xmrig | d2e3f74dff9680890875cd2fdd61b56cd8dd4a4458d199e16d5a768a3b49b15b

Analysis

max time kernel
105s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b55cd9ee8bab7534633b5fcb4d022d0N.exe
Size

1.6MB
MD5

1b55cd9ee8bab7534633b5fcb4d022d0
SHA1

a8a3822c6d67c97f26b6ef7b13d8881ee9cf542c
SHA256

d2e3f74dff9680890875cd2fdd61b56cd8dd4a4458d199e16d5a768a3b49b15b
SHA512

9a0cf0e700456d8b6a6ba103528d520a2205086cef2112ec8f090de2545512b3daf1820abe1fbd13cfd65692bcc8aae656425b9b1e67f444410b01aa98332ed4
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYX80g0ZeW2jkotKvOO9L2c8h9dh:Lz071uv4BPMkibTIA5sUeFjkqF

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/4520-243-0x00007FF7F2B60000-0x00007FF7F2F52000-memory.dmp	xmrig
behavioral2/memory/3952-270-0x00007FF6D75D0000-0x00007FF6D79C2000-memory.dmp	xmrig
behavioral2/memory/2944-316-0x00007FF7E7810000-0x00007FF7E7C02000-memory.dmp	xmrig
behavioral2/memory/1928-326-0x00007FF6E3C50000-0x00007FF6E4042000-memory.dmp	xmrig
behavioral2/memory/2344-329-0x00007FF6746F0000-0x00007FF674AE2000-memory.dmp	xmrig
behavioral2/memory/724-328-0x00007FF70F230000-0x00007FF70F622000-memory.dmp	xmrig
behavioral2/memory/452-327-0x00007FF7E0DD0000-0x00007FF7E11C2000-memory.dmp	xmrig
behavioral2/memory/664-325-0x00007FF72A0F0000-0x00007FF72A4E2000-memory.dmp	xmrig
behavioral2/memory/3564-324-0x00007FF6EE740000-0x00007FF6EEB32000-memory.dmp	xmrig
behavioral2/memory/3384-323-0x00007FF66CC10000-0x00007FF66D002000-memory.dmp	xmrig
behavioral2/memory/4140-322-0x00007FF748850000-0x00007FF748C42000-memory.dmp	xmrig
behavioral2/memory/2928-321-0x00007FF73AA40000-0x00007FF73AE32000-memory.dmp	xmrig
behavioral2/memory/2544-320-0x00007FF693900000-0x00007FF693CF2000-memory.dmp	xmrig
behavioral2/memory/5084-319-0x00007FF7147A0000-0x00007FF714B92000-memory.dmp	xmrig
behavioral2/memory/2336-318-0x00007FF619810000-0x00007FF619C02000-memory.dmp	xmrig
behavioral2/memory/3092-317-0x00007FF784AE0000-0x00007FF784ED2000-memory.dmp	xmrig
behavioral2/memory/4628-289-0x00007FF61CFD0000-0x00007FF61D3C2000-memory.dmp	xmrig
behavioral2/memory/2744-251-0x00007FF7B5670000-0x00007FF7B5A62000-memory.dmp	xmrig
behavioral2/memory/4584-237-0x00007FF6DE820000-0x00007FF6DEC12000-memory.dmp	xmrig
behavioral2/memory/2572-197-0x00007FF6831B0000-0x00007FF6835A2000-memory.dmp	xmrig
behavioral2/memory/1860-123-0x00007FF650660000-0x00007FF650A52000-memory.dmp	xmrig
behavioral2/memory/2056-93-0x00007FF65E1C0000-0x00007FF65E5B2000-memory.dmp	xmrig
behavioral2/memory/452-2028-0x00007FF7E0DD0000-0x00007FF7E11C2000-memory.dmp	xmrig
behavioral2/memory/3048-2030-0x00007FF7A1640000-0x00007FF7A1A32000-memory.dmp	xmrig
behavioral2/memory/1860-2032-0x00007FF650660000-0x00007FF650A52000-memory.dmp	xmrig
behavioral2/memory/2572-2034-0x00007FF6831B0000-0x00007FF6835A2000-memory.dmp	xmrig
behavioral2/memory/5052-2036-0x00007FF754660000-0x00007FF754A52000-memory.dmp	xmrig
behavioral2/memory/2056-2038-0x00007FF65E1C0000-0x00007FF65E5B2000-memory.dmp	xmrig
behavioral2/memory/724-2040-0x00007FF70F230000-0x00007FF70F622000-memory.dmp	xmrig
behavioral2/memory/4520-2044-0x00007FF7F2B60000-0x00007FF7F2F52000-memory.dmp	xmrig
behavioral2/memory/2744-2046-0x00007FF7B5670000-0x00007FF7B5A62000-memory.dmp	xmrig
behavioral2/memory/4584-2043-0x00007FF6DE820000-0x00007FF6DEC12000-memory.dmp	xmrig
behavioral2/memory/2944-2048-0x00007FF7E7810000-0x00007FF7E7C02000-memory.dmp	xmrig
behavioral2/memory/2336-2091-0x00007FF619810000-0x00007FF619C02000-memory.dmp	xmrig
behavioral2/memory/4628-2086-0x00007FF61CFD0000-0x00007FF61D3C2000-memory.dmp	xmrig
behavioral2/memory/1928-2073-0x00007FF6E3C50000-0x00007FF6E4042000-memory.dmp	xmrig
behavioral2/memory/3564-2063-0x00007FF6EE740000-0x00007FF6EEB32000-memory.dmp	xmrig
behavioral2/memory/3384-2062-0x00007FF66CC10000-0x00007FF66D002000-memory.dmp	xmrig
behavioral2/memory/2344-2058-0x00007FF6746F0000-0x00007FF674AE2000-memory.dmp	xmrig
behavioral2/memory/5084-2085-0x00007FF7147A0000-0x00007FF714B92000-memory.dmp	xmrig
behavioral2/memory/2928-2053-0x00007FF73AA40000-0x00007FF73AE32000-memory.dmp	xmrig
behavioral2/memory/4140-2051-0x00007FF748850000-0x00007FF748C42000-memory.dmp	xmrig
behavioral2/memory/2544-2068-0x00007FF693900000-0x00007FF693CF2000-memory.dmp	xmrig
behavioral2/memory/664-2066-0x00007FF72A0F0000-0x00007FF72A4E2000-memory.dmp	xmrig
behavioral2/memory/3092-2060-0x00007FF784AE0000-0x00007FF784ED2000-memory.dmp	xmrig
behavioral2/memory/3952-2056-0x00007FF6D75D0000-0x00007FF6D79C2000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
9	3616	powershell.exe
12	3616	powershell.exe
45	3616	powershell.exe
46	3616	powershell.exe
47	3616	powershell.exe
51	3616	powershell.exe
52	3616	powershell.exe
56	3616	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3616	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3048	esupMVC.exe
452	UnyTDPh.exe
5052	FzQikNr.exe
2056	WTBByLB.exe
1860	MiTFVuQ.exe
2572	MCyARZR.exe
724	ODNrJUA.exe
4584	XlXKGIa.exe
4520	FlWqhsG.exe
2744	eEeUeVE.exe
3952	grXqzsn.exe
4628	YTcMsRy.exe
2944	iavwmtu.exe
3092	mQeCbsT.exe
2336	FSPullF.exe
5084	rMuXqJb.exe
2544	bxfydGh.exe
2344	ubHNNHw.exe
2928	LZCyrsh.exe
4140	fClvpIN.exe
3384	rFMuooh.exe
3564	kOgjdQm.exe
664	jMfcQRF.exe
1928	frbatbj.exe
2528	rpsYony.exe
1876	nGdcQqj.exe
3176	aNySnMj.exe
1912	XCXXXSr.exe
3300	AFXxEEL.exe
2368	PXHjlhK.exe
1416	OOypDCM.exe
4744	HWYLtpp.exe
3120	rvEfNrz.exe
2756	vqGNaWY.exe
4640	OCRMCUc.exe
4492	jCYItJo.exe
5036	JbQpLff.exe
3236	FsTierF.exe
3620	OfwjcMt.exe
1276	fQrpRzr.exe
2696	tpXqTRT.exe
5080	MXDXfEk.exe
4420	aKKohYk.exe
4996	DRnAIaN.exe
2320	iNgIuJX.exe
1964	JVgzAfc.exe
2568	wmKgpnt.exe
1700	rzMYcFT.exe
4900	uWcJzUM.exe
2776	mQGhDCB.exe
3876	mNTLVrR.exe
4456	qRpYmXr.exe
412	sdEdcMp.exe
4752	qSRyjrL.exe
4692	LdehyJI.exe
4772	yJjUFRs.exe
4552	kCgqIMH.exe
3544	CCVRcXF.exe
5008	wzgEDIH.exe
4876	PtMDEaV.exe
5100	kEjylGP.exe
792	aQuOhNn.exe
1156	qVvEDFG.exe
3644	wgmIuKZ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1056-0-0x00007FF642D10000-0x00007FF643102000-memory.dmp	upx
behavioral2/files/0x0007000000023451-17.dat	upx
behavioral2/files/0x0007000000023456-41.dat	upx
behavioral2/files/0x000700000002345d-88.dat	upx
behavioral2/files/0x000700000002345e-89.dat	upx
behavioral2/files/0x000700000002346c-148.dat	upx
behavioral2/memory/4520-243-0x00007FF7F2B60000-0x00007FF7F2F52000-memory.dmp	upx
behavioral2/memory/3952-270-0x00007FF6D75D0000-0x00007FF6D79C2000-memory.dmp	upx
behavioral2/memory/2944-316-0x00007FF7E7810000-0x00007FF7E7C02000-memory.dmp	upx
behavioral2/memory/1928-326-0x00007FF6E3C50000-0x00007FF6E4042000-memory.dmp	upx
behavioral2/memory/2344-329-0x00007FF6746F0000-0x00007FF674AE2000-memory.dmp	upx
behavioral2/memory/724-328-0x00007FF70F230000-0x00007FF70F622000-memory.dmp	upx
behavioral2/memory/452-327-0x00007FF7E0DD0000-0x00007FF7E11C2000-memory.dmp	upx
behavioral2/memory/664-325-0x00007FF72A0F0000-0x00007FF72A4E2000-memory.dmp	upx
behavioral2/memory/3564-324-0x00007FF6EE740000-0x00007FF6EEB32000-memory.dmp	upx
behavioral2/memory/3384-323-0x00007FF66CC10000-0x00007FF66D002000-memory.dmp	upx
behavioral2/memory/4140-322-0x00007FF748850000-0x00007FF748C42000-memory.dmp	upx
behavioral2/memory/2928-321-0x00007FF73AA40000-0x00007FF73AE32000-memory.dmp	upx
behavioral2/memory/2544-320-0x00007FF693900000-0x00007FF693CF2000-memory.dmp	upx
behavioral2/memory/5084-319-0x00007FF7147A0000-0x00007FF714B92000-memory.dmp	upx
behavioral2/memory/2336-318-0x00007FF619810000-0x00007FF619C02000-memory.dmp	upx
behavioral2/memory/3092-317-0x00007FF784AE0000-0x00007FF784ED2000-memory.dmp	upx
behavioral2/memory/4628-289-0x00007FF61CFD0000-0x00007FF61D3C2000-memory.dmp	upx
behavioral2/memory/2744-251-0x00007FF7B5670000-0x00007FF7B5A62000-memory.dmp	upx
behavioral2/memory/4584-237-0x00007FF6DE820000-0x00007FF6DEC12000-memory.dmp	upx
behavioral2/memory/2572-197-0x00007FF6831B0000-0x00007FF6835A2000-memory.dmp	upx
behavioral2/files/0x0007000000023466-190.dat	upx
behavioral2/files/0x0007000000023473-189.dat	upx
behavioral2/files/0x0007000000023465-182.dat	upx
behavioral2/files/0x0007000000023464-178.dat	upx
behavioral2/files/0x0007000000023472-175.dat	upx
behavioral2/files/0x0007000000023471-174.dat	upx
behavioral2/files/0x0007000000023463-168.dat	upx
behavioral2/files/0x0007000000023470-163.dat	upx
behavioral2/files/0x0007000000023469-162.dat	upx
behavioral2/files/0x0007000000023468-155.dat	upx
behavioral2/files/0x0007000000023460-153.dat	upx
behavioral2/files/0x000700000002346e-152.dat	upx
behavioral2/files/0x000700000002346d-151.dat	upx
behavioral2/files/0x000800000002344d-141.dat	upx
behavioral2/files/0x000700000002346b-140.dat	upx
behavioral2/files/0x000700000002345c-138.dat	upx
behavioral2/files/0x0007000000023462-128.dat	upx
behavioral2/memory/1860-123-0x00007FF650660000-0x00007FF650A52000-memory.dmp	upx
behavioral2/files/0x0007000000023467-113.dat	upx
behavioral2/files/0x0007000000023459-106.dat	upx
behavioral2/files/0x000700000002345b-133.dat	upx
behavioral2/files/0x000700000002346a-131.dat	upx
behavioral2/files/0x0007000000023461-122.dat	upx
behavioral2/memory/2056-93-0x00007FF65E1C0000-0x00007FF65E5B2000-memory.dmp	upx
behavioral2/files/0x000700000002345f-90.dat	upx
behavioral2/files/0x000700000002345a-85.dat	upx
behavioral2/files/0x0007000000023458-78.dat	upx
behavioral2/files/0x0007000000023457-71.dat	upx
behavioral2/files/0x0007000000023452-61.dat	upx
behavioral2/memory/5052-59-0x00007FF754660000-0x00007FF754A52000-memory.dmp	upx
behavioral2/files/0x0007000000023453-46.dat	upx
behavioral2/files/0x0007000000023455-64.dat	upx
behavioral2/files/0x0007000000023454-34.dat	upx
behavioral2/memory/3048-32-0x00007FF7A1640000-0x00007FF7A1A32000-memory.dmp	upx
behavioral2/files/0x000800000002344c-25.dat	upx
behavioral2/files/0x0007000000023450-14.dat	upx
behavioral2/memory/452-2028-0x00007FF7E0DD0000-0x00007FF7E11C2000-memory.dmp	upx
behavioral2/memory/3048-2030-0x00007FF7A1640000-0x00007FF7A1A32000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ufBrzgS.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\WAfDHOy.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\VThEZcI.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\TayCywf.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\XlXKGIa.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\LSFqBgO.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\yIikGHM.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\xdsVoQg.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\NPFQnMr.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\nwvFTLE.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\BMqJmgG.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\LCfhyxo.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\mQxaKZX.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\MTymVQD.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\FwgYdsu.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\mQGhDCB.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\mNTLVrR.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\fkOOdaD.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\hbLpsux.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\hJPbBAd.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\QoKBCyj.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\PRrpMcR.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\FsTierF.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\lfNWBTn.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\TGaAkJq.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\hqFBzYz.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\vMOjpEl.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\BhJTkHv.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\LZCyrsh.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\AEBqUnL.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\lDjOtyX.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\QzgTjUl.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\vlnTIzA.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\NItxJLv.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\pIxlUas.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\OjFluAZ.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\WIMfXee.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\uXYDfDW.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\VcUkqpP.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\qXDVyWg.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\uVIHZEP.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\gzdDKhc.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\lDNHacb.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\DjGXKiS.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\vqGNaWY.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\rycKFnX.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\sZjQYjD.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\axtmAhN.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\zQrpJDh.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\uWUQWRn.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\rFMuooh.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\kEjylGP.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\VokgWax.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\uaFRuKa.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\ucjDSTr.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\ghWTUoq.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\fgaOciZ.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\RwDLXuI.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\lbqgYkA.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\PgJGfXk.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\JNWWOJu.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\YTcMsRy.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\zYAxFHr.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
File created	C:\Windows\System\EaCrLDW.exe	1b55cd9ee8bab7534633b5fcb4d022d0N.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3616	powershell.exe
3616	powershell.exe
3616	powershell.exe
3616	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe
Token: SeDebugPrivilege	3616	powershell.exe
Token: SeLockMemoryPrivilege	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 3616	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	85
PID 1056 wrote to memory of 3616	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	85
PID 1056 wrote to memory of 3048	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	86
PID 1056 wrote to memory of 3048	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	86
PID 1056 wrote to memory of 452	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	87
PID 1056 wrote to memory of 452	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	87
PID 1056 wrote to memory of 5052	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	88
PID 1056 wrote to memory of 5052	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	88
PID 1056 wrote to memory of 2056	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	89
PID 1056 wrote to memory of 2056	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	89
PID 1056 wrote to memory of 1860	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	90
PID 1056 wrote to memory of 1860	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	90
PID 1056 wrote to memory of 2572	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	91
PID 1056 wrote to memory of 2572	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	91
PID 1056 wrote to memory of 724	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	92
PID 1056 wrote to memory of 724	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	92
PID 1056 wrote to memory of 4584	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	93
PID 1056 wrote to memory of 4584	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	93
PID 1056 wrote to memory of 4520	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	94
PID 1056 wrote to memory of 4520	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	94
PID 1056 wrote to memory of 2744	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	95
PID 1056 wrote to memory of 2744	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	95
PID 1056 wrote to memory of 3952	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	96
PID 1056 wrote to memory of 3952	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	96
PID 1056 wrote to memory of 4628	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	97
PID 1056 wrote to memory of 4628	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	97
PID 1056 wrote to memory of 2944	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	98
PID 1056 wrote to memory of 2944	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	98
PID 1056 wrote to memory of 3092	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	99
PID 1056 wrote to memory of 3092	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	99
PID 1056 wrote to memory of 2336	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	100
PID 1056 wrote to memory of 2336	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	100
PID 1056 wrote to memory of 5084	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	101
PID 1056 wrote to memory of 5084	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	101
PID 1056 wrote to memory of 2544	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	102
PID 1056 wrote to memory of 2544	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	102
PID 1056 wrote to memory of 2344	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	103
PID 1056 wrote to memory of 2344	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	103
PID 1056 wrote to memory of 2928	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	104
PID 1056 wrote to memory of 2928	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	104
PID 1056 wrote to memory of 4140	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	105
PID 1056 wrote to memory of 4140	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	105
PID 1056 wrote to memory of 3384	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	106
PID 1056 wrote to memory of 3384	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	106
PID 1056 wrote to memory of 3564	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	107
PID 1056 wrote to memory of 3564	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	107
PID 1056 wrote to memory of 664	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	108
PID 1056 wrote to memory of 664	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	108
PID 1056 wrote to memory of 1928	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	109
PID 1056 wrote to memory of 1928	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	109
PID 1056 wrote to memory of 2528	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	110
PID 1056 wrote to memory of 2528	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	110
PID 1056 wrote to memory of 1876	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	111
PID 1056 wrote to memory of 1876	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	111
PID 1056 wrote to memory of 3176	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	112
PID 1056 wrote to memory of 3176	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	112
PID 1056 wrote to memory of 1912	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	113
PID 1056 wrote to memory of 1912	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	113
PID 1056 wrote to memory of 3300	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	114
PID 1056 wrote to memory of 3300	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	114
PID 1056 wrote to memory of 2368	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	115
PID 1056 wrote to memory of 2368	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	115
PID 1056 wrote to memory of 1416	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	116
PID 1056 wrote to memory of 1416	1056	1b55cd9ee8bab7534633b5fcb4d022d0N.exe	116

C:\Users\Admin\AppData\Local\Temp\1b55cd9ee8bab7534633b5fcb4d022d0N.exe
"C:\Users\Admin\AppData\Local\Temp\1b55cd9ee8bab7534633b5fcb4d022d0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3616
- C:\Windows\System\esupMVC.exe
  C:\Windows\System\esupMVC.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\UnyTDPh.exe
  C:\Windows\System\UnyTDPh.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\FzQikNr.exe
  C:\Windows\System\FzQikNr.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\WTBByLB.exe
  C:\Windows\System\WTBByLB.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\MiTFVuQ.exe
  C:\Windows\System\MiTFVuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\MCyARZR.exe
  C:\Windows\System\MCyARZR.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ODNrJUA.exe
  C:\Windows\System\ODNrJUA.exe
  2⤵
  - Executes dropped EXE
  PID:724
- C:\Windows\System\XlXKGIa.exe
  C:\Windows\System\XlXKGIa.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\FlWqhsG.exe
  C:\Windows\System\FlWqhsG.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\eEeUeVE.exe
  C:\Windows\System\eEeUeVE.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\grXqzsn.exe
  C:\Windows\System\grXqzsn.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\YTcMsRy.exe
  C:\Windows\System\YTcMsRy.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\iavwmtu.exe
  C:\Windows\System\iavwmtu.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\mQeCbsT.exe
  C:\Windows\System\mQeCbsT.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\FSPullF.exe
  C:\Windows\System\FSPullF.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\rMuXqJb.exe
  C:\Windows\System\rMuXqJb.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\bxfydGh.exe
  C:\Windows\System\bxfydGh.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\ubHNNHw.exe
  C:\Windows\System\ubHNNHw.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\LZCyrsh.exe
  C:\Windows\System\LZCyrsh.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\fClvpIN.exe
  C:\Windows\System\fClvpIN.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\rFMuooh.exe
  C:\Windows\System\rFMuooh.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\kOgjdQm.exe
  C:\Windows\System\kOgjdQm.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\jMfcQRF.exe
  C:\Windows\System\jMfcQRF.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\frbatbj.exe
  C:\Windows\System\frbatbj.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\rpsYony.exe
  C:\Windows\System\rpsYony.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\nGdcQqj.exe
  C:\Windows\System\nGdcQqj.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\aNySnMj.exe
  C:\Windows\System\aNySnMj.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\XCXXXSr.exe
  C:\Windows\System\XCXXXSr.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\AFXxEEL.exe
  C:\Windows\System\AFXxEEL.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\PXHjlhK.exe
  C:\Windows\System\PXHjlhK.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\OOypDCM.exe
  C:\Windows\System\OOypDCM.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\HWYLtpp.exe
  C:\Windows\System\HWYLtpp.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\rvEfNrz.exe
  C:\Windows\System\rvEfNrz.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\MXDXfEk.exe
  C:\Windows\System\MXDXfEk.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\vqGNaWY.exe
  C:\Windows\System\vqGNaWY.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\OCRMCUc.exe
  C:\Windows\System\OCRMCUc.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\jCYItJo.exe
  C:\Windows\System\jCYItJo.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\JbQpLff.exe
  C:\Windows\System\JbQpLff.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\FsTierF.exe
  C:\Windows\System\FsTierF.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\OfwjcMt.exe
  C:\Windows\System\OfwjcMt.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\fQrpRzr.exe
  C:\Windows\System\fQrpRzr.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\tpXqTRT.exe
  C:\Windows\System\tpXqTRT.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\aKKohYk.exe
  C:\Windows\System\aKKohYk.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\DRnAIaN.exe
  C:\Windows\System\DRnAIaN.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\iNgIuJX.exe
  C:\Windows\System\iNgIuJX.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\JVgzAfc.exe
  C:\Windows\System\JVgzAfc.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\wmKgpnt.exe
  C:\Windows\System\wmKgpnt.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\rzMYcFT.exe
  C:\Windows\System\rzMYcFT.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\uWcJzUM.exe
  C:\Windows\System\uWcJzUM.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\mQGhDCB.exe
  C:\Windows\System\mQGhDCB.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\mNTLVrR.exe
  C:\Windows\System\mNTLVrR.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\qRpYmXr.exe
  C:\Windows\System\qRpYmXr.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\sdEdcMp.exe
  C:\Windows\System\sdEdcMp.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\qSRyjrL.exe
  C:\Windows\System\qSRyjrL.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\LdehyJI.exe
  C:\Windows\System\LdehyJI.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\yJjUFRs.exe
  C:\Windows\System\yJjUFRs.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\kCgqIMH.exe
  C:\Windows\System\kCgqIMH.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\CCVRcXF.exe
  C:\Windows\System\CCVRcXF.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\wzgEDIH.exe
  C:\Windows\System\wzgEDIH.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\PtMDEaV.exe
  C:\Windows\System\PtMDEaV.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\kEjylGP.exe
  C:\Windows\System\kEjylGP.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\aQuOhNn.exe
  C:\Windows\System\aQuOhNn.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\qVvEDFG.exe
  C:\Windows\System\qVvEDFG.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\wgmIuKZ.exe
  C:\Windows\System\wgmIuKZ.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\ptYosaa.exe
  C:\Windows\System\ptYosaa.exe
  2⤵
  PID:1084
- C:\Windows\System\QNydIpJ.exe
  C:\Windows\System\QNydIpJ.exe
  2⤵
  PID:2956
- C:\Windows\System\pzaTqjz.exe
  C:\Windows\System\pzaTqjz.exe
  2⤵
  PID:2396
- C:\Windows\System\KDGzvUA.exe
  C:\Windows\System\KDGzvUA.exe
  2⤵
  PID:3448
- C:\Windows\System\KYBzRgt.exe
  C:\Windows\System\KYBzRgt.exe
  2⤵
  PID:1428
- C:\Windows\System\rnhjZfD.exe
  C:\Windows\System\rnhjZfD.exe
  2⤵
  PID:3228
- C:\Windows\System\kcuAaXg.exe
  C:\Windows\System\kcuAaXg.exe
  2⤵
  PID:3944
- C:\Windows\System\zYAxFHr.exe
  C:\Windows\System\zYAxFHr.exe
  2⤵
  PID:116
- C:\Windows\System\HnWkKsv.exe
  C:\Windows\System\HnWkKsv.exe
  2⤵
  PID:1940
- C:\Windows\System\ZtkcXXW.exe
  C:\Windows\System\ZtkcXXW.exe
  2⤵
  PID:3920
- C:\Windows\System\zmlMfHv.exe
  C:\Windows\System\zmlMfHv.exe
  2⤵
  PID:3096
- C:\Windows\System\RdpXMFQ.exe
  C:\Windows\System\RdpXMFQ.exe
  2⤵
  PID:2180
- C:\Windows\System\uxUeeCW.exe
  C:\Windows\System\uxUeeCW.exe
  2⤵
  PID:1264
- C:\Windows\System\GOFyUJv.exe
  C:\Windows\System\GOFyUJv.exe
  2⤵
  PID:5132
- C:\Windows\System\BwVjBRx.exe
  C:\Windows\System\BwVjBRx.exe
  2⤵
  PID:5148
- C:\Windows\System\EcVUoqy.exe
  C:\Windows\System\EcVUoqy.exe
  2⤵
  PID:5164
- C:\Windows\System\DajWrOL.exe
  C:\Windows\System\DajWrOL.exe
  2⤵
  PID:5180
- C:\Windows\System\AEBqUnL.exe
  C:\Windows\System\AEBqUnL.exe
  2⤵
  PID:5196
- C:\Windows\System\nmFZKay.exe
  C:\Windows\System\nmFZKay.exe
  2⤵
  PID:5216
- C:\Windows\System\yZcUtes.exe
  C:\Windows\System\yZcUtes.exe
  2⤵
  PID:5232
- C:\Windows\System\SULClKc.exe
  C:\Windows\System\SULClKc.exe
  2⤵
  PID:5248
- C:\Windows\System\nYVrDqE.exe
  C:\Windows\System\nYVrDqE.exe
  2⤵
  PID:5268
- C:\Windows\System\gLnXDYV.exe
  C:\Windows\System\gLnXDYV.exe
  2⤵
  PID:5284
- C:\Windows\System\lScDyIX.exe
  C:\Windows\System\lScDyIX.exe
  2⤵
  PID:5380
- C:\Windows\System\vlnTIzA.exe
  C:\Windows\System\vlnTIzA.exe
  2⤵
  PID:5396
- C:\Windows\System\AbCHXnZ.exe
  C:\Windows\System\AbCHXnZ.exe
  2⤵
  PID:5412
- C:\Windows\System\QIIdNhi.exe
  C:\Windows\System\QIIdNhi.exe
  2⤵
  PID:5428
- C:\Windows\System\VokgWax.exe
  C:\Windows\System\VokgWax.exe
  2⤵
  PID:5444
- C:\Windows\System\aLrvuzb.exe
  C:\Windows\System\aLrvuzb.exe
  2⤵
  PID:5460
- C:\Windows\System\FvmhFlB.exe
  C:\Windows\System\FvmhFlB.exe
  2⤵
  PID:5476
- C:\Windows\System\fkOOdaD.exe
  C:\Windows\System\fkOOdaD.exe
  2⤵
  PID:5492
- C:\Windows\System\FIJqozm.exe
  C:\Windows\System\FIJqozm.exe
  2⤵
  PID:5508
- C:\Windows\System\DuFyiIe.exe
  C:\Windows\System\DuFyiIe.exe
  2⤵
  PID:5524
- C:\Windows\System\tWCtCvZ.exe
  C:\Windows\System\tWCtCvZ.exe
  2⤵
  PID:5540
- C:\Windows\System\ACsHeVs.exe
  C:\Windows\System\ACsHeVs.exe
  2⤵
  PID:5556
- C:\Windows\System\fgaOciZ.exe
  C:\Windows\System\fgaOciZ.exe
  2⤵
  PID:5572
- C:\Windows\System\duogxeQ.exe
  C:\Windows\System\duogxeQ.exe
  2⤵
  PID:5600
- C:\Windows\System\MjiMYZC.exe
  C:\Windows\System\MjiMYZC.exe
  2⤵
  PID:5652
- C:\Windows\System\SjRYldv.exe
  C:\Windows\System\SjRYldv.exe
  2⤵
  PID:5844
- C:\Windows\System\LSFqBgO.exe
  C:\Windows\System\LSFqBgO.exe
  2⤵
  PID:2908
- C:\Windows\System\gHXgxJT.exe
  C:\Windows\System\gHXgxJT.exe
  2⤵
  PID:4060
- C:\Windows\System\uETAIzx.exe
  C:\Windows\System\uETAIzx.exe
  2⤵
  PID:3708
- C:\Windows\System\YjWZFtD.exe
  C:\Windows\System\YjWZFtD.exe
  2⤵
  PID:4120
- C:\Windows\System\WTBtHMw.exe
  C:\Windows\System\WTBtHMw.exe
  2⤵
  PID:2316
- C:\Windows\System\LAlnMPg.exe
  C:\Windows\System\LAlnMPg.exe
  2⤵
  PID:3044
- C:\Windows\System\kIFxQqS.exe
  C:\Windows\System\kIFxQqS.exe
  2⤵
  PID:4044
- C:\Windows\System\UniIDUc.exe
  C:\Windows\System\UniIDUc.exe
  2⤵
  PID:4268
- C:\Windows\System\XlNEudh.exe
  C:\Windows\System\XlNEudh.exe
  2⤵
  PID:4832
- C:\Windows\System\WCGNlcy.exe
  C:\Windows\System\WCGNlcy.exe
  2⤵
  PID:760
- C:\Windows\System\NFgzAqi.exe
  C:\Windows\System\NFgzAqi.exe
  2⤵
  PID:2128
- C:\Windows\System\DCOjyaf.exe
  C:\Windows\System\DCOjyaf.exe
  2⤵
  PID:5140
- C:\Windows\System\NuaUIxx.exe
  C:\Windows\System\NuaUIxx.exe
  2⤵
  PID:5172
- C:\Windows\System\uDOgBtn.exe
  C:\Windows\System\uDOgBtn.exe
  2⤵
  PID:5204
- C:\Windows\System\OjFluAZ.exe
  C:\Windows\System\OjFluAZ.exe
  2⤵
  PID:5240
- C:\Windows\System\KOvtVzF.exe
  C:\Windows\System\KOvtVzF.exe
  2⤵
  PID:5276
- C:\Windows\System\BQveQTJ.exe
  C:\Windows\System\BQveQTJ.exe
  2⤵
  PID:1272
- C:\Windows\System\ujPvADy.exe
  C:\Windows\System\ujPvADy.exe
  2⤵
  PID:5392
- C:\Windows\System\mtkrrjT.exe
  C:\Windows\System\mtkrrjT.exe
  2⤵
  PID:5424
- C:\Windows\System\KwoBmoq.exe
  C:\Windows\System\KwoBmoq.exe
  2⤵
  PID:5456
- C:\Windows\System\RJyxaUo.exe
  C:\Windows\System\RJyxaUo.exe
  2⤵
  PID:5488
- C:\Windows\System\bySkqmf.exe
  C:\Windows\System\bySkqmf.exe
  2⤵
  PID:5520
- C:\Windows\System\bgeygLx.exe
  C:\Windows\System\bgeygLx.exe
  2⤵
  PID:5552
- C:\Windows\System\fXiNOZZ.exe
  C:\Windows\System\fXiNOZZ.exe
  2⤵
  PID:5584
- C:\Windows\System\RRhaifh.exe
  C:\Windows\System\RRhaifh.exe
  2⤵
  PID:5620
- C:\Windows\System\kbfvubd.exe
  C:\Windows\System\kbfvubd.exe
  2⤵
  PID:5648
- C:\Windows\System\nAcgRdf.exe
  C:\Windows\System\nAcgRdf.exe
  2⤵
  PID:5688
- C:\Windows\System\kDsasAQ.exe
  C:\Windows\System\kDsasAQ.exe
  2⤵
  PID:5720
- C:\Windows\System\vZSImNp.exe
  C:\Windows\System\vZSImNp.exe
  2⤵
  PID:5748
- C:\Windows\System\bZvHRko.exe
  C:\Windows\System\bZvHRko.exe
  2⤵
  PID:5784
- C:\Windows\System\tWZtsFa.exe
  C:\Windows\System\tWZtsFa.exe
  2⤵
  PID:5828
- C:\Windows\System\nIhkdDr.exe
  C:\Windows\System\nIhkdDr.exe
  2⤵
  PID:216
- C:\Windows\System\CpGgAwW.exe
  C:\Windows\System\CpGgAwW.exe
  2⤵
  PID:3404
- C:\Windows\System\iInNeFZ.exe
  C:\Windows\System\iInNeFZ.exe
  2⤵
  PID:1252
- C:\Windows\System\xXFMIEX.exe
  C:\Windows\System\xXFMIEX.exe
  2⤵
  PID:900
- C:\Windows\System\ldfwrfA.exe
  C:\Windows\System\ldfwrfA.exe
  2⤵
  PID:4448
- C:\Windows\System\agNJWNe.exe
  C:\Windows\System\agNJWNe.exe
  2⤵
  PID:5156
- C:\Windows\System\VBAVbVY.exe
  C:\Windows\System\VBAVbVY.exe
  2⤵
  PID:5224
- C:\Windows\System\jevJLNv.exe
  C:\Windows\System\jevJLNv.exe
  2⤵
  PID:5292
- C:\Windows\System\RwDLXuI.exe
  C:\Windows\System\RwDLXuI.exe
  2⤵
  PID:5452
- C:\Windows\System\ThgKvhD.exe
  C:\Windows\System\ThgKvhD.exe
  2⤵
  PID:5536
- C:\Windows\System\XYVxfil.exe
  C:\Windows\System\XYVxfil.exe
  2⤵
  PID:5616
- C:\Windows\System\lqPknkM.exe
  C:\Windows\System\lqPknkM.exe
  2⤵
  PID:5704
- C:\Windows\System\RjYNVWF.exe
  C:\Windows\System\RjYNVWF.exe
  2⤵
  PID:5764
- C:\Windows\System\aZEzVdT.exe
  C:\Windows\System\aZEzVdT.exe
  2⤵
  PID:5812
- C:\Windows\System\sgDQnGS.exe
  C:\Windows\System\sgDQnGS.exe
  2⤵
  PID:3208
- C:\Windows\System\TDcWcDZ.exe
  C:\Windows\System\TDcWcDZ.exe
  2⤵
  PID:2392
- C:\Windows\System\VMuhIww.exe
  C:\Windows\System\VMuhIww.exe
  2⤵
  PID:508
- C:\Windows\System\dlASIuN.exe
  C:\Windows\System\dlASIuN.exe
  2⤵
  PID:4036
- C:\Windows\System\sjMCvDp.exe
  C:\Windows\System\sjMCvDp.exe
  2⤵
  PID:4020
- C:\Windows\System\HhPIAuC.exe
  C:\Windows\System\HhPIAuC.exe
  2⤵
  PID:3604
- C:\Windows\System\lbqgYkA.exe
  C:\Windows\System\lbqgYkA.exe
  2⤵
  PID:2856
- C:\Windows\System\tqWQHKG.exe
  C:\Windows\System\tqWQHKG.exe
  2⤵
  PID:3276
- C:\Windows\System\zGONofQ.exe
  C:\Windows\System\zGONofQ.exe
  2⤵
  PID:3152
- C:\Windows\System\ZQjWPGh.exe
  C:\Windows\System\ZQjWPGh.exe
  2⤵
  PID:552
- C:\Windows\System\gRbfpqV.exe
  C:\Windows\System\gRbfpqV.exe
  2⤵
  PID:920
- C:\Windows\System\xvifEax.exe
  C:\Windows\System\xvifEax.exe
  2⤵
  PID:2380
- C:\Windows\System\CvnMOJN.exe
  C:\Windows\System\CvnMOJN.exe
  2⤵
  PID:1812
- C:\Windows\System\WcFVhUw.exe
  C:\Windows\System\WcFVhUw.exe
  2⤵
  PID:4380
- C:\Windows\System\EaCrLDW.exe
  C:\Windows\System\EaCrLDW.exe
  2⤵
  PID:5348
- C:\Windows\System\rycKFnX.exe
  C:\Windows\System\rycKFnX.exe
  2⤵
  PID:5060
- C:\Windows\System\dGnCVpt.exe
  C:\Windows\System\dGnCVpt.exe
  2⤵
  PID:6164
- C:\Windows\System\PBNKtww.exe
  C:\Windows\System\PBNKtww.exe
  2⤵
  PID:6188
- C:\Windows\System\PgJGfXk.exe
  C:\Windows\System\PgJGfXk.exe
  2⤵
  PID:6204
- C:\Windows\System\bnGmvOa.exe
  C:\Windows\System\bnGmvOa.exe
  2⤵
  PID:6228
- C:\Windows\System\dJxGJLS.exe
  C:\Windows\System\dJxGJLS.exe
  2⤵
  PID:6248
- C:\Windows\System\iESbxSg.exe
  C:\Windows\System\iESbxSg.exe
  2⤵
  PID:6264
- C:\Windows\System\mwJfxRL.exe
  C:\Windows\System\mwJfxRL.exe
  2⤵
  PID:6280
- C:\Windows\System\KIRZxmo.exe
  C:\Windows\System\KIRZxmo.exe
  2⤵
  PID:6300
- C:\Windows\System\EzlHvzC.exe
  C:\Windows\System\EzlHvzC.exe
  2⤵
  PID:6324
- C:\Windows\System\kpHSPon.exe
  C:\Windows\System\kpHSPon.exe
  2⤵
  PID:6340
- C:\Windows\System\giwceJY.exe
  C:\Windows\System\giwceJY.exe
  2⤵
  PID:6368
- C:\Windows\System\yIikGHM.exe
  C:\Windows\System\yIikGHM.exe
  2⤵
  PID:6384
- C:\Windows\System\Xwjwjgw.exe
  C:\Windows\System\Xwjwjgw.exe
  2⤵
  PID:6408
- C:\Windows\System\QaZmdln.exe
  C:\Windows\System\QaZmdln.exe
  2⤵
  PID:6432
- C:\Windows\System\DcxDnDH.exe
  C:\Windows\System\DcxDnDH.exe
  2⤵
  PID:6452
- C:\Windows\System\xmZfgYo.exe
  C:\Windows\System\xmZfgYo.exe
  2⤵
  PID:6472
- C:\Windows\System\LELgStH.exe
  C:\Windows\System\LELgStH.exe
  2⤵
  PID:6492
- C:\Windows\System\WyqQUym.exe
  C:\Windows\System\WyqQUym.exe
  2⤵
  PID:6512
- C:\Windows\System\BMqJmgG.exe
  C:\Windows\System\BMqJmgG.exe
  2⤵
  PID:6536
- C:\Windows\System\mfbVUqU.exe
  C:\Windows\System\mfbVUqU.exe
  2⤵
  PID:6552
- C:\Windows\System\pqhXClR.exe
  C:\Windows\System\pqhXClR.exe
  2⤵
  PID:6576
- C:\Windows\System\IFDmYJy.exe
  C:\Windows\System\IFDmYJy.exe
  2⤵
  PID:6600
- C:\Windows\System\hpHnhSq.exe
  C:\Windows\System\hpHnhSq.exe
  2⤵
  PID:6632
- C:\Windows\System\GTVHWmz.exe
  C:\Windows\System\GTVHWmz.exe
  2⤵
  PID:6656
- C:\Windows\System\VpCTjfB.exe
  C:\Windows\System\VpCTjfB.exe
  2⤵
  PID:6684
- C:\Windows\System\ZzolhCq.exe
  C:\Windows\System\ZzolhCq.exe
  2⤵
  PID:6700
- C:\Windows\System\NeWBgRr.exe
  C:\Windows\System\NeWBgRr.exe
  2⤵
  PID:6724
- C:\Windows\System\teAhWpL.exe
  C:\Windows\System\teAhWpL.exe
  2⤵
  PID:6740
- C:\Windows\System\ofoxXxo.exe
  C:\Windows\System\ofoxXxo.exe
  2⤵
  PID:6764
- C:\Windows\System\BaLQzfK.exe
  C:\Windows\System\BaLQzfK.exe
  2⤵
  PID:6784
- C:\Windows\System\tvayAOH.exe
  C:\Windows\System\tvayAOH.exe
  2⤵
  PID:6812
- C:\Windows\System\sZjQYjD.exe
  C:\Windows\System\sZjQYjD.exe
  2⤵
  PID:6832
- C:\Windows\System\vjUDGKc.exe
  C:\Windows\System\vjUDGKc.exe
  2⤵
  PID:6848
- C:\Windows\System\tXDyagE.exe
  C:\Windows\System\tXDyagE.exe
  2⤵
  PID:6872
- C:\Windows\System\aSxXGzu.exe
  C:\Windows\System\aSxXGzu.exe
  2⤵
  PID:6896
- C:\Windows\System\ndXMQfy.exe
  C:\Windows\System\ndXMQfy.exe
  2⤵
  PID:6912
- C:\Windows\System\VyiNdVe.exe
  C:\Windows\System\VyiNdVe.exe
  2⤵
  PID:6928
- C:\Windows\System\QYtxdWw.exe
  C:\Windows\System\QYtxdWw.exe
  2⤵
  PID:6948
- C:\Windows\System\CUcAHen.exe
  C:\Windows\System\CUcAHen.exe
  2⤵
  PID:6964
- C:\Windows\System\oONffFH.exe
  C:\Windows\System\oONffFH.exe
  2⤵
  PID:6988
- C:\Windows\System\XMYSwGD.exe
  C:\Windows\System\XMYSwGD.exe
  2⤵
  PID:7008
- C:\Windows\System\ZdWYFSK.exe
  C:\Windows\System\ZdWYFSK.exe
  2⤵
  PID:7028
- C:\Windows\System\eGEGQwX.exe
  C:\Windows\System\eGEGQwX.exe
  2⤵
  PID:7052
- C:\Windows\System\auXmSex.exe
  C:\Windows\System\auXmSex.exe
  2⤵
  PID:7068
- C:\Windows\System\lCMMuir.exe
  C:\Windows\System\lCMMuir.exe
  2⤵
  PID:7088
- C:\Windows\System\BLMnzsb.exe
  C:\Windows\System\BLMnzsb.exe
  2⤵
  PID:7108
- C:\Windows\System\HMCuMIp.exe
  C:\Windows\System\HMCuMIp.exe
  2⤵
  PID:7128
- C:\Windows\System\Wcdaaft.exe
  C:\Windows\System\Wcdaaft.exe
  2⤵
  PID:7148
- C:\Windows\System\MkGnABY.exe
  C:\Windows\System\MkGnABY.exe
  2⤵
  PID:3360
- C:\Windows\System\AtcInYi.exe
  C:\Windows\System\AtcInYi.exe
  2⤵
  PID:2016
- C:\Windows\System\CQKxlkX.exe
  C:\Windows\System\CQKxlkX.exe
  2⤵
  PID:5032
- C:\Windows\System\McoeCLJ.exe
  C:\Windows\System\McoeCLJ.exe
  2⤵
  PID:1936
- C:\Windows\System\SviHksS.exe
  C:\Windows\System\SviHksS.exe
  2⤵
  PID:2108
- C:\Windows\System\hmslwjs.exe
  C:\Windows\System\hmslwjs.exe
  2⤵
  PID:2716
- C:\Windows\System\wmzpItn.exe
  C:\Windows\System\wmzpItn.exe
  2⤵
  PID:5328
- C:\Windows\System\FduzLmn.exe
  C:\Windows\System\FduzLmn.exe
  2⤵
  PID:6212
- C:\Windows\System\mslBIaW.exe
  C:\Windows\System\mslBIaW.exe
  2⤵
  PID:6224
- C:\Windows\System\VAtukfI.exe
  C:\Windows\System\VAtukfI.exe
  2⤵
  PID:6244
- C:\Windows\System\aXybfyj.exe
  C:\Windows\System\aXybfyj.exe
  2⤵
  PID:6236
- C:\Windows\System\kKTwlQe.exe
  C:\Windows\System\kKTwlQe.exe
  2⤵
  PID:6332
- C:\Windows\System\XHmNVqg.exe
  C:\Windows\System\XHmNVqg.exe
  2⤵
  PID:5668
- C:\Windows\System\FWHlprk.exe
  C:\Windows\System\FWHlprk.exe
  2⤵
  PID:6596
- C:\Windows\System\XHgHdLm.exe
  C:\Windows\System\XHgHdLm.exe
  2⤵
  PID:6652
- C:\Windows\System\xdsVoQg.exe
  C:\Windows\System\xdsVoQg.exe
  2⤵
  PID:6716
- C:\Windows\System\MdKGfCs.exe
  C:\Windows\System\MdKGfCs.exe
  2⤵
  PID:6256
- C:\Windows\System\fpWXEGO.exe
  C:\Windows\System\fpWXEGO.exe
  2⤵
  PID:6792
- C:\Windows\System\RfaOcxR.exe
  C:\Windows\System\RfaOcxR.exe
  2⤵
  PID:6804
- C:\Windows\System\NLPblKv.exe
  C:\Windows\System\NLPblKv.exe
  2⤵
  PID:6392
- C:\Windows\System\OwZMDKF.exe
  C:\Windows\System\OwZMDKF.exe
  2⤵
  PID:5420
- C:\Windows\System\RQkrrAU.exe
  C:\Windows\System\RQkrrAU.exe
  2⤵
  PID:6468
- C:\Windows\System\ZRgiCKA.exe
  C:\Windows\System\ZRgiCKA.exe
  2⤵
  PID:5856
- C:\Windows\System\abycuVG.exe
  C:\Windows\System\abycuVG.exe
  2⤵
  PID:6548
- C:\Windows\System\bnZoqZD.exe
  C:\Windows\System\bnZoqZD.exe
  2⤵
  PID:7184
- C:\Windows\System\AUneNDc.exe
  C:\Windows\System\AUneNDc.exe
  2⤵
  PID:7200
- C:\Windows\System\lDjOtyX.exe
  C:\Windows\System\lDjOtyX.exe
  2⤵
  PID:7228
- C:\Windows\System\zDPqVvZ.exe
  C:\Windows\System\zDPqVvZ.exe
  2⤵
  PID:7244
- C:\Windows\System\wAhGTRy.exe
  C:\Windows\System\wAhGTRy.exe
  2⤵
  PID:7268
- C:\Windows\System\gAbRcdX.exe
  C:\Windows\System\gAbRcdX.exe
  2⤵
  PID:7284
- C:\Windows\System\VRnFcjE.exe
  C:\Windows\System\VRnFcjE.exe
  2⤵
  PID:7308
- C:\Windows\System\OjpqbOW.exe
  C:\Windows\System\OjpqbOW.exe
  2⤵
  PID:7336
- C:\Windows\System\PSkVpjB.exe
  C:\Windows\System\PSkVpjB.exe
  2⤵
  PID:7352
- C:\Windows\System\jaqpVzb.exe
  C:\Windows\System\jaqpVzb.exe
  2⤵
  PID:7380
- C:\Windows\System\llbzlOf.exe
  C:\Windows\System\llbzlOf.exe
  2⤵
  PID:7400
- C:\Windows\System\yDLRpMg.exe
  C:\Windows\System\yDLRpMg.exe
  2⤵
  PID:7416
- C:\Windows\System\lfgGigo.exe
  C:\Windows\System\lfgGigo.exe
  2⤵
  PID:7448
- C:\Windows\System\iBVCBJv.exe
  C:\Windows\System\iBVCBJv.exe
  2⤵
  PID:7472
- C:\Windows\System\kumbZOs.exe
  C:\Windows\System\kumbZOs.exe
  2⤵
  PID:7492
- C:\Windows\System\xLeMhwi.exe
  C:\Windows\System\xLeMhwi.exe
  2⤵
  PID:7512
- C:\Windows\System\OPEjcDw.exe
  C:\Windows\System\OPEjcDw.exe
  2⤵
  PID:7532
- C:\Windows\System\rQDiaBz.exe
  C:\Windows\System\rQDiaBz.exe
  2⤵
  PID:7552
- C:\Windows\System\HcDNctN.exe
  C:\Windows\System\HcDNctN.exe
  2⤵
  PID:7572
- C:\Windows\System\vHGlbeK.exe
  C:\Windows\System\vHGlbeK.exe
  2⤵
  PID:7592
- C:\Windows\System\haqGvmK.exe
  C:\Windows\System\haqGvmK.exe
  2⤵
  PID:7608
- C:\Windows\System\NItxJLv.exe
  C:\Windows\System\NItxJLv.exe
  2⤵
  PID:7632
- C:\Windows\System\msbiULz.exe
  C:\Windows\System\msbiULz.exe
  2⤵
  PID:7648
- C:\Windows\System\GAKvdMX.exe
  C:\Windows\System\GAKvdMX.exe
  2⤵
  PID:7672
- C:\Windows\System\Vhhpnue.exe
  C:\Windows\System\Vhhpnue.exe
  2⤵
  PID:7688
- C:\Windows\System\dvnPeyZ.exe
  C:\Windows\System\dvnPeyZ.exe
  2⤵
  PID:7712
- C:\Windows\System\OqoVCzM.exe
  C:\Windows\System\OqoVCzM.exe
  2⤵
  PID:7732
- C:\Windows\System\yFfWdcM.exe
  C:\Windows\System\yFfWdcM.exe
  2⤵
  PID:7752
- C:\Windows\System\tnawSOb.exe
  C:\Windows\System\tnawSOb.exe
  2⤵
  PID:7772
- C:\Windows\System\WqCrszc.exe
  C:\Windows\System\WqCrszc.exe
  2⤵
  PID:7796
- C:\Windows\System\lfNWBTn.exe
  C:\Windows\System\lfNWBTn.exe
  2⤵
  PID:7812
- C:\Windows\System\TygjDVT.exe
  C:\Windows\System\TygjDVT.exe
  2⤵
  PID:7840
- C:\Windows\System\LkwDGJw.exe
  C:\Windows\System\LkwDGJw.exe
  2⤵
  PID:7860
- C:\Windows\System\cJaReTR.exe
  C:\Windows\System\cJaReTR.exe
  2⤵
  PID:7880
- C:\Windows\System\TGaAkJq.exe
  C:\Windows\System\TGaAkJq.exe
  2⤵
  PID:7900
- C:\Windows\System\XPpeqll.exe
  C:\Windows\System\XPpeqll.exe
  2⤵
  PID:7924
- C:\Windows\System\WhZOXfI.exe
  C:\Windows\System\WhZOXfI.exe
  2⤵
  PID:7944
- C:\Windows\System\DtxoAlT.exe
  C:\Windows\System\DtxoAlT.exe
  2⤵
  PID:7968
- C:\Windows\System\WysQQsX.exe
  C:\Windows\System\WysQQsX.exe
  2⤵
  PID:7984
- C:\Windows\System\PVZbbKH.exe
  C:\Windows\System\PVZbbKH.exe
  2⤵
  PID:8008
- C:\Windows\System\HEVjjKJ.exe
  C:\Windows\System\HEVjjKJ.exe
  2⤵
  PID:8024
- C:\Windows\System\tBiBVyH.exe
  C:\Windows\System\tBiBVyH.exe
  2⤵
  PID:8040
- C:\Windows\System\BOnJjwd.exe
  C:\Windows\System\BOnJjwd.exe
  2⤵
  PID:8060
- C:\Windows\System\hTsnZNm.exe
  C:\Windows\System\hTsnZNm.exe
  2⤵
  PID:8080
- C:\Windows\System\MtGEwUL.exe
  C:\Windows\System\MtGEwUL.exe
  2⤵
  PID:8100
- C:\Windows\System\GYcMynM.exe
  C:\Windows\System\GYcMynM.exe
  2⤵
  PID:8120
- C:\Windows\System\RNULpYc.exe
  C:\Windows\System\RNULpYc.exe
  2⤵
  PID:8140
- C:\Windows\System\GGUydCA.exe
  C:\Windows\System\GGUydCA.exe
  2⤵
  PID:8156
- C:\Windows\System\YvHOMnz.exe
  C:\Windows\System\YvHOMnz.exe
  2⤵
  PID:8176
- C:\Windows\System\hqFBzYz.exe
  C:\Windows\System\hqFBzYz.exe
  2⤵
  PID:6572
- C:\Windows\System\lwaGxiN.exe
  C:\Windows\System\lwaGxiN.exe
  2⤵
  PID:6984
- C:\Windows\System\ldjnezE.exe
  C:\Windows\System\ldjnezE.exe
  2⤵
  PID:5312
- C:\Windows\System\XRgmaUK.exe
  C:\Windows\System\XRgmaUK.exe
  2⤵
  PID:7084
- C:\Windows\System\GltXmUF.exe
  C:\Windows\System\GltXmUF.exe
  2⤵
  PID:7100
- C:\Windows\System\NPFQnMr.exe
  C:\Windows\System\NPFQnMr.exe
  2⤵
  PID:7156
- C:\Windows\System\HmCoWGZ.exe
  C:\Windows\System\HmCoWGZ.exe
  2⤵
  PID:4280
- C:\Windows\System\axtmAhN.exe
  C:\Windows\System\axtmAhN.exe
  2⤵
  PID:6752
- C:\Windows\System\vgZLdtL.exe
  C:\Windows\System\vgZLdtL.exe
  2⤵
  PID:6296
- C:\Windows\System\LUFOEbJ.exe
  C:\Windows\System\LUFOEbJ.exe
  2⤵
  PID:5612
- C:\Windows\System\CLwRIdu.exe
  C:\Windows\System\CLwRIdu.exe
  2⤵
  PID:8208
- C:\Windows\System\hGmsrEP.exe
  C:\Windows\System\hGmsrEP.exe
  2⤵
  PID:8232
- C:\Windows\System\mLyXeQL.exe
  C:\Windows\System\mLyXeQL.exe
  2⤵
  PID:8248
- C:\Windows\System\UebPXCk.exe
  C:\Windows\System\UebPXCk.exe
  2⤵
  PID:8268
- C:\Windows\System\bTRKNbx.exe
  C:\Windows\System\bTRKNbx.exe
  2⤵
  PID:8288
- C:\Windows\System\obQeOec.exe
  C:\Windows\System\obQeOec.exe
  2⤵
  PID:8304
- C:\Windows\System\oeMRFiR.exe
  C:\Windows\System\oeMRFiR.exe
  2⤵
  PID:8328
- C:\Windows\System\jOMceIJ.exe
  C:\Windows\System\jOMceIJ.exe
  2⤵
  PID:8344
- C:\Windows\System\LCfhyxo.exe
  C:\Windows\System\LCfhyxo.exe
  2⤵
  PID:8364
- C:\Windows\System\jflXSdD.exe
  C:\Windows\System\jflXSdD.exe
  2⤵
  PID:8388
- C:\Windows\System\gRDiTUU.exe
  C:\Windows\System\gRDiTUU.exe
  2⤵
  PID:8408
- C:\Windows\System\ufBrzgS.exe
  C:\Windows\System\ufBrzgS.exe
  2⤵
  PID:8424
- C:\Windows\System\DTfTlJH.exe
  C:\Windows\System\DTfTlJH.exe
  2⤵
  PID:8444
- C:\Windows\System\NkpQEGw.exe
  C:\Windows\System\NkpQEGw.exe
  2⤵
  PID:8480
- C:\Windows\System\xZLWMRT.exe
  C:\Windows\System\xZLWMRT.exe
  2⤵
  PID:8504
- C:\Windows\System\qjGMnZT.exe
  C:\Windows\System\qjGMnZT.exe
  2⤵
  PID:8524
- C:\Windows\System\FiOvucq.exe
  C:\Windows\System\FiOvucq.exe
  2⤵
  PID:8548
- C:\Windows\System\uaFRuKa.exe
  C:\Windows\System\uaFRuKa.exe
  2⤵
  PID:8580
- C:\Windows\System\pczbPbi.exe
  C:\Windows\System\pczbPbi.exe
  2⤵
  PID:8604
- C:\Windows\System\lDNHacb.exe
  C:\Windows\System\lDNHacb.exe
  2⤵
  PID:8624
- C:\Windows\System\INlELnM.exe
  C:\Windows\System\INlELnM.exe
  2⤵
  PID:8644
- C:\Windows\System\VGbFSNR.exe
  C:\Windows\System\VGbFSNR.exe
  2⤵
  PID:8668
- C:\Windows\System\iLErUIL.exe
  C:\Windows\System\iLErUIL.exe
  2⤵
  PID:8688
- C:\Windows\System\WAfDHOy.exe
  C:\Windows\System\WAfDHOy.exe
  2⤵
  PID:8716
- C:\Windows\System\AIIilNb.exe
  C:\Windows\System\AIIilNb.exe
  2⤵
  PID:8732
- C:\Windows\System\qTbmNDY.exe
  C:\Windows\System\qTbmNDY.exe
  2⤵
  PID:8752
- C:\Windows\System\YzrLQtm.exe
  C:\Windows\System\YzrLQtm.exe
  2⤵
  PID:8772
- C:\Windows\System\QgMQAit.exe
  C:\Windows\System\QgMQAit.exe
  2⤵
  PID:8792
- C:\Windows\System\EsbVgiU.exe
  C:\Windows\System\EsbVgiU.exe
  2⤵
  PID:8808
- C:\Windows\System\izisdcC.exe
  C:\Windows\System\izisdcC.exe
  2⤵
  PID:8836
- C:\Windows\System\yoYGBlD.exe
  C:\Windows\System\yoYGBlD.exe
  2⤵
  PID:8856
- C:\Windows\System\rhbmVfS.exe
  C:\Windows\System\rhbmVfS.exe
  2⤵
  PID:8876
- C:\Windows\System\xtMJaks.exe
  C:\Windows\System\xtMJaks.exe
  2⤵
  PID:8896
- C:\Windows\System\NGYuSSb.exe
  C:\Windows\System\NGYuSSb.exe
  2⤵
  PID:8916
- C:\Windows\System\PESXTSZ.exe
  C:\Windows\System\PESXTSZ.exe
  2⤵
  PID:8940
- C:\Windows\System\KDSpmJN.exe
  C:\Windows\System\KDSpmJN.exe
  2⤵
  PID:8960
- C:\Windows\System\qoXzWCf.exe
  C:\Windows\System\qoXzWCf.exe
  2⤵
  PID:8976
- C:\Windows\System\mgbKUvv.exe
  C:\Windows\System\mgbKUvv.exe
  2⤵
  PID:9004
- C:\Windows\System\njhaOYH.exe
  C:\Windows\System\njhaOYH.exe
  2⤵
  PID:9020
- C:\Windows\System\xYOeWag.exe
  C:\Windows\System\xYOeWag.exe
  2⤵
  PID:9040
- C:\Windows\System\CELYLzW.exe
  C:\Windows\System\CELYLzW.exe
  2⤵
  PID:9064
- C:\Windows\System\NicfLjJ.exe
  C:\Windows\System\NicfLjJ.exe
  2⤵
  PID:9080
- C:\Windows\System\reyZFxt.exe
  C:\Windows\System\reyZFxt.exe
  2⤵
  PID:9100
- C:\Windows\System\MTSDNOi.exe
  C:\Windows\System\MTSDNOi.exe
  2⤵
  PID:9124
- C:\Windows\System\VThEZcI.exe
  C:\Windows\System\VThEZcI.exe
  2⤵
  PID:9148
- C:\Windows\System\VcUkqpP.exe
  C:\Windows\System\VcUkqpP.exe
  2⤵
  PID:9164
- C:\Windows\System\HLOZNkP.exe
  C:\Windows\System\HLOZNkP.exe
  2⤵
  PID:9188
- C:\Windows\System\QBqcJcv.exe
  C:\Windows\System\QBqcJcv.exe
  2⤵
  PID:9208
- C:\Windows\System\hbLpsux.exe
  C:\Windows\System\hbLpsux.exe
  2⤵
  PID:6352
- C:\Windows\System\qyYwvFH.exe
  C:\Windows\System\qyYwvFH.exe
  2⤵
  PID:6504
- C:\Windows\System\lmgIEkN.exe
  C:\Windows\System\lmgIEkN.exe
  2⤵
  PID:7280
- C:\Windows\System\SMoDaly.exe
  C:\Windows\System\SMoDaly.exe
  2⤵
  PID:7320
- C:\Windows\System\jhDjeXs.exe
  C:\Windows\System\jhDjeXs.exe
  2⤵
  PID:7376
- C:\Windows\System\VJWAAVd.exe
  C:\Windows\System\VJWAAVd.exe
  2⤵
  PID:464
- C:\Windows\System\myjINxp.exe
  C:\Windows\System\myjINxp.exe
  2⤵
  PID:7580
- C:\Windows\System\ErEEhrK.exe
  C:\Windows\System\ErEEhrK.exe
  2⤵
  PID:7624
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 7624 -s 244
    3⤵
    PID:11608
- C:\Windows\System\GkrHEdE.exe
  C:\Windows\System\GkrHEdE.exe
  2⤵
  PID:7680
- C:\Windows\System\ZZPSphM.exe
  C:\Windows\System\ZZPSphM.exe
  2⤵
  PID:7820
- C:\Windows\System\HXnJTHt.exe
  C:\Windows\System\HXnJTHt.exe
  2⤵
  PID:7848
- C:\Windows\System\gIpHiYy.exe
  C:\Windows\System\gIpHiYy.exe
  2⤵
  PID:5484
- C:\Windows\System\qtdJDYl.exe
  C:\Windows\System\qtdJDYl.exe
  2⤵
  PID:7912
- C:\Windows\System\SpfXvjE.exe
  C:\Windows\System\SpfXvjE.exe
  2⤵
  PID:456
- C:\Windows\System\QQdudAY.exe
  C:\Windows\System\QQdudAY.exe
  2⤵
  PID:8036
- C:\Windows\System\KjWdKVx.exe
  C:\Windows\System\KjWdKVx.exe
  2⤵
  PID:8148
- C:\Windows\System\mMEkkZm.exe
  C:\Windows\System\mMEkkZm.exe
  2⤵
  PID:4080
- C:\Windows\System\nGxoKzJ.exe
  C:\Windows\System\nGxoKzJ.exe
  2⤵
  PID:6844
- C:\Windows\System\eHYqpWC.exe
  C:\Windows\System\eHYqpWC.exe
  2⤵
  PID:9232
- C:\Windows\System\BkJEuIo.exe
  C:\Windows\System\BkJEuIo.exe
  2⤵
  PID:9248
- C:\Windows\System\IeCrGhT.exe
  C:\Windows\System\IeCrGhT.exe
  2⤵
  PID:9268
- C:\Windows\System\NKrtzgQ.exe
  C:\Windows\System\NKrtzgQ.exe
  2⤵
  PID:9292
- C:\Windows\System\eRXXQld.exe
  C:\Windows\System\eRXXQld.exe
  2⤵
  PID:9312
- C:\Windows\System\WMPFupL.exe
  C:\Windows\System\WMPFupL.exe
  2⤵
  PID:9336
- C:\Windows\System\uWvJfCI.exe
  C:\Windows\System\uWvJfCI.exe
  2⤵
  PID:9364
- C:\Windows\System\lfGsnus.exe
  C:\Windows\System\lfGsnus.exe
  2⤵
  PID:9380
- C:\Windows\System\BDIwqpL.exe
  C:\Windows\System\BDIwqpL.exe
  2⤵
  PID:9396
- C:\Windows\System\ucjDSTr.exe
  C:\Windows\System\ucjDSTr.exe
  2⤵
  PID:9416
- C:\Windows\System\hJPbBAd.exe
  C:\Windows\System\hJPbBAd.exe
  2⤵
  PID:9440
- C:\Windows\System\iaJkLcV.exe
  C:\Windows\System\iaJkLcV.exe
  2⤵
  PID:9460
- C:\Windows\System\fyJuivT.exe
  C:\Windows\System\fyJuivT.exe
  2⤵
  PID:9496
- C:\Windows\System\HASJQzj.exe
  C:\Windows\System\HASJQzj.exe
  2⤵
  PID:9516
- C:\Windows\System\COBNoqu.exe
  C:\Windows\System\COBNoqu.exe
  2⤵
  PID:9536
- C:\Windows\System\jcjGsdA.exe
  C:\Windows\System\jcjGsdA.exe
  2⤵
  PID:9556
- C:\Windows\System\oglpBUK.exe
  C:\Windows\System\oglpBUK.exe
  2⤵
  PID:9576
- C:\Windows\System\ZNjJUQd.exe
  C:\Windows\System\ZNjJUQd.exe
  2⤵
  PID:9604
- C:\Windows\System\YGVPjdy.exe
  C:\Windows\System\YGVPjdy.exe
  2⤵
  PID:9624
- C:\Windows\System\zlZzxlU.exe
  C:\Windows\System\zlZzxlU.exe
  2⤵
  PID:9648
- C:\Windows\System\yUGrabc.exe
  C:\Windows\System\yUGrabc.exe
  2⤵
  PID:9672
- C:\Windows\System\SdcFcKD.exe
  C:\Windows\System\SdcFcKD.exe
  2⤵
  PID:9688
- C:\Windows\System\XWuRnOy.exe
  C:\Windows\System\XWuRnOy.exe
  2⤵
  PID:9712
- C:\Windows\System\sWgdaZO.exe
  C:\Windows\System\sWgdaZO.exe
  2⤵
  PID:9736
- C:\Windows\System\aWIKAqe.exe
  C:\Windows\System\aWIKAqe.exe
  2⤵
  PID:9756
- C:\Windows\System\dJFYtDl.exe
  C:\Windows\System\dJFYtDl.exe
  2⤵
  PID:9784
- C:\Windows\System\nyZyuUI.exe
  C:\Windows\System\nyZyuUI.exe
  2⤵
  PID:9804
- C:\Windows\System\RRKEUhD.exe
  C:\Windows\System\RRKEUhD.exe
  2⤵
  PID:9828
- C:\Windows\System\jEfFTYP.exe
  C:\Windows\System\jEfFTYP.exe
  2⤵
  PID:9848
- C:\Windows\System\BVdiWLs.exe
  C:\Windows\System\BVdiWLs.exe
  2⤵
  PID:9876
- C:\Windows\System\OSkowFB.exe
  C:\Windows\System\OSkowFB.exe
  2⤵
  PID:9892
- C:\Windows\System\HPMvVrj.exe
  C:\Windows\System\HPMvVrj.exe
  2⤵
  PID:9916
- C:\Windows\System\WmZcyDD.exe
  C:\Windows\System\WmZcyDD.exe
  2⤵
  PID:9940
- C:\Windows\System\XCuxpqd.exe
  C:\Windows\System\XCuxpqd.exe
  2⤵
  PID:8296
- C:\Windows\System\GHtKvmj.exe
  C:\Windows\System\GHtKvmj.exe
  2⤵
  PID:9372
- C:\Windows\System\kDSezyP.exe
  C:\Windows\System\kDSezyP.exe
  2⤵
  PID:8356
- C:\Windows\System\qARWsJd.exe
  C:\Windows\System\qARWsJd.exe
  2⤵
  PID:7256
- C:\Windows\System\wNPaXoe.exe
  C:\Windows\System\wNPaXoe.exe
  2⤵
  PID:9572
- C:\Windows\System\oqdGJGx.exe
  C:\Windows\System\oqdGJGx.exe
  2⤵
  PID:7480
- C:\Windows\System\cmAmOMe.exe
  C:\Windows\System\cmAmOMe.exe
  2⤵
  PID:7544
- C:\Windows\System\KQKYDrJ.exe
  C:\Windows\System\KQKYDrJ.exe
  2⤵
  PID:9704
- C:\Windows\System\dxcUSLT.exe
  C:\Windows\System\dxcUSLT.exe
  2⤵
  PID:9732
- C:\Windows\System\nUQobzR.exe
  C:\Windows\System\nUQobzR.exe
  2⤵
  PID:8748
- C:\Windows\System\xMqqKya.exe
  C:\Windows\System\xMqqKya.exe
  2⤵
  PID:8828
- C:\Windows\System\lbzhdKT.exe
  C:\Windows\System\lbzhdKT.exe
  2⤵
  PID:8888
- C:\Windows\System\TvrOtIx.exe
  C:\Windows\System\TvrOtIx.exe
  2⤵
  PID:8996
- C:\Windows\System\oSycpNx.exe
  C:\Windows\System\oSycpNx.exe
  2⤵
  PID:7992
- C:\Windows\System\eQbLwmX.exe
  C:\Windows\System\eQbLwmX.exe
  2⤵
  PID:8016
- C:\Windows\System\nwvFTLE.exe
  C:\Windows\System\nwvFTLE.exe
  2⤵
  PID:8052
- C:\Windows\System\lgkbnla.exe
  C:\Windows\System\lgkbnla.exe
  2⤵
  PID:8112
- C:\Windows\System\lvIAqrc.exe
  C:\Windows\System\lvIAqrc.exe
  2⤵
  PID:8188
- C:\Windows\System\AIrjROs.exe
  C:\Windows\System\AIrjROs.exe
  2⤵
  PID:7164
- C:\Windows\System\QoKBCyj.exe
  C:\Windows\System\QoKBCyj.exe
  2⤵
  PID:1408
- C:\Windows\System\EQQqsnX.exe
  C:\Windows\System\EQQqsnX.exe
  2⤵
  PID:6840
- C:\Windows\System\sAGUuhx.exe
  C:\Windows\System\sAGUuhx.exe
  2⤵
  PID:10156
- C:\Windows\System\LnfocfK.exe
  C:\Windows\System\LnfocfK.exe
  2⤵
  PID:8336
- C:\Windows\System\SSIhhRy.exe
  C:\Windows\System\SSIhhRy.exe
  2⤵
  PID:8416
- C:\Windows\System\PcGfGSv.exe
  C:\Windows\System\PcGfGSv.exe
  2⤵
  PID:8496
- C:\Windows\System\FzGKqGl.exe
  C:\Windows\System\FzGKqGl.exe
  2⤵
  PID:8540
- C:\Windows\System\ZSxeuGo.exe
  C:\Windows\System\ZSxeuGo.exe
  2⤵
  PID:10252
- C:\Windows\System\OXjoMDt.exe
  C:\Windows\System\OXjoMDt.exe
  2⤵
  PID:10276
- C:\Windows\System\elgTzbA.exe
  C:\Windows\System\elgTzbA.exe
  2⤵
  PID:10296
- C:\Windows\System\cUPJYsY.exe
  C:\Windows\System\cUPJYsY.exe
  2⤵
  PID:10316
- C:\Windows\System\nYdXQmT.exe
  C:\Windows\System\nYdXQmT.exe
  2⤵
  PID:10336
- C:\Windows\System\sHVRpyk.exe
  C:\Windows\System\sHVRpyk.exe
  2⤵
  PID:10352
- C:\Windows\System\AxLPMkT.exe
  C:\Windows\System\AxLPMkT.exe
  2⤵
  PID:10384
- C:\Windows\System\bnMQvgp.exe
  C:\Windows\System\bnMQvgp.exe
  2⤵
  PID:10404
- C:\Windows\System\vuydAEJ.exe
  C:\Windows\System\vuydAEJ.exe
  2⤵
  PID:10424
- C:\Windows\System\ULcNZYd.exe
  C:\Windows\System\ULcNZYd.exe
  2⤵
  PID:10456
- C:\Windows\System\hHbdQDN.exe
  C:\Windows\System\hHbdQDN.exe
  2⤵
  PID:10480
- C:\Windows\System\ghWTUoq.exe
  C:\Windows\System\ghWTUoq.exe
  2⤵
  PID:10496
- C:\Windows\System\ZuJfDCo.exe
  C:\Windows\System\ZuJfDCo.exe
  2⤵
  PID:10520
- C:\Windows\System\idIXCUX.exe
  C:\Windows\System\idIXCUX.exe
  2⤵
  PID:10536
- C:\Windows\System\AWAYyZN.exe
  C:\Windows\System\AWAYyZN.exe
  2⤵
  PID:10564
- C:\Windows\System\XdwbELy.exe
  C:\Windows\System\XdwbELy.exe
  2⤵
  PID:10600
- C:\Windows\System\VIlsPwn.exe
  C:\Windows\System\VIlsPwn.exe
  2⤵
  PID:10632
- C:\Windows\System\WtlJqJC.exe
  C:\Windows\System\WtlJqJC.exe
  2⤵
  PID:10648
- C:\Windows\System\xnPRfxC.exe
  C:\Windows\System\xnPRfxC.exe
  2⤵
  PID:10668
- C:\Windows\System\qdkpCyT.exe
  C:\Windows\System\qdkpCyT.exe
  2⤵
  PID:10724
- C:\Windows\System\wzrnYkG.exe
  C:\Windows\System\wzrnYkG.exe
  2⤵
  PID:10776
- C:\Windows\System\tEqlkCk.exe
  C:\Windows\System\tEqlkCk.exe
  2⤵
  PID:10796
- C:\Windows\System\TSxAuvU.exe
  C:\Windows\System\TSxAuvU.exe
  2⤵
  PID:10824
- C:\Windows\System\YAidCAw.exe
  C:\Windows\System\YAidCAw.exe
  2⤵
  PID:10852
- C:\Windows\System\nsWTlnd.exe
  C:\Windows\System\nsWTlnd.exe
  2⤵
  PID:10880
- C:\Windows\System\iDreSmj.exe
  C:\Windows\System\iDreSmj.exe
  2⤵
  PID:10896
- C:\Windows\System\eNuWsXg.exe
  C:\Windows\System\eNuWsXg.exe
  2⤵
  PID:10924
- C:\Windows\System\FLTIahu.exe
  C:\Windows\System\FLTIahu.exe
  2⤵
  PID:10948
- C:\Windows\System\ersDWXj.exe
  C:\Windows\System\ersDWXj.exe
  2⤵
  PID:10964
- C:\Windows\System\CxlDQVI.exe
  C:\Windows\System\CxlDQVI.exe
  2⤵
  PID:10996
- C:\Windows\System\dCFkjui.exe
  C:\Windows\System\dCFkjui.exe
  2⤵
  PID:11016
- C:\Windows\System\zfYuCio.exe
  C:\Windows\System\zfYuCio.exe
  2⤵
  PID:11044
- C:\Windows\System\jrKVfXe.exe
  C:\Windows\System\jrKVfXe.exe
  2⤵
  PID:11060
- C:\Windows\System\lVEXLLw.exe
  C:\Windows\System\lVEXLLw.exe
  2⤵
  PID:11088
- C:\Windows\System\fHQynQB.exe
  C:\Windows\System\fHQynQB.exe
  2⤵
  PID:11112
- C:\Windows\System\xTLhLdP.exe
  C:\Windows\System\xTLhLdP.exe
  2⤵
  PID:11140
- C:\Windows\System\YmJoqMG.exe
  C:\Windows\System\YmJoqMG.exe
  2⤵
  PID:11164
- C:\Windows\System\sIVFCis.exe
  C:\Windows\System\sIVFCis.exe
  2⤵
  PID:11192
- C:\Windows\System\mKaWINm.exe
  C:\Windows\System\mKaWINm.exe
  2⤵
  PID:11208
- C:\Windows\System\WCEACLz.exe
  C:\Windows\System\WCEACLz.exe
  2⤵
  PID:11224
- C:\Windows\System\QzgTjUl.exe
  C:\Windows\System\QzgTjUl.exe
  2⤵
  PID:11240
- C:\Windows\System\bymNROP.exe
  C:\Windows\System\bymNROP.exe
  2⤵
  PID:11256
- C:\Windows\System\LvuqXVM.exe
  C:\Windows\System\LvuqXVM.exe
  2⤵
  PID:9620
- C:\Windows\System\FryiKEq.exe
  C:\Windows\System\FryiKEq.exe
  2⤵
  PID:8656
- C:\Windows\System\rDSWXBO.exe
  C:\Windows\System\rDSWXBO.exe
  2⤵
  PID:8704
- C:\Windows\System\ASSLBfC.exe
  C:\Windows\System\ASSLBfC.exe
  2⤵
  PID:8804
- C:\Windows\System\VrdBotC.exe
  C:\Windows\System\VrdBotC.exe
  2⤵
  PID:8956
- C:\Windows\System\WIMfXee.exe
  C:\Windows\System\WIMfXee.exe
  2⤵
  PID:9016
- C:\Windows\System\jonazNQ.exe
  C:\Windows\System\jonazNQ.exe
  2⤵
  PID:5332
- C:\Windows\System\gNKbuUW.exe
  C:\Windows\System\gNKbuUW.exe
  2⤵
  PID:9176
- C:\Windows\System\fnuEkhq.exe
  C:\Windows\System\fnuEkhq.exe
  2⤵
  PID:6920
- C:\Windows\System\hmIgVuc.exe
  C:\Windows\System\hmIgVuc.exe
  2⤵
  PID:7304
- C:\Windows\System\elTlEra.exe
  C:\Windows\System\elTlEra.exe
  2⤵
  PID:7460
- C:\Windows\System\bmaHilZ.exe
  C:\Windows\System\bmaHilZ.exe
  2⤵
  PID:7604
- C:\Windows\System\bXYMeXg.exe
  C:\Windows\System\bXYMeXg.exe
  2⤵
  PID:7808
- C:\Windows\System\oePDUob.exe
  C:\Windows\System\oePDUob.exe
  2⤵
  PID:7980
- C:\Windows\System\yPZPXxV.exe
  C:\Windows\System\yPZPXxV.exe
  2⤵
  PID:8172
- C:\Windows\System\fUruyzR.exe
  C:\Windows\System\fUruyzR.exe
  2⤵
  PID:8468
- C:\Windows\System\MTymVQD.exe
  C:\Windows\System\MTymVQD.exe
  2⤵
  PID:7520
- C:\Windows\System\aTdeKLU.exe
  C:\Windows\System\aTdeKLU.exe
  2⤵
  PID:9284
- C:\Windows\System\yHOWUBD.exe
  C:\Windows\System\yHOWUBD.exe
  2⤵
  PID:7656
- C:\Windows\System\DFdeQho.exe
  C:\Windows\System\DFdeQho.exe
  2⤵
  PID:10200
- C:\Windows\System\UVSDyqt.exe
  C:\Windows\System\UVSDyqt.exe
  2⤵
  PID:11276
- C:\Windows\System\JHQmgwF.exe
  C:\Windows\System\JHQmgwF.exe
  2⤵
  PID:11304
- C:\Windows\System\ayLphgd.exe
  C:\Windows\System\ayLphgd.exe
  2⤵
  PID:11324
- C:\Windows\System\kfqliqx.exe
  C:\Windows\System\kfqliqx.exe
  2⤵
  PID:11344
- C:\Windows\System\WEAwWSg.exe
  C:\Windows\System\WEAwWSg.exe
  2⤵
  PID:11368
- C:\Windows\System\FlzqtQH.exe
  C:\Windows\System\FlzqtQH.exe
  2⤵
  PID:11388
- C:\Windows\System\TEIhZxk.exe
  C:\Windows\System\TEIhZxk.exe
  2⤵
  PID:11416
- C:\Windows\System\pfjlRUj.exe
  C:\Windows\System\pfjlRUj.exe
  2⤵
  PID:11432
- C:\Windows\System\zPJGomj.exe
  C:\Windows\System\zPJGomj.exe
  2⤵
  PID:11456
- C:\Windows\System\xGgrxjO.exe
  C:\Windows\System\xGgrxjO.exe
  2⤵
  PID:11476
- C:\Windows\System\hiMbivr.exe
  C:\Windows\System\hiMbivr.exe
  2⤵
  PID:11500
- C:\Windows\System\ervhZUY.exe
  C:\Windows\System\ervhZUY.exe
  2⤵
  PID:11520
- C:\Windows\System\othYtIa.exe
  C:\Windows\System\othYtIa.exe
  2⤵
  PID:11548
- C:\Windows\System\MkdJjFd.exe
  C:\Windows\System\MkdJjFd.exe
  2⤵
  PID:11568
- C:\Windows\System\ZCuCRPk.exe
  C:\Windows\System\ZCuCRPk.exe
  2⤵
  PID:11608
- C:\Windows\System\NrEUbVV.exe
  C:\Windows\System\NrEUbVV.exe
  2⤵
  PID:11632
- C:\Windows\System\BwpWyAI.exe
  C:\Windows\System\BwpWyAI.exe
  2⤵
  PID:11656
- C:\Windows\System\OfrOhSm.exe
  C:\Windows\System\OfrOhSm.exe
  2⤵
  PID:11676
- C:\Windows\System\rnlmMyX.exe
  C:\Windows\System\rnlmMyX.exe
  2⤵
  PID:11704
- C:\Windows\System\RCrnZjK.exe
  C:\Windows\System\RCrnZjK.exe
  2⤵
  PID:11724
- C:\Windows\System\vMOjpEl.exe
  C:\Windows\System\vMOjpEl.exe
  2⤵
  PID:11740
- C:\Windows\System\pFaSGYG.exe
  C:\Windows\System\pFaSGYG.exe
  2⤵
  PID:11760
- C:\Windows\System\rdEHbjL.exe
  C:\Windows\System\rdEHbjL.exe
  2⤵
  PID:11776
- C:\Windows\System\phXagns.exe
  C:\Windows\System\phXagns.exe
  2⤵
  PID:11800
- C:\Windows\System\IgCYEMM.exe
  C:\Windows\System\IgCYEMM.exe
  2⤵
  PID:11828
- C:\Windows\System\RFuCQHN.exe
  C:\Windows\System\RFuCQHN.exe
  2⤵
  PID:11844
- C:\Windows\System\ajfgVnv.exe
  C:\Windows\System\ajfgVnv.exe
  2⤵
  PID:11872
- C:\Windows\System\nAIZZij.exe
  C:\Windows\System\nAIZZij.exe
  2⤵
  PID:11896
- C:\Windows\System\LnKWunM.exe
  C:\Windows\System\LnKWunM.exe
  2⤵
  PID:11916
- C:\Windows\System\SUIBRiQ.exe
  C:\Windows\System\SUIBRiQ.exe
  2⤵
  PID:11936
- C:\Windows\System\iSdlolY.exe
  C:\Windows\System\iSdlolY.exe
  2⤵
  PID:11960
- C:\Windows\System\xnGgtZD.exe
  C:\Windows\System\xnGgtZD.exe
  2⤵
  PID:11980
- C:\Windows\System\ovsRGbZ.exe
  C:\Windows\System\ovsRGbZ.exe
  2⤵
  PID:12004
- C:\Windows\System\TayCywf.exe
  C:\Windows\System\TayCywf.exe
  2⤵
  PID:12024
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 12024 -s 28
    3⤵
    PID:9876
- C:\Windows\System\QiJjjYi.exe
  C:\Windows\System\QiJjjYi.exe
  2⤵
  PID:12048
- C:\Windows\System\cdakWig.exe
  C:\Windows\System\cdakWig.exe
  2⤵
  PID:12068
- C:\Windows\System\FwgYdsu.exe
  C:\Windows\System\FwgYdsu.exe
  2⤵
  PID:12084
- C:\Windows\System\MLyLWik.exe
  C:\Windows\System\MLyLWik.exe
  2⤵
  PID:12100
- C:\Windows\System\fbgnKVV.exe
  C:\Windows\System\fbgnKVV.exe
  2⤵
  PID:12116
- C:\Windows\System\gmHsrza.exe
  C:\Windows\System\gmHsrza.exe
  2⤵
  PID:12132
- C:\Windows\System\TNxcsTF.exe
  C:\Windows\System\TNxcsTF.exe
  2⤵
  PID:12152
- C:\Windows\System\jWFZUgG.exe
  C:\Windows\System\jWFZUgG.exe
  2⤵
  PID:12168
- C:\Windows\System\nQexfjU.exe
  C:\Windows\System\nQexfjU.exe
  2⤵
  PID:12184
- C:\Windows\System\LzVLMMU.exe
  C:\Windows\System\LzVLMMU.exe
  2⤵
  PID:12200
- C:\Windows\System\zQrpJDh.exe
  C:\Windows\System\zQrpJDh.exe
  2⤵
  PID:12216
- C:\Windows\System\cFvjdAo.exe
  C:\Windows\System\cFvjdAo.exe
  2⤵
  PID:12236
- C:\Windows\System\ArxcnCu.exe
  C:\Windows\System\ArxcnCu.exe
  2⤵
  PID:12260
- C:\Windows\System\pMeMIhh.exe
  C:\Windows\System\pMeMIhh.exe
  2⤵
  PID:12284
- C:\Windows\System\HFpkryW.exe
  C:\Windows\System\HFpkryW.exe
  2⤵
  PID:8136
- C:\Windows\System\JNWWOJu.exe
  C:\Windows\System\JNWWOJu.exe
  2⤵
  PID:6904
- C:\Windows\System\RBpWciX.exe
  C:\Windows\System\RBpWciX.exe
  2⤵
  PID:9452
- C:\Windows\System\gxTlbml.exe
  C:\Windows\System\gxTlbml.exe
  2⤵
  PID:6424
- C:\Windows\System\IiOMtZj.exe
  C:\Windows\System\IiOMtZj.exe
  2⤵
  PID:9504
- C:\Windows\System\lCKVHin.exe
  C:\Windows\System\lCKVHin.exe
  2⤵
  PID:9552
- C:\Windows\System\KHKbOkd.exe
  C:\Windows\System\KHKbOkd.exe
  2⤵
  PID:9584
- C:\Windows\System\mQxaKZX.exe
  C:\Windows\System\mQxaKZX.exe
  2⤵
  PID:9668
- C:\Windows\System\bXnLpeP.exe
  C:\Windows\System\bXnLpeP.exe
  2⤵
  PID:10364
- C:\Windows\System\jgXepRq.exe
  C:\Windows\System\jgXepRq.exe
  2⤵
  PID:10492
- C:\Windows\System\inOJiLc.exe
  C:\Windows\System\inOJiLc.exe
  2⤵
  PID:9796
- C:\Windows\System\mumGcVa.exe
  C:\Windows\System\mumGcVa.exe
  2⤵
  PID:7600
- C:\Windows\System\dMRaZdj.exe
  C:\Windows\System\dMRaZdj.exe
  2⤵
  PID:9884
- C:\Windows\System\OTwtVQx.exe
  C:\Windows\System\OTwtVQx.exe
  2⤵
  PID:10656
- C:\Windows\System\BhJTkHv.exe
  C:\Windows\System\BhJTkHv.exe
  2⤵
  PID:9956
- C:\Windows\System\LIJoPuJ.exe
  C:\Windows\System\LIJoPuJ.exe
  2⤵
  PID:10020
- C:\Windows\System\QiNRfFB.exe
  C:\Windows\System\QiNRfFB.exe
  2⤵
  PID:10904
- C:\Windows\System\pIxlUas.exe
  C:\Windows\System\pIxlUas.exe
  2⤵
  PID:4396
- C:\Windows\System\CmAOmXd.exe
  C:\Windows\System\CmAOmXd.exe
  2⤵
  PID:12296
- C:\Windows\System\nqbqqVV.exe
  C:\Windows\System\nqbqqVV.exe
  2⤵
  PID:12312
- C:\Windows\System\vqlEIEi.exe
  C:\Windows\System\vqlEIEi.exe
  2⤵
  PID:12332
- C:\Windows\System\VKWRbfd.exe
  C:\Windows\System\VKWRbfd.exe
  2⤵
  PID:12352
- C:\Windows\System\ISLigIV.exe
  C:\Windows\System\ISLigIV.exe
  2⤵
  PID:12376
- C:\Windows\System\xEPTfwg.exe
  C:\Windows\System\xEPTfwg.exe
  2⤵
  PID:12396
- C:\Windows\System\opqvUKR.exe
  C:\Windows\System\opqvUKR.exe
  2⤵
  PID:12416
- C:\Windows\System\ZYyyfiH.exe
  C:\Windows\System\ZYyyfiH.exe
  2⤵
  PID:12432
- C:\Windows\System\ZzSapkX.exe
  C:\Windows\System\ZzSapkX.exe
  2⤵
  PID:12452
- C:\Windows\System\uQalEXf.exe
  C:\Windows\System\uQalEXf.exe
  2⤵
  PID:12468
- C:\Windows\System\kFkLgKD.exe
  C:\Windows\System\kFkLgKD.exe
  2⤵
  PID:12492
- C:\Windows\System\yEANeIC.exe
  C:\Windows\System\yEANeIC.exe
  2⤵
  PID:12508
- C:\Windows\System\JpQgbEU.exe
  C:\Windows\System\JpQgbEU.exe
  2⤵
  PID:12528
- C:\Windows\System\PRrpMcR.exe
  C:\Windows\System\PRrpMcR.exe
  2⤵
  PID:12556
- C:\Windows\System\kCtlbyt.exe
  C:\Windows\System\kCtlbyt.exe
  2⤵
  PID:12572
- C:\Windows\System\iYkzpBq.exe
  C:\Windows\System\iYkzpBq.exe
  2⤵
  PID:12588
- C:\Windows\System\QZoZKTV.exe
  C:\Windows\System\QZoZKTV.exe
  2⤵
  PID:12604
- C:\Windows\System\puKMDZA.exe
  C:\Windows\System\puKMDZA.exe
  2⤵
  PID:12624
- C:\Windows\System\qXDVyWg.exe
  C:\Windows\System\qXDVyWg.exe
  2⤵
  PID:12648
- C:\Windows\System\uVIHZEP.exe
  C:\Windows\System\uVIHZEP.exe
  2⤵
  PID:12664
- C:\Windows\System\pUkKdCw.exe
  C:\Windows\System\pUkKdCw.exe
  2⤵
  PID:12684
- C:\Windows\System\rlAnEWZ.exe
  C:\Windows\System\rlAnEWZ.exe
  2⤵
  PID:12704
- C:\Windows\System\XCfVDqG.exe
  C:\Windows\System\XCfVDqG.exe
  2⤵
  PID:12724
- C:\Windows\System\OgjXMGi.exe
  C:\Windows\System\OgjXMGi.exe
  2⤵
  PID:12744
- C:\Windows\System\EaMOKNi.exe
  C:\Windows\System\EaMOKNi.exe
  2⤵
  PID:12764
- C:\Windows\System\kDYKOhi.exe
  C:\Windows\System\kDYKOhi.exe
  2⤵
  PID:12784
- C:\Windows\System\wscpYkk.exe
  C:\Windows\System\wscpYkk.exe
  2⤵
  PID:12804
- C:\Windows\System\pWFLtBD.exe
  C:\Windows\System\pWFLtBD.exe
  2⤵
  PID:12824
- C:\Windows\System\ZzDhxnZ.exe
  C:\Windows\System\ZzDhxnZ.exe
  2⤵
  PID:12848
- C:\Windows\System\eXCHXMc.exe
  C:\Windows\System\eXCHXMc.exe
  2⤵
  PID:12864
- C:\Windows\System\xwwolKe.exe
  C:\Windows\System\xwwolKe.exe
  2⤵
  PID:12880
- C:\Windows\System\smFUnGX.exe
  C:\Windows\System\smFUnGX.exe
  2⤵
  PID:12896
- C:\Windows\System\LwsqYrk.exe
  C:\Windows\System\LwsqYrk.exe
  2⤵
  PID:12912
- C:\Windows\System\LDqcHeo.exe
  C:\Windows\System\LDqcHeo.exe
  2⤵
  PID:12928
- C:\Windows\System\AbruSFn.exe
  C:\Windows\System\AbruSFn.exe
  2⤵
  PID:12948
- C:\Windows\System\loxfSCa.exe
  C:\Windows\System\loxfSCa.exe
  2⤵
  PID:12964
- C:\Windows\System\yqdCgXg.exe
  C:\Windows\System\yqdCgXg.exe
  2⤵
  PID:12980
- C:\Windows\System\PQSkkbN.exe
  C:\Windows\System\PQSkkbN.exe
  2⤵
  PID:12996
- C:\Windows\System\khUgkWG.exe
  C:\Windows\System\khUgkWG.exe
  2⤵
  PID:13016
- C:\Windows\System\xEXJdYx.exe
  C:\Windows\System\xEXJdYx.exe
  2⤵
  PID:13032
- C:\Windows\System\sgcYINV.exe
  C:\Windows\System\sgcYINV.exe
  2⤵
  PID:13052
- C:\Windows\System\dyuUmVh.exe
  C:\Windows\System\dyuUmVh.exe
  2⤵
  PID:13076
- C:\Windows\System\QjVimxC.exe
  C:\Windows\System\QjVimxC.exe
  2⤵
  PID:13096
- C:\Windows\System\KifxkhY.exe
  C:\Windows\System\KifxkhY.exe
  2⤵
  PID:13116
- C:\Windows\System\ZxmpZDp.exe
  C:\Windows\System\ZxmpZDp.exe
  2⤵
  PID:13144
- C:\Windows\System\wKVaoiN.exe
  C:\Windows\System\wKVaoiN.exe
  2⤵
  PID:13160
- C:\Windows\System\gzdDKhc.exe
  C:\Windows\System\gzdDKhc.exe
  2⤵
  PID:13176
- C:\Windows\System\lUxTIsq.exe
  C:\Windows\System\lUxTIsq.exe
  2⤵
  PID:13192
- C:\Windows\System\VNmwZlr.exe
  C:\Windows\System\VNmwZlr.exe
  2⤵
  PID:13216
- C:\Windows\System\EAVCOoI.exe
  C:\Windows\System\EAVCOoI.exe
  2⤵
  PID:13236
- C:\Windows\System\VKvEBCc.exe
  C:\Windows\System\VKvEBCc.exe
  2⤵
  PID:13252
- C:\Windows\System\MqEUlDt.exe
  C:\Windows\System\MqEUlDt.exe
  2⤵
  PID:13272
- C:\Windows\System\QcqLLeg.exe
  C:\Windows\System\QcqLLeg.exe
  2⤵
  PID:13288

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 504 -p 11656 -ip 11656
1⤵
PID:8136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mt0qdfwr.jlr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AFXxEEL.exe

Filesize
1.6MB

MD5
67c4854126b261c44baf385fee57c258

SHA1
53b7835d088ca71d389b9d0bb117a80c39104acd

SHA256
6e31ee5d9839ccd6ca7cb83f125cef77edbb957bd31966ddc86f7b7906051165

SHA512
9061de9932110fe8037cc0a67dfc80a0ea472ac029396f045a42523ed6bb6266b4bd63bd8f2438f3d3c3ab93a4b0096c573f90660be9bbcde95bd2291c550fca

Download Submit
C:\Windows\System\FSPullF.exe

Filesize
1.6MB

MD5
2fb433dba10675bdece7762f585b2cd7

SHA1
797e02991a8f938d5be0a8c4029a5637607380b8

SHA256
83b64cafcc51d24b8ee11be627f4521bdc8d1c3307afea116422e5b619ee6b1a

SHA512
ad761d86c41888f8d9d042775cc93a99678e0f072b3e9c49438e0f28e15e5edde9a9db01e9fd754b7ebcee422984773ff3f6a908ed9c7607ef2081da3389c15d

Download Submit
C:\Windows\System\FlWqhsG.exe

Filesize
1.6MB

MD5
8f8d77559f91e05e63be9a9f46f239b1

SHA1
cf802c71490575904fb60456194dfbeb884f1ba6

SHA256
87e582aa2ab20e9fd8d2784a98e14a00e0ad8e3cb9e9ddccb3c5596f2a309d38

SHA512
1e3e591b5b5f7a92e92f7b0be0584521c0526ece94c1143647f6bba52d60aa783fe0efe0cc8626faef4658f0cc493dd7e24cc83ef267fc821bfaeb4cea279a23

Download Submit
C:\Windows\System\FzQikNr.exe

Filesize
1.6MB

MD5
e3804225d950e73a0788a422e548eebd

SHA1
67d252071bcea0d001a9203156ee20929905f24f

SHA256
8d64027caf207fabce6ffe6b7aa3aeb8bf1329259d768601db2509c1bdd0fb6c

SHA512
b32f178fa05d1a24aecd26aa323aac6b426e90422dbf0606f20ba7bd0733341ef1590c78b150d2ec62deb44a125dce2cb46091cdf559ebb909313443dfca8e33

Download Submit
C:\Windows\System\HWYLtpp.exe

Filesize
1.6MB

MD5
0e602aa4c884bf98c6d12846f397081f

SHA1
b32cc6b09af68cacee08c22cb0bb4d7ce63d0708

SHA256
c38b461bee920136e87d3e6d59cbfeaa3f8a4ae72b88d89cda1a06d86a1f7ee0

SHA512
c6cf8170364bf14709feb4d8b38b7471e9ccd9d589e276ac6c25fe1121733d128fe8f331ff6305cbb4b896c3cf8f7ce87aed0a669eeaed4c9e1cf1c717dc34bc

Download Submit
C:\Windows\System\JbQpLff.exe

Filesize
1.6MB

MD5
6e9298cf4726090399fdaac47196c4cd

SHA1
b046f102eae5a2da264b413b9015d8f87379c10b

SHA256
7321fe214ba2e909da92c0f3994e435eaa5f008108bcac993a30e28f9dfbcd06

SHA512
1252fb5122a7f4ab46b8bf9eecc13de8fa05d536be288e240673f5cc6a71ebcd82f7968969176d8af8bbe486995413328d4ec784b7634ec9e89a115cb3158f5d

Download Submit
C:\Windows\System\LZCyrsh.exe

Filesize
1.6MB

MD5
285fafedf6489ef22e8082a89cb09369

SHA1
ad8eb01b785acfa801d28b0ce4467f7a496f866c

SHA256
afa45168a3a695dccfabae19da7cf7f2448b121189aa93d38105db0882edb2e5

SHA512
7216583a78afd31a64f84d279724c8ec6bce07934304536deaa248678f483a64446a33b76993d9b8e34c60a390c8e52e5e8ca288637fe6db13cbdb147429a737

Download Submit
C:\Windows\System\MCyARZR.exe

Filesize
1.6MB

MD5
e7222f848a52633396b5d31be4c214b3

SHA1
ac4cfd5946a2f2cfbfa6a2f84dc54a96b81b5974

SHA256
b2a371863d07848d20751620d9312ff0e7dd5bf74c7a1bdb65c73e8d49984f67

SHA512
678ffde3342193226eea176500ef895fef84e7a8cb9d3da48872e930c770955821c9fa5a28aae74aceba8568522efbdcf64ac2d5b78a6158e847b3bdf002b8f9

Download Submit
C:\Windows\System\MiTFVuQ.exe

Filesize
1.6MB

MD5
55f5467eb98cd5a3b9a0ccb44d697e7a

SHA1
f208f85d472a16b409a3737402c0b3b9ff4c0a2b

SHA256
46e7865620273a172843bd83b3793fce3d031e1bbbabc556bc21045cd1b787e3

SHA512
997635ea362d8b4bd4ce1b30db483fec2e58c148a0ab8e6bdcf18c40d06d69b47f5965006aa6313ec30b67cae30b2800b0f7afe0954599c4ff1584249e0029f5

Download Submit
C:\Windows\System\OCRMCUc.exe

Filesize
1.6MB

MD5
244fb4f1d52efce6aa7b39fd1eea2d73

SHA1
7b3a7521f601bd0c29ae5e824db14b9bf8253dd2

SHA256
6a78be5d0d839226ab0acab08ecac4fc76ccb0e03931cc473116891dffd4a7a5

SHA512
1fbbd97c49b80679a97a0c3d2e23b1f55b4a5c3155b3933d8e0ff009299f1fa18d418c450604f5859375bd212258278dba1ba389334d18984f49bd9c7beb772e

Download Submit
C:\Windows\System\ODNrJUA.exe

Filesize
1.6MB

MD5
a9ab11dca9392fe8850ecdcc1d57026d

SHA1
743cf179baac2c75dbff2b5feed7c7d92b7aba68

SHA256
36ba7553791cb79e18ff43585d0fa3775fc0fd64049ec9ccee11fb48005ebb8e

SHA512
3a6a444b6b180d9a608f5c32733702e1ba0a6e5a1d69c0e1b46929712f76c3e16d50a0fdd50fcc36c46a2f2284fa0482b63aac4537bd46e8485dfd4a99ddb95f

Download Submit
C:\Windows\System\OOypDCM.exe

Filesize
1.6MB

MD5
0cf4e17f4adb453433eafb040fd68bd5

SHA1
efde65adf989e3b6a620c09d1970462dd92dcad8

SHA256
5c4196a0e7d91fe9a7a752a274cff29731d92ae4ed76489c936843d5b39497c5

SHA512
9d58e4dc3d80036148fe905b0f84a7450c384b2299f95b025676210b0e38bef1b185682be0e0fcb9d2718b0c1a04294c517019418110c05ee94ef186104a5ad3

Download Submit
C:\Windows\System\PXHjlhK.exe

Filesize
1.6MB

MD5
b7ede2af6529873cd9ce1e86ebcac732

SHA1
10306e93dd9f323666f0c4fd0b77c9b5f513a4ea

SHA256
7422d5ab5a30db62b1a29de3fd87d16c4975ea6c53ed72dd94fd7840178b310b

SHA512
9bed454159278166fd5fe11b3ddfac014859ba11ff04b6cdde5cd595623ff7ed8e411520597ba8613ecf0ea3bff07e30ad9cceda88f9df9b7112ea46ce51f787

Download Submit
C:\Windows\System\UnyTDPh.exe

Filesize
1.6MB

MD5
8d7db3c8438b6ee4e916d6f0446845e8

SHA1
caedc845a153f3f6b805a18e13279167b19bb28d

SHA256
dd1307d0b514583fa4dcf841bd13ee3293858bd7f39a9f53558aa51d63ba7610

SHA512
cbbc8ad6c14399da664e2ca001ad40438eecc77d87d158e03d9ea9d31cd2aa136858a8945d467e0cb90ea39e3f2824317bbdea6eceddf99b734b53796747c49d

Download Submit
C:\Windows\System\WTBByLB.exe

Filesize
1.6MB

MD5
619f3dd05926c72d3ce5409d868186bb

SHA1
f2263b3c2a77ae052b7b177d6f27e23c370a9540

SHA256
cfa70ca17691d3aa8a657aa280bd6b8a919d821907a294ec2108bdaf5852c475

SHA512
1907bf30d1935a97a38dd425fda85e62de0d5b679c863caaaf1986f23844b7a41704f3a00d4d470ef47ffaf1447ac7392ea63eead9cfb92e5d6a332e60b95fb3

Download Submit
C:\Windows\System\XCXXXSr.exe

Filesize
1.6MB

MD5
2597b13a0371fdaa1aedd5156fb61242

SHA1
08497de5589ba29aa90d8c3c4be304ea0a1f4b32

SHA256
109cbcef2b63c6b3b6cfddf8b49b0aee30657efb42c39f6767ba2667a852e505

SHA512
29e98b61ee8c7bc13ea368fb87148f3126d162e16d91e7b3b6ea3e8fbf6ed3745d3d25ed81c05e965dbf7dd078e8c8b19b0715d8dd97bf56b0f1a32d09c4de31

Download Submit
C:\Windows\System\XlXKGIa.exe

Filesize
1.6MB

MD5
d7fa5b82c9d4d7f3f1e05a8ae4db77cc

SHA1
b45fdd883d906b39748d0ccbf51af8b70e0f5a2a

SHA256
9e6212959a8a1ee676d7b3e9738658b0dbeebb252380aff02ac081e1fe87c549

SHA512
63de43633e55cad237e939187a92dac0d7a35f2466262c77522813d73487e0d9a0e348e83cc076e830e3c4a0f0616ccfd26ef80af95c2d8c804d25cd6f2fe41b

Download Submit
C:\Windows\System\YTcMsRy.exe

Filesize
1.6MB

MD5
678b9df4f4ee5b50cbe1230f6cee7ccb

SHA1
caa33a0126d65375e9aa99b419e263960c5cd3da

SHA256
c678faa521e95f047b73480639ad8b7df50775b443cdedc85ae756887b3d8ffe

SHA512
717137df5145b9f2cd2fa6227653df205ee54f344df2426d0dd0b5c91ff478d88b082aa4be7af34066b6d9ce4815207af1ca375d123187d49bdfcd52879f27ea

Download Submit
C:\Windows\System\aNySnMj.exe

Filesize
1.6MB

MD5
9beb9b7501fa581fc694c9fbf449b89d

SHA1
7a42d5b33b422fced07ebd111305d053df12b7bf

SHA256
e6c8e998a4efd540ec13e3ca3f9591e7d857c5798a34e36565098195570295e8

SHA512
1f22b8e18b86ccf30c95402e98e52906f0864f1e5d67203801213961e26e5836c54cbed1606172baedd12d202b76b262f11d7d4af4355ef48dd95e56496bebd0

Download Submit
C:\Windows\System\bxfydGh.exe

Filesize
1.6MB

MD5
a6355fd53e49790181e9ee3c94a59aea

SHA1
e3405511430a6a11926107b7daae46b377a4be3a

SHA256
af784565fc55914732538dc8a29dc7007580e11f037001d206e619f5395bd912

SHA512
c003cac7b0e289333c2e0e2b2fe86741c9afedc09ae76c5008a4f382ee1987334f4a5a6a85800789526b378c3e8d223b899c3ed36e60ffd32e1be73084974f57

Download Submit
C:\Windows\System\eEeUeVE.exe

Filesize
1.6MB

MD5
04d0c72bc8fe2d9c0395952bbe70079c

SHA1
ba9fc70165cc395af64ccd3bc50ed76066390fff

SHA256
b79b3100f10a620287a0f0827a29fd8a9b60feca7484c9a571406951f707ff3b

SHA512
60ff9166830a8ae5ebb2becb001c271025e9c2b0034e2f07373c46d264de3025f1748054eae594e7d8d7c672fac30699fe28a097871d65ce454c92926a184cbf

Download Submit
C:\Windows\System\esupMVC.exe

Filesize
1.6MB

MD5
cb52263e343272678176fc29a47cb9c9

SHA1
747c313a155f95a58b9d8ed086d786be7587833b

SHA256
34517a157e72d2b3ed6bbe351e1cffa17e8afb0b5b8eeebf31429f8ca7471d81

SHA512
398c4ba50e54d878a42a849b915cb3378af9f9e2b16859d0cf83b677b198f7094583843a14c8d321218cbf1b3447f4832f6a0604f9176d8b1b3d5af2804bdebf

Download Submit
C:\Windows\System\fClvpIN.exe

Filesize
1.6MB

MD5
3ada32ee205870b8297818cba64278cd

SHA1
fe2a07dbeb6f9abc080b09deb459207055953561

SHA256
242f8af6d901173f7534273d74f1b5d9733551521441b6287f777a824574fa2b

SHA512
a0edb73d7af635c375f05e21534ff9708d57e891e195ff465c10d1e07002543afb6cb8b7f3446a983d64291058d22237560f595720e2cf3479c8009196b85eaa

Download Submit
C:\Windows\System\frbatbj.exe

Filesize
1.6MB

MD5
1f72d0a6e82af7e2c8331978327ba6b3

SHA1
fd9fe0ab8f79b8f846a6f80e87e5a9fd8bc3e8f7

SHA256
3bab5472ae43ee55d653a3947fb1c03a268768dd95d9a00da7e742e53a73d9f0

SHA512
8ff11704f2b9b6da3d41245622530a6e99a0db836378e528cb949cb3a4659cb8253e4e4e3a112b6f9fd6eb241cec2c59dffa20d4a7d736053d411dcd71924e44

Download Submit
C:\Windows\System\grXqzsn.exe

Filesize
1.6MB

MD5
b78511289b7d42785fd90f88b8b744b2

SHA1
7baa598861a168eb1525a2063699287151a960c6

SHA256
49d5c3da097df2a6001a4ee340ed72ba389dbf674c44d8f26fd56e1ff1d6a0ad

SHA512
b6b3c92a3150987909f82e5fbd980423ae26a4772c16f043f7ec79efa15f010147c92bf941bed14832dafeff2235ab04d1732aa93fccf0a820dff94261d5344b

Download Submit
C:\Windows\System\iavwmtu.exe

Filesize
1.6MB

MD5
e978d9b57d1a117f6fb24ae5726441fe

SHA1
2abdf0a22488de3234b46b49a844176f956950b6

SHA256
5e44aacac9cee88762652af98d8584bb6a84a7290d044506aa3a1a77a7fe66c1

SHA512
ba3d6b2fc1aa5995bb042d95555a4b3cc2dc82a331e20875427f377e69666a2f9ae5782d1d5fa742126f28b11376ac6d4d848da564dfe8ecf6c7cbbd56607650

Download Submit
C:\Windows\System\jCYItJo.exe

Filesize
1.6MB

MD5
d691274d5b01ddcc76b98cb829b49ac8

SHA1
38153b9c78197db19f67b61b3dfa0093b0584384

SHA256
9a769ac4bbc22bd53325f3c8a5e46520083d000be5df53767407fe5e8aca9673

SHA512
dfd2f1c3d6727cef3a3692c9e69f8ef21ed9b702b33d140cc532d827e9c93d42fee15d4ac0fc98f43e81504eec3c1eb58d8acb50090cdc6ee47858972a446bf4

Download Submit
C:\Windows\System\jMfcQRF.exe

Filesize
1.6MB

MD5
6d945093f3b426d7e89784f2eaf0a8a8

SHA1
98d46651b9e45ac0b6309e872913726c873a0604

SHA256
cb817cc19fd601523ffe8ce98322b3efc2eb290bc66e5dcdc03fe68be8ed391b

SHA512
7b12ca5be613824d1ceae60264f4489bbbc4b482ce92459e454ce6170a744acecaf39b90372d724b0cd3afb92ec2b010fb96bf99966dc4c13d8c574c96d3dd3b

Download Submit
C:\Windows\System\kOgjdQm.exe

Filesize
1.6MB

MD5
336c1f20abfe6bc33067dd31d9792f7a

SHA1
1192d0e419711c1ad9b9f8dc4cf15f09c46a5e1a

SHA256
21525a3064a6ca09ffeb97731f2a94e18fc734d45a543bd233b4b5e3b5468099

SHA512
15077a1c8d53c9371cc752d7a1b7282faed49469b631bb4b734127e85011fe8170f0da827a94069961d038e8c38107c39fc92d4dc5561b8f2c27040cbe724877

Download Submit
C:\Windows\System\mQeCbsT.exe

Filesize
1.6MB

MD5
74cc0fdb2fc063013d481c51406cdfa2

SHA1
97861746845f8c41664b74b835f271b8bae32f17

SHA256
441137d705b0719865dc043c9b50f42d235f639a6fe427fff803858ba1504a26

SHA512
9d559592c0deaeae21c91f6bdb49dd748a952ca7a3cea11701220a3eeed16547fe3dd939745b8a03f3fd1f8f809d5ad99b3216846c6d0bd111231c0c2549b4e8

Download Submit
C:\Windows\System\nGdcQqj.exe

Filesize
1.6MB

MD5
81fa0d491e76a4ce989f422e76742d55

SHA1
373cf4894ed8d984e3e2659fbbe29f272077776f

SHA256
b304ced4d93bf05169b63f842d58b18b464092fdb79b56116e92873e89e2bf1f

SHA512
e8e5a5ae6236db1217227da8dfe7952f658b599c23525cf6b7fc62473c1a9ebd10fae3491cff39cc08f5e203c8e4cfc53c52f20736cae3f24e8510e1b3e84de2

Download Submit
C:\Windows\System\rFMuooh.exe

Filesize
1.6MB

MD5
e62d133c491b00d0d68a38ab8745792b

SHA1
0d90c8396fe898845d27e663b525a135133d04ff

SHA256
f07a250f50a40288cc137108e8886cd1f165aa066dc086379dcf16fd00e731ab

SHA512
8a1591ff9c0eef92eb577911d099ba276bbed210e90eaaa3b3aaa56cc587c4b3a87ef545cde0e6c51109408895300bb12e3373ee51cbdf5166dc10e21763c7ef

Download Submit
C:\Windows\System\rMuXqJb.exe

Filesize
1.6MB

MD5
bb8fd25ee59c3463954a614149cf8bb0

SHA1
42dff9ef76f756f46584296f4abc6e359b7a4d67

SHA256
dd4e0a1052380341d956b1031ee1307eaea2027b43be422f2d288133c1ce46cb

SHA512
73043df8952c795ff11796f064616ee0763bbae9f372eecb15c76a7ce2c07371610016a084a8763497c8832e26d7f1e1900c19cde7268194ecc4a8f919f8f395

Download Submit
C:\Windows\System\rpsYony.exe

Filesize
1.6MB

MD5
5e997e3bd2291bf3f947b86c2bb7a8de

SHA1
95985c87f93ce2d979f36e5a4acbe1310b3358a9

SHA256
4249c93da3787b6e64d85803908cc50d2d27819941ac0326002ff62d81054423

SHA512
4515b40558a84f9a4da03e62b63e7243edee8e8ffae053abe95414a59bf7d15580ac052fcb0e7b8a12ee933ffd96a8c74bd30846532229af69d7ef77df4c326e

Download Submit
C:\Windows\System\rvEfNrz.exe

Filesize
1.6MB

MD5
8ddb24399dc007c197adcf1353f1f6c2

SHA1
67710671ed086f3a786a7b0289c7274fe3a239a0

SHA256
9f13361752c63d3b9a542e160dce2d111a56fb87ed9b36b8be494302c0db950a

SHA512
67412836883dd0bae28f69e1c0c4f25d2b5cc5d57467e60accb0e55e34ef295f3e20fc5a637d6550d8aeebd2ef472405e88681ceaf538fd63abdbdc00d5c9b54

Download Submit
C:\Windows\System\ubHNNHw.exe

Filesize
1.6MB

MD5
2436a7daaa0cab6704077270cb8ab029

SHA1
ea3a0a9eee3e2843702598a05ced9c9372b8f31f

SHA256
c993550268b56cfcb63429939850ca6f457d42820ec7bb41f849e3ad2664055d

SHA512
797c38d3f6286cc7c5a7c145bb5e12de0d6b0ac1c4ffee2d8b3a45fc50b0ab0cb8f37f1bf99720d6a257da6285a1ee7cf6c4125fe09baa743cbcd5dfaa89c5f0

Download Submit
C:\Windows\System\vqGNaWY.exe

Filesize
1.6MB

MD5
95e662472df5510431eadb8962c74080

SHA1
fdba6842e65243012e1b77c4ce83d6415e89f126

SHA256
3c868651198503212d1f55ad8a26ca9b78131a17a5c807e7e5ce773e1163dc3d

SHA512
8f35613397fb3bd578583b9d4374469576f4095cda92680b2cf40ed6fe5ff5eec9b2259ee8edca5b84d41df55a099a6aa9e77b40c3e8c3daff7de925deb3a807

Download Submit
memory/452-327-0x00007FF7E0DD0000-0x00007FF7E11C2000-memory.dmp

Filesize
3.9MB

Download
memory/452-2028-0x00007FF7E0DD0000-0x00007FF7E11C2000-memory.dmp

Filesize
3.9MB

Download
memory/664-2066-0x00007FF72A0F0000-0x00007FF72A4E2000-memory.dmp

Filesize
3.9MB

Download
memory/664-325-0x00007FF72A0F0000-0x00007FF72A4E2000-memory.dmp

Filesize
3.9MB

Download
memory/724-328-0x00007FF70F230000-0x00007FF70F622000-memory.dmp

Filesize
3.9MB

Download
memory/724-2040-0x00007FF70F230000-0x00007FF70F622000-memory.dmp

Filesize
3.9MB

Download
memory/1056-1-0x0000022DA7470000-0x0000022DA7480000-memory.dmp

Filesize
64KB

Download
memory/1056-0-0x00007FF642D10000-0x00007FF643102000-memory.dmp

Filesize
3.9MB

Download
memory/1860-123-0x00007FF650660000-0x00007FF650A52000-memory.dmp

Filesize
3.9MB

Download
memory/1860-2032-0x00007FF650660000-0x00007FF650A52000-memory.dmp

Filesize
3.9MB

Download
memory/1928-2073-0x00007FF6E3C50000-0x00007FF6E4042000-memory.dmp

Filesize
3.9MB

Download
memory/1928-326-0x00007FF6E3C50000-0x00007FF6E4042000-memory.dmp

Filesize
3.9MB

Download
memory/2056-2038-0x00007FF65E1C0000-0x00007FF65E5B2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-93-0x00007FF65E1C0000-0x00007FF65E5B2000-memory.dmp

Filesize
3.9MB

Download
memory/2336-318-0x00007FF619810000-0x00007FF619C02000-memory.dmp

Filesize
3.9MB

Download
memory/2336-2091-0x00007FF619810000-0x00007FF619C02000-memory.dmp

Filesize
3.9MB

Download
memory/2344-329-0x00007FF6746F0000-0x00007FF674AE2000-memory.dmp

Filesize
3.9MB

Download
memory/2344-2058-0x00007FF6746F0000-0x00007FF674AE2000-memory.dmp

Filesize
3.9MB

Download
memory/2544-320-0x00007FF693900000-0x00007FF693CF2000-memory.dmp

Filesize
3.9MB

Download
memory/2544-2068-0x00007FF693900000-0x00007FF693CF2000-memory.dmp

Filesize
3.9MB

Download
memory/2572-2034-0x00007FF6831B0000-0x00007FF6835A2000-memory.dmp

Filesize
3.9MB

Download
memory/2572-197-0x00007FF6831B0000-0x00007FF6835A2000-memory.dmp

Filesize
3.9MB

Download
memory/2744-251-0x00007FF7B5670000-0x00007FF7B5A62000-memory.dmp

Filesize
3.9MB

Download
memory/2744-2046-0x00007FF7B5670000-0x00007FF7B5A62000-memory.dmp

Filesize
3.9MB

Download
memory/2928-2053-0x00007FF73AA40000-0x00007FF73AE32000-memory.dmp

Filesize
3.9MB

Download
memory/2928-321-0x00007FF73AA40000-0x00007FF73AE32000-memory.dmp

Filesize
3.9MB

Download
memory/2944-2048-0x00007FF7E7810000-0x00007FF7E7C02000-memory.dmp

Filesize
3.9MB

Download
memory/2944-316-0x00007FF7E7810000-0x00007FF7E7C02000-memory.dmp

Filesize
3.9MB

Download
memory/3048-32-0x00007FF7A1640000-0x00007FF7A1A32000-memory.dmp

Filesize
3.9MB

Download
memory/3048-2030-0x00007FF7A1640000-0x00007FF7A1A32000-memory.dmp

Filesize
3.9MB

Download
memory/3092-2060-0x00007FF784AE0000-0x00007FF784ED2000-memory.dmp

Filesize
3.9MB

Download
memory/3092-317-0x00007FF784AE0000-0x00007FF784ED2000-memory.dmp

Filesize
3.9MB

Download
memory/3384-2062-0x00007FF66CC10000-0x00007FF66D002000-memory.dmp

Filesize
3.9MB

Download
memory/3384-323-0x00007FF66CC10000-0x00007FF66D002000-memory.dmp

Filesize
3.9MB

Download
memory/3564-324-0x00007FF6EE740000-0x00007FF6EEB32000-memory.dmp

Filesize
3.9MB

Download
memory/3564-2063-0x00007FF6EE740000-0x00007FF6EEB32000-memory.dmp

Filesize
3.9MB

Download
memory/3616-357-0x00000192C2AB0000-0x00000192C2AD2000-memory.dmp

Filesize
136KB

Download
memory/3616-114-0x00007FFDBD523000-0x00007FFDBD525000-memory.dmp

Filesize
8KB

Download
memory/3616-593-0x00000192C40F0000-0x00000192C4896000-memory.dmp

Filesize
7.6MB

Download
memory/3616-2678-0x00007FFDBD523000-0x00007FFDBD525000-memory.dmp

Filesize
8KB

Download
memory/3952-270-0x00007FF6D75D0000-0x00007FF6D79C2000-memory.dmp

Filesize
3.9MB

Download
memory/3952-2056-0x00007FF6D75D0000-0x00007FF6D79C2000-memory.dmp

Filesize
3.9MB

Download
memory/4140-322-0x00007FF748850000-0x00007FF748C42000-memory.dmp

Filesize
3.9MB

Download
memory/4140-2051-0x00007FF748850000-0x00007FF748C42000-memory.dmp

Filesize
3.9MB

Download
memory/4520-2044-0x00007FF7F2B60000-0x00007FF7F2F52000-memory.dmp

Filesize
3.9MB

Download
memory/4520-243-0x00007FF7F2B60000-0x00007FF7F2F52000-memory.dmp

Filesize
3.9MB

Download
memory/4584-2043-0x00007FF6DE820000-0x00007FF6DEC12000-memory.dmp

Filesize
3.9MB

Download
memory/4584-237-0x00007FF6DE820000-0x00007FF6DEC12000-memory.dmp

Filesize
3.9MB

Download
memory/4628-289-0x00007FF61CFD0000-0x00007FF61D3C2000-memory.dmp

Filesize
3.9MB

Download
memory/4628-2086-0x00007FF61CFD0000-0x00007FF61D3C2000-memory.dmp

Filesize
3.9MB

Download
memory/5052-2036-0x00007FF754660000-0x00007FF754A52000-memory.dmp

Filesize
3.9MB

Download
memory/5052-59-0x00007FF754660000-0x00007FF754A52000-memory.dmp

Filesize
3.9MB

Download
memory/5084-319-0x00007FF7147A0000-0x00007FF714B92000-memory.dmp

Filesize
3.9MB

Download
memory/5084-2085-0x00007FF7147A0000-0x00007FF714B92000-memory.dmp

Filesize
3.9MB

Download