xmrig | 003523093788176d6f4dedd8b5a3f34be5137bc8b3da10b4491b1852c9df26f5

Analysis

max time kernel
97s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a1b9ab68b2b4e19f8371f7135999f10N.exe
Size

1.7MB
MD5

1a1b9ab68b2b4e19f8371f7135999f10
SHA1

0e7729f68a9abe71201e925f451f480b7d026610
SHA256

003523093788176d6f4dedd8b5a3f34be5137bc8b3da10b4491b1852c9df26f5
SHA512

ebf15d713ca0fa40c41142f6e9a628f92ff96a6532b69c43ee3f71d34f0f342639d2d455efe0449fc8c93c0d897cf5cfb8ba4162d894db387d749e12e8acc632
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNI/TQ9f27dvapbkUmyJeBqFB:Lz071uv4BPMkFfdk2a2yKmkUDeGl

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/3780-78-0x00007FF7F4CF0000-0x00007FF7F50E2000-memory.dmp	xmrig
behavioral2/memory/4176-361-0x00007FF75F4B0000-0x00007FF75F8A2000-memory.dmp	xmrig
behavioral2/memory/2588-375-0x00007FF74E710000-0x00007FF74EB02000-memory.dmp	xmrig
behavioral2/memory/1644-384-0x00007FF6F0080000-0x00007FF6F0472000-memory.dmp	xmrig
behavioral2/memory/1328-443-0x00007FF6632F0000-0x00007FF6636E2000-memory.dmp	xmrig
behavioral2/memory/512-463-0x00007FF7FEA70000-0x00007FF7FEE62000-memory.dmp	xmrig
behavioral2/memory/4972-467-0x00007FF7C0FA0000-0x00007FF7C1392000-memory.dmp	xmrig
behavioral2/memory/3344-470-0x00007FF7D6150000-0x00007FF7D6542000-memory.dmp	xmrig
behavioral2/memory/5076-436-0x00007FF7948D0000-0x00007FF794CC2000-memory.dmp	xmrig
behavioral2/memory/3612-422-0x00007FF6BC550000-0x00007FF6BC942000-memory.dmp	xmrig
behavioral2/memory/892-419-0x00007FF6325D0000-0x00007FF6329C2000-memory.dmp	xmrig
behavioral2/memory/2172-380-0x00007FF783090000-0x00007FF783482000-memory.dmp	xmrig
behavioral2/memory/3996-377-0x00007FF79FF80000-0x00007FF7A0372000-memory.dmp	xmrig
behavioral2/memory/3520-368-0x00007FF74AF60000-0x00007FF74B352000-memory.dmp	xmrig
behavioral2/memory/2628-177-0x00007FF631AF0000-0x00007FF631EE2000-memory.dmp	xmrig
behavioral2/memory/3276-165-0x00007FF68C550000-0x00007FF68C942000-memory.dmp	xmrig
behavioral2/memory/3288-156-0x00007FF7BEE80000-0x00007FF7BF272000-memory.dmp	xmrig
behavioral2/memory/4716-155-0x00007FF615E10000-0x00007FF616202000-memory.dmp	xmrig
behavioral2/memory/4620-144-0x00007FF6D7A80000-0x00007FF6D7E72000-memory.dmp	xmrig
behavioral2/memory/2728-90-0x00007FF7CE0F0000-0x00007FF7CE4E2000-memory.dmp	xmrig
behavioral2/memory/4124-82-0x00007FF72B2C0000-0x00007FF72B6B2000-memory.dmp	xmrig
behavioral2/memory/2952-73-0x00007FF6F2DA0000-0x00007FF6F3192000-memory.dmp	xmrig
behavioral2/memory/2600-66-0x00007FF6D8360000-0x00007FF6D8752000-memory.dmp	xmrig
behavioral2/memory/2288-48-0x00007FF6D7370000-0x00007FF6D7762000-memory.dmp	xmrig
behavioral2/memory/892-2546-0x00007FF6325D0000-0x00007FF6329C2000-memory.dmp	xmrig
behavioral2/memory/2288-2548-0x00007FF6D7370000-0x00007FF6D7762000-memory.dmp	xmrig
behavioral2/memory/2600-2550-0x00007FF6D8360000-0x00007FF6D8752000-memory.dmp	xmrig
behavioral2/memory/2952-2552-0x00007FF6F2DA0000-0x00007FF6F3192000-memory.dmp	xmrig
behavioral2/memory/3780-2554-0x00007FF7F4CF0000-0x00007FF7F50E2000-memory.dmp	xmrig
behavioral2/memory/3612-2556-0x00007FF6BC550000-0x00007FF6BC942000-memory.dmp	xmrig
behavioral2/memory/5076-2565-0x00007FF7948D0000-0x00007FF794CC2000-memory.dmp	xmrig
behavioral2/memory/4124-2566-0x00007FF72B2C0000-0x00007FF72B6B2000-memory.dmp	xmrig
behavioral2/memory/2728-2563-0x00007FF7CE0F0000-0x00007FF7CE4E2000-memory.dmp	xmrig
behavioral2/memory/4620-2561-0x00007FF6D7A80000-0x00007FF6D7E72000-memory.dmp	xmrig
behavioral2/memory/4716-2559-0x00007FF615E10000-0x00007FF616202000-memory.dmp	xmrig
behavioral2/memory/1328-2570-0x00007FF6632F0000-0x00007FF6636E2000-memory.dmp	xmrig
behavioral2/memory/3288-2569-0x00007FF7BEE80000-0x00007FF7BF272000-memory.dmp	xmrig
behavioral2/memory/3276-2583-0x00007FF68C550000-0x00007FF68C942000-memory.dmp	xmrig
behavioral2/memory/3520-2594-0x00007FF74AF60000-0x00007FF74B352000-memory.dmp	xmrig
behavioral2/memory/2588-2592-0x00007FF74E710000-0x00007FF74EB02000-memory.dmp	xmrig
behavioral2/memory/2172-2591-0x00007FF783090000-0x00007FF783482000-memory.dmp	xmrig
behavioral2/memory/1644-2590-0x00007FF6F0080000-0x00007FF6F0472000-memory.dmp	xmrig
behavioral2/memory/3344-2589-0x00007FF7D6150000-0x00007FF7D6542000-memory.dmp	xmrig
behavioral2/memory/2628-2588-0x00007FF631AF0000-0x00007FF631EE2000-memory.dmp	xmrig
behavioral2/memory/4176-2587-0x00007FF75F4B0000-0x00007FF75F8A2000-memory.dmp	xmrig
behavioral2/memory/4972-2586-0x00007FF7C0FA0000-0x00007FF7C1392000-memory.dmp	xmrig
behavioral2/memory/3996-2585-0x00007FF79FF80000-0x00007FF7A0372000-memory.dmp	xmrig
behavioral2/memory/512-2584-0x00007FF7FEA70000-0x00007FF7FEE62000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
5	3232	powershell.exe
8	3232	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3232	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
892	rVlcLKn.exe
2288	DuZolzy.exe
2600	JBhmPJw.exe
2952	tubSyol.exe
3780	JmzmkLL.exe
3612	iKUEOzF.exe
4124	SWuRgzU.exe
5076	xxnAyVJ.exe
2728	MiNoqhM.exe
4620	LUIYhDH.exe
4716	PxfbPPp.exe
1328	vNaegXJ.exe
3288	TzkaelK.exe
512	EuhEhJb.exe
4972	gppWKwy.exe
3276	sPlrltV.exe
2628	AVaJVfH.exe
4176	AcXeItU.exe
3520	fpVajqz.exe
2588	BpObqCn.exe
3996	kBVLIJx.exe
2172	TkAgkEP.exe
1644	vvvKDey.exe
3344	kllxCJE.exe
1968	YKiEfbY.exe
2608	sbhZURx.exe
2968	YsMeTWK.exe
3796	fcThbDU.exe
1436	MQyycxJ.exe
2656	yEEENsI.exe
3864	wlAONvA.exe
4796	uVNrQzz.exe
1040	yMKaDDz.exe
4860	UNFhSpc.exe
5052	rBbmpIx.exe
688	cnzrFST.exe
3952	UkNIBtI.exe
3564	fNVgFxd.exe
1220	iEnBpJN.exe
660	XXPhotf.exe
1176	VQwvdaM.exe
2752	lbDJomU.exe
1732	FogGJxp.exe
4016	JMaHAUe.exe
3160	rmdoYoQ.exe
2464	ApBOKVu.exe
3872	pNiOyKb.exe
5068	DgpcIsl.exe
2028	pZfQjhJ.exe
672	XAiZUoG.exe
1592	EjFthuF.exe
2232	EpvyVOU.exe
456	IreClrA.exe
2404	KkxqVLS.exe
3540	gSKIFGt.exe
888	RArFGJj.exe
400	sGCeOWs.exe
1320	NfanBUf.exe
2784	BiTNFKY.exe
4988	UKftOnZ.exe
4752	LQmnEsv.exe
4216	rNkzjhr.exe
4460	fnpzwnn.exe
4348	CudmTCp.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1428-0-0x00007FF74FC90000-0x00007FF750082000-memory.dmp	upx
behavioral2/files/0x0009000000023489-6.dat	upx
behavioral2/files/0x00070000000234e8-8.dat	upx
behavioral2/files/0x00080000000234e3-9.dat	upx
behavioral2/files/0x00070000000234e9-19.dat	upx
behavioral2/files/0x00070000000234ea-28.dat	upx
behavioral2/files/0x00070000000234ec-49.dat	upx
behavioral2/files/0x00080000000234ee-58.dat	upx
behavioral2/files/0x00070000000234f1-64.dat	upx
behavioral2/files/0x00070000000234f0-70.dat	upx
behavioral2/memory/3780-78-0x00007FF7F4CF0000-0x00007FF7F50E2000-memory.dmp	upx
behavioral2/files/0x00080000000234ed-84.dat	upx
behavioral2/files/0x00080000000234e4-91.dat	upx
behavioral2/files/0x00070000000234f7-108.dat	upx
behavioral2/files/0x0007000000023500-152.dat	upx
behavioral2/files/0x00070000000234ff-151.dat	upx
behavioral2/files/0x00070000000234fe-163.dat	upx
behavioral2/memory/4176-361-0x00007FF75F4B0000-0x00007FF75F8A2000-memory.dmp	upx
behavioral2/memory/2588-375-0x00007FF74E710000-0x00007FF74EB02000-memory.dmp	upx
behavioral2/memory/1644-384-0x00007FF6F0080000-0x00007FF6F0472000-memory.dmp	upx
behavioral2/memory/1328-443-0x00007FF6632F0000-0x00007FF6636E2000-memory.dmp	upx
behavioral2/memory/512-463-0x00007FF7FEA70000-0x00007FF7FEE62000-memory.dmp	upx
behavioral2/memory/4972-467-0x00007FF7C0FA0000-0x00007FF7C1392000-memory.dmp	upx
behavioral2/memory/3344-470-0x00007FF7D6150000-0x00007FF7D6542000-memory.dmp	upx
behavioral2/memory/5076-436-0x00007FF7948D0000-0x00007FF794CC2000-memory.dmp	upx
behavioral2/memory/3612-422-0x00007FF6BC550000-0x00007FF6BC942000-memory.dmp	upx
behavioral2/memory/892-419-0x00007FF6325D0000-0x00007FF6329C2000-memory.dmp	upx
behavioral2/memory/2172-380-0x00007FF783090000-0x00007FF783482000-memory.dmp	upx
behavioral2/memory/3996-377-0x00007FF79FF80000-0x00007FF7A0372000-memory.dmp	upx
behavioral2/memory/3520-368-0x00007FF74AF60000-0x00007FF74B352000-memory.dmp	upx
behavioral2/files/0x0007000000023505-186.dat	upx
behavioral2/files/0x0007000000023504-183.dat	upx
behavioral2/files/0x0007000000023503-181.dat	upx
behavioral2/memory/2628-177-0x00007FF631AF0000-0x00007FF631EE2000-memory.dmp	upx
behavioral2/files/0x0007000000023502-172.dat	upx
behavioral2/files/0x0007000000023501-170.dat	upx
behavioral2/memory/3276-165-0x00007FF68C550000-0x00007FF68C942000-memory.dmp	upx
behavioral2/files/0x00070000000234fd-161.dat	upx
behavioral2/files/0x00070000000234fc-159.dat	upx
behavioral2/files/0x00070000000234fb-157.dat	upx
behavioral2/memory/3288-156-0x00007FF7BEE80000-0x00007FF7BF272000-memory.dmp	upx
behavioral2/memory/4716-155-0x00007FF615E10000-0x00007FF616202000-memory.dmp	upx
behavioral2/memory/4620-144-0x00007FF6D7A80000-0x00007FF6D7E72000-memory.dmp	upx
behavioral2/files/0x00070000000234fa-130.dat	upx
behavioral2/files/0x00070000000234f8-128.dat	upx
behavioral2/files/0x00070000000234f6-125.dat	upx
behavioral2/files/0x00070000000234f5-123.dat	upx
behavioral2/files/0x00070000000234f9-119.dat	upx
behavioral2/files/0x00070000000234f4-104.dat	upx
behavioral2/files/0x00070000000234f3-94.dat	upx
behavioral2/memory/2728-90-0x00007FF7CE0F0000-0x00007FF7CE4E2000-memory.dmp	upx
behavioral2/files/0x00070000000234f2-83.dat	upx
behavioral2/memory/4124-82-0x00007FF72B2C0000-0x00007FF72B6B2000-memory.dmp	upx
behavioral2/memory/2952-73-0x00007FF6F2DA0000-0x00007FF6F3192000-memory.dmp	upx
behavioral2/memory/2600-66-0x00007FF6D8360000-0x00007FF6D8752000-memory.dmp	upx
behavioral2/files/0x00070000000234ef-62.dat	upx
behavioral2/memory/2288-48-0x00007FF6D7370000-0x00007FF6D7762000-memory.dmp	upx
behavioral2/files/0x00070000000234eb-47.dat	upx
behavioral2/memory/892-2546-0x00007FF6325D0000-0x00007FF6329C2000-memory.dmp	upx
behavioral2/memory/2288-2548-0x00007FF6D7370000-0x00007FF6D7762000-memory.dmp	upx
behavioral2/memory/2600-2550-0x00007FF6D8360000-0x00007FF6D8752000-memory.dmp	upx
behavioral2/memory/2952-2552-0x00007FF6F2DA0000-0x00007FF6F3192000-memory.dmp	upx
behavioral2/memory/3780-2554-0x00007FF7F4CF0000-0x00007FF7F50E2000-memory.dmp	upx
behavioral2/memory/3612-2556-0x00007FF6BC550000-0x00007FF6BC942000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tiSOYHO.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\HZAkrwb.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\YwTqdLT.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\ESYzWgo.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\PGFvOXA.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\IwaUGWq.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\JcfxcNj.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\hSJuCQr.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\FoRvHUD.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\KpDTfPq.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\aryaFnW.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\dwFdbjy.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\vEckYlA.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\AhIWFDl.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\xOWbAuN.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\VblnAnP.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\cGTkQYL.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\LPSkQBA.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\wHtvINz.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\FPgDdwP.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\XtmyJLw.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\QsoQAQR.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\QHjhkAV.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\nzuvYfs.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\MOAONRB.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\sXCtChh.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\oDmFcGB.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\oUQLnBk.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\DqJcnNC.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\WFOyDeo.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\MfClGJS.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\IaViczC.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\TtXTwIY.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\xxbfTtA.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\lgtTUeB.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\DyWQOsZ.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\qcOGFuS.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\hETwoed.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\MVuzYbB.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\VZKtIbU.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\jYpMQJb.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\sHoXoIt.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\nIqWkjk.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\IqbbmeY.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\TrLVnFf.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\aOdFhQJ.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\TlqNXLs.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\AvgXzva.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\tqlKJhO.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\VicbsEi.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\tAPmZvE.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\hKEdlOY.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\TNDaPRY.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\wVKAIQy.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\TCPUQKL.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\zFHBizo.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\ghIOfdq.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\xAcCzgq.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\tvwIfls.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\ysKYhOI.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\vmIXPsi.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\RqnhdLL.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\ZFKfxYt.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe
File created	C:\Windows\System\knQVxVe.exe	1a1b9ab68b2b4e19f8371f7135999f10N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3232	powershell.exe
3232	powershell.exe
3232	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3232	powershell.exe
Token: SeLockMemoryPrivilege	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe
Token: SeLockMemoryPrivilege	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3232	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	85
PID 1428 wrote to memory of 3232	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	85
PID 1428 wrote to memory of 892	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	86
PID 1428 wrote to memory of 892	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	86
PID 1428 wrote to memory of 2288	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	87
PID 1428 wrote to memory of 2288	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	87
PID 1428 wrote to memory of 2600	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	88
PID 1428 wrote to memory of 2600	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	88
PID 1428 wrote to memory of 2952	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	89
PID 1428 wrote to memory of 2952	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	89
PID 1428 wrote to memory of 3780	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	90
PID 1428 wrote to memory of 3780	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	90
PID 1428 wrote to memory of 3612	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	91
PID 1428 wrote to memory of 3612	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	91
PID 1428 wrote to memory of 4124	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	92
PID 1428 wrote to memory of 4124	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	92
PID 1428 wrote to memory of 5076	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	93
PID 1428 wrote to memory of 5076	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	93
PID 1428 wrote to memory of 4620	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	94
PID 1428 wrote to memory of 4620	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	94
PID 1428 wrote to memory of 2728	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	95
PID 1428 wrote to memory of 2728	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	95
PID 1428 wrote to memory of 4716	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	96
PID 1428 wrote to memory of 4716	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	96
PID 1428 wrote to memory of 1328	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	97
PID 1428 wrote to memory of 1328	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	97
PID 1428 wrote to memory of 3288	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	98
PID 1428 wrote to memory of 3288	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	98
PID 1428 wrote to memory of 512	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	99
PID 1428 wrote to memory of 512	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	99
PID 1428 wrote to memory of 4972	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	100
PID 1428 wrote to memory of 4972	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	100
PID 1428 wrote to memory of 3276	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	101
PID 1428 wrote to memory of 3276	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	101
PID 1428 wrote to memory of 2628	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	102
PID 1428 wrote to memory of 2628	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	102
PID 1428 wrote to memory of 4176	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	103
PID 1428 wrote to memory of 4176	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	103
PID 1428 wrote to memory of 3520	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	104
PID 1428 wrote to memory of 3520	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	104
PID 1428 wrote to memory of 2588	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	105
PID 1428 wrote to memory of 2588	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	105
PID 1428 wrote to memory of 3996	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	106
PID 1428 wrote to memory of 3996	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	106
PID 1428 wrote to memory of 2172	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	107
PID 1428 wrote to memory of 2172	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	107
PID 1428 wrote to memory of 1644	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	108
PID 1428 wrote to memory of 1644	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	108
PID 1428 wrote to memory of 3344	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	109
PID 1428 wrote to memory of 3344	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	109
PID 1428 wrote to memory of 1968	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	110
PID 1428 wrote to memory of 1968	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	110
PID 1428 wrote to memory of 2608	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	111
PID 1428 wrote to memory of 2608	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	111
PID 1428 wrote to memory of 2968	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	112
PID 1428 wrote to memory of 2968	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	112
PID 1428 wrote to memory of 3796	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	113
PID 1428 wrote to memory of 3796	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	113
PID 1428 wrote to memory of 1436	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	114
PID 1428 wrote to memory of 1436	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	114
PID 1428 wrote to memory of 2656	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	115
PID 1428 wrote to memory of 2656	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	115
PID 1428 wrote to memory of 3864	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	116
PID 1428 wrote to memory of 3864	1428	1a1b9ab68b2b4e19f8371f7135999f10N.exe	116

C:\Users\Admin\AppData\Local\Temp\1a1b9ab68b2b4e19f8371f7135999f10N.exe
"C:\Users\Admin\AppData\Local\Temp\1a1b9ab68b2b4e19f8371f7135999f10N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3232
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3232" "2940" "2884" "2944" "0" "0" "2948" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12872
- C:\Windows\System\rVlcLKn.exe
  C:\Windows\System\rVlcLKn.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\DuZolzy.exe
  C:\Windows\System\DuZolzy.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\JBhmPJw.exe
  C:\Windows\System\JBhmPJw.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\tubSyol.exe
  C:\Windows\System\tubSyol.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\JmzmkLL.exe
  C:\Windows\System\JmzmkLL.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\iKUEOzF.exe
  C:\Windows\System\iKUEOzF.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\SWuRgzU.exe
  C:\Windows\System\SWuRgzU.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\xxnAyVJ.exe
  C:\Windows\System\xxnAyVJ.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\LUIYhDH.exe
  C:\Windows\System\LUIYhDH.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\MiNoqhM.exe
  C:\Windows\System\MiNoqhM.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\PxfbPPp.exe
  C:\Windows\System\PxfbPPp.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\vNaegXJ.exe
  C:\Windows\System\vNaegXJ.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\TzkaelK.exe
  C:\Windows\System\TzkaelK.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\EuhEhJb.exe
  C:\Windows\System\EuhEhJb.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\gppWKwy.exe
  C:\Windows\System\gppWKwy.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\sPlrltV.exe
  C:\Windows\System\sPlrltV.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\AVaJVfH.exe
  C:\Windows\System\AVaJVfH.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\AcXeItU.exe
  C:\Windows\System\AcXeItU.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\fpVajqz.exe
  C:\Windows\System\fpVajqz.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\BpObqCn.exe
  C:\Windows\System\BpObqCn.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\kBVLIJx.exe
  C:\Windows\System\kBVLIJx.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\TkAgkEP.exe
  C:\Windows\System\TkAgkEP.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\vvvKDey.exe
  C:\Windows\System\vvvKDey.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\kllxCJE.exe
  C:\Windows\System\kllxCJE.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\YKiEfbY.exe
  C:\Windows\System\YKiEfbY.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\sbhZURx.exe
  C:\Windows\System\sbhZURx.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\YsMeTWK.exe
  C:\Windows\System\YsMeTWK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\fcThbDU.exe
  C:\Windows\System\fcThbDU.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\MQyycxJ.exe
  C:\Windows\System\MQyycxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\yEEENsI.exe
  C:\Windows\System\yEEENsI.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\wlAONvA.exe
  C:\Windows\System\wlAONvA.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\uVNrQzz.exe
  C:\Windows\System\uVNrQzz.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\yMKaDDz.exe
  C:\Windows\System\yMKaDDz.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\UNFhSpc.exe
  C:\Windows\System\UNFhSpc.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\rBbmpIx.exe
  C:\Windows\System\rBbmpIx.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\cnzrFST.exe
  C:\Windows\System\cnzrFST.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\UkNIBtI.exe
  C:\Windows\System\UkNIBtI.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\fNVgFxd.exe
  C:\Windows\System\fNVgFxd.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\iEnBpJN.exe
  C:\Windows\System\iEnBpJN.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\XXPhotf.exe
  C:\Windows\System\XXPhotf.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\VQwvdaM.exe
  C:\Windows\System\VQwvdaM.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\lbDJomU.exe
  C:\Windows\System\lbDJomU.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\FogGJxp.exe
  C:\Windows\System\FogGJxp.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\JMaHAUe.exe
  C:\Windows\System\JMaHAUe.exe
  2⤵
  - Executes dropped EXE
  PID:4016
- C:\Windows\System\rmdoYoQ.exe
  C:\Windows\System\rmdoYoQ.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\ApBOKVu.exe
  C:\Windows\System\ApBOKVu.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\pNiOyKb.exe
  C:\Windows\System\pNiOyKb.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\DgpcIsl.exe
  C:\Windows\System\DgpcIsl.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\pZfQjhJ.exe
  C:\Windows\System\pZfQjhJ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\XAiZUoG.exe
  C:\Windows\System\XAiZUoG.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\EjFthuF.exe
  C:\Windows\System\EjFthuF.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\EpvyVOU.exe
  C:\Windows\System\EpvyVOU.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\IreClrA.exe
  C:\Windows\System\IreClrA.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\KkxqVLS.exe
  C:\Windows\System\KkxqVLS.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\gSKIFGt.exe
  C:\Windows\System\gSKIFGt.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\RArFGJj.exe
  C:\Windows\System\RArFGJj.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\sGCeOWs.exe
  C:\Windows\System\sGCeOWs.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\NfanBUf.exe
  C:\Windows\System\NfanBUf.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\BiTNFKY.exe
  C:\Windows\System\BiTNFKY.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\UKftOnZ.exe
  C:\Windows\System\UKftOnZ.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\LQmnEsv.exe
  C:\Windows\System\LQmnEsv.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\rNkzjhr.exe
  C:\Windows\System\rNkzjhr.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\fnpzwnn.exe
  C:\Windows\System\fnpzwnn.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\CudmTCp.exe
  C:\Windows\System\CudmTCp.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\yoAiYLE.exe
  C:\Windows\System\yoAiYLE.exe
  2⤵
  PID:1416
- C:\Windows\System\bDDrRVI.exe
  C:\Windows\System\bDDrRVI.exe
  2⤵
  PID:1292
- C:\Windows\System\frRrqXj.exe
  C:\Windows\System\frRrqXj.exe
  2⤵
  PID:212
- C:\Windows\System\FxcqjTb.exe
  C:\Windows\System\FxcqjTb.exe
  2⤵
  PID:2684
- C:\Windows\System\sLzhDvF.exe
  C:\Windows\System\sLzhDvF.exe
  2⤵
  PID:4848
- C:\Windows\System\RUbnlFC.exe
  C:\Windows\System\RUbnlFC.exe
  2⤵
  PID:2708
- C:\Windows\System\zIYPPxX.exe
  C:\Windows\System\zIYPPxX.exe
  2⤵
  PID:972
- C:\Windows\System\lhSKRrN.exe
  C:\Windows\System\lhSKRrN.exe
  2⤵
  PID:4604
- C:\Windows\System\BJxJIFj.exe
  C:\Windows\System\BJxJIFj.exe
  2⤵
  PID:4088
- C:\Windows\System\poDHVRb.exe
  C:\Windows\System\poDHVRb.exe
  2⤵
  PID:2280
- C:\Windows\System\RggsOKz.exe
  C:\Windows\System\RggsOKz.exe
  2⤵
  PID:1304
- C:\Windows\System\TOKxcXw.exe
  C:\Windows\System\TOKxcXw.exe
  2⤵
  PID:840
- C:\Windows\System\VMwvosv.exe
  C:\Windows\System\VMwvosv.exe
  2⤵
  PID:408
- C:\Windows\System\MVYutIM.exe
  C:\Windows\System\MVYutIM.exe
  2⤵
  PID:5140
- C:\Windows\System\RnHOyWv.exe
  C:\Windows\System\RnHOyWv.exe
  2⤵
  PID:5168
- C:\Windows\System\OhXfKBD.exe
  C:\Windows\System\OhXfKBD.exe
  2⤵
  PID:5200
- C:\Windows\System\igjetfy.exe
  C:\Windows\System\igjetfy.exe
  2⤵
  PID:5228
- C:\Windows\System\mUczYWA.exe
  C:\Windows\System\mUczYWA.exe
  2⤵
  PID:5256
- C:\Windows\System\iBdDoEP.exe
  C:\Windows\System\iBdDoEP.exe
  2⤵
  PID:5284
- C:\Windows\System\GGTUgml.exe
  C:\Windows\System\GGTUgml.exe
  2⤵
  PID:5312
- C:\Windows\System\qQGaJOt.exe
  C:\Windows\System\qQGaJOt.exe
  2⤵
  PID:5340
- C:\Windows\System\MvwTKSj.exe
  C:\Windows\System\MvwTKSj.exe
  2⤵
  PID:5368
- C:\Windows\System\beHweFB.exe
  C:\Windows\System\beHweFB.exe
  2⤵
  PID:5396
- C:\Windows\System\nIWtNpb.exe
  C:\Windows\System\nIWtNpb.exe
  2⤵
  PID:5428
- C:\Windows\System\ZNRliRA.exe
  C:\Windows\System\ZNRliRA.exe
  2⤵
  PID:5456
- C:\Windows\System\KRPDbfl.exe
  C:\Windows\System\KRPDbfl.exe
  2⤵
  PID:5488
- C:\Windows\System\NbEuKUY.exe
  C:\Windows\System\NbEuKUY.exe
  2⤵
  PID:5512
- C:\Windows\System\OueIzCn.exe
  C:\Windows\System\OueIzCn.exe
  2⤵
  PID:5544
- C:\Windows\System\GIAZpWt.exe
  C:\Windows\System\GIAZpWt.exe
  2⤵
  PID:5568
- C:\Windows\System\VFSaurr.exe
  C:\Windows\System\VFSaurr.exe
  2⤵
  PID:5592
- C:\Windows\System\vQDFQcX.exe
  C:\Windows\System\vQDFQcX.exe
  2⤵
  PID:5616
- C:\Windows\System\KhkQYMT.exe
  C:\Windows\System\KhkQYMT.exe
  2⤵
  PID:5656
- C:\Windows\System\ImrEIhm.exe
  C:\Windows\System\ImrEIhm.exe
  2⤵
  PID:5680
- C:\Windows\System\fTzSrGp.exe
  C:\Windows\System\fTzSrGp.exe
  2⤵
  PID:5724
- C:\Windows\System\xrhBlkX.exe
  C:\Windows\System\xrhBlkX.exe
  2⤵
  PID:5752
- C:\Windows\System\kGJwCus.exe
  C:\Windows\System\kGJwCus.exe
  2⤵
  PID:5788
- C:\Windows\System\qsQNLJE.exe
  C:\Windows\System\qsQNLJE.exe
  2⤵
  PID:5808
- C:\Windows\System\IzxYrkJ.exe
  C:\Windows\System\IzxYrkJ.exe
  2⤵
  PID:5832
- C:\Windows\System\MzcSuiV.exe
  C:\Windows\System\MzcSuiV.exe
  2⤵
  PID:5848
- C:\Windows\System\TngJwQq.exe
  C:\Windows\System\TngJwQq.exe
  2⤵
  PID:5892
- C:\Windows\System\zeYWWDV.exe
  C:\Windows\System\zeYWWDV.exe
  2⤵
  PID:5920
- C:\Windows\System\tsKTNBB.exe
  C:\Windows\System\tsKTNBB.exe
  2⤵
  PID:5952
- C:\Windows\System\tWxeEzt.exe
  C:\Windows\System\tWxeEzt.exe
  2⤵
  PID:5992
- C:\Windows\System\pGldtaS.exe
  C:\Windows\System\pGldtaS.exe
  2⤵
  PID:6012
- C:\Windows\System\VsrrLMM.exe
  C:\Windows\System\VsrrLMM.exe
  2⤵
  PID:6032
- C:\Windows\System\NeINYLL.exe
  C:\Windows\System\NeINYLL.exe
  2⤵
  PID:6052
- C:\Windows\System\ZitadRH.exe
  C:\Windows\System\ZitadRH.exe
  2⤵
  PID:6068
- C:\Windows\System\nhIbAMH.exe
  C:\Windows\System\nhIbAMH.exe
  2⤵
  PID:6092
- C:\Windows\System\WgusXxC.exe
  C:\Windows\System\WgusXxC.exe
  2⤵
  PID:6128
- C:\Windows\System\tktHoay.exe
  C:\Windows\System\tktHoay.exe
  2⤵
  PID:2228
- C:\Windows\System\HzjfTFk.exe
  C:\Windows\System\HzjfTFk.exe
  2⤵
  PID:4888
- C:\Windows\System\fylriiV.exe
  C:\Windows\System\fylriiV.exe
  2⤵
  PID:2928
- C:\Windows\System\zNPIxrt.exe
  C:\Windows\System\zNPIxrt.exe
  2⤵
  PID:3212
- C:\Windows\System\uHfUDRc.exe
  C:\Windows\System\uHfUDRc.exe
  2⤵
  PID:5240
- C:\Windows\System\hbmwGDr.exe
  C:\Windows\System\hbmwGDr.exe
  2⤵
  PID:5324
- C:\Windows\System\fLHCuGR.exe
  C:\Windows\System\fLHCuGR.exe
  2⤵
  PID:5356
- C:\Windows\System\CSJizOo.exe
  C:\Windows\System\CSJizOo.exe
  2⤵
  PID:5408
- C:\Windows\System\MFAALSw.exe
  C:\Windows\System\MFAALSw.exe
  2⤵
  PID:5440
- C:\Windows\System\RIsEvnX.exe
  C:\Windows\System\RIsEvnX.exe
  2⤵
  PID:2012
- C:\Windows\System\YuCakRr.exe
  C:\Windows\System\YuCakRr.exe
  2⤵
  PID:1280
- C:\Windows\System\sxCryqS.exe
  C:\Windows\System\sxCryqS.exe
  2⤵
  PID:5652
- C:\Windows\System\UQJvFfj.exe
  C:\Windows\System\UQJvFfj.exe
  2⤵
  PID:1756
- C:\Windows\System\ZtxtKwx.exe
  C:\Windows\System\ZtxtKwx.exe
  2⤵
  PID:5800
- C:\Windows\System\Lucuiyx.exe
  C:\Windows\System\Lucuiyx.exe
  2⤵
  PID:2300
- C:\Windows\System\vtycJlx.exe
  C:\Windows\System\vtycJlx.exe
  2⤵
  PID:5900
- C:\Windows\System\OdLITDp.exe
  C:\Windows\System\OdLITDp.exe
  2⤵
  PID:1716
- C:\Windows\System\JSeyTJE.exe
  C:\Windows\System\JSeyTJE.exe
  2⤵
  PID:4448
- C:\Windows\System\bPkzKHh.exe
  C:\Windows\System\bPkzKHh.exe
  2⤵
  PID:6020
- C:\Windows\System\AWqysKv.exe
  C:\Windows\System\AWqysKv.exe
  2⤵
  PID:6060
- C:\Windows\System\lasXQNV.exe
  C:\Windows\System\lasXQNV.exe
  2⤵
  PID:4396
- C:\Windows\System\tIYlqdX.exe
  C:\Windows\System\tIYlqdX.exe
  2⤵
  PID:5044
- C:\Windows\System\tFxWqUD.exe
  C:\Windows\System\tFxWqUD.exe
  2⤵
  PID:6112
- C:\Windows\System\YgdWrEt.exe
  C:\Windows\System\YgdWrEt.exe
  2⤵
  PID:1504
- C:\Windows\System\LzzNtfO.exe
  C:\Windows\System\LzzNtfO.exe
  2⤵
  PID:1012
- C:\Windows\System\CACXPIk.exe
  C:\Windows\System\CACXPIk.exe
  2⤵
  PID:404
- C:\Windows\System\QlchYTs.exe
  C:\Windows\System\QlchYTs.exe
  2⤵
  PID:5184
- C:\Windows\System\racDcyP.exe
  C:\Windows\System\racDcyP.exe
  2⤵
  PID:2508
- C:\Windows\System\JAKcJdN.exe
  C:\Windows\System\JAKcJdN.exe
  2⤵
  PID:5332
- C:\Windows\System\gcLatwl.exe
  C:\Windows\System\gcLatwl.exe
  2⤵
  PID:4512
- C:\Windows\System\jluJBEP.exe
  C:\Windows\System\jluJBEP.exe
  2⤵
  PID:4948
- C:\Windows\System\BmnPVYO.exe
  C:\Windows\System\BmnPVYO.exe
  2⤵
  PID:5664
- C:\Windows\System\INiOZNb.exe
  C:\Windows\System\INiOZNb.exe
  2⤵
  PID:5824
- C:\Windows\System\kVtqKeR.exe
  C:\Windows\System\kVtqKeR.exe
  2⤵
  PID:5876
- C:\Windows\System\kPyekLX.exe
  C:\Windows\System\kPyekLX.exe
  2⤵
  PID:5976
- C:\Windows\System\EZDkwGQ.exe
  C:\Windows\System\EZDkwGQ.exe
  2⤵
  PID:6040
- C:\Windows\System\TNDaPRY.exe
  C:\Windows\System\TNDaPRY.exe
  2⤵
  PID:644
- C:\Windows\System\RADXZRU.exe
  C:\Windows\System\RADXZRU.exe
  2⤵
  PID:3704
- C:\Windows\System\KAwPFMs.exe
  C:\Windows\System\KAwPFMs.exe
  2⤵
  PID:5384
- C:\Windows\System\zekfJZJ.exe
  C:\Windows\System\zekfJZJ.exe
  2⤵
  PID:6188
- C:\Windows\System\HZlkEAr.exe
  C:\Windows\System\HZlkEAr.exe
  2⤵
  PID:6256
- C:\Windows\System\fQVbswp.exe
  C:\Windows\System\fQVbswp.exe
  2⤵
  PID:6288
- C:\Windows\System\XXvffrK.exe
  C:\Windows\System\XXvffrK.exe
  2⤵
  PID:6328
- C:\Windows\System\TdbnAKz.exe
  C:\Windows\System\TdbnAKz.exe
  2⤵
  PID:6348
- C:\Windows\System\ORnoNbg.exe
  C:\Windows\System\ORnoNbg.exe
  2⤵
  PID:6380
- C:\Windows\System\whNoePz.exe
  C:\Windows\System\whNoePz.exe
  2⤵
  PID:6408
- C:\Windows\System\dnBnREc.exe
  C:\Windows\System\dnBnREc.exe
  2⤵
  PID:6448
- C:\Windows\System\UbTyoLa.exe
  C:\Windows\System\UbTyoLa.exe
  2⤵
  PID:6476
- C:\Windows\System\KZMYFBt.exe
  C:\Windows\System\KZMYFBt.exe
  2⤵
  PID:6512
- C:\Windows\System\nPYpvfg.exe
  C:\Windows\System\nPYpvfg.exe
  2⤵
  PID:6528
- C:\Windows\System\AjScRuY.exe
  C:\Windows\System\AjScRuY.exe
  2⤵
  PID:6548
- C:\Windows\System\XlBlGAa.exe
  C:\Windows\System\XlBlGAa.exe
  2⤵
  PID:6564
- C:\Windows\System\swEgyIK.exe
  C:\Windows\System\swEgyIK.exe
  2⤵
  PID:6584
- C:\Windows\System\jtQGnkp.exe
  C:\Windows\System\jtQGnkp.exe
  2⤵
  PID:6620
- C:\Windows\System\ioaeFHI.exe
  C:\Windows\System\ioaeFHI.exe
  2⤵
  PID:6648
- C:\Windows\System\TrLVnFf.exe
  C:\Windows\System\TrLVnFf.exe
  2⤵
  PID:6668
- C:\Windows\System\oaSUVbd.exe
  C:\Windows\System\oaSUVbd.exe
  2⤵
  PID:6696
- C:\Windows\System\oYHsLgc.exe
  C:\Windows\System\oYHsLgc.exe
  2⤵
  PID:6716
- C:\Windows\System\fnHCjtm.exe
  C:\Windows\System\fnHCjtm.exe
  2⤵
  PID:6736
- C:\Windows\System\nKCgvwT.exe
  C:\Windows\System\nKCgvwT.exe
  2⤵
  PID:6760
- C:\Windows\System\EKRtORl.exe
  C:\Windows\System\EKRtORl.exe
  2⤵
  PID:6820
- C:\Windows\System\ibLVswz.exe
  C:\Windows\System\ibLVswz.exe
  2⤵
  PID:6836
- C:\Windows\System\STvwWnp.exe
  C:\Windows\System\STvwWnp.exe
  2⤵
  PID:6864
- C:\Windows\System\sqbtnTo.exe
  C:\Windows\System\sqbtnTo.exe
  2⤵
  PID:6884
- C:\Windows\System\PGFvOXA.exe
  C:\Windows\System\PGFvOXA.exe
  2⤵
  PID:6924
- C:\Windows\System\usajWwe.exe
  C:\Windows\System\usajWwe.exe
  2⤵
  PID:6968
- C:\Windows\System\kqSJjMJ.exe
  C:\Windows\System\kqSJjMJ.exe
  2⤵
  PID:6984
- C:\Windows\System\bsZRbei.exe
  C:\Windows\System\bsZRbei.exe
  2⤵
  PID:7004
- C:\Windows\System\glLHkNH.exe
  C:\Windows\System\glLHkNH.exe
  2⤵
  PID:7024
- C:\Windows\System\ADRlXxu.exe
  C:\Windows\System\ADRlXxu.exe
  2⤵
  PID:7076
- C:\Windows\System\ezTRjyW.exe
  C:\Windows\System\ezTRjyW.exe
  2⤵
  PID:7108
- C:\Windows\System\NtHlMIZ.exe
  C:\Windows\System\NtHlMIZ.exe
  2⤵
  PID:7128
- C:\Windows\System\PTbTuHf.exe
  C:\Windows\System\PTbTuHf.exe
  2⤵
  PID:7152
- C:\Windows\System\QTtMTTp.exe
  C:\Windows\System\QTtMTTp.exe
  2⤵
  PID:1688
- C:\Windows\System\FpucNJS.exe
  C:\Windows\System\FpucNJS.exe
  2⤵
  PID:3708
- C:\Windows\System\lOHhuIE.exe
  C:\Windows\System\lOHhuIE.exe
  2⤵
  PID:5412
- C:\Windows\System\idRjSho.exe
  C:\Windows\System\idRjSho.exe
  2⤵
  PID:6196
- C:\Windows\System\lmBwcLX.exe
  C:\Windows\System\lmBwcLX.exe
  2⤵
  PID:6176
- C:\Windows\System\ICtrKGY.exe
  C:\Windows\System\ICtrKGY.exe
  2⤵
  PID:6336
- C:\Windows\System\uBnCybT.exe
  C:\Windows\System\uBnCybT.exe
  2⤵
  PID:6364
- C:\Windows\System\tUTsKUE.exe
  C:\Windows\System\tUTsKUE.exe
  2⤵
  PID:6468
- C:\Windows\System\qnXIJmx.exe
  C:\Windows\System\qnXIJmx.exe
  2⤵
  PID:6520
- C:\Windows\System\LYCoyfs.exe
  C:\Windows\System\LYCoyfs.exe
  2⤵
  PID:6560
- C:\Windows\System\vZXsaRn.exe
  C:\Windows\System\vZXsaRn.exe
  2⤵
  PID:6676
- C:\Windows\System\QyMiOuo.exe
  C:\Windows\System\QyMiOuo.exe
  2⤵
  PID:6780
- C:\Windows\System\uwgYRFz.exe
  C:\Windows\System\uwgYRFz.exe
  2⤵
  PID:3784
- C:\Windows\System\YziIRQZ.exe
  C:\Windows\System\YziIRQZ.exe
  2⤵
  PID:6940
- C:\Windows\System\YfkriML.exe
  C:\Windows\System\YfkriML.exe
  2⤵
  PID:6920
- C:\Windows\System\gAvJHYX.exe
  C:\Windows\System\gAvJHYX.exe
  2⤵
  PID:6964
- C:\Windows\System\HukUxRo.exe
  C:\Windows\System\HukUxRo.exe
  2⤵
  PID:6996
- C:\Windows\System\TkakzxU.exe
  C:\Windows\System\TkakzxU.exe
  2⤵
  PID:7104
- C:\Windows\System\dxdJRPu.exe
  C:\Windows\System\dxdJRPu.exe
  2⤵
  PID:7164
- C:\Windows\System\ZhyaJCL.exe
  C:\Windows\System\ZhyaJCL.exe
  2⤵
  PID:5780
- C:\Windows\System\gkGVItr.exe
  C:\Windows\System\gkGVItr.exe
  2⤵
  PID:6272
- C:\Windows\System\YdWlWfS.exe
  C:\Windows\System\YdWlWfS.exe
  2⤵
  PID:3296
- C:\Windows\System\GrGEgiy.exe
  C:\Windows\System\GrGEgiy.exe
  2⤵
  PID:6508
- C:\Windows\System\SogncIx.exe
  C:\Windows\System\SogncIx.exe
  2⤵
  PID:244
- C:\Windows\System\fHSLaim.exe
  C:\Windows\System\fHSLaim.exe
  2⤵
  PID:2788
- C:\Windows\System\EzAkddX.exe
  C:\Windows\System\EzAkddX.exe
  2⤵
  PID:6744
- C:\Windows\System\FaZzdZm.exe
  C:\Windows\System\FaZzdZm.exe
  2⤵
  PID:6876
- C:\Windows\System\EKxooZZ.exe
  C:\Windows\System\EKxooZZ.exe
  2⤵
  PID:6992
- C:\Windows\System\RGpOQmL.exe
  C:\Windows\System\RGpOQmL.exe
  2⤵
  PID:6180
- C:\Windows\System\gNnPntY.exe
  C:\Windows\System\gNnPntY.exe
  2⤵
  PID:5720
- C:\Windows\System\XSJgMlq.exe
  C:\Windows\System\XSJgMlq.exe
  2⤵
  PID:6904
- C:\Windows\System\smIOaJI.exe
  C:\Windows\System\smIOaJI.exe
  2⤵
  PID:6372
- C:\Windows\System\IBDDvIc.exe
  C:\Windows\System\IBDDvIc.exe
  2⤵
  PID:7180
- C:\Windows\System\eYvjSxp.exe
  C:\Windows\System\eYvjSxp.exe
  2⤵
  PID:7224
- C:\Windows\System\XoGKEVg.exe
  C:\Windows\System\XoGKEVg.exe
  2⤵
  PID:7252
- C:\Windows\System\NVWWJZF.exe
  C:\Windows\System\NVWWJZF.exe
  2⤵
  PID:7276
- C:\Windows\System\PeRbsuA.exe
  C:\Windows\System\PeRbsuA.exe
  2⤵
  PID:7292
- C:\Windows\System\IaSsIPN.exe
  C:\Windows\System\IaSsIPN.exe
  2⤵
  PID:7320
- C:\Windows\System\dTRAZSe.exe
  C:\Windows\System\dTRAZSe.exe
  2⤵
  PID:7360
- C:\Windows\System\JNLoqbg.exe
  C:\Windows\System\JNLoqbg.exe
  2⤵
  PID:7388
- C:\Windows\System\UQDTGFP.exe
  C:\Windows\System\UQDTGFP.exe
  2⤵
  PID:7408
- C:\Windows\System\GEaFBDS.exe
  C:\Windows\System\GEaFBDS.exe
  2⤵
  PID:7424
- C:\Windows\System\IDubvpY.exe
  C:\Windows\System\IDubvpY.exe
  2⤵
  PID:7448
- C:\Windows\System\JENjUyf.exe
  C:\Windows\System\JENjUyf.exe
  2⤵
  PID:7476
- C:\Windows\System\ciXDAAu.exe
  C:\Windows\System\ciXDAAu.exe
  2⤵
  PID:7500
- C:\Windows\System\dyBNxAh.exe
  C:\Windows\System\dyBNxAh.exe
  2⤵
  PID:7548
- C:\Windows\System\EMBsoPt.exe
  C:\Windows\System\EMBsoPt.exe
  2⤵
  PID:7568
- C:\Windows\System\PJKDVIQ.exe
  C:\Windows\System\PJKDVIQ.exe
  2⤵
  PID:7624
- C:\Windows\System\vEGodRJ.exe
  C:\Windows\System\vEGodRJ.exe
  2⤵
  PID:7656
- C:\Windows\System\bUkDkyX.exe
  C:\Windows\System\bUkDkyX.exe
  2⤵
  PID:7676
- C:\Windows\System\hCJHxbt.exe
  C:\Windows\System\hCJHxbt.exe
  2⤵
  PID:7696
- C:\Windows\System\kVxVXlf.exe
  C:\Windows\System\kVxVXlf.exe
  2⤵
  PID:7740
- C:\Windows\System\VObVvdn.exe
  C:\Windows\System\VObVvdn.exe
  2⤵
  PID:7760
- C:\Windows\System\pCnopYl.exe
  C:\Windows\System\pCnopYl.exe
  2⤵
  PID:7784
- C:\Windows\System\YLrXyBP.exe
  C:\Windows\System\YLrXyBP.exe
  2⤵
  PID:7816
- C:\Windows\System\VZCNevB.exe
  C:\Windows\System\VZCNevB.exe
  2⤵
  PID:7836
- C:\Windows\System\wCOBvHW.exe
  C:\Windows\System\wCOBvHW.exe
  2⤵
  PID:7864
- C:\Windows\System\TiFDbaj.exe
  C:\Windows\System\TiFDbaj.exe
  2⤵
  PID:7904
- C:\Windows\System\dMnDWxg.exe
  C:\Windows\System\dMnDWxg.exe
  2⤵
  PID:7920
- C:\Windows\System\DOqGxOa.exe
  C:\Windows\System\DOqGxOa.exe
  2⤵
  PID:7952
- C:\Windows\System\cKSuzxC.exe
  C:\Windows\System\cKSuzxC.exe
  2⤵
  PID:7972
- C:\Windows\System\AlExlCx.exe
  C:\Windows\System\AlExlCx.exe
  2⤵
  PID:7996
- C:\Windows\System\mPTwxnu.exe
  C:\Windows\System\mPTwxnu.exe
  2⤵
  PID:8024
- C:\Windows\System\eKCQAyJ.exe
  C:\Windows\System\eKCQAyJ.exe
  2⤵
  PID:8040
- C:\Windows\System\LrDDFXW.exe
  C:\Windows\System\LrDDFXW.exe
  2⤵
  PID:8096
- C:\Windows\System\MfClGJS.exe
  C:\Windows\System\MfClGJS.exe
  2⤵
  PID:8120
- C:\Windows\System\yyIVPIN.exe
  C:\Windows\System\yyIVPIN.exe
  2⤵
  PID:8144
- C:\Windows\System\hazbQmR.exe
  C:\Windows\System\hazbQmR.exe
  2⤵
  PID:6844
- C:\Windows\System\KeTzNbJ.exe
  C:\Windows\System\KeTzNbJ.exe
  2⤵
  PID:6616
- C:\Windows\System\xXOPUgW.exe
  C:\Windows\System\xXOPUgW.exe
  2⤵
  PID:7212
- C:\Windows\System\aFroqTG.exe
  C:\Windows\System\aFroqTG.exe
  2⤵
  PID:7244
- C:\Windows\System\fYANsEZ.exe
  C:\Windows\System\fYANsEZ.exe
  2⤵
  PID:7288
- C:\Windows\System\jkQHWiT.exe
  C:\Windows\System\jkQHWiT.exe
  2⤵
  PID:7356
- C:\Windows\System\AAzklRc.exe
  C:\Windows\System\AAzklRc.exe
  2⤵
  PID:7404
- C:\Windows\System\ipAtaWJ.exe
  C:\Windows\System\ipAtaWJ.exe
  2⤵
  PID:7464
- C:\Windows\System\cCnSkwj.exe
  C:\Windows\System\cCnSkwj.exe
  2⤵
  PID:7584
- C:\Windows\System\sjyLTzs.exe
  C:\Windows\System\sjyLTzs.exe
  2⤵
  PID:7592
- C:\Windows\System\veLVNzM.exe
  C:\Windows\System\veLVNzM.exe
  2⤵
  PID:7692
- C:\Windows\System\mFZElCt.exe
  C:\Windows\System\mFZElCt.exe
  2⤵
  PID:7748
- C:\Windows\System\gmvfnBb.exe
  C:\Windows\System\gmvfnBb.exe
  2⤵
  PID:7776
- C:\Windows\System\McrUpxu.exe
  C:\Windows\System\McrUpxu.exe
  2⤵
  PID:7832
- C:\Windows\System\DyWQOsZ.exe
  C:\Windows\System\DyWQOsZ.exe
  2⤵
  PID:7892
- C:\Windows\System\SBjRPgf.exe
  C:\Windows\System\SBjRPgf.exe
  2⤵
  PID:7912
- C:\Windows\System\BGFYgYV.exe
  C:\Windows\System\BGFYgYV.exe
  2⤵
  PID:7988
- C:\Windows\System\aLHlOeK.exe
  C:\Windows\System\aLHlOeK.exe
  2⤵
  PID:8048
- C:\Windows\System\wvqEcAr.exe
  C:\Windows\System\wvqEcAr.exe
  2⤵
  PID:8152
- C:\Windows\System\lkPJLRz.exe
  C:\Windows\System\lkPJLRz.exe
  2⤵
  PID:8172
- C:\Windows\System\PDHiJFx.exe
  C:\Windows\System\PDHiJFx.exe
  2⤵
  PID:5716
- C:\Windows\System\MmcaIiF.exe
  C:\Windows\System\MmcaIiF.exe
  2⤵
  PID:7312
- C:\Windows\System\imJFlAX.exe
  C:\Windows\System\imJFlAX.exe
  2⤵
  PID:7484
- C:\Windows\System\xRfwDXG.exe
  C:\Windows\System\xRfwDXG.exe
  2⤵
  PID:7400
- C:\Windows\System\iHRnNqb.exe
  C:\Windows\System\iHRnNqb.exe
  2⤵
  PID:7604
- C:\Windows\System\qvdsmcQ.exe
  C:\Windows\System\qvdsmcQ.exe
  2⤵
  PID:7732
- C:\Windows\System\Grqxqaz.exe
  C:\Windows\System\Grqxqaz.exe
  2⤵
  PID:7944
- C:\Windows\System\lKNhOrv.exe
  C:\Windows\System\lKNhOrv.exe
  2⤵
  PID:8008
- C:\Windows\System\dsMauMT.exe
  C:\Windows\System\dsMauMT.exe
  2⤵
  PID:7204
- C:\Windows\System\IUNlfLi.exe
  C:\Windows\System\IUNlfLi.exe
  2⤵
  PID:7332
- C:\Windows\System\tXuKxER.exe
  C:\Windows\System\tXuKxER.exe
  2⤵
  PID:7672
- C:\Windows\System\sfRrmzs.exe
  C:\Windows\System\sfRrmzs.exe
  2⤵
  PID:7980
- C:\Windows\System\BTYsErG.exe
  C:\Windows\System\BTYsErG.exe
  2⤵
  PID:5576
- C:\Windows\System\jOQiFup.exe
  C:\Windows\System\jOQiFup.exe
  2⤵
  PID:8204
- C:\Windows\System\rWDPQdU.exe
  C:\Windows\System\rWDPQdU.exe
  2⤵
  PID:8224
- C:\Windows\System\ADFelDn.exe
  C:\Windows\System\ADFelDn.exe
  2⤵
  PID:8264
- C:\Windows\System\ziCPQBk.exe
  C:\Windows\System\ziCPQBk.exe
  2⤵
  PID:8288
- C:\Windows\System\JKjkDHl.exe
  C:\Windows\System\JKjkDHl.exe
  2⤵
  PID:8312
- C:\Windows\System\uoUWoqA.exe
  C:\Windows\System\uoUWoqA.exe
  2⤵
  PID:8372
- C:\Windows\System\EmjTiOz.exe
  C:\Windows\System\EmjTiOz.exe
  2⤵
  PID:8396
- C:\Windows\System\UfBTBIR.exe
  C:\Windows\System\UfBTBIR.exe
  2⤵
  PID:8420
- C:\Windows\System\bXMUUkT.exe
  C:\Windows\System\bXMUUkT.exe
  2⤵
  PID:8452
- C:\Windows\System\oeQXuxo.exe
  C:\Windows\System\oeQXuxo.exe
  2⤵
  PID:8484
- C:\Windows\System\fnKIMLQ.exe
  C:\Windows\System\fnKIMLQ.exe
  2⤵
  PID:8508
- C:\Windows\System\lRXQQgV.exe
  C:\Windows\System\lRXQQgV.exe
  2⤵
  PID:8564
- C:\Windows\System\dVBXMMo.exe
  C:\Windows\System\dVBXMMo.exe
  2⤵
  PID:8588
- C:\Windows\System\AnDJxbo.exe
  C:\Windows\System\AnDJxbo.exe
  2⤵
  PID:8608
- C:\Windows\System\ejRcAxe.exe
  C:\Windows\System\ejRcAxe.exe
  2⤵
  PID:8628
- C:\Windows\System\RUzyUma.exe
  C:\Windows\System\RUzyUma.exe
  2⤵
  PID:8656
- C:\Windows\System\aROiRLE.exe
  C:\Windows\System\aROiRLE.exe
  2⤵
  PID:8672
- C:\Windows\System\HzMBWdM.exe
  C:\Windows\System\HzMBWdM.exe
  2⤵
  PID:8696
- C:\Windows\System\CbdMdVy.exe
  C:\Windows\System\CbdMdVy.exe
  2⤵
  PID:8752
- C:\Windows\System\itTdgup.exe
  C:\Windows\System\itTdgup.exe
  2⤵
  PID:8788
- C:\Windows\System\Zmathsg.exe
  C:\Windows\System\Zmathsg.exe
  2⤵
  PID:8808
- C:\Windows\System\rwXQbyp.exe
  C:\Windows\System\rwXQbyp.exe
  2⤵
  PID:8828
- C:\Windows\System\IpZHzzC.exe
  C:\Windows\System\IpZHzzC.exe
  2⤵
  PID:8872
- C:\Windows\System\JGnpNAq.exe
  C:\Windows\System\JGnpNAq.exe
  2⤵
  PID:8896
- C:\Windows\System\mgWWDKr.exe
  C:\Windows\System\mgWWDKr.exe
  2⤵
  PID:8920
- C:\Windows\System\FAlNuoP.exe
  C:\Windows\System\FAlNuoP.exe
  2⤵
  PID:8940
- C:\Windows\System\owykFnM.exe
  C:\Windows\System\owykFnM.exe
  2⤵
  PID:8964
- C:\Windows\System\cnegCxa.exe
  C:\Windows\System\cnegCxa.exe
  2⤵
  PID:8992
- C:\Windows\System\RwtYwJl.exe
  C:\Windows\System\RwtYwJl.exe
  2⤵
  PID:9048
- C:\Windows\System\tMYnDjj.exe
  C:\Windows\System\tMYnDjj.exe
  2⤵
  PID:9072
- C:\Windows\System\iSqEykE.exe
  C:\Windows\System\iSqEykE.exe
  2⤵
  PID:9088
- C:\Windows\System\ejYTILj.exe
  C:\Windows\System\ejYTILj.exe
  2⤵
  PID:9112
- C:\Windows\System\RRPeqMJ.exe
  C:\Windows\System\RRPeqMJ.exe
  2⤵
  PID:9156
- C:\Windows\System\xGwhnmf.exe
  C:\Windows\System\xGwhnmf.exe
  2⤵
  PID:9180
- C:\Windows\System\MYFOOEx.exe
  C:\Windows\System\MYFOOEx.exe
  2⤵
  PID:9204
- C:\Windows\System\VepxKTp.exe
  C:\Windows\System\VepxKTp.exe
  2⤵
  PID:8216
- C:\Windows\System\AHHtXNR.exe
  C:\Windows\System\AHHtXNR.exe
  2⤵
  PID:8260
- C:\Windows\System\mHSVoAU.exe
  C:\Windows\System\mHSVoAU.exe
  2⤵
  PID:8276
- C:\Windows\System\gjmkveO.exe
  C:\Windows\System\gjmkveO.exe
  2⤵
  PID:8356
- C:\Windows\System\VFUqRXY.exe
  C:\Windows\System\VFUqRXY.exe
  2⤵
  PID:8392
- C:\Windows\System\zhKWhGS.exe
  C:\Windows\System\zhKWhGS.exe
  2⤵
  PID:8476
- C:\Windows\System\tCZPfBb.exe
  C:\Windows\System\tCZPfBb.exe
  2⤵
  PID:8520
- C:\Windows\System\yGUaXEA.exe
  C:\Windows\System\yGUaXEA.exe
  2⤵
  PID:8596
- C:\Windows\System\VgQLABZ.exe
  C:\Windows\System\VgQLABZ.exe
  2⤵
  PID:8640
- C:\Windows\System\scrNHwf.exe
  C:\Windows\System\scrNHwf.exe
  2⤵
  PID:8816
- C:\Windows\System\aHsLAor.exe
  C:\Windows\System\aHsLAor.exe
  2⤵
  PID:8844
- C:\Windows\System\vfxnkre.exe
  C:\Windows\System\vfxnkre.exe
  2⤵
  PID:8928
- C:\Windows\System\MufiyYY.exe
  C:\Windows\System\MufiyYY.exe
  2⤵
  PID:8956
- C:\Windows\System\xVLaQMy.exe
  C:\Windows\System\xVLaQMy.exe
  2⤵
  PID:8980
- C:\Windows\System\VavUbcD.exe
  C:\Windows\System\VavUbcD.exe
  2⤵
  PID:9060
- C:\Windows\System\VDHmeps.exe
  C:\Windows\System\VDHmeps.exe
  2⤵
  PID:9084
- C:\Windows\System\osmvLaU.exe
  C:\Windows\System\osmvLaU.exe
  2⤵
  PID:9196
- C:\Windows\System\SqrLrdn.exe
  C:\Windows\System\SqrLrdn.exe
  2⤵
  PID:8012
- C:\Windows\System\RwQHVQr.exe
  C:\Windows\System\RwQHVQr.exe
  2⤵
  PID:8412
- C:\Windows\System\tFeYCYd.exe
  C:\Windows\System\tFeYCYd.exe
  2⤵
  PID:8492
- C:\Windows\System\WWwqtVx.exe
  C:\Windows\System\WWwqtVx.exe
  2⤵
  PID:8684
- C:\Windows\System\pCMrYHY.exe
  C:\Windows\System\pCMrYHY.exe
  2⤵
  PID:8824
- C:\Windows\System\vuOZMLk.exe
  C:\Windows\System\vuOZMLk.exe
  2⤵
  PID:9096
- C:\Windows\System\AVPXAFy.exe
  C:\Windows\System\AVPXAFy.exe
  2⤵
  PID:7688
- C:\Windows\System\NbcNcvt.exe
  C:\Windows\System\NbcNcvt.exe
  2⤵
  PID:8348
- C:\Windows\System\sIUhxxb.exe
  C:\Windows\System\sIUhxxb.exe
  2⤵
  PID:8380
- C:\Windows\System\fajeHxS.exe
  C:\Windows\System\fajeHxS.exe
  2⤵
  PID:9224
- C:\Windows\System\oACjyMT.exe
  C:\Windows\System\oACjyMT.exe
  2⤵
  PID:9352
- C:\Windows\System\PhUbeDJ.exe
  C:\Windows\System\PhUbeDJ.exe
  2⤵
  PID:9372
- C:\Windows\System\NtiZikm.exe
  C:\Windows\System\NtiZikm.exe
  2⤵
  PID:9420
- C:\Windows\System\RjNQjaW.exe
  C:\Windows\System\RjNQjaW.exe
  2⤵
  PID:9440
- C:\Windows\System\tZlUosV.exe
  C:\Windows\System\tZlUosV.exe
  2⤵
  PID:9464
- C:\Windows\System\ZolTTNs.exe
  C:\Windows\System\ZolTTNs.exe
  2⤵
  PID:9480
- C:\Windows\System\hiEiarO.exe
  C:\Windows\System\hiEiarO.exe
  2⤵
  PID:9504
- C:\Windows\System\UDxnSRO.exe
  C:\Windows\System\UDxnSRO.exe
  2⤵
  PID:9524
- C:\Windows\System\cSVxOum.exe
  C:\Windows\System\cSVxOum.exe
  2⤵
  PID:9588
- C:\Windows\System\kGcXHID.exe
  C:\Windows\System\kGcXHID.exe
  2⤵
  PID:9608
- C:\Windows\System\HuwVbdl.exe
  C:\Windows\System\HuwVbdl.exe
  2⤵
  PID:9632
- C:\Windows\System\GmMmstq.exe
  C:\Windows\System\GmMmstq.exe
  2⤵
  PID:9652
- C:\Windows\System\UxRzQMP.exe
  C:\Windows\System\UxRzQMP.exe
  2⤵
  PID:9712
- C:\Windows\System\PPELAXs.exe
  C:\Windows\System\PPELAXs.exe
  2⤵
  PID:9728
- C:\Windows\System\ccRfADe.exe
  C:\Windows\System\ccRfADe.exe
  2⤵
  PID:9792
- C:\Windows\System\nSFbZuK.exe
  C:\Windows\System\nSFbZuK.exe
  2⤵
  PID:9828
- C:\Windows\System\zJWjFmF.exe
  C:\Windows\System\zJWjFmF.exe
  2⤵
  PID:9872
- C:\Windows\System\FZkmwgZ.exe
  C:\Windows\System\FZkmwgZ.exe
  2⤵
  PID:9888
- C:\Windows\System\AKrynmK.exe
  C:\Windows\System\AKrynmK.exe
  2⤵
  PID:9912
- C:\Windows\System\FMxdYZJ.exe
  C:\Windows\System\FMxdYZJ.exe
  2⤵
  PID:9944
- C:\Windows\System\dWqBbiS.exe
  C:\Windows\System\dWqBbiS.exe
  2⤵
  PID:9984
- C:\Windows\System\HPZLvRv.exe
  C:\Windows\System\HPZLvRv.exe
  2⤵
  PID:10008
- C:\Windows\System\feXLVYW.exe
  C:\Windows\System\feXLVYW.exe
  2⤵
  PID:10040
- C:\Windows\System\VyfmarM.exe
  C:\Windows\System\VyfmarM.exe
  2⤵
  PID:10068
- C:\Windows\System\KApGxDy.exe
  C:\Windows\System\KApGxDy.exe
  2⤵
  PID:10088
- C:\Windows\System\PtvAGSr.exe
  C:\Windows\System\PtvAGSr.exe
  2⤵
  PID:10104
- C:\Windows\System\OpEjPPM.exe
  C:\Windows\System\OpEjPPM.exe
  2⤵
  PID:10120
- C:\Windows\System\XDPKACT.exe
  C:\Windows\System\XDPKACT.exe
  2⤵
  PID:10140
- C:\Windows\System\cEIHMVv.exe
  C:\Windows\System\cEIHMVv.exe
  2⤵
  PID:10160
- C:\Windows\System\mUTSjDp.exe
  C:\Windows\System\mUTSjDp.exe
  2⤵
  PID:10204
- C:\Windows\System\nHYURnX.exe
  C:\Windows\System\nHYURnX.exe
  2⤵
  PID:8868
- C:\Windows\System\jFgFjOM.exe
  C:\Windows\System\jFgFjOM.exe
  2⤵
  PID:9168
- C:\Windows\System\tDRlPvZ.exe
  C:\Windows\System\tDRlPvZ.exe
  2⤵
  PID:8556
- C:\Windows\System\BOsTppe.exe
  C:\Windows\System\BOsTppe.exe
  2⤵
  PID:9296
- C:\Windows\System\WsuKDKl.exe
  C:\Windows\System\WsuKDKl.exe
  2⤵
  PID:9232
- C:\Windows\System\tiSOYHO.exe
  C:\Windows\System\tiSOYHO.exe
  2⤵
  PID:9000
- C:\Windows\System\HGatFDN.exe
  C:\Windows\System\HGatFDN.exe
  2⤵
  PID:9292
- C:\Windows\System\PsDuPVo.exe
  C:\Windows\System\PsDuPVo.exe
  2⤵
  PID:9368
- C:\Windows\System\YjqUPTh.exe
  C:\Windows\System\YjqUPTh.exe
  2⤵
  PID:9360
- C:\Windows\System\DWQeilV.exe
  C:\Windows\System\DWQeilV.exe
  2⤵
  PID:9512
- C:\Windows\System\KKkByiC.exe
  C:\Windows\System\KKkByiC.exe
  2⤵
  PID:9448
- C:\Windows\System\FawvGHI.exe
  C:\Windows\System\FawvGHI.exe
  2⤵
  PID:9496
- C:\Windows\System\AqxlSaN.exe
  C:\Windows\System\AqxlSaN.exe
  2⤵
  PID:9668
- C:\Windows\System\rLzkSHA.exe
  C:\Windows\System\rLzkSHA.exe
  2⤵
  PID:9720
- C:\Windows\System\gKTfksc.exe
  C:\Windows\System\gKTfksc.exe
  2⤵
  PID:9756
- C:\Windows\System\ccKRPYK.exe
  C:\Windows\System\ccKRPYK.exe
  2⤵
  PID:9800
- C:\Windows\System\QhLBbWH.exe
  C:\Windows\System\QhLBbWH.exe
  2⤵
  PID:9864
- C:\Windows\System\NHOzixx.exe
  C:\Windows\System\NHOzixx.exe
  2⤵
  PID:9904
- C:\Windows\System\wNjDeOd.exe
  C:\Windows\System\wNjDeOd.exe
  2⤵
  PID:9976
- C:\Windows\System\sJnllgM.exe
  C:\Windows\System\sJnllgM.exe
  2⤵
  PID:10048
- C:\Windows\System\qCCSWIu.exe
  C:\Windows\System\qCCSWIu.exe
  2⤵
  PID:10064
- C:\Windows\System\hmFTlcO.exe
  C:\Windows\System\hmFTlcO.exe
  2⤵
  PID:10180
- C:\Windows\System\DexsYve.exe
  C:\Windows\System\DexsYve.exe
  2⤵
  PID:10220
- C:\Windows\System\ZeyaDOa.exe
  C:\Windows\System\ZeyaDOa.exe
  2⤵
  PID:8820
- C:\Windows\System\breScfs.exe
  C:\Windows\System\breScfs.exe
  2⤵
  PID:9308
- C:\Windows\System\OpeBoGY.exe
  C:\Windows\System\OpeBoGY.exe
  2⤵
  PID:9628
- C:\Windows\System\lWxiggy.exe
  C:\Windows\System\lWxiggy.exe
  2⤵
  PID:9744
- C:\Windows\System\MpJeFQU.exe
  C:\Windows\System\MpJeFQU.exe
  2⤵
  PID:9772
- C:\Windows\System\FBeOdLS.exe
  C:\Windows\System\FBeOdLS.exe
  2⤵
  PID:10016
- C:\Windows\System\AvyrCGA.exe
  C:\Windows\System\AvyrCGA.exe
  2⤵
  PID:9940
- C:\Windows\System\pHkkyJt.exe
  C:\Windows\System\pHkkyJt.exe
  2⤵
  PID:9348
- C:\Windows\System\IjtyTgK.exe
  C:\Windows\System\IjtyTgK.exe
  2⤵
  PID:5972
- C:\Windows\System\QZrPBGe.exe
  C:\Windows\System\QZrPBGe.exe
  2⤵
  PID:9964
- C:\Windows\System\mkTSFes.exe
  C:\Windows\System\mkTSFes.exe
  2⤵
  PID:10036
- C:\Windows\System\fqbdTpk.exe
  C:\Windows\System\fqbdTpk.exe
  2⤵
  PID:10280
- C:\Windows\System\PCzFIMn.exe
  C:\Windows\System\PCzFIMn.exe
  2⤵
  PID:10300
- C:\Windows\System\VXLMSPl.exe
  C:\Windows\System\VXLMSPl.exe
  2⤵
  PID:10324
- C:\Windows\System\XhwHSTK.exe
  C:\Windows\System\XhwHSTK.exe
  2⤵
  PID:10344
- C:\Windows\System\vrfTEPf.exe
  C:\Windows\System\vrfTEPf.exe
  2⤵
  PID:10372
- C:\Windows\System\rbOixVW.exe
  C:\Windows\System\rbOixVW.exe
  2⤵
  PID:10396
- C:\Windows\System\FmRHiDR.exe
  C:\Windows\System\FmRHiDR.exe
  2⤵
  PID:10412
- C:\Windows\System\TNcExKi.exe
  C:\Windows\System\TNcExKi.exe
  2⤵
  PID:10436
- C:\Windows\System\YPohYtr.exe
  C:\Windows\System\YPohYtr.exe
  2⤵
  PID:10456
- C:\Windows\System\KbJcApf.exe
  C:\Windows\System\KbJcApf.exe
  2⤵
  PID:10480
- C:\Windows\System\ZBSOXMQ.exe
  C:\Windows\System\ZBSOXMQ.exe
  2⤵
  PID:10528
- C:\Windows\System\wMlcMom.exe
  C:\Windows\System\wMlcMom.exe
  2⤵
  PID:10576
- C:\Windows\System\abiPrur.exe
  C:\Windows\System\abiPrur.exe
  2⤵
  PID:10596
- C:\Windows\System\JNaAKGj.exe
  C:\Windows\System\JNaAKGj.exe
  2⤵
  PID:10620
- C:\Windows\System\ZvKyedz.exe
  C:\Windows\System\ZvKyedz.exe
  2⤵
  PID:10640
- C:\Windows\System\IDGJpRh.exe
  C:\Windows\System\IDGJpRh.exe
  2⤵
  PID:10664
- C:\Windows\System\zcXksqm.exe
  C:\Windows\System\zcXksqm.exe
  2⤵
  PID:10680
- C:\Windows\System\eqwfIbt.exe
  C:\Windows\System\eqwfIbt.exe
  2⤵
  PID:10704
- C:\Windows\System\UnbeZul.exe
  C:\Windows\System\UnbeZul.exe
  2⤵
  PID:10728
- C:\Windows\System\jrDLAwh.exe
  C:\Windows\System\jrDLAwh.exe
  2⤵
  PID:10792
- C:\Windows\System\lQGSVYm.exe
  C:\Windows\System\lQGSVYm.exe
  2⤵
  PID:10808
- C:\Windows\System\zVvvvqs.exe
  C:\Windows\System\zVvvvqs.exe
  2⤵
  PID:10856
- C:\Windows\System\PUgDDMK.exe
  C:\Windows\System\PUgDDMK.exe
  2⤵
  PID:10888
- C:\Windows\System\VDyBWlj.exe
  C:\Windows\System\VDyBWlj.exe
  2⤵
  PID:10936
- C:\Windows\System\HDwfmzt.exe
  C:\Windows\System\HDwfmzt.exe
  2⤵
  PID:10952
- C:\Windows\System\MfSPZuk.exe
  C:\Windows\System\MfSPZuk.exe
  2⤵
  PID:10972
- C:\Windows\System\zKScyKa.exe
  C:\Windows\System\zKScyKa.exe
  2⤵
  PID:11008
- C:\Windows\System\sMKRjfS.exe
  C:\Windows\System\sMKRjfS.exe
  2⤵
  PID:11032
- C:\Windows\System\OoYTIDK.exe
  C:\Windows\System\OoYTIDK.exe
  2⤵
  PID:11056
- C:\Windows\System\YvEtdBf.exe
  C:\Windows\System\YvEtdBf.exe
  2⤵
  PID:11084
- C:\Windows\System\hWIZkrc.exe
  C:\Windows\System\hWIZkrc.exe
  2⤵
  PID:11112
- C:\Windows\System\nMfyzOy.exe
  C:\Windows\System\nMfyzOy.exe
  2⤵
  PID:11128
- C:\Windows\System\ZtsDhRS.exe
  C:\Windows\System\ZtsDhRS.exe
  2⤵
  PID:11148
- C:\Windows\System\ZgWMFYB.exe
  C:\Windows\System\ZgWMFYB.exe
  2⤵
  PID:11172
- C:\Windows\System\UxIxAmh.exe
  C:\Windows\System\UxIxAmh.exe
  2⤵
  PID:11228
- C:\Windows\System\tuaUinj.exe
  C:\Windows\System\tuaUinj.exe
  2⤵
  PID:11248
- C:\Windows\System\JPtvYye.exe
  C:\Windows\System\JPtvYye.exe
  2⤵
  PID:9884
- C:\Windows\System\QUZelSm.exe
  C:\Windows\System\QUZelSm.exe
  2⤵
  PID:10272
- C:\Windows\System\skxmsUn.exe
  C:\Windows\System\skxmsUn.exe
  2⤵
  PID:9388
- C:\Windows\System\VvRbRqT.exe
  C:\Windows\System\VvRbRqT.exe
  2⤵
  PID:10340
- C:\Windows\System\bBoFbdR.exe
  C:\Windows\System\bBoFbdR.exe
  2⤵
  PID:10444
- C:\Windows\System\lnujjAG.exe
  C:\Windows\System\lnujjAG.exe
  2⤵
  PID:10472
- C:\Windows\System\zSnIwzL.exe
  C:\Windows\System\zSnIwzL.exe
  2⤵
  PID:10540
- C:\Windows\System\xVKfHQo.exe
  C:\Windows\System\xVKfHQo.exe
  2⤵
  PID:10588
- C:\Windows\System\HBftlYU.exe
  C:\Windows\System\HBftlYU.exe
  2⤵
  PID:10720
- C:\Windows\System\olkdwua.exe
  C:\Windows\System\olkdwua.exe
  2⤵
  PID:10780
- C:\Windows\System\sHoXoIt.exe
  C:\Windows\System\sHoXoIt.exe
  2⤵
  PID:10836
- C:\Windows\System\DWpTsnA.exe
  C:\Windows\System\DWpTsnA.exe
  2⤵
  PID:10924
- C:\Windows\System\kVfRhsG.exe
  C:\Windows\System\kVfRhsG.exe
  2⤵
  PID:10976
- C:\Windows\System\ijyPzCQ.exe
  C:\Windows\System\ijyPzCQ.exe
  2⤵
  PID:11040
- C:\Windows\System\hSbGTEr.exe
  C:\Windows\System\hSbGTEr.exe
  2⤵
  PID:11096
- C:\Windows\System\ADPkYvU.exe
  C:\Windows\System\ADPkYvU.exe
  2⤵
  PID:11124
- C:\Windows\System\fcShmhZ.exe
  C:\Windows\System\fcShmhZ.exe
  2⤵
  PID:9708
- C:\Windows\System\JlLPclG.exe
  C:\Windows\System\JlLPclG.exe
  2⤵
  PID:9264
- C:\Windows\System\IJKLSUj.exe
  C:\Windows\System\IJKLSUj.exe
  2⤵
  PID:10292
- C:\Windows\System\IOmwjQK.exe
  C:\Windows\System\IOmwjQK.exe
  2⤵
  PID:10516
- C:\Windows\System\hAyWzwC.exe
  C:\Windows\System\hAyWzwC.exe
  2⤵
  PID:10632
- C:\Windows\System\LbZlxFE.exe
  C:\Windows\System\LbZlxFE.exe
  2⤵
  PID:10800
- C:\Windows\System\gnPWeFQ.exe
  C:\Windows\System\gnPWeFQ.exe
  2⤵
  PID:10964
- C:\Windows\System\NkHfHQi.exe
  C:\Windows\System\NkHfHQi.exe
  2⤵
  PID:11136
- C:\Windows\System\LUPeXKU.exe
  C:\Windows\System\LUPeXKU.exe
  2⤵
  PID:10236
- C:\Windows\System\swjNUBV.exe
  C:\Windows\System\swjNUBV.exe
  2⤵
  PID:10464
- C:\Windows\System\gLbIaKw.exe
  C:\Windows\System\gLbIaKw.exe
  2⤵
  PID:11068
- C:\Windows\System\HNlmTdy.exe
  C:\Windows\System\HNlmTdy.exe
  2⤵
  PID:10256
- C:\Windows\System\KhMJWQn.exe
  C:\Windows\System\KhMJWQn.exe
  2⤵
  PID:10452
- C:\Windows\System\MeFAyOD.exe
  C:\Windows\System\MeFAyOD.exe
  2⤵
  PID:11284
- C:\Windows\System\GwOULzo.exe
  C:\Windows\System\GwOULzo.exe
  2⤵
  PID:11304
- C:\Windows\System\chvsIep.exe
  C:\Windows\System\chvsIep.exe
  2⤵
  PID:11400
- C:\Windows\System\nrkRjfS.exe
  C:\Windows\System\nrkRjfS.exe
  2⤵
  PID:11416
- C:\Windows\System\cDSXQIz.exe
  C:\Windows\System\cDSXQIz.exe
  2⤵
  PID:11436
- C:\Windows\System\hoviIWr.exe
  C:\Windows\System\hoviIWr.exe
  2⤵
  PID:11460
- C:\Windows\System\kaDBSYV.exe
  C:\Windows\System\kaDBSYV.exe
  2⤵
  PID:11484
- C:\Windows\System\EJTkDkT.exe
  C:\Windows\System\EJTkDkT.exe
  2⤵
  PID:11520
- C:\Windows\System\aEoQcDe.exe
  C:\Windows\System\aEoQcDe.exe
  2⤵
  PID:11548
- C:\Windows\System\FPgDdwP.exe
  C:\Windows\System\FPgDdwP.exe
  2⤵
  PID:11568
- C:\Windows\System\qLCICWd.exe
  C:\Windows\System\qLCICWd.exe
  2⤵
  PID:11588
- C:\Windows\System\uIenOOE.exe
  C:\Windows\System\uIenOOE.exe
  2⤵
  PID:11616
- C:\Windows\System\eRxchvL.exe
  C:\Windows\System\eRxchvL.exe
  2⤵
  PID:11636
- C:\Windows\System\TrfDeCL.exe
  C:\Windows\System\TrfDeCL.exe
  2⤵
  PID:11684
- C:\Windows\System\SMtXsag.exe
  C:\Windows\System\SMtXsag.exe
  2⤵
  PID:11700
- C:\Windows\System\ncoHJOL.exe
  C:\Windows\System\ncoHJOL.exe
  2⤵
  PID:11728
- C:\Windows\System\kCWbQoe.exe
  C:\Windows\System\kCWbQoe.exe
  2⤵
  PID:11748
- C:\Windows\System\WPOHOfc.exe
  C:\Windows\System\WPOHOfc.exe
  2⤵
  PID:11764
- C:\Windows\System\QaFTybE.exe
  C:\Windows\System\QaFTybE.exe
  2⤵
  PID:11784
- C:\Windows\System\IdIkjrX.exe
  C:\Windows\System\IdIkjrX.exe
  2⤵
  PID:11820
- C:\Windows\System\XtmyJLw.exe
  C:\Windows\System\XtmyJLw.exe
  2⤵
  PID:11840
- C:\Windows\System\oPGmuOA.exe
  C:\Windows\System\oPGmuOA.exe
  2⤵
  PID:11888
- C:\Windows\System\mDcXsEX.exe
  C:\Windows\System\mDcXsEX.exe
  2⤵
  PID:11916
- C:\Windows\System\lAhabGO.exe
  C:\Windows\System\lAhabGO.exe
  2⤵
  PID:11952
- C:\Windows\System\usvzlQC.exe
  C:\Windows\System\usvzlQC.exe
  2⤵
  PID:11988
- C:\Windows\System\mtViVOY.exe
  C:\Windows\System\mtViVOY.exe
  2⤵
  PID:12016
- C:\Windows\System\oeRisqg.exe
  C:\Windows\System\oeRisqg.exe
  2⤵
  PID:12060
- C:\Windows\System\dyDLXHW.exe
  C:\Windows\System\dyDLXHW.exe
  2⤵
  PID:12084
- C:\Windows\System\xnGTtdA.exe
  C:\Windows\System\xnGTtdA.exe
  2⤵
  PID:12100
- C:\Windows\System\mLpgYrX.exe
  C:\Windows\System\mLpgYrX.exe
  2⤵
  PID:12148
- C:\Windows\System\dfhsKrM.exe
  C:\Windows\System\dfhsKrM.exe
  2⤵
  PID:12164
- C:\Windows\System\INEoAGR.exe
  C:\Windows\System\INEoAGR.exe
  2⤵
  PID:12192
- C:\Windows\System\LmPcgdp.exe
  C:\Windows\System\LmPcgdp.exe
  2⤵
  PID:12220
- C:\Windows\System\kyAwYGH.exe
  C:\Windows\System\kyAwYGH.exe
  2⤵
  PID:12240
- C:\Windows\System\MQpwOWg.exe
  C:\Windows\System\MQpwOWg.exe
  2⤵
  PID:12256
- C:\Windows\System\fTDeDuL.exe
  C:\Windows\System\fTDeDuL.exe
  2⤵
  PID:10968
- C:\Windows\System\BNxEBXy.exe
  C:\Windows\System\BNxEBXy.exe
  2⤵
  PID:11320
- C:\Windows\System\rWRmjxk.exe
  C:\Windows\System\rWRmjxk.exe
  2⤵
  PID:11300
- C:\Windows\System\QcRRuEl.exe
  C:\Windows\System\QcRRuEl.exe
  2⤵
  PID:11344
- C:\Windows\System\xOnOlqK.exe
  C:\Windows\System\xOnOlqK.exe
  2⤵
  PID:11428
- C:\Windows\System\sQnfXLM.exe
  C:\Windows\System\sQnfXLM.exe
  2⤵
  PID:11500
- C:\Windows\System\HmoHUKD.exe
  C:\Windows\System\HmoHUKD.exe
  2⤵
  PID:11584
- C:\Windows\System\PAdcCDy.exe
  C:\Windows\System\PAdcCDy.exe
  2⤵
  PID:11656
- C:\Windows\System\wzrDGOF.exe
  C:\Windows\System\wzrDGOF.exe
  2⤵
  PID:11716
- C:\Windows\System\TfHsqnM.exe
  C:\Windows\System\TfHsqnM.exe
  2⤵
  PID:11776
- C:\Windows\System\fuufGAC.exe
  C:\Windows\System\fuufGAC.exe
  2⤵
  PID:11828
- C:\Windows\System\yRcnyOY.exe
  C:\Windows\System\yRcnyOY.exe
  2⤵
  PID:11940
- C:\Windows\System\cKnCCdt.exe
  C:\Windows\System\cKnCCdt.exe
  2⤵
  PID:11936
- C:\Windows\System\VFUqMVx.exe
  C:\Windows\System\VFUqMVx.exe
  2⤵
  PID:12044
- C:\Windows\System\FeDDIGU.exe
  C:\Windows\System\FeDDIGU.exe
  2⤵
  PID:12108
- C:\Windows\System\vtaDAhb.exe
  C:\Windows\System\vtaDAhb.exe
  2⤵
  PID:12156
- C:\Windows\System\oNWDotA.exe
  C:\Windows\System\oNWDotA.exe
  2⤵
  PID:12204
- C:\Windows\System\FxUfPEJ.exe
  C:\Windows\System\FxUfPEJ.exe
  2⤵
  PID:12236
- C:\Windows\System\kxePXwN.exe
  C:\Windows\System\kxePXwN.exe
  2⤵
  PID:11280
- C:\Windows\System\wdteSUY.exe
  C:\Windows\System\wdteSUY.exe
  2⤵
  PID:11444
- C:\Windows\System\wPvUzOR.exe
  C:\Windows\System\wPvUzOR.exe
  2⤵
  PID:11544
- C:\Windows\System\EMAokvQ.exe
  C:\Windows\System\EMAokvQ.exe
  2⤵
  PID:11812
- C:\Windows\System\bQyVnDj.exe
  C:\Windows\System\bQyVnDj.exe
  2⤵
  PID:11868
- C:\Windows\System\NvxeRqz.exe
  C:\Windows\System\NvxeRqz.exe
  2⤵
  PID:540
- C:\Windows\System\bQGoYQc.exe
  C:\Windows\System\bQGoYQc.exe
  2⤵
  PID:11908
- C:\Windows\System\DPxKbhv.exe
  C:\Windows\System\DPxKbhv.exe
  2⤵
  PID:12036
- C:\Windows\System\LWUWSKA.exe
  C:\Windows\System\LWUWSKA.exe
  2⤵
  PID:12212
- C:\Windows\System\mhXGswI.exe
  C:\Windows\System\mhXGswI.exe
  2⤵
  PID:11632
- C:\Windows\System\VBOSTfe.exe
  C:\Windows\System\VBOSTfe.exe
  2⤵
  PID:3256
- C:\Windows\System\blBqItP.exe
  C:\Windows\System\blBqItP.exe
  2⤵
  PID:11816
- C:\Windows\System\YIDTucn.exe
  C:\Windows\System\YIDTucn.exe
  2⤵
  PID:12304
- C:\Windows\System\JNHsjFj.exe
  C:\Windows\System\JNHsjFj.exe
  2⤵
  PID:12328
- C:\Windows\System\VjvgdIx.exe
  C:\Windows\System\VjvgdIx.exe
  2⤵
  PID:12356
- C:\Windows\System\ghkqcOn.exe
  C:\Windows\System\ghkqcOn.exe
  2⤵
  PID:12384
- C:\Windows\System\UmdbwUs.exe
  C:\Windows\System\UmdbwUs.exe
  2⤵
  PID:12436
- C:\Windows\System\miPWUvy.exe
  C:\Windows\System\miPWUvy.exe
  2⤵
  PID:12464
- C:\Windows\System\vxjgcNN.exe
  C:\Windows\System\vxjgcNN.exe
  2⤵
  PID:12480
- C:\Windows\System\jXfIMmD.exe
  C:\Windows\System\jXfIMmD.exe
  2⤵
  PID:12500
- C:\Windows\System\uHbcEZf.exe
  C:\Windows\System\uHbcEZf.exe
  2⤵
  PID:12548
- C:\Windows\System\HPMaxTD.exe
  C:\Windows\System\HPMaxTD.exe
  2⤵
  PID:12592
- C:\Windows\System\sEprNmx.exe
  C:\Windows\System\sEprNmx.exe
  2⤵
  PID:12616
- C:\Windows\System\LpoFuMb.exe
  C:\Windows\System\LpoFuMb.exe
  2⤵
  PID:12644
- C:\Windows\System\cVlKUCR.exe
  C:\Windows\System\cVlKUCR.exe
  2⤵
  PID:12664
- C:\Windows\System\aAHxEEc.exe
  C:\Windows\System\aAHxEEc.exe
  2⤵
  PID:12688
- C:\Windows\System\TKTdzke.exe
  C:\Windows\System\TKTdzke.exe
  2⤵
  PID:12712
- C:\Windows\System\xgvIfxf.exe
  C:\Windows\System\xgvIfxf.exe
  2⤵
  PID:12736
- C:\Windows\System\VWbPyNr.exe
  C:\Windows\System\VWbPyNr.exe
  2⤵
  PID:12760
- C:\Windows\System\pHtlBYZ.exe
  C:\Windows\System\pHtlBYZ.exe
  2⤵
  PID:12780
- C:\Windows\System\QeVGhfV.exe
  C:\Windows\System\QeVGhfV.exe
  2⤵
  PID:12796
- C:\Windows\System\TFSylnW.exe
  C:\Windows\System\TFSylnW.exe
  2⤵
  PID:12824
- C:\Windows\System\YPBOnQh.exe
  C:\Windows\System\YPBOnQh.exe
  2⤵
  PID:12876
- C:\Windows\System\ZGRdjcI.exe
  C:\Windows\System\ZGRdjcI.exe
  2⤵
  PID:12900
- C:\Windows\System\OuyfToW.exe
  C:\Windows\System\OuyfToW.exe
  2⤵
  PID:12920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jhrtwstk.mur.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AVaJVfH.exe

Filesize
1.7MB

MD5
4fd3a826a9f8b3e1565d298ce3631949

SHA1
309edda5c14dca9e05250e7813a85a0f231b1033

SHA256
33fcd34d910dbdb0e01ca258c8f109b8d5e76ce35d35be63ca79c2a25b68f5d9

SHA512
04ff7fe052876a651d7890fb3be029a63629e5050417c17115140fd4c2717865b27692e103c6e833ba3cd04aba61bd068e8ee394713d3e3be88842a6e05e6327

Download Submit
C:\Windows\System\AcXeItU.exe

Filesize
1.7MB

MD5
c14cce48ce73b9913e558ca764476c1f

SHA1
104ff47a6dbacc87fb863b6521cfaf65f0a52437

SHA256
5d6dff7af4aa1d3fe6cad12371b18c882548d4ee477c91810b10fbcd40902e2f

SHA512
ae3783213479abe5bdfcbe105ae89c2eb9c0fa8c4960c03f696c6d24649d7dba9a718cca906fc2fd7312034ab9b4bfb5cdbaa5b0528a7008d92f451c8b06f341

Download Submit
C:\Windows\System\BpObqCn.exe

Filesize
1.7MB

MD5
0facfe7ae8992daacc15c4a1976aed84

SHA1
66223a6e78e0c39cad452ffdd049f8a6a41a46cb

SHA256
1e270f775b71a898b478a84c4ec9f9c47976909879f3f07958e5bafdd2229280

SHA512
90473f5bf054d3224f3451fb2169e6ef0ee076eb241eb80371807afba6c2e5f5eafd21de55ece10f6febb799bd8ccaefc2c5e3eef999701e2e539f650565efbf

Download Submit
C:\Windows\System\DuZolzy.exe

Filesize
1.7MB

MD5
362c1ab6b95b79f115394f771df4792b

SHA1
4e58f14d35f65a96e48eac89445b1d4796430087

SHA256
07ac55a7851633c7472940ac9cb957d61bc6feeefed5fa00379eb40e9e1db7f4

SHA512
ec33c400c6035b8ef78a06b7c42a65c2b50d528660fd39ea5e479171ec0af57a86fe7929434a8c9eb431903ea0b2d304008416ed958297a6861d0a1b8c88714b

Download Submit
C:\Windows\System\EuhEhJb.exe

Filesize
1.7MB

MD5
5dc789b1f8f8aaa0f2c0e679f36a8425

SHA1
179e3d30fd874c369426b0c766c1c5b4f6244b29

SHA256
157475a05fb90d0a5ba6456784c0b07f226bea3f180f700cf57a7495f5d7eb68

SHA512
a575a30cfd13f533557baa6e13e7b1c07a6fa41ebda8141b9f08d37f6942d17c3fef7bd2dd936bab81acfcb1e9ec80508e88748d451021960f488feb84eefaee

Download Submit
C:\Windows\System\JBhmPJw.exe

Filesize
1.7MB

MD5
48fe8562ef5fc50bdf0f442cb898b7c8

SHA1
f674d807fc3c1021cd1fd7c3b68abbd2781493f0

SHA256
44c1422bcce275e541ac58d83b675e8aab0dcc1d02150caacb2d574652d42e46

SHA512
e8fda07beb00170d12e206f12adb83e56489821a392fd996d8fed38a0df2bc0e8d66e008a9146dccf87bb0b8a37df2bf810a838d2ff4fd9901b6f93fe051aa43

Download Submit
C:\Windows\System\JmzmkLL.exe

Filesize
1.7MB

MD5
1bf3f593893c6e17fb61303bdd91d84a

SHA1
1a7916c46bf6cf2af440f80ab5b88e96165f4c7f

SHA256
d390118986b581ea74bcafd2d3db6ec2ce82f15cd33437ca361c69f9c3aac00e

SHA512
05339069892162504117c9f4ed5cdf59f11e4e9648c6b76be34541b2f3c783b83491ea34b7d6ec8d17bd368fb5e599222634fe28c8f75603c7de12ab605bdf6a

Download Submit
C:\Windows\System\LUIYhDH.exe

Filesize
1.7MB

MD5
4ebc2eb2f81fccb0f606c94d01fe193d

SHA1
46498111a5506afbf821b21926dc2c0f0ef901ec

SHA256
be797845b739143ba35369384ac46c245656a6370c31afbf15554d315bd80cb4

SHA512
dad4750b7c046a4147bdcaf5146e3adf5c2974f1617b6e8dc3549c355c784896a975f1bddfdd6494526fd789c4d2981a5dd523ab4cf9f6247b20316b2177eadc

Download Submit
C:\Windows\System\MQyycxJ.exe

Filesize
1.7MB

MD5
9e995daac439e8968d9208e7822268c8

SHA1
dba42134a642cb3d7dda80074308fde2fc80bfdf

SHA256
836afae1c0b8416b67f830866428da2f56f33d5aa72f4bfdda2dcc46c3988d0e

SHA512
68f23ecae405dcfce8129164b2a6ba0fdf29177089811adfcc313186ecf7845375e1eddc72541fbbc96164c65232f3f726382fd07fa095b77c49a2cf5c6bd9ae

Download Submit
C:\Windows\System\MiNoqhM.exe

Filesize
1.7MB

MD5
ebf14811bc68578004be1781aaaafd33

SHA1
df2f5e3019a653bb7d7abf4e636b5a1482444d6a

SHA256
8eaaa2df467bf04a439b8ef9b79cfe6ed58cda4c159991dffdadee30959d5862

SHA512
6e876c20ff1b75e0ffe95b20a3b6ccf62d974cb5455ed64235b8f98664bb77830795570f64ce71efe166fd5c18a9d587c05984f619cf86583f9bfab78434aea1

Download Submit
C:\Windows\System\PxfbPPp.exe

Filesize
1.7MB

MD5
83894c060a6092ea6906404d45ad620b

SHA1
d929a2e2ab044631bdfa9ce5a465fff8e6e4bd62

SHA256
5dd92085528c7eb950ccf30d1c26186cc2423ece5dea3b2908f1e35f3cc6f4be

SHA512
ffb276517dcda58cb49dc9d9ca54eb82d95784eeb103d3b529ffb411597af5be8e3d362ff55d8487008b7fdcaf2c11456ca8981e356c103d8236320cb187917e

Download Submit
C:\Windows\System\SWuRgzU.exe

Filesize
1.7MB

MD5
36a77bb038b06ab63c6e408a80af346c

SHA1
bfe2836bba4985b9bf53b8bef929fe7b013406e7

SHA256
e7e6eae9bdf5e5c398addc07a82fa254ad5f9b7a00a3fefd87b2b2a0045fc66e

SHA512
e6f1e4984535cfa87880b282d4485c35e7baf340b68ab5e169991589e488e6ac3e2df478a6a8fd8fab253bad15ab5e98e01f0b2744bdefa8e867f5451dd0b4a0

Download Submit
C:\Windows\System\TkAgkEP.exe

Filesize
1.7MB

MD5
02a42f1b77d07669ac493d5f92ee19d7

SHA1
3abc48eed209e8df9578f29012f62d859a5d280e

SHA256
5d042c9044a05edc38232e170a078bbcf07c31d018b6c3906b2b014a66f32ff5

SHA512
a2d7c7e273107b4adfd87d55c3e222e80bdcb120080dd2e97bf63bb513ef6b83ce2e3ceaede445f1d19cd6b7d4c69162b7e490ecc879b43966a8e35dcb58954c

Download Submit
C:\Windows\System\TzkaelK.exe

Filesize
1.7MB

MD5
e96bc4c458d3cf7ea1e5dadd3a4cb156

SHA1
438bd1897856e582f55e7811bf48063b3b749317

SHA256
7a41c0c66e45b3acda66d0373257783b61930b8e606bcc4fc386a16c1b641bef

SHA512
6a1ebd1b2e4c56e849a27df812ccfc6d5244c0ace9c53a716541f3fd1bfd10aedb2e7c3e7000779b583f838e8f78061d06ebd82e9966b03f8acb3456f1a921ad

Download Submit
C:\Windows\System\YKiEfbY.exe

Filesize
1.7MB

MD5
de6ed521fb503df0cbeeda9a7e25dbc9

SHA1
46661763d23181212ac0d81c3e1440b031466430

SHA256
8661e19acaa5faac4066dbd6c70cddb5e4702408b3cd53a1c42b26b34e6232f8

SHA512
8dd28c9da6c010be3cd938a38be7dc3cce6365b8773716cf6cdc9e695cae9081fb3add25e1ff4cf4b685da3062653d78df86de501a124477edcceff5f1706d65

Download Submit
C:\Windows\System\YsMeTWK.exe

Filesize
1.7MB

MD5
5b115ffb746ca038aa5993bd979f22f0

SHA1
de5dc0c910c80bdea9ecaabd74b988d8d5008f7d

SHA256
c0d1ef79d260ef297518f1b45e014ba9364c1c4873d983d218eaf78f434288c6

SHA512
46eaa884e5823159e33bc160327c8f9552b3462088b14dbb716e1ef53f56a2a1f18a2dd75b11a22a721984aeab13835425ea144be1bb6720877adcef30892ff0

Download Submit
C:\Windows\System\cGLmfEh.exe

Filesize
8B

MD5
e216125f6ec8a71ed511fce858ed30eb

SHA1
050cc8d12c9a1af3716df8cd26567943726d3366

SHA256
2097394cabc160a9df2f746df2b02abe3caad35caebdb855f94e869ef6004673

SHA512
1ac9f8982e0ad73ffc5075b337a3e3f491f85f11a7d1a7e27a4798e5b39f52143905d90909f5a0732fa6e625f6b0719a56e5ded5ac563b3a5f32c20c4c30e446

Download Submit
C:\Windows\System\fcThbDU.exe

Filesize
1.7MB

MD5
99be1925dc2a9a50afec8349cfcd1eef

SHA1
41385f44ac07bae8757b9d968b4155d609577a8c

SHA256
46abf11a4f9483fdafc1c5031da62d5d8748c3e9a6f9de5a95c14ed9eda361a8

SHA512
f5224769792372fc77cc8ead3026f0b90b54c5d45bbeeb76628afac7e85416254cf5d6c42bda0bb000e19798c807718f976471045471572133466b44d02cd86d

Download Submit
C:\Windows\System\fpVajqz.exe

Filesize
1.7MB

MD5
6cf9a9386f6029fb2a7c691c58e91d7f

SHA1
d47f6c0fb1d2c6f88f2f47207b5dfcb11c45fccf

SHA256
9085cb2329cd1068083cfc50c45c22e401e7d8fdff41a393829717fba8c05b29

SHA512
9096d0da7fe123fb68f69f90cfe475b8ee1e82d44b66511a0912b1a66718c0b483cd1e38cb2925c99475357fffb0770733b08aaf04b870af5225e86e67929867

Download Submit
C:\Windows\System\gppWKwy.exe

Filesize
1.7MB

MD5
984474c9fcf78568748b8c75f61caa97

SHA1
bb57780d235cf39327dcb2dc770d9cc692f35938

SHA256
d93e71e9560095df06cd0205e7f5198b9cf48dacd496f9e88f1a69f086aeb376

SHA512
0bc1cab9ecd541b4dd4bb410e3c64ac3643e12093837a91cb0df3dc52bce8459bfd5f55fa722514930a53012ce44e8130c8a32b8954769810d501d19630ff132

Download Submit
C:\Windows\System\iKUEOzF.exe

Filesize
1.7MB

MD5
6bf0a6de3efb36371cc7318d6eea3543

SHA1
599ff2c8fa87445fc5c76c8f5ff9a33eae0c4708

SHA256
03a76e594f8abbf147d4d5c82502820e3e0eca7f5cec122c93e9834398d281ae

SHA512
1347148c947ac73c206e86da20e11e966ea96893d426d42a97b4626d9b9401daf924f231eb06e4be86a369fb0063039b6802c0c8d2e4be120a4c3943ba0f949b

Download Submit
C:\Windows\System\kBVLIJx.exe

Filesize
1.7MB

MD5
c27e0fc6a7bad0b0ccd23c1162bf276a

SHA1
534798b167bc69b83363b15b5757c6fb05f2bfa1

SHA256
4de6746d09fa8e40a88e7e6a51c90803c529a002e5eacab09f486912c8b0bff4

SHA512
5d9bf12a19b1b5e0cfe2fcd3666e03cef39178852238d245fbce0e6709ca164e2d9bb681e0a6da53c3a8b21909b92750f6b455e7e62bca243c2ad72f9080948d

Download Submit
C:\Windows\System\kllxCJE.exe

Filesize
1.7MB

MD5
876560f34e7c873fcfabd5442a87868c

SHA1
b9e461225dafc720c7dce795a5e84fdca28aa605

SHA256
0440ec91c0ccbfa013bd0b82c96574daecaf819480c8274e9471914faadc52a0

SHA512
e9ad1cb6c1f31e5ea63e390d51bc4d5db6e7d5546f536d7ce82e96e14c8f6f1db9dfb239836f58852ce7b264b40309ff7411125e1096fae3ff18c11fa0702233

Download Submit
C:\Windows\System\rVlcLKn.exe

Filesize
1.7MB

MD5
86d7e38432afbb2435c56e1cdce14dbe

SHA1
5d0f76cc1fed208841d7778ad00b54d15ab57c6e

SHA256
047c80318a7bf6d3f56441b26f0b7908a300cb109d2b60df3c6bdac8382335e9

SHA512
0004728cd48ba2442528968b2280569ab0a09ad13567b55d15b362c2c6503cdda12c283d070680b7ff2f1723d5588379ccb79e6cbad176f82ca1ea4f7b3212ee

Download Submit
C:\Windows\System\sPlrltV.exe

Filesize
1.7MB

MD5
ade0643f74cbc176f43ced108f74cbf1

SHA1
4410987c180f828f4692571a4ec485017cb4afa8

SHA256
a702ec8d5bf49b70fb9695835a2a4cd1345c66156980b1bffc5188236d599d7f

SHA512
ae265b3a767fda61d0a852f4f7fdc7b7c42f857b7a4d5fd64c7d66af037bf114bdad28e4b41406b1e1be7fafa484b8668e4e5045a6f53eb7cfb88afd7b3ea04b

Download Submit
C:\Windows\System\sbhZURx.exe

Filesize
1.7MB

MD5
5479ec33cab48bfeb1697c57a5606a3e

SHA1
3a64b4cc53cb43f97a72647f01ed62437a665350

SHA256
dc486860d71a264ca95e253b3299822dbc2dcd467d82e88b6ff889fb18711cba

SHA512
5d57b529e3ad700c7a6cdb37ea2740e70d6becf829d898a19b823dd8191cac0359e604f20896c57b2d6abff0d6e425c9c118f707b6fa5aeaeeb62b507c849726

Download Submit
C:\Windows\System\tubSyol.exe

Filesize
1.7MB

MD5
8e4ccc08640dfa6063dd14375d8e44af

SHA1
d02152a0de4dd3f7594a3fd0c46bd8a71dd64798

SHA256
040bba909fcf1a88ccb5269cee8988395d6f4facf1d2eadb1602185f24a8cebb

SHA512
3d39c1583f011a3f21cdc6e806c8799d0203bc5e4a2d3cfd2bf3044ca5642473dd1d29bc80fea6f46104c4495abed3b184158ef71a4d20bf56e69e8dda94bed6

Download Submit
C:\Windows\System\uVNrQzz.exe

Filesize
1.7MB

MD5
c0d5fb6dd5e53daa8e485e1a59078b84

SHA1
9a2352df8cd21652515da3973727d6b0116ae541

SHA256
8565029a492609fb5893bc9bb1541a2c01f95f21c139ec102bd8d0b62893f7e9

SHA512
c0d6472b650ff974200e37302e78ce072f980cf454b0f69e543228ae59164e45066b5ee8bdae558ed417bf7e3abb6946d48aea5b81af51cd9f04096a795064cc

Download Submit
C:\Windows\System\vNaegXJ.exe

Filesize
1.7MB

MD5
e1f82a6e864556cf0b27bba7287a1f6e

SHA1
79ac070cd3c109e4d625489effa4772ad2151fb0

SHA256
23df799ece562df1da6279aa5c1fb26d50d7b439c360902ad247a88b7aa0330d

SHA512
f501f891f754485addf7ca99f6188e6b97d10f24b3ed9be814e5a7cc584588d5d3cd7d84a08e6d796796cefd9578fbd9b44e8675e3d9644fe60a80299d647237

Download Submit
C:\Windows\System\vvvKDey.exe

Filesize
1.7MB

MD5
4960bd207231e83a6fa2d4b6b6b89b67

SHA1
f498f8cac87135d7ec605f3f9524d48f51911c51

SHA256
57c80fa3c9aba858f78d20a20ffd196ea28ddfcbae69308efc1da33477f1a081

SHA512
4168e0b19e752c08a8af757adc027229aca98ffa48d562d508fcd2d5d93ac92f8f135e15f271327224a400628ff0dec394835b03db8338c3039bbd8fab4f58fd

Download Submit
C:\Windows\System\wlAONvA.exe

Filesize
1.7MB

MD5
5ad1dc7060f477d888316876c8043765

SHA1
505f6e2771ab6c53d6a964102914d88e8ad76b9a

SHA256
0b97b518751d1f8a0bde7aa69bceb00b01988cec82b7c8e9b46eb1a840594d2f

SHA512
fb8d7bfc4b6cd6d5a3663a7f835ab7eb1d8ec1fd17c1113872a4be3e8cdb7f1736db8e4fbfb2fb8bca7c9db327b353245e4735feda9351065c1e9bb95f094e98

Download Submit
C:\Windows\System\xxnAyVJ.exe

Filesize
1.7MB

MD5
519a0c1297b0f9ac41a3ea607ec68b16

SHA1
4a6d674c867f7b95910d97e9f5eeebbe47964dc5

SHA256
2ee55dab98c69a2648ccf47f895de0f05da5dc002a39c544c9a6fd57a0bac66c

SHA512
df87c997758b9403266cb0afcd96e0df983337dbf4e8bb22aea582f843f17b35b06f9f5511706c4524d6a1e66ec911a248178eea539aa1130031e539124d4c56

Download Submit
C:\Windows\System\yEEENsI.exe

Filesize
1.7MB

MD5
178660255031935034544cec8ddcb4cd

SHA1
afbde25bb4804aee48069383847a5c2d34e79db4

SHA256
9490ad341861f48c8f74559ff874573c88048c93d560cd2fa6f7c0657a1f2541

SHA512
5167880b4f2e8f141a742bb012991608b757e991d160aae249f68bbdd8280c4f47ae28b91dbea24a802bcc9c2ae92882ab1b459745b2cf10062b24d7217a105a

Download Submit
C:\Windows\System\yMKaDDz.exe

Filesize
1.7MB

MD5
59f68f881be31298aade51edad77f272

SHA1
7b829cc4094eaa034e3ed38fe0ef625f444a84aa

SHA256
3fced0a26742ace1832032fd254ba71dbe9e63f211a74d211b8c4daa2d19df10

SHA512
989f830a3af16db7a28f6b1cf40f3096251090db4c51eb7c70e6b501453e47c9646a6207711ab4903bab7ef0646a53c0da6d3d4109050b370b397e799b4a0f8c

Download Submit
memory/512-2584-0x00007FF7FEA70000-0x00007FF7FEE62000-memory.dmp

Filesize
3.9MB

Download
memory/512-463-0x00007FF7FEA70000-0x00007FF7FEE62000-memory.dmp

Filesize
3.9MB

Download
memory/892-2546-0x00007FF6325D0000-0x00007FF6329C2000-memory.dmp

Filesize
3.9MB

Download
memory/892-419-0x00007FF6325D0000-0x00007FF6329C2000-memory.dmp

Filesize
3.9MB

Download
memory/1328-443-0x00007FF6632F0000-0x00007FF6636E2000-memory.dmp

Filesize
3.9MB

Download
memory/1328-2570-0x00007FF6632F0000-0x00007FF6636E2000-memory.dmp

Filesize
3.9MB

Download
memory/1428-0-0x00007FF74FC90000-0x00007FF750082000-memory.dmp

Filesize
3.9MB

Download
memory/1428-1-0x000001D2AC640000-0x000001D2AC650000-memory.dmp

Filesize
64KB

Download
memory/1644-384-0x00007FF6F0080000-0x00007FF6F0472000-memory.dmp

Filesize
3.9MB

Download
memory/1644-2590-0x00007FF6F0080000-0x00007FF6F0472000-memory.dmp

Filesize
3.9MB

Download
memory/2172-2591-0x00007FF783090000-0x00007FF783482000-memory.dmp

Filesize
3.9MB

Download
memory/2172-380-0x00007FF783090000-0x00007FF783482000-memory.dmp

Filesize
3.9MB

Download
memory/2288-2548-0x00007FF6D7370000-0x00007FF6D7762000-memory.dmp

Filesize
3.9MB

Download
memory/2288-48-0x00007FF6D7370000-0x00007FF6D7762000-memory.dmp

Filesize
3.9MB

Download
memory/2588-375-0x00007FF74E710000-0x00007FF74EB02000-memory.dmp

Filesize
3.9MB

Download
memory/2588-2592-0x00007FF74E710000-0x00007FF74EB02000-memory.dmp

Filesize
3.9MB

Download
memory/2600-2550-0x00007FF6D8360000-0x00007FF6D8752000-memory.dmp

Filesize
3.9MB

Download
memory/2600-66-0x00007FF6D8360000-0x00007FF6D8752000-memory.dmp

Filesize
3.9MB

Download
memory/2628-2588-0x00007FF631AF0000-0x00007FF631EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2628-177-0x00007FF631AF0000-0x00007FF631EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2728-2563-0x00007FF7CE0F0000-0x00007FF7CE4E2000-memory.dmp

Filesize
3.9MB

Download
memory/2728-90-0x00007FF7CE0F0000-0x00007FF7CE4E2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-73-0x00007FF6F2DA0000-0x00007FF6F3192000-memory.dmp

Filesize
3.9MB

Download
memory/2952-2552-0x00007FF6F2DA0000-0x00007FF6F3192000-memory.dmp

Filesize
3.9MB

Download
memory/3232-542-0x000001A3C5430000-0x000001A3C5BD6000-memory.dmp

Filesize
7.6MB

Download
memory/3232-406-0x00007FF9F8D10000-0x00007FF9F97D1000-memory.dmp

Filesize
10.8MB

Download
memory/3232-43-0x00007FF9F8D10000-0x00007FF9F97D1000-memory.dmp

Filesize
10.8MB

Download
memory/3232-24-0x000001A3C47D0000-0x000001A3C47F2000-memory.dmp

Filesize
136KB

Download
memory/3232-5-0x00007FF9F8D13000-0x00007FF9F8D15000-memory.dmp

Filesize
8KB

Download
memory/3232-2519-0x00007FF9F8D13000-0x00007FF9F8D15000-memory.dmp

Filesize
8KB

Download
memory/3232-2520-0x00007FF9F8D10000-0x00007FF9F97D1000-memory.dmp

Filesize
10.8MB

Download
memory/3232-2529-0x00007FF9F8D10000-0x00007FF9F97D1000-memory.dmp

Filesize
10.8MB

Download
memory/3276-2583-0x00007FF68C550000-0x00007FF68C942000-memory.dmp

Filesize
3.9MB

Download
memory/3276-165-0x00007FF68C550000-0x00007FF68C942000-memory.dmp

Filesize
3.9MB

Download
memory/3288-2569-0x00007FF7BEE80000-0x00007FF7BF272000-memory.dmp

Filesize
3.9MB

Download
memory/3288-156-0x00007FF7BEE80000-0x00007FF7BF272000-memory.dmp

Filesize
3.9MB

Download
memory/3344-470-0x00007FF7D6150000-0x00007FF7D6542000-memory.dmp

Filesize
3.9MB

Download
memory/3344-2589-0x00007FF7D6150000-0x00007FF7D6542000-memory.dmp

Filesize
3.9MB

Download
memory/3520-368-0x00007FF74AF60000-0x00007FF74B352000-memory.dmp

Filesize
3.9MB

Download
memory/3520-2594-0x00007FF74AF60000-0x00007FF74B352000-memory.dmp

Filesize
3.9MB

Download
memory/3612-422-0x00007FF6BC550000-0x00007FF6BC942000-memory.dmp

Filesize
3.9MB

Download
memory/3612-2556-0x00007FF6BC550000-0x00007FF6BC942000-memory.dmp

Filesize
3.9MB

Download
memory/3780-78-0x00007FF7F4CF0000-0x00007FF7F50E2000-memory.dmp

Filesize
3.9MB

Download
memory/3780-2554-0x00007FF7F4CF0000-0x00007FF7F50E2000-memory.dmp

Filesize
3.9MB

Download
memory/3996-2585-0x00007FF79FF80000-0x00007FF7A0372000-memory.dmp

Filesize
3.9MB

Download
memory/3996-377-0x00007FF79FF80000-0x00007FF7A0372000-memory.dmp

Filesize
3.9MB

Download
memory/4124-2566-0x00007FF72B2C0000-0x00007FF72B6B2000-memory.dmp

Filesize
3.9MB

Download
memory/4124-82-0x00007FF72B2C0000-0x00007FF72B6B2000-memory.dmp

Filesize
3.9MB

Download
memory/4176-361-0x00007FF75F4B0000-0x00007FF75F8A2000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2587-0x00007FF75F4B0000-0x00007FF75F8A2000-memory.dmp

Filesize
3.9MB

Download
memory/4620-144-0x00007FF6D7A80000-0x00007FF6D7E72000-memory.dmp

Filesize
3.9MB

Download
memory/4620-2561-0x00007FF6D7A80000-0x00007FF6D7E72000-memory.dmp

Filesize
3.9MB

Download
memory/4716-2559-0x00007FF615E10000-0x00007FF616202000-memory.dmp

Filesize
3.9MB

Download
memory/4716-155-0x00007FF615E10000-0x00007FF616202000-memory.dmp

Filesize
3.9MB

Download
memory/4972-467-0x00007FF7C0FA0000-0x00007FF7C1392000-memory.dmp

Filesize
3.9MB

Download
memory/4972-2586-0x00007FF7C0FA0000-0x00007FF7C1392000-memory.dmp

Filesize
3.9MB

Download
memory/5076-2565-0x00007FF7948D0000-0x00007FF794CC2000-memory.dmp

Filesize
3.9MB

Download
memory/5076-436-0x00007FF7948D0000-0x00007FF794CC2000-memory.dmp

Filesize
3.9MB

Download