xmrig | 72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de

Analysis

max time kernel
95s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
Size

1.4MB
MD5

9ff13d1e0641ee6546519cfc53314cc7
SHA1

ad68384229e95f5e2f9295d02180e5d0649b2c9e
SHA256

72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de
SHA512

669d6c87c455adef4e15a5a0f85f54c2e8744f38b7037927d11bdd8863885d5c20cdc832ae1cff95f5c4386e418489aace3c816b6aa808707badd1b4ae657d5b
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPC:Lz071uv4BPMkFfdg6NsOL

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 48 IoCs

resource	yara_rule
behavioral2/memory/1436-350-0x00007FF763740000-0x00007FF763B32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2888-432-0x00007FF625730000-0x00007FF625B22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4716-542-0x00007FF681910000-0x00007FF681D02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2324-678-0x00007FF65F470000-0x00007FF65F862000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2384-681-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2112-684-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/564-688-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2100-810-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3996-727-0x00007FF619A60000-0x00007FF619E52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1676-729-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2776-728-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/412-690-0x00007FF636B70000-0x00007FF636F62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4360-689-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3068-687-0x00007FF789500000-0x00007FF7898F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2448-686-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3952-685-0x00007FF773320000-0x00007FF773712000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4352-683-0x00007FF645E10000-0x00007FF646202000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4880-682-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4948-680-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/60-294-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4112-293-0x00007FF731720000-0x00007FF731B12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1888-286-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1288-233-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2668-3441-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2668-3475-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1676-3477-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2776-3479-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1288-3482-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1888-3483-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/60-3485-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2888-3487-0x00007FF625730000-0x00007FF625B22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3952-3490-0x00007FF773320000-0x00007FF773712000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4112-3493-0x00007FF731720000-0x00007FF731B12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4716-3491-0x00007FF681910000-0x00007FF681D02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/412-3497-0x00007FF636B70000-0x00007FF636F62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1436-3495-0x00007FF763740000-0x00007FF763B32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2384-3500-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4880-3504-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3996-3507-0x00007FF619A60000-0x00007FF619E52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2448-3512-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2324-3516-0x00007FF65F470000-0x00007FF65F862000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4948-3515-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4352-3520-0x00007FF645E10000-0x00007FF646202000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3068-3519-0x00007FF789500000-0x00007FF7898F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2100-3510-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2112-3522-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/564-3528-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4360-3502-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/1868-0-0x00007FF607610000-0x00007FF607A02000-memory.dmp	UPX
behavioral2/files/0x0007000000023422-7.dat	UPX
behavioral2/files/0x000b000000023414-14.dat	UPX
behavioral2/files/0x000700000002342b-69.dat	UPX
behavioral2/files/0x000700000002342c-72.dat	UPX
behavioral2/files/0x0007000000023444-204.dat	UPX
behavioral2/memory/1436-350-0x00007FF763740000-0x00007FF763B32000-memory.dmp	UPX
behavioral2/memory/2888-432-0x00007FF625730000-0x00007FF625B22000-memory.dmp	UPX
behavioral2/memory/4716-542-0x00007FF681910000-0x00007FF681D02000-memory.dmp	UPX
behavioral2/memory/2324-678-0x00007FF65F470000-0x00007FF65F862000-memory.dmp	UPX
behavioral2/memory/2384-681-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp	UPX
behavioral2/memory/2112-684-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp	UPX
behavioral2/memory/564-688-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	UPX
behavioral2/memory/2100-810-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp	UPX
behavioral2/memory/3996-727-0x00007FF619A60000-0x00007FF619E52000-memory.dmp	UPX
behavioral2/memory/1676-729-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp	UPX
behavioral2/memory/2776-728-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp	UPX
behavioral2/memory/412-690-0x00007FF636B70000-0x00007FF636F62000-memory.dmp	UPX
behavioral2/memory/4360-689-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp	UPX
behavioral2/memory/3068-687-0x00007FF789500000-0x00007FF7898F2000-memory.dmp	UPX
behavioral2/memory/2448-686-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp	UPX
behavioral2/memory/3952-685-0x00007FF773320000-0x00007FF773712000-memory.dmp	UPX
behavioral2/memory/4352-683-0x00007FF645E10000-0x00007FF646202000-memory.dmp	UPX
behavioral2/memory/4880-682-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp	UPX
behavioral2/memory/4948-680-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp	UPX
behavioral2/memory/60-294-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp	UPX
behavioral2/memory/4112-293-0x00007FF731720000-0x00007FF731B12000-memory.dmp	UPX
behavioral2/memory/1888-286-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp	UPX
behavioral2/files/0x000700000002342e-216.dat	UPX
behavioral2/files/0x0007000000023447-215.dat	UPX
behavioral2/files/0x0007000000023446-214.dat	UPX
behavioral2/files/0x0007000000023443-194.dat	UPX
behavioral2/files/0x0007000000023432-182.dat	UPX
behavioral2/files/0x0007000000023442-177.dat	UPX
behavioral2/memory/1288-233-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp	UPX
behavioral2/files/0x0007000000023441-159.dat	UPX
behavioral2/files/0x0007000000023440-154.dat	UPX
behavioral2/files/0x000700000002342d-147.dat	UPX
behavioral2/files/0x000700000002343c-140.dat	UPX
behavioral2/files/0x0007000000023433-210.dat	UPX
behavioral2/files/0x0007000000023445-207.dat	UPX
behavioral2/files/0x000700000002342a-186.dat	UPX
behavioral2/files/0x0007000000023431-129.dat	UPX
behavioral2/files/0x000700000002343a-126.dat	UPX
behavioral2/files/0x0007000000023439-172.dat	UPX
behavioral2/files/0x0007000000023438-124.dat	UPX
behavioral2/files/0x0007000000023437-123.dat	UPX
behavioral2/files/0x000700000002343f-151.dat	UPX
behavioral2/files/0x0007000000023435-109.dat	UPX
behavioral2/files/0x0007000000023436-108.dat	UPX
behavioral2/files/0x0007000000023434-103.dat	UPX
behavioral2/files/0x000700000002343b-130.dat	UPX
behavioral2/files/0x0007000000023429-91.dat	UPX
behavioral2/files/0x0007000000023430-79.dat	UPX
behavioral2/files/0x000700000002342f-75.dat	UPX
behavioral2/files/0x0007000000023427-66.dat	UPX
behavioral2/files/0x0007000000023425-86.dat	UPX
behavioral2/files/0x0007000000023428-58.dat	UPX
behavioral2/files/0x0007000000023424-34.dat	UPX
behavioral2/files/0x0007000000023423-32.dat	UPX
behavioral2/files/0x0008000000023421-31.dat	UPX
behavioral2/files/0x0007000000023426-42.dat	UPX
behavioral2/memory/2668-17-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	UPX
behavioral2/memory/2668-3441-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	UPX

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/1436-350-0x00007FF763740000-0x00007FF763B32000-memory.dmp	xmrig
behavioral2/memory/2888-432-0x00007FF625730000-0x00007FF625B22000-memory.dmp	xmrig
behavioral2/memory/4716-542-0x00007FF681910000-0x00007FF681D02000-memory.dmp	xmrig
behavioral2/memory/2324-678-0x00007FF65F470000-0x00007FF65F862000-memory.dmp	xmrig
behavioral2/memory/2384-681-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp	xmrig
behavioral2/memory/2112-684-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp	xmrig
behavioral2/memory/564-688-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	xmrig
behavioral2/memory/2100-810-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp	xmrig
behavioral2/memory/3996-727-0x00007FF619A60000-0x00007FF619E52000-memory.dmp	xmrig
behavioral2/memory/1676-729-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp	xmrig
behavioral2/memory/2776-728-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp	xmrig
behavioral2/memory/412-690-0x00007FF636B70000-0x00007FF636F62000-memory.dmp	xmrig
behavioral2/memory/4360-689-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp	xmrig
behavioral2/memory/3068-687-0x00007FF789500000-0x00007FF7898F2000-memory.dmp	xmrig
behavioral2/memory/2448-686-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp	xmrig
behavioral2/memory/3952-685-0x00007FF773320000-0x00007FF773712000-memory.dmp	xmrig
behavioral2/memory/4352-683-0x00007FF645E10000-0x00007FF646202000-memory.dmp	xmrig
behavioral2/memory/4880-682-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp	xmrig
behavioral2/memory/4948-680-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp	xmrig
behavioral2/memory/60-294-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp	xmrig
behavioral2/memory/4112-293-0x00007FF731720000-0x00007FF731B12000-memory.dmp	xmrig
behavioral2/memory/1888-286-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp	xmrig
behavioral2/memory/1288-233-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp	xmrig
behavioral2/memory/2668-3441-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	xmrig
behavioral2/memory/2668-3475-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	xmrig
behavioral2/memory/1676-3477-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp	xmrig
behavioral2/memory/2776-3479-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp	xmrig
behavioral2/memory/1288-3482-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp	xmrig
behavioral2/memory/1888-3483-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp	xmrig
behavioral2/memory/60-3485-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp	xmrig
behavioral2/memory/2888-3487-0x00007FF625730000-0x00007FF625B22000-memory.dmp	xmrig
behavioral2/memory/3952-3490-0x00007FF773320000-0x00007FF773712000-memory.dmp	xmrig
behavioral2/memory/4112-3493-0x00007FF731720000-0x00007FF731B12000-memory.dmp	xmrig
behavioral2/memory/4716-3491-0x00007FF681910000-0x00007FF681D02000-memory.dmp	xmrig
behavioral2/memory/412-3497-0x00007FF636B70000-0x00007FF636F62000-memory.dmp	xmrig
behavioral2/memory/1436-3495-0x00007FF763740000-0x00007FF763B32000-memory.dmp	xmrig
behavioral2/memory/2384-3500-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp	xmrig
behavioral2/memory/4880-3504-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp	xmrig
behavioral2/memory/3996-3507-0x00007FF619A60000-0x00007FF619E52000-memory.dmp	xmrig
behavioral2/memory/2448-3512-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp	xmrig
behavioral2/memory/2324-3516-0x00007FF65F470000-0x00007FF65F862000-memory.dmp	xmrig
behavioral2/memory/4948-3515-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp	xmrig
behavioral2/memory/4352-3520-0x00007FF645E10000-0x00007FF646202000-memory.dmp	xmrig
behavioral2/memory/3068-3519-0x00007FF789500000-0x00007FF7898F2000-memory.dmp	xmrig
behavioral2/memory/2100-3510-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp	xmrig
behavioral2/memory/2112-3522-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp	xmrig
behavioral2/memory/564-3528-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	xmrig
behavioral2/memory/4360-3502-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3512	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2668	IdXkzSO.exe
2776	JjKUpKo.exe
1288	gfzicwL.exe
1676	nVIQewq.exe
1888	KRjSLAG.exe
4112	CZglrXg.exe
60	FDzaKvK.exe
1436	YokAvNZ.exe
2888	NIXHeIY.exe
4716	AhovuQW.exe
2324	tIDLebs.exe
4948	tBdXicB.exe
2384	vzboYph.exe
4880	eeNJNIX.exe
4352	mQMOiEV.exe
2112	hadodGZ.exe
3952	OKCQdJL.exe
2100	PRphkxu.exe
2448	qGWGrvH.exe
3068	bHaafvL.exe
564	azrnalO.exe
4360	zMFQFtO.exe
412	eAIAqAl.exe
3996	nilPVte.exe
652	uSzRoMb.exe
4620	ZhYRPZO.exe
3620	GiEkhvw.exe
1148	eAzWXsz.exe
3492	INcbjuK.exe
2232	cODPrsG.exe
4532	ypoYldt.exe
4616	arJczUM.exe
2064	ExZhtZK.exe
3864	DjyBlMn.exe
3484	zMXYLBm.exe
3112	HSzqqbC.exe
3992	lOUSZEM.exe
3440	OIDgVVs.exe
4660	AcfyNae.exe
4396	UrnYpOp.exe
4304	hEvlJbl.exe
2700	EdXWDwe.exe
1120	ulsPoxo.exe
4644	moXeSPz.exe
1668	kjDQksA.exe
4920	WAqaXaY.exe
4056	mHBoDtf.exe
3768	OoWxGBr.exe
1908	iFwGyOW.exe
4272	erJyXgZ.exe
4208	xRlqgDN.exe
1116	gErgteq.exe
2608	gBrHlHD.exe
2432	jywKEXF.exe
5012	TmqsCFa.exe
4184	JdSeWOg.exe
116	JNkNwfh.exe
4100	qwUNOyg.exe
4872	wqhAIRt.exe
368	hGptaOV.exe
3444	RpjArZt.exe
3624	GAbPPMC.exe
4324	sdroMsk.exe
4320	IywPjpY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1868-0-0x00007FF607610000-0x00007FF607A02000-memory.dmp	upx
behavioral2/files/0x0007000000023422-7.dat	upx
behavioral2/files/0x000b000000023414-14.dat	upx
behavioral2/files/0x000700000002342b-69.dat	upx
behavioral2/files/0x000700000002342c-72.dat	upx
behavioral2/files/0x0007000000023444-204.dat	upx
behavioral2/memory/1436-350-0x00007FF763740000-0x00007FF763B32000-memory.dmp	upx
behavioral2/memory/2888-432-0x00007FF625730000-0x00007FF625B22000-memory.dmp	upx
behavioral2/memory/4716-542-0x00007FF681910000-0x00007FF681D02000-memory.dmp	upx
behavioral2/memory/2324-678-0x00007FF65F470000-0x00007FF65F862000-memory.dmp	upx
behavioral2/memory/2384-681-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp	upx
behavioral2/memory/2112-684-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp	upx
behavioral2/memory/564-688-0x00007FF74FE80000-0x00007FF750272000-memory.dmp	upx
behavioral2/memory/2100-810-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp	upx
behavioral2/memory/3996-727-0x00007FF619A60000-0x00007FF619E52000-memory.dmp	upx
behavioral2/memory/1676-729-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp	upx
behavioral2/memory/2776-728-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp	upx
behavioral2/memory/412-690-0x00007FF636B70000-0x00007FF636F62000-memory.dmp	upx
behavioral2/memory/4360-689-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp	upx
behavioral2/memory/3068-687-0x00007FF789500000-0x00007FF7898F2000-memory.dmp	upx
behavioral2/memory/2448-686-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp	upx
behavioral2/memory/3952-685-0x00007FF773320000-0x00007FF773712000-memory.dmp	upx
behavioral2/memory/4352-683-0x00007FF645E10000-0x00007FF646202000-memory.dmp	upx
behavioral2/memory/4880-682-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp	upx
behavioral2/memory/4948-680-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp	upx
behavioral2/memory/60-294-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp	upx
behavioral2/memory/4112-293-0x00007FF731720000-0x00007FF731B12000-memory.dmp	upx
behavioral2/memory/1888-286-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp	upx
behavioral2/files/0x000700000002342e-216.dat	upx
behavioral2/files/0x0007000000023447-215.dat	upx
behavioral2/files/0x0007000000023446-214.dat	upx
behavioral2/files/0x0007000000023443-194.dat	upx
behavioral2/files/0x0007000000023432-182.dat	upx
behavioral2/files/0x0007000000023442-177.dat	upx
behavioral2/memory/1288-233-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp	upx
behavioral2/files/0x0007000000023441-159.dat	upx
behavioral2/files/0x0007000000023440-154.dat	upx
behavioral2/files/0x000700000002342d-147.dat	upx
behavioral2/files/0x000700000002343c-140.dat	upx
behavioral2/files/0x0007000000023433-210.dat	upx
behavioral2/files/0x0007000000023445-207.dat	upx
behavioral2/files/0x000700000002342a-186.dat	upx
behavioral2/files/0x0007000000023431-129.dat	upx
behavioral2/files/0x000700000002343a-126.dat	upx
behavioral2/files/0x0007000000023439-172.dat	upx
behavioral2/files/0x0007000000023438-124.dat	upx
behavioral2/files/0x0007000000023437-123.dat	upx
behavioral2/files/0x000700000002343f-151.dat	upx
behavioral2/files/0x0007000000023435-109.dat	upx
behavioral2/files/0x0007000000023436-108.dat	upx
behavioral2/files/0x0007000000023434-103.dat	upx
behavioral2/files/0x000700000002343b-130.dat	upx
behavioral2/files/0x0007000000023429-91.dat	upx
behavioral2/files/0x0007000000023430-79.dat	upx
behavioral2/files/0x000700000002342f-75.dat	upx
behavioral2/files/0x0007000000023427-66.dat	upx
behavioral2/files/0x0007000000023425-86.dat	upx
behavioral2/files/0x0007000000023428-58.dat	upx
behavioral2/files/0x0007000000023424-34.dat	upx
behavioral2/files/0x0007000000023423-32.dat	upx
behavioral2/files/0x0008000000023421-31.dat	upx
behavioral2/files/0x0007000000023426-42.dat	upx
behavioral2/memory/2668-17-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	upx
behavioral2/memory/2668-3441-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HHMWjdk.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\DOaWxRe.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\NEzbheX.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\vzboYph.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\AnVtibv.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ziyGFSj.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\nGzoZVn.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\NGDrvuB.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\Qfagmxm.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\NyarCYE.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\THhqOMC.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\VmIQCbT.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ehrIKKY.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\oZVSNmY.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ykwAtxc.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\RcjsDBt.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\HOIwZow.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\PlRQCJl.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\GCgQsgF.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\tbMulsp.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\xOsvZVx.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\bTvaHwu.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\UMSsYrp.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\RHaYSak.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ovnqxIA.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\MABxJNk.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\RfdJDgG.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\PLwNNPY.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\EedAIfi.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\weShTJH.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\lavOtGY.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\zVoEBsH.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\jrBJzst.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\vLtkmnI.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\BTxFsDb.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\RCbgowe.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\MvUKuXz.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\GOzhCXp.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ojcCJzs.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\NkBXOpp.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\iaOolde.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\pHwywas.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\vEaSzxI.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\kBRdzIR.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ItfglEV.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\BsbJaQd.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\FKnHfXU.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\sDAeaWF.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\cWdCdZB.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\jCgPHYd.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\NRKCkjq.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\oCpPDWL.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\VHSufWp.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\WyVSMxb.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\UFlOWVA.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\YyxIcOL.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\SkQUNnW.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ZIEwEbP.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\EzQyAmQ.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\tMVQTez.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\crFNBcI.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\YAdqNEJ.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\aYEnXyC.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\CQlNNQh.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3512	powershell.exe
3512	powershell.exe
3512	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3512	powershell.exe
Token: SeLockMemoryPrivilege	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
Token: SeLockMemoryPrivilege	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 3512	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	83
PID 1868 wrote to memory of 3512	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	83
PID 1868 wrote to memory of 2668	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	84
PID 1868 wrote to memory of 2668	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	84
PID 1868 wrote to memory of 2776	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	85
PID 1868 wrote to memory of 2776	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	85
PID 1868 wrote to memory of 1288	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	86
PID 1868 wrote to memory of 1288	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	86
PID 1868 wrote to memory of 1676	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	87
PID 1868 wrote to memory of 1676	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	87
PID 1868 wrote to memory of 1888	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	88
PID 1868 wrote to memory of 1888	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	88
PID 1868 wrote to memory of 4112	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	89
PID 1868 wrote to memory of 4112	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	89
PID 1868 wrote to memory of 60	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	90
PID 1868 wrote to memory of 60	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	90
PID 1868 wrote to memory of 1436	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	91
PID 1868 wrote to memory of 1436	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	91
PID 1868 wrote to memory of 2888	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	92
PID 1868 wrote to memory of 2888	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	92
PID 1868 wrote to memory of 4716	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	93
PID 1868 wrote to memory of 4716	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	93
PID 1868 wrote to memory of 2324	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	94
PID 1868 wrote to memory of 2324	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	94
PID 1868 wrote to memory of 4948	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	95
PID 1868 wrote to memory of 4948	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	95
PID 1868 wrote to memory of 2384	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	96
PID 1868 wrote to memory of 2384	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	96
PID 1868 wrote to memory of 4880	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	97
PID 1868 wrote to memory of 4880	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	97
PID 1868 wrote to memory of 4352	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	98
PID 1868 wrote to memory of 4352	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	98
PID 1868 wrote to memory of 2112	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	99
PID 1868 wrote to memory of 2112	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	99
PID 1868 wrote to memory of 3952	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	100
PID 1868 wrote to memory of 3952	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	100
PID 1868 wrote to memory of 2100	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	101
PID 1868 wrote to memory of 2100	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	101
PID 1868 wrote to memory of 2448	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	102
PID 1868 wrote to memory of 2448	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	102
PID 1868 wrote to memory of 3068	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	103
PID 1868 wrote to memory of 3068	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	103
PID 1868 wrote to memory of 564	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	104
PID 1868 wrote to memory of 564	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	104
PID 1868 wrote to memory of 4360	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	105
PID 1868 wrote to memory of 4360	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	105
PID 1868 wrote to memory of 412	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	106
PID 1868 wrote to memory of 412	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	106
PID 1868 wrote to memory of 3996	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	107
PID 1868 wrote to memory of 3996	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	107
PID 1868 wrote to memory of 652	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	108
PID 1868 wrote to memory of 652	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	108
PID 1868 wrote to memory of 4620	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	109
PID 1868 wrote to memory of 4620	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	109
PID 1868 wrote to memory of 3620	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	110
PID 1868 wrote to memory of 3620	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	110
PID 1868 wrote to memory of 1148	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	111
PID 1868 wrote to memory of 1148	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	111
PID 1868 wrote to memory of 3492	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	112
PID 1868 wrote to memory of 3492	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	112
PID 1868 wrote to memory of 4660	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	113
PID 1868 wrote to memory of 4660	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	113
PID 1868 wrote to memory of 4396	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	114
PID 1868 wrote to memory of 4396	1868	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	114

C:\Users\Admin\AppData\Local\Temp\72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
"C:\Users\Admin\AppData\Local\Temp\72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3512
- C:\Windows\System\IdXkzSO.exe
  C:\Windows\System\IdXkzSO.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\JjKUpKo.exe
  C:\Windows\System\JjKUpKo.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\gfzicwL.exe
  C:\Windows\System\gfzicwL.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\nVIQewq.exe
  C:\Windows\System\nVIQewq.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\KRjSLAG.exe
  C:\Windows\System\KRjSLAG.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\CZglrXg.exe
  C:\Windows\System\CZglrXg.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\FDzaKvK.exe
  C:\Windows\System\FDzaKvK.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\YokAvNZ.exe
  C:\Windows\System\YokAvNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\NIXHeIY.exe
  C:\Windows\System\NIXHeIY.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\AhovuQW.exe
  C:\Windows\System\AhovuQW.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\tIDLebs.exe
  C:\Windows\System\tIDLebs.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\tBdXicB.exe
  C:\Windows\System\tBdXicB.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\vzboYph.exe
  C:\Windows\System\vzboYph.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\eeNJNIX.exe
  C:\Windows\System\eeNJNIX.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\mQMOiEV.exe
  C:\Windows\System\mQMOiEV.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\hadodGZ.exe
  C:\Windows\System\hadodGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\OKCQdJL.exe
  C:\Windows\System\OKCQdJL.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\PRphkxu.exe
  C:\Windows\System\PRphkxu.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\qGWGrvH.exe
  C:\Windows\System\qGWGrvH.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\bHaafvL.exe
  C:\Windows\System\bHaafvL.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\azrnalO.exe
  C:\Windows\System\azrnalO.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\zMFQFtO.exe
  C:\Windows\System\zMFQFtO.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\eAIAqAl.exe
  C:\Windows\System\eAIAqAl.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\nilPVte.exe
  C:\Windows\System\nilPVte.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\uSzRoMb.exe
  C:\Windows\System\uSzRoMb.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\ZhYRPZO.exe
  C:\Windows\System\ZhYRPZO.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\GiEkhvw.exe
  C:\Windows\System\GiEkhvw.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\eAzWXsz.exe
  C:\Windows\System\eAzWXsz.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\INcbjuK.exe
  C:\Windows\System\INcbjuK.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\AcfyNae.exe
  C:\Windows\System\AcfyNae.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\UrnYpOp.exe
  C:\Windows\System\UrnYpOp.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\cODPrsG.exe
  C:\Windows\System\cODPrsG.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ypoYldt.exe
  C:\Windows\System\ypoYldt.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\arJczUM.exe
  C:\Windows\System\arJczUM.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\ExZhtZK.exe
  C:\Windows\System\ExZhtZK.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\DjyBlMn.exe
  C:\Windows\System\DjyBlMn.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\zMXYLBm.exe
  C:\Windows\System\zMXYLBm.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\HSzqqbC.exe
  C:\Windows\System\HSzqqbC.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\lOUSZEM.exe
  C:\Windows\System\lOUSZEM.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\OIDgVVs.exe
  C:\Windows\System\OIDgVVs.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\wqhAIRt.exe
  C:\Windows\System\wqhAIRt.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\hEvlJbl.exe
  C:\Windows\System\hEvlJbl.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\EdXWDwe.exe
  C:\Windows\System\EdXWDwe.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ulsPoxo.exe
  C:\Windows\System\ulsPoxo.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\moXeSPz.exe
  C:\Windows\System\moXeSPz.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\kjDQksA.exe
  C:\Windows\System\kjDQksA.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\WUsOkum.exe
  C:\Windows\System\WUsOkum.exe
  2⤵
  PID:3668
- C:\Windows\System\TZmBYAQ.exe
  C:\Windows\System\TZmBYAQ.exe
  2⤵
  PID:1248
- C:\Windows\System\WAqaXaY.exe
  C:\Windows\System\WAqaXaY.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\mHBoDtf.exe
  C:\Windows\System\mHBoDtf.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\ikjytXA.exe
  C:\Windows\System\ikjytXA.exe
  2⤵
  PID:1152
- C:\Windows\System\OoWxGBr.exe
  C:\Windows\System\OoWxGBr.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\iFwGyOW.exe
  C:\Windows\System\iFwGyOW.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\erJyXgZ.exe
  C:\Windows\System\erJyXgZ.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\gErgteq.exe
  C:\Windows\System\gErgteq.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\xRlqgDN.exe
  C:\Windows\System\xRlqgDN.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\qCmwwNr.exe
  C:\Windows\System\qCmwwNr.exe
  2⤵
  PID:848
- C:\Windows\System\gBrHlHD.exe
  C:\Windows\System\gBrHlHD.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\jywKEXF.exe
  C:\Windows\System\jywKEXF.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\TmqsCFa.exe
  C:\Windows\System\TmqsCFa.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\JdSeWOg.exe
  C:\Windows\System\JdSeWOg.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\JNkNwfh.exe
  C:\Windows\System\JNkNwfh.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\qwUNOyg.exe
  C:\Windows\System\qwUNOyg.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\hGptaOV.exe
  C:\Windows\System\hGptaOV.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\RpjArZt.exe
  C:\Windows\System\RpjArZt.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\GAbPPMC.exe
  C:\Windows\System\GAbPPMC.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\sdroMsk.exe
  C:\Windows\System\sdroMsk.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\IywPjpY.exe
  C:\Windows\System\IywPjpY.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\GzzmUEI.exe
  C:\Windows\System\GzzmUEI.exe
  2⤵
  PID:4080
- C:\Windows\System\GlSuhIs.exe
  C:\Windows\System\GlSuhIs.exe
  2⤵
  PID:3908
- C:\Windows\System\BNwSLBG.exe
  C:\Windows\System\BNwSLBG.exe
  2⤵
  PID:4792
- C:\Windows\System\NoMifVv.exe
  C:\Windows\System\NoMifVv.exe
  2⤵
  PID:1264
- C:\Windows\System\GGansJG.exe
  C:\Windows\System\GGansJG.exe
  2⤵
  PID:3692
- C:\Windows\System\ysrkQIS.exe
  C:\Windows\System\ysrkQIS.exe
  2⤵
  PID:4848
- C:\Windows\System\OOJsMKB.exe
  C:\Windows\System\OOJsMKB.exe
  2⤵
  PID:5028
- C:\Windows\System\TxAXoTF.exe
  C:\Windows\System\TxAXoTF.exe
  2⤵
  PID:4040
- C:\Windows\System\IfjuHLn.exe
  C:\Windows\System\IfjuHLn.exe
  2⤵
  PID:3872
- C:\Windows\System\VyQJjyf.exe
  C:\Windows\System\VyQJjyf.exe
  2⤵
  PID:2224
- C:\Windows\System\ZvOMfvh.exe
  C:\Windows\System\ZvOMfvh.exe
  2⤵
  PID:3340
- C:\Windows\System\iHFrScr.exe
  C:\Windows\System\iHFrScr.exe
  2⤵
  PID:3636
- C:\Windows\System\lIkOmDn.exe
  C:\Windows\System\lIkOmDn.exe
  2⤵
  PID:2364
- C:\Windows\System\McrdaSc.exe
  C:\Windows\System\McrdaSc.exe
  2⤵
  PID:400
- C:\Windows\System\kylcMId.exe
  C:\Windows\System\kylcMId.exe
  2⤵
  PID:4044
- C:\Windows\System\AEaHmjI.exe
  C:\Windows\System\AEaHmjI.exe
  2⤵
  PID:4696
- C:\Windows\System\GSqcpeK.exe
  C:\Windows\System\GSqcpeK.exe
  2⤵
  PID:620
- C:\Windows\System\MZcumVC.exe
  C:\Windows\System\MZcumVC.exe
  2⤵
  PID:5124
- C:\Windows\System\tqcmJWL.exe
  C:\Windows\System\tqcmJWL.exe
  2⤵
  PID:5144
- C:\Windows\System\uZpvcoQ.exe
  C:\Windows\System\uZpvcoQ.exe
  2⤵
  PID:5168
- C:\Windows\System\OvhTvxu.exe
  C:\Windows\System\OvhTvxu.exe
  2⤵
  PID:5316
- C:\Windows\System\dboNJJu.exe
  C:\Windows\System\dboNJJu.exe
  2⤵
  PID:5336
- C:\Windows\System\psUrTya.exe
  C:\Windows\System\psUrTya.exe
  2⤵
  PID:5356
- C:\Windows\System\CjQMKfx.exe
  C:\Windows\System\CjQMKfx.exe
  2⤵
  PID:5376
- C:\Windows\System\JsVDkXv.exe
  C:\Windows\System\JsVDkXv.exe
  2⤵
  PID:5392
- C:\Windows\System\KSKTdoI.exe
  C:\Windows\System\KSKTdoI.exe
  2⤵
  PID:5412
- C:\Windows\System\NPriGDq.exe
  C:\Windows\System\NPriGDq.exe
  2⤵
  PID:5428
- C:\Windows\System\RJaPyQu.exe
  C:\Windows\System\RJaPyQu.exe
  2⤵
  PID:5448
- C:\Windows\System\UDyJUXs.exe
  C:\Windows\System\UDyJUXs.exe
  2⤵
  PID:5468
- C:\Windows\System\dypIWRj.exe
  C:\Windows\System\dypIWRj.exe
  2⤵
  PID:5484
- C:\Windows\System\HTBXdQM.exe
  C:\Windows\System\HTBXdQM.exe
  2⤵
  PID:5504
- C:\Windows\System\WSQMIvx.exe
  C:\Windows\System\WSQMIvx.exe
  2⤵
  PID:5524
- C:\Windows\System\sCITGje.exe
  C:\Windows\System\sCITGje.exe
  2⤵
  PID:5540
- C:\Windows\System\dArbXXl.exe
  C:\Windows\System\dArbXXl.exe
  2⤵
  PID:5560
- C:\Windows\System\RcBokru.exe
  C:\Windows\System\RcBokru.exe
  2⤵
  PID:5580
- C:\Windows\System\rbGPNBP.exe
  C:\Windows\System\rbGPNBP.exe
  2⤵
  PID:5604
- C:\Windows\System\eoUKzzP.exe
  C:\Windows\System\eoUKzzP.exe
  2⤵
  PID:5620
- C:\Windows\System\MrHkBcH.exe
  C:\Windows\System\MrHkBcH.exe
  2⤵
  PID:5640
- C:\Windows\System\DgyqTBq.exe
  C:\Windows\System\DgyqTBq.exe
  2⤵
  PID:5668
- C:\Windows\System\kNHhrCR.exe
  C:\Windows\System\kNHhrCR.exe
  2⤵
  PID:5696
- C:\Windows\System\iHLaNlV.exe
  C:\Windows\System\iHLaNlV.exe
  2⤵
  PID:5716
- C:\Windows\System\jbXuTnf.exe
  C:\Windows\System\jbXuTnf.exe
  2⤵
  PID:5816
- C:\Windows\System\XAojsna.exe
  C:\Windows\System\XAojsna.exe
  2⤵
  PID:5836
- C:\Windows\System\GjPUfIY.exe
  C:\Windows\System\GjPUfIY.exe
  2⤵
  PID:5856
- C:\Windows\System\jkuMGHo.exe
  C:\Windows\System\jkuMGHo.exe
  2⤵
  PID:5880
- C:\Windows\System\OlOSkSx.exe
  C:\Windows\System\OlOSkSx.exe
  2⤵
  PID:5900
- C:\Windows\System\UKyMOAX.exe
  C:\Windows\System\UKyMOAX.exe
  2⤵
  PID:5916
- C:\Windows\System\GPJPcpb.exe
  C:\Windows\System\GPJPcpb.exe
  2⤵
  PID:5940
- C:\Windows\System\bdJaTOl.exe
  C:\Windows\System\bdJaTOl.exe
  2⤵
  PID:5960
- C:\Windows\System\qqPIAqh.exe
  C:\Windows\System\qqPIAqh.exe
  2⤵
  PID:5980
- C:\Windows\System\gtMIVRJ.exe
  C:\Windows\System\gtMIVRJ.exe
  2⤵
  PID:6000
- C:\Windows\System\yyhkPmQ.exe
  C:\Windows\System\yyhkPmQ.exe
  2⤵
  PID:6020
- C:\Windows\System\yrcElyL.exe
  C:\Windows\System\yrcElyL.exe
  2⤵
  PID:6040
- C:\Windows\System\YAdqNEJ.exe
  C:\Windows\System\YAdqNEJ.exe
  2⤵
  PID:6056
- C:\Windows\System\XIBlhdm.exe
  C:\Windows\System\XIBlhdm.exe
  2⤵
  PID:6084
- C:\Windows\System\EKIIGRB.exe
  C:\Windows\System\EKIIGRB.exe
  2⤵
  PID:6100
- C:\Windows\System\eaCLLrl.exe
  C:\Windows\System\eaCLLrl.exe
  2⤵
  PID:6116
- C:\Windows\System\fMPpFVl.exe
  C:\Windows\System\fMPpFVl.exe
  2⤵
  PID:6132
- C:\Windows\System\NGDrvuB.exe
  C:\Windows\System\NGDrvuB.exe
  2⤵
  PID:4368
- C:\Windows\System\HteFPbQ.exe
  C:\Windows\System\HteFPbQ.exe
  2⤵
  PID:3328
- C:\Windows\System\phPNxqD.exe
  C:\Windows\System\phPNxqD.exe
  2⤵
  PID:4340
- C:\Windows\System\MCzJWZa.exe
  C:\Windows\System\MCzJWZa.exe
  2⤵
  PID:4548
- C:\Windows\System\ayvEvbm.exe
  C:\Windows\System\ayvEvbm.exe
  2⤵
  PID:1176
- C:\Windows\System\evpGpbq.exe
  C:\Windows\System\evpGpbq.exe
  2⤵
  PID:2120
- C:\Windows\System\tulhpjT.exe
  C:\Windows\System\tulhpjT.exe
  2⤵
  PID:1052
- C:\Windows\System\xwxrofP.exe
  C:\Windows\System\xwxrofP.exe
  2⤵
  PID:3808
- C:\Windows\System\VHSufWp.exe
  C:\Windows\System\VHSufWp.exe
  2⤵
  PID:2612
- C:\Windows\System\FBbfctv.exe
  C:\Windows\System\FBbfctv.exe
  2⤵
  PID:2868
- C:\Windows\System\UTdTXIG.exe
  C:\Windows\System\UTdTXIG.exe
  2⤵
  PID:5116
- C:\Windows\System\mpxrqML.exe
  C:\Windows\System\mpxrqML.exe
  2⤵
  PID:5404
- C:\Windows\System\Ciuzjhc.exe
  C:\Windows\System\Ciuzjhc.exe
  2⤵
  PID:5440
- C:\Windows\System\JRDqQdE.exe
  C:\Windows\System\JRDqQdE.exe
  2⤵
  PID:5592
- C:\Windows\System\PZySmZG.exe
  C:\Windows\System\PZySmZG.exe
  2⤵
  PID:3044
- C:\Windows\System\sGxksqf.exe
  C:\Windows\System\sGxksqf.exe
  2⤵
  PID:5724
- C:\Windows\System\oQpxDDc.exe
  C:\Windows\System\oQpxDDc.exe
  2⤵
  PID:2388
- C:\Windows\System\GaPhHaJ.exe
  C:\Windows\System\GaPhHaJ.exe
  2⤵
  PID:1524
- C:\Windows\System\UWDokaO.exe
  C:\Windows\System\UWDokaO.exe
  2⤵
  PID:1928
- C:\Windows\System\ixIlPaG.exe
  C:\Windows\System\ixIlPaG.exe
  2⤵
  PID:4024
- C:\Windows\System\ZWckosw.exe
  C:\Windows\System\ZWckosw.exe
  2⤵
  PID:1596
- C:\Windows\System\qFblXSM.exe
  C:\Windows\System\qFblXSM.exe
  2⤵
  PID:732
- C:\Windows\System\IiUnQon.exe
  C:\Windows\System\IiUnQon.exe
  2⤵
  PID:4504
- C:\Windows\System\KqZhjGN.exe
  C:\Windows\System\KqZhjGN.exe
  2⤵
  PID:2616
- C:\Windows\System\ULCwCiY.exe
  C:\Windows\System\ULCwCiY.exe
  2⤵
  PID:5956
- C:\Windows\System\KZFVEvD.exe
  C:\Windows\System\KZFVEvD.exe
  2⤵
  PID:6160
- C:\Windows\System\PLwNNPY.exe
  C:\Windows\System\PLwNNPY.exe
  2⤵
  PID:6184
- C:\Windows\System\Xbkyjtv.exe
  C:\Windows\System\Xbkyjtv.exe
  2⤵
  PID:6200
- C:\Windows\System\SjHxxSN.exe
  C:\Windows\System\SjHxxSN.exe
  2⤵
  PID:6224
- C:\Windows\System\rWuGHkR.exe
  C:\Windows\System\rWuGHkR.exe
  2⤵
  PID:6240
- C:\Windows\System\IQNVGwd.exe
  C:\Windows\System\IQNVGwd.exe
  2⤵
  PID:6264
- C:\Windows\System\QdmZHfu.exe
  C:\Windows\System\QdmZHfu.exe
  2⤵
  PID:6280
- C:\Windows\System\ayAxWWH.exe
  C:\Windows\System\ayAxWWH.exe
  2⤵
  PID:6308
- C:\Windows\System\IewGlfr.exe
  C:\Windows\System\IewGlfr.exe
  2⤵
  PID:6324
- C:\Windows\System\zRtipKO.exe
  C:\Windows\System\zRtipKO.exe
  2⤵
  PID:6348
- C:\Windows\System\qoVDQLX.exe
  C:\Windows\System\qoVDQLX.exe
  2⤵
  PID:6368
- C:\Windows\System\AaQhYYO.exe
  C:\Windows\System\AaQhYYO.exe
  2⤵
  PID:6392
- C:\Windows\System\yMDjmse.exe
  C:\Windows\System\yMDjmse.exe
  2⤵
  PID:6408
- C:\Windows\System\QCJpRUM.exe
  C:\Windows\System\QCJpRUM.exe
  2⤵
  PID:6428
- C:\Windows\System\ykwAtxc.exe
  C:\Windows\System\ykwAtxc.exe
  2⤵
  PID:6448
- C:\Windows\System\JWYnItT.exe
  C:\Windows\System\JWYnItT.exe
  2⤵
  PID:6464
- C:\Windows\System\ubVKSQE.exe
  C:\Windows\System\ubVKSQE.exe
  2⤵
  PID:6484
- C:\Windows\System\kpchwLB.exe
  C:\Windows\System\kpchwLB.exe
  2⤵
  PID:6504
- C:\Windows\System\VBrzxKS.exe
  C:\Windows\System\VBrzxKS.exe
  2⤵
  PID:6520
- C:\Windows\System\rgNsUuQ.exe
  C:\Windows\System\rgNsUuQ.exe
  2⤵
  PID:6544
- C:\Windows\System\GFnTocx.exe
  C:\Windows\System\GFnTocx.exe
  2⤵
  PID:6560
- C:\Windows\System\UMSsYrp.exe
  C:\Windows\System\UMSsYrp.exe
  2⤵
  PID:6588
- C:\Windows\System\zyoUdoc.exe
  C:\Windows\System\zyoUdoc.exe
  2⤵
  PID:6608
- C:\Windows\System\cURZDOF.exe
  C:\Windows\System\cURZDOF.exe
  2⤵
  PID:6632
- C:\Windows\System\CXTVvfS.exe
  C:\Windows\System\CXTVvfS.exe
  2⤵
  PID:6660
- C:\Windows\System\kDHuwtq.exe
  C:\Windows\System\kDHuwtq.exe
  2⤵
  PID:6680
- C:\Windows\System\AJTyeac.exe
  C:\Windows\System\AJTyeac.exe
  2⤵
  PID:6696
- C:\Windows\System\kuDGLUf.exe
  C:\Windows\System\kuDGLUf.exe
  2⤵
  PID:6716
- C:\Windows\System\RWNeQCf.exe
  C:\Windows\System\RWNeQCf.exe
  2⤵
  PID:6732
- C:\Windows\System\OyFdkAc.exe
  C:\Windows\System\OyFdkAc.exe
  2⤵
  PID:6760
- C:\Windows\System\FkHXXuk.exe
  C:\Windows\System\FkHXXuk.exe
  2⤵
  PID:6788
- C:\Windows\System\zGOhDVY.exe
  C:\Windows\System\zGOhDVY.exe
  2⤵
  PID:6808
- C:\Windows\System\qZsYPZw.exe
  C:\Windows\System\qZsYPZw.exe
  2⤵
  PID:6888
- C:\Windows\System\bjPdDZf.exe
  C:\Windows\System\bjPdDZf.exe
  2⤵
  PID:6912
- C:\Windows\System\PlaDBOp.exe
  C:\Windows\System\PlaDBOp.exe
  2⤵
  PID:6940
- C:\Windows\System\ZQNvtps.exe
  C:\Windows\System\ZQNvtps.exe
  2⤵
  PID:6960
- C:\Windows\System\lEbopLb.exe
  C:\Windows\System\lEbopLb.exe
  2⤵
  PID:6980
- C:\Windows\System\QNOShYU.exe
  C:\Windows\System\QNOShYU.exe
  2⤵
  PID:7000
- C:\Windows\System\aiAJMtV.exe
  C:\Windows\System\aiAJMtV.exe
  2⤵
  PID:7020
- C:\Windows\System\oMHWCLU.exe
  C:\Windows\System\oMHWCLU.exe
  2⤵
  PID:7036
- C:\Windows\System\HfCPRtv.exe
  C:\Windows\System\HfCPRtv.exe
  2⤵
  PID:7060
- C:\Windows\System\GVpnxoo.exe
  C:\Windows\System\GVpnxoo.exe
  2⤵
  PID:7080
- C:\Windows\System\UqeJVOm.exe
  C:\Windows\System\UqeJVOm.exe
  2⤵
  PID:7100
- C:\Windows\System\qMJHfyN.exe
  C:\Windows\System\qMJHfyN.exe
  2⤵
  PID:7124
- C:\Windows\System\nnjdGrm.exe
  C:\Windows\System\nnjdGrm.exe
  2⤵
  PID:7140
- C:\Windows\System\tPDeKKH.exe
  C:\Windows\System\tPDeKKH.exe
  2⤵
  PID:7164
- C:\Windows\System\VWRlyIQ.exe
  C:\Windows\System\VWRlyIQ.exe
  2⤵
  PID:6048
- C:\Windows\System\eNdDokw.exe
  C:\Windows\System\eNdDokw.exe
  2⤵
  PID:6128
- C:\Windows\System\gABrYwg.exe
  C:\Windows\System\gABrYwg.exe
  2⤵
  PID:2056
- C:\Windows\System\eNiYKYd.exe
  C:\Windows\System\eNiYKYd.exe
  2⤵
  PID:5480
- C:\Windows\System\pHGJMfg.exe
  C:\Windows\System\pHGJMfg.exe
  2⤵
  PID:5628
- C:\Windows\System\gfzlygV.exe
  C:\Windows\System\gfzlygV.exe
  2⤵
  PID:5656
- C:\Windows\System\jdXDagy.exe
  C:\Windows\System\jdXDagy.exe
  2⤵
  PID:5180
- C:\Windows\System\YYJtRzi.exe
  C:\Windows\System\YYJtRzi.exe
  2⤵
  PID:5464
- C:\Windows\System\XBKsjsi.exe
  C:\Windows\System\XBKsjsi.exe
  2⤵
  PID:5888
- C:\Windows\System\jiJYohv.exe
  C:\Windows\System\jiJYohv.exe
  2⤵
  PID:6176
- C:\Windows\System\LHtipvl.exe
  C:\Windows\System\LHtipvl.exe
  2⤵
  PID:6360
- C:\Windows\System\PMrytPo.exe
  C:\Windows\System\PMrytPo.exe
  2⤵
  PID:6416
- C:\Windows\System\LcHLJeS.exe
  C:\Windows\System\LcHLJeS.exe
  2⤵
  PID:5344
- C:\Windows\System\EdRulwB.exe
  C:\Windows\System\EdRulwB.exe
  2⤵
  PID:6528
- C:\Windows\System\IeNQuib.exe
  C:\Windows\System\IeNQuib.exe
  2⤵
  PID:7176
- C:\Windows\System\UxCYHMB.exe
  C:\Windows\System\UxCYHMB.exe
  2⤵
  PID:7196
- C:\Windows\System\UiYIxto.exe
  C:\Windows\System\UiYIxto.exe
  2⤵
  PID:7216
- C:\Windows\System\fLsPtfE.exe
  C:\Windows\System\fLsPtfE.exe
  2⤵
  PID:7236
- C:\Windows\System\tqwLspv.exe
  C:\Windows\System\tqwLspv.exe
  2⤵
  PID:7256
- C:\Windows\System\MnfkIrp.exe
  C:\Windows\System\MnfkIrp.exe
  2⤵
  PID:7276
- C:\Windows\System\jwLHxER.exe
  C:\Windows\System\jwLHxER.exe
  2⤵
  PID:7304
- C:\Windows\System\ZcFWwEW.exe
  C:\Windows\System\ZcFWwEW.exe
  2⤵
  PID:7324
- C:\Windows\System\cFqEXDZ.exe
  C:\Windows\System\cFqEXDZ.exe
  2⤵
  PID:7352
- C:\Windows\System\GaUessY.exe
  C:\Windows\System\GaUessY.exe
  2⤵
  PID:7372
- C:\Windows\System\DbDzHEe.exe
  C:\Windows\System\DbDzHEe.exe
  2⤵
  PID:7388
- C:\Windows\System\vyeAkWq.exe
  C:\Windows\System\vyeAkWq.exe
  2⤵
  PID:7412
- C:\Windows\System\lQSvFjR.exe
  C:\Windows\System\lQSvFjR.exe
  2⤵
  PID:7428
- C:\Windows\System\mqiAorz.exe
  C:\Windows\System\mqiAorz.exe
  2⤵
  PID:7448
- C:\Windows\System\OnLQrYw.exe
  C:\Windows\System\OnLQrYw.exe
  2⤵
  PID:7476
- C:\Windows\System\cbSJsbu.exe
  C:\Windows\System\cbSJsbu.exe
  2⤵
  PID:7496
- C:\Windows\System\uzYHNWK.exe
  C:\Windows\System\uzYHNWK.exe
  2⤵
  PID:7516
- C:\Windows\System\hEsqtgb.exe
  C:\Windows\System\hEsqtgb.exe
  2⤵
  PID:7536
- C:\Windows\System\spqPKgF.exe
  C:\Windows\System\spqPKgF.exe
  2⤵
  PID:7556
- C:\Windows\System\OMLyHXr.exe
  C:\Windows\System\OMLyHXr.exe
  2⤵
  PID:7580
- C:\Windows\System\zBGLHod.exe
  C:\Windows\System\zBGLHod.exe
  2⤵
  PID:7596
- C:\Windows\System\lmtQLQG.exe
  C:\Windows\System\lmtQLQG.exe
  2⤵
  PID:7616
- C:\Windows\System\RLWkZTq.exe
  C:\Windows\System\RLWkZTq.exe
  2⤵
  PID:7636
- C:\Windows\System\GLzKYjn.exe
  C:\Windows\System\GLzKYjn.exe
  2⤵
  PID:7656
- C:\Windows\System\EJISngZ.exe
  C:\Windows\System\EJISngZ.exe
  2⤵
  PID:7672
- C:\Windows\System\kWMwbIV.exe
  C:\Windows\System\kWMwbIV.exe
  2⤵
  PID:8172
- C:\Windows\System\iVLShKN.exe
  C:\Windows\System\iVLShKN.exe
  2⤵
  PID:2540
- C:\Windows\System\FXMwnXD.exe
  C:\Windows\System\FXMwnXD.exe
  2⤵
  PID:3960
- C:\Windows\System\pJLVyCE.exe
  C:\Windows\System\pJLVyCE.exe
  2⤵
  PID:5912
- C:\Windows\System\JHOpDsU.exe
  C:\Windows\System\JHOpDsU.exe
  2⤵
  PID:5852
- C:\Windows\System\kCalIqk.exe
  C:\Windows\System\kCalIqk.exe
  2⤵
  PID:5812
- C:\Windows\System\pPQxksA.exe
  C:\Windows\System\pPQxksA.exe
  2⤵
  PID:6568
- C:\Windows\System\pQRJGdl.exe
  C:\Windows\System\pQRJGdl.exe
  2⤵
  PID:724
- C:\Windows\System\basCpzZ.exe
  C:\Windows\System\basCpzZ.exe
  2⤵
  PID:4680
- C:\Windows\System\FHkbMIu.exe
  C:\Windows\System\FHkbMIu.exe
  2⤵
  PID:7408
- C:\Windows\System\KnNjnwG.exe
  C:\Windows\System\KnNjnwG.exe
  2⤵
  PID:7460
- C:\Windows\System\HlrOnjs.exe
  C:\Windows\System\HlrOnjs.exe
  2⤵
  PID:216
- C:\Windows\System\YfkyQFS.exe
  C:\Windows\System\YfkyQFS.exe
  2⤵
  PID:5548
- C:\Windows\System\ALXjSne.exe
  C:\Windows\System\ALXjSne.exe
  2⤵
  PID:5616
- C:\Windows\System\CWROSKD.exe
  C:\Windows\System\CWROSKD.exe
  2⤵
  PID:3212
- C:\Windows\System\Wrnpqeg.exe
  C:\Windows\System\Wrnpqeg.exe
  2⤵
  PID:4232
- C:\Windows\System\BKxUPkY.exe
  C:\Windows\System\BKxUPkY.exe
  2⤵
  PID:4808
- C:\Windows\System\EktltfT.exe
  C:\Windows\System\EktltfT.exe
  2⤵
  PID:6156
- C:\Windows\System\vRXWjrn.exe
  C:\Windows\System\vRXWjrn.exe
  2⤵
  PID:5136
- C:\Windows\System\lNVPaFM.exe
  C:\Windows\System\lNVPaFM.exe
  2⤵
  PID:6196
- C:\Windows\System\TwQNDoF.exe
  C:\Windows\System\TwQNDoF.exe
  2⤵
  PID:6256
- C:\Windows\System\DEsQgrE.exe
  C:\Windows\System\DEsQgrE.exe
  2⤵
  PID:6292
- C:\Windows\System\ZvbIflJ.exe
  C:\Windows\System\ZvbIflJ.exe
  2⤵
  PID:6340
- C:\Windows\System\VXiWUol.exe
  C:\Windows\System\VXiWUol.exe
  2⤵
  PID:6476
- C:\Windows\System\ICwhMoo.exe
  C:\Windows\System\ICwhMoo.exe
  2⤵
  PID:6404
- C:\Windows\System\kMSgqKF.exe
  C:\Windows\System\kMSgqKF.exe
  2⤵
  PID:6604
- C:\Windows\System\CjCBYnh.exe
  C:\Windows\System\CjCBYnh.exe
  2⤵
  PID:6740
- C:\Windows\System\wpyhtni.exe
  C:\Windows\System\wpyhtni.exe
  2⤵
  PID:4944
- C:\Windows\System\jGfpmSU.exe
  C:\Windows\System\jGfpmSU.exe
  2⤵
  PID:6908
- C:\Windows\System\RHftOyn.exe
  C:\Windows\System\RHftOyn.exe
  2⤵
  PID:7044
- C:\Windows\System\vauiYra.exe
  C:\Windows\System\vauiYra.exe
  2⤵
  PID:7148
- C:\Windows\System\ZctcGJn.exe
  C:\Windows\System\ZctcGJn.exe
  2⤵
  PID:5164
- C:\Windows\System\blqTYAT.exe
  C:\Windows\System\blqTYAT.exe
  2⤵
  PID:7192
- C:\Windows\System\bQZhrTA.exe
  C:\Windows\System\bQZhrTA.exe
  2⤵
  PID:7336
- C:\Windows\System\iTODMkR.exe
  C:\Windows\System\iTODMkR.exe
  2⤵
  PID:7532
- C:\Windows\System\flVRqsC.exe
  C:\Windows\System\flVRqsC.exe
  2⤵
  PID:7572
- C:\Windows\System\eJAKPNx.exe
  C:\Windows\System\eJAKPNx.exe
  2⤵
  PID:7624
- C:\Windows\System\ikOTrJf.exe
  C:\Windows\System\ikOTrJf.exe
  2⤵
  PID:7680
- C:\Windows\System\NpFPOUP.exe
  C:\Windows\System\NpFPOUP.exe
  2⤵
  PID:7268
- C:\Windows\System\ZeNffcB.exe
  C:\Windows\System\ZeNffcB.exe
  2⤵
  PID:6500
- C:\Windows\System\ehrRftB.exe
  C:\Windows\System\ehrRftB.exe
  2⤵
  PID:6008
- C:\Windows\System\Bqvbdee.exe
  C:\Windows\System\Bqvbdee.exe
  2⤵
  PID:4824
- C:\Windows\System\bAAXSiU.exe
  C:\Windows\System\bAAXSiU.exe
  2⤵
  PID:6096
- C:\Windows\System\SlRDzXA.exe
  C:\Windows\System\SlRDzXA.exe
  2⤵
  PID:8180
- C:\Windows\System\oLoUGYF.exe
  C:\Windows\System\oLoUGYF.exe
  2⤵
  PID:5828
- C:\Windows\System\lnNSvzU.exe
  C:\Windows\System\lnNSvzU.exe
  2⤵
  PID:8144
- C:\Windows\System\TyepXvf.exe
  C:\Windows\System\TyepXvf.exe
  2⤵
  PID:5040
- C:\Windows\System\BXbHZXs.exe
  C:\Windows\System\BXbHZXs.exe
  2⤵
  PID:2352
- C:\Windows\System\mlTljgc.exe
  C:\Windows\System\mlTljgc.exe
  2⤵
  PID:2556
- C:\Windows\System\JRpjeaO.exe
  C:\Windows\System\JRpjeaO.exe
  2⤵
  PID:4296
- C:\Windows\System\opmopAp.exe
  C:\Windows\System\opmopAp.exe
  2⤵
  PID:8216
- C:\Windows\System\wziDYdI.exe
  C:\Windows\System\wziDYdI.exe
  2⤵
  PID:8236
- C:\Windows\System\uHvyVmr.exe
  C:\Windows\System\uHvyVmr.exe
  2⤵
  PID:8252
- C:\Windows\System\bThJCES.exe
  C:\Windows\System\bThJCES.exe
  2⤵
  PID:8308
- C:\Windows\System\xJTkoBn.exe
  C:\Windows\System\xJTkoBn.exe
  2⤵
  PID:8352
- C:\Windows\System\RFVknfR.exe
  C:\Windows\System\RFVknfR.exe
  2⤵
  PID:8376
- C:\Windows\System\lrjRwpK.exe
  C:\Windows\System\lrjRwpK.exe
  2⤵
  PID:8396
- C:\Windows\System\aNSZBhp.exe
  C:\Windows\System\aNSZBhp.exe
  2⤵
  PID:8416
- C:\Windows\System\qFImvkW.exe
  C:\Windows\System\qFImvkW.exe
  2⤵
  PID:8440
- C:\Windows\System\SBrGDzo.exe
  C:\Windows\System\SBrGDzo.exe
  2⤵
  PID:8456
- C:\Windows\System\TTAwlri.exe
  C:\Windows\System\TTAwlri.exe
  2⤵
  PID:8484
- C:\Windows\System\zkMkyIE.exe
  C:\Windows\System\zkMkyIE.exe
  2⤵
  PID:8504
- C:\Windows\System\LDUmRXu.exe
  C:\Windows\System\LDUmRXu.exe
  2⤵
  PID:8520
- C:\Windows\System\mMyBUao.exe
  C:\Windows\System\mMyBUao.exe
  2⤵
  PID:8560
- C:\Windows\System\ialXiJb.exe
  C:\Windows\System\ialXiJb.exe
  2⤵
  PID:8576
- C:\Windows\System\ugCWDKE.exe
  C:\Windows\System\ugCWDKE.exe
  2⤵
  PID:8596
- C:\Windows\System\aqQryNk.exe
  C:\Windows\System\aqQryNk.exe
  2⤵
  PID:8628
- C:\Windows\System\GsxMWxn.exe
  C:\Windows\System\GsxMWxn.exe
  2⤵
  PID:8648
- C:\Windows\System\KWNklyN.exe
  C:\Windows\System\KWNklyN.exe
  2⤵
  PID:8668
- C:\Windows\System\eNtzShF.exe
  C:\Windows\System\eNtzShF.exe
  2⤵
  PID:8688
- C:\Windows\System\pGEsZzu.exe
  C:\Windows\System\pGEsZzu.exe
  2⤵
  PID:8712
- C:\Windows\System\NarwmaP.exe
  C:\Windows\System\NarwmaP.exe
  2⤵
  PID:8756
- C:\Windows\System\ueuxLdH.exe
  C:\Windows\System\ueuxLdH.exe
  2⤵
  PID:8780
- C:\Windows\System\hUVXTvH.exe
  C:\Windows\System\hUVXTvH.exe
  2⤵
  PID:8804
- C:\Windows\System\yzNRxvD.exe
  C:\Windows\System\yzNRxvD.exe
  2⤵
  PID:8828
- C:\Windows\System\LzULSxa.exe
  C:\Windows\System\LzULSxa.exe
  2⤵
  PID:8852
- C:\Windows\System\lzNkKMs.exe
  C:\Windows\System\lzNkKMs.exe
  2⤵
  PID:8876
- C:\Windows\System\kbDpODf.exe
  C:\Windows\System\kbDpODf.exe
  2⤵
  PID:8892
- C:\Windows\System\IZHFjOj.exe
  C:\Windows\System\IZHFjOj.exe
  2⤵
  PID:8916
- C:\Windows\System\zRNXBbh.exe
  C:\Windows\System\zRNXBbh.exe
  2⤵
  PID:8940
- C:\Windows\System\wcDhqMV.exe
  C:\Windows\System\wcDhqMV.exe
  2⤵
  PID:8964
- C:\Windows\System\jSgjJSE.exe
  C:\Windows\System\jSgjJSE.exe
  2⤵
  PID:8980
- C:\Windows\System\mixzKrW.exe
  C:\Windows\System\mixzKrW.exe
  2⤵
  PID:9000
- C:\Windows\System\GqPLIma.exe
  C:\Windows\System\GqPLIma.exe
  2⤵
  PID:9016
- C:\Windows\System\pfYPnKg.exe
  C:\Windows\System\pfYPnKg.exe
  2⤵
  PID:9032
- C:\Windows\System\skGmLPK.exe
  C:\Windows\System\skGmLPK.exe
  2⤵
  PID:9060
- C:\Windows\System\BRcNTPT.exe
  C:\Windows\System\BRcNTPT.exe
  2⤵
  PID:9076
- C:\Windows\System\rXaSprM.exe
  C:\Windows\System\rXaSprM.exe
  2⤵
  PID:9104
- C:\Windows\System\lGQYhWi.exe
  C:\Windows\System\lGQYhWi.exe
  2⤵
  PID:9128
- C:\Windows\System\gaALwyp.exe
  C:\Windows\System\gaALwyp.exe
  2⤵
  PID:9148
- C:\Windows\System\uIHjlxG.exe
  C:\Windows\System\uIHjlxG.exe
  2⤵
  PID:9168
- C:\Windows\System\aYyqKOl.exe
  C:\Windows\System\aYyqKOl.exe
  2⤵
  PID:9188
- C:\Windows\System\peqXUGa.exe
  C:\Windows\System\peqXUGa.exe
  2⤵
  PID:9204
- C:\Windows\System\YYGoccr.exe
  C:\Windows\System\YYGoccr.exe
  2⤵
  PID:6288
- C:\Windows\System\ZTglLdY.exe
  C:\Windows\System\ZTglLdY.exe
  2⤵
  PID:7232
- C:\Windows\System\rXbyFTH.exe
  C:\Windows\System\rXbyFTH.exe
  2⤵
  PID:6728
- C:\Windows\System\RcjsDBt.exe
  C:\Windows\System\RcjsDBt.exe
  2⤵
  PID:7608
- C:\Windows\System\DiRzmch.exe
  C:\Windows\System\DiRzmch.exe
  2⤵
  PID:7488
- C:\Windows\System\VUNOyKi.exe
  C:\Windows\System\VUNOyKi.exe
  2⤵
  PID:7360
- C:\Windows\System\lVRvgcA.exe
  C:\Windows\System\lVRvgcA.exe
  2⤵
  PID:7284
- C:\Windows\System\ZdWJMxa.exe
  C:\Windows\System\ZdWJMxa.exe
  2⤵
  PID:7156
- C:\Windows\System\cWdCdZB.exe
  C:\Windows\System\cWdCdZB.exe
  2⤵
  PID:7908
- C:\Windows\System\jyFLPjl.exe
  C:\Windows\System\jyFLPjl.exe
  2⤵
  PID:7932
- C:\Windows\System\TxtfHjb.exe
  C:\Windows\System\TxtfHjb.exe
  2⤵
  PID:7976
- C:\Windows\System\vCmAeFh.exe
  C:\Windows\System\vCmAeFh.exe
  2⤵
  PID:8024
- C:\Windows\System\XmXwTgz.exe
  C:\Windows\System\XmXwTgz.exe
  2⤵
  PID:8072
- C:\Windows\System\SkQUNnW.exe
  C:\Windows\System\SkQUNnW.exe
  2⤵
  PID:8112
- C:\Windows\System\weShTJH.exe
  C:\Windows\System\weShTJH.exe
  2⤵
  PID:8472
- C:\Windows\System\xjfgSbp.exe
  C:\Windows\System\xjfgSbp.exe
  2⤵
  PID:6648
- C:\Windows\System\tIfwKZQ.exe
  C:\Windows\System\tIfwKZQ.exe
  2⤵
  PID:9224
- C:\Windows\System\OKOzqUa.exe
  C:\Windows\System\OKOzqUa.exe
  2⤵
  PID:9252
- C:\Windows\System\eVRLFVe.exe
  C:\Windows\System\eVRLFVe.exe
  2⤵
  PID:9276
- C:\Windows\System\HWQnZMq.exe
  C:\Windows\System\HWQnZMq.exe
  2⤵
  PID:9296
- C:\Windows\System\ICUKarN.exe
  C:\Windows\System\ICUKarN.exe
  2⤵
  PID:9320
- C:\Windows\System\pMapnEW.exe
  C:\Windows\System\pMapnEW.exe
  2⤵
  PID:9340
- C:\Windows\System\JNeiUsc.exe
  C:\Windows\System\JNeiUsc.exe
  2⤵
  PID:9364
- C:\Windows\System\dIhFVrS.exe
  C:\Windows\System\dIhFVrS.exe
  2⤵
  PID:9384
- C:\Windows\System\btiTuUt.exe
  C:\Windows\System\btiTuUt.exe
  2⤵
  PID:9424
- C:\Windows\System\cZsucPR.exe
  C:\Windows\System\cZsucPR.exe
  2⤵
  PID:9452
- C:\Windows\System\VikBfYT.exe
  C:\Windows\System\VikBfYT.exe
  2⤵
  PID:9468
- C:\Windows\System\bgAaUFr.exe
  C:\Windows\System\bgAaUFr.exe
  2⤵
  PID:9484
- C:\Windows\System\AwbBSAB.exe
  C:\Windows\System\AwbBSAB.exe
  2⤵
  PID:9508
- C:\Windows\System\XmWfimp.exe
  C:\Windows\System\XmWfimp.exe
  2⤵
  PID:9936
- C:\Windows\System\UGXggtD.exe
  C:\Windows\System\UGXggtD.exe
  2⤵
  PID:9972
- C:\Windows\System\NXboozG.exe
  C:\Windows\System\NXboozG.exe
  2⤵
  PID:9988
- C:\Windows\System\GeRqyAa.exe
  C:\Windows\System\GeRqyAa.exe
  2⤵
  PID:10012
- C:\Windows\System\OooEqLv.exe
  C:\Windows\System\OooEqLv.exe
  2⤵
  PID:10036
- C:\Windows\System\czhJkxZ.exe
  C:\Windows\System\czhJkxZ.exe
  2⤵
  PID:10092
- C:\Windows\System\DXJJGaN.exe
  C:\Windows\System\DXJJGaN.exe
  2⤵
  PID:10124
- C:\Windows\System\SyLxroL.exe
  C:\Windows\System\SyLxroL.exe
  2⤵
  PID:10152
- C:\Windows\System\EFBHLlh.exe
  C:\Windows\System\EFBHLlh.exe
  2⤵
  PID:10184
- C:\Windows\System\Zxaxlnk.exe
  C:\Windows\System\Zxaxlnk.exe
  2⤵
  PID:10212
- C:\Windows\System\YciVpMJ.exe
  C:\Windows\System\YciVpMJ.exe
  2⤵
  PID:10232
- C:\Windows\System\DuOUUII.exe
  C:\Windows\System\DuOUUII.exe
  2⤵
  PID:8820
- C:\Windows\System\TmntimB.exe
  C:\Windows\System\TmntimB.exe
  2⤵
  PID:8844
- C:\Windows\System\dwyBVUU.exe
  C:\Windows\System\dwyBVUU.exe
  2⤵
  PID:8960
- C:\Windows\System\ctosQPn.exe
  C:\Windows\System\ctosQPn.exe
  2⤵
  PID:9184
- C:\Windows\System\xOMXNRQ.exe
  C:\Windows\System\xOMXNRQ.exe
  2⤵
  PID:5892
- C:\Windows\System\BeSoKZT.exe
  C:\Windows\System\BeSoKZT.exe
  2⤵
  PID:4476
- C:\Windows\System\FflDGnR.exe
  C:\Windows\System\FflDGnR.exe
  2⤵
  PID:6332
- C:\Windows\System\yukrHnR.exe
  C:\Windows\System\yukrHnR.exe
  2⤵
  PID:4064
- C:\Windows\System\RlluebS.exe
  C:\Windows\System\RlluebS.exe
  2⤵
  PID:8408
- C:\Windows\System\NulWICU.exe
  C:\Windows\System\NulWICU.exe
  2⤵
  PID:7456
- C:\Windows\System\cvLtdqc.exe
  C:\Windows\System\cvLtdqc.exe
  2⤵
  PID:7604
- C:\Windows\System\ZIEwEbP.exe
  C:\Windows\System\ZIEwEbP.exe
  2⤵
  PID:2780
- C:\Windows\System\enUByXt.exe
  C:\Windows\System\enUByXt.exe
  2⤵
  PID:8816
- C:\Windows\System\dOdQbqr.exe
  C:\Windows\System\dOdQbqr.exe
  2⤵
  PID:8908
- C:\Windows\System\csYYtSV.exe
  C:\Windows\System\csYYtSV.exe
  2⤵
  PID:9136
- C:\Windows\System\GBFPORr.exe
  C:\Windows\System\GBFPORr.exe
  2⤵
  PID:4484
- C:\Windows\System\GNiOSfK.exe
  C:\Windows\System\GNiOSfK.exe
  2⤵
  PID:9460
- C:\Windows\System\DjAPHxJ.exe
  C:\Windows\System\DjAPHxJ.exe
  2⤵
  PID:7528
- C:\Windows\System\lWIwgHO.exe
  C:\Windows\System\lWIwgHO.exe
  2⤵
  PID:6388
- C:\Windows\System\bAjlnEi.exe
  C:\Windows\System\bAjlnEi.exe
  2⤵
  PID:5352
- C:\Windows\System\ADnfkTR.exe
  C:\Windows\System\ADnfkTR.exe
  2⤵
  PID:7444
- C:\Windows\System\fgyCRcO.exe
  C:\Windows\System\fgyCRcO.exe
  2⤵
  PID:8200
- C:\Windows\System\TkpNnkW.exe
  C:\Windows\System\TkpNnkW.exe
  2⤵
  PID:8244
- C:\Windows\System\DyyGsXa.exe
  C:\Windows\System\DyyGsXa.exe
  2⤵
  PID:8284
- C:\Windows\System\Zfterux.exe
  C:\Windows\System\Zfterux.exe
  2⤵
  PID:8316
- C:\Windows\System\lxyTSKI.exe
  C:\Windows\System\lxyTSKI.exe
  2⤵
  PID:8064
- C:\Windows\System\lizAtgy.exe
  C:\Windows\System\lizAtgy.exe
  2⤵
  PID:10244
- C:\Windows\System\csPHahc.exe
  C:\Windows\System\csPHahc.exe
  2⤵
  PID:10264
- C:\Windows\System\eUulHKl.exe
  C:\Windows\System\eUulHKl.exe
  2⤵
  PID:10288
- C:\Windows\System\BskOKcG.exe
  C:\Windows\System\BskOKcG.exe
  2⤵
  PID:10304
- C:\Windows\System\RqMQmJD.exe
  C:\Windows\System\RqMQmJD.exe
  2⤵
  PID:10328
- C:\Windows\System\ZqZSzPF.exe
  C:\Windows\System\ZqZSzPF.exe
  2⤵
  PID:10372
- C:\Windows\System\TRaMjvY.exe
  C:\Windows\System\TRaMjvY.exe
  2⤵
  PID:10396
- C:\Windows\System\NOwSwad.exe
  C:\Windows\System\NOwSwad.exe
  2⤵
  PID:10452
- C:\Windows\System\hdDosQz.exe
  C:\Windows\System\hdDosQz.exe
  2⤵
  PID:10468
- C:\Windows\System\xVldOcv.exe
  C:\Windows\System\xVldOcv.exe
  2⤵
  PID:10488
- C:\Windows\System\xlJVIEC.exe
  C:\Windows\System\xlJVIEC.exe
  2⤵
  PID:10504
- C:\Windows\System\CjeVLpo.exe
  C:\Windows\System\CjeVLpo.exe
  2⤵
  PID:10528
- C:\Windows\System\hxmirmG.exe
  C:\Windows\System\hxmirmG.exe
  2⤵
  PID:10548
- C:\Windows\System\HmqBIUL.exe
  C:\Windows\System\HmqBIUL.exe
  2⤵
  PID:10564
- C:\Windows\System\DivsQnq.exe
  C:\Windows\System\DivsQnq.exe
  2⤵
  PID:10592
- C:\Windows\System\AgFLxWS.exe
  C:\Windows\System\AgFLxWS.exe
  2⤵
  PID:10616
- C:\Windows\System\gikMLhz.exe
  C:\Windows\System\gikMLhz.exe
  2⤵
  PID:10632
- C:\Windows\System\ndhIXXs.exe
  C:\Windows\System\ndhIXXs.exe
  2⤵
  PID:10652
- C:\Windows\System\bnUvVIX.exe
  C:\Windows\System\bnUvVIX.exe
  2⤵
  PID:10680
- C:\Windows\System\DasaDNf.exe
  C:\Windows\System\DasaDNf.exe
  2⤵
  PID:10696
- C:\Windows\System\FQVbMSq.exe
  C:\Windows\System\FQVbMSq.exe
  2⤵
  PID:10720
- C:\Windows\System\cMBFKNE.exe
  C:\Windows\System\cMBFKNE.exe
  2⤵
  PID:10748
- C:\Windows\System\hNGttEJ.exe
  C:\Windows\System\hNGttEJ.exe
  2⤵
  PID:10776
- C:\Windows\System\qnDmBBo.exe
  C:\Windows\System\qnDmBBo.exe
  2⤵
  PID:10812
- C:\Windows\System\yIEzFgU.exe
  C:\Windows\System\yIEzFgU.exe
  2⤵
  PID:10840
- C:\Windows\System\vvlDfUJ.exe
  C:\Windows\System\vvlDfUJ.exe
  2⤵
  PID:10860
- C:\Windows\System\GsMRdIw.exe
  C:\Windows\System\GsMRdIw.exe
  2⤵
  PID:10876
- C:\Windows\System\PHZsPuq.exe
  C:\Windows\System\PHZsPuq.exe
  2⤵
  PID:10892
- C:\Windows\System\rpSFysQ.exe
  C:\Windows\System\rpSFysQ.exe
  2⤵
  PID:10908
- C:\Windows\System\grvxxNU.exe
  C:\Windows\System\grvxxNU.exe
  2⤵
  PID:10924
- C:\Windows\System\cGhfXIW.exe
  C:\Windows\System\cGhfXIW.exe
  2⤵
  PID:10940
- C:\Windows\System\TfztTnZ.exe
  C:\Windows\System\TfztTnZ.exe
  2⤵
  PID:10956
- C:\Windows\System\DpZCxOK.exe
  C:\Windows\System\DpZCxOK.exe
  2⤵
  PID:10984
- C:\Windows\System\ZOIdZKl.exe
  C:\Windows\System\ZOIdZKl.exe
  2⤵
  PID:11000
- C:\Windows\System\NUEqZfx.exe
  C:\Windows\System\NUEqZfx.exe
  2⤵
  PID:11028
- C:\Windows\System\xfHkOLg.exe
  C:\Windows\System\xfHkOLg.exe
  2⤵
  PID:11052
- C:\Windows\System\aDnRRlq.exe
  C:\Windows\System\aDnRRlq.exe
  2⤵
  PID:11072
- C:\Windows\System\dqAdzJY.exe
  C:\Windows\System\dqAdzJY.exe
  2⤵
  PID:11096
- C:\Windows\System\FUjrrnQ.exe
  C:\Windows\System\FUjrrnQ.exe
  2⤵
  PID:11112
- C:\Windows\System\jsSpPFy.exe
  C:\Windows\System\jsSpPFy.exe
  2⤵
  PID:11140
- C:\Windows\System\RlrKdIc.exe
  C:\Windows\System\RlrKdIc.exe
  2⤵
  PID:11168
- C:\Windows\System\DtgZqAX.exe
  C:\Windows\System\DtgZqAX.exe
  2⤵
  PID:11192
- C:\Windows\System\ZfUBRLT.exe
  C:\Windows\System\ZfUBRLT.exe
  2⤵
  PID:11212
- C:\Windows\System\BSdDcUu.exe
  C:\Windows\System\BSdDcUu.exe
  2⤵
  PID:11232
- C:\Windows\System\tYQGnsW.exe
  C:\Windows\System\tYQGnsW.exe
  2⤵
  PID:11252
- C:\Windows\System\jRUSCBB.exe
  C:\Windows\System\jRUSCBB.exe
  2⤵
  PID:8592
- C:\Windows\System\oYDyHzi.exe
  C:\Windows\System\oYDyHzi.exe
  2⤵
  PID:8640
- C:\Windows\System\fhCKtdy.exe
  C:\Windows\System\fhCKtdy.exe
  2⤵
  PID:8680
- C:\Windows\System\twLMtOT.exe
  C:\Windows\System\twLMtOT.exe
  2⤵
  PID:8708
- C:\Windows\System\QtsKOve.exe
  C:\Windows\System\QtsKOve.exe
  2⤵
  PID:8764
- C:\Windows\System\AoJriKo.exe
  C:\Windows\System\AoJriKo.exe
  2⤵
  PID:8872
- C:\Windows\System\xGZNTeD.exe
  C:\Windows\System\xGZNTeD.exe
  2⤵
  PID:8988
- C:\Windows\System\hwMFzKd.exe
  C:\Windows\System\hwMFzKd.exe
  2⤵
  PID:9028
- C:\Windows\System\XMTLWCR.exe
  C:\Windows\System\XMTLWCR.exe
  2⤵
  PID:9072
- C:\Windows\System\HPeoxnT.exe
  C:\Windows\System\HPeoxnT.exe
  2⤵
  PID:9888
- C:\Windows\System\wIHVYTN.exe
  C:\Windows\System\wIHVYTN.exe
  2⤵
  PID:9160
- C:\Windows\System\LhCOlqO.exe
  C:\Windows\System\LhCOlqO.exe
  2⤵
  PID:6896
- C:\Windows\System\IPtoBZq.exe
  C:\Windows\System\IPtoBZq.exe
  2⤵
  PID:7116
- C:\Windows\System\dZTPKiv.exe
  C:\Windows\System\dZTPKiv.exe
  2⤵
  PID:9952
- C:\Windows\System\kBRdzIR.exe
  C:\Windows\System\kBRdzIR.exe
  2⤵
  PID:8080
- C:\Windows\System\ZZokkOP.exe
  C:\Windows\System\ZZokkOP.exe
  2⤵
  PID:7924
- C:\Windows\System\yqXhPmu.exe
  C:\Windows\System\yqXhPmu.exe
  2⤵
  PID:10140
- C:\Windows\System\EDCGJgD.exe
  C:\Windows\System\EDCGJgD.exe
  2⤵
  PID:10196
- C:\Windows\System\oNbLRME.exe
  C:\Windows\System\oNbLRME.exe
  2⤵
  PID:8800
- C:\Windows\System\UMYHUhR.exe
  C:\Windows\System\UMYHUhR.exe
  2⤵
  PID:9176
- C:\Windows\System\CuiQeVt.exe
  C:\Windows\System\CuiQeVt.exe
  2⤵
  PID:3480
- C:\Windows\System\eKpYuKd.exe
  C:\Windows\System\eKpYuKd.exe
  2⤵
  PID:2468
- C:\Windows\System\UMdfUlJ.exe
  C:\Windows\System\UMdfUlJ.exe
  2⤵
  PID:11748
- C:\Windows\System\XmKjccY.exe
  C:\Windows\System\XmKjccY.exe
  2⤵
  PID:11768
- C:\Windows\System\QquDMOA.exe
  C:\Windows\System\QquDMOA.exe
  2⤵
  PID:11796
- C:\Windows\System\RWmYqSY.exe
  C:\Windows\System\RWmYqSY.exe
  2⤵
  PID:11820
- C:\Windows\System\EDtjqYO.exe
  C:\Windows\System\EDtjqYO.exe
  2⤵
  PID:11836
- C:\Windows\System\UQKlIDn.exe
  C:\Windows\System\UQKlIDn.exe
  2⤵
  PID:11860
- C:\Windows\System\mGoqxPG.exe
  C:\Windows\System\mGoqxPG.exe
  2⤵
  PID:11884
- C:\Windows\System\XwPqTmC.exe
  C:\Windows\System\XwPqTmC.exe
  2⤵
  PID:11904
- C:\Windows\System\eGVCuVF.exe
  C:\Windows\System\eGVCuVF.exe
  2⤵
  PID:11932
- C:\Windows\System\ZxSmobf.exe
  C:\Windows\System\ZxSmobf.exe
  2⤵
  PID:11956
- C:\Windows\System\INeaQOJ.exe
  C:\Windows\System\INeaQOJ.exe
  2⤵
  PID:11992
- C:\Windows\System\cevXzdc.exe
  C:\Windows\System\cevXzdc.exe
  2⤵
  PID:12032
- C:\Windows\System\fjUewPC.exe
  C:\Windows\System\fjUewPC.exe
  2⤵
  PID:12048
- C:\Windows\System\VXoljmn.exe
  C:\Windows\System\VXoljmn.exe
  2⤵
  PID:12068
- C:\Windows\System\NZJvKmU.exe
  C:\Windows\System\NZJvKmU.exe
  2⤵
  PID:12084
- C:\Windows\System\aMKPNso.exe
  C:\Windows\System\aMKPNso.exe
  2⤵
  PID:12108
- C:\Windows\System\kMXgOQf.exe
  C:\Windows\System\kMXgOQf.exe
  2⤵
  PID:12128
- C:\Windows\System\ncHbMbt.exe
  C:\Windows\System\ncHbMbt.exe
  2⤵
  PID:12148
- C:\Windows\System\kAuNSUl.exe
  C:\Windows\System\kAuNSUl.exe
  2⤵
  PID:12168
- C:\Windows\System\NXNVAHT.exe
  C:\Windows\System\NXNVAHT.exe
  2⤵
  PID:12192
- C:\Windows\System\aqWMFuY.exe
  C:\Windows\System\aqWMFuY.exe
  2⤵
  PID:12208
- C:\Windows\System\eMBBJNZ.exe
  C:\Windows\System\eMBBJNZ.exe
  2⤵
  PID:12252
- C:\Windows\System\VvJejHQ.exe
  C:\Windows\System\VvJejHQ.exe
  2⤵
  PID:12276
- C:\Windows\System\AaHKOai.exe
  C:\Windows\System\AaHKOai.exe
  2⤵
  PID:8500
- C:\Windows\System\orWWefD.exe
  C:\Windows\System\orWWefD.exe
  2⤵
  PID:9304
- C:\Windows\System\xVQJDVW.exe
  C:\Windows\System\xVQJDVW.exe
  2⤵
  PID:9348
- C:\Windows\System\ufRDBRy.exe
  C:\Windows\System\ufRDBRy.exe
  2⤵
  PID:9420
- C:\Windows\System\oHYnnfr.exe
  C:\Windows\System\oHYnnfr.exe
  2⤵
  PID:10676
- C:\Windows\System\usNdwec.exe
  C:\Windows\System\usNdwec.exe
  2⤵
  PID:9440
- C:\Windows\System\tzjrBte.exe
  C:\Windows\System\tzjrBte.exe
  2⤵
  PID:11020
- C:\Windows\System\WPfQJae.exe
  C:\Windows\System\WPfQJae.exe
  2⤵
  PID:11044
- C:\Windows\System\hSLbZkC.exe
  C:\Windows\System\hSLbZkC.exe
  2⤵
  PID:11092
- C:\Windows\System\vompPWD.exe
  C:\Windows\System\vompPWD.exe
  2⤵
  PID:9932
- C:\Windows\System\RXHDNDx.exe
  C:\Windows\System\RXHDNDx.exe
  2⤵
  PID:7088
- C:\Windows\System\vgrnLvm.exe
  C:\Windows\System\vgrnLvm.exe
  2⤵
  PID:9980
- C:\Windows\System\uAbEpVU.exe
  C:\Windows\System\uAbEpVU.exe
  2⤵
  PID:11200
- C:\Windows\System\CMjjFHD.exe
  C:\Windows\System\CMjjFHD.exe
  2⤵
  PID:8540
- C:\Windows\System\plgvgFb.exe
  C:\Windows\System\plgvgFb.exe
  2⤵
  PID:9576
- C:\Windows\System\ZyIYgBQ.exe
  C:\Windows\System\ZyIYgBQ.exe
  2⤵
  PID:4072
- C:\Windows\System\VAGimfq.exe
  C:\Windows\System\VAGimfq.exe
  2⤵
  PID:6232
- C:\Windows\System\hBcnRFQ.exe
  C:\Windows\System\hBcnRFQ.exe
  2⤵
  PID:7380
- C:\Windows\System\PzTnnhv.exe
  C:\Windows\System\PzTnnhv.exe
  2⤵
  PID:9360
- C:\Windows\System\cAdeIkk.exe
  C:\Windows\System\cAdeIkk.exe
  2⤵
  PID:8952
- C:\Windows\System\aVwInPv.exe
  C:\Windows\System\aVwInPv.exe
  2⤵
  PID:888
- C:\Windows\System\MpCQSku.exe
  C:\Windows\System\MpCQSku.exe
  2⤵
  PID:10280
- C:\Windows\System\jZHzSgV.exe
  C:\Windows\System\jZHzSgV.exe
  2⤵
  PID:10324
- C:\Windows\System\JgjTldK.exe
  C:\Windows\System\JgjTldK.exe
  2⤵
  PID:6336
- C:\Windows\System\vEDrrCL.exe
  C:\Windows\System\vEDrrCL.exe
  2⤵
  PID:9768
- C:\Windows\System\FiWocjb.exe
  C:\Windows\System\FiWocjb.exe
  2⤵
  PID:10524
- C:\Windows\System\HdcYZZa.exe
  C:\Windows\System\HdcYZZa.exe
  2⤵
  PID:10584
- C:\Windows\System\NVObZce.exe
  C:\Windows\System\NVObZce.exe
  2⤵
  PID:1680
- C:\Windows\System\mPEqxad.exe
  C:\Windows\System\mPEqxad.exe
  2⤵
  PID:9848
- C:\Windows\System\ziRBkAC.exe
  C:\Windows\System\ziRBkAC.exe
  2⤵
  PID:9872
- C:\Windows\System\dUqBUmG.exe
  C:\Windows\System\dUqBUmG.exe
  2⤵
  PID:10900
- C:\Windows\System\QULGXSs.exe
  C:\Windows\System\QULGXSs.exe
  2⤵
  PID:11008
- C:\Windows\System\BVppuXg.exe
  C:\Windows\System\BVppuXg.exe
  2⤵
  PID:11164
- C:\Windows\System\dpWFDij.exe
  C:\Windows\System\dpWFDij.exe
  2⤵
  PID:11224
- C:\Windows\System\uBhgtIS.exe
  C:\Windows\System\uBhgtIS.exe
  2⤵
  PID:10080
- C:\Windows\System\YuJJoOV.exe
  C:\Windows\System\YuJJoOV.exe
  2⤵
  PID:8948
- C:\Windows\System\BavhAFm.exe
  C:\Windows\System\BavhAFm.exe
  2⤵
  PID:12296
- C:\Windows\System\EDOWUVm.exe
  C:\Windows\System\EDOWUVm.exe
  2⤵
  PID:12324
- C:\Windows\System\aaCzpoC.exe
  C:\Windows\System\aaCzpoC.exe
  2⤵
  PID:12340
- C:\Windows\System\tRQdBdK.exe
  C:\Windows\System\tRQdBdK.exe
  2⤵
  PID:12372
- C:\Windows\System\SwgncET.exe
  C:\Windows\System\SwgncET.exe
  2⤵
  PID:12396
- C:\Windows\System\EsCxMHH.exe
  C:\Windows\System\EsCxMHH.exe
  2⤵
  PID:12412
- C:\Windows\System\jaUtqYh.exe
  C:\Windows\System\jaUtqYh.exe
  2⤵
  PID:12436
- C:\Windows\System\IejRjfl.exe
  C:\Windows\System\IejRjfl.exe
  2⤵
  PID:12460
- C:\Windows\System\sRWXQER.exe
  C:\Windows\System\sRWXQER.exe
  2⤵
  PID:12476
- C:\Windows\System\phSubis.exe
  C:\Windows\System\phSubis.exe
  2⤵
  PID:12504
- C:\Windows\System\WiCbGva.exe
  C:\Windows\System\WiCbGva.exe
  2⤵
  PID:12528
- C:\Windows\System\UtRdxuG.exe
  C:\Windows\System\UtRdxuG.exe
  2⤵
  PID:12544
- C:\Windows\System\mbbpjZQ.exe
  C:\Windows\System\mbbpjZQ.exe
  2⤵
  PID:12572
- C:\Windows\System\aVBZULV.exe
  C:\Windows\System\aVBZULV.exe
  2⤵
  PID:12600
- C:\Windows\System\GCgQsgF.exe
  C:\Windows\System\GCgQsgF.exe
  2⤵
  PID:12616
- C:\Windows\System\FXMgiSe.exe
  C:\Windows\System\FXMgiSe.exe
  2⤵
  PID:12640
- C:\Windows\System\ystdJWY.exe
  C:\Windows\System\ystdJWY.exe
  2⤵
  PID:12660
- C:\Windows\System\pExcXMQ.exe
  C:\Windows\System\pExcXMQ.exe
  2⤵
  PID:12680
- C:\Windows\System\DcdLFcv.exe
  C:\Windows\System\DcdLFcv.exe
  2⤵
  PID:12696
- C:\Windows\System\KvzFsRt.exe
  C:\Windows\System\KvzFsRt.exe
  2⤵
  PID:12720
- C:\Windows\System\VEhlYBp.exe
  C:\Windows\System\VEhlYBp.exe
  2⤵
  PID:12740
- C:\Windows\System\eJHHncm.exe
  C:\Windows\System\eJHHncm.exe
  2⤵
  PID:12772
- C:\Windows\System\mqgVgtA.exe
  C:\Windows\System\mqgVgtA.exe
  2⤵
  PID:12796
- C:\Windows\System\fYMCPSK.exe
  C:\Windows\System\fYMCPSK.exe
  2⤵
  PID:12824
- C:\Windows\System\jOLfYyt.exe
  C:\Windows\System\jOLfYyt.exe
  2⤵
  PID:12848
- C:\Windows\System\kzcydXK.exe
  C:\Windows\System\kzcydXK.exe
  2⤵
  PID:12868
- C:\Windows\System\qRrwbck.exe
  C:\Windows\System\qRrwbck.exe
  2⤵
  PID:12892
- C:\Windows\System\ltEbril.exe
  C:\Windows\System\ltEbril.exe
  2⤵
  PID:12912
- C:\Windows\System\DZvvZJr.exe
  C:\Windows\System\DZvvZJr.exe
  2⤵
  PID:12936
- C:\Windows\System\pafYTmC.exe
  C:\Windows\System\pafYTmC.exe
  2⤵
  PID:12956
- C:\Windows\System\JUNjEnO.exe
  C:\Windows\System\JUNjEnO.exe
  2⤵
  PID:12972
- C:\Windows\System\ASExjWG.exe
  C:\Windows\System\ASExjWG.exe
  2⤵
  PID:12988
- C:\Windows\System\SWDpYGp.exe
  C:\Windows\System\SWDpYGp.exe
  2⤵
  PID:13004
- C:\Windows\System\EmCHVYd.exe
  C:\Windows\System\EmCHVYd.exe
  2⤵
  PID:13020
- C:\Windows\System\UtBlvhd.exe
  C:\Windows\System\UtBlvhd.exe
  2⤵
  PID:13036
- C:\Windows\System\QNIaYNh.exe
  C:\Windows\System\QNIaYNh.exe
  2⤵
  PID:13052
- C:\Windows\System\innhPme.exe
  C:\Windows\System\innhPme.exe
  2⤵
  PID:13068
- C:\Windows\System\AiSPinZ.exe
  C:\Windows\System\AiSPinZ.exe
  2⤵
  PID:13084
- C:\Windows\System\GQZkhYt.exe
  C:\Windows\System\GQZkhYt.exe
  2⤵
  PID:13100
- C:\Windows\System\ECTFBTz.exe
  C:\Windows\System\ECTFBTz.exe
  2⤵
  PID:13116
- C:\Windows\System\IdiZgvq.exe
  C:\Windows\System\IdiZgvq.exe
  2⤵
  PID:13132
- C:\Windows\System\KeAsSVG.exe
  C:\Windows\System\KeAsSVG.exe
  2⤵
  PID:13148
- C:\Windows\System\WuyuVwW.exe
  C:\Windows\System\WuyuVwW.exe
  2⤵
  PID:13168
- C:\Windows\System\gKDCyyb.exe
  C:\Windows\System\gKDCyyb.exe
  2⤵
  PID:13196
- C:\Windows\System\pAkNuJL.exe
  C:\Windows\System\pAkNuJL.exe
  2⤵
  PID:13220
- C:\Windows\System\NvFEjTy.exe
  C:\Windows\System\NvFEjTy.exe
  2⤵
  PID:13236
- C:\Windows\System\Yjhnbxl.exe
  C:\Windows\System\Yjhnbxl.exe
  2⤵
  PID:13252
- C:\Windows\System\uqXqvtX.exe
  C:\Windows\System\uqXqvtX.exe
  2⤵
  PID:13272
- C:\Windows\System\WLlZgiW.exe
  C:\Windows\System\WLlZgiW.exe
  2⤵
  PID:13296
- C:\Windows\System\DKBmHTq.exe
  C:\Windows\System\DKBmHTq.exe
  2⤵
  PID:9492
- C:\Windows\System\dlFDxHu.exe
  C:\Windows\System\dlFDxHu.exe
  2⤵
  PID:11564
- C:\Windows\System\MBxGAoQ.exe
  C:\Windows\System\MBxGAoQ.exe
  2⤵
  PID:9232
- C:\Windows\System\xanNZAK.exe
  C:\Windows\System\xanNZAK.exe
  2⤵
  PID:13012
- C:\Windows\System\nWSdaDm.exe
  C:\Windows\System\nWSdaDm.exe
  2⤵
  PID:13164
- C:\Windows\System\xMjsACo.exe
  C:\Windows\System\xMjsACo.exe
  2⤵
  PID:11924
- C:\Windows\System\oHBbGMF.exe
  C:\Windows\System\oHBbGMF.exe
  2⤵
  PID:11416
- C:\Windows\System\eofjpam.exe
  C:\Windows\System\eofjpam.exe
  2⤵
  PID:12060
- C:\Windows\System\YebczwI.exe
  C:\Windows\System\YebczwI.exe
  2⤵
  PID:9112
- C:\Windows\System\ISwLZzZ.exe
  C:\Windows\System\ISwLZzZ.exe
  2⤵
  PID:11900
- C:\Windows\System\PmKCVZP.exe
  C:\Windows\System\PmKCVZP.exe
  2⤵
  PID:10692
- C:\Windows\System\MmffbNT.exe
  C:\Windows\System\MmffbNT.exe
  2⤵
  PID:2016
- C:\Windows\System\QXTlHny.exe
  C:\Windows\System\QXTlHny.exe
  2⤵
  PID:10888
- C:\Windows\System\fwecqYI.exe
  C:\Windows\System\fwecqYI.exe
  2⤵
  PID:12864
- C:\Windows\System\glJDlCQ.exe
  C:\Windows\System\glJDlCQ.exe
  2⤵
  PID:12908
- C:\Windows\System\HpjLkJb.exe
  C:\Windows\System\HpjLkJb.exe
  2⤵
  PID:12964
- C:\Windows\System\eFjfjYC.exe
  C:\Windows\System\eFjfjYC.exe
  2⤵
  PID:13208
- C:\Windows\System\XwqKJbB.exe
  C:\Windows\System\XwqKJbB.exe
  2⤵
  PID:8368
- C:\Windows\System\BSWpwRn.exe
  C:\Windows\System\BSWpwRn.exe
  2⤵
  PID:12136
- C:\Windows\System\kjLQfvH.exe
  C:\Windows\System\kjLQfvH.exe
  2⤵
  PID:12540
- C:\Windows\System\HHMWjdk.exe
  C:\Windows\System\HHMWjdk.exe
  2⤵
  PID:12160
- C:\Windows\System\ziyGFSj.exe
  C:\Windows\System\ziyGFSj.exe
  2⤵
  PID:11516
- C:\Windows\System\jSgViTZ.exe
  C:\Windows\System\jSgViTZ.exe
  2⤵
  PID:10628
- C:\Windows\System\fOPXOTp.exe
  C:\Windows\System\fOPXOTp.exe
  2⤵
  PID:12216
- C:\Windows\System\ogiYkpT.exe
  C:\Windows\System\ogiYkpT.exe
  2⤵
  PID:10500
- C:\Windows\System\eUUCllX.exe
  C:\Windows\System\eUUCllX.exe
  2⤵
  PID:12092
- C:\Windows\System\chxYqgP.exe
  C:\Windows\System\chxYqgP.exe
  2⤵
  PID:11068
- C:\Windows\System\XtYFfKB.exe
  C:\Windows\System\XtYFfKB.exe
  2⤵
  PID:10272
- C:\Windows\System\zexewDA.exe
  C:\Windows\System\zexewDA.exe
  2⤵
  PID:10824
- C:\Windows\System\mZRqnkn.exe
  C:\Windows\System\mZRqnkn.exe
  2⤵
  PID:9044
- C:\Windows\System\BjnutpU.exe
  C:\Windows\System\BjnutpU.exe
  2⤵
  PID:13064
- C:\Windows\System\RkMIcMI.exe
  C:\Windows\System\RkMIcMI.exe
  2⤵
  PID:12692
- C:\Windows\System\vmXlCTs.exe
  C:\Windows\System\vmXlCTs.exe
  2⤵
  PID:9092
- C:\Windows\System\fFdkmti.exe
  C:\Windows\System\fFdkmti.exe
  2⤵
  PID:13288
- C:\Windows\System\OLcDdML.exe
  C:\Windows\System\OLcDdML.exe
  2⤵
  PID:11120
- C:\Windows\System\BmfQiDJ.exe
  C:\Windows\System\BmfQiDJ.exe
  2⤵
  PID:9632
- C:\Windows\System\uFwdbjT.exe
  C:\Windows\System\uFwdbjT.exe
  2⤵
  PID:12676
- C:\Windows\System\TEHuKNJ.exe
  C:\Windows\System\TEHuKNJ.exe
  2⤵
  PID:13108
- C:\Windows\System\guKuNGe.exe
  C:\Windows\System\guKuNGe.exe
  2⤵
  PID:11656
- C:\Windows\System\tjflLqp.exe
  C:\Windows\System\tjflLqp.exe
  2⤵
  PID:10916
- C:\Windows\System\mMGRUSC.exe
  C:\Windows\System\mMGRUSC.exe
  2⤵
  PID:11984
- C:\Windows\System\urqbNfO.exe
  C:\Windows\System\urqbNfO.exe
  2⤵
  PID:7668
- C:\Windows\System\WyVSMxb.exe
  C:\Windows\System\WyVSMxb.exe
  2⤵
  PID:1684
- C:\Windows\System\FlEgPDl.exe
  C:\Windows\System\FlEgPDl.exe
  2⤵
  PID:10976
- C:\Windows\System\ljZEPHe.exe
  C:\Windows\System\ljZEPHe.exe
  2⤵
  PID:1252
- C:\Windows\System\ytjrSim.exe
  C:\Windows\System\ytjrSim.exe
  2⤵
  PID:10260
- C:\Windows\System\jBUFjXE.exe
  C:\Windows\System\jBUFjXE.exe
  2⤵
  PID:12140
- C:\Windows\System\WtrVWPa.exe
  C:\Windows\System\WtrVWPa.exe
  2⤵
  PID:13268
- C:\Windows\System\XzrnBOM.exe
  C:\Windows\System\XzrnBOM.exe
  2⤵
  PID:12468
- C:\Windows\System\mXIGvBJ.exe
  C:\Windows\System\mXIGvBJ.exe
  2⤵
  PID:8776
- C:\Windows\System\dNlzauI.exe
  C:\Windows\System\dNlzauI.exe
  2⤵
  PID:8696
- C:\Windows\System\nfvqoFq.exe
  C:\Windows\System\nfvqoFq.exe
  2⤵
  PID:12496
- C:\Windows\System\pAHkwVP.exe
  C:\Windows\System\pAHkwVP.exe
  2⤵
  PID:12820
- C:\Windows\System\rAIyaqJ.exe
  C:\Windows\System\rAIyaqJ.exe
  2⤵
  PID:9556
- C:\Windows\System\nmbixpD.exe
  C:\Windows\System\nmbixpD.exe
  2⤵
  PID:12320
- C:\Windows\System\uzPjVDV.exe
  C:\Windows\System\uzPjVDV.exe
  2⤵
  PID:13308
- C:\Windows\System\VikbvFn.exe
  C:\Windows\System\VikbvFn.exe
  2⤵
  PID:12264
- C:\Windows\System\gWCHmXk.exe
  C:\Windows\System\gWCHmXk.exe
  2⤵
  PID:10320
- C:\Windows\System\lTjUDBc.exe
  C:\Windows\System\lTjUDBc.exe
  2⤵
  PID:8264
- C:\Windows\System\akKjBWa.exe
  C:\Windows\System\akKjBWa.exe
  2⤵
  PID:7952
- C:\Windows\System\SvZWFyE.exe
  C:\Windows\System\SvZWFyE.exe
  2⤵
  PID:11944
- C:\Windows\System\jEkWDNY.exe
  C:\Windows\System\jEkWDNY.exe
  2⤵
  PID:12456
- C:\Windows\System\BQqPqQl.exe
  C:\Windows\System\BQqPqQl.exe
  2⤵
  PID:11344
- C:\Windows\System\HrAJRQf.exe
  C:\Windows\System\HrAJRQf.exe
  2⤵
  PID:12204
- C:\Windows\System\STjKQof.exe
  C:\Windows\System\STjKQof.exe
  2⤵
  PID:12980
- C:\Windows\System\YCEynXA.exe
  C:\Windows\System\YCEynXA.exe
  2⤵
  PID:3476
- C:\Windows\System\RNPOHpd.exe
  C:\Windows\System\RNPOHpd.exe
  2⤵
  PID:9236
- C:\Windows\System\EwQRpim.exe
  C:\Windows\System\EwQRpim.exe
  2⤵
  PID:11448
- C:\Windows\System\QvgTIpG.exe
  C:\Windows\System\QvgTIpG.exe
  2⤵
  PID:12688
- C:\Windows\System\BgrwaPX.exe
  C:\Windows\System\BgrwaPX.exe
  2⤵
  PID:8000
- C:\Windows\System\MvZGnng.exe
  C:\Windows\System\MvZGnng.exe
  2⤵
  PID:3024
- C:\Windows\System\SLAJiIk.exe
  C:\Windows\System\SLAJiIk.exe
  2⤵
  PID:12184
- C:\Windows\System\cvesBXk.exe
  C:\Windows\System\cvesBXk.exe
  2⤵
  PID:736
- C:\Windows\System\XOzgygD.exe
  C:\Windows\System\XOzgygD.exe
  2⤵
  PID:2168
- C:\Windows\System\IANGYbN.exe
  C:\Windows\System\IANGYbN.exe
  2⤵
  PID:11552
- C:\Windows\System\VQKsgFN.exe
  C:\Windows\System\VQKsgFN.exe
  2⤵
  PID:3936
- C:\Windows\System\YXpnPbM.exe
  C:\Windows\System\YXpnPbM.exe
  2⤵
  PID:12624
- C:\Windows\System\ViDwzwi.exe
  C:\Windows\System\ViDwzwi.exe
  2⤵
  PID:12144
- C:\Windows\System\uqmXMHn.exe
  C:\Windows\System\uqmXMHn.exe
  2⤵
  PID:3364
- C:\Windows\System\RfdJDgG.exe
  C:\Windows\System\RfdJDgG.exe
  2⤵
  PID:11640
- C:\Windows\System\KBvZBAK.exe
  C:\Windows\System\KBvZBAK.exe
  2⤵
  PID:9400
- C:\Windows\System\KInXHjQ.exe
  C:\Windows\System\KInXHjQ.exe
  2⤵
  PID:10608
- C:\Windows\System\QfUEZPZ.exe
  C:\Windows\System\QfUEZPZ.exe
  2⤵
  PID:3056
- C:\Windows\System\xuHDFyq.exe
  C:\Windows\System\xuHDFyq.exe
  2⤵
  PID:7832
- C:\Windows\System\iAcJmct.exe
  C:\Windows\System\iAcJmct.exe
  2⤵
  PID:7864

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 10500 -ip 10500
1⤵
PID:10320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_01jhk2oe.n33.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AhovuQW.exe

Filesize
1.4MB

MD5
11dc076654dde174e54d5063596ffd04

SHA1
6b289cfffda5fd9c39da7062fd2504e0639bf51a

SHA256
3f16ae364a401dcc5186febb877f58086399366827f1461eee9a2c5a2bfc8aa9

SHA512
0816fcc7cdd2a8ae32132ca3f524edb7fbf8a3603c23be97fbd02a97c7cea51e5f79b23b7347a32c5c22ffea36425f774ba8d05b9d4c443f52003bed8851e4f6

Download Submit
C:\Windows\System\CZglrXg.exe

Filesize
1.4MB

MD5
878a635214e4b7d6f6833624fd07ac2d

SHA1
8bbcb881b52e548d1d0a26ed0c6d4024bdab279f

SHA256
f2069debf02516461872f9cd546f44033b8afc90bcd0ab577528c964cba9756f

SHA512
52358c47750f09fe5b8f5e83238ccf316a1869320cb83b8c9732006317e188da88252c14807e2f81ccdb0d891dfb7f270dcafb8859c04b73e8e87899e97ec39b

Download Submit
C:\Windows\System\DjyBlMn.exe

Filesize
1.4MB

MD5
7c2820c3c5198c3b688a025a3ece82f6

SHA1
7b11785e7443694e622aae90cbf4206f5119b038

SHA256
a0fd64874f519bc73a67ab43b6f834c6b25993f974c7e3dec1278a3bdea8e263

SHA512
6514f2046bfc5f4c9e6a794539efaaca2aabb711353799100e257f78d3f88c2564263dbc19b0bd8806f4eccc3f0117ff27db23de2fc0b808ce19a684d0f0ccda

Download Submit
C:\Windows\System\ExZhtZK.exe

Filesize
1.4MB

MD5
7bfaa36ca88a7183f69257be5f5c8c26

SHA1
62a2856fdf1fee094842be88cd10edd83f284674

SHA256
e51e0811f024a13b8c978ad79a1c6822aa2cdbcd7f10d83f2f6d4d520c01a757

SHA512
9430c4475b7cbdb869e0a4bfb6bb818d9ecb87d013ff3dbf58841bfe4b4ab5c9e98000de93bb33bf600514c5026dce7a0b5b9dc476386a1d33be7f8daac831c1

Download Submit
C:\Windows\System\FDzaKvK.exe

Filesize
1.4MB

MD5
e9874f992f2ca7b57b6ccda4e6e98bbd

SHA1
e52483fda778ff9be83187aa77a6bd50a522a017

SHA256
8f63ec32b7ff61510ff5ce05525af4cc40c2aeec1ba86b60d5d021eb2f74e1a4

SHA512
c71c79224f88d0e02d64785f13bcbe9ffeb9cd2044fce43aef0a41d5dc820232064e114b0a4c11a6c21258ee835908dafced20e630a4833f0a3b64c8da560379

Download Submit
C:\Windows\System\GiEkhvw.exe

Filesize
1.4MB

MD5
11cbafa04aa6ac464b155ce34eab0de0

SHA1
65b53e89cc8f3e9feec6f2985ab6570658d2ea45

SHA256
b5eba699280965b9be5a701e08f76da18730c4e1dc2e2c083b1dfedf1811397a

SHA512
fd372e8b2642f8bc5f342e5fddb308e59846e216c67ddc0769e55fa1a4d189771694cad01db641280b98ed7a5097b64515a8567826d1897bd38b6e23b4e8f609

Download Submit
C:\Windows\System\HSzqqbC.exe

Filesize
1.4MB

MD5
6eb2947c5e4b804329d0114a5b679d02

SHA1
32b55bb03aa4c429db6c16ac85dd2e3409a0e96e

SHA256
028d15aa35003c4bedb0602868f47ed2d951e0fb89765a41fd8772dfad89dcc6

SHA512
95da86534b54667ea7931512f02d3f4447ac7987cfd2e81c93e3d31602e8a071ae9935ca97291479d29b3c67199bbdca65f01e5093fc44c1e995f8bd55dc3c23

Download Submit
C:\Windows\System\INcbjuK.exe

Filesize
1.4MB

MD5
1020b1248db1a7b4faca42a8510b0ff5

SHA1
f9e0c77bac824c7045d0ab80d70389998e3a9623

SHA256
4df2de40a05b9c3162140ee0fd2c9c76c7ab8d5854c0d65f3d7e4e40d0e9bd6b

SHA512
f303e3f298c7a914f005523022630e8d5bdd7e37f313b0f1caaf2c7d36931c2060a4dacd1dcff02473d6bb9a5ce65ba29da6d2e45dd6f062578debeff9f5f2a6

Download Submit
C:\Windows\System\IdXkzSO.exe

Filesize
1.4MB

MD5
d872aa61e3a02430d140b055eec43fa5

SHA1
0b60f6f339abb87d39ad108028d00615419356af

SHA256
26bf4d42d1856e7d3b64b7da70d37fa44581d8335643753fa55ef3bcdf3f1228

SHA512
597dd84b7eb4ef0fd64a6d02af95fed3f6aafe4beea2209d5a7bc3b667f0b20fa5b12cd6e13a309e3b1b7005262d752ac35ec00baff8c7fefb59d9c0091a27a1

Download Submit
C:\Windows\System\JjKUpKo.exe

Filesize
1.4MB

MD5
f75f3ff9cffb2de91f2a230a0ff2fe35

SHA1
b090fdac4844f30110a6c2d35ae319f05eec3cc3

SHA256
82fedaf40983dabc65d18cea2e9518999dbe9999e383ba1966f100b17bd6b48e

SHA512
366c62e3364448e4bb91d5906a0fd2a2720d6dee2d6558d89d09fc916a523b88d5b05617853349431381d8ef015558ba8ffb8cb6e75854e5ab85bdac5aba0035

Download Submit
C:\Windows\System\KRjSLAG.exe

Filesize
1.4MB

MD5
6d61494d33d0a4d3e7f584247639f5bd

SHA1
c02613a49d6985bbd1eade7edf681f6bfe085028

SHA256
246dd1643ca84407b4a4d024ace229f83f494489557439ed70e9d37d500bbb8b

SHA512
321f5d17244077c31133cb3df62a717d790444ac00ce5426f043dbc86894ccaa242c4c5962bf8aa8626eb9952e836bb8189e085b7a568b9e7f749f876ddebe2d

Download Submit
C:\Windows\System\NIXHeIY.exe

Filesize
1.4MB

MD5
558b6118cbad09db9d3812dee9c3fb91

SHA1
68698ffde14cb463d3046164c7c4abcf72798792

SHA256
1e24e59546a674e3307df291c6758f868a4199a7bab55cf4ebd6fe490768b8ec

SHA512
8db823b9855615d48fb640fb46e903de7602b78d88cee41ab8bc10497c55d1e9323623bfdef015dd8fab248c6a49ebc09ca626cbf01b5f74112512adc11363d1

Download Submit
C:\Windows\System\OIDgVVs.exe

Filesize
1.4MB

MD5
d4a3d93e96f6d81f5b3a769991fcc760

SHA1
e76bcd6b038301d72be8d72acce93804183ca333

SHA256
bfa95d8a6e361a13924a5fa93ca73c859d4282608098fe2ee689565deb916e96

SHA512
e77a30dcb679155ce08c3002466177c46a13894a20358d2403a4d251d7f3169204402e9e456216a48cfa6acaed88d2c4e72b9ab975a4b86e7eb46910d42bd09a

Download Submit
C:\Windows\System\OKCQdJL.exe

Filesize
1.4MB

MD5
11a0a4e6d585ed40b17f6cbc9e798a62

SHA1
5c2fd9ee528e28db642881101994839bb7a068b0

SHA256
a2dd9f15fcec1cc6964ee9f7e2c4dbbc3d6a69f76311182be0d06ca8761e84b8

SHA512
954055d17368d7f4794b3b2f9288576e5e1c79f7cacb4f9efe803d25ac74f7b072fb006c37efb610e2397abec405473af4d64f4dad83a6e897cac5a78fad7536

Download Submit
C:\Windows\System\PRphkxu.exe

Filesize
1.4MB

MD5
e387c74e763baec095fdffe14956cc72

SHA1
8566d75341b3a0cd760c6d9369cd15eedb36a593

SHA256
10eb7b2baf9a68afef066353d52e400693f9a20f81e61cb6b9fc520f75155c0a

SHA512
d4db651600c62beab08a0eb0ad8d2342114d9c4dfe0a9d417456adecac40508a0d45b89c42f5acba2d97adc8195f5bbc4324c9304266ef1e27c9044db9a1f3e2

Download Submit
C:\Windows\System\YokAvNZ.exe

Filesize
1.4MB

MD5
38f69109a3b261bd659574a1416d80d4

SHA1
207fda1738f182c8ef87e0e6293a7989218d43cf

SHA256
c35011cbe1f419c30222ad549b42f3275284347f3d9e3acea6edd1a2564ec652

SHA512
77639cbc9fe8803a111ef68f99e9d760e58c44c1dd8e2ddee88dee6a2a42f1cc72c3656f6c5527a042f324c4659797ac9266258af92b4d7e3ad0b532644c35b9

Download Submit
C:\Windows\System\ZhYRPZO.exe

Filesize
1.4MB

MD5
fa1eb1dba861679dae20b077b2ba2f71

SHA1
8b30d503254c3da3080ac9f39458b736f39b56f5

SHA256
21f214d6c9a3c61d488c1549e7dbfecbcfc8411b51e464e77c94b61983ede95f

SHA512
58966d33cc23c704b42b54529bd1d35edc7cacb7d2f75df675d46fb2a6d91525d3bc070e6a89a727373b4f8df0b2a5e7c388c49ec341ec5388106c19473510cd

Download Submit
C:\Windows\System\arJczUM.exe

Filesize
1.4MB

MD5
e2731d8b15ead57637bf1dd4bdf33d52

SHA1
4be1a8749a70c87e4d2cd3102637abbc1f5430bf

SHA256
484513db942a7832d9d86b2801c45ae6f5bc455de27681d99de0b96bae91576b

SHA512
ed93bc6645adfcbf6af4b67596c876a1daf694d3510ab95ffe6069cfd9c230b294b87fab054bd9bf0d2fa354677064b2e299453d50b62ddb6e0408460b49e39d

Download Submit
C:\Windows\System\azrnalO.exe

Filesize
1.4MB

MD5
0fe17a055494e3f0b59e343bf6c46fd6

SHA1
6854c0b12f66ffdf3598df9b0a1eab081f3eabc0

SHA256
7b8bdf18ca59a88f451447e0be13d7fffe8460f594551f3a5cc2f55d2d6dc39b

SHA512
1add6dd791f050170d24ddb3cd39f7738d678ac2e59ab465b92cb8c9b6173f335ac24ea2fd6be903e6c79e1aaa56fe76f7d0c374a1aa09beafe9d1dfe8655164

Download Submit
C:\Windows\System\bFaacjs.exe

Filesize
8B

MD5
8df5d7cea6f17e33b828ee09a4f8c91e

SHA1
6aaff1a3a288a0aba2a3023d517e314fe986f730

SHA256
cebffee933f857324d8ea2bd5fb8dad33034c7e30f8e9b644e83274baeadc1d6

SHA512
aee4f16c452925a2700f8c6c545adb516dd855069c67839327087aebe75765ec2637a168ea26305bfaf7ca090b0abc3820134331985dd395f3751e82867cb7ea

Download Submit
C:\Windows\System\bHaafvL.exe

Filesize
1.4MB

MD5
0f05651e542cd7f38eecce794ea1187c

SHA1
f995f97533642abf045a74d906c7c105226d89ef

SHA256
404c86caf989cd1f0511a7e3c469144b7e4585d38449c4c615b2428237bd0b45

SHA512
8d4907b3d19a1af0cb2d93942d97c5b925637cff15864f317a017ccdbb1f04e2c46ac568d74494622d90e0ff0e8c3c835f62388de647652f1f79300bf4670198

Download Submit
C:\Windows\System\cODPrsG.exe

Filesize
1.4MB

MD5
52c15cc6c0814f96832341730ede9501

SHA1
6b1fa0241cb20a61fc5b54521651d5e5feaf69c6

SHA256
a51230482997b64617bca6aa87e645ea8dd5f31bb6775a46a7956ccc9047951c

SHA512
5f3ce0de535dec9804b8cb443048f8524dfda89d40a5c88839f49e2bc4594a60494184832ff491cc3ef5d82205cae4386e8fe8687699baae66e893c53809d8a1

Download Submit
C:\Windows\System\eAIAqAl.exe

Filesize
1.4MB

MD5
094334d96ef5e81c3be70354234cbb05

SHA1
632099abd60615f2ae8a74dab3ecb4298f425f74

SHA256
b1385e87f492d9811fd7a9158dc567162ec457631316edc794b29a050671d558

SHA512
c61f5e10c4266f2f6265ba852da2572f978354dfbe0bdc21bcf1e13b6b327fda9d32ef79c1dcca27a86695442d0706583b8ee6d3220138cfbce17630b52e7318

Download Submit
C:\Windows\System\eAzWXsz.exe

Filesize
1.4MB

MD5
9fdd042f76f6f84f80c2ee44a07afae5

SHA1
6461a1cdcc554e5472d83c9fb1d12edb2af48342

SHA256
a2a2914acf3d65b2c7554764f91df5a443e988ba5b8b90425ac92d6d06b70a1b

SHA512
fd88e39c160e9768ae77e2c6b54ed17ea50213766c92d8d5ad4d5b8d49dfefd393edf8d396040f1b9d4005b11fc020ed7cc14b7b3266f8d3bdbd84d42fca1e31

Download Submit
C:\Windows\System\eeNJNIX.exe

Filesize
1.4MB

MD5
4e16390f435365697520d579505b415b

SHA1
9df41322f9dd876de3f3b2d266fc5c7e2179ea7c

SHA256
55eabebe7263ea8ff570521672de1519793d84c17f1095f417151a6b97033dde

SHA512
223674b4b831f2692f0d14e4105f361bb596b20a9b4f017a31cae7ff50020d039a1a2c73713d92097cc8426f895966d1931bb356c5b6b24281609a4aaab68059

Download Submit
C:\Windows\System\gfzicwL.exe

Filesize
1.4MB

MD5
5c65d848e166d1d5897dff9aba41a179

SHA1
bc9f3b58ce503edddf6f8d9063648c9104dbaa7e

SHA256
cb7368fd6fd671e530ff770fe85e021964a9c43e7a37f99d0d065337ec6a940c

SHA512
442e5fd277454486142bdd45b44fad4aa05851a8c1f12998ffbf3fd7042d75ef4f8095f056ae6b028faf9e8915394ed4ae6279571d5db2b9439bd5e8417bf3a8

Download Submit
C:\Windows\System\hadodGZ.exe

Filesize
1.4MB

MD5
2a6ce37ee921c1c9789903f99389f246

SHA1
45ed5df512a1870a64d982c14419bfc0063cda0b

SHA256
6cd82793ad91130d0f33681e62d0dd30d539458e25001a5e4e50e7bb7b7fa02d

SHA512
a201b82fc021975960dd207e235c3ea2565d17a26d4da8327f301c6ba72b25520550c2fb711b847f9c7e3acaa06b81b15494f852a438636d23e63078b335b361

Download Submit
C:\Windows\System\lOUSZEM.exe

Filesize
1.4MB

MD5
1cd5d48e8958858c1e0530702c02bfa2

SHA1
abac14eb5bfe85a397a01e8deb0a4a4dddaac6b6

SHA256
9f6df66a8b52c55cb37a0a0e3e51b32b59cc36bc37b6f49f850b9d09b69f4d98

SHA512
fb53ec2e63c5ba1371a2459fbb65087ab04c0c8305602dda427a52fb4a8501a6a8d91dde9e6da76e31de14c0e669c573c577ac1af0ae2d2da5df1169c20705a7

Download Submit
C:\Windows\System\mQMOiEV.exe

Filesize
1.4MB

MD5
ddc416482f88f0cadb0b232e3794bb3a

SHA1
4cb6318f445fb888420a643ae44ff023c477f591

SHA256
b332f0757b54d056876180def23e67286d8c9554ae11d27303fd272ae1269d03

SHA512
26d01d183abe9d0bc978c0ceb7ebc3db41435acb010bf99618a08bb2d04ecb7d87223c9bf9f2d9b05f880f8d55e882dea39fec678d85c33f82a1768ecf679f79

Download Submit
C:\Windows\System\nVIQewq.exe

Filesize
1.4MB

MD5
a877948bd52204ff2df568bc9dc9d4f0

SHA1
e6d50802fc74b7313e4eb40510eea35389e89e02

SHA256
d70fb8d088b2e55800c292f2f94aeda95f89a56c4aca6b06a9f79b5179d47e7d

SHA512
f2199cdd8ac922d5ecd68e258635dd94762a2c1facdd410c5117810d0f3050f71a703883c46ac12eb0dda41cf4870368c7accdca5db2ab9b8e24021268012cbd

Download Submit
C:\Windows\System\nilPVte.exe

Filesize
1.4MB

MD5
cef73823de9151cc93cc30cc5400a433

SHA1
f23fe23ffd4fe2cd5b343db54590332083c9d57a

SHA256
60d07a98e69fa4d461e79d7aaedf120d5c75919806cc584cb62d2c059fc5744e

SHA512
06d0961f7fcf1080bcd8fa68e3ea140e91bf733273aea65f257d66129af81d3bfe321a02fa4b39dd8b7ebd3751be266933a663ff98b87b54969ba698f55bddfb

Download Submit
C:\Windows\System\qGWGrvH.exe

Filesize
1.4MB

MD5
6be4352bbae4bf021f04290e55196da4

SHA1
cf6b62183c3a8a9e38894d9dcc74505965e80021

SHA256
552b3e74a563ae007c8fdf35051bc9218f81de4c98c884358883ad10974a5d9f

SHA512
8f7fe22ad2bf7cd5cca58e46294d7916b3b4b633262f41469c897d16ec7e256f07f4586c22e90662ac4bfbc97f249d791efc01841f4b5b55df324c157d13236e

Download Submit
C:\Windows\System\tBdXicB.exe

Filesize
1.4MB

MD5
33736eec69aba739a31a56130248e7cb

SHA1
6ce950152354fbf33c0f03fc0f732396e735fc5a

SHA256
d30a5291b2e58e62c36efb69a5dbea00665fe9377a11c929c4d9e58311e3c0f3

SHA512
4d4f2b1d6566ce84b5ddd80a4b47d20586c0a36cda4bba46fe9f654d1f383c34e41814aadfa057f65ab6766e6154c545a8238fdcbefaeea641cb0d7872fb54fb

Download Submit
C:\Windows\System\tIDLebs.exe

Filesize
1.4MB

MD5
3c277f6735d5a943161de1f9c5aa1f9f

SHA1
c13b71fe5dc4fee3ef3beed9f75a12200425e114

SHA256
641a35c3ce6367810de13c0484b7d235494b3ede7c5c69b006dda2bd6436d56d

SHA512
d66533f114e3712a5e59c2236162fcb364f87bc7ab92249975f60e323a667c10b6a9fc4131a111decc5adf16ad8f0f7435235b8804cfcaee1cdf4bcccc9d3c64

Download Submit
C:\Windows\System\uSzRoMb.exe

Filesize
1.4MB

MD5
095ce9f10998296d49338a789cc4f4f6

SHA1
f48582168e31dd910d39bd3969fe52466042eda7

SHA256
3da9c1d15885d1e03433c2167934b85895cfb825077bb81cda0c868636b1a721

SHA512
9c8555f29eea25048b60354e518a64a4d782925602098e82846b76186a8ad5753a82fc4c55abef612cde49abfccc8190bc11f8a87f3b6b97c6c737aadc69609b

Download Submit
C:\Windows\System\vzboYph.exe

Filesize
1.4MB

MD5
e7d5dbf7bc092d1964dce64ef6ae1938

SHA1
ef1489bdfb9a340a8ef4eb50d5b682e314ab2330

SHA256
20e7b66e27792bd84972d9dd03d1127b8085cd94a6a61a759f1f2e3879784a28

SHA512
b0fd6c5825de76953210391c9298fa7a8d99c368c7b5356d271997bfbb9252f1823aaa3620554b101e1b4848d270a57e3f69f6248937aef764a8a83b00942abe

Download Submit
C:\Windows\System\ypoYldt.exe

Filesize
1.4MB

MD5
5a447db6032485d30a80672b58c6ed4b

SHA1
4db448d65ab5bff47807762f3e294f2f47cb805f

SHA256
b274550546693d4c0a09580a8e158bba24dcb094a122917d1dd55d99e34dc3ea

SHA512
37b9fc7f9536d184128ab6de161e1270dc3e65b6d59baefc78dc262ceed105d1892e7e8fb7420477a9ae8575182ec1de0163b9023b99dc75835792ce38107eb3

Download Submit
C:\Windows\System\zMFQFtO.exe

Filesize
1.4MB

MD5
94a57da4beb4110ccda40dc8edb11baa

SHA1
d06317839a569521ce745c9beb99cd605ee1de08

SHA256
4d68a7a29d0a01828ef50af891e07d7d94b2c4ede277cea1d2b8487b8a2524ee

SHA512
76f4b8690829ad04d61b8db12ded3c103f79c0fb34f4cb46b8174a272c3edfbed6c381386fb1997529587526cea75a8e42c0b39b7cc998fed86dc857457358b3

Download Submit
C:\Windows\System\zMXYLBm.exe

Filesize
1.4MB

MD5
b47ebde2b2c57e8568dd901faa513c7a

SHA1
9f60529e856b6c5e2ad798255338b46c222c99d5

SHA256
d0bda9def06fb86c643a059a00330f88374db76c3ac334b10d63a2963a7f0582

SHA512
c19ee06159401215368ac4b8f57d0b92a8a304ed41b255ac0b180afe200754cd5ed695fb4e7270afb297bc085a7d0114a89d2d1ffa6fb9bb8303a45e48363a21

Download Submit
memory/60-3485-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp

Filesize
3.9MB

Download
memory/60-294-0x00007FF7CBAB0000-0x00007FF7CBEA2000-memory.dmp

Filesize
3.9MB

Download
memory/412-3497-0x00007FF636B70000-0x00007FF636F62000-memory.dmp

Filesize
3.9MB

Download
memory/412-690-0x00007FF636B70000-0x00007FF636F62000-memory.dmp

Filesize
3.9MB

Download
memory/564-3528-0x00007FF74FE80000-0x00007FF750272000-memory.dmp

Filesize
3.9MB

Download
memory/564-688-0x00007FF74FE80000-0x00007FF750272000-memory.dmp

Filesize
3.9MB

Download
memory/1288-3482-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp

Filesize
3.9MB

Download
memory/1288-233-0x00007FF64A000000-0x00007FF64A3F2000-memory.dmp

Filesize
3.9MB

Download
memory/1436-350-0x00007FF763740000-0x00007FF763B32000-memory.dmp

Filesize
3.9MB

Download
memory/1436-3495-0x00007FF763740000-0x00007FF763B32000-memory.dmp

Filesize
3.9MB

Download
memory/1676-729-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp

Filesize
3.9MB

Download
memory/1676-3477-0x00007FF62CA50000-0x00007FF62CE42000-memory.dmp

Filesize
3.9MB

Download
memory/1868-1-0x000001A037AA0000-0x000001A037AB0000-memory.dmp

Filesize
64KB

Download
memory/1868-0-0x00007FF607610000-0x00007FF607A02000-memory.dmp

Filesize
3.9MB

Download
memory/1888-3483-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp

Filesize
3.9MB

Download
memory/1888-286-0x00007FF7D2DB0000-0x00007FF7D31A2000-memory.dmp

Filesize
3.9MB

Download
memory/2100-3510-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp

Filesize
3.9MB

Download
memory/2100-810-0x00007FF75B2A0000-0x00007FF75B692000-memory.dmp

Filesize
3.9MB

Download
memory/2112-684-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp

Filesize
3.9MB

Download
memory/2112-3522-0x00007FF6B3210000-0x00007FF6B3602000-memory.dmp

Filesize
3.9MB

Download
memory/2324-3516-0x00007FF65F470000-0x00007FF65F862000-memory.dmp

Filesize
3.9MB

Download
memory/2324-678-0x00007FF65F470000-0x00007FF65F862000-memory.dmp

Filesize
3.9MB

Download
memory/2384-3500-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp

Filesize
3.9MB

Download
memory/2384-681-0x00007FF7C6DD0000-0x00007FF7C71C2000-memory.dmp

Filesize
3.9MB

Download
memory/2448-3512-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2448-686-0x00007FF7D4AF0000-0x00007FF7D4EE2000-memory.dmp

Filesize
3.9MB

Download
memory/2668-17-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp

Filesize
3.9MB

Download
memory/2668-3475-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp

Filesize
3.9MB

Download
memory/2668-3441-0x00007FF6B7EC0000-0x00007FF6B82B2000-memory.dmp

Filesize
3.9MB

Download
memory/2776-728-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp

Filesize
3.9MB

Download
memory/2776-3479-0x00007FF7814C0000-0x00007FF7818B2000-memory.dmp

Filesize
3.9MB

Download
memory/2888-432-0x00007FF625730000-0x00007FF625B22000-memory.dmp

Filesize
3.9MB

Download
memory/2888-3487-0x00007FF625730000-0x00007FF625B22000-memory.dmp

Filesize
3.9MB

Download
memory/3068-3519-0x00007FF789500000-0x00007FF7898F2000-memory.dmp

Filesize
3.9MB

Download
memory/3068-687-0x00007FF789500000-0x00007FF7898F2000-memory.dmp

Filesize
3.9MB

Download
memory/3512-167-0x00007FF83DF30000-0x00007FF83E9F1000-memory.dmp

Filesize
10.8MB

Download
memory/3512-83-0x00007FF83DF30000-0x00007FF83E9F1000-memory.dmp

Filesize
10.8MB

Download
memory/3512-19-0x00007FF83DF33000-0x00007FF83DF35000-memory.dmp

Filesize
8KB

Download
memory/3512-264-0x00000232FD960000-0x00000232FD982000-memory.dmp

Filesize
136KB

Download
memory/3952-3490-0x00007FF773320000-0x00007FF773712000-memory.dmp

Filesize
3.9MB

Download
memory/3952-685-0x00007FF773320000-0x00007FF773712000-memory.dmp

Filesize
3.9MB

Download
memory/3996-727-0x00007FF619A60000-0x00007FF619E52000-memory.dmp

Filesize
3.9MB

Download
memory/3996-3507-0x00007FF619A60000-0x00007FF619E52000-memory.dmp

Filesize
3.9MB

Download
memory/4112-3493-0x00007FF731720000-0x00007FF731B12000-memory.dmp

Filesize
3.9MB

Download
memory/4112-293-0x00007FF731720000-0x00007FF731B12000-memory.dmp

Filesize
3.9MB

Download
memory/4352-683-0x00007FF645E10000-0x00007FF646202000-memory.dmp

Filesize
3.9MB

Download
memory/4352-3520-0x00007FF645E10000-0x00007FF646202000-memory.dmp

Filesize
3.9MB

Download
memory/4360-689-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp

Filesize
3.9MB

Download
memory/4360-3502-0x00007FF6B5D90000-0x00007FF6B6182000-memory.dmp

Filesize
3.9MB

Download
memory/4716-3491-0x00007FF681910000-0x00007FF681D02000-memory.dmp

Filesize
3.9MB

Download
memory/4716-542-0x00007FF681910000-0x00007FF681D02000-memory.dmp

Filesize
3.9MB

Download
memory/4880-3504-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4880-682-0x00007FF781B00000-0x00007FF781EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4948-3515-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp

Filesize
3.9MB

Download
memory/4948-680-0x00007FF6B5730000-0x00007FF6B5B22000-memory.dmp

Filesize
3.9MB

Download