xmrig | 3dd886bddf21f96d28056eb76b9a02c3254e8d9839a2752dc0ca43d105a6dd45

Analysis

max time kernel
114s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5effa3f9744008acfa1f5fb984db5e10N.exe
Size

1.8MB
MD5

5effa3f9744008acfa1f5fb984db5e10
SHA1

4321613235b4209b75d8ec4d9d967aac3981364f
SHA256

3dd886bddf21f96d28056eb76b9a02c3254e8d9839a2752dc0ca43d105a6dd45
SHA512

44facdfbf00722efff7dad2667ca33281856620350881e756b60dec88f68a0dbebd375413ae9a7a152e59177a4a21067f17bf28d0c76f379dccf0fe638166eca
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VqaIY:NABu

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3132-49-0x00007FF7CF4C0000-0x00007FF7CF8B2000-memory.dmp	xmrig
behavioral2/memory/3512-55-0x00007FF69DBB0000-0x00007FF69DFA2000-memory.dmp	xmrig
behavioral2/memory/3688-60-0x00007FF79F3C0000-0x00007FF79F7B2000-memory.dmp	xmrig
behavioral2/memory/4560-68-0x00007FF69E8D0000-0x00007FF69ECC2000-memory.dmp	xmrig
behavioral2/memory/2784-83-0x00007FF672930000-0x00007FF672D22000-memory.dmp	xmrig
behavioral2/memory/4016-69-0x00007FF62BC20000-0x00007FF62C012000-memory.dmp	xmrig
behavioral2/memory/4588-485-0x00007FF75F900000-0x00007FF75FCF2000-memory.dmp	xmrig
behavioral2/memory/4160-517-0x00007FF6EE2E0000-0x00007FF6EE6D2000-memory.dmp	xmrig
behavioral2/memory/3732-525-0x00007FF763E80000-0x00007FF764272000-memory.dmp	xmrig
behavioral2/memory/3480-532-0x00007FF7DD490000-0x00007FF7DD882000-memory.dmp	xmrig
behavioral2/memory/2424-566-0x00007FF774860000-0x00007FF774C52000-memory.dmp	xmrig
behavioral2/memory/2428-550-0x00007FF729A20000-0x00007FF729E12000-memory.dmp	xmrig
behavioral2/memory/4832-578-0x00007FF73A770000-0x00007FF73AB62000-memory.dmp	xmrig
behavioral2/memory/1836-598-0x00007FF7419D0000-0x00007FF741DC2000-memory.dmp	xmrig
behavioral2/memory/1104-641-0x00007FF65BEE0000-0x00007FF65C2D2000-memory.dmp	xmrig
behavioral2/memory/5012-660-0x00007FF6BF080000-0x00007FF6BF472000-memory.dmp	xmrig
behavioral2/memory/1532-644-0x00007FF7C7A00000-0x00007FF7C7DF2000-memory.dmp	xmrig
behavioral2/memory/2932-607-0x00007FF749720000-0x00007FF749B12000-memory.dmp	xmrig
behavioral2/memory/4800-604-0x00007FF706310000-0x00007FF706702000-memory.dmp	xmrig
behavioral2/memory/5112-665-0x00007FF688360000-0x00007FF688752000-memory.dmp	xmrig
behavioral2/memory/956-685-0x00007FF61E000000-0x00007FF61E3F2000-memory.dmp	xmrig
behavioral2/memory/2516-689-0x00007FF62C4B0000-0x00007FF62C8A2000-memory.dmp	xmrig
behavioral2/memory/1908-698-0x00007FF639740000-0x00007FF639B32000-memory.dmp	xmrig
behavioral2/memory/3132-1993-0x00007FF7CF4C0000-0x00007FF7CF8B2000-memory.dmp	xmrig
behavioral2/memory/3512-1995-0x00007FF69DBB0000-0x00007FF69DFA2000-memory.dmp	xmrig
behavioral2/memory/4560-1998-0x00007FF69E8D0000-0x00007FF69ECC2000-memory.dmp	xmrig
behavioral2/memory/1104-2001-0x00007FF65BEE0000-0x00007FF65C2D2000-memory.dmp	xmrig
behavioral2/memory/3688-1999-0x00007FF79F3C0000-0x00007FF79F7B2000-memory.dmp	xmrig
behavioral2/memory/4016-2003-0x00007FF62BC20000-0x00007FF62C012000-memory.dmp	xmrig
behavioral2/memory/4588-2007-0x00007FF75F900000-0x00007FF75FCF2000-memory.dmp	xmrig
behavioral2/memory/1532-2015-0x00007FF7C7A00000-0x00007FF7C7DF2000-memory.dmp	xmrig
behavioral2/memory/5012-2014-0x00007FF6BF080000-0x00007FF6BF472000-memory.dmp	xmrig
behavioral2/memory/3732-2018-0x00007FF763E80000-0x00007FF764272000-memory.dmp	xmrig
behavioral2/memory/1908-2011-0x00007FF639740000-0x00007FF639B32000-memory.dmp	xmrig
behavioral2/memory/2516-2010-0x00007FF62C4B0000-0x00007FF62C8A2000-memory.dmp	xmrig
behavioral2/memory/4160-2006-0x00007FF6EE2E0000-0x00007FF6EE6D2000-memory.dmp	xmrig
behavioral2/memory/956-2021-0x00007FF61E000000-0x00007FF61E3F2000-memory.dmp	xmrig
behavioral2/memory/3480-2027-0x00007FF7DD490000-0x00007FF7DD882000-memory.dmp	xmrig
behavioral2/memory/4832-2031-0x00007FF73A770000-0x00007FF73AB62000-memory.dmp	xmrig
behavioral2/memory/1836-2033-0x00007FF7419D0000-0x00007FF741DC2000-memory.dmp	xmrig
behavioral2/memory/2424-2029-0x00007FF774860000-0x00007FF774C52000-memory.dmp	xmrig
behavioral2/memory/2428-2025-0x00007FF729A20000-0x00007FF729E12000-memory.dmp	xmrig
behavioral2/memory/2784-2023-0x00007FF672930000-0x00007FF672D22000-memory.dmp	xmrig
behavioral2/memory/5112-2020-0x00007FF688360000-0x00007FF688752000-memory.dmp	xmrig
behavioral2/memory/3804-2066-0x00007FF6AC760000-0x00007FF6ACB52000-memory.dmp	xmrig
behavioral2/memory/4800-2040-0x00007FF706310000-0x00007FF706702000-memory.dmp	xmrig
behavioral2/memory/2932-2038-0x00007FF749720000-0x00007FF749B12000-memory.dmp	xmrig
behavioral2/memory/5088-2142-0x00007FF62C9A0000-0x00007FF62CD92000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	2144	powershell.exe
10	2144	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2144	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3132	vutLPQJ.exe
3512	XrJRvvs.exe
3688	XHVAeFQ.exe
4560	BpRDndK.exe
4016	KaRUSXc.exe
2784	vCdfZBy.exe
1104	qejaNZx.exe
1532	YKMDxuj.exe
5012	LTnhSlW.exe
5112	GsqeQeo.exe
956	jZtyuAC.exe
2516	IIymQXr.exe
5088	widnpZO.exe
1908	cGNCCDu.exe
4588	zAKCXTw.exe
4160	tZvBwBD.exe
3732	xYDSlDJ.exe
3480	CflngZk.exe
2428	glJEtHO.exe
2424	PvMTIdv.exe
4832	WjvpPSs.exe
1836	ghOKYgv.exe
4800	SAcikLd.exe
2932	PPWlGUh.exe
1500	kFdjTGn.exe
1200	MXnYWFk.exe
4284	pjxtleV.exe
2712	pOOpCvE.exe
3076	sDZLyGS.exe
4092	AsQagnm.exe
1860	cFjBXXG.exe
3716	CapJScW.exe
4268	tvHmgXz.exe
2640	qkkZTIW.exe
3668	MvLERow.exe
3312	vSoTlEh.exe
4324	xPzEdxa.exe
4528	CSQKzWh.exe
1524	oDTWCgH.exe
3524	fBdcINA.exe
2664	wemmMxf.exe
400	pDcyRrh.exe
4728	nltySVJ.exe
4636	zZJXBit.exe
2216	CWehuRb.exe
1464	QuymWJd.exe
4836	jgktSqb.exe
2404	gebjXUw.exe
2752	Jtswjri.exe
2284	txLlIQS.exe
3388	zcvbQtG.exe
5040	IRHmMOf.exe
4424	wqNurDb.exe
3156	dFHMrCJ.exe
1676	hWZZowl.exe
4404	IEGkcvu.exe
2476	UaAdfew.exe
4808	QRBnvHB.exe
4776	ycqdWZA.exe
388	PKBTkGC.exe
3644	vVOvuAv.exe
3376	pZKgoTn.exe
2392	iqUHHTg.exe
392	zwOQNOA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3804-0-0x00007FF6AC760000-0x00007FF6ACB52000-memory.dmp	upx
behavioral2/files/0x00090000000228fb-6.dat	upx
behavioral2/files/0x0007000000023498-9.dat	upx
behavioral2/files/0x0007000000023499-21.dat	upx
behavioral2/files/0x000700000002349a-26.dat	upx
behavioral2/files/0x0007000000023497-14.dat	upx
behavioral2/files/0x000700000002349b-29.dat	upx
behavioral2/memory/3132-49-0x00007FF7CF4C0000-0x00007FF7CF8B2000-memory.dmp	upx
behavioral2/memory/3512-55-0x00007FF69DBB0000-0x00007FF69DFA2000-memory.dmp	upx
behavioral2/memory/3688-60-0x00007FF79F3C0000-0x00007FF79F7B2000-memory.dmp	upx
behavioral2/memory/4560-68-0x00007FF69E8D0000-0x00007FF69ECC2000-memory.dmp	upx
behavioral2/files/0x0008000000023494-71.dat	upx
behavioral2/memory/2784-83-0x00007FF672930000-0x00007FF672D22000-memory.dmp	upx
behavioral2/files/0x00070000000234a4-101.dat	upx
behavioral2/files/0x00070000000234a5-106.dat	upx
behavioral2/files/0x00070000000234ac-135.dat	upx
behavioral2/files/0x00070000000234ae-145.dat	upx
behavioral2/files/0x00070000000234b1-160.dat	upx
behavioral2/files/0x00070000000234b2-173.dat	upx
behavioral2/memory/5088-466-0x00007FF62C9A0000-0x00007FF62CD92000-memory.dmp	upx
behavioral2/files/0x00070000000234b5-180.dat	upx
behavioral2/files/0x00070000000234b3-178.dat	upx
behavioral2/files/0x00070000000234b4-175.dat	upx
behavioral2/files/0x00070000000234b0-163.dat	upx
behavioral2/files/0x00070000000234af-158.dat	upx
behavioral2/files/0x00070000000234ad-148.dat	upx
behavioral2/files/0x00070000000234ab-138.dat	upx
behavioral2/files/0x00070000000234aa-131.dat	upx
behavioral2/files/0x00070000000234a9-126.dat	upx
behavioral2/files/0x00070000000234a8-121.dat	upx
behavioral2/files/0x00070000000234a7-116.dat	upx
behavioral2/files/0x00070000000234a6-111.dat	upx
behavioral2/files/0x00070000000234a3-95.dat	upx
behavioral2/files/0x00070000000234a1-91.dat	upx
behavioral2/files/0x00070000000234a2-89.dat	upx
behavioral2/files/0x000800000002349e-87.dat	upx
behavioral2/files/0x000800000002349f-77.dat	upx
behavioral2/memory/4016-69-0x00007FF62BC20000-0x00007FF62C012000-memory.dmp	upx
behavioral2/files/0x000700000002349d-66.dat	upx
behavioral2/files/0x00070000000234a0-57.dat	upx
behavioral2/files/0x000700000002349c-47.dat	upx
behavioral2/memory/4588-485-0x00007FF75F900000-0x00007FF75FCF2000-memory.dmp	upx
behavioral2/memory/4160-517-0x00007FF6EE2E0000-0x00007FF6EE6D2000-memory.dmp	upx
behavioral2/memory/3732-525-0x00007FF763E80000-0x00007FF764272000-memory.dmp	upx
behavioral2/memory/3480-532-0x00007FF7DD490000-0x00007FF7DD882000-memory.dmp	upx
behavioral2/memory/2424-566-0x00007FF774860000-0x00007FF774C52000-memory.dmp	upx
behavioral2/memory/2428-550-0x00007FF729A20000-0x00007FF729E12000-memory.dmp	upx
behavioral2/memory/4832-578-0x00007FF73A770000-0x00007FF73AB62000-memory.dmp	upx
behavioral2/memory/1836-598-0x00007FF7419D0000-0x00007FF741DC2000-memory.dmp	upx
behavioral2/memory/1104-641-0x00007FF65BEE0000-0x00007FF65C2D2000-memory.dmp	upx
behavioral2/memory/5012-660-0x00007FF6BF080000-0x00007FF6BF472000-memory.dmp	upx
behavioral2/memory/1532-644-0x00007FF7C7A00000-0x00007FF7C7DF2000-memory.dmp	upx
behavioral2/memory/2932-607-0x00007FF749720000-0x00007FF749B12000-memory.dmp	upx
behavioral2/memory/4800-604-0x00007FF706310000-0x00007FF706702000-memory.dmp	upx
behavioral2/memory/5112-665-0x00007FF688360000-0x00007FF688752000-memory.dmp	upx
behavioral2/memory/956-685-0x00007FF61E000000-0x00007FF61E3F2000-memory.dmp	upx
behavioral2/memory/2516-689-0x00007FF62C4B0000-0x00007FF62C8A2000-memory.dmp	upx
behavioral2/memory/1908-698-0x00007FF639740000-0x00007FF639B32000-memory.dmp	upx
behavioral2/memory/3132-1993-0x00007FF7CF4C0000-0x00007FF7CF8B2000-memory.dmp	upx
behavioral2/memory/3512-1995-0x00007FF69DBB0000-0x00007FF69DFA2000-memory.dmp	upx
behavioral2/memory/4560-1998-0x00007FF69E8D0000-0x00007FF69ECC2000-memory.dmp	upx
behavioral2/memory/1104-2001-0x00007FF65BEE0000-0x00007FF65C2D2000-memory.dmp	upx
behavioral2/memory/3688-1999-0x00007FF79F3C0000-0x00007FF79F7B2000-memory.dmp	upx
behavioral2/memory/4016-2003-0x00007FF62BC20000-0x00007FF62C012000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NdwhTcy.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\eepzgPa.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\pYpPoxD.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\bPQWRjQ.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\cTgkwaZ.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\EXNTSUv.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\hmXCbMD.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\itiibIX.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\oHySxxH.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\ddgxuTk.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\tZhxyou.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\OKloTkS.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\WytOAev.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\vamUchI.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\xUZuwoR.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\eEKrOjd.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\ulJCaYV.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\GMMVLjU.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\FAfJDPv.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\VFdTVoK.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\KhVsJQk.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\HrLFkdr.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\YWiuHCt.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\hayaGuV.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\pCruZUx.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\fWBqKZy.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\pTrKslA.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\fjntWiT.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\kZLICIt.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\aWjPPSw.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\DqUJuJU.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\YShZstD.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\zAKCXTw.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\irUhyJC.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\vEruCla.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\WXWAmbb.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\pqBtGiF.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\nBpaoHM.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\WiHpLqp.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\fGGcCbP.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\ueZYUuq.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\FulOuaD.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\PKBTkGC.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\KSgJHEj.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\yElmYuK.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\fBdcINA.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\hbTJIOR.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\DHeEvuu.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\uZXtAJD.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\kFdjTGn.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\osRCRym.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\ExfXcwm.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\UaAdfew.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\UdRuNVz.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\eboOKAM.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\mIdIchx.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\kigbcli.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\ftVWJRi.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\AmTrPDw.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\bkWhrrF.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\hmcyiUB.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\VVhnJRK.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\cTiazeS.exe	5effa3f9744008acfa1f5fb984db5e10N.exe
File created	C:\Windows\System\VdQAygc.exe	5effa3f9744008acfa1f5fb984db5e10N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2144	powershell.exe
2144	powershell.exe
2144	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2144	powershell.exe
Token: SeLockMemoryPrivilege	3804	5effa3f9744008acfa1f5fb984db5e10N.exe
Token: SeLockMemoryPrivilege	3804	5effa3f9744008acfa1f5fb984db5e10N.exe
Token: SeCreateGlobalPrivilege	3736	dwm.exe
Token: SeChangeNotifyPrivilege	3736	dwm.exe
Token: 33	3736	dwm.exe
Token: SeIncBasePriorityPrivilege	3736	dwm.exe
Token: SeShutdownPrivilege	3736	dwm.exe
Token: SeCreatePagefilePrivilege	3736	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 2144	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	85
PID 3804 wrote to memory of 2144	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	85
PID 3804 wrote to memory of 3132	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	86
PID 3804 wrote to memory of 3132	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	86
PID 3804 wrote to memory of 3512	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	87
PID 3804 wrote to memory of 3512	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	87
PID 3804 wrote to memory of 3688	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	88
PID 3804 wrote to memory of 3688	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	88
PID 3804 wrote to memory of 4560	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	89
PID 3804 wrote to memory of 4560	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	89
PID 3804 wrote to memory of 4016	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	90
PID 3804 wrote to memory of 4016	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	90
PID 3804 wrote to memory of 2784	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	91
PID 3804 wrote to memory of 2784	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	91
PID 3804 wrote to memory of 1104	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	92
PID 3804 wrote to memory of 1104	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	92
PID 3804 wrote to memory of 1532	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	93
PID 3804 wrote to memory of 1532	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	93
PID 3804 wrote to memory of 5012	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	94
PID 3804 wrote to memory of 5012	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	94
PID 3804 wrote to memory of 5112	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	95
PID 3804 wrote to memory of 5112	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	95
PID 3804 wrote to memory of 956	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	96
PID 3804 wrote to memory of 956	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	96
PID 3804 wrote to memory of 2516	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	97
PID 3804 wrote to memory of 2516	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	97
PID 3804 wrote to memory of 5088	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	98
PID 3804 wrote to memory of 5088	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	98
PID 3804 wrote to memory of 1908	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	99
PID 3804 wrote to memory of 1908	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	99
PID 3804 wrote to memory of 4588	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	100
PID 3804 wrote to memory of 4588	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	100
PID 3804 wrote to memory of 4160	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	101
PID 3804 wrote to memory of 4160	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	101
PID 3804 wrote to memory of 3732	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	102
PID 3804 wrote to memory of 3732	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	102
PID 3804 wrote to memory of 3480	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	103
PID 3804 wrote to memory of 3480	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	103
PID 3804 wrote to memory of 2428	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	104
PID 3804 wrote to memory of 2428	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	104
PID 3804 wrote to memory of 2424	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	105
PID 3804 wrote to memory of 2424	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	105
PID 3804 wrote to memory of 4832	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	106
PID 3804 wrote to memory of 4832	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	106
PID 3804 wrote to memory of 1836	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	107
PID 3804 wrote to memory of 1836	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	107
PID 3804 wrote to memory of 4800	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	108
PID 3804 wrote to memory of 4800	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	108
PID 3804 wrote to memory of 2932	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	109
PID 3804 wrote to memory of 2932	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	109
PID 3804 wrote to memory of 1500	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	110
PID 3804 wrote to memory of 1500	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	110
PID 3804 wrote to memory of 1200	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	111
PID 3804 wrote to memory of 1200	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	111
PID 3804 wrote to memory of 4284	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	112
PID 3804 wrote to memory of 4284	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	112
PID 3804 wrote to memory of 2712	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	113
PID 3804 wrote to memory of 2712	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	113
PID 3804 wrote to memory of 3076	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	114
PID 3804 wrote to memory of 3076	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	114
PID 3804 wrote to memory of 4092	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	115
PID 3804 wrote to memory of 4092	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	115
PID 3804 wrote to memory of 1860	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	116
PID 3804 wrote to memory of 1860	3804	5effa3f9744008acfa1f5fb984db5e10N.exe	116

C:\Users\Admin\AppData\Local\Temp\5effa3f9744008acfa1f5fb984db5e10N.exe
"C:\Users\Admin\AppData\Local\Temp\5effa3f9744008acfa1f5fb984db5e10N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2144
- C:\Windows\System\vutLPQJ.exe
  C:\Windows\System\vutLPQJ.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\XrJRvvs.exe
  C:\Windows\System\XrJRvvs.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\XHVAeFQ.exe
  C:\Windows\System\XHVAeFQ.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\BpRDndK.exe
  C:\Windows\System\BpRDndK.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\KaRUSXc.exe
  C:\Windows\System\KaRUSXc.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\vCdfZBy.exe
  C:\Windows\System\vCdfZBy.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\qejaNZx.exe
  C:\Windows\System\qejaNZx.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\YKMDxuj.exe
  C:\Windows\System\YKMDxuj.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\LTnhSlW.exe
  C:\Windows\System\LTnhSlW.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\GsqeQeo.exe
  C:\Windows\System\GsqeQeo.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\jZtyuAC.exe
  C:\Windows\System\jZtyuAC.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\IIymQXr.exe
  C:\Windows\System\IIymQXr.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\widnpZO.exe
  C:\Windows\System\widnpZO.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\cGNCCDu.exe
  C:\Windows\System\cGNCCDu.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\zAKCXTw.exe
  C:\Windows\System\zAKCXTw.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\tZvBwBD.exe
  C:\Windows\System\tZvBwBD.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\xYDSlDJ.exe
  C:\Windows\System\xYDSlDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\CflngZk.exe
  C:\Windows\System\CflngZk.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\glJEtHO.exe
  C:\Windows\System\glJEtHO.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\PvMTIdv.exe
  C:\Windows\System\PvMTIdv.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\WjvpPSs.exe
  C:\Windows\System\WjvpPSs.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\ghOKYgv.exe
  C:\Windows\System\ghOKYgv.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\SAcikLd.exe
  C:\Windows\System\SAcikLd.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\PPWlGUh.exe
  C:\Windows\System\PPWlGUh.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\kFdjTGn.exe
  C:\Windows\System\kFdjTGn.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\MXnYWFk.exe
  C:\Windows\System\MXnYWFk.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\pjxtleV.exe
  C:\Windows\System\pjxtleV.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\pOOpCvE.exe
  C:\Windows\System\pOOpCvE.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\sDZLyGS.exe
  C:\Windows\System\sDZLyGS.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\AsQagnm.exe
  C:\Windows\System\AsQagnm.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\cFjBXXG.exe
  C:\Windows\System\cFjBXXG.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\CapJScW.exe
  C:\Windows\System\CapJScW.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\tvHmgXz.exe
  C:\Windows\System\tvHmgXz.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\qkkZTIW.exe
  C:\Windows\System\qkkZTIW.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\MvLERow.exe
  C:\Windows\System\MvLERow.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\vSoTlEh.exe
  C:\Windows\System\vSoTlEh.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\xPzEdxa.exe
  C:\Windows\System\xPzEdxa.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\CSQKzWh.exe
  C:\Windows\System\CSQKzWh.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\oDTWCgH.exe
  C:\Windows\System\oDTWCgH.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\fBdcINA.exe
  C:\Windows\System\fBdcINA.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\wemmMxf.exe
  C:\Windows\System\wemmMxf.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\pDcyRrh.exe
  C:\Windows\System\pDcyRrh.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\nltySVJ.exe
  C:\Windows\System\nltySVJ.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\zZJXBit.exe
  C:\Windows\System\zZJXBit.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\CWehuRb.exe
  C:\Windows\System\CWehuRb.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\QuymWJd.exe
  C:\Windows\System\QuymWJd.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\jgktSqb.exe
  C:\Windows\System\jgktSqb.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\gebjXUw.exe
  C:\Windows\System\gebjXUw.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\Jtswjri.exe
  C:\Windows\System\Jtswjri.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\txLlIQS.exe
  C:\Windows\System\txLlIQS.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\zcvbQtG.exe
  C:\Windows\System\zcvbQtG.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\IRHmMOf.exe
  C:\Windows\System\IRHmMOf.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\wqNurDb.exe
  C:\Windows\System\wqNurDb.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\dFHMrCJ.exe
  C:\Windows\System\dFHMrCJ.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\hWZZowl.exe
  C:\Windows\System\hWZZowl.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\IEGkcvu.exe
  C:\Windows\System\IEGkcvu.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\UaAdfew.exe
  C:\Windows\System\UaAdfew.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\QRBnvHB.exe
  C:\Windows\System\QRBnvHB.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\ycqdWZA.exe
  C:\Windows\System\ycqdWZA.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\PKBTkGC.exe
  C:\Windows\System\PKBTkGC.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\vVOvuAv.exe
  C:\Windows\System\vVOvuAv.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\pZKgoTn.exe
  C:\Windows\System\pZKgoTn.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\iqUHHTg.exe
  C:\Windows\System\iqUHHTg.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\zwOQNOA.exe
  C:\Windows\System\zwOQNOA.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\FmsgkOg.exe
  C:\Windows\System\FmsgkOg.exe
  2⤵
  PID:5092
- C:\Windows\System\LgzqsTk.exe
  C:\Windows\System\LgzqsTk.exe
  2⤵
  PID:860
- C:\Windows\System\kshlDlL.exe
  C:\Windows\System\kshlDlL.exe
  2⤵
  PID:2504
- C:\Windows\System\qZKMCeo.exe
  C:\Windows\System\qZKMCeo.exe
  2⤵
  PID:4740
- C:\Windows\System\WYPzelf.exe
  C:\Windows\System\WYPzelf.exe
  2⤵
  PID:2940
- C:\Windows\System\DLVeIXQ.exe
  C:\Windows\System\DLVeIXQ.exe
  2⤵
  PID:856
- C:\Windows\System\khoUnOb.exe
  C:\Windows\System\khoUnOb.exe
  2⤵
  PID:5028
- C:\Windows\System\LbnABdb.exe
  C:\Windows\System\LbnABdb.exe
  2⤵
  PID:4032
- C:\Windows\System\pqBtGiF.exe
  C:\Windows\System\pqBtGiF.exe
  2⤵
  PID:1384
- C:\Windows\System\oWDuWYb.exe
  C:\Windows\System\oWDuWYb.exe
  2⤵
  PID:4936
- C:\Windows\System\UdRuNVz.exe
  C:\Windows\System\UdRuNVz.exe
  2⤵
  PID:2892
- C:\Windows\System\fXvdXcW.exe
  C:\Windows\System\fXvdXcW.exe
  2⤵
  PID:1432
- C:\Windows\System\LrCsqzV.exe
  C:\Windows\System\LrCsqzV.exe
  2⤵
  PID:4508
- C:\Windows\System\ngjcjsZ.exe
  C:\Windows\System\ngjcjsZ.exe
  2⤵
  PID:5124
- C:\Windows\System\TwEgejj.exe
  C:\Windows\System\TwEgejj.exe
  2⤵
  PID:5156
- C:\Windows\System\uIVHNvC.exe
  C:\Windows\System\uIVHNvC.exe
  2⤵
  PID:5184
- C:\Windows\System\eemaGSJ.exe
  C:\Windows\System\eemaGSJ.exe
  2⤵
  PID:5212
- C:\Windows\System\dFIpRJC.exe
  C:\Windows\System\dFIpRJC.exe
  2⤵
  PID:5244
- C:\Windows\System\vVslcQB.exe
  C:\Windows\System\vVslcQB.exe
  2⤵
  PID:5268
- C:\Windows\System\ugTQhRI.exe
  C:\Windows\System\ugTQhRI.exe
  2⤵
  PID:5296
- C:\Windows\System\ddgxuTk.exe
  C:\Windows\System\ddgxuTk.exe
  2⤵
  PID:5328
- C:\Windows\System\fsWpvCx.exe
  C:\Windows\System\fsWpvCx.exe
  2⤵
  PID:5352
- C:\Windows\System\IDDPHrB.exe
  C:\Windows\System\IDDPHrB.exe
  2⤵
  PID:5380
- C:\Windows\System\CBqwiLb.exe
  C:\Windows\System\CBqwiLb.exe
  2⤵
  PID:5408
- C:\Windows\System\CPoDYWI.exe
  C:\Windows\System\CPoDYWI.exe
  2⤵
  PID:5436
- C:\Windows\System\CGyaZjO.exe
  C:\Windows\System\CGyaZjO.exe
  2⤵
  PID:5464
- C:\Windows\System\feIHDzg.exe
  C:\Windows\System\feIHDzg.exe
  2⤵
  PID:5492
- C:\Windows\System\lkdkuGZ.exe
  C:\Windows\System\lkdkuGZ.exe
  2⤵
  PID:5520
- C:\Windows\System\qFkRbUe.exe
  C:\Windows\System\qFkRbUe.exe
  2⤵
  PID:5552
- C:\Windows\System\jSLbqan.exe
  C:\Windows\System\jSLbqan.exe
  2⤵
  PID:5580
- C:\Windows\System\fUdbtHS.exe
  C:\Windows\System\fUdbtHS.exe
  2⤵
  PID:5608
- C:\Windows\System\Kpzfahl.exe
  C:\Windows\System\Kpzfahl.exe
  2⤵
  PID:5632
- C:\Windows\System\DWczLQy.exe
  C:\Windows\System\DWczLQy.exe
  2⤵
  PID:5660
- C:\Windows\System\iRNXPZb.exe
  C:\Windows\System\iRNXPZb.exe
  2⤵
  PID:5688
- C:\Windows\System\HkSaxZU.exe
  C:\Windows\System\HkSaxZU.exe
  2⤵
  PID:5720
- C:\Windows\System\YRknmVg.exe
  C:\Windows\System\YRknmVg.exe
  2⤵
  PID:5748
- C:\Windows\System\YjKWsPf.exe
  C:\Windows\System\YjKWsPf.exe
  2⤵
  PID:5772
- C:\Windows\System\OVLZMba.exe
  C:\Windows\System\OVLZMba.exe
  2⤵
  PID:5804
- C:\Windows\System\xfQVffS.exe
  C:\Windows\System\xfQVffS.exe
  2⤵
  PID:5832
- C:\Windows\System\gqArTyl.exe
  C:\Windows\System\gqArTyl.exe
  2⤵
  PID:5864
- C:\Windows\System\hagnHNv.exe
  C:\Windows\System\hagnHNv.exe
  2⤵
  PID:5896
- C:\Windows\System\KWfAvEv.exe
  C:\Windows\System\KWfAvEv.exe
  2⤵
  PID:5924
- C:\Windows\System\XYDUjhI.exe
  C:\Windows\System\XYDUjhI.exe
  2⤵
  PID:5952
- C:\Windows\System\tJfEbNq.exe
  C:\Windows\System\tJfEbNq.exe
  2⤵
  PID:5980
- C:\Windows\System\SbXKBMz.exe
  C:\Windows\System\SbXKBMz.exe
  2⤵
  PID:6008
- C:\Windows\System\NdwhTcy.exe
  C:\Windows\System\NdwhTcy.exe
  2⤵
  PID:6036
- C:\Windows\System\ksVLSSm.exe
  C:\Windows\System\ksVLSSm.exe
  2⤵
  PID:6064
- C:\Windows\System\JfLnTpl.exe
  C:\Windows\System\JfLnTpl.exe
  2⤵
  PID:6092
- C:\Windows\System\GHBrBuO.exe
  C:\Windows\System\GHBrBuO.exe
  2⤵
  PID:6120
- C:\Windows\System\NryIPhk.exe
  C:\Windows\System\NryIPhk.exe
  2⤵
  PID:536
- C:\Windows\System\boSZive.exe
  C:\Windows\System\boSZive.exe
  2⤵
  PID:540
- C:\Windows\System\PhFDTWw.exe
  C:\Windows\System\PhFDTWw.exe
  2⤵
  PID:3464
- C:\Windows\System\VhZRVze.exe
  C:\Windows\System\VhZRVze.exe
  2⤵
  PID:3124
- C:\Windows\System\lfTBPUL.exe
  C:\Windows\System\lfTBPUL.exe
  2⤵
  PID:5144
- C:\Windows\System\yadAOyG.exe
  C:\Windows\System\yadAOyG.exe
  2⤵
  PID:5204
- C:\Windows\System\EOGMLag.exe
  C:\Windows\System\EOGMLag.exe
  2⤵
  PID:5260
- C:\Windows\System\kJgVqMO.exe
  C:\Windows\System\kJgVqMO.exe
  2⤵
  PID:5320
- C:\Windows\System\uKqwWFu.exe
  C:\Windows\System\uKqwWFu.exe
  2⤵
  PID:5372
- C:\Windows\System\vFGijhJ.exe
  C:\Windows\System\vFGijhJ.exe
  2⤵
  PID:5424
- C:\Windows\System\ZZhkYih.exe
  C:\Windows\System\ZZhkYih.exe
  2⤵
  PID:5488
- C:\Windows\System\bPQWRjQ.exe
  C:\Windows\System\bPQWRjQ.exe
  2⤵
  PID:5564
- C:\Windows\System\eEfjVQz.exe
  C:\Windows\System\eEfjVQz.exe
  2⤵
  PID:5624
- C:\Windows\System\GYFELwE.exe
  C:\Windows\System\GYFELwE.exe
  2⤵
  PID:5676
- C:\Windows\System\nsidhyO.exe
  C:\Windows\System\nsidhyO.exe
  2⤵
  PID:5732
- C:\Windows\System\TEAzoLT.exe
  C:\Windows\System\TEAzoLT.exe
  2⤵
  PID:5884
- C:\Windows\System\FJYRRaa.exe
  C:\Windows\System\FJYRRaa.exe
  2⤵
  PID:2816
- C:\Windows\System\oFMMVzs.exe
  C:\Windows\System\oFMMVzs.exe
  2⤵
  PID:6032
- C:\Windows\System\obFsowT.exe
  C:\Windows\System\obFsowT.exe
  2⤵
  PID:6080
- C:\Windows\System\ASUQBOc.exe
  C:\Windows\System\ASUQBOc.exe
  2⤵
  PID:3748
- C:\Windows\System\npHdKIR.exe
  C:\Windows\System\npHdKIR.exe
  2⤵
  PID:6136
- C:\Windows\System\iSHoows.exe
  C:\Windows\System\iSHoows.exe
  2⤵
  PID:2396
- C:\Windows\System\eEKrOjd.exe
  C:\Windows\System\eEKrOjd.exe
  2⤵
  PID:2992
- C:\Windows\System\zHIDkcP.exe
  C:\Windows\System\zHIDkcP.exe
  2⤵
  PID:4056
- C:\Windows\System\gnsPdcJ.exe
  C:\Windows\System\gnsPdcJ.exe
  2⤵
  PID:2436
- C:\Windows\System\cuNmSjR.exe
  C:\Windows\System\cuNmSjR.exe
  2⤵
  PID:5172
- C:\Windows\System\XwykFxV.exe
  C:\Windows\System\XwykFxV.exe
  2⤵
  PID:3352
- C:\Windows\System\kPrSLQW.exe
  C:\Windows\System\kPrSLQW.exe
  2⤵
  PID:5312
- C:\Windows\System\bVSVaxo.exe
  C:\Windows\System\bVSVaxo.exe
  2⤵
  PID:5400
- C:\Windows\System\kyDybrO.exe
  C:\Windows\System\kyDybrO.exe
  2⤵
  PID:4416
- C:\Windows\System\nLixOPi.exe
  C:\Windows\System\nLixOPi.exe
  2⤵
  PID:5592
- C:\Windows\System\PzSYFYA.exe
  C:\Windows\System\PzSYFYA.exe
  2⤵
  PID:448
- C:\Windows\System\bkWhrrF.exe
  C:\Windows\System\bkWhrrF.exe
  2⤵
  PID:2984
- C:\Windows\System\IVSLZjt.exe
  C:\Windows\System\IVSLZjt.exe
  2⤵
  PID:4576
- C:\Windows\System\tKkdNFZ.exe
  C:\Windows\System\tKkdNFZ.exe
  2⤵
  PID:4928
- C:\Windows\System\iTmypqp.exe
  C:\Windows\System\iTmypqp.exe
  2⤵
  PID:5856
- C:\Windows\System\CmUOkRD.exe
  C:\Windows\System\CmUOkRD.exe
  2⤵
  PID:5880
- C:\Windows\System\qUfLdSw.exe
  C:\Windows\System\qUfLdSw.exe
  2⤵
  PID:5292
- C:\Windows\System\ECusHQq.exe
  C:\Windows\System\ECusHQq.exe
  2⤵
  PID:6108
- C:\Windows\System\IYtVLRv.exe
  C:\Windows\System\IYtVLRv.exe
  2⤵
  PID:3904
- C:\Windows\System\QGNltMW.exe
  C:\Windows\System\QGNltMW.exe
  2⤵
  PID:1716
- C:\Windows\System\nBpaoHM.exe
  C:\Windows\System\nBpaoHM.exe
  2⤵
  PID:3504
- C:\Windows\System\oxlLpYq.exe
  C:\Windows\System\oxlLpYq.exe
  2⤵
  PID:5060
- C:\Windows\System\fmJoQQY.exe
  C:\Windows\System\fmJoQQY.exe
  2⤵
  PID:4904
- C:\Windows\System\rGEsWlp.exe
  C:\Windows\System\rGEsWlp.exe
  2⤵
  PID:1036
- C:\Windows\System\XZtnPch.exe
  C:\Windows\System\XZtnPch.exe
  2⤵
  PID:5348
- C:\Windows\System\VXQqOoS.exe
  C:\Windows\System\VXQqOoS.exe
  2⤵
  PID:2024
- C:\Windows\System\pTrKslA.exe
  C:\Windows\System\pTrKslA.exe
  2⤵
  PID:6172
- C:\Windows\System\iOzyTdV.exe
  C:\Windows\System\iOzyTdV.exe
  2⤵
  PID:6204
- C:\Windows\System\QWRyhwa.exe
  C:\Windows\System\QWRyhwa.exe
  2⤵
  PID:6232
- C:\Windows\System\GXRCtee.exe
  C:\Windows\System\GXRCtee.exe
  2⤵
  PID:6248
- C:\Windows\System\Sfpttmz.exe
  C:\Windows\System\Sfpttmz.exe
  2⤵
  PID:6268
- C:\Windows\System\Tfrnnpb.exe
  C:\Windows\System\Tfrnnpb.exe
  2⤵
  PID:6296
- C:\Windows\System\dBcwTLO.exe
  C:\Windows\System\dBcwTLO.exe
  2⤵
  PID:6316
- C:\Windows\System\cTfKycX.exe
  C:\Windows\System\cTfKycX.exe
  2⤵
  PID:6336
- C:\Windows\System\RMNbhEj.exe
  C:\Windows\System\RMNbhEj.exe
  2⤵
  PID:6356
- C:\Windows\System\iiRouDr.exe
  C:\Windows\System\iiRouDr.exe
  2⤵
  PID:6412
- C:\Windows\System\nbRrnPt.exe
  C:\Windows\System\nbRrnPt.exe
  2⤵
  PID:6436
- C:\Windows\System\KXnMZYD.exe
  C:\Windows\System\KXnMZYD.exe
  2⤵
  PID:6464
- C:\Windows\System\hbTJIOR.exe
  C:\Windows\System\hbTJIOR.exe
  2⤵
  PID:6480
- C:\Windows\System\zvhvBXP.exe
  C:\Windows\System\zvhvBXP.exe
  2⤵
  PID:6496
- C:\Windows\System\JdvQxiI.exe
  C:\Windows\System\JdvQxiI.exe
  2⤵
  PID:6552
- C:\Windows\System\UcyxpJN.exe
  C:\Windows\System\UcyxpJN.exe
  2⤵
  PID:6588
- C:\Windows\System\EqRNuIF.exe
  C:\Windows\System\EqRNuIF.exe
  2⤵
  PID:6608
- C:\Windows\System\UOgtDJd.exe
  C:\Windows\System\UOgtDJd.exe
  2⤵
  PID:6628
- C:\Windows\System\WpAoZYv.exe
  C:\Windows\System\WpAoZYv.exe
  2⤵
  PID:6644
- C:\Windows\System\WvFbsaR.exe
  C:\Windows\System\WvFbsaR.exe
  2⤵
  PID:6684
- C:\Windows\System\BdbVpRa.exe
  C:\Windows\System\BdbVpRa.exe
  2⤵
  PID:6704
- C:\Windows\System\QUUaaDt.exe
  C:\Windows\System\QUUaaDt.exe
  2⤵
  PID:6728
- C:\Windows\System\ScFSvsX.exe
  C:\Windows\System\ScFSvsX.exe
  2⤵
  PID:6744
- C:\Windows\System\fnVkCwU.exe
  C:\Windows\System\fnVkCwU.exe
  2⤵
  PID:6768
- C:\Windows\System\JnNqRuE.exe
  C:\Windows\System\JnNqRuE.exe
  2⤵
  PID:6788
- C:\Windows\System\rAPSuFJ.exe
  C:\Windows\System\rAPSuFJ.exe
  2⤵
  PID:6808
- C:\Windows\System\zqyTpYY.exe
  C:\Windows\System\zqyTpYY.exe
  2⤵
  PID:6832
- C:\Windows\System\vrKYCzM.exe
  C:\Windows\System\vrKYCzM.exe
  2⤵
  PID:6848
- C:\Windows\System\dAFVhFP.exe
  C:\Windows\System\dAFVhFP.exe
  2⤵
  PID:6872
- C:\Windows\System\wpAlZFy.exe
  C:\Windows\System\wpAlZFy.exe
  2⤵
  PID:6940
- C:\Windows\System\WEEcZtL.exe
  C:\Windows\System\WEEcZtL.exe
  2⤵
  PID:6960
- C:\Windows\System\VFdTVoK.exe
  C:\Windows\System\VFdTVoK.exe
  2⤵
  PID:6984
- C:\Windows\System\qoauqQx.exe
  C:\Windows\System\qoauqQx.exe
  2⤵
  PID:7148
- C:\Windows\System\RPpEzid.exe
  C:\Windows\System\RPpEzid.exe
  2⤵
  PID:4136
- C:\Windows\System\PajQsXj.exe
  C:\Windows\System\PajQsXj.exe
  2⤵
  PID:3252
- C:\Windows\System\mstTRlc.exe
  C:\Windows\System\mstTRlc.exe
  2⤵
  PID:6152
- C:\Windows\System\xjleuoG.exe
  C:\Windows\System\xjleuoG.exe
  2⤵
  PID:6364
- C:\Windows\System\YWiuHCt.exe
  C:\Windows\System\YWiuHCt.exe
  2⤵
  PID:6276
- C:\Windows\System\tZTgIqe.exe
  C:\Windows\System\tZTgIqe.exe
  2⤵
  PID:6376
- C:\Windows\System\uJNXPmo.exe
  C:\Windows\System\uJNXPmo.exe
  2⤵
  PID:6452
- C:\Windows\System\PXZtlSk.exe
  C:\Windows\System\PXZtlSk.exe
  2⤵
  PID:6488
- C:\Windows\System\cBIFkeY.exe
  C:\Windows\System\cBIFkeY.exe
  2⤵
  PID:6652
- C:\Windows\System\TTYknss.exe
  C:\Windows\System\TTYknss.exe
  2⤵
  PID:6604
- C:\Windows\System\fjntWiT.exe
  C:\Windows\System\fjntWiT.exe
  2⤵
  PID:6692
- C:\Windows\System\gYwohWs.exe
  C:\Windows\System\gYwohWs.exe
  2⤵
  PID:6856
- C:\Windows\System\PEwoAVn.exe
  C:\Windows\System\PEwoAVn.exe
  2⤵
  PID:6784
- C:\Windows\System\hXAbzfZ.exe
  C:\Windows\System\hXAbzfZ.exe
  2⤵
  PID:6932
- C:\Windows\System\CVcRAaB.exe
  C:\Windows\System\CVcRAaB.exe
  2⤵
  PID:6996
- C:\Windows\System\BBNVPaU.exe
  C:\Windows\System\BBNVPaU.exe
  2⤵
  PID:6184
- C:\Windows\System\PWcexTO.exe
  C:\Windows\System\PWcexTO.exe
  2⤵
  PID:6536
- C:\Windows\System\gWwuiln.exe
  C:\Windows\System\gWwuiln.exe
  2⤵
  PID:7124
- C:\Windows\System\cXnFLtO.exe
  C:\Windows\System\cXnFLtO.exe
  2⤵
  PID:4620
- C:\Windows\System\xpOoNfI.exe
  C:\Windows\System\xpOoNfI.exe
  2⤵
  PID:6308
- C:\Windows\System\mZoiFvZ.exe
  C:\Windows\System\mZoiFvZ.exe
  2⤵
  PID:6404
- C:\Windows\System\yXFjxOf.exe
  C:\Windows\System\yXFjxOf.exe
  2⤵
  PID:6532
- C:\Windows\System\dVBhgzO.exe
  C:\Windows\System\dVBhgzO.exe
  2⤵
  PID:6672
- C:\Windows\System\YfjbARP.exe
  C:\Windows\System\YfjbARP.exe
  2⤵
  PID:6916
- C:\Windows\System\ftfiVTX.exe
  C:\Windows\System\ftfiVTX.exe
  2⤵
  PID:6948
- C:\Windows\System\rMDqjkW.exe
  C:\Windows\System\rMDqjkW.exe
  2⤵
  PID:6920
- C:\Windows\System\lrDcbrv.exe
  C:\Windows\System\lrDcbrv.exe
  2⤵
  PID:6216
- C:\Windows\System\vErpeaQ.exe
  C:\Windows\System\vErpeaQ.exe
  2⤵
  PID:6724
- C:\Windows\System\HZzDpAp.exe
  C:\Windows\System\HZzDpAp.exe
  2⤵
  PID:6388
- C:\Windows\System\XgPjCBJ.exe
  C:\Windows\System\XgPjCBJ.exe
  2⤵
  PID:7164
- C:\Windows\System\CyJifpx.exe
  C:\Windows\System\CyJifpx.exe
  2⤵
  PID:6160
- C:\Windows\System\gHssfzO.exe
  C:\Windows\System\gHssfzO.exe
  2⤵
  PID:7172
- C:\Windows\System\ocYDLvq.exe
  C:\Windows\System\ocYDLvq.exe
  2⤵
  PID:7196
- C:\Windows\System\gDMGaNN.exe
  C:\Windows\System\gDMGaNN.exe
  2⤵
  PID:7220
- C:\Windows\System\tawhfLD.exe
  C:\Windows\System\tawhfLD.exe
  2⤵
  PID:7260
- C:\Windows\System\eboOKAM.exe
  C:\Windows\System\eboOKAM.exe
  2⤵
  PID:7284
- C:\Windows\System\YLdYtLE.exe
  C:\Windows\System\YLdYtLE.exe
  2⤵
  PID:7308
- C:\Windows\System\HeJlGDd.exe
  C:\Windows\System\HeJlGDd.exe
  2⤵
  PID:7328
- C:\Windows\System\SgJzlZr.exe
  C:\Windows\System\SgJzlZr.exe
  2⤵
  PID:7356
- C:\Windows\System\fQGahsO.exe
  C:\Windows\System\fQGahsO.exe
  2⤵
  PID:7376
- C:\Windows\System\RuIEtYR.exe
  C:\Windows\System\RuIEtYR.exe
  2⤵
  PID:7440
- C:\Windows\System\caDghfb.exe
  C:\Windows\System\caDghfb.exe
  2⤵
  PID:7468
- C:\Windows\System\RztjRDD.exe
  C:\Windows\System\RztjRDD.exe
  2⤵
  PID:7492
- C:\Windows\System\usAYFaA.exe
  C:\Windows\System\usAYFaA.exe
  2⤵
  PID:7512
- C:\Windows\System\WXjczZo.exe
  C:\Windows\System\WXjczZo.exe
  2⤵
  PID:7544
- C:\Windows\System\mYzBGaP.exe
  C:\Windows\System\mYzBGaP.exe
  2⤵
  PID:7564
- C:\Windows\System\XcxjPqe.exe
  C:\Windows\System\XcxjPqe.exe
  2⤵
  PID:7588
- C:\Windows\System\GsCelDA.exe
  C:\Windows\System\GsCelDA.exe
  2⤵
  PID:7608
- C:\Windows\System\eoSeAOq.exe
  C:\Windows\System\eoSeAOq.exe
  2⤵
  PID:7648
- C:\Windows\System\HZdvYqG.exe
  C:\Windows\System\HZdvYqG.exe
  2⤵
  PID:7684
- C:\Windows\System\ufCKPHF.exe
  C:\Windows\System\ufCKPHF.exe
  2⤵
  PID:7708
- C:\Windows\System\sBuhhJX.exe
  C:\Windows\System\sBuhhJX.exe
  2⤵
  PID:7736
- C:\Windows\System\dquWYGa.exe
  C:\Windows\System\dquWYGa.exe
  2⤵
  PID:7756
- C:\Windows\System\gYoLDmw.exe
  C:\Windows\System\gYoLDmw.exe
  2⤵
  PID:7792
- C:\Windows\System\hmcyiUB.exe
  C:\Windows\System\hmcyiUB.exe
  2⤵
  PID:7828
- C:\Windows\System\XTIRaTx.exe
  C:\Windows\System\XTIRaTx.exe
  2⤵
  PID:7848
- C:\Windows\System\WiHpLqp.exe
  C:\Windows\System\WiHpLqp.exe
  2⤵
  PID:7876
- C:\Windows\System\eLJGgAR.exe
  C:\Windows\System\eLJGgAR.exe
  2⤵
  PID:7904
- C:\Windows\System\xihLTRi.exe
  C:\Windows\System\xihLTRi.exe
  2⤵
  PID:7944
- C:\Windows\System\aCSSdUk.exe
  C:\Windows\System\aCSSdUk.exe
  2⤵
  PID:7968
- C:\Windows\System\rtUabSo.exe
  C:\Windows\System\rtUabSo.exe
  2⤵
  PID:7988
- C:\Windows\System\TmVTquu.exe
  C:\Windows\System\TmVTquu.exe
  2⤵
  PID:8008
- C:\Windows\System\KSgJHEj.exe
  C:\Windows\System\KSgJHEj.exe
  2⤵
  PID:8032
- C:\Windows\System\NfKUzaf.exe
  C:\Windows\System\NfKUzaf.exe
  2⤵
  PID:8052
- C:\Windows\System\BsKBiVz.exe
  C:\Windows\System\BsKBiVz.exe
  2⤵
  PID:8080
- C:\Windows\System\kHJNwVL.exe
  C:\Windows\System\kHJNwVL.exe
  2⤵
  PID:8104
- C:\Windows\System\tqvxwaK.exe
  C:\Windows\System\tqvxwaK.exe
  2⤵
  PID:8156
- C:\Windows\System\xBRFjxO.exe
  C:\Windows\System\xBRFjxO.exe
  2⤵
  PID:6828
- C:\Windows\System\mhXfOjK.exe
  C:\Windows\System\mhXfOjK.exe
  2⤵
  PID:7188
- C:\Windows\System\hvpHCMy.exe
  C:\Windows\System\hvpHCMy.exe
  2⤵
  PID:7276
- C:\Windows\System\KmnBVAB.exe
  C:\Windows\System\KmnBVAB.exe
  2⤵
  PID:7324
- C:\Windows\System\OkAOFHV.exe
  C:\Windows\System\OkAOFHV.exe
  2⤵
  PID:7344
- C:\Windows\System\ajodbKg.exe
  C:\Windows\System\ajodbKg.exe
  2⤵
  PID:7484
- C:\Windows\System\oEovVoV.exe
  C:\Windows\System\oEovVoV.exe
  2⤵
  PID:1544
- C:\Windows\System\YsxWeHh.exe
  C:\Windows\System\YsxWeHh.exe
  2⤵
  PID:7596
- C:\Windows\System\HcwoDjc.exe
  C:\Windows\System\HcwoDjc.exe
  2⤵
  PID:7680
- C:\Windows\System\YJGrNCe.exe
  C:\Windows\System\YJGrNCe.exe
  2⤵
  PID:7780
- C:\Windows\System\LlXjejW.exe
  C:\Windows\System\LlXjejW.exe
  2⤵
  PID:7732
- C:\Windows\System\XkMaaiY.exe
  C:\Windows\System\XkMaaiY.exe
  2⤵
  PID:7872
- C:\Windows\System\IeVqcBu.exe
  C:\Windows\System\IeVqcBu.exe
  2⤵
  PID:7132
- C:\Windows\System\iNWAEBl.exe
  C:\Windows\System\iNWAEBl.exe
  2⤵
  PID:8000
- C:\Windows\System\rWVLvAT.exe
  C:\Windows\System\rWVLvAT.exe
  2⤵
  PID:8072
- C:\Windows\System\UTzUEue.exe
  C:\Windows\System\UTzUEue.exe
  2⤵
  PID:8124
- C:\Windows\System\LLTMVHk.exe
  C:\Windows\System\LLTMVHk.exe
  2⤵
  PID:8176
- C:\Windows\System\DiRaUSy.exe
  C:\Windows\System\DiRaUSy.exe
  2⤵
  PID:7248
- C:\Windows\System\pMIhEea.exe
  C:\Windows\System\pMIhEea.exe
  2⤵
  PID:7348
- C:\Windows\System\kTwkmkB.exe
  C:\Windows\System\kTwkmkB.exe
  2⤵
  PID:7460
- C:\Windows\System\fYbPNhG.exe
  C:\Windows\System\fYbPNhG.exe
  2⤵
  PID:7664
- C:\Windows\System\ORNDyAO.exe
  C:\Windows\System\ORNDyAO.exe
  2⤵
  PID:7632
- C:\Windows\System\AvAzKsm.exe
  C:\Windows\System\AvAzKsm.exe
  2⤵
  PID:7788
- C:\Windows\System\OQPYHzn.exe
  C:\Windows\System\OQPYHzn.exe
  2⤵
  PID:8168
- C:\Windows\System\pmYuRSS.exe
  C:\Windows\System\pmYuRSS.exe
  2⤵
  PID:7532
- C:\Windows\System\Yxzyeby.exe
  C:\Windows\System\Yxzyeby.exe
  2⤵
  PID:7860
- C:\Windows\System\UtKJxLv.exe
  C:\Windows\System\UtKJxLv.exe
  2⤵
  PID:6840
- C:\Windows\System\bVWogMt.exe
  C:\Windows\System\bVWogMt.exe
  2⤵
  PID:7320
- C:\Windows\System\UIypCoY.exe
  C:\Windows\System\UIypCoY.exe
  2⤵
  PID:8220
- C:\Windows\System\AFVwdSs.exe
  C:\Windows\System\AFVwdSs.exe
  2⤵
  PID:8244
- C:\Windows\System\ygegEwW.exe
  C:\Windows\System\ygegEwW.exe
  2⤵
  PID:8268
- C:\Windows\System\solOsRc.exe
  C:\Windows\System\solOsRc.exe
  2⤵
  PID:8288
- C:\Windows\System\FDeMPgv.exe
  C:\Windows\System\FDeMPgv.exe
  2⤵
  PID:8308
- C:\Windows\System\KhVsJQk.exe
  C:\Windows\System\KhVsJQk.exe
  2⤵
  PID:8340
- C:\Windows\System\VkcRAnP.exe
  C:\Windows\System\VkcRAnP.exe
  2⤵
  PID:8364
- C:\Windows\System\HBDlSDN.exe
  C:\Windows\System\HBDlSDN.exe
  2⤵
  PID:8380
- C:\Windows\System\NSWtEQR.exe
  C:\Windows\System\NSWtEQR.exe
  2⤵
  PID:8408
- C:\Windows\System\ulJCaYV.exe
  C:\Windows\System\ulJCaYV.exe
  2⤵
  PID:8444
- C:\Windows\System\pxEFbhH.exe
  C:\Windows\System\pxEFbhH.exe
  2⤵
  PID:8488
- C:\Windows\System\kNMmcSr.exe
  C:\Windows\System\kNMmcSr.exe
  2⤵
  PID:8516
- C:\Windows\System\mdgVJsd.exe
  C:\Windows\System\mdgVJsd.exe
  2⤵
  PID:8544
- C:\Windows\System\NRTZrRI.exe
  C:\Windows\System\NRTZrRI.exe
  2⤵
  PID:8572
- C:\Windows\System\NixoWqU.exe
  C:\Windows\System\NixoWqU.exe
  2⤵
  PID:8600
- C:\Windows\System\jBMTtCU.exe
  C:\Windows\System\jBMTtCU.exe
  2⤵
  PID:8624
- C:\Windows\System\xYlCrlT.exe
  C:\Windows\System\xYlCrlT.exe
  2⤵
  PID:8640
- C:\Windows\System\irUhyJC.exe
  C:\Windows\System\irUhyJC.exe
  2⤵
  PID:8672
- C:\Windows\System\zFbcIDO.exe
  C:\Windows\System\zFbcIDO.exe
  2⤵
  PID:8692
- C:\Windows\System\upFJSjh.exe
  C:\Windows\System\upFJSjh.exe
  2⤵
  PID:8752
- C:\Windows\System\apsTmwb.exe
  C:\Windows\System\apsTmwb.exe
  2⤵
  PID:8776
- C:\Windows\System\aymlQtX.exe
  C:\Windows\System\aymlQtX.exe
  2⤵
  PID:8792
- C:\Windows\System\uugXlAx.exe
  C:\Windows\System\uugXlAx.exe
  2⤵
  PID:8812
- C:\Windows\System\tYLZaGI.exe
  C:\Windows\System\tYLZaGI.exe
  2⤵
  PID:8832
- C:\Windows\System\VVhnJRK.exe
  C:\Windows\System\VVhnJRK.exe
  2⤵
  PID:8852
- C:\Windows\System\AMrtAWP.exe
  C:\Windows\System\AMrtAWP.exe
  2⤵
  PID:8896
- C:\Windows\System\DAwpjjv.exe
  C:\Windows\System\DAwpjjv.exe
  2⤵
  PID:8948
- C:\Windows\System\BMNVqyI.exe
  C:\Windows\System\BMNVqyI.exe
  2⤵
  PID:8984
- C:\Windows\System\JALoGNi.exe
  C:\Windows\System\JALoGNi.exe
  2⤵
  PID:9008
- C:\Windows\System\eepzgPa.exe
  C:\Windows\System\eepzgPa.exe
  2⤵
  PID:9028
- C:\Windows\System\oCLtObF.exe
  C:\Windows\System\oCLtObF.exe
  2⤵
  PID:9052
- C:\Windows\System\BfnhUmy.exe
  C:\Windows\System\BfnhUmy.exe
  2⤵
  PID:9068
- C:\Windows\System\lLjlvnJ.exe
  C:\Windows\System\lLjlvnJ.exe
  2⤵
  PID:9092
- C:\Windows\System\vObrSCN.exe
  C:\Windows\System\vObrSCN.exe
  2⤵
  PID:9116
- C:\Windows\System\HFnncZp.exe
  C:\Windows\System\HFnncZp.exe
  2⤵
  PID:9136
- C:\Windows\System\hDqWfYj.exe
  C:\Windows\System\hDqWfYj.exe
  2⤵
  PID:9204
- C:\Windows\System\fwyhJIc.exe
  C:\Windows\System\fwyhJIc.exe
  2⤵
  PID:8200
- C:\Windows\System\sqWrAVa.exe
  C:\Windows\System\sqWrAVa.exe
  2⤵
  PID:8260
- C:\Windows\System\pjVcHSD.exe
  C:\Windows\System\pjVcHSD.exe
  2⤵
  PID:8276
- C:\Windows\System\oTRHIbn.exe
  C:\Windows\System\oTRHIbn.exe
  2⤵
  PID:8328
- C:\Windows\System\vrwuThe.exe
  C:\Windows\System\vrwuThe.exe
  2⤵
  PID:8376
- C:\Windows\System\KJUVYoy.exe
  C:\Windows\System\KJUVYoy.exe
  2⤵
  PID:8476
- C:\Windows\System\cVqHnBQ.exe
  C:\Windows\System\cVqHnBQ.exe
  2⤵
  PID:8540
- C:\Windows\System\lTpqgov.exe
  C:\Windows\System\lTpqgov.exe
  2⤵
  PID:8564
- C:\Windows\System\oZQJnmy.exe
  C:\Windows\System\oZQJnmy.exe
  2⤵
  PID:8612
- C:\Windows\System\ZEPRNsE.exe
  C:\Windows\System\ZEPRNsE.exe
  2⤵
  PID:8684
- C:\Windows\System\SmwiHPY.exe
  C:\Windows\System\SmwiHPY.exe
  2⤵
  PID:8728
- C:\Windows\System\DjFBlhC.exe
  C:\Windows\System\DjFBlhC.exe
  2⤵
  PID:8844
- C:\Windows\System\TdKSLot.exe
  C:\Windows\System\TdKSLot.exe
  2⤵
  PID:8892
- C:\Windows\System\cTgkwaZ.exe
  C:\Windows\System\cTgkwaZ.exe
  2⤵
  PID:9016
- C:\Windows\System\AfucqqA.exe
  C:\Windows\System\AfucqqA.exe
  2⤵
  PID:9060
- C:\Windows\System\pkNGsyO.exe
  C:\Windows\System\pkNGsyO.exe
  2⤵
  PID:9124
- C:\Windows\System\oRrMqQK.exe
  C:\Windows\System\oRrMqQK.exe
  2⤵
  PID:9084
- C:\Windows\System\oecUJlX.exe
  C:\Windows\System\oecUJlX.exe
  2⤵
  PID:7980
- C:\Windows\System\qbdHSag.exe
  C:\Windows\System\qbdHSag.exe
  2⤵
  PID:8508
- C:\Windows\System\OxPrZXs.exe
  C:\Windows\System\OxPrZXs.exe
  2⤵
  PID:8556
- C:\Windows\System\wfBTDVd.exe
  C:\Windows\System\wfBTDVd.exe
  2⤵
  PID:8664
- C:\Windows\System\XBLGwTL.exe
  C:\Windows\System\XBLGwTL.exe
  2⤵
  PID:8772
- C:\Windows\System\tKJppKX.exe
  C:\Windows\System\tKJppKX.exe
  2⤵
  PID:9036
- C:\Windows\System\LmYwCmy.exe
  C:\Windows\System\LmYwCmy.exe
  2⤵
  PID:8212
- C:\Windows\System\mIdIchx.exe
  C:\Windows\System\mIdIchx.exe
  2⤵
  PID:8688
- C:\Windows\System\uotojiG.exe
  C:\Windows\System\uotojiG.exe
  2⤵
  PID:8840
- C:\Windows\System\SEHHCUO.exe
  C:\Windows\System\SEHHCUO.exe
  2⤵
  PID:9108
- C:\Windows\System\FECaehL.exe
  C:\Windows\System\FECaehL.exe
  2⤵
  PID:9044
- C:\Windows\System\cTiazeS.exe
  C:\Windows\System\cTiazeS.exe
  2⤵
  PID:9224
- C:\Windows\System\EXNTSUv.exe
  C:\Windows\System\EXNTSUv.exe
  2⤵
  PID:9248
- C:\Windows\System\neAuXVt.exe
  C:\Windows\System\neAuXVt.exe
  2⤵
  PID:9268
- C:\Windows\System\sDzTbiB.exe
  C:\Windows\System\sDzTbiB.exe
  2⤵
  PID:9304
- C:\Windows\System\ibIOVGL.exe
  C:\Windows\System\ibIOVGL.exe
  2⤵
  PID:9344
- C:\Windows\System\cpuQVSX.exe
  C:\Windows\System\cpuQVSX.exe
  2⤵
  PID:9364
- C:\Windows\System\jdgZgrd.exe
  C:\Windows\System\jdgZgrd.exe
  2⤵
  PID:9576
- C:\Windows\System\KDkbLQU.exe
  C:\Windows\System\KDkbLQU.exe
  2⤵
  PID:9592
- C:\Windows\System\YXWnpcs.exe
  C:\Windows\System\YXWnpcs.exe
  2⤵
  PID:9608
- C:\Windows\System\uxrFaJq.exe
  C:\Windows\System\uxrFaJq.exe
  2⤵
  PID:9648
- C:\Windows\System\UNoMyGx.exe
  C:\Windows\System\UNoMyGx.exe
  2⤵
  PID:9672
- C:\Windows\System\EpBrBGm.exe
  C:\Windows\System\EpBrBGm.exe
  2⤵
  PID:9692
- C:\Windows\System\hmXCbMD.exe
  C:\Windows\System\hmXCbMD.exe
  2⤵
  PID:9712
- C:\Windows\System\VdQAygc.exe
  C:\Windows\System\VdQAygc.exe
  2⤵
  PID:9736
- C:\Windows\System\secvdHi.exe
  C:\Windows\System\secvdHi.exe
  2⤵
  PID:9752
- C:\Windows\System\vqCIxkt.exe
  C:\Windows\System\vqCIxkt.exe
  2⤵
  PID:9804
- C:\Windows\System\VyVdYMN.exe
  C:\Windows\System\VyVdYMN.exe
  2⤵
  PID:9824
- C:\Windows\System\RuJVIvb.exe
  C:\Windows\System\RuJVIvb.exe
  2⤵
  PID:9856
- C:\Windows\System\yCDyUec.exe
  C:\Windows\System\yCDyUec.exe
  2⤵
  PID:9884
- C:\Windows\System\UiOSTol.exe
  C:\Windows\System\UiOSTol.exe
  2⤵
  PID:9928
- C:\Windows\System\itiibIX.exe
  C:\Windows\System\itiibIX.exe
  2⤵
  PID:9944
- C:\Windows\System\HtQDvQo.exe
  C:\Windows\System\HtQDvQo.exe
  2⤵
  PID:9988
- C:\Windows\System\hayaGuV.exe
  C:\Windows\System\hayaGuV.exe
  2⤵
  PID:10008
- C:\Windows\System\tamhPLN.exe
  C:\Windows\System\tamhPLN.exe
  2⤵
  PID:10036
- C:\Windows\System\YtjsTPu.exe
  C:\Windows\System\YtjsTPu.exe
  2⤵
  PID:10052
- C:\Windows\System\cGmWmUy.exe
  C:\Windows\System\cGmWmUy.exe
  2⤵
  PID:10080
- C:\Windows\System\ihmeTIb.exe
  C:\Windows\System\ihmeTIb.exe
  2⤵
  PID:10108
- C:\Windows\System\FcvGoHZ.exe
  C:\Windows\System\FcvGoHZ.exe
  2⤵
  PID:10136
- C:\Windows\System\kigbcli.exe
  C:\Windows\System\kigbcli.exe
  2⤵
  PID:10176
- C:\Windows\System\mSIqPQo.exe
  C:\Windows\System\mSIqPQo.exe
  2⤵
  PID:10212
- C:\Windows\System\WszrMlb.exe
  C:\Windows\System\WszrMlb.exe
  2⤵
  PID:10232
- C:\Windows\System\DMRCbyf.exe
  C:\Windows\System\DMRCbyf.exe
  2⤵
  PID:8436
- C:\Windows\System\yOVpptq.exe
  C:\Windows\System\yOVpptq.exe
  2⤵
  PID:9256
- C:\Windows\System\vEruCla.exe
  C:\Windows\System\vEruCla.exe
  2⤵
  PID:9296
- C:\Windows\System\qDhepgZ.exe
  C:\Windows\System\qDhepgZ.exe
  2⤵
  PID:9332
- C:\Windows\System\Fqfqnho.exe
  C:\Windows\System\Fqfqnho.exe
  2⤵
  PID:9464
- C:\Windows\System\LmdbUFP.exe
  C:\Windows\System\LmdbUFP.exe
  2⤵
  PID:9472
- C:\Windows\System\vNuSIvJ.exe
  C:\Windows\System\vNuSIvJ.exe
  2⤵
  PID:9460
- C:\Windows\System\ikKJeUH.exe
  C:\Windows\System\ikKJeUH.exe
  2⤵
  PID:9496
- C:\Windows\System\VNeifdv.exe
  C:\Windows\System\VNeifdv.exe
  2⤵
  PID:9104
- C:\Windows\System\clCeEvL.exe
  C:\Windows\System\clCeEvL.exe
  2⤵
  PID:9540
- C:\Windows\System\RvnyRlu.exe
  C:\Windows\System\RvnyRlu.exe
  2⤵
  PID:9588
- C:\Windows\System\OLxQycF.exe
  C:\Windows\System\OLxQycF.exe
  2⤵
  PID:9688
- C:\Windows\System\TECRouN.exe
  C:\Windows\System\TECRouN.exe
  2⤵
  PID:9744
- C:\Windows\System\gSfImXV.exe
  C:\Windows\System\gSfImXV.exe
  2⤵
  PID:9768
- C:\Windows\System\PNtKvBG.exe
  C:\Windows\System\PNtKvBG.exe
  2⤵
  PID:9776
- C:\Windows\System\JZygzEt.exe
  C:\Windows\System\JZygzEt.exe
  2⤵
  PID:9852
- C:\Windows\System\SqdgYet.exe
  C:\Windows\System\SqdgYet.exe
  2⤵
  PID:9972
- C:\Windows\System\jqGRpOb.exe
  C:\Windows\System\jqGRpOb.exe
  2⤵
  PID:10088
- C:\Windows\System\kytEUof.exe
  C:\Windows\System\kytEUof.exe
  2⤵
  PID:10204
- C:\Windows\System\MznitqD.exe
  C:\Windows\System\MznitqD.exe
  2⤵
  PID:9264
- C:\Windows\System\OjMPGvC.exe
  C:\Windows\System\OjMPGvC.exe
  2⤵
  PID:9316
- C:\Windows\System\HLqKkEu.exe
  C:\Windows\System\HLqKkEu.exe
  2⤵
  PID:9508
- C:\Windows\System\OLtyhgb.exe
  C:\Windows\System\OLtyhgb.exe
  2⤵
  PID:9520
- C:\Windows\System\vwfoSiy.exe
  C:\Windows\System\vwfoSiy.exe
  2⤵
  PID:9748
- C:\Windows\System\GrlANVS.exe
  C:\Windows\System\GrlANVS.exe
  2⤵
  PID:9792
- C:\Windows\System\lYwSZVb.exe
  C:\Windows\System\lYwSZVb.exe
  2⤵
  PID:10004
- C:\Windows\System\PZEKqQB.exe
  C:\Windows\System\PZEKqQB.exe
  2⤵
  PID:10168
- C:\Windows\System\YVhFxia.exe
  C:\Windows\System\YVhFxia.exe
  2⤵
  PID:9500
- C:\Windows\System\ZnDjvVJ.exe
  C:\Windows\System\ZnDjvVJ.exe
  2⤵
  PID:9840
- C:\Windows\System\eqBIIyx.exe
  C:\Windows\System\eqBIIyx.exe
  2⤵
  PID:10220
- C:\Windows\System\EMVRNBy.exe
  C:\Windows\System\EMVRNBy.exe
  2⤵
  PID:9664
- C:\Windows\System\YyiMapM.exe
  C:\Windows\System\YyiMapM.exe
  2⤵
  PID:9984
- C:\Windows\System\jfqaVUy.exe
  C:\Windows\System\jfqaVUy.exe
  2⤵
  PID:10264
- C:\Windows\System\lpMZuQb.exe
  C:\Windows\System\lpMZuQb.exe
  2⤵
  PID:10292
- C:\Windows\System\pZFKZIR.exe
  C:\Windows\System\pZFKZIR.exe
  2⤵
  PID:10308
- C:\Windows\System\vzCiKNB.exe
  C:\Windows\System\vzCiKNB.exe
  2⤵
  PID:10332
- C:\Windows\System\EJPTBYu.exe
  C:\Windows\System\EJPTBYu.exe
  2⤵
  PID:10364
- C:\Windows\System\yElmYuK.exe
  C:\Windows\System\yElmYuK.exe
  2⤵
  PID:10388
- C:\Windows\System\zjFiHQX.exe
  C:\Windows\System\zjFiHQX.exe
  2⤵
  PID:10412
- C:\Windows\System\uUWPjLX.exe
  C:\Windows\System\uUWPjLX.exe
  2⤵
  PID:10432
- C:\Windows\System\sICTELF.exe
  C:\Windows\System\sICTELF.exe
  2⤵
  PID:10452
- C:\Windows\System\rCVXisS.exe
  C:\Windows\System\rCVXisS.exe
  2⤵
  PID:10476
- C:\Windows\System\IFEVLlE.exe
  C:\Windows\System\IFEVLlE.exe
  2⤵
  PID:10536
- C:\Windows\System\ykBAJIY.exe
  C:\Windows\System\ykBAJIY.exe
  2⤵
  PID:10600
- C:\Windows\System\sgPHZRO.exe
  C:\Windows\System\sgPHZRO.exe
  2⤵
  PID:10616
- C:\Windows\System\WHnxdWj.exe
  C:\Windows\System\WHnxdWj.exe
  2⤵
  PID:10640
- C:\Windows\System\NTjrjPU.exe
  C:\Windows\System\NTjrjPU.exe
  2⤵
  PID:10664
- C:\Windows\System\LMxheHT.exe
  C:\Windows\System\LMxheHT.exe
  2⤵
  PID:10704
- C:\Windows\System\VIEFwgW.exe
  C:\Windows\System\VIEFwgW.exe
  2⤵
  PID:10724
- C:\Windows\System\hmfErPr.exe
  C:\Windows\System\hmfErPr.exe
  2⤵
  PID:10748
- C:\Windows\System\XJSqiex.exe
  C:\Windows\System\XJSqiex.exe
  2⤵
  PID:10768
- C:\Windows\System\LPUdOLU.exe
  C:\Windows\System\LPUdOLU.exe
  2⤵
  PID:10812
- C:\Windows\System\REYjmQp.exe
  C:\Windows\System\REYjmQp.exe
  2⤵
  PID:10844
- C:\Windows\System\leTrlrG.exe
  C:\Windows\System\leTrlrG.exe
  2⤵
  PID:10864
- C:\Windows\System\GCrZELw.exe
  C:\Windows\System\GCrZELw.exe
  2⤵
  PID:10892
- C:\Windows\System\cVNApcV.exe
  C:\Windows\System\cVNApcV.exe
  2⤵
  PID:10924
- C:\Windows\System\KBUDplb.exe
  C:\Windows\System\KBUDplb.exe
  2⤵
  PID:10952
- C:\Windows\System\HrLFkdr.exe
  C:\Windows\System\HrLFkdr.exe
  2⤵
  PID:10980
- C:\Windows\System\TYRlsgb.exe
  C:\Windows\System\TYRlsgb.exe
  2⤵
  PID:11004
- C:\Windows\System\pfZswnJ.exe
  C:\Windows\System\pfZswnJ.exe
  2⤵
  PID:11024
- C:\Windows\System\hajqVli.exe
  C:\Windows\System\hajqVli.exe
  2⤵
  PID:11072
- C:\Windows\System\YAIzeXf.exe
  C:\Windows\System\YAIzeXf.exe
  2⤵
  PID:11092
- C:\Windows\System\fjEsBtS.exe
  C:\Windows\System\fjEsBtS.exe
  2⤵
  PID:11112
- C:\Windows\System\tVIXhOd.exe
  C:\Windows\System\tVIXhOd.exe
  2⤵
  PID:11136
- C:\Windows\System\kZLICIt.exe
  C:\Windows\System\kZLICIt.exe
  2⤵
  PID:11160
- C:\Windows\System\fGGcCbP.exe
  C:\Windows\System\fGGcCbP.exe
  2⤵
  PID:11212
- C:\Windows\System\aWjPPSw.exe
  C:\Windows\System\aWjPPSw.exe
  2⤵
  PID:11244
- C:\Windows\System\bIaTmIO.exe
  C:\Windows\System\bIaTmIO.exe
  2⤵
  PID:10188
- C:\Windows\System\KTiyCDY.exe
  C:\Windows\System\KTiyCDY.exe
  2⤵
  PID:10316
- C:\Windows\System\TchJHts.exe
  C:\Windows\System\TchJHts.exe
  2⤵
  PID:10376
- C:\Windows\System\uqAwHxI.exe
  C:\Windows\System\uqAwHxI.exe
  2⤵
  PID:10372
- C:\Windows\System\osRCRym.exe
  C:\Windows\System\osRCRym.exe
  2⤵
  PID:10472
- C:\Windows\System\sqfvDBd.exe
  C:\Windows\System\sqfvDBd.exe
  2⤵
  PID:10572
- C:\Windows\System\BFJIjRD.exe
  C:\Windows\System\BFJIjRD.exe
  2⤵
  PID:10596
- C:\Windows\System\XNWxKQU.exe
  C:\Windows\System\XNWxKQU.exe
  2⤵
  PID:10672
- C:\Windows\System\vgjySev.exe
  C:\Windows\System\vgjySev.exe
  2⤵
  PID:10780
- C:\Windows\System\ugWHorq.exe
  C:\Windows\System\ugWHorq.exe
  2⤵
  PID:10804
- C:\Windows\System\GoKDnbO.exe
  C:\Windows\System\GoKDnbO.exe
  2⤵
  PID:10840
- C:\Windows\System\CktznaL.exe
  C:\Windows\System\CktznaL.exe
  2⤵
  PID:10880
- C:\Windows\System\ZiiVSAi.exe
  C:\Windows\System\ZiiVSAi.exe
  2⤵
  PID:10972
- C:\Windows\System\QWVkRRd.exe
  C:\Windows\System\QWVkRRd.exe
  2⤵
  PID:11048
- C:\Windows\System\jyePmdF.exe
  C:\Windows\System\jyePmdF.exe
  2⤵
  PID:11080
- C:\Windows\System\ftVWJRi.exe
  C:\Windows\System\ftVWJRi.exe
  2⤵
  PID:11224
- C:\Windows\System\PcvmQkz.exe
  C:\Windows\System\PcvmQkz.exe
  2⤵
  PID:11236
- C:\Windows\System\UxVfbcp.exe
  C:\Windows\System\UxVfbcp.exe
  2⤵
  PID:10304
- C:\Windows\System\NOyBKKn.exe
  C:\Windows\System\NOyBKKn.exe
  2⤵
  PID:10340
- C:\Windows\System\dbnXMfb.exe
  C:\Windows\System\dbnXMfb.exe
  2⤵
  PID:10556
- C:\Windows\System\dYwQYDc.exe
  C:\Windows\System\dYwQYDc.exe
  2⤵
  PID:10744
- C:\Windows\System\pCruZUx.exe
  C:\Windows\System\pCruZUx.exe
  2⤵
  PID:10828
- C:\Windows\System\DXxldhR.exe
  C:\Windows\System\DXxldhR.exe
  2⤵
  PID:10992
- C:\Windows\System\pulTtzd.exe
  C:\Windows\System\pulTtzd.exe
  2⤵
  PID:11124
- C:\Windows\System\tZhxyou.exe
  C:\Windows\System\tZhxyou.exe
  2⤵
  PID:10248
- C:\Windows\System\guwRDlo.exe
  C:\Windows\System\guwRDlo.exe
  2⤵
  PID:10500
- C:\Windows\System\kspIhEL.exe
  C:\Windows\System\kspIhEL.exe
  2⤵
  PID:10920
- C:\Windows\System\HLaZToJ.exe
  C:\Windows\System\HLaZToJ.exe
  2⤵
  PID:11032
- C:\Windows\System\jdqwULC.exe
  C:\Windows\System\jdqwULC.exe
  2⤵
  PID:11284
- C:\Windows\System\XOaicmP.exe
  C:\Windows\System\XOaicmP.exe
  2⤵
  PID:11308
- C:\Windows\System\zRngMGj.exe
  C:\Windows\System\zRngMGj.exe
  2⤵
  PID:11328
- C:\Windows\System\efMHgDr.exe
  C:\Windows\System\efMHgDr.exe
  2⤵
  PID:11360
- C:\Windows\System\ZhrzVaX.exe
  C:\Windows\System\ZhrzVaX.exe
  2⤵
  PID:11384
- C:\Windows\System\qZAKaaC.exe
  C:\Windows\System\qZAKaaC.exe
  2⤵
  PID:11400
- C:\Windows\System\dIrroQN.exe
  C:\Windows\System\dIrroQN.exe
  2⤵
  PID:11428
- C:\Windows\System\DHeEvuu.exe
  C:\Windows\System\DHeEvuu.exe
  2⤵
  PID:11448
- C:\Windows\System\exyFwMl.exe
  C:\Windows\System\exyFwMl.exe
  2⤵
  PID:11472
- C:\Windows\System\Baedqgr.exe
  C:\Windows\System\Baedqgr.exe
  2⤵
  PID:11496
- C:\Windows\System\PKpboIg.exe
  C:\Windows\System\PKpboIg.exe
  2⤵
  PID:11512
- C:\Windows\System\Futupyl.exe
  C:\Windows\System\Futupyl.exe
  2⤵
  PID:11536
- C:\Windows\System\qgcMdNh.exe
  C:\Windows\System\qgcMdNh.exe
  2⤵
  PID:11600
- C:\Windows\System\dErjYRc.exe
  C:\Windows\System\dErjYRc.exe
  2⤵
  PID:11628
- C:\Windows\System\tkRBQuV.exe
  C:\Windows\System\tkRBQuV.exe
  2⤵
  PID:11648
- C:\Windows\System\ObfRDyX.exe
  C:\Windows\System\ObfRDyX.exe
  2⤵
  PID:11672
- C:\Windows\System\bAYZKIT.exe
  C:\Windows\System\bAYZKIT.exe
  2⤵
  PID:11692
- C:\Windows\System\mVSMRiu.exe
  C:\Windows\System\mVSMRiu.exe
  2⤵
  PID:11732
- C:\Windows\System\NorRpGh.exe
  C:\Windows\System\NorRpGh.exe
  2⤵
  PID:11760
- C:\Windows\System\LoLIBsa.exe
  C:\Windows\System\LoLIBsa.exe
  2⤵
  PID:11788
- C:\Windows\System\fPUNXqp.exe
  C:\Windows\System\fPUNXqp.exe
  2⤵
  PID:11844
- C:\Windows\System\gFAnhpE.exe
  C:\Windows\System\gFAnhpE.exe
  2⤵
  PID:11864
- C:\Windows\System\OKloTkS.exe
  C:\Windows\System\OKloTkS.exe
  2⤵
  PID:11880
- C:\Windows\System\UckFUaM.exe
  C:\Windows\System\UckFUaM.exe
  2⤵
  PID:11908
- C:\Windows\System\MZqKryk.exe
  C:\Windows\System\MZqKryk.exe
  2⤵
  PID:11940
- C:\Windows\System\CbWZfWT.exe
  C:\Windows\System\CbWZfWT.exe
  2⤵
  PID:11968
- C:\Windows\System\XrthwkO.exe
  C:\Windows\System\XrthwkO.exe
  2⤵
  PID:12004
- C:\Windows\System\RWcITTy.exe
  C:\Windows\System\RWcITTy.exe
  2⤵
  PID:12032
- C:\Windows\System\CoKrVwA.exe
  C:\Windows\System\CoKrVwA.exe
  2⤵
  PID:12056
- C:\Windows\System\WytOAev.exe
  C:\Windows\System\WytOAev.exe
  2⤵
  PID:12076
- C:\Windows\System\kaUAlqC.exe
  C:\Windows\System\kaUAlqC.exe
  2⤵
  PID:12100
- C:\Windows\System\UnCGabr.exe
  C:\Windows\System\UnCGabr.exe
  2⤵
  PID:12120
- C:\Windows\System\kPvHtwn.exe
  C:\Windows\System\kPvHtwn.exe
  2⤵
  PID:12140
- C:\Windows\System\zDUUtlp.exe
  C:\Windows\System\zDUUtlp.exe
  2⤵
  PID:12184
- C:\Windows\System\tFAWaBD.exe
  C:\Windows\System\tFAWaBD.exe
  2⤵
  PID:12204
- C:\Windows\System\QwqswCP.exe
  C:\Windows\System\QwqswCP.exe
  2⤵
  PID:12264
- C:\Windows\System\OmHgkjM.exe
  C:\Windows\System\OmHgkjM.exe
  2⤵
  PID:12280
- C:\Windows\System\vamUchI.exe
  C:\Windows\System\vamUchI.exe
  2⤵
  PID:11280
- C:\Windows\System\NXwZKiq.exe
  C:\Windows\System\NXwZKiq.exe
  2⤵
  PID:11412
- C:\Windows\System\uuTFZIT.exe
  C:\Windows\System\uuTFZIT.exe
  2⤵
  PID:11464
- C:\Windows\System\yaRtZEK.exe
  C:\Windows\System\yaRtZEK.exe
  2⤵
  PID:11504
- C:\Windows\System\GMMVLjU.exe
  C:\Windows\System\GMMVLjU.exe
  2⤵
  PID:11576
- C:\Windows\System\jKupRUu.exe
  C:\Windows\System\jKupRUu.exe
  2⤵
  PID:11616
- C:\Windows\System\fDVxRdT.exe
  C:\Windows\System\fDVxRdT.exe
  2⤵
  PID:11640
- C:\Windows\System\fWBqKZy.exe
  C:\Windows\System\fWBqKZy.exe
  2⤵
  PID:11684
- C:\Windows\System\JhOMOhW.exe
  C:\Windows\System\JhOMOhW.exe
  2⤵
  PID:11712
- C:\Windows\System\zhFEYYo.exe
  C:\Windows\System\zhFEYYo.exe
  2⤵
  PID:11836
- C:\Windows\System\ZhWSfgE.exe
  C:\Windows\System\ZhWSfgE.exe
  2⤵
  PID:11980
- C:\Windows\System\qJDqjZj.exe
  C:\Windows\System\qJDqjZj.exe
  2⤵
  PID:11992
- C:\Windows\System\AxsulOE.exe
  C:\Windows\System\AxsulOE.exe
  2⤵
  PID:12092
- C:\Windows\System\ATlEpQe.exe
  C:\Windows\System\ATlEpQe.exe
  2⤵
  PID:12132
- C:\Windows\System\Asuwvoj.exe
  C:\Windows\System\Asuwvoj.exe
  2⤵
  PID:12172
- C:\Windows\System\ExfXcwm.exe
  C:\Windows\System\ExfXcwm.exe
  2⤵
  PID:12236
- C:\Windows\System\ncEmHZs.exe
  C:\Windows\System\ncEmHZs.exe
  2⤵
  PID:10116
- C:\Windows\System\eMsoZNa.exe
  C:\Windows\System\eMsoZNa.exe
  2⤵
  PID:11420
- C:\Windows\System\ANDDqKD.exe
  C:\Windows\System\ANDDqKD.exe
  2⤵
  PID:11936
- C:\Windows\System\LJZzeLB.exe
  C:\Windows\System\LJZzeLB.exe
  2⤵
  PID:11852
- C:\Windows\System\vFkNZOG.exe
  C:\Windows\System\vFkNZOG.exe
  2⤵
  PID:11900
- C:\Windows\System\tAXeUtz.exe
  C:\Windows\System\tAXeUtz.exe
  2⤵
  PID:12052
- C:\Windows\System\qqmpIcW.exe
  C:\Windows\System\qqmpIcW.exe
  2⤵
  PID:2348
- C:\Windows\System\CYxPcEc.exe
  C:\Windows\System\CYxPcEc.exe
  2⤵
  PID:12064
- C:\Windows\System\oHySxxH.exe
  C:\Windows\System\oHySxxH.exe
  2⤵
  PID:12252
- C:\Windows\System\cedCyZT.exe
  C:\Windows\System\cedCyZT.exe
  2⤵
  PID:5944
- C:\Windows\System\PgZknYQ.exe
  C:\Windows\System\PgZknYQ.exe
  2⤵
  PID:228
- C:\Windows\System\zvrrlFT.exe
  C:\Windows\System\zvrrlFT.exe
  2⤵
  PID:12156
- C:\Windows\System\ueZYUuq.exe
  C:\Windows\System\ueZYUuq.exe
  2⤵
  PID:11340
- C:\Windows\System\drQuxEv.exe
  C:\Windows\System\drQuxEv.exe
  2⤵
  PID:12304
- C:\Windows\System\FRwxQXY.exe
  C:\Windows\System\FRwxQXY.exe
  2⤵
  PID:12356
- C:\Windows\System\GbgRmae.exe
  C:\Windows\System\GbgRmae.exe
  2⤵
  PID:12380
- C:\Windows\System\HvXQFsS.exe
  C:\Windows\System\HvXQFsS.exe
  2⤵
  PID:12400
- C:\Windows\System\uZXtAJD.exe
  C:\Windows\System\uZXtAJD.exe
  2⤵
  PID:12440
- C:\Windows\System\DqUJuJU.exe
  C:\Windows\System\DqUJuJU.exe
  2⤵
  PID:12456
- C:\Windows\System\TUfygsO.exe
  C:\Windows\System\TUfygsO.exe
  2⤵
  PID:12476
- C:\Windows\System\QMvrxTL.exe
  C:\Windows\System\QMvrxTL.exe
  2⤵
  PID:12500
- C:\Windows\System\LpDqygq.exe
  C:\Windows\System\LpDqygq.exe
  2⤵
  PID:12524
- C:\Windows\System\pGtJcqL.exe
  C:\Windows\System\pGtJcqL.exe
  2⤵
  PID:12560
- C:\Windows\System\lnwuKzr.exe
  C:\Windows\System\lnwuKzr.exe
  2⤵
  PID:12584
- C:\Windows\System\TvYWNoz.exe
  C:\Windows\System\TvYWNoz.exe
  2⤵
  PID:12632
- C:\Windows\System\omUybMA.exe
  C:\Windows\System\omUybMA.exe
  2⤵
  PID:12656
- C:\Windows\System\AmGSWSK.exe
  C:\Windows\System\AmGSWSK.exe
  2⤵
  PID:12680
- C:\Windows\System\sKEBJYk.exe
  C:\Windows\System\sKEBJYk.exe
  2⤵
  PID:12724
- C:\Windows\System\pyHZSSH.exe
  C:\Windows\System\pyHZSSH.exe
  2⤵
  PID:12760
- C:\Windows\System\TJQqRxe.exe
  C:\Windows\System\TJQqRxe.exe
  2⤵
  PID:12784
- C:\Windows\System\abTHtgL.exe
  C:\Windows\System\abTHtgL.exe
  2⤵
  PID:12800
- C:\Windows\System\qkMTmzE.exe
  C:\Windows\System\qkMTmzE.exe
  2⤵
  PID:12832
- C:\Windows\System\iPtJJGq.exe
  C:\Windows\System\iPtJJGq.exe
  2⤵
  PID:12852
- C:\Windows\System\SfxSHLQ.exe
  C:\Windows\System\SfxSHLQ.exe
  2⤵
  PID:12880
- C:\Windows\System\QVzdblQ.exe
  C:\Windows\System\QVzdblQ.exe
  2⤵
  PID:12908
- C:\Windows\System\pYpPoxD.exe
  C:\Windows\System\pYpPoxD.exe
  2⤵
  PID:12964
- C:\Windows\System\pmDVewh.exe
  C:\Windows\System\pmDVewh.exe
  2⤵
  PID:12984
- C:\Windows\System\IqgEeii.exe
  C:\Windows\System\IqgEeii.exe
  2⤵
  PID:13020
- C:\Windows\System\yhSpnPa.exe
  C:\Windows\System\yhSpnPa.exe
  2⤵
  PID:13044
- C:\Windows\System\hmwcDfN.exe
  C:\Windows\System\hmwcDfN.exe
  2⤵
  PID:13064
- C:\Windows\System\MkggSYH.exe
  C:\Windows\System\MkggSYH.exe
  2⤵
  PID:13084

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bspqyoxn.yh0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AsQagnm.exe

Filesize
1.8MB

MD5
c48b72769d54abf71f046c3f0a1c1d00

SHA1
63140c953502a53dc3f7d0c7921b19288189a7ab

SHA256
3c6d635bd328d795de0a7f099654a639bd64b070fa27311b57c798ee532bd165

SHA512
451cddc79a3bf223235236e1b93a70708442a158ab581001aa78d3c9eea20c3e23be8ba11c56e39c9caa28725a8c1ed09fa2b0192849dda91d76bde65334f635

Download Submit
C:\Windows\System\BpRDndK.exe

Filesize
1.8MB

MD5
606c2d79b469e2cbb3d08dab6a7f1a62

SHA1
5e470e53e1563d482a0724c169b2019df591dc91

SHA256
cc10171389a51af44df0f2036d1ea74df420be4a41eca2dceed5cddfd29f24a0

SHA512
131146df34c13b6f20577c8758b4736af81bd7116f02517ecb80fff7225882fb52d6ba679ac6820cc00c8afd711cc0959dbe64ec5846fe660507880de39c7ff6

Download Submit
C:\Windows\System\CapJScW.exe

Filesize
1.8MB

MD5
dd8d0315ad04f873e656e4512649f381

SHA1
52451d4da33f726009a96ef92d33e49fab4bec0e

SHA256
60887eda609f365a48faed1aa8092addbcbe1deb499860238df83acc2eb40306

SHA512
665c43bbc8612fde55ec3bb315e2167612a06076d976c50a539e86b971fcf3178f48456ab243369827b2efa944a17c91177ae70b8c4ef356a53d30a2184078a8

Download Submit
C:\Windows\System\CflngZk.exe

Filesize
1.8MB

MD5
a8c724e10f319a61b236648af97a2e61

SHA1
633ddcfb09feea6544cb0676fdaaa913c02f2070

SHA256
b81567e79652ddb1d4a2c4e096bf94beda83be8b92ffa5baca8f5ce45c019d64

SHA512
41bd1bf10186d7a2100533d766c5bf6e123b9b9eb576728fcccefdfb5c5bd616a1c2e071c92790e4b1590886eddda48001a76b34d2bb3f29a937bd475963f79a

Download Submit
C:\Windows\System\GsqeQeo.exe

Filesize
1.8MB

MD5
9bd83b17b72eef3a22201365c7d7ac53

SHA1
5d3e0ee078cdfd26ccebecbc0d89e13783a773ae

SHA256
a262d61e174fb7cf6631e0530631a404b90efa736a6c243c073fa4d0bf261191

SHA512
2d8d66385847e7d63363cbee287c6305dca476d7de31e500ef33e0a41ee0ed5f52b7be92d50ce2543797d2feba270b0568eea345be8ad037751fd9c35ffc2b79

Download Submit
C:\Windows\System\IIymQXr.exe

Filesize
1.8MB

MD5
15335811b01b9c9a2db23043c276232f

SHA1
ecb1d0fb9feb85417de9c8e1aba28d92888b312b

SHA256
5ab2c6984aed21fd4f788264387d6a88fc2246a0f86c7fde6cf9b47a2d973981

SHA512
a64c5e13f7608e0fa34a9b557d2a8469b3eef025b20b49d60703826263da8fbcdc575e8ab6ba47570768481e9021ecd775a1f66bd95dc23f3d1a53979971eb60

Download Submit
C:\Windows\System\KaRUSXc.exe

Filesize
1.8MB

MD5
9d4c85d7d3acad79a65311ba25d6584d

SHA1
c07cf55859d9080ffa273c9d0a50c6234315644d

SHA256
c68ba1058ade17fbd17a835b3ba37a47885ce2f0c218bb99990a70f819d66d9d

SHA512
971fb668368a1b7f846e05b716b54f2b1649fb8967e5e7c2b5234d63628988eece572cc0fcbef11a36c174421c00761a5074e42c9154fa6f58040c2fbf35f753

Download Submit
C:\Windows\System\LTnhSlW.exe

Filesize
1.8MB

MD5
bdd5a1d4173d9aa79c25d9253dbe85ed

SHA1
0c380fee04317235718bf1d98e99fc6d1a4594c4

SHA256
0695e1042c6085dc420e91926ec159ed48cb7e0de8e63e5e973b176ac65f64b4

SHA512
015f0239e0ebf9266df16b51930d38d500b2c5ff3222536060a7e4c30ab6539f9e8dc1b3e1b122bf80af9988f368576c50aaab1853325dcf655cd8c344ef7fcd

Download Submit
C:\Windows\System\MXnYWFk.exe

Filesize
1.8MB

MD5
0ee0d2844ee0fc38e882aa9d31da4c2f

SHA1
4169af6ea148c1785290590f3e4de9c9e628d601

SHA256
e11dda09ca38f573c3725029472ee9b0a0fe9a94859bb8d13946ffe455317196

SHA512
1345ce4f718c9cfa6b21b253f1e2acd539e866f35a6d88052f58f0b227cf2d3325dee3bec33f9e143ac5ad7b89d8cd389df54229df7c70ef5a68048db6b62a4b

Download Submit
C:\Windows\System\PPWlGUh.exe

Filesize
1.8MB

MD5
0fb6fe1cab7f49fa27dacd09fa994ced

SHA1
7a2d3ff10c2cfee0f01889d32d0196d42802fe0f

SHA256
2541fd8e67839658336dc58f4afcee21ee0ce0898362ba1c4e6c7a9bcdfd7d4a

SHA512
9cb480578a1d88ef017f5732c0af93db139ce570100c75273631568d354dbd3552b4417a271e71753448a6052e530776a45c76fa937dc001511b6d9726d1ddb5

Download Submit
C:\Windows\System\PvMTIdv.exe

Filesize
1.8MB

MD5
fd7412fff9ca973a7320b7614186f39d

SHA1
e7fac80aa1032c8e2e78a4d532652fd023d6e373

SHA256
b40cbdfc093d74c3ef4529aa36f37f12abe66fc19286264f6612bbd4c640ef49

SHA512
0944ef4b72591500446cd627656ef6f21ff57b53fdee5ea35f7b6a681b1140ed6eb31e4615486c3d24ec51af39b4c234a70200f030e8039509b45037aae5c71f

Download Submit
C:\Windows\System\SAcikLd.exe

Filesize
1.8MB

MD5
da7fecc15ef751f9a17662754b1591c8

SHA1
817b729ed8eba8689aeec3e0ef257c4272cb4a32

SHA256
2b293d922a796f8ea93fdafcb609aa45e68e4aa99d050993bd15136f87f22135

SHA512
62b5cabdc124ea61d2786db9453e762fbb9774bde865660d793d4d38eb0c15368a28241a9ce1b79ce8835ec81b72f2d85f9c5da096daf4c5df1dfe18dbe34b38

Download Submit
C:\Windows\System\WjvpPSs.exe

Filesize
1.8MB

MD5
640103f4c46f49e9d82ff6940ce75c15

SHA1
ddea62b3b83d04829c7da19f2369f9b6920954b5

SHA256
10be64f55abac1ee526fb5a8d7f30b575e7158b71a43afbc58a931e60cb42395

SHA512
d59fd219f94328b3f63d7a9c9a8881f45672572c5518c4e9b07ee89dcc1aba32b9a2f9a95dbad3a8a31025467e32bbbfb8a395865a17ec53f47f5a97588ef764

Download Submit
C:\Windows\System\XHVAeFQ.exe

Filesize
1.8MB

MD5
08132961fb1f0b7094f26a0c76753bec

SHA1
74bdf5eff9bdeee4226e8a7bcffedd2b2a4c06f5

SHA256
71f178f63b55b7985bc47fea1483f26c604a94145b3a6bbf9ae47ee3e03ce9e9

SHA512
a19ff33551e23c08620fd2ced0a863b49da979bb6a2de38d8a06df7e4ef68b11fac681a3581b3579eaadf97f83d278585ded13052f18ffa00cf309dfa43df4a7

Download Submit
C:\Windows\System\XrJRvvs.exe

Filesize
1.8MB

MD5
98470bc2ac4c81415e8b41ebb4ed998c

SHA1
8f28345c42519a4aea4f6f08e3bdb1809eabedc8

SHA256
31ab95c28263a201ef46df4e1e2242622d0a3515fa68bca8a726a8e275b4d62e

SHA512
d3f329e8a0be8b5b1b63f251e217b8a76f0c71f04fc703163a6f518674f1b99dafe3ac4e88df5cb69b26c369b20778f6e58b21559d7fcd248258997df12561e1

Download Submit
C:\Windows\System\YKMDxuj.exe

Filesize
1.8MB

MD5
ef18ecf3a4a5354f17ddae92ca7467d0

SHA1
a43af8b9776cbdf337eb86fe001062a5acc5fa51

SHA256
0b1dcc9be262ad517bd357bf78e6d520513ff6646bdacc5469293aa4044a5e16

SHA512
9502465c79ec9bf8647157cd50f5f1b09699a86d8949b55e6e00de20bc5189e4ab66403654368abcfc591b465a9d957a89408925634a72caa72fd5b49e135748

Download Submit
C:\Windows\System\cFjBXXG.exe

Filesize
1.8MB

MD5
5db3337e916eded6493cc7c5686e1693

SHA1
a23d20c9be15f5d0c614fcfba46b12bd369a9721

SHA256
76aa2bcc22a659d12bc5e4d354175b6b7a249743dc43f3fecd236441624e1454

SHA512
824401b0e41614fb35808b730f4f47362b7ea77dd73e0edf2bf4f51a76be63ce4d6b06ddcdfe6c8a2b5e8a93fa55d831e87ece7b51fc7e171b4d33ec22ef6b83

Download Submit
C:\Windows\System\cGNCCDu.exe

Filesize
1.8MB

MD5
0255d4997b111784d7f53f5a9363b47a

SHA1
a59fd1d6991280b6a6450e9e32c763ae4a96179e

SHA256
f15cfaa6ad13cbf9a9bf6ee172ef8dc7c2815c661629718832148722d686d21c

SHA512
a92eb059fcf485c4e50c2b2e4a493cf69e02a208138cbf00cf568901d068c0e6bbbfae37a01a7656f965d80db023dfbf3556d99a6135b3689d663c08640e1fc4

Download Submit
C:\Windows\System\ghOKYgv.exe

Filesize
1.8MB

MD5
8e2fa9084690d506630929e005f01349

SHA1
43517aa1d5f5c0cff5c04a4d454dfaed31f326af

SHA256
eb6561ea35661b03c9deee77bd62c62b00c414c3810dc509f2c064ddd3d172ba

SHA512
e2814c73b4d82965406128074c406206911ae4d8724dfbb68f7ebc6bb2112cbb0729f303fb0b3250c3a6f5aab8ed3a4f0259216b748c224876a4de69375a8ced

Download Submit
C:\Windows\System\glJEtHO.exe

Filesize
1.8MB

MD5
292bd3f9423a789f6bec471cd28f3d69

SHA1
aefd5a6e7c93d0c952fb05ea0f9ac5950f659027

SHA256
960da4c8fe143815cabb24e31d088642d0f21aeefaee9934d6e3ec4b346d7f23

SHA512
0d8f48f9068c7a460972095cbeabe3020c4a649612a24dcab6735b4eaa35d93bbf725bb89de4cbff58bced0ca80fe3d97979f3313e4aeb8e0b89d25f88c20cdd

Download Submit
C:\Windows\System\jZtyuAC.exe

Filesize
1.8MB

MD5
d589b98f647af571752032fe339b2ab1

SHA1
03cf59bbf001a14382f5f0557577da1dab3dedcc

SHA256
a5983809db7b8aa9db1957121680e9f61287045cf0dab90a8539f1c4e4ec557f

SHA512
7a08145a6a2ac01cef530e3047f708183fb579523e1e66f8ed1e8f2de079e7a96bd3fb517cee170db78fe7bfb32dcad0c17d4e0e29e4450cb64189afd3179410

Download Submit
C:\Windows\System\kFdjTGn.exe

Filesize
1.8MB

MD5
6f320251f5a8b366659796dd6441fcc4

SHA1
8c53f4d3cb5428adc070dd44613c5b15d39f5dcd

SHA256
fc42ac173ae7bec2a74e65d9bec611a4487a90efd689f35e1f3e6b15c41640ef

SHA512
4548cdd0a1fe9a5c1d5d6f72a304b29b9dcdb7581b12eea1f8842135c48b6d79f4f78549f0229d3a5fb991f534a6c97e2c5dae5a5738b2d2188c43fdabbc8dc9

Download Submit
C:\Windows\System\pOOpCvE.exe

Filesize
1.8MB

MD5
06ba6983459807c17cf2cbe50bda8675

SHA1
db711143df93ab15df81724ae89ade3b9a26a2bf

SHA256
13bdcb175aab4cc64157fdc822b661f9d3b0e92d43c423e024af20044709a902

SHA512
120a0655b24dafc53c3ab8aa5c119f26f55c23f2fdb2141e74d597ed5938bc72e2cb18fea73154498d8148916cefaf072fa9d3ae06eb3bb9cfa87775e6172e99

Download Submit
C:\Windows\System\pjxtleV.exe

Filesize
1.8MB

MD5
f311cc7b568a78431b56e8fa143b162c

SHA1
27e5415d9c58d709bd69adbc1c63f228b9eddf65

SHA256
41b666daf3a9b1d0bd0791301001a81f9e0a962de6d09a2060033d8bdc85f0be

SHA512
cbe46623640e0bd5b5c8df3fbb231cfe871ef89cd6f12e1c32a4aef06cbb5cad846bc69fe680fbb68fc995c226066d1022ca94b183c5a1238445f8b6693abb8f

Download Submit
C:\Windows\System\qejaNZx.exe

Filesize
1.8MB

MD5
1a6379cfd48973b4b6505c0029473245

SHA1
60461b6898ea539ebf701e822e68e15eda6f9b64

SHA256
9011a8ec4f25ad3c00284f46bb28cf7c9dfffc8585bec9a3eabad8bf74cb9549

SHA512
b12caf287c33eb93eb4492848ecff0424a6a001aaca962b971ce86d096fdea51cde64d4c08546cce28334fb3580ba7e6f679b9a16c5f1535740c7726d3372552

Download Submit
C:\Windows\System\sDZLyGS.exe

Filesize
1.8MB

MD5
07cb629b482f6bb79f22774c59caa316

SHA1
4d7c34dad420d5283a31174240ef4cecc21645a0

SHA256
b6f3c5ac8bd3358625d143f5cbbc84a70859f4758bc1a7d214d14b11b0cf0df8

SHA512
3d9883dcc65b760b7c3866f6051046c7ca1024a709aef83c3319b36e9418c3382c3c5e1e0a10b7253bf34209dff48ea7872806bb4c9f331df33b8e26979863a5

Download Submit
C:\Windows\System\tZvBwBD.exe

Filesize
1.8MB

MD5
d0d684fb85e1c79ef4247347905a0fc4

SHA1
78253b516f707fb0629e1c91c05036420c6a2848

SHA256
3b58ff137554603634d45a0ed2512ec4ab16b57808206cf76d5b62f7debeb1c6

SHA512
97481658964b940a4d832102f5b8a7a6d337b1801193250297c6e2762a967bb9f50b54cccec977c076819ae1917695c1b3caeca3adf98079bf45a8f62dae6ff3

Download Submit
C:\Windows\System\tvHmgXz.exe

Filesize
1.8MB

MD5
ccda3356550dc873d0a739d8f45b73b9

SHA1
eca76e47f0361c2da47aad33273184effdd3c89a

SHA256
b3a7d7f409fb4735a2888222391a5596082fe06b38ce0b86528b094b7ddc8d83

SHA512
163f6c35937ceb99d16769535fcd558bba82213bf9308b3361a301a0ed1eb9b723d83b8d66bd7226974f768a3ebe31c294031a1b72b9bf53bdd321b85d05973c

Download Submit
C:\Windows\System\vCdfZBy.exe

Filesize
1.8MB

MD5
6410b33f5388721fb32b3be85ed4b79d

SHA1
2e5b851381ae8ede2524bcafec5b1155d789231c

SHA256
f776989ff20690ca541b1e02fcf4576c4c60fd60358454484835ccf7ad7be9bc

SHA512
884a077b3ab1bdd574695b6afd7ee23406bc8840f6e2018c0bc7b8a01eb29a616252b301bc619f8fbffde7877f5cdc793fdbf806276526f58a040e2a724aea97

Download Submit
C:\Windows\System\vutLPQJ.exe

Filesize
1.8MB

MD5
78bae75c68e96bac0f2e231966e7cab8

SHA1
e7bea54eda7e6fe236e0069c654abea30832521d

SHA256
91da295554034497e8225ef4204c5bebc98b126d926b605d97af9b46dbe7fd90

SHA512
d8527c4434b63d1b2354c55386996725b16c735115628a521673a0b40eecb55c005ea70b2e7b1714b2572c3a976bbcae92458101f1a239fb8376abd553ed3f68

Download Submit
C:\Windows\System\widnpZO.exe

Filesize
1.8MB

MD5
764a8b5fa224133a4029c94a8cc8bad6

SHA1
9ea9bfa2d329a9bc31c83a64016048d84e81c0a9

SHA256
55ca3410668bac9068ce129ec5f53b888acf52d501ae11cf43f8b51d3c02707e

SHA512
55a52dee19a1f2a8aa5c6bb8a7b892d9f3958f8ee33fd987ab191b3e28fbca3471204b7d09ff35f46fc1e02008d8c2405dc8c9348dc2399ac3ecb89a10d123e0

Download Submit
C:\Windows\System\xYDSlDJ.exe

Filesize
1.8MB

MD5
96727625a10c03b11758de56d289b977

SHA1
317ccb72c30fe19fb4cced06b31b0e81e86bac48

SHA256
bac6d6045ea0945104725c04cff366278523bbee83129706a299b75e39b08f89

SHA512
e8ad523f74cab46f845dd6893ad8e39d7cae3b5938dbedd1e7a4c1af747b3add4b8d83f42ae67fe8d96544469b755b17cc855f0b377b5fd4c0740836eee8b284

Download Submit
C:\Windows\System\zAKCXTw.exe

Filesize
1.8MB

MD5
0e9c7a98dfba5ba483e77ef3516af5ac

SHA1
6da0f60699f0ac65b5541d8d0e9551cf8af41cca

SHA256
aa97065eb1fd573e304e0756ff10ae24553f80d724c5261dd1ab097069931d55

SHA512
e6c8b7460fe0c8dbaf31d92ed072653190b2f34a7bd89caef17275d6c487e3b1a98861da55d1e7e2c9a8c71d4286467f009bba8f94634985682c72a77a9dc271

Download Submit
memory/956-685-0x00007FF61E000000-0x00007FF61E3F2000-memory.dmp

Filesize
3.9MB

Download
memory/956-2021-0x00007FF61E000000-0x00007FF61E3F2000-memory.dmp

Filesize
3.9MB

Download
memory/1104-2001-0x00007FF65BEE0000-0x00007FF65C2D2000-memory.dmp

Filesize
3.9MB

Download
memory/1104-641-0x00007FF65BEE0000-0x00007FF65C2D2000-memory.dmp

Filesize
3.9MB

Download
memory/1532-2015-0x00007FF7C7A00000-0x00007FF7C7DF2000-memory.dmp

Filesize
3.9MB

Download
memory/1532-644-0x00007FF7C7A00000-0x00007FF7C7DF2000-memory.dmp

Filesize
3.9MB

Download
memory/1836-598-0x00007FF7419D0000-0x00007FF741DC2000-memory.dmp

Filesize
3.9MB

Download
memory/1836-2033-0x00007FF7419D0000-0x00007FF741DC2000-memory.dmp

Filesize
3.9MB

Download
memory/1908-698-0x00007FF639740000-0x00007FF639B32000-memory.dmp

Filesize
3.9MB

Download
memory/1908-2011-0x00007FF639740000-0x00007FF639B32000-memory.dmp

Filesize
3.9MB

Download
memory/2144-32-0x00007FFA19CF0000-0x00007FFA1A7B1000-memory.dmp

Filesize
10.8MB

Download
memory/2144-381-0x000002AF4D5F0000-0x000002AF4DD96000-memory.dmp

Filesize
7.6MB

Download
memory/2144-3-0x00007FFA19CF3000-0x00007FFA19CF5000-memory.dmp

Filesize
8KB

Download
memory/2144-43-0x000002AF4C9F0000-0x000002AF4CA12000-memory.dmp

Filesize
136KB

Download
memory/2144-627-0x00007FFA19CF0000-0x00007FFA1A7B1000-memory.dmp

Filesize
10.8MB

Download
memory/2424-566-0x00007FF774860000-0x00007FF774C52000-memory.dmp

Filesize
3.9MB

Download
memory/2424-2029-0x00007FF774860000-0x00007FF774C52000-memory.dmp

Filesize
3.9MB

Download
memory/2428-550-0x00007FF729A20000-0x00007FF729E12000-memory.dmp

Filesize
3.9MB

Download
memory/2428-2025-0x00007FF729A20000-0x00007FF729E12000-memory.dmp

Filesize
3.9MB

Download
memory/2516-689-0x00007FF62C4B0000-0x00007FF62C8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2516-2010-0x00007FF62C4B0000-0x00007FF62C8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2784-2023-0x00007FF672930000-0x00007FF672D22000-memory.dmp

Filesize
3.9MB

Download
memory/2784-83-0x00007FF672930000-0x00007FF672D22000-memory.dmp

Filesize
3.9MB

Download
memory/2932-2038-0x00007FF749720000-0x00007FF749B12000-memory.dmp

Filesize
3.9MB

Download
memory/2932-607-0x00007FF749720000-0x00007FF749B12000-memory.dmp

Filesize
3.9MB

Download
memory/3132-49-0x00007FF7CF4C0000-0x00007FF7CF8B2000-memory.dmp

Filesize
3.9MB

Download
memory/3132-1993-0x00007FF7CF4C0000-0x00007FF7CF8B2000-memory.dmp

Filesize
3.9MB

Download
memory/3480-2027-0x00007FF7DD490000-0x00007FF7DD882000-memory.dmp

Filesize
3.9MB

Download
memory/3480-532-0x00007FF7DD490000-0x00007FF7DD882000-memory.dmp

Filesize
3.9MB

Download
memory/3512-1995-0x00007FF69DBB0000-0x00007FF69DFA2000-memory.dmp

Filesize
3.9MB

Download
memory/3512-55-0x00007FF69DBB0000-0x00007FF69DFA2000-memory.dmp

Filesize
3.9MB

Download
memory/3688-60-0x00007FF79F3C0000-0x00007FF79F7B2000-memory.dmp

Filesize
3.9MB

Download
memory/3688-1999-0x00007FF79F3C0000-0x00007FF79F7B2000-memory.dmp

Filesize
3.9MB

Download
memory/3732-2018-0x00007FF763E80000-0x00007FF764272000-memory.dmp

Filesize
3.9MB

Download
memory/3732-525-0x00007FF763E80000-0x00007FF764272000-memory.dmp

Filesize
3.9MB

Download
memory/3804-2066-0x00007FF6AC760000-0x00007FF6ACB52000-memory.dmp

Filesize
3.9MB

Download
memory/3804-1-0x000001F21C750000-0x000001F21C760000-memory.dmp

Filesize
64KB

Download
memory/3804-0-0x00007FF6AC760000-0x00007FF6ACB52000-memory.dmp

Filesize
3.9MB

Download
memory/4016-69-0x00007FF62BC20000-0x00007FF62C012000-memory.dmp

Filesize
3.9MB

Download
memory/4016-2003-0x00007FF62BC20000-0x00007FF62C012000-memory.dmp

Filesize
3.9MB

Download
memory/4160-2006-0x00007FF6EE2E0000-0x00007FF6EE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/4160-517-0x00007FF6EE2E0000-0x00007FF6EE6D2000-memory.dmp

Filesize
3.9MB

Download
memory/4560-68-0x00007FF69E8D0000-0x00007FF69ECC2000-memory.dmp

Filesize
3.9MB

Download
memory/4560-1998-0x00007FF69E8D0000-0x00007FF69ECC2000-memory.dmp

Filesize
3.9MB

Download
memory/4588-485-0x00007FF75F900000-0x00007FF75FCF2000-memory.dmp

Filesize
3.9MB

Download
memory/4588-2007-0x00007FF75F900000-0x00007FF75FCF2000-memory.dmp

Filesize
3.9MB

Download
memory/4800-604-0x00007FF706310000-0x00007FF706702000-memory.dmp

Filesize
3.9MB

Download
memory/4800-2040-0x00007FF706310000-0x00007FF706702000-memory.dmp

Filesize
3.9MB

Download
memory/4832-2031-0x00007FF73A770000-0x00007FF73AB62000-memory.dmp

Filesize
3.9MB

Download
memory/4832-578-0x00007FF73A770000-0x00007FF73AB62000-memory.dmp

Filesize
3.9MB

Download
memory/5012-2014-0x00007FF6BF080000-0x00007FF6BF472000-memory.dmp

Filesize
3.9MB

Download
memory/5012-660-0x00007FF6BF080000-0x00007FF6BF472000-memory.dmp

Filesize
3.9MB

Download
memory/5088-466-0x00007FF62C9A0000-0x00007FF62CD92000-memory.dmp

Filesize
3.9MB

Download
memory/5088-2142-0x00007FF62C9A0000-0x00007FF62CD92000-memory.dmp

Filesize
3.9MB

Download
memory/5112-2020-0x00007FF688360000-0x00007FF688752000-memory.dmp

Filesize
3.9MB

Download
memory/5112-665-0x00007FF688360000-0x00007FF688752000-memory.dmp

Filesize
3.9MB

Download