xmrig | 2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
Size

1.3MB
MD5

59346974f1342222845088653e9c0e17
SHA1

bbc588e63d00207477913a238104488d66884e62
SHA256

2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483
SHA512

2124284929fbba84a7e87c5af16a6f58952de0283a4a8897f8a8a7e8e21af714324c67f1105cc35427053bdba42426004057aa1fa6c651acb5f095817363aa9e
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwx8/2Pbx/mbfCNsQ:Lz071uv4BPMkHC0IlnASEx/mCNsQ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 48 IoCs

resource	yara_rule
behavioral2/memory/844-215-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1984-272-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4556-443-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5096-539-0x00007FF73F3A0000-0x00007FF73F792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4092-646-0x00007FF702350000-0x00007FF702742000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2468-648-0x00007FF640A40000-0x00007FF640E32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1496-652-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3620-654-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4964-657-0x00007FF669070000-0x00007FF669462000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4628-656-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2576-653-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2228-651-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4624-650-0x00007FF686750000-0x00007FF686B42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4792-649-0x00007FF652A50000-0x00007FF652E42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4540-647-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5040-645-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2568-441-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2456-366-0x00007FF79E580000-0x00007FF79E972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4248-318-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1448-317-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3524-257-0x00007FF606170000-0x00007FF606562000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3108-256-0x00007FF751830000-0x00007FF751C22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1308-165-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2828-130-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2828-3852-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1308-3851-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/844-3854-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3108-3856-0x00007FF751830000-0x00007FF751C22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1448-3858-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5040-3860-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1984-3864-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3524-3862-0x00007FF606170000-0x00007FF606562000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2568-3866-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5096-3868-0x00007FF73F3A0000-0x00007FF73F792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4556-3870-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2468-3876-0x00007FF640A40000-0x00007FF640E32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4248-3875-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4092-3872-0x00007FF702350000-0x00007FF702742000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4628-3879-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2228-3883-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4540-3888-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4792-3894-0x00007FF652A50000-0x00007FF652E42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4624-3893-0x00007FF686750000-0x00007FF686B42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4964-3899-0x00007FF669070000-0x00007FF669462000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2456-3898-0x00007FF79E580000-0x00007FF79E972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2576-3923-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3620-3941-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1496-3934-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3716-0-0x00007FF6DB600000-0x00007FF6DB9F2000-memory.dmp	UPX
behavioral2/files/0x0009000000023405-9.dat	UPX
behavioral2/files/0x0007000000023442-44.dat	UPX
behavioral2/files/0x0007000000023441-43.dat	UPX
behavioral2/files/0x0007000000023445-79.dat	UPX
behavioral2/files/0x000700000002343d-49.dat	UPX
behavioral2/files/0x000700000002343c-71.dat	UPX
behavioral2/files/0x0007000000023446-135.dat	UPX
behavioral2/files/0x0007000000023454-136.dat	UPX
behavioral2/files/0x0007000000023447-177.dat	UPX
behavioral2/memory/844-215-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp	UPX
behavioral2/memory/1984-272-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp	UPX
behavioral2/memory/4556-443-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp	UPX
behavioral2/memory/4092-646-0x00007FF702350000-0x00007FF702742000-memory.dmp	UPX
behavioral2/memory/2468-648-0x00007FF640A40000-0x00007FF640E32000-memory.dmp	UPX
behavioral2/memory/1496-652-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp	UPX
behavioral2/memory/3620-654-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp	UPX
behavioral2/memory/4964-657-0x00007FF669070000-0x00007FF669462000-memory.dmp	UPX
behavioral2/memory/4628-656-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp	UPX
behavioral2/memory/2576-653-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp	UPX
behavioral2/memory/2228-651-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp	UPX
behavioral2/memory/4624-650-0x00007FF686750000-0x00007FF686B42000-memory.dmp	UPX
behavioral2/memory/4792-649-0x00007FF652A50000-0x00007FF652E42000-memory.dmp	UPX
behavioral2/memory/4540-647-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp	UPX
behavioral2/memory/5040-645-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp	UPX
behavioral2/memory/2568-441-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp	UPX
behavioral2/memory/2456-366-0x00007FF79E580000-0x00007FF79E972000-memory.dmp	UPX
behavioral2/memory/4248-318-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp	UPX
behavioral2/memory/1448-317-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp	UPX
behavioral2/memory/3524-257-0x00007FF606170000-0x00007FF606562000-memory.dmp	UPX
behavioral2/memory/3108-256-0x00007FF751830000-0x00007FF751C22000-memory.dmp	UPX
behavioral2/files/0x0007000000023461-214.dat	UPX
behavioral2/files/0x0007000000023460-210.dat	UPX
behavioral2/files/0x000700000002345d-207.dat	UPX
behavioral2/files/0x000700000002344e-206.dat	UPX
behavioral2/files/0x000700000002345f-205.dat	UPX
behavioral2/files/0x0007000000023459-192.dat	UPX
behavioral2/files/0x0008000000023452-191.dat	UPX
behavioral2/files/0x0007000000023456-183.dat	UPX
behavioral2/files/0x0007000000023453-175.dat	UPX
behavioral2/files/0x0007000000023450-174.dat	UPX
behavioral2/memory/1308-165-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp	UPX
behavioral2/files/0x000700000002345c-155.dat	UPX
behavioral2/files/0x000700000002344d-153.dat	UPX
behavioral2/files/0x000700000002344b-196.dat	UPX
behavioral2/files/0x0007000000023448-142.dat	UPX
behavioral2/files/0x0007000000023458-141.dat	UPX
behavioral2/files/0x0007000000023457-140.dat	UPX
behavioral2/files/0x0007000000023455-137.dat	UPX
behavioral2/files/0x000700000002345e-173.dat	UPX
behavioral2/files/0x000700000002344f-133.dat	UPX
behavioral2/memory/2828-130-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp	UPX
behavioral2/files/0x000700000002343f-122.dat	UPX
behavioral2/files/0x000700000002345b-151.dat	UPX
behavioral2/files/0x000700000002344a-117.dat	UPX
behavioral2/files/0x000700000002345a-150.dat	UPX
behavioral2/files/0x0007000000023440-82.dat	UPX
behavioral2/files/0x000700000002344c-126.dat	UPX
behavioral2/files/0x0007000000023444-65.dat	UPX
behavioral2/files/0x0007000000023449-116.dat	UPX
behavioral2/files/0x0007000000023443-104.dat	UPX
behavioral2/files/0x000700000002343e-52.dat	UPX
behavioral2/files/0x000700000002343b-26.dat	UPX
behavioral2/files/0x000800000002343a-20.dat	UPX

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/844-215-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp	xmrig
behavioral2/memory/1984-272-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp	xmrig
behavioral2/memory/4556-443-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp	xmrig
behavioral2/memory/5096-539-0x00007FF73F3A0000-0x00007FF73F792000-memory.dmp	xmrig
behavioral2/memory/4092-646-0x00007FF702350000-0x00007FF702742000-memory.dmp	xmrig
behavioral2/memory/2468-648-0x00007FF640A40000-0x00007FF640E32000-memory.dmp	xmrig
behavioral2/memory/1496-652-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp	xmrig
behavioral2/memory/3620-654-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp	xmrig
behavioral2/memory/4964-657-0x00007FF669070000-0x00007FF669462000-memory.dmp	xmrig
behavioral2/memory/4628-656-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp	xmrig
behavioral2/memory/2576-653-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp	xmrig
behavioral2/memory/2228-651-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp	xmrig
behavioral2/memory/4624-650-0x00007FF686750000-0x00007FF686B42000-memory.dmp	xmrig
behavioral2/memory/4792-649-0x00007FF652A50000-0x00007FF652E42000-memory.dmp	xmrig
behavioral2/memory/4540-647-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp	xmrig
behavioral2/memory/5040-645-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp	xmrig
behavioral2/memory/2568-441-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp	xmrig
behavioral2/memory/2456-366-0x00007FF79E580000-0x00007FF79E972000-memory.dmp	xmrig
behavioral2/memory/4248-318-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp	xmrig
behavioral2/memory/1448-317-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp	xmrig
behavioral2/memory/3524-257-0x00007FF606170000-0x00007FF606562000-memory.dmp	xmrig
behavioral2/memory/3108-256-0x00007FF751830000-0x00007FF751C22000-memory.dmp	xmrig
behavioral2/memory/1308-165-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp	xmrig
behavioral2/memory/2828-130-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp	xmrig
behavioral2/memory/2828-3852-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp	xmrig
behavioral2/memory/1308-3851-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp	xmrig
behavioral2/memory/844-3854-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp	xmrig
behavioral2/memory/3108-3856-0x00007FF751830000-0x00007FF751C22000-memory.dmp	xmrig
behavioral2/memory/1448-3858-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp	xmrig
behavioral2/memory/5040-3860-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp	xmrig
behavioral2/memory/1984-3864-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp	xmrig
behavioral2/memory/3524-3862-0x00007FF606170000-0x00007FF606562000-memory.dmp	xmrig
behavioral2/memory/2568-3866-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp	xmrig
behavioral2/memory/5096-3868-0x00007FF73F3A0000-0x00007FF73F792000-memory.dmp	xmrig
behavioral2/memory/4556-3870-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp	xmrig
behavioral2/memory/2468-3876-0x00007FF640A40000-0x00007FF640E32000-memory.dmp	xmrig
behavioral2/memory/4248-3875-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp	xmrig
behavioral2/memory/4092-3872-0x00007FF702350000-0x00007FF702742000-memory.dmp	xmrig
behavioral2/memory/4628-3879-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp	xmrig
behavioral2/memory/2228-3883-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp	xmrig
behavioral2/memory/4540-3888-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp	xmrig
behavioral2/memory/4792-3894-0x00007FF652A50000-0x00007FF652E42000-memory.dmp	xmrig
behavioral2/memory/4624-3893-0x00007FF686750000-0x00007FF686B42000-memory.dmp	xmrig
behavioral2/memory/4964-3899-0x00007FF669070000-0x00007FF669462000-memory.dmp	xmrig
behavioral2/memory/2456-3898-0x00007FF79E580000-0x00007FF79E972000-memory.dmp	xmrig
behavioral2/memory/2576-3923-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp	xmrig
behavioral2/memory/3620-3941-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp	xmrig
behavioral2/memory/1496-3934-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1820	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2828	VcHWzDW.exe
1308	sNnXOXx.exe
844	vHqNsTP.exe
3108	bvkUvVA.exe
3524	GFdeVyL.exe
1984	WgoCobD.exe
1448	lWlkKFQ.exe
4248	EnSXcSP.exe
2456	ajdWdXB.exe
2568	KbtwnuI.exe
4556	vmNvEEl.exe
5096	kwHfAxI.exe
5040	HtMxVcd.exe
4628	xJbbjCp.exe
4092	gWxAfJc.exe
4540	cbdhoMB.exe
2468	QBFnPDJ.exe
4792	wsVXyWj.exe
4624	YYmGRWo.exe
2228	cLRxRAI.exe
1496	QLKdcAa.exe
2576	BdEYMYP.exe
4964	ncrFKiv.exe
3620	YTaVPgx.exe
4724	wRAfiTh.exe
3352	wggKLvR.exe
1524	qbKZFIv.exe
1944	SfOSzLD.exe
1460	MfczXYA.exe
4580	xipIels.exe
4940	pDwuauL.exe
2276	BrWdcgG.exe
1388	TRJcCCy.exe
1100	BmXOxnL.exe
2360	BYBiWMh.exe
1116	GlYeoWS.exe
2760	RsCHpnp.exe
4220	wdQcmJQ.exe
4076	mAlPIoU.exe
1240	weCAjKb.exe
3496	liGDHQu.exe
2868	ZCOhDzp.exe
2304	LGKzsJF.exe
2636	FQyqSkY.exe
2804	uXQMitj.exe
2152	aYPDMCN.exe
1176	xLoFsQq.exe
1816	DUScoPn.exe
3828	rrGlOxo.exe
1980	yLeqAfH.exe
4324	PYuvwPf.exe
4788	QnIkkFN.exe
4484	vjtHhNX.exe
2168	gEGTsZV.exe
4684	WLCXAXU.exe
4428	TYUPMGV.exe
2068	UwKnkED.exe
2672	appusEq.exe
5100	fSRdKVC.exe
3724	IRHvDSL.exe
740	aerIsGE.exe
620	ZQZSerb.exe
4056	NxTMjgh.exe
5084	MwpAGJZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3716-0-0x00007FF6DB600000-0x00007FF6DB9F2000-memory.dmp	upx
behavioral2/files/0x0009000000023405-9.dat	upx
behavioral2/files/0x0007000000023442-44.dat	upx
behavioral2/files/0x0007000000023441-43.dat	upx
behavioral2/files/0x0007000000023445-79.dat	upx
behavioral2/files/0x000700000002343d-49.dat	upx
behavioral2/files/0x000700000002343c-71.dat	upx
behavioral2/files/0x0007000000023446-135.dat	upx
behavioral2/files/0x0007000000023454-136.dat	upx
behavioral2/files/0x0007000000023447-177.dat	upx
behavioral2/memory/844-215-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp	upx
behavioral2/memory/1984-272-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp	upx
behavioral2/memory/4556-443-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp	upx
behavioral2/memory/5096-539-0x00007FF73F3A0000-0x00007FF73F792000-memory.dmp	upx
behavioral2/memory/4092-646-0x00007FF702350000-0x00007FF702742000-memory.dmp	upx
behavioral2/memory/2468-648-0x00007FF640A40000-0x00007FF640E32000-memory.dmp	upx
behavioral2/memory/1496-652-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp	upx
behavioral2/memory/3620-654-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp	upx
behavioral2/memory/4964-657-0x00007FF669070000-0x00007FF669462000-memory.dmp	upx
behavioral2/memory/4628-656-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp	upx
behavioral2/memory/2576-653-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp	upx
behavioral2/memory/2228-651-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp	upx
behavioral2/memory/4624-650-0x00007FF686750000-0x00007FF686B42000-memory.dmp	upx
behavioral2/memory/4792-649-0x00007FF652A50000-0x00007FF652E42000-memory.dmp	upx
behavioral2/memory/4540-647-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp	upx
behavioral2/memory/5040-645-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp	upx
behavioral2/memory/2568-441-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp	upx
behavioral2/memory/2456-366-0x00007FF79E580000-0x00007FF79E972000-memory.dmp	upx
behavioral2/memory/4248-318-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp	upx
behavioral2/memory/1448-317-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp	upx
behavioral2/memory/3524-257-0x00007FF606170000-0x00007FF606562000-memory.dmp	upx
behavioral2/memory/3108-256-0x00007FF751830000-0x00007FF751C22000-memory.dmp	upx
behavioral2/files/0x0007000000023461-214.dat	upx
behavioral2/files/0x0007000000023460-210.dat	upx
behavioral2/files/0x000700000002345d-207.dat	upx
behavioral2/files/0x000700000002344e-206.dat	upx
behavioral2/files/0x000700000002345f-205.dat	upx
behavioral2/files/0x0007000000023459-192.dat	upx
behavioral2/files/0x0008000000023452-191.dat	upx
behavioral2/files/0x0007000000023456-183.dat	upx
behavioral2/files/0x0007000000023453-175.dat	upx
behavioral2/files/0x0007000000023450-174.dat	upx
behavioral2/memory/1308-165-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp	upx
behavioral2/files/0x000700000002345c-155.dat	upx
behavioral2/files/0x000700000002344d-153.dat	upx
behavioral2/files/0x000700000002344b-196.dat	upx
behavioral2/files/0x0007000000023448-142.dat	upx
behavioral2/files/0x0007000000023458-141.dat	upx
behavioral2/files/0x0007000000023457-140.dat	upx
behavioral2/files/0x0007000000023455-137.dat	upx
behavioral2/files/0x000700000002345e-173.dat	upx
behavioral2/files/0x000700000002344f-133.dat	upx
behavioral2/memory/2828-130-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp	upx
behavioral2/files/0x000700000002343f-122.dat	upx
behavioral2/files/0x000700000002345b-151.dat	upx
behavioral2/files/0x000700000002344a-117.dat	upx
behavioral2/files/0x000700000002345a-150.dat	upx
behavioral2/files/0x0007000000023440-82.dat	upx
behavioral2/files/0x000700000002344c-126.dat	upx
behavioral2/files/0x0007000000023444-65.dat	upx
behavioral2/files/0x0007000000023449-116.dat	upx
behavioral2/files/0x0007000000023443-104.dat	upx
behavioral2/files/0x000700000002343e-52.dat	upx
behavioral2/files/0x000700000002343b-26.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cNjPSwV.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\zdMkBgp.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\kpEkZkp.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\zevPERE.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\zqzeaUP.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\dveequl.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\fshgnRM.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\ugRNkHs.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\vdqmeYo.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\qwrnlqI.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\ErKbLZp.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\vLbAVtx.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\pXlenBH.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\MjHzzEg.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\vEbrcAc.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\AKZOXUO.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\SYijBZL.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\GAkDhJQ.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\pjXHXjv.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\sZDTSge.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\jCpSsxS.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\SoxwEeV.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\bZsQiSz.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\tFQrdrk.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\ZDwTAcS.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\uDhRCtS.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\yivkHFy.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\IkbgdTp.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\HRvzqOc.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\oVasiWz.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\XwxKcXC.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\KeVnmhb.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\nLHqTmq.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\VCgUowo.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\BdEYMYP.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\QGTtniU.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\QoaXAIe.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\TqBaqSj.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\tyRUXyL.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\xocxlmW.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\cuRWGCS.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\DnFCcxl.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\KuLMAqW.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\gsqsumh.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\TKEbjTU.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\olOUVKh.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\EHjIfVO.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\dZAKUBk.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\ArPQbsR.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\gnwnDYk.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\PFWlzEQ.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\EvPXinl.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\sdCtLib.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\xROuLTG.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\oGYPlsb.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\PyjeMIC.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\CYpkPWt.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\dtRDizl.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\ewGvrGy.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\ajdWdXB.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\DOVcpjy.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\qntJBQK.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\JjkhCGO.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
File created	C:\Windows\System\RJGrdQT.exe	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1820	powershell.exe
1820	powershell.exe
1820	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
Token: SeLockMemoryPrivilege	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
Token: SeDebugPrivilege	1820	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 1820	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	85
PID 3716 wrote to memory of 1820	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	85
PID 3716 wrote to memory of 2828	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	86
PID 3716 wrote to memory of 2828	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	86
PID 3716 wrote to memory of 1308	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	87
PID 3716 wrote to memory of 1308	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	87
PID 3716 wrote to memory of 844	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	88
PID 3716 wrote to memory of 844	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	88
PID 3716 wrote to memory of 3108	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	855
PID 3716 wrote to memory of 3108	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	855
PID 3716 wrote to memory of 3524	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	90
PID 3716 wrote to memory of 3524	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	90
PID 3716 wrote to memory of 1984	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	91
PID 3716 wrote to memory of 1984	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	91
PID 3716 wrote to memory of 1448	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	92
PID 3716 wrote to memory of 1448	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	92
PID 3716 wrote to memory of 4248	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	93
PID 3716 wrote to memory of 4248	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	93
PID 3716 wrote to memory of 2456	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	94
PID 3716 wrote to memory of 2456	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	94
PID 3716 wrote to memory of 2568	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	95
PID 3716 wrote to memory of 2568	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	95
PID 3716 wrote to memory of 4556	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	96
PID 3716 wrote to memory of 4556	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	96
PID 3716 wrote to memory of 5096	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	97
PID 3716 wrote to memory of 5096	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	97
PID 3716 wrote to memory of 5040	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	98
PID 3716 wrote to memory of 5040	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	98
PID 3716 wrote to memory of 4628	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	99
PID 3716 wrote to memory of 4628	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	99
PID 3716 wrote to memory of 4092	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	100
PID 3716 wrote to memory of 4092	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	100
PID 3716 wrote to memory of 4540	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	101
PID 3716 wrote to memory of 4540	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	101
PID 3716 wrote to memory of 2468	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	102
PID 3716 wrote to memory of 2468	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	102
PID 3716 wrote to memory of 4792	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	103
PID 3716 wrote to memory of 4792	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	103
PID 3716 wrote to memory of 4624	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	104
PID 3716 wrote to memory of 4624	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	104
PID 3716 wrote to memory of 2228	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	105
PID 3716 wrote to memory of 2228	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	105
PID 3716 wrote to memory of 1496	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	106
PID 3716 wrote to memory of 1496	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	106
PID 3716 wrote to memory of 2276	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	107
PID 3716 wrote to memory of 2276	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	107
PID 3716 wrote to memory of 2576	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	108
PID 3716 wrote to memory of 2576	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	108
PID 3716 wrote to memory of 4964	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	109
PID 3716 wrote to memory of 4964	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	109
PID 3716 wrote to memory of 1116	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	110
PID 3716 wrote to memory of 1116	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	110
PID 3716 wrote to memory of 2760	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	111
PID 3716 wrote to memory of 2760	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	111
PID 3716 wrote to memory of 3620	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	112
PID 3716 wrote to memory of 3620	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	112
PID 3716 wrote to memory of 4724	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	113
PID 3716 wrote to memory of 4724	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	113
PID 3716 wrote to memory of 3352	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	114
PID 3716 wrote to memory of 3352	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	114
PID 3716 wrote to memory of 1524	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	115
PID 3716 wrote to memory of 1524	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	115
PID 3716 wrote to memory of 1944	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	116
PID 3716 wrote to memory of 1944	3716	2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe	116

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe
"C:\Users\Admin\AppData\Local\Temp\2535ac1eb1657975ed180fae8bb1c244f6c500a37a544e290f18e3e638a14483.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1820
- C:\Windows\System\VcHWzDW.exe
  C:\Windows\System\VcHWzDW.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\sNnXOXx.exe
  C:\Windows\System\sNnXOXx.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\vHqNsTP.exe
  C:\Windows\System\vHqNsTP.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\bvkUvVA.exe
  C:\Windows\System\bvkUvVA.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\GFdeVyL.exe
  C:\Windows\System\GFdeVyL.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\WgoCobD.exe
  C:\Windows\System\WgoCobD.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\lWlkKFQ.exe
  C:\Windows\System\lWlkKFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\EnSXcSP.exe
  C:\Windows\System\EnSXcSP.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\ajdWdXB.exe
  C:\Windows\System\ajdWdXB.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\KbtwnuI.exe
  C:\Windows\System\KbtwnuI.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\vmNvEEl.exe
  C:\Windows\System\vmNvEEl.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\kwHfAxI.exe
  C:\Windows\System\kwHfAxI.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\HtMxVcd.exe
  C:\Windows\System\HtMxVcd.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\xJbbjCp.exe
  C:\Windows\System\xJbbjCp.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\gWxAfJc.exe
  C:\Windows\System\gWxAfJc.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\cbdhoMB.exe
  C:\Windows\System\cbdhoMB.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\QBFnPDJ.exe
  C:\Windows\System\QBFnPDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\wsVXyWj.exe
  C:\Windows\System\wsVXyWj.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\YYmGRWo.exe
  C:\Windows\System\YYmGRWo.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\cLRxRAI.exe
  C:\Windows\System\cLRxRAI.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\QLKdcAa.exe
  C:\Windows\System\QLKdcAa.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\BrWdcgG.exe
  C:\Windows\System\BrWdcgG.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\BdEYMYP.exe
  C:\Windows\System\BdEYMYP.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ncrFKiv.exe
  C:\Windows\System\ncrFKiv.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\GlYeoWS.exe
  C:\Windows\System\GlYeoWS.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\RsCHpnp.exe
  C:\Windows\System\RsCHpnp.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\YTaVPgx.exe
  C:\Windows\System\YTaVPgx.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\wRAfiTh.exe
  C:\Windows\System\wRAfiTh.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\wggKLvR.exe
  C:\Windows\System\wggKLvR.exe
  2⤵
  - Executes dropped EXE
  PID:3352
- C:\Windows\System\qbKZFIv.exe
  C:\Windows\System\qbKZFIv.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\SfOSzLD.exe
  C:\Windows\System\SfOSzLD.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\MfczXYA.exe
  C:\Windows\System\MfczXYA.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\xipIels.exe
  C:\Windows\System\xipIels.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\pDwuauL.exe
  C:\Windows\System\pDwuauL.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\TRJcCCy.exe
  C:\Windows\System\TRJcCCy.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\BmXOxnL.exe
  C:\Windows\System\BmXOxnL.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\BYBiWMh.exe
  C:\Windows\System\BYBiWMh.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\wdQcmJQ.exe
  C:\Windows\System\wdQcmJQ.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\yLeqAfH.exe
  C:\Windows\System\yLeqAfH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\mAlPIoU.exe
  C:\Windows\System\mAlPIoU.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\weCAjKb.exe
  C:\Windows\System\weCAjKb.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\liGDHQu.exe
  C:\Windows\System\liGDHQu.exe
  2⤵
  - Executes dropped EXE
  PID:3496
- C:\Windows\System\ZCOhDzp.exe
  C:\Windows\System\ZCOhDzp.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\LGKzsJF.exe
  C:\Windows\System\LGKzsJF.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\FQyqSkY.exe
  C:\Windows\System\FQyqSkY.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\uXQMitj.exe
  C:\Windows\System\uXQMitj.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\aYPDMCN.exe
  C:\Windows\System\aYPDMCN.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\aerIsGE.exe
  C:\Windows\System\aerIsGE.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\xLoFsQq.exe
  C:\Windows\System\xLoFsQq.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\DUScoPn.exe
  C:\Windows\System\DUScoPn.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\LOtcvVy.exe
  C:\Windows\System\LOtcvVy.exe
  2⤵
  PID:3564
- C:\Windows\System\rrGlOxo.exe
  C:\Windows\System\rrGlOxo.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\PYuvwPf.exe
  C:\Windows\System\PYuvwPf.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\QnIkkFN.exe
  C:\Windows\System\QnIkkFN.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\vjtHhNX.exe
  C:\Windows\System\vjtHhNX.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\gEGTsZV.exe
  C:\Windows\System\gEGTsZV.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\WLCXAXU.exe
  C:\Windows\System\WLCXAXU.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\TYUPMGV.exe
  C:\Windows\System\TYUPMGV.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\UwKnkED.exe
  C:\Windows\System\UwKnkED.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\appusEq.exe
  C:\Windows\System\appusEq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\fSRdKVC.exe
  C:\Windows\System\fSRdKVC.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\IRHvDSL.exe
  C:\Windows\System\IRHvDSL.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\ZQZSerb.exe
  C:\Windows\System\ZQZSerb.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\NxTMjgh.exe
  C:\Windows\System\NxTMjgh.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\MwpAGJZ.exe
  C:\Windows\System\MwpAGJZ.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\jopCKOS.exe
  C:\Windows\System\jopCKOS.exe
  2⤵
  PID:1312
- C:\Windows\System\gaIMBvR.exe
  C:\Windows\System\gaIMBvR.exe
  2⤵
  PID:2516
- C:\Windows\System\miwmUjW.exe
  C:\Windows\System\miwmUjW.exe
  2⤵
  PID:2716
- C:\Windows\System\YYLGfel.exe
  C:\Windows\System\YYLGfel.exe
  2⤵
  PID:3032
- C:\Windows\System\laoMRmU.exe
  C:\Windows\System\laoMRmU.exe
  2⤵
  PID:388
- C:\Windows\System\LoByADI.exe
  C:\Windows\System\LoByADI.exe
  2⤵
  PID:1808
- C:\Windows\System\TRGuGQL.exe
  C:\Windows\System\TRGuGQL.exe
  2⤵
  PID:2260
- C:\Windows\System\OXOoOtl.exe
  C:\Windows\System\OXOoOtl.exe
  2⤵
  PID:1500
- C:\Windows\System\qhIMpcp.exe
  C:\Windows\System\qhIMpcp.exe
  2⤵
  PID:4080
- C:\Windows\System\CcBDVmc.exe
  C:\Windows\System\CcBDVmc.exe
  2⤵
  PID:5128
- C:\Windows\System\ZzsYQWc.exe
  C:\Windows\System\ZzsYQWc.exe
  2⤵
  PID:5148
- C:\Windows\System\nWTtcNT.exe
  C:\Windows\System\nWTtcNT.exe
  2⤵
  PID:5168
- C:\Windows\System\ESNMxkS.exe
  C:\Windows\System\ESNMxkS.exe
  2⤵
  PID:5256
- C:\Windows\System\aXuLMAn.exe
  C:\Windows\System\aXuLMAn.exe
  2⤵
  PID:5276
- C:\Windows\System\JdKFrjw.exe
  C:\Windows\System\JdKFrjw.exe
  2⤵
  PID:5292
- C:\Windows\System\QDkBDiE.exe
  C:\Windows\System\QDkBDiE.exe
  2⤵
  PID:5320
- C:\Windows\System\ZGFEgzO.exe
  C:\Windows\System\ZGFEgzO.exe
  2⤵
  PID:5348
- C:\Windows\System\EhqBjbl.exe
  C:\Windows\System\EhqBjbl.exe
  2⤵
  PID:5368
- C:\Windows\System\tNcppYl.exe
  C:\Windows\System\tNcppYl.exe
  2⤵
  PID:5392
- C:\Windows\System\qJbuyhd.exe
  C:\Windows\System\qJbuyhd.exe
  2⤵
  PID:5456
- C:\Windows\System\tSmLqmf.exe
  C:\Windows\System\tSmLqmf.exe
  2⤵
  PID:5484
- C:\Windows\System\NWxeQzE.exe
  C:\Windows\System\NWxeQzE.exe
  2⤵
  PID:5500
- C:\Windows\System\cyAueeY.exe
  C:\Windows\System\cyAueeY.exe
  2⤵
  PID:5520
- C:\Windows\System\AsWFTdk.exe
  C:\Windows\System\AsWFTdk.exe
  2⤵
  PID:5536
- C:\Windows\System\IfMSSEI.exe
  C:\Windows\System\IfMSSEI.exe
  2⤵
  PID:5564
- C:\Windows\System\euoLjGB.exe
  C:\Windows\System\euoLjGB.exe
  2⤵
  PID:5580
- C:\Windows\System\cuiAcun.exe
  C:\Windows\System\cuiAcun.exe
  2⤵
  PID:5620
- C:\Windows\System\NBwvsWM.exe
  C:\Windows\System\NBwvsWM.exe
  2⤵
  PID:5644
- C:\Windows\System\gCdTpai.exe
  C:\Windows\System\gCdTpai.exe
  2⤵
  PID:5680
- C:\Windows\System\AdrECvv.exe
  C:\Windows\System\AdrECvv.exe
  2⤵
  PID:5704
- C:\Windows\System\tVhxfEm.exe
  C:\Windows\System\tVhxfEm.exe
  2⤵
  PID:5720
- C:\Windows\System\rDdfeBO.exe
  C:\Windows\System\rDdfeBO.exe
  2⤵
  PID:5748
- C:\Windows\System\lTyzcrx.exe
  C:\Windows\System\lTyzcrx.exe
  2⤵
  PID:5764
- C:\Windows\System\YqKZxZg.exe
  C:\Windows\System\YqKZxZg.exe
  2⤵
  PID:5796
- C:\Windows\System\DehJOXJ.exe
  C:\Windows\System\DehJOXJ.exe
  2⤵
  PID:5816
- C:\Windows\System\eGTmHcF.exe
  C:\Windows\System\eGTmHcF.exe
  2⤵
  PID:5832
- C:\Windows\System\jDTPUxM.exe
  C:\Windows\System\jDTPUxM.exe
  2⤵
  PID:5856
- C:\Windows\System\qoWvVtk.exe
  C:\Windows\System\qoWvVtk.exe
  2⤵
  PID:5872
- C:\Windows\System\ePFUXwA.exe
  C:\Windows\System\ePFUXwA.exe
  2⤵
  PID:5920
- C:\Windows\System\OeHlSsI.exe
  C:\Windows\System\OeHlSsI.exe
  2⤵
  PID:5940
- C:\Windows\System\xHbHded.exe
  C:\Windows\System\xHbHded.exe
  2⤵
  PID:5964
- C:\Windows\System\LMfEnWp.exe
  C:\Windows\System\LMfEnWp.exe
  2⤵
  PID:5980
- C:\Windows\System\CcvLumH.exe
  C:\Windows\System\CcvLumH.exe
  2⤵
  PID:6008
- C:\Windows\System\BboUrgW.exe
  C:\Windows\System\BboUrgW.exe
  2⤵
  PID:6028
- C:\Windows\System\DzjwTSq.exe
  C:\Windows\System\DzjwTSq.exe
  2⤵
  PID:6044
- C:\Windows\System\rNinvAy.exe
  C:\Windows\System\rNinvAy.exe
  2⤵
  PID:6072
- C:\Windows\System\ZkKNvxt.exe
  C:\Windows\System\ZkKNvxt.exe
  2⤵
  PID:6096
- C:\Windows\System\FJokBYI.exe
  C:\Windows\System\FJokBYI.exe
  2⤵
  PID:6120
- C:\Windows\System\poxHwDu.exe
  C:\Windows\System\poxHwDu.exe
  2⤵
  PID:216
- C:\Windows\System\PIxpCIO.exe
  C:\Windows\System\PIxpCIO.exe
  2⤵
  PID:4112
- C:\Windows\System\NWnZabH.exe
  C:\Windows\System\NWnZabH.exe
  2⤵
  PID:4888
- C:\Windows\System\setEqZE.exe
  C:\Windows\System\setEqZE.exe
  2⤵
  PID:2696
- C:\Windows\System\gjarApe.exe
  C:\Windows\System\gjarApe.exe
  2⤵
  PID:2236
- C:\Windows\System\JSGIFgq.exe
  C:\Windows\System\JSGIFgq.exe
  2⤵
  PID:4488
- C:\Windows\System\xzeWlIa.exe
  C:\Windows\System\xzeWlIa.exe
  2⤵
  PID:1336
- C:\Windows\System\JIggWFz.exe
  C:\Windows\System\JIggWFz.exe
  2⤵
  PID:1628
- C:\Windows\System\FbCaMrW.exe
  C:\Windows\System\FbCaMrW.exe
  2⤵
  PID:5144
- C:\Windows\System\RPmFXiR.exe
  C:\Windows\System\RPmFXiR.exe
  2⤵
  PID:2220
- C:\Windows\System\roIuBnV.exe
  C:\Windows\System\roIuBnV.exe
  2⤵
  PID:4184
- C:\Windows\System\pwUhyXN.exe
  C:\Windows\System\pwUhyXN.exe
  2⤵
  PID:5408
- C:\Windows\System\PTiEqQf.exe
  C:\Windows\System\PTiEqQf.exe
  2⤵
  PID:5476
- C:\Windows\System\jnUlaBy.exe
  C:\Windows\System\jnUlaBy.exe
  2⤵
  PID:5544
- C:\Windows\System\AKZOXUO.exe
  C:\Windows\System\AKZOXUO.exe
  2⤵
  PID:4704
- C:\Windows\System\WCIJjHC.exe
  C:\Windows\System\WCIJjHC.exe
  2⤵
  PID:1444
- C:\Windows\System\TJHpuKg.exe
  C:\Windows\System\TJHpuKg.exe
  2⤵
  PID:4756
- C:\Windows\System\SIknqcn.exe
  C:\Windows\System\SIknqcn.exe
  2⤵
  PID:836
- C:\Windows\System\keKGOxD.exe
  C:\Windows\System\keKGOxD.exe
  2⤵
  PID:5164
- C:\Windows\System\ruLisHw.exe
  C:\Windows\System\ruLisHw.exe
  2⤵
  PID:5360
- C:\Windows\System\EVhJYkj.exe
  C:\Windows\System\EVhJYkj.exe
  2⤵
  PID:5960
- C:\Windows\System\xUZNYtS.exe
  C:\Windows\System\xUZNYtS.exe
  2⤵
  PID:5468
- C:\Windows\System\IqtxgjP.exe
  C:\Windows\System\IqtxgjP.exe
  2⤵
  PID:6160
- C:\Windows\System\CBQMQGH.exe
  C:\Windows\System\CBQMQGH.exe
  2⤵
  PID:6180
- C:\Windows\System\IGvQHzu.exe
  C:\Windows\System\IGvQHzu.exe
  2⤵
  PID:6200
- C:\Windows\System\vxsWdKy.exe
  C:\Windows\System\vxsWdKy.exe
  2⤵
  PID:6228
- C:\Windows\System\CHBrNnP.exe
  C:\Windows\System\CHBrNnP.exe
  2⤵
  PID:6256
- C:\Windows\System\UbdsooC.exe
  C:\Windows\System\UbdsooC.exe
  2⤵
  PID:6284
- C:\Windows\System\TkIElla.exe
  C:\Windows\System\TkIElla.exe
  2⤵
  PID:6304
- C:\Windows\System\vdbAXMk.exe
  C:\Windows\System\vdbAXMk.exe
  2⤵
  PID:6368
- C:\Windows\System\CDyCZCX.exe
  C:\Windows\System\CDyCZCX.exe
  2⤵
  PID:6396
- C:\Windows\System\PxuJmja.exe
  C:\Windows\System\PxuJmja.exe
  2⤵
  PID:6416
- C:\Windows\System\TPHSmyQ.exe
  C:\Windows\System\TPHSmyQ.exe
  2⤵
  PID:6436
- C:\Windows\System\JkRsEtm.exe
  C:\Windows\System\JkRsEtm.exe
  2⤵
  PID:6456
- C:\Windows\System\DFzauTE.exe
  C:\Windows\System\DFzauTE.exe
  2⤵
  PID:6484
- C:\Windows\System\mCHYAUU.exe
  C:\Windows\System\mCHYAUU.exe
  2⤵
  PID:6504
- C:\Windows\System\RGLkHoP.exe
  C:\Windows\System\RGLkHoP.exe
  2⤵
  PID:6524
- C:\Windows\System\xnjCiVM.exe
  C:\Windows\System\xnjCiVM.exe
  2⤵
  PID:6552
- C:\Windows\System\yCAzWTF.exe
  C:\Windows\System\yCAzWTF.exe
  2⤵
  PID:6568
- C:\Windows\System\GwwNMHY.exe
  C:\Windows\System\GwwNMHY.exe
  2⤵
  PID:6588
- C:\Windows\System\tkkZuKL.exe
  C:\Windows\System\tkkZuKL.exe
  2⤵
  PID:6608
- C:\Windows\System\hHoaGJW.exe
  C:\Windows\System\hHoaGJW.exe
  2⤵
  PID:6632
- C:\Windows\System\DMtoHPQ.exe
  C:\Windows\System\DMtoHPQ.exe
  2⤵
  PID:6648
- C:\Windows\System\kpOFqfM.exe
  C:\Windows\System\kpOFqfM.exe
  2⤵
  PID:6668
- C:\Windows\System\ZSZmDTD.exe
  C:\Windows\System\ZSZmDTD.exe
  2⤵
  PID:6688
- C:\Windows\System\OUwJaWw.exe
  C:\Windows\System\OUwJaWw.exe
  2⤵
  PID:6704
- C:\Windows\System\XBATCVO.exe
  C:\Windows\System\XBATCVO.exe
  2⤵
  PID:6728
- C:\Windows\System\RdORAcP.exe
  C:\Windows\System\RdORAcP.exe
  2⤵
  PID:6748
- C:\Windows\System\qeDBNqn.exe
  C:\Windows\System\qeDBNqn.exe
  2⤵
  PID:6772
- C:\Windows\System\vJCLMhK.exe
  C:\Windows\System\vJCLMhK.exe
  2⤵
  PID:6800
- C:\Windows\System\NSdKZGE.exe
  C:\Windows\System\NSdKZGE.exe
  2⤵
  PID:6816
- C:\Windows\System\oAxXAKb.exe
  C:\Windows\System\oAxXAKb.exe
  2⤵
  PID:6836
- C:\Windows\System\uSCtMxK.exe
  C:\Windows\System\uSCtMxK.exe
  2⤵
  PID:6852
- C:\Windows\System\quGtjuv.exe
  C:\Windows\System\quGtjuv.exe
  2⤵
  PID:6876
- C:\Windows\System\QGTtniU.exe
  C:\Windows\System\QGTtniU.exe
  2⤵
  PID:6892
- C:\Windows\System\vuBwQZE.exe
  C:\Windows\System\vuBwQZE.exe
  2⤵
  PID:6920
- C:\Windows\System\SAznuuw.exe
  C:\Windows\System\SAznuuw.exe
  2⤵
  PID:6936
- C:\Windows\System\PFAQnvr.exe
  C:\Windows\System\PFAQnvr.exe
  2⤵
  PID:6960
- C:\Windows\System\BqdgeuP.exe
  C:\Windows\System\BqdgeuP.exe
  2⤵
  PID:6980
- C:\Windows\System\stlSFtd.exe
  C:\Windows\System\stlSFtd.exe
  2⤵
  PID:6996
- C:\Windows\System\wXOzpnW.exe
  C:\Windows\System\wXOzpnW.exe
  2⤵
  PID:7016
- C:\Windows\System\AfxhKAr.exe
  C:\Windows\System\AfxhKAr.exe
  2⤵
  PID:7032
- C:\Windows\System\dqmydte.exe
  C:\Windows\System\dqmydte.exe
  2⤵
  PID:7052
- C:\Windows\System\wsaSEji.exe
  C:\Windows\System\wsaSEji.exe
  2⤵
  PID:7068
- C:\Windows\System\EzqHXoJ.exe
  C:\Windows\System\EzqHXoJ.exe
  2⤵
  PID:7088
- C:\Windows\System\CJTiglw.exe
  C:\Windows\System\CJTiglw.exe
  2⤵
  PID:7108
- C:\Windows\System\CeFUcgK.exe
  C:\Windows\System\CeFUcgK.exe
  2⤵
  PID:7132
- C:\Windows\System\aWSCgoN.exe
  C:\Windows\System\aWSCgoN.exe
  2⤵
  PID:7152
- C:\Windows\System\AguRxIt.exe
  C:\Windows\System\AguRxIt.exe
  2⤵
  PID:5528
- C:\Windows\System\CaYcCCz.exe
  C:\Windows\System\CaYcCCz.exe
  2⤵
  PID:5228
- C:\Windows\System\cFBEncU.exe
  C:\Windows\System\cFBEncU.exe
  2⤵
  PID:5264
- C:\Windows\System\pznMRLw.exe
  C:\Windows\System\pznMRLw.exe
  2⤵
  PID:5288
- C:\Windows\System\MEwhtOX.exe
  C:\Windows\System\MEwhtOX.exe
  2⤵
  PID:5388
- C:\Windows\System\LYQcmul.exe
  C:\Windows\System\LYQcmul.exe
  2⤵
  PID:4456
- C:\Windows\System\gtDRDUn.exe
  C:\Windows\System\gtDRDUn.exe
  2⤵
  PID:5376
- C:\Windows\System\ZeyZZTO.exe
  C:\Windows\System\ZeyZZTO.exe
  2⤵
  PID:5436
- C:\Windows\System\OaKrjdd.exe
  C:\Windows\System\OaKrjdd.exe
  2⤵
  PID:5908
- C:\Windows\System\JiYjvJH.exe
  C:\Windows\System\JiYjvJH.exe
  2⤵
  PID:5956
- C:\Windows\System\hrRACpc.exe
  C:\Windows\System\hrRACpc.exe
  2⤵
  PID:3016
- C:\Windows\System\wUfDZAn.exe
  C:\Windows\System\wUfDZAn.exe
  2⤵
  PID:5996
- C:\Windows\System\SaDVqnK.exe
  C:\Windows\System\SaDVqnK.exe
  2⤵
  PID:6172
- C:\Windows\System\KlHLvfi.exe
  C:\Windows\System\KlHLvfi.exe
  2⤵
  PID:6056
- C:\Windows\System\arnYBiC.exe
  C:\Windows\System\arnYBiC.exe
  2⤵
  PID:1256
- C:\Windows\System\RElHBhg.exe
  C:\Windows\System\RElHBhg.exe
  2⤵
  PID:6296
- C:\Windows\System\LxqcJNN.exe
  C:\Windows\System\LxqcJNN.exe
  2⤵
  PID:5688
- C:\Windows\System\SYijBZL.exe
  C:\Windows\System\SYijBZL.exe
  2⤵
  PID:5732
- C:\Windows\System\amistYU.exe
  C:\Windows\System\amistYU.exe
  2⤵
  PID:5784
- C:\Windows\System\dwCvEvd.exe
  C:\Windows\System\dwCvEvd.exe
  2⤵
  PID:4820
- C:\Windows\System\UWcwgTb.exe
  C:\Windows\System\UWcwgTb.exe
  2⤵
  PID:6376
- C:\Windows\System\maWxRjK.exe
  C:\Windows\System\maWxRjK.exe
  2⤵
  PID:6384
- C:\Windows\System\DQPYPbt.exe
  C:\Windows\System\DQPYPbt.exe
  2⤵
  PID:2884
- C:\Windows\System\fmFginB.exe
  C:\Windows\System\fmFginB.exe
  2⤵
  PID:7184
- C:\Windows\System\OAvxSxs.exe
  C:\Windows\System\OAvxSxs.exe
  2⤵
  PID:7204
- C:\Windows\System\zkQLouU.exe
  C:\Windows\System\zkQLouU.exe
  2⤵
  PID:7224
- C:\Windows\System\yckTkzW.exe
  C:\Windows\System\yckTkzW.exe
  2⤵
  PID:7244
- C:\Windows\System\utCjKwT.exe
  C:\Windows\System\utCjKwT.exe
  2⤵
  PID:7264
- C:\Windows\System\DjXPbtY.exe
  C:\Windows\System\DjXPbtY.exe
  2⤵
  PID:7288
- C:\Windows\System\QTjjckw.exe
  C:\Windows\System\QTjjckw.exe
  2⤵
  PID:7308
- C:\Windows\System\UNvylWh.exe
  C:\Windows\System\UNvylWh.exe
  2⤵
  PID:7328
- C:\Windows\System\cGBFCzo.exe
  C:\Windows\System\cGBFCzo.exe
  2⤵
  PID:7348
- C:\Windows\System\QHVqVhq.exe
  C:\Windows\System\QHVqVhq.exe
  2⤵
  PID:7368
- C:\Windows\System\EOpQOqW.exe
  C:\Windows\System\EOpQOqW.exe
  2⤵
  PID:7396
- C:\Windows\System\yWWDJaD.exe
  C:\Windows\System\yWWDJaD.exe
  2⤵
  PID:7412
- C:\Windows\System\XRkkyVn.exe
  C:\Windows\System\XRkkyVn.exe
  2⤵
  PID:7436
- C:\Windows\System\rVPcjeX.exe
  C:\Windows\System\rVPcjeX.exe
  2⤵
  PID:7452
- C:\Windows\System\CpwcZZs.exe
  C:\Windows\System\CpwcZZs.exe
  2⤵
  PID:7480
- C:\Windows\System\eXwJkof.exe
  C:\Windows\System\eXwJkof.exe
  2⤵
  PID:7496
- C:\Windows\System\IYjDHVZ.exe
  C:\Windows\System\IYjDHVZ.exe
  2⤵
  PID:7520
- C:\Windows\System\tcSYzIa.exe
  C:\Windows\System\tcSYzIa.exe
  2⤵
  PID:7700
- C:\Windows\System\zlewBEN.exe
  C:\Windows\System\zlewBEN.exe
  2⤵
  PID:7720
- C:\Windows\System\XVidOrl.exe
  C:\Windows\System\XVidOrl.exe
  2⤵
  PID:7744
- C:\Windows\System\zcQsDGu.exe
  C:\Windows\System\zcQsDGu.exe
  2⤵
  PID:7764
- C:\Windows\System\tUWevmq.exe
  C:\Windows\System\tUWevmq.exe
  2⤵
  PID:7780
- C:\Windows\System\IAIYSOF.exe
  C:\Windows\System\IAIYSOF.exe
  2⤵
  PID:7800
- C:\Windows\System\fwtJeQa.exe
  C:\Windows\System\fwtJeQa.exe
  2⤵
  PID:7820
- C:\Windows\System\ctpXVZM.exe
  C:\Windows\System\ctpXVZM.exe
  2⤵
  PID:7836
- C:\Windows\System\MLKtaMs.exe
  C:\Windows\System\MLKtaMs.exe
  2⤵
  PID:7856
- C:\Windows\System\RJcWfyZ.exe
  C:\Windows\System\RJcWfyZ.exe
  2⤵
  PID:7876
- C:\Windows\System\LfwpKZh.exe
  C:\Windows\System\LfwpKZh.exe
  2⤵
  PID:7896
- C:\Windows\System\grfByRa.exe
  C:\Windows\System\grfByRa.exe
  2⤵
  PID:7912
- C:\Windows\System\MfyrTuQ.exe
  C:\Windows\System\MfyrTuQ.exe
  2⤵
  PID:7928
- C:\Windows\System\dozTTQN.exe
  C:\Windows\System\dozTTQN.exe
  2⤵
  PID:7944
- C:\Windows\System\cqsRHGa.exe
  C:\Windows\System\cqsRHGa.exe
  2⤵
  PID:7972
- C:\Windows\System\omMUJTR.exe
  C:\Windows\System\omMUJTR.exe
  2⤵
  PID:7992
- C:\Windows\System\tldDRmO.exe
  C:\Windows\System\tldDRmO.exe
  2⤵
  PID:8012
- C:\Windows\System\AfZWgcW.exe
  C:\Windows\System\AfZWgcW.exe
  2⤵
  PID:8032
- C:\Windows\System\sbmPYGI.exe
  C:\Windows\System\sbmPYGI.exe
  2⤵
  PID:8052
- C:\Windows\System\acLJhpe.exe
  C:\Windows\System\acLJhpe.exe
  2⤵
  PID:8072
- C:\Windows\System\EAiaKCV.exe
  C:\Windows\System\EAiaKCV.exe
  2⤵
  PID:8096
- C:\Windows\System\Kuowrmi.exe
  C:\Windows\System\Kuowrmi.exe
  2⤵
  PID:8112
- C:\Windows\System\rrrQslb.exe
  C:\Windows\System\rrrQslb.exe
  2⤵
  PID:8136
- C:\Windows\System\vCtTycD.exe
  C:\Windows\System\vCtTycD.exe
  2⤵
  PID:8152
- C:\Windows\System\jBKccDb.exe
  C:\Windows\System\jBKccDb.exe
  2⤵
  PID:8176
- C:\Windows\System\nDmBwvC.exe
  C:\Windows\System\nDmBwvC.exe
  2⤵
  PID:6560
- C:\Windows\System\NajTjJq.exe
  C:\Windows\System\NajTjJq.exe
  2⤵
  PID:6656
- C:\Windows\System\wzaKTAR.exe
  C:\Windows\System\wzaKTAR.exe
  2⤵
  PID:6700
- C:\Windows\System\psAIAWC.exe
  C:\Windows\System\psAIAWC.exe
  2⤵
  PID:6740
- C:\Windows\System\vdAqNrB.exe
  C:\Windows\System\vdAqNrB.exe
  2⤵
  PID:6808
- C:\Windows\System\gLChjsr.exe
  C:\Windows\System\gLChjsr.exe
  2⤵
  PID:5976
- C:\Windows\System\SzSwXjv.exe
  C:\Windows\System\SzSwXjv.exe
  2⤵
  PID:6928
- C:\Windows\System\omnwepC.exe
  C:\Windows\System\omnwepC.exe
  2⤵
  PID:6080
- C:\Windows\System\SPwTaVP.exe
  C:\Windows\System\SPwTaVP.exe
  2⤵
  PID:3512
- C:\Windows\System\MywilsS.exe
  C:\Windows\System\MywilsS.exe
  2⤵
  PID:2656
- C:\Windows\System\mczgScF.exe
  C:\Windows\System\mczgScF.exe
  2⤵
  PID:6620
- C:\Windows\System\epNIhhx.exe
  C:\Windows\System\epNIhhx.exe
  2⤵
  PID:5356
- C:\Windows\System\fVtGTfd.exe
  C:\Windows\System\fVtGTfd.exe
  2⤵
  PID:6844
- C:\Windows\System\oVasiWz.exe
  C:\Windows\System\oVasiWz.exe
  2⤵
  PID:6192
- C:\Windows\System\zIbsllo.exe
  C:\Windows\System\zIbsllo.exe
  2⤵
  PID:6264
- C:\Windows\System\xCVhXlC.exe
  C:\Windows\System\xCVhXlC.exe
  2⤵
  PID:6348
- C:\Windows\System\XuzbgNG.exe
  C:\Windows\System\XuzbgNG.exe
  2⤵
  PID:6428
- C:\Windows\System\eljqhdV.exe
  C:\Windows\System\eljqhdV.exe
  2⤵
  PID:6472
- C:\Windows\System\AUoPiuI.exe
  C:\Windows\System\AUoPiuI.exe
  2⤵
  PID:6516
- C:\Windows\System\ylMIBMq.exe
  C:\Windows\System\ylMIBMq.exe
  2⤵
  PID:6908
- C:\Windows\System\PFOJdpi.exe
  C:\Windows\System\PFOJdpi.exe
  2⤵
  PID:6832
- C:\Windows\System\YfWXPCh.exe
  C:\Windows\System\YfWXPCh.exe
  2⤵
  PID:6584
- C:\Windows\System\kpEkZkp.exe
  C:\Windows\System\kpEkZkp.exe
  2⤵
  PID:7460
- C:\Windows\System\EQHJVjQ.exe
  C:\Windows\System\EQHJVjQ.exe
  2⤵
  PID:5180
- C:\Windows\System\DUHVejC.exe
  C:\Windows\System\DUHVejC.exe
  2⤵
  PID:5900
- C:\Windows\System\HJZByIn.exe
  C:\Windows\System\HJZByIn.exe
  2⤵
  PID:7144
- C:\Windows\System\xiyfnPL.exe
  C:\Windows\System\xiyfnPL.exe
  2⤵
  PID:7148
- C:\Windows\System\wPHAQxI.exe
  C:\Windows\System\wPHAQxI.exe
  2⤵
  PID:5284
- C:\Windows\System\FVTjcQD.exe
  C:\Windows\System\FVTjcQD.exe
  2⤵
  PID:7408
- C:\Windows\System\MzQnOAG.exe
  C:\Windows\System\MzQnOAG.exe
  2⤵
  PID:7512
- C:\Windows\System\zNmLfUc.exe
  C:\Windows\System\zNmLfUc.exe
  2⤵
  PID:8000
- C:\Windows\System\LCXbldH.exe
  C:\Windows\System\LCXbldH.exe
  2⤵
  PID:8204
- C:\Windows\System\ryfRHbH.exe
  C:\Windows\System\ryfRHbH.exe
  2⤵
  PID:8228
- C:\Windows\System\IJPAfui.exe
  C:\Windows\System\IJPAfui.exe
  2⤵
  PID:8244
- C:\Windows\System\kPAxyFR.exe
  C:\Windows\System\kPAxyFR.exe
  2⤵
  PID:8268
- C:\Windows\System\bZsQiSz.exe
  C:\Windows\System\bZsQiSz.exe
  2⤵
  PID:8284
- C:\Windows\System\xJGfzzC.exe
  C:\Windows\System\xJGfzzC.exe
  2⤵
  PID:8308
- C:\Windows\System\UgERHAF.exe
  C:\Windows\System\UgERHAF.exe
  2⤵
  PID:8332
- C:\Windows\System\uCaproa.exe
  C:\Windows\System\uCaproa.exe
  2⤵
  PID:8356
- C:\Windows\System\yjXYIsp.exe
  C:\Windows\System\yjXYIsp.exe
  2⤵
  PID:8372
- C:\Windows\System\seNJApc.exe
  C:\Windows\System\seNJApc.exe
  2⤵
  PID:8392
- C:\Windows\System\YoyDcSa.exe
  C:\Windows\System\YoyDcSa.exe
  2⤵
  PID:8416
- C:\Windows\System\lUaikoc.exe
  C:\Windows\System\lUaikoc.exe
  2⤵
  PID:8440
- C:\Windows\System\WtsTgWx.exe
  C:\Windows\System\WtsTgWx.exe
  2⤵
  PID:8460
- C:\Windows\System\CatBUcl.exe
  C:\Windows\System\CatBUcl.exe
  2⤵
  PID:8484
- C:\Windows\System\RHSKMWz.exe
  C:\Windows\System\RHSKMWz.exe
  2⤵
  PID:8504
- C:\Windows\System\WNrIBRL.exe
  C:\Windows\System\WNrIBRL.exe
  2⤵
  PID:8524
- C:\Windows\System\OlWvxhc.exe
  C:\Windows\System\OlWvxhc.exe
  2⤵
  PID:8544
- C:\Windows\System\IetxZOa.exe
  C:\Windows\System\IetxZOa.exe
  2⤵
  PID:8564
- C:\Windows\System\kkzWEtj.exe
  C:\Windows\System\kkzWEtj.exe
  2⤵
  PID:8588
- C:\Windows\System\FuyAnwH.exe
  C:\Windows\System\FuyAnwH.exe
  2⤵
  PID:8604
- C:\Windows\System\cenvYIt.exe
  C:\Windows\System\cenvYIt.exe
  2⤵
  PID:8628
- C:\Windows\System\orwrGzz.exe
  C:\Windows\System\orwrGzz.exe
  2⤵
  PID:8648
- C:\Windows\System\CrvzCkr.exe
  C:\Windows\System\CrvzCkr.exe
  2⤵
  PID:8668
- C:\Windows\System\BqrKSWm.exe
  C:\Windows\System\BqrKSWm.exe
  2⤵
  PID:8688
- C:\Windows\System\pwayTxM.exe
  C:\Windows\System\pwayTxM.exe
  2⤵
  PID:8708
- C:\Windows\System\ALKIfbI.exe
  C:\Windows\System\ALKIfbI.exe
  2⤵
  PID:8732
- C:\Windows\System\krwEBdn.exe
  C:\Windows\System\krwEBdn.exe
  2⤵
  PID:8752
- C:\Windows\System\hyyiAyV.exe
  C:\Windows\System\hyyiAyV.exe
  2⤵
  PID:8772
- C:\Windows\System\mFhuFdC.exe
  C:\Windows\System\mFhuFdC.exe
  2⤵
  PID:8796
- C:\Windows\System\fmIZdJF.exe
  C:\Windows\System\fmIZdJF.exe
  2⤵
  PID:8812
- C:\Windows\System\LVGfOMu.exe
  C:\Windows\System\LVGfOMu.exe
  2⤵
  PID:8836
- C:\Windows\System\EZrlXKW.exe
  C:\Windows\System\EZrlXKW.exe
  2⤵
  PID:8856
- C:\Windows\System\usGGpUc.exe
  C:\Windows\System\usGGpUc.exe
  2⤵
  PID:8876
- C:\Windows\System\UyVggbt.exe
  C:\Windows\System\UyVggbt.exe
  2⤵
  PID:8900
- C:\Windows\System\LvXaQzh.exe
  C:\Windows\System\LvXaQzh.exe
  2⤵
  PID:8916
- C:\Windows\System\GPPSOML.exe
  C:\Windows\System\GPPSOML.exe
  2⤵
  PID:8944
- C:\Windows\System\kcrrwGM.exe
  C:\Windows\System\kcrrwGM.exe
  2⤵
  PID:8964
- C:\Windows\System\tAgJXNl.exe
  C:\Windows\System\tAgJXNl.exe
  2⤵
  PID:8984
- C:\Windows\System\sqXkczv.exe
  C:\Windows\System\sqXkczv.exe
  2⤵
  PID:9004
- C:\Windows\System\ButJeNM.exe
  C:\Windows\System\ButJeNM.exe
  2⤵
  PID:9024
- C:\Windows\System\mTxDykC.exe
  C:\Windows\System\mTxDykC.exe
  2⤵
  PID:9044
- C:\Windows\System\DlxRTAd.exe
  C:\Windows\System\DlxRTAd.exe
  2⤵
  PID:9068
- C:\Windows\System\UdKlQAl.exe
  C:\Windows\System\UdKlQAl.exe
  2⤵
  PID:9092
- C:\Windows\System\jsAjsrb.exe
  C:\Windows\System\jsAjsrb.exe
  2⤵
  PID:9108
- C:\Windows\System\XIvcjZt.exe
  C:\Windows\System\XIvcjZt.exe
  2⤵
  PID:9124
- C:\Windows\System\SJxyvYl.exe
  C:\Windows\System\SJxyvYl.exe
  2⤵
  PID:9140
- C:\Windows\System\qBBeNVr.exe
  C:\Windows\System\qBBeNVr.exe
  2⤵
  PID:9156
- C:\Windows\System\cLLNtdN.exe
  C:\Windows\System\cLLNtdN.exe
  2⤵
  PID:9172
- C:\Windows\System\bELwzlt.exe
  C:\Windows\System\bELwzlt.exe
  2⤵
  PID:9188
- C:\Windows\System\DpupVgM.exe
  C:\Windows\System\DpupVgM.exe
  2⤵
  PID:9204
- C:\Windows\System\cPdFOHj.exe
  C:\Windows\System\cPdFOHj.exe
  2⤵
  PID:8128
- C:\Windows\System\ThAtBZz.exe
  C:\Windows\System\ThAtBZz.exe
  2⤵
  PID:8184
- C:\Windows\System\dDWcJiF.exe
  C:\Windows\System\dDWcJiF.exe
  2⤵
  PID:5696
- C:\Windows\System\hoxhsdL.exe
  C:\Windows\System\hoxhsdL.exe
  2⤵
  PID:6156
- C:\Windows\System\cuiMZYk.exe
  C:\Windows\System\cuiMZYk.exe
  2⤵
  PID:4212
- C:\Windows\System\OylgfGm.exe
  C:\Windows\System\OylgfGm.exe
  2⤵
  PID:6680
- C:\Windows\System\ySUGiWM.exe
  C:\Windows\System\ySUGiWM.exe
  2⤵
  PID:6188
- C:\Windows\System\PZygWoL.exe
  C:\Windows\System\PZygWoL.exe
  2⤵
  PID:6548
- C:\Windows\System\OQYePnI.exe
  C:\Windows\System\OQYePnI.exe
  2⤵
  PID:9236
- C:\Windows\System\zAfOWmd.exe
  C:\Windows\System\zAfOWmd.exe
  2⤵
  PID:9256
- C:\Windows\System\XtxSJzt.exe
  C:\Windows\System\XtxSJzt.exe
  2⤵
  PID:9276
- C:\Windows\System\gHayQVm.exe
  C:\Windows\System\gHayQVm.exe
  2⤵
  PID:9296
- C:\Windows\System\dqJPERg.exe
  C:\Windows\System\dqJPERg.exe
  2⤵
  PID:9316
- C:\Windows\System\XoJJcKF.exe
  C:\Windows\System\XoJJcKF.exe
  2⤵
  PID:9336
- C:\Windows\System\GlmNakD.exe
  C:\Windows\System\GlmNakD.exe
  2⤵
  PID:9356
- C:\Windows\System\CrDrWLf.exe
  C:\Windows\System\CrDrWLf.exe
  2⤵
  PID:9372
- C:\Windows\System\DfOJFid.exe
  C:\Windows\System\DfOJFid.exe
  2⤵
  PID:9404
- C:\Windows\System\gvQIQYl.exe
  C:\Windows\System\gvQIQYl.exe
  2⤵
  PID:9420
- C:\Windows\System\QEwryfc.exe
  C:\Windows\System\QEwryfc.exe
  2⤵
  PID:9436
- C:\Windows\System\NcOCZFN.exe
  C:\Windows\System\NcOCZFN.exe
  2⤵
  PID:9452
- C:\Windows\System\KidDXjJ.exe
  C:\Windows\System\KidDXjJ.exe
  2⤵
  PID:9468
- C:\Windows\System\eoNPnNE.exe
  C:\Windows\System\eoNPnNE.exe
  2⤵
  PID:9488
- C:\Windows\System\uXBbDfy.exe
  C:\Windows\System\uXBbDfy.exe
  2⤵
  PID:9512
- C:\Windows\System\NkgQqhW.exe
  C:\Windows\System\NkgQqhW.exe
  2⤵
  PID:9532
- C:\Windows\System\vvBePSb.exe
  C:\Windows\System\vvBePSb.exe
  2⤵
  PID:9556
- C:\Windows\System\iZJyvBJ.exe
  C:\Windows\System\iZJyvBJ.exe
  2⤵
  PID:9576
- C:\Windows\System\NJFpIYR.exe
  C:\Windows\System\NJFpIYR.exe
  2⤵
  PID:9596
- C:\Windows\System\uXZPiQx.exe
  C:\Windows\System\uXZPiQx.exe
  2⤵
  PID:9612
- C:\Windows\System\KjfpLjz.exe
  C:\Windows\System\KjfpLjz.exe
  2⤵
  PID:9636
- C:\Windows\System\xocxlmW.exe
  C:\Windows\System\xocxlmW.exe
  2⤵
  PID:9660
- C:\Windows\System\jTssKmm.exe
  C:\Windows\System\jTssKmm.exe
  2⤵
  PID:9676
- C:\Windows\System\KXsewkJ.exe
  C:\Windows\System\KXsewkJ.exe
  2⤵
  PID:9720
- C:\Windows\System\rUlkSCa.exe
  C:\Windows\System\rUlkSCa.exe
  2⤵
  PID:9740
- C:\Windows\System\BtyGVqz.exe
  C:\Windows\System\BtyGVqz.exe
  2⤵
  PID:9764
- C:\Windows\System\moSMwPO.exe
  C:\Windows\System\moSMwPO.exe
  2⤵
  PID:9784
- C:\Windows\System\xJNrlXG.exe
  C:\Windows\System\xJNrlXG.exe
  2⤵
  PID:9804
- C:\Windows\System\sdCTXqz.exe
  C:\Windows\System\sdCTXqz.exe
  2⤵
  PID:9828
- C:\Windows\System\QJjAOjr.exe
  C:\Windows\System\QJjAOjr.exe
  2⤵
  PID:9852
- C:\Windows\System\NtvyaOk.exe
  C:\Windows\System\NtvyaOk.exe
  2⤵
  PID:9872
- C:\Windows\System\AJnhIBY.exe
  C:\Windows\System\AJnhIBY.exe
  2⤵
  PID:9892
- C:\Windows\System\pBZmboC.exe
  C:\Windows\System\pBZmboC.exe
  2⤵
  PID:9916
- C:\Windows\System\XwxKcXC.exe
  C:\Windows\System\XwxKcXC.exe
  2⤵
  PID:9940
- C:\Windows\System\mJGtUlL.exe
  C:\Windows\System\mJGtUlL.exe
  2⤵
  PID:9964
- C:\Windows\System\vUGnqYB.exe
  C:\Windows\System\vUGnqYB.exe
  2⤵
  PID:9988
- C:\Windows\System\YcFsJSk.exe
  C:\Windows\System\YcFsJSk.exe
  2⤵
  PID:10008
- C:\Windows\System\YXkTPYR.exe
  C:\Windows\System\YXkTPYR.exe
  2⤵
  PID:10024
- C:\Windows\System\UBQJLxH.exe
  C:\Windows\System\UBQJLxH.exe
  2⤵
  PID:10052
- C:\Windows\System\cuRWGCS.exe
  C:\Windows\System\cuRWGCS.exe
  2⤵
  PID:10072
- C:\Windows\System\fuSRYbd.exe
  C:\Windows\System\fuSRYbd.exe
  2⤵
  PID:10096
- C:\Windows\System\tNggezR.exe
  C:\Windows\System\tNggezR.exe
  2⤵
  PID:10116
- C:\Windows\System\gnwnDYk.exe
  C:\Windows\System\gnwnDYk.exe
  2⤵
  PID:10136
- C:\Windows\System\gLJIlIb.exe
  C:\Windows\System\gLJIlIb.exe
  2⤵
  PID:10156
- C:\Windows\System\kKjpXSs.exe
  C:\Windows\System\kKjpXSs.exe
  2⤵
  PID:10176
- C:\Windows\System\VmmBPgu.exe
  C:\Windows\System\VmmBPgu.exe
  2⤵
  PID:10204
- C:\Windows\System\UafIXDQ.exe
  C:\Windows\System\UafIXDQ.exe
  2⤵
  PID:10220
- C:\Windows\System\bgeZlFK.exe
  C:\Windows\System\bgeZlFK.exe
  2⤵
  PID:6952
- C:\Windows\System\iWfnGwA.exe
  C:\Windows\System\iWfnGwA.exe
  2⤵
  PID:7256
- C:\Windows\System\UONIrJP.exe
  C:\Windows\System\UONIrJP.exe
  2⤵
  PID:6136
- C:\Windows\System\iOLPSFp.exe
  C:\Windows\System\iOLPSFp.exe
  2⤵
  PID:7124
- C:\Windows\System\PXwtqZK.exe
  C:\Windows\System\PXwtqZK.exe
  2⤵
  PID:7448
- C:\Windows\System\yRVvevG.exe
  C:\Windows\System\yRVvevG.exe
  2⤵
  PID:2324
- C:\Windows\System\xWpacra.exe
  C:\Windows\System\xWpacra.exe
  2⤵
  PID:1648
- C:\Windows\System\onLaRPr.exe
  C:\Windows\System\onLaRPr.exe
  2⤵
  PID:6972
- C:\Windows\System\wwgdriQ.exe
  C:\Windows\System\wwgdriQ.exe
  2⤵
  PID:7012
- C:\Windows\System\khPZyjK.exe
  C:\Windows\System\khPZyjK.exe
  2⤵
  PID:7708
- C:\Windows\System\FngaunI.exe
  C:\Windows\System\FngaunI.exe
  2⤵
  PID:5216
- C:\Windows\System\ZFrpVFA.exe
  C:\Windows\System\ZFrpVFA.exe
  2⤵
  PID:5928
- C:\Windows\System\wBbpuRA.exe
  C:\Windows\System\wBbpuRA.exe
  2⤵
  PID:8216
- C:\Windows\System\HGqvgyJ.exe
  C:\Windows\System\HGqvgyJ.exe
  2⤵
  PID:8264
- C:\Windows\System\GbtwJZv.exe
  C:\Windows\System\GbtwJZv.exe
  2⤵
  PID:8292
- C:\Windows\System\wpxuYLq.exe
  C:\Windows\System\wpxuYLq.exe
  2⤵
  PID:8388
- C:\Windows\System\TPJCMfH.exe
  C:\Windows\System\TPJCMfH.exe
  2⤵
  PID:8456
- C:\Windows\System\KzqbAzN.exe
  C:\Windows\System\KzqbAzN.exe
  2⤵
  PID:8516
- C:\Windows\System\hfsOHcd.exe
  C:\Windows\System\hfsOHcd.exe
  2⤵
  PID:8596
- C:\Windows\System\sDZAViu.exe
  C:\Windows\System\sDZAViu.exe
  2⤵
  PID:8644
- C:\Windows\System\ADQuQTm.exe
  C:\Windows\System\ADQuQTm.exe
  2⤵
  PID:8760
- C:\Windows\System\gpPBUha.exe
  C:\Windows\System\gpPBUha.exe
  2⤵
  PID:8820
- C:\Windows\System\alsDRRT.exe
  C:\Windows\System\alsDRRT.exe
  2⤵
  PID:8908
- C:\Windows\System\oeGmenp.exe
  C:\Windows\System\oeGmenp.exe
  2⤵
  PID:8068
- C:\Windows\System\cpHIjxV.exe
  C:\Windows\System\cpHIjxV.exe
  2⤵
  PID:6640
- C:\Windows\System\EgsHbEB.exe
  C:\Windows\System\EgsHbEB.exe
  2⤵
  PID:6696
- C:\Windows\System\sTldXrf.exe
  C:\Windows\System\sTldXrf.exe
  2⤵
  PID:5672
- C:\Windows\System\MfLaxGW.exe
  C:\Windows\System\MfLaxGW.exe
  2⤵
  PID:9040
- C:\Windows\System\jSBVnVV.exe
  C:\Windows\System\jSBVnVV.exe
  2⤵
  PID:6764
- C:\Windows\System\vICXJRo.exe
  C:\Windows\System\vICXJRo.exe
  2⤵
  PID:10248
- C:\Windows\System\LgJVbmb.exe
  C:\Windows\System\LgJVbmb.exe
  2⤵
  PID:10268
- C:\Windows\System\pkLPXth.exe
  C:\Windows\System\pkLPXth.exe
  2⤵
  PID:10284
- C:\Windows\System\tgIpdAW.exe
  C:\Windows\System\tgIpdAW.exe
  2⤵
  PID:10312
- C:\Windows\System\IkbgdTp.exe
  C:\Windows\System\IkbgdTp.exe
  2⤵
  PID:10332
- C:\Windows\System\bvwEDUs.exe
  C:\Windows\System\bvwEDUs.exe
  2⤵
  PID:10352
- C:\Windows\System\dZwzMXZ.exe
  C:\Windows\System\dZwzMXZ.exe
  2⤵
  PID:10372
- C:\Windows\System\EjHpvQC.exe
  C:\Windows\System\EjHpvQC.exe
  2⤵
  PID:10392
- C:\Windows\System\TUleAGp.exe
  C:\Windows\System\TUleAGp.exe
  2⤵
  PID:10416
- C:\Windows\System\eGICwYm.exe
  C:\Windows\System\eGICwYm.exe
  2⤵
  PID:10432
- C:\Windows\System\lLBetzb.exe
  C:\Windows\System\lLBetzb.exe
  2⤵
  PID:10456
- C:\Windows\System\MpDZNaH.exe
  C:\Windows\System\MpDZNaH.exe
  2⤵
  PID:10480
- C:\Windows\System\fWyhcIp.exe
  C:\Windows\System\fWyhcIp.exe
  2⤵
  PID:10500
- C:\Windows\System\lGWBVDS.exe
  C:\Windows\System\lGWBVDS.exe
  2⤵
  PID:10520
- C:\Windows\System\OVxEEOc.exe
  C:\Windows\System\OVxEEOc.exe
  2⤵
  PID:10536
- C:\Windows\System\THHbUwe.exe
  C:\Windows\System\THHbUwe.exe
  2⤵
  PID:10564
- C:\Windows\System\KkLBdPq.exe
  C:\Windows\System\KkLBdPq.exe
  2⤵
  PID:10580
- C:\Windows\System\pMvKNNM.exe
  C:\Windows\System\pMvKNNM.exe
  2⤵
  PID:10600
- C:\Windows\System\AmcxHjY.exe
  C:\Windows\System\AmcxHjY.exe
  2⤵
  PID:10624
- C:\Windows\System\rMFjnuX.exe
  C:\Windows\System\rMFjnuX.exe
  2⤵
  PID:10644
- C:\Windows\System\YAwvIpy.exe
  C:\Windows\System\YAwvIpy.exe
  2⤵
  PID:10660
- C:\Windows\System\QAEbtKu.exe
  C:\Windows\System\QAEbtKu.exe
  2⤵
  PID:10680
- C:\Windows\System\kNGlqqM.exe
  C:\Windows\System\kNGlqqM.exe
  2⤵
  PID:10700
- C:\Windows\System\neTVEhl.exe
  C:\Windows\System\neTVEhl.exe
  2⤵
  PID:10720
- C:\Windows\System\fReDBUh.exe
  C:\Windows\System\fReDBUh.exe
  2⤵
  PID:10740
- C:\Windows\System\tkYJoEB.exe
  C:\Windows\System\tkYJoEB.exe
  2⤵
  PID:10760
- C:\Windows\System\GKVPLFZ.exe
  C:\Windows\System\GKVPLFZ.exe
  2⤵
  PID:10788
- C:\Windows\System\AahixMR.exe
  C:\Windows\System\AahixMR.exe
  2⤵
  PID:10808
- C:\Windows\System\ZtDFkvZ.exe
  C:\Windows\System\ZtDFkvZ.exe
  2⤵
  PID:10824
- C:\Windows\System\OkxUUdR.exe
  C:\Windows\System\OkxUUdR.exe
  2⤵
  PID:10848
- C:\Windows\System\KhsmagY.exe
  C:\Windows\System\KhsmagY.exe
  2⤵
  PID:10868
- C:\Windows\System\RdCnCoV.exe
  C:\Windows\System\RdCnCoV.exe
  2⤵
  PID:10888
- C:\Windows\System\wMlIUYV.exe
  C:\Windows\System\wMlIUYV.exe
  2⤵
  PID:10908
- C:\Windows\System\fEmZFgt.exe
  C:\Windows\System\fEmZFgt.exe
  2⤵
  PID:10932
- C:\Windows\System\hBJzbQt.exe
  C:\Windows\System\hBJzbQt.exe
  2⤵
  PID:10952
- C:\Windows\System\HAkHxau.exe
  C:\Windows\System\HAkHxau.exe
  2⤵
  PID:10980
- C:\Windows\System\mbyWYqY.exe
  C:\Windows\System\mbyWYqY.exe
  2⤵
  PID:11000
- C:\Windows\System\RJbXMSd.exe
  C:\Windows\System\RJbXMSd.exe
  2⤵
  PID:11028
- C:\Windows\System\PzJroLO.exe
  C:\Windows\System\PzJroLO.exe
  2⤵
  PID:11044
- C:\Windows\System\ZpWppNv.exe
  C:\Windows\System\ZpWppNv.exe
  2⤵
  PID:11064
- C:\Windows\System\vvtpQEc.exe
  C:\Windows\System\vvtpQEc.exe
  2⤵
  PID:11088
- C:\Windows\System\dkivQmJ.exe
  C:\Windows\System\dkivQmJ.exe
  2⤵
  PID:11104
- C:\Windows\System\hELVIBX.exe
  C:\Windows\System\hELVIBX.exe
  2⤵
  PID:11128
- C:\Windows\System\zFYfLnk.exe
  C:\Windows\System\zFYfLnk.exe
  2⤵
  PID:11156
- C:\Windows\System\NxPsFsB.exe
  C:\Windows\System\NxPsFsB.exe
  2⤵
  PID:11172
- C:\Windows\System\yicIJwI.exe
  C:\Windows\System\yicIJwI.exe
  2⤵
  PID:11208
- C:\Windows\System\YxfBNOR.exe
  C:\Windows\System\YxfBNOR.exe
  2⤵
  PID:11224
- C:\Windows\System\NGTFBmf.exe
  C:\Windows\System\NGTFBmf.exe
  2⤵
  PID:11248
- C:\Windows\System\LoeRdKy.exe
  C:\Windows\System\LoeRdKy.exe
  2⤵
  PID:9180
- C:\Windows\System\YnUlKBZ.exe
  C:\Windows\System\YnUlKBZ.exe
  2⤵
  PID:6828
- C:\Windows\System\pFvEPXm.exe
  C:\Windows\System\pFvEPXm.exe
  2⤵
  PID:6316
- C:\Windows\System\GfGRLiB.exe
  C:\Windows\System\GfGRLiB.exe
  2⤵
  PID:6596
- C:\Windows\System\UEPZdAf.exe
  C:\Windows\System\UEPZdAf.exe
  2⤵
  PID:6464
- C:\Windows\System\SHGpaht.exe
  C:\Windows\System\SHGpaht.exe
  2⤵
  PID:5444
- C:\Windows\System\yjUehJM.exe
  C:\Windows\System\yjUehJM.exe
  2⤵
  PID:9268
- C:\Windows\System\JOsinSC.exe
  C:\Windows\System\JOsinSC.exe
  2⤵
  PID:7324
- C:\Windows\System\QCNBJAa.exe
  C:\Windows\System\QCNBJAa.exe
  2⤵
  PID:9368
- C:\Windows\System\yWwNVhJ.exe
  C:\Windows\System\yWwNVhJ.exe
  2⤵
  PID:5828
- C:\Windows\System\yIiRSgy.exe
  C:\Windows\System\yIiRSgy.exe
  2⤵
  PID:11272
- C:\Windows\System\tpvTtTS.exe
  C:\Windows\System\tpvTtTS.exe
  2⤵
  PID:11292
- C:\Windows\System\SMpMlbZ.exe
  C:\Windows\System\SMpMlbZ.exe
  2⤵
  PID:11308
- C:\Windows\System\wZPIMNJ.exe
  C:\Windows\System\wZPIMNJ.exe
  2⤵
  PID:11336
- C:\Windows\System\YEEKbCB.exe
  C:\Windows\System\YEEKbCB.exe
  2⤵
  PID:11360
- C:\Windows\System\PIHsYyN.exe
  C:\Windows\System\PIHsYyN.exe
  2⤵
  PID:11384
- C:\Windows\System\RwkBESC.exe
  C:\Windows\System\RwkBESC.exe
  2⤵
  PID:11412
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 11412 -s 28
    3⤵
    PID:3420
- C:\Windows\System\GUdkCQi.exe
  C:\Windows\System\GUdkCQi.exe
  2⤵
  PID:11428
- C:\Windows\System\UCitamv.exe
  C:\Windows\System\UCitamv.exe
  2⤵
  PID:11444
- C:\Windows\System\hpMoFvt.exe
  C:\Windows\System\hpMoFvt.exe
  2⤵
  PID:11468
- C:\Windows\System\TYPnDhH.exe
  C:\Windows\System\TYPnDhH.exe
  2⤵
  PID:11496
- C:\Windows\System\LfsxFfG.exe
  C:\Windows\System\LfsxFfG.exe
  2⤵
  PID:11516
- C:\Windows\System\ajidYbz.exe
  C:\Windows\System\ajidYbz.exe
  2⤵
  PID:11532
- C:\Windows\System\nWsjQCo.exe
  C:\Windows\System\nWsjQCo.exe
  2⤵
  PID:11552
- C:\Windows\System\biMyzJS.exe
  C:\Windows\System\biMyzJS.exe
  2⤵
  PID:11584
- C:\Windows\System\gXDTXLm.exe
  C:\Windows\System\gXDTXLm.exe
  2⤵
  PID:11600
- C:\Windows\System\VUEudqT.exe
  C:\Windows\System\VUEudqT.exe
  2⤵
  PID:11616
- C:\Windows\System\uZLuYCf.exe
  C:\Windows\System\uZLuYCf.exe
  2⤵
  PID:11632
- C:\Windows\System\tVZCBPA.exe
  C:\Windows\System\tVZCBPA.exe
  2⤵
  PID:11648
- C:\Windows\System\RIHbOoz.exe
  C:\Windows\System\RIHbOoz.exe
  2⤵
  PID:11664
- C:\Windows\System\HdKpcba.exe
  C:\Windows\System\HdKpcba.exe
  2⤵
  PID:11680
- C:\Windows\System\nLtjyey.exe
  C:\Windows\System\nLtjyey.exe
  2⤵
  PID:11696
- C:\Windows\System\zogWBzw.exe
  C:\Windows\System\zogWBzw.exe
  2⤵
  PID:11712
- C:\Windows\System\vthBRXy.exe
  C:\Windows\System\vthBRXy.exe
  2⤵
  PID:11732
- C:\Windows\System\roGqtrd.exe
  C:\Windows\System\roGqtrd.exe
  2⤵
  PID:11752
- C:\Windows\System\SIYkDzN.exe
  C:\Windows\System\SIYkDzN.exe
  2⤵
  PID:11768
- C:\Windows\System\BtCBEmG.exe
  C:\Windows\System\BtCBEmG.exe
  2⤵
  PID:11792
- C:\Windows\System\SdFfZRZ.exe
  C:\Windows\System\SdFfZRZ.exe
  2⤵
  PID:11816
- C:\Windows\System\zrtxfIP.exe
  C:\Windows\System\zrtxfIP.exe
  2⤵
  PID:11832
- C:\Windows\System\ifDmIvp.exe
  C:\Windows\System\ifDmIvp.exe
  2⤵
  PID:11852
- C:\Windows\System\HqmkrJd.exe
  C:\Windows\System\HqmkrJd.exe
  2⤵
  PID:11868
- C:\Windows\System\QoaXAIe.exe
  C:\Windows\System\QoaXAIe.exe
  2⤵
  PID:11888
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 11888 -s 28
    3⤵
    PID:14208
- C:\Windows\System\kwgDgcC.exe
  C:\Windows\System\kwgDgcC.exe
  2⤵
  PID:11904
- C:\Windows\System\UAuzyaH.exe
  C:\Windows\System\UAuzyaH.exe
  2⤵
  PID:11932
- C:\Windows\System\EHjIfVO.exe
  C:\Windows\System\EHjIfVO.exe
  2⤵
  PID:11948
- C:\Windows\System\gYfWIus.exe
  C:\Windows\System\gYfWIus.exe
  2⤵
  PID:11968
- C:\Windows\System\quHqUcJ.exe
  C:\Windows\System\quHqUcJ.exe
  2⤵
  PID:11988
- C:\Windows\System\TSFyrCD.exe
  C:\Windows\System\TSFyrCD.exe
  2⤵
  PID:12008
- C:\Windows\System\bevpCdc.exe
  C:\Windows\System\bevpCdc.exe
  2⤵
  PID:12032
- C:\Windows\System\HBByKJc.exe
  C:\Windows\System\HBByKJc.exe
  2⤵
  PID:12052
- C:\Windows\System\WapNQlB.exe
  C:\Windows\System\WapNQlB.exe
  2⤵
  PID:12076
- C:\Windows\System\HRvzqOc.exe
  C:\Windows\System\HRvzqOc.exe
  2⤵
  PID:12092
- C:\Windows\System\vLbAVtx.exe
  C:\Windows\System\vLbAVtx.exe
  2⤵
  PID:12112
- C:\Windows\System\JJBArjH.exe
  C:\Windows\System\JJBArjH.exe
  2⤵
  PID:12132
- C:\Windows\System\uDKrBVz.exe
  C:\Windows\System\uDKrBVz.exe
  2⤵
  PID:12152
- C:\Windows\System\RGqxAFh.exe
  C:\Windows\System\RGqxAFh.exe
  2⤵
  PID:12172
- C:\Windows\System\vOOCHpE.exe
  C:\Windows\System\vOOCHpE.exe
  2⤵
  PID:12196
- C:\Windows\System\GdOQHVf.exe
  C:\Windows\System\GdOQHVf.exe
  2⤵
  PID:12224
- C:\Windows\System\aZbiteS.exe
  C:\Windows\System\aZbiteS.exe
  2⤵
  PID:12244
- C:\Windows\System\bsMvUfy.exe
  C:\Windows\System\bsMvUfy.exe
  2⤵
  PID:12264
- C:\Windows\System\PdWzlOp.exe
  C:\Windows\System\PdWzlOp.exe
  2⤵
  PID:12280
- C:\Windows\System\cziNBEC.exe
  C:\Windows\System\cziNBEC.exe
  2⤵
  PID:9584
- C:\Windows\System\HBdCALx.exe
  C:\Windows\System\HBdCALx.exe
  2⤵
  PID:7728
- C:\Windows\System\YKOJXxp.exe
  C:\Windows\System\YKOJXxp.exe
  2⤵
  PID:7776
- C:\Windows\System\aXgdsKg.exe
  C:\Windows\System\aXgdsKg.exe
  2⤵
  PID:7816
- C:\Windows\System\PWBBYnI.exe
  C:\Windows\System\PWBBYnI.exe
  2⤵
  PID:7852
- C:\Windows\System\emWENqx.exe
  C:\Windows\System\emWENqx.exe
  2⤵
  PID:7904
- C:\Windows\System\UzTXQYi.exe
  C:\Windows\System\UzTXQYi.exe
  2⤵
  PID:7936
- C:\Windows\System\fRqvBnO.exe
  C:\Windows\System\fRqvBnO.exe
  2⤵
  PID:7988
- C:\Windows\System\TsMOSBK.exe
  C:\Windows\System\TsMOSBK.exe
  2⤵
  PID:8044
- C:\Windows\System\ujyklSD.exe
  C:\Windows\System\ujyklSD.exe
  2⤵
  PID:9732
- C:\Windows\System\JFvaRjX.exe
  C:\Windows\System\JFvaRjX.exe
  2⤵
  PID:8304
- C:\Windows\System\TJgfISJ.exe
  C:\Windows\System\TJgfISJ.exe
  2⤵
  PID:9900
- C:\Windows\System\HpkTAKE.exe
  C:\Windows\System\HpkTAKE.exe
  2⤵
  PID:9948
- C:\Windows\System\QfLSRxi.exe
  C:\Windows\System\QfLSRxi.exe
  2⤵
  PID:10020
- C:\Windows\System\nRocNAd.exe
  C:\Windows\System\nRocNAd.exe
  2⤵
  PID:8636
- C:\Windows\System\SUJdGDq.exe
  C:\Windows\System\SUJdGDq.exe
  2⤵
  PID:10132
- C:\Windows\System\vztJvlB.exe
  C:\Windows\System\vztJvlB.exe
  2⤵
  PID:10188
- C:\Windows\System\nlguNuI.exe
  C:\Windows\System\nlguNuI.exe
  2⤵
  PID:7272
- C:\Windows\System\YJwzxMW.exe
  C:\Windows\System\YJwzxMW.exe
  2⤵
  PID:8768
- C:\Windows\System\xVGVZHq.exe
  C:\Windows\System\xVGVZHq.exe
  2⤵
  PID:6956
- C:\Windows\System\DvPyVYN.exe
  C:\Windows\System\DvPyVYN.exe
  2⤵
  PID:7120
- C:\Windows\System\bFSuZWg.exe
  C:\Windows\System\bFSuZWg.exe
  2⤵
  PID:8868
- C:\Windows\System\pitZoZy.exe
  C:\Windows\System\pitZoZy.exe
  2⤵
  PID:8092
- C:\Windows\System\rQGCEVK.exe
  C:\Windows\System\rQGCEVK.exe
  2⤵
  PID:8472
- C:\Windows\System\LfBbRBH.exe
  C:\Windows\System\LfBbRBH.exe
  2⤵
  PID:8956
- C:\Windows\System\iNvPcUQ.exe
  C:\Windows\System\iNvPcUQ.exe
  2⤵
  PID:8080
- C:\Windows\System\PgPVRJu.exe
  C:\Windows\System\PgPVRJu.exe
  2⤵
  PID:8996
- C:\Windows\System\HmHUcPJ.exe
  C:\Windows\System\HmHUcPJ.exe
  2⤵
  PID:9056
- C:\Windows\System\IAMAagD.exe
  C:\Windows\System\IAMAagD.exe
  2⤵
  PID:9136
- C:\Windows\System\SjzRWYB.exe
  C:\Windows\System\SjzRWYB.exe
  2⤵
  PID:9168
- C:\Windows\System\fOfWcSK.exe
  C:\Windows\System\fOfWcSK.exe
  2⤵
  PID:12308
- C:\Windows\System\UuDUyXp.exe
  C:\Windows\System\UuDUyXp.exe
  2⤵
  PID:12332
- C:\Windows\System\UrVfxrG.exe
  C:\Windows\System\UrVfxrG.exe
  2⤵
  PID:12352
- C:\Windows\System\yxxyHye.exe
  C:\Windows\System\yxxyHye.exe
  2⤵
  PID:12372
- C:\Windows\System\NTJbMVL.exe
  C:\Windows\System\NTJbMVL.exe
  2⤵
  PID:12392
- C:\Windows\System\TRhhGCo.exe
  C:\Windows\System\TRhhGCo.exe
  2⤵
  PID:12420
- C:\Windows\System\XSlbjHd.exe
  C:\Windows\System\XSlbjHd.exe
  2⤵
  PID:12440
- C:\Windows\System\aAFJSea.exe
  C:\Windows\System\aAFJSea.exe
  2⤵
  PID:12464
- C:\Windows\System\wtXPMWp.exe
  C:\Windows\System\wtXPMWp.exe
  2⤵
  PID:12480
- C:\Windows\System\jBHPRRL.exe
  C:\Windows\System\jBHPRRL.exe
  2⤵
  PID:12500
- C:\Windows\System\TyxleTy.exe
  C:\Windows\System\TyxleTy.exe
  2⤵
  PID:12520
- C:\Windows\System\LsmVxAC.exe
  C:\Windows\System\LsmVxAC.exe
  2⤵
  PID:12536
- C:\Windows\System\inBMdmP.exe
  C:\Windows\System\inBMdmP.exe
  2⤵
  PID:12552
- C:\Windows\System\dhsfHcv.exe
  C:\Windows\System\dhsfHcv.exe
  2⤵
  PID:12568
- C:\Windows\System\UHXCzOz.exe
  C:\Windows\System\UHXCzOz.exe
  2⤵
  PID:12584
- C:\Windows\System\lsXFTWx.exe
  C:\Windows\System\lsXFTWx.exe
  2⤵
  PID:12604
- C:\Windows\System\HPDHdCQ.exe
  C:\Windows\System\HPDHdCQ.exe
  2⤵
  PID:12620
- C:\Windows\System\xMCYaXn.exe
  C:\Windows\System\xMCYaXn.exe
  2⤵
  PID:12636
- C:\Windows\System\hOaytHZ.exe
  C:\Windows\System\hOaytHZ.exe
  2⤵
  PID:12652
- C:\Windows\System\vWkGiJO.exe
  C:\Windows\System\vWkGiJO.exe
  2⤵
  PID:12680
- C:\Windows\System\ffjuwEC.exe
  C:\Windows\System\ffjuwEC.exe
  2⤵
  PID:12700
- C:\Windows\System\JiiEStV.exe
  C:\Windows\System\JiiEStV.exe
  2⤵
  PID:12720
- C:\Windows\System\BtyGzzc.exe
  C:\Windows\System\BtyGzzc.exe
  2⤵
  PID:12736
- C:\Windows\System\LwBZGxP.exe
  C:\Windows\System\LwBZGxP.exe
  2⤵
  PID:12760
- C:\Windows\System\WUKGNit.exe
  C:\Windows\System\WUKGNit.exe
  2⤵
  PID:12788
- C:\Windows\System\ayvrLVW.exe
  C:\Windows\System\ayvrLVW.exe
  2⤵
  PID:12808
- C:\Windows\System\BaIUPeT.exe
  C:\Windows\System\BaIUPeT.exe
  2⤵
  PID:12828
- C:\Windows\System\CiSPHJK.exe
  C:\Windows\System\CiSPHJK.exe
  2⤵
  PID:12848
- C:\Windows\System\eudBjKH.exe
  C:\Windows\System\eudBjKH.exe
  2⤵
  PID:12864
- C:\Windows\System\jiYYdtL.exe
  C:\Windows\System\jiYYdtL.exe
  2⤵
  PID:12892
- C:\Windows\System\lFolZjv.exe
  C:\Windows\System\lFolZjv.exe
  2⤵
  PID:12912
- C:\Windows\System\OEtykFE.exe
  C:\Windows\System\OEtykFE.exe
  2⤵
  PID:12932
- C:\Windows\System\KbBejLi.exe
  C:\Windows\System\KbBejLi.exe
  2⤵
  PID:12956
- C:\Windows\System\cDfbvJK.exe
  C:\Windows\System\cDfbvJK.exe
  2⤵
  PID:12980
- C:\Windows\System\BgowWzD.exe
  C:\Windows\System\BgowWzD.exe
  2⤵
  PID:12996
- C:\Windows\System\FEOfvOL.exe
  C:\Windows\System\FEOfvOL.exe
  2⤵
  PID:13016
- C:\Windows\System\JpPlgZJ.exe
  C:\Windows\System\JpPlgZJ.exe
  2⤵
  PID:13040
- C:\Windows\System\cnZOMpG.exe
  C:\Windows\System\cnZOMpG.exe
  2⤵
  PID:13064
- C:\Windows\System\QcVGsdz.exe
  C:\Windows\System\QcVGsdz.exe
  2⤵
  PID:13100
- C:\Windows\System\FLTYAnL.exe
  C:\Windows\System\FLTYAnL.exe
  2⤵
  PID:9752
- C:\Windows\System\JVOeQAV.exe
  C:\Windows\System\JVOeQAV.exe
  2⤵
  PID:11924
- C:\Windows\System\XKYpZWR.exe
  C:\Windows\System\XKYpZWR.exe
  2⤵
  PID:11568
- C:\Windows\System\JCeIkzn.exe
  C:\Windows\System\JCeIkzn.exe
  2⤵
  PID:12000
- C:\Windows\System\gkRoJDU.exe
  C:\Windows\System\gkRoJDU.exe
  2⤵
  PID:10168
- C:\Windows\System\qqpRpjz.exe
  C:\Windows\System\qqpRpjz.exe
  2⤵
  PID:7172
- C:\Windows\System\uOxMnQT.exe
  C:\Windows\System\uOxMnQT.exe
  2⤵
  PID:4332
- C:\Windows\System\podNElS.exe
  C:\Windows\System\podNElS.exe
  2⤵
  PID:11592
- C:\Windows\System\ZrIepdq.exe
  C:\Windows\System\ZrIepdq.exe
  2⤵
  PID:9448
- C:\Windows\System\qSgOIAf.exe
  C:\Windows\System\qSgOIAf.exe
  2⤵
  PID:9552
- C:\Windows\System\XFhXlRa.exe
  C:\Windows\System\XFhXlRa.exe
  2⤵
  PID:9736
- C:\Windows\System\TTBAdEl.exe
  C:\Windows\System\TTBAdEl.exe
  2⤵
  PID:9772
- C:\Windows\System\DnFCcxl.exe
  C:\Windows\System\DnFCcxl.exe
  2⤵
  PID:3384
- C:\Windows\System\MYNVDJK.exe
  C:\Windows\System\MYNVDJK.exe
  2⤵
  PID:4944
- C:\Windows\System\WDtLhKn.exe
  C:\Windows\System\WDtLhKn.exe
  2⤵
  PID:5312
- C:\Windows\System\TuqKcCD.exe
  C:\Windows\System\TuqKcCD.exe
  2⤵
  PID:10300
- C:\Windows\System\QjFQVvJ.exe
  C:\Windows\System\QjFQVvJ.exe
  2⤵
  PID:10532
- C:\Windows\System\mVSZWfo.exe
  C:\Windows\System\mVSZWfo.exe
  2⤵
  PID:10656
- C:\Windows\System\lvdhBlb.exe
  C:\Windows\System\lvdhBlb.exe
  2⤵
  PID:12928
- C:\Windows\System\NyqZtHC.exe
  C:\Windows\System\NyqZtHC.exe
  2⤵
  PID:13092
- C:\Windows\System\hZVvega.exe
  C:\Windows\System\hZVvega.exe
  2⤵
  PID:11260
- C:\Windows\System\WeZPGdh.exe
  C:\Windows\System\WeZPGdh.exe
  2⤵
  PID:11452
- C:\Windows\System\JrvWvuM.exe
  C:\Windows\System\JrvWvuM.exe
  2⤵
  PID:10976
- C:\Windows\System\LmIubOA.exe
  C:\Windows\System\LmIubOA.exe
  2⤵
  PID:9984
- C:\Windows\System\EQHUUKZ.exe
  C:\Windows\System\EQHUUKZ.exe
  2⤵
  PID:10068
- C:\Windows\System\kdmQPle.exe
  C:\Windows\System\kdmQPle.exe
  2⤵
  PID:2684
- C:\Windows\System\tAaYVEu.exe
  C:\Windows\System\tAaYVEu.exe
  2⤵
  PID:8088
- C:\Windows\System\VJSilsp.exe
  C:\Windows\System\VJSilsp.exe
  2⤵
  PID:10320
- C:\Windows\System\KBThxjL.exe
  C:\Windows\System\KBThxjL.exe
  2⤵
  PID:10900
- C:\Windows\System\hOrYqYs.exe
  C:\Windows\System\hOrYqYs.exe
  2⤵
  PID:13224
- C:\Windows\System\dAXLBny.exe
  C:\Windows\System\dAXLBny.exe
  2⤵
  PID:11316
- C:\Windows\System\mTjYziO.exe
  C:\Windows\System\mTjYziO.exe
  2⤵
  PID:11692
- C:\Windows\System\KVNEFDg.exe
  C:\Windows\System\KVNEFDg.exe
  2⤵
  PID:12860
- C:\Windows\System\AeoClqn.exe
  C:\Windows\System\AeoClqn.exe
  2⤵
  PID:8640
- C:\Windows\System\hSQhMYC.exe
  C:\Windows\System\hSQhMYC.exe
  2⤵
  PID:12324
- C:\Windows\System\ZPoLczH.exe
  C:\Windows\System\ZPoLczH.exe
  2⤵
  PID:4356
- C:\Windows\System\ksnhcXe.exe
  C:\Windows\System\ksnhcXe.exe
  2⤵
  PID:10992
- C:\Windows\System\qVkaapl.exe
  C:\Windows\System\qVkaapl.exe
  2⤵
  PID:12560
- C:\Windows\System\FFllPfJ.exe
  C:\Windows\System\FFllPfJ.exe
  2⤵
  PID:11760
- C:\Windows\System\FwyIdIK.exe
  C:\Windows\System\FwyIdIK.exe
  2⤵
  PID:11964
- C:\Windows\System\zCBRNDG.exe
  C:\Windows\System\zCBRNDG.exe
  2⤵
  PID:7848
- C:\Windows\System\zevPERE.exe
  C:\Windows\System\zevPERE.exe
  2⤵
  PID:10004
- C:\Windows\System\FSbKDVq.exe
  C:\Windows\System\FSbKDVq.exe
  2⤵
  PID:10948
- C:\Windows\System\TUEywzc.exe
  C:\Windows\System\TUEywzc.exe
  2⤵
  PID:13136
- C:\Windows\System\KFAEPPd.exe
  C:\Windows\System\KFAEPPd.exe
  2⤵
  PID:12964
- C:\Windows\System\RzvecdC.exe
  C:\Windows\System\RzvecdC.exe
  2⤵
  PID:12840
- C:\Windows\System\USSPYbc.exe
  C:\Windows\System\USSPYbc.exe
  2⤵
  PID:12084
- C:\Windows\System\ApHTJex.exe
  C:\Windows\System\ApHTJex.exe
  2⤵
  PID:8728
- C:\Windows\System\ZJWXVwq.exe
  C:\Windows\System\ZJWXVwq.exe
  2⤵
  PID:12368
- C:\Windows\System\nzpiTNK.exe
  C:\Windows\System\nzpiTNK.exe
  2⤵
  PID:11548
- C:\Windows\System\UsgIfXb.exe
  C:\Windows\System\UsgIfXb.exe
  2⤵
  PID:12388
- C:\Windows\System\GeRmFOP.exe
  C:\Windows\System\GeRmFOP.exe
  2⤵
  PID:3972
- C:\Windows\System\HImOibo.exe
  C:\Windows\System\HImOibo.exe
  2⤵
  PID:3600
- C:\Windows\System\SOoqwLj.exe
  C:\Windows\System\SOoqwLj.exe
  2⤵
  PID:10752
- C:\Windows\System\RKYARLi.exe
  C:\Windows\System\RKYARLi.exe
  2⤵
  PID:11628
- C:\Windows\System\SIyzwvb.exe
  C:\Windows\System\SIyzwvb.exe
  2⤵
  PID:13032
- C:\Windows\System\fTNsazI.exe
  C:\Windows\System\fTNsazI.exe
  2⤵
  PID:5140
- C:\Windows\System\HgsSBtR.exe
  C:\Windows\System\HgsSBtR.exe
  2⤵
  PID:10448
- C:\Windows\System\MRQIUyn.exe
  C:\Windows\System\MRQIUyn.exe
  2⤵
  PID:13828
- C:\Windows\System\ApFuyRs.exe
  C:\Windows\System\ApFuyRs.exe
  2⤵
  PID:13860
- C:\Windows\System\SbWdrpt.exe
  C:\Windows\System\SbWdrpt.exe
  2⤵
  PID:13884
- C:\Windows\System\egdGaux.exe
  C:\Windows\System\egdGaux.exe
  2⤵
  PID:13904
- C:\Windows\System\dUNKyVW.exe
  C:\Windows\System\dUNKyVW.exe
  2⤵
  PID:13920
- C:\Windows\System\QtfOhJI.exe
  C:\Windows\System\QtfOhJI.exe
  2⤵
  PID:13972
- C:\Windows\System\CNrywTX.exe
  C:\Windows\System\CNrywTX.exe
  2⤵
  PID:14000
- C:\Windows\System\ODjbpEn.exe
  C:\Windows\System\ODjbpEn.exe
  2⤵
  PID:14052
- C:\Windows\System\dULpSUB.exe
  C:\Windows\System\dULpSUB.exe
  2⤵
  PID:14076
- C:\Windows\System\shczfyC.exe
  C:\Windows\System\shczfyC.exe
  2⤵
  PID:14104
- C:\Windows\System\ogCOpTx.exe
  C:\Windows\System\ogCOpTx.exe
  2⤵
  PID:14188
- C:\Windows\System\tBdTgGA.exe
  C:\Windows\System\tBdTgGA.exe
  2⤵
  PID:14224
- C:\Windows\System\TukWwGG.exe
  C:\Windows\System\TukWwGG.exe
  2⤵
  PID:14244
- C:\Windows\System\mupkPFR.exe
  C:\Windows\System\mupkPFR.exe
  2⤵
  PID:14264
- C:\Windows\System\IIkyWhN.exe
  C:\Windows\System\IIkyWhN.exe
  2⤵
  PID:14280
- C:\Windows\System\BYklads.exe
  C:\Windows\System\BYklads.exe
  2⤵
  PID:14312
- C:\Windows\System\kBxudTV.exe
  C:\Windows\System\kBxudTV.exe
  2⤵
  PID:14332
- C:\Windows\System\Medukpl.exe
  C:\Windows\System\Medukpl.exe
  2⤵
  PID:8700
- C:\Windows\System\vAlINHL.exe
  C:\Windows\System\vAlINHL.exe
  2⤵
  PID:11864
- C:\Windows\System\onXaVox.exe
  C:\Windows\System\onXaVox.exe
  2⤵
  PID:7692
- C:\Windows\System\wIMixEC.exe
  C:\Windows\System\wIMixEC.exe
  2⤵
  PID:12492
- C:\Windows\System\rIrkYHC.exe
  C:\Windows\System\rIrkYHC.exe
  2⤵
  PID:11476
- C:\Windows\System\rAsfDYT.exe
  C:\Windows\System\rAsfDYT.exe
  2⤵
  PID:8556
- C:\Windows\System\sKAodZw.exe
  C:\Windows\System\sKAodZw.exe
  2⤵
  PID:9252
- C:\Windows\System\vPDCFMs.exe
  C:\Windows\System\vPDCFMs.exe
  2⤵
  PID:8584
- C:\Windows\System\JsuhWZG.exe
  C:\Windows\System\JsuhWZG.exe
  2⤵
  PID:13360
- C:\Windows\System\hGAXYzR.exe
  C:\Windows\System\hGAXYzR.exe
  2⤵
  PID:13936
- C:\Windows\System\oqEZhLG.exe
  C:\Windows\System\oqEZhLG.exe
  2⤵
  PID:14068
- C:\Windows\System\AcSHhvr.exe
  C:\Windows\System\AcSHhvr.exe
  2⤵
  PID:13820
- C:\Windows\System\RrlKUrd.exe
  C:\Windows\System\RrlKUrd.exe
  2⤵
  PID:13460
- C:\Windows\System\obhMxIf.exe
  C:\Windows\System\obhMxIf.exe
  2⤵
  PID:13896
- C:\Windows\System\EppItQM.exe
  C:\Windows\System\EppItQM.exe
  2⤵
  PID:13620
- C:\Windows\System\BzkBqTu.exe
  C:\Windows\System\BzkBqTu.exe
  2⤵
  PID:14256
- C:\Windows\System\IydSBOC.exe
  C:\Windows\System\IydSBOC.exe
  2⤵
  PID:13732
- C:\Windows\System\okcaerx.exe
  C:\Windows\System\okcaerx.exe
  2⤵
  PID:14144
- C:\Windows\System\fdpmKpw.exe
  C:\Windows\System\fdpmKpw.exe
  2⤵
  PID:808
- C:\Windows\System\OHOJGFF.exe
  C:\Windows\System\OHOJGFF.exe
  2⤵
  PID:10588
- C:\Windows\System\HIUrSnJ.exe
  C:\Windows\System\HIUrSnJ.exe
  2⤵
  PID:13464
- C:\Windows\System\zLPrjRU.exe
  C:\Windows\System\zLPrjRU.exe
  2⤵
  PID:12668
- C:\Windows\System\tFQrdrk.exe
  C:\Windows\System\tFQrdrk.exe
  2⤵
  PID:13788
- C:\Windows\System\CYpkPWt.exe
  C:\Windows\System\CYpkPWt.exe
  2⤵
  PID:9480
- C:\Windows\System\cTRMkle.exe
  C:\Windows\System\cTRMkle.exe
  2⤵
  PID:13872
- C:\Windows\System\HNeIVne.exe
  C:\Windows\System\HNeIVne.exe
  2⤵
  PID:8704
- C:\Windows\System\aVzvsQI.exe
  C:\Windows\System\aVzvsQI.exe
  2⤵
  PID:13396
- C:\Windows\System\UjOXezH.exe
  C:\Windows\System\UjOXezH.exe
  2⤵
  PID:13648
- C:\Windows\System\ONfAoWD.exe
  C:\Windows\System\ONfAoWD.exe
  2⤵
  PID:10884
- C:\Windows\System\heCHkiz.exe
  C:\Windows\System\heCHkiz.exe
  2⤵
  PID:10404
- C:\Windows\System\CQLwpPm.exe
  C:\Windows\System\CQLwpPm.exe
  2⤵
  PID:13948
- C:\Windows\System\sGGENdo.exe
  C:\Windows\System\sGGENdo.exe
  2⤵
  PID:13512
- C:\Windows\System\IUNybby.exe
  C:\Windows\System\IUNybby.exe
  2⤵
  PID:9608
- C:\Windows\System\iPmxJBw.exe
  C:\Windows\System\iPmxJBw.exe
  2⤵
  PID:14060
- C:\Windows\System\BkaRjQj.exe
  C:\Windows\System\BkaRjQj.exe
  2⤵
  PID:2480
- C:\Windows\System\DoQobMT.exe
  C:\Windows\System\DoQobMT.exe
  2⤵
  PID:13708
- C:\Windows\System\GenuLZU.exe
  C:\Windows\System\GenuLZU.exe
  2⤵
  PID:14048
- C:\Windows\System\oiYxUIO.exe
  C:\Windows\System\oiYxUIO.exe
  2⤵
  PID:13524
- C:\Windows\System\lplDgeV.exe
  C:\Windows\System\lplDgeV.exe
  2⤵
  PID:13836
- C:\Windows\System\ayuwKLY.exe
  C:\Windows\System\ayuwKLY.exe
  2⤵
  PID:13952
- C:\Windows\System\FGFLngt.exe
  C:\Windows\System\FGFLngt.exe
  2⤵
  PID:14304
- C:\Windows\System\kMHrTbG.exe
  C:\Windows\System\kMHrTbG.exe
  2⤵
  PID:6540
- C:\Windows\System\uqEMhQy.exe
  C:\Windows\System\uqEMhQy.exe
  2⤵
  PID:13792
- C:\Windows\System\OnWBbBC.exe
  C:\Windows\System\OnWBbBC.exe
  2⤵
  PID:12752
- C:\Windows\System\KEJtiFi.exe
  C:\Windows\System\KEJtiFi.exe
  2⤵
  PID:13120
- C:\Windows\System\RPFVQlS.exe
  C:\Windows\System\RPFVQlS.exe
  2⤵
  PID:14208
- C:\Windows\System\gsqsumh.exe
  C:\Windows\System\gsqsumh.exe
  2⤵
  PID:13336
- C:\Windows\System\OwclDbk.exe
  C:\Windows\System\OwclDbk.exe
  2⤵
  PID:13756
- C:\Windows\System\fBwORFP.exe
  C:\Windows\System\fBwORFP.exe
  2⤵
  PID:1012
- C:\Windows\System\xDaBCMv.exe
  C:\Windows\System\xDaBCMv.exe
  2⤵
  PID:3420
- C:\Windows\System\KLQMbnj.exe
  C:\Windows\System\KLQMbnj.exe
  2⤵
  PID:13384
- C:\Windows\System\giRuAGS.exe
  C:\Windows\System\giRuAGS.exe
  2⤵
  PID:12516
- C:\Windows\System\OukmlBn.exe
  C:\Windows\System\OukmlBn.exe
  2⤵
  PID:4736
- C:\Windows\System\oUybeUJ.exe
  C:\Windows\System\oUybeUJ.exe
  2⤵
  PID:3048
- C:\Windows\System\JEOMdIq.exe
  C:\Windows\System\JEOMdIq.exe
  2⤵
  PID:9064
- C:\Windows\System\EJJDNcE.exe
  C:\Windows\System\EJJDNcE.exe
  2⤵
  PID:13540
- C:\Windows\System\qDtlTNV.exe
  C:\Windows\System\qDtlTNV.exe
  2⤵
  PID:3372
- C:\Windows\System\ryaJzbX.exe
  C:\Windows\System\ryaJzbX.exe
  2⤵
  PID:3892

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 608 -p 11868 -ip 11868
1⤵
PID:13524

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 616 -p 11044 -ip 11044
1⤵
PID:8704

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 608 -p 836 -ip 836
1⤵
PID:10884

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:11396

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:12368

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yurvmxls.03w.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BYBiWMh.exe

Filesize
1.3MB

MD5
7e5b6d7ea3c22f71008a73d138065303

SHA1
8cfcba3411cecdd428dfa07fb1258ac479dcf36c

SHA256
bcb6e14a0b563830f5782ce2e9da14d731ecf2baffc993ded42da46e66a0e5eb

SHA512
2083af23c79b7771249a3f783060483f20bd80b5694a03c8072c66fb735d7573b2174247e5d59cf3f2f9275ba33721bd41e6a121b0e801f8db4582d0ef95f200

Download Submit
C:\Windows\System\BdEYMYP.exe

Filesize
1.3MB

MD5
7755bd4d5c11093cd3fa0f5b555710ca

SHA1
061fff0695a45ab3a94de85c88b02d10bc8db4bb

SHA256
a836766bd134e7ed6a5318b5e0edb82d9c479bed769efbf3b225c7fae349a100

SHA512
261ffcc0c59ae8b931d364b7b92e6bad5022d4032ab71a3f39034fcf641a5cdc4208de89afa3092d2b7f58dff5306fc8d4691c29bd7e47405bd179813e6c242f

Download Submit
C:\Windows\System\BmXOxnL.exe

Filesize
1.3MB

MD5
934b050186ca73666e98e2680e5c6568

SHA1
287cec371fd82bfb8b0e424850ec8f986ec0c16b

SHA256
da55b551b0ea949eae4f39483f975f9d7af649d633692fa9a0e8a686bd9d67cc

SHA512
d74938de16737f6c36c363d2dd9152db479210200ef8f85d164856ff98763ceb2908dc1da3409a4a805f28d050efb8c6b5ecc554d38dcdc6828dcfa91c20b3fd

Download Submit
C:\Windows\System\BrWdcgG.exe

Filesize
1.3MB

MD5
4aaed298b7f8dc5ed4f3ae59dda6cf22

SHA1
f04556729a968a9b79a3b6fadedd8f3c65a824c0

SHA256
87435ea28165bef7da557e0064a51595e719041148d6ef5baeed25ba08f82347

SHA512
0ab94b8cabfd8cf8686cf56e1e5a44222e750b2aa2d9f9466a38e4f69cb3f2f804d4f830e4971cb0ccb2facb46ab9c3aee6e4caa94a5e43ffd7b75dbab060bfe

Download Submit
C:\Windows\System\EnSXcSP.exe

Filesize
1.3MB

MD5
45cd36ea5fbcd38b59a52d16c0fc9789

SHA1
4a7316d0cb9da18c150730e0dd14ab3c6ef738da

SHA256
684ca97713d3ade10005e6afe7d7af067ca677c37ed2c12a42e3856f76d661b4

SHA512
3198d3dea10479c6de5fb28c6b6a726bb1c730dfd801c260b3ad6a13ca9d08a38db966ec64de79ef6d8c3c19f6b9e02f1b08ef8bd10259fb4edf32226ef94859

Download Submit
C:\Windows\System\GFdeVyL.exe

Filesize
1.3MB

MD5
f86b72023f04476d19d6dfd2ee22da77

SHA1
8acd4da7300b3f4e0f2642f51082a414c65926eb

SHA256
9851c2884f1ecb91eb073dfe76dc8dbd6b24b6b6c813b498d2d2ed47ba53b103

SHA512
e0a1a2af92a7cbaf3c82e234d5c56020a7482255abcf431f942c8d37bb5d8006ac43682f79d22e6b22eba42344c92772e6356207d141d66f73b2c0c067f54150

Download Submit
C:\Windows\System\GlYeoWS.exe

Filesize
1.3MB

MD5
77127e7313737916c967fa2e715a5c7a

SHA1
a1e44a32561c0c9090a2b6ab9c21abfb09310054

SHA256
5deda9287abc1ead24b2b50c6afad865d90babb54134199219416c1c4abbb66f

SHA512
7eebe34dadf23c4dd335406652d828087edfb8d6068cf89d5b2eda7a5a0f15731a48a22891f909055b1bdecf17484d3b5f28c328c386e1e8ac282aae38bfad02

Download Submit
C:\Windows\System\HtMxVcd.exe

Filesize
1.3MB

MD5
eaf55132ba3031b15561f4844e79fc88

SHA1
93216cb89018edaace5d6457006b460bb7cf5d81

SHA256
ea2cfcf08408510b875250236b2ee0503c23b833f4bd94f3e4439694cba24223

SHA512
2730dcbd7ac227d4233351f7243f16445f46557ec02d8d0fddb2edb38b5b51a19c8684e58e170abc0999f1597a0e05070463677d4b4da98ae37a38853a2da2f6

Download Submit
C:\Windows\System\KbtwnuI.exe

Filesize
1.3MB

MD5
4895fedce44ee6b4f2f76381ac4fd302

SHA1
b3311d8aa8f6ad415b5b8eaacd4bf6adcde03177

SHA256
af500cdc5e803fdd38230420ebd403f1b5107afab0931990e24390d5a00d65a1

SHA512
19976f796533a7c76ee5e250070d8404c49254a732d296e713c16f3686b5847cb0f640618322ff091cb81fe82025d42bdc558b43d11c9a59b863e888e0161cf9

Download Submit
C:\Windows\System\MfczXYA.exe

Filesize
1.3MB

MD5
d6412833deb4e46f479c33b5df37d7e4

SHA1
ad89b3d1378bdcffea0914004fd243a0cc58ff9c

SHA256
c29eef5ab1bdfee6ab3753338520e138dfb0cd4f5d4839a47ea77fbc04f87527

SHA512
68bffb8c1051d1d2f1e34bf3fd360254eb0a4b585774eae1d8772e2b6ddc558eda3994427f748266d934599f8832eddabc07dfc060364396c34c86c61ca07691

Download Submit
C:\Windows\System\QBFnPDJ.exe

Filesize
1.3MB

MD5
a7801407d1fef1ff860897cd2bcf1d57

SHA1
01f95053fb7dd02b7eaac71e772b74f2e48762b0

SHA256
2b81d4ea5f502b918b9dff856765ac46441a81507feeeb993fed4e88d53cdefc

SHA512
ec3bc15002e4d0973cbef290cf8e0e23ae73524a273de219dce11fb9546eb673f102146af8f5375c12b1c2c110a1cb5b2fca171931abfe0f6f9d12eb1d2999ce

Download Submit
C:\Windows\System\QLKdcAa.exe

Filesize
1.3MB

MD5
7ca872023421df5f5171673ea1169367

SHA1
e22e77c3608eb6dedd2f46cabd4013a8380c36f5

SHA256
e3f0bcbae2c46a606f1e62af6b8838082f105057f9230263980eb9e9a3ca64ac

SHA512
4b4418d7bac83c6f3809b4c2e5775c1c04a0e5057bfa4c81de9ee61cbf73225ec0ecdd756f2282d9f95f493034aebef764de40c948ee765944d56f8d38d3fa1f

Download Submit
C:\Windows\System\RsCHpnp.exe

Filesize
1.3MB

MD5
4148b8c3e6ae6cd9032edcb570dbdaa9

SHA1
958332cc9aca5a52f487ba84556f03163be9cdf9

SHA256
03f4d26177be71f9e84a42ff4dd54d6a5015d36865deaf98db7c7d4d6d5c8f25

SHA512
61c87baeab137362a62ecfeb4e6340d63c496ce841bcbd9be207a0c1a15b32b7452e2f0a1dbd85356d83f6c6a0ca4a9d3de4cb31c51a4dd2e1d06f61ce6827f7

Download Submit
C:\Windows\System\SfOSzLD.exe

Filesize
1.3MB

MD5
02395dbc83d42d70ae58d541bd7d7eed

SHA1
782978846d61f1e6b093e317f2e4e6620e1434ed

SHA256
b89c89b39e45b807b2525e676ba938cdadb3a545b02d1fa7f6dbd2060f8406b1

SHA512
ac9f35c40c475bcb6f6d17f64759c2603b4e98e15f2e26aa3a8c4acd28d51e665e44af1931469ba6d5968f2daee8addacad16011da9a6259f8195a9070ca7c6b

Download Submit
C:\Windows\System\TRJcCCy.exe

Filesize
1.3MB

MD5
8ca361be93a36c51c392b334a1be1dce

SHA1
cca1760fb7d6995bd92ec0605553ab3ec0a26cc8

SHA256
4380f34c8347ba8f4653e435945e406258e178e4645aaae55a06b29b7326b072

SHA512
edbcaa1f65528a68913350ae3848b70a120a9cda4dbb607cf1ec892364cb07bd51b0a978ecf9a85650c4b22dc0e38c1aa69d19e40da68f11f730b48263cc9463

Download Submit
C:\Windows\System\VcHWzDW.exe

Filesize
1.3MB

MD5
8a4567436afeae2c9b7fd3f59e643796

SHA1
d0001af68eb51cd59e6b58f94c122c0f3dc2f193

SHA256
8f79f645fcfb9c7912928684d8efbf9dc10787b90b412a08333f2dc11a7a597e

SHA512
99c4e5207bc85c8febfffdbf77878af976061ac9dd1b1b157c5d86c4724d124ff41601f5637348ac35ae123c87043143b5672ad9ee582cb37282600c8bf80da5

Download Submit
C:\Windows\System\WgoCobD.exe

Filesize
1.3MB

MD5
d0833d2df1ead6e2efead1d5f4d1f6bc

SHA1
5996758cf2578d4821c75bf3a9316a84e10219bd

SHA256
6c96a59d66e6e8e027f7d3a6727d6c85cdabadb27f696a97fa0e59600bb9207b

SHA512
29dc26e38643ee743ee0759efcd7862e03133ae9ad924c5807230654d3aeb61904358b1b165a78d5fcfd62fd1b734b25b1d513e9d60ec29e32f7eff94e36f9e2

Download Submit
C:\Windows\System\YTaVPgx.exe

Filesize
1.3MB

MD5
8a3a56666b900b34505ea9e8d063f246

SHA1
318af7be967a49eecdc33462bbb00cbf6339c76b

SHA256
f93af7a22dd31f6a6ec1da6ed69f085c955c33bec3408cde2beca22eafa0356a

SHA512
e5ce7185eeb85368663494e73dae9d5d4b5775952c218de920dcd70361cb08279c0bf90e345179f0123ff010d6d9e8cf46e662cdc5350bee5bb3b094771a2875

Download Submit
C:\Windows\System\YYmGRWo.exe

Filesize
1.3MB

MD5
82e622366dce93ef7d29e63d8a699f2a

SHA1
0c5e8f0f2995e7c99c1178ac11fc7371499b8855

SHA256
805d2746721b200484cc477dae5e3cda2033cd10dabb080956e545c9f2b736a0

SHA512
a126f183198f1cc1238e40e6dfa036f12876c4d390f340e51ae1269b4fb4bc3f3fdb1bbff0cf7b0f21b20ec6c6814ad826543a517d84f077139dfb4d50248cb8

Download Submit
C:\Windows\System\ajdWdXB.exe

Filesize
1.3MB

MD5
7342caf2823e867a26464701db2b2a17

SHA1
c9c9c7ee51588161b817786bb099fb1bb5892dce

SHA256
6d3850e1723d44707e42b76ddf4f0b510c485f7bc6ddf31eec3e8b4c1282c538

SHA512
21a706d46707bc5b8c85710abf66d85ad227204409f6d6802b586175335256c3961dece49645756037337157dc7e31ccc2016bab049e3cb1d75c35cdca296a2c

Download Submit
C:\Windows\System\bvkUvVA.exe

Filesize
1.3MB

MD5
e9cf0585db9879a614aababb8b917929

SHA1
f397fe78f7927b9aea04312893b2b38eee041fb0

SHA256
5d63a7173ab26787379ffff14b83f3a1e7aa416c820acdfed90657da18cf9383

SHA512
ae56afbccca2906a052aa52fc1b828b6048a8ffa7cbc9274b16d06e245f207b57055cd11009a9cb2c36604c187dbd4b48082c1d297092412db71af0f59206c4e

Download Submit
C:\Windows\System\cLRxRAI.exe

Filesize
1.3MB

MD5
272c3d2c2fdfac2265adf1cea6d8b185

SHA1
fa092ddd3ec40254a517685012080cdf033a6655

SHA256
d0d72e077b1930ad6d35e0ae64dc0cd07eaa738b8e524be2d78c9cbbd7be8bc9

SHA512
38e207833e7123fe21cfcc0ced275c1e7e6050af1a89f0d31c5faded4d7014d5cd307bca52c7d5488edd3ccaf5789131af37a6af84ffe654daedd10f78daddb2

Download Submit
C:\Windows\System\cbdhoMB.exe

Filesize
1.3MB

MD5
e1e88989a6ce7d33cb894e3fff4cc4e4

SHA1
3307a844f93f82cc90d01efcdbfe4b22343d4215

SHA256
2e30fe303409dcd30f03956b475ca7b449d3ea2f3d2b5140b9c9b99f6415893c

SHA512
35a223d960478831a144369b5e9630b14d9b616f08f609bff904d74cbc51b5a18c740be51bc6dc8b5813566f5e6519f95f2d78a468355302227be57023b70b81

Download Submit
C:\Windows\System\dvtvmgF.exe

Filesize
8B

MD5
ae74ae184e9b5a83f85200a9f63a9f24

SHA1
d0f098d04887559fec702c320e01420299f42740

SHA256
5e243ac8891389afceac6a0eaa3b3cd6f9e3b2a109a5c34d42c3f79a49fd7ca4

SHA512
54394c381347ef8a25d9e5f70ca39f1deede87d6f16f460e43e78b9b193c59ec61cdc5c9fe9039477e8ed5aaa367fa028059fb33c990d15e1c9f0a227645e3fd

Download Submit
C:\Windows\System\gWxAfJc.exe

Filesize
1.3MB

MD5
b26c6c67c89ae4384452f97bd61eec28

SHA1
0c9587062f0b94632b158ed36c106ae8745d53ce

SHA256
47855987a553e0d8afb9aa158cb0cef67c2e5efa78d528fbb5c76ac164aa7b9b

SHA512
9d3c958788305433f5d2af06f442a16ff4925fb949f26839bba2657f48d0abd46c6eb7d6509192e4d6eee196fc80dca71a500f7ccde7bc6b2a4c3f20bb1efb25

Download Submit
C:\Windows\System\kwHfAxI.exe

Filesize
1.3MB

MD5
df26bfe43b687d680890aa40b4e4e455

SHA1
27a137875b655bd955090aadf5fedf6b0a677ce1

SHA256
468e4ff5b48261a57a50b187794c8c20f4d487aca79a968f9de6cec4cadcf338

SHA512
3d88dd514bcffa1abb6fa89d7aaa35cb0063ec33c9b03aad77984b50bfa6cff5ec3607670549335c0b0dbab0a5503cb8677abb94243154d04dab2e49769ad01a

Download Submit
C:\Windows\System\lWlkKFQ.exe

Filesize
1.3MB

MD5
c418d8f5f3922ba4b83aab38076eb0b2

SHA1
4eadad0c141c0570651d9191b69b4f52e63472a1

SHA256
c803bf754b2dab754f471aebae9920d2e33166212725054cd1ce668dd5f8ba00

SHA512
9d27e02c4c8c8f570f130df70fe9739b3b65fe6a51413416100a0cd7517ccb63c4fe32dfa7286e943a1833ff89e86d602da0ca3e04f68c66246a60950487faab

Download Submit
C:\Windows\System\liGDHQu.exe

Filesize
1.3MB

MD5
d5664b5e2223bcd3f682fb4a22dba192

SHA1
fd6b7818df649b9f8511b3552b95da6591ddf614

SHA256
fc827ff65221e5276a623189af1dbf91dc2fb7218f54af021fd803357c9753bd

SHA512
435553bd7ef80ff31ba370a02e0a37f8d8dbba4d474f8815b60249f3c0d5fe5bee8dfdea2fcc701ab185fe9fa4476db1e36481f5c88dc4a6d75dbe8793438899

Download Submit
C:\Windows\System\mAlPIoU.exe

Filesize
1.3MB

MD5
70952603fdcdf1e4868294cd06b3c268

SHA1
bf6dc96c902398354e0ae3e910ee5c342890aab8

SHA256
2eadff1277fab45e850f2af7f83d9317cd85bcdef5da5a5ebf5bfcfa31c6e8ef

SHA512
f059d38272454e6dc0e1fedc1044d5ed1249391c17da71ef531f8ed578a66633843edd5fd2508cd0cfe463aaf6f72ecf080bf2589c573184e546e7c1de629f15

Download Submit
C:\Windows\System\ncrFKiv.exe

Filesize
1.3MB

MD5
6f549c04336cd8bdacc6407ce482e671

SHA1
7155adc4be874e2a4e9595ae5d4f0f79bbbfbe60

SHA256
aa12412aa8c647e13fbf168a0e33bac60d7b1f1927b3f7940930f3e3807dc845

SHA512
860225454c28a4d4dbec4921f8f273f34c22a18bfe0d86d31321df6591b65f75ea609ffb1eb8d2ccd49766f379ad965fa5a6f7cd759dbd23c7de3973c1a6d531

Download Submit
C:\Windows\System\pDwuauL.exe

Filesize
1.3MB

MD5
bd94605fd91f4024a3057c1f33d4b97d

SHA1
eaa2d2b819cc67a3e709fbfaacf2b0a2f61c7ca2

SHA256
eb72d98b3fb3cf1f5fed7d10436d9f9f9d9f1166c72526225dc57de7089abb59

SHA512
957d1a50d274d393cbf3459e08591688568b169f1aad30ea47f0b3bcb20443fd88a059abe0c65ee36547ae6e36d15a0b8ad4f08ed2646586dfd306eb98910f6d

Download Submit
C:\Windows\System\qbKZFIv.exe

Filesize
1.3MB

MD5
fae50ca47a5a485216c336e0dc45dda8

SHA1
35a5b76a2697cc57c9ef029eeaed78eef9b8ebbb

SHA256
eff6e06ee65bb72dad537f06b2b228c890bdaab3215d0711ec0bcc9156d97868

SHA512
6c9c7b971b535121c41d5db3e3158a907dcb8ab542a5f55b6efd1f5141f98cc95493cf3085d6770f8559f50e2e44015fdf03ef34190834aba16406df4f17a8a6

Download Submit
C:\Windows\System\sNnXOXx.exe

Filesize
1.3MB

MD5
a0dfbdd76f91e16c460492ca6c22927f

SHA1
18fa4bcb445ed629e6baced33ce29d3d8cae312f

SHA256
261f438232885e678bcf8b3b4a00d89dafa7c7d4d7480c4d5b71f0fe32de210c

SHA512
1a56c3872c308c72d316b8b840f70f9bf761a034510fceafb96a4a0297445e7be2ef38765bd25254663a6e10830bff6859659c9e69e78545645a9b85d3d99e3d

Download Submit
C:\Windows\System\vHqNsTP.exe

Filesize
1.3MB

MD5
a646c11a3be81065110f65858b59aaf6

SHA1
9e81e1188bff62d2f7f0ad37c1a35600fc2e4624

SHA256
4623a00c1f691b726d3adab0272d03fead7275b9eb6951f4551af0717ba60581

SHA512
d9bda47d2c1e261789956cb0c3a6a8bdde439eb87b4bb9c054d3abadad6ea351086bc4c5f0aa8768d02feb68860906942864b85cd54257c9c7bd6e955e78be01

Download Submit
C:\Windows\System\vmNvEEl.exe

Filesize
1.3MB

MD5
60079d3b5b19299ce3591f2eb548afe9

SHA1
0d8dc55252dc076d5ca5d6b3fb9a945eb6d9488d

SHA256
d5c3b8570014534ebb11e1c9e4345cff223f6cb2d943c153c0964d959e1b46e3

SHA512
45d1626b6aab5b6105944d45fa44f13a537a12c6bca7acb7668d3a4dffd837d2885c2adcdb4a7d9ccebb2a8efe6c655e001925bc9a4c3f858b43418fffcfde02

Download Submit
C:\Windows\System\wRAfiTh.exe

Filesize
1.3MB

MD5
eecaa8e92078cbe10e582b18553f397f

SHA1
3b187108013410ff6870da97563946aa456dd853

SHA256
9c98bfdae292b55e4a28502760a59bf3c5bb632f948b838f0cbc9b6746310d8f

SHA512
7541600875c7b54f0abe7da0969b62e0a215d407fb02751b70be287de0cfa4c126f97fb951f1aff3efd82fd0b5d55b52e419086be7f56134146b13ccf43922d1

Download Submit
C:\Windows\System\wdQcmJQ.exe

Filesize
1.3MB

MD5
07c7bc4b3de5656fbd832c851084268e

SHA1
fbf9d542fd6fa3cb55aaa742248e3bd62a41dacc

SHA256
35f2837e745f5931b59567605e4507e095253ca3c5d109709e81f786ed353fd9

SHA512
d5509427c0dde112d65e7bb275e6c41accc85a3e9203273770409e8f74994805439e18a80b063b914c3dc25b85889bb28178b7c5ff9251fa8728ebb98b517c5a

Download Submit
C:\Windows\System\weCAjKb.exe

Filesize
1.3MB

MD5
1fa4b5cde2a1029543eb5cbc520b0660

SHA1
cc8e37903c8a8c2716d2c9f362eb5d1697e27e64

SHA256
b41e9399c8e0a25d7c4eaf521d085065fa1ca6dfde0308d9616bcbdeececac08

SHA512
163bcca5b08c8a4989dea2a1f76a8cabe6da8960483aeb2f1993b6a2245248cef51cf11a95a55f3db96fd088701129efb79040cc388537193ad9562bb6401fc7

Download Submit
C:\Windows\System\wggKLvR.exe

Filesize
1.3MB

MD5
b4bcd34691c81d5516351c911bebc790

SHA1
29606ddf7490ae5e9f929f34276fa7f1016aac01

SHA256
c70c81bf0d1694a8d89c1f2c1d49d058222221c42908443e9c4f2eaf58b7bd10

SHA512
a42f152a5ab09292b5010e58722d32fce30365cdf2b7dd64da308b4ca20bcf3a5035dad1c5c8a4e963b974720e71b73f660c854c7c058155292989551ded9159

Download Submit
C:\Windows\System\wsVXyWj.exe

Filesize
1.3MB

MD5
c8920a5886969f9c373b514e87f5188f

SHA1
62d7581fa0a406d85d2d2a20094a1d5a5b0d56fb

SHA256
dd7ebdbf2c43831b68577b3fc59ef236f977cc8426ebd58f3ab70faed155ab9f

SHA512
dc8f4d942438a7ffa46f2a67ca448d73ce412aceffd24405fb9e5b5779d33f4c512b2b673ca69d0ec0f7ba81b55ea202f2ff45191d2e0ba32fec78505ce5471a

Download Submit
C:\Windows\System\xJbbjCp.exe

Filesize
1.3MB

MD5
4b4f190e4383af2622bc4d184dcf2d12

SHA1
5221322ab19e039df66fd61825442917388c7d5e

SHA256
737fd8a3438af2f61dee9faf28178e0bd9b5c402359593813fd08d2ea329bb5b

SHA512
bea594604d36808bdab2e5dcaa4533e92b16ef54bac94e8ca24f7cbf82dfd2631feecbf4b8af44b47b22b93f5272055cb7f51d006c5ea6f9e21a814bdd54c973

Download Submit
C:\Windows\System\xipIels.exe

Filesize
1.3MB

MD5
d1cdb7f5640e7523b412d3b31f590e71

SHA1
64d6a386c7450f0086df4746a465173aa3c9bfe9

SHA256
2951d3474443bcbafb4674815d24b2c9f54a8c1373d3a0dbce161b686c4f36ca

SHA512
cdbb8fdf2cdd80c04d7e958e5866a013e16ed67c57d9ab47508dc047d837f72078b2e4e8a2ab0afd9adbe5e6b2e7f3bed833df9543027fb6b3649fc0ae1d7c92

Download Submit
memory/844-215-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp

Filesize
3.9MB

Download
memory/844-3854-0x00007FF61B920000-0x00007FF61BD12000-memory.dmp

Filesize
3.9MB

Download
memory/1308-165-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-3851-0x00007FF6C0800000-0x00007FF6C0BF2000-memory.dmp

Filesize
3.9MB

Download
memory/1448-3858-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp

Filesize
3.9MB

Download
memory/1448-317-0x00007FF621CE0000-0x00007FF6220D2000-memory.dmp

Filesize
3.9MB

Download
memory/1496-652-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp

Filesize
3.9MB

Download
memory/1496-3934-0x00007FF6C9A80000-0x00007FF6C9E72000-memory.dmp

Filesize
3.9MB

Download
memory/1820-53-0x00007FFA33CB0000-0x00007FFA34771000-memory.dmp

Filesize
10.8MB

Download
memory/1820-176-0x0000025EAC980000-0x0000025EAC9A2000-memory.dmp

Filesize
136KB

Download
memory/1820-8-0x00007FFA33CB3000-0x00007FFA33CB5000-memory.dmp

Filesize
8KB

Download
memory/1820-655-0x00007FFA33CB0000-0x00007FFA34771000-memory.dmp

Filesize
10.8MB

Download
memory/1984-3864-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp

Filesize
3.9MB

Download
memory/1984-272-0x00007FF7518F0000-0x00007FF751CE2000-memory.dmp

Filesize
3.9MB

Download
memory/2228-3883-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp

Filesize
3.9MB

Download
memory/2228-651-0x00007FF686A00000-0x00007FF686DF2000-memory.dmp

Filesize
3.9MB

Download
memory/2456-3898-0x00007FF79E580000-0x00007FF79E972000-memory.dmp

Filesize
3.9MB

Download
memory/2456-366-0x00007FF79E580000-0x00007FF79E972000-memory.dmp

Filesize
3.9MB

Download
memory/2468-648-0x00007FF640A40000-0x00007FF640E32000-memory.dmp

Filesize
3.9MB

Download
memory/2468-3876-0x00007FF640A40000-0x00007FF640E32000-memory.dmp

Filesize
3.9MB

Download
memory/2568-3866-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp

Filesize
3.9MB

Download
memory/2568-441-0x00007FF6F61E0000-0x00007FF6F65D2000-memory.dmp

Filesize
3.9MB

Download
memory/2576-653-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp

Filesize
3.9MB

Download
memory/2576-3923-0x00007FF6A2C50000-0x00007FF6A3042000-memory.dmp

Filesize
3.9MB

Download
memory/2828-3852-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp

Filesize
3.9MB

Download
memory/2828-130-0x00007FF7B9000000-0x00007FF7B93F2000-memory.dmp

Filesize
3.9MB

Download
memory/3108-256-0x00007FF751830000-0x00007FF751C22000-memory.dmp

Filesize
3.9MB

Download
memory/3108-3856-0x00007FF751830000-0x00007FF751C22000-memory.dmp

Filesize
3.9MB

Download
memory/3524-3862-0x00007FF606170000-0x00007FF606562000-memory.dmp

Filesize
3.9MB

Download
memory/3524-257-0x00007FF606170000-0x00007FF606562000-memory.dmp

Filesize
3.9MB

Download
memory/3620-654-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp

Filesize
3.9MB

Download
memory/3620-3941-0x00007FF7FBBC0000-0x00007FF7FBFB2000-memory.dmp

Filesize
3.9MB

Download
memory/3716-1-0x000002182AA30000-0x000002182AA40000-memory.dmp

Filesize
64KB

Download
memory/3716-0-0x00007FF6DB600000-0x00007FF6DB9F2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-3872-0x00007FF702350000-0x00007FF702742000-memory.dmp

Filesize
3.9MB

Download
memory/4092-646-0x00007FF702350000-0x00007FF702742000-memory.dmp

Filesize
3.9MB

Download
memory/4248-3875-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp

Filesize
3.9MB

Download
memory/4248-318-0x00007FF6A2240000-0x00007FF6A2632000-memory.dmp

Filesize
3.9MB

Download
memory/4540-3888-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp

Filesize
3.9MB

Download
memory/4540-647-0x00007FF6D25C0000-0x00007FF6D29B2000-memory.dmp

Filesize
3.9MB

Download
memory/4556-3870-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp

Filesize
3.9MB

Download
memory/4556-443-0x00007FF77ACC0000-0x00007FF77B0B2000-memory.dmp

Filesize
3.9MB

Download
memory/4624-3893-0x00007FF686750000-0x00007FF686B42000-memory.dmp

Filesize
3.9MB

Download
memory/4624-650-0x00007FF686750000-0x00007FF686B42000-memory.dmp

Filesize
3.9MB

Download
memory/4628-656-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp

Filesize
3.9MB

Download
memory/4628-3879-0x00007FF7B2140000-0x00007FF7B2532000-memory.dmp

Filesize
3.9MB

Download
memory/4792-3894-0x00007FF652A50000-0x00007FF652E42000-memory.dmp

Filesize
3.9MB

Download
memory/4792-649-0x00007FF652A50000-0x00007FF652E42000-memory.dmp

Filesize
3.9MB

Download
memory/4964-657-0x00007FF669070000-0x00007FF669462000-memory.dmp

Filesize
3.9MB

Download
memory/4964-3899-0x00007FF669070000-0x00007FF669462000-memory.dmp

Filesize
3.9MB

Download
memory/5040-3860-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp

Filesize
3.9MB

Download
memory/5040-645-0x00007FF6AA580000-0x00007FF6AA972000-memory.dmp

Filesize
3.9MB

Download
memory/5096-3868-0x00007FF73F3A0000-0x00007FF73F792000-memory.dmp

Filesize
3.9MB

Download
memory/5096-539-0x00007FF73F3A0000-0x00007FF73F792000-memory.dmp

Filesize
3.9MB

Download