xmrig | aaeba53169767c4e8662deb66c4e9aa5d0ea59c4bd054d5c29f0f71738d723c9

Analysis

max time kernel
110s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aeec6f22216253be6e0e34c6d5b57ef0N.exe
Size

1.3MB
MD5

aeec6f22216253be6e0e34c6d5b57ef0
SHA1

22bdcd681d89b6147cd9d32fefc5b0420272df80
SHA256

aaeba53169767c4e8662deb66c4e9aa5d0ea59c4bd054d5c29f0f71738d723c9
SHA512

9a745f1ff74dad57949f0c440f4ef272c1035ef1e3252016e69a536de307796512f6a571cd9a95667dd1a1019541cac8b576a7119e5dbb9a69c56d4fe3d81366
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYUA/02aHwNei:Lz071uv4BPMkibTIA5UMx

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3196-26-0x00007FF62C580000-0x00007FF62C972000-memory.dmp	xmrig
behavioral2/memory/4160-319-0x00007FF782020000-0x00007FF782412000-memory.dmp	xmrig
behavioral2/memory/2600-345-0x00007FF6D3080000-0x00007FF6D3472000-memory.dmp	xmrig
behavioral2/memory/2380-338-0x00007FF7A1440000-0x00007FF7A1832000-memory.dmp	xmrig
behavioral2/memory/4200-361-0x00007FF626590000-0x00007FF626982000-memory.dmp	xmrig
behavioral2/memory/2708-369-0x00007FF7EED70000-0x00007FF7EF162000-memory.dmp	xmrig
behavioral2/memory/432-371-0x00007FF79D890000-0x00007FF79DC82000-memory.dmp	xmrig
behavioral2/memory/3892-354-0x00007FF6F1B70000-0x00007FF6F1F62000-memory.dmp	xmrig
behavioral2/memory/3224-398-0x00007FF629550000-0x00007FF629942000-memory.dmp	xmrig
behavioral2/memory/1960-413-0x00007FF716590000-0x00007FF716982000-memory.dmp	xmrig
behavioral2/memory/1400-426-0x00007FF65BBB0000-0x00007FF65BFA2000-memory.dmp	xmrig
behavioral2/memory/3316-431-0x00007FF772590000-0x00007FF772982000-memory.dmp	xmrig
behavioral2/memory/4648-434-0x00007FF7C38D0000-0x00007FF7C3CC2000-memory.dmp	xmrig
behavioral2/memory/2836-422-0x00007FF64DCD0000-0x00007FF64E0C2000-memory.dmp	xmrig
behavioral2/memory/3520-408-0x00007FF61CB40000-0x00007FF61CF32000-memory.dmp	xmrig
behavioral2/memory/2916-407-0x00007FF7CDAB0000-0x00007FF7CDEA2000-memory.dmp	xmrig
behavioral2/memory/1420-394-0x00007FF7C5640000-0x00007FF7C5A32000-memory.dmp	xmrig
behavioral2/memory/4776-382-0x00007FF618CB0000-0x00007FF6190A2000-memory.dmp	xmrig
behavioral2/memory/3380-377-0x00007FF694DC0000-0x00007FF6951B2000-memory.dmp	xmrig
behavioral2/memory/4988-376-0x00007FF620360000-0x00007FF620752000-memory.dmp	xmrig
behavioral2/memory/1308-334-0x00007FF7411F0000-0x00007FF7415E2000-memory.dmp	xmrig
behavioral2/memory/3360-326-0x00007FF6137B0000-0x00007FF613BA2000-memory.dmp	xmrig
behavioral2/memory/4844-2528-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp	xmrig
behavioral2/memory/1252-2532-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp	xmrig
behavioral2/memory/4844-2582-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp	xmrig
behavioral2/memory/4160-2584-0x00007FF782020000-0x00007FF782412000-memory.dmp	xmrig
behavioral2/memory/3196-2586-0x00007FF62C580000-0x00007FF62C972000-memory.dmp	xmrig
behavioral2/memory/1252-2588-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp	xmrig
behavioral2/memory/2600-2593-0x00007FF6D3080000-0x00007FF6D3472000-memory.dmp	xmrig
behavioral2/memory/3360-2596-0x00007FF6137B0000-0x00007FF613BA2000-memory.dmp	xmrig
behavioral2/memory/432-2604-0x00007FF79D890000-0x00007FF79DC82000-memory.dmp	xmrig
behavioral2/memory/1308-2606-0x00007FF7411F0000-0x00007FF7415E2000-memory.dmp	xmrig
behavioral2/memory/2708-2602-0x00007FF7EED70000-0x00007FF7EF162000-memory.dmp	xmrig
behavioral2/memory/3892-2601-0x00007FF6F1B70000-0x00007FF6F1F62000-memory.dmp	xmrig
behavioral2/memory/4648-2598-0x00007FF7C38D0000-0x00007FF7C3CC2000-memory.dmp	xmrig
behavioral2/memory/2380-2595-0x00007FF7A1440000-0x00007FF7A1832000-memory.dmp	xmrig
behavioral2/memory/4200-2591-0x00007FF626590000-0x00007FF626982000-memory.dmp	xmrig
behavioral2/memory/1400-2628-0x00007FF65BBB0000-0x00007FF65BFA2000-memory.dmp	xmrig
behavioral2/memory/4776-2609-0x00007FF618CB0000-0x00007FF6190A2000-memory.dmp	xmrig
behavioral2/memory/3316-2627-0x00007FF772590000-0x00007FF772982000-memory.dmp	xmrig
behavioral2/memory/3520-2622-0x00007FF61CB40000-0x00007FF61CF32000-memory.dmp	xmrig
behavioral2/memory/1960-2621-0x00007FF716590000-0x00007FF716982000-memory.dmp	xmrig
behavioral2/memory/2836-2618-0x00007FF64DCD0000-0x00007FF64E0C2000-memory.dmp	xmrig
behavioral2/memory/4988-2617-0x00007FF620360000-0x00007FF620752000-memory.dmp	xmrig
behavioral2/memory/3380-2614-0x00007FF694DC0000-0x00007FF6951B2000-memory.dmp	xmrig
behavioral2/memory/3224-2613-0x00007FF629550000-0x00007FF629942000-memory.dmp	xmrig
behavioral2/memory/1420-2610-0x00007FF7C5640000-0x00007FF7C5A32000-memory.dmp	xmrig
behavioral2/memory/2916-2637-0x00007FF7CDAB0000-0x00007FF7CDEA2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	3792	powershell.exe
5	3792	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3792	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4844	UgjfdXU.exe
4160	UueSnlR.exe
3196	mKRKnEn.exe
1252	fPZkivn.exe
3360	iVWdtbx.exe
4648	hHaKfVN.exe
1308	GxeFmba.exe
2380	QNHRciZ.exe
2600	waCPcME.exe
3892	meWbMiK.exe
4200	hdmoRMW.exe
2708	NOBhOTx.exe
432	dMdAWel.exe
4988	VEpwhVK.exe
3380	jNYwJXx.exe
4776	OBudCxY.exe
1420	BaBaeBH.exe
3224	oiLyYRF.exe
2916	pJGacmG.exe
3520	jEnVSgy.exe
1960	BxLPHoj.exe
2836	lwxPwNc.exe
1400	wckqcsY.exe
3316	NohSovL.exe
1928	FnRBpKR.exe
3328	nIWBJbN.exe
5100	HgedYTV.exe
2256	AIDGvub.exe
2800	IkhdERk.exe
404	BQRnAgM.exe
2940	pbRMacR.exe
3572	YKJEWRr.exe
2004	ryXjVYb.exe
3764	fSoNIgg.exe
2964	PibFmFC.exe
1748	iNHDydh.exe
3760	xSihmQw.exe
3600	lEYJPdB.exe
900	oLGlKgP.exe
3456	vTYWhyl.exe
3464	ePftsoo.exe
2236	SMCYTBq.exe
4916	xwDBvdk.exe
1588	KnEbpSi.exe
4544	kTvvfph.exe
4388	hUKmIzf.exe
3916	PcRkXKs.exe
2704	ESPyRvI.exe
4584	YkPoCQX.exe
4768	YKKaLRW.exe
1664	MTOHply.exe
4360	HwTUgwy.exe
3672	EZYJWbC.exe
3168	lyRodqV.exe
3220	COTOyds.exe
3660	ZXnAXEs.exe
2772	RKeVTzu.exe
4740	JPrWVaK.exe
1820	dnCQckK.exe
3200	SyTrADr.exe
3276	hRwpYBh.exe
812	MZxZZjQ.exe
2700	rjiiRqc.exe
4336	PlPbrrO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1608-0-0x00007FF7A4EF0000-0x00007FF7A52E2000-memory.dmp	upx
behavioral2/files/0x0009000000023482-5.dat	upx
behavioral2/files/0x00070000000234e6-11.dat	upx
behavioral2/files/0x00080000000234e5-15.dat	upx
behavioral2/files/0x00070000000234e7-20.dat	upx
behavioral2/memory/3196-26-0x00007FF62C580000-0x00007FF62C972000-memory.dmp	upx
behavioral2/memory/1252-43-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp	upx
behavioral2/files/0x00070000000234e8-55.dat	upx
behavioral2/files/0x00070000000234ee-61.dat	upx
behavioral2/files/0x00070000000234ed-65.dat	upx
behavioral2/files/0x00070000000234f0-84.dat	upx
behavioral2/files/0x00080000000234ea-81.dat	upx
behavioral2/files/0x00070000000234f1-96.dat	upx
behavioral2/files/0x00070000000234f4-106.dat	upx
behavioral2/files/0x00070000000234f7-113.dat	upx
behavioral2/files/0x00070000000234fb-141.dat	upx
behavioral2/files/0x00070000000234fe-148.dat	upx
behavioral2/files/0x0007000000023502-168.dat	upx
behavioral2/files/0x0007000000023504-178.dat	upx
behavioral2/memory/4160-319-0x00007FF782020000-0x00007FF782412000-memory.dmp	upx
behavioral2/memory/2600-345-0x00007FF6D3080000-0x00007FF6D3472000-memory.dmp	upx
behavioral2/memory/2380-338-0x00007FF7A1440000-0x00007FF7A1832000-memory.dmp	upx
behavioral2/memory/4200-361-0x00007FF626590000-0x00007FF626982000-memory.dmp	upx
behavioral2/memory/2708-369-0x00007FF7EED70000-0x00007FF7EF162000-memory.dmp	upx
behavioral2/memory/432-371-0x00007FF79D890000-0x00007FF79DC82000-memory.dmp	upx
behavioral2/memory/3892-354-0x00007FF6F1B70000-0x00007FF6F1F62000-memory.dmp	upx
behavioral2/memory/3224-398-0x00007FF629550000-0x00007FF629942000-memory.dmp	upx
behavioral2/memory/1960-413-0x00007FF716590000-0x00007FF716982000-memory.dmp	upx
behavioral2/memory/1400-426-0x00007FF65BBB0000-0x00007FF65BFA2000-memory.dmp	upx
behavioral2/memory/3316-431-0x00007FF772590000-0x00007FF772982000-memory.dmp	upx
behavioral2/memory/4648-434-0x00007FF7C38D0000-0x00007FF7C3CC2000-memory.dmp	upx
behavioral2/memory/2836-422-0x00007FF64DCD0000-0x00007FF64E0C2000-memory.dmp	upx
behavioral2/memory/3520-408-0x00007FF61CB40000-0x00007FF61CF32000-memory.dmp	upx
behavioral2/memory/2916-407-0x00007FF7CDAB0000-0x00007FF7CDEA2000-memory.dmp	upx
behavioral2/memory/1420-394-0x00007FF7C5640000-0x00007FF7C5A32000-memory.dmp	upx
behavioral2/memory/4776-382-0x00007FF618CB0000-0x00007FF6190A2000-memory.dmp	upx
behavioral2/memory/3380-377-0x00007FF694DC0000-0x00007FF6951B2000-memory.dmp	upx
behavioral2/memory/4988-376-0x00007FF620360000-0x00007FF620752000-memory.dmp	upx
behavioral2/memory/1308-334-0x00007FF7411F0000-0x00007FF7415E2000-memory.dmp	upx
behavioral2/memory/3360-326-0x00007FF6137B0000-0x00007FF613BA2000-memory.dmp	upx
behavioral2/files/0x0007000000023503-173.dat	upx
behavioral2/files/0x0007000000023501-171.dat	upx
behavioral2/files/0x0007000000023500-166.dat	upx
behavioral2/files/0x00070000000234ff-161.dat	upx
behavioral2/files/0x00070000000234fd-151.dat	upx
behavioral2/files/0x00070000000234fc-146.dat	upx
behavioral2/files/0x00070000000234fa-136.dat	upx
behavioral2/files/0x00070000000234f9-131.dat	upx
behavioral2/files/0x00070000000234f8-126.dat	upx
behavioral2/files/0x00070000000234f6-116.dat	upx
behavioral2/files/0x00070000000234f5-111.dat	upx
behavioral2/files/0x00070000000234f3-101.dat	upx
behavioral2/files/0x00070000000234f2-94.dat	upx
behavioral2/files/0x00070000000234ec-72.dat	upx
behavioral2/files/0x00080000000234eb-71.dat	upx
behavioral2/files/0x00070000000234ef-69.dat	upx
behavioral2/files/0x00070000000234e9-63.dat	upx
behavioral2/memory/4844-8-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp	upx
behavioral2/memory/4844-2528-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp	upx
behavioral2/memory/1252-2532-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp	upx
behavioral2/memory/4844-2582-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp	upx
behavioral2/memory/4160-2584-0x00007FF782020000-0x00007FF782412000-memory.dmp	upx
behavioral2/memory/3196-2586-0x00007FF62C580000-0x00007FF62C972000-memory.dmp	upx
behavioral2/memory/1252-2588-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jPPuaEA.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\DGEPEPJ.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\aYVEBPL.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\fjXkEYO.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\ZuNoYUW.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\mOAdEcF.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\UClpxwJ.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\DwzYwtf.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\TvLmjIh.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\fgCucnn.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\iWwVVgH.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\lwqftCf.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\XsbgKJb.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\ZqhFilV.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\hicvXeH.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\sUBBjFA.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\nGzsTIq.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\vnTeKQc.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\smVBigl.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\tKrzFKq.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\KcAszYi.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\bkcYIVy.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\moqIwow.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\dRUfETR.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\ceMpFvc.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\YBJGxuG.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\aaUILMx.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\eOcVxpF.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\KnwYrWQ.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\YyZFaJe.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\BqzzevC.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\cfFwWqI.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\WUYMDzP.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\GWxVjtZ.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\GdLJjAR.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\fHtxUWH.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\fPDPmbv.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\mhFXHRb.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\jpEAvLC.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\rvqrLBt.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\GwrGQqz.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\LlPFchU.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\TjWkNtb.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\HqSTlDq.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\BoUZtDH.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\PGjTvzA.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\NdDqfgn.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\aTdaBmC.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\cshRQyu.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\ELXEFYZ.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\yqOLAPa.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\NSNqKAz.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\QmhZhhk.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\eYVwfff.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\NkVBMnz.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\PrkrzmL.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\nUNAUNR.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\dZyrZVy.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\zcRPLZs.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\EtTksTk.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\ZHeOhyO.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\luuZJxr.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\UAbIFZv.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe
File created	C:\Windows\System\dYYNFwi.exe	aeec6f22216253be6e0e34c6d5b57ef0N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3792	powershell.exe
3792	powershell.exe
3792	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe
Token: SeLockMemoryPrivilege	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe
Token: SeDebugPrivilege	3792	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 3792	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	85
PID 1608 wrote to memory of 3792	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	85
PID 1608 wrote to memory of 4844	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	86
PID 1608 wrote to memory of 4844	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	86
PID 1608 wrote to memory of 4160	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	87
PID 1608 wrote to memory of 4160	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	87
PID 1608 wrote to memory of 3196	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	88
PID 1608 wrote to memory of 3196	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	88
PID 1608 wrote to memory of 1252	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	89
PID 1608 wrote to memory of 1252	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	89
PID 1608 wrote to memory of 3360	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	90
PID 1608 wrote to memory of 3360	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	90
PID 1608 wrote to memory of 4648	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	91
PID 1608 wrote to memory of 4648	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	91
PID 1608 wrote to memory of 1308	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	92
PID 1608 wrote to memory of 1308	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	92
PID 1608 wrote to memory of 2380	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	93
PID 1608 wrote to memory of 2380	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	93
PID 1608 wrote to memory of 4200	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	94
PID 1608 wrote to memory of 4200	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	94
PID 1608 wrote to memory of 2600	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	95
PID 1608 wrote to memory of 2600	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	95
PID 1608 wrote to memory of 3892	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	96
PID 1608 wrote to memory of 3892	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	96
PID 1608 wrote to memory of 2708	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	97
PID 1608 wrote to memory of 2708	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	97
PID 1608 wrote to memory of 432	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	98
PID 1608 wrote to memory of 432	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	98
PID 1608 wrote to memory of 3380	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	99
PID 1608 wrote to memory of 3380	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	99
PID 1608 wrote to memory of 4988	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	100
PID 1608 wrote to memory of 4988	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	100
PID 1608 wrote to memory of 4776	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	101
PID 1608 wrote to memory of 4776	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	101
PID 1608 wrote to memory of 1420	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	102
PID 1608 wrote to memory of 1420	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	102
PID 1608 wrote to memory of 3224	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	103
PID 1608 wrote to memory of 3224	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	103
PID 1608 wrote to memory of 2916	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	104
PID 1608 wrote to memory of 2916	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	104
PID 1608 wrote to memory of 3520	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	105
PID 1608 wrote to memory of 3520	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	105
PID 1608 wrote to memory of 1960	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	106
PID 1608 wrote to memory of 1960	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	106
PID 1608 wrote to memory of 2836	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	107
PID 1608 wrote to memory of 2836	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	107
PID 1608 wrote to memory of 1400	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	108
PID 1608 wrote to memory of 1400	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	108
PID 1608 wrote to memory of 3316	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	109
PID 1608 wrote to memory of 3316	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	109
PID 1608 wrote to memory of 1928	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	110
PID 1608 wrote to memory of 1928	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	110
PID 1608 wrote to memory of 3328	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	111
PID 1608 wrote to memory of 3328	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	111
PID 1608 wrote to memory of 5100	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	112
PID 1608 wrote to memory of 5100	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	112
PID 1608 wrote to memory of 2256	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	113
PID 1608 wrote to memory of 2256	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	113
PID 1608 wrote to memory of 2800	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	114
PID 1608 wrote to memory of 2800	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	114
PID 1608 wrote to memory of 404	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	115
PID 1608 wrote to memory of 404	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	115
PID 1608 wrote to memory of 2940	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	116
PID 1608 wrote to memory of 2940	1608	aeec6f22216253be6e0e34c6d5b57ef0N.exe	116

C:\Users\Admin\AppData\Local\Temp\aeec6f22216253be6e0e34c6d5b57ef0N.exe
"C:\Users\Admin\AppData\Local\Temp\aeec6f22216253be6e0e34c6d5b57ef0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3792
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3792" "2952" "2812" "2956" "0" "0" "2960" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12804
- C:\Windows\System\UgjfdXU.exe
  C:\Windows\System\UgjfdXU.exe
  2⤵
  - Executes dropped EXE
  PID:4844
- C:\Windows\System\UueSnlR.exe
  C:\Windows\System\UueSnlR.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\mKRKnEn.exe
  C:\Windows\System\mKRKnEn.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\fPZkivn.exe
  C:\Windows\System\fPZkivn.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\iVWdtbx.exe
  C:\Windows\System\iVWdtbx.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\hHaKfVN.exe
  C:\Windows\System\hHaKfVN.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\GxeFmba.exe
  C:\Windows\System\GxeFmba.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\QNHRciZ.exe
  C:\Windows\System\QNHRciZ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\hdmoRMW.exe
  C:\Windows\System\hdmoRMW.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\waCPcME.exe
  C:\Windows\System\waCPcME.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\meWbMiK.exe
  C:\Windows\System\meWbMiK.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\NOBhOTx.exe
  C:\Windows\System\NOBhOTx.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\dMdAWel.exe
  C:\Windows\System\dMdAWel.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\jNYwJXx.exe
  C:\Windows\System\jNYwJXx.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\VEpwhVK.exe
  C:\Windows\System\VEpwhVK.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\OBudCxY.exe
  C:\Windows\System\OBudCxY.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\BaBaeBH.exe
  C:\Windows\System\BaBaeBH.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\oiLyYRF.exe
  C:\Windows\System\oiLyYRF.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\pJGacmG.exe
  C:\Windows\System\pJGacmG.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\jEnVSgy.exe
  C:\Windows\System\jEnVSgy.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\BxLPHoj.exe
  C:\Windows\System\BxLPHoj.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\lwxPwNc.exe
  C:\Windows\System\lwxPwNc.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\wckqcsY.exe
  C:\Windows\System\wckqcsY.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\NohSovL.exe
  C:\Windows\System\NohSovL.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\FnRBpKR.exe
  C:\Windows\System\FnRBpKR.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\nIWBJbN.exe
  C:\Windows\System\nIWBJbN.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\HgedYTV.exe
  C:\Windows\System\HgedYTV.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\AIDGvub.exe
  C:\Windows\System\AIDGvub.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\IkhdERk.exe
  C:\Windows\System\IkhdERk.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\BQRnAgM.exe
  C:\Windows\System\BQRnAgM.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\pbRMacR.exe
  C:\Windows\System\pbRMacR.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\YKJEWRr.exe
  C:\Windows\System\YKJEWRr.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\ryXjVYb.exe
  C:\Windows\System\ryXjVYb.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\fSoNIgg.exe
  C:\Windows\System\fSoNIgg.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\PibFmFC.exe
  C:\Windows\System\PibFmFC.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\iNHDydh.exe
  C:\Windows\System\iNHDydh.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\xSihmQw.exe
  C:\Windows\System\xSihmQw.exe
  2⤵
  - Executes dropped EXE
  PID:3760
- C:\Windows\System\lEYJPdB.exe
  C:\Windows\System\lEYJPdB.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\oLGlKgP.exe
  C:\Windows\System\oLGlKgP.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\vTYWhyl.exe
  C:\Windows\System\vTYWhyl.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\ePftsoo.exe
  C:\Windows\System\ePftsoo.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\SMCYTBq.exe
  C:\Windows\System\SMCYTBq.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\xwDBvdk.exe
  C:\Windows\System\xwDBvdk.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\KnEbpSi.exe
  C:\Windows\System\KnEbpSi.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\kTvvfph.exe
  C:\Windows\System\kTvvfph.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\hUKmIzf.exe
  C:\Windows\System\hUKmIzf.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\PcRkXKs.exe
  C:\Windows\System\PcRkXKs.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\ESPyRvI.exe
  C:\Windows\System\ESPyRvI.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\YkPoCQX.exe
  C:\Windows\System\YkPoCQX.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\YKKaLRW.exe
  C:\Windows\System\YKKaLRW.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\MTOHply.exe
  C:\Windows\System\MTOHply.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\HwTUgwy.exe
  C:\Windows\System\HwTUgwy.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\EZYJWbC.exe
  C:\Windows\System\EZYJWbC.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\lyRodqV.exe
  C:\Windows\System\lyRodqV.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\COTOyds.exe
  C:\Windows\System\COTOyds.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\ZXnAXEs.exe
  C:\Windows\System\ZXnAXEs.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\RKeVTzu.exe
  C:\Windows\System\RKeVTzu.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\JPrWVaK.exe
  C:\Windows\System\JPrWVaK.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\dnCQckK.exe
  C:\Windows\System\dnCQckK.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\SyTrADr.exe
  C:\Windows\System\SyTrADr.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\hRwpYBh.exe
  C:\Windows\System\hRwpYBh.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\MZxZZjQ.exe
  C:\Windows\System\MZxZZjQ.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\rjiiRqc.exe
  C:\Windows\System\rjiiRqc.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\PlPbrrO.exe
  C:\Windows\System\PlPbrrO.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\mxoModt.exe
  C:\Windows\System\mxoModt.exe
  2⤵
  PID:3296
- C:\Windows\System\FZKPWPG.exe
  C:\Windows\System\FZKPWPG.exe
  2⤵
  PID:976
- C:\Windows\System\DxYzNOb.exe
  C:\Windows\System\DxYzNOb.exe
  2⤵
  PID:1564
- C:\Windows\System\VmawWad.exe
  C:\Windows\System\VmawWad.exe
  2⤵
  PID:3156
- C:\Windows\System\uGknJic.exe
  C:\Windows\System\uGknJic.exe
  2⤵
  PID:3676
- C:\Windows\System\BUyZqRt.exe
  C:\Windows\System\BUyZqRt.exe
  2⤵
  PID:1924
- C:\Windows\System\NjCGdwT.exe
  C:\Windows\System\NjCGdwT.exe
  2⤵
  PID:1076
- C:\Windows\System\DuyQJjJ.exe
  C:\Windows\System\DuyQJjJ.exe
  2⤵
  PID:4468
- C:\Windows\System\xXGlnAJ.exe
  C:\Windows\System\xXGlnAJ.exe
  2⤵
  PID:2044
- C:\Windows\System\FJETwbz.exe
  C:\Windows\System\FJETwbz.exe
  2⤵
  PID:4836
- C:\Windows\System\rEvzKWn.exe
  C:\Windows\System\rEvzKWn.exe
  2⤵
  PID:5028
- C:\Windows\System\CiEyhMR.exe
  C:\Windows\System\CiEyhMR.exe
  2⤵
  PID:3580
- C:\Windows\System\WefYdXg.exe
  C:\Windows\System\WefYdXg.exe
  2⤵
  PID:4032
- C:\Windows\System\sGdmnrR.exe
  C:\Windows\System\sGdmnrR.exe
  2⤵
  PID:3428
- C:\Windows\System\MsvfKsE.exe
  C:\Windows\System\MsvfKsE.exe
  2⤵
  PID:1484
- C:\Windows\System\OnAWmqb.exe
  C:\Windows\System\OnAWmqb.exe
  2⤵
  PID:3940
- C:\Windows\System\FfjREHg.exe
  C:\Windows\System\FfjREHg.exe
  2⤵
  PID:1500
- C:\Windows\System\RkDPNXu.exe
  C:\Windows\System\RkDPNXu.exe
  2⤵
  PID:1448
- C:\Windows\System\VqHAqOS.exe
  C:\Windows\System\VqHAqOS.exe
  2⤵
  PID:3680
- C:\Windows\System\FwjGrZf.exe
  C:\Windows\System\FwjGrZf.exe
  2⤵
  PID:1328
- C:\Windows\System\DVkzAzP.exe
  C:\Windows\System\DVkzAzP.exe
  2⤵
  PID:4400
- C:\Windows\System\TorVglg.exe
  C:\Windows\System\TorVglg.exe
  2⤵
  PID:4476
- C:\Windows\System\ayvSkKo.exe
  C:\Windows\System\ayvSkKo.exe
  2⤵
  PID:3732
- C:\Windows\System\cNMNkAy.exe
  C:\Windows\System\cNMNkAy.exe
  2⤵
  PID:1456
- C:\Windows\System\wqTtMqS.exe
  C:\Windows\System\wqTtMqS.exe
  2⤵
  PID:5124
- C:\Windows\System\NkVBMnz.exe
  C:\Windows\System\NkVBMnz.exe
  2⤵
  PID:5148
- C:\Windows\System\gmXWaxS.exe
  C:\Windows\System\gmXWaxS.exe
  2⤵
  PID:5168
- C:\Windows\System\XcVnKMP.exe
  C:\Windows\System\XcVnKMP.exe
  2⤵
  PID:5212
- C:\Windows\System\CmUdWSF.exe
  C:\Windows\System\CmUdWSF.exe
  2⤵
  PID:5280
- C:\Windows\System\SdpAPVq.exe
  C:\Windows\System\SdpAPVq.exe
  2⤵
  PID:5304
- C:\Windows\System\aOchHgf.exe
  C:\Windows\System\aOchHgf.exe
  2⤵
  PID:5340
- C:\Windows\System\bLvTQCv.exe
  C:\Windows\System\bLvTQCv.exe
  2⤵
  PID:5392
- C:\Windows\System\BIZKRVG.exe
  C:\Windows\System\BIZKRVG.exe
  2⤵
  PID:5452
- C:\Windows\System\ivjrdhp.exe
  C:\Windows\System\ivjrdhp.exe
  2⤵
  PID:5472
- C:\Windows\System\uXoiqWx.exe
  C:\Windows\System\uXoiqWx.exe
  2⤵
  PID:5492
- C:\Windows\System\xYVaoWJ.exe
  C:\Windows\System\xYVaoWJ.exe
  2⤵
  PID:5508
- C:\Windows\System\IXEhfUc.exe
  C:\Windows\System\IXEhfUc.exe
  2⤵
  PID:5524
- C:\Windows\System\iipvcjw.exe
  C:\Windows\System\iipvcjw.exe
  2⤵
  PID:5544
- C:\Windows\System\iHKnytq.exe
  C:\Windows\System\iHKnytq.exe
  2⤵
  PID:5584
- C:\Windows\System\nuyOROc.exe
  C:\Windows\System\nuyOROc.exe
  2⤵
  PID:5628
- C:\Windows\System\aHinifj.exe
  C:\Windows\System\aHinifj.exe
  2⤵
  PID:5648
- C:\Windows\System\PTxOvVK.exe
  C:\Windows\System\PTxOvVK.exe
  2⤵
  PID:5708
- C:\Windows\System\uVoIiKe.exe
  C:\Windows\System\uVoIiKe.exe
  2⤵
  PID:5748
- C:\Windows\System\JmzenEW.exe
  C:\Windows\System\JmzenEW.exe
  2⤵
  PID:5772
- C:\Windows\System\fzTEFEP.exe
  C:\Windows\System\fzTEFEP.exe
  2⤵
  PID:5792
- C:\Windows\System\uvmRWCQ.exe
  C:\Windows\System\uvmRWCQ.exe
  2⤵
  PID:5812
- C:\Windows\System\cEsVSfw.exe
  C:\Windows\System\cEsVSfw.exe
  2⤵
  PID:5852
- C:\Windows\System\EIOmmWk.exe
  C:\Windows\System\EIOmmWk.exe
  2⤵
  PID:5892
- C:\Windows\System\gSDGXAv.exe
  C:\Windows\System\gSDGXAv.exe
  2⤵
  PID:5920
- C:\Windows\System\TXhYnjx.exe
  C:\Windows\System\TXhYnjx.exe
  2⤵
  PID:5988
- C:\Windows\System\eWmOyIm.exe
  C:\Windows\System\eWmOyIm.exe
  2⤵
  PID:6004
- C:\Windows\System\upBAHft.exe
  C:\Windows\System\upBAHft.exe
  2⤵
  PID:6044
- C:\Windows\System\LRBvFyk.exe
  C:\Windows\System\LRBvFyk.exe
  2⤵
  PID:6064
- C:\Windows\System\ErQBrQn.exe
  C:\Windows\System\ErQBrQn.exe
  2⤵
  PID:6080
- C:\Windows\System\rauwmyQ.exe
  C:\Windows\System\rauwmyQ.exe
  2⤵
  PID:6096
- C:\Windows\System\SuBXCUC.exe
  C:\Windows\System\SuBXCUC.exe
  2⤵
  PID:6112
- C:\Windows\System\XvPqDfj.exe
  C:\Windows\System\XvPqDfj.exe
  2⤵
  PID:964
- C:\Windows\System\rDuhpHZ.exe
  C:\Windows\System\rDuhpHZ.exe
  2⤵
  PID:3408
- C:\Windows\System\zBdHvOI.exe
  C:\Windows\System\zBdHvOI.exe
  2⤵
  PID:5204
- C:\Windows\System\sigtsNI.exe
  C:\Windows\System\sigtsNI.exe
  2⤵
  PID:5188
- C:\Windows\System\UxxxURJ.exe
  C:\Windows\System\UxxxURJ.exe
  2⤵
  PID:1476
- C:\Windows\System\rRoMAkS.exe
  C:\Windows\System\rRoMAkS.exe
  2⤵
  PID:4876
- C:\Windows\System\JrvmcgN.exe
  C:\Windows\System\JrvmcgN.exe
  2⤵
  PID:5232
- C:\Windows\System\miWFRFU.exe
  C:\Windows\System\miWFRFU.exe
  2⤵
  PID:820
- C:\Windows\System\GconuHL.exe
  C:\Windows\System\GconuHL.exe
  2⤵
  PID:5324
- C:\Windows\System\aLnmmTe.exe
  C:\Windows\System\aLnmmTe.exe
  2⤵
  PID:5336
- C:\Windows\System\UbYQZll.exe
  C:\Windows\System\UbYQZll.exe
  2⤵
  PID:400
- C:\Windows\System\aOKfhNh.exe
  C:\Windows\System\aOKfhNh.exe
  2⤵
  PID:5352
- C:\Windows\System\RqPxeTx.exe
  C:\Windows\System\RqPxeTx.exe
  2⤵
  PID:5408
- C:\Windows\System\brhjZgu.exe
  C:\Windows\System\brhjZgu.exe
  2⤵
  PID:5432
- C:\Windows\System\GWqtYcL.exe
  C:\Windows\System\GWqtYcL.exe
  2⤵
  PID:968
- C:\Windows\System\Jfbkxan.exe
  C:\Windows\System\Jfbkxan.exe
  2⤵
  PID:5412
- C:\Windows\System\YvUECSV.exe
  C:\Windows\System\YvUECSV.exe
  2⤵
  PID:5532
- C:\Windows\System\dAyIBMd.exe
  C:\Windows\System\dAyIBMd.exe
  2⤵
  PID:5464
- C:\Windows\System\PMoRXsC.exe
  C:\Windows\System\PMoRXsC.exe
  2⤵
  PID:3704
- C:\Windows\System\cgpnQRR.exe
  C:\Windows\System\cgpnQRR.exe
  2⤵
  PID:5732
- C:\Windows\System\gYidHlh.exe
  C:\Windows\System\gYidHlh.exe
  2⤵
  PID:5656
- C:\Windows\System\MMJGxuj.exe
  C:\Windows\System\MMJGxuj.exe
  2⤵
  PID:4104
- C:\Windows\System\elDQoMq.exe
  C:\Windows\System\elDQoMq.exe
  2⤵
  PID:1944
- C:\Windows\System\qoIowWQ.exe
  C:\Windows\System\qoIowWQ.exe
  2⤵
  PID:5332
- C:\Windows\System\GZBfPdr.exe
  C:\Windows\System\GZBfPdr.exe
  2⤵
  PID:5312
- C:\Windows\System\mexUsPh.exe
  C:\Windows\System\mexUsPh.exe
  2⤵
  PID:2864
- C:\Windows\System\IjCTKHq.exe
  C:\Windows\System\IjCTKHq.exe
  2⤵
  PID:5612
- C:\Windows\System\JRCFRZo.exe
  C:\Windows\System\JRCFRZo.exe
  2⤵
  PID:5564
- C:\Windows\System\KAefvTX.exe
  C:\Windows\System\KAefvTX.exe
  2⤵
  PID:5832
- C:\Windows\System\rnjBzcV.exe
  C:\Windows\System\rnjBzcV.exe
  2⤵
  PID:5948
- C:\Windows\System\hRGkdXc.exe
  C:\Windows\System\hRGkdXc.exe
  2⤵
  PID:6136
- C:\Windows\System\LWBoGcT.exe
  C:\Windows\System\LWBoGcT.exe
  2⤵
  PID:5244
- C:\Windows\System\tpEowRL.exe
  C:\Windows\System\tpEowRL.exe
  2⤵
  PID:5576
- C:\Windows\System\rEyeCpN.exe
  C:\Windows\System\rEyeCpN.exe
  2⤵
  PID:5500
- C:\Windows\System\CkWDOox.exe
  C:\Windows\System\CkWDOox.exe
  2⤵
  PID:5504
- C:\Windows\System\ILVvGCp.exe
  C:\Windows\System\ILVvGCp.exe
  2⤵
  PID:5300
- C:\Windows\System\cELRqhN.exe
  C:\Windows\System\cELRqhN.exe
  2⤵
  PID:6152
- C:\Windows\System\MEEgypN.exe
  C:\Windows\System\MEEgypN.exe
  2⤵
  PID:6168
- C:\Windows\System\xXuFEHC.exe
  C:\Windows\System\xXuFEHC.exe
  2⤵
  PID:6188
- C:\Windows\System\WzXzDNO.exe
  C:\Windows\System\WzXzDNO.exe
  2⤵
  PID:6208
- C:\Windows\System\qbXNGVX.exe
  C:\Windows\System\qbXNGVX.exe
  2⤵
  PID:6224
- C:\Windows\System\VieehEh.exe
  C:\Windows\System\VieehEh.exe
  2⤵
  PID:6244
- C:\Windows\System\ZrbkJQU.exe
  C:\Windows\System\ZrbkJQU.exe
  2⤵
  PID:6264
- C:\Windows\System\zBfoViD.exe
  C:\Windows\System\zBfoViD.exe
  2⤵
  PID:6284
- C:\Windows\System\oHLCWVc.exe
  C:\Windows\System\oHLCWVc.exe
  2⤵
  PID:6300
- C:\Windows\System\JWFIukf.exe
  C:\Windows\System\JWFIukf.exe
  2⤵
  PID:6316
- C:\Windows\System\CdGXhlJ.exe
  C:\Windows\System\CdGXhlJ.exe
  2⤵
  PID:6348
- C:\Windows\System\khhuAMi.exe
  C:\Windows\System\khhuAMi.exe
  2⤵
  PID:6376
- C:\Windows\System\fJAgZug.exe
  C:\Windows\System\fJAgZug.exe
  2⤵
  PID:6420
- C:\Windows\System\IlMNebW.exe
  C:\Windows\System\IlMNebW.exe
  2⤵
  PID:6436
- C:\Windows\System\qifjggb.exe
  C:\Windows\System\qifjggb.exe
  2⤵
  PID:6468
- C:\Windows\System\vjAomkH.exe
  C:\Windows\System\vjAomkH.exe
  2⤵
  PID:6496
- C:\Windows\System\PrtpSBh.exe
  C:\Windows\System\PrtpSBh.exe
  2⤵
  PID:6512
- C:\Windows\System\AoqfsNK.exe
  C:\Windows\System\AoqfsNK.exe
  2⤵
  PID:6540
- C:\Windows\System\PLSyawG.exe
  C:\Windows\System\PLSyawG.exe
  2⤵
  PID:6556
- C:\Windows\System\INTahGv.exe
  C:\Windows\System\INTahGv.exe
  2⤵
  PID:6584
- C:\Windows\System\XFiHgUQ.exe
  C:\Windows\System\XFiHgUQ.exe
  2⤵
  PID:6636
- C:\Windows\System\vTVdtSc.exe
  C:\Windows\System\vTVdtSc.exe
  2⤵
  PID:6680
- C:\Windows\System\ntjhtsS.exe
  C:\Windows\System\ntjhtsS.exe
  2⤵
  PID:6700
- C:\Windows\System\zLaynFt.exe
  C:\Windows\System\zLaynFt.exe
  2⤵
  PID:6716
- C:\Windows\System\lwEOVkR.exe
  C:\Windows\System\lwEOVkR.exe
  2⤵
  PID:6740
- C:\Windows\System\ECGQYxH.exe
  C:\Windows\System\ECGQYxH.exe
  2⤵
  PID:6756
- C:\Windows\System\CUEkrbY.exe
  C:\Windows\System\CUEkrbY.exe
  2⤵
  PID:6780
- C:\Windows\System\DtsvLbT.exe
  C:\Windows\System\DtsvLbT.exe
  2⤵
  PID:6796
- C:\Windows\System\rVQzSud.exe
  C:\Windows\System\rVQzSud.exe
  2⤵
  PID:6820
- C:\Windows\System\ZHzsXmw.exe
  C:\Windows\System\ZHzsXmw.exe
  2⤵
  PID:6836
- C:\Windows\System\NPwrLGN.exe
  C:\Windows\System\NPwrLGN.exe
  2⤵
  PID:6868
- C:\Windows\System\xvMfULi.exe
  C:\Windows\System\xvMfULi.exe
  2⤵
  PID:6892
- C:\Windows\System\AUbxLbV.exe
  C:\Windows\System\AUbxLbV.exe
  2⤵
  PID:6908
- C:\Windows\System\QXPivoi.exe
  C:\Windows\System\QXPivoi.exe
  2⤵
  PID:6976
- C:\Windows\System\pVzebNH.exe
  C:\Windows\System\pVzebNH.exe
  2⤵
  PID:7040
- C:\Windows\System\laOziYo.exe
  C:\Windows\System\laOziYo.exe
  2⤵
  PID:7056
- C:\Windows\System\rVOBFRH.exe
  C:\Windows\System\rVOBFRH.exe
  2⤵
  PID:7092
- C:\Windows\System\LlpBtoy.exe
  C:\Windows\System\LlpBtoy.exe
  2⤵
  PID:6012
- C:\Windows\System\RaGabCP.exe
  C:\Windows\System\RaGabCP.exe
  2⤵
  PID:6240
- C:\Windows\System\kDYoFrx.exe
  C:\Windows\System\kDYoFrx.exe
  2⤵
  PID:6272
- C:\Windows\System\AOSomKC.exe
  C:\Windows\System\AOSomKC.exe
  2⤵
  PID:6296
- C:\Windows\System\nEjXxvT.exe
  C:\Windows\System\nEjXxvT.exe
  2⤵
  PID:6432
- C:\Windows\System\aGhKocb.exe
  C:\Windows\System\aGhKocb.exe
  2⤵
  PID:6460
- C:\Windows\System\wkltebN.exe
  C:\Windows\System\wkltebN.exe
  2⤵
  PID:6520
- C:\Windows\System\oUtqIpX.exe
  C:\Windows\System\oUtqIpX.exe
  2⤵
  PID:6596
- C:\Windows\System\qvTJVOh.exe
  C:\Windows\System\qvTJVOh.exe
  2⤵
  PID:6628
- C:\Windows\System\UFLzZnJ.exe
  C:\Windows\System\UFLzZnJ.exe
  2⤵
  PID:6804
- C:\Windows\System\BUKFXmT.exe
  C:\Windows\System\BUKFXmT.exe
  2⤵
  PID:6708
- C:\Windows\System\xJbrqZC.exe
  C:\Windows\System\xJbrqZC.exe
  2⤵
  PID:6904
- C:\Windows\System\CsFSTRK.exe
  C:\Windows\System\CsFSTRK.exe
  2⤵
  PID:6876
- C:\Windows\System\KYrcxWP.exe
  C:\Windows\System\KYrcxWP.exe
  2⤵
  PID:6992
- C:\Windows\System\OlZDwrk.exe
  C:\Windows\System\OlZDwrk.exe
  2⤵
  PID:6928
- C:\Windows\System\CdRYmTj.exe
  C:\Windows\System\CdRYmTj.exe
  2⤵
  PID:7008
- C:\Windows\System\cULOttb.exe
  C:\Windows\System\cULOttb.exe
  2⤵
  PID:7116
- C:\Windows\System\HXSWsil.exe
  C:\Windows\System\HXSWsil.exe
  2⤵
  PID:6176
- C:\Windows\System\jEBTCaj.exe
  C:\Windows\System\jEBTCaj.exe
  2⤵
  PID:6324
- C:\Windows\System\AnaYNFW.exe
  C:\Windows\System\AnaYNFW.exe
  2⤵
  PID:6392
- C:\Windows\System\tTnfKbX.exe
  C:\Windows\System\tTnfKbX.exe
  2⤵
  PID:6508
- C:\Windows\System\LGfGJcl.exe
  C:\Windows\System\LGfGJcl.exe
  2⤵
  PID:1052
- C:\Windows\System\yKLMqlA.exe
  C:\Windows\System\yKLMqlA.exe
  2⤵
  PID:6788
- C:\Windows\System\wXgSTRC.exe
  C:\Windows\System\wXgSTRC.exe
  2⤵
  PID:6428
- C:\Windows\System\JnPHRBt.exe
  C:\Windows\System\JnPHRBt.exe
  2⤵
  PID:7080
- C:\Windows\System\HeXNkIz.exe
  C:\Windows\System\HeXNkIz.exe
  2⤵
  PID:4860
- C:\Windows\System\DzBtKTY.exe
  C:\Windows\System\DzBtKTY.exe
  2⤵
  PID:6696
- C:\Windows\System\FZEygFN.exe
  C:\Windows\System\FZEygFN.exe
  2⤵
  PID:6812
- C:\Windows\System\kIaDONJ.exe
  C:\Windows\System\kIaDONJ.exe
  2⤵
  PID:7180
- C:\Windows\System\SRUshJr.exe
  C:\Windows\System\SRUshJr.exe
  2⤵
  PID:7204
- C:\Windows\System\OSrMJqU.exe
  C:\Windows\System\OSrMJqU.exe
  2⤵
  PID:7224
- C:\Windows\System\hprSLwt.exe
  C:\Windows\System\hprSLwt.exe
  2⤵
  PID:7240
- C:\Windows\System\cKrtbQN.exe
  C:\Windows\System\cKrtbQN.exe
  2⤵
  PID:7280
- C:\Windows\System\xzHjCTx.exe
  C:\Windows\System\xzHjCTx.exe
  2⤵
  PID:7328
- C:\Windows\System\GwbBrvG.exe
  C:\Windows\System\GwbBrvG.exe
  2⤵
  PID:7344
- C:\Windows\System\TPcfzpG.exe
  C:\Windows\System\TPcfzpG.exe
  2⤵
  PID:7372
- C:\Windows\System\OEZTThX.exe
  C:\Windows\System\OEZTThX.exe
  2⤵
  PID:7392
- C:\Windows\System\ZcYKVFS.exe
  C:\Windows\System\ZcYKVFS.exe
  2⤵
  PID:7412
- C:\Windows\System\pwFnIPc.exe
  C:\Windows\System\pwFnIPc.exe
  2⤵
  PID:7436
- C:\Windows\System\PhhbIoS.exe
  C:\Windows\System\PhhbIoS.exe
  2⤵
  PID:7452
- C:\Windows\System\dwNlXeU.exe
  C:\Windows\System\dwNlXeU.exe
  2⤵
  PID:7552
- C:\Windows\System\XuikTID.exe
  C:\Windows\System\XuikTID.exe
  2⤵
  PID:7596
- C:\Windows\System\elAcldd.exe
  C:\Windows\System\elAcldd.exe
  2⤵
  PID:7612
- C:\Windows\System\fSkrUgZ.exe
  C:\Windows\System\fSkrUgZ.exe
  2⤵
  PID:7632
- C:\Windows\System\VDZPmMK.exe
  C:\Windows\System\VDZPmMK.exe
  2⤵
  PID:7664
- C:\Windows\System\QCXNppc.exe
  C:\Windows\System\QCXNppc.exe
  2⤵
  PID:7680
- C:\Windows\System\wZIjaUh.exe
  C:\Windows\System\wZIjaUh.exe
  2⤵
  PID:7700
- C:\Windows\System\TmETlzO.exe
  C:\Windows\System\TmETlzO.exe
  2⤵
  PID:7724
- C:\Windows\System\yyyAZeS.exe
  C:\Windows\System\yyyAZeS.exe
  2⤵
  PID:7768
- C:\Windows\System\xjGEHCI.exe
  C:\Windows\System\xjGEHCI.exe
  2⤵
  PID:7792
- C:\Windows\System\uberHDW.exe
  C:\Windows\System\uberHDW.exe
  2⤵
  PID:7840
- C:\Windows\System\rbklgiC.exe
  C:\Windows\System\rbklgiC.exe
  2⤵
  PID:7860
- C:\Windows\System\LnLuCaM.exe
  C:\Windows\System\LnLuCaM.exe
  2⤵
  PID:7880
- C:\Windows\System\zUduzMK.exe
  C:\Windows\System\zUduzMK.exe
  2⤵
  PID:7896
- C:\Windows\System\sftDrCH.exe
  C:\Windows\System\sftDrCH.exe
  2⤵
  PID:7920
- C:\Windows\System\ddQxahk.exe
  C:\Windows\System\ddQxahk.exe
  2⤵
  PID:7936
- C:\Windows\System\zudgTrH.exe
  C:\Windows\System\zudgTrH.exe
  2⤵
  PID:7960
- C:\Windows\System\WAZjKPR.exe
  C:\Windows\System\WAZjKPR.exe
  2⤵
  PID:7984
- C:\Windows\System\jaIOcUu.exe
  C:\Windows\System\jaIOcUu.exe
  2⤵
  PID:8012
- C:\Windows\System\gfOOlms.exe
  C:\Windows\System\gfOOlms.exe
  2⤵
  PID:8036
- C:\Windows\System\IOlmWPS.exe
  C:\Windows\System\IOlmWPS.exe
  2⤵
  PID:8112
- C:\Windows\System\wIdjaNq.exe
  C:\Windows\System\wIdjaNq.exe
  2⤵
  PID:8132
- C:\Windows\System\EJbOFhI.exe
  C:\Windows\System\EJbOFhI.exe
  2⤵
  PID:8152
- C:\Windows\System\oXopIiz.exe
  C:\Windows\System\oXopIiz.exe
  2⤵
  PID:8172
- C:\Windows\System\ByVMGHV.exe
  C:\Windows\System\ByVMGHV.exe
  2⤵
  PID:6484
- C:\Windows\System\HwEdnUl.exe
  C:\Windows\System\HwEdnUl.exe
  2⤵
  PID:6932
- C:\Windows\System\hGGARpS.exe
  C:\Windows\System\hGGARpS.exe
  2⤵
  PID:7200
- C:\Windows\System\IebvdyP.exe
  C:\Windows\System\IebvdyP.exe
  2⤵
  PID:7236
- C:\Windows\System\WuMlQae.exe
  C:\Windows\System\WuMlQae.exe
  2⤵
  PID:7312
- C:\Windows\System\zkfffog.exe
  C:\Windows\System\zkfffog.exe
  2⤵
  PID:7364
- C:\Windows\System\TojquNW.exe
  C:\Windows\System\TojquNW.exe
  2⤵
  PID:7352
- C:\Windows\System\PCunrPx.exe
  C:\Windows\System\PCunrPx.exe
  2⤵
  PID:7448
- C:\Windows\System\YtkjLKh.exe
  C:\Windows\System\YtkjLKh.exe
  2⤵
  PID:7480
- C:\Windows\System\FFbyKYX.exe
  C:\Windows\System\FFbyKYX.exe
  2⤵
  PID:7568
- C:\Windows\System\klyXWOy.exe
  C:\Windows\System\klyXWOy.exe
  2⤵
  PID:7604
- C:\Windows\System\XSklAzO.exe
  C:\Windows\System\XSklAzO.exe
  2⤵
  PID:7804
- C:\Windows\System\eezDZLK.exe
  C:\Windows\System\eezDZLK.exe
  2⤵
  PID:7764
- C:\Windows\System\kBVqOpg.exe
  C:\Windows\System\kBVqOpg.exe
  2⤵
  PID:7852
- C:\Windows\System\rZbWumw.exe
  C:\Windows\System\rZbWumw.exe
  2⤵
  PID:7904
- C:\Windows\System\zPFjBsT.exe
  C:\Windows\System\zPFjBsT.exe
  2⤵
  PID:7976
- C:\Windows\System\VlbhdpV.exe
  C:\Windows\System\VlbhdpV.exe
  2⤵
  PID:8028
- C:\Windows\System\XPjuJfP.exe
  C:\Windows\System\XPjuJfP.exe
  2⤵
  PID:8128
- C:\Windows\System\vJWUgmm.exe
  C:\Windows\System\vJWUgmm.exe
  2⤵
  PID:8144
- C:\Windows\System\PiiGxYs.exe
  C:\Windows\System\PiiGxYs.exe
  2⤵
  PID:8164
- C:\Windows\System\ZQmtGOm.exe
  C:\Windows\System\ZQmtGOm.exe
  2⤵
  PID:7192
- C:\Windows\System\HhQOCVU.exe
  C:\Windows\System\HhQOCVU.exe
  2⤵
  PID:6952
- C:\Windows\System\JzyYUbX.exe
  C:\Windows\System\JzyYUbX.exe
  2⤵
  PID:7336
- C:\Windows\System\JKMiTod.exe
  C:\Windows\System\JKMiTod.exe
  2⤵
  PID:7516
- C:\Windows\System\nqJBaeF.exe
  C:\Windows\System\nqJBaeF.exe
  2⤵
  PID:7540
- C:\Windows\System\ZboccjR.exe
  C:\Windows\System\ZboccjR.exe
  2⤵
  PID:7944
- C:\Windows\System\ckgGKso.exe
  C:\Windows\System\ckgGKso.exe
  2⤵
  PID:7876
- C:\Windows\System\fapPkrD.exe
  C:\Windows\System\fapPkrD.exe
  2⤵
  PID:5560
- C:\Windows\System\jOPdpwq.exe
  C:\Windows\System\jOPdpwq.exe
  2⤵
  PID:7836
- C:\Windows\System\iREJiAs.exe
  C:\Windows\System\iREJiAs.exe
  2⤵
  PID:7692
- C:\Windows\System\ZKUxNAR.exe
  C:\Windows\System\ZKUxNAR.exe
  2⤵
  PID:8048
- C:\Windows\System\ecLmsPM.exe
  C:\Windows\System\ecLmsPM.exe
  2⤵
  PID:8196
- C:\Windows\System\oZxhHJX.exe
  C:\Windows\System\oZxhHJX.exe
  2⤵
  PID:8220
- C:\Windows\System\cHEmpty.exe
  C:\Windows\System\cHEmpty.exe
  2⤵
  PID:8240
- C:\Windows\System\kcusJHC.exe
  C:\Windows\System\kcusJHC.exe
  2⤵
  PID:8292
- C:\Windows\System\nLFpCiQ.exe
  C:\Windows\System\nLFpCiQ.exe
  2⤵
  PID:8316
- C:\Windows\System\aPnhhyd.exe
  C:\Windows\System\aPnhhyd.exe
  2⤵
  PID:8336
- C:\Windows\System\JtiAwxc.exe
  C:\Windows\System\JtiAwxc.exe
  2⤵
  PID:8384
- C:\Windows\System\HqnJbUE.exe
  C:\Windows\System\HqnJbUE.exe
  2⤵
  PID:8436
- C:\Windows\System\wHdZfGp.exe
  C:\Windows\System\wHdZfGp.exe
  2⤵
  PID:8456
- C:\Windows\System\eKzNmeF.exe
  C:\Windows\System\eKzNmeF.exe
  2⤵
  PID:8484
- C:\Windows\System\YOjNBuX.exe
  C:\Windows\System\YOjNBuX.exe
  2⤵
  PID:8504
- C:\Windows\System\UFcPJZJ.exe
  C:\Windows\System\UFcPJZJ.exe
  2⤵
  PID:8532
- C:\Windows\System\TRoGVZg.exe
  C:\Windows\System\TRoGVZg.exe
  2⤵
  PID:8588
- C:\Windows\System\IUHiEGS.exe
  C:\Windows\System\IUHiEGS.exe
  2⤵
  PID:8608
- C:\Windows\System\XQXzkhk.exe
  C:\Windows\System\XQXzkhk.exe
  2⤵
  PID:8632
- C:\Windows\System\JmjsJLC.exe
  C:\Windows\System\JmjsJLC.exe
  2⤵
  PID:8660
- C:\Windows\System\icVSiCC.exe
  C:\Windows\System\icVSiCC.exe
  2⤵
  PID:8684
- C:\Windows\System\hJUrksv.exe
  C:\Windows\System\hJUrksv.exe
  2⤵
  PID:8700
- C:\Windows\System\WplJraZ.exe
  C:\Windows\System\WplJraZ.exe
  2⤵
  PID:8724
- C:\Windows\System\zcRPLZs.exe
  C:\Windows\System\zcRPLZs.exe
  2⤵
  PID:8780
- C:\Windows\System\eJsBwrN.exe
  C:\Windows\System\eJsBwrN.exe
  2⤵
  PID:8796
- C:\Windows\System\YmLfbvC.exe
  C:\Windows\System\YmLfbvC.exe
  2⤵
  PID:8820
- C:\Windows\System\apFwMpy.exe
  C:\Windows\System\apFwMpy.exe
  2⤵
  PID:8844
- C:\Windows\System\dZOoUEO.exe
  C:\Windows\System\dZOoUEO.exe
  2⤵
  PID:8880
- C:\Windows\System\lvrzSAg.exe
  C:\Windows\System\lvrzSAg.exe
  2⤵
  PID:8896
- C:\Windows\System\xVUsKZM.exe
  C:\Windows\System\xVUsKZM.exe
  2⤵
  PID:8920
- C:\Windows\System\EtTksTk.exe
  C:\Windows\System\EtTksTk.exe
  2⤵
  PID:8948
- C:\Windows\System\DuWdQVL.exe
  C:\Windows\System\DuWdQVL.exe
  2⤵
  PID:9004
- C:\Windows\System\cGeoYPy.exe
  C:\Windows\System\cGeoYPy.exe
  2⤵
  PID:9020
- C:\Windows\System\RPyomTQ.exe
  C:\Windows\System\RPyomTQ.exe
  2⤵
  PID:9040
- C:\Windows\System\IlMkaNK.exe
  C:\Windows\System\IlMkaNK.exe
  2⤵
  PID:9072
- C:\Windows\System\UgpVOMH.exe
  C:\Windows\System\UgpVOMH.exe
  2⤵
  PID:9136
- C:\Windows\System\SPmkonJ.exe
  C:\Windows\System\SPmkonJ.exe
  2⤵
  PID:9152
- C:\Windows\System\qPdYdbD.exe
  C:\Windows\System\qPdYdbD.exe
  2⤵
  PID:9176
- C:\Windows\System\IBoptMx.exe
  C:\Windows\System\IBoptMx.exe
  2⤵
  PID:9204
- C:\Windows\System\ITDyhDl.exe
  C:\Windows\System\ITDyhDl.exe
  2⤵
  PID:7388
- C:\Windows\System\gySXhkS.exe
  C:\Windows\System\gySXhkS.exe
  2⤵
  PID:7408
- C:\Windows\System\eWUmkND.exe
  C:\Windows\System\eWUmkND.exe
  2⤵
  PID:8232
- C:\Windows\System\HMElLMi.exe
  C:\Windows\System\HMElLMi.exe
  2⤵
  PID:8236
- C:\Windows\System\XEnkgtq.exe
  C:\Windows\System\XEnkgtq.exe
  2⤵
  PID:8376
- C:\Windows\System\HGGeCdh.exe
  C:\Windows\System\HGGeCdh.exe
  2⤵
  PID:8312
- C:\Windows\System\diSmDHo.exe
  C:\Windows\System\diSmDHo.exe
  2⤵
  PID:8492
- C:\Windows\System\dxwFciM.exe
  C:\Windows\System\dxwFciM.exe
  2⤵
  PID:8520
- C:\Windows\System\hohjdii.exe
  C:\Windows\System\hohjdii.exe
  2⤵
  PID:8624
- C:\Windows\System\ZTHsMWU.exe
  C:\Windows\System\ZTHsMWU.exe
  2⤵
  PID:8672
- C:\Windows\System\cZVUkxj.exe
  C:\Windows\System\cZVUkxj.exe
  2⤵
  PID:8760
- C:\Windows\System\oHzXIvW.exe
  C:\Windows\System\oHzXIvW.exe
  2⤵
  PID:8836
- C:\Windows\System\jKfFjOq.exe
  C:\Windows\System\jKfFjOq.exe
  2⤵
  PID:8892
- C:\Windows\System\fSEscld.exe
  C:\Windows\System\fSEscld.exe
  2⤵
  PID:8932
- C:\Windows\System\jyHsGlR.exe
  C:\Windows\System\jyHsGlR.exe
  2⤵
  PID:9012
- C:\Windows\System\WnZPMGM.exe
  C:\Windows\System\WnZPMGM.exe
  2⤵
  PID:9060
- C:\Windows\System\izjTqhH.exe
  C:\Windows\System\izjTqhH.exe
  2⤵
  PID:9132
- C:\Windows\System\RIbYSFV.exe
  C:\Windows\System\RIbYSFV.exe
  2⤵
  PID:9184
- C:\Windows\System\LjXpGce.exe
  C:\Windows\System\LjXpGce.exe
  2⤵
  PID:8184
- C:\Windows\System\RRQwqFE.exe
  C:\Windows\System\RRQwqFE.exe
  2⤵
  PID:8304
- C:\Windows\System\UOKdZIq.exe
  C:\Windows\System\UOKdZIq.exe
  2⤵
  PID:8560
- C:\Windows\System\gamdHae.exe
  C:\Windows\System\gamdHae.exe
  2⤵
  PID:8668
- C:\Windows\System\JFREylk.exe
  C:\Windows\System\JFREylk.exe
  2⤵
  PID:8940
- C:\Windows\System\frWUCPi.exe
  C:\Windows\System\frWUCPi.exe
  2⤵
  PID:8980
- C:\Windows\System\oXOWLZJ.exe
  C:\Windows\System\oXOWLZJ.exe
  2⤵
  PID:9164
- C:\Windows\System\ZzYBXrh.exe
  C:\Windows\System\ZzYBXrh.exe
  2⤵
  PID:8344
- C:\Windows\System\DWcxUHM.exe
  C:\Windows\System\DWcxUHM.exe
  2⤵
  PID:8528
- C:\Windows\System\rXgAwSL.exe
  C:\Windows\System\rXgAwSL.exe
  2⤵
  PID:8208
- C:\Windows\System\cxnLvXW.exe
  C:\Windows\System\cxnLvXW.exe
  2⤵
  PID:5360
- C:\Windows\System\SMxcKKY.exe
  C:\Windows\System\SMxcKKY.exe
  2⤵
  PID:8276
- C:\Windows\System\rYAyVhw.exe
  C:\Windows\System\rYAyVhw.exe
  2⤵
  PID:9240
- C:\Windows\System\EOTmewy.exe
  C:\Windows\System\EOTmewy.exe
  2⤵
  PID:9256
- C:\Windows\System\YplaLur.exe
  C:\Windows\System\YplaLur.exe
  2⤵
  PID:9280
- C:\Windows\System\SaEXwIB.exe
  C:\Windows\System\SaEXwIB.exe
  2⤵
  PID:9304
- C:\Windows\System\fzpqiaM.exe
  C:\Windows\System\fzpqiaM.exe
  2⤵
  PID:9324
- C:\Windows\System\QgTwQAX.exe
  C:\Windows\System\QgTwQAX.exe
  2⤵
  PID:9360
- C:\Windows\System\YblbwDo.exe
  C:\Windows\System\YblbwDo.exe
  2⤵
  PID:9412
- C:\Windows\System\YiwaKzV.exe
  C:\Windows\System\YiwaKzV.exe
  2⤵
  PID:9432
- C:\Windows\System\zjieHJO.exe
  C:\Windows\System\zjieHJO.exe
  2⤵
  PID:9456
- C:\Windows\System\husGEZp.exe
  C:\Windows\System\husGEZp.exe
  2⤵
  PID:9484
- C:\Windows\System\UvPMotx.exe
  C:\Windows\System\UvPMotx.exe
  2⤵
  PID:9548
- C:\Windows\System\rXVJADn.exe
  C:\Windows\System\rXVJADn.exe
  2⤵
  PID:9564
- C:\Windows\System\tiFAPEM.exe
  C:\Windows\System\tiFAPEM.exe
  2⤵
  PID:9584
- C:\Windows\System\UjmvMxB.exe
  C:\Windows\System\UjmvMxB.exe
  2⤵
  PID:9652
- C:\Windows\System\RdjCjpi.exe
  C:\Windows\System\RdjCjpi.exe
  2⤵
  PID:9668
- C:\Windows\System\fECLYlC.exe
  C:\Windows\System\fECLYlC.exe
  2⤵
  PID:9688
- C:\Windows\System\JkouQor.exe
  C:\Windows\System\JkouQor.exe
  2⤵
  PID:9712
- C:\Windows\System\smFewXS.exe
  C:\Windows\System\smFewXS.exe
  2⤵
  PID:9732
- C:\Windows\System\XLwSTOP.exe
  C:\Windows\System\XLwSTOP.exe
  2⤵
  PID:9772
- C:\Windows\System\BnKWXpw.exe
  C:\Windows\System\BnKWXpw.exe
  2⤵
  PID:9796
- C:\Windows\System\vGSCFPJ.exe
  C:\Windows\System\vGSCFPJ.exe
  2⤵
  PID:9820
- C:\Windows\System\zExwxRS.exe
  C:\Windows\System\zExwxRS.exe
  2⤵
  PID:9856
- C:\Windows\System\XbtpXrQ.exe
  C:\Windows\System\XbtpXrQ.exe
  2⤵
  PID:9872
- C:\Windows\System\nTNvqKK.exe
  C:\Windows\System\nTNvqKK.exe
  2⤵
  PID:9900
- C:\Windows\System\Qnkhiwg.exe
  C:\Windows\System\Qnkhiwg.exe
  2⤵
  PID:9920
- C:\Windows\System\CeGevDq.exe
  C:\Windows\System\CeGevDq.exe
  2⤵
  PID:9944
- C:\Windows\System\ugPaRas.exe
  C:\Windows\System\ugPaRas.exe
  2⤵
  PID:9964
- C:\Windows\System\gEfjpNQ.exe
  C:\Windows\System\gEfjpNQ.exe
  2⤵
  PID:10020
- C:\Windows\System\xiWaRSX.exe
  C:\Windows\System\xiWaRSX.exe
  2⤵
  PID:10048
- C:\Windows\System\vrNHRRr.exe
  C:\Windows\System\vrNHRRr.exe
  2⤵
  PID:10084
- C:\Windows\System\PbIWhBV.exe
  C:\Windows\System\PbIWhBV.exe
  2⤵
  PID:10100
- C:\Windows\System\qwWibMv.exe
  C:\Windows\System\qwWibMv.exe
  2⤵
  PID:10128
- C:\Windows\System\QMPpOWs.exe
  C:\Windows\System\QMPpOWs.exe
  2⤵
  PID:10152
- C:\Windows\System\OfxBJWM.exe
  C:\Windows\System\OfxBJWM.exe
  2⤵
  PID:10176
- C:\Windows\System\lOnHVYU.exe
  C:\Windows\System\lOnHVYU.exe
  2⤵
  PID:10212
- C:\Windows\System\fdVsXHc.exe
  C:\Windows\System\fdVsXHc.exe
  2⤵
  PID:8716
- C:\Windows\System\JzLGsPw.exe
  C:\Windows\System\JzLGsPw.exe
  2⤵
  PID:8792
- C:\Windows\System\IRNDjXW.exe
  C:\Windows\System\IRNDjXW.exe
  2⤵
  PID:9276
- C:\Windows\System\CswWMyB.exe
  C:\Windows\System\CswWMyB.exe
  2⤵
  PID:9312
- C:\Windows\System\WUloBCJ.exe
  C:\Windows\System\WUloBCJ.exe
  2⤵
  PID:9524
- C:\Windows\System\iAedtbu.exe
  C:\Windows\System\iAedtbu.exe
  2⤵
  PID:9576
- C:\Windows\System\GEKNJio.exe
  C:\Windows\System\GEKNJio.exe
  2⤵
  PID:9620
- C:\Windows\System\wEYiZpb.exe
  C:\Windows\System\wEYiZpb.exe
  2⤵
  PID:9660
- C:\Windows\System\ffuYtPm.exe
  C:\Windows\System\ffuYtPm.exe
  2⤵
  PID:9684
- C:\Windows\System\IuarKXd.exe
  C:\Windows\System\IuarKXd.exe
  2⤵
  PID:9728
- C:\Windows\System\aPkbtNZ.exe
  C:\Windows\System\aPkbtNZ.exe
  2⤵
  PID:9760
- C:\Windows\System\UhXuFoA.exe
  C:\Windows\System\UhXuFoA.exe
  2⤵
  PID:9808
- C:\Windows\System\NHGNYBA.exe
  C:\Windows\System\NHGNYBA.exe
  2⤵
  PID:9908
- C:\Windows\System\EPZQWIx.exe
  C:\Windows\System\EPZQWIx.exe
  2⤵
  PID:9880
- C:\Windows\System\WqsIsyc.exe
  C:\Windows\System\WqsIsyc.exe
  2⤵
  PID:9916
- C:\Windows\System\eXfdoVJ.exe
  C:\Windows\System\eXfdoVJ.exe
  2⤵
  PID:9952
- C:\Windows\System\oaazOUd.exe
  C:\Windows\System\oaazOUd.exe
  2⤵
  PID:9996
- C:\Windows\System\PsEnSaY.exe
  C:\Windows\System\PsEnSaY.exe
  2⤵
  PID:10004
- C:\Windows\System\aTrqfxg.exe
  C:\Windows\System\aTrqfxg.exe
  2⤵
  PID:10068
- C:\Windows\System\AOfHjRc.exe
  C:\Windows\System\AOfHjRc.exe
  2⤵
  PID:10192
- C:\Windows\System\CpMmzok.exe
  C:\Windows\System\CpMmzok.exe
  2⤵
  PID:8448
- C:\Windows\System\UrOfrWh.exe
  C:\Windows\System\UrOfrWh.exe
  2⤵
  PID:10244
- C:\Windows\System\xkCsuEl.exe
  C:\Windows\System\xkCsuEl.exe
  2⤵
  PID:10260
- C:\Windows\System\FMvQbKk.exe
  C:\Windows\System\FMvQbKk.exe
  2⤵
  PID:10304
- C:\Windows\System\fnYwDwq.exe
  C:\Windows\System\fnYwDwq.exe
  2⤵
  PID:10320
- C:\Windows\System\eDEPYuY.exe
  C:\Windows\System\eDEPYuY.exe
  2⤵
  PID:10340
- C:\Windows\System\PCaLtHe.exe
  C:\Windows\System\PCaLtHe.exe
  2⤵
  PID:10400
- C:\Windows\System\MLvpXNd.exe
  C:\Windows\System\MLvpXNd.exe
  2⤵
  PID:10564
- C:\Windows\System\zPPxXMq.exe
  C:\Windows\System\zPPxXMq.exe
  2⤵
  PID:10636
- C:\Windows\System\DHQflCR.exe
  C:\Windows\System\DHQflCR.exe
  2⤵
  PID:10652
- C:\Windows\System\gJaqmgt.exe
  C:\Windows\System\gJaqmgt.exe
  2⤵
  PID:10672
- C:\Windows\System\mlLLZFl.exe
  C:\Windows\System\mlLLZFl.exe
  2⤵
  PID:10696
- C:\Windows\System\SFMqTMx.exe
  C:\Windows\System\SFMqTMx.exe
  2⤵
  PID:10716
- C:\Windows\System\DdCxkOP.exe
  C:\Windows\System\DdCxkOP.exe
  2⤵
  PID:10732
- C:\Windows\System\AwfjsLn.exe
  C:\Windows\System\AwfjsLn.exe
  2⤵
  PID:10776
- C:\Windows\System\dhxefjK.exe
  C:\Windows\System\dhxefjK.exe
  2⤵
  PID:10792
- C:\Windows\System\OmXJdAy.exe
  C:\Windows\System\OmXJdAy.exe
  2⤵
  PID:10828
- C:\Windows\System\xoKjqJa.exe
  C:\Windows\System\xoKjqJa.exe
  2⤵
  PID:10868
- C:\Windows\System\OdTMymr.exe
  C:\Windows\System\OdTMymr.exe
  2⤵
  PID:10888
- C:\Windows\System\eOYUzIT.exe
  C:\Windows\System\eOYUzIT.exe
  2⤵
  PID:10916
- C:\Windows\System\jxTNRmI.exe
  C:\Windows\System\jxTNRmI.exe
  2⤵
  PID:10960
- C:\Windows\System\NJRUpOi.exe
  C:\Windows\System\NJRUpOi.exe
  2⤵
  PID:10992
- C:\Windows\System\vclmgBD.exe
  C:\Windows\System\vclmgBD.exe
  2⤵
  PID:11020
- C:\Windows\System\mpUhqjh.exe
  C:\Windows\System\mpUhqjh.exe
  2⤵
  PID:11040
- C:\Windows\System\yOJOlzU.exe
  C:\Windows\System\yOJOlzU.exe
  2⤵
  PID:11064
- C:\Windows\System\VGMXLhP.exe
  C:\Windows\System\VGMXLhP.exe
  2⤵
  PID:11084
- C:\Windows\System\ePfTsSy.exe
  C:\Windows\System\ePfTsSy.exe
  2⤵
  PID:11104
- C:\Windows\System\gINfDTg.exe
  C:\Windows\System\gINfDTg.exe
  2⤵
  PID:11124
- C:\Windows\System\cNWPowR.exe
  C:\Windows\System\cNWPowR.exe
  2⤵
  PID:11180
- C:\Windows\System\JLtorXN.exe
  C:\Windows\System\JLtorXN.exe
  2⤵
  PID:11200
- C:\Windows\System\uFwyCNP.exe
  C:\Windows\System\uFwyCNP.exe
  2⤵
  PID:11220
- C:\Windows\System\kslzdPK.exe
  C:\Windows\System\kslzdPK.exe
  2⤵
  PID:11252
- C:\Windows\System\MwymmQo.exe
  C:\Windows\System\MwymmQo.exe
  2⤵
  PID:9520
- C:\Windows\System\GNeDlio.exe
  C:\Windows\System\GNeDlio.exe
  2⤵
  PID:9864
- C:\Windows\System\oiKAsqL.exe
  C:\Windows\System\oiKAsqL.exe
  2⤵
  PID:10160
- C:\Windows\System\iocqdmD.exe
  C:\Windows\System\iocqdmD.exe
  2⤵
  PID:9400
- C:\Windows\System\simelts.exe
  C:\Windows\System\simelts.exe
  2⤵
  PID:9444
- C:\Windows\System\vKNCJIb.exe
  C:\Windows\System\vKNCJIb.exe
  2⤵
  PID:9472
- C:\Windows\System\kzNAFMN.exe
  C:\Windows\System\kzNAFMN.exe
  2⤵
  PID:9912
- C:\Windows\System\DmEKaTG.exe
  C:\Windows\System\DmEKaTG.exe
  2⤵
  PID:10092
- C:\Windows\System\hXtaqYf.exe
  C:\Windows\System\hXtaqYf.exe
  2⤵
  PID:9300
- C:\Windows\System\ZEZjpBM.exe
  C:\Windows\System\ZEZjpBM.exe
  2⤵
  PID:10256
- C:\Windows\System\obXFANv.exe
  C:\Windows\System\obXFANv.exe
  2⤵
  PID:10332
- C:\Windows\System\cijHpdF.exe
  C:\Windows\System\cijHpdF.exe
  2⤵
  PID:10436
- C:\Windows\System\bbxxQwq.exe
  C:\Windows\System\bbxxQwq.exe
  2⤵
  PID:10372
- C:\Windows\System\mmNFwYi.exe
  C:\Windows\System\mmNFwYi.exe
  2⤵
  PID:10556
- C:\Windows\System\UgErrVG.exe
  C:\Windows\System\UgErrVG.exe
  2⤵
  PID:10644
- C:\Windows\System\pDapuSX.exe
  C:\Windows\System\pDapuSX.exe
  2⤵
  PID:10668
- C:\Windows\System\HkToYLz.exe
  C:\Windows\System\HkToYLz.exe
  2⤵
  PID:10812
- C:\Windows\System\YRiwtXk.exe
  C:\Windows\System\YRiwtXk.exe
  2⤵
  PID:10788
- C:\Windows\System\sgSNIUT.exe
  C:\Windows\System\sgSNIUT.exe
  2⤵
  PID:10864
- C:\Windows\System\ReFTYAp.exe
  C:\Windows\System\ReFTYAp.exe
  2⤵
  PID:10912
- C:\Windows\System\RvngRdw.exe
  C:\Windows\System\RvngRdw.exe
  2⤵
  PID:11012
- C:\Windows\System\vcusBxw.exe
  C:\Windows\System\vcusBxw.exe
  2⤵
  PID:11164
- C:\Windows\System\bEIBfqS.exe
  C:\Windows\System\bEIBfqS.exe
  2⤵
  PID:11208
- C:\Windows\System\QlVnCzJ.exe
  C:\Windows\System\QlVnCzJ.exe
  2⤵
  PID:11232
- C:\Windows\System\dVbcHWR.exe
  C:\Windows\System\dVbcHWR.exe
  2⤵
  PID:4632
- C:\Windows\System\eXoVwYE.exe
  C:\Windows\System\eXoVwYE.exe
  2⤵
  PID:10140
- C:\Windows\System\WdAmDkr.exe
  C:\Windows\System\WdAmDkr.exe
  2⤵
  PID:9828
- C:\Windows\System\RleZXLc.exe
  C:\Windows\System\RleZXLc.exe
  2⤵
  PID:10060
- C:\Windows\System\XodSgtA.exe
  C:\Windows\System\XodSgtA.exe
  2⤵
  PID:10452
- C:\Windows\System\lvMoxwX.exe
  C:\Windows\System\lvMoxwX.exe
  2⤵
  PID:10284
- C:\Windows\System\ImuRkAK.exe
  C:\Windows\System\ImuRkAK.exe
  2⤵
  PID:10664
- C:\Windows\System\DNGtItl.exe
  C:\Windows\System\DNGtItl.exe
  2⤵
  PID:10876
- C:\Windows\System\FFNaICT.exe
  C:\Windows\System\FFNaICT.exe
  2⤵
  PID:10952
- C:\Windows\System\CVoPXQT.exe
  C:\Windows\System\CVoPXQT.exe
  2⤵
  PID:10948
- C:\Windows\System\bEScFDs.exe
  C:\Windows\System\bEScFDs.exe
  2⤵
  PID:11228
- C:\Windows\System\lDHBTuX.exe
  C:\Windows\System\lDHBTuX.exe
  2⤵
  PID:9348
- C:\Windows\System\pXlXqfS.exe
  C:\Windows\System\pXlXqfS.exe
  2⤵
  PID:10168
- C:\Windows\System\fmCIYIg.exe
  C:\Windows\System\fmCIYIg.exe
  2⤵
  PID:10572
- C:\Windows\System\NbYbTBr.exe
  C:\Windows\System\NbYbTBr.exe
  2⤵
  PID:11216
- C:\Windows\System\cGfdtgY.exe
  C:\Windows\System\cGfdtgY.exe
  2⤵
  PID:11120
- C:\Windows\System\DmQlJCg.exe
  C:\Windows\System\DmQlJCg.exe
  2⤵
  PID:11196
- C:\Windows\System\rNlQvYF.exe
  C:\Windows\System\rNlQvYF.exe
  2⤵
  PID:11304
- C:\Windows\System\UkGjrij.exe
  C:\Windows\System\UkGjrij.exe
  2⤵
  PID:11320
- C:\Windows\System\HqnqwoM.exe
  C:\Windows\System\HqnqwoM.exe
  2⤵
  PID:11344
- C:\Windows\System\KkdSVGA.exe
  C:\Windows\System\KkdSVGA.exe
  2⤵
  PID:11360
- C:\Windows\System\dNFniGc.exe
  C:\Windows\System\dNFniGc.exe
  2⤵
  PID:11380
- C:\Windows\System\DmyIktw.exe
  C:\Windows\System\DmyIktw.exe
  2⤵
  PID:11408
- C:\Windows\System\TWVpoVU.exe
  C:\Windows\System\TWVpoVU.exe
  2⤵
  PID:11428
- C:\Windows\System\qBpOEto.exe
  C:\Windows\System\qBpOEto.exe
  2⤵
  PID:11480
- C:\Windows\System\GBXlLCV.exe
  C:\Windows\System\GBXlLCV.exe
  2⤵
  PID:11496
- C:\Windows\System\fwLDGRo.exe
  C:\Windows\System\fwLDGRo.exe
  2⤵
  PID:11516
- C:\Windows\System\fnZvDTV.exe
  C:\Windows\System\fnZvDTV.exe
  2⤵
  PID:11544
- C:\Windows\System\PPiNkDV.exe
  C:\Windows\System\PPiNkDV.exe
  2⤵
  PID:11572
- C:\Windows\System\anhroby.exe
  C:\Windows\System\anhroby.exe
  2⤵
  PID:11620
- C:\Windows\System\JOLwPAC.exe
  C:\Windows\System\JOLwPAC.exe
  2⤵
  PID:11644
- C:\Windows\System\rgWUQAE.exe
  C:\Windows\System\rgWUQAE.exe
  2⤵
  PID:11664
- C:\Windows\System\nNEZHFL.exe
  C:\Windows\System\nNEZHFL.exe
  2⤵
  PID:11684
- C:\Windows\System\YsabAMF.exe
  C:\Windows\System\YsabAMF.exe
  2⤵
  PID:11716
- C:\Windows\System\AzmFKzp.exe
  C:\Windows\System\AzmFKzp.exe
  2⤵
  PID:11732
- C:\Windows\System\cSSHrop.exe
  C:\Windows\System\cSSHrop.exe
  2⤵
  PID:11752
- C:\Windows\System\TXGprFG.exe
  C:\Windows\System\TXGprFG.exe
  2⤵
  PID:11772
- C:\Windows\System\UvvURSi.exe
  C:\Windows\System\UvvURSi.exe
  2⤵
  PID:11804
- C:\Windows\System\bHtLbES.exe
  C:\Windows\System\bHtLbES.exe
  2⤵
  PID:11872
- C:\Windows\System\dFyRpaW.exe
  C:\Windows\System\dFyRpaW.exe
  2⤵
  PID:11908
- C:\Windows\System\yfLnXag.exe
  C:\Windows\System\yfLnXag.exe
  2⤵
  PID:11932
- C:\Windows\System\xXglSJy.exe
  C:\Windows\System\xXglSJy.exe
  2⤵
  PID:11948
- C:\Windows\System\DqvjEuk.exe
  C:\Windows\System\DqvjEuk.exe
  2⤵
  PID:12000
- C:\Windows\System\tposKef.exe
  C:\Windows\System\tposKef.exe
  2⤵
  PID:12028
- C:\Windows\System\EYhRijr.exe
  C:\Windows\System\EYhRijr.exe
  2⤵
  PID:12044
- C:\Windows\System\LvfolmE.exe
  C:\Windows\System\LvfolmE.exe
  2⤵
  PID:12064
- C:\Windows\System\zRAsNgY.exe
  C:\Windows\System\zRAsNgY.exe
  2⤵
  PID:12104
- C:\Windows\System\nchstji.exe
  C:\Windows\System\nchstji.exe
  2⤵
  PID:12124
- C:\Windows\System\tgUxycs.exe
  C:\Windows\System\tgUxycs.exe
  2⤵
  PID:12144
- C:\Windows\System\TEhBXLT.exe
  C:\Windows\System\TEhBXLT.exe
  2⤵
  PID:12168
- C:\Windows\System\GYynUGE.exe
  C:\Windows\System\GYynUGE.exe
  2⤵
  PID:12208
- C:\Windows\System\FwFmtWL.exe
  C:\Windows\System\FwFmtWL.exe
  2⤵
  PID:12228
- C:\Windows\System\PKXHSne.exe
  C:\Windows\System\PKXHSne.exe
  2⤵
  PID:12268
- C:\Windows\System\xjbyIiu.exe
  C:\Windows\System\xjbyIiu.exe
  2⤵
  PID:11284
- C:\Windows\System\qVTKLLQ.exe
  C:\Windows\System\qVTKLLQ.exe
  2⤵
  PID:11340
- C:\Windows\System\ZBuZKSN.exe
  C:\Windows\System\ZBuZKSN.exe
  2⤵
  PID:11372
- C:\Windows\System\ClozQPe.exe
  C:\Windows\System\ClozQPe.exe
  2⤵
  PID:11448
- C:\Windows\System\VJIhoCE.exe
  C:\Windows\System\VJIhoCE.exe
  2⤵
  PID:11504
- C:\Windows\System\xyuSlQl.exe
  C:\Windows\System\xyuSlQl.exe
  2⤵
  PID:11656
- C:\Windows\System\weaHIzM.exe
  C:\Windows\System\weaHIzM.exe
  2⤵
  PID:11596
- C:\Windows\System\oepZUJE.exe
  C:\Windows\System\oepZUJE.exe
  2⤵
  PID:11704
- C:\Windows\System\fpJIICB.exe
  C:\Windows\System\fpJIICB.exe
  2⤵
  PID:11744
- C:\Windows\System\hcgudvk.exe
  C:\Windows\System\hcgudvk.exe
  2⤵
  PID:11816
- C:\Windows\System\lsDUJQx.exe
  C:\Windows\System\lsDUJQx.exe
  2⤵
  PID:11924
- C:\Windows\System\ntIdndG.exe
  C:\Windows\System\ntIdndG.exe
  2⤵
  PID:12008
- C:\Windows\System\MfsCwqy.exe
  C:\Windows\System\MfsCwqy.exe
  2⤵
  PID:12016
- C:\Windows\System\SrFFYDW.exe
  C:\Windows\System\SrFFYDW.exe
  2⤵
  PID:12060
- C:\Windows\System\OQsYhmM.exe
  C:\Windows\System\OQsYhmM.exe
  2⤵
  PID:12136
- C:\Windows\System\qpaiBDv.exe
  C:\Windows\System\qpaiBDv.exe
  2⤵
  PID:12192
- C:\Windows\System\KvIoChm.exe
  C:\Windows\System\KvIoChm.exe
  2⤵
  PID:2360
- C:\Windows\System\hXfENPV.exe
  C:\Windows\System\hXfENPV.exe
  2⤵
  PID:10764
- C:\Windows\System\jPNILGR.exe
  C:\Windows\System\jPNILGR.exe
  2⤵
  PID:11356
- C:\Windows\System\XedZgIn.exe
  C:\Windows\System\XedZgIn.exe
  2⤵
  PID:11352
- C:\Windows\System\dnjAdUn.exe
  C:\Windows\System\dnjAdUn.exe
  2⤵
  PID:11592
- C:\Windows\System\mrEqxsW.exe
  C:\Windows\System\mrEqxsW.exe
  2⤵
  PID:11800
- C:\Windows\System\TzmtgVX.exe
  C:\Windows\System\TzmtgVX.exe
  2⤵
  PID:11920
- C:\Windows\System\oqXHmgh.exe
  C:\Windows\System\oqXHmgh.exe
  2⤵
  PID:12020
- C:\Windows\System\CmgYsqK.exe
  C:\Windows\System\CmgYsqK.exe
  2⤵
  PID:12248
- C:\Windows\System\dFpbRlF.exe
  C:\Windows\System\dFpbRlF.exe
  2⤵
  PID:11680
- C:\Windows\System\oPNkZcC.exe
  C:\Windows\System\oPNkZcC.exe
  2⤵
  PID:11916
- C:\Windows\System\AEEDWQc.exe
  C:\Windows\System\AEEDWQc.exe
  2⤵
  PID:11992
- C:\Windows\System\TSQnIBf.exe
  C:\Windows\System\TSQnIBf.exe
  2⤵
  PID:11628
- C:\Windows\System\UWUtzGU.exe
  C:\Windows\System\UWUtzGU.exe
  2⤵
  PID:12296
- C:\Windows\System\RAvfuep.exe
  C:\Windows\System\RAvfuep.exe
  2⤵
  PID:12316
- C:\Windows\System\eijKQuW.exe
  C:\Windows\System\eijKQuW.exe
  2⤵
  PID:12352
- C:\Windows\System\trMrklu.exe
  C:\Windows\System\trMrklu.exe
  2⤵
  PID:12380
- C:\Windows\System\UREwofm.exe
  C:\Windows\System\UREwofm.exe
  2⤵
  PID:12396
- C:\Windows\System\IuDdslx.exe
  C:\Windows\System\IuDdslx.exe
  2⤵
  PID:12420
- C:\Windows\System\QhpLvxI.exe
  C:\Windows\System\QhpLvxI.exe
  2⤵
  PID:12436
- C:\Windows\System\sppEPRS.exe
  C:\Windows\System\sppEPRS.exe
  2⤵
  PID:12488
- C:\Windows\System\BiYLktn.exe
  C:\Windows\System\BiYLktn.exe
  2⤵
  PID:12508
- C:\Windows\System\VWNUWBx.exe
  C:\Windows\System\VWNUWBx.exe
  2⤵
  PID:12548
- C:\Windows\System\fofuxCp.exe
  C:\Windows\System\fofuxCp.exe
  2⤵
  PID:12564
- C:\Windows\System\OSvFXcn.exe
  C:\Windows\System\OSvFXcn.exe
  2⤵
  PID:12588
- C:\Windows\System\kObkPvq.exe
  C:\Windows\System\kObkPvq.exe
  2⤵
  PID:12616
- C:\Windows\System\gftgcqh.exe
  C:\Windows\System\gftgcqh.exe
  2⤵
  PID:12632
- C:\Windows\System\muauITG.exe
  C:\Windows\System\muauITG.exe
  2⤵
  PID:12648
- C:\Windows\System\ISQVPFv.exe
  C:\Windows\System\ISQVPFv.exe
  2⤵
  PID:12688
- C:\Windows\System\qAekehz.exe
  C:\Windows\System\qAekehz.exe
  2⤵
  PID:12704
- C:\Windows\System\yuqBkAk.exe
  C:\Windows\System\yuqBkAk.exe
  2⤵
  PID:12796
- C:\Windows\System\WwjnUYG.exe
  C:\Windows\System\WwjnUYG.exe
  2⤵
  PID:12824
- C:\Windows\System\iHPPfJo.exe
  C:\Windows\System\iHPPfJo.exe
  2⤵
  PID:12844
- C:\Windows\System\znOHETJ.exe
  C:\Windows\System\znOHETJ.exe
  2⤵
  PID:12872
- C:\Windows\System\zRkZTCS.exe
  C:\Windows\System\zRkZTCS.exe
  2⤵
  PID:12892
- C:\Windows\System\DzmLfPV.exe
  C:\Windows\System\DzmLfPV.exe
  2⤵
  PID:12928
- C:\Windows\System\DAcUNRo.exe
  C:\Windows\System\DAcUNRo.exe
  2⤵
  PID:12948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zwy3dsqs.zn0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AIDGvub.exe

Filesize
1.3MB

MD5
c70f441a41c84f65cac99a693c1b7481

SHA1
c6c011b94b2cd0747de1feeaca0a2fb132370a76

SHA256
955db91999786047739b998c3cba23d45bfbea42c8ec0e75d57ec113dc545bce

SHA512
1739fe1bd84e7b736ab83373f3cc7f44ed7f2711939ca7040422d2548584895d64cb6306cafb9cb04bd60770706170c02121b03237a9b209883aa2b347a2f1ba

Download Submit
C:\Windows\System\BQRnAgM.exe

Filesize
1.3MB

MD5
da1320e0aa7f38a91225a179b9e36886

SHA1
c34359763b2ebbab147d7c45468a917d24d0e0b8

SHA256
59cbc9cebae2b3a9192c11fc03a5b6f40e8f98ca8e61addb6879d8f220cea6ed

SHA512
ce605768e34a4f3fe27cd02c7ac2db5be18954da070c170b9b3275cf8ce396c6fcbd7fb3162e1bf63f77b2df580d1ef588c32b32e93878991460a84fbe8b1a82

Download Submit
C:\Windows\System\BaBaeBH.exe

Filesize
1.3MB

MD5
b385e457f4f1a30d984e2bfc79580887

SHA1
42a7c58cfc689b8df9fa28b90cbe538a81de0d13

SHA256
656f08a92baa9ee66d2df6bb1344117bc0e3fdc7cb3f7bd83d53f27306ae56ae

SHA512
b335ceb8bddf5a933084bf5e56650ba048c4b0da3b885c53a9ad60cf8cc8c6b6e3e7ca147c8e9c0dac8b8a8166257d0df74100783c343bdd329517908884c4a1

Download Submit
C:\Windows\System\BxLPHoj.exe

Filesize
1.3MB

MD5
0a887253412692b250eb85385acbbb22

SHA1
ded09556757c9038b8aa89ee8039da838157dbc2

SHA256
658e56e96e061876622ab5ed6d1ea637f30bc47e9cfa1eb4623ee43ae4ef5501

SHA512
ae0507e01ba30762348cd30c915b9e4ff83db0c16355a2218688082d65e89003976ec8056a3b2cd2f15dade1b1acce6ec06587742509427e6e30b29b80aadf23

Download Submit
C:\Windows\System\FnRBpKR.exe

Filesize
1.3MB

MD5
2b8b4edf1e812d6f081dafdc52f41fcb

SHA1
1a69081b3328dc8a9c8afecb63b56030b9a1bdf0

SHA256
83c9d1c4dd8e655992aa4d336bbb2cbfdab19f8d7030342105c8d16ffa1e6ee6

SHA512
ed62d770861b0400cb9f07755d2a95afa30dda90f5f7eb616f8c745232a6d66b73a52bb614579da1aa9559987c43163439d7bd4e66956a656e3026239872ac85

Download Submit
C:\Windows\System\GxeFmba.exe

Filesize
1.3MB

MD5
ceb88266578c564797beede7b51912a4

SHA1
15d041ac152c927a1bdeb015ba1f9295dc333458

SHA256
36e14aa0cfc00aac27a675d95d7b8ccf030e62297795902acdc146eda014a25b

SHA512
af3fe9f5ffc2c051d3b6c15934b58b59e682e07fdd554614cd6c90ccd7e9461319c6ddb753f7a11ba1b9b4cfafe6a89776873fe6e691c8c14fe9ba666ed7b9ac

Download Submit
C:\Windows\System\HgedYTV.exe

Filesize
1.3MB

MD5
6c0923b62141e5f198315938ef3e3f7c

SHA1
c4a731e046555e484ae5b36c18f00b406b760fd6

SHA256
2081048da3ce6deeb448744cd77d6441ff43a0a91ea1e08c83164e75fa73a638

SHA512
127996f3a3cc6caa5b48e8caad980d2ad94ac528df823b67b84d9a81baeffa8542b34fe93a50d8ccce318e6bcc4c667f3b0918b2460d5d98c59ad1c4d07039bb

Download Submit
C:\Windows\System\IkhdERk.exe

Filesize
1.3MB

MD5
d9f62392ca8c624b32742bc690477f66

SHA1
f158421f8dc8f906bdbaffb9df742193929246be

SHA256
1406604100a07c54544bdba418b9b061025833a563835c67da85082d380ea402

SHA512
1b4d033ed477db59b660be070675f76dbacf2fa8921782b7c9ab926d0cb4dc6fce1593d803ca04336f198a57a8dc494c125120f8dcabc6688f9a79e87c9f487e

Download Submit
C:\Windows\System\NOBhOTx.exe

Filesize
1.3MB

MD5
c0de606ada41ad8707a53134980fe031

SHA1
5f2bd5f0883ab124858f02c86fd726cfbd4aac81

SHA256
05bf67a9ea147aed0e073dca3c37d1560034a09ed11015e3bc7656797d2d20ab

SHA512
ae50a68c9f60df69d3fa27cfa3989de53f319f400a472509fa46d09b66553a379de2dfa2a6818ffc71afa98a12617bda474e2ad5da3a07b9a4018424a501c39e

Download Submit
C:\Windows\System\NohSovL.exe

Filesize
1.3MB

MD5
2eebcad349609ab7e55e96ffaf2de4db

SHA1
4512f67845452835ba9f82b44f411c46bda69fa3

SHA256
f34206e816b8a4af52850cb63b84293365cb38df6ab9a018d599e39b428b0539

SHA512
737da7c9f34d2cbbf753f85b2e2c7acba5ccc4ce151a5307833ebb5b7768155b3fde41d51b1b2192a82f9f063e77bc55c4c8675392274749dbaee7891b9c5cd5

Download Submit
C:\Windows\System\OBudCxY.exe

Filesize
1.3MB

MD5
554b1ca00d408bc1672670c0d273a778

SHA1
807834242717bd2781db0f4092b4ad6a8739a74b

SHA256
e0608c912869885022880346a0f60b2d0b8997821287322da3dd2420a2b1a282

SHA512
422e98344ab1a7a60ebba1fea6aae752c5bdff68de40f13db7fd12f208542286d7790979324c94d81ab6c42687e5cbdfb2790de6a5268b3bd1a8cf7674a2b3c9

Download Submit
C:\Windows\System\QNHRciZ.exe

Filesize
1.3MB

MD5
3dac82bd55826253320035f8057f9b16

SHA1
3e8327a0d4e8930ea9d4463a86190e018910d6ec

SHA256
ecc946d2f77c564a599535a945f975e871f06d2e1b5e3b24592195b10d38d189

SHA512
716b23f85c2d6754b86f5fc9381d447d654fe3f15c11074998eb91891b0244bd303e0d18c49861526addb29c0f874cba97c161a217e3d659b15e32435533eb37

Download Submit
C:\Windows\System\UgjfdXU.exe

Filesize
1.3MB

MD5
4281763f443b1f79c49697c318c1731f

SHA1
da2c3c65278e902b713b31798ab5e2f4822449f7

SHA256
0bf5777a7d261065c9faeb17e44927afdf21c578f393e23d404fabc4c86a20f4

SHA512
eab07137c8af26f7741e40814bb7a83bfebdd2255438387d0b5d6177334b0a9af8b6b36fa2e8171bc6ac5a9a0e39770e0048329176255bd8e86b8aae9bc6b47a

Download Submit
C:\Windows\System\UueSnlR.exe

Filesize
1.3MB

MD5
97a3236b206933b5de239e5946638384

SHA1
ebafabfff083c54918ffb50a8ebb62b5c5c897ae

SHA256
78a3ca167b84267de9055bd7794610d8464ae62f96f643fc4a85f5cc8bdaddd1

SHA512
3beb7857b4554e59813e4861e3696ee9b8fb6e01b0597bd4ba8f5dbedc09bd95bc347218d2ce9218877034b8e55f3e3b9daa3d50055f85c64b5e412f855564b9

Download Submit
C:\Windows\System\VEpwhVK.exe

Filesize
1.3MB

MD5
9d6134c2f536ecc011682f758a2d7962

SHA1
eb8a0192ca77402a0da6359ac7b51d0de2584494

SHA256
d09a73f0a845cd6220b9b862729b3a362edf2e32c4ca64402e54a4b853cb7e1b

SHA512
81f1bdd1ea1ffb46b7d94af477758e59c6907e8d44453b5f897020a43dc8270a4eb046925e27cb56da57345c1deb3b00d254dfb7103dc72508dd1fb26cd410f9

Download Submit
C:\Windows\System\YKJEWRr.exe

Filesize
1.3MB

MD5
89cf5d9d00a3739254e513f62884e1b5

SHA1
f818ea9fc8ad7027228630a4c4ac45844db215f1

SHA256
fc74d8072c05f13bb4457ba54c44bb4683b9a20cd3768b30f568862a73b956c7

SHA512
92fe6cbb88d7ac9f926f85132b915341053c30a57b2a4739bff36c3ccea7933dcc3175e2faf9a7c97ee8dd4b0334a5cd041027581e30e97933f46416480226be

Download Submit
C:\Windows\System\dMdAWel.exe

Filesize
1.3MB

MD5
ffbab5642a3818b0f18d25cc7ccf2b9c

SHA1
16f1eff99048d7ba54a96f37b15dcef0adc2778b

SHA256
fcbfbbd0a0ebfbcedca2c6212b78d10c35ee47106eba3cada58c850da8bc9763

SHA512
d3eb2d0a2d92bf534a2332866262751dd2b4ea90db46052895f7ffd0a05a69832b63aa26557ee76db69386b44753cbcc546c2aa3084661b1cc51e9bdf8d65901

Download Submit
C:\Windows\System\fPZkivn.exe

Filesize
1.3MB

MD5
0b0f06448e71a192946ef43e7bf4676f

SHA1
a8a24cf32003e656c88653e2e531499066e8c1de

SHA256
500c809f7d93ffe2f29c23ee98c9c0ff422ec392a348d0529ad12459cd7b3121

SHA512
6f3f24699a129f126df28ce1a1972637ce778d59f8b7a82af9768bb95c77058afa1f00cfc99cb3bb3993ccd90915c53be7458a4a141d5322524ddcc0c4d5e19f

Download Submit
C:\Windows\System\gMHzbrs.exe

Filesize
8B

MD5
4bc543b983229fcdd0574421b34bff1d

SHA1
319a20507fe01d600f9f1adc1d63fefea815a154

SHA256
d8f0dd6929f48162f8a881457d697369ee76eaf162efb08578df68e662678525

SHA512
bbd8a05650c1822cf75f6456f4cb137f8ef22e91c202498965aa01e936a86242f49b81c7e1cb487deb8a1d6f7331509e8451bc5f94f064cec418b9fd1742fd15

Download Submit
C:\Windows\System\hHaKfVN.exe

Filesize
1.3MB

MD5
0f3eb6db01a640e88fe5054cf8aebe5c

SHA1
61bdb3a8aba989c816aaa5f426406fcc547c71d1

SHA256
2a292aca7c5ffe2e9f3a0b80d025def6699cf2f876a40c92476624e03733f52f

SHA512
c1756d9bd62f13d2966b148d26b5ccd6dc4bdf127cfda65404f2aa4b754d1fc76acb86dce17dd270fdaae522781676eed4868d20bb3b3487405b3bbd52127c35

Download Submit
C:\Windows\System\hdmoRMW.exe

Filesize
1.3MB

MD5
4c84a37af2f908c01274779284ad0034

SHA1
629c6aba99cdbd1d7d60d5b5ca687b3515b3bbbc

SHA256
6f5e4d88b054f02c4d91a85ef06b2a56389f39f7a2729493ee0fe8e5165a7f0e

SHA512
32162ca303cdce9d4234d99b73e1fe038c3e035b2faa44030969248143f8512a5137e2bf51e9548db9c395fb655abbf550758242e25d7c6fbfbc8ba23b290b04

Download Submit
C:\Windows\System\iVWdtbx.exe

Filesize
1.3MB

MD5
7a701817b9e965f34336587052d62035

SHA1
115c19a4f12b99de5e4c05bc6d9501e8c09874d9

SHA256
66b03c93e102c2a58a5703cc4272eaf03329c10194c5fc54c7a2a68d8b74d4fe

SHA512
4fb65c6f2ab803e7f9423c7d0a3d082f7a3c95befba3a0e568f906e358e153af3f3d3caa514bb24ae8b4af915e504cf444f141d29380bf5f18c936ff67dc430c

Download Submit
C:\Windows\System\jEnVSgy.exe

Filesize
1.3MB

MD5
31daa7e417ae9f6e76fe11e4dc664249

SHA1
17d36b45ed4df7653d55ce131fcc3df6851ab5d4

SHA256
54dda8b5cf60279c67edaab4a7498d85925909d71ac16223292aa267de2e12b4

SHA512
2956bb8f21750f235f99f018c1a67e0f0f70a6ffbcc868f8f81d1cde4d2cbd1ceaed5ecf1f2af775073fa97810b2d1660778a2db187e25759648b88d23a52aa6

Download Submit
C:\Windows\System\jNYwJXx.exe

Filesize
1.3MB

MD5
1abbd43e767da9bc4225c6b3fd9a95d6

SHA1
05faf99bf3c1d8847760b794345b4e7dff2f6148

SHA256
c5ebb56b5b500ef072bfd6f35dba0caf874d7c8fb2f00575080cb54ff9dc3688

SHA512
a8cf5cda7293663a0a9eb1409ae46f944e92f2cc3db146abbd21461657f4ee7a9f5d2f9f2121ef28bbe9a5184d2f618207de2f3d7e4d5bca559803da2cb8566a

Download Submit
C:\Windows\System\lwxPwNc.exe

Filesize
1.3MB

MD5
fb2de6feb84c6339cba161953410a5d1

SHA1
9cd527a5919a276f488311966d83e6c2f6458841

SHA256
0fd93d4ccaea34e86dcc16ae96b1d7ed2e8f381e762d4331b49c47e486c6ffb3

SHA512
fedc0acae463f05195c7a1887f0d1b4d21c44c95b82779684174e5846bae0b635e86e2080d7fa10a90710b4565f14ff053c9113e3608e1d5bc928330f45d0bdd

Download Submit
C:\Windows\System\mKRKnEn.exe

Filesize
1.3MB

MD5
9f959e16d0b05eb9903a97e1f2675378

SHA1
4debf943ff4f4e2599b6d59908bfc1c22f9fe0cd

SHA256
9b5f9fe230f7874a08fa64d4cae1122c88958057ff2f979c5db83806151ad0fc

SHA512
c90c0255aa66435b86f6b325d50ca1fd6bb4f398b5612867e9ea79bca812e8378bfbbf7bf615b5d4ea0db658fb6ecd402d40ee6ed40c29d3934ecd958f4c0e34

Download Submit
C:\Windows\System\meWbMiK.exe

Filesize
1.3MB

MD5
9c987568197831d6b4a202f65bb230c3

SHA1
e1d0424e05258afb2e22b4d3a1b6ff2e8037dc32

SHA256
1eb08d34507436b05ca629b333e039b0f3cbf6322f494d767023454f1f0c4b5c

SHA512
11374515b0e4efb1a09274e02d2418c261c631c7e52e42850a77fcb07121073c1f0431b8fddce939ab380415777503678e4f1fe5cb38dd8bba18b48ad1d50be9

Download Submit
C:\Windows\System\nIWBJbN.exe

Filesize
1.3MB

MD5
3b0d03e30bf1bce457ac3ed2f891ce14

SHA1
13dd86f9f96a04e27f31ad826943747d21eb8c48

SHA256
6ca46d5c90a5f123ba406e317a1fad42d96c4c2693ebc54a6a67ea85331fea34

SHA512
108875db387c825b7c7ff519bf2fedc9fd024eee4503ac4bbff972021c409d561c4277c30f26ce49d378f71ea73a95b7efbbe50a4235a792d94f5755a4122f35

Download Submit
C:\Windows\System\oiLyYRF.exe

Filesize
1.3MB

MD5
9d23ffce56f1b1f215c0fba48886963a

SHA1
2ddf94b4ae48befb2a31aae4bb0491015fbe2a1e

SHA256
fd0e2eae826f68aaf0425a75df3343356055ee38f3ebd4b825443cc491260568

SHA512
f34893f155eecf05f473248ad69a570116c7fc005feb61a82a3ba4a99d1e492161521409aab848491121caee680c591db19f45a6022f07690c94d3f5f63fca74

Download Submit
C:\Windows\System\pJGacmG.exe

Filesize
1.3MB

MD5
b12a57e7bfffa39033f969f829a46c22

SHA1
e603b8299f7829369aa8b0d9f8c248db09a3ec1c

SHA256
78a877ce34f7c8d356c5e9ab5c31bce0c8a52a92b28cf8b41fcf9c1dc15a069b

SHA512
3f039eb3e5e825cf3b3bafd8a559a2552acca3a82fb3fc9adb13f7ef58b9112578f89b2944bc8db66d5280724388bbb379c28c71891d3c9dd1816e021f1d3574

Download Submit
C:\Windows\System\pbRMacR.exe

Filesize
1.3MB

MD5
6a6ef9e7357088c4f59e3305e30e3cdb

SHA1
fc586c278d94a5f30c8985e23949b6ae049d9980

SHA256
eeffc752ab804c68597cf41b4d67f23005212180e19c71290e54b361a16e0e8e

SHA512
de6ec73f6a0f5e08e166b766e43de6670de9c73dd6fc59ce190c47536d006133678a78d3da2c07f0670de355808241489e1d6291b6a66b3c9ee614b3982d725d

Download Submit
C:\Windows\System\ryXjVYb.exe

Filesize
1.3MB

MD5
9bf6bd25eefaedbf0762922621119f2c

SHA1
81abfa2936c40bf459707972e0b162662178b24d

SHA256
764b5903b5e400ee038862796b90de130e6becce2d672f2fb08eb5ccc117356a

SHA512
f65569d7c87ea6c8c97afc12cfb3f38ca6b9afe1390cd4f2043c802966bd6e336e0110cc3f34baa381d1a51acf0d86c66f529ef359eb76997891a1f63dbafaf9

Download Submit
C:\Windows\System\waCPcME.exe

Filesize
1.3MB

MD5
465b2d2268c1b149aa2b505ab98764b9

SHA1
d8631ef68881e8b54d3a84e8e40ebde4d926c02a

SHA256
c43b05df436621cec5aa71b60250b7a4cfb55164830cd178bfe8f0084b8f6140

SHA512
92f74c914f25835ad67754f7a47bc884901cba2a8941f28c5acd94b595ecbfa53ca181bb9e4c8c48da85ecc044f6c11c3d75f43060e3b2c82e1241b3fa866224

Download Submit
C:\Windows\System\wckqcsY.exe

Filesize
1.3MB

MD5
bbd95ecdc2586670010a18c3a1fed58c

SHA1
175feaf9b195c098c8107f114ad3c2b60f34dc7f

SHA256
7c7ce6fecfe1323088ec48b0743a4e86e97f5e954cf6b6b3bc89e4b540e27d2e

SHA512
4aced199ac521d787583ffc2ffe1dca4edb8f349c0b6cb611e253217c6b5dfc8075a1cfc844a03766707849aa7f240f63973f69a8175f8c97832826caf5ac161

Download Submit
memory/432-371-0x00007FF79D890000-0x00007FF79DC82000-memory.dmp

Filesize
3.9MB

Download
memory/432-2604-0x00007FF79D890000-0x00007FF79DC82000-memory.dmp

Filesize
3.9MB

Download
memory/1252-2532-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp

Filesize
3.9MB

Download
memory/1252-2588-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp

Filesize
3.9MB

Download
memory/1252-43-0x00007FF7DCD00000-0x00007FF7DD0F2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-2606-0x00007FF7411F0000-0x00007FF7415E2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-334-0x00007FF7411F0000-0x00007FF7415E2000-memory.dmp

Filesize
3.9MB

Download
memory/1400-2628-0x00007FF65BBB0000-0x00007FF65BFA2000-memory.dmp

Filesize
3.9MB

Download
memory/1400-426-0x00007FF65BBB0000-0x00007FF65BFA2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-2610-0x00007FF7C5640000-0x00007FF7C5A32000-memory.dmp

Filesize
3.9MB

Download
memory/1420-394-0x00007FF7C5640000-0x00007FF7C5A32000-memory.dmp

Filesize
3.9MB

Download
memory/1608-0-0x00007FF7A4EF0000-0x00007FF7A52E2000-memory.dmp

Filesize
3.9MB

Download
memory/1608-1-0x0000028AFB8B0000-0x0000028AFB8C0000-memory.dmp

Filesize
64KB

Download
memory/1960-2621-0x00007FF716590000-0x00007FF716982000-memory.dmp

Filesize
3.9MB

Download
memory/1960-413-0x00007FF716590000-0x00007FF716982000-memory.dmp

Filesize
3.9MB

Download
memory/2380-2595-0x00007FF7A1440000-0x00007FF7A1832000-memory.dmp

Filesize
3.9MB

Download
memory/2380-338-0x00007FF7A1440000-0x00007FF7A1832000-memory.dmp

Filesize
3.9MB

Download
memory/2600-345-0x00007FF6D3080000-0x00007FF6D3472000-memory.dmp

Filesize
3.9MB

Download
memory/2600-2593-0x00007FF6D3080000-0x00007FF6D3472000-memory.dmp

Filesize
3.9MB

Download
memory/2708-369-0x00007FF7EED70000-0x00007FF7EF162000-memory.dmp

Filesize
3.9MB

Download
memory/2708-2602-0x00007FF7EED70000-0x00007FF7EF162000-memory.dmp

Filesize
3.9MB

Download
memory/2836-422-0x00007FF64DCD0000-0x00007FF64E0C2000-memory.dmp

Filesize
3.9MB

Download
memory/2836-2618-0x00007FF64DCD0000-0x00007FF64E0C2000-memory.dmp

Filesize
3.9MB

Download
memory/2916-2637-0x00007FF7CDAB0000-0x00007FF7CDEA2000-memory.dmp

Filesize
3.9MB

Download
memory/2916-407-0x00007FF7CDAB0000-0x00007FF7CDEA2000-memory.dmp

Filesize
3.9MB

Download
memory/3196-2586-0x00007FF62C580000-0x00007FF62C972000-memory.dmp

Filesize
3.9MB

Download
memory/3196-26-0x00007FF62C580000-0x00007FF62C972000-memory.dmp

Filesize
3.9MB

Download
memory/3224-2613-0x00007FF629550000-0x00007FF629942000-memory.dmp

Filesize
3.9MB

Download
memory/3224-398-0x00007FF629550000-0x00007FF629942000-memory.dmp

Filesize
3.9MB

Download
memory/3316-431-0x00007FF772590000-0x00007FF772982000-memory.dmp

Filesize
3.9MB

Download
memory/3316-2627-0x00007FF772590000-0x00007FF772982000-memory.dmp

Filesize
3.9MB

Download
memory/3360-326-0x00007FF6137B0000-0x00007FF613BA2000-memory.dmp

Filesize
3.9MB

Download
memory/3360-2596-0x00007FF6137B0000-0x00007FF613BA2000-memory.dmp

Filesize
3.9MB

Download
memory/3380-2614-0x00007FF694DC0000-0x00007FF6951B2000-memory.dmp

Filesize
3.9MB

Download
memory/3380-377-0x00007FF694DC0000-0x00007FF6951B2000-memory.dmp

Filesize
3.9MB

Download
memory/3520-2622-0x00007FF61CB40000-0x00007FF61CF32000-memory.dmp

Filesize
3.9MB

Download
memory/3520-408-0x00007FF61CB40000-0x00007FF61CF32000-memory.dmp

Filesize
3.9MB

Download
memory/3792-9-0x00007FF830C63000-0x00007FF830C65000-memory.dmp

Filesize
8KB

Download
memory/3792-302-0x00007FF830C60000-0x00007FF831721000-memory.dmp

Filesize
10.8MB

Download
memory/3792-39-0x000002024BC50000-0x000002024BC72000-memory.dmp

Filesize
136KB

Download
memory/3792-24-0x00007FF830C60000-0x00007FF831721000-memory.dmp

Filesize
10.8MB

Download
memory/3792-2565-0x00007FF830C60000-0x00007FF831721000-memory.dmp

Filesize
10.8MB

Download
memory/3792-2556-0x00007FF830C63000-0x00007FF830C65000-memory.dmp

Filesize
8KB

Download
memory/3792-370-0x000002024C8D0000-0x000002024D076000-memory.dmp

Filesize
7.6MB

Download
memory/3792-2529-0x00007FF830C60000-0x00007FF831721000-memory.dmp

Filesize
10.8MB

Download
memory/3892-354-0x00007FF6F1B70000-0x00007FF6F1F62000-memory.dmp

Filesize
3.9MB

Download
memory/3892-2601-0x00007FF6F1B70000-0x00007FF6F1F62000-memory.dmp

Filesize
3.9MB

Download
memory/4160-2584-0x00007FF782020000-0x00007FF782412000-memory.dmp

Filesize
3.9MB

Download
memory/4160-319-0x00007FF782020000-0x00007FF782412000-memory.dmp

Filesize
3.9MB

Download
memory/4200-361-0x00007FF626590000-0x00007FF626982000-memory.dmp

Filesize
3.9MB

Download
memory/4200-2591-0x00007FF626590000-0x00007FF626982000-memory.dmp

Filesize
3.9MB

Download
memory/4648-434-0x00007FF7C38D0000-0x00007FF7C3CC2000-memory.dmp

Filesize
3.9MB

Download
memory/4648-2598-0x00007FF7C38D0000-0x00007FF7C3CC2000-memory.dmp

Filesize
3.9MB

Download
memory/4776-2609-0x00007FF618CB0000-0x00007FF6190A2000-memory.dmp

Filesize
3.9MB

Download
memory/4776-382-0x00007FF618CB0000-0x00007FF6190A2000-memory.dmp

Filesize
3.9MB

Download
memory/4844-8-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp

Filesize
3.9MB

Download
memory/4844-2528-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp

Filesize
3.9MB

Download
memory/4844-2582-0x00007FF68A4C0000-0x00007FF68A8B2000-memory.dmp

Filesize
3.9MB

Download
memory/4988-2617-0x00007FF620360000-0x00007FF620752000-memory.dmp

Filesize
3.9MB

Download
memory/4988-376-0x00007FF620360000-0x00007FF620752000-memory.dmp

Filesize
3.9MB

Download