xmrig | 33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460

Analysis

max time kernel
108s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
Size

1.9MB
MD5

6b2d7d25ef3444e54be82e46741fd0f0
SHA1

df82a48174f43596a89a9b65dffa374d3d89eba4
SHA256

33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460
SHA512

7901e56f7f2b8afbea02348aa3d21987970bf178568e2508c2be7459489bcb4b92d162fd7d74ac21276e97a8d28626b5420dd2f4acae80e47039c76441d4659e
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMb:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rx

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/3912-0-0x00007FF68F3E0000-0x00007FF68F7D6000-memory.dmp	xmrig
C:\Windows\System\TVmrcPt.exe	xmrig
behavioral2/memory/2116-12-0x00007FF641020000-0x00007FF641416000-memory.dmp	xmrig
C:\Windows\System\TUUMzZK.exe	xmrig
C:\Windows\System\RnekRrG.exe	xmrig
C:\Windows\System\ymvbMNb.exe	xmrig
behavioral2/memory/2444-74-0x00007FF6DD610000-0x00007FF6DDA06000-memory.dmp	xmrig
C:\Windows\System\AGXrDhG.exe	xmrig
C:\Windows\System\Syldkix.exe	xmrig
C:\Windows\System\otrHWWn.exe	xmrig
behavioral2/memory/1612-112-0x00007FF718710000-0x00007FF718B06000-memory.dmp	xmrig
behavioral2/memory/4640-124-0x00007FF6600F0000-0x00007FF6604E6000-memory.dmp	xmrig
behavioral2/memory/3056-128-0x00007FF7639D0000-0x00007FF763DC6000-memory.dmp	xmrig
C:\Windows\System\nUGJmhM.exe	xmrig
C:\Windows\System\DmEuDJV.exe	xmrig
behavioral2/memory/2128-158-0x00007FF6A9030000-0x00007FF6A9426000-memory.dmp	xmrig
C:\Windows\System\qHYYwue.exe	xmrig
behavioral2/memory/3212-177-0x00007FF74A5F0000-0x00007FF74A9E6000-memory.dmp	xmrig
C:\Windows\System\jEZzPvU.exe	xmrig
C:\Windows\System\LaowZpA.exe	xmrig
C:\Windows\System\SSqBRvc.exe	xmrig
C:\Windows\System\heTgJjJ.exe	xmrig
C:\Windows\System\JrdhYEM.exe	xmrig
C:\Windows\System\hcEZFyo.exe	xmrig
C:\Windows\System\EDgRhUd.exe	xmrig
behavioral2/memory/4340-171-0x00007FF7BD540000-0x00007FF7BD936000-memory.dmp	xmrig
C:\Windows\System\xIQUvBq.exe	xmrig
behavioral2/memory/4932-165-0x00007FF727FF0000-0x00007FF7283E6000-memory.dmp	xmrig
C:\Windows\System\qMtlnmR.exe	xmrig
behavioral2/memory/3732-159-0x00007FF6AEE40000-0x00007FF6AF236000-memory.dmp	xmrig
behavioral2/memory/392-152-0x00007FF6BC7A0000-0x00007FF6BCB96000-memory.dmp	xmrig
C:\Windows\System\nhTfEQD.exe	xmrig
behavioral2/memory/3488-146-0x00007FF6AAEA0000-0x00007FF6AB296000-memory.dmp	xmrig
C:\Windows\System\SJQhMrj.exe	xmrig
behavioral2/memory/5052-140-0x00007FF6E6810000-0x00007FF6E6C06000-memory.dmp	xmrig
behavioral2/memory/1208-133-0x00007FF7162C0000-0x00007FF7166B6000-memory.dmp	xmrig
C:\Windows\System\qjBmJWt.exe	xmrig
behavioral2/memory/3116-123-0x00007FF627890000-0x00007FF627C86000-memory.dmp	xmrig
behavioral2/memory/4576-117-0x00007FF6D1CA0000-0x00007FF6D2096000-memory.dmp	xmrig
C:\Windows\System\MyiiOfv.exe	xmrig
C:\Windows\System\XbzBnjz.exe	xmrig
C:\Windows\System\TdgReeD.exe	xmrig
behavioral2/memory/4100-108-0x00007FF61E7E0000-0x00007FF61EBD6000-memory.dmp	xmrig
behavioral2/memory/4776-104-0x00007FF767E70000-0x00007FF768266000-memory.dmp	xmrig
behavioral2/memory/1600-98-0x00007FF7EA4A0000-0x00007FF7EA896000-memory.dmp	xmrig
C:\Windows\System\uAhssSm.exe	xmrig
behavioral2/memory/3492-83-0x00007FF6112B0000-0x00007FF6116A6000-memory.dmp	xmrig
C:\Windows\System\ftRHzxZ.exe	xmrig
C:\Windows\System\inzBIPC.exe	xmrig
behavioral2/memory/996-82-0x00007FF6DCC50000-0x00007FF6DD046000-memory.dmp	xmrig
C:\Windows\System\KEStPAF.exe	xmrig
C:\Windows\System\VKIHsmZ.exe	xmrig
behavioral2/memory/3088-47-0x00007FF657200000-0x00007FF6575F6000-memory.dmp	xmrig
behavioral2/memory/4844-42-0x00007FF6D15F0000-0x00007FF6D19E6000-memory.dmp	xmrig
behavioral2/memory/3144-25-0x00007FF7E22E0000-0x00007FF7E26D6000-memory.dmp	xmrig
C:\Windows\System\vZnLEMK.exe	xmrig
C:\Windows\System\jRtDVnN.exe	xmrig
C:\Windows\System\DecLJAJ.exe	xmrig
behavioral2/memory/996-1943-0x00007FF6DCC50000-0x00007FF6DD046000-memory.dmp	xmrig
behavioral2/memory/3492-1944-0x00007FF6112B0000-0x00007FF6116A6000-memory.dmp	xmrig
behavioral2/memory/2116-1956-0x00007FF641020000-0x00007FF641416000-memory.dmp	xmrig
behavioral2/memory/3144-1957-0x00007FF7E22E0000-0x00007FF7E26D6000-memory.dmp	xmrig
behavioral2/memory/4100-1958-0x00007FF61E7E0000-0x00007FF61EBD6000-memory.dmp	xmrig
behavioral2/memory/4844-1959-0x00007FF6D15F0000-0x00007FF6D19E6000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

9 4612 powershell.exe
11 4612 powershell.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

4612 powershell.exe

flow	pid	process
9	4612	powershell.exe
11	4612	powershell.exe

pid	process
4612	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

DecLJAJ.exejRtDVnN.exeTVmrcPt.exevZnLEMK.exeTUUMzZK.exeVKIHsmZ.exeRnekRrG.exeymvbMNb.exeKEStPAF.exeinzBIPC.exeftRHzxZ.exeAGXrDhG.exeuAhssSm.exeSyldkix.exeotrHWWn.exeTdgReeD.exeMyiiOfv.exeXbzBnjz.exeqjBmJWt.exenUGJmhM.exeSJQhMrj.exenhTfEQD.exeDmEuDJV.exeqMtlnmR.exexIQUvBq.exeEDgRhUd.exeqHYYwue.exehcEZFyo.exeJrdhYEM.exeheTgJjJ.exeLaowZpA.exeSSqBRvc.exejEZzPvU.exeXaPPLmP.exehZGMmzk.exeXgyEgjt.exewzgjMbF.exejhUdryT.exeBGkvPcv.exeXeIDikL.exeTBfVUac.exefsNzixw.exeqUHDlfF.exewdKsPmj.exeuBdCHfU.exesnoKpWH.exezqvqwbC.exetvoqsnX.exeoXSVScg.exeQWDXZDn.exegSJZkpW.exelmQCdbu.exegfaLIML.exeSeiAVqj.exesRtHICs.exeZhgvMFP.exeVpmaAkP.exeStcxNoz.exeRsyaTWJ.exeAdoFOBy.exeDewRCLk.exeBHqOYTy.exeDtKHFwd.exeCYcGSLs.exe

pid	process
2116	DecLJAJ.exe
3144	jRtDVnN.exe
4844	TVmrcPt.exe
4100	vZnLEMK.exe
3088	TUUMzZK.exe
1612	VKIHsmZ.exe
2444	RnekRrG.exe
4576	ymvbMNb.exe
996	KEStPAF.exe
3492	inzBIPC.exe
3116	ftRHzxZ.exe
1600	AGXrDhG.exe
4640	uAhssSm.exe
4776	Syldkix.exe
3056	otrHWWn.exe
1208	TdgReeD.exe
5052	MyiiOfv.exe
3488	XbzBnjz.exe
392	qjBmJWt.exe
2128	nUGJmhM.exe
3732	SJQhMrj.exe
4932	nhTfEQD.exe
4340	DmEuDJV.exe
3212	qMtlnmR.exe
4408	xIQUvBq.exe
3676	EDgRhUd.exe
2504	qHYYwue.exe
4344	hcEZFyo.exe
4920	JrdhYEM.exe
5020	heTgJjJ.exe
2928	LaowZpA.exe
680	SSqBRvc.exe
1168	jEZzPvU.exe
4336	XaPPLmP.exe
4440	hZGMmzk.exe
2984	XgyEgjt.exe
3204	wzgjMbF.exe
3556	jhUdryT.exe
1768	BGkvPcv.exe
4652	XeIDikL.exe
4268	TBfVUac.exe
3384	fsNzixw.exe
2172	qUHDlfF.exe
3468	wdKsPmj.exe
1276	uBdCHfU.exe
3812	snoKpWH.exe
5032	zqvqwbC.exe
2636	tvoqsnX.exe
3228	oXSVScg.exe
4308	QWDXZDn.exe
5116	gSJZkpW.exe
2312	lmQCdbu.exe
1236	gfaLIML.exe
3200	SeiAVqj.exe
4544	sRtHICs.exe
5140	ZhgvMFP.exe
5168	VpmaAkP.exe
5196	StcxNoz.exe
5220	RsyaTWJ.exe
5256	AdoFOBy.exe
5292	DewRCLk.exe
5320	BHqOYTy.exe
5348	DtKHFwd.exe
5380	CYcGSLs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3912-0-0x00007FF68F3E0000-0x00007FF68F7D6000-memory.dmp	upx
C:\Windows\System\TVmrcPt.exe	upx
behavioral2/memory/2116-12-0x00007FF641020000-0x00007FF641416000-memory.dmp	upx
C:\Windows\System\TUUMzZK.exe	upx
C:\Windows\System\RnekRrG.exe	upx
C:\Windows\System\ymvbMNb.exe	upx
behavioral2/memory/2444-74-0x00007FF6DD610000-0x00007FF6DDA06000-memory.dmp	upx
C:\Windows\System\AGXrDhG.exe	upx
C:\Windows\System\Syldkix.exe	upx
C:\Windows\System\otrHWWn.exe	upx
behavioral2/memory/1612-112-0x00007FF718710000-0x00007FF718B06000-memory.dmp	upx
behavioral2/memory/4640-124-0x00007FF6600F0000-0x00007FF6604E6000-memory.dmp	upx
behavioral2/memory/3056-128-0x00007FF7639D0000-0x00007FF763DC6000-memory.dmp	upx
C:\Windows\System\nUGJmhM.exe	upx
C:\Windows\System\DmEuDJV.exe	upx
behavioral2/memory/2128-158-0x00007FF6A9030000-0x00007FF6A9426000-memory.dmp	upx
C:\Windows\System\qHYYwue.exe	upx
behavioral2/memory/3212-177-0x00007FF74A5F0000-0x00007FF74A9E6000-memory.dmp	upx
C:\Windows\System\jEZzPvU.exe	upx
C:\Windows\System\LaowZpA.exe	upx
C:\Windows\System\SSqBRvc.exe	upx
C:\Windows\System\heTgJjJ.exe	upx
C:\Windows\System\JrdhYEM.exe	upx
C:\Windows\System\hcEZFyo.exe	upx
C:\Windows\System\EDgRhUd.exe	upx
behavioral2/memory/4340-171-0x00007FF7BD540000-0x00007FF7BD936000-memory.dmp	upx
C:\Windows\System\xIQUvBq.exe	upx
behavioral2/memory/4932-165-0x00007FF727FF0000-0x00007FF7283E6000-memory.dmp	upx
C:\Windows\System\qMtlnmR.exe	upx
behavioral2/memory/3732-159-0x00007FF6AEE40000-0x00007FF6AF236000-memory.dmp	upx
behavioral2/memory/392-152-0x00007FF6BC7A0000-0x00007FF6BCB96000-memory.dmp	upx
C:\Windows\System\nhTfEQD.exe	upx
behavioral2/memory/3488-146-0x00007FF6AAEA0000-0x00007FF6AB296000-memory.dmp	upx
C:\Windows\System\SJQhMrj.exe	upx
behavioral2/memory/5052-140-0x00007FF6E6810000-0x00007FF6E6C06000-memory.dmp	upx
behavioral2/memory/1208-133-0x00007FF7162C0000-0x00007FF7166B6000-memory.dmp	upx
C:\Windows\System\qjBmJWt.exe	upx
behavioral2/memory/3116-123-0x00007FF627890000-0x00007FF627C86000-memory.dmp	upx
behavioral2/memory/4576-117-0x00007FF6D1CA0000-0x00007FF6D2096000-memory.dmp	upx
C:\Windows\System\MyiiOfv.exe	upx
C:\Windows\System\XbzBnjz.exe	upx
C:\Windows\System\TdgReeD.exe	upx
behavioral2/memory/4100-108-0x00007FF61E7E0000-0x00007FF61EBD6000-memory.dmp	upx
behavioral2/memory/4776-104-0x00007FF767E70000-0x00007FF768266000-memory.dmp	upx
behavioral2/memory/1600-98-0x00007FF7EA4A0000-0x00007FF7EA896000-memory.dmp	upx
C:\Windows\System\uAhssSm.exe	upx
behavioral2/memory/3492-83-0x00007FF6112B0000-0x00007FF6116A6000-memory.dmp	upx
C:\Windows\System\ftRHzxZ.exe	upx
C:\Windows\System\inzBIPC.exe	upx
behavioral2/memory/996-82-0x00007FF6DCC50000-0x00007FF6DD046000-memory.dmp	upx
C:\Windows\System\KEStPAF.exe	upx
C:\Windows\System\VKIHsmZ.exe	upx
behavioral2/memory/3088-47-0x00007FF657200000-0x00007FF6575F6000-memory.dmp	upx
behavioral2/memory/4844-42-0x00007FF6D15F0000-0x00007FF6D19E6000-memory.dmp	upx
behavioral2/memory/3144-25-0x00007FF7E22E0000-0x00007FF7E26D6000-memory.dmp	upx
C:\Windows\System\vZnLEMK.exe	upx
C:\Windows\System\jRtDVnN.exe	upx
C:\Windows\System\DecLJAJ.exe	upx
behavioral2/memory/996-1943-0x00007FF6DCC50000-0x00007FF6DD046000-memory.dmp	upx
behavioral2/memory/3492-1944-0x00007FF6112B0000-0x00007FF6116A6000-memory.dmp	upx
behavioral2/memory/2116-1956-0x00007FF641020000-0x00007FF641416000-memory.dmp	upx
behavioral2/memory/3144-1957-0x00007FF7E22E0000-0x00007FF7E26D6000-memory.dmp	upx
behavioral2/memory/4100-1958-0x00007FF61E7E0000-0x00007FF61EBD6000-memory.dmp	upx
behavioral2/memory/4844-1959-0x00007FF6D15F0000-0x00007FF6D19E6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

7 raw.githubusercontent.com
9 raw.githubusercontent.com

flow	ioc
7	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe

description	ioc	process
File created	C:\Windows\System\LdwWRLv.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\wHjYFCF.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ZOoeYcc.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\PdALXLj.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\NqNIShu.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\qUagVbz.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\XQyjNAH.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\mkHEjli.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\cGQBhNM.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\LDJInDm.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\lSxHgVI.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\VePccSf.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\xHxPDYN.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ZNekeqL.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\LBnAgGO.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ZjJsrEs.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\maRhBQH.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\tXoEKpg.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ZiOAFdA.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\SBaMXIx.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\nYJuUGI.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\XGknWXr.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\yUxrcPB.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\KHuKAki.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\SfyJyrC.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ZDOhAED.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\WfPMkQL.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ENYdzkJ.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\VCpPlSc.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\KGbAHtS.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\zkCjczK.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\SkNMynS.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\FzeFUrx.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\DrFYqSr.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\wODfPiq.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\PlLMhsK.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ejZtyXT.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\LDNAPTD.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\LtToFpA.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\LnuuksX.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\YKrvRAB.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\RoXzxvl.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\DEujJUO.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\XmVEJzg.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\EOXBEko.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\NlAjlme.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\cShdtav.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\mlMAtTp.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ZqpIZEr.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\aCqcVaC.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\SOOOXwW.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\wxVtMfn.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\IZvorqw.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\RZrwbnv.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\QjhUlMJ.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\CjOAgOO.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\MPCdLXd.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\KlPavGU.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\dHhFBSl.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\jIyhppU.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\oZgwsHx.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\GrQRBuv.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\cXfbdRZ.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
File created	C:\Windows\System\ICcieje.exe	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wermgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

wermgr.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU wermgr.exe
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS wermgr.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

4612 powershell.exe
4612 powershell.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe

pid	process
4612	powershell.exe
4612	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
Token: SeDebugPrivilege	4612	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe

description	pid	process	target process
PID 3912 wrote to memory of 4612	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	powershell.exe
PID 3912 wrote to memory of 4612	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	powershell.exe
PID 3912 wrote to memory of 2116	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	DecLJAJ.exe
PID 3912 wrote to memory of 2116	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	DecLJAJ.exe
PID 3912 wrote to memory of 3144	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	jRtDVnN.exe
PID 3912 wrote to memory of 3144	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	jRtDVnN.exe
PID 3912 wrote to memory of 4844	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	TVmrcPt.exe
PID 3912 wrote to memory of 4844	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	TVmrcPt.exe
PID 3912 wrote to memory of 4100	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	vZnLEMK.exe
PID 3912 wrote to memory of 4100	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	vZnLEMK.exe
PID 3912 wrote to memory of 3088	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	TUUMzZK.exe
PID 3912 wrote to memory of 3088	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	TUUMzZK.exe
PID 3912 wrote to memory of 1612	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	VKIHsmZ.exe
PID 3912 wrote to memory of 1612	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	VKIHsmZ.exe
PID 3912 wrote to memory of 2444	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	RnekRrG.exe
PID 3912 wrote to memory of 2444	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	RnekRrG.exe
PID 3912 wrote to memory of 3492	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	inzBIPC.exe
PID 3912 wrote to memory of 3492	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	inzBIPC.exe
PID 3912 wrote to memory of 4576	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	ymvbMNb.exe
PID 3912 wrote to memory of 4576	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	ymvbMNb.exe
PID 3912 wrote to memory of 996	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	KEStPAF.exe
PID 3912 wrote to memory of 996	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	KEStPAF.exe
PID 3912 wrote to memory of 3116	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	ftRHzxZ.exe
PID 3912 wrote to memory of 3116	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	ftRHzxZ.exe
PID 3912 wrote to memory of 1600	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	AGXrDhG.exe
PID 3912 wrote to memory of 1600	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	AGXrDhG.exe
PID 3912 wrote to memory of 4640	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	uAhssSm.exe
PID 3912 wrote to memory of 4640	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	uAhssSm.exe
PID 3912 wrote to memory of 4776	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	Syldkix.exe
PID 3912 wrote to memory of 4776	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	Syldkix.exe
PID 3912 wrote to memory of 3056	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	otrHWWn.exe
PID 3912 wrote to memory of 3056	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	otrHWWn.exe
PID 3912 wrote to memory of 1208	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	TdgReeD.exe
PID 3912 wrote to memory of 1208	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	TdgReeD.exe
PID 3912 wrote to memory of 5052	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	MyiiOfv.exe
PID 3912 wrote to memory of 5052	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	MyiiOfv.exe
PID 3912 wrote to memory of 3488	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	XbzBnjz.exe
PID 3912 wrote to memory of 3488	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	XbzBnjz.exe
PID 3912 wrote to memory of 392	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	qjBmJWt.exe
PID 3912 wrote to memory of 392	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	qjBmJWt.exe
PID 3912 wrote to memory of 2128	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	nUGJmhM.exe
PID 3912 wrote to memory of 2128	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	nUGJmhM.exe
PID 3912 wrote to memory of 3732	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	SJQhMrj.exe
PID 3912 wrote to memory of 3732	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	SJQhMrj.exe
PID 3912 wrote to memory of 4932	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	nhTfEQD.exe
PID 3912 wrote to memory of 4932	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	nhTfEQD.exe
PID 3912 wrote to memory of 4340	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	DmEuDJV.exe
PID 3912 wrote to memory of 4340	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	DmEuDJV.exe
PID 3912 wrote to memory of 3212	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	qMtlnmR.exe
PID 3912 wrote to memory of 3212	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	qMtlnmR.exe
PID 3912 wrote to memory of 4408	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	xIQUvBq.exe
PID 3912 wrote to memory of 4408	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	xIQUvBq.exe
PID 3912 wrote to memory of 3676	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	EDgRhUd.exe
PID 3912 wrote to memory of 3676	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	EDgRhUd.exe
PID 3912 wrote to memory of 2504	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	qHYYwue.exe
PID 3912 wrote to memory of 2504	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	qHYYwue.exe
PID 3912 wrote to memory of 4344	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	hcEZFyo.exe
PID 3912 wrote to memory of 4344	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	hcEZFyo.exe
PID 3912 wrote to memory of 4920	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	JrdhYEM.exe
PID 3912 wrote to memory of 4920	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	JrdhYEM.exe
PID 3912 wrote to memory of 5020	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	heTgJjJ.exe
PID 3912 wrote to memory of 5020	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	heTgJjJ.exe
PID 3912 wrote to memory of 2928	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	LaowZpA.exe
PID 3912 wrote to memory of 2928	3912	33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe	LaowZpA.exe

C:\Users\Admin\AppData\Local\Temp\33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\33d8d591c8d0aef5356920f86cc3cc4676cf5891fcaa47e83c6297db26524460_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3912

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4612

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4612" "2988" "2948" "2992" "0" "0" "2996" "0" "0" "0" "0" "0"
3⤵
- Checks processor information in registry
- Enumerates system info in registry
PID:12668

C:\Windows\System\DecLJAJ.exe
C:\Windows\System\DecLJAJ.exe
2⤵
- Executes dropped EXE
PID:2116

C:\Windows\System\jRtDVnN.exe
C:\Windows\System\jRtDVnN.exe
2⤵
- Executes dropped EXE
PID:3144

C:\Windows\System\TVmrcPt.exe
C:\Windows\System\TVmrcPt.exe
2⤵
- Executes dropped EXE
PID:4844

C:\Windows\System\vZnLEMK.exe
C:\Windows\System\vZnLEMK.exe
2⤵
- Executes dropped EXE
PID:4100

C:\Windows\System\TUUMzZK.exe
C:\Windows\System\TUUMzZK.exe
2⤵
- Executes dropped EXE
PID:3088

C:\Windows\System\VKIHsmZ.exe
C:\Windows\System\VKIHsmZ.exe
2⤵
- Executes dropped EXE
PID:1612

C:\Windows\System\RnekRrG.exe
C:\Windows\System\RnekRrG.exe
2⤵
- Executes dropped EXE
PID:2444

C:\Windows\System\inzBIPC.exe
C:\Windows\System\inzBIPC.exe
2⤵
- Executes dropped EXE
PID:3492

C:\Windows\System\ymvbMNb.exe
C:\Windows\System\ymvbMNb.exe
2⤵
- Executes dropped EXE
PID:4576

C:\Windows\System\KEStPAF.exe
C:\Windows\System\KEStPAF.exe
2⤵
- Executes dropped EXE
PID:996

C:\Windows\System\ftRHzxZ.exe
C:\Windows\System\ftRHzxZ.exe
2⤵
- Executes dropped EXE
PID:3116

C:\Windows\System\AGXrDhG.exe
C:\Windows\System\AGXrDhG.exe
2⤵
- Executes dropped EXE
PID:1600

C:\Windows\System\uAhssSm.exe
C:\Windows\System\uAhssSm.exe
2⤵
- Executes dropped EXE
PID:4640

C:\Windows\System\Syldkix.exe
C:\Windows\System\Syldkix.exe
2⤵
- Executes dropped EXE
PID:4776

C:\Windows\System\otrHWWn.exe
C:\Windows\System\otrHWWn.exe
2⤵
- Executes dropped EXE
PID:3056

C:\Windows\System\TdgReeD.exe
C:\Windows\System\TdgReeD.exe
2⤵
- Executes dropped EXE
PID:1208

C:\Windows\System\MyiiOfv.exe
C:\Windows\System\MyiiOfv.exe
2⤵
- Executes dropped EXE
PID:5052

C:\Windows\System\XbzBnjz.exe
C:\Windows\System\XbzBnjz.exe
2⤵
- Executes dropped EXE
PID:3488

C:\Windows\System\qjBmJWt.exe
C:\Windows\System\qjBmJWt.exe
2⤵
- Executes dropped EXE
PID:392

C:\Windows\System\nUGJmhM.exe
C:\Windows\System\nUGJmhM.exe
2⤵
- Executes dropped EXE
PID:2128

C:\Windows\System\SJQhMrj.exe
C:\Windows\System\SJQhMrj.exe
2⤵
- Executes dropped EXE
PID:3732

C:\Windows\System\nhTfEQD.exe
C:\Windows\System\nhTfEQD.exe
2⤵
- Executes dropped EXE
PID:4932

C:\Windows\System\DmEuDJV.exe
C:\Windows\System\DmEuDJV.exe
2⤵
- Executes dropped EXE
PID:4340

C:\Windows\System\qMtlnmR.exe
C:\Windows\System\qMtlnmR.exe
2⤵
- Executes dropped EXE
PID:3212

C:\Windows\System\xIQUvBq.exe
C:\Windows\System\xIQUvBq.exe
2⤵
- Executes dropped EXE
PID:4408

C:\Windows\System\EDgRhUd.exe
C:\Windows\System\EDgRhUd.exe
2⤵
- Executes dropped EXE
PID:3676

C:\Windows\System\qHYYwue.exe
C:\Windows\System\qHYYwue.exe
2⤵
- Executes dropped EXE
PID:2504

C:\Windows\System\hcEZFyo.exe
C:\Windows\System\hcEZFyo.exe
2⤵
- Executes dropped EXE
PID:4344

C:\Windows\System\JrdhYEM.exe
C:\Windows\System\JrdhYEM.exe
2⤵
- Executes dropped EXE
PID:4920

C:\Windows\System\heTgJjJ.exe
C:\Windows\System\heTgJjJ.exe
2⤵
- Executes dropped EXE
PID:5020

C:\Windows\System\LaowZpA.exe
C:\Windows\System\LaowZpA.exe
2⤵
- Executes dropped EXE
PID:2928

C:\Windows\System\SSqBRvc.exe
C:\Windows\System\SSqBRvc.exe
2⤵
- Executes dropped EXE
PID:680

C:\Windows\System\jEZzPvU.exe
C:\Windows\System\jEZzPvU.exe
2⤵
- Executes dropped EXE
PID:1168

C:\Windows\System\XaPPLmP.exe
C:\Windows\System\XaPPLmP.exe
2⤵
- Executes dropped EXE
PID:4336

C:\Windows\System\hZGMmzk.exe
C:\Windows\System\hZGMmzk.exe
2⤵
- Executes dropped EXE
PID:4440

C:\Windows\System\XgyEgjt.exe
C:\Windows\System\XgyEgjt.exe
2⤵
- Executes dropped EXE
PID:2984

C:\Windows\System\wzgjMbF.exe
C:\Windows\System\wzgjMbF.exe
2⤵
- Executes dropped EXE
PID:3204

C:\Windows\System\jhUdryT.exe
C:\Windows\System\jhUdryT.exe
2⤵
- Executes dropped EXE
PID:3556

C:\Windows\System\BGkvPcv.exe
C:\Windows\System\BGkvPcv.exe
2⤵
- Executes dropped EXE
PID:1768

C:\Windows\System\XeIDikL.exe
C:\Windows\System\XeIDikL.exe
2⤵
- Executes dropped EXE
PID:4652

C:\Windows\System\TBfVUac.exe
C:\Windows\System\TBfVUac.exe
2⤵
- Executes dropped EXE
PID:4268

C:\Windows\System\fsNzixw.exe
C:\Windows\System\fsNzixw.exe
2⤵
- Executes dropped EXE
PID:3384

C:\Windows\System\qUHDlfF.exe
C:\Windows\System\qUHDlfF.exe
2⤵
- Executes dropped EXE
PID:2172

C:\Windows\System\wdKsPmj.exe
C:\Windows\System\wdKsPmj.exe
2⤵
- Executes dropped EXE
PID:3468

C:\Windows\System\uBdCHfU.exe
C:\Windows\System\uBdCHfU.exe
2⤵
- Executes dropped EXE
PID:1276

C:\Windows\System\snoKpWH.exe
C:\Windows\System\snoKpWH.exe
2⤵
- Executes dropped EXE
PID:3812

C:\Windows\System\zqvqwbC.exe
C:\Windows\System\zqvqwbC.exe
2⤵
- Executes dropped EXE
PID:5032

C:\Windows\System\tvoqsnX.exe
C:\Windows\System\tvoqsnX.exe
2⤵
- Executes dropped EXE
PID:2636

C:\Windows\System\oXSVScg.exe
C:\Windows\System\oXSVScg.exe
2⤵
- Executes dropped EXE
PID:3228

C:\Windows\System\QWDXZDn.exe
C:\Windows\System\QWDXZDn.exe
2⤵
- Executes dropped EXE
PID:4308

C:\Windows\System\gSJZkpW.exe
C:\Windows\System\gSJZkpW.exe
2⤵
- Executes dropped EXE
PID:5116

C:\Windows\System\lmQCdbu.exe
C:\Windows\System\lmQCdbu.exe
2⤵
- Executes dropped EXE
PID:2312

C:\Windows\System\gfaLIML.exe
C:\Windows\System\gfaLIML.exe
2⤵
- Executes dropped EXE
PID:1236

C:\Windows\System\SeiAVqj.exe
C:\Windows\System\SeiAVqj.exe
2⤵
- Executes dropped EXE
PID:3200

C:\Windows\System\sRtHICs.exe
C:\Windows\System\sRtHICs.exe
2⤵
- Executes dropped EXE
PID:4544

C:\Windows\System\ZhgvMFP.exe
C:\Windows\System\ZhgvMFP.exe
2⤵
- Executes dropped EXE
PID:5140

C:\Windows\System\VpmaAkP.exe
C:\Windows\System\VpmaAkP.exe
2⤵
- Executes dropped EXE
PID:5168

C:\Windows\System\StcxNoz.exe
C:\Windows\System\StcxNoz.exe
2⤵
- Executes dropped EXE
PID:5196

C:\Windows\System\RsyaTWJ.exe
C:\Windows\System\RsyaTWJ.exe
2⤵
- Executes dropped EXE
PID:5220

C:\Windows\System\AdoFOBy.exe
C:\Windows\System\AdoFOBy.exe
2⤵
- Executes dropped EXE
PID:5256

C:\Windows\System\DewRCLk.exe
C:\Windows\System\DewRCLk.exe
2⤵
- Executes dropped EXE
PID:5292

C:\Windows\System\BHqOYTy.exe
C:\Windows\System\BHqOYTy.exe
2⤵
- Executes dropped EXE
PID:5320

C:\Windows\System\DtKHFwd.exe
C:\Windows\System\DtKHFwd.exe
2⤵
- Executes dropped EXE
PID:5348

C:\Windows\System\CYcGSLs.exe
C:\Windows\System\CYcGSLs.exe
2⤵
- Executes dropped EXE
PID:5380

C:\Windows\System\FXUnXvo.exe
C:\Windows\System\FXUnXvo.exe
2⤵
PID:5404

C:\Windows\System\UEeglet.exe
C:\Windows\System\UEeglet.exe
2⤵
PID:5432

C:\Windows\System\BPMhEcy.exe
C:\Windows\System\BPMhEcy.exe
2⤵
PID:5464

C:\Windows\System\qDEQtDp.exe
C:\Windows\System\qDEQtDp.exe
2⤵
PID:5488

C:\Windows\System\VCodMuK.exe
C:\Windows\System\VCodMuK.exe
2⤵
PID:5508

C:\Windows\System\nAnWHne.exe
C:\Windows\System\nAnWHne.exe
2⤵
PID:5532

C:\Windows\System\TwQRyQH.exe
C:\Windows\System\TwQRyQH.exe
2⤵
PID:5564

C:\Windows\System\YAsGJFl.exe
C:\Windows\System\YAsGJFl.exe
2⤵
PID:5592

C:\Windows\System\fdwMShu.exe
C:\Windows\System\fdwMShu.exe
2⤵
PID:5620

C:\Windows\System\DZyKpAE.exe
C:\Windows\System\DZyKpAE.exe
2⤵
PID:5648

C:\Windows\System\gOFKViz.exe
C:\Windows\System\gOFKViz.exe
2⤵
PID:5676

C:\Windows\System\tDbvoCY.exe
C:\Windows\System\tDbvoCY.exe
2⤵
PID:5704

C:\Windows\System\bbbJhJe.exe
C:\Windows\System\bbbJhJe.exe
2⤵
PID:5732

C:\Windows\System\DJTYDbw.exe
C:\Windows\System\DJTYDbw.exe
2⤵
PID:5756

C:\Windows\System\feHfVzd.exe
C:\Windows\System\feHfVzd.exe
2⤵
PID:5788

C:\Windows\System\uQWUvla.exe
C:\Windows\System\uQWUvla.exe
2⤵
PID:5816

C:\Windows\System\JNziFsx.exe
C:\Windows\System\JNziFsx.exe
2⤵
PID:5840

C:\Windows\System\tsCEUYx.exe
C:\Windows\System\tsCEUYx.exe
2⤵
PID:5868

C:\Windows\System\kVPDYnc.exe
C:\Windows\System\kVPDYnc.exe
2⤵
PID:5896

C:\Windows\System\bGQAjog.exe
C:\Windows\System\bGQAjog.exe
2⤵
PID:5932

C:\Windows\System\gjuKEQD.exe
C:\Windows\System\gjuKEQD.exe
2⤵
PID:5956

C:\Windows\System\FhyXVbG.exe
C:\Windows\System\FhyXVbG.exe
2⤵
PID:5984

C:\Windows\System\ltSdmRS.exe
C:\Windows\System\ltSdmRS.exe
2⤵
PID:6008

C:\Windows\System\pEZepCN.exe
C:\Windows\System\pEZepCN.exe
2⤵
PID:6036

C:\Windows\System\mRxmEEV.exe
C:\Windows\System\mRxmEEV.exe
2⤵
PID:6064

C:\Windows\System\ADIIoYt.exe
C:\Windows\System\ADIIoYt.exe
2⤵
PID:6092

C:\Windows\System\jbvAnCG.exe
C:\Windows\System\jbvAnCG.exe
2⤵
PID:6124

C:\Windows\System\HQYiNLN.exe
C:\Windows\System\HQYiNLN.exe
2⤵
PID:2024

C:\Windows\System\cZBvmRy.exe
C:\Windows\System\cZBvmRy.exe
2⤵
PID:2100

C:\Windows\System\LneQnPg.exe
C:\Windows\System\LneQnPg.exe
2⤵
PID:4792

C:\Windows\System\eYLVWQo.exe
C:\Windows\System\eYLVWQo.exe
2⤵
PID:4192

C:\Windows\System\maRhBQH.exe
C:\Windows\System\maRhBQH.exe
2⤵
PID:1516

C:\Windows\System\hbTefcu.exe
C:\Windows\System\hbTefcu.exe
2⤵
PID:1112

C:\Windows\System\CYnRGzL.exe
C:\Windows\System\CYnRGzL.exe
2⤵
PID:5156

C:\Windows\System\ZBrFGzs.exe
C:\Windows\System\ZBrFGzs.exe
2⤵
PID:5216

C:\Windows\System\HfYAbkL.exe
C:\Windows\System\HfYAbkL.exe
2⤵
PID:2904

C:\Windows\System\uohGqsL.exe
C:\Windows\System\uohGqsL.exe
2⤵
PID:5336

C:\Windows\System\mgFfkVj.exe
C:\Windows\System\mgFfkVj.exe
2⤵
PID:3956

C:\Windows\System\iJJGcRZ.exe
C:\Windows\System\iJJGcRZ.exe
2⤵
PID:5448

C:\Windows\System\rCcICsd.exe
C:\Windows\System\rCcICsd.exe
2⤵
PID:5504

C:\Windows\System\XGknWXr.exe
C:\Windows\System\XGknWXr.exe
2⤵
PID:5580

C:\Windows\System\RpeSgqU.exe
C:\Windows\System\RpeSgqU.exe
2⤵
PID:5636

C:\Windows\System\zlIPUgB.exe
C:\Windows\System\zlIPUgB.exe
2⤵
PID:5716

C:\Windows\System\ERZQBLh.exe
C:\Windows\System\ERZQBLh.exe
2⤵
PID:5776

C:\Windows\System\JOOgXIE.exe
C:\Windows\System\JOOgXIE.exe
2⤵
PID:5836

C:\Windows\System\UxCXPXj.exe
C:\Windows\System\UxCXPXj.exe
2⤵
PID:5892

C:\Windows\System\wwwmZGf.exe
C:\Windows\System\wwwmZGf.exe
2⤵
PID:5968

C:\Windows\System\BmrcuCD.exe
C:\Windows\System\BmrcuCD.exe
2⤵
PID:6032

C:\Windows\System\qWNpfHd.exe
C:\Windows\System\qWNpfHd.exe
2⤵
PID:6088

C:\Windows\System\dJhusnY.exe
C:\Windows\System\dJhusnY.exe
2⤵
PID:4404

C:\Windows\System\LSFuyRp.exe
C:\Windows\System\LSFuyRp.exe
2⤵
PID:5012

C:\Windows\System\BEQJQkZ.exe
C:\Windows\System\BEQJQkZ.exe
2⤵
PID:5132

C:\Windows\System\LFEnNXs.exe
C:\Windows\System\LFEnNXs.exe
2⤵
PID:5244

C:\Windows\System\FXDLUmN.exe
C:\Windows\System\FXDLUmN.exe
2⤵
PID:3316

C:\Windows\System\yXHTTuJ.exe
C:\Windows\System\yXHTTuJ.exe
2⤵
PID:5484

C:\Windows\System\GvHytMf.exe
C:\Windows\System\GvHytMf.exe
2⤵
PID:5668

C:\Windows\System\GRTaxQy.exe
C:\Windows\System\GRTaxQy.exe
2⤵
PID:5808

C:\Windows\System\eRMuuQl.exe
C:\Windows\System\eRMuuQl.exe
2⤵
PID:5952

C:\Windows\System\CsGgADj.exe
C:\Windows\System\CsGgADj.exe
2⤵
PID:6084

C:\Windows\System\dgkAqWj.exe
C:\Windows\System\dgkAqWj.exe
2⤵
PID:4660

C:\Windows\System\IGirXrN.exe
C:\Windows\System\IGirXrN.exe
2⤵
PID:5188

C:\Windows\System\WHkEKbN.exe
C:\Windows\System\WHkEKbN.exe
2⤵
PID:6152

C:\Windows\System\fYTvkQQ.exe
C:\Windows\System\fYTvkQQ.exe
2⤵
PID:6180

C:\Windows\System\PcjIzcQ.exe
C:\Windows\System\PcjIzcQ.exe
2⤵
PID:6208

C:\Windows\System\hOJNwSu.exe
C:\Windows\System\hOJNwSu.exe
2⤵
PID:6240

C:\Windows\System\ZLhWTCA.exe
C:\Windows\System\ZLhWTCA.exe
2⤵
PID:6268

C:\Windows\System\SZfbjHi.exe
C:\Windows\System\SZfbjHi.exe
2⤵
PID:6300

C:\Windows\System\mbTIeRV.exe
C:\Windows\System\mbTIeRV.exe
2⤵
PID:6324

C:\Windows\System\XfOPPfO.exe
C:\Windows\System\XfOPPfO.exe
2⤵
PID:6352

C:\Windows\System\LRabugE.exe
C:\Windows\System\LRabugE.exe
2⤵
PID:6380

C:\Windows\System\riddKtq.exe
C:\Windows\System\riddKtq.exe
2⤵
PID:6404

C:\Windows\System\VGTcFow.exe
C:\Windows\System\VGTcFow.exe
2⤵
PID:6436

C:\Windows\System\vlDLcGG.exe
C:\Windows\System\vlDLcGG.exe
2⤵
PID:6464

C:\Windows\System\dOzrRCF.exe
C:\Windows\System\dOzrRCF.exe
2⤵
PID:6492

C:\Windows\System\ubzklsd.exe
C:\Windows\System\ubzklsd.exe
2⤵
PID:6516

C:\Windows\System\NWFdxQX.exe
C:\Windows\System\NWFdxQX.exe
2⤵
PID:6556

C:\Windows\System\MfaHcFm.exe
C:\Windows\System\MfaHcFm.exe
2⤵
PID:6576

C:\Windows\System\uaAyuoQ.exe
C:\Windows\System\uaAyuoQ.exe
2⤵
PID:6604

C:\Windows\System\lAByczJ.exe
C:\Windows\System\lAByczJ.exe
2⤵
PID:6640

C:\Windows\System\iDJEyGk.exe
C:\Windows\System\iDJEyGk.exe
2⤵
PID:6660

C:\Windows\System\YBPFpAA.exe
C:\Windows\System\YBPFpAA.exe
2⤵
PID:6688

C:\Windows\System\cZjjSux.exe
C:\Windows\System\cZjjSux.exe
2⤵
PID:6716

C:\Windows\System\pzHQVXf.exe
C:\Windows\System\pzHQVXf.exe
2⤵
PID:6744

C:\Windows\System\ZBhTISc.exe
C:\Windows\System\ZBhTISc.exe
2⤵
PID:6772

C:\Windows\System\fhwIebC.exe
C:\Windows\System\fhwIebC.exe
2⤵
PID:6800

C:\Windows\System\RHpxiJD.exe
C:\Windows\System\RHpxiJD.exe
2⤵
PID:6824

C:\Windows\System\aWoGGpH.exe
C:\Windows\System\aWoGGpH.exe
2⤵
PID:6856

C:\Windows\System\kbKJJHx.exe
C:\Windows\System\kbKJJHx.exe
2⤵
PID:6884

C:\Windows\System\SEmQFLA.exe
C:\Windows\System\SEmQFLA.exe
2⤵
PID:6912

C:\Windows\System\tXoEKpg.exe
C:\Windows\System\tXoEKpg.exe
2⤵
PID:6940

C:\Windows\System\DjUhhbJ.exe
C:\Windows\System\DjUhhbJ.exe
2⤵
PID:6968

C:\Windows\System\LdwWRLv.exe
C:\Windows\System\LdwWRLv.exe
2⤵
PID:6996

C:\Windows\System\PSeemAK.exe
C:\Windows\System\PSeemAK.exe
2⤵
PID:7024

C:\Windows\System\SmMDZfL.exe
C:\Windows\System\SmMDZfL.exe
2⤵
PID:7052

C:\Windows\System\Hohhjqu.exe
C:\Windows\System\Hohhjqu.exe
2⤵
PID:7080

C:\Windows\System\bqalcaV.exe
C:\Windows\System\bqalcaV.exe
2⤵
PID:7116

C:\Windows\System\CKpkuIq.exe
C:\Windows\System\CKpkuIq.exe
2⤵
PID:7144

C:\Windows\System\lQYjXuW.exe
C:\Windows\System\lQYjXuW.exe
2⤵
PID:7164

C:\Windows\System\IZYordM.exe
C:\Windows\System\IZYordM.exe
2⤵
PID:5556

C:\Windows\System\cgtPeMF.exe
C:\Windows\System\cgtPeMF.exe
2⤵
PID:5752

C:\Windows\System\nxXXWjz.exe
C:\Windows\System\nxXXWjz.exe
2⤵
PID:6140

C:\Windows\System\jFdoRHH.exe
C:\Windows\System\jFdoRHH.exe
2⤵
PID:3864

C:\Windows\System\ljqHFJE.exe
C:\Windows\System\ljqHFJE.exe
2⤵
PID:2852

C:\Windows\System\qBVxBKz.exe
C:\Windows\System\qBVxBKz.exe
2⤵
PID:6232

C:\Windows\System\axHEcPP.exe
C:\Windows\System\axHEcPP.exe
2⤵
PID:6284

C:\Windows\System\jtoWRxT.exe
C:\Windows\System\jtoWRxT.exe
2⤵
PID:6344

C:\Windows\System\lCGFRoM.exe
C:\Windows\System\lCGFRoM.exe
2⤵
PID:6400

C:\Windows\System\vDjAuRA.exe
C:\Windows\System\vDjAuRA.exe
2⤵
PID:6452

C:\Windows\System\sHnStjk.exe
C:\Windows\System\sHnStjk.exe
2⤵
PID:6512

C:\Windows\System\elrOCoo.exe
C:\Windows\System\elrOCoo.exe
2⤵
PID:6588

C:\Windows\System\WmEkLAR.exe
C:\Windows\System\WmEkLAR.exe
2⤵
PID:6624

C:\Windows\System\UJyGCMS.exe
C:\Windows\System\UJyGCMS.exe
2⤵
PID:6708

C:\Windows\System\vLGLBpv.exe
C:\Windows\System\vLGLBpv.exe
2⤵
PID:6764

C:\Windows\System\SQlKKkA.exe
C:\Windows\System\SQlKKkA.exe
2⤵
PID:4608

C:\Windows\System\jGXAibn.exe
C:\Windows\System\jGXAibn.exe
2⤵
PID:6872

C:\Windows\System\NZzKvos.exe
C:\Windows\System\NZzKvos.exe
2⤵
PID:6904

C:\Windows\System\CXfbMPd.exe
C:\Windows\System\CXfbMPd.exe
2⤵
PID:6960

C:\Windows\System\epfwLDI.exe
C:\Windows\System\epfwLDI.exe
2⤵
PID:7036

C:\Windows\System\dXcuzpc.exe
C:\Windows\System\dXcuzpc.exe
2⤵
PID:7092

C:\Windows\System\sUGIsMS.exe
C:\Windows\System\sUGIsMS.exe
2⤵
PID:7140

C:\Windows\System\ZjjoWLm.exe
C:\Windows\System\ZjjoWLm.exe
2⤵
PID:5612

C:\Windows\System\zEJUAjW.exe
C:\Windows\System\zEJUAjW.exe
2⤵
PID:4752

C:\Windows\System\rMAIOeg.exe
C:\Windows\System\rMAIOeg.exe
2⤵
PID:6176

C:\Windows\System\UATZrKG.exe
C:\Windows\System\UATZrKG.exe
2⤵
PID:3680

C:\Windows\System\ylCjmkF.exe
C:\Windows\System\ylCjmkF.exe
2⤵
PID:6392

C:\Windows\System\glqFcbh.exe
C:\Windows\System\glqFcbh.exe
2⤵
PID:6448

C:\Windows\System\FwKecgR.exe
C:\Windows\System\FwKecgR.exe
2⤵
PID:4460

C:\Windows\System\HnMObnw.exe
C:\Windows\System\HnMObnw.exe
2⤵
PID:4524

C:\Windows\System\zbcORwg.exe
C:\Windows\System\zbcORwg.exe
2⤵
PID:2432

C:\Windows\System\yypojzj.exe
C:\Windows\System\yypojzj.exe
2⤵
PID:6792

C:\Windows\System\AaTtMcx.exe
C:\Windows\System\AaTtMcx.exe
2⤵
PID:4444

C:\Windows\System\dRhWHXz.exe
C:\Windows\System\dRhWHXz.exe
2⤵
PID:6956

C:\Windows\System\sbQpALc.exe
C:\Windows\System\sbQpALc.exe
2⤵
PID:5480

C:\Windows\System\SecTVwc.exe
C:\Windows\System\SecTVwc.exe
2⤵
PID:2404

C:\Windows\System\prlUTlW.exe
C:\Windows\System\prlUTlW.exe
2⤵
PID:6672

C:\Windows\System\WfLaagF.exe
C:\Windows\System\WfLaagF.exe
2⤵
PID:6844

C:\Windows\System\EDSCTxD.exe
C:\Windows\System\EDSCTxD.exe
2⤵
PID:3980

C:\Windows\System\nuKZLWK.exe
C:\Windows\System\nuKZLWK.exe
2⤵
PID:4972

C:\Windows\System\soVMbsF.exe
C:\Windows\System\soVMbsF.exe
2⤵
PID:3776

C:\Windows\System\yLLFPhC.exe
C:\Windows\System\yLLFPhC.exe
2⤵
PID:6424

C:\Windows\System\uVmpmzF.exe
C:\Windows\System\uVmpmzF.exe
2⤵
PID:4680

C:\Windows\System\vpFyVlt.exe
C:\Windows\System\vpFyVlt.exe
2⤵
PID:4432

C:\Windows\System\oTHwoLF.exe
C:\Windows\System\oTHwoLF.exe
2⤵
PID:4820

C:\Windows\System\NFCxrYJ.exe
C:\Windows\System\NFCxrYJ.exe
2⤵
PID:3960

C:\Windows\System\uHGLIIF.exe
C:\Windows\System\uHGLIIF.exe
2⤵
PID:884

C:\Windows\System\HOJuHyU.exe
C:\Windows\System\HOJuHyU.exe
2⤵
PID:2356

C:\Windows\System\DgjOErR.exe
C:\Windows\System\DgjOErR.exe
2⤵
PID:7184

C:\Windows\System\tetztwe.exe
C:\Windows\System\tetztwe.exe
2⤵
PID:7212

C:\Windows\System\yWUXbQE.exe
C:\Windows\System\yWUXbQE.exe
2⤵
PID:7240

C:\Windows\System\niaRrDd.exe
C:\Windows\System\niaRrDd.exe
2⤵
PID:7268

C:\Windows\System\xpVzGsK.exe
C:\Windows\System\xpVzGsK.exe
2⤵
PID:7300

C:\Windows\System\gmkMTiT.exe
C:\Windows\System\gmkMTiT.exe
2⤵
PID:7324

C:\Windows\System\kIZPPmM.exe
C:\Windows\System\kIZPPmM.exe
2⤵
PID:7344

C:\Windows\System\VeWUtsL.exe
C:\Windows\System\VeWUtsL.exe
2⤵
PID:7376

C:\Windows\System\IPNHUfc.exe
C:\Windows\System\IPNHUfc.exe
2⤵
PID:7404

C:\Windows\System\dEqoGjS.exe
C:\Windows\System\dEqoGjS.exe
2⤵
PID:7440

C:\Windows\System\DetNYoe.exe
C:\Windows\System\DetNYoe.exe
2⤵
PID:7464

C:\Windows\System\MvBBvrj.exe
C:\Windows\System\MvBBvrj.exe
2⤵
PID:7484

C:\Windows\System\eFCTJAB.exe
C:\Windows\System\eFCTJAB.exe
2⤵
PID:7516

C:\Windows\System\ExviMJB.exe
C:\Windows\System\ExviMJB.exe
2⤵
PID:7540

C:\Windows\System\lzBoSIf.exe
C:\Windows\System\lzBoSIf.exe
2⤵
PID:7580

C:\Windows\System\AhSySqI.exe
C:\Windows\System\AhSySqI.exe
2⤵
PID:7596

C:\Windows\System\ctbHPsa.exe
C:\Windows\System\ctbHPsa.exe
2⤵
PID:7616

C:\Windows\System\waxABYZ.exe
C:\Windows\System\waxABYZ.exe
2⤵
PID:7632

C:\Windows\System\eRiXcbH.exe
C:\Windows\System\eRiXcbH.exe
2⤵
PID:7648

C:\Windows\System\DYpPjJJ.exe
C:\Windows\System\DYpPjJJ.exe
2⤵
PID:7668

C:\Windows\System\OuFLFFE.exe
C:\Windows\System\OuFLFFE.exe
2⤵
PID:7688

C:\Windows\System\SMAEhWc.exe
C:\Windows\System\SMAEhWc.exe
2⤵
PID:7760

C:\Windows\System\iyhMTeV.exe
C:\Windows\System\iyhMTeV.exe
2⤵
PID:7788

C:\Windows\System\sxPGwZR.exe
C:\Windows\System\sxPGwZR.exe
2⤵
PID:7808

C:\Windows\System\fKRCUgW.exe
C:\Windows\System\fKRCUgW.exe
2⤵
PID:7824

C:\Windows\System\rqoScyd.exe
C:\Windows\System\rqoScyd.exe
2⤵
PID:7840

C:\Windows\System\MImQSoG.exe
C:\Windows\System\MImQSoG.exe
2⤵
PID:7888

C:\Windows\System\GmDHpoV.exe
C:\Windows\System\GmDHpoV.exe
2⤵
PID:7932

C:\Windows\System\DHLBMGg.exe
C:\Windows\System\DHLBMGg.exe
2⤵
PID:7948

C:\Windows\System\cTbtMPd.exe
C:\Windows\System\cTbtMPd.exe
2⤵
PID:7964

C:\Windows\System\CSfoerq.exe
C:\Windows\System\CSfoerq.exe
2⤵
PID:7992

C:\Windows\System\zeJFVXP.exe
C:\Windows\System\zeJFVXP.exe
2⤵
PID:8032

C:\Windows\System\OZeWAfh.exe
C:\Windows\System\OZeWAfh.exe
2⤵
PID:8060

C:\Windows\System\yvYODTk.exe
C:\Windows\System\yvYODTk.exe
2⤵
PID:8112

C:\Windows\System\RcIEuwA.exe
C:\Windows\System\RcIEuwA.exe
2⤵
PID:8128

C:\Windows\System\pFCQSSE.exe
C:\Windows\System\pFCQSSE.exe
2⤵
PID:8144

C:\Windows\System\PcRQzAj.exe
C:\Windows\System\PcRQzAj.exe
2⤵
PID:8172

C:\Windows\System\lFzceyQ.exe
C:\Windows\System\lFzceyQ.exe
2⤵
PID:7196

C:\Windows\System\uKCdXdX.exe
C:\Windows\System\uKCdXdX.exe
2⤵
PID:7292

C:\Windows\System\wLAGVCe.exe
C:\Windows\System\wLAGVCe.exe
2⤵
PID:7356

C:\Windows\System\QwanzSU.exe
C:\Windows\System\QwanzSU.exe
2⤵
PID:7432

C:\Windows\System\hyBMfex.exe
C:\Windows\System\hyBMfex.exe
2⤵
PID:7496

C:\Windows\System\LbvGHLJ.exe
C:\Windows\System\LbvGHLJ.exe
2⤵
PID:7532

C:\Windows\System\lxPImLi.exe
C:\Windows\System\lxPImLi.exe
2⤵
PID:7592

C:\Windows\System\dSpUzEe.exe
C:\Windows\System\dSpUzEe.exe
2⤵
PID:7612

C:\Windows\System\YDOZYQK.exe
C:\Windows\System\YDOZYQK.exe
2⤵
PID:7776

C:\Windows\System\zVmafKX.exe
C:\Windows\System\zVmafKX.exe
2⤵
PID:7772

C:\Windows\System\fQtYpTN.exe
C:\Windows\System\fQtYpTN.exe
2⤵
PID:7864

C:\Windows\System\ScwIOGT.exe
C:\Windows\System\ScwIOGT.exe
2⤵
PID:7928

C:\Windows\System\aULXxZd.exe
C:\Windows\System\aULXxZd.exe
2⤵
PID:7944

C:\Windows\System\XDsljEp.exe
C:\Windows\System\XDsljEp.exe
2⤵
PID:7980

C:\Windows\System\TGxKpbg.exe
C:\Windows\System\TGxKpbg.exe
2⤵
PID:8124

C:\Windows\System\xkYdQxe.exe
C:\Windows\System\xkYdQxe.exe
2⤵
PID:7176

C:\Windows\System\QQkgmXq.exe
C:\Windows\System\QQkgmXq.exe
2⤵
PID:7280

C:\Windows\System\YywipVV.exe
C:\Windows\System\YywipVV.exe
2⤵
PID:7396

C:\Windows\System\IWmkbDu.exe
C:\Windows\System\IWmkbDu.exe
2⤵
PID:7568

C:\Windows\System\eVUgglF.exe
C:\Windows\System\eVUgglF.exe
2⤵
PID:7684

C:\Windows\System\qpbBwGr.exe
C:\Windows\System\qpbBwGr.exe
2⤵
PID:7912

C:\Windows\System\nkPwSyT.exe
C:\Windows\System\nkPwSyT.exe
2⤵
PID:8000

C:\Windows\System\KlMJEiI.exe
C:\Windows\System\KlMJEiI.exe
2⤵
PID:8156

C:\Windows\System\mZkEbfD.exe
C:\Windows\System\mZkEbfD.exe
2⤵
PID:7536

C:\Windows\System\BrvCqQm.exe
C:\Windows\System\BrvCqQm.exe
2⤵
PID:7756

C:\Windows\System\WDAzUEu.exe
C:\Windows\System\WDAzUEu.exe
2⤵
PID:7392

C:\Windows\System\KqMHpwv.exe
C:\Windows\System\KqMHpwv.exe
2⤵
PID:7696

C:\Windows\System\lZEwFuC.exe
C:\Windows\System\lZEwFuC.exe
2⤵
PID:8212

C:\Windows\System\jZMzHWN.exe
C:\Windows\System\jZMzHWN.exe
2⤵
PID:8228

C:\Windows\System\BUFaSzV.exe
C:\Windows\System\BUFaSzV.exe
2⤵
PID:8268

C:\Windows\System\DfrFAhv.exe
C:\Windows\System\DfrFAhv.exe
2⤵
PID:8296

C:\Windows\System\pxQGWLv.exe
C:\Windows\System\pxQGWLv.exe
2⤵
PID:8324

C:\Windows\System\vtnQkjY.exe
C:\Windows\System\vtnQkjY.exe
2⤵
PID:8352

C:\Windows\System\hegOQYm.exe
C:\Windows\System\hegOQYm.exe
2⤵
PID:8380

C:\Windows\System\CVlArJJ.exe
C:\Windows\System\CVlArJJ.exe
2⤵
PID:8396

C:\Windows\System\licNmEh.exe
C:\Windows\System\licNmEh.exe
2⤵
PID:8436

C:\Windows\System\pBTdOzL.exe
C:\Windows\System\pBTdOzL.exe
2⤵
PID:8464

C:\Windows\System\mDMNwyh.exe
C:\Windows\System\mDMNwyh.exe
2⤵
PID:8492

C:\Windows\System\USeWNSh.exe
C:\Windows\System\USeWNSh.exe
2⤵
PID:8520

C:\Windows\System\PfPkLpx.exe
C:\Windows\System\PfPkLpx.exe
2⤵
PID:8548

C:\Windows\System\hEeUTqN.exe
C:\Windows\System\hEeUTqN.exe
2⤵
PID:8576

C:\Windows\System\fOlvRAt.exe
C:\Windows\System\fOlvRAt.exe
2⤵
PID:8600

C:\Windows\System\XBCxXUh.exe
C:\Windows\System\XBCxXUh.exe
2⤵
PID:8636

C:\Windows\System\EfiqRhE.exe
C:\Windows\System\EfiqRhE.exe
2⤵
PID:8664

C:\Windows\System\uLwMJDP.exe
C:\Windows\System\uLwMJDP.exe
2⤵
PID:8688

C:\Windows\System\YFqtINy.exe
C:\Windows\System\YFqtINy.exe
2⤵
PID:8708

C:\Windows\System\hEPtcjo.exe
C:\Windows\System\hEPtcjo.exe
2⤵
PID:8748

C:\Windows\System\FqEZqNZ.exe
C:\Windows\System\FqEZqNZ.exe
2⤵
PID:8796

C:\Windows\System\tjzzgjF.exe
C:\Windows\System\tjzzgjF.exe
2⤵
PID:8812

C:\Windows\System\NQbKddE.exe
C:\Windows\System\NQbKddE.exe
2⤵
PID:8836

C:\Windows\System\exrDOHX.exe
C:\Windows\System\exrDOHX.exe
2⤵
PID:8868

C:\Windows\System\dHZFmvr.exe
C:\Windows\System\dHZFmvr.exe
2⤵
PID:8900

C:\Windows\System\WfYqpme.exe
C:\Windows\System\WfYqpme.exe
2⤵
PID:8928

C:\Windows\System\XApshyc.exe
C:\Windows\System\XApshyc.exe
2⤵
PID:8960

C:\Windows\System\llSHsVU.exe
C:\Windows\System\llSHsVU.exe
2⤵
PID:8976

C:\Windows\System\OxpZaDh.exe
C:\Windows\System\OxpZaDh.exe
2⤵
PID:9012

C:\Windows\System\kZBZNvb.exe
C:\Windows\System\kZBZNvb.exe
2⤵
PID:9044

C:\Windows\System\eGqEEgy.exe
C:\Windows\System\eGqEEgy.exe
2⤵
PID:9068

C:\Windows\System\Uojunwh.exe
C:\Windows\System\Uojunwh.exe
2⤵
PID:9096

C:\Windows\System\SoyQEsF.exe
C:\Windows\System\SoyQEsF.exe
2⤵
PID:9136

C:\Windows\System\tmZlyfN.exe
C:\Windows\System\tmZlyfN.exe
2⤵
PID:9160

C:\Windows\System\spRpqjr.exe
C:\Windows\System\spRpqjr.exe
2⤵
PID:9184

C:\Windows\System\ijgzSGq.exe
C:\Windows\System\ijgzSGq.exe
2⤵
PID:9200

C:\Windows\System\LfsILXU.exe
C:\Windows\System\LfsILXU.exe
2⤵
PID:8204

C:\Windows\System\zitwVWI.exe
C:\Windows\System\zitwVWI.exe
2⤵
PID:8280

C:\Windows\System\piAtFnZ.exe
C:\Windows\System\piAtFnZ.exe
2⤵
PID:8348

C:\Windows\System\RezZfQC.exe
C:\Windows\System\RezZfQC.exe
2⤵
PID:8388

C:\Windows\System\pvZsaAn.exe
C:\Windows\System\pvZsaAn.exe
2⤵
PID:8460

C:\Windows\System\MeuvMam.exe
C:\Windows\System\MeuvMam.exe
2⤵
PID:8532

C:\Windows\System\cJBDWYX.exe
C:\Windows\System\cJBDWYX.exe
2⤵
PID:8564

C:\Windows\System\ICnWUuk.exe
C:\Windows\System\ICnWUuk.exe
2⤵
PID:8672

C:\Windows\System\ohTcHnB.exe
C:\Windows\System\ohTcHnB.exe
2⤵
PID:2228

C:\Windows\System\tpGhwiY.exe
C:\Windows\System\tpGhwiY.exe
2⤵
PID:3692

C:\Windows\System\hIHwFjj.exe
C:\Windows\System\hIHwFjj.exe
2⤵
PID:8808

C:\Windows\System\YKrvRAB.exe
C:\Windows\System\YKrvRAB.exe
2⤵
PID:8884

C:\Windows\System\DoOIraB.exe
C:\Windows\System\DoOIraB.exe
2⤵
PID:8916

C:\Windows\System\EhgammF.exe
C:\Windows\System\EhgammF.exe
2⤵
PID:8988

C:\Windows\System\NXtsQaK.exe
C:\Windows\System\NXtsQaK.exe
2⤵
PID:9060

C:\Windows\System\tThggfK.exe
C:\Windows\System\tThggfK.exe
2⤵
PID:9092

C:\Windows\System\jIyhppU.exe
C:\Windows\System\jIyhppU.exe
2⤵
PID:9196

C:\Windows\System\iVSvwnB.exe
C:\Windows\System\iVSvwnB.exe
2⤵
PID:8392

C:\Windows\System\yTpOLMt.exe
C:\Windows\System\yTpOLMt.exe
2⤵
PID:8452

C:\Windows\System\qSyHxaZ.exe
C:\Windows\System\qSyHxaZ.exe
2⤵
PID:8652

C:\Windows\System\IkpVipM.exe
C:\Windows\System\IkpVipM.exe
2⤵
PID:2208

C:\Windows\System\opnLWfC.exe
C:\Windows\System\opnLWfC.exe
2⤵
PID:748

C:\Windows\System\AWZbDTI.exe
C:\Windows\System\AWZbDTI.exe
2⤵
PID:8968

C:\Windows\System\fyjSLmj.exe
C:\Windows\System\fyjSLmj.exe
2⤵
PID:9120

C:\Windows\System\KMLjjea.exe
C:\Windows\System\KMLjjea.exe
2⤵
PID:8308

C:\Windows\System\FRhJAFl.exe
C:\Windows\System\FRhJAFl.exe
2⤵
PID:8676

C:\Windows\System\MMBervV.exe
C:\Windows\System\MMBervV.exe
2⤵
PID:8864

C:\Windows\System\CFosmvQ.exe
C:\Windows\System\CFosmvQ.exe
2⤵
PID:8588

C:\Windows\System\fannRGi.exe
C:\Windows\System\fannRGi.exe
2⤵
PID:8544

C:\Windows\System\AhTtQzx.exe
C:\Windows\System\AhTtQzx.exe
2⤵
PID:9232

C:\Windows\System\ZwkSiPu.exe
C:\Windows\System\ZwkSiPu.exe
2⤵
PID:9272

C:\Windows\System\BJLPaan.exe
C:\Windows\System\BJLPaan.exe
2⤵
PID:9300

C:\Windows\System\UrjPeJk.exe
C:\Windows\System\UrjPeJk.exe
2⤵
PID:9328

C:\Windows\System\jzwoWVl.exe
C:\Windows\System\jzwoWVl.exe
2⤵
PID:9344

C:\Windows\System\DuaDKaU.exe
C:\Windows\System\DuaDKaU.exe
2⤵
PID:9376

C:\Windows\System\HrZNbbp.exe
C:\Windows\System\HrZNbbp.exe
2⤵
PID:9412

C:\Windows\System\ThcYOmu.exe
C:\Windows\System\ThcYOmu.exe
2⤵
PID:9452

C:\Windows\System\PDkVXWw.exe
C:\Windows\System\PDkVXWw.exe
2⤵
PID:9480

C:\Windows\System\abtqyBb.exe
C:\Windows\System\abtqyBb.exe
2⤵
PID:9496

C:\Windows\System\BOZpbFA.exe
C:\Windows\System\BOZpbFA.exe
2⤵
PID:9524

C:\Windows\System\LsXoIOO.exe
C:\Windows\System\LsXoIOO.exe
2⤵
PID:9556

C:\Windows\System\ejiKARZ.exe
C:\Windows\System\ejiKARZ.exe
2⤵
PID:9580

C:\Windows\System\iTsJtbY.exe
C:\Windows\System\iTsJtbY.exe
2⤵
PID:9608

C:\Windows\System\ikShicS.exe
C:\Windows\System\ikShicS.exe
2⤵
PID:9640

C:\Windows\System\ceHepEd.exe
C:\Windows\System\ceHepEd.exe
2⤵
PID:9664

C:\Windows\System\aIWjoON.exe
C:\Windows\System\aIWjoON.exe
2⤵
PID:9700

C:\Windows\System\OlMzzIk.exe
C:\Windows\System\OlMzzIk.exe
2⤵
PID:9732

C:\Windows\System\tKBmJYM.exe
C:\Windows\System\tKBmJYM.exe
2⤵
PID:9760

C:\Windows\System\LJuLzgQ.exe
C:\Windows\System\LJuLzgQ.exe
2⤵
PID:9784

C:\Windows\System\JpYCBGM.exe
C:\Windows\System\JpYCBGM.exe
2⤵
PID:9816

C:\Windows\System\qUfWgsw.exe
C:\Windows\System\qUfWgsw.exe
2⤵
PID:9832

C:\Windows\System\QNocNvv.exe
C:\Windows\System\QNocNvv.exe
2⤵
PID:9864

C:\Windows\System\QKyUxDo.exe
C:\Windows\System\QKyUxDo.exe
2⤵
PID:9888

C:\Windows\System\bqYqfjl.exe
C:\Windows\System\bqYqfjl.exe
2⤵
PID:9916

C:\Windows\System\LASnqqJ.exe
C:\Windows\System\LASnqqJ.exe
2⤵
PID:9956

C:\Windows\System\FJwWwAQ.exe
C:\Windows\System\FJwWwAQ.exe
2⤵
PID:9972

C:\Windows\System\bBfvYYq.exe
C:\Windows\System\bBfvYYq.exe
2⤵
PID:10000

C:\Windows\System\wGgJTdY.exe
C:\Windows\System\wGgJTdY.exe
2⤵
PID:10028

C:\Windows\System\VUFqShv.exe
C:\Windows\System\VUFqShv.exe
2⤵
PID:10048

C:\Windows\System\ySdHXKm.exe
C:\Windows\System\ySdHXKm.exe
2⤵
PID:10084

C:\Windows\System\qafsnDx.exe
C:\Windows\System\qafsnDx.exe
2⤵
PID:10116

C:\Windows\System\PnBWJiw.exe
C:\Windows\System\PnBWJiw.exe
2⤵
PID:10152

C:\Windows\System\TWEIQYd.exe
C:\Windows\System\TWEIQYd.exe
2⤵
PID:10180

C:\Windows\System\ximYdxw.exe
C:\Windows\System\ximYdxw.exe
2⤵
PID:10196

C:\Windows\System\dkHXnJK.exe
C:\Windows\System\dkHXnJK.exe
2⤵
PID:10236

C:\Windows\System\lOkFWLF.exe
C:\Windows\System\lOkFWLF.exe
2⤵
PID:840

C:\Windows\System\eNybudc.exe
C:\Windows\System\eNybudc.exe
2⤵
PID:9292

C:\Windows\System\SMcBQjA.exe
C:\Windows\System\SMcBQjA.exe
2⤵
PID:9360

C:\Windows\System\ixpxDXR.exe
C:\Windows\System\ixpxDXR.exe
2⤵
PID:9396

C:\Windows\System\SzSDVFs.exe
C:\Windows\System\SzSDVFs.exe
2⤵
PID:9488

C:\Windows\System\GHMcUOU.exe
C:\Windows\System\GHMcUOU.exe
2⤵
PID:9544

C:\Windows\System\RFyWacg.exe
C:\Windows\System\RFyWacg.exe
2⤵
PID:9636

C:\Windows\System\IOxzHmM.exe
C:\Windows\System\IOxzHmM.exe
2⤵
PID:9688

C:\Windows\System\akqaqlg.exe
C:\Windows\System\akqaqlg.exe
2⤵
PID:9744

C:\Windows\System\ZysRWsZ.exe
C:\Windows\System\ZysRWsZ.exe
2⤵
PID:9808

C:\Windows\System\pgWQjaZ.exe
C:\Windows\System\pgWQjaZ.exe
2⤵
PID:9876

C:\Windows\System\CVdZCnB.exe
C:\Windows\System\CVdZCnB.exe
2⤵
PID:9912

C:\Windows\System\xEkkvDK.exe
C:\Windows\System\xEkkvDK.exe
2⤵
PID:9988

C:\Windows\System\DTXhorK.exe
C:\Windows\System\DTXhorK.exe
2⤵
PID:10056

C:\Windows\System\CSYAMqk.exe
C:\Windows\System\CSYAMqk.exe
2⤵
PID:10096

C:\Windows\System\oJjLOAL.exe
C:\Windows\System\oJjLOAL.exe
2⤵
PID:10192

C:\Windows\System\nZJXUwI.exe
C:\Windows\System\nZJXUwI.exe
2⤵
PID:9284

C:\Windows\System\dyhoKvp.exe
C:\Windows\System\dyhoKvp.exe
2⤵
PID:9388

C:\Windows\System\sdsCBaX.exe
C:\Windows\System\sdsCBaX.exe
2⤵
PID:9516

C:\Windows\System\PYLGvpm.exe
C:\Windows\System\PYLGvpm.exe
2⤵
PID:9748

C:\Windows\System\QjeDonR.exe
C:\Windows\System\QjeDonR.exe
2⤵
PID:9776

C:\Windows\System\KEpIfWt.exe
C:\Windows\System\KEpIfWt.exe
2⤵
PID:9944

C:\Windows\System\qxpuupg.exe
C:\Windows\System\qxpuupg.exe
2⤵
PID:10112

C:\Windows\System\kUmsHpm.exe
C:\Windows\System\kUmsHpm.exe
2⤵
PID:9320

C:\Windows\System\hOJrbAn.exe
C:\Windows\System\hOJrbAn.exe
2⤵
PID:9424

C:\Windows\System\HSOgjKB.exe
C:\Windows\System\HSOgjKB.exe
2⤵
PID:9780

C:\Windows\System\xRGFZUJ.exe
C:\Windows\System\xRGFZUJ.exe
2⤵
PID:10140

C:\Windows\System\tKyffIF.exe
C:\Windows\System\tKyffIF.exe
2⤵
PID:9248

C:\Windows\System\ajBpWQm.exe
C:\Windows\System\ajBpWQm.exe
2⤵
PID:10256

C:\Windows\System\IlrvhId.exe
C:\Windows\System\IlrvhId.exe
2⤵
PID:10316

C:\Windows\System\yaGwPzI.exe
C:\Windows\System\yaGwPzI.exe
2⤵
PID:10344

C:\Windows\System\NGCTKfC.exe
C:\Windows\System\NGCTKfC.exe
2⤵
PID:10360

C:\Windows\System\rBhVmlc.exe
C:\Windows\System\rBhVmlc.exe
2⤵
PID:10380

C:\Windows\System\jHbyPYc.exe
C:\Windows\System\jHbyPYc.exe
2⤵
PID:10416

C:\Windows\System\khzfszF.exe
C:\Windows\System\khzfszF.exe
2⤵
PID:10432

C:\Windows\System\YEBLoXK.exe
C:\Windows\System\YEBLoXK.exe
2⤵
PID:10460

C:\Windows\System\UHALsty.exe
C:\Windows\System\UHALsty.exe
2⤵
PID:10492

C:\Windows\System\pCrcHuY.exe
C:\Windows\System\pCrcHuY.exe
2⤵
PID:10528

C:\Windows\System\RXkKeAk.exe
C:\Windows\System\RXkKeAk.exe
2⤵
PID:10568

C:\Windows\System\YpNiObE.exe
C:\Windows\System\YpNiObE.exe
2⤵
PID:10584

C:\Windows\System\zhzxLiP.exe
C:\Windows\System\zhzxLiP.exe
2⤵
PID:10624

C:\Windows\System\bVmddGk.exe
C:\Windows\System\bVmddGk.exe
2⤵
PID:10652

C:\Windows\System\xAcaMdh.exe
C:\Windows\System\xAcaMdh.exe
2⤵
PID:10680

C:\Windows\System\IMNvHYF.exe
C:\Windows\System\IMNvHYF.exe
2⤵
PID:10708

C:\Windows\System\oMMYkVQ.exe
C:\Windows\System\oMMYkVQ.exe
2⤵
PID:10736

C:\Windows\System\cEWyHti.exe
C:\Windows\System\cEWyHti.exe
2⤵
PID:10764

C:\Windows\System\XuOVjcu.exe
C:\Windows\System\XuOVjcu.exe
2⤵
PID:10780

C:\Windows\System\ywXKYDH.exe
C:\Windows\System\ywXKYDH.exe
2⤵
PID:10804

C:\Windows\System\dLpaoia.exe
C:\Windows\System\dLpaoia.exe
2⤵
PID:10836

C:\Windows\System\FqPKCzN.exe
C:\Windows\System\FqPKCzN.exe
2⤵
PID:10864

C:\Windows\System\TYfCisr.exe
C:\Windows\System\TYfCisr.exe
2⤵
PID:10892

C:\Windows\System\iKETjgD.exe
C:\Windows\System\iKETjgD.exe
2⤵
PID:10920

C:\Windows\System\aSGcZjF.exe
C:\Windows\System\aSGcZjF.exe
2⤵
PID:10960

C:\Windows\System\agkAZXt.exe
C:\Windows\System\agkAZXt.exe
2⤵
PID:10988

C:\Windows\System\XjpLDMm.exe
C:\Windows\System\XjpLDMm.exe
2⤵
PID:11016

C:\Windows\System\uCbEyph.exe
C:\Windows\System\uCbEyph.exe
2⤵
PID:11032

C:\Windows\System\YEcWEtE.exe
C:\Windows\System\YEcWEtE.exe
2⤵
PID:11060

C:\Windows\System\ejXrsaS.exe
C:\Windows\System\ejXrsaS.exe
2⤵
PID:11084

C:\Windows\System\LDNhZli.exe
C:\Windows\System\LDNhZli.exe
2⤵
PID:11108

C:\Windows\System\DllssMf.exe
C:\Windows\System\DllssMf.exe
2⤵
PID:11132

C:\Windows\System\WyhSJkw.exe
C:\Windows\System\WyhSJkw.exe
2⤵
PID:11164

C:\Windows\System\rucHcTa.exe
C:\Windows\System\rucHcTa.exe
2⤵
PID:11216

C:\Windows\System\rLKMhzk.exe
C:\Windows\System\rLKMhzk.exe
2⤵
PID:11244

C:\Windows\System\RKIcnrZ.exe
C:\Windows\System\RKIcnrZ.exe
2⤵
PID:11260

C:\Windows\System\iCYSmGY.exe
C:\Windows\System\iCYSmGY.exe
2⤵
PID:9828

C:\Windows\System\GxqIgOA.exe
C:\Windows\System\GxqIgOA.exe
2⤵
PID:10308

C:\Windows\System\jemFTkN.exe
C:\Windows\System\jemFTkN.exe
2⤵
PID:10352

C:\Windows\System\IoDXyAT.exe
C:\Windows\System\IoDXyAT.exe
2⤵
PID:10424

C:\Windows\System\eBBjJET.exe
C:\Windows\System\eBBjJET.exe
2⤵
PID:10516

C:\Windows\System\UokBXqB.exe
C:\Windows\System\UokBXqB.exe
2⤵
PID:10564

C:\Windows\System\YBQZRLI.exe
C:\Windows\System\YBQZRLI.exe
2⤵
PID:10648

C:\Windows\System\fBhxjpx.exe
C:\Windows\System\fBhxjpx.exe
2⤵
PID:10704

C:\Windows\System\DmvbCus.exe
C:\Windows\System\DmvbCus.exe
2⤵
PID:10800

C:\Windows\System\URwQsts.exe
C:\Windows\System\URwQsts.exe
2⤵
PID:10860

C:\Windows\System\ftjxMWl.exe
C:\Windows\System\ftjxMWl.exe
2⤵
PID:10904

C:\Windows\System\cJuebuU.exe
C:\Windows\System\cJuebuU.exe
2⤵
PID:11000

C:\Windows\System\hMrxhcY.exe
C:\Windows\System\hMrxhcY.exe
2⤵
PID:11028

C:\Windows\System\aqGGdpY.exe
C:\Windows\System\aqGGdpY.exe
2⤵
PID:11100

C:\Windows\System\pKGarIw.exe
C:\Windows\System\pKGarIw.exe
2⤵
PID:11056

C:\Windows\System\SQUkXLo.exe
C:\Windows\System\SQUkXLo.exe
2⤵
PID:11236

C:\Windows\System\FYVAyzC.exe
C:\Windows\System\FYVAyzC.exe
2⤵
PID:10288

C:\Windows\System\TfBEphn.exe
C:\Windows\System\TfBEphn.exe
2⤵
PID:10480

C:\Windows\System\Lwjzwgs.exe
C:\Windows\System\Lwjzwgs.exe
2⤵
PID:10668

C:\Windows\System\xzqshgv.exe
C:\Windows\System\xzqshgv.exe
2⤵
PID:10692

C:\Windows\System\qiUyCap.exe
C:\Windows\System\qiUyCap.exe
2⤵
PID:10848

C:\Windows\System\QFJchuo.exe
C:\Windows\System\QFJchuo.exe
2⤵
PID:11008

C:\Windows\System\YCedulW.exe
C:\Windows\System\YCedulW.exe
2⤵
PID:11192

C:\Windows\System\YONJrTr.exe
C:\Windows\System\YONJrTr.exe
2⤵
PID:10276

C:\Windows\System\ZHmWtNp.exe
C:\Windows\System\ZHmWtNp.exe
2⤵
PID:10772

C:\Windows\System\JLpIzdO.exe
C:\Windows\System\JLpIzdO.exe
2⤵
PID:11076

C:\Windows\System\AIUTSaF.exe
C:\Windows\System\AIUTSaF.exe
2⤵
PID:10404

C:\Windows\System\jSvfuvL.exe
C:\Windows\System\jSvfuvL.exe
2⤵
PID:10696

C:\Windows\System\HPhxTIk.exe
C:\Windows\System\HPhxTIk.exe
2⤵
PID:11292

C:\Windows\System\fxzEWsQ.exe
C:\Windows\System\fxzEWsQ.exe
2⤵
PID:11324

C:\Windows\System\kfovpLa.exe
C:\Windows\System\kfovpLa.exe
2⤵
PID:11352

C:\Windows\System\IwPqWBd.exe
C:\Windows\System\IwPqWBd.exe
2⤵
PID:11368

C:\Windows\System\zrQDZXr.exe
C:\Windows\System\zrQDZXr.exe
2⤵
PID:11388

C:\Windows\System\GaXghBZ.exe
C:\Windows\System\GaXghBZ.exe
2⤵
PID:11420

C:\Windows\System\uXZSEAQ.exe
C:\Windows\System\uXZSEAQ.exe
2⤵
PID:11440

C:\Windows\System\dKvkYYJ.exe
C:\Windows\System\dKvkYYJ.exe
2⤵
PID:11472

C:\Windows\System\PlLMhsK.exe
C:\Windows\System\PlLMhsK.exe
2⤵
PID:11508

C:\Windows\System\ptxuFFY.exe
C:\Windows\System\ptxuFFY.exe
2⤵
PID:11544

C:\Windows\System\zzuLQqN.exe
C:\Windows\System\zzuLQqN.exe
2⤵
PID:11576

C:\Windows\System\QlHDAYL.exe
C:\Windows\System\QlHDAYL.exe
2⤵
PID:11604

C:\Windows\System\YDdcYYU.exe
C:\Windows\System\YDdcYYU.exe
2⤵
PID:11620

C:\Windows\System\fhEwVcV.exe
C:\Windows\System\fhEwVcV.exe
2⤵
PID:11648

C:\Windows\System\VHLczMo.exe
C:\Windows\System\VHLczMo.exe
2⤵
PID:11680

C:\Windows\System\gyANPSo.exe
C:\Windows\System\gyANPSo.exe
2⤵
PID:11700

C:\Windows\System\oZgwsHx.exe
C:\Windows\System\oZgwsHx.exe
2⤵
PID:11720

C:\Windows\System\rXeZuIe.exe
C:\Windows\System\rXeZuIe.exe
2⤵
PID:11760

C:\Windows\System\HDNjtRo.exe
C:\Windows\System\HDNjtRo.exe
2⤵
PID:11788

C:\Windows\System\QibdyyE.exe
C:\Windows\System\QibdyyE.exe
2⤵
PID:11828

C:\Windows\System\JRoTxcc.exe
C:\Windows\System\JRoTxcc.exe
2⤵
PID:11844

C:\Windows\System\CtWLBRL.exe
C:\Windows\System\CtWLBRL.exe
2⤵
PID:11872

C:\Windows\System\ZqGlCrC.exe
C:\Windows\System\ZqGlCrC.exe
2⤵
PID:11912

C:\Windows\System\gJrcPoG.exe
C:\Windows\System\gJrcPoG.exe
2⤵
PID:11940

C:\Windows\System\DUAAvaC.exe
C:\Windows\System\DUAAvaC.exe
2⤵
PID:11968

C:\Windows\System\CnDJyDE.exe
C:\Windows\System\CnDJyDE.exe
2⤵
PID:11996

C:\Windows\System\YfqLezA.exe
C:\Windows\System\YfqLezA.exe
2⤵
PID:12024

C:\Windows\System\XVHjUBY.exe
C:\Windows\System\XVHjUBY.exe
2⤵
PID:12044

C:\Windows\System\wkqEqDz.exe
C:\Windows\System\wkqEqDz.exe
2⤵
PID:12072

C:\Windows\System\pZsyOOZ.exe
C:\Windows\System\pZsyOOZ.exe
2⤵
PID:12100

C:\Windows\System\ZoCARnC.exe
C:\Windows\System\ZoCARnC.exe
2⤵
PID:12120

C:\Windows\System\XeMQqyx.exe
C:\Windows\System\XeMQqyx.exe
2⤵
PID:12140

C:\Windows\System\gCrJZXA.exe
C:\Windows\System\gCrJZXA.exe
2⤵
PID:12192

C:\Windows\System\SKZqqLu.exe
C:\Windows\System\SKZqqLu.exe
2⤵
PID:12208

C:\Windows\System\SSKrVOg.exe
C:\Windows\System\SSKrVOg.exe
2⤵
PID:12236

C:\Windows\System\TKBYLBV.exe
C:\Windows\System\TKBYLBV.exe
2⤵
PID:12276

C:\Windows\System\gxpcMae.exe
C:\Windows\System\gxpcMae.exe
2⤵
PID:10884

C:\Windows\System\XKyciPG.exe
C:\Windows\System\XKyciPG.exe
2⤵
PID:11336

C:\Windows\System\EUcqcGi.exe
C:\Windows\System\EUcqcGi.exe
2⤵
PID:11416

C:\Windows\System\FGelTfL.exe
C:\Windows\System\FGelTfL.exe
2⤵
PID:11468

C:\Windows\System\XqAFHSr.exe
C:\Windows\System\XqAFHSr.exe
2⤵
PID:11520

C:\Windows\System\ZZyUVcZ.exe
C:\Windows\System\ZZyUVcZ.exe
2⤵
PID:11564

C:\Windows\System\lfZTvVi.exe
C:\Windows\System\lfZTvVi.exe
2⤵
PID:11588

C:\Windows\System\PRwlHjb.exe
C:\Windows\System\PRwlHjb.exe
2⤵
PID:11640

C:\Windows\System\dLadVBD.exe
C:\Windows\System\dLadVBD.exe
2⤵
PID:11692

C:\Windows\System\dRWXbxf.exe
C:\Windows\System\dRWXbxf.exe
2⤵
PID:11740

C:\Windows\System\kygiqMn.exe
C:\Windows\System\kygiqMn.exe
2⤵
PID:11772

C:\Windows\System\SEjwbzD.exe
C:\Windows\System\SEjwbzD.exe
2⤵
PID:11840

C:\Windows\System\eCtEHob.exe
C:\Windows\System\eCtEHob.exe
2⤵
PID:3108

C:\Windows\System\sVjzdga.exe
C:\Windows\System\sVjzdga.exe
2⤵
PID:11964

C:\Windows\System\KoMDLCF.exe
C:\Windows\System\KoMDLCF.exe
2⤵
PID:12088

C:\Windows\System\jMXUcBJ.exe
C:\Windows\System\jMXUcBJ.exe
2⤵
PID:12184

C:\Windows\System\rgLdiMn.exe
C:\Windows\System\rgLdiMn.exe
2⤵
PID:8804

C:\Windows\System\wlXncbp.exe
C:\Windows\System\wlXncbp.exe
2⤵
PID:11276

C:\Windows\System\xKAkMIw.exe
C:\Windows\System\xKAkMIw.exe
2⤵
PID:11404

C:\Windows\System\guWGSAw.exe
C:\Windows\System\guWGSAw.exe
2⤵
PID:11532

C:\Windows\System\mqWMEKT.exe
C:\Windows\System\mqWMEKT.exe
2⤵
PID:11732

C:\Windows\System\mCHmegH.exe
C:\Windows\System\mCHmegH.exe
2⤵
PID:11676

C:\Windows\System\IhCOJHB.exe
C:\Windows\System\IhCOJHB.exe
2⤵
PID:2292

C:\Windows\System\yiiPPhB.exe
C:\Windows\System\yiiPPhB.exe
2⤵
PID:12132

C:\Windows\System\aTEWQDO.exe
C:\Windows\System\aTEWQDO.exe
2⤵
PID:12252

C:\Windows\System\uVkXnXc.exe
C:\Windows\System\uVkXnXc.exe
2⤵
PID:11452

C:\Windows\System\QncGZnU.exe
C:\Windows\System\QncGZnU.exe
2⤵
PID:11804

C:\Windows\System\xiFIIsl.exe
C:\Windows\System\xiFIIsl.exe
2⤵
PID:12096

C:\Windows\System\VklDRIw.exe
C:\Windows\System\VklDRIw.exe
2⤵
PID:12284

C:\Windows\System\LQdlSRd.exe
C:\Windows\System\LQdlSRd.exe
2⤵
PID:12292

C:\Windows\System\BPdNfTS.exe
C:\Windows\System\BPdNfTS.exe
2⤵
PID:12332

C:\Windows\System\mODPryq.exe
C:\Windows\System\mODPryq.exe
2⤵
PID:12348

C:\Windows\System\LEDNiKR.exe
C:\Windows\System\LEDNiKR.exe
2⤵
PID:12368

C:\Windows\System\viiNHmT.exe
C:\Windows\System\viiNHmT.exe
2⤵
PID:12400

C:\Windows\System\XkQhvcS.exe
C:\Windows\System\XkQhvcS.exe
2⤵
PID:12432

C:\Windows\System\jIvAfUL.exe
C:\Windows\System\jIvAfUL.exe
2⤵
PID:12460

C:\Windows\System\HYxzCiD.exe
C:\Windows\System\HYxzCiD.exe
2⤵
PID:12500

C:\Windows\System\pkRMOBg.exe
C:\Windows\System\pkRMOBg.exe
2⤵
PID:12528

C:\Windows\System\MXeWLYr.exe
C:\Windows\System\MXeWLYr.exe
2⤵
PID:12556

C:\Windows\System\iGwmucM.exe
C:\Windows\System\iGwmucM.exe
2⤵
PID:12580

C:\Windows\System\FgoYrXF.exe
C:\Windows\System\FgoYrXF.exe
2⤵
PID:12600

C:\Windows\System\ZqAtBiP.exe
C:\Windows\System\ZqAtBiP.exe
2⤵
PID:12632

C:\Windows\System\NxSlpdS.exe
C:\Windows\System\NxSlpdS.exe
2⤵
PID:12656

C:\Windows\System\ZwgnaRq.exe
C:\Windows\System\ZwgnaRq.exe
2⤵
PID:12672

C:\Windows\System\KbMzftO.exe
C:\Windows\System\KbMzftO.exe
2⤵
PID:12696

C:\Windows\System\qifBLlh.exe
C:\Windows\System\qifBLlh.exe
2⤵
PID:12752

C:\Windows\System\VicvHZY.exe
C:\Windows\System\VicvHZY.exe
2⤵
PID:12780

C:\Windows\System\UtiqLIa.exe
C:\Windows\System\UtiqLIa.exe
2⤵
PID:12808

C:\Windows\System\RaggRQc.exe
C:\Windows\System\RaggRQc.exe
2⤵
PID:12824

C:\Windows\System\xyUcgbO.exe
C:\Windows\System\xyUcgbO.exe
2⤵
PID:12856

C:\Windows\System\LofkvvE.exe
C:\Windows\System\LofkvvE.exe
2⤵
PID:12880

C:\Windows\System\zXgkYlE.exe
C:\Windows\System\zXgkYlE.exe
2⤵
PID:12908

C:\Windows\System\zQRLFJU.exe
C:\Windows\System\zQRLFJU.exe
2⤵
PID:12936

C:\Windows\System\KqYPtjq.exe
C:\Windows\System\KqYPtjq.exe
2⤵
PID:12956

C:\Windows\System\vANCauP.exe
C:\Windows\System\vANCauP.exe
2⤵
PID:12980

C:\Windows\System\KZOBKhl.exe
C:\Windows\System\KZOBKhl.exe
2⤵
PID:13016

C:\Windows\System\FlQinat.exe
C:\Windows\System\FlQinat.exe
2⤵
PID:13052

C:\Windows\System\jDAJoKu.exe
C:\Windows\System\jDAJoKu.exe
2⤵
PID:13088

C:\Windows\System\uUwjXOU.exe
C:\Windows\System\uUwjXOU.exe
2⤵
PID:13116

C:\Windows\System\PABqfGu.exe
C:\Windows\System\PABqfGu.exe
2⤵
PID:13144

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_j14pytvi.wv5.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AGXrDhG.exe
Filesize
1.9MB

MD5
fe7eab762f3a5376edd492e34767e7e3

SHA1
9d150eb9125d35e17062750bc5817812b7053a60

SHA256
77a778338bb310394193f0eea8dc6fcf28ce569aeb1b34bf7ac6af9c9ccf2af0

SHA512
093a349b754ef5912116aa96f2f2737d33d9f5de753a42a6237ffa36b11dbcba5decd204b3c330a27d7a0bce73e6516367db4d7eea7845dfcdc7f1102681d32f

Download Submit
C:\Windows\System\DecLJAJ.exe
Filesize
1.9MB

MD5
b8ee722ac0e12a7c9c4c8b5ccd6b1d64

SHA1
8984d40745d2b9d31760403d467774f9b29ca1f4

SHA256
af16ab685da7b3b3bc99fd2caab3343231ee21d55c08884d2077829e88d9d570

SHA512
74c13d58ebc6cc78375ca16beec4090531749a9e327d6002449e1e4ed148b82a23fdf24ee9b5099e380104340e34ee658fff02d15d16201681a5ae942777de57

Download Submit
C:\Windows\System\DmEuDJV.exe
Filesize
1.9MB

MD5
fd4f5e127f47116af14711e66d38842f

SHA1
9f43c234cd74d786532e6912690e820d5345da0b

SHA256
33fead7ff90a499676d612512e04e52c017182c5ed94fe87ad330b1867d00b1b

SHA512
d90810a1ccdc3ce1534dc68c7ebd16da19a87ece3df720da19225aec07cf84ef7d547f3c1650379526a3e3b4de7269a0d2cc988611d3bb0914d39193f00e805e

Download Submit
C:\Windows\System\EDgRhUd.exe
Filesize
1.9MB

MD5
dfbc6b00b2bb10b386187151c1abb601

SHA1
a5a806889453e8a73e6e7daccd01714826dd17ab

SHA256
007bb6a4d97e713b3538a251b82dac209ac53e0f12862acd5bade85485a05ab5

SHA512
2e4da2d4a73b3a37cbf3268d3ed7753428271468f37e674631716d8d4b0823b8adf38b3c9d24daf1932ce77c8216fc632b088361a4d201ac6dd8bb5ea1f114a4

Download Submit
C:\Windows\System\JJMAEbm.exe
Filesize
8B

MD5
459c6f4d1e47ea8d3a3d8becc8e47dab

SHA1
4674e79387826d12a69f998c4c693a0cec15c60a

SHA256
b2274bdc3af6151e772d8905eb42fa28b34c3b398da6d5de12d533721b873bbf

SHA512
39d6e0b7366cc7065b7c0900f76e182998d75279da82c73206b119602176ed37fb329dba1062ed5bb9937172b578d21624885d511c2b848a04e620b90c188a40

Download Submit
C:\Windows\System\JrdhYEM.exe
Filesize
1.9MB

MD5
9cb28caed9f9b92ec57d5506126e53fc

SHA1
b1d012fa74481ee3a6eba64e7eea5341a7b839c4

SHA256
2e83ae939e101907903bdca2809a60e0b3b6d36e9ce92baaf2b3f7abdaac47b4

SHA512
26c7fcf706dc2729c9a05e440320c2f81fc5b1b8010170763399486f17ee6f2e6c243619aa68928384c969ac73fa42aa7a00c6a605749cb7ec6dc62efdec8d05

Download Submit
C:\Windows\System\KEStPAF.exe
Filesize
1.9MB

MD5
6086082231f66cf5293c37837be8a039

SHA1
a3097ade50bca2845fdc019e669ea603f921ec72

SHA256
6c7e2db0589b32a1dac754ce9451b7d870bf80a3927f4a6f176bd57f4b8659be

SHA512
ea467af9db941c0b2b5e86fbeffd8846c87a7f4bbd93cf46725372e729e14b9bfcd5b51a079e5e82ca8143ed254e5b5dace8dbaf435752475e2039ea17c58f0a

Download Submit
C:\Windows\System\LaowZpA.exe
Filesize
1.9MB

MD5
7e70dfadcd3d9df17ef3aa1d5d56d7c7

SHA1
dfb6b7ca5a6a0e88e859dc78c10a595e728f01d7

SHA256
bbb6bbd5c56c8eded8868b5b2c730850a2d97279b5d1bc768ad7a7dac58c996a

SHA512
458eb5b226eb854d5213463a478f3a4a7de359bbe1ff07762cbb519cc3045c1979aecc944bf5e915adebe504fcc08506beded11a569aa5d67e1b1f16106caabc

Download Submit
C:\Windows\System\MyiiOfv.exe
Filesize
1.9MB

MD5
3eb22d9fe6a9fa4714cc8e1e9d38d051

SHA1
51df020e9ea39e33bd551a1cb46cab65412fe2d0

SHA256
7a37f4a6e1f19c059dd8eba86e33b1642c59732ea1cd63c0a3dfd1d9eda40812

SHA512
6686f74f3bf5ef56e7003c9c0d0b488137c740e809f5f815871046f090acf48698f1d52ad021b42f49cd46de84eb1a086086bea5fc3b1b579ade8647184d5aea

Download Submit
C:\Windows\System\RnekRrG.exe
Filesize
1.9MB

MD5
7e703991b5d3c7eda0731794be23472d

SHA1
551cb067db3f0288d1e9273382c276a12d50a618

SHA256
bcc450c3364954a3ed38c43d4a8cbcff53d6187657604b7f17ce2da39f211b7e

SHA512
49aa7e0829216a5b4891fe6546ff50aca3628dc5cf0c9ec20f6750c1b7f24ddf8907d2a4facc2e0c62341fb4bd2c0e7fb7a45d50d89b12e39a3ccd0267332384

Download Submit
C:\Windows\System\SJQhMrj.exe
Filesize
1.9MB

MD5
4a05d2d98e4b1baa6ed74d243ac7e296

SHA1
1bc57b488b3d6272f72304b063b22cbd0f47fd95

SHA256
4ba9b2227fa793d04ae85e11268fca6c790b4bf63138c0114ad853395515b5a4

SHA512
3e8cc792a8733feac67228d2e0394fd5185d3a48fff0a6ad570b1710c20062923b57e6bf44a4527016bfee43e3da2e43a58ec397935b794417ee95c38fd7ae4d

Download Submit
C:\Windows\System\SSqBRvc.exe
Filesize
1.9MB

MD5
f62a6135735ba6bc7697c987179c06d8

SHA1
51202c5936ed261e24a909b89748ac1951f8a5cb

SHA256
f1d80dc116b59dbbdf70e1b8d713f54be8694d67246ec95a48af194525d92280

SHA512
47befa6236e8d286c49eeb51ba7b529ee1c30174be941c5e446fd9da2dbe274f16a4ad168691e0e1fb12722fe9943c92f1cafea3f6d8a967bfd4fff4c56a5bbe

Download Submit
C:\Windows\System\Syldkix.exe
Filesize
1.9MB

MD5
4cf9d87156fcda547dd3343f7ef3cdbe

SHA1
60481c118defa4ba8bc4b92e6accd5ae8affb01d

SHA256
fa203bd47e230839ab310c7f28b6b94cd73c8b4ed1cc1877a51ff018bf35dd9c

SHA512
c0103c4a53cf3fc9aa91e78a1ae5921f1ea33dd9b26ad02512a99697dc51b703bd00b0b2e35fe468285bba3f67f568e7d3d1f42388dc589c6e162dbcb4915af4

Download Submit
C:\Windows\System\TUUMzZK.exe
Filesize
1.9MB

MD5
93461426aa598cc052bcdaf89902e505

SHA1
ad4d1e199c7d5da07fbd6e14045ce4ceb93f898b

SHA256
ca06efbc4596aa72308c18cfba6e6f5c1603611c2a6af8151d1ac1b7edd844a3

SHA512
5e8574666159d0b2247ff9334311fc8d451f5e648d448c744220f9106b99f30fdc39807c40f5fd3683ebf1e10457b12729ed256b775b6688d3e3effdb95a1dd6

Download Submit
C:\Windows\System\TVmrcPt.exe
Filesize
1.9MB

MD5
33b2a9d1a4f7b15ffe3ae89b92c2fdac

SHA1
f6180c449dc72b868977929f8688ac435cb3f927

SHA256
73713a8f8f9eda4b388d54ac1f49b37feef697807f2f42441d2c0288a33db2fa

SHA512
329c4441e930a0457760bbe2672a030ea4f12192e3a609f65c81bbcc6dccc81204895089f79e3501479f88a587e19d53fd6f5a09825f13e6c35cccbeecd529f3

Download Submit
C:\Windows\System\TdgReeD.exe
Filesize
1.9MB

MD5
9fbb39cd2f7b53686eddebf1b07bf976

SHA1
eb20012c0c81e2b108645cf138b1c6f76c7ffd1f

SHA256
ac2259b4c1f4c6d0e8c6faf67e6d67d1bb2f4b296313f37c9721a36539b58b3e

SHA512
ca7d9cdf7a9f505bbacfcb53c4d7a5dc5cb5bdbaee08b21d90a2ff407632521e6e6f4d8bb47ea4355e1a7ffdeb9e15c19de443a410a431895bdab19b96513cf5

Download Submit
C:\Windows\System\VKIHsmZ.exe
Filesize
1.9MB

MD5
4c5438060b515f5ec9a75afa55b3a7de

SHA1
9f525ce66e11637bf5e774354828e9af900e7d12

SHA256
ad04e6b20a923ce5af48040dde0180e00b7692718e8702443f05e24654247605

SHA512
b5a0eacba2b28921f64ee4f36b9e855e59f235327c1ad68773c58406a8fdb659254ef2f11f6e432608aa23cb07c5cdde109c3630b5dffdb289cddc7ea3e9e536

Download Submit
C:\Windows\System\XbzBnjz.exe
Filesize
1.9MB

MD5
6cc55f12bfa2c10958e457e9b12ead5c

SHA1
963c2da37f1683fe685d28410a4153eacea21dc2

SHA256
f72d55d0d76e267b79566bd92c8e0bd75e46030265697cce6c56a9886ba05346

SHA512
95c7152f1fec043f732cd14893f0e7f9840ce49b50cdb3f3cd735db10333c56c7abb59a58e36f2c90e0c07ccca12b0f11b59c51368279754f1a99b0939d5ad23

Download Submit
C:\Windows\System\ftRHzxZ.exe
Filesize
1.9MB

MD5
7618f2595ed06ae8aeb186c307c86487

SHA1
7fcf2d7401743585cdada60ada35d91e619c0905

SHA256
d471ba19fb92a7650e98e670e2c88e34421fbb3629f1b51aaf74ebc0256d1190

SHA512
1908260411a46d2f8fc2c97e8e3900cb0766727fbad358f1ae3ad47700db08acf9a736f15cb9b0541aa449f962ae40dd06575b7a2989a9244bad271493f39ef8

Download Submit
C:\Windows\System\hcEZFyo.exe
Filesize
1.9MB

MD5
d885cbe11bd25870b76a7fb7db4726a0

SHA1
245a6676d0adbc76046d98ec8e1e731ea2a65b53

SHA256
1b542a90297c3724d7b5c7592dcaacc4e538d7b5e951c8ea26ec61cd6eb40482

SHA512
ab7742e1efaf1b4bd861d6162d04ee89c290491dbd5dc4256fdce271272db124e170c22dcdbbbc9ce53e3e5534ccd49eef0688fd61c03c1ae4651877f6d812d6

Download Submit
C:\Windows\System\heTgJjJ.exe
Filesize
1.9MB

MD5
48028584f9a953efcf57508d2f7b2205

SHA1
79c687cb7f1b746eb715ccb5dfa0e96552696cfc

SHA256
1bcc2f154b148534f08a7e25eb1e8af9e42f9d267dff01c0673e4d01667c27e4

SHA512
a1c457acea35cbd7b74af6ee874b3cb3668e062cf1bf94d9dfaedc2aeeed17ba53b23a7abec5d063562b1a012131d37a73c7509936ab014d7ca49137f410ef4c

Download Submit
C:\Windows\System\inzBIPC.exe
Filesize
1.9MB

MD5
2aaac21ae0a0f2156a9ef50ab635a1df

SHA1
6035a0632070b29975685b91581143bef8488513

SHA256
e80370ff3fcdbdfe00053d56200951f9468fd1afda2888a2e47d794caed87ff9

SHA512
717503070bda1bbfee2babb045afea6981df0a6ad414505462866aeec50db6c7340d603b53d57db7522d089e334fa9c0f594febc7c7079345ac8bc9313742dc9

Download Submit
C:\Windows\System\jEZzPvU.exe
Filesize
1.9MB

MD5
e2dd2bb88a105b17440ea8442d6ab4d6

SHA1
13d8c487d53b4bb76dfc3dcb482e8334dca83fec

SHA256
b16222b859ded7cd23064d1073d82ccb3fa6fb78e8b716beee916fe45d9f252d

SHA512
cbe1cb344ede981a6deb59fd0000d5514b3617ccfd59772b3b87f14437e4b67811bbda2a6e08f090df5cf29e002513c6536b0aa3c852ab931675ac77a6a6ed34

Download Submit
C:\Windows\System\jRtDVnN.exe
Filesize
1.9MB

MD5
ae2f7c5b7265f7c92c53de69c4481071

SHA1
6cc832876b2dfc89c8bc80f4f08091374d7d1521

SHA256
a7dba32890f4ffddd3f367d82d989e11a681586b631a83e206a955d0fe14d343

SHA512
db80ff8b759da33386f5698ce06f32d3b1dd7e076de0c80f16b501102caf0a7f3ccbd01589048c745e335da84b04b9c775e272b4f48cc06c9d1306d0be3522a4

Download Submit
C:\Windows\System\nUGJmhM.exe
Filesize
1.9MB

MD5
1995306f373809d7793b0b810ee1f94c

SHA1
5ecb4f9f8d455ebf58649953530c140d1754a17c

SHA256
e7290a0deea6c88ebe9a57b0eb7b36952f4c61948e29faa1f471501b061b06fc

SHA512
68fc2182fe76c6e30f2e081da1a2b08e17f4f32985a97799db62e5c7db9dcea754cf3e5f1b0d681c4b0aa7a59702819a79ac10bc4236388edb0be15484b4ad20

Download Submit
C:\Windows\System\nhTfEQD.exe
Filesize
1.9MB

MD5
7a4686a8718a8069e3d3019370dffc9c

SHA1
84d553191626fb68c6e10379ffc020eb93f63551

SHA256
6491fc64763e4b363b83b53880cd1737d642aeab3cf1738acc3ad940a81d699b

SHA512
4f3fcefc530f925a3baf09e7608a1cc22fe96dfff74345d16f2c05dcbb95e42e6972147fb832b73c5c24f2619e076bdf9a67b648fcf1f40af37a5de27aaa8f0a

Download Submit
C:\Windows\System\otrHWWn.exe
Filesize
1.9MB

MD5
0f9e0da95a27d040032e14b86ad0ad78

SHA1
d82d349291216cc2de4484ad7bb67c88701b931a

SHA256
a087851a9af6b958c778a79db39a29531e70afd512c9cbea048b4d6beddf2853

SHA512
0a964014537f626cd5221d0b9bd79243cd2856c1264966a6a424b8402fda1f84fa362a3ed780294520fcbdd3a02fd169b1e1b3e8e6728c90c3599fd60cc84433

Download Submit
C:\Windows\System\qHYYwue.exe
Filesize
1.9MB

MD5
9853d2ee926d7dd85a2a9372c46d64d4

SHA1
cb4a33c5538207cb48346c290a67fd90b6f237b9

SHA256
40d94ab3e3171098c5b2116b03988e76b20716bb81cb7278c9c729885cf79b84

SHA512
2f30b3f20832f857b44f6b8a9020a8760a429a1e0445c8c79923532512300b723c604ee0d6f8ea02e656cace1720952f0d56dda8aa258e50e29e6dcebad5d5c5

Download Submit
C:\Windows\System\qMtlnmR.exe
Filesize
1.9MB

MD5
e6304910a9ac9a43a49b010b4763e066

SHA1
c2a708b17395a6d018ae280be8bf0840531be452

SHA256
bb4a76d57ac0e2b765ce0fe99e30325c78b4a2084e948850509ca2d1ed443899

SHA512
538cdf097f83801dc74f1c917a290d9707171489fbc32efaadbe615c95e87b61670cae656529e709c51a0272cedb34a56bbd5f75ed78d675875092ffe3e72754

Download Submit
C:\Windows\System\qjBmJWt.exe
Filesize
1.9MB

MD5
12ac85ab8a543778d6bd10f07232eb38

SHA1
b431e20ea3765311073346848da50195aabad67b

SHA256
b4c9fa5d50c49d2df4ea73d1efde56fcd390f99f2c69f669fd68b07fb660ae82

SHA512
903f1c6ecb495d3963d377046889fd3fd04c7befac84437e3ed3931731a718becce54ea5f2e803ab6e6abfcf59528b40bd273dc56e676e1f2760f42c297d5edb

Download Submit
C:\Windows\System\uAhssSm.exe
Filesize
1.9MB

MD5
a710449bbe042e53277775549953702e

SHA1
cf46da59276b4d74b770a94460a027733e876261

SHA256
72b8c1afc13e89dfec6674c3f39d15d4f779345a0a46d6d877e6f20167e053d8

SHA512
68002363e3ba8cc84fa6f6235cb38b38b9a17fc8b78c51526401d7f550026407a57862fbdb655a3f85ad8e5c98d4ea0851c34f2e025350eb6694aecdbf4904a3

Download Submit
C:\Windows\System\vZnLEMK.exe
Filesize
1.9MB

MD5
27964595fab743c4d1a403099b904286

SHA1
26c36b256fe6bba5fcc48c0674c627cb51169d73

SHA256
1cdcbbf0116a4cb3d690f2c2d62dab245a35eb48fdb74fef3370f4654bed1bc2

SHA512
b0be957e121d97109b96adb2353afe90cda55e0bb11e063e12cce75d85544d298a0a3c0dbe7e80d7ea0758a89ee080173cbeec1f24da539ee4aa8b85dfb6a6c5

Download Submit
C:\Windows\System\xIQUvBq.exe
Filesize
1.9MB

MD5
a9b228998edfedd7e6dd8f9543221206

SHA1
c1e7f8fcdb92e15b99f35fa36a4439eee50062dc

SHA256
eb010687182d74ab0a1608514eb25a8ca28dcbd52c438f1ad46b61ddf937f454

SHA512
516798129cc63582167fdc061bcad243a92a39f6baaabcf42e66c8f784a8d1718de13be2c867da5943e8fb8ccadc1a41a0531a9f04388f3799f7486617ec34a4

Download Submit
C:\Windows\System\ymvbMNb.exe
Filesize
1.9MB

MD5
c53ca39d1816a22bb9678763965e0b75

SHA1
ab60fd891a47bca56bf37a096524c5011485151b

SHA256
be34505c952df8d85f4bb5ffb0830d0e42e96a6d38a58beafb25a3c568abb6a4

SHA512
fa08bb78ce4dd4021ab4f06ef75891c7dc99dafece3518a96d62faeb545c68be623e8d46c83ab8da965cf7343b346fa25bc2878c3471f8ea02ad29ddd39189b4

Download Submit
memory/392-1975-0x00007FF6BC7A0000-0x00007FF6BCB96000-memory.dmp

Filesize
4.0MB

Download
memory/392-152-0x00007FF6BC7A0000-0x00007FF6BCB96000-memory.dmp

Filesize
4.0MB

Download
memory/996-82-0x00007FF6DCC50000-0x00007FF6DD046000-memory.dmp

Filesize
4.0MB

Download
memory/996-1943-0x00007FF6DCC50000-0x00007FF6DD046000-memory.dmp

Filesize
4.0MB

Download
memory/996-1963-0x00007FF6DCC50000-0x00007FF6DD046000-memory.dmp

Filesize
4.0MB

Download
memory/1208-1971-0x00007FF7162C0000-0x00007FF7166B6000-memory.dmp

Filesize
4.0MB

Download
memory/1208-133-0x00007FF7162C0000-0x00007FF7166B6000-memory.dmp

Filesize
4.0MB

Download
memory/1600-98-0x00007FF7EA4A0000-0x00007FF7EA896000-memory.dmp

Filesize
4.0MB

Download
memory/1600-1967-0x00007FF7EA4A0000-0x00007FF7EA896000-memory.dmp

Filesize
4.0MB

Download
memory/1612-112-0x00007FF718710000-0x00007FF718B06000-memory.dmp

Filesize
4.0MB

Download
memory/1612-1961-0x00007FF718710000-0x00007FF718B06000-memory.dmp

Filesize
4.0MB

Download
memory/2116-1956-0x00007FF641020000-0x00007FF641416000-memory.dmp

Filesize
4.0MB

Download
memory/2116-12-0x00007FF641020000-0x00007FF641416000-memory.dmp

Filesize
4.0MB

Download
memory/2128-158-0x00007FF6A9030000-0x00007FF6A9426000-memory.dmp

Filesize
4.0MB

Download
memory/2128-1974-0x00007FF6A9030000-0x00007FF6A9426000-memory.dmp

Filesize
4.0MB

Download
memory/2444-74-0x00007FF6DD610000-0x00007FF6DDA06000-memory.dmp

Filesize
4.0MB

Download
memory/2444-1962-0x00007FF6DD610000-0x00007FF6DDA06000-memory.dmp

Filesize
4.0MB

Download
memory/3056-1970-0x00007FF7639D0000-0x00007FF763DC6000-memory.dmp

Filesize
4.0MB

Download
memory/3056-128-0x00007FF7639D0000-0x00007FF763DC6000-memory.dmp

Filesize
4.0MB

Download
memory/3088-47-0x00007FF657200000-0x00007FF6575F6000-memory.dmp

Filesize
4.0MB

Download
memory/3088-1960-0x00007FF657200000-0x00007FF6575F6000-memory.dmp

Filesize
4.0MB

Download
memory/3116-123-0x00007FF627890000-0x00007FF627C86000-memory.dmp

Filesize
4.0MB

Download
memory/3116-1966-0x00007FF627890000-0x00007FF627C86000-memory.dmp

Filesize
4.0MB

Download
memory/3144-1957-0x00007FF7E22E0000-0x00007FF7E26D6000-memory.dmp

Filesize
4.0MB

Download
memory/3144-25-0x00007FF7E22E0000-0x00007FF7E26D6000-memory.dmp

Filesize
4.0MB

Download
memory/3212-1979-0x00007FF74A5F0000-0x00007FF74A9E6000-memory.dmp

Filesize
4.0MB

Download
memory/3212-177-0x00007FF74A5F0000-0x00007FF74A9E6000-memory.dmp

Filesize
4.0MB

Download
memory/3488-1973-0x00007FF6AAEA0000-0x00007FF6AB296000-memory.dmp

Filesize
4.0MB

Download
memory/3488-146-0x00007FF6AAEA0000-0x00007FF6AB296000-memory.dmp

Filesize
4.0MB

Download
memory/3492-83-0x00007FF6112B0000-0x00007FF6116A6000-memory.dmp

Filesize
4.0MB

Download
memory/3492-1964-0x00007FF6112B0000-0x00007FF6116A6000-memory.dmp

Filesize
4.0MB

Download
memory/3492-1944-0x00007FF6112B0000-0x00007FF6116A6000-memory.dmp

Filesize
4.0MB

Download
memory/3732-159-0x00007FF6AEE40000-0x00007FF6AF236000-memory.dmp

Filesize
4.0MB

Download
memory/3732-1976-0x00007FF6AEE40000-0x00007FF6AF236000-memory.dmp

Filesize
4.0MB

Download
memory/3912-1-0x000001CD36830000-0x000001CD36840000-memory.dmp

Filesize
64KB

Download
memory/3912-0-0x00007FF68F3E0000-0x00007FF68F7D6000-memory.dmp

Filesize
4.0MB

Download
memory/4100-1958-0x00007FF61E7E0000-0x00007FF61EBD6000-memory.dmp

Filesize
4.0MB

Download
memory/4100-108-0x00007FF61E7E0000-0x00007FF61EBD6000-memory.dmp

Filesize
4.0MB

Download
memory/4340-171-0x00007FF7BD540000-0x00007FF7BD936000-memory.dmp

Filesize
4.0MB

Download
memory/4340-1978-0x00007FF7BD540000-0x00007FF7BD936000-memory.dmp

Filesize
4.0MB

Download
memory/4576-1965-0x00007FF6D1CA0000-0x00007FF6D2096000-memory.dmp

Filesize
4.0MB

Download
memory/4576-117-0x00007FF6D1CA0000-0x00007FF6D2096000-memory.dmp

Filesize
4.0MB

Download
memory/4612-65-0x00007FFB523E0000-0x00007FFB52EA1000-memory.dmp

Filesize
10.8MB

Download
memory/4612-35-0x000002416D430000-0x000002416D452000-memory.dmp

Filesize
136KB

Download
memory/4612-443-0x000002416EA60000-0x000002416F206000-memory.dmp

Filesize
7.6MB

Download
memory/4612-53-0x00007FFB523E0000-0x00007FFB52EA1000-memory.dmp

Filesize
10.8MB

Download
memory/4612-1955-0x00007FFB523E0000-0x00007FFB52EA1000-memory.dmp

Filesize
10.8MB

Download
memory/4612-1946-0x00007FFB523E0000-0x00007FFB52EA1000-memory.dmp

Filesize
10.8MB

Download
memory/4612-1942-0x00007FFB523E0000-0x00007FFB52EA1000-memory.dmp

Filesize
10.8MB

Download
memory/4612-1945-0x00007FFB523E3000-0x00007FFB523E5000-memory.dmp

Filesize
8KB

Download
memory/4612-48-0x00007FFB523E3000-0x00007FFB523E5000-memory.dmp

Filesize
8KB

Download
memory/4640-1968-0x00007FF6600F0000-0x00007FF6604E6000-memory.dmp

Filesize
4.0MB

Download
memory/4640-124-0x00007FF6600F0000-0x00007FF6604E6000-memory.dmp

Filesize
4.0MB

Download
memory/4776-1969-0x00007FF767E70000-0x00007FF768266000-memory.dmp

Filesize
4.0MB

Download
memory/4776-104-0x00007FF767E70000-0x00007FF768266000-memory.dmp

Filesize
4.0MB

Download
memory/4844-42-0x00007FF6D15F0000-0x00007FF6D19E6000-memory.dmp

Filesize
4.0MB

Download
memory/4844-1959-0x00007FF6D15F0000-0x00007FF6D19E6000-memory.dmp

Filesize
4.0MB

Download
memory/4932-165-0x00007FF727FF0000-0x00007FF7283E6000-memory.dmp

Filesize
4.0MB

Download
memory/4932-1977-0x00007FF727FF0000-0x00007FF7283E6000-memory.dmp

Filesize
4.0MB

Download
memory/5052-1972-0x00007FF6E6810000-0x00007FF6E6C06000-memory.dmp

Filesize
4.0MB

Download
memory/5052-140-0x00007FF6E6810000-0x00007FF6E6C06000-memory.dmp

Filesize
4.0MB

Download