xmrig | 3635110b9d43f3ae359d8639d3e08170af5ac6f3bfe65865684c03303f194d3e

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3b02dd2a4adffc886af6b8937f7c4b0N.exe
Size

1.2MB
MD5

a3b02dd2a4adffc886af6b8937f7c4b0
SHA1

9c7bf3189daaf069429928189fb650961cedee46
SHA256

3635110b9d43f3ae359d8639d3e08170af5ac6f3bfe65865684c03303f194d3e
SHA512

c528cc6600b8c440faefbb8d257937177e8eaca624fb1f984bcf559a10f30f0fb25269328cab05a4cad99030c73557a115937748f67215f42620ec9b2931c0ed
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYMYkWvUmPBLl+k:Lz071uv4BPMkibTIA5BBMm5wk

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/2596-94-0x00007FF6B4FC0000-0x00007FF6B53B2000-memory.dmp	xmrig
behavioral2/memory/692-100-0x00007FF659880000-0x00007FF659C72000-memory.dmp	xmrig
behavioral2/memory/1732-359-0x00007FF668BD0000-0x00007FF668FC2000-memory.dmp	xmrig
behavioral2/memory/732-372-0x00007FF666140000-0x00007FF666532000-memory.dmp	xmrig
behavioral2/memory/1864-383-0x00007FF6C7160000-0x00007FF6C7552000-memory.dmp	xmrig
behavioral2/memory/668-404-0x00007FF724E50000-0x00007FF725242000-memory.dmp	xmrig
behavioral2/memory/3564-409-0x00007FF71E1E0000-0x00007FF71E5D2000-memory.dmp	xmrig
behavioral2/memory/3496-393-0x00007FF6CF8D0000-0x00007FF6CFCC2000-memory.dmp	xmrig
behavioral2/memory/2168-381-0x00007FF652C00000-0x00007FF652FF2000-memory.dmp	xmrig
behavioral2/memory/1632-377-0x00007FF78F070000-0x00007FF78F462000-memory.dmp	xmrig
behavioral2/memory/4292-355-0x00007FF662540000-0x00007FF662932000-memory.dmp	xmrig
behavioral2/memory/3280-338-0x00007FF797E60000-0x00007FF798252000-memory.dmp	xmrig
behavioral2/memory/2560-410-0x00007FF7B4950000-0x00007FF7B4D42000-memory.dmp	xmrig
behavioral2/memory/1896-411-0x00007FF6B91B0000-0x00007FF6B95A2000-memory.dmp	xmrig
behavioral2/memory/436-412-0x00007FF6AA510000-0x00007FF6AA902000-memory.dmp	xmrig
behavioral2/memory/1052-413-0x00007FF6B3110000-0x00007FF6B3502000-memory.dmp	xmrig
behavioral2/memory/2868-420-0x00007FF6AD980000-0x00007FF6ADD72000-memory.dmp	xmrig
behavioral2/memory/1832-429-0x00007FF61B8D0000-0x00007FF61BCC2000-memory.dmp	xmrig
behavioral2/memory/1048-443-0x00007FF778450000-0x00007FF778842000-memory.dmp	xmrig
behavioral2/memory/3392-454-0x00007FF6BB0F0000-0x00007FF6BB4E2000-memory.dmp	xmrig
behavioral2/memory/4192-437-0x00007FF7BE030000-0x00007FF7BE422000-memory.dmp	xmrig
behavioral2/memory/444-113-0x00007FF6EC8E0000-0x00007FF6ECCD2000-memory.dmp	xmrig
behavioral2/memory/4372-112-0x00007FF6ACEA0000-0x00007FF6AD292000-memory.dmp	xmrig
behavioral2/memory/3508-3164-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp	xmrig
behavioral2/memory/3508-3186-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp	xmrig
behavioral2/memory/4372-3190-0x00007FF6ACEA0000-0x00007FF6AD292000-memory.dmp	xmrig
behavioral2/memory/1052-3189-0x00007FF6B3110000-0x00007FF6B3502000-memory.dmp	xmrig
behavioral2/memory/2596-3192-0x00007FF6B4FC0000-0x00007FF6B53B2000-memory.dmp	xmrig
behavioral2/memory/444-3194-0x00007FF6EC8E0000-0x00007FF6ECCD2000-memory.dmp	xmrig
behavioral2/memory/4192-3205-0x00007FF7BE030000-0x00007FF7BE422000-memory.dmp	xmrig
behavioral2/memory/692-3206-0x00007FF659880000-0x00007FF659C72000-memory.dmp	xmrig
behavioral2/memory/2560-3224-0x00007FF7B4950000-0x00007FF7B4D42000-memory.dmp	xmrig
behavioral2/memory/3392-3228-0x00007FF6BB0F0000-0x00007FF6BB4E2000-memory.dmp	xmrig
behavioral2/memory/1896-3232-0x00007FF6B91B0000-0x00007FF6B95A2000-memory.dmp	xmrig
behavioral2/memory/436-3230-0x00007FF6AA510000-0x00007FF6AA902000-memory.dmp	xmrig
behavioral2/memory/1048-3226-0x00007FF778450000-0x00007FF778842000-memory.dmp	xmrig
behavioral2/memory/668-3222-0x00007FF724E50000-0x00007FF725242000-memory.dmp	xmrig
behavioral2/memory/1864-3218-0x00007FF6C7160000-0x00007FF6C7552000-memory.dmp	xmrig
behavioral2/memory/1832-3217-0x00007FF61B8D0000-0x00007FF61BCC2000-memory.dmp	xmrig
behavioral2/memory/1632-3214-0x00007FF78F070000-0x00007FF78F462000-memory.dmp	xmrig
behavioral2/memory/1732-3211-0x00007FF668BD0000-0x00007FF668FC2000-memory.dmp	xmrig
behavioral2/memory/4292-3209-0x00007FF662540000-0x00007FF662932000-memory.dmp	xmrig
behavioral2/memory/732-3203-0x00007FF666140000-0x00007FF666532000-memory.dmp	xmrig
behavioral2/memory/2168-3220-0x00007FF652C00000-0x00007FF652FF2000-memory.dmp	xmrig
behavioral2/memory/3564-3200-0x00007FF71E1E0000-0x00007FF71E5D2000-memory.dmp	xmrig
behavioral2/memory/3496-3199-0x00007FF6CF8D0000-0x00007FF6CFCC2000-memory.dmp	xmrig
behavioral2/memory/2868-3213-0x00007FF6AD980000-0x00007FF6ADD72000-memory.dmp	xmrig
behavioral2/memory/3280-3196-0x00007FF797E60000-0x00007FF798252000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	4552	powershell.exe
5	4552	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4552	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3508	oKqKLgl.exe
1052	LsTQtfP.exe
2596	BcxXwAr.exe
692	amEdNFV.exe
4372	HUmpPVL.exe
444	uVXCgRd.exe
3280	qPedPem.exe
2868	LHBoXrZ.exe
4292	slNeyvi.exe
1732	xQdfgZY.exe
732	KPwKGEx.exe
1632	OKyhelk.exe
2168	LeaVJQR.exe
1864	QAWjKSz.exe
1832	oHQQdex.exe
3496	xjXYenM.exe
668	WhFohzL.exe
3564	UDmZopy.exe
4192	gamvAeh.exe
1048	DcDJcof.exe
3392	HVWEKzA.exe
2560	AAgTExA.exe
1896	zKSmtAU.exe
436	YjFOQDy.exe
1900	zqchwdk.exe
2376	iSMrVkE.exe
2780	pnKWRMv.exe
3236	lqcUpiO.exe
4504	RmSguhd.exe
4492	LzZtWsl.exe
2556	EvAWCuW.exe
4424	rVFjGtO.exe
1484	EHPIIFQ.exe
4780	ijaIMZG.exe
4344	YGEsrZw.exe
3560	HzhZWNR.exe
1012	VwkywuL.exe
3180	lszckXA.exe
1392	eDtrSIS.exe
2388	rMHFCKI.exe
4936	kzinKvl.exe
1656	jpVuMHV.exe
3108	RKbubrX.exe
2964	wBnRoOL.exe
2248	WpRjpOk.exe
4924	IyIYWih.exe
2444	exRzVdj.exe
3056	LabtzAv.exe
4336	JdLxfvw.exe
4260	IOjGLTX.exe
1688	drkCbAV.exe
4880	QffwPwS.exe
3400	cbAFZdo.exe
3960	axFoZGe.exe
2772	FNhrBnI.exe
1548	ecmdPuX.exe
1344	HsHSOGq.exe
4044	CdfKAxg.exe
1216	bDQiKCc.exe
3088	XmcYRcp.exe
460	LscIygH.exe
2184	VIPluXv.exe
5016	mXfjQwe.exe
3748	RkkVhGU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4244-0-0x00007FF6A3410000-0x00007FF6A3802000-memory.dmp	upx
behavioral2/files/0x00080000000234af-5.dat	upx
behavioral2/files/0x00070000000234b4-18.dat	upx
behavioral2/files/0x00070000000234b3-26.dat	upx
behavioral2/files/0x00070000000234b5-23.dat	upx
behavioral2/files/0x00070000000234b6-31.dat	upx
behavioral2/files/0x00070000000234bd-65.dat	upx
behavioral2/files/0x00070000000234bb-71.dat	upx
behavioral2/files/0x00070000000234bf-77.dat	upx
behavioral2/memory/2596-94-0x00007FF6B4FC0000-0x00007FF6B53B2000-memory.dmp	upx
behavioral2/memory/692-100-0x00007FF659880000-0x00007FF659C72000-memory.dmp	upx
behavioral2/files/0x00080000000234b9-108.dat	upx
behavioral2/files/0x00080000000234b0-131.dat	upx
behavioral2/files/0x00070000000234ca-159.dat	upx
behavioral2/files/0x00070000000234cd-174.dat	upx
behavioral2/memory/1732-359-0x00007FF668BD0000-0x00007FF668FC2000-memory.dmp	upx
behavioral2/memory/732-372-0x00007FF666140000-0x00007FF666532000-memory.dmp	upx
behavioral2/memory/1864-383-0x00007FF6C7160000-0x00007FF6C7552000-memory.dmp	upx
behavioral2/memory/668-404-0x00007FF724E50000-0x00007FF725242000-memory.dmp	upx
behavioral2/memory/3564-409-0x00007FF71E1E0000-0x00007FF71E5D2000-memory.dmp	upx
behavioral2/memory/3496-393-0x00007FF6CF8D0000-0x00007FF6CFCC2000-memory.dmp	upx
behavioral2/memory/2168-381-0x00007FF652C00000-0x00007FF652FF2000-memory.dmp	upx
behavioral2/memory/1632-377-0x00007FF78F070000-0x00007FF78F462000-memory.dmp	upx
behavioral2/memory/4292-355-0x00007FF662540000-0x00007FF662932000-memory.dmp	upx
behavioral2/memory/3280-338-0x00007FF797E60000-0x00007FF798252000-memory.dmp	upx
behavioral2/memory/2560-410-0x00007FF7B4950000-0x00007FF7B4D42000-memory.dmp	upx
behavioral2/memory/1896-411-0x00007FF6B91B0000-0x00007FF6B95A2000-memory.dmp	upx
behavioral2/files/0x00070000000234d0-181.dat	upx
behavioral2/files/0x00070000000234ce-179.dat	upx
behavioral2/files/0x00070000000234cf-176.dat	upx
behavioral2/memory/436-412-0x00007FF6AA510000-0x00007FF6AA902000-memory.dmp	upx
behavioral2/memory/1052-413-0x00007FF6B3110000-0x00007FF6B3502000-memory.dmp	upx
behavioral2/files/0x00070000000234cc-169.dat	upx
behavioral2/memory/2868-420-0x00007FF6AD980000-0x00007FF6ADD72000-memory.dmp	upx
behavioral2/memory/1832-429-0x00007FF61B8D0000-0x00007FF61BCC2000-memory.dmp	upx
behavioral2/memory/1048-443-0x00007FF778450000-0x00007FF778842000-memory.dmp	upx
behavioral2/memory/3392-454-0x00007FF6BB0F0000-0x00007FF6BB4E2000-memory.dmp	upx
behavioral2/memory/4192-437-0x00007FF7BE030000-0x00007FF7BE422000-memory.dmp	upx
behavioral2/files/0x00070000000234cb-164.dat	upx
behavioral2/files/0x00070000000234c9-154.dat	upx
behavioral2/files/0x00070000000234c8-149.dat	upx
behavioral2/files/0x00070000000234c7-144.dat	upx
behavioral2/files/0x00070000000234c6-139.dat	upx
behavioral2/files/0x00070000000234c5-127.dat	upx
behavioral2/files/0x00070000000234c4-125.dat	upx
behavioral2/files/0x00070000000234c1-119.dat	upx
behavioral2/files/0x00070000000234c3-115.dat	upx
behavioral2/memory/444-113-0x00007FF6EC8E0000-0x00007FF6ECCD2000-memory.dmp	upx
behavioral2/memory/4372-112-0x00007FF6ACEA0000-0x00007FF6AD292000-memory.dmp	upx
behavioral2/files/0x00070000000234c2-110.dat	upx
behavioral2/files/0x00070000000234c0-106.dat	upx
behavioral2/files/0x00070000000234be-97.dat	upx
behavioral2/files/0x00070000000234bc-88.dat	upx
behavioral2/files/0x00080000000234ba-73.dat	upx
behavioral2/files/0x00070000000234b8-64.dat	upx
behavioral2/files/0x00070000000234b7-62.dat	upx
behavioral2/files/0x00080000000234b2-21.dat	upx
behavioral2/memory/3508-14-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp	upx
behavioral2/memory/3508-3164-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp	upx
behavioral2/memory/3508-3186-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp	upx
behavioral2/memory/4372-3190-0x00007FF6ACEA0000-0x00007FF6AD292000-memory.dmp	upx
behavioral2/memory/1052-3189-0x00007FF6B3110000-0x00007FF6B3502000-memory.dmp	upx
behavioral2/memory/2596-3192-0x00007FF6B4FC0000-0x00007FF6B53B2000-memory.dmp	upx
behavioral2/memory/444-3194-0x00007FF6EC8E0000-0x00007FF6ECCD2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jFdXxaE.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\QvJUMLj.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\cKxWuQV.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\xrSlAye.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\arBIaow.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\CqJqOsA.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\lxhYoRZ.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\BNKNDuj.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\SsyFbHa.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\xzYpvOm.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\dmRHhhs.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\MYodtdx.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\svyJEvs.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\DyxQGTs.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\mNkXtHN.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\DQyejVN.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\dVBPIfj.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\nfrpxAb.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\iYyqNMj.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\TQlWjoh.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\Zmwutbr.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\PCyXbJp.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\NqCofjx.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\xwFGBYv.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\EOHvYZX.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\BvYLfVU.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\TjlhWrh.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\HWnSFwt.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\lqcUpiO.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\ymWgUjw.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\QWAZtIB.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\iitlOLV.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\RGQKXFD.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\mlqLjzO.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\THplsuY.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\GhsCYGD.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\zgJTWcf.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\UXNxVJo.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\qVkimmS.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\LmTQciK.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\wlIwBWJ.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\etLOwOi.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\MuNpvdq.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\aeLSqPU.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\GsXAIxE.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\FASVfYR.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\tXvnHaV.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\AIKByBJ.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\ZOSFolT.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\MvBWQeA.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\tUPktZr.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\hsibkbV.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\vVTqfQK.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\zlcXBVM.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\BUnsHyA.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\bTDZuNp.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\dVrRfWB.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\xFClvxU.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\vEiwaFC.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\zDMlwgy.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\AZcMZlT.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\NlOpzuN.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\iNNKtNc.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
File created	C:\Windows\System\qdcZaYV.exe	a3b02dd2a4adffc886af6b8937f7c4b0N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4552	powershell.exe
4552	powershell.exe
4552	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
Token: SeLockMemoryPrivilege	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe
Token: SeDebugPrivilege	4552	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 4552	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	85
PID 4244 wrote to memory of 4552	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	85
PID 4244 wrote to memory of 3508	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	86
PID 4244 wrote to memory of 3508	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	86
PID 4244 wrote to memory of 1052	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	87
PID 4244 wrote to memory of 1052	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	87
PID 4244 wrote to memory of 2596	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	88
PID 4244 wrote to memory of 2596	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	88
PID 4244 wrote to memory of 692	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	89
PID 4244 wrote to memory of 692	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	89
PID 4244 wrote to memory of 4372	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	90
PID 4244 wrote to memory of 4372	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	90
PID 4244 wrote to memory of 444	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	91
PID 4244 wrote to memory of 444	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	91
PID 4244 wrote to memory of 3280	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	92
PID 4244 wrote to memory of 3280	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	92
PID 4244 wrote to memory of 2868	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	93
PID 4244 wrote to memory of 2868	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	93
PID 4244 wrote to memory of 4292	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	94
PID 4244 wrote to memory of 4292	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	94
PID 4244 wrote to memory of 1732	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	95
PID 4244 wrote to memory of 1732	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	95
PID 4244 wrote to memory of 732	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	96
PID 4244 wrote to memory of 732	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	96
PID 4244 wrote to memory of 1632	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	97
PID 4244 wrote to memory of 1632	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	97
PID 4244 wrote to memory of 2168	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	98
PID 4244 wrote to memory of 2168	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	98
PID 4244 wrote to memory of 1864	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	99
PID 4244 wrote to memory of 1864	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	99
PID 4244 wrote to memory of 1832	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	100
PID 4244 wrote to memory of 1832	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	100
PID 4244 wrote to memory of 3496	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	101
PID 4244 wrote to memory of 3496	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	101
PID 4244 wrote to memory of 668	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	102
PID 4244 wrote to memory of 668	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	102
PID 4244 wrote to memory of 3564	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	103
PID 4244 wrote to memory of 3564	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	103
PID 4244 wrote to memory of 4192	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	104
PID 4244 wrote to memory of 4192	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	104
PID 4244 wrote to memory of 1048	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	105
PID 4244 wrote to memory of 1048	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	105
PID 4244 wrote to memory of 3392	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	106
PID 4244 wrote to memory of 3392	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	106
PID 4244 wrote to memory of 2560	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	107
PID 4244 wrote to memory of 2560	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	107
PID 4244 wrote to memory of 1896	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	108
PID 4244 wrote to memory of 1896	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	108
PID 4244 wrote to memory of 436	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	109
PID 4244 wrote to memory of 436	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	109
PID 4244 wrote to memory of 1900	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	110
PID 4244 wrote to memory of 1900	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	110
PID 4244 wrote to memory of 2376	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	111
PID 4244 wrote to memory of 2376	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	111
PID 4244 wrote to memory of 2780	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	112
PID 4244 wrote to memory of 2780	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	112
PID 4244 wrote to memory of 3236	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	113
PID 4244 wrote to memory of 3236	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	113
PID 4244 wrote to memory of 4504	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	114
PID 4244 wrote to memory of 4504	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	114
PID 4244 wrote to memory of 4492	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	115
PID 4244 wrote to memory of 4492	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	115
PID 4244 wrote to memory of 2556	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	116
PID 4244 wrote to memory of 2556	4244	a3b02dd2a4adffc886af6b8937f7c4b0N.exe	116

C:\Users\Admin\AppData\Local\Temp\a3b02dd2a4adffc886af6b8937f7c4b0N.exe
"C:\Users\Admin\AppData\Local\Temp\a3b02dd2a4adffc886af6b8937f7c4b0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4552
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4552" "2916" "2760" "2920" "0" "0" "2924" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:13284
- C:\Windows\System\oKqKLgl.exe
  C:\Windows\System\oKqKLgl.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\LsTQtfP.exe
  C:\Windows\System\LsTQtfP.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\BcxXwAr.exe
  C:\Windows\System\BcxXwAr.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\amEdNFV.exe
  C:\Windows\System\amEdNFV.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\HUmpPVL.exe
  C:\Windows\System\HUmpPVL.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\uVXCgRd.exe
  C:\Windows\System\uVXCgRd.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\qPedPem.exe
  C:\Windows\System\qPedPem.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\LHBoXrZ.exe
  C:\Windows\System\LHBoXrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\slNeyvi.exe
  C:\Windows\System\slNeyvi.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\xQdfgZY.exe
  C:\Windows\System\xQdfgZY.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\KPwKGEx.exe
  C:\Windows\System\KPwKGEx.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\OKyhelk.exe
  C:\Windows\System\OKyhelk.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\LeaVJQR.exe
  C:\Windows\System\LeaVJQR.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\QAWjKSz.exe
  C:\Windows\System\QAWjKSz.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\oHQQdex.exe
  C:\Windows\System\oHQQdex.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\xjXYenM.exe
  C:\Windows\System\xjXYenM.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\WhFohzL.exe
  C:\Windows\System\WhFohzL.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\UDmZopy.exe
  C:\Windows\System\UDmZopy.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\gamvAeh.exe
  C:\Windows\System\gamvAeh.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\DcDJcof.exe
  C:\Windows\System\DcDJcof.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\HVWEKzA.exe
  C:\Windows\System\HVWEKzA.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\AAgTExA.exe
  C:\Windows\System\AAgTExA.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\zKSmtAU.exe
  C:\Windows\System\zKSmtAU.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\YjFOQDy.exe
  C:\Windows\System\YjFOQDy.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\zqchwdk.exe
  C:\Windows\System\zqchwdk.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\iSMrVkE.exe
  C:\Windows\System\iSMrVkE.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\pnKWRMv.exe
  C:\Windows\System\pnKWRMv.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\lqcUpiO.exe
  C:\Windows\System\lqcUpiO.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\RmSguhd.exe
  C:\Windows\System\RmSguhd.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\LzZtWsl.exe
  C:\Windows\System\LzZtWsl.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\EvAWCuW.exe
  C:\Windows\System\EvAWCuW.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\rVFjGtO.exe
  C:\Windows\System\rVFjGtO.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\EHPIIFQ.exe
  C:\Windows\System\EHPIIFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\ijaIMZG.exe
  C:\Windows\System\ijaIMZG.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\YGEsrZw.exe
  C:\Windows\System\YGEsrZw.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\HzhZWNR.exe
  C:\Windows\System\HzhZWNR.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\VwkywuL.exe
  C:\Windows\System\VwkywuL.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\lszckXA.exe
  C:\Windows\System\lszckXA.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\eDtrSIS.exe
  C:\Windows\System\eDtrSIS.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\rMHFCKI.exe
  C:\Windows\System\rMHFCKI.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\kzinKvl.exe
  C:\Windows\System\kzinKvl.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\jpVuMHV.exe
  C:\Windows\System\jpVuMHV.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\RKbubrX.exe
  C:\Windows\System\RKbubrX.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\wBnRoOL.exe
  C:\Windows\System\wBnRoOL.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WpRjpOk.exe
  C:\Windows\System\WpRjpOk.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\IyIYWih.exe
  C:\Windows\System\IyIYWih.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\exRzVdj.exe
  C:\Windows\System\exRzVdj.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\LabtzAv.exe
  C:\Windows\System\LabtzAv.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\JdLxfvw.exe
  C:\Windows\System\JdLxfvw.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\IOjGLTX.exe
  C:\Windows\System\IOjGLTX.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\drkCbAV.exe
  C:\Windows\System\drkCbAV.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\QffwPwS.exe
  C:\Windows\System\QffwPwS.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\cbAFZdo.exe
  C:\Windows\System\cbAFZdo.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\axFoZGe.exe
  C:\Windows\System\axFoZGe.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\FNhrBnI.exe
  C:\Windows\System\FNhrBnI.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ecmdPuX.exe
  C:\Windows\System\ecmdPuX.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\HsHSOGq.exe
  C:\Windows\System\HsHSOGq.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\CdfKAxg.exe
  C:\Windows\System\CdfKAxg.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\bDQiKCc.exe
  C:\Windows\System\bDQiKCc.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\XmcYRcp.exe
  C:\Windows\System\XmcYRcp.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\LscIygH.exe
  C:\Windows\System\LscIygH.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\VIPluXv.exe
  C:\Windows\System\VIPluXv.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\mXfjQwe.exe
  C:\Windows\System\mXfjQwe.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\RkkVhGU.exe
  C:\Windows\System\RkkVhGU.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\citgcZQ.exe
  C:\Windows\System\citgcZQ.exe
  2⤵
  PID:3596
- C:\Windows\System\pJzQcNq.exe
  C:\Windows\System\pJzQcNq.exe
  2⤵
  PID:1168
- C:\Windows\System\yfwRaAm.exe
  C:\Windows\System\yfwRaAm.exe
  2⤵
  PID:5088
- C:\Windows\System\vVTqfQK.exe
  C:\Windows\System\vVTqfQK.exe
  2⤵
  PID:4436
- C:\Windows\System\DmTRtRM.exe
  C:\Windows\System\DmTRtRM.exe
  2⤵
  PID:3104
- C:\Windows\System\gwAUXwZ.exe
  C:\Windows\System\gwAUXwZ.exe
  2⤵
  PID:1156
- C:\Windows\System\gnzKNdm.exe
  C:\Windows\System\gnzKNdm.exe
  2⤵
  PID:3144
- C:\Windows\System\NztbDFr.exe
  C:\Windows\System\NztbDFr.exe
  2⤵
  PID:1476
- C:\Windows\System\NulvzvH.exe
  C:\Windows\System\NulvzvH.exe
  2⤵
  PID:1372
- C:\Windows\System\yfrJVbh.exe
  C:\Windows\System\yfrJVbh.exe
  2⤵
  PID:3828
- C:\Windows\System\LTfdnXj.exe
  C:\Windows\System\LTfdnXj.exe
  2⤵
  PID:4276
- C:\Windows\System\JkcxJdI.exe
  C:\Windows\System\JkcxJdI.exe
  2⤵
  PID:2380
- C:\Windows\System\GkGdWah.exe
  C:\Windows\System\GkGdWah.exe
  2⤵
  PID:1288
- C:\Windows\System\FXnrbSp.exe
  C:\Windows\System\FXnrbSp.exe
  2⤵
  PID:3740
- C:\Windows\System\KTlCkhU.exe
  C:\Windows\System\KTlCkhU.exe
  2⤵
  PID:4452
- C:\Windows\System\OzJjekA.exe
  C:\Windows\System\OzJjekA.exe
  2⤵
  PID:3444
- C:\Windows\System\rHtxrpJ.exe
  C:\Windows\System\rHtxrpJ.exe
  2⤵
  PID:1516
- C:\Windows\System\feAJpGP.exe
  C:\Windows\System\feAJpGP.exe
  2⤵
  PID:5116
- C:\Windows\System\YnGflnp.exe
  C:\Windows\System\YnGflnp.exe
  2⤵
  PID:3436
- C:\Windows\System\qODvseg.exe
  C:\Windows\System\qODvseg.exe
  2⤵
  PID:2844
- C:\Windows\System\OqxQqaH.exe
  C:\Windows\System\OqxQqaH.exe
  2⤵
  PID:4420
- C:\Windows\System\ShmAIIv.exe
  C:\Windows\System\ShmAIIv.exe
  2⤵
  PID:1436
- C:\Windows\System\fSaipOn.exe
  C:\Windows\System\fSaipOn.exe
  2⤵
  PID:4884
- C:\Windows\System\cIQXajL.exe
  C:\Windows\System\cIQXajL.exe
  2⤵
  PID:1712
- C:\Windows\System\mWqRbdt.exe
  C:\Windows\System\mWqRbdt.exe
  2⤵
  PID:384
- C:\Windows\System\VXmjwiR.exe
  C:\Windows\System\VXmjwiR.exe
  2⤵
  PID:1924
- C:\Windows\System\NoRXULJ.exe
  C:\Windows\System\NoRXULJ.exe
  2⤵
  PID:3816
- C:\Windows\System\CQundYi.exe
  C:\Windows\System\CQundYi.exe
  2⤵
  PID:4040
- C:\Windows\System\SkRqdaE.exe
  C:\Windows\System\SkRqdaE.exe
  2⤵
  PID:5144
- C:\Windows\System\adNlphy.exe
  C:\Windows\System\adNlphy.exe
  2⤵
  PID:5176
- C:\Windows\System\vEbpeyg.exe
  C:\Windows\System\vEbpeyg.exe
  2⤵
  PID:5212
- C:\Windows\System\BhoCbQQ.exe
  C:\Windows\System\BhoCbQQ.exe
  2⤵
  PID:5232
- C:\Windows\System\YNXMdJG.exe
  C:\Windows\System\YNXMdJG.exe
  2⤵
  PID:5256
- C:\Windows\System\wMpvJbd.exe
  C:\Windows\System\wMpvJbd.exe
  2⤵
  PID:5304
- C:\Windows\System\NDKxGFW.exe
  C:\Windows\System\NDKxGFW.exe
  2⤵
  PID:5356
- C:\Windows\System\yraxYbE.exe
  C:\Windows\System\yraxYbE.exe
  2⤵
  PID:5384
- C:\Windows\System\XSyfqha.exe
  C:\Windows\System\XSyfqha.exe
  2⤵
  PID:5400
- C:\Windows\System\elNdDJH.exe
  C:\Windows\System\elNdDJH.exe
  2⤵
  PID:5420
- C:\Windows\System\ebqcqBi.exe
  C:\Windows\System\ebqcqBi.exe
  2⤵
  PID:5436
- C:\Windows\System\mQWwajq.exe
  C:\Windows\System\mQWwajq.exe
  2⤵
  PID:5456
- C:\Windows\System\rEukdLn.exe
  C:\Windows\System\rEukdLn.exe
  2⤵
  PID:5480
- C:\Windows\System\bWwRkOo.exe
  C:\Windows\System\bWwRkOo.exe
  2⤵
  PID:5508
- C:\Windows\System\xXjXTTE.exe
  C:\Windows\System\xXjXTTE.exe
  2⤵
  PID:5524
- C:\Windows\System\kcSVcnM.exe
  C:\Windows\System\kcSVcnM.exe
  2⤵
  PID:5544
- C:\Windows\System\iPAffgI.exe
  C:\Windows\System\iPAffgI.exe
  2⤵
  PID:5560
- C:\Windows\System\PZhoCnT.exe
  C:\Windows\System\PZhoCnT.exe
  2⤵
  PID:5616
- C:\Windows\System\zLULNjd.exe
  C:\Windows\System\zLULNjd.exe
  2⤵
  PID:5684
- C:\Windows\System\TQlWjoh.exe
  C:\Windows\System\TQlWjoh.exe
  2⤵
  PID:5740
- C:\Windows\System\dFNkZcp.exe
  C:\Windows\System\dFNkZcp.exe
  2⤵
  PID:5784
- C:\Windows\System\fvBmVlY.exe
  C:\Windows\System\fvBmVlY.exe
  2⤵
  PID:5808
- C:\Windows\System\lHHGSCk.exe
  C:\Windows\System\lHHGSCk.exe
  2⤵
  PID:5860
- C:\Windows\System\iQVwolB.exe
  C:\Windows\System\iQVwolB.exe
  2⤵
  PID:5880
- C:\Windows\System\OVIbcNB.exe
  C:\Windows\System\OVIbcNB.exe
  2⤵
  PID:5908
- C:\Windows\System\EgSHlcz.exe
  C:\Windows\System\EgSHlcz.exe
  2⤵
  PID:5924
- C:\Windows\System\rdBHjdE.exe
  C:\Windows\System\rdBHjdE.exe
  2⤵
  PID:5940
- C:\Windows\System\WsXMlaJ.exe
  C:\Windows\System\WsXMlaJ.exe
  2⤵
  PID:5960
- C:\Windows\System\PkSvPow.exe
  C:\Windows\System\PkSvPow.exe
  2⤵
  PID:5984
- C:\Windows\System\okBjTUL.exe
  C:\Windows\System\okBjTUL.exe
  2⤵
  PID:6000
- C:\Windows\System\JWkVoDd.exe
  C:\Windows\System\JWkVoDd.exe
  2⤵
  PID:6024
- C:\Windows\System\xPpQvjp.exe
  C:\Windows\System\xPpQvjp.exe
  2⤵
  PID:6068
- C:\Windows\System\nWVRKxF.exe
  C:\Windows\System\nWVRKxF.exe
  2⤵
  PID:6136
- C:\Windows\System\tmXNoOt.exe
  C:\Windows\System\tmXNoOt.exe
  2⤵
  PID:968
- C:\Windows\System\ovsBwzX.exe
  C:\Windows\System\ovsBwzX.exe
  2⤵
  PID:336
- C:\Windows\System\YYUtdsY.exe
  C:\Windows\System\YYUtdsY.exe
  2⤵
  PID:872
- C:\Windows\System\viqSeJZ.exe
  C:\Windows\System\viqSeJZ.exe
  2⤵
  PID:4804
- C:\Windows\System\DRhuSvd.exe
  C:\Windows\System\DRhuSvd.exe
  2⤵
  PID:5228
- C:\Windows\System\rfmyaQQ.exe
  C:\Windows\System\rfmyaQQ.exe
  2⤵
  PID:2244
- C:\Windows\System\mLWJZSI.exe
  C:\Windows\System\mLWJZSI.exe
  2⤵
  PID:5284
- C:\Windows\System\TWGUfex.exe
  C:\Windows\System\TWGUfex.exe
  2⤵
  PID:5372
- C:\Windows\System\EXwrDdn.exe
  C:\Windows\System\EXwrDdn.exe
  2⤵
  PID:5452
- C:\Windows\System\KzYrHPj.exe
  C:\Windows\System\KzYrHPj.exe
  2⤵
  PID:5412
- C:\Windows\System\oyfCJmp.exe
  C:\Windows\System\oyfCJmp.exe
  2⤵
  PID:5008
- C:\Windows\System\dHNcsYR.exe
  C:\Windows\System\dHNcsYR.exe
  2⤵
  PID:3768
- C:\Windows\System\ghPhYcO.exe
  C:\Windows\System\ghPhYcO.exe
  2⤵
  PID:4928
- C:\Windows\System\eRMYyxZ.exe
  C:\Windows\System\eRMYyxZ.exe
  2⤵
  PID:4904
- C:\Windows\System\jbHOcMh.exe
  C:\Windows\System\jbHOcMh.exe
  2⤵
  PID:5716
- C:\Windows\System\mFIFRYh.exe
  C:\Windows\System\mFIFRYh.exe
  2⤵
  PID:5664
- C:\Windows\System\mqoAdws.exe
  C:\Windows\System\mqoAdws.exe
  2⤵
  PID:5780
- C:\Windows\System\GWCQUjS.exe
  C:\Windows\System\GWCQUjS.exe
  2⤵
  PID:5992
- C:\Windows\System\EJsRdiA.exe
  C:\Windows\System\EJsRdiA.exe
  2⤵
  PID:5868
- C:\Windows\System\mxRaiYI.exe
  C:\Windows\System\mxRaiYI.exe
  2⤵
  PID:5584
- C:\Windows\System\eWAVQLh.exe
  C:\Windows\System\eWAVQLh.exe
  2⤵
  PID:6060
- C:\Windows\System\JugvVAM.exe
  C:\Windows\System\JugvVAM.exe
  2⤵
  PID:5980
- C:\Windows\System\AoNRpte.exe
  C:\Windows\System\AoNRpte.exe
  2⤵
  PID:3500
- C:\Windows\System\vRxWMwu.exe
  C:\Windows\System\vRxWMwu.exe
  2⤵
  PID:5292
- C:\Windows\System\TSAVAiX.exe
  C:\Windows\System\TSAVAiX.exe
  2⤵
  PID:5496
- C:\Windows\System\yhKuuhr.exe
  C:\Windows\System\yhKuuhr.exe
  2⤵
  PID:5476
- C:\Windows\System\gjcyNXU.exe
  C:\Windows\System\gjcyNXU.exe
  2⤵
  PID:5640
- C:\Windows\System\zGhiuYf.exe
  C:\Windows\System\zGhiuYf.exe
  2⤵
  PID:4400
- C:\Windows\System\VvxZegN.exe
  C:\Windows\System\VvxZegN.exe
  2⤵
  PID:6044
- C:\Windows\System\FghPWiD.exe
  C:\Windows\System\FghPWiD.exe
  2⤵
  PID:4240
- C:\Windows\System\NprTmEf.exe
  C:\Windows\System\NprTmEf.exe
  2⤵
  PID:3084
- C:\Windows\System\PxFKmAH.exe
  C:\Windows\System\PxFKmAH.exe
  2⤵
  PID:880
- C:\Windows\System\UXNxVJo.exe
  C:\Windows\System\UXNxVJo.exe
  2⤵
  PID:396
- C:\Windows\System\IqievYs.exe
  C:\Windows\System\IqievYs.exe
  2⤵
  PID:3324
- C:\Windows\System\XSQEjkR.exe
  C:\Windows\System\XSQEjkR.exe
  2⤵
  PID:4704
- C:\Windows\System\CsDKHwh.exe
  C:\Windows\System\CsDKHwh.exe
  2⤵
  PID:5300
- C:\Windows\System\jjqZsZL.exe
  C:\Windows\System\jjqZsZL.exe
  2⤵
  PID:5776
- C:\Windows\System\GHWOrts.exe
  C:\Windows\System\GHWOrts.exe
  2⤵
  PID:6152
- C:\Windows\System\hvzuGPN.exe
  C:\Windows\System\hvzuGPN.exe
  2⤵
  PID:6212
- C:\Windows\System\aLigvDV.exe
  C:\Windows\System\aLigvDV.exe
  2⤵
  PID:6228
- C:\Windows\System\hObTnls.exe
  C:\Windows\System\hObTnls.exe
  2⤵
  PID:6256
- C:\Windows\System\MEjOHUU.exe
  C:\Windows\System\MEjOHUU.exe
  2⤵
  PID:6280
- C:\Windows\System\BynySEM.exe
  C:\Windows\System\BynySEM.exe
  2⤵
  PID:6296
- C:\Windows\System\oVFPIxO.exe
  C:\Windows\System\oVFPIxO.exe
  2⤵
  PID:6348
- C:\Windows\System\DxwzqaX.exe
  C:\Windows\System\DxwzqaX.exe
  2⤵
  PID:6380
- C:\Windows\System\liJfhYo.exe
  C:\Windows\System\liJfhYo.exe
  2⤵
  PID:6396
- C:\Windows\System\PmQzqHL.exe
  C:\Windows\System\PmQzqHL.exe
  2⤵
  PID:6412
- C:\Windows\System\fqxWEeU.exe
  C:\Windows\System\fqxWEeU.exe
  2⤵
  PID:6436
- C:\Windows\System\VEJiGKj.exe
  C:\Windows\System\VEJiGKj.exe
  2⤵
  PID:6464
- C:\Windows\System\ncLIlIt.exe
  C:\Windows\System\ncLIlIt.exe
  2⤵
  PID:6484
- C:\Windows\System\DPBGCcy.exe
  C:\Windows\System\DPBGCcy.exe
  2⤵
  PID:6532
- C:\Windows\System\gVrTdfb.exe
  C:\Windows\System\gVrTdfb.exe
  2⤵
  PID:6564
- C:\Windows\System\THvpWWV.exe
  C:\Windows\System\THvpWWV.exe
  2⤵
  PID:6580
- C:\Windows\System\exolbrj.exe
  C:\Windows\System\exolbrj.exe
  2⤵
  PID:6608
- C:\Windows\System\fghmdbP.exe
  C:\Windows\System\fghmdbP.exe
  2⤵
  PID:6624
- C:\Windows\System\ZClLJmG.exe
  C:\Windows\System\ZClLJmG.exe
  2⤵
  PID:6644
- C:\Windows\System\gLpruJz.exe
  C:\Windows\System\gLpruJz.exe
  2⤵
  PID:6680
- C:\Windows\System\bAVAKhJ.exe
  C:\Windows\System\bAVAKhJ.exe
  2⤵
  PID:6712
- C:\Windows\System\OyyviuN.exe
  C:\Windows\System\OyyviuN.exe
  2⤵
  PID:6736
- C:\Windows\System\WgkRkEC.exe
  C:\Windows\System\WgkRkEC.exe
  2⤵
  PID:6752
- C:\Windows\System\eUFHosJ.exe
  C:\Windows\System\eUFHosJ.exe
  2⤵
  PID:6780
- C:\Windows\System\Pmdflsc.exe
  C:\Windows\System\Pmdflsc.exe
  2⤵
  PID:6796
- C:\Windows\System\GxmprNj.exe
  C:\Windows\System\GxmprNj.exe
  2⤵
  PID:6816
- C:\Windows\System\RqUdIGs.exe
  C:\Windows\System\RqUdIGs.exe
  2⤵
  PID:6836
- C:\Windows\System\VIzimHk.exe
  C:\Windows\System\VIzimHk.exe
  2⤵
  PID:6876
- C:\Windows\System\EOAQJtq.exe
  C:\Windows\System\EOAQJtq.exe
  2⤵
  PID:6892
- C:\Windows\System\IfBlsib.exe
  C:\Windows\System\IfBlsib.exe
  2⤵
  PID:6960
- C:\Windows\System\sSYbEmH.exe
  C:\Windows\System\sSYbEmH.exe
  2⤵
  PID:6988
- C:\Windows\System\HXEAuGX.exe
  C:\Windows\System\HXEAuGX.exe
  2⤵
  PID:7004
- C:\Windows\System\FSRCBYe.exe
  C:\Windows\System\FSRCBYe.exe
  2⤵
  PID:7028
- C:\Windows\System\EZBEUNc.exe
  C:\Windows\System\EZBEUNc.exe
  2⤵
  PID:7044
- C:\Windows\System\ELbeDii.exe
  C:\Windows\System\ELbeDii.exe
  2⤵
  PID:7068
- C:\Windows\System\bnPwDcb.exe
  C:\Windows\System\bnPwDcb.exe
  2⤵
  PID:7084
- C:\Windows\System\mcNKunm.exe
  C:\Windows\System\mcNKunm.exe
  2⤵
  PID:7132
- C:\Windows\System\sLKXifD.exe
  C:\Windows\System\sLKXifD.exe
  2⤵
  PID:7156
- C:\Windows\System\DgQjKbO.exe
  C:\Windows\System\DgQjKbO.exe
  2⤵
  PID:6204
- C:\Windows\System\ihsJWuD.exe
  C:\Windows\System\ihsJWuD.exe
  2⤵
  PID:6248
- C:\Windows\System\gtiRwwb.exe
  C:\Windows\System\gtiRwwb.exe
  2⤵
  PID:6360
- C:\Windows\System\ftgszgF.exe
  C:\Windows\System\ftgszgF.exe
  2⤵
  PID:6444
- C:\Windows\System\LDDUXKQ.exe
  C:\Windows\System\LDDUXKQ.exe
  2⤵
  PID:6456
- C:\Windows\System\UxVCrBw.exe
  C:\Windows\System\UxVCrBw.exe
  2⤵
  PID:6480
- C:\Windows\System\yFWLcPM.exe
  C:\Windows\System\yFWLcPM.exe
  2⤵
  PID:6572
- C:\Windows\System\nlFjbAj.exe
  C:\Windows\System\nlFjbAj.exe
  2⤵
  PID:6632
- C:\Windows\System\AEQoVKV.exe
  C:\Windows\System\AEQoVKV.exe
  2⤵
  PID:6704
- C:\Windows\System\LJSrOFW.exe
  C:\Windows\System\LJSrOFW.exe
  2⤵
  PID:6768
- C:\Windows\System\KDXinhf.exe
  C:\Windows\System\KDXinhf.exe
  2⤵
  PID:6828
- C:\Windows\System\wyoNzLX.exe
  C:\Windows\System\wyoNzLX.exe
  2⤵
  PID:6864
- C:\Windows\System\cDgEQLN.exe
  C:\Windows\System\cDgEQLN.exe
  2⤵
  PID:6920
- C:\Windows\System\ufqouih.exe
  C:\Windows\System\ufqouih.exe
  2⤵
  PID:7116
- C:\Windows\System\IFqcbqO.exe
  C:\Windows\System\IFqcbqO.exe
  2⤵
  PID:1592
- C:\Windows\System\VNicUoV.exe
  C:\Windows\System\VNicUoV.exe
  2⤵
  PID:6224
- C:\Windows\System\XincmFC.exe
  C:\Windows\System\XincmFC.exe
  2⤵
  PID:6520
- C:\Windows\System\uJNXOZe.exe
  C:\Windows\System\uJNXOZe.exe
  2⤵
  PID:6408
- C:\Windows\System\yRDPCZt.exe
  C:\Windows\System\yRDPCZt.exe
  2⤵
  PID:6364
- C:\Windows\System\vHQksit.exe
  C:\Windows\System\vHQksit.exe
  2⤵
  PID:5600
- C:\Windows\System\dEyCBZV.exe
  C:\Windows\System\dEyCBZV.exe
  2⤵
  PID:6668
- C:\Windows\System\QpILujU.exe
  C:\Windows\System\QpILujU.exe
  2⤵
  PID:6832
- C:\Windows\System\ATsPcwd.exe
  C:\Windows\System\ATsPcwd.exe
  2⤵
  PID:5872
- C:\Windows\System\BSORqpa.exe
  C:\Windows\System\BSORqpa.exe
  2⤵
  PID:6856
- C:\Windows\System\CiGEqYK.exe
  C:\Windows\System\CiGEqYK.exe
  2⤵
  PID:7000
- C:\Windows\System\igEfpIJ.exe
  C:\Windows\System\igEfpIJ.exe
  2⤵
  PID:5364
- C:\Windows\System\VUABbdi.exe
  C:\Windows\System\VUABbdi.exe
  2⤵
  PID:6956
- C:\Windows\System\WAooBao.exe
  C:\Windows\System\WAooBao.exe
  2⤵
  PID:7224
- C:\Windows\System\RygIiiH.exe
  C:\Windows\System\RygIiiH.exe
  2⤵
  PID:7248
- C:\Windows\System\goVGvnL.exe
  C:\Windows\System\goVGvnL.exe
  2⤵
  PID:7284
- C:\Windows\System\CMHxUtA.exe
  C:\Windows\System\CMHxUtA.exe
  2⤵
  PID:7304
- C:\Windows\System\RxRrAOW.exe
  C:\Windows\System\RxRrAOW.exe
  2⤵
  PID:7336
- C:\Windows\System\sSYCQqL.exe
  C:\Windows\System\sSYCQqL.exe
  2⤵
  PID:7352
- C:\Windows\System\jyaEwGh.exe
  C:\Windows\System\jyaEwGh.exe
  2⤵
  PID:7400
- C:\Windows\System\yDAWSRv.exe
  C:\Windows\System\yDAWSRv.exe
  2⤵
  PID:7440
- C:\Windows\System\lxdJMNb.exe
  C:\Windows\System\lxdJMNb.exe
  2⤵
  PID:7456
- C:\Windows\System\wLjBHJb.exe
  C:\Windows\System\wLjBHJb.exe
  2⤵
  PID:7476
- C:\Windows\System\VrSBakY.exe
  C:\Windows\System\VrSBakY.exe
  2⤵
  PID:7516
- C:\Windows\System\uBpmNHH.exe
  C:\Windows\System\uBpmNHH.exe
  2⤵
  PID:7552
- C:\Windows\System\sgqsvYQ.exe
  C:\Windows\System\sgqsvYQ.exe
  2⤵
  PID:7568
- C:\Windows\System\eyMYcwu.exe
  C:\Windows\System\eyMYcwu.exe
  2⤵
  PID:7588
- C:\Windows\System\sRsjhgi.exe
  C:\Windows\System\sRsjhgi.exe
  2⤵
  PID:7612
- C:\Windows\System\kWikGMy.exe
  C:\Windows\System\kWikGMy.exe
  2⤵
  PID:7628
- C:\Windows\System\jECwgYW.exe
  C:\Windows\System\jECwgYW.exe
  2⤵
  PID:7648
- C:\Windows\System\YgYaRzG.exe
  C:\Windows\System\YgYaRzG.exe
  2⤵
  PID:7688
- C:\Windows\System\XzlYYoH.exe
  C:\Windows\System\XzlYYoH.exe
  2⤵
  PID:7740
- C:\Windows\System\KgUWVQw.exe
  C:\Windows\System\KgUWVQw.exe
  2⤵
  PID:7768
- C:\Windows\System\rjTlanq.exe
  C:\Windows\System\rjTlanq.exe
  2⤵
  PID:7788
- C:\Windows\System\DEivfir.exe
  C:\Windows\System\DEivfir.exe
  2⤵
  PID:7808
- C:\Windows\System\hbqaYMf.exe
  C:\Windows\System\hbqaYMf.exe
  2⤵
  PID:7836
- C:\Windows\System\yZrIhpM.exe
  C:\Windows\System\yZrIhpM.exe
  2⤵
  PID:7864
- C:\Windows\System\RLPyrEq.exe
  C:\Windows\System\RLPyrEq.exe
  2⤵
  PID:7884
- C:\Windows\System\zUAcFca.exe
  C:\Windows\System\zUAcFca.exe
  2⤵
  PID:7908
- C:\Windows\System\qWawNuR.exe
  C:\Windows\System\qWawNuR.exe
  2⤵
  PID:7924
- C:\Windows\System\PpscrES.exe
  C:\Windows\System\PpscrES.exe
  2⤵
  PID:7952
- C:\Windows\System\FsYTusq.exe
  C:\Windows\System\FsYTusq.exe
  2⤵
  PID:7972
- C:\Windows\System\czVAfuX.exe
  C:\Windows\System\czVAfuX.exe
  2⤵
  PID:7988
- C:\Windows\System\KgVBFAR.exe
  C:\Windows\System\KgVBFAR.exe
  2⤵
  PID:8008
- C:\Windows\System\wmxZiJs.exe
  C:\Windows\System\wmxZiJs.exe
  2⤵
  PID:8044
- C:\Windows\System\oPvJfyG.exe
  C:\Windows\System\oPvJfyG.exe
  2⤵
  PID:8104
- C:\Windows\System\NntQZja.exe
  C:\Windows\System\NntQZja.exe
  2⤵
  PID:8124
- C:\Windows\System\oSfpIGQ.exe
  C:\Windows\System\oSfpIGQ.exe
  2⤵
  PID:8152
- C:\Windows\System\khhVtJC.exe
  C:\Windows\System\khhVtJC.exe
  2⤵
  PID:8168
- C:\Windows\System\IWzslAY.exe
  C:\Windows\System\IWzslAY.exe
  2⤵
  PID:7052
- C:\Windows\System\opvvUVX.exe
  C:\Windows\System\opvvUVX.exe
  2⤵
  PID:7188
- C:\Windows\System\yIfonkX.exe
  C:\Windows\System\yIfonkX.exe
  2⤵
  PID:7216
- C:\Windows\System\gniKMXA.exe
  C:\Windows\System\gniKMXA.exe
  2⤵
  PID:7276
- C:\Windows\System\ygKvzni.exe
  C:\Windows\System\ygKvzni.exe
  2⤵
  PID:7264
- C:\Windows\System\QTYmgVP.exe
  C:\Windows\System\QTYmgVP.exe
  2⤵
  PID:7372
- C:\Windows\System\ewNiyDr.exe
  C:\Windows\System\ewNiyDr.exe
  2⤵
  PID:7464
- C:\Windows\System\jxSARJl.exe
  C:\Windows\System\jxSARJl.exe
  2⤵
  PID:7584
- C:\Windows\System\enPzQja.exe
  C:\Windows\System\enPzQja.exe
  2⤵
  PID:7640
- C:\Windows\System\NeDEJKj.exe
  C:\Windows\System\NeDEJKj.exe
  2⤵
  PID:7784
- C:\Windows\System\kullHeL.exe
  C:\Windows\System\kullHeL.exe
  2⤵
  PID:7816
- C:\Windows\System\wuwLYfF.exe
  C:\Windows\System\wuwLYfF.exe
  2⤵
  PID:7828
- C:\Windows\System\DBmuijB.exe
  C:\Windows\System\DBmuijB.exe
  2⤵
  PID:7932
- C:\Windows\System\OSrxAdj.exe
  C:\Windows\System\OSrxAdj.exe
  2⤵
  PID:7920
- C:\Windows\System\cpvIQER.exe
  C:\Windows\System\cpvIQER.exe
  2⤵
  PID:7960
- C:\Windows\System\MVBjAmq.exe
  C:\Windows\System\MVBjAmq.exe
  2⤵
  PID:8052
- C:\Windows\System\ekVqRIp.exe
  C:\Windows\System\ekVqRIp.exe
  2⤵
  PID:8092
- C:\Windows\System\GKhbqkQ.exe
  C:\Windows\System\GKhbqkQ.exe
  2⤵
  PID:8164
- C:\Windows\System\nkjUOTS.exe
  C:\Windows\System\nkjUOTS.exe
  2⤵
  PID:7196
- C:\Windows\System\kZiNRUq.exe
  C:\Windows\System\kZiNRUq.exe
  2⤵
  PID:7452
- C:\Windows\System\ctEfnai.exe
  C:\Windows\System\ctEfnai.exe
  2⤵
  PID:7508
- C:\Windows\System\PNeAoTL.exe
  C:\Windows\System\PNeAoTL.exe
  2⤵
  PID:5904
- C:\Windows\System\jzjdPHK.exe
  C:\Windows\System\jzjdPHK.exe
  2⤵
  PID:8068
- C:\Windows\System\ChKianU.exe
  C:\Windows\System\ChKianU.exe
  2⤵
  PID:8024
- C:\Windows\System\UMaNzFf.exe
  C:\Windows\System\UMaNzFf.exe
  2⤵
  PID:5668
- C:\Windows\System\uVdcVTx.exe
  C:\Windows\System\uVdcVTx.exe
  2⤵
  PID:7036
- C:\Windows\System\GzjDtDn.exe
  C:\Windows\System\GzjDtDn.exe
  2⤵
  PID:7608
- C:\Windows\System\kEjICyn.exe
  C:\Windows\System\kEjICyn.exe
  2⤵
  PID:7896
- C:\Windows\System\GYwvZGM.exe
  C:\Windows\System\GYwvZGM.exe
  2⤵
  PID:8224
- C:\Windows\System\ZLPysdG.exe
  C:\Windows\System\ZLPysdG.exe
  2⤵
  PID:8260
- C:\Windows\System\oZaqQMr.exe
  C:\Windows\System\oZaqQMr.exe
  2⤵
  PID:8288
- C:\Windows\System\xpnFegR.exe
  C:\Windows\System\xpnFegR.exe
  2⤵
  PID:8308
- C:\Windows\System\RLsnhbT.exe
  C:\Windows\System\RLsnhbT.exe
  2⤵
  PID:8332
- C:\Windows\System\qvbvRMm.exe
  C:\Windows\System\qvbvRMm.exe
  2⤵
  PID:8356
- C:\Windows\System\ZOSFolT.exe
  C:\Windows\System\ZOSFolT.exe
  2⤵
  PID:8392
- C:\Windows\System\ISlkymy.exe
  C:\Windows\System\ISlkymy.exe
  2⤵
  PID:8408
- C:\Windows\System\NjrJaNF.exe
  C:\Windows\System\NjrJaNF.exe
  2⤵
  PID:8444
- C:\Windows\System\VfCqpDa.exe
  C:\Windows\System\VfCqpDa.exe
  2⤵
  PID:8464
- C:\Windows\System\HqphYXT.exe
  C:\Windows\System\HqphYXT.exe
  2⤵
  PID:8484
- C:\Windows\System\bXPRmAC.exe
  C:\Windows\System\bXPRmAC.exe
  2⤵
  PID:8528
- C:\Windows\System\VnKKicg.exe
  C:\Windows\System\VnKKicg.exe
  2⤵
  PID:8564
- C:\Windows\System\yGZOdHL.exe
  C:\Windows\System\yGZOdHL.exe
  2⤵
  PID:8584
- C:\Windows\System\dsmYvZv.exe
  C:\Windows\System\dsmYvZv.exe
  2⤵
  PID:8612
- C:\Windows\System\KYJFhVc.exe
  C:\Windows\System\KYJFhVc.exe
  2⤵
  PID:8660
- C:\Windows\System\BBqoWrz.exe
  C:\Windows\System\BBqoWrz.exe
  2⤵
  PID:8676
- C:\Windows\System\ExJZoHu.exe
  C:\Windows\System\ExJZoHu.exe
  2⤵
  PID:8696
- C:\Windows\System\oKIzipW.exe
  C:\Windows\System\oKIzipW.exe
  2⤵
  PID:8724
- C:\Windows\System\nYfCpUF.exe
  C:\Windows\System\nYfCpUF.exe
  2⤵
  PID:8756
- C:\Windows\System\BtRCAXq.exe
  C:\Windows\System\BtRCAXq.exe
  2⤵
  PID:8796
- C:\Windows\System\jYDrhmV.exe
  C:\Windows\System\jYDrhmV.exe
  2⤵
  PID:8816
- C:\Windows\System\xgZEDgZ.exe
  C:\Windows\System\xgZEDgZ.exe
  2⤵
  PID:8840
- C:\Windows\System\eWbcguT.exe
  C:\Windows\System\eWbcguT.exe
  2⤵
  PID:8856
- C:\Windows\System\XsfNkds.exe
  C:\Windows\System\XsfNkds.exe
  2⤵
  PID:8900
- C:\Windows\System\mkGeNVU.exe
  C:\Windows\System\mkGeNVU.exe
  2⤵
  PID:8928
- C:\Windows\System\DgovRPH.exe
  C:\Windows\System\DgovRPH.exe
  2⤵
  PID:8944
- C:\Windows\System\RxAelWP.exe
  C:\Windows\System\RxAelWP.exe
  2⤵
  PID:8972
- C:\Windows\System\TrlBHOJ.exe
  C:\Windows\System\TrlBHOJ.exe
  2⤵
  PID:8992
- C:\Windows\System\frKWrjE.exe
  C:\Windows\System\frKWrjE.exe
  2⤵
  PID:9008
- C:\Windows\System\vCDJHvi.exe
  C:\Windows\System\vCDJHvi.exe
  2⤵
  PID:9044
- C:\Windows\System\fJHvCdx.exe
  C:\Windows\System\fJHvCdx.exe
  2⤵
  PID:9060
- C:\Windows\System\bypnDet.exe
  C:\Windows\System\bypnDet.exe
  2⤵
  PID:9084
- C:\Windows\System\MihIzkW.exe
  C:\Windows\System\MihIzkW.exe
  2⤵
  PID:9100
- C:\Windows\System\ESWUpBH.exe
  C:\Windows\System\ESWUpBH.exe
  2⤵
  PID:9120
- C:\Windows\System\BuNGdJh.exe
  C:\Windows\System\BuNGdJh.exe
  2⤵
  PID:9140
- C:\Windows\System\NXtgPiJ.exe
  C:\Windows\System\NXtgPiJ.exe
  2⤵
  PID:9160
- C:\Windows\System\wTVFHJr.exe
  C:\Windows\System\wTVFHJr.exe
  2⤵
  PID:9176
- C:\Windows\System\ZAramCy.exe
  C:\Windows\System\ZAramCy.exe
  2⤵
  PID:9212
- C:\Windows\System\YnoGDnx.exe
  C:\Windows\System\YnoGDnx.exe
  2⤵
  PID:8196
- C:\Windows\System\DTjTwUA.exe
  C:\Windows\System\DTjTwUA.exe
  2⤵
  PID:8204
- C:\Windows\System\yCGvPoq.exe
  C:\Windows\System\yCGvPoq.exe
  2⤵
  PID:8244
- C:\Windows\System\KLEHSoH.exe
  C:\Windows\System\KLEHSoH.exe
  2⤵
  PID:6552
- C:\Windows\System\vgyailD.exe
  C:\Windows\System\vgyailD.exe
  2⤵
  PID:8460
- C:\Windows\System\dgPCzBd.exe
  C:\Windows\System\dgPCzBd.exe
  2⤵
  PID:8556
- C:\Windows\System\wJCkKRj.exe
  C:\Windows\System\wJCkKRj.exe
  2⤵
  PID:8688
- C:\Windows\System\ldmiSYP.exe
  C:\Windows\System\ldmiSYP.exe
  2⤵
  PID:8784
- C:\Windows\System\CPykEML.exe
  C:\Windows\System\CPykEML.exe
  2⤵
  PID:8832
- C:\Windows\System\pTAsJZk.exe
  C:\Windows\System\pTAsJZk.exe
  2⤵
  PID:8940
- C:\Windows\System\MslqdUF.exe
  C:\Windows\System\MslqdUF.exe
  2⤵
  PID:9068
- C:\Windows\System\JycZCwK.exe
  C:\Windows\System\JycZCwK.exe
  2⤵
  PID:9108
- C:\Windows\System\zJUHfIv.exe
  C:\Windows\System\zJUHfIv.exe
  2⤵
  PID:9152
- C:\Windows\System\oeWOQJV.exe
  C:\Windows\System\oeWOQJV.exe
  2⤵
  PID:9096
- C:\Windows\System\XTqcniX.exe
  C:\Windows\System\XTqcniX.exe
  2⤵
  PID:9036
- C:\Windows\System\NeHUzhh.exe
  C:\Windows\System\NeHUzhh.exe
  2⤵
  PID:9172
- C:\Windows\System\eDvHvTb.exe
  C:\Windows\System\eDvHvTb.exe
  2⤵
  PID:8232
- C:\Windows\System\ziIuORQ.exe
  C:\Windows\System\ziIuORQ.exe
  2⤵
  PID:8256
- C:\Windows\System\jEGCZkA.exe
  C:\Windows\System\jEGCZkA.exe
  2⤵
  PID:8440
- C:\Windows\System\xxaNpNx.exe
  C:\Windows\System\xxaNpNx.exe
  2⤵
  PID:8732
- C:\Windows\System\rqzGBUg.exe
  C:\Windows\System\rqzGBUg.exe
  2⤵
  PID:9076
- C:\Windows\System\EoQEiVc.exe
  C:\Windows\System\EoQEiVc.exe
  2⤵
  PID:9200
- C:\Windows\System\MjkRhnx.exe
  C:\Windows\System\MjkRhnx.exe
  2⤵
  PID:8524
- C:\Windows\System\jYRbQdA.exe
  C:\Windows\System\jYRbQdA.exe
  2⤵
  PID:8848
- C:\Windows\System\jechnmJ.exe
  C:\Windows\System\jechnmJ.exe
  2⤵
  PID:9056
- C:\Windows\System\wFDoCxC.exe
  C:\Windows\System\wFDoCxC.exe
  2⤵
  PID:9208
- C:\Windows\System\ZXQEdoX.exe
  C:\Windows\System\ZXQEdoX.exe
  2⤵
  PID:9232
- C:\Windows\System\sXOTGmZ.exe
  C:\Windows\System\sXOTGmZ.exe
  2⤵
  PID:9248
- C:\Windows\System\gmDPYlc.exe
  C:\Windows\System\gmDPYlc.exe
  2⤵
  PID:9272
- C:\Windows\System\yLKDYVT.exe
  C:\Windows\System\yLKDYVT.exe
  2⤵
  PID:9292
- C:\Windows\System\XIRFyxS.exe
  C:\Windows\System\XIRFyxS.exe
  2⤵
  PID:9332
- C:\Windows\System\LfDBaeU.exe
  C:\Windows\System\LfDBaeU.exe
  2⤵
  PID:9372
- C:\Windows\System\rbzOgMp.exe
  C:\Windows\System\rbzOgMp.exe
  2⤵
  PID:9396
- C:\Windows\System\cyXiNbM.exe
  C:\Windows\System\cyXiNbM.exe
  2⤵
  PID:9452
- C:\Windows\System\TZEjWyU.exe
  C:\Windows\System\TZEjWyU.exe
  2⤵
  PID:9468
- C:\Windows\System\xKNKaxs.exe
  C:\Windows\System\xKNKaxs.exe
  2⤵
  PID:9508
- C:\Windows\System\KpAFIrj.exe
  C:\Windows\System\KpAFIrj.exe
  2⤵
  PID:9528
- C:\Windows\System\LdPXxxp.exe
  C:\Windows\System\LdPXxxp.exe
  2⤵
  PID:9552
- C:\Windows\System\gDxFWoC.exe
  C:\Windows\System\gDxFWoC.exe
  2⤵
  PID:9568
- C:\Windows\System\vCeJgvv.exe
  C:\Windows\System\vCeJgvv.exe
  2⤵
  PID:9632
- C:\Windows\System\YQzOirK.exe
  C:\Windows\System\YQzOirK.exe
  2⤵
  PID:9652
- C:\Windows\System\iZFAWUJ.exe
  C:\Windows\System\iZFAWUJ.exe
  2⤵
  PID:9668
- C:\Windows\System\NMTPZMW.exe
  C:\Windows\System\NMTPZMW.exe
  2⤵
  PID:9696
- C:\Windows\System\gWuuZEW.exe
  C:\Windows\System\gWuuZEW.exe
  2⤵
  PID:9712
- C:\Windows\System\EIKXJHA.exe
  C:\Windows\System\EIKXJHA.exe
  2⤵
  PID:9736
- C:\Windows\System\XKtWhMx.exe
  C:\Windows\System\XKtWhMx.exe
  2⤵
  PID:9764
- C:\Windows\System\eFZEtYt.exe
  C:\Windows\System\eFZEtYt.exe
  2⤵
  PID:9812
- C:\Windows\System\ZrimYAK.exe
  C:\Windows\System\ZrimYAK.exe
  2⤵
  PID:9840
- C:\Windows\System\vZVXFHp.exe
  C:\Windows\System\vZVXFHp.exe
  2⤵
  PID:9856
- C:\Windows\System\oObFxlC.exe
  C:\Windows\System\oObFxlC.exe
  2⤵
  PID:9880
- C:\Windows\System\NqCofjx.exe
  C:\Windows\System\NqCofjx.exe
  2⤵
  PID:9896
- C:\Windows\System\GLHUNiw.exe
  C:\Windows\System\GLHUNiw.exe
  2⤵
  PID:9920
- C:\Windows\System\RVvsQJL.exe
  C:\Windows\System\RVvsQJL.exe
  2⤵
  PID:9940
- C:\Windows\System\dITGuxD.exe
  C:\Windows\System\dITGuxD.exe
  2⤵
  PID:9960
- C:\Windows\System\Mcudvjr.exe
  C:\Windows\System\Mcudvjr.exe
  2⤵
  PID:10036
- C:\Windows\System\QOIMfmz.exe
  C:\Windows\System\QOIMfmz.exe
  2⤵
  PID:10084
- C:\Windows\System\ParIpGK.exe
  C:\Windows\System\ParIpGK.exe
  2⤵
  PID:10100
- C:\Windows\System\xFDyALR.exe
  C:\Windows\System\xFDyALR.exe
  2⤵
  PID:10128
- C:\Windows\System\yCvwyhS.exe
  C:\Windows\System\yCvwyhS.exe
  2⤵
  PID:10152
- C:\Windows\System\zhwIDXc.exe
  C:\Windows\System\zhwIDXc.exe
  2⤵
  PID:10196
- C:\Windows\System\BzVEavg.exe
  C:\Windows\System\BzVEavg.exe
  2⤵
  PID:10220
- C:\Windows\System\uyqrUUy.exe
  C:\Windows\System\uyqrUUy.exe
  2⤵
  PID:10236
- C:\Windows\System\PgXLWik.exe
  C:\Windows\System\PgXLWik.exe
  2⤵
  PID:9224
- C:\Windows\System\WjqAsQh.exe
  C:\Windows\System\WjqAsQh.exe
  2⤵
  PID:9328
- C:\Windows\System\NqPlVqO.exe
  C:\Windows\System\NqPlVqO.exe
  2⤵
  PID:9428
- C:\Windows\System\sGIJKDE.exe
  C:\Windows\System\sGIJKDE.exe
  2⤵
  PID:9548
- C:\Windows\System\tjWDpqo.exe
  C:\Windows\System\tjWDpqo.exe
  2⤵
  PID:9596
- C:\Windows\System\diLoGiI.exe
  C:\Windows\System\diLoGiI.exe
  2⤵
  PID:9616
- C:\Windows\System\qgxUMLf.exe
  C:\Windows\System\qgxUMLf.exe
  2⤵
  PID:9648
- C:\Windows\System\OzpBkjv.exe
  C:\Windows\System\OzpBkjv.exe
  2⤵
  PID:9684
- C:\Windows\System\WYMqQZw.exe
  C:\Windows\System\WYMqQZw.exe
  2⤵
  PID:9728
- C:\Windows\System\TZpJUiv.exe
  C:\Windows\System\TZpJUiv.exe
  2⤵
  PID:9800
- C:\Windows\System\VjewOOt.exe
  C:\Windows\System\VjewOOt.exe
  2⤵
  PID:9864
- C:\Windows\System\ZuhEVFF.exe
  C:\Windows\System\ZuhEVFF.exe
  2⤵
  PID:9936
- C:\Windows\System\XgoteHm.exe
  C:\Windows\System\XgoteHm.exe
  2⤵
  PID:9892
- C:\Windows\System\MoQXZmp.exe
  C:\Windows\System\MoQXZmp.exe
  2⤵
  PID:9980
- C:\Windows\System\RlOgFnC.exe
  C:\Windows\System\RlOgFnC.exe
  2⤵
  PID:10044
- C:\Windows\System\HlxGXtk.exe
  C:\Windows\System\HlxGXtk.exe
  2⤵
  PID:9464
- C:\Windows\System\LrThZlX.exe
  C:\Windows\System\LrThZlX.exe
  2⤵
  PID:9408
- C:\Windows\System\ISpncHU.exe
  C:\Windows\System\ISpncHU.exe
  2⤵
  PID:9052
- C:\Windows\System\RLujMnf.exe
  C:\Windows\System\RLujMnf.exe
  2⤵
  PID:9996
- C:\Windows\System\BYEnRef.exe
  C:\Windows\System\BYEnRef.exe
  2⤵
  PID:10032
- C:\Windows\System\uetrMWe.exe
  C:\Windows\System\uetrMWe.exe
  2⤵
  PID:10136
- C:\Windows\System\hsAyPNm.exe
  C:\Windows\System\hsAyPNm.exe
  2⤵
  PID:10228
- C:\Windows\System\GUsPUre.exe
  C:\Windows\System\GUsPUre.exe
  2⤵
  PID:9888
- C:\Windows\System\ZWHidiA.exe
  C:\Windows\System\ZWHidiA.exe
  2⤵
  PID:9932
- C:\Windows\System\cmaLqmz.exe
  C:\Windows\System\cmaLqmz.exe
  2⤵
  PID:10028
- C:\Windows\System\MogVisp.exe
  C:\Windows\System\MogVisp.exe
  2⤵
  PID:9308
- C:\Windows\System\jCnKTPh.exe
  C:\Windows\System\jCnKTPh.exe
  2⤵
  PID:10272
- C:\Windows\System\VFTRmhW.exe
  C:\Windows\System\VFTRmhW.exe
  2⤵
  PID:10312
- C:\Windows\System\iwmygzR.exe
  C:\Windows\System\iwmygzR.exe
  2⤵
  PID:10336
- C:\Windows\System\hlvCoHg.exe
  C:\Windows\System\hlvCoHg.exe
  2⤵
  PID:10412
- C:\Windows\System\VDWhDER.exe
  C:\Windows\System\VDWhDER.exe
  2⤵
  PID:10436
- C:\Windows\System\AuZhOeU.exe
  C:\Windows\System\AuZhOeU.exe
  2⤵
  PID:10464
- C:\Windows\System\XGLUoMA.exe
  C:\Windows\System\XGLUoMA.exe
  2⤵
  PID:10512
- C:\Windows\System\qraDPuN.exe
  C:\Windows\System\qraDPuN.exe
  2⤵
  PID:10540
- C:\Windows\System\OnvSSxL.exe
  C:\Windows\System\OnvSSxL.exe
  2⤵
  PID:10564
- C:\Windows\System\StUYhLZ.exe
  C:\Windows\System\StUYhLZ.exe
  2⤵
  PID:10584
- C:\Windows\System\SxanxVe.exe
  C:\Windows\System\SxanxVe.exe
  2⤵
  PID:10608
- C:\Windows\System\hREFcAS.exe
  C:\Windows\System\hREFcAS.exe
  2⤵
  PID:10652
- C:\Windows\System\EPhLCpW.exe
  C:\Windows\System\EPhLCpW.exe
  2⤵
  PID:10668
- C:\Windows\System\GtVruRV.exe
  C:\Windows\System\GtVruRV.exe
  2⤵
  PID:10692
- C:\Windows\System\tAGicrW.exe
  C:\Windows\System\tAGicrW.exe
  2⤵
  PID:10736
- C:\Windows\System\yCzQrtb.exe
  C:\Windows\System\yCzQrtb.exe
  2⤵
  PID:10756
- C:\Windows\System\wbWJZFI.exe
  C:\Windows\System\wbWJZFI.exe
  2⤵
  PID:10788
- C:\Windows\System\aqwGuPR.exe
  C:\Windows\System\aqwGuPR.exe
  2⤵
  PID:10836
- C:\Windows\System\WxfctNR.exe
  C:\Windows\System\WxfctNR.exe
  2⤵
  PID:10856
- C:\Windows\System\ullXAlg.exe
  C:\Windows\System\ullXAlg.exe
  2⤵
  PID:10876
- C:\Windows\System\uUosvID.exe
  C:\Windows\System\uUosvID.exe
  2⤵
  PID:10900
- C:\Windows\System\yEeyhZB.exe
  C:\Windows\System\yEeyhZB.exe
  2⤵
  PID:10920
- C:\Windows\System\HtZaVEW.exe
  C:\Windows\System\HtZaVEW.exe
  2⤵
  PID:10936
- C:\Windows\System\GEYaYEX.exe
  C:\Windows\System\GEYaYEX.exe
  2⤵
  PID:10956
- C:\Windows\System\kKtNkBA.exe
  C:\Windows\System\kKtNkBA.exe
  2⤵
  PID:10976
- C:\Windows\System\noGfHHj.exe
  C:\Windows\System\noGfHHj.exe
  2⤵
  PID:11004
- C:\Windows\System\ZzTUAVe.exe
  C:\Windows\System\ZzTUAVe.exe
  2⤵
  PID:11024
- C:\Windows\System\YtRFdzl.exe
  C:\Windows\System\YtRFdzl.exe
  2⤵
  PID:11056
- C:\Windows\System\MlCYIvA.exe
  C:\Windows\System\MlCYIvA.exe
  2⤵
  PID:11100
- C:\Windows\System\cPvSTjp.exe
  C:\Windows\System\cPvSTjp.exe
  2⤵
  PID:11156
- C:\Windows\System\cFOuQhQ.exe
  C:\Windows\System\cFOuQhQ.exe
  2⤵
  PID:11196
- C:\Windows\System\BRhuilo.exe
  C:\Windows\System\BRhuilo.exe
  2⤵
  PID:11224
- C:\Windows\System\AtcYKCi.exe
  C:\Windows\System\AtcYKCi.exe
  2⤵
  PID:11248
- C:\Windows\System\hjIONHI.exe
  C:\Windows\System\hjIONHI.exe
  2⤵
  PID:9848
- C:\Windows\System\mUuCJWN.exe
  C:\Windows\System\mUuCJWN.exe
  2⤵
  PID:9496
- C:\Windows\System\UxWZNnm.exe
  C:\Windows\System\UxWZNnm.exe
  2⤵
  PID:9796
- C:\Windows\System\YQUjboW.exe
  C:\Windows\System\YQUjboW.exe
  2⤵
  PID:10280
- C:\Windows\System\UbXdTtu.exe
  C:\Windows\System\UbXdTtu.exe
  2⤵
  PID:9852
- C:\Windows\System\rytGfqX.exe
  C:\Windows\System\rytGfqX.exe
  2⤵
  PID:10384
- C:\Windows\System\PXZUEuc.exe
  C:\Windows\System\PXZUEuc.exe
  2⤵
  PID:10424
- C:\Windows\System\umoPOZa.exe
  C:\Windows\System\umoPOZa.exe
  2⤵
  PID:10508
- C:\Windows\System\KJovYdK.exe
  C:\Windows\System\KJovYdK.exe
  2⤵
  PID:10552
- C:\Windows\System\UyUGiFC.exe
  C:\Windows\System\UyUGiFC.exe
  2⤵
  PID:10628
- C:\Windows\System\OaGrbvT.exe
  C:\Windows\System\OaGrbvT.exe
  2⤵
  PID:10648
- C:\Windows\System\swYYzkY.exe
  C:\Windows\System\swYYzkY.exe
  2⤵
  PID:10676
- C:\Windows\System\PzcTReN.exe
  C:\Windows\System\PzcTReN.exe
  2⤵
  PID:10752
- C:\Windows\System\yHKNajw.exe
  C:\Windows\System\yHKNajw.exe
  2⤵
  PID:10908
- C:\Windows\System\uJtsVUK.exe
  C:\Windows\System\uJtsVUK.exe
  2⤵
  PID:10984
- C:\Windows\System\NkkgHTu.exe
  C:\Windows\System\NkkgHTu.exe
  2⤵
  PID:10952
- C:\Windows\System\ktyIpvk.exe
  C:\Windows\System\ktyIpvk.exe
  2⤵
  PID:11092
- C:\Windows\System\iOBfNuH.exe
  C:\Windows\System\iOBfNuH.exe
  2⤵
  PID:11148
- C:\Windows\System\GmAmFOS.exe
  C:\Windows\System\GmAmFOS.exe
  2⤵
  PID:11232
- C:\Windows\System\llofhpL.exe
  C:\Windows\System\llofhpL.exe
  2⤵
  PID:9708
- C:\Windows\System\KThtAaz.exe
  C:\Windows\System\KThtAaz.exe
  2⤵
  PID:9480
- C:\Windows\System\aMggkWl.exe
  C:\Windows\System\aMggkWl.exe
  2⤵
  PID:10624
- C:\Windows\System\DUwRTRb.exe
  C:\Windows\System\DUwRTRb.exe
  2⤵
  PID:10644
- C:\Windows\System\olmfvyT.exe
  C:\Windows\System\olmfvyT.exe
  2⤵
  PID:10724
- C:\Windows\System\yGPldYk.exe
  C:\Windows\System\yGPldYk.exe
  2⤵
  PID:10772
- C:\Windows\System\ftpjSgW.exe
  C:\Windows\System\ftpjSgW.exe
  2⤵
  PID:11016
- C:\Windows\System\YCVlqPR.exe
  C:\Windows\System\YCVlqPR.exe
  2⤵
  PID:9676
- C:\Windows\System\tKxOEPO.exe
  C:\Windows\System\tKxOEPO.exe
  2⤵
  PID:10268
- C:\Windows\System\CLLMeWc.exe
  C:\Windows\System\CLLMeWc.exe
  2⤵
  PID:10948
- C:\Windows\System\HtESrXD.exe
  C:\Windows\System\HtESrXD.exe
  2⤵
  PID:10996
- C:\Windows\System\WuEzqLB.exe
  C:\Windows\System\WuEzqLB.exe
  2⤵
  PID:9560
- C:\Windows\System\cgTeqwB.exe
  C:\Windows\System\cgTeqwB.exe
  2⤵
  PID:10124
- C:\Windows\System\UamoYcz.exe
  C:\Windows\System\UamoYcz.exe
  2⤵
  PID:11280
- C:\Windows\System\srPOWKi.exe
  C:\Windows\System\srPOWKi.exe
  2⤵
  PID:11296
- C:\Windows\System\mCjtzad.exe
  C:\Windows\System\mCjtzad.exe
  2⤵
  PID:11324
- C:\Windows\System\hUphruT.exe
  C:\Windows\System\hUphruT.exe
  2⤵
  PID:11340
- C:\Windows\System\zShbSwg.exe
  C:\Windows\System\zShbSwg.exe
  2⤵
  PID:11368
- C:\Windows\System\JMskyRA.exe
  C:\Windows\System\JMskyRA.exe
  2⤵
  PID:11384
- C:\Windows\System\JYzlHae.exe
  C:\Windows\System\JYzlHae.exe
  2⤵
  PID:11408
- C:\Windows\System\tFJmFDp.exe
  C:\Windows\System\tFJmFDp.exe
  2⤵
  PID:11432
- C:\Windows\System\CcgXBFw.exe
  C:\Windows\System\CcgXBFw.exe
  2⤵
  PID:11448
- C:\Windows\System\OvHWbgM.exe
  C:\Windows\System\OvHWbgM.exe
  2⤵
  PID:11472
- C:\Windows\System\URboHuC.exe
  C:\Windows\System\URboHuC.exe
  2⤵
  PID:11496
- C:\Windows\System\NcCNNcK.exe
  C:\Windows\System\NcCNNcK.exe
  2⤵
  PID:11568
- C:\Windows\System\pilrleU.exe
  C:\Windows\System\pilrleU.exe
  2⤵
  PID:11612
- C:\Windows\System\ZpFLits.exe
  C:\Windows\System\ZpFLits.exe
  2⤵
  PID:11628
- C:\Windows\System\poqrpzC.exe
  C:\Windows\System\poqrpzC.exe
  2⤵
  PID:11656
- C:\Windows\System\EnqMYWt.exe
  C:\Windows\System\EnqMYWt.exe
  2⤵
  PID:11724
- C:\Windows\System\InLtztO.exe
  C:\Windows\System\InLtztO.exe
  2⤵
  PID:11740
- C:\Windows\System\QsBErfE.exe
  C:\Windows\System\QsBErfE.exe
  2⤵
  PID:11756
- C:\Windows\System\olLFoZP.exe
  C:\Windows\System\olLFoZP.exe
  2⤵
  PID:11772
- C:\Windows\System\okKzYXJ.exe
  C:\Windows\System\okKzYXJ.exe
  2⤵
  PID:11792
- C:\Windows\System\iJxILGf.exe
  C:\Windows\System\iJxILGf.exe
  2⤵
  PID:11832
- C:\Windows\System\PyGqBPx.exe
  C:\Windows\System\PyGqBPx.exe
  2⤵
  PID:11872
- C:\Windows\System\TzIuaYA.exe
  C:\Windows\System\TzIuaYA.exe
  2⤵
  PID:11900
- C:\Windows\System\uVaOnOK.exe
  C:\Windows\System\uVaOnOK.exe
  2⤵
  PID:11916
- C:\Windows\System\RWtBdix.exe
  C:\Windows\System\RWtBdix.exe
  2⤵
  PID:11940
- C:\Windows\System\mFKUbbj.exe
  C:\Windows\System\mFKUbbj.exe
  2⤵
  PID:11960
- C:\Windows\System\wIKIfCB.exe
  C:\Windows\System\wIKIfCB.exe
  2⤵
  PID:12000
- C:\Windows\System\tBdRcbu.exe
  C:\Windows\System\tBdRcbu.exe
  2⤵
  PID:12032
- C:\Windows\System\TNABMCX.exe
  C:\Windows\System\TNABMCX.exe
  2⤵
  PID:12068
- C:\Windows\System\SOukqhD.exe
  C:\Windows\System\SOukqhD.exe
  2⤵
  PID:12092
- C:\Windows\System\cahcfcM.exe
  C:\Windows\System\cahcfcM.exe
  2⤵
  PID:12108
- C:\Windows\System\NmnQOPi.exe
  C:\Windows\System\NmnQOPi.exe
  2⤵
  PID:12124
- C:\Windows\System\sKVLbJY.exe
  C:\Windows\System\sKVLbJY.exe
  2⤵
  PID:12140
- C:\Windows\System\GdHYirc.exe
  C:\Windows\System\GdHYirc.exe
  2⤵
  PID:12156
- C:\Windows\System\sZMLRBO.exe
  C:\Windows\System\sZMLRBO.exe
  2⤵
  PID:12180
- C:\Windows\System\BRLXBSB.exe
  C:\Windows\System\BRLXBSB.exe
  2⤵
  PID:12196
- C:\Windows\System\HKjeJjK.exe
  C:\Windows\System\HKjeJjK.exe
  2⤵
  PID:12220
- C:\Windows\System\HkSjjAX.exe
  C:\Windows\System\HkSjjAX.exe
  2⤵
  PID:12240
- C:\Windows\System\wmrnXxz.exe
  C:\Windows\System\wmrnXxz.exe
  2⤵
  PID:11320
- C:\Windows\System\kVKwYNe.exe
  C:\Windows\System\kVKwYNe.exe
  2⤵
  PID:11392
- C:\Windows\System\AwkLCMB.exe
  C:\Windows\System\AwkLCMB.exe
  2⤵
  PID:11400
- C:\Windows\System\IDjhhso.exe
  C:\Windows\System\IDjhhso.exe
  2⤵
  PID:11444
- C:\Windows\System\aSFblqo.exe
  C:\Windows\System\aSFblqo.exe
  2⤵
  PID:11492
- C:\Windows\System\UEuZWib.exe
  C:\Windows\System\UEuZWib.exe
  2⤵
  PID:11668
- C:\Windows\System\gKJwwIv.exe
  C:\Windows\System\gKJwwIv.exe
  2⤵
  PID:11736
- C:\Windows\System\eiTtMMo.exe
  C:\Windows\System\eiTtMMo.exe
  2⤵
  PID:11764
- C:\Windows\System\CaTPcSG.exe
  C:\Windows\System\CaTPcSG.exe
  2⤵
  PID:392
- C:\Windows\System\xcsqDJT.exe
  C:\Windows\System\xcsqDJT.exe
  2⤵
  PID:1672
- C:\Windows\System\BAHNiEk.exe
  C:\Windows\System\BAHNiEk.exe
  2⤵
  PID:11956
- C:\Windows\System\iOfxDGQ.exe
  C:\Windows\System\iOfxDGQ.exe
  2⤵
  PID:11936
- C:\Windows\System\PwUbxtU.exe
  C:\Windows\System\PwUbxtU.exe
  2⤵
  PID:12104
- C:\Windows\System\vFyytBl.exe
  C:\Windows\System\vFyytBl.exe
  2⤵
  PID:12088
- C:\Windows\System\uDTbbHS.exe
  C:\Windows\System\uDTbbHS.exe
  2⤵
  PID:12132
- C:\Windows\System\rxUELGJ.exe
  C:\Windows\System\rxUELGJ.exe
  2⤵
  PID:12212
- C:\Windows\System\vJdKpUZ.exe
  C:\Windows\System\vJdKpUZ.exe
  2⤵
  PID:10264
- C:\Windows\System\YhMGEWX.exe
  C:\Windows\System\YhMGEWX.exe
  2⤵
  PID:11336
- C:\Windows\System\JNGQSBH.exe
  C:\Windows\System\JNGQSBH.exe
  2⤵
  PID:11376
- C:\Windows\System\gzDWjuz.exe
  C:\Windows\System\gzDWjuz.exe
  2⤵
  PID:11828
- C:\Windows\System\qpHwyMZ.exe
  C:\Windows\System\qpHwyMZ.exe
  2⤵
  PID:11788
- C:\Windows\System\hYmVMes.exe
  C:\Windows\System\hYmVMes.exe
  2⤵
  PID:11996
- C:\Windows\System\olqZJjX.exe
  C:\Windows\System\olqZJjX.exe
  2⤵
  PID:12136
- C:\Windows\System\FIBCZiU.exe
  C:\Windows\System\FIBCZiU.exe
  2⤵
  PID:12280
- C:\Windows\System\ldngJWV.exe
  C:\Windows\System\ldngJWV.exe
  2⤵
  PID:11812
- C:\Windows\System\GENFXwh.exe
  C:\Windows\System\GENFXwh.exe
  2⤵
  PID:11360
- C:\Windows\System\TrMMiBO.exe
  C:\Windows\System\TrMMiBO.exe
  2⤵
  PID:11524
- C:\Windows\System\mJoRuxS.exe
  C:\Windows\System\mJoRuxS.exe
  2⤵
  PID:12188
- C:\Windows\System\xQeKKXo.exe
  C:\Windows\System\xQeKKXo.exe
  2⤵
  PID:12300
- C:\Windows\System\bCUCPJb.exe
  C:\Windows\System\bCUCPJb.exe
  2⤵
  PID:12324
- C:\Windows\System\WwgfGqn.exe
  C:\Windows\System\WwgfGqn.exe
  2⤵
  PID:12344
- C:\Windows\System\yZihmMJ.exe
  C:\Windows\System\yZihmMJ.exe
  2⤵
  PID:12360
- C:\Windows\System\hstOJmu.exe
  C:\Windows\System\hstOJmu.exe
  2⤵
  PID:12388
- C:\Windows\System\ZYUdfAL.exe
  C:\Windows\System\ZYUdfAL.exe
  2⤵
  PID:12432
- C:\Windows\System\ZokzjRI.exe
  C:\Windows\System\ZokzjRI.exe
  2⤵
  PID:12456
- C:\Windows\System\mXJcjzR.exe
  C:\Windows\System\mXJcjzR.exe
  2⤵
  PID:12516
- C:\Windows\System\dJhlnKw.exe
  C:\Windows\System\dJhlnKw.exe
  2⤵
  PID:12544
- C:\Windows\System\lDuRBCw.exe
  C:\Windows\System\lDuRBCw.exe
  2⤵
  PID:12564
- C:\Windows\System\BanRUCI.exe
  C:\Windows\System\BanRUCI.exe
  2⤵
  PID:12584
- C:\Windows\System\USRJFls.exe
  C:\Windows\System\USRJFls.exe
  2⤵
  PID:12604
- C:\Windows\System\YZjIlBB.exe
  C:\Windows\System\YZjIlBB.exe
  2⤵
  PID:12620
- C:\Windows\System\IaEmskm.exe
  C:\Windows\System\IaEmskm.exe
  2⤵
  PID:12680
- C:\Windows\System\RQmVoEO.exe
  C:\Windows\System\RQmVoEO.exe
  2⤵
  PID:12708
- C:\Windows\System\GVEjMMD.exe
  C:\Windows\System\GVEjMMD.exe
  2⤵
  PID:12748
- C:\Windows\System\kFIIdCo.exe
  C:\Windows\System\kFIIdCo.exe
  2⤵
  PID:12772
- C:\Windows\System\AUgbvEo.exe
  C:\Windows\System\AUgbvEo.exe
  2⤵
  PID:12812
- C:\Windows\System\GYSisDy.exe
  C:\Windows\System\GYSisDy.exe
  2⤵
  PID:12836
- C:\Windows\System\CHuqjHF.exe
  C:\Windows\System\CHuqjHF.exe
  2⤵
  PID:12868
- C:\Windows\System\xFClvxU.exe
  C:\Windows\System\xFClvxU.exe
  2⤵
  PID:12912
- C:\Windows\System\wWkjUYr.exe
  C:\Windows\System\wWkjUYr.exe
  2⤵
  PID:12940
- C:\Windows\System\ldYQUwk.exe
  C:\Windows\System\ldYQUwk.exe
  2⤵
  PID:12960
- C:\Windows\System\wjsbWNj.exe
  C:\Windows\System\wjsbWNj.exe
  2⤵
  PID:13068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5wnf2oq5.w3r.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AAgTExA.exe

Filesize
1.2MB

MD5
cd6d4acff92a950253d34a1a3d4a47fe

SHA1
f9cf803b44e74d9ff795769ec409b1e541249fb8

SHA256
655da4bdad0ce7e15432872cf850fee8980662799ac1abae38a41f179b4249d0

SHA512
666d585d15be5f7e727b0b9b8724a3e3af819e6dfdaeae85a6ca745c73eff2ebbbdb73af199846697ed8835a1765e4abebbf329ede3065883b7fb9b70d26636f

Download Submit
C:\Windows\System\BcxXwAr.exe

Filesize
1.2MB

MD5
5c0a3aa3831fc977f14c80609131592e

SHA1
0a7167e3b218ea12cddb180a81b926b0a1da4df9

SHA256
e334a7e22534af19827d33c5d744ba108107cb7dd644b92c5289b261b8c0e409

SHA512
a0e0c07b001457110cad0450062cdf6035208cce9ddf0fef5c2e44f31d5e2e2b654160f6e05acdcdb3f61ee109427b1153988a6459872ded5f17b9776f4224dc

Download Submit
C:\Windows\System\DcDJcof.exe

Filesize
1.2MB

MD5
756b3acd21886042d13440fc441b9de3

SHA1
ae7975356bf9bfa005bf2f92918f56eac7e25124

SHA256
f1c7eccc082837138c82e1ea6482ff1b5843ce1c285667508a702e22e0eff33d

SHA512
39bedc09dba635641ffff022eead7a0fb17af2fc5f968811387cdad320a3a996e6690cc9aa5d1c65119ffbb77d2efcd6e4721be2357284c0d21b1f2bbe5febc2

Download Submit
C:\Windows\System\EHPIIFQ.exe

Filesize
1.2MB

MD5
c4305a97a28fa86ea5fd91d8cf33fd33

SHA1
c08e7b71588c320dee79a7a6792b5a7e45056a7a

SHA256
58fd0ab0ca9eee3ded5e323c6927fb785d7d97df236fb950611619753bef8ef3

SHA512
671614b8143bf80b9a0ca36351878fcf7859d52fe2c3d56c55efc5bf43c07dd99d4f8f473d4828c70e419d9c1c8906824b8a667288691b40f917848a7a728645

Download Submit
C:\Windows\System\EvAWCuW.exe

Filesize
1.2MB

MD5
6a184483a3157a638989bba08198e946

SHA1
b9bcc4ca9b7f4af78e7f144e03071db34532cef2

SHA256
5c6df9ce89c0d51e92714553f005294b2864fe8c061e7894c51a961c202b97b3

SHA512
c6b7bd9d8fb7f3b56187fbe95d88f9e8c4a27842a64eaf5931050b57ea673ea7905158b4c734fb09c7ce603ad9bac3053b3b91d69fc5544055ef748551cd97bc

Download Submit
C:\Windows\System\HUmpPVL.exe

Filesize
1.2MB

MD5
7b89c0d3560382094c6444d9b1be5837

SHA1
a641b6248ab0b72fe775a89f8060520e554d5dbe

SHA256
3fc91c577a686eb2b84f1f30e89b3ed132c371cd1648e68f54c1b25d33629473

SHA512
37ec026f927fce6a393d2b7176549702b3e337b610b4ca71d0e4fb705f6c8bf2387da93b10caff39a2df5f9d7495e442909822bd25eebcfc2cb26b6e924f3ba4

Download Submit
C:\Windows\System\HVWEKzA.exe

Filesize
1.2MB

MD5
d934ef624b33d4ca1c4646758e445e56

SHA1
bc13e94266a764a651f2004e44d6047c27b33823

SHA256
13fe22948d76092ecb5c86601c71c2424aa44724bff97d33c41d988f20d7cee1

SHA512
795b040b1b32bb46dab4167ea608b2cce1bb99117bcd4364a079892a23e0833876d337f55a5e8b31ae9d5c3068a7dc9418b9eceb521321eaa3c0254d89856afd

Download Submit
C:\Windows\System\KPwKGEx.exe

Filesize
1.2MB

MD5
fd84c8e24883ea62b44c96888a63cba3

SHA1
9bd75f493f7bc182b6a5cd175e385c94580adb63

SHA256
65ff23bd21a81012bba6db04735fea5b31075bcff5e180420e3179b6b1ac5ca5

SHA512
5b8c4320bc883b7f51050265182e913006c64750399880f10c5186b5413d3ce840066e3d3291c4649bd3ba0b78e58c865d606f215d70a21d29b772b170a7fe0a

Download Submit
C:\Windows\System\LHBoXrZ.exe

Filesize
1.2MB

MD5
c0660eca6d7d4f1b460a17f7e3abb8f9

SHA1
18a14dd0ee0a9339a66fb882fc45068ae0298d09

SHA256
3711dd4663bcf0559c8de4cfa95e84501bdb91e5483aee9bee5ae2a86d5f8228

SHA512
394337fb1b0d84891c29edd361336719d73c2c9d8fcec3b952fac6c88b32ddeaf5f0afd1ce7ba3169c50cdd9f0457e3d8edc990940b8196b00119630d7a08e7a

Download Submit
C:\Windows\System\LeaVJQR.exe

Filesize
1.2MB

MD5
7c4a8440592087f029dd4746cb374b32

SHA1
dae9dd27bb34f1bf8b1c30ca1f2ebf1fd65d4a00

SHA256
2a065440a4fa8e731cd0eaae73629c2b4f1b4f7fb8cd3d642f7001eba0342cba

SHA512
3b9dbb6f5f0e552c347be39c48fc713197b068b79f47fa79375071bab02f6988b5f974ec36d1d671c78e44c2305161b44a4e40eb8c6ad94a61bcb0e830990225

Download Submit
C:\Windows\System\LsTQtfP.exe

Filesize
1.2MB

MD5
a24c84f485225727884fbb2f205e6262

SHA1
1753fe9fa1dc128b8b368727dc64516e98c53dd0

SHA256
5f7f1454fec535f672ded1042cbf1b4f95ecb73cea06eba3d30179d66f8edebd

SHA512
dddd7626dba3236c46459f551a464fbac46c47996a5053dd1e59a4bfaa9ca37e19b0e4db53d9c78fe247f9f885b76a8b759c49bc280fa1a039bcede72e309091

Download Submit
C:\Windows\System\LzZtWsl.exe

Filesize
1.2MB

MD5
1ca7b32068ec2f21efe2448b3bb058ed

SHA1
62592d4c01f1b413f154672ed0bbd835572b368e

SHA256
47a53623713a54ea70702555c84d98e4348d008900959078065c5b3cb5430ed6

SHA512
ea0b9af2464256ab81bfe861a67478102d22266518142e0183d5be4055706b1484ab2f4aed4e18a8d4a7b05bfb30b28c29345c46887a88df713898dff0bbf558

Download Submit
C:\Windows\System\OKyhelk.exe

Filesize
1.2MB

MD5
23b145d17284a0e87c115761ec65c886

SHA1
2edbca944fd5d1d2e3780bd740d3342170b2d454

SHA256
0c24284a291dffc33c5be3d17b81715a5d2d07f93359dc8df23dad4e80d4f5b0

SHA512
da806c9c681e7100550aa20f00c4de5b28f376e79a9aabded6d7b5579cd95ec6ced0f5b8aff196f5c106af6dc3f33827efa6257446a2e139f905e2ef7d3fa835

Download Submit
C:\Windows\System\QAWjKSz.exe

Filesize
1.2MB

MD5
8675fdd82ad075876d85c490127facb7

SHA1
539552f56f169a6fa83f43c0e1e9355b56614698

SHA256
ab0299051ba633aad04d87fbd38d14ba1fb77d538bd363294c4caa123e5a1504

SHA512
a28db8b196b75b34dbfabbb411f42dfa1911172a7ac960e486cb0ab9dfd05cce902a0c38eba750cc5bb747f7786bfc0841c7a9559e6ca22c06a2dd70744bd4d7

Download Submit
C:\Windows\System\RmSguhd.exe

Filesize
1.2MB

MD5
fcce7302158e8f6f2974ce50cf0f2d35

SHA1
8815c8c5574df7a676a400d1c84b016959d55683

SHA256
29bece87d0cab1bdb7b100af95c911c194835e78f09467bf4a811b4b07da6709

SHA512
2eadfd8783410ffc7a4e44be201417301197919e366b6703c275dd8e7d14d201b534f0f82d7daec10fe7cb576f8e78b9372c1033f35e2bfe8efe40ad38cb0263

Download Submit
C:\Windows\System\UDmZopy.exe

Filesize
1.2MB

MD5
b0824f4871125f63ee1c7dd57d688b63

SHA1
e692770d7957a16750fe34a674dedd230ea97e41

SHA256
46a4f6ef15cf15d451d219b52ed34b0cb7aa16413e847d7a590b26483a06b49a

SHA512
b3d50181da8a77af66d0cdda8e3b40eb6fd45c829f3476ca555946aed66bd9537b1c5c81d38dacd922c86a0bdb6bef62f7c15c90b4f71b1aba0e1d793d6fe154

Download Submit
C:\Windows\System\VSdbOqL.exe

Filesize
8B

MD5
8e1226661f8ca09fc62a1fef1fd7fcb8

SHA1
5b44def3d0e8d434236fee53ad977e411181a3d8

SHA256
7c2ccee11204a3d84ff9c71237bbe484161717fa152009f68b3a2efb0ad9c1c9

SHA512
45cc72f2ca6df3fbb9deac023207f7093a2e236cf6702146e776d1f3b55a9e5f29fbb748ba3deb570ab4a7bdfa68cee4df84414f0ac4a063de36a2a303bd6323

Download Submit
C:\Windows\System\WhFohzL.exe

Filesize
1.2MB

MD5
6362d6f699a9010b0a1159860979623c

SHA1
9571f398b52bc5c9a0c1c03ce3458be4104d1a50

SHA256
370810527b2afd468819d637f168e7b511e79293f74a75e94c52b96e1b76b27c

SHA512
3ae26432133845c6eaec7dec252aa488724ddb3359a8521418a48d39210b31db5a8b6f96ed767bd96c2e04a5b143565a88791cb12864c56fb4e93b437cd2d16b

Download Submit
C:\Windows\System\YjFOQDy.exe

Filesize
1.2MB

MD5
9ed18c35748648f1565c723bcbc88e81

SHA1
e28d787bf76f8cd1925b0da22d10b8ccc52dd269

SHA256
9fca93b8a3e3ccec12aaedd46acb3e4a5f7d21563911e7ff0f669871c3b67d78

SHA512
ccf948ef78dae910c5b100fb0af74f1afd90ee410265f41ed42b84da90720f030f4022d5e37751959ad88c05fd650eeeef705034857d6303d5e0b01e610dc3e3

Download Submit
C:\Windows\System\amEdNFV.exe

Filesize
1.2MB

MD5
fbece9897a9bf2a97b9be4b31f0b92c8

SHA1
940c70c853a3a69808c6c1ac1206dadaa7c24b12

SHA256
8927e0013c300953cf3780c920d88f9d3ec12277495f0f9f4791a9b82451243a

SHA512
ae4919265ed0e4b1f6a909282f6927ff9e9817e8ce4c149f37db552921fb6a40f11cfb427807d105e86c64c46dfafd27e5a8784d19b5b838c6b515ea2a9b20af

Download Submit
C:\Windows\System\gamvAeh.exe

Filesize
1.2MB

MD5
ec798e2272e0f30f2af5640adcd65f8c

SHA1
6b896f061077ecbc18c594790adaf0d02fe533fe

SHA256
2fbc5fe6cc24f5261e7374a762219ef7c4362e1e2468664a0b868cc7549aca22

SHA512
9aa844fb3cfbb3b5295a5a5d5f1811c839927b1070cdcf382bba0d0363f69f92170be589ed27dae50a4538e07f57d273564b79f2d00ad8a53e7eceeef9362e85

Download Submit
C:\Windows\System\iSMrVkE.exe

Filesize
1.2MB

MD5
35af3278c2c4a9a8efd38bd23a9ce200

SHA1
af1679905eb8653031bed0fcb197191b04dbe62c

SHA256
34ac6d1ce45a4ee5c642d7b5b9c699fbcebacd1d9a628f35033345222dc80126

SHA512
cb8d320f0292afe461895534be34852324d06f5418ae678d4812dad8c8238d8cfa50add685048909e6ef504326a9fc2dc66905ba0e29aeaf1b4dc77174c3d3e8

Download Submit
C:\Windows\System\lqcUpiO.exe

Filesize
1.2MB

MD5
a8e28e5af9eb56e8fcfd4c2203c48af7

SHA1
e5c118c6a8856448337bb1c192cb860ceceb280b

SHA256
65e40638229268553471cb1d6cbbf70c8e66d42a6678894b0727c173b50fb4eb

SHA512
89f136e2ad2506a1847ecec1c7d4226a2e1f47efab291096530525312c2b70c207e8e78a980198b47f2f0de41545287e2350d7bba7f2c07a3fa3fb0396479a51

Download Submit
C:\Windows\System\oHQQdex.exe

Filesize
1.2MB

MD5
df2a724d2690039788ba2bbb60a0025c

SHA1
79de06f364c69e03bcc18bc5521374fe7d0c08d9

SHA256
e003554c11bf1c1cfa25e1113bffd4d4a80f8a31ad8bbebfdf359b9b51ecf4de

SHA512
fa54d55ac8914c4c98f122b6d1fc338dd223cb1eaf4dc03753b3492052cf8a97f604b0024dfe5c8a68d1e3e40b8b550f2f0e3f22b868479fead3a41ba7955c5f

Download Submit
C:\Windows\System\oKqKLgl.exe

Filesize
1.2MB

MD5
f8668dc4c741a3a977e9cfc413eeb386

SHA1
2cc01d3599515884a7f23dc53237e987f9e13503

SHA256
575af7f6a4b0a39b602f69afda1476134391c6efdc6aa4349eb06fddb37983a6

SHA512
7935f3365090efcfcd9190d7a76d791ff8cf940144f1e9dbbef4648c33ddbde376dd34a421947fbcd5693261fef85ca87f104fdfe07aeba0c20d2284fefa2a7d

Download Submit
C:\Windows\System\pnKWRMv.exe

Filesize
1.2MB

MD5
82ad4baf3ef6b146dff4aac4a31521e3

SHA1
c61cddd741444d26c21425f09b9f02a3ea8da83f

SHA256
ee4d8a75f0b22d7f5115bacf5d915bed6fe5bfbcc26f9a13c82b7f3e635d2196

SHA512
33135014eaf21b0ebecc336f46a17f967296014e08debfa3162117dfc82d51f55fda582ab09ebdc83e947be5bd6e27bac751b7f726707baa13a0b5c7e596c7c3

Download Submit
C:\Windows\System\qPedPem.exe

Filesize
1.2MB

MD5
35297ce052dc2103bdfe0727cba83329

SHA1
57cd8e3bfa2fe0a4cef01614ad5f5fa1dc0a8eb4

SHA256
0a08f157e124d5a533b28907c3cb3b78070b76d15dfdf7d7572977a004b994ac

SHA512
3e5c5f41cc7208f5b23f35f1cef7f4a6c0b2fcb0c6f3a3652ce7e1769e69a2218ec290c742d2f2ea039215c7e04a24bfac9fee5a19276abfb01d5c3344879278

Download Submit
C:\Windows\System\rVFjGtO.exe

Filesize
1.2MB

MD5
0c152e524c4d02e9890ad1f6f20c49ee

SHA1
9f08f7c952e5c101e334129c4516200211387fad

SHA256
8d5c27a65e2a7d14415ba8c8f642519c3a9fac5eac3673917c036e4bdf6431a1

SHA512
c808e489898fe3e167b52d1499a89606d1731bcb335b1e3687d87d8d9422516ae26fd9d555745c8f29706015f4b36a119219138aeb159cc2a72853ae95be9990

Download Submit
C:\Windows\System\slNeyvi.exe

Filesize
1.2MB

MD5
ac3dc99c0f3210668c36780869302820

SHA1
8e65b0546542bd604bd2046b49881e92988e61bd

SHA256
255b184a9d67799f33cd54d7950e714573e093a4fb95dce523d6933888194729

SHA512
a658b3e8cc57609c7222a8e563097652721b8b327fa8586e624e55611e4b3530ecf8f62fc7b0bb6efa8c21b4e91f0d0c2021fb5a364a2b413fcdc5ff2abdbdf8

Download Submit
C:\Windows\System\uVXCgRd.exe

Filesize
1.2MB

MD5
b2eaf9c4630810250de0080e1a9ef267

SHA1
d8a4b4cbf0a17c000af7491ca247bbc4e294aa06

SHA256
f56adce97426be71a79419b31bda37612fd2b4417a90d77fe227d68be25f7ec3

SHA512
43390c22c6b07884eb8dba7846c25311ebd78bdd77315f3383e1b699509e075eac6c5aa73ac83fc8e9d5ea01b242aadbb45755e86c48f100bb3f794720e52f72

Download Submit
C:\Windows\System\xQdfgZY.exe

Filesize
1.2MB

MD5
08e3b469210ae2c7300bf9579ca1e607

SHA1
ff3af2eb0b9e627f86fba6510460d25169e6a9fb

SHA256
82e291dc56fd791f4a06df103785d79d588aaa72d108acbe36540d82df364a84

SHA512
e82ac64e9e037fce17c713385e0f2353eaeb2804c19acae002742781401e6c530abb32e1289601c967fd5a104d8308c208cd33b1d1da6c05cb981fd908372bdc

Download Submit
C:\Windows\System\xjXYenM.exe

Filesize
1.2MB

MD5
7a5d1847a613981eda9e64b9b47cc568

SHA1
58ec805de1a097d97ade80f2d0efb027542280dd

SHA256
d17ff34ab9654c83a909c6297fb040f26093e3f4f591cade07ae33e976a2cf3b

SHA512
312e364970b3c542df7972a0c727e6ad120bbe1f71dff8988655f1fdb630733ae5645f76bd44b2fe6464f17d6bf851caab8c195810dfa767c85a6b1d27e046ac

Download Submit
C:\Windows\System\zKSmtAU.exe

Filesize
1.2MB

MD5
e8f0d2cb21189688042fafa7f2d2d260

SHA1
f4c9241bc08db0c469a586cb6bd2017e229f7ec3

SHA256
9f3116447554b98d2c4b1d3104be6fb8af14d120560f8f89c166179c598f29fa

SHA512
df6d7949c6601f01861728c8f60d7c2bc5701103b7a0dd7bbb8eeb52d5ad2b2d112ecfcabae594037fe2de5be272c2d6ff3574a0ea10529c25d1b8c38a80ceed

Download Submit
C:\Windows\System\zqchwdk.exe

Filesize
1.2MB

MD5
3c24c270edffc7c6bcd94ebc8a985b81

SHA1
d7907c47f7cfb25cd221ff95888abebcde0a8e72

SHA256
de8a37b681b6dd231a682def6a93e94351065e6a2906ee5c298bcb0cd8614c13

SHA512
d916aab94ba5ba8eeafe4ffbf86119543d0462fcc9229f7429806a02964e369c5e06e5f1224a0ad4e8bb750ad66de9a060c82929158482b731d3ee828f4b8784

Download Submit
memory/436-412-0x00007FF6AA510000-0x00007FF6AA902000-memory.dmp

Filesize
3.9MB

Download
memory/436-3230-0x00007FF6AA510000-0x00007FF6AA902000-memory.dmp

Filesize
3.9MB

Download
memory/444-113-0x00007FF6EC8E0000-0x00007FF6ECCD2000-memory.dmp

Filesize
3.9MB

Download
memory/444-3194-0x00007FF6EC8E0000-0x00007FF6ECCD2000-memory.dmp

Filesize
3.9MB

Download
memory/668-3222-0x00007FF724E50000-0x00007FF725242000-memory.dmp

Filesize
3.9MB

Download
memory/668-404-0x00007FF724E50000-0x00007FF725242000-memory.dmp

Filesize
3.9MB

Download
memory/692-100-0x00007FF659880000-0x00007FF659C72000-memory.dmp

Filesize
3.9MB

Download
memory/692-3206-0x00007FF659880000-0x00007FF659C72000-memory.dmp

Filesize
3.9MB

Download
memory/732-372-0x00007FF666140000-0x00007FF666532000-memory.dmp

Filesize
3.9MB

Download
memory/732-3203-0x00007FF666140000-0x00007FF666532000-memory.dmp

Filesize
3.9MB

Download
memory/1048-443-0x00007FF778450000-0x00007FF778842000-memory.dmp

Filesize
3.9MB

Download
memory/1048-3226-0x00007FF778450000-0x00007FF778842000-memory.dmp

Filesize
3.9MB

Download
memory/1052-3189-0x00007FF6B3110000-0x00007FF6B3502000-memory.dmp

Filesize
3.9MB

Download
memory/1052-413-0x00007FF6B3110000-0x00007FF6B3502000-memory.dmp

Filesize
3.9MB

Download
memory/1632-377-0x00007FF78F070000-0x00007FF78F462000-memory.dmp

Filesize
3.9MB

Download
memory/1632-3214-0x00007FF78F070000-0x00007FF78F462000-memory.dmp

Filesize
3.9MB

Download
memory/1732-3211-0x00007FF668BD0000-0x00007FF668FC2000-memory.dmp

Filesize
3.9MB

Download
memory/1732-359-0x00007FF668BD0000-0x00007FF668FC2000-memory.dmp

Filesize
3.9MB

Download
memory/1832-3217-0x00007FF61B8D0000-0x00007FF61BCC2000-memory.dmp

Filesize
3.9MB

Download
memory/1832-429-0x00007FF61B8D0000-0x00007FF61BCC2000-memory.dmp

Filesize
3.9MB

Download
memory/1864-3218-0x00007FF6C7160000-0x00007FF6C7552000-memory.dmp

Filesize
3.9MB

Download
memory/1864-383-0x00007FF6C7160000-0x00007FF6C7552000-memory.dmp

Filesize
3.9MB

Download
memory/1896-3232-0x00007FF6B91B0000-0x00007FF6B95A2000-memory.dmp

Filesize
3.9MB

Download
memory/1896-411-0x00007FF6B91B0000-0x00007FF6B95A2000-memory.dmp

Filesize
3.9MB

Download
memory/2168-381-0x00007FF652C00000-0x00007FF652FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2168-3220-0x00007FF652C00000-0x00007FF652FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2560-3224-0x00007FF7B4950000-0x00007FF7B4D42000-memory.dmp

Filesize
3.9MB

Download
memory/2560-410-0x00007FF7B4950000-0x00007FF7B4D42000-memory.dmp

Filesize
3.9MB

Download
memory/2596-94-0x00007FF6B4FC0000-0x00007FF6B53B2000-memory.dmp

Filesize
3.9MB

Download
memory/2596-3192-0x00007FF6B4FC0000-0x00007FF6B53B2000-memory.dmp

Filesize
3.9MB

Download
memory/2868-3213-0x00007FF6AD980000-0x00007FF6ADD72000-memory.dmp

Filesize
3.9MB

Download
memory/2868-420-0x00007FF6AD980000-0x00007FF6ADD72000-memory.dmp

Filesize
3.9MB

Download
memory/3280-3196-0x00007FF797E60000-0x00007FF798252000-memory.dmp

Filesize
3.9MB

Download
memory/3280-338-0x00007FF797E60000-0x00007FF798252000-memory.dmp

Filesize
3.9MB

Download
memory/3392-454-0x00007FF6BB0F0000-0x00007FF6BB4E2000-memory.dmp

Filesize
3.9MB

Download
memory/3392-3228-0x00007FF6BB0F0000-0x00007FF6BB4E2000-memory.dmp

Filesize
3.9MB

Download
memory/3496-3199-0x00007FF6CF8D0000-0x00007FF6CFCC2000-memory.dmp

Filesize
3.9MB

Download
memory/3496-393-0x00007FF6CF8D0000-0x00007FF6CFCC2000-memory.dmp

Filesize
3.9MB

Download
memory/3508-3164-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3508-14-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3508-3186-0x00007FF7379C0000-0x00007FF737DB2000-memory.dmp

Filesize
3.9MB

Download
memory/3564-3200-0x00007FF71E1E0000-0x00007FF71E5D2000-memory.dmp

Filesize
3.9MB

Download
memory/3564-409-0x00007FF71E1E0000-0x00007FF71E5D2000-memory.dmp

Filesize
3.9MB

Download
memory/4192-3205-0x00007FF7BE030000-0x00007FF7BE422000-memory.dmp

Filesize
3.9MB

Download
memory/4192-437-0x00007FF7BE030000-0x00007FF7BE422000-memory.dmp

Filesize
3.9MB

Download
memory/4244-0-0x00007FF6A3410000-0x00007FF6A3802000-memory.dmp

Filesize
3.9MB

Download
memory/4244-1-0x000001EA831B0000-0x000001EA831C0000-memory.dmp

Filesize
64KB

Download
memory/4292-355-0x00007FF662540000-0x00007FF662932000-memory.dmp

Filesize
3.9MB

Download
memory/4292-3209-0x00007FF662540000-0x00007FF662932000-memory.dmp

Filesize
3.9MB

Download
memory/4372-112-0x00007FF6ACEA0000-0x00007FF6AD292000-memory.dmp

Filesize
3.9MB

Download
memory/4372-3190-0x00007FF6ACEA0000-0x00007FF6AD292000-memory.dmp

Filesize
3.9MB

Download
memory/4552-3162-0x00007FF90C9F0000-0x00007FF90D4B1000-memory.dmp

Filesize
10.8MB

Download
memory/4552-3153-0x00007FF90C9F0000-0x00007FF90D4B1000-memory.dmp

Filesize
10.8MB

Download
memory/4552-47-0x00007FF90C9F0000-0x00007FF90D4B1000-memory.dmp

Filesize
10.8MB

Download
memory/4552-9-0x00007FF90C9F3000-0x00007FF90C9F5000-memory.dmp

Filesize
8KB

Download
memory/4552-447-0x00000197CE9B0000-0x00000197CF156000-memory.dmp

Filesize
7.6MB

Download
memory/4552-89-0x00000197B3A60000-0x00000197B3A82000-memory.dmp

Filesize
136KB

Download
memory/4552-85-0x00007FF90C9F0000-0x00007FF90D4B1000-memory.dmp

Filesize
10.8MB

Download