xmrig | 20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab

Analysis

max time kernel
150s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
Size

3.2MB
MD5

0c3f22b0592dad9939e47d3b211571b0
SHA1

44708c87831e605c6be032e9db5b62d1934f1fb2
SHA256

20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab
SHA512

790ef079a845757618fd48da55e0824ded3026e4160680bcbc662ff5e400b3c73712b8c9a8d58cc72e56db554752eae88f8b2b02ace8cc8ce059e1cb9e9670c8
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWB:7bBeSFkd

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4720-0-0x00007FF6A9260000-0x00007FF6A9656000-memory.dmp	xmrig
behavioral2/files/0x000700000002336e-5.dat	xmrig
behavioral2/files/0x0007000000023529-7.dat	xmrig
behavioral2/files/0x0007000000023528-10.dat	xmrig
behavioral2/files/0x000700000002352b-24.dat	xmrig
behavioral2/files/0x000700000002352a-22.dat	xmrig
behavioral2/memory/1220-13-0x00007FF60F610000-0x00007FF60FA06000-memory.dmp	xmrig
behavioral2/files/0x000700000002352d-54.dat	xmrig
behavioral2/memory/1444-64-0x00007FF62B370000-0x00007FF62B766000-memory.dmp	xmrig
behavioral2/files/0x0007000000023535-71.dat	xmrig
behavioral2/files/0x0007000000023533-85.dat	xmrig
behavioral2/files/0x0007000000023538-99.dat	xmrig
behavioral2/files/0x0008000000023531-106.dat	xmrig
behavioral2/files/0x000700000002353e-136.dat	xmrig
behavioral2/memory/4680-148-0x00007FF6A4200000-0x00007FF6A45F6000-memory.dmp	xmrig
behavioral2/memory/4464-154-0x00007FF7CC370000-0x00007FF7CC766000-memory.dmp	xmrig
behavioral2/memory/4752-157-0x00007FF6BB7E0000-0x00007FF6BBBD6000-memory.dmp	xmrig
behavioral2/memory/1324-161-0x00007FF6D5350000-0x00007FF6D5746000-memory.dmp	xmrig
behavioral2/memory/4048-164-0x00007FF7A1760000-0x00007FF7A1B56000-memory.dmp	xmrig
behavioral2/memory/3152-163-0x00007FF62C7A0000-0x00007FF62CB96000-memory.dmp	xmrig
behavioral2/memory/916-162-0x00007FF683190000-0x00007FF683586000-memory.dmp	xmrig
behavioral2/memory/4432-160-0x00007FF71EDB0000-0x00007FF71F1A6000-memory.dmp	xmrig
behavioral2/memory/744-159-0x00007FF6BB560000-0x00007FF6BB956000-memory.dmp	xmrig
behavioral2/memory/3872-156-0x00007FF784FE0000-0x00007FF7853D6000-memory.dmp	xmrig
behavioral2/memory/2964-155-0x00007FF6CA930000-0x00007FF6CAD26000-memory.dmp	xmrig
behavioral2/memory/4236-153-0x00007FF6C03D0000-0x00007FF6C07C6000-memory.dmp	xmrig
behavioral2/memory/688-152-0x00007FF6ECB30000-0x00007FF6ECF26000-memory.dmp	xmrig
behavioral2/files/0x0007000000023540-170.dat	xmrig
behavioral2/files/0x000700000002354a-204.dat	xmrig
behavioral2/files/0x0007000000023549-203.dat	xmrig
behavioral2/files/0x0007000000023548-202.dat	xmrig
behavioral2/files/0x0007000000023547-201.dat	xmrig
behavioral2/files/0x0007000000023546-200.dat	xmrig
behavioral2/files/0x0007000000023545-199.dat	xmrig
behavioral2/files/0x0007000000023544-198.dat	xmrig
behavioral2/files/0x0007000000023543-197.dat	xmrig
behavioral2/files/0x0007000000023542-177.dat	xmrig
behavioral2/files/0x000700000002353f-176.dat	xmrig
behavioral2/files/0x0007000000023541-175.dat	xmrig
behavioral2/memory/2244-149-0x00007FF7873C0000-0x00007FF7877B6000-memory.dmp	xmrig
behavioral2/files/0x000700000002353d-146.dat	xmrig
behavioral2/files/0x000700000002353c-144.dat	xmrig
behavioral2/files/0x000700000002353b-142.dat	xmrig
behavioral2/files/0x000700000002353a-140.dat	xmrig
behavioral2/files/0x0007000000023539-138.dat	xmrig
behavioral2/memory/2656-137-0x00007FF6434F0000-0x00007FF6438E6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023532-134.dat	xmrig
behavioral2/memory/4620-133-0x00007FF6FCC40000-0x00007FF6FD036000-memory.dmp	xmrig
behavioral2/files/0x0009000000023521-124.dat	xmrig
behavioral2/memory/3612-121-0x00007FF6A94F0000-0x00007FF6A98E6000-memory.dmp	xmrig
behavioral2/memory/2248-97-0x00007FF75CF50000-0x00007FF75D346000-memory.dmp	xmrig
behavioral2/files/0x0007000000023537-94.dat	xmrig
behavioral2/memory/396-91-0x00007FF600D10000-0x00007FF601106000-memory.dmp	xmrig
behavioral2/files/0x0007000000023536-89.dat	xmrig
behavioral2/files/0x0007000000023534-87.dat	xmrig
behavioral2/memory/4788-84-0x00007FF69B780000-0x00007FF69BB76000-memory.dmp	xmrig
behavioral2/files/0x000700000002352f-81.dat	xmrig
behavioral2/files/0x0007000000023530-74.dat	xmrig
behavioral2/files/0x000700000002352e-62.dat	xmrig
behavioral2/memory/2380-53-0x00007FF78F1E0000-0x00007FF78F5D6000-memory.dmp	xmrig
behavioral2/memory/1340-39-0x00007FF6323B0000-0x00007FF6327A6000-memory.dmp	xmrig
behavioral2/files/0x000700000002352c-36.dat	xmrig
behavioral2/memory/1220-2147-0x00007FF60F610000-0x00007FF60FA06000-memory.dmp	xmrig
behavioral2/memory/2380-2151-0x00007FF78F1E0000-0x00007FF78F5D6000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
4	4880	powershell.exe
8	4880	powershell.exe
15	4880	powershell.exe
16	4880	powershell.exe
18	4880	powershell.exe
20	4880	powershell.exe
21	4880	powershell.exe
22	4880	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4880	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1220	WZxxlzh.exe
1340	sMxLUUK.exe
2380	mTdKECx.exe
744	TQAKwge.exe
1444	IDmBLWW.exe
4788	lIFmFlP.exe
396	vcXzfuV.exe
4432	ULBVACb.exe
1324	TyimXBW.exe
2248	KZHyIKa.exe
3612	VkPUvwy.exe
4620	urjnjgR.exe
916	DKgaiug.exe
2656	uNxjbQD.exe
4680	ForRtEk.exe
3152	UmULvEo.exe
2244	mXozQMq.exe
688	bLjIfKl.exe
4236	upOLQeC.exe
4048	hUtgQEU.exe
4464	BuleyHo.exe
2964	PWZpRcT.exe
3872	yUcVILd.exe
4752	ShTWypx.exe
4060	iTXdlar.exe
4056	pTWurYV.exe
1500	pjCDmYK.exe
4384	ONizzhJ.exe
3952	wxGEoGr.exe
3960	RpWSLJi.exe
4028	AMxQxCD.exe
3620	KEwerax.exe
3244	abWhRdD.exe
4796	IGWSoti.exe
2772	aWONkHb.exe
2352	OvAtxXD.exe
2140	NjHIeTU.exe
4356	PoWgdBS.exe
964	oiKXBVo.exe
2188	DGrchXF.exe
2016	cywZQXG.exe
4196	IWLvqJv.exe
3968	AgWMPRH.exe
2932	QmcNOwj.exe
4272	oNVrIMY.exe
4584	qEPqjZE.exe
3460	eedGfFv.exe
4512	XqoNZGn.exe
1600	VtOLExG.exe
3400	nfXodwZ.exe
852	XAnckAw.exe
2276	FgDHVmJ.exe
2532	pSQrTKa.exe
4544	hmrPwJt.exe
2280	vMhItjf.exe
3752	BpkGFur.exe
4188	KbBdZiA.exe
4652	ouiEicY.exe
1200	ZKZFrWF.exe
4348	bYjVMzU.exe
4868	ZpQdFYy.exe
4372	tmegDyv.exe
2360	BCRCWAM.exe
768	YkSiXWv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4720-0-0x00007FF6A9260000-0x00007FF6A9656000-memory.dmp	upx
behavioral2/files/0x000700000002336e-5.dat	upx
behavioral2/files/0x0007000000023529-7.dat	upx
behavioral2/files/0x0007000000023528-10.dat	upx
behavioral2/files/0x000700000002352b-24.dat	upx
behavioral2/files/0x000700000002352a-22.dat	upx
behavioral2/memory/1220-13-0x00007FF60F610000-0x00007FF60FA06000-memory.dmp	upx
behavioral2/files/0x000700000002352d-54.dat	upx
behavioral2/memory/1444-64-0x00007FF62B370000-0x00007FF62B766000-memory.dmp	upx
behavioral2/files/0x0007000000023535-71.dat	upx
behavioral2/files/0x0007000000023533-85.dat	upx
behavioral2/files/0x0007000000023538-99.dat	upx
behavioral2/files/0x0008000000023531-106.dat	upx
behavioral2/files/0x000700000002353e-136.dat	upx
behavioral2/memory/4680-148-0x00007FF6A4200000-0x00007FF6A45F6000-memory.dmp	upx
behavioral2/memory/4464-154-0x00007FF7CC370000-0x00007FF7CC766000-memory.dmp	upx
behavioral2/memory/4752-157-0x00007FF6BB7E0000-0x00007FF6BBBD6000-memory.dmp	upx
behavioral2/memory/1324-161-0x00007FF6D5350000-0x00007FF6D5746000-memory.dmp	upx
behavioral2/memory/4048-164-0x00007FF7A1760000-0x00007FF7A1B56000-memory.dmp	upx
behavioral2/memory/3152-163-0x00007FF62C7A0000-0x00007FF62CB96000-memory.dmp	upx
behavioral2/memory/916-162-0x00007FF683190000-0x00007FF683586000-memory.dmp	upx
behavioral2/memory/4432-160-0x00007FF71EDB0000-0x00007FF71F1A6000-memory.dmp	upx
behavioral2/memory/744-159-0x00007FF6BB560000-0x00007FF6BB956000-memory.dmp	upx
behavioral2/memory/3872-156-0x00007FF784FE0000-0x00007FF7853D6000-memory.dmp	upx
behavioral2/memory/2964-155-0x00007FF6CA930000-0x00007FF6CAD26000-memory.dmp	upx
behavioral2/memory/4236-153-0x00007FF6C03D0000-0x00007FF6C07C6000-memory.dmp	upx
behavioral2/memory/688-152-0x00007FF6ECB30000-0x00007FF6ECF26000-memory.dmp	upx
behavioral2/files/0x0007000000023540-170.dat	upx
behavioral2/files/0x000700000002354a-204.dat	upx
behavioral2/files/0x0007000000023549-203.dat	upx
behavioral2/files/0x0007000000023548-202.dat	upx
behavioral2/files/0x0007000000023547-201.dat	upx
behavioral2/files/0x0007000000023546-200.dat	upx
behavioral2/files/0x0007000000023545-199.dat	upx
behavioral2/files/0x0007000000023544-198.dat	upx
behavioral2/files/0x0007000000023543-197.dat	upx
behavioral2/files/0x0007000000023542-177.dat	upx
behavioral2/files/0x000700000002353f-176.dat	upx
behavioral2/files/0x0007000000023541-175.dat	upx
behavioral2/memory/2244-149-0x00007FF7873C0000-0x00007FF7877B6000-memory.dmp	upx
behavioral2/files/0x000700000002353d-146.dat	upx
behavioral2/files/0x000700000002353c-144.dat	upx
behavioral2/files/0x000700000002353b-142.dat	upx
behavioral2/files/0x000700000002353a-140.dat	upx
behavioral2/files/0x0007000000023539-138.dat	upx
behavioral2/memory/2656-137-0x00007FF6434F0000-0x00007FF6438E6000-memory.dmp	upx
behavioral2/files/0x0008000000023532-134.dat	upx
behavioral2/memory/4620-133-0x00007FF6FCC40000-0x00007FF6FD036000-memory.dmp	upx
behavioral2/files/0x0009000000023521-124.dat	upx
behavioral2/memory/3612-121-0x00007FF6A94F0000-0x00007FF6A98E6000-memory.dmp	upx
behavioral2/memory/2248-97-0x00007FF75CF50000-0x00007FF75D346000-memory.dmp	upx
behavioral2/files/0x0007000000023537-94.dat	upx
behavioral2/memory/396-91-0x00007FF600D10000-0x00007FF601106000-memory.dmp	upx
behavioral2/files/0x0007000000023536-89.dat	upx
behavioral2/files/0x0007000000023534-87.dat	upx
behavioral2/memory/4788-84-0x00007FF69B780000-0x00007FF69BB76000-memory.dmp	upx
behavioral2/files/0x000700000002352f-81.dat	upx
behavioral2/files/0x0007000000023530-74.dat	upx
behavioral2/files/0x000700000002352e-62.dat	upx
behavioral2/memory/2380-53-0x00007FF78F1E0000-0x00007FF78F5D6000-memory.dmp	upx
behavioral2/memory/1340-39-0x00007FF6323B0000-0x00007FF6327A6000-memory.dmp	upx
behavioral2/files/0x000700000002352c-36.dat	upx
behavioral2/memory/1220-2147-0x00007FF60F610000-0x00007FF60FA06000-memory.dmp	upx
behavioral2/memory/2380-2151-0x00007FF78F1E0000-0x00007FF78F5D6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\prUSLqF.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\dMyExha.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\NxAqXdj.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\BlGmThY.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\AxXXHts.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\ouiEicY.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\oIhhJpS.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\aAdUUiK.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\VECqgnP.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\LUwwbTf.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\bmKFGhp.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\SPjVMXX.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\kshTOKT.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\OynGkoi.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\laBRMTX.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\QZkmwTl.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\OPqtlSZ.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\fdvbmEJ.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\oLOgWjf.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\PewRAZo.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\qnVVqYx.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\BCrBayM.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\FtSrYuB.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\VmUZMwZ.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\RYYzGZL.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\spXxccj.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\QDBgLBz.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\vJmQAXN.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\GApXTRr.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\Ezsswwv.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\fnOGisr.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\hDTLhTc.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\cwOWUir.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\XDgJETz.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\doustYm.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\ARYwWet.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\ffjCjdw.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\khftLZt.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\XpJdVbF.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\nhhPSKg.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\QtoMNfa.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\SxDeJXx.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\Dhszkrt.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\YEQCxyi.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\BphMXSf.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\CmYGpjQ.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\OIpHtHA.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\CJhvwBo.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\ZZvOJyr.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\DMDUKha.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\dpNcscd.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\wNidAmk.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\fbMPZXt.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\zGtIIxu.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\UDewhHi.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\ZvgTHKC.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\NzNTaNx.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\teRsHXz.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\gpaqIDr.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\FVRFKPh.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\qTiWRUe.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\pFawnoR.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\SSYManl.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
File created	C:\Windows\System\BVZtTZU.exe	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4880	powershell.exe
4880	powershell.exe
4880	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
Token: SeDebugPrivilege	4880	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 4880	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	85
PID 4720 wrote to memory of 4880	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	85
PID 4720 wrote to memory of 1220	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	86
PID 4720 wrote to memory of 1220	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	86
PID 4720 wrote to memory of 1340	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	87
PID 4720 wrote to memory of 1340	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	87
PID 4720 wrote to memory of 2380	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	88
PID 4720 wrote to memory of 2380	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	88
PID 4720 wrote to memory of 744	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	89
PID 4720 wrote to memory of 744	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	89
PID 4720 wrote to memory of 1444	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	90
PID 4720 wrote to memory of 1444	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	90
PID 4720 wrote to memory of 4788	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	91
PID 4720 wrote to memory of 4788	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	91
PID 4720 wrote to memory of 396	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	92
PID 4720 wrote to memory of 396	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	92
PID 4720 wrote to memory of 4432	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	93
PID 4720 wrote to memory of 4432	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	93
PID 4720 wrote to memory of 1324	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	94
PID 4720 wrote to memory of 1324	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	94
PID 4720 wrote to memory of 2248	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	95
PID 4720 wrote to memory of 2248	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	95
PID 4720 wrote to memory of 3612	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	96
PID 4720 wrote to memory of 3612	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	96
PID 4720 wrote to memory of 4620	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	97
PID 4720 wrote to memory of 4620	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	97
PID 4720 wrote to memory of 916	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	98
PID 4720 wrote to memory of 916	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	98
PID 4720 wrote to memory of 2656	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	99
PID 4720 wrote to memory of 2656	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	99
PID 4720 wrote to memory of 4680	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	100
PID 4720 wrote to memory of 4680	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	100
PID 4720 wrote to memory of 3152	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	101
PID 4720 wrote to memory of 3152	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	101
PID 4720 wrote to memory of 2244	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	102
PID 4720 wrote to memory of 2244	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	102
PID 4720 wrote to memory of 688	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	103
PID 4720 wrote to memory of 688	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	103
PID 4720 wrote to memory of 4236	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	104
PID 4720 wrote to memory of 4236	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	104
PID 4720 wrote to memory of 4048	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	105
PID 4720 wrote to memory of 4048	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	105
PID 4720 wrote to memory of 4464	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	106
PID 4720 wrote to memory of 4464	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	106
PID 4720 wrote to memory of 2964	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	107
PID 4720 wrote to memory of 2964	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	107
PID 4720 wrote to memory of 3872	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	108
PID 4720 wrote to memory of 3872	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	108
PID 4720 wrote to memory of 4752	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	109
PID 4720 wrote to memory of 4752	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	109
PID 4720 wrote to memory of 4060	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	110
PID 4720 wrote to memory of 4060	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	110
PID 4720 wrote to memory of 4056	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	111
PID 4720 wrote to memory of 4056	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	111
PID 4720 wrote to memory of 1500	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	112
PID 4720 wrote to memory of 1500	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	112
PID 4720 wrote to memory of 4384	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	113
PID 4720 wrote to memory of 4384	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	113
PID 4720 wrote to memory of 3952	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	114
PID 4720 wrote to memory of 3952	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	114
PID 4720 wrote to memory of 3960	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	115
PID 4720 wrote to memory of 3960	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	115
PID 4720 wrote to memory of 4028	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	116
PID 4720 wrote to memory of 4028	4720	20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20288bc83f84b6c2744ba242f487010f9b99bf4b9f7d7bdc1062b4bd6a29abab_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4880
- C:\Windows\System\WZxxlzh.exe
  C:\Windows\System\WZxxlzh.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\sMxLUUK.exe
  C:\Windows\System\sMxLUUK.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\mTdKECx.exe
  C:\Windows\System\mTdKECx.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\TQAKwge.exe
  C:\Windows\System\TQAKwge.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\IDmBLWW.exe
  C:\Windows\System\IDmBLWW.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\lIFmFlP.exe
  C:\Windows\System\lIFmFlP.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\vcXzfuV.exe
  C:\Windows\System\vcXzfuV.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\ULBVACb.exe
  C:\Windows\System\ULBVACb.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\TyimXBW.exe
  C:\Windows\System\TyimXBW.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\KZHyIKa.exe
  C:\Windows\System\KZHyIKa.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\VkPUvwy.exe
  C:\Windows\System\VkPUvwy.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\urjnjgR.exe
  C:\Windows\System\urjnjgR.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\DKgaiug.exe
  C:\Windows\System\DKgaiug.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\uNxjbQD.exe
  C:\Windows\System\uNxjbQD.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\ForRtEk.exe
  C:\Windows\System\ForRtEk.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\UmULvEo.exe
  C:\Windows\System\UmULvEo.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\mXozQMq.exe
  C:\Windows\System\mXozQMq.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\bLjIfKl.exe
  C:\Windows\System\bLjIfKl.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\upOLQeC.exe
  C:\Windows\System\upOLQeC.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\hUtgQEU.exe
  C:\Windows\System\hUtgQEU.exe
  2⤵
  - Executes dropped EXE
  PID:4048
- C:\Windows\System\BuleyHo.exe
  C:\Windows\System\BuleyHo.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\PWZpRcT.exe
  C:\Windows\System\PWZpRcT.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\yUcVILd.exe
  C:\Windows\System\yUcVILd.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\ShTWypx.exe
  C:\Windows\System\ShTWypx.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\iTXdlar.exe
  C:\Windows\System\iTXdlar.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\pTWurYV.exe
  C:\Windows\System\pTWurYV.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\pjCDmYK.exe
  C:\Windows\System\pjCDmYK.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ONizzhJ.exe
  C:\Windows\System\ONizzhJ.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\wxGEoGr.exe
  C:\Windows\System\wxGEoGr.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\RpWSLJi.exe
  C:\Windows\System\RpWSLJi.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\AMxQxCD.exe
  C:\Windows\System\AMxQxCD.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\KEwerax.exe
  C:\Windows\System\KEwerax.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\abWhRdD.exe
  C:\Windows\System\abWhRdD.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\IGWSoti.exe
  C:\Windows\System\IGWSoti.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\aWONkHb.exe
  C:\Windows\System\aWONkHb.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\OvAtxXD.exe
  C:\Windows\System\OvAtxXD.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\NjHIeTU.exe
  C:\Windows\System\NjHIeTU.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\PoWgdBS.exe
  C:\Windows\System\PoWgdBS.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\oiKXBVo.exe
  C:\Windows\System\oiKXBVo.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\DGrchXF.exe
  C:\Windows\System\DGrchXF.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\cywZQXG.exe
  C:\Windows\System\cywZQXG.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\IWLvqJv.exe
  C:\Windows\System\IWLvqJv.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\AgWMPRH.exe
  C:\Windows\System\AgWMPRH.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\QmcNOwj.exe
  C:\Windows\System\QmcNOwj.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\oNVrIMY.exe
  C:\Windows\System\oNVrIMY.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\qEPqjZE.exe
  C:\Windows\System\qEPqjZE.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\eedGfFv.exe
  C:\Windows\System\eedGfFv.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\XqoNZGn.exe
  C:\Windows\System\XqoNZGn.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\VtOLExG.exe
  C:\Windows\System\VtOLExG.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\nfXodwZ.exe
  C:\Windows\System\nfXodwZ.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\XAnckAw.exe
  C:\Windows\System\XAnckAw.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\FgDHVmJ.exe
  C:\Windows\System\FgDHVmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\pSQrTKa.exe
  C:\Windows\System\pSQrTKa.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\hmrPwJt.exe
  C:\Windows\System\hmrPwJt.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\vMhItjf.exe
  C:\Windows\System\vMhItjf.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\BpkGFur.exe
  C:\Windows\System\BpkGFur.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\KbBdZiA.exe
  C:\Windows\System\KbBdZiA.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\ouiEicY.exe
  C:\Windows\System\ouiEicY.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\ZKZFrWF.exe
  C:\Windows\System\ZKZFrWF.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\bYjVMzU.exe
  C:\Windows\System\bYjVMzU.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\ZpQdFYy.exe
  C:\Windows\System\ZpQdFYy.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\tmegDyv.exe
  C:\Windows\System\tmegDyv.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\BCRCWAM.exe
  C:\Windows\System\BCRCWAM.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\YkSiXWv.exe
  C:\Windows\System\YkSiXWv.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\CNGixlb.exe
  C:\Windows\System\CNGixlb.exe
  2⤵
  PID:2884
- C:\Windows\System\MZecxYO.exe
  C:\Windows\System\MZecxYO.exe
  2⤵
  PID:4940
- C:\Windows\System\iDCyKVR.exe
  C:\Windows\System\iDCyKVR.exe
  2⤵
  PID:4928
- C:\Windows\System\auvxRGW.exe
  C:\Windows\System\auvxRGW.exe
  2⤵
  PID:4644
- C:\Windows\System\sPVEvBJ.exe
  C:\Windows\System\sPVEvBJ.exe
  2⤵
  PID:1116
- C:\Windows\System\bMicMVQ.exe
  C:\Windows\System\bMicMVQ.exe
  2⤵
  PID:3976
- C:\Windows\System\VfDAiEw.exe
  C:\Windows\System\VfDAiEw.exe
  2⤵
  PID:3744
- C:\Windows\System\AHOAjIa.exe
  C:\Windows\System\AHOAjIa.exe
  2⤵
  PID:3352
- C:\Windows\System\UTiHjXN.exe
  C:\Windows\System\UTiHjXN.exe
  2⤵
  PID:3360
- C:\Windows\System\ulCjAfR.exe
  C:\Windows\System\ulCjAfR.exe
  2⤵
  PID:1508
- C:\Windows\System\ZFZGcqw.exe
  C:\Windows\System\ZFZGcqw.exe
  2⤵
  PID:4884
- C:\Windows\System\iNbDYQa.exe
  C:\Windows\System\iNbDYQa.exe
  2⤵
  PID:4676
- C:\Windows\System\iTrCYHJ.exe
  C:\Windows\System\iTrCYHJ.exe
  2⤵
  PID:1908
- C:\Windows\System\URWUxjF.exe
  C:\Windows\System\URWUxjF.exe
  2⤵
  PID:2800
- C:\Windows\System\THFnqEm.exe
  C:\Windows\System\THFnqEm.exe
  2⤵
  PID:2184
- C:\Windows\System\OwkCzjH.exe
  C:\Windows\System\OwkCzjH.exe
  2⤵
  PID:4024
- C:\Windows\System\IFZWNwf.exe
  C:\Windows\System\IFZWNwf.exe
  2⤵
  PID:3492
- C:\Windows\System\IWIobsn.exe
  C:\Windows\System\IWIobsn.exe
  2⤵
  PID:3908
- C:\Windows\System\dNjpoVV.exe
  C:\Windows\System\dNjpoVV.exe
  2⤵
  PID:4424
- C:\Windows\System\ddrOEuh.exe
  C:\Windows\System\ddrOEuh.exe
  2⤵
  PID:4212
- C:\Windows\System\BkZjQzh.exe
  C:\Windows\System\BkZjQzh.exe
  2⤵
  PID:1408
- C:\Windows\System\bTrRlqj.exe
  C:\Windows\System\bTrRlqj.exe
  2⤵
  PID:944
- C:\Windows\System\DNhpsYk.exe
  C:\Windows\System\DNhpsYk.exe
  2⤵
  PID:4400
- C:\Windows\System\LGPUsUB.exe
  C:\Windows\System\LGPUsUB.exe
  2⤵
  PID:516
- C:\Windows\System\CexSjiu.exe
  C:\Windows\System\CexSjiu.exe
  2⤵
  PID:4224
- C:\Windows\System\nGEDzhK.exe
  C:\Windows\System\nGEDzhK.exe
  2⤵
  PID:1984
- C:\Windows\System\XKvtPam.exe
  C:\Windows\System\XKvtPam.exe
  2⤵
  PID:860
- C:\Windows\System\qZfSyXK.exe
  C:\Windows\System\qZfSyXK.exe
  2⤵
  PID:5148
- C:\Windows\System\gcPyFZV.exe
  C:\Windows\System\gcPyFZV.exe
  2⤵
  PID:5188
- C:\Windows\System\OjkWTvE.exe
  C:\Windows\System\OjkWTvE.exe
  2⤵
  PID:5228
- C:\Windows\System\YYzNjvQ.exe
  C:\Windows\System\YYzNjvQ.exe
  2⤵
  PID:5268
- C:\Windows\System\MLuPdnU.exe
  C:\Windows\System\MLuPdnU.exe
  2⤵
  PID:5304
- C:\Windows\System\MHxlRZl.exe
  C:\Windows\System\MHxlRZl.exe
  2⤵
  PID:5352
- C:\Windows\System\kccLtQz.exe
  C:\Windows\System\kccLtQz.exe
  2⤵
  PID:5372
- C:\Windows\System\vnLdDgU.exe
  C:\Windows\System\vnLdDgU.exe
  2⤵
  PID:5404
- C:\Windows\System\YubGaan.exe
  C:\Windows\System\YubGaan.exe
  2⤵
  PID:5432
- C:\Windows\System\PzoRBSH.exe
  C:\Windows\System\PzoRBSH.exe
  2⤵
  PID:5460
- C:\Windows\System\osKsjjI.exe
  C:\Windows\System\osKsjjI.exe
  2⤵
  PID:5504
- C:\Windows\System\rXKwhmU.exe
  C:\Windows\System\rXKwhmU.exe
  2⤵
  PID:5560
- C:\Windows\System\fbMPZXt.exe
  C:\Windows\System\fbMPZXt.exe
  2⤵
  PID:5580
- C:\Windows\System\hiRUSNY.exe
  C:\Windows\System\hiRUSNY.exe
  2⤵
  PID:5612
- C:\Windows\System\imbSYnA.exe
  C:\Windows\System\imbSYnA.exe
  2⤵
  PID:5628
- C:\Windows\System\eZdlXfE.exe
  C:\Windows\System\eZdlXfE.exe
  2⤵
  PID:5676
- C:\Windows\System\ZeIhMjq.exe
  C:\Windows\System\ZeIhMjq.exe
  2⤵
  PID:5704
- C:\Windows\System\jzfiury.exe
  C:\Windows\System\jzfiury.exe
  2⤵
  PID:5744
- C:\Windows\System\dGVALHs.exe
  C:\Windows\System\dGVALHs.exe
  2⤵
  PID:5784
- C:\Windows\System\iJWjjes.exe
  C:\Windows\System\iJWjjes.exe
  2⤵
  PID:5800
- C:\Windows\System\TkiCTtA.exe
  C:\Windows\System\TkiCTtA.exe
  2⤵
  PID:5864
- C:\Windows\System\qCyNwWL.exe
  C:\Windows\System\qCyNwWL.exe
  2⤵
  PID:5896
- C:\Windows\System\vnocKIo.exe
  C:\Windows\System\vnocKIo.exe
  2⤵
  PID:5928
- C:\Windows\System\mAYtAKs.exe
  C:\Windows\System\mAYtAKs.exe
  2⤵
  PID:5964
- C:\Windows\System\giFtVVy.exe
  C:\Windows\System\giFtVVy.exe
  2⤵
  PID:5980
- C:\Windows\System\jzaOkud.exe
  C:\Windows\System\jzaOkud.exe
  2⤵
  PID:6004
- C:\Windows\System\MmUWvdW.exe
  C:\Windows\System\MmUWvdW.exe
  2⤵
  PID:6044
- C:\Windows\System\SPjVMXX.exe
  C:\Windows\System\SPjVMXX.exe
  2⤵
  PID:6080
- C:\Windows\System\agYgsgU.exe
  C:\Windows\System\agYgsgU.exe
  2⤵
  PID:6108
- C:\Windows\System\GlkHsaS.exe
  C:\Windows\System\GlkHsaS.exe
  2⤵
  PID:6124
- C:\Windows\System\MtPXZpU.exe
  C:\Windows\System\MtPXZpU.exe
  2⤵
  PID:6140
- C:\Windows\System\tJRtDEk.exe
  C:\Windows\System\tJRtDEk.exe
  2⤵
  PID:5144
- C:\Windows\System\fWwREpn.exe
  C:\Windows\System\fWwREpn.exe
  2⤵
  PID:5220
- C:\Windows\System\RhCHeKe.exe
  C:\Windows\System\RhCHeKe.exe
  2⤵
  PID:5300
- C:\Windows\System\PXlxpYX.exe
  C:\Windows\System\PXlxpYX.exe
  2⤵
  PID:5400
- C:\Windows\System\HWOignh.exe
  C:\Windows\System\HWOignh.exe
  2⤵
  PID:5392
- C:\Windows\System\jmeJInF.exe
  C:\Windows\System\jmeJInF.exe
  2⤵
  PID:5552
- C:\Windows\System\TRIhgJR.exe
  C:\Windows\System\TRIhgJR.exe
  2⤵
  PID:5592
- C:\Windows\System\EsUwfkR.exe
  C:\Windows\System\EsUwfkR.exe
  2⤵
  PID:5624
- C:\Windows\System\OtqqWMn.exe
  C:\Windows\System\OtqqWMn.exe
  2⤵
  PID:5292
- C:\Windows\System\rSFMuHm.exe
  C:\Windows\System\rSFMuHm.exe
  2⤵
  PID:5820
- C:\Windows\System\MnALMQj.exe
  C:\Windows\System\MnALMQj.exe
  2⤵
  PID:5956
- C:\Windows\System\yMezWZS.exe
  C:\Windows\System\yMezWZS.exe
  2⤵
  PID:6020
- C:\Windows\System\pywmUca.exe
  C:\Windows\System\pywmUca.exe
  2⤵
  PID:6076
- C:\Windows\System\YtDizuz.exe
  C:\Windows\System\YtDizuz.exe
  2⤵
  PID:6136
- C:\Windows\System\VJpOukd.exe
  C:\Windows\System\VJpOukd.exe
  2⤵
  PID:5276
- C:\Windows\System\KgsIpha.exe
  C:\Windows\System\KgsIpha.exe
  2⤵
  PID:5420
- C:\Windows\System\FsGAHhY.exe
  C:\Windows\System\FsGAHhY.exe
  2⤵
  PID:5576
- C:\Windows\System\knQUImj.exe
  C:\Windows\System\knQUImj.exe
  2⤵
  PID:5480
- C:\Windows\System\kDdtvJg.exe
  C:\Windows\System\kDdtvJg.exe
  2⤵
  PID:5940
- C:\Windows\System\LJQuelv.exe
  C:\Windows\System\LJQuelv.exe
  2⤵
  PID:6104
- C:\Windows\System\JigHymr.exe
  C:\Windows\System\JigHymr.exe
  2⤵
  PID:5364
- C:\Windows\System\MiXYDeA.exe
  C:\Windows\System\MiXYDeA.exe
  2⤵
  PID:5288
- C:\Windows\System\HScoZSE.exe
  C:\Windows\System\HScoZSE.exe
  2⤵
  PID:5332
- C:\Windows\System\suIHIzT.exe
  C:\Windows\System\suIHIzT.exe
  2⤵
  PID:6060
- C:\Windows\System\AjZKxdv.exe
  C:\Windows\System\AjZKxdv.exe
  2⤵
  PID:6152
- C:\Windows\System\OwYCvfr.exe
  C:\Windows\System\OwYCvfr.exe
  2⤵
  PID:6184
- C:\Windows\System\FLOoDMb.exe
  C:\Windows\System\FLOoDMb.exe
  2⤵
  PID:6200
- C:\Windows\System\EULHrDk.exe
  C:\Windows\System\EULHrDk.exe
  2⤵
  PID:6240
- C:\Windows\System\KLADADq.exe
  C:\Windows\System\KLADADq.exe
  2⤵
  PID:6264
- C:\Windows\System\oCXqHVM.exe
  C:\Windows\System\oCXqHVM.exe
  2⤵
  PID:6304
- C:\Windows\System\zGtIIxu.exe
  C:\Windows\System\zGtIIxu.exe
  2⤵
  PID:6320
- C:\Windows\System\sXfgQqB.exe
  C:\Windows\System\sXfgQqB.exe
  2⤵
  PID:6364
- C:\Windows\System\wNFruQF.exe
  C:\Windows\System\wNFruQF.exe
  2⤵
  PID:6384
- C:\Windows\System\OVyrbAb.exe
  C:\Windows\System\OVyrbAb.exe
  2⤵
  PID:6424
- C:\Windows\System\LpwwPBd.exe
  C:\Windows\System\LpwwPBd.exe
  2⤵
  PID:6448
- C:\Windows\System\cRwMukS.exe
  C:\Windows\System\cRwMukS.exe
  2⤵
  PID:6480
- C:\Windows\System\QczUMLE.exe
  C:\Windows\System\QczUMLE.exe
  2⤵
  PID:6504
- C:\Windows\System\VZgDsba.exe
  C:\Windows\System\VZgDsba.exe
  2⤵
  PID:6536
- C:\Windows\System\zcnHXzM.exe
  C:\Windows\System\zcnHXzM.exe
  2⤵
  PID:6564
- C:\Windows\System\vBeLTab.exe
  C:\Windows\System\vBeLTab.exe
  2⤵
  PID:6592
- C:\Windows\System\qDgNHyT.exe
  C:\Windows\System\qDgNHyT.exe
  2⤵
  PID:6620
- C:\Windows\System\XaYopBT.exe
  C:\Windows\System\XaYopBT.exe
  2⤵
  PID:6648
- C:\Windows\System\wKItEyQ.exe
  C:\Windows\System\wKItEyQ.exe
  2⤵
  PID:6676
- C:\Windows\System\qIFiJbS.exe
  C:\Windows\System\qIFiJbS.exe
  2⤵
  PID:6692
- C:\Windows\System\nZtHBiN.exe
  C:\Windows\System\nZtHBiN.exe
  2⤵
  PID:6736
- C:\Windows\System\XmZpVcH.exe
  C:\Windows\System\XmZpVcH.exe
  2⤵
  PID:6752
- C:\Windows\System\naZEDEh.exe
  C:\Windows\System\naZEDEh.exe
  2⤵
  PID:6792
- C:\Windows\System\vQYlkmU.exe
  C:\Windows\System\vQYlkmU.exe
  2⤵
  PID:6824
- C:\Windows\System\LIVAkmT.exe
  C:\Windows\System\LIVAkmT.exe
  2⤵
  PID:6868
- C:\Windows\System\TObrakV.exe
  C:\Windows\System\TObrakV.exe
  2⤵
  PID:6896
- C:\Windows\System\dLdhGXC.exe
  C:\Windows\System\dLdhGXC.exe
  2⤵
  PID:6924
- C:\Windows\System\ANEvqss.exe
  C:\Windows\System\ANEvqss.exe
  2⤵
  PID:6968
- C:\Windows\System\DkoWXye.exe
  C:\Windows\System\DkoWXye.exe
  2⤵
  PID:6996
- C:\Windows\System\qBAOPtQ.exe
  C:\Windows\System\qBAOPtQ.exe
  2⤵
  PID:7016
- C:\Windows\System\DlUycCl.exe
  C:\Windows\System\DlUycCl.exe
  2⤵
  PID:7072
- C:\Windows\System\bhxbLpN.exe
  C:\Windows\System\bhxbLpN.exe
  2⤵
  PID:7124
- C:\Windows\System\McCCOcb.exe
  C:\Windows\System\McCCOcb.exe
  2⤵
  PID:6224
- C:\Windows\System\LUwwbTf.exe
  C:\Windows\System\LUwwbTf.exe
  2⤵
  PID:6332
- C:\Windows\System\UOVYWzn.exe
  C:\Windows\System\UOVYWzn.exe
  2⤵
  PID:6404
- C:\Windows\System\wgnzazD.exe
  C:\Windows\System\wgnzazD.exe
  2⤵
  PID:6460
- C:\Windows\System\VYvLllk.exe
  C:\Windows\System\VYvLllk.exe
  2⤵
  PID:6556
- C:\Windows\System\OFANUrE.exe
  C:\Windows\System\OFANUrE.exe
  2⤵
  PID:6632
- C:\Windows\System\bLRKfYb.exe
  C:\Windows\System\bLRKfYb.exe
  2⤵
  PID:6704
- C:\Windows\System\LdEBhru.exe
  C:\Windows\System\LdEBhru.exe
  2⤵
  PID:6744
- C:\Windows\System\sOQJVea.exe
  C:\Windows\System\sOQJVea.exe
  2⤵
  PID:6816
- C:\Windows\System\YpYTPpW.exe
  C:\Windows\System\YpYTPpW.exe
  2⤵
  PID:6940
- C:\Windows\System\EDjZJgY.exe
  C:\Windows\System\EDjZJgY.exe
  2⤵
  PID:7056
- C:\Windows\System\iHCfZDj.exe
  C:\Windows\System\iHCfZDj.exe
  2⤵
  PID:6192
- C:\Windows\System\PudTgcy.exe
  C:\Windows\System\PudTgcy.exe
  2⤵
  PID:6440
- C:\Windows\System\aMmnBoC.exe
  C:\Windows\System\aMmnBoC.exe
  2⤵
  PID:2148
- C:\Windows\System\srVySxs.exe
  C:\Windows\System\srVySxs.exe
  2⤵
  PID:6748
- C:\Windows\System\CeegyFJ.exe
  C:\Windows\System\CeegyFJ.exe
  2⤵
  PID:6888
- C:\Windows\System\SeDWzEf.exe
  C:\Windows\System\SeDWzEf.exe
  2⤵
  PID:6316
- C:\Windows\System\VRlmJDa.exe
  C:\Windows\System\VRlmJDa.exe
  2⤵
  PID:6728
- C:\Windows\System\LpSZakP.exe
  C:\Windows\System\LpSZakP.exe
  2⤵
  PID:7148
- C:\Windows\System\CQPQAjo.exe
  C:\Windows\System\CQPQAjo.exe
  2⤵
  PID:6920
- C:\Windows\System\mDYWtsg.exe
  C:\Windows\System\mDYWtsg.exe
  2⤵
  PID:7188
- C:\Windows\System\XuElQBO.exe
  C:\Windows\System\XuElQBO.exe
  2⤵
  PID:7220
- C:\Windows\System\IgRflPk.exe
  C:\Windows\System\IgRflPk.exe
  2⤵
  PID:7244
- C:\Windows\System\pGzUrMd.exe
  C:\Windows\System\pGzUrMd.exe
  2⤵
  PID:7276
- C:\Windows\System\gyoSjUm.exe
  C:\Windows\System\gyoSjUm.exe
  2⤵
  PID:7300
- C:\Windows\System\aJETLzY.exe
  C:\Windows\System\aJETLzY.exe
  2⤵
  PID:7336
- C:\Windows\System\mZAcbLB.exe
  C:\Windows\System\mZAcbLB.exe
  2⤵
  PID:7364
- C:\Windows\System\DetuPBR.exe
  C:\Windows\System\DetuPBR.exe
  2⤵
  PID:7388
- C:\Windows\System\RhWltrh.exe
  C:\Windows\System\RhWltrh.exe
  2⤵
  PID:7424
- C:\Windows\System\IhvmVOr.exe
  C:\Windows\System\IhvmVOr.exe
  2⤵
  PID:7444
- C:\Windows\System\TBRTUnp.exe
  C:\Windows\System\TBRTUnp.exe
  2⤵
  PID:7476
- C:\Windows\System\cmpKeGp.exe
  C:\Windows\System\cmpKeGp.exe
  2⤵
  PID:7508
- C:\Windows\System\ygDXbBK.exe
  C:\Windows\System\ygDXbBK.exe
  2⤵
  PID:7536
- C:\Windows\System\YnaUlmg.exe
  C:\Windows\System\YnaUlmg.exe
  2⤵
  PID:7560
- C:\Windows\System\IGXMwJU.exe
  C:\Windows\System\IGXMwJU.exe
  2⤵
  PID:7596
- C:\Windows\System\niRWJud.exe
  C:\Windows\System\niRWJud.exe
  2⤵
  PID:7616
- C:\Windows\System\iVBmzlw.exe
  C:\Windows\System\iVBmzlw.exe
  2⤵
  PID:7644
- C:\Windows\System\UNDbHeU.exe
  C:\Windows\System\UNDbHeU.exe
  2⤵
  PID:7672
- C:\Windows\System\FfHgdTZ.exe
  C:\Windows\System\FfHgdTZ.exe
  2⤵
  PID:7700
- C:\Windows\System\pfysjgn.exe
  C:\Windows\System\pfysjgn.exe
  2⤵
  PID:7728
- C:\Windows\System\BePFemB.exe
  C:\Windows\System\BePFemB.exe
  2⤵
  PID:7756
- C:\Windows\System\oGbtYHg.exe
  C:\Windows\System\oGbtYHg.exe
  2⤵
  PID:7784
- C:\Windows\System\qseCXyI.exe
  C:\Windows\System\qseCXyI.exe
  2⤵
  PID:7812
- C:\Windows\System\gJCDEXJ.exe
  C:\Windows\System\gJCDEXJ.exe
  2⤵
  PID:7840
- C:\Windows\System\ihZEQOp.exe
  C:\Windows\System\ihZEQOp.exe
  2⤵
  PID:7868
- C:\Windows\System\OSBzoVV.exe
  C:\Windows\System\OSBzoVV.exe
  2⤵
  PID:7896
- C:\Windows\System\vOarFYS.exe
  C:\Windows\System\vOarFYS.exe
  2⤵
  PID:7924
- C:\Windows\System\ZcsnaaM.exe
  C:\Windows\System\ZcsnaaM.exe
  2⤵
  PID:7960
- C:\Windows\System\VeBJpUQ.exe
  C:\Windows\System\VeBJpUQ.exe
  2⤵
  PID:7988
- C:\Windows\System\Qurhkec.exe
  C:\Windows\System\Qurhkec.exe
  2⤵
  PID:8008
- C:\Windows\System\gbZFdaf.exe
  C:\Windows\System\gbZFdaf.exe
  2⤵
  PID:8036
- C:\Windows\System\kFFCuqU.exe
  C:\Windows\System\kFFCuqU.exe
  2⤵
  PID:8076
- C:\Windows\System\JwpIMph.exe
  C:\Windows\System\JwpIMph.exe
  2⤵
  PID:8104
- C:\Windows\System\dQeTmtX.exe
  C:\Windows\System\dQeTmtX.exe
  2⤵
  PID:8156
- C:\Windows\System\iHGZTaf.exe
  C:\Windows\System\iHGZTaf.exe
  2⤵
  PID:8184
- C:\Windows\System\LheDhhy.exe
  C:\Windows\System\LheDhhy.exe
  2⤵
  PID:7212
- C:\Windows\System\vxgkfac.exe
  C:\Windows\System\vxgkfac.exe
  2⤵
  PID:7284
- C:\Windows\System\BvDvKdQ.exe
  C:\Windows\System\BvDvKdQ.exe
  2⤵
  PID:7352
- C:\Windows\System\WrIICck.exe
  C:\Windows\System\WrIICck.exe
  2⤵
  PID:7412
- C:\Windows\System\VkuLQwx.exe
  C:\Windows\System\VkuLQwx.exe
  2⤵
  PID:7496
- C:\Windows\System\BURzFQI.exe
  C:\Windows\System\BURzFQI.exe
  2⤵
  PID:7572
- C:\Windows\System\UcaxnaP.exe
  C:\Windows\System\UcaxnaP.exe
  2⤵
  PID:7640
- C:\Windows\System\CDQcSoW.exe
  C:\Windows\System\CDQcSoW.exe
  2⤵
  PID:7712
- C:\Windows\System\SqGyGKY.exe
  C:\Windows\System\SqGyGKY.exe
  2⤵
  PID:7780
- C:\Windows\System\WKwbYSU.exe
  C:\Windows\System\WKwbYSU.exe
  2⤵
  PID:7832
- C:\Windows\System\ooOgxMF.exe
  C:\Windows\System\ooOgxMF.exe
  2⤵
  PID:7908
- C:\Windows\System\wkwKRVz.exe
  C:\Windows\System\wkwKRVz.exe
  2⤵
  PID:7972
- C:\Windows\System\heYVbsk.exe
  C:\Windows\System\heYVbsk.exe
  2⤵
  PID:8032
- C:\Windows\System\OIpHtHA.exe
  C:\Windows\System\OIpHtHA.exe
  2⤵
  PID:8144
- C:\Windows\System\RVkKUyZ.exe
  C:\Windows\System\RVkKUyZ.exe
  2⤵
  PID:7240
- C:\Windows\System\GWQzhtp.exe
  C:\Windows\System\GWQzhtp.exe
  2⤵
  PID:7400
- C:\Windows\System\RFRTShD.exe
  C:\Windows\System\RFRTShD.exe
  2⤵
  PID:7556
- C:\Windows\System\yrgcvBa.exe
  C:\Windows\System\yrgcvBa.exe
  2⤵
  PID:7740
- C:\Windows\System\ysDehAF.exe
  C:\Windows\System\ysDehAF.exe
  2⤵
  PID:7864
- C:\Windows\System\WAhPBzb.exe
  C:\Windows\System\WAhPBzb.exe
  2⤵
  PID:8028
- C:\Windows\System\alVLZGr.exe
  C:\Windows\System\alVLZGr.exe
  2⤵
  PID:7344
- C:\Windows\System\jHOajsa.exe
  C:\Windows\System\jHOajsa.exe
  2⤵
  PID:7696
- C:\Windows\System\UHqAQRc.exe
  C:\Windows\System\UHqAQRc.exe
  2⤵
  PID:8020
- C:\Windows\System\bVENgfW.exe
  C:\Windows\System\bVENgfW.exe
  2⤵
  PID:7828
- C:\Windows\System\EeEYKrk.exe
  C:\Windows\System\EeEYKrk.exe
  2⤵
  PID:8200
- C:\Windows\System\UiMGFRt.exe
  C:\Windows\System\UiMGFRt.exe
  2⤵
  PID:8228
- C:\Windows\System\gazJXdz.exe
  C:\Windows\System\gazJXdz.exe
  2⤵
  PID:8256
- C:\Windows\System\JJlmhFu.exe
  C:\Windows\System\JJlmhFu.exe
  2⤵
  PID:8284
- C:\Windows\System\wOLeArK.exe
  C:\Windows\System\wOLeArK.exe
  2⤵
  PID:8316
- C:\Windows\System\wIlzZir.exe
  C:\Windows\System\wIlzZir.exe
  2⤵
  PID:8344
- C:\Windows\System\dRRmaUz.exe
  C:\Windows\System\dRRmaUz.exe
  2⤵
  PID:8376
- C:\Windows\System\ALsZuwA.exe
  C:\Windows\System\ALsZuwA.exe
  2⤵
  PID:8400
- C:\Windows\System\mqHsqkq.exe
  C:\Windows\System\mqHsqkq.exe
  2⤵
  PID:8428
- C:\Windows\System\ZfGncwi.exe
  C:\Windows\System\ZfGncwi.exe
  2⤵
  PID:8456
- C:\Windows\System\NBVzhup.exe
  C:\Windows\System\NBVzhup.exe
  2⤵
  PID:8484
- C:\Windows\System\CNGewOQ.exe
  C:\Windows\System\CNGewOQ.exe
  2⤵
  PID:8516
- C:\Windows\System\xTjTKID.exe
  C:\Windows\System\xTjTKID.exe
  2⤵
  PID:8544
- C:\Windows\System\teRsHXz.exe
  C:\Windows\System\teRsHXz.exe
  2⤵
  PID:8572
- C:\Windows\System\wUrwsno.exe
  C:\Windows\System\wUrwsno.exe
  2⤵
  PID:8600
- C:\Windows\System\cYJIaLn.exe
  C:\Windows\System\cYJIaLn.exe
  2⤵
  PID:8628
- C:\Windows\System\SkOhCqt.exe
  C:\Windows\System\SkOhCqt.exe
  2⤵
  PID:8656
- C:\Windows\System\fnFnyiw.exe
  C:\Windows\System\fnFnyiw.exe
  2⤵
  PID:8684
- C:\Windows\System\zGLAOkq.exe
  C:\Windows\System\zGLAOkq.exe
  2⤵
  PID:8712
- C:\Windows\System\BrUfpbX.exe
  C:\Windows\System\BrUfpbX.exe
  2⤵
  PID:8740
- C:\Windows\System\fwxHbki.exe
  C:\Windows\System\fwxHbki.exe
  2⤵
  PID:8768
- C:\Windows\System\jppDZmr.exe
  C:\Windows\System\jppDZmr.exe
  2⤵
  PID:8796
- C:\Windows\System\jaTkETf.exe
  C:\Windows\System\jaTkETf.exe
  2⤵
  PID:8824
- C:\Windows\System\kZLGwjJ.exe
  C:\Windows\System\kZLGwjJ.exe
  2⤵
  PID:8852
- C:\Windows\System\IiicOjj.exe
  C:\Windows\System\IiicOjj.exe
  2⤵
  PID:8880
- C:\Windows\System\QpwmPSQ.exe
  C:\Windows\System\QpwmPSQ.exe
  2⤵
  PID:8908
- C:\Windows\System\uHaRESu.exe
  C:\Windows\System\uHaRESu.exe
  2⤵
  PID:8936
- C:\Windows\System\jOwbLDB.exe
  C:\Windows\System\jOwbLDB.exe
  2⤵
  PID:8964
- C:\Windows\System\kwjkdAH.exe
  C:\Windows\System\kwjkdAH.exe
  2⤵
  PID:9004
- C:\Windows\System\RqWWbza.exe
  C:\Windows\System\RqWWbza.exe
  2⤵
  PID:9020
- C:\Windows\System\ZZvOJyr.exe
  C:\Windows\System\ZZvOJyr.exe
  2⤵
  PID:9056
- C:\Windows\System\IAsoyzw.exe
  C:\Windows\System\IAsoyzw.exe
  2⤵
  PID:9076
- C:\Windows\System\uqaXvNY.exe
  C:\Windows\System\uqaXvNY.exe
  2⤵
  PID:9104
- C:\Windows\System\bzyFzXL.exe
  C:\Windows\System\bzyFzXL.exe
  2⤵
  PID:9140
- C:\Windows\System\NaEqChQ.exe
  C:\Windows\System\NaEqChQ.exe
  2⤵
  PID:9168
- C:\Windows\System\YXSFrcc.exe
  C:\Windows\System\YXSFrcc.exe
  2⤵
  PID:9196
- C:\Windows\System\oigPasK.exe
  C:\Windows\System\oigPasK.exe
  2⤵
  PID:8224
- C:\Windows\System\PTUuxyi.exe
  C:\Windows\System\PTUuxyi.exe
  2⤵
  PID:8328
- C:\Windows\System\vtDxJHu.exe
  C:\Windows\System\vtDxJHu.exe
  2⤵
  PID:8420
- C:\Windows\System\bBOECrA.exe
  C:\Windows\System\bBOECrA.exe
  2⤵
  PID:8496
- C:\Windows\System\fYjtzJX.exe
  C:\Windows\System\fYjtzJX.exe
  2⤵
  PID:8540
- C:\Windows\System\ntovSbn.exe
  C:\Windows\System\ntovSbn.exe
  2⤵
  PID:8596
- C:\Windows\System\FBmoKnH.exe
  C:\Windows\System\FBmoKnH.exe
  2⤵
  PID:8668
- C:\Windows\System\SIjKcOw.exe
  C:\Windows\System\SIjKcOw.exe
  2⤵
  PID:8724
- C:\Windows\System\jgiNRGR.exe
  C:\Windows\System\jgiNRGR.exe
  2⤵
  PID:8788
- C:\Windows\System\RlYJnJa.exe
  C:\Windows\System\RlYJnJa.exe
  2⤵
  PID:8848
- C:\Windows\System\ZOQtMLD.exe
  C:\Windows\System\ZOQtMLD.exe
  2⤵
  PID:8920
- C:\Windows\System\xLfPIFc.exe
  C:\Windows\System\xLfPIFc.exe
  2⤵
  PID:8984
- C:\Windows\System\cdnsWgN.exe
  C:\Windows\System\cdnsWgN.exe
  2⤵
  PID:9044
- C:\Windows\System\GPurAJv.exe
  C:\Windows\System\GPurAJv.exe
  2⤵
  PID:9116
- C:\Windows\System\qrKLCni.exe
  C:\Windows\System\qrKLCni.exe
  2⤵
  PID:9128
- C:\Windows\System\HMDTRfQ.exe
  C:\Windows\System\HMDTRfQ.exe
  2⤵
  PID:8280
- C:\Windows\System\XVzksjZ.exe
  C:\Windows\System\XVzksjZ.exe
  2⤵
  PID:8452
- C:\Windows\System\vGldljt.exe
  C:\Windows\System\vGldljt.exe
  2⤵
  PID:8584
- C:\Windows\System\QToviuF.exe
  C:\Windows\System\QToviuF.exe
  2⤵
  PID:8708
- C:\Windows\System\GSViSQH.exe
  C:\Windows\System\GSViSQH.exe
  2⤵
  PID:8876
- C:\Windows\System\yrjhkgW.exe
  C:\Windows\System\yrjhkgW.exe
  2⤵
  PID:9032
- C:\Windows\System\fVUPLkU.exe
  C:\Windows\System\fVUPLkU.exe
  2⤵
  PID:9132
- C:\Windows\System\pcjeftt.exe
  C:\Windows\System\pcjeftt.exe
  2⤵
  PID:8508
- C:\Windows\System\zQXgaed.exe
  C:\Windows\System\zQXgaed.exe
  2⤵
  PID:8844
- C:\Windows\System\fDLFArk.exe
  C:\Windows\System\fDLFArk.exe
  2⤵
  PID:9164
- C:\Windows\System\JhJDSLz.exe
  C:\Windows\System\JhJDSLz.exe
  2⤵
  PID:8976
- C:\Windows\System\BCaGAIZ.exe
  C:\Windows\System\BCaGAIZ.exe
  2⤵
  PID:8704
- C:\Windows\System\TDIAJYF.exe
  C:\Windows\System\TDIAJYF.exe
  2⤵
  PID:9244
- C:\Windows\System\oSCcbdR.exe
  C:\Windows\System\oSCcbdR.exe
  2⤵
  PID:9272
- C:\Windows\System\hdNxoCe.exe
  C:\Windows\System\hdNxoCe.exe
  2⤵
  PID:9300
- C:\Windows\System\UHMFtak.exe
  C:\Windows\System\UHMFtak.exe
  2⤵
  PID:9328
- C:\Windows\System\uMQAqai.exe
  C:\Windows\System\uMQAqai.exe
  2⤵
  PID:9356
- C:\Windows\System\qgduLmw.exe
  C:\Windows\System\qgduLmw.exe
  2⤵
  PID:9392
- C:\Windows\System\jhRuwSK.exe
  C:\Windows\System\jhRuwSK.exe
  2⤵
  PID:9420
- C:\Windows\System\avSshEW.exe
  C:\Windows\System\avSshEW.exe
  2⤵
  PID:9448
- C:\Windows\System\IrhZLEA.exe
  C:\Windows\System\IrhZLEA.exe
  2⤵
  PID:9476
- C:\Windows\System\bQeUPgB.exe
  C:\Windows\System\bQeUPgB.exe
  2⤵
  PID:9504
- C:\Windows\System\mnHwZpI.exe
  C:\Windows\System\mnHwZpI.exe
  2⤵
  PID:9532
- C:\Windows\System\iIlheQG.exe
  C:\Windows\System\iIlheQG.exe
  2⤵
  PID:9560
- C:\Windows\System\KkxgaSN.exe
  C:\Windows\System\KkxgaSN.exe
  2⤵
  PID:9588
- C:\Windows\System\PKESpeC.exe
  C:\Windows\System\PKESpeC.exe
  2⤵
  PID:9616
- C:\Windows\System\TOHhFBV.exe
  C:\Windows\System\TOHhFBV.exe
  2⤵
  PID:9644
- C:\Windows\System\XlztYxz.exe
  C:\Windows\System\XlztYxz.exe
  2⤵
  PID:9668
- C:\Windows\System\CEWGcds.exe
  C:\Windows\System\CEWGcds.exe
  2⤵
  PID:9700
- C:\Windows\System\YdnEaGf.exe
  C:\Windows\System\YdnEaGf.exe
  2⤵
  PID:9728
- C:\Windows\System\XJnHWQk.exe
  C:\Windows\System\XJnHWQk.exe
  2⤵
  PID:9756
- C:\Windows\System\UPCxDxD.exe
  C:\Windows\System\UPCxDxD.exe
  2⤵
  PID:9784
- C:\Windows\System\ifZTMJY.exe
  C:\Windows\System\ifZTMJY.exe
  2⤵
  PID:9812
- C:\Windows\System\kTjZDFL.exe
  C:\Windows\System\kTjZDFL.exe
  2⤵
  PID:9840
- C:\Windows\System\SYeNGJy.exe
  C:\Windows\System\SYeNGJy.exe
  2⤵
  PID:9876
- C:\Windows\System\cNfwOCM.exe
  C:\Windows\System\cNfwOCM.exe
  2⤵
  PID:9896
- C:\Windows\System\MjCmbSh.exe
  C:\Windows\System\MjCmbSh.exe
  2⤵
  PID:9936
- C:\Windows\System\fzFbfOM.exe
  C:\Windows\System\fzFbfOM.exe
  2⤵
  PID:9960
- C:\Windows\System\jLanKxt.exe
  C:\Windows\System\jLanKxt.exe
  2⤵
  PID:9980
- C:\Windows\System\WRMGHun.exe
  C:\Windows\System\WRMGHun.exe
  2⤵
  PID:10012
- C:\Windows\System\wrRMFZI.exe
  C:\Windows\System\wrRMFZI.exe
  2⤵
  PID:10040
- C:\Windows\System\atpOmlu.exe
  C:\Windows\System\atpOmlu.exe
  2⤵
  PID:10068
- C:\Windows\System\KEEhJbL.exe
  C:\Windows\System\KEEhJbL.exe
  2⤵
  PID:10096
- C:\Windows\System\QzCqTVX.exe
  C:\Windows\System\QzCqTVX.exe
  2⤵
  PID:10132
- C:\Windows\System\XDIbXdv.exe
  C:\Windows\System\XDIbXdv.exe
  2⤵
  PID:10160
- C:\Windows\System\XaoadSi.exe
  C:\Windows\System\XaoadSi.exe
  2⤵
  PID:10188
- C:\Windows\System\fjfkTDN.exe
  C:\Windows\System\fjfkTDN.exe
  2⤵
  PID:10216
- C:\Windows\System\cQfeDoZ.exe
  C:\Windows\System\cQfeDoZ.exe
  2⤵
  PID:9228
- C:\Windows\System\PpvwKhU.exe
  C:\Windows\System\PpvwKhU.exe
  2⤵
  PID:9296
- C:\Windows\System\OFFGZlB.exe
  C:\Windows\System\OFFGZlB.exe
  2⤵
  PID:9348
- C:\Windows\System\ibBGmST.exe
  C:\Windows\System\ibBGmST.exe
  2⤵
  PID:9432
- C:\Windows\System\okhmJNy.exe
  C:\Windows\System\okhmJNy.exe
  2⤵
  PID:9496
- C:\Windows\System\oLslNLi.exe
  C:\Windows\System\oLslNLi.exe
  2⤵
  PID:9556
- C:\Windows\System\FeMCSVR.exe
  C:\Windows\System\FeMCSVR.exe
  2⤵
  PID:9628
- C:\Windows\System\hgYCWMt.exe
  C:\Windows\System\hgYCWMt.exe
  2⤵
  PID:9692
- C:\Windows\System\SnbHpZO.exe
  C:\Windows\System\SnbHpZO.exe
  2⤵
  PID:9752
- C:\Windows\System\CJiUbIX.exe
  C:\Windows\System\CJiUbIX.exe
  2⤵
  PID:9824
- C:\Windows\System\aVsNZPi.exe
  C:\Windows\System\aVsNZPi.exe
  2⤵
  PID:9888
- C:\Windows\System\xmpRUQY.exe
  C:\Windows\System\xmpRUQY.exe
  2⤵
  PID:9944
- C:\Windows\System\xeygHAh.exe
  C:\Windows\System\xeygHAh.exe
  2⤵
  PID:10004
- C:\Windows\System\aHHEFxt.exe
  C:\Windows\System\aHHEFxt.exe
  2⤵
  PID:10092
- C:\Windows\System\ZHEPnXo.exe
  C:\Windows\System\ZHEPnXo.exe
  2⤵
  PID:10144
- C:\Windows\System\mGQfZlA.exe
  C:\Windows\System\mGQfZlA.exe
  2⤵
  PID:10208
- C:\Windows\System\BkMeRhQ.exe
  C:\Windows\System\BkMeRhQ.exe
  2⤵
  PID:9284
- C:\Windows\System\uzGFeGU.exe
  C:\Windows\System\uzGFeGU.exe
  2⤵
  PID:9460
- C:\Windows\System\DQZVwVG.exe
  C:\Windows\System\DQZVwVG.exe
  2⤵
  PID:9608
- C:\Windows\System\qQnUrxW.exe
  C:\Windows\System\qQnUrxW.exe
  2⤵
  PID:9748
- C:\Windows\System\BwRHtqv.exe
  C:\Windows\System\BwRHtqv.exe
  2⤵
  PID:9852
- C:\Windows\System\mGJCqvY.exe
  C:\Windows\System\mGJCqvY.exe
  2⤵
  PID:10008
- C:\Windows\System\SksTrIz.exe
  C:\Windows\System\SksTrIz.exe
  2⤵
  PID:5072
- C:\Windows\System\MTsFsNw.exe
  C:\Windows\System\MTsFsNw.exe
  2⤵
  PID:3368
- C:\Windows\System\aoxNXJU.exe
  C:\Windows\System\aoxNXJU.exe
  2⤵
  PID:8088
- C:\Windows\System\HqYxgXR.exe
  C:\Windows\System\HqYxgXR.exe
  2⤵
  PID:10088
- C:\Windows\System\NKmcWKw.exe
  C:\Windows\System\NKmcWKw.exe
  2⤵
  PID:10184
- C:\Windows\System\MgGRQEA.exe
  C:\Windows\System\MgGRQEA.exe
  2⤵
  PID:9416
- C:\Windows\System\lbaWYrM.exe
  C:\Windows\System\lbaWYrM.exe
  2⤵
  PID:9808
- C:\Windows\System\UOXqAXT.exe
  C:\Windows\System\UOXqAXT.exe
  2⤵
  PID:4460
- C:\Windows\System\knITlIz.exe
  C:\Windows\System\knITlIz.exe
  2⤵
  PID:928
- C:\Windows\System\uOTUkgY.exe
  C:\Windows\System\uOTUkgY.exe
  2⤵
  PID:464
- C:\Windows\System\FhKoJac.exe
  C:\Windows\System\FhKoJac.exe
  2⤵
  PID:9860
- C:\Windows\System\uijdfoJ.exe
  C:\Windows\System\uijdfoJ.exe
  2⤵
  PID:1988
- C:\Windows\System\ayhsKgb.exe
  C:\Windows\System\ayhsKgb.exe
  2⤵
  PID:9992
- C:\Windows\System\fLzDDaR.exe
  C:\Windows\System\fLzDDaR.exe
  2⤵
  PID:1224
- C:\Windows\System\fEcVNtg.exe
  C:\Windows\System\fEcVNtg.exe
  2⤵
  PID:10260
- C:\Windows\System\KowvrLc.exe
  C:\Windows\System\KowvrLc.exe
  2⤵
  PID:10288
- C:\Windows\System\zGhXcQy.exe
  C:\Windows\System\zGhXcQy.exe
  2⤵
  PID:10316
- C:\Windows\System\vVagtax.exe
  C:\Windows\System\vVagtax.exe
  2⤵
  PID:10344
- C:\Windows\System\LtfxuVM.exe
  C:\Windows\System\LtfxuVM.exe
  2⤵
  PID:10372
- C:\Windows\System\RuQqeSZ.exe
  C:\Windows\System\RuQqeSZ.exe
  2⤵
  PID:10400
- C:\Windows\System\vdPTGSc.exe
  C:\Windows\System\vdPTGSc.exe
  2⤵
  PID:10428
- C:\Windows\System\SMHspab.exe
  C:\Windows\System\SMHspab.exe
  2⤵
  PID:10456
- C:\Windows\System\FdIdxvh.exe
  C:\Windows\System\FdIdxvh.exe
  2⤵
  PID:10484
- C:\Windows\System\GAOykiG.exe
  C:\Windows\System\GAOykiG.exe
  2⤵
  PID:10512
- C:\Windows\System\gwwukXQ.exe
  C:\Windows\System\gwwukXQ.exe
  2⤵
  PID:10540
- C:\Windows\System\eGCLQSu.exe
  C:\Windows\System\eGCLQSu.exe
  2⤵
  PID:10568
- C:\Windows\System\Bfvziwl.exe
  C:\Windows\System\Bfvziwl.exe
  2⤵
  PID:10600
- C:\Windows\System\mhypspD.exe
  C:\Windows\System\mhypspD.exe
  2⤵
  PID:10628
- C:\Windows\System\tfExiAV.exe
  C:\Windows\System\tfExiAV.exe
  2⤵
  PID:10656
- C:\Windows\System\hxhlKTB.exe
  C:\Windows\System\hxhlKTB.exe
  2⤵
  PID:10684
- C:\Windows\System\awsQqgT.exe
  C:\Windows\System\awsQqgT.exe
  2⤵
  PID:10712
- C:\Windows\System\llWmEvB.exe
  C:\Windows\System\llWmEvB.exe
  2⤵
  PID:10740
- C:\Windows\System\hTkfhms.exe
  C:\Windows\System\hTkfhms.exe
  2⤵
  PID:10768
- C:\Windows\System\RIMDhyk.exe
  C:\Windows\System\RIMDhyk.exe
  2⤵
  PID:10796
- C:\Windows\System\HInKpmQ.exe
  C:\Windows\System\HInKpmQ.exe
  2⤵
  PID:10824
- C:\Windows\System\brDRvfx.exe
  C:\Windows\System\brDRvfx.exe
  2⤵
  PID:10860
- C:\Windows\System\lGiypEo.exe
  C:\Windows\System\lGiypEo.exe
  2⤵
  PID:10904
- C:\Windows\System\jDIaqSY.exe
  C:\Windows\System\jDIaqSY.exe
  2⤵
  PID:10948
- C:\Windows\System\VPIsLMh.exe
  C:\Windows\System\VPIsLMh.exe
  2⤵
  PID:10980
- C:\Windows\System\vmuHmJa.exe
  C:\Windows\System\vmuHmJa.exe
  2⤵
  PID:11024
- C:\Windows\System\aZmFHfu.exe
  C:\Windows\System\aZmFHfu.exe
  2⤵
  PID:11040
- C:\Windows\System\IVUmUfY.exe
  C:\Windows\System\IVUmUfY.exe
  2⤵
  PID:11084
- C:\Windows\System\wSBzfZq.exe
  C:\Windows\System\wSBzfZq.exe
  2⤵
  PID:11160
- C:\Windows\System\JyZHCQR.exe
  C:\Windows\System\JyZHCQR.exe
  2⤵
  PID:11176
- C:\Windows\System\UUsKXEj.exe
  C:\Windows\System\UUsKXEj.exe
  2⤵
  PID:11200
- C:\Windows\System\rjIICJX.exe
  C:\Windows\System\rjIICJX.exe
  2⤵
  PID:11240
- C:\Windows\System\fKiPico.exe
  C:\Windows\System\fKiPico.exe
  2⤵
  PID:10252
- C:\Windows\System\fWEnmdM.exe
  C:\Windows\System\fWEnmdM.exe
  2⤵
  PID:10328
- C:\Windows\System\LHuXKup.exe
  C:\Windows\System\LHuXKup.exe
  2⤵
  PID:10392
- C:\Windows\System\XKQwcVw.exe
  C:\Windows\System\XKQwcVw.exe
  2⤵
  PID:10452
- C:\Windows\System\NWacaZS.exe
  C:\Windows\System\NWacaZS.exe
  2⤵
  PID:10524
- C:\Windows\System\wcxKjqn.exe
  C:\Windows\System\wcxKjqn.exe
  2⤵
  PID:10580
- C:\Windows\System\CegSADu.exe
  C:\Windows\System\CegSADu.exe
  2⤵
  PID:10640
- C:\Windows\System\nQQPIWW.exe
  C:\Windows\System\nQQPIWW.exe
  2⤵
  PID:10704
- C:\Windows\System\JVAefHK.exe
  C:\Windows\System\JVAefHK.exe
  2⤵
  PID:10760
- C:\Windows\System\orKXZjX.exe
  C:\Windows\System\orKXZjX.exe
  2⤵
  PID:10836
- C:\Windows\System\pMRUlua.exe
  C:\Windows\System\pMRUlua.exe
  2⤵
  PID:10928
- C:\Windows\System\lsfnTaL.exe
  C:\Windows\System\lsfnTaL.exe
  2⤵
  PID:11020
- C:\Windows\System\pRPwcOy.exe
  C:\Windows\System\pRPwcOy.exe
  2⤵
  PID:10876
- C:\Windows\System\bdVBIRG.exe
  C:\Windows\System\bdVBIRG.exe
  2⤵
  PID:11172
- C:\Windows\System\PgQcbmc.exe
  C:\Windows\System\PgQcbmc.exe
  2⤵
  PID:11220
- C:\Windows\System\KXMlBSL.exe
  C:\Windows\System\KXMlBSL.exe
  2⤵
  PID:10356
- C:\Windows\System\yUFPJUD.exe
  C:\Windows\System\yUFPJUD.exe
  2⤵
  PID:10504
- C:\Windows\System\UDewhHi.exe
  C:\Windows\System\UDewhHi.exe
  2⤵
  PID:10624
- C:\Windows\System\afOUIYm.exe
  C:\Windows\System\afOUIYm.exe
  2⤵
  PID:10792
- C:\Windows\System\rzEABFe.exe
  C:\Windows\System\rzEABFe.exe
  2⤵
  PID:10976
- C:\Windows\System\nxepjsI.exe
  C:\Windows\System\nxepjsI.exe
  2⤵
  PID:3784
- C:\Windows\System\SXqVXXP.exe
  C:\Windows\System\SXqVXXP.exe
  2⤵
  PID:10300
- C:\Windows\System\BlIlHBx.exe
  C:\Windows\System\BlIlHBx.exe
  2⤵
  PID:10620
- C:\Windows\System\PLiBtkC.exe
  C:\Windows\System\PLiBtkC.exe
  2⤵
  PID:10752
- C:\Windows\System\knbDWiR.exe
  C:\Windows\System\knbDWiR.exe
  2⤵
  PID:11068
- C:\Windows\System\OiExnxy.exe
  C:\Windows\System\OiExnxy.exe
  2⤵
  PID:10448
- C:\Windows\System\LQCmwQw.exe
  C:\Windows\System\LQCmwQw.exe
  2⤵
  PID:10896
- C:\Windows\System\FNMCpHR.exe
  C:\Windows\System\FNMCpHR.exe
  2⤵
  PID:1076
- C:\Windows\System\MvfotIF.exe
  C:\Windows\System\MvfotIF.exe
  2⤵
  PID:11272
- C:\Windows\System\aKfJmbJ.exe
  C:\Windows\System\aKfJmbJ.exe
  2⤵
  PID:11308
- C:\Windows\System\jdHTEEd.exe
  C:\Windows\System\jdHTEEd.exe
  2⤵
  PID:11336
- C:\Windows\System\wOfxQzn.exe
  C:\Windows\System\wOfxQzn.exe
  2⤵
  PID:11368
- C:\Windows\System\CHVGWer.exe
  C:\Windows\System\CHVGWer.exe
  2⤵
  PID:11396
- C:\Windows\System\KpdmSVs.exe
  C:\Windows\System\KpdmSVs.exe
  2⤵
  PID:11424
- C:\Windows\System\TqVOXGC.exe
  C:\Windows\System\TqVOXGC.exe
  2⤵
  PID:11452
- C:\Windows\System\myoUBYk.exe
  C:\Windows\System\myoUBYk.exe
  2⤵
  PID:11480
- C:\Windows\System\SiPuVMp.exe
  C:\Windows\System\SiPuVMp.exe
  2⤵
  PID:11508
- C:\Windows\System\TnvTSDf.exe
  C:\Windows\System\TnvTSDf.exe
  2⤵
  PID:11536
- C:\Windows\System\HoMxPpz.exe
  C:\Windows\System\HoMxPpz.exe
  2⤵
  PID:11564
- C:\Windows\System\OyRkZtZ.exe
  C:\Windows\System\OyRkZtZ.exe
  2⤵
  PID:11592
- C:\Windows\System\iboaERk.exe
  C:\Windows\System\iboaERk.exe
  2⤵
  PID:11620
- C:\Windows\System\GVfYMyI.exe
  C:\Windows\System\GVfYMyI.exe
  2⤵
  PID:11648
- C:\Windows\System\YXubatm.exe
  C:\Windows\System\YXubatm.exe
  2⤵
  PID:11676
- C:\Windows\System\JqAyihu.exe
  C:\Windows\System\JqAyihu.exe
  2⤵
  PID:11704
- C:\Windows\System\QVysVez.exe
  C:\Windows\System\QVysVez.exe
  2⤵
  PID:11720
- C:\Windows\System\lHnkBsQ.exe
  C:\Windows\System\lHnkBsQ.exe
  2⤵
  PID:11756
- C:\Windows\System\ZPSXteC.exe
  C:\Windows\System\ZPSXteC.exe
  2⤵
  PID:11788
- C:\Windows\System\WKbLFvU.exe
  C:\Windows\System\WKbLFvU.exe
  2⤵
  PID:11816
- C:\Windows\System\GlsDLYM.exe
  C:\Windows\System\GlsDLYM.exe
  2⤵
  PID:11844
- C:\Windows\System\XRJtdnl.exe
  C:\Windows\System\XRJtdnl.exe
  2⤵
  PID:11872
- C:\Windows\System\KmkNYSu.exe
  C:\Windows\System\KmkNYSu.exe
  2⤵
  PID:11900
- C:\Windows\System\uojLlfR.exe
  C:\Windows\System\uojLlfR.exe
  2⤵
  PID:11928
- C:\Windows\System\JDNCSUe.exe
  C:\Windows\System\JDNCSUe.exe
  2⤵
  PID:11956
- C:\Windows\System\yxJVrTE.exe
  C:\Windows\System\yxJVrTE.exe
  2⤵
  PID:11984
- C:\Windows\System\xvsowdn.exe
  C:\Windows\System\xvsowdn.exe
  2⤵
  PID:12012
- C:\Windows\System\lWfFTXR.exe
  C:\Windows\System\lWfFTXR.exe
  2⤵
  PID:12040
- C:\Windows\System\eGenjMp.exe
  C:\Windows\System\eGenjMp.exe
  2⤵
  PID:12068
- C:\Windows\System\vOOhERZ.exe
  C:\Windows\System\vOOhERZ.exe
  2⤵
  PID:12096
- C:\Windows\System\tzEQHVU.exe
  C:\Windows\System\tzEQHVU.exe
  2⤵
  PID:12124
- C:\Windows\System\reGYdsi.exe
  C:\Windows\System\reGYdsi.exe
  2⤵
  PID:12152
- C:\Windows\System\RQcSnoX.exe
  C:\Windows\System\RQcSnoX.exe
  2⤵
  PID:12180
- C:\Windows\System\xmutTKh.exe
  C:\Windows\System\xmutTKh.exe
  2⤵
  PID:12208
- C:\Windows\System\rPNVYBl.exe
  C:\Windows\System\rPNVYBl.exe
  2⤵
  PID:12236
- C:\Windows\System\NcZnRuo.exe
  C:\Windows\System\NcZnRuo.exe
  2⤵
  PID:12264
- C:\Windows\System\WHcYwUN.exe
  C:\Windows\System\WHcYwUN.exe
  2⤵
  PID:11268
- C:\Windows\System\yJeTbOC.exe
  C:\Windows\System\yJeTbOC.exe
  2⤵
  PID:11332
- C:\Windows\System\nejsvkg.exe
  C:\Windows\System\nejsvkg.exe
  2⤵
  PID:11408
- C:\Windows\System\AGMqLLu.exe
  C:\Windows\System\AGMqLLu.exe
  2⤵
  PID:11472
- C:\Windows\System\MxLuTbe.exe
  C:\Windows\System\MxLuTbe.exe
  2⤵
  PID:11532
- C:\Windows\System\uGUzoeW.exe
  C:\Windows\System\uGUzoeW.exe
  2⤵
  PID:11604
- C:\Windows\System\fTahHFP.exe
  C:\Windows\System\fTahHFP.exe
  2⤵
  PID:11668
- C:\Windows\System\JadukbY.exe
  C:\Windows\System\JadukbY.exe
  2⤵
  PID:11732
- C:\Windows\System\zvzQsiU.exe
  C:\Windows\System\zvzQsiU.exe
  2⤵
  PID:11800
- C:\Windows\System\HxakZch.exe
  C:\Windows\System\HxakZch.exe
  2⤵
  PID:11864
- C:\Windows\System\xUKikmh.exe
  C:\Windows\System\xUKikmh.exe
  2⤵
  PID:11924
- C:\Windows\System\DZlmuDM.exe
  C:\Windows\System\DZlmuDM.exe
  2⤵
  PID:11996
- C:\Windows\System\SDannpQ.exe
  C:\Windows\System\SDannpQ.exe
  2⤵
  PID:12060
- C:\Windows\System\EGhaoWz.exe
  C:\Windows\System\EGhaoWz.exe
  2⤵
  PID:12120
- C:\Windows\System\ZFWplNR.exe
  C:\Windows\System\ZFWplNR.exe
  2⤵
  PID:12192
- C:\Windows\System\zKjoaSA.exe
  C:\Windows\System\zKjoaSA.exe
  2⤵
  PID:12256
- C:\Windows\System\hWKeOld.exe
  C:\Windows\System\hWKeOld.exe
  2⤵
  PID:11328
- C:\Windows\System\zVKvgXJ.exe
  C:\Windows\System\zVKvgXJ.exe
  2⤵
  PID:3216
- C:\Windows\System\URfEthf.exe
  C:\Windows\System\URfEthf.exe
  2⤵
  PID:1960
- C:\Windows\System\iWoKcfm.exe
  C:\Windows\System\iWoKcfm.exe
  2⤵
  PID:11644
- C:\Windows\System\yCAqWVz.exe
  C:\Windows\System\yCAqWVz.exe
  2⤵
  PID:11752
- C:\Windows\System\sSlhbFD.exe
  C:\Windows\System\sSlhbFD.exe
  2⤵
  PID:11920
- C:\Windows\System\xJrXXGS.exe
  C:\Windows\System\xJrXXGS.exe
  2⤵
  PID:12092
- C:\Windows\System\QicypKf.exe
  C:\Windows\System\QicypKf.exe
  2⤵
  PID:12232
- C:\Windows\System\PVnjqKI.exe
  C:\Windows\System\PVnjqKI.exe
  2⤵
  PID:11464
- C:\Windows\System\mHceNpp.exe
  C:\Windows\System\mHceNpp.exe
  2⤵
  PID:11828
- C:\Windows\System\qPgIlMU.exe
  C:\Windows\System\qPgIlMU.exe
  2⤵
  PID:12036
- C:\Windows\System\UMCEkKk.exe
  C:\Windows\System\UMCEkKk.exe
  2⤵
  PID:11444
- C:\Windows\System\jGRxMtq.exe
  C:\Windows\System\jGRxMtq.exe
  2⤵
  PID:12220
- C:\Windows\System\oJGGqSM.exe
  C:\Windows\System\oJGGqSM.exe
  2⤵
  PID:11976
- C:\Windows\System\JBPosLU.exe
  C:\Windows\System\JBPosLU.exe
  2⤵
  PID:12316
- C:\Windows\System\mKFBhMv.exe
  C:\Windows\System\mKFBhMv.exe
  2⤵
  PID:12344
- C:\Windows\System\BxTOVox.exe
  C:\Windows\System\BxTOVox.exe
  2⤵
  PID:12372
- C:\Windows\System\urgLwJg.exe
  C:\Windows\System\urgLwJg.exe
  2⤵
  PID:12400
- C:\Windows\System\FUwBbsE.exe
  C:\Windows\System\FUwBbsE.exe
  2⤵
  PID:12428
- C:\Windows\System\MVSUuns.exe
  C:\Windows\System\MVSUuns.exe
  2⤵
  PID:12464
- C:\Windows\System\eMxJcen.exe
  C:\Windows\System\eMxJcen.exe
  2⤵
  PID:12484
- C:\Windows\System\QOGUsBu.exe
  C:\Windows\System\QOGUsBu.exe
  2⤵
  PID:12512
- C:\Windows\System\dEEhHjm.exe
  C:\Windows\System\dEEhHjm.exe
  2⤵
  PID:12540
- C:\Windows\System\gpaqIDr.exe
  C:\Windows\System\gpaqIDr.exe
  2⤵
  PID:12568
- C:\Windows\System\KgRWLxm.exe
  C:\Windows\System\KgRWLxm.exe
  2⤵
  PID:12596
- C:\Windows\System\QCPLDMi.exe
  C:\Windows\System\QCPLDMi.exe
  2⤵
  PID:12624
- C:\Windows\System\zLDNOPz.exe
  C:\Windows\System\zLDNOPz.exe
  2⤵
  PID:12652
- C:\Windows\System\uHmlaEc.exe
  C:\Windows\System\uHmlaEc.exe
  2⤵
  PID:12680
- C:\Windows\System\YrPmeyR.exe
  C:\Windows\System\YrPmeyR.exe
  2⤵
  PID:12708
- C:\Windows\System\IupWDpL.exe
  C:\Windows\System\IupWDpL.exe
  2⤵
  PID:12736
- C:\Windows\System\pwzWOvE.exe
  C:\Windows\System\pwzWOvE.exe
  2⤵
  PID:12764
- C:\Windows\System\XbLbwzT.exe
  C:\Windows\System\XbLbwzT.exe
  2⤵
  PID:12792
- C:\Windows\System\dEVLdUf.exe
  C:\Windows\System\dEVLdUf.exe
  2⤵
  PID:12820
- C:\Windows\System\PYyRdCl.exe
  C:\Windows\System\PYyRdCl.exe
  2⤵
  PID:12848
- C:\Windows\System\CjwAsHD.exe
  C:\Windows\System\CjwAsHD.exe
  2⤵
  PID:12876
- C:\Windows\System\SSRrXNU.exe
  C:\Windows\System\SSRrXNU.exe
  2⤵
  PID:12904
- C:\Windows\System\BHhNyMg.exe
  C:\Windows\System\BHhNyMg.exe
  2⤵
  PID:12932
- C:\Windows\System\MyoNEmp.exe
  C:\Windows\System\MyoNEmp.exe
  2⤵
  PID:12960
- C:\Windows\System\aOVjNFW.exe
  C:\Windows\System\aOVjNFW.exe
  2⤵
  PID:13000
- C:\Windows\System\VisJHOH.exe
  C:\Windows\System\VisJHOH.exe
  2⤵
  PID:13016
- C:\Windows\System\aApcZcP.exe
  C:\Windows\System\aApcZcP.exe
  2⤵
  PID:13044
- C:\Windows\System\JfZBWDE.exe
  C:\Windows\System\JfZBWDE.exe
  2⤵
  PID:13072
- C:\Windows\System\yLzGIXI.exe
  C:\Windows\System\yLzGIXI.exe
  2⤵
  PID:13100
- C:\Windows\System\lGPKAei.exe
  C:\Windows\System\lGPKAei.exe
  2⤵
  PID:13128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gvdftjhk.a5b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AMxQxCD.exe

Filesize
3.2MB

MD5
d460b4a566ad6bf27fb9186a2a670481

SHA1
66deb13be74942edbe0fe8a29db61868cd6150d8

SHA256
a88cb0068abd7645c0d9e28dd830552f27f05b842bbe99ef957218d522c584d4

SHA512
fbd4d44a5866b6f9cdb99b5d7363f5e258c0e7d0dc53cd14c551c7cbb625a297f8fe01723f8c40fc1dca4a53f1c7a0ddf33405162c4ab7fe0ae42bef21c9c9d4

Download Submit
C:\Windows\System\BuleyHo.exe

Filesize
3.2MB

MD5
08515ddd98b5e2f178c905133cc35c5e

SHA1
9b716a96e382ff4eeec7b706d1a9dfaf4df4c10d

SHA256
fd0e776d2aeef02d398700277ce910d1eef23797d3f7bb8fe2f85186e9f01eed

SHA512
102b415f92bc2a92325e5c2820c5d5c703d8d9fc460e99ec2e39ac816f7adb4375429ebc947ca8119b6ab390a85d73d5b0f3dd02373cf5324774f29826593064

Download Submit
C:\Windows\System\DKgaiug.exe

Filesize
3.2MB

MD5
98ea77b2d9a3b486ca9e9d8bdc8dc060

SHA1
0cbfe84f8da06469af1be9a43ed6f8dab0a2be08

SHA256
388f7437adaad851ac772f539eb5346a5d69ce164d80ebe4cc5772aed6bfb881

SHA512
9bbb60cadf11becaa5f5336ddbf4d11fa26f547e8afb0fd1753bd0c2410b20f81166099a1c90f870e77ee381666d267aec047b0abb2263d32e31d7becebda736

Download Submit
C:\Windows\System\ForRtEk.exe

Filesize
3.2MB

MD5
2738d1cd1ca83fef3d93e7e245a3417d

SHA1
cb2b1ab8c8ca12b99716495135a30d59c8f48f3a

SHA256
1c55a1792036d074c94eedff09821f3458382de237b255ed80e8cdc8209acfb9

SHA512
6e76226267d2472ed88f7878696e7418c3fb0f8ccb87dd94ef33b0744c4a13c3fba64ede8c978109fa6e05ffe43e50520138bc1f9c1164e11f9b2f57ef94fc00

Download Submit
C:\Windows\System\IDmBLWW.exe

Filesize
3.2MB

MD5
1396f330d183b63b4a6bd30ed803090d

SHA1
5d211117d8dcb04014d7eb71eaafff6f1a74d68e

SHA256
f0903877262c1ac7f50f6f543b3b207bec8b625f474431fc0663426ced40d668

SHA512
e2927a68216c186c98ffba4ba41770669ab47840ce1fbab17d3947f6eac47ec672eb08396fb595bde18ec832dc0789a1264b218c9cb2e0a5830b9fe824834125

Download Submit
C:\Windows\System\IGWSoti.exe

Filesize
3.2MB

MD5
c097942ca8ff6bfb57790a0813266111

SHA1
c123a3da55c2f43547d9a846953b71b7e82c9c83

SHA256
abf7e4cee663965ac642205e27fb03899cd853fd59954c20ef793c0201ec099f

SHA512
8424a954cf54b70468490e24a52a9a676eb6874d90e8ccc029eb3e68e95c1273c7b1575c48ba90c0e9c92e86eef33c92f6fddf558430331f9bb4c259fc0d23e3

Download Submit
C:\Windows\System\KEwerax.exe

Filesize
3.2MB

MD5
b9de11b2e1c0d065175e92028aa9ba8a

SHA1
e26cc075fc75cf603858e952cb283bfde114576b

SHA256
9317e2a6234272302bd0de3c0a9b1efbda357f0a24bbda919f80a43196c68340

SHA512
8cb523f7a63d1948c8b80332d3abeec564a9b828c42ce29314995f3d7f48c7a39a0cf4ac145288646d590f337cad3bcd7a54e3866f46c3affe62b8fd4fbfc4f9

Download Submit
C:\Windows\System\KZHyIKa.exe

Filesize
3.2MB

MD5
4ab7c3b5980d383b13a616e5d910590a

SHA1
7740446f1d8c7d520c8b7fe683e4d5d97ac74aaf

SHA256
3c3d57c8f7f795da878677be65fe2b2520a4f17367e0eca893a5e9bcafb2a2e5

SHA512
276c65beb6c821ec5ecd64259c9d473f72b0f83b72f5dee3a5ed6a645f9831caf330d3a20be7c33b89ec18f8a7a6e19dcda78a01139149b85cbf9fa1e1c35eb3

Download Submit
C:\Windows\System\NjHIeTU.exe

Filesize
3.2MB

MD5
543f54b2cca70083368bb0ded63e424b

SHA1
79973d63f18ddb53c41b1cfd4973a22641a2c816

SHA256
8e9e75e8a77072cedc72ecb96c6e9fb974f33c3a2a2a644a942dd2c7af59805f

SHA512
3675446fa30c373d5138458dfc14747ea423eede434b21a938042c27ef0577c6015bf1bd79fb931aecceeadf1122266e11ea18d7a731b34b5ecf8501f69cea71

Download Submit
C:\Windows\System\ONizzhJ.exe

Filesize
3.2MB

MD5
d8f61421c8cab8a37ee9b113ff7f1a34

SHA1
3c66bacc8828b0b8d5b5cb91c228d6046eaeb18c

SHA256
042fd4eb97f5fd5881ad9e9e49cd40e75023c4dcb51f5e9ef15bafaaafc4d2ad

SHA512
ac7af652ca99ca6dbc88a1321ec2594b13e902b63dffa583cf3f4c6820fb0290afbfbf913a0d79bbf57c92241ad8120ee57686f1a852d1373e873e96f7f4abae

Download Submit
C:\Windows\System\OvAtxXD.exe

Filesize
3.2MB

MD5
05016bb2214eb095b03a643ff55d6d09

SHA1
b952e02854958acedad2cfb7d35d42d9131e15e9

SHA256
7bb0908bbb11c4a15ca1c579ccffa54eaff59ff2649472032e3dcf29b04f0fbf

SHA512
26e38d5df232be99ce36384b959061f117185e6edf1af1adc257e703c4cf55be429cdaa21b5e1d3efa0da88d8622b261f675c7c8955bb4a01869ed6800ac5df1

Download Submit
C:\Windows\System\PWZpRcT.exe

Filesize
3.2MB

MD5
4368392b93b6fc74c18763b53a2b6a0b

SHA1
c70e77bbff1cab73abad73afba864f14b9f7382f

SHA256
9130bfd506037699d207b928ccb75f1627a4632b680791c25aa6315453e0c087

SHA512
3179695a9503dd9a2ceb81a358090a2d3409300a07483f66df650f9a7137ce37a7a84a92b2811378ff9f0287c3b75a5fe75b4c0a58bc72a1e8b230d88b61128b

Download Submit
C:\Windows\System\RpWSLJi.exe

Filesize
3.2MB

MD5
27d8fae25844313cc153554e9349d0aa

SHA1
56f37e127879c19bc00237415d066347602cc0c5

SHA256
c62db51185020ac07ea7414561bc70dd4947cc1e8a206cdb39ca48e2b878b022

SHA512
3ff74450a41f0ff9a90bfd4951b73f337c85b67321c87e9fefa0165bb8dd862c0297705fe2e1826193e1a454457edbbebfe0d6059f073e0c94f9cf978c0c8172

Download Submit
C:\Windows\System\ShTWypx.exe

Filesize
3.2MB

MD5
21d10b7a91781a311932b31593961a3f

SHA1
1679c0dce76c1aa085219785dc5056ceb4008198

SHA256
96f8c8193846debfcad83b9687291db156b8ebf6aa56a749dcea9f04e03945b9

SHA512
8d2fedb1ac3e3fd79916e23ea5027f18edd124452bc97b5cccf2579cf3e7955691d1d28016f99ca78faa7e3a37eaeab94c76d875422993c73c29234765edc6df

Download Submit
C:\Windows\System\TQAKwge.exe

Filesize
3.2MB

MD5
cbea2f2920b406c6d2764c49ad2113ab

SHA1
de3219ee6ce5203ebf2cfdee47347af90477f718

SHA256
d1f365afdd8449291c42b9e45d8bad4d6d5e5e2fe48e541f58702096cfeab546

SHA512
bf80250a9c5cd802ed111160eef72fd15b47d7340dc7063262055d55608b97e58354ccb4df2f15fa0bebe94a43f506bf190c1fc1ffd1df9ff734d0af2dba4a9e

Download Submit
C:\Windows\System\TyimXBW.exe

Filesize
3.2MB

MD5
a983cddbfb8c8508f30dbf4597735188

SHA1
2e4354a6f012856cf9c284de4ec29c4531120e2e

SHA256
ee683e58e6428a5b28a20e31a2bef2b25784d8c7fa37d065c6b361ba543786b8

SHA512
8ccda1d55a7adbe45f3d1afddd731441cf2754077aaec09b884435b320bc61deaac5536fa7f0c742bf18f31e72f1d5841970b3ebf5878c0c2559e5acf409d0ec

Download Submit
C:\Windows\System\ULBVACb.exe

Filesize
3.2MB

MD5
3784ab20e9e443fbfa37d5d0600f87aa

SHA1
e4de01ecf6b2bf80649a90c664d5c4f9e409f8a0

SHA256
45ea239983f772abba91bef11a37195eea9dda8b8acbb12462c37c79bd7809f3

SHA512
71da916b829397495e77e46afae386919656fc0593ebd807f2e48c139e0eded009fa2f0c8c26d93eafaf1dcf96ee67a89c41285d6796b63669b1787212aaa84f

Download Submit
C:\Windows\System\UmULvEo.exe

Filesize
3.2MB

MD5
25a41e4266b765da60508714f688b88d

SHA1
45c60fc4f2b4e826d8d7f6d9b5f01c819aff3749

SHA256
cc40c0e9e7623148fb7c141194475dcf2fc69c4dbd262b5ef7b7f9d091129d07

SHA512
48e02b1482df5434098297ea68aeaa10d0b8c8b46b1a19ff4fa5af927ca665813e37030884b20069cd68562edfdad92a1595bcb208d860316109ffb8721bacee

Download Submit
C:\Windows\System\VkPUvwy.exe

Filesize
3.2MB

MD5
0fd447d3da8e66bfc7b96ba8de3b5b74

SHA1
b9ef11e9638ab19bb59ab68b1a4fe1304734872d

SHA256
1642d4897c4442a3027350efbba26133830f77ea4e9db8d169efa41d2d1321cc

SHA512
c2c5deb00405ac4f6363b2968804b73b908008ee38daf79097b6dd4bc26ef8950086fa53d1eae66f5ab9baf5ad2d7524968f2ef0d029a619ca490d62710eabce

Download Submit
C:\Windows\System\WZxxlzh.exe

Filesize
3.2MB

MD5
1c984bd58063b6ad65ed49ada8f67644

SHA1
5c632d812e15b4bd8a99c8918d91ee882da184d9

SHA256
f1b9fb63b4c817cf514baa496917f56e1bcd0208c79b152d85153043e2e234fe

SHA512
57e92929e9cf59dcf57a46782e8a15768aa0fd27c01e134c03437fa6751f1909f5c3ed35cf9872dd2e046bfcf286fb784eccc14ba258880615d71eaa8c35fadc

Download Submit
C:\Windows\System\aWONkHb.exe

Filesize
3.2MB

MD5
131663cacd7fb3b8769cd6250f57f4a2

SHA1
a9c8d33fc70d069edb25bd635157c6c3cb7aca60

SHA256
9784f7ca99b2da7ff5ac6d5611a06938e2d3f23a00d1d28527b8399b43b4fab8

SHA512
252ac5a9a2f8e3720bc34ff126f2652ec943c34ba09af15a6c4c2b1742aa39319d2a501ce1e1f956dff156572692fab1e9bd622e8a8f9a536e56e7578988eb0b

Download Submit
C:\Windows\System\abWhRdD.exe

Filesize
3.2MB

MD5
f0304c457077ed596ddb121efabe4724

SHA1
b50a50cb2aee80a447b4a27d51ed45329422b090

SHA256
88ea2e00055e6a542179bd6a8d5064e4a7b440775710135c4c8dffe87a5e4c82

SHA512
52a29106c8568c977e1d5c908f5da51cd8d3d69236baf4de50035d71e86821f2299874c92bb6a58bded183976cd56183ef969f20b52ba686f846fb526706dc8c

Download Submit
C:\Windows\System\bLjIfKl.exe

Filesize
3.2MB

MD5
972fab9ac11f276c2898528ec167586f

SHA1
692ca3b109afbade2f086e78ba419cd4023628fb

SHA256
c244745b69c6bd6a84e98e874ce54e707307ea3dcc69d9236daea2887d9163d7

SHA512
346033733e13d13b0fd01bdf1fa50971fbbc3ab06fd59bf52a00aaac0becd5ab3f08c60047be8edf8937b93afb96212cb954048de606c3eb1e112ebf738e02d7

Download Submit
C:\Windows\System\hUtgQEU.exe

Filesize
3.2MB

MD5
52b095e1dcf74f8df3af09d86ef99851

SHA1
2ee4d3e724137f485394af7d6e73376f14ba1a2f

SHA256
ad6a35915be95873f79e1d10e328c46b045ecaf08670eb601e2fca3d2bfac677

SHA512
babaf52b432d6e3db1016212707d592877a5b0db9ce7f181c305c31dc0d0e00d202ccd44eb0e922a7621a5a7117b217b05f10934a2574fd453980475a3910c33

Download Submit
C:\Windows\System\iTXdlar.exe

Filesize
3.2MB

MD5
d75cc2e4d2e0eaf52c44cda0a681b0d2

SHA1
b6fbdce5ecebed629626deca3d04e9ac77b0ffa2

SHA256
fd7fe65dea14ed46447d1bbef7363bc93c8cffcde529e013f517856de7e04a80

SHA512
ab1806b143ef59987b56fda66a9732c610e9bf1483df55e54f8d2d0ea291ad3a818759eb38739c71921f22f2a1ceed209aedfca8c13b30bec638614f28f541e4

Download Submit
C:\Windows\System\kDnCVIq.exe

Filesize
8B

MD5
03f6c06cbca2116586dcb830cb1e7df2

SHA1
21959527eb4bdd4f1722864fa3a0565158da0f4e

SHA256
7c68cc08ed1401c0caafd3e73d5d856fc875748ed5e62a3ad679b5b0fee4938f

SHA512
39de7a17d12a7e9cc23a1b27c4c49944527213fbd572a6002483088201aba931dcd3d50b2479479e5c47888eeed5c23ce039cc4e68daaf253fbac40894ca1f2b

Download Submit
C:\Windows\System\lIFmFlP.exe

Filesize
3.2MB

MD5
29350fd209c11b581de993277e7f09f8

SHA1
f7faa952da362283d0ba8a1fc46bdbdb5f312837

SHA256
0cb3b7aeb99d6a8c03eb81ece16e5b360b69effb2760301974ca2c67b0ba9a4f

SHA512
b14b14fd1070b8e8dce7c6c96574974faa68ff858b874960de5838d7a9b447b2c8a2abafa1228f2b030b10097e0ea886d418690b0b1738cd29a6c9785578487c

Download Submit
C:\Windows\System\mTdKECx.exe

Filesize
3.2MB

MD5
26c4314373a7ac516c74694a9be0f191

SHA1
c8978d4e56604abf7fa955a8d06de636c6aecead

SHA256
01c4e43d55ab3cdb465fb957f621be1f148d997b00d1e775c7fc2e3b92825187

SHA512
5b38bde939589c08c9be9725b90cd6883af54bdb82ea4796f8288c4a9656cbfb86999d7b4ba8a9e4479f2e771da4c9c0c2beb1ef47ca8d81100271aab0561d4e

Download Submit
C:\Windows\System\mXozQMq.exe

Filesize
3.2MB

MD5
e0568f52680c6f0df0e193384a18828d

SHA1
c6cbee7b3b0c2bb40bbd0c7866786e4fffca8596

SHA256
412cc22822e59d5d1c8d20e55514355cb219a8bf75bacfe33b37133db21c48b8

SHA512
f59358ec6e2424bdcf49f7a782c021adc9ca7f83c5b55eaf6391b22d902ff2eaad8dab036fedaadc20e837ad63301680b66904884236b41ad4bbdf2ff0cc66ef

Download Submit
C:\Windows\System\pTWurYV.exe

Filesize
3.2MB

MD5
fc0a1306ef9ae65c11b84ccf575c237e

SHA1
9cd21c75b1b1c91d9fbd8ec539656e55078680f0

SHA256
7549082743be77aac6ebad41bdf51a177463312fc347e65472d7b9d1cb242ead

SHA512
28d19294f8b8d7cad774043f405f4b7ed0d7132acbdc8cb6902bb4a0cc7e48766ab0101a5e62e234576fb2077f01cb7e0651260cef945f955e4e007b2acf2702

Download Submit
C:\Windows\System\pjCDmYK.exe

Filesize
3.2MB

MD5
1cdaf9b404b340b523b980bc8db54b1e

SHA1
e6864ca0809c99446c59aa66a25ffc31b10db188

SHA256
c78f6a70ca2e938dae14978f7c392bbbccdcae681893eb07c15a846956960e06

SHA512
98af6728396ff707c8c58c24ea4c07b2ff168fe98ed39b90577d1777605bee24f61eec11acbfbf98f4f51b10794d9a140f9ef66ec27d47c61d0e9d99f99f563b

Download Submit
C:\Windows\System\sMxLUUK.exe

Filesize
3.2MB

MD5
81fadd25bcc9475e878649203f5b8732

SHA1
d5172af923459df5670380965d427490e724503f

SHA256
2731c59e1855079946e92bd78cf58738f08dcbb2a3b2cd177d953aabba4a108f

SHA512
36adb7dd25e59a342a0fb38825d70c7766540c66e3fa518c7c57ba9a1525ea0a803138aec61ae06b93c720732a0f4133e7e36c6a805e9f99df8d5369800ca9a7

Download Submit
C:\Windows\System\uNxjbQD.exe

Filesize
3.2MB

MD5
fe380efe986e777c9e7fe6524ade3de0

SHA1
a187d3aad42c3bc91e5899ce26a64ca814e9349c

SHA256
93cc88c87b010574384d31303cfae1a22fee0c7432a192d307dfccd21e570424

SHA512
224aba1eb92e720f26e88be931c217974803c87882d69b348a1b2dd958126881c3ae5b8163d06eeb58af9744bdb326d19ca7a9c853535608fb26325c3a6132f3

Download Submit
C:\Windows\System\upOLQeC.exe

Filesize
3.2MB

MD5
48965a1b403c26606f0f8b3132b17993

SHA1
1d07b6198a79e15ec70a1a9a5afce218cf89d906

SHA256
5961ecc8d780406f5ba76e68b8ac7c3c244e5d8e1f20cf9bb0998f281455dba5

SHA512
d0d67ddac200a86a87a99a334119db606167e9d30a0b12c214a19834539177518b7fa9c532b9ec48525f4c2ebc189b51f45b74be971c6e9c8e0ce131af2da5c4

Download Submit
C:\Windows\System\urjnjgR.exe

Filesize
3.2MB

MD5
14e161bd8e647a8db5c5aaf161ccb63a

SHA1
5d93b29085b2de2016fa12846257c82f971e83f8

SHA256
8149843dfd4ff6d63afd138764973246e53b462daf5f79d632deffab4fdbfe59

SHA512
2044685a21c1ce581ee8e1578caef2a9e6185b009b82c938966e44027802e805c705f449942dd0aebe15830eb2904340a99fece02e588fee2ae52de107056198

Download Submit
C:\Windows\System\vcXzfuV.exe

Filesize
3.2MB

MD5
efb46fc0368442afc714c900842c1960

SHA1
2829ae848318f6827c980b43489e2a3265d70f82

SHA256
2b2c14f1280e2dbf4da7deb807bd6bf2cb4e9d4c4242d53f05c481ec983a8b0a

SHA512
16592e362e57a93f52c15150f6b7b96b3576c3e6284a12ac95042b421c360ef98a7e6f1f12a721e3bf575f346059c62e386998551cc2ae048f8b58b7200bc2ab

Download Submit
C:\Windows\System\wxGEoGr.exe

Filesize
3.2MB

MD5
86120ebb41a7438d6ab6db5447c7dcc5

SHA1
e4c330f5c65fe6a5f48a082a34a6c57546da1b2f

SHA256
ca6c80aabd37e54be7135c2e3e419fb915c417d62fef4790a6ea0fbe5b981d60

SHA512
5bb4cafc0eb1f9baa4b7bbbf5362c0b9d427315069fcc1aa94ac1d5cffcaf842b0a6c78753b85fa3e58852b684bbe274854d37008e582cb0459acef3fff4c052

Download Submit
C:\Windows\System\yUcVILd.exe

Filesize
3.2MB

MD5
fe1e0131605267df532f01d1310d47bb

SHA1
37ecebd95d01f2fe2f968a1603a36b247bc65711

SHA256
adedd093572597f51f763b3c6098db6ac2d4f9f7c8524ec7b238f3dd3b9d61a3

SHA512
adfa7f0475555b228566ba49c88f8dedceca072845d14c7e0cb1a16b3f099146c5d40e54e08021fd2893c0af25f2358505b512ab42eecac86b48235ae19613c7

Download Submit
memory/396-2157-0x00007FF600D10000-0x00007FF601106000-memory.dmp

Filesize
4.0MB

Download
memory/396-91-0x00007FF600D10000-0x00007FF601106000-memory.dmp

Filesize
4.0MB

Download
memory/688-152-0x00007FF6ECB30000-0x00007FF6ECF26000-memory.dmp

Filesize
4.0MB

Download
memory/688-2174-0x00007FF6ECB30000-0x00007FF6ECF26000-memory.dmp

Filesize
4.0MB

Download
memory/744-159-0x00007FF6BB560000-0x00007FF6BB956000-memory.dmp

Filesize
4.0MB

Download
memory/744-2153-0x00007FF6BB560000-0x00007FF6BB956000-memory.dmp

Filesize
4.0MB

Download
memory/916-2164-0x00007FF683190000-0x00007FF683586000-memory.dmp

Filesize
4.0MB

Download
memory/916-162-0x00007FF683190000-0x00007FF683586000-memory.dmp

Filesize
4.0MB

Download
memory/1220-13-0x00007FF60F610000-0x00007FF60FA06000-memory.dmp

Filesize
4.0MB

Download
memory/1220-2147-0x00007FF60F610000-0x00007FF60FA06000-memory.dmp

Filesize
4.0MB

Download
memory/1220-2152-0x00007FF60F610000-0x00007FF60FA06000-memory.dmp

Filesize
4.0MB

Download
memory/1324-161-0x00007FF6D5350000-0x00007FF6D5746000-memory.dmp

Filesize
4.0MB

Download
memory/1324-2159-0x00007FF6D5350000-0x00007FF6D5746000-memory.dmp

Filesize
4.0MB

Download
memory/1340-39-0x00007FF6323B0000-0x00007FF6327A6000-memory.dmp

Filesize
4.0MB

Download
memory/1340-2155-0x00007FF6323B0000-0x00007FF6327A6000-memory.dmp

Filesize
4.0MB

Download
memory/1444-2154-0x00007FF62B370000-0x00007FF62B766000-memory.dmp

Filesize
4.0MB

Download
memory/1444-64-0x00007FF62B370000-0x00007FF62B766000-memory.dmp

Filesize
4.0MB

Download
memory/2244-2172-0x00007FF7873C0000-0x00007FF7877B6000-memory.dmp

Filesize
4.0MB

Download
memory/2244-149-0x00007FF7873C0000-0x00007FF7877B6000-memory.dmp

Filesize
4.0MB

Download
memory/2248-97-0x00007FF75CF50000-0x00007FF75D346000-memory.dmp

Filesize
4.0MB

Download
memory/2248-2160-0x00007FF75CF50000-0x00007FF75D346000-memory.dmp

Filesize
4.0MB

Download
memory/2380-2151-0x00007FF78F1E0000-0x00007FF78F5D6000-memory.dmp

Filesize
4.0MB

Download
memory/2380-53-0x00007FF78F1E0000-0x00007FF78F5D6000-memory.dmp

Filesize
4.0MB

Download
memory/2656-137-0x00007FF6434F0000-0x00007FF6438E6000-memory.dmp

Filesize
4.0MB

Download
memory/2656-2162-0x00007FF6434F0000-0x00007FF6438E6000-memory.dmp

Filesize
4.0MB

Download
memory/2964-155-0x00007FF6CA930000-0x00007FF6CAD26000-memory.dmp

Filesize
4.0MB

Download
memory/2964-2168-0x00007FF6CA930000-0x00007FF6CAD26000-memory.dmp

Filesize
4.0MB

Download
memory/3152-163-0x00007FF62C7A0000-0x00007FF62CB96000-memory.dmp

Filesize
4.0MB

Download
memory/3152-2173-0x00007FF62C7A0000-0x00007FF62CB96000-memory.dmp

Filesize
4.0MB

Download
memory/3612-121-0x00007FF6A94F0000-0x00007FF6A98E6000-memory.dmp

Filesize
4.0MB

Download
memory/3612-2158-0x00007FF6A94F0000-0x00007FF6A98E6000-memory.dmp

Filesize
4.0MB

Download
memory/3872-156-0x00007FF784FE0000-0x00007FF7853D6000-memory.dmp

Filesize
4.0MB

Download
memory/3872-2167-0x00007FF784FE0000-0x00007FF7853D6000-memory.dmp

Filesize
4.0MB

Download
memory/4048-2170-0x00007FF7A1760000-0x00007FF7A1B56000-memory.dmp

Filesize
4.0MB

Download
memory/4048-164-0x00007FF7A1760000-0x00007FF7A1B56000-memory.dmp

Filesize
4.0MB

Download
memory/4236-2171-0x00007FF6C03D0000-0x00007FF6C07C6000-memory.dmp

Filesize
4.0MB

Download
memory/4236-153-0x00007FF6C03D0000-0x00007FF6C07C6000-memory.dmp

Filesize
4.0MB

Download
memory/4432-160-0x00007FF71EDB0000-0x00007FF71F1A6000-memory.dmp

Filesize
4.0MB

Download
memory/4432-2161-0x00007FF71EDB0000-0x00007FF71F1A6000-memory.dmp

Filesize
4.0MB

Download
memory/4464-154-0x00007FF7CC370000-0x00007FF7CC766000-memory.dmp

Filesize
4.0MB

Download
memory/4464-2169-0x00007FF7CC370000-0x00007FF7CC766000-memory.dmp

Filesize
4.0MB

Download
memory/4620-2163-0x00007FF6FCC40000-0x00007FF6FD036000-memory.dmp

Filesize
4.0MB

Download
memory/4620-133-0x00007FF6FCC40000-0x00007FF6FD036000-memory.dmp

Filesize
4.0MB

Download
memory/4680-2165-0x00007FF6A4200000-0x00007FF6A45F6000-memory.dmp

Filesize
4.0MB

Download
memory/4680-148-0x00007FF6A4200000-0x00007FF6A45F6000-memory.dmp

Filesize
4.0MB

Download
memory/4720-0-0x00007FF6A9260000-0x00007FF6A9656000-memory.dmp

Filesize
4.0MB

Download
memory/4720-1-0x000002CDF3750000-0x000002CDF3760000-memory.dmp

Filesize
64KB

Download
memory/4752-2166-0x00007FF6BB7E0000-0x00007FF6BBBD6000-memory.dmp

Filesize
4.0MB

Download
memory/4752-157-0x00007FF6BB7E0000-0x00007FF6BBBD6000-memory.dmp

Filesize
4.0MB

Download
memory/4788-2156-0x00007FF69B780000-0x00007FF69BB76000-memory.dmp

Filesize
4.0MB

Download
memory/4788-84-0x00007FF69B780000-0x00007FF69BB76000-memory.dmp

Filesize
4.0MB

Download
memory/4880-51-0x0000025573560000-0x0000025573582000-memory.dmp

Filesize
136KB

Download
memory/4880-158-0x00007FFA311C0000-0x00007FFA31C81000-memory.dmp

Filesize
10.8MB

Download
memory/4880-2150-0x00007FFA311C0000-0x00007FFA31C81000-memory.dmp

Filesize
10.8MB

Download
memory/4880-16-0x00007FFA311C3000-0x00007FFA311C5000-memory.dmp

Filesize
8KB

Download
memory/4880-2149-0x00007FFA311C3000-0x00007FFA311C5000-memory.dmp

Filesize
8KB

Download
memory/4880-35-0x00007FFA311C0000-0x00007FFA31C81000-memory.dmp

Filesize
10.8MB

Download
memory/4880-2148-0x00007FFA311C0000-0x00007FFA31C81000-memory.dmp

Filesize
10.8MB

Download
memory/4880-215-0x0000025574220000-0x00000255749C6000-memory.dmp

Filesize
7.6MB

Download