xmrig | 35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
Size

1.8MB
MD5

45a4914df8d238e5f942b046f0f32b10
SHA1

cdbd1ff81b5d1dec83c8ea44d968c92507b2d779
SHA256

35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814
SHA512

d8571f79341b6da0b1aac95d8d448b531b9d11604d5aca60a9f138b1c33554fc0f59af656c3af01af9cfbebcd8f599b369e13db1f834ba2e4baea7a8001fe763
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNIjTd7QdZnbRh7m:Lz071uv4BPMkFfdk2auTxcPm

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral2/memory/3612-26-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp	xmrig
behavioral2/memory/2452-56-0x00007FF69F6D0000-0x00007FF69FAC2000-memory.dmp	xmrig
behavioral2/memory/3308-55-0x00007FF6AADD0000-0x00007FF6AB1C2000-memory.dmp	xmrig
behavioral2/memory/1016-48-0x00007FF7F6AA0000-0x00007FF7F6E92000-memory.dmp	xmrig
behavioral2/memory/1292-513-0x00007FF620FB0000-0x00007FF6213A2000-memory.dmp	xmrig
behavioral2/memory/1572-561-0x00007FF756B30000-0x00007FF756F22000-memory.dmp	xmrig
behavioral2/memory/4432-576-0x00007FF648380000-0x00007FF648772000-memory.dmp	xmrig
behavioral2/memory/1040-582-0x00007FF633100000-0x00007FF6334F2000-memory.dmp	xmrig
behavioral2/memory/2464-584-0x00007FF726300000-0x00007FF7266F2000-memory.dmp	xmrig
behavioral2/memory/3976-583-0x00007FF71A5F0000-0x00007FF71A9E2000-memory.dmp	xmrig
behavioral2/memory/1884-573-0x00007FF6C8AD0000-0x00007FF6C8EC2000-memory.dmp	xmrig
behavioral2/memory/4564-558-0x00007FF66B120000-0x00007FF66B512000-memory.dmp	xmrig
behavioral2/memory/4092-132-0x00007FF791E00000-0x00007FF7921F2000-memory.dmp	xmrig
behavioral2/memory/1792-107-0x00007FF7C2840000-0x00007FF7C2C32000-memory.dmp	xmrig
behavioral2/memory/2812-98-0x00007FF65EE90000-0x00007FF65F282000-memory.dmp	xmrig
behavioral2/memory/3412-1937-0x00007FF6ADBC0000-0x00007FF6ADFB2000-memory.dmp	xmrig
behavioral2/memory/1144-2292-0x00007FF64ACC0000-0x00007FF64B0B2000-memory.dmp	xmrig
behavioral2/memory/2940-2294-0x00007FF744960000-0x00007FF744D52000-memory.dmp	xmrig
behavioral2/memory/216-2295-0x00007FF64EDF0000-0x00007FF64F1E2000-memory.dmp	xmrig
behavioral2/memory/1704-2297-0x00007FF78D980000-0x00007FF78DD72000-memory.dmp	xmrig
behavioral2/memory/3612-2309-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp	xmrig
behavioral2/memory/1968-2320-0x00007FF727320000-0x00007FF727712000-memory.dmp	xmrig
behavioral2/memory/4316-2321-0x00007FF781360000-0x00007FF781752000-memory.dmp	xmrig
behavioral2/memory/2032-2334-0x00007FF73B8C0000-0x00007FF73BCB2000-memory.dmp	xmrig
behavioral2/memory/3636-2335-0x00007FF6A1C70000-0x00007FF6A2062000-memory.dmp	xmrig
behavioral2/memory/1144-2337-0x00007FF64ACC0000-0x00007FF64B0B2000-memory.dmp	xmrig
behavioral2/memory/3612-2339-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp	xmrig
behavioral2/memory/2940-2341-0x00007FF744960000-0x00007FF744D52000-memory.dmp	xmrig
behavioral2/memory/216-2343-0x00007FF64EDF0000-0x00007FF64F1E2000-memory.dmp	xmrig
behavioral2/memory/1016-2348-0x00007FF7F6AA0000-0x00007FF7F6E92000-memory.dmp	xmrig
behavioral2/memory/3308-2353-0x00007FF6AADD0000-0x00007FF6AB1C2000-memory.dmp	xmrig
behavioral2/memory/1704-2352-0x00007FF78D980000-0x00007FF78DD72000-memory.dmp	xmrig
behavioral2/memory/1968-2346-0x00007FF727320000-0x00007FF727712000-memory.dmp	xmrig
behavioral2/memory/2452-2350-0x00007FF69F6D0000-0x00007FF69FAC2000-memory.dmp	xmrig
behavioral2/memory/1072-2381-0x00007FF7CC780000-0x00007FF7CCB72000-memory.dmp	xmrig
behavioral2/memory/4316-2383-0x00007FF781360000-0x00007FF781752000-memory.dmp	xmrig
behavioral2/memory/2812-2385-0x00007FF65EE90000-0x00007FF65F282000-memory.dmp	xmrig
behavioral2/memory/3636-2387-0x00007FF6A1C70000-0x00007FF6A2062000-memory.dmp	xmrig
behavioral2/memory/1792-2389-0x00007FF7C2840000-0x00007FF7C2C32000-memory.dmp	xmrig
behavioral2/memory/2032-2391-0x00007FF73B8C0000-0x00007FF73BCB2000-memory.dmp	xmrig
behavioral2/memory/1072-2402-0x00007FF7CC780000-0x00007FF7CCB72000-memory.dmp	xmrig
behavioral2/memory/1040-2399-0x00007FF633100000-0x00007FF6334F2000-memory.dmp	xmrig
behavioral2/memory/3976-2398-0x00007FF71A5F0000-0x00007FF71A9E2000-memory.dmp	xmrig
behavioral2/memory/4564-2396-0x00007FF66B120000-0x00007FF66B512000-memory.dmp	xmrig
behavioral2/memory/2464-2394-0x00007FF726300000-0x00007FF7266F2000-memory.dmp	xmrig
behavioral2/memory/1292-2404-0x00007FF620FB0000-0x00007FF6213A2000-memory.dmp	xmrig
behavioral2/memory/1572-2407-0x00007FF756B30000-0x00007FF756F22000-memory.dmp	xmrig
behavioral2/memory/4092-2405-0x00007FF791E00000-0x00007FF7921F2000-memory.dmp	xmrig
behavioral2/memory/1884-2409-0x00007FF6C8AD0000-0x00007FF6C8EC2000-memory.dmp	xmrig
behavioral2/memory/4432-2423-0x00007FF648380000-0x00007FF648772000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
7	2716	powershell.exe
9	2716	powershell.exe
15	2716	powershell.exe
16	2716	powershell.exe
18	2716	powershell.exe
20	2716	powershell.exe
21	2716	powershell.exe
22	2716	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2716	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1144	RRmozKg.exe
2940	eKQYBGI.exe
216	xljQOHu.exe
1016	TiPZwfj.exe
3612	zDDyBDm.exe
3308	bWrumzM.exe
1704	SSKzRaO.exe
2452	azlZOES.exe
1968	ncHzlHU.exe
4316	LgtEPUH.exe
2032	bGwIVXO.exe
2812	fdJkriJ.exe
1792	GSkUAPI.exe
3636	wXXlUVT.exe
1072	LbHgPcX.exe
4092	wYgtyAm.exe
1292	Gzhiojy.exe
1040	PnrDfdW.exe
3976	opqDkYM.exe
4564	xjfDkDo.exe
2464	PqqoiPw.exe
1572	XFSZwXs.exe
1884	BwTcAcp.exe
4432	rKdrVAk.exe
3352	JgMXxUe.exe
2044	DibVyxw.exe
4008	DNLPrVS.exe
2820	kxbUfkC.exe
5008	gKdngpp.exe
1236	vVwVjfo.exe
3488	usABxiw.exe
2904	CziIGhc.exe
3280	EaRtAOj.exe
2956	DnJjZLx.exe
1964	CLMxdaJ.exe
4288	rYqpaYT.exe
2476	tgbeuqJ.exe
4400	roQVrhj.exe
4368	XapQhMY.exe
2648	MhtUvMD.exe
4548	IcASMOP.exe
2512	mRtghky.exe
3876	mOXuiHw.exe
1868	nqVYvhI.exe
4116	pdjPUmc.exe
592	TcIAgGj.exe
2380	bkavnab.exe
4188	VqNWImE.exe
1568	SzkjuNf.exe
4828	plfjpvA.exe
4080	EKOCGyj.exe
3624	KUvAkvH.exe
1424	ygTxdOB.exe
1328	rSubiwR.exe
5132	pmsdAPX.exe
5160	OWTbTFm.exe
5188	jiCDdXw.exe
5216	AufZjqN.exe
5256	vWgELxG.exe
5284	WEneIqi.exe
5312	PSWjaZF.exe
5340	tdjtWOI.exe
5388	vjzAuGq.exe
5420	ZLsdKgV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3412-0-0x00007FF6ADBC0000-0x00007FF6ADFB2000-memory.dmp	upx
behavioral2/files/0x0007000000023452-7.dat	upx
behavioral2/files/0x0007000000023451-11.dat	upx
behavioral2/files/0x0007000000023453-18.dat	upx
behavioral2/memory/3612-26-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp	upx
behavioral2/files/0x0007000000023456-38.dat	upx
behavioral2/files/0x0007000000023457-46.dat	upx
behavioral2/files/0x0007000000023458-53.dat	upx
behavioral2/memory/2452-56-0x00007FF69F6D0000-0x00007FF69FAC2000-memory.dmp	upx
behavioral2/memory/1968-57-0x00007FF727320000-0x00007FF727712000-memory.dmp	upx
behavioral2/memory/3308-55-0x00007FF6AADD0000-0x00007FF6AB1C2000-memory.dmp	upx
behavioral2/memory/1016-48-0x00007FF7F6AA0000-0x00007FF7F6E92000-memory.dmp	upx
behavioral2/memory/1704-43-0x00007FF78D980000-0x00007FF78DD72000-memory.dmp	upx
behavioral2/files/0x0007000000023455-39.dat	upx
behavioral2/memory/216-23-0x00007FF64EDF0000-0x00007FF64F1E2000-memory.dmp	upx
behavioral2/files/0x0007000000023454-22.dat	upx
behavioral2/memory/2940-20-0x00007FF744960000-0x00007FF744D52000-memory.dmp	upx
behavioral2/files/0x000800000002344d-15.dat	upx
behavioral2/memory/1144-10-0x00007FF64ACC0000-0x00007FF64B0B2000-memory.dmp	upx
behavioral2/files/0x000800000002344e-80.dat	upx
behavioral2/files/0x0007000000023459-79.dat	upx
behavioral2/files/0x000800000002345b-84.dat	upx
behavioral2/files/0x000800000002345a-78.dat	upx
behavioral2/memory/4316-91-0x00007FF781360000-0x00007FF781752000-memory.dmp	upx
behavioral2/files/0x000700000002345c-103.dat	upx
behavioral2/files/0x000700000002345f-116.dat	upx
behavioral2/memory/1072-121-0x00007FF7CC780000-0x00007FF7CCB72000-memory.dmp	upx
behavioral2/files/0x0007000000023463-136.dat	upx
behavioral2/files/0x0007000000023464-145.dat	upx
behavioral2/files/0x0007000000023467-162.dat	upx
behavioral2/files/0x000700000002346e-189.dat	upx
behavioral2/memory/1292-513-0x00007FF620FB0000-0x00007FF6213A2000-memory.dmp	upx
behavioral2/memory/1572-561-0x00007FF756B30000-0x00007FF756F22000-memory.dmp	upx
behavioral2/memory/4432-576-0x00007FF648380000-0x00007FF648772000-memory.dmp	upx
behavioral2/memory/1040-582-0x00007FF633100000-0x00007FF6334F2000-memory.dmp	upx
behavioral2/memory/2464-584-0x00007FF726300000-0x00007FF7266F2000-memory.dmp	upx
behavioral2/memory/3976-583-0x00007FF71A5F0000-0x00007FF71A9E2000-memory.dmp	upx
behavioral2/memory/1884-573-0x00007FF6C8AD0000-0x00007FF6C8EC2000-memory.dmp	upx
behavioral2/memory/4564-558-0x00007FF66B120000-0x00007FF66B512000-memory.dmp	upx
behavioral2/files/0x000700000002346f-194.dat	upx
behavioral2/files/0x000700000002346d-192.dat	upx
behavioral2/files/0x000700000002346c-187.dat	upx
behavioral2/files/0x000700000002346b-182.dat	upx
behavioral2/files/0x000700000002346a-177.dat	upx
behavioral2/files/0x0007000000023469-172.dat	upx
behavioral2/files/0x0007000000023468-167.dat	upx
behavioral2/files/0x0007000000023466-157.dat	upx
behavioral2/files/0x0007000000023465-150.dat	upx
behavioral2/memory/4092-132-0x00007FF791E00000-0x00007FF7921F2000-memory.dmp	upx
behavioral2/files/0x0007000000023462-131.dat	upx
behavioral2/files/0x0007000000023461-128.dat	upx
behavioral2/files/0x0007000000023460-126.dat	upx
behavioral2/files/0x000700000002345e-115.dat	upx
behavioral2/files/0x000700000002345d-113.dat	upx
behavioral2/memory/1792-107-0x00007FF7C2840000-0x00007FF7C2C32000-memory.dmp	upx
behavioral2/memory/3636-99-0x00007FF6A1C70000-0x00007FF6A2062000-memory.dmp	upx
behavioral2/memory/2812-98-0x00007FF65EE90000-0x00007FF65F282000-memory.dmp	upx
behavioral2/memory/2032-93-0x00007FF73B8C0000-0x00007FF73BCB2000-memory.dmp	upx
behavioral2/memory/3412-1937-0x00007FF6ADBC0000-0x00007FF6ADFB2000-memory.dmp	upx
behavioral2/memory/1144-2292-0x00007FF64ACC0000-0x00007FF64B0B2000-memory.dmp	upx
behavioral2/memory/2940-2294-0x00007FF744960000-0x00007FF744D52000-memory.dmp	upx
behavioral2/memory/216-2295-0x00007FF64EDF0000-0x00007FF64F1E2000-memory.dmp	upx
behavioral2/memory/1704-2297-0x00007FF78D980000-0x00007FF78DD72000-memory.dmp	upx
behavioral2/memory/3612-2309-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
6	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vGKpdrP.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\xljQOHu.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\AXKhvGw.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\jXWvpGm.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\ZtzWXzS.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\YikiFCk.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\qxaPMpD.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\UCeQMYl.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\NiyUFPn.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\kSymsBs.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\lMJOnvU.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\pBlyDEz.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\nIspPFG.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\xWGECZb.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\WKvpdOo.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\uakAyeN.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\WWVFjqd.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\bDBTwPh.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\okOyluw.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\aWNEXET.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\PwnxApP.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\ovgflxJ.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\FaNtsnM.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\zJNeRIk.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\UuQFXHZ.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\jLzKEvp.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\QIFWXDn.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\PCLcWCp.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\pIiUpvn.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\jHDVRYb.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\eouDjja.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\WKYQkew.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\lJxMsyZ.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\UhmlKdV.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\vVwxWEy.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\FRrQoZn.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\cayTREx.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\LMgECHB.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\JWOLiZY.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\RFBTHxC.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\cXDNKuI.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\ydHmsMu.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\EeZOJmZ.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\OtjmCRL.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\jSDeKCR.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\mCSljzY.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\NKVwiWo.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\dGGmlQC.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\PgRwLXX.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\QvzPnhi.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\QAAuVXE.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\IijxhSa.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\YCzLquV.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\jfwdrco.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\pdjPUmc.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\MiIwhgn.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\quVmZet.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\zALSGeN.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\EUqZRct.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\bzQnCbc.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\JOSabrL.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\uVRBVxq.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\RxjVMje.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
File created	C:\Windows\System\zcFIbCd.exe	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2716	powershell.exe
2716	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2716	powershell.exe
Token: SeLockMemoryPrivilege	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 2716	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	84
PID 3412 wrote to memory of 2716	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	84
PID 3412 wrote to memory of 1144	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	85
PID 3412 wrote to memory of 1144	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	85
PID 3412 wrote to memory of 2940	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	86
PID 3412 wrote to memory of 2940	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	86
PID 3412 wrote to memory of 216	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	87
PID 3412 wrote to memory of 216	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	87
PID 3412 wrote to memory of 1016	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	88
PID 3412 wrote to memory of 1016	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	88
PID 3412 wrote to memory of 3612	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	89
PID 3412 wrote to memory of 3612	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	89
PID 3412 wrote to memory of 3308	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	90
PID 3412 wrote to memory of 3308	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	90
PID 3412 wrote to memory of 1704	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	91
PID 3412 wrote to memory of 1704	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	91
PID 3412 wrote to memory of 2452	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	92
PID 3412 wrote to memory of 2452	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	92
PID 3412 wrote to memory of 1968	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	93
PID 3412 wrote to memory of 1968	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	93
PID 3412 wrote to memory of 2032	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	94
PID 3412 wrote to memory of 2032	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	94
PID 3412 wrote to memory of 2812	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	95
PID 3412 wrote to memory of 2812	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	95
PID 3412 wrote to memory of 4316	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	96
PID 3412 wrote to memory of 4316	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	96
PID 3412 wrote to memory of 1792	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	97
PID 3412 wrote to memory of 1792	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	97
PID 3412 wrote to memory of 3636	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	98
PID 3412 wrote to memory of 3636	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	98
PID 3412 wrote to memory of 1072	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	99
PID 3412 wrote to memory of 1072	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	99
PID 3412 wrote to memory of 4092	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	100
PID 3412 wrote to memory of 4092	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	100
PID 3412 wrote to memory of 1292	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	101
PID 3412 wrote to memory of 1292	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	101
PID 3412 wrote to memory of 1040	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	102
PID 3412 wrote to memory of 1040	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	102
PID 3412 wrote to memory of 3976	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	103
PID 3412 wrote to memory of 3976	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	103
PID 3412 wrote to memory of 4564	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	105
PID 3412 wrote to memory of 4564	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	105
PID 3412 wrote to memory of 2464	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	106
PID 3412 wrote to memory of 2464	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	106
PID 3412 wrote to memory of 1572	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	107
PID 3412 wrote to memory of 1572	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	107
PID 3412 wrote to memory of 1884	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	108
PID 3412 wrote to memory of 1884	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	108
PID 3412 wrote to memory of 4432	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	109
PID 3412 wrote to memory of 4432	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	109
PID 3412 wrote to memory of 3352	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	110
PID 3412 wrote to memory of 3352	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	110
PID 3412 wrote to memory of 2044	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	111
PID 3412 wrote to memory of 2044	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	111
PID 3412 wrote to memory of 4008	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	112
PID 3412 wrote to memory of 4008	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	112
PID 3412 wrote to memory of 2820	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	113
PID 3412 wrote to memory of 2820	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	113
PID 3412 wrote to memory of 5008	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	114
PID 3412 wrote to memory of 5008	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	114
PID 3412 wrote to memory of 1236	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	115
PID 3412 wrote to memory of 1236	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	115
PID 3412 wrote to memory of 3488	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	116
PID 3412 wrote to memory of 3488	3412	35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe	116

C:\Users\Admin\AppData\Local\Temp\35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35789f701b77e343adb5429545bd23aaf31d807b15b134bbfd9fe6f909210814_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2716
- C:\Windows\System\RRmozKg.exe
  C:\Windows\System\RRmozKg.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\eKQYBGI.exe
  C:\Windows\System\eKQYBGI.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\xljQOHu.exe
  C:\Windows\System\xljQOHu.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\TiPZwfj.exe
  C:\Windows\System\TiPZwfj.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\zDDyBDm.exe
  C:\Windows\System\zDDyBDm.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\bWrumzM.exe
  C:\Windows\System\bWrumzM.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\SSKzRaO.exe
  C:\Windows\System\SSKzRaO.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\azlZOES.exe
  C:\Windows\System\azlZOES.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\ncHzlHU.exe
  C:\Windows\System\ncHzlHU.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\bGwIVXO.exe
  C:\Windows\System\bGwIVXO.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\fdJkriJ.exe
  C:\Windows\System\fdJkriJ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\LgtEPUH.exe
  C:\Windows\System\LgtEPUH.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\GSkUAPI.exe
  C:\Windows\System\GSkUAPI.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\wXXlUVT.exe
  C:\Windows\System\wXXlUVT.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\LbHgPcX.exe
  C:\Windows\System\LbHgPcX.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\wYgtyAm.exe
  C:\Windows\System\wYgtyAm.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\Gzhiojy.exe
  C:\Windows\System\Gzhiojy.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\PnrDfdW.exe
  C:\Windows\System\PnrDfdW.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\opqDkYM.exe
  C:\Windows\System\opqDkYM.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\xjfDkDo.exe
  C:\Windows\System\xjfDkDo.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\PqqoiPw.exe
  C:\Windows\System\PqqoiPw.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\XFSZwXs.exe
  C:\Windows\System\XFSZwXs.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\BwTcAcp.exe
  C:\Windows\System\BwTcAcp.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\rKdrVAk.exe
  C:\Windows\System\rKdrVAk.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\JgMXxUe.exe
  C:\Windows\System\JgMXxUe.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\DibVyxw.exe
  C:\Windows\System\DibVyxw.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\DNLPrVS.exe
  C:\Windows\System\DNLPrVS.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\kxbUfkC.exe
  C:\Windows\System\kxbUfkC.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\gKdngpp.exe
  C:\Windows\System\gKdngpp.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\vVwVjfo.exe
  C:\Windows\System\vVwVjfo.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\usABxiw.exe
  C:\Windows\System\usABxiw.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\CziIGhc.exe
  C:\Windows\System\CziIGhc.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\EaRtAOj.exe
  C:\Windows\System\EaRtAOj.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\DnJjZLx.exe
  C:\Windows\System\DnJjZLx.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\CLMxdaJ.exe
  C:\Windows\System\CLMxdaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\rYqpaYT.exe
  C:\Windows\System\rYqpaYT.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\tgbeuqJ.exe
  C:\Windows\System\tgbeuqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\roQVrhj.exe
  C:\Windows\System\roQVrhj.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\XapQhMY.exe
  C:\Windows\System\XapQhMY.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\MhtUvMD.exe
  C:\Windows\System\MhtUvMD.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\IcASMOP.exe
  C:\Windows\System\IcASMOP.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\mRtghky.exe
  C:\Windows\System\mRtghky.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\mOXuiHw.exe
  C:\Windows\System\mOXuiHw.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\nqVYvhI.exe
  C:\Windows\System\nqVYvhI.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\pdjPUmc.exe
  C:\Windows\System\pdjPUmc.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\TcIAgGj.exe
  C:\Windows\System\TcIAgGj.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\bkavnab.exe
  C:\Windows\System\bkavnab.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\VqNWImE.exe
  C:\Windows\System\VqNWImE.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\SzkjuNf.exe
  C:\Windows\System\SzkjuNf.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\plfjpvA.exe
  C:\Windows\System\plfjpvA.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\EKOCGyj.exe
  C:\Windows\System\EKOCGyj.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\KUvAkvH.exe
  C:\Windows\System\KUvAkvH.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\ygTxdOB.exe
  C:\Windows\System\ygTxdOB.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\rSubiwR.exe
  C:\Windows\System\rSubiwR.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\pmsdAPX.exe
  C:\Windows\System\pmsdAPX.exe
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Windows\System\OWTbTFm.exe
  C:\Windows\System\OWTbTFm.exe
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\System\jiCDdXw.exe
  C:\Windows\System\jiCDdXw.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\AufZjqN.exe
  C:\Windows\System\AufZjqN.exe
  2⤵
  - Executes dropped EXE
  PID:5216
- C:\Windows\System\vWgELxG.exe
  C:\Windows\System\vWgELxG.exe
  2⤵
  - Executes dropped EXE
  PID:5256
- C:\Windows\System\WEneIqi.exe
  C:\Windows\System\WEneIqi.exe
  2⤵
  - Executes dropped EXE
  PID:5284
- C:\Windows\System\PSWjaZF.exe
  C:\Windows\System\PSWjaZF.exe
  2⤵
  - Executes dropped EXE
  PID:5312
- C:\Windows\System\tdjtWOI.exe
  C:\Windows\System\tdjtWOI.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System\vjzAuGq.exe
  C:\Windows\System\vjzAuGq.exe
  2⤵
  - Executes dropped EXE
  PID:5388
- C:\Windows\System\ZLsdKgV.exe
  C:\Windows\System\ZLsdKgV.exe
  2⤵
  - Executes dropped EXE
  PID:5420
- C:\Windows\System\CCVbsPk.exe
  C:\Windows\System\CCVbsPk.exe
  2⤵
  PID:5448
- C:\Windows\System\AgBVEfk.exe
  C:\Windows\System\AgBVEfk.exe
  2⤵
  PID:5488
- C:\Windows\System\eRuVItt.exe
  C:\Windows\System\eRuVItt.exe
  2⤵
  PID:5528
- C:\Windows\System\oQyeCfo.exe
  C:\Windows\System\oQyeCfo.exe
  2⤵
  PID:5556
- C:\Windows\System\rcxMkPR.exe
  C:\Windows\System\rcxMkPR.exe
  2⤵
  PID:5584
- C:\Windows\System\RxFcLtr.exe
  C:\Windows\System\RxFcLtr.exe
  2⤵
  PID:5612
- C:\Windows\System\dDXVDYW.exe
  C:\Windows\System\dDXVDYW.exe
  2⤵
  PID:5664
- C:\Windows\System\uFIopJI.exe
  C:\Windows\System\uFIopJI.exe
  2⤵
  PID:5692
- C:\Windows\System\JIAdCvc.exe
  C:\Windows\System\JIAdCvc.exe
  2⤵
  PID:5720
- C:\Windows\System\NKVwiWo.exe
  C:\Windows\System\NKVwiWo.exe
  2⤵
  PID:5792
- C:\Windows\System\CeShrCg.exe
  C:\Windows\System\CeShrCg.exe
  2⤵
  PID:5812
- C:\Windows\System\FJgzEyG.exe
  C:\Windows\System\FJgzEyG.exe
  2⤵
  PID:5840
- C:\Windows\System\nBPxcwB.exe
  C:\Windows\System\nBPxcwB.exe
  2⤵
  PID:5856
- C:\Windows\System\lISNARF.exe
  C:\Windows\System\lISNARF.exe
  2⤵
  PID:5880
- C:\Windows\System\ABUSYrO.exe
  C:\Windows\System\ABUSYrO.exe
  2⤵
  PID:5940
- C:\Windows\System\dGGmlQC.exe
  C:\Windows\System\dGGmlQC.exe
  2⤵
  PID:5964
- C:\Windows\System\SsKXYWQ.exe
  C:\Windows\System\SsKXYWQ.exe
  2⤵
  PID:5992
- C:\Windows\System\UayAHmd.exe
  C:\Windows\System\UayAHmd.exe
  2⤵
  PID:6048
- C:\Windows\System\HFKioZU.exe
  C:\Windows\System\HFKioZU.exe
  2⤵
  PID:6072
- C:\Windows\System\SGuzQbR.exe
  C:\Windows\System\SGuzQbR.exe
  2⤵
  PID:6096
- C:\Windows\System\JsiOEuR.exe
  C:\Windows\System\JsiOEuR.exe
  2⤵
  PID:6124
- C:\Windows\System\sfiAovy.exe
  C:\Windows\System\sfiAovy.exe
  2⤵
  PID:1848
- C:\Windows\System\ngfQzxs.exe
  C:\Windows\System\ngfQzxs.exe
  2⤵
  PID:2176
- C:\Windows\System\PGLTYNC.exe
  C:\Windows\System\PGLTYNC.exe
  2⤵
  PID:2100
- C:\Windows\System\GFkrDWq.exe
  C:\Windows\System\GFkrDWq.exe
  2⤵
  PID:4512
- C:\Windows\System\StsmrNb.exe
  C:\Windows\System\StsmrNb.exe
  2⤵
  PID:3144
- C:\Windows\System\PCnxIGV.exe
  C:\Windows\System\PCnxIGV.exe
  2⤵
  PID:1980
- C:\Windows\System\eWppspw.exe
  C:\Windows\System\eWppspw.exe
  2⤵
  PID:392
- C:\Windows\System\EiekYeN.exe
  C:\Windows\System\EiekYeN.exe
  2⤵
  PID:3892
- C:\Windows\System\oiajPxZ.exe
  C:\Windows\System\oiajPxZ.exe
  2⤵
  PID:1524
- C:\Windows\System\SZrwRaN.exe
  C:\Windows\System\SZrwRaN.exe
  2⤵
  PID:384
- C:\Windows\System\daeIwtr.exe
  C:\Windows\System\daeIwtr.exe
  2⤵
  PID:5028
- C:\Windows\System\REmOelq.exe
  C:\Windows\System\REmOelq.exe
  2⤵
  PID:4644
- C:\Windows\System\muqqXaN.exe
  C:\Windows\System\muqqXaN.exe
  2⤵
  PID:3800
- C:\Windows\System\hkvRNIc.exe
  C:\Windows\System\hkvRNIc.exe
  2⤵
  PID:4912
- C:\Windows\System\bCkfxSf.exe
  C:\Windows\System\bCkfxSf.exe
  2⤵
  PID:5144
- C:\Windows\System\XJHZASa.exe
  C:\Windows\System\XJHZASa.exe
  2⤵
  PID:3216
- C:\Windows\System\ovgflxJ.exe
  C:\Windows\System\ovgflxJ.exe
  2⤵
  PID:5276
- C:\Windows\System\UhmlKdV.exe
  C:\Windows\System\UhmlKdV.exe
  2⤵
  PID:5360
- C:\Windows\System\RxjVMje.exe
  C:\Windows\System\RxjVMje.exe
  2⤵
  PID:5384
- C:\Windows\System\MUOqUyv.exe
  C:\Windows\System\MUOqUyv.exe
  2⤵
  PID:5460
- C:\Windows\System\wEjMenu.exe
  C:\Windows\System\wEjMenu.exe
  2⤵
  PID:4524
- C:\Windows\System\QHGmSIh.exe
  C:\Windows\System\QHGmSIh.exe
  2⤵
  PID:5620
- C:\Windows\System\rJwiqTc.exe
  C:\Windows\System\rJwiqTc.exe
  2⤵
  PID:5656
- C:\Windows\System\LpJSWBR.exe
  C:\Windows\System\LpJSWBR.exe
  2⤵
  PID:5744
- C:\Windows\System\WHzzzqi.exe
  C:\Windows\System\WHzzzqi.exe
  2⤵
  PID:5888
- C:\Windows\System\ArReBus.exe
  C:\Windows\System\ArReBus.exe
  2⤵
  PID:5960
- C:\Windows\System\QIFWXDn.exe
  C:\Windows\System\QIFWXDn.exe
  2⤵
  PID:6020
- C:\Windows\System\uUAdjlo.exe
  C:\Windows\System\uUAdjlo.exe
  2⤵
  PID:6040
- C:\Windows\System\wGWiCSH.exe
  C:\Windows\System\wGWiCSH.exe
  2⤵
  PID:6084
- C:\Windows\System\bCigspE.exe
  C:\Windows\System\bCigspE.exe
  2⤵
  PID:1672
- C:\Windows\System\HEBhMdI.exe
  C:\Windows\System\HEBhMdI.exe
  2⤵
  PID:4464
- C:\Windows\System\rycXPes.exe
  C:\Windows\System\rycXPes.exe
  2⤵
  PID:380
- C:\Windows\System\EYQgeZS.exe
  C:\Windows\System\EYQgeZS.exe
  2⤵
  PID:4240
- C:\Windows\System\lKgYFkg.exe
  C:\Windows\System\lKgYFkg.exe
  2⤵
  PID:3432
- C:\Windows\System\zPMhApU.exe
  C:\Windows\System\zPMhApU.exe
  2⤵
  PID:2056
- C:\Windows\System\WVWHaNs.exe
  C:\Windows\System\WVWHaNs.exe
  2⤵
  PID:3724
- C:\Windows\System\RItaMKN.exe
  C:\Windows\System\RItaMKN.exe
  2⤵
  PID:3384
- C:\Windows\System\uSOeYDD.exe
  C:\Windows\System\uSOeYDD.exe
  2⤵
  PID:5480
- C:\Windows\System\SACCDfC.exe
  C:\Windows\System\SACCDfC.exe
  2⤵
  PID:5912
- C:\Windows\System\IEOefkm.exe
  C:\Windows\System\IEOefkm.exe
  2⤵
  PID:5712
- C:\Windows\System\UJlVtEv.exe
  C:\Windows\System\UJlVtEv.exe
  2⤵
  PID:5908
- C:\Windows\System\vVwxWEy.exe
  C:\Windows\System\vVwxWEy.exe
  2⤵
  PID:1772
- C:\Windows\System\SOdEVwG.exe
  C:\Windows\System\SOdEVwG.exe
  2⤵
  PID:5836
- C:\Windows\System\vMNorwC.exe
  C:\Windows\System\vMNorwC.exe
  2⤵
  PID:1580
- C:\Windows\System\bcohYoF.exe
  C:\Windows\System\bcohYoF.exe
  2⤵
  PID:2260
- C:\Windows\System\FAtvFZt.exe
  C:\Windows\System\FAtvFZt.exe
  2⤵
  PID:4480
- C:\Windows\System\AXKhvGw.exe
  C:\Windows\System\AXKhvGw.exe
  2⤵
  PID:3784
- C:\Windows\System\AxlTrYI.exe
  C:\Windows\System\AxlTrYI.exe
  2⤵
  PID:4652
- C:\Windows\System\uskLpCx.exe
  C:\Windows\System\uskLpCx.exe
  2⤵
  PID:4648
- C:\Windows\System\zcFIbCd.exe
  C:\Windows\System\zcFIbCd.exe
  2⤵
  PID:3756
- C:\Windows\System\AzBjkXz.exe
  C:\Windows\System\AzBjkXz.exe
  2⤵
  PID:4576
- C:\Windows\System\euFxCaS.exe
  C:\Windows\System\euFxCaS.exe
  2⤵
  PID:1556
- C:\Windows\System\lJgBeJL.exe
  C:\Windows\System\lJgBeJL.exe
  2⤵
  PID:5476
- C:\Windows\System\YzKezzz.exe
  C:\Windows\System\YzKezzz.exe
  2⤵
  PID:5640
- C:\Windows\System\jvodOcn.exe
  C:\Windows\System\jvodOcn.exe
  2⤵
  PID:5704
- C:\Windows\System\JewCoFn.exe
  C:\Windows\System\JewCoFn.exe
  2⤵
  PID:3660
- C:\Windows\System\iSmueQO.exe
  C:\Windows\System\iSmueQO.exe
  2⤵
  PID:5432
- C:\Windows\System\osqOCVL.exe
  C:\Windows\System\osqOCVL.exe
  2⤵
  PID:3408
- C:\Windows\System\bwDLxqL.exe
  C:\Windows\System\bwDLxqL.exe
  2⤵
  PID:1188
- C:\Windows\System\CZMZDwx.exe
  C:\Windows\System\CZMZDwx.exe
  2⤵
  PID:5508
- C:\Windows\System\TloxuIR.exe
  C:\Windows\System\TloxuIR.exe
  2⤵
  PID:5644
- C:\Windows\System\QPJWcfk.exe
  C:\Windows\System\QPJWcfk.exe
  2⤵
  PID:1908
- C:\Windows\System\fzuWJqK.exe
  C:\Windows\System\fzuWJqK.exe
  2⤵
  PID:1220
- C:\Windows\System\ItAYFOa.exe
  C:\Windows\System\ItAYFOa.exe
  2⤵
  PID:4456
- C:\Windows\System\wyqORiy.exe
  C:\Windows\System\wyqORiy.exe
  2⤵
  PID:6148
- C:\Windows\System\qKEKzZP.exe
  C:\Windows\System\qKEKzZP.exe
  2⤵
  PID:6180
- C:\Windows\System\RJnGDrw.exe
  C:\Windows\System\RJnGDrw.exe
  2⤵
  PID:6224
- C:\Windows\System\PTJxSwb.exe
  C:\Windows\System\PTJxSwb.exe
  2⤵
  PID:6244
- C:\Windows\System\enjoklx.exe
  C:\Windows\System\enjoklx.exe
  2⤵
  PID:6268
- C:\Windows\System\MRrTpcF.exe
  C:\Windows\System\MRrTpcF.exe
  2⤵
  PID:6296
- C:\Windows\System\URExCKZ.exe
  C:\Windows\System\URExCKZ.exe
  2⤵
  PID:6332
- C:\Windows\System\ViqdTIO.exe
  C:\Windows\System\ViqdTIO.exe
  2⤵
  PID:6352
- C:\Windows\System\gVsjRbO.exe
  C:\Windows\System\gVsjRbO.exe
  2⤵
  PID:6376
- C:\Windows\System\dDCOCaN.exe
  C:\Windows\System\dDCOCaN.exe
  2⤵
  PID:6392
- C:\Windows\System\RFBTHxC.exe
  C:\Windows\System\RFBTHxC.exe
  2⤵
  PID:6420
- C:\Windows\System\OfYcSLX.exe
  C:\Windows\System\OfYcSLX.exe
  2⤵
  PID:6456
- C:\Windows\System\DkVYcyW.exe
  C:\Windows\System\DkVYcyW.exe
  2⤵
  PID:6508
- C:\Windows\System\JMMshuk.exe
  C:\Windows\System\JMMshuk.exe
  2⤵
  PID:6524
- C:\Windows\System\PiefKvq.exe
  C:\Windows\System\PiefKvq.exe
  2⤵
  PID:6576
- C:\Windows\System\TBQbPUL.exe
  C:\Windows\System\TBQbPUL.exe
  2⤵
  PID:6612
- C:\Windows\System\WnlQMYK.exe
  C:\Windows\System\WnlQMYK.exe
  2⤵
  PID:6660
- C:\Windows\System\MNULBeK.exe
  C:\Windows\System\MNULBeK.exe
  2⤵
  PID:6680
- C:\Windows\System\YsHXBgp.exe
  C:\Windows\System\YsHXBgp.exe
  2⤵
  PID:6704
- C:\Windows\System\SkfRGwv.exe
  C:\Windows\System\SkfRGwv.exe
  2⤵
  PID:6720
- C:\Windows\System\jTIRlLT.exe
  C:\Windows\System\jTIRlLT.exe
  2⤵
  PID:6764
- C:\Windows\System\knLzOJa.exe
  C:\Windows\System\knLzOJa.exe
  2⤵
  PID:6796
- C:\Windows\System\PuAHLYz.exe
  C:\Windows\System\PuAHLYz.exe
  2⤵
  PID:6812
- C:\Windows\System\ucFBEBH.exe
  C:\Windows\System\ucFBEBH.exe
  2⤵
  PID:6872
- C:\Windows\System\IcqvPck.exe
  C:\Windows\System\IcqvPck.exe
  2⤵
  PID:6916
- C:\Windows\System\sexQMul.exe
  C:\Windows\System\sexQMul.exe
  2⤵
  PID:6964
- C:\Windows\System\pdDXiJe.exe
  C:\Windows\System\pdDXiJe.exe
  2⤵
  PID:6988
- C:\Windows\System\imUgixh.exe
  C:\Windows\System\imUgixh.exe
  2⤵
  PID:7012
- C:\Windows\System\vafpzDP.exe
  C:\Windows\System\vafpzDP.exe
  2⤵
  PID:7052
- C:\Windows\System\RPwpxGt.exe
  C:\Windows\System\RPwpxGt.exe
  2⤵
  PID:7072
- C:\Windows\System\MpfVfBk.exe
  C:\Windows\System\MpfVfBk.exe
  2⤵
  PID:7096
- C:\Windows\System\FXbxIDv.exe
  C:\Windows\System\FXbxIDv.exe
  2⤵
  PID:7116
- C:\Windows\System\EArmdaS.exe
  C:\Windows\System\EArmdaS.exe
  2⤵
  PID:7164
- C:\Windows\System\FaNtsnM.exe
  C:\Windows\System\FaNtsnM.exe
  2⤵
  PID:5472
- C:\Windows\System\lIbOpum.exe
  C:\Windows\System\lIbOpum.exe
  2⤵
  PID:5852
- C:\Windows\System\tqPoYCP.exe
  C:\Windows\System\tqPoYCP.exe
  2⤵
  PID:6164
- C:\Windows\System\NiyUFPn.exe
  C:\Windows\System\NiyUFPn.exe
  2⤵
  PID:6220
- C:\Windows\System\uGPMBOt.exe
  C:\Windows\System\uGPMBOt.exe
  2⤵
  PID:6256
- C:\Windows\System\FFxBxyw.exe
  C:\Windows\System\FFxBxyw.exe
  2⤵
  PID:6292
- C:\Windows\System\DpuxNgT.exe
  C:\Windows\System\DpuxNgT.exe
  2⤵
  PID:6368
- C:\Windows\System\uakAyeN.exe
  C:\Windows\System\uakAyeN.exe
  2⤵
  PID:404
- C:\Windows\System\KQekpdN.exe
  C:\Windows\System\KQekpdN.exe
  2⤵
  PID:6488
- C:\Windows\System\RbdMndj.exe
  C:\Windows\System\RbdMndj.exe
  2⤵
  PID:6516
- C:\Windows\System\PgRwLXX.exe
  C:\Windows\System\PgRwLXX.exe
  2⤵
  PID:6652
- C:\Windows\System\QAPGrrK.exe
  C:\Windows\System\QAPGrrK.exe
  2⤵
  PID:6688
- C:\Windows\System\WWVFjqd.exe
  C:\Windows\System\WWVFjqd.exe
  2⤵
  PID:6716
- C:\Windows\System\ATHKggW.exe
  C:\Windows\System\ATHKggW.exe
  2⤵
  PID:6804
- C:\Windows\System\bFcapez.exe
  C:\Windows\System\bFcapez.exe
  2⤵
  PID:6860
- C:\Windows\System\zdfBtHB.exe
  C:\Windows\System\zdfBtHB.exe
  2⤵
  PID:6896
- C:\Windows\System\RbfuQSv.exe
  C:\Windows\System\RbfuQSv.exe
  2⤵
  PID:6944
- C:\Windows\System\MvtjzSf.exe
  C:\Windows\System\MvtjzSf.exe
  2⤵
  PID:7008
- C:\Windows\System\WhonnkT.exe
  C:\Windows\System\WhonnkT.exe
  2⤵
  PID:7068
- C:\Windows\System\Hfbhlqm.exe
  C:\Windows\System\Hfbhlqm.exe
  2⤵
  PID:32
- C:\Windows\System\jvwHzaP.exe
  C:\Windows\System\jvwHzaP.exe
  2⤵
  PID:6172
- C:\Windows\System\MiIwhgn.exe
  C:\Windows\System\MiIwhgn.exe
  2⤵
  PID:1748
- C:\Windows\System\VjsPXEC.exe
  C:\Windows\System\VjsPXEC.exe
  2⤵
  PID:6288
- C:\Windows\System\aBKBZed.exe
  C:\Windows\System\aBKBZed.exe
  2⤵
  PID:6472
- C:\Windows\System\YRAISmW.exe
  C:\Windows\System\YRAISmW.exe
  2⤵
  PID:6648
- C:\Windows\System\KRikYIV.exe
  C:\Windows\System\KRikYIV.exe
  2⤵
  PID:6700
- C:\Windows\System\VMHaClQ.exe
  C:\Windows\System\VMHaClQ.exe
  2⤵
  PID:6892
- C:\Windows\System\gqBulzl.exe
  C:\Windows\System\gqBulzl.exe
  2⤵
  PID:6972
- C:\Windows\System\Cxminmd.exe
  C:\Windows\System\Cxminmd.exe
  2⤵
  PID:6996
- C:\Windows\System\MgXPQQR.exe
  C:\Windows\System\MgXPQQR.exe
  2⤵
  PID:7132
- C:\Windows\System\GqZemcE.exe
  C:\Windows\System\GqZemcE.exe
  2⤵
  PID:6240
- C:\Windows\System\IGchgVx.exe
  C:\Windows\System\IGchgVx.exe
  2⤵
  PID:6852
- C:\Windows\System\zJNeRIk.exe
  C:\Windows\System\zJNeRIk.exe
  2⤵
  PID:5064
- C:\Windows\System\UPlaarL.exe
  C:\Windows\System\UPlaarL.exe
  2⤵
  PID:5928
- C:\Windows\System\kSymsBs.exe
  C:\Windows\System\kSymsBs.exe
  2⤵
  PID:7188
- C:\Windows\System\QwRqsDJ.exe
  C:\Windows\System\QwRqsDJ.exe
  2⤵
  PID:7208
- C:\Windows\System\fUJtZQJ.exe
  C:\Windows\System\fUJtZQJ.exe
  2⤵
  PID:7264
- C:\Windows\System\ZgDjmZN.exe
  C:\Windows\System\ZgDjmZN.exe
  2⤵
  PID:7284
- C:\Windows\System\lMJOnvU.exe
  C:\Windows\System\lMJOnvU.exe
  2⤵
  PID:7324
- C:\Windows\System\wUYVcct.exe
  C:\Windows\System\wUYVcct.exe
  2⤵
  PID:7380
- C:\Windows\System\sOTGaBj.exe
  C:\Windows\System\sOTGaBj.exe
  2⤵
  PID:7396
- C:\Windows\System\veGHZbS.exe
  C:\Windows\System\veGHZbS.exe
  2⤵
  PID:7416
- C:\Windows\System\CXfIPoz.exe
  C:\Windows\System\CXfIPoz.exe
  2⤵
  PID:7440
- C:\Windows\System\dtOrQTI.exe
  C:\Windows\System\dtOrQTI.exe
  2⤵
  PID:7456
- C:\Windows\System\iMsEcZY.exe
  C:\Windows\System\iMsEcZY.exe
  2⤵
  PID:7476
- C:\Windows\System\aXxmhLk.exe
  C:\Windows\System\aXxmhLk.exe
  2⤵
  PID:7496
- C:\Windows\System\xExyZTJ.exe
  C:\Windows\System\xExyZTJ.exe
  2⤵
  PID:7516
- C:\Windows\System\aVWXMCq.exe
  C:\Windows\System\aVWXMCq.exe
  2⤵
  PID:7564
- C:\Windows\System\vGaoVmU.exe
  C:\Windows\System\vGaoVmU.exe
  2⤵
  PID:7608
- C:\Windows\System\UGXwGKJ.exe
  C:\Windows\System\UGXwGKJ.exe
  2⤵
  PID:7648
- C:\Windows\System\BtWOGpN.exe
  C:\Windows\System\BtWOGpN.exe
  2⤵
  PID:7668
- C:\Windows\System\HRUyBBZ.exe
  C:\Windows\System\HRUyBBZ.exe
  2⤵
  PID:7692
- C:\Windows\System\KLbUtEJ.exe
  C:\Windows\System\KLbUtEJ.exe
  2⤵
  PID:7732
- C:\Windows\System\yHcZxAg.exe
  C:\Windows\System\yHcZxAg.exe
  2⤵
  PID:7752
- C:\Windows\System\evQINqK.exe
  C:\Windows\System\evQINqK.exe
  2⤵
  PID:7776
- C:\Windows\System\WFLhVCU.exe
  C:\Windows\System\WFLhVCU.exe
  2⤵
  PID:7816
- C:\Windows\System\YXuTggk.exe
  C:\Windows\System\YXuTggk.exe
  2⤵
  PID:7832
- C:\Windows\System\jScERki.exe
  C:\Windows\System\jScERki.exe
  2⤵
  PID:7856
- C:\Windows\System\pBlyDEz.exe
  C:\Windows\System\pBlyDEz.exe
  2⤵
  PID:7880
- C:\Windows\System\FRrQoZn.exe
  C:\Windows\System\FRrQoZn.exe
  2⤵
  PID:7900
- C:\Windows\System\oqBHyfW.exe
  C:\Windows\System\oqBHyfW.exe
  2⤵
  PID:7924
- C:\Windows\System\QvzPnhi.exe
  C:\Windows\System\QvzPnhi.exe
  2⤵
  PID:7944
- C:\Windows\System\pjRftNn.exe
  C:\Windows\System\pjRftNn.exe
  2⤵
  PID:7964
- C:\Windows\System\HATrgmk.exe
  C:\Windows\System\HATrgmk.exe
  2⤵
  PID:7996
- C:\Windows\System\tgTFVSz.exe
  C:\Windows\System\tgTFVSz.exe
  2⤵
  PID:8016
- C:\Windows\System\tMdUasC.exe
  C:\Windows\System\tMdUasC.exe
  2⤵
  PID:8056
- C:\Windows\System\bDBTwPh.exe
  C:\Windows\System\bDBTwPh.exe
  2⤵
  PID:8072
- C:\Windows\System\WfRmVak.exe
  C:\Windows\System\WfRmVak.exe
  2⤵
  PID:8096
- C:\Windows\System\okOyluw.exe
  C:\Windows\System\okOyluw.exe
  2⤵
  PID:8148
- C:\Windows\System\YXcyUlB.exe
  C:\Windows\System\YXcyUlB.exe
  2⤵
  PID:8164
- C:\Windows\System\PCLcWCp.exe
  C:\Windows\System\PCLcWCp.exe
  2⤵
  PID:8184
- C:\Windows\System\wMbloyJ.exe
  C:\Windows\System\wMbloyJ.exe
  2⤵
  PID:7176
- C:\Windows\System\VsIIVZX.exe
  C:\Windows\System\VsIIVZX.exe
  2⤵
  PID:7220
- C:\Windows\System\iUMMUEl.exe
  C:\Windows\System\iUMMUEl.exe
  2⤵
  PID:7256
- C:\Windows\System\rcuxdpi.exe
  C:\Windows\System\rcuxdpi.exe
  2⤵
  PID:7300
- C:\Windows\System\zTTDBPj.exe
  C:\Windows\System\zTTDBPj.exe
  2⤵
  PID:7336
- C:\Windows\System\pHdfjcZ.exe
  C:\Windows\System\pHdfjcZ.exe
  2⤵
  PID:7580
- C:\Windows\System\fhNGAWc.exe
  C:\Windows\System\fhNGAWc.exe
  2⤵
  PID:7664
- C:\Windows\System\sEihGKQ.exe
  C:\Windows\System\sEihGKQ.exe
  2⤵
  PID:7728
- C:\Windows\System\cXDNKuI.exe
  C:\Windows\System\cXDNKuI.exe
  2⤵
  PID:7800
- C:\Windows\System\fXaGLJX.exe
  C:\Windows\System\fXaGLJX.exe
  2⤵
  PID:7828
- C:\Windows\System\NjobpWb.exe
  C:\Windows\System\NjobpWb.exe
  2⤵
  PID:7864
- C:\Windows\System\eteHZNm.exe
  C:\Windows\System\eteHZNm.exe
  2⤵
  PID:7896
- C:\Windows\System\ydHmsMu.exe
  C:\Windows\System\ydHmsMu.exe
  2⤵
  PID:7932
- C:\Windows\System\fKJkixn.exe
  C:\Windows\System\fKJkixn.exe
  2⤵
  PID:7988
- C:\Windows\System\BeFRbIl.exe
  C:\Windows\System\BeFRbIl.exe
  2⤵
  PID:8116
- C:\Windows\System\mLasiIV.exe
  C:\Windows\System\mLasiIV.exe
  2⤵
  PID:7204
- C:\Windows\System\mNevFHH.exe
  C:\Windows\System\mNevFHH.exe
  2⤵
  PID:6676
- C:\Windows\System\QaTcrCl.exe
  C:\Windows\System\QaTcrCl.exe
  2⤵
  PID:7600
- C:\Windows\System\EQJdmQz.exe
  C:\Windows\System\EQJdmQz.exe
  2⤵
  PID:7572
- C:\Windows\System\wvCxUVa.exe
  C:\Windows\System\wvCxUVa.exe
  2⤵
  PID:4816
- C:\Windows\System\GbRHjXK.exe
  C:\Windows\System\GbRHjXK.exe
  2⤵
  PID:7984
- C:\Windows\System\KynGWSD.exe
  C:\Windows\System\KynGWSD.exe
  2⤵
  PID:4900
- C:\Windows\System\AXtqVVn.exe
  C:\Windows\System\AXtqVVn.exe
  2⤵
  PID:8176
- C:\Windows\System\lyQknjK.exe
  C:\Windows\System\lyQknjK.exe
  2⤵
  PID:7624
- C:\Windows\System\jXWvpGm.exe
  C:\Windows\System\jXWvpGm.exe
  2⤵
  PID:8068
- C:\Windows\System\RJDFkGQ.exe
  C:\Windows\System\RJDFkGQ.exe
  2⤵
  PID:7320
- C:\Windows\System\EJCVsoG.exe
  C:\Windows\System\EJCVsoG.exe
  2⤵
  PID:3316
- C:\Windows\System\MCAkmsX.exe
  C:\Windows\System\MCAkmsX.exe
  2⤵
  PID:8204
- C:\Windows\System\MFevQTF.exe
  C:\Windows\System\MFevQTF.exe
  2⤵
  PID:8268
- C:\Windows\System\cayTREx.exe
  C:\Windows\System\cayTREx.exe
  2⤵
  PID:8300
- C:\Windows\System\aZTvAXT.exe
  C:\Windows\System\aZTvAXT.exe
  2⤵
  PID:8320
- C:\Windows\System\SGGfVPC.exe
  C:\Windows\System\SGGfVPC.exe
  2⤵
  PID:8344
- C:\Windows\System\QVjluMi.exe
  C:\Windows\System\QVjluMi.exe
  2⤵
  PID:8360
- C:\Windows\System\zvLQvbw.exe
  C:\Windows\System\zvLQvbw.exe
  2⤵
  PID:8388
- C:\Windows\System\zDyXiGy.exe
  C:\Windows\System\zDyXiGy.exe
  2⤵
  PID:8428
- C:\Windows\System\uISzyUu.exe
  C:\Windows\System\uISzyUu.exe
  2⤵
  PID:8456
- C:\Windows\System\caCKVmF.exe
  C:\Windows\System\caCKVmF.exe
  2⤵
  PID:8484
- C:\Windows\System\SKjsWGV.exe
  C:\Windows\System\SKjsWGV.exe
  2⤵
  PID:8516
- C:\Windows\System\GxdiZid.exe
  C:\Windows\System\GxdiZid.exe
  2⤵
  PID:8536
- C:\Windows\System\gHglKPA.exe
  C:\Windows\System\gHglKPA.exe
  2⤵
  PID:8568
- C:\Windows\System\rrcAujM.exe
  C:\Windows\System\rrcAujM.exe
  2⤵
  PID:8588
- C:\Windows\System\Dxyzzhe.exe
  C:\Windows\System\Dxyzzhe.exe
  2⤵
  PID:8628
- C:\Windows\System\uHViyJW.exe
  C:\Windows\System\uHViyJW.exe
  2⤵
  PID:8644
- C:\Windows\System\nIlxXKG.exe
  C:\Windows\System\nIlxXKG.exe
  2⤵
  PID:8668
- C:\Windows\System\pyOKQvr.exe
  C:\Windows\System\pyOKQvr.exe
  2⤵
  PID:8688
- C:\Windows\System\BqpqIEL.exe
  C:\Windows\System\BqpqIEL.exe
  2⤵
  PID:8708
- C:\Windows\System\heNVpDo.exe
  C:\Windows\System\heNVpDo.exe
  2⤵
  PID:8736
- C:\Windows\System\BwKLSpm.exe
  C:\Windows\System\BwKLSpm.exe
  2⤵
  PID:8752
- C:\Windows\System\QAAuVXE.exe
  C:\Windows\System\QAAuVXE.exe
  2⤵
  PID:8784
- C:\Windows\System\gZLQXGB.exe
  C:\Windows\System\gZLQXGB.exe
  2⤵
  PID:8844
- C:\Windows\System\PVsBbsz.exe
  C:\Windows\System\PVsBbsz.exe
  2⤵
  PID:8860
- C:\Windows\System\jWGPpxB.exe
  C:\Windows\System\jWGPpxB.exe
  2⤵
  PID:8880
- C:\Windows\System\QAanwnl.exe
  C:\Windows\System\QAanwnl.exe
  2⤵
  PID:8904
- C:\Windows\System\xMcRLuc.exe
  C:\Windows\System\xMcRLuc.exe
  2⤵
  PID:8944
- C:\Windows\System\UqGTokP.exe
  C:\Windows\System\UqGTokP.exe
  2⤵
  PID:8972
- C:\Windows\System\vSKdNgI.exe
  C:\Windows\System\vSKdNgI.exe
  2⤵
  PID:8996
- C:\Windows\System\vefZeVc.exe
  C:\Windows\System\vefZeVc.exe
  2⤵
  PID:9012
- C:\Windows\System\oKhKPww.exe
  C:\Windows\System\oKhKPww.exe
  2⤵
  PID:9044
- C:\Windows\System\mbCCCfR.exe
  C:\Windows\System\mbCCCfR.exe
  2⤵
  PID:9068
- C:\Windows\System\ZenhKit.exe
  C:\Windows\System\ZenhKit.exe
  2⤵
  PID:9084
- C:\Windows\System\IfHXNWr.exe
  C:\Windows\System\IfHXNWr.exe
  2⤵
  PID:7556
- C:\Windows\System\gKMshHn.exe
  C:\Windows\System\gKMshHn.exe
  2⤵
  PID:8232
- C:\Windows\System\vqMVEPY.exe
  C:\Windows\System\vqMVEPY.exe
  2⤵
  PID:2152
- C:\Windows\System\ZpcHyFY.exe
  C:\Windows\System\ZpcHyFY.exe
  2⤵
  PID:4804
- C:\Windows\System\tLEsEGw.exe
  C:\Windows\System\tLEsEGw.exe
  2⤵
  PID:8308
- C:\Windows\System\HZsvPNr.exe
  C:\Windows\System\HZsvPNr.exe
  2⤵
  PID:8412
- C:\Windows\System\ZRhQyPM.exe
  C:\Windows\System\ZRhQyPM.exe
  2⤵
  PID:8452
- C:\Windows\System\zmgpxvw.exe
  C:\Windows\System\zmgpxvw.exe
  2⤵
  PID:8508
- C:\Windows\System\MdPQPoG.exe
  C:\Windows\System\MdPQPoG.exe
  2⤵
  PID:8532
- C:\Windows\System\pDrZcPb.exe
  C:\Windows\System\pDrZcPb.exe
  2⤵
  PID:8584
- C:\Windows\System\SvnvxjX.exe
  C:\Windows\System\SvnvxjX.exe
  2⤵
  PID:8656
- C:\Windows\System\merEsWZ.exe
  C:\Windows\System\merEsWZ.exe
  2⤵
  PID:8760
- C:\Windows\System\IibottR.exe
  C:\Windows\System\IibottR.exe
  2⤵
  PID:8868
- C:\Windows\System\goyUMQe.exe
  C:\Windows\System\goyUMQe.exe
  2⤵
  PID:8932
- C:\Windows\System\MORrvsQ.exe
  C:\Windows\System\MORrvsQ.exe
  2⤵
  PID:8968
- C:\Windows\System\OeqlNZw.exe
  C:\Windows\System\OeqlNZw.exe
  2⤵
  PID:9164
- C:\Windows\System\XSHrnfT.exe
  C:\Windows\System\XSHrnfT.exe
  2⤵
  PID:9096
- C:\Windows\System\hpBxMVN.exe
  C:\Windows\System\hpBxMVN.exe
  2⤵
  PID:636
- C:\Windows\System\iTKNeSP.exe
  C:\Windows\System\iTKNeSP.exe
  2⤵
  PID:9136
- C:\Windows\System\pSDlUVZ.exe
  C:\Windows\System\pSDlUVZ.exe
  2⤵
  PID:9172
- C:\Windows\System\RHTbAIb.exe
  C:\Windows\System\RHTbAIb.exe
  2⤵
  PID:1092
- C:\Windows\System\MguzilB.exe
  C:\Windows\System\MguzilB.exe
  2⤵
  PID:3036
- C:\Windows\System\WLleUNu.exe
  C:\Windows\System\WLleUNu.exe
  2⤵
  PID:8496
- C:\Windows\System\vkGmjwn.exe
  C:\Windows\System\vkGmjwn.exe
  2⤵
  PID:8580
- C:\Windows\System\ivzYRJX.exe
  C:\Windows\System\ivzYRJX.exe
  2⤵
  PID:8640
- C:\Windows\System\UBluQrW.exe
  C:\Windows\System\UBluQrW.exe
  2⤵
  PID:8700
- C:\Windows\System\cSXfUJv.exe
  C:\Windows\System\cSXfUJv.exe
  2⤵
  PID:9004
- C:\Windows\System\dUemDWN.exe
  C:\Windows\System\dUemDWN.exe
  2⤵
  PID:9076
- C:\Windows\System\iJkCbOO.exe
  C:\Windows\System\iJkCbOO.exe
  2⤵
  PID:9132
- C:\Windows\System\abilxrn.exe
  C:\Windows\System\abilxrn.exe
  2⤵
  PID:8380
- C:\Windows\System\jFCpKxP.exe
  C:\Windows\System\jFCpKxP.exe
  2⤵
  PID:8808
- C:\Windows\System\kvTRrfZ.exe
  C:\Windows\System\kvTRrfZ.exe
  2⤵
  PID:4364
- C:\Windows\System\egNtULC.exe
  C:\Windows\System\egNtULC.exe
  2⤵
  PID:9232
- C:\Windows\System\vrhFoOv.exe
  C:\Windows\System\vrhFoOv.exe
  2⤵
  PID:9248
- C:\Windows\System\fOYpXdQ.exe
  C:\Windows\System\fOYpXdQ.exe
  2⤵
  PID:9280
- C:\Windows\System\ATZIksV.exe
  C:\Windows\System\ATZIksV.exe
  2⤵
  PID:9304
- C:\Windows\System\nqsrEXW.exe
  C:\Windows\System\nqsrEXW.exe
  2⤵
  PID:9336
- C:\Windows\System\FdJsZIo.exe
  C:\Windows\System\FdJsZIo.exe
  2⤵
  PID:9360
- C:\Windows\System\USIfbTb.exe
  C:\Windows\System\USIfbTb.exe
  2⤵
  PID:9376
- C:\Windows\System\lOuHyDH.exe
  C:\Windows\System\lOuHyDH.exe
  2⤵
  PID:9396
- C:\Windows\System\GJBaZmk.exe
  C:\Windows\System\GJBaZmk.exe
  2⤵
  PID:9416
- C:\Windows\System\vQJQtPD.exe
  C:\Windows\System\vQJQtPD.exe
  2⤵
  PID:9436
- C:\Windows\System\wsRBngr.exe
  C:\Windows\System\wsRBngr.exe
  2⤵
  PID:9456
- C:\Windows\System\JEqAjgH.exe
  C:\Windows\System\JEqAjgH.exe
  2⤵
  PID:9480
- C:\Windows\System\HLfUCAM.exe
  C:\Windows\System\HLfUCAM.exe
  2⤵
  PID:9524
- C:\Windows\System\mMacmjK.exe
  C:\Windows\System\mMacmjK.exe
  2⤵
  PID:9592
- C:\Windows\System\KLVoaFH.exe
  C:\Windows\System\KLVoaFH.exe
  2⤵
  PID:9620
- C:\Windows\System\QDxWemF.exe
  C:\Windows\System\QDxWemF.exe
  2⤵
  PID:9644
- C:\Windows\System\hLXvSXC.exe
  C:\Windows\System\hLXvSXC.exe
  2⤵
  PID:9664
- C:\Windows\System\SUGnPpz.exe
  C:\Windows\System\SUGnPpz.exe
  2⤵
  PID:9688
- C:\Windows\System\EyjcDuq.exe
  C:\Windows\System\EyjcDuq.exe
  2⤵
  PID:9704
- C:\Windows\System\tdaTScC.exe
  C:\Windows\System\tdaTScC.exe
  2⤵
  PID:9732
- C:\Windows\System\BcVdaCB.exe
  C:\Windows\System\BcVdaCB.exe
  2⤵
  PID:9764
- C:\Windows\System\LMgECHB.exe
  C:\Windows\System\LMgECHB.exe
  2⤵
  PID:9796
- C:\Windows\System\VvOelqw.exe
  C:\Windows\System\VvOelqw.exe
  2⤵
  PID:9816
- C:\Windows\System\qfoRtOR.exe
  C:\Windows\System\qfoRtOR.exe
  2⤵
  PID:9844
- C:\Windows\System\dNAyYPG.exe
  C:\Windows\System\dNAyYPG.exe
  2⤵
  PID:9876
- C:\Windows\System\HWGrvmP.exe
  C:\Windows\System\HWGrvmP.exe
  2⤵
  PID:9900
- C:\Windows\System\EfHRXKO.exe
  C:\Windows\System\EfHRXKO.exe
  2⤵
  PID:9928
- C:\Windows\System\voujZdO.exe
  C:\Windows\System\voujZdO.exe
  2⤵
  PID:9952
- C:\Windows\System\ClgGRDQ.exe
  C:\Windows\System\ClgGRDQ.exe
  2⤵
  PID:9968
- C:\Windows\System\vGUybVo.exe
  C:\Windows\System\vGUybVo.exe
  2⤵
  PID:9988
- C:\Windows\System\SNtQqrG.exe
  C:\Windows\System\SNtQqrG.exe
  2⤵
  PID:10012
- C:\Windows\System\neqhRQA.exe
  C:\Windows\System\neqhRQA.exe
  2⤵
  PID:10036
- C:\Windows\System\IijxhSa.exe
  C:\Windows\System\IijxhSa.exe
  2⤵
  PID:10060
- C:\Windows\System\FShGQxm.exe
  C:\Windows\System\FShGQxm.exe
  2⤵
  PID:10116
- C:\Windows\System\NqRaGID.exe
  C:\Windows\System\NqRaGID.exe
  2⤵
  PID:10140
- C:\Windows\System\UYzvTUD.exe
  C:\Windows\System\UYzvTUD.exe
  2⤵
  PID:10156
- C:\Windows\System\ivEOisR.exe
  C:\Windows\System\ivEOisR.exe
  2⤵
  PID:10212
- C:\Windows\System\dPTYeTK.exe
  C:\Windows\System\dPTYeTK.exe
  2⤵
  PID:10236
- C:\Windows\System\xUFMTAf.exe
  C:\Windows\System\xUFMTAf.exe
  2⤵
  PID:9224
- C:\Windows\System\yNiXibp.exe
  C:\Windows\System\yNiXibp.exe
  2⤵
  PID:9316
- C:\Windows\System\quVmZet.exe
  C:\Windows\System\quVmZet.exe
  2⤵
  PID:9332
- C:\Windows\System\jKwrwTB.exe
  C:\Windows\System\jKwrwTB.exe
  2⤵
  PID:9404
- C:\Windows\System\BDlfHit.exe
  C:\Windows\System\BDlfHit.exe
  2⤵
  PID:9516
- C:\Windows\System\OTubFEm.exe
  C:\Windows\System\OTubFEm.exe
  2⤵
  PID:9588
- C:\Windows\System\PaYQZXh.exe
  C:\Windows\System\PaYQZXh.exe
  2⤵
  PID:9676
- C:\Windows\System\NWKIiOz.exe
  C:\Windows\System\NWKIiOz.exe
  2⤵
  PID:9728
- C:\Windows\System\ZQdmxre.exe
  C:\Windows\System\ZQdmxre.exe
  2⤵
  PID:9760
- C:\Windows\System\GEqtHAl.exe
  C:\Windows\System\GEqtHAl.exe
  2⤵
  PID:9788
- C:\Windows\System\WpVECPk.exe
  C:\Windows\System\WpVECPk.exe
  2⤵
  PID:9812
- C:\Windows\System\dOEnfvi.exe
  C:\Windows\System\dOEnfvi.exe
  2⤵
  PID:9888
- C:\Windows\System\WmUPuIr.exe
  C:\Windows\System\WmUPuIr.exe
  2⤵
  PID:9976
- C:\Windows\System\qtnDSrN.exe
  C:\Windows\System\qtnDSrN.exe
  2⤵
  PID:10128
- C:\Windows\System\gJNlwLu.exe
  C:\Windows\System\gJNlwLu.exe
  2⤵
  PID:10204
- C:\Windows\System\zMyDzXl.exe
  C:\Windows\System\zMyDzXl.exe
  2⤵
  PID:10224
- C:\Windows\System\LlBriHV.exe
  C:\Windows\System\LlBriHV.exe
  2⤵
  PID:8288
- C:\Windows\System\dGyCYTu.exe
  C:\Windows\System\dGyCYTu.exe
  2⤵
  PID:9328
- C:\Windows\System\UuQFXHZ.exe
  C:\Windows\System\UuQFXHZ.exe
  2⤵
  PID:9392
- C:\Windows\System\zALSGeN.exe
  C:\Windows\System\zALSGeN.exe
  2⤵
  PID:9784
- C:\Windows\System\MnGeble.exe
  C:\Windows\System\MnGeble.exe
  2⤵
  PID:9836
- C:\Windows\System\PqvYbjJ.exe
  C:\Windows\System\PqvYbjJ.exe
  2⤵
  PID:10056
- C:\Windows\System\NZTQjiN.exe
  C:\Windows\System\NZTQjiN.exe
  2⤵
  PID:10024
- C:\Windows\System\LdhAwUo.exe
  C:\Windows\System\LdhAwUo.exe
  2⤵
  PID:10200
- C:\Windows\System\jpdlEwj.exe
  C:\Windows\System\jpdlEwj.exe
  2⤵
  PID:9712
- C:\Windows\System\DGesxpN.exe
  C:\Windows\System\DGesxpN.exe
  2⤵
  PID:9884
- C:\Windows\System\tHzbfQn.exe
  C:\Windows\System\tHzbfQn.exe
  2⤵
  PID:10004
- C:\Windows\System\bfDoEJR.exe
  C:\Windows\System\bfDoEJR.exe
  2⤵
  PID:10252
- C:\Windows\System\HtdhwFc.exe
  C:\Windows\System\HtdhwFc.exe
  2⤵
  PID:10268
- C:\Windows\System\sTMOCml.exe
  C:\Windows\System\sTMOCml.exe
  2⤵
  PID:10288
- C:\Windows\System\WtRMpZd.exe
  C:\Windows\System\WtRMpZd.exe
  2⤵
  PID:10328
- C:\Windows\System\jnbSRAe.exe
  C:\Windows\System\jnbSRAe.exe
  2⤵
  PID:10344
- C:\Windows\System\nFuQMQB.exe
  C:\Windows\System\nFuQMQB.exe
  2⤵
  PID:10396
- C:\Windows\System\AlLKQJz.exe
  C:\Windows\System\AlLKQJz.exe
  2⤵
  PID:10416
- C:\Windows\System\VoqxsyH.exe
  C:\Windows\System\VoqxsyH.exe
  2⤵
  PID:10440
- C:\Windows\System\xVpwOyx.exe
  C:\Windows\System\xVpwOyx.exe
  2⤵
  PID:10468
- C:\Windows\System\jcGSGlR.exe
  C:\Windows\System\jcGSGlR.exe
  2⤵
  PID:10488
- C:\Windows\System\QNSYQmP.exe
  C:\Windows\System\QNSYQmP.exe
  2⤵
  PID:10512
- C:\Windows\System\eruJLnE.exe
  C:\Windows\System\eruJLnE.exe
  2⤵
  PID:10532
- C:\Windows\System\UJiHHUh.exe
  C:\Windows\System\UJiHHUh.exe
  2⤵
  PID:10584
- C:\Windows\System\zXompeF.exe
  C:\Windows\System\zXompeF.exe
  2⤵
  PID:10612
- C:\Windows\System\KcdubcP.exe
  C:\Windows\System\KcdubcP.exe
  2⤵
  PID:10632
- C:\Windows\System\yaiUlre.exe
  C:\Windows\System\yaiUlre.exe
  2⤵
  PID:10652
- C:\Windows\System\pIiUpvn.exe
  C:\Windows\System\pIiUpvn.exe
  2⤵
  PID:10684
- C:\Windows\System\qvNNeLz.exe
  C:\Windows\System\qvNNeLz.exe
  2⤵
  PID:10712
- C:\Windows\System\WlxGOhq.exe
  C:\Windows\System\WlxGOhq.exe
  2⤵
  PID:10740
- C:\Windows\System\qJQypZO.exe
  C:\Windows\System\qJQypZO.exe
  2⤵
  PID:10764
- C:\Windows\System\uUfFMWo.exe
  C:\Windows\System\uUfFMWo.exe
  2⤵
  PID:10780
- C:\Windows\System\whCYvYe.exe
  C:\Windows\System\whCYvYe.exe
  2⤵
  PID:10824
- C:\Windows\System\YWnZbuj.exe
  C:\Windows\System\YWnZbuj.exe
  2⤵
  PID:10848
- C:\Windows\System\bdcVvcd.exe
  C:\Windows\System\bdcVvcd.exe
  2⤵
  PID:10872
- C:\Windows\System\PGLxLbn.exe
  C:\Windows\System\PGLxLbn.exe
  2⤵
  PID:10896
- C:\Windows\System\rAwhoPh.exe
  C:\Windows\System\rAwhoPh.exe
  2⤵
  PID:10924
- C:\Windows\System\sKchBuo.exe
  C:\Windows\System\sKchBuo.exe
  2⤵
  PID:10944
- C:\Windows\System\cdiFacG.exe
  C:\Windows\System\cdiFacG.exe
  2⤵
  PID:10988
- C:\Windows\System\dTsjoly.exe
  C:\Windows\System\dTsjoly.exe
  2⤵
  PID:11032
- C:\Windows\System\WGjiZhv.exe
  C:\Windows\System\WGjiZhv.exe
  2⤵
  PID:11060
- C:\Windows\System\IHyDGyi.exe
  C:\Windows\System\IHyDGyi.exe
  2⤵
  PID:11084
- C:\Windows\System\OsHvYkW.exe
  C:\Windows\System\OsHvYkW.exe
  2⤵
  PID:11116
- C:\Windows\System\sKYpTpy.exe
  C:\Windows\System\sKYpTpy.exe
  2⤵
  PID:11156
- C:\Windows\System\gLqRGoj.exe
  C:\Windows\System\gLqRGoj.exe
  2⤵
  PID:11180
- C:\Windows\System\dBcmSpb.exe
  C:\Windows\System\dBcmSpb.exe
  2⤵
  PID:11200
- C:\Windows\System\bMGJpiR.exe
  C:\Windows\System\bMGJpiR.exe
  2⤵
  PID:11244
- C:\Windows\System\HqggXBb.exe
  C:\Windows\System\HqggXBb.exe
  2⤵
  PID:10248
- C:\Windows\System\jmHxPCf.exe
  C:\Windows\System\jmHxPCf.exe
  2⤵
  PID:10300
- C:\Windows\System\BYRalXc.exe
  C:\Windows\System\BYRalXc.exe
  2⤵
  PID:10336
- C:\Windows\System\OvynaOQ.exe
  C:\Windows\System\OvynaOQ.exe
  2⤵
  PID:10408
- C:\Windows\System\mwDpwQD.exe
  C:\Windows\System\mwDpwQD.exe
  2⤵
  PID:10464
- C:\Windows\System\nIspPFG.exe
  C:\Windows\System\nIspPFG.exe
  2⤵
  PID:10484
- C:\Windows\System\zzUqpzU.exe
  C:\Windows\System\zzUqpzU.exe
  2⤵
  PID:10556
- C:\Windows\System\ffKisEw.exe
  C:\Windows\System\ffKisEw.exe
  2⤵
  PID:10628
- C:\Windows\System\thKOiuX.exe
  C:\Windows\System\thKOiuX.exe
  2⤵
  PID:10720
- C:\Windows\System\vRbXWCQ.exe
  C:\Windows\System\vRbXWCQ.exe
  2⤵
  PID:10752
- C:\Windows\System\FbXTmrQ.exe
  C:\Windows\System\FbXTmrQ.exe
  2⤵
  PID:10844
- C:\Windows\System\GAWhgUO.exe
  C:\Windows\System\GAWhgUO.exe
  2⤵
  PID:10932
- C:\Windows\System\WbhshGd.exe
  C:\Windows\System\WbhshGd.exe
  2⤵
  PID:10976
- C:\Windows\System\mKCWgZl.exe
  C:\Windows\System\mKCWgZl.exe
  2⤵
  PID:11028
- C:\Windows\System\BeJkISG.exe
  C:\Windows\System\BeJkISG.exe
  2⤵
  PID:11056
- C:\Windows\System\mFMFFOQ.exe
  C:\Windows\System\mFMFFOQ.exe
  2⤵
  PID:11112
- C:\Windows\System\JQWiZVf.exe
  C:\Windows\System\JQWiZVf.exe
  2⤵
  PID:11164
- C:\Windows\System\ZyPEEqx.exe
  C:\Windows\System\ZyPEEqx.exe
  2⤵
  PID:11240
- C:\Windows\System\rujvyAE.exe
  C:\Windows\System\rujvyAE.exe
  2⤵
  PID:10576
- C:\Windows\System\fIXPkvI.exe
  C:\Windows\System\fIXPkvI.exe
  2⤵
  PID:10856
- C:\Windows\System\gjnSYdh.exe
  C:\Windows\System\gjnSYdh.exe
  2⤵
  PID:10680
- C:\Windows\System\PNVDdEr.exe
  C:\Windows\System\PNVDdEr.exe
  2⤵
  PID:10676
- C:\Windows\System\rHzyatF.exe
  C:\Windows\System\rHzyatF.exe
  2⤵
  PID:9772
- C:\Windows\System\HZropRy.exe
  C:\Windows\System\HZropRy.exe
  2⤵
  PID:11100
- C:\Windows\System\HltksHj.exe
  C:\Windows\System\HltksHj.exe
  2⤵
  PID:10972
- C:\Windows\System\EUqZRct.exe
  C:\Windows\System\EUqZRct.exe
  2⤵
  PID:10864
- C:\Windows\System\WZidpeU.exe
  C:\Windows\System\WZidpeU.exe
  2⤵
  PID:10500
- C:\Windows\System\tgXmGvV.exe
  C:\Windows\System\tgXmGvV.exe
  2⤵
  PID:11280
- C:\Windows\System\hWUKCxT.exe
  C:\Windows\System\hWUKCxT.exe
  2⤵
  PID:11312
- C:\Windows\System\DpKPrdW.exe
  C:\Windows\System\DpKPrdW.exe
  2⤵
  PID:11348
- C:\Windows\System\SeNckml.exe
  C:\Windows\System\SeNckml.exe
  2⤵
  PID:11368
- C:\Windows\System\ZtzWXzS.exe
  C:\Windows\System\ZtzWXzS.exe
  2⤵
  PID:11416
- C:\Windows\System\lnaeTXT.exe
  C:\Windows\System\lnaeTXT.exe
  2⤵
  PID:11436
- C:\Windows\System\kjZccOH.exe
  C:\Windows\System\kjZccOH.exe
  2⤵
  PID:11452
- C:\Windows\System\HCEHcma.exe
  C:\Windows\System\HCEHcma.exe
  2⤵
  PID:11480
- C:\Windows\System\JiGEnEz.exe
  C:\Windows\System\JiGEnEz.exe
  2⤵
  PID:11500
- C:\Windows\System\JtApwGA.exe
  C:\Windows\System\JtApwGA.exe
  2⤵
  PID:11540
- C:\Windows\System\NdggrKd.exe
  C:\Windows\System\NdggrKd.exe
  2⤵
  PID:11576
- C:\Windows\System\MdRjEFb.exe
  C:\Windows\System\MdRjEFb.exe
  2⤵
  PID:11616
- C:\Windows\System\xxqkGRC.exe
  C:\Windows\System\xxqkGRC.exe
  2⤵
  PID:11656
- C:\Windows\System\bbvECZS.exe
  C:\Windows\System\bbvECZS.exe
  2⤵
  PID:11680
- C:\Windows\System\GhicMIs.exe
  C:\Windows\System\GhicMIs.exe
  2⤵
  PID:11708
- C:\Windows\System\niaDZqw.exe
  C:\Windows\System\niaDZqw.exe
  2⤵
  PID:11728
- C:\Windows\System\JcMyHlu.exe
  C:\Windows\System\JcMyHlu.exe
  2⤵
  PID:11760
- C:\Windows\System\hRIiyqk.exe
  C:\Windows\System\hRIiyqk.exe
  2⤵
  PID:11780
- C:\Windows\System\DtQrPsr.exe
  C:\Windows\System\DtQrPsr.exe
  2⤵
  PID:11796
- C:\Windows\System\ZsLitKQ.exe
  C:\Windows\System\ZsLitKQ.exe
  2⤵
  PID:11816
- C:\Windows\System\eQWxRQx.exe
  C:\Windows\System\eQWxRQx.exe
  2⤵
  PID:11832
- C:\Windows\System\cNhxvdG.exe
  C:\Windows\System\cNhxvdG.exe
  2⤵
  PID:11892
- C:\Windows\System\NOyhksE.exe
  C:\Windows\System\NOyhksE.exe
  2⤵
  PID:11912
- C:\Windows\System\JWOLiZY.exe
  C:\Windows\System\JWOLiZY.exe
  2⤵
  PID:11932
- C:\Windows\System\vRKlirA.exe
  C:\Windows\System\vRKlirA.exe
  2⤵
  PID:11952
- C:\Windows\System\xWGECZb.exe
  C:\Windows\System\xWGECZb.exe
  2⤵
  PID:12016
- C:\Windows\System\SzuIHrq.exe
  C:\Windows\System\SzuIHrq.exe
  2⤵
  PID:12036
- C:\Windows\System\qCUPMBW.exe
  C:\Windows\System\qCUPMBW.exe
  2⤵
  PID:12052
- C:\Windows\System\WOgmkYu.exe
  C:\Windows\System\WOgmkYu.exe
  2⤵
  PID:12092
- C:\Windows\System\MtQnPUv.exe
  C:\Windows\System\MtQnPUv.exe
  2⤵
  PID:12112
- C:\Windows\System\NCHsMTp.exe
  C:\Windows\System\NCHsMTp.exe
  2⤵
  PID:12128
- C:\Windows\System\hJOTtPC.exe
  C:\Windows\System\hJOTtPC.exe
  2⤵
  PID:12164
- C:\Windows\System\uxQaPbq.exe
  C:\Windows\System\uxQaPbq.exe
  2⤵
  PID:12192
- C:\Windows\System\dpezKBj.exe
  C:\Windows\System\dpezKBj.exe
  2⤵
  PID:12236
- C:\Windows\System\VKQDDYX.exe
  C:\Windows\System\VKQDDYX.exe
  2⤵
  PID:12264
- C:\Windows\System\behaCXX.exe
  C:\Windows\System\behaCXX.exe
  2⤵
  PID:11172
- C:\Windows\System\TPovGHo.exe
  C:\Windows\System\TPovGHo.exe
  2⤵
  PID:10732
- C:\Windows\System\cfJBdiQ.exe
  C:\Windows\System\cfJBdiQ.exe
  2⤵
  PID:11300
- C:\Windows\System\eQIRXBM.exe
  C:\Windows\System\eQIRXBM.exe
  2⤵
  PID:11380
- C:\Windows\System\PRUsCOS.exe
  C:\Windows\System\PRUsCOS.exe
  2⤵
  PID:11424
- C:\Windows\System\fatJDmc.exe
  C:\Windows\System\fatJDmc.exe
  2⤵
  PID:11472
- C:\Windows\System\nahDDDL.exe
  C:\Windows\System\nahDDDL.exe
  2⤵
  PID:11532
- C:\Windows\System\NdYRtri.exe
  C:\Windows\System\NdYRtri.exe
  2⤵
  PID:11652
- C:\Windows\System\eeEitKH.exe
  C:\Windows\System\eeEitKH.exe
  2⤵
  PID:11704
- C:\Windows\System\KKIbToh.exe
  C:\Windows\System\KKIbToh.exe
  2⤵
  PID:11900
- C:\Windows\System\tWoOLui.exe
  C:\Windows\System\tWoOLui.exe
  2⤵
  PID:11944
- C:\Windows\System\fxALDfD.exe
  C:\Windows\System\fxALDfD.exe
  2⤵
  PID:12008
- C:\Windows\System\XnAgvUO.exe
  C:\Windows\System\XnAgvUO.exe
  2⤵
  PID:12032
- C:\Windows\System\EeZOJmZ.exe
  C:\Windows\System\EeZOJmZ.exe
  2⤵
  PID:12088
- C:\Windows\System\teQmmFk.exe
  C:\Windows\System\teQmmFk.exe
  2⤵
  PID:12172
- C:\Windows\System\SGCYoqq.exe
  C:\Windows\System\SGCYoqq.exe
  2⤵
  PID:12256
- C:\Windows\System\NziSWiA.exe
  C:\Windows\System\NziSWiA.exe
  2⤵
  PID:10624
- C:\Windows\System\dSjXRrg.exe
  C:\Windows\System\dSjXRrg.exe
  2⤵
  PID:11324
- C:\Windows\System\XSMPRRA.exe
  C:\Windows\System\XSMPRRA.exe
  2⤵
  PID:11588
- C:\Windows\System\FDkOZWe.exe
  C:\Windows\System\FDkOZWe.exe
  2⤵
  PID:520
- C:\Windows\System\kihDiRg.exe
  C:\Windows\System\kihDiRg.exe
  2⤵
  PID:11700
- C:\Windows\System\IxdINMz.exe
  C:\Windows\System\IxdINMz.exe
  2⤵
  PID:11808
- C:\Windows\System\SIOLdyJ.exe
  C:\Windows\System\SIOLdyJ.exe
  2⤵
  PID:11752
- C:\Windows\System\uhtzctc.exe
  C:\Windows\System\uhtzctc.exe
  2⤵
  PID:11776
- C:\Windows\System\tvldRdm.exe
  C:\Windows\System\tvldRdm.exe
  2⤵
  PID:11940
- C:\Windows\System\JzoWcry.exe
  C:\Windows\System\JzoWcry.exe
  2⤵
  PID:12260
- C:\Windows\System\TZGHeiG.exe
  C:\Windows\System\TZGHeiG.exe
  2⤵
  PID:10756
- C:\Windows\System\vGyCWRP.exe
  C:\Windows\System\vGyCWRP.exe
  2⤵
  PID:11444
- C:\Windows\System\lKuUyLO.exe
  C:\Windows\System\lKuUyLO.exe
  2⤵
  PID:11872
- C:\Windows\System\HRigBeY.exe
  C:\Windows\System\HRigBeY.exe
  2⤵
  PID:12136
- C:\Windows\System\MZfBZqK.exe
  C:\Windows\System\MZfBZqK.exe
  2⤵
  PID:11860
- C:\Windows\System\aWNEXET.exe
  C:\Windows\System\aWNEXET.exe
  2⤵
  PID:12304
- C:\Windows\System\dUMplOm.exe
  C:\Windows\System\dUMplOm.exe
  2⤵
  PID:12336
- C:\Windows\System\fGlzKjm.exe
  C:\Windows\System\fGlzKjm.exe
  2⤵
  PID:12376
- C:\Windows\System\SkNwKlS.exe
  C:\Windows\System\SkNwKlS.exe
  2⤵
  PID:12416
- C:\Windows\System\mcosMSa.exe
  C:\Windows\System\mcosMSa.exe
  2⤵
  PID:12436
- C:\Windows\System\JzWCVzD.exe
  C:\Windows\System\JzWCVzD.exe
  2⤵
  PID:12472
- C:\Windows\System\PPNoSXI.exe
  C:\Windows\System\PPNoSXI.exe
  2⤵
  PID:12496
- C:\Windows\System\LIFxpff.exe
  C:\Windows\System\LIFxpff.exe
  2⤵
  PID:12516
- C:\Windows\System\jIGVChM.exe
  C:\Windows\System\jIGVChM.exe
  2⤵
  PID:12536
- C:\Windows\System\OkDfIqQ.exe
  C:\Windows\System\OkDfIqQ.exe
  2⤵
  PID:12572
- C:\Windows\System\MgbaHPS.exe
  C:\Windows\System\MgbaHPS.exe
  2⤵
  PID:12592
- C:\Windows\System\cuZkWUG.exe
  C:\Windows\System\cuZkWUG.exe
  2⤵
  PID:12612
- C:\Windows\System\vDWSzAX.exe
  C:\Windows\System\vDWSzAX.exe
  2⤵
  PID:12632
- C:\Windows\System\TRYzNjr.exe
  C:\Windows\System\TRYzNjr.exe
  2⤵
  PID:12652
- C:\Windows\System\eupjcwz.exe
  C:\Windows\System\eupjcwz.exe
  2⤵
  PID:12676
- C:\Windows\System\LApIgPh.exe
  C:\Windows\System\LApIgPh.exe
  2⤵
  PID:12700
- C:\Windows\System\hRvcyTi.exe
  C:\Windows\System\hRvcyTi.exe
  2⤵
  PID:12724
- C:\Windows\System\iuDiphy.exe
  C:\Windows\System\iuDiphy.exe
  2⤵
  PID:12744
- C:\Windows\System\yHaOnlm.exe
  C:\Windows\System\yHaOnlm.exe
  2⤵
  PID:12784
- C:\Windows\System\SXxrAEy.exe
  C:\Windows\System\SXxrAEy.exe
  2⤵
  PID:12804
- C:\Windows\System\UmIjZlH.exe
  C:\Windows\System\UmIjZlH.exe
  2⤵
  PID:12836
- C:\Windows\System\XGmofHM.exe
  C:\Windows\System\XGmofHM.exe
  2⤵
  PID:12860
- C:\Windows\System\QpnbNOP.exe
  C:\Windows\System\QpnbNOP.exe
  2⤵
  PID:13124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zx03c100.h2m.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BwTcAcp.exe

Filesize
1.8MB

MD5
7dd99601d59873cf8376c89625f2a060

SHA1
ae0c84b5f5dda7edb1dfc005f209fd21cb9a18e0

SHA256
7bdb54694a70e85a795ee12f148e522d20d9a6656000e9be2261e61a550c0f3a

SHA512
32ba25f2200b3ccab597a76c90e4f63e15c5c457b3354a3cd7c0473664eaf6e3ec1f0a85ddce6a868c58da21d2600561b6ca2a265dcc1012b5db4b9fbc61d3f3

Download Submit
C:\Windows\System\CziIGhc.exe

Filesize
1.8MB

MD5
cd89e922e706240d6f061bed19c6cf4d

SHA1
7f65f3b11ad2e987e99e426f5b534ac48ff52174

SHA256
a02ab41f27f62f65519ffa79857b55d8747aa601146fc31bff470626f7f50718

SHA512
0da3d3e40e0eb98c5d627486f966181861b8dabb49d23572a365c5ef8d2f70b3b2dd66907f6a584a8702fe5a3ad17dca5a326f8effd01c89f607bba33d0234f3

Download Submit
C:\Windows\System\DNLPrVS.exe

Filesize
1.8MB

MD5
d86f2b57349cd34003bd3e9c61b48f58

SHA1
2846fa798a3889a593cc6487a4aec0c9eab9b76f

SHA256
09e03ba96c61eeb0a92b3dbc62e50c6e1ed293b1296e6e16807d83dc59b457e7

SHA512
b23e2cc0ca678becb62302faa693cc70197ca03551098bc69d5622d64391905a3428c49c91ceeb89529659c37759118d106dddf0f521e9ada7006be01b26087b

Download Submit
C:\Windows\System\DibVyxw.exe

Filesize
1.8MB

MD5
27b5e84913990f7854f68f2479c11585

SHA1
5f3ed49f2a1b7362db380c555d4113d0a50b51d9

SHA256
370a98e3b757ec7ba5fb9990a13082c0666c5a578935cea88fb1d94224ac6117

SHA512
3f5bfac4f72fbfe7f982e2285b0fcf52b234abdcb04f079b91b1785439d3de7cd83235313363f2ff9cbfb10a68ded3e3a97bc2f45359f80b23b8024b0ef5c85e

Download Submit
C:\Windows\System\EaRtAOj.exe

Filesize
1.8MB

MD5
f7e3b46d7c32030b070ccbf6c851deff

SHA1
c33225d7ce57baafa76ca33f9104626e89da53bd

SHA256
eac97b44829d28d72d3d7503b8b4143240e3fa46d7c59118c3c8f18b5b5c205d

SHA512
04e9d25964f719178138d5c86368a7e7b815769665b594ded27cd439cd3aebe7dab9775a90e7dbc300d90d16a3dde46982197c62533c9dd624cb2a5583488137

Download Submit
C:\Windows\System\GSkUAPI.exe

Filesize
1.8MB

MD5
4bf8faffff1f1029607651e64238bb8c

SHA1
79a3c4abfe7b444e48ae34ff765f8f36ec0bdc9d

SHA256
001945f4953f1fa91410aa7b3af1d460b4542e5be0c28fcb7a45f2f792fc5d1c

SHA512
a14dc660bf309b716c7a26a4a4a0bc1e591d1828969bdc49b126727b87d9726e78ee668d8b2fe2359f86a84fd93410bca6de2c31254a80316cbfaff5abb61431

Download Submit
C:\Windows\System\Gzhiojy.exe

Filesize
1.8MB

MD5
d9b905635318307452fc40ba90f27f5d

SHA1
7d68e87ea3226f7f15cf4a0fce345364815ad93b

SHA256
2791b75cb97a6bc9a312e5bc89db19e1fa6a0cb2553381ece501eafd3308855b

SHA512
8eddacf2aac867591f826b4016e2918698939f3a7ca6737a3d409ceaeb2270e560000457f9a20dddb7c42573e30ca1b471390528a15efc26f1551467560bfb3c

Download Submit
C:\Windows\System\JgMXxUe.exe

Filesize
1.8MB

MD5
205d5776b82160371ecc6114bb418d35

SHA1
adc66eb0a9bb7dcd0682bf663ab8f58ac18e33f1

SHA256
60717bfab747a845034cc24d2997942dd87615de786fc58235b35d36e0d5e4d3

SHA512
90d2318eb3794ad4f2ca3d6b9186bc1fdc7c8edb4bd4377442f1d3e17625808ed25b9693f7a7cb8bf6a713e3effe605e4b7facdfa940a1718af7fda2c3876ae3

Download Submit
C:\Windows\System\LbHgPcX.exe

Filesize
1.8MB

MD5
f370026d56bb29e1a54cf439446cadb3

SHA1
091ae6f76241153dd9b96126a8e15995ff509113

SHA256
51eddf2b695c13f66bca2815d60451838e7da4ef81f4862181b768fc85afc5f7

SHA512
93e8e2b954506893051a1c84fa403540a3199701b009b0ec7750045b08bea71ef070e2c645f5fade497664b2786bd49de985591af76ef75fd57bc1bb9beb4fca

Download Submit
C:\Windows\System\LgtEPUH.exe

Filesize
1.8MB

MD5
df1e0b7c9474fba1cc252907c27b18dc

SHA1
c97073d94d4144975effebefda8f6cdf8a229ee2

SHA256
b49f9674cd3645afe90e738e43140fffbc5bb026cfa2d87618c4ac74def3cdde

SHA512
38030e72cda07ceb04c1272bd35872cadaba9ec8aac8992d0a1c82706c7fd04fbd5b9df392186c1c0a2652a47008a3b1542a2a94a66c1dc6f9500c79c0b34495

Download Submit
C:\Windows\System\PnrDfdW.exe

Filesize
1.8MB

MD5
99c694bdc038893e0cf542dc61eed14b

SHA1
3712f4150149aae2d287684783028e1c09285fd3

SHA256
a9dc598c6fa3d88572e569a471ae080d198b644fe9a2ee6d3ea8f1ac3b1ba562

SHA512
b055444daddce24dd1e14e738a6ad85cf01d8f8628d6e0088859152953c1063fd38d8e45b98550d3070eb0a5202e880b64b58b938d8578f02fb1cdd5dd98ed9a

Download Submit
C:\Windows\System\PqqoiPw.exe

Filesize
1.8MB

MD5
c741511442b21fb58563d38c57910852

SHA1
74184d4b660b1bad0c9c4e90499d575d302190ad

SHA256
b558158d017f81ad960a302980fba7f4f1dc2a16dc34cfb345035361c6071d77

SHA512
0c48c6386e8cfe75ae24978dbce51b86153ea6d1bd5af6136c323d1d606ec3f028e3a67371be9cb04ca4b86554768e382da166bcc3edf4e0660e2d79d9c53fc2

Download Submit
C:\Windows\System\RRmozKg.exe

Filesize
1.8MB

MD5
afd749f002eadc91d0c38f966a6a0fcc

SHA1
8c86b2aca4f750adffe2575148a45f0bde19d535

SHA256
93f4805eccc4e583707d059196e72a5c637d0f5e442f6490ceeaa5e36fbfed3f

SHA512
c92d7d426b5dddc500e8052098455eb88da8ccc330d1596ad0943a5d109aa46fedade9d4eda2fa9d4a4e3e18e5a3b599f7a4d0bde9f9eca436f19e04128e5a07

Download Submit
C:\Windows\System\SSKzRaO.exe

Filesize
1.8MB

MD5
0bd7fde0bf969564ccb6b648ba1c310c

SHA1
c5092b725db6209f949cc0b7e8296d4ec6afa38b

SHA256
3c3eb0edcc8302be1be55be0b771ab4b33c4dbc7ed3609e697836f2f3cfc8822

SHA512
357722b54fb0507328b7c81553e84fcf36ac728359624e430a62f3b79218d408c3a3f7af719ecd1eb527b0b6687fba4fcc07d4e72941a8836653c3fb5889431f

Download Submit
C:\Windows\System\TiPZwfj.exe

Filesize
1.8MB

MD5
f6ec69d52bed9da1aef521c8bba05840

SHA1
87ffa64bbee0e88b6b39405bf503ce6b3e05738d

SHA256
375e4f1f3a5661a7adb6de50a3112618f4bab5106e68606551b18bf268c6110e

SHA512
992616e5152dd8ed86e6b02817fd67657f37a861325a071825c98fd5ebd419874fc67e2bdf1475a58973928edfee7130646f949c37311aef6b911bea1d33a6ed

Download Submit
C:\Windows\System\VKdqRmz.exe

Filesize
8B

MD5
fbef424b1922acb531e69f596a8b8921

SHA1
584ada3a02d95facb3db59252be930cc2019a07e

SHA256
9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4

SHA512
b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

Download Submit
C:\Windows\System\XFSZwXs.exe

Filesize
1.8MB

MD5
a3b3e092c310bdc1d436d5acc276f217

SHA1
387823898a4bfa0c09106c7a449e8e10b2f4bc79

SHA256
1f7d40c661e1dfda063db45870b777b03c026a1557926fd72bc31fa0f34abc89

SHA512
02cfaa0d2c329d12d7b3e9b03dfde819073a50dbeb79064d68a857037627b7f470233979d0b59917e7a18ab298a7f45e8ee33d45aa1a2e40da6fd88cb22e8c5c

Download Submit
C:\Windows\System\azlZOES.exe

Filesize
1.8MB

MD5
0b2e657a78405d66369d8c17264e702d

SHA1
0d951cb8b5d92d6569a3f2b5db4bfc9983f5a8b6

SHA256
f4ce84b59c36e098fc724f43b9dd0231ba86b99beedc4d0789984181b0740ec1

SHA512
620e0c768be365109dcac6d2573d5e3deaa0771545d78c2c888be7c639485176e2d0fe7415fa6bc1df15ea5f160124657fe8825bfa877b471d72ee6df23c8534

Download Submit
C:\Windows\System\bGwIVXO.exe

Filesize
1.8MB

MD5
f64fd1e59fe22c2eb4855c2c918eff69

SHA1
6b5c12b97625cde261cc9ed5046a21305c666c03

SHA256
5731ac85ca130c212d9986dbfd10e069e963279bea4e420a685116a94c58a4a1

SHA512
ca37ba911a90565a7e064930314c5b29b094887c8c82452a035baab81d1f3d0fa9adbb9db2bd680f9e897d555e8aca09c4e0c2b15d69585c95a165dbd55458fa

Download Submit
C:\Windows\System\bWrumzM.exe

Filesize
1.8MB

MD5
8ad155f09c4c97f1e694df471a199356

SHA1
0a70a5ebc09047d7d760d646a9624978f4e040fd

SHA256
f9cd9a89438cca6e792f65138b4fc87368fd38fe56d28513cf23a3a51f03764d

SHA512
9b357ed34444466f350225b7ae6d4ee3906aa10d43fb592d061055d6fec282a76167970ae9d248c2c16ddaf8458138f9d6c088584e797cda669a96498272359a

Download Submit
C:\Windows\System\eKQYBGI.exe

Filesize
1.8MB

MD5
a97447f3be551a805b873b91af855e75

SHA1
50cdfa97be0297cdcf8680014272d91a314b7b2c

SHA256
f861508be0974c077b61cd703629fa96c737f4fb3e611b5bf06edba2d9c03307

SHA512
67ec8f92cfc6110597a9309c687faa07edccc845e6b644f863d89c2d77d7cde4554446630a3b855b5f83479eee92933dc483afe467c42d3a947784fbd2e5bf44

Download Submit
C:\Windows\System\fdJkriJ.exe

Filesize
1.8MB

MD5
ca7580cfb180526fc666364d356705d3

SHA1
daa4dc3858c1ed3a069984cb9799f19d20a02b5b

SHA256
c0dc9cfcdb56d5854261705734bdbdd09f6a0668a46dd852256508182eac1b5d

SHA512
a540c6b953e58e7db31cc21e3dc482507c8f91c0ecf089fe55cd10442914445362102ceeb0ced653cf66a24cedde1760ebd5bf8704d3a52e81edf939eac3029e

Download Submit
C:\Windows\System\gKdngpp.exe

Filesize
1.8MB

MD5
9ee38e828bf179e423a97d1741487643

SHA1
eb45281124bdbe6bdace984e1d9a4643508f40e6

SHA256
7cdeaebc5df2ff104deb3023bd64594b03ea499ec5647516b4e32608ce334172

SHA512
36bbbdbe1f9aeb3f24c85fa34238ca21594878ab21090b7ed356197254d202570ecc27064cd8d638cddb2a9c917ff706bfcf784b66533ae1b6dfc46842271b9a

Download Submit
C:\Windows\System\kxbUfkC.exe

Filesize
1.8MB

MD5
c94e8dd27f033a0b8995dfd5ea804e6c

SHA1
70a7ef6ae22aff173435ceab32cf22dc2d8511fa

SHA256
7e733af8a818467d5cdd813c801159aa8e2bdb5c86b3bfbbeaeb15c0fa39e7bd

SHA512
13b8890f2d64658d5157270fd2a5823349fcc9e568f3ba4152ac3eee0d8ea18e2bc679eb32feabe8cbc3120ef4025a8aba7f6bff8f55e415eaba786fd54584d4

Download Submit
C:\Windows\System\ncHzlHU.exe

Filesize
1.8MB

MD5
f3d23eef48c1a4c51be6576359d22d6e

SHA1
1522fee0f636d1ee7e79e56026bf8f32cb60f335

SHA256
4adc78645edf1c04eafd82279f9ad7aa7dde86d8480623dde4bb42a011095d7c

SHA512
36adf44c3936c57a0ff436467b13e1f5e5ac55d0c9f61757b70dfcb7bc431e77e9579df941568253b1711133a0f667f0fa4c6b12f4f2f003857d332c500fbc1b

Download Submit
C:\Windows\System\opqDkYM.exe

Filesize
1.8MB

MD5
06dd8dc99622af81704ed89627dd9153

SHA1
59057f4c4f9d2b7a1a1b369d9d259bb4c110bb1f

SHA256
6dd55ced7b58b5aa79d1b683d8c7853ba83f4e461551e2d4c8eebea6c3ab0a41

SHA512
9ed8c51b87b5869d73643ead1f3b94b26a4656531fc70aab1688b023067e2f2dba7f2208aaeb928578138219029fbcd6a67de21c8c8412ff961740a98829dfcd

Download Submit
C:\Windows\System\rKdrVAk.exe

Filesize
1.8MB

MD5
e881e52cf1de519453416ff5a36918f1

SHA1
1a021822d04d8471c3822aa1ad1a4332c5e47c4c

SHA256
ea5f50ab55c7a14df1de5d2fee5e6a1da1d0506efa65fd6f19e2fc2b3ec5f913

SHA512
5e5938357a0f04f8d70ef1a2005db3ca0d059d46f7c9cba101b40319d44799b63722d69837f8b7353cabd256da1497d44e456245efa32c5487a38aa38b0271a6

Download Submit
C:\Windows\System\usABxiw.exe

Filesize
1.8MB

MD5
3dbe10db8514b8bf87f9f2854889349f

SHA1
8ad1c640bfdecedf489e3b300c3842985c433699

SHA256
f77d481e4bc6a7e8ae04d35569bfde3ee036b2ea53c42a7e380f3301ec2c7e26

SHA512
9f9b61e599a09f80ca051e13ef345281ba4e0954cb5832ffccc9d43cfefd6b82b734e1624390ea55855b7536a70c5bdf0ce546f36a8dceb231fdec0dd2e8369a

Download Submit
C:\Windows\System\vVwVjfo.exe

Filesize
1.8MB

MD5
058497709da08c6d29af8ae6323bb1e6

SHA1
1e8db2d3c1e4c0debfb7dc72fd6cfe0d15683b42

SHA256
7bc4286228efef211615777e32e71cb9f2b291664a7a371d241e11824a4b25b4

SHA512
fd96e53c28ca31e1be9ff24e9b5ac4b7b81a803d8afc719859c59f1b0d574bf4bfc67e11f752b9e765a6325c446ccb0deb931c23469a5ff990b38b4daf6123c9

Download Submit
C:\Windows\System\wXXlUVT.exe

Filesize
1.8MB

MD5
4f68469948e6e3f37423012a9ad00fc4

SHA1
5899487d3915e43e2d49c18e8948faedc3aeb843

SHA256
7d2453cd022f393743b9c152159d99d6b2ac80f4d6f6ed4ebf9f35adbc49788f

SHA512
fef8524ce4697d573173eb0bc0d62c214992360dd6cd52ba88d6293ee9d9f1c14f644740dc943e01a846723c1f541109752579f087f203497392789672e6d57f

Download Submit
C:\Windows\System\wYgtyAm.exe

Filesize
1.8MB

MD5
f26224cfec616bb71dab06078f424396

SHA1
b4ce38e771dadeeeeea2bd3ef4c5503595dc7a36

SHA256
ad10eca2881d00a33aadff93d4bd278120e4089c0fd44320820b8fa210996836

SHA512
b366daa4813f0ca3afa78865c91f813a77b4e6bd8dfdae9496a17d3b225409074e7c011aa310cae6a89263822ead8b31d5932bbe7b8b0f1495c2679bc228cc00

Download Submit
C:\Windows\System\xjfDkDo.exe

Filesize
1.8MB

MD5
bb1e9e226ae00bc8020f7898c62b7da3

SHA1
89af776e3db33cf1aad7f4d62a8db5654f9f234e

SHA256
1500fba77126f05274af260227ccaf93e4c73aba4746f7c7dfb3fe39319b9e27

SHA512
4ff173283cf26816dd20af5c22b2253b79cef7a24b699319b012e9a5f1ee50ff0b0c9e957a612dc120fd1eea452b73a43cb957b28903b68455e88b5cdd7b461c

Download Submit
C:\Windows\System\xljQOHu.exe

Filesize
1.8MB

MD5
0a0c13a99244a2638e8356c6ca4fd565

SHA1
b46d0c41733a4847011ebdd89ab7d7fc89bc603c

SHA256
32f9861a49505ece1db36436fdb424d9f125ccb2df6f5fef78ee496195cabc2f

SHA512
a616633e718e6e2c58b39881b09160ec106fabd3cec174f55343d43fe78f4ccd0c06e8c933d4ad54704dc5c526fd5761327b996b0620d85a2ac3bf0054ffe2c5

Download Submit
C:\Windows\System\zDDyBDm.exe

Filesize
1.8MB

MD5
df7cf8654f2be2db7e5d02a93806584e

SHA1
f4c965e9a0dab8f9f29ce94e90fae9fc369ce079

SHA256
6fff136ab97290b39bc6e1af68c5e4482b02b1f5b4a04f2c04afd32d0aa1986f

SHA512
c1e40ee90bc9195feab3a07823e9a20dfba3d700b8b3e5d04c73d6d85267e1ecdca698d3b35e5ac4a029d7d3cf8dcfb55246a9035e3fdfb5d0ddf37e9f922bbf

Download Submit
memory/216-2343-0x00007FF64EDF0000-0x00007FF64F1E2000-memory.dmp

Filesize
3.9MB

Download
memory/216-23-0x00007FF64EDF0000-0x00007FF64F1E2000-memory.dmp

Filesize
3.9MB

Download
memory/216-2295-0x00007FF64EDF0000-0x00007FF64F1E2000-memory.dmp

Filesize
3.9MB

Download
memory/1016-2348-0x00007FF7F6AA0000-0x00007FF7F6E92000-memory.dmp

Filesize
3.9MB

Download
memory/1016-48-0x00007FF7F6AA0000-0x00007FF7F6E92000-memory.dmp

Filesize
3.9MB

Download
memory/1040-582-0x00007FF633100000-0x00007FF6334F2000-memory.dmp

Filesize
3.9MB

Download
memory/1040-2399-0x00007FF633100000-0x00007FF6334F2000-memory.dmp

Filesize
3.9MB

Download
memory/1072-2402-0x00007FF7CC780000-0x00007FF7CCB72000-memory.dmp

Filesize
3.9MB

Download
memory/1072-121-0x00007FF7CC780000-0x00007FF7CCB72000-memory.dmp

Filesize
3.9MB

Download
memory/1072-2381-0x00007FF7CC780000-0x00007FF7CCB72000-memory.dmp

Filesize
3.9MB

Download
memory/1144-2337-0x00007FF64ACC0000-0x00007FF64B0B2000-memory.dmp

Filesize
3.9MB

Download
memory/1144-2292-0x00007FF64ACC0000-0x00007FF64B0B2000-memory.dmp

Filesize
3.9MB

Download
memory/1144-10-0x00007FF64ACC0000-0x00007FF64B0B2000-memory.dmp

Filesize
3.9MB

Download
memory/1292-513-0x00007FF620FB0000-0x00007FF6213A2000-memory.dmp

Filesize
3.9MB

Download
memory/1292-2404-0x00007FF620FB0000-0x00007FF6213A2000-memory.dmp

Filesize
3.9MB

Download
memory/1572-561-0x00007FF756B30000-0x00007FF756F22000-memory.dmp

Filesize
3.9MB

Download
memory/1572-2407-0x00007FF756B30000-0x00007FF756F22000-memory.dmp

Filesize
3.9MB

Download
memory/1704-2352-0x00007FF78D980000-0x00007FF78DD72000-memory.dmp

Filesize
3.9MB

Download
memory/1704-2297-0x00007FF78D980000-0x00007FF78DD72000-memory.dmp

Filesize
3.9MB

Download
memory/1704-43-0x00007FF78D980000-0x00007FF78DD72000-memory.dmp

Filesize
3.9MB

Download
memory/1792-107-0x00007FF7C2840000-0x00007FF7C2C32000-memory.dmp

Filesize
3.9MB

Download
memory/1792-2389-0x00007FF7C2840000-0x00007FF7C2C32000-memory.dmp

Filesize
3.9MB

Download
memory/1884-2409-0x00007FF6C8AD0000-0x00007FF6C8EC2000-memory.dmp

Filesize
3.9MB

Download
memory/1884-573-0x00007FF6C8AD0000-0x00007FF6C8EC2000-memory.dmp

Filesize
3.9MB

Download
memory/1968-57-0x00007FF727320000-0x00007FF727712000-memory.dmp

Filesize
3.9MB

Download
memory/1968-2346-0x00007FF727320000-0x00007FF727712000-memory.dmp

Filesize
3.9MB

Download
memory/1968-2320-0x00007FF727320000-0x00007FF727712000-memory.dmp

Filesize
3.9MB

Download
memory/2032-2334-0x00007FF73B8C0000-0x00007FF73BCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2032-93-0x00007FF73B8C0000-0x00007FF73BCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2032-2391-0x00007FF73B8C0000-0x00007FF73BCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2452-56-0x00007FF69F6D0000-0x00007FF69FAC2000-memory.dmp

Filesize
3.9MB

Download
memory/2452-2350-0x00007FF69F6D0000-0x00007FF69FAC2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-584-0x00007FF726300000-0x00007FF7266F2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-2394-0x00007FF726300000-0x00007FF7266F2000-memory.dmp

Filesize
3.9MB

Download
memory/2716-24-0x00007FFD8DD63000-0x00007FFD8DD65000-memory.dmp

Filesize
8KB

Download
memory/2716-2296-0x00007FFD8DD60000-0x00007FFD8E821000-memory.dmp

Filesize
10.8MB

Download
memory/2716-54-0x00007FFD8DD60000-0x00007FFD8E821000-memory.dmp

Filesize
10.8MB

Download
memory/2716-69-0x000001DEAD840000-0x000001DEAD862000-memory.dmp

Filesize
136KB

Download
memory/2716-2308-0x00007FFD8DD63000-0x00007FFD8DD65000-memory.dmp

Filesize
8KB

Download
memory/2716-70-0x000001DEAE6D0000-0x000001DEAEE76000-memory.dmp

Filesize
7.6MB

Download
memory/2716-42-0x00007FFD8DD60000-0x00007FFD8E821000-memory.dmp

Filesize
10.8MB

Download
memory/2812-98-0x00007FF65EE90000-0x00007FF65F282000-memory.dmp

Filesize
3.9MB

Download
memory/2812-2385-0x00007FF65EE90000-0x00007FF65F282000-memory.dmp

Filesize
3.9MB

Download
memory/2940-2294-0x00007FF744960000-0x00007FF744D52000-memory.dmp

Filesize
3.9MB

Download
memory/2940-20-0x00007FF744960000-0x00007FF744D52000-memory.dmp

Filesize
3.9MB

Download
memory/2940-2341-0x00007FF744960000-0x00007FF744D52000-memory.dmp

Filesize
3.9MB

Download
memory/3308-2353-0x00007FF6AADD0000-0x00007FF6AB1C2000-memory.dmp

Filesize
3.9MB

Download
memory/3308-55-0x00007FF6AADD0000-0x00007FF6AB1C2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-0-0x00007FF6ADBC0000-0x00007FF6ADFB2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-1937-0x00007FF6ADBC0000-0x00007FF6ADFB2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-1-0x0000020EA1B80000-0x0000020EA1B90000-memory.dmp

Filesize
64KB

Download
memory/3612-2339-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp

Filesize
3.9MB

Download
memory/3612-26-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp

Filesize
3.9MB

Download
memory/3612-2309-0x00007FF68E4E0000-0x00007FF68E8D2000-memory.dmp

Filesize
3.9MB

Download
memory/3636-99-0x00007FF6A1C70000-0x00007FF6A2062000-memory.dmp

Filesize
3.9MB

Download
memory/3636-2387-0x00007FF6A1C70000-0x00007FF6A2062000-memory.dmp

Filesize
3.9MB

Download
memory/3636-2335-0x00007FF6A1C70000-0x00007FF6A2062000-memory.dmp

Filesize
3.9MB

Download
memory/3976-583-0x00007FF71A5F0000-0x00007FF71A9E2000-memory.dmp

Filesize
3.9MB

Download
memory/3976-2398-0x00007FF71A5F0000-0x00007FF71A9E2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-132-0x00007FF791E00000-0x00007FF7921F2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-2405-0x00007FF791E00000-0x00007FF7921F2000-memory.dmp

Filesize
3.9MB

Download
memory/4316-91-0x00007FF781360000-0x00007FF781752000-memory.dmp

Filesize
3.9MB

Download
memory/4316-2383-0x00007FF781360000-0x00007FF781752000-memory.dmp

Filesize
3.9MB

Download
memory/4316-2321-0x00007FF781360000-0x00007FF781752000-memory.dmp

Filesize
3.9MB

Download
memory/4432-576-0x00007FF648380000-0x00007FF648772000-memory.dmp

Filesize
3.9MB

Download
memory/4432-2423-0x00007FF648380000-0x00007FF648772000-memory.dmp

Filesize
3.9MB

Download
memory/4564-558-0x00007FF66B120000-0x00007FF66B512000-memory.dmp

Filesize
3.9MB

Download
memory/4564-2396-0x00007FF66B120000-0x00007FF66B512000-memory.dmp

Filesize
3.9MB

Download