xmrig | 1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c

Analysis

max time kernel
141s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
Size

1.7MB
MD5

106c82f469b1d41b54f56fc39f639b6a
SHA1

fd8b327e06581b33fb9e015151d2850f10035ae0
SHA256

1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c
SHA512

ef90eaa4bd7f7021da4c5cb056787dea0e2359f762e6099d7e2c0879a6a935e7d8998907c5dd1101e5c221d1409392e9d5a058cc6f2dae01a1a6855bd0c27539
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNIjTnHzlyZA52C3EES:Lz071uv4BPMkFfdk2auTg0lS

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 47 IoCs

resource	yara_rule
behavioral2/memory/1820-293-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4656-356-0x00007FF710090000-0x00007FF710482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1628-438-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1000-482-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4508-547-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2860-551-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3636-557-0x00007FF610760000-0x00007FF610B52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4536-561-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1172-783-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1996-562-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1516-560-0x00007FF716A90000-0x00007FF716E82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4176-559-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2732-558-0x00007FF778590000-0x00007FF778982000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4912-556-0x00007FF636860000-0x00007FF636C52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5100-555-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/740-554-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1356-553-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2740-552-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2268-481-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4544-292-0x00007FF611800000-0x00007FF611BF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4268-241-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1680-195-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-128-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1796-2937-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4608-2939-0x00007FF7AF370000-0x00007FF7AF762000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4544-2941-0x00007FF611800000-0x00007FF611BF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1680-2943-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4656-2947-0x00007FF710090000-0x00007FF710482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1172-2946-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4268-2951-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1628-2950-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1820-2955-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2268-2954-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1000-2957-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2740-2960-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4508-2964-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3636-2972-0x00007FF610760000-0x00007FF610B52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4176-2976-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2732-2974-0x00007FF778590000-0x00007FF778982000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5100-2970-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4912-2968-0x00007FF636860000-0x00007FF636C52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/740-2967-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1356-2963-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1516-2991-0x00007FF716A90000-0x00007FF716E82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1996-2986-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2860-2978-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4536-2984-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/8-0-0x00007FF660FA0000-0x00007FF661392000-memory.dmp	UPX
behavioral2/files/0x00070000000233d3-62.dat	UPX
behavioral2/files/0x00070000000233db-97.dat	UPX
behavioral2/files/0x00070000000233da-93.dat	UPX
behavioral2/files/0x00070000000233e2-111.dat	UPX
behavioral2/files/0x00070000000233cf-82.dat	UPX
behavioral2/files/0x00070000000233d9-75.dat	UPX
behavioral2/files/0x00070000000233cd-73.dat	UPX
behavioral2/files/0x00070000000233e8-150.dat	UPX
behavioral2/memory/1820-293-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp	UPX
behavioral2/memory/4656-356-0x00007FF710090000-0x00007FF710482000-memory.dmp	UPX
behavioral2/memory/1628-438-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp	UPX
behavioral2/memory/1000-482-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp	UPX
behavioral2/memory/4508-547-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp	UPX
behavioral2/memory/2860-551-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp	UPX
behavioral2/memory/3636-557-0x00007FF610760000-0x00007FF610B52000-memory.dmp	UPX
behavioral2/memory/4536-561-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp	UPX
behavioral2/memory/1172-783-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp	UPX
behavioral2/memory/1996-562-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp	UPX
behavioral2/memory/1516-560-0x00007FF716A90000-0x00007FF716E82000-memory.dmp	UPX
behavioral2/memory/4176-559-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp	UPX
behavioral2/memory/2732-558-0x00007FF778590000-0x00007FF778982000-memory.dmp	UPX
behavioral2/memory/4912-556-0x00007FF636860000-0x00007FF636C52000-memory.dmp	UPX
behavioral2/memory/5100-555-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp	UPX
behavioral2/memory/740-554-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp	UPX
behavioral2/memory/1356-553-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp	UPX
behavioral2/memory/2740-552-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp	UPX
behavioral2/memory/2268-481-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	UPX
behavioral2/memory/4544-292-0x00007FF611800000-0x00007FF611BF2000-memory.dmp	UPX
behavioral2/memory/4268-241-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp	UPX
behavioral2/files/0x00070000000233e5-208.dat	UPX
behavioral2/files/0x00070000000233ef-207.dat	UPX
behavioral2/memory/1680-195-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp	UPX
behavioral2/files/0x00070000000233ed-192.dat	UPX
behavioral2/files/0x00070000000233ec-188.dat	UPX
behavioral2/files/0x00070000000233d8-186.dat	UPX
behavioral2/files/0x00070000000233de-179.dat	UPX
behavioral2/files/0x00070000000233d7-175.dat	UPX
behavioral2/files/0x00070000000233d6-169.dat	UPX
behavioral2/files/0x00070000000233d5-163.dat	UPX
behavioral2/files/0x00070000000233dd-160.dat	UPX
behavioral2/files/0x00070000000233dc-158.dat	UPX
behavioral2/files/0x00070000000233eb-157.dat	UPX
behavioral2/files/0x00070000000233d4-155.dat	UPX
behavioral2/files/0x00070000000233ea-154.dat	UPX
behavioral2/files/0x00070000000233e9-151.dat	UPX
behavioral2/files/0x00070000000233e7-140.dat	UPX
behavioral2/files/0x00070000000233e4-139.dat	UPX
behavioral2/files/0x00070000000233ee-201.dat	UPX
behavioral2/files/0x00070000000233df-198.dat	UPX
behavioral2/memory/1796-128-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp	UPX
behavioral2/files/0x00070000000233e6-125.dat	UPX
behavioral2/files/0x00070000000233e3-131.dat	UPX
behavioral2/files/0x00070000000233e1-107.dat	UPX
behavioral2/files/0x00070000000233e0-106.dat	UPX
behavioral2/files/0x00070000000233d0-87.dat	UPX
behavioral2/files/0x00070000000233d2-56.dat	UPX
behavioral2/files/0x00070000000233d1-45.dat	UPX
behavioral2/files/0x00070000000233ce-37.dat	UPX
behavioral2/files/0x00070000000233cc-48.dat	UPX
behavioral2/memory/4608-26-0x00007FF7AF370000-0x00007FF7AF762000-memory.dmp	UPX
behavioral2/files/0x00070000000233cb-23.dat	UPX
behavioral2/files/0x00070000000233ca-16.dat	UPX
behavioral2/files/0x000500000002326f-10.dat	UPX

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/1820-293-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp	xmrig
behavioral2/memory/4656-356-0x00007FF710090000-0x00007FF710482000-memory.dmp	xmrig
behavioral2/memory/1628-438-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp	xmrig
behavioral2/memory/1000-482-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp	xmrig
behavioral2/memory/4508-547-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp	xmrig
behavioral2/memory/2860-551-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp	xmrig
behavioral2/memory/3636-557-0x00007FF610760000-0x00007FF610B52000-memory.dmp	xmrig
behavioral2/memory/4536-561-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp	xmrig
behavioral2/memory/1172-783-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp	xmrig
behavioral2/memory/1996-562-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp	xmrig
behavioral2/memory/1516-560-0x00007FF716A90000-0x00007FF716E82000-memory.dmp	xmrig
behavioral2/memory/4176-559-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp	xmrig
behavioral2/memory/2732-558-0x00007FF778590000-0x00007FF778982000-memory.dmp	xmrig
behavioral2/memory/4912-556-0x00007FF636860000-0x00007FF636C52000-memory.dmp	xmrig
behavioral2/memory/5100-555-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp	xmrig
behavioral2/memory/740-554-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp	xmrig
behavioral2/memory/1356-553-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp	xmrig
behavioral2/memory/2740-552-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp	xmrig
behavioral2/memory/2268-481-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	xmrig
behavioral2/memory/4544-292-0x00007FF611800000-0x00007FF611BF2000-memory.dmp	xmrig
behavioral2/memory/4268-241-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp	xmrig
behavioral2/memory/1680-195-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp	xmrig
behavioral2/memory/1796-128-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp	xmrig
behavioral2/memory/1796-2937-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp	xmrig
behavioral2/memory/4608-2939-0x00007FF7AF370000-0x00007FF7AF762000-memory.dmp	xmrig
behavioral2/memory/4544-2941-0x00007FF611800000-0x00007FF611BF2000-memory.dmp	xmrig
behavioral2/memory/1680-2943-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp	xmrig
behavioral2/memory/4656-2947-0x00007FF710090000-0x00007FF710482000-memory.dmp	xmrig
behavioral2/memory/1172-2946-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp	xmrig
behavioral2/memory/4268-2951-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp	xmrig
behavioral2/memory/1628-2950-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp	xmrig
behavioral2/memory/1820-2955-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp	xmrig
behavioral2/memory/2268-2954-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	xmrig
behavioral2/memory/1000-2957-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp	xmrig
behavioral2/memory/2740-2960-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp	xmrig
behavioral2/memory/4508-2964-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp	xmrig
behavioral2/memory/3636-2972-0x00007FF610760000-0x00007FF610B52000-memory.dmp	xmrig
behavioral2/memory/4176-2976-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp	xmrig
behavioral2/memory/2732-2974-0x00007FF778590000-0x00007FF778982000-memory.dmp	xmrig
behavioral2/memory/5100-2970-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp	xmrig
behavioral2/memory/4912-2968-0x00007FF636860000-0x00007FF636C52000-memory.dmp	xmrig
behavioral2/memory/740-2967-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp	xmrig
behavioral2/memory/1356-2963-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp	xmrig
behavioral2/memory/1516-2991-0x00007FF716A90000-0x00007FF716E82000-memory.dmp	xmrig
behavioral2/memory/1996-2986-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp	xmrig
behavioral2/memory/2860-2978-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp	xmrig
behavioral2/memory/4536-2984-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2816	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4608	GkIaVOK.exe
1796	aiNwBho.exe
1680	BWzidwY.exe
1172	IDNfzgO.exe
4268	kfhWNri.exe
4544	wTuwHCe.exe
1820	czTvcqR.exe
4656	pMvNSIT.exe
1628	sKDIDED.exe
2268	QgbVmqR.exe
1000	SJVyICg.exe
4508	vdnDjHn.exe
2860	daUtfSr.exe
2740	oPlsVzG.exe
1356	vhDRJlv.exe
740	EtSBDma.exe
5100	hQHqgMR.exe
4912	YZAJrZg.exe
3636	TAkOinK.exe
2732	jEnfRcO.exe
4176	Egwvfdu.exe
1516	NcslVKe.exe
4536	hxnWTVO.exe
1996	IBmDJaF.exe
5020	LoXWrQE.exe
3076	sjQiKoK.exe
3592	xwmqBJx.exe
4760	DyAxNlN.exe
3456	DkSlNmf.exe
3004	OLYGPRO.exe
1132	JivIipA.exe
4448	XVIAnxe.exe
4252	EVQLfNe.exe
1936	DqostRq.exe
4968	CZMVNVP.exe
2216	NKdDHoy.exe
3516	QhJGsTq.exe
1856	RhYQrqX.exe
4552	ApOLzrh.exe
896	RjjBHgj.exe
2364	UvsaEPY.exe
4840	xfDMYDs.exe
5112	JYOmqbZ.exe
760	jePnJNS.exe
3356	xZtzVFa.exe
4908	DcEHXfi.exe
4732	dmpbzYl.exe
404	gYlWrNj.exe
2708	DVuwwqq.exe
4616	UyEilFb.exe
1112	kugkzsC.exe
1440	vkLyNxp.exe
2260	gfMPZNq.exe
544	bxFClhD.exe
4396	EOLjNfE.exe
4060	PlQLUZe.exe
2384	ugLyMjt.exe
5052	MmEYnLz.exe
4304	xWbalXl.exe
4292	ipkWdHj.exe
2136	uuNxzuW.exe
1220	wPMkclq.exe
3408	fqtvUBV.exe
1836	sgPWoxu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/8-0-0x00007FF660FA0000-0x00007FF661392000-memory.dmp	upx
behavioral2/files/0x00070000000233d3-62.dat	upx
behavioral2/files/0x00070000000233db-97.dat	upx
behavioral2/files/0x00070000000233da-93.dat	upx
behavioral2/files/0x00070000000233e2-111.dat	upx
behavioral2/files/0x00070000000233cf-82.dat	upx
behavioral2/files/0x00070000000233d9-75.dat	upx
behavioral2/files/0x00070000000233cd-73.dat	upx
behavioral2/files/0x00070000000233e8-150.dat	upx
behavioral2/memory/1820-293-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp	upx
behavioral2/memory/4656-356-0x00007FF710090000-0x00007FF710482000-memory.dmp	upx
behavioral2/memory/1628-438-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp	upx
behavioral2/memory/1000-482-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp	upx
behavioral2/memory/4508-547-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp	upx
behavioral2/memory/2860-551-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp	upx
behavioral2/memory/3636-557-0x00007FF610760000-0x00007FF610B52000-memory.dmp	upx
behavioral2/memory/4536-561-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp	upx
behavioral2/memory/1172-783-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp	upx
behavioral2/memory/1996-562-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp	upx
behavioral2/memory/1516-560-0x00007FF716A90000-0x00007FF716E82000-memory.dmp	upx
behavioral2/memory/4176-559-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp	upx
behavioral2/memory/2732-558-0x00007FF778590000-0x00007FF778982000-memory.dmp	upx
behavioral2/memory/4912-556-0x00007FF636860000-0x00007FF636C52000-memory.dmp	upx
behavioral2/memory/5100-555-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp	upx
behavioral2/memory/740-554-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp	upx
behavioral2/memory/1356-553-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp	upx
behavioral2/memory/2740-552-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp	upx
behavioral2/memory/2268-481-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp	upx
behavioral2/memory/4544-292-0x00007FF611800000-0x00007FF611BF2000-memory.dmp	upx
behavioral2/memory/4268-241-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp	upx
behavioral2/files/0x00070000000233e5-208.dat	upx
behavioral2/files/0x00070000000233ef-207.dat	upx
behavioral2/memory/1680-195-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp	upx
behavioral2/files/0x00070000000233ed-192.dat	upx
behavioral2/files/0x00070000000233ec-188.dat	upx
behavioral2/files/0x00070000000233d8-186.dat	upx
behavioral2/files/0x00070000000233de-179.dat	upx
behavioral2/files/0x00070000000233d7-175.dat	upx
behavioral2/files/0x00070000000233d6-169.dat	upx
behavioral2/files/0x00070000000233d5-163.dat	upx
behavioral2/files/0x00070000000233dd-160.dat	upx
behavioral2/files/0x00070000000233dc-158.dat	upx
behavioral2/files/0x00070000000233eb-157.dat	upx
behavioral2/files/0x00070000000233d4-155.dat	upx
behavioral2/files/0x00070000000233ea-154.dat	upx
behavioral2/files/0x00070000000233e9-151.dat	upx
behavioral2/files/0x00070000000233e7-140.dat	upx
behavioral2/files/0x00070000000233e4-139.dat	upx
behavioral2/files/0x00070000000233ee-201.dat	upx
behavioral2/files/0x00070000000233df-198.dat	upx
behavioral2/memory/1796-128-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp	upx
behavioral2/files/0x00070000000233e6-125.dat	upx
behavioral2/files/0x00070000000233e3-131.dat	upx
behavioral2/files/0x00070000000233e1-107.dat	upx
behavioral2/files/0x00070000000233e0-106.dat	upx
behavioral2/files/0x00070000000233d0-87.dat	upx
behavioral2/files/0x00070000000233d2-56.dat	upx
behavioral2/files/0x00070000000233d1-45.dat	upx
behavioral2/files/0x00070000000233ce-37.dat	upx
behavioral2/files/0x00070000000233cc-48.dat	upx
behavioral2/memory/4608-26-0x00007FF7AF370000-0x00007FF7AF762000-memory.dmp	upx
behavioral2/files/0x00070000000233cb-23.dat	upx
behavioral2/files/0x00070000000233ca-16.dat	upx
behavioral2/files/0x000500000002326f-10.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gBnSiXV.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\SUkgBRq.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\CUxpOUc.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\URiBDBv.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\pJRrGAu.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\zEkbRJd.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\lkHessI.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\lYpzCnv.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\yGGZTPx.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\oHAmVPR.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\NFXfwtJ.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\dSXjBSL.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\LoXWrQE.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\EVQLfNe.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\SCQJtEo.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\rtUCSTj.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\hjOvnSu.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\dJQwhAO.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\tFpcWsy.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\gdZMtEs.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\aoqwKYA.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\mdkKLjr.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\PVggyWr.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\BekhBXX.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\khrZtGX.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\TDfhved.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\TaPWQIX.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\IEZWFql.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\MgxPUng.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\rKnygWe.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\KplPEIi.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\JRQuYwA.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\ofahsBW.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\mPttwKU.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\lRnIGHC.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\vMVTmqM.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\HsJPzJc.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\LAIraxA.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\OCSzOjW.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\JiUkYla.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\ywhovAX.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\fglDYBp.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\hQwtjxL.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\OrLzOqa.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\CHPfvJz.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\JMGpIVo.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\HhPTkQz.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\oVtiQRp.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\dvoWDvS.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\XYOYqSB.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\mOLdIni.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\hmxmkpP.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\bEURTKo.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\CwAMDji.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\KSjktgI.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\nJgVvJr.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\czIpAor.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\aHEptkw.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\BEfgzgB.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\EdUTZGz.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\FlbxYNL.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\NgMcQkZ.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\pdqBodz.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
File created	C:\Windows\System\ZWFodOw.exe	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2816	powershell.exe
2816	powershell.exe
2816	powershell.exe
2816	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
Token: SeDebugPrivilege	2816	powershell.exe
Token: SeLockMemoryPrivilege	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 2816	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	82
PID 8 wrote to memory of 2816	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	82
PID 8 wrote to memory of 4608	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	83
PID 8 wrote to memory of 4608	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	83
PID 8 wrote to memory of 1796	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	84
PID 8 wrote to memory of 1796	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	84
PID 8 wrote to memory of 1680	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	85
PID 8 wrote to memory of 1680	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	85
PID 8 wrote to memory of 1172	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	86
PID 8 wrote to memory of 1172	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	86
PID 8 wrote to memory of 4268	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	87
PID 8 wrote to memory of 4268	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	87
PID 8 wrote to memory of 4544	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	88
PID 8 wrote to memory of 4544	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	88
PID 8 wrote to memory of 2268	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	89
PID 8 wrote to memory of 2268	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	89
PID 8 wrote to memory of 1820	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	90
PID 8 wrote to memory of 1820	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	90
PID 8 wrote to memory of 4656	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	91
PID 8 wrote to memory of 4656	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	91
PID 8 wrote to memory of 1628	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	92
PID 8 wrote to memory of 1628	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	92
PID 8 wrote to memory of 1000	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	93
PID 8 wrote to memory of 1000	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	93
PID 8 wrote to memory of 740	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	94
PID 8 wrote to memory of 740	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	94
PID 8 wrote to memory of 4508	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	95
PID 8 wrote to memory of 4508	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	95
PID 8 wrote to memory of 3636	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	96
PID 8 wrote to memory of 3636	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	96
PID 8 wrote to memory of 2732	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	97
PID 8 wrote to memory of 2732	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	97
PID 8 wrote to memory of 1516	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	98
PID 8 wrote to memory of 1516	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	98
PID 8 wrote to memory of 2860	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	99
PID 8 wrote to memory of 2860	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	99
PID 8 wrote to memory of 2740	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	100
PID 8 wrote to memory of 2740	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	100
PID 8 wrote to memory of 1356	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	101
PID 8 wrote to memory of 1356	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	101
PID 8 wrote to memory of 5100	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	102
PID 8 wrote to memory of 5100	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	102
PID 8 wrote to memory of 4912	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	103
PID 8 wrote to memory of 4912	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	103
PID 8 wrote to memory of 4176	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	104
PID 8 wrote to memory of 4176	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	104
PID 8 wrote to memory of 4536	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	105
PID 8 wrote to memory of 4536	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	105
PID 8 wrote to memory of 1996	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	106
PID 8 wrote to memory of 1996	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	106
PID 8 wrote to memory of 5020	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	107
PID 8 wrote to memory of 5020	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	107
PID 8 wrote to memory of 3076	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	108
PID 8 wrote to memory of 3076	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	108
PID 8 wrote to memory of 3456	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	109
PID 8 wrote to memory of 3456	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	109
PID 8 wrote to memory of 3004	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	110
PID 8 wrote to memory of 3004	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	110
PID 8 wrote to memory of 3592	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	111
PID 8 wrote to memory of 3592	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	111
PID 8 wrote to memory of 4760	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	112
PID 8 wrote to memory of 4760	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	112
PID 8 wrote to memory of 1132	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	113
PID 8 wrote to memory of 1132	8	1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe	113

C:\Users\Admin\AppData\Local\Temp\1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe
"C:\Users\Admin\AppData\Local\Temp\1f918842f93cad82ea0853b4be1925e779f67e42adb042a295c3d31d615c2e4c.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2816
- C:\Windows\System\GkIaVOK.exe
  C:\Windows\System\GkIaVOK.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\aiNwBho.exe
  C:\Windows\System\aiNwBho.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\BWzidwY.exe
  C:\Windows\System\BWzidwY.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\IDNfzgO.exe
  C:\Windows\System\IDNfzgO.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\kfhWNri.exe
  C:\Windows\System\kfhWNri.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\wTuwHCe.exe
  C:\Windows\System\wTuwHCe.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\QgbVmqR.exe
  C:\Windows\System\QgbVmqR.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\czTvcqR.exe
  C:\Windows\System\czTvcqR.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\pMvNSIT.exe
  C:\Windows\System\pMvNSIT.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\sKDIDED.exe
  C:\Windows\System\sKDIDED.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\SJVyICg.exe
  C:\Windows\System\SJVyICg.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\EtSBDma.exe
  C:\Windows\System\EtSBDma.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\vdnDjHn.exe
  C:\Windows\System\vdnDjHn.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\TAkOinK.exe
  C:\Windows\System\TAkOinK.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\jEnfRcO.exe
  C:\Windows\System\jEnfRcO.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\NcslVKe.exe
  C:\Windows\System\NcslVKe.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\daUtfSr.exe
  C:\Windows\System\daUtfSr.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\oPlsVzG.exe
  C:\Windows\System\oPlsVzG.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\vhDRJlv.exe
  C:\Windows\System\vhDRJlv.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\hQHqgMR.exe
  C:\Windows\System\hQHqgMR.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\YZAJrZg.exe
  C:\Windows\System\YZAJrZg.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\Egwvfdu.exe
  C:\Windows\System\Egwvfdu.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\hxnWTVO.exe
  C:\Windows\System\hxnWTVO.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\IBmDJaF.exe
  C:\Windows\System\IBmDJaF.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\LoXWrQE.exe
  C:\Windows\System\LoXWrQE.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\sjQiKoK.exe
  C:\Windows\System\sjQiKoK.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\DkSlNmf.exe
  C:\Windows\System\DkSlNmf.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\OLYGPRO.exe
  C:\Windows\System\OLYGPRO.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\xwmqBJx.exe
  C:\Windows\System\xwmqBJx.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\DyAxNlN.exe
  C:\Windows\System\DyAxNlN.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\JivIipA.exe
  C:\Windows\System\JivIipA.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\XVIAnxe.exe
  C:\Windows\System\XVIAnxe.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\EVQLfNe.exe
  C:\Windows\System\EVQLfNe.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\DqostRq.exe
  C:\Windows\System\DqostRq.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\CZMVNVP.exe
  C:\Windows\System\CZMVNVP.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\NKdDHoy.exe
  C:\Windows\System\NKdDHoy.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\QhJGsTq.exe
  C:\Windows\System\QhJGsTq.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\RhYQrqX.exe
  C:\Windows\System\RhYQrqX.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\ApOLzrh.exe
  C:\Windows\System\ApOLzrh.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\RjjBHgj.exe
  C:\Windows\System\RjjBHgj.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\UvsaEPY.exe
  C:\Windows\System\UvsaEPY.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\xfDMYDs.exe
  C:\Windows\System\xfDMYDs.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\JYOmqbZ.exe
  C:\Windows\System\JYOmqbZ.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\jePnJNS.exe
  C:\Windows\System\jePnJNS.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\xZtzVFa.exe
  C:\Windows\System\xZtzVFa.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\DcEHXfi.exe
  C:\Windows\System\DcEHXfi.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\dmpbzYl.exe
  C:\Windows\System\dmpbzYl.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\gYlWrNj.exe
  C:\Windows\System\gYlWrNj.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\DVuwwqq.exe
  C:\Windows\System\DVuwwqq.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\UyEilFb.exe
  C:\Windows\System\UyEilFb.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\kugkzsC.exe
  C:\Windows\System\kugkzsC.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\vkLyNxp.exe
  C:\Windows\System\vkLyNxp.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\gfMPZNq.exe
  C:\Windows\System\gfMPZNq.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\bxFClhD.exe
  C:\Windows\System\bxFClhD.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\EOLjNfE.exe
  C:\Windows\System\EOLjNfE.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\PlQLUZe.exe
  C:\Windows\System\PlQLUZe.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\ugLyMjt.exe
  C:\Windows\System\ugLyMjt.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\MmEYnLz.exe
  C:\Windows\System\MmEYnLz.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\xWbalXl.exe
  C:\Windows\System\xWbalXl.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\ipkWdHj.exe
  C:\Windows\System\ipkWdHj.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\RwTBNRc.exe
  C:\Windows\System\RwTBNRc.exe
  2⤵
  PID:2120
- C:\Windows\System\uuNxzuW.exe
  C:\Windows\System\uuNxzuW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\wPMkclq.exe
  C:\Windows\System\wPMkclq.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\fqtvUBV.exe
  C:\Windows\System\fqtvUBV.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\sgPWoxu.exe
  C:\Windows\System\sgPWoxu.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\LSztTqo.exe
  C:\Windows\System\LSztTqo.exe
  2⤵
  PID:4412
- C:\Windows\System\GeJuoVF.exe
  C:\Windows\System\GeJuoVF.exe
  2⤵
  PID:4476
- C:\Windows\System\zhzWWNx.exe
  C:\Windows\System\zhzWWNx.exe
  2⤵
  PID:3996
- C:\Windows\System\drzreBp.exe
  C:\Windows\System\drzreBp.exe
  2⤵
  PID:2800
- C:\Windows\System\NiNfBLk.exe
  C:\Windows\System\NiNfBLk.exe
  2⤵
  PID:4520
- C:\Windows\System\UkbiZND.exe
  C:\Windows\System\UkbiZND.exe
  2⤵
  PID:4380
- C:\Windows\System\WCbDmbT.exe
  C:\Windows\System\WCbDmbT.exe
  2⤵
  PID:4868
- C:\Windows\System\tJcAhWG.exe
  C:\Windows\System\tJcAhWG.exe
  2⤵
  PID:1388
- C:\Windows\System\lpoYouS.exe
  C:\Windows\System\lpoYouS.exe
  2⤵
  PID:3180
- C:\Windows\System\NITIjmS.exe
  C:\Windows\System\NITIjmS.exe
  2⤵
  PID:4212
- C:\Windows\System\PdtIgZm.exe
  C:\Windows\System\PdtIgZm.exe
  2⤵
  PID:1700
- C:\Windows\System\xPVVjPm.exe
  C:\Windows\System\xPVVjPm.exe
  2⤵
  PID:2736
- C:\Windows\System\pIMjIeC.exe
  C:\Windows\System\pIMjIeC.exe
  2⤵
  PID:972
- C:\Windows\System\ntgquLe.exe
  C:\Windows\System\ntgquLe.exe
  2⤵
  PID:4276
- C:\Windows\System\yfKFRRO.exe
  C:\Windows\System\yfKFRRO.exe
  2⤵
  PID:1020
- C:\Windows\System\lSaFlgT.exe
  C:\Windows\System\lSaFlgT.exe
  2⤵
  PID:4400
- C:\Windows\System\kdAkGRL.exe
  C:\Windows\System\kdAkGRL.exe
  2⤵
  PID:1268
- C:\Windows\System\CyPOuML.exe
  C:\Windows\System\CyPOuML.exe
  2⤵
  PID:2000
- C:\Windows\System\UVoDRxL.exe
  C:\Windows\System\UVoDRxL.exe
  2⤵
  PID:3948
- C:\Windows\System\AHygXvH.exe
  C:\Windows\System\AHygXvH.exe
  2⤵
  PID:5008
- C:\Windows\System\MLSKMBx.exe
  C:\Windows\System\MLSKMBx.exe
  2⤵
  PID:3412
- C:\Windows\System\BnIByfi.exe
  C:\Windows\System\BnIByfi.exe
  2⤵
  PID:2896
- C:\Windows\System\MnmpbsP.exe
  C:\Windows\System\MnmpbsP.exe
  2⤵
  PID:3616
- C:\Windows\System\ijqvyOJ.exe
  C:\Windows\System\ijqvyOJ.exe
  2⤵
  PID:4816
- C:\Windows\System\SleeHgz.exe
  C:\Windows\System\SleeHgz.exe
  2⤵
  PID:2064
- C:\Windows\System\LypjVVv.exe
  C:\Windows\System\LypjVVv.exe
  2⤵
  PID:5132
- C:\Windows\System\UcsKljM.exe
  C:\Windows\System\UcsKljM.exe
  2⤵
  PID:5160
- C:\Windows\System\eQVvxGc.exe
  C:\Windows\System\eQVvxGc.exe
  2⤵
  PID:5176
- C:\Windows\System\tcxMCIn.exe
  C:\Windows\System\tcxMCIn.exe
  2⤵
  PID:5196
- C:\Windows\System\oDjzLLQ.exe
  C:\Windows\System\oDjzLLQ.exe
  2⤵
  PID:5224
- C:\Windows\System\bTiLeZz.exe
  C:\Windows\System\bTiLeZz.exe
  2⤵
  PID:5244
- C:\Windows\System\xPAlXnh.exe
  C:\Windows\System\xPAlXnh.exe
  2⤵
  PID:5260
- C:\Windows\System\hQBdEbG.exe
  C:\Windows\System\hQBdEbG.exe
  2⤵
  PID:5284
- C:\Windows\System\kwpERlk.exe
  C:\Windows\System\kwpERlk.exe
  2⤵
  PID:5308
- C:\Windows\System\PndFXoM.exe
  C:\Windows\System\PndFXoM.exe
  2⤵
  PID:5324
- C:\Windows\System\cuMIxeb.exe
  C:\Windows\System\cuMIxeb.exe
  2⤵
  PID:5352
- C:\Windows\System\uHBJqex.exe
  C:\Windows\System\uHBJqex.exe
  2⤵
  PID:5380
- C:\Windows\System\pCakozk.exe
  C:\Windows\System\pCakozk.exe
  2⤵
  PID:5404
- C:\Windows\System\mZJEiZE.exe
  C:\Windows\System\mZJEiZE.exe
  2⤵
  PID:5424
- C:\Windows\System\JwhbNDs.exe
  C:\Windows\System\JwhbNDs.exe
  2⤵
  PID:5448
- C:\Windows\System\RuVujbl.exe
  C:\Windows\System\RuVujbl.exe
  2⤵
  PID:5468
- C:\Windows\System\fglDYBp.exe
  C:\Windows\System\fglDYBp.exe
  2⤵
  PID:5492
- C:\Windows\System\nlNnIlP.exe
  C:\Windows\System\nlNnIlP.exe
  2⤵
  PID:5508
- C:\Windows\System\sWetjpl.exe
  C:\Windows\System\sWetjpl.exe
  2⤵
  PID:5532
- C:\Windows\System\jstMXXL.exe
  C:\Windows\System\jstMXXL.exe
  2⤵
  PID:5560
- C:\Windows\System\hkrdhbg.exe
  C:\Windows\System\hkrdhbg.exe
  2⤵
  PID:5580
- C:\Windows\System\gNcoCWS.exe
  C:\Windows\System\gNcoCWS.exe
  2⤵
  PID:5600
- C:\Windows\System\PXzvKrC.exe
  C:\Windows\System\PXzvKrC.exe
  2⤵
  PID:5628
- C:\Windows\System\wgdVIgt.exe
  C:\Windows\System\wgdVIgt.exe
  2⤵
  PID:5656
- C:\Windows\System\HZfEpLu.exe
  C:\Windows\System\HZfEpLu.exe
  2⤵
  PID:5684
- C:\Windows\System\iCdCKBq.exe
  C:\Windows\System\iCdCKBq.exe
  2⤵
  PID:5704
- C:\Windows\System\GRrbEZO.exe
  C:\Windows\System\GRrbEZO.exe
  2⤵
  PID:5724
- C:\Windows\System\yztbzQo.exe
  C:\Windows\System\yztbzQo.exe
  2⤵
  PID:5760
- C:\Windows\System\tsAqHyB.exe
  C:\Windows\System\tsAqHyB.exe
  2⤵
  PID:5788
- C:\Windows\System\sqwdHvV.exe
  C:\Windows\System\sqwdHvV.exe
  2⤵
  PID:5804
- C:\Windows\System\LzivSOf.exe
  C:\Windows\System\LzivSOf.exe
  2⤵
  PID:5832
- C:\Windows\System\FlbxYNL.exe
  C:\Windows\System\FlbxYNL.exe
  2⤵
  PID:5852
- C:\Windows\System\jZEOYfe.exe
  C:\Windows\System\jZEOYfe.exe
  2⤵
  PID:5888
- C:\Windows\System\pWHmsKF.exe
  C:\Windows\System\pWHmsKF.exe
  2⤵
  PID:5908
- C:\Windows\System\DnoJKFH.exe
  C:\Windows\System\DnoJKFH.exe
  2⤵
  PID:5928
- C:\Windows\System\NvDQrid.exe
  C:\Windows\System\NvDQrid.exe
  2⤵
  PID:5956
- C:\Windows\System\tOSVhTN.exe
  C:\Windows\System\tOSVhTN.exe
  2⤵
  PID:5976
- C:\Windows\System\EsQfGjX.exe
  C:\Windows\System\EsQfGjX.exe
  2⤵
  PID:6000
- C:\Windows\System\sAxTnLM.exe
  C:\Windows\System\sAxTnLM.exe
  2⤵
  PID:6016
- C:\Windows\System\lkHessI.exe
  C:\Windows\System\lkHessI.exe
  2⤵
  PID:6040
- C:\Windows\System\gIgtpai.exe
  C:\Windows\System\gIgtpai.exe
  2⤵
  PID:6056
- C:\Windows\System\tfSDegG.exe
  C:\Windows\System\tfSDegG.exe
  2⤵
  PID:1328
- C:\Windows\System\XNAChaP.exe
  C:\Windows\System\XNAChaP.exe
  2⤵
  PID:116
- C:\Windows\System\NesGEGx.exe
  C:\Windows\System\NesGEGx.exe
  2⤵
  PID:2340
- C:\Windows\System\zSyElSL.exe
  C:\Windows\System\zSyElSL.exe
  2⤵
  PID:2940
- C:\Windows\System\QwdarlY.exe
  C:\Windows\System\QwdarlY.exe
  2⤵
  PID:2680
- C:\Windows\System\ffGVdvb.exe
  C:\Windows\System\ffGVdvb.exe
  2⤵
  PID:2760
- C:\Windows\System\naLDrgC.exe
  C:\Windows\System\naLDrgC.exe
  2⤵
  PID:880
- C:\Windows\System\JxCGQTv.exe
  C:\Windows\System\JxCGQTv.exe
  2⤵
  PID:5080
- C:\Windows\System\gwwwyeT.exe
  C:\Windows\System\gwwwyeT.exe
  2⤵
  PID:3536
- C:\Windows\System\ouBLqfQ.exe
  C:\Windows\System\ouBLqfQ.exe
  2⤵
  PID:5364
- C:\Windows\System\mABuCHx.exe
  C:\Windows\System\mABuCHx.exe
  2⤵
  PID:5476
- C:\Windows\System\OFEetlv.exe
  C:\Windows\System\OFEetlv.exe
  2⤵
  PID:5616
- C:\Windows\System\oVShIoq.exe
  C:\Windows\System\oVShIoq.exe
  2⤵
  PID:4660
- C:\Windows\System\USJmEIp.exe
  C:\Windows\System\USJmEIp.exe
  2⤵
  PID:4892
- C:\Windows\System\ZGkDeYQ.exe
  C:\Windows\System\ZGkDeYQ.exe
  2⤵
  PID:1924
- C:\Windows\System\RVsCpUe.exe
  C:\Windows\System\RVsCpUe.exe
  2⤵
  PID:912
- C:\Windows\System\XFwSTQW.exe
  C:\Windows\System\XFwSTQW.exe
  2⤵
  PID:3156
- C:\Windows\System\IiZhlUm.exe
  C:\Windows\System\IiZhlUm.exe
  2⤵
  PID:3512
- C:\Windows\System\bXtlWfh.exe
  C:\Windows\System\bXtlWfh.exe
  2⤵
  PID:1180
- C:\Windows\System\rxooSoo.exe
  C:\Windows\System\rxooSoo.exe
  2⤵
  PID:2812
- C:\Windows\System\xnYvzGm.exe
  C:\Windows\System\xnYvzGm.exe
  2⤵
  PID:3088
- C:\Windows\System\UVQVKGD.exe
  C:\Windows\System\UVQVKGD.exe
  2⤵
  PID:1340
- C:\Windows\System\EySJHMB.exe
  C:\Windows\System\EySJHMB.exe
  2⤵
  PID:1684
- C:\Windows\System\nfuxjbO.exe
  C:\Windows\System\nfuxjbO.exe
  2⤵
  PID:6160
- C:\Windows\System\tQjbvEv.exe
  C:\Windows\System\tQjbvEv.exe
  2⤵
  PID:6200
- C:\Windows\System\oOZnnHU.exe
  C:\Windows\System\oOZnnHU.exe
  2⤵
  PID:6216
- C:\Windows\System\GpyDpwG.exe
  C:\Windows\System\GpyDpwG.exe
  2⤵
  PID:6240
- C:\Windows\System\NoQPMcR.exe
  C:\Windows\System\NoQPMcR.exe
  2⤵
  PID:6260
- C:\Windows\System\jqdAfsr.exe
  C:\Windows\System\jqdAfsr.exe
  2⤵
  PID:6284
- C:\Windows\System\tFpcWsy.exe
  C:\Windows\System\tFpcWsy.exe
  2⤵
  PID:6300
- C:\Windows\System\jJkhKJK.exe
  C:\Windows\System\jJkhKJK.exe
  2⤵
  PID:6324
- C:\Windows\System\qiGzgyk.exe
  C:\Windows\System\qiGzgyk.exe
  2⤵
  PID:6340
- C:\Windows\System\gDJMQCQ.exe
  C:\Windows\System\gDJMQCQ.exe
  2⤵
  PID:6356
- C:\Windows\System\QhlpAhv.exe
  C:\Windows\System\QhlpAhv.exe
  2⤵
  PID:6372
- C:\Windows\System\ZIlLJAY.exe
  C:\Windows\System\ZIlLJAY.exe
  2⤵
  PID:6396
- C:\Windows\System\hXpHbxx.exe
  C:\Windows\System\hXpHbxx.exe
  2⤵
  PID:6412
- C:\Windows\System\duybgmd.exe
  C:\Windows\System\duybgmd.exe
  2⤵
  PID:6436
- C:\Windows\System\USSEMty.exe
  C:\Windows\System\USSEMty.exe
  2⤵
  PID:6452
- C:\Windows\System\lYpzCnv.exe
  C:\Windows\System\lYpzCnv.exe
  2⤵
  PID:6480
- C:\Windows\System\JmmuBHg.exe
  C:\Windows\System\JmmuBHg.exe
  2⤵
  PID:6516
- C:\Windows\System\epQHxkR.exe
  C:\Windows\System\epQHxkR.exe
  2⤵
  PID:6540
- C:\Windows\System\zxEmnRj.exe
  C:\Windows\System\zxEmnRj.exe
  2⤵
  PID:6560
- C:\Windows\System\dQFsAhK.exe
  C:\Windows\System\dQFsAhK.exe
  2⤵
  PID:6580
- C:\Windows\System\PDxIsrI.exe
  C:\Windows\System\PDxIsrI.exe
  2⤵
  PID:6600
- C:\Windows\System\owNFFro.exe
  C:\Windows\System\owNFFro.exe
  2⤵
  PID:6628
- C:\Windows\System\FVnHmST.exe
  C:\Windows\System\FVnHmST.exe
  2⤵
  PID:6656
- C:\Windows\System\mzQklju.exe
  C:\Windows\System\mzQklju.exe
  2⤵
  PID:6672
- C:\Windows\System\zQXXNvF.exe
  C:\Windows\System\zQXXNvF.exe
  2⤵
  PID:6700
- C:\Windows\System\nVDLHfo.exe
  C:\Windows\System\nVDLHfo.exe
  2⤵
  PID:6720
- C:\Windows\System\NuYmmsb.exe
  C:\Windows\System\NuYmmsb.exe
  2⤵
  PID:6740
- C:\Windows\System\soihdFM.exe
  C:\Windows\System\soihdFM.exe
  2⤵
  PID:7024
- C:\Windows\System\UKwCxgL.exe
  C:\Windows\System\UKwCxgL.exe
  2⤵
  PID:7048
- C:\Windows\System\lJAvFaH.exe
  C:\Windows\System\lJAvFaH.exe
  2⤵
  PID:7068
- C:\Windows\System\uSsqsfh.exe
  C:\Windows\System\uSsqsfh.exe
  2⤵
  PID:7084
- C:\Windows\System\dvoWDvS.exe
  C:\Windows\System\dvoWDvS.exe
  2⤵
  PID:5044
- C:\Windows\System\FTWNZwr.exe
  C:\Windows\System\FTWNZwr.exe
  2⤵
  PID:2664
- C:\Windows\System\UjfUNoF.exe
  C:\Windows\System\UjfUNoF.exe
  2⤵
  PID:5692
- C:\Windows\System\qUrJdza.exe
  C:\Windows\System\qUrJdza.exe
  2⤵
  PID:5732
- C:\Windows\System\vtAxgkt.exe
  C:\Windows\System\vtAxgkt.exe
  2⤵
  PID:5768
- C:\Windows\System\atQsCGZ.exe
  C:\Windows\System\atQsCGZ.exe
  2⤵
  PID:5828
- C:\Windows\System\DAEqHAN.exe
  C:\Windows\System\DAEqHAN.exe
  2⤵
  PID:5876
- C:\Windows\System\HwXxYuT.exe
  C:\Windows\System\HwXxYuT.exe
  2⤵
  PID:5936
- C:\Windows\System\bEURTKo.exe
  C:\Windows\System\bEURTKo.exe
  2⤵
  PID:5984
- C:\Windows\System\btFXxae.exe
  C:\Windows\System\btFXxae.exe
  2⤵
  PID:6012
- C:\Windows\System\lKkMXZZ.exe
  C:\Windows\System\lKkMXZZ.exe
  2⤵
  PID:6052
- C:\Windows\System\CNVFozO.exe
  C:\Windows\System\CNVFozO.exe
  2⤵
  PID:6108
- C:\Windows\System\zKKXoLS.exe
  C:\Windows\System\zKKXoLS.exe
  2⤵
  PID:1732
- C:\Windows\System\crxoOld.exe
  C:\Windows\System\crxoOld.exe
  2⤵
  PID:2292
- C:\Windows\System\mTgouqJ.exe
  C:\Windows\System\mTgouqJ.exe
  2⤵
  PID:440
- C:\Windows\System\cRbTOpl.exe
  C:\Windows\System\cRbTOpl.exe
  2⤵
  PID:1864
- C:\Windows\System\iVPKpWx.exe
  C:\Windows\System\iVPKpWx.exe
  2⤵
  PID:6152
- C:\Windows\System\qcrbsjA.exe
  C:\Windows\System\qcrbsjA.exe
  2⤵
  PID:6712
- C:\Windows\System\MEGhBqm.exe
  C:\Windows\System\MEGhBqm.exe
  2⤵
  PID:6664
- C:\Windows\System\IMDzzXy.exe
  C:\Windows\System\IMDzzXy.exe
  2⤵
  PID:6592
- C:\Windows\System\KhxtpuQ.exe
  C:\Windows\System\KhxtpuQ.exe
  2⤵
  PID:6548
- C:\Windows\System\vyrXPRy.exe
  C:\Windows\System\vyrXPRy.exe
  2⤵
  PID:6508
- C:\Windows\System\vFQsZfW.exe
  C:\Windows\System\vFQsZfW.exe
  2⤵
  PID:6432
- C:\Windows\System\leXMfvV.exe
  C:\Windows\System\leXMfvV.exe
  2⤵
  PID:6404
- C:\Windows\System\HgyptrN.exe
  C:\Windows\System\HgyptrN.exe
  2⤵
  PID:6368
- C:\Windows\System\QSopOsq.exe
  C:\Windows\System\QSopOsq.exe
  2⤵
  PID:6320
- C:\Windows\System\oWICJGL.exe
  C:\Windows\System\oWICJGL.exe
  2⤵
  PID:6256
- C:\Windows\System\ZgrdSZY.exe
  C:\Windows\System\ZgrdSZY.exe
  2⤵
  PID:6212
- C:\Windows\System\wnvCxGg.exe
  C:\Windows\System\wnvCxGg.exe
  2⤵
  PID:1252
- C:\Windows\System\oPgJzCb.exe
  C:\Windows\System\oPgJzCb.exe
  2⤵
  PID:3044
- C:\Windows\System\bhMoepo.exe
  C:\Windows\System\bhMoepo.exe
  2⤵
  PID:6736
- C:\Windows\System\YEJNDsL.exe
  C:\Windows\System\YEJNDsL.exe
  2⤵
  PID:1416
- C:\Windows\System\bUIMhNe.exe
  C:\Windows\System\bUIMhNe.exe
  2⤵
  PID:7172
- C:\Windows\System\nFptnhJ.exe
  C:\Windows\System\nFptnhJ.exe
  2⤵
  PID:7188
- C:\Windows\System\llWhCjX.exe
  C:\Windows\System\llWhCjX.exe
  2⤵
  PID:7276
- C:\Windows\System\TaPWQIX.exe
  C:\Windows\System\TaPWQIX.exe
  2⤵
  PID:7300
- C:\Windows\System\RznMkDn.exe
  C:\Windows\System\RznMkDn.exe
  2⤵
  PID:7328
- C:\Windows\System\ZhndGOw.exe
  C:\Windows\System\ZhndGOw.exe
  2⤵
  PID:7352
- C:\Windows\System\Avicjja.exe
  C:\Windows\System\Avicjja.exe
  2⤵
  PID:7368
- C:\Windows\System\DTlZHLU.exe
  C:\Windows\System\DTlZHLU.exe
  2⤵
  PID:7396
- C:\Windows\System\CwAMDji.exe
  C:\Windows\System\CwAMDji.exe
  2⤵
  PID:7416
- C:\Windows\System\FiOpZrE.exe
  C:\Windows\System\FiOpZrE.exe
  2⤵
  PID:7440
- C:\Windows\System\MYtUtWJ.exe
  C:\Windows\System\MYtUtWJ.exe
  2⤵
  PID:7456
- C:\Windows\System\FqcWlQz.exe
  C:\Windows\System\FqcWlQz.exe
  2⤵
  PID:7480
- C:\Windows\System\bGyyNws.exe
  C:\Windows\System\bGyyNws.exe
  2⤵
  PID:7508
- C:\Windows\System\LAIraxA.exe
  C:\Windows\System\LAIraxA.exe
  2⤵
  PID:7528
- C:\Windows\System\IcMglsG.exe
  C:\Windows\System\IcMglsG.exe
  2⤵
  PID:7544
- C:\Windows\System\mcfDjkl.exe
  C:\Windows\System\mcfDjkl.exe
  2⤵
  PID:7564
- C:\Windows\System\WpmLbLv.exe
  C:\Windows\System\WpmLbLv.exe
  2⤵
  PID:7592
- C:\Windows\System\sKgckGv.exe
  C:\Windows\System\sKgckGv.exe
  2⤵
  PID:7608
- C:\Windows\System\XdWQqAN.exe
  C:\Windows\System\XdWQqAN.exe
  2⤵
  PID:7632
- C:\Windows\System\jpomKFl.exe
  C:\Windows\System\jpomKFl.exe
  2⤵
  PID:7656
- C:\Windows\System\GtZAJOD.exe
  C:\Windows\System\GtZAJOD.exe
  2⤵
  PID:7680
- C:\Windows\System\TeTXTyF.exe
  C:\Windows\System\TeTXTyF.exe
  2⤵
  PID:7704
- C:\Windows\System\xJrppAV.exe
  C:\Windows\System\xJrppAV.exe
  2⤵
  PID:7728
- C:\Windows\System\KAToVbx.exe
  C:\Windows\System\KAToVbx.exe
  2⤵
  PID:7748
- C:\Windows\System\wFlmWOK.exe
  C:\Windows\System\wFlmWOK.exe
  2⤵
  PID:7776
- C:\Windows\System\fItqsTM.exe
  C:\Windows\System\fItqsTM.exe
  2⤵
  PID:7800
- C:\Windows\System\gLBumQg.exe
  C:\Windows\System\gLBumQg.exe
  2⤵
  PID:7828
- C:\Windows\System\IZiYarr.exe
  C:\Windows\System\IZiYarr.exe
  2⤵
  PID:7844
- C:\Windows\System\YmGxEUN.exe
  C:\Windows\System\YmGxEUN.exe
  2⤵
  PID:7868
- C:\Windows\System\KoYvYnX.exe
  C:\Windows\System\KoYvYnX.exe
  2⤵
  PID:7884
- C:\Windows\System\jSPvRcI.exe
  C:\Windows\System\jSPvRcI.exe
  2⤵
  PID:7904
- C:\Windows\System\IBlubGy.exe
  C:\Windows\System\IBlubGy.exe
  2⤵
  PID:7928
- C:\Windows\System\SqbetpM.exe
  C:\Windows\System\SqbetpM.exe
  2⤵
  PID:7944
- C:\Windows\System\EiJgtwQ.exe
  C:\Windows\System\EiJgtwQ.exe
  2⤵
  PID:7960
- C:\Windows\System\NTyayIm.exe
  C:\Windows\System\NTyayIm.exe
  2⤵
  PID:7980
- C:\Windows\System\NgMcQkZ.exe
  C:\Windows\System\NgMcQkZ.exe
  2⤵
  PID:8000
- C:\Windows\System\EylqJnX.exe
  C:\Windows\System\EylqJnX.exe
  2⤵
  PID:8016
- C:\Windows\System\VkxIlMP.exe
  C:\Windows\System\VkxIlMP.exe
  2⤵
  PID:8036
- C:\Windows\System\KfqwqJW.exe
  C:\Windows\System\KfqwqJW.exe
  2⤵
  PID:8056
- C:\Windows\System\gdZMtEs.exe
  C:\Windows\System\gdZMtEs.exe
  2⤵
  PID:8080
- C:\Windows\System\KSjktgI.exe
  C:\Windows\System\KSjktgI.exe
  2⤵
  PID:8100
- C:\Windows\System\asHscbG.exe
  C:\Windows\System\asHscbG.exe
  2⤵
  PID:8136
- C:\Windows\System\wAdfBEd.exe
  C:\Windows\System\wAdfBEd.exe
  2⤵
  PID:8152
- C:\Windows\System\WfJvRRo.exe
  C:\Windows\System\WfJvRRo.exe
  2⤵
  PID:8168
- C:\Windows\System\RisNgDm.exe
  C:\Windows\System\RisNgDm.exe
  2⤵
  PID:8184
- C:\Windows\System\oswkvKF.exe
  C:\Windows\System\oswkvKF.exe
  2⤵
  PID:5700
- C:\Windows\System\yJRZMoZ.exe
  C:\Windows\System\yJRZMoZ.exe
  2⤵
  PID:5756
- C:\Windows\System\TjvGbOt.exe
  C:\Windows\System\TjvGbOt.exe
  2⤵
  PID:5844
- C:\Windows\System\GuloxRr.exe
  C:\Windows\System\GuloxRr.exe
  2⤵
  PID:5968
- C:\Windows\System\PVCXbgV.exe
  C:\Windows\System\PVCXbgV.exe
  2⤵
  PID:6076
- C:\Windows\System\vQYXAXj.exe
  C:\Windows\System\vQYXAXj.exe
  2⤵
  PID:1992
- C:\Windows\System\wIiSbDs.exe
  C:\Windows\System\wIiSbDs.exe
  2⤵
  PID:1028
- C:\Windows\System\UZYqwky.exe
  C:\Windows\System\UZYqwky.exe
  2⤵
  PID:6728
- C:\Windows\System\TzHNbXe.exe
  C:\Windows\System\TzHNbXe.exe
  2⤵
  PID:6524
- C:\Windows\System\OTbqtfx.exe
  C:\Windows\System\OTbqtfx.exe
  2⤵
  PID:6292
- C:\Windows\System\ZmwojrL.exe
  C:\Windows\System\ZmwojrL.exe
  2⤵
  PID:5276
- C:\Windows\System\ZdBiLax.exe
  C:\Windows\System\ZdBiLax.exe
  2⤵
  PID:7196
- C:\Windows\System\VhwDmgR.exe
  C:\Windows\System\VhwDmgR.exe
  2⤵
  PID:6932
- C:\Windows\System\bWbLTRu.exe
  C:\Windows\System\bWbLTRu.exe
  2⤵
  PID:6976
- C:\Windows\System\ukiZqne.exe
  C:\Windows\System\ukiZqne.exe
  2⤵
  PID:7016
- C:\Windows\System\wfBQQcn.exe
  C:\Windows\System\wfBQQcn.exe
  2⤵
  PID:7076
- C:\Windows\System\fpUqMPc.exe
  C:\Windows\System\fpUqMPc.exe
  2⤵
  PID:7148
- C:\Windows\System\OtZUcsx.exe
  C:\Windows\System\OtZUcsx.exe
  2⤵
  PID:7336
- C:\Windows\System\YTDdENQ.exe
  C:\Windows\System\YTDdENQ.exe
  2⤵
  PID:5904
- C:\Windows\System\PZfZyde.exe
  C:\Windows\System\PZfZyde.exe
  2⤵
  PID:7432
- C:\Windows\System\tClVLQc.exe
  C:\Windows\System\tClVLQc.exe
  2⤵
  PID:7476
- C:\Windows\System\DOdgdEV.exe
  C:\Windows\System\DOdgdEV.exe
  2⤵
  PID:6596
- C:\Windows\System\mBWVkqd.exe
  C:\Windows\System\mBWVkqd.exe
  2⤵
  PID:7644
- C:\Windows\System\zIsGLUm.exe
  C:\Windows\System\zIsGLUm.exe
  2⤵
  PID:7736
- C:\Windows\System\bKuvRDR.exe
  C:\Windows\System\bKuvRDR.exe
  2⤵
  PID:7772
- C:\Windows\System\FXdwCml.exe
  C:\Windows\System\FXdwCml.exe
  2⤵
  PID:6332
- C:\Windows\System\ktwXcsY.exe
  C:\Windows\System\ktwXcsY.exe
  2⤵
  PID:7856
- C:\Windows\System\heOeqRB.exe
  C:\Windows\System\heOeqRB.exe
  2⤵
  PID:7924
- C:\Windows\System\lDXNJYc.exe
  C:\Windows\System\lDXNJYc.exe
  2⤵
  PID:8096
- C:\Windows\System\eMhtPQY.exe
  C:\Windows\System\eMhtPQY.exe
  2⤵
  PID:8212
- C:\Windows\System\nZwBSEL.exe
  C:\Windows\System\nZwBSEL.exe
  2⤵
  PID:8232
- C:\Windows\System\oEFrhvb.exe
  C:\Windows\System\oEFrhvb.exe
  2⤵
  PID:8252
- C:\Windows\System\gWOIhfs.exe
  C:\Windows\System\gWOIhfs.exe
  2⤵
  PID:8272
- C:\Windows\System\XlrBsWv.exe
  C:\Windows\System\XlrBsWv.exe
  2⤵
  PID:8288
- C:\Windows\System\vKTmOem.exe
  C:\Windows\System\vKTmOem.exe
  2⤵
  PID:8332
- C:\Windows\System\EPFHrTE.exe
  C:\Windows\System\EPFHrTE.exe
  2⤵
  PID:8356
- C:\Windows\System\LlreOtG.exe
  C:\Windows\System\LlreOtG.exe
  2⤵
  PID:8376
- C:\Windows\System\XFXbLzr.exe
  C:\Windows\System\XFXbLzr.exe
  2⤵
  PID:8400
- C:\Windows\System\owSFLtW.exe
  C:\Windows\System\owSFLtW.exe
  2⤵
  PID:8420
- C:\Windows\System\NqkxaoV.exe
  C:\Windows\System\NqkxaoV.exe
  2⤵
  PID:8440
- C:\Windows\System\SdgInAE.exe
  C:\Windows\System\SdgInAE.exe
  2⤵
  PID:8464
- C:\Windows\System\aIDBlyC.exe
  C:\Windows\System\aIDBlyC.exe
  2⤵
  PID:8484
- C:\Windows\System\dKvGqKa.exe
  C:\Windows\System\dKvGqKa.exe
  2⤵
  PID:8504
- C:\Windows\System\KVTPMlu.exe
  C:\Windows\System\KVTPMlu.exe
  2⤵
  PID:8524
- C:\Windows\System\jetMlHn.exe
  C:\Windows\System\jetMlHn.exe
  2⤵
  PID:8548
- C:\Windows\System\XKGxlLi.exe
  C:\Windows\System\XKGxlLi.exe
  2⤵
  PID:8568
- C:\Windows\System\kqORJDb.exe
  C:\Windows\System\kqORJDb.exe
  2⤵
  PID:8588
- C:\Windows\System\wQNBQpM.exe
  C:\Windows\System\wQNBQpM.exe
  2⤵
  PID:8788
- C:\Windows\System\HGTeklJ.exe
  C:\Windows\System\HGTeklJ.exe
  2⤵
  PID:8808
- C:\Windows\System\CtHScnS.exe
  C:\Windows\System\CtHScnS.exe
  2⤵
  PID:8836
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 8836 -s 240
    3⤵
    PID:9664
- C:\Windows\System\cMmLPwI.exe
  C:\Windows\System\cMmLPwI.exe
  2⤵
  PID:8864
- C:\Windows\System\sIHpBIT.exe
  C:\Windows\System\sIHpBIT.exe
  2⤵
  PID:8884
- C:\Windows\System\QAeBQZI.exe
  C:\Windows\System\QAeBQZI.exe
  2⤵
  PID:8904
- C:\Windows\System\AQMWkvJ.exe
  C:\Windows\System\AQMWkvJ.exe
  2⤵
  PID:8928
- C:\Windows\System\YJaJpdD.exe
  C:\Windows\System\YJaJpdD.exe
  2⤵
  PID:8952
- C:\Windows\System\PchdzRL.exe
  C:\Windows\System\PchdzRL.exe
  2⤵
  PID:8972
- C:\Windows\System\jvGOgzH.exe
  C:\Windows\System\jvGOgzH.exe
  2⤵
  PID:8992
- C:\Windows\System\tMlNEnD.exe
  C:\Windows\System\tMlNEnD.exe
  2⤵
  PID:9012
- C:\Windows\System\wpGlyQn.exe
  C:\Windows\System\wpGlyQn.exe
  2⤵
  PID:9040
- C:\Windows\System\yjctVqr.exe
  C:\Windows\System\yjctVqr.exe
  2⤵
  PID:9064
- C:\Windows\System\mdDlBgO.exe
  C:\Windows\System\mdDlBgO.exe
  2⤵
  PID:9080
- C:\Windows\System\CHPfvJz.exe
  C:\Windows\System\CHPfvJz.exe
  2⤵
  PID:9104
- C:\Windows\System\mUqIweh.exe
  C:\Windows\System\mUqIweh.exe
  2⤵
  PID:9128
- C:\Windows\System\ISJMoAT.exe
  C:\Windows\System\ISJMoAT.exe
  2⤵
  PID:9152
- C:\Windows\System\iZiuQJy.exe
  C:\Windows\System\iZiuQJy.exe
  2⤵
  PID:9176
- C:\Windows\System\mQPBBtm.exe
  C:\Windows\System\mQPBBtm.exe
  2⤵
  PID:9192
- C:\Windows\System\NRzuNxD.exe
  C:\Windows\System\NRzuNxD.exe
  2⤵
  PID:9208
- C:\Windows\System\SqEgkbt.exe
  C:\Windows\System\SqEgkbt.exe
  2⤵
  PID:7248
- C:\Windows\System\BpDKEtp.exe
  C:\Windows\System\BpDKEtp.exe
  2⤵
  PID:1064
- C:\Windows\System\sMJaoXd.exe
  C:\Windows\System\sMJaoXd.exe
  2⤵
  PID:6228
- C:\Windows\System\hSmtqMt.exe
  C:\Windows\System\hSmtqMt.exe
  2⤵
  PID:7180
- C:\Windows\System\ZWTIgnR.exe
  C:\Windows\System\ZWTIgnR.exe
  2⤵
  PID:7516
- C:\Windows\System\BESZXzQ.exe
  C:\Windows\System\BESZXzQ.exe
  2⤵
  PID:7472
- C:\Windows\System\mDovUKU.exe
  C:\Windows\System\mDovUKU.exe
  2⤵
  PID:7060
- C:\Windows\System\ofahsBW.exe
  C:\Windows\System\ofahsBW.exe
  2⤵
  PID:6380
- C:\Windows\System\MkWPLCx.exe
  C:\Windows\System\MkWPLCx.exe
  2⤵
  PID:2372
- C:\Windows\System\yOvwNAX.exe
  C:\Windows\System\yOvwNAX.exe
  2⤵
  PID:7104
- C:\Windows\System\izTpCPu.exe
  C:\Windows\System\izTpCPu.exe
  2⤵
  PID:8228
- C:\Windows\System\VqyUkkE.exe
  C:\Windows\System\VqyUkkE.exe
  2⤵
  PID:7296
- C:\Windows\System\DvSAIQV.exe
  C:\Windows\System\DvSAIQV.exe
  2⤵
  PID:6552
- C:\Windows\System\lsXVWdW.exe
  C:\Windows\System\lsXVWdW.exe
  2⤵
  PID:7536
- C:\Windows\System\JfQHYGW.exe
  C:\Windows\System\JfQHYGW.exe
  2⤵
  PID:7692
- C:\Windows\System\BmwKerP.exe
  C:\Windows\System\BmwKerP.exe
  2⤵
  PID:7764
- C:\Windows\System\bIoyOeK.exe
  C:\Windows\System\bIoyOeK.exe
  2⤵
  PID:7956
- C:\Windows\System\qdbkEbu.exe
  C:\Windows\System\qdbkEbu.exe
  2⤵
  PID:8012
- C:\Windows\System\crndFHB.exe
  C:\Windows\System\crndFHB.exe
  2⤵
  PID:8248
- C:\Windows\System\iZjuSbL.exe
  C:\Windows\System\iZjuSbL.exe
  2⤵
  PID:8280
- C:\Windows\System\YSYVHzi.exe
  C:\Windows\System\YSYVHzi.exe
  2⤵
  PID:5752
- C:\Windows\System\wDNfMJU.exe
  C:\Windows\System\wDNfMJU.exe
  2⤵
  PID:8164
- C:\Windows\System\rVFrryo.exe
  C:\Windows\System\rVFrryo.exe
  2⤵
  PID:6008
- C:\Windows\System\fkXmizZ.exe
  C:\Windows\System\fkXmizZ.exe
  2⤵
  PID:6768
- C:\Windows\System\BNlPHfg.exe
  C:\Windows\System\BNlPHfg.exe
  2⤵
  PID:7184
- C:\Windows\System\JjatERc.exe
  C:\Windows\System\JjatERc.exe
  2⤵
  PID:7124
- C:\Windows\System\XNcQZMh.exe
  C:\Windows\System\XNcQZMh.exe
  2⤵
  PID:6028
- C:\Windows\System\BHWHZcS.exe
  C:\Windows\System\BHWHZcS.exe
  2⤵
  PID:7556
- C:\Windows\System\HCdMKjG.exe
  C:\Windows\System\HCdMKjG.exe
  2⤵
  PID:9228
- C:\Windows\System\kPcKFna.exe
  C:\Windows\System\kPcKFna.exe
  2⤵
  PID:9244
- C:\Windows\System\ogYtivb.exe
  C:\Windows\System\ogYtivb.exe
  2⤵
  PID:9268
- C:\Windows\System\bcvzKSA.exe
  C:\Windows\System\bcvzKSA.exe
  2⤵
  PID:9288
- C:\Windows\System\zvFhpAg.exe
  C:\Windows\System\zvFhpAg.exe
  2⤵
  PID:9312
- C:\Windows\System\vVNKjLI.exe
  C:\Windows\System\vVNKjLI.exe
  2⤵
  PID:9332
- C:\Windows\System\pJRrGAu.exe
  C:\Windows\System\pJRrGAu.exe
  2⤵
  PID:9352
- C:\Windows\System\JxibHCn.exe
  C:\Windows\System\JxibHCn.exe
  2⤵
  PID:9376
- C:\Windows\System\MKzjxBd.exe
  C:\Windows\System\MKzjxBd.exe
  2⤵
  PID:9392
- C:\Windows\System\wlhKXjV.exe
  C:\Windows\System\wlhKXjV.exe
  2⤵
  PID:9416
- C:\Windows\System\UNtrnMv.exe
  C:\Windows\System\UNtrnMv.exe
  2⤵
  PID:9440
- C:\Windows\System\bMGJDcE.exe
  C:\Windows\System\bMGJDcE.exe
  2⤵
  PID:9460
- C:\Windows\System\NzbbugO.exe
  C:\Windows\System\NzbbugO.exe
  2⤵
  PID:9480
- C:\Windows\System\RKqQCfB.exe
  C:\Windows\System\RKqQCfB.exe
  2⤵
  PID:9504
- C:\Windows\System\MRPSYfV.exe
  C:\Windows\System\MRPSYfV.exe
  2⤵
  PID:9536
- C:\Windows\System\YxfdPjq.exe
  C:\Windows\System\YxfdPjq.exe
  2⤵
  PID:9556
- C:\Windows\System\RqoTMoA.exe
  C:\Windows\System\RqoTMoA.exe
  2⤵
  PID:9580
- C:\Windows\System\GpOZUQI.exe
  C:\Windows\System\GpOZUQI.exe
  2⤵
  PID:9604
- C:\Windows\System\SrAhGej.exe
  C:\Windows\System\SrAhGej.exe
  2⤵
  PID:9624
- C:\Windows\System\DHndTHw.exe
  C:\Windows\System\DHndTHw.exe
  2⤵
  PID:9648
- C:\Windows\System\PwAbkax.exe
  C:\Windows\System\PwAbkax.exe
  2⤵
  PID:9668
- C:\Windows\System\YoFNlmh.exe
  C:\Windows\System\YoFNlmh.exe
  2⤵
  PID:9688
- C:\Windows\System\OCSzOjW.exe
  C:\Windows\System\OCSzOjW.exe
  2⤵
  PID:9712
- C:\Windows\System\xdyiVTJ.exe
  C:\Windows\System\xdyiVTJ.exe
  2⤵
  PID:9736
- C:\Windows\System\ZWFodOw.exe
  C:\Windows\System\ZWFodOw.exe
  2⤵
  PID:9756
- C:\Windows\System\nubMLdY.exe
  C:\Windows\System\nubMLdY.exe
  2⤵
  PID:9776
- C:\Windows\System\mnbJxUc.exe
  C:\Windows\System\mnbJxUc.exe
  2⤵
  PID:9792
- C:\Windows\System\vZzqMCL.exe
  C:\Windows\System\vZzqMCL.exe
  2⤵
  PID:9808
- C:\Windows\System\DReKoQB.exe
  C:\Windows\System\DReKoQB.exe
  2⤵
  PID:9828
- C:\Windows\System\uDdIVhN.exe
  C:\Windows\System\uDdIVhN.exe
  2⤵
  PID:9844
- C:\Windows\System\uWjkuAf.exe
  C:\Windows\System\uWjkuAf.exe
  2⤵
  PID:9860
- C:\Windows\System\qCJQDQu.exe
  C:\Windows\System\qCJQDQu.exe
  2⤵
  PID:9888
- C:\Windows\System\TKPsacB.exe
  C:\Windows\System\TKPsacB.exe
  2⤵
  PID:9988
- C:\Windows\System\fTgwrGQ.exe
  C:\Windows\System\fTgwrGQ.exe
  2⤵
  PID:10008
- C:\Windows\System\mOLdIni.exe
  C:\Windows\System\mOLdIni.exe
  2⤵
  PID:10032
- C:\Windows\System\qXrQzqC.exe
  C:\Windows\System\qXrQzqC.exe
  2⤵
  PID:10052
- C:\Windows\System\mPyQuqL.exe
  C:\Windows\System\mPyQuqL.exe
  2⤵
  PID:10072
- C:\Windows\System\julgIFh.exe
  C:\Windows\System\julgIFh.exe
  2⤵
  PID:10100
- C:\Windows\System\IsCyRZt.exe
  C:\Windows\System\IsCyRZt.exe
  2⤵
  PID:10128
- C:\Windows\System\LacjLIG.exe
  C:\Windows\System\LacjLIG.exe
  2⤵
  PID:10144
- C:\Windows\System\NbizxVd.exe
  C:\Windows\System\NbizxVd.exe
  2⤵
  PID:10168
- C:\Windows\System\eeUlEyM.exe
  C:\Windows\System\eeUlEyM.exe
  2⤵
  PID:10184
- C:\Windows\System\qmOnZCD.exe
  C:\Windows\System\qmOnZCD.exe
  2⤵
  PID:10216
- C:\Windows\System\FbjiNCz.exe
  C:\Windows\System\FbjiNCz.exe
  2⤵
  PID:6352
- C:\Windows\System\TFFKqNJ.exe
  C:\Windows\System\TFFKqNJ.exe
  2⤵
  PID:4812
- C:\Windows\System\MmXcDoR.exe
  C:\Windows\System\MmXcDoR.exe
  2⤵
  PID:1808
- C:\Windows\System\CsRcCrI.exe
  C:\Windows\System\CsRcCrI.exe
  2⤵
  PID:8776
- C:\Windows\System\rSEuNep.exe
  C:\Windows\System\rSEuNep.exe
  2⤵
  PID:8944
- C:\Windows\System\wnXIkeI.exe
  C:\Windows\System\wnXIkeI.exe
  2⤵
  PID:9048
- C:\Windows\System\WSaBpaq.exe
  C:\Windows\System\WSaBpaq.exe
  2⤵
  PID:9076
- C:\Windows\System\hQwtjxL.exe
  C:\Windows\System\hQwtjxL.exe
  2⤵
  PID:9124
- C:\Windows\System\SCQJtEo.exe
  C:\Windows\System\SCQJtEo.exe
  2⤵
  PID:9164
- C:\Windows\System\kpPlkyK.exe
  C:\Windows\System\kpPlkyK.exe
  2⤵
  PID:9204
- C:\Windows\System\NqzOpuQ.exe
  C:\Windows\System\NqzOpuQ.exe
  2⤵
  PID:8224
- C:\Windows\System\LYFaCJn.exe
  C:\Windows\System\LYFaCJn.exe
  2⤵
  PID:7584
- C:\Windows\System\XQeuPpJ.exe
  C:\Windows\System\XQeuPpJ.exe
  2⤵
  PID:8328
- C:\Windows\System\fEIGIIg.exe
  C:\Windows\System\fEIGIIg.exe
  2⤵
  PID:8372
- C:\Windows\System\YckssKQ.exe
  C:\Windows\System\YckssKQ.exe
  2⤵
  PID:8436
- C:\Windows\System\VpjJLaP.exe
  C:\Windows\System\VpjJLaP.exe
  2⤵
  PID:8476
- C:\Windows\System\dGSydYo.exe
  C:\Windows\System\dGSydYo.exe
  2⤵
  PID:8532
- C:\Windows\System\OnCjoWG.exe
  C:\Windows\System\OnCjoWG.exe
  2⤵
  PID:8564
- C:\Windows\System\SdLJNKf.exe
  C:\Windows\System\SdLJNKf.exe
  2⤵
  PID:7952
- C:\Windows\System\DqCrUOU.exe
  C:\Windows\System\DqCrUOU.exe
  2⤵
  PID:8144
- C:\Windows\System\UqKZykx.exe
  C:\Windows\System\UqKZykx.exe
  2⤵
  PID:7116
- C:\Windows\System\pkcbceE.exe
  C:\Windows\System\pkcbceE.exe
  2⤵
  PID:10248
- C:\Windows\System\mxaZiqN.exe
  C:\Windows\System\mxaZiqN.exe
  2⤵
  PID:10272
- C:\Windows\System\hoDoGxC.exe
  C:\Windows\System\hoDoGxC.exe
  2⤵
  PID:10292
- C:\Windows\System\JHzZTsw.exe
  C:\Windows\System\JHzZTsw.exe
  2⤵
  PID:10316
- C:\Windows\System\OKffqYb.exe
  C:\Windows\System\OKffqYb.exe
  2⤵
  PID:10340
- C:\Windows\System\koQuSKu.exe
  C:\Windows\System\koQuSKu.exe
  2⤵
  PID:10360
- C:\Windows\System\ulZAdaj.exe
  C:\Windows\System\ulZAdaj.exe
  2⤵
  PID:10376
- C:\Windows\System\jQHwSKM.exe
  C:\Windows\System\jQHwSKM.exe
  2⤵
  PID:10392
- C:\Windows\System\hXeLITi.exe
  C:\Windows\System\hXeLITi.exe
  2⤵
  PID:10408
- C:\Windows\System\EohJAcc.exe
  C:\Windows\System\EohJAcc.exe
  2⤵
  PID:10424
- C:\Windows\System\nJgVvJr.exe
  C:\Windows\System\nJgVvJr.exe
  2⤵
  PID:10444
- C:\Windows\System\czIpAor.exe
  C:\Windows\System\czIpAor.exe
  2⤵
  PID:10468
- C:\Windows\System\pnYqKwN.exe
  C:\Windows\System\pnYqKwN.exe
  2⤵
  PID:10496
- C:\Windows\System\fZVEgnv.exe
  C:\Windows\System\fZVEgnv.exe
  2⤵
  PID:10520
- C:\Windows\System\QAAAdOO.exe
  C:\Windows\System\QAAAdOO.exe
  2⤵
  PID:10540
- C:\Windows\System\yGGZTPx.exe
  C:\Windows\System\yGGZTPx.exe
  2⤵
  PID:10568
- C:\Windows\System\KpbKpli.exe
  C:\Windows\System\KpbKpli.exe
  2⤵
  PID:10584
- C:\Windows\System\IEZWFql.exe
  C:\Windows\System\IEZWFql.exe
  2⤵
  PID:10608
- C:\Windows\System\SWMTqVv.exe
  C:\Windows\System\SWMTqVv.exe
  2⤵
  PID:10628
- C:\Windows\System\JiUkYla.exe
  C:\Windows\System\JiUkYla.exe
  2⤵
  PID:10652
- C:\Windows\System\uWwwKlO.exe
  C:\Windows\System\uWwwKlO.exe
  2⤵
  PID:10672
- C:\Windows\System\xaFphfA.exe
  C:\Windows\System\xaFphfA.exe
  2⤵
  PID:10700
- C:\Windows\System\PzUKJdM.exe
  C:\Windows\System\PzUKJdM.exe
  2⤵
  PID:10720
- C:\Windows\System\aavefUf.exe
  C:\Windows\System\aavefUf.exe
  2⤵
  PID:10744
- C:\Windows\System\KAclMQT.exe
  C:\Windows\System\KAclMQT.exe
  2⤵
  PID:10760
- C:\Windows\System\WecPTBf.exe
  C:\Windows\System\WecPTBf.exe
  2⤵
  PID:10784
- C:\Windows\System\mPttwKU.exe
  C:\Windows\System\mPttwKU.exe
  2⤵
  PID:10804
- C:\Windows\System\wWwBXqN.exe
  C:\Windows\System\wWwBXqN.exe
  2⤵
  PID:10824
- C:\Windows\System\UOKSWHX.exe
  C:\Windows\System\UOKSWHX.exe
  2⤵
  PID:10848
- C:\Windows\System\MZgHjeo.exe
  C:\Windows\System\MZgHjeo.exe
  2⤵
  PID:10872
- C:\Windows\System\xxAKJmw.exe
  C:\Windows\System\xxAKJmw.exe
  2⤵
  PID:10892
- C:\Windows\System\oTNnUmj.exe
  C:\Windows\System\oTNnUmj.exe
  2⤵
  PID:10916
- C:\Windows\System\MibdwSu.exe
  C:\Windows\System\MibdwSu.exe
  2⤵
  PID:10936
- C:\Windows\System\XYOYqSB.exe
  C:\Windows\System\XYOYqSB.exe
  2⤵
  PID:10968
- C:\Windows\System\LCRPWdh.exe
  C:\Windows\System\LCRPWdh.exe
  2⤵
  PID:10992
- C:\Windows\System\GOuGWhr.exe
  C:\Windows\System\GOuGWhr.exe
  2⤵
  PID:11024
- C:\Windows\System\Uzgousd.exe
  C:\Windows\System\Uzgousd.exe
  2⤵
  PID:11040
- C:\Windows\System\qGFpaiR.exe
  C:\Windows\System\qGFpaiR.exe
  2⤵
  PID:11072
- C:\Windows\System\igvUGJX.exe
  C:\Windows\System\igvUGJX.exe
  2⤵
  PID:11096
- C:\Windows\System\pAoIvhW.exe
  C:\Windows\System\pAoIvhW.exe
  2⤵
  PID:11124
- C:\Windows\System\jchbKoA.exe
  C:\Windows\System\jchbKoA.exe
  2⤵
  PID:11140
- C:\Windows\System\yPLvRCt.exe
  C:\Windows\System\yPLvRCt.exe
  2⤵
  PID:11172
- C:\Windows\System\PuWmReB.exe
  C:\Windows\System\PuWmReB.exe
  2⤵
  PID:11192
- C:\Windows\System\RIDdThl.exe
  C:\Windows\System\RIDdThl.exe
  2⤵
  PID:11212
- C:\Windows\System\zIlhXIk.exe
  C:\Windows\System\zIlhXIk.exe
  2⤵
  PID:11232
- C:\Windows\System\ywhovAX.exe
  C:\Windows\System\ywhovAX.exe
  2⤵
  PID:11252
- C:\Windows\System\OlcNnVo.exe
  C:\Windows\System\OlcNnVo.exe
  2⤵
  PID:9384
- C:\Windows\System\zcwjdYS.exe
  C:\Windows\System\zcwjdYS.exe
  2⤵
  PID:9496
- C:\Windows\System\oHAmVPR.exe
  C:\Windows\System\oHAmVPR.exe
  2⤵
  PID:8640
- C:\Windows\System\FhoGQxs.exe
  C:\Windows\System\FhoGQxs.exe
  2⤵
  PID:9632
- C:\Windows\System\FyKaMcT.exe
  C:\Windows\System\FyKaMcT.exe
  2⤵
  PID:9836
- C:\Windows\System\BdtBAam.exe
  C:\Windows\System\BdtBAam.exe
  2⤵
  PID:4756
- C:\Windows\System\povkNvF.exe
  C:\Windows\System\povkNvF.exe
  2⤵
  PID:5624
- C:\Windows\System\QdoTMBJ.exe
  C:\Windows\System\QdoTMBJ.exe
  2⤵
  PID:6196
- C:\Windows\System\RJnFwkO.exe
  C:\Windows\System\RJnFwkO.exe
  2⤵
  PID:7852
- C:\Windows\System\QIiKfmb.exe
  C:\Windows\System\QIiKfmb.exe
  2⤵
  PID:7604
- C:\Windows\System\ZWHjRoE.exe
  C:\Windows\System\ZWHjRoE.exe
  2⤵
  PID:8300
- C:\Windows\System\iKWKNBR.exe
  C:\Windows\System\iKWKNBR.exe
  2⤵
  PID:8728
- C:\Windows\System\pfmSOpt.exe
  C:\Windows\System\pfmSOpt.exe
  2⤵
  PID:6036
- C:\Windows\System\ZdVXATd.exe
  C:\Windows\System\ZdVXATd.exe
  2⤵
  PID:11268
- C:\Windows\System\HOJPTIU.exe
  C:\Windows\System\HOJPTIU.exe
  2⤵
  PID:11292
- C:\Windows\System\nNNDQXB.exe
  C:\Windows\System\nNNDQXB.exe
  2⤵
  PID:11312
- C:\Windows\System\xXJocjo.exe
  C:\Windows\System\xXJocjo.exe
  2⤵
  PID:11336
- C:\Windows\System\AkbGukM.exe
  C:\Windows\System\AkbGukM.exe
  2⤵
  PID:11360
- C:\Windows\System\xHyWuzf.exe
  C:\Windows\System\xHyWuzf.exe
  2⤵
  PID:11376
- C:\Windows\System\PubaHai.exe
  C:\Windows\System\PubaHai.exe
  2⤵
  PID:11392
- C:\Windows\System\qHwGRbe.exe
  C:\Windows\System\qHwGRbe.exe
  2⤵
  PID:11416
- C:\Windows\System\xVmwVZG.exe
  C:\Windows\System\xVmwVZG.exe
  2⤵
  PID:11440
- C:\Windows\System\NiijWhf.exe
  C:\Windows\System\NiijWhf.exe
  2⤵
  PID:11456
- C:\Windows\System\lsMREFL.exe
  C:\Windows\System\lsMREFL.exe
  2⤵
  PID:11480
- C:\Windows\System\muSycPp.exe
  C:\Windows\System\muSycPp.exe
  2⤵
  PID:11496
- C:\Windows\System\paltLPd.exe
  C:\Windows\System\paltLPd.exe
  2⤵
  PID:11516
- C:\Windows\System\ccszPQJ.exe
  C:\Windows\System\ccszPQJ.exe
  2⤵
  PID:11540
- C:\Windows\System\LTVSeQg.exe
  C:\Windows\System\LTVSeQg.exe
  2⤵
  PID:11560
- C:\Windows\System\yGBKmDr.exe
  C:\Windows\System\yGBKmDr.exe
  2⤵
  PID:11576
- C:\Windows\System\raPrntg.exe
  C:\Windows\System\raPrntg.exe
  2⤵
  PID:11604
- C:\Windows\System\KlzwVrs.exe
  C:\Windows\System\KlzwVrs.exe
  2⤵
  PID:11628
- C:\Windows\System\dimDqnp.exe
  C:\Windows\System\dimDqnp.exe
  2⤵
  PID:11644
- C:\Windows\System\XTELNDU.exe
  C:\Windows\System\XTELNDU.exe
  2⤵
  PID:11664
- C:\Windows\System\rNnHufP.exe
  C:\Windows\System\rNnHufP.exe
  2⤵
  PID:11684
- C:\Windows\System\hruuacd.exe
  C:\Windows\System\hruuacd.exe
  2⤵
  PID:11708
- C:\Windows\System\tyPXWiP.exe
  C:\Windows\System\tyPXWiP.exe
  2⤵
  PID:11728
- C:\Windows\System\aokgpEz.exe
  C:\Windows\System\aokgpEz.exe
  2⤵
  PID:11748
- C:\Windows\System\RicMmRR.exe
  C:\Windows\System\RicMmRR.exe
  2⤵
  PID:11772
- C:\Windows\System\mmdNCMf.exe
  C:\Windows\System\mmdNCMf.exe
  2⤵
  PID:11796
- C:\Windows\System\yCfIjkL.exe
  C:\Windows\System\yCfIjkL.exe
  2⤵
  PID:11812
- C:\Windows\System\mMRdBWU.exe
  C:\Windows\System\mMRdBWU.exe
  2⤵
  PID:11836
- C:\Windows\System\TKWKUic.exe
  C:\Windows\System\TKWKUic.exe
  2⤵
  PID:11860
- C:\Windows\System\luILEUI.exe
  C:\Windows\System\luILEUI.exe
  2⤵
  PID:11880
- C:\Windows\System\sFcgUzb.exe
  C:\Windows\System\sFcgUzb.exe
  2⤵
  PID:11900
- C:\Windows\System\InOTqkw.exe
  C:\Windows\System\InOTqkw.exe
  2⤵
  PID:11916
- C:\Windows\System\YzIYGpp.exe
  C:\Windows\System\YzIYGpp.exe
  2⤵
  PID:11952
- C:\Windows\System\tkjdytd.exe
  C:\Windows\System\tkjdytd.exe
  2⤵
  PID:11972
- C:\Windows\System\dYZlkwf.exe
  C:\Windows\System\dYZlkwf.exe
  2⤵
  PID:11992
- C:\Windows\System\qUAxhVv.exe
  C:\Windows\System\qUAxhVv.exe
  2⤵
  PID:12020
- C:\Windows\System\RykNjoE.exe
  C:\Windows\System\RykNjoE.exe
  2⤵
  PID:12040
- C:\Windows\System\QWkfqxM.exe
  C:\Windows\System\QWkfqxM.exe
  2⤵
  PID:12060
- C:\Windows\System\NmfJOvv.exe
  C:\Windows\System\NmfJOvv.exe
  2⤵
  PID:12080
- C:\Windows\System\FogNifE.exe
  C:\Windows\System\FogNifE.exe
  2⤵
  PID:12104
- C:\Windows\System\MoByejp.exe
  C:\Windows\System\MoByejp.exe
  2⤵
  PID:12120
- C:\Windows\System\SghyFTK.exe
  C:\Windows\System\SghyFTK.exe
  2⤵
  PID:12136
- C:\Windows\System\ZvCCXzA.exe
  C:\Windows\System\ZvCCXzA.exe
  2⤵
  PID:12160
- C:\Windows\System\jFXewTq.exe
  C:\Windows\System\jFXewTq.exe
  2⤵
  PID:12184
- C:\Windows\System\nNOPmGb.exe
  C:\Windows\System\nNOPmGb.exe
  2⤵
  PID:12204
- C:\Windows\System\MZfYAGn.exe
  C:\Windows\System\MZfYAGn.exe
  2⤵
  PID:12228
- C:\Windows\System\kttmnJI.exe
  C:\Windows\System\kttmnJI.exe
  2⤵
  PID:12252
- C:\Windows\System\hxMIrGL.exe
  C:\Windows\System\hxMIrGL.exe
  2⤵
  PID:12268
- C:\Windows\System\gdrRySB.exe
  C:\Windows\System\gdrRySB.exe
  2⤵
  PID:10256
- C:\Windows\System\otfLfUG.exe
  C:\Windows\System\otfLfUG.exe
  2⤵
  PID:10332
- C:\Windows\System\VvMStUI.exe
  C:\Windows\System\VvMStUI.exe
  2⤵
  PID:10388
- C:\Windows\System\IueaoFl.exe
  C:\Windows\System\IueaoFl.exe
  2⤵
  PID:9436
- C:\Windows\System\XJebDWa.exe
  C:\Windows\System\XJebDWa.exe
  2⤵
  PID:9456
- C:\Windows\System\egUcLJv.exe
  C:\Windows\System\egUcLJv.exe
  2⤵
  PID:9500
- C:\Windows\System\vMatoGH.exe
  C:\Windows\System\vMatoGH.exe
  2⤵
  PID:10580
- C:\Windows\System\mXGnEwz.exe
  C:\Windows\System\mXGnEwz.exe
  2⤵
  PID:10648
- C:\Windows\System\rllOMPG.exe
  C:\Windows\System\rllOMPG.exe
  2⤵
  PID:10768
- C:\Windows\System\rVxupsc.exe
  C:\Windows\System\rVxupsc.exe
  2⤵
  PID:10832
- C:\Windows\System\YKTHaQq.exe
  C:\Windows\System\YKTHaQq.exe
  2⤵
  PID:11032
- C:\Windows\System\mXcFOCq.exe
  C:\Windows\System\mXcFOCq.exe
  2⤵
  PID:8844
- C:\Windows\System\aHEptkw.exe
  C:\Windows\System\aHEptkw.exe
  2⤵
  PID:8876
- C:\Windows\System\NcStMth.exe
  C:\Windows\System\NcStMth.exe
  2⤵
  PID:8900
- C:\Windows\System\jnspWyd.exe
  C:\Windows\System\jnspWyd.exe
  2⤵
  PID:9004
- C:\Windows\System\wrXqfBC.exe
  C:\Windows\System\wrXqfBC.exe
  2⤵
  PID:11148
- C:\Windows\System\psPRTMf.exe
  C:\Windows\System\psPRTMf.exe
  2⤵
  PID:11184
- C:\Windows\System\lwxlRTa.exe
  C:\Windows\System\lwxlRTa.exe
  2⤵
  PID:10120
- C:\Windows\System\hQEATow.exe
  C:\Windows\System\hQEATow.exe
  2⤵
  PID:12296
- C:\Windows\System\GQONgSV.exe
  C:\Windows\System\GQONgSV.exe
  2⤵
  PID:12320
- C:\Windows\System\gcCmRkK.exe
  C:\Windows\System\gcCmRkK.exe
  2⤵
  PID:12340
- C:\Windows\System\QZoLtyw.exe
  C:\Windows\System\QZoLtyw.exe
  2⤵
  PID:12360
- C:\Windows\System\zEkbRJd.exe
  C:\Windows\System\zEkbRJd.exe
  2⤵
  PID:12380
- C:\Windows\System\EZejDiF.exe
  C:\Windows\System\EZejDiF.exe
  2⤵
  PID:12400
- C:\Windows\System\dMcIjvl.exe
  C:\Windows\System\dMcIjvl.exe
  2⤵
  PID:12420
- C:\Windows\System\hZsrAaq.exe
  C:\Windows\System\hZsrAaq.exe
  2⤵
  PID:12444
- C:\Windows\System\HfavAts.exe
  C:\Windows\System\HfavAts.exe
  2⤵
  PID:12464
- C:\Windows\System\peWJojO.exe
  C:\Windows\System\peWJojO.exe
  2⤵
  PID:12484
- C:\Windows\System\EpaoDol.exe
  C:\Windows\System\EpaoDol.exe
  2⤵
  PID:12536
- C:\Windows\System\yKexvzq.exe
  C:\Windows\System\yKexvzq.exe
  2⤵
  PID:12556
- C:\Windows\System\RDtTMNh.exe
  C:\Windows\System\RDtTMNh.exe
  2⤵
  PID:12580
- C:\Windows\System\yiLBQND.exe
  C:\Windows\System\yiLBQND.exe
  2⤵
  PID:12604
- C:\Windows\System\hRNxtxb.exe
  C:\Windows\System\hRNxtxb.exe
  2⤵
  PID:12624
- C:\Windows\System\rtUCSTj.exe
  C:\Windows\System\rtUCSTj.exe
  2⤵
  PID:12640
- C:\Windows\System\twYtykK.exe
  C:\Windows\System\twYtykK.exe
  2⤵
  PID:12656
- C:\Windows\System\VConvuo.exe
  C:\Windows\System\VConvuo.exe
  2⤵
  PID:12680
- C:\Windows\System\uPBlrvS.exe
  C:\Windows\System\uPBlrvS.exe
  2⤵
  PID:12700
- C:\Windows\System\zFUHImi.exe
  C:\Windows\System\zFUHImi.exe
  2⤵
  PID:12728
- C:\Windows\System\olBOZsw.exe
  C:\Windows\System\olBOZsw.exe
  2⤵
  PID:12744
- C:\Windows\System\cnrkWHH.exe
  C:\Windows\System\cnrkWHH.exe
  2⤵
  PID:12764
- C:\Windows\System\oCnqYnN.exe
  C:\Windows\System\oCnqYnN.exe
  2⤵
  PID:12788
- C:\Windows\System\mxMMNjE.exe
  C:\Windows\System\mxMMNjE.exe
  2⤵
  PID:12808
- C:\Windows\System\wtbVwlG.exe
  C:\Windows\System\wtbVwlG.exe
  2⤵
  PID:12824
- C:\Windows\System\YOeFtIl.exe
  C:\Windows\System\YOeFtIl.exe
  2⤵
  PID:12844
- C:\Windows\System\BEfgzgB.exe
  C:\Windows\System\BEfgzgB.exe
  2⤵
  PID:12864
- C:\Windows\System\fweGEvu.exe
  C:\Windows\System\fweGEvu.exe
  2⤵
  PID:12888
- C:\Windows\System\gBnSiXV.exe
  C:\Windows\System\gBnSiXV.exe
  2⤵
  PID:12908
- C:\Windows\System\uoYdKGY.exe
  C:\Windows\System\uoYdKGY.exe
  2⤵
  PID:12936
- C:\Windows\System\jwQZiZO.exe
  C:\Windows\System\jwQZiZO.exe
  2⤵
  PID:12960
- C:\Windows\System\XRGXtID.exe
  C:\Windows\System\XRGXtID.exe
  2⤵
  PID:12988
- C:\Windows\System\IJzuINV.exe
  C:\Windows\System\IJzuINV.exe
  2⤵
  PID:13008
- C:\Windows\System\vbkFNDb.exe
  C:\Windows\System\vbkFNDb.exe
  2⤵
  PID:13028
- C:\Windows\System\AnYpbAY.exe
  C:\Windows\System\AnYpbAY.exe
  2⤵
  PID:11280
- C:\Windows\System\xFRFCqU.exe
  C:\Windows\System\xFRFCqU.exe
  2⤵
  PID:10324
- C:\Windows\System\KFaFPQr.exe
  C:\Windows\System\KFaFPQr.exe
  2⤵
  PID:12780
- C:\Windows\System\RvlNowd.exe
  C:\Windows\System\RvlNowd.exe
  2⤵
  PID:10452
- C:\Windows\System\yUpYhNz.exe
  C:\Windows\System\yUpYhNz.exe
  2⤵
  PID:10636
- C:\Windows\System\qigVulM.exe
  C:\Windows\System\qigVulM.exe
  2⤵
  PID:10716
- C:\Windows\System\WPLdEuc.exe
  C:\Windows\System\WPLdEuc.exe
  2⤵
  PID:10780
- C:\Windows\System\KplPEIi.exe
  C:\Windows\System\KplPEIi.exe
  2⤵
  PID:10844
- C:\Windows\System\hjYhtrL.exe
  C:\Windows\System\hjYhtrL.exe
  2⤵
  PID:10908
- C:\Windows\System\YSNauta.exe
  C:\Windows\System\YSNauta.exe
  2⤵
  PID:11012
- C:\Windows\System\kUiaUyT.exe
  C:\Windows\System\kUiaUyT.exe
  2⤵
  PID:11048
- C:\Windows\System\nUDjbCg.exe
  C:\Windows\System\nUDjbCg.exe
  2⤵
  PID:11088
- C:\Windows\System\AEPeQEW.exe
  C:\Windows\System\AEPeQEW.exe
  2⤵
  PID:11180
- C:\Windows\System\CEgSzSN.exe
  C:\Windows\System\CEgSzSN.exe
  2⤵
  PID:9520
- C:\Windows\System\tBgSNls.exe
  C:\Windows\System\tBgSNls.exe
  2⤵
  PID:10024
- C:\Windows\System\hryRruO.exe
  C:\Windows\System\hryRruO.exe
  2⤵
  PID:8008
- C:\Windows\System\kWoajvx.exe
  C:\Windows\System\kWoajvx.exe
  2⤵
  PID:9240
- C:\Windows\System\AUmpmlm.exe
  C:\Windows\System\AUmpmlm.exe
  2⤵
  PID:7036
- C:\Windows\System\KMXDexi.exe
  C:\Windows\System\KMXDexi.exe
  2⤵
  PID:8760
- C:\Windows\System\NGCtRHy.exe
  C:\Windows\System\NGCtRHy.exe
  2⤵
  PID:8204
- C:\Windows\System\TBYpXaV.exe
  C:\Windows\System\TBYpXaV.exe
  2⤵
  PID:8148
- C:\Windows\System\linvmAl.exe
  C:\Windows\System\linvmAl.exe
  2⤵
  PID:7380
- C:\Windows\System\OEpoDRU.exe
  C:\Windows\System\OEpoDRU.exe
  2⤵
  PID:1868
- C:\Windows\System\EnCKtiR.exe
  C:\Windows\System\EnCKtiR.exe
  2⤵
  PID:5796
- C:\Windows\System\tiWTrPN.exe
  C:\Windows\System\tiWTrPN.exe
  2⤵
  PID:9368
- C:\Windows\System\FUvjVnc.exe
  C:\Windows\System\FUvjVnc.exe
  2⤵
  PID:11612
- C:\Windows\System\VWtOwli.exe
  C:\Windows\System\VWtOwli.exe
  2⤵
  PID:13092
- C:\Windows\System\iBVMjLH.exe
  C:\Windows\System\iBVMjLH.exe
  2⤵
  PID:2852
- C:\Windows\System\lKvTXrX.exe
  C:\Windows\System\lKvTXrX.exe
  2⤵
  PID:10484
- C:\Windows\System\dxTvKOy.exe
  C:\Windows\System\dxTvKOy.exe
  2⤵
  PID:4696
- C:\Windows\System\ncLNYPr.exe
  C:\Windows\System\ncLNYPr.exe
  2⤵
  PID:2164
- C:\Windows\System\jCRTHUr.exe
  C:\Windows\System\jCRTHUr.exe
  2⤵
  PID:3188
- C:\Windows\System\WEYfJLp.exe
  C:\Windows\System\WEYfJLp.exe
  2⤵
  PID:10620
- C:\Windows\System\nOqTMBz.exe
  C:\Windows\System\nOqTMBz.exe
  2⤵
  PID:5672
- C:\Windows\System\FRvTbJD.exe
  C:\Windows\System\FRvTbJD.exe
  2⤵
  PID:8896
- C:\Windows\System\rQqhQqy.exe
  C:\Windows\System\rQqhQqy.exe
  2⤵
  PID:8916
- C:\Windows\System\UHojIns.exe
  C:\Windows\System\UHojIns.exe
  2⤵
  PID:3400
- C:\Windows\System\QXkfRah.exe
  C:\Windows\System\QXkfRah.exe
  2⤵
  PID:10244
- C:\Windows\System\tcFJgcg.exe
  C:\Windows\System\tcFJgcg.exe
  2⤵
  PID:4036
- C:\Windows\System\MeRaoAd.exe
  C:\Windows\System\MeRaoAd.exe
  2⤵
  PID:13104
- C:\Windows\System\HXCrcgn.exe
  C:\Windows\System\HXCrcgn.exe
  2⤵
  PID:11924
- C:\Windows\System\fTNLlWC.exe
  C:\Windows\System\fTNLlWC.exe
  2⤵
  PID:8368
- C:\Windows\System\LgXneUX.exe
  C:\Windows\System\LgXneUX.exe
  2⤵
  PID:9984
- C:\Windows\System\ciYJpXY.exe
  C:\Windows\System\ciYJpXY.exe
  2⤵
  PID:12796
- C:\Windows\System\gwoFnDX.exe
  C:\Windows\System\gwoFnDX.exe
  2⤵
  PID:9728
- C:\Windows\System\zwcmLsg.exe
  C:\Windows\System\zwcmLsg.exe
  2⤵
  PID:11780
- C:\Windows\System\fbTkzOX.exe
  C:\Windows\System\fbTkzOX.exe
  2⤵
  PID:12832
- C:\Windows\System\XYGeCKY.exe
  C:\Windows\System\XYGeCKY.exe
  2⤵
  PID:12860
- C:\Windows\System\tiwYlLP.exe
  C:\Windows\System\tiwYlLP.exe
  2⤵
  PID:9656
- C:\Windows\System\giWhvzx.exe
  C:\Windows\System\giWhvzx.exe
  2⤵
  PID:11584
- C:\Windows\System\CKVOXBS.exe
  C:\Windows\System\CKVOXBS.exe
  2⤵
  PID:11388
- C:\Windows\System\yoZWKzC.exe
  C:\Windows\System\yoZWKzC.exe
  2⤵
  PID:11856
- C:\Windows\System\UhsgVHX.exe
  C:\Windows\System\UhsgVHX.exe
  2⤵
  PID:12632
- C:\Windows\System\YTFFJvg.exe
  C:\Windows\System\YTFFJvg.exe
  2⤵
  PID:12736
- C:\Windows\System\TjfpYcP.exe
  C:\Windows\System\TjfpYcP.exe
  2⤵
  PID:13264
- C:\Windows\System\EetlXkJ.exe
  C:\Windows\System\EetlXkJ.exe
  2⤵
  PID:13100
- C:\Windows\System\rhNwcIb.exe
  C:\Windows\System\rhNwcIb.exe
  2⤵
  PID:12112
- C:\Windows\System\PWAOLst.exe
  C:\Windows\System\PWAOLst.exe
  2⤵
  PID:12376
- C:\Windows\System\mqiuzAC.exe
  C:\Windows\System\mqiuzAC.exe
  2⤵
  PID:12476
- C:\Windows\System\mNiSfKU.exe
  C:\Windows\System\mNiSfKU.exe
  2⤵
  PID:11532
- C:\Windows\System\tsiSznB.exe
  C:\Windows\System\tsiSznB.exe
  2⤵
  PID:1368
- C:\Windows\System\XoiuZpG.exe
  C:\Windows\System\XoiuZpG.exe
  2⤵
  PID:12652
- C:\Windows\System\GGIdHip.exe
  C:\Windows\System\GGIdHip.exe
  2⤵
  PID:4748
- C:\Windows\System\VEzeRrv.exe
  C:\Windows\System\VEzeRrv.exe
  2⤵
  PID:8816
- C:\Windows\System\CoYrBtr.exe
  C:\Windows\System\CoYrBtr.exe
  2⤵
  PID:9772
- C:\Windows\System\kwEHXwC.exe
  C:\Windows\System\kwEHXwC.exe
  2⤵
  PID:11568
- C:\Windows\System\nYwZQvi.exe
  C:\Windows\System\nYwZQvi.exe
  2⤵
  PID:11868
- C:\Windows\System\IRZRDOp.exe
  C:\Windows\System\IRZRDOp.exe
  2⤵
  PID:12092
- C:\Windows\System\mlqedAv.exe
  C:\Windows\System\mlqedAv.exe
  2⤵
  PID:13252
- C:\Windows\System\xDEMiqD.exe
  C:\Windows\System\xDEMiqD.exe
  2⤵
  PID:12944
- C:\Windows\System\wtPhAnH.exe
  C:\Windows\System\wtPhAnH.exe
  2⤵
  PID:8176
- C:\Windows\System\SFvLCFc.exe
  C:\Windows\System\SFvLCFc.exe
  2⤵
  PID:7740
- C:\Windows\System\IxEfpvm.exe
  C:\Windows\System\IxEfpvm.exe
  2⤵
  PID:3944
- C:\Windows\System\eftxwwF.exe
  C:\Windows\System\eftxwwF.exe
  2⤵
  PID:10604
- C:\Windows\System\DDEvOzH.exe
  C:\Windows\System\DDEvOzH.exe
  2⤵
  PID:2668
- C:\Windows\System\khytqPM.exe
  C:\Windows\System\khytqPM.exe
  2⤵
  PID:12916
- C:\Windows\System\XNuTVcF.exe
  C:\Windows\System\XNuTVcF.exe
  2⤵
  PID:8892
- C:\Windows\System\GdPGnww.exe
  C:\Windows\System\GdPGnww.exe
  2⤵
  PID:13020
- C:\Windows\System\YgwMbaT.exe
  C:\Windows\System\YgwMbaT.exe
  2⤵
  PID:9616
- C:\Windows\System\KErgbPZ.exe
  C:\Windows\System\KErgbPZ.exe
  2⤵
  PID:12172
- C:\Windows\System\hjOvnSu.exe
  C:\Windows\System\hjOvnSu.exe
  2⤵
  PID:8308
- C:\Windows\System\hGSkdMv.exe
  C:\Windows\System\hGSkdMv.exe
  2⤵
  PID:13172
- C:\Windows\System\tFNDnpi.exe
  C:\Windows\System\tFNDnpi.exe
  2⤵
  PID:13232
- C:\Windows\System\ybMQNVz.exe
  C:\Windows\System\ybMQNVz.exe
  2⤵
  PID:8984
- C:\Windows\System\PVggyWr.exe
  C:\Windows\System\PVggyWr.exe
  2⤵
  PID:2248
- C:\Windows\System\ftxLIrd.exe
  C:\Windows\System\ftxLIrd.exe
  2⤵
  PID:5812
- C:\Windows\System\HsJPzJc.exe
  C:\Windows\System\HsJPzJc.exe
  2⤵
  PID:10512
- C:\Windows\System\bAbvTja.exe
  C:\Windows\System\bAbvTja.exe
  2⤵
  PID:4564
- C:\Windows\System\oqhyroH.exe
  C:\Windows\System\oqhyroH.exe
  2⤵
  PID:13080
- C:\Windows\System\THfSNxh.exe
  C:\Windows\System\THfSNxh.exe
  2⤵
  PID:10304
- C:\Windows\System\cQjukIM.exe
  C:\Windows\System\cQjukIM.exe
  2⤵
  PID:2244
- C:\Windows\System\AoqCxRM.exe
  C:\Windows\System\AoqCxRM.exe
  2⤵
  PID:13068
- C:\Windows\System\CUxpOUc.exe
  C:\Windows\System\CUxpOUc.exe
  2⤵
  PID:9924
- C:\Windows\System\NoafIdO.exe
  C:\Windows\System\NoafIdO.exe
  2⤵
  PID:13128
- C:\Windows\System\HABYXNz.exe
  C:\Windows\System\HABYXNz.exe
  2⤵
  PID:13268
- C:\Windows\System\qnCHdNl.exe
  C:\Windows\System\qnCHdNl.exe
  2⤵
  PID:1916
- C:\Windows\System\sUGiioy.exe
  C:\Windows\System\sUGiioy.exe
  2⤵
  PID:11936
- C:\Windows\System\sQeURgC.exe
  C:\Windows\System\sQeURgC.exe
  2⤵
  PID:12008
- C:\Windows\System\sRYEqRq.exe
  C:\Windows\System\sRYEqRq.exe
  2⤵
  PID:13256
- C:\Windows\System\BekhBXX.exe
  C:\Windows\System\BekhBXX.exe
  2⤵
  PID:12588
- C:\Windows\System\ncSKLBI.exe
  C:\Windows\System\ncSKLBI.exe
  2⤵
  PID:4256
- C:\Windows\System\MhSdBwB.exe
  C:\Windows\System\MhSdBwB.exe
  2⤵
  PID:11504
- C:\Windows\System\EYgbEVT.exe
  C:\Windows\System\EYgbEVT.exe
  2⤵
  PID:13328
- C:\Windows\System\NSFxMXK.exe
  C:\Windows\System\NSFxMXK.exe
  2⤵
  PID:13352
- C:\Windows\System\FIKcUqM.exe
  C:\Windows\System\FIKcUqM.exe
  2⤵
  PID:13504
- C:\Windows\System\luMEVtw.exe
  C:\Windows\System\luMEVtw.exe
  2⤵
  PID:13564
- C:\Windows\System\EZCpxJh.exe
  C:\Windows\System\EZCpxJh.exe
  2⤵
  PID:13600
- C:\Windows\System\DOXwXWS.exe
  C:\Windows\System\DOXwXWS.exe
  2⤵
  PID:13684
- C:\Windows\System\OGAPXJi.exe
  C:\Windows\System\OGAPXJi.exe
  2⤵
  PID:13728
- C:\Windows\System\vQIXZqh.exe
  C:\Windows\System\vQIXZqh.exe
  2⤵
  PID:14128
- C:\Windows\System\EtEEmhF.exe
  C:\Windows\System\EtEEmhF.exe
  2⤵
  PID:14176
- C:\Windows\System\xpxXHFJ.exe
  C:\Windows\System\xpxXHFJ.exe
  2⤵
  PID:12816
- C:\Windows\System\QRTJnyt.exe
  C:\Windows\System\QRTJnyt.exe
  2⤵
  PID:11640
- C:\Windows\System\HZccWNT.exe
  C:\Windows\System\HZccWNT.exe
  2⤵
  PID:1648
- C:\Windows\System\YJmBdFj.exe
  C:\Windows\System\YJmBdFj.exe
  2⤵
  PID:8492
- C:\Windows\System\VxJFmGR.exe
  C:\Windows\System\VxJFmGR.exe
  2⤵
  PID:13584
- C:\Windows\System\jAiXTgn.exe
  C:\Windows\System\jAiXTgn.exe
  2⤵
  PID:13608
- C:\Windows\System\ojxYAZf.exe
  C:\Windows\System\ojxYAZf.exe
  2⤵
  PID:13648
- C:\Windows\System\CpCFsHv.exe
  C:\Windows\System\CpCFsHv.exe
  2⤵
  PID:13844
- C:\Windows\System\CqzJpCT.exe
  C:\Windows\System\CqzJpCT.exe
  2⤵
  PID:11400
- C:\Windows\System\tEpPPJG.exe
  C:\Windows\System\tEpPPJG.exe
  2⤵
  PID:13404
- C:\Windows\System\hyAHpFC.exe
  C:\Windows\System\hyAHpFC.exe
  2⤵
  PID:13452
- C:\Windows\System\qPtwZpU.exe
  C:\Windows\System\qPtwZpU.exe
  2⤵
  PID:13764
- C:\Windows\System\gymdLGp.exe
  C:\Windows\System\gymdLGp.exe
  2⤵
  PID:8072
- C:\Windows\System\ydgbOfH.exe
  C:\Windows\System\ydgbOfH.exe
  2⤵
  PID:14276
- C:\Windows\System\fJhomhZ.exe
  C:\Windows\System\fJhomhZ.exe
  2⤵
  PID:13696
- C:\Windows\System\YLnmTIO.exe
  C:\Windows\System\YLnmTIO.exe
  2⤵
  PID:13988
- C:\Windows\System\tNpMcZP.exe
  C:\Windows\System\tNpMcZP.exe
  2⤵
  PID:14172
- C:\Windows\System\qkZPqyc.exe
  C:\Windows\System\qkZPqyc.exe
  2⤵
  PID:14288
- C:\Windows\System\mohlcgJ.exe
  C:\Windows\System\mohlcgJ.exe
  2⤵
  PID:14248
- C:\Windows\System\hmxmkpP.exe
  C:\Windows\System\hmxmkpP.exe
  2⤵
  PID:12512
- C:\Windows\System\YvQyJQM.exe
  C:\Windows\System\YvQyJQM.exe
  2⤵
  PID:5188
- C:\Windows\System\eYWyhtf.exe
  C:\Windows\System\eYWyhtf.exe
  2⤵
  PID:11472
- C:\Windows\System\aWGAaWb.exe
  C:\Windows\System\aWGAaWb.exe
  2⤵
  PID:8596
- C:\Windows\System\YwuCrVT.exe
  C:\Windows\System\YwuCrVT.exe
  2⤵
  PID:10516
- C:\Windows\System\dViLkMa.exe
  C:\Windows\System\dViLkMa.exe
  2⤵
  PID:12312
- C:\Windows\System\rWcxoSL.exe
  C:\Windows\System\rWcxoSL.exe
  2⤵
  PID:3348
- C:\Windows\System\hxATQPl.exe
  C:\Windows\System\hxATQPl.exe
  2⤵
  PID:12708
- C:\Windows\System\VOVNwYr.exe
  C:\Windows\System\VOVNwYr.exe
  2⤵
  PID:13384
- C:\Windows\System\MSHRtle.exe
  C:\Windows\System\MSHRtle.exe
  2⤵
  PID:4960
- C:\Windows\System\qeRItwD.exe
  C:\Windows\System\qeRItwD.exe
  2⤵
  PID:13464
- C:\Windows\System\JgqJkQB.exe
  C:\Windows\System\JgqJkQB.exe
  2⤵
  PID:12548
- C:\Windows\System\ZffGBln.exe
  C:\Windows\System\ZffGBln.exe
  2⤵
  PID:11424
- C:\Windows\System\ggTcThy.exe
  C:\Windows\System\ggTcThy.exe
  2⤵
  PID:7640
- C:\Windows\System\iqMRlze.exe
  C:\Windows\System\iqMRlze.exe
  2⤵
  PID:9328
- C:\Windows\System\OnQTiuo.exe
  C:\Windows\System\OnQTiuo.exe
  2⤵
  PID:13196
- C:\Windows\System\wlDHePG.exe
  C:\Windows\System\wlDHePG.exe
  2⤵
  PID:13580
- C:\Windows\System\WQBJMVQ.exe
  C:\Windows\System\WQBJMVQ.exe
  2⤵
  PID:12856
- C:\Windows\System\UesQTyQ.exe
  C:\Windows\System\UesQTyQ.exe
  2⤵
  PID:13680
- C:\Windows\System\ITtqoCz.exe
  C:\Windows\System\ITtqoCz.exe
  2⤵
  PID:8324
- C:\Windows\System\AuexrjA.exe
  C:\Windows\System\AuexrjA.exe
  2⤵
  PID:13444
- C:\Windows\System\lyVDDHc.exe
  C:\Windows\System\lyVDDHc.exe
  2⤵
  PID:13936
- C:\Windows\System\lPBrhWd.exe
  C:\Windows\System\lPBrhWd.exe
  2⤵
  PID:13916
- C:\Windows\System\kNTEJHl.exe
  C:\Windows\System\kNTEJHl.exe
  2⤵
  PID:4644
- C:\Windows\System\AhpyhJE.exe
  C:\Windows\System\AhpyhJE.exe
  2⤵
  PID:12968
- C:\Windows\System\GMgpMZM.exe
  C:\Windows\System\GMgpMZM.exe
  2⤵
  PID:4172
- C:\Windows\System\jNBvQmM.exe
  C:\Windows\System\jNBvQmM.exe
  2⤵
  PID:1264
- C:\Windows\System\QeRXeAP.exe
  C:\Windows\System\QeRXeAP.exe
  2⤵
  PID:12152
- C:\Windows\System\JImtfek.exe
  C:\Windows\System\JImtfek.exe
  2⤵
  PID:3864
- C:\Windows\System\YUlpvom.exe
  C:\Windows\System\YUlpvom.exe
  2⤵
  PID:14120
- C:\Windows\System\HzcnAww.exe
  C:\Windows\System\HzcnAww.exe
  2⤵
  PID:14200
- C:\Windows\System\otTeFZi.exe
  C:\Windows\System\otTeFZi.exe
  2⤵
  PID:14256
- C:\Windows\System\oulRYPf.exe
  C:\Windows\System\oulRYPf.exe
  2⤵
  PID:9784
- C:\Windows\System\MgxPUng.exe
  C:\Windows\System\MgxPUng.exe
  2⤵
  PID:13132
- C:\Windows\System\UDsxQOV.exe
  C:\Windows\System\UDsxQOV.exe
  2⤵
  PID:10792
- C:\Windows\System\qiLHkKp.exe
  C:\Windows\System\qiLHkKp.exe
  2⤵
  PID:13544
- C:\Windows\System\RqICCeM.exe
  C:\Windows\System\RqICCeM.exe
  2⤵
  PID:316
- C:\Windows\System\EOoeCHf.exe
  C:\Windows\System\EOoeCHf.exe
  2⤵
  PID:10088
- C:\Windows\System\MjOKofC.exe
  C:\Windows\System\MjOKofC.exe
  2⤵
  PID:13372
- C:\Windows\System\QOkLVUG.exe
  C:\Windows\System\QOkLVUG.exe
  2⤵
  PID:13552
- C:\Windows\System\GVgPgbu.exe
  C:\Windows\System\GVgPgbu.exe
  2⤵
  PID:13716
- C:\Windows\System\pwmlAko.exe
  C:\Windows\System\pwmlAko.exe
  2⤵
  PID:13624
- C:\Windows\System\VmgvHAR.exe
  C:\Windows\System\VmgvHAR.exe
  2⤵
  PID:10416
- C:\Windows\System\lVKhUty.exe
  C:\Windows\System\lVKhUty.exe
  2⤵
  PID:13636
- C:\Windows\System\OmZYXqf.exe
  C:\Windows\System\OmZYXqf.exe
  2⤵
  PID:13364
- C:\Windows\System\NyTvYSy.exe
  C:\Windows\System\NyTvYSy.exe
  2⤵
  PID:13968
- C:\Windows\System\oCqEUdM.exe
  C:\Windows\System\oCqEUdM.exe
  2⤵
  PID:13980
- C:\Windows\System\cMZoKjZ.exe
  C:\Windows\System\cMZoKjZ.exe
  2⤵
  PID:9664
- C:\Windows\System\XDKTnQU.exe
  C:\Windows\System\XDKTnQU.exe
  2⤵
  PID:4464
- C:\Windows\System\bykctHy.exe
  C:\Windows\System\bykctHy.exe
  2⤵
  PID:3168
- C:\Windows\System\SdpKEgA.exe
  C:\Windows\System\SdpKEgA.exe
  2⤵
  PID:10488
- C:\Windows\System\cEHPFYq.exe
  C:\Windows\System\cEHPFYq.exe
  2⤵
  PID:14140
- C:\Windows\System\proAuQW.exe
  C:\Windows\System\proAuQW.exe
  2⤵
  PID:14224

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 10848 -ip 10848
1⤵
PID:10516

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 776 -p 12656 -ip 12656
1⤵
PID:13068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3ow4w3cn.dqt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ApOLzrh.exe

Filesize
1.7MB

MD5
f197fb58430f2057b20cca74adabd0fe

SHA1
168e9b77f555fd1f0b70e8303b7e4de41a77da1d

SHA256
00b7c9489dc37a41e241a5eaf83d55b17fcdd857e72614344c1dc9e0d96a985f

SHA512
b80c42ad668e5f2fe7d08941f0b5e56c000fa37bfc1af6feda6435c7ae42dc2649682f4f54104cadaa650be37220a52ee75425d96a323f913c6327c77029c247

Download Submit
C:\Windows\System\BWzidwY.exe

Filesize
1.7MB

MD5
0295dcdaed9d9d7e79e0d149389d419a

SHA1
fcedd8d99ddf65db2d92b3c15d5814abdef79ffe

SHA256
2590ef9dd7b321828be9a91591c0e2f01e783e6f281da0f0ba5ceb033e885520

SHA512
14357d9ba87726f28d7700a55889ed0680c7e0aed5ce9dfea1c58cf7fc3e2df62e4779be672216505f5a9d2a33818f9e05e101f72c31481f7edee1dd28cb08ef

Download Submit
C:\Windows\System\CZMVNVP.exe

Filesize
1.7MB

MD5
7e25dc3aed6535b452d49d96cd0ed624

SHA1
33fe651214288f7a43c731f66a3d4396ee980afe

SHA256
8d0abb9388929495306b4cc2df73dfa5b185ae585cd509ed16049b702ec7f398

SHA512
48524ac6f18377eeb064b9a517aead6f618db4e52387d6cdcb10a719f3af5edb37b4b927779ee747759115b4092470c408e49bc0cee00fcbed40e8c1d0ea50a5

Download Submit
C:\Windows\System\DkSlNmf.exe

Filesize
1.7MB

MD5
775586f8f955347d4374c20287dc0818

SHA1
2895e3fca7d1bef27f5e8fd3866a81108f2f0d04

SHA256
907d4fdacf19260faae8455afeef6a2d4581f7b391b4c89d20af75914e01aea3

SHA512
afa488883ffbbd5acbca9a5c5646455413a3e5f177af854cae1e7112acdbafd52f568907170132a5809185ecbcd5061ab404663055bd9a0547f1e40e321b40bc

Download Submit
C:\Windows\System\DqostRq.exe

Filesize
1.7MB

MD5
a039bef2aa0e9effb4a18cb612253292

SHA1
9800c4a2b1e50f001e4055cc8002b4d49c9c7315

SHA256
1c85a2a27a1113e9df080d79b301fb00e5f56854f82f93e2771c22775192dd30

SHA512
8b387bd50d7fda713be3029d8f028c829ff3836e848bc08532af40bf7b7049ac8a4055e0edfbe3fb1fa36cd476d7cc973ea229095cd59db905d476b2c4d605de

Download Submit
C:\Windows\System\DyAxNlN.exe

Filesize
1.7MB

MD5
5e01ba49fdf462beeff09f03f747edf9

SHA1
60029c502b4147d2864b5c545bddbb8bbaf5d05d

SHA256
1a0ccbd708f67197456a6729ce0c65b9a18a24304d9386a696237cf06365afcb

SHA512
a0b36481a7e7356a45f9cecfa071899c5fa8af0f2053771f3a189df5986257752e1c45e21f0c53ed547d374acc801999cdb484da98f1ede57e041ef8df0c3f6b

Download Submit
C:\Windows\System\EVQLfNe.exe

Filesize
1.7MB

MD5
254fda1c9c47213473c4b2ba8c8942ff

SHA1
c0a14f15a8faa4633be0ba8b3d383a3920de5f7c

SHA256
00484f61bec0cd4de457705a487475fe60d98dfe251f204d7420dd58ee8d3342

SHA512
c45b0c3e5155b5e4faa46427148253f65dccde4b9c52d79ee92047c9c930437e3aecf756b7a68c2a3356858f0a2fef843da9388e1010ac0c83cda002b358a825

Download Submit
C:\Windows\System\Egwvfdu.exe

Filesize
1.7MB

MD5
4acc4c758033ed7e60041c6289e320d2

SHA1
4e5a39584be08a1453edf8c6645509f086697d97

SHA256
dfb5dbf8a408c64f084fe307da54ece23283c4f8e0c470c6eebbc737685d1ffd

SHA512
17fee267eaf3298380655e547ba479f86b40109bbdace92fb0bfde843cfd5288d495f96bdf2e537ce90fa645ae59f93cee8235be8b668beb534e12d0161cdcde

Download Submit
C:\Windows\System\EtSBDma.exe

Filesize
1.7MB

MD5
67544db80df1c57f57e2ca0c7f45eff5

SHA1
041606cdb54b670582de4c17bddb56ec2651e79b

SHA256
fb11b133c79f85053f9cc9fa56f0a9737ac76355cab8fc438f3776e3142007ed

SHA512
b4e5a22a190b6f5e7c03ed3505c52d7a28bfff64e7b9578ac348bd2c7760c46b8e555d355ca009b034ee57987e6953f4363d53f2606ad513256e35d2cf045490

Download Submit
C:\Windows\System\GkIaVOK.exe

Filesize
1.7MB

MD5
d869560006e8b27aee5fd8f5ef38c728

SHA1
4a1407fc9e0202dec142a98e2d2aa0d1f7486081

SHA256
75204a24b2604029864f6d645095cf7ebb5364f4370c2d9ae185f3b41fe7c014

SHA512
7a86a85c0b66ac65e51990f6ac28f5343007fda6da1ec80dae0ec3057aadb5e8103a7179ea61ef6a6b54188a0a56d9dd1bb142bf848c58fc7658178f76d41e87

Download Submit
C:\Windows\System\IBmDJaF.exe

Filesize
1.7MB

MD5
47634b7840be99818ec921cb8decc861

SHA1
3973cf2388262e5d58fa2647848b703d3e4cc3ad

SHA256
61ea0e38600ffc9a729469dc1b0c0993bf1b9b394787a51db6017a91ab2bc567

SHA512
9097710b37e8f576fd94b2964f14a4b2894dd2f298d1c55d05ced904fef71850c465cd1caf97b5cab8a01aca4c31ecf52504a817fdd610acd6456e1586bb8995

Download Submit
C:\Windows\System\IDNfzgO.exe

Filesize
1.7MB

MD5
c16ea2fc824a0247c8e1d28fd588537b

SHA1
ad11364e6184182daf2b3993014876c20e385d38

SHA256
4f1783472ca39ea107c22d7f547826f17446f0d2b5921363b4571e698bb5b378

SHA512
3fe94294d6ed86542b8e9064d12d2ebcffbe4a67bfcf5c79215c3844148fe58a3ae37c0cd838efdb4375433708efb20dd2177aa5b34fcdb3121b4e6e5308f891

Download Submit
C:\Windows\System\JivIipA.exe

Filesize
1.7MB

MD5
2512ead3eb310338e31b872f8c4b0522

SHA1
372584f188e8b417b4f0bea43451bc879119dd4c

SHA256
da610408e842274190dbe7ea46717e28892ca2e66adab3ee850eea00ca4a31af

SHA512
a799335d2ae871f5b050d30ea661daf62c069f44e0e8ba65c5bad672ab243ed7997798bcb54e880bea8c50db969fcdf87eb32336eb2d09c1b72f6b2c6e3789f7

Download Submit
C:\Windows\System\LoXWrQE.exe

Filesize
1.7MB

MD5
ec09ae18ab05c7c965508243dd633ace

SHA1
1ac0fe5f4d21caf04c73620789377c2b1e2cfa93

SHA256
2be97a06a56c6ba491e4cc49f08cf6820baa1628f80462393dc84e6f09a9b968

SHA512
fa5e0ec0f810ad6b5102ad485531ff8471b5fd97320e207f15c5f0989e3e3b15aa3ae4d1bfb8b20d7f4a07ac64fe16279c145cc3e248899db8b08a34ca0488b0

Download Submit
C:\Windows\System\NKdDHoy.exe

Filesize
1.7MB

MD5
5f5430ea63c4fa9cc771842d23751917

SHA1
19495831f2a1e998710596dd20f6e5a14396e553

SHA256
ceafd492bed38b1de4631597fa30c6b2d4111b53eded1a7539732dde3d0150d0

SHA512
0cf096572892d720ecd0d315e63267b3d579a92f46b9f35853fa5ae7ae05e4db7d6f2bd87037fa97841c53c1b2d57028dbbd9257922bdb2ed42a20680879f24a

Download Submit
C:\Windows\System\NcslVKe.exe

Filesize
1.7MB

MD5
2c3cefcc35175d3bb898851901e22f9a

SHA1
c114c6bb037b9c03cadba76593d8a0d9487be938

SHA256
84b95c2812912a0edd08ed2aec1f49e747bc76ade76291a15a3e966b3b73b472

SHA512
deb052e1a476191f076d4c6368a84eafd2c4b5ddede78622e77c6b493c44d10653cef54ec17c93eb5ba7b9631f796dbfca811f6d6c5652c5ada9f23f8873ef37

Download Submit
C:\Windows\System\OLYGPRO.exe

Filesize
1.7MB

MD5
5e3f60e8510e6d5ef189f9e5b52d423f

SHA1
98b8f817be8c8c956932913be88bbf4c365b27ec

SHA256
04ac344aeb760ff96feb3abec8dfab7716270c04cfb384216cc952bd4fb75f41

SHA512
c65710fd07e6b728d9680904d78c42cfcc9e1696378f56a974b3dcdfdf20b4dc8dc0815b5b190014040bd49365f075730ccad9a0575f8c88704cb8cd6e69b20f

Download Submit
C:\Windows\System\QgbVmqR.exe

Filesize
1.7MB

MD5
12b26415dc6a7fcc314499abdcc67b70

SHA1
d4c2a17647d385b582fb1789a3d21b0479f54b09

SHA256
f92aa3fed48a45975a08ecacdae13e8da533667f0944b875d93f92b7325ac233

SHA512
71101bb4a317028ffb1dab44d5c1de31ce7f73a2c7cf826d3508337b321e7becbb95b0611ab4b4c5767b1d0d6f04fbafd818d70bce23cd1cdeaad14dd5d02d85

Download Submit
C:\Windows\System\QhJGsTq.exe

Filesize
1.7MB

MD5
20df06005722ade17d36b35eda84b173

SHA1
96dc75599c85e4f4f6341ac779105f2b3640885f

SHA256
9003a3da0aed2b1885114c81d425fc43e1eff33922e4de6d33f1181020122e9b

SHA512
6d4712aad74a8f69669adc7bf3c27429c37911ca452879264560e2da2fe9bd7c75a80e1ac7126549117233507887d7ed5d92d5a6ca253f43f59959466f1bd686

Download Submit
C:\Windows\System\RhYQrqX.exe

Filesize
1.7MB

MD5
e4acf95c3ac63e48f23f84ba6784b6c3

SHA1
9135b42cc4daed20229ca90d747284697070d848

SHA256
2e6a11c9b994a4f82c58cf9f619643d9213204f9b63ff45095aa30d1cfecbe5b

SHA512
41345885de1208aa16c819693f46e589413956af4b67127260ef608dc4c6904140a047c8abffec71cd96b24f5cedb70fc7cdd63eae3471aedf36819c1ea9eb32

Download Submit
C:\Windows\System\SJVyICg.exe

Filesize
1.7MB

MD5
71f0c3edd2acd7c28e1065df0b387062

SHA1
e443ad38f4d65240aa92cd5f3368eb40d7689314

SHA256
e28075a50004301f7b979a1fc379a90f75171ad65187a2da6145de6d3e5c6d9c

SHA512
622af1023de525e402e0c7ced6335d7688a56dded8749b0ca9c25a2517092caf99201e30ea064adccb02947725339d540dbaac8d6d78a0d5d7a7031851f3d653

Download Submit
C:\Windows\System\TAkOinK.exe

Filesize
1.7MB

MD5
dc8bd62a8661f246ba81a7998d557720

SHA1
3a746892ef362edeb7d906a32315c48011a02373

SHA256
252af34efe6d003d199846d6a2d7030d36abbab53bebd3fe61a85b9c20243d97

SHA512
82700d62924ebce0c7c2d3f1bfc78b17766c5356b4dd55791e44050cd2223408fb377d905ea023e9e830bbcc8cc31cb5e32366b53041cf93b2fffe545e5a3e92

Download Submit
C:\Windows\System\XVIAnxe.exe

Filesize
1.7MB

MD5
a827ad9d36049fc5e3b451e44a159fd9

SHA1
acb46a3a30fea36ec9ed8d688c502af4f2bb65cd

SHA256
b4b504a0ef5ca220e25a714c1dba78b3de0d02bce5c1845ff53aca11a228147d

SHA512
194719c14d225b112758bda77aa82b502ae3926814125912b6a001b12f19ac4f01c1f272a10aef78f6a3dc2ef17a9adfcee67e2a3fd7d13e86b0dbdd73f9d198

Download Submit
C:\Windows\System\YZAJrZg.exe

Filesize
1.7MB

MD5
d6c87165c90df95fe692d5fb29efbecc

SHA1
e6e89fafe3ad293a53a2cbccfafc811af1119ae1

SHA256
18880cac6e5656333e3bcd9c21a849e5f512f395aa4fda4efc4e7ef22a9ec88e

SHA512
103eca0f07e85667ec854dd077e9392291813fd53b9f5d24e1574f3bc1af653951f66f57ba99e3bbb2c8b24179b64366621217784cea00495e8e71c628256705

Download Submit
C:\Windows\System\acIYmQL.exe

Filesize
8B

MD5
b73fb21d67a247f9ac438fe8c351430a

SHA1
ac15c6df2acefe1e2c420375d1bd91b327f057b3

SHA256
77e445c1cb08291b551a6e118f41f72afa8a9daa5aca4c3c569cc658b22917c9

SHA512
bc8df04059daaf4c0ca4dce970d2391c3b5cff5f655aab83ca1f095c275eda1fc7df90df8beafd0388f09945ec4e45ad9333e05dcca93e4d255767e86c4a3f85

Download Submit
C:\Windows\System\aiNwBho.exe

Filesize
1.7MB

MD5
13233798b8bf1d5db2a6848dafe7737a

SHA1
6e04d024c2109dbd6f1d259445d48a2a3cedee2f

SHA256
4ad87de4a653b831c1bc222ad34cab708cbf5a3672214471d2014ba10a26e4e3

SHA512
55ec1e06e419185f73cdf9071ca615b0746a68c6a0716d6aa2628f17fbd56c271664c725c72bd687d6430119d7c0f79dba051ae244f41dd5697f1b331605221f

Download Submit
C:\Windows\System\czTvcqR.exe

Filesize
1.7MB

MD5
551c8f5d68f1b23dc96c4f75eea2ad0a

SHA1
1614d2cb8517a753863b72e67d0461ca8931f318

SHA256
5ab3bb09d82825e7a9c721c061f08bc9b42c968eb078d1a5619b60ba481b3274

SHA512
573bdc7ec519a87f643e4c6003bfffc21e43485d0cd50f999b0f5bb621d9164bf72f354bffd14c7027fc9b7655bf44f50750ee949dac654ce54054a627fd0864

Download Submit
C:\Windows\System\daUtfSr.exe

Filesize
1.7MB

MD5
7b1c67acf33b42d43c511a8428336c87

SHA1
889acd6af5ca0bfd0cdb19e2a257125c7faa93d4

SHA256
4850b949dc66286373d1622855c81beae9a3047f3bc356329d16d84b22d583b4

SHA512
6de211c45603acf0a0ba0edd85de48b768bce8bfac76deee01f398fbafa9c0a17f09291d03c6258fdbfcb943ea4f0f1a29f1f48224057647ffc4d02907c217aa

Download Submit
C:\Windows\System\hQHqgMR.exe

Filesize
1.7MB

MD5
634705b5f9c1051823b07bcf68cdbd4f

SHA1
f1824daabf9e08d885a0c7ea49e098bc761df5ec

SHA256
3e06ba9eea5260285137212f7dcd36731207383183217efab007a91bfc9e69a3

SHA512
287248bb077d9f6a2d88cf5f01b4ca4d3045bc097236b620c6d2e926b7781e7515c12066d1957bf605dd7e4bd4241b89021ec31c3a5658d745ab58c5f976476e

Download Submit
C:\Windows\System\hxnWTVO.exe

Filesize
1.7MB

MD5
1a9daf81d87deee8f6d3002ebbeae4b9

SHA1
54c630f7e6a8465444dddb5e7e5839fee8bac58b

SHA256
0e93ad6e613edd46bfd8b4e8fa05ce6afd7422e8dc806a7d93651a3767dccd87

SHA512
cb7104ec951e7ab31e0c86aec69e159e1f972326b76caf4b34f3fed1d925fecb2daa35ea2c7c4e7a3366867fa5dcc6dc19aebfc2e37c31ced35e8dca0ff4a299

Download Submit
C:\Windows\System\jEnfRcO.exe

Filesize
1.7MB

MD5
a8b99ccbfc4fbf1c030822c156d0017b

SHA1
608e1c82865b7ce86f17cab24af2e4783f89c36f

SHA256
a1e327071e0814ef706416aabff68f4a6524f47b158485f8b9fdde7ad7d7252b

SHA512
1561d875fc18dd1426f023e02bfd44b4c98e8b01198f157c2d9109cf966b9f0d8320b3fe8c7eb61f4071238c8bb6ff23da112aed4c84a5b7a227a6d7624b3957

Download Submit
C:\Windows\System\kfhWNri.exe

Filesize
1.7MB

MD5
ed1a23b4e09869d073204ce58c4986ed

SHA1
4fa9cad6bdd294a1b14c66761c227e72a28dbdb2

SHA256
e305a7f5bc27bce47dbfcaca21619e4d5033e121bd86d626f5a25dda9976b6db

SHA512
1e91f364ba8039dd82f6ef1a6d4aca1b55d3b834b9b637d54deb0616e74aebb581f8da10467c15bbb92b3052010c23d054a54ab88895c1be597b2ab1e63b6596

Download Submit
C:\Windows\System\oPlsVzG.exe

Filesize
1.7MB

MD5
ae647457dfd87063613188572ebc4ce0

SHA1
2ead8c56b9f8f6bdae7f4cef5c01be0b92fed647

SHA256
72fd0019f9abadbfedbe74e79b0aec1aa67a42bf20886dff1817da2af8385ed9

SHA512
fe0e0de06ae4319042b12832948030da1325e82b6cc7b307be51670ec7685527947b573e78c42d7e208cbcbc2049f2d596273508388cb0dd993c4fc5b656478a

Download Submit
C:\Windows\System\pMvNSIT.exe

Filesize
1.7MB

MD5
58b94ade7a1b4a122136880f6956ade9

SHA1
2fc342c7ecb2e1cca80486e7a015da514a77296f

SHA256
b591339253edbae353ed79e3f613fe8bb4661ada5a0302f3c21f5ebebf06e3a3

SHA512
d8e31eee1c6290a75adc12fb31c6fbc2ddbfc27e9214c89d44d7024b1622c617249bf69978afd540032531a1d1f5a9663cc1b900b638eb0dffb6e4903d47df7f

Download Submit
C:\Windows\System\sKDIDED.exe

Filesize
1.7MB

MD5
fbe436c89ecba3df18a28f4c1b2bb453

SHA1
d18bf9ad96672d9c84fc700890a2252b68583c97

SHA256
6a0f3d6a53aae0de16e757479a0f3a52185d3da3e90465021bdad2a773f93932

SHA512
11f2dae2ef2d4d258bb2c0dd4bd5914ca748f080118b053b3f410ebcc4a1112a63ed4b8e123ed13c2de50673d8b68b60e9aed8868eefdacc09a92169bdf2fcbf

Download Submit
C:\Windows\System\sjQiKoK.exe

Filesize
1.7MB

MD5
4f85820c9a11b935642df160e98f2b45

SHA1
2816bd26e72d315aebf856e26a8135079911ef8d

SHA256
119ec82ce15b73f9cbd781da021608d4e46b74584d733ef429b6d4b6fd73e26b

SHA512
636da35f6bea694fba790a82143feac33d9176b2a38123fdbd9ea7f98fa6869def90b06ff704c6d84be3f773e648f58571b0906a9c4f734d9ddc70b2706d95c6

Download Submit
C:\Windows\System\vdnDjHn.exe

Filesize
1.7MB

MD5
a476391983eee1303e6d2ee37af2b7eb

SHA1
fe334286b9bf963687f704a5c948e9d5133f7ef3

SHA256
fce54c9bf24c435a4228a28847e08f7e8fe1af31e0c495814e8c0ab7bc3af86b

SHA512
0a5ffdc10247a41648a9762dc9e7880a9ce63859899bcfaab2f963d91a9c5ffba0599fdb3726389930a774757c6de52ce538f96f38dfd357816012f9d72cd002

Download Submit
C:\Windows\System\vhDRJlv.exe

Filesize
1.7MB

MD5
1992107e673b26d41052f75405517738

SHA1
73e7fc66ee28f06bd1521385e45653ab801e6295

SHA256
22c80734e5a5ef97606b20963a79a63d7f0771035d6d7281cfeb8ff4929f7613

SHA512
50c33aa886b45fe3c5a5d187cf4f37d01176db9b8ca61e1f09a98f3445e97542b8d086daa7f620e0ae627191cae52c529280ada217289227bb66160b8e3195bf

Download Submit
C:\Windows\System\wTuwHCe.exe

Filesize
1.7MB

MD5
9abbbcb126cfad3e4d73cc2231c129de

SHA1
268f733a0495dfaca21896fb077c4728d301b11c

SHA256
1374b0db6b761dc3b05c2b0e9745fb08d7bcd47e453df12df7c2137aad5fd0a8

SHA512
2e9154fdc01ab5630162021e0f34f346f9a980789a04966076e0ec55147e12f8ffd5db4d78e112215e153228a96c07106dcc7c343942e4ebb361cb3de1b9c8c3

Download Submit
C:\Windows\System\xwmqBJx.exe

Filesize
1.7MB

MD5
f931adc1c8bdc9a0c1209694b3e977d2

SHA1
8cda2b53fb763216466593feb6a8d7305b266ff7

SHA256
1f48cb95353417f79368f7761f3943addb2ce07b206ced733d82386464cae072

SHA512
d614f7f31e61376cbe9bf0612b67d49a419d02251865060c0b680d3686981cedae774ccffe36a8d714afc530e2674f141b241ac49f2ec7f7d05f300b1cf2b789

Download Submit
memory/8-1-0x000001CC054A0000-0x000001CC054B0000-memory.dmp

Filesize
64KB

Download
memory/8-0-0x00007FF660FA0000-0x00007FF661392000-memory.dmp

Filesize
3.9MB

Download
memory/740-554-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp

Filesize
3.9MB

Download
memory/740-2967-0x00007FF6AB760000-0x00007FF6ABB52000-memory.dmp

Filesize
3.9MB

Download
memory/1000-482-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp

Filesize
3.9MB

Download
memory/1000-2957-0x00007FF6475B0000-0x00007FF6479A2000-memory.dmp

Filesize
3.9MB

Download
memory/1172-783-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp

Filesize
3.9MB

Download
memory/1172-2946-0x00007FF6D5050000-0x00007FF6D5442000-memory.dmp

Filesize
3.9MB

Download
memory/1356-553-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1356-2963-0x00007FF6CCAC0000-0x00007FF6CCEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1516-560-0x00007FF716A90000-0x00007FF716E82000-memory.dmp

Filesize
3.9MB

Download
memory/1516-2991-0x00007FF716A90000-0x00007FF716E82000-memory.dmp

Filesize
3.9MB

Download
memory/1628-438-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp

Filesize
3.9MB

Download
memory/1628-2950-0x00007FF6DFA10000-0x00007FF6DFE02000-memory.dmp

Filesize
3.9MB

Download
memory/1680-2943-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp

Filesize
3.9MB

Download
memory/1680-195-0x00007FF6254E0000-0x00007FF6258D2000-memory.dmp

Filesize
3.9MB

Download
memory/1796-2937-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp

Filesize
3.9MB

Download
memory/1796-128-0x00007FF71C6C0000-0x00007FF71CAB2000-memory.dmp

Filesize
3.9MB

Download
memory/1820-293-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1820-2955-0x00007FF7E38C0000-0x00007FF7E3CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1996-2986-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp

Filesize
3.9MB

Download
memory/1996-562-0x00007FF6E22C0000-0x00007FF6E26B2000-memory.dmp

Filesize
3.9MB

Download
memory/2268-481-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp

Filesize
3.9MB

Download
memory/2268-2954-0x00007FF6FA430000-0x00007FF6FA822000-memory.dmp

Filesize
3.9MB

Download
memory/2732-558-0x00007FF778590000-0x00007FF778982000-memory.dmp

Filesize
3.9MB

Download
memory/2732-2974-0x00007FF778590000-0x00007FF778982000-memory.dmp

Filesize
3.9MB

Download
memory/2740-552-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp

Filesize
3.9MB

Download
memory/2740-2960-0x00007FF6328E0000-0x00007FF632CD2000-memory.dmp

Filesize
3.9MB

Download
memory/2816-108-0x00007FFD614D0000-0x00007FFD61F91000-memory.dmp

Filesize
10.8MB

Download
memory/2816-27-0x00007FFD614D3000-0x00007FFD614D5000-memory.dmp

Filesize
8KB

Download
memory/2816-413-0x00000280D1B90000-0x00000280D1BB2000-memory.dmp

Filesize
136KB

Download
memory/2816-603-0x00007FFD614D0000-0x00007FFD61F91000-memory.dmp

Filesize
10.8MB

Download
memory/2816-2494-0x00007FFD614D0000-0x00007FFD61F91000-memory.dmp

Filesize
10.8MB

Download
memory/2860-551-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp

Filesize
3.9MB

Download
memory/2860-2978-0x00007FF7EA3B0000-0x00007FF7EA7A2000-memory.dmp

Filesize
3.9MB

Download
memory/3636-2972-0x00007FF610760000-0x00007FF610B52000-memory.dmp

Filesize
3.9MB

Download
memory/3636-557-0x00007FF610760000-0x00007FF610B52000-memory.dmp

Filesize
3.9MB

Download
memory/4176-2976-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp

Filesize
3.9MB

Download
memory/4176-559-0x00007FF63E730000-0x00007FF63EB22000-memory.dmp

Filesize
3.9MB

Download
memory/4268-2951-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp

Filesize
3.9MB

Download
memory/4268-241-0x00007FF7775B0000-0x00007FF7779A2000-memory.dmp

Filesize
3.9MB

Download
memory/4508-547-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp

Filesize
3.9MB

Download
memory/4508-2964-0x00007FF7F4B20000-0x00007FF7F4F12000-memory.dmp

Filesize
3.9MB

Download
memory/4536-2984-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp

Filesize
3.9MB

Download
memory/4536-561-0x00007FF68E6F0000-0x00007FF68EAE2000-memory.dmp

Filesize
3.9MB

Download
memory/4544-2941-0x00007FF611800000-0x00007FF611BF2000-memory.dmp

Filesize
3.9MB

Download
memory/4544-292-0x00007FF611800000-0x00007FF611BF2000-memory.dmp

Filesize
3.9MB

Download
memory/4608-26-0x00007FF7AF370000-0x00007FF7AF762000-memory.dmp

Filesize
3.9MB

Download
memory/4608-2939-0x00007FF7AF370000-0x00007FF7AF762000-memory.dmp

Filesize
3.9MB

Download
memory/4656-356-0x00007FF710090000-0x00007FF710482000-memory.dmp

Filesize
3.9MB

Download
memory/4656-2947-0x00007FF710090000-0x00007FF710482000-memory.dmp

Filesize
3.9MB

Download
memory/4912-2968-0x00007FF636860000-0x00007FF636C52000-memory.dmp

Filesize
3.9MB

Download
memory/4912-556-0x00007FF636860000-0x00007FF636C52000-memory.dmp

Filesize
3.9MB

Download
memory/5100-2970-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp

Filesize
3.9MB

Download
memory/5100-555-0x00007FF7D73A0000-0x00007FF7D7792000-memory.dmp

Filesize
3.9MB

Download