xmrig | b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
Size

1.6MB
MD5

4bab06dc88c9a5fc56ac53542b1c37f0
SHA1

dcc094a9af367b01dadc08fa5615fd7f5f3d6ab4
SHA256

b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6
SHA512

72f69bcf4661ee7c13c71354b21dfb93beb7dc43b6aab20cee91a252eb09f23711f463cc49509766bea612cc3adcedd0c09fbde811df62bcd1f07bbc9c94e115
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmBirT/mHWDVQ:Lz071uv4BPMkFfdg6NsIiGuQ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2720-10-0x00007FF64D840000-0x00007FF64DC32000-memory.dmp	xmrig
behavioral2/memory/4124-114-0x00007FF752BD0000-0x00007FF752FC2000-memory.dmp	xmrig
behavioral2/memory/636-120-0x00007FF6FA620000-0x00007FF6FAA12000-memory.dmp	xmrig
behavioral2/memory/4724-205-0x00007FF6B78C0000-0x00007FF6B7CB2000-memory.dmp	xmrig
behavioral2/memory/4200-204-0x00007FF7262B0000-0x00007FF7266A2000-memory.dmp	xmrig
behavioral2/memory/3316-200-0x00007FF682CD0000-0x00007FF6830C2000-memory.dmp	xmrig
behavioral2/memory/4632-194-0x00007FF63B310000-0x00007FF63B702000-memory.dmp	xmrig
behavioral2/memory/932-188-0x00007FF73AB30000-0x00007FF73AF22000-memory.dmp	xmrig
behavioral2/memory/364-182-0x00007FF7155C0000-0x00007FF7159B2000-memory.dmp	xmrig
behavioral2/memory/3868-176-0x00007FF601390000-0x00007FF601782000-memory.dmp	xmrig
behavioral2/memory/1008-170-0x00007FF7AE120000-0x00007FF7AE512000-memory.dmp	xmrig
behavioral2/memory/3160-164-0x00007FF6B0F90000-0x00007FF6B1382000-memory.dmp	xmrig
behavioral2/memory/2136-163-0x00007FF682ED0000-0x00007FF6832C2000-memory.dmp	xmrig
behavioral2/memory/1552-157-0x00007FF6C84A0000-0x00007FF6C8892000-memory.dmp	xmrig
behavioral2/memory/4872-151-0x00007FF6D2630000-0x00007FF6D2A22000-memory.dmp	xmrig
behavioral2/memory/3232-145-0x00007FF62CBD0000-0x00007FF62CFC2000-memory.dmp	xmrig
behavioral2/memory/2904-139-0x00007FF7677D0000-0x00007FF767BC2000-memory.dmp	xmrig
behavioral2/memory/4092-133-0x00007FF727730000-0x00007FF727B22000-memory.dmp	xmrig
behavioral2/memory/3048-132-0x00007FF6DC3C0000-0x00007FF6DC7B2000-memory.dmp	xmrig
behavioral2/memory/3060-126-0x00007FF795990000-0x00007FF795D82000-memory.dmp	xmrig
behavioral2/memory/4916-108-0x00007FF6F96C0000-0x00007FF6F9AB2000-memory.dmp	xmrig
behavioral2/memory/776-104-0x00007FF63B570000-0x00007FF63B962000-memory.dmp	xmrig
behavioral2/memory/2400-97-0x00007FF6C5D10000-0x00007FF6C6102000-memory.dmp	xmrig
behavioral2/memory/4692-96-0x00007FF7A6C20000-0x00007FF7A7012000-memory.dmp	xmrig
behavioral2/memory/4528-2132-0x00007FF7CE7C0000-0x00007FF7CEBB2000-memory.dmp	xmrig
behavioral2/memory/2720-2190-0x00007FF64D840000-0x00007FF64DC32000-memory.dmp	xmrig
behavioral2/memory/2400-2194-0x00007FF6C5D10000-0x00007FF6C6102000-memory.dmp	xmrig
behavioral2/memory/1552-2193-0x00007FF6C84A0000-0x00007FF6C8892000-memory.dmp	xmrig
behavioral2/memory/4692-2196-0x00007FF7A6C20000-0x00007FF7A7012000-memory.dmp	xmrig
behavioral2/memory/776-2198-0x00007FF63B570000-0x00007FF63B962000-memory.dmp	xmrig
behavioral2/memory/4916-2201-0x00007FF6F96C0000-0x00007FF6F9AB2000-memory.dmp	xmrig
behavioral2/memory/4124-2202-0x00007FF752BD0000-0x00007FF752FC2000-memory.dmp	xmrig
behavioral2/memory/636-2208-0x00007FF6FA620000-0x00007FF6FAA12000-memory.dmp	xmrig
behavioral2/memory/3048-2210-0x00007FF6DC3C0000-0x00007FF6DC7B2000-memory.dmp	xmrig
behavioral2/memory/3060-2206-0x00007FF795990000-0x00007FF795D82000-memory.dmp	xmrig
behavioral2/memory/2136-2205-0x00007FF682ED0000-0x00007FF6832C2000-memory.dmp	xmrig
behavioral2/memory/3160-2217-0x00007FF6B0F90000-0x00007FF6B1382000-memory.dmp	xmrig
behavioral2/memory/3232-2220-0x00007FF62CBD0000-0x00007FF62CFC2000-memory.dmp	xmrig
behavioral2/memory/2904-2219-0x00007FF7677D0000-0x00007FF767BC2000-memory.dmp	xmrig
behavioral2/memory/4872-2222-0x00007FF6D2630000-0x00007FF6D2A22000-memory.dmp	xmrig
behavioral2/memory/1008-2215-0x00007FF7AE120000-0x00007FF7AE512000-memory.dmp	xmrig
behavioral2/memory/4092-2213-0x00007FF727730000-0x00007FF727B22000-memory.dmp	xmrig
behavioral2/memory/3868-2226-0x00007FF601390000-0x00007FF601782000-memory.dmp	xmrig
behavioral2/memory/364-2225-0x00007FF7155C0000-0x00007FF7159B2000-memory.dmp	xmrig
behavioral2/memory/932-2231-0x00007FF73AB30000-0x00007FF73AF22000-memory.dmp	xmrig
behavioral2/memory/4632-2232-0x00007FF63B310000-0x00007FF63B702000-memory.dmp	xmrig
behavioral2/memory/4200-2234-0x00007FF7262B0000-0x00007FF7266A2000-memory.dmp	xmrig
behavioral2/memory/3316-2229-0x00007FF682CD0000-0x00007FF6830C2000-memory.dmp	xmrig
behavioral2/memory/4724-2239-0x00007FF6B78C0000-0x00007FF6B7CB2000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	548	powershell.exe
10	548	powershell.exe
15	548	powershell.exe
16	548	powershell.exe
19	548	powershell.exe
20	548	powershell.exe
21	548	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
548	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2720	EjRZiZu.exe
4692	OaMZIjU.exe
1552	hvuKAKK.exe
2400	HGKdgDi.exe
776	WNkSmJR.exe
4916	nCETCVs.exe
4124	HuAFPra.exe
636	KhVQdxI.exe
2136	bkIprcP.exe
3060	UGWqMBp.exe
3048	psHHmVQ.exe
4092	xzdLKFu.exe
2904	OQcMPui.exe
3232	kGRHCME.exe
3160	cCewPUY.exe
1008	fCvXqqn.exe
4872	PdILTNy.exe
3868	NXgsKIf.exe
364	vBvqfze.exe
932	fBJULyU.exe
4632	RjZPMyN.exe
3316	OKznSmP.exe
4200	SBAtHWD.exe
4724	uLFRqrm.exe
1928	iRXvjRN.exe
3436	pfsWYkF.exe
3020	LPFdRJv.exe
3312	VjAnMMk.exe
1120	nMtAIdi.exe
4496	VmRDPLk.exe
1896	HMYTpJi.exe
2120	XFjScFP.exe
1852	yKDIzVp.exe
60	XvnmHgK.exe
1212	KqHMHXu.exe
2908	SVIGMHc.exe
4568	TycEZDf.exe
3336	rcugwef.exe
1604	lyinhxd.exe
2140	JKrEyNM.exe
2892	yfBuyxY.exe
3384	tHItnDE.exe
4620	IMxmMOk.exe
4948	lDepnRZ.exe
2504	ktFzRtc.exe
2016	yTPqatX.exe
208	BMoOYJQ.exe
4472	UGLajuf.exe
4376	EilAwWF.exe
1616	FNZNpkH.exe
2080	RxzlriX.exe
212	eqXdEjl.exe
4416	UoMZQgj.exe
2184	NSgLPcb.exe
4016	SjYTLWu.exe
1744	OpENffd.exe
2528	BsXtGZg.exe
3344	XgJIfCc.exe
4488	tiADbEL.exe
4436	VbVOWYR.exe
3488	ymLHutQ.exe
2984	RRkhFqf.exe
1672	gMRoySb.exe
5072	qdRlKJw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4528-0-0x00007FF7CE7C0000-0x00007FF7CEBB2000-memory.dmp	upx
behavioral2/files/0x000a00000002341b-5.dat	upx
behavioral2/files/0x0007000000023424-9.dat	upx
behavioral2/memory/2720-10-0x00007FF64D840000-0x00007FF64DC32000-memory.dmp	upx
behavioral2/files/0x0007000000023423-14.dat	upx
behavioral2/files/0x0007000000023427-36.dat	upx
behavioral2/files/0x0007000000023428-51.dat	upx
behavioral2/files/0x000700000002342e-65.dat	upx
behavioral2/files/0x000700000002342d-69.dat	upx
behavioral2/files/0x000700000002342a-63.dat	upx
behavioral2/files/0x000800000002342c-68.dat	upx
behavioral2/files/0x0007000000023431-83.dat	upx
behavioral2/files/0x0007000000023430-82.dat	upx
behavioral2/files/0x000700000002342f-81.dat	upx
behavioral2/files/0x0007000000023432-98.dat	upx
behavioral2/memory/4124-114-0x00007FF752BD0000-0x00007FF752FC2000-memory.dmp	upx
behavioral2/memory/636-120-0x00007FF6FA620000-0x00007FF6FAA12000-memory.dmp	upx
behavioral2/files/0x0007000000023434-127.dat	upx
behavioral2/files/0x0007000000023439-148.dat	upx
behavioral2/files/0x000700000002343c-167.dat	upx
behavioral2/files/0x000700000002343e-179.dat	upx
behavioral2/memory/4724-205-0x00007FF6B78C0000-0x00007FF6B7CB2000-memory.dmp	upx
behavioral2/memory/4200-204-0x00007FF7262B0000-0x00007FF7266A2000-memory.dmp	upx
behavioral2/memory/3316-200-0x00007FF682CD0000-0x00007FF6830C2000-memory.dmp	upx
behavioral2/files/0x0007000000023441-197.dat	upx
behavioral2/files/0x000700000002343f-195.dat	upx
behavioral2/memory/4632-194-0x00007FF63B310000-0x00007FF63B702000-memory.dmp	upx
behavioral2/files/0x0007000000023440-191.dat	upx
behavioral2/memory/932-188-0x00007FF73AB30000-0x00007FF73AF22000-memory.dmp	upx
behavioral2/files/0x000700000002343d-183.dat	upx
behavioral2/memory/364-182-0x00007FF7155C0000-0x00007FF7159B2000-memory.dmp	upx
behavioral2/memory/3868-176-0x00007FF601390000-0x00007FF601782000-memory.dmp	upx
behavioral2/files/0x000700000002343b-171.dat	upx
behavioral2/memory/1008-170-0x00007FF7AE120000-0x00007FF7AE512000-memory.dmp	upx
behavioral2/files/0x000700000002343a-165.dat	upx
behavioral2/memory/3160-164-0x00007FF6B0F90000-0x00007FF6B1382000-memory.dmp	upx
behavioral2/memory/2136-163-0x00007FF682ED0000-0x00007FF6832C2000-memory.dmp	upx
behavioral2/memory/1552-157-0x00007FF6C84A0000-0x00007FF6C8892000-memory.dmp	upx
behavioral2/files/0x0007000000023438-152.dat	upx
behavioral2/memory/4872-151-0x00007FF6D2630000-0x00007FF6D2A22000-memory.dmp	upx
behavioral2/files/0x0007000000023437-146.dat	upx
behavioral2/memory/3232-145-0x00007FF62CBD0000-0x00007FF62CFC2000-memory.dmp	upx
behavioral2/files/0x0007000000023436-140.dat	upx
behavioral2/memory/2904-139-0x00007FF7677D0000-0x00007FF767BC2000-memory.dmp	upx
behavioral2/files/0x0007000000023435-134.dat	upx
behavioral2/memory/4092-133-0x00007FF727730000-0x00007FF727B22000-memory.dmp	upx
behavioral2/memory/3048-132-0x00007FF6DC3C0000-0x00007FF6DC7B2000-memory.dmp	upx
behavioral2/memory/3060-126-0x00007FF795990000-0x00007FF795D82000-memory.dmp	upx
behavioral2/files/0x0009000000023420-121.dat	upx
behavioral2/files/0x0007000000023433-115.dat	upx
behavioral2/files/0x000800000002342b-109.dat	upx
behavioral2/memory/4916-108-0x00007FF6F96C0000-0x00007FF6F9AB2000-memory.dmp	upx
behavioral2/memory/776-104-0x00007FF63B570000-0x00007FF63B962000-memory.dmp	upx
behavioral2/memory/2400-97-0x00007FF6C5D10000-0x00007FF6C6102000-memory.dmp	upx
behavioral2/memory/4692-96-0x00007FF7A6C20000-0x00007FF7A7012000-memory.dmp	upx
behavioral2/files/0x0007000000023429-60.dat	upx
behavioral2/files/0x0007000000023426-28.dat	upx
behavioral2/files/0x0007000000023425-19.dat	upx
behavioral2/memory/4528-2132-0x00007FF7CE7C0000-0x00007FF7CEBB2000-memory.dmp	upx
behavioral2/memory/2720-2190-0x00007FF64D840000-0x00007FF64DC32000-memory.dmp	upx
behavioral2/memory/2400-2194-0x00007FF6C5D10000-0x00007FF6C6102000-memory.dmp	upx
behavioral2/memory/1552-2193-0x00007FF6C84A0000-0x00007FF6C8892000-memory.dmp	upx
behavioral2/memory/4692-2196-0x00007FF7A6C20000-0x00007FF7A7012000-memory.dmp	upx
behavioral2/memory/776-2198-0x00007FF63B570000-0x00007FF63B962000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hvuKAKK.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\OqdcjkP.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\vMZeUsp.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\cXcTZqO.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\OHpCoZw.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\UqbZjSf.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\EilAwWF.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\dUjXLZl.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\ngMDGVd.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\JMGIOyR.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\AWHtpEG.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\uhDkfzp.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\IEbTkSv.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\FNimoWi.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\yfBuyxY.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\tHItnDE.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\uiGowKe.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\oCmejBU.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\bqyFtsx.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\IgvLPNO.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\houSjDO.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\NyNiURv.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\KRoArnu.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\CUdrDNE.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\qBidyZy.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\EiiwEMG.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\lEYweWm.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\vNWalTG.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\prMWyjx.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\KTJKBVQ.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\JwYjxOG.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\wtYKRvK.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\JQWrImx.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\kcjesJJ.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\SUTNrNE.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\RiyptSm.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\AWYishv.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\ZYdhwhL.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\MVGgtmE.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\vtiZvSr.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\SAhqimq.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\rzIknwy.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\ljtJUlq.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\lQCmKUQ.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\WoSwbXn.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\AmesvqH.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\dtgJclt.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\dYEakrp.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\ENnYumr.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\cFUQOeP.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\CrdpmtW.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\vuIJaRo.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\UQaHGVM.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\RmXTTEH.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\wGcsTvM.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\ggWbhXY.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\DyjgJWl.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\PkoSQwP.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\yCEtESc.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\mSZoECk.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\BTsTjgt.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\BRhoTBo.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\JOeBFeA.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
File created	C:\Windows\System\IMxmMOk.exe	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
548	powershell.exe
548	powershell.exe
548	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
Token: SeDebugPrivilege	548	powershell.exe
Token: SeLockMemoryPrivilege	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 548	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	82
PID 4528 wrote to memory of 548	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	82
PID 4528 wrote to memory of 2720	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	83
PID 4528 wrote to memory of 2720	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	83
PID 4528 wrote to memory of 4692	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	84
PID 4528 wrote to memory of 4692	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	84
PID 4528 wrote to memory of 1552	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	85
PID 4528 wrote to memory of 1552	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	85
PID 4528 wrote to memory of 2400	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	86
PID 4528 wrote to memory of 2400	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	86
PID 4528 wrote to memory of 776	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	87
PID 4528 wrote to memory of 776	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	87
PID 4528 wrote to memory of 4916	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	88
PID 4528 wrote to memory of 4916	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	88
PID 4528 wrote to memory of 4124	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	89
PID 4528 wrote to memory of 4124	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	89
PID 4528 wrote to memory of 636	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	90
PID 4528 wrote to memory of 636	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	90
PID 4528 wrote to memory of 2136	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	91
PID 4528 wrote to memory of 2136	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	91
PID 4528 wrote to memory of 3060	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	92
PID 4528 wrote to memory of 3060	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	92
PID 4528 wrote to memory of 3048	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	93
PID 4528 wrote to memory of 3048	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	93
PID 4528 wrote to memory of 4092	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	94
PID 4528 wrote to memory of 4092	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	94
PID 4528 wrote to memory of 2904	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	95
PID 4528 wrote to memory of 2904	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	95
PID 4528 wrote to memory of 3232	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	96
PID 4528 wrote to memory of 3232	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	96
PID 4528 wrote to memory of 3160	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	97
PID 4528 wrote to memory of 3160	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	97
PID 4528 wrote to memory of 1008	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	98
PID 4528 wrote to memory of 1008	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	98
PID 4528 wrote to memory of 4872	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	99
PID 4528 wrote to memory of 4872	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	99
PID 4528 wrote to memory of 3868	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	100
PID 4528 wrote to memory of 3868	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	100
PID 4528 wrote to memory of 364	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	101
PID 4528 wrote to memory of 364	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	101
PID 4528 wrote to memory of 932	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	102
PID 4528 wrote to memory of 932	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	102
PID 4528 wrote to memory of 4632	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	103
PID 4528 wrote to memory of 4632	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	103
PID 4528 wrote to memory of 3316	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	104
PID 4528 wrote to memory of 3316	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	104
PID 4528 wrote to memory of 4200	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	105
PID 4528 wrote to memory of 4200	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	105
PID 4528 wrote to memory of 4724	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	106
PID 4528 wrote to memory of 4724	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	106
PID 4528 wrote to memory of 1928	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	107
PID 4528 wrote to memory of 1928	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	107
PID 4528 wrote to memory of 3436	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	108
PID 4528 wrote to memory of 3436	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	108
PID 4528 wrote to memory of 3020	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	109
PID 4528 wrote to memory of 3020	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	109
PID 4528 wrote to memory of 3312	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	110
PID 4528 wrote to memory of 3312	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	110
PID 4528 wrote to memory of 1120	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	111
PID 4528 wrote to memory of 1120	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	111
PID 4528 wrote to memory of 4496	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	112
PID 4528 wrote to memory of 4496	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	112
PID 4528 wrote to memory of 1896	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	113
PID 4528 wrote to memory of 1896	4528	b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe	113

C:\Users\Admin\AppData\Local\Temp\b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b73397f4ecc0468df905734983b35a2a72b9082b941a0dcaa4f8bf530a0690a6_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:548
- C:\Windows\System\EjRZiZu.exe
  C:\Windows\System\EjRZiZu.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\OaMZIjU.exe
  C:\Windows\System\OaMZIjU.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\hvuKAKK.exe
  C:\Windows\System\hvuKAKK.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\HGKdgDi.exe
  C:\Windows\System\HGKdgDi.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\WNkSmJR.exe
  C:\Windows\System\WNkSmJR.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\nCETCVs.exe
  C:\Windows\System\nCETCVs.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\HuAFPra.exe
  C:\Windows\System\HuAFPra.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\KhVQdxI.exe
  C:\Windows\System\KhVQdxI.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\bkIprcP.exe
  C:\Windows\System\bkIprcP.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\UGWqMBp.exe
  C:\Windows\System\UGWqMBp.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\psHHmVQ.exe
  C:\Windows\System\psHHmVQ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\xzdLKFu.exe
  C:\Windows\System\xzdLKFu.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\OQcMPui.exe
  C:\Windows\System\OQcMPui.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\kGRHCME.exe
  C:\Windows\System\kGRHCME.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\cCewPUY.exe
  C:\Windows\System\cCewPUY.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\fCvXqqn.exe
  C:\Windows\System\fCvXqqn.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\PdILTNy.exe
  C:\Windows\System\PdILTNy.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\NXgsKIf.exe
  C:\Windows\System\NXgsKIf.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\vBvqfze.exe
  C:\Windows\System\vBvqfze.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\fBJULyU.exe
  C:\Windows\System\fBJULyU.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\RjZPMyN.exe
  C:\Windows\System\RjZPMyN.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\OKznSmP.exe
  C:\Windows\System\OKznSmP.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\SBAtHWD.exe
  C:\Windows\System\SBAtHWD.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\uLFRqrm.exe
  C:\Windows\System\uLFRqrm.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\iRXvjRN.exe
  C:\Windows\System\iRXvjRN.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\pfsWYkF.exe
  C:\Windows\System\pfsWYkF.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\LPFdRJv.exe
  C:\Windows\System\LPFdRJv.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\VjAnMMk.exe
  C:\Windows\System\VjAnMMk.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\nMtAIdi.exe
  C:\Windows\System\nMtAIdi.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\VmRDPLk.exe
  C:\Windows\System\VmRDPLk.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\HMYTpJi.exe
  C:\Windows\System\HMYTpJi.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\XFjScFP.exe
  C:\Windows\System\XFjScFP.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\yKDIzVp.exe
  C:\Windows\System\yKDIzVp.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\XvnmHgK.exe
  C:\Windows\System\XvnmHgK.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\KqHMHXu.exe
  C:\Windows\System\KqHMHXu.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\SVIGMHc.exe
  C:\Windows\System\SVIGMHc.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\TycEZDf.exe
  C:\Windows\System\TycEZDf.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\rcugwef.exe
  C:\Windows\System\rcugwef.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\lyinhxd.exe
  C:\Windows\System\lyinhxd.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\JKrEyNM.exe
  C:\Windows\System\JKrEyNM.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\yfBuyxY.exe
  C:\Windows\System\yfBuyxY.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\tHItnDE.exe
  C:\Windows\System\tHItnDE.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\IMxmMOk.exe
  C:\Windows\System\IMxmMOk.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\lDepnRZ.exe
  C:\Windows\System\lDepnRZ.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\ktFzRtc.exe
  C:\Windows\System\ktFzRtc.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\yTPqatX.exe
  C:\Windows\System\yTPqatX.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\BMoOYJQ.exe
  C:\Windows\System\BMoOYJQ.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\UGLajuf.exe
  C:\Windows\System\UGLajuf.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\EilAwWF.exe
  C:\Windows\System\EilAwWF.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\FNZNpkH.exe
  C:\Windows\System\FNZNpkH.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\RxzlriX.exe
  C:\Windows\System\RxzlriX.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\eqXdEjl.exe
  C:\Windows\System\eqXdEjl.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\UoMZQgj.exe
  C:\Windows\System\UoMZQgj.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\NSgLPcb.exe
  C:\Windows\System\NSgLPcb.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\SjYTLWu.exe
  C:\Windows\System\SjYTLWu.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\OpENffd.exe
  C:\Windows\System\OpENffd.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\BsXtGZg.exe
  C:\Windows\System\BsXtGZg.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\XgJIfCc.exe
  C:\Windows\System\XgJIfCc.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\tiADbEL.exe
  C:\Windows\System\tiADbEL.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\VbVOWYR.exe
  C:\Windows\System\VbVOWYR.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\ymLHutQ.exe
  C:\Windows\System\ymLHutQ.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\RRkhFqf.exe
  C:\Windows\System\RRkhFqf.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\gMRoySb.exe
  C:\Windows\System\gMRoySb.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\qdRlKJw.exe
  C:\Windows\System\qdRlKJw.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\slFFZUy.exe
  C:\Windows\System\slFFZUy.exe
  2⤵
  PID:4364
- C:\Windows\System\rrffnaL.exe
  C:\Windows\System\rrffnaL.exe
  2⤵
  PID:3732
- C:\Windows\System\YHEavGm.exe
  C:\Windows\System\YHEavGm.exe
  2⤵
  PID:3760
- C:\Windows\System\ljtJUlq.exe
  C:\Windows\System\ljtJUlq.exe
  2⤵
  PID:4624
- C:\Windows\System\ANySDZr.exe
  C:\Windows\System\ANySDZr.exe
  2⤵
  PID:4032
- C:\Windows\System\DyjgJWl.exe
  C:\Windows\System\DyjgJWl.exe
  2⤵
  PID:3664
- C:\Windows\System\WhqWqJH.exe
  C:\Windows\System\WhqWqJH.exe
  2⤵
  PID:844
- C:\Windows\System\fUSQmdq.exe
  C:\Windows\System\fUSQmdq.exe
  2⤵
  PID:4720
- C:\Windows\System\SUJGeha.exe
  C:\Windows\System\SUJGeha.exe
  2⤵
  PID:4260
- C:\Windows\System\YBkbLIZ.exe
  C:\Windows\System\YBkbLIZ.exe
  2⤵
  PID:2492
- C:\Windows\System\JhNhWOT.exe
  C:\Windows\System\JhNhWOT.exe
  2⤵
  PID:2744
- C:\Windows\System\UaSNbHP.exe
  C:\Windows\System\UaSNbHP.exe
  2⤵
  PID:4432
- C:\Windows\System\fQeLwmj.exe
  C:\Windows\System\fQeLwmj.exe
  2⤵
  PID:3356
- C:\Windows\System\Gqolker.exe
  C:\Windows\System\Gqolker.exe
  2⤵
  PID:316
- C:\Windows\System\IRvMPOW.exe
  C:\Windows\System\IRvMPOW.exe
  2⤵
  PID:696
- C:\Windows\System\XcDHucB.exe
  C:\Windows\System\XcDHucB.exe
  2⤵
  PID:1000
- C:\Windows\System\PkoSQwP.exe
  C:\Windows\System\PkoSQwP.exe
  2⤵
  PID:732
- C:\Windows\System\UnYlfku.exe
  C:\Windows\System\UnYlfku.exe
  2⤵
  PID:4656
- C:\Windows\System\dLruWwx.exe
  C:\Windows\System\dLruWwx.exe
  2⤵
  PID:5124
- C:\Windows\System\AdmOHJT.exe
  C:\Windows\System\AdmOHJT.exe
  2⤵
  PID:5152
- C:\Windows\System\PavEFXz.exe
  C:\Windows\System\PavEFXz.exe
  2⤵
  PID:5180
- C:\Windows\System\CDnnXvM.exe
  C:\Windows\System\CDnnXvM.exe
  2⤵
  PID:5208
- C:\Windows\System\zysHMRy.exe
  C:\Windows\System\zysHMRy.exe
  2⤵
  PID:5236
- C:\Windows\System\RGqDNtN.exe
  C:\Windows\System\RGqDNtN.exe
  2⤵
  PID:5264
- C:\Windows\System\fftBQbx.exe
  C:\Windows\System\fftBQbx.exe
  2⤵
  PID:5288
- C:\Windows\System\ASgeWTH.exe
  C:\Windows\System\ASgeWTH.exe
  2⤵
  PID:5320
- C:\Windows\System\ldIncdI.exe
  C:\Windows\System\ldIncdI.exe
  2⤵
  PID:5348
- C:\Windows\System\iwSJgHX.exe
  C:\Windows\System\iwSJgHX.exe
  2⤵
  PID:5376
- C:\Windows\System\OwzUDXE.exe
  C:\Windows\System\OwzUDXE.exe
  2⤵
  PID:5404
- C:\Windows\System\pwpALGF.exe
  C:\Windows\System\pwpALGF.exe
  2⤵
  PID:5432
- C:\Windows\System\RFJIveV.exe
  C:\Windows\System\RFJIveV.exe
  2⤵
  PID:5460
- C:\Windows\System\kuyARxh.exe
  C:\Windows\System\kuyARxh.exe
  2⤵
  PID:5484
- C:\Windows\System\JMOtHmI.exe
  C:\Windows\System\JMOtHmI.exe
  2⤵
  PID:5516
- C:\Windows\System\QyiKUhM.exe
  C:\Windows\System\QyiKUhM.exe
  2⤵
  PID:5540
- C:\Windows\System\mzUOYTO.exe
  C:\Windows\System\mzUOYTO.exe
  2⤵
  PID:5572
- C:\Windows\System\QCtzdCs.exe
  C:\Windows\System\QCtzdCs.exe
  2⤵
  PID:5600
- C:\Windows\System\LpABhYL.exe
  C:\Windows\System\LpABhYL.exe
  2⤵
  PID:5628
- C:\Windows\System\PssyAxv.exe
  C:\Windows\System\PssyAxv.exe
  2⤵
  PID:5660
- C:\Windows\System\ivZHamb.exe
  C:\Windows\System\ivZHamb.exe
  2⤵
  PID:5684
- C:\Windows\System\kbzLlwG.exe
  C:\Windows\System\kbzLlwG.exe
  2⤵
  PID:5716
- C:\Windows\System\vKGGbZI.exe
  C:\Windows\System\vKGGbZI.exe
  2⤵
  PID:5744
- C:\Windows\System\wtYKRvK.exe
  C:\Windows\System\wtYKRvK.exe
  2⤵
  PID:5772
- C:\Windows\System\KRoArnu.exe
  C:\Windows\System\KRoArnu.exe
  2⤵
  PID:5800
- C:\Windows\System\SUnqXnL.exe
  C:\Windows\System\SUnqXnL.exe
  2⤵
  PID:5828
- C:\Windows\System\rfbnXLN.exe
  C:\Windows\System\rfbnXLN.exe
  2⤵
  PID:5856
- C:\Windows\System\efSTDfn.exe
  C:\Windows\System\efSTDfn.exe
  2⤵
  PID:5876
- C:\Windows\System\tofkkEK.exe
  C:\Windows\System\tofkkEK.exe
  2⤵
  PID:5952
- C:\Windows\System\YngzPdY.exe
  C:\Windows\System\YngzPdY.exe
  2⤵
  PID:6012
- C:\Windows\System\AWAtWLl.exe
  C:\Windows\System\AWAtWLl.exe
  2⤵
  PID:6032
- C:\Windows\System\YLILkYX.exe
  C:\Windows\System\YLILkYX.exe
  2⤵
  PID:6048
- C:\Windows\System\YpWrbGW.exe
  C:\Windows\System\YpWrbGW.exe
  2⤵
  PID:6064
- C:\Windows\System\nfGgtEP.exe
  C:\Windows\System\nfGgtEP.exe
  2⤵
  PID:6080
- C:\Windows\System\cDAaZVA.exe
  C:\Windows\System\cDAaZVA.exe
  2⤵
  PID:6104
- C:\Windows\System\WzzUpXs.exe
  C:\Windows\System\WzzUpXs.exe
  2⤵
  PID:6124
- C:\Windows\System\tSkYjgC.exe
  C:\Windows\System\tSkYjgC.exe
  2⤵
  PID:2604
- C:\Windows\System\dtJJUQA.exe
  C:\Windows\System\dtJJUQA.exe
  2⤵
  PID:4156
- C:\Windows\System\EeyeVia.exe
  C:\Windows\System\EeyeVia.exe
  2⤵
  PID:2012
- C:\Windows\System\svqooNV.exe
  C:\Windows\System\svqooNV.exe
  2⤵
  PID:4000
- C:\Windows\System\KwBQyZq.exe
  C:\Windows\System\KwBQyZq.exe
  2⤵
  PID:5104
- C:\Windows\System\jenjlHt.exe
  C:\Windows\System\jenjlHt.exe
  2⤵
  PID:3368
- C:\Windows\System\JrJVmRe.exe
  C:\Windows\System\JrJVmRe.exe
  2⤵
  PID:2452
- C:\Windows\System\LfpSIcm.exe
  C:\Windows\System\LfpSIcm.exe
  2⤵
  PID:5168
- C:\Windows\System\JxVagNd.exe
  C:\Windows\System\JxVagNd.exe
  2⤵
  PID:5196
- C:\Windows\System\qpiewRJ.exe
  C:\Windows\System\qpiewRJ.exe
  2⤵
  PID:5252
- C:\Windows\System\PgKbGbJ.exe
  C:\Windows\System\PgKbGbJ.exe
  2⤵
  PID:5284
- C:\Windows\System\CrdpmtW.exe
  C:\Windows\System\CrdpmtW.exe
  2⤵
  PID:5308
- C:\Windows\System\YPQadQH.exe
  C:\Windows\System\YPQadQH.exe
  2⤵
  PID:5364
- C:\Windows\System\fGsfaGK.exe
  C:\Windows\System\fGsfaGK.exe
  2⤵
  PID:5396
- C:\Windows\System\LUYLeDb.exe
  C:\Windows\System\LUYLeDb.exe
  2⤵
  PID:5448
- C:\Windows\System\nmzfGPV.exe
  C:\Windows\System\nmzfGPV.exe
  2⤵
  PID:5500
- C:\Windows\System\VhFqWey.exe
  C:\Windows\System\VhFqWey.exe
  2⤵
  PID:5528
- C:\Windows\System\WCKMyKA.exe
  C:\Windows\System\WCKMyKA.exe
  2⤵
  PID:4744
- C:\Windows\System\EmDmGNg.exe
  C:\Windows\System\EmDmGNg.exe
  2⤵
  PID:5564
- C:\Windows\System\yChsZkV.exe
  C:\Windows\System\yChsZkV.exe
  2⤵
  PID:5612
- C:\Windows\System\mOODFFb.exe
  C:\Windows\System\mOODFFb.exe
  2⤵
  PID:5096
- C:\Windows\System\rKzsCBr.exe
  C:\Windows\System\rKzsCBr.exe
  2⤵
  PID:5672
- C:\Windows\System\zoPpoiw.exe
  C:\Windows\System\zoPpoiw.exe
  2⤵
  PID:3920
- C:\Windows\System\EgMonEh.exe
  C:\Windows\System\EgMonEh.exe
  2⤵
  PID:5760
- C:\Windows\System\ANVMcCb.exe
  C:\Windows\System\ANVMcCb.exe
  2⤵
  PID:3280
- C:\Windows\System\mNNwKAM.exe
  C:\Windows\System\mNNwKAM.exe
  2⤵
  PID:5820
- C:\Windows\System\HRNsyGq.exe
  C:\Windows\System\HRNsyGq.exe
  2⤵
  PID:5920
- C:\Windows\System\UfCNweb.exe
  C:\Windows\System\UfCNweb.exe
  2⤵
  PID:5904
- C:\Windows\System\JQWrImx.exe
  C:\Windows\System\JQWrImx.exe
  2⤵
  PID:3292
- C:\Windows\System\RLPqhQB.exe
  C:\Windows\System\RLPqhQB.exe
  2⤵
  PID:5868
- C:\Windows\System\TDsCCCf.exe
  C:\Windows\System\TDsCCCf.exe
  2⤵
  PID:1116
- C:\Windows\System\jpvpFnV.exe
  C:\Windows\System\jpvpFnV.exe
  2⤵
  PID:808
- C:\Windows\System\sQATmuz.exe
  C:\Windows\System\sQATmuz.exe
  2⤵
  PID:4104
- C:\Windows\System\GPHVcEI.exe
  C:\Windows\System\GPHVcEI.exe
  2⤵
  PID:2664
- C:\Windows\System\rvIhuAN.exe
  C:\Windows\System\rvIhuAN.exe
  2⤵
  PID:2200
- C:\Windows\System\cFnijbm.exe
  C:\Windows\System\cFnijbm.exe
  2⤵
  PID:444
- C:\Windows\System\djHQifm.exe
  C:\Windows\System\djHQifm.exe
  2⤵
  PID:4652
- C:\Windows\System\mydhuyt.exe
  C:\Windows\System\mydhuyt.exe
  2⤵
  PID:6112
- C:\Windows\System\fPppteS.exe
  C:\Windows\System\fPppteS.exe
  2⤵
  PID:5792
- C:\Windows\System\BVaAxgd.exe
  C:\Windows\System\BVaAxgd.exe
  2⤵
  PID:3860
- C:\Windows\System\CObqNye.exe
  C:\Windows\System\CObqNye.exe
  2⤵
  PID:5704
- C:\Windows\System\jaghSew.exe
  C:\Windows\System\jaghSew.exe
  2⤵
  PID:5472
- C:\Windows\System\EkdQcyW.exe
  C:\Windows\System\EkdQcyW.exe
  2⤵
  PID:5536
- C:\Windows\System\grfOsXQ.exe
  C:\Windows\System\grfOsXQ.exe
  2⤵
  PID:5592
- C:\Windows\System\rMPQAzj.exe
  C:\Windows\System\rMPQAzj.exe
  2⤵
  PID:5848
- C:\Windows\System\aBeawsX.exe
  C:\Windows\System\aBeawsX.exe
  2⤵
  PID:5996
- C:\Windows\System\VUSqYyd.exe
  C:\Windows\System\VUSqYyd.exe
  2⤵
  PID:2800
- C:\Windows\System\vNWalTG.exe
  C:\Windows\System\vNWalTG.exe
  2⤵
  PID:2372
- C:\Windows\System\uuMqljo.exe
  C:\Windows\System\uuMqljo.exe
  2⤵
  PID:5360
- C:\Windows\System\kqDNHEg.exe
  C:\Windows\System\kqDNHEg.exe
  2⤵
  PID:3896
- C:\Windows\System\vuIJaRo.exe
  C:\Windows\System\vuIJaRo.exe
  2⤵
  PID:6160
- C:\Windows\System\NzavTYV.exe
  C:\Windows\System\NzavTYV.exe
  2⤵
  PID:6188
- C:\Windows\System\ixuOTKE.exe
  C:\Windows\System\ixuOTKE.exe
  2⤵
  PID:6216
- C:\Windows\System\iXZExlF.exe
  C:\Windows\System\iXZExlF.exe
  2⤵
  PID:6300
- C:\Windows\System\HDXLhmu.exe
  C:\Windows\System\HDXLhmu.exe
  2⤵
  PID:6356
- C:\Windows\System\OLvNFcy.exe
  C:\Windows\System\OLvNFcy.exe
  2⤵
  PID:6380
- C:\Windows\System\JhHcCGe.exe
  C:\Windows\System\JhHcCGe.exe
  2⤵
  PID:6404
- C:\Windows\System\dUjXLZl.exe
  C:\Windows\System\dUjXLZl.exe
  2⤵
  PID:6420
- C:\Windows\System\MrfPcPI.exe
  C:\Windows\System\MrfPcPI.exe
  2⤵
  PID:6476
- C:\Windows\System\lQCmKUQ.exe
  C:\Windows\System\lQCmKUQ.exe
  2⤵
  PID:6512
- C:\Windows\System\wowdXif.exe
  C:\Windows\System\wowdXif.exe
  2⤵
  PID:6528
- C:\Windows\System\gxlJfYk.exe
  C:\Windows\System\gxlJfYk.exe
  2⤵
  PID:6548
- C:\Windows\System\fciwNEy.exe
  C:\Windows\System\fciwNEy.exe
  2⤵
  PID:6576
- C:\Windows\System\OBljcdX.exe
  C:\Windows\System\OBljcdX.exe
  2⤵
  PID:6620
- C:\Windows\System\gnMnopl.exe
  C:\Windows\System\gnMnopl.exe
  2⤵
  PID:6640
- C:\Windows\System\jUFecaQ.exe
  C:\Windows\System\jUFecaQ.exe
  2⤵
  PID:6660
- C:\Windows\System\uQFdfTb.exe
  C:\Windows\System\uQFdfTb.exe
  2⤵
  PID:6688
- C:\Windows\System\HMKglxu.exe
  C:\Windows\System\HMKglxu.exe
  2⤵
  PID:6728
- C:\Windows\System\RBheMTe.exe
  C:\Windows\System\RBheMTe.exe
  2⤵
  PID:6748
- C:\Windows\System\qrSuZtY.exe
  C:\Windows\System\qrSuZtY.exe
  2⤵
  PID:6784
- C:\Windows\System\fkKPGyg.exe
  C:\Windows\System\fkKPGyg.exe
  2⤵
  PID:6808
- C:\Windows\System\RiyptSm.exe
  C:\Windows\System\RiyptSm.exe
  2⤵
  PID:6828
- C:\Windows\System\ePlpTDW.exe
  C:\Windows\System\ePlpTDW.exe
  2⤵
  PID:6864
- C:\Windows\System\joxAsnC.exe
  C:\Windows\System\joxAsnC.exe
  2⤵
  PID:6884
- C:\Windows\System\VFDDIUb.exe
  C:\Windows\System\VFDDIUb.exe
  2⤵
  PID:6908
- C:\Windows\System\SqJoEqW.exe
  C:\Windows\System\SqJoEqW.exe
  2⤵
  PID:6936
- C:\Windows\System\aReWvfA.exe
  C:\Windows\System\aReWvfA.exe
  2⤵
  PID:6952
- C:\Windows\System\ENnYumr.exe
  C:\Windows\System\ENnYumr.exe
  2⤵
  PID:6976
- C:\Windows\System\YePYipe.exe
  C:\Windows\System\YePYipe.exe
  2⤵
  PID:7016
- C:\Windows\System\qMgwRDD.exe
  C:\Windows\System\qMgwRDD.exe
  2⤵
  PID:7060
- C:\Windows\System\vKFDfit.exe
  C:\Windows\System\vKFDfit.exe
  2⤵
  PID:7088
- C:\Windows\System\nvlFzpz.exe
  C:\Windows\System\nvlFzpz.exe
  2⤵
  PID:7108
- C:\Windows\System\CUdrDNE.exe
  C:\Windows\System\CUdrDNE.exe
  2⤵
  PID:7132
- C:\Windows\System\qrgdPGC.exe
  C:\Windows\System\qrgdPGC.exe
  2⤵
  PID:7156
- C:\Windows\System\xqpuYoz.exe
  C:\Windows\System\xqpuYoz.exe
  2⤵
  PID:4236
- C:\Windows\System\lrliHKB.exe
  C:\Windows\System\lrliHKB.exe
  2⤵
  PID:6296
- C:\Windows\System\LayDvop.exe
  C:\Windows\System\LayDvop.exe
  2⤵
  PID:6260
- C:\Windows\System\JjdSgwx.exe
  C:\Windows\System\JjdSgwx.exe
  2⤵
  PID:6348
- C:\Windows\System\UTjZPCC.exe
  C:\Windows\System\UTjZPCC.exe
  2⤵
  PID:6400
- C:\Windows\System\lSmpikT.exe
  C:\Windows\System\lSmpikT.exe
  2⤵
  PID:6448
- C:\Windows\System\zvTHhoI.exe
  C:\Windows\System\zvTHhoI.exe
  2⤵
  PID:6544
- C:\Windows\System\xejNoxz.exe
  C:\Windows\System\xejNoxz.exe
  2⤵
  PID:6568
- C:\Windows\System\CcsrxCO.exe
  C:\Windows\System\CcsrxCO.exe
  2⤵
  PID:6632
- C:\Windows\System\RttcMdR.exe
  C:\Windows\System\RttcMdR.exe
  2⤵
  PID:6656
- C:\Windows\System\QEwMWdH.exe
  C:\Windows\System\QEwMWdH.exe
  2⤵
  PID:6756
- C:\Windows\System\rYIqNXI.exe
  C:\Windows\System\rYIqNXI.exe
  2⤵
  PID:6772
- C:\Windows\System\YbdKKHj.exe
  C:\Windows\System\YbdKKHj.exe
  2⤵
  PID:6800
- C:\Windows\System\UQaHGVM.exe
  C:\Windows\System\UQaHGVM.exe
  2⤵
  PID:6896
- C:\Windows\System\LYcbWAH.exe
  C:\Windows\System\LYcbWAH.exe
  2⤵
  PID:6960
- C:\Windows\System\iaAOADN.exe
  C:\Windows\System\iaAOADN.exe
  2⤵
  PID:7012
- C:\Windows\System\ufseYpg.exe
  C:\Windows\System\ufseYpg.exe
  2⤵
  PID:7072
- C:\Windows\System\auszZcd.exe
  C:\Windows\System\auszZcd.exe
  2⤵
  PID:7116
- C:\Windows\System\ppdVOap.exe
  C:\Windows\System\ppdVOap.exe
  2⤵
  PID:5908
- C:\Windows\System\AWYishv.exe
  C:\Windows\System\AWYishv.exe
  2⤵
  PID:6208
- C:\Windows\System\qRKnuOy.exe
  C:\Windows\System\qRKnuOy.exe
  2⤵
  PID:6604
- C:\Windows\System\rRZDOAk.exe
  C:\Windows\System\rRZDOAk.exe
  2⤵
  PID:6696
- C:\Windows\System\HFlJkxj.exe
  C:\Windows\System\HFlJkxj.exe
  2⤵
  PID:6524
- C:\Windows\System\ZkfDAGo.exe
  C:\Windows\System\ZkfDAGo.exe
  2⤵
  PID:3152
- C:\Windows\System\SNNijhd.exe
  C:\Windows\System\SNNijhd.exe
  2⤵
  PID:7036
- C:\Windows\System\jBEkxio.exe
  C:\Windows\System\jBEkxio.exe
  2⤵
  PID:6928
- C:\Windows\System\RmXTTEH.exe
  C:\Windows\System\RmXTTEH.exe
  2⤵
  PID:1272
- C:\Windows\System\SvhUZJA.exe
  C:\Windows\System\SvhUZJA.exe
  2⤵
  PID:5948
- C:\Windows\System\bNgTtrA.exe
  C:\Windows\System\bNgTtrA.exe
  2⤵
  PID:2472
- C:\Windows\System\xtwLVBr.exe
  C:\Windows\System\xtwLVBr.exe
  2⤵
  PID:6764
- C:\Windows\System\qgPdWoB.exe
  C:\Windows\System\qgPdWoB.exe
  2⤵
  PID:7056
- C:\Windows\System\UjHNpCM.exe
  C:\Windows\System\UjHNpCM.exe
  2⤵
  PID:7176
- C:\Windows\System\IMXptaO.exe
  C:\Windows\System\IMXptaO.exe
  2⤵
  PID:7212
- C:\Windows\System\qSLNxRE.exe
  C:\Windows\System\qSLNxRE.exe
  2⤵
  PID:7236
- C:\Windows\System\sfyQHDM.exe
  C:\Windows\System\sfyQHDM.exe
  2⤵
  PID:7260
- C:\Windows\System\lgMWZwE.exe
  C:\Windows\System\lgMWZwE.exe
  2⤵
  PID:7300
- C:\Windows\System\prMWyjx.exe
  C:\Windows\System\prMWyjx.exe
  2⤵
  PID:7356
- C:\Windows\System\XbhMeqr.exe
  C:\Windows\System\XbhMeqr.exe
  2⤵
  PID:7404
- C:\Windows\System\LJfgJih.exe
  C:\Windows\System\LJfgJih.exe
  2⤵
  PID:7452
- C:\Windows\System\DQSgkNl.exe
  C:\Windows\System\DQSgkNl.exe
  2⤵
  PID:7480
- C:\Windows\System\OqdcjkP.exe
  C:\Windows\System\OqdcjkP.exe
  2⤵
  PID:7500
- C:\Windows\System\kwmQjrQ.exe
  C:\Windows\System\kwmQjrQ.exe
  2⤵
  PID:7544
- C:\Windows\System\XhDnFwU.exe
  C:\Windows\System\XhDnFwU.exe
  2⤵
  PID:7564
- C:\Windows\System\KIxtlyB.exe
  C:\Windows\System\KIxtlyB.exe
  2⤵
  PID:7588
- C:\Windows\System\SdZQSVa.exe
  C:\Windows\System\SdZQSVa.exe
  2⤵
  PID:7604
- C:\Windows\System\ivfClZo.exe
  C:\Windows\System\ivfClZo.exe
  2⤵
  PID:7664
- C:\Windows\System\jcRDqia.exe
  C:\Windows\System\jcRDqia.exe
  2⤵
  PID:7732
- C:\Windows\System\cFUQOeP.exe
  C:\Windows\System\cFUQOeP.exe
  2⤵
  PID:7760
- C:\Windows\System\llTPyqP.exe
  C:\Windows\System\llTPyqP.exe
  2⤵
  PID:7828
- C:\Windows\System\PxqTTuC.exe
  C:\Windows\System\PxqTTuC.exe
  2⤵
  PID:7872
- C:\Windows\System\KTJKBVQ.exe
  C:\Windows\System\KTJKBVQ.exe
  2⤵
  PID:7892
- C:\Windows\System\CJUizGS.exe
  C:\Windows\System\CJUizGS.exe
  2⤵
  PID:7908
- C:\Windows\System\TyCnYUu.exe
  C:\Windows\System\TyCnYUu.exe
  2⤵
  PID:7944
- C:\Windows\System\CXfqNls.exe
  C:\Windows\System\CXfqNls.exe
  2⤵
  PID:8008
- C:\Windows\System\oGxNMxW.exe
  C:\Windows\System\oGxNMxW.exe
  2⤵
  PID:8076
- C:\Windows\System\IgsGeze.exe
  C:\Windows\System\IgsGeze.exe
  2⤵
  PID:8112
- C:\Windows\System\ibMjJbK.exe
  C:\Windows\System\ibMjJbK.exe
  2⤵
  PID:8188
- C:\Windows\System\NpcjYtI.exe
  C:\Windows\System\NpcjYtI.exe
  2⤵
  PID:6720
- C:\Windows\System\yLuOJcL.exe
  C:\Windows\System\yLuOJcL.exe
  2⤵
  PID:7244
- C:\Windows\System\NWifhNU.exe
  C:\Windows\System\NWifhNU.exe
  2⤵
  PID:7448
- C:\Windows\System\xoFfqRK.exe
  C:\Windows\System\xoFfqRK.exe
  2⤵
  PID:7488
- C:\Windows\System\Gbutvsa.exe
  C:\Windows\System\Gbutvsa.exe
  2⤵
  PID:7620
- C:\Windows\System\gwMPnfb.exe
  C:\Windows\System\gwMPnfb.exe
  2⤵
  PID:7684
- C:\Windows\System\zbaCpUs.exe
  C:\Windows\System\zbaCpUs.exe
  2⤵
  PID:7596
- C:\Windows\System\utrYHok.exe
  C:\Windows\System\utrYHok.exe
  2⤵
  PID:7712
- C:\Windows\System\nZEVOiW.exe
  C:\Windows\System\nZEVOiW.exe
  2⤵
  PID:7884
- C:\Windows\System\yPIpfnf.exe
  C:\Windows\System\yPIpfnf.exe
  2⤵
  PID:7936
- C:\Windows\System\uXqNrjY.exe
  C:\Windows\System\uXqNrjY.exe
  2⤵
  PID:7904
- C:\Windows\System\HxyQEVR.exe
  C:\Windows\System\HxyQEVR.exe
  2⤵
  PID:7996
- C:\Windows\System\jBeFZyr.exe
  C:\Windows\System\jBeFZyr.exe
  2⤵
  PID:8088
- C:\Windows\System\CVxpLMg.exe
  C:\Windows\System\CVxpLMg.exe
  2⤵
  PID:8048
- C:\Windows\System\kcjesJJ.exe
  C:\Windows\System\kcjesJJ.exe
  2⤵
  PID:7148
- C:\Windows\System\NcUfLOn.exe
  C:\Windows\System\NcUfLOn.exe
  2⤵
  PID:7340
- C:\Windows\System\ZpDoJSw.exe
  C:\Windows\System\ZpDoJSw.exe
  2⤵
  PID:7472
- C:\Windows\System\ThaPOiv.exe
  C:\Windows\System\ThaPOiv.exe
  2⤵
  PID:7512
- C:\Windows\System\nDGNHuZ.exe
  C:\Windows\System\nDGNHuZ.exe
  2⤵
  PID:7816
- C:\Windows\System\AMSegju.exe
  C:\Windows\System\AMSegju.exe
  2⤵
  PID:7956
- C:\Windows\System\wsomYHY.exe
  C:\Windows\System\wsomYHY.exe
  2⤵
  PID:7988
- C:\Windows\System\SyMTUno.exe
  C:\Windows\System\SyMTUno.exe
  2⤵
  PID:7776
- C:\Windows\System\ebnLQJV.exe
  C:\Windows\System\ebnLQJV.exe
  2⤵
  PID:7204
- C:\Windows\System\RDPPypj.exe
  C:\Windows\System\RDPPypj.exe
  2⤵
  PID:6496
- C:\Windows\System\CWMHaVL.exe
  C:\Windows\System\CWMHaVL.exe
  2⤵
  PID:7524
- C:\Windows\System\VychzLM.exe
  C:\Windows\System\VychzLM.exe
  2⤵
  PID:7648
- C:\Windows\System\DIzWtFv.exe
  C:\Windows\System\DIzWtFv.exe
  2⤵
  PID:8020
- C:\Windows\System\vMZeUsp.exe
  C:\Windows\System\vMZeUsp.exe
  2⤵
  PID:8100
- C:\Windows\System\hrotnHQ.exe
  C:\Windows\System\hrotnHQ.exe
  2⤵
  PID:8140
- C:\Windows\System\hPpMkAm.exe
  C:\Windows\System\hPpMkAm.exe
  2⤵
  PID:7428
- C:\Windows\System\jnxLEqA.exe
  C:\Windows\System\jnxLEqA.exe
  2⤵
  PID:7880
- C:\Windows\System\WoSwbXn.exe
  C:\Windows\System\WoSwbXn.exe
  2⤵
  PID:8172
- C:\Windows\System\AmesvqH.exe
  C:\Windows\System\AmesvqH.exe
  2⤵
  PID:7540
- C:\Windows\System\SvDYSIK.exe
  C:\Windows\System\SvDYSIK.exe
  2⤵
  PID:7844
- C:\Windows\System\ZGxQSFU.exe
  C:\Windows\System\ZGxQSFU.exe
  2⤵
  PID:7324
- C:\Windows\System\zCkhHFi.exe
  C:\Windows\System\zCkhHFi.exe
  2⤵
  PID:7720
- C:\Windows\System\oaVyrHb.exe
  C:\Windows\System\oaVyrHb.exe
  2⤵
  PID:8196
- C:\Windows\System\uiGowKe.exe
  C:\Windows\System\uiGowKe.exe
  2⤵
  PID:8216
- C:\Windows\System\oCmejBU.exe
  C:\Windows\System\oCmejBU.exe
  2⤵
  PID:8252
- C:\Windows\System\LXmgkTR.exe
  C:\Windows\System\LXmgkTR.exe
  2⤵
  PID:8304
- C:\Windows\System\Kbuzypv.exe
  C:\Windows\System\Kbuzypv.exe
  2⤵
  PID:8320
- C:\Windows\System\bWTogMf.exe
  C:\Windows\System\bWTogMf.exe
  2⤵
  PID:8364
- C:\Windows\System\QLdAOfQ.exe
  C:\Windows\System\QLdAOfQ.exe
  2⤵
  PID:8400
- C:\Windows\System\kqRaYPa.exe
  C:\Windows\System\kqRaYPa.exe
  2⤵
  PID:8432
- C:\Windows\System\bqyFtsx.exe
  C:\Windows\System\bqyFtsx.exe
  2⤵
  PID:8464
- C:\Windows\System\HosXbgJ.exe
  C:\Windows\System\HosXbgJ.exe
  2⤵
  PID:8492
- C:\Windows\System\bYBzmMD.exe
  C:\Windows\System\bYBzmMD.exe
  2⤵
  PID:8512
- C:\Windows\System\yDcSuHV.exe
  C:\Windows\System\yDcSuHV.exe
  2⤵
  PID:8536
- C:\Windows\System\wwmllaq.exe
  C:\Windows\System\wwmllaq.exe
  2⤵
  PID:8572
- C:\Windows\System\YYCRFmD.exe
  C:\Windows\System\YYCRFmD.exe
  2⤵
  PID:8632
- C:\Windows\System\mNohXqC.exe
  C:\Windows\System\mNohXqC.exe
  2⤵
  PID:8660
- C:\Windows\System\IgvLPNO.exe
  C:\Windows\System\IgvLPNO.exe
  2⤵
  PID:8692
- C:\Windows\System\jAYvohV.exe
  C:\Windows\System\jAYvohV.exe
  2⤵
  PID:8724
- C:\Windows\System\ocpKWxM.exe
  C:\Windows\System\ocpKWxM.exe
  2⤵
  PID:8748
- C:\Windows\System\DChFKJx.exe
  C:\Windows\System\DChFKJx.exe
  2⤵
  PID:8772
- C:\Windows\System\eswVDGs.exe
  C:\Windows\System\eswVDGs.exe
  2⤵
  PID:8800
- C:\Windows\System\houSjDO.exe
  C:\Windows\System\houSjDO.exe
  2⤵
  PID:8820
- C:\Windows\System\CuPYgQH.exe
  C:\Windows\System\CuPYgQH.exe
  2⤵
  PID:8840
- C:\Windows\System\vmHlfyU.exe
  C:\Windows\System\vmHlfyU.exe
  2⤵
  PID:8860
- C:\Windows\System\XzLjrkw.exe
  C:\Windows\System\XzLjrkw.exe
  2⤵
  PID:8884
- C:\Windows\System\TRUUghn.exe
  C:\Windows\System\TRUUghn.exe
  2⤵
  PID:8908
- C:\Windows\System\GxoqlVt.exe
  C:\Windows\System\GxoqlVt.exe
  2⤵
  PID:8936
- C:\Windows\System\vtiZvSr.exe
  C:\Windows\System\vtiZvSr.exe
  2⤵
  PID:8956
- C:\Windows\System\ngMDGVd.exe
  C:\Windows\System\ngMDGVd.exe
  2⤵
  PID:8976
- C:\Windows\System\KPUTnbj.exe
  C:\Windows\System\KPUTnbj.exe
  2⤵
  PID:9016
- C:\Windows\System\moHrENU.exe
  C:\Windows\System\moHrENU.exe
  2⤵
  PID:9064
- C:\Windows\System\wGcsTvM.exe
  C:\Windows\System\wGcsTvM.exe
  2⤵
  PID:9132
- C:\Windows\System\vXKtTzq.exe
  C:\Windows\System\vXKtTzq.exe
  2⤵
  PID:9152
- C:\Windows\System\anFOLAu.exe
  C:\Windows\System\anFOLAu.exe
  2⤵
  PID:9168
- C:\Windows\System\dtgJclt.exe
  C:\Windows\System\dtgJclt.exe
  2⤵
  PID:8208
- C:\Windows\System\eibAeoG.exe
  C:\Windows\System\eibAeoG.exe
  2⤵
  PID:8280
- C:\Windows\System\cXcTZqO.exe
  C:\Windows\System\cXcTZqO.exe
  2⤵
  PID:8312
- C:\Windows\System\AhDPeWS.exe
  C:\Windows\System\AhDPeWS.exe
  2⤵
  PID:8376
- C:\Windows\System\yAFoaaC.exe
  C:\Windows\System\yAFoaaC.exe
  2⤵
  PID:8452
- C:\Windows\System\rckPvCi.exe
  C:\Windows\System\rckPvCi.exe
  2⤵
  PID:8524
- C:\Windows\System\yhGdaDR.exe
  C:\Windows\System\yhGdaDR.exe
  2⤵
  PID:8616
- C:\Windows\System\qzgOMdE.exe
  C:\Windows\System\qzgOMdE.exe
  2⤵
  PID:8628
- C:\Windows\System\pJsFOQY.exe
  C:\Windows\System\pJsFOQY.exe
  2⤵
  PID:8740
- C:\Windows\System\RBlvXuv.exe
  C:\Windows\System\RBlvXuv.exe
  2⤵
  PID:8764
- C:\Windows\System\qWuAMkZ.exe
  C:\Windows\System\qWuAMkZ.exe
  2⤵
  PID:8784
- C:\Windows\System\QKymXeW.exe
  C:\Windows\System\QKymXeW.exe
  2⤵
  PID:8836
- C:\Windows\System\fwHpecQ.exe
  C:\Windows\System\fwHpecQ.exe
  2⤵
  PID:8896
- C:\Windows\System\zxQZqzJ.exe
  C:\Windows\System\zxQZqzJ.exe
  2⤵
  PID:8828
- C:\Windows\System\sZYMjWH.exe
  C:\Windows\System\sZYMjWH.exe
  2⤵
  PID:8952
- C:\Windows\System\pHARqlV.exe
  C:\Windows\System\pHARqlV.exe
  2⤵
  PID:9052
- C:\Windows\System\NyNiURv.exe
  C:\Windows\System\NyNiURv.exe
  2⤵
  PID:9000
- C:\Windows\System\LOqrEMF.exe
  C:\Windows\System\LOqrEMF.exe
  2⤵
  PID:9188
- C:\Windows\System\thmdnef.exe
  C:\Windows\System\thmdnef.exe
  2⤵
  PID:9212
- C:\Windows\System\hUkpJxU.exe
  C:\Windows\System\hUkpJxU.exe
  2⤵
  PID:8212
- C:\Windows\System\OHpCoZw.exe
  C:\Windows\System\OHpCoZw.exe
  2⤵
  PID:8348
- C:\Windows\System\ikmJgdH.exe
  C:\Windows\System\ikmJgdH.exe
  2⤵
  PID:8416
- C:\Windows\System\jJpPXui.exe
  C:\Windows\System\jJpPXui.exe
  2⤵
  PID:8588
- C:\Windows\System\IEGSKrV.exe
  C:\Windows\System\IEGSKrV.exe
  2⤵
  PID:8816
- C:\Windows\System\HaKCrFg.exe
  C:\Windows\System\HaKCrFg.exe
  2⤵
  PID:9032
- C:\Windows\System\EiiwEMG.exe
  C:\Windows\System\EiiwEMG.exe
  2⤵
  PID:8968
- C:\Windows\System\QGZTdrG.exe
  C:\Windows\System\QGZTdrG.exe
  2⤵
  PID:9004
- C:\Windows\System\skiajGi.exe
  C:\Windows\System\skiajGi.exe
  2⤵
  PID:8244
- C:\Windows\System\hnxWdNB.exe
  C:\Windows\System\hnxWdNB.exe
  2⤵
  PID:8476
- C:\Windows\System\PrSTNNn.exe
  C:\Windows\System\PrSTNNn.exe
  2⤵
  PID:8328
- C:\Windows\System\KLmuaLz.exe
  C:\Windows\System\KLmuaLz.exe
  2⤵
  PID:9128
- C:\Windows\System\dbnRBGL.exe
  C:\Windows\System\dbnRBGL.exe
  2⤵
  PID:9228
- C:\Windows\System\daWtQPx.exe
  C:\Windows\System\daWtQPx.exe
  2⤵
  PID:9256
- C:\Windows\System\ZFswgah.exe
  C:\Windows\System\ZFswgah.exe
  2⤵
  PID:9272
- C:\Windows\System\YsoeOZx.exe
  C:\Windows\System\YsoeOZx.exe
  2⤵
  PID:9304
- C:\Windows\System\lxmghwr.exe
  C:\Windows\System\lxmghwr.exe
  2⤵
  PID:9324
- C:\Windows\System\QlbNweK.exe
  C:\Windows\System\QlbNweK.exe
  2⤵
  PID:9356
- C:\Windows\System\PzMdKVb.exe
  C:\Windows\System\PzMdKVb.exe
  2⤵
  PID:9396
- C:\Windows\System\fSHtbzO.exe
  C:\Windows\System\fSHtbzO.exe
  2⤵
  PID:9440
- C:\Windows\System\BYSSsQQ.exe
  C:\Windows\System\BYSSsQQ.exe
  2⤵
  PID:9460
- C:\Windows\System\BRhoTBo.exe
  C:\Windows\System\BRhoTBo.exe
  2⤵
  PID:9488
- C:\Windows\System\JyPdTkJ.exe
  C:\Windows\System\JyPdTkJ.exe
  2⤵
  PID:9608
- C:\Windows\System\sbyNdzz.exe
  C:\Windows\System\sbyNdzz.exe
  2⤵
  PID:9624
- C:\Windows\System\ndAAcPv.exe
  C:\Windows\System\ndAAcPv.exe
  2⤵
  PID:9640
- C:\Windows\System\MPEbhgH.exe
  C:\Windows\System\MPEbhgH.exe
  2⤵
  PID:9656
- C:\Windows\System\FfBbfNm.exe
  C:\Windows\System\FfBbfNm.exe
  2⤵
  PID:9672
- C:\Windows\System\RMlZFbh.exe
  C:\Windows\System\RMlZFbh.exe
  2⤵
  PID:9688
- C:\Windows\System\tFbXAXG.exe
  C:\Windows\System\tFbXAXG.exe
  2⤵
  PID:9704
- C:\Windows\System\RyCnkzQ.exe
  C:\Windows\System\RyCnkzQ.exe
  2⤵
  PID:9720
- C:\Windows\System\nFVRKwQ.exe
  C:\Windows\System\nFVRKwQ.exe
  2⤵
  PID:9736
- C:\Windows\System\GGsPsAC.exe
  C:\Windows\System\GGsPsAC.exe
  2⤵
  PID:9752
- C:\Windows\System\OByAofI.exe
  C:\Windows\System\OByAofI.exe
  2⤵
  PID:9768
- C:\Windows\System\osETTtE.exe
  C:\Windows\System\osETTtE.exe
  2⤵
  PID:9784
- C:\Windows\System\zQKWglE.exe
  C:\Windows\System\zQKWglE.exe
  2⤵
  PID:9800
- C:\Windows\System\agRNsLY.exe
  C:\Windows\System\agRNsLY.exe
  2⤵
  PID:9816
- C:\Windows\System\BBnFsxi.exe
  C:\Windows\System\BBnFsxi.exe
  2⤵
  PID:9832
- C:\Windows\System\nUbEsUC.exe
  C:\Windows\System\nUbEsUC.exe
  2⤵
  PID:9848
- C:\Windows\System\kKaElKc.exe
  C:\Windows\System\kKaElKc.exe
  2⤵
  PID:9864
- C:\Windows\System\GgWwqjE.exe
  C:\Windows\System\GgWwqjE.exe
  2⤵
  PID:9880
- C:\Windows\System\CNKSYck.exe
  C:\Windows\System\CNKSYck.exe
  2⤵
  PID:9896
- C:\Windows\System\EPvAmWC.exe
  C:\Windows\System\EPvAmWC.exe
  2⤵
  PID:9912
- C:\Windows\System\aDTYSQq.exe
  C:\Windows\System\aDTYSQq.exe
  2⤵
  PID:9932
- C:\Windows\System\YXTlFRQ.exe
  C:\Windows\System\YXTlFRQ.exe
  2⤵
  PID:9956
- C:\Windows\System\LpHOiqa.exe
  C:\Windows\System\LpHOiqa.exe
  2⤵
  PID:9988
- C:\Windows\System\SPABKOp.exe
  C:\Windows\System\SPABKOp.exe
  2⤵
  PID:10008
- C:\Windows\System\yQCVrlB.exe
  C:\Windows\System\yQCVrlB.exe
  2⤵
  PID:10056
- C:\Windows\System\sgLOjxg.exe
  C:\Windows\System\sgLOjxg.exe
  2⤵
  PID:10132
- C:\Windows\System\xtHLXIU.exe
  C:\Windows\System\xtHLXIU.exe
  2⤵
  PID:10160
- C:\Windows\System\PwEnwfS.exe
  C:\Windows\System\PwEnwfS.exe
  2⤵
  PID:10180
- C:\Windows\System\ITjXFQm.exe
  C:\Windows\System\ITjXFQm.exe
  2⤵
  PID:10200
- C:\Windows\System\dhaBqEd.exe
  C:\Windows\System\dhaBqEd.exe
  2⤵
  PID:10224
- C:\Windows\System\qRdrupd.exe
  C:\Windows\System\qRdrupd.exe
  2⤵
  PID:4900
- C:\Windows\System\TuDPeDm.exe
  C:\Windows\System\TuDPeDm.exe
  2⤵
  PID:9028
- C:\Windows\System\QZGTqce.exe
  C:\Windows\System\QZGTqce.exe
  2⤵
  PID:9616
- C:\Windows\System\gYUYoSz.exe
  C:\Windows\System\gYUYoSz.exe
  2⤵
  PID:9524
- C:\Windows\System\wkiXvJK.exe
  C:\Windows\System\wkiXvJK.exe
  2⤵
  PID:9696
- C:\Windows\System\JmGDxrO.exe
  C:\Windows\System\JmGDxrO.exe
  2⤵
  PID:9732
- C:\Windows\System\OTvwLIM.exe
  C:\Windows\System\OTvwLIM.exe
  2⤵
  PID:9792
- C:\Windows\System\bkXhEoP.exe
  C:\Windows\System\bkXhEoP.exe
  2⤵
  PID:9860
- C:\Windows\System\NlrDTBz.exe
  C:\Windows\System\NlrDTBz.exe
  2⤵
  PID:9924
- C:\Windows\System\waeuprZ.exe
  C:\Windows\System\waeuprZ.exe
  2⤵
  PID:10168
- C:\Windows\System\ixvsEYe.exe
  C:\Windows\System\ixvsEYe.exe
  2⤵
  PID:9268
- C:\Windows\System\AbqnEkT.exe
  C:\Windows\System\AbqnEkT.exe
  2⤵
  PID:10048
- C:\Windows\System\QvleZUM.exe
  C:\Windows\System\QvleZUM.exe
  2⤵
  PID:10232
- C:\Windows\System\lapLxYR.exe
  C:\Windows\System\lapLxYR.exe
  2⤵
  PID:10140
- C:\Windows\System\EElpIrJ.exe
  C:\Windows\System\EElpIrJ.exe
  2⤵
  PID:9452
- C:\Windows\System\SnNGEba.exe
  C:\Windows\System\SnNGEba.exe
  2⤵
  PID:9556
- C:\Windows\System\ZwKtCki.exe
  C:\Windows\System\ZwKtCki.exe
  2⤵
  PID:9560
- C:\Windows\System\cXwtjGo.exe
  C:\Windows\System\cXwtjGo.exe
  2⤵
  PID:9760
- C:\Windows\System\NUdJKOr.exe
  C:\Windows\System\NUdJKOr.exe
  2⤵
  PID:9856
- C:\Windows\System\AQfCMUi.exe
  C:\Windows\System\AQfCMUi.exe
  2⤵
  PID:10068
- C:\Windows\System\IHxyRhb.exe
  C:\Windows\System\IHxyRhb.exe
  2⤵
  PID:9652
- C:\Windows\System\pCqrvTR.exe
  C:\Windows\System\pCqrvTR.exe
  2⤵
  PID:10192
- C:\Windows\System\RoHrxHp.exe
  C:\Windows\System\RoHrxHp.exe
  2⤵
  PID:5108
- C:\Windows\System\SOHCQIP.exe
  C:\Windows\System\SOHCQIP.exe
  2⤵
  PID:9844
- C:\Windows\System\kHFzuCQ.exe
  C:\Windows\System\kHFzuCQ.exe
  2⤵
  PID:9348
- C:\Windows\System\zOeQGYa.exe
  C:\Windows\System\zOeQGYa.exe
  2⤵
  PID:9448
- C:\Windows\System\taVVAnS.exe
  C:\Windows\System\taVVAnS.exe
  2⤵
  PID:9944
- C:\Windows\System\zxctgZq.exe
  C:\Windows\System\zxctgZq.exe
  2⤵
  PID:10268
- C:\Windows\System\UsGTFWr.exe
  C:\Windows\System\UsGTFWr.exe
  2⤵
  PID:10324
- C:\Windows\System\TSiRVKG.exe
  C:\Windows\System\TSiRVKG.exe
  2⤵
  PID:10368
- C:\Windows\System\JMGIOyR.exe
  C:\Windows\System\JMGIOyR.exe
  2⤵
  PID:10408
- C:\Windows\System\BrGOzKZ.exe
  C:\Windows\System\BrGOzKZ.exe
  2⤵
  PID:10424
- C:\Windows\System\xxYHmhs.exe
  C:\Windows\System\xxYHmhs.exe
  2⤵
  PID:10444
- C:\Windows\System\sqzLkeJ.exe
  C:\Windows\System\sqzLkeJ.exe
  2⤵
  PID:10468
- C:\Windows\System\AIvwQcY.exe
  C:\Windows\System\AIvwQcY.exe
  2⤵
  PID:10484
- C:\Windows\System\nyPfTEW.exe
  C:\Windows\System\nyPfTEW.exe
  2⤵
  PID:10504
- C:\Windows\System\CwmudMT.exe
  C:\Windows\System\CwmudMT.exe
  2⤵
  PID:10520
- C:\Windows\System\shhWULf.exe
  C:\Windows\System\shhWULf.exe
  2⤵
  PID:10544
- C:\Windows\System\EFaOtoU.exe
  C:\Windows\System\EFaOtoU.exe
  2⤵
  PID:10564
- C:\Windows\System\SlMZYhy.exe
  C:\Windows\System\SlMZYhy.exe
  2⤵
  PID:10584
- C:\Windows\System\lJCknps.exe
  C:\Windows\System\lJCknps.exe
  2⤵
  PID:10604
- C:\Windows\System\WpADwAA.exe
  C:\Windows\System\WpADwAA.exe
  2⤵
  PID:10640
- C:\Windows\System\YfnuWZD.exe
  C:\Windows\System\YfnuWZD.exe
  2⤵
  PID:10660
- C:\Windows\System\bQqhNrR.exe
  C:\Windows\System\bQqhNrR.exe
  2⤵
  PID:10684
- C:\Windows\System\fmoTvlB.exe
  C:\Windows\System\fmoTvlB.exe
  2⤵
  PID:10704
- C:\Windows\System\MFnaJXF.exe
  C:\Windows\System\MFnaJXF.exe
  2⤵
  PID:10724
- C:\Windows\System\sLuqULX.exe
  C:\Windows\System\sLuqULX.exe
  2⤵
  PID:10748
- C:\Windows\System\KzwVyRM.exe
  C:\Windows\System\KzwVyRM.exe
  2⤵
  PID:10772
- C:\Windows\System\VNNMTfS.exe
  C:\Windows\System\VNNMTfS.exe
  2⤵
  PID:10840
- C:\Windows\System\FVDhpzi.exe
  C:\Windows\System\FVDhpzi.exe
  2⤵
  PID:10864
- C:\Windows\System\rFJXRTb.exe
  C:\Windows\System\rFJXRTb.exe
  2⤵
  PID:10984
- C:\Windows\System\mvstfXg.exe
  C:\Windows\System\mvstfXg.exe
  2⤵
  PID:11000
- C:\Windows\System\KpwPCFd.exe
  C:\Windows\System\KpwPCFd.exe
  2⤵
  PID:11016
- C:\Windows\System\XOBKAlo.exe
  C:\Windows\System\XOBKAlo.exe
  2⤵
  PID:11044
- C:\Windows\System\cpqVQFz.exe
  C:\Windows\System\cpqVQFz.exe
  2⤵
  PID:11072
- C:\Windows\System\JZmjJZV.exe
  C:\Windows\System\JZmjJZV.exe
  2⤵
  PID:11112
- C:\Windows\System\DqAPhlX.exe
  C:\Windows\System\DqAPhlX.exe
  2⤵
  PID:11136
- C:\Windows\System\SndXCis.exe
  C:\Windows\System\SndXCis.exe
  2⤵
  PID:11164
- C:\Windows\System\oZIvsLc.exe
  C:\Windows\System\oZIvsLc.exe
  2⤵
  PID:11192
- C:\Windows\System\ZYdhwhL.exe
  C:\Windows\System\ZYdhwhL.exe
  2⤵
  PID:11212
- C:\Windows\System\ebLtbeR.exe
  C:\Windows\System\ebLtbeR.exe
  2⤵
  PID:11232
- C:\Windows\System\aPGtaSG.exe
  C:\Windows\System\aPGtaSG.exe
  2⤵
  PID:9664
- C:\Windows\System\AGOlZFt.exe
  C:\Windows\System\AGOlZFt.exe
  2⤵
  PID:10308
- C:\Windows\System\XDjPvIT.exe
  C:\Windows\System\XDjPvIT.exe
  2⤵
  PID:10344
- C:\Windows\System\BeYkEOb.exe
  C:\Windows\System\BeYkEOb.exe
  2⤵
  PID:10384
- C:\Windows\System\KUkbkNe.exe
  C:\Windows\System\KUkbkNe.exe
  2⤵
  PID:10404
- C:\Windows\System\sEVwNUV.exe
  C:\Windows\System\sEVwNUV.exe
  2⤵
  PID:10436
- C:\Windows\System\UNkZBWS.exe
  C:\Windows\System\UNkZBWS.exe
  2⤵
  PID:10500
- C:\Windows\System\eLqFZDh.exe
  C:\Windows\System\eLqFZDh.exe
  2⤵
  PID:10576
- C:\Windows\System\FQQmQXV.exe
  C:\Windows\System\FQQmQXV.exe
  2⤵
  PID:10656
- C:\Windows\System\AWHtpEG.exe
  C:\Windows\System\AWHtpEG.exe
  2⤵
  PID:10788
- C:\Windows\System\mbuUuWG.exe
  C:\Windows\System\mbuUuWG.exe
  2⤵
  PID:10636
- C:\Windows\System\FbcGIiR.exe
  C:\Windows\System\FbcGIiR.exe
  2⤵
  PID:10736
- C:\Windows\System\zrAdzIB.exe
  C:\Windows\System\zrAdzIB.exe
  2⤵
  PID:1372
- C:\Windows\System\aPiEQKw.exe
  C:\Windows\System\aPiEQKw.exe
  2⤵
  PID:10896
- C:\Windows\System\MMGBkvM.exe
  C:\Windows\System\MMGBkvM.exe
  2⤵
  PID:10996
- C:\Windows\System\OfDsyGb.exe
  C:\Windows\System\OfDsyGb.exe
  2⤵
  PID:11144
- C:\Windows\System\KVvbthO.exe
  C:\Windows\System\KVvbthO.exe
  2⤵
  PID:11204
- C:\Windows\System\KCaoiFV.exe
  C:\Windows\System\KCaoiFV.exe
  2⤵
  PID:10004
- C:\Windows\System\lmGzHTp.exe
  C:\Windows\System\lmGzHTp.exe
  2⤵
  PID:10292
- C:\Windows\System\ggWbhXY.exe
  C:\Windows\System\ggWbhXY.exe
  2⤵
  PID:10556
- C:\Windows\System\tQOHcmH.exe
  C:\Windows\System\tQOHcmH.exe
  2⤵
  PID:10720
- C:\Windows\System\pZUmJWO.exe
  C:\Windows\System\pZUmJWO.exe
  2⤵
  PID:1836
- C:\Windows\System\lEYweWm.exe
  C:\Windows\System\lEYweWm.exe
  2⤵
  PID:10888
- C:\Windows\System\MQyYsHW.exe
  C:\Windows\System\MQyYsHW.exe
  2⤵
  PID:10992
- C:\Windows\System\YICBBni.exe
  C:\Windows\System\YICBBni.exe
  2⤵
  PID:11128
- C:\Windows\System\rzAWLpp.exe
  C:\Windows\System\rzAWLpp.exe
  2⤵
  PID:11228
- C:\Windows\System\IGavSwp.exe
  C:\Windows\System\IGavSwp.exe
  2⤵
  PID:3716
- C:\Windows\System\IqhazvV.exe
  C:\Windows\System\IqhazvV.exe
  2⤵
  PID:10416
- C:\Windows\System\GIHBFDW.exe
  C:\Windows\System\GIHBFDW.exe
  2⤵
  PID:10716
- C:\Windows\System\pLojdJQ.exe
  C:\Windows\System\pLojdJQ.exe
  2⤵
  PID:11032
- C:\Windows\System\DhEoRhX.exe
  C:\Windows\System\DhEoRhX.exe
  2⤵
  PID:2216
- C:\Windows\System\uhDkfzp.exe
  C:\Windows\System\uhDkfzp.exe
  2⤵
  PID:11276
- C:\Windows\System\fCLapva.exe
  C:\Windows\System\fCLapva.exe
  2⤵
  PID:11296
- C:\Windows\System\vmGxZDN.exe
  C:\Windows\System\vmGxZDN.exe
  2⤵
  PID:11324
- C:\Windows\System\TaZsuTi.exe
  C:\Windows\System\TaZsuTi.exe
  2⤵
  PID:11376
- C:\Windows\System\mSZoECk.exe
  C:\Windows\System\mSZoECk.exe
  2⤵
  PID:11408
- C:\Windows\System\dxFILFB.exe
  C:\Windows\System\dxFILFB.exe
  2⤵
  PID:11436
- C:\Windows\System\ZtivJyA.exe
  C:\Windows\System\ZtivJyA.exe
  2⤵
  PID:11456
- C:\Windows\System\LBWOZTp.exe
  C:\Windows\System\LBWOZTp.exe
  2⤵
  PID:11476
- C:\Windows\System\dYEakrp.exe
  C:\Windows\System\dYEakrp.exe
  2⤵
  PID:11496
- C:\Windows\System\jmEcSUE.exe
  C:\Windows\System\jmEcSUE.exe
  2⤵
  PID:11516
- C:\Windows\System\vtsxMVN.exe
  C:\Windows\System\vtsxMVN.exe
  2⤵
  PID:11556
- C:\Windows\System\bPMOZee.exe
  C:\Windows\System\bPMOZee.exe
  2⤵
  PID:11576
- C:\Windows\System\WfnxJtH.exe
  C:\Windows\System\WfnxJtH.exe
  2⤵
  PID:11596
- C:\Windows\System\qBidyZy.exe
  C:\Windows\System\qBidyZy.exe
  2⤵
  PID:11656
- C:\Windows\System\AlAvdrT.exe
  C:\Windows\System\AlAvdrT.exe
  2⤵
  PID:11696
- C:\Windows\System\acvXFmQ.exe
  C:\Windows\System\acvXFmQ.exe
  2⤵
  PID:11716
- C:\Windows\System\ThORDTZ.exe
  C:\Windows\System\ThORDTZ.exe
  2⤵
  PID:11768
- C:\Windows\System\yFZMPKC.exe
  C:\Windows\System\yFZMPKC.exe
  2⤵
  PID:11800
- C:\Windows\System\LcLnoFV.exe
  C:\Windows\System\LcLnoFV.exe
  2⤵
  PID:11824
- C:\Windows\System\lqQgFna.exe
  C:\Windows\System\lqQgFna.exe
  2⤵
  PID:11856
- C:\Windows\System\SAhqimq.exe
  C:\Windows\System\SAhqimq.exe
  2⤵
  PID:11876
- C:\Windows\System\BTsTjgt.exe
  C:\Windows\System\BTsTjgt.exe
  2⤵
  PID:11892
- C:\Windows\System\LsOWGiR.exe
  C:\Windows\System\LsOWGiR.exe
  2⤵
  PID:11912
- C:\Windows\System\oFAhTnV.exe
  C:\Windows\System\oFAhTnV.exe
  2⤵
  PID:11932
- C:\Windows\System\mGDHycQ.exe
  C:\Windows\System\mGDHycQ.exe
  2⤵
  PID:11996
- C:\Windows\System\wgGPJJX.exe
  C:\Windows\System\wgGPJJX.exe
  2⤵
  PID:12016
- C:\Windows\System\VAGVuQq.exe
  C:\Windows\System\VAGVuQq.exe
  2⤵
  PID:12036
- C:\Windows\System\OjocPxs.exe
  C:\Windows\System\OjocPxs.exe
  2⤵
  PID:12052
- C:\Windows\System\wXUsbpB.exe
  C:\Windows\System\wXUsbpB.exe
  2⤵
  PID:12080
- C:\Windows\System\irazYMZ.exe
  C:\Windows\System\irazYMZ.exe
  2⤵
  PID:12100
- C:\Windows\System\cBNFYqd.exe
  C:\Windows\System\cBNFYqd.exe
  2⤵
  PID:12120
- C:\Windows\System\ErNwemS.exe
  C:\Windows\System\ErNwemS.exe
  2⤵
  PID:12140
- C:\Windows\System\yCEtESc.exe
  C:\Windows\System\yCEtESc.exe
  2⤵
  PID:12168
- C:\Windows\System\flXwsNL.exe
  C:\Windows\System\flXwsNL.exe
  2⤵
  PID:12184
- C:\Windows\System\TrilGZG.exe
  C:\Windows\System\TrilGZG.exe
  2⤵
  PID:12204
- C:\Windows\System\BuduGzv.exe
  C:\Windows\System\BuduGzv.exe
  2⤵
  PID:12264
- C:\Windows\System\tJaOWtm.exe
  C:\Windows\System\tJaOWtm.exe
  2⤵
  PID:12284
- C:\Windows\System\zMQdsSl.exe
  C:\Windows\System\zMQdsSl.exe
  2⤵
  PID:10600
- C:\Windows\System\FLQJjgx.exe
  C:\Windows\System\FLQJjgx.exe
  2⤵
  PID:11340
- C:\Windows\System\lNKOkfi.exe
  C:\Windows\System\lNKOkfi.exe
  2⤵
  PID:11400
- C:\Windows\System\RTfWxlv.exe
  C:\Windows\System\RTfWxlv.exe
  2⤵
  PID:11512
- C:\Windows\System\GoFpusM.exe
  C:\Windows\System\GoFpusM.exe
  2⤵
  PID:11572
- C:\Windows\System\rbHsZva.exe
  C:\Windows\System\rbHsZva.exe
  2⤵
  PID:11644
- C:\Windows\System\VYSciSf.exe
  C:\Windows\System\VYSciSf.exe
  2⤵
  PID:11688
- C:\Windows\System\cnEZIJQ.exe
  C:\Windows\System\cnEZIJQ.exe
  2⤵
  PID:11760
- C:\Windows\System\suGeHvF.exe
  C:\Windows\System\suGeHvF.exe
  2⤵
  PID:11872
- C:\Windows\System\lwlRTwu.exe
  C:\Windows\System\lwlRTwu.exe
  2⤵
  PID:11952
- C:\Windows\System\tscLccm.exe
  C:\Windows\System\tscLccm.exe
  2⤵
  PID:12004
- C:\Windows\System\sgxxuwk.exe
  C:\Windows\System\sgxxuwk.exe
  2⤵
  PID:12044
- C:\Windows\System\wfVYwaI.exe
  C:\Windows\System\wfVYwaI.exe
  2⤵
  PID:12096
- C:\Windows\System\YlnECqA.exe
  C:\Windows\System\YlnECqA.exe
  2⤵
  PID:12220
- C:\Windows\System\sjUvQSW.exe
  C:\Windows\System\sjUvQSW.exe
  2⤵
  PID:12228
- C:\Windows\System\UqbZjSf.exe
  C:\Windows\System\UqbZjSf.exe
  2⤵
  PID:12280
- C:\Windows\System\qvdzrZp.exe
  C:\Windows\System\qvdzrZp.exe
  2⤵
  PID:2796
- C:\Windows\System\GmwznLJ.exe
  C:\Windows\System\GmwznLJ.exe
  2⤵
  PID:11680
- C:\Windows\System\IEbTkSv.exe
  C:\Windows\System\IEbTkSv.exe
  2⤵
  PID:11708
- C:\Windows\System\fdHAVMV.exe
  C:\Windows\System\fdHAVMV.exe
  2⤵
  PID:11888
- C:\Windows\System\ruEOmvP.exe
  C:\Windows\System\ruEOmvP.exe
  2⤵
  PID:12060
- C:\Windows\System\YyraiSA.exe
  C:\Windows\System\YyraiSA.exe
  2⤵
  PID:12132
- C:\Windows\System\bIpuTfK.exe
  C:\Windows\System\bIpuTfK.exe
  2⤵
  PID:12192
- C:\Windows\System\yxMFzCb.exe
  C:\Windows\System\yxMFzCb.exe
  2⤵
  PID:11608
- C:\Windows\System\sHVtVSB.exe
  C:\Windows\System\sHVtVSB.exe
  2⤵
  PID:11592
- C:\Windows\System\QbupZRe.exe
  C:\Windows\System\QbupZRe.exe
  2⤵
  PID:12260
- C:\Windows\System\xItEiTE.exe
  C:\Windows\System\xItEiTE.exe
  2⤵
  PID:12316
- C:\Windows\System\AaAcTzO.exe
  C:\Windows\System\AaAcTzO.exe
  2⤵
  PID:12340
- C:\Windows\System\omDDIYv.exe
  C:\Windows\System\omDDIYv.exe
  2⤵
  PID:12360
- C:\Windows\System\MVGgtmE.exe
  C:\Windows\System\MVGgtmE.exe
  2⤵
  PID:12412
- C:\Windows\System\RhdJdge.exe
  C:\Windows\System\RhdJdge.exe
  2⤵
  PID:12448
- C:\Windows\System\tZkNudN.exe
  C:\Windows\System\tZkNudN.exe
  2⤵
  PID:12464
- C:\Windows\System\vNwDMAr.exe
  C:\Windows\System\vNwDMAr.exe
  2⤵
  PID:12500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jamztwcs.04b.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\EjRZiZu.exe

Filesize
1.6MB

MD5
db0db16b0638f166a3d20765a8319b0e

SHA1
598a27f324c20fae9b4a227b88ca4ad4f9da8e1a

SHA256
15c79fa0bc44f4da8d8de5790f48b361a250401fb8ac79eb566214ade3bdf055

SHA512
8ed29a87f12cdd32b25a45818457b2463f82ea06b5dc0cf4d33714ce7039ff2083c2bc8ea7bbefad49ebe28f812fd75b77def3b22264eaa721d7ef30e0baa7ba

Download Submit
C:\Windows\System\HGKdgDi.exe

Filesize
1.6MB

MD5
3db3f8ea3164479ab7d763a41721ce46

SHA1
f1b642be2df4ce51f87127221934f3d43b2bc39d

SHA256
a177ef155f7971e0a43ce46d511400165a63d0f5c3f9587b6877af9a533cd40b

SHA512
61217e9db2b06e1dd5b2e38983db70868ebaa2456065777adfebd8074b8ec4bbe92f92f01ca9a42f90edf1f541ab11ccf5eb7d383b46b6c824c24ad34f014b28

Download Submit
C:\Windows\System\HMYTpJi.exe

Filesize
1.6MB

MD5
061c5930468a7dcf4afeb6c5794e5595

SHA1
d9984cdde7e497e1a52951c8bcc6673fc6755ba2

SHA256
b63a809a2441f7a075587e8d645ec83580d7d103009f00f394ffe5317a34db71

SHA512
2795454491c32887316cc14625abb4d5d523fc2823bd485fe6ab9a9aec51c96642a52fabf659de6adaf297afb1d45dc020ec20510e5686bf47899988613447e6

Download Submit
C:\Windows\System\HuAFPra.exe

Filesize
1.6MB

MD5
4b5a906dca00055087315b21b25a217b

SHA1
4d8ae6fed130f0ba314dcd45d5424d9b77699697

SHA256
0624071375aba23ca1fbfd19ace5e41b3384206cbc1bcbbfbf12dc352ca7c683

SHA512
b2ceaf7afe135290c3ea9bf45b78dd553d6918291c60ac45704a9ea467f785b9723ae74a46264c85231bb9389e41233a4092f20a6774041ca6ca7c531590fe21

Download Submit
C:\Windows\System\KhVQdxI.exe

Filesize
1.6MB

MD5
96a6e1ddca0af796a786dfa03b8c481e

SHA1
943fae84d72c8e36bd10441e1d65206c08eb1fcc

SHA256
0baa4a405d83c13787e4dfba0f12e135e18e6d0ed1de1cfa9599877189a09098

SHA512
77076bef78a021b0d5b19e6b796c0af48d1a67761812ee66aea7bf7673a7b360f4a3b9683f73e00fdce13bbe3f03da6c109b5e0062b43ee87ca9829f5b1280f6

Download Submit
C:\Windows\System\LPFdRJv.exe

Filesize
1.6MB

MD5
8b67faa6df9d62a8970b1ded74162535

SHA1
c7c7f2a79d0fedae67be59f0bc73b6ec627c259e

SHA256
95aefb7df15b965fc49aa7fdaeae2b01667e6842530c7e83990b1c9313e075e0

SHA512
00ca599dcd50f6f8b99fc2fba9bf197142d25f3a1de021978f517c6f77d45946a4b21765eea48d6cd884bc90634f5dc9befe972f172bf1198bc8144d0436f723

Download Submit
C:\Windows\System\NXgsKIf.exe

Filesize
1.6MB

MD5
853ba81d611ed003f147bf5b0a2d3458

SHA1
1279d6bd530e2ad0b77b8cab28e1ef569ff8fa21

SHA256
77538aa8ca26a3d86c00203b6b298620659acb40458b501c69fef0f60cfacdc1

SHA512
752ad9e52c1930af5441853697e4874a219de1c77573b32a3d9d764a20cc4873215bdac038e0653aeacaff102fffb7e6811ea08a0138f82d68347ee63573be6f

Download Submit
C:\Windows\System\OKznSmP.exe

Filesize
1.6MB

MD5
cbdfa75308eb5dc6d4b71407bdd8d5da

SHA1
c8e3189d78338822ff8c644ebb87d3ce586ae172

SHA256
7f3580b2174d8c8f795c3d4756f49a3cbf57fff50e8abbebaa6b3cc855fd9a10

SHA512
2b8014050caa5b24c387a1048ccc6f8166a45922d8f2ffa0c2df500c5774ca33eda2d5e8c4e8bc6199084a2fcd85e9412c77305fb292e53c8b19d8e264b198f6

Download Submit
C:\Windows\System\OQcMPui.exe

Filesize
1.6MB

MD5
ca0c0e44d588b893e5b58b18b40f77f2

SHA1
9978060379f42e59b5899ea6ec0d17e7a70393c9

SHA256
66ff1b3931d9014db3e9e1db3e6823482dc17520766b33e8eb20ee5d6bcf591f

SHA512
322e2aa7ab2de1a842770822a56980e29810fe430d61ef79d9215b036077550f6069b92e35e940751ef424fea40c5e2701d5b78675854430d7c71aea135f19b5

Download Submit
C:\Windows\System\OaMZIjU.exe

Filesize
1.6MB

MD5
de1bcf903181934b5bf665f255408e7f

SHA1
0def7ad380f4dc754461ac57fa0ac6069af5ee8b

SHA256
224e84f269e411f5e09fc4a20e7cf672f34b7893de0dba434e8c576d4da6fa4c

SHA512
c107120ab1505086be47947a7efad1a5bd8069e674f6659eeeb7f211c82731bdb4b117ab618041fbc77633e19e86b0c489fff8a21b247f461c1eaa304b11420a

Download Submit
C:\Windows\System\PdILTNy.exe

Filesize
1.6MB

MD5
7239bb5c7eebe46966f164c03aece2d4

SHA1
71249e5efac4ee25647e194ed1e84c55e401dc5a

SHA256
1303be3e49cb53b8b533c3bfaa1205c4f5037fbe639a540098db6a67f991dcec

SHA512
51ef92c62280a3991948519ef8b90e375cf2602aa80aafd5ec9aa630209e867fe39cf1d44426c511d0a300439f2a15b3f01aa372929aff7d794769e9d932c576

Download Submit
C:\Windows\System\RjZPMyN.exe

Filesize
1.6MB

MD5
61fea4df96c93a8e52959d2ed508de9f

SHA1
60fd450b026e9f93287ce4c0f7f5e6d149579a16

SHA256
9ace9115e81d88259edb4bbc72b911b9ee93b2a7824212ab8ba17ad5fb0908bd

SHA512
112c27589fbd6c9dd7603810f871474aabdbd20a5e8c259489c8910a6082c3895d73a1b8a350d0912498239ff73f8a0846c467b0df09ca1c4a6275afc8c24ac8

Download Submit
C:\Windows\System\SBAtHWD.exe

Filesize
1.6MB

MD5
dcdd76214ff026805a1b10f3c2834f1f

SHA1
363bccf4c8e4d5047b0409161fb70b000858ea10

SHA256
fb43ecb364df65b62cf9541cc8ee025d8bb740afe4b3d5be31d09cce042ff7cb

SHA512
7353df0eb691d3b4b4b430d2718119890440b07789ac263f39e897289d53eea9ceeb09c1171540ae1b9f8e5c654002afe0ae7ab972f6e1a517ab2afbc0ed5c54

Download Submit
C:\Windows\System\UGWqMBp.exe

Filesize
1.6MB

MD5
1fe6a2365b1a01d520aa71faedb805a6

SHA1
20a9a3df982d0220dd3f87a00a7140238c3f8806

SHA256
f91940ece3129602ff4b824a95e82e8cc6bfffc648586eb7c10577beeed1c772

SHA512
ff3293064a7aa570f9ff603111f506596abd56598270abc5067f593a9b2fba272784c0a8474ad4fd7a75ab44be9b77e440522fb642f1963ba32d3015b1901815

Download Submit
C:\Windows\System\VjAnMMk.exe

Filesize
1.6MB

MD5
ad4eb1da8a64508c802175c71a1a80ac

SHA1
27293131339cedb5c28f42abc4a80a8c75c9b133

SHA256
1bb17a1e26afdcf3ed01c2cf9fa55d05cea748a2f9b359a60e89a2510d15df59

SHA512
10f9c05c744690f0d7c60565c0431e8d51c91aeab08fd4cf2f827254bf47e6a4f7c78f2ee4e4547b4d5f40332e0e2b275ec0dcba7202e02b0adf1d441c1f04a1

Download Submit
C:\Windows\System\VmRDPLk.exe

Filesize
1.6MB

MD5
13c23eef83e8d716ecc4bd5f0a0c3df7

SHA1
23456c953501711aff10c9450c1057ba561f3781

SHA256
ca8fa2650e2096b14fc7b03c8579014255c0a670f5714343b534fc9deb82a560

SHA512
b605b83e0def7b6ee57b251e383372d322059a256356ba5780cf87b2c31772ae4eed94d2b90ebefec7279c587eaffc55193a0e01532c582f7a0cf008b61cbde5

Download Submit
C:\Windows\System\WNkSmJR.exe

Filesize
1.6MB

MD5
2057b5425183b2b309a9cac0975c1de1

SHA1
b0fc787f891edd23638b462cd7fae2c61b5cd72f

SHA256
97df465b0a8a8551a0ec0e4b5238bedd9f143f7a31b68628868f2fe5cbaf8ccd

SHA512
5c8c5781828e25775da2c9698e5b9f56e98e954594181e9b455fb14048fb5aec917d8dcb38132b7119fda890b051109223236c3eae301d711fc3b19a036007fc

Download Submit
C:\Windows\System\XFjScFP.exe

Filesize
1.6MB

MD5
59cf14a2c389504302af42631947451a

SHA1
8b55abee5f05480421374711a421ba7205e99405

SHA256
7224af95b405af89f6c7220522c7b8f4150767e4d59f6ae61205c780874ad0af

SHA512
e9bccaa0431d9ba18c84363bec0f773dc9c1ac20cc87e7fbf58600e21d337f064ed799ffa6c1729728d5e3fd00d867f1ebc098026a23c5d7a442a93b1a3b1758

Download Submit
C:\Windows\System\bkIprcP.exe

Filesize
1.6MB

MD5
e866e1a365f28eaa9c7a3789ed447c11

SHA1
de399b56c60aebafbe453576b9b2079a718a496b

SHA256
2c5fb1f1f37755f11ed57bdfe15ad2a814844ee3f42fbe0254e99663c5e8be2e

SHA512
ffb2c65856cef08238976620bcfb75e222494a7952122ca97b825354587f01df604d2dbfd2c027dea0205e1356b0fee727fcdd02b632a552aa238cee52f499e4

Download Submit
C:\Windows\System\cCewPUY.exe

Filesize
1.6MB

MD5
47ae6c4b4c4b42d62621777a66ff6e7c

SHA1
cec2715a5a2f354b848cc35a77aba97719f37c7a

SHA256
6f6481e90024004d5c4ce35a8c6bdd27947bca0d25147a767fd7ba6c1c0826d2

SHA512
17d88d2597f0bb173cc9001cd3ffcf44c767a49acff0daa39f2863024d16deb1584f5cbf2aecd3aededde280fa75e8f0a63d74adaa598eb9d5d0878055721728

Download Submit
C:\Windows\System\fBJULyU.exe

Filesize
1.6MB

MD5
b79d29538b370bcae04cd6038186abb9

SHA1
e11d4434f5c8b36ef64f7b58ef3c02a6700ef519

SHA256
f24602ffe07e2dc05e80c371528bbb840cc4c55e0fd1d88907e0d17cef43e5c7

SHA512
041eca27de1e7f7725f780485ac15184f84795cd825424c12644b02eda79a7109f7548f54badf2925dd5ce09f5402741fbfaa9d610019eed5e02be8d949875ed

Download Submit
C:\Windows\System\fCvXqqn.exe

Filesize
1.6MB

MD5
99df4554a91c760df2f81b5b6fd952c4

SHA1
f26a58cdad9016d8813c0080973199b1d1108785

SHA256
69457e510c061b9b7b5fcc077aca34cc382f6cff07cc5eb65235e06dd2cd4038

SHA512
2411610b5c599c33939d913e22a4f4e799441d636c74f8846867128e30bafebe9d0bda8cd9bf3e22f449eb68a15d754264442b2ce83800ecc0a26b81b7f6d8cc

Download Submit
C:\Windows\System\hvuKAKK.exe

Filesize
1.6MB

MD5
3107b3cdda7a1a9ed90439a66c4b2fa7

SHA1
a9cb455ae071228eb14fc5f173110aa128d793d7

SHA256
c5084f294b8b4cdd0a991610836d5763fdb548df47f373fff02929312eb28392

SHA512
ac0b221220809865ea4513c809c26c790bee028a8ddddcb317e64f84894914f0bf67c3ce3057a943b38132c4041ec27766706c9b572bcba2e11e082ca3d1eb1b

Download Submit
C:\Windows\System\iRXvjRN.exe

Filesize
1.6MB

MD5
4ebdf89600e7fc87f9d257f78286d5b4

SHA1
32b44d6aed00f8b2b44fd0be926649448310aff7

SHA256
cb1cb34f5829c6f7f0c1e4592197ecce92ff488f2b737582ff0c379f3809d42d

SHA512
4c340e89ade4a8025b385b14d3718bb11e07b300861526807302163e666aba3ac1fb646f66e39b8040e44d17da6094fe10a4b86509e665849304d5e84d683c98

Download Submit
C:\Windows\System\kGRHCME.exe

Filesize
1.6MB

MD5
62ed2e2cf631a49023e49e2a88e09f45

SHA1
7a95b749593e64ccb809cac338d77f68b911efa2

SHA256
2c363ae285e2754e2ffb1b7236b52cf3e71ff3cc66bfa012366938d2ece2bf4d

SHA512
40b2ef77e7e5cc501b5b3f33acdc507f8af05dfadd53eb9d0f2856cdcf044b4942a2a2b212a2bf3042a2c8f142b63da7ee7253d99b3756e6b7583b910c44c1c3

Download Submit
C:\Windows\System\lNicsku.exe

Filesize
8B

MD5
4585af961e6be7f3b03d075298565b62

SHA1
8e84c60639225761f581ea4ec1ff9a2d8e5472c9

SHA256
b8920be4ca9181e84576dfb449141c7d9af40d7ddc5588ea3cac8c68ef3a0a88

SHA512
aca862ef42a6056537a17dcbf9d8778efa38fbecbcb6ce3dce02a2eb0f5b9ffb56a667b21c26a29159a0ebcd14d21a77c5b25a36880c46863acba28da90e75f0

Download Submit
C:\Windows\System\nCETCVs.exe

Filesize
1.6MB

MD5
cc7bff78a73a19e4a74b676b162d0ca5

SHA1
561e0a45fce8e81a8ae253a8b6fea7ed55cb10df

SHA256
b3df50dad70d8a282a7eb5e71bb256ac73e877f271f70e4d3b0e66e4d8f0b081

SHA512
5242327570172c18c62385050d9d8b212a09e8f38bdf2049b519612a2a274d293b72723d038bb4d47b03b788453ea1d26e6bee6e70bb447af287a69adbb36084

Download Submit
C:\Windows\System\nMtAIdi.exe

Filesize
1.6MB

MD5
de92f9b80cc5c6cb566d630bf2f06442

SHA1
b5e3ce8863b4dc0de416e0a5498a96e574d45f1b

SHA256
817c960189bcc05ba29194e6dc5d23ba10724fca583c488781643d8c0095daaa

SHA512
ca56e81d3f901dfc8b8a9291d2add45b596fa701c2d33706f1466033c4dcfe77bd3ebed46113d35299ab5f338c26d70bb50bf5e4fffeb07cc63454590c4deadc

Download Submit
C:\Windows\System\pfsWYkF.exe

Filesize
1.6MB

MD5
24c7f7a5ad705e92a5b8ca2335a9565a

SHA1
d0152615b7af053b874d804e74aee9cc4edf9717

SHA256
b891463bf26d35ba408ecc04e648af2577fd2d5e2f15cc8caed83ca954f14634

SHA512
0fcef4acef6ca56a351e2b92fab74271f6a2e5c8331a966331917a82f6d5893e68796c7dcc35e6bdb11771b1435972ce83751bc075c7787362ab88e96f82d477

Download Submit
C:\Windows\System\psHHmVQ.exe

Filesize
1.6MB

MD5
0a1012f0f93db57bd022dd6dfeb44db8

SHA1
7f3455a93c7971c9784680bfce3d00bd211bdf06

SHA256
76c70200c502734a9ed280a68c8105c43c6b97df54bd86b40032e37b092d039a

SHA512
61a46929f27782047d279087d44522868242c67bbe8d44fe33cea93d93e76bc81936bcae4e47cd3f764bbaff0f36aafcefbeb6c28c409b8d5979920885594d2b

Download Submit
C:\Windows\System\uLFRqrm.exe

Filesize
1.6MB

MD5
312e0453a7edae70d9e2aeca1d819476

SHA1
7b7771dda840e2aeba0754376b66cd5b27f1c339

SHA256
9565b00b994e458ed5c433694055833e5afdd2da9662e5e1f451729111f69885

SHA512
c415b36338480b09624411d2fda01aece9a54af857c65a4970450b0b125ef8d42325b66796990c51be3b287493ca2fd0f5f88df397f6890ef243c3b79467a9e8

Download Submit
C:\Windows\System\vBvqfze.exe

Filesize
1.6MB

MD5
5bbe1ba536b701313b8b5e1f62ac5250

SHA1
9fd4c64c62f9a310378b011b304a2c71b580eda1

SHA256
e54f250ac702e4a75837e4cc85ca9c2ba0523b0c36e6f61e8e6141a238252352

SHA512
3b6a7e1117ada3d3ed4b4541590709d516f8a1f39d6817449ca0c0149fa012732d4f8ccb2a73a5302634ae9072baa05a61b28f63db3ff751ef46c49de0236c14

Download Submit
C:\Windows\System\xzdLKFu.exe

Filesize
1.6MB

MD5
addd948a962c5225ed5ce489073a4e3e

SHA1
427109fc9899642ff3b1a938a9e2a9e616495373

SHA256
74578077650afb460c62d43eef9a09846faa2721343b8f032a3edd0e92a698aa

SHA512
58eb7a8273959e7d49e0979de0543f42f01bc0e58031b78eefa9bfc496f9b113286591832547fef9e4382a71033c9341375e87baa766bf7b5d5970af389e6b10

Download Submit
C:\Windows\System\yKDIzVp.exe

Filesize
1.6MB

MD5
6d6edea3bafafba3865cb4256e5c6f57

SHA1
c935feda5bb88cf7d7f8dc7280a23926266543cf

SHA256
947f652ffb2d13365c3f0e7db086a4965bc3e6a1370fcbf04d73176f73f9d579

SHA512
39446c5aa44856faf8ce987365558b4d9f214cb23390ebfd9bc442c376dae548e84c1fb1c2af3c735c626437428a98c5dcbf7877be292b2604cffffa899634d5

Download Submit
memory/364-182-0x00007FF7155C0000-0x00007FF7159B2000-memory.dmp

Filesize
3.9MB

Download
memory/364-2225-0x00007FF7155C0000-0x00007FF7159B2000-memory.dmp

Filesize
3.9MB

Download
memory/548-429-0x000002532E660000-0x000002532EE06000-memory.dmp

Filesize
7.6MB

Download
memory/548-2183-0x00007FFCBF2A0000-0x00007FFCBFD61000-memory.dmp

Filesize
10.8MB

Download
memory/548-2184-0x00007FFCBF2A3000-0x00007FFCBF2A5000-memory.dmp

Filesize
8KB

Download
memory/548-78-0x00007FFCBF2A0000-0x00007FFCBFD61000-memory.dmp

Filesize
10.8MB

Download
memory/548-16-0x00007FFCBF2A3000-0x00007FFCBF2A5000-memory.dmp

Filesize
8KB

Download
memory/548-59-0x00007FFCBF2A0000-0x00007FFCBFD61000-memory.dmp

Filesize
10.8MB

Download
memory/548-50-0x0000025314E20000-0x0000025314E42000-memory.dmp

Filesize
136KB

Download
memory/636-2208-0x00007FF6FA620000-0x00007FF6FAA12000-memory.dmp

Filesize
3.9MB

Download
memory/636-120-0x00007FF6FA620000-0x00007FF6FAA12000-memory.dmp

Filesize
3.9MB

Download
memory/776-104-0x00007FF63B570000-0x00007FF63B962000-memory.dmp

Filesize
3.9MB

Download
memory/776-2198-0x00007FF63B570000-0x00007FF63B962000-memory.dmp

Filesize
3.9MB

Download
memory/932-2231-0x00007FF73AB30000-0x00007FF73AF22000-memory.dmp

Filesize
3.9MB

Download
memory/932-188-0x00007FF73AB30000-0x00007FF73AF22000-memory.dmp

Filesize
3.9MB

Download
memory/1008-2215-0x00007FF7AE120000-0x00007FF7AE512000-memory.dmp

Filesize
3.9MB

Download
memory/1008-170-0x00007FF7AE120000-0x00007FF7AE512000-memory.dmp

Filesize
3.9MB

Download
memory/1552-2193-0x00007FF6C84A0000-0x00007FF6C8892000-memory.dmp

Filesize
3.9MB

Download
memory/1552-157-0x00007FF6C84A0000-0x00007FF6C8892000-memory.dmp

Filesize
3.9MB

Download
memory/2136-2205-0x00007FF682ED0000-0x00007FF6832C2000-memory.dmp

Filesize
3.9MB

Download
memory/2136-163-0x00007FF682ED0000-0x00007FF6832C2000-memory.dmp

Filesize
3.9MB

Download
memory/2400-97-0x00007FF6C5D10000-0x00007FF6C6102000-memory.dmp

Filesize
3.9MB

Download
memory/2400-2194-0x00007FF6C5D10000-0x00007FF6C6102000-memory.dmp

Filesize
3.9MB

Download
memory/2720-10-0x00007FF64D840000-0x00007FF64DC32000-memory.dmp

Filesize
3.9MB

Download
memory/2720-2190-0x00007FF64D840000-0x00007FF64DC32000-memory.dmp

Filesize
3.9MB

Download
memory/2904-139-0x00007FF7677D0000-0x00007FF767BC2000-memory.dmp

Filesize
3.9MB

Download
memory/2904-2219-0x00007FF7677D0000-0x00007FF767BC2000-memory.dmp

Filesize
3.9MB

Download
memory/3048-2210-0x00007FF6DC3C0000-0x00007FF6DC7B2000-memory.dmp

Filesize
3.9MB

Download
memory/3048-132-0x00007FF6DC3C0000-0x00007FF6DC7B2000-memory.dmp

Filesize
3.9MB

Download
memory/3060-126-0x00007FF795990000-0x00007FF795D82000-memory.dmp

Filesize
3.9MB

Download
memory/3060-2206-0x00007FF795990000-0x00007FF795D82000-memory.dmp

Filesize
3.9MB

Download
memory/3160-2217-0x00007FF6B0F90000-0x00007FF6B1382000-memory.dmp

Filesize
3.9MB

Download
memory/3160-164-0x00007FF6B0F90000-0x00007FF6B1382000-memory.dmp

Filesize
3.9MB

Download
memory/3232-145-0x00007FF62CBD0000-0x00007FF62CFC2000-memory.dmp

Filesize
3.9MB

Download
memory/3232-2220-0x00007FF62CBD0000-0x00007FF62CFC2000-memory.dmp

Filesize
3.9MB

Download
memory/3316-200-0x00007FF682CD0000-0x00007FF6830C2000-memory.dmp

Filesize
3.9MB

Download
memory/3316-2229-0x00007FF682CD0000-0x00007FF6830C2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-176-0x00007FF601390000-0x00007FF601782000-memory.dmp

Filesize
3.9MB

Download
memory/3868-2226-0x00007FF601390000-0x00007FF601782000-memory.dmp

Filesize
3.9MB

Download
memory/4092-133-0x00007FF727730000-0x00007FF727B22000-memory.dmp

Filesize
3.9MB

Download
memory/4092-2213-0x00007FF727730000-0x00007FF727B22000-memory.dmp

Filesize
3.9MB

Download
memory/4124-114-0x00007FF752BD0000-0x00007FF752FC2000-memory.dmp

Filesize
3.9MB

Download
memory/4124-2202-0x00007FF752BD0000-0x00007FF752FC2000-memory.dmp

Filesize
3.9MB

Download
memory/4200-2234-0x00007FF7262B0000-0x00007FF7266A2000-memory.dmp

Filesize
3.9MB

Download
memory/4200-204-0x00007FF7262B0000-0x00007FF7266A2000-memory.dmp

Filesize
3.9MB

Download
memory/4528-1-0x000002026BDF0000-0x000002026BE00000-memory.dmp

Filesize
64KB

Download
memory/4528-2132-0x00007FF7CE7C0000-0x00007FF7CEBB2000-memory.dmp

Filesize
3.9MB

Download
memory/4528-0-0x00007FF7CE7C0000-0x00007FF7CEBB2000-memory.dmp

Filesize
3.9MB

Download
memory/4632-194-0x00007FF63B310000-0x00007FF63B702000-memory.dmp

Filesize
3.9MB

Download
memory/4632-2232-0x00007FF63B310000-0x00007FF63B702000-memory.dmp

Filesize
3.9MB

Download
memory/4692-96-0x00007FF7A6C20000-0x00007FF7A7012000-memory.dmp

Filesize
3.9MB

Download
memory/4692-2196-0x00007FF7A6C20000-0x00007FF7A7012000-memory.dmp

Filesize
3.9MB

Download
memory/4724-205-0x00007FF6B78C0000-0x00007FF6B7CB2000-memory.dmp

Filesize
3.9MB

Download
memory/4724-2239-0x00007FF6B78C0000-0x00007FF6B7CB2000-memory.dmp

Filesize
3.9MB

Download
memory/4872-2222-0x00007FF6D2630000-0x00007FF6D2A22000-memory.dmp

Filesize
3.9MB

Download
memory/4872-151-0x00007FF6D2630000-0x00007FF6D2A22000-memory.dmp

Filesize
3.9MB

Download
memory/4916-2201-0x00007FF6F96C0000-0x00007FF6F9AB2000-memory.dmp

Filesize
3.9MB

Download
memory/4916-108-0x00007FF6F96C0000-0x00007FF6F9AB2000-memory.dmp

Filesize
3.9MB

Download