xmrig | 4ea61deb03187f0a209f9d79245298155b8ba276876b8efc323390fbaf5ba7eb

Analysis

max time kernel
108s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67c1c756bf985b3c0f4f3fb7ff90d010N.exe
Size

1.8MB
MD5

67c1c756bf985b3c0f4f3fb7ff90d010
SHA1

e0ddac56e4551455a1c3c663a122deefcda79ad0
SHA256

4ea61deb03187f0a209f9d79245298155b8ba276876b8efc323390fbaf5ba7eb
SHA512

d5124be6cbbdfeb5fd3c711f996cb3873df287cad13a93710543ad937cb03aa2c8ce18b9d0811f5de6236aaff3117f5570d3ed62fab2bec73c77afb85dd406f2
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlNIZbElhzBXeCnfJCwCc4MAKFpMlyapbhcy9:Lz071uv4BPMkFfdgIZohteLM0hj9dNvf

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3244-64-0x00007FF6F77D0000-0x00007FF6F7BC2000-memory.dmp	xmrig
behavioral2/memory/3532-115-0x00007FF7AA660000-0x00007FF7AAA52000-memory.dmp	xmrig
behavioral2/memory/2020-122-0x00007FF6B6B20000-0x00007FF6B6F12000-memory.dmp	xmrig
behavioral2/memory/4680-136-0x00007FF7F7990000-0x00007FF7F7D82000-memory.dmp	xmrig
behavioral2/memory/4740-154-0x00007FF6DFEC0000-0x00007FF6E02B2000-memory.dmp	xmrig
behavioral2/memory/2812-167-0x00007FF7A1170000-0x00007FF7A1562000-memory.dmp	xmrig
behavioral2/memory/4052-161-0x00007FF644360000-0x00007FF644752000-memory.dmp	xmrig
behavioral2/memory/3216-155-0x00007FF6A3760000-0x00007FF6A3B52000-memory.dmp	xmrig
behavioral2/memory/1576-148-0x00007FF677820000-0x00007FF677C12000-memory.dmp	xmrig
behavioral2/memory/2892-142-0x00007FF68D060000-0x00007FF68D452000-memory.dmp	xmrig
behavioral2/memory/4592-135-0x00007FF646000000-0x00007FF6463F2000-memory.dmp	xmrig
behavioral2/memory/2272-129-0x00007FF70BE10000-0x00007FF70C202000-memory.dmp	xmrig
behavioral2/memory/1620-128-0x00007FF777D20000-0x00007FF778112000-memory.dmp	xmrig
behavioral2/memory/464-116-0x00007FF6D3EA0000-0x00007FF6D4292000-memory.dmp	xmrig
behavioral2/memory/3980-109-0x00007FF73BAE0000-0x00007FF73BED2000-memory.dmp	xmrig
behavioral2/memory/980-108-0x00007FF7DC610000-0x00007FF7DCA02000-memory.dmp	xmrig
behavioral2/memory/2940-93-0x00007FF77E880000-0x00007FF77EC72000-memory.dmp	xmrig
behavioral2/memory/3956-88-0x00007FF67B720000-0x00007FF67BB12000-memory.dmp	xmrig
behavioral2/memory/656-83-0x00007FF79F870000-0x00007FF79FC62000-memory.dmp	xmrig
behavioral2/memory/2216-82-0x00007FF676390000-0x00007FF676782000-memory.dmp	xmrig
behavioral2/memory/1828-73-0x00007FF712660000-0x00007FF712A52000-memory.dmp	xmrig
behavioral2/memory/3360-58-0x00007FF7A8200000-0x00007FF7A85F2000-memory.dmp	xmrig
behavioral2/memory/3132-1939-0x00007FF7B4170000-0x00007FF7B4562000-memory.dmp	xmrig
behavioral2/memory/216-1940-0x00007FF60A100000-0x00007FF60A4F2000-memory.dmp	xmrig
behavioral2/memory/980-1992-0x00007FF7DC610000-0x00007FF7DCA02000-memory.dmp	xmrig
behavioral2/memory/3360-1994-0x00007FF7A8200000-0x00007FF7A85F2000-memory.dmp	xmrig
behavioral2/memory/3244-2000-0x00007FF6F77D0000-0x00007FF6F7BC2000-memory.dmp	xmrig
behavioral2/memory/2216-1996-0x00007FF676390000-0x00007FF676782000-memory.dmp	xmrig
behavioral2/memory/3956-1998-0x00007FF67B720000-0x00007FF67BB12000-memory.dmp	xmrig
behavioral2/memory/1828-2002-0x00007FF712660000-0x00007FF712A52000-memory.dmp	xmrig
behavioral2/memory/3532-2004-0x00007FF7AA660000-0x00007FF7AAA52000-memory.dmp	xmrig
behavioral2/memory/656-2006-0x00007FF79F870000-0x00007FF79FC62000-memory.dmp	xmrig
behavioral2/memory/3980-2008-0x00007FF73BAE0000-0x00007FF73BED2000-memory.dmp	xmrig
behavioral2/memory/2940-2012-0x00007FF77E880000-0x00007FF77EC72000-memory.dmp	xmrig
behavioral2/memory/464-2011-0x00007FF6D3EA0000-0x00007FF6D4292000-memory.dmp	xmrig
behavioral2/memory/2272-2024-0x00007FF70BE10000-0x00007FF70C202000-memory.dmp	xmrig
behavioral2/memory/4740-2026-0x00007FF6DFEC0000-0x00007FF6E02B2000-memory.dmp	xmrig
behavioral2/memory/3216-2034-0x00007FF6A3760000-0x00007FF6A3B52000-memory.dmp	xmrig
behavioral2/memory/2892-2032-0x00007FF68D060000-0x00007FF68D452000-memory.dmp	xmrig
behavioral2/memory/1576-2030-0x00007FF677820000-0x00007FF677C12000-memory.dmp	xmrig
behavioral2/memory/4592-2022-0x00007FF646000000-0x00007FF6463F2000-memory.dmp	xmrig
behavioral2/memory/3132-2020-0x00007FF7B4170000-0x00007FF7B4562000-memory.dmp	xmrig
behavioral2/memory/4680-2028-0x00007FF7F7990000-0x00007FF7F7D82000-memory.dmp	xmrig
behavioral2/memory/216-2018-0x00007FF60A100000-0x00007FF60A4F2000-memory.dmp	xmrig
behavioral2/memory/1620-2016-0x00007FF777D20000-0x00007FF778112000-memory.dmp	xmrig
behavioral2/memory/2020-2014-0x00007FF6B6B20000-0x00007FF6B6F12000-memory.dmp	xmrig
behavioral2/memory/2812-2043-0x00007FF7A1170000-0x00007FF7A1562000-memory.dmp	xmrig
behavioral2/memory/4052-2036-0x00007FF644360000-0x00007FF644752000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	1868	powershell.exe
10	1868	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1868	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
980	JPOCXiE.exe
3360	wGdivCX.exe
3244	nTjEGwK.exe
1828	SdeAYxY.exe
2216	CbrGxeD.exe
656	mSyBklt.exe
3980	yqLYwJk.exe
3956	HItNtAV.exe
2940	LoJGKxR.exe
3532	keDxsxF.exe
464	vTItJos.exe
2020	zNjaCfO.exe
216	XagaRVD.exe
3132	gXWALPi.exe
1620	akuhJnp.exe
2272	SKUaaYe.exe
4592	IXmXkwY.exe
4680	ltcFumc.exe
2892	WaoPBLj.exe
1576	bnAJGIb.exe
4740	JDpLMlh.exe
3216	kMNYLVR.exe
4052	WuOpWSE.exe
2812	HWihHNk.exe
3504	MWSsyJD.exe
1876	UUQEMqX.exe
4760	voDxypJ.exe
1116	Wewmbkw.exe
5056	TczoJBK.exe
2516	jdiskMd.exe
1172	bDMmhLx.exe
1508	IiTaQRE.exe
3872	crWIblN.exe
2168	AbvTMTZ.exe
2588	MrZyWOc.exe
1068	IgicJzr.exe
4676	WHWnHAE.exe
1992	fFTCkIx.exe
2384	ZVPnsVm.exe
1232	chvGOXb.exe
1484	egpgAJB.exe
2396	mZwtkjf.exe
836	lVmlnNc.exe
3036	ctkltLi.exe
3356	NbkQSni.exe
552	rKthnHa.exe
1832	IxAmEjo.exe
1912	VWQhkMa.exe
3884	kPpdOHC.exe
2984	HWjzdSe.exe
4848	lXsEnle.exe
4652	HrEpaLI.exe
1968	UGTUaxv.exe
4332	WHxUVTe.exe
3192	JmonZCl.exe
3028	xqFGgJJ.exe
4688	AFVYiId.exe
1900	ZRngyaN.exe
2512	gEDJubY.exe
4952	JJJfzLh.exe
1908	XFIzADx.exe
2464	hIqBTzA.exe
1276	yoJjmuF.exe
1584	ClqZqIl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3616-0-0x00007FF6C2D00000-0x00007FF6C30F2000-memory.dmp	upx
behavioral2/files/0x000900000002349a-6.dat	upx
behavioral2/files/0x00070000000234a2-8.dat	upx
behavioral2/files/0x00070000000234a6-25.dat	upx
behavioral2/files/0x00070000000234a1-26.dat	upx
behavioral2/files/0x00070000000234a7-51.dat	upx
behavioral2/files/0x00070000000234aa-49.dat	upx
behavioral2/memory/3244-64-0x00007FF6F77D0000-0x00007FF6F7BC2000-memory.dmp	upx
behavioral2/files/0x00080000000234a4-79.dat	upx
behavioral2/files/0x00070000000234ae-84.dat	upx
behavioral2/files/0x00070000000234ad-102.dat	upx
behavioral2/files/0x00070000000234b0-105.dat	upx
behavioral2/memory/3532-115-0x00007FF7AA660000-0x00007FF7AAA52000-memory.dmp	upx
behavioral2/memory/2020-122-0x00007FF6B6B20000-0x00007FF6B6F12000-memory.dmp	upx
behavioral2/memory/4680-136-0x00007FF7F7990000-0x00007FF7F7D82000-memory.dmp	upx
behavioral2/files/0x00070000000234b3-143.dat	upx
behavioral2/memory/4740-154-0x00007FF6DFEC0000-0x00007FF6E02B2000-memory.dmp	upx
behavioral2/files/0x00070000000234b6-162.dat	upx
behavioral2/files/0x00070000000234ba-175.dat	upx
behavioral2/files/0x00070000000234bf-200.dat	upx
behavioral2/files/0x00070000000234bd-198.dat	upx
behavioral2/files/0x00070000000234be-195.dat	upx
behavioral2/files/0x00070000000234bc-193.dat	upx
behavioral2/files/0x00070000000234bb-188.dat	upx
behavioral2/files/0x00070000000234b9-178.dat	upx
behavioral2/files/0x00070000000234b8-173.dat	upx
behavioral2/files/0x00070000000234b7-168.dat	upx
behavioral2/memory/2812-167-0x00007FF7A1170000-0x00007FF7A1562000-memory.dmp	upx
behavioral2/memory/4052-161-0x00007FF644360000-0x00007FF644752000-memory.dmp	upx
behavioral2/files/0x00070000000234b5-156.dat	upx
behavioral2/memory/3216-155-0x00007FF6A3760000-0x00007FF6A3B52000-memory.dmp	upx
behavioral2/files/0x00070000000234b4-149.dat	upx
behavioral2/memory/1576-148-0x00007FF677820000-0x00007FF677C12000-memory.dmp	upx
behavioral2/memory/2892-142-0x00007FF68D060000-0x00007FF68D452000-memory.dmp	upx
behavioral2/files/0x00070000000234b2-137.dat	upx
behavioral2/memory/4592-135-0x00007FF646000000-0x00007FF6463F2000-memory.dmp	upx
behavioral2/files/0x000800000002349e-130.dat	upx
behavioral2/memory/2272-129-0x00007FF70BE10000-0x00007FF70C202000-memory.dmp	upx
behavioral2/memory/1620-128-0x00007FF777D20000-0x00007FF778112000-memory.dmp	upx
behavioral2/files/0x00070000000234b1-123.dat	upx
behavioral2/memory/464-116-0x00007FF6D3EA0000-0x00007FF6D4292000-memory.dmp	upx
behavioral2/files/0x00070000000234af-110.dat	upx
behavioral2/memory/3980-109-0x00007FF73BAE0000-0x00007FF73BED2000-memory.dmp	upx
behavioral2/memory/980-108-0x00007FF7DC610000-0x00007FF7DCA02000-memory.dmp	upx
behavioral2/memory/3132-104-0x00007FF7B4170000-0x00007FF7B4562000-memory.dmp	upx
behavioral2/files/0x00070000000234ac-97.dat	upx
behavioral2/memory/216-94-0x00007FF60A100000-0x00007FF60A4F2000-memory.dmp	upx
behavioral2/memory/2940-93-0x00007FF77E880000-0x00007FF77EC72000-memory.dmp	upx
behavioral2/memory/3956-88-0x00007FF67B720000-0x00007FF67BB12000-memory.dmp	upx
behavioral2/files/0x00080000000234a5-86.dat	upx
behavioral2/memory/656-83-0x00007FF79F870000-0x00007FF79FC62000-memory.dmp	upx
behavioral2/memory/2216-82-0x00007FF676390000-0x00007FF676782000-memory.dmp	upx
behavioral2/files/0x00070000000234a9-78.dat	upx
behavioral2/memory/1828-73-0x00007FF712660000-0x00007FF712A52000-memory.dmp	upx
behavioral2/files/0x00070000000234ab-63.dat	upx
behavioral2/files/0x00070000000234a8-59.dat	upx
behavioral2/memory/3360-58-0x00007FF7A8200000-0x00007FF7A85F2000-memory.dmp	upx
behavioral2/files/0x00070000000234a3-55.dat	upx
behavioral2/memory/3132-1939-0x00007FF7B4170000-0x00007FF7B4562000-memory.dmp	upx
behavioral2/memory/216-1940-0x00007FF60A100000-0x00007FF60A4F2000-memory.dmp	upx
behavioral2/memory/980-1992-0x00007FF7DC610000-0x00007FF7DCA02000-memory.dmp	upx
behavioral2/memory/3360-1994-0x00007FF7A8200000-0x00007FF7A85F2000-memory.dmp	upx
behavioral2/memory/3244-2000-0x00007FF6F77D0000-0x00007FF6F7BC2000-memory.dmp	upx
behavioral2/memory/2216-1996-0x00007FF676390000-0x00007FF676782000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PXnAwwn.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\ohpKVsU.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\AdwIQlB.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\cLisikl.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\ecnBJPb.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\eTnuTwj.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\qucroSV.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\VEeYuqv.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\zmxdDAE.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\YgvRepG.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\yyhQonr.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\ZRngyaN.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\EHbZZnJ.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\gPsrhCs.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\eTZVRqS.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\LJHnyjd.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\WDAKatQ.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\moDsIiG.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\SpdDGww.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\AwHBmgp.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\gpKBLwR.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\IKrDDZu.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\gZhaDgQ.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\HJVdLLD.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\oPJLYMT.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\zqClvib.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\asmlBhq.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\phMVjnO.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\HpxZaDc.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\NyFZFIN.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\CKWDVwm.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\IgicJzr.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\BLKZGLZ.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\LjtEpFS.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\YNEgkql.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\AXjddkE.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\pKxZzIN.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\oebHTYK.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\yWuwAKZ.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\KHMkrbq.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\QoDXZRz.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\jdiskMd.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\oLVddmr.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\NjzNZuP.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\cYkxnuH.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\ovDetpT.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\gXWALPi.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\HmNOMZa.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\DkQTyTE.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\mutqJRF.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\iaMyLAT.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\ogizQoN.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\WVIjqqr.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\yDaRorK.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\RydbXfG.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\sHmEKFk.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\VdFUMHf.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\FpxAxjE.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\FOFfxLF.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\XQkuCPY.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\sSqGSEW.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\lchTmwU.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\CyMtxxm.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
File created	C:\Windows\System\wyFmeph.exe	67c1c756bf985b3c0f4f3fb7ff90d010N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1868	powershell.exe
1868	powershell.exe
1868	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1868	powershell.exe
Token: SeLockMemoryPrivilege	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
Token: SeLockMemoryPrivilege	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe
Token: SeCreateGlobalPrivilege	12636	dwm.exe
Token: SeChangeNotifyPrivilege	12636	dwm.exe
Token: 33	12636	dwm.exe
Token: SeIncBasePriorityPrivilege	12636	dwm.exe
Token: SeShutdownPrivilege	12636	dwm.exe
Token: SeCreatePagefilePrivilege	12636	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 1868	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	84
PID 3616 wrote to memory of 1868	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	84
PID 3616 wrote to memory of 980	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	85
PID 3616 wrote to memory of 980	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	85
PID 3616 wrote to memory of 3360	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	86
PID 3616 wrote to memory of 3360	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	86
PID 3616 wrote to memory of 3244	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	87
PID 3616 wrote to memory of 3244	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	87
PID 3616 wrote to memory of 1828	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	88
PID 3616 wrote to memory of 1828	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	88
PID 3616 wrote to memory of 2216	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	89
PID 3616 wrote to memory of 2216	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	89
PID 3616 wrote to memory of 656	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	90
PID 3616 wrote to memory of 656	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	90
PID 3616 wrote to memory of 3980	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	91
PID 3616 wrote to memory of 3980	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	91
PID 3616 wrote to memory of 2940	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	92
PID 3616 wrote to memory of 2940	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	92
PID 3616 wrote to memory of 3956	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	93
PID 3616 wrote to memory of 3956	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	93
PID 3616 wrote to memory of 3532	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	94
PID 3616 wrote to memory of 3532	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	94
PID 3616 wrote to memory of 464	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	95
PID 3616 wrote to memory of 464	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	95
PID 3616 wrote to memory of 2020	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	96
PID 3616 wrote to memory of 2020	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	96
PID 3616 wrote to memory of 216	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	97
PID 3616 wrote to memory of 216	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	97
PID 3616 wrote to memory of 3132	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	98
PID 3616 wrote to memory of 3132	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	98
PID 3616 wrote to memory of 1620	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	99
PID 3616 wrote to memory of 1620	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	99
PID 3616 wrote to memory of 2272	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	100
PID 3616 wrote to memory of 2272	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	100
PID 3616 wrote to memory of 4592	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	101
PID 3616 wrote to memory of 4592	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	101
PID 3616 wrote to memory of 4680	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	102
PID 3616 wrote to memory of 4680	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	102
PID 3616 wrote to memory of 2892	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	103
PID 3616 wrote to memory of 2892	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	103
PID 3616 wrote to memory of 1576	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	104
PID 3616 wrote to memory of 1576	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	104
PID 3616 wrote to memory of 4740	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	105
PID 3616 wrote to memory of 4740	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	105
PID 3616 wrote to memory of 3216	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	106
PID 3616 wrote to memory of 3216	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	106
PID 3616 wrote to memory of 4052	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	107
PID 3616 wrote to memory of 4052	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	107
PID 3616 wrote to memory of 2812	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	108
PID 3616 wrote to memory of 2812	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	108
PID 3616 wrote to memory of 3504	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	109
PID 3616 wrote to memory of 3504	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	109
PID 3616 wrote to memory of 1876	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	110
PID 3616 wrote to memory of 1876	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	110
PID 3616 wrote to memory of 4760	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	111
PID 3616 wrote to memory of 4760	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	111
PID 3616 wrote to memory of 1116	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	112
PID 3616 wrote to memory of 1116	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	112
PID 3616 wrote to memory of 5056	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	113
PID 3616 wrote to memory of 5056	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	113
PID 3616 wrote to memory of 2516	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	114
PID 3616 wrote to memory of 2516	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	114
PID 3616 wrote to memory of 1172	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	115
PID 3616 wrote to memory of 1172	3616	67c1c756bf985b3c0f4f3fb7ff90d010N.exe	115

C:\Users\Admin\AppData\Local\Temp\67c1c756bf985b3c0f4f3fb7ff90d010N.exe
"C:\Users\Admin\AppData\Local\Temp\67c1c756bf985b3c0f4f3fb7ff90d010N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1868
- C:\Windows\System\JPOCXiE.exe
  C:\Windows\System\JPOCXiE.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\wGdivCX.exe
  C:\Windows\System\wGdivCX.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\nTjEGwK.exe
  C:\Windows\System\nTjEGwK.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\SdeAYxY.exe
  C:\Windows\System\SdeAYxY.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\CbrGxeD.exe
  C:\Windows\System\CbrGxeD.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\mSyBklt.exe
  C:\Windows\System\mSyBklt.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\yqLYwJk.exe
  C:\Windows\System\yqLYwJk.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\LoJGKxR.exe
  C:\Windows\System\LoJGKxR.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\HItNtAV.exe
  C:\Windows\System\HItNtAV.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\keDxsxF.exe
  C:\Windows\System\keDxsxF.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\vTItJos.exe
  C:\Windows\System\vTItJos.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\zNjaCfO.exe
  C:\Windows\System\zNjaCfO.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\XagaRVD.exe
  C:\Windows\System\XagaRVD.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\gXWALPi.exe
  C:\Windows\System\gXWALPi.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\akuhJnp.exe
  C:\Windows\System\akuhJnp.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\SKUaaYe.exe
  C:\Windows\System\SKUaaYe.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\IXmXkwY.exe
  C:\Windows\System\IXmXkwY.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\ltcFumc.exe
  C:\Windows\System\ltcFumc.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\WaoPBLj.exe
  C:\Windows\System\WaoPBLj.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\bnAJGIb.exe
  C:\Windows\System\bnAJGIb.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\JDpLMlh.exe
  C:\Windows\System\JDpLMlh.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\kMNYLVR.exe
  C:\Windows\System\kMNYLVR.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\WuOpWSE.exe
  C:\Windows\System\WuOpWSE.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\HWihHNk.exe
  C:\Windows\System\HWihHNk.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\MWSsyJD.exe
  C:\Windows\System\MWSsyJD.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\UUQEMqX.exe
  C:\Windows\System\UUQEMqX.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\voDxypJ.exe
  C:\Windows\System\voDxypJ.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\Wewmbkw.exe
  C:\Windows\System\Wewmbkw.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\TczoJBK.exe
  C:\Windows\System\TczoJBK.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\jdiskMd.exe
  C:\Windows\System\jdiskMd.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\bDMmhLx.exe
  C:\Windows\System\bDMmhLx.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\IiTaQRE.exe
  C:\Windows\System\IiTaQRE.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\crWIblN.exe
  C:\Windows\System\crWIblN.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\AbvTMTZ.exe
  C:\Windows\System\AbvTMTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\MrZyWOc.exe
  C:\Windows\System\MrZyWOc.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\IgicJzr.exe
  C:\Windows\System\IgicJzr.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\WHWnHAE.exe
  C:\Windows\System\WHWnHAE.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\fFTCkIx.exe
  C:\Windows\System\fFTCkIx.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\ZVPnsVm.exe
  C:\Windows\System\ZVPnsVm.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\chvGOXb.exe
  C:\Windows\System\chvGOXb.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\egpgAJB.exe
  C:\Windows\System\egpgAJB.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\mZwtkjf.exe
  C:\Windows\System\mZwtkjf.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\lVmlnNc.exe
  C:\Windows\System\lVmlnNc.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\ctkltLi.exe
  C:\Windows\System\ctkltLi.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\NbkQSni.exe
  C:\Windows\System\NbkQSni.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\rKthnHa.exe
  C:\Windows\System\rKthnHa.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\IxAmEjo.exe
  C:\Windows\System\IxAmEjo.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\VWQhkMa.exe
  C:\Windows\System\VWQhkMa.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\kPpdOHC.exe
  C:\Windows\System\kPpdOHC.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\HWjzdSe.exe
  C:\Windows\System\HWjzdSe.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\lXsEnle.exe
  C:\Windows\System\lXsEnle.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\HrEpaLI.exe
  C:\Windows\System\HrEpaLI.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\UGTUaxv.exe
  C:\Windows\System\UGTUaxv.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\WHxUVTe.exe
  C:\Windows\System\WHxUVTe.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\JmonZCl.exe
  C:\Windows\System\JmonZCl.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\xqFGgJJ.exe
  C:\Windows\System\xqFGgJJ.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\AFVYiId.exe
  C:\Windows\System\AFVYiId.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\ZRngyaN.exe
  C:\Windows\System\ZRngyaN.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\gEDJubY.exe
  C:\Windows\System\gEDJubY.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\JJJfzLh.exe
  C:\Windows\System\JJJfzLh.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\XFIzADx.exe
  C:\Windows\System\XFIzADx.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\hIqBTzA.exe
  C:\Windows\System\hIqBTzA.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\yoJjmuF.exe
  C:\Windows\System\yoJjmuF.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\ClqZqIl.exe
  C:\Windows\System\ClqZqIl.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\bFNCfhh.exe
  C:\Windows\System\bFNCfhh.exe
  2⤵
  PID:3656
- C:\Windows\System\IZhvOEQ.exe
  C:\Windows\System\IZhvOEQ.exe
  2⤵
  PID:232
- C:\Windows\System\xriryHW.exe
  C:\Windows\System\xriryHW.exe
  2⤵
  PID:880
- C:\Windows\System\pRELCtJ.exe
  C:\Windows\System\pRELCtJ.exe
  2⤵
  PID:4524
- C:\Windows\System\BTPeZQs.exe
  C:\Windows\System\BTPeZQs.exe
  2⤵
  PID:4996
- C:\Windows\System\LGfmDis.exe
  C:\Windows\System\LGfmDis.exe
  2⤵
  PID:924
- C:\Windows\System\UZtEyEy.exe
  C:\Windows\System\UZtEyEy.exe
  2⤵
  PID:2752
- C:\Windows\System\vEqGUke.exe
  C:\Windows\System\vEqGUke.exe
  2⤵
  PID:5092
- C:\Windows\System\RydbXfG.exe
  C:\Windows\System\RydbXfG.exe
  2⤵
  PID:4872
- C:\Windows\System\RxaZJaz.exe
  C:\Windows\System\RxaZJaz.exe
  2⤵
  PID:2844
- C:\Windows\System\LvPPhni.exe
  C:\Windows\System\LvPPhni.exe
  2⤵
  PID:3100
- C:\Windows\System\kRjTGjs.exe
  C:\Windows\System\kRjTGjs.exe
  2⤵
  PID:3460
- C:\Windows\System\skXoTxh.exe
  C:\Windows\System\skXoTxh.exe
  2⤵
  PID:816
- C:\Windows\System\eTnuTwj.exe
  C:\Windows\System\eTnuTwj.exe
  2⤵
  PID:3800
- C:\Windows\System\nubZuYs.exe
  C:\Windows\System\nubZuYs.exe
  2⤵
  PID:5148
- C:\Windows\System\OYgjocH.exe
  C:\Windows\System\OYgjocH.exe
  2⤵
  PID:5184
- C:\Windows\System\CnwcZcS.exe
  C:\Windows\System\CnwcZcS.exe
  2⤵
  PID:5204
- C:\Windows\System\yNjlabS.exe
  C:\Windows\System\yNjlabS.exe
  2⤵
  PID:5236
- C:\Windows\System\aZZcVAm.exe
  C:\Windows\System\aZZcVAm.exe
  2⤵
  PID:5260
- C:\Windows\System\MvMTWgW.exe
  C:\Windows\System\MvMTWgW.exe
  2⤵
  PID:5284
- C:\Windows\System\kvEpwpl.exe
  C:\Windows\System\kvEpwpl.exe
  2⤵
  PID:5312
- C:\Windows\System\lLdekHU.exe
  C:\Windows\System\lLdekHU.exe
  2⤵
  PID:5340
- C:\Windows\System\pAKDSTL.exe
  C:\Windows\System\pAKDSTL.exe
  2⤵
  PID:5372
- C:\Windows\System\EHbZZnJ.exe
  C:\Windows\System\EHbZZnJ.exe
  2⤵
  PID:5396
- C:\Windows\System\XgCcpuR.exe
  C:\Windows\System\XgCcpuR.exe
  2⤵
  PID:5424
- C:\Windows\System\MOvxLYa.exe
  C:\Windows\System\MOvxLYa.exe
  2⤵
  PID:5452
- C:\Windows\System\JqwkIpQ.exe
  C:\Windows\System\JqwkIpQ.exe
  2⤵
  PID:5480
- C:\Windows\System\JyJMAKf.exe
  C:\Windows\System\JyJMAKf.exe
  2⤵
  PID:5512
- C:\Windows\System\dUqJsBR.exe
  C:\Windows\System\dUqJsBR.exe
  2⤵
  PID:5540
- C:\Windows\System\dlQkWSa.exe
  C:\Windows\System\dlQkWSa.exe
  2⤵
  PID:5572
- C:\Windows\System\BvVXjWY.exe
  C:\Windows\System\BvVXjWY.exe
  2⤵
  PID:5596
- C:\Windows\System\cUCSngh.exe
  C:\Windows\System\cUCSngh.exe
  2⤵
  PID:5628
- C:\Windows\System\EYKjHlx.exe
  C:\Windows\System\EYKjHlx.exe
  2⤵
  PID:5652
- C:\Windows\System\YfBtQmG.exe
  C:\Windows\System\YfBtQmG.exe
  2⤵
  PID:5684
- C:\Windows\System\GQXXjDP.exe
  C:\Windows\System\GQXXjDP.exe
  2⤵
  PID:5712
- C:\Windows\System\xfBHKXm.exe
  C:\Windows\System\xfBHKXm.exe
  2⤵
  PID:5740
- C:\Windows\System\LdfSxWL.exe
  C:\Windows\System\LdfSxWL.exe
  2⤵
  PID:5764
- C:\Windows\System\GZhCbVm.exe
  C:\Windows\System\GZhCbVm.exe
  2⤵
  PID:5796
- C:\Windows\System\sltFDHc.exe
  C:\Windows\System\sltFDHc.exe
  2⤵
  PID:5820
- C:\Windows\System\sxbfcrj.exe
  C:\Windows\System\sxbfcrj.exe
  2⤵
  PID:5848
- C:\Windows\System\FQszDWO.exe
  C:\Windows\System\FQszDWO.exe
  2⤵
  PID:5880
- C:\Windows\System\dnbYMEj.exe
  C:\Windows\System\dnbYMEj.exe
  2⤵
  PID:5908
- C:\Windows\System\QgqnVXM.exe
  C:\Windows\System\QgqnVXM.exe
  2⤵
  PID:5936
- C:\Windows\System\KHDjSqf.exe
  C:\Windows\System\KHDjSqf.exe
  2⤵
  PID:5964
- C:\Windows\System\Camuots.exe
  C:\Windows\System\Camuots.exe
  2⤵
  PID:5992
- C:\Windows\System\xLZRAuP.exe
  C:\Windows\System\xLZRAuP.exe
  2⤵
  PID:6020
- C:\Windows\System\kGXjFoY.exe
  C:\Windows\System\kGXjFoY.exe
  2⤵
  PID:6052
- C:\Windows\System\kXIRykl.exe
  C:\Windows\System\kXIRykl.exe
  2⤵
  PID:6076
- C:\Windows\System\VfNhfMe.exe
  C:\Windows\System\VfNhfMe.exe
  2⤵
  PID:6104
- C:\Windows\System\IPRkGpP.exe
  C:\Windows\System\IPRkGpP.exe
  2⤵
  PID:6132
- C:\Windows\System\tWYeocL.exe
  C:\Windows\System\tWYeocL.exe
  2⤵
  PID:4168
- C:\Windows\System\qbEbRza.exe
  C:\Windows\System\qbEbRza.exe
  2⤵
  PID:3472
- C:\Windows\System\RACSodh.exe
  C:\Windows\System\RACSodh.exe
  2⤵
  PID:1464
- C:\Windows\System\CuXOxKz.exe
  C:\Windows\System\CuXOxKz.exe
  2⤵
  PID:4528
- C:\Windows\System\BGLkfeg.exe
  C:\Windows\System\BGLkfeg.exe
  2⤵
  PID:5160
- C:\Windows\System\OIxisJh.exe
  C:\Windows\System\OIxisJh.exe
  2⤵
  PID:5228
- C:\Windows\System\EcVScwn.exe
  C:\Windows\System\EcVScwn.exe
  2⤵
  PID:5280
- C:\Windows\System\emyzcbu.exe
  C:\Windows\System\emyzcbu.exe
  2⤵
  PID:5332
- C:\Windows\System\EAMzXmB.exe
  C:\Windows\System\EAMzXmB.exe
  2⤵
  PID:5392
- C:\Windows\System\wjMzSsE.exe
  C:\Windows\System\wjMzSsE.exe
  2⤵
  PID:5448
- C:\Windows\System\UBGNHcT.exe
  C:\Windows\System\UBGNHcT.exe
  2⤵
  PID:5508
- C:\Windows\System\IKrDDZu.exe
  C:\Windows\System\IKrDDZu.exe
  2⤵
  PID:5584
- C:\Windows\System\DMIkkSh.exe
  C:\Windows\System\DMIkkSh.exe
  2⤵
  PID:5640
- C:\Windows\System\xGxsLCb.exe
  C:\Windows\System\xGxsLCb.exe
  2⤵
  PID:2616
- C:\Windows\System\NNOxDdM.exe
  C:\Windows\System\NNOxDdM.exe
  2⤵
  PID:5756
- C:\Windows\System\gZhaDgQ.exe
  C:\Windows\System\gZhaDgQ.exe
  2⤵
  PID:780
- C:\Windows\System\eMGBcuM.exe
  C:\Windows\System\eMGBcuM.exe
  2⤵
  PID:5864
- C:\Windows\System\JQgCOKS.exe
  C:\Windows\System\JQgCOKS.exe
  2⤵
  PID:5904
- C:\Windows\System\EbUjOlI.exe
  C:\Windows\System\EbUjOlI.exe
  2⤵
  PID:5980
- C:\Windows\System\OFaLmYf.exe
  C:\Windows\System\OFaLmYf.exe
  2⤵
  PID:6016
- C:\Windows\System\jvnZsJA.exe
  C:\Windows\System\jvnZsJA.exe
  2⤵
  PID:6092
- C:\Windows\System\SJoAvLZ.exe
  C:\Windows\System\SJoAvLZ.exe
  2⤵
  PID:6120
- C:\Windows\System\xozdZXf.exe
  C:\Windows\System\xozdZXf.exe
  2⤵
  PID:940
- C:\Windows\System\aytrweg.exe
  C:\Windows\System\aytrweg.exe
  2⤵
  PID:4944
- C:\Windows\System\nkTsmxb.exe
  C:\Windows\System\nkTsmxb.exe
  2⤵
  PID:4940
- C:\Windows\System\SthTWoZ.exe
  C:\Windows\System\SthTWoZ.exe
  2⤵
  PID:5256
- C:\Windows\System\sswciYL.exe
  C:\Windows\System\sswciYL.exe
  2⤵
  PID:4636
- C:\Windows\System\sHmEKFk.exe
  C:\Windows\System\sHmEKFk.exe
  2⤵
  PID:952
- C:\Windows\System\OefWPby.exe
  C:\Windows\System\OefWPby.exe
  2⤵
  PID:5504
- C:\Windows\System\KPYaIcf.exe
  C:\Windows\System\KPYaIcf.exe
  2⤵
  PID:5620
- C:\Windows\System\xyWkaZY.exe
  C:\Windows\System\xyWkaZY.exe
  2⤵
  PID:3400
- C:\Windows\System\bzMTRMS.exe
  C:\Windows\System\bzMTRMS.exe
  2⤵
  PID:5960
- C:\Windows\System\aZnvqdO.exe
  C:\Windows\System\aZnvqdO.exe
  2⤵
  PID:6008
- C:\Windows\System\yLppKAW.exe
  C:\Windows\System\yLppKAW.exe
  2⤵
  PID:4360
- C:\Windows\System\bzsealJ.exe
  C:\Windows\System\bzsealJ.exe
  2⤵
  PID:5040
- C:\Windows\System\VdFUMHf.exe
  C:\Windows\System\VdFUMHf.exe
  2⤵
  PID:4896
- C:\Windows\System\CyMtxxm.exe
  C:\Windows\System\CyMtxxm.exe
  2⤵
  PID:5276
- C:\Windows\System\wyFmeph.exe
  C:\Windows\System\wyFmeph.exe
  2⤵
  PID:5388
- C:\Windows\System\kFVnRVE.exe
  C:\Windows\System\kFVnRVE.exe
  2⤵
  PID:3256
- C:\Windows\System\axoEgdJ.exe
  C:\Windows\System\axoEgdJ.exe
  2⤵
  PID:2268
- C:\Windows\System\HJVdLLD.exe
  C:\Windows\System\HJVdLLD.exe
  2⤵
  PID:4240
- C:\Windows\System\tqzreSp.exe
  C:\Windows\System\tqzreSp.exe
  2⤵
  PID:1168
- C:\Windows\System\ONTpFAz.exe
  C:\Windows\System\ONTpFAz.exe
  2⤵
  PID:1356
- C:\Windows\System\FAvYrGE.exe
  C:\Windows\System\FAvYrGE.exe
  2⤵
  PID:2452
- C:\Windows\System\oLVddmr.exe
  C:\Windows\System\oLVddmr.exe
  2⤵
  PID:3484
- C:\Windows\System\sAZrnus.exe
  C:\Windows\System\sAZrnus.exe
  2⤵
  PID:5060
- C:\Windows\System\qEVLnhK.exe
  C:\Windows\System\qEVLnhK.exe
  2⤵
  PID:5272
- C:\Windows\System\kgsRuVp.exe
  C:\Windows\System\kgsRuVp.exe
  2⤵
  PID:5616
- C:\Windows\System\jRxJSoo.exe
  C:\Windows\System\jRxJSoo.exe
  2⤵
  PID:2060
- C:\Windows\System\AieKqRC.exe
  C:\Windows\System\AieKqRC.exe
  2⤵
  PID:3468
- C:\Windows\System\jwQXqyc.exe
  C:\Windows\System\jwQXqyc.exe
  2⤵
  PID:4084
- C:\Windows\System\oQKbioT.exe
  C:\Windows\System\oQKbioT.exe
  2⤵
  PID:3316
- C:\Windows\System\JhSnXCC.exe
  C:\Windows\System\JhSnXCC.exe
  2⤵
  PID:6168
- C:\Windows\System\bzPKEXF.exe
  C:\Windows\System\bzPKEXF.exe
  2⤵
  PID:6196
- C:\Windows\System\RWiTjFk.exe
  C:\Windows\System\RWiTjFk.exe
  2⤵
  PID:6212
- C:\Windows\System\MzSuxQV.exe
  C:\Windows\System\MzSuxQV.exe
  2⤵
  PID:6244
- C:\Windows\System\VvqqthK.exe
  C:\Windows\System\VvqqthK.exe
  2⤵
  PID:6260
- C:\Windows\System\xcNCkta.exe
  C:\Windows\System\xcNCkta.exe
  2⤵
  PID:6288
- C:\Windows\System\qucroSV.exe
  C:\Windows\System\qucroSV.exe
  2⤵
  PID:6312
- C:\Windows\System\AEbhxOw.exe
  C:\Windows\System\AEbhxOw.exe
  2⤵
  PID:6336
- C:\Windows\System\ZnYzacK.exe
  C:\Windows\System\ZnYzacK.exe
  2⤵
  PID:6356
- C:\Windows\System\GZwHcHO.exe
  C:\Windows\System\GZwHcHO.exe
  2⤵
  PID:6380
- C:\Windows\System\bOTuIGn.exe
  C:\Windows\System\bOTuIGn.exe
  2⤵
  PID:6400
- C:\Windows\System\YVcLubP.exe
  C:\Windows\System\YVcLubP.exe
  2⤵
  PID:6436
- C:\Windows\System\FfciCCz.exe
  C:\Windows\System\FfciCCz.exe
  2⤵
  PID:6460
- C:\Windows\System\AXjddkE.exe
  C:\Windows\System\AXjddkE.exe
  2⤵
  PID:6508
- C:\Windows\System\CYPZFQN.exe
  C:\Windows\System\CYPZFQN.exe
  2⤵
  PID:6528
- C:\Windows\System\QkPQxit.exe
  C:\Windows\System\QkPQxit.exe
  2⤵
  PID:6576
- C:\Windows\System\ntUsEDU.exe
  C:\Windows\System\ntUsEDU.exe
  2⤵
  PID:6592
- C:\Windows\System\SjJFZww.exe
  C:\Windows\System\SjJFZww.exe
  2⤵
  PID:6624
- C:\Windows\System\iTvgZlC.exe
  C:\Windows\System\iTvgZlC.exe
  2⤵
  PID:6644
- C:\Windows\System\ukPJcYa.exe
  C:\Windows\System\ukPJcYa.exe
  2⤵
  PID:6688
- C:\Windows\System\XGNLVkd.exe
  C:\Windows\System\XGNLVkd.exe
  2⤵
  PID:6712
- C:\Windows\System\VEeYuqv.exe
  C:\Windows\System\VEeYuqv.exe
  2⤵
  PID:6732
- C:\Windows\System\pOxRlsF.exe
  C:\Windows\System\pOxRlsF.exe
  2⤵
  PID:6756
- C:\Windows\System\BLKZGLZ.exe
  C:\Windows\System\BLKZGLZ.exe
  2⤵
  PID:6776
- C:\Windows\System\kjVKNKD.exe
  C:\Windows\System\kjVKNKD.exe
  2⤵
  PID:6832
- C:\Windows\System\WEAgzAI.exe
  C:\Windows\System\WEAgzAI.exe
  2⤵
  PID:6852
- C:\Windows\System\mUjRjKH.exe
  C:\Windows\System\mUjRjKH.exe
  2⤵
  PID:6884
- C:\Windows\System\fnKnuoK.exe
  C:\Windows\System\fnKnuoK.exe
  2⤵
  PID:6900
- C:\Windows\System\jGOMAEd.exe
  C:\Windows\System\jGOMAEd.exe
  2⤵
  PID:6924
- C:\Windows\System\vefdLJp.exe
  C:\Windows\System\vefdLJp.exe
  2⤵
  PID:6948
- C:\Windows\System\KVaHBlW.exe
  C:\Windows\System\KVaHBlW.exe
  2⤵
  PID:6984
- C:\Windows\System\SAYApkL.exe
  C:\Windows\System\SAYApkL.exe
  2⤵
  PID:7028
- C:\Windows\System\NjzNZuP.exe
  C:\Windows\System\NjzNZuP.exe
  2⤵
  PID:7056
- C:\Windows\System\RzXlEML.exe
  C:\Windows\System\RzXlEML.exe
  2⤵
  PID:7076
- C:\Windows\System\uUEuqBx.exe
  C:\Windows\System\uUEuqBx.exe
  2⤵
  PID:7096
- C:\Windows\System\LsIscVD.exe
  C:\Windows\System\LsIscVD.exe
  2⤵
  PID:7136
- C:\Windows\System\COAOEGD.exe
  C:\Windows\System\COAOEGD.exe
  2⤵
  PID:7164
- C:\Windows\System\qUWANKg.exe
  C:\Windows\System\qUWANKg.exe
  2⤵
  PID:556
- C:\Windows\System\kUcVraH.exe
  C:\Windows\System\kUcVraH.exe
  2⤵
  PID:6228
- C:\Windows\System\JtoHNkZ.exe
  C:\Windows\System\JtoHNkZ.exe
  2⤵
  PID:6284
- C:\Windows\System\aGWnfLu.exe
  C:\Windows\System\aGWnfLu.exe
  2⤵
  PID:6320
- C:\Windows\System\OjlIaud.exe
  C:\Windows\System\OjlIaud.exe
  2⤵
  PID:6352
- C:\Windows\System\yZeVzsv.exe
  C:\Windows\System\yZeVzsv.exe
  2⤵
  PID:6392
- C:\Windows\System\jORoBbd.exe
  C:\Windows\System\jORoBbd.exe
  2⤵
  PID:6432
- C:\Windows\System\CDGJtIy.exe
  C:\Windows\System\CDGJtIy.exe
  2⤵
  PID:6616
- C:\Windows\System\jeiDpiG.exe
  C:\Windows\System\jeiDpiG.exe
  2⤵
  PID:6680
- C:\Windows\System\FlVoRAD.exe
  C:\Windows\System\FlVoRAD.exe
  2⤵
  PID:6752
- C:\Windows\System\JWOKIPX.exe
  C:\Windows\System\JWOKIPX.exe
  2⤵
  PID:6808
- C:\Windows\System\lyIksdq.exe
  C:\Windows\System\lyIksdq.exe
  2⤵
  PID:6860
- C:\Windows\System\ktcuwmE.exe
  C:\Windows\System\ktcuwmE.exe
  2⤵
  PID:6892
- C:\Windows\System\PCzLElL.exe
  C:\Windows\System\PCzLElL.exe
  2⤵
  PID:7020
- C:\Windows\System\dRARvdS.exe
  C:\Windows\System\dRARvdS.exe
  2⤵
  PID:7052
- C:\Windows\System\oZqAYJU.exe
  C:\Windows\System\oZqAYJU.exe
  2⤵
  PID:2848
- C:\Windows\System\iwlyLPV.exe
  C:\Windows\System\iwlyLPV.exe
  2⤵
  PID:6208
- C:\Windows\System\PSoGnWo.exe
  C:\Windows\System\PSoGnWo.exe
  2⤵
  PID:6372
- C:\Windows\System\fKKFoTf.exe
  C:\Windows\System\fKKFoTf.exe
  2⤵
  PID:6500
- C:\Windows\System\wVTrmri.exe
  C:\Windows\System\wVTrmri.exe
  2⤵
  PID:6652
- C:\Windows\System\EsVbmHq.exe
  C:\Windows\System\EsVbmHq.exe
  2⤵
  PID:6840
- C:\Windows\System\BDXnrrf.exe
  C:\Windows\System\BDXnrrf.exe
  2⤵
  PID:6940
- C:\Windows\System\XajTZyq.exe
  C:\Windows\System\XajTZyq.exe
  2⤵
  PID:7072
- C:\Windows\System\jEDyGPd.exe
  C:\Windows\System\jEDyGPd.exe
  2⤵
  PID:6684
- C:\Windows\System\dgCdrsi.exe
  C:\Windows\System\dgCdrsi.exe
  2⤵
  PID:6420
- C:\Windows\System\TMWCzij.exe
  C:\Windows\System\TMWCzij.exe
  2⤵
  PID:6772
- C:\Windows\System\XSqokwi.exe
  C:\Windows\System\XSqokwi.exe
  2⤵
  PID:7156
- C:\Windows\System\rnVSxhh.exe
  C:\Windows\System\rnVSxhh.exe
  2⤵
  PID:7180
- C:\Windows\System\aCYDeKO.exe
  C:\Windows\System\aCYDeKO.exe
  2⤵
  PID:7212
- C:\Windows\System\bdGrZWy.exe
  C:\Windows\System\bdGrZWy.exe
  2⤵
  PID:7236
- C:\Windows\System\yDaRorK.exe
  C:\Windows\System\yDaRorK.exe
  2⤵
  PID:7256
- C:\Windows\System\PEPoKtC.exe
  C:\Windows\System\PEPoKtC.exe
  2⤵
  PID:7312
- C:\Windows\System\uhNxJSM.exe
  C:\Windows\System\uhNxJSM.exe
  2⤵
  PID:7328
- C:\Windows\System\WDAKatQ.exe
  C:\Windows\System\WDAKatQ.exe
  2⤵
  PID:7372
- C:\Windows\System\RxwFCLa.exe
  C:\Windows\System\RxwFCLa.exe
  2⤵
  PID:7392
- C:\Windows\System\ESAoSEH.exe
  C:\Windows\System\ESAoSEH.exe
  2⤵
  PID:7412
- C:\Windows\System\LjtEpFS.exe
  C:\Windows\System\LjtEpFS.exe
  2⤵
  PID:7436
- C:\Windows\System\ynZuMBp.exe
  C:\Windows\System\ynZuMBp.exe
  2⤵
  PID:7464
- C:\Windows\System\AwHBmgp.exe
  C:\Windows\System\AwHBmgp.exe
  2⤵
  PID:7488
- C:\Windows\System\pxRUuvW.exe
  C:\Windows\System\pxRUuvW.exe
  2⤵
  PID:7512
- C:\Windows\System\fmBXIya.exe
  C:\Windows\System\fmBXIya.exe
  2⤵
  PID:7552
- C:\Windows\System\uAkTzXl.exe
  C:\Windows\System\uAkTzXl.exe
  2⤵
  PID:7588
- C:\Windows\System\QoOmMPD.exe
  C:\Windows\System\QoOmMPD.exe
  2⤵
  PID:7608
- C:\Windows\System\WLINpJw.exe
  C:\Windows\System\WLINpJw.exe
  2⤵
  PID:7632
- C:\Windows\System\ivSaYHi.exe
  C:\Windows\System\ivSaYHi.exe
  2⤵
  PID:7672
- C:\Windows\System\GdYaNwd.exe
  C:\Windows\System\GdYaNwd.exe
  2⤵
  PID:7700
- C:\Windows\System\WSgVJcI.exe
  C:\Windows\System\WSgVJcI.exe
  2⤵
  PID:7728
- C:\Windows\System\qlstdmT.exe
  C:\Windows\System\qlstdmT.exe
  2⤵
  PID:7748
- C:\Windows\System\cMbJEZf.exe
  C:\Windows\System\cMbJEZf.exe
  2⤵
  PID:7796
- C:\Windows\System\mZgkYMZ.exe
  C:\Windows\System\mZgkYMZ.exe
  2⤵
  PID:7812
- C:\Windows\System\UHPvtGc.exe
  C:\Windows\System\UHPvtGc.exe
  2⤵
  PID:7828
- C:\Windows\System\QykIuYh.exe
  C:\Windows\System\QykIuYh.exe
  2⤵
  PID:7868
- C:\Windows\System\oPJLYMT.exe
  C:\Windows\System\oPJLYMT.exe
  2⤵
  PID:7896
- C:\Windows\System\ErKYisq.exe
  C:\Windows\System\ErKYisq.exe
  2⤵
  PID:7920
- C:\Windows\System\aOPmqzv.exe
  C:\Windows\System\aOPmqzv.exe
  2⤵
  PID:7940
- C:\Windows\System\HevedRc.exe
  C:\Windows\System\HevedRc.exe
  2⤵
  PID:7960
- C:\Windows\System\KDEEjkj.exe
  C:\Windows\System\KDEEjkj.exe
  2⤵
  PID:7988
- C:\Windows\System\IXExREH.exe
  C:\Windows\System\IXExREH.exe
  2⤵
  PID:8040
- C:\Windows\System\INJRcIr.exe
  C:\Windows\System\INJRcIr.exe
  2⤵
  PID:8056
- C:\Windows\System\zfxCFIS.exe
  C:\Windows\System\zfxCFIS.exe
  2⤵
  PID:8080
- C:\Windows\System\QvCfyYz.exe
  C:\Windows\System\QvCfyYz.exe
  2⤵
  PID:8120
- C:\Windows\System\BMDkqXD.exe
  C:\Windows\System\BMDkqXD.exe
  2⤵
  PID:8140
- C:\Windows\System\bTdiBMt.exe
  C:\Windows\System\bTdiBMt.exe
  2⤵
  PID:8168
- C:\Windows\System\mxZLEql.exe
  C:\Windows\System\mxZLEql.exe
  2⤵
  PID:8188
- C:\Windows\System\EyChnqL.exe
  C:\Windows\System\EyChnqL.exe
  2⤵
  PID:7196
- C:\Windows\System\MGmlxjd.exe
  C:\Windows\System\MGmlxjd.exe
  2⤵
  PID:7228
- C:\Windows\System\aDQNgkX.exe
  C:\Windows\System\aDQNgkX.exe
  2⤵
  PID:7232
- C:\Windows\System\ndrrDzC.exe
  C:\Windows\System\ndrrDzC.exe
  2⤵
  PID:7456
- C:\Windows\System\pNKPpAC.exe
  C:\Windows\System\pNKPpAC.exe
  2⤵
  PID:7472
- C:\Windows\System\wqoWPjf.exe
  C:\Windows\System\wqoWPjf.exe
  2⤵
  PID:7568
- C:\Windows\System\bCiruuj.exe
  C:\Windows\System\bCiruuj.exe
  2⤵
  PID:7624
- C:\Windows\System\FpxAxjE.exe
  C:\Windows\System\FpxAxjE.exe
  2⤵
  PID:7696
- C:\Windows\System\owRRcBz.exe
  C:\Windows\System\owRRcBz.exe
  2⤵
  PID:7720
- C:\Windows\System\DUyxGGr.exe
  C:\Windows\System\DUyxGGr.exe
  2⤵
  PID:7804
- C:\Windows\System\oiTIfZI.exe
  C:\Windows\System\oiTIfZI.exe
  2⤵
  PID:7884
- C:\Windows\System\JeUmfGq.exe
  C:\Windows\System\JeUmfGq.exe
  2⤵
  PID:7916
- C:\Windows\System\siDgEKd.exe
  C:\Windows\System\siDgEKd.exe
  2⤵
  PID:7980
- C:\Windows\System\TNnTaOy.exe
  C:\Windows\System\TNnTaOy.exe
  2⤵
  PID:8036
- C:\Windows\System\vXaIXIy.exe
  C:\Windows\System\vXaIXIy.exe
  2⤵
  PID:8148
- C:\Windows\System\tehGzeQ.exe
  C:\Windows\System\tehGzeQ.exe
  2⤵
  PID:8176
- C:\Windows\System\pKxZzIN.exe
  C:\Windows\System\pKxZzIN.exe
  2⤵
  PID:7404
- C:\Windows\System\HleePTP.exe
  C:\Windows\System\HleePTP.exe
  2⤵
  PID:7400
- C:\Windows\System\SUndAFW.exe
  C:\Windows\System\SUndAFW.exe
  2⤵
  PID:7532
- C:\Windows\System\znktrtr.exe
  C:\Windows\System\znktrtr.exe
  2⤵
  PID:7604
- C:\Windows\System\rWWhZjz.exe
  C:\Windows\System\rWWhZjz.exe
  2⤵
  PID:7744
- C:\Windows\System\GxHuaep.exe
  C:\Windows\System\GxHuaep.exe
  2⤵
  PID:7932
- C:\Windows\System\ttzTDen.exe
  C:\Windows\System\ttzTDen.exe
  2⤵
  PID:6308
- C:\Windows\System\cUutgyH.exe
  C:\Windows\System\cUutgyH.exe
  2⤵
  PID:7520
- C:\Windows\System\ThBkqwr.exe
  C:\Windows\System\ThBkqwr.exe
  2⤵
  PID:7268
- C:\Windows\System\rOoriNa.exe
  C:\Windows\System\rOoriNa.exe
  2⤵
  PID:8208
- C:\Windows\System\MzwZfJE.exe
  C:\Windows\System\MzwZfJE.exe
  2⤵
  PID:8244
- C:\Windows\System\mIrdgGB.exe
  C:\Windows\System\mIrdgGB.exe
  2⤵
  PID:8288
- C:\Windows\System\cKhTtLu.exe
  C:\Windows\System\cKhTtLu.exe
  2⤵
  PID:8320
- C:\Windows\System\vSpDAXV.exe
  C:\Windows\System\vSpDAXV.exe
  2⤵
  PID:8348
- C:\Windows\System\kRnnQBd.exe
  C:\Windows\System\kRnnQBd.exe
  2⤵
  PID:8372
- C:\Windows\System\vVhoNpW.exe
  C:\Windows\System\vVhoNpW.exe
  2⤵
  PID:8392
- C:\Windows\System\RQcIpYg.exe
  C:\Windows\System\RQcIpYg.exe
  2⤵
  PID:8420
- C:\Windows\System\lRrLVki.exe
  C:\Windows\System\lRrLVki.exe
  2⤵
  PID:8444
- C:\Windows\System\QskKONt.exe
  C:\Windows\System\QskKONt.exe
  2⤵
  PID:8464
- C:\Windows\System\cxvRuJC.exe
  C:\Windows\System\cxvRuJC.exe
  2⤵
  PID:8500
- C:\Windows\System\MHnGrao.exe
  C:\Windows\System\MHnGrao.exe
  2⤵
  PID:8520
- C:\Windows\System\HcgLddv.exe
  C:\Windows\System\HcgLddv.exe
  2⤵
  PID:8544
- C:\Windows\System\ANzllcW.exe
  C:\Windows\System\ANzllcW.exe
  2⤵
  PID:8568
- C:\Windows\System\EAagvIo.exe
  C:\Windows\System\EAagvIo.exe
  2⤵
  PID:8624
- C:\Windows\System\XDeZTOt.exe
  C:\Windows\System\XDeZTOt.exe
  2⤵
  PID:8644
- C:\Windows\System\tOlafoP.exe
  C:\Windows\System\tOlafoP.exe
  2⤵
  PID:8696
- C:\Windows\System\hMUQHha.exe
  C:\Windows\System\hMUQHha.exe
  2⤵
  PID:8720
- C:\Windows\System\wIfFlMp.exe
  C:\Windows\System\wIfFlMp.exe
  2⤵
  PID:8752
- C:\Windows\System\hBbxkdT.exe
  C:\Windows\System\hBbxkdT.exe
  2⤵
  PID:8776
- C:\Windows\System\vGDsanh.exe
  C:\Windows\System\vGDsanh.exe
  2⤵
  PID:8796
- C:\Windows\System\yWuwAKZ.exe
  C:\Windows\System\yWuwAKZ.exe
  2⤵
  PID:8840
- C:\Windows\System\ZZKxGmQ.exe
  C:\Windows\System\ZZKxGmQ.exe
  2⤵
  PID:8880
- C:\Windows\System\IjPuvhc.exe
  C:\Windows\System\IjPuvhc.exe
  2⤵
  PID:8904
- C:\Windows\System\eIMIwCf.exe
  C:\Windows\System\eIMIwCf.exe
  2⤵
  PID:8924
- C:\Windows\System\kKsSPfD.exe
  C:\Windows\System\kKsSPfD.exe
  2⤵
  PID:8956
- C:\Windows\System\FvmabGP.exe
  C:\Windows\System\FvmabGP.exe
  2⤵
  PID:8980
- C:\Windows\System\pjxIigB.exe
  C:\Windows\System\pjxIigB.exe
  2⤵
  PID:9008
- C:\Windows\System\TIXQZkj.exe
  C:\Windows\System\TIXQZkj.exe
  2⤵
  PID:9032
- C:\Windows\System\hxVjAxS.exe
  C:\Windows\System\hxVjAxS.exe
  2⤵
  PID:9076
- C:\Windows\System\HmNOMZa.exe
  C:\Windows\System\HmNOMZa.exe
  2⤵
  PID:9104
- C:\Windows\System\Lkokmdf.exe
  C:\Windows\System\Lkokmdf.exe
  2⤵
  PID:9120
- C:\Windows\System\dLPyTXb.exe
  C:\Windows\System\dLPyTXb.exe
  2⤵
  PID:9144
- C:\Windows\System\jCFauSc.exe
  C:\Windows\System\jCFauSc.exe
  2⤵
  PID:9192
- C:\Windows\System\sKbaiEa.exe
  C:\Windows\System\sKbaiEa.exe
  2⤵
  PID:7860
- C:\Windows\System\ajlXaMO.exe
  C:\Windows\System\ajlXaMO.exe
  2⤵
  PID:7952
- C:\Windows\System\KziKyLS.exe
  C:\Windows\System\KziKyLS.exe
  2⤵
  PID:8240
- C:\Windows\System\fclftCG.exe
  C:\Windows\System\fclftCG.exe
  2⤵
  PID:8268
- C:\Windows\System\QlHuKVx.exe
  C:\Windows\System\QlHuKVx.exe
  2⤵
  PID:8336
- C:\Windows\System\gzMWKmf.exe
  C:\Windows\System\gzMWKmf.exe
  2⤵
  PID:8316
- C:\Windows\System\XlEgtMb.exe
  C:\Windows\System\XlEgtMb.exe
  2⤵
  PID:8416
- C:\Windows\System\WgfXisK.exe
  C:\Windows\System\WgfXisK.exe
  2⤵
  PID:8512
- C:\Windows\System\bsrwmpr.exe
  C:\Windows\System\bsrwmpr.exe
  2⤵
  PID:8560
- C:\Windows\System\sbgpysW.exe
  C:\Windows\System\sbgpysW.exe
  2⤵
  PID:8584
- C:\Windows\System\cSRnfgU.exe
  C:\Windows\System\cSRnfgU.exe
  2⤵
  PID:8656
- C:\Windows\System\DPFHSYj.exe
  C:\Windows\System\DPFHSYj.exe
  2⤵
  PID:8712
- C:\Windows\System\IJwVEZF.exe
  C:\Windows\System\IJwVEZF.exe
  2⤵
  PID:8900
- C:\Windows\System\IuTLXVN.exe
  C:\Windows\System\IuTLXVN.exe
  2⤵
  PID:8964
- C:\Windows\System\QxwXRfj.exe
  C:\Windows\System\QxwXRfj.exe
  2⤵
  PID:8976
- C:\Windows\System\AKqimUt.exe
  C:\Windows\System\AKqimUt.exe
  2⤵
  PID:9096
- C:\Windows\System\HZCdhAv.exe
  C:\Windows\System\HZCdhAv.exe
  2⤵
  PID:9100
- C:\Windows\System\HQPEhyc.exe
  C:\Windows\System\HQPEhyc.exe
  2⤵
  PID:7668
- C:\Windows\System\RwmXYUm.exe
  C:\Windows\System\RwmXYUm.exe
  2⤵
  PID:8280
- C:\Windows\System\lhElkXY.exe
  C:\Windows\System\lhElkXY.exe
  2⤵
  PID:4720
- C:\Windows\System\ilAxfOy.exe
  C:\Windows\System\ilAxfOy.exe
  2⤵
  PID:8456
- C:\Windows\System\KHMkrbq.exe
  C:\Windows\System\KHMkrbq.exe
  2⤵
  PID:8552
- C:\Windows\System\TdsEIzx.exe
  C:\Windows\System\TdsEIzx.exe
  2⤵
  PID:8704
- C:\Windows\System\TEytEMu.exe
  C:\Windows\System\TEytEMu.exe
  2⤵
  PID:8920
- C:\Windows\System\KQUbfQv.exe
  C:\Windows\System\KQUbfQv.exe
  2⤵
  PID:8972
- C:\Windows\System\CwzlLvu.exe
  C:\Windows\System\CwzlLvu.exe
  2⤵
  PID:9088
- C:\Windows\System\AqiKlaI.exe
  C:\Windows\System\AqiKlaI.exe
  2⤵
  PID:9164
- C:\Windows\System\QmnepSm.exe
  C:\Windows\System\QmnepSm.exe
  2⤵
  PID:8640
- C:\Windows\System\bICeUPZ.exe
  C:\Windows\System\bICeUPZ.exe
  2⤵
  PID:8896
- C:\Windows\System\XFePKCd.exe
  C:\Windows\System\XFePKCd.exe
  2⤵
  PID:9256
- C:\Windows\System\TsjqnPD.exe
  C:\Windows\System\TsjqnPD.exe
  2⤵
  PID:9288
- C:\Windows\System\mvIugjI.exe
  C:\Windows\System\mvIugjI.exe
  2⤵
  PID:9324
- C:\Windows\System\cdIDWpF.exe
  C:\Windows\System\cdIDWpF.exe
  2⤵
  PID:9348
- C:\Windows\System\CfzoWZg.exe
  C:\Windows\System\CfzoWZg.exe
  2⤵
  PID:9412
- C:\Windows\System\ICabydo.exe
  C:\Windows\System\ICabydo.exe
  2⤵
  PID:9432
- C:\Windows\System\iYAHCyP.exe
  C:\Windows\System\iYAHCyP.exe
  2⤵
  PID:9516
- C:\Windows\System\EgnGiEY.exe
  C:\Windows\System\EgnGiEY.exe
  2⤵
  PID:9532
- C:\Windows\System\hzdLJsQ.exe
  C:\Windows\System\hzdLJsQ.exe
  2⤵
  PID:9600
- C:\Windows\System\kNUzySn.exe
  C:\Windows\System\kNUzySn.exe
  2⤵
  PID:9616
- C:\Windows\System\wmOmypE.exe
  C:\Windows\System\wmOmypE.exe
  2⤵
  PID:9632
- C:\Windows\System\PGEKBox.exe
  C:\Windows\System\PGEKBox.exe
  2⤵
  PID:9648
- C:\Windows\System\hsVrfCp.exe
  C:\Windows\System\hsVrfCp.exe
  2⤵
  PID:9664
- C:\Windows\System\moDsIiG.exe
  C:\Windows\System\moDsIiG.exe
  2⤵
  PID:9680
- C:\Windows\System\DHfSdsx.exe
  C:\Windows\System\DHfSdsx.exe
  2⤵
  PID:9696
- C:\Windows\System\DkQTyTE.exe
  C:\Windows\System\DkQTyTE.exe
  2⤵
  PID:9712
- C:\Windows\System\GIdoheV.exe
  C:\Windows\System\GIdoheV.exe
  2⤵
  PID:9728
- C:\Windows\System\sposMFT.exe
  C:\Windows\System\sposMFT.exe
  2⤵
  PID:9744
- C:\Windows\System\ULFCaBd.exe
  C:\Windows\System\ULFCaBd.exe
  2⤵
  PID:9760
- C:\Windows\System\OcMatce.exe
  C:\Windows\System\OcMatce.exe
  2⤵
  PID:9776
- C:\Windows\System\MbJCvCO.exe
  C:\Windows\System\MbJCvCO.exe
  2⤵
  PID:9792
- C:\Windows\System\SCKeWIu.exe
  C:\Windows\System\SCKeWIu.exe
  2⤵
  PID:9812
- C:\Windows\System\uHskEAF.exe
  C:\Windows\System\uHskEAF.exe
  2⤵
  PID:9832
- C:\Windows\System\UCWwBiM.exe
  C:\Windows\System\UCWwBiM.exe
  2⤵
  PID:9864
- C:\Windows\System\FOFfxLF.exe
  C:\Windows\System\FOFfxLF.exe
  2⤵
  PID:9936
- C:\Windows\System\SpdDGww.exe
  C:\Windows\System\SpdDGww.exe
  2⤵
  PID:9960
- C:\Windows\System\yUDsthU.exe
  C:\Windows\System\yUDsthU.exe
  2⤵
  PID:9984
- C:\Windows\System\XIzAPGT.exe
  C:\Windows\System\XIzAPGT.exe
  2⤵
  PID:10004
- C:\Windows\System\iFPTKDq.exe
  C:\Windows\System\iFPTKDq.exe
  2⤵
  PID:10120
- C:\Windows\System\NNzAIQo.exe
  C:\Windows\System\NNzAIQo.exe
  2⤵
  PID:10144
- C:\Windows\System\LekPTmQ.exe
  C:\Windows\System\LekPTmQ.exe
  2⤵
  PID:8200
- C:\Windows\System\PXnAwwn.exe
  C:\Windows\System\PXnAwwn.exe
  2⤵
  PID:9248
- C:\Windows\System\ynjvlbT.exe
  C:\Windows\System\ynjvlbT.exe
  2⤵
  PID:9280
- C:\Windows\System\rcisbUp.exe
  C:\Windows\System\rcisbUp.exe
  2⤵
  PID:9320
- C:\Windows\System\hWXjzsC.exe
  C:\Windows\System\hWXjzsC.exe
  2⤵
  PID:9424
- C:\Windows\System\eBuXmYO.exe
  C:\Windows\System\eBuXmYO.exe
  2⤵
  PID:9464
- C:\Windows\System\YdKCcCM.exe
  C:\Windows\System\YdKCcCM.exe
  2⤵
  PID:9484
- C:\Windows\System\AkiNOIq.exe
  C:\Windows\System\AkiNOIq.exe
  2⤵
  PID:9460
- C:\Windows\System\SlTedat.exe
  C:\Windows\System\SlTedat.exe
  2⤵
  PID:9584
- C:\Windows\System\jqpHJcF.exe
  C:\Windows\System\jqpHJcF.exe
  2⤵
  PID:9656
- C:\Windows\System\JDoXYcT.exe
  C:\Windows\System\JDoXYcT.exe
  2⤵
  PID:9556
- C:\Windows\System\ixXwPfC.exe
  C:\Windows\System\ixXwPfC.exe
  2⤵
  PID:9580
- C:\Windows\System\foheIqG.exe
  C:\Windows\System\foheIqG.exe
  2⤵
  PID:9824
- C:\Windows\System\ohpKVsU.exe
  C:\Windows\System\ohpKVsU.exe
  2⤵
  PID:9708
- C:\Windows\System\TrXQxso.exe
  C:\Windows\System\TrXQxso.exe
  2⤵
  PID:9772
- C:\Windows\System\uKlzvON.exe
  C:\Windows\System\uKlzvON.exe
  2⤵
  PID:9952
- C:\Windows\System\KdAGahW.exe
  C:\Windows\System\KdAGahW.exe
  2⤵
  PID:9880
- C:\Windows\System\neJdnCA.exe
  C:\Windows\System\neJdnCA.exe
  2⤵
  PID:9912
- C:\Windows\System\dSLGtyn.exe
  C:\Windows\System\dSLGtyn.exe
  2⤵
  PID:10136
- C:\Windows\System\FSHMNXZ.exe
  C:\Windows\System\FSHMNXZ.exe
  2⤵
  PID:10064
- C:\Windows\System\dpUIMYj.exe
  C:\Windows\System\dpUIMYj.exe
  2⤵
  PID:8744
- C:\Windows\System\aPiIDmB.exe
  C:\Windows\System\aPiIDmB.exe
  2⤵
  PID:9448
- C:\Windows\System\aPbqEQv.exe
  C:\Windows\System\aPbqEQv.exe
  2⤵
  PID:9440
- C:\Windows\System\ptboSnb.exe
  C:\Windows\System\ptboSnb.exe
  2⤵
  PID:9476
- C:\Windows\System\udPMosZ.exe
  C:\Windows\System\udPMosZ.exe
  2⤵
  PID:9628
- C:\Windows\System\ugDbcpn.exe
  C:\Windows\System\ugDbcpn.exe
  2⤵
  PID:9704
- C:\Windows\System\BPxrnbk.exe
  C:\Windows\System\BPxrnbk.exe
  2⤵
  PID:9900
- C:\Windows\System\zfDjPSx.exe
  C:\Windows\System\zfDjPSx.exe
  2⤵
  PID:9980
- C:\Windows\System\GQRiocn.exe
  C:\Windows\System\GQRiocn.exe
  2⤵
  PID:8672
- C:\Windows\System\gpKBLwR.exe
  C:\Windows\System\gpKBLwR.exe
  2⤵
  PID:9364
- C:\Windows\System\wUZjSNw.exe
  C:\Windows\System\wUZjSNw.exe
  2⤵
  PID:9400
- C:\Windows\System\ACfOTXT.exe
  C:\Windows\System\ACfOTXT.exe
  2⤵
  PID:9540
- C:\Windows\System\efIyRRH.exe
  C:\Windows\System\efIyRRH.exe
  2⤵
  PID:9344
- C:\Windows\System\vuPhtMp.exe
  C:\Windows\System\vuPhtMp.exe
  2⤵
  PID:10244
- C:\Windows\System\QkqLZEz.exe
  C:\Windows\System\QkqLZEz.exe
  2⤵
  PID:10268
- C:\Windows\System\FYXLSDO.exe
  C:\Windows\System\FYXLSDO.exe
  2⤵
  PID:10288
- C:\Windows\System\eGcgOiE.exe
  C:\Windows\System\eGcgOiE.exe
  2⤵
  PID:10312
- C:\Windows\System\zZraoUe.exe
  C:\Windows\System\zZraoUe.exe
  2⤵
  PID:10352
- C:\Windows\System\sCmAsZx.exe
  C:\Windows\System\sCmAsZx.exe
  2⤵
  PID:10380
- C:\Windows\System\PCWnodI.exe
  C:\Windows\System\PCWnodI.exe
  2⤵
  PID:10400
- C:\Windows\System\HjmZWyX.exe
  C:\Windows\System\HjmZWyX.exe
  2⤵
  PID:10440
- C:\Windows\System\QYCeEGY.exe
  C:\Windows\System\QYCeEGY.exe
  2⤵
  PID:10472
- C:\Windows\System\DNteFMA.exe
  C:\Windows\System\DNteFMA.exe
  2⤵
  PID:10492
- C:\Windows\System\PhRkcvm.exe
  C:\Windows\System\PhRkcvm.exe
  2⤵
  PID:10512
- C:\Windows\System\WALPyNs.exe
  C:\Windows\System\WALPyNs.exe
  2⤵
  PID:10536
- C:\Windows\System\TbMfsTN.exe
  C:\Windows\System\TbMfsTN.exe
  2⤵
  PID:10576
- C:\Windows\System\WvkBIBk.exe
  C:\Windows\System\WvkBIBk.exe
  2⤵
  PID:10600
- C:\Windows\System\DfIRkwd.exe
  C:\Windows\System\DfIRkwd.exe
  2⤵
  PID:10624
- C:\Windows\System\OtdSjuH.exe
  C:\Windows\System\OtdSjuH.exe
  2⤵
  PID:10672
- C:\Windows\System\VRrMTCm.exe
  C:\Windows\System\VRrMTCm.exe
  2⤵
  PID:10692
- C:\Windows\System\RkCGHEy.exe
  C:\Windows\System\RkCGHEy.exe
  2⤵
  PID:10716
- C:\Windows\System\ntugbFv.exe
  C:\Windows\System\ntugbFv.exe
  2⤵
  PID:10732
- C:\Windows\System\AdwIQlB.exe
  C:\Windows\System\AdwIQlB.exe
  2⤵
  PID:10772
- C:\Windows\System\nssHxCk.exe
  C:\Windows\System\nssHxCk.exe
  2⤵
  PID:10812
- C:\Windows\System\jPslnlz.exe
  C:\Windows\System\jPslnlz.exe
  2⤵
  PID:10832
- C:\Windows\System\iBmENJj.exe
  C:\Windows\System\iBmENJj.exe
  2⤵
  PID:10856
- C:\Windows\System\FhHerZX.exe
  C:\Windows\System\FhHerZX.exe
  2⤵
  PID:10872
- C:\Windows\System\asmlBhq.exe
  C:\Windows\System\asmlBhq.exe
  2⤵
  PID:10900
- C:\Windows\System\BDqEupO.exe
  C:\Windows\System\BDqEupO.exe
  2⤵
  PID:10924
- C:\Windows\System\KneUCVA.exe
  C:\Windows\System\KneUCVA.exe
  2⤵
  PID:10944
- C:\Windows\System\JVgTGUJ.exe
  C:\Windows\System\JVgTGUJ.exe
  2⤵
  PID:10972
- C:\Windows\System\Ifjajbe.exe
  C:\Windows\System\Ifjajbe.exe
  2⤵
  PID:11000
- C:\Windows\System\qrZMcNZ.exe
  C:\Windows\System\qrZMcNZ.exe
  2⤵
  PID:11016
- C:\Windows\System\jdaYuON.exe
  C:\Windows\System\jdaYuON.exe
  2⤵
  PID:11056
- C:\Windows\System\xQrkoiN.exe
  C:\Windows\System\xQrkoiN.exe
  2⤵
  PID:11080
- C:\Windows\System\GyKoaPO.exe
  C:\Windows\System\GyKoaPO.exe
  2⤵
  PID:11124
- C:\Windows\System\iCMjYuf.exe
  C:\Windows\System\iCMjYuf.exe
  2⤵
  PID:11144
- C:\Windows\System\XjyAsNG.exe
  C:\Windows\System\XjyAsNG.exe
  2⤵
  PID:11176
- C:\Windows\System\cZspQoE.exe
  C:\Windows\System\cZspQoE.exe
  2⤵
  PID:11208
- C:\Windows\System\qCpgFuU.exe
  C:\Windows\System\qCpgFuU.exe
  2⤵
  PID:11228
- C:\Windows\System\KIjHfwE.exe
  C:\Windows\System\KIjHfwE.exe
  2⤵
  PID:11252
- C:\Windows\System\oqmvGGe.exe
  C:\Windows\System\oqmvGGe.exe
  2⤵
  PID:9740
- C:\Windows\System\JrJzQmL.exe
  C:\Windows\System\JrJzQmL.exe
  2⤵
  PID:10284
- C:\Windows\System\JtwyKtO.exe
  C:\Windows\System\JtwyKtO.exe
  2⤵
  PID:10424
- C:\Windows\System\QfUtlDY.exe
  C:\Windows\System\QfUtlDY.exe
  2⤵
  PID:10488
- C:\Windows\System\waSqamx.exe
  C:\Windows\System\waSqamx.exe
  2⤵
  PID:10528
- C:\Windows\System\eTZVRqS.exe
  C:\Windows\System\eTZVRqS.exe
  2⤵
  PID:10560
- C:\Windows\System\bGuXAky.exe
  C:\Windows\System\bGuXAky.exe
  2⤵
  PID:10616
- C:\Windows\System\tcyexbF.exe
  C:\Windows\System\tcyexbF.exe
  2⤵
  PID:10684
- C:\Windows\System\xUUtOVa.exe
  C:\Windows\System\xUUtOVa.exe
  2⤵
  PID:10804
- C:\Windows\System\QoDXZRz.exe
  C:\Windows\System\QoDXZRz.exe
  2⤵
  PID:10864
- C:\Windows\System\BDeLdSq.exe
  C:\Windows\System\BDeLdSq.exe
  2⤵
  PID:10932
- C:\Windows\System\vaCgPkB.exe
  C:\Windows\System\vaCgPkB.exe
  2⤵
  PID:10992
- C:\Windows\System\WMebGCJ.exe
  C:\Windows\System\WMebGCJ.exe
  2⤵
  PID:11072
- C:\Windows\System\BqUryRl.exe
  C:\Windows\System\BqUryRl.exe
  2⤵
  PID:11140
- C:\Windows\System\jQFbQSz.exe
  C:\Windows\System\jQFbQSz.exe
  2⤵
  PID:11244
- C:\Windows\System\gPsrhCs.exe
  C:\Windows\System\gPsrhCs.exe
  2⤵
  PID:11200
- C:\Windows\System\uaLUDTp.exe
  C:\Windows\System\uaLUDTp.exe
  2⤵
  PID:10360
- C:\Windows\System\XZyyhdY.exe
  C:\Windows\System\XZyyhdY.exe
  2⤵
  PID:10436
- C:\Windows\System\qJsqMwi.exe
  C:\Windows\System\qJsqMwi.exe
  2⤵
  PID:10652
- C:\Windows\System\puxLPkG.exe
  C:\Windows\System\puxLPkG.exe
  2⤵
  PID:10756
- C:\Windows\System\XleJUJp.exe
  C:\Windows\System\XleJUJp.exe
  2⤵
  PID:10984
- C:\Windows\System\GLubAWI.exe
  C:\Windows\System\GLubAWI.exe
  2⤵
  PID:11040
- C:\Windows\System\LQGzHyT.exe
  C:\Windows\System\LQGzHyT.exe
  2⤵
  PID:11184
- C:\Windows\System\LJHnyjd.exe
  C:\Windows\System\LJHnyjd.exe
  2⤵
  PID:11216
- C:\Windows\System\qeYSJVP.exe
  C:\Windows\System\qeYSJVP.exe
  2⤵
  PID:10940
- C:\Windows\System\zqClvib.exe
  C:\Windows\System\zqClvib.exe
  2⤵
  PID:11136
- C:\Windows\System\qWUiAMH.exe
  C:\Windows\System\qWUiAMH.exe
  2⤵
  PID:10464
- C:\Windows\System\DGNzzMW.exe
  C:\Windows\System\DGNzzMW.exe
  2⤵
  PID:11312
- C:\Windows\System\AxfnOIt.exe
  C:\Windows\System\AxfnOIt.exe
  2⤵
  PID:11332
- C:\Windows\System\UNqhbSA.exe
  C:\Windows\System\UNqhbSA.exe
  2⤵
  PID:11356
- C:\Windows\System\rcxthID.exe
  C:\Windows\System\rcxthID.exe
  2⤵
  PID:11380
- C:\Windows\System\hJxucIB.exe
  C:\Windows\System\hJxucIB.exe
  2⤵
  PID:11404
- C:\Windows\System\EMBwhRh.exe
  C:\Windows\System\EMBwhRh.exe
  2⤵
  PID:11452
- C:\Windows\System\cYkxnuH.exe
  C:\Windows\System\cYkxnuH.exe
  2⤵
  PID:11472
- C:\Windows\System\UVFUsTf.exe
  C:\Windows\System\UVFUsTf.exe
  2⤵
  PID:11500
- C:\Windows\System\mJsqEVB.exe
  C:\Windows\System\mJsqEVB.exe
  2⤵
  PID:11520
- C:\Windows\System\NXnzUfs.exe
  C:\Windows\System\NXnzUfs.exe
  2⤵
  PID:11548
- C:\Windows\System\KgPYFjw.exe
  C:\Windows\System\KgPYFjw.exe
  2⤵
  PID:11576
- C:\Windows\System\cLisikl.exe
  C:\Windows\System\cLisikl.exe
  2⤵
  PID:11600
- C:\Windows\System\iaMyLAT.exe
  C:\Windows\System\iaMyLAT.exe
  2⤵
  PID:11640
- C:\Windows\System\NJEajsl.exe
  C:\Windows\System\NJEajsl.exe
  2⤵
  PID:11656
- C:\Windows\System\xlKlqsY.exe
  C:\Windows\System\xlKlqsY.exe
  2⤵
  PID:11680
- C:\Windows\System\LYGGpkc.exe
  C:\Windows\System\LYGGpkc.exe
  2⤵
  PID:11700
- C:\Windows\System\Pvvpwnb.exe
  C:\Windows\System\Pvvpwnb.exe
  2⤵
  PID:11720
- C:\Windows\System\KmemzTQ.exe
  C:\Windows\System\KmemzTQ.exe
  2⤵
  PID:11740
- C:\Windows\System\yvRfOjy.exe
  C:\Windows\System\yvRfOjy.exe
  2⤵
  PID:11760
- C:\Windows\System\dHGkYoX.exe
  C:\Windows\System\dHGkYoX.exe
  2⤵
  PID:11784
- C:\Windows\System\hLwXUJc.exe
  C:\Windows\System\hLwXUJc.exe
  2⤵
  PID:11808
- C:\Windows\System\ogizQoN.exe
  C:\Windows\System\ogizQoN.exe
  2⤵
  PID:11848
- C:\Windows\System\kFTTqqs.exe
  C:\Windows\System\kFTTqqs.exe
  2⤵
  PID:11892
- C:\Windows\System\YnmjoCX.exe
  C:\Windows\System\YnmjoCX.exe
  2⤵
  PID:11912
- C:\Windows\System\KYdustV.exe
  C:\Windows\System\KYdustV.exe
  2⤵
  PID:11968
- C:\Windows\System\lCkjYhL.exe
  C:\Windows\System\lCkjYhL.exe
  2⤵
  PID:12000
- C:\Windows\System\KKBmMIm.exe
  C:\Windows\System\KKBmMIm.exe
  2⤵
  PID:12028
- C:\Windows\System\WiNErVj.exe
  C:\Windows\System\WiNErVj.exe
  2⤵
  PID:12056
- C:\Windows\System\CfUUErL.exe
  C:\Windows\System\CfUUErL.exe
  2⤵
  PID:12076
- C:\Windows\System\owIUYBz.exe
  C:\Windows\System\owIUYBz.exe
  2⤵
  PID:12100
- C:\Windows\System\CTHMrtp.exe
  C:\Windows\System\CTHMrtp.exe
  2⤵
  PID:12128
- C:\Windows\System\NeBLecw.exe
  C:\Windows\System\NeBLecw.exe
  2⤵
  PID:12164
- C:\Windows\System\gsUaTWo.exe
  C:\Windows\System\gsUaTWo.exe
  2⤵
  PID:12184
- C:\Windows\System\oebHTYK.exe
  C:\Windows\System\oebHTYK.exe
  2⤵
  PID:12208
- C:\Windows\System\ovDetpT.exe
  C:\Windows\System\ovDetpT.exe
  2⤵
  PID:12268
- C:\Windows\System\HmGdUxJ.exe
  C:\Windows\System\HmGdUxJ.exe
  2⤵
  PID:10712
- C:\Windows\System\jMgKYxv.exe
  C:\Windows\System\jMgKYxv.exe
  2⤵
  PID:11304
- C:\Windows\System\RSYlNNH.exe
  C:\Windows\System\RSYlNNH.exe
  2⤵
  PID:11376
- C:\Windows\System\ADkCQBf.exe
  C:\Windows\System\ADkCQBf.exe
  2⤵
  PID:11424
- C:\Windows\System\qAEURyb.exe
  C:\Windows\System\qAEURyb.exe
  2⤵
  PID:11468
- C:\Windows\System\EtWOKjF.exe
  C:\Windows\System\EtWOKjF.exe
  2⤵
  PID:11556
- C:\Windows\System\ScerPwC.exe
  C:\Windows\System\ScerPwC.exe
  2⤵
  PID:11588
- C:\Windows\System\WVIjqqr.exe
  C:\Windows\System\WVIjqqr.exe
  2⤵
  PID:11672
- C:\Windows\System\nVuwHSV.exe
  C:\Windows\System\nVuwHSV.exe
  2⤵
  PID:11796
- C:\Windows\System\jimyjFp.exe
  C:\Windows\System\jimyjFp.exe
  2⤵
  PID:11780
- C:\Windows\System\mutqJRF.exe
  C:\Windows\System\mutqJRF.exe
  2⤵
  PID:11880
- C:\Windows\System\bpbGNcL.exe
  C:\Windows\System\bpbGNcL.exe
  2⤵
  PID:3900
- C:\Windows\System\TqTOsyb.exe
  C:\Windows\System\TqTOsyb.exe
  2⤵
  PID:11956
- C:\Windows\System\owEzAYl.exe
  C:\Windows\System\owEzAYl.exe
  2⤵
  PID:12020
- C:\Windows\System\GQKwCFg.exe
  C:\Windows\System\GQKwCFg.exe
  2⤵
  PID:12036
- C:\Windows\System\uzXRgDg.exe
  C:\Windows\System\uzXRgDg.exe
  2⤵
  PID:12108
- C:\Windows\System\WgPmJYe.exe
  C:\Windows\System\WgPmJYe.exe
  2⤵
  PID:12156
- C:\Windows\System\SYSRTGr.exe
  C:\Windows\System\SYSRTGr.exe
  2⤵
  PID:12256
- C:\Windows\System\JiCIQNH.exe
  C:\Windows\System\JiCIQNH.exe
  2⤵
  PID:11276
- C:\Windows\System\PzSmLYe.exe
  C:\Windows\System\PzSmLYe.exe
  2⤵
  PID:11388
- C:\Windows\System\enBIVhx.exe
  C:\Windows\System\enBIVhx.exe
  2⤵
  PID:11492
- C:\Windows\System\XQkuCPY.exe
  C:\Windows\System\XQkuCPY.exe
  2⤵
  PID:11768
- C:\Windows\System\aQiZySG.exe
  C:\Windows\System\aQiZySG.exe
  2⤵
  PID:11924
- C:\Windows\System\MdpIacu.exe
  C:\Windows\System\MdpIacu.exe
  2⤵
  PID:4984
- C:\Windows\System\sSqGSEW.exe
  C:\Windows\System\sSqGSEW.exe
  2⤵
  PID:12124
- C:\Windows\System\AkGmYYY.exe
  C:\Windows\System\AkGmYYY.exe
  2⤵
  PID:11544
- C:\Windows\System\RYufrVL.exe
  C:\Windows\System\RYufrVL.exe
  2⤵
  PID:11348
- C:\Windows\System\phMVjnO.exe
  C:\Windows\System\phMVjnO.exe
  2⤵
  PID:10748
- C:\Windows\System\tyayErR.exe
  C:\Windows\System\tyayErR.exe
  2⤵
  PID:11904
- C:\Windows\System\cQCWWMy.exe
  C:\Windows\System\cQCWWMy.exe
  2⤵
  PID:12200
- C:\Windows\System\WOwwEjR.exe
  C:\Windows\System\WOwwEjR.exe
  2⤵
  PID:11288
- C:\Windows\System\fuSDsQB.exe
  C:\Windows\System\fuSDsQB.exe
  2⤵
  PID:12308
- C:\Windows\System\dCxAOax.exe
  C:\Windows\System\dCxAOax.exe
  2⤵
  PID:12328
- C:\Windows\System\ShZimuL.exe
  C:\Windows\System\ShZimuL.exe
  2⤵
  PID:12352
- C:\Windows\System\qCSUmrS.exe
  C:\Windows\System\qCSUmrS.exe
  2⤵
  PID:12400
- C:\Windows\System\cjMXmYw.exe
  C:\Windows\System\cjMXmYw.exe
  2⤵
  PID:12440
- C:\Windows\System\cPBEZHl.exe
  C:\Windows\System\cPBEZHl.exe
  2⤵
  PID:12492
- C:\Windows\System\sORBbkr.exe
  C:\Windows\System\sORBbkr.exe
  2⤵
  PID:12520
- C:\Windows\System\HpxZaDc.exe
  C:\Windows\System\HpxZaDc.exe
  2⤵
  PID:12540
- C:\Windows\System\fwVMMOl.exe
  C:\Windows\System\fwVMMOl.exe
  2⤵
  PID:12560
- C:\Windows\System\vDviVCm.exe
  C:\Windows\System\vDviVCm.exe
  2⤵
  PID:12608
- C:\Windows\System\FmIJYFP.exe
  C:\Windows\System\FmIJYFP.exe
  2⤵
  PID:12624
- C:\Windows\System\cLGPhci.exe
  C:\Windows\System\cLGPhci.exe
  2⤵
  PID:12644
- C:\Windows\System\zmxdDAE.exe
  C:\Windows\System\zmxdDAE.exe
  2⤵
  PID:12668
- C:\Windows\System\tPOHVcL.exe
  C:\Windows\System\tPOHVcL.exe
  2⤵
  PID:12688
- C:\Windows\System\iRxPyXc.exe
  C:\Windows\System\iRxPyXc.exe
  2⤵
  PID:12712
- C:\Windows\System\cUSylRR.exe
  C:\Windows\System\cUSylRR.exe
  2⤵
  PID:12764
- C:\Windows\System\ePmSoNz.exe
  C:\Windows\System\ePmSoNz.exe
  2⤵
  PID:12780
- C:\Windows\System\QREFrgu.exe
  C:\Windows\System\QREFrgu.exe
  2⤵
  PID:12800

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_whet4dg2.sdp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CbrGxeD.exe

Filesize
1.9MB

MD5
e09607ccd1b5edddbe25cc6ea1ac11bf

SHA1
705349a30307b1e8c63c20390edfbfc93c58cb50

SHA256
d031edb09d2bc130f787cb5e42c135405f0a0ab335d79ea5d5b4f36afd123811

SHA512
35ca89b43177de9ba81b9c7f511f25437e64608cd91756c4bc4ff9bd85159ff9aa9939c2ce96446e613b4094241ed48f1455c48d736c68c7075cd82d1bedee74

Download Submit
C:\Windows\System\HItNtAV.exe

Filesize
1.9MB

MD5
db00c32efb37324f743def1d613e0296

SHA1
da43a3113b3410a613c35463affd70ef08c97e7f

SHA256
63bd9ebeaf9ac7aa8ea2fee62201934ac0b3d8cec123235ee6e5423228602962

SHA512
3392847d61f4be2dc1a5885876d341c513ced3306e8dc4eff9b3276d7ca12bad3fcd92ae8c0872ffb45c0cebf574f1d1d54c176c24e14ab0fcbc763931af9f24

Download Submit
C:\Windows\System\HWihHNk.exe

Filesize
1.9MB

MD5
95131b0ac8ba5cba071006ad5910a064

SHA1
7d2da4351c57516b9d64111c0e40b2501c3574e8

SHA256
94f247d62767731bd652bcc608097ec98f285b4856a294a5e8ac3ac87e9fbcbc

SHA512
f9855a70fd59209e0d2c8f597c2e7a37b28a1e8ace8eea243a3a34c7e3ab6d1e1eb8a77cb5388c6e1ad6d6520597f08252245e732facebc4c309c69740cddcbf

Download Submit
C:\Windows\System\IXmXkwY.exe

Filesize
1.9MB

MD5
370df7c088c0808775433c182198cdbe

SHA1
a9755a23cdc2f77f0b66ff29590215d6e0992a12

SHA256
f65e4ff9cc63ba8105a13fb8e2711c0d185149f1dfa95894b1682d0c21820735

SHA512
10481448dee20a4b8cdfcaec5db0b1979f4de7818185bbfe544e3891f70e7201f2390247444d8e0dc84051d895ff7c59236fe42183d3ab2ca8245c1faad73ef2

Download Submit
C:\Windows\System\IiTaQRE.exe

Filesize
1.9MB

MD5
7f19dc84a55a9931a361d6434464bc91

SHA1
b65cb52baabd1ef686d6abd21aa6fd6ff878c04c

SHA256
632cd9cadc36f0fef039bb1d502331663116e960528eabd1952d8c2c41a8644e

SHA512
62294dde0149ba83fd234a225a0cbb06cc681ef39c31bdb547d5c8651a590e3c65535100e3ec752dccbad073b2e75b8c11406a66842e899643ccb0da173e1582

Download Submit
C:\Windows\System\JDpLMlh.exe

Filesize
1.9MB

MD5
8503ff8780ae9bf1fa89a29b6dad5fa6

SHA1
9446f85c0998e50a1f031b5f0df1a289a5d21604

SHA256
8b5e63554cb501b2699a892b5404f6c2280069b41c162c4a3a77e362948c2fd0

SHA512
c7a345ae7f9d58164c1a0e566f09c4a321448a16b2540062f697cb7aabef1bf75d4ea3a9c3d710298eb1ed486ace9d09df32150d0c97e88840a31e2d512b1cc8

Download Submit
C:\Windows\System\JPOCXiE.exe

Filesize
1.8MB

MD5
189f5b4f9429321182da71ff3fb860f2

SHA1
8dbd811363de3781101e7f771d68a689b4e24c95

SHA256
58adfb634d3a82bcbb36bbefb7b1c7e723e54505f40e3c3a4978305272f29ad8

SHA512
de160f165f1072825c8a9b249f5456195924310a19fabb5cc40da7a1795bff26ec4c274bf4f99dede7598cfe12b397534ea5b136012097d6e5b89eca86d27b08

Download Submit
C:\Windows\System\LoJGKxR.exe

Filesize
1.9MB

MD5
d234eb3a80814ff50cdf302e3161b5db

SHA1
c74a2769f2aaf8e37f8ad88d6a67106ae8940c8c

SHA256
578f969ad5527baec2b0a3b9c82c57515bc19a21e05d11535bbfada542307659

SHA512
fce9adaf684f71122e9db48f4ae702cc99a375c0944729e18ef04d11dc785178a1b1658db76eb85d7a7548ff4af6e283f00c03f1fb4e487aca548338ace8e16f

Download Submit
C:\Windows\System\MWSsyJD.exe

Filesize
1.9MB

MD5
292bf4a3a81e4af9aa1366d4a0c8870f

SHA1
9ae9b1c2c679f535a8ce86fdb56bfd3324393e25

SHA256
1a004687f315ad2bba5e0ff60767774120cfec955e2eed5ace9c6bcf4f81ead4

SHA512
cfabd44a8820370537fee1b7c6dc892a92ac6bfb6fba30f5e330d98b41ab748297b461acb7fc0af835891cb13588ad40645540b7c468f99d34f4abd8dfe74265

Download Submit
C:\Windows\System\SKUaaYe.exe

Filesize
1.9MB

MD5
4b990bb865730da02dc440b9db4b0f85

SHA1
7eecb65c4e9ca5f2a984fb1eebafd8f7fd10d635

SHA256
35e0f45aeb95bd0aa09e995365b560a433631b018bf15616d82b4a9a5ab1bc3b

SHA512
ade454c23b010c2766cda3f5949ffe96597bbe87fb64bf053caff1b2704f5ecb86ee7ff34b1b7a3a43fb87706ceb121ffcbcec9ccdea12f87906468392fed282

Download Submit
C:\Windows\System\SdeAYxY.exe

Filesize
1.9MB

MD5
33b708274d2bfce7de7d0b3c0fe0ac7f

SHA1
f61c5cb98501b48281e0ec637c61b0f3ea1d30c1

SHA256
ecf28c279ce44c792768f90168e68e83e766b6c769e9cad25921334989b01558

SHA512
72ed82e7f40c74ac682c1474e626ced622deb2c4c8ea542545458b04362453a7c25de540a3f257ecb611be4d5191080f33663e9d8c6f8dbe3151785242d00777

Download Submit
C:\Windows\System\TczoJBK.exe

Filesize
1.9MB

MD5
605ef0c402086cedc9bdf3e1988d4fa3

SHA1
f08d957c8e2db0733c90ece76d357fa49b78a089

SHA256
adc87066bb29e8d676867c21bb2fe534149ad7ebd2fbf9cafb14e625655b42b3

SHA512
5c6efe5e4a930d2366153a5bd8015cbb52cbe867ed44e98d6e075f14d1220d0a4932520d614517450cbac983b8f08d55bd8f371860f6ff4be6ac30b8088d4c90

Download Submit
C:\Windows\System\UUQEMqX.exe

Filesize
1.9MB

MD5
737813437b3819b2543d9679e8fc9eaa

SHA1
22addb502d77a14970df90c7473151e2fd9969f5

SHA256
94c28a7df2bda4634825f765e9b298ffa59cae0a74f4d7c94037c3fc4ac884c0

SHA512
571ef40fc6690ece93a9a04d98a2ed558488203b300ec2bf064fe5740b0f3fcf2bf47b0912ec8c1a61c004c78f14702d3554c8608fe9bcba8d949790880d6afd

Download Submit
C:\Windows\System\WaoPBLj.exe

Filesize
1.9MB

MD5
e5bbe32c1dce6ef5875adb58874d8f5e

SHA1
be3d44d41f1c8598c0023420b0fb7d78ab5e420a

SHA256
8f789661ec4a9282b792ad49c92998aba4487c81fb24d440d562bbe70df4ed58

SHA512
f4081b3efdddde533b0839bbc5307fdf3588593ae92e02f61a68e0a5ac846ee1a6c0a1afaa0458bd24929ee926b9a4b91d55f14c4340589134669ad2cb1f8207

Download Submit
C:\Windows\System\Wewmbkw.exe

Filesize
1.9MB

MD5
fd02a596281a5ceb7967da2276b6119f

SHA1
6d9ffd517460c020b2565d6ed41a1916a4dae8bc

SHA256
548758007fded708e9927174fdd4ce0288f93c15af5f7296e70fc6128bfb338c

SHA512
dec6dd9a1415914cf2f671e50988cf2b2961a32908da94d36b27f62203a91694e3dd802913974921bd3b711a3cd36a1e6d934f0688e5f3ed6d3a1c6d916513c9

Download Submit
C:\Windows\System\WuOpWSE.exe

Filesize
1.9MB

MD5
ce443d201fea5fe2a339ca42a207b509

SHA1
fde01546dded099912656b91b2cb2fbe15bd5ed7

SHA256
92d9637b44b9016f41eba43fef1d2b3b0420ca8abab17339059f54084b7c8d0e

SHA512
523ccba928ab7c46d46e6bf6da98c9dd64b9d25e9c90401d8bb5d179c8c0c4b3358f419ead40d467259dd7924dc31f01fa6f7a1ced5f3b01707357e3f00459eb

Download Submit
C:\Windows\System\XagaRVD.exe

Filesize
1.9MB

MD5
c7849935897f2e9dda6c53548a25299d

SHA1
027ac0511f160cbeeba7f07629c36169c87fd7af

SHA256
bb585606473fa1abbb1528a953eb56cffe5731bb07c6939afc59a23f1023e507

SHA512
93bbdbdad4ece14fc231520a4c0a7947caefe110189f43d8e18328c0ec3c400a4a67b0cd5117b628164f1c035cf0534213d41ede8986087b1f4fed5e619ba65e

Download Submit
C:\Windows\System\akuhJnp.exe

Filesize
1.9MB

MD5
c644143b837410b15a4055c52203c4f5

SHA1
8a45462c973bcd58cde4cefb536f1b1bd475be96

SHA256
a73ecd56b6714812566888b04994be9315f5c27791371010d094b77464ac483c

SHA512
338ad9fe50080a1331be9af0b3efe1bc0866ce8871decea289cafc724a6cf964c782d46a53bcd529d8682f8ee8c43a15c680c8a698d879b64d45c973559e8ff3

Download Submit
C:\Windows\System\bDMmhLx.exe

Filesize
1.9MB

MD5
63c81a16e3c0354df0fb212f86339b26

SHA1
60606f4f44ee45ed37de2e622d7734522d750a25

SHA256
0620420f7a1c8460698ec02c60b5bf2fe885efcbaaabc7fc1ab4c5b7e289b1d9

SHA512
013818c444c55b6df7c855dcbe342eaf78d76af2e49e46cf439691f993da819358018ce60b6d27a15d269b674e92ed7d949f8db6c423071d5bb4e42ebb0edde4

Download Submit
C:\Windows\System\bnAJGIb.exe

Filesize
1.9MB

MD5
cc57535854b505ee67acea34a6ce7767

SHA1
8cef360773febbd8bfddfb256d96fbdf66f7b767

SHA256
00fcf7fd6384d974d6ac54d77c0f03e08832015b3a39bc713d048db74ecb6d72

SHA512
076dce691bc952382b4cc2b788babb9720b8ac4014a55b41dc8b6701e8e4708dc9106e13a1fcfdf6d6449a61703fd5f6525881f7a5f00aed99a11a1cb5dd2ea9

Download Submit
C:\Windows\System\crWIblN.exe

Filesize
1.9MB

MD5
f2f2de94751234e00afe10585c73b4f7

SHA1
a2ef2639572aa66d93458d2c1f14306234e8dfb4

SHA256
aba01ab98b6950b8f8cf255d720866051e1d95002cf1f24335428407f2d08a7b

SHA512
0afdbc9412c4b505fd23d56834db5c528e47b30f4d380fc1e80dd6954e7089a68b3c3ec961913d3f3749eb4ff3271e6a6f25851ac562e7169770386ad4d780fa

Download Submit
C:\Windows\System\gXWALPi.exe

Filesize
1.9MB

MD5
b95077714fe59b751587e3565932d996

SHA1
76f4e441a46bf693bceb8104fb86f0a9a68153f0

SHA256
0ce304f0c090f30109b16c544fcc0f4bff36d2c296f9d489336efe74418efedc

SHA512
7aefbcf6233c3862642cd9a2e36fcface351a0e9bc6c4f89cb28ac85423dc96375f57641b2415c5907f8f82ecc416036ca15a3553c3ddd3d980f34e0d9b34ce7

Download Submit
C:\Windows\System\jdiskMd.exe

Filesize
1.9MB

MD5
61169d7cf9007cba490d8cf7cd6d61eb

SHA1
9e4d8c016b0fd8d67124e5267220fc2824e42aaa

SHA256
e7cc37bafd82d0ea56dab85130fda287b7fce4ee7d8a6e80bc9368ce2a899258

SHA512
6800b92e0c36d326cf286006e4eb5a5f25803c131dbb2109c6eee9d667b19e2732c54bcea2fa4f5c34a2ad326c73e00f918b1be6ba39cc7d5f08fdf0b4882ae9

Download Submit
C:\Windows\System\kMNYLVR.exe

Filesize
1.9MB

MD5
2118233d34b5bb94cf1306e7479d8d88

SHA1
b742b0197224a7a2e022ffe7edf310c78ec56e0d

SHA256
e6292d27ac0c4b10bed609f3a80fda040227929863d8b1b9d9f59bb7e752c770

SHA512
dbfa49d911657b1cb0ab17f8f55a05b83b7c7809e5ec5fa9cf02d118d3a4bc7f75d82f3c2de935a2f4d2a698881eda1edcfc438aaab37e1f4d1ddddb050f9d13

Download Submit
C:\Windows\System\keDxsxF.exe

Filesize
1.9MB

MD5
60571b16bec441a654bd7e34fe3d45f2

SHA1
c4d21253d3689fde7f3610f278e7c8c8fb896137

SHA256
5c8bda7c41a03629331147d1e4b0b6ccfd38755c09a0d1c7cf79f8cbb53f778f

SHA512
864afebdf0eafef57c4a154cb1a31597429a825499ce37f763da8c462717eae89e25753f802954c69b553a159f3010403a34d2d4fa3e05570e51deec3258361e

Download Submit
C:\Windows\System\lQxQeyd.exe

Filesize
8B

MD5
910de5e4823f1b594342aaa45a243c27

SHA1
e685fe344492ae089d7952151010d07f38420dbc

SHA256
35ac8b6a943f09a1cde24cd02afff8a0c7d652f165d54e16f6413276f4896cb0

SHA512
734b56228ae9283d7a41492191ea523ba29a1fabe1bd71428c57f89031a65c2affd92f940176ff946aa90efb62794a49b666566dba8320bb35feeeb83e9c2a4f

Download Submit
C:\Windows\System\ltcFumc.exe

Filesize
1.9MB

MD5
7343c789a25b10e4f715ee8fd608b17f

SHA1
d6cd2289fe82b5199cb4b7a7113353102d6c6c4d

SHA256
fe5e19020685dcce8996be66b84e9cf735566412d120b596d51b621a2379a376

SHA512
f3adda2a10298e0a2916d31141493f5a0d6ee60aa26bcb3bf1363e1f4bfafac8ccd41c087ddf18233ae8d9dae4a1f35fd033bad8be898e17970991d1ab30255d

Download Submit
C:\Windows\System\mSyBklt.exe

Filesize
1.9MB

MD5
e39211bc1bbb519806866ef56f6f4e38

SHA1
13b06e656a67ea88714e61eda5799ad91cc45063

SHA256
6862c51d1fca9b1e5d5fd5a6425f371bf27e4e56833c8591246733d2ec756120

SHA512
b025d91b7563437c2272cfd9d60884f002d86301b885c9e273a57e115d977e8be5cf25fa5c4265dd196c65cc4cdecf0d43f200b5270a3fdd4312f7a37db103ce

Download Submit
C:\Windows\System\nTjEGwK.exe

Filesize
1.9MB

MD5
e2d93829435f8345feec0ab0d16d8a08

SHA1
2d4e5aedd5c24c392aafc19dd55adcddb3809e2e

SHA256
fcf29d86ac18933132849291a333ba9ac812431c06064c60f1154095c8ed46f3

SHA512
4922ac60e426711acd00009cea4ac763f6401a144d2bf0f69fd162ca3c3d00b504d497c54ef880a537c5632022dee455b3bcd869565e5010b5080538afbf9767

Download Submit
C:\Windows\System\vTItJos.exe

Filesize
1.9MB

MD5
e951fb3ed4ab554fb0838e36ca05d154

SHA1
76743f8929fe5fd94bd86a4a7eafdced571a8c94

SHA256
8b5f466b13860502c858b167a29e04437cd4cee124a50a505fd4e301eead4179

SHA512
e6559a10804695aed8dc798f81f3b4b4153259b24f68c605471f50b8b1c4cafd248c6cee01bde46e8de12312111d12ba5895173c62dfeb5a204ae1f3a93df115

Download Submit
C:\Windows\System\voDxypJ.exe

Filesize
1.9MB

MD5
84fdd7904569daadae89cea0a6e53691

SHA1
8afe740e061bafb85e04fe6723110782b001eb97

SHA256
7c29cac34cde7be16b0675a7d4251a01fd84b0349834abae68f20025324fe129

SHA512
b5650c777b0c3c8e4ca536d266d5de44b24e7e1f871602cf4b93976fbedc67630eea43612dad36e6d47300fca4f55946f7e607bb882ee58fbd733281bb8db385

Download Submit
C:\Windows\System\wGdivCX.exe

Filesize
1.9MB

MD5
7a5cf1fcb620f705286f7a831c77cea4

SHA1
192e1955d881ef751434f2b6851f40f00959b55e

SHA256
fd62c7b3af09c4022cbebc3eb19cf7838a0de3a82721c59a178ddca2e907ebdf

SHA512
3d41c5f2e12981ed83ae5305def3df43d8f420b24ed5d6c82e91056275ac0e00534a953f822b574f367b117c768adb34e5bd091f140b0f2b642f43e1da1d884d

Download Submit
C:\Windows\System\yqLYwJk.exe

Filesize
1.9MB

MD5
efb020f5ade8301855e247669a310559

SHA1
da708b4bf32f8164a328d965ac13b946dbe852b8

SHA256
398cce5dd4c4fcea8b7ae182c214de6f2202c35557868a0ffd85ce2fa6a368eb

SHA512
fc56318f187d0e0b8a6e22f31deed88c64e48a804aa9ee1c126c5a1b2116934069389f0206b8da35a17c9c2e282808e04dea8f4c791598b358dc6d6619f5b6ad

Download Submit
C:\Windows\System\zNjaCfO.exe

Filesize
1.9MB

MD5
164ae28816eeb0d27ab45f8e3b21df1d

SHA1
10ebf389426a5da0cc950968ab0a3b50fc4e6cb5

SHA256
6f552a7f0d5bf6174d6b3637ea935a0a428880ecb19b5e66c3244b2585258c64

SHA512
6b1bbd040b67a61ee6686cda683abe050145d16a619c41cdc10d05a8b46e5436940b18b44e39b6dd0625d5cd80f3c290dcf8a610b16c03d6f34cd4e9080a8b81

Download Submit
memory/216-94-0x00007FF60A100000-0x00007FF60A4F2000-memory.dmp

Filesize
3.9MB

Download
memory/216-1940-0x00007FF60A100000-0x00007FF60A4F2000-memory.dmp

Filesize
3.9MB

Download
memory/216-2018-0x00007FF60A100000-0x00007FF60A4F2000-memory.dmp

Filesize
3.9MB

Download
memory/464-2011-0x00007FF6D3EA0000-0x00007FF6D4292000-memory.dmp

Filesize
3.9MB

Download
memory/464-116-0x00007FF6D3EA0000-0x00007FF6D4292000-memory.dmp

Filesize
3.9MB

Download
memory/656-83-0x00007FF79F870000-0x00007FF79FC62000-memory.dmp

Filesize
3.9MB

Download
memory/656-2006-0x00007FF79F870000-0x00007FF79FC62000-memory.dmp

Filesize
3.9MB

Download
memory/980-1992-0x00007FF7DC610000-0x00007FF7DCA02000-memory.dmp

Filesize
3.9MB

Download
memory/980-108-0x00007FF7DC610000-0x00007FF7DCA02000-memory.dmp

Filesize
3.9MB

Download
memory/1576-2030-0x00007FF677820000-0x00007FF677C12000-memory.dmp

Filesize
3.9MB

Download
memory/1576-148-0x00007FF677820000-0x00007FF677C12000-memory.dmp

Filesize
3.9MB

Download
memory/1620-128-0x00007FF777D20000-0x00007FF778112000-memory.dmp

Filesize
3.9MB

Download
memory/1620-2016-0x00007FF777D20000-0x00007FF778112000-memory.dmp

Filesize
3.9MB

Download
memory/1828-73-0x00007FF712660000-0x00007FF712A52000-memory.dmp

Filesize
3.9MB

Download
memory/1828-2002-0x00007FF712660000-0x00007FF712A52000-memory.dmp

Filesize
3.9MB

Download
memory/1868-33-0x00007FF8D9800000-0x00007FF8DA2C1000-memory.dmp

Filesize
10.8MB

Download
memory/1868-443-0x000002BE718A0000-0x000002BE72046000-memory.dmp

Filesize
7.6MB

Download
memory/1868-56-0x00007FF8D9800000-0x00007FF8DA2C1000-memory.dmp

Filesize
10.8MB

Download
memory/1868-43-0x000002BE70840000-0x000002BE70862000-memory.dmp

Filesize
136KB

Download
memory/1868-5-0x00007FF8D9803000-0x00007FF8D9805000-memory.dmp

Filesize
8KB

Download
memory/2020-122-0x00007FF6B6B20000-0x00007FF6B6F12000-memory.dmp

Filesize
3.9MB

Download
memory/2020-2014-0x00007FF6B6B20000-0x00007FF6B6F12000-memory.dmp

Filesize
3.9MB

Download
memory/2216-82-0x00007FF676390000-0x00007FF676782000-memory.dmp

Filesize
3.9MB

Download
memory/2216-1996-0x00007FF676390000-0x00007FF676782000-memory.dmp

Filesize
3.9MB

Download
memory/2272-129-0x00007FF70BE10000-0x00007FF70C202000-memory.dmp

Filesize
3.9MB

Download
memory/2272-2024-0x00007FF70BE10000-0x00007FF70C202000-memory.dmp

Filesize
3.9MB

Download
memory/2812-167-0x00007FF7A1170000-0x00007FF7A1562000-memory.dmp

Filesize
3.9MB

Download
memory/2812-2043-0x00007FF7A1170000-0x00007FF7A1562000-memory.dmp

Filesize
3.9MB

Download
memory/2892-142-0x00007FF68D060000-0x00007FF68D452000-memory.dmp

Filesize
3.9MB

Download
memory/2892-2032-0x00007FF68D060000-0x00007FF68D452000-memory.dmp

Filesize
3.9MB

Download
memory/2940-93-0x00007FF77E880000-0x00007FF77EC72000-memory.dmp

Filesize
3.9MB

Download
memory/2940-2012-0x00007FF77E880000-0x00007FF77EC72000-memory.dmp

Filesize
3.9MB

Download
memory/3132-104-0x00007FF7B4170000-0x00007FF7B4562000-memory.dmp

Filesize
3.9MB

Download
memory/3132-1939-0x00007FF7B4170000-0x00007FF7B4562000-memory.dmp

Filesize
3.9MB

Download
memory/3132-2020-0x00007FF7B4170000-0x00007FF7B4562000-memory.dmp

Filesize
3.9MB

Download
memory/3216-2034-0x00007FF6A3760000-0x00007FF6A3B52000-memory.dmp

Filesize
3.9MB

Download
memory/3216-155-0x00007FF6A3760000-0x00007FF6A3B52000-memory.dmp

Filesize
3.9MB

Download
memory/3244-2000-0x00007FF6F77D0000-0x00007FF6F7BC2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-64-0x00007FF6F77D0000-0x00007FF6F7BC2000-memory.dmp

Filesize
3.9MB

Download
memory/3360-1994-0x00007FF7A8200000-0x00007FF7A85F2000-memory.dmp

Filesize
3.9MB

Download
memory/3360-58-0x00007FF7A8200000-0x00007FF7A85F2000-memory.dmp

Filesize
3.9MB

Download
memory/3532-115-0x00007FF7AA660000-0x00007FF7AAA52000-memory.dmp

Filesize
3.9MB

Download
memory/3532-2004-0x00007FF7AA660000-0x00007FF7AAA52000-memory.dmp

Filesize
3.9MB

Download
memory/3616-0-0x00007FF6C2D00000-0x00007FF6C30F2000-memory.dmp

Filesize
3.9MB

Download
memory/3616-1-0x000001FBCBAF0000-0x000001FBCBB00000-memory.dmp

Filesize
64KB

Download
memory/3956-88-0x00007FF67B720000-0x00007FF67BB12000-memory.dmp

Filesize
3.9MB

Download
memory/3956-1998-0x00007FF67B720000-0x00007FF67BB12000-memory.dmp

Filesize
3.9MB

Download
memory/3980-109-0x00007FF73BAE0000-0x00007FF73BED2000-memory.dmp

Filesize
3.9MB

Download
memory/3980-2008-0x00007FF73BAE0000-0x00007FF73BED2000-memory.dmp

Filesize
3.9MB

Download
memory/4052-2036-0x00007FF644360000-0x00007FF644752000-memory.dmp

Filesize
3.9MB

Download
memory/4052-161-0x00007FF644360000-0x00007FF644752000-memory.dmp

Filesize
3.9MB

Download
memory/4592-135-0x00007FF646000000-0x00007FF6463F2000-memory.dmp

Filesize
3.9MB

Download
memory/4592-2022-0x00007FF646000000-0x00007FF6463F2000-memory.dmp

Filesize
3.9MB

Download
memory/4680-2028-0x00007FF7F7990000-0x00007FF7F7D82000-memory.dmp

Filesize
3.9MB

Download
memory/4680-136-0x00007FF7F7990000-0x00007FF7F7D82000-memory.dmp

Filesize
3.9MB

Download
memory/4740-154-0x00007FF6DFEC0000-0x00007FF6E02B2000-memory.dmp

Filesize
3.9MB

Download
memory/4740-2026-0x00007FF6DFEC0000-0x00007FF6E02B2000-memory.dmp

Filesize
3.9MB

Download