xmrig | 8d80d6c8c54b7647ae514c0b2fd1fb35025304137b38df19b97a3f75aca643e3

Analysis

max time kernel
97s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
Size

1.4MB
MD5

65d1d7e5d1a6a9111f462e0f092cf5f0
SHA1

60cbfcb37d17466e6fc3334e0c67923a69df15f6
SHA256

8d80d6c8c54b7647ae514c0b2fd1fb35025304137b38df19b97a3f75aca643e3
SHA512

4e5e866202e15d2d125edd1d5d9f629aa83c64fdcb122f4dad0d9e89bc1eb6b36a5c67f7f6bd5b3a7b5210cfe17bf574be117aa46a3dc6ccc589cd229695129d
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkipBh8tGxHIBWGlTqTmo6OZPCyy1MFfQfOHtyy4S0:Lz071uv4BPMkiFGlvACXaHtrj0

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4424-666-0x00007FF640AB0000-0x00007FF640EA2000-memory.dmp	xmrig
behavioral2/memory/2228-673-0x00007FF67BD10000-0x00007FF67C102000-memory.dmp	xmrig
behavioral2/memory/3268-676-0x00007FF64DD70000-0x00007FF64E162000-memory.dmp	xmrig
behavioral2/memory/3844-675-0x00007FF79CBD0000-0x00007FF79CFC2000-memory.dmp	xmrig
behavioral2/memory/3840-674-0x00007FF7E9150000-0x00007FF7E9542000-memory.dmp	xmrig
behavioral2/memory/1756-672-0x00007FF608230000-0x00007FF608622000-memory.dmp	xmrig
behavioral2/memory/4988-671-0x00007FF7A3DD0000-0x00007FF7A41C2000-memory.dmp	xmrig
behavioral2/memory/4152-670-0x00007FF691AB0000-0x00007FF691EA2000-memory.dmp	xmrig
behavioral2/memory/3096-669-0x00007FF66CCF0000-0x00007FF66D0E2000-memory.dmp	xmrig
behavioral2/memory/4960-668-0x00007FF7F1890000-0x00007FF7F1C82000-memory.dmp	xmrig
behavioral2/memory/1096-667-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp	xmrig
behavioral2/memory/1420-665-0x00007FF68BCA0000-0x00007FF68C092000-memory.dmp	xmrig
behavioral2/memory/1932-637-0x00007FF6EE6B0000-0x00007FF6EEAA2000-memory.dmp	xmrig
behavioral2/memory/3220-561-0x00007FF689A30000-0x00007FF689E22000-memory.dmp	xmrig
behavioral2/memory/5012-431-0x00007FF61D340000-0x00007FF61D732000-memory.dmp	xmrig
behavioral2/memory/2324-321-0x00007FF6C4D00000-0x00007FF6C50F2000-memory.dmp	xmrig
behavioral2/memory/4948-280-0x00007FF7B6650000-0x00007FF7B6A42000-memory.dmp	xmrig
behavioral2/memory/2336-279-0x00007FF760EC0000-0x00007FF7612B2000-memory.dmp	xmrig
behavioral2/memory/2908-15-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp	xmrig
behavioral2/memory/232-3629-0x00007FF75FB70000-0x00007FF75FF62000-memory.dmp	xmrig
behavioral2/memory/2908-3628-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp	xmrig
behavioral2/memory/636-3631-0x00007FF6C3F70000-0x00007FF6C4362000-memory.dmp	xmrig
behavioral2/memory/216-3630-0x00007FF72F1A0000-0x00007FF72F592000-memory.dmp	xmrig
behavioral2/memory/2908-3633-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp	xmrig
behavioral2/memory/2336-3635-0x00007FF760EC0000-0x00007FF7612B2000-memory.dmp	xmrig
behavioral2/memory/3584-3637-0x00007FF73A210000-0x00007FF73A602000-memory.dmp	xmrig
behavioral2/memory/4960-3738-0x00007FF7F1890000-0x00007FF7F1C82000-memory.dmp	xmrig
behavioral2/memory/1932-3733-0x00007FF6EE6B0000-0x00007FF6EEAA2000-memory.dmp	xmrig
behavioral2/memory/3844-3715-0x00007FF79CBD0000-0x00007FF79CFC2000-memory.dmp	xmrig
behavioral2/memory/3096-3713-0x00007FF66CCF0000-0x00007FF66D0E2000-memory.dmp	xmrig
behavioral2/memory/1420-3711-0x00007FF68BCA0000-0x00007FF68C092000-memory.dmp	xmrig
behavioral2/memory/3268-3707-0x00007FF64DD70000-0x00007FF64E162000-memory.dmp	xmrig
behavioral2/memory/636-3703-0x00007FF6C3F70000-0x00007FF6C4362000-memory.dmp	xmrig
behavioral2/memory/3220-3731-0x00007FF689A30000-0x00007FF689E22000-memory.dmp	xmrig
behavioral2/memory/2532-3693-0x00007FF6A4440000-0x00007FF6A4832000-memory.dmp	xmrig
behavioral2/memory/2324-3690-0x00007FF6C4D00000-0x00007FF6C50F2000-memory.dmp	xmrig
behavioral2/memory/4152-3709-0x00007FF691AB0000-0x00007FF691EA2000-memory.dmp	xmrig
behavioral2/memory/2532-3705-0x00007FF6A4440000-0x00007FF6A4832000-memory.dmp	xmrig
behavioral2/memory/232-3665-0x00007FF75FB70000-0x00007FF75FF62000-memory.dmp	xmrig
behavioral2/memory/216-3663-0x00007FF72F1A0000-0x00007FF72F592000-memory.dmp	xmrig
behavioral2/memory/3840-3641-0x00007FF7E9150000-0x00007FF7E9542000-memory.dmp	xmrig
behavioral2/memory/4948-3639-0x00007FF7B6650000-0x00007FF7B6A42000-memory.dmp	xmrig
behavioral2/memory/4988-3735-0x00007FF7A3DD0000-0x00007FF7A41C2000-memory.dmp	xmrig
behavioral2/memory/1096-3766-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp	xmrig
behavioral2/memory/2228-3788-0x00007FF67BD10000-0x00007FF67C102000-memory.dmp	xmrig
behavioral2/memory/1756-3740-0x00007FF608230000-0x00007FF608622000-memory.dmp	xmrig
behavioral2/memory/4424-3745-0x00007FF640AB0000-0x00007FF640EA2000-memory.dmp	xmrig
behavioral2/memory/5012-3743-0x00007FF61D340000-0x00007FF61D732000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3684	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2908	nrbTAsG.exe
3584	brpDree.exe
232	yBFjfyL.exe
216	GWlxnQo.exe
636	lYQNdaL.exe
2532	DmpQQOg.exe
2336	udcfTji.exe
3840	NaDEiJN.exe
4948	edQKBgs.exe
2324	SzcjFHg.exe
5012	BNNpCpe.exe
3220	vnvISyX.exe
1932	AYTAdMc.exe
3844	rVZAanE.exe
1420	BQWLaLq.exe
4424	ruSQfWa.exe
1096	kMkVGnM.exe
4960	avTuksH.exe
3096	jRDELci.exe
4152	zuvTjKs.exe
4988	uGYiAYv.exe
3268	vXathJU.exe
1756	VxKRXjI.exe
2228	eeOvSpD.exe
928	Vlliega.exe
4836	LqqDApX.exe
4880	DKPNzdS.exe
3004	NCxnwiN.exe
2208	drKPEcU.exe
2128	KYpHwrU.exe
4752	jLJJhcn.exe
2176	hWzhoDl.exe
4636	PzTkyLe.exe
2624	EwtnOVi.exe
2628	BoCCoKd.exe
1176	KTmQWQN.exe
3792	jucwnsG.exe
2632	skSHBDq.exe
3688	yViJYhc.exe
3608	NkEWmcQ.exe
1800	DhRfaZs.exe
4056	QGqfPun.exe
1292	sRbhIGO.exe
4272	tSOdgjY.exe
4500	tKJjNaN.exe
2472	poRIyQV.exe
2904	JeGxJGv.exe
876	DOWKZhD.exe
4332	ebhUYjk.exe
4228	NWutTcl.exe
2500	lMlqKQK.exe
4520	YKzaioz.exe
2728	ihaaLuY.exe
1832	iHthzUG.exe
388	QHXcPTV.exe
4320	xLkAmbg.exe
4444	fsKJnwT.exe
2392	zevYQou.exe
2716	HTphDqV.exe
320	kmFIgfI.exe
3140	oQRzFdo.exe
924	bzcAprv.exe
3920	MqnvtwE.exe
2420	gYERQgn.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1544-0-0x00007FF797190000-0x00007FF797582000-memory.dmp	upx
behavioral2/files/0x0008000000023475-5.dat	upx
behavioral2/memory/232-66-0x00007FF75FB70000-0x00007FF75FF62000-memory.dmp	upx
behavioral2/files/0x000700000002348c-95.dat	upx
behavioral2/files/0x000700000002348b-139.dat	upx
behavioral2/files/0x00070000000234a1-208.dat	upx
behavioral2/memory/4424-666-0x00007FF640AB0000-0x00007FF640EA2000-memory.dmp	upx
behavioral2/memory/2228-673-0x00007FF67BD10000-0x00007FF67C102000-memory.dmp	upx
behavioral2/memory/3268-676-0x00007FF64DD70000-0x00007FF64E162000-memory.dmp	upx
behavioral2/memory/3844-675-0x00007FF79CBD0000-0x00007FF79CFC2000-memory.dmp	upx
behavioral2/memory/3840-674-0x00007FF7E9150000-0x00007FF7E9542000-memory.dmp	upx
behavioral2/memory/1756-672-0x00007FF608230000-0x00007FF608622000-memory.dmp	upx
behavioral2/memory/4988-671-0x00007FF7A3DD0000-0x00007FF7A41C2000-memory.dmp	upx
behavioral2/memory/4152-670-0x00007FF691AB0000-0x00007FF691EA2000-memory.dmp	upx
behavioral2/memory/3096-669-0x00007FF66CCF0000-0x00007FF66D0E2000-memory.dmp	upx
behavioral2/memory/4960-668-0x00007FF7F1890000-0x00007FF7F1C82000-memory.dmp	upx
behavioral2/memory/1096-667-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp	upx
behavioral2/memory/1420-665-0x00007FF68BCA0000-0x00007FF68C092000-memory.dmp	upx
behavioral2/memory/1932-637-0x00007FF6EE6B0000-0x00007FF6EEAA2000-memory.dmp	upx
behavioral2/memory/3220-561-0x00007FF689A30000-0x00007FF689E22000-memory.dmp	upx
behavioral2/memory/5012-431-0x00007FF61D340000-0x00007FF61D732000-memory.dmp	upx
behavioral2/memory/2324-321-0x00007FF6C4D00000-0x00007FF6C50F2000-memory.dmp	upx
behavioral2/memory/4948-280-0x00007FF7B6650000-0x00007FF7B6A42000-memory.dmp	upx
behavioral2/memory/2336-279-0x00007FF760EC0000-0x00007FF7612B2000-memory.dmp	upx
behavioral2/memory/2532-219-0x00007FF6A4440000-0x00007FF6A4832000-memory.dmp	upx
behavioral2/files/0x00070000000234a2-209.dat	upx
behavioral2/files/0x0007000000023492-200.dat	upx
behavioral2/files/0x000700000002348a-197.dat	upx
behavioral2/files/0x0007000000023484-190.dat	upx
behavioral2/files/0x0007000000023483-187.dat	upx
behavioral2/files/0x0007000000023488-186.dat	upx
behavioral2/files/0x000700000002349f-185.dat	upx
behavioral2/files/0x000700000002349e-182.dat	upx
behavioral2/files/0x000700000002349d-181.dat	upx
behavioral2/files/0x0007000000023482-180.dat	upx
behavioral2/files/0x0007000000023490-174.dat	upx
behavioral2/files/0x000700000002349b-173.dat	upx
behavioral2/files/0x000700000002349a-169.dat	upx
behavioral2/files/0x0007000000023487-163.dat	upx
behavioral2/files/0x0007000000023499-162.dat	upx
behavioral2/files/0x0007000000023498-154.dat	upx
behavioral2/files/0x000700000002348e-152.dat	upx
behavioral2/files/0x0007000000023497-150.dat	upx
behavioral2/memory/636-149-0x00007FF6C3F70000-0x00007FF6C4362000-memory.dmp	upx
behavioral2/files/0x0007000000023496-148.dat	upx
behavioral2/files/0x0007000000023495-147.dat	upx
behavioral2/files/0x0007000000023494-140.dat	upx
behavioral2/files/0x00070000000234a0-205.dat	upx
behavioral2/files/0x0007000000023493-136.dat	upx
behavioral2/files/0x0007000000023491-134.dat	upx
behavioral2/files/0x0007000000023481-126.dat	upx
behavioral2/files/0x0007000000023485-115.dat	upx
behavioral2/files/0x0007000000023486-112.dat	upx
behavioral2/files/0x000700000002348f-110.dat	upx
behavioral2/memory/216-100-0x00007FF72F1A0000-0x00007FF72F592000-memory.dmp	upx
behavioral2/files/0x000700000002348d-99.dat	upx
behavioral2/files/0x0007000000023489-86.dat	upx
behavioral2/files/0x0007000000023479-118.dat	upx
behavioral2/files/0x000700000002347d-79.dat	upx
behavioral2/files/0x000700000002347b-71.dat	upx
behavioral2/files/0x000700000002347f-49.dat	upx
behavioral2/files/0x000700000002347c-74.dat	upx
behavioral2/files/0x0007000000023480-45.dat	upx
behavioral2/memory/3584-38-0x00007FF73A210000-0x00007FF73A602000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FkiYkOY.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\fiOcvAV.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\iHxpeew.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\LjSUjuE.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\fBvDaXe.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\wnKfzTj.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\DdqQsWM.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\mvqXZqJ.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\IOwXBQO.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\tvEMbyy.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\nJKIAnI.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\rjRlIlj.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\ijLJlPo.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\lEtQUsl.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\isvMylY.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\rkrXubi.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\oWmaDEw.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\yUSGfyx.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\yhbiPvI.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\LsoxZbx.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\DOWKZhD.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\pDJrpFc.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\ohOxQTO.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\GOtDIEN.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\glgvLpl.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\azzwIbY.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\omDrcMR.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\EwyWapZ.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\BLDriQj.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\emnrrgs.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\iExHOhm.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\gzJutAb.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\twPSFnt.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\MfFObQl.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\WBZvvmD.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\vAcGWLg.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\THpckkP.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\IFTgiAj.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\DFSSiFq.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\OpBPvrT.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\TiGFAdc.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\bAqBtiU.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\DalLXId.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\zvrQmoI.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\LBIvsvs.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\zYuyxgS.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\vfZAgRk.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\KlkaFPM.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\EUbJynk.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\GvSaMii.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\bAiaKwC.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\DFQxKuo.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\ZfkNSgX.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\PUEMpfY.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\YJRmwgg.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\idWcWNt.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\MwSZzWD.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\VvXjYKC.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\LwoLvmO.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\EuOKDCC.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\WdYzGED.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\CRApaCp.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\VrXgZKf.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
File created	C:\Windows\System\aoTOYhe.exe	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3684	powershell.exe
3684	powershell.exe
3684	powershell.exe
3684	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
Token: SeDebugPrivilege	3684	powershell.exe
Token: SeLockMemoryPrivilege	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
Token: SeCreateGlobalPrivilege	2652	dwm.exe
Token: SeChangeNotifyPrivilege	2652	dwm.exe
Token: 33	2652	dwm.exe
Token: SeIncBasePriorityPrivilege	2652	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 3684	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	85
PID 1544 wrote to memory of 3684	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	85
PID 1544 wrote to memory of 2908	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	86
PID 1544 wrote to memory of 2908	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	86
PID 1544 wrote to memory of 636	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	87
PID 1544 wrote to memory of 636	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	87
PID 1544 wrote to memory of 3584	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	88
PID 1544 wrote to memory of 3584	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	88
PID 1544 wrote to memory of 232	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	89
PID 1544 wrote to memory of 232	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	89
PID 1544 wrote to memory of 216	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	90
PID 1544 wrote to memory of 216	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	90
PID 1544 wrote to memory of 2532	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	91
PID 1544 wrote to memory of 2532	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	91
PID 1544 wrote to memory of 2336	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	92
PID 1544 wrote to memory of 2336	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	92
PID 1544 wrote to memory of 3840	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	93
PID 1544 wrote to memory of 3840	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	93
PID 1544 wrote to memory of 4948	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	94
PID 1544 wrote to memory of 4948	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	94
PID 1544 wrote to memory of 2324	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	95
PID 1544 wrote to memory of 2324	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	95
PID 1544 wrote to memory of 5012	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	96
PID 1544 wrote to memory of 5012	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	96
PID 1544 wrote to memory of 3220	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	97
PID 1544 wrote to memory of 3220	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	97
PID 1544 wrote to memory of 1932	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	98
PID 1544 wrote to memory of 1932	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	98
PID 1544 wrote to memory of 1420	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	99
PID 1544 wrote to memory of 1420	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	99
PID 1544 wrote to memory of 2228	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	100
PID 1544 wrote to memory of 2228	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	100
PID 1544 wrote to memory of 3844	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	101
PID 1544 wrote to memory of 3844	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	101
PID 1544 wrote to memory of 4424	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	102
PID 1544 wrote to memory of 4424	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	102
PID 1544 wrote to memory of 1096	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	103
PID 1544 wrote to memory of 1096	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	103
PID 1544 wrote to memory of 4960	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	104
PID 1544 wrote to memory of 4960	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	104
PID 1544 wrote to memory of 3096	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	105
PID 1544 wrote to memory of 3096	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	105
PID 1544 wrote to memory of 4152	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	106
PID 1544 wrote to memory of 4152	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	106
PID 1544 wrote to memory of 4988	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	107
PID 1544 wrote to memory of 4988	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	107
PID 1544 wrote to memory of 3268	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	108
PID 1544 wrote to memory of 3268	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	108
PID 1544 wrote to memory of 1756	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	109
PID 1544 wrote to memory of 1756	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	109
PID 1544 wrote to memory of 928	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	110
PID 1544 wrote to memory of 928	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	110
PID 1544 wrote to memory of 4836	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	111
PID 1544 wrote to memory of 4836	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	111
PID 1544 wrote to memory of 4880	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	112
PID 1544 wrote to memory of 4880	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	112
PID 1544 wrote to memory of 3004	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	113
PID 1544 wrote to memory of 3004	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	113
PID 1544 wrote to memory of 2208	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	114
PID 1544 wrote to memory of 2208	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	114
PID 1544 wrote to memory of 2128	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	115
PID 1544 wrote to memory of 2128	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	115
PID 1544 wrote to memory of 4752	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	116
PID 1544 wrote to memory of 4752	1544	65d1d7e5d1a6a9111f462e0f092cf5f0N.exe	116

C:\Users\Admin\AppData\Local\Temp\65d1d7e5d1a6a9111f462e0f092cf5f0N.exe
"C:\Users\Admin\AppData\Local\Temp\65d1d7e5d1a6a9111f462e0f092cf5f0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3684
- C:\Windows\System\nrbTAsG.exe
  C:\Windows\System\nrbTAsG.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\lYQNdaL.exe
  C:\Windows\System\lYQNdaL.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\brpDree.exe
  C:\Windows\System\brpDree.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\yBFjfyL.exe
  C:\Windows\System\yBFjfyL.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\GWlxnQo.exe
  C:\Windows\System\GWlxnQo.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\DmpQQOg.exe
  C:\Windows\System\DmpQQOg.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\udcfTji.exe
  C:\Windows\System\udcfTji.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\NaDEiJN.exe
  C:\Windows\System\NaDEiJN.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\edQKBgs.exe
  C:\Windows\System\edQKBgs.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\SzcjFHg.exe
  C:\Windows\System\SzcjFHg.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\BNNpCpe.exe
  C:\Windows\System\BNNpCpe.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\vnvISyX.exe
  C:\Windows\System\vnvISyX.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\AYTAdMc.exe
  C:\Windows\System\AYTAdMc.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\BQWLaLq.exe
  C:\Windows\System\BQWLaLq.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\eeOvSpD.exe
  C:\Windows\System\eeOvSpD.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\rVZAanE.exe
  C:\Windows\System\rVZAanE.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\ruSQfWa.exe
  C:\Windows\System\ruSQfWa.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\kMkVGnM.exe
  C:\Windows\System\kMkVGnM.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\avTuksH.exe
  C:\Windows\System\avTuksH.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\jRDELci.exe
  C:\Windows\System\jRDELci.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\zuvTjKs.exe
  C:\Windows\System\zuvTjKs.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\uGYiAYv.exe
  C:\Windows\System\uGYiAYv.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\vXathJU.exe
  C:\Windows\System\vXathJU.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\VxKRXjI.exe
  C:\Windows\System\VxKRXjI.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\Vlliega.exe
  C:\Windows\System\Vlliega.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\LqqDApX.exe
  C:\Windows\System\LqqDApX.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\DKPNzdS.exe
  C:\Windows\System\DKPNzdS.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\NCxnwiN.exe
  C:\Windows\System\NCxnwiN.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\drKPEcU.exe
  C:\Windows\System\drKPEcU.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\KYpHwrU.exe
  C:\Windows\System\KYpHwrU.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\jLJJhcn.exe
  C:\Windows\System\jLJJhcn.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\hWzhoDl.exe
  C:\Windows\System\hWzhoDl.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\PzTkyLe.exe
  C:\Windows\System\PzTkyLe.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\EwtnOVi.exe
  C:\Windows\System\EwtnOVi.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\BoCCoKd.exe
  C:\Windows\System\BoCCoKd.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\KTmQWQN.exe
  C:\Windows\System\KTmQWQN.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\ebhUYjk.exe
  C:\Windows\System\ebhUYjk.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\jucwnsG.exe
  C:\Windows\System\jucwnsG.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\skSHBDq.exe
  C:\Windows\System\skSHBDq.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\yViJYhc.exe
  C:\Windows\System\yViJYhc.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\NkEWmcQ.exe
  C:\Windows\System\NkEWmcQ.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\DhRfaZs.exe
  C:\Windows\System\DhRfaZs.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\QGqfPun.exe
  C:\Windows\System\QGqfPun.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\MqnvtwE.exe
  C:\Windows\System\MqnvtwE.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\sRbhIGO.exe
  C:\Windows\System\sRbhIGO.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\tSOdgjY.exe
  C:\Windows\System\tSOdgjY.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\tKJjNaN.exe
  C:\Windows\System\tKJjNaN.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\poRIyQV.exe
  C:\Windows\System\poRIyQV.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\JeGxJGv.exe
  C:\Windows\System\JeGxJGv.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\DOWKZhD.exe
  C:\Windows\System\DOWKZhD.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\NWutTcl.exe
  C:\Windows\System\NWutTcl.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\lMlqKQK.exe
  C:\Windows\System\lMlqKQK.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\QcdCYbR.exe
  C:\Windows\System\QcdCYbR.exe
  2⤵
  PID:560
- C:\Windows\System\ctjmbMN.exe
  C:\Windows\System\ctjmbMN.exe
  2⤵
  PID:3960
- C:\Windows\System\YKzaioz.exe
  C:\Windows\System\YKzaioz.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\ihaaLuY.exe
  C:\Windows\System\ihaaLuY.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\iHthzUG.exe
  C:\Windows\System\iHthzUG.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\QHXcPTV.exe
  C:\Windows\System\QHXcPTV.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\xLkAmbg.exe
  C:\Windows\System\xLkAmbg.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\fsKJnwT.exe
  C:\Windows\System\fsKJnwT.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\SxuDVhG.exe
  C:\Windows\System\SxuDVhG.exe
  2⤵
  PID:1164
- C:\Windows\System\zevYQou.exe
  C:\Windows\System\zevYQou.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\HTphDqV.exe
  C:\Windows\System\HTphDqV.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\kmFIgfI.exe
  C:\Windows\System\kmFIgfI.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\oQRzFdo.exe
  C:\Windows\System\oQRzFdo.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\bzcAprv.exe
  C:\Windows\System\bzcAprv.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\gYERQgn.exe
  C:\Windows\System\gYERQgn.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\KRwqBdJ.exe
  C:\Windows\System\KRwqBdJ.exe
  2⤵
  PID:3420
- C:\Windows\System\JXCaBro.exe
  C:\Windows\System\JXCaBro.exe
  2⤵
  PID:5028
- C:\Windows\System\rmhRvqN.exe
  C:\Windows\System\rmhRvqN.exe
  2⤵
  PID:5044
- C:\Windows\System\IPoPXjz.exe
  C:\Windows\System\IPoPXjz.exe
  2⤵
  PID:2724
- C:\Windows\System\BYhcRVT.exe
  C:\Windows\System\BYhcRVT.exe
  2⤵
  PID:3616
- C:\Windows\System\CZWkcdb.exe
  C:\Windows\System\CZWkcdb.exe
  2⤵
  PID:780
- C:\Windows\System\hSATgxA.exe
  C:\Windows\System\hSATgxA.exe
  2⤵
  PID:4420
- C:\Windows\System\FFijIox.exe
  C:\Windows\System\FFijIox.exe
  2⤵
  PID:3136
- C:\Windows\System\gKPHLEy.exe
  C:\Windows\System\gKPHLEy.exe
  2⤵
  PID:3568
- C:\Windows\System\FRkBHHx.exe
  C:\Windows\System\FRkBHHx.exe
  2⤵
  PID:1588
- C:\Windows\System\LqIQwvJ.exe
  C:\Windows\System\LqIQwvJ.exe
  2⤵
  PID:4280
- C:\Windows\System\hBkGmsT.exe
  C:\Windows\System\hBkGmsT.exe
  2⤵
  PID:1260
- C:\Windows\System\skfZgdC.exe
  C:\Windows\System\skfZgdC.exe
  2⤵
  PID:2844
- C:\Windows\System\phWmlEL.exe
  C:\Windows\System\phWmlEL.exe
  2⤵
  PID:1204
- C:\Windows\System\bEPxHLf.exe
  C:\Windows\System\bEPxHLf.exe
  2⤵
  PID:1776
- C:\Windows\System\zLjfJru.exe
  C:\Windows\System\zLjfJru.exe
  2⤵
  PID:516
- C:\Windows\System\tSqHnlw.exe
  C:\Windows\System\tSqHnlw.exe
  2⤵
  PID:4848
- C:\Windows\System\LbBJWvV.exe
  C:\Windows\System\LbBJWvV.exe
  2⤵
  PID:5132
- C:\Windows\System\bzxBrxa.exe
  C:\Windows\System\bzxBrxa.exe
  2⤵
  PID:5156
- C:\Windows\System\OgVIzjh.exe
  C:\Windows\System\OgVIzjh.exe
  2⤵
  PID:5176
- C:\Windows\System\vMDCIKp.exe
  C:\Windows\System\vMDCIKp.exe
  2⤵
  PID:5208
- C:\Windows\System\DkqLjLv.exe
  C:\Windows\System\DkqLjLv.exe
  2⤵
  PID:5224
- C:\Windows\System\wTdMaXD.exe
  C:\Windows\System\wTdMaXD.exe
  2⤵
  PID:5240
- C:\Windows\System\FcHYEAF.exe
  C:\Windows\System\FcHYEAF.exe
  2⤵
  PID:5264
- C:\Windows\System\asEleWv.exe
  C:\Windows\System\asEleWv.exe
  2⤵
  PID:5284
- C:\Windows\System\UAessag.exe
  C:\Windows\System\UAessag.exe
  2⤵
  PID:5308
- C:\Windows\System\SAeHEEH.exe
  C:\Windows\System\SAeHEEH.exe
  2⤵
  PID:5332
- C:\Windows\System\HEtChTJ.exe
  C:\Windows\System\HEtChTJ.exe
  2⤵
  PID:5352
- C:\Windows\System\TlDmXAh.exe
  C:\Windows\System\TlDmXAh.exe
  2⤵
  PID:5368
- C:\Windows\System\EyMDMjw.exe
  C:\Windows\System\EyMDMjw.exe
  2⤵
  PID:5396
- C:\Windows\System\iqoBTWh.exe
  C:\Windows\System\iqoBTWh.exe
  2⤵
  PID:5412
- C:\Windows\System\XwoLicr.exe
  C:\Windows\System\XwoLicr.exe
  2⤵
  PID:5436
- C:\Windows\System\FNfBYpp.exe
  C:\Windows\System\FNfBYpp.exe
  2⤵
  PID:5460
- C:\Windows\System\gWLzdlh.exe
  C:\Windows\System\gWLzdlh.exe
  2⤵
  PID:5536
- C:\Windows\System\fHWHmnV.exe
  C:\Windows\System\fHWHmnV.exe
  2⤵
  PID:5556
- C:\Windows\System\XuuTHxw.exe
  C:\Windows\System\XuuTHxw.exe
  2⤵
  PID:5576
- C:\Windows\System\riskodC.exe
  C:\Windows\System\riskodC.exe
  2⤵
  PID:5596
- C:\Windows\System\TwXQfrT.exe
  C:\Windows\System\TwXQfrT.exe
  2⤵
  PID:5616
- C:\Windows\System\stdQchS.exe
  C:\Windows\System\stdQchS.exe
  2⤵
  PID:5632
- C:\Windows\System\ObImsOg.exe
  C:\Windows\System\ObImsOg.exe
  2⤵
  PID:5656
- C:\Windows\System\GqPrgPQ.exe
  C:\Windows\System\GqPrgPQ.exe
  2⤵
  PID:5672
- C:\Windows\System\GQPUnKi.exe
  C:\Windows\System\GQPUnKi.exe
  2⤵
  PID:5704
- C:\Windows\System\xnUSpLM.exe
  C:\Windows\System\xnUSpLM.exe
  2⤵
  PID:5724
- C:\Windows\System\DHxohHQ.exe
  C:\Windows\System\DHxohHQ.exe
  2⤵
  PID:5740
- C:\Windows\System\glgvLpl.exe
  C:\Windows\System\glgvLpl.exe
  2⤵
  PID:5796
- C:\Windows\System\eXJTjbm.exe
  C:\Windows\System\eXJTjbm.exe
  2⤵
  PID:5816
- C:\Windows\System\qUzCsdm.exe
  C:\Windows\System\qUzCsdm.exe
  2⤵
  PID:5832
- C:\Windows\System\eNtGhmL.exe
  C:\Windows\System\eNtGhmL.exe
  2⤵
  PID:5848
- C:\Windows\System\jvZXXQC.exe
  C:\Windows\System\jvZXXQC.exe
  2⤵
  PID:5872
- C:\Windows\System\SHUFRPZ.exe
  C:\Windows\System\SHUFRPZ.exe
  2⤵
  PID:5888
- C:\Windows\System\oMKcCgv.exe
  C:\Windows\System\oMKcCgv.exe
  2⤵
  PID:5912
- C:\Windows\System\VEyNOOB.exe
  C:\Windows\System\VEyNOOB.exe
  2⤵
  PID:5936
- C:\Windows\System\cTKOtNs.exe
  C:\Windows\System\cTKOtNs.exe
  2⤵
  PID:5952
- C:\Windows\System\RyTeagp.exe
  C:\Windows\System\RyTeagp.exe
  2⤵
  PID:5976
- C:\Windows\System\fRnjtPH.exe
  C:\Windows\System\fRnjtPH.exe
  2⤵
  PID:5996
- C:\Windows\System\eSBBmrl.exe
  C:\Windows\System\eSBBmrl.exe
  2⤵
  PID:6012
- C:\Windows\System\GeVADMZ.exe
  C:\Windows\System\GeVADMZ.exe
  2⤵
  PID:6032
- C:\Windows\System\IgdndAF.exe
  C:\Windows\System\IgdndAF.exe
  2⤵
  PID:6056
- C:\Windows\System\UuwpoSJ.exe
  C:\Windows\System\UuwpoSJ.exe
  2⤵
  PID:6072
- C:\Windows\System\WyPkgkm.exe
  C:\Windows\System\WyPkgkm.exe
  2⤵
  PID:6104
- C:\Windows\System\sCNGxKe.exe
  C:\Windows\System\sCNGxKe.exe
  2⤵
  PID:3176
- C:\Windows\System\vhgZDtN.exe
  C:\Windows\System\vhgZDtN.exe
  2⤵
  PID:2664
- C:\Windows\System\lQODXjy.exe
  C:\Windows\System\lQODXjy.exe
  2⤵
  PID:1684
- C:\Windows\System\moKOUCI.exe
  C:\Windows\System\moKOUCI.exe
  2⤵
  PID:4244
- C:\Windows\System\wifFrqn.exe
  C:\Windows\System\wifFrqn.exe
  2⤵
  PID:852
- C:\Windows\System\CTELFPQ.exe
  C:\Windows\System\CTELFPQ.exe
  2⤵
  PID:824
- C:\Windows\System\WdYzGED.exe
  C:\Windows\System\WdYzGED.exe
  2⤵
  PID:1264
- C:\Windows\System\NJknjpC.exe
  C:\Windows\System\NJknjpC.exe
  2⤵
  PID:5032
- C:\Windows\System\OtJnCRo.exe
  C:\Windows\System\OtJnCRo.exe
  2⤵
  PID:3164
- C:\Windows\System\Fikujdj.exe
  C:\Windows\System\Fikujdj.exe
  2⤵
  PID:4052
- C:\Windows\System\cIhtifs.exe
  C:\Windows\System\cIhtifs.exe
  2⤵
  PID:892
- C:\Windows\System\mExUUKM.exe
  C:\Windows\System\mExUUKM.exe
  2⤵
  PID:5432
- C:\Windows\System\ClnrARa.exe
  C:\Windows\System\ClnrARa.exe
  2⤵
  PID:4608
- C:\Windows\System\fvzQTqp.exe
  C:\Windows\System\fvzQTqp.exe
  2⤵
  PID:4508
- C:\Windows\System\AbKWwEG.exe
  C:\Windows\System\AbKWwEG.exe
  2⤵
  PID:3756
- C:\Windows\System\TAhxCoo.exe
  C:\Windows\System\TAhxCoo.exe
  2⤵
  PID:2124
- C:\Windows\System\KGXWooP.exe
  C:\Windows\System\KGXWooP.exe
  2⤵
  PID:2700
- C:\Windows\System\RVCqEcF.exe
  C:\Windows\System\RVCqEcF.exe
  2⤵
  PID:6156
- C:\Windows\System\OCPIrSx.exe
  C:\Windows\System\OCPIrSx.exe
  2⤵
  PID:6176
- C:\Windows\System\IcFqAqc.exe
  C:\Windows\System\IcFqAqc.exe
  2⤵
  PID:6192
- C:\Windows\System\yjwDxBf.exe
  C:\Windows\System\yjwDxBf.exe
  2⤵
  PID:6216
- C:\Windows\System\zHldfNb.exe
  C:\Windows\System\zHldfNb.exe
  2⤵
  PID:6240
- C:\Windows\System\mMaqMwj.exe
  C:\Windows\System\mMaqMwj.exe
  2⤵
  PID:6260
- C:\Windows\System\ZVEAabk.exe
  C:\Windows\System\ZVEAabk.exe
  2⤵
  PID:6284
- C:\Windows\System\hZONeBl.exe
  C:\Windows\System\hZONeBl.exe
  2⤵
  PID:6304
- C:\Windows\System\DQPFEET.exe
  C:\Windows\System\DQPFEET.exe
  2⤵
  PID:6324
- C:\Windows\System\quWADpj.exe
  C:\Windows\System\quWADpj.exe
  2⤵
  PID:6344
- C:\Windows\System\kYdmbSc.exe
  C:\Windows\System\kYdmbSc.exe
  2⤵
  PID:6368
- C:\Windows\System\zGHJCsm.exe
  C:\Windows\System\zGHJCsm.exe
  2⤵
  PID:6384
- C:\Windows\System\HHnwiVz.exe
  C:\Windows\System\HHnwiVz.exe
  2⤵
  PID:6400
- C:\Windows\System\AEiouPY.exe
  C:\Windows\System\AEiouPY.exe
  2⤵
  PID:6420
- C:\Windows\System\JVJYCcB.exe
  C:\Windows\System\JVJYCcB.exe
  2⤵
  PID:6452
- C:\Windows\System\JOgWzVM.exe
  C:\Windows\System\JOgWzVM.exe
  2⤵
  PID:6472
- C:\Windows\System\vWggqyz.exe
  C:\Windows\System\vWggqyz.exe
  2⤵
  PID:6492
- C:\Windows\System\EGxzjnp.exe
  C:\Windows\System\EGxzjnp.exe
  2⤵
  PID:6516
- C:\Windows\System\BaUojug.exe
  C:\Windows\System\BaUojug.exe
  2⤵
  PID:6532
- C:\Windows\System\ecvbiNH.exe
  C:\Windows\System\ecvbiNH.exe
  2⤵
  PID:6556
- C:\Windows\System\iHSqRLf.exe
  C:\Windows\System\iHSqRLf.exe
  2⤵
  PID:6576
- C:\Windows\System\VgXEZZi.exe
  C:\Windows\System\VgXEZZi.exe
  2⤵
  PID:6596
- C:\Windows\System\poCEiYo.exe
  C:\Windows\System\poCEiYo.exe
  2⤵
  PID:6612
- C:\Windows\System\UFjPOhL.exe
  C:\Windows\System\UFjPOhL.exe
  2⤵
  PID:6628
- C:\Windows\System\LBIvsvs.exe
  C:\Windows\System\LBIvsvs.exe
  2⤵
  PID:6644
- C:\Windows\System\OfQIVJI.exe
  C:\Windows\System\OfQIVJI.exe
  2⤵
  PID:6668
- C:\Windows\System\lbPMATF.exe
  C:\Windows\System\lbPMATF.exe
  2⤵
  PID:6684
- C:\Windows\System\uZGULdB.exe
  C:\Windows\System\uZGULdB.exe
  2⤵
  PID:6704
- C:\Windows\System\QKhzJNC.exe
  C:\Windows\System\QKhzJNC.exe
  2⤵
  PID:6728
- C:\Windows\System\XYidHOa.exe
  C:\Windows\System\XYidHOa.exe
  2⤵
  PID:6744
- C:\Windows\System\sUUWVns.exe
  C:\Windows\System\sUUWVns.exe
  2⤵
  PID:6768
- C:\Windows\System\MEkdXSs.exe
  C:\Windows\System\MEkdXSs.exe
  2⤵
  PID:6788
- C:\Windows\System\CJjtPGs.exe
  C:\Windows\System\CJjtPGs.exe
  2⤵
  PID:6804
- C:\Windows\System\tFKNtgk.exe
  C:\Windows\System\tFKNtgk.exe
  2⤵
  PID:6828
- C:\Windows\System\rBFZixZ.exe
  C:\Windows\System\rBFZixZ.exe
  2⤵
  PID:6844
- C:\Windows\System\jKyWtXs.exe
  C:\Windows\System\jKyWtXs.exe
  2⤵
  PID:6868
- C:\Windows\System\lXVLlqM.exe
  C:\Windows\System\lXVLlqM.exe
  2⤵
  PID:6888
- C:\Windows\System\SAVbDem.exe
  C:\Windows\System\SAVbDem.exe
  2⤵
  PID:6912
- C:\Windows\System\dhchvLc.exe
  C:\Windows\System\dhchvLc.exe
  2⤵
  PID:6932
- C:\Windows\System\GnLJZok.exe
  C:\Windows\System\GnLJZok.exe
  2⤵
  PID:6956
- C:\Windows\System\vJjoRqx.exe
  C:\Windows\System\vJjoRqx.exe
  2⤵
  PID:6972
- C:\Windows\System\zRVFgTc.exe
  C:\Windows\System\zRVFgTc.exe
  2⤵
  PID:6992
- C:\Windows\System\nXEBVEt.exe
  C:\Windows\System\nXEBVEt.exe
  2⤵
  PID:7016
- C:\Windows\System\MdnQtfi.exe
  C:\Windows\System\MdnQtfi.exe
  2⤵
  PID:7032
- C:\Windows\System\cvFzlOw.exe
  C:\Windows\System\cvFzlOw.exe
  2⤵
  PID:7088
- C:\Windows\System\giJbDOr.exe
  C:\Windows\System\giJbDOr.exe
  2⤵
  PID:7112
- C:\Windows\System\kVQwhYU.exe
  C:\Windows\System\kVQwhYU.exe
  2⤵
  PID:7136
- C:\Windows\System\EJXIZdr.exe
  C:\Windows\System\EJXIZdr.exe
  2⤵
  PID:7152
- C:\Windows\System\SblQpuO.exe
  C:\Windows\System\SblQpuO.exe
  2⤵
  PID:2428
- C:\Windows\System\kIVMgIR.exe
  C:\Windows\System\kIVMgIR.exe
  2⤵
  PID:3036
- C:\Windows\System\ANwSaIR.exe
  C:\Windows\System\ANwSaIR.exe
  2⤵
  PID:5360
- C:\Windows\System\xMtymJM.exe
  C:\Windows\System\xMtymJM.exe
  2⤵
  PID:5720
- C:\Windows\System\exFrULv.exe
  C:\Windows\System\exFrULv.exe
  2⤵
  PID:5776
- C:\Windows\System\XdGexlz.exe
  C:\Windows\System\XdGexlz.exe
  2⤵
  PID:5844
- C:\Windows\System\QwUNpmn.exe
  C:\Windows\System\QwUNpmn.exe
  2⤵
  PID:5920
- C:\Windows\System\EDPVWpi.exe
  C:\Windows\System\EDPVWpi.exe
  2⤵
  PID:3360
- C:\Windows\System\KGCSKKg.exe
  C:\Windows\System\KGCSKKg.exe
  2⤵
  PID:6040
- C:\Windows\System\kzdLqJr.exe
  C:\Windows\System\kzdLqJr.exe
  2⤵
  PID:3312
- C:\Windows\System\HwZXgZX.exe
  C:\Windows\System\HwZXgZX.exe
  2⤵
  PID:4956
- C:\Windows\System\oBCElTc.exe
  C:\Windows\System\oBCElTc.exe
  2⤵
  PID:6152
- C:\Windows\System\esgWiWZ.exe
  C:\Windows\System\esgWiWZ.exe
  2⤵
  PID:5000
- C:\Windows\System\zQbOUAZ.exe
  C:\Windows\System\zQbOUAZ.exe
  2⤵
  PID:5528
- C:\Windows\System\PjDaynr.exe
  C:\Windows\System\PjDaynr.exe
  2⤵
  PID:5568
- C:\Windows\System\AGslLXo.exe
  C:\Windows\System\AGslLXo.exe
  2⤵
  PID:7108
- C:\Windows\System\ocSTPSl.exe
  C:\Windows\System\ocSTPSl.exe
  2⤵
  PID:6860
- C:\Windows\System\yWRPGWD.exe
  C:\Windows\System\yWRPGWD.exe
  2⤵
  PID:6756
- C:\Windows\System\lAchety.exe
  C:\Windows\System\lAchety.exe
  2⤵
  PID:6540
- C:\Windows\System\pIKkLSI.exe
  C:\Windows\System\pIKkLSI.exe
  2⤵
  PID:6464
- C:\Windows\System\EUbJynk.exe
  C:\Windows\System\EUbJynk.exe
  2⤵
  PID:6336
- C:\Windows\System\YCPwQNp.exe
  C:\Windows\System\YCPwQNp.exe
  2⤵
  PID:3784
- C:\Windows\System\uqrBSNw.exe
  C:\Windows\System\uqrBSNw.exe
  2⤵
  PID:6168
- C:\Windows\System\cUOcYkG.exe
  C:\Windows\System\cUOcYkG.exe
  2⤵
  PID:7180
- C:\Windows\System\OrDgWfQ.exe
  C:\Windows\System\OrDgWfQ.exe
  2⤵
  PID:7204
- C:\Windows\System\EnFwSre.exe
  C:\Windows\System\EnFwSre.exe
  2⤵
  PID:7220
- C:\Windows\System\HaBIxhy.exe
  C:\Windows\System\HaBIxhy.exe
  2⤵
  PID:7248
- C:\Windows\System\mNJRJUw.exe
  C:\Windows\System\mNJRJUw.exe
  2⤵
  PID:7264
- C:\Windows\System\zseMafd.exe
  C:\Windows\System\zseMafd.exe
  2⤵
  PID:7284
- C:\Windows\System\RRPHIcq.exe
  C:\Windows\System\RRPHIcq.exe
  2⤵
  PID:7304
- C:\Windows\System\eSwbAnq.exe
  C:\Windows\System\eSwbAnq.exe
  2⤵
  PID:7324
- C:\Windows\System\DezxnSX.exe
  C:\Windows\System\DezxnSX.exe
  2⤵
  PID:7344
- C:\Windows\System\sZUZEmb.exe
  C:\Windows\System\sZUZEmb.exe
  2⤵
  PID:7360
- C:\Windows\System\vJLJRLg.exe
  C:\Windows\System\vJLJRLg.exe
  2⤵
  PID:7620
- C:\Windows\System\ovOHSQh.exe
  C:\Windows\System\ovOHSQh.exe
  2⤵
  PID:7636
- C:\Windows\System\qwbLJbu.exe
  C:\Windows\System\qwbLJbu.exe
  2⤵
  PID:7652
- C:\Windows\System\emnrrgs.exe
  C:\Windows\System\emnrrgs.exe
  2⤵
  PID:7668
- C:\Windows\System\BCPCFlt.exe
  C:\Windows\System\BCPCFlt.exe
  2⤵
  PID:7684
- C:\Windows\System\uXFCeWW.exe
  C:\Windows\System\uXFCeWW.exe
  2⤵
  PID:7700
- C:\Windows\System\ejrELlk.exe
  C:\Windows\System\ejrELlk.exe
  2⤵
  PID:7716
- C:\Windows\System\WderaeH.exe
  C:\Windows\System\WderaeH.exe
  2⤵
  PID:7732
- C:\Windows\System\sMoXthp.exe
  C:\Windows\System\sMoXthp.exe
  2⤵
  PID:7748
- C:\Windows\System\YNcFvUV.exe
  C:\Windows\System\YNcFvUV.exe
  2⤵
  PID:7764
- C:\Windows\System\MwCKfsf.exe
  C:\Windows\System\MwCKfsf.exe
  2⤵
  PID:7780
- C:\Windows\System\LpsdNRO.exe
  C:\Windows\System\LpsdNRO.exe
  2⤵
  PID:7796
- C:\Windows\System\cCrFlaG.exe
  C:\Windows\System\cCrFlaG.exe
  2⤵
  PID:7812
- C:\Windows\System\ABYlyAR.exe
  C:\Windows\System\ABYlyAR.exe
  2⤵
  PID:7828
- C:\Windows\System\NlGmlHP.exe
  C:\Windows\System\NlGmlHP.exe
  2⤵
  PID:7844
- C:\Windows\System\ovNJurq.exe
  C:\Windows\System\ovNJurq.exe
  2⤵
  PID:7860
- C:\Windows\System\VADelsK.exe
  C:\Windows\System\VADelsK.exe
  2⤵
  PID:7876
- C:\Windows\System\lQDPBwP.exe
  C:\Windows\System\lQDPBwP.exe
  2⤵
  PID:7896
- C:\Windows\System\yVaWTzY.exe
  C:\Windows\System\yVaWTzY.exe
  2⤵
  PID:7912
- C:\Windows\System\oCfkwWD.exe
  C:\Windows\System\oCfkwWD.exe
  2⤵
  PID:7928
- C:\Windows\System\HLgfgKf.exe
  C:\Windows\System\HLgfgKf.exe
  2⤵
  PID:7028
- C:\Windows\System\bWPLJfG.exe
  C:\Windows\System\bWPLJfG.exe
  2⤵
  PID:7096
- C:\Windows\System\uVWLMjA.exe
  C:\Windows\System\uVWLMjA.exe
  2⤵
  PID:6980
- C:\Windows\System\EhogBbj.exe
  C:\Windows\System\EhogBbj.exe
  2⤵
  PID:1424
- C:\Windows\System\ovVqHfR.exe
  C:\Windows\System\ovVqHfR.exe
  2⤵
  PID:5296
- C:\Windows\System\NmYkSNi.exe
  C:\Windows\System\NmYkSNi.exe
  2⤵
  PID:5320
- C:\Windows\System\ATtpXNw.exe
  C:\Windows\System\ATtpXNw.exe
  2⤵
  PID:5364
- C:\Windows\System\YXXuPZP.exe
  C:\Windows\System\YXXuPZP.exe
  2⤵
  PID:6696
- C:\Windows\System\unhaUNW.exe
  C:\Windows\System\unhaUNW.exe
  2⤵
  PID:6392
- C:\Windows\System\kYVezKs.exe
  C:\Windows\System\kYVezKs.exe
  2⤵
  PID:7408
- C:\Windows\System\lCXdMcD.exe
  C:\Windows\System\lCXdMcD.exe
  2⤵
  PID:7176
- C:\Windows\System\jNPfQmi.exe
  C:\Windows\System\jNPfQmi.exe
  2⤵
  PID:7236
- C:\Windows\System\bZiRTRA.exe
  C:\Windows\System\bZiRTRA.exe
  2⤵
  PID:7276
- C:\Windows\System\fgxdPem.exe
  C:\Windows\System\fgxdPem.exe
  2⤵
  PID:7316
- C:\Windows\System\olLYJum.exe
  C:\Windows\System\olLYJum.exe
  2⤵
  PID:1492
- C:\Windows\System\IOOuyzy.exe
  C:\Windows\System\IOOuyzy.exe
  2⤵
  PID:8156
- C:\Windows\System\zAxHtMM.exe
  C:\Windows\System\zAxHtMM.exe
  2⤵
  PID:8200
- C:\Windows\System\OWbonlC.exe
  C:\Windows\System\OWbonlC.exe
  2⤵
  PID:8216
- C:\Windows\System\aoTOYhe.exe
  C:\Windows\System\aoTOYhe.exe
  2⤵
  PID:8236
- C:\Windows\System\qmnWHmU.exe
  C:\Windows\System\qmnWHmU.exe
  2⤵
  PID:8256
- C:\Windows\System\VRyYtru.exe
  C:\Windows\System\VRyYtru.exe
  2⤵
  PID:8272
- C:\Windows\System\xvvKNAR.exe
  C:\Windows\System\xvvKNAR.exe
  2⤵
  PID:8292
- C:\Windows\System\YsJvsAD.exe
  C:\Windows\System\YsJvsAD.exe
  2⤵
  PID:8312
- C:\Windows\System\JDeAgGA.exe
  C:\Windows\System\JDeAgGA.exe
  2⤵
  PID:8328
- C:\Windows\System\teIiQVN.exe
  C:\Windows\System\teIiQVN.exe
  2⤵
  PID:8348
- C:\Windows\System\beHbYHn.exe
  C:\Windows\System\beHbYHn.exe
  2⤵
  PID:8364
- C:\Windows\System\TVjUFaA.exe
  C:\Windows\System\TVjUFaA.exe
  2⤵
  PID:8384
- C:\Windows\System\eEmFnij.exe
  C:\Windows\System\eEmFnij.exe
  2⤵
  PID:8404
- C:\Windows\System\XAkonqp.exe
  C:\Windows\System\XAkonqp.exe
  2⤵
  PID:8432
- C:\Windows\System\Dytvecj.exe
  C:\Windows\System\Dytvecj.exe
  2⤵
  PID:8448
- C:\Windows\System\HVwuRqW.exe
  C:\Windows\System\HVwuRqW.exe
  2⤵
  PID:8508
- C:\Windows\System\hUWIsxZ.exe
  C:\Windows\System\hUWIsxZ.exe
  2⤵
  PID:8528
- C:\Windows\System\BknOusp.exe
  C:\Windows\System\BknOusp.exe
  2⤵
  PID:8548
- C:\Windows\System\iExHOhm.exe
  C:\Windows\System\iExHOhm.exe
  2⤵
  PID:8564
- C:\Windows\System\XZgSsYF.exe
  C:\Windows\System\XZgSsYF.exe
  2⤵
  PID:8596
- C:\Windows\System\AiocIxH.exe
  C:\Windows\System\AiocIxH.exe
  2⤵
  PID:8624
- C:\Windows\System\PGtmQtd.exe
  C:\Windows\System\PGtmQtd.exe
  2⤵
  PID:8692
- C:\Windows\System\PHeIpIY.exe
  C:\Windows\System\PHeIpIY.exe
  2⤵
  PID:8712
- C:\Windows\System\snbreWP.exe
  C:\Windows\System\snbreWP.exe
  2⤵
  PID:8732
- C:\Windows\System\nnveqig.exe
  C:\Windows\System\nnveqig.exe
  2⤵
  PID:8748
- C:\Windows\System\xxTODPq.exe
  C:\Windows\System\xxTODPq.exe
  2⤵
  PID:8768
- C:\Windows\System\eYbDXFh.exe
  C:\Windows\System\eYbDXFh.exe
  2⤵
  PID:8784
- C:\Windows\System\GMngdfp.exe
  C:\Windows\System\GMngdfp.exe
  2⤵
  PID:8944
- C:\Windows\System\xxvrwhl.exe
  C:\Windows\System\xxvrwhl.exe
  2⤵
  PID:8964
- C:\Windows\System\bxHRCof.exe
  C:\Windows\System\bxHRCof.exe
  2⤵
  PID:8980
- C:\Windows\System\rVNmEap.exe
  C:\Windows\System\rVNmEap.exe
  2⤵
  PID:8996
- C:\Windows\System\VbTPRUT.exe
  C:\Windows\System\VbTPRUT.exe
  2⤵
  PID:9012
- C:\Windows\System\FkiYkOY.exe
  C:\Windows\System\FkiYkOY.exe
  2⤵
  PID:9028
- C:\Windows\System\RkrRCyB.exe
  C:\Windows\System\RkrRCyB.exe
  2⤵
  PID:9044
- C:\Windows\System\BZUaSKZ.exe
  C:\Windows\System\BZUaSKZ.exe
  2⤵
  PID:9060
- C:\Windows\System\BjqJbhN.exe
  C:\Windows\System\BjqJbhN.exe
  2⤵
  PID:9076
- C:\Windows\System\fqbUgzT.exe
  C:\Windows\System\fqbUgzT.exe
  2⤵
  PID:9092
- C:\Windows\System\zuGJcBW.exe
  C:\Windows\System\zuGJcBW.exe
  2⤵
  PID:9108
- C:\Windows\System\dJrmcRB.exe
  C:\Windows\System\dJrmcRB.exe
  2⤵
  PID:9124
- C:\Windows\System\CQdQfek.exe
  C:\Windows\System\CQdQfek.exe
  2⤵
  PID:9140
- C:\Windows\System\rjJDUVJ.exe
  C:\Windows\System\rjJDUVJ.exe
  2⤵
  PID:9160
- C:\Windows\System\XbARspL.exe
  C:\Windows\System\XbARspL.exe
  2⤵
  PID:9180
- C:\Windows\System\XSClfYE.exe
  C:\Windows\System\XSClfYE.exe
  2⤵
  PID:9200
- C:\Windows\System\awSqukZ.exe
  C:\Windows\System\awSqukZ.exe
  2⤵
  PID:6784
- C:\Windows\System\hwShvbf.exe
  C:\Windows\System\hwShvbf.exe
  2⤵
  PID:8264
- C:\Windows\System\yJFLDAU.exe
  C:\Windows\System\yJFLDAU.exe
  2⤵
  PID:7608
- C:\Windows\System\oJrlDPI.exe
  C:\Windows\System\oJrlDPI.exe
  2⤵
  PID:7648
- C:\Windows\System\DZlGuWV.exe
  C:\Windows\System\DZlGuWV.exe
  2⤵
  PID:7680
- C:\Windows\System\gHHEyml.exe
  C:\Windows\System\gHHEyml.exe
  2⤵
  PID:7724
- C:\Windows\System\XbOIiUi.exe
  C:\Windows\System\XbOIiUi.exe
  2⤵
  PID:7772
- C:\Windows\System\AUNOgUo.exe
  C:\Windows\System\AUNOgUo.exe
  2⤵
  PID:7804
- C:\Windows\System\hhXIpSE.exe
  C:\Windows\System\hhXIpSE.exe
  2⤵
  PID:7852
- C:\Windows\System\fwwgGZH.exe
  C:\Windows\System\fwwgGZH.exe
  2⤵
  PID:7884
- C:\Windows\System\VPiigoq.exe
  C:\Windows\System\VPiigoq.exe
  2⤵
  PID:7924
- C:\Windows\System\zgmOKyi.exe
  C:\Windows\System\zgmOKyi.exe
  2⤵
  PID:4776
- C:\Windows\System\HynPeAw.exe
  C:\Windows\System\HynPeAw.exe
  2⤵
  PID:5748
- C:\Windows\System\hxawvkV.exe
  C:\Windows\System\hxawvkV.exe
  2⤵
  PID:5988
- C:\Windows\System\TjIShZy.exe
  C:\Windows\System\TjIShZy.exe
  2⤵
  PID:6080
- C:\Windows\System\fYyhyjG.exe
  C:\Windows\System\fYyhyjG.exe
  2⤵
  PID:5084
- C:\Windows\System\nokJezE.exe
  C:\Windows\System\nokJezE.exe
  2⤵
  PID:6200
- C:\Windows\System\aCQMPkv.exe
  C:\Windows\System\aCQMPkv.exe
  2⤵
  PID:6408
- C:\Windows\System\fNRFJCv.exe
  C:\Windows\System\fNRFJCv.exe
  2⤵
  PID:8456
- C:\Windows\System\TuDruEW.exe
  C:\Windows\System\TuDruEW.exe
  2⤵
  PID:6572
- C:\Windows\System\GCQzhxN.exe
  C:\Windows\System\GCQzhxN.exe
  2⤵
  PID:6716
- C:\Windows\System\ewiIqrg.exe
  C:\Windows\System\ewiIqrg.exe
  2⤵
  PID:8576
- C:\Windows\System\SQHsmkn.exe
  C:\Windows\System\SQHsmkn.exe
  2⤵
  PID:9228
- C:\Windows\System\HlKgxtq.exe
  C:\Windows\System\HlKgxtq.exe
  2⤵
  PID:9244
- C:\Windows\System\lbouldr.exe
  C:\Windows\System\lbouldr.exe
  2⤵
  PID:9260
- C:\Windows\System\BXEssgA.exe
  C:\Windows\System\BXEssgA.exe
  2⤵
  PID:9276
- C:\Windows\System\ycgwnOd.exe
  C:\Windows\System\ycgwnOd.exe
  2⤵
  PID:9344
- C:\Windows\System\TcXwKKn.exe
  C:\Windows\System\TcXwKKn.exe
  2⤵
  PID:9360
- C:\Windows\System\WocyXnQ.exe
  C:\Windows\System\WocyXnQ.exe
  2⤵
  PID:9380
- C:\Windows\System\dHCFMtM.exe
  C:\Windows\System\dHCFMtM.exe
  2⤵
  PID:9396
- C:\Windows\System\yLpTJRH.exe
  C:\Windows\System\yLpTJRH.exe
  2⤵
  PID:9420
- C:\Windows\System\cxkeKCh.exe
  C:\Windows\System\cxkeKCh.exe
  2⤵
  PID:9440
- C:\Windows\System\LxcCNdV.exe
  C:\Windows\System\LxcCNdV.exe
  2⤵
  PID:9464
- C:\Windows\System\qMxFABO.exe
  C:\Windows\System\qMxFABO.exe
  2⤵
  PID:9480
- C:\Windows\System\MklJbKW.exe
  C:\Windows\System\MklJbKW.exe
  2⤵
  PID:9508
- C:\Windows\System\uGIYyHc.exe
  C:\Windows\System\uGIYyHc.exe
  2⤵
  PID:9528
- C:\Windows\System\gzJutAb.exe
  C:\Windows\System\gzJutAb.exe
  2⤵
  PID:9544
- C:\Windows\System\UavOhDJ.exe
  C:\Windows\System\UavOhDJ.exe
  2⤵
  PID:9564
- C:\Windows\System\QGDGMue.exe
  C:\Windows\System\QGDGMue.exe
  2⤵
  PID:9584
- C:\Windows\System\AiveOzR.exe
  C:\Windows\System\AiveOzR.exe
  2⤵
  PID:9600
- C:\Windows\System\vRsnfbR.exe
  C:\Windows\System\vRsnfbR.exe
  2⤵
  PID:9620
- C:\Windows\System\kaLtLAv.exe
  C:\Windows\System\kaLtLAv.exe
  2⤵
  PID:9644
- C:\Windows\System\azzwIbY.exe
  C:\Windows\System\azzwIbY.exe
  2⤵
  PID:9660
- C:\Windows\System\spFglTC.exe
  C:\Windows\System\spFglTC.exe
  2⤵
  PID:9680
- C:\Windows\System\QWBeLGv.exe
  C:\Windows\System\QWBeLGv.exe
  2⤵
  PID:9704
- C:\Windows\System\kpBMgFG.exe
  C:\Windows\System\kpBMgFG.exe
  2⤵
  PID:9724
- C:\Windows\System\TaifGdX.exe
  C:\Windows\System\TaifGdX.exe
  2⤵
  PID:9748
- C:\Windows\System\pZBwacl.exe
  C:\Windows\System\pZBwacl.exe
  2⤵
  PID:9772
- C:\Windows\System\GUBBSwz.exe
  C:\Windows\System\GUBBSwz.exe
  2⤵
  PID:9788
- C:\Windows\System\AZybXCF.exe
  C:\Windows\System\AZybXCF.exe
  2⤵
  PID:9812
- C:\Windows\System\jUUQSBF.exe
  C:\Windows\System\jUUQSBF.exe
  2⤵
  PID:9832
- C:\Windows\System\DumQFwx.exe
  C:\Windows\System\DumQFwx.exe
  2⤵
  PID:9852
- C:\Windows\System\PmelKCx.exe
  C:\Windows\System\PmelKCx.exe
  2⤵
  PID:9872
- C:\Windows\System\CvCboYd.exe
  C:\Windows\System\CvCboYd.exe
  2⤵
  PID:9888
- C:\Windows\System\mCvJTuP.exe
  C:\Windows\System\mCvJTuP.exe
  2⤵
  PID:9908
- C:\Windows\System\foDarsm.exe
  C:\Windows\System\foDarsm.exe
  2⤵
  PID:9932
- C:\Windows\System\ctSdKpF.exe
  C:\Windows\System\ctSdKpF.exe
  2⤵
  PID:9952
- C:\Windows\System\HCUDAec.exe
  C:\Windows\System\HCUDAec.exe
  2⤵
  PID:9976
- C:\Windows\System\nvNXJhy.exe
  C:\Windows\System\nvNXJhy.exe
  2⤵
  PID:9996
- C:\Windows\System\ZvblwZJ.exe
  C:\Windows\System\ZvblwZJ.exe
  2⤵
  PID:10012
- C:\Windows\System\ukfFFOF.exe
  C:\Windows\System\ukfFFOF.exe
  2⤵
  PID:10032
- C:\Windows\System\rLIPBYM.exe
  C:\Windows\System\rLIPBYM.exe
  2⤵
  PID:10048
- C:\Windows\System\BVozgWS.exe
  C:\Windows\System\BVozgWS.exe
  2⤵
  PID:10136
- C:\Windows\System\QEpzOmF.exe
  C:\Windows\System\QEpzOmF.exe
  2⤵
  PID:10152
- C:\Windows\System\dGkqZJD.exe
  C:\Windows\System\dGkqZJD.exe
  2⤵
  PID:10172
- C:\Windows\System\pqDrAot.exe
  C:\Windows\System\pqDrAot.exe
  2⤵
  PID:10192
- C:\Windows\System\EcZUpAJ.exe
  C:\Windows\System\EcZUpAJ.exe
  2⤵
  PID:10216
- C:\Windows\System\LwIyDOV.exe
  C:\Windows\System\LwIyDOV.exe
  2⤵
  PID:7072
- C:\Windows\System\PUEMpfY.exe
  C:\Windows\System\PUEMpfY.exe
  2⤵
  PID:5260
- C:\Windows\System\NqhkCmn.exe
  C:\Windows\System\NqhkCmn.exe
  2⤵
  PID:6248
- C:\Windows\System\iDLfEBm.exe
  C:\Windows\System\iDLfEBm.exe
  2⤵
  PID:6712
- C:\Windows\System\wpqVTDw.exe
  C:\Windows\System\wpqVTDw.exe
  2⤵
  PID:6376
- C:\Windows\System\aEBtFmr.exe
  C:\Windows\System\aEBtFmr.exe
  2⤵
  PID:7216
- C:\Windows\System\MYTKLpA.exe
  C:\Windows\System\MYTKLpA.exe
  2⤵
  PID:7312
- C:\Windows\System\vlddsgL.exe
  C:\Windows\System\vlddsgL.exe
  2⤵
  PID:3676
- C:\Windows\System\uviTFzF.exe
  C:\Windows\System\uviTFzF.exe
  2⤵
  PID:8212
- C:\Windows\System\hwwbJRR.exe
  C:\Windows\System\hwwbJRR.exe
  2⤵
  PID:8288
- C:\Windows\System\iizZiWX.exe
  C:\Windows\System\iizZiWX.exe
  2⤵
  PID:8360
- C:\Windows\System\PwgcbnE.exe
  C:\Windows\System\PwgcbnE.exe
  2⤵
  PID:9152
- C:\Windows\System\JvKMxtR.exe
  C:\Windows\System\JvKMxtR.exe
  2⤵
  PID:9176
- C:\Windows\System\NdfQWeo.exe
  C:\Windows\System\NdfQWeo.exe
  2⤵
  PID:8416
- C:\Windows\System\cUBCMcV.exe
  C:\Windows\System\cUBCMcV.exe
  2⤵
  PID:7756
- C:\Windows\System\AmxDqXl.exe
  C:\Windows\System\AmxDqXl.exe
  2⤵
  PID:7940
- C:\Windows\System\HhfFxCm.exe
  C:\Windows\System\HhfFxCm.exe
  2⤵
  PID:5864
- C:\Windows\System\zwpQSOv.exe
  C:\Windows\System\zwpQSOv.exe
  2⤵
  PID:6380
- C:\Windows\System\FcLJpzK.exe
  C:\Windows\System\FcLJpzK.exe
  2⤵
  PID:8648
- C:\Windows\System\fUcbIXY.exe
  C:\Windows\System\fUcbIXY.exe
  2⤵
  PID:8684
- C:\Windows\System\ifgNcwb.exe
  C:\Windows\System\ifgNcwb.exe
  2⤵
  PID:8724
- C:\Windows\System\FkTVxGX.exe
  C:\Windows\System\FkTVxGX.exe
  2⤵
  PID:8792
- C:\Windows\System\aoNjFEr.exe
  C:\Windows\System\aoNjFEr.exe
  2⤵
  PID:8776
- C:\Windows\System\cCwPgUP.exe
  C:\Windows\System\cCwPgUP.exe
  2⤵
  PID:8704
- C:\Windows\System\nzUBNVI.exe
  C:\Windows\System\nzUBNVI.exe
  2⤵
  PID:8516
- C:\Windows\System\AMuzOML.exe
  C:\Windows\System\AMuzOML.exe
  2⤵
  PID:8376
- C:\Windows\System\heYJvVu.exe
  C:\Windows\System\heYJvVu.exe
  2⤵
  PID:9168
- C:\Windows\System\pFNCjHH.exe
  C:\Windows\System\pFNCjHH.exe
  2⤵
  PID:7628
- C:\Windows\System\lFIagnV.exe
  C:\Windows\System\lFIagnV.exe
  2⤵
  PID:7676
- C:\Windows\System\TfCbfUU.exe
  C:\Windows\System\TfCbfUU.exe
  2⤵
  PID:7820
- C:\Windows\System\lsPBtdL.exe
  C:\Windows\System\lsPBtdL.exe
  2⤵
  PID:9672
- C:\Windows\System\lCUcJuj.exe
  C:\Windows\System\lCUcJuj.exe
  2⤵
  PID:7904
- C:\Windows\System\OgwFTiJ.exe
  C:\Windows\System\OgwFTiJ.exe
  2⤵
  PID:9736
- C:\Windows\System\XQKaAks.exe
  C:\Windows\System\XQKaAks.exe
  2⤵
  PID:8860
- C:\Windows\System\LqtTMRN.exe
  C:\Windows\System\LqtTMRN.exe
  2⤵
  PID:8912
- C:\Windows\System\uEbPjJx.exe
  C:\Windows\System\uEbPjJx.exe
  2⤵
  PID:9864
- C:\Windows\System\pbcTYAy.exe
  C:\Windows\System\pbcTYAy.exe
  2⤵
  PID:9040
- C:\Windows\System\IOhvsjk.exe
  C:\Windows\System\IOhvsjk.exe
  2⤵
  PID:9084
- C:\Windows\System\fervzhx.exe
  C:\Windows\System\fervzhx.exe
  2⤵
  PID:9116
- C:\Windows\System\yOfJjCC.exe
  C:\Windows\System\yOfJjCC.exe
  2⤵
  PID:10252
- C:\Windows\System\RuqvqiP.exe
  C:\Windows\System\RuqvqiP.exe
  2⤵
  PID:10272
- C:\Windows\System\HxuuVtd.exe
  C:\Windows\System\HxuuVtd.exe
  2⤵
  PID:10292
- C:\Windows\System\GwdAEIL.exe
  C:\Windows\System\GwdAEIL.exe
  2⤵
  PID:10316
- C:\Windows\System\UypNicK.exe
  C:\Windows\System\UypNicK.exe
  2⤵
  PID:10332
- C:\Windows\System\Omzmhyr.exe
  C:\Windows\System\Omzmhyr.exe
  2⤵
  PID:10356
- C:\Windows\System\nRJSlxJ.exe
  C:\Windows\System\nRJSlxJ.exe
  2⤵
  PID:10372
- C:\Windows\System\ZBdLIVf.exe
  C:\Windows\System\ZBdLIVf.exe
  2⤵
  PID:10396
- C:\Windows\System\gNnrETP.exe
  C:\Windows\System\gNnrETP.exe
  2⤵
  PID:10416
- C:\Windows\System\IUURheV.exe
  C:\Windows\System\IUURheV.exe
  2⤵
  PID:10440
- C:\Windows\System\jetUrGe.exe
  C:\Windows\System\jetUrGe.exe
  2⤵
  PID:10456
- C:\Windows\System\vAcGWLg.exe
  C:\Windows\System\vAcGWLg.exe
  2⤵
  PID:10476
- C:\Windows\System\zYuyxgS.exe
  C:\Windows\System\zYuyxgS.exe
  2⤵
  PID:10504
- C:\Windows\System\ojFUZAx.exe
  C:\Windows\System\ojFUZAx.exe
  2⤵
  PID:10520
- C:\Windows\System\UNLrnup.exe
  C:\Windows\System\UNLrnup.exe
  2⤵
  PID:10540
- C:\Windows\System\eTgyPvw.exe
  C:\Windows\System\eTgyPvw.exe
  2⤵
  PID:10564
- C:\Windows\System\TuCsEGX.exe
  C:\Windows\System\TuCsEGX.exe
  2⤵
  PID:10580
- C:\Windows\System\PblMmjk.exe
  C:\Windows\System\PblMmjk.exe
  2⤵
  PID:10604
- C:\Windows\System\MfFObQl.exe
  C:\Windows\System\MfFObQl.exe
  2⤵
  PID:10624
- C:\Windows\System\AFIeiEC.exe
  C:\Windows\System\AFIeiEC.exe
  2⤵
  PID:10644
- C:\Windows\System\lbEnslK.exe
  C:\Windows\System\lbEnslK.exe
  2⤵
  PID:10668
- C:\Windows\System\jVfhNiM.exe
  C:\Windows\System\jVfhNiM.exe
  2⤵
  PID:10688
- C:\Windows\System\HFTwPqd.exe
  C:\Windows\System\HFTwPqd.exe
  2⤵
  PID:10712
- C:\Windows\System\rAfGZQl.exe
  C:\Windows\System\rAfGZQl.exe
  2⤵
  PID:10732
- C:\Windows\System\OGOHEMm.exe
  C:\Windows\System\OGOHEMm.exe
  2⤵
  PID:10752
- C:\Windows\System\XdjRKWN.exe
  C:\Windows\System\XdjRKWN.exe
  2⤵
  PID:10776
- C:\Windows\System\ywzzGOw.exe
  C:\Windows\System\ywzzGOw.exe
  2⤵
  PID:10792
- C:\Windows\System\aHAWhfd.exe
  C:\Windows\System\aHAWhfd.exe
  2⤵
  PID:10812
- C:\Windows\System\DnhuTfU.exe
  C:\Windows\System\DnhuTfU.exe
  2⤵
  PID:10832
- C:\Windows\System\STneqNa.exe
  C:\Windows\System\STneqNa.exe
  2⤵
  PID:10852
- C:\Windows\System\LAFgYla.exe
  C:\Windows\System\LAFgYla.exe
  2⤵
  PID:10876
- C:\Windows\System\EkaFZMS.exe
  C:\Windows\System\EkaFZMS.exe
  2⤵
  PID:10892
- C:\Windows\System\VKljuVj.exe
  C:\Windows\System\VKljuVj.exe
  2⤵
  PID:10920
- C:\Windows\System\NpQkScR.exe
  C:\Windows\System\NpQkScR.exe
  2⤵
  PID:10940
- C:\Windows\System\pDJrpFc.exe
  C:\Windows\System\pDJrpFc.exe
  2⤵
  PID:10964
- C:\Windows\System\sMetwps.exe
  C:\Windows\System\sMetwps.exe
  2⤵
  PID:10992
- C:\Windows\System\ZxbOhwg.exe
  C:\Windows\System\ZxbOhwg.exe
  2⤵
  PID:11008
- C:\Windows\System\ynSJFCa.exe
  C:\Windows\System\ynSJFCa.exe
  2⤵
  PID:11024
- C:\Windows\System\AsjLhtT.exe
  C:\Windows\System\AsjLhtT.exe
  2⤵
  PID:11044
- C:\Windows\System\BKZCkyp.exe
  C:\Windows\System\BKZCkyp.exe
  2⤵
  PID:11060
- C:\Windows\System\ZizRmsL.exe
  C:\Windows\System\ZizRmsL.exe
  2⤵
  PID:11076
- C:\Windows\System\orwBFAd.exe
  C:\Windows\System\orwBFAd.exe
  2⤵
  PID:11092
- C:\Windows\System\GhWZbeG.exe
  C:\Windows\System\GhWZbeG.exe
  2⤵
  PID:11108
- C:\Windows\System\AneGijY.exe
  C:\Windows\System\AneGijY.exe
  2⤵
  PID:11128
- C:\Windows\System\nEmrSJy.exe
  C:\Windows\System\nEmrSJy.exe
  2⤵
  PID:11148
- C:\Windows\System\cCevQVz.exe
  C:\Windows\System\cCevQVz.exe
  2⤵
  PID:11164
- C:\Windows\System\ljPTPiX.exe
  C:\Windows\System\ljPTPiX.exe
  2⤵
  PID:11180
- C:\Windows\System\qYVzLyz.exe
  C:\Windows\System\qYVzLyz.exe
  2⤵
  PID:11204
- C:\Windows\System\HyCNvrR.exe
  C:\Windows\System\HyCNvrR.exe
  2⤵
  PID:11220
- C:\Windows\System\yFrFzVN.exe
  C:\Windows\System\yFrFzVN.exe
  2⤵
  PID:11236
- C:\Windows\System\LHcRSTn.exe
  C:\Windows\System\LHcRSTn.exe
  2⤵
  PID:11256
- C:\Windows\System\DbDIVVF.exe
  C:\Windows\System\DbDIVVF.exe
  2⤵
  PID:9456
- C:\Windows\System\LvFCyfY.exe
  C:\Windows\System\LvFCyfY.exe
  2⤵
  PID:10236
- C:\Windows\System\sAgPXyG.exe
  C:\Windows\System\sAgPXyG.exe
  2⤵
  PID:8228
- C:\Windows\System\koezxPI.exe
  C:\Windows\System\koezxPI.exe
  2⤵
  PID:7644
- C:\Windows\System\PkSHrEG.exe
  C:\Windows\System\PkSHrEG.exe
  2⤵
  PID:7296
- C:\Windows\System\gvAjuTs.exe
  C:\Windows\System\gvAjuTs.exe
  2⤵
  PID:9632
- C:\Windows\System\OwhEYKd.exe
  C:\Windows\System\OwhEYKd.exe
  2⤵
  PID:8252
- C:\Windows\System\RarsFSY.exe
  C:\Windows\System\RarsFSY.exe
  2⤵
  PID:8400
- C:\Windows\System\WEFnHjQ.exe
  C:\Windows\System\WEFnHjQ.exe
  2⤵
  PID:7920
- C:\Windows\System\aeqxKri.exe
  C:\Windows\System\aeqxKri.exe
  2⤵
  PID:8780
- C:\Windows\System\MFtQCed.exe
  C:\Windows\System\MFtQCed.exe
  2⤵
  PID:8184
- C:\Windows\System\BWouMym.exe
  C:\Windows\System\BWouMym.exe
  2⤵
  PID:952
- C:\Windows\System\MWKrPpw.exe
  C:\Windows\System\MWKrPpw.exe
  2⤵
  PID:8300
- C:\Windows\System\nogdFws.exe
  C:\Windows\System\nogdFws.exe
  2⤵
  PID:9944
- C:\Windows\System\XZURXNE.exe
  C:\Windows\System\XZURXNE.exe
  2⤵
  PID:9988
- C:\Windows\System\wwXLnZF.exe
  C:\Windows\System\wwXLnZF.exe
  2⤵
  PID:7788
- C:\Windows\System\IqfsnvN.exe
  C:\Windows\System\IqfsnvN.exe
  2⤵
  PID:8880
- C:\Windows\System\MbcUfuv.exe
  C:\Windows\System\MbcUfuv.exe
  2⤵
  PID:8888
- C:\Windows\System\JwRFuVD.exe
  C:\Windows\System\JwRFuVD.exe
  2⤵
  PID:8848
- C:\Windows\System\UGCKbGy.exe
  C:\Windows\System\UGCKbGy.exe
  2⤵
  PID:11280
- C:\Windows\System\JxDxFyi.exe
  C:\Windows\System\JxDxFyi.exe
  2⤵
  PID:11388
- C:\Windows\System\yMMYgQM.exe
  C:\Windows\System\yMMYgQM.exe
  2⤵
  PID:11408
- C:\Windows\System\xtBRvlk.exe
  C:\Windows\System\xtBRvlk.exe
  2⤵
  PID:11424
- C:\Windows\System\NGYUotL.exe
  C:\Windows\System\NGYUotL.exe
  2⤵
  PID:11448
- C:\Windows\System\EIowOpk.exe
  C:\Windows\System\EIowOpk.exe
  2⤵
  PID:11468
- C:\Windows\System\amSEjUn.exe
  C:\Windows\System\amSEjUn.exe
  2⤵
  PID:11488
- C:\Windows\System\fybzbaV.exe
  C:\Windows\System\fybzbaV.exe
  2⤵
  PID:11512
- C:\Windows\System\AHGBGzQ.exe
  C:\Windows\System\AHGBGzQ.exe
  2⤵
  PID:11532
- C:\Windows\System\DwMPUmx.exe
  C:\Windows\System\DwMPUmx.exe
  2⤵
  PID:11548
- C:\Windows\System\ovFDfae.exe
  C:\Windows\System\ovFDfae.exe
  2⤵
  PID:11568
- C:\Windows\System\Jlhajgb.exe
  C:\Windows\System\Jlhajgb.exe
  2⤵
  PID:11712
- C:\Windows\System\ZzfQpEq.exe
  C:\Windows\System\ZzfQpEq.exe
  2⤵
  PID:11732
- C:\Windows\System\ZdqxYFB.exe
  C:\Windows\System\ZdqxYFB.exe
  2⤵
  PID:11748
- C:\Windows\System\VxMThSQ.exe
  C:\Windows\System\VxMThSQ.exe
  2⤵
  PID:11776
- C:\Windows\System\GjwJIoY.exe
  C:\Windows\System\GjwJIoY.exe
  2⤵
  PID:11792
- C:\Windows\System\XfnCQAa.exe
  C:\Windows\System\XfnCQAa.exe
  2⤵
  PID:11808
- C:\Windows\System\cuHWsdC.exe
  C:\Windows\System\cuHWsdC.exe
  2⤵
  PID:11828
- C:\Windows\System\odRZrda.exe
  C:\Windows\System\odRZrda.exe
  2⤵
  PID:11848
- C:\Windows\System\bBrIQtC.exe
  C:\Windows\System\bBrIQtC.exe
  2⤵
  PID:11864
- C:\Windows\System\jvKgqrK.exe
  C:\Windows\System\jvKgqrK.exe
  2⤵
  PID:11884
- C:\Windows\System\XuZYuXe.exe
  C:\Windows\System\XuZYuXe.exe
  2⤵
  PID:11900
- C:\Windows\System\njaLXoX.exe
  C:\Windows\System\njaLXoX.exe
  2⤵
  PID:11920
- C:\Windows\System\nBIsGZW.exe
  C:\Windows\System\nBIsGZW.exe
  2⤵
  PID:11940
- C:\Windows\System\gXbztNY.exe
  C:\Windows\System\gXbztNY.exe
  2⤵
  PID:11960
- C:\Windows\System\rjRlIlj.exe
  C:\Windows\System\rjRlIlj.exe
  2⤵
  PID:11980
- C:\Windows\System\okjBTxG.exe
  C:\Windows\System\okjBTxG.exe
  2⤵
  PID:12004
- C:\Windows\System\mtHfGRb.exe
  C:\Windows\System\mtHfGRb.exe
  2⤵
  PID:12024
- C:\Windows\System\ESqhOmt.exe
  C:\Windows\System\ESqhOmt.exe
  2⤵
  PID:12044
- C:\Windows\System\vhmhdBF.exe
  C:\Windows\System\vhmhdBF.exe
  2⤵
  PID:12064
- C:\Windows\System\uGWGkTl.exe
  C:\Windows\System\uGWGkTl.exe
  2⤵
  PID:12084
- C:\Windows\System\cOJDaEJ.exe
  C:\Windows\System\cOJDaEJ.exe
  2⤵
  PID:12104
- C:\Windows\System\zZxACNm.exe
  C:\Windows\System\zZxACNm.exe
  2⤵
  PID:12124
- C:\Windows\System\NYdmGuv.exe
  C:\Windows\System\NYdmGuv.exe
  2⤵
  PID:12144
- C:\Windows\System\rUKrUKo.exe
  C:\Windows\System\rUKrUKo.exe
  2⤵
  PID:12168
- C:\Windows\System\ijLJlPo.exe
  C:\Windows\System\ijLJlPo.exe
  2⤵
  PID:12184
- C:\Windows\System\ADmABou.exe
  C:\Windows\System\ADmABou.exe
  2⤵
  PID:12212
- C:\Windows\System\QkiJmsp.exe
  C:\Windows\System\QkiJmsp.exe
  2⤵
  PID:12232
- C:\Windows\System\dFCnpEm.exe
  C:\Windows\System\dFCnpEm.exe
  2⤵
  PID:12248
- C:\Windows\System\NZQrNZQ.exe
  C:\Windows\System\NZQrNZQ.exe
  2⤵
  PID:12264
- C:\Windows\System\mURhYfy.exe
  C:\Windows\System\mURhYfy.exe
  2⤵
  PID:12280
- C:\Windows\System\MpFtWKd.exe
  C:\Windows\System\MpFtWKd.exe
  2⤵
  PID:4496
- C:\Windows\System\mYJywpP.exe
  C:\Windows\System\mYJywpP.exe
  2⤵
  PID:9272
- C:\Windows\System\LwfJLUK.exe
  C:\Windows\System\LwfJLUK.exe
  2⤵
  PID:9332
- C:\Windows\System\SHuMLgR.exe
  C:\Windows\System\SHuMLgR.exe
  2⤵
  PID:9356
- C:\Windows\System\oPDCBWv.exe
  C:\Windows\System\oPDCBWv.exe
  2⤵
  PID:9404
- C:\Windows\System\XNBeVKr.exe
  C:\Windows\System\XNBeVKr.exe
  2⤵
  PID:10284
- C:\Windows\System\pYDujvV.exe
  C:\Windows\System\pYDujvV.exe
  2⤵
  PID:10208
- C:\Windows\System\izTGFDX.exe
  C:\Windows\System\izTGFDX.exe
  2⤵
  PID:10348
- C:\Windows\System\TgIRade.exe
  C:\Windows\System\TgIRade.exe
  2⤵
  PID:10428
- C:\Windows\System\zVGVWjA.exe
  C:\Windows\System\zVGVWjA.exe
  2⤵
  PID:9516
- C:\Windows\System\OrtOfpR.exe
  C:\Windows\System\OrtOfpR.exe
  2⤵
  PID:9540
- C:\Windows\System\ykDPOeU.exe
  C:\Windows\System\ykDPOeU.exe
  2⤵
  PID:7356
- C:\Windows\System\uMfqzCv.exe
  C:\Windows\System\uMfqzCv.exe
  2⤵
  PID:10772
- C:\Windows\System\tAocGWI.exe
  C:\Windows\System\tAocGWI.exe
  2⤵
  PID:10884
- C:\Windows\System\nPuLwDt.exe
  C:\Windows\System\nPuLwDt.exe
  2⤵
  PID:10952
- C:\Windows\System\TzccbKA.exe
  C:\Windows\System\TzccbKA.exe
  2⤵
  PID:11020
- C:\Windows\System\BpRfQrO.exe
  C:\Windows\System\BpRfQrO.exe
  2⤵
  PID:11088
- C:\Windows\System\YrvUlvR.exe
  C:\Windows\System\YrvUlvR.exe
  2⤵
  PID:11144
- C:\Windows\System\leYKmAt.exe
  C:\Windows\System\leYKmAt.exe
  2⤵
  PID:11212
- C:\Windows\System\YfjJKEm.exe
  C:\Windows\System\YfjJKEm.exe
  2⤵
  PID:9476
- C:\Windows\System\DeqPleN.exe
  C:\Windows\System\DeqPleN.exe
  2⤵
  PID:9820
- C:\Windows\System\SMLgMmV.exe
  C:\Windows\System\SMLgMmV.exe
  2⤵
  PID:9848
- C:\Windows\System\nGqOSLA.exe
  C:\Windows\System\nGqOSLA.exe
  2⤵
  PID:8196
- C:\Windows\System\ikhFsoH.exe
  C:\Windows\System\ikhFsoH.exe
  2⤵
  PID:9948
- C:\Windows\System\gdNETta.exe
  C:\Windows\System\gdNETta.exe
  2⤵
  PID:12304
- C:\Windows\System\oBGlMBp.exe
  C:\Windows\System\oBGlMBp.exe
  2⤵
  PID:12324
- C:\Windows\System\jsWUbTP.exe
  C:\Windows\System\jsWUbTP.exe
  2⤵
  PID:12344
- C:\Windows\System\KBaBCGn.exe
  C:\Windows\System\KBaBCGn.exe
  2⤵
  PID:12360
- C:\Windows\System\DipdSwL.exe
  C:\Windows\System\DipdSwL.exe
  2⤵
  PID:12376
- C:\Windows\System\MAYAOPC.exe
  C:\Windows\System\MAYAOPC.exe
  2⤵
  PID:12400
- C:\Windows\System\NhRvdeX.exe
  C:\Windows\System\NhRvdeX.exe
  2⤵
  PID:12416
- C:\Windows\System\djneYfH.exe
  C:\Windows\System\djneYfH.exe
  2⤵
  PID:12440
- C:\Windows\System\vZfdNHX.exe
  C:\Windows\System\vZfdNHX.exe
  2⤵
  PID:12460
- C:\Windows\System\tiFazTG.exe
  C:\Windows\System\tiFazTG.exe
  2⤵
  PID:12480
- C:\Windows\System\cSmnPti.exe
  C:\Windows\System\cSmnPti.exe
  2⤵
  PID:12496
- C:\Windows\System\lTQMkSl.exe
  C:\Windows\System\lTQMkSl.exe
  2⤵
  PID:12584
- C:\Windows\System\zcWLWlS.exe
  C:\Windows\System\zcWLWlS.exe
  2⤵
  PID:12600
- C:\Windows\System\bHsYipw.exe
  C:\Windows\System\bHsYipw.exe
  2⤵
  PID:12624
- C:\Windows\System\jtFKkkR.exe
  C:\Windows\System\jtFKkkR.exe
  2⤵
  PID:12644
- C:\Windows\System\yrVvTVv.exe
  C:\Windows\System\yrVvTVv.exe
  2⤵
  PID:12660
- C:\Windows\System\XJbzqxl.exe
  C:\Windows\System\XJbzqxl.exe
  2⤵
  PID:12684
- C:\Windows\System\Abezopa.exe
  C:\Windows\System\Abezopa.exe
  2⤵
  PID:12708
- C:\Windows\System\UCFikph.exe
  C:\Windows\System\UCFikph.exe
  2⤵
  PID:12728
- C:\Windows\System\jrQRcWK.exe
  C:\Windows\System\jrQRcWK.exe
  2⤵
  PID:12756
- C:\Windows\System\WzwlKsr.exe
  C:\Windows\System\WzwlKsr.exe
  2⤵
  PID:12780
- C:\Windows\System\dkaZHzQ.exe
  C:\Windows\System\dkaZHzQ.exe
  2⤵
  PID:12812
- C:\Windows\System\TLpEDyf.exe
  C:\Windows\System\TLpEDyf.exe
  2⤵
  PID:12832
- C:\Windows\System\zcqNFxu.exe
  C:\Windows\System\zcqNFxu.exe
  2⤵
  PID:12852
- C:\Windows\System\hfkqPUp.exe
  C:\Windows\System\hfkqPUp.exe
  2⤵
  PID:12876
- C:\Windows\System\sBniKGm.exe
  C:\Windows\System\sBniKGm.exe
  2⤵
  PID:12900
- C:\Windows\System\mDDuUSm.exe
  C:\Windows\System\mDDuUSm.exe
  2⤵
  PID:12916
- C:\Windows\System\ulKPvSn.exe
  C:\Windows\System\ulKPvSn.exe
  2⤵
  PID:12936
- C:\Windows\System\WUEfcAW.exe
  C:\Windows\System\WUEfcAW.exe
  2⤵
  PID:12980
- C:\Windows\System\BLkuHjx.exe
  C:\Windows\System\BLkuHjx.exe
  2⤵
  PID:13000
- C:\Windows\System\aSwePtJ.exe
  C:\Windows\System\aSwePtJ.exe
  2⤵
  PID:13028
- C:\Windows\System\XRlwOEB.exe
  C:\Windows\System\XRlwOEB.exe
  2⤵
  PID:13048
- C:\Windows\System\THpckkP.exe
  C:\Windows\System\THpckkP.exe
  2⤵
  PID:13068
- C:\Windows\System\pxvDEjt.exe
  C:\Windows\System\pxvDEjt.exe
  2⤵
  PID:13084
- C:\Windows\System\YtbAXCH.exe
  C:\Windows\System\YtbAXCH.exe
  2⤵
  PID:13104
- C:\Windows\System\JBynATY.exe
  C:\Windows\System\JBynATY.exe
  2⤵
  PID:13124
- C:\Windows\System\MrkctMO.exe
  C:\Windows\System\MrkctMO.exe
  2⤵
  PID:13140
- C:\Windows\System\eZfRchc.exe
  C:\Windows\System\eZfRchc.exe
  2⤵
  PID:13156
- C:\Windows\System\IYFrqOy.exe
  C:\Windows\System\IYFrqOy.exe
  2⤵
  PID:13176
- C:\Windows\System\rnVeLsZ.exe
  C:\Windows\System\rnVeLsZ.exe
  2⤵
  PID:13196
- C:\Windows\System\WKcvxhQ.exe
  C:\Windows\System\WKcvxhQ.exe
  2⤵
  PID:13216
- C:\Windows\System\CISXsIo.exe
  C:\Windows\System\CISXsIo.exe
  2⤵
  PID:13240
- C:\Windows\System\oWhDSDS.exe
  C:\Windows\System\oWhDSDS.exe
  2⤵
  PID:13256
- C:\Windows\System\DrzEQDl.exe
  C:\Windows\System\DrzEQDl.exe
  2⤵
  PID:13276
- C:\Windows\System\DIKfHyA.exe
  C:\Windows\System\DIKfHyA.exe
  2⤵
  PID:13296
- C:\Windows\System\dbhbIlf.exe
  C:\Windows\System\dbhbIlf.exe
  2⤵
  PID:8232
- C:\Windows\System\hpgUlGs.exe
  C:\Windows\System\hpgUlGs.exe
  2⤵
  PID:11440
- C:\Windows\System\BkpxfeO.exe
  C:\Windows\System\BkpxfeO.exe
  2⤵
  PID:11484
- C:\Windows\System\TiGFAdc.exe
  C:\Windows\System\TiGFAdc.exe
  2⤵
  PID:11000
- C:\Windows\System\zAbfqJW.exe
  C:\Windows\System\zAbfqJW.exe
  2⤵
  PID:10124
- C:\Windows\System\onrNPpC.exe
  C:\Windows\System\onrNPpC.exe
  2⤵
  PID:11564
- C:\Windows\System\mqkWUnU.exe
  C:\Windows\System\mqkWUnU.exe
  2⤵
  PID:9268
- C:\Windows\System\hZzpfYe.exe
  C:\Windows\System\hZzpfYe.exe
  2⤵
  PID:10484
- C:\Windows\System\zHHfvoe.exe
  C:\Windows\System\zHHfvoe.exe
  2⤵
  PID:12296
- C:\Windows\System\MwSZzWD.exe
  C:\Windows\System\MwSZzWD.exe
  2⤵
  PID:8560
- C:\Windows\System\OkicKLe.exe
  C:\Windows\System\OkicKLe.exe
  2⤵
  PID:11524
- C:\Windows\System\yZDaokU.exe
  C:\Windows\System\yZDaokU.exe
  2⤵
  PID:10452
- C:\Windows\System\yjycyZm.exe
  C:\Windows\System\yjycyZm.exe
  2⤵
  PID:3628
- C:\Windows\System\yiaIHKo.exe
  C:\Windows\System\yiaIHKo.exe
  2⤵
  PID:3580
- C:\Windows\System\qespnwm.exe
  C:\Windows\System\qespnwm.exe
  2⤵
  PID:9580
- C:\Windows\System\ocKtVUN.exe
  C:\Windows\System\ocKtVUN.exe
  2⤵
  PID:880
- C:\Windows\System\oZZTGyZ.exe
  C:\Windows\System\oZZTGyZ.exe
  2⤵
  PID:13288
- C:\Windows\System\vsceqXJ.exe
  C:\Windows\System\vsceqXJ.exe
  2⤵
  PID:11952
- C:\Windows\System\TooNRNP.exe
  C:\Windows\System\TooNRNP.exe
  2⤵
  PID:11992
- C:\Windows\System\jZmJIhC.exe
  C:\Windows\System\jZmJIhC.exe
  2⤵
  PID:9340
- C:\Windows\System\OzRGWGT.exe
  C:\Windows\System\OzRGWGT.exe
  2⤵
  PID:10200
- C:\Windows\System\yNfQNiT.exe
  C:\Windows\System\yNfQNiT.exe
  2⤵
  PID:9784
- C:\Windows\System\MMZSjMH.exe
  C:\Windows\System\MMZSjMH.exe
  2⤵
  PID:10908
- C:\Windows\System\NJgLJzG.exe
  C:\Windows\System\NJgLJzG.exe
  2⤵
  PID:9068
- C:\Windows\System\DAMDSyq.exe
  C:\Windows\System\DAMDSyq.exe
  2⤵
  PID:13100
- C:\Windows\System\PthnvDK.exe
  C:\Windows\System\PthnvDK.exe
  2⤵
  PID:12180
- C:\Windows\System\LzUfkNm.exe
  C:\Windows\System\LzUfkNm.exe
  2⤵
  PID:12312
- C:\Windows\System\OCgVdqj.exe
  C:\Windows\System\OCgVdqj.exe
  2⤵
  PID:9828
- C:\Windows\System\yalJOAk.exe
  C:\Windows\System\yalJOAk.exe
  2⤵
  PID:11840
- C:\Windows\System\kJFxHZh.exe
  C:\Windows\System\kJFxHZh.exe
  2⤵
  PID:10264
- C:\Windows\System\LwoLvmO.exe
  C:\Windows\System\LwoLvmO.exe
  2⤵
  PID:9008
- C:\Windows\System\YCAkvFW.exe
  C:\Windows\System\YCAkvFW.exe
  2⤵
  PID:11632
- C:\Windows\System\ZLiXTle.exe
  C:\Windows\System\ZLiXTle.exe
  2⤵
  PID:12616
- C:\Windows\System\QrXUrjm.exe
  C:\Windows\System\QrXUrjm.exe
  2⤵
  PID:13208
- C:\Windows\System\dWIKZVf.exe
  C:\Windows\System\dWIKZVf.exe
  2⤵
  PID:12844
- C:\Windows\System\lsvbFOL.exe
  C:\Windows\System\lsvbFOL.exe
  2⤵
  PID:10696
- C:\Windows\System\hzwTpVr.exe
  C:\Windows\System\hzwTpVr.exe
  2⤵
  PID:13168
- C:\Windows\System\aTeQwpd.exe
  C:\Windows\System\aTeQwpd.exe
  2⤵
  PID:11720
- C:\Windows\System\uoFeEpq.exe
  C:\Windows\System\uoFeEpq.exe
  2⤵
  PID:11404
- C:\Windows\System\dotzsvG.exe
  C:\Windows\System\dotzsvG.exe
  2⤵
  PID:4532
- C:\Windows\System\bAqBtiU.exe
  C:\Windows\System\bAqBtiU.exe
  2⤵
  PID:10244
- C:\Windows\System\QVwhPBN.exe
  C:\Windows\System\QVwhPBN.exe
  2⤵
  PID:12884
- C:\Windows\System\iGqwCyD.exe
  C:\Windows\System\iGqwCyD.exe
  2⤵
  PID:8440
- C:\Windows\System\CcneLEa.exe
  C:\Windows\System\CcneLEa.exe
  2⤵
  PID:11068
- C:\Windows\System\cuXGjmq.exe
  C:\Windows\System\cuXGjmq.exe
  2⤵
  PID:12164
- C:\Windows\System\rtwCMsl.exe
  C:\Windows\System\rtwCMsl.exe
  2⤵
  PID:2140
- C:\Windows\System\thFEwps.exe
  C:\Windows\System\thFEwps.exe
  2⤵
  PID:9256
- C:\Windows\System\uxyBUmZ.exe
  C:\Windows\System\uxyBUmZ.exe
  2⤵
  PID:11724
- C:\Windows\System\ztyqHHv.exe
  C:\Windows\System\ztyqHHv.exe
  2⤵
  PID:9172
- C:\Windows\System\moiHTvX.exe
  C:\Windows\System\moiHTvX.exe
  2⤵
  PID:7708
- C:\Windows\System\qhNditk.exe
  C:\Windows\System\qhNditk.exe
  2⤵
  PID:3252
- C:\Windows\System\JJehPgJ.exe
  C:\Windows\System\JJehPgJ.exe
  2⤵
  PID:11136
- C:\Windows\System\iXcpKKf.exe
  C:\Windows\System\iXcpKKf.exe
  2⤵
  PID:12488
- C:\Windows\System\BXUfMhQ.exe
  C:\Windows\System\BXUfMhQ.exe
  2⤵
  PID:2304
- C:\Windows\System\JWnDddb.exe
  C:\Windows\System\JWnDddb.exe
  2⤵
  PID:9688
- C:\Windows\System\nNUEekD.exe
  C:\Windows\System\nNUEekD.exe
  2⤵
  PID:9904
- C:\Windows\System\vtvqoMz.exe
  C:\Windows\System\vtvqoMz.exe
  2⤵
  PID:8520
- C:\Windows\System\oRAHHMa.exe
  C:\Windows\System\oRAHHMa.exe
  2⤵
  PID:652
- C:\Windows\System\vPPzBga.exe
  C:\Windows\System\vPPzBga.exe
  2⤵
  PID:1936
- C:\Windows\System\rxUYsuB.exe
  C:\Windows\System\rxUYsuB.exe
  2⤵
  PID:3052
- C:\Windows\System\liFErDY.exe
  C:\Windows\System\liFErDY.exe
  2⤵
  PID:12116
- C:\Windows\System\CWWsHXc.exe
  C:\Windows\System\CWWsHXc.exe
  2⤵
  PID:12060
- C:\Windows\System\hlOOAtJ.exe
  C:\Windows\System\hlOOAtJ.exe
  2⤵
  PID:13024
- C:\Windows\System\ssDKvoe.exe
  C:\Windows\System\ssDKvoe.exe
  2⤵
  PID:7740
- C:\Windows\System\sLeZYwr.exe
  C:\Windows\System\sLeZYwr.exe
  2⤵
  PID:11816
- C:\Windows\System\vFIUeEC.exe
  C:\Windows\System\vFIUeEC.exe
  2⤵
  PID:12392
- C:\Windows\System\yxMZWjW.exe
  C:\Windows\System\yxMZWjW.exe
  2⤵
  PID:3936
- C:\Windows\System\JRFXzyG.exe
  C:\Windows\System\JRFXzyG.exe
  2⤵
  PID:12096
- C:\Windows\System\jocqPNM.exe
  C:\Windows\System\jocqPNM.exe
  2⤵
  PID:5036
- C:\Windows\System\yIxoJrz.exe
  C:\Windows\System\yIxoJrz.exe
  2⤵
  PID:13308
- C:\Windows\System\DsWSpZu.exe
  C:\Windows\System\DsWSpZu.exe
  2⤵
  PID:11124
- C:\Windows\System\jbgSedO.exe
  C:\Windows\System\jbgSedO.exe
  2⤵
  PID:3708
- C:\Windows\System\dCmwroh.exe
  C:\Windows\System\dCmwroh.exe
  2⤵
  PID:6092
- C:\Windows\System\AZGhyIo.exe
  C:\Windows\System\AZGhyIo.exe
  2⤵
  PID:6140
- C:\Windows\System\komHuEb.exe
  C:\Windows\System\komHuEb.exe
  2⤵
  PID:9576
- C:\Windows\System\oCryTYb.exe
  C:\Windows\System\oCryTYb.exe
  2⤵
  PID:9036
- C:\Windows\System\LerJQjW.exe
  C:\Windows\System\LerJQjW.exe
  2⤵
  PID:8612
- C:\Windows\System\cIowvsq.exe
  C:\Windows\System\cIowvsq.exe
  2⤵
  PID:7596
- C:\Windows\System\YwuUNXN.exe
  C:\Windows\System\YwuUNXN.exe
  2⤵
  PID:7576
- C:\Windows\System\koEgDxi.exe
  C:\Windows\System\koEgDxi.exe
  2⤵
  PID:3196
- C:\Windows\System\lEtQUsl.exe
  C:\Windows\System\lEtQUsl.exe
  2⤵
  PID:7564
- C:\Windows\System\iptLaIZ.exe
  C:\Windows\System\iptLaIZ.exe
  2⤵
  PID:11860
- C:\Windows\System\EwPZuJV.exe
  C:\Windows\System\EwPZuJV.exe
  2⤵
  PID:12680
- C:\Windows\System\dxewgRo.exe
  C:\Windows\System\dxewgRo.exe
  2⤵
  PID:9056
- C:\Windows\System\ZlCPfUa.exe
  C:\Windows\System\ZlCPfUa.exe
  2⤵
  PID:4296
- C:\Windows\System\ESgeSVh.exe
  C:\Windows\System\ESgeSVh.exe
  2⤵
  PID:12572
- C:\Windows\System\vkVAPit.exe
  C:\Windows\System\vkVAPit.exe
  2⤵
  PID:12764
- C:\Windows\System\gXZkxMh.exe
  C:\Windows\System\gXZkxMh.exe
  2⤵
  PID:7584
- C:\Windows\System\jWQasIy.exe
  C:\Windows\System\jWQasIy.exe
  2⤵
  PID:13340

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iwxn5wyk.0hl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AYTAdMc.exe

Filesize
1.4MB

MD5
ffea98d39683dda04d5fc6bc2df9c4b6

SHA1
084dafa653467d067163a7ba97f8c31dbbb25062

SHA256
70644641a8e95ebf6cb3496d40f50b482621a5df942dbe3695b837d0a160c58a

SHA512
57145b0451d759803dfb26e22833daadf7b8994f677c662086d45b02038ee3bd58cb17adbbfd5bb0026040a4233440cc6bad090144c3014f3dcb51b930553d49

Download Submit
C:\Windows\System\BNNpCpe.exe

Filesize
1.4MB

MD5
2efdba497ce805503f4f35d34a6e4160

SHA1
7266dc68707c59ee90ce3d0a92bcd5312bd355fa

SHA256
66289556d645bae8ec29ada23da6032b5d86135692572ed2029ac8745fece71b

SHA512
bfdd991ba3b6f1eb0fff23b8ef4ffb464ebdb9271eea13ae4e44da6943d669a03a4711eeeade1e42797389cd57fa52d90b6e012dd2ed718df52fe48c541a3be4

Download Submit
C:\Windows\System\BQWLaLq.exe

Filesize
1.4MB

MD5
1639d1b683026acdcc69f013ec5cfbca

SHA1
7a9dc4462660eaebbd5588fea1663f6eb19e5651

SHA256
ceca288fb1d9d6e3218a7a47d94e66881641faa5906da482edace3e528e7a3f1

SHA512
9cedb4fddd22f3ac3eeb5184cb86ff2704de3e73deae1c7a0b495d719db054da646b08582950d2086de9b4a06585a3a187dff2e5b54005f3a50411ad020f691a

Download Submit
C:\Windows\System\BoCCoKd.exe

Filesize
1.4MB

MD5
27500eadf8485866f278e05427204c14

SHA1
944d03ec3b95aca8510fe9a55720f3fe8afa6f13

SHA256
f3a99396636c21a7d272e846111f11e6f9346066488cc931377119a59057722b

SHA512
0c548d9bf2ef1e185565f1b405c9f2bf5a25182659b890c182d2e2108a8beb7989a1290c5626394623e5455e4c63f722affd4b70853da041eddf8117f46dc3d2

Download Submit
C:\Windows\System\DEOlHas.exe

Filesize
8B

MD5
3989110bf28e1752d8354fc44aee0a5a

SHA1
2d341ede84fcdf1393cbc1c69b98173c16076de5

SHA256
ebec1be56406b8ccda98c6ae40713b17ab0e77787c03fa110b421dcd4ed20236

SHA512
05d90fae41717bc7686b0f44550f09d1b8636af054b5f3ca56692a92791caee36e681dc16ad6673b593b02851b240971a152f999e8c1a1c5d0d92fad9fcf82a2

Download Submit
C:\Windows\System\DKPNzdS.exe

Filesize
1.4MB

MD5
a730b08d62f8d53d90784210199c1847

SHA1
80d13e87a104f80decdf694705cda86532d33901

SHA256
ad45c44d398a2302e647d4725f1d58c605366c2761b8c96a6c94ae56e3fa2bc7

SHA512
50e1f9219dd3597dfb9d30b570ffc63082f7ec4739e7d6106041337977bab1d010bde81b6e77a7071cd24107824dca40dcbe57f0e5c9b315df49fe050e8d46c2

Download Submit
C:\Windows\System\DhRfaZs.exe

Filesize
1.4MB

MD5
00547980f94e91a546aff6e469b71361

SHA1
d82ba276da09f796310ca7e3513dcbfdedd8c9db

SHA256
5920dc022f2867fa154e483c284fa39b64bb3412faf59128e23fd3537e328f08

SHA512
9149ef384f14fc967557eb04c1198e138ebadbb0b1b0915489d32ead4fec0925db0ba1381e937e741a2b906bc8e3811bc9b1b3628cc72ef5aa5e43797ae764cb

Download Submit
C:\Windows\System\DmpQQOg.exe

Filesize
1.4MB

MD5
82b108c68d3defcc80a668e6fc2de3c9

SHA1
7862bc726b30b06039009bb14f1bfa8e08529585

SHA256
5448b97e9a864fbd04fac1beb568d9e1a4ed2f386f936b1032bad6a008185568

SHA512
0854df4c33611d1876f64d452ee1c86c493cea049748a9010173522abff07daf2f9bca975871fe0016745763db9488c0184076d4d2d67598904e7c4504646d8f

Download Submit
C:\Windows\System\EwtnOVi.exe

Filesize
1.4MB

MD5
82d660f2250ed035d7707bc5ef03e598

SHA1
ed0afd2137c4472ca1ae414ed82cd8e848907bab

SHA256
11bb7f9cad219e50cce0ce38a521ef9a1699a2d03d5749ed799de34c8a86f57d

SHA512
5b0d5b045a26f300a72b17e100fabc7ddea1d4fb9a493bd2b1dd9c96506cd907efe9b14129a11035027a966100bc00b7d0ef2bede9d8b2af39d243e412c0b1e0

Download Submit
C:\Windows\System\GWlxnQo.exe

Filesize
1.4MB

MD5
0cda1e9f1e3eccd387a3f44abfc4011b

SHA1
9284bc224389418bb274acbe38ea380d5616f77a

SHA256
707fe7577b15327479b529daa305eeae936dea90d78320247f3c0fb1bea90ffc

SHA512
4344901019331e622c93fbdc5dc241d2a19d679840fb403c6f8be3b27921c4875b4c789c6a64f6ccb8be16234e9415dcfa19cbf628950f0a400822a836e3219e

Download Submit
C:\Windows\System\KTmQWQN.exe

Filesize
1.4MB

MD5
04f1902ee50067d9c5b64d9daaad3b27

SHA1
2374c8cdc69559dc5fca0978e623917cdd7723b6

SHA256
e03e05d3d28534e4b90a2341c8e7dd6edeb96f8a8dce2e97446631081713e153

SHA512
85cb2bdbd59c73e3d7542a30b006f67f5ba4883aef8d2b307ab943e0f1b4e2d325f566c87f20d30174df757e7e75fd4a22820a783f7b6e68fd687ea8a2d3ce2e

Download Submit
C:\Windows\System\KYpHwrU.exe

Filesize
1.4MB

MD5
23f5f136e51d00a763c24fddbe99e9af

SHA1
7298e747a29c75e5b053dcd863310524bf8f478d

SHA256
7b644cd53a1be689050b779933c9ab4f083211e9bda1e20724079800bdc340e2

SHA512
ab3563dbb1a9c4ff12d84fa57e5d94c9fb580c9bf43d0d5d510e018bbea47e8166c89f2512a27bfa1400e30c6f341eefc957e08655b515e31b716dd0b82984be

Download Submit
C:\Windows\System\LqqDApX.exe

Filesize
1.4MB

MD5
373871bec52a507d9b65b2e168c923a0

SHA1
b00a7fb4d2a01013417f2714f8cd9c5e328aebb2

SHA256
196169220a0fb32c113861d3cb1e0d72d279baa216d4d0a0a7875de950d2e166

SHA512
64cc3190c746b4b1c75e348b50ad47fb14b41b7af5238e4c2465541199972902fc29bf68af1724181c9772e47e033834d49552a4713792d6a46e1d7c9c83ff83

Download Submit
C:\Windows\System\NCxnwiN.exe

Filesize
1.4MB

MD5
9928f702af93a6906ca5031522dc5c54

SHA1
e7a581379396c0d74cbb090c53c734df574d152e

SHA256
17d363ac50273c04b8056325164c50f8ef6162b1cce4905789d7d23da9ef53c0

SHA512
45a9b5994493aad2d0751f775ed20961ea5b2127e582cbfa492472c4eb676b4150ddd1d01266d6bf0b6a37d0e6a04a133b1a36228cf2e9c7b17fc3d94e93f80c

Download Submit
C:\Windows\System\NaDEiJN.exe

Filesize
1.4MB

MD5
8cae9c3a3746138002add94fd16ba680

SHA1
a8f4750bb3782b9554c4d443eab59dccf156ca96

SHA256
eb9d3354332e5ae552fabfa0cc9f9cc12add0ce8c5d6e82d1065ef96e2fe08c6

SHA512
6c16375017b8b1fc7864de279d3f3ce3cb75270537a389d95e5b6f03bbe1ee3211fb65ba25de1c9248381c485eb56691efeb84ac2d713c3efe635d417174163d

Download Submit
C:\Windows\System\NkEWmcQ.exe

Filesize
1.4MB

MD5
0f842e372a5c6a8b8ffa719430f8de42

SHA1
912a2a6e93bf2ca3694e4f06d5e7ad4ff4614391

SHA256
fba47d9de09d94628f7ab3de734727654e15317b8c116e04444e131dbe050233

SHA512
0fe2896508877b393f2adec5777096b16bc8e35c045496be3b3c1998b1636c585b39b41315f3abcaefdf7a20ebb8cd8826839e0524dcf4ae82821a2153d25e5e

Download Submit
C:\Windows\System\PzTkyLe.exe

Filesize
1.4MB

MD5
862c64b86c55630fd65bc818cf922660

SHA1
f0f7c37c4686c70b64ff6c82a47fe25f15759558

SHA256
d9fd1011b40e674d1135e4c575b79ef0a7d7dca9b8805a39f0d7e1914e82908a

SHA512
96aa54f25266636150d6b3506d969e96a50f7f00888e1d651382143272d7ce2a318140b7d91ac68c91568da8f4a1ef5de1e9098d1fe5eb8b06cd869a503e1a91

Download Submit
C:\Windows\System\QGqfPun.exe

Filesize
1.4MB

MD5
a4b3754963331a6dfdd8bee01dd1baea

SHA1
d591020742f957ce8021cabcb9751096da75efc8

SHA256
ab6fe68a244260fd89f588cfdfeda909fdcc74bccad7d7cf75f4551cf2a20ccd

SHA512
fea3fa840db197b73b1e77ca8fbe3ea99032624296da00c738c920eb713d84ed879bc5ce577390ea5da17ad3eea792efb6c5ff8a09df1b68d1d0153705b9e265

Download Submit
C:\Windows\System\SzcjFHg.exe

Filesize
1.4MB

MD5
52bb8e1e88ee5a2b91c2d47fc5ae9539

SHA1
8f9114596a4d44e99c3aff888e1d978f7fef1fa4

SHA256
630850448af81ce2befdf2eb0c88e99b5991e795ef51c407c5c9812076b6a273

SHA512
f7a912c8c9fb4db5142a245c7f850bb7ab07289e277b73d407444625a583ab5b06910763961385cf4a0d1ce4d4099cd2e7bc3715c479e1d91945bbf1d82a2cab

Download Submit
C:\Windows\System\Vlliega.exe

Filesize
1.4MB

MD5
0c8a7f3b6021552bcad9b94421903c20

SHA1
261a9a829b1b1be3cb466d6857d74e1c57cca65e

SHA256
561b66c9e178acc0fc755ffc7e5141c1cd83f529d8e8673dbfd5621f05f0a6a2

SHA512
f51cc95cfd4a24efd2cf1a48cfb20b48b6304422a6fcbf44e215305b1980a4b71e9970268909fee5b66a5861e2c53b5de0af9fda305f8199d2f6613357a3a32a

Download Submit
C:\Windows\System\VxKRXjI.exe

Filesize
1.4MB

MD5
617588f60efa31dbb64e26c425f85594

SHA1
3b74f148f649c572ed0db09c87c618749733bb9c

SHA256
5aef8a79973f6206b8ecbd6371bfa59dabe9fab56ed02ea7f77c4eca35804e9c

SHA512
4cfffca0ebcc5d41404a882f982b88051df463b0e78cb2af551a96d2c000427162d0bab023d77f169e83bd7025bd8c1b700a5ee310ab50499d94f73d05dc5f42

Download Submit
C:\Windows\System\avTuksH.exe

Filesize
1.4MB

MD5
6727e6ed5b764c8b90443aa37929266d

SHA1
43279a197e217cfe35f81f669a92f4ca64673ad8

SHA256
640162a555e5ae72a96627c42ca05daf2ca844d7fa3da2e6ce00b2ef0c0995a1

SHA512
73f59992ed5c5f1e7e06b3c1a706fbee870a25ae5b4df0eb64d33dbf6bfd3e85615ed0bcce608e8723910c58ce599ae4b125f972d2faa8b8adbf9a14565fd173

Download Submit
C:\Windows\System\brpDree.exe

Filesize
1.4MB

MD5
2a2d271adb025212d4aef9166df45ec2

SHA1
b378e33d186cce4b1ae5a8166b51f5f0f21dc547

SHA256
4fc766ac69bffccd9b4e9205d3c3c9afae287a0acb5f1627266af203b367b27a

SHA512
3307abdc603b891b77792c58d364150c26e73644cb5b76369af533644aec8bea33ebd7424f240ff5a0a7e9ee88aea96b13d6ba7ba03bfb89a571b62ce58f0e1b

Download Submit
C:\Windows\System\drKPEcU.exe

Filesize
1.4MB

MD5
2aa75069361253f3d1afc894b83a0060

SHA1
4af70fae9da3d176fbffa9a416543799d80819a2

SHA256
13433b57544848caaa3b9a07ccf1760647dd7c7fc8a98777f0bddf35636fbfb7

SHA512
000d506d0ade133f0d1c13a23170fa3413e6f87c13203aec04d79e2b26e64444b4d45e0d36f725deedeef0e9c914d7dae6450e3d0c22ffe7852f7f9137797cde

Download Submit
C:\Windows\System\edQKBgs.exe

Filesize
1.4MB

MD5
0fe44149e910cee4a9f7fc23791aefad

SHA1
68660450b1f20267a47415c7cae2f444fd521a03

SHA256
5ace122e3e932e358cc1061e1bdce5179b7f7405dfd90157b5a9971b3eb36376

SHA512
7d573e407c6751c961f260f7525ee934c7b19e37387aa9db1f652d0a0225fedfd34da5cf0d22652b17ed5b4973c8849ea62c63b6847a68b76d3ce75482a87cde

Download Submit
C:\Windows\System\eeOvSpD.exe

Filesize
1.4MB

MD5
9e8b2594c9bf1f4aa293b8afe533827a

SHA1
6ae8cd55eefb35b101bd2be163819b29cb41bd66

SHA256
46100ff5d7a569d70209ef3d5173726c12e94f0f25958edeb57487e92e0d1086

SHA512
3b57056e8ef0fd543743490acd74510014c343ec98e18c89953e0f9f03c961df2817a2dbbb23928e666aeb0f5f4dacab0a021654510ddc01277f72920abcede5

Download Submit
C:\Windows\System\hWzhoDl.exe

Filesize
1.4MB

MD5
9e8d1e5dea9d239e921bb63d3bccc23d

SHA1
1f4288cae2a962a4e0781c1eb8f03e4540dd6cf6

SHA256
d9fb577b288d230fce6a25b54d2a609db7e7e20232c79e391b7fda504c8a32bb

SHA512
f09cf901d36c5f574f95cec7125479b518c841afec24aa58a3eb27f78b71f58f8a71e22782c9272c2ed1e2a01e1a188c26cbc3e82c39c04d426435843eeb99be

Download Submit
C:\Windows\System\jLJJhcn.exe

Filesize
1.4MB

MD5
090703fe48b849bc2b5a8351acba3236

SHA1
95ba5b1bebfc1fb8e1064ba7780e024e94ab281a

SHA256
8799415d157b92d32a3c2c879b69eb9bb21ce50dc84d4ddedd2851c0084fa6f0

SHA512
c3fdb4f613eda05cbd52f2797f40799431404178d13d6510a0cda113981e8e057ce4c538f4acccfc77c7a3d9ef652ffd0c0222aaccabe8ad4a1851d05239d3d2

Download Submit
C:\Windows\System\jRDELci.exe

Filesize
1.4MB

MD5
dfe34d84368090d3f644fa4b116ccd67

SHA1
a6dacdda3212795e4e901d02e6c74318f933f77c

SHA256
a4f7f21445ccfc4f88e4eb139d9dc0862674cc8cf673e383a597c184fc4b1dcd

SHA512
32db36be8ca9e1b3e6cf078435d4df0b20400873a08160a82ee6651b1eee15cc4aec426c6b13272b20c3fba180a8b4cb2f989d08ad3d865baef8dfbccfa1f04b

Download Submit
C:\Windows\System\jucwnsG.exe

Filesize
1.4MB

MD5
5880a9e2af7acc99690c2648a9019321

SHA1
6122ddcf3266b95faa071c16a1edc879a109ae1c

SHA256
12e8bae9b0788b53581809ff9afeac3dfdbb464a931db0416be28b5773b1a414

SHA512
857be212e731d36e9010eb671be221ea91d4d32405c7a8792c86610dbf5842f30474041076bd035d6b64862016487c2062061f5d2898f35daa9c1224866393d5

Download Submit
C:\Windows\System\kMkVGnM.exe

Filesize
1.4MB

MD5
ca575ce70e12826c6843fdd6b5a3fa83

SHA1
893240b81bf04767a6b2502b5304c74a6347c6d6

SHA256
b27b081486f8c3f37b7c4515a72e7c53914900e0ca01ce5ea44d6beade6cdb83

SHA512
79632f0f966ec2208ea5c1c318380564d3a8105de5d5590fe0384cb7fb2845895c9d6cc93d5578c460a5e003db89c6a859bbb82950e44eedd2c5e536377e8ef1

Download Submit
C:\Windows\System\lYQNdaL.exe

Filesize
1.4MB

MD5
3ec449484b9a61e554820ea7f1bcad24

SHA1
25af45f61cb71656d14a45f203c0282747cd1393

SHA256
8fe02d5e49eeeffa30fbbb961e280479adb3cec49fdda848b274a357a1965d08

SHA512
3d102aa40a0290e4b3fd332e9f30513b9e511b6a9af37bd60ea8dcbd3acc01e9c1233a12f67785bac78eb86ce99cc56e000483fe51b3e9db23db3767ed422465

Download Submit
C:\Windows\System\nrbTAsG.exe

Filesize
1.4MB

MD5
8fed01272ca07760895c14c30c36a63a

SHA1
770cdea6223a20ef9313772422176e132481e488

SHA256
1ab1ed2e8cd6a1be3060edcecc396f4ba000c0e77337788a67c792d2eaa5db34

SHA512
7da789668fdf4d760c0c12ea38af798637d29a73ddd56c03c18e9b2ceffd2a46a3bbcf6496e1202dd5a64ab360d850727598d8c92e9ae63aa2870fe277435778

Download Submit
C:\Windows\System\rVZAanE.exe

Filesize
1.4MB

MD5
35823a55cdcb4ba9c738ad3ec6803cf6

SHA1
a3d0bd85025ff53dfe3b8fba9e1375165a34fef2

SHA256
08db345aa0336b758f681a3904d1a3bd803226064a09c288c81bc44623f11027

SHA512
6106e5880a592dbf9a4e9659204751b340838a1aa9471c1086164833034d504bc1e4d4d5bddcada7154b66da9a218809e6f7f7265bfd60a3b64fca5513ea1f48

Download Submit
C:\Windows\System\ruSQfWa.exe

Filesize
1.4MB

MD5
a9026e2ce12c27f4080c6c6bdd41e825

SHA1
62115f3b18fedee024571fc0fc75de31674870df

SHA256
477c66dad9d82c14f2f98c58c244d6986be047d3fb9dbee80ea074c5e26f9cb3

SHA512
e289d261560a179e2e33c99e8d7925cafeb0e6ecb1c570dd811f4b4cb6bb5be06d225bfd1f18d1728a1eb792b450e9d9caad284fc23b1de10240f0023ce75d1a

Download Submit
C:\Windows\System\skSHBDq.exe

Filesize
1.4MB

MD5
ef6f8b52beadfcf14140e67532ee4324

SHA1
8799bda426af58eec14f0a971c919c850c42ab7e

SHA256
490ed50a6bb219476bb0154f21f7d07016d36132e36751f9fa3dfd6c675d2a86

SHA512
a8039146dd471ec6feca49d46239aec25e67e36cb2de4b1a8b7cab551db8b6f745274b734526b7db6e3ebba18fb6be564ad359720e75df41224d8eeb38f2e545

Download Submit
C:\Windows\System\uGYiAYv.exe

Filesize
1.4MB

MD5
a96c70bb655431c711b18ad6b785a3ff

SHA1
f4a2722d56b12fd490af507f871360eaf935bf40

SHA256
cec89066fb28ef716b34f2a73080b61d638f9adae9ba8085e0e5022de4b28145

SHA512
d6af29b01b3cd8ec3a831f919685ed7aba58f541cc164f173f2506697acf98d412c301e8d39d1a1002e718af41d865e9887df0595083c5fb37174381c41c2e3e

Download Submit
C:\Windows\System\udcfTji.exe

Filesize
1.4MB

MD5
444f8ad7d2747ef997562e9a2b3ca06d

SHA1
7f7ff7c8e2c7823f547a6c0b7f67cd90517d3611

SHA256
1c08f641a537f6125eac63b3574c0fa55b3994d898989bf721a185d8e182ba93

SHA512
c4add841722355e164581c7b12ca1ae1bbfd24c77917641fab222d577d995367e960fc70925e5b1b9eba3cd22d016688cc118fd535fc62a3cc51a4a14a551b4b

Download Submit
C:\Windows\System\vXathJU.exe

Filesize
1.4MB

MD5
0a18a8a89aeb2704312dce37160dc66c

SHA1
0a51198ac1ed7ef5efcc6b2fff35dfa97dde65fc

SHA256
6f1d5decbc79d18c919a43b7ac0f3e6c551be6df0fb550b895f1d0167902a9a9

SHA512
ebec67aeaf95cd051d11873f84531f50538f5066ce0e636ca3ba63ec60ecbb745a77c65701f36d2ef9cda802fdc68ed157817bb442b3e0d7b8c9e2f82e13bb23

Download Submit
C:\Windows\System\vnvISyX.exe

Filesize
1.4MB

MD5
4bb15d9355797d8e3f6ba64512ac5380

SHA1
79a6e072129f4678021aa1e04ade59644d8c6556

SHA256
7aeb652116798578f47988e2d66900ad055ac4fdb5c1cfa98fd4940f3a3010c1

SHA512
c8438e9fc659b18f4189be183cc3e02530a6d04ccd1089d50e929b8370588f9648f0bead83eb234533ce542a6a44017a9fcd167fbfe1533ec6f442e8f6c81141

Download Submit
C:\Windows\System\yBFjfyL.exe

Filesize
1.4MB

MD5
ad419bd4c07f7e27ac746f728074dc43

SHA1
ef5dce381fdc4929ac179302861f4b95c2a53bf3

SHA256
3128193ba6cef29829e768d67b510e4a97aeca0dc4e51a36aad8b4e275746a3c

SHA512
65bc697c260a30b3d61c2437ba8c26d65a994e5ee8f15cfcbd5a88b0f2e686dbb9c98822bfa2a161057a2e6c4f1d6f98ddb613c35970708d158a36204d881f72

Download Submit
C:\Windows\System\yViJYhc.exe

Filesize
1.4MB

MD5
7e02272da1f64d054aa98b8d6df628b6

SHA1
a313b03b919c752025079016bac785386710c8d2

SHA256
08e6fa30e9f7d18c93b259e934b192b2ea9cf1bc014694f924c87a74da2f0a20

SHA512
ea499b0709cb16529b53cc7b8b4ed73a85a70a64e025153c2332531851aadbbde77c819c678a8aa27c9a2d4a2c22cafa90f3cd867b6574e682beb7bdb95d27c4

Download Submit
C:\Windows\System\zuvTjKs.exe

Filesize
1.4MB

MD5
696afc387351ede3f1d747de0062d5c6

SHA1
65a305b9c488a8f3bcc21439ca3b46e19d71ed07

SHA256
12d486ac2b91a736a6ffbcd562f7a17a77f1096d00184673bbfe7b872ca2ea3e

SHA512
d92c6b250d8dbccc599487c1ecf68b27ebccc9bb22f66046154c45f11e2edfcf5ec3def8e2763a0c94a5cf3dd4ac62a138c44c151ce5c38e97d4e792c9eca423

Download Submit
memory/216-3663-0x00007FF72F1A0000-0x00007FF72F592000-memory.dmp

Filesize
3.9MB

Download
memory/216-3630-0x00007FF72F1A0000-0x00007FF72F592000-memory.dmp

Filesize
3.9MB

Download
memory/216-100-0x00007FF72F1A0000-0x00007FF72F592000-memory.dmp

Filesize
3.9MB

Download
memory/232-3665-0x00007FF75FB70000-0x00007FF75FF62000-memory.dmp

Filesize
3.9MB

Download
memory/232-66-0x00007FF75FB70000-0x00007FF75FF62000-memory.dmp

Filesize
3.9MB

Download
memory/232-3629-0x00007FF75FB70000-0x00007FF75FF62000-memory.dmp

Filesize
3.9MB

Download
memory/636-3703-0x00007FF6C3F70000-0x00007FF6C4362000-memory.dmp

Filesize
3.9MB

Download
memory/636-149-0x00007FF6C3F70000-0x00007FF6C4362000-memory.dmp

Filesize
3.9MB

Download
memory/636-3631-0x00007FF6C3F70000-0x00007FF6C4362000-memory.dmp

Filesize
3.9MB

Download
memory/1096-667-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp

Filesize
3.9MB

Download
memory/1096-3766-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-3711-0x00007FF68BCA0000-0x00007FF68C092000-memory.dmp

Filesize
3.9MB

Download
memory/1420-665-0x00007FF68BCA0000-0x00007FF68C092000-memory.dmp

Filesize
3.9MB

Download
memory/1544-0-0x00007FF797190000-0x00007FF797582000-memory.dmp

Filesize
3.9MB

Download
memory/1544-1-0x00000236A8AB0000-0x00000236A8AC0000-memory.dmp

Filesize
64KB

Download
memory/1756-3740-0x00007FF608230000-0x00007FF608622000-memory.dmp

Filesize
3.9MB

Download
memory/1756-672-0x00007FF608230000-0x00007FF608622000-memory.dmp

Filesize
3.9MB

Download
memory/1932-3733-0x00007FF6EE6B0000-0x00007FF6EEAA2000-memory.dmp

Filesize
3.9MB

Download
memory/1932-637-0x00007FF6EE6B0000-0x00007FF6EEAA2000-memory.dmp

Filesize
3.9MB

Download
memory/2228-673-0x00007FF67BD10000-0x00007FF67C102000-memory.dmp

Filesize
3.9MB

Download
memory/2228-3788-0x00007FF67BD10000-0x00007FF67C102000-memory.dmp

Filesize
3.9MB

Download
memory/2324-3690-0x00007FF6C4D00000-0x00007FF6C50F2000-memory.dmp

Filesize
3.9MB

Download
memory/2324-321-0x00007FF6C4D00000-0x00007FF6C50F2000-memory.dmp

Filesize
3.9MB

Download
memory/2336-3635-0x00007FF760EC0000-0x00007FF7612B2000-memory.dmp

Filesize
3.9MB

Download
memory/2336-279-0x00007FF760EC0000-0x00007FF7612B2000-memory.dmp

Filesize
3.9MB

Download
memory/2532-3705-0x00007FF6A4440000-0x00007FF6A4832000-memory.dmp

Filesize
3.9MB

Download
memory/2532-219-0x00007FF6A4440000-0x00007FF6A4832000-memory.dmp

Filesize
3.9MB

Download
memory/2532-3693-0x00007FF6A4440000-0x00007FF6A4832000-memory.dmp

Filesize
3.9MB

Download
memory/2908-3628-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp

Filesize
3.9MB

Download
memory/2908-3633-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp

Filesize
3.9MB

Download
memory/2908-15-0x00007FF76BF30000-0x00007FF76C322000-memory.dmp

Filesize
3.9MB

Download
memory/3096-3713-0x00007FF66CCF0000-0x00007FF66D0E2000-memory.dmp

Filesize
3.9MB

Download
memory/3096-669-0x00007FF66CCF0000-0x00007FF66D0E2000-memory.dmp

Filesize
3.9MB

Download
memory/3220-561-0x00007FF689A30000-0x00007FF689E22000-memory.dmp

Filesize
3.9MB

Download
memory/3220-3731-0x00007FF689A30000-0x00007FF689E22000-memory.dmp

Filesize
3.9MB

Download
memory/3268-676-0x00007FF64DD70000-0x00007FF64E162000-memory.dmp

Filesize
3.9MB

Download
memory/3268-3707-0x00007FF64DD70000-0x00007FF64E162000-memory.dmp

Filesize
3.9MB

Download
memory/3584-3637-0x00007FF73A210000-0x00007FF73A602000-memory.dmp

Filesize
3.9MB

Download
memory/3584-38-0x00007FF73A210000-0x00007FF73A602000-memory.dmp

Filesize
3.9MB

Download
memory/3684-720-0x0000018779490000-0x00000187794B2000-memory.dmp

Filesize
136KB

Download
memory/3840-3641-0x00007FF7E9150000-0x00007FF7E9542000-memory.dmp

Filesize
3.9MB

Download
memory/3840-674-0x00007FF7E9150000-0x00007FF7E9542000-memory.dmp

Filesize
3.9MB

Download
memory/3844-3715-0x00007FF79CBD0000-0x00007FF79CFC2000-memory.dmp

Filesize
3.9MB

Download
memory/3844-675-0x00007FF79CBD0000-0x00007FF79CFC2000-memory.dmp

Filesize
3.9MB

Download
memory/4152-3709-0x00007FF691AB0000-0x00007FF691EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4152-670-0x00007FF691AB0000-0x00007FF691EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4424-666-0x00007FF640AB0000-0x00007FF640EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4424-3745-0x00007FF640AB0000-0x00007FF640EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4948-3639-0x00007FF7B6650000-0x00007FF7B6A42000-memory.dmp

Filesize
3.9MB

Download
memory/4948-280-0x00007FF7B6650000-0x00007FF7B6A42000-memory.dmp

Filesize
3.9MB

Download
memory/4960-668-0x00007FF7F1890000-0x00007FF7F1C82000-memory.dmp

Filesize
3.9MB

Download
memory/4960-3738-0x00007FF7F1890000-0x00007FF7F1C82000-memory.dmp

Filesize
3.9MB

Download
memory/4988-671-0x00007FF7A3DD0000-0x00007FF7A41C2000-memory.dmp

Filesize
3.9MB

Download
memory/4988-3735-0x00007FF7A3DD0000-0x00007FF7A41C2000-memory.dmp

Filesize
3.9MB

Download
memory/5012-431-0x00007FF61D340000-0x00007FF61D732000-memory.dmp

Filesize
3.9MB

Download
memory/5012-3743-0x00007FF61D340000-0x00007FF61D732000-memory.dmp

Filesize
3.9MB

Download