xmrig | 3048fa0a990747a5136e614baec7a1d36dc61528e2349bd79dad15f6b14d71bd

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 03:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

880fe205ff4e19e2450f1316657a6880N.exe
Size

1.7MB
MD5

880fe205ff4e19e2450f1316657a6880
SHA1

6b2e9b58ffc7c6d87fc6c208397af8de112027d5
SHA256

3048fa0a990747a5136e614baec7a1d36dc61528e2349bd79dad15f6b14d71bd
SHA512

6e56abcedc20d839c5ac3240fd2615891f11c34889c8fb3edfcc76d4b6b0d14f56979fac4ca28165dc483511863a255593000d3de87128e2cc1c3d45d9dfcf14
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPpHbcMfOoFxg:Lz071uv4BPMkFfdg6NsOkc265n

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/4744-9-0x00007FF75A5C0000-0x00007FF75A9B2000-memory.dmp	xmrig
behavioral2/memory/4136-105-0x00007FF777CE0000-0x00007FF7780D2000-memory.dmp	xmrig
behavioral2/memory/4900-110-0x00007FF793FF0000-0x00007FF7943E2000-memory.dmp	xmrig
behavioral2/memory/3864-183-0x00007FF7A1F60000-0x00007FF7A2352000-memory.dmp	xmrig
behavioral2/memory/5044-205-0x00007FF721630000-0x00007FF721A22000-memory.dmp	xmrig
behavioral2/memory/1484-201-0x00007FF729A40000-0x00007FF729E32000-memory.dmp	xmrig
behavioral2/memory/1820-190-0x00007FF7C5DC0000-0x00007FF7C61B2000-memory.dmp	xmrig
behavioral2/memory/2768-189-0x00007FF69A5D0000-0x00007FF69A9C2000-memory.dmp	xmrig
behavioral2/memory/2452-177-0x00007FF706020000-0x00007FF706412000-memory.dmp	xmrig
behavioral2/memory/4892-171-0x00007FF68FAB0000-0x00007FF68FEA2000-memory.dmp	xmrig
behavioral2/memory/1164-136-0x00007FF7C0D50000-0x00007FF7C1142000-memory.dmp	xmrig
behavioral2/memory/4016-132-0x00007FF74E6B0000-0x00007FF74EAA2000-memory.dmp	xmrig
behavioral2/memory/1172-128-0x00007FF655BD0000-0x00007FF655FC2000-memory.dmp	xmrig
behavioral2/memory/4488-127-0x00007FF62B420000-0x00007FF62B812000-memory.dmp	xmrig
behavioral2/memory/632-123-0x00007FF7AF6D0000-0x00007FF7AFAC2000-memory.dmp	xmrig
behavioral2/memory/4248-115-0x00007FF7F0210000-0x00007FF7F0602000-memory.dmp	xmrig
behavioral2/memory/4616-114-0x00007FF6DF2F0000-0x00007FF6DF6E2000-memory.dmp	xmrig
behavioral2/memory/5052-106-0x00007FF756A70000-0x00007FF756E62000-memory.dmp	xmrig
behavioral2/memory/216-101-0x00007FF695810000-0x00007FF695C02000-memory.dmp	xmrig
behavioral2/memory/440-95-0x00007FF7B6830000-0x00007FF7B6C22000-memory.dmp	xmrig
behavioral2/memory/3004-89-0x00007FF720670000-0x00007FF720A62000-memory.dmp	xmrig
behavioral2/memory/4872-2519-0x00007FF7CCF80000-0x00007FF7CD372000-memory.dmp	xmrig
behavioral2/memory/4744-2526-0x00007FF75A5C0000-0x00007FF75A9B2000-memory.dmp	xmrig
behavioral2/memory/1172-2530-0x00007FF655BD0000-0x00007FF655FC2000-memory.dmp	xmrig
behavioral2/memory/4488-2534-0x00007FF62B420000-0x00007FF62B812000-memory.dmp	xmrig
behavioral2/memory/216-2537-0x00007FF695810000-0x00007FF695C02000-memory.dmp	xmrig
behavioral2/memory/4900-2545-0x00007FF793FF0000-0x00007FF7943E2000-memory.dmp	xmrig
behavioral2/memory/4016-2549-0x00007FF74E6B0000-0x00007FF74EAA2000-memory.dmp	xmrig
behavioral2/memory/4616-2553-0x00007FF6DF2F0000-0x00007FF6DF6E2000-memory.dmp	xmrig
behavioral2/memory/4248-2555-0x00007FF7F0210000-0x00007FF7F0602000-memory.dmp	xmrig
behavioral2/memory/1920-2551-0x00007FF716860000-0x00007FF716C52000-memory.dmp	xmrig
behavioral2/memory/4136-2548-0x00007FF777CE0000-0x00007FF7780D2000-memory.dmp	xmrig
behavioral2/memory/5052-2544-0x00007FF756A70000-0x00007FF756E62000-memory.dmp	xmrig
behavioral2/memory/440-2540-0x00007FF7B6830000-0x00007FF7B6C22000-memory.dmp	xmrig
behavioral2/memory/3004-2539-0x00007FF720670000-0x00007FF720A62000-memory.dmp	xmrig
behavioral2/memory/2312-2572-0x00007FF78CC50000-0x00007FF78D042000-memory.dmp	xmrig
behavioral2/memory/1820-2568-0x00007FF7C5DC0000-0x00007FF7C61B2000-memory.dmp	xmrig
behavioral2/memory/1484-2576-0x00007FF729A40000-0x00007FF729E32000-memory.dmp	xmrig
behavioral2/memory/2452-2582-0x00007FF706020000-0x00007FF706412000-memory.dmp	xmrig
behavioral2/memory/3864-2579-0x00007FF7A1F60000-0x00007FF7A2352000-memory.dmp	xmrig
behavioral2/memory/5044-2574-0x00007FF721630000-0x00007FF721A22000-memory.dmp	xmrig
behavioral2/memory/2584-2566-0x00007FF7B2830000-0x00007FF7B2C22000-memory.dmp	xmrig
behavioral2/memory/4892-2564-0x00007FF68FAB0000-0x00007FF68FEA2000-memory.dmp	xmrig
behavioral2/memory/2768-2562-0x00007FF69A5D0000-0x00007FF69A9C2000-memory.dmp	xmrig
behavioral2/memory/4872-2581-0x00007FF7CCF80000-0x00007FF7CD372000-memory.dmp	xmrig
behavioral2/memory/1164-2558-0x00007FF7C0D50000-0x00007FF7C1142000-memory.dmp	xmrig
behavioral2/memory/632-2560-0x00007FF7AF6D0000-0x00007FF7AFAC2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	3932	powershell.exe
5	3932	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3932	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4744	GktxyFr.exe
4488	DrhpmTd.exe
1172	ARKekER.exe
3004	CeUDtwB.exe
440	umxafuA.exe
216	vCdPTtE.exe
4136	KHpOxqL.exe
5052	iCFEJUf.exe
4900	BNdSNOn.exe
4016	qMJQxHA.exe
4616	NmTMNzq.exe
4248	LKCrVKh.exe
4872	hfJfVbA.exe
632	faupVTE.exe
1164	fFwGxvk.exe
2312	xloYygj.exe
2584	IhqVgxM.exe
4892	FMurwTv.exe
2452	kKlBPLs.exe
3864	RPtzIpb.exe
2768	KIguxlV.exe
1820	siJGRYD.exe
1484	mWziVpb.exe
5044	LiZdDkQ.exe
2404	IUQTWeG.exe
3616	OZdRhrS.exe
3376	dFOGgpl.exe
3508	tmpBUWs.exe
512	haFwohJ.exe
2072	VskGrGh.exe
3988	lXYiocF.exe
4232	yQizwcX.exe
1764	wqtRjkS.exe
4444	iwhbbcv.exe
2804	UJlKaZA.exe
1052	pETcHlj.exe
3500	kbPBknX.exe
5056	pIfeSNu.exe
768	lqlvxsK.exe
2896	meZBykk.exe
3564	YpHLHlJ.exe
220	SQglfaz.exe
4160	bWPXBne.exe
1664	oMumJUx.exe
4188	LOIdrpC.exe
8	dTeOUER.exe
4876	xjiGTWQ.exe
3356	zvkQnBd.exe
3848	DORRiqL.exe
1540	JvaoxTm.exe
2448	vrhmGMp.exe
3560	PRwJhBb.exe
4992	RcaKuHZ.exe
644	TvGTRpK.exe
2644	MeXJOuL.exe
4912	QoqCsgW.exe
536	OnIQbPv.exe
316	lremKOU.exe
3944	SHAtzpE.exe
2212	vLqgLWb.exe
4816	sCrumew.exe
1260	FuXFYfH.exe
1804	FkUaUcp.exe
3304	kVcKROS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1920-0-0x00007FF716860000-0x00007FF716C52000-memory.dmp	upx
behavioral2/files/0x00090000000233db-5.dat	upx
behavioral2/files/0x000800000002343b-10.dat	upx
behavioral2/memory/4744-9-0x00007FF75A5C0000-0x00007FF75A9B2000-memory.dmp	upx
behavioral2/files/0x000700000002343c-8.dat	upx
behavioral2/files/0x000800000002343f-52.dat	upx
behavioral2/files/0x0007000000023444-75.dat	upx
behavioral2/files/0x0007000000023447-90.dat	upx
behavioral2/memory/4136-105-0x00007FF777CE0000-0x00007FF7780D2000-memory.dmp	upx
behavioral2/memory/4900-110-0x00007FF793FF0000-0x00007FF7943E2000-memory.dmp	upx
behavioral2/files/0x000700000002344f-124.dat	upx
behavioral2/files/0x0007000000023452-139.dat	upx
behavioral2/files/0x0007000000023453-172.dat	upx
behavioral2/memory/3864-183-0x00007FF7A1F60000-0x00007FF7A2352000-memory.dmp	upx
behavioral2/files/0x0007000000023458-193.dat	upx
behavioral2/memory/5044-205-0x00007FF721630000-0x00007FF721A22000-memory.dmp	upx
behavioral2/memory/1484-201-0x00007FF729A40000-0x00007FF729E32000-memory.dmp	upx
behavioral2/files/0x0007000000023459-198.dat	upx
behavioral2/files/0x0007000000023457-196.dat	upx
behavioral2/files/0x0007000000023456-191.dat	upx
behavioral2/memory/1820-190-0x00007FF7C5DC0000-0x00007FF7C61B2000-memory.dmp	upx
behavioral2/memory/2768-189-0x00007FF69A5D0000-0x00007FF69A9C2000-memory.dmp	upx
behavioral2/files/0x0007000000023455-184.dat	upx
behavioral2/files/0x0007000000023454-178.dat	upx
behavioral2/memory/2452-177-0x00007FF706020000-0x00007FF706412000-memory.dmp	upx
behavioral2/memory/4892-171-0x00007FF68FAB0000-0x00007FF68FEA2000-memory.dmp	upx
behavioral2/memory/2584-165-0x00007FF7B2830000-0x00007FF7B2C22000-memory.dmp	upx
behavioral2/files/0x0007000000023451-159.dat	upx
behavioral2/files/0x0007000000023450-157.dat	upx
behavioral2/files/0x000700000002344e-153.dat	upx
behavioral2/files/0x000700000002344d-151.dat	upx
behavioral2/files/0x000700000002344c-149.dat	upx
behavioral2/files/0x000700000002344b-147.dat	upx
behavioral2/files/0x000700000002344a-145.dat	upx
behavioral2/files/0x0008000000023439-143.dat	upx
behavioral2/memory/2312-142-0x00007FF78CC50000-0x00007FF78D042000-memory.dmp	upx
behavioral2/files/0x0007000000023449-137.dat	upx
behavioral2/memory/1164-136-0x00007FF7C0D50000-0x00007FF7C1142000-memory.dmp	upx
behavioral2/memory/4016-132-0x00007FF74E6B0000-0x00007FF74EAA2000-memory.dmp	upx
behavioral2/memory/1172-128-0x00007FF655BD0000-0x00007FF655FC2000-memory.dmp	upx
behavioral2/memory/4488-127-0x00007FF62B420000-0x00007FF62B812000-memory.dmp	upx
behavioral2/memory/632-123-0x00007FF7AF6D0000-0x00007FF7AFAC2000-memory.dmp	upx
behavioral2/memory/4872-119-0x00007FF7CCF80000-0x00007FF7CD372000-memory.dmp	upx
behavioral2/memory/4248-115-0x00007FF7F0210000-0x00007FF7F0602000-memory.dmp	upx
behavioral2/memory/4616-114-0x00007FF6DF2F0000-0x00007FF6DF6E2000-memory.dmp	upx
behavioral2/memory/5052-106-0x00007FF756A70000-0x00007FF756E62000-memory.dmp	upx
behavioral2/memory/216-101-0x00007FF695810000-0x00007FF695C02000-memory.dmp	upx
behavioral2/files/0x0007000000023448-96.dat	upx
behavioral2/memory/440-95-0x00007FF7B6830000-0x00007FF7B6C22000-memory.dmp	upx
behavioral2/memory/3004-89-0x00007FF720670000-0x00007FF720A62000-memory.dmp	upx
behavioral2/files/0x0007000000023446-81.dat	upx
behavioral2/files/0x0007000000023445-77.dat	upx
behavioral2/files/0x0007000000023443-73.dat	upx
behavioral2/files/0x000800000002343e-66.dat	upx
behavioral2/files/0x0007000000023442-57.dat	upx
behavioral2/files/0x0007000000023441-49.dat	upx
behavioral2/files/0x000700000002343d-43.dat	upx
behavioral2/files/0x0007000000023440-37.dat	upx
behavioral2/memory/4872-2519-0x00007FF7CCF80000-0x00007FF7CD372000-memory.dmp	upx
behavioral2/memory/4744-2526-0x00007FF75A5C0000-0x00007FF75A9B2000-memory.dmp	upx
behavioral2/memory/1172-2530-0x00007FF655BD0000-0x00007FF655FC2000-memory.dmp	upx
behavioral2/memory/4488-2534-0x00007FF62B420000-0x00007FF62B812000-memory.dmp	upx
behavioral2/memory/216-2537-0x00007FF695810000-0x00007FF695C02000-memory.dmp	upx
behavioral2/memory/4900-2545-0x00007FF793FF0000-0x00007FF7943E2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jZVUiNn.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\YYKAWyj.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\GugiMnk.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\GgYvkFR.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\neBttNm.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\DgrQJoH.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\JrhTpgB.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\VUmqOOc.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\SRdQVMp.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\IGmqMDG.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\QqCOVbV.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\SwGcFFO.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\QekYqoE.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\pmmwXCj.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\QYamTvT.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\lVEmVfM.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\BjKBxRp.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\KlvCAFa.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\JNbAJlO.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\ADPTyJj.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\cvPFLjJ.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\hgmEhJi.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\TbPXncO.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\fpqiZRd.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\asTngbi.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\TzBmdIg.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\YHMIIvY.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\hfJfVbA.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\kuQnTES.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\eevPivs.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\xPALoGR.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\ZwOZqGv.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\TYiGkLT.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\GFhGzun.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\MJPTzhy.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\aCrWeNq.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\zmonCVX.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\HDcqfzE.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\MfhCWBd.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\CbHLMga.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\mhhbnwH.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\GQmDlyq.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\FhZegne.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\hdZCFKz.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\wKdndUk.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\nTDGfVr.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\VWEMKZK.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\PAvwIuB.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\LhOVugq.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\gvTTIhP.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\EQleaFt.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\ZBoKujx.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\lMeKgJn.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\psMOORi.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\ZKcfSqV.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\vTAJMkv.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\LbRfSSC.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\LNmomjg.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\WLADpHv.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\ufvdeuh.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\qSxtDeF.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\NgrqvXE.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\tXsbOzT.exe	880fe205ff4e19e2450f1316657a6880N.exe
File created	C:\Windows\System\znpHFuS.exe	880fe205ff4e19e2450f1316657a6880N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3932	powershell.exe
3932	powershell.exe
3932	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3932	powershell.exe
Token: SeLockMemoryPrivilege	1920	880fe205ff4e19e2450f1316657a6880N.exe
Token: SeLockMemoryPrivilege	1920	880fe205ff4e19e2450f1316657a6880N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 3932	1920	880fe205ff4e19e2450f1316657a6880N.exe	85
PID 1920 wrote to memory of 3932	1920	880fe205ff4e19e2450f1316657a6880N.exe	85
PID 1920 wrote to memory of 4744	1920	880fe205ff4e19e2450f1316657a6880N.exe	86
PID 1920 wrote to memory of 4744	1920	880fe205ff4e19e2450f1316657a6880N.exe	86
PID 1920 wrote to memory of 4488	1920	880fe205ff4e19e2450f1316657a6880N.exe	87
PID 1920 wrote to memory of 4488	1920	880fe205ff4e19e2450f1316657a6880N.exe	87
PID 1920 wrote to memory of 1172	1920	880fe205ff4e19e2450f1316657a6880N.exe	88
PID 1920 wrote to memory of 1172	1920	880fe205ff4e19e2450f1316657a6880N.exe	88
PID 1920 wrote to memory of 3004	1920	880fe205ff4e19e2450f1316657a6880N.exe	89
PID 1920 wrote to memory of 3004	1920	880fe205ff4e19e2450f1316657a6880N.exe	89
PID 1920 wrote to memory of 440	1920	880fe205ff4e19e2450f1316657a6880N.exe	90
PID 1920 wrote to memory of 440	1920	880fe205ff4e19e2450f1316657a6880N.exe	90
PID 1920 wrote to memory of 216	1920	880fe205ff4e19e2450f1316657a6880N.exe	91
PID 1920 wrote to memory of 216	1920	880fe205ff4e19e2450f1316657a6880N.exe	91
PID 1920 wrote to memory of 4136	1920	880fe205ff4e19e2450f1316657a6880N.exe	92
PID 1920 wrote to memory of 4136	1920	880fe205ff4e19e2450f1316657a6880N.exe	92
PID 1920 wrote to memory of 5052	1920	880fe205ff4e19e2450f1316657a6880N.exe	93
PID 1920 wrote to memory of 5052	1920	880fe205ff4e19e2450f1316657a6880N.exe	93
PID 1920 wrote to memory of 4900	1920	880fe205ff4e19e2450f1316657a6880N.exe	94
PID 1920 wrote to memory of 4900	1920	880fe205ff4e19e2450f1316657a6880N.exe	94
PID 1920 wrote to memory of 4016	1920	880fe205ff4e19e2450f1316657a6880N.exe	95
PID 1920 wrote to memory of 4016	1920	880fe205ff4e19e2450f1316657a6880N.exe	95
PID 1920 wrote to memory of 4616	1920	880fe205ff4e19e2450f1316657a6880N.exe	96
PID 1920 wrote to memory of 4616	1920	880fe205ff4e19e2450f1316657a6880N.exe	96
PID 1920 wrote to memory of 4248	1920	880fe205ff4e19e2450f1316657a6880N.exe	97
PID 1920 wrote to memory of 4248	1920	880fe205ff4e19e2450f1316657a6880N.exe	97
PID 1920 wrote to memory of 4872	1920	880fe205ff4e19e2450f1316657a6880N.exe	98
PID 1920 wrote to memory of 4872	1920	880fe205ff4e19e2450f1316657a6880N.exe	98
PID 1920 wrote to memory of 632	1920	880fe205ff4e19e2450f1316657a6880N.exe	99
PID 1920 wrote to memory of 632	1920	880fe205ff4e19e2450f1316657a6880N.exe	99
PID 1920 wrote to memory of 1164	1920	880fe205ff4e19e2450f1316657a6880N.exe	100
PID 1920 wrote to memory of 1164	1920	880fe205ff4e19e2450f1316657a6880N.exe	100
PID 1920 wrote to memory of 2312	1920	880fe205ff4e19e2450f1316657a6880N.exe	101
PID 1920 wrote to memory of 2312	1920	880fe205ff4e19e2450f1316657a6880N.exe	101
PID 1920 wrote to memory of 2584	1920	880fe205ff4e19e2450f1316657a6880N.exe	102
PID 1920 wrote to memory of 2584	1920	880fe205ff4e19e2450f1316657a6880N.exe	102
PID 1920 wrote to memory of 4892	1920	880fe205ff4e19e2450f1316657a6880N.exe	103
PID 1920 wrote to memory of 4892	1920	880fe205ff4e19e2450f1316657a6880N.exe	103
PID 1920 wrote to memory of 2452	1920	880fe205ff4e19e2450f1316657a6880N.exe	104
PID 1920 wrote to memory of 2452	1920	880fe205ff4e19e2450f1316657a6880N.exe	104
PID 1920 wrote to memory of 3864	1920	880fe205ff4e19e2450f1316657a6880N.exe	105
PID 1920 wrote to memory of 3864	1920	880fe205ff4e19e2450f1316657a6880N.exe	105
PID 1920 wrote to memory of 2768	1920	880fe205ff4e19e2450f1316657a6880N.exe	106
PID 1920 wrote to memory of 2768	1920	880fe205ff4e19e2450f1316657a6880N.exe	106
PID 1920 wrote to memory of 1820	1920	880fe205ff4e19e2450f1316657a6880N.exe	107
PID 1920 wrote to memory of 1820	1920	880fe205ff4e19e2450f1316657a6880N.exe	107
PID 1920 wrote to memory of 1484	1920	880fe205ff4e19e2450f1316657a6880N.exe	108
PID 1920 wrote to memory of 1484	1920	880fe205ff4e19e2450f1316657a6880N.exe	108
PID 1920 wrote to memory of 5044	1920	880fe205ff4e19e2450f1316657a6880N.exe	109
PID 1920 wrote to memory of 5044	1920	880fe205ff4e19e2450f1316657a6880N.exe	109
PID 1920 wrote to memory of 2404	1920	880fe205ff4e19e2450f1316657a6880N.exe	110
PID 1920 wrote to memory of 2404	1920	880fe205ff4e19e2450f1316657a6880N.exe	110
PID 1920 wrote to memory of 3616	1920	880fe205ff4e19e2450f1316657a6880N.exe	111
PID 1920 wrote to memory of 3616	1920	880fe205ff4e19e2450f1316657a6880N.exe	111
PID 1920 wrote to memory of 3376	1920	880fe205ff4e19e2450f1316657a6880N.exe	112
PID 1920 wrote to memory of 3376	1920	880fe205ff4e19e2450f1316657a6880N.exe	112
PID 1920 wrote to memory of 3508	1920	880fe205ff4e19e2450f1316657a6880N.exe	113
PID 1920 wrote to memory of 3508	1920	880fe205ff4e19e2450f1316657a6880N.exe	113
PID 1920 wrote to memory of 512	1920	880fe205ff4e19e2450f1316657a6880N.exe	114
PID 1920 wrote to memory of 512	1920	880fe205ff4e19e2450f1316657a6880N.exe	114
PID 1920 wrote to memory of 2072	1920	880fe205ff4e19e2450f1316657a6880N.exe	115
PID 1920 wrote to memory of 2072	1920	880fe205ff4e19e2450f1316657a6880N.exe	115
PID 1920 wrote to memory of 3988	1920	880fe205ff4e19e2450f1316657a6880N.exe	116
PID 1920 wrote to memory of 3988	1920	880fe205ff4e19e2450f1316657a6880N.exe	116

C:\Users\Admin\AppData\Local\Temp\880fe205ff4e19e2450f1316657a6880N.exe
"C:\Users\Admin\AppData\Local\Temp\880fe205ff4e19e2450f1316657a6880N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3932
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3932" "2908" "2872" "2912" "0" "0" "2864" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12748
- C:\Windows\System\GktxyFr.exe
  C:\Windows\System\GktxyFr.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\DrhpmTd.exe
  C:\Windows\System\DrhpmTd.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\ARKekER.exe
  C:\Windows\System\ARKekER.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\CeUDtwB.exe
  C:\Windows\System\CeUDtwB.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\umxafuA.exe
  C:\Windows\System\umxafuA.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\vCdPTtE.exe
  C:\Windows\System\vCdPTtE.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\KHpOxqL.exe
  C:\Windows\System\KHpOxqL.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\iCFEJUf.exe
  C:\Windows\System\iCFEJUf.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\BNdSNOn.exe
  C:\Windows\System\BNdSNOn.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\qMJQxHA.exe
  C:\Windows\System\qMJQxHA.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\NmTMNzq.exe
  C:\Windows\System\NmTMNzq.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\LKCrVKh.exe
  C:\Windows\System\LKCrVKh.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\hfJfVbA.exe
  C:\Windows\System\hfJfVbA.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\faupVTE.exe
  C:\Windows\System\faupVTE.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\fFwGxvk.exe
  C:\Windows\System\fFwGxvk.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\xloYygj.exe
  C:\Windows\System\xloYygj.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\IhqVgxM.exe
  C:\Windows\System\IhqVgxM.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\FMurwTv.exe
  C:\Windows\System\FMurwTv.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\kKlBPLs.exe
  C:\Windows\System\kKlBPLs.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\RPtzIpb.exe
  C:\Windows\System\RPtzIpb.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\KIguxlV.exe
  C:\Windows\System\KIguxlV.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\siJGRYD.exe
  C:\Windows\System\siJGRYD.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\mWziVpb.exe
  C:\Windows\System\mWziVpb.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\LiZdDkQ.exe
  C:\Windows\System\LiZdDkQ.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\IUQTWeG.exe
  C:\Windows\System\IUQTWeG.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\OZdRhrS.exe
  C:\Windows\System\OZdRhrS.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\dFOGgpl.exe
  C:\Windows\System\dFOGgpl.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\tmpBUWs.exe
  C:\Windows\System\tmpBUWs.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\haFwohJ.exe
  C:\Windows\System\haFwohJ.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\VskGrGh.exe
  C:\Windows\System\VskGrGh.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\lXYiocF.exe
  C:\Windows\System\lXYiocF.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\yQizwcX.exe
  C:\Windows\System\yQizwcX.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\wqtRjkS.exe
  C:\Windows\System\wqtRjkS.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\iwhbbcv.exe
  C:\Windows\System\iwhbbcv.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\UJlKaZA.exe
  C:\Windows\System\UJlKaZA.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\pETcHlj.exe
  C:\Windows\System\pETcHlj.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\kbPBknX.exe
  C:\Windows\System\kbPBknX.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\pIfeSNu.exe
  C:\Windows\System\pIfeSNu.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\lqlvxsK.exe
  C:\Windows\System\lqlvxsK.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\meZBykk.exe
  C:\Windows\System\meZBykk.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\YpHLHlJ.exe
  C:\Windows\System\YpHLHlJ.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\SQglfaz.exe
  C:\Windows\System\SQglfaz.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\bWPXBne.exe
  C:\Windows\System\bWPXBne.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\oMumJUx.exe
  C:\Windows\System\oMumJUx.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\LOIdrpC.exe
  C:\Windows\System\LOIdrpC.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\dTeOUER.exe
  C:\Windows\System\dTeOUER.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\xjiGTWQ.exe
  C:\Windows\System\xjiGTWQ.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\zvkQnBd.exe
  C:\Windows\System\zvkQnBd.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\DORRiqL.exe
  C:\Windows\System\DORRiqL.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\JvaoxTm.exe
  C:\Windows\System\JvaoxTm.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\vrhmGMp.exe
  C:\Windows\System\vrhmGMp.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\PRwJhBb.exe
  C:\Windows\System\PRwJhBb.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\RcaKuHZ.exe
  C:\Windows\System\RcaKuHZ.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\TvGTRpK.exe
  C:\Windows\System\TvGTRpK.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\MeXJOuL.exe
  C:\Windows\System\MeXJOuL.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\QoqCsgW.exe
  C:\Windows\System\QoqCsgW.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\OnIQbPv.exe
  C:\Windows\System\OnIQbPv.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\lremKOU.exe
  C:\Windows\System\lremKOU.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\SHAtzpE.exe
  C:\Windows\System\SHAtzpE.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\vLqgLWb.exe
  C:\Windows\System\vLqgLWb.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\sCrumew.exe
  C:\Windows\System\sCrumew.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\FuXFYfH.exe
  C:\Windows\System\FuXFYfH.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\FkUaUcp.exe
  C:\Windows\System\FkUaUcp.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\kVcKROS.exe
  C:\Windows\System\kVcKROS.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\GjNVDQP.exe
  C:\Windows\System\GjNVDQP.exe
  2⤵
  PID:4568
- C:\Windows\System\gdSFYRs.exe
  C:\Windows\System\gdSFYRs.exe
  2⤵
  PID:1936
- C:\Windows\System\wckXhJL.exe
  C:\Windows\System\wckXhJL.exe
  2⤵
  PID:4456
- C:\Windows\System\hdZCFKz.exe
  C:\Windows\System\hdZCFKz.exe
  2⤵
  PID:624
- C:\Windows\System\UvSTVnh.exe
  C:\Windows\System\UvSTVnh.exe
  2⤵
  PID:3652
- C:\Windows\System\zdkMYVq.exe
  C:\Windows\System\zdkMYVq.exe
  2⤵
  PID:4836
- C:\Windows\System\kuQnTES.exe
  C:\Windows\System\kuQnTES.exe
  2⤵
  PID:2076
- C:\Windows\System\roVsPPH.exe
  C:\Windows\System\roVsPPH.exe
  2⤵
  PID:5060
- C:\Windows\System\IdClEQx.exe
  C:\Windows\System\IdClEQx.exe
  2⤵
  PID:5136
- C:\Windows\System\llFoAOi.exe
  C:\Windows\System\llFoAOi.exe
  2⤵
  PID:5168
- C:\Windows\System\itjGumI.exe
  C:\Windows\System\itjGumI.exe
  2⤵
  PID:5192
- C:\Windows\System\AEcsOxt.exe
  C:\Windows\System\AEcsOxt.exe
  2⤵
  PID:5220
- C:\Windows\System\fwHwmiD.exe
  C:\Windows\System\fwHwmiD.exe
  2⤵
  PID:5244
- C:\Windows\System\sdVAApN.exe
  C:\Windows\System\sdVAApN.exe
  2⤵
  PID:5276
- C:\Windows\System\CPHxyGz.exe
  C:\Windows\System\CPHxyGz.exe
  2⤵
  PID:5300
- C:\Windows\System\JmJrfHk.exe
  C:\Windows\System\JmJrfHk.exe
  2⤵
  PID:5328
- C:\Windows\System\doBHREu.exe
  C:\Windows\System\doBHREu.exe
  2⤵
  PID:5376
- C:\Windows\System\pfBhNCu.exe
  C:\Windows\System\pfBhNCu.exe
  2⤵
  PID:5396
- C:\Windows\System\urTeQjs.exe
  C:\Windows\System\urTeQjs.exe
  2⤵
  PID:5424
- C:\Windows\System\XxHWyGm.exe
  C:\Windows\System\XxHWyGm.exe
  2⤵
  PID:5440
- C:\Windows\System\nBFsMbx.exe
  C:\Windows\System\nBFsMbx.exe
  2⤵
  PID:5468
- C:\Windows\System\UpXgaFv.exe
  C:\Windows\System\UpXgaFv.exe
  2⤵
  PID:5492
- C:\Windows\System\ryKFnMh.exe
  C:\Windows\System\ryKFnMh.exe
  2⤵
  PID:5520
- C:\Windows\System\sdYQnoA.exe
  C:\Windows\System\sdYQnoA.exe
  2⤵
  PID:5548
- C:\Windows\System\ctRBuuw.exe
  C:\Windows\System\ctRBuuw.exe
  2⤵
  PID:5576
- C:\Windows\System\aYzPrcq.exe
  C:\Windows\System\aYzPrcq.exe
  2⤵
  PID:5608
- C:\Windows\System\LKtHtHY.exe
  C:\Windows\System\LKtHtHY.exe
  2⤵
  PID:5632
- C:\Windows\System\VFHUGeH.exe
  C:\Windows\System\VFHUGeH.exe
  2⤵
  PID:5668
- C:\Windows\System\rclbDmF.exe
  C:\Windows\System\rclbDmF.exe
  2⤵
  PID:5692
- C:\Windows\System\gvUIGax.exe
  C:\Windows\System\gvUIGax.exe
  2⤵
  PID:5720
- C:\Windows\System\xJeylUn.exe
  C:\Windows\System\xJeylUn.exe
  2⤵
  PID:5748
- C:\Windows\System\tUjUOkY.exe
  C:\Windows\System\tUjUOkY.exe
  2⤵
  PID:5776
- C:\Windows\System\FLqdSKc.exe
  C:\Windows\System\FLqdSKc.exe
  2⤵
  PID:5804
- C:\Windows\System\tOHhkWQ.exe
  C:\Windows\System\tOHhkWQ.exe
  2⤵
  PID:5832
- C:\Windows\System\eaxFBeJ.exe
  C:\Windows\System\eaxFBeJ.exe
  2⤵
  PID:5868
- C:\Windows\System\tGVJBOn.exe
  C:\Windows\System\tGVJBOn.exe
  2⤵
  PID:5892
- C:\Windows\System\JWkuGGB.exe
  C:\Windows\System\JWkuGGB.exe
  2⤵
  PID:5916
- C:\Windows\System\BlDnVNz.exe
  C:\Windows\System\BlDnVNz.exe
  2⤵
  PID:5944
- C:\Windows\System\qxsnyTt.exe
  C:\Windows\System\qxsnyTt.exe
  2⤵
  PID:5972
- C:\Windows\System\RIMrPDT.exe
  C:\Windows\System\RIMrPDT.exe
  2⤵
  PID:5996
- C:\Windows\System\VdURNkg.exe
  C:\Windows\System\VdURNkg.exe
  2⤵
  PID:6032
- C:\Windows\System\EXzEfLq.exe
  C:\Windows\System\EXzEfLq.exe
  2⤵
  PID:6056
- C:\Windows\System\DeHBbpI.exe
  C:\Windows\System\DeHBbpI.exe
  2⤵
  PID:6092
- C:\Windows\System\QWPaNoZ.exe
  C:\Windows\System\QWPaNoZ.exe
  2⤵
  PID:6120
- C:\Windows\System\GGrgLsM.exe
  C:\Windows\System\GGrgLsM.exe
  2⤵
  PID:5080
- C:\Windows\System\UewACbS.exe
  C:\Windows\System\UewACbS.exe
  2⤵
  PID:4120
- C:\Windows\System\pHhimYN.exe
  C:\Windows\System\pHhimYN.exe
  2⤵
  PID:2888
- C:\Windows\System\LpscUnb.exe
  C:\Windows\System\LpscUnb.exe
  2⤵
  PID:1004
- C:\Windows\System\NfhHREv.exe
  C:\Windows\System\NfhHREv.exe
  2⤵
  PID:5184
- C:\Windows\System\XteAteI.exe
  C:\Windows\System\XteAteI.exe
  2⤵
  PID:5240
- C:\Windows\System\usMlGMd.exe
  C:\Windows\System\usMlGMd.exe
  2⤵
  PID:5296
- C:\Windows\System\mWzpslL.exe
  C:\Windows\System\mWzpslL.exe
  2⤵
  PID:5324
- C:\Windows\System\NPPkpLK.exe
  C:\Windows\System\NPPkpLK.exe
  2⤵
  PID:4956
- C:\Windows\System\EQZqgyo.exe
  C:\Windows\System\EQZqgyo.exe
  2⤵
  PID:5416
- C:\Windows\System\DzFjcXB.exe
  C:\Windows\System\DzFjcXB.exe
  2⤵
  PID:5452
- C:\Windows\System\eWrezoZ.exe
  C:\Windows\System\eWrezoZ.exe
  2⤵
  PID:5488
- C:\Windows\System\xYZFuQF.exe
  C:\Windows\System\xYZFuQF.exe
  2⤵
  PID:5564
- C:\Windows\System\UwhpNtN.exe
  C:\Windows\System\UwhpNtN.exe
  2⤵
  PID:5656
- C:\Windows\System\DtfTUKs.exe
  C:\Windows\System\DtfTUKs.exe
  2⤵
  PID:5684
- C:\Windows\System\FvnegDm.exe
  C:\Windows\System\FvnegDm.exe
  2⤵
  PID:5708
- C:\Windows\System\LPdrAzP.exe
  C:\Windows\System\LPdrAzP.exe
  2⤵
  PID:1500
- C:\Windows\System\jLSJGUS.exe
  C:\Windows\System\jLSJGUS.exe
  2⤵
  PID:5764
- C:\Windows\System\KdnnKfJ.exe
  C:\Windows\System\KdnnKfJ.exe
  2⤵
  PID:5800
- C:\Windows\System\PHyWXgM.exe
  C:\Windows\System\PHyWXgM.exe
  2⤵
  PID:5856
- C:\Windows\System\XDiyjBX.exe
  C:\Windows\System\XDiyjBX.exe
  2⤵
  PID:5884
- C:\Windows\System\AGSZkfk.exe
  C:\Windows\System\AGSZkfk.exe
  2⤵
  PID:6024
- C:\Windows\System\vAWweTL.exe
  C:\Windows\System\vAWweTL.exe
  2⤵
  PID:4324
- C:\Windows\System\eqoscKx.exe
  C:\Windows\System\eqoscKx.exe
  2⤵
  PID:6116
- C:\Windows\System\ljGwolg.exe
  C:\Windows\System\ljGwolg.exe
  2⤵
  PID:432
- C:\Windows\System\sJNCBol.exe
  C:\Windows\System\sJNCBol.exe
  2⤵
  PID:2376
- C:\Windows\System\QmduLwZ.exe
  C:\Windows\System\QmduLwZ.exe
  2⤵
  PID:4368
- C:\Windows\System\LJKoiCY.exe
  C:\Windows\System\LJKoiCY.exe
  2⤵
  PID:3240
- C:\Windows\System\DthqOsY.exe
  C:\Windows\System\DthqOsY.exe
  2⤵
  PID:5180
- C:\Windows\System\fZgbFhX.exe
  C:\Windows\System\fZgbFhX.exe
  2⤵
  PID:3608
- C:\Windows\System\WHXYobD.exe
  C:\Windows\System\WHXYobD.exe
  2⤵
  PID:4044
- C:\Windows\System\jnPXiKB.exe
  C:\Windows\System\jnPXiKB.exe
  2⤵
  PID:5344
- C:\Windows\System\ksplhqs.exe
  C:\Windows\System\ksplhqs.exe
  2⤵
  PID:5408
- C:\Windows\System\WcbRZqx.exe
  C:\Windows\System\WcbRZqx.exe
  2⤵
  PID:5436
- C:\Windows\System\StQpfQr.exe
  C:\Windows\System\StQpfQr.exe
  2⤵
  PID:1312
- C:\Windows\System\FlWuITH.exe
  C:\Windows\System\FlWuITH.exe
  2⤵
  PID:3032
- C:\Windows\System\Dwqdlag.exe
  C:\Windows\System\Dwqdlag.exe
  2⤵
  PID:4656
- C:\Windows\System\ZhbPPRr.exe
  C:\Windows\System\ZhbPPRr.exe
  2⤵
  PID:1228
- C:\Windows\System\HONLqvP.exe
  C:\Windows\System\HONLqvP.exe
  2⤵
  PID:3392
- C:\Windows\System\jHzrjVs.exe
  C:\Windows\System\jHzrjVs.exe
  2⤵
  PID:1808
- C:\Windows\System\zxzaYlM.exe
  C:\Windows\System\zxzaYlM.exe
  2⤵
  PID:3668
- C:\Windows\System\iAkDTUo.exe
  C:\Windows\System\iAkDTUo.exe
  2⤵
  PID:2972
- C:\Windows\System\xXcCpCD.exe
  C:\Windows\System\xXcCpCD.exe
  2⤵
  PID:5772
- C:\Windows\System\QbiihEK.exe
  C:\Windows\System\QbiihEK.exe
  2⤵
  PID:2244
- C:\Windows\System\qeloYwi.exe
  C:\Windows\System\qeloYwi.exe
  2⤵
  PID:1616
- C:\Windows\System\kaiiPKI.exe
  C:\Windows\System\kaiiPKI.exe
  2⤵
  PID:6140
- C:\Windows\System\MJcYChl.exe
  C:\Windows\System\MJcYChl.exe
  2⤵
  PID:6076
- C:\Windows\System\NtfxzVj.exe
  C:\Windows\System\NtfxzVj.exe
  2⤵
  PID:6008
- C:\Windows\System\YYJWgeH.exe
  C:\Windows\System\YYJWgeH.exe
  2⤵
  PID:4980
- C:\Windows\System\NoyHQpM.exe
  C:\Windows\System\NoyHQpM.exe
  2⤵
  PID:3428
- C:\Windows\System\GYysaSk.exe
  C:\Windows\System\GYysaSk.exe
  2⤵
  PID:6148
- C:\Windows\System\joFsFMW.exe
  C:\Windows\System\joFsFMW.exe
  2⤵
  PID:6200
- C:\Windows\System\WxJPMfj.exe
  C:\Windows\System\WxJPMfj.exe
  2⤵
  PID:6216
- C:\Windows\System\jaOPSAM.exe
  C:\Windows\System\jaOPSAM.exe
  2⤵
  PID:6244
- C:\Windows\System\bmwIdYo.exe
  C:\Windows\System\bmwIdYo.exe
  2⤵
  PID:6264
- C:\Windows\System\GgBbRSw.exe
  C:\Windows\System\GgBbRSw.exe
  2⤵
  PID:6288
- C:\Windows\System\eDVSmfZ.exe
  C:\Windows\System\eDVSmfZ.exe
  2⤵
  PID:6324
- C:\Windows\System\mflOoXU.exe
  C:\Windows\System\mflOoXU.exe
  2⤵
  PID:6348
- C:\Windows\System\QZIsSxY.exe
  C:\Windows\System\QZIsSxY.exe
  2⤵
  PID:6372
- C:\Windows\System\eoGFtvf.exe
  C:\Windows\System\eoGFtvf.exe
  2⤵
  PID:6388
- C:\Windows\System\DueFzyX.exe
  C:\Windows\System\DueFzyX.exe
  2⤵
  PID:6412
- C:\Windows\System\JkTMVxI.exe
  C:\Windows\System\JkTMVxI.exe
  2⤵
  PID:6428
- C:\Windows\System\LpbjxIZ.exe
  C:\Windows\System\LpbjxIZ.exe
  2⤵
  PID:6456
- C:\Windows\System\xhBrxSq.exe
  C:\Windows\System\xhBrxSq.exe
  2⤵
  PID:6476
- C:\Windows\System\xJffswo.exe
  C:\Windows\System\xJffswo.exe
  2⤵
  PID:6496
- C:\Windows\System\BiBbPKW.exe
  C:\Windows\System\BiBbPKW.exe
  2⤵
  PID:6532
- C:\Windows\System\JELmYVL.exe
  C:\Windows\System\JELmYVL.exe
  2⤵
  PID:6552
- C:\Windows\System\OyBvLBX.exe
  C:\Windows\System\OyBvLBX.exe
  2⤵
  PID:6568
- C:\Windows\System\QljuTWP.exe
  C:\Windows\System\QljuTWP.exe
  2⤵
  PID:6596
- C:\Windows\System\FWLUpOY.exe
  C:\Windows\System\FWLUpOY.exe
  2⤵
  PID:6616
- C:\Windows\System\VWEMKZK.exe
  C:\Windows\System\VWEMKZK.exe
  2⤵
  PID:6640
- C:\Windows\System\WqIPODr.exe
  C:\Windows\System\WqIPODr.exe
  2⤵
  PID:6664
- C:\Windows\System\gEBBmft.exe
  C:\Windows\System\gEBBmft.exe
  2⤵
  PID:6684
- C:\Windows\System\rObbWIz.exe
  C:\Windows\System\rObbWIz.exe
  2⤵
  PID:6700
- C:\Windows\System\YkiXhqX.exe
  C:\Windows\System\YkiXhqX.exe
  2⤵
  PID:6724
- C:\Windows\System\wnPiAJO.exe
  C:\Windows\System\wnPiAJO.exe
  2⤵
  PID:6740
- C:\Windows\System\WijLFff.exe
  C:\Windows\System\WijLFff.exe
  2⤵
  PID:6764
- C:\Windows\System\eLbHCxY.exe
  C:\Windows\System\eLbHCxY.exe
  2⤵
  PID:6780
- C:\Windows\System\MlPYyiK.exe
  C:\Windows\System\MlPYyiK.exe
  2⤵
  PID:6804
- C:\Windows\System\cDOmdPK.exe
  C:\Windows\System\cDOmdPK.exe
  2⤵
  PID:6844
- C:\Windows\System\lPrYfMI.exe
  C:\Windows\System\lPrYfMI.exe
  2⤵
  PID:6872
- C:\Windows\System\GfPTQci.exe
  C:\Windows\System\GfPTQci.exe
  2⤵
  PID:6888
- C:\Windows\System\oqQFoVp.exe
  C:\Windows\System\oqQFoVp.exe
  2⤵
  PID:6924
- C:\Windows\System\EPseDff.exe
  C:\Windows\System\EPseDff.exe
  2⤵
  PID:6944
- C:\Windows\System\lLSpzRD.exe
  C:\Windows\System\lLSpzRD.exe
  2⤵
  PID:6968
- C:\Windows\System\gGnBZqX.exe
  C:\Windows\System\gGnBZqX.exe
  2⤵
  PID:6988
- C:\Windows\System\BIUcpBp.exe
  C:\Windows\System\BIUcpBp.exe
  2⤵
  PID:7016
- C:\Windows\System\fqYnOxD.exe
  C:\Windows\System\fqYnOxD.exe
  2⤵
  PID:7032
- C:\Windows\System\dOTkkDg.exe
  C:\Windows\System\dOTkkDg.exe
  2⤵
  PID:7056
- C:\Windows\System\ydoGJJQ.exe
  C:\Windows\System\ydoGJJQ.exe
  2⤵
  PID:7072
- C:\Windows\System\EOIKTPM.exe
  C:\Windows\System\EOIKTPM.exe
  2⤵
  PID:7096
- C:\Windows\System\KFaQzqk.exe
  C:\Windows\System\KFaQzqk.exe
  2⤵
  PID:7112
- C:\Windows\System\LuaJnXP.exe
  C:\Windows\System\LuaJnXP.exe
  2⤵
  PID:7136
- C:\Windows\System\rAXWnGm.exe
  C:\Windows\System\rAXWnGm.exe
  2⤵
  PID:7164
- C:\Windows\System\eLbKngN.exe
  C:\Windows\System\eLbKngN.exe
  2⤵
  PID:2196
- C:\Windows\System\KKlLqVC.exe
  C:\Windows\System\KKlLqVC.exe
  2⤵
  PID:6084
- C:\Windows\System\sezpEzM.exe
  C:\Windows\System\sezpEzM.exe
  2⤵
  PID:5284
- C:\Windows\System\FsrLKGq.exe
  C:\Windows\System\FsrLKGq.exe
  2⤵
  PID:1152
- C:\Windows\System\nUPGecf.exe
  C:\Windows\System\nUPGecf.exe
  2⤵
  PID:4036
- C:\Windows\System\fPHJzEE.exe
  C:\Windows\System\fPHJzEE.exe
  2⤵
  PID:4528
- C:\Windows\System\DEByNPC.exe
  C:\Windows\System\DEByNPC.exe
  2⤵
  PID:5480
- C:\Windows\System\kdOYqlq.exe
  C:\Windows\System\kdOYqlq.exe
  2⤵
  PID:5652
- C:\Windows\System\PwTXZVz.exe
  C:\Windows\System\PwTXZVz.exe
  2⤵
  PID:6108
- C:\Windows\System\AGthXny.exe
  C:\Windows\System\AGthXny.exe
  2⤵
  PID:5988
- C:\Windows\System\RfFfGzc.exe
  C:\Windows\System\RfFfGzc.exe
  2⤵
  PID:3956
- C:\Windows\System\NFvZzaB.exe
  C:\Windows\System\NFvZzaB.exe
  2⤵
  PID:6020
- C:\Windows\System\QtkNBbd.exe
  C:\Windows\System\QtkNBbd.exe
  2⤵
  PID:6472
- C:\Windows\System\Xvhjsha.exe
  C:\Windows\System\Xvhjsha.exe
  2⤵
  PID:6224
- C:\Windows\System\tkXFiJk.exe
  C:\Windows\System\tkXFiJk.exe
  2⤵
  PID:6276
- C:\Windows\System\amEEAUs.exe
  C:\Windows\System\amEEAUs.exe
  2⤵
  PID:6316
- C:\Windows\System\UHTpQFc.exe
  C:\Windows\System\UHTpQFc.exe
  2⤵
  PID:6364
- C:\Windows\System\fZNoDuO.exe
  C:\Windows\System\fZNoDuO.exe
  2⤵
  PID:6384
- C:\Windows\System\MTNMdYy.exe
  C:\Windows\System\MTNMdYy.exe
  2⤵
  PID:6492
- C:\Windows\System\iJODqmo.exe
  C:\Windows\System\iJODqmo.exe
  2⤵
  PID:6504
- C:\Windows\System\dvhzVjK.exe
  C:\Windows\System\dvhzVjK.exe
  2⤵
  PID:6656
- C:\Windows\System\kSXYhhL.exe
  C:\Windows\System\kSXYhhL.exe
  2⤵
  PID:6696
- C:\Windows\System\lImvtDp.exe
  C:\Windows\System\lImvtDp.exe
  2⤵
  PID:6736
- C:\Windows\System\zBBkJgu.exe
  C:\Windows\System\zBBkJgu.exe
  2⤵
  PID:6544
- C:\Windows\System\jtUiiKV.exe
  C:\Windows\System\jtUiiKV.exe
  2⤵
  PID:7080
- C:\Windows\System\IYbvdIQ.exe
  C:\Windows\System\IYbvdIQ.exe
  2⤵
  PID:6604
- C:\Windows\System\pTFCivb.exe
  C:\Windows\System\pTFCivb.exe
  2⤵
  PID:6800
- C:\Windows\System\tKGXhsV.exe
  C:\Windows\System\tKGXhsV.exe
  2⤵
  PID:4436
- C:\Windows\System\cCSvyZP.exe
  C:\Windows\System\cCSvyZP.exe
  2⤵
  PID:6776
- C:\Windows\System\jXFWETy.exe
  C:\Windows\System\jXFWETy.exe
  2⤵
  PID:7184
- C:\Windows\System\GzaybCS.exe
  C:\Windows\System\GzaybCS.exe
  2⤵
  PID:7208
- C:\Windows\System\OcmzTIg.exe
  C:\Windows\System\OcmzTIg.exe
  2⤵
  PID:7228
- C:\Windows\System\CPPdtDX.exe
  C:\Windows\System\CPPdtDX.exe
  2⤵
  PID:7256
- C:\Windows\System\XNiyYfS.exe
  C:\Windows\System\XNiyYfS.exe
  2⤵
  PID:7272
- C:\Windows\System\CGYhGlX.exe
  C:\Windows\System\CGYhGlX.exe
  2⤵
  PID:7300
- C:\Windows\System\vGcgQzv.exe
  C:\Windows\System\vGcgQzv.exe
  2⤵
  PID:7316
- C:\Windows\System\vGfhVhJ.exe
  C:\Windows\System\vGfhVhJ.exe
  2⤵
  PID:7340
- C:\Windows\System\glmiiMW.exe
  C:\Windows\System\glmiiMW.exe
  2⤵
  PID:7360
- C:\Windows\System\YMMccOI.exe
  C:\Windows\System\YMMccOI.exe
  2⤵
  PID:7380
- C:\Windows\System\RmgnXDS.exe
  C:\Windows\System\RmgnXDS.exe
  2⤵
  PID:7396
- C:\Windows\System\XMsiIvC.exe
  C:\Windows\System\XMsiIvC.exe
  2⤵
  PID:7420
- C:\Windows\System\UgzqQUY.exe
  C:\Windows\System\UgzqQUY.exe
  2⤵
  PID:7440
- C:\Windows\System\mzfuoEr.exe
  C:\Windows\System\mzfuoEr.exe
  2⤵
  PID:7464
- C:\Windows\System\CFXVEKq.exe
  C:\Windows\System\CFXVEKq.exe
  2⤵
  PID:7480
- C:\Windows\System\RKdcxRN.exe
  C:\Windows\System\RKdcxRN.exe
  2⤵
  PID:7504
- C:\Windows\System\xvoxFSK.exe
  C:\Windows\System\xvoxFSK.exe
  2⤵
  PID:7524
- C:\Windows\System\vdwmedB.exe
  C:\Windows\System\vdwmedB.exe
  2⤵
  PID:7552
- C:\Windows\System\rtNtLKm.exe
  C:\Windows\System\rtNtLKm.exe
  2⤵
  PID:7572
- C:\Windows\System\kQWslUW.exe
  C:\Windows\System\kQWslUW.exe
  2⤵
  PID:7592
- C:\Windows\System\sDovwOd.exe
  C:\Windows\System\sDovwOd.exe
  2⤵
  PID:7616
- C:\Windows\System\jJhcTer.exe
  C:\Windows\System\jJhcTer.exe
  2⤵
  PID:7636
- C:\Windows\System\WBCTBjO.exe
  C:\Windows\System\WBCTBjO.exe
  2⤵
  PID:7664
- C:\Windows\System\WgMtZph.exe
  C:\Windows\System\WgMtZph.exe
  2⤵
  PID:7684
- C:\Windows\System\FKyqkWt.exe
  C:\Windows\System\FKyqkWt.exe
  2⤵
  PID:7708
- C:\Windows\System\tIoONwU.exe
  C:\Windows\System\tIoONwU.exe
  2⤵
  PID:7724
- C:\Windows\System\CkwMXNY.exe
  C:\Windows\System\CkwMXNY.exe
  2⤵
  PID:7748
- C:\Windows\System\fKKpVEt.exe
  C:\Windows\System\fKKpVEt.exe
  2⤵
  PID:7772
- C:\Windows\System\KonIbnG.exe
  C:\Windows\System\KonIbnG.exe
  2⤵
  PID:7788
- C:\Windows\System\UzsUNvr.exe
  C:\Windows\System\UzsUNvr.exe
  2⤵
  PID:7812
- C:\Windows\System\suKkcGz.exe
  C:\Windows\System\suKkcGz.exe
  2⤵
  PID:7832
- C:\Windows\System\enWwaRf.exe
  C:\Windows\System\enWwaRf.exe
  2⤵
  PID:7852
- C:\Windows\System\NXXjIeG.exe
  C:\Windows\System\NXXjIeG.exe
  2⤵
  PID:7872
- C:\Windows\System\NEetPZb.exe
  C:\Windows\System\NEetPZb.exe
  2⤵
  PID:7896
- C:\Windows\System\ABTlmnK.exe
  C:\Windows\System\ABTlmnK.exe
  2⤵
  PID:7924
- C:\Windows\System\oRLkbtA.exe
  C:\Windows\System\oRLkbtA.exe
  2⤵
  PID:7956
- C:\Windows\System\PChUgTP.exe
  C:\Windows\System\PChUgTP.exe
  2⤵
  PID:7972
- C:\Windows\System\nvdhBkt.exe
  C:\Windows\System\nvdhBkt.exe
  2⤵
  PID:7996
- C:\Windows\System\WBEHdIG.exe
  C:\Windows\System\WBEHdIG.exe
  2⤵
  PID:8016
- C:\Windows\System\BIIOZbD.exe
  C:\Windows\System\BIIOZbD.exe
  2⤵
  PID:8036
- C:\Windows\System\tQwIPug.exe
  C:\Windows\System\tQwIPug.exe
  2⤵
  PID:8064
- C:\Windows\System\ntrEnGF.exe
  C:\Windows\System\ntrEnGF.exe
  2⤵
  PID:8084
- C:\Windows\System\TYBpXWj.exe
  C:\Windows\System\TYBpXWj.exe
  2⤵
  PID:8108
- C:\Windows\System\LtRotfe.exe
  C:\Windows\System\LtRotfe.exe
  2⤵
  PID:8136
- C:\Windows\System\uWKJebZ.exe
  C:\Windows\System\uWKJebZ.exe
  2⤵
  PID:7048
- C:\Windows\System\zgzwsXa.exe
  C:\Windows\System\zgzwsXa.exe
  2⤵
  PID:7680
- C:\Windows\System\qeQrKbm.exe
  C:\Windows\System\qeQrKbm.exe
  2⤵
  PID:7760
- C:\Windows\System\gHuplnX.exe
  C:\Windows\System\gHuplnX.exe
  2⤵
  PID:7352
- C:\Windows\System\RqoUAbl.exe
  C:\Windows\System\RqoUAbl.exe
  2⤵
  PID:7404
- C:\Windows\System\JbHHnQS.exe
  C:\Windows\System\JbHHnQS.exe
  2⤵
  PID:7432
- C:\Windows\System\DRPmKXq.exe
  C:\Windows\System\DRPmKXq.exe
  2⤵
  PID:7456
- C:\Windows\System\HrLBUUt.exe
  C:\Windows\System\HrLBUUt.exe
  2⤵
  PID:7500
- C:\Windows\System\yeygaSK.exe
  C:\Windows\System\yeygaSK.exe
  2⤵
  PID:7600
- C:\Windows\System\fANuAGY.exe
  C:\Windows\System\fANuAGY.exe
  2⤵
  PID:8008
- C:\Windows\System\FbsGuSQ.exe
  C:\Windows\System\FbsGuSQ.exe
  2⤵
  PID:7012
- C:\Windows\System\ILNPvHk.exe
  C:\Windows\System\ILNPvHk.exe
  2⤵
  PID:7764
- C:\Windows\System\YOdXnaC.exe
  C:\Windows\System\YOdXnaC.exe
  2⤵
  PID:7692
- C:\Windows\System\VjtZJRn.exe
  C:\Windows\System\VjtZJRn.exe
  2⤵
  PID:4496
- C:\Windows\System\HnIJebR.exe
  C:\Windows\System\HnIJebR.exe
  2⤵
  PID:7492
- C:\Windows\System\CTdcVts.exe
  C:\Windows\System\CTdcVts.exe
  2⤵
  PID:7844
- C:\Windows\System\onvVcxg.exe
  C:\Windows\System\onvVcxg.exe
  2⤵
  PID:7024
- C:\Windows\System\sKiuQxr.exe
  C:\Windows\System\sKiuQxr.exe
  2⤵
  PID:8124
- C:\Windows\System\EtcVuTu.exe
  C:\Windows\System\EtcVuTu.exe
  2⤵
  PID:7108
- C:\Windows\System\MXTAoMn.exe
  C:\Windows\System\MXTAoMn.exe
  2⤵
  PID:708
- C:\Windows\System\LJEbwAP.exe
  C:\Windows\System\LJEbwAP.exe
  2⤵
  PID:7324
- C:\Windows\System\GNVxTZZ.exe
  C:\Windows\System\GNVxTZZ.exe
  2⤵
  PID:6064
- C:\Windows\System\RXmiqHF.exe
  C:\Windows\System\RXmiqHF.exe
  2⤵
  PID:7964
- C:\Windows\System\kXweSPY.exe
  C:\Windows\System\kXweSPY.exe
  2⤵
  PID:8220
- C:\Windows\System\mxxumnL.exe
  C:\Windows\System\mxxumnL.exe
  2⤵
  PID:8236
- C:\Windows\System\fiETRez.exe
  C:\Windows\System\fiETRez.exe
  2⤵
  PID:8260
- C:\Windows\System\aPtXzCE.exe
  C:\Windows\System\aPtXzCE.exe
  2⤵
  PID:8304
- C:\Windows\System\iwtdRPj.exe
  C:\Windows\System\iwtdRPj.exe
  2⤵
  PID:8320
- C:\Windows\System\pQTsngS.exe
  C:\Windows\System\pQTsngS.exe
  2⤵
  PID:8344
- C:\Windows\System\hnWKLVI.exe
  C:\Windows\System\hnWKLVI.exe
  2⤵
  PID:8364
- C:\Windows\System\pgZausa.exe
  C:\Windows\System\pgZausa.exe
  2⤵
  PID:8380
- C:\Windows\System\TwNMixM.exe
  C:\Windows\System\TwNMixM.exe
  2⤵
  PID:8408
- C:\Windows\System\midLtQM.exe
  C:\Windows\System\midLtQM.exe
  2⤵
  PID:8432
- C:\Windows\System\ARhHviS.exe
  C:\Windows\System\ARhHviS.exe
  2⤵
  PID:8448
- C:\Windows\System\zkhkgOF.exe
  C:\Windows\System\zkhkgOF.exe
  2⤵
  PID:8472
- C:\Windows\System\YASnQNX.exe
  C:\Windows\System\YASnQNX.exe
  2⤵
  PID:8492
- C:\Windows\System\INhQEMv.exe
  C:\Windows\System\INhQEMv.exe
  2⤵
  PID:8512
- C:\Windows\System\FsHQbWM.exe
  C:\Windows\System\FsHQbWM.exe
  2⤵
  PID:8536
- C:\Windows\System\glkTecB.exe
  C:\Windows\System\glkTecB.exe
  2⤵
  PID:8556
- C:\Windows\System\bWJctSk.exe
  C:\Windows\System\bWJctSk.exe
  2⤵
  PID:8576
- C:\Windows\System\ppjCDfB.exe
  C:\Windows\System\ppjCDfB.exe
  2⤵
  PID:8612
- C:\Windows\System\jlgAhYM.exe
  C:\Windows\System\jlgAhYM.exe
  2⤵
  PID:8636
- C:\Windows\System\bnggVcZ.exe
  C:\Windows\System\bnggVcZ.exe
  2⤵
  PID:8688
- C:\Windows\System\XCdKsAh.exe
  C:\Windows\System\XCdKsAh.exe
  2⤵
  PID:8736
- C:\Windows\System\pkgViKV.exe
  C:\Windows\System\pkgViKV.exe
  2⤵
  PID:8800
- C:\Windows\System\JBkkbZA.exe
  C:\Windows\System\JBkkbZA.exe
  2⤵
  PID:8828
- C:\Windows\System\IlkDeyz.exe
  C:\Windows\System\IlkDeyz.exe
  2⤵
  PID:8848
- C:\Windows\System\zDgZOXT.exe
  C:\Windows\System\zDgZOXT.exe
  2⤵
  PID:8900
- C:\Windows\System\OiUGbTw.exe
  C:\Windows\System\OiUGbTw.exe
  2⤵
  PID:8916
- C:\Windows\System\ebBrrOg.exe
  C:\Windows\System\ebBrrOg.exe
  2⤵
  PID:8944
- C:\Windows\System\FTxjvgu.exe
  C:\Windows\System\FTxjvgu.exe
  2⤵
  PID:8960
- C:\Windows\System\xBuXUGi.exe
  C:\Windows\System\xBuXUGi.exe
  2⤵
  PID:8984
- C:\Windows\System\WcwWffS.exe
  C:\Windows\System\WcwWffS.exe
  2⤵
  PID:9004
- C:\Windows\System\gCjSTOi.exe
  C:\Windows\System\gCjSTOi.exe
  2⤵
  PID:9028
- C:\Windows\System\blbUSMR.exe
  C:\Windows\System\blbUSMR.exe
  2⤵
  PID:9072
- C:\Windows\System\GfAVlAq.exe
  C:\Windows\System\GfAVlAq.exe
  2⤵
  PID:9096
- C:\Windows\System\gaHMRIU.exe
  C:\Windows\System\gaHMRIU.exe
  2⤵
  PID:9156
- C:\Windows\System\CGTBydJ.exe
  C:\Windows\System\CGTBydJ.exe
  2⤵
  PID:9172
- C:\Windows\System\LiQtUZv.exe
  C:\Windows\System\LiQtUZv.exe
  2⤵
  PID:9192
- C:\Windows\System\QFrvyBv.exe
  C:\Windows\System\QFrvyBv.exe
  2⤵
  PID:9212
- C:\Windows\System\xkNeNQZ.exe
  C:\Windows\System\xkNeNQZ.exe
  2⤵
  PID:8232
- C:\Windows\System\NDmfdsv.exe
  C:\Windows\System\NDmfdsv.exe
  2⤵
  PID:8312
- C:\Windows\System\oNUaAnf.exe
  C:\Windows\System\oNUaAnf.exe
  2⤵
  PID:8372
- C:\Windows\System\pRLDHFb.exe
  C:\Windows\System\pRLDHFb.exe
  2⤵
  PID:8484
- C:\Windows\System\BCMbEWz.exe
  C:\Windows\System\BCMbEWz.exe
  2⤵
  PID:8520
- C:\Windows\System\MHZUAzz.exe
  C:\Windows\System\MHZUAzz.exe
  2⤵
  PID:8528
- C:\Windows\System\bvbYAHv.exe
  C:\Windows\System\bvbYAHv.exe
  2⤵
  PID:8604
- C:\Windows\System\tOOzAJN.exe
  C:\Windows\System\tOOzAJN.exe
  2⤵
  PID:8752
- C:\Windows\System\GMXhNJF.exe
  C:\Windows\System\GMXhNJF.exe
  2⤵
  PID:8776
- C:\Windows\System\uzRzoeV.exe
  C:\Windows\System\uzRzoeV.exe
  2⤵
  PID:8768
- C:\Windows\System\XHVjKjX.exe
  C:\Windows\System\XHVjKjX.exe
  2⤵
  PID:8924
- C:\Windows\System\SuKlZRk.exe
  C:\Windows\System\SuKlZRk.exe
  2⤵
  PID:8952
- C:\Windows\System\uUYJwcq.exe
  C:\Windows\System\uUYJwcq.exe
  2⤵
  PID:8980
- C:\Windows\System\xERwotJ.exe
  C:\Windows\System\xERwotJ.exe
  2⤵
  PID:9064
- C:\Windows\System\VVJyCFr.exe
  C:\Windows\System\VVJyCFr.exe
  2⤵
  PID:9108
- C:\Windows\System\BUwuxFK.exe
  C:\Windows\System\BUwuxFK.exe
  2⤵
  PID:9168
- C:\Windows\System\sFjqREX.exe
  C:\Windows\System\sFjqREX.exe
  2⤵
  PID:1940
- C:\Windows\System\NHSIEZa.exe
  C:\Windows\System\NHSIEZa.exe
  2⤵
  PID:8404
- C:\Windows\System\rvmyIwP.exe
  C:\Windows\System\rvmyIwP.exe
  2⤵
  PID:8508
- C:\Windows\System\InliMVa.exe
  C:\Windows\System\InliMVa.exe
  2⤵
  PID:8672
- C:\Windows\System\csRoeBt.exe
  C:\Windows\System\csRoeBt.exe
  2⤵
  PID:8896
- C:\Windows\System\iDXxrLV.exe
  C:\Windows\System\iDXxrLV.exe
  2⤵
  PID:9000
- C:\Windows\System\xcJtaVv.exe
  C:\Windows\System\xcJtaVv.exe
  2⤵
  PID:9088
- C:\Windows\System\aRSSWau.exe
  C:\Windows\System\aRSSWau.exe
  2⤵
  PID:8212
- C:\Windows\System\utrgaly.exe
  C:\Windows\System\utrgaly.exe
  2⤵
  PID:7476
- C:\Windows\System\HclpGvN.exe
  C:\Windows\System\HclpGvN.exe
  2⤵
  PID:8772
- C:\Windows\System\QANonDJ.exe
  C:\Windows\System\QANonDJ.exe
  2⤵
  PID:9184
- C:\Windows\System\uRsfsfD.exe
  C:\Windows\System\uRsfsfD.exe
  2⤵
  PID:8532
- C:\Windows\System\OKyZjBM.exe
  C:\Windows\System\OKyZjBM.exe
  2⤵
  PID:9264
- C:\Windows\System\jVIclsu.exe
  C:\Windows\System\jVIclsu.exe
  2⤵
  PID:9280
- C:\Windows\System\eNYfxAB.exe
  C:\Windows\System\eNYfxAB.exe
  2⤵
  PID:9328
- C:\Windows\System\GPaXQYJ.exe
  C:\Windows\System\GPaXQYJ.exe
  2⤵
  PID:9364
- C:\Windows\System\NwYihgJ.exe
  C:\Windows\System\NwYihgJ.exe
  2⤵
  PID:9396
- C:\Windows\System\DLvnLmp.exe
  C:\Windows\System\DLvnLmp.exe
  2⤵
  PID:9424
- C:\Windows\System\YVqJWFV.exe
  C:\Windows\System\YVqJWFV.exe
  2⤵
  PID:9448
- C:\Windows\System\brNBGoz.exe
  C:\Windows\System\brNBGoz.exe
  2⤵
  PID:9468
- C:\Windows\System\aEVWAmF.exe
  C:\Windows\System\aEVWAmF.exe
  2⤵
  PID:9484
- C:\Windows\System\UGfDLMo.exe
  C:\Windows\System\UGfDLMo.exe
  2⤵
  PID:9504
- C:\Windows\System\lwNSAtY.exe
  C:\Windows\System\lwNSAtY.exe
  2⤵
  PID:9540
- C:\Windows\System\wPOcnZy.exe
  C:\Windows\System\wPOcnZy.exe
  2⤵
  PID:9560
- C:\Windows\System\vuGnHzj.exe
  C:\Windows\System\vuGnHzj.exe
  2⤵
  PID:9584
- C:\Windows\System\NUhvmBa.exe
  C:\Windows\System\NUhvmBa.exe
  2⤵
  PID:9616
- C:\Windows\System\DYXUeSr.exe
  C:\Windows\System\DYXUeSr.exe
  2⤵
  PID:9656
- C:\Windows\System\RiloKxF.exe
  C:\Windows\System\RiloKxF.exe
  2⤵
  PID:9688
- C:\Windows\System\AjxuNLh.exe
  C:\Windows\System\AjxuNLh.exe
  2⤵
  PID:9716
- C:\Windows\System\fBejvgr.exe
  C:\Windows\System\fBejvgr.exe
  2⤵
  PID:9760
- C:\Windows\System\ZNbTFgB.exe
  C:\Windows\System\ZNbTFgB.exe
  2⤵
  PID:9788
- C:\Windows\System\AZNFDdl.exe
  C:\Windows\System\AZNFDdl.exe
  2⤵
  PID:9808
- C:\Windows\System\AJOgRKf.exe
  C:\Windows\System\AJOgRKf.exe
  2⤵
  PID:9824
- C:\Windows\System\OvWUgRB.exe
  C:\Windows\System\OvWUgRB.exe
  2⤵
  PID:9844
- C:\Windows\System\YZyBOCI.exe
  C:\Windows\System\YZyBOCI.exe
  2⤵
  PID:9896
- C:\Windows\System\fqvYIDs.exe
  C:\Windows\System\fqvYIDs.exe
  2⤵
  PID:9920
- C:\Windows\System\ydkGLCH.exe
  C:\Windows\System\ydkGLCH.exe
  2⤵
  PID:9936
- C:\Windows\System\fFiiSDA.exe
  C:\Windows\System\fFiiSDA.exe
  2⤵
  PID:9980
- C:\Windows\System\SRfzgCt.exe
  C:\Windows\System\SRfzgCt.exe
  2⤵
  PID:10004
- C:\Windows\System\RXnkRJK.exe
  C:\Windows\System\RXnkRJK.exe
  2⤵
  PID:10024
- C:\Windows\System\vDdFDJs.exe
  C:\Windows\System\vDdFDJs.exe
  2⤵
  PID:10040
- C:\Windows\System\gBfilFp.exe
  C:\Windows\System\gBfilFp.exe
  2⤵
  PID:10064
- C:\Windows\System\xkWKPaW.exe
  C:\Windows\System\xkWKPaW.exe
  2⤵
  PID:10080
- C:\Windows\System\fvodPqe.exe
  C:\Windows\System\fvodPqe.exe
  2⤵
  PID:10132
- C:\Windows\System\nzLJeYl.exe
  C:\Windows\System\nzLJeYl.exe
  2⤵
  PID:10164
- C:\Windows\System\LQyItvy.exe
  C:\Windows\System\LQyItvy.exe
  2⤵
  PID:10204
- C:\Windows\System\agXMuUM.exe
  C:\Windows\System\agXMuUM.exe
  2⤵
  PID:8568
- C:\Windows\System\JSARTNr.exe
  C:\Windows\System\JSARTNr.exe
  2⤵
  PID:9080
- C:\Windows\System\VKOEveZ.exe
  C:\Windows\System\VKOEveZ.exe
  2⤵
  PID:9252
- C:\Windows\System\ItwFJFW.exe
  C:\Windows\System\ItwFJFW.exe
  2⤵
  PID:9340
- C:\Windows\System\oBfCWRs.exe
  C:\Windows\System\oBfCWRs.exe
  2⤵
  PID:9392
- C:\Windows\System\anObVFK.exe
  C:\Windows\System\anObVFK.exe
  2⤵
  PID:9512
- C:\Windows\System\dHpPxwu.exe
  C:\Windows\System\dHpPxwu.exe
  2⤵
  PID:9532
- C:\Windows\System\glzsEPW.exe
  C:\Windows\System\glzsEPW.exe
  2⤵
  PID:9524
- C:\Windows\System\FZkClNc.exe
  C:\Windows\System\FZkClNc.exe
  2⤵
  PID:9628
- C:\Windows\System\klBnCdE.exe
  C:\Windows\System\klBnCdE.exe
  2⤵
  PID:9736
- C:\Windows\System\XsmuLYA.exe
  C:\Windows\System\XsmuLYA.exe
  2⤵
  PID:9776
- C:\Windows\System\YHZdbXr.exe
  C:\Windows\System\YHZdbXr.exe
  2⤵
  PID:9840
- C:\Windows\System\erMwGLx.exe
  C:\Windows\System\erMwGLx.exe
  2⤵
  PID:9872
- C:\Windows\System\MgiZDqm.exe
  C:\Windows\System\MgiZDqm.exe
  2⤵
  PID:9892
- C:\Windows\System\LORdqem.exe
  C:\Windows\System\LORdqem.exe
  2⤵
  PID:9956
- C:\Windows\System\WHitxEX.exe
  C:\Windows\System\WHitxEX.exe
  2⤵
  PID:9968
- C:\Windows\System\twUXBav.exe
  C:\Windows\System\twUXBav.exe
  2⤵
  PID:10056
- C:\Windows\System\rhxqltx.exe
  C:\Windows\System\rhxqltx.exe
  2⤵
  PID:10156
- C:\Windows\System\KfJVpXa.exe
  C:\Windows\System\KfJVpXa.exe
  2⤵
  PID:10192
- C:\Windows\System\gPlobEV.exe
  C:\Windows\System\gPlobEV.exe
  2⤵
  PID:8816
- C:\Windows\System\NOmumZw.exe
  C:\Windows\System\NOmumZw.exe
  2⤵
  PID:9320
- C:\Windows\System\ZJJnldJ.exe
  C:\Windows\System\ZJJnldJ.exe
  2⤵
  PID:9496
- C:\Windows\System\hpJtTTO.exe
  C:\Windows\System\hpJtTTO.exe
  2⤵
  PID:9612
- C:\Windows\System\nvBEPih.exe
  C:\Windows\System\nvBEPih.exe
  2⤵
  PID:9768
- C:\Windows\System\fhTqFWw.exe
  C:\Windows\System\fhTqFWw.exe
  2⤵
  PID:10076
- C:\Windows\System\AwHCqqt.exe
  C:\Windows\System\AwHCqqt.exe
  2⤵
  PID:10220
- C:\Windows\System\IAGsoTE.exe
  C:\Windows\System\IAGsoTE.exe
  2⤵
  PID:9796
- C:\Windows\System\lXUQUfg.exe
  C:\Windows\System\lXUQUfg.exe
  2⤵
  PID:9976
- C:\Windows\System\yMdSdDU.exe
  C:\Windows\System\yMdSdDU.exe
  2⤵
  PID:9568
- C:\Windows\System\anRMLhj.exe
  C:\Windows\System\anRMLhj.exe
  2⤵
  PID:10276
- C:\Windows\System\jXSwDGR.exe
  C:\Windows\System\jXSwDGR.exe
  2⤵
  PID:10296
- C:\Windows\System\OiVdGbf.exe
  C:\Windows\System\OiVdGbf.exe
  2⤵
  PID:10328
- C:\Windows\System\rHJFDlq.exe
  C:\Windows\System\rHJFDlq.exe
  2⤵
  PID:10356
- C:\Windows\System\POAKXPA.exe
  C:\Windows\System\POAKXPA.exe
  2⤵
  PID:10380
- C:\Windows\System\NgWLHxR.exe
  C:\Windows\System\NgWLHxR.exe
  2⤵
  PID:10412
- C:\Windows\System\iIKNNGW.exe
  C:\Windows\System\iIKNNGW.exe
  2⤵
  PID:10436
- C:\Windows\System\moLbLQh.exe
  C:\Windows\System\moLbLQh.exe
  2⤵
  PID:10460
- C:\Windows\System\SYRzrjd.exe
  C:\Windows\System\SYRzrjd.exe
  2⤵
  PID:10488
- C:\Windows\System\bUGejDu.exe
  C:\Windows\System\bUGejDu.exe
  2⤵
  PID:10512
- C:\Windows\System\sVFfcvo.exe
  C:\Windows\System\sVFfcvo.exe
  2⤵
  PID:10548
- C:\Windows\System\McHxuKb.exe
  C:\Windows\System\McHxuKb.exe
  2⤵
  PID:10572
- C:\Windows\System\VPnbAPs.exe
  C:\Windows\System\VPnbAPs.exe
  2⤵
  PID:10596
- C:\Windows\System\VyPJIyB.exe
  C:\Windows\System\VyPJIyB.exe
  2⤵
  PID:10616
- C:\Windows\System\egIDVrE.exe
  C:\Windows\System\egIDVrE.exe
  2⤵
  PID:10640
- C:\Windows\System\mNWZfkC.exe
  C:\Windows\System\mNWZfkC.exe
  2⤵
  PID:10692
- C:\Windows\System\iRpLBAr.exe
  C:\Windows\System\iRpLBAr.exe
  2⤵
  PID:10724
- C:\Windows\System\vRdZqRl.exe
  C:\Windows\System\vRdZqRl.exe
  2⤵
  PID:10768
- C:\Windows\System\KntObTo.exe
  C:\Windows\System\KntObTo.exe
  2⤵
  PID:10796
- C:\Windows\System\ddVnPry.exe
  C:\Windows\System\ddVnPry.exe
  2⤵
  PID:10820
- C:\Windows\System\qAPWWNd.exe
  C:\Windows\System\qAPWWNd.exe
  2⤵
  PID:10844
- C:\Windows\System\KEFatrc.exe
  C:\Windows\System\KEFatrc.exe
  2⤵
  PID:10928
- C:\Windows\System\ZWfdUEW.exe
  C:\Windows\System\ZWfdUEW.exe
  2⤵
  PID:10944
- C:\Windows\System\gTXXAUH.exe
  C:\Windows\System\gTXXAUH.exe
  2⤵
  PID:10960
- C:\Windows\System\WMlPjcW.exe
  C:\Windows\System\WMlPjcW.exe
  2⤵
  PID:10976
- C:\Windows\System\hMFcSIW.exe
  C:\Windows\System\hMFcSIW.exe
  2⤵
  PID:10992
- C:\Windows\System\UanpDwJ.exe
  C:\Windows\System\UanpDwJ.exe
  2⤵
  PID:11008
- C:\Windows\System\UUSOcGA.exe
  C:\Windows\System\UUSOcGA.exe
  2⤵
  PID:11024
- C:\Windows\System\jeDnlWB.exe
  C:\Windows\System\jeDnlWB.exe
  2⤵
  PID:11040
- C:\Windows\System\nVqPoQo.exe
  C:\Windows\System\nVqPoQo.exe
  2⤵
  PID:11056
- C:\Windows\System\NdljbuJ.exe
  C:\Windows\System\NdljbuJ.exe
  2⤵
  PID:11072
- C:\Windows\System\yFSkRZV.exe
  C:\Windows\System\yFSkRZV.exe
  2⤵
  PID:11092
- C:\Windows\System\LZhajms.exe
  C:\Windows\System\LZhajms.exe
  2⤵
  PID:11108
- C:\Windows\System\LBSvyGe.exe
  C:\Windows\System\LBSvyGe.exe
  2⤵
  PID:11132
- C:\Windows\System\odAPxWS.exe
  C:\Windows\System\odAPxWS.exe
  2⤵
  PID:11240
- C:\Windows\System\lSTcfzN.exe
  C:\Windows\System\lSTcfzN.exe
  2⤵
  PID:10292
- C:\Windows\System\LbUVHzf.exe
  C:\Windows\System\LbUVHzf.exe
  2⤵
  PID:10528
- C:\Windows\System\IiYZyBT.exe
  C:\Windows\System\IiYZyBT.exe
  2⤵
  PID:10668
- C:\Windows\System\cIQYhQZ.exe
  C:\Windows\System\cIQYhQZ.exe
  2⤵
  PID:10688
- C:\Windows\System\IkaSagU.exe
  C:\Windows\System\IkaSagU.exe
  2⤵
  PID:10712
- C:\Windows\System\vTIupsr.exe
  C:\Windows\System\vTIupsr.exe
  2⤵
  PID:10812
- C:\Windows\System\KhQguYZ.exe
  C:\Windows\System\KhQguYZ.exe
  2⤵
  PID:10876
- C:\Windows\System\oGlzOwb.exe
  C:\Windows\System\oGlzOwb.exe
  2⤵
  PID:10952
- C:\Windows\System\VQLOFdO.exe
  C:\Windows\System\VQLOFdO.exe
  2⤵
  PID:11016
- C:\Windows\System\bZBUnxK.exe
  C:\Windows\System\bZBUnxK.exe
  2⤵
  PID:11048
- C:\Windows\System\yntuWwl.exe
  C:\Windows\System\yntuWwl.exe
  2⤵
  PID:11184
- C:\Windows\System\DcAdJCe.exe
  C:\Windows\System\DcAdJCe.exe
  2⤵
  PID:11052
- C:\Windows\System\gGjVUwq.exe
  C:\Windows\System\gGjVUwq.exe
  2⤵
  PID:9700
- C:\Windows\System\MgqkhAd.exe
  C:\Windows\System\MgqkhAd.exe
  2⤵
  PID:11208
- C:\Windows\System\BFsiyxq.exe
  C:\Windows\System\BFsiyxq.exe
  2⤵
  PID:11228
- C:\Windows\System\PoCCvkb.exe
  C:\Windows\System\PoCCvkb.exe
  2⤵
  PID:11232
- C:\Windows\System\HTIOvuI.exe
  C:\Windows\System\HTIOvuI.exe
  2⤵
  PID:10388
- C:\Windows\System\ePAjpNb.exe
  C:\Windows\System\ePAjpNb.exe
  2⤵
  PID:10604
- C:\Windows\System\MDIjJvQ.exe
  C:\Windows\System\MDIjJvQ.exe
  2⤵
  PID:10748
- C:\Windows\System\fMHfMiL.exe
  C:\Windows\System\fMHfMiL.exe
  2⤵
  PID:10936
- C:\Windows\System\WfNuuTi.exe
  C:\Windows\System\WfNuuTi.exe
  2⤵
  PID:10868
- C:\Windows\System\JTuUDyn.exe
  C:\Windows\System\JTuUDyn.exe
  2⤵
  PID:10892
- C:\Windows\System\MznTnwr.exe
  C:\Windows\System\MznTnwr.exe
  2⤵
  PID:11100
- C:\Windows\System\vtmOsVo.exe
  C:\Windows\System\vtmOsVo.exe
  2⤵
  PID:11212
- C:\Windows\System\qewxXFi.exe
  C:\Windows\System\qewxXFi.exe
  2⤵
  PID:10260
- C:\Windows\System\YjqsKBd.exe
  C:\Windows\System\YjqsKBd.exe
  2⤵
  PID:10636
- C:\Windows\System\eVVkcyz.exe
  C:\Windows\System\eVVkcyz.exe
  2⤵
  PID:10940
- C:\Windows\System\xPdPRqs.exe
  C:\Windows\System\xPdPRqs.exe
  2⤵
  PID:11196
- C:\Windows\System\PPRfrIs.exe
  C:\Windows\System\PPRfrIs.exe
  2⤵
  PID:11268
- C:\Windows\System\uumQTib.exe
  C:\Windows\System\uumQTib.exe
  2⤵
  PID:11288
- C:\Windows\System\GhHWbBC.exe
  C:\Windows\System\GhHWbBC.exe
  2⤵
  PID:11312
- C:\Windows\System\QqJOhiO.exe
  C:\Windows\System\QqJOhiO.exe
  2⤵
  PID:11340
- C:\Windows\System\hlUxsxX.exe
  C:\Windows\System\hlUxsxX.exe
  2⤵
  PID:11368
- C:\Windows\System\FagXkVa.exe
  C:\Windows\System\FagXkVa.exe
  2⤵
  PID:11400
- C:\Windows\System\vCHAHrg.exe
  C:\Windows\System\vCHAHrg.exe
  2⤵
  PID:11428
- C:\Windows\System\ndDBOUT.exe
  C:\Windows\System\ndDBOUT.exe
  2⤵
  PID:11444
- C:\Windows\System\TWQEJvA.exe
  C:\Windows\System\TWQEJvA.exe
  2⤵
  PID:11472
- C:\Windows\System\FkmHprZ.exe
  C:\Windows\System\FkmHprZ.exe
  2⤵
  PID:11500
- C:\Windows\System\ZXGsZOL.exe
  C:\Windows\System\ZXGsZOL.exe
  2⤵
  PID:11520
- C:\Windows\System\DsQqKTi.exe
  C:\Windows\System\DsQqKTi.exe
  2⤵
  PID:11568
- C:\Windows\System\kFLVYWz.exe
  C:\Windows\System\kFLVYWz.exe
  2⤵
  PID:11596
- C:\Windows\System\vzjGlDr.exe
  C:\Windows\System\vzjGlDr.exe
  2⤵
  PID:11628
- C:\Windows\System\qQMbSWA.exe
  C:\Windows\System\qQMbSWA.exe
  2⤵
  PID:11644
- C:\Windows\System\PZNNLIX.exe
  C:\Windows\System\PZNNLIX.exe
  2⤵
  PID:11668
- C:\Windows\System\URdhtbo.exe
  C:\Windows\System\URdhtbo.exe
  2⤵
  PID:11716
- C:\Windows\System\CDRycoQ.exe
  C:\Windows\System\CDRycoQ.exe
  2⤵
  PID:11744
- C:\Windows\System\sknkmiB.exe
  C:\Windows\System\sknkmiB.exe
  2⤵
  PID:11760
- C:\Windows\System\sXPMTMk.exe
  C:\Windows\System\sXPMTMk.exe
  2⤵
  PID:11788
- C:\Windows\System\dMVtMku.exe
  C:\Windows\System\dMVtMku.exe
  2⤵
  PID:11808
- C:\Windows\System\Ssvlzoe.exe
  C:\Windows\System\Ssvlzoe.exe
  2⤵
  PID:11828
- C:\Windows\System\YVToCJO.exe
  C:\Windows\System\YVToCJO.exe
  2⤵
  PID:11856
- C:\Windows\System\FFJITxO.exe
  C:\Windows\System\FFJITxO.exe
  2⤵
  PID:11880
- C:\Windows\System\nbEluyU.exe
  C:\Windows\System\nbEluyU.exe
  2⤵
  PID:11940
- C:\Windows\System\gpwqkhz.exe
  C:\Windows\System\gpwqkhz.exe
  2⤵
  PID:11968
- C:\Windows\System\kUQnjcF.exe
  C:\Windows\System\kUQnjcF.exe
  2⤵
  PID:12016
- C:\Windows\System\DOFXlid.exe
  C:\Windows\System\DOFXlid.exe
  2⤵
  PID:12044
- C:\Windows\System\brcWUdE.exe
  C:\Windows\System\brcWUdE.exe
  2⤵
  PID:12064
- C:\Windows\System\lahUxHd.exe
  C:\Windows\System\lahUxHd.exe
  2⤵
  PID:12112
- C:\Windows\System\auPRmTP.exe
  C:\Windows\System\auPRmTP.exe
  2⤵
  PID:12128
- C:\Windows\System\rRpBTnU.exe
  C:\Windows\System\rRpBTnU.exe
  2⤵
  PID:12152
- C:\Windows\System\DpGREUj.exe
  C:\Windows\System\DpGREUj.exe
  2⤵
  PID:12176
- C:\Windows\System\myWGEWA.exe
  C:\Windows\System\myWGEWA.exe
  2⤵
  PID:12208
- C:\Windows\System\woabVXL.exe
  C:\Windows\System\woabVXL.exe
  2⤵
  PID:12228
- C:\Windows\System\oAfeimc.exe
  C:\Windows\System\oAfeimc.exe
  2⤵
  PID:12248
- C:\Windows\System\yxprkTH.exe
  C:\Windows\System\yxprkTH.exe
  2⤵
  PID:12264
- C:\Windows\System\JqdbCJU.exe
  C:\Windows\System\JqdbCJU.exe
  2⤵
  PID:11128
- C:\Windows\System\mapKDZP.exe
  C:\Windows\System\mapKDZP.exe
  2⤵
  PID:11296
- C:\Windows\System\BvCcYuk.exe
  C:\Windows\System\BvCcYuk.exe
  2⤵
  PID:11356
- C:\Windows\System\jmpmvnW.exe
  C:\Windows\System\jmpmvnW.exe
  2⤵
  PID:11492
- C:\Windows\System\TTDIBNW.exe
  C:\Windows\System\TTDIBNW.exe
  2⤵
  PID:11516
- C:\Windows\System\hPNCdzk.exe
  C:\Windows\System\hPNCdzk.exe
  2⤵
  PID:11660
- C:\Windows\System\eqEXpaG.exe
  C:\Windows\System\eqEXpaG.exe
  2⤵
  PID:11692
- C:\Windows\System\mfsrUlj.exe
  C:\Windows\System\mfsrUlj.exe
  2⤵
  PID:4504
- C:\Windows\System\wmEDDvJ.exe
  C:\Windows\System\wmEDDvJ.exe
  2⤵
  PID:11752
- C:\Windows\System\REgBTsU.exe
  C:\Windows\System\REgBTsU.exe
  2⤵
  PID:11780
- C:\Windows\System\jJsqXIA.exe
  C:\Windows\System\jJsqXIA.exe
  2⤵
  PID:11800
- C:\Windows\System\xkOxeqJ.exe
  C:\Windows\System\xkOxeqJ.exe
  2⤵
  PID:11848
- C:\Windows\System\UDWbqiz.exe
  C:\Windows\System\UDWbqiz.exe
  2⤵
  PID:11892
- C:\Windows\System\tIdIecD.exe
  C:\Windows\System\tIdIecD.exe
  2⤵
  PID:12036
- C:\Windows\System\SAbmfBq.exe
  C:\Windows\System\SAbmfBq.exe
  2⤵
  PID:12108
- C:\Windows\System\OsHbcoA.exe
  C:\Windows\System\OsHbcoA.exe
  2⤵
  PID:12144
- C:\Windows\System\mNJHIbx.exe
  C:\Windows\System\mNJHIbx.exe
  2⤵
  PID:12256
- C:\Windows\System\lSilXzv.exe
  C:\Windows\System\lSilXzv.exe
  2⤵
  PID:11540
- C:\Windows\System\TyinljS.exe
  C:\Windows\System\TyinljS.exe
  2⤵
  PID:11592
- C:\Windows\System\bjApTNy.exe
  C:\Windows\System\bjApTNy.exe
  2⤵
  PID:11684
- C:\Windows\System\prvQmwq.exe
  C:\Windows\System\prvQmwq.exe
  2⤵
  PID:10456
- C:\Windows\System\opAnWYI.exe
  C:\Windows\System\opAnWYI.exe
  2⤵
  PID:11920
- C:\Windows\System\aajsytY.exe
  C:\Windows\System\aajsytY.exe
  2⤵
  PID:12008
- C:\Windows\System\KfzyoXf.exe
  C:\Windows\System\KfzyoXf.exe
  2⤵
  PID:12220
- C:\Windows\System\RjbjVLB.exe
  C:\Windows\System\RjbjVLB.exe
  2⤵
  PID:11460
- C:\Windows\System\OJAwYVo.exe
  C:\Windows\System\OJAwYVo.exe
  2⤵
  PID:3532
- C:\Windows\System\eHItFwf.exe
  C:\Windows\System\eHItFwf.exe
  2⤵
  PID:11868
- C:\Windows\System\bQVVfCC.exe
  C:\Windows\System\bQVVfCC.exe
  2⤵
  PID:12096
- C:\Windows\System\AFCPFZo.exe
  C:\Windows\System\AFCPFZo.exe
  2⤵
  PID:11612
- C:\Windows\System\tAaxhbI.exe
  C:\Windows\System\tAaxhbI.exe
  2⤵
  PID:12296
- C:\Windows\System\KpmaECD.exe
  C:\Windows\System\KpmaECD.exe
  2⤵
  PID:12324
- C:\Windows\System\RluWfvY.exe
  C:\Windows\System\RluWfvY.exe
  2⤵
  PID:12380
- C:\Windows\System\IDjGFag.exe
  C:\Windows\System\IDjGFag.exe
  2⤵
  PID:12400
- C:\Windows\System\JGlxBdJ.exe
  C:\Windows\System\JGlxBdJ.exe
  2⤵
  PID:12420
- C:\Windows\System\MPmCnmc.exe
  C:\Windows\System\MPmCnmc.exe
  2⤵
  PID:12452
- C:\Windows\System\TDRiMuR.exe
  C:\Windows\System\TDRiMuR.exe
  2⤵
  PID:12468
- C:\Windows\System\aDTsdUE.exe
  C:\Windows\System\aDTsdUE.exe
  2⤵
  PID:12496
- C:\Windows\System\wUkzKMo.exe
  C:\Windows\System\wUkzKMo.exe
  2⤵
  PID:12516
- C:\Windows\System\xUSNCPq.exe
  C:\Windows\System\xUSNCPq.exe
  2⤵
  PID:12536
- C:\Windows\System\NTGTlZe.exe
  C:\Windows\System\NTGTlZe.exe
  2⤵
  PID:12556
- C:\Windows\System\mYUUNze.exe
  C:\Windows\System\mYUUNze.exe
  2⤵
  PID:12580
- C:\Windows\System\LslAdie.exe
  C:\Windows\System\LslAdie.exe
  2⤵
  PID:12600
- C:\Windows\System\CnBhADa.exe
  C:\Windows\System\CnBhADa.exe
  2⤵
  PID:12620
- C:\Windows\System\BMsVkfk.exe
  C:\Windows\System\BMsVkfk.exe
  2⤵
  PID:12640
- C:\Windows\System\ybsdBxi.exe
  C:\Windows\System\ybsdBxi.exe
  2⤵
  PID:12716
- C:\Windows\System\yQviRaO.exe
  C:\Windows\System\yQviRaO.exe
  2⤵
  PID:12736
- C:\Windows\System\JnWLpRV.exe
  C:\Windows\System\JnWLpRV.exe
  2⤵
  PID:12764
- C:\Windows\System\rlDdhPi.exe
  C:\Windows\System\rlDdhPi.exe
  2⤵
  PID:12788
- C:\Windows\System\uZBpjNa.exe
  C:\Windows\System\uZBpjNa.exe
  2⤵
  PID:12808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ucjvxhcs.lp3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ARKekER.exe

Filesize
1.7MB

MD5
4918168dc7d40425ac8fd17df14ef27d

SHA1
4cce3d2fc4bdb25c073ca93152bbf6df25f513c5

SHA256
4b5caddb7caaf126983765f623a55518f02244534b44eea8b8c1b3139570e6dc

SHA512
5dd837d7c54cb800ac16596b84121e0246ac94d355234b3c59675e4e20e66d18496e4131113f7b63011bcec53c6b55c7299bf21a074d8131c2b1907ab490fbcb

Download Submit
C:\Windows\System\BNdSNOn.exe

Filesize
1.7MB

MD5
c153e2a0cd329920b25c1f9720127681

SHA1
aeb173fae61b90450c7ef9d684aa76cee6ab2d83

SHA256
add023b6c68439c70292a977e55dc05218682ecf9531e5d38b1c7573c51954e6

SHA512
5347b7cfb4967520861f54965ddcb820397e20d1b1e109617fa82bbfd0d6a7d94bb2d63e6ba0a358857c80074aaafd3a0d27605606618ddceeea0be85055ae5b

Download Submit
C:\Windows\System\CeUDtwB.exe

Filesize
1.7MB

MD5
aae0405505775bbd59ed18318a7c8626

SHA1
45befdc3b3167a0e8a62dd2f9e84ba69fae488cc

SHA256
cdd61e52cba1f5306198d42570a1eb0b1f7a243289d36761ba5b8b624c3723c0

SHA512
afed1372e20be93a9b8355d6f1b0feecef6709f858d9da4f9ef033dfad4f019a58b86658538573431efd14d333bb29078be7679b78df7381647a88dd843c349b

Download Submit
C:\Windows\System\DrhpmTd.exe

Filesize
1.7MB

MD5
559e559591f20e026b72097e0aea2a1c

SHA1
50819ed6ddf0b1420771bbfe36df975f6ac48c3b

SHA256
ecbd7f8ae68b642ddddc4095720d97e4bfe9468e5959a3d14e50ba369ac82929

SHA512
9ef810561892de69bcf14229c7e6162d84759614a77b2c98581c1c213e083ece797312c6caf6f88906721d61610fd33dc818d9b512f99e16b55b4b672312531f

Download Submit
C:\Windows\System\FMurwTv.exe

Filesize
1.7MB

MD5
b7ac130c5e2e5f13f5b303684d341fbe

SHA1
9c7eea490e2b7ca24454f39958473755ba15acda

SHA256
3d2a273883c6bee0c6e95378e66507cd96dab4293ae2d4bcf69fa6e33b454e04

SHA512
c4f3a8858eebab21f6a6069d56030e9ab6c03067cd31a0b7faec50d17fb8cd5b6b7a64c5bbc24b91f561d40c96d6fe1e14b47efcaa8e1c204cdf10cfd7bd9719

Download Submit
C:\Windows\System\GktxyFr.exe

Filesize
1.7MB

MD5
d327f98259e269b181b6dadd5f79544a

SHA1
34a699d04aea3cfb394a3e4c17f30298810e37e7

SHA256
a74f9c30439af23b4b8e4e47fd56fee4ce3adcfbac833331ccf706aeb655cd5f

SHA512
2692841a3b013c9b5678bf345a6098cb3da5fda33db58f5f22381f7f13771c5cca9a0a6d5ab94ea76c3bb214b1c4eaa77d7ab89d7825d28da65964754e1bf784

Download Submit
C:\Windows\System\IUQTWeG.exe

Filesize
1.7MB

MD5
ebdcae687d8961723cdf8db201426779

SHA1
a7dc67269769836f6b7a8a5b56f9c4d3d23a1ae1

SHA256
4dfd1d12fd94d713e863e8d1f3e3bfc2491470bb03a437a78dd71f43175c8a18

SHA512
750e52da23c966481c88a957f813a140087322ccda2088ea8c890b161f97a772676ba66031c11340137a1414eb0409960512f93b15fa35ae1540f4b392d56603

Download Submit
C:\Windows\System\IhqVgxM.exe

Filesize
1.7MB

MD5
6e58ab4d512da955ed951a38a6ddd954

SHA1
76c82e5f4fddccc1cdb357632487700598e2a950

SHA256
e2300208062538f54d5a0e19f06f168964eb53e6d655622117d7dac387cf731c

SHA512
7eb24023d79ab681b2ba535e6fb9837819e485d20093849ea0c0bee030ef10e981b3d38ee212202ca691ea4ebc06b2d25a4ec974f85db4f4e1d1d58d23045d53

Download Submit
C:\Windows\System\KHpOxqL.exe

Filesize
1.7MB

MD5
3af8927a13ad6663f945f07772d308d3

SHA1
de347332871be55b12972bad66ef2c1ea8caa9bc

SHA256
f9159ae904f43a9c818fa4f27325515ea206610edd7604e17b70a83003dc9938

SHA512
16a3e19c2cb74a8153bd7d414a756c6b81f0b1441cd2355ee52934175606d2aa2dafde4aa1fb358e232f4eb824ccf618018d800700b233f5c7239587fa1f347a

Download Submit
C:\Windows\System\KIguxlV.exe

Filesize
1.7MB

MD5
86881ef1fdcf9d203a13ae0e360797c7

SHA1
057322b27ed2281b94fe8a2a3767d3c155bfa480

SHA256
b07dad433d1d948535c969b855a3320d7af4b58f0c62ba59aa8ac8abf6e08683

SHA512
50e5edace31c22e08be5002354ee721ddd38298baff205fc93f7d2a8f8172ea26ff0cc567f9dc96d5f35837aba8d010e7b1cd6b48362e0ef6fdbe0650c7ebac5

Download Submit
C:\Windows\System\LKCrVKh.exe

Filesize
1.7MB

MD5
476093d85e48c604f773f993e09743c7

SHA1
34f1e9405449fd2773b9972cbcc9b87df274ef1b

SHA256
348a98ed8baae55867a0f7dfdfb5ad42a7934b6887d134b81c4d6712893e4031

SHA512
d62ec5726631c67feedf235e4284a421198e64df0262962823a7ca58db7037142ea20871a45b353fed8bc846488eeae848c5afa447f06e86dfd9004bbcf2b490

Download Submit
C:\Windows\System\LiZdDkQ.exe

Filesize
1.7MB

MD5
91130664a81f721a2202dd10468a7385

SHA1
430535822a25807260aaf980ec8ecf1ad19163b2

SHA256
7a7b6c824642d697e541d862b99ecebfe90964a3c94dc177a74d310e2068b492

SHA512
644b3f3c5468b8935a59bdbfd882a18ea731f4c304569427badc15bc98a1119c9a8d21813b4af3f8a42baadfdd3848b9e842d9074be15556209f36b8d0143dc4

Download Submit
C:\Windows\System\NmTMNzq.exe

Filesize
1.7MB

MD5
a737579eec0aa9a49b3e399ac24a0032

SHA1
eb9b48457a3457c2025d3b5474fedb98162cc861

SHA256
4c3fdb5741e7e6b7da053254329efefe749e8ff40fe603c14fb9db0c13a9ba6e

SHA512
15b6f227de56b0f101d14654343e043da57b3a10e65a183a391b5805447a34326b761fdc8d97a0a166b0b5ee4e17e4b5e9583e7414deeb94b3233fa7fab76bc1

Download Submit
C:\Windows\System\OZdRhrS.exe

Filesize
1.7MB

MD5
41fefb7e49d92e59d2ab8c778132b59f

SHA1
cdc13b5929d5a4c74198c2cc8612e634b76c17f6

SHA256
1aed3c83287784f7ffd66d156a251c78647ad8c4a40ef6d9ef55e9caf2f3f27b

SHA512
b208c47d9e9d6712eaee9b902cf78f7693a315ec52727b46e93b1e20627925758476218a7b55a06cdbe9b4803a211d25ab9f685bfc8cc6415318da7772ee802a

Download Submit
C:\Windows\System\RPtzIpb.exe

Filesize
1.7MB

MD5
94f7985f65261b03a492d6e001bc3bc8

SHA1
1e630a6a36c1197474a473cb9df15a9a85f45459

SHA256
06326318ec02b0cc10f895623f7b2cbbda49dafb825ae95a69f7035ada2d8326

SHA512
166a11cbc71d1760a3d2f483d40652956941983b340dce4a2886dcff3ee77d2fc7101c72001ebfd3c723133a2b65c4d95aea38ae7b0db14336813b474fcf2814

Download Submit
C:\Windows\System\VskGrGh.exe

Filesize
1.7MB

MD5
4b6c63c7407221ec1cbe54f2add7edbf

SHA1
d0abac3a6821a17ea8184edc1c62a40d5f8f9224

SHA256
4f170084ccff31cc8ed6375ccd35131d15aa7e0bb2267be1a413dc95c4169405

SHA512
b8425ee1fe93e56c622e65f1a791e30fd853d191e08eea624a0bfdf78253ce1df3305447b8a1c8d0cbfe9dc759240627fe96fd4ee8128ba501e8d776b5fbaf5e

Download Submit
C:\Windows\System\ayiwBGq.exe

Filesize
8B

MD5
e216125f6ec8a71ed511fce858ed30eb

SHA1
050cc8d12c9a1af3716df8cd26567943726d3366

SHA256
2097394cabc160a9df2f746df2b02abe3caad35caebdb855f94e869ef6004673

SHA512
1ac9f8982e0ad73ffc5075b337a3e3f491f85f11a7d1a7e27a4798e5b39f52143905d90909f5a0732fa6e625f6b0719a56e5ded5ac563b3a5f32c20c4c30e446

Download Submit
C:\Windows\System\dFOGgpl.exe

Filesize
1.7MB

MD5
bf677caf0eb5e1b7e256554d2c0abab7

SHA1
cafaf7816c2032e5d3155d6e1d94438d99755fde

SHA256
ad4c69c0da39ace0f0671972377d0bbccc288d93e34ed0c1d0cb4fa3dd8bc4b5

SHA512
9909daae77cef73bd64d777605c82f0a57877ed37a75227e930a15cad59421c1372164ce8ef600978b41b5743f377dbd2b82b9500cff5e4587595e8cf902828b

Download Submit
C:\Windows\System\fFwGxvk.exe

Filesize
1.7MB

MD5
81bdd9b411a74ec9a2f594950dc6e91d

SHA1
0977bdf850877a5167e7869b9aedef704b88f5dc

SHA256
3d71e19c997180180f2afcec84b74f6fdeab3e6a20d51aaa63fc8385e9c4b531

SHA512
d8c043c28e24afb60a91cc86f7eacde4ca309eafed9152f262f5df5fe32a8f0c4721be58c38ef4e1b8410d7180060715f4761ed8705b1ef9c62f37b5c358d4dc

Download Submit
C:\Windows\System\faupVTE.exe

Filesize
1.7MB

MD5
a21dafe7a8776db66fdb287350635ab1

SHA1
3612ccf85d39173b1313fcf0bfdd3b455a0cc9aa

SHA256
7a72a5ffade512b0d5da2137b41018913d8073bfdb94bd68689c3d942ed723e8

SHA512
9b2055e8b676266e9ca15f9bddc20be31c496130164fcce1a3e6e335625aced6c455434876eebefe5b6a4c3608d08e75ae041d70f4d9eae98a3682a3b77c3e3d

Download Submit
C:\Windows\System\haFwohJ.exe

Filesize
1.7MB

MD5
7b2a2ea264bed426a0a46e480df9f22b

SHA1
3a399e12ebf5414dd2d72320cc1893e35d7ce556

SHA256
791301a517e05e75c6ade7a8d436a8edc6099c9d09c8253724488eac1832888c

SHA512
d8bd05f5109a907772afc52471bd4a588a9b69984ce2ab5072241d8c4b95f718e3cc7a31a6d4890d80ff2d61f29f800e1e5a8caefe5d61598d15496e16765122

Download Submit
C:\Windows\System\hfJfVbA.exe

Filesize
1.7MB

MD5
c4173cac5cb9db7ba8b23c0350fea234

SHA1
7a86809559c11a636eb568e43382286d1c9283b5

SHA256
c8706fe82be23b82cf8934ff7f1b1d24b64ec9ceec28aa07164a8979f0615797

SHA512
8f3e167971c76da41a089685a2830d7cfadb893c988bc9a23c5d86f945e83ea8fe820683154fffbdfd9c101593bf50f6544db1c6d5022cc95826aa8118b40287

Download Submit
C:\Windows\System\iCFEJUf.exe

Filesize
1.7MB

MD5
5d37dbf8a91444776693a985a8ed7666

SHA1
b58122e74d7c320c33b288c609d1813f7dd14dd5

SHA256
36b3432b236fc6ff3b568eb9954d7a84ec2d5d7c8b7cf397c4c50550b6ad3aec

SHA512
b3c5efb1715163346a8327b1733d76b6ba84df8e1f8e5428069b1f5789bf05ff1941e9858cab0b4fa85d86da8a230a8582b502ac20d68de2c74d1e3734663127

Download Submit
C:\Windows\System\kKlBPLs.exe

Filesize
1.7MB

MD5
f1fb3d35245098bed6c0a42839f4b09c

SHA1
3bc86eda817db728cd430464d9fa4d3d44232a40

SHA256
eff5ba57199045bda4005ca0569ba702b48d96fe8538e0e85bea272b6967e479

SHA512
7f024edead0d04f7f5bdef0a2e377a20fc2926ef1fe46e2e3a3f5392376112727609e3a7b779b7cdeaee8b419fc8647bfded77ecdd4724e0b7ce4a96aa38c7a5

Download Submit
C:\Windows\System\lXYiocF.exe

Filesize
1.7MB

MD5
a61687822e2b801093f0906ac5dd1300

SHA1
4a1f04d60c16ca5a0b97b06c27e6953d927c899e

SHA256
9066202384b312fba3ec9e6e201c9b1a2b92b61f14e20909352c88d55bc5eada

SHA512
a2ef05d2ffec442aacc452f0bdd9f3f6f5343b9a8bfd21a9dd65e7f01a91f1eb1b46d6e6fdf717abb80d7beacb320a412e9c232b8e4723d74ddd00ea2e878ae6

Download Submit
C:\Windows\System\mWziVpb.exe

Filesize
1.7MB

MD5
1341b578690f3a5651bfebf90ee07fba

SHA1
60c1abd6d78537f13b54b37dae8d1a332b9a3589

SHA256
711842b3969c5f47ad4f5d11c2e1ac4c707fecc5e713b0e6a59db1227d0689b1

SHA512
06097ed3785b8c6b9f5d18a011046503b02ddab326a563e9f1a07672ae2e9e094bdcea40d6664aadeeac14677719c4d87ced0116482c38ab594540e22857d02d

Download Submit
C:\Windows\System\qMJQxHA.exe

Filesize
1.7MB

MD5
16bdbb7b964201f0bdda6f971cae5f54

SHA1
af59ac31e8ab2c3631152454eaed58c67cf4f26c

SHA256
04ea6d6aedea2458ca732bef319b201fee5efdaafd95a70139a0b8b1c517abc1

SHA512
fb25099cece62dbbb1d2588c69c3702ff63852aeb43bd8a6cb4fb85d538b36c2d12a24ec5a6f7a6dd4df0f508b234759a1f32f733a747371676e001d11348c28

Download Submit
C:\Windows\System\siJGRYD.exe

Filesize
1.7MB

MD5
c7723fa01b4718b79e62248ac7b77ab9

SHA1
f8d7ecceb55aaa5d8fe4ba7717ad6d2da578081b

SHA256
953ea3569ac9808b3396891de5d167c238f8a5292b646366c77c6c97f135dd98

SHA512
0c1c88f90306e68a70893f75c1cb0b7cd0cdb50e277a14240fa8858796f1e9e4c4d08c59563ba1ae6eb03955abdfcdf331bc46c18a4d465a08d4f4a408579921

Download Submit
C:\Windows\System\tmpBUWs.exe

Filesize
1.7MB

MD5
c1ea71358344fb7dca4042d547b80c45

SHA1
b40627a3144c6ef16d09f7a98a0e64ae388b4825

SHA256
583e75d56636b6bf84623e7bab36a07338bd5ac0400073f13d49543d3ea371ce

SHA512
262d9700bef4f16a4ad63c74118a6f161518ba53f44280b20ce388f8eb05179e71fa4c9271e7ab72da293c4889c765bebe1e5562b41edea717bd39b06b31916f

Download Submit
C:\Windows\System\umxafuA.exe

Filesize
1.7MB

MD5
ba9ff4d772ad13c73b4b76c45ca06571

SHA1
2fbf7d5669d9dc5e87b0e2ff77d56ac55bb8af35

SHA256
18f53d4b6ba9e3c1fb4a13bcadb9e2e9249b775b6618a2afbca650cf3bd6badb

SHA512
4a465cd7fc0ab8c1d4cee885a2b3b33a151ef1119a754c6e328648e09760f5875d2ff547a2465ba76e6b62bf501dcfc0194a0ce72596239de1601908a01cf3ef

Download Submit
C:\Windows\System\vCdPTtE.exe

Filesize
1.7MB

MD5
20e6b32774d16eaf810eb7ff7c595325

SHA1
8c804c12140a9e673cd581dfaa54cfae87ccb844

SHA256
07666d9fe49cc8906bbdf6a410c56389751339b515aebfacba68cfec47227416

SHA512
4bc3006918ae0a0b4465fe84fbd5cc9ad1af3002197dd270a34ac17be078684d53273266d7e4d20b1617d8f20a88e6eee66d0ce27e648974f2b46a32e6077faa

Download Submit
C:\Windows\System\wqtRjkS.exe

Filesize
1.7MB

MD5
5f448e2c02df65be1880777d5ddfa1fc

SHA1
71a3dac5df77ba1da7db8401c9b9392584297e8a

SHA256
ae32768a157e6d657013612d2e48942a03e8fee02bef7dbff7b6329ce7b43ebf

SHA512
622081d40b90ca246470de4ab0e8465e387361a06c8225bd1465de0317ffe036f4b187ca27d954181c3871f6f082ee5ff4bcdcfe9751cdca828a62275dcde6e8

Download Submit
C:\Windows\System\xloYygj.exe

Filesize
1.7MB

MD5
4c629b1a9f3c0561f52c0e91e7036731

SHA1
c52f63e544c2393ce7be53934c8df8dec2c82efe

SHA256
edfd90e0ed35e90dfdf477a86de41682ca8b896ee9a2b89eff6074061faac88a

SHA512
59ecf22410a8a5013a93b593c2e97cd7fb5e71336a5ef5492b7175ac7ec1ca746bfd9eada3836d37dc0937261d73e89b46c93ee9c4f4a30cda468a8c80d817d2

Download Submit
C:\Windows\System\yQizwcX.exe

Filesize
1.7MB

MD5
c308a06bf1c660a27b341a741d27736b

SHA1
36f1199a57503c545d799f8f8cee10ad96869a18

SHA256
c73125af87b07769244359e697d43db320d352845a237eab5de8cd7f89bde517

SHA512
c17c6382573cdf2283abee4c897dfb8df79f18cd8e82b673304c18beeabe2e3c9f4f783c87d452563c18e322c1b8fd0932cd457b22ed4184ead6bc900ed7c6f2

Download Submit
memory/216-101-0x00007FF695810000-0x00007FF695C02000-memory.dmp

Filesize
3.9MB

Download
memory/216-2537-0x00007FF695810000-0x00007FF695C02000-memory.dmp

Filesize
3.9MB

Download
memory/440-2540-0x00007FF7B6830000-0x00007FF7B6C22000-memory.dmp

Filesize
3.9MB

Download
memory/440-95-0x00007FF7B6830000-0x00007FF7B6C22000-memory.dmp

Filesize
3.9MB

Download
memory/632-2560-0x00007FF7AF6D0000-0x00007FF7AFAC2000-memory.dmp

Filesize
3.9MB

Download
memory/632-123-0x00007FF7AF6D0000-0x00007FF7AFAC2000-memory.dmp

Filesize
3.9MB

Download
memory/1164-136-0x00007FF7C0D50000-0x00007FF7C1142000-memory.dmp

Filesize
3.9MB

Download
memory/1164-2558-0x00007FF7C0D50000-0x00007FF7C1142000-memory.dmp

Filesize
3.9MB

Download
memory/1172-128-0x00007FF655BD0000-0x00007FF655FC2000-memory.dmp

Filesize
3.9MB

Download
memory/1172-2530-0x00007FF655BD0000-0x00007FF655FC2000-memory.dmp

Filesize
3.9MB

Download
memory/1484-201-0x00007FF729A40000-0x00007FF729E32000-memory.dmp

Filesize
3.9MB

Download
memory/1484-2576-0x00007FF729A40000-0x00007FF729E32000-memory.dmp

Filesize
3.9MB

Download
memory/1820-2568-0x00007FF7C5DC0000-0x00007FF7C61B2000-memory.dmp

Filesize
3.9MB

Download
memory/1820-190-0x00007FF7C5DC0000-0x00007FF7C61B2000-memory.dmp

Filesize
3.9MB

Download
memory/1920-0-0x00007FF716860000-0x00007FF716C52000-memory.dmp

Filesize
3.9MB

Download
memory/1920-1-0x0000027DA77B0000-0x0000027DA77C0000-memory.dmp

Filesize
64KB

Download
memory/1920-2551-0x00007FF716860000-0x00007FF716C52000-memory.dmp

Filesize
3.9MB

Download
memory/2312-142-0x00007FF78CC50000-0x00007FF78D042000-memory.dmp

Filesize
3.9MB

Download
memory/2312-2572-0x00007FF78CC50000-0x00007FF78D042000-memory.dmp

Filesize
3.9MB

Download
memory/2452-177-0x00007FF706020000-0x00007FF706412000-memory.dmp

Filesize
3.9MB

Download
memory/2452-2582-0x00007FF706020000-0x00007FF706412000-memory.dmp

Filesize
3.9MB

Download
memory/2584-165-0x00007FF7B2830000-0x00007FF7B2C22000-memory.dmp

Filesize
3.9MB

Download
memory/2584-2566-0x00007FF7B2830000-0x00007FF7B2C22000-memory.dmp

Filesize
3.9MB

Download
memory/2768-189-0x00007FF69A5D0000-0x00007FF69A9C2000-memory.dmp

Filesize
3.9MB

Download
memory/2768-2562-0x00007FF69A5D0000-0x00007FF69A9C2000-memory.dmp

Filesize
3.9MB

Download
memory/3004-89-0x00007FF720670000-0x00007FF720A62000-memory.dmp

Filesize
3.9MB

Download
memory/3004-2539-0x00007FF720670000-0x00007FF720A62000-memory.dmp

Filesize
3.9MB

Download
memory/3864-2579-0x00007FF7A1F60000-0x00007FF7A2352000-memory.dmp

Filesize
3.9MB

Download
memory/3864-183-0x00007FF7A1F60000-0x00007FF7A2352000-memory.dmp

Filesize
3.9MB

Download
memory/3932-2520-0x00007FF8CEFE3000-0x00007FF8CEFE5000-memory.dmp

Filesize
8KB

Download
memory/3932-33-0x0000022DDC9F0000-0x0000022DDCA12000-memory.dmp

Filesize
136KB

Download
memory/3932-47-0x00007FF8CEFE0000-0x00007FF8CFAA1000-memory.dmp

Filesize
10.8MB

Download
memory/3932-85-0x00007FF8CEFE0000-0x00007FF8CFAA1000-memory.dmp

Filesize
10.8MB

Download
memory/3932-11-0x00007FF8CEFE3000-0x00007FF8CEFE5000-memory.dmp

Filesize
8KB

Download
memory/3932-2541-0x00007FF8CEFE0000-0x00007FF8CFAA1000-memory.dmp

Filesize
10.8MB

Download
memory/3932-416-0x0000022DDD510000-0x0000022DDDCB6000-memory.dmp

Filesize
7.6MB

Download
memory/4016-2549-0x00007FF74E6B0000-0x00007FF74EAA2000-memory.dmp

Filesize
3.9MB

Download
memory/4016-132-0x00007FF74E6B0000-0x00007FF74EAA2000-memory.dmp

Filesize
3.9MB

Download
memory/4136-105-0x00007FF777CE0000-0x00007FF7780D2000-memory.dmp

Filesize
3.9MB

Download
memory/4136-2548-0x00007FF777CE0000-0x00007FF7780D2000-memory.dmp

Filesize
3.9MB

Download
memory/4248-115-0x00007FF7F0210000-0x00007FF7F0602000-memory.dmp

Filesize
3.9MB

Download
memory/4248-2555-0x00007FF7F0210000-0x00007FF7F0602000-memory.dmp

Filesize
3.9MB

Download
memory/4488-2534-0x00007FF62B420000-0x00007FF62B812000-memory.dmp

Filesize
3.9MB

Download
memory/4488-127-0x00007FF62B420000-0x00007FF62B812000-memory.dmp

Filesize
3.9MB

Download
memory/4616-114-0x00007FF6DF2F0000-0x00007FF6DF6E2000-memory.dmp

Filesize
3.9MB

Download
memory/4616-2553-0x00007FF6DF2F0000-0x00007FF6DF6E2000-memory.dmp

Filesize
3.9MB

Download
memory/4744-2526-0x00007FF75A5C0000-0x00007FF75A9B2000-memory.dmp

Filesize
3.9MB

Download
memory/4744-9-0x00007FF75A5C0000-0x00007FF75A9B2000-memory.dmp

Filesize
3.9MB

Download
memory/4872-2519-0x00007FF7CCF80000-0x00007FF7CD372000-memory.dmp

Filesize
3.9MB

Download
memory/4872-2581-0x00007FF7CCF80000-0x00007FF7CD372000-memory.dmp

Filesize
3.9MB

Download
memory/4872-119-0x00007FF7CCF80000-0x00007FF7CD372000-memory.dmp

Filesize
3.9MB

Download
memory/4892-2564-0x00007FF68FAB0000-0x00007FF68FEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4892-171-0x00007FF68FAB0000-0x00007FF68FEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4900-2545-0x00007FF793FF0000-0x00007FF7943E2000-memory.dmp

Filesize
3.9MB

Download
memory/4900-110-0x00007FF793FF0000-0x00007FF7943E2000-memory.dmp

Filesize
3.9MB

Download
memory/5044-2574-0x00007FF721630000-0x00007FF721A22000-memory.dmp

Filesize
3.9MB

Download
memory/5044-205-0x00007FF721630000-0x00007FF721A22000-memory.dmp

Filesize
3.9MB

Download
memory/5052-106-0x00007FF756A70000-0x00007FF756E62000-memory.dmp

Filesize
3.9MB

Download
memory/5052-2544-0x00007FF756A70000-0x00007FF756E62000-memory.dmp

Filesize
3.9MB

Download