xmrig | c48f62a70c13de6cfa7cfc1c5e8f1f8fa4dd89168d1c8cc4c836c411538adf0f

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c4862b2316fa6ee8a635e0102c82440N.exe
Size

3.1MB
MD5

3c4862b2316fa6ee8a635e0102c82440
SHA1

9749ed67fdccd480318d541a206cbafbba101021
SHA256

c48f62a70c13de6cfa7cfc1c5e8f1f8fa4dd89168d1c8cc4c836c411538adf0f
SHA512

ea4a8592ddcf8b3baed793cadec0fd37b81897ba6f38b6593696a63c00cd94131983e6a345538eba5d5fd198bcc3de3e6c165dd2b8a7842f59a9318af89ccc7e
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWm:7bBeSFka

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1016-0-0x00007FF718140000-0x00007FF718536000-memory.dmp	xmrig
behavioral2/files/0x00060000000232d4-5.dat	xmrig
behavioral2/files/0x000900000002347b-22.dat	xmrig
behavioral2/files/0x0007000000023486-29.dat	xmrig
behavioral2/memory/2696-56-0x00007FF6E4AE0000-0x00007FF6E4ED6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023488-54.dat	xmrig
behavioral2/files/0x000700000002348d-67.dat	xmrig
behavioral2/files/0x000700000002348a-71.dat	xmrig
behavioral2/files/0x0007000000023491-90.dat	xmrig
behavioral2/memory/2060-101-0x00007FF65C580000-0x00007FF65C976000-memory.dmp	xmrig
behavioral2/memory/4736-115-0x00007FF79E350000-0x00007FF79E746000-memory.dmp	xmrig
behavioral2/memory/3780-119-0x00007FF642810000-0x00007FF642C06000-memory.dmp	xmrig
behavioral2/memory/2964-121-0x00007FF6514B0000-0x00007FF6518A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023492-127.dat	xmrig
behavioral2/files/0x0007000000023497-147.dat	xmrig
behavioral2/files/0x000700000002349b-169.dat	xmrig
behavioral2/files/0x000700000002349a-186.dat	xmrig
behavioral2/files/0x00070000000234a2-200.dat	xmrig
behavioral2/files/0x00070000000234a1-199.dat	xmrig
behavioral2/memory/1520-237-0x00007FF6FF180000-0x00007FF6FF576000-memory.dmp	xmrig
behavioral2/memory/1528-238-0x00007FF6B8A20000-0x00007FF6B8E16000-memory.dmp	xmrig
behavioral2/memory/2224-236-0x00007FF73BA00000-0x00007FF73BDF6000-memory.dmp	xmrig
behavioral2/memory/4884-235-0x00007FF7E7CA0000-0x00007FF7E8096000-memory.dmp	xmrig
behavioral2/memory/4188-226-0x00007FF6D95A0000-0x00007FF6D9996000-memory.dmp	xmrig
behavioral2/memory/3792-225-0x00007FF692C80000-0x00007FF693076000-memory.dmp	xmrig
behavioral2/files/0x000700000002349c-197.dat	xmrig
behavioral2/files/0x00070000000234a0-194.dat	xmrig
behavioral2/files/0x000700000002349f-183.dat	xmrig
behavioral2/files/0x000700000002349e-182.dat	xmrig
behavioral2/files/0x000700000002349d-179.dat	xmrig
behavioral2/files/0x0007000000023499-172.dat	xmrig
behavioral2/files/0x0007000000023498-162.dat	xmrig
behavioral2/files/0x0007000000023496-153.dat	xmrig
behavioral2/files/0x0007000000023495-149.dat	xmrig
behavioral2/files/0x0008000000023494-140.dat	xmrig
behavioral2/files/0x0008000000023493-135.dat	xmrig
behavioral2/memory/1704-123-0x00007FF6FD750000-0x00007FF6FDB46000-memory.dmp	xmrig
behavioral2/memory/440-120-0x00007FF6D40D0000-0x00007FF6D44C6000-memory.dmp	xmrig
behavioral2/memory/3628-118-0x00007FF7166C0000-0x00007FF716AB6000-memory.dmp	xmrig
behavioral2/memory/4684-117-0x00007FF6689D0000-0x00007FF668DC6000-memory.dmp	xmrig
behavioral2/memory/2564-116-0x00007FF730800000-0x00007FF730BF6000-memory.dmp	xmrig
behavioral2/memory/2908-114-0x00007FF6F09A0000-0x00007FF6F0D96000-memory.dmp	xmrig
behavioral2/memory/4228-103-0x00007FF6DFF00000-0x00007FF6E02F6000-memory.dmp	xmrig
behavioral2/memory/1620-102-0x00007FF7D0E90000-0x00007FF7D1286000-memory.dmp	xmrig
behavioral2/memory/3096-100-0x00007FF6CDFF0000-0x00007FF6CE3E6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023490-95.dat	xmrig
behavioral2/files/0x000700000002348f-93.dat	xmrig
behavioral2/files/0x000700000002348e-91.dat	xmrig
behavioral2/files/0x000700000002348c-85.dat	xmrig
behavioral2/files/0x000700000002348b-83.dat	xmrig
behavioral2/files/0x0007000000023487-64.dat	xmrig
behavioral2/files/0x0007000000023489-60.dat	xmrig
behavioral2/files/0x0007000000023484-53.dat	xmrig
behavioral2/memory/1852-45-0x00007FF648D20000-0x00007FF649116000-memory.dmp	xmrig
behavioral2/files/0x0007000000023483-39.dat	xmrig
behavioral2/memory/4632-34-0x00007FF633D00000-0x00007FF6340F6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023485-41.dat	xmrig
behavioral2/files/0x0007000000023482-35.dat	xmrig
behavioral2/memory/388-25-0x00007FF733850000-0x00007FF733C46000-memory.dmp	xmrig
behavioral2/memory/3328-12-0x00007FF665460000-0x00007FF665856000-memory.dmp	xmrig
behavioral2/memory/3328-2069-0x00007FF665460000-0x00007FF665856000-memory.dmp	xmrig
behavioral2/memory/388-2070-0x00007FF733850000-0x00007FF733C46000-memory.dmp	xmrig
behavioral2/memory/1852-2071-0x00007FF648D20000-0x00007FF649116000-memory.dmp	xmrig
behavioral2/memory/4632-2073-0x00007FF633D00000-0x00007FF6340F6000-memory.dmp	xmrig

Blocklisted process makes network request 10 IoCs

flow	pid	Process
3	2216	powershell.exe
7	2216	powershell.exe
9	2216	powershell.exe
10	2216	powershell.exe
12	2216	powershell.exe
13	2216	powershell.exe
15	2216	powershell.exe
16	2216	powershell.exe
17	2216	powershell.exe
21	2216	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2216	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3328	dgfFOZU.exe
388	AFMGbhB.exe
440	HOpzXhA.exe
4632	aznuOGa.exe
1852	xkkquBB.exe
2696	ygajkyJ.exe
3096	evAXzfX.exe
2964	SvdJEhS.exe
2060	wuZhpwT.exe
1620	MeXtzzZ.exe
4228	OeQZIDb.exe
2908	XHethYw.exe
4736	GABwEbZ.exe
2564	AyorIUN.exe
1704	LwGlSXj.exe
4684	JAqvKjo.exe
3628	xjBXAry.exe
3780	sKZmnqT.exe
3792	xjDhZuy.exe
4188	uVyRtvP.exe
4884	hkQXORR.exe
2224	shhymea.exe
1520	nFgiVSV.exe
1528	TfMZJPE.exe
1488	xsfbOgq.exe
2872	PVaVqdS.exe
2940	uqnTfNx.exe
904	qFcEqfn.exe
2724	ashOubV.exe
4860	ArvcDuO.exe
536	OrGMAOe.exe
1668	BctFAbH.exe
232	oKnbjdf.exe
4816	OGONhbq.exe
4432	qBNiQuo.exe
5016	gqbIgcB.exe
3200	PRiRRmc.exe
4420	VxTZwIE.exe
4324	cgGCFVZ.exe
3320	ulJXaje.exe
4940	hVQcEqO.exe
4708	kuhHajJ.exe
1820	YoGAJHH.exe
1260	eifycjA.exe
3428	FzxmiLp.exe
3224	xyMnutf.exe
2572	EEFCQGU.exe
3492	IbzcRae.exe
864	BniIBjE.exe
432	erORxPA.exe
4100	aSRumvp.exe
1748	EYvSXgc.exe
4248	CjdWcKh.exe
4932	gkECWwX.exe
1600	qzcKoPk.exe
724	qVkCPjA.exe
2652	lnbdjDD.exe
4092	iJpfakh.exe
2136	qlGNaFj.exe
2900	ATRZcrk.exe
4572	ZWQzfCZ.exe
2372	vgVxJSU.exe
2208	AWXAXNW.exe
3612	YdEbOlO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1016-0-0x00007FF718140000-0x00007FF718536000-memory.dmp	upx
behavioral2/files/0x00060000000232d4-5.dat	upx
behavioral2/files/0x000900000002347b-22.dat	upx
behavioral2/files/0x0007000000023486-29.dat	upx
behavioral2/memory/2696-56-0x00007FF6E4AE0000-0x00007FF6E4ED6000-memory.dmp	upx
behavioral2/files/0x0007000000023488-54.dat	upx
behavioral2/files/0x000700000002348d-67.dat	upx
behavioral2/files/0x000700000002348a-71.dat	upx
behavioral2/files/0x0007000000023491-90.dat	upx
behavioral2/memory/2060-101-0x00007FF65C580000-0x00007FF65C976000-memory.dmp	upx
behavioral2/memory/4736-115-0x00007FF79E350000-0x00007FF79E746000-memory.dmp	upx
behavioral2/memory/3780-119-0x00007FF642810000-0x00007FF642C06000-memory.dmp	upx
behavioral2/memory/2964-121-0x00007FF6514B0000-0x00007FF6518A6000-memory.dmp	upx
behavioral2/files/0x0007000000023492-127.dat	upx
behavioral2/files/0x0007000000023497-147.dat	upx
behavioral2/files/0x000700000002349b-169.dat	upx
behavioral2/files/0x000700000002349a-186.dat	upx
behavioral2/files/0x00070000000234a2-200.dat	upx
behavioral2/files/0x00070000000234a1-199.dat	upx
behavioral2/memory/1520-237-0x00007FF6FF180000-0x00007FF6FF576000-memory.dmp	upx
behavioral2/memory/1528-238-0x00007FF6B8A20000-0x00007FF6B8E16000-memory.dmp	upx
behavioral2/memory/2224-236-0x00007FF73BA00000-0x00007FF73BDF6000-memory.dmp	upx
behavioral2/memory/4884-235-0x00007FF7E7CA0000-0x00007FF7E8096000-memory.dmp	upx
behavioral2/memory/4188-226-0x00007FF6D95A0000-0x00007FF6D9996000-memory.dmp	upx
behavioral2/memory/3792-225-0x00007FF692C80000-0x00007FF693076000-memory.dmp	upx
behavioral2/files/0x000700000002349c-197.dat	upx
behavioral2/files/0x00070000000234a0-194.dat	upx
behavioral2/files/0x000700000002349f-183.dat	upx
behavioral2/files/0x000700000002349e-182.dat	upx
behavioral2/files/0x000700000002349d-179.dat	upx
behavioral2/files/0x0007000000023499-172.dat	upx
behavioral2/files/0x0007000000023498-162.dat	upx
behavioral2/files/0x0007000000023496-153.dat	upx
behavioral2/files/0x0007000000023495-149.dat	upx
behavioral2/files/0x0008000000023494-140.dat	upx
behavioral2/files/0x0008000000023493-135.dat	upx
behavioral2/memory/1704-123-0x00007FF6FD750000-0x00007FF6FDB46000-memory.dmp	upx
behavioral2/memory/440-120-0x00007FF6D40D0000-0x00007FF6D44C6000-memory.dmp	upx
behavioral2/memory/3628-118-0x00007FF7166C0000-0x00007FF716AB6000-memory.dmp	upx
behavioral2/memory/4684-117-0x00007FF6689D0000-0x00007FF668DC6000-memory.dmp	upx
behavioral2/memory/2564-116-0x00007FF730800000-0x00007FF730BF6000-memory.dmp	upx
behavioral2/memory/2908-114-0x00007FF6F09A0000-0x00007FF6F0D96000-memory.dmp	upx
behavioral2/memory/4228-103-0x00007FF6DFF00000-0x00007FF6E02F6000-memory.dmp	upx
behavioral2/memory/1620-102-0x00007FF7D0E90000-0x00007FF7D1286000-memory.dmp	upx
behavioral2/memory/3096-100-0x00007FF6CDFF0000-0x00007FF6CE3E6000-memory.dmp	upx
behavioral2/files/0x0007000000023490-95.dat	upx
behavioral2/files/0x000700000002348f-93.dat	upx
behavioral2/files/0x000700000002348e-91.dat	upx
behavioral2/files/0x000700000002348c-85.dat	upx
behavioral2/files/0x000700000002348b-83.dat	upx
behavioral2/files/0x0007000000023487-64.dat	upx
behavioral2/files/0x0007000000023489-60.dat	upx
behavioral2/files/0x0007000000023484-53.dat	upx
behavioral2/memory/1852-45-0x00007FF648D20000-0x00007FF649116000-memory.dmp	upx
behavioral2/files/0x0007000000023483-39.dat	upx
behavioral2/memory/4632-34-0x00007FF633D00000-0x00007FF6340F6000-memory.dmp	upx
behavioral2/files/0x0007000000023485-41.dat	upx
behavioral2/files/0x0007000000023482-35.dat	upx
behavioral2/memory/388-25-0x00007FF733850000-0x00007FF733C46000-memory.dmp	upx
behavioral2/memory/3328-12-0x00007FF665460000-0x00007FF665856000-memory.dmp	upx
behavioral2/memory/3328-2069-0x00007FF665460000-0x00007FF665856000-memory.dmp	upx
behavioral2/memory/388-2070-0x00007FF733850000-0x00007FF733C46000-memory.dmp	upx
behavioral2/memory/1852-2071-0x00007FF648D20000-0x00007FF649116000-memory.dmp	upx
behavioral2/memory/4632-2073-0x00007FF633D00000-0x00007FF6340F6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GPwAFDx.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\tobJChi.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\HTzvJdT.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\fCmLPDW.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\doIwZsd.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\lDApSXa.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\dcQdaVg.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\cjEAWLn.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\LLhcVgd.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\pQldQNL.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\SpfkMcW.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\xJhJDGj.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\jynrcJV.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\CpHovyX.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\bwgZPrV.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\IZrLDLU.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\SJndaQO.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\pGHXnsE.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\JBFYxom.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\NgsADEp.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\HnjqWHL.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\Ygommrd.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\fNIYqHd.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\tlpxVFD.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\eqIekKd.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\XHethYw.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\YwnOneU.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\hMluLbp.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\uibyrLn.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\zXPPRjq.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\ziBDvWJ.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\msdyqEa.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\ZWQzfCZ.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\dvSkHdS.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\IVrmtom.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\hwVQDAQ.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\NBLRmri.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\jbnThzX.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\CyNdgsX.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\FzCtJgE.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\LDdfeAc.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\crKfYvw.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\PNuqRTT.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\HWjfMkI.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\TwDEnST.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\LqyUAPm.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\xPwKDpb.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\KpQaCnl.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\hfApcfK.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\QuWJoEG.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\IVozVsH.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\LARvrjv.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\bDKrDcH.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\GlgftSl.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\TitCvxF.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\lddNPEE.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\ygPaEsf.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\WZVTRgm.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\JQkeuRR.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\ABZwWfS.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\ESigVoF.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\ycNWAca.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\erORxPA.exe	3c4862b2316fa6ee8a635e0102c82440N.exe
File created	C:\Windows\System\EKsDkMA.exe	3c4862b2316fa6ee8a635e0102c82440N.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2216	powershell.exe
2216	powershell.exe
2216	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1016	3c4862b2316fa6ee8a635e0102c82440N.exe
Token: SeLockMemoryPrivilege	1016	3c4862b2316fa6ee8a635e0102c82440N.exe
Token: SeDebugPrivilege	2216	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 2216	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	85
PID 1016 wrote to memory of 2216	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	85
PID 1016 wrote to memory of 3328	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	86
PID 1016 wrote to memory of 3328	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	86
PID 1016 wrote to memory of 388	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	87
PID 1016 wrote to memory of 388	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	87
PID 1016 wrote to memory of 4632	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	88
PID 1016 wrote to memory of 4632	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	88
PID 1016 wrote to memory of 440	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	89
PID 1016 wrote to memory of 440	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	89
PID 1016 wrote to memory of 1852	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	90
PID 1016 wrote to memory of 1852	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	90
PID 1016 wrote to memory of 2696	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	91
PID 1016 wrote to memory of 2696	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	91
PID 1016 wrote to memory of 3096	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	92
PID 1016 wrote to memory of 3096	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	92
PID 1016 wrote to memory of 2964	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	93
PID 1016 wrote to memory of 2964	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	93
PID 1016 wrote to memory of 2060	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	94
PID 1016 wrote to memory of 2060	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	94
PID 1016 wrote to memory of 1620	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	95
PID 1016 wrote to memory of 1620	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	95
PID 1016 wrote to memory of 4228	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	96
PID 1016 wrote to memory of 4228	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	96
PID 1016 wrote to memory of 2908	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	97
PID 1016 wrote to memory of 2908	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	97
PID 1016 wrote to memory of 4736	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	98
PID 1016 wrote to memory of 4736	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	98
PID 1016 wrote to memory of 2564	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	99
PID 1016 wrote to memory of 2564	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	99
PID 1016 wrote to memory of 1704	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	100
PID 1016 wrote to memory of 1704	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	100
PID 1016 wrote to memory of 4684	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	101
PID 1016 wrote to memory of 4684	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	101
PID 1016 wrote to memory of 3628	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	102
PID 1016 wrote to memory of 3628	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	102
PID 1016 wrote to memory of 3780	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	103
PID 1016 wrote to memory of 3780	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	103
PID 1016 wrote to memory of 3792	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	104
PID 1016 wrote to memory of 3792	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	104
PID 1016 wrote to memory of 4188	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	105
PID 1016 wrote to memory of 4188	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	105
PID 1016 wrote to memory of 4884	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	106
PID 1016 wrote to memory of 4884	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	106
PID 1016 wrote to memory of 2224	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	107
PID 1016 wrote to memory of 2224	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	107
PID 1016 wrote to memory of 1520	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	108
PID 1016 wrote to memory of 1520	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	108
PID 1016 wrote to memory of 1528	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	109
PID 1016 wrote to memory of 1528	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	109
PID 1016 wrote to memory of 1488	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	110
PID 1016 wrote to memory of 1488	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	110
PID 1016 wrote to memory of 2872	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	111
PID 1016 wrote to memory of 2872	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	111
PID 1016 wrote to memory of 2940	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	112
PID 1016 wrote to memory of 2940	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	112
PID 1016 wrote to memory of 904	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	113
PID 1016 wrote to memory of 904	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	113
PID 1016 wrote to memory of 2724	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	114
PID 1016 wrote to memory of 2724	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	114
PID 1016 wrote to memory of 4860	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	115
PID 1016 wrote to memory of 4860	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	115
PID 1016 wrote to memory of 536	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	116
PID 1016 wrote to memory of 536	1016	3c4862b2316fa6ee8a635e0102c82440N.exe	116

C:\Users\Admin\AppData\Local\Temp\3c4862b2316fa6ee8a635e0102c82440N.exe
"C:\Users\Admin\AppData\Local\Temp\3c4862b2316fa6ee8a635e0102c82440N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2216
- C:\Windows\System\dgfFOZU.exe
  C:\Windows\System\dgfFOZU.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\AFMGbhB.exe
  C:\Windows\System\AFMGbhB.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\aznuOGa.exe
  C:\Windows\System\aznuOGa.exe
  2⤵
  - Executes dropped EXE
  PID:4632
- C:\Windows\System\HOpzXhA.exe
  C:\Windows\System\HOpzXhA.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\xkkquBB.exe
  C:\Windows\System\xkkquBB.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\ygajkyJ.exe
  C:\Windows\System\ygajkyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\evAXzfX.exe
  C:\Windows\System\evAXzfX.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\SvdJEhS.exe
  C:\Windows\System\SvdJEhS.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\wuZhpwT.exe
  C:\Windows\System\wuZhpwT.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\MeXtzzZ.exe
  C:\Windows\System\MeXtzzZ.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\OeQZIDb.exe
  C:\Windows\System\OeQZIDb.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\XHethYw.exe
  C:\Windows\System\XHethYw.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\GABwEbZ.exe
  C:\Windows\System\GABwEbZ.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\AyorIUN.exe
  C:\Windows\System\AyorIUN.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\LwGlSXj.exe
  C:\Windows\System\LwGlSXj.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\JAqvKjo.exe
  C:\Windows\System\JAqvKjo.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\xjBXAry.exe
  C:\Windows\System\xjBXAry.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\sKZmnqT.exe
  C:\Windows\System\sKZmnqT.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\xjDhZuy.exe
  C:\Windows\System\xjDhZuy.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\uVyRtvP.exe
  C:\Windows\System\uVyRtvP.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\hkQXORR.exe
  C:\Windows\System\hkQXORR.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\shhymea.exe
  C:\Windows\System\shhymea.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\nFgiVSV.exe
  C:\Windows\System\nFgiVSV.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\TfMZJPE.exe
  C:\Windows\System\TfMZJPE.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\xsfbOgq.exe
  C:\Windows\System\xsfbOgq.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\PVaVqdS.exe
  C:\Windows\System\PVaVqdS.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\uqnTfNx.exe
  C:\Windows\System\uqnTfNx.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\qFcEqfn.exe
  C:\Windows\System\qFcEqfn.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\ashOubV.exe
  C:\Windows\System\ashOubV.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ArvcDuO.exe
  C:\Windows\System\ArvcDuO.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\OrGMAOe.exe
  C:\Windows\System\OrGMAOe.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\BctFAbH.exe
  C:\Windows\System\BctFAbH.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\oKnbjdf.exe
  C:\Windows\System\oKnbjdf.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\OGONhbq.exe
  C:\Windows\System\OGONhbq.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\qBNiQuo.exe
  C:\Windows\System\qBNiQuo.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\gqbIgcB.exe
  C:\Windows\System\gqbIgcB.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\PRiRRmc.exe
  C:\Windows\System\PRiRRmc.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\VxTZwIE.exe
  C:\Windows\System\VxTZwIE.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\cgGCFVZ.exe
  C:\Windows\System\cgGCFVZ.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\ulJXaje.exe
  C:\Windows\System\ulJXaje.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\hVQcEqO.exe
  C:\Windows\System\hVQcEqO.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\kuhHajJ.exe
  C:\Windows\System\kuhHajJ.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\YoGAJHH.exe
  C:\Windows\System\YoGAJHH.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\eifycjA.exe
  C:\Windows\System\eifycjA.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\FzxmiLp.exe
  C:\Windows\System\FzxmiLp.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\xyMnutf.exe
  C:\Windows\System\xyMnutf.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\EEFCQGU.exe
  C:\Windows\System\EEFCQGU.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\IbzcRae.exe
  C:\Windows\System\IbzcRae.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\BniIBjE.exe
  C:\Windows\System\BniIBjE.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\erORxPA.exe
  C:\Windows\System\erORxPA.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\aSRumvp.exe
  C:\Windows\System\aSRumvp.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\EYvSXgc.exe
  C:\Windows\System\EYvSXgc.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\CjdWcKh.exe
  C:\Windows\System\CjdWcKh.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\gkECWwX.exe
  C:\Windows\System\gkECWwX.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\qzcKoPk.exe
  C:\Windows\System\qzcKoPk.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\qVkCPjA.exe
  C:\Windows\System\qVkCPjA.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\lnbdjDD.exe
  C:\Windows\System\lnbdjDD.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\iJpfakh.exe
  C:\Windows\System\iJpfakh.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\qlGNaFj.exe
  C:\Windows\System\qlGNaFj.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\ATRZcrk.exe
  C:\Windows\System\ATRZcrk.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ZWQzfCZ.exe
  C:\Windows\System\ZWQzfCZ.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\vgVxJSU.exe
  C:\Windows\System\vgVxJSU.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\AWXAXNW.exe
  C:\Windows\System\AWXAXNW.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\YdEbOlO.exe
  C:\Windows\System\YdEbOlO.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\OZDYNqh.exe
  C:\Windows\System\OZDYNqh.exe
  2⤵
  PID:656
- C:\Windows\System\Nwbszvc.exe
  C:\Windows\System\Nwbszvc.exe
  2⤵
  PID:2892
- C:\Windows\System\CInBsBX.exe
  C:\Windows\System\CInBsBX.exe
  2⤵
  PID:4916
- C:\Windows\System\uXtnhBQ.exe
  C:\Windows\System\uXtnhBQ.exe
  2⤵
  PID:2736
- C:\Windows\System\tLCWbEl.exe
  C:\Windows\System\tLCWbEl.exe
  2⤵
  PID:4140
- C:\Windows\System\znNZNjW.exe
  C:\Windows\System\znNZNjW.exe
  2⤵
  PID:1792
- C:\Windows\System\HZTWHne.exe
  C:\Windows\System\HZTWHne.exe
  2⤵
  PID:2704
- C:\Windows\System\cqOpNNu.exe
  C:\Windows\System\cqOpNNu.exe
  2⤵
  PID:2720
- C:\Windows\System\WndisnO.exe
  C:\Windows\System\WndisnO.exe
  2⤵
  PID:3088
- C:\Windows\System\hTDCoiH.exe
  C:\Windows\System\hTDCoiH.exe
  2⤵
  PID:4088
- C:\Windows\System\HXBlBkX.exe
  C:\Windows\System\HXBlBkX.exe
  2⤵
  PID:4720
- C:\Windows\System\TVXlHTu.exe
  C:\Windows\System\TVXlHTu.exe
  2⤵
  PID:860
- C:\Windows\System\ZqoTbqT.exe
  C:\Windows\System\ZqoTbqT.exe
  2⤵
  PID:452
- C:\Windows\System\xMSKxSe.exe
  C:\Windows\System\xMSKxSe.exe
  2⤵
  PID:4408
- C:\Windows\System\irHMpoG.exe
  C:\Windows\System\irHMpoG.exe
  2⤵
  PID:1708
- C:\Windows\System\BRrKNjD.exe
  C:\Windows\System\BRrKNjD.exe
  2⤵
  PID:1496
- C:\Windows\System\MrqpJTP.exe
  C:\Windows\System\MrqpJTP.exe
  2⤵
  PID:4700
- C:\Windows\System\XbIZEQh.exe
  C:\Windows\System\XbIZEQh.exe
  2⤵
  PID:1616
- C:\Windows\System\NNBHZXD.exe
  C:\Windows\System\NNBHZXD.exe
  2⤵
  PID:2868
- C:\Windows\System\OiyPfYi.exe
  C:\Windows\System\OiyPfYi.exe
  2⤵
  PID:3292
- C:\Windows\System\xJhJDGj.exe
  C:\Windows\System\xJhJDGj.exe
  2⤵
  PID:4880
- C:\Windows\System\sHdPtuu.exe
  C:\Windows\System\sHdPtuu.exe
  2⤵
  PID:4620
- C:\Windows\System\EKJdxWK.exe
  C:\Windows\System\EKJdxWK.exe
  2⤵
  PID:4196
- C:\Windows\System\ShGxDeR.exe
  C:\Windows\System\ShGxDeR.exe
  2⤵
  PID:3516
- C:\Windows\System\fdmVETb.exe
  C:\Windows\System\fdmVETb.exe
  2⤵
  PID:2912
- C:\Windows\System\EWrPsRA.exe
  C:\Windows\System\EWrPsRA.exe
  2⤵
  PID:4136
- C:\Windows\System\xftkmXM.exe
  C:\Windows\System\xftkmXM.exe
  2⤵
  PID:2436
- C:\Windows\System\ieXhnCO.exe
  C:\Windows\System\ieXhnCO.exe
  2⤵
  PID:2692
- C:\Windows\System\qsfduhl.exe
  C:\Windows\System\qsfduhl.exe
  2⤵
  PID:2432
- C:\Windows\System\uwDMyQo.exe
  C:\Windows\System\uwDMyQo.exe
  2⤵
  PID:4368
- C:\Windows\System\oxoOWpC.exe
  C:\Windows\System\oxoOWpC.exe
  2⤵
  PID:2096
- C:\Windows\System\KGhjrtx.exe
  C:\Windows\System\KGhjrtx.exe
  2⤵
  PID:4864
- C:\Windows\System\dmAHMJP.exe
  C:\Windows\System\dmAHMJP.exe
  2⤵
  PID:2320
- C:\Windows\System\MwmpVyI.exe
  C:\Windows\System\MwmpVyI.exe
  2⤵
  PID:556
- C:\Windows\System\bCXHhik.exe
  C:\Windows\System\bCXHhik.exe
  2⤵
  PID:5132
- C:\Windows\System\LJYpbnH.exe
  C:\Windows\System\LJYpbnH.exe
  2⤵
  PID:5156
- C:\Windows\System\OiQZTgh.exe
  C:\Windows\System\OiQZTgh.exe
  2⤵
  PID:5172
- C:\Windows\System\LrPQzAT.exe
  C:\Windows\System\LrPQzAT.exe
  2⤵
  PID:5192
- C:\Windows\System\vuTrtOd.exe
  C:\Windows\System\vuTrtOd.exe
  2⤵
  PID:5208
- C:\Windows\System\izxlWsx.exe
  C:\Windows\System\izxlWsx.exe
  2⤵
  PID:5264
- C:\Windows\System\uXfobSS.exe
  C:\Windows\System\uXfobSS.exe
  2⤵
  PID:5304
- C:\Windows\System\hwVQDAQ.exe
  C:\Windows\System\hwVQDAQ.exe
  2⤵
  PID:5324
- C:\Windows\System\gLvsXLL.exe
  C:\Windows\System\gLvsXLL.exe
  2⤵
  PID:5356
- C:\Windows\System\pwqyJQy.exe
  C:\Windows\System\pwqyJQy.exe
  2⤵
  PID:5380
- C:\Windows\System\xAdXEQu.exe
  C:\Windows\System\xAdXEQu.exe
  2⤵
  PID:5408
- C:\Windows\System\QMRdTxx.exe
  C:\Windows\System\QMRdTxx.exe
  2⤵
  PID:5440
- C:\Windows\System\wugqtFC.exe
  C:\Windows\System\wugqtFC.exe
  2⤵
  PID:5468
- C:\Windows\System\IVozVsH.exe
  C:\Windows\System\IVozVsH.exe
  2⤵
  PID:5496
- C:\Windows\System\NxFHnGc.exe
  C:\Windows\System\NxFHnGc.exe
  2⤵
  PID:5528
- C:\Windows\System\WortNZZ.exe
  C:\Windows\System\WortNZZ.exe
  2⤵
  PID:5556
- C:\Windows\System\wkthuUO.exe
  C:\Windows\System\wkthuUO.exe
  2⤵
  PID:5588
- C:\Windows\System\lbEYyjY.exe
  C:\Windows\System\lbEYyjY.exe
  2⤵
  PID:5612
- C:\Windows\System\OGaZRRD.exe
  C:\Windows\System\OGaZRRD.exe
  2⤵
  PID:5640
- C:\Windows\System\ZINsPju.exe
  C:\Windows\System\ZINsPju.exe
  2⤵
  PID:5668
- C:\Windows\System\NgsADEp.exe
  C:\Windows\System\NgsADEp.exe
  2⤵
  PID:5696
- C:\Windows\System\MuMYnvB.exe
  C:\Windows\System\MuMYnvB.exe
  2⤵
  PID:5724
- C:\Windows\System\anRehHM.exe
  C:\Windows\System\anRehHM.exe
  2⤵
  PID:5740
- C:\Windows\System\JTDwpKr.exe
  C:\Windows\System\JTDwpKr.exe
  2⤵
  PID:5780
- C:\Windows\System\hUkSSdE.exe
  C:\Windows\System\hUkSSdE.exe
  2⤵
  PID:5796
- C:\Windows\System\PQTpMjr.exe
  C:\Windows\System\PQTpMjr.exe
  2⤵
  PID:5828
- C:\Windows\System\vSAXllo.exe
  C:\Windows\System\vSAXllo.exe
  2⤵
  PID:5860
- C:\Windows\System\HVxUwpf.exe
  C:\Windows\System\HVxUwpf.exe
  2⤵
  PID:5880
- C:\Windows\System\XOXflnk.exe
  C:\Windows\System\XOXflnk.exe
  2⤵
  PID:5920
- C:\Windows\System\shwhFRo.exe
  C:\Windows\System\shwhFRo.exe
  2⤵
  PID:5948
- C:\Windows\System\botRwRP.exe
  C:\Windows\System\botRwRP.exe
  2⤵
  PID:5980
- C:\Windows\System\dGNitLl.exe
  C:\Windows\System\dGNitLl.exe
  2⤵
  PID:5996
- C:\Windows\System\WxyMUSv.exe
  C:\Windows\System\WxyMUSv.exe
  2⤵
  PID:6040
- C:\Windows\System\KpQaCnl.exe
  C:\Windows\System\KpQaCnl.exe
  2⤵
  PID:6060
- C:\Windows\System\UhNNRQq.exe
  C:\Windows\System\UhNNRQq.exe
  2⤵
  PID:6092
- C:\Windows\System\tftxSPf.exe
  C:\Windows\System\tftxSPf.exe
  2⤵
  PID:6112
- C:\Windows\System\swoynOW.exe
  C:\Windows\System\swoynOW.exe
  2⤵
  PID:3060
- C:\Windows\System\uoESEeb.exe
  C:\Windows\System\uoESEeb.exe
  2⤵
  PID:5148
- C:\Windows\System\RVverwu.exe
  C:\Windows\System\RVverwu.exe
  2⤵
  PID:5216
- C:\Windows\System\yjDCqST.exe
  C:\Windows\System\yjDCqST.exe
  2⤵
  PID:5280
- C:\Windows\System\urmAkaM.exe
  C:\Windows\System\urmAkaM.exe
  2⤵
  PID:5396
- C:\Windows\System\EgtfUNc.exe
  C:\Windows\System\EgtfUNc.exe
  2⤵
  PID:5464
- C:\Windows\System\unuqcDy.exe
  C:\Windows\System\unuqcDy.exe
  2⤵
  PID:5524
- C:\Windows\System\DfyACiI.exe
  C:\Windows\System\DfyACiI.exe
  2⤵
  PID:5596
- C:\Windows\System\novFkqe.exe
  C:\Windows\System\novFkqe.exe
  2⤵
  PID:5680
- C:\Windows\System\doIwZsd.exe
  C:\Windows\System\doIwZsd.exe
  2⤵
  PID:5708
- C:\Windows\System\FbWBdBp.exe
  C:\Windows\System\FbWBdBp.exe
  2⤵
  PID:5760
- C:\Windows\System\YwnOneU.exe
  C:\Windows\System\YwnOneU.exe
  2⤵
  PID:5840
- C:\Windows\System\ZOzUTxP.exe
  C:\Windows\System\ZOzUTxP.exe
  2⤵
  PID:5912
- C:\Windows\System\bAMuYnM.exe
  C:\Windows\System\bAMuYnM.exe
  2⤵
  PID:5992
- C:\Windows\System\VRngUsi.exe
  C:\Windows\System\VRngUsi.exe
  2⤵
  PID:6068
- C:\Windows\System\ygPaEsf.exe
  C:\Windows\System\ygPaEsf.exe
  2⤵
  PID:6104
- C:\Windows\System\NMAGfkn.exe
  C:\Windows\System\NMAGfkn.exe
  2⤵
  PID:5124
- C:\Windows\System\xdQyvON.exe
  C:\Windows\System\xdQyvON.exe
  2⤵
  PID:5272
- C:\Windows\System\mybxScX.exe
  C:\Windows\System\mybxScX.exe
  2⤵
  PID:5428
- C:\Windows\System\XNAIkpP.exe
  C:\Windows\System\XNAIkpP.exe
  2⤵
  PID:5520
- C:\Windows\System\fLToylG.exe
  C:\Windows\System\fLToylG.exe
  2⤵
  PID:5628
- C:\Windows\System\blUkrEw.exe
  C:\Windows\System\blUkrEw.exe
  2⤵
  PID:5692
- C:\Windows\System\uwmnbdD.exe
  C:\Windows\System\uwmnbdD.exe
  2⤵
  PID:5872
- C:\Windows\System\hSGBaUP.exe
  C:\Windows\System\hSGBaUP.exe
  2⤵
  PID:5960
- C:\Windows\System\oAJqOLh.exe
  C:\Windows\System\oAJqOLh.exe
  2⤵
  PID:6136
- C:\Windows\System\SoNAODA.exe
  C:\Windows\System\SoNAODA.exe
  2⤵
  PID:5340
- C:\Windows\System\DnfxUAz.exe
  C:\Windows\System\DnfxUAz.exe
  2⤵
  PID:5512
- C:\Windows\System\yxjpVaI.exe
  C:\Windows\System\yxjpVaI.exe
  2⤵
  PID:6100
- C:\Windows\System\cBBImrj.exe
  C:\Windows\System\cBBImrj.exe
  2⤵
  PID:6160
- C:\Windows\System\EFcIqtu.exe
  C:\Windows\System\EFcIqtu.exe
  2⤵
  PID:6228
- C:\Windows\System\NxbQOhk.exe
  C:\Windows\System\NxbQOhk.exe
  2⤵
  PID:6248
- C:\Windows\System\JsogiXe.exe
  C:\Windows\System\JsogiXe.exe
  2⤵
  PID:6280
- C:\Windows\System\KdPmxvl.exe
  C:\Windows\System\KdPmxvl.exe
  2⤵
  PID:6324
- C:\Windows\System\QFBHcxh.exe
  C:\Windows\System\QFBHcxh.exe
  2⤵
  PID:6368
- C:\Windows\System\vFNuyNS.exe
  C:\Windows\System\vFNuyNS.exe
  2⤵
  PID:6392
- C:\Windows\System\tdyoFWR.exe
  C:\Windows\System\tdyoFWR.exe
  2⤵
  PID:6408
- C:\Windows\System\oQUHbTS.exe
  C:\Windows\System\oQUHbTS.exe
  2⤵
  PID:6448
- C:\Windows\System\QAMPSPs.exe
  C:\Windows\System\QAMPSPs.exe
  2⤵
  PID:6476
- C:\Windows\System\VQSnPEg.exe
  C:\Windows\System\VQSnPEg.exe
  2⤵
  PID:6512
- C:\Windows\System\lDApSXa.exe
  C:\Windows\System\lDApSXa.exe
  2⤵
  PID:6540
- C:\Windows\System\ehYkRjU.exe
  C:\Windows\System\ehYkRjU.exe
  2⤵
  PID:6572
- C:\Windows\System\fmJBePy.exe
  C:\Windows\System\fmJBePy.exe
  2⤵
  PID:6596
- C:\Windows\System\mcBgNQU.exe
  C:\Windows\System\mcBgNQU.exe
  2⤵
  PID:6636
- C:\Windows\System\pbDxOMn.exe
  C:\Windows\System\pbDxOMn.exe
  2⤵
  PID:6664
- C:\Windows\System\ccNzmqo.exe
  C:\Windows\System\ccNzmqo.exe
  2⤵
  PID:6708
- C:\Windows\System\OTTxEKB.exe
  C:\Windows\System\OTTxEKB.exe
  2⤵
  PID:6732
- C:\Windows\System\FvvjUBQ.exe
  C:\Windows\System\FvvjUBQ.exe
  2⤵
  PID:6764
- C:\Windows\System\jMoQLdB.exe
  C:\Windows\System\jMoQLdB.exe
  2⤵
  PID:6800
- C:\Windows\System\hCqLZUi.exe
  C:\Windows\System\hCqLZUi.exe
  2⤵
  PID:6824
- C:\Windows\System\sKDqtDo.exe
  C:\Windows\System\sKDqtDo.exe
  2⤵
  PID:6848
- C:\Windows\System\ENZRLqF.exe
  C:\Windows\System\ENZRLqF.exe
  2⤵
  PID:6872
- C:\Windows\System\gkAqtAI.exe
  C:\Windows\System\gkAqtAI.exe
  2⤵
  PID:6904
- C:\Windows\System\nMqOKJC.exe
  C:\Windows\System\nMqOKJC.exe
  2⤵
  PID:6928
- C:\Windows\System\ubrioGO.exe
  C:\Windows\System\ubrioGO.exe
  2⤵
  PID:6948
- C:\Windows\System\gxNAhxV.exe
  C:\Windows\System\gxNAhxV.exe
  2⤵
  PID:6976
- C:\Windows\System\MHHsrLV.exe
  C:\Windows\System\MHHsrLV.exe
  2⤵
  PID:6992
- C:\Windows\System\orgUroK.exe
  C:\Windows\System\orgUroK.exe
  2⤵
  PID:7024
- C:\Windows\System\MrwStKN.exe
  C:\Windows\System\MrwStKN.exe
  2⤵
  PID:7072
- C:\Windows\System\eaRflst.exe
  C:\Windows\System\eaRflst.exe
  2⤵
  PID:7100
- C:\Windows\System\Iqondrk.exe
  C:\Windows\System\Iqondrk.exe
  2⤵
  PID:7120
- C:\Windows\System\crKfYvw.exe
  C:\Windows\System\crKfYvw.exe
  2⤵
  PID:7164
- C:\Windows\System\jzFlfAV.exe
  C:\Windows\System\jzFlfAV.exe
  2⤵
  PID:6148
- C:\Windows\System\pmvgpAT.exe
  C:\Windows\System\pmvgpAT.exe
  2⤵
  PID:6188
- C:\Windows\System\ArwCmRE.exe
  C:\Windows\System\ArwCmRE.exe
  2⤵
  PID:6236
- C:\Windows\System\WXaQiYa.exe
  C:\Windows\System\WXaQiYa.exe
  2⤵
  PID:6352
- C:\Windows\System\SVOlsHX.exe
  C:\Windows\System\SVOlsHX.exe
  2⤵
  PID:6400
- C:\Windows\System\JQkeuRR.exe
  C:\Windows\System\JQkeuRR.exe
  2⤵
  PID:6468
- C:\Windows\System\GlgftSl.exe
  C:\Windows\System\GlgftSl.exe
  2⤵
  PID:6536
- C:\Windows\System\xJHPEtg.exe
  C:\Windows\System\xJHPEtg.exe
  2⤵
  PID:6632
- C:\Windows\System\KAaXkyq.exe
  C:\Windows\System\KAaXkyq.exe
  2⤵
  PID:6728
- C:\Windows\System\AWlMiIY.exe
  C:\Windows\System\AWlMiIY.exe
  2⤵
  PID:6760
- C:\Windows\System\XKQyNOp.exe
  C:\Windows\System\XKQyNOp.exe
  2⤵
  PID:6856
- C:\Windows\System\hFcTRUm.exe
  C:\Windows\System\hFcTRUm.exe
  2⤵
  PID:6888
- C:\Windows\System\TitCvxF.exe
  C:\Windows\System\TitCvxF.exe
  2⤵
  PID:6940
- C:\Windows\System\noDPgWz.exe
  C:\Windows\System\noDPgWz.exe
  2⤵
  PID:7016
- C:\Windows\System\ZPZgyGq.exe
  C:\Windows\System\ZPZgyGq.exe
  2⤵
  PID:7128
- C:\Windows\System\fNIYqHd.exe
  C:\Windows\System\fNIYqHd.exe
  2⤵
  PID:5488
- C:\Windows\System\qGsQgAv.exe
  C:\Windows\System\qGsQgAv.exe
  2⤵
  PID:6304
- C:\Windows\System\cbIWriY.exe
  C:\Windows\System\cbIWriY.exe
  2⤵
  PID:6460
- C:\Windows\System\EvbjRhA.exe
  C:\Windows\System\EvbjRhA.exe
  2⤵
  PID:6656
- C:\Windows\System\YGKEhWU.exe
  C:\Windows\System\YGKEhWU.exe
  2⤵
  PID:6832
- C:\Windows\System\gkmBPGH.exe
  C:\Windows\System\gkmBPGH.exe
  2⤵
  PID:6964
- C:\Windows\System\aIGOXAI.exe
  C:\Windows\System\aIGOXAI.exe
  2⤵
  PID:7156
- C:\Windows\System\NjuFwtl.exe
  C:\Windows\System\NjuFwtl.exe
  2⤵
  PID:6380
- C:\Windows\System\dhiErkZ.exe
  C:\Windows\System\dhiErkZ.exe
  2⤵
  PID:7088
- C:\Windows\System\RPPgeUn.exe
  C:\Windows\System\RPPgeUn.exe
  2⤵
  PID:6748
- C:\Windows\System\pRNJpVf.exe
  C:\Windows\System\pRNJpVf.exe
  2⤵
  PID:6220
- C:\Windows\System\AorMAPh.exe
  C:\Windows\System\AorMAPh.exe
  2⤵
  PID:7188
- C:\Windows\System\GPwAFDx.exe
  C:\Windows\System\GPwAFDx.exe
  2⤵
  PID:7216
- C:\Windows\System\iLlpjDa.exe
  C:\Windows\System\iLlpjDa.exe
  2⤵
  PID:7256
- C:\Windows\System\CYMojJr.exe
  C:\Windows\System\CYMojJr.exe
  2⤵
  PID:7284
- C:\Windows\System\SwIczOq.exe
  C:\Windows\System\SwIczOq.exe
  2⤵
  PID:7304
- C:\Windows\System\hvHFloD.exe
  C:\Windows\System\hvHFloD.exe
  2⤵
  PID:7340
- C:\Windows\System\xeypgdg.exe
  C:\Windows\System\xeypgdg.exe
  2⤵
  PID:7356
- C:\Windows\System\mzZLygF.exe
  C:\Windows\System\mzZLygF.exe
  2⤵
  PID:7388
- C:\Windows\System\tHEivhd.exe
  C:\Windows\System\tHEivhd.exe
  2⤵
  PID:7424
- C:\Windows\System\vJhPXhR.exe
  C:\Windows\System\vJhPXhR.exe
  2⤵
  PID:7452
- C:\Windows\System\awkhCKw.exe
  C:\Windows\System\awkhCKw.exe
  2⤵
  PID:7480
- C:\Windows\System\hMluLbp.exe
  C:\Windows\System\hMluLbp.exe
  2⤵
  PID:7496
- C:\Windows\System\oBuENtA.exe
  C:\Windows\System\oBuENtA.exe
  2⤵
  PID:7532
- C:\Windows\System\eAVRrEP.exe
  C:\Windows\System\eAVRrEP.exe
  2⤵
  PID:7572
- C:\Windows\System\tobJChi.exe
  C:\Windows\System\tobJChi.exe
  2⤵
  PID:7592
- C:\Windows\System\jynrcJV.exe
  C:\Windows\System\jynrcJV.exe
  2⤵
  PID:7620
- C:\Windows\System\zvCDtjc.exe
  C:\Windows\System\zvCDtjc.exe
  2⤵
  PID:7640
- C:\Windows\System\IobzEwl.exe
  C:\Windows\System\IobzEwl.exe
  2⤵
  PID:7668
- C:\Windows\System\pRKjACP.exe
  C:\Windows\System\pRKjACP.exe
  2⤵
  PID:7704
- C:\Windows\System\kboHuEQ.exe
  C:\Windows\System\kboHuEQ.exe
  2⤵
  PID:7732
- C:\Windows\System\UGYYsAo.exe
  C:\Windows\System\UGYYsAo.exe
  2⤵
  PID:7748
- C:\Windows\System\kbpSXwN.exe
  C:\Windows\System\kbpSXwN.exe
  2⤵
  PID:7772
- C:\Windows\System\xIUPeDC.exe
  C:\Windows\System\xIUPeDC.exe
  2⤵
  PID:7820
- C:\Windows\System\YWFobeS.exe
  C:\Windows\System\YWFobeS.exe
  2⤵
  PID:7844
- C:\Windows\System\mFVueZs.exe
  C:\Windows\System\mFVueZs.exe
  2⤵
  PID:7872
- C:\Windows\System\CpHovyX.exe
  C:\Windows\System\CpHovyX.exe
  2⤵
  PID:7900
- C:\Windows\System\gUzPoQB.exe
  C:\Windows\System\gUzPoQB.exe
  2⤵
  PID:7928
- C:\Windows\System\uLzVvLO.exe
  C:\Windows\System\uLzVvLO.exe
  2⤵
  PID:7944
- C:\Windows\System\OvarRXP.exe
  C:\Windows\System\OvarRXP.exe
  2⤵
  PID:7976
- C:\Windows\System\ogBVsDf.exe
  C:\Windows\System\ogBVsDf.exe
  2⤵
  PID:8012
- C:\Windows\System\buhNrUd.exe
  C:\Windows\System\buhNrUd.exe
  2⤵
  PID:8028
- C:\Windows\System\ByOcmto.exe
  C:\Windows\System\ByOcmto.exe
  2⤵
  PID:8056
- C:\Windows\System\SGDyczU.exe
  C:\Windows\System\SGDyczU.exe
  2⤵
  PID:8084
- C:\Windows\System\FEIekQM.exe
  C:\Windows\System\FEIekQM.exe
  2⤵
  PID:8120
- C:\Windows\System\HQtvrkT.exe
  C:\Windows\System\HQtvrkT.exe
  2⤵
  PID:8144
- C:\Windows\System\JWHzyUz.exe
  C:\Windows\System\JWHzyUz.exe
  2⤵
  PID:8184
- C:\Windows\System\qdbwZYR.exe
  C:\Windows\System\qdbwZYR.exe
  2⤵
  PID:7176
- C:\Windows\System\edyFeEU.exe
  C:\Windows\System\edyFeEU.exe
  2⤵
  PID:7276
- C:\Windows\System\piHTaby.exe
  C:\Windows\System\piHTaby.exe
  2⤵
  PID:7352
- C:\Windows\System\TVaXVlV.exe
  C:\Windows\System\TVaXVlV.exe
  2⤵
  PID:7408
- C:\Windows\System\UwlVhWR.exe
  C:\Windows\System\UwlVhWR.exe
  2⤵
  PID:7488
- C:\Windows\System\uLHzIMK.exe
  C:\Windows\System\uLHzIMK.exe
  2⤵
  PID:7548
- C:\Windows\System\dcQdaVg.exe
  C:\Windows\System\dcQdaVg.exe
  2⤵
  PID:7616
- C:\Windows\System\ibzhrMt.exe
  C:\Windows\System\ibzhrMt.exe
  2⤵
  PID:7684
- C:\Windows\System\UWImhrC.exe
  C:\Windows\System\UWImhrC.exe
  2⤵
  PID:7756
- C:\Windows\System\fWNNJRf.exe
  C:\Windows\System\fWNNJRf.exe
  2⤵
  PID:7828
- C:\Windows\System\RAhoopE.exe
  C:\Windows\System\RAhoopE.exe
  2⤵
  PID:7888
- C:\Windows\System\AUsORBY.exe
  C:\Windows\System\AUsORBY.exe
  2⤵
  PID:7956
- C:\Windows\System\rqhvYjP.exe
  C:\Windows\System\rqhvYjP.exe
  2⤵
  PID:6428
- C:\Windows\System\EroXaIa.exe
  C:\Windows\System\EroXaIa.exe
  2⤵
  PID:8024
- C:\Windows\System\tbvgpPw.exe
  C:\Windows\System\tbvgpPw.exe
  2⤵
  PID:8076
- C:\Windows\System\eWrjiFK.exe
  C:\Windows\System\eWrjiFK.exe
  2⤵
  PID:7204
- C:\Windows\System\VUMVDaq.exe
  C:\Windows\System\VUMVDaq.exe
  2⤵
  PID:7312
- C:\Windows\System\AvrwCOx.exe
  C:\Windows\System\AvrwCOx.exe
  2⤵
  PID:7412
- C:\Windows\System\FJOmDVq.exe
  C:\Windows\System\FJOmDVq.exe
  2⤵
  PID:7612
- C:\Windows\System\pcWfbxv.exe
  C:\Windows\System\pcWfbxv.exe
  2⤵
  PID:7796
- C:\Windows\System\fquRqgN.exe
  C:\Windows\System\fquRqgN.exe
  2⤵
  PID:7984
- C:\Windows\System\MtREKtZ.exe
  C:\Windows\System\MtREKtZ.exe
  2⤵
  PID:8132
- C:\Windows\System\luIlQHA.exe
  C:\Windows\System\luIlQHA.exe
  2⤵
  PID:7380
- C:\Windows\System\ICQpnfh.exe
  C:\Windows\System\ICQpnfh.exe
  2⤵
  PID:7728
- C:\Windows\System\fAPqJjR.exe
  C:\Windows\System\fAPqJjR.exe
  2⤵
  PID:8108
- C:\Windows\System\JJUbhMH.exe
  C:\Windows\System\JJUbhMH.exe
  2⤵
  PID:7716
- C:\Windows\System\tbdZdba.exe
  C:\Windows\System\tbdZdba.exe
  2⤵
  PID:7528
- C:\Windows\System\byoLQSx.exe
  C:\Windows\System\byoLQSx.exe
  2⤵
  PID:8220
- C:\Windows\System\FzCtJgE.exe
  C:\Windows\System\FzCtJgE.exe
  2⤵
  PID:8248
- C:\Windows\System\MTBrwil.exe
  C:\Windows\System\MTBrwil.exe
  2⤵
  PID:8280
- C:\Windows\System\UamSNqG.exe
  C:\Windows\System\UamSNqG.exe
  2⤵
  PID:8308
- C:\Windows\System\XdzgJtn.exe
  C:\Windows\System\XdzgJtn.exe
  2⤵
  PID:8336
- C:\Windows\System\CjtjKzW.exe
  C:\Windows\System\CjtjKzW.exe
  2⤵
  PID:8364
- C:\Windows\System\QANdyKm.exe
  C:\Windows\System\QANdyKm.exe
  2⤵
  PID:8392
- C:\Windows\System\QTZzFAT.exe
  C:\Windows\System\QTZzFAT.exe
  2⤵
  PID:8420
- C:\Windows\System\bwgZPrV.exe
  C:\Windows\System\bwgZPrV.exe
  2⤵
  PID:8448
- C:\Windows\System\WaSaDJA.exe
  C:\Windows\System\WaSaDJA.exe
  2⤵
  PID:8476
- C:\Windows\System\WhlVBra.exe
  C:\Windows\System\WhlVBra.exe
  2⤵
  PID:8504
- C:\Windows\System\HPZWexs.exe
  C:\Windows\System\HPZWexs.exe
  2⤵
  PID:8532
- C:\Windows\System\dAaHYXZ.exe
  C:\Windows\System\dAaHYXZ.exe
  2⤵
  PID:8560
- C:\Windows\System\XLbEuUe.exe
  C:\Windows\System\XLbEuUe.exe
  2⤵
  PID:8588
- C:\Windows\System\HmOIdiG.exe
  C:\Windows\System\HmOIdiG.exe
  2⤵
  PID:8616
- C:\Windows\System\GItNxiI.exe
  C:\Windows\System\GItNxiI.exe
  2⤵
  PID:8644
- C:\Windows\System\RYMPhvQ.exe
  C:\Windows\System\RYMPhvQ.exe
  2⤵
  PID:8672
- C:\Windows\System\HHxyDmq.exe
  C:\Windows\System\HHxyDmq.exe
  2⤵
  PID:8700
- C:\Windows\System\vIPjHIn.exe
  C:\Windows\System\vIPjHIn.exe
  2⤵
  PID:8728
- C:\Windows\System\afjUfKb.exe
  C:\Windows\System\afjUfKb.exe
  2⤵
  PID:8756
- C:\Windows\System\ULEneDM.exe
  C:\Windows\System\ULEneDM.exe
  2⤵
  PID:8788
- C:\Windows\System\huFqLMX.exe
  C:\Windows\System\huFqLMX.exe
  2⤵
  PID:8816
- C:\Windows\System\HwxsuzF.exe
  C:\Windows\System\HwxsuzF.exe
  2⤵
  PID:8844
- C:\Windows\System\tdjmjKX.exe
  C:\Windows\System\tdjmjKX.exe
  2⤵
  PID:8880
- C:\Windows\System\JBTKLPL.exe
  C:\Windows\System\JBTKLPL.exe
  2⤵
  PID:8908
- C:\Windows\System\CyNdgsX.exe
  C:\Windows\System\CyNdgsX.exe
  2⤵
  PID:8936
- C:\Windows\System\tABzfTc.exe
  C:\Windows\System\tABzfTc.exe
  2⤵
  PID:8964
- C:\Windows\System\TqvhMZs.exe
  C:\Windows\System\TqvhMZs.exe
  2⤵
  PID:8992
- C:\Windows\System\uibyrLn.exe
  C:\Windows\System\uibyrLn.exe
  2⤵
  PID:9020
- C:\Windows\System\IZrLDLU.exe
  C:\Windows\System\IZrLDLU.exe
  2⤵
  PID:9048
- C:\Windows\System\cardnlJ.exe
  C:\Windows\System\cardnlJ.exe
  2⤵
  PID:9076
- C:\Windows\System\liOFggc.exe
  C:\Windows\System\liOFggc.exe
  2⤵
  PID:9104
- C:\Windows\System\kCrHruG.exe
  C:\Windows\System\kCrHruG.exe
  2⤵
  PID:9132
- C:\Windows\System\adZVxWP.exe
  C:\Windows\System\adZVxWP.exe
  2⤵
  PID:9160
- C:\Windows\System\oivPMyC.exe
  C:\Windows\System\oivPMyC.exe
  2⤵
  PID:9188
- C:\Windows\System\dwprRWI.exe
  C:\Windows\System\dwprRWI.exe
  2⤵
  PID:7604
- C:\Windows\System\qKPkxcC.exe
  C:\Windows\System\qKPkxcC.exe
  2⤵
  PID:8264
- C:\Windows\System\jSOVqxd.exe
  C:\Windows\System\jSOVqxd.exe
  2⤵
  PID:8320
- C:\Windows\System\DRzbxHF.exe
  C:\Windows\System\DRzbxHF.exe
  2⤵
  PID:8384
- C:\Windows\System\JVgCkeH.exe
  C:\Windows\System\JVgCkeH.exe
  2⤵
  PID:8444
- C:\Windows\System\DTAxjCZ.exe
  C:\Windows\System\DTAxjCZ.exe
  2⤵
  PID:8140
- C:\Windows\System\SGUBfxi.exe
  C:\Windows\System\SGUBfxi.exe
  2⤵
  PID:8572
- C:\Windows\System\iPvoSGH.exe
  C:\Windows\System\iPvoSGH.exe
  2⤵
  PID:8636
- C:\Windows\System\MOSMIcw.exe
  C:\Windows\System\MOSMIcw.exe
  2⤵
  PID:8696
- C:\Windows\System\QHfdTNJ.exe
  C:\Windows\System\QHfdTNJ.exe
  2⤵
  PID:8768
- C:\Windows\System\SKZerRY.exe
  C:\Windows\System\SKZerRY.exe
  2⤵
  PID:8836
- C:\Windows\System\kCSArpf.exe
  C:\Windows\System\kCSArpf.exe
  2⤵
  PID:8904
- C:\Windows\System\NhBXeLa.exe
  C:\Windows\System\NhBXeLa.exe
  2⤵
  PID:8976
- C:\Windows\System\LJvjpUx.exe
  C:\Windows\System\LJvjpUx.exe
  2⤵
  PID:9040
- C:\Windows\System\ZWLEFcx.exe
  C:\Windows\System\ZWLEFcx.exe
  2⤵
  PID:9096
- C:\Windows\System\ABZwWfS.exe
  C:\Windows\System\ABZwWfS.exe
  2⤵
  PID:9208
- C:\Windows\System\ReAJtdE.exe
  C:\Windows\System\ReAJtdE.exe
  2⤵
  PID:8240
- C:\Windows\System\qEZwsXg.exe
  C:\Windows\System\qEZwsXg.exe
  2⤵
  PID:8412
- C:\Windows\System\sIjxImg.exe
  C:\Windows\System\sIjxImg.exe
  2⤵
  PID:8556
- C:\Windows\System\xYxMLFA.exe
  C:\Windows\System\xYxMLFA.exe
  2⤵
  PID:8692
- C:\Windows\System\eBfrpvY.exe
  C:\Windows\System\eBfrpvY.exe
  2⤵
  PID:8872
- C:\Windows\System\OsYIUIB.exe
  C:\Windows\System\OsYIUIB.exe
  2⤵
  PID:9016
- C:\Windows\System\cxqVOja.exe
  C:\Windows\System\cxqVOja.exe
  2⤵
  PID:9184
- C:\Windows\System\ZFzdmAP.exe
  C:\Windows\System\ZFzdmAP.exe
  2⤵
  PID:8376
- C:\Windows\System\dvSkHdS.exe
  C:\Windows\System\dvSkHdS.exe
  2⤵
  PID:8752
- C:\Windows\System\SJndaQO.exe
  C:\Windows\System\SJndaQO.exe
  2⤵
  PID:9128
- C:\Windows\System\oHtCIMb.exe
  C:\Windows\System\oHtCIMb.exe
  2⤵
  PID:8668
- C:\Windows\System\NtOWdwC.exe
  C:\Windows\System\NtOWdwC.exe
  2⤵
  PID:9088
- C:\Windows\System\VjERigt.exe
  C:\Windows\System\VjERigt.exe
  2⤵
  PID:9240
- C:\Windows\System\QdTEgfy.exe
  C:\Windows\System\QdTEgfy.exe
  2⤵
  PID:9268
- C:\Windows\System\HTzvJdT.exe
  C:\Windows\System\HTzvJdT.exe
  2⤵
  PID:9296
- C:\Windows\System\XTsIuLN.exe
  C:\Windows\System\XTsIuLN.exe
  2⤵
  PID:9324
- C:\Windows\System\VrOOQnr.exe
  C:\Windows\System\VrOOQnr.exe
  2⤵
  PID:9344
- C:\Windows\System\sUMPGkv.exe
  C:\Windows\System\sUMPGkv.exe
  2⤵
  PID:9380
- C:\Windows\System\lDOKqZN.exe
  C:\Windows\System\lDOKqZN.exe
  2⤵
  PID:9396
- C:\Windows\System\ynPoPJr.exe
  C:\Windows\System\ynPoPJr.exe
  2⤵
  PID:9436
- C:\Windows\System\YxTDFJi.exe
  C:\Windows\System\YxTDFJi.exe
  2⤵
  PID:9464
- C:\Windows\System\zXPPRjq.exe
  C:\Windows\System\zXPPRjq.exe
  2⤵
  PID:9492
- C:\Windows\System\ACybvEL.exe
  C:\Windows\System\ACybvEL.exe
  2⤵
  PID:9520
- C:\Windows\System\NBLRmri.exe
  C:\Windows\System\NBLRmri.exe
  2⤵
  PID:9548
- C:\Windows\System\LARvrjv.exe
  C:\Windows\System\LARvrjv.exe
  2⤵
  PID:9576
- C:\Windows\System\OkGWEOZ.exe
  C:\Windows\System\OkGWEOZ.exe
  2⤵
  PID:9604
- C:\Windows\System\QUErUod.exe
  C:\Windows\System\QUErUod.exe
  2⤵
  PID:9632
- C:\Windows\System\MzYdgFs.exe
  C:\Windows\System\MzYdgFs.exe
  2⤵
  PID:9660
- C:\Windows\System\ZCxrnNK.exe
  C:\Windows\System\ZCxrnNK.exe
  2⤵
  PID:9688
- C:\Windows\System\GvxSUyl.exe
  C:\Windows\System\GvxSUyl.exe
  2⤵
  PID:9720
- C:\Windows\System\nDzrtYQ.exe
  C:\Windows\System\nDzrtYQ.exe
  2⤵
  PID:9748
- C:\Windows\System\oxWaEGl.exe
  C:\Windows\System\oxWaEGl.exe
  2⤵
  PID:9780
- C:\Windows\System\WQRZTvk.exe
  C:\Windows\System\WQRZTvk.exe
  2⤵
  PID:9808
- C:\Windows\System\BUHplAl.exe
  C:\Windows\System\BUHplAl.exe
  2⤵
  PID:9836
- C:\Windows\System\uumpHxI.exe
  C:\Windows\System\uumpHxI.exe
  2⤵
  PID:9864
- C:\Windows\System\hMpFFXO.exe
  C:\Windows\System\hMpFFXO.exe
  2⤵
  PID:9892
- C:\Windows\System\WTJQGAL.exe
  C:\Windows\System\WTJQGAL.exe
  2⤵
  PID:9920
- C:\Windows\System\uhlHBdO.exe
  C:\Windows\System\uhlHBdO.exe
  2⤵
  PID:9948
- C:\Windows\System\vsGZaFW.exe
  C:\Windows\System\vsGZaFW.exe
  2⤵
  PID:9976
- C:\Windows\System\QwyfnvV.exe
  C:\Windows\System\QwyfnvV.exe
  2⤵
  PID:10004
- C:\Windows\System\AVIFpjC.exe
  C:\Windows\System\AVIFpjC.exe
  2⤵
  PID:10032
- C:\Windows\System\bZqmRNs.exe
  C:\Windows\System\bZqmRNs.exe
  2⤵
  PID:10060
- C:\Windows\System\ICZHePT.exe
  C:\Windows\System\ICZHePT.exe
  2⤵
  PID:10088
- C:\Windows\System\fCmLPDW.exe
  C:\Windows\System\fCmLPDW.exe
  2⤵
  PID:10116
- C:\Windows\System\sioINzf.exe
  C:\Windows\System\sioINzf.exe
  2⤵
  PID:10144
- C:\Windows\System\LcsiKMh.exe
  C:\Windows\System\LcsiKMh.exe
  2⤵
  PID:10172
- C:\Windows\System\WZVTRgm.exe
  C:\Windows\System\WZVTRgm.exe
  2⤵
  PID:10200
- C:\Windows\System\cVnEsnA.exe
  C:\Windows\System\cVnEsnA.exe
  2⤵
  PID:10232
- C:\Windows\System\eeJjRdP.exe
  C:\Windows\System\eeJjRdP.exe
  2⤵
  PID:9260
- C:\Windows\System\MPCcUOY.exe
  C:\Windows\System\MPCcUOY.exe
  2⤵
  PID:9312
- C:\Windows\System\IeVRNHO.exe
  C:\Windows\System\IeVRNHO.exe
  2⤵
  PID:9392
- C:\Windows\System\msLlpWd.exe
  C:\Windows\System\msLlpWd.exe
  2⤵
  PID:9456
- C:\Windows\System\xKHGGSY.exe
  C:\Windows\System\xKHGGSY.exe
  2⤵
  PID:9516
- C:\Windows\System\isnjiYr.exe
  C:\Windows\System\isnjiYr.exe
  2⤵
  PID:9588
- C:\Windows\System\IsJwYoP.exe
  C:\Windows\System\IsJwYoP.exe
  2⤵
  PID:9652
- C:\Windows\System\EUonywX.exe
  C:\Windows\System\EUonywX.exe
  2⤵
  PID:9716
- C:\Windows\System\qakfnvS.exe
  C:\Windows\System\qakfnvS.exe
  2⤵
  PID:9792
- C:\Windows\System\jHqDLhJ.exe
  C:\Windows\System\jHqDLhJ.exe
  2⤵
  PID:9856
- C:\Windows\System\MoqtBzx.exe
  C:\Windows\System\MoqtBzx.exe
  2⤵
  PID:9912
- C:\Windows\System\YQMJyad.exe
  C:\Windows\System\YQMJyad.exe
  2⤵
  PID:10000
- C:\Windows\System\GyUwszo.exe
  C:\Windows\System\GyUwszo.exe
  2⤵
  PID:10044
- C:\Windows\System\uMmsaeN.exe
  C:\Windows\System\uMmsaeN.exe
  2⤵
  PID:10108
- C:\Windows\System\cjEAWLn.exe
  C:\Windows\System\cjEAWLn.exe
  2⤵
  PID:10168
- C:\Windows\System\xcBoZVG.exe
  C:\Windows\System\xcBoZVG.exe
  2⤵
  PID:9224
- C:\Windows\System\BQyeOcy.exe
  C:\Windows\System\BQyeOcy.exe
  2⤵
  PID:9364
- C:\Windows\System\LjVusYG.exe
  C:\Windows\System\LjVusYG.exe
  2⤵
  PID:9512
- C:\Windows\System\ivOtbHw.exe
  C:\Windows\System\ivOtbHw.exe
  2⤵
  PID:9680
- C:\Windows\System\NQbwRFs.exe
  C:\Windows\System\NQbwRFs.exe
  2⤵
  PID:9828
- C:\Windows\System\nlhlaJU.exe
  C:\Windows\System\nlhlaJU.exe
  2⤵
  PID:9996
- C:\Windows\System\PGiJepZ.exe
  C:\Windows\System\PGiJepZ.exe
  2⤵
  PID:10136
- C:\Windows\System\ueBygrz.exe
  C:\Windows\System\ueBygrz.exe
  2⤵
  PID:9308
- C:\Windows\System\jZTIdhw.exe
  C:\Windows\System\jZTIdhw.exe
  2⤵
  PID:9628
- C:\Windows\System\dioWHPD.exe
  C:\Windows\System\dioWHPD.exe
  2⤵
  PID:10028
- C:\Windows\System\aFwvoED.exe
  C:\Windows\System\aFwvoED.exe
  2⤵
  PID:9572
- C:\Windows\System\wVTinDz.exe
  C:\Windows\System\wVTinDz.exe
  2⤵
  PID:10196
- C:\Windows\System\obxdpZo.exe
  C:\Windows\System\obxdpZo.exe
  2⤵
  PID:10264
- C:\Windows\System\XsGyWIR.exe
  C:\Windows\System\XsGyWIR.exe
  2⤵
  PID:10292
- C:\Windows\System\sfqxKpw.exe
  C:\Windows\System\sfqxKpw.exe
  2⤵
  PID:10320
- C:\Windows\System\WjeTRTi.exe
  C:\Windows\System\WjeTRTi.exe
  2⤵
  PID:10348
- C:\Windows\System\sMCzWDN.exe
  C:\Windows\System\sMCzWDN.exe
  2⤵
  PID:10376
- C:\Windows\System\COvaoon.exe
  C:\Windows\System\COvaoon.exe
  2⤵
  PID:10404
- C:\Windows\System\nTgDXBo.exe
  C:\Windows\System\nTgDXBo.exe
  2⤵
  PID:10432
- C:\Windows\System\XPTcPXB.exe
  C:\Windows\System\XPTcPXB.exe
  2⤵
  PID:10460
- C:\Windows\System\ESigVoF.exe
  C:\Windows\System\ESigVoF.exe
  2⤵
  PID:10488
- C:\Windows\System\lznUQlB.exe
  C:\Windows\System\lznUQlB.exe
  2⤵
  PID:10516
- C:\Windows\System\dZWdgTd.exe
  C:\Windows\System\dZWdgTd.exe
  2⤵
  PID:10544
- C:\Windows\System\jyQiixi.exe
  C:\Windows\System\jyQiixi.exe
  2⤵
  PID:10572
- C:\Windows\System\FrErahK.exe
  C:\Windows\System\FrErahK.exe
  2⤵
  PID:10600
- C:\Windows\System\jYNvxjA.exe
  C:\Windows\System\jYNvxjA.exe
  2⤵
  PID:10628
- C:\Windows\System\wdwDnvO.exe
  C:\Windows\System\wdwDnvO.exe
  2⤵
  PID:10656
- C:\Windows\System\xPwKDpb.exe
  C:\Windows\System\xPwKDpb.exe
  2⤵
  PID:10684
- C:\Windows\System\bDKrDcH.exe
  C:\Windows\System\bDKrDcH.exe
  2⤵
  PID:10712
- C:\Windows\System\RTfGYSs.exe
  C:\Windows\System\RTfGYSs.exe
  2⤵
  PID:10760
- C:\Windows\System\uWKNgFc.exe
  C:\Windows\System\uWKNgFc.exe
  2⤵
  PID:10784
- C:\Windows\System\wpmFBxO.exe
  C:\Windows\System\wpmFBxO.exe
  2⤵
  PID:10804
- C:\Windows\System\OivONjw.exe
  C:\Windows\System\OivONjw.exe
  2⤵
  PID:10832
- C:\Windows\System\KfyaxAD.exe
  C:\Windows\System\KfyaxAD.exe
  2⤵
  PID:10860
- C:\Windows\System\aFcoLAR.exe
  C:\Windows\System\aFcoLAR.exe
  2⤵
  PID:10888
- C:\Windows\System\iQTXQGf.exe
  C:\Windows\System\iQTXQGf.exe
  2⤵
  PID:10916
- C:\Windows\System\DfeXeEp.exe
  C:\Windows\System\DfeXeEp.exe
  2⤵
  PID:10944
- C:\Windows\System\pawytJB.exe
  C:\Windows\System\pawytJB.exe
  2⤵
  PID:10972
- C:\Windows\System\FlfXbzj.exe
  C:\Windows\System\FlfXbzj.exe
  2⤵
  PID:11000
- C:\Windows\System\RbOcCpq.exe
  C:\Windows\System\RbOcCpq.exe
  2⤵
  PID:11028
- C:\Windows\System\tlpxVFD.exe
  C:\Windows\System\tlpxVFD.exe
  2⤵
  PID:11056
- C:\Windows\System\xQgKoSJ.exe
  C:\Windows\System\xQgKoSJ.exe
  2⤵
  PID:11084
- C:\Windows\System\qZCnTPF.exe
  C:\Windows\System\qZCnTPF.exe
  2⤵
  PID:11112
- C:\Windows\System\vljrjUs.exe
  C:\Windows\System\vljrjUs.exe
  2⤵
  PID:11140
- C:\Windows\System\eqIekKd.exe
  C:\Windows\System\eqIekKd.exe
  2⤵
  PID:11168
- C:\Windows\System\YvlrFMW.exe
  C:\Windows\System\YvlrFMW.exe
  2⤵
  PID:11196
- C:\Windows\System\ltxxiCP.exe
  C:\Windows\System\ltxxiCP.exe
  2⤵
  PID:11224
- C:\Windows\System\EZTZIsV.exe
  C:\Windows\System\EZTZIsV.exe
  2⤵
  PID:11240
- C:\Windows\System\hoJwayG.exe
  C:\Windows\System\hoJwayG.exe
  2⤵
  PID:10248
- C:\Windows\System\mvqvJYA.exe
  C:\Windows\System\mvqvJYA.exe
  2⤵
  PID:10312
- C:\Windows\System\nYSZWfb.exe
  C:\Windows\System\nYSZWfb.exe
  2⤵
  PID:10368
- C:\Windows\System\HhghMWu.exe
  C:\Windows\System\HhghMWu.exe
  2⤵
  PID:10452
- C:\Windows\System\GtPyWBb.exe
  C:\Windows\System\GtPyWBb.exe
  2⤵
  PID:10508
- C:\Windows\System\XaUtSuV.exe
  C:\Windows\System\XaUtSuV.exe
  2⤵
  PID:10584
- C:\Windows\System\JneZijU.exe
  C:\Windows\System\JneZijU.exe
  2⤵
  PID:10648
- C:\Windows\System\EKsDkMA.exe
  C:\Windows\System\EKsDkMA.exe
  2⤵
  PID:4456
- C:\Windows\System\jWfjlQU.exe
  C:\Windows\System\jWfjlQU.exe
  2⤵
  PID:32
- C:\Windows\System\aFDpsXG.exe
  C:\Windows\System\aFDpsXG.exe
  2⤵
  PID:1924
- C:\Windows\System\IVrmtom.exe
  C:\Windows\System\IVrmtom.exe
  2⤵
  PID:7272
- C:\Windows\System\IFrrMKL.exe
  C:\Windows\System\IFrrMKL.exe
  2⤵
  PID:10756
- C:\Windows\System\TdFHnLe.exe
  C:\Windows\System\TdFHnLe.exe
  2⤵
  PID:10800
- C:\Windows\System\VwRaFan.exe
  C:\Windows\System\VwRaFan.exe
  2⤵
  PID:10872
- C:\Windows\System\zehZUOD.exe
  C:\Windows\System\zehZUOD.exe
  2⤵
  PID:10936
- C:\Windows\System\sEWxKJZ.exe
  C:\Windows\System\sEWxKJZ.exe
  2⤵
  PID:10996
- C:\Windows\System\XHbkrVu.exe
  C:\Windows\System\XHbkrVu.exe
  2⤵
  PID:11068
- C:\Windows\System\wNTGMkT.exe
  C:\Windows\System\wNTGMkT.exe
  2⤵
  PID:11132
- C:\Windows\System\CefzAXp.exe
  C:\Windows\System\CefzAXp.exe
  2⤵
  PID:11192
- C:\Windows\System\wFxJnde.exe
  C:\Windows\System\wFxJnde.exe
  2⤵
  PID:11260
- C:\Windows\System\oiaHQCy.exe
  C:\Windows\System\oiaHQCy.exe
  2⤵
  PID:10360
- C:\Windows\System\SKSpDFP.exe
  C:\Windows\System\SKSpDFP.exe
  2⤵
  PID:10512
- C:\Windows\System\mzoOtBr.exe
  C:\Windows\System\mzoOtBr.exe
  2⤵
  PID:10676
- C:\Windows\System\VzeqWrJ.exe
  C:\Windows\System\VzeqWrJ.exe
  2⤵
  PID:4792
- C:\Windows\System\CaNBLkO.exe
  C:\Windows\System\CaNBLkO.exe
  2⤵
  PID:10740
- C:\Windows\System\TbvcAax.exe
  C:\Windows\System\TbvcAax.exe
  2⤵
  PID:10900
- C:\Windows\System\rNUTayp.exe
  C:\Windows\System\rNUTayp.exe
  2⤵
  PID:11048
- C:\Windows\System\PqlGguB.exe
  C:\Windows\System\PqlGguB.exe
  2⤵
  PID:11188
- C:\Windows\System\yjIfHDo.exe
  C:\Windows\System\yjIfHDo.exe
  2⤵
  PID:10344
- C:\Windows\System\FxFQqLE.exe
  C:\Windows\System\FxFQqLE.exe
  2⤵
  PID:10680
- C:\Windows\System\wDdqUwl.exe
  C:\Windows\System\wDdqUwl.exe
  2⤵
  PID:10852
- C:\Windows\System\rrjpUxJ.exe
  C:\Windows\System\rrjpUxJ.exe
  2⤵
  PID:11180
- C:\Windows\System\pOtryqi.exe
  C:\Windows\System\pOtryqi.exe
  2⤵
  PID:4372
- C:\Windows\System\alXVpuu.exe
  C:\Windows\System\alXVpuu.exe
  2⤵
  PID:10640
- C:\Windows\System\WGipCxI.exe
  C:\Windows\System\WGipCxI.exe
  2⤵
  PID:11280
- C:\Windows\System\ApUOlGY.exe
  C:\Windows\System\ApUOlGY.exe
  2⤵
  PID:11308
- C:\Windows\System\ouAXVES.exe
  C:\Windows\System\ouAXVES.exe
  2⤵
  PID:11336
- C:\Windows\System\LDdfeAc.exe
  C:\Windows\System\LDdfeAc.exe
  2⤵
  PID:11364
- C:\Windows\System\LRxSpEf.exe
  C:\Windows\System\LRxSpEf.exe
  2⤵
  PID:11392
- C:\Windows\System\bMdbjJd.exe
  C:\Windows\System\bMdbjJd.exe
  2⤵
  PID:11420
- C:\Windows\System\PNuqRTT.exe
  C:\Windows\System\PNuqRTT.exe
  2⤵
  PID:11448
- C:\Windows\System\ROOvATo.exe
  C:\Windows\System\ROOvATo.exe
  2⤵
  PID:11476
- C:\Windows\System\zqoNtLm.exe
  C:\Windows\System\zqoNtLm.exe
  2⤵
  PID:11504
- C:\Windows\System\Vuhpfuu.exe
  C:\Windows\System\Vuhpfuu.exe
  2⤵
  PID:11532
- C:\Windows\System\OVTggjR.exe
  C:\Windows\System\OVTggjR.exe
  2⤵
  PID:11560
- C:\Windows\System\uKDDRbL.exe
  C:\Windows\System\uKDDRbL.exe
  2⤵
  PID:11580
- C:\Windows\System\hfHAhFl.exe
  C:\Windows\System\hfHAhFl.exe
  2⤵
  PID:11616
- C:\Windows\System\nOExMsg.exe
  C:\Windows\System\nOExMsg.exe
  2⤵
  PID:11644
- C:\Windows\System\dQGrBmK.exe
  C:\Windows\System\dQGrBmK.exe
  2⤵
  PID:11672
- C:\Windows\System\QtsaPOd.exe
  C:\Windows\System\QtsaPOd.exe
  2⤵
  PID:11700
- C:\Windows\System\hfApcfK.exe
  C:\Windows\System\hfApcfK.exe
  2⤵
  PID:11728
- C:\Windows\System\lddNPEE.exe
  C:\Windows\System\lddNPEE.exe
  2⤵
  PID:11756
- C:\Windows\System\nIWIAJH.exe
  C:\Windows\System\nIWIAJH.exe
  2⤵
  PID:11784
- C:\Windows\System\QtOzLBa.exe
  C:\Windows\System\QtOzLBa.exe
  2⤵
  PID:11812
- C:\Windows\System\Yzdgrva.exe
  C:\Windows\System\Yzdgrva.exe
  2⤵
  PID:11840
- C:\Windows\System\NqYkCwh.exe
  C:\Windows\System\NqYkCwh.exe
  2⤵
  PID:11868
- C:\Windows\System\TGuRzyB.exe
  C:\Windows\System\TGuRzyB.exe
  2⤵
  PID:11896
- C:\Windows\System\qxRazBn.exe
  C:\Windows\System\qxRazBn.exe
  2⤵
  PID:11924
- C:\Windows\System\JKFRASy.exe
  C:\Windows\System\JKFRASy.exe
  2⤵
  PID:11952
- C:\Windows\System\erhyYtL.exe
  C:\Windows\System\erhyYtL.exe
  2⤵
  PID:11980
- C:\Windows\System\foDsGuq.exe
  C:\Windows\System\foDsGuq.exe
  2⤵
  PID:12008
- C:\Windows\System\ilHdxYy.exe
  C:\Windows\System\ilHdxYy.exe
  2⤵
  PID:12036
- C:\Windows\System\WZmgABy.exe
  C:\Windows\System\WZmgABy.exe
  2⤵
  PID:12064
- C:\Windows\System\HezajvU.exe
  C:\Windows\System\HezajvU.exe
  2⤵
  PID:12092
- C:\Windows\System\fQuVLIM.exe
  C:\Windows\System\fQuVLIM.exe
  2⤵
  PID:12120
- C:\Windows\System\FnHiTNr.exe
  C:\Windows\System\FnHiTNr.exe
  2⤵
  PID:12148
- C:\Windows\System\ziBDvWJ.exe
  C:\Windows\System\ziBDvWJ.exe
  2⤵
  PID:12176
- C:\Windows\System\qDnZFJw.exe
  C:\Windows\System\qDnZFJw.exe
  2⤵
  PID:12204
- C:\Windows\System\khArMlD.exe
  C:\Windows\System\khArMlD.exe
  2⤵
  PID:12232
- C:\Windows\System\hUjtKYL.exe
  C:\Windows\System\hUjtKYL.exe
  2⤵
  PID:12260
- C:\Windows\System\Cxhqfeb.exe
  C:\Windows\System\Cxhqfeb.exe
  2⤵
  PID:10624
- C:\Windows\System\QuWJoEG.exe
  C:\Windows\System\QuWJoEG.exe
  2⤵
  PID:11328
- C:\Windows\System\bEZZQWk.exe
  C:\Windows\System\bEZZQWk.exe
  2⤵
  PID:11384
- C:\Windows\System\afVHKzE.exe
  C:\Windows\System\afVHKzE.exe
  2⤵
  PID:11460
- C:\Windows\System\hinvnZG.exe
  C:\Windows\System\hinvnZG.exe
  2⤵
  PID:11524
- C:\Windows\System\zhMaJiA.exe
  C:\Windows\System\zhMaJiA.exe
  2⤵
  PID:11588
- C:\Windows\System\VFbcIBI.exe
  C:\Windows\System\VFbcIBI.exe
  2⤵
  PID:11656
- C:\Windows\System\MDdedYh.exe
  C:\Windows\System\MDdedYh.exe
  2⤵
  PID:11724
- C:\Windows\System\QWpOgWc.exe
  C:\Windows\System\QWpOgWc.exe
  2⤵
  PID:11780
- C:\Windows\System\JPvEVRn.exe
  C:\Windows\System\JPvEVRn.exe
  2⤵
  PID:11852
- C:\Windows\System\jbnThzX.exe
  C:\Windows\System\jbnThzX.exe
  2⤵
  PID:11916
- C:\Windows\System\GwdWDcK.exe
  C:\Windows\System\GwdWDcK.exe
  2⤵
  PID:4168
- C:\Windows\System\BKHwrRP.exe
  C:\Windows\System\BKHwrRP.exe
  2⤵
  PID:11976
- C:\Windows\System\EBZRszu.exe
  C:\Windows\System\EBZRszu.exe
  2⤵
  PID:12056
- C:\Windows\System\dOQFpTj.exe
  C:\Windows\System\dOQFpTj.exe
  2⤵
  PID:12116
- C:\Windows\System\msdyqEa.exe
  C:\Windows\System\msdyqEa.exe
  2⤵
  PID:12188
- C:\Windows\System\YSmOGjX.exe
  C:\Windows\System\YSmOGjX.exe
  2⤵
  PID:12252
- C:\Windows\System\lcpqMNS.exe
  C:\Windows\System\lcpqMNS.exe
  2⤵
  PID:11304
- C:\Windows\System\OcRYpfT.exe
  C:\Windows\System\OcRYpfT.exe
  2⤵
  PID:11444
- C:\Windows\System\NMBOiWG.exe
  C:\Windows\System\NMBOiWG.exe
  2⤵
  PID:11608
- C:\Windows\System\cGeImLO.exe
  C:\Windows\System\cGeImLO.exe
  2⤵
  PID:11768
- C:\Windows\System\JpnhWSy.exe
  C:\Windows\System\JpnhWSy.exe
  2⤵
  PID:11888
- C:\Windows\System\vSrReRi.exe
  C:\Windows\System\vSrReRi.exe
  2⤵
  PID:12004
- C:\Windows\System\lrHdlsg.exe
  C:\Windows\System\lrHdlsg.exe
  2⤵
  PID:12160
- C:\Windows\System\CCFOUTH.exe
  C:\Windows\System\CCFOUTH.exe
  2⤵
  PID:10796
- C:\Windows\System\MJzstNB.exe
  C:\Windows\System\MJzstNB.exe
  2⤵
  PID:11684
- C:\Windows\System\AwnFVfC.exe
  C:\Windows\System\AwnFVfC.exe
  2⤵
  PID:2092
- C:\Windows\System\ppAkzgG.exe
  C:\Windows\System\ppAkzgG.exe
  2⤵
  PID:11292
- C:\Windows\System\LLhcVgd.exe
  C:\Windows\System\LLhcVgd.exe
  2⤵
  PID:12112
- C:\Windows\System\ECNjQCV.exe
  C:\Windows\System\ECNjQCV.exe
  2⤵
  PID:11908
- C:\Windows\System\IVLpmAq.exe
  C:\Windows\System\IVLpmAq.exe
  2⤵
  PID:12312
- C:\Windows\System\qyGsPOw.exe
  C:\Windows\System\qyGsPOw.exe
  2⤵
  PID:12352
- C:\Windows\System\VsoLLZz.exe
  C:\Windows\System\VsoLLZz.exe
  2⤵
  PID:12380
- C:\Windows\System\wBbtsMB.exe
  C:\Windows\System\wBbtsMB.exe
  2⤵
  PID:12408
- C:\Windows\System\dYTmDjg.exe
  C:\Windows\System\dYTmDjg.exe
  2⤵
  PID:12436
- C:\Windows\System\rfKbIgZ.exe
  C:\Windows\System\rfKbIgZ.exe
  2⤵
  PID:12464
- C:\Windows\System\XADwyCK.exe
  C:\Windows\System\XADwyCK.exe
  2⤵
  PID:12492
- C:\Windows\System\HWjfMkI.exe
  C:\Windows\System\HWjfMkI.exe
  2⤵
  PID:12520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m2yiin42.ov2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AFMGbhB.exe

Filesize
3.1MB

MD5
cbca0481537ea6e8cee956b12d7753e9

SHA1
6d61fe81965d08a63e0fdbe11758461b20625370

SHA256
3955183aed86b851183f10b2d76c6662448e4fef851ba9bd3b8580909949d1bd

SHA512
438193c82b3429101d99c7bfb5e3145569d5b6204e885fea600a7cab3ebaadc89daeeedfdeb6488d86a539689045413b9bc471c7d80d8aa6809c92ba997306f5

Download Submit
C:\Windows\System\ArvcDuO.exe

Filesize
3.1MB

MD5
b483ec36c9309d358f29f480667273c1

SHA1
84f0a5a164b63abf43bbc35a9cb4bddf8ef94278

SHA256
7b90ce44ae80fe2cc2a5e59ee5ee380baa961f4686d866bd9488b21bae975b92

SHA512
1f1641d3c680cafd7616e96c180320b59271cb0b124581f6e172afc2c9c6857725dfa4c2b19fc2f3da9a103b981f4d559199a8e41fd94c06b7774614c45e3e6a

Download Submit
C:\Windows\System\AyorIUN.exe

Filesize
3.1MB

MD5
5029a37b31800fb674b3a23f42e27f70

SHA1
2440fd06c2e629801e990fed4ba5ac9361a37a3d

SHA256
39ea980d39ac53d40817a1539f567deba9b3246ab820258ae60815862eded8db

SHA512
4a969b835657eeb2236b954fb695cae48aecf91b62c0d4c2d25d2810e643501bd1f1edacc3286b7da2c2cdd0f6a33fd450e5593fb349082cba51548f8b1cefdb

Download Submit
C:\Windows\System\BctFAbH.exe

Filesize
3.1MB

MD5
77e637282cfb4cd383a58ab89363888f

SHA1
a210b18f4a81bebd8cf7b119c81b9f1f9edb447c

SHA256
c2602ee3e9d6906404701c074461e6871427c0f634b4cca15f4093b02796a50f

SHA512
16341879aaa3fdee7312192bf698a14b20d1786ddfcea2923740a952e7f83c8f7a7fa7877b7261ba2810993aabefae2ea1cb26a0a5e38712f613b2596fdb3751

Download Submit
C:\Windows\System\GABwEbZ.exe

Filesize
3.1MB

MD5
cca805710f361eb636889ca2dbe9b9ad

SHA1
4b3a5d45069ccfada00e107b2aec5215e86f6975

SHA256
10e55070f826e341094ffdafb9d5435944ed5bd3a27a067bf425e331a26ee0d9

SHA512
84b49dc627f269c926de301182befc4b07dafbb9583fa92b5111274af12d973c9550b844b3becbc96744dfdc10e6dbd705aa7ecf17c031ef90413a20a8033f34

Download Submit
C:\Windows\System\HOpzXhA.exe

Filesize
3.1MB

MD5
a21a49906747b7342a895731c0e7c940

SHA1
09bdd5d2cd16c63ab67c66d034120848ec5e634c

SHA256
e72ce7165a0e564037f536011b6dfb8dd35fbff6aa8d6b0655c2ad7726c10f03

SHA512
5b1305c61d6fb3233f336a60d6d4f48b207977ffa3cda13d656dafd2f639990fd8b45342e34a3537c0a76852a041cdeed49611b0b69adc3c19042e8b3cc89f69

Download Submit
C:\Windows\System\JAqvKjo.exe

Filesize
3.1MB

MD5
eb3be3545f955e7817907bcfeb513675

SHA1
466351e20b3826a2ab64301606af3a8566b61e30

SHA256
d6b204d5d5bc2ff8dc7d5ce187b50a3cc0d4596251d6d60bf78647bdd5658ec8

SHA512
af86c0de5c9faba0b01669117f04dc4064c463d0dac68a33eee57ca2a5a4889a1a62370f5df47ef963bafb6b287aa6eab010e762afc800b4e650301a461d696f

Download Submit
C:\Windows\System\LwGlSXj.exe

Filesize
3.1MB

MD5
d94e5f8b70b2052bb49042df4f2db1d6

SHA1
71e977f78ab6f94daa4712bc20934ecbb13889f9

SHA256
5b95da91a4bb1db38dcd648fc52db1bdcfd291a44ea781248727ca7831323ac9

SHA512
c2e90500eff67c1c68fde369c207b4140b275fcfa083aa11054109385b0dc0169be76339365f0da64dad0070e7da93c93405eaf5fd7e98af974838c223cbf9d5

Download Submit
C:\Windows\System\MeXtzzZ.exe

Filesize
3.1MB

MD5
7c01eb2cb8e6eba6dfea70bc375bc0d3

SHA1
59bc1ca13cf5b7948fe99e1251b9713fdb8bb452

SHA256
a2dc29fca343e79defe17e4294a3dc6d6235acca00f25ec5c43a5dbb7fc3417a

SHA512
191dc04b3816f5efe12a6f62d0fa81e53c7ad1032859b274be55b8ed5e2c3788ef9d47668c8c51a8363a5e9d35e8b4f1e947e7f6f40086c3cb2b566b63c689c3

Download Submit
C:\Windows\System\OGONhbq.exe

Filesize
3.1MB

MD5
c63578151dd6347552ce60acc99af319

SHA1
2636007c5197d6d570fbdc646e92f2b2bf8f4fec

SHA256
1a73ad64ed4a9eff135deae91ef9e5b5458a53162ba8e3bad90af2a64601ae44

SHA512
9f06e3b8923627949ebcd03b7e2ba6ec0a9b8b721b3b8d844e0baa7a507b1e59bb0f7df6971d31347fd91de2b8bbba8b3f50e0c8c83df0e2f660a899e3799f8e

Download Submit
C:\Windows\System\OeQZIDb.exe

Filesize
3.1MB

MD5
39b8592f48accbe0df955f569688666d

SHA1
6ad9c794e2d8d854c1ea1bf522823d9344f7065e

SHA256
f54ea5cbc82f8de6ea9ebf43cbec41509eed48b5c5419871abbb16699d4c9f5d

SHA512
887eab324ebd73862276b5f0bfaee0012f1e15c5aad69d7d402b2d9f9b6ba6c1328b01bc78de5bf9e458da5d9a2722e53e21e8975a81f6467106908a5529d1c3

Download Submit
C:\Windows\System\OrGMAOe.exe

Filesize
3.1MB

MD5
5cac62295cdbc2c0420370a6e34328b1

SHA1
ddb1011dba8b57e86d4db69a5881d8e76531859c

SHA256
23cfb9693a2fa95c62dd49b96fd29b3aae6cad0e152487bbc169f467cf758c42

SHA512
83df1833a86f43d4aa86ede729a53695a2553e1f6e7e6bdbc94f11967e60ba9c0c9b98a9cdab0c1d9bae09cedd2b6c3385f6611a0c114c2d49427ba814115d32

Download Submit
C:\Windows\System\PVaVqdS.exe

Filesize
3.1MB

MD5
d28e5ac8d1478a87b2dcb705a3125aed

SHA1
bd9c7a009aaecd777d14659c7a7e7bef4abaf04e

SHA256
ba5d7fb77099188a5c7d2022743f69931690f2cebe7c8bac90e6adaa960eef38

SHA512
90de098fe106cd3af02a26ab9a222a35c806505e26db48fcdbb95c41d0796a088e50c97f95546cdc8c8ab99ed407c25aae465d5c84cc4b6f615236ec0edd24a8

Download Submit
C:\Windows\System\SvdJEhS.exe

Filesize
3.1MB

MD5
9d458f72313bd5db048cf0f8887c47dd

SHA1
6cbccf46f6be1a831ac2be6df73ca3bbdd8fce36

SHA256
4b48d1777d1494a729f025cfbfce6f6cb1f51869235286adcb6bf111ff886192

SHA512
1b5d9a733f9ac4961f2244edbecf792e4b5f7bece0182ec1306761fd7e22c36e9e8d131b6fdbf89a5c231ff1a58f94ee68fde74e3d3941190c2561b80ec53c4b

Download Submit
C:\Windows\System\TfMZJPE.exe

Filesize
3.1MB

MD5
cdcd5b152510190aabb1337e2f9427b6

SHA1
65479b4a1af37e623d63e8dd6208b0b61d16cb23

SHA256
0ecfc45469fe6eba8f888d34c73780c0ddcafd60583ef15cdd2ab1a1f57fb2a2

SHA512
c0c30467a2ecc1037a04f68f78f82af6711292ee727742b42d7c6ac175d71c73c5e6341aece4bd4eeb55986df4581f5f8e9264a8afed5c0812b4d990b568b0e6

Download Submit
C:\Windows\System\XHethYw.exe

Filesize
3.1MB

MD5
7660ec751dd6f041cb949215e35d9a16

SHA1
f03a6f68df0fc9c04e8299744708131fae79d02b

SHA256
51170ce2b1db14887eb2b79e17cb19934891aa728d28e21d9becd20b6d2495b5

SHA512
0ac9d930090ea040676d36b720e1c687dc2201d338586fe41c621cd9036015f5329d956cd6f526f98e80b86b9e5e91325a71cd49f589832a536722179a0d8f43

Download Submit
C:\Windows\System\ashOubV.exe

Filesize
3.1MB

MD5
b492b5fbe8768bea95ca3f705ae22737

SHA1
4484e461c7d04ae52679f2a9018c05b3beaa9e71

SHA256
c4e54ad2df8898994ec6289ffd0c03e0dae030f515c65382fee55216d14ff4df

SHA512
56771390827d0d5201867a8f04df03c2e0c155a8bbc5615ba86dcc1bdf99e524a0c2f898a6b2d9ad707c8d0190d33417813796e6ddfd7c983369e8443e384124

Download Submit
C:\Windows\System\aznuOGa.exe

Filesize
3.1MB

MD5
bca345030273662fb600e92ac6cd3cb3

SHA1
cb1c630306e9719189a116869a739e21209257ae

SHA256
c645bec9b94c371d05b76c1d4e3dc64007bb52c3cc178e8df541502e52c44bf1

SHA512
091ac9ea3bce1cba7636b965b6b8c70b942ef551bfe4bd85ec3f8875f6568867e9735fad15a1ffeb30238701f0652c8f22f2d063566afda776984a702e44cf40

Download Submit
C:\Windows\System\dgfFOZU.exe

Filesize
3.1MB

MD5
e3f735b53e954b0a75b71d459df94b52

SHA1
02b9a25acae28bc1d05e8c02bcb1d4792aa7084c

SHA256
800e8619ad59d066fb7fb752c95813303779d645544ab7d3ceab876a8312a2ec

SHA512
aa966ac50545d86324c53ee65e645be6c9c61c583cee095c444d5c5ed636c79cf195e8c7a9c63998c8fd147171fbd5f10bffe9aff1b6b221bff3b07991ad827e

Download Submit
C:\Windows\System\evAXzfX.exe

Filesize
3.1MB

MD5
1cad4420e325031307f5ee00cbb71674

SHA1
c2fb53bd3f5bd8f59f48d607d20a72359b04703e

SHA256
ae6a51a3b9ada95c8c3b15bbf2ee45c5d54c9aabda3481cf085b45eef56abf8f

SHA512
fcd2f6428264fcdd9cabaa36f789992084dcac745965d39482e4d1bbc3c0edad310cda23ac212eb503c15fdc9f9f8b598107f00adf2f4c18363686640283d087

Download Submit
C:\Windows\System\hkQXORR.exe

Filesize
3.1MB

MD5
e1b80b5d310a95d4746750dc1d914237

SHA1
3271101e94094c7e350c8b7d235dc0c61fd1fe28

SHA256
23c0e19680cf1e63ea7816a750fbfae754160f19b16f07e1108fdde72ffabce6

SHA512
0ee6cd3a5995bb6ec9986d66218162ef64341691169f756c2223c2940d3d0214317b989840a102688ba8a812a9921c3b1436a8e96e477a53f03699ffd6df4bc5

Download Submit
C:\Windows\System\nFgiVSV.exe

Filesize
3.1MB

MD5
d85de427641864790cec16a04570752c

SHA1
c963fea5df337f8cb14860430bd4db0db413ac6a

SHA256
e1bd836e37fe8892275227f0f2e693a9bd2fbbdb33466349704d6869eb990080

SHA512
8e2b44ed75705bf6cdb31610cc037fb9cceff16400792da6a67d55356ad3daa60e33c63ae9eededf76ad66a0b7d82d2abb75ee98a3e7ffc50b26bbf9289930f0

Download Submit
C:\Windows\System\oKnbjdf.exe

Filesize
3.1MB

MD5
1946ac7816d1a0c840a666bbbdb2225e

SHA1
136c285f6d3e3afdb1c370bae012e5cb99776d18

SHA256
742dbecc342015cfa3c6febb820f33315bcccd47cd7e981de6002a3f9b651e05

SHA512
e2ad046edc51e01603b251b1668c5e0d1028fec068f90a8f6babf03b4c030cf34968dc391dfb4028fc8f1260917d30fdc105c489735189fda783f3c39d5db8dc

Download Submit
C:\Windows\System\qBNiQuo.exe

Filesize
3.1MB

MD5
28ad01a9fb4837d579e1468e2c52da52

SHA1
8ffb288e901a32ceab7f65538ded9115e0f3ddce

SHA256
9840cfa1b6c88dd278be22211b256821f167de55911a43b49fef0819ec360f01

SHA512
64d0e631da0d5d0a71fba6aac7321ae0bb18c85f00a56f4483739fe5677b0d51f5c0eca7bd4405e10b1a576be950fdf7081ec2ff934c1e83030aa176b62993da

Download Submit
C:\Windows\System\qFcEqfn.exe

Filesize
3.1MB

MD5
eb5172f8196d2ecb74405426ce21ce43

SHA1
e697d51c77db435cf06588f44db9337869da44b9

SHA256
a24955669e087f2cd975d8383040cb092055eb41962ee21830b225f573d5ddc8

SHA512
5a95836e55c5c6350cb0886eb1bc70d827f964342e3a9093d27139981695451aa8d349d4d95088658b975160c8081e8c86826716d77de1ae1f34e6eb861f5b6a

Download Submit
C:\Windows\System\sKZmnqT.exe

Filesize
3.1MB

MD5
37f33ddf910ed6b6703c9fa2e294bac5

SHA1
57afaccca8b2ddb42d200c1d176cdb139da1362d

SHA256
075e3212f04c453ae6f874a8e76b786f8af3ea0313231798b4f70e80168a82ff

SHA512
10b003d498f4175a330918a091917134dcd1009994c67919369d2643b4af863e0e2dc72a67a1315d51cd3fbb30d2fe53c7b5835aaad03c20b1ef19caa5d75ca2

Download Submit
C:\Windows\System\shhymea.exe

Filesize
3.1MB

MD5
fe892290ab5eaa6325af986b847b22fd

SHA1
bb796f32e96d21626e108dbf7cb05c1b9c39ef52

SHA256
94a64623f95d33a9cf8e5f265741f90320afa318b568d38e53d17247ddbabc3e

SHA512
e024e4f9c22c1aee71544e1b9602bcd4f165718a5a9a4a1cd76f6ed2ef16ee0d07f769dac450a609572caa793f017ebd7723401c739b8677bf8cff268c9059e0

Download Submit
C:\Windows\System\uVyRtvP.exe

Filesize
3.1MB

MD5
e4ed9c6d76de560fb0aa6b2a2f0f2753

SHA1
67ca60c9b7940cf51d37c026b488b34abaca1c1b

SHA256
da17f6d5b302d6332c5bcf5e0bf105ac7d05783b5a83086e61a4a100bdd71341

SHA512
10d3adff592696a0732ee0303a123b0a34db96a33dfa4a3b548a173bd3042f53e270961ceda590ca68bec71837c42ec96e170904375acc411727ae1cfcfbf0e6

Download Submit
C:\Windows\System\uqnTfNx.exe

Filesize
3.1MB

MD5
37f5a989ce38c48ef29cd12434805545

SHA1
4678129346588de1d6a594ed1255b909eee722bf

SHA256
dba536bb7977a76555ded7a30a83258af75e20cb6d91ee78dd4c3154f3dc9739

SHA512
bfcfe742ffa119f02d972fb2e07a19728b7b3f38e93362d2e8d7576a899323ba8af482877490eea2935e407319af037baaf020c526072a84a1051544a37ad873

Download Submit
C:\Windows\System\wuZhpwT.exe

Filesize
3.1MB

MD5
da6e1cfacb96ddd40b0b7765d0202875

SHA1
bbf5942b72fe9b949d2f8b55b30a4cb9a73055c3

SHA256
e6478693cc9c4d9f1d949b72491e54bbb57ff86873b02d0ebdcf5de345d1723b

SHA512
d3e18320b1c4044ea51f3f9164872447717e74348dff1e3ce2c395f9a329a8e4b1c4db1dc4dec56c60ea919e68cd63a31e43025da8527b90de3fa293d38bedfb

Download Submit
C:\Windows\System\xjBXAry.exe

Filesize
3.1MB

MD5
82bf9a2414a94be15174cfd6978eebae

SHA1
bfca35c0fc244773d065cfbe87a3f5eadb6e736d

SHA256
def336541a2e0e5fdb7ca4445c4145dd4de71bf8fb8fa598bc211a7e5143f296

SHA512
573101cf4a76eb6244b5bdc8b5f8f42c26463060befb1ec8f4663c9d5f15dbb83b0731864fb744c3e908711406c162fe12a42070a0d1d6520cbf22f846df1683

Download Submit
C:\Windows\System\xjDhZuy.exe

Filesize
3.1MB

MD5
cd0ac0f3fcdde4defabc0a37e3d2cf17

SHA1
b9ccbd6d82b9c66e3c256d88bd34970a8198b8d5

SHA256
afa9da55824a37e23b17bfff346736465673eb3e4da14b4e109f0f867df4a0dc

SHA512
b1963a7e9d7ca1b1e9940d4f9ec79cb30acc87c76c9d93a0dbc782648ff1e9dd879bded8e1984b9a4c3b5740143dc557ed2b18257d632a900a539aa0f5cd5ac9

Download Submit
C:\Windows\System\xkkquBB.exe

Filesize
3.1MB

MD5
10a45604c219c7e2ddc363b9d5fc4118

SHA1
1df5bb2e14dc6eba3302f7f37b1c61a948e57cc4

SHA256
2e03d7981acd80998fb33a134102db58ef26b8fcad6ae1340acb13d23d5a079c

SHA512
a11ba5cea40f0d993fa0812244b133d626d15918c541b102ea57e7ebe68d18eabbc6d2c2772e22fde84978cb93764e4fdaee6431ebdce65bfd5a5bbb069d7238

Download Submit
C:\Windows\System\xsfbOgq.exe

Filesize
3.1MB

MD5
1db76a5d6c384f5e478420655d991a19

SHA1
924122ac7a8744965e6ea8fd288ff8e5dcc98b51

SHA256
d3d3597ea095682fad9e6f2de93d8a711ee369d92b8263ac34c2d77ad991ec81

SHA512
999b660d4699ee3b82a44105e55321f620cc6d02ccba2577f2b03168e38cd8905a2816afa80834c55bbe33de6641dae14edc3256446ccbbd2927e6ed2783b9eb

Download Submit
C:\Windows\System\ygajkyJ.exe

Filesize
3.1MB

MD5
c92cedc4eceee2381a2793cd5abc3ef4

SHA1
8efd7a6f53183dc41540cbfe27c8a3fd7aba39a8

SHA256
29db6fa150ccce92444adf1a58c70e400e757a7364d35374908ca6a7ef6cc9f3

SHA512
ad1ed5161ed829699583dd778cbc736662f8ecfefb7d50cd0e42791d05ea582e3ef80b9b15246f7151fc060b5700633f27f4d2da01b6cca444b64dfa30319f0e

Download Submit
memory/388-2070-0x00007FF733850000-0x00007FF733C46000-memory.dmp

Filesize
4.0MB

Download
memory/388-25-0x00007FF733850000-0x00007FF733C46000-memory.dmp

Filesize
4.0MB

Download
memory/388-2077-0x00007FF733850000-0x00007FF733C46000-memory.dmp

Filesize
4.0MB

Download
memory/440-2080-0x00007FF6D40D0000-0x00007FF6D44C6000-memory.dmp

Filesize
4.0MB

Download
memory/440-120-0x00007FF6D40D0000-0x00007FF6D44C6000-memory.dmp

Filesize
4.0MB

Download
memory/1016-0-0x00007FF718140000-0x00007FF718536000-memory.dmp

Filesize
4.0MB

Download
memory/1016-1-0x000002A2B89D0000-0x000002A2B89E0000-memory.dmp

Filesize
64KB

Download
memory/1520-237-0x00007FF6FF180000-0x00007FF6FF576000-memory.dmp

Filesize
4.0MB

Download
memory/1520-2098-0x00007FF6FF180000-0x00007FF6FF576000-memory.dmp

Filesize
4.0MB

Download
memory/1528-238-0x00007FF6B8A20000-0x00007FF6B8E16000-memory.dmp

Filesize
4.0MB

Download
memory/1528-2099-0x00007FF6B8A20000-0x00007FF6B8E16000-memory.dmp

Filesize
4.0MB

Download
memory/1620-102-0x00007FF7D0E90000-0x00007FF7D1286000-memory.dmp

Filesize
4.0MB

Download
memory/1620-2082-0x00007FF7D0E90000-0x00007FF7D1286000-memory.dmp

Filesize
4.0MB

Download
memory/1704-2091-0x00007FF6FD750000-0x00007FF6FDB46000-memory.dmp

Filesize
4.0MB

Download
memory/1704-123-0x00007FF6FD750000-0x00007FF6FDB46000-memory.dmp

Filesize
4.0MB

Download
memory/1852-2086-0x00007FF648D20000-0x00007FF649116000-memory.dmp

Filesize
4.0MB

Download
memory/1852-45-0x00007FF648D20000-0x00007FF649116000-memory.dmp

Filesize
4.0MB

Download
memory/1852-2071-0x00007FF648D20000-0x00007FF649116000-memory.dmp

Filesize
4.0MB

Download
memory/2060-2087-0x00007FF65C580000-0x00007FF65C976000-memory.dmp

Filesize
4.0MB

Download
memory/2060-101-0x00007FF65C580000-0x00007FF65C976000-memory.dmp

Filesize
4.0MB

Download
memory/2216-2075-0x00007FFB7DB70000-0x00007FFB7E631000-memory.dmp

Filesize
10.8MB

Download
memory/2216-97-0x00007FFB7DB70000-0x00007FFB7E631000-memory.dmp

Filesize
10.8MB

Download
memory/2216-2074-0x00007FFB7DB73000-0x00007FFB7DB75000-memory.dmp

Filesize
8KB

Download
memory/2216-46-0x00007FFB7DB73000-0x00007FFB7DB75000-memory.dmp

Filesize
8KB

Download
memory/2216-113-0x00000212FBE60000-0x00000212FBE82000-memory.dmp

Filesize
136KB

Download
memory/2216-122-0x00007FFB7DB70000-0x00007FFB7E631000-memory.dmp

Filesize
10.8MB

Download
memory/2216-239-0x00000212FEC60000-0x00000212FF406000-memory.dmp

Filesize
7.6MB

Download
memory/2216-2072-0x00007FFB7DB70000-0x00007FFB7E631000-memory.dmp

Filesize
10.8MB

Download
memory/2224-236-0x00007FF73BA00000-0x00007FF73BDF6000-memory.dmp

Filesize
4.0MB

Download
memory/2224-2097-0x00007FF73BA00000-0x00007FF73BDF6000-memory.dmp

Filesize
4.0MB

Download
memory/2564-2088-0x00007FF730800000-0x00007FF730BF6000-memory.dmp

Filesize
4.0MB

Download
memory/2564-116-0x00007FF730800000-0x00007FF730BF6000-memory.dmp

Filesize
4.0MB

Download
memory/2696-56-0x00007FF6E4AE0000-0x00007FF6E4ED6000-memory.dmp

Filesize
4.0MB

Download
memory/2696-2079-0x00007FF6E4AE0000-0x00007FF6E4ED6000-memory.dmp

Filesize
4.0MB

Download
memory/2908-114-0x00007FF6F09A0000-0x00007FF6F0D96000-memory.dmp

Filesize
4.0MB

Download
memory/2908-2092-0x00007FF6F09A0000-0x00007FF6F0D96000-memory.dmp

Filesize
4.0MB

Download
memory/2964-2083-0x00007FF6514B0000-0x00007FF6518A6000-memory.dmp

Filesize
4.0MB

Download
memory/2964-121-0x00007FF6514B0000-0x00007FF6518A6000-memory.dmp

Filesize
4.0MB

Download
memory/3096-100-0x00007FF6CDFF0000-0x00007FF6CE3E6000-memory.dmp

Filesize
4.0MB

Download
memory/3096-2081-0x00007FF6CDFF0000-0x00007FF6CE3E6000-memory.dmp

Filesize
4.0MB

Download
memory/3328-2069-0x00007FF665460000-0x00007FF665856000-memory.dmp

Filesize
4.0MB

Download
memory/3328-2076-0x00007FF665460000-0x00007FF665856000-memory.dmp

Filesize
4.0MB

Download
memory/3328-12-0x00007FF665460000-0x00007FF665856000-memory.dmp

Filesize
4.0MB

Download
memory/3628-118-0x00007FF7166C0000-0x00007FF716AB6000-memory.dmp

Filesize
4.0MB

Download
memory/3628-2089-0x00007FF7166C0000-0x00007FF716AB6000-memory.dmp

Filesize
4.0MB

Download
memory/3780-2085-0x00007FF642810000-0x00007FF642C06000-memory.dmp

Filesize
4.0MB

Download
memory/3780-119-0x00007FF642810000-0x00007FF642C06000-memory.dmp

Filesize
4.0MB

Download
memory/3792-2094-0x00007FF692C80000-0x00007FF693076000-memory.dmp

Filesize
4.0MB

Download
memory/3792-225-0x00007FF692C80000-0x00007FF693076000-memory.dmp

Filesize
4.0MB

Download
memory/4188-226-0x00007FF6D95A0000-0x00007FF6D9996000-memory.dmp

Filesize
4.0MB

Download
memory/4188-2095-0x00007FF6D95A0000-0x00007FF6D9996000-memory.dmp

Filesize
4.0MB

Download
memory/4228-103-0x00007FF6DFF00000-0x00007FF6E02F6000-memory.dmp

Filesize
4.0MB

Download
memory/4228-2084-0x00007FF6DFF00000-0x00007FF6E02F6000-memory.dmp

Filesize
4.0MB

Download
memory/4632-2073-0x00007FF633D00000-0x00007FF6340F6000-memory.dmp

Filesize
4.0MB

Download
memory/4632-2078-0x00007FF633D00000-0x00007FF6340F6000-memory.dmp

Filesize
4.0MB

Download
memory/4632-34-0x00007FF633D00000-0x00007FF6340F6000-memory.dmp

Filesize
4.0MB

Download
memory/4684-2090-0x00007FF6689D0000-0x00007FF668DC6000-memory.dmp

Filesize
4.0MB

Download
memory/4684-117-0x00007FF6689D0000-0x00007FF668DC6000-memory.dmp

Filesize
4.0MB

Download
memory/4736-115-0x00007FF79E350000-0x00007FF79E746000-memory.dmp

Filesize
4.0MB

Download
memory/4736-2093-0x00007FF79E350000-0x00007FF79E746000-memory.dmp

Filesize
4.0MB

Download
memory/4884-235-0x00007FF7E7CA0000-0x00007FF7E8096000-memory.dmp

Filesize
4.0MB

Download
memory/4884-2096-0x00007FF7E7CA0000-0x00007FF7E8096000-memory.dmp

Filesize
4.0MB

Download