xmrig | 4d83153f4c51a8bb40051e0ec2e49239dfb983c15fb46c29544371583783d646

Analysis

max time kernel
92s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 22:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22cbab07b966e197281f6fb9076c9a20N.exe
Size

1.4MB
MD5

22cbab07b966e197281f6fb9076c9a20
SHA1

10468db6e45c9501fd518f06d45dd3bfad47feea
SHA256

4d83153f4c51a8bb40051e0ec2e49239dfb983c15fb46c29544371583783d646
SHA512

9aefc585d4874e1c06d1e8fbeef73c0ebc263a5092953f12b4909846727868fb302b3edb5694d00bf0a48758a8e34ad6eaba2ee1d5c1d9f647ee966afc4b0c34
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYL+t6kw2bPJ4fOgYo/Jsak:Lz071uv4BPMkibTIA5LDGTJ4fXsP

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3144-55-0x00007FF730940000-0x00007FF730D32000-memory.dmp	xmrig
behavioral2/memory/960-122-0x00007FF783310000-0x00007FF783702000-memory.dmp	xmrig
behavioral2/memory/760-125-0x00007FF682520000-0x00007FF682912000-memory.dmp	xmrig
behavioral2/memory/1592-124-0x00007FF67CD20000-0x00007FF67D112000-memory.dmp	xmrig
behavioral2/memory/4560-123-0x00007FF6FD5D0000-0x00007FF6FD9C2000-memory.dmp	xmrig
behavioral2/memory/3516-120-0x00007FF77FC10000-0x00007FF780002000-memory.dmp	xmrig
behavioral2/memory/2036-119-0x00007FF751600000-0x00007FF7519F2000-memory.dmp	xmrig
behavioral2/memory/1384-114-0x00007FF684C90000-0x00007FF685082000-memory.dmp	xmrig
behavioral2/memory/1644-113-0x00007FF7932B0000-0x00007FF7936A2000-memory.dmp	xmrig
behavioral2/memory/2360-107-0x00007FF751E90000-0x00007FF752282000-memory.dmp	xmrig
behavioral2/memory/3692-95-0x00007FF778A10000-0x00007FF778E02000-memory.dmp	xmrig
behavioral2/memory/4436-81-0x00007FF63C580000-0x00007FF63C972000-memory.dmp	xmrig
behavioral2/memory/3572-80-0x00007FF6D1B20000-0x00007FF6D1F12000-memory.dmp	xmrig
behavioral2/memory/4312-72-0x00007FF6E75E0000-0x00007FF6E79D2000-memory.dmp	xmrig
behavioral2/memory/1436-61-0x00007FF614C30000-0x00007FF615022000-memory.dmp	xmrig
behavioral2/memory/2140-47-0x00007FF698160000-0x00007FF698552000-memory.dmp	xmrig
behavioral2/memory/2968-184-0x00007FF710B60000-0x00007FF710F52000-memory.dmp	xmrig
behavioral2/memory/8-147-0x00007FF725200000-0x00007FF7255F2000-memory.dmp	xmrig
behavioral2/memory/1516-3101-0x00007FF61D030000-0x00007FF61D422000-memory.dmp	xmrig
behavioral2/memory/1520-3103-0x00007FF63F490000-0x00007FF63F882000-memory.dmp	xmrig
behavioral2/memory/4584-3124-0x00007FF66D990000-0x00007FF66DD82000-memory.dmp	xmrig
behavioral2/memory/1892-3150-0x00007FF7CF970000-0x00007FF7CFD62000-memory.dmp	xmrig
behavioral2/memory/3756-3148-0x00007FF6B2B60000-0x00007FF6B2F52000-memory.dmp	xmrig
behavioral2/memory/4616-3151-0x00007FF6AD5C0000-0x00007FF6AD9B2000-memory.dmp	xmrig
behavioral2/memory/1516-3155-0x00007FF61D030000-0x00007FF61D422000-memory.dmp	xmrig
behavioral2/memory/1384-3156-0x00007FF684C90000-0x00007FF685082000-memory.dmp	xmrig
behavioral2/memory/3144-3162-0x00007FF730940000-0x00007FF730D32000-memory.dmp	xmrig
behavioral2/memory/2036-3161-0x00007FF751600000-0x00007FF7519F2000-memory.dmp	xmrig
behavioral2/memory/2140-3160-0x00007FF698160000-0x00007FF698552000-memory.dmp	xmrig
behavioral2/memory/4312-3167-0x00007FF6E75E0000-0x00007FF6E79D2000-memory.dmp	xmrig
behavioral2/memory/4436-3170-0x00007FF63C580000-0x00007FF63C972000-memory.dmp	xmrig
behavioral2/memory/3516-3169-0x00007FF77FC10000-0x00007FF780002000-memory.dmp	xmrig
behavioral2/memory/1436-3165-0x00007FF614C30000-0x00007FF615022000-memory.dmp	xmrig
behavioral2/memory/2360-3181-0x00007FF751E90000-0x00007FF752282000-memory.dmp	xmrig
behavioral2/memory/960-3184-0x00007FF783310000-0x00007FF783702000-memory.dmp	xmrig
behavioral2/memory/1592-3188-0x00007FF67CD20000-0x00007FF67D112000-memory.dmp	xmrig
behavioral2/memory/3572-3183-0x00007FF6D1B20000-0x00007FF6D1F12000-memory.dmp	xmrig
behavioral2/memory/4560-3179-0x00007FF6FD5D0000-0x00007FF6FD9C2000-memory.dmp	xmrig
behavioral2/memory/3692-3177-0x00007FF778A10000-0x00007FF778E02000-memory.dmp	xmrig
behavioral2/memory/1520-3186-0x00007FF63F490000-0x00007FF63F882000-memory.dmp	xmrig
behavioral2/memory/1644-3175-0x00007FF7932B0000-0x00007FF7936A2000-memory.dmp	xmrig
behavioral2/memory/760-3173-0x00007FF682520000-0x00007FF682912000-memory.dmp	xmrig
behavioral2/memory/4584-3190-0x00007FF66D990000-0x00007FF66DD82000-memory.dmp	xmrig
behavioral2/memory/8-3211-0x00007FF725200000-0x00007FF7255F2000-memory.dmp	xmrig
behavioral2/memory/2968-3245-0x00007FF710B60000-0x00007FF710F52000-memory.dmp	xmrig
behavioral2/memory/1892-3250-0x00007FF7CF970000-0x00007FF7CFD62000-memory.dmp	xmrig
behavioral2/memory/4616-3252-0x00007FF6AD5C0000-0x00007FF6AD9B2000-memory.dmp	xmrig
behavioral2/memory/3756-3247-0x00007FF6B2B60000-0x00007FF6B2F52000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	2104	powershell.exe
11	2104	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2104	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1516	KHGhGLb.exe
1384	VWIOUNw.exe
2036	xihrkka.exe
2140	GjjVPdp.exe
3144	IBahReX.exe
1436	KvwfeOz.exe
3516	YOSYMnk.exe
4312	ocpCAar.exe
960	AhcPtKR.exe
3572	eJMpTZp.exe
4436	QTMVxCf.exe
4560	yUYQgKG.exe
3692	TLUcJqK.exe
1592	prJcvij.exe
2360	AbsZFLL.exe
760	OvOzlZd.exe
1520	xEEnmKp.exe
1644	nvHofEJ.exe
4584	IobTHuL.exe
8	ukKRaqs.exe
2968	qmLJDOZ.exe
3756	EkLiSzL.exe
1892	nxbYcuG.exe
4616	ZQgRFGr.exe
3936	hzmoSJa.exe
1904	Oukhoka.exe
412	PBuIglD.exe
1660	DvWWqlt.exe
716	htUhRNR.exe
1124	mTupuVu.exe
4164	GMMKIBi.exe
4660	jtZjNaU.exe
4852	BbYgwWy.exe
3988	rGHaTyF.exe
3460	zqshZSZ.exe
4548	dDsbcfb.exe
1084	ALoWuxS.exe
2432	QyFUdLK.exe
4988	OmYpINx.exe
208	jDndCvK.exe
3588	AOMqGRC.exe
1208	foWNhok.exe
2932	snDBxYO.exe
4684	bZlcALC.exe
408	vpIdPYc.exe
4060	AopNAYl.exe
5108	ynQHNZT.exe
3044	pekhTjW.exe
2448	uElMzoa.exe
3468	NJiqUAP.exe
4688	MaeJFLf.exe
224	GqzbaYy.exe
3780	PhpIQju.exe
3172	qFdkVfM.exe
3712	SjFTcYg.exe
3996	TJxYPhP.exe
3492	ELGRqBq.exe
3824	qbAPtcv.exe
4776	eicMyQy.exe
4724	LUknpIO.exe
3744	PkJfHBU.exe
2156	FkzdIbR.exe
1432	bCoJalT.exe
1068	iHwQIpv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4680-0-0x00007FF7EF040000-0x00007FF7EF432000-memory.dmp	upx
behavioral2/files/0x0007000000023526-16.dat	upx
behavioral2/files/0x000800000002351f-17.dat	upx
behavioral2/files/0x0007000000023528-22.dat	upx
behavioral2/files/0x0007000000023527-29.dat	upx
behavioral2/files/0x000700000002352a-41.dat	upx
behavioral2/memory/3144-55-0x00007FF730940000-0x00007FF730D32000-memory.dmp	upx
behavioral2/files/0x000700000002352d-69.dat	upx
behavioral2/files/0x0007000000023530-91.dat	upx
behavioral2/files/0x0007000000023537-101.dat	upx
behavioral2/memory/1520-112-0x00007FF63F490000-0x00007FF63F882000-memory.dmp	upx
behavioral2/files/0x0007000000023533-115.dat	upx
behavioral2/memory/960-122-0x00007FF783310000-0x00007FF783702000-memory.dmp	upx
behavioral2/memory/4584-126-0x00007FF66D990000-0x00007FF66DD82000-memory.dmp	upx
behavioral2/files/0x0007000000023538-127.dat	upx
behavioral2/memory/760-125-0x00007FF682520000-0x00007FF682912000-memory.dmp	upx
behavioral2/memory/1592-124-0x00007FF67CD20000-0x00007FF67D112000-memory.dmp	upx
behavioral2/memory/4560-123-0x00007FF6FD5D0000-0x00007FF6FD9C2000-memory.dmp	upx
behavioral2/memory/3516-120-0x00007FF77FC10000-0x00007FF780002000-memory.dmp	upx
behavioral2/memory/2036-119-0x00007FF751600000-0x00007FF7519F2000-memory.dmp	upx
behavioral2/files/0x0007000000023536-117.dat	upx
behavioral2/memory/1384-114-0x00007FF684C90000-0x00007FF685082000-memory.dmp	upx
behavioral2/memory/1644-113-0x00007FF7932B0000-0x00007FF7936A2000-memory.dmp	upx
behavioral2/memory/2360-107-0x00007FF751E90000-0x00007FF752282000-memory.dmp	upx
behavioral2/files/0x0007000000023531-97.dat	upx
behavioral2/memory/3692-95-0x00007FF778A10000-0x00007FF778E02000-memory.dmp	upx
behavioral2/files/0x000700000002352f-84.dat	upx
behavioral2/files/0x0007000000023532-82.dat	upx
behavioral2/memory/4436-81-0x00007FF63C580000-0x00007FF63C972000-memory.dmp	upx
behavioral2/memory/3572-80-0x00007FF6D1B20000-0x00007FF6D1F12000-memory.dmp	upx
behavioral2/memory/4312-72-0x00007FF6E75E0000-0x00007FF6E79D2000-memory.dmp	upx
behavioral2/files/0x000700000002352c-64.dat	upx
behavioral2/memory/1436-61-0x00007FF614C30000-0x00007FF615022000-memory.dmp	upx
behavioral2/files/0x000700000002352e-54.dat	upx
behavioral2/files/0x000700000002352b-53.dat	upx
behavioral2/memory/2140-47-0x00007FF698160000-0x00007FF698552000-memory.dmp	upx
behavioral2/files/0x0007000000023529-36.dat	upx
behavioral2/files/0x0008000000023525-14.dat	upx
behavioral2/memory/1516-11-0x00007FF61D030000-0x00007FF61D422000-memory.dmp	upx
behavioral2/files/0x0008000000023523-131.dat	upx
behavioral2/files/0x0008000000023535-142.dat	upx
behavioral2/memory/3756-149-0x00007FF6B2B60000-0x00007FF6B2F52000-memory.dmp	upx
behavioral2/files/0x0008000000023534-166.dat	upx
behavioral2/files/0x000700000002353d-172.dat	upx
behavioral2/memory/2968-184-0x00007FF710B60000-0x00007FF710F52000-memory.dmp	upx
behavioral2/files/0x000700000002353f-189.dat	upx
behavioral2/files/0x0007000000023542-195.dat	upx
behavioral2/files/0x000700000002353e-200.dat	upx
behavioral2/files/0x0007000000023540-191.dat	upx
behavioral2/files/0x0007000000023543-188.dat	upx
behavioral2/files/0x0007000000023541-183.dat	upx
behavioral2/files/0x000700000002353c-181.dat	upx
behavioral2/files/0x000700000002353b-178.dat	upx
behavioral2/files/0x0007000000023539-175.dat	upx
behavioral2/memory/4616-165-0x00007FF6AD5C0000-0x00007FF6AD9B2000-memory.dmp	upx
behavioral2/memory/1892-162-0x00007FF7CF970000-0x00007FF7CFD62000-memory.dmp	upx
behavioral2/files/0x000700000002353a-168.dat	upx
behavioral2/memory/8-147-0x00007FF725200000-0x00007FF7255F2000-memory.dmp	upx
behavioral2/memory/1516-3101-0x00007FF61D030000-0x00007FF61D422000-memory.dmp	upx
behavioral2/memory/1520-3103-0x00007FF63F490000-0x00007FF63F882000-memory.dmp	upx
behavioral2/memory/4584-3124-0x00007FF66D990000-0x00007FF66DD82000-memory.dmp	upx
behavioral2/memory/1892-3150-0x00007FF7CF970000-0x00007FF7CFD62000-memory.dmp	upx
behavioral2/memory/3756-3148-0x00007FF6B2B60000-0x00007FF6B2F52000-memory.dmp	upx
behavioral2/memory/4616-3151-0x00007FF6AD5C0000-0x00007FF6AD9B2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PiIJHVk.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\zspNEPY.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\bnhMYlk.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\YxBhCFt.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\lqrrzcz.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\CZFXups.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\FGglQtN.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\euYEnrV.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\mEHcIXS.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\gUwXDsk.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\sHWPsPM.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\tPTeqWY.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\BjVjrZZ.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\sQoYNLg.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\yarjiRu.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\iYbJJLp.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\zRfQjxQ.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\BaoOXVq.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\eKTkRWl.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\QDAgOfZ.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\BEmArmh.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\CLppJqm.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\WWtLXqQ.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\jHxHHQu.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\kMPBxXE.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\MyAzyLK.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\sdiIVPi.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\fEhpZGM.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\kQebZok.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\QcjWStx.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\PWOfqib.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\SogAKUX.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\JcdtFwv.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\GZRoGgt.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\wWyEOws.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\trNejvA.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\Qdjuniq.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\txSxzdB.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\HHnTFxB.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\zpIOYiN.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\CasFEzE.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\IfGRqFV.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\RlolgPc.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\jrnZjbZ.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\zuNflow.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\CJRuJQP.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\KzVIOyA.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\ogdNWwZ.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\tJmVOWv.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\JORVDMA.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\phnbdib.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\NgqFwBe.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\EyjgxPN.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\pAACsXI.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\zEYSjcf.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\WHZGlON.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\kmbNwjf.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\OuGWOPb.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\HfUsPbs.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\uCQzoko.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\eVxpqmu.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\KDrYJKO.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\fOZlTuc.exe	22cbab07b966e197281f6fb9076c9a20N.exe
File created	C:\Windows\System\UJGZPcc.exe	22cbab07b966e197281f6fb9076c9a20N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2104	powershell.exe
2104	powershell.exe
2104	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4680	22cbab07b966e197281f6fb9076c9a20N.exe
Token: SeLockMemoryPrivilege	4680	22cbab07b966e197281f6fb9076c9a20N.exe
Token: SeDebugPrivilege	2104	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 2104	4680	22cbab07b966e197281f6fb9076c9a20N.exe	86
PID 4680 wrote to memory of 2104	4680	22cbab07b966e197281f6fb9076c9a20N.exe	86
PID 4680 wrote to memory of 1516	4680	22cbab07b966e197281f6fb9076c9a20N.exe	87
PID 4680 wrote to memory of 1516	4680	22cbab07b966e197281f6fb9076c9a20N.exe	87
PID 4680 wrote to memory of 1384	4680	22cbab07b966e197281f6fb9076c9a20N.exe	88
PID 4680 wrote to memory of 1384	4680	22cbab07b966e197281f6fb9076c9a20N.exe	88
PID 4680 wrote to memory of 2036	4680	22cbab07b966e197281f6fb9076c9a20N.exe	89
PID 4680 wrote to memory of 2036	4680	22cbab07b966e197281f6fb9076c9a20N.exe	89
PID 4680 wrote to memory of 3144	4680	22cbab07b966e197281f6fb9076c9a20N.exe	90
PID 4680 wrote to memory of 3144	4680	22cbab07b966e197281f6fb9076c9a20N.exe	90
PID 4680 wrote to memory of 2140	4680	22cbab07b966e197281f6fb9076c9a20N.exe	91
PID 4680 wrote to memory of 2140	4680	22cbab07b966e197281f6fb9076c9a20N.exe	91
PID 4680 wrote to memory of 1436	4680	22cbab07b966e197281f6fb9076c9a20N.exe	92
PID 4680 wrote to memory of 1436	4680	22cbab07b966e197281f6fb9076c9a20N.exe	92
PID 4680 wrote to memory of 3516	4680	22cbab07b966e197281f6fb9076c9a20N.exe	93
PID 4680 wrote to memory of 3516	4680	22cbab07b966e197281f6fb9076c9a20N.exe	93
PID 4680 wrote to memory of 4312	4680	22cbab07b966e197281f6fb9076c9a20N.exe	94
PID 4680 wrote to memory of 4312	4680	22cbab07b966e197281f6fb9076c9a20N.exe	94
PID 4680 wrote to memory of 960	4680	22cbab07b966e197281f6fb9076c9a20N.exe	95
PID 4680 wrote to memory of 960	4680	22cbab07b966e197281f6fb9076c9a20N.exe	95
PID 4680 wrote to memory of 3572	4680	22cbab07b966e197281f6fb9076c9a20N.exe	96
PID 4680 wrote to memory of 3572	4680	22cbab07b966e197281f6fb9076c9a20N.exe	96
PID 4680 wrote to memory of 4436	4680	22cbab07b966e197281f6fb9076c9a20N.exe	97
PID 4680 wrote to memory of 4436	4680	22cbab07b966e197281f6fb9076c9a20N.exe	97
PID 4680 wrote to memory of 4560	4680	22cbab07b966e197281f6fb9076c9a20N.exe	98
PID 4680 wrote to memory of 4560	4680	22cbab07b966e197281f6fb9076c9a20N.exe	98
PID 4680 wrote to memory of 3692	4680	22cbab07b966e197281f6fb9076c9a20N.exe	99
PID 4680 wrote to memory of 3692	4680	22cbab07b966e197281f6fb9076c9a20N.exe	99
PID 4680 wrote to memory of 2360	4680	22cbab07b966e197281f6fb9076c9a20N.exe	100
PID 4680 wrote to memory of 2360	4680	22cbab07b966e197281f6fb9076c9a20N.exe	100
PID 4680 wrote to memory of 1592	4680	22cbab07b966e197281f6fb9076c9a20N.exe	101
PID 4680 wrote to memory of 1592	4680	22cbab07b966e197281f6fb9076c9a20N.exe	101
PID 4680 wrote to memory of 760	4680	22cbab07b966e197281f6fb9076c9a20N.exe	102
PID 4680 wrote to memory of 760	4680	22cbab07b966e197281f6fb9076c9a20N.exe	102
PID 4680 wrote to memory of 1520	4680	22cbab07b966e197281f6fb9076c9a20N.exe	103
PID 4680 wrote to memory of 1520	4680	22cbab07b966e197281f6fb9076c9a20N.exe	103
PID 4680 wrote to memory of 1644	4680	22cbab07b966e197281f6fb9076c9a20N.exe	104
PID 4680 wrote to memory of 1644	4680	22cbab07b966e197281f6fb9076c9a20N.exe	104
PID 4680 wrote to memory of 4584	4680	22cbab07b966e197281f6fb9076c9a20N.exe	105
PID 4680 wrote to memory of 4584	4680	22cbab07b966e197281f6fb9076c9a20N.exe	105
PID 4680 wrote to memory of 8	4680	22cbab07b966e197281f6fb9076c9a20N.exe	106
PID 4680 wrote to memory of 8	4680	22cbab07b966e197281f6fb9076c9a20N.exe	106
PID 4680 wrote to memory of 3756	4680	22cbab07b966e197281f6fb9076c9a20N.exe	107
PID 4680 wrote to memory of 3756	4680	22cbab07b966e197281f6fb9076c9a20N.exe	107
PID 4680 wrote to memory of 2968	4680	22cbab07b966e197281f6fb9076c9a20N.exe	108
PID 4680 wrote to memory of 2968	4680	22cbab07b966e197281f6fb9076c9a20N.exe	108
PID 4680 wrote to memory of 1892	4680	22cbab07b966e197281f6fb9076c9a20N.exe	109
PID 4680 wrote to memory of 1892	4680	22cbab07b966e197281f6fb9076c9a20N.exe	109
PID 4680 wrote to memory of 4616	4680	22cbab07b966e197281f6fb9076c9a20N.exe	110
PID 4680 wrote to memory of 4616	4680	22cbab07b966e197281f6fb9076c9a20N.exe	110
PID 4680 wrote to memory of 3936	4680	22cbab07b966e197281f6fb9076c9a20N.exe	111
PID 4680 wrote to memory of 3936	4680	22cbab07b966e197281f6fb9076c9a20N.exe	111
PID 4680 wrote to memory of 1904	4680	22cbab07b966e197281f6fb9076c9a20N.exe	112
PID 4680 wrote to memory of 1904	4680	22cbab07b966e197281f6fb9076c9a20N.exe	112
PID 4680 wrote to memory of 1124	4680	22cbab07b966e197281f6fb9076c9a20N.exe	113
PID 4680 wrote to memory of 1124	4680	22cbab07b966e197281f6fb9076c9a20N.exe	113
PID 4680 wrote to memory of 412	4680	22cbab07b966e197281f6fb9076c9a20N.exe	114
PID 4680 wrote to memory of 412	4680	22cbab07b966e197281f6fb9076c9a20N.exe	114
PID 4680 wrote to memory of 1660	4680	22cbab07b966e197281f6fb9076c9a20N.exe	115
PID 4680 wrote to memory of 1660	4680	22cbab07b966e197281f6fb9076c9a20N.exe	115
PID 4680 wrote to memory of 716	4680	22cbab07b966e197281f6fb9076c9a20N.exe	116
PID 4680 wrote to memory of 716	4680	22cbab07b966e197281f6fb9076c9a20N.exe	116
PID 4680 wrote to memory of 4164	4680	22cbab07b966e197281f6fb9076c9a20N.exe	117
PID 4680 wrote to memory of 4164	4680	22cbab07b966e197281f6fb9076c9a20N.exe	117

C:\Users\Admin\AppData\Local\Temp\22cbab07b966e197281f6fb9076c9a20N.exe
"C:\Users\Admin\AppData\Local\Temp\22cbab07b966e197281f6fb9076c9a20N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2104
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2104" "2924" "2820" "2928" "0" "0" "2932" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12720
- C:\Windows\System\KHGhGLb.exe
  C:\Windows\System\KHGhGLb.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\VWIOUNw.exe
  C:\Windows\System\VWIOUNw.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\xihrkka.exe
  C:\Windows\System\xihrkka.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\IBahReX.exe
  C:\Windows\System\IBahReX.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\GjjVPdp.exe
  C:\Windows\System\GjjVPdp.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\KvwfeOz.exe
  C:\Windows\System\KvwfeOz.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\YOSYMnk.exe
  C:\Windows\System\YOSYMnk.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\ocpCAar.exe
  C:\Windows\System\ocpCAar.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\AhcPtKR.exe
  C:\Windows\System\AhcPtKR.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\eJMpTZp.exe
  C:\Windows\System\eJMpTZp.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\QTMVxCf.exe
  C:\Windows\System\QTMVxCf.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\yUYQgKG.exe
  C:\Windows\System\yUYQgKG.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\TLUcJqK.exe
  C:\Windows\System\TLUcJqK.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\AbsZFLL.exe
  C:\Windows\System\AbsZFLL.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\prJcvij.exe
  C:\Windows\System\prJcvij.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\OvOzlZd.exe
  C:\Windows\System\OvOzlZd.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\xEEnmKp.exe
  C:\Windows\System\xEEnmKp.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\nvHofEJ.exe
  C:\Windows\System\nvHofEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\IobTHuL.exe
  C:\Windows\System\IobTHuL.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\ukKRaqs.exe
  C:\Windows\System\ukKRaqs.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\EkLiSzL.exe
  C:\Windows\System\EkLiSzL.exe
  2⤵
  - Executes dropped EXE
  PID:3756
- C:\Windows\System\qmLJDOZ.exe
  C:\Windows\System\qmLJDOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\nxbYcuG.exe
  C:\Windows\System\nxbYcuG.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\ZQgRFGr.exe
  C:\Windows\System\ZQgRFGr.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\hzmoSJa.exe
  C:\Windows\System\hzmoSJa.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\Oukhoka.exe
  C:\Windows\System\Oukhoka.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\mTupuVu.exe
  C:\Windows\System\mTupuVu.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\PBuIglD.exe
  C:\Windows\System\PBuIglD.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\DvWWqlt.exe
  C:\Windows\System\DvWWqlt.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\htUhRNR.exe
  C:\Windows\System\htUhRNR.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\GMMKIBi.exe
  C:\Windows\System\GMMKIBi.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\jtZjNaU.exe
  C:\Windows\System\jtZjNaU.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\BbYgwWy.exe
  C:\Windows\System\BbYgwWy.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\rGHaTyF.exe
  C:\Windows\System\rGHaTyF.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\zqshZSZ.exe
  C:\Windows\System\zqshZSZ.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\dDsbcfb.exe
  C:\Windows\System\dDsbcfb.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\ALoWuxS.exe
  C:\Windows\System\ALoWuxS.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\QyFUdLK.exe
  C:\Windows\System\QyFUdLK.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\OmYpINx.exe
  C:\Windows\System\OmYpINx.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\jDndCvK.exe
  C:\Windows\System\jDndCvK.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\AOMqGRC.exe
  C:\Windows\System\AOMqGRC.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\foWNhok.exe
  C:\Windows\System\foWNhok.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\snDBxYO.exe
  C:\Windows\System\snDBxYO.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\bZlcALC.exe
  C:\Windows\System\bZlcALC.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\vpIdPYc.exe
  C:\Windows\System\vpIdPYc.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\AopNAYl.exe
  C:\Windows\System\AopNAYl.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\ynQHNZT.exe
  C:\Windows\System\ynQHNZT.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\pekhTjW.exe
  C:\Windows\System\pekhTjW.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\uElMzoa.exe
  C:\Windows\System\uElMzoa.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\MaeJFLf.exe
  C:\Windows\System\MaeJFLf.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\NJiqUAP.exe
  C:\Windows\System\NJiqUAP.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\SjFTcYg.exe
  C:\Windows\System\SjFTcYg.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\GqzbaYy.exe
  C:\Windows\System\GqzbaYy.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\PhpIQju.exe
  C:\Windows\System\PhpIQju.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\qFdkVfM.exe
  C:\Windows\System\qFdkVfM.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\TJxYPhP.exe
  C:\Windows\System\TJxYPhP.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\ELGRqBq.exe
  C:\Windows\System\ELGRqBq.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\qbAPtcv.exe
  C:\Windows\System\qbAPtcv.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\eicMyQy.exe
  C:\Windows\System\eicMyQy.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\LUknpIO.exe
  C:\Windows\System\LUknpIO.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\PkJfHBU.exe
  C:\Windows\System\PkJfHBU.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\bCoJalT.exe
  C:\Windows\System\bCoJalT.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\FkzdIbR.exe
  C:\Windows\System\FkzdIbR.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\iHwQIpv.exe
  C:\Windows\System\iHwQIpv.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\fTrpZwv.exe
  C:\Windows\System\fTrpZwv.exe
  2⤵
  PID:1972
- C:\Windows\System\MxNgtEN.exe
  C:\Windows\System\MxNgtEN.exe
  2⤵
  PID:4952
- C:\Windows\System\ceWNKOD.exe
  C:\Windows\System\ceWNKOD.exe
  2⤵
  PID:4600
- C:\Windows\System\AXjMZMm.exe
  C:\Windows\System\AXjMZMm.exe
  2⤵
  PID:1600
- C:\Windows\System\sUVTzhI.exe
  C:\Windows\System\sUVTzhI.exe
  2⤵
  PID:2420
- C:\Windows\System\QCrsawi.exe
  C:\Windows\System\QCrsawi.exe
  2⤵
  PID:2052
- C:\Windows\System\CNTQGlv.exe
  C:\Windows\System\CNTQGlv.exe
  2⤵
  PID:4648
- C:\Windows\System\niOnezi.exe
  C:\Windows\System\niOnezi.exe
  2⤵
  PID:4992
- C:\Windows\System\blXVDnh.exe
  C:\Windows\System\blXVDnh.exe
  2⤵
  PID:4112
- C:\Windows\System\MnGjbvY.exe
  C:\Windows\System\MnGjbvY.exe
  2⤵
  PID:3740
- C:\Windows\System\KmTpfvL.exe
  C:\Windows\System\KmTpfvL.exe
  2⤵
  PID:1392
- C:\Windows\System\liwPXrX.exe
  C:\Windows\System\liwPXrX.exe
  2⤵
  PID:4960
- C:\Windows\System\ryrjxYd.exe
  C:\Windows\System\ryrjxYd.exe
  2⤵
  PID:4612
- C:\Windows\System\AmRmntt.exe
  C:\Windows\System\AmRmntt.exe
  2⤵
  PID:3716
- C:\Windows\System\LlagfFg.exe
  C:\Windows\System\LlagfFg.exe
  2⤵
  PID:3876
- C:\Windows\System\DyOtSnb.exe
  C:\Windows\System\DyOtSnb.exe
  2⤵
  PID:1984
- C:\Windows\System\MyyDxTj.exe
  C:\Windows\System\MyyDxTj.exe
  2⤵
  PID:1996
- C:\Windows\System\qakVNKN.exe
  C:\Windows\System\qakVNKN.exe
  2⤵
  PID:4984
- C:\Windows\System\ojVNPVx.exe
  C:\Windows\System\ojVNPVx.exe
  2⤵
  PID:4656
- C:\Windows\System\LZbtbjo.exe
  C:\Windows\System\LZbtbjo.exe
  2⤵
  PID:1800
- C:\Windows\System\AMHGOwt.exe
  C:\Windows\System\AMHGOwt.exe
  2⤵
  PID:3848
- C:\Windows\System\EbeVbNL.exe
  C:\Windows\System\EbeVbNL.exe
  2⤵
  PID:4916
- C:\Windows\System\hTgVbwd.exe
  C:\Windows\System\hTgVbwd.exe
  2⤵
  PID:5144
- C:\Windows\System\YyIsUSm.exe
  C:\Windows\System\YyIsUSm.exe
  2⤵
  PID:5164
- C:\Windows\System\UmkPlHz.exe
  C:\Windows\System\UmkPlHz.exe
  2⤵
  PID:5188
- C:\Windows\System\ciGKZFF.exe
  C:\Windows\System\ciGKZFF.exe
  2⤵
  PID:5216
- C:\Windows\System\CNppaBr.exe
  C:\Windows\System\CNppaBr.exe
  2⤵
  PID:5236
- C:\Windows\System\yFxNZsQ.exe
  C:\Windows\System\yFxNZsQ.exe
  2⤵
  PID:5260
- C:\Windows\System\XDoICxQ.exe
  C:\Windows\System\XDoICxQ.exe
  2⤵
  PID:5284
- C:\Windows\System\yHJnAMn.exe
  C:\Windows\System\yHJnAMn.exe
  2⤵
  PID:5320
- C:\Windows\System\AwAqLlP.exe
  C:\Windows\System\AwAqLlP.exe
  2⤵
  PID:5340
- C:\Windows\System\PIcuZJQ.exe
  C:\Windows\System\PIcuZJQ.exe
  2⤵
  PID:5412
- C:\Windows\System\OEfewWS.exe
  C:\Windows\System\OEfewWS.exe
  2⤵
  PID:5428
- C:\Windows\System\gXxovsH.exe
  C:\Windows\System\gXxovsH.exe
  2⤵
  PID:5448
- C:\Windows\System\wiBCiMX.exe
  C:\Windows\System\wiBCiMX.exe
  2⤵
  PID:5468
- C:\Windows\System\NXUTgkv.exe
  C:\Windows\System\NXUTgkv.exe
  2⤵
  PID:5492
- C:\Windows\System\FNAlPeF.exe
  C:\Windows\System\FNAlPeF.exe
  2⤵
  PID:5512
- C:\Windows\System\vXgWnYV.exe
  C:\Windows\System\vXgWnYV.exe
  2⤵
  PID:5532
- C:\Windows\System\PIPhKXy.exe
  C:\Windows\System\PIPhKXy.exe
  2⤵
  PID:5556
- C:\Windows\System\wXAVbLb.exe
  C:\Windows\System\wXAVbLb.exe
  2⤵
  PID:5584
- C:\Windows\System\hGAwvik.exe
  C:\Windows\System\hGAwvik.exe
  2⤵
  PID:5600
- C:\Windows\System\tHisakr.exe
  C:\Windows\System\tHisakr.exe
  2⤵
  PID:5624
- C:\Windows\System\HgUykaC.exe
  C:\Windows\System\HgUykaC.exe
  2⤵
  PID:5640
- C:\Windows\System\pLPMbxd.exe
  C:\Windows\System\pLPMbxd.exe
  2⤵
  PID:5660
- C:\Windows\System\dXArylM.exe
  C:\Windows\System\dXArylM.exe
  2⤵
  PID:5688
- C:\Windows\System\bubTeOd.exe
  C:\Windows\System\bubTeOd.exe
  2⤵
  PID:5704
- C:\Windows\System\JyhhaPV.exe
  C:\Windows\System\JyhhaPV.exe
  2⤵
  PID:5724
- C:\Windows\System\SyfQhhj.exe
  C:\Windows\System\SyfQhhj.exe
  2⤵
  PID:5744
- C:\Windows\System\nCDCbcF.exe
  C:\Windows\System\nCDCbcF.exe
  2⤵
  PID:5760
- C:\Windows\System\dcvpKYY.exe
  C:\Windows\System\dcvpKYY.exe
  2⤵
  PID:5784
- C:\Windows\System\seQLIqr.exe
  C:\Windows\System\seQLIqr.exe
  2⤵
  PID:5804
- C:\Windows\System\kmNFnPw.exe
  C:\Windows\System\kmNFnPw.exe
  2⤵
  PID:5868
- C:\Windows\System\ufuTOrI.exe
  C:\Windows\System\ufuTOrI.exe
  2⤵
  PID:5888
- C:\Windows\System\aQqfmEo.exe
  C:\Windows\System\aQqfmEo.exe
  2⤵
  PID:5912
- C:\Windows\System\XXXloGF.exe
  C:\Windows\System\XXXloGF.exe
  2⤵
  PID:5940
- C:\Windows\System\YepuoQQ.exe
  C:\Windows\System\YepuoQQ.exe
  2⤵
  PID:5964
- C:\Windows\System\ORlwsMc.exe
  C:\Windows\System\ORlwsMc.exe
  2⤵
  PID:6012
- C:\Windows\System\UjBlEAy.exe
  C:\Windows\System\UjBlEAy.exe
  2⤵
  PID:6028
- C:\Windows\System\aYRgTCD.exe
  C:\Windows\System\aYRgTCD.exe
  2⤵
  PID:6052
- C:\Windows\System\ZcVTZUp.exe
  C:\Windows\System\ZcVTZUp.exe
  2⤵
  PID:6068
- C:\Windows\System\lfTcChc.exe
  C:\Windows\System\lfTcChc.exe
  2⤵
  PID:6088
- C:\Windows\System\OnePRZA.exe
  C:\Windows\System\OnePRZA.exe
  2⤵
  PID:6124
- C:\Windows\System\MBHzNFe.exe
  C:\Windows\System\MBHzNFe.exe
  2⤵
  PID:2076
- C:\Windows\System\WGtUxar.exe
  C:\Windows\System\WGtUxar.exe
  2⤵
  PID:5256
- C:\Windows\System\ZZhFryL.exe
  C:\Windows\System\ZZhFryL.exe
  2⤵
  PID:5312
- C:\Windows\System\DhTpASg.exe
  C:\Windows\System\DhTpASg.exe
  2⤵
  PID:5520
- C:\Windows\System\OwnQOUG.exe
  C:\Windows\System\OwnQOUG.exe
  2⤵
  PID:5500
- C:\Windows\System\RHGGXbG.exe
  C:\Windows\System\RHGGXbG.exe
  2⤵
  PID:5576
- C:\Windows\System\IfUbRkf.exe
  C:\Windows\System\IfUbRkf.exe
  2⤵
  PID:5548
- C:\Windows\System\BRWYicR.exe
  C:\Windows\System\BRWYicR.exe
  2⤵
  PID:5740
- C:\Windows\System\tPwUkfy.exe
  C:\Windows\System\tPwUkfy.exe
  2⤵
  PID:5608
- C:\Windows\System\ilLmCLk.exe
  C:\Windows\System\ilLmCLk.exe
  2⤵
  PID:5780
- C:\Windows\System\TIXnXVG.exe
  C:\Windows\System\TIXnXVG.exe
  2⤵
  PID:5904
- C:\Windows\System\tnBfpYh.exe
  C:\Windows\System\tnBfpYh.exe
  2⤵
  PID:6076
- C:\Windows\System\NTmzAjy.exe
  C:\Windows\System\NTmzAjy.exe
  2⤵
  PID:6112
- C:\Windows\System\aXabmCw.exe
  C:\Windows\System\aXabmCw.exe
  2⤵
  PID:6024
- C:\Windows\System\rLrBWMK.exe
  C:\Windows\System\rLrBWMK.exe
  2⤵
  PID:5128
- C:\Windows\System\GgIjpnA.exe
  C:\Windows\System\GgIjpnA.exe
  2⤵
  PID:5376
- C:\Windows\System\TeTUZCC.exe
  C:\Windows\System\TeTUZCC.exe
  2⤵
  PID:5700
- C:\Windows\System\kmbNwjf.exe
  C:\Windows\System\kmbNwjf.exe
  2⤵
  PID:5756
- C:\Windows\System\KqkHTeP.exe
  C:\Windows\System\KqkHTeP.exe
  2⤵
  PID:5928
- C:\Windows\System\oCqFETg.exe
  C:\Windows\System\oCqFETg.exe
  2⤵
  PID:5900
- C:\Windows\System\oLQdCjV.exe
  C:\Windows\System\oLQdCjV.exe
  2⤵
  PID:6064
- C:\Windows\System\FifCMVp.exe
  C:\Windows\System\FifCMVp.exe
  2⤵
  PID:5476
- C:\Windows\System\sOogbtC.exe
  C:\Windows\System\sOogbtC.exe
  2⤵
  PID:5880
- C:\Windows\System\sfvRPxZ.exe
  C:\Windows\System\sfvRPxZ.exe
  2⤵
  PID:6148
- C:\Windows\System\JgUuyYN.exe
  C:\Windows\System\JgUuyYN.exe
  2⤵
  PID:6180
- C:\Windows\System\XNBWcEY.exe
  C:\Windows\System\XNBWcEY.exe
  2⤵
  PID:6212
- C:\Windows\System\BEoGyjX.exe
  C:\Windows\System\BEoGyjX.exe
  2⤵
  PID:6248
- C:\Windows\System\evlddjQ.exe
  C:\Windows\System\evlddjQ.exe
  2⤵
  PID:6276
- C:\Windows\System\lrMPgBa.exe
  C:\Windows\System\lrMPgBa.exe
  2⤵
  PID:6292
- C:\Windows\System\MFIhMMZ.exe
  C:\Windows\System\MFIhMMZ.exe
  2⤵
  PID:6312
- C:\Windows\System\zsDIYoB.exe
  C:\Windows\System\zsDIYoB.exe
  2⤵
  PID:6360
- C:\Windows\System\oIQpXLW.exe
  C:\Windows\System\oIQpXLW.exe
  2⤵
  PID:6396
- C:\Windows\System\LyniidY.exe
  C:\Windows\System\LyniidY.exe
  2⤵
  PID:6412
- C:\Windows\System\LrznTvr.exe
  C:\Windows\System\LrznTvr.exe
  2⤵
  PID:6444
- C:\Windows\System\hkVIEKy.exe
  C:\Windows\System\hkVIEKy.exe
  2⤵
  PID:6464
- C:\Windows\System\YJcUtin.exe
  C:\Windows\System\YJcUtin.exe
  2⤵
  PID:6484
- C:\Windows\System\wSDERNr.exe
  C:\Windows\System\wSDERNr.exe
  2⤵
  PID:6500
- C:\Windows\System\zBiTNCf.exe
  C:\Windows\System\zBiTNCf.exe
  2⤵
  PID:6524
- C:\Windows\System\ZstOxWa.exe
  C:\Windows\System\ZstOxWa.exe
  2⤵
  PID:6548
- C:\Windows\System\pTtVFCA.exe
  C:\Windows\System\pTtVFCA.exe
  2⤵
  PID:6564
- C:\Windows\System\tqRlsmQ.exe
  C:\Windows\System\tqRlsmQ.exe
  2⤵
  PID:6588
- C:\Windows\System\xoWLWmu.exe
  C:\Windows\System\xoWLWmu.exe
  2⤵
  PID:6604
- C:\Windows\System\JhOusln.exe
  C:\Windows\System\JhOusln.exe
  2⤵
  PID:6628
- C:\Windows\System\OrLZdXH.exe
  C:\Windows\System\OrLZdXH.exe
  2⤵
  PID:6712
- C:\Windows\System\lBiJVMM.exe
  C:\Windows\System\lBiJVMM.exe
  2⤵
  PID:6808
- C:\Windows\System\kbzrOZh.exe
  C:\Windows\System\kbzrOZh.exe
  2⤵
  PID:6824
- C:\Windows\System\vrMwulv.exe
  C:\Windows\System\vrMwulv.exe
  2⤵
  PID:6844
- C:\Windows\System\UQEcHpC.exe
  C:\Windows\System\UQEcHpC.exe
  2⤵
  PID:6864
- C:\Windows\System\aMozOGT.exe
  C:\Windows\System\aMozOGT.exe
  2⤵
  PID:6888
- C:\Windows\System\TOPkEjG.exe
  C:\Windows\System\TOPkEjG.exe
  2⤵
  PID:6904
- C:\Windows\System\xwMVjlR.exe
  C:\Windows\System\xwMVjlR.exe
  2⤵
  PID:6928
- C:\Windows\System\pOpoEhg.exe
  C:\Windows\System\pOpoEhg.exe
  2⤵
  PID:6948
- C:\Windows\System\yxnOFsh.exe
  C:\Windows\System\yxnOFsh.exe
  2⤵
  PID:6980
- C:\Windows\System\nwozRbV.exe
  C:\Windows\System\nwozRbV.exe
  2⤵
  PID:6996
- C:\Windows\System\dyZOAJE.exe
  C:\Windows\System\dyZOAJE.exe
  2⤵
  PID:7012
- C:\Windows\System\ryzhwTi.exe
  C:\Windows\System\ryzhwTi.exe
  2⤵
  PID:7036
- C:\Windows\System\ybwujOb.exe
  C:\Windows\System\ybwujOb.exe
  2⤵
  PID:7092
- C:\Windows\System\FvyfvSb.exe
  C:\Windows\System\FvyfvSb.exe
  2⤵
  PID:7116
- C:\Windows\System\pnHrSwb.exe
  C:\Windows\System\pnHrSwb.exe
  2⤵
  PID:7144
- C:\Windows\System\ylaqcmT.exe
  C:\Windows\System\ylaqcmT.exe
  2⤵
  PID:7164
- C:\Windows\System\BSDPRbO.exe
  C:\Windows\System\BSDPRbO.exe
  2⤵
  PID:6240
- C:\Windows\System\BwVoQMh.exe
  C:\Windows\System\BwVoQMh.exe
  2⤵
  PID:6268
- C:\Windows\System\qjqoDAK.exe
  C:\Windows\System\qjqoDAK.exe
  2⤵
  PID:6304
- C:\Windows\System\HYWRrld.exe
  C:\Windows\System\HYWRrld.exe
  2⤵
  PID:6424
- C:\Windows\System\stJBuIb.exe
  C:\Windows\System\stJBuIb.exe
  2⤵
  PID:6496
- C:\Windows\System\GWKGXxl.exe
  C:\Windows\System\GWKGXxl.exe
  2⤵
  PID:6540
- C:\Windows\System\MfXRtFE.exe
  C:\Windows\System\MfXRtFE.exe
  2⤵
  PID:6580
- C:\Windows\System\hhmsRoZ.exe
  C:\Windows\System\hhmsRoZ.exe
  2⤵
  PID:6672
- C:\Windows\System\YjNKXID.exe
  C:\Windows\System\YjNKXID.exe
  2⤵
  PID:6768
- C:\Windows\System\nzwAeMm.exe
  C:\Windows\System\nzwAeMm.exe
  2⤵
  PID:6800
- C:\Windows\System\IrAiYxQ.exe
  C:\Windows\System\IrAiYxQ.exe
  2⤵
  PID:6832
- C:\Windows\System\jGzpWAR.exe
  C:\Windows\System\jGzpWAR.exe
  2⤵
  PID:6896
- C:\Windows\System\WRSQKOK.exe
  C:\Windows\System\WRSQKOK.exe
  2⤵
  PID:6972
- C:\Windows\System\tFxoASh.exe
  C:\Windows\System\tFxoASh.exe
  2⤵
  PID:7124
- C:\Windows\System\BvbNcEn.exe
  C:\Windows\System\BvbNcEn.exe
  2⤵
  PID:7024
- C:\Windows\System\GcABhFt.exe
  C:\Windows\System\GcABhFt.exe
  2⤵
  PID:6200
- C:\Windows\System\XyqYFKM.exe
  C:\Windows\System\XyqYFKM.exe
  2⤵
  PID:6308
- C:\Windows\System\krIysey.exe
  C:\Windows\System\krIysey.exe
  2⤵
  PID:6456
- C:\Windows\System\euDFRbn.exe
  C:\Windows\System\euDFRbn.exe
  2⤵
  PID:6560
- C:\Windows\System\BhCxKGv.exe
  C:\Windows\System\BhCxKGv.exe
  2⤵
  PID:6776
- C:\Windows\System\VydYYXg.exe
  C:\Windows\System\VydYYXg.exe
  2⤵
  PID:6816
- C:\Windows\System\RHRXEXm.exe
  C:\Windows\System\RHRXEXm.exe
  2⤵
  PID:6988
- C:\Windows\System\NBwfgZT.exe
  C:\Windows\System\NBwfgZT.exe
  2⤵
  PID:6048
- C:\Windows\System\DTsiyrd.exe
  C:\Windows\System\DTsiyrd.exe
  2⤵
  PID:6664
- C:\Windows\System\AYLPhIg.exe
  C:\Windows\System\AYLPhIg.exe
  2⤵
  PID:7112
- C:\Windows\System\pNJOojG.exe
  C:\Windows\System\pNJOojG.exe
  2⤵
  PID:6084
- C:\Windows\System\vdRjuhy.exe
  C:\Windows\System\vdRjuhy.exe
  2⤵
  PID:6872
- C:\Windows\System\lDWquuY.exe
  C:\Windows\System\lDWquuY.exe
  2⤵
  PID:7188
- C:\Windows\System\CQHPIkF.exe
  C:\Windows\System\CQHPIkF.exe
  2⤵
  PID:7216
- C:\Windows\System\VdCyuKI.exe
  C:\Windows\System\VdCyuKI.exe
  2⤵
  PID:7244
- C:\Windows\System\fRflwnJ.exe
  C:\Windows\System\fRflwnJ.exe
  2⤵
  PID:7284
- C:\Windows\System\MZgXCPU.exe
  C:\Windows\System\MZgXCPU.exe
  2⤵
  PID:7308
- C:\Windows\System\BehWbUM.exe
  C:\Windows\System\BehWbUM.exe
  2⤵
  PID:7328
- C:\Windows\System\SopqQtL.exe
  C:\Windows\System\SopqQtL.exe
  2⤵
  PID:7344
- C:\Windows\System\LCizffw.exe
  C:\Windows\System\LCizffw.exe
  2⤵
  PID:7392
- C:\Windows\System\QLlktsx.exe
  C:\Windows\System\QLlktsx.exe
  2⤵
  PID:7408
- C:\Windows\System\cIpKoLR.exe
  C:\Windows\System\cIpKoLR.exe
  2⤵
  PID:7432
- C:\Windows\System\bHrSyAE.exe
  C:\Windows\System\bHrSyAE.exe
  2⤵
  PID:7476
- C:\Windows\System\izyOIwo.exe
  C:\Windows\System\izyOIwo.exe
  2⤵
  PID:7516
- C:\Windows\System\glbWQvS.exe
  C:\Windows\System\glbWQvS.exe
  2⤵
  PID:7532
- C:\Windows\System\fLONFdi.exe
  C:\Windows\System\fLONFdi.exe
  2⤵
  PID:7560
- C:\Windows\System\CWzkJVv.exe
  C:\Windows\System\CWzkJVv.exe
  2⤵
  PID:7580
- C:\Windows\System\pAbWKVH.exe
  C:\Windows\System\pAbWKVH.exe
  2⤵
  PID:7604
- C:\Windows\System\vyqUKlM.exe
  C:\Windows\System\vyqUKlM.exe
  2⤵
  PID:7624
- C:\Windows\System\JLJROCC.exe
  C:\Windows\System\JLJROCC.exe
  2⤵
  PID:7652
- C:\Windows\System\VaQAOFY.exe
  C:\Windows\System\VaQAOFY.exe
  2⤵
  PID:7684
- C:\Windows\System\ZDPQoYH.exe
  C:\Windows\System\ZDPQoYH.exe
  2⤵
  PID:7732
- C:\Windows\System\jxEkelT.exe
  C:\Windows\System\jxEkelT.exe
  2⤵
  PID:7752
- C:\Windows\System\zkwbkUV.exe
  C:\Windows\System\zkwbkUV.exe
  2⤵
  PID:7772
- C:\Windows\System\OTlPIZt.exe
  C:\Windows\System\OTlPIZt.exe
  2⤵
  PID:7804
- C:\Windows\System\AoszAIZ.exe
  C:\Windows\System\AoszAIZ.exe
  2⤵
  PID:7836
- C:\Windows\System\WFjFNJP.exe
  C:\Windows\System\WFjFNJP.exe
  2⤵
  PID:7860
- C:\Windows\System\ICudeFa.exe
  C:\Windows\System\ICudeFa.exe
  2⤵
  PID:7904
- C:\Windows\System\LwDHRRM.exe
  C:\Windows\System\LwDHRRM.exe
  2⤵
  PID:7920
- C:\Windows\System\NJYLaHZ.exe
  C:\Windows\System\NJYLaHZ.exe
  2⤵
  PID:7944
- C:\Windows\System\xSDwkQX.exe
  C:\Windows\System\xSDwkQX.exe
  2⤵
  PID:7964
- C:\Windows\System\vobPTFx.exe
  C:\Windows\System\vobPTFx.exe
  2⤵
  PID:7992
- C:\Windows\System\IWSGLdz.exe
  C:\Windows\System\IWSGLdz.exe
  2⤵
  PID:8016
- C:\Windows\System\kFRrQfT.exe
  C:\Windows\System\kFRrQfT.exe
  2⤵
  PID:8044
- C:\Windows\System\ZeiwOue.exe
  C:\Windows\System\ZeiwOue.exe
  2⤵
  PID:8064
- C:\Windows\System\SrUQKbu.exe
  C:\Windows\System\SrUQKbu.exe
  2⤵
  PID:8084
- C:\Windows\System\VGsWkwB.exe
  C:\Windows\System\VGsWkwB.exe
  2⤵
  PID:8116
- C:\Windows\System\bnYefdv.exe
  C:\Windows\System\bnYefdv.exe
  2⤵
  PID:8168
- C:\Windows\System\oXkgiQz.exe
  C:\Windows\System\oXkgiQz.exe
  2⤵
  PID:6516
- C:\Windows\System\wKCAxLP.exe
  C:\Windows\System\wKCAxLP.exe
  2⤵
  PID:7180
- C:\Windows\System\nGHNUSZ.exe
  C:\Windows\System\nGHNUSZ.exe
  2⤵
  PID:7228
- C:\Windows\System\oLWlFRT.exe
  C:\Windows\System\oLWlFRT.exe
  2⤵
  PID:7280
- C:\Windows\System\KXpEJGG.exe
  C:\Windows\System\KXpEJGG.exe
  2⤵
  PID:7324
- C:\Windows\System\GwSDaYt.exe
  C:\Windows\System\GwSDaYt.exe
  2⤵
  PID:7468
- C:\Windows\System\CDFXoQN.exe
  C:\Windows\System\CDFXoQN.exe
  2⤵
  PID:7544
- C:\Windows\System\hMbCySu.exe
  C:\Windows\System\hMbCySu.exe
  2⤵
  PID:7632
- C:\Windows\System\DrGtHcZ.exe
  C:\Windows\System\DrGtHcZ.exe
  2⤵
  PID:7720
- C:\Windows\System\mDUiefT.exe
  C:\Windows\System\mDUiefT.exe
  2⤵
  PID:7760
- C:\Windows\System\XGErctb.exe
  C:\Windows\System\XGErctb.exe
  2⤵
  PID:7856
- C:\Windows\System\kbkSKmb.exe
  C:\Windows\System\kbkSKmb.exe
  2⤵
  PID:7876
- C:\Windows\System\iDuadGV.exe
  C:\Windows\System\iDuadGV.exe
  2⤵
  PID:7936
- C:\Windows\System\tlMcrvz.exe
  C:\Windows\System\tlMcrvz.exe
  2⤵
  PID:7972
- C:\Windows\System\jxQDLgU.exe
  C:\Windows\System\jxQDLgU.exe
  2⤵
  PID:8032
- C:\Windows\System\BsBDIcd.exe
  C:\Windows\System\BsBDIcd.exe
  2⤵
  PID:8056
- C:\Windows\System\raABGoc.exe
  C:\Windows\System\raABGoc.exe
  2⤵
  PID:8112
- C:\Windows\System\ldvWdQk.exe
  C:\Windows\System\ldvWdQk.exe
  2⤵
  PID:7264
- C:\Windows\System\UewqHDN.exe
  C:\Windows\System\UewqHDN.exe
  2⤵
  PID:7448
- C:\Windows\System\RJcPaal.exe
  C:\Windows\System\RJcPaal.exe
  2⤵
  PID:7596
- C:\Windows\System\OSnSPbT.exe
  C:\Windows\System\OSnSPbT.exe
  2⤵
  PID:7748
- C:\Windows\System\glnASxI.exe
  C:\Windows\System\glnASxI.exe
  2⤵
  PID:7880
- C:\Windows\System\qmgDeVD.exe
  C:\Windows\System\qmgDeVD.exe
  2⤵
  PID:8184
- C:\Windows\System\BAHsCyT.exe
  C:\Windows\System\BAHsCyT.exe
  2⤵
  PID:8028
- C:\Windows\System\oKSaICt.exe
  C:\Windows\System\oKSaICt.exe
  2⤵
  PID:7388
- C:\Windows\System\oOPfbBW.exe
  C:\Windows\System\oOPfbBW.exe
  2⤵
  PID:7848
- C:\Windows\System\PUuGcDk.exe
  C:\Windows\System\PUuGcDk.exe
  2⤵
  PID:8076
- C:\Windows\System\OBIxnbw.exe
  C:\Windows\System\OBIxnbw.exe
  2⤵
  PID:7828
- C:\Windows\System\sxQjuQE.exe
  C:\Windows\System\sxQjuQE.exe
  2⤵
  PID:8196
- C:\Windows\System\xToFXmy.exe
  C:\Windows\System\xToFXmy.exe
  2⤵
  PID:8220
- C:\Windows\System\HSAUyXr.exe
  C:\Windows\System\HSAUyXr.exe
  2⤵
  PID:8244
- C:\Windows\System\vpNQlwL.exe
  C:\Windows\System\vpNQlwL.exe
  2⤵
  PID:8276
- C:\Windows\System\ewAqhiM.exe
  C:\Windows\System\ewAqhiM.exe
  2⤵
  PID:8324
- C:\Windows\System\LDCwESt.exe
  C:\Windows\System\LDCwESt.exe
  2⤵
  PID:8400
- C:\Windows\System\bWovPPG.exe
  C:\Windows\System\bWovPPG.exe
  2⤵
  PID:8416
- C:\Windows\System\GaSjYwr.exe
  C:\Windows\System\GaSjYwr.exe
  2⤵
  PID:8432
- C:\Windows\System\ZHWuTmt.exe
  C:\Windows\System\ZHWuTmt.exe
  2⤵
  PID:8448
- C:\Windows\System\KNhGKlA.exe
  C:\Windows\System\KNhGKlA.exe
  2⤵
  PID:8468
- C:\Windows\System\OdAQrBw.exe
  C:\Windows\System\OdAQrBw.exe
  2⤵
  PID:8484
- C:\Windows\System\gyhFjvN.exe
  C:\Windows\System\gyhFjvN.exe
  2⤵
  PID:8500
- C:\Windows\System\wBHGyLf.exe
  C:\Windows\System\wBHGyLf.exe
  2⤵
  PID:8516
- C:\Windows\System\TVVQbcf.exe
  C:\Windows\System\TVVQbcf.exe
  2⤵
  PID:8532
- C:\Windows\System\zDPklBg.exe
  C:\Windows\System\zDPklBg.exe
  2⤵
  PID:8548
- C:\Windows\System\FptnoUW.exe
  C:\Windows\System\FptnoUW.exe
  2⤵
  PID:8564
- C:\Windows\System\ogNSXut.exe
  C:\Windows\System\ogNSXut.exe
  2⤵
  PID:8588
- C:\Windows\System\jnLqfvd.exe
  C:\Windows\System\jnLqfvd.exe
  2⤵
  PID:8616
- C:\Windows\System\RSfmUqh.exe
  C:\Windows\System\RSfmUqh.exe
  2⤵
  PID:8636
- C:\Windows\System\MAWWcRL.exe
  C:\Windows\System\MAWWcRL.exe
  2⤵
  PID:8724
- C:\Windows\System\PTPxUGd.exe
  C:\Windows\System\PTPxUGd.exe
  2⤵
  PID:8752
- C:\Windows\System\dUfGoQh.exe
  C:\Windows\System\dUfGoQh.exe
  2⤵
  PID:8772
- C:\Windows\System\YZnnCaK.exe
  C:\Windows\System\YZnnCaK.exe
  2⤵
  PID:8832
- C:\Windows\System\tRFgLaV.exe
  C:\Windows\System\tRFgLaV.exe
  2⤵
  PID:8852
- C:\Windows\System\CgZfZaB.exe
  C:\Windows\System\CgZfZaB.exe
  2⤵
  PID:8932
- C:\Windows\System\wWLIOux.exe
  C:\Windows\System\wWLIOux.exe
  2⤵
  PID:8952
- C:\Windows\System\snMEfZB.exe
  C:\Windows\System\snMEfZB.exe
  2⤵
  PID:8984
- C:\Windows\System\axyBGSy.exe
  C:\Windows\System\axyBGSy.exe
  2⤵
  PID:9012
- C:\Windows\System\RTqzKrY.exe
  C:\Windows\System\RTqzKrY.exe
  2⤵
  PID:9036
- C:\Windows\System\hlvngkU.exe
  C:\Windows\System\hlvngkU.exe
  2⤵
  PID:9060
- C:\Windows\System\CSyglvJ.exe
  C:\Windows\System\CSyglvJ.exe
  2⤵
  PID:9076
- C:\Windows\System\POhOlLB.exe
  C:\Windows\System\POhOlLB.exe
  2⤵
  PID:9100
- C:\Windows\System\tqfnHay.exe
  C:\Windows\System\tqfnHay.exe
  2⤵
  PID:9116
- C:\Windows\System\AdeNUSp.exe
  C:\Windows\System\AdeNUSp.exe
  2⤵
  PID:9140
- C:\Windows\System\JuubXMN.exe
  C:\Windows\System\JuubXMN.exe
  2⤵
  PID:9168
- C:\Windows\System\ZjXNYvI.exe
  C:\Windows\System\ZjXNYvI.exe
  2⤵
  PID:9196
- C:\Windows\System\NzSVuJa.exe
  C:\Windows\System\NzSVuJa.exe
  2⤵
  PID:9212
- C:\Windows\System\mEdPLXH.exe
  C:\Windows\System\mEdPLXH.exe
  2⤵
  PID:8264
- C:\Windows\System\OYstGRa.exe
  C:\Windows\System\OYstGRa.exe
  2⤵
  PID:8312
- C:\Windows\System\saGVNyP.exe
  C:\Windows\System\saGVNyP.exe
  2⤵
  PID:8320
- C:\Windows\System\iqvbTks.exe
  C:\Windows\System\iqvbTks.exe
  2⤵
  PID:8364
- C:\Windows\System\tCJdVWw.exe
  C:\Windows\System\tCJdVWw.exe
  2⤵
  PID:8340
- C:\Windows\System\RpUFtat.exe
  C:\Windows\System\RpUFtat.exe
  2⤵
  PID:8344
- C:\Windows\System\QYCqnjI.exe
  C:\Windows\System\QYCqnjI.exe
  2⤵
  PID:8356
- C:\Windows\System\EHOcTQE.exe
  C:\Windows\System\EHOcTQE.exe
  2⤵
  PID:8668
- C:\Windows\System\DcQYfaG.exe
  C:\Windows\System\DcQYfaG.exe
  2⤵
  PID:8828
- C:\Windows\System\hlnNVEU.exe
  C:\Windows\System\hlnNVEU.exe
  2⤵
  PID:8804
- C:\Windows\System\UFIpEee.exe
  C:\Windows\System\UFIpEee.exe
  2⤵
  PID:8924
- C:\Windows\System\EWpiQNO.exe
  C:\Windows\System\EWpiQNO.exe
  2⤵
  PID:9028
- C:\Windows\System\ZIgZkNJ.exe
  C:\Windows\System\ZIgZkNJ.exe
  2⤵
  PID:9072
- C:\Windows\System\NMLVDdG.exe
  C:\Windows\System\NMLVDdG.exe
  2⤵
  PID:9148
- C:\Windows\System\mpixUyI.exe
  C:\Windows\System\mpixUyI.exe
  2⤵
  PID:9092
- C:\Windows\System\PhErVLl.exe
  C:\Windows\System\PhErVLl.exe
  2⤵
  PID:9204
- C:\Windows\System\uFIGSpX.exe
  C:\Windows\System\uFIGSpX.exe
  2⤵
  PID:8212
- C:\Windows\System\KoamUVM.exe
  C:\Windows\System\KoamUVM.exe
  2⤵
  PID:8360
- C:\Windows\System\MdtjcoT.exe
  C:\Windows\System\MdtjcoT.exe
  2⤵
  PID:8848
- C:\Windows\System\VpiYwVD.exe
  C:\Windows\System\VpiYwVD.exe
  2⤵
  PID:9048
- C:\Windows\System\dzXMzJz.exe
  C:\Windows\System\dzXMzJz.exe
  2⤵
  PID:9044
- C:\Windows\System\mxHFhnP.exe
  C:\Windows\System\mxHFhnP.exe
  2⤵
  PID:8288
- C:\Windows\System\wqosyjt.exe
  C:\Windows\System\wqosyjt.exe
  2⤵
  PID:8644
- C:\Windows\System\CVWLNAr.exe
  C:\Windows\System\CVWLNAr.exe
  2⤵
  PID:8764
- C:\Windows\System\nBMyqgb.exe
  C:\Windows\System\nBMyqgb.exe
  2⤵
  PID:8904
- C:\Windows\System\WyGDHET.exe
  C:\Windows\System\WyGDHET.exe
  2⤵
  PID:9108
- C:\Windows\System\IruRZVZ.exe
  C:\Windows\System\IruRZVZ.exe
  2⤵
  PID:8236
- C:\Windows\System\VzZcgbg.exe
  C:\Windows\System\VzZcgbg.exe
  2⤵
  PID:9232
- C:\Windows\System\eBXOodv.exe
  C:\Windows\System\eBXOodv.exe
  2⤵
  PID:9252
- C:\Windows\System\NlaozLd.exe
  C:\Windows\System\NlaozLd.exe
  2⤵
  PID:9276
- C:\Windows\System\hxhEtfN.exe
  C:\Windows\System\hxhEtfN.exe
  2⤵
  PID:9300
- C:\Windows\System\HkVAdZK.exe
  C:\Windows\System\HkVAdZK.exe
  2⤵
  PID:9324
- C:\Windows\System\FBjcnjN.exe
  C:\Windows\System\FBjcnjN.exe
  2⤵
  PID:9404
- C:\Windows\System\pLCUaSe.exe
  C:\Windows\System\pLCUaSe.exe
  2⤵
  PID:9424
- C:\Windows\System\YifqjVk.exe
  C:\Windows\System\YifqjVk.exe
  2⤵
  PID:9472
- C:\Windows\System\cxJFsNp.exe
  C:\Windows\System\cxJFsNp.exe
  2⤵
  PID:9496
- C:\Windows\System\PRYrwhz.exe
  C:\Windows\System\PRYrwhz.exe
  2⤵
  PID:9512
- C:\Windows\System\BIxbydH.exe
  C:\Windows\System\BIxbydH.exe
  2⤵
  PID:9536
- C:\Windows\System\bvzTSHA.exe
  C:\Windows\System\bvzTSHA.exe
  2⤵
  PID:9560
- C:\Windows\System\zzzYMug.exe
  C:\Windows\System\zzzYMug.exe
  2⤵
  PID:9580
- C:\Windows\System\StZZCyU.exe
  C:\Windows\System\StZZCyU.exe
  2⤵
  PID:9600
- C:\Windows\System\urxVkyG.exe
  C:\Windows\System\urxVkyG.exe
  2⤵
  PID:9672
- C:\Windows\System\owcffqT.exe
  C:\Windows\System\owcffqT.exe
  2⤵
  PID:9688
- C:\Windows\System\StyZYvi.exe
  C:\Windows\System\StyZYvi.exe
  2⤵
  PID:9724
- C:\Windows\System\CWhCAJZ.exe
  C:\Windows\System\CWhCAJZ.exe
  2⤵
  PID:9740
- C:\Windows\System\RmLHUDo.exe
  C:\Windows\System\RmLHUDo.exe
  2⤵
  PID:9764
- C:\Windows\System\EUsAfjk.exe
  C:\Windows\System\EUsAfjk.exe
  2⤵
  PID:9784
- C:\Windows\System\PHpUPHy.exe
  C:\Windows\System\PHpUPHy.exe
  2⤵
  PID:9828
- C:\Windows\System\SVnnabX.exe
  C:\Windows\System\SVnnabX.exe
  2⤵
  PID:9848
- C:\Windows\System\VzurgNA.exe
  C:\Windows\System\VzurgNA.exe
  2⤵
  PID:9876
- C:\Windows\System\KEXrNHj.exe
  C:\Windows\System\KEXrNHj.exe
  2⤵
  PID:9916
- C:\Windows\System\oXWFGAE.exe
  C:\Windows\System\oXWFGAE.exe
  2⤵
  PID:9936
- C:\Windows\System\Cqeeudp.exe
  C:\Windows\System\Cqeeudp.exe
  2⤵
  PID:9956
- C:\Windows\System\DzljPck.exe
  C:\Windows\System\DzljPck.exe
  2⤵
  PID:9976
- C:\Windows\System\FNmoQCA.exe
  C:\Windows\System\FNmoQCA.exe
  2⤵
  PID:10016
- C:\Windows\System\YlNcRtE.exe
  C:\Windows\System\YlNcRtE.exe
  2⤵
  PID:10044
- C:\Windows\System\WnYMaXe.exe
  C:\Windows\System\WnYMaXe.exe
  2⤵
  PID:10068
- C:\Windows\System\aNxzCGs.exe
  C:\Windows\System\aNxzCGs.exe
  2⤵
  PID:10088
- C:\Windows\System\FMvDxyd.exe
  C:\Windows\System\FMvDxyd.exe
  2⤵
  PID:10124
- C:\Windows\System\uWTinUC.exe
  C:\Windows\System\uWTinUC.exe
  2⤵
  PID:10156
- C:\Windows\System\gXnPhZR.exe
  C:\Windows\System\gXnPhZR.exe
  2⤵
  PID:10180
- C:\Windows\System\ozVevXM.exe
  C:\Windows\System\ozVevXM.exe
  2⤵
  PID:10200
- C:\Windows\System\iihEQyI.exe
  C:\Windows\System\iihEQyI.exe
  2⤵
  PID:10224
- C:\Windows\System\aYNUXpn.exe
  C:\Windows\System\aYNUXpn.exe
  2⤵
  PID:8296
- C:\Windows\System\EuZkKNi.exe
  C:\Windows\System\EuZkKNi.exe
  2⤵
  PID:9260
- C:\Windows\System\fEYqVwI.exe
  C:\Windows\System\fEYqVwI.exe
  2⤵
  PID:9292
- C:\Windows\System\dRfOayd.exe
  C:\Windows\System\dRfOayd.exe
  2⤵
  PID:9452
- C:\Windows\System\IfvtEoj.exe
  C:\Windows\System\IfvtEoj.exe
  2⤵
  PID:9528
- C:\Windows\System\ysfThUn.exe
  C:\Windows\System\ysfThUn.exe
  2⤵
  PID:9572
- C:\Windows\System\wJHmpMH.exe
  C:\Windows\System\wJHmpMH.exe
  2⤵
  PID:9624
- C:\Windows\System\hTDvEWu.exe
  C:\Windows\System\hTDvEWu.exe
  2⤵
  PID:9748
- C:\Windows\System\ZzzuRmO.exe
  C:\Windows\System\ZzzuRmO.exe
  2⤵
  PID:9864
- C:\Windows\System\MyQQZgg.exe
  C:\Windows\System\MyQQZgg.exe
  2⤵
  PID:9840
- C:\Windows\System\EWMwaEe.exe
  C:\Windows\System\EWMwaEe.exe
  2⤵
  PID:9904
- C:\Windows\System\TtiFlSG.exe
  C:\Windows\System\TtiFlSG.exe
  2⤵
  PID:9948
- C:\Windows\System\yRdfzVs.exe
  C:\Windows\System\yRdfzVs.exe
  2⤵
  PID:10036
- C:\Windows\System\rrCalMr.exe
  C:\Windows\System\rrCalMr.exe
  2⤵
  PID:10084
- C:\Windows\System\KnzUeFr.exe
  C:\Windows\System\KnzUeFr.exe
  2⤵
  PID:10164
- C:\Windows\System\RZdEjoP.exe
  C:\Windows\System\RZdEjoP.exe
  2⤵
  PID:10212
- C:\Windows\System\LxJzmZx.exe
  C:\Windows\System\LxJzmZx.exe
  2⤵
  PID:9320
- C:\Windows\System\nPmdphs.exe
  C:\Windows\System\nPmdphs.exe
  2⤵
  PID:9488
- C:\Windows\System\ZufmmoM.exe
  C:\Windows\System\ZufmmoM.exe
  2⤵
  PID:9620
- C:\Windows\System\WPjRwZP.exe
  C:\Windows\System\WPjRwZP.exe
  2⤵
  PID:9756
- C:\Windows\System\qIUtwog.exe
  C:\Windows\System\qIUtwog.exe
  2⤵
  PID:9816
- C:\Windows\System\bEyFpSo.exe
  C:\Windows\System\bEyFpSo.exe
  2⤵
  PID:9928
- C:\Windows\System\BKflGUa.exe
  C:\Windows\System\BKflGUa.exe
  2⤵
  PID:10060
- C:\Windows\System\ATwtTuD.exe
  C:\Windows\System\ATwtTuD.exe
  2⤵
  PID:10132
- C:\Windows\System\bSVHbqg.exe
  C:\Windows\System\bSVHbqg.exe
  2⤵
  PID:9548
- C:\Windows\System\didefuO.exe
  C:\Windows\System\didefuO.exe
  2⤵
  PID:9844
- C:\Windows\System\PvUIKGq.exe
  C:\Windows\System\PvUIKGq.exe
  2⤵
  PID:10248
- C:\Windows\System\OBiYxOk.exe
  C:\Windows\System\OBiYxOk.exe
  2⤵
  PID:10276
- C:\Windows\System\THFBTjt.exe
  C:\Windows\System\THFBTjt.exe
  2⤵
  PID:10320
- C:\Windows\System\QHGMKRS.exe
  C:\Windows\System\QHGMKRS.exe
  2⤵
  PID:10336
- C:\Windows\System\OoNmiOp.exe
  C:\Windows\System\OoNmiOp.exe
  2⤵
  PID:10360
- C:\Windows\System\QnovCHJ.exe
  C:\Windows\System\QnovCHJ.exe
  2⤵
  PID:10384
- C:\Windows\System\jyqoLSO.exe
  C:\Windows\System\jyqoLSO.exe
  2⤵
  PID:10408
- C:\Windows\System\rvpKfbv.exe
  C:\Windows\System\rvpKfbv.exe
  2⤵
  PID:10428
- C:\Windows\System\pXPpQPO.exe
  C:\Windows\System\pXPpQPO.exe
  2⤵
  PID:10452
- C:\Windows\System\CMwGHkn.exe
  C:\Windows\System\CMwGHkn.exe
  2⤵
  PID:10468
- C:\Windows\System\FCiUGpG.exe
  C:\Windows\System\FCiUGpG.exe
  2⤵
  PID:10528
- C:\Windows\System\MMRvxiu.exe
  C:\Windows\System\MMRvxiu.exe
  2⤵
  PID:10548
- C:\Windows\System\wMTZSbI.exe
  C:\Windows\System\wMTZSbI.exe
  2⤵
  PID:10572
- C:\Windows\System\pkQygYf.exe
  C:\Windows\System\pkQygYf.exe
  2⤵
  PID:10660
- C:\Windows\System\iycZlou.exe
  C:\Windows\System\iycZlou.exe
  2⤵
  PID:10696
- C:\Windows\System\gapYvra.exe
  C:\Windows\System\gapYvra.exe
  2⤵
  PID:10724
- C:\Windows\System\CKquDto.exe
  C:\Windows\System\CKquDto.exe
  2⤵
  PID:10752
- C:\Windows\System\bPUxdKb.exe
  C:\Windows\System\bPUxdKb.exe
  2⤵
  PID:10776
- C:\Windows\System\huicspE.exe
  C:\Windows\System\huicspE.exe
  2⤵
  PID:10800
- C:\Windows\System\OUZrQAJ.exe
  C:\Windows\System\OUZrQAJ.exe
  2⤵
  PID:10816
- C:\Windows\System\YwPtJLC.exe
  C:\Windows\System\YwPtJLC.exe
  2⤵
  PID:10840
- C:\Windows\System\OrVzXul.exe
  C:\Windows\System\OrVzXul.exe
  2⤵
  PID:10912
- C:\Windows\System\PXJFBOp.exe
  C:\Windows\System\PXJFBOp.exe
  2⤵
  PID:10928
- C:\Windows\System\jXXLOxE.exe
  C:\Windows\System\jXXLOxE.exe
  2⤵
  PID:10944
- C:\Windows\System\TIRThFO.exe
  C:\Windows\System\TIRThFO.exe
  2⤵
  PID:10972
- C:\Windows\System\eEBYDMU.exe
  C:\Windows\System\eEBYDMU.exe
  2⤵
  PID:10996
- C:\Windows\System\rdZCuTr.exe
  C:\Windows\System\rdZCuTr.exe
  2⤵
  PID:11016
- C:\Windows\System\xtwkxYe.exe
  C:\Windows\System\xtwkxYe.exe
  2⤵
  PID:11040
- C:\Windows\System\vAPpNHC.exe
  C:\Windows\System\vAPpNHC.exe
  2⤵
  PID:11072
- C:\Windows\System\aDpjzYW.exe
  C:\Windows\System\aDpjzYW.exe
  2⤵
  PID:11104
- C:\Windows\System\qQiaaCS.exe
  C:\Windows\System\qQiaaCS.exe
  2⤵
  PID:11128
- C:\Windows\System\meuAZxG.exe
  C:\Windows\System\meuAZxG.exe
  2⤵
  PID:11152
- C:\Windows\System\gIDKPPI.exe
  C:\Windows\System\gIDKPPI.exe
  2⤵
  PID:11168
- C:\Windows\System\nTgzxdY.exe
  C:\Windows\System\nTgzxdY.exe
  2⤵
  PID:11192
- C:\Windows\System\ZgGdTPX.exe
  C:\Windows\System\ZgGdTPX.exe
  2⤵
  PID:11212
- C:\Windows\System\dIbhXaZ.exe
  C:\Windows\System\dIbhXaZ.exe
  2⤵
  PID:11260
- C:\Windows\System\XxoQsaB.exe
  C:\Windows\System\XxoQsaB.exe
  2⤵
  PID:10220
- C:\Windows\System\kAtsYSC.exe
  C:\Windows\System\kAtsYSC.exe
  2⤵
  PID:10256
- C:\Windows\System\bmQtqUH.exe
  C:\Windows\System\bmQtqUH.exe
  2⤵
  PID:10292
- C:\Windows\System\CZFbPnU.exe
  C:\Windows\System\CZFbPnU.exe
  2⤵
  PID:10332
- C:\Windows\System\yQyrPRT.exe
  C:\Windows\System\yQyrPRT.exe
  2⤵
  PID:10520
- C:\Windows\System\xhVCdaa.exe
  C:\Windows\System\xhVCdaa.exe
  2⤵
  PID:10556
- C:\Windows\System\nkKMRxP.exe
  C:\Windows\System\nkKMRxP.exe
  2⤵
  PID:10624
- C:\Windows\System\NFsuQcb.exe
  C:\Windows\System\NFsuQcb.exe
  2⤵
  PID:10692
- C:\Windows\System\uhsxqMD.exe
  C:\Windows\System\uhsxqMD.exe
  2⤵
  PID:10716
- C:\Windows\System\rlrYgNW.exe
  C:\Windows\System\rlrYgNW.exe
  2⤵
  PID:10796
- C:\Windows\System\eMsBoUS.exe
  C:\Windows\System\eMsBoUS.exe
  2⤵
  PID:2444
- C:\Windows\System\gtdeBgg.exe
  C:\Windows\System\gtdeBgg.exe
  2⤵
  PID:10956
- C:\Windows\System\pyZDbRx.exe
  C:\Windows\System\pyZDbRx.exe
  2⤵
  PID:11008
- C:\Windows\System\mlDofwO.exe
  C:\Windows\System\mlDofwO.exe
  2⤵
  PID:11096
- C:\Windows\System\PzVJZei.exe
  C:\Windows\System\PzVJZei.exe
  2⤵
  PID:11124
- C:\Windows\System\LJIeFTp.exe
  C:\Windows\System\LJIeFTp.exe
  2⤵
  PID:11204
- C:\Windows\System\vPYGmFW.exe
  C:\Windows\System\vPYGmFW.exe
  2⤵
  PID:9556
- C:\Windows\System\qTvuKYS.exe
  C:\Windows\System\qTvuKYS.exe
  2⤵
  PID:10296
- C:\Windows\System\eSfioes.exe
  C:\Windows\System\eSfioes.exe
  2⤵
  PID:10652
- C:\Windows\System\khZuVtB.exe
  C:\Windows\System\khZuVtB.exe
  2⤵
  PID:10732
- C:\Windows\System\qibSngR.exe
  C:\Windows\System\qibSngR.exe
  2⤵
  PID:10836
- C:\Windows\System\cZKRmFR.exe
  C:\Windows\System\cZKRmFR.exe
  2⤵
  PID:10992
- C:\Windows\System\jdJfIjm.exe
  C:\Windows\System\jdJfIjm.exe
  2⤵
  PID:11112
- C:\Windows\System\vMjlOzl.exe
  C:\Windows\System\vMjlOzl.exe
  2⤵
  PID:11160
- C:\Windows\System\ofbDAQr.exe
  C:\Windows\System\ofbDAQr.exe
  2⤵
  PID:10424
- C:\Windows\System\dnreLGN.exe
  C:\Windows\System\dnreLGN.exe
  2⤵
  PID:10616
- C:\Windows\System\HbGZmKU.exe
  C:\Windows\System\HbGZmKU.exe
  2⤵
  PID:10828
- C:\Windows\System\IHzllAU.exe
  C:\Windows\System\IHzllAU.exe
  2⤵
  PID:11056
- C:\Windows\System\RsdlFFq.exe
  C:\Windows\System\RsdlFFq.exe
  2⤵
  PID:11280
- C:\Windows\System\oYCEWSL.exe
  C:\Windows\System\oYCEWSL.exe
  2⤵
  PID:11300
- C:\Windows\System\XDnSBca.exe
  C:\Windows\System\XDnSBca.exe
  2⤵
  PID:11320
- C:\Windows\System\MrfmbTs.exe
  C:\Windows\System\MrfmbTs.exe
  2⤵
  PID:11344
- C:\Windows\System\nZRneAc.exe
  C:\Windows\System\nZRneAc.exe
  2⤵
  PID:11364
- C:\Windows\System\VNizxod.exe
  C:\Windows\System\VNizxod.exe
  2⤵
  PID:11404
- C:\Windows\System\wUoSbfm.exe
  C:\Windows\System\wUoSbfm.exe
  2⤵
  PID:11436
- C:\Windows\System\tPAzwWk.exe
  C:\Windows\System\tPAzwWk.exe
  2⤵
  PID:11488
- C:\Windows\System\aPLWqYT.exe
  C:\Windows\System\aPLWqYT.exe
  2⤵
  PID:11508
- C:\Windows\System\EDedpPy.exe
  C:\Windows\System\EDedpPy.exe
  2⤵
  PID:11544
- C:\Windows\System\DOSDuSA.exe
  C:\Windows\System\DOSDuSA.exe
  2⤵
  PID:11596
- C:\Windows\System\AydUOoW.exe
  C:\Windows\System\AydUOoW.exe
  2⤵
  PID:11636
- C:\Windows\System\OVhhEFk.exe
  C:\Windows\System\OVhhEFk.exe
  2⤵
  PID:11660
- C:\Windows\System\HHnZjCL.exe
  C:\Windows\System\HHnZjCL.exe
  2⤵
  PID:11688
- C:\Windows\System\FGWvraE.exe
  C:\Windows\System\FGWvraE.exe
  2⤵
  PID:11704
- C:\Windows\System\bIKFGzc.exe
  C:\Windows\System\bIKFGzc.exe
  2⤵
  PID:11728
- C:\Windows\System\YMdzOYg.exe
  C:\Windows\System\YMdzOYg.exe
  2⤵
  PID:11752
- C:\Windows\System\iIwwPKa.exe
  C:\Windows\System\iIwwPKa.exe
  2⤵
  PID:11772
- C:\Windows\System\TWhIMBv.exe
  C:\Windows\System\TWhIMBv.exe
  2⤵
  PID:11812
- C:\Windows\System\NdnYUJq.exe
  C:\Windows\System\NdnYUJq.exe
  2⤵
  PID:11844
- C:\Windows\System\jvUiAGP.exe
  C:\Windows\System\jvUiAGP.exe
  2⤵
  PID:11876
- C:\Windows\System\FZIpdKf.exe
  C:\Windows\System\FZIpdKf.exe
  2⤵
  PID:11892
- C:\Windows\System\ONFJsgr.exe
  C:\Windows\System\ONFJsgr.exe
  2⤵
  PID:11912
- C:\Windows\System\fWYBnuP.exe
  C:\Windows\System\fWYBnuP.exe
  2⤵
  PID:11944
- C:\Windows\System\ToSzOOl.exe
  C:\Windows\System\ToSzOOl.exe
  2⤵
  PID:11964
- C:\Windows\System\ydMkkHI.exe
  C:\Windows\System\ydMkkHI.exe
  2⤵
  PID:11980
- C:\Windows\System\gfPINYH.exe
  C:\Windows\System\gfPINYH.exe
  2⤵
  PID:12012
- C:\Windows\System\OfxHzQT.exe
  C:\Windows\System\OfxHzQT.exe
  2⤵
  PID:12032
- C:\Windows\System\ynGUwQD.exe
  C:\Windows\System\ynGUwQD.exe
  2⤵
  PID:12080
- C:\Windows\System\ANnJtGN.exe
  C:\Windows\System\ANnJtGN.exe
  2⤵
  PID:12124
- C:\Windows\System\ZgmjgyT.exe
  C:\Windows\System\ZgmjgyT.exe
  2⤵
  PID:12144
- C:\Windows\System\WqcmqKZ.exe
  C:\Windows\System\WqcmqKZ.exe
  2⤵
  PID:12172
- C:\Windows\System\LWjdopc.exe
  C:\Windows\System\LWjdopc.exe
  2⤵
  PID:12192
- C:\Windows\System\prLgLXB.exe
  C:\Windows\System\prLgLXB.exe
  2⤵
  PID:12224
- C:\Windows\System\WxToDrN.exe
  C:\Windows\System\WxToDrN.exe
  2⤵
  PID:12244
- C:\Windows\System\oAxfrwa.exe
  C:\Windows\System\oAxfrwa.exe
  2⤵
  PID:12268
- C:\Windows\System\KEwDrEO.exe
  C:\Windows\System\KEwDrEO.exe
  2⤵
  PID:10396
- C:\Windows\System\AVYfwMQ.exe
  C:\Windows\System\AVYfwMQ.exe
  2⤵
  PID:11036
- C:\Windows\System\bBsIevC.exe
  C:\Windows\System\bBsIevC.exe
  2⤵
  PID:11316
- C:\Windows\System\wWyEOws.exe
  C:\Windows\System\wWyEOws.exe
  2⤵
  PID:10860
- C:\Windows\System\GrKxdsK.exe
  C:\Windows\System\GrKxdsK.exe
  2⤵
  PID:11416
- C:\Windows\System\dOzkuIK.exe
  C:\Windows\System\dOzkuIK.exe
  2⤵
  PID:11580
- C:\Windows\System\xwXXaef.exe
  C:\Windows\System\xwXXaef.exe
  2⤵
  PID:11628
- C:\Windows\System\NAjtGIH.exe
  C:\Windows\System\NAjtGIH.exe
  2⤵
  PID:11696
- C:\Windows\System\wnQuBDD.exe
  C:\Windows\System\wnQuBDD.exe
  2⤵
  PID:11784
- C:\Windows\System\DXBdsCi.exe
  C:\Windows\System\DXBdsCi.exe
  2⤵
  PID:11804
- C:\Windows\System\GzCDVlQ.exe
  C:\Windows\System\GzCDVlQ.exe
  2⤵
  PID:11860
- C:\Windows\System\ktumnoO.exe
  C:\Windows\System\ktumnoO.exe
  2⤵
  PID:11904
- C:\Windows\System\QCkycfo.exe
  C:\Windows\System\QCkycfo.exe
  2⤵
  PID:11936
- C:\Windows\System\syORvRY.exe
  C:\Windows\System\syORvRY.exe
  2⤵
  PID:12108
- C:\Windows\System\pETeHUt.exe
  C:\Windows\System\pETeHUt.exe
  2⤵
  PID:12140
- C:\Windows\System\AyHfJVl.exe
  C:\Windows\System\AyHfJVl.exe
  2⤵
  PID:12236
- C:\Windows\System\YUteAjM.exe
  C:\Windows\System\YUteAjM.exe
  2⤵
  PID:12220
- C:\Windows\System\MpoFBtD.exe
  C:\Windows\System\MpoFBtD.exe
  2⤵
  PID:11140
- C:\Windows\System\pYxOQiR.exe
  C:\Windows\System\pYxOQiR.exe
  2⤵
  PID:11328
- C:\Windows\System\IpMdjTz.exe
  C:\Windows\System\IpMdjTz.exe
  2⤵
  PID:11500
- C:\Windows\System\ZWCGQGm.exe
  C:\Windows\System\ZWCGQGm.exe
  2⤵
  PID:11788
- C:\Windows\System\iFxYhYe.exe
  C:\Windows\System\iFxYhYe.exe
  2⤵
  PID:11952
- C:\Windows\System\PiIJHVk.exe
  C:\Windows\System\PiIJHVk.exe
  2⤵
  PID:12040
- C:\Windows\System\NcnqyOG.exe
  C:\Windows\System\NcnqyOG.exe
  2⤵
  PID:12264
- C:\Windows\System\zOkspPH.exe
  C:\Windows\System\zOkspPH.exe
  2⤵
  PID:12280
- C:\Windows\System\YWQCTfg.exe
  C:\Windows\System\YWQCTfg.exe
  2⤵
  PID:11400
- C:\Windows\System\fCXRUSy.exe
  C:\Windows\System\fCXRUSy.exe
  2⤵
  PID:12292
- C:\Windows\System\yuuCNZM.exe
  C:\Windows\System\yuuCNZM.exe
  2⤵
  PID:12308
- C:\Windows\System\NTFinWi.exe
  C:\Windows\System\NTFinWi.exe
  2⤵
  PID:12324
- C:\Windows\System\phnbdib.exe
  C:\Windows\System\phnbdib.exe
  2⤵
  PID:12340
- C:\Windows\System\hKInbTI.exe
  C:\Windows\System\hKInbTI.exe
  2⤵
  PID:12356
- C:\Windows\System\uXKoQVs.exe
  C:\Windows\System\uXKoQVs.exe
  2⤵
  PID:12372
- C:\Windows\System\AiJVwNC.exe
  C:\Windows\System\AiJVwNC.exe
  2⤵
  PID:12388
- C:\Windows\System\wOWulWB.exe
  C:\Windows\System\wOWulWB.exe
  2⤵
  PID:12404
- C:\Windows\System\sYqGsno.exe
  C:\Windows\System\sYqGsno.exe
  2⤵
  PID:12424
- C:\Windows\System\KcTtkAz.exe
  C:\Windows\System\KcTtkAz.exe
  2⤵
  PID:12444
- C:\Windows\System\RNNbAzI.exe
  C:\Windows\System\RNNbAzI.exe
  2⤵
  PID:12532
- C:\Windows\System\yrcKQNP.exe
  C:\Windows\System\yrcKQNP.exe
  2⤵
  PID:12632
- C:\Windows\System\vqhyjFj.exe
  C:\Windows\System\vqhyjFj.exe
  2⤵
  PID:12728
- C:\Windows\System\trfguoD.exe
  C:\Windows\System\trfguoD.exe
  2⤵
  PID:12748
- C:\Windows\System\kjFXoSr.exe
  C:\Windows\System\kjFXoSr.exe
  2⤵
  PID:12772
- C:\Windows\System\gGVgsOn.exe
  C:\Windows\System\gGVgsOn.exe
  2⤵
  PID:12792
- C:\Windows\System\zXwcbic.exe
  C:\Windows\System\zXwcbic.exe
  2⤵
  PID:12820
- C:\Windows\System\ZCklCDk.exe
  C:\Windows\System\ZCklCDk.exe
  2⤵
  PID:12840
- C:\Windows\System\LxrQINL.exe
  C:\Windows\System\LxrQINL.exe
  2⤵
  PID:12868
- C:\Windows\System\gGpeABg.exe
  C:\Windows\System\gGpeABg.exe
  2⤵
  PID:12892
- C:\Windows\System\SweHESy.exe
  C:\Windows\System\SweHESy.exe
  2⤵
  PID:12912
- C:\Windows\System\ZmUJEPg.exe
  C:\Windows\System\ZmUJEPg.exe
  2⤵
  PID:12968
- C:\Windows\System\yDGtcAW.exe
  C:\Windows\System\yDGtcAW.exe
  2⤵
  PID:13004
- C:\Windows\System\WzmEEbO.exe
  C:\Windows\System\WzmEEbO.exe
  2⤵
  PID:13024
- C:\Windows\System\dsxPsir.exe
  C:\Windows\System\dsxPsir.exe
  2⤵
  PID:13080
- C:\Windows\System\jydBmKR.exe
  C:\Windows\System\jydBmKR.exe
  2⤵
  PID:13100
- C:\Windows\System\QIuLTAM.exe
  C:\Windows\System\QIuLTAM.exe
  2⤵
  PID:13128
- C:\Windows\System\NAkJBez.exe
  C:\Windows\System\NAkJBez.exe
  2⤵
  PID:13160
- C:\Windows\System\CHciBuo.exe
  C:\Windows\System\CHciBuo.exe
  2⤵
  PID:13196
- C:\Windows\System\ogEKOGl.exe
  C:\Windows\System\ogEKOGl.exe
  2⤵
  PID:13220
- C:\Windows\System\teVahdG.exe
  C:\Windows\System\teVahdG.exe
  2⤵
  PID:13240
- C:\Windows\System\AZckGyw.exe
  C:\Windows\System\AZckGyw.exe
  2⤵
  PID:13280
- C:\Windows\System\fJYnEKv.exe
  C:\Windows\System\fJYnEKv.exe
  2⤵
  PID:13308
- C:\Windows\System\OnryFPj.exe
  C:\Windows\System\OnryFPj.exe
  2⤵
  PID:12216
- C:\Windows\System\AvCoAcF.exe
  C:\Windows\System\AvCoAcF.exe
  2⤵
  PID:12304
- C:\Windows\System\WAyIrPp.exe
  C:\Windows\System\WAyIrPp.exe
  2⤵
  PID:12368
- C:\Windows\System\YesHfcf.exe
  C:\Windows\System\YesHfcf.exe
  2⤵
  PID:11528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zukdwlz3.1wl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AbsZFLL.exe

Filesize
1.4MB

MD5
e245ee85064900fee61c84cd2ae0e6f9

SHA1
3ebfbe1b5ddc85c488bd86ca090c32299404d51d

SHA256
575e64038ae7b5bf561b208f72337469471b8ac1996d0070b4d56721cbaeacc7

SHA512
54f16c7b57bacf812b66d39b9fd5a7e98ea5b06535ec364d5db2f404f04db5e31ebc662c63762a1944b1ef80259c3ed8f2af1d4fc228ed3831c861099bb71310

Download Submit
C:\Windows\System\AhcPtKR.exe

Filesize
1.4MB

MD5
526811347f4d93b301262a3d5ed9af75

SHA1
6e96d4153928b6bac4f0431c3cd9823e7fd5831c

SHA256
02913cd823370e8d566081ef481f2cb7b1ec9b610e2587b67aab613f430e350e

SHA512
3765665d7822fa25eac42ac64157b46eb27daabe268807de6ccf7248aa87722352a9e56451a6f5a85ee3dc371c006e4ea774fe4ffbad9277c8659b12319bf473

Download Submit
C:\Windows\System\BbYgwWy.exe

Filesize
1.4MB

MD5
648bca0c6e5f5d32f31a096fb75e0f14

SHA1
dab494ca8bedb9e31c50455045686826da8f5a8f

SHA256
5a9bd36e5a554c1a8a5f0c88145ad5deac4cb87ab4a15b5bbf274ad61725323a

SHA512
74c878b0237bd6e6e4cd7c01d155ecdfc17646cf1fe151d77e60d1323d73f7c6d91e4299dcee88941488d243833abc96d71ebd2d35f43c70411dbbe0107e6b52

Download Submit
C:\Windows\System\DvWWqlt.exe

Filesize
1.4MB

MD5
19d84699fbb8d2f3c9d00988e0f84a69

SHA1
452bdf9ccda5cf32cb562d8048e7f613fca27e54

SHA256
bc87c5178758a5ae8755a95a87c71c796efd90e295500ab9ed9427a93d59c1fa

SHA512
263a07201f9575abf95c3fe3e64070b4cd0466151cef068fb3ce6c4bb6d26525082f625b6cc067db24b255fa0527511fef70062591e694971bab4b33851c2b77

Download Submit
C:\Windows\System\EkLiSzL.exe

Filesize
1.4MB

MD5
b146456c67f1a4cd8b588755319b9da8

SHA1
0eb3abcfbb3473faa6a71bfb92cb0942c30d1d37

SHA256
a2948e755dc2b1fccbe1afafca323e73c5d86a44cdf2da71a04fce538b4ca66c

SHA512
f4e44e638eb172e9a6dac853360e2ec62cabcb1af5dfe8d6d4ab68eb7c9616b3403ab403506d88882ffacb5e19c96c2a234f1d97cd6fb0ab23fda8f87557f8cc

Download Submit
C:\Windows\System\GMMKIBi.exe

Filesize
1.4MB

MD5
f95258d8c6d479a1888762a3eba6500c

SHA1
68dfe09f8ca5d81d979dfe8ffb2737c66063ad8d

SHA256
a0767276324939b46cf347f1e9185e9a45d3de42492eb9baab89d84b24698640

SHA512
5c136da9798144e1ca198e9b7f4f136d75a4e8a518fb736650638ac3303782961ad78998597c363384fcbbc123e54abd12983575e9a5d5648c9b99d45bc8b15a

Download Submit
C:\Windows\System\GjjVPdp.exe

Filesize
1.4MB

MD5
60edd2524f2f509b6edfecde5d33bc6c

SHA1
22dff05ed0cacda01339065f407c582f7aa41eac

SHA256
7d56f3089fc3bcb7fcec131b40168563a9f3dc701ac19e6560be4ac600fe8eca

SHA512
72a0cc7967a4e9ea6f7fb1737e999def1c19052bd411caa986a63b363f482a2128bbbafd326504500cefb9ef1d6510ca639de1d8cc0357d4d7e431062eaa3dae

Download Submit
C:\Windows\System\IBahReX.exe

Filesize
1.4MB

MD5
58b20f6a4cf35c6c049c50f14369a7a0

SHA1
1c8621a2cab4d898ec0a5059898aef90a7a3a743

SHA256
d54b3183466af5e6e04ade2fc09c323d19ad96c24b95fca8bb6bc1df21d10662

SHA512
6205217bc26218eec14348638b45cf620ea1071df49c23269d7be0ea74afdbb8f05abc91e8c2a6efcafd972a8a5d2333d0d108f55e43eb7609d359f04ec3cbe3

Download Submit
C:\Windows\System\IobTHuL.exe

Filesize
1.4MB

MD5
bdd9b0409e6d59aeb2e24e7a8dea760d

SHA1
57f9feced4069fab57f8f5448c1a3f4bafd40c54

SHA256
b7fd8526bcb9cc0a395048c63f26738ade56d0bfaf130944d8bd031e07c02bef

SHA512
c6af807b926e5f93ba93a2064e8b8cea28cc3961954907a6db815a1c440cc9e8efc318cd2741456e935960799ffb53529b269b55d30ab19fcc974207b83b49a0

Download Submit
C:\Windows\System\KHGhGLb.exe

Filesize
1.4MB

MD5
57b336a5bfaa421affff87bb3abc0507

SHA1
3de76f2b28f21eed4675ea863ec0413f862e82b9

SHA256
afdca1dd773275ff38556d3c36a315aaaa39b527eb4eba18c8a482c95155b499

SHA512
38f3ad905a5259690b94529e7db7c419305cc368b2e4e91b5dbee6e993658ae795b8ca5cb00160d89007e58bb02aed5973bb6cb89e6b47727561fdb776d5ce4a

Download Submit
C:\Windows\System\KvwfeOz.exe

Filesize
1.4MB

MD5
d0c36756f705df8fe89b072e06b13a2b

SHA1
a7e7b361ccf04bc01fd1000302b6b7a6c425e0f9

SHA256
8bbcf71059dadbcb23e309ec6d61ac22da2490089b7ab210976d18f63c7ceec1

SHA512
dd47774427482eb834e7fd4b6702a2a4f9e811ae99a71634d6f0afc2c5404a5efbd233e2de40f0b6bec21ae51710a18f2838ac6b0b0f3f0698c338a819aebfe8

Download Submit
C:\Windows\System\Oukhoka.exe

Filesize
1.4MB

MD5
11d22a59bceb185aa4a944adb2f3ca59

SHA1
493883edfe85e6ca68ca6b5578ff5279d0e79f95

SHA256
751b9ef1737da420c5de4b11c0953550e44766749f65b0342c573d867cad9a0a

SHA512
449f2540c1f706cc945f6bbf91d1dd91b4a0b7b5b61f14c8a208a83b0f2212a392ee236d501196b8ad595d677d607922548b08fa6bfc5ab3b1785097bdf66a01

Download Submit
C:\Windows\System\OvOzlZd.exe

Filesize
1.4MB

MD5
03cc5f3c1bdf6c2d48774cb7e0ba2eb1

SHA1
e2113505560a2c0146bf3d604b1a152e72626c8f

SHA256
17ad6714570b276410b51f8485d776d291200d0ddde0921c27bd4ea8801c5197

SHA512
b30297f4d6125274be1493e9aa7cddcded5e16bf6fed37ae9bb5dadf0dece574f4fa5cffae3eeaf70567e403b1d3508aa296e83c2f7357f3fb4ea751e4359221

Download Submit
C:\Windows\System\PBuIglD.exe

Filesize
1.4MB

MD5
17e9775ee98405aceee1ff86e14e98af

SHA1
d4eb157bd0433ec4f350f5b5fedb710473e7b1d2

SHA256
5bbc5f2c9f92024c483d3292bd053cb48cf3bc26767aa7d3028c943fb35ed7d6

SHA512
ded52756c7c10b0f10886738b8fef9bb16d4192da49a9a4c5c83dbbb71b05239a56ea8bd7fbef110a0e0a1aa93ffc5009fe476bde831c23c42065466dad01dc6

Download Submit
C:\Windows\System\QTMVxCf.exe

Filesize
1.4MB

MD5
dc1b36b7439dfdafd6fb4dc9807db05f

SHA1
4ef215808b58198313f33d6497e68cbc9050cf38

SHA256
202c1fa8299d505b6451f0021a891afa34e59559e28ecf1752e4b0911c4ccd23

SHA512
609cfc2ed407b6fed72e9b0fc1e2c536ea5d5211c9bad64322657387176d25665ed0ab945db2fa29d5f090b522da6a1714b52d499189b9530c6015df5430a0cd

Download Submit
C:\Windows\System\TLUcJqK.exe

Filesize
1.4MB

MD5
602948be22344a822f933ec7f4378903

SHA1
72ffafb255247daa8e977c8a269b5a35fbeae447

SHA256
70f631d45852f57936c706326b4bb1ef38949b0dad4bf3065238ad8c51e3759d

SHA512
5217bf14ff7727524296df85ccbb588c36f87fcd3c1a93c2cfffce31510f3b0cd55d24d23b9a378b5dbdb11c88a2db69ff6eb8cec9483ad3a18857d11be089cd

Download Submit
C:\Windows\System\VWIOUNw.exe

Filesize
1.4MB

MD5
da4e53c384c7de74cff7352f2b469dd3

SHA1
2d790530ae83c5b169dfc68a631034960396b9c1

SHA256
e271818b0c7199665d70995d009c86e48c3957192a8cdef9dfaf8023f0607eca

SHA512
18bb4647ee10cd4d79480f10e4cf011ebfac7b5dc3ffd6dfc2ccc9012aadfa86070c15bb33ac524b09131d3a8e6157c5c69f3ee18589a9244896b8546430a398

Download Submit
C:\Windows\System\YOSYMnk.exe

Filesize
1.4MB

MD5
7ddd9af38fcb18ddfef1101447ec84ef

SHA1
19994ceb3d03cc1b06d75db13c7b8ee6caff651d

SHA256
eaf83a8a391f5f9a877bc58c81d56844f36a4a40c5b8374d50bfceb38715df80

SHA512
fac2b41a729b60992c5983e1550c0e57f20fe933e1d8b8acb164de273d82c8235239c95fa525e58d4c5cc503cea2dfb7e2ce88c164382e017084b59df1e43d72

Download Submit
C:\Windows\System\ZQgRFGr.exe

Filesize
1.4MB

MD5
1752896cbda7b73260d7cb102463144a

SHA1
017d052d9e541b590c90c801ab4d0071ac1704c3

SHA256
453cdd14abb9ca663705fdcb55995470596042cfab00cc0976e25774d19b19b9

SHA512
0649efd7a68732fc6c22bdc2256f0914ca40a1fd792cbdd0b8104fd842ae31ed44a29ffea7a99f7f7706e87b24d4c41cf449c8f9ddceded8a891101ecea6691c

Download Submit
C:\Windows\System\eJMpTZp.exe

Filesize
1.4MB

MD5
22e74141a44614056c56ca9b22da8a6f

SHA1
e9d2673dc446152a09625e3631b7e3963f935d1b

SHA256
c75b9c0eb5020b9f925ed7bdeeedff80d538d138a6bd8788e1c41d4208dd08cf

SHA512
e0d9e59109a398b42541781870b71f70cf9ca136cba9b94dcc84808a2ac8291c565d4ef3b431e8caedaeabe4ce5d9d58915b4cc1046aa8fea9736e9014a400dd

Download Submit
C:\Windows\System\htUhRNR.exe

Filesize
1.4MB

MD5
0f11a40035debe45cd495d54a85ca495

SHA1
29b668d4a360fa3e42fed67641d33d3bd894640a

SHA256
77e2edfdd8a04cf77e5f08620c6d62e69a77ea3dff4765cb33686f243718c2b9

SHA512
c3ad84c7315640fed6262ac9303bc54d3c6f8bb50c48f870e86190e0788bbec6149df96961ea4a650c59986550c9abb1b1369776e0a1a9c9243cd5b2a1849925

Download Submit
C:\Windows\System\hzmoSJa.exe

Filesize
1.4MB

MD5
1caa0fa51d7a58f5ba367a53dab1e567

SHA1
855676020d6c624ed85b685e8a8865596538dcdb

SHA256
63c48d5f94224e150ec0ed2d73eaac1621396aad663966e11e545cdac9fa1abc

SHA512
2d01759d62f4d12ccba3ea52e5be2078b4ff6c862b53d858ece2185e6c79e6803a6e0acfe8147b57e8adea869ebacdfc3cf0cf9f531af10705f40c7f7f2fd04f

Download Submit
C:\Windows\System\jtZjNaU.exe

Filesize
1.4MB

MD5
5df76f848938d9b9d43a22cc02291615

SHA1
c22b2f1ee1617133cf86bf03fb9e143e953131b2

SHA256
7b841c441dca78d94a46e5d86416dfbee3e4e62dcca4b2173b0b6039eddf41d2

SHA512
0bdd29a29564ae0cc8091071af96a5f4b7b2f464071c76d70a29a72e8352af9f0a6ead4f69c58e6deaaad44922392f3b12522544e2638946d51c7040c5046d5a

Download Submit
C:\Windows\System\kmXHwej.exe

Filesize
8B

MD5
f711adee27516b005fc25d05db275022

SHA1
37fddcc1329d6f4da1b8eb78665830cbf5074110

SHA256
a9de3e5771bb94f83a0011d6be0e78d5e9c1c91c97b1401206471b56740d49d4

SHA512
5a6cabfef649b40043c3bced543aeaa96cc1135167dc5f35eff4dd8aef45c34ed818a13fca66a04a1ce4848095ed467409b597f0ce727137f28b37a18328e1e0

Download Submit
C:\Windows\System\mTupuVu.exe

Filesize
1.4MB

MD5
7816ba05cebb3da2248bde259b3b7a6c

SHA1
8659272816f21809710c80585b1663d0a63fcb35

SHA256
40d2fdfaa7267819c19107ef710ea39e40222584e5a8f4ea0a47352e070175bd

SHA512
34a042d723a52572366a37acbe0834f27b2b54be29c0c14ec591f240711216ba6920fcca642aa6f45d5a41602b03913703e88728cb7d2e87b0c87825360cbb47

Download Submit
C:\Windows\System\nvHofEJ.exe

Filesize
1.4MB

MD5
f392f246da70e6906ca006573fb28c4f

SHA1
9c2f09fb3a843cc99281288373c1df1748d7ca56

SHA256
70adb249d9dc6adb9ed766e3074623d4ffbe208e2c7e763d41fa789d90b048f5

SHA512
78b19d1e51af4248d672e6c4db32a657990d4c01f48d2ceee32838b52218f7872438409bb7078e91147d2e936c29f40b068cba8ad41f9402f9a50fd5ecae05a9

Download Submit
C:\Windows\System\nxbYcuG.exe

Filesize
1.4MB

MD5
92f2e9bc01d36ecd810880421281c176

SHA1
480139e465965a1dd4152e317ca9ab6df1252920

SHA256
2dd74c2dd49b40f015b7fabbb160dc12436eef904767d7044dea6bad8718e65c

SHA512
02435173cbde4d455144bbbe5d106f290d3e7be3451b792876447b40db789a226130cc8cdc4e9552cf5765612b5e8aaf7ba57086d4c27ee29a84fe2026f61c50

Download Submit
C:\Windows\System\ocpCAar.exe

Filesize
1.4MB

MD5
884fe7a5df967f7c6c92430354a54c83

SHA1
44e5c9a2017f552e83976cc810196317753d91ab

SHA256
53733fe4724a149019a18348755def88bfee90723eb7b58782014d111aae49a9

SHA512
13dff767c467fffc3f855656fa4979ac7499663621db90743507c297c8af092fbe9a884833f41d7994e03772219789ad432ba16491a0a8dc51875386e616bc13

Download Submit
C:\Windows\System\prJcvij.exe

Filesize
1.4MB

MD5
d17e19ad8ad8b8c672ae67bfcf2b5bd9

SHA1
a8d2339f6c2d3a1a62ab264e01c2c667ae7fbcc9

SHA256
c9e7f7a7ee0b58928fad35626a39732d9fdabb6a5d5d12e88734ff5f261bab28

SHA512
b8ccef3bd448aa08cce0996e82419722531051b9611c8c841fc08cd3aa2c6fd5f6a74998284e82299bfebd747916357de46d141fd3c6989f5ed0343b0e00b5db

Download Submit
C:\Windows\System\qmLJDOZ.exe

Filesize
1.4MB

MD5
0550462c8da014a4a23204b7a3bfdeb2

SHA1
728c279fc68569285a1f95bea756292d9e79fd34

SHA256
095aad514ef3e3990b64804e505eedfae1c6e1b5e8e931cdd2d7147c983bc8c1

SHA512
2ea5910526ba648e685165007491aeed1caf012a24d34c7303ff3d4c2d6b3c2233ca12b2ff27708245752df1448683d068db70dc6a310b8c1c5dc52c04416272

Download Submit
C:\Windows\System\ukKRaqs.exe

Filesize
1.4MB

MD5
75df55f149dd782d4b7a015db632a86d

SHA1
fd85939486220307dbaed2fee66661d5590ca194

SHA256
377f8b2e0393b3cec75245af8d3cf76f3de165ceebd868239e5a36c8560b9248

SHA512
af9956fb972b885f8bc728ca9e3bbe164fb0ee964a8262b568ebd6c8429c4161aa097409711a252dd41af1516662613b76472184563344329431022bb18b750a

Download Submit
C:\Windows\System\xEEnmKp.exe

Filesize
1.4MB

MD5
f9f71be70de723d0e746adc7299c9633

SHA1
f23289d86a396913754d4f50f32870758877dce4

SHA256
6ef88a48c808145a815b315dccbf57280df6861b7361d859b201467d2456002a

SHA512
ead8262b2c62d1dca3514f96b0a18ec1f4b94d0b0a2232fdba3c31913ec97a552fd34c51e4083975f68d60a79432fbd442daac6564e9889c08d7902c70f3680b

Download Submit
C:\Windows\System\xihrkka.exe

Filesize
1.4MB

MD5
fc8c006fb4c21f6731e34c1148baf6d6

SHA1
2af123b033d06af4c9395c00978969b7bf2d8359

SHA256
cca55dfd759e0a5b553275e836b4dbd1ed84bdf88ec3585415e4c0fb46304c47

SHA512
2d548710b576f2916d15d4ed8aa175fbca2f8e57bce96d1d9910c679035b1015fd18674104a9b73283c15071a4ab020f69aeeae1bdd137ab0384813890392e6a

Download Submit
C:\Windows\System\yUYQgKG.exe

Filesize
1.4MB

MD5
8b95caa5ce0f374b61d7e5202a3cbbed

SHA1
ed0fa16cb5768d73b2b9db1b02b7457ae7f4b6cf

SHA256
382f0437285bf7375733e3842763f5c2861eecaec23f3e4e8ab64aeef6191060

SHA512
6c89c9201790d552714f99e17e0c93594205c1534afca08c2bfe6daf850beb5a54d5d331f4d6e1329f12594d1e8de39ecffab1376776edeb20190c4da85c1fd3

Download Submit
memory/8-147-0x00007FF725200000-0x00007FF7255F2000-memory.dmp

Filesize
3.9MB

Download
memory/8-3211-0x00007FF725200000-0x00007FF7255F2000-memory.dmp

Filesize
3.9MB

Download
memory/760-125-0x00007FF682520000-0x00007FF682912000-memory.dmp

Filesize
3.9MB

Download
memory/760-3173-0x00007FF682520000-0x00007FF682912000-memory.dmp

Filesize
3.9MB

Download
memory/960-122-0x00007FF783310000-0x00007FF783702000-memory.dmp

Filesize
3.9MB

Download
memory/960-3184-0x00007FF783310000-0x00007FF783702000-memory.dmp

Filesize
3.9MB

Download
memory/1384-3156-0x00007FF684C90000-0x00007FF685082000-memory.dmp

Filesize
3.9MB

Download
memory/1384-114-0x00007FF684C90000-0x00007FF685082000-memory.dmp

Filesize
3.9MB

Download
memory/1436-3165-0x00007FF614C30000-0x00007FF615022000-memory.dmp

Filesize
3.9MB

Download
memory/1436-61-0x00007FF614C30000-0x00007FF615022000-memory.dmp

Filesize
3.9MB

Download
memory/1516-11-0x00007FF61D030000-0x00007FF61D422000-memory.dmp

Filesize
3.9MB

Download
memory/1516-3155-0x00007FF61D030000-0x00007FF61D422000-memory.dmp

Filesize
3.9MB

Download
memory/1516-3101-0x00007FF61D030000-0x00007FF61D422000-memory.dmp

Filesize
3.9MB

Download
memory/1520-3103-0x00007FF63F490000-0x00007FF63F882000-memory.dmp

Filesize
3.9MB

Download
memory/1520-3186-0x00007FF63F490000-0x00007FF63F882000-memory.dmp

Filesize
3.9MB

Download
memory/1520-112-0x00007FF63F490000-0x00007FF63F882000-memory.dmp

Filesize
3.9MB

Download
memory/1592-3188-0x00007FF67CD20000-0x00007FF67D112000-memory.dmp

Filesize
3.9MB

Download
memory/1592-124-0x00007FF67CD20000-0x00007FF67D112000-memory.dmp

Filesize
3.9MB

Download
memory/1644-113-0x00007FF7932B0000-0x00007FF7936A2000-memory.dmp

Filesize
3.9MB

Download
memory/1644-3175-0x00007FF7932B0000-0x00007FF7936A2000-memory.dmp

Filesize
3.9MB

Download
memory/1892-162-0x00007FF7CF970000-0x00007FF7CFD62000-memory.dmp

Filesize
3.9MB

Download
memory/1892-3250-0x00007FF7CF970000-0x00007FF7CFD62000-memory.dmp

Filesize
3.9MB

Download
memory/1892-3150-0x00007FF7CF970000-0x00007FF7CFD62000-memory.dmp

Filesize
3.9MB

Download
memory/2036-119-0x00007FF751600000-0x00007FF7519F2000-memory.dmp

Filesize
3.9MB

Download
memory/2036-3161-0x00007FF751600000-0x00007FF7519F2000-memory.dmp

Filesize
3.9MB

Download
memory/2104-35-0x00007FF9E3F60000-0x00007FF9E4A21000-memory.dmp

Filesize
10.8MB

Download
memory/2104-12-0x00007FF9E3F63000-0x00007FF9E3F65000-memory.dmp

Filesize
8KB

Download
memory/2104-260-0x000002136FFF0000-0x0000021370796000-memory.dmp

Filesize
7.6MB

Download
memory/2104-3102-0x00007FF9E3F60000-0x00007FF9E4A21000-memory.dmp

Filesize
10.8MB

Download
memory/2104-106-0x000002136EA30000-0x000002136EA52000-memory.dmp

Filesize
136KB

Download
memory/2104-3123-0x00007FF9E3F63000-0x00007FF9E3F65000-memory.dmp

Filesize
8KB

Download
memory/2104-3133-0x00007FF9E3F60000-0x00007FF9E4A21000-memory.dmp

Filesize
10.8MB

Download
memory/2140-3160-0x00007FF698160000-0x00007FF698552000-memory.dmp

Filesize
3.9MB

Download
memory/2140-47-0x00007FF698160000-0x00007FF698552000-memory.dmp

Filesize
3.9MB

Download
memory/2360-107-0x00007FF751E90000-0x00007FF752282000-memory.dmp

Filesize
3.9MB

Download
memory/2360-3181-0x00007FF751E90000-0x00007FF752282000-memory.dmp

Filesize
3.9MB

Download
memory/2968-3245-0x00007FF710B60000-0x00007FF710F52000-memory.dmp

Filesize
3.9MB

Download
memory/2968-184-0x00007FF710B60000-0x00007FF710F52000-memory.dmp

Filesize
3.9MB

Download
memory/3144-3162-0x00007FF730940000-0x00007FF730D32000-memory.dmp

Filesize
3.9MB

Download
memory/3144-55-0x00007FF730940000-0x00007FF730D32000-memory.dmp

Filesize
3.9MB

Download
memory/3516-120-0x00007FF77FC10000-0x00007FF780002000-memory.dmp

Filesize
3.9MB

Download
memory/3516-3169-0x00007FF77FC10000-0x00007FF780002000-memory.dmp

Filesize
3.9MB

Download
memory/3572-3183-0x00007FF6D1B20000-0x00007FF6D1F12000-memory.dmp

Filesize
3.9MB

Download
memory/3572-80-0x00007FF6D1B20000-0x00007FF6D1F12000-memory.dmp

Filesize
3.9MB

Download
memory/3692-95-0x00007FF778A10000-0x00007FF778E02000-memory.dmp

Filesize
3.9MB

Download
memory/3692-3177-0x00007FF778A10000-0x00007FF778E02000-memory.dmp

Filesize
3.9MB

Download
memory/3756-3148-0x00007FF6B2B60000-0x00007FF6B2F52000-memory.dmp

Filesize
3.9MB

Download
memory/3756-3247-0x00007FF6B2B60000-0x00007FF6B2F52000-memory.dmp

Filesize
3.9MB

Download
memory/3756-149-0x00007FF6B2B60000-0x00007FF6B2F52000-memory.dmp

Filesize
3.9MB

Download
memory/4312-72-0x00007FF6E75E0000-0x00007FF6E79D2000-memory.dmp

Filesize
3.9MB

Download
memory/4312-3167-0x00007FF6E75E0000-0x00007FF6E79D2000-memory.dmp

Filesize
3.9MB

Download
memory/4436-81-0x00007FF63C580000-0x00007FF63C972000-memory.dmp

Filesize
3.9MB

Download
memory/4436-3170-0x00007FF63C580000-0x00007FF63C972000-memory.dmp

Filesize
3.9MB

Download
memory/4560-123-0x00007FF6FD5D0000-0x00007FF6FD9C2000-memory.dmp

Filesize
3.9MB

Download
memory/4560-3179-0x00007FF6FD5D0000-0x00007FF6FD9C2000-memory.dmp

Filesize
3.9MB

Download
memory/4584-3124-0x00007FF66D990000-0x00007FF66DD82000-memory.dmp

Filesize
3.9MB

Download
memory/4584-126-0x00007FF66D990000-0x00007FF66DD82000-memory.dmp

Filesize
3.9MB

Download
memory/4584-3190-0x00007FF66D990000-0x00007FF66DD82000-memory.dmp

Filesize
3.9MB

Download
memory/4616-165-0x00007FF6AD5C0000-0x00007FF6AD9B2000-memory.dmp

Filesize
3.9MB

Download
memory/4616-3252-0x00007FF6AD5C0000-0x00007FF6AD9B2000-memory.dmp

Filesize
3.9MB

Download
memory/4616-3151-0x00007FF6AD5C0000-0x00007FF6AD9B2000-memory.dmp

Filesize
3.9MB

Download
memory/4680-1-0x00000221533C0000-0x00000221533D0000-memory.dmp

Filesize
64KB

Download
memory/4680-0-0x00007FF7EF040000-0x00007FF7EF432000-memory.dmp

Filesize
3.9MB

Download