93506325f54ed063fd847e758728a074190f99f1

SHA256
9b13edc948a4244fbe0f257f508e586f4633be064d0f771c529ff9aec7b2db64

SHA512
c1a799aa7619384f02ff09995bd37c509d5cd7e09a1c052f6564f73c793ecc6039c369ea8cd0b3f4c7e63617069039fc7036966d09cb4bf75f1cd93259985c9a

Download Submit
C:\Windows\System\TVtGIDA.exe
Filesize
1.6MB

MD5
181d7d27f33468075fa38fc9a1b42868

SHA1
fd9c763487776f8a80fd22d00030035635a6afc2

SHA256
9ba448b99b2ef436d10b75aabcd933c831be08170b22aa8b1a93289b10adbff5

SHA512
92b8a16d5cb03c04dab991af42e269954599a34605415e3e38b8dde3f8bc23212328c174c60aa32cf32d2a24ca6b1b38d521b282dda85da85f6b9076fb921068

Download Submit
C:\Windows\System\XxXhJtg.exe
Filesize
1.6MB

MD5
7ab73e75bbe350d2b74fceb85f57ffe8

SHA1
7ece364c4bd09a1288d0131a9e8ec3e4cb354b27

SHA256
df72a69fff3ff8ba5c106d00dd76465bf99c2268d635c27752ad7ccc97280a1c

SHA512
f43c72571ee096efc9e9d3cb4618ce67cb52f5b62db1ded094c7583c70cf76cbb357a18b66e77d7a99752863b258e66fc0d68ad5617a0bfb569c786c0a5810f8

Download Submit
C:\Windows\System\YmPzZNJ.exe
Filesize
1.6MB

MD5
25b200e4e7ede020810ab8157a4749b6

SHA1
a650606f8b5c08cf3f14f14302817562c6153efd

SHA256
92d6ceb4573fd3a51ebe5bcc6df644edee2f7470d020794baed37a1cb85529df

SHA512
6ef0ba9c802e9d45c07a30d2117b25cad853c7df87e30bd908c4b90f7a0ad314004482d69dace632bf9d9c0473e3a6597d809c98c2393792555ebc6d5bc26904

Download Submit
C:\Windows\System\ZynhovU.exe
Filesize
1.6MB

MD5
379483178a98cb336f074cd0200e75d3

SHA1
2d72f6195a271e1ad59816b3073ce49890eaffcb

SHA256
16c6afe0b16dd0beaf2dba791dca9d8daafe5e5bf07150d99276b25b6a869d51

SHA512
3e2c8df5ea4aba211ba771076b84ee94a17f7460ebd3daa5316c2478b5592651d2a7c177aaa46665b28b8b31f864a2d79e394135855c77188bd8d4832d246dbf

Download Submit
C:\Windows\System\cxdXUpH.exe
Filesize
1.6MB

MD5
39340fa12179d1679b01086d633f6060

SHA1
de82e4e2f8a02b7a84338f4aaabcfe09c5352df7

SHA256
8d513ce43b7207303585d90b921164d5409b0b905144c1c5b624d38c812da26d

SHA512
f84633f65c548981bf2bf06ac580571fca57a3167bfad18c8a5e289151e5e29bcd81dcf214c58cce9d894bc17dfb538fba398a8022b9c1b69a32c5299f6184b2

Download Submit
C:\Windows\System\fhgITgd.exe
Filesize
1.6MB

MD5
6bba55d2419b8db4d9d8e9aae374d154

SHA1
12c95fc3a224bfb7194557a7c63e7fc600dcf406

SHA256
b37c837b226fd940facd8fe210c5540079e35702a7f653fded026a942a04bb43

SHA512
9b30d2fdc40c68f2ddaecc38fedc1a59bf9d5d3a55bd518a3e31a52afd676b81cfb01cd84ca397a0f9e7f16d5d00a4d5419014ae496a881d9b36dd3e82401a9e

Download Submit
C:\Windows\System\iXukbgW.exe
Filesize
1.6MB

MD5
8d524a253f68de7148500a12807d722a

SHA1
8403c7d4006828b53494af024597bc53e9d9dd11

SHA256
10cb457f8fedefdc36c19d6f425e6e37891b652f69a7be9bfe38221bc80a29dc

SHA512
ca2adcbf8c897e580e50aa03d78ed922db651df78c5bf268fe5b4e2e3368fb2907e8792dd5b1a43a08de4ea5f9b995da8cce6241e15e4522e9ed5dfce80e8adc

Download Submit
C:\Windows\System\jowGnfT.exe
Filesize
1.6MB

MD5
dfad4ef4b984f2159133c20f48b6caa6

SHA1
0d13600840556674ed971dc24aa5779b879835c7

SHA256
25b8768cc1f4eab463658bd5d3b50bce513b9b8c9d698e2d65deb3efa925fc07

SHA512
9c710cbb42cb1ac2d000e3d7e30fd160078c4efb080ced308c7c006a7a514da2354acdbfd6d9fc5f4662b09b651fc3ea7d46daeed2ec4a5324995019964a56a5

Download Submit
C:\Windows\System\jxgGpny.exe
Filesize
1.6MB

MD5
1369a1f7ea3f31044fe346880c30f0ae

SHA1
ef429cb80ede7735306ac743c18fdf25892d4caa

SHA256
d3bfd31391e5a369efd395a9874466c2c33106d3146f549a03062617b22b41f5

SHA512
8ca296b42791c8397420564b60915b79840749899a1fe1fc2010a3c75f9906c743bfde9aaf06631da2b8a5122ad3c23cf38a83370ec6e5e063a870345ff4aea4

Download Submit
C:\Windows\System\lLhJoPk.exe
Filesize
1.6MB

MD5
42c232d5cdaa5df2d2aa9b4198d05177

SHA1
dd09b1a4d858a4ee98167ddd0e93091304fbb03c

SHA256
132ac11056e2b775ddca651b757c396811a6747b3c04682c3a9afae660368227

SHA512
73e832d3e3fa63c9fe2976b25068bf438ea523231037dc0cdcac61497744a42897b77829c581dce9165b0d8ef741584389062bc78f89ba68c76b38e0c898fa36

Download Submit
C:\Windows\System\oYoMqso.exe
Filesize
1.6MB

MD5
aaf725206e67758c63578a1a168c2efc

SHA1
80ed6e37ad35de257a83035beba6df9c099ce170

SHA256
57563c1df72ef8774526596a8b6f72735a2606a00bbbdd3bde799663302fef2a

SHA512
3376040ce24aded0f9ad6c829aa503c82164148076df7af663adbcba377b5dda90e051da40e1fafdd15310e5ad09e75e4b6e35504ed44c4f48958fdef2bb39e5

Download Submit
C:\Windows\System\pHNBabU.exe
Filesize
1.6MB

MD5
08b65fb4abd2f523694be5419d84498e

SHA1
246947d5f67410fd6e230e77a26b7fd5f37d2754

SHA256
8f8e4c3408d47898751088eaf9bec025bb1bb3f3c5e5fdf513003c8fb39089a0

SHA512
60228da65e305c4f4b68154b36553f6617cc447a1aba701b3d05f5808fcba31e3e61230f37e7a80d35f530787599b96db74ded6361dbe734430a0a4e31c50bea

Download Submit
C:\Windows\System\pViiyuM.exe
Filesize
1.6MB

MD5
9cb75e9960b0348ef348df40e6a1c019

SHA1
e7a551fc689c4c5e2cb72216d9950f221294fe17

SHA256
80570399dfe2e25f3a7e1c92e9ba1193237f68ababaafc15ee04ea2a16e689f9

SHA512
838c8a5df211cbb0744e865666a1e5a15ae716f5944d14a578609eac5af792bb830cdc01f3784b71698159cdb5e9ff24916e9747b890ee0f216d25347673bd8b

Download Submit
C:\Windows\System\qVHRjXw.exe
Filesize
1.6MB

MD5
37c5e8430f92c62280f5a42e71ea3212

SHA1
d23916a84f6e4b33e8578e735ae37fa25fdf903d

SHA256
217723beccfc528c7ff7de258b7cf3f0d98f27fccd061ef7f7a82525dea24272

SHA512
c11edd1ca3bdba9562bea5dac76a7890e6cfad091a27450df1caf54e8270b2f9102429b94c9fea0e63bfa28cecb465835c2f35ae7e68692b06966710669663fc

Download Submit
C:\Windows\System\sLuAcrn.exe
Filesize
1.6MB

MD5
2c914b2912e7db54181dd6e72fb7a2e8

SHA1
b77ce04673cbf5dd54d08650139ef633e309eac5

SHA256
68212568fd84944228f601fa5707dd27f5fe1f312f3d5ac4396b26c14d5689e5

SHA512
875f2ea1adde1f9d127c9c5445d1dc3ec5f9607499448c3d38314079df7027010568ef165a416085cba7f9470bfa63f35942c60147b93ed79b9792e1f5e67d94

Download Submit
C:\Windows\System\sUTURkR.exe
Filesize
1.6MB

MD5
d83f339cd72ea9ed8d46b11ec3f9d63e

SHA1
8b3a748759a83251a99c75919bc5e4c92ca5fc96

SHA256
a62cfbaf82f9fba69ae8bddfe3aea4644a7196631096c2a6742222e1276213fc

SHA512
3ae08911e784e95c45b040756df174b917fb91cfd1a245458be6956b9b8c9b7b60fdcf3bd6be371e78f8378ee7e21c140f4b51e826fe02930edba561d044fe0f

Download Submit
C:\Windows\System\tYPtkub.exe
Filesize
1.6MB

MD5
2d0dfd3d47fadcb4ae94d65f65ca3c2c

SHA1
cf3bd78774284ad1c6547ad0a92437b39fde0725

SHA256
fa6757aeed68fcb037f0b5073a5a90893baddf4966a3884179801d72b91e5477

SHA512
6403c6d42c7510d53ada24616953e4eaf4184984eaa18860ce08950056e0874c84bbfdf36afbb3675c2a4356bd3932a95cd79498562724cf3a978b7c18272677

Download Submit
C:\Windows\System\uHgpvrP.exe
Filesize
1.6MB

MD5
db1e57874d77d602efd1aefa453a5e0a

SHA1
0d92de63163770e730edb470ab7086e848665d91

SHA256
90d14704c792b1f6d30b2683cfe8908202294b94df07618c2bd442baab4feb73

SHA512
533355840353332228d7eeb82ae965a76e06f275f6b6ce4983b46eda9b0fb5408692c557ea0a640396e3e70b55b43a75d1cb2726516b881c0c831d4093a97e4f

Download Submit
C:\Windows\System\ufsdUgP.exe
Filesize
1.6MB

MD5
52f1cf71acf7b172563261bf81222cfb

SHA1
bc9ed9b01c88e1412787cb0a166a7359ff399d5b

SHA256
c808fcf22aed4869c60284daba14c3e96399e6f43187352ca7fb2ca48b75c1a7

SHA512
1c70cc9c5480026b35f2a466be36a60d1440bef5fe01c945540daba55f9e8e0fbdb0d8d537d0e656c04df818a5b27fd5e294bd38ddb04d5f11ea626cadb61770

Download Submit
C:\Windows\System\uvmQoFi.exe
Filesize
1.6MB

MD5
758c4f19c4f1a40edec5a74719e51bfb

SHA1
c577373285fafeae73198aeb99d8e52b2df27032

SHA256
b45206acc6c5f25ff693f147f4bf8d6b610cb0fe916ccea1f46460d5dca212d4

SHA512
3f259714c2a0f1c0126b8baef19977bc666eb9dad059ff4443db38122c4685a8c5a620ad6e57eae2a3f3ebc06a02bbe86121da40fc288b7fa817d87dbc21dd67

Download Submit
C:\Windows\System\vWelabe.exe
Filesize
1.6MB

MD5
025b753a53ccdd1ab0dcf9d5b7483f72

SHA1
5aa9e226eb017c48f33dae1c436b32c47d6b55c1

SHA256
1376fef8afff9fa9b87f9784edc66b029bb51ebc4829a18655acedde5d014093

SHA512
2921831e5f611ccb7638de2e204609fdf68e8d0fd9062519fed78d8c3e26920526913d35e6410baa2741869639dfa8506373b68eaac2ca905ffcf15829c2c02c

Download Submit
C:\Windows\System\xbwVVWR.exe
Filesize
1.6MB

MD5
ed813a0a65ecf71365ecf7ab223566cc

SHA1
3286edf9c085f178f429bc9393f9d753f4ee41e6

SHA256
b05f7e6a73d177be65711e665abc3f29d58c55278eba5a5581d946508bbcd625

SHA512
ddf5dc597731441f5b015577d2e802de9f0b0557c12069169718ddfaf1be7170c577769ee926fbe6afbe06ed17a517aa2f4a3d9184cf5c5e36e75c95e0a739f3

Download Submit
C:\Windows\System\ykBgsJa.exe
Filesize
1.6MB

MD5
ece4b20a736ffa43cb9c36080166bf83

SHA1
8637d61bf7ddbccc449762087565c8db2502c428

SHA256
a805e6650af12451a68967897d43b173409a996f4e59603992cfd59eca77eb68

SHA512
f08d8c9215c2f9a078a854c5bf095fc7ec302f1bcd3345310cbf020091ba92b770ab532169e51a305aafb627b2a1123ec7edb18de518f24eebd1609018fff474

Download Submit
C:\Windows\System\zGaOiJv.exe
Filesize
1.6MB

MD5
0e2dbf91fcbc08a6d8a7ba6264cda7ff

SHA1
cbddb6eaa69aeeee4db063e6b078c36e52cdceb3

SHA256
f524497485df4a34fcec75a610c06f265579126b12182cc1bb5cd58afcd33d44

SHA512
d1a75d43aea4633baafb848b6299498255af89535022ea986d589d07531f5e81d07eb39eb1e9885ee7fa8b71f7059efddda60968c8d18c6f91d94b1469c73aa2

Download Submit
memory/836-2349-0x00007FF742AE0000-0x00007FF742ED2000-memory.dmp

Filesize
3.9MB

Download
memory/836-100-0x00007FF742AE0000-0x00007FF742ED2000-memory.dmp

Filesize
3.9MB

Download
memory/1036-2359-0x00007FF61EA50000-0x00007FF61EE42000-memory.dmp

Filesize
3.9MB

Download
memory/1036-336-0x00007FF61EA50000-0x00007FF61EE42000-memory.dmp

Filesize
3.9MB

Download
memory/1252-2347-0x00007FF686960000-0x00007FF686D52000-memory.dmp

Filesize
3.9MB

Download
memory/1252-108-0x00007FF686960000-0x00007FF686D52000-memory.dmp

Filesize
3.9MB

Download
memory/1272-2324-0x00007FF799220000-0x00007FF799612000-memory.dmp

Filesize
3.9MB

Download
memory/1272-2271-0x00007FF799220000-0x00007FF799612000-memory.dmp

Filesize
3.9MB

Download
memory/1272-9-0x00007FF799220000-0x00007FF799612000-memory.dmp

Filesize
3.9MB

Download
memory/1500-340-0x00007FF6C2D00000-0x00007FF6C30F2000-memory.dmp

Filesize
3.9MB

Download
memory/1500-2361-0x00007FF6C2D00000-0x00007FF6C30F2000-memory.dmp

Filesize
3.9MB

Download
memory/1576-2356-0x00007FF7DA120000-0x00007FF7DA512000-memory.dmp

Filesize
3.9MB

Download
memory/1576-117-0x00007FF7DA120000-0x00007FF7DA512000-memory.dmp

Filesize
3.9MB

Download
memory/1588-72-0x00007FF667160000-0x00007FF667552000-memory.dmp

Filesize
3.9MB

Download
memory/1588-2326-0x00007FF667160000-0x00007FF667552000-memory.dmp

Filesize
3.9MB

Download
memory/1672-2364-0x00007FF7589B0000-0x00007FF758DA2000-memory.dmp

Filesize
3.9MB

Download
memory/1672-338-0x00007FF7589B0000-0x00007FF758DA2000-memory.dmp

Filesize
3.9MB

Download
memory/1732-2328-0x00007FF781800000-0x00007FF781BF2000-memory.dmp

Filesize
3.9MB

Download
memory/1732-30-0x00007FF781800000-0x00007FF781BF2000-memory.dmp

Filesize
3.9MB

Download
memory/1732-2273-0x00007FF781800000-0x00007FF781BF2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-2275-0x00007FF7F3DB0000-0x00007FF7F41A2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-58-0x00007FF7F3DB0000-0x00007FF7F41A2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-2336-0x00007FF7F3DB0000-0x00007FF7F41A2000-memory.dmp

Filesize
3.9MB

Download
memory/2068-2362-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp

Filesize
3.9MB

Download
memory/2068-339-0x00007FF77BE60000-0x00007FF77C252000-memory.dmp

Filesize
3.9MB

Download
memory/2292-112-0x00007FF7FC8D0000-0x00007FF7FCCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2292-2353-0x00007FF7FC8D0000-0x00007FF7FCCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2400-2330-0x00007FF6311D0000-0x00007FF6315C2000-memory.dmp

Filesize
3.9MB

Download
memory/2400-37-0x00007FF6311D0000-0x00007FF6315C2000-memory.dmp

Filesize
3.9MB

Download
memory/2400-2274-0x00007FF6311D0000-0x00007FF6315C2000-memory.dmp

Filesize
3.9MB

Download
memory/2604-106-0x00007FF6773B0000-0x00007FF6777A2000-memory.dmp

Filesize
3.9MB

Download
memory/2604-2343-0x00007FF6773B0000-0x00007FF6777A2000-memory.dmp

Filesize
3.9MB

Download
memory/2704-2366-0x00007FF72E5D0000-0x00007FF72E9C2000-memory.dmp

Filesize
3.9MB

Download
memory/2704-337-0x00007FF72E5D0000-0x00007FF72E9C2000-memory.dmp

Filesize
3.9MB

Download
memory/2828-2354-0x00007FF70CED0000-0x00007FF70D2C2000-memory.dmp

Filesize
3.9MB

Download
memory/2828-111-0x00007FF70CED0000-0x00007FF70D2C2000-memory.dmp

Filesize
3.9MB

Download
memory/2840-11-0x0000022BE8A90000-0x0000022BE8AA0000-memory.dmp

Filesize
64KB

Download
memory/2840-2272-0x00007FFA96F40000-0x00007FFA97A01000-memory.dmp

Filesize
10.8MB

Download
memory/2840-2316-0x00007FFA96F40000-0x00007FFA97A01000-memory.dmp

Filesize
10.8MB

Download
memory/2840-23-0x00007FFA96F40000-0x00007FFA97A01000-memory.dmp

Filesize
10.8MB

Download
memory/2840-57-0x0000022BEB360000-0x0000022BEB382000-memory.dmp

Filesize
136KB

Download
memory/2840-2281-0x00007FFA96F43000-0x00007FFA96F45000-memory.dmp

Filesize
8KB

Download
memory/2840-12-0x00007FFA96F43000-0x00007FFA96F45000-memory.dmp

Filesize
8KB

Download
memory/2840-335-0x0000022BEBF30000-0x0000022BEC6D6000-memory.dmp

Filesize
7.6MB

Download
memory/2840-2270-0x0000022BE8A90000-0x0000022BE8AA0000-memory.dmp

Filesize
64KB

Download
memory/2924-2344-0x00007FF654320000-0x00007FF654712000-memory.dmp

Filesize
3.9MB

Download
memory/2924-116-0x00007FF654320000-0x00007FF654712000-memory.dmp

Filesize
3.9MB

Download
memory/3060-73-0x00007FF7EF010000-0x00007FF7EF402000-memory.dmp

Filesize
3.9MB

Download
memory/3060-2334-0x00007FF7EF010000-0x00007FF7EF402000-memory.dmp

Filesize
3.9MB

Download
memory/3156-341-0x00007FF628650000-0x00007FF628A42000-memory.dmp

Filesize
3.9MB

Download
memory/3156-2370-0x00007FF628650000-0x00007FF628A42000-memory.dmp

Filesize
3.9MB

Download
memory/3660-99-0x00007FF653E80000-0x00007FF654272000-memory.dmp

Filesize
3.9MB

Download
memory/3660-2351-0x00007FF653E80000-0x00007FF654272000-memory.dmp

Filesize
3.9MB

Download
memory/3872-342-0x00007FF7A6370000-0x00007FF7A6762000-memory.dmp

Filesize
3.9MB

Download
memory/3872-2368-0x00007FF7A6370000-0x00007FF7A6762000-memory.dmp

Filesize
3.9MB

Download
memory/4360-2341-0x00007FF63B110000-0x00007FF63B502000-memory.dmp

Filesize
3.9MB

Download
memory/4360-115-0x00007FF63B110000-0x00007FF63B502000-memory.dmp

Filesize
3.9MB

Download
memory/4456-0-0x00007FF76CAD0000-0x00007FF76CEC2000-memory.dmp

Filesize
3.9MB

Download
memory/4456-1-0x00000240A1BA0000-0x00000240A1BB0000-memory.dmp

Filesize
64KB

Download
memory/4488-2333-0x00007FF7B47B0000-0x00007FF7B4BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4488-81-0x00007FF7B47B0000-0x00007FF7B4BA2000-memory.dmp

Filesize
3.9MB

Download
memory/5112-2338-0x00007FF78E500000-0x00007FF78E8F2000-memory.dmp

Filesize
3.9MB

Download
memory/5112-91-0x00007FF78E500000-0x00007FF78E8F2000-memory.dmp

Filesize
3.9MB

Download