xmrig | 28a74536ca3435678198379faeae311a5f9311ee27c84bbd2a01e14446b5e51e

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a333957292f6e055e4aa81c3350e3c40N.exe
Size

2.0MB
MD5

a333957292f6e055e4aa81c3350e3c40
SHA1

94983066fdc85e26146f35ebdd1665e624326458
SHA256

28a74536ca3435678198379faeae311a5f9311ee27c84bbd2a01e14446b5e51e
SHA512

14a6c82b9bd56ffd19957c5aa4129a24ba460c79d04c1c63e3801c58450a14b3abdbe494c3e5e34d1bcd302e75d5c1c583f66cf09e3b020d1d12b7edeb89ccb9
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4p1HzDgU7yZzt/c:NABH

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/5088-77-0x00007FF6FBDD0000-0x00007FF6FC1C2000-memory.dmp	xmrig
behavioral2/memory/672-160-0x00007FF791700000-0x00007FF791AF2000-memory.dmp	xmrig
behavioral2/memory/1504-201-0x00007FF779940000-0x00007FF779D32000-memory.dmp	xmrig
behavioral2/memory/1696-208-0x00007FF6E0590000-0x00007FF6E0982000-memory.dmp	xmrig
behavioral2/memory/1792-200-0x00007FF7519C0000-0x00007FF751DB2000-memory.dmp	xmrig
behavioral2/memory/1164-189-0x00007FF6F5410000-0x00007FF6F5802000-memory.dmp	xmrig
behavioral2/memory/4336-182-0x00007FF62F950000-0x00007FF62FD42000-memory.dmp	xmrig
behavioral2/memory/4764-176-0x00007FF643FF0000-0x00007FF6443E2000-memory.dmp	xmrig
behavioral2/memory/1900-166-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp	xmrig
behavioral2/memory/1728-154-0x00007FF752C90000-0x00007FF753082000-memory.dmp	xmrig
behavioral2/memory/816-147-0x00007FF6FBC30000-0x00007FF6FC022000-memory.dmp	xmrig
behavioral2/memory/1800-142-0x00007FF7B6240000-0x00007FF7B6632000-memory.dmp	xmrig
behavioral2/memory/400-139-0x00007FF654780000-0x00007FF654B72000-memory.dmp	xmrig
behavioral2/memory/4980-135-0x00007FF6B9D00000-0x00007FF6BA0F2000-memory.dmp	xmrig
behavioral2/memory/232-129-0x00007FF6845F0000-0x00007FF6849E2000-memory.dmp	xmrig
behavioral2/memory/1380-118-0x00007FF764780000-0x00007FF764B72000-memory.dmp	xmrig
behavioral2/memory/2012-114-0x00007FF70AA10000-0x00007FF70AE02000-memory.dmp	xmrig
behavioral2/memory/1264-108-0x00007FF723B60000-0x00007FF723F52000-memory.dmp	xmrig
behavioral2/memory/3696-105-0x00007FF6E9870000-0x00007FF6E9C62000-memory.dmp	xmrig
behavioral2/memory/2784-99-0x00007FF6C1A30000-0x00007FF6C1E22000-memory.dmp	xmrig
behavioral2/memory/3900-94-0x00007FF7997C0000-0x00007FF799BB2000-memory.dmp	xmrig
behavioral2/memory/2052-90-0x00007FF73E300000-0x00007FF73E6F2000-memory.dmp	xmrig
behavioral2/memory/1644-76-0x00007FF67C610000-0x00007FF67CA02000-memory.dmp	xmrig
behavioral2/memory/4756-18-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp	xmrig
behavioral2/memory/4756-2880-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp	xmrig
behavioral2/memory/4756-2884-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp	xmrig
behavioral2/memory/4980-2886-0x00007FF6B9D00000-0x00007FF6BA0F2000-memory.dmp	xmrig
behavioral2/memory/400-2888-0x00007FF654780000-0x00007FF654B72000-memory.dmp	xmrig
behavioral2/memory/2052-2890-0x00007FF73E300000-0x00007FF73E6F2000-memory.dmp	xmrig
behavioral2/memory/5088-2893-0x00007FF6FBDD0000-0x00007FF6FC1C2000-memory.dmp	xmrig
behavioral2/memory/3900-2896-0x00007FF7997C0000-0x00007FF799BB2000-memory.dmp	xmrig
behavioral2/memory/1264-2900-0x00007FF723B60000-0x00007FF723F52000-memory.dmp	xmrig
behavioral2/memory/3696-2902-0x00007FF6E9870000-0x00007FF6E9C62000-memory.dmp	xmrig
behavioral2/memory/2784-2898-0x00007FF6C1A30000-0x00007FF6C1E22000-memory.dmp	xmrig
behavioral2/memory/1644-2894-0x00007FF67C610000-0x00007FF67CA02000-memory.dmp	xmrig
behavioral2/memory/2012-2904-0x00007FF70AA10000-0x00007FF70AE02000-memory.dmp	xmrig
behavioral2/memory/1800-2906-0x00007FF7B6240000-0x00007FF7B6632000-memory.dmp	xmrig
behavioral2/memory/1380-2908-0x00007FF764780000-0x00007FF764B72000-memory.dmp	xmrig
behavioral2/memory/232-2912-0x00007FF6845F0000-0x00007FF6849E2000-memory.dmp	xmrig
behavioral2/memory/816-2914-0x00007FF6FBC30000-0x00007FF6FC022000-memory.dmp	xmrig
behavioral2/memory/1728-2911-0x00007FF752C90000-0x00007FF753082000-memory.dmp	xmrig
behavioral2/memory/672-2918-0x00007FF791700000-0x00007FF791AF2000-memory.dmp	xmrig
behavioral2/memory/1900-2917-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp	xmrig
behavioral2/memory/4764-2920-0x00007FF643FF0000-0x00007FF6443E2000-memory.dmp	xmrig
behavioral2/memory/4336-2924-0x00007FF62F950000-0x00007FF62FD42000-memory.dmp	xmrig
behavioral2/memory/1792-2928-0x00007FF7519C0000-0x00007FF751DB2000-memory.dmp	xmrig
behavioral2/memory/1164-2927-0x00007FF6F5410000-0x00007FF6F5802000-memory.dmp	xmrig
behavioral2/memory/1504-2923-0x00007FF779940000-0x00007FF779D32000-memory.dmp	xmrig
behavioral2/memory/1696-2931-0x00007FF6E0590000-0x00007FF6E0982000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
9	3060	powershell.exe
11	3060	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3060	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4756	rmYKlZS.exe
4980	qMelLtg.exe
400	xmMSniL.exe
1644	XbCqOYM.exe
5088	lTcTlbT.exe
2052	hlvnfzW.exe
3900	DSMmjuW.exe
2784	HdncBuW.exe
3696	lZlihEw.exe
1264	hZDaXdj.exe
1800	RcNZPpK.exe
2012	vqTKVtR.exe
1380	TIIvVLH.exe
816	aDiQkOk.exe
1728	cJeQrZG.exe
232	XBltwsx.exe
672	NZpCtbt.exe
1900	bLVUPuh.exe
4764	BTymhDU.exe
4336	HaGdrwW.exe
1164	QORPvwh.exe
1792	Uanzdpi.exe
1504	rENDeHO.exe
1696	pyljvXM.exe
3904	ZZBcwxE.exe
536	sxTPdhb.exe
2992	kwGrYRT.exe
4772	dSvagZx.exe
3764	PSqVDIG.exe
4112	wOlBkDE.exe
3732	bqNMUWs.exe
3080	XdCQXHE.exe
3552	OKQGHuy.exe
4600	cqpkZzM.exe
4820	IbPBFhm.exe
4536	PdZlqUu.exe
4644	zXZaLVi.exe
3028	QQgGgrD.exe
2808	nBUdlDC.exe
4436	HbBgtYL.exe
4456	vNUbSBe.exe
4696	RxYfKJp.exe
3212	bedIyMk.exe
2392	VMPpDow.exe
4472	wDjosUs.exe
3020	eTAtmKx.exe
436	fiqNVNX.exe
4176	vAVYcnE.exe
2772	mSdwLdM.exe
2032	PaKnxJy.exe
2668	eZHqJCt.exe
4524	vyQhfzp.exe
1796	IpwJbBi.exe
2556	gqnxcqm.exe
1724	VSiDIep.exe
1848	tgkVLAZ.exe
4712	SpYOOVg.exe
5104	pGqZOWa.exe
4244	fnjzphp.exe
2492	WUNLWhZ.exe
3780	SuQiKRh.exe
2856	fNTuFKg.exe
2420	ozZGgCc.exe
632	czBAXIV.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3168-0-0x00007FF67D160000-0x00007FF67D552000-memory.dmp	upx
behavioral2/files/0x0009000000023470-5.dat	upx
behavioral2/files/0x00070000000234cb-15.dat	upx
behavioral2/files/0x00070000000234cf-37.dat	upx
behavioral2/files/0x00070000000234d0-48.dat	upx
behavioral2/files/0x00070000000234d3-54.dat	upx
behavioral2/memory/5088-77-0x00007FF6FBDD0000-0x00007FF6FC1C2000-memory.dmp	upx
behavioral2/files/0x00070000000234d8-81.dat	upx
behavioral2/files/0x00070000000234d9-95.dat	upx
behavioral2/files/0x00070000000234da-101.dat	upx
behavioral2/files/0x00070000000234db-112.dat	upx
behavioral2/files/0x00080000000234d6-115.dat	upx
behavioral2/files/0x00070000000234dc-130.dat	upx
behavioral2/files/0x00070000000234df-138.dat	upx
behavioral2/memory/672-160-0x00007FF791700000-0x00007FF791AF2000-memory.dmp	upx
behavioral2/files/0x00070000000234e4-169.dat	upx
behavioral2/files/0x00070000000234e6-179.dat	upx
behavioral2/files/0x00070000000234e8-192.dat	upx
behavioral2/memory/1504-201-0x00007FF779940000-0x00007FF779D32000-memory.dmp	upx
behavioral2/memory/1696-208-0x00007FF6E0590000-0x00007FF6E0982000-memory.dmp	upx
behavioral2/memory/1792-200-0x00007FF7519C0000-0x00007FF751DB2000-memory.dmp	upx
behavioral2/files/0x00070000000234e9-197.dat	upx
behavioral2/files/0x00070000000234e7-195.dat	upx
behavioral2/memory/1164-189-0x00007FF6F5410000-0x00007FF6F5802000-memory.dmp	upx
behavioral2/files/0x00070000000234e5-184.dat	upx
behavioral2/memory/4336-182-0x00007FF62F950000-0x00007FF62FD42000-memory.dmp	upx
behavioral2/memory/4764-176-0x00007FF643FF0000-0x00007FF6443E2000-memory.dmp	upx
behavioral2/files/0x00070000000234e3-172.dat	upx
behavioral2/files/0x00070000000234e2-167.dat	upx
behavioral2/memory/1900-166-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp	upx
behavioral2/files/0x00070000000234e1-161.dat	upx
behavioral2/files/0x00070000000234e0-155.dat	upx
behavioral2/memory/1728-154-0x00007FF752C90000-0x00007FF753082000-memory.dmp	upx
behavioral2/memory/816-147-0x00007FF6FBC30000-0x00007FF6FC022000-memory.dmp	upx
behavioral2/memory/1800-142-0x00007FF7B6240000-0x00007FF7B6632000-memory.dmp	upx
behavioral2/files/0x00070000000234de-140.dat	upx
behavioral2/memory/400-139-0x00007FF654780000-0x00007FF654B72000-memory.dmp	upx
behavioral2/files/0x00070000000234dd-136.dat	upx
behavioral2/memory/4980-135-0x00007FF6B9D00000-0x00007FF6BA0F2000-memory.dmp	upx
behavioral2/memory/232-129-0x00007FF6845F0000-0x00007FF6849E2000-memory.dmp	upx
behavioral2/files/0x00080000000234c8-120.dat	upx
behavioral2/memory/1380-118-0x00007FF764780000-0x00007FF764B72000-memory.dmp	upx
behavioral2/memory/2012-114-0x00007FF70AA10000-0x00007FF70AE02000-memory.dmp	upx
behavioral2/memory/1264-108-0x00007FF723B60000-0x00007FF723F52000-memory.dmp	upx
behavioral2/memory/3696-105-0x00007FF6E9870000-0x00007FF6E9C62000-memory.dmp	upx
behavioral2/files/0x00080000000234d7-100.dat	upx
behavioral2/memory/2784-99-0x00007FF6C1A30000-0x00007FF6C1E22000-memory.dmp	upx
behavioral2/memory/3900-94-0x00007FF7997C0000-0x00007FF799BB2000-memory.dmp	upx
behavioral2/memory/2052-90-0x00007FF73E300000-0x00007FF73E6F2000-memory.dmp	upx
behavioral2/files/0x00070000000234d4-80.dat	upx
behavioral2/files/0x00070000000234d5-78.dat	upx
behavioral2/memory/1644-76-0x00007FF67C610000-0x00007FF67CA02000-memory.dmp	upx
behavioral2/files/0x00070000000234d1-66.dat	upx
behavioral2/files/0x00070000000234d2-49.dat	upx
behavioral2/files/0x00070000000234cd-33.dat	upx
behavioral2/files/0x00070000000234cc-27.dat	upx
behavioral2/files/0x00070000000234ce-24.dat	upx
behavioral2/memory/4756-18-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp	upx
behavioral2/memory/4756-2880-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp	upx
behavioral2/memory/4756-2884-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp	upx
behavioral2/memory/4980-2886-0x00007FF6B9D00000-0x00007FF6BA0F2000-memory.dmp	upx
behavioral2/memory/400-2888-0x00007FF654780000-0x00007FF654B72000-memory.dmp	upx
behavioral2/memory/2052-2890-0x00007FF73E300000-0x00007FF73E6F2000-memory.dmp	upx
behavioral2/memory/5088-2893-0x00007FF6FBDD0000-0x00007FF6FC1C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wtTgQzt.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\gTtvnIy.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\MrcYKXg.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\yrSkbKa.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\bhVOpWg.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\lbloXhT.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\EwDwkSN.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\SbXtIKN.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\mGXzWmd.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\GRkDetJ.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\bLVUPuh.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\ZxwGZRV.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\DcttTHu.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\mDlSfFZ.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\uwMyGqR.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\gsSJAqP.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\RDwUKdr.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\MfuyblL.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\OdCuquR.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\zPhwAWw.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\KKTOPcc.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\lJGrmnX.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\NeNwDWn.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\CzBnNbR.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\hGPcsBP.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\PerwBFt.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\eGcKFce.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\bVNilkV.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\PAwCRXe.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\TKnuERb.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\gfilWVM.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\nkiOqNM.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\uXESrAw.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\GCQxlld.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\weiDoXY.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\dhZlRuX.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\KhrIDtp.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\lLPMSAn.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\MRzlzKw.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\JCFpOft.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\eqfyXWi.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\UQecVuA.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\XGvSPQB.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\tDlFdBN.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\iqPCWpO.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\zhlyIYs.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\OZeKkqI.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\PNMzNcj.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\CYZgXBq.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\mSCjgVH.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\JfHNisD.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\sOuLdZv.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\bHmzxcx.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\eGettVD.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\SZryPcf.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\QHoKwSX.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\lRfbYJK.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\lfUDCOM.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\QUIoDxe.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\BWQtVNh.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\tNhxMvi.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\TgIwvRe.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\hilxTFH.exe	a333957292f6e055e4aa81c3350e3c40N.exe
File created	C:\Windows\System\kXtGapT.exe	a333957292f6e055e4aa81c3350e3c40N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3060	powershell.exe
3060	powershell.exe
3060	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3168	a333957292f6e055e4aa81c3350e3c40N.exe
Token: SeDebugPrivilege	3060	powershell.exe
Token: SeLockMemoryPrivilege	3168	a333957292f6e055e4aa81c3350e3c40N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 3060	3168	a333957292f6e055e4aa81c3350e3c40N.exe	85
PID 3168 wrote to memory of 3060	3168	a333957292f6e055e4aa81c3350e3c40N.exe	85
PID 3168 wrote to memory of 4756	3168	a333957292f6e055e4aa81c3350e3c40N.exe	86
PID 3168 wrote to memory of 4756	3168	a333957292f6e055e4aa81c3350e3c40N.exe	86
PID 3168 wrote to memory of 4980	3168	a333957292f6e055e4aa81c3350e3c40N.exe	87
PID 3168 wrote to memory of 4980	3168	a333957292f6e055e4aa81c3350e3c40N.exe	87
PID 3168 wrote to memory of 1644	3168	a333957292f6e055e4aa81c3350e3c40N.exe	88
PID 3168 wrote to memory of 1644	3168	a333957292f6e055e4aa81c3350e3c40N.exe	88
PID 3168 wrote to memory of 5088	3168	a333957292f6e055e4aa81c3350e3c40N.exe	89
PID 3168 wrote to memory of 5088	3168	a333957292f6e055e4aa81c3350e3c40N.exe	89
PID 3168 wrote to memory of 400	3168	a333957292f6e055e4aa81c3350e3c40N.exe	90
PID 3168 wrote to memory of 400	3168	a333957292f6e055e4aa81c3350e3c40N.exe	90
PID 3168 wrote to memory of 2052	3168	a333957292f6e055e4aa81c3350e3c40N.exe	91
PID 3168 wrote to memory of 2052	3168	a333957292f6e055e4aa81c3350e3c40N.exe	91
PID 3168 wrote to memory of 3900	3168	a333957292f6e055e4aa81c3350e3c40N.exe	92
PID 3168 wrote to memory of 3900	3168	a333957292f6e055e4aa81c3350e3c40N.exe	92
PID 3168 wrote to memory of 3696	3168	a333957292f6e055e4aa81c3350e3c40N.exe	93
PID 3168 wrote to memory of 3696	3168	a333957292f6e055e4aa81c3350e3c40N.exe	93
PID 3168 wrote to memory of 2784	3168	a333957292f6e055e4aa81c3350e3c40N.exe	94
PID 3168 wrote to memory of 2784	3168	a333957292f6e055e4aa81c3350e3c40N.exe	94
PID 3168 wrote to memory of 1264	3168	a333957292f6e055e4aa81c3350e3c40N.exe	95
PID 3168 wrote to memory of 1264	3168	a333957292f6e055e4aa81c3350e3c40N.exe	95
PID 3168 wrote to memory of 1800	3168	a333957292f6e055e4aa81c3350e3c40N.exe	96
PID 3168 wrote to memory of 1800	3168	a333957292f6e055e4aa81c3350e3c40N.exe	96
PID 3168 wrote to memory of 2012	3168	a333957292f6e055e4aa81c3350e3c40N.exe	97
PID 3168 wrote to memory of 2012	3168	a333957292f6e055e4aa81c3350e3c40N.exe	97
PID 3168 wrote to memory of 1380	3168	a333957292f6e055e4aa81c3350e3c40N.exe	98
PID 3168 wrote to memory of 1380	3168	a333957292f6e055e4aa81c3350e3c40N.exe	98
PID 3168 wrote to memory of 816	3168	a333957292f6e055e4aa81c3350e3c40N.exe	99
PID 3168 wrote to memory of 816	3168	a333957292f6e055e4aa81c3350e3c40N.exe	99
PID 3168 wrote to memory of 1728	3168	a333957292f6e055e4aa81c3350e3c40N.exe	100
PID 3168 wrote to memory of 1728	3168	a333957292f6e055e4aa81c3350e3c40N.exe	100
PID 3168 wrote to memory of 232	3168	a333957292f6e055e4aa81c3350e3c40N.exe	101
PID 3168 wrote to memory of 232	3168	a333957292f6e055e4aa81c3350e3c40N.exe	101
PID 3168 wrote to memory of 672	3168	a333957292f6e055e4aa81c3350e3c40N.exe	102
PID 3168 wrote to memory of 672	3168	a333957292f6e055e4aa81c3350e3c40N.exe	102
PID 3168 wrote to memory of 1900	3168	a333957292f6e055e4aa81c3350e3c40N.exe	103
PID 3168 wrote to memory of 1900	3168	a333957292f6e055e4aa81c3350e3c40N.exe	103
PID 3168 wrote to memory of 4764	3168	a333957292f6e055e4aa81c3350e3c40N.exe	104
PID 3168 wrote to memory of 4764	3168	a333957292f6e055e4aa81c3350e3c40N.exe	104
PID 3168 wrote to memory of 4336	3168	a333957292f6e055e4aa81c3350e3c40N.exe	105
PID 3168 wrote to memory of 4336	3168	a333957292f6e055e4aa81c3350e3c40N.exe	105
PID 3168 wrote to memory of 1164	3168	a333957292f6e055e4aa81c3350e3c40N.exe	106
PID 3168 wrote to memory of 1164	3168	a333957292f6e055e4aa81c3350e3c40N.exe	106
PID 3168 wrote to memory of 1792	3168	a333957292f6e055e4aa81c3350e3c40N.exe	107
PID 3168 wrote to memory of 1792	3168	a333957292f6e055e4aa81c3350e3c40N.exe	107
PID 3168 wrote to memory of 1504	3168	a333957292f6e055e4aa81c3350e3c40N.exe	108
PID 3168 wrote to memory of 1504	3168	a333957292f6e055e4aa81c3350e3c40N.exe	108
PID 3168 wrote to memory of 1696	3168	a333957292f6e055e4aa81c3350e3c40N.exe	109
PID 3168 wrote to memory of 1696	3168	a333957292f6e055e4aa81c3350e3c40N.exe	109
PID 3168 wrote to memory of 3904	3168	a333957292f6e055e4aa81c3350e3c40N.exe	110
PID 3168 wrote to memory of 3904	3168	a333957292f6e055e4aa81c3350e3c40N.exe	110
PID 3168 wrote to memory of 536	3168	a333957292f6e055e4aa81c3350e3c40N.exe	111
PID 3168 wrote to memory of 536	3168	a333957292f6e055e4aa81c3350e3c40N.exe	111
PID 3168 wrote to memory of 2992	3168	a333957292f6e055e4aa81c3350e3c40N.exe	112
PID 3168 wrote to memory of 2992	3168	a333957292f6e055e4aa81c3350e3c40N.exe	112
PID 3168 wrote to memory of 4772	3168	a333957292f6e055e4aa81c3350e3c40N.exe	113
PID 3168 wrote to memory of 4772	3168	a333957292f6e055e4aa81c3350e3c40N.exe	113
PID 3168 wrote to memory of 3764	3168	a333957292f6e055e4aa81c3350e3c40N.exe	114
PID 3168 wrote to memory of 3764	3168	a333957292f6e055e4aa81c3350e3c40N.exe	114
PID 3168 wrote to memory of 4112	3168	a333957292f6e055e4aa81c3350e3c40N.exe	115
PID 3168 wrote to memory of 4112	3168	a333957292f6e055e4aa81c3350e3c40N.exe	115
PID 3168 wrote to memory of 3732	3168	a333957292f6e055e4aa81c3350e3c40N.exe	116
PID 3168 wrote to memory of 3732	3168	a333957292f6e055e4aa81c3350e3c40N.exe	116

C:\Users\Admin\AppData\Local\Temp\a333957292f6e055e4aa81c3350e3c40N.exe
"C:\Users\Admin\AppData\Local\Temp\a333957292f6e055e4aa81c3350e3c40N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3060
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3060" "2960" "2884" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:4804
- C:\Windows\System\rmYKlZS.exe
  C:\Windows\System\rmYKlZS.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\qMelLtg.exe
  C:\Windows\System\qMelLtg.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\XbCqOYM.exe
  C:\Windows\System\XbCqOYM.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\lTcTlbT.exe
  C:\Windows\System\lTcTlbT.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\xmMSniL.exe
  C:\Windows\System\xmMSniL.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\hlvnfzW.exe
  C:\Windows\System\hlvnfzW.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\DSMmjuW.exe
  C:\Windows\System\DSMmjuW.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\lZlihEw.exe
  C:\Windows\System\lZlihEw.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\HdncBuW.exe
  C:\Windows\System\HdncBuW.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\hZDaXdj.exe
  C:\Windows\System\hZDaXdj.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\RcNZPpK.exe
  C:\Windows\System\RcNZPpK.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\vqTKVtR.exe
  C:\Windows\System\vqTKVtR.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\TIIvVLH.exe
  C:\Windows\System\TIIvVLH.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\aDiQkOk.exe
  C:\Windows\System\aDiQkOk.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\cJeQrZG.exe
  C:\Windows\System\cJeQrZG.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\XBltwsx.exe
  C:\Windows\System\XBltwsx.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\NZpCtbt.exe
  C:\Windows\System\NZpCtbt.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\bLVUPuh.exe
  C:\Windows\System\bLVUPuh.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\BTymhDU.exe
  C:\Windows\System\BTymhDU.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\HaGdrwW.exe
  C:\Windows\System\HaGdrwW.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\QORPvwh.exe
  C:\Windows\System\QORPvwh.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\Uanzdpi.exe
  C:\Windows\System\Uanzdpi.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\rENDeHO.exe
  C:\Windows\System\rENDeHO.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\pyljvXM.exe
  C:\Windows\System\pyljvXM.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\ZZBcwxE.exe
  C:\Windows\System\ZZBcwxE.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\sxTPdhb.exe
  C:\Windows\System\sxTPdhb.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\kwGrYRT.exe
  C:\Windows\System\kwGrYRT.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\dSvagZx.exe
  C:\Windows\System\dSvagZx.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\PSqVDIG.exe
  C:\Windows\System\PSqVDIG.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\wOlBkDE.exe
  C:\Windows\System\wOlBkDE.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\bqNMUWs.exe
  C:\Windows\System\bqNMUWs.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\XdCQXHE.exe
  C:\Windows\System\XdCQXHE.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\OKQGHuy.exe
  C:\Windows\System\OKQGHuy.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\cqpkZzM.exe
  C:\Windows\System\cqpkZzM.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\IbPBFhm.exe
  C:\Windows\System\IbPBFhm.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\PdZlqUu.exe
  C:\Windows\System\PdZlqUu.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\zXZaLVi.exe
  C:\Windows\System\zXZaLVi.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\QQgGgrD.exe
  C:\Windows\System\QQgGgrD.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\nBUdlDC.exe
  C:\Windows\System\nBUdlDC.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\HbBgtYL.exe
  C:\Windows\System\HbBgtYL.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\vNUbSBe.exe
  C:\Windows\System\vNUbSBe.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\RxYfKJp.exe
  C:\Windows\System\RxYfKJp.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\bedIyMk.exe
  C:\Windows\System\bedIyMk.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\VMPpDow.exe
  C:\Windows\System\VMPpDow.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\wDjosUs.exe
  C:\Windows\System\wDjosUs.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\eTAtmKx.exe
  C:\Windows\System\eTAtmKx.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\fiqNVNX.exe
  C:\Windows\System\fiqNVNX.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\vAVYcnE.exe
  C:\Windows\System\vAVYcnE.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\mSdwLdM.exe
  C:\Windows\System\mSdwLdM.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\PaKnxJy.exe
  C:\Windows\System\PaKnxJy.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\eZHqJCt.exe
  C:\Windows\System\eZHqJCt.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\vyQhfzp.exe
  C:\Windows\System\vyQhfzp.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\IpwJbBi.exe
  C:\Windows\System\IpwJbBi.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\gqnxcqm.exe
  C:\Windows\System\gqnxcqm.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\VSiDIep.exe
  C:\Windows\System\VSiDIep.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\tgkVLAZ.exe
  C:\Windows\System\tgkVLAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\SpYOOVg.exe
  C:\Windows\System\SpYOOVg.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\pGqZOWa.exe
  C:\Windows\System\pGqZOWa.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\fnjzphp.exe
  C:\Windows\System\fnjzphp.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\WUNLWhZ.exe
  C:\Windows\System\WUNLWhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\SuQiKRh.exe
  C:\Windows\System\SuQiKRh.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\fNTuFKg.exe
  C:\Windows\System\fNTuFKg.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ozZGgCc.exe
  C:\Windows\System\ozZGgCc.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\czBAXIV.exe
  C:\Windows\System\czBAXIV.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\VPgKgZs.exe
  C:\Windows\System\VPgKgZs.exe
  2⤵
  PID:3352
- C:\Windows\System\VXSIcXw.exe
  C:\Windows\System\VXSIcXw.exe
  2⤵
  PID:5140
- C:\Windows\System\XSCFJtt.exe
  C:\Windows\System\XSCFJtt.exe
  2⤵
  PID:5168
- C:\Windows\System\QhSrkIn.exe
  C:\Windows\System\QhSrkIn.exe
  2⤵
  PID:5196
- C:\Windows\System\lRfbYJK.exe
  C:\Windows\System\lRfbYJK.exe
  2⤵
  PID:5228
- C:\Windows\System\bAEnytb.exe
  C:\Windows\System\bAEnytb.exe
  2⤵
  PID:5268
- C:\Windows\System\CBkQYMM.exe
  C:\Windows\System\CBkQYMM.exe
  2⤵
  PID:5288
- C:\Windows\System\VocujZx.exe
  C:\Windows\System\VocujZx.exe
  2⤵
  PID:5312
- C:\Windows\System\kfWYCLo.exe
  C:\Windows\System\kfWYCLo.exe
  2⤵
  PID:5344
- C:\Windows\System\QcWvSEt.exe
  C:\Windows\System\QcWvSEt.exe
  2⤵
  PID:5368
- C:\Windows\System\mAvUFIB.exe
  C:\Windows\System\mAvUFIB.exe
  2⤵
  PID:5400
- C:\Windows\System\BmxnRUE.exe
  C:\Windows\System\BmxnRUE.exe
  2⤵
  PID:5428
- C:\Windows\System\nMRTvrX.exe
  C:\Windows\System\nMRTvrX.exe
  2⤵
  PID:5456
- C:\Windows\System\XprDTsk.exe
  C:\Windows\System\XprDTsk.exe
  2⤵
  PID:5488
- C:\Windows\System\VyAAHNh.exe
  C:\Windows\System\VyAAHNh.exe
  2⤵
  PID:5516
- C:\Windows\System\tDlFdBN.exe
  C:\Windows\System\tDlFdBN.exe
  2⤵
  PID:5544
- C:\Windows\System\ceWgwSf.exe
  C:\Windows\System\ceWgwSf.exe
  2⤵
  PID:5568
- C:\Windows\System\kYslCoP.exe
  C:\Windows\System\kYslCoP.exe
  2⤵
  PID:5600
- C:\Windows\System\qPnRwWZ.exe
  C:\Windows\System\qPnRwWZ.exe
  2⤵
  PID:5628
- C:\Windows\System\MRzlzKw.exe
  C:\Windows\System\MRzlzKw.exe
  2⤵
  PID:5652
- C:\Windows\System\SbXtIKN.exe
  C:\Windows\System\SbXtIKN.exe
  2⤵
  PID:5680
- C:\Windows\System\CwxxPCP.exe
  C:\Windows\System\CwxxPCP.exe
  2⤵
  PID:5712
- C:\Windows\System\LGDskVY.exe
  C:\Windows\System\LGDskVY.exe
  2⤵
  PID:5740
- C:\Windows\System\rHMVmPm.exe
  C:\Windows\System\rHMVmPm.exe
  2⤵
  PID:5768
- C:\Windows\System\oeqjlSi.exe
  C:\Windows\System\oeqjlSi.exe
  2⤵
  PID:5796
- C:\Windows\System\vUucfls.exe
  C:\Windows\System\vUucfls.exe
  2⤵
  PID:5824
- C:\Windows\System\UsoRkkN.exe
  C:\Windows\System\UsoRkkN.exe
  2⤵
  PID:5852
- C:\Windows\System\khPuDEJ.exe
  C:\Windows\System\khPuDEJ.exe
  2⤵
  PID:5880
- C:\Windows\System\NZbvvrr.exe
  C:\Windows\System\NZbvvrr.exe
  2⤵
  PID:5908
- C:\Windows\System\TMjrnFY.exe
  C:\Windows\System\TMjrnFY.exe
  2⤵
  PID:5936
- C:\Windows\System\YdQKPFf.exe
  C:\Windows\System\YdQKPFf.exe
  2⤵
  PID:5964
- C:\Windows\System\HJtJFue.exe
  C:\Windows\System\HJtJFue.exe
  2⤵
  PID:5988
- C:\Windows\System\LeHsDGV.exe
  C:\Windows\System\LeHsDGV.exe
  2⤵
  PID:6016
- C:\Windows\System\vVBSjGu.exe
  C:\Windows\System\vVBSjGu.exe
  2⤵
  PID:6044
- C:\Windows\System\ISHDFDQ.exe
  C:\Windows\System\ISHDFDQ.exe
  2⤵
  PID:6072
- C:\Windows\System\sOuLdZv.exe
  C:\Windows\System\sOuLdZv.exe
  2⤵
  PID:6104
- C:\Windows\System\ZIWcMnF.exe
  C:\Windows\System\ZIWcMnF.exe
  2⤵
  PID:6132
- C:\Windows\System\dmtAyFV.exe
  C:\Windows\System\dmtAyFV.exe
  2⤵
  PID:3924
- C:\Windows\System\LhKPAnf.exe
  C:\Windows\System\LhKPAnf.exe
  2⤵
  PID:4628
- C:\Windows\System\fpYaLui.exe
  C:\Windows\System\fpYaLui.exe
  2⤵
  PID:4480
- C:\Windows\System\OvVeVEW.exe
  C:\Windows\System\OvVeVEW.exe
  2⤵
  PID:3244
- C:\Windows\System\zGSNYHT.exe
  C:\Windows\System\zGSNYHT.exe
  2⤵
  PID:1512
- C:\Windows\System\mErTOCX.exe
  C:\Windows\System\mErTOCX.exe
  2⤵
  PID:5156
- C:\Windows\System\sQOJwIu.exe
  C:\Windows\System\sQOJwIu.exe
  2⤵
  PID:5240
- C:\Windows\System\UyRGjty.exe
  C:\Windows\System\UyRGjty.exe
  2⤵
  PID:5284
- C:\Windows\System\derjbNz.exe
  C:\Windows\System\derjbNz.exe
  2⤵
  PID:5364
- C:\Windows\System\HZIqyJj.exe
  C:\Windows\System\HZIqyJj.exe
  2⤵
  PID:5424
- C:\Windows\System\fVohQLx.exe
  C:\Windows\System\fVohQLx.exe
  2⤵
  PID:5500
- C:\Windows\System\PNMzNcj.exe
  C:\Windows\System\PNMzNcj.exe
  2⤵
  PID:5560
- C:\Windows\System\xjRLJsy.exe
  C:\Windows\System\xjRLJsy.exe
  2⤵
  PID:5620
- C:\Windows\System\LlATtGb.exe
  C:\Windows\System\LlATtGb.exe
  2⤵
  PID:5676
- C:\Windows\System\PXgHnoj.exe
  C:\Windows\System\PXgHnoj.exe
  2⤵
  PID:5732
- C:\Windows\System\wsYgIWV.exe
  C:\Windows\System\wsYgIWV.exe
  2⤵
  PID:5808
- C:\Windows\System\SyVQmLD.exe
  C:\Windows\System\SyVQmLD.exe
  2⤵
  PID:2924
- C:\Windows\System\CJlTXOm.exe
  C:\Windows\System\CJlTXOm.exe
  2⤵
  PID:5872
- C:\Windows\System\YhjlzJB.exe
  C:\Windows\System\YhjlzJB.exe
  2⤵
  PID:5948
- C:\Windows\System\WjroNIB.exe
  C:\Windows\System\WjroNIB.exe
  2⤵
  PID:2252
- C:\Windows\System\fOIantj.exe
  C:\Windows\System\fOIantj.exe
  2⤵
  PID:6040
- C:\Windows\System\tNhxMvi.exe
  C:\Windows\System\tNhxMvi.exe
  2⤵
  PID:4972
- C:\Windows\System\LIFfkaP.exe
  C:\Windows\System\LIFfkaP.exe
  2⤵
  PID:2744
- C:\Windows\System\dQdKSet.exe
  C:\Windows\System\dQdKSet.exe
  2⤵
  PID:372
- C:\Windows\System\CjXbtZy.exe
  C:\Windows\System\CjXbtZy.exe
  2⤵
  PID:3300
- C:\Windows\System\ktzpsCs.exe
  C:\Windows\System\ktzpsCs.exe
  2⤵
  PID:5152
- C:\Windows\System\LRmjESz.exe
  C:\Windows\System\LRmjESz.exe
  2⤵
  PID:5208
- C:\Windows\System\QvaubRQ.exe
  C:\Windows\System\QvaubRQ.exe
  2⤵
  PID:5476
- C:\Windows\System\LFaAHjQ.exe
  C:\Windows\System\LFaAHjQ.exe
  2⤵
  PID:2892
- C:\Windows\System\TYWNWsF.exe
  C:\Windows\System\TYWNWsF.exe
  2⤵
  PID:5644
- C:\Windows\System\RhemLZd.exe
  C:\Windows\System\RhemLZd.exe
  2⤵
  PID:5724
- C:\Windows\System\hozVLSQ.exe
  C:\Windows\System\hozVLSQ.exe
  2⤵
  PID:5836
- C:\Windows\System\vxRegPl.exe
  C:\Windows\System\vxRegPl.exe
  2⤵
  PID:2948
- C:\Windows\System\mtTlWGz.exe
  C:\Windows\System\mtTlWGz.exe
  2⤵
  PID:5980
- C:\Windows\System\JCFpOft.exe
  C:\Windows\System\JCFpOft.exe
  2⤵
  PID:6116
- C:\Windows\System\oKFeCYQ.exe
  C:\Windows\System\oKFeCYQ.exe
  2⤵
  PID:4100
- C:\Windows\System\gzthcxr.exe
  C:\Windows\System\gzthcxr.exe
  2⤵
  PID:2200
- C:\Windows\System\jlvDwpg.exe
  C:\Windows\System\jlvDwpg.exe
  2⤵
  PID:4768
- C:\Windows\System\lrxnZSJ.exe
  C:\Windows\System\lrxnZSJ.exe
  2⤵
  PID:3528
- C:\Windows\System\LPvPDlW.exe
  C:\Windows\System\LPvPDlW.exe
  2⤵
  PID:612
- C:\Windows\System\GxPxWpo.exe
  C:\Windows\System\GxPxWpo.exe
  2⤵
  PID:4996
- C:\Windows\System\jwZLQRe.exe
  C:\Windows\System\jwZLQRe.exe
  2⤵
  PID:1124
- C:\Windows\System\QtPmZEh.exe
  C:\Windows\System\QtPmZEh.exe
  2⤵
  PID:1516
- C:\Windows\System\MzVtapS.exe
  C:\Windows\System\MzVtapS.exe
  2⤵
  PID:2564
- C:\Windows\System\GmvQWcU.exe
  C:\Windows\System\GmvQWcU.exe
  2⤵
  PID:4028
- C:\Windows\System\XWpxdSl.exe
  C:\Windows\System\XWpxdSl.exe
  2⤵
  PID:5592
- C:\Windows\System\sRezLjr.exe
  C:\Windows\System\sRezLjr.exe
  2⤵
  PID:5704
- C:\Windows\System\IYtYYRk.exe
  C:\Windows\System\IYtYYRk.exe
  2⤵
  PID:5556
- C:\Windows\System\XbPGdTE.exe
  C:\Windows\System\XbPGdTE.exe
  2⤵
  PID:5784
- C:\Windows\System\pWsMJGE.exe
  C:\Windows\System\pWsMJGE.exe
  2⤵
  PID:5920
- C:\Windows\System\yxMbENM.exe
  C:\Windows\System\yxMbENM.exe
  2⤵
  PID:2968
- C:\Windows\System\ScDACiW.exe
  C:\Windows\System\ScDACiW.exe
  2⤵
  PID:3604
- C:\Windows\System\XijJTyR.exe
  C:\Windows\System\XijJTyR.exe
  2⤵
  PID:1552
- C:\Windows\System\dJpfmZm.exe
  C:\Windows\System\dJpfmZm.exe
  2⤵
  PID:5280
- C:\Windows\System\GZlJzeZ.exe
  C:\Windows\System\GZlJzeZ.exe
  2⤵
  PID:1580
- C:\Windows\System\oHkthYI.exe
  C:\Windows\System\oHkthYI.exe
  2⤵
  PID:6012
- C:\Windows\System\oXxnVil.exe
  C:\Windows\System\oXxnVil.exe
  2⤵
  PID:6224
- C:\Windows\System\rqaajEn.exe
  C:\Windows\System\rqaajEn.exe
  2⤵
  PID:6244
- C:\Windows\System\IFMESXf.exe
  C:\Windows\System\IFMESXf.exe
  2⤵
  PID:6264
- C:\Windows\System\OZpwGqB.exe
  C:\Windows\System\OZpwGqB.exe
  2⤵
  PID:6300
- C:\Windows\System\ZnScLjq.exe
  C:\Windows\System\ZnScLjq.exe
  2⤵
  PID:6324
- C:\Windows\System\QUYZIvW.exe
  C:\Windows\System\QUYZIvW.exe
  2⤵
  PID:6348
- C:\Windows\System\EZzjgWZ.exe
  C:\Windows\System\EZzjgWZ.exe
  2⤵
  PID:6368
- C:\Windows\System\DkxuibH.exe
  C:\Windows\System\DkxuibH.exe
  2⤵
  PID:6384
- C:\Windows\System\YOBEtfv.exe
  C:\Windows\System\YOBEtfv.exe
  2⤵
  PID:6404
- C:\Windows\System\cmfvMet.exe
  C:\Windows\System\cmfvMet.exe
  2⤵
  PID:6428
- C:\Windows\System\CLWIgND.exe
  C:\Windows\System\CLWIgND.exe
  2⤵
  PID:6448
- C:\Windows\System\HgxgbaY.exe
  C:\Windows\System\HgxgbaY.exe
  2⤵
  PID:6536
- C:\Windows\System\YLQLhaV.exe
  C:\Windows\System\YLQLhaV.exe
  2⤵
  PID:6572
- C:\Windows\System\RqBmBBN.exe
  C:\Windows\System\RqBmBBN.exe
  2⤵
  PID:6620
- C:\Windows\System\ViUtqYd.exe
  C:\Windows\System\ViUtqYd.exe
  2⤵
  PID:6648
- C:\Windows\System\LGfVUAP.exe
  C:\Windows\System\LGfVUAP.exe
  2⤵
  PID:6684
- C:\Windows\System\pjYksYa.exe
  C:\Windows\System\pjYksYa.exe
  2⤵
  PID:6708
- C:\Windows\System\pSxeTtM.exe
  C:\Windows\System\pSxeTtM.exe
  2⤵
  PID:6732
- C:\Windows\System\YsYubAc.exe
  C:\Windows\System\YsYubAc.exe
  2⤵
  PID:6752
- C:\Windows\System\CpHJozK.exe
  C:\Windows\System\CpHJozK.exe
  2⤵
  PID:6772
- C:\Windows\System\ScicLQI.exe
  C:\Windows\System\ScicLQI.exe
  2⤵
  PID:6824
- C:\Windows\System\YojOfbd.exe
  C:\Windows\System\YojOfbd.exe
  2⤵
  PID:6844
- C:\Windows\System\iaTeTur.exe
  C:\Windows\System\iaTeTur.exe
  2⤵
  PID:6888
- C:\Windows\System\ACRfeEE.exe
  C:\Windows\System\ACRfeEE.exe
  2⤵
  PID:6936
- C:\Windows\System\OsnaTrt.exe
  C:\Windows\System\OsnaTrt.exe
  2⤵
  PID:6952
- C:\Windows\System\VmEeziI.exe
  C:\Windows\System\VmEeziI.exe
  2⤵
  PID:6976
- C:\Windows\System\XmzFtsQ.exe
  C:\Windows\System\XmzFtsQ.exe
  2⤵
  PID:7004
- C:\Windows\System\AWtAMCL.exe
  C:\Windows\System\AWtAMCL.exe
  2⤵
  PID:7036
- C:\Windows\System\lLPMSAn.exe
  C:\Windows\System\lLPMSAn.exe
  2⤵
  PID:7064
- C:\Windows\System\wjobJrL.exe
  C:\Windows\System\wjobJrL.exe
  2⤵
  PID:7100
- C:\Windows\System\eFdYuOD.exe
  C:\Windows\System\eFdYuOD.exe
  2⤵
  PID:7120
- C:\Windows\System\PqvfxAT.exe
  C:\Windows\System\PqvfxAT.exe
  2⤵
  PID:7164
- C:\Windows\System\UrqDSTJ.exe
  C:\Windows\System\UrqDSTJ.exe
  2⤵
  PID:3180
- C:\Windows\System\uxNvkUs.exe
  C:\Windows\System\uxNvkUs.exe
  2⤵
  PID:4292
- C:\Windows\System\pmEhHiH.exe
  C:\Windows\System\pmEhHiH.exe
  2⤵
  PID:5668
- C:\Windows\System\qMkzHdV.exe
  C:\Windows\System\qMkzHdV.exe
  2⤵
  PID:6308
- C:\Windows\System\NDgZwVu.exe
  C:\Windows\System\NDgZwVu.exe
  2⤵
  PID:836
- C:\Windows\System\njdVisw.exe
  C:\Windows\System\njdVisw.exe
  2⤵
  PID:6420
- C:\Windows\System\XizkCNY.exe
  C:\Windows\System\XizkCNY.exe
  2⤵
  PID:6400
- C:\Windows\System\BSozoJl.exe
  C:\Windows\System\BSozoJl.exe
  2⤵
  PID:6472
- C:\Windows\System\tAlMLJE.exe
  C:\Windows\System\tAlMLJE.exe
  2⤵
  PID:6524
- C:\Windows\System\pfNdvkj.exe
  C:\Windows\System\pfNdvkj.exe
  2⤵
  PID:6508
- C:\Windows\System\wkbGssA.exe
  C:\Windows\System\wkbGssA.exe
  2⤵
  PID:6680
- C:\Windows\System\mvnUzUY.exe
  C:\Windows\System\mvnUzUY.exe
  2⤵
  PID:6728
- C:\Windows\System\IliUEbM.exe
  C:\Windows\System\IliUEbM.exe
  2⤵
  PID:6764
- C:\Windows\System\odQmtTN.exe
  C:\Windows\System\odQmtTN.exe
  2⤵
  PID:6816
- C:\Windows\System\vxpKFwu.exe
  C:\Windows\System\vxpKFwu.exe
  2⤵
  PID:6868
- C:\Windows\System\qySsCtc.exe
  C:\Windows\System\qySsCtc.exe
  2⤵
  PID:6928
- C:\Windows\System\smyZxlW.exe
  C:\Windows\System\smyZxlW.exe
  2⤵
  PID:7028
- C:\Windows\System\ocGglhT.exe
  C:\Windows\System\ocGglhT.exe
  2⤵
  PID:7092
- C:\Windows\System\eflQDkd.exe
  C:\Windows\System\eflQDkd.exe
  2⤵
  PID:7144
- C:\Windows\System\yvDgxEy.exe
  C:\Windows\System\yvDgxEy.exe
  2⤵
  PID:684
- C:\Windows\System\njEDxdc.exe
  C:\Windows\System\njEDxdc.exe
  2⤵
  PID:6336
- C:\Windows\System\wtlKowg.exe
  C:\Windows\System\wtlKowg.exe
  2⤵
  PID:6376
- C:\Windows\System\ZepAPob.exe
  C:\Windows\System\ZepAPob.exe
  2⤵
  PID:6492
- C:\Windows\System\CUlYOKC.exe
  C:\Windows\System\CUlYOKC.exe
  2⤵
  PID:6836
- C:\Windows\System\KYgJCDr.exe
  C:\Windows\System\KYgJCDr.exe
  2⤵
  PID:6788
- C:\Windows\System\uXESrAw.exe
  C:\Windows\System\uXESrAw.exe
  2⤵
  PID:6864
- C:\Windows\System\hNVJjhR.exe
  C:\Windows\System\hNVJjhR.exe
  2⤵
  PID:7108
- C:\Windows\System\ppKobWG.exe
  C:\Windows\System\ppKobWG.exe
  2⤵
  PID:6216
- C:\Windows\System\TAYfFoU.exe
  C:\Windows\System\TAYfFoU.exe
  2⤵
  PID:6544
- C:\Windows\System\GouepUm.exe
  C:\Windows\System\GouepUm.exe
  2⤵
  PID:6900
- C:\Windows\System\iHKqDUL.exe
  C:\Windows\System\iHKqDUL.exe
  2⤵
  PID:7056
- C:\Windows\System\XJLogrJ.exe
  C:\Windows\System\XJLogrJ.exe
  2⤵
  PID:6660
- C:\Windows\System\PYmyISf.exe
  C:\Windows\System\PYmyISf.exe
  2⤵
  PID:6608
- C:\Windows\System\ERodrzI.exe
  C:\Windows\System\ERodrzI.exe
  2⤵
  PID:7184
- C:\Windows\System\YZJPUmH.exe
  C:\Windows\System\YZJPUmH.exe
  2⤵
  PID:7224
- C:\Windows\System\LcuTSyj.exe
  C:\Windows\System\LcuTSyj.exe
  2⤵
  PID:7248
- C:\Windows\System\cZwDeme.exe
  C:\Windows\System\cZwDeme.exe
  2⤵
  PID:7276
- C:\Windows\System\gOLnsQv.exe
  C:\Windows\System\gOLnsQv.exe
  2⤵
  PID:7304
- C:\Windows\System\WtaRbmo.exe
  C:\Windows\System\WtaRbmo.exe
  2⤵
  PID:7324
- C:\Windows\System\NRdROIz.exe
  C:\Windows\System\NRdROIz.exe
  2⤵
  PID:7344
- C:\Windows\System\GzdjLkr.exe
  C:\Windows\System\GzdjLkr.exe
  2⤵
  PID:7392
- C:\Windows\System\AZnyYyw.exe
  C:\Windows\System\AZnyYyw.exe
  2⤵
  PID:7416
- C:\Windows\System\WRUjbSw.exe
  C:\Windows\System\WRUjbSw.exe
  2⤵
  PID:7444
- C:\Windows\System\ihlNmYL.exe
  C:\Windows\System\ihlNmYL.exe
  2⤵
  PID:7472
- C:\Windows\System\OjwOAHB.exe
  C:\Windows\System\OjwOAHB.exe
  2⤵
  PID:7492
- C:\Windows\System\gUwyhLS.exe
  C:\Windows\System\gUwyhLS.exe
  2⤵
  PID:7512
- C:\Windows\System\Altegkt.exe
  C:\Windows\System\Altegkt.exe
  2⤵
  PID:7540
- C:\Windows\System\rErgUcf.exe
  C:\Windows\System\rErgUcf.exe
  2⤵
  PID:7584
- C:\Windows\System\LttrZuC.exe
  C:\Windows\System\LttrZuC.exe
  2⤵
  PID:7604
- C:\Windows\System\ZpBVodC.exe
  C:\Windows\System\ZpBVodC.exe
  2⤵
  PID:7644
- C:\Windows\System\UgpNcrb.exe
  C:\Windows\System\UgpNcrb.exe
  2⤵
  PID:7668
- C:\Windows\System\IrFuaKr.exe
  C:\Windows\System\IrFuaKr.exe
  2⤵
  PID:7688
- C:\Windows\System\EVLBiCu.exe
  C:\Windows\System\EVLBiCu.exe
  2⤵
  PID:7728
- C:\Windows\System\lDTVXdK.exe
  C:\Windows\System\lDTVXdK.exe
  2⤵
  PID:7756
- C:\Windows\System\uaJtjfP.exe
  C:\Windows\System\uaJtjfP.exe
  2⤵
  PID:7784
- C:\Windows\System\ogozrjV.exe
  C:\Windows\System\ogozrjV.exe
  2⤵
  PID:7808
- C:\Windows\System\kAbrprw.exe
  C:\Windows\System\kAbrprw.exe
  2⤵
  PID:7836
- C:\Windows\System\nQRUTRX.exe
  C:\Windows\System\nQRUTRX.exe
  2⤵
  PID:7860
- C:\Windows\System\yrlHNUO.exe
  C:\Windows\System\yrlHNUO.exe
  2⤵
  PID:7884
- C:\Windows\System\lDuUTwe.exe
  C:\Windows\System\lDuUTwe.exe
  2⤵
  PID:7908
- C:\Windows\System\SraeEmi.exe
  C:\Windows\System\SraeEmi.exe
  2⤵
  PID:7928
- C:\Windows\System\zpLOcUX.exe
  C:\Windows\System\zpLOcUX.exe
  2⤵
  PID:7964
- C:\Windows\System\aEQFDlr.exe
  C:\Windows\System\aEQFDlr.exe
  2⤵
  PID:8004
- C:\Windows\System\CcekqXV.exe
  C:\Windows\System\CcekqXV.exe
  2⤵
  PID:8036
- C:\Windows\System\MFRlrOG.exe
  C:\Windows\System\MFRlrOG.exe
  2⤵
  PID:8064
- C:\Windows\System\iWWHEXB.exe
  C:\Windows\System\iWWHEXB.exe
  2⤵
  PID:8092
- C:\Windows\System\UYDJMfW.exe
  C:\Windows\System\UYDJMfW.exe
  2⤵
  PID:8120
- C:\Windows\System\SGAvfpr.exe
  C:\Windows\System\SGAvfpr.exe
  2⤵
  PID:8148
- C:\Windows\System\clmKklD.exe
  C:\Windows\System\clmKklD.exe
  2⤵
  PID:8176
- C:\Windows\System\zAUKXen.exe
  C:\Windows\System\zAUKXen.exe
  2⤵
  PID:7180
- C:\Windows\System\sFSIRZH.exe
  C:\Windows\System\sFSIRZH.exe
  2⤵
  PID:7216
- C:\Windows\System\hsregxS.exe
  C:\Windows\System\hsregxS.exe
  2⤵
  PID:7264
- C:\Windows\System\KAUYOGR.exe
  C:\Windows\System\KAUYOGR.exe
  2⤵
  PID:7320
- C:\Windows\System\KTjndph.exe
  C:\Windows\System\KTjndph.exe
  2⤵
  PID:7356
- C:\Windows\System\YWBfwtO.exe
  C:\Windows\System\YWBfwtO.exe
  2⤵
  PID:7404
- C:\Windows\System\CSvnobt.exe
  C:\Windows\System\CSvnobt.exe
  2⤵
  PID:7520
- C:\Windows\System\UPkjCHA.exe
  C:\Windows\System\UPkjCHA.exe
  2⤵
  PID:7572
- C:\Windows\System\RUWnFji.exe
  C:\Windows\System\RUWnFji.exe
  2⤵
  PID:7600
- C:\Windows\System\QmcrZJp.exe
  C:\Windows\System\QmcrZJp.exe
  2⤵
  PID:7720
- C:\Windows\System\atTNqeu.exe
  C:\Windows\System\atTNqeu.exe
  2⤵
  PID:7780
- C:\Windows\System\PyEQkyN.exe
  C:\Windows\System\PyEQkyN.exe
  2⤵
  PID:7828
- C:\Windows\System\zqxUWci.exe
  C:\Windows\System\zqxUWci.exe
  2⤵
  PID:7876
- C:\Windows\System\lUFfbBz.exe
  C:\Windows\System\lUFfbBz.exe
  2⤵
  PID:7916
- C:\Windows\System\zIRSIPo.exe
  C:\Windows\System\zIRSIPo.exe
  2⤵
  PID:7956
- C:\Windows\System\FvCGKkf.exe
  C:\Windows\System\FvCGKkf.exe
  2⤵
  PID:8044
- C:\Windows\System\JwBHFrq.exe
  C:\Windows\System\JwBHFrq.exe
  2⤵
  PID:8100
- C:\Windows\System\gBPMwVU.exe
  C:\Windows\System\gBPMwVU.exe
  2⤵
  PID:8156
- C:\Windows\System\gEaYOQf.exe
  C:\Windows\System\gEaYOQf.exe
  2⤵
  PID:7388
- C:\Windows\System\PnQfwPW.exe
  C:\Windows\System\PnQfwPW.exe
  2⤵
  PID:7452
- C:\Windows\System\gjrvZJi.exe
  C:\Windows\System\gjrvZJi.exe
  2⤵
  PID:7680
- C:\Windows\System\sSnhkKl.exe
  C:\Windows\System\sSnhkKl.exe
  2⤵
  PID:7624
- C:\Windows\System\vnVTkKo.exe
  C:\Windows\System\vnVTkKo.exe
  2⤵
  PID:7924
- C:\Windows\System\vGOhuBD.exe
  C:\Windows\System\vGOhuBD.exe
  2⤵
  PID:7204
- C:\Windows\System\PAYtokm.exe
  C:\Windows\System\PAYtokm.exe
  2⤵
  PID:7244
- C:\Windows\System\QjPSnOu.exe
  C:\Windows\System\QjPSnOu.exe
  2⤵
  PID:8204
- C:\Windows\System\CTqPaYA.exe
  C:\Windows\System\CTqPaYA.exe
  2⤵
  PID:8228
- C:\Windows\System\Yzuokim.exe
  C:\Windows\System\Yzuokim.exe
  2⤵
  PID:8248
- C:\Windows\System\UxISvdW.exe
  C:\Windows\System\UxISvdW.exe
  2⤵
  PID:8268
- C:\Windows\System\poXbAey.exe
  C:\Windows\System\poXbAey.exe
  2⤵
  PID:8320
- C:\Windows\System\mCuZhNt.exe
  C:\Windows\System\mCuZhNt.exe
  2⤵
  PID:8340
- C:\Windows\System\mGXzWmd.exe
  C:\Windows\System\mGXzWmd.exe
  2⤵
  PID:8388
- C:\Windows\System\ssHTXDr.exe
  C:\Windows\System\ssHTXDr.exe
  2⤵
  PID:8416
- C:\Windows\System\miFbmJR.exe
  C:\Windows\System\miFbmJR.exe
  2⤵
  PID:8444
- C:\Windows\System\XACYVHH.exe
  C:\Windows\System\XACYVHH.exe
  2⤵
  PID:8468
- C:\Windows\System\ZyUBalA.exe
  C:\Windows\System\ZyUBalA.exe
  2⤵
  PID:8496
- C:\Windows\System\aeOwsZz.exe
  C:\Windows\System\aeOwsZz.exe
  2⤵
  PID:8524
- C:\Windows\System\aqzTUFf.exe
  C:\Windows\System\aqzTUFf.exe
  2⤵
  PID:8544
- C:\Windows\System\PNTUhaD.exe
  C:\Windows\System\PNTUhaD.exe
  2⤵
  PID:8572
- C:\Windows\System\geQCtqN.exe
  C:\Windows\System\geQCtqN.exe
  2⤵
  PID:8596
- C:\Windows\System\jtdnEpC.exe
  C:\Windows\System\jtdnEpC.exe
  2⤵
  PID:8640
- C:\Windows\System\yKprmYn.exe
  C:\Windows\System\yKprmYn.exe
  2⤵
  PID:8664
- C:\Windows\System\HrEjFSe.exe
  C:\Windows\System\HrEjFSe.exe
  2⤵
  PID:8704
- C:\Windows\System\QFVxuEf.exe
  C:\Windows\System\QFVxuEf.exe
  2⤵
  PID:8776
- C:\Windows\System\TmsKBAC.exe
  C:\Windows\System\TmsKBAC.exe
  2⤵
  PID:8792
- C:\Windows\System\RvILXHh.exe
  C:\Windows\System\RvILXHh.exe
  2⤵
  PID:8808
- C:\Windows\System\bvSZBUd.exe
  C:\Windows\System\bvSZBUd.exe
  2⤵
  PID:8824
- C:\Windows\System\aJizIej.exe
  C:\Windows\System\aJizIej.exe
  2⤵
  PID:8840
- C:\Windows\System\qRMkFSl.exe
  C:\Windows\System\qRMkFSl.exe
  2⤵
  PID:8856
- C:\Windows\System\AgrikPh.exe
  C:\Windows\System\AgrikPh.exe
  2⤵
  PID:8872
- C:\Windows\System\YmDHuVG.exe
  C:\Windows\System\YmDHuVG.exe
  2⤵
  PID:8888
- C:\Windows\System\IBiuDjp.exe
  C:\Windows\System\IBiuDjp.exe
  2⤵
  PID:8920
- C:\Windows\System\SEWkGcr.exe
  C:\Windows\System\SEWkGcr.exe
  2⤵
  PID:8968
- C:\Windows\System\RXTckyc.exe
  C:\Windows\System\RXTckyc.exe
  2⤵
  PID:8996
- C:\Windows\System\DiCVWVb.exe
  C:\Windows\System\DiCVWVb.exe
  2⤵
  PID:9088
- C:\Windows\System\EabsbJA.exe
  C:\Windows\System\EabsbJA.exe
  2⤵
  PID:9108
- C:\Windows\System\eGcKFce.exe
  C:\Windows\System\eGcKFce.exe
  2⤵
  PID:9124
- C:\Windows\System\hxmkGRV.exe
  C:\Windows\System\hxmkGRV.exe
  2⤵
  PID:9152
- C:\Windows\System\NGvKhAO.exe
  C:\Windows\System\NGvKhAO.exe
  2⤵
  PID:9176
- C:\Windows\System\KsaiBcf.exe
  C:\Windows\System\KsaiBcf.exe
  2⤵
  PID:9200
- C:\Windows\System\VdqGoxs.exe
  C:\Windows\System\VdqGoxs.exe
  2⤵
  PID:7596
- C:\Windows\System\fJElAKB.exe
  C:\Windows\System\fJElAKB.exe
  2⤵
  PID:7016
- C:\Windows\System\kDkKGQq.exe
  C:\Windows\System\kDkKGQq.exe
  2⤵
  PID:7904
- C:\Windows\System\HeSMxyo.exe
  C:\Windows\System\HeSMxyo.exe
  2⤵
  PID:7996
- C:\Windows\System\vyIoLKI.exe
  C:\Windows\System\vyIoLKI.exe
  2⤵
  PID:8352
- C:\Windows\System\XdcDBkg.exe
  C:\Windows\System\XdcDBkg.exe
  2⤵
  PID:8484
- C:\Windows\System\iCLGRWB.exe
  C:\Windows\System\iCLGRWB.exe
  2⤵
  PID:8628
- C:\Windows\System\syCjtCO.exe
  C:\Windows\System\syCjtCO.exe
  2⤵
  PID:8900
- C:\Windows\System\hALITFH.exe
  C:\Windows\System\hALITFH.exe
  2⤵
  PID:8716
- C:\Windows\System\UDRVmlT.exe
  C:\Windows\System\UDRVmlT.exe
  2⤵
  PID:8816
- C:\Windows\System\wiPyBPk.exe
  C:\Windows\System\wiPyBPk.exe
  2⤵
  PID:8904
- C:\Windows\System\kgIvGAX.exe
  C:\Windows\System\kgIvGAX.exe
  2⤵
  PID:9028
- C:\Windows\System\urFAOVu.exe
  C:\Windows\System\urFAOVu.exe
  2⤵
  PID:8800
- C:\Windows\System\SnGntvB.exe
  C:\Windows\System\SnGntvB.exe
  2⤵
  PID:8852
- C:\Windows\System\KLUPxgO.exe
  C:\Windows\System\KLUPxgO.exe
  2⤵
  PID:9120
- C:\Windows\System\dSKpTqZ.exe
  C:\Windows\System\dSKpTqZ.exe
  2⤵
  PID:9116
- C:\Windows\System\QBkunjG.exe
  C:\Windows\System\QBkunjG.exe
  2⤵
  PID:9172
- C:\Windows\System\UBGuFlM.exe
  C:\Windows\System\UBGuFlM.exe
  2⤵
  PID:7764
- C:\Windows\System\dyRjWxe.exe
  C:\Windows\System\dyRjWxe.exe
  2⤵
  PID:7824
- C:\Windows\System\vzByFAZ.exe
  C:\Windows\System\vzByFAZ.exe
  2⤵
  PID:8264
- C:\Windows\System\zarcwkX.exe
  C:\Windows\System\zarcwkX.exe
  2⤵
  PID:8656
- C:\Windows\System\aqgusCi.exe
  C:\Windows\System\aqgusCi.exe
  2⤵
  PID:8976
- C:\Windows\System\DXHRYYH.exe
  C:\Windows\System\DXHRYYH.exe
  2⤵
  PID:8720
- C:\Windows\System\OLzoSbf.exe
  C:\Windows\System\OLzoSbf.exe
  2⤵
  PID:8848
- C:\Windows\System\FTKnrJd.exe
  C:\Windows\System\FTKnrJd.exe
  2⤵
  PID:9080
- C:\Windows\System\DmiBYJA.exe
  C:\Windows\System\DmiBYJA.exe
  2⤵
  PID:9196
- C:\Windows\System\qWbgBVz.exe
  C:\Windows\System\qWbgBVz.exe
  2⤵
  PID:5132
- C:\Windows\System\DvicUmV.exe
  C:\Windows\System\DvicUmV.exe
  2⤵
  PID:8488
- C:\Windows\System\onoNEqs.exe
  C:\Windows\System\onoNEqs.exe
  2⤵
  PID:8748
- C:\Windows\System\gMTIHTj.exe
  C:\Windows\System\gMTIHTj.exe
  2⤵
  PID:9160
- C:\Windows\System\tQTjLKy.exe
  C:\Windows\System\tQTjLKy.exe
  2⤵
  PID:8568
- C:\Windows\System\LDdITeS.exe
  C:\Windows\System\LDdITeS.exe
  2⤵
  PID:9096
- C:\Windows\System\qyjysGR.exe
  C:\Windows\System\qyjysGR.exe
  2⤵
  PID:448
- C:\Windows\System\qfWzbIw.exe
  C:\Windows\System\qfWzbIw.exe
  2⤵
  PID:9224
- C:\Windows\System\PVOBVQl.exe
  C:\Windows\System\PVOBVQl.exe
  2⤵
  PID:9264
- C:\Windows\System\hrQLBoT.exe
  C:\Windows\System\hrQLBoT.exe
  2⤵
  PID:9288
- C:\Windows\System\MJEPzPi.exe
  C:\Windows\System\MJEPzPi.exe
  2⤵
  PID:9308
- C:\Windows\System\YJbDRhq.exe
  C:\Windows\System\YJbDRhq.exe
  2⤵
  PID:9332
- C:\Windows\System\BEYISLj.exe
  C:\Windows\System\BEYISLj.exe
  2⤵
  PID:9388
- C:\Windows\System\XHtFdVe.exe
  C:\Windows\System\XHtFdVe.exe
  2⤵
  PID:9416
- C:\Windows\System\CkwYUvx.exe
  C:\Windows\System\CkwYUvx.exe
  2⤵
  PID:9448
- C:\Windows\System\nHYTLVe.exe
  C:\Windows\System\nHYTLVe.exe
  2⤵
  PID:9464
- C:\Windows\System\KShmMbE.exe
  C:\Windows\System\KShmMbE.exe
  2⤵
  PID:9500
- C:\Windows\System\exaisKr.exe
  C:\Windows\System\exaisKr.exe
  2⤵
  PID:9524
- C:\Windows\System\mePocGJ.exe
  C:\Windows\System\mePocGJ.exe
  2⤵
  PID:9552
- C:\Windows\System\BBFqwbp.exe
  C:\Windows\System\BBFqwbp.exe
  2⤵
  PID:9580
- C:\Windows\System\vBCERFc.exe
  C:\Windows\System\vBCERFc.exe
  2⤵
  PID:9604
- C:\Windows\System\eqfyXWi.exe
  C:\Windows\System\eqfyXWi.exe
  2⤵
  PID:9624
- C:\Windows\System\PUKZKOm.exe
  C:\Windows\System\PUKZKOm.exe
  2⤵
  PID:9644
- C:\Windows\System\CuPvgeK.exe
  C:\Windows\System\CuPvgeK.exe
  2⤵
  PID:9672
- C:\Windows\System\dxWzwSE.exe
  C:\Windows\System\dxWzwSE.exe
  2⤵
  PID:9692
- C:\Windows\System\fJptwTG.exe
  C:\Windows\System\fJptwTG.exe
  2⤵
  PID:9728
- C:\Windows\System\wsWgdzA.exe
  C:\Windows\System\wsWgdzA.exe
  2⤵
  PID:9760
- C:\Windows\System\ZsvWYwo.exe
  C:\Windows\System\ZsvWYwo.exe
  2⤵
  PID:9784
- C:\Windows\System\YjHsgja.exe
  C:\Windows\System\YjHsgja.exe
  2⤵
  PID:9804
- C:\Windows\System\uIlspSG.exe
  C:\Windows\System\uIlspSG.exe
  2⤵
  PID:9860
- C:\Windows\System\cRCDTmR.exe
  C:\Windows\System\cRCDTmR.exe
  2⤵
  PID:9912
- C:\Windows\System\UPfqFuc.exe
  C:\Windows\System\UPfqFuc.exe
  2⤵
  PID:9928
- C:\Windows\System\cHCOlyE.exe
  C:\Windows\System\cHCOlyE.exe
  2⤵
  PID:9948
- C:\Windows\System\uNlchui.exe
  C:\Windows\System\uNlchui.exe
  2⤵
  PID:9976
- C:\Windows\System\WzSSUEM.exe
  C:\Windows\System\WzSSUEM.exe
  2⤵
  PID:10004
- C:\Windows\System\rPcyooU.exe
  C:\Windows\System\rPcyooU.exe
  2⤵
  PID:10032
- C:\Windows\System\UXokXHC.exe
  C:\Windows\System\UXokXHC.exe
  2⤵
  PID:10060
- C:\Windows\System\aRzhaVG.exe
  C:\Windows\System\aRzhaVG.exe
  2⤵
  PID:10092
- C:\Windows\System\SNZvZuU.exe
  C:\Windows\System\SNZvZuU.exe
  2⤵
  PID:10132
- C:\Windows\System\SlyxRfP.exe
  C:\Windows\System\SlyxRfP.exe
  2⤵
  PID:10184
- C:\Windows\System\BYHkCrm.exe
  C:\Windows\System\BYHkCrm.exe
  2⤵
  PID:10204
- C:\Windows\System\yfHTlwH.exe
  C:\Windows\System\yfHTlwH.exe
  2⤵
  PID:7900
- C:\Windows\System\AfRWZLZ.exe
  C:\Windows\System\AfRWZLZ.exe
  2⤵
  PID:9252
- C:\Windows\System\MTxEgjP.exe
  C:\Windows\System\MTxEgjP.exe
  2⤵
  PID:9284
- C:\Windows\System\KffCxuM.exe
  C:\Windows\System\KffCxuM.exe
  2⤵
  PID:9316
- C:\Windows\System\NlYgoXV.exe
  C:\Windows\System\NlYgoXV.exe
  2⤵
  PID:9408
- C:\Windows\System\enHzBiP.exe
  C:\Windows\System\enHzBiP.exe
  2⤵
  PID:9516
- C:\Windows\System\RMKMiiE.exe
  C:\Windows\System\RMKMiiE.exe
  2⤵
  PID:9560
- C:\Windows\System\cUPjqWD.exe
  C:\Windows\System\cUPjqWD.exe
  2⤵
  PID:9620
- C:\Windows\System\YFknIPd.exe
  C:\Windows\System\YFknIPd.exe
  2⤵
  PID:9680
- C:\Windows\System\bmWxKIM.exe
  C:\Windows\System\bmWxKIM.exe
  2⤵
  PID:9708
- C:\Windows\System\XffBxTy.exe
  C:\Windows\System\XffBxTy.exe
  2⤵
  PID:9832
- C:\Windows\System\yljxOwq.exe
  C:\Windows\System\yljxOwq.exe
  2⤵
  PID:9884
- C:\Windows\System\FtGFKVi.exe
  C:\Windows\System\FtGFKVi.exe
  2⤵
  PID:9956
- C:\Windows\System\HKKzdGz.exe
  C:\Windows\System\HKKzdGz.exe
  2⤵
  PID:9972
- C:\Windows\System\XdkulSt.exe
  C:\Windows\System\XdkulSt.exe
  2⤵
  PID:10028
- C:\Windows\System\yGdaNmG.exe
  C:\Windows\System\yGdaNmG.exe
  2⤵
  PID:10116
- C:\Windows\System\MjqnCKz.exe
  C:\Windows\System\MjqnCKz.exe
  2⤵
  PID:10192
- C:\Windows\System\kQlvtDE.exe
  C:\Windows\System\kQlvtDE.exe
  2⤵
  PID:9244
- C:\Windows\System\OJQjIKG.exe
  C:\Windows\System\OJQjIKG.exe
  2⤵
  PID:3964
- C:\Windows\System\hKDelyq.exe
  C:\Windows\System\hKDelyq.exe
  2⤵
  PID:9572
- C:\Windows\System\flFjkWZ.exe
  C:\Windows\System\flFjkWZ.exe
  2⤵
  PID:9716
- C:\Windows\System\vejFZus.exe
  C:\Windows\System\vejFZus.exe
  2⤵
  PID:9944
- C:\Windows\System\yWypGxe.exe
  C:\Windows\System\yWypGxe.exe
  2⤵
  PID:10024
- C:\Windows\System\YTssCwn.exe
  C:\Windows\System\YTssCwn.exe
  2⤵
  PID:9304
- C:\Windows\System\jEirxqC.exe
  C:\Windows\System\jEirxqC.exe
  2⤵
  PID:9752
- C:\Windows\System\utcCCKS.exe
  C:\Windows\System\utcCCKS.exe
  2⤵
  PID:9968
- C:\Windows\System\mLpNbvw.exe
  C:\Windows\System\mLpNbvw.exe
  2⤵
  PID:9520
- C:\Windows\System\EFBMRBw.exe
  C:\Windows\System\EFBMRBw.exe
  2⤵
  PID:9432
- C:\Windows\System\kwTOiNH.exe
  C:\Windows\System\kwTOiNH.exe
  2⤵
  PID:10260
- C:\Windows\System\FWCxUsF.exe
  C:\Windows\System\FWCxUsF.exe
  2⤵
  PID:10304
- C:\Windows\System\TJmIsnp.exe
  C:\Windows\System\TJmIsnp.exe
  2⤵
  PID:10332
- C:\Windows\System\GhQMVXu.exe
  C:\Windows\System\GhQMVXu.exe
  2⤵
  PID:10352
- C:\Windows\System\sshMZrc.exe
  C:\Windows\System\sshMZrc.exe
  2⤵
  PID:10372
- C:\Windows\System\RSOraZN.exe
  C:\Windows\System\RSOraZN.exe
  2⤵
  PID:10404
- C:\Windows\System\sWwmpwp.exe
  C:\Windows\System\sWwmpwp.exe
  2⤵
  PID:10424
- C:\Windows\System\wjQgUpl.exe
  C:\Windows\System\wjQgUpl.exe
  2⤵
  PID:10456
- C:\Windows\System\LNeAZOK.exe
  C:\Windows\System\LNeAZOK.exe
  2⤵
  PID:10476
- C:\Windows\System\JTFfABv.exe
  C:\Windows\System\JTFfABv.exe
  2⤵
  PID:10496
- C:\Windows\System\ngFvYHo.exe
  C:\Windows\System\ngFvYHo.exe
  2⤵
  PID:10532
- C:\Windows\System\jMdyssa.exe
  C:\Windows\System\jMdyssa.exe
  2⤵
  PID:10552
- C:\Windows\System\tklXRoV.exe
  C:\Windows\System\tklXRoV.exe
  2⤵
  PID:10568
- C:\Windows\System\RfCWvwk.exe
  C:\Windows\System\RfCWvwk.exe
  2⤵
  PID:10616
- C:\Windows\System\bZjEXVp.exe
  C:\Windows\System\bZjEXVp.exe
  2⤵
  PID:10640
- C:\Windows\System\ELSYzyt.exe
  C:\Windows\System\ELSYzyt.exe
  2⤵
  PID:10664
- C:\Windows\System\XxyeEjh.exe
  C:\Windows\System\XxyeEjh.exe
  2⤵
  PID:10688
- C:\Windows\System\JsHwgJI.exe
  C:\Windows\System\JsHwgJI.exe
  2⤵
  PID:10712
- C:\Windows\System\rczfjJq.exe
  C:\Windows\System\rczfjJq.exe
  2⤵
  PID:10736
- C:\Windows\System\BMeTHvU.exe
  C:\Windows\System\BMeTHvU.exe
  2⤵
  PID:10760
- C:\Windows\System\tBusrat.exe
  C:\Windows\System\tBusrat.exe
  2⤵
  PID:10780
- C:\Windows\System\ZtlpPXW.exe
  C:\Windows\System\ZtlpPXW.exe
  2⤵
  PID:10804
- C:\Windows\System\AVvotDg.exe
  C:\Windows\System\AVvotDg.exe
  2⤵
  PID:10828
- C:\Windows\System\tERObgp.exe
  C:\Windows\System\tERObgp.exe
  2⤵
  PID:10876
- C:\Windows\System\CtLAztN.exe
  C:\Windows\System\CtLAztN.exe
  2⤵
  PID:10900
- C:\Windows\System\TEBEbcD.exe
  C:\Windows\System\TEBEbcD.exe
  2⤵
  PID:10944
- C:\Windows\System\XqwZrfY.exe
  C:\Windows\System\XqwZrfY.exe
  2⤵
  PID:11000
- C:\Windows\System\bRANkHi.exe
  C:\Windows\System\bRANkHi.exe
  2⤵
  PID:11016
- C:\Windows\System\pQlwZIG.exe
  C:\Windows\System\pQlwZIG.exe
  2⤵
  PID:11044
- C:\Windows\System\xfFgNjV.exe
  C:\Windows\System\xfFgNjV.exe
  2⤵
  PID:11060
- C:\Windows\System\iWoKWWb.exe
  C:\Windows\System\iWoKWWb.exe
  2⤵
  PID:11096
- C:\Windows\System\gnSbmUB.exe
  C:\Windows\System\gnSbmUB.exe
  2⤵
  PID:11120
- C:\Windows\System\NgTzDqW.exe
  C:\Windows\System\NgTzDqW.exe
  2⤵
  PID:11140
- C:\Windows\System\ofjHdfJ.exe
  C:\Windows\System\ofjHdfJ.exe
  2⤵
  PID:11164
- C:\Windows\System\xewPVVU.exe
  C:\Windows\System\xewPVVU.exe
  2⤵
  PID:11192
- C:\Windows\System\vwdkOxs.exe
  C:\Windows\System\vwdkOxs.exe
  2⤵
  PID:11208
- C:\Windows\System\VPJKrIu.exe
  C:\Windows\System\VPJKrIu.exe
  2⤵
  PID:11252
- C:\Windows\System\knEBEqV.exe
  C:\Windows\System\knEBEqV.exe
  2⤵
  PID:10084
- C:\Windows\System\IDywoei.exe
  C:\Windows\System\IDywoei.exe
  2⤵
  PID:10396
- C:\Windows\System\XEhbnah.exe
  C:\Windows\System\XEhbnah.exe
  2⤵
  PID:10452
- C:\Windows\System\IGUcbmR.exe
  C:\Windows\System\IGUcbmR.exe
  2⤵
  PID:10504
- C:\Windows\System\KgaiHiY.exe
  C:\Windows\System\KgaiHiY.exe
  2⤵
  PID:10564
- C:\Windows\System\dkgzhpD.exe
  C:\Windows\System\dkgzhpD.exe
  2⤵
  PID:10680
- C:\Windows\System\zXVnsgA.exe
  C:\Windows\System\zXVnsgA.exe
  2⤵
  PID:10752
- C:\Windows\System\kuxAgwX.exe
  C:\Windows\System\kuxAgwX.exe
  2⤵
  PID:10844
- C:\Windows\System\McHvoRu.exe
  C:\Windows\System\McHvoRu.exe
  2⤵
  PID:10796
- C:\Windows\System\CYfihsQ.exe
  C:\Windows\System\CYfihsQ.exe
  2⤵
  PID:10892
- C:\Windows\System\PTTFRmR.exe
  C:\Windows\System\PTTFRmR.exe
  2⤵
  PID:10956
- C:\Windows\System\exKQGoY.exe
  C:\Windows\System\exKQGoY.exe
  2⤵
  PID:11012
- C:\Windows\System\NJvvuIV.exe
  C:\Windows\System\NJvvuIV.exe
  2⤵
  PID:11028
- C:\Windows\System\GWTaXYI.exe
  C:\Windows\System\GWTaXYI.exe
  2⤵
  PID:11080
- C:\Windows\System\RIIUoYC.exe
  C:\Windows\System\RIIUoYC.exe
  2⤵
  PID:11176
- C:\Windows\System\qCLguCD.exe
  C:\Windows\System\qCLguCD.exe
  2⤵
  PID:11228
- C:\Windows\System\KOVqETg.exe
  C:\Windows\System\KOVqETg.exe
  2⤵
  PID:10252
- C:\Windows\System\rJoHZFy.exe
  C:\Windows\System\rJoHZFy.exe
  2⤵
  PID:10368
- C:\Windows\System\UJrAbJN.exe
  C:\Windows\System\UJrAbJN.exe
  2⤵
  PID:10468
- C:\Windows\System\XEWkWBE.exe
  C:\Windows\System\XEWkWBE.exe
  2⤵
  PID:10820
- C:\Windows\System\MOgqXpx.exe
  C:\Windows\System\MOgqXpx.exe
  2⤵
  PID:10864
- C:\Windows\System\etgvxTn.exe
  C:\Windows\System\etgvxTn.exe
  2⤵
  PID:10992
- C:\Windows\System\cCoanPE.exe
  C:\Windows\System\cCoanPE.exe
  2⤵
  PID:11156
- C:\Windows\System\TNQYsrG.exe
  C:\Windows\System\TNQYsrG.exe
  2⤵
  PID:11244
- C:\Windows\System\nsSjufr.exe
  C:\Windows\System\nsSjufr.exe
  2⤵
  PID:10432
- C:\Windows\System\WkrxAsK.exe
  C:\Windows\System\WkrxAsK.exe
  2⤵
  PID:10884
- C:\Windows\System\zNQhJWZ.exe
  C:\Windows\System\zNQhJWZ.exe
  2⤵
  PID:11272
- C:\Windows\System\fkxkuAG.exe
  C:\Windows\System\fkxkuAG.exe
  2⤵
  PID:11296
- C:\Windows\System\PzIKctW.exe
  C:\Windows\System\PzIKctW.exe
  2⤵
  PID:11320
- C:\Windows\System\sLwtGQy.exe
  C:\Windows\System\sLwtGQy.exe
  2⤵
  PID:11344
- C:\Windows\System\jsSZJZA.exe
  C:\Windows\System\jsSZJZA.exe
  2⤵
  PID:11360
- C:\Windows\System\rIQiQAp.exe
  C:\Windows\System\rIQiQAp.exe
  2⤵
  PID:11536
- C:\Windows\System\qHZkHRq.exe
  C:\Windows\System\qHZkHRq.exe
  2⤵
  PID:11560
- C:\Windows\System\TZwXBiZ.exe
  C:\Windows\System\TZwXBiZ.exe
  2⤵
  PID:11632
- C:\Windows\System\SKYqtlS.exe
  C:\Windows\System\SKYqtlS.exe
  2⤵
  PID:11648
- C:\Windows\System\xxqNkle.exe
  C:\Windows\System\xxqNkle.exe
  2⤵
  PID:11676
- C:\Windows\System\hRJkQHS.exe
  C:\Windows\System\hRJkQHS.exe
  2⤵
  PID:11704
- C:\Windows\System\jQIpHGR.exe
  C:\Windows\System\jQIpHGR.exe
  2⤵
  PID:11732
- C:\Windows\System\PIlNzAV.exe
  C:\Windows\System\PIlNzAV.exe
  2⤵
  PID:11748
- C:\Windows\System\njVkkDy.exe
  C:\Windows\System\njVkkDy.exe
  2⤵
  PID:11780
- C:\Windows\System\ZnOFADJ.exe
  C:\Windows\System\ZnOFADJ.exe
  2⤵
  PID:11832
- C:\Windows\System\nXBgdbJ.exe
  C:\Windows\System\nXBgdbJ.exe
  2⤵
  PID:11856
- C:\Windows\System\wUqGDdu.exe
  C:\Windows\System\wUqGDdu.exe
  2⤵
  PID:11876
- C:\Windows\System\SynMOwq.exe
  C:\Windows\System\SynMOwq.exe
  2⤵
  PID:11896
- C:\Windows\System\SdUtNzG.exe
  C:\Windows\System\SdUtNzG.exe
  2⤵
  PID:11920
- C:\Windows\System\YqdItLR.exe
  C:\Windows\System\YqdItLR.exe
  2⤵
  PID:11948
- C:\Windows\System\XIsXGwl.exe
  C:\Windows\System\XIsXGwl.exe
  2⤵
  PID:11996
- C:\Windows\System\EkcobGQ.exe
  C:\Windows\System\EkcobGQ.exe
  2⤵
  PID:12024
- C:\Windows\System\nruioUQ.exe
  C:\Windows\System\nruioUQ.exe
  2⤵
  PID:12056
- C:\Windows\System\BoyxhXF.exe
  C:\Windows\System\BoyxhXF.exe
  2⤵
  PID:12080
- C:\Windows\System\etEgQOP.exe
  C:\Windows\System\etEgQOP.exe
  2⤵
  PID:12100
- C:\Windows\System\pvfDKwQ.exe
  C:\Windows\System\pvfDKwQ.exe
  2⤵
  PID:12140
- C:\Windows\System\hZTIfer.exe
  C:\Windows\System\hZTIfer.exe
  2⤵
  PID:12168
- C:\Windows\System\vKahsiD.exe
  C:\Windows\System\vKahsiD.exe
  2⤵
  PID:12192
- C:\Windows\System\IwqHLzC.exe
  C:\Windows\System\IwqHLzC.exe
  2⤵
  PID:12216
- C:\Windows\System\jqRAnwu.exe
  C:\Windows\System\jqRAnwu.exe
  2⤵
  PID:12264
- C:\Windows\System\gPCBdra.exe
  C:\Windows\System\gPCBdra.exe
  2⤵
  PID:11204
- C:\Windows\System\jwjttgI.exe
  C:\Windows\System\jwjttgI.exe
  2⤵
  PID:10648
- C:\Windows\System\vEWvfez.exe
  C:\Windows\System\vEWvfez.exe
  2⤵
  PID:11088
- C:\Windows\System\touQxzv.exe
  C:\Windows\System\touQxzv.exe
  2⤵
  PID:11292
- C:\Windows\System\VLweiMv.exe
  C:\Windows\System\VLweiMv.exe
  2⤵
  PID:11408
- C:\Windows\System\sScAbtw.exe
  C:\Windows\System\sScAbtw.exe
  2⤵
  PID:11484
- C:\Windows\System\DZLzqHK.exe
  C:\Windows\System\DZLzqHK.exe
  2⤵
  PID:11428
- C:\Windows\System\YPECCqw.exe
  C:\Windows\System\YPECCqw.exe
  2⤵
  PID:11420
- C:\Windows\System\NcgdamU.exe
  C:\Windows\System\NcgdamU.exe
  2⤵
  PID:11460
- C:\Windows\System\lUpnHEq.exe
  C:\Windows\System\lUpnHEq.exe
  2⤵
  PID:11500
- C:\Windows\System\TgIwvRe.exe
  C:\Windows\System\TgIwvRe.exe
  2⤵
  PID:11604
- C:\Windows\System\ddEniON.exe
  C:\Windows\System\ddEniON.exe
  2⤵
  PID:11620
- C:\Windows\System\HiYmuhK.exe
  C:\Windows\System\HiYmuhK.exe
  2⤵
  PID:11692
- C:\Windows\System\dUoyVJi.exe
  C:\Windows\System\dUoyVJi.exe
  2⤵
  PID:11744
- C:\Windows\System\LAehZPi.exe
  C:\Windows\System\LAehZPi.exe
  2⤵
  PID:1080
- C:\Windows\System\dScCOeb.exe
  C:\Windows\System\dScCOeb.exe
  2⤵
  PID:11848
- C:\Windows\System\SSqKEDg.exe
  C:\Windows\System\SSqKEDg.exe
  2⤵
  PID:11824
- C:\Windows\System\LbmaqUY.exe
  C:\Windows\System\LbmaqUY.exe
  2⤵
  PID:11960
- C:\Windows\System\nIbQaKH.exe
  C:\Windows\System\nIbQaKH.exe
  2⤵
  PID:12032
- C:\Windows\System\OCAVpvb.exe
  C:\Windows\System\OCAVpvb.exe
  2⤵
  PID:12064
- C:\Windows\System\ohXJMls.exe
  C:\Windows\System\ohXJMls.exe
  2⤵
  PID:12120
- C:\Windows\System\xVvTwRT.exe
  C:\Windows\System\xVvTwRT.exe
  2⤵
  PID:12204
- C:\Windows\System\GgGAQFE.exe
  C:\Windows\System\GgGAQFE.exe
  2⤵
  PID:10280
- C:\Windows\System\ZdZXnDr.exe
  C:\Windows\System\ZdZXnDr.exe
  2⤵
  PID:11316
- C:\Windows\System\onGeqlC.exe
  C:\Windows\System\onGeqlC.exe
  2⤵
  PID:11268
- C:\Windows\System\TGKtuok.exe
  C:\Windows\System\TGKtuok.exe
  2⤵
  PID:11472
- C:\Windows\System\GcUvXaz.exe
  C:\Windows\System\GcUvXaz.exe
  2⤵
  PID:11496
- C:\Windows\System\YliltPI.exe
  C:\Windows\System\YliltPI.exe
  2⤵
  PID:11776
- C:\Windows\System\PPQpeJk.exe
  C:\Windows\System\PPQpeJk.exe
  2⤵
  PID:11904
- C:\Windows\System\lsOMbvo.exe
  C:\Windows\System\lsOMbvo.exe
  2⤵
  PID:12256
- C:\Windows\System\inPjVxq.exe
  C:\Windows\System\inPjVxq.exe
  2⤵
  PID:12176
- C:\Windows\System\wxXhtKu.exe
  C:\Windows\System\wxXhtKu.exe
  2⤵
  PID:12184
- C:\Windows\System\JidRlKO.exe
  C:\Windows\System\JidRlKO.exe
  2⤵
  PID:11488
- C:\Windows\System\BqkzUYC.exe
  C:\Windows\System\BqkzUYC.exe
  2⤵
  PID:11724
- C:\Windows\System\fqkXUZc.exe
  C:\Windows\System\fqkXUZc.exe
  2⤵
  PID:11908
- C:\Windows\System\JFpUFTd.exe
  C:\Windows\System\JFpUFTd.exe
  2⤵
  PID:12208
- C:\Windows\System\nZRGVKR.exe
  C:\Windows\System\nZRGVKR.exe
  2⤵
  PID:12308
- C:\Windows\System\hVyUbDt.exe
  C:\Windows\System\hVyUbDt.exe
  2⤵
  PID:12324
- C:\Windows\System\vwDpCLX.exe
  C:\Windows\System\vwDpCLX.exe
  2⤵
  PID:12344
- C:\Windows\System\qscoxrc.exe
  C:\Windows\System\qscoxrc.exe
  2⤵
  PID:12364
- C:\Windows\System\yftCKGr.exe
  C:\Windows\System\yftCKGr.exe
  2⤵
  PID:12384
- C:\Windows\System\DFjnsQO.exe
  C:\Windows\System\DFjnsQO.exe
  2⤵
  PID:12408
- C:\Windows\System\FsGLYqO.exe
  C:\Windows\System\FsGLYqO.exe
  2⤵
  PID:12472
- C:\Windows\System\hilxTFH.exe
  C:\Windows\System\hilxTFH.exe
  2⤵
  PID:12532
- C:\Windows\System\fgJgIkK.exe
  C:\Windows\System\fgJgIkK.exe
  2⤵
  PID:12560
- C:\Windows\System\AgQrpAB.exe
  C:\Windows\System\AgQrpAB.exe
  2⤵
  PID:12600
- C:\Windows\System\YaALyMe.exe
  C:\Windows\System\YaALyMe.exe
  2⤵
  PID:12624
- C:\Windows\System\VZuWyFO.exe
  C:\Windows\System\VZuWyFO.exe
  2⤵
  PID:12644
- C:\Windows\System\ojLsfZi.exe
  C:\Windows\System\ojLsfZi.exe
  2⤵
  PID:12664
- C:\Windows\System\dzuncJH.exe
  C:\Windows\System\dzuncJH.exe
  2⤵
  PID:12684
- C:\Windows\System\URvgJxR.exe
  C:\Windows\System\URvgJxR.exe
  2⤵
  PID:12720
- C:\Windows\System\zBnQsFc.exe
  C:\Windows\System\zBnQsFc.exe
  2⤵
  PID:12744
- C:\Windows\System\ggngvYW.exe
  C:\Windows\System\ggngvYW.exe
  2⤵
  PID:12780
- C:\Windows\System\GYEZoqb.exe
  C:\Windows\System\GYEZoqb.exe
  2⤵
  PID:12808
- C:\Windows\System\HHSwptv.exe
  C:\Windows\System\HHSwptv.exe
  2⤵
  PID:12836
- C:\Windows\System\GrDgRQZ.exe
  C:\Windows\System\GrDgRQZ.exe
  2⤵
  PID:12868
- C:\Windows\System\EWgzTUp.exe
  C:\Windows\System\EWgzTUp.exe
  2⤵
  PID:12964
- C:\Windows\System\VzKLfmh.exe
  C:\Windows\System\VzKLfmh.exe
  2⤵
  PID:13144
- C:\Windows\System\vxlYudb.exe
  C:\Windows\System\vxlYudb.exe
  2⤵
  PID:13168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jrqxrmer.s0k.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BTymhDU.exe

Filesize
2.0MB

MD5
2dcc679bf4cac1a48164865ce985a3de

SHA1
fffba57965bb7d51a64b466f1aea275ddb595989

SHA256
82c1c6defaf287d2a236c82bda226246a433282aa70442c6c0c9755a385e6aa5

SHA512
c83fd96794801021988f7cd42ceec2c73fd576f1757a090a042f50d47f309141aa2fb69e8cdd2c80549e69afac4596daa2f44d51acf45be77f00a267d21ed56e

Download Submit
C:\Windows\System\DSMmjuW.exe

Filesize
2.0MB

MD5
025f8a86c029419f70fad0a38e2fc006

SHA1
f64dbb520e80c01cd40bcbf058026c5aa9d7a0d6

SHA256
99ec155ce7d27253d340f2a50df8e4eb21bded543595359a8f1b7b91940af1cc

SHA512
6b67e6c8e0ccce7a46336078cfc64bf3826f534ed63af36dc311deda2f39d199d6c189793688b56e1da7876082ffce677d46e5fdbe4b74bce3bf52fc1a72d989

Download Submit
C:\Windows\System\HaGdrwW.exe

Filesize
2.0MB

MD5
fe0e1c1eae644af4d70252c944cd8bac

SHA1
f64b6aa274ecd03965609d39d5f11dc279385721

SHA256
7bb50a0f4dfa393fedd6924bf258eb8cbbb90111529680ce938133779616674f

SHA512
0d7d0f2ba68f1b589464a340618dd66834281497ef067341dc5ef671690e497c27724980da3e3c89cf57436ca1b5bae2ffa881295a955d2466e950915efb7662

Download Submit
C:\Windows\System\HdncBuW.exe

Filesize
2.0MB

MD5
23ebab17aa6d3a1f3904cec874237a3d

SHA1
d9ad01e7520c0c3f20f86c88c30423f103fa824c

SHA256
6bbb8be06a0515fd371973f65196596f61dc5b4254be3b4d3d665e73ccf99433

SHA512
d71e02da403f059fa122a4e553ee7be30193e5f0b700cb1803ade9172a0d6e8b8ba783fe070122c86d9e22178e201aec87070f7c0a4e75af51a92de5f58254c3

Download Submit
C:\Windows\System\NZpCtbt.exe

Filesize
2.0MB

MD5
4dea3f0c1084d068ae05071feef09fb5

SHA1
841c5181da8c21390b868a3da2cf74a605caa7e2

SHA256
59abdff916b84a3528fcb017d505ba57bbba1cacd90fc6a6cc798c04f5eed0a5

SHA512
6a64e7c76cae043f616d9135b9554ce361384eafdace004222e4f75a817eeb90626984561349fa9218ff398c12c9f193e57f8dd48c0582f0307d7b9dee30cb23

Download Submit
C:\Windows\System\OKQGHuy.exe

Filesize
2.0MB

MD5
3fe1486f7654d9c206624e2a07ba44ce

SHA1
74795b57d869059e95bfc53fd03666761869973a

SHA256
055f8fe89e550e5fdaa6cbfd3f40909b185498336864b9bb7cd43015e9a38550

SHA512
cdedb721f6079619ebcf138f84412623796711ee5ec422b30e816b8f823742f94aa30c24aa5b578b8fe193773e81d07565357e47b4ec500a1d0682bc121ae0cf

Download Submit
C:\Windows\System\PSqVDIG.exe

Filesize
2.0MB

MD5
7357729f984843966ff9264cde1a8e88

SHA1
e6fad9d4d92171c955af3f345a26ee9744130b79

SHA256
c8f036e0c1f70f1d91a046350fa1cd442b317c7a2ea52b3fe5a50e5a3390a63f

SHA512
ca3db51ef2c930bad9c635a90cab88a3cebf2f5d17f58872e102894a9a1af8fce9209426ac7075741b0884b050f3d6cf218a573a0971244cfcbd381ee72233f1

Download Submit
C:\Windows\System\QORPvwh.exe

Filesize
2.0MB

MD5
178efb6cb47e766c1d7157a4a4c7398c

SHA1
469dcf199aa13fb719840792a6bedd6c4f871668

SHA256
c684bdc0f9aa6b8fe85ee90dd9834bc191f2448ecbdb3bd72113a2760398f4da

SHA512
8068dc4e0cbae6c8e18c0bfd2a4eb0ad936f48cdd731598d822be0338309ea3aa0a90c60399c9d3aa0bd9dbeb92c1a94fe6c27927862323600c994288ad36afb

Download Submit
C:\Windows\System\RcNZPpK.exe

Filesize
2.0MB

MD5
313f80c680830711c0733303abb3ad10

SHA1
11ed4f01219642eb7f0f9d77d076a7083ad0c97d

SHA256
19671bc01d22778433be0016081ee3b9114ea0d966f56de869ca429ad6f4fbed

SHA512
e07d5479d9a754945840bd54d3ac45ae7ba3ab473a0114591054a886fdc6d5b765b746f0f53fcf91632f9b44c98e07c539744b088aeb621b3047d45fa1ebe194

Download Submit
C:\Windows\System\TIIvVLH.exe

Filesize
2.0MB

MD5
6a66b83fe645094814c577dd3a0148cd

SHA1
6ed1a0ea2b3a3f6b15fabd85fc2ec525479fd90a

SHA256
0d98c32286f02dd98fac949a0e98da1e85b02c9c86a4186b6bba993fe54e7d19

SHA512
f35ca97387218795e9c0a1cb667172c1ee9303edf3b6c7141a600f08c903c88f44a7d967094119775d8b7064077ac1c9e4d316baac1e5fa22fc73561548b5251

Download Submit
C:\Windows\System\Uanzdpi.exe

Filesize
2.0MB

MD5
b08cfe44860aa897b5d40cccb6bb25f9

SHA1
9280b1d004e0534f2adde5b3a2e05fdbaf70f4e1

SHA256
1efd4add62cde53ea42136be2972a6868d8bc8d2cf89e5e3efac071f728d0def

SHA512
550158842d4c4a4d57f9899366aa681bf6435b673861d264db5f7f0c4e5a8ac48267cc259f4c9cb710f0bfacf315d3bc5bbb2010047b63b1d222c6ffa07572d1

Download Submit
C:\Windows\System\XBltwsx.exe

Filesize
2.0MB

MD5
96766570e6f6a5fd19c2c470102fe5eb

SHA1
980708c4f91d04bd666121881ef823b5406ebb4c

SHA256
c4e35284d7427382823c365f553fe1a8865ba4e5b5561098b1abce30b40d9233

SHA512
bc6e58c7ac13b8220ef8a72b569a23028032f4b66915b54d1b660287b323fb5326b839e8e48741ccc470e041f179f047c02d58e98c86bb3eccea06be2436e8ea

Download Submit
C:\Windows\System\XbCqOYM.exe

Filesize
2.0MB

MD5
dcdca1e61e0baada9415c16c080eded8

SHA1
c1e8474c201862dfc5c48a27151d5faf60fa857d

SHA256
e26da37bcc644a61d7bd19515ba3dd18cc7c2c2e8a5a979d4e2bb3c136131e68

SHA512
00249960f26e619dc511aa4b8ac7020b75f9702ded3189dd8c610a4fdbfceadc787d25efb2661926e8d701a770725fdceb98ec427f44aa14f3fb22ab8890107d

Download Submit
C:\Windows\System\XdCQXHE.exe

Filesize
2.0MB

MD5
3a71d8595123de2f851cbd32738fc1c2

SHA1
5072d596eac5f84aa22a8e9d69c8b48f4c119ad7

SHA256
36179d079be2582c10c52581c51f6ce88431fb4ba58ac7ed836fcfafee338855

SHA512
d706b99a1f9efc7333684a8ffa4b4f64a2b8f6501c65fa807398d5a576cec5b9376dd02fdb4ea8d35f2c68fec64c78f35cdd63a51100521f6ff55ab7b400cad4

Download Submit
C:\Windows\System\ZNcvdKB.exe

Filesize
8B

MD5
2f610ed4fd34c7b93dede1793521baba

SHA1
5daae5f3b2625b6a326bfb1be39046cb371fc4a6

SHA256
d587df361f44238ccf5a60428309780a9b6bde224606e4679c94364299985684

SHA512
367244af67370594aa8df8799be42b55afcd8abd950bf66980b9cb155b499d06ebcadc359f153586f1736d1a5dd7bea12b69a39d93e67441419399282c1888bb

Download Submit
C:\Windows\System\ZZBcwxE.exe

Filesize
2.0MB

MD5
c0aa100cd416343f3575e75d3b881863

SHA1
7090abf014d94a674d6c18d4b0811e2b4e31ddc2

SHA256
5c42662d6520199d44986364d691796dec17528e5ad448904302e94ec46fe6fb

SHA512
858d09989d9933273711eb2b49e86317a30169adfbdc5b3b6c0417223b29ac820ad361c8931a85211604b043ccbe46e56ca9385529cbe2a6d022ba47546ebec6

Download Submit
C:\Windows\System\aDiQkOk.exe

Filesize
2.0MB

MD5
1fb29538a5eac0cb8617ee0a91866157

SHA1
144c5b18c73c9ca9c567fa03032bd921ed741e22

SHA256
15e1cafbf687b0accd093c2c716a0fa4bf75fb628602bf7b7d864317794a306a

SHA512
43965dada7b80ddf7607948b1c1c2485f82b78616b19989d0bdc495c2cf8af5041d96e6fcaad6b7e141df4f678e5d3ab1cbb8664a7f795a91f71ab6da50567c8

Download Submit
C:\Windows\System\bLVUPuh.exe

Filesize
2.0MB

MD5
dc524253a94f101e1ed743883573e98b

SHA1
c0ebe0ff17243b7854a83082bd81806dad807325

SHA256
d913140fbc28151ff2e6e9b41b3693bb19f702d5279a86f5e59e3cdb96b0cf2c

SHA512
8de3f01d940efbe09046ec342e5a287f4ff6d6c47d092575593c25e22257cef30ccb0fc35f1c248a2b656aee6ef70e9a6f67f925979948b679245f2c6d64f32d

Download Submit
C:\Windows\System\bqNMUWs.exe

Filesize
2.0MB

MD5
e79c283e936373faea84490cc5ea9fa8

SHA1
53a7230fb840255ca8ce3be48ff38129a2fcb57d

SHA256
2926b1a0be0ee1520e2d772ee40fba7c5286748d5fbdef913233e0134b417faa

SHA512
e602692854aa2dbdd905ac348512f88cb32d7b2693102fafaa2dad43641e85cb8d8b8377e5d4b9af168b86df82abeddd0fcb3b286db17b558ae168127f0b1dcc

Download Submit
C:\Windows\System\cJeQrZG.exe

Filesize
2.0MB

MD5
68d48600c76c56742b813a43cfa65555

SHA1
bf26459339d82f7c1546e64812a0de62052678f9

SHA256
116ee476c8283cbce565698bf37b61b9ecc0d52de2abfa3e085f6e4d178f0470

SHA512
647e5fdd08a06f6ccb07c55c4f07f2332242e2f70d6c5a7394ee92289bd54f0e00819e0d4179aa8ec9dc8d1d02345c65bb6ece4e1c5300cd8919d1087c2509a9

Download Submit
C:\Windows\System\dSvagZx.exe

Filesize
2.0MB

MD5
19e84a702a9a57ca43664f0711f607de

SHA1
7c2339785e05ae9d1f414d0e0a7317017d4751fc

SHA256
4c898eb6fd7920cf7d725e7fb9ad4e7c01a9e9d931c07ec5e012a2c271e85013

SHA512
18d6d37e70325233baaec65982dfdb1fe373cfdb0af4ec379de0c7598a9b0170a36e06dc1e9fcbaff432983ee0726a5eec421f923979b67b7376f1e5f6f389a4

Download Submit
C:\Windows\System\hZDaXdj.exe

Filesize
2.0MB

MD5
4f6a3a5eb7058eb2fab216f1a96e2086

SHA1
bb7a119a06824eccc637d9be5937450d0336edf0

SHA256
8f8ac627d44eb1756760e89456ae5849f8a617493ffefe8a773633c7f8fe7c55

SHA512
58ac9b781e0a1cc5bec1665f9777c47a62d606ff2b48c5795a29ba46ee3b6711e7d402b25d57d81fb5c16d62d2f5d0d3619d66dce84faba0b16016dfb820f0ec

Download Submit
C:\Windows\System\hlvnfzW.exe

Filesize
2.0MB

MD5
03d9e7d0d4c23602179060ca519e3666

SHA1
c6088cd8edea30df40e0516db6a70527a72386a6

SHA256
384839a55204f4d24e85bf1d6d9282de0b4f6fbf9e785ef7e96916c2822114f1

SHA512
4982ce774db5ec9c92bef93971ac25d2a9e17fb4cc88724f7a8d68023f252f6912d4c851e52b4ddcfa12e972d02962631b00a95736e1cfb62120acab62b54f10

Download Submit
C:\Windows\System\kwGrYRT.exe

Filesize
2.0MB

MD5
3deb5f836220f1bcf65d3bc044c0866e

SHA1
f3fc8355ac0a3d7bb7b9687961aa38470f28537e

SHA256
305203ac83fd50025dea6b216fb5aec04ffb3ed6e05dbd063c51d41c913470b6

SHA512
77c838a620d95587da99b1a0e7800f8a0b446430478ced4adde63400172b70ddebf7deca780e921ac1212822e70b7303721784eef35e9af3515dea804eb5ad81

Download Submit
C:\Windows\System\lTcTlbT.exe

Filesize
2.0MB

MD5
10214a36ce1eb60f9392094855e6553d

SHA1
7f9a7da3a3070e7c9e5fbbf104ab8bb3a0e830ff

SHA256
784f770bc9602fc463e77b89d59254bb0c3d23e74d1dcd9084a45c9ef97df2a5

SHA512
6b86465342ec29472491619f6eee0e8c9806d0b803831781602b9b213bb5a12e043ced823358a6aadccac0007109345d192025e2b4df312dfa5671c3bdcab1c4

Download Submit
C:\Windows\System\lZlihEw.exe

Filesize
2.0MB

MD5
bb7edda4bd2c6b6bbc3d7359f0325eae

SHA1
835980eb77b4c59d32a50f45c316b61b66e5934e

SHA256
cdff06def17c3ede4edbfd7635e49c5a861a81bdd800b4dba49fb4c1c2d2e5a4

SHA512
d33f95af36b469e7a9ce9df681b99bd347a10e06acde952eb014fc86cbc52371b865edd7caa2252777bb2cceb461495e05a7c6eb32241ce6ba34d2c20266e055

Download Submit
C:\Windows\System\pyljvXM.exe

Filesize
2.0MB

MD5
c4843c32a3de19d32e5c65c93c016b8f

SHA1
98bc9a9d0023c8ce75de0a58912cbae63f2af962

SHA256
ef4161fe6229919b1208278b531a4d5828d2090a90354ec3ef2d507bbb02c74d

SHA512
7b076c99cfe6861539dceed38c4e68899b4d1143a37d47c373be4cb0e0af1a07827e7f4771628e2316e7d3287ff1aae135ba606b40a99d622b92e40ebede8eb8

Download Submit
C:\Windows\System\qMelLtg.exe

Filesize
2.0MB

MD5
067831907edfb9f89da105f37bd6df10

SHA1
7dfb684062537158966dc5a1a15fe237a69d67ff

SHA256
b0bad128aba3252eb3519ffbbdc9636f890a1eac46fa41ae1fc370a902880121

SHA512
b89adb0412d1f756f894e26658ef4758dd739948ce253901549b742ff0a143f76e7aacf14fc75667ed80e3fe805f650bab9f07839525f89df808c85301edfd5b

Download Submit
C:\Windows\System\rENDeHO.exe

Filesize
2.0MB

MD5
cd30af0ff762a0d2de146afa00c76e81

SHA1
8b5c65af95d21cc0961c472bb10bebb88a0f38fc

SHA256
a886e0a65668deb16e5087a96c8d0fc57251b5470501a5da0a5b189c538fd33d

SHA512
b39f94bbfc268a932d300f1d8c5135cc02ed8fb4f160ba5860e9d48d1e7f16be56079718829b8a7ab0d460e22e73d325389f069ee4c397b5e25e0e5d7ece94db

Download Submit
C:\Windows\System\rmYKlZS.exe

Filesize
2.0MB

MD5
8ebaf87ca29190bb6737ca07a8deee56

SHA1
a28425e45135d3125c29f9410bd54b9f84d7b08b

SHA256
e915ff86c5b7bf08e6129b914ddbb52e9661205837f964752b8c12f3b2649e69

SHA512
01c95596c22e81351128e27330f23ecd6c1552e576d59708eff706ed6d4dbfed4843128f7f2ad6078f21048e89b803f60707037dcecb3c17620da05dea784161

Download Submit
C:\Windows\System\sxTPdhb.exe

Filesize
2.0MB

MD5
c02cd717194a406e141b06ea7b3123a9

SHA1
473f5a0c538a91870187f1b3d741db075361d33e

SHA256
39bf672ae02c3ea8edb0e4a43aec49f17471274cc771ece3718d445041fda4b5

SHA512
08a52717d6f3af9db1d18003c2ea917206b74a055af45f378d0c236ce32613bd8d728ca4c4b1c4e2d108b886be2fd8820646fb8d6f4ce884dcaab4a8ab85eb8b

Download Submit
C:\Windows\System\vqTKVtR.exe

Filesize
2.0MB

MD5
ee50d70596949f13d334a341f8a902ae

SHA1
2bc8d0b30127434b1a95035127b20131f86b3682

SHA256
5c666e3bba44d71fb3f1c256a061a41cd06379f2cb09b1453f3419f940f6f91a

SHA512
1afb7e17ca40bfcc9d23d2dc42e53bb72ad91d3719cf4b2ac1fee554e193a9267fe68515bffa78d05c30e6d75c0e059d2c566bc9ad6cf1eebd832fb0e4b97cbd

Download Submit
C:\Windows\System\wOlBkDE.exe

Filesize
2.0MB

MD5
a5b0e5320c9cb594887a9aa5bbcd5b36

SHA1
c9d3a77dd33ef0e2f569609065f4490ab47f2a8a

SHA256
191baef363da1e5cafbc92167dd0f9090df86390025e29381e54bdd6aa033bba

SHA512
788d5458191b559ce3e362f45219dfd2337a662faf1426980413a01437240e57d7cb89e5d90deb930475b3db67e700a3809e9054f407a7e459fec65216b57fa4

Download Submit
C:\Windows\System\xmMSniL.exe

Filesize
2.0MB

MD5
a93a56ac18c56de5892765b80137240c

SHA1
97355de3e3adf330851f240c2b90bea7137a235a

SHA256
640340362f0214b969d7bd5378887eb41e4effc0e8d34048ebcb2b9d78155014

SHA512
1ef904b9e66ba7165a62ede5a0d280dcdf02bd63020ef654ab9ef9f34d1369437f0b95ba64382059867f91d765b3da9b88837baee01e3513097898f9543365dc

Download Submit
memory/232-129-0x00007FF6845F0000-0x00007FF6849E2000-memory.dmp

Filesize
3.9MB

Download
memory/232-2912-0x00007FF6845F0000-0x00007FF6849E2000-memory.dmp

Filesize
3.9MB

Download
memory/400-139-0x00007FF654780000-0x00007FF654B72000-memory.dmp

Filesize
3.9MB

Download
memory/400-2888-0x00007FF654780000-0x00007FF654B72000-memory.dmp

Filesize
3.9MB

Download
memory/672-2918-0x00007FF791700000-0x00007FF791AF2000-memory.dmp

Filesize
3.9MB

Download
memory/672-160-0x00007FF791700000-0x00007FF791AF2000-memory.dmp

Filesize
3.9MB

Download
memory/816-147-0x00007FF6FBC30000-0x00007FF6FC022000-memory.dmp

Filesize
3.9MB

Download
memory/816-2914-0x00007FF6FBC30000-0x00007FF6FC022000-memory.dmp

Filesize
3.9MB

Download
memory/1164-2927-0x00007FF6F5410000-0x00007FF6F5802000-memory.dmp

Filesize
3.9MB

Download
memory/1164-189-0x00007FF6F5410000-0x00007FF6F5802000-memory.dmp

Filesize
3.9MB

Download
memory/1264-2900-0x00007FF723B60000-0x00007FF723F52000-memory.dmp

Filesize
3.9MB

Download
memory/1264-108-0x00007FF723B60000-0x00007FF723F52000-memory.dmp

Filesize
3.9MB

Download
memory/1380-118-0x00007FF764780000-0x00007FF764B72000-memory.dmp

Filesize
3.9MB

Download
memory/1380-2908-0x00007FF764780000-0x00007FF764B72000-memory.dmp

Filesize
3.9MB

Download
memory/1504-201-0x00007FF779940000-0x00007FF779D32000-memory.dmp

Filesize
3.9MB

Download
memory/1504-2923-0x00007FF779940000-0x00007FF779D32000-memory.dmp

Filesize
3.9MB

Download
memory/1644-76-0x00007FF67C610000-0x00007FF67CA02000-memory.dmp

Filesize
3.9MB

Download
memory/1644-2894-0x00007FF67C610000-0x00007FF67CA02000-memory.dmp

Filesize
3.9MB

Download
memory/1696-208-0x00007FF6E0590000-0x00007FF6E0982000-memory.dmp

Filesize
3.9MB

Download
memory/1696-2931-0x00007FF6E0590000-0x00007FF6E0982000-memory.dmp

Filesize
3.9MB

Download
memory/1728-154-0x00007FF752C90000-0x00007FF753082000-memory.dmp

Filesize
3.9MB

Download
memory/1728-2911-0x00007FF752C90000-0x00007FF753082000-memory.dmp

Filesize
3.9MB

Download
memory/1792-2928-0x00007FF7519C0000-0x00007FF751DB2000-memory.dmp

Filesize
3.9MB

Download
memory/1792-200-0x00007FF7519C0000-0x00007FF751DB2000-memory.dmp

Filesize
3.9MB

Download
memory/1800-142-0x00007FF7B6240000-0x00007FF7B6632000-memory.dmp

Filesize
3.9MB

Download
memory/1800-2906-0x00007FF7B6240000-0x00007FF7B6632000-memory.dmp

Filesize
3.9MB

Download
memory/1900-2917-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp

Filesize
3.9MB

Download
memory/1900-166-0x00007FF7BEC30000-0x00007FF7BF022000-memory.dmp

Filesize
3.9MB

Download
memory/2012-114-0x00007FF70AA10000-0x00007FF70AE02000-memory.dmp

Filesize
3.9MB

Download
memory/2012-2904-0x00007FF70AA10000-0x00007FF70AE02000-memory.dmp

Filesize
3.9MB

Download
memory/2052-2890-0x00007FF73E300000-0x00007FF73E6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2052-90-0x00007FF73E300000-0x00007FF73E6F2000-memory.dmp

Filesize
3.9MB

Download
memory/2784-99-0x00007FF6C1A30000-0x00007FF6C1E22000-memory.dmp

Filesize
3.9MB

Download
memory/2784-2898-0x00007FF6C1A30000-0x00007FF6C1E22000-memory.dmp

Filesize
3.9MB

Download
memory/3060-47-0x00007FFF02A90000-0x00007FFF03551000-memory.dmp

Filesize
10.8MB

Download
memory/3060-19-0x00007FFF02A93000-0x00007FFF02A95000-memory.dmp

Filesize
8KB

Download
memory/3060-2991-0x00007FFF02A90000-0x00007FFF03551000-memory.dmp

Filesize
10.8MB

Download
memory/3060-71-0x00007FFF02A90000-0x00007FFF03551000-memory.dmp

Filesize
10.8MB

Download
memory/3060-417-0x0000024AC9250000-0x0000024AC99F6000-memory.dmp

Filesize
7.6MB

Download
memory/3060-61-0x0000024AAFDE0000-0x0000024AAFE02000-memory.dmp

Filesize
136KB

Download
memory/3060-2882-0x00007FFF02A93000-0x00007FFF02A95000-memory.dmp

Filesize
8KB

Download
memory/3060-2881-0x00007FFF02A90000-0x00007FFF03551000-memory.dmp

Filesize
10.8MB

Download
memory/3168-1-0x000001A83B400000-0x000001A83B410000-memory.dmp

Filesize
64KB

Download
memory/3168-0-0x00007FF67D160000-0x00007FF67D552000-memory.dmp

Filesize
3.9MB

Download
memory/3696-105-0x00007FF6E9870000-0x00007FF6E9C62000-memory.dmp

Filesize
3.9MB

Download
memory/3696-2902-0x00007FF6E9870000-0x00007FF6E9C62000-memory.dmp

Filesize
3.9MB

Download
memory/3900-2896-0x00007FF7997C0000-0x00007FF799BB2000-memory.dmp

Filesize
3.9MB

Download
memory/3900-94-0x00007FF7997C0000-0x00007FF799BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4336-182-0x00007FF62F950000-0x00007FF62FD42000-memory.dmp

Filesize
3.9MB

Download
memory/4336-2924-0x00007FF62F950000-0x00007FF62FD42000-memory.dmp

Filesize
3.9MB

Download
memory/4756-2880-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp

Filesize
3.9MB

Download
memory/4756-2884-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp

Filesize
3.9MB

Download
memory/4756-18-0x00007FF6D1690000-0x00007FF6D1A82000-memory.dmp

Filesize
3.9MB

Download
memory/4764-176-0x00007FF643FF0000-0x00007FF6443E2000-memory.dmp

Filesize
3.9MB

Download
memory/4764-2920-0x00007FF643FF0000-0x00007FF6443E2000-memory.dmp

Filesize
3.9MB

Download
memory/4980-2886-0x00007FF6B9D00000-0x00007FF6BA0F2000-memory.dmp

Filesize
3.9MB

Download
memory/4980-135-0x00007FF6B9D00000-0x00007FF6BA0F2000-memory.dmp

Filesize
3.9MB

Download
memory/5088-77-0x00007FF6FBDD0000-0x00007FF6FC1C2000-memory.dmp

Filesize
3.9MB

Download
memory/5088-2893-0x00007FF6FBDD0000-0x00007FF6FC1C2000-memory.dmp

Filesize
3.9MB

Download