xmrig | 8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
Size

1.9MB
MD5

f9c9f6aeeb752f92f9d101631f868fb0
SHA1

f2f2e30dd504cb4ba6a1c8c59eeba91ae21f4231
SHA256

8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c
SHA512

029f4947c25dcbff218a87a3ea48f8d048137d2b61c17c31af5cf332801dc72492b0664dd894f71cb2b16bf8b9d0f542118db4d690575f65912924c7e1c945cf
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipBh8tGxHIBWGlTqTmo6OZXbPbPIdkq8T91EQQsA6:Lz071uv4BPMkiFGlvETbvpEy6gbn

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3048-74-0x00007FF6F2120000-0x00007FF6F2512000-memory.dmp	xmrig
behavioral2/memory/2784-78-0x00007FF7CEE40000-0x00007FF7CF232000-memory.dmp	xmrig
behavioral2/memory/2940-129-0x00007FF608FC0000-0x00007FF6093B2000-memory.dmp	xmrig
behavioral2/memory/736-134-0x00007FF6C9970000-0x00007FF6C9D62000-memory.dmp	xmrig
behavioral2/memory/1984-133-0x00007FF6E3E50000-0x00007FF6E4242000-memory.dmp	xmrig
behavioral2/memory/1512-132-0x00007FF68FAE0000-0x00007FF68FED2000-memory.dmp	xmrig
behavioral2/memory/1444-131-0x00007FF7B9F10000-0x00007FF7BA302000-memory.dmp	xmrig
behavioral2/memory/2660-130-0x00007FF66EC50000-0x00007FF66F042000-memory.dmp	xmrig
behavioral2/memory/3216-128-0x00007FF76F720000-0x00007FF76FB12000-memory.dmp	xmrig
behavioral2/memory/884-127-0x00007FF6456C0000-0x00007FF645AB2000-memory.dmp	xmrig
behavioral2/memory/4316-126-0x00007FF779F80000-0x00007FF77A372000-memory.dmp	xmrig
behavioral2/memory/2812-123-0x00007FF79E780000-0x00007FF79EB72000-memory.dmp	xmrig
behavioral2/memory/116-122-0x00007FF7FBEB0000-0x00007FF7FC2A2000-memory.dmp	xmrig
behavioral2/memory/2196-119-0x00007FF617AA0000-0x00007FF617E92000-memory.dmp	xmrig
behavioral2/memory/3092-118-0x00007FF79A9F0000-0x00007FF79ADE2000-memory.dmp	xmrig
behavioral2/memory/3988-77-0x00007FF6D6C80000-0x00007FF6D7072000-memory.dmp	xmrig
behavioral2/memory/3528-66-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp	xmrig
behavioral2/memory/1140-53-0x00007FF74D8F0000-0x00007FF74DCE2000-memory.dmp	xmrig
behavioral2/memory/1016-51-0x00007FF6E7070000-0x00007FF6E7462000-memory.dmp	xmrig
behavioral2/memory/112-312-0x00007FF63C390000-0x00007FF63C782000-memory.dmp	xmrig
behavioral2/memory/1740-397-0x00007FF657FD0000-0x00007FF6583C2000-memory.dmp	xmrig
behavioral2/memory/4736-396-0x00007FF6A9A10000-0x00007FF6A9E02000-memory.dmp	xmrig
behavioral2/memory/1080-394-0x00007FF623210000-0x00007FF623602000-memory.dmp	xmrig
behavioral2/memory/3336-327-0x00007FF6AA6A0000-0x00007FF6AAA92000-memory.dmp	xmrig
behavioral2/memory/1016-2193-0x00007FF6E7070000-0x00007FF6E7462000-memory.dmp	xmrig
behavioral2/memory/3048-2203-0x00007FF6F2120000-0x00007FF6F2512000-memory.dmp	xmrig
behavioral2/memory/1140-2205-0x00007FF74D8F0000-0x00007FF74DCE2000-memory.dmp	xmrig
behavioral2/memory/3528-2201-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp	xmrig
behavioral2/memory/3988-2216-0x00007FF6D6C80000-0x00007FF6D7072000-memory.dmp	xmrig
behavioral2/memory/2784-2218-0x00007FF7CEE40000-0x00007FF7CF232000-memory.dmp	xmrig
behavioral2/memory/884-2239-0x00007FF6456C0000-0x00007FF645AB2000-memory.dmp	xmrig
behavioral2/memory/2660-2242-0x00007FF66EC50000-0x00007FF66F042000-memory.dmp	xmrig
behavioral2/memory/3092-2241-0x00007FF79A9F0000-0x00007FF79ADE2000-memory.dmp	xmrig
behavioral2/memory/3216-2244-0x00007FF76F720000-0x00007FF76FB12000-memory.dmp	xmrig
behavioral2/memory/3336-2235-0x00007FF6AA6A0000-0x00007FF6AAA92000-memory.dmp	xmrig
behavioral2/memory/1984-2230-0x00007FF6E3E50000-0x00007FF6E4242000-memory.dmp	xmrig
behavioral2/memory/2196-2226-0x00007FF617AA0000-0x00007FF617E92000-memory.dmp	xmrig
behavioral2/memory/116-2225-0x00007FF7FBEB0000-0x00007FF7FC2A2000-memory.dmp	xmrig
behavioral2/memory/4316-2223-0x00007FF779F80000-0x00007FF77A372000-memory.dmp	xmrig
behavioral2/memory/1444-2238-0x00007FF7B9F10000-0x00007FF7BA302000-memory.dmp	xmrig
behavioral2/memory/1512-2233-0x00007FF68FAE0000-0x00007FF68FED2000-memory.dmp	xmrig
behavioral2/memory/736-2229-0x00007FF6C9970000-0x00007FF6C9D62000-memory.dmp	xmrig
behavioral2/memory/2812-2221-0x00007FF79E780000-0x00007FF79EB72000-memory.dmp	xmrig
behavioral2/memory/1296-2290-0x00007FF6EB250000-0x00007FF6EB642000-memory.dmp	xmrig
behavioral2/memory/1080-2292-0x00007FF623210000-0x00007FF623602000-memory.dmp	xmrig
behavioral2/memory/4736-2295-0x00007FF6A9A10000-0x00007FF6A9E02000-memory.dmp	xmrig
behavioral2/memory/1740-2300-0x00007FF657FD0000-0x00007FF6583C2000-memory.dmp	xmrig
behavioral2/memory/1296-2306-0x00007FF6EB250000-0x00007FF6EB642000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	2716	powershell.exe
10	2716	powershell.exe
12	2716	powershell.exe
13	2716	powershell.exe
15	2716	powershell.exe
19	2716	powershell.exe
20	2716	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2716	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2940	CxxFSRp.exe
1016	pVtDskT.exe
1140	OPjfvPU.exe
3528	wnIPPJJ.exe
3048	IVUzwhK.exe
2660	WhUurzb.exe
3988	wtBOeTd.exe
2784	FVSPFUD.exe
1444	CUYQJpG.exe
1512	XFUPJNa.exe
3336	xoyPrsg.exe
3092	PLhdmCM.exe
1984	vQyPGeb.exe
736	bkWkWbr.exe
2196	qxIthnG.exe
116	GALdRJH.exe
2812	LVXAEVW.exe
4316	OsQlWjF.exe
884	xPCUNXx.exe
3216	gbgBlha.exe
1080	EFjRkva.exe
1296	zoqIQUH.exe
4736	bMsdCte.exe
1740	ZTBpAEa.exe
4280	hIxadcJ.exe
3900	uQxebLJ.exe
3676	sPTwCyJ.exe
4300	ZjCWyPR.exe
4724	jucUIMP.exe
2428	aLbSBLR.exe
1644	KUgrlXA.exe
5000	vOlhRNS.exe
1492	monZiir.exe
3936	zRDFsHE.exe
1944	vrztTPt.exe
2484	uArvOaF.exe
4088	UAAsasm.exe
2488	CXYPxbS.exe
1328	yCPFSNE.exe
32	pptWwdR.exe
704	iRkNVzY.exe
1472	QPxfbTm.exe
4612	sLvqEYl.exe
2104	YhQdEdM.exe
4036	CSwHXIB.exe
2612	MoGqlQY.exe
2448	BeeOndP.exe
4596	PGjNDHZ.exe
1108	LMxSIgf.exe
3364	UgsZSse.exe
2376	SUYdWTH.exe
1260	bosDkKM.exe
724	RkHgdtZ.exe
5092	xpNoomL.exe
5012	HSKQbWS.exe
3188	XjgiClv.exe
1072	RrpugrS.exe
3220	XLtTjvx.exe
4672	WcUpgoP.exe
4940	ZkeEYzz.exe
4444	bTAPdEJ.exe
4640	VLkVPba.exe
5136	RxSyjoq.exe
5168	FHpnoZu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/112-0-0x00007FF63C390000-0x00007FF63C782000-memory.dmp	upx
behavioral2/files/0x0007000000023452-8.dat	upx
behavioral2/files/0x0007000000023451-9.dat	upx
behavioral2/files/0x000800000002344d-6.dat	upx
behavioral2/files/0x0007000000023453-21.dat	upx
behavioral2/files/0x0008000000023458-52.dat	upx
behavioral2/files/0x0007000000023459-61.dat	upx
behavioral2/memory/3048-74-0x00007FF6F2120000-0x00007FF6F2512000-memory.dmp	upx
behavioral2/memory/2784-78-0x00007FF7CEE40000-0x00007FF7CF232000-memory.dmp	upx
behavioral2/files/0x000800000002344e-103.dat	upx
behavioral2/files/0x0007000000023461-115.dat	upx
behavioral2/files/0x0007000000023462-124.dat	upx
behavioral2/memory/2940-129-0x00007FF608FC0000-0x00007FF6093B2000-memory.dmp	upx
behavioral2/memory/736-134-0x00007FF6C9970000-0x00007FF6C9D62000-memory.dmp	upx
behavioral2/memory/1984-133-0x00007FF6E3E50000-0x00007FF6E4242000-memory.dmp	upx
behavioral2/memory/1512-132-0x00007FF68FAE0000-0x00007FF68FED2000-memory.dmp	upx
behavioral2/memory/1444-131-0x00007FF7B9F10000-0x00007FF7BA302000-memory.dmp	upx
behavioral2/memory/2660-130-0x00007FF66EC50000-0x00007FF66F042000-memory.dmp	upx
behavioral2/memory/3216-128-0x00007FF76F720000-0x00007FF76FB12000-memory.dmp	upx
behavioral2/memory/884-127-0x00007FF6456C0000-0x00007FF645AB2000-memory.dmp	upx
behavioral2/memory/4316-126-0x00007FF779F80000-0x00007FF77A372000-memory.dmp	upx
behavioral2/memory/2812-123-0x00007FF79E780000-0x00007FF79EB72000-memory.dmp	upx
behavioral2/memory/116-122-0x00007FF7FBEB0000-0x00007FF7FC2A2000-memory.dmp	upx
behavioral2/memory/2196-119-0x00007FF617AA0000-0x00007FF617E92000-memory.dmp	upx
behavioral2/memory/3092-118-0x00007FF79A9F0000-0x00007FF79ADE2000-memory.dmp	upx
behavioral2/files/0x0007000000023460-113.dat	upx
behavioral2/files/0x000700000002345f-111.dat	upx
behavioral2/files/0x000700000002345e-109.dat	upx
behavioral2/files/0x0008000000023457-107.dat	upx
behavioral2/files/0x000700000002345d-101.dat	upx
behavioral2/memory/3336-93-0x00007FF6AA6A0000-0x00007FF6AAA92000-memory.dmp	upx
behavioral2/files/0x000700000002345c-82.dat	upx
behavioral2/files/0x000700000002345b-80.dat	upx
behavioral2/memory/3988-77-0x00007FF6D6C80000-0x00007FF6D7072000-memory.dmp	upx
behavioral2/files/0x000700000002345a-70.dat	upx
behavioral2/memory/3528-66-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp	upx
behavioral2/files/0x0007000000023456-58.dat	upx
behavioral2/files/0x0007000000023455-57.dat	upx
behavioral2/memory/1140-53-0x00007FF74D8F0000-0x00007FF74DCE2000-memory.dmp	upx
behavioral2/memory/1016-51-0x00007FF6E7070000-0x00007FF6E7462000-memory.dmp	upx
behavioral2/files/0x0007000000023454-33.dat	upx
behavioral2/files/0x0007000000023463-310.dat	upx
behavioral2/memory/112-312-0x00007FF63C390000-0x00007FF63C782000-memory.dmp	upx
behavioral2/files/0x00070000000234a0-360.dat	upx
behavioral2/files/0x00070000000234a7-373.dat	upx
behavioral2/files/0x00070000000234aa-398.dat	upx
behavioral2/memory/1296-432-0x00007FF6EB250000-0x00007FF6EB642000-memory.dmp	upx
behavioral2/files/0x00070000000234ad-414.dat	upx
behavioral2/memory/1740-397-0x00007FF657FD0000-0x00007FF6583C2000-memory.dmp	upx
behavioral2/memory/4736-396-0x00007FF6A9A10000-0x00007FF6A9E02000-memory.dmp	upx
behavioral2/memory/1080-394-0x00007FF623210000-0x00007FF623602000-memory.dmp	upx
behavioral2/files/0x00070000000234a9-391.dat	upx
behavioral2/files/0x00070000000234a8-389.dat	upx
behavioral2/files/0x00070000000234a4-385.dat	upx
behavioral2/files/0x00070000000234a3-383.dat	upx
behavioral2/files/0x000700000002349e-381.dat	upx
behavioral2/files/0x00070000000234a6-379.dat	upx
behavioral2/files/0x00070000000234a5-377.dat	upx
behavioral2/files/0x00070000000234a2-374.dat	upx
behavioral2/memory/3336-327-0x00007FF6AA6A0000-0x00007FF6AAA92000-memory.dmp	upx
behavioral2/memory/1016-2193-0x00007FF6E7070000-0x00007FF6E7462000-memory.dmp	upx
behavioral2/memory/3048-2203-0x00007FF6F2120000-0x00007FF6F2512000-memory.dmp	upx
behavioral2/memory/1140-2205-0x00007FF74D8F0000-0x00007FF74DCE2000-memory.dmp	upx
behavioral2/memory/3528-2201-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vQyPGeb.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\MebJdsn.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\AaCqzbb.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\rovtTmZ.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\kIRQqqC.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\afrMeht.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\OTTlbrg.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\HegoMrB.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\rVicNvR.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\UcSoGiK.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\PfxOLAP.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\KUgrlXA.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\OTUHXpe.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\euXbvEq.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\dvUWgbM.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\VdBXkiA.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\MweRNNS.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\aPnyHFb.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\uZZtHwY.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\fuwERLd.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\VdUAXao.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\QaGkOvk.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\ICqrImp.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\ZuzYinz.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\vVAUXhP.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\wNiSNlN.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\FQFSkVk.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\WYkBaoj.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\kSprhGx.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\PsttXYh.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\aiIIqMR.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\kbpckar.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\jPMQRHY.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\dYvgeZD.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\eBTfmFk.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\yjUlnpz.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\WWwSnuU.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\YhQdEdM.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\xRJONiG.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\KvXHbOC.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\jUHlcMZ.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\CXYPxbS.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\SUYdWTH.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\EHjAHNo.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\rBYWcbJ.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\WEJLNaH.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\VPPrTEM.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\RqTizJM.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\WdUAdGi.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\WsPRzBV.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\WzIqWsb.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\PKqfupJ.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\nXyAoAf.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\iqgqXnJ.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\WEkVHto.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\ECNhjbk.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\UyUOnRQ.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\BxaOBiv.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\CeDteRD.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\AulFemG.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\CkFuliM.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\xuJNMdo.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\KBvsWbh.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
File created	C:\Windows\System\eyGtWlr.exe	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2716	powershell.exe
2716	powershell.exe
2716	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
Token: SeDebugPrivilege	2716	powershell.exe
Token: SeLockMemoryPrivilege	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 2716	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	84
PID 112 wrote to memory of 2716	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	84
PID 112 wrote to memory of 2940	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	85
PID 112 wrote to memory of 2940	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	85
PID 112 wrote to memory of 1016	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	86
PID 112 wrote to memory of 1016	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	86
PID 112 wrote to memory of 1140	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	87
PID 112 wrote to memory of 1140	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	87
PID 112 wrote to memory of 3048	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	88
PID 112 wrote to memory of 3048	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	88
PID 112 wrote to memory of 3528	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	89
PID 112 wrote to memory of 3528	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	89
PID 112 wrote to memory of 2660	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	90
PID 112 wrote to memory of 2660	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	90
PID 112 wrote to memory of 3988	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	91
PID 112 wrote to memory of 3988	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	91
PID 112 wrote to memory of 2784	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	92
PID 112 wrote to memory of 2784	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	92
PID 112 wrote to memory of 1444	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	93
PID 112 wrote to memory of 1444	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	93
PID 112 wrote to memory of 1512	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	94
PID 112 wrote to memory of 1512	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	94
PID 112 wrote to memory of 3336	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	95
PID 112 wrote to memory of 3336	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	95
PID 112 wrote to memory of 3092	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	96
PID 112 wrote to memory of 3092	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	96
PID 112 wrote to memory of 1984	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	97
PID 112 wrote to memory of 1984	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	97
PID 112 wrote to memory of 736	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	98
PID 112 wrote to memory of 736	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	98
PID 112 wrote to memory of 2196	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	99
PID 112 wrote to memory of 2196	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	99
PID 112 wrote to memory of 116	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	100
PID 112 wrote to memory of 116	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	100
PID 112 wrote to memory of 2812	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	101
PID 112 wrote to memory of 2812	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	101
PID 112 wrote to memory of 4316	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	102
PID 112 wrote to memory of 4316	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	102
PID 112 wrote to memory of 884	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	103
PID 112 wrote to memory of 884	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	103
PID 112 wrote to memory of 3216	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	104
PID 112 wrote to memory of 3216	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	104
PID 112 wrote to memory of 1080	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	105
PID 112 wrote to memory of 1080	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	105
PID 112 wrote to memory of 4300	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	106
PID 112 wrote to memory of 4300	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	106
PID 112 wrote to memory of 1296	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	107
PID 112 wrote to memory of 1296	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	107
PID 112 wrote to memory of 4736	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	108
PID 112 wrote to memory of 4736	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	108
PID 112 wrote to memory of 1740	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	109
PID 112 wrote to memory of 1740	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	109
PID 112 wrote to memory of 4280	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	110
PID 112 wrote to memory of 4280	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	110
PID 112 wrote to memory of 3900	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	111
PID 112 wrote to memory of 3900	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	111
PID 112 wrote to memory of 3676	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	112
PID 112 wrote to memory of 3676	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	112
PID 112 wrote to memory of 4724	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	113
PID 112 wrote to memory of 4724	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	113
PID 112 wrote to memory of 2428	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	114
PID 112 wrote to memory of 2428	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	114
PID 112 wrote to memory of 1644	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	115
PID 112 wrote to memory of 1644	112	8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe	115

C:\Users\Admin\AppData\Local\Temp\8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8b64fbe1297caa244ce96f5bc3eb8f51a7bbef712428abd057635b859866632c_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2716
- C:\Windows\System\CxxFSRp.exe
  C:\Windows\System\CxxFSRp.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\pVtDskT.exe
  C:\Windows\System\pVtDskT.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\OPjfvPU.exe
  C:\Windows\System\OPjfvPU.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\IVUzwhK.exe
  C:\Windows\System\IVUzwhK.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\wnIPPJJ.exe
  C:\Windows\System\wnIPPJJ.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\WhUurzb.exe
  C:\Windows\System\WhUurzb.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\wtBOeTd.exe
  C:\Windows\System\wtBOeTd.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\FVSPFUD.exe
  C:\Windows\System\FVSPFUD.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\CUYQJpG.exe
  C:\Windows\System\CUYQJpG.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\XFUPJNa.exe
  C:\Windows\System\XFUPJNa.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\xoyPrsg.exe
  C:\Windows\System\xoyPrsg.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\PLhdmCM.exe
  C:\Windows\System\PLhdmCM.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\vQyPGeb.exe
  C:\Windows\System\vQyPGeb.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\bkWkWbr.exe
  C:\Windows\System\bkWkWbr.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\qxIthnG.exe
  C:\Windows\System\qxIthnG.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\GALdRJH.exe
  C:\Windows\System\GALdRJH.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\LVXAEVW.exe
  C:\Windows\System\LVXAEVW.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\OsQlWjF.exe
  C:\Windows\System\OsQlWjF.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\xPCUNXx.exe
  C:\Windows\System\xPCUNXx.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\gbgBlha.exe
  C:\Windows\System\gbgBlha.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\EFjRkva.exe
  C:\Windows\System\EFjRkva.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\ZjCWyPR.exe
  C:\Windows\System\ZjCWyPR.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Windows\System\zoqIQUH.exe
  C:\Windows\System\zoqIQUH.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\bMsdCte.exe
  C:\Windows\System\bMsdCte.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\ZTBpAEa.exe
  C:\Windows\System\ZTBpAEa.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\hIxadcJ.exe
  C:\Windows\System\hIxadcJ.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\uQxebLJ.exe
  C:\Windows\System\uQxebLJ.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\sPTwCyJ.exe
  C:\Windows\System\sPTwCyJ.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\jucUIMP.exe
  C:\Windows\System\jucUIMP.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\aLbSBLR.exe
  C:\Windows\System\aLbSBLR.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\KUgrlXA.exe
  C:\Windows\System\KUgrlXA.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\vOlhRNS.exe
  C:\Windows\System\vOlhRNS.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\monZiir.exe
  C:\Windows\System\monZiir.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\zRDFsHE.exe
  C:\Windows\System\zRDFsHE.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\vrztTPt.exe
  C:\Windows\System\vrztTPt.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\uArvOaF.exe
  C:\Windows\System\uArvOaF.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\UAAsasm.exe
  C:\Windows\System\UAAsasm.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\CXYPxbS.exe
  C:\Windows\System\CXYPxbS.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\yCPFSNE.exe
  C:\Windows\System\yCPFSNE.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\pptWwdR.exe
  C:\Windows\System\pptWwdR.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\iRkNVzY.exe
  C:\Windows\System\iRkNVzY.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\QPxfbTm.exe
  C:\Windows\System\QPxfbTm.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\sLvqEYl.exe
  C:\Windows\System\sLvqEYl.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\YhQdEdM.exe
  C:\Windows\System\YhQdEdM.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\CSwHXIB.exe
  C:\Windows\System\CSwHXIB.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\MoGqlQY.exe
  C:\Windows\System\MoGqlQY.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\BeeOndP.exe
  C:\Windows\System\BeeOndP.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\PGjNDHZ.exe
  C:\Windows\System\PGjNDHZ.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\LMxSIgf.exe
  C:\Windows\System\LMxSIgf.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\UgsZSse.exe
  C:\Windows\System\UgsZSse.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\SUYdWTH.exe
  C:\Windows\System\SUYdWTH.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\bosDkKM.exe
  C:\Windows\System\bosDkKM.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\RkHgdtZ.exe
  C:\Windows\System\RkHgdtZ.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\xpNoomL.exe
  C:\Windows\System\xpNoomL.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\HSKQbWS.exe
  C:\Windows\System\HSKQbWS.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\XjgiClv.exe
  C:\Windows\System\XjgiClv.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\RrpugrS.exe
  C:\Windows\System\RrpugrS.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\XLtTjvx.exe
  C:\Windows\System\XLtTjvx.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\WcUpgoP.exe
  C:\Windows\System\WcUpgoP.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\ZkeEYzz.exe
  C:\Windows\System\ZkeEYzz.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\bTAPdEJ.exe
  C:\Windows\System\bTAPdEJ.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\VLkVPba.exe
  C:\Windows\System\VLkVPba.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\RxSyjoq.exe
  C:\Windows\System\RxSyjoq.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\FHpnoZu.exe
  C:\Windows\System\FHpnoZu.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\bdBFYRX.exe
  C:\Windows\System\bdBFYRX.exe
  2⤵
  PID:5204
- C:\Windows\System\DdVsFsr.exe
  C:\Windows\System\DdVsFsr.exe
  2⤵
  PID:5232
- C:\Windows\System\JAjwciH.exe
  C:\Windows\System\JAjwciH.exe
  2⤵
  PID:5260
- C:\Windows\System\UNXvCGc.exe
  C:\Windows\System\UNXvCGc.exe
  2⤵
  PID:5296
- C:\Windows\System\QQUJepE.exe
  C:\Windows\System\QQUJepE.exe
  2⤵
  PID:5344
- C:\Windows\System\WbzgEij.exe
  C:\Windows\System\WbzgEij.exe
  2⤵
  PID:5368
- C:\Windows\System\EoAuSuX.exe
  C:\Windows\System\EoAuSuX.exe
  2⤵
  PID:5392
- C:\Windows\System\JOSMIfR.exe
  C:\Windows\System\JOSMIfR.exe
  2⤵
  PID:5412
- C:\Windows\System\cUGkiCv.exe
  C:\Windows\System\cUGkiCv.exe
  2⤵
  PID:5444
- C:\Windows\System\UyUOnRQ.exe
  C:\Windows\System\UyUOnRQ.exe
  2⤵
  PID:5472
- C:\Windows\System\RwLJeWi.exe
  C:\Windows\System\RwLJeWi.exe
  2⤵
  PID:5504
- C:\Windows\System\gXTkuDA.exe
  C:\Windows\System\gXTkuDA.exe
  2⤵
  PID:5540
- C:\Windows\System\zwSlCAs.exe
  C:\Windows\System\zwSlCAs.exe
  2⤵
  PID:5564
- C:\Windows\System\eyGtWlr.exe
  C:\Windows\System\eyGtWlr.exe
  2⤵
  PID:5592
- C:\Windows\System\PHSikUy.exe
  C:\Windows\System\PHSikUy.exe
  2⤵
  PID:5616
- C:\Windows\System\CWtMoYy.exe
  C:\Windows\System\CWtMoYy.exe
  2⤵
  PID:5648
- C:\Windows\System\SeJdLam.exe
  C:\Windows\System\SeJdLam.exe
  2⤵
  PID:5680
- C:\Windows\System\BxaOBiv.exe
  C:\Windows\System\BxaOBiv.exe
  2⤵
  PID:5712
- C:\Windows\System\fOZOCXw.exe
  C:\Windows\System\fOZOCXw.exe
  2⤵
  PID:5740
- C:\Windows\System\oXujnts.exe
  C:\Windows\System\oXujnts.exe
  2⤵
  PID:5768
- C:\Windows\System\xRJONiG.exe
  C:\Windows\System\xRJONiG.exe
  2⤵
  PID:5812
- C:\Windows\System\XXPoGnn.exe
  C:\Windows\System\XXPoGnn.exe
  2⤵
  PID:5836
- C:\Windows\System\ZmTMoEX.exe
  C:\Windows\System\ZmTMoEX.exe
  2⤵
  PID:5872
- C:\Windows\System\dtFxknO.exe
  C:\Windows\System\dtFxknO.exe
  2⤵
  PID:5896
- C:\Windows\System\pLEbtWe.exe
  C:\Windows\System\pLEbtWe.exe
  2⤵
  PID:5924
- C:\Windows\System\aiIIqMR.exe
  C:\Windows\System\aiIIqMR.exe
  2⤵
  PID:5960
- C:\Windows\System\peBMdJG.exe
  C:\Windows\System\peBMdJG.exe
  2⤵
  PID:5988
- C:\Windows\System\MebJdsn.exe
  C:\Windows\System\MebJdsn.exe
  2⤵
  PID:6024
- C:\Windows\System\myDlqhS.exe
  C:\Windows\System\myDlqhS.exe
  2⤵
  PID:6056
- C:\Windows\System\kkZHNjb.exe
  C:\Windows\System\kkZHNjb.exe
  2⤵
  PID:6084
- C:\Windows\System\dUPUWNV.exe
  C:\Windows\System\dUPUWNV.exe
  2⤵
  PID:6116
- C:\Windows\System\wMIutjW.exe
  C:\Windows\System\wMIutjW.exe
  2⤵
  PID:6148
- C:\Windows\System\CeDteRD.exe
  C:\Windows\System\CeDteRD.exe
  2⤵
  PID:6188
- C:\Windows\System\LdJKxoW.exe
  C:\Windows\System\LdJKxoW.exe
  2⤵
  PID:6216
- C:\Windows\System\YwIRziH.exe
  C:\Windows\System\YwIRziH.exe
  2⤵
  PID:6248
- C:\Windows\System\sjaODCV.exe
  C:\Windows\System\sjaODCV.exe
  2⤵
  PID:6280
- C:\Windows\System\pikkTGV.exe
  C:\Windows\System\pikkTGV.exe
  2⤵
  PID:6356
- C:\Windows\System\oEfLFxk.exe
  C:\Windows\System\oEfLFxk.exe
  2⤵
  PID:6416
- C:\Windows\System\lVVxvOa.exe
  C:\Windows\System\lVVxvOa.exe
  2⤵
  PID:6444
- C:\Windows\System\XhmLfsA.exe
  C:\Windows\System\XhmLfsA.exe
  2⤵
  PID:6460
- C:\Windows\System\TSAvjpt.exe
  C:\Windows\System\TSAvjpt.exe
  2⤵
  PID:6476
- C:\Windows\System\etMsGCE.exe
  C:\Windows\System\etMsGCE.exe
  2⤵
  PID:6496
- C:\Windows\System\JpzZsYk.exe
  C:\Windows\System\JpzZsYk.exe
  2⤵
  PID:6512
- C:\Windows\System\NBsaojX.exe
  C:\Windows\System\NBsaojX.exe
  2⤵
  PID:6532
- C:\Windows\System\xtOePOE.exe
  C:\Windows\System\xtOePOE.exe
  2⤵
  PID:6548
- C:\Windows\System\TLIgSTP.exe
  C:\Windows\System\TLIgSTP.exe
  2⤵
  PID:6568
- C:\Windows\System\AaVjEFI.exe
  C:\Windows\System\AaVjEFI.exe
  2⤵
  PID:6620
- C:\Windows\System\vSVToJl.exe
  C:\Windows\System\vSVToJl.exe
  2⤵
  PID:6636
- C:\Windows\System\cIfmLVE.exe
  C:\Windows\System\cIfmLVE.exe
  2⤵
  PID:6668
- C:\Windows\System\uBTmdRT.exe
  C:\Windows\System\uBTmdRT.exe
  2⤵
  PID:6688
- C:\Windows\System\QvBmPHk.exe
  C:\Windows\System\QvBmPHk.exe
  2⤵
  PID:6708
- C:\Windows\System\wCSwOdj.exe
  C:\Windows\System\wCSwOdj.exe
  2⤵
  PID:6772
- C:\Windows\System\PekjwSZ.exe
  C:\Windows\System\PekjwSZ.exe
  2⤵
  PID:6820
- C:\Windows\System\FkyJrdH.exe
  C:\Windows\System\FkyJrdH.exe
  2⤵
  PID:6844
- C:\Windows\System\VURCHkm.exe
  C:\Windows\System\VURCHkm.exe
  2⤵
  PID:6864
- C:\Windows\System\UkfecUF.exe
  C:\Windows\System\UkfecUF.exe
  2⤵
  PID:6892
- C:\Windows\System\JzLpeTa.exe
  C:\Windows\System\JzLpeTa.exe
  2⤵
  PID:6912
- C:\Windows\System\tzjjeSO.exe
  C:\Windows\System\tzjjeSO.exe
  2⤵
  PID:6928
- C:\Windows\System\KYPNFIE.exe
  C:\Windows\System\KYPNFIE.exe
  2⤵
  PID:6964
- C:\Windows\System\xYsasTF.exe
  C:\Windows\System\xYsasTF.exe
  2⤵
  PID:6988
- C:\Windows\System\dbIADWr.exe
  C:\Windows\System\dbIADWr.exe
  2⤵
  PID:7012
- C:\Windows\System\HxswDRr.exe
  C:\Windows\System\HxswDRr.exe
  2⤵
  PID:7028
- C:\Windows\System\BUdHSqh.exe
  C:\Windows\System\BUdHSqh.exe
  2⤵
  PID:7060
- C:\Windows\System\OTUHXpe.exe
  C:\Windows\System\OTUHXpe.exe
  2⤵
  PID:7084
- C:\Windows\System\xtJknZY.exe
  C:\Windows\System\xtJknZY.exe
  2⤵
  PID:7104
- C:\Windows\System\RBtaCiL.exe
  C:\Windows\System\RBtaCiL.exe
  2⤵
  PID:7124
- C:\Windows\System\NUmNIpH.exe
  C:\Windows\System\NUmNIpH.exe
  2⤵
  PID:7144
- C:\Windows\System\oqqhRWJ.exe
  C:\Windows\System\oqqhRWJ.exe
  2⤵
  PID:6140
- C:\Windows\System\SEgsluP.exe
  C:\Windows\System\SEgsluP.exe
  2⤵
  PID:6104
- C:\Windows\System\euXbvEq.exe
  C:\Windows\System\euXbvEq.exe
  2⤵
  PID:1524
- C:\Windows\System\PLMXooU.exe
  C:\Windows\System\PLMXooU.exe
  2⤵
  PID:5976
- C:\Windows\System\iiwNCOP.exe
  C:\Windows\System\iiwNCOP.exe
  2⤵
  PID:5940
- C:\Windows\System\xGwmipI.exe
  C:\Windows\System\xGwmipI.exe
  2⤵
  PID:5888
- C:\Windows\System\bFjtzCS.exe
  C:\Windows\System\bFjtzCS.exe
  2⤵
  PID:5852
- C:\Windows\System\aYXKUgV.exe
  C:\Windows\System\aYXKUgV.exe
  2⤵
  PID:5636
- C:\Windows\System\tQpqrqW.exe
  C:\Windows\System\tQpqrqW.exe
  2⤵
  PID:5580
- C:\Windows\System\VaCUBnm.exe
  C:\Windows\System\VaCUBnm.exe
  2⤵
  PID:5512
- C:\Windows\System\VVLzdqU.exe
  C:\Windows\System\VVLzdqU.exe
  2⤵
  PID:5464
- C:\Windows\System\UlZNQoc.exe
  C:\Windows\System\UlZNQoc.exe
  2⤵
  PID:5424
- C:\Windows\System\afrMeht.exe
  C:\Windows\System\afrMeht.exe
  2⤵
  PID:5308
- C:\Windows\System\FtGABek.exe
  C:\Windows\System\FtGABek.exe
  2⤵
  PID:5272
- C:\Windows\System\LqfCJvx.exe
  C:\Windows\System\LqfCJvx.exe
  2⤵
  PID:5192
- C:\Windows\System\ktsTIIs.exe
  C:\Windows\System\ktsTIIs.exe
  2⤵
  PID:5132
- C:\Windows\System\cswzkst.exe
  C:\Windows\System\cswzkst.exe
  2⤵
  PID:3432
- C:\Windows\System\MJBvmZD.exe
  C:\Windows\System\MJBvmZD.exe
  2⤵
  PID:4524
- C:\Windows\System\VdUAXao.exe
  C:\Windows\System\VdUAXao.exe
  2⤵
  PID:5116
- C:\Windows\System\LUpPlwL.exe
  C:\Windows\System\LUpPlwL.exe
  2⤵
  PID:1552
- C:\Windows\System\AulFemG.exe
  C:\Windows\System\AulFemG.exe
  2⤵
  PID:3800
- C:\Windows\System\BPUTszd.exe
  C:\Windows\System\BPUTszd.exe
  2⤵
  PID:744
- C:\Windows\System\UHeTTFH.exe
  C:\Windows\System\UHeTTFH.exe
  2⤵
  PID:4056
- C:\Windows\System\OTTlbrg.exe
  C:\Windows\System\OTTlbrg.exe
  2⤵
  PID:1404
- C:\Windows\System\HbHkqus.exe
  C:\Windows\System\HbHkqus.exe
  2⤵
  PID:740
- C:\Windows\System\LhALInS.exe
  C:\Windows\System\LhALInS.exe
  2⤵
  PID:1268
- C:\Windows\System\uuznyCj.exe
  C:\Windows\System\uuznyCj.exe
  2⤵
  PID:5084
- C:\Windows\System\rZgYweJ.exe
  C:\Windows\System\rZgYweJ.exe
  2⤵
  PID:3960
- C:\Windows\System\aJSoNZy.exe
  C:\Windows\System\aJSoNZy.exe
  2⤵
  PID:3108
- C:\Windows\System\tNEKgkh.exe
  C:\Windows\System\tNEKgkh.exe
  2⤵
  PID:392
- C:\Windows\System\xYxEpSJ.exe
  C:\Windows\System\xYxEpSJ.exe
  2⤵
  PID:4064
- C:\Windows\System\PLwGnes.exe
  C:\Windows\System\PLwGnes.exe
  2⤵
  PID:6172
- C:\Windows\System\VievJCv.exe
  C:\Windows\System\VievJCv.exe
  2⤵
  PID:4352
- C:\Windows\System\rovtTmZ.exe
  C:\Windows\System\rovtTmZ.exe
  2⤵
  PID:2752
- C:\Windows\System\iqgqXnJ.exe
  C:\Windows\System\iqgqXnJ.exe
  2⤵
  PID:6236
- C:\Windows\System\YJjQGlG.exe
  C:\Windows\System\YJjQGlG.exe
  2⤵
  PID:6276
- C:\Windows\System\nQRkixd.exe
  C:\Windows\System\nQRkixd.exe
  2⤵
  PID:6320
- C:\Windows\System\wEUybGw.exe
  C:\Windows\System\wEUybGw.exe
  2⤵
  PID:6344
- C:\Windows\System\CuXVcFW.exe
  C:\Windows\System\CuXVcFW.exe
  2⤵
  PID:6388
- C:\Windows\System\MGalUFH.exe
  C:\Windows\System\MGalUFH.exe
  2⤵
  PID:3356
- C:\Windows\System\Jrssuot.exe
  C:\Windows\System\Jrssuot.exe
  2⤵
  PID:5096
- C:\Windows\System\aTuQmtp.exe
  C:\Windows\System\aTuQmtp.exe
  2⤵
  PID:6508
- C:\Windows\System\FKmTRSw.exe
  C:\Windows\System\FKmTRSw.exe
  2⤵
  PID:6524
- C:\Windows\System\nnoFbRj.exe
  C:\Windows\System\nnoFbRj.exe
  2⤵
  PID:6596
- C:\Windows\System\AFapkEE.exe
  C:\Windows\System\AFapkEE.exe
  2⤵
  PID:6680
- C:\Windows\System\NqhcjoY.exe
  C:\Windows\System\NqhcjoY.exe
  2⤵
  PID:6652
- C:\Windows\System\CcObhCH.exe
  C:\Windows\System\CcObhCH.exe
  2⤵
  PID:6800
- C:\Windows\System\zRtgolS.exe
  C:\Windows\System\zRtgolS.exe
  2⤵
  PID:6904
- C:\Windows\System\yOYIFoR.exe
  C:\Windows\System\yOYIFoR.exe
  2⤵
  PID:6884
- C:\Windows\System\fzreqLi.exe
  C:\Windows\System\fzreqLi.exe
  2⤵
  PID:6952
- C:\Windows\System\tcIUTkt.exe
  C:\Windows\System\tcIUTkt.exe
  2⤵
  PID:6980
- C:\Windows\System\CDRyGhV.exe
  C:\Windows\System\CDRyGhV.exe
  2⤵
  PID:7096
- C:\Windows\System\CsAOxbc.exe
  C:\Windows\System\CsAOxbc.exe
  2⤵
  PID:7024
- C:\Windows\System\lYlKFyc.exe
  C:\Windows\System\lYlKFyc.exe
  2⤵
  PID:7052
- C:\Windows\System\TOkIZqg.exe
  C:\Windows\System\TOkIZqg.exe
  2⤵
  PID:6092
- C:\Windows\System\kbpckar.exe
  C:\Windows\System\kbpckar.exe
  2⤵
  PID:5728
- C:\Windows\System\AdPCGyB.exe
  C:\Windows\System\AdPCGyB.exe
  2⤵
  PID:5804
- C:\Windows\System\wNiSNlN.exe
  C:\Windows\System\wNiSNlN.exe
  2⤵
  PID:5484
- C:\Windows\System\wIpZOqL.exe
  C:\Windows\System\wIpZOqL.exe
  2⤵
  PID:5428
- C:\Windows\System\WbqaoiO.exe
  C:\Windows\System\WbqaoiO.exe
  2⤵
  PID:5656
- C:\Windows\System\VmJXxzX.exe
  C:\Windows\System\VmJXxzX.exe
  2⤵
  PID:5364
- C:\Windows\System\KDbQzTj.exe
  C:\Windows\System\KDbQzTj.exe
  2⤵
  PID:5216
- C:\Windows\System\OXXECJc.exe
  C:\Windows\System\OXXECJc.exe
  2⤵
  PID:5124
- C:\Windows\System\TnXdQGn.exe
  C:\Windows\System\TnXdQGn.exe
  2⤵
  PID:2032
- C:\Windows\System\vYqhnZZ.exe
  C:\Windows\System\vYqhnZZ.exe
  2⤵
  PID:2116
- C:\Windows\System\FGCrvYT.exe
  C:\Windows\System\FGCrvYT.exe
  2⤵
  PID:3756
- C:\Windows\System\uXopMmA.exe
  C:\Windows\System\uXopMmA.exe
  2⤵
  PID:3660
- C:\Windows\System\FwoboNn.exe
  C:\Windows\System\FwoboNn.exe
  2⤵
  PID:2480
- C:\Windows\System\RVdKFbW.exe
  C:\Windows\System\RVdKFbW.exe
  2⤵
  PID:6240
- C:\Windows\System\BMyLWzT.exe
  C:\Windows\System\BMyLWzT.exe
  2⤵
  PID:3688
- C:\Windows\System\fMIYYsd.exe
  C:\Windows\System\fMIYYsd.exe
  2⤵
  PID:6296
- C:\Windows\System\uXpEFgB.exe
  C:\Windows\System\uXpEFgB.exe
  2⤵
  PID:6504
- C:\Windows\System\RyvVShP.exe
  C:\Windows\System\RyvVShP.exe
  2⤵
  PID:6656
- C:\Windows\System\dvUWgbM.exe
  C:\Windows\System\dvUWgbM.exe
  2⤵
  PID:6816
- C:\Windows\System\HegoMrB.exe
  C:\Windows\System\HegoMrB.exe
  2⤵
  PID:6880
- C:\Windows\System\IZlHuDB.exe
  C:\Windows\System\IZlHuDB.exe
  2⤵
  PID:7004
- C:\Windows\System\VgrgsnJ.exe
  C:\Windows\System\VgrgsnJ.exe
  2⤵
  PID:7140
- C:\Windows\System\gVVBkBG.exe
  C:\Windows\System\gVVBkBG.exe
  2⤵
  PID:5736
- C:\Windows\System\JJzHoqh.exe
  C:\Windows\System\JJzHoqh.exe
  2⤵
  PID:5280
- C:\Windows\System\GbYNIqs.exe
  C:\Windows\System\GbYNIqs.exe
  2⤵
  PID:4972
- C:\Windows\System\bfTOFiw.exe
  C:\Windows\System\bfTOFiw.exe
  2⤵
  PID:1936
- C:\Windows\System\hrzoKNY.exe
  C:\Windows\System\hrzoKNY.exe
  2⤵
  PID:4516
- C:\Windows\System\rPRiuQQ.exe
  C:\Windows\System\rPRiuQQ.exe
  2⤵
  PID:800
- C:\Windows\System\oELttHp.exe
  C:\Windows\System\oELttHp.exe
  2⤵
  PID:6180
- C:\Windows\System\ypMlbOv.exe
  C:\Windows\System\ypMlbOv.exe
  2⤵
  PID:6312
- C:\Windows\System\MFFVwHf.exe
  C:\Windows\System\MFFVwHf.exe
  2⤵
  PID:6888
- C:\Windows\System\rAeOEkR.exe
  C:\Windows\System\rAeOEkR.exe
  2⤵
  PID:6960
- C:\Windows\System\hYgvUXT.exe
  C:\Windows\System\hYgvUXT.exe
  2⤵
  PID:5792
- C:\Windows\System\rIIxcyY.exe
  C:\Windows\System\rIIxcyY.exe
  2⤵
  PID:2868
- C:\Windows\System\ZzbdOab.exe
  C:\Windows\System\ZzbdOab.exe
  2⤵
  PID:4148
- C:\Windows\System\PmeypwW.exe
  C:\Windows\System\PmeypwW.exe
  2⤵
  PID:4084
- C:\Windows\System\dmkDgWY.exe
  C:\Windows\System\dmkDgWY.exe
  2⤵
  PID:6040
- C:\Windows\System\hJvCViM.exe
  C:\Windows\System\hJvCViM.exe
  2⤵
  PID:4580
- C:\Windows\System\biCKcWy.exe
  C:\Windows\System\biCKcWy.exe
  2⤵
  PID:3600
- C:\Windows\System\QOkeFWY.exe
  C:\Windows\System\QOkeFWY.exe
  2⤵
  PID:3760
- C:\Windows\System\gKzXTwf.exe
  C:\Windows\System\gKzXTwf.exe
  2⤵
  PID:7180
- C:\Windows\System\WaKaORE.exe
  C:\Windows\System\WaKaORE.exe
  2⤵
  PID:7220
- C:\Windows\System\vYAqrXG.exe
  C:\Windows\System\vYAqrXG.exe
  2⤵
  PID:7252
- C:\Windows\System\bFBTPQs.exe
  C:\Windows\System\bFBTPQs.exe
  2⤵
  PID:7276
- C:\Windows\System\yXxgvst.exe
  C:\Windows\System\yXxgvst.exe
  2⤵
  PID:7296
- C:\Windows\System\JHvdcOG.exe
  C:\Windows\System\JHvdcOG.exe
  2⤵
  PID:7324
- C:\Windows\System\wHBMsmj.exe
  C:\Windows\System\wHBMsmj.exe
  2⤵
  PID:7368
- C:\Windows\System\TiPqmmZ.exe
  C:\Windows\System\TiPqmmZ.exe
  2⤵
  PID:7384
- C:\Windows\System\IKwsvUr.exe
  C:\Windows\System\IKwsvUr.exe
  2⤵
  PID:7420
- C:\Windows\System\eyVFqJl.exe
  C:\Windows\System\eyVFqJl.exe
  2⤵
  PID:7456
- C:\Windows\System\ZcibYmt.exe
  C:\Windows\System\ZcibYmt.exe
  2⤵
  PID:7480
- C:\Windows\System\bjeVqEk.exe
  C:\Windows\System\bjeVqEk.exe
  2⤵
  PID:7500
- C:\Windows\System\JGMeMsp.exe
  C:\Windows\System\JGMeMsp.exe
  2⤵
  PID:7520
- C:\Windows\System\XbVKrFl.exe
  C:\Windows\System\XbVKrFl.exe
  2⤵
  PID:7544
- C:\Windows\System\OkrkhLm.exe
  C:\Windows\System\OkrkhLm.exe
  2⤵
  PID:7564
- C:\Windows\System\YHaAwRZ.exe
  C:\Windows\System\YHaAwRZ.exe
  2⤵
  PID:7608
- C:\Windows\System\cHXaJvx.exe
  C:\Windows\System\cHXaJvx.exe
  2⤵
  PID:7660
- C:\Windows\System\PPkmJya.exe
  C:\Windows\System\PPkmJya.exe
  2⤵
  PID:7680
- C:\Windows\System\wElYAqw.exe
  C:\Windows\System\wElYAqw.exe
  2⤵
  PID:7700
- C:\Windows\System\sNSZNFi.exe
  C:\Windows\System\sNSZNFi.exe
  2⤵
  PID:7736
- C:\Windows\System\YwiMyxG.exe
  C:\Windows\System\YwiMyxG.exe
  2⤵
  PID:7768
- C:\Windows\System\WzIqWsb.exe
  C:\Windows\System\WzIqWsb.exe
  2⤵
  PID:7784
- C:\Windows\System\kjkqysp.exe
  C:\Windows\System\kjkqysp.exe
  2⤵
  PID:7844
- C:\Windows\System\QUfqfjK.exe
  C:\Windows\System\QUfqfjK.exe
  2⤵
  PID:7864
- C:\Windows\System\UdpkAsq.exe
  C:\Windows\System\UdpkAsq.exe
  2⤵
  PID:7916
- C:\Windows\System\XHKQRUE.exe
  C:\Windows\System\XHKQRUE.exe
  2⤵
  PID:7944
- C:\Windows\System\VPPrTEM.exe
  C:\Windows\System\VPPrTEM.exe
  2⤵
  PID:7996
- C:\Windows\System\RkToCVh.exe
  C:\Windows\System\RkToCVh.exe
  2⤵
  PID:8028
- C:\Windows\System\KvXHbOC.exe
  C:\Windows\System\KvXHbOC.exe
  2⤵
  PID:8048
- C:\Windows\System\GsJLmNx.exe
  C:\Windows\System\GsJLmNx.exe
  2⤵
  PID:8076
- C:\Windows\System\COtDyhV.exe
  C:\Windows\System\COtDyhV.exe
  2⤵
  PID:8092
- C:\Windows\System\jhvGyFq.exe
  C:\Windows\System\jhvGyFq.exe
  2⤵
  PID:8120
- C:\Windows\System\GpHiAkc.exe
  C:\Windows\System\GpHiAkc.exe
  2⤵
  PID:8144
- C:\Windows\System\GXePewz.exe
  C:\Windows\System\GXePewz.exe
  2⤵
  PID:6764
- C:\Windows\System\yIeitvM.exe
  C:\Windows\System\yIeitvM.exe
  2⤵
  PID:7192
- C:\Windows\System\SwVMPax.exe
  C:\Windows\System\SwVMPax.exe
  2⤵
  PID:7240
- C:\Windows\System\weFQOdd.exe
  C:\Windows\System\weFQOdd.exe
  2⤵
  PID:7312
- C:\Windows\System\FHcLuhN.exe
  C:\Windows\System\FHcLuhN.exe
  2⤵
  PID:7316
- C:\Windows\System\FQFSkVk.exe
  C:\Windows\System\FQFSkVk.exe
  2⤵
  PID:7376
- C:\Windows\System\ReoDMXc.exe
  C:\Windows\System\ReoDMXc.exe
  2⤵
  PID:7436
- C:\Windows\System\uhWSihB.exe
  C:\Windows\System\uhWSihB.exe
  2⤵
  PID:7468
- C:\Windows\System\SOLPGbe.exe
  C:\Windows\System\SOLPGbe.exe
  2⤵
  PID:7560
- C:\Windows\System\WYkBaoj.exe
  C:\Windows\System\WYkBaoj.exe
  2⤵
  PID:7688
- C:\Windows\System\pXBbCeM.exe
  C:\Windows\System\pXBbCeM.exe
  2⤵
  PID:7728
- C:\Windows\System\kSprhGx.exe
  C:\Windows\System\kSprhGx.exe
  2⤵
  PID:7760
- C:\Windows\System\kIRQqqC.exe
  C:\Windows\System\kIRQqqC.exe
  2⤵
  PID:7816
- C:\Windows\System\XXMwRjZ.exe
  C:\Windows\System\XXMwRjZ.exe
  2⤵
  PID:4364
- C:\Windows\System\ijNwTdg.exe
  C:\Windows\System\ijNwTdg.exe
  2⤵
  PID:7912
- C:\Windows\System\CkwHtBp.exe
  C:\Windows\System\CkwHtBp.exe
  2⤵
  PID:8036
- C:\Windows\System\BSzLVvm.exe
  C:\Windows\System\BSzLVvm.exe
  2⤵
  PID:8088
- C:\Windows\System\HBcEZnu.exe
  C:\Windows\System\HBcEZnu.exe
  2⤵
  PID:7248
- C:\Windows\System\InMqjxe.exe
  C:\Windows\System\InMqjxe.exe
  2⤵
  PID:7488
- C:\Windows\System\ZCWsetR.exe
  C:\Windows\System\ZCWsetR.exe
  2⤵
  PID:7448
- C:\Windows\System\hwdmcYo.exe
  C:\Windows\System\hwdmcYo.exe
  2⤵
  PID:7616
- C:\Windows\System\DUHFxHz.exe
  C:\Windows\System\DUHFxHz.exe
  2⤵
  PID:7692
- C:\Windows\System\ZPNKHLb.exe
  C:\Windows\System\ZPNKHLb.exe
  2⤵
  PID:7824
- C:\Windows\System\pYUVeoK.exe
  C:\Windows\System\pYUVeoK.exe
  2⤵
  PID:7172
- C:\Windows\System\WPVYIem.exe
  C:\Windows\System\WPVYIem.exe
  2⤵
  PID:7292
- C:\Windows\System\lhKOjfo.exe
  C:\Windows\System\lhKOjfo.exe
  2⤵
  PID:8220
- C:\Windows\System\kWeauxg.exe
  C:\Windows\System\kWeauxg.exe
  2⤵
  PID:8244
- C:\Windows\System\PKqfupJ.exe
  C:\Windows\System\PKqfupJ.exe
  2⤵
  PID:8264
- C:\Windows\System\Plaglry.exe
  C:\Windows\System\Plaglry.exe
  2⤵
  PID:8292
- C:\Windows\System\yLoYZLF.exe
  C:\Windows\System\yLoYZLF.exe
  2⤵
  PID:8312
- C:\Windows\System\dnyYJWA.exe
  C:\Windows\System\dnyYJWA.exe
  2⤵
  PID:8332
- C:\Windows\System\eMUIuSe.exe
  C:\Windows\System\eMUIuSe.exe
  2⤵
  PID:8356
- C:\Windows\System\jIzjQnk.exe
  C:\Windows\System\jIzjQnk.exe
  2⤵
  PID:8376
- C:\Windows\System\VAYzrpr.exe
  C:\Windows\System\VAYzrpr.exe
  2⤵
  PID:8420
- C:\Windows\System\VdqFggu.exe
  C:\Windows\System\VdqFggu.exe
  2⤵
  PID:8440
- C:\Windows\System\EFAXJBO.exe
  C:\Windows\System\EFAXJBO.exe
  2⤵
  PID:8484
- C:\Windows\System\cAUqJVc.exe
  C:\Windows\System\cAUqJVc.exe
  2⤵
  PID:8504
- C:\Windows\System\EHjAHNo.exe
  C:\Windows\System\EHjAHNo.exe
  2⤵
  PID:8540
- C:\Windows\System\OSfDAYh.exe
  C:\Windows\System\OSfDAYh.exe
  2⤵
  PID:8588
- C:\Windows\System\BOMwuLj.exe
  C:\Windows\System\BOMwuLj.exe
  2⤵
  PID:8624
- C:\Windows\System\NabPHcj.exe
  C:\Windows\System\NabPHcj.exe
  2⤵
  PID:8648
- C:\Windows\System\FYwJiAT.exe
  C:\Windows\System\FYwJiAT.exe
  2⤵
  PID:8676
- C:\Windows\System\dBipQtK.exe
  C:\Windows\System\dBipQtK.exe
  2⤵
  PID:8700
- C:\Windows\System\KhFRaRS.exe
  C:\Windows\System\KhFRaRS.exe
  2⤵
  PID:8716
- C:\Windows\System\UJHZzyS.exe
  C:\Windows\System\UJHZzyS.exe
  2⤵
  PID:8744
- C:\Windows\System\mUnukJT.exe
  C:\Windows\System\mUnukJT.exe
  2⤵
  PID:8772
- C:\Windows\System\TpixWdf.exe
  C:\Windows\System\TpixWdf.exe
  2⤵
  PID:8796
- C:\Windows\System\jPMQRHY.exe
  C:\Windows\System\jPMQRHY.exe
  2⤵
  PID:8816
- C:\Windows\System\bZUdwiN.exe
  C:\Windows\System\bZUdwiN.exe
  2⤵
  PID:8852
- C:\Windows\System\QbZrOLe.exe
  C:\Windows\System\QbZrOLe.exe
  2⤵
  PID:8880
- C:\Windows\System\LoIVpaJ.exe
  C:\Windows\System\LoIVpaJ.exe
  2⤵
  PID:8924
- C:\Windows\System\lejUwpe.exe
  C:\Windows\System\lejUwpe.exe
  2⤵
  PID:8948
- C:\Windows\System\sleXXOD.exe
  C:\Windows\System\sleXXOD.exe
  2⤵
  PID:8972
- C:\Windows\System\HGITZFt.exe
  C:\Windows\System\HGITZFt.exe
  2⤵
  PID:8992
- C:\Windows\System\GlSLltl.exe
  C:\Windows\System\GlSLltl.exe
  2⤵
  PID:9024
- C:\Windows\System\xrYQfcF.exe
  C:\Windows\System\xrYQfcF.exe
  2⤵
  PID:9048
- C:\Windows\System\OmSQGFV.exe
  C:\Windows\System\OmSQGFV.exe
  2⤵
  PID:9096
- C:\Windows\System\LMTtEpU.exe
  C:\Windows\System\LMTtEpU.exe
  2⤵
  PID:9140
- C:\Windows\System\iJhKrMS.exe
  C:\Windows\System\iJhKrMS.exe
  2⤵
  PID:9164
- C:\Windows\System\VFxiPAo.exe
  C:\Windows\System\VFxiPAo.exe
  2⤵
  PID:9184
- C:\Windows\System\IdnXQxP.exe
  C:\Windows\System\IdnXQxP.exe
  2⤵
  PID:9200
- C:\Windows\System\aSvEKtO.exe
  C:\Windows\System\aSvEKtO.exe
  2⤵
  PID:7808
- C:\Windows\System\DKCAtyA.exe
  C:\Windows\System\DKCAtyA.exe
  2⤵
  PID:7932
- C:\Windows\System\TCVQvbl.exe
  C:\Windows\System\TCVQvbl.exe
  2⤵
  PID:3748
- C:\Windows\System\MrfPzZk.exe
  C:\Windows\System\MrfPzZk.exe
  2⤵
  PID:8276
- C:\Windows\System\oaddWvt.exe
  C:\Windows\System\oaddWvt.exe
  2⤵
  PID:8364
- C:\Windows\System\RqTizJM.exe
  C:\Windows\System\RqTizJM.exe
  2⤵
  PID:8304
- C:\Windows\System\ppfsJUu.exe
  C:\Windows\System\ppfsJUu.exe
  2⤵
  PID:8432
- C:\Windows\System\jUHlcMZ.exe
  C:\Windows\System\jUHlcMZ.exe
  2⤵
  PID:8580
- C:\Windows\System\VdBXkiA.exe
  C:\Windows\System\VdBXkiA.exe
  2⤵
  PID:8712
- C:\Windows\System\BXzSkEo.exe
  C:\Windows\System\BXzSkEo.exe
  2⤵
  PID:8844
- C:\Windows\System\FCaADfG.exe
  C:\Windows\System\FCaADfG.exe
  2⤵
  PID:8836
- C:\Windows\System\NufzdoI.exe
  C:\Windows\System\NufzdoI.exe
  2⤵
  PID:8868
- C:\Windows\System\JcQIsCn.exe
  C:\Windows\System\JcQIsCn.exe
  2⤵
  PID:8920
- C:\Windows\System\LpLbFBa.exe
  C:\Windows\System\LpLbFBa.exe
  2⤵
  PID:8988
- C:\Windows\System\orOEqrX.exe
  C:\Windows\System\orOEqrX.exe
  2⤵
  PID:9016
- C:\Windows\System\mGKwPec.exe
  C:\Windows\System\mGKwPec.exe
  2⤵
  PID:9076
- C:\Windows\System\RZAyvwU.exe
  C:\Windows\System\RZAyvwU.exe
  2⤵
  PID:9084
- C:\Windows\System\UBCNttB.exe
  C:\Windows\System\UBCNttB.exe
  2⤵
  PID:9132
- C:\Windows\System\MweRNNS.exe
  C:\Windows\System\MweRNNS.exe
  2⤵
  PID:9172
- C:\Windows\System\QiHhyLX.exe
  C:\Windows\System\QiHhyLX.exe
  2⤵
  PID:9196
- C:\Windows\System\DqEWhZd.exe
  C:\Windows\System\DqEWhZd.exe
  2⤵
  PID:8024
- C:\Windows\System\dYvgeZD.exe
  C:\Windows\System\dYvgeZD.exe
  2⤵
  PID:8216
- C:\Windows\System\agmdwWN.exe
  C:\Windows\System\agmdwWN.exe
  2⤵
  PID:8328
- C:\Windows\System\ViIaUef.exe
  C:\Windows\System\ViIaUef.exe
  2⤵
  PID:8644
- C:\Windows\System\SIVDlBq.exe
  C:\Windows\System\SIVDlBq.exe
  2⤵
  PID:8656
- C:\Windows\System\MKydPQC.exe
  C:\Windows\System\MKydPQC.exe
  2⤵
  PID:8684
- C:\Windows\System\DSOiuzi.exe
  C:\Windows\System\DSOiuzi.exe
  2⤵
  PID:8324
- C:\Windows\System\obXVKRG.exe
  C:\Windows\System\obXVKRG.exe
  2⤵
  PID:8908
- C:\Windows\System\CJmoEgq.exe
  C:\Windows\System\CJmoEgq.exe
  2⤵
  PID:9220
- C:\Windows\System\AUiMlKk.exe
  C:\Windows\System\AUiMlKk.exe
  2⤵
  PID:9240
- C:\Windows\System\NaYlinJ.exe
  C:\Windows\System\NaYlinJ.exe
  2⤵
  PID:9256
- C:\Windows\System\KTMOApI.exe
  C:\Windows\System\KTMOApI.exe
  2⤵
  PID:9296
- C:\Windows\System\wifcIHv.exe
  C:\Windows\System\wifcIHv.exe
  2⤵
  PID:9332
- C:\Windows\System\bEXiccx.exe
  C:\Windows\System\bEXiccx.exe
  2⤵
  PID:9348
- C:\Windows\System\WFrVtqu.exe
  C:\Windows\System\WFrVtqu.exe
  2⤵
  PID:9372
- C:\Windows\System\frUzrsy.exe
  C:\Windows\System\frUzrsy.exe
  2⤵
  PID:9392
- C:\Windows\System\QaGkOvk.exe
  C:\Windows\System\QaGkOvk.exe
  2⤵
  PID:9416
- C:\Windows\System\pyMqHza.exe
  C:\Windows\System\pyMqHza.exe
  2⤵
  PID:9448
- C:\Windows\System\WdUAdGi.exe
  C:\Windows\System\WdUAdGi.exe
  2⤵
  PID:9476
- C:\Windows\System\xpgkrgO.exe
  C:\Windows\System\xpgkrgO.exe
  2⤵
  PID:9496
- C:\Windows\System\gFdeMPr.exe
  C:\Windows\System\gFdeMPr.exe
  2⤵
  PID:9520
- C:\Windows\System\ykhYWve.exe
  C:\Windows\System\ykhYWve.exe
  2⤵
  PID:9540
- C:\Windows\System\NEHEVDI.exe
  C:\Windows\System\NEHEVDI.exe
  2⤵
  PID:9580
- C:\Windows\System\RvtQuTx.exe
  C:\Windows\System\RvtQuTx.exe
  2⤵
  PID:9604
- C:\Windows\System\XzYIgXh.exe
  C:\Windows\System\XzYIgXh.exe
  2⤵
  PID:9636
- C:\Windows\System\zgKXApf.exe
  C:\Windows\System\zgKXApf.exe
  2⤵
  PID:9680
- C:\Windows\System\oJOyaiq.exe
  C:\Windows\System\oJOyaiq.exe
  2⤵
  PID:9708
- C:\Windows\System\eBTfmFk.exe
  C:\Windows\System\eBTfmFk.exe
  2⤵
  PID:9732
- C:\Windows\System\KVDDeGH.exe
  C:\Windows\System\KVDDeGH.exe
  2⤵
  PID:9756
- C:\Windows\System\EukyUqu.exe
  C:\Windows\System\EukyUqu.exe
  2⤵
  PID:9788
- C:\Windows\System\TDbGdQY.exe
  C:\Windows\System\TDbGdQY.exe
  2⤵
  PID:9812
- C:\Windows\System\rboTMWr.exe
  C:\Windows\System\rboTMWr.exe
  2⤵
  PID:9876
- C:\Windows\System\gRNzrsZ.exe
  C:\Windows\System\gRNzrsZ.exe
  2⤵
  PID:9896
- C:\Windows\System\OnkqiSb.exe
  C:\Windows\System\OnkqiSb.exe
  2⤵
  PID:9916
- C:\Windows\System\JIJLLod.exe
  C:\Windows\System\JIJLLod.exe
  2⤵
  PID:9936
- C:\Windows\System\MDTLvRU.exe
  C:\Windows\System\MDTLvRU.exe
  2⤵
  PID:9976
- C:\Windows\System\tDMGZhr.exe
  C:\Windows\System\tDMGZhr.exe
  2⤵
  PID:10008
- C:\Windows\System\iSqQuVc.exe
  C:\Windows\System\iSqQuVc.exe
  2⤵
  PID:10032
- C:\Windows\System\svOIBVt.exe
  C:\Windows\System\svOIBVt.exe
  2⤵
  PID:10060
- C:\Windows\System\ICqrImp.exe
  C:\Windows\System\ICqrImp.exe
  2⤵
  PID:10088
- C:\Windows\System\ggNzVrM.exe
  C:\Windows\System\ggNzVrM.exe
  2⤵
  PID:10108
- C:\Windows\System\XDHJyia.exe
  C:\Windows\System\XDHJyia.exe
  2⤵
  PID:10132
- C:\Windows\System\ZUrweCq.exe
  C:\Windows\System\ZUrweCq.exe
  2⤵
  PID:10172
- C:\Windows\System\gBsrlyO.exe
  C:\Windows\System\gBsrlyO.exe
  2⤵
  PID:10192
- C:\Windows\System\yPGHDNt.exe
  C:\Windows\System\yPGHDNt.exe
  2⤵
  PID:10216
- C:\Windows\System\gpYuRcr.exe
  C:\Windows\System\gpYuRcr.exe
  2⤵
  PID:10236
- C:\Windows\System\WrWttXb.exe
  C:\Windows\System\WrWttXb.exe
  2⤵
  PID:9264
- C:\Windows\System\CkFuliM.exe
  C:\Windows\System\CkFuliM.exe
  2⤵
  PID:9288
- C:\Windows\System\syjwDVH.exe
  C:\Windows\System\syjwDVH.exe
  2⤵
  PID:9328
- C:\Windows\System\rSGiMgO.exe
  C:\Windows\System\rSGiMgO.exe
  2⤵
  PID:9492
- C:\Windows\System\PtxOxnV.exe
  C:\Windows\System\PtxOxnV.exe
  2⤵
  PID:9596
- C:\Windows\System\nYTKNRO.exe
  C:\Windows\System\nYTKNRO.exe
  2⤵
  PID:9616
- C:\Windows\System\JLumuCL.exe
  C:\Windows\System\JLumuCL.exe
  2⤵
  PID:9644
- C:\Windows\System\SrMNPRV.exe
  C:\Windows\System\SrMNPRV.exe
  2⤵
  PID:9724
- C:\Windows\System\ZCciYaj.exe
  C:\Windows\System\ZCciYaj.exe
  2⤵
  PID:9796
- C:\Windows\System\sUPxcNJ.exe
  C:\Windows\System\sUPxcNJ.exe
  2⤵
  PID:9800
- C:\Windows\System\OPdTOZj.exe
  C:\Windows\System\OPdTOZj.exe
  2⤵
  PID:9912
- C:\Windows\System\wxmKxmu.exe
  C:\Windows\System\wxmKxmu.exe
  2⤵
  PID:10028
- C:\Windows\System\HiwcRso.exe
  C:\Windows\System\HiwcRso.exe
  2⤵
  PID:10116
- C:\Windows\System\dESUYDW.exe
  C:\Windows\System\dESUYDW.exe
  2⤵
  PID:10120
- C:\Windows\System\WEkVHto.exe
  C:\Windows\System\WEkVHto.exe
  2⤵
  PID:10164
- C:\Windows\System\DONOTnK.exe
  C:\Windows\System\DONOTnK.exe
  2⤵
  PID:9192
- C:\Windows\System\LzTANfV.exe
  C:\Windows\System\LzTANfV.exe
  2⤵
  PID:9248
- C:\Windows\System\WEUONDi.exe
  C:\Windows\System\WEUONDi.exe
  2⤵
  PID:9652
- C:\Windows\System\ImTjUNo.exe
  C:\Windows\System\ImTjUNo.exe
  2⤵
  PID:9752
- C:\Windows\System\CGPxagq.exe
  C:\Windows\System\CGPxagq.exe
  2⤵
  PID:9780
- C:\Windows\System\qTmdAGT.exe
  C:\Windows\System\qTmdAGT.exe
  2⤵
  PID:9892
- C:\Windows\System\PzXqImy.exe
  C:\Windows\System\PzXqImy.exe
  2⤵
  PID:9988
- C:\Windows\System\ZuzYinz.exe
  C:\Windows\System\ZuzYinz.exe
  2⤵
  PID:9228
- C:\Windows\System\UcSoGiK.exe
  C:\Windows\System\UcSoGiK.exe
  2⤵
  PID:9928
- C:\Windows\System\TMXpzeP.exe
  C:\Windows\System\TMXpzeP.exe
  2⤵
  PID:10072
- C:\Windows\System\yguJFTe.exe
  C:\Windows\System\yguJFTe.exe
  2⤵
  PID:9664
- C:\Windows\System\NpSWhHZ.exe
  C:\Windows\System\NpSWhHZ.exe
  2⤵
  PID:9528
- C:\Windows\System\tnrNVJT.exe
  C:\Windows\System\tnrNVJT.exe
  2⤵
  PID:10264
- C:\Windows\System\aPnyHFb.exe
  C:\Windows\System\aPnyHFb.exe
  2⤵
  PID:10296
- C:\Windows\System\uJUZeEj.exe
  C:\Windows\System\uJUZeEj.exe
  2⤵
  PID:10316
- C:\Windows\System\lpqmQmc.exe
  C:\Windows\System\lpqmQmc.exe
  2⤵
  PID:10352
- C:\Windows\System\HfqUDGi.exe
  C:\Windows\System\HfqUDGi.exe
  2⤵
  PID:10392
- C:\Windows\System\rFOawfu.exe
  C:\Windows\System\rFOawfu.exe
  2⤵
  PID:10420
- C:\Windows\System\nXyAoAf.exe
  C:\Windows\System\nXyAoAf.exe
  2⤵
  PID:10444
- C:\Windows\System\NgTFBMf.exe
  C:\Windows\System\NgTFBMf.exe
  2⤵
  PID:10468
- C:\Windows\System\WsPRzBV.exe
  C:\Windows\System\WsPRzBV.exe
  2⤵
  PID:10504
- C:\Windows\System\rplniWU.exe
  C:\Windows\System\rplniWU.exe
  2⤵
  PID:10552
- C:\Windows\System\IlVtzRx.exe
  C:\Windows\System\IlVtzRx.exe
  2⤵
  PID:10568
- C:\Windows\System\PfEqSRh.exe
  C:\Windows\System\PfEqSRh.exe
  2⤵
  PID:10584
- C:\Windows\System\AaCqzbb.exe
  C:\Windows\System\AaCqzbb.exe
  2⤵
  PID:10616
- C:\Windows\System\migEXpe.exe
  C:\Windows\System\migEXpe.exe
  2⤵
  PID:10648
- C:\Windows\System\MhwLPBN.exe
  C:\Windows\System\MhwLPBN.exe
  2⤵
  PID:10672
- C:\Windows\System\aWPXGDf.exe
  C:\Windows\System\aWPXGDf.exe
  2⤵
  PID:10696
- C:\Windows\System\cgDbFZL.exe
  C:\Windows\System\cgDbFZL.exe
  2⤵
  PID:10740
- C:\Windows\System\RnohDjA.exe
  C:\Windows\System\RnohDjA.exe
  2⤵
  PID:10764
- C:\Windows\System\yYupQYO.exe
  C:\Windows\System\yYupQYO.exe
  2⤵
  PID:10784
- C:\Windows\System\ezvdgKd.exe
  C:\Windows\System\ezvdgKd.exe
  2⤵
  PID:10824
- C:\Windows\System\aLtvaUd.exe
  C:\Windows\System\aLtvaUd.exe
  2⤵
  PID:10852
- C:\Windows\System\BuZhwWY.exe
  C:\Windows\System\BuZhwWY.exe
  2⤵
  PID:10884
- C:\Windows\System\vsdnFpE.exe
  C:\Windows\System\vsdnFpE.exe
  2⤵
  PID:10912
- C:\Windows\System\jneCbSl.exe
  C:\Windows\System\jneCbSl.exe
  2⤵
  PID:10936
- C:\Windows\System\sMMWldE.exe
  C:\Windows\System\sMMWldE.exe
  2⤵
  PID:10968
- C:\Windows\System\powPoZe.exe
  C:\Windows\System\powPoZe.exe
  2⤵
  PID:10996
- C:\Windows\System\YXjMfRN.exe
  C:\Windows\System\YXjMfRN.exe
  2⤵
  PID:11012
- C:\Windows\System\clNcnUE.exe
  C:\Windows\System\clNcnUE.exe
  2⤵
  PID:11032
- C:\Windows\System\TtOKHNo.exe
  C:\Windows\System\TtOKHNo.exe
  2⤵
  PID:11056
- C:\Windows\System\gaagPju.exe
  C:\Windows\System\gaagPju.exe
  2⤵
  PID:11076
- C:\Windows\System\moHTsNY.exe
  C:\Windows\System\moHTsNY.exe
  2⤵
  PID:11116
- C:\Windows\System\lwuFhPB.exe
  C:\Windows\System\lwuFhPB.exe
  2⤵
  PID:11140
- C:\Windows\System\LfzvXLA.exe
  C:\Windows\System\LfzvXLA.exe
  2⤵
  PID:11160
- C:\Windows\System\gbGfBTJ.exe
  C:\Windows\System\gbGfBTJ.exe
  2⤵
  PID:11192
- C:\Windows\System\RgYnJIB.exe
  C:\Windows\System\RgYnJIB.exe
  2⤵
  PID:11208
- C:\Windows\System\CxWEKEv.exe
  C:\Windows\System\CxWEKEv.exe
  2⤵
  PID:11224
- C:\Windows\System\zloUvri.exe
  C:\Windows\System\zloUvri.exe
  2⤵
  PID:11248
- C:\Windows\System\iOKCAMm.exe
  C:\Windows\System\iOKCAMm.exe
  2⤵
  PID:9784
- C:\Windows\System\AyXmduS.exe
  C:\Windows\System\AyXmduS.exe
  2⤵
  PID:10260
- C:\Windows\System\alcbcvi.exe
  C:\Windows\System\alcbcvi.exe
  2⤵
  PID:10284
- C:\Windows\System\xLtojSi.exe
  C:\Windows\System\xLtojSi.exe
  2⤵
  PID:10428
- C:\Windows\System\suUaMED.exe
  C:\Windows\System\suUaMED.exe
  2⤵
  PID:10452
- C:\Windows\System\ogGECSv.exe
  C:\Windows\System\ogGECSv.exe
  2⤵
  PID:10540
- C:\Windows\System\cafLNtN.exe
  C:\Windows\System\cafLNtN.exe
  2⤵
  PID:10664
- C:\Windows\System\QqAdeEu.exe
  C:\Windows\System\QqAdeEu.exe
  2⤵
  PID:10816
- C:\Windows\System\HVdEkKN.exe
  C:\Windows\System\HVdEkKN.exe
  2⤵
  PID:10864
- C:\Windows\System\PXkVyQk.exe
  C:\Windows\System\PXkVyQk.exe
  2⤵
  PID:10908
- C:\Windows\System\whGijSo.exe
  C:\Windows\System\whGijSo.exe
  2⤵
  PID:10988
- C:\Windows\System\xeuQHHd.exe
  C:\Windows\System\xeuQHHd.exe
  2⤵
  PID:11072
- C:\Windows\System\WGyeFrf.exe
  C:\Windows\System\WGyeFrf.exe
  2⤵
  PID:11112
- C:\Windows\System\GZUBYtk.exe
  C:\Windows\System\GZUBYtk.exe
  2⤵
  PID:11172
- C:\Windows\System\QJhDpBQ.exe
  C:\Windows\System\QJhDpBQ.exe
  2⤵
  PID:11240
- C:\Windows\System\ABLghFM.exe
  C:\Windows\System\ABLghFM.exe
  2⤵
  PID:11200
- C:\Windows\System\faiKcFH.exe
  C:\Windows\System\faiKcFH.exe
  2⤵
  PID:10604
- C:\Windows\System\TrlhFtQ.exe
  C:\Windows\System\TrlhFtQ.exe
  2⤵
  PID:10344
- C:\Windows\System\jVAESOM.exe
  C:\Windows\System\jVAESOM.exe
  2⤵
  PID:10756
- C:\Windows\System\elnkLTA.exe
  C:\Windows\System\elnkLTA.exe
  2⤵
  PID:10880
- C:\Windows\System\eYHmCRv.exe
  C:\Windows\System\eYHmCRv.exe
  2⤵
  PID:10920
- C:\Windows\System\nrgnMmZ.exe
  C:\Windows\System\nrgnMmZ.exe
  2⤵
  PID:9536
- C:\Windows\System\nUDDgET.exe
  C:\Windows\System\nUDDgET.exe
  2⤵
  PID:10400
- C:\Windows\System\uNhMZpP.exe
  C:\Windows\System\uNhMZpP.exe
  2⤵
  PID:10732
- C:\Windows\System\MtCHzSQ.exe
  C:\Windows\System\MtCHzSQ.exe
  2⤵
  PID:11132
- C:\Windows\System\ouJWdIY.exe
  C:\Windows\System\ouJWdIY.exe
  2⤵
  PID:10496
- C:\Windows\System\dEsIpnc.exe
  C:\Windows\System\dEsIpnc.exe
  2⤵
  PID:11300
- C:\Windows\System\tjRfyEp.exe
  C:\Windows\System\tjRfyEp.exe
  2⤵
  PID:11320
- C:\Windows\System\WRKUpRo.exe
  C:\Windows\System\WRKUpRo.exe
  2⤵
  PID:11344
- C:\Windows\System\Nuzrptz.exe
  C:\Windows\System\Nuzrptz.exe
  2⤵
  PID:11364
- C:\Windows\System\XaaOGFf.exe
  C:\Windows\System\XaaOGFf.exe
  2⤵
  PID:11400
- C:\Windows\System\FOYKxOs.exe
  C:\Windows\System\FOYKxOs.exe
  2⤵
  PID:11424
- C:\Windows\System\mEnUWVT.exe
  C:\Windows\System\mEnUWVT.exe
  2⤵
  PID:11456
- C:\Windows\System\KoFkHfe.exe
  C:\Windows\System\KoFkHfe.exe
  2⤵
  PID:11500
- C:\Windows\System\jZrDvBi.exe
  C:\Windows\System\jZrDvBi.exe
  2⤵
  PID:11524
- C:\Windows\System\annKdyj.exe
  C:\Windows\System\annKdyj.exe
  2⤵
  PID:11540
- C:\Windows\System\Qracxla.exe
  C:\Windows\System\Qracxla.exe
  2⤵
  PID:11596
- C:\Windows\System\kIWfkbF.exe
  C:\Windows\System\kIWfkbF.exe
  2⤵
  PID:11624
- C:\Windows\System\GLvAyZW.exe
  C:\Windows\System\GLvAyZW.exe
  2⤵
  PID:11648
- C:\Windows\System\XfxzIAU.exe
  C:\Windows\System\XfxzIAU.exe
  2⤵
  PID:11664
- C:\Windows\System\AbMAFoU.exe
  C:\Windows\System\AbMAFoU.exe
  2⤵
  PID:11684
- C:\Windows\System\rRYkVST.exe
  C:\Windows\System\rRYkVST.exe
  2⤵
  PID:11732
- C:\Windows\System\PfxOLAP.exe
  C:\Windows\System\PfxOLAP.exe
  2⤵
  PID:11768
- C:\Windows\System\dRBVYnt.exe
  C:\Windows\System\dRBVYnt.exe
  2⤵
  PID:11792
- C:\Windows\System\hZimCGF.exe
  C:\Windows\System\hZimCGF.exe
  2⤵
  PID:11812
- C:\Windows\System\oDkffRl.exe
  C:\Windows\System\oDkffRl.exe
  2⤵
  PID:11836
- C:\Windows\System\JSxCRlC.exe
  C:\Windows\System\JSxCRlC.exe
  2⤵
  PID:11860
- C:\Windows\System\iCsIkjV.exe
  C:\Windows\System\iCsIkjV.exe
  2⤵
  PID:11880
- C:\Windows\System\ZwGrvBt.exe
  C:\Windows\System\ZwGrvBt.exe
  2⤵
  PID:11920
- C:\Windows\System\bhLNUrH.exe
  C:\Windows\System\bhLNUrH.exe
  2⤵
  PID:11952
- C:\Windows\System\qojtUmd.exe
  C:\Windows\System\qojtUmd.exe
  2⤵
  PID:11976
- C:\Windows\System\yZAzRDX.exe
  C:\Windows\System\yZAzRDX.exe
  2⤵
  PID:11996
- C:\Windows\System\ZpLCiKq.exe
  C:\Windows\System\ZpLCiKq.exe
  2⤵
  PID:12016
- C:\Windows\System\XHZEaia.exe
  C:\Windows\System\XHZEaia.exe
  2⤵
  PID:12040
- C:\Windows\System\uAXsmGP.exe
  C:\Windows\System\uAXsmGP.exe
  2⤵
  PID:12088
- C:\Windows\System\qjIrsvp.exe
  C:\Windows\System\qjIrsvp.exe
  2⤵
  PID:12120
- C:\Windows\System\OJQMhyH.exe
  C:\Windows\System\OJQMhyH.exe
  2⤵
  PID:12144
- C:\Windows\System\QyBWpAp.exe
  C:\Windows\System\QyBWpAp.exe
  2⤵
  PID:12160
- C:\Windows\System\dClXNrS.exe
  C:\Windows\System\dClXNrS.exe
  2⤵
  PID:12180
- C:\Windows\System\iPTWWDV.exe
  C:\Windows\System\iPTWWDV.exe
  2⤵
  PID:12196
- C:\Windows\System\mYCJbnE.exe
  C:\Windows\System\mYCJbnE.exe
  2⤵
  PID:12244
- C:\Windows\System\saGodfN.exe
  C:\Windows\System\saGodfN.exe
  2⤵
  PID:11004
- C:\Windows\System\Bkfbfav.exe
  C:\Windows\System\Bkfbfav.exe
  2⤵
  PID:10896
- C:\Windows\System\wbXOSUK.exe
  C:\Windows\System\wbXOSUK.exe
  2⤵
  PID:11316
- C:\Windows\System\MpskObV.exe
  C:\Windows\System\MpskObV.exe
  2⤵
  PID:11356
- C:\Windows\System\pOKhKZH.exe
  C:\Windows\System\pOKhKZH.exe
  2⤵
  PID:11392
- C:\Windows\System\pAvfELt.exe
  C:\Windows\System\pAvfELt.exe
  2⤵
  PID:11468
- C:\Windows\System\bFFUwzh.exe
  C:\Windows\System\bFFUwzh.exe
  2⤵
  PID:11568
- C:\Windows\System\lUfQQBM.exe
  C:\Windows\System\lUfQQBM.exe
  2⤵
  PID:11632
- C:\Windows\System\DGMuuJh.exe
  C:\Windows\System\DGMuuJh.exe
  2⤵
  PID:11680
- C:\Windows\System\LSFqufR.exe
  C:\Windows\System\LSFqufR.exe
  2⤵
  PID:11748
- C:\Windows\System\JAfRccM.exe
  C:\Windows\System\JAfRccM.exe
  2⤵
  PID:11808
- C:\Windows\System\KHwiEPD.exe
  C:\Windows\System\KHwiEPD.exe
  2⤵
  PID:11944
- C:\Windows\System\OHqrRHa.exe
  C:\Windows\System\OHqrRHa.exe
  2⤵
  PID:12004
- C:\Windows\System\TuNNgoK.exe
  C:\Windows\System\TuNNgoK.exe
  2⤵
  PID:12028
- C:\Windows\System\SDCzLvW.exe
  C:\Windows\System\SDCzLvW.exe
  2⤵
  PID:12072
- C:\Windows\System\EssXvSB.exe
  C:\Windows\System\EssXvSB.exe
  2⤵
  PID:12176
- C:\Windows\System\xuJNMdo.exe
  C:\Windows\System\xuJNMdo.exe
  2⤵
  PID:12280
- C:\Windows\System\JGfvQHW.exe
  C:\Windows\System\JGfvQHW.exe
  2⤵
  PID:11280
- C:\Windows\System\nIMJWFC.exe
  C:\Windows\System\nIMJWFC.exe
  2⤵
  PID:11644
- C:\Windows\System\yjUlnpz.exe
  C:\Windows\System\yjUlnpz.exe
  2⤵
  PID:11448
- C:\Windows\System\tOXznrY.exe
  C:\Windows\System\tOXznrY.exe
  2⤵
  PID:11852
- C:\Windows\System\ILjewsQ.exe
  C:\Windows\System\ILjewsQ.exe
  2⤵
  PID:11960
- C:\Windows\System\utwoDAl.exe
  C:\Windows\System\utwoDAl.exe
  2⤵
  PID:12064
- C:\Windows\System\iZVepQW.exe
  C:\Windows\System\iZVepQW.exe
  2⤵
  PID:11220
- C:\Windows\System\ULzEHMd.exe
  C:\Windows\System\ULzEHMd.exe
  2⤵
  PID:11388
- C:\Windows\System\gsXLcgi.exe
  C:\Windows\System\gsXLcgi.exe
  2⤵
  PID:11336
- C:\Windows\System\WpGwcJI.exe
  C:\Windows\System\WpGwcJI.exe
  2⤵
  PID:11804
- C:\Windows\System\nxUlCoF.exe
  C:\Windows\System\nxUlCoF.exe
  2⤵
  PID:12068
- C:\Windows\System\mhdOIlg.exe
  C:\Windows\System\mhdOIlg.exe
  2⤵
  PID:520
- C:\Windows\System\ECJKhUz.exe
  C:\Windows\System\ECJKhUz.exe
  2⤵
  PID:12012
- C:\Windows\System\YwzAVuJ.exe
  C:\Windows\System\YwzAVuJ.exe
  2⤵
  PID:12296
- C:\Windows\System\jdORmRc.exe
  C:\Windows\System\jdORmRc.exe
  2⤵
  PID:12324
- C:\Windows\System\ECNhjbk.exe
  C:\Windows\System\ECNhjbk.exe
  2⤵
  PID:12356
- C:\Windows\System\IIvYeOt.exe
  C:\Windows\System\IIvYeOt.exe
  2⤵
  PID:12380
- C:\Windows\System\ATgFMru.exe
  C:\Windows\System\ATgFMru.exe
  2⤵
  PID:12400
- C:\Windows\System\bqLNkPM.exe
  C:\Windows\System\bqLNkPM.exe
  2⤵
  PID:12420
- C:\Windows\System\WWwSnuU.exe
  C:\Windows\System\WWwSnuU.exe
  2⤵
  PID:12472
- C:\Windows\System\rVicNvR.exe
  C:\Windows\System\rVicNvR.exe
  2⤵
  PID:12492
- C:\Windows\System\WAPSVDz.exe
  C:\Windows\System\WAPSVDz.exe
  2⤵
  PID:12516
- C:\Windows\System\dWoXmgJ.exe
  C:\Windows\System\dWoXmgJ.exe
  2⤵
  PID:12536
- C:\Windows\System\WmFNEOp.exe
  C:\Windows\System\WmFNEOp.exe
  2⤵
  PID:12564
- C:\Windows\System\JMbkExl.exe
  C:\Windows\System\JMbkExl.exe
  2⤵
  PID:12624
- C:\Windows\System\dKrdEHP.exe
  C:\Windows\System\dKrdEHP.exe
  2⤵
  PID:12652
- C:\Windows\System\MXTNDQn.exe
  C:\Windows\System\MXTNDQn.exe
  2⤵
  PID:12680
- C:\Windows\System\ZFcUFCd.exe
  C:\Windows\System\ZFcUFCd.exe
  2⤵
  PID:12700
- C:\Windows\System\dkKaYGL.exe
  C:\Windows\System\dkKaYGL.exe
  2⤵
  PID:12732
- C:\Windows\System\ZkwBRYu.exe
  C:\Windows\System\ZkwBRYu.exe
  2⤵
  PID:12748
- C:\Windows\System\uZZtHwY.exe
  C:\Windows\System\uZZtHwY.exe
  2⤵
  PID:12772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_303gutdk.tnj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CUYQJpG.exe

Filesize
1.9MB

MD5
d163f0af30db7e128872f914d406cdbc

SHA1
caed6760ed59fe7e1c03b905a3e3b514c0edc8a4

SHA256
1e31589cd1774fd49d8d95cf0192ee596bf720a93bfd9ac72421fe7e00ce89fe

SHA512
4e708076cd24472a81a5ebe236c4319c01eae577438e810241faedb8938a7d649d63d3cc0e7c238de32e4f166ed4133e4c7aa9d590849b657bc2ce2a622c5b1e

Download Submit
C:\Windows\System\CxxFSRp.exe

Filesize
1.9MB

MD5
2b1837dbf463eadbe47c0c94d73e5530

SHA1
2a6b0fb8c584920b0e742cd72015eec26c3994db

SHA256
da61518494001884401af7b91e460c9fb1da080d0f5fb806d908842ce383640e

SHA512
23991ea0c0f51ea1b60cd39e49f9799747368a38de884e7db14d86e6630318241f46b6b557dda7fbebd495857437a0635334b68d1291e2f6dd7a6f5aa3e66dc4

Download Submit
C:\Windows\System\EFjRkva.exe

Filesize
1.9MB

MD5
74c5aa3b053a7315af9e9f0bbec70390

SHA1
24f4445b742a0d6851ab6ad722444e5db6ddc140

SHA256
f4b61e72191aba2e8363b72819e80a15d4bf4fb33badbe4cbd23ecf842936055

SHA512
66af4e4d38c57164129d7964c546419951ff61806a5e62322eab9cd598ebeea5dab09915b226409105dff60e3396a43e93ac32c36c91c3f4c0333342305d22d3

Download Submit
C:\Windows\System\FVSPFUD.exe

Filesize
1.9MB

MD5
436ea7a62b52ba6d9c9bc81e6fbed45d

SHA1
c4d5348a17a294cd5fd6b19164da2de5157d10d2

SHA256
9adbf0532ab11a15e2a697a99d8f0c39445ec4e4727e820e65eb7c5095a2a8e2

SHA512
7671393c6d8e3764d67b2b34d52be2488d8dbf2b59f91a08ff89b42f2577c70974c379d1e35906aee99d984056776164e7f295a2c2e8799d70ecf051c4d200f5

Download Submit
C:\Windows\System\GALdRJH.exe

Filesize
1.9MB

MD5
88afe40e679bd8cb3ee8214d44a5d3db

SHA1
d0896a858e2992f42c6b70844eabeb95a9e9b7d5

SHA256
4f0364104b76c1f92ba94f08cb5404e13977a666e890d179a2c42fd99f2abc9a

SHA512
19835320728ef1a6aa808ff6ccd7447ddda9c23ba41a48307a3ff727062ab31cca862d5cfc8a2dadac3638b9062f1ebc719373c4e6e7c35d6884cfbb8269bcd1

Download Submit
C:\Windows\System\IVUzwhK.exe

Filesize
1.9MB

MD5
534fcbb0bcced64443d1720a17517168

SHA1
abd1cfa5b0f004e0913be46cdf497265c6b137ca

SHA256
728a36e038abe8d63d43f3d5e25779d5ad3694583f7563bae71c83c640556cef

SHA512
26de017d7a6cb1d7d2b36769573a476103d5ebd4a26d0916f3c761bd8b560926955c50277cfc198dc83a52a7e9ca748838b05848b2a892318f58120e5f61582a

Download Submit
C:\Windows\System\KUgrlXA.exe

Filesize
1.9MB

MD5
5f1092d16548b4bc408e213f7445455c

SHA1
ab1a3d01f406efbdd51f6e7f9ecb0de58d5ac789

SHA256
b498d573dd9b98cbd960487667aff22982924b9a8c6523c4a179b4b4b7b73c60

SHA512
68bb0e859d6fa3d304c2a11abdbd29373d5223e467b06009f33782a3126ddd768d4bf01d8fb4683ebf5fa4838586f811a56cfe9a43c41e4ceef09958ebb774d3

Download Submit
C:\Windows\System\LVXAEVW.exe

Filesize
1.9MB

MD5
3d49bf53c290cdf3c6d4b7b8b8d1de3a

SHA1
67f164ffe3076e1a7f389688fdc1569bb3b2053f

SHA256
465936ef07068720b24a0392a9b73c32aa99c3bfb496df8d96fb1918251051de

SHA512
d75209de91dfd54ff7d0fa700c3b253d0a85238f030b338c5680294de3c094b59ba84fa0e53c39cec454bf1c8fb24ea94575d4907726377500077f4e50788c1a

Download Submit
C:\Windows\System\OPjfvPU.exe

Filesize
1.9MB

MD5
4806c5e39b4539caeef8e59442e6032b

SHA1
8ce25b80c5a05da081d33903af5ebc6cf56fdb75

SHA256
0d08342cc89022fe6b1fc6d3900ef16053a6275191728d75ebda57d5bbae75e6

SHA512
3c07ffe0930ea9955351dfdd900c5d3dae456203d05fa852ba87e1bbf02b6e4a5c526c0b84087ef49cc0801fbe39213267e1155a2c1507dbe9c0713e45975b41

Download Submit
C:\Windows\System\OsQlWjF.exe

Filesize
1.9MB

MD5
12bb919cf1979c89fe5e2fe26e9540f9

SHA1
ed1081ee0fce4630d4c9a4ae129f8340c361c525

SHA256
15512e758d93ce5d0f199853c3715fb59d1e205412cbc2d4a50e0e2b414bf5bd

SHA512
910d64aef26fbc70ba1bce4db4f275e3bec88464738d4a1d1931ac11abf2448b67fc40c2d41fdb9aaf4058b3979fa4c8d0320c1ff05ecee773e4bc27d9f0a891

Download Submit
C:\Windows\System\PLhdmCM.exe

Filesize
1.9MB

MD5
5b73ac1c9482e34fe4082bdabc72f24e

SHA1
c401cc22bf9e1fc7f902726b90fed76681c8da21

SHA256
b28d26700c4d8b06f09df9eb0d4ff00f1dfbabb6563e1e02cf94e2de5ae1a60a

SHA512
12d29c9d528414e4cc110882eee77baf141e2b632af165fbdd7c108cbc9f7eb164e7bc03b0a28d6c9e09e9c4370489135f07db5531d25cdfa1adb249b2804693

Download Submit
C:\Windows\System\TAIZxMP.exe

Filesize
8B

MD5
12cb0c6780f2d5ad2779f622225af5d8

SHA1
f18f35ca999e688a276e80ff43745d48d66d977a

SHA256
887bfa3419485e09009a58ffad89a40c1289c2b815440bb33bc1848b9b247a80

SHA512
13460be388d3bb2fba97b598404f3723988def3e63e6355584610bc83a52b139b39aa53f3433391a93f441506fc4893a8aa59338ae2183b0eb938e55defe85f5

Download Submit
C:\Windows\System\WhUurzb.exe

Filesize
1.9MB

MD5
bea001deea9a84276e665499aafd69b3

SHA1
01cbe99e83a53ffedf7646731137231c15cd19df

SHA256
6fe0ee7b3043f4f6666af232c4a670bf79b89c08f0e0ccb87496c8895f1cdc70

SHA512
848423cda72c0ef98f6d4302d980dca370ae8bdb67cacb5cbf23a3461a51b02fc8e291c778ecc54e82bb7c207f04e3ee5c2d94d3900adc7722d88ec1a9023889

Download Submit
C:\Windows\System\XFUPJNa.exe

Filesize
1.9MB

MD5
ec4bb35b808d10364fe75475edb4f6a5

SHA1
35225fa8ff64f5ed0aa28c3ebea557c9e3d9cedd

SHA256
5f0e43c7e1d137250b83ac300f4ff92cc99ed720fab26cfbd012a873ac26d785

SHA512
c85813be7b9e8f98f5e0165c2df7bafcedacda0534f2060062ff7c0a395209adb4bf96aea88c2ca2a1d474d03ff08b4357fac1aff2a4b220142450c07b902f29

Download Submit
C:\Windows\System\ZTBpAEa.exe

Filesize
1.9MB

MD5
3f2df2c84353a477bf90ebead9093be7

SHA1
c2aeec59f176e076fec8383d230047dc1091c280

SHA256
46b7521fdda1ea60c92745dc30626b75920ca15de47144e15358facb1c84cbc8

SHA512
e81c6545b709ba5111d52dc171a005e222d79803c3bd0c446b507593d776f40911ef514c22613bbe85103e323c220ed818e3586214cb3537ae3ea8380de59a1f

Download Submit
C:\Windows\System\ZjCWyPR.exe

Filesize
1.9MB

MD5
225fe03dac4d48f8415cf19589128984

SHA1
dbb14ab9fe9d9647ed2864ed17ad96a4096f4c66

SHA256
bfff66ac93e6d0dc2549ad95f26346afae3f347c035cb9a48186ca694dc42285

SHA512
70922eed77d31c5fdde36351ae5248485f460f0133bb53b52031d262d22d92f2df8cdd053ab51776d7b2a6b5cb54ce4faac514eb8014330595672752cf2f4773

Download Submit
C:\Windows\System\aLbSBLR.exe

Filesize
1.9MB

MD5
d7e9be8800f23907b9db716f7960840b

SHA1
7f48744e60e0dc7a45a922e8b041ad84fe200674

SHA256
075ecf4ce0d37e1c73e6cf0c039e93eed166556ada2cf2f4647dc36965035e35

SHA512
eff64e80060f3cdd3a65a715bdaaa2cdcedfb1b84301ede442bd60abe1804bad184132a8acb446c07a0c0ad3cb3fd4c5619e8429e4bfe36c4a14ee3d57faf0b5

Download Submit
C:\Windows\System\bMsdCte.exe

Filesize
1.9MB

MD5
83e4177306998133dd28de6322c481df

SHA1
dae437c1671e065f4fd2c0f0ca31efb1c9c2293a

SHA256
164d50580ed4397a0e5359777c47fa3ec86fe587c8d7330f7a59329937614afb

SHA512
53ff31a2aefba8317ba230081ffa1b5d4bf6fcad2c900f684b58e25e40649f747bd8e03aa21c3cc6b49ed546aa6f2e0ce316eea6eccb1760210d80251637bf47

Download Submit
C:\Windows\System\bkWkWbr.exe

Filesize
1.9MB

MD5
26b56875f469363a2ae646f5e0b986fe

SHA1
100c4f4c4509df15a44a18accb9fddb1d51caf46

SHA256
d50e905d04024f39501b77e1c852c64dde1c40050fa9710f124d3dc264f6c9ca

SHA512
f3d26f71a8e71b1e20f5a66e3e65385b59e70227b24bbf68e64eba64703bde1cae1ba3454835334c63fc45372e981c62be9f9762cce243aab96d356009c90e13

Download Submit
C:\Windows\System\gbgBlha.exe

Filesize
1.9MB

MD5
9bbdb1e851fef43571ddaa15d04ccbcf

SHA1
8d4d573df75c4a857697ac8b66491cca31de71fb

SHA256
2a3e8db924c33bde4ab0722e5b17e45837d3afe9831f3ca45e9b8843da6802db

SHA512
7c48be5bc63441f045cf84f7ae586d66ae4db0132cad42aa2722de15ecba1c9b66dcc5c29713dd3d74bd3ccbc8289ac388339fb4aca7881afc3f63e687023740

Download Submit
C:\Windows\System\hIxadcJ.exe

Filesize
1.9MB

MD5
d7bf5414776f3df7ff384bc13275a8e7

SHA1
ce0ce6672a409cfbb01f933659c7b956b24fc5d7

SHA256
62c75476a9e93306982aada1236854b3525ef34bf93b3de71bf686b7b22995e2

SHA512
d27681f0d0bfec7c0e79f60490390362fa5f6b58edc4b6b44b0264a9f721cb7e1c91ad371e1166319a4408c78e841d473c6c3d01f7aa70179afdd6386e7f3b40

Download Submit
C:\Windows\System\jucUIMP.exe

Filesize
1.9MB

MD5
aa6d386fea31ea359bc7cf944f3e3346

SHA1
90179567f73b357b5462ed809d545dcd076aed0d

SHA256
a57d4bfde7aee5331669ba91be0c13e049f93f5f0869afe94ab73f5947f3c917

SHA512
d3a166aaaa2ba0411cb76efbc5ab3b2e46c32f84a8722bbd35720f249e751e1d518d2e7302747eaca1ad6fff481f924fc8f1653f2b27695efa73e2ef45c6bdf3

Download Submit
C:\Windows\System\monZiir.exe

Filesize
1.9MB

MD5
ae1458e26aa3a17de7a8dd95ddc8957d

SHA1
2ac8a11bdd72a7ce8a91b0f1eaf9cffae72adfb0

SHA256
b9281a654864b6819dfb5d73bf0cb0799811b19483ba49f887178d3f693fa094

SHA512
f95ea74ea3c7c229fbb5f30e445a3b4d681f8050f4929ed7bdcb8d49c6baad0ecd2dbe3f1f79bd847d714afa89ef48339f9048afd89f7280449ff582e82811c0

Download Submit
C:\Windows\System\pVtDskT.exe

Filesize
1.9MB

MD5
1e02595603238fe16c10d5db85fc3b7f

SHA1
4306fa9a46fd9080ec74dbd64b7203ff830ee4cc

SHA256
68c92da971c13fe28b468c5dd5f42eb5b7c721c3edd91d123c3b56f2111fb42e

SHA512
7560856d746ed123d9a771a8d1df4c4d412c5af1fa404b1f7b8555bdc87685fa9a7fb128c4f1c0da29ce3a6ef2dc9f9690a5970f397b6b99937d822b9bb672b5

Download Submit
C:\Windows\System\qxIthnG.exe

Filesize
1.9MB

MD5
784df2d1fb463dbb95d4336b5dfdf10b

SHA1
c176b1929709418e3d31a5cf87220d17df4a57bf

SHA256
fe37b0fbc1db5239af48d8f827eecb4c084035d4e674820f987b5fd47f78c483

SHA512
66c0e31d1129c220f703a8e75c07918f262768b3d809e3cc2273046afb3aa4f3d48ae7982fc6afea13672584a1862ab0c090e7e0a8859e278c976f3f9b9bb0fc

Download Submit
C:\Windows\System\sPTwCyJ.exe

Filesize
1.9MB

MD5
ac598e7bc95d37e20d64b4e91a90e38e

SHA1
9cc5e10341569a81714a2d924e62f10806dd5ba2

SHA256
aa1633fdcb1ffe7e68fdf6b800af43353f702107b131079e40a066d048c12d91

SHA512
fbb715896d9bf13653169b00b7cf36f43fc32c43d8d029df4bb4ccc0771bd747cdbd82a43a1f6948c8496b2a2824d538149aebed520a4cdf60068327220db902

Download Submit
C:\Windows\System\uQxebLJ.exe

Filesize
1.9MB

MD5
48babecde4e633a204a9bdbe86359512

SHA1
ff006b9312823891d9fbb6bef2a6d4f548bde4c3

SHA256
06ad99a0fe4cbe530c63be5b081d1347da9e9a13e31ebf3396041afe43533f97

SHA512
c8d5fcfb0d835729f02b0f87cf8aece62a6c226945bb65727a9526ceb309370acf724db2b0d522d2d1fb3d132f416af112f0064e9b6a2a4cf58e62496e647085

Download Submit
C:\Windows\System\vOlhRNS.exe

Filesize
1.9MB

MD5
8c2b0b9414152a993d436c367b1b0851

SHA1
117b09f239ca4fce650d64b4af7f99051165914d

SHA256
b408f1673c0bce13461cc2f3a90d74ec72e39fffbcbc52de9aca71ca3c59ace8

SHA512
d5ca8c01cf09f7d711e2b35606cf85cce8d72d0b39b4b8479c376905de13a7df2b9eb28754468af4e91510bc8e06fa85fe378b353ef8803008fbfcab246bd196

Download Submit
C:\Windows\System\vQyPGeb.exe

Filesize
1.9MB

MD5
5a0ea36687f103b518f5e62e4d98d5f4

SHA1
fc70074272398d04b0cd614c99eea31ba48a6cbf

SHA256
5ed3d07cd4c0d265ea25aad72d1af5465be96867749aae38de6801ca850596ba

SHA512
2f3130488fab014b7cacfa769cb1896c5827a8cc1a857fb524b2396b1275ece442ac9640eb58d63631aa1b4913241e611d028c1956d8358ea20a4249dbf8654a

Download Submit
C:\Windows\System\wnIPPJJ.exe

Filesize
1.9MB

MD5
169f720ba6757671612fa378fe6bc962

SHA1
b6f2deb1b60a2761faea6e02a5d831af5b737a9c

SHA256
eff1f95aefb661a11ccccaf47a544208fb4a3deed8dea5f9cce08ae8fd47b2c0

SHA512
7618dc67cf6dd674fbfe159804fe40fa9e6c0e4518ebb7cd443b21ceee870a9e7c5ae0fcbaaf0295b2b888af321cc5cea5a0a495fc5b79c05fa1fbd025327967

Download Submit
C:\Windows\System\wtBOeTd.exe

Filesize
1.9MB

MD5
bb5ad32e52b84eae09378f2cf45fe7db

SHA1
0492d177a83b1e75b90981c29b500dfff2b942ee

SHA256
620d9c0cde01c0d5b8c0cef5b140f7bd8e377a85c463495a46fd87d1d6c0abba

SHA512
145503023401e1ea4415fd89e69872f8d31812984458555cf77a8f80bbb8ae68a073d53b6b93872d7ba8a4d1f40e6a18e8c8d07a6d79c6b2be0654f6a57a0467

Download Submit
C:\Windows\System\xPCUNXx.exe

Filesize
1.9MB

MD5
78fec7b161d81b2ab100d1293e56edc6

SHA1
791aff8f629892581e3bcebfe90f7f803ff20661

SHA256
0a60b8512661a82f58260287ea3ebca5adefa5312bcd67f96bed41c4907a6741

SHA512
8c9973bdfb90da78e7e5a6474272796ce9443070fa98c05c36c4578498e834fdecd22619790cc50abcba53f8b87af4872153e6f6020d86ff2971adfc94c3844f

Download Submit
C:\Windows\System\xoyPrsg.exe

Filesize
1.9MB

MD5
24ce937ea6087506feeefe576d1ae7db

SHA1
c6cf084c271e4cfc4a6d5d6fe525e68487483859

SHA256
03c9de16d981ed94a0e5028c205243c9fe488dbade7aa193e14b8456c2eb0ec5

SHA512
832d357a9e6de42062e0260ec8dea889f05d294745a0993d7f88bb6388144e5f4c591c52c640ac2cd3e2a610a08a695cf2f4a793d800c464df21faed6283933b

Download Submit
C:\Windows\System\zoqIQUH.exe

Filesize
1.9MB

MD5
a93911faa29b7a81c3312bc607c20310

SHA1
3ff406e1e821f9db16554393acd71f8fe046e4ea

SHA256
87e0b04b8d96a2ba3c7d09b790fae1a1190e19678c1048fecf2fc595ea330c6e

SHA512
e711bceb089b02b004a2b15ba7c49db344317c983255d8350225ba438b723954227557e91b213b61c26f14beb12c5c191ce040a52030d0f7114eca1680c08548

Download Submit
memory/112-0-0x00007FF63C390000-0x00007FF63C782000-memory.dmp

Filesize
3.9MB

Download
memory/112-1-0x000002A225F20000-0x000002A225F30000-memory.dmp

Filesize
64KB

Download
memory/112-312-0x00007FF63C390000-0x00007FF63C782000-memory.dmp

Filesize
3.9MB

Download
memory/116-122-0x00007FF7FBEB0000-0x00007FF7FC2A2000-memory.dmp

Filesize
3.9MB

Download
memory/116-2225-0x00007FF7FBEB0000-0x00007FF7FC2A2000-memory.dmp

Filesize
3.9MB

Download
memory/736-2229-0x00007FF6C9970000-0x00007FF6C9D62000-memory.dmp

Filesize
3.9MB

Download
memory/736-134-0x00007FF6C9970000-0x00007FF6C9D62000-memory.dmp

Filesize
3.9MB

Download
memory/884-127-0x00007FF6456C0000-0x00007FF645AB2000-memory.dmp

Filesize
3.9MB

Download
memory/884-2239-0x00007FF6456C0000-0x00007FF645AB2000-memory.dmp

Filesize
3.9MB

Download
memory/1016-2193-0x00007FF6E7070000-0x00007FF6E7462000-memory.dmp

Filesize
3.9MB

Download
memory/1016-51-0x00007FF6E7070000-0x00007FF6E7462000-memory.dmp

Filesize
3.9MB

Download
memory/1080-2292-0x00007FF623210000-0x00007FF623602000-memory.dmp

Filesize
3.9MB

Download
memory/1080-394-0x00007FF623210000-0x00007FF623602000-memory.dmp

Filesize
3.9MB

Download
memory/1140-53-0x00007FF74D8F0000-0x00007FF74DCE2000-memory.dmp

Filesize
3.9MB

Download
memory/1140-2205-0x00007FF74D8F0000-0x00007FF74DCE2000-memory.dmp

Filesize
3.9MB

Download
memory/1296-432-0x00007FF6EB250000-0x00007FF6EB642000-memory.dmp

Filesize
3.9MB

Download
memory/1296-2290-0x00007FF6EB250000-0x00007FF6EB642000-memory.dmp

Filesize
3.9MB

Download
memory/1296-2306-0x00007FF6EB250000-0x00007FF6EB642000-memory.dmp

Filesize
3.9MB

Download
memory/1444-131-0x00007FF7B9F10000-0x00007FF7BA302000-memory.dmp

Filesize
3.9MB

Download
memory/1444-2238-0x00007FF7B9F10000-0x00007FF7BA302000-memory.dmp

Filesize
3.9MB

Download
memory/1512-132-0x00007FF68FAE0000-0x00007FF68FED2000-memory.dmp

Filesize
3.9MB

Download
memory/1512-2233-0x00007FF68FAE0000-0x00007FF68FED2000-memory.dmp

Filesize
3.9MB

Download
memory/1740-397-0x00007FF657FD0000-0x00007FF6583C2000-memory.dmp

Filesize
3.9MB

Download
memory/1740-2300-0x00007FF657FD0000-0x00007FF6583C2000-memory.dmp

Filesize
3.9MB

Download
memory/1984-133-0x00007FF6E3E50000-0x00007FF6E4242000-memory.dmp

Filesize
3.9MB

Download
memory/1984-2230-0x00007FF6E3E50000-0x00007FF6E4242000-memory.dmp

Filesize
3.9MB

Download
memory/2196-119-0x00007FF617AA0000-0x00007FF617E92000-memory.dmp

Filesize
3.9MB

Download
memory/2196-2226-0x00007FF617AA0000-0x00007FF617E92000-memory.dmp

Filesize
3.9MB

Download
memory/2660-130-0x00007FF66EC50000-0x00007FF66F042000-memory.dmp

Filesize
3.9MB

Download
memory/2660-2242-0x00007FF66EC50000-0x00007FF66F042000-memory.dmp

Filesize
3.9MB

Download
memory/2716-2158-0x00007FFD8DD60000-0x00007FFD8E821000-memory.dmp

Filesize
10.8MB

Download
memory/2716-50-0x00007FFD8DD60000-0x00007FFD8E821000-memory.dmp

Filesize
10.8MB

Download
memory/2716-3-0x00007FFD8DD63000-0x00007FFD8DD65000-memory.dmp

Filesize
8KB

Download
memory/2716-25-0x00007FFD8DD60000-0x00007FFD8E821000-memory.dmp

Filesize
10.8MB

Download
memory/2716-2159-0x00007FFD8DD63000-0x00007FFD8DD65000-memory.dmp

Filesize
8KB

Download
memory/2716-54-0x0000013B67E00000-0x0000013B67E22000-memory.dmp

Filesize
136KB

Download
memory/2716-135-0x0000013B806C0000-0x0000013B80E66000-memory.dmp

Filesize
7.6MB

Download
memory/2784-78-0x00007FF7CEE40000-0x00007FF7CF232000-memory.dmp

Filesize
3.9MB

Download
memory/2784-2218-0x00007FF7CEE40000-0x00007FF7CF232000-memory.dmp

Filesize
3.9MB

Download
memory/2812-123-0x00007FF79E780000-0x00007FF79EB72000-memory.dmp

Filesize
3.9MB

Download
memory/2812-2221-0x00007FF79E780000-0x00007FF79EB72000-memory.dmp

Filesize
3.9MB

Download
memory/2940-129-0x00007FF608FC0000-0x00007FF6093B2000-memory.dmp

Filesize
3.9MB

Download
memory/3048-74-0x00007FF6F2120000-0x00007FF6F2512000-memory.dmp

Filesize
3.9MB

Download
memory/3048-2203-0x00007FF6F2120000-0x00007FF6F2512000-memory.dmp

Filesize
3.9MB

Download
memory/3092-2241-0x00007FF79A9F0000-0x00007FF79ADE2000-memory.dmp

Filesize
3.9MB

Download
memory/3092-118-0x00007FF79A9F0000-0x00007FF79ADE2000-memory.dmp

Filesize
3.9MB

Download
memory/3216-2244-0x00007FF76F720000-0x00007FF76FB12000-memory.dmp

Filesize
3.9MB

Download
memory/3216-128-0x00007FF76F720000-0x00007FF76FB12000-memory.dmp

Filesize
3.9MB

Download
memory/3336-2235-0x00007FF6AA6A0000-0x00007FF6AAA92000-memory.dmp

Filesize
3.9MB

Download
memory/3336-327-0x00007FF6AA6A0000-0x00007FF6AAA92000-memory.dmp

Filesize
3.9MB

Download
memory/3336-93-0x00007FF6AA6A0000-0x00007FF6AAA92000-memory.dmp

Filesize
3.9MB

Download
memory/3528-2201-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3528-66-0x00007FF6349C0000-0x00007FF634DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3988-77-0x00007FF6D6C80000-0x00007FF6D7072000-memory.dmp

Filesize
3.9MB

Download
memory/3988-2216-0x00007FF6D6C80000-0x00007FF6D7072000-memory.dmp

Filesize
3.9MB

Download
memory/4316-2223-0x00007FF779F80000-0x00007FF77A372000-memory.dmp

Filesize
3.9MB

Download
memory/4316-126-0x00007FF779F80000-0x00007FF77A372000-memory.dmp

Filesize
3.9MB

Download
memory/4736-2295-0x00007FF6A9A10000-0x00007FF6A9E02000-memory.dmp

Filesize
3.9MB

Download
memory/4736-396-0x00007FF6A9A10000-0x00007FF6A9E02000-memory.dmp

Filesize
3.9MB

Download