xmrig | ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a

Analysis

max time kernel
158s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
Size

2.6MB
MD5

676be144bad2c503294a13d928ee3aa8
SHA1

92004ce8e6782d566c9c2417d4003731eacab7a8
SHA256

ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a
SHA512

1ffb5318172d3466a981aec70e4af00979598601190ffc87542cd32e5e40df89569106683cd1503e5780de36ab747aeb207ef0e1ea16128eb1053c9e5f113e90
SSDEEP

49152:S1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0IlnASEx/uI3:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2Rm

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/3356-0-0x00007FF664250000-0x00007FF664646000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0009000000023213-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023216-10.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5108-13-0x00007FF61AC00000-0x00007FF61AFF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2576-14-0x00007FF61C2C0000-0x00007FF61C6B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002321b-27.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002321d-32.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002321e-38.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023220-43.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023222-54.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023224-73.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023225-80.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023227-84.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023226-87.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322a-101.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322b-107.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322c-111.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322d-119.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023231-131.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023233-141.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023235-157.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002323a-178.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002323b-181.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023239-176.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023238-172.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023237-167.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023236-162.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023234-152.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023232-142.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023230-134.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322f-129.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002322e-124.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023229-97.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023228-92.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5028-79-0x00007FF7D2D70000-0x00007FF7D3166000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3276-66-0x00007FF684D60000-0x00007FF685156000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023223-61.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023221-60.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1872-52-0x00007FF74A390000-0x00007FF74A786000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2820-265-0x00007FF7C1610000-0x00007FF7C1A06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1052-267-0x00007FF757400000-0x00007FF7577F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1824-269-0x00007FF64CA90000-0x00007FF64CE86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4692-276-0x00007FF7C3770000-0x00007FF7C3B66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3092-286-0x00007FF6E8CF0000-0x00007FF6E90E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1580-307-0x00007FF7D1E60000-0x00007FF7D2256000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4368-324-0x00007FF7F7F40000-0x00007FF7F8336000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1104-335-0x00007FF766F40000-0x00007FF767336000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3588-341-0x00007FF7CF710000-0x00007FF7CFB06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5076-356-0x00007FF749AA0000-0x00007FF749E96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/736-364-0x00007FF6ECFC0000-0x00007FF6ED3B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/768-369-0x00007FF642E80000-0x00007FF643276000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4660-379-0x00007FF6E2560000-0x00007FF6E2956000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3028-382-0x00007FF613F30000-0x00007FF614326000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1444-383-0x00007FF688790000-0x00007FF688B86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1976-384-0x00007FF7B4750000-0x00007FF7B4B46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3060-386-0x00007FF6D21C0000-0x00007FF6D25B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3820-395-0x00007FF655700000-0x00007FF655AF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3352-396-0x00007FF763C70000-0x00007FF764066000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3388-397-0x00007FF709070000-0x00007FF709466000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1472-398-0x00007FF7EC160000-0x00007FF7EC556000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2076-399-0x00007FF7AF100000-0x00007FF7AF4F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2572-400-0x00007FF759B80000-0x00007FF759F76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4924-401-0x00007FF6CCD90000-0x00007FF6CD186000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4304-402-0x00007FF64E8C0000-0x00007FF64ECB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3356-0-0x00007FF664250000-0x00007FF664646000-memory.dmp	UPX
behavioral2/files/0x0009000000023213-5.dat	UPX
behavioral2/files/0x0008000000023216-10.dat	UPX
behavioral2/memory/5108-13-0x00007FF61AC00000-0x00007FF61AFF6000-memory.dmp	UPX
behavioral2/memory/2576-14-0x00007FF61C2C0000-0x00007FF61C6B6000-memory.dmp	UPX
behavioral2/files/0x000700000002321b-27.dat	UPX
behavioral2/files/0x000800000002321d-32.dat	UPX
behavioral2/files/0x000700000002321e-38.dat	UPX
behavioral2/files/0x0007000000023220-43.dat	UPX
behavioral2/files/0x0007000000023222-54.dat	UPX
behavioral2/files/0x0007000000023224-73.dat	UPX
behavioral2/files/0x0007000000023225-80.dat	UPX
behavioral2/files/0x0007000000023227-84.dat	UPX
behavioral2/files/0x0007000000023226-87.dat	UPX
behavioral2/files/0x000700000002322a-101.dat	UPX
behavioral2/files/0x000700000002322b-107.dat	UPX
behavioral2/files/0x000700000002322c-111.dat	UPX
behavioral2/files/0x000700000002322d-119.dat	UPX
behavioral2/files/0x0007000000023231-131.dat	UPX
behavioral2/files/0x0007000000023233-141.dat	UPX
behavioral2/files/0x0007000000023235-157.dat	UPX
behavioral2/files/0x000700000002323a-178.dat	UPX
behavioral2/files/0x000700000002323b-181.dat	UPX
behavioral2/files/0x0007000000023239-176.dat	UPX
behavioral2/files/0x0007000000023238-172.dat	UPX
behavioral2/files/0x0007000000023237-167.dat	UPX
behavioral2/files/0x0007000000023236-162.dat	UPX
behavioral2/files/0x0007000000023234-152.dat	UPX
behavioral2/files/0x0007000000023232-142.dat	UPX
behavioral2/files/0x0007000000023230-134.dat	UPX
behavioral2/files/0x000700000002322f-129.dat	UPX
behavioral2/files/0x000700000002322e-124.dat	UPX
behavioral2/files/0x0007000000023229-97.dat	UPX
behavioral2/files/0x0007000000023228-92.dat	UPX
behavioral2/memory/5028-79-0x00007FF7D2D70000-0x00007FF7D3166000-memory.dmp	UPX
behavioral2/memory/3276-66-0x00007FF684D60000-0x00007FF685156000-memory.dmp	UPX
behavioral2/files/0x0007000000023223-61.dat	UPX
behavioral2/files/0x0007000000023221-60.dat	UPX
behavioral2/memory/1872-52-0x00007FF74A390000-0x00007FF74A786000-memory.dmp	UPX
behavioral2/memory/2820-265-0x00007FF7C1610000-0x00007FF7C1A06000-memory.dmp	UPX
behavioral2/memory/1052-267-0x00007FF757400000-0x00007FF7577F6000-memory.dmp	UPX
behavioral2/memory/1824-269-0x00007FF64CA90000-0x00007FF64CE86000-memory.dmp	UPX
behavioral2/memory/4692-276-0x00007FF7C3770000-0x00007FF7C3B66000-memory.dmp	UPX
behavioral2/memory/3092-286-0x00007FF6E8CF0000-0x00007FF6E90E6000-memory.dmp	UPX
behavioral2/memory/1580-307-0x00007FF7D1E60000-0x00007FF7D2256000-memory.dmp	UPX
behavioral2/memory/4368-324-0x00007FF7F7F40000-0x00007FF7F8336000-memory.dmp	UPX
behavioral2/memory/1104-335-0x00007FF766F40000-0x00007FF767336000-memory.dmp	UPX
behavioral2/memory/3588-341-0x00007FF7CF710000-0x00007FF7CFB06000-memory.dmp	UPX
behavioral2/memory/5076-356-0x00007FF749AA0000-0x00007FF749E96000-memory.dmp	UPX
behavioral2/memory/736-364-0x00007FF6ECFC0000-0x00007FF6ED3B6000-memory.dmp	UPX
behavioral2/memory/768-369-0x00007FF642E80000-0x00007FF643276000-memory.dmp	UPX
behavioral2/memory/4660-379-0x00007FF6E2560000-0x00007FF6E2956000-memory.dmp	UPX
behavioral2/memory/3028-382-0x00007FF613F30000-0x00007FF614326000-memory.dmp	UPX
behavioral2/memory/1444-383-0x00007FF688790000-0x00007FF688B86000-memory.dmp	UPX
behavioral2/memory/1976-384-0x00007FF7B4750000-0x00007FF7B4B46000-memory.dmp	UPX
behavioral2/memory/3060-386-0x00007FF6D21C0000-0x00007FF6D25B6000-memory.dmp	UPX
behavioral2/memory/3820-395-0x00007FF655700000-0x00007FF655AF6000-memory.dmp	UPX
behavioral2/memory/3352-396-0x00007FF763C70000-0x00007FF764066000-memory.dmp	UPX
behavioral2/memory/3388-397-0x00007FF709070000-0x00007FF709466000-memory.dmp	UPX
behavioral2/memory/1472-398-0x00007FF7EC160000-0x00007FF7EC556000-memory.dmp	UPX
behavioral2/memory/2076-399-0x00007FF7AF100000-0x00007FF7AF4F6000-memory.dmp	UPX
behavioral2/memory/2572-400-0x00007FF759B80000-0x00007FF759F76000-memory.dmp	UPX
behavioral2/memory/4924-401-0x00007FF6CCD90000-0x00007FF6CD186000-memory.dmp	UPX
behavioral2/memory/4304-402-0x00007FF64E8C0000-0x00007FF64ECB6000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3356-0-0x00007FF664250000-0x00007FF664646000-memory.dmp	xmrig
behavioral2/files/0x0009000000023213-5.dat	xmrig
behavioral2/files/0x0008000000023216-10.dat	xmrig
behavioral2/memory/5108-13-0x00007FF61AC00000-0x00007FF61AFF6000-memory.dmp	xmrig
behavioral2/memory/2576-14-0x00007FF61C2C0000-0x00007FF61C6B6000-memory.dmp	xmrig
behavioral2/files/0x000700000002321b-27.dat	xmrig
behavioral2/files/0x000800000002321d-32.dat	xmrig
behavioral2/files/0x000700000002321e-38.dat	xmrig
behavioral2/files/0x0007000000023220-43.dat	xmrig
behavioral2/files/0x0007000000023222-54.dat	xmrig
behavioral2/files/0x0007000000023224-73.dat	xmrig
behavioral2/files/0x0007000000023225-80.dat	xmrig
behavioral2/files/0x0007000000023227-84.dat	xmrig
behavioral2/files/0x0007000000023226-87.dat	xmrig
behavioral2/files/0x000700000002322a-101.dat	xmrig
behavioral2/files/0x000700000002322b-107.dat	xmrig
behavioral2/files/0x000700000002322c-111.dat	xmrig
behavioral2/files/0x000700000002322d-119.dat	xmrig
behavioral2/files/0x0007000000023231-131.dat	xmrig
behavioral2/files/0x0007000000023233-141.dat	xmrig
behavioral2/files/0x0007000000023235-157.dat	xmrig
behavioral2/files/0x000700000002323a-178.dat	xmrig
behavioral2/files/0x000700000002323b-181.dat	xmrig
behavioral2/files/0x0007000000023239-176.dat	xmrig
behavioral2/files/0x0007000000023238-172.dat	xmrig
behavioral2/files/0x0007000000023237-167.dat	xmrig
behavioral2/files/0x0007000000023236-162.dat	xmrig
behavioral2/files/0x0007000000023234-152.dat	xmrig
behavioral2/files/0x0007000000023232-142.dat	xmrig
behavioral2/files/0x0007000000023230-134.dat	xmrig
behavioral2/files/0x000700000002322f-129.dat	xmrig
behavioral2/files/0x000700000002322e-124.dat	xmrig
behavioral2/files/0x0007000000023229-97.dat	xmrig
behavioral2/files/0x0007000000023228-92.dat	xmrig
behavioral2/memory/5028-79-0x00007FF7D2D70000-0x00007FF7D3166000-memory.dmp	xmrig
behavioral2/memory/3276-66-0x00007FF684D60000-0x00007FF685156000-memory.dmp	xmrig
behavioral2/files/0x0007000000023223-61.dat	xmrig
behavioral2/files/0x0007000000023221-60.dat	xmrig
behavioral2/memory/1872-52-0x00007FF74A390000-0x00007FF74A786000-memory.dmp	xmrig
behavioral2/memory/2820-265-0x00007FF7C1610000-0x00007FF7C1A06000-memory.dmp	xmrig
behavioral2/memory/1052-267-0x00007FF757400000-0x00007FF7577F6000-memory.dmp	xmrig
behavioral2/memory/1824-269-0x00007FF64CA90000-0x00007FF64CE86000-memory.dmp	xmrig
behavioral2/memory/4692-276-0x00007FF7C3770000-0x00007FF7C3B66000-memory.dmp	xmrig
behavioral2/memory/3092-286-0x00007FF6E8CF0000-0x00007FF6E90E6000-memory.dmp	xmrig
behavioral2/memory/1580-307-0x00007FF7D1E60000-0x00007FF7D2256000-memory.dmp	xmrig
behavioral2/memory/4368-324-0x00007FF7F7F40000-0x00007FF7F8336000-memory.dmp	xmrig
behavioral2/memory/1104-335-0x00007FF766F40000-0x00007FF767336000-memory.dmp	xmrig
behavioral2/memory/3588-341-0x00007FF7CF710000-0x00007FF7CFB06000-memory.dmp	xmrig
behavioral2/memory/5076-356-0x00007FF749AA0000-0x00007FF749E96000-memory.dmp	xmrig
behavioral2/memory/736-364-0x00007FF6ECFC0000-0x00007FF6ED3B6000-memory.dmp	xmrig
behavioral2/memory/768-369-0x00007FF642E80000-0x00007FF643276000-memory.dmp	xmrig
behavioral2/memory/4660-379-0x00007FF6E2560000-0x00007FF6E2956000-memory.dmp	xmrig
behavioral2/memory/3028-382-0x00007FF613F30000-0x00007FF614326000-memory.dmp	xmrig
behavioral2/memory/1444-383-0x00007FF688790000-0x00007FF688B86000-memory.dmp	xmrig
behavioral2/memory/1976-384-0x00007FF7B4750000-0x00007FF7B4B46000-memory.dmp	xmrig
behavioral2/memory/3060-386-0x00007FF6D21C0000-0x00007FF6D25B6000-memory.dmp	xmrig
behavioral2/memory/3820-395-0x00007FF655700000-0x00007FF655AF6000-memory.dmp	xmrig
behavioral2/memory/3352-396-0x00007FF763C70000-0x00007FF764066000-memory.dmp	xmrig
behavioral2/memory/3388-397-0x00007FF709070000-0x00007FF709466000-memory.dmp	xmrig
behavioral2/memory/1472-398-0x00007FF7EC160000-0x00007FF7EC556000-memory.dmp	xmrig
behavioral2/memory/2076-399-0x00007FF7AF100000-0x00007FF7AF4F6000-memory.dmp	xmrig
behavioral2/memory/2572-400-0x00007FF759B80000-0x00007FF759F76000-memory.dmp	xmrig
behavioral2/memory/4924-401-0x00007FF6CCD90000-0x00007FF6CD186000-memory.dmp	xmrig
behavioral2/memory/4304-402-0x00007FF64E8C0000-0x00007FF64ECB6000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
16	3292	powershell.exe
18	3292	powershell.exe
35	3292	powershell.exe
36	3292	powershell.exe
39	3292	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
5108	GGRzVAR.exe
2576	xQsadIP.exe
1872	ByzxQru.exe
3276	ZHmqKZp.exe
5028	JdbujlG.exe
2820	QOaIEgc.exe
908	MdyDRLy.exe
2096	KaOQYAp.exe
1052	VgdCoxQ.exe
4340	wjrXEki.exe
1824	nRzzLpf.exe
4896	BwUpsIp.exe
4692	MjipaXd.exe
2112	vGjFFQE.exe
3092	HhGTqoq.exe
1348	MXAfBGW.exe
1580	XsMJQze.exe
5036	isFPGXa.exe
4368	HhFlcml.exe
1104	rzaDvBn.exe
3588	GyqFuJp.exe
5076	NdjQsWD.exe
736	ZLzRGXK.exe
2408	MrRGCwQ.exe
768	cyWkFzE.exe
4660	TVTXRQc.exe
3028	uiazbfh.exe
1444	heBvGqI.exe
1976	JdUaOIH.exe
3060	yGSYIZQ.exe
3820	aljbScr.exe
3352	zyUYcNU.exe
3388	zunPPTq.exe
1472	MxtAVyF.exe
2076	tvDvNAb.exe
2572	VVXVwEa.exe
4924	QBrPIyP.exe
4304	STVHjsT.exe
3300	oWCIQVX.exe
2232	NsryBbc.exe
1436	sXZrhHm.exe
752	GCRfjBS.exe
3672	nXLugAc.exe
4452	nqeaOHF.exe
4744	hMswlpf.exe
1592	ucAEWIL.exe
3568	iLVkrPG.exe
4116	fCxvbge.exe
3288	QqghYub.exe
4532	gdaaADG.exe
1792	iXqkkeM.exe
3584	PXXQJJQ.exe
3688	uYWIwNu.exe
4248	etlUgKi.exe
4252	ZRNFNQo.exe
1916	pYVZaCM.exe
1280	JEPWWtI.exe
3416	ehHIMsT.exe
4856	bIMPlAm.exe
1008	VPMoxOq.exe
4928	MqdiDQn.exe
1176	ZluqsHH.exe
3608	ZipbaXD.exe
4688	wbsvLDh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3356-0-0x00007FF664250000-0x00007FF664646000-memory.dmp	upx
behavioral2/files/0x0009000000023213-5.dat	upx
behavioral2/files/0x0008000000023216-10.dat	upx
behavioral2/memory/5108-13-0x00007FF61AC00000-0x00007FF61AFF6000-memory.dmp	upx
behavioral2/memory/2576-14-0x00007FF61C2C0000-0x00007FF61C6B6000-memory.dmp	upx
behavioral2/files/0x000700000002321b-27.dat	upx
behavioral2/files/0x000800000002321d-32.dat	upx
behavioral2/files/0x000700000002321e-38.dat	upx
behavioral2/files/0x0007000000023220-43.dat	upx
behavioral2/files/0x0007000000023222-54.dat	upx
behavioral2/files/0x0007000000023224-73.dat	upx
behavioral2/files/0x0007000000023225-80.dat	upx
behavioral2/files/0x0007000000023227-84.dat	upx
behavioral2/files/0x0007000000023226-87.dat	upx
behavioral2/files/0x000700000002322a-101.dat	upx
behavioral2/files/0x000700000002322b-107.dat	upx
behavioral2/files/0x000700000002322c-111.dat	upx
behavioral2/files/0x000700000002322d-119.dat	upx
behavioral2/files/0x0007000000023231-131.dat	upx
behavioral2/files/0x0007000000023233-141.dat	upx
behavioral2/files/0x0007000000023235-157.dat	upx
behavioral2/files/0x000700000002323a-178.dat	upx
behavioral2/files/0x000700000002323b-181.dat	upx
behavioral2/files/0x0007000000023239-176.dat	upx
behavioral2/files/0x0007000000023238-172.dat	upx
behavioral2/files/0x0007000000023237-167.dat	upx
behavioral2/files/0x0007000000023236-162.dat	upx
behavioral2/files/0x0007000000023234-152.dat	upx
behavioral2/files/0x0007000000023232-142.dat	upx
behavioral2/files/0x0007000000023230-134.dat	upx
behavioral2/files/0x000700000002322f-129.dat	upx
behavioral2/files/0x000700000002322e-124.dat	upx
behavioral2/files/0x0007000000023229-97.dat	upx
behavioral2/files/0x0007000000023228-92.dat	upx
behavioral2/memory/5028-79-0x00007FF7D2D70000-0x00007FF7D3166000-memory.dmp	upx
behavioral2/memory/3276-66-0x00007FF684D60000-0x00007FF685156000-memory.dmp	upx
behavioral2/files/0x0007000000023223-61.dat	upx
behavioral2/files/0x0007000000023221-60.dat	upx
behavioral2/memory/1872-52-0x00007FF74A390000-0x00007FF74A786000-memory.dmp	upx
behavioral2/memory/2820-265-0x00007FF7C1610000-0x00007FF7C1A06000-memory.dmp	upx
behavioral2/memory/1052-267-0x00007FF757400000-0x00007FF7577F6000-memory.dmp	upx
behavioral2/memory/1824-269-0x00007FF64CA90000-0x00007FF64CE86000-memory.dmp	upx
behavioral2/memory/4692-276-0x00007FF7C3770000-0x00007FF7C3B66000-memory.dmp	upx
behavioral2/memory/3092-286-0x00007FF6E8CF0000-0x00007FF6E90E6000-memory.dmp	upx
behavioral2/memory/1580-307-0x00007FF7D1E60000-0x00007FF7D2256000-memory.dmp	upx
behavioral2/memory/4368-324-0x00007FF7F7F40000-0x00007FF7F8336000-memory.dmp	upx
behavioral2/memory/1104-335-0x00007FF766F40000-0x00007FF767336000-memory.dmp	upx
behavioral2/memory/3588-341-0x00007FF7CF710000-0x00007FF7CFB06000-memory.dmp	upx
behavioral2/memory/5076-356-0x00007FF749AA0000-0x00007FF749E96000-memory.dmp	upx
behavioral2/memory/736-364-0x00007FF6ECFC0000-0x00007FF6ED3B6000-memory.dmp	upx
behavioral2/memory/768-369-0x00007FF642E80000-0x00007FF643276000-memory.dmp	upx
behavioral2/memory/4660-379-0x00007FF6E2560000-0x00007FF6E2956000-memory.dmp	upx
behavioral2/memory/3028-382-0x00007FF613F30000-0x00007FF614326000-memory.dmp	upx
behavioral2/memory/1444-383-0x00007FF688790000-0x00007FF688B86000-memory.dmp	upx
behavioral2/memory/1976-384-0x00007FF7B4750000-0x00007FF7B4B46000-memory.dmp	upx
behavioral2/memory/3060-386-0x00007FF6D21C0000-0x00007FF6D25B6000-memory.dmp	upx
behavioral2/memory/3820-395-0x00007FF655700000-0x00007FF655AF6000-memory.dmp	upx
behavioral2/memory/3352-396-0x00007FF763C70000-0x00007FF764066000-memory.dmp	upx
behavioral2/memory/3388-397-0x00007FF709070000-0x00007FF709466000-memory.dmp	upx
behavioral2/memory/1472-398-0x00007FF7EC160000-0x00007FF7EC556000-memory.dmp	upx
behavioral2/memory/2076-399-0x00007FF7AF100000-0x00007FF7AF4F6000-memory.dmp	upx
behavioral2/memory/2572-400-0x00007FF759B80000-0x00007FF759F76000-memory.dmp	upx
behavioral2/memory/4924-401-0x00007FF6CCD90000-0x00007FF6CD186000-memory.dmp	upx
behavioral2/memory/4304-402-0x00007FF64E8C0000-0x00007FF64ECB6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
16	raw.githubusercontent.com
15	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JdbujlG.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\MnLDRMz.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\iHwnUYU.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\wjrXEki.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\oHFaJZV.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\anjYMqE.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\hFrNoLV.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\IxaVaaX.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\OOXjDjb.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\wfCVNdX.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\zRmVCCk.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\NvCpmzW.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\qYXxbmf.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\oCmipwM.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\xfZmpTU.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\TyrMMML.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\HkvpbJH.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\KlPYGkQ.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\Njrsxxy.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\nRzzLpf.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\ipNJGiA.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\yBXCmrI.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\BEuKRQT.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\TgVFOPk.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\ePHwVmG.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\WGDHSLn.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\yverDgS.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\SorPYKC.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\cMYBDoN.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\bIMPlAm.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\BjNCIuj.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\iPPYEJi.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\vWOHLzr.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\uzzLDPE.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\vKCLbmN.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\LcWwxEP.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\MtTBPfl.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\wFyqKPZ.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\UiYjxRy.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\gJqYwEl.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\QgMEvst.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\FSjVZdY.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\CencCeL.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\XqQNhLO.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\fNoRGRT.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\klaFnfh.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\FWkOcND.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\MdyDRLy.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\heBvGqI.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\xLmAXQn.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\asNqSSF.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\ersUCzS.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\GrfeMcM.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\QHOSNyx.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\SIttRDK.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\TmpVuKN.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\MjipaXd.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\MpPNjcc.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\lKxpXDS.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\PLXZXDo.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\HACHatb.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\Bgxhknz.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\DjyiBZR.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
File created	C:\Windows\System\SofNlTq.exe	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3292	powershell.exe
3292	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
Token: SeDebugPrivilege	3292	powershell.exe
Token: SeLockMemoryPrivilege	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 3292	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	84
PID 3356 wrote to memory of 3292	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	84
PID 3356 wrote to memory of 5108	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	85
PID 3356 wrote to memory of 5108	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	85
PID 3356 wrote to memory of 2576	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	86
PID 3356 wrote to memory of 2576	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	86
PID 3356 wrote to memory of 1872	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	87
PID 3356 wrote to memory of 1872	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	87
PID 3356 wrote to memory of 3276	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	88
PID 3356 wrote to memory of 3276	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	88
PID 3356 wrote to memory of 5028	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	89
PID 3356 wrote to memory of 5028	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	89
PID 3356 wrote to memory of 2820	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	90
PID 3356 wrote to memory of 2820	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	90
PID 3356 wrote to memory of 908	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	91
PID 3356 wrote to memory of 908	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	91
PID 3356 wrote to memory of 2096	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	92
PID 3356 wrote to memory of 2096	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	92
PID 3356 wrote to memory of 1052	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	93
PID 3356 wrote to memory of 1052	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	93
PID 3356 wrote to memory of 4340	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	94
PID 3356 wrote to memory of 4340	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	94
PID 3356 wrote to memory of 1824	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	95
PID 3356 wrote to memory of 1824	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	95
PID 3356 wrote to memory of 4896	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	96
PID 3356 wrote to memory of 4896	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	96
PID 3356 wrote to memory of 4692	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	97
PID 3356 wrote to memory of 4692	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	97
PID 3356 wrote to memory of 2112	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	98
PID 3356 wrote to memory of 2112	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	98
PID 3356 wrote to memory of 3092	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	99
PID 3356 wrote to memory of 3092	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	99
PID 3356 wrote to memory of 1348	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	100
PID 3356 wrote to memory of 1348	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	100
PID 3356 wrote to memory of 1580	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	101
PID 3356 wrote to memory of 1580	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	101
PID 3356 wrote to memory of 5036	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	102
PID 3356 wrote to memory of 5036	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	102
PID 3356 wrote to memory of 4368	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	103
PID 3356 wrote to memory of 4368	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	103
PID 3356 wrote to memory of 1104	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	104
PID 3356 wrote to memory of 1104	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	104
PID 3356 wrote to memory of 3588	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	105
PID 3356 wrote to memory of 3588	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	105
PID 3356 wrote to memory of 5076	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	106
PID 3356 wrote to memory of 5076	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	106
PID 3356 wrote to memory of 736	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	107
PID 3356 wrote to memory of 736	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	107
PID 3356 wrote to memory of 2408	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	108
PID 3356 wrote to memory of 2408	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	108
PID 3356 wrote to memory of 768	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	109
PID 3356 wrote to memory of 768	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	109
PID 3356 wrote to memory of 4660	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	110
PID 3356 wrote to memory of 4660	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	110
PID 3356 wrote to memory of 3028	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	111
PID 3356 wrote to memory of 3028	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	111
PID 3356 wrote to memory of 1444	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	112
PID 3356 wrote to memory of 1444	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	112
PID 3356 wrote to memory of 1976	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	113
PID 3356 wrote to memory of 1976	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	113
PID 3356 wrote to memory of 3060	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	114
PID 3356 wrote to memory of 3060	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	114
PID 3356 wrote to memory of 3820	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	115
PID 3356 wrote to memory of 3820	3356	ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe	115

C:\Users\Admin\AppData\Local\Temp\ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe
"C:\Users\Admin\AppData\Local\Temp\ee1b71d189c2f42dd82fc3ba4329ff8c83e1e6cc5e58f5dc7b8db79d07b5b77a.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3292
- C:\Windows\System\GGRzVAR.exe
  C:\Windows\System\GGRzVAR.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\xQsadIP.exe
  C:\Windows\System\xQsadIP.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ByzxQru.exe
  C:\Windows\System\ByzxQru.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\ZHmqKZp.exe
  C:\Windows\System\ZHmqKZp.exe
  2⤵
  - Executes dropped EXE
  PID:3276
- C:\Windows\System\JdbujlG.exe
  C:\Windows\System\JdbujlG.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\QOaIEgc.exe
  C:\Windows\System\QOaIEgc.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\MdyDRLy.exe
  C:\Windows\System\MdyDRLy.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\KaOQYAp.exe
  C:\Windows\System\KaOQYAp.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\VgdCoxQ.exe
  C:\Windows\System\VgdCoxQ.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\wjrXEki.exe
  C:\Windows\System\wjrXEki.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\nRzzLpf.exe
  C:\Windows\System\nRzzLpf.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\BwUpsIp.exe
  C:\Windows\System\BwUpsIp.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\MjipaXd.exe
  C:\Windows\System\MjipaXd.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\vGjFFQE.exe
  C:\Windows\System\vGjFFQE.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\HhGTqoq.exe
  C:\Windows\System\HhGTqoq.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\MXAfBGW.exe
  C:\Windows\System\MXAfBGW.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\XsMJQze.exe
  C:\Windows\System\XsMJQze.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\isFPGXa.exe
  C:\Windows\System\isFPGXa.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\HhFlcml.exe
  C:\Windows\System\HhFlcml.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\rzaDvBn.exe
  C:\Windows\System\rzaDvBn.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\GyqFuJp.exe
  C:\Windows\System\GyqFuJp.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\NdjQsWD.exe
  C:\Windows\System\NdjQsWD.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\ZLzRGXK.exe
  C:\Windows\System\ZLzRGXK.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\MrRGCwQ.exe
  C:\Windows\System\MrRGCwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\cyWkFzE.exe
  C:\Windows\System\cyWkFzE.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\TVTXRQc.exe
  C:\Windows\System\TVTXRQc.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\uiazbfh.exe
  C:\Windows\System\uiazbfh.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\heBvGqI.exe
  C:\Windows\System\heBvGqI.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\JdUaOIH.exe
  C:\Windows\System\JdUaOIH.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\yGSYIZQ.exe
  C:\Windows\System\yGSYIZQ.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\aljbScr.exe
  C:\Windows\System\aljbScr.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\zyUYcNU.exe
  C:\Windows\System\zyUYcNU.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\zunPPTq.exe
  C:\Windows\System\zunPPTq.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\MxtAVyF.exe
  C:\Windows\System\MxtAVyF.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\tvDvNAb.exe
  C:\Windows\System\tvDvNAb.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\VVXVwEa.exe
  C:\Windows\System\VVXVwEa.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\QBrPIyP.exe
  C:\Windows\System\QBrPIyP.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\STVHjsT.exe
  C:\Windows\System\STVHjsT.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\oWCIQVX.exe
  C:\Windows\System\oWCIQVX.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\NsryBbc.exe
  C:\Windows\System\NsryBbc.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\sXZrhHm.exe
  C:\Windows\System\sXZrhHm.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\GCRfjBS.exe
  C:\Windows\System\GCRfjBS.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\nXLugAc.exe
  C:\Windows\System\nXLugAc.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\nqeaOHF.exe
  C:\Windows\System\nqeaOHF.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\hMswlpf.exe
  C:\Windows\System\hMswlpf.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\ucAEWIL.exe
  C:\Windows\System\ucAEWIL.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\iLVkrPG.exe
  C:\Windows\System\iLVkrPG.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\fCxvbge.exe
  C:\Windows\System\fCxvbge.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\QqghYub.exe
  C:\Windows\System\QqghYub.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\gdaaADG.exe
  C:\Windows\System\gdaaADG.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\iXqkkeM.exe
  C:\Windows\System\iXqkkeM.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\PXXQJJQ.exe
  C:\Windows\System\PXXQJJQ.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\uYWIwNu.exe
  C:\Windows\System\uYWIwNu.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\etlUgKi.exe
  C:\Windows\System\etlUgKi.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\ZRNFNQo.exe
  C:\Windows\System\ZRNFNQo.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\pYVZaCM.exe
  C:\Windows\System\pYVZaCM.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\JEPWWtI.exe
  C:\Windows\System\JEPWWtI.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\ehHIMsT.exe
  C:\Windows\System\ehHIMsT.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\bIMPlAm.exe
  C:\Windows\System\bIMPlAm.exe
  2⤵
  - Executes dropped EXE
  PID:4856
- C:\Windows\System\VPMoxOq.exe
  C:\Windows\System\VPMoxOq.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\MqdiDQn.exe
  C:\Windows\System\MqdiDQn.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\ZluqsHH.exe
  C:\Windows\System\ZluqsHH.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\ZipbaXD.exe
  C:\Windows\System\ZipbaXD.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\wbsvLDh.exe
  C:\Windows\System\wbsvLDh.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\PLXZXDo.exe
  C:\Windows\System\PLXZXDo.exe
  2⤵
  PID:4144
- C:\Windows\System\iXaYSlT.exe
  C:\Windows\System\iXaYSlT.exe
  2⤵
  PID:4872
- C:\Windows\System\feczfHo.exe
  C:\Windows\System\feczfHo.exe
  2⤵
  PID:4740
- C:\Windows\System\sPyaYtO.exe
  C:\Windows\System\sPyaYtO.exe
  2⤵
  PID:1308
- C:\Windows\System\TeCiFrN.exe
  C:\Windows\System\TeCiFrN.exe
  2⤵
  PID:3952
- C:\Windows\System\vOaBjyW.exe
  C:\Windows\System\vOaBjyW.exe
  2⤵
  PID:2276
- C:\Windows\System\zzCNRUX.exe
  C:\Windows\System\zzCNRUX.exe
  2⤵
  PID:5080
- C:\Windows\System\zRmVCCk.exe
  C:\Windows\System\zRmVCCk.exe
  2⤵
  PID:1848
- C:\Windows\System\bYEvlGy.exe
  C:\Windows\System\bYEvlGy.exe
  2⤵
  PID:4324
- C:\Windows\System\Acsmsxr.exe
  C:\Windows\System\Acsmsxr.exe
  2⤵
  PID:4424
- C:\Windows\System\YgyrNqs.exe
  C:\Windows\System\YgyrNqs.exe
  2⤵
  PID:2656
- C:\Windows\System\IFlrhTY.exe
  C:\Windows\System\IFlrhTY.exe
  2⤵
  PID:1620
- C:\Windows\System\TPjJNRJ.exe
  C:\Windows\System\TPjJNRJ.exe
  2⤵
  PID:4492
- C:\Windows\System\ZQriKDD.exe
  C:\Windows\System\ZQriKDD.exe
  2⤵
  PID:3176
- C:\Windows\System\kBVAwtA.exe
  C:\Windows\System\kBVAwtA.exe
  2⤵
  PID:4188
- C:\Windows\System\GLHvnAP.exe
  C:\Windows\System\GLHvnAP.exe
  2⤵
  PID:1564
- C:\Windows\System\unstEpj.exe
  C:\Windows\System\unstEpj.exe
  2⤵
  PID:3140
- C:\Windows\System\iJOhJPL.exe
  C:\Windows\System\iJOhJPL.exe
  2⤵
  PID:3016
- C:\Windows\System\uoyIHmB.exe
  C:\Windows\System\uoyIHmB.exe
  2⤵
  PID:3240
- C:\Windows\System\NyYZvlk.exe
  C:\Windows\System\NyYZvlk.exe
  2⤵
  PID:1640
- C:\Windows\System\SQHfYEv.exe
  C:\Windows\System\SQHfYEv.exe
  2⤵
  PID:2968
- C:\Windows\System\BfGgBKf.exe
  C:\Windows\System\BfGgBKf.exe
  2⤵
  PID:4132
- C:\Windows\System\WpLoDPq.exe
  C:\Windows\System\WpLoDPq.exe
  2⤵
  PID:2252
- C:\Windows\System\gkqGKtD.exe
  C:\Windows\System\gkqGKtD.exe
  2⤵
  PID:464
- C:\Windows\System\gqtppfI.exe
  C:\Windows\System\gqtppfI.exe
  2⤵
  PID:5112
- C:\Windows\System\HhmqsMJ.exe
  C:\Windows\System\HhmqsMJ.exe
  2⤵
  PID:2144
- C:\Windows\System\jsIPMsT.exe
  C:\Windows\System\jsIPMsT.exe
  2⤵
  PID:2064
- C:\Windows\System\GxWpfMG.exe
  C:\Windows\System\GxWpfMG.exe
  2⤵
  PID:948
- C:\Windows\System\ADKemRE.exe
  C:\Windows\System\ADKemRE.exe
  2⤵
  PID:2504
- C:\Windows\System\ePHwVmG.exe
  C:\Windows\System\ePHwVmG.exe
  2⤵
  PID:4996
- C:\Windows\System\ozOabDz.exe
  C:\Windows\System\ozOabDz.exe
  2⤵
  PID:1220
- C:\Windows\System\fzMbnNA.exe
  C:\Windows\System\fzMbnNA.exe
  2⤵
  PID:4676
- C:\Windows\System\oYFkltW.exe
  C:\Windows\System\oYFkltW.exe
  2⤵
  PID:2060
- C:\Windows\System\uusfYGw.exe
  C:\Windows\System\uusfYGw.exe
  2⤵
  PID:5156
- C:\Windows\System\HNWVyPL.exe
  C:\Windows\System\HNWVyPL.exe
  2⤵
  PID:5456
- C:\Windows\System\AuLFrCE.exe
  C:\Windows\System\AuLFrCE.exe
  2⤵
  PID:5476
- C:\Windows\System\oHFaJZV.exe
  C:\Windows\System\oHFaJZV.exe
  2⤵
  PID:5492
- C:\Windows\System\dpVdWYS.exe
  C:\Windows\System\dpVdWYS.exe
  2⤵
  PID:5512
- C:\Windows\System\cEcgPqX.exe
  C:\Windows\System\cEcgPqX.exe
  2⤵
  PID:5560
- C:\Windows\System\SVHPJZm.exe
  C:\Windows\System\SVHPJZm.exe
  2⤵
  PID:5756
- C:\Windows\System\XnXmYEr.exe
  C:\Windows\System\XnXmYEr.exe
  2⤵
  PID:5804
- C:\Windows\System\xAlcjQD.exe
  C:\Windows\System\xAlcjQD.exe
  2⤵
  PID:5824
- C:\Windows\System\TmpVuKN.exe
  C:\Windows\System\TmpVuKN.exe
  2⤵
  PID:5840
- C:\Windows\System\EqtWOaf.exe
  C:\Windows\System\EqtWOaf.exe
  2⤵
  PID:5864
- C:\Windows\System\NvCpmzW.exe
  C:\Windows\System\NvCpmzW.exe
  2⤵
  PID:5880
- C:\Windows\System\GGaWyDZ.exe
  C:\Windows\System\GGaWyDZ.exe
  2⤵
  PID:5896
- C:\Windows\System\bhZVNah.exe
  C:\Windows\System\bhZVNah.exe
  2⤵
  PID:5912
- C:\Windows\System\MnLDRMz.exe
  C:\Windows\System\MnLDRMz.exe
  2⤵
  PID:5936
- C:\Windows\System\aqNBRqF.exe
  C:\Windows\System\aqNBRqF.exe
  2⤵
  PID:5968
- C:\Windows\System\dZLcpGU.exe
  C:\Windows\System\dZLcpGU.exe
  2⤵
  PID:6008
- C:\Windows\System\mdQodOu.exe
  C:\Windows\System\mdQodOu.exe
  2⤵
  PID:6052
- C:\Windows\System\tUcFpDa.exe
  C:\Windows\System\tUcFpDa.exe
  2⤵
  PID:6076
- C:\Windows\System\wbVRaKb.exe
  C:\Windows\System\wbVRaKb.exe
  2⤵
  PID:6128
- C:\Windows\System\KQIgHxO.exe
  C:\Windows\System\KQIgHxO.exe
  2⤵
  PID:5148
- C:\Windows\System\jeDGQVv.exe
  C:\Windows\System\jeDGQVv.exe
  2⤵
  PID:2120
- C:\Windows\System\SEjNIeF.exe
  C:\Windows\System\SEjNIeF.exe
  2⤵
  PID:5360
- C:\Windows\System\ePotyxX.exe
  C:\Windows\System\ePotyxX.exe
  2⤵
  PID:4120
- C:\Windows\System\RJBGbON.exe
  C:\Windows\System\RJBGbON.exe
  2⤵
  PID:5412
- C:\Windows\System\HrOCxmc.exe
  C:\Windows\System\HrOCxmc.exe
  2⤵
  PID:5468
- C:\Windows\System\TyrMMML.exe
  C:\Windows\System\TyrMMML.exe
  2⤵
  PID:5008
- C:\Windows\System\QPVjRdC.exe
  C:\Windows\System\QPVjRdC.exe
  2⤵
  PID:5524
- C:\Windows\System\mpIYPOg.exe
  C:\Windows\System\mpIYPOg.exe
  2⤵
  PID:1232
- C:\Windows\System\mKkXPQf.exe
  C:\Windows\System\mKkXPQf.exe
  2⤵
  PID:5628
- C:\Windows\System\PMPlacR.exe
  C:\Windows\System\PMPlacR.exe
  2⤵
  PID:1156
- C:\Windows\System\gClttTh.exe
  C:\Windows\System\gClttTh.exe
  2⤵
  PID:5136
- C:\Windows\System\MfngfVk.exe
  C:\Windows\System\MfngfVk.exe
  2⤵
  PID:5212
- C:\Windows\System\maYyuFF.exe
  C:\Windows\System\maYyuFF.exe
  2⤵
  PID:5252
- C:\Windows\System\LNmGgdq.exe
  C:\Windows\System\LNmGgdq.exe
  2⤵
  PID:5272
- C:\Windows\System\SAMrKEI.exe
  C:\Windows\System\SAMrKEI.exe
  2⤵
  PID:64
- C:\Windows\System\CUSXnUW.exe
  C:\Windows\System\CUSXnUW.exe
  2⤵
  PID:3132
- C:\Windows\System\wtmYDBL.exe
  C:\Windows\System\wtmYDBL.exe
  2⤵
  PID:4048
- C:\Windows\System\ZIXPXQA.exe
  C:\Windows\System\ZIXPXQA.exe
  2⤵
  PID:5700
- C:\Windows\System\IjwsHgR.exe
  C:\Windows\System\IjwsHgR.exe
  2⤵
  PID:4940
- C:\Windows\System\RFAagBb.exe
  C:\Windows\System\RFAagBb.exe
  2⤵
  PID:5044
- C:\Windows\System\PkYcees.exe
  C:\Windows\System\PkYcees.exe
  2⤵
  PID:5684
- C:\Windows\System\eAmpbCd.exe
  C:\Windows\System\eAmpbCd.exe
  2⤵
  PID:5788
- C:\Windows\System\QElYHLe.exe
  C:\Windows\System\QElYHLe.exe
  2⤵
  PID:740
- C:\Windows\System\vhMekKV.exe
  C:\Windows\System\vhMekKV.exe
  2⤵
  PID:2324
- C:\Windows\System\TkUVXKY.exe
  C:\Windows\System\TkUVXKY.exe
  2⤵
  PID:5832
- C:\Windows\System\hkIRMFj.exe
  C:\Windows\System\hkIRMFj.exe
  2⤵
  PID:1488
- C:\Windows\System\gMlomzO.exe
  C:\Windows\System\gMlomzO.exe
  2⤵
  PID:5964
- C:\Windows\System\IDwwXlz.exe
  C:\Windows\System\IDwwXlz.exe
  2⤵
  PID:6048
- C:\Windows\System\zlxYudU.exe
  C:\Windows\System\zlxYudU.exe
  2⤵
  PID:6124
- C:\Windows\System\WwFqTBS.exe
  C:\Windows\System\WwFqTBS.exe
  2⤵
  PID:5336
- C:\Windows\System\LEhXGeo.exe
  C:\Windows\System\LEhXGeo.exe
  2⤵
  PID:5404
- C:\Windows\System\MjBUQDw.exe
  C:\Windows\System\MjBUQDw.exe
  2⤵
  PID:4804
- C:\Windows\System\hlvOhgh.exe
  C:\Windows\System\hlvOhgh.exe
  2⤵
  PID:2292
- C:\Windows\System\ytwneZH.exe
  C:\Windows\System\ytwneZH.exe
  2⤵
  PID:5668
- C:\Windows\System\DbNSbHK.exe
  C:\Windows\System\DbNSbHK.exe
  2⤵
  PID:3800
- C:\Windows\System\tCUTOgW.exe
  C:\Windows\System\tCUTOgW.exe
  2⤵
  PID:1720
- C:\Windows\System\SHUNMbp.exe
  C:\Windows\System\SHUNMbp.exe
  2⤵
  PID:5260
- C:\Windows\System\FPbiVml.exe
  C:\Windows\System\FPbiVml.exe
  2⤵
  PID:3384
- C:\Windows\System\EOygiht.exe
  C:\Windows\System\EOygiht.exe
  2⤵
  PID:3420
- C:\Windows\System\NPvRTdW.exe
  C:\Windows\System\NPvRTdW.exe
  2⤵
  PID:5812
- C:\Windows\System\kAgKenZ.exe
  C:\Windows\System\kAgKenZ.exe
  2⤵
  PID:704
- C:\Windows\System\gxRopro.exe
  C:\Windows\System\gxRopro.exe
  2⤵
  PID:5732
- C:\Windows\System\tdzkrXk.exe
  C:\Windows\System\tdzkrXk.exe
  2⤵
  PID:2208
- C:\Windows\System\AoODGBT.exe
  C:\Windows\System\AoODGBT.exe
  2⤵
  PID:5872
- C:\Windows\System\HkvpbJH.exe
  C:\Windows\System\HkvpbJH.exe
  2⤵
  PID:5568
- C:\Windows\System\mhcprxw.exe
  C:\Windows\System\mhcprxw.exe
  2⤵
  PID:5644
- C:\Windows\System\RKSyObw.exe
  C:\Windows\System\RKSyObw.exe
  2⤵
  PID:6108
- C:\Windows\System\LYNeixv.exe
  C:\Windows\System\LYNeixv.exe
  2⤵
  PID:2000
- C:\Windows\System\jBiobAa.exe
  C:\Windows\System\jBiobAa.exe
  2⤵
  PID:6000
- C:\Windows\System\BjNCIuj.exe
  C:\Windows\System\BjNCIuj.exe
  2⤵
  PID:6188
- C:\Windows\System\mFcxsKu.exe
  C:\Windows\System\mFcxsKu.exe
  2⤵
  PID:6224
- C:\Windows\System\NtLPGJH.exe
  C:\Windows\System\NtLPGJH.exe
  2⤵
  PID:6272
- C:\Windows\System\QyKhGnG.exe
  C:\Windows\System\QyKhGnG.exe
  2⤵
  PID:6376
- C:\Windows\System\QhdhqaP.exe
  C:\Windows\System\QhdhqaP.exe
  2⤵
  PID:6432
- C:\Windows\System\yGdsRch.exe
  C:\Windows\System\yGdsRch.exe
  2⤵
  PID:6456
- C:\Windows\System\hqYlSLZ.exe
  C:\Windows\System\hqYlSLZ.exe
  2⤵
  PID:6492
- C:\Windows\System\iyQdFOO.exe
  C:\Windows\System\iyQdFOO.exe
  2⤵
  PID:6520
- C:\Windows\System\BgnjGCg.exe
  C:\Windows\System\BgnjGCg.exe
  2⤵
  PID:6556
- C:\Windows\System\LoOkDCF.exe
  C:\Windows\System\LoOkDCF.exe
  2⤵
  PID:6576
- C:\Windows\System\fJbMxgv.exe
  C:\Windows\System\fJbMxgv.exe
  2⤵
  PID:6656
- C:\Windows\System\oQVNdoM.exe
  C:\Windows\System\oQVNdoM.exe
  2⤵
  PID:6748
- C:\Windows\System\xDqiiiu.exe
  C:\Windows\System\xDqiiiu.exe
  2⤵
  PID:6872
- C:\Windows\System\cfGAHmF.exe
  C:\Windows\System\cfGAHmF.exe
  2⤵
  PID:6948
- C:\Windows\System\kZDsycA.exe
  C:\Windows\System\kZDsycA.exe
  2⤵
  PID:6976
- C:\Windows\System\UdFaBOo.exe
  C:\Windows\System\UdFaBOo.exe
  2⤵
  PID:7004
- C:\Windows\System\EYOAkiX.exe
  C:\Windows\System\EYOAkiX.exe
  2⤵
  PID:7080
- C:\Windows\System\bkuEKOc.exe
  C:\Windows\System\bkuEKOc.exe
  2⤵
  PID:7124
- C:\Windows\System\SeSlwWu.exe
  C:\Windows\System\SeSlwWu.exe
  2⤵
  PID:7164
- C:\Windows\System\EapfEDm.exe
  C:\Windows\System\EapfEDm.exe
  2⤵
  PID:1404
- C:\Windows\System\IHSYpnK.exe
  C:\Windows\System\IHSYpnK.exe
  2⤵
  PID:5996
- C:\Windows\System\QgSpaot.exe
  C:\Windows\System\QgSpaot.exe
  2⤵
  PID:6236
- C:\Windows\System\PMvCMML.exe
  C:\Windows\System\PMvCMML.exe
  2⤵
  PID:6312
- C:\Windows\System\SYWmKGK.exe
  C:\Windows\System\SYWmKGK.exe
  2⤵
  PID:6340
- C:\Windows\System\mWYcoEl.exe
  C:\Windows\System\mWYcoEl.exe
  2⤵
  PID:6384
- C:\Windows\System\xlruMsY.exe
  C:\Windows\System\xlruMsY.exe
  2⤵
  PID:6468
- C:\Windows\System\LrSxXvR.exe
  C:\Windows\System\LrSxXvR.exe
  2⤵
  PID:6420
- C:\Windows\System\LTajAmL.exe
  C:\Windows\System\LTajAmL.exe
  2⤵
  PID:6452
- C:\Windows\System\MKPWQCX.exe
  C:\Windows\System\MKPWQCX.exe
  2⤵
  PID:6608
- C:\Windows\System\KPUeNPG.exe
  C:\Windows\System\KPUeNPG.exe
  2⤵
  PID:6724
- C:\Windows\System\DhKfTDg.exe
  C:\Windows\System\DhKfTDg.exe
  2⤵
  PID:6824
- C:\Windows\System\phfiZYA.exe
  C:\Windows\System\phfiZYA.exe
  2⤵
  PID:6792
- C:\Windows\System\Aciasgf.exe
  C:\Windows\System\Aciasgf.exe
  2⤵
  PID:6940
- C:\Windows\System\BdTJZeL.exe
  C:\Windows\System\BdTJZeL.exe
  2⤵
  PID:6836
- C:\Windows\System\QDRYmjc.exe
  C:\Windows\System\QDRYmjc.exe
  2⤵
  PID:7052
- C:\Windows\System\GYcHiJl.exe
  C:\Windows\System\GYcHiJl.exe
  2⤵
  PID:6984
- C:\Windows\System\jGkjauk.exe
  C:\Windows\System\jGkjauk.exe
  2⤵
  PID:7076
- C:\Windows\System\qBinYOD.exe
  C:\Windows\System\qBinYOD.exe
  2⤵
  PID:7152
- C:\Windows\System\npMSvSY.exe
  C:\Windows\System\npMSvSY.exe
  2⤵
  PID:5384
- C:\Windows\System\OSQxjMi.exe
  C:\Windows\System\OSQxjMi.exe
  2⤵
  PID:7096
- C:\Windows\System\NVotlNI.exe
  C:\Windows\System\NVotlNI.exe
  2⤵
  PID:7116
- C:\Windows\System\NAOYUNn.exe
  C:\Windows\System\NAOYUNn.exe
  2⤵
  PID:6180
- C:\Windows\System\myEUdis.exe
  C:\Windows\System\myEUdis.exe
  2⤵
  PID:6516
- C:\Windows\System\laHXzvI.exe
  C:\Windows\System\laHXzvI.exe
  2⤵
  PID:6332
- C:\Windows\System\SJbelyL.exe
  C:\Windows\System\SJbelyL.exe
  2⤵
  PID:6504
- C:\Windows\System\ZYZImHS.exe
  C:\Windows\System\ZYZImHS.exe
  2⤵
  PID:6536
- C:\Windows\System\OKpUQcX.exe
  C:\Windows\System\OKpUQcX.exe
  2⤵
  PID:6508
- C:\Windows\System\oYrIkel.exe
  C:\Windows\System\oYrIkel.exe
  2⤵
  PID:6688
- C:\Windows\System\oLZSwom.exe
  C:\Windows\System\oLZSwom.exe
  2⤵
  PID:6760
- C:\Windows\System\JwQumxi.exe
  C:\Windows\System\JwQumxi.exe
  2⤵
  PID:6816
- C:\Windows\System\IPMJvuo.exe
  C:\Windows\System\IPMJvuo.exe
  2⤵
  PID:6840
- C:\Windows\System\CencCeL.exe
  C:\Windows\System\CencCeL.exe
  2⤵
  PID:6920
- C:\Windows\System\Qwkolur.exe
  C:\Windows\System\Qwkolur.exe
  2⤵
  PID:6968
- C:\Windows\System\lZQbNze.exe
  C:\Windows\System\lZQbNze.exe
  2⤵
  PID:6936
- C:\Windows\System\MpPNjcc.exe
  C:\Windows\System\MpPNjcc.exe
  2⤵
  PID:7048
- C:\Windows\System\MAKBJfU.exe
  C:\Windows\System\MAKBJfU.exe
  2⤵
  PID:7024
- C:\Windows\System\uAZuHBI.exe
  C:\Windows\System\uAZuHBI.exe
  2⤵
  PID:7148
- C:\Windows\System\IRFZLZd.exe
  C:\Windows\System\IRFZLZd.exe
  2⤵
  PID:2460
- C:\Windows\System\EruhEXO.exe
  C:\Windows\System\EruhEXO.exe
  2⤵
  PID:5100
- C:\Windows\System\MjWTmVr.exe
  C:\Windows\System\MjWTmVr.exe
  2⤵
  PID:5852
- C:\Windows\System\bwEtnUq.exe
  C:\Windows\System\bwEtnUq.exe
  2⤵
  PID:2080
- C:\Windows\System\sVBHxvf.exe
  C:\Windows\System\sVBHxvf.exe
  2⤵
  PID:3180
- C:\Windows\System\oDtHvHy.exe
  C:\Windows\System\oDtHvHy.exe
  2⤵
  PID:6696
- C:\Windows\System\iFIsVfb.exe
  C:\Windows\System\iFIsVfb.exe
  2⤵
  PID:6972
- C:\Windows\System\gtRLeBR.exe
  C:\Windows\System\gtRLeBR.exe
  2⤵
  PID:7144
- C:\Windows\System\kyZfCAW.exe
  C:\Windows\System\kyZfCAW.exe
  2⤵
  PID:4752
- C:\Windows\System\OAckYkk.exe
  C:\Windows\System\OAckYkk.exe
  2⤵
  PID:5380
- C:\Windows\System\qGlvGXT.exe
  C:\Windows\System\qGlvGXT.exe
  2⤵
  PID:6168
- C:\Windows\System\inkBkDp.exe
  C:\Windows\System\inkBkDp.exe
  2⤵
  PID:836
- C:\Windows\System\MtTBPfl.exe
  C:\Windows\System\MtTBPfl.exe
  2⤵
  PID:6172
- C:\Windows\System\DdzPsrU.exe
  C:\Windows\System\DdzPsrU.exe
  2⤵
  PID:4592
- C:\Windows\System\MBwVOmR.exe
  C:\Windows\System\MBwVOmR.exe
  2⤵
  PID:4320
- C:\Windows\System\wFyqKPZ.exe
  C:\Windows\System\wFyqKPZ.exe
  2⤵
  PID:2264
- C:\Windows\System\sGHjqzX.exe
  C:\Windows\System\sGHjqzX.exe
  2⤵
  PID:220
- C:\Windows\System\qGkRQEu.exe
  C:\Windows\System\qGkRQEu.exe
  2⤵
  PID:3084
- C:\Windows\System\iPPYEJi.exe
  C:\Windows\System\iPPYEJi.exe
  2⤵
  PID:3152
- C:\Windows\System\JJYfshX.exe
  C:\Windows\System\JJYfshX.exe
  2⤵
  PID:4556
- C:\Windows\System\xLmAXQn.exe
  C:\Windows\System\xLmAXQn.exe
  2⤵
  PID:6740
- C:\Windows\System\eVWUDMh.exe
  C:\Windows\System\eVWUDMh.exe
  2⤵
  PID:2716
- C:\Windows\System\MQAZujL.exe
  C:\Windows\System\MQAZujL.exe
  2⤵
  PID:3752
- C:\Windows\System\XIYTcTZ.exe
  C:\Windows\System\XIYTcTZ.exe
  2⤵
  PID:3376
- C:\Windows\System\GrfeMcM.exe
  C:\Windows\System\GrfeMcM.exe
  2⤵
  PID:1992
- C:\Windows\System\LQVathw.exe
  C:\Windows\System\LQVathw.exe
  2⤵
  PID:3532
- C:\Windows\System\ideFrHE.exe
  C:\Windows\System\ideFrHE.exe
  2⤵
  PID:4428
- C:\Windows\System\ZDCTjDC.exe
  C:\Windows\System\ZDCTjDC.exe
  2⤵
  PID:3508
- C:\Windows\System\ipNJGiA.exe
  C:\Windows\System\ipNJGiA.exe
  2⤵
  PID:2756
- C:\Windows\System\bOFMaIk.exe
  C:\Windows\System\bOFMaIk.exe
  2⤵
  PID:6736
- C:\Windows\System\RAFBixP.exe
  C:\Windows\System\RAFBixP.exe
  2⤵
  PID:1428
- C:\Windows\System\fBGxtSt.exe
  C:\Windows\System\fBGxtSt.exe
  2⤵
  PID:3232
- C:\Windows\System\wNFGVtG.exe
  C:\Windows\System\wNFGVtG.exe
  2⤵
  PID:6812
- C:\Windows\System\rEDEGwa.exe
  C:\Windows\System\rEDEGwa.exe
  2⤵
  PID:3768
- C:\Windows\System\kQWZRtd.exe
  C:\Windows\System\kQWZRtd.exe
  2⤵
  PID:2336
- C:\Windows\System\FCYVNny.exe
  C:\Windows\System\FCYVNny.exe
  2⤵
  PID:2412
- C:\Windows\System\LPWuEtJ.exe
  C:\Windows\System\LPWuEtJ.exe
  2⤵
  PID:5464
- C:\Windows\System\kZuAVbI.exe
  C:\Windows\System\kZuAVbI.exe
  2⤵
  PID:1596
- C:\Windows\System\BMDrpTU.exe
  C:\Windows\System\BMDrpTU.exe
  2⤵
  PID:6400
- C:\Windows\System\RFDYPCz.exe
  C:\Windows\System\RFDYPCz.exe
  2⤵
  PID:2760
- C:\Windows\System\oBytFpf.exe
  C:\Windows\System\oBytFpf.exe
  2⤵
  PID:2796
- C:\Windows\System\jqEfPIE.exe
  C:\Windows\System\jqEfPIE.exe
  2⤵
  PID:2436
- C:\Windows\System\PdKLtab.exe
  C:\Windows\System\PdKLtab.exe
  2⤵
  PID:2004
- C:\Windows\System\UvBcfLy.exe
  C:\Windows\System\UvBcfLy.exe
  2⤵
  PID:4408
- C:\Windows\System\NbhxIRp.exe
  C:\Windows\System\NbhxIRp.exe
  2⤵
  PID:1556
- C:\Windows\System\XDZOgbC.exe
  C:\Windows\System\XDZOgbC.exe
  2⤵
  PID:5104
- C:\Windows\System\YGTdcbf.exe
  C:\Windows\System\YGTdcbf.exe
  2⤵
  PID:4080
- C:\Windows\System\CHJSdDp.exe
  C:\Windows\System\CHJSdDp.exe
  2⤵
  PID:6880
- C:\Windows\System\dSQTEQW.exe
  C:\Windows\System\dSQTEQW.exe
  2⤵
  PID:4512
- C:\Windows\System\FRiLSlx.exe
  C:\Windows\System\FRiLSlx.exe
  2⤵
  PID:6996
- C:\Windows\System\wMuvMnU.exe
  C:\Windows\System\wMuvMnU.exe
  2⤵
  PID:4288
- C:\Windows\System\eYMnzbq.exe
  C:\Windows\System\eYMnzbq.exe
  2⤵
  PID:1180
- C:\Windows\System\IFUfaHA.exe
  C:\Windows\System\IFUfaHA.exe
  2⤵
  PID:5248
- C:\Windows\System\AvsgNyh.exe
  C:\Windows\System\AvsgNyh.exe
  2⤵
  PID:544
- C:\Windows\System\edrFkEH.exe
  C:\Windows\System\edrFkEH.exe
  2⤵
  PID:3624
- C:\Windows\System\UiYjxRy.exe
  C:\Windows\System\UiYjxRy.exe
  2⤵
  PID:448
- C:\Windows\System\GrfimDV.exe
  C:\Windows\System\GrfimDV.exe
  2⤵
  PID:2456
- C:\Windows\System\QxiVfiG.exe
  C:\Windows\System\QxiVfiG.exe
  2⤵
  PID:4960
- C:\Windows\System\WqvpAGl.exe
  C:\Windows\System\WqvpAGl.exe
  2⤵
  PID:1356
- C:\Windows\System\WbWtZOj.exe
  C:\Windows\System\WbWtZOj.exe
  2⤵
  PID:3436
- C:\Windows\System\LVRsKss.exe
  C:\Windows\System\LVRsKss.exe
  2⤵
  PID:4292
- C:\Windows\System\ZeAJnUY.exe
  C:\Windows\System\ZeAJnUY.exe
  2⤵
  PID:4724
- C:\Windows\System\fGlfOEu.exe
  C:\Windows\System\fGlfOEu.exe
  2⤵
  PID:400
- C:\Windows\System\CzXNLBQ.exe
  C:\Windows\System\CzXNLBQ.exe
  2⤵
  PID:7268
- C:\Windows\System\rvbUkNb.exe
  C:\Windows\System\rvbUkNb.exe
  2⤵
  PID:7284
- C:\Windows\System\ZqohcjN.exe
  C:\Windows\System\ZqohcjN.exe
  2⤵
  PID:7312
- C:\Windows\System\vTnutoz.exe
  C:\Windows\System\vTnutoz.exe
  2⤵
  PID:7328
- C:\Windows\System\rlBUhrn.exe
  C:\Windows\System\rlBUhrn.exe
  2⤵
  PID:7372
- C:\Windows\System\nFmLLfq.exe
  C:\Windows\System\nFmLLfq.exe
  2⤵
  PID:7388
- C:\Windows\System\IYezuhT.exe
  C:\Windows\System\IYezuhT.exe
  2⤵
  PID:7408
- C:\Windows\System\fXTXzeN.exe
  C:\Windows\System\fXTXzeN.exe
  2⤵
  PID:7436
- C:\Windows\System\xgIBbDz.exe
  C:\Windows\System\xgIBbDz.exe
  2⤵
  PID:7460
- C:\Windows\System\tebNUMi.exe
  C:\Windows\System\tebNUMi.exe
  2⤵
  PID:7484
- C:\Windows\System\QHOSNyx.exe
  C:\Windows\System\QHOSNyx.exe
  2⤵
  PID:7584
- C:\Windows\System\doeeQKU.exe
  C:\Windows\System\doeeQKU.exe
  2⤵
  PID:7600
- C:\Windows\System\UDrgjky.exe
  C:\Windows\System\UDrgjky.exe
  2⤵
  PID:7624
- C:\Windows\System\kxDrJVY.exe
  C:\Windows\System\kxDrJVY.exe
  2⤵
  PID:7648
- C:\Windows\System\EbCUfwt.exe
  C:\Windows\System\EbCUfwt.exe
  2⤵
  PID:7668
- C:\Windows\System\muHsbTL.exe
  C:\Windows\System\muHsbTL.exe
  2⤵
  PID:7688
- C:\Windows\System\HgCmheu.exe
  C:\Windows\System\HgCmheu.exe
  2⤵
  PID:7708
- C:\Windows\System\vtkSeFj.exe
  C:\Windows\System\vtkSeFj.exe
  2⤵
  PID:7724
- C:\Windows\System\qvjMWvl.exe
  C:\Windows\System\qvjMWvl.exe
  2⤵
  PID:7792
- C:\Windows\System\lXkRXFA.exe
  C:\Windows\System\lXkRXFA.exe
  2⤵
  PID:7812
- C:\Windows\System\YdhHvhH.exe
  C:\Windows\System\YdhHvhH.exe
  2⤵
  PID:7828
- C:\Windows\System\PMnSPtp.exe
  C:\Windows\System\PMnSPtp.exe
  2⤵
  PID:7856
- C:\Windows\System\vAaLEko.exe
  C:\Windows\System\vAaLEko.exe
  2⤵
  PID:7876
- C:\Windows\System\YUOcBKh.exe
  C:\Windows\System\YUOcBKh.exe
  2⤵
  PID:7360
- C:\Windows\System\PxoNjgy.exe
  C:\Windows\System\PxoNjgy.exe
  2⤵
  PID:7304
- C:\Windows\System\dGtIeuq.exe
  C:\Windows\System\dGtIeuq.exe
  2⤵
  PID:7504
- C:\Windows\System\pqSFxbW.exe
  C:\Windows\System\pqSFxbW.exe
  2⤵
  PID:7596
- C:\Windows\System\GKeQkNT.exe
  C:\Windows\System\GKeQkNT.exe
  2⤵
  PID:7756
- C:\Windows\System\BqVWSbZ.exe
  C:\Windows\System\BqVWSbZ.exe
  2⤵
  PID:7772
- C:\Windows\System\hczXaOw.exe
  C:\Windows\System\hczXaOw.exe
  2⤵
  PID:7836
- C:\Windows\System\eCQGNkr.exe
  C:\Windows\System\eCQGNkr.exe
  2⤵
  PID:7896
- C:\Windows\System\QXHoPom.exe
  C:\Windows\System\QXHoPom.exe
  2⤵
  PID:7944
- C:\Windows\System\NZvnpPB.exe
  C:\Windows\System\NZvnpPB.exe
  2⤵
  PID:8016
- C:\Windows\System\qVnlmGh.exe
  C:\Windows\System\qVnlmGh.exe
  2⤵
  PID:4620
- C:\Windows\System\NWWAkrn.exe
  C:\Windows\System\NWWAkrn.exe
  2⤵
  PID:8040
- C:\Windows\System\fqQBxMT.exe
  C:\Windows\System\fqQBxMT.exe
  2⤵
  PID:7560
- C:\Windows\System\BkRgYpA.exe
  C:\Windows\System\BkRgYpA.exe
  2⤵
  PID:8080
- C:\Windows\System\JDataVY.exe
  C:\Windows\System\JDataVY.exe
  2⤵
  PID:8120
- C:\Windows\System\Enbkkou.exe
  C:\Windows\System\Enbkkou.exe
  2⤵
  PID:8148
- C:\Windows\System\UhPsWue.exe
  C:\Windows\System\UhPsWue.exe
  2⤵
  PID:8160
- C:\Windows\System\WGDHSLn.exe
  C:\Windows\System\WGDHSLn.exe
  2⤵
  PID:8180
- C:\Windows\System\zQuBWQF.exe
  C:\Windows\System\zQuBWQF.exe
  2⤵
  PID:7192
- C:\Windows\System\gJqYwEl.exe
  C:\Windows\System\gJqYwEl.exe
  2⤵
  PID:5536
- C:\Windows\System\omOifKE.exe
  C:\Windows\System\omOifKE.exe
  2⤵
  PID:7380
- C:\Windows\System\vOrgggZ.exe
  C:\Windows\System\vOrgggZ.exe
  2⤵
  PID:5772
- C:\Windows\System\FJCEbKu.exe
  C:\Windows\System\FJCEbKu.exe
  2⤵
  PID:7472
- C:\Windows\System\SAiptIN.exe
  C:\Windows\System\SAiptIN.exe
  2⤵
  PID:7544
- C:\Windows\System\iFnIPuR.exe
  C:\Windows\System\iFnIPuR.exe
  2⤵
  PID:7592
- C:\Windows\System\kShdUAq.exe
  C:\Windows\System\kShdUAq.exe
  2⤵
  PID:7684
- C:\Windows\System\cvNhhgb.exe
  C:\Windows\System\cvNhhgb.exe
  2⤵
  PID:7640
- C:\Windows\System\agfHtDK.exe
  C:\Windows\System\agfHtDK.exe
  2⤵
  PID:7844
- C:\Windows\System\kSEIoak.exe
  C:\Windows\System\kSEIoak.exe
  2⤵
  PID:8020
- C:\Windows\System\guuPfaf.exe
  C:\Windows\System\guuPfaf.exe
  2⤵
  PID:8032
- C:\Windows\System\sOYUZhi.exe
  C:\Windows\System\sOYUZhi.exe
  2⤵
  PID:8112
- C:\Windows\System\kDMTstp.exe
  C:\Windows\System\kDMTstp.exe
  2⤵
  PID:8156
- C:\Windows\System\OtYyNOY.exe
  C:\Windows\System\OtYyNOY.exe
  2⤵
  PID:3256
- C:\Windows\System\syZxOhm.exe
  C:\Windows\System\syZxOhm.exe
  2⤵
  PID:5780
- C:\Windows\System\CofWsVu.exe
  C:\Windows\System\CofWsVu.exe
  2⤵
  PID:7532
- C:\Windows\System\tLSqfxU.exe
  C:\Windows\System\tLSqfxU.exe
  2⤵
  PID:7716
- C:\Windows\System\wPKDFSc.exe
  C:\Windows\System\wPKDFSc.exe
  2⤵
  PID:7776
- C:\Windows\System\zRwxPix.exe
  C:\Windows\System\zRwxPix.exe
  2⤵
  PID:7940
- C:\Windows\System\eOwHXMV.exe
  C:\Windows\System\eOwHXMV.exe
  2⤵
  PID:5920
- C:\Windows\System\CSVMRMy.exe
  C:\Windows\System\CSVMRMy.exe
  2⤵
  PID:5572
- C:\Windows\System\hycWXla.exe
  C:\Windows\System\hycWXla.exe
  2⤵
  PID:7428
- C:\Windows\System\uzzLDPE.exe
  C:\Windows\System\uzzLDPE.exe
  2⤵
  PID:5092
- C:\Windows\System\hLpUblw.exe
  C:\Windows\System\hLpUblw.exe
  2⤵
  PID:7744
- C:\Windows\System\XiwOIKM.exe
  C:\Windows\System\XiwOIKM.exe
  2⤵
  PID:8060
- C:\Windows\System\yLOTCln.exe
  C:\Windows\System\yLOTCln.exe
  2⤵
  PID:8108
- C:\Windows\System\eQuDsst.exe
  C:\Windows\System\eQuDsst.exe
  2⤵
  PID:8212
- C:\Windows\System\gNhchkR.exe
  C:\Windows\System\gNhchkR.exe
  2⤵
  PID:8276
- C:\Windows\System\vzSnlAa.exe
  C:\Windows\System\vzSnlAa.exe
  2⤵
  PID:8292
- C:\Windows\System\gvNaHee.exe
  C:\Windows\System\gvNaHee.exe
  2⤵
  PID:8316
- C:\Windows\System\vgklgEE.exe
  C:\Windows\System\vgklgEE.exe
  2⤵
  PID:8336
- C:\Windows\System\xIArYHf.exe
  C:\Windows\System\xIArYHf.exe
  2⤵
  PID:8432
- C:\Windows\System\TeLFlXm.exe
  C:\Windows\System\TeLFlXm.exe
  2⤵
  PID:8460
- C:\Windows\System\NVtjOnC.exe
  C:\Windows\System\NVtjOnC.exe
  2⤵
  PID:8480
- C:\Windows\System\NhXmrxU.exe
  C:\Windows\System\NhXmrxU.exe
  2⤵
  PID:8556
- C:\Windows\System\YGWHeVL.exe
  C:\Windows\System\YGWHeVL.exe
  2⤵
  PID:8572
- C:\Windows\System\FPQdvej.exe
  C:\Windows\System\FPQdvej.exe
  2⤵
  PID:8592
- C:\Windows\System\nyDkWJq.exe
  C:\Windows\System\nyDkWJq.exe
  2⤵
  PID:8616
- C:\Windows\System\ILNwYor.exe
  C:\Windows\System\ILNwYor.exe
  2⤵
  PID:8716
- C:\Windows\System\qUOYMbd.exe
  C:\Windows\System\qUOYMbd.exe
  2⤵
  PID:8780
- C:\Windows\System\XddVTgU.exe
  C:\Windows\System\XddVTgU.exe
  2⤵
  PID:8796
- C:\Windows\System\ycWQYze.exe
  C:\Windows\System\ycWQYze.exe
  2⤵
  PID:8940
- C:\Windows\System\GlXafVi.exe
  C:\Windows\System\GlXafVi.exe
  2⤵
  PID:8960
- C:\Windows\System\qGThpID.exe
  C:\Windows\System\qGThpID.exe
  2⤵
  PID:8980
- C:\Windows\System\LxliXlE.exe
  C:\Windows\System\LxliXlE.exe
  2⤵
  PID:8996
- C:\Windows\System\ekJnVFo.exe
  C:\Windows\System\ekJnVFo.exe
  2⤵
  PID:9012
- C:\Windows\System\MzOwJHs.exe
  C:\Windows\System\MzOwJHs.exe
  2⤵
  PID:4016
- C:\Windows\System\HjiFShB.exe
  C:\Windows\System\HjiFShB.exe
  2⤵
  PID:8144
- C:\Windows\System\JlVdsMg.exe
  C:\Windows\System\JlVdsMg.exe
  2⤵
  PID:8220
- C:\Windows\System\SfAWJtN.exe
  C:\Windows\System\SfAWJtN.exe
  2⤵
  PID:8248
- C:\Windows\System\zTVQvIb.exe
  C:\Windows\System\zTVQvIb.exe
  2⤵
  PID:8272
- C:\Windows\System\QXDikNL.exe
  C:\Windows\System\QXDikNL.exe
  2⤵
  PID:8412
- C:\Windows\System\gZnDihI.exe
  C:\Windows\System\gZnDihI.exe
  2⤵
  PID:8376
- C:\Windows\System\BBeOBUD.exe
  C:\Windows\System\BBeOBUD.exe
  2⤵
  PID:5344
- C:\Windows\System\chXHETF.exe
  C:\Windows\System\chXHETF.exe
  2⤵
  PID:5576
- C:\Windows\System\IzGVZgv.exe
  C:\Windows\System\IzGVZgv.exe
  2⤵
  PID:8416
- C:\Windows\System\HIPKRtU.exe
  C:\Windows\System\HIPKRtU.exe
  2⤵
  PID:1604
- C:\Windows\System\btsTkQl.exe
  C:\Windows\System\btsTkQl.exe
  2⤵
  PID:3192
- C:\Windows\System\AdVjPMz.exe
  C:\Windows\System\AdVjPMz.exe
  2⤵
  PID:8584
- C:\Windows\System\wMEUHok.exe
  C:\Windows\System\wMEUHok.exe
  2⤵
  PID:8628
- C:\Windows\System\qwbsUlu.exe
  C:\Windows\System\qwbsUlu.exe
  2⤵
  PID:5836
- C:\Windows\System\ihsNQGa.exe
  C:\Windows\System\ihsNQGa.exe
  2⤵
  PID:8696
- C:\Windows\System\NIdPorL.exe
  C:\Windows\System\NIdPorL.exe
  2⤵
  PID:4936
- C:\Windows\System\QySMgcW.exe
  C:\Windows\System\QySMgcW.exe
  2⤵
  PID:4860
- C:\Windows\System\qFRuAKW.exe
  C:\Windows\System\qFRuAKW.exe
  2⤵
  PID:3220
- C:\Windows\System\jYctJAN.exe
  C:\Windows\System\jYctJAN.exe
  2⤵
  PID:5704
- C:\Windows\System\KgxhGSL.exe
  C:\Windows\System\KgxhGSL.exe
  2⤵
  PID:8776
- C:\Windows\System\eQuxRGb.exe
  C:\Windows\System\eQuxRGb.exe
  2⤵
  PID:5268
- C:\Windows\System\YgGEMiz.exe
  C:\Windows\System\YgGEMiz.exe
  2⤵
  PID:8860
- C:\Windows\System\inXjeuq.exe
  C:\Windows\System\inXjeuq.exe
  2⤵
  PID:2712
- C:\Windows\System\AlCxefz.exe
  C:\Windows\System\AlCxefz.exe
  2⤵
  PID:8852
- C:\Windows\System\yverDgS.exe
  C:\Windows\System\yverDgS.exe
  2⤵
  PID:1028
- C:\Windows\System\cBOIwIk.exe
  C:\Windows\System\cBOIwIk.exe
  2⤵
  PID:8916
- C:\Windows\System\ZhsDHro.exe
  C:\Windows\System\ZhsDHro.exe
  2⤵
  PID:5504
- C:\Windows\System\SGAKYYq.exe
  C:\Windows\System\SGAKYYq.exe
  2⤵
  PID:8904
- C:\Windows\System\yEPqjGE.exe
  C:\Windows\System\yEPqjGE.exe
  2⤵
  PID:5356
- C:\Windows\System\sqHhvMP.exe
  C:\Windows\System\sqHhvMP.exe
  2⤵
  PID:8900
- C:\Windows\System\mwZPQGi.exe
  C:\Windows\System\mwZPQGi.exe
  2⤵
  PID:5776
- C:\Windows\System\SGkVGTq.exe
  C:\Windows\System\SGkVGTq.exe
  2⤵
  PID:2540
- C:\Windows\System\qNjuSlI.exe
  C:\Windows\System\qNjuSlI.exe
  2⤵
  PID:8992
- C:\Windows\System\XqQNhLO.exe
  C:\Windows\System\XqQNhLO.exe
  2⤵
  PID:8928
- C:\Windows\System\rgLjmUK.exe
  C:\Windows\System\rgLjmUK.exe
  2⤵
  PID:8976
- C:\Windows\System\MaZeqzN.exe
  C:\Windows\System\MaZeqzN.exe
  2⤵
  PID:9040
- C:\Windows\System\HTMjTCe.exe
  C:\Windows\System\HTMjTCe.exe
  2⤵
  PID:9088
- C:\Windows\System\aUyfgJi.exe
  C:\Windows\System\aUyfgJi.exe
  2⤵
  PID:5164
- C:\Windows\System\KlPYGkQ.exe
  C:\Windows\System\KlPYGkQ.exe
  2⤵
  PID:6476
- C:\Windows\System\gfVBWIY.exe
  C:\Windows\System\gfVBWIY.exe
  2⤵
  PID:6764
- C:\Windows\System\eTknmBz.exe
  C:\Windows\System\eTknmBz.exe
  2⤵
  PID:6756
- C:\Windows\System\eyudePP.exe
  C:\Windows\System\eyudePP.exe
  2⤵
  PID:6924
- C:\Windows\System\rMzWXtn.exe
  C:\Windows\System\rMzWXtn.exe
  2⤵
  PID:9148
- C:\Windows\System\FKjlxhC.exe
  C:\Windows\System\FKjlxhC.exe
  2⤵
  PID:6160
- C:\Windows\System\OGLCKFE.exe
  C:\Windows\System\OGLCKFE.exe
  2⤵
  PID:6148
- C:\Windows\System\WWPnCjH.exe
  C:\Windows\System\WWPnCjH.exe
  2⤵
  PID:9184
- C:\Windows\System\wToZzGe.exe
  C:\Windows\System\wToZzGe.exe
  2⤵
  PID:6404
- C:\Windows\System\GUHinbG.exe
  C:\Windows\System\GUHinbG.exe
  2⤵
  PID:6480
- C:\Windows\System\AlegAce.exe
  C:\Windows\System\AlegAce.exe
  2⤵
  PID:9156
- C:\Windows\System\kjOPIvL.exe
  C:\Windows\System\kjOPIvL.exe
  2⤵
  PID:6632
- C:\Windows\System\qYXxbmf.exe
  C:\Windows\System\qYXxbmf.exe
  2⤵
  PID:6352
- C:\Windows\System\JCvMYYR.exe
  C:\Windows\System\JCvMYYR.exe
  2⤵
  PID:6196
- C:\Windows\System\KnKFVgr.exe
  C:\Windows\System\KnKFVgr.exe
  2⤵
  PID:6120
- C:\Windows\System\cWvmcoQ.exe
  C:\Windows\System\cWvmcoQ.exe
  2⤵
  PID:7064
- C:\Windows\System\jBziqXo.exe
  C:\Windows\System\jBziqXo.exe
  2⤵
  PID:6428
- C:\Windows\System\KKRndVQ.exe
  C:\Windows\System\KKRndVQ.exe
  2⤵
  PID:6164
- C:\Windows\System\whDCeJi.exe
  C:\Windows\System\whDCeJi.exe
  2⤵
  PID:6512
- C:\Windows\System\FUJwIQE.exe
  C:\Windows\System\FUJwIQE.exe
  2⤵
  PID:7228
- C:\Windows\System\QtzAFQs.exe
  C:\Windows\System\QtzAFQs.exe
  2⤵
  PID:6088
- C:\Windows\System\oKduJue.exe
  C:\Windows\System\oKduJue.exe
  2⤵
  PID:7068
- C:\Windows\System\asNqSSF.exe
  C:\Windows\System\asNqSSF.exe
  2⤵
  PID:6488
- C:\Windows\System\KBNVXyj.exe
  C:\Windows\System\KBNVXyj.exe
  2⤵
  PID:3128
- C:\Windows\System\HZzeSoq.exe
  C:\Windows\System\HZzeSoq.exe
  2⤵
  PID:6288
- C:\Windows\System\jOLJnlC.exe
  C:\Windows\System\jOLJnlC.exe
  2⤵
  PID:6956
- C:\Windows\System\MqwPnMn.exe
  C:\Windows\System\MqwPnMn.exe
  2⤵
  PID:8324
- C:\Windows\System\yAibGna.exe
  C:\Windows\System\yAibGna.exe
  2⤵
  PID:8328
- C:\Windows\System\kQAsMtX.exe
  C:\Windows\System\kQAsMtX.exe
  2⤵
  PID:6892
- C:\Windows\System\xvdGgVS.exe
  C:\Windows\System\xvdGgVS.exe
  2⤵
  PID:3604
- C:\Windows\System\VaJvmXb.exe
  C:\Windows\System\VaJvmXb.exe
  2⤵
  PID:5124
- C:\Windows\System\OmWHfqw.exe
  C:\Windows\System\OmWHfqw.exe
  2⤵
  PID:8448
- C:\Windows\System\mKhjdom.exe
  C:\Windows\System\mKhjdom.exe
  2⤵
  PID:5768
- C:\Windows\System\dWQlXGB.exe
  C:\Windows\System\dWQlXGB.exe
  2⤵
  PID:8544
- C:\Windows\System\IXEDtjj.exe
  C:\Windows\System\IXEDtjj.exe
  2⤵
  PID:6096
- C:\Windows\System\DSqClOe.exe
  C:\Windows\System\DSqClOe.exe
  2⤵
  PID:8660
- C:\Windows\System\QYvjHcP.exe
  C:\Windows\System\QYvjHcP.exe
  2⤵
  PID:6564
- C:\Windows\System\ygbtQDd.exe
  C:\Windows\System\ygbtQDd.exe
  2⤵
  PID:6908
- C:\Windows\System\MhRKcqr.exe
  C:\Windows\System\MhRKcqr.exe
  2⤵
  PID:6628
- C:\Windows\System\cUoDeSh.exe
  C:\Windows\System\cUoDeSh.exe
  2⤵
  PID:9212
- C:\Windows\System\cMRmADk.exe
  C:\Windows\System\cMRmADk.exe
  2⤵
  PID:8208
- C:\Windows\System\QXoVVWb.exe
  C:\Windows\System\QXoVVWb.exe
  2⤵
  PID:6776
- C:\Windows\System\tGJjcZA.exe
  C:\Windows\System\tGJjcZA.exe
  2⤵
  PID:6652
- C:\Windows\System\JGPzDyb.exe
  C:\Windows\System\JGPzDyb.exe
  2⤵
  PID:7664
- C:\Windows\System\fDhHVdT.exe
  C:\Windows\System\fDhHVdT.exe
  2⤵
  PID:5992
- C:\Windows\System\joGFqZH.exe
  C:\Windows\System\joGFqZH.exe
  2⤵
  PID:6036
- C:\Windows\System\IQbDPsV.exe
  C:\Windows\System\IQbDPsV.exe
  2⤵
  PID:5368
- C:\Windows\System\FWbzbYP.exe
  C:\Windows\System\FWbzbYP.exe
  2⤵
  PID:8608
- C:\Windows\System\xjTeXLB.exe
  C:\Windows\System\xjTeXLB.exe
  2⤵
  PID:6544
- C:\Windows\System\oBSEnNN.exe
  C:\Windows\System\oBSEnNN.exe
  2⤵
  PID:8772
- C:\Windows\System\slIVuec.exe
  C:\Windows\System\slIVuec.exe
  2⤵
  PID:8820
- C:\Windows\System\LaanKAp.exe
  C:\Windows\System\LaanKAp.exe
  2⤵
  PID:8988
- C:\Windows\System\zchwNzZ.exe
  C:\Windows\System\zchwNzZ.exe
  2⤵
  PID:1408
- C:\Windows\System\rtmNaIQ.exe
  C:\Windows\System\rtmNaIQ.exe
  2⤵
  PID:5288
- C:\Windows\System\FWkOcND.exe
  C:\Windows\System\FWkOcND.exe
  2⤵
  PID:5304
- C:\Windows\System\TLTQoQn.exe
  C:\Windows\System\TLTQoQn.exe
  2⤵
  PID:6716
- C:\Windows\System\pNtnbFL.exe
  C:\Windows\System\pNtnbFL.exe
  2⤵
  PID:9136
- C:\Windows\System\ZTyTwoy.exe
  C:\Windows\System\ZTyTwoy.exe
  2⤵
  PID:9208
- C:\Windows\System\EkGdGwd.exe
  C:\Windows\System\EkGdGwd.exe
  2⤵
  PID:228
- C:\Windows\System\iiAaXQo.exe
  C:\Windows\System\iiAaXQo.exe
  2⤵
  PID:1680
- C:\Windows\System\IOmtRcl.exe
  C:\Windows\System\IOmtRcl.exe
  2⤵
  PID:7396
- C:\Windows\System\TJDZmpQ.exe
  C:\Windows\System\TJDZmpQ.exe
  2⤵
  PID:8304
- C:\Windows\System\UlLwfDk.exe
  C:\Windows\System\UlLwfDk.exe
  2⤵
  PID:5284
- C:\Windows\System\hFrNoLV.exe
  C:\Windows\System\hFrNoLV.exe
  2⤵
  PID:5428
- C:\Windows\System\uriBiKh.exe
  C:\Windows\System\uriBiKh.exe
  2⤵
  PID:9232
- C:\Windows\System\vkSacsQ.exe
  C:\Windows\System\vkSacsQ.exe
  2⤵
  PID:9256
- C:\Windows\System\yBXCmrI.exe
  C:\Windows\System\yBXCmrI.exe
  2⤵
  PID:9272
- C:\Windows\System\WLOWMHz.exe
  C:\Windows\System\WLOWMHz.exe
  2⤵
  PID:9300
- C:\Windows\System\MWnezkv.exe
  C:\Windows\System\MWnezkv.exe
  2⤵
  PID:9316
- C:\Windows\System\qXYHOKN.exe
  C:\Windows\System\qXYHOKN.exe
  2⤵
  PID:9352
- C:\Windows\System\FYOfhAk.exe
  C:\Windows\System\FYOfhAk.exe
  2⤵
  PID:9368
- C:\Windows\System\zfAegDX.exe
  C:\Windows\System\zfAegDX.exe
  2⤵
  PID:9392
- C:\Windows\System\CRbzBsH.exe
  C:\Windows\System\CRbzBsH.exe
  2⤵
  PID:9412
- C:\Windows\System\bVgJGVF.exe
  C:\Windows\System\bVgJGVF.exe
  2⤵
  PID:9432
- C:\Windows\System\fNoRGRT.exe
  C:\Windows\System\fNoRGRT.exe
  2⤵
  PID:9452
- C:\Windows\System\tbWWfxs.exe
  C:\Windows\System\tbWWfxs.exe
  2⤵
  PID:9476
- C:\Windows\System\NXOdThd.exe
  C:\Windows\System\NXOdThd.exe
  2⤵
  PID:9496
- C:\Windows\System\oGbSKaE.exe
  C:\Windows\System\oGbSKaE.exe
  2⤵
  PID:9520
- C:\Windows\System\VVsYQdG.exe
  C:\Windows\System\VVsYQdG.exe
  2⤵
  PID:9540
- C:\Windows\System\nryrePX.exe
  C:\Windows\System\nryrePX.exe
  2⤵
  PID:9560
- C:\Windows\System\mHnVAug.exe
  C:\Windows\System\mHnVAug.exe
  2⤵
  PID:9592
- C:\Windows\System\FOUQiMu.exe
  C:\Windows\System\FOUQiMu.exe
  2⤵
  PID:9616
- C:\Windows\System\REVYCRM.exe
  C:\Windows\System\REVYCRM.exe
  2⤵
  PID:9640
- C:\Windows\System\ULLMfLr.exe
  C:\Windows\System\ULLMfLr.exe
  2⤵
  PID:9664
- C:\Windows\System\bLGVMTK.exe
  C:\Windows\System\bLGVMTK.exe
  2⤵
  PID:9688
- C:\Windows\System\kPvFLog.exe
  C:\Windows\System\kPvFLog.exe
  2⤵
  PID:9708
- C:\Windows\System\zHxFPrw.exe
  C:\Windows\System\zHxFPrw.exe
  2⤵
  PID:9728
- C:\Windows\System\BgZfcws.exe
  C:\Windows\System\BgZfcws.exe
  2⤵
  PID:9752
- C:\Windows\System\YSmQQdG.exe
  C:\Windows\System\YSmQQdG.exe
  2⤵
  PID:10140
- C:\Windows\System\uVhDXtJ.exe
  C:\Windows\System\uVhDXtJ.exe
  2⤵
  PID:10160
- C:\Windows\System\sYCXlNX.exe
  C:\Windows\System\sYCXlNX.exe
  2⤵
  PID:10176
- C:\Windows\System\IAqmLFo.exe
  C:\Windows\System\IAqmLFo.exe
  2⤵
  PID:10192
- C:\Windows\System\jWWJHLG.exe
  C:\Windows\System\jWWJHLG.exe
  2⤵
  PID:10212
- C:\Windows\System\qlRYGfz.exe
  C:\Windows\System\qlRYGfz.exe
  2⤵
  PID:10236
- C:\Windows\System\AetCiDq.exe
  C:\Windows\System\AetCiDq.exe
  2⤵
  PID:6040
- C:\Windows\System\uPBIRcl.exe
  C:\Windows\System\uPBIRcl.exe
  2⤵
  PID:5280
- C:\Windows\System\OBEJVVn.exe
  C:\Windows\System\OBEJVVn.exe
  2⤵
  PID:9220
- C:\Windows\System\ynjkMne.exe
  C:\Windows\System\ynjkMne.exe
  2⤵
  PID:6072
- C:\Windows\System\oPbuqLZ.exe
  C:\Windows\System\oPbuqLZ.exe
  2⤵
  PID:7404
- C:\Windows\System\zKfzgND.exe
  C:\Windows\System\zKfzgND.exe
  2⤵
  PID:9404
- C:\Windows\System\agnIQGe.exe
  C:\Windows\System\agnIQGe.exe
  2⤵
  PID:9224
- C:\Windows\System\XmsneHV.exe
  C:\Windows\System\XmsneHV.exe
  2⤵
  PID:9268
- C:\Windows\System\arLpHqW.exe
  C:\Windows\System\arLpHqW.exe
  2⤵
  PID:6200
- C:\Windows\System\iOZqIJh.exe
  C:\Windows\System\iOZqIJh.exe
  2⤵
  PID:6212
- C:\Windows\System\ctCiAgt.exe
  C:\Windows\System\ctCiAgt.exe
  2⤵
  PID:9380
- C:\Windows\System\VGiBVPr.exe
  C:\Windows\System\VGiBVPr.exe
  2⤵
  PID:9440
- C:\Windows\System\BFZeYXE.exe
  C:\Windows\System\BFZeYXE.exe
  2⤵
  PID:9468
- C:\Windows\System\tHHdVuh.exe
  C:\Windows\System\tHHdVuh.exe
  2⤵
  PID:9288
- C:\Windows\System\UyvuVJY.exe
  C:\Windows\System\UyvuVJY.exe
  2⤵
  PID:9604
- C:\Windows\System\QgMEvst.exe
  C:\Windows\System\QgMEvst.exe
  2⤵
  PID:9384
- C:\Windows\System\YwSHzdL.exe
  C:\Windows\System\YwSHzdL.exe
  2⤵
  PID:9472
- C:\Windows\System\lzshMjJ.exe
  C:\Windows\System\lzshMjJ.exe
  2⤵
  PID:9512
- C:\Windows\System\ItHgJoB.exe
  C:\Windows\System\ItHgJoB.exe
  2⤵
  PID:9716
- C:\Windows\System\auYPjyK.exe
  C:\Windows\System\auYPjyK.exe
  2⤵
  PID:9744
- C:\Windows\System\QCeiajL.exe
  C:\Windows\System\QCeiajL.exe
  2⤵
  PID:9904
- C:\Windows\System\vDRYLub.exe
  C:\Windows\System\vDRYLub.exe
  2⤵
  PID:9852
- C:\Windows\System\XUerGax.exe
  C:\Windows\System\XUerGax.exe
  2⤵
  PID:10068
- C:\Windows\System\PfREZwP.exe
  C:\Windows\System\PfREZwP.exe
  2⤵
  PID:10012
- C:\Windows\System\QhLzwHJ.exe
  C:\Windows\System\QhLzwHJ.exe
  2⤵
  PID:10044
- C:\Windows\System\oXDCBwZ.exe
  C:\Windows\System\oXDCBwZ.exe
  2⤵
  PID:10120
- C:\Windows\System\wpSnYuO.exe
  C:\Windows\System\wpSnYuO.exe
  2⤵
  PID:9764
- C:\Windows\System\NQNyyQq.exe
  C:\Windows\System\NQNyyQq.exe
  2⤵
  PID:10204
- C:\Windows\System\mBCDGNI.exe
  C:\Windows\System\mBCDGNI.exe
  2⤵
  PID:10200
- C:\Windows\System\uzLEkDu.exe
  C:\Windows\System\uzLEkDu.exe
  2⤵
  PID:10232
- C:\Windows\System\FNXgDUT.exe
  C:\Windows\System\FNXgDUT.exe
  2⤵
  PID:8808
- C:\Windows\System\aHptHvk.exe
  C:\Windows\System\aHptHvk.exe
  2⤵
  PID:9188
- C:\Windows\System\bTIkZzu.exe
  C:\Windows\System\bTIkZzu.exe
  2⤵
  PID:3472
- C:\Windows\System\roUDFdV.exe
  C:\Windows\System\roUDFdV.exe
  2⤵
  PID:9532
- C:\Windows\System\RAJGDeP.exe
  C:\Windows\System\RAJGDeP.exe
  2⤵
  PID:2984
- C:\Windows\System\vSEAJOR.exe
  C:\Windows\System\vSEAJOR.exe
  2⤵
  PID:2736
- C:\Windows\System\ythQQIL.exe
  C:\Windows\System\ythQQIL.exe
  2⤵
  PID:9360
- C:\Windows\System\TBtctmO.exe
  C:\Windows\System\TBtctmO.exe
  2⤵
  PID:10248
- C:\Windows\System\LQQgWJY.exe
  C:\Windows\System\LQQgWJY.exe
  2⤵
  PID:10272
- C:\Windows\System\nWNZEku.exe
  C:\Windows\System\nWNZEku.exe
  2⤵
  PID:10292
- C:\Windows\System\FyIIQmv.exe
  C:\Windows\System\FyIIQmv.exe
  2⤵
  PID:10316
- C:\Windows\System\wOIVrIx.exe
  C:\Windows\System\wOIVrIx.exe
  2⤵
  PID:10440
- C:\Windows\System\AhRZQxO.exe
  C:\Windows\System\AhRZQxO.exe
  2⤵
  PID:10460
- C:\Windows\System\MqrWXFz.exe
  C:\Windows\System\MqrWXFz.exe
  2⤵
  PID:10480
- C:\Windows\System\obmulCj.exe
  C:\Windows\System\obmulCj.exe
  2⤵
  PID:10508
- C:\Windows\System\oJFjEmV.exe
  C:\Windows\System\oJFjEmV.exe
  2⤵
  PID:10532
- C:\Windows\System\VOszalq.exe
  C:\Windows\System\VOszalq.exe
  2⤵
  PID:10552
- C:\Windows\System\rJbbRCB.exe
  C:\Windows\System\rJbbRCB.exe
  2⤵
  PID:10568
- C:\Windows\System\lcdJDKi.exe
  C:\Windows\System\lcdJDKi.exe
  2⤵
  PID:10588
- C:\Windows\System\ZnSfNaA.exe
  C:\Windows\System\ZnSfNaA.exe
  2⤵
  PID:10608
- C:\Windows\System\EvfbOZW.exe
  C:\Windows\System\EvfbOZW.exe
  2⤵
  PID:10632
- C:\Windows\System\GbBeSOL.exe
  C:\Windows\System\GbBeSOL.exe
  2⤵
  PID:10648
- C:\Windows\System\xzKhHZl.exe
  C:\Windows\System\xzKhHZl.exe
  2⤵
  PID:10684
- C:\Windows\System\RLGFiMP.exe
  C:\Windows\System\RLGFiMP.exe
  2⤵
  PID:10708
- C:\Windows\System\PVnIfhd.exe
  C:\Windows\System\PVnIfhd.exe
  2⤵
  PID:10732
- C:\Windows\System\vKCLbmN.exe
  C:\Windows\System\vKCLbmN.exe
  2⤵
  PID:10748
- C:\Windows\System\NmrJbau.exe
  C:\Windows\System\NmrJbau.exe
  2⤵
  PID:10764
- C:\Windows\System\ORJojHo.exe
  C:\Windows\System\ORJojHo.exe
  2⤵
  PID:10784
- C:\Windows\System\QVZebKo.exe
  C:\Windows\System\QVZebKo.exe
  2⤵
  PID:10804
- C:\Windows\System\HACHatb.exe
  C:\Windows\System\HACHatb.exe
  2⤵
  PID:10832
- C:\Windows\System\jlwEttp.exe
  C:\Windows\System\jlwEttp.exe
  2⤵
  PID:10852
- C:\Windows\System\yVrTYFL.exe
  C:\Windows\System\yVrTYFL.exe
  2⤵
  PID:10868
- C:\Windows\System\DZujpft.exe
  C:\Windows\System\DZujpft.exe
  2⤵
  PID:10888
- C:\Windows\System\qmVJmyb.exe
  C:\Windows\System\qmVJmyb.exe
  2⤵
  PID:10912
- C:\Windows\System\fPLCKeW.exe
  C:\Windows\System\fPLCKeW.exe
  2⤵
  PID:10928
- C:\Windows\System\uxwsNLN.exe
  C:\Windows\System\uxwsNLN.exe
  2⤵
  PID:9420
- C:\Windows\System\ZTnenrr.exe
  C:\Windows\System\ZTnenrr.exe
  2⤵
  PID:1284
- C:\Windows\System\UJtRJmK.exe
  C:\Windows\System\UJtRJmK.exe
  2⤵
  PID:10368
- C:\Windows\System\LtSkcPF.exe
  C:\Windows\System\LtSkcPF.exe
  2⤵
  PID:10380
- C:\Windows\System\NGXOjfF.exe
  C:\Windows\System\NGXOjfF.exe
  2⤵
  PID:10668
- C:\Windows\System\uJSiNXk.exe
  C:\Windows\System\uJSiNXk.exe
  2⤵
  PID:10776
- C:\Windows\System\bjBVZDX.exe
  C:\Windows\System\bjBVZDX.exe
  2⤵
  PID:11092
- C:\Windows\System\JWghBNC.exe
  C:\Windows\System\JWghBNC.exe
  2⤵
  PID:10904
- C:\Windows\System\qzOxcAg.exe
  C:\Windows\System\qzOxcAg.exe
  2⤵
  PID:3452
- C:\Windows\System\IxaVaaX.exe
  C:\Windows\System\IxaVaaX.exe
  2⤵
  PID:10432
- C:\Windows\System\fuySQfA.exe
  C:\Windows\System\fuySQfA.exe
  2⤵
  PID:4548
- C:\Windows\System\kbpkpkH.exe
  C:\Windows\System\kbpkpkH.exe
  2⤵
  PID:11184
- C:\Windows\System\eFNMuUy.exe
  C:\Windows\System\eFNMuUy.exe
  2⤵
  PID:4756
- C:\Windows\System\OCEKvHi.exe
  C:\Windows\System\OCEKvHi.exe
  2⤵
  PID:10696
- C:\Windows\System\ctunxgN.exe
  C:\Windows\System\ctunxgN.exe
  2⤵
  PID:10728
- C:\Windows\System\ghoRHgo.exe
  C:\Windows\System\ghoRHgo.exe
  2⤵
  PID:10760
- C:\Windows\System\lSinqXp.exe
  C:\Windows\System\lSinqXp.exe
  2⤵
  PID:10816
- C:\Windows\System\SHXGjew.exe
  C:\Windows\System\SHXGjew.exe
  2⤵
  PID:10844
- C:\Windows\System\dzAprtg.exe
  C:\Windows\System\dzAprtg.exe
  2⤵
  PID:10908
- C:\Windows\System\ECbHght.exe
  C:\Windows\System\ECbHght.exe
  2⤵
  PID:4852
- C:\Windows\System\MdSCgaA.exe
  C:\Windows\System\MdSCgaA.exe
  2⤵
  PID:11148
- C:\Windows\System\fRkDfHi.exe
  C:\Windows\System\fRkDfHi.exe
  2⤵
  PID:11164
- C:\Windows\System\GvnTJoh.exe
  C:\Windows\System\GvnTJoh.exe
  2⤵
  PID:3224
- C:\Windows\System\xxEyPME.exe
  C:\Windows\System\xxEyPME.exe
  2⤵
  PID:3984
- C:\Windows\System\pNXjwtB.exe
  C:\Windows\System\pNXjwtB.exe
  2⤵
  PID:11048
- C:\Windows\System\tTjbVHj.exe
  C:\Windows\System\tTjbVHj.exe
  2⤵
  PID:780
- C:\Windows\System\OOXjDjb.exe
  C:\Windows\System\OOXjDjb.exe
  2⤵
  PID:1432
- C:\Windows\System\PpPdEWx.exe
  C:\Windows\System\PpPdEWx.exe
  2⤵
  PID:1416
- C:\Windows\System\UcPIsYd.exe
  C:\Windows\System\UcPIsYd.exe
  2⤵
  PID:5792
- C:\Windows\System\PkmlRmG.exe
  C:\Windows\System\PkmlRmG.exe
  2⤵
  PID:11196
- C:\Windows\System\jPPcdib.exe
  C:\Windows\System\jPPcdib.exe
  2⤵
  PID:6296
- C:\Windows\System\fyERCRY.exe
  C:\Windows\System\fyERCRY.exe
  2⤵
  PID:11216
- C:\Windows\System\gSVlbwI.exe
  C:\Windows\System\gSVlbwI.exe
  2⤵
  PID:9788
- C:\Windows\System\EbgfpeL.exe
  C:\Windows\System\EbgfpeL.exe
  2⤵
  PID:10392
- C:\Windows\System\kQZwNXu.exe
  C:\Windows\System\kQZwNXu.exe
  2⤵
  PID:4520
- C:\Windows\System\MFMmbPI.exe
  C:\Windows\System\MFMmbPI.exe
  2⤵
  PID:7088
- C:\Windows\System\tTlkRvi.exe
  C:\Windows\System\tTlkRvi.exe
  2⤵
  PID:9892
- C:\Windows\System\zvQXopE.exe
  C:\Windows\System\zvQXopE.exe
  2⤵
  PID:10600
- C:\Windows\System\DsreYvp.exe
  C:\Windows\System\DsreYvp.exe
  2⤵
  PID:7104
- C:\Windows\System\KRTMSGv.exe
  C:\Windows\System\KRTMSGv.exe
  2⤵
  PID:7324
- C:\Windows\System\AARLLtc.exe
  C:\Windows\System\AARLLtc.exe
  2⤵
  PID:1968
- C:\Windows\System\FUYywgM.exe
  C:\Windows\System\FUYywgM.exe
  2⤵
  PID:7028
- C:\Windows\System\uAgIgMh.exe
  C:\Windows\System\uAgIgMh.exe
  2⤵
  PID:1980
- C:\Windows\System\ZQAulVN.exe
  C:\Windows\System\ZQAulVN.exe
  2⤵
  PID:9284
- C:\Windows\System\wfCVNdX.exe
  C:\Windows\System\wfCVNdX.exe
  2⤵
  PID:7980
- C:\Windows\System\BTnvZRw.exe
  C:\Windows\System\BTnvZRw.exe
  2⤵
  PID:10448
- C:\Windows\System\YyvoCWA.exe
  C:\Windows\System\YyvoCWA.exe
  2⤵
  PID:10544
- C:\Windows\System\SzgXwRO.exe
  C:\Windows\System\SzgXwRO.exe
  2⤵
  PID:7256
- C:\Windows\System\NSxGmKg.exe
  C:\Windows\System\NSxGmKg.exe
  2⤵
  PID:3252
- C:\Windows\System\tOzJtii.exe
  C:\Windows\System\tOzJtii.exe
  2⤵
  PID:7136
- C:\Windows\System\DVseRvB.exe
  C:\Windows\System\DVseRvB.exe
  2⤵
  PID:7204
- C:\Windows\System\sbYuNhL.exe
  C:\Windows\System\sbYuNhL.exe
  2⤵
  PID:10620
- C:\Windows\System\XvlMgIH.exe
  C:\Windows\System\XvlMgIH.exe
  2⤵
  PID:7956
- C:\Windows\System\AEfxlyD.exe
  C:\Windows\System\AEfxlyD.exe
  2⤵
  PID:10864
- C:\Windows\System\mocmkFj.exe
  C:\Windows\System\mocmkFj.exe
  2⤵
  PID:6328
- C:\Windows\System\pqHvCcV.exe
  C:\Windows\System\pqHvCcV.exe
  2⤵
  PID:1260
- C:\Windows\System\nVZaufR.exe
  C:\Windows\System\nVZaufR.exe
  2⤵
  PID:888
- C:\Windows\System\XnsTDjo.exe
  C:\Windows\System\XnsTDjo.exe
  2⤵
  PID:5116
- C:\Windows\System\cpYFdGd.exe
  C:\Windows\System\cpYFdGd.exe
  2⤵
  PID:4468
- C:\Windows\System\xFasNHx.exe
  C:\Windows\System\xFasNHx.exe
  2⤵
  PID:4084
- C:\Windows\System\TaDKvYd.exe
  C:\Windows\System\TaDKvYd.exe
  2⤵
  PID:11000
- C:\Windows\System\QFQvCDg.exe
  C:\Windows\System\QFQvCDg.exe
  2⤵
  PID:10704
- C:\Windows\System\lShaXtY.exe
  C:\Windows\System\lShaXtY.exe
  2⤵
  PID:10880
- C:\Windows\System\zxfcFIK.exe
  C:\Windows\System\zxfcFIK.exe
  2⤵
  PID:11108
- C:\Windows\System\oLHPayD.exe
  C:\Windows\System\oLHPayD.exe
  2⤵
  PID:3620
- C:\Windows\System\jHDuKhc.exe
  C:\Windows\System\jHDuKhc.exe
  2⤵
  PID:7252
- C:\Windows\System\kUsQtpT.exe
  C:\Windows\System\kUsQtpT.exe
  2⤵
  PID:1616
- C:\Windows\System\FVxejgX.exe
  C:\Windows\System\FVxejgX.exe
  2⤵
  PID:1296
- C:\Windows\System\oWsvNMC.exe
  C:\Windows\System\oWsvNMC.exe
  2⤵
  PID:7972
- C:\Windows\System\OafqxWf.exe
  C:\Windows\System\OafqxWf.exe
  2⤵
  PID:10132
- C:\Windows\System\WSHqxgD.exe
  C:\Windows\System\WSHqxgD.exe
  2⤵
  PID:6712
- C:\Windows\System\oVSUjju.exe
  C:\Windows\System\oVSUjju.exe
  2⤵
  PID:10624
- C:\Windows\System\BKPnkHl.exe
  C:\Windows\System\BKPnkHl.exe
  2⤵
  PID:10772
- C:\Windows\System\qvkxwZo.exe
  C:\Windows\System\qvkxwZo.exe
  2⤵
  PID:4544
- C:\Windows\System\ayQVHtA.exe
  C:\Windows\System\ayQVHtA.exe
  2⤵
  PID:7920
- C:\Windows\System\ynCKcTE.exe
  C:\Windows\System\ynCKcTE.exe
  2⤵
  PID:10516
- C:\Windows\System\dDtduZo.exe
  C:\Windows\System\dDtduZo.exe
  2⤵
  PID:10724
- C:\Windows\System\CXzEpgQ.exe
  C:\Windows\System\CXzEpgQ.exe
  2⤵
  PID:10824
- C:\Windows\System\bKZisUX.exe
  C:\Windows\System\bKZisUX.exe
  2⤵
  PID:7336
- C:\Windows\System\ersUCzS.exe
  C:\Windows\System\ersUCzS.exe
  2⤵
  PID:7808
- C:\Windows\System\PUjtRkw.exe
  C:\Windows\System\PUjtRkw.exe
  2⤵
  PID:4588
- C:\Windows\System\KzcLnwl.exe
  C:\Windows\System\KzcLnwl.exe
  2⤵
  PID:7740
- C:\Windows\System\NVespvq.exe
  C:\Windows\System\NVespvq.exe
  2⤵
  PID:11280
- C:\Windows\System\PYBoOoA.exe
  C:\Windows\System\PYBoOoA.exe
  2⤵
  PID:11304
- C:\Windows\System\SkRfTtu.exe
  C:\Windows\System\SkRfTtu.exe
  2⤵
  PID:11324
- C:\Windows\System\RrskePi.exe
  C:\Windows\System\RrskePi.exe
  2⤵
  PID:11348
- C:\Windows\System\EmNRvao.exe
  C:\Windows\System\EmNRvao.exe
  2⤵
  PID:11364
- C:\Windows\System\vekbuju.exe
  C:\Windows\System\vekbuju.exe
  2⤵
  PID:11388
- C:\Windows\System\WSfgsrH.exe
  C:\Windows\System\WSfgsrH.exe
  2⤵
  PID:11408
- C:\Windows\System\lYQGsBC.exe
  C:\Windows\System\lYQGsBC.exe
  2⤵
  PID:11432
- C:\Windows\System\FQClPMj.exe
  C:\Windows\System\FQClPMj.exe
  2⤵
  PID:11452
- C:\Windows\System\zUnPjcl.exe
  C:\Windows\System\zUnPjcl.exe
  2⤵
  PID:11480
- C:\Windows\System\WFiVTxj.exe
  C:\Windows\System\WFiVTxj.exe
  2⤵
  PID:11496
- C:\Windows\System\vYnstGB.exe
  C:\Windows\System\vYnstGB.exe
  2⤵
  PID:11516
- C:\Windows\System\sTOHwaD.exe
  C:\Windows\System\sTOHwaD.exe
  2⤵
  PID:11540
- C:\Windows\System\oSNcrmW.exe
  C:\Windows\System\oSNcrmW.exe
  2⤵
  PID:11568
- C:\Windows\System\ArmDqop.exe
  C:\Windows\System\ArmDqop.exe
  2⤵
  PID:11588
- C:\Windows\System\SorPYKC.exe
  C:\Windows\System\SorPYKC.exe
  2⤵
  PID:11608
- C:\Windows\System\OfjNMvi.exe
  C:\Windows\System\OfjNMvi.exe
  2⤵
  PID:11636
- C:\Windows\System\ieTPyuv.exe
  C:\Windows\System\ieTPyuv.exe
  2⤵
  PID:11656
- C:\Windows\System\xmMNJTm.exe
  C:\Windows\System\xmMNJTm.exe
  2⤵
  PID:11672
- C:\Windows\System\onOkOEx.exe
  C:\Windows\System\onOkOEx.exe
  2⤵
  PID:11700
- C:\Windows\System\mtkLhvK.exe
  C:\Windows\System\mtkLhvK.exe
  2⤵
  PID:11716
- C:\Windows\System\wJploVO.exe
  C:\Windows\System\wJploVO.exe
  2⤵
  PID:11748
- C:\Windows\System\eNHJwbW.exe
  C:\Windows\System\eNHJwbW.exe
  2⤵
  PID:11768
- C:\Windows\System\GGcgdDv.exe
  C:\Windows\System\GGcgdDv.exe
  2⤵
  PID:11788
- C:\Windows\System\anjYMqE.exe
  C:\Windows\System\anjYMqE.exe
  2⤵
  PID:11804
- C:\Windows\System\ozOuOcp.exe
  C:\Windows\System\ozOuOcp.exe
  2⤵
  PID:11832
- C:\Windows\System\xaeRxnQ.exe
  C:\Windows\System\xaeRxnQ.exe
  2⤵
  PID:11848
- C:\Windows\System\fQdouXO.exe
  C:\Windows\System\fQdouXO.exe
  2⤵
  PID:11872
- C:\Windows\System\JWXRfbF.exe
  C:\Windows\System\JWXRfbF.exe
  2⤵
  PID:11900
- C:\Windows\System\gzIHUaK.exe
  C:\Windows\System\gzIHUaK.exe
  2⤵
  PID:11916
- C:\Windows\System\RIUmsnp.exe
  C:\Windows\System\RIUmsnp.exe
  2⤵
  PID:11940
- C:\Windows\System\uTwimSI.exe
  C:\Windows\System\uTwimSI.exe
  2⤵
  PID:11956
- C:\Windows\System\dvSEfSb.exe
  C:\Windows\System\dvSEfSb.exe
  2⤵
  PID:11980
- C:\Windows\System\bfymgHk.exe
  C:\Windows\System\bfymgHk.exe
  2⤵
  PID:12004
- C:\Windows\System\SIttRDK.exe
  C:\Windows\System\SIttRDK.exe
  2⤵
  PID:12020
- C:\Windows\System\OwYEuJm.exe
  C:\Windows\System\OwYEuJm.exe
  2⤵
  PID:12044
- C:\Windows\System\sQjXSZw.exe
  C:\Windows\System\sQjXSZw.exe
  2⤵
  PID:12072
- C:\Windows\System\xLVufRk.exe
  C:\Windows\System\xLVufRk.exe
  2⤵
  PID:12104
- C:\Windows\System\qzpPDjY.exe
  C:\Windows\System\qzpPDjY.exe
  2⤵
  PID:12132
- C:\Windows\System\Njrsxxy.exe
  C:\Windows\System\Njrsxxy.exe
  2⤵
  PID:12152
- C:\Windows\System\vqVMzrg.exe
  C:\Windows\System\vqVMzrg.exe
  2⤵
  PID:12172
- C:\Windows\System\TXcIKJQ.exe
  C:\Windows\System\TXcIKJQ.exe
  2⤵
  PID:12200
- C:\Windows\System\IkNuqmE.exe
  C:\Windows\System\IkNuqmE.exe
  2⤵
  PID:12220
- C:\Windows\System\yZwsmof.exe
  C:\Windows\System\yZwsmof.exe
  2⤵
  PID:12248
- C:\Windows\System\YxNKdJo.exe
  C:\Windows\System\YxNKdJo.exe
  2⤵
  PID:12276
- C:\Windows\System\VLxHnAO.exe
  C:\Windows\System\VLxHnAO.exe
  2⤵
  PID:11288
- C:\Windows\System\CXrjECf.exe
  C:\Windows\System\CXrjECf.exe
  2⤵
  PID:7556
- C:\Windows\System\oCmipwM.exe
  C:\Windows\System\oCmipwM.exe
  2⤵
  PID:12308
- C:\Windows\System\JriwzFk.exe
  C:\Windows\System\JriwzFk.exe
  2⤵
  PID:12336
- C:\Windows\System\KoMzABI.exe
  C:\Windows\System\KoMzABI.exe
  2⤵
  PID:12360
- C:\Windows\System\YIMxlvE.exe
  C:\Windows\System\YIMxlvE.exe
  2⤵
  PID:12392
- C:\Windows\System\UQmYHsa.exe
  C:\Windows\System\UQmYHsa.exe
  2⤵
  PID:12436
- C:\Windows\System\hAIzCCd.exe
  C:\Windows\System\hAIzCCd.exe
  2⤵
  PID:12472
- C:\Windows\System\JRPEkrZ.exe
  C:\Windows\System\JRPEkrZ.exe
  2⤵
  PID:12496
- C:\Windows\System\YBgxqzE.exe
  C:\Windows\System\YBgxqzE.exe
  2⤵
  PID:12524
- C:\Windows\System\QsBfEwC.exe
  C:\Windows\System\QsBfEwC.exe
  2⤵
  PID:12544
- C:\Windows\System\CjZiEed.exe
  C:\Windows\System\CjZiEed.exe
  2⤵
  PID:12560
- C:\Windows\System\fJWQEqn.exe
  C:\Windows\System\fJWQEqn.exe
  2⤵
  PID:12636
- C:\Windows\System\EbrACQt.exe
  C:\Windows\System\EbrACQt.exe
  2⤵
  PID:12660
- C:\Windows\System\asEYWfW.exe
  C:\Windows\System\asEYWfW.exe
  2⤵
  PID:12684
- C:\Windows\System\tpPtkpH.exe
  C:\Windows\System\tpPtkpH.exe
  2⤵
  PID:12704
- C:\Windows\System\klaFnfh.exe
  C:\Windows\System\klaFnfh.exe
  2⤵
  PID:12732
- C:\Windows\System\JdwqJVQ.exe
  C:\Windows\System\JdwqJVQ.exe
  2⤵
  PID:12756
- C:\Windows\System\WmQUNUp.exe
  C:\Windows\System\WmQUNUp.exe
  2⤵
  PID:12780
- C:\Windows\System\inTMfsL.exe
  C:\Windows\System\inTMfsL.exe
  2⤵
  PID:12804
- C:\Windows\System\YxfkucW.exe
  C:\Windows\System\YxfkucW.exe
  2⤵
  PID:12828
- C:\Windows\System\pHrMCbE.exe
  C:\Windows\System\pHrMCbE.exe
  2⤵
  PID:12852
- C:\Windows\System\sVCQVeL.exe
  C:\Windows\System\sVCQVeL.exe
  2⤵
  PID:12876
- C:\Windows\System\FYcWFcm.exe
  C:\Windows\System\FYcWFcm.exe
  2⤵
  PID:12988
- C:\Windows\System\KbxxHdx.exe
  C:\Windows\System\KbxxHdx.exe
  2⤵
  PID:13016
- C:\Windows\System\FSjVZdY.exe
  C:\Windows\System\FSjVZdY.exe
  2⤵
  PID:13040
- C:\Windows\System\Bgxhknz.exe
  C:\Windows\System\Bgxhknz.exe
  2⤵
  PID:13056
- C:\Windows\System\AkgRTXY.exe
  C:\Windows\System\AkgRTXY.exe
  2⤵
  PID:13080
- C:\Windows\System\aNHRXyy.exe
  C:\Windows\System\aNHRXyy.exe
  2⤵
  PID:13104
- C:\Windows\System\mfPkRIi.exe
  C:\Windows\System\mfPkRIi.exe
  2⤵
  PID:13120
- C:\Windows\System\AkHoBNQ.exe
  C:\Windows\System\AkHoBNQ.exe
  2⤵
  PID:13140
- C:\Windows\System\YAQFZae.exe
  C:\Windows\System\YAQFZae.exe
  2⤵
  PID:13172
- C:\Windows\System\qCkITJQ.exe
  C:\Windows\System\qCkITJQ.exe
  2⤵
  PID:13192
- C:\Windows\System\fGMYjwU.exe
  C:\Windows\System\fGMYjwU.exe
  2⤵
  PID:13216
- C:\Windows\System\GxTnRwX.exe
  C:\Windows\System\GxTnRwX.exe
  2⤵
  PID:13260
- C:\Windows\System\lXkYDdv.exe
  C:\Windows\System\lXkYDdv.exe
  2⤵
  PID:13280
- C:\Windows\System\uPGFXOJ.exe
  C:\Windows\System\uPGFXOJ.exe
  2⤵
  PID:11464
- C:\Windows\System\qGVsHxW.exe
  C:\Windows\System\qGVsHxW.exe
  2⤵
  PID:11556
- C:\Windows\System\OLeHiJK.exe
  C:\Windows\System\OLeHiJK.exe
  2⤵
  PID:11712
- C:\Windows\System\gwisKvx.exe
  C:\Windows\System\gwisKvx.exe
  2⤵
  PID:11760
- C:\Windows\System\MZNcAKC.exe
  C:\Windows\System\MZNcAKC.exe
  2⤵
  PID:11864
- C:\Windows\System\wVczOdO.exe
  C:\Windows\System\wVczOdO.exe
  2⤵
  PID:11924
- C:\Windows\System\NmjkUyZ.exe
  C:\Windows\System\NmjkUyZ.exe
  2⤵
  PID:11964
- C:\Windows\System\bTVBjay.exe
  C:\Windows\System\bTVBjay.exe
  2⤵
  PID:12016
- C:\Windows\System\PNhNRDO.exe
  C:\Windows\System\PNhNRDO.exe
  2⤵
  PID:12052
- C:\Windows\System\zdvaszK.exe
  C:\Windows\System\zdvaszK.exe
  2⤵
  PID:12116
- C:\Windows\System\qJZqfEQ.exe
  C:\Windows\System\qJZqfEQ.exe
  2⤵
  PID:4456
- C:\Windows\System\MwIxuAJ.exe
  C:\Windows\System\MwIxuAJ.exe
  2⤵
  PID:12240
- C:\Windows\System\fYDNQqi.exe
  C:\Windows\System\fYDNQqi.exe
  2⤵
  PID:11312
- C:\Windows\System\tsctaYx.exe
  C:\Windows\System\tsctaYx.exe
  2⤵
  PID:11372
- C:\Windows\System\JzgHAcA.exe
  C:\Windows\System\JzgHAcA.exe
  2⤵
  PID:11400
- C:\Windows\System\RyxksYw.exe
  C:\Windows\System\RyxksYw.exe
  2⤵
  PID:6896
- C:\Windows\System\kJVyQcz.exe
  C:\Windows\System\kJVyQcz.exe
  2⤵
  PID:10300
- C:\Windows\System\JKPEtES.exe
  C:\Windows\System\JKPEtES.exe
  2⤵
  PID:11604
- C:\Windows\System\GEToeXt.exe
  C:\Windows\System\GEToeXt.exe
  2⤵
  PID:10664
- C:\Windows\System\NXlZhpL.exe
  C:\Windows\System\NXlZhpL.exe
  2⤵
  PID:11776
- C:\Windows\System\LcWwxEP.exe
  C:\Windows\System\LcWwxEP.exe
  2⤵
  PID:11824
- C:\Windows\System\BAJTADC.exe
  C:\Windows\System\BAJTADC.exe
  2⤵
  PID:1288
- C:\Windows\System\OrztzcO.exe
  C:\Windows\System\OrztzcO.exe
  2⤵
  PID:5216
- C:\Windows\System\TjYBECr.exe
  C:\Windows\System\TjYBECr.exe
  2⤵
  PID:12088
- C:\Windows\System\rErPRoA.exe
  C:\Windows\System\rErPRoA.exe
  2⤵
  PID:12160
- C:\Windows\System\CrYUAeW.exe
  C:\Windows\System\CrYUAeW.exe
  2⤵
  PID:12268
- C:\Windows\System\VNXoaRi.exe
  C:\Windows\System\VNXoaRi.exe
  2⤵
  PID:10256
- C:\Windows\System\hqOPwti.exe
  C:\Windows\System\hqOPwti.exe
  2⤵
  PID:10800
- C:\Windows\System\PJKFpDS.exe
  C:\Windows\System\PJKFpDS.exe
  2⤵
  PID:11444
- C:\Windows\System\PFCdvWt.exe
  C:\Windows\System\PFCdvWt.exe
  2⤵
  PID:12344
- C:\Windows\System\ksGWasO.exe
  C:\Windows\System\ksGWasO.exe
  2⤵
  PID:12400
- C:\Windows\System\DjyiBZR.exe
  C:\Windows\System\DjyiBZR.exe
  2⤵
  PID:10284
- C:\Windows\System\GOPYxjO.exe
  C:\Windows\System\GOPYxjO.exe
  2⤵
  PID:5068
- C:\Windows\System\BOuFdxS.exe
  C:\Windows\System\BOuFdxS.exe
  2⤵
  PID:12580
- C:\Windows\System\GzDERoN.exe
  C:\Windows\System\GzDERoN.exe
  2⤵
  PID:13092
- C:\Windows\System\TRSrdtK.exe
  C:\Windows\System\TRSrdtK.exe
  2⤵
  PID:13136
- C:\Windows\System\nxipUKp.exe
  C:\Windows\System\nxipUKp.exe
  2⤵
  PID:12656
- C:\Windows\System\JFCjZsx.exe
  C:\Windows\System\JFCjZsx.exe
  2⤵
  PID:12768
- C:\Windows\System\BEuKRQT.exe
  C:\Windows\System\BEuKRQT.exe
  2⤵
  PID:12800
- C:\Windows\System\bJnkJKJ.exe
  C:\Windows\System\bJnkJKJ.exe
  2⤵
  PID:12384
- C:\Windows\System\cbWNxmU.exe
  C:\Windows\System\cbWNxmU.exe
  2⤵
  PID:12924
- C:\Windows\System\tKgEYmn.exe
  C:\Windows\System\tKgEYmn.exe
  2⤵
  PID:12980
- C:\Windows\System\UWHCXxI.exe
  C:\Windows\System\UWHCXxI.exe
  2⤵
  PID:13024
- C:\Windows\System\WTebdTS.exe
  C:\Windows\System\WTebdTS.exe
  2⤵
  PID:13112
- C:\Windows\System\oYqboTj.exe
  C:\Windows\System\oYqboTj.exe
  2⤵
  PID:12864
- C:\Windows\System\pUyiDCr.exe
  C:\Windows\System\pUyiDCr.exe
  2⤵
  PID:13244
- C:\Windows\System\JvRRzbS.exe
  C:\Windows\System\JvRRzbS.exe
  2⤵
  PID:3360
- C:\Windows\System\ECxvATt.exe
  C:\Windows\System\ECxvATt.exe
  2⤵
  PID:13208
- C:\Windows\System\JAOoLkK.exe
  C:\Windows\System\JAOoLkK.exe
  2⤵
  PID:13292
- C:\Windows\System\SzSDTAO.exe
  C:\Windows\System\SzSDTAO.exe
  2⤵
  PID:11992
- C:\Windows\System\ETfwvvA.exe
  C:\Windows\System\ETfwvvA.exe
  2⤵
  PID:13340
- C:\Windows\System\ywDbFGi.exe
  C:\Windows\System\ywDbFGi.exe
  2⤵
  PID:13360
- C:\Windows\System\XgERARM.exe
  C:\Windows\System\XgERARM.exe
  2⤵
  PID:13384
- C:\Windows\System\fpDGHQS.exe
  C:\Windows\System\fpDGHQS.exe
  2⤵
  PID:13412
- C:\Windows\System\ozTzSiC.exe
  C:\Windows\System\ozTzSiC.exe
  2⤵
  PID:13428
- C:\Windows\System\NUkTtZs.exe
  C:\Windows\System\NUkTtZs.exe
  2⤵
  PID:13456
- C:\Windows\System\glEqgdi.exe
  C:\Windows\System\glEqgdi.exe
  2⤵
  PID:13480
- C:\Windows\System\bSaNqhZ.exe
  C:\Windows\System\bSaNqhZ.exe
  2⤵
  PID:13504
- C:\Windows\System\axgmIbP.exe
  C:\Windows\System\axgmIbP.exe
  2⤵
  PID:13528
- C:\Windows\System\XVzPyvn.exe
  C:\Windows\System\XVzPyvn.exe
  2⤵
  PID:13552
- C:\Windows\System\djOalDG.exe
  C:\Windows\System\djOalDG.exe
  2⤵
  PID:13568
- C:\Windows\System\uwaQwdB.exe
  C:\Windows\System\uwaQwdB.exe
  2⤵
  PID:13596
- C:\Windows\System\uwGjmdy.exe
  C:\Windows\System\uwGjmdy.exe
  2⤵
  PID:13620
- C:\Windows\System\WnLBUmc.exe
  C:\Windows\System\WnLBUmc.exe
  2⤵
  PID:13636
- C:\Windows\System\aWRVVmM.exe
  C:\Windows\System\aWRVVmM.exe
  2⤵
  PID:13656
- C:\Windows\System\TSUdUCe.exe
  C:\Windows\System\TSUdUCe.exe
  2⤵
  PID:13676
- C:\Windows\System\ZkUvypv.exe
  C:\Windows\System\ZkUvypv.exe
  2⤵
  PID:13700
- C:\Windows\System\VqwQxnT.exe
  C:\Windows\System\VqwQxnT.exe
  2⤵
  PID:13724
- C:\Windows\System\QGrUHaa.exe
  C:\Windows\System\QGrUHaa.exe
  2⤵
  PID:13740
- C:\Windows\System\SXxYCkI.exe
  C:\Windows\System\SXxYCkI.exe
  2⤵
  PID:13760
- C:\Windows\System\ohypbOR.exe
  C:\Windows\System\ohypbOR.exe
  2⤵
  PID:13788
- C:\Windows\System\QDIclFd.exe
  C:\Windows\System\QDIclFd.exe
  2⤵
  PID:13808
- C:\Windows\System\pGvYAnX.exe
  C:\Windows\System\pGvYAnX.exe
  2⤵
  PID:13828
- C:\Windows\System\mJWZOXM.exe
  C:\Windows\System\mJWZOXM.exe
  2⤵
  PID:13852
- C:\Windows\System\mXbSGvS.exe
  C:\Windows\System\mXbSGvS.exe
  2⤵
  PID:13884
- C:\Windows\System\jRYZmii.exe
  C:\Windows\System\jRYZmii.exe
  2⤵
  PID:13900
- C:\Windows\System\QNQUOVK.exe
  C:\Windows\System\QNQUOVK.exe
  2⤵
  PID:13924
- C:\Windows\System\kAmadDO.exe
  C:\Windows\System\kAmadDO.exe
  2⤵
  PID:14276
- C:\Windows\System\IazYalj.exe
  C:\Windows\System\IazYalj.exe
  2⤵
  PID:11912
- C:\Windows\System\KMWyEYo.exe
  C:\Windows\System\KMWyEYo.exe
  2⤵
  PID:12388
- C:\Windows\System\xddGaCs.exe
  C:\Windows\System\xddGaCs.exe
  2⤵
  PID:11844
- C:\Windows\System\ErBIzrN.exe
  C:\Windows\System\ErBIzrN.exe
  2⤵
  PID:14140
- C:\Windows\System\YNZNKlX.exe
  C:\Windows\System\YNZNKlX.exe
  2⤵
  PID:13684
- C:\Windows\System\vWOHLzr.exe
  C:\Windows\System\vWOHLzr.exe
  2⤵
  PID:13756
- C:\Windows\System\iwCGzEz.exe
  C:\Windows\System\iwCGzEz.exe
  2⤵
  PID:13896
- C:\Windows\System\oYatnaw.exe
  C:\Windows\System\oYatnaw.exe
  2⤵
  PID:13996
- C:\Windows\System\cMYBDoN.exe
  C:\Windows\System\cMYBDoN.exe
  2⤵
  PID:13840
- C:\Windows\System\AuwUreY.exe
  C:\Windows\System\AuwUreY.exe
  2⤵
  PID:13560
- C:\Windows\System\tJbtbAu.exe
  C:\Windows\System\tJbtbAu.exe
  2⤵
  PID:14144
- C:\Windows\System\GtRKCiE.exe
  C:\Windows\System\GtRKCiE.exe
  2⤵
  PID:14216
- C:\Windows\System\xaisJTJ.exe
  C:\Windows\System\xaisJTJ.exe
  2⤵
  PID:14240
- C:\Windows\System\hNqzNte.exe
  C:\Windows\System\hNqzNte.exe
  2⤵
  PID:12480
- C:\Windows\System\lKxpXDS.exe
  C:\Windows\System\lKxpXDS.exe
  2⤵
  PID:12324
- C:\Windows\System\xtPoTxV.exe
  C:\Windows\System\xtPoTxV.exe
  2⤵
  PID:380
- C:\Windows\System\qBXHyEP.exe
  C:\Windows\System\qBXHyEP.exe
  2⤵
  PID:7416
- C:\Windows\System\YTVNXia.exe
  C:\Windows\System\YTVNXia.exe
  2⤵
  PID:11336
- C:\Windows\System\VGXnIAj.exe
  C:\Windows\System\VGXnIAj.exe
  2⤵
  PID:11816
- C:\Windows\System\ljFxweL.exe
  C:\Windows\System\ljFxweL.exe
  2⤵
  PID:7660
- C:\Windows\System\LhVSXRp.exe
  C:\Windows\System\LhVSXRp.exe
  2⤵
  PID:13452
- C:\Windows\System\ynIGUUJ.exe
  C:\Windows\System\ynIGUUJ.exe
  2⤵
  PID:12796
- C:\Windows\System\afkjInE.exe
  C:\Windows\System\afkjInE.exe
  2⤵
  PID:14288
- C:\Windows\System\NkeeezN.exe
  C:\Windows\System\NkeeezN.exe
  2⤵
  PID:11340
- C:\Windows\System\vdXBuvn.exe
  C:\Windows\System\vdXBuvn.exe
  2⤵
  PID:13964
- C:\Windows\System\dINyWru.exe
  C:\Windows\System\dINyWru.exe
  2⤵
  PID:11896
- C:\Windows\System\IjtOFZk.exe
  C:\Windows\System\IjtOFZk.exe
  2⤵
  PID:13936
- C:\Windows\System\uOePorJ.exe
  C:\Windows\System\uOePorJ.exe
  2⤵
  PID:11492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_exltsnil.tt3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BwUpsIp.exe

Filesize
2.6MB

MD5
5c2f6f932609556df2249dee362944aa

SHA1
20484c23861c301537f0e7f7bd8dbff26698a896

SHA256
a0256b2d5d4cb8a92feabed01583ce12b6d6d221547f1f227f01493b37108231

SHA512
400eca2f22ac67373dca48d7fe4b24f08300952c794772f58bd695754e7ff9b53f851f4b0c2ee33387380658865c78dea6fe4d62619601266fd50fba82b64b5f

Download Submit
C:\Windows\System\ByzxQru.exe

Filesize
2.6MB

MD5
6e980f4e4f663312f91165ebc7da33e0

SHA1
0ce619661832de58ef797492adbd3cb369a3d125

SHA256
d7d850969aee2dddf9997099cb40f2907f638442abe370250369d71d65e6725a

SHA512
835354ab204a8a76e378050d7911422893968d9ec8803943e4b1f6c5fa96b2ed11bff6c6d3c06ba6f78744a4f3fef73f6b378d0d33b2d624b912517528a569b4

Download Submit
C:\Windows\System\GGRzVAR.exe

Filesize
2.6MB

MD5
80960e8b4162f0f99625cb06a3340bd8

SHA1
bdbb195c5e64ee31e1b25dead723e52360df3135

SHA256
b5ce91eee2ea3154537e2d6cdd7da9bdf30737d720857ec02a71f4ca6b13fc5d

SHA512
04ce259d8497ecd3ab7f0724992841e8874085c665eeaf4ed247b98419782527fc2bef135ec25a4f0ea54ac4a9710da5d2d56d8d093e50bf0e7ebb535e268093

Download Submit
C:\Windows\System\GyqFuJp.exe

Filesize
2.6MB

MD5
a52fcc6f46e77eb7323d5e2d7e294cdc

SHA1
c6bea704cd71cd8e102a575e2b59d72744c00289

SHA256
cb40282616dab48ca30de0c682c3820cc2361f7145b0cd055b6e876f900a5c8c

SHA512
89d8c9be7c2129039477fdc7cc458d4908d9957d25ce8c0eed31de5a58beadc711c49a760b6d1c43da50e7faff5f2d8dd94884d9135e93e1d5a0afa2afc8d7a2

Download Submit
C:\Windows\System\HhFlcml.exe

Filesize
2.6MB

MD5
0d80b959eee61ef811436b262e36f326

SHA1
bcafbd1e6b6c006a801b49aa51ee8ca61bbd38f0

SHA256
ce0293c80491c474556e785d27d141bf90614967145ead503ce62818755af154

SHA512
14478e4ec32013ffad69a284a380aeb0d2dcb544d45716e65635682e05178d4d7cd149ab7aa0671a3dcf319a445cfe44088524e2fcbfa252d26f025499f69612

Download Submit
C:\Windows\System\HhGTqoq.exe

Filesize
2.6MB

MD5
dc6c03f8af8af6b28f8d806e06f564b8

SHA1
7280c783c5f8f443e2f731aa09b3aab51e93d6d9

SHA256
cbd134c2857f37e4c1fc87700d69b5846ebce2a0b4abd49af2b1ba40ed204e9b

SHA512
4cfcaae449c53e0e50c62df8cd36fe9a5dcaa73f27afb8764bb6b4fdc9b0136c14d9565a3ed533cc217581dcc082e95ac757e79ee91b10e55b6575bcb9b025de

Download Submit
C:\Windows\System\JdUaOIH.exe

Filesize
2.6MB

MD5
03412d517f092281ccfa2b449ef718ab

SHA1
0ff15a4fa4f56b587ed919addf0af50363c7a14e

SHA256
51b75130dad084bc5169c61739b37a2aa03bc822314f89a16318598a6a19bd3c

SHA512
f5131c8c7af5e316d980d42eb47f6349d28365c38f5631ffb9173b7c35451756778fb3400bb9c963e46a64b1e33a591df3624ab84a1a80e9a5ea72e8b3bebacb

Download Submit
C:\Windows\System\JdbujlG.exe

Filesize
2.6MB

MD5
8374e3aa99d36aa24f1e318e7f1ddab4

SHA1
f0a98d21b2085559ab4676ecfa0f4cbbbaf1e1ba

SHA256
24136e50a3af645dbf0eb735e42a4d09b50c5f7aab3d2a16eb81c65ed9d20e5a

SHA512
49b9f79a2137b5574b5da5142ee16fddcdc70362d62157b85dbf6b1d982456d5667955be2420e1de6286c7329145b95f8f2b6cc14f27b60b3e2595b5e552e55b

Download Submit
C:\Windows\System\KaOQYAp.exe

Filesize
2.6MB

MD5
c3c6b7b244af8757e547e61615bb7c50

SHA1
7f0a0f025b042903efb6a197126a2fa74e3da2a4

SHA256
ff79664a2ee632f75adb1916e7677e269c2154bf488d30dd403220730f4ec998

SHA512
613be0d37c3469e2280d9269aa804e61ed38dec8e77a7c5f8d782de5239738e19d3bf2fdd477723e58ae1e6ea4f71c4b8e749447542677ab63fa8d9265da98f6

Download Submit
C:\Windows\System\MXAfBGW.exe

Filesize
2.6MB

MD5
fe59d70ea1f1789be6260ac516ac09b2

SHA1
ba3c786302801da66c182f57b348ece1292e307d

SHA256
512ddaefe1d34d982738992a45172244b116f1f2ce3d18a1217dbc31908aed0f

SHA512
5dd3da6aa3c0153d6085b707914fe32d31117b1bc74fef6a38fbd9c0d9f627bc1c45c5af16aa6bc37a68e938b728363773538262866ca88cc30b8b229ed62c04

Download Submit
C:\Windows\System\MdyDRLy.exe

Filesize
2.6MB

MD5
02c5182d282ab777221ef0b9110ae0f0

SHA1
01f5be881f007ce80e4c08346e9ca550fb72949d

SHA256
af8b77cac2ce91537a27c5c33f06b603a71e585e13df1ca01327a651f662ba37

SHA512
5ec12468df1a2db0c028afcb2bfe233407a6b007cc213d460a532eb6e94501800001f213c5592814cbb16cc09297360d1a5c09596b137a10ef60bff6ab10b518

Download Submit
C:\Windows\System\MjipaXd.exe

Filesize
2.6MB

MD5
fbe1b1e285715cfc383995d479938e32

SHA1
d6361a89e0a69beaf613ec9836e3e590b6eaa86d

SHA256
2a7d6c04abdad3b858c25af97cb615094de5484a5aa0641da803ceb4e1a585c2

SHA512
d8f91b3e34a845732e726821204186e7e3fac48c9dfaf337b8a6d551b1c2be0124454e1dab92e35d49b12d3bbdbb16410a1ceb788055dac6c2c9e7d4ab0cccf1

Download Submit
C:\Windows\System\MrRGCwQ.exe

Filesize
2.6MB

MD5
01618a73b6bea477d6f18bfc0063b214

SHA1
8e100efed1258e6a9995cf8fafbdd5b844f80bee

SHA256
851a615083a921d8987d088da6311c97c706da62fe6c9dcf2333d28774283b5f

SHA512
373204ca9648295ca9bf4ef7895d62fed5212f90e52b3668aa759c84b1471ce118ae19834c632318f01e9c40b8f7f64c45f0135ad793f3bc4ee625949f54a995

Download Submit
C:\Windows\System\NdjQsWD.exe

Filesize
2.6MB

MD5
c98246b15e9b2255b8d7727f28b9779e

SHA1
0a43acda59403eaee883bbaebad14f8153eb1838

SHA256
b57c3a66d25bec8e594750ec742c1a60177e3dc43aeeefa077fc65c8949eb45b

SHA512
1144eba3e9b41a60765f94c0bc939de3b2ce74680d2ae58a7d9839590a47c55f4df4133f4814a7dea79def0b32b1d1fc35ee58f930e630b5192d23886b467977

Download Submit
C:\Windows\System\QOaIEgc.exe

Filesize
2.6MB

MD5
c8bc996440018c3c1522917678248d3b

SHA1
2522d7628ca04c3aa740e7b591df7128f6ebf554

SHA256
d77a441c3ac6cd4e33d30c132d2eb6277b0551a1166c4ffaccf55e66e3ca17e5

SHA512
f5fdcea3cd09fa4a600cfd67f5a848b0055e959b2095d3da821e5ced20158c45d01988b6fb86449839dc01a7aa2167685ab8e816b628eab04727e7c09e95e325

Download Submit
C:\Windows\System\TVTXRQc.exe

Filesize
2.6MB

MD5
52d302a201f2065423608b3728ee7526

SHA1
2800e5360ebada18293f09c73326a01539ae95db

SHA256
d177fd3f6496c5d08668caa282f526d58ab2adff42e0ef52f75229199deb5110

SHA512
6159af87789ec0caa866d65c24adb1d1b7503b03b0772708b64af122753ffe17345a405af0c0b78735b5b9f34ec287dd36e753c428fa23a3b1b1593ae62b6667

Download Submit
C:\Windows\System\VgdCoxQ.exe

Filesize
2.6MB

MD5
3f686ec230d591836585998a27326e0b

SHA1
8135962dc82dbfb4bd3b7c24b55f9ce0a60203f1

SHA256
23371fb7f73ad92f433139fdbde896ed600a5b8436abbb1920f77cf0ed69f123

SHA512
bdce4f74a1d1b91bd390d8bdeba37d12ccd3892dd276577cfd07a85463f97515d87c1e253a6aa06dd86fc5d18fbdc97f3a41c7ad6c0c04ce6087e833f9e1d0c3

Download Submit
C:\Windows\System\XsMJQze.exe

Filesize
2.6MB

MD5
00590a189a4a2408a7baea9d37b2cb8e

SHA1
e95a327488444603043ad7a1d3d4e9a1152daf62

SHA256
d9d0dc53f92ab3bd413f7a6bb4d1b950004be8f58ae298a0e61ccc745f7fcf6c

SHA512
0274bb4c2a0247d09fd8c61b2e39ea4daa53ed63f0c9583f97d036706c152585c1e926b169a1b93a800e9e0c595feac8bac4c1c09f5d56aff2cdffaeda7a7524

Download Submit
C:\Windows\System\ZHmqKZp.exe

Filesize
2.6MB

MD5
ab6cf42efc2b3d669a4969adae0ba3b2

SHA1
bd4ef4f3862b7d1056f70d6f00161598e5525cd1

SHA256
a234e79301ebc59b444da4408744f0e6a2de806a65081b1a26645515d330199e

SHA512
3fc49e175ab7070925701a30e537fa9ead4900a3705ac480bb743d92133a133f89b3d4297671ee4aa83cfdc5b61c30e227b71715a82363b79d4fe78b43376182

Download Submit
C:\Windows\System\ZLzRGXK.exe

Filesize
2.6MB

MD5
59ba8d8775b09f356fd68666b6fb3d89

SHA1
de0eb47572049bf1dde9c18546763bcfefa32001

SHA256
70efc3f1354bd06c549fb8d6eef66f37aba51034df242197871a7220fbb9bc5a

SHA512
b3d19558c613d185da1becd228dc143bb996331fa5c6cd996ef2ddb2de4882deb1e2952cacbe8ba69f010709b32e1214f27bf4effbbbbf224e63d15709f7f95a

Download Submit
C:\Windows\System\aljbScr.exe

Filesize
2.6MB

MD5
87a81f483a8b07a51340e98cb745e46a

SHA1
910da731c60e0e10a384430e8904dca0f30290d1

SHA256
0a07ff44f7c6e71361404e66060ea390c37dfeaf307d0a0556560f05d66ad6fd

SHA512
049e0291079ce231303b094dbaec8e57f4386042b64f1e6996803246a1fdd970c65928c743c4858b0d448c24fed09175542172732744e11aeb46f5acfaec35ef

Download Submit
C:\Windows\System\cyWkFzE.exe

Filesize
2.6MB

MD5
52c0d1a913c23b343a26c64db33563b9

SHA1
7e0faf79e379329209c7480669ae83cec94307f1

SHA256
52bc8d196ee2d5c130ae90be293b892997496f4f703ed5c75a278ded026ea5a3

SHA512
67a31dc15630a9c995cd40b16c7cc16b271f64d1f8d86b909ca39c9aaf944d682e80af8410029f8b2a51cdbb02e378a04d99c724fff57cf87f855afa8b0748d8

Download Submit
C:\Windows\System\heBvGqI.exe

Filesize
2.6MB

MD5
cf3dbce4d41c9a065f1a8b2bb488a77e

SHA1
d0698b6cbf50fcbdb0a5f72ffc0c4c29a176b1ec

SHA256
ea40e6a322e704db39f2def4c84948b6085e78d1f71cdc68cd26660e0d2fddc4

SHA512
c20bf4437abca823ebc40b90419698273f9171dc77bb1ec4a02960400a056acbe18f134fcd6baa7a914ed16924eac4cdab2096bd513a72da92b6dcd4cce97a90

Download Submit
C:\Windows\System\isFPGXa.exe

Filesize
2.6MB

MD5
635697a51d4e6232df27198c96671228

SHA1
9da039488a9cb83636294aedc9d7d9cfe348824f

SHA256
478e408814eeff2f497a15b8ec98713aefa12414ab7aee99e20daa6811074289

SHA512
0d8a06f75689739002da37a6ba40cab72d8d43e4a617df8345dbcc9295d2ca1e9c2d2a0401fd7b796787b6aaf7a13abe88246cd8b22395295d61040cc614fb6a

Download Submit
C:\Windows\System\nRzzLpf.exe

Filesize
2.6MB

MD5
598184557b6499434f9ba99e90852bf4

SHA1
914357d826e7dd3c5b007d49ddb87795a1515a37

SHA256
2f7fdbc520e54af4bdd1c842a2b672713562b2cbdf7c91432a0fae4215b7ac75

SHA512
d29bf01f2190cf9a5c43e69cd335d06aba03df09ea4bf36cf832837f93ea1ff79ff42aa95ee0ace85d225ae2b11c9334f29cc37eb9a7775449666921eb21335b

Download Submit
C:\Windows\System\rzaDvBn.exe

Filesize
2.6MB

MD5
1ec21f8ae0408ad68b6184bc8aeb13f0

SHA1
4cd91c819044f0325319e0804f5967c2d8e582b7

SHA256
410e79dded8947d41dc52440ff43e38aa168eb8e53390b0ece83be84c561dcd0

SHA512
41df2bc47fbebf27075de35190d1f6d32d04828ebec3bbedca19417ccf27d1c47b36265cf38bdc64a438f2d6b254b68feb6decad6bd8bb24ad4910f6f9571271

Download Submit
C:\Windows\System\uiazbfh.exe

Filesize
2.6MB

MD5
c608c448723bbf4b61e5de382fe268c0

SHA1
6f8d6e63d8a124efb9da607b987b9138d3930a07

SHA256
349c35d31edb8b7d1541803c9ded9fee110edd6592f70006e99ea9c14a299d52

SHA512
6fcf58b564874a6de2d1aad8dd2238e1daae79949767b6696d3753606b9daa852b6d9eb8d9db8af04dd6ba3c8a0f78b2a769a987354ce27620575c9cdcc869c8

Download Submit
C:\Windows\System\vGjFFQE.exe

Filesize
2.6MB

MD5
3577d3e5412c4a1cbdcb825156ea1e79

SHA1
5d6bcdc4eaa4f2ba2e1beae8068ab6a6c51835f6

SHA256
6670269aaea9e0cd55b54a8bc16bbbac2260f09866d3a377208b4952c87baff1

SHA512
4b8846b7b56705e90d2f3d51f5246391a5bddaa31dfe87332b62b087844c1c063bfb4b4b8742f8242507d0f6df4991b3749d0f4a1fc33a4a0fe1a38bf76a7f09

Download Submit
C:\Windows\System\wjrXEki.exe

Filesize
2.6MB

MD5
b61351b09527a1a76ea0a762e7ab7001

SHA1
4e00f23cc7fab288c05727769dbd336ab9fc5ea4

SHA256
f6b0753b684f02db2f3aee02c4480ef2e89acfae9f16bf1ccf780c6a4b14fae4

SHA512
2729465bd48173686f200bbbe6bf7875574a45af0abbd0a692166bd9983f04d5713028bfe9cb574da5d99de962c3eba78c19041c7772e7601cff5c78827eac87

Download Submit
C:\Windows\System\xQsadIP.exe

Filesize
2.6MB

MD5
3b037a490930aec8112c21df8b7bc8f9

SHA1
3623304a32632a7fb7b506dff396e4a2a5e55b1b

SHA256
32e289af9a9e9b28487ec51d48ec09b8f1ae4c7f1286a390ea64d26ddfc0da7a

SHA512
6226b848f2298c1f39af504d493dc9ec86cab70780a17ddad2e3ba56ed1e8606f2c1f0a777f197ff6ccebdb8fd534518d4cc66c998a0d3085b22d863a6807823

Download Submit
C:\Windows\System\yGSYIZQ.exe

Filesize
2.6MB

MD5
bf175d22aa7ecd6436b575c94d1afe02

SHA1
db4a37d499269fd058188fcfa4ddae622e4268b8

SHA256
4e46f046b99f7f0105bc35ef492e6295edecc1123055841105d906bcf65d15bb

SHA512
ce58fbfa784f7ec809b9c757b4dcb97e788abd2f0ebdbf97b35990c838f42ce02680242ee23f7c811134c167ba7a34c956f6b26a38c3a94ca52246283538de09

Download Submit
C:\Windows\System\zunPPTq.exe

Filesize
2.6MB

MD5
d3d90ef614508b76de478d414d35b3f7

SHA1
d6f7bc208bc705414b55499be9017c131d19ebf1

SHA256
d6fdbe20b6fa37a9c5de1d8f0abf82bee86c67479ab704f0285d25eedd6d81ac

SHA512
cd809e989835ce6d392c486fbd943b3b6be1987511cc35d8aeb5098d9f65f4853ffa4df89055665fc2acbc84db438a6186816d1d43849d7df3965f0f67e28904

Download Submit
C:\Windows\System\zyUYcNU.exe

Filesize
2.6MB

MD5
f82bb3f23d28b6f1c2216c2d8a9f61f2

SHA1
75c6f54fdb387e03cf8c4cc1cfe2ba62670fcd21

SHA256
bc4e8f708e5687de17157ebb2535e0fa81c8925c321b7e905115f57798c68450

SHA512
cb6a7d10fd00da3eef82069ff555801c6141954fe436d43e4a23eb8e67b9e7c6d6e1bc1670017efe1c66ec7347b15a23daa6fad98c33f6b61023004a1a050f6e

Download Submit
memory/736-364-0x00007FF6ECFC0000-0x00007FF6ED3B6000-memory.dmp

Filesize
4.0MB

Download
memory/752-408-0x00007FF65C880000-0x00007FF65CC76000-memory.dmp

Filesize
4.0MB

Download
memory/768-369-0x00007FF642E80000-0x00007FF643276000-memory.dmp

Filesize
4.0MB

Download
memory/1008-429-0x00007FF7AEA20000-0x00007FF7AEE16000-memory.dmp

Filesize
4.0MB

Download
memory/1052-267-0x00007FF757400000-0x00007FF7577F6000-memory.dmp

Filesize
4.0MB

Download
memory/1104-335-0x00007FF766F40000-0x00007FF767336000-memory.dmp

Filesize
4.0MB

Download
memory/1280-425-0x00007FF65A4C0000-0x00007FF65A8B6000-memory.dmp

Filesize
4.0MB

Download
memory/1348-298-0x00007FF7CE360000-0x00007FF7CE756000-memory.dmp

Filesize
4.0MB

Download
memory/1436-407-0x00007FF6EE850000-0x00007FF6EEC46000-memory.dmp

Filesize
4.0MB

Download
memory/1444-383-0x00007FF688790000-0x00007FF688B86000-memory.dmp

Filesize
4.0MB

Download
memory/1472-398-0x00007FF7EC160000-0x00007FF7EC556000-memory.dmp

Filesize
4.0MB

Download
memory/1580-307-0x00007FF7D1E60000-0x00007FF7D2256000-memory.dmp

Filesize
4.0MB

Download
memory/1592-412-0x00007FF6375E0000-0x00007FF6379D6000-memory.dmp

Filesize
4.0MB

Download
memory/1792-417-0x00007FF70CEA0000-0x00007FF70D296000-memory.dmp

Filesize
4.0MB

Download
memory/1824-269-0x00007FF64CA90000-0x00007FF64CE86000-memory.dmp

Filesize
4.0MB

Download
memory/1872-52-0x00007FF74A390000-0x00007FF74A786000-memory.dmp

Filesize
4.0MB

Download
memory/1916-424-0x00007FF79E960000-0x00007FF79ED56000-memory.dmp

Filesize
4.0MB

Download
memory/1976-384-0x00007FF7B4750000-0x00007FF7B4B46000-memory.dmp

Filesize
4.0MB

Download
memory/2076-399-0x00007FF7AF100000-0x00007FF7AF4F6000-memory.dmp

Filesize
4.0MB

Download
memory/2232-404-0x00007FF652590000-0x00007FF652986000-memory.dmp

Filesize
4.0MB

Download
memory/2408-367-0x00007FF676340000-0x00007FF676736000-memory.dmp

Filesize
4.0MB

Download
memory/2572-400-0x00007FF759B80000-0x00007FF759F76000-memory.dmp

Filesize
4.0MB

Download
memory/2576-14-0x00007FF61C2C0000-0x00007FF61C6B6000-memory.dmp

Filesize
4.0MB

Download
memory/2820-265-0x00007FF7C1610000-0x00007FF7C1A06000-memory.dmp

Filesize
4.0MB

Download
memory/3028-382-0x00007FF613F30000-0x00007FF614326000-memory.dmp

Filesize
4.0MB

Download
memory/3060-386-0x00007FF6D21C0000-0x00007FF6D25B6000-memory.dmp

Filesize
4.0MB

Download
memory/3092-286-0x00007FF6E8CF0000-0x00007FF6E90E6000-memory.dmp

Filesize
4.0MB

Download
memory/3276-66-0x00007FF684D60000-0x00007FF685156000-memory.dmp

Filesize
4.0MB

Download
memory/3288-415-0x00007FF738300000-0x00007FF7386F6000-memory.dmp

Filesize
4.0MB

Download
memory/3292-57-0x000001D7F4B40000-0x000001D7F4B50000-memory.dmp

Filesize
64KB

Download
memory/3292-17-0x000001D7F6C60000-0x000001D7F6C82000-memory.dmp

Filesize
136KB

Download
memory/3292-257-0x000001D7F79D0000-0x000001D7F8176000-memory.dmp

Filesize
7.6MB

Download
memory/3292-42-0x00007FFCED8A0000-0x00007FFCEE361000-memory.dmp

Filesize
10.8MB

Download
memory/3292-44-0x000001D7F4B40000-0x000001D7F4B50000-memory.dmp

Filesize
64KB

Download
memory/3300-403-0x00007FF7B7940000-0x00007FF7B7D36000-memory.dmp

Filesize
4.0MB

Download
memory/3352-396-0x00007FF763C70000-0x00007FF764066000-memory.dmp

Filesize
4.0MB

Download
memory/3356-0-0x00007FF664250000-0x00007FF664646000-memory.dmp

Filesize
4.0MB

Download
memory/3356-1-0x000001D761A00000-0x000001D761A10000-memory.dmp

Filesize
64KB

Download
memory/3388-397-0x00007FF709070000-0x00007FF709466000-memory.dmp

Filesize
4.0MB

Download
memory/3416-427-0x00007FF75D030000-0x00007FF75D426000-memory.dmp

Filesize
4.0MB

Download
memory/3568-413-0x00007FF7319A0000-0x00007FF731D96000-memory.dmp

Filesize
4.0MB

Download
memory/3584-418-0x00007FF734970000-0x00007FF734D66000-memory.dmp

Filesize
4.0MB

Download
memory/3588-341-0x00007FF7CF710000-0x00007FF7CFB06000-memory.dmp

Filesize
4.0MB

Download
memory/3608-430-0x00007FF7FEEF0000-0x00007FF7FF2E6000-memory.dmp

Filesize
4.0MB

Download
memory/3672-409-0x00007FF74F490000-0x00007FF74F886000-memory.dmp

Filesize
4.0MB

Download
memory/3688-419-0x00007FF68DCB0000-0x00007FF68E0A6000-memory.dmp

Filesize
4.0MB

Download
memory/3820-395-0x00007FF655700000-0x00007FF655AF6000-memory.dmp

Filesize
4.0MB

Download
memory/4116-414-0x00007FF7FF730000-0x00007FF7FFB26000-memory.dmp

Filesize
4.0MB

Download
memory/4144-432-0x00007FF657820000-0x00007FF657C16000-memory.dmp

Filesize
4.0MB

Download
memory/4248-420-0x00007FF64F130000-0x00007FF64F526000-memory.dmp

Filesize
4.0MB

Download
memory/4252-421-0x00007FF62C730000-0x00007FF62CB26000-memory.dmp

Filesize
4.0MB

Download
memory/4304-402-0x00007FF64E8C0000-0x00007FF64ECB6000-memory.dmp

Filesize
4.0MB

Download
memory/4368-324-0x00007FF7F7F40000-0x00007FF7F8336000-memory.dmp

Filesize
4.0MB

Download
memory/4452-410-0x00007FF79B0C0000-0x00007FF79B4B6000-memory.dmp

Filesize
4.0MB

Download
memory/4532-416-0x00007FF76CA40000-0x00007FF76CE36000-memory.dmp

Filesize
4.0MB

Download
memory/4660-379-0x00007FF6E2560000-0x00007FF6E2956000-memory.dmp

Filesize
4.0MB

Download
memory/4688-431-0x00007FF6E1020000-0x00007FF6E1416000-memory.dmp

Filesize
4.0MB

Download
memory/4692-276-0x00007FF7C3770000-0x00007FF7C3B66000-memory.dmp

Filesize
4.0MB

Download
memory/4744-411-0x00007FF631AB0000-0x00007FF631EA6000-memory.dmp

Filesize
4.0MB

Download
memory/4856-428-0x00007FF6FF480000-0x00007FF6FF876000-memory.dmp

Filesize
4.0MB

Download
memory/4924-401-0x00007FF6CCD90000-0x00007FF6CD186000-memory.dmp

Filesize
4.0MB

Download
memory/5028-79-0x00007FF7D2D70000-0x00007FF7D3166000-memory.dmp

Filesize
4.0MB

Download
memory/5036-323-0x00007FF6A5E60000-0x00007FF6A6256000-memory.dmp

Filesize
4.0MB

Download
memory/5076-356-0x00007FF749AA0000-0x00007FF749E96000-memory.dmp

Filesize
4.0MB

Download
memory/5108-13-0x00007FF61AC00000-0x00007FF61AFF6000-memory.dmp

Filesize
4.0MB

Download