xmrig | 842423aaa4bf01ec9b4bbd0704f9bf41072e90032417a3cae3aa2431aab1c983

Analysis

max time kernel
93s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d515a52c528739d33b9be76081d02d0N.exe
Size

2.3MB
MD5

9d515a52c528739d33b9be76081d02d0
SHA1

42aff2329d2518b211ba230d35f1e55d1f6d0257
SHA256

842423aaa4bf01ec9b4bbd0704f9bf41072e90032417a3cae3aa2431aab1c983
SHA512

26c52b9e13aaea6d82f63193aef530ab141aa4288f59c5ff57b7f5b6f2fd8afaa471fbe97cb576765fcb9bc713af49b9ea17b0b2e03bbb170db3c54a4b06cff6
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleWCw:NABn

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2224-46-0x00007FF736440000-0x00007FF736832000-memory.dmp	xmrig
behavioral2/memory/4452-64-0x00007FF608060000-0x00007FF608452000-memory.dmp	xmrig
behavioral2/memory/2136-83-0x00007FF622940000-0x00007FF622D32000-memory.dmp	xmrig
behavioral2/memory/3192-119-0x00007FF6D3230000-0x00007FF6D3622000-memory.dmp	xmrig
behavioral2/memory/2456-123-0x00007FF7274E0000-0x00007FF7278D2000-memory.dmp	xmrig
behavioral2/memory/3024-124-0x00007FF708A50000-0x00007FF708E42000-memory.dmp	xmrig
behavioral2/memory/3032-120-0x00007FF7DC630000-0x00007FF7DCA22000-memory.dmp	xmrig
behavioral2/memory/1732-105-0x00007FF7C20B0000-0x00007FF7C24A2000-memory.dmp	xmrig
behavioral2/memory/612-101-0x00007FF786180000-0x00007FF786572000-memory.dmp	xmrig
behavioral2/memory/2280-99-0x00007FF79AA00000-0x00007FF79ADF2000-memory.dmp	xmrig
behavioral2/memory/2000-94-0x00007FF741F50000-0x00007FF742342000-memory.dmp	xmrig
behavioral2/memory/872-89-0x00007FF746D60000-0x00007FF747152000-memory.dmp	xmrig
behavioral2/memory/4320-168-0x00007FF66EAA0000-0x00007FF66EE92000-memory.dmp	xmrig
behavioral2/memory/1604-167-0x00007FF657250000-0x00007FF657642000-memory.dmp	xmrig
behavioral2/memory/780-253-0x00007FF7B7E30000-0x00007FF7B8222000-memory.dmp	xmrig
behavioral2/memory/1820-235-0x00007FF652680000-0x00007FF652A72000-memory.dmp	xmrig
behavioral2/memory/1140-232-0x00007FF7F2F00000-0x00007FF7F32F2000-memory.dmp	xmrig
behavioral2/memory/2512-217-0x00007FF790D20000-0x00007FF791112000-memory.dmp	xmrig
behavioral2/memory/3136-214-0x00007FF77EDF0000-0x00007FF77F1E2000-memory.dmp	xmrig
behavioral2/memory/376-183-0x00007FF72B090000-0x00007FF72B482000-memory.dmp	xmrig
behavioral2/memory/4392-1179-0x00007FF799860000-0x00007FF799C52000-memory.dmp	xmrig
behavioral2/memory/1828-2175-0x00007FF601390000-0x00007FF601782000-memory.dmp	xmrig
behavioral2/memory/2328-2252-0x00007FF7364A0000-0x00007FF736892000-memory.dmp	xmrig
behavioral2/memory/4196-2273-0x00007FF6CA7E0000-0x00007FF6CABD2000-memory.dmp	xmrig
behavioral2/memory/3860-2274-0x00007FF708FE0000-0x00007FF7093D2000-memory.dmp	xmrig
behavioral2/memory/872-2296-0x00007FF746D60000-0x00007FF747152000-memory.dmp	xmrig
behavioral2/memory/3032-2298-0x00007FF7DC630000-0x00007FF7DCA22000-memory.dmp	xmrig
behavioral2/memory/3136-2300-0x00007FF77EDF0000-0x00007FF77F1E2000-memory.dmp	xmrig
behavioral2/memory/1604-2302-0x00007FF657250000-0x00007FF657642000-memory.dmp	xmrig
behavioral2/memory/2224-2304-0x00007FF736440000-0x00007FF736832000-memory.dmp	xmrig
behavioral2/memory/4320-2306-0x00007FF66EAA0000-0x00007FF66EE92000-memory.dmp	xmrig
behavioral2/memory/4452-2310-0x00007FF608060000-0x00007FF608452000-memory.dmp	xmrig
behavioral2/memory/1140-2309-0x00007FF7F2F00000-0x00007FF7F32F2000-memory.dmp	xmrig
behavioral2/memory/2000-2332-0x00007FF741F50000-0x00007FF742342000-memory.dmp	xmrig
behavioral2/memory/1828-2333-0x00007FF601390000-0x00007FF601782000-memory.dmp	xmrig
behavioral2/memory/1732-2337-0x00007FF7C20B0000-0x00007FF7C24A2000-memory.dmp	xmrig
behavioral2/memory/2280-2340-0x00007FF79AA00000-0x00007FF79ADF2000-memory.dmp	xmrig
behavioral2/memory/612-2336-0x00007FF786180000-0x00007FF786572000-memory.dmp	xmrig
behavioral2/memory/4392-2341-0x00007FF799860000-0x00007FF799C52000-memory.dmp	xmrig
behavioral2/memory/2456-2349-0x00007FF7274E0000-0x00007FF7278D2000-memory.dmp	xmrig
behavioral2/memory/3192-2348-0x00007FF6D3230000-0x00007FF6D3622000-memory.dmp	xmrig
behavioral2/memory/2328-2344-0x00007FF7364A0000-0x00007FF736892000-memory.dmp	xmrig
behavioral2/memory/3024-2346-0x00007FF708A50000-0x00007FF708E42000-memory.dmp	xmrig
behavioral2/memory/4196-2351-0x00007FF6CA7E0000-0x00007FF6CABD2000-memory.dmp	xmrig
behavioral2/memory/376-2384-0x00007FF72B090000-0x00007FF72B482000-memory.dmp	xmrig
behavioral2/memory/2512-2385-0x00007FF790D20000-0x00007FF791112000-memory.dmp	xmrig
behavioral2/memory/3860-2389-0x00007FF708FE0000-0x00007FF7093D2000-memory.dmp	xmrig
behavioral2/memory/1820-2388-0x00007FF652680000-0x00007FF652A72000-memory.dmp	xmrig
behavioral2/memory/780-2393-0x00007FF7B7E30000-0x00007FF7B8222000-memory.dmp	xmrig

Blocklisted process makes network request 10 IoCs

flow	pid	Process
3	1300	powershell.exe
5	1300	powershell.exe
9	1300	powershell.exe
10	1300	powershell.exe
12	1300	powershell.exe
13	1300	powershell.exe
15	1300	powershell.exe
19	1300	powershell.exe
20	1300	powershell.exe
21	1300	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1300	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
872	jzVflqZ.exe
3032	DBCddic.exe
1604	bFmFjAb.exe
3136	gXOPtCC.exe
4320	wcnaJGd.exe
1140	iHadXqZ.exe
2224	TCKdBzi.exe
4452	cKqgzSL.exe
4392	qRzSHLQ.exe
1828	bnCscwZ.exe
2000	XMpTdwv.exe
612	BbRwUFb.exe
2280	rLRwEhQ.exe
1732	pdULZWX.exe
2456	HbPARAu.exe
3024	CHnKttM.exe
3192	mXrrlpf.exe
2328	olbvzGG.exe
4196	lyYnzVs.exe
376	ceohzdO.exe
2512	yJoVekX.exe
1820	CiuVBIV.exe
3860	BBZfTtk.exe
780	aEAlxNw.exe
1580	hcRXFjn.exe
1932	gfaUyMe.exe
1020	YssAUdR.exe
3732	qNivvJc.exe
4388	rXQZTJq.exe
1864	oFtqISK.exe
2372	KmOKLFM.exe
4960	DZKNiUP.exe
1296	sqtkpLn.exe
3152	AhUCiOK.exe
3540	GvPIewH.exe
1076	ODDUwmy.exe
1512	xOAHUHu.exe
652	fKSvDlc.exe
4088	LCuwvKI.exe
2732	wLjMPZf.exe
1572	GQTBjFw.exe
4072	STpHduv.exe
2244	RmgPdqx.exe
2964	ShoJpmd.exe
4936	uswlQSn.exe
4128	qPBeFgo.exe
440	pZBTowz.exe
5076	tmjQrTq.exe
2380	pahKBny.exe
2488	zxFrLtD.exe
3768	glSpGNk.exe
1064	OBJkpeA.exe
4760	DLeYVwU.exe
4916	FhrRcCM.exe
916	yeCkmbd.exe
436	zyaOzjI.exe
4352	EphHRzz.exe
2604	faDfbmP.exe
2016	IXRacXQ.exe
3944	EFWIcQg.exe
1832	FutyQMC.exe
3400	kZBvKOv.exe
5116	xwsLZOi.exe
4308	SNnjxiY.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2136-0-0x00007FF622940000-0x00007FF622D32000-memory.dmp	upx
behavioral2/files/0x000800000002346d-5.dat	upx
behavioral2/files/0x0007000000023471-7.dat	upx
behavioral2/memory/872-9-0x00007FF746D60000-0x00007FF747152000-memory.dmp	upx
behavioral2/files/0x0007000000023474-38.dat	upx
behavioral2/memory/1140-39-0x00007FF7F2F00000-0x00007FF7F32F2000-memory.dmp	upx
behavioral2/files/0x0007000000023475-42.dat	upx
behavioral2/files/0x0007000000023476-48.dat	upx
behavioral2/memory/2224-46-0x00007FF736440000-0x00007FF736832000-memory.dmp	upx
behavioral2/files/0x0007000000023472-30.dat	upx
behavioral2/files/0x0007000000023473-33.dat	upx
behavioral2/memory/4320-31-0x00007FF66EAA0000-0x00007FF66EE92000-memory.dmp	upx
behavioral2/memory/3136-25-0x00007FF77EDF0000-0x00007FF77F1E2000-memory.dmp	upx
behavioral2/memory/1604-22-0x00007FF657250000-0x00007FF657642000-memory.dmp	upx
behavioral2/files/0x0008000000023470-18.dat	upx
behavioral2/memory/3032-16-0x00007FF7DC630000-0x00007FF7DCA22000-memory.dmp	upx
behavioral2/files/0x0008000000023478-68.dat	upx
behavioral2/files/0x0007000000023477-67.dat	upx
behavioral2/memory/4452-64-0x00007FF608060000-0x00007FF608452000-memory.dmp	upx
behavioral2/memory/4392-75-0x00007FF799860000-0x00007FF799C52000-memory.dmp	upx
behavioral2/memory/2136-83-0x00007FF622940000-0x00007FF622D32000-memory.dmp	upx
behavioral2/files/0x000700000002347b-90.dat	upx
behavioral2/files/0x0008000000023479-91.dat	upx
behavioral2/files/0x000700000002347c-102.dat	upx
behavioral2/files/0x000700000002347d-106.dat	upx
behavioral2/files/0x000700000002347e-112.dat	upx
behavioral2/memory/3192-119-0x00007FF6D3230000-0x00007FF6D3622000-memory.dmp	upx
behavioral2/memory/2456-123-0x00007FF7274E0000-0x00007FF7278D2000-memory.dmp	upx
behavioral2/memory/2328-128-0x00007FF7364A0000-0x00007FF736892000-memory.dmp	upx
behavioral2/files/0x0007000000023480-130.dat	upx
behavioral2/memory/4196-129-0x00007FF6CA7E0000-0x00007FF6CABD2000-memory.dmp	upx
behavioral2/files/0x000700000002347f-126.dat	upx
behavioral2/memory/3024-124-0x00007FF708A50000-0x00007FF708E42000-memory.dmp	upx
behavioral2/memory/3032-120-0x00007FF7DC630000-0x00007FF7DCA22000-memory.dmp	upx
behavioral2/memory/1732-105-0x00007FF7C20B0000-0x00007FF7C24A2000-memory.dmp	upx
behavioral2/memory/612-101-0x00007FF786180000-0x00007FF786572000-memory.dmp	upx
behavioral2/memory/2280-99-0x00007FF79AA00000-0x00007FF79ADF2000-memory.dmp	upx
behavioral2/memory/2000-94-0x00007FF741F50000-0x00007FF742342000-memory.dmp	upx
behavioral2/files/0x000700000002347a-93.dat	upx
behavioral2/memory/872-89-0x00007FF746D60000-0x00007FF747152000-memory.dmp	upx
behavioral2/memory/1828-80-0x00007FF601390000-0x00007FF601782000-memory.dmp	upx
behavioral2/files/0x000800000002346e-74.dat	upx
behavioral2/files/0x0007000000023481-155.dat	upx
behavioral2/files/0x000700000002348d-181.dat	upx
behavioral2/files/0x0007000000023489-171.dat	upx
behavioral2/memory/4320-168-0x00007FF66EAA0000-0x00007FF66EE92000-memory.dmp	upx
behavioral2/memory/1604-167-0x00007FF657250000-0x00007FF657642000-memory.dmp	upx
behavioral2/files/0x000700000002348c-176.dat	upx
behavioral2/files/0x0007000000023498-226.dat	upx
behavioral2/files/0x0007000000023492-250.dat	upx
behavioral2/memory/780-253-0x00007FF7B7E30000-0x00007FF7B8222000-memory.dmp	upx
behavioral2/files/0x000700000002349e-252.dat	upx
behavioral2/files/0x000700000002349d-251.dat	upx
behavioral2/files/0x0007000000023490-246.dat	upx
behavioral2/files/0x000700000002349c-242.dat	upx
behavioral2/memory/1820-235-0x00007FF652680000-0x00007FF652A72000-memory.dmp	upx
behavioral2/memory/1140-232-0x00007FF7F2F00000-0x00007FF7F32F2000-memory.dmp	upx
behavioral2/files/0x000700000002349b-231.dat	upx
behavioral2/files/0x0007000000023493-230.dat	upx
behavioral2/files/0x0007000000023499-229.dat	upx
behavioral2/files/0x000700000002348e-227.dat	upx
behavioral2/files/0x0007000000023497-225.dat	upx
behavioral2/files/0x0007000000023494-220.dat	upx
behavioral2/memory/2512-217-0x00007FF790D20000-0x00007FF791112000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YlcIHgb.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\RYOowAq.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\mSKuJEJ.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\AtBtctj.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\uswlQSn.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\EFWIcQg.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\kWANgBm.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\SzPAzOl.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\OEFKYVi.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\RhdKPrR.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\SxwGJOX.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\hcRXFjn.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\UthpTqN.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\rwOGzxI.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\QFaLgsJ.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\aLmqFYA.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\mGSDqgm.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\CLYnxNV.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\glSpGNk.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\FutyQMC.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\sECuPcq.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\IqURByN.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\onbeAkL.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\kKWPjKl.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\VBcSuRD.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\TCKdBzi.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\hbGgIFz.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\TGobdNT.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\hMMZqAB.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\tWLCpuW.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\qatFXKh.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\uNgROiv.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\HEKOVmY.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\UnLQNtX.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\hXuqUsQ.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\qocXyCj.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\gNrBnXN.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\KjTUlRk.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\vlYSnqa.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\DBCddic.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\ozlsyDo.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\bfYQqfm.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\QoJxxDh.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\jGOhNWz.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\qNivvJc.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\IDvpnAT.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\iqWMQfn.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\NjuWZvR.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\XbdYIqf.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\gXOPtCC.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\zyaOzjI.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\LKUBHXo.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\daKVXtc.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\SnOMkQj.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\rLRwEhQ.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\HAPNTPI.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\aWxqwip.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\WKSyvmD.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\djzQYot.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\pXapjwY.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\XZmZBmK.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\tmjQrTq.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\MZUPKru.exe	9d515a52c528739d33b9be76081d02d0N.exe
File created	C:\Windows\System\wtPKFJj.exe	9d515a52c528739d33b9be76081d02d0N.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1300	powershell.exe
1300	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2136	9d515a52c528739d33b9be76081d02d0N.exe
Token: SeLockMemoryPrivilege	2136	9d515a52c528739d33b9be76081d02d0N.exe
Token: SeDebugPrivilege	1300	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1300	2136	9d515a52c528739d33b9be76081d02d0N.exe	86
PID 2136 wrote to memory of 1300	2136	9d515a52c528739d33b9be76081d02d0N.exe	86
PID 2136 wrote to memory of 872	2136	9d515a52c528739d33b9be76081d02d0N.exe	87
PID 2136 wrote to memory of 872	2136	9d515a52c528739d33b9be76081d02d0N.exe	87
PID 2136 wrote to memory of 3032	2136	9d515a52c528739d33b9be76081d02d0N.exe	88
PID 2136 wrote to memory of 3032	2136	9d515a52c528739d33b9be76081d02d0N.exe	88
PID 2136 wrote to memory of 1604	2136	9d515a52c528739d33b9be76081d02d0N.exe	89
PID 2136 wrote to memory of 1604	2136	9d515a52c528739d33b9be76081d02d0N.exe	89
PID 2136 wrote to memory of 3136	2136	9d515a52c528739d33b9be76081d02d0N.exe	90
PID 2136 wrote to memory of 3136	2136	9d515a52c528739d33b9be76081d02d0N.exe	90
PID 2136 wrote to memory of 4320	2136	9d515a52c528739d33b9be76081d02d0N.exe	91
PID 2136 wrote to memory of 4320	2136	9d515a52c528739d33b9be76081d02d0N.exe	91
PID 2136 wrote to memory of 1140	2136	9d515a52c528739d33b9be76081d02d0N.exe	92
PID 2136 wrote to memory of 1140	2136	9d515a52c528739d33b9be76081d02d0N.exe	92
PID 2136 wrote to memory of 2224	2136	9d515a52c528739d33b9be76081d02d0N.exe	93
PID 2136 wrote to memory of 2224	2136	9d515a52c528739d33b9be76081d02d0N.exe	93
PID 2136 wrote to memory of 4452	2136	9d515a52c528739d33b9be76081d02d0N.exe	94
PID 2136 wrote to memory of 4452	2136	9d515a52c528739d33b9be76081d02d0N.exe	94
PID 2136 wrote to memory of 4392	2136	9d515a52c528739d33b9be76081d02d0N.exe	95
PID 2136 wrote to memory of 4392	2136	9d515a52c528739d33b9be76081d02d0N.exe	95
PID 2136 wrote to memory of 1828	2136	9d515a52c528739d33b9be76081d02d0N.exe	96
PID 2136 wrote to memory of 1828	2136	9d515a52c528739d33b9be76081d02d0N.exe	96
PID 2136 wrote to memory of 2000	2136	9d515a52c528739d33b9be76081d02d0N.exe	97
PID 2136 wrote to memory of 2000	2136	9d515a52c528739d33b9be76081d02d0N.exe	97
PID 2136 wrote to memory of 612	2136	9d515a52c528739d33b9be76081d02d0N.exe	98
PID 2136 wrote to memory of 612	2136	9d515a52c528739d33b9be76081d02d0N.exe	98
PID 2136 wrote to memory of 2280	2136	9d515a52c528739d33b9be76081d02d0N.exe	99
PID 2136 wrote to memory of 2280	2136	9d515a52c528739d33b9be76081d02d0N.exe	99
PID 2136 wrote to memory of 1732	2136	9d515a52c528739d33b9be76081d02d0N.exe	100
PID 2136 wrote to memory of 1732	2136	9d515a52c528739d33b9be76081d02d0N.exe	100
PID 2136 wrote to memory of 2456	2136	9d515a52c528739d33b9be76081d02d0N.exe	101
PID 2136 wrote to memory of 2456	2136	9d515a52c528739d33b9be76081d02d0N.exe	101
PID 2136 wrote to memory of 3024	2136	9d515a52c528739d33b9be76081d02d0N.exe	102
PID 2136 wrote to memory of 3024	2136	9d515a52c528739d33b9be76081d02d0N.exe	102
PID 2136 wrote to memory of 3192	2136	9d515a52c528739d33b9be76081d02d0N.exe	104
PID 2136 wrote to memory of 3192	2136	9d515a52c528739d33b9be76081d02d0N.exe	104
PID 2136 wrote to memory of 2328	2136	9d515a52c528739d33b9be76081d02d0N.exe	105
PID 2136 wrote to memory of 2328	2136	9d515a52c528739d33b9be76081d02d0N.exe	105
PID 2136 wrote to memory of 4196	2136	9d515a52c528739d33b9be76081d02d0N.exe	106
PID 2136 wrote to memory of 4196	2136	9d515a52c528739d33b9be76081d02d0N.exe	106
PID 2136 wrote to memory of 376	2136	9d515a52c528739d33b9be76081d02d0N.exe	107
PID 2136 wrote to memory of 376	2136	9d515a52c528739d33b9be76081d02d0N.exe	107
PID 2136 wrote to memory of 2512	2136	9d515a52c528739d33b9be76081d02d0N.exe	109
PID 2136 wrote to memory of 2512	2136	9d515a52c528739d33b9be76081d02d0N.exe	109
PID 2136 wrote to memory of 1820	2136	9d515a52c528739d33b9be76081d02d0N.exe	110
PID 2136 wrote to memory of 1820	2136	9d515a52c528739d33b9be76081d02d0N.exe	110
PID 2136 wrote to memory of 3860	2136	9d515a52c528739d33b9be76081d02d0N.exe	111
PID 2136 wrote to memory of 3860	2136	9d515a52c528739d33b9be76081d02d0N.exe	111
PID 2136 wrote to memory of 780	2136	9d515a52c528739d33b9be76081d02d0N.exe	112
PID 2136 wrote to memory of 780	2136	9d515a52c528739d33b9be76081d02d0N.exe	112
PID 2136 wrote to memory of 1580	2136	9d515a52c528739d33b9be76081d02d0N.exe	113
PID 2136 wrote to memory of 1580	2136	9d515a52c528739d33b9be76081d02d0N.exe	113
PID 2136 wrote to memory of 1932	2136	9d515a52c528739d33b9be76081d02d0N.exe	114
PID 2136 wrote to memory of 1932	2136	9d515a52c528739d33b9be76081d02d0N.exe	114
PID 2136 wrote to memory of 1296	2136	9d515a52c528739d33b9be76081d02d0N.exe	115
PID 2136 wrote to memory of 1296	2136	9d515a52c528739d33b9be76081d02d0N.exe	115
PID 2136 wrote to memory of 1020	2136	9d515a52c528739d33b9be76081d02d0N.exe	116
PID 2136 wrote to memory of 1020	2136	9d515a52c528739d33b9be76081d02d0N.exe	116
PID 2136 wrote to memory of 3732	2136	9d515a52c528739d33b9be76081d02d0N.exe	117
PID 2136 wrote to memory of 3732	2136	9d515a52c528739d33b9be76081d02d0N.exe	117
PID 2136 wrote to memory of 4388	2136	9d515a52c528739d33b9be76081d02d0N.exe	118
PID 2136 wrote to memory of 4388	2136	9d515a52c528739d33b9be76081d02d0N.exe	118
PID 2136 wrote to memory of 1864	2136	9d515a52c528739d33b9be76081d02d0N.exe	119
PID 2136 wrote to memory of 1864	2136	9d515a52c528739d33b9be76081d02d0N.exe	119

C:\Users\Admin\AppData\Local\Temp\9d515a52c528739d33b9be76081d02d0N.exe
"C:\Users\Admin\AppData\Local\Temp\9d515a52c528739d33b9be76081d02d0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1300
- C:\Windows\System\jzVflqZ.exe
  C:\Windows\System\jzVflqZ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\DBCddic.exe
  C:\Windows\System\DBCddic.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\bFmFjAb.exe
  C:\Windows\System\bFmFjAb.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\gXOPtCC.exe
  C:\Windows\System\gXOPtCC.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\wcnaJGd.exe
  C:\Windows\System\wcnaJGd.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\iHadXqZ.exe
  C:\Windows\System\iHadXqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\TCKdBzi.exe
  C:\Windows\System\TCKdBzi.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\cKqgzSL.exe
  C:\Windows\System\cKqgzSL.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\qRzSHLQ.exe
  C:\Windows\System\qRzSHLQ.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\bnCscwZ.exe
  C:\Windows\System\bnCscwZ.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\XMpTdwv.exe
  C:\Windows\System\XMpTdwv.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\BbRwUFb.exe
  C:\Windows\System\BbRwUFb.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\rLRwEhQ.exe
  C:\Windows\System\rLRwEhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\pdULZWX.exe
  C:\Windows\System\pdULZWX.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\HbPARAu.exe
  C:\Windows\System\HbPARAu.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\CHnKttM.exe
  C:\Windows\System\CHnKttM.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\mXrrlpf.exe
  C:\Windows\System\mXrrlpf.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\olbvzGG.exe
  C:\Windows\System\olbvzGG.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\lyYnzVs.exe
  C:\Windows\System\lyYnzVs.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\ceohzdO.exe
  C:\Windows\System\ceohzdO.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\yJoVekX.exe
  C:\Windows\System\yJoVekX.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\CiuVBIV.exe
  C:\Windows\System\CiuVBIV.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\BBZfTtk.exe
  C:\Windows\System\BBZfTtk.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\aEAlxNw.exe
  C:\Windows\System\aEAlxNw.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\hcRXFjn.exe
  C:\Windows\System\hcRXFjn.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\gfaUyMe.exe
  C:\Windows\System\gfaUyMe.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\sqtkpLn.exe
  C:\Windows\System\sqtkpLn.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\YssAUdR.exe
  C:\Windows\System\YssAUdR.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\qNivvJc.exe
  C:\Windows\System\qNivvJc.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\rXQZTJq.exe
  C:\Windows\System\rXQZTJq.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\oFtqISK.exe
  C:\Windows\System\oFtqISK.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\KmOKLFM.exe
  C:\Windows\System\KmOKLFM.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\DZKNiUP.exe
  C:\Windows\System\DZKNiUP.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\AhUCiOK.exe
  C:\Windows\System\AhUCiOK.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\GvPIewH.exe
  C:\Windows\System\GvPIewH.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\ODDUwmy.exe
  C:\Windows\System\ODDUwmy.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\xOAHUHu.exe
  C:\Windows\System\xOAHUHu.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\fKSvDlc.exe
  C:\Windows\System\fKSvDlc.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\LCuwvKI.exe
  C:\Windows\System\LCuwvKI.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\wLjMPZf.exe
  C:\Windows\System\wLjMPZf.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\GQTBjFw.exe
  C:\Windows\System\GQTBjFw.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\STpHduv.exe
  C:\Windows\System\STpHduv.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\RmgPdqx.exe
  C:\Windows\System\RmgPdqx.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ShoJpmd.exe
  C:\Windows\System\ShoJpmd.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\uswlQSn.exe
  C:\Windows\System\uswlQSn.exe
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Windows\System\qPBeFgo.exe
  C:\Windows\System\qPBeFgo.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\pZBTowz.exe
  C:\Windows\System\pZBTowz.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\tmjQrTq.exe
  C:\Windows\System\tmjQrTq.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\pahKBny.exe
  C:\Windows\System\pahKBny.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\zxFrLtD.exe
  C:\Windows\System\zxFrLtD.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\glSpGNk.exe
  C:\Windows\System\glSpGNk.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\OBJkpeA.exe
  C:\Windows\System\OBJkpeA.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\DLeYVwU.exe
  C:\Windows\System\DLeYVwU.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\FhrRcCM.exe
  C:\Windows\System\FhrRcCM.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\yeCkmbd.exe
  C:\Windows\System\yeCkmbd.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\EphHRzz.exe
  C:\Windows\System\EphHRzz.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\faDfbmP.exe
  C:\Windows\System\faDfbmP.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\zyaOzjI.exe
  C:\Windows\System\zyaOzjI.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\IXRacXQ.exe
  C:\Windows\System\IXRacXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\EFWIcQg.exe
  C:\Windows\System\EFWIcQg.exe
  2⤵
  - Executes dropped EXE
  PID:3944
- C:\Windows\System\gHNXOCq.exe
  C:\Windows\System\gHNXOCq.exe
  2⤵
  PID:4564
- C:\Windows\System\FutyQMC.exe
  C:\Windows\System\FutyQMC.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\kZBvKOv.exe
  C:\Windows\System\kZBvKOv.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\xwsLZOi.exe
  C:\Windows\System\xwsLZOi.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\SNnjxiY.exe
  C:\Windows\System\SNnjxiY.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\TGobdNT.exe
  C:\Windows\System\TGobdNT.exe
  2⤵
  PID:5088
- C:\Windows\System\QFxidzx.exe
  C:\Windows\System\QFxidzx.exe
  2⤵
  PID:4236
- C:\Windows\System\CPCcQfo.exe
  C:\Windows\System\CPCcQfo.exe
  2⤵
  PID:2148
- C:\Windows\System\XkVWIOE.exe
  C:\Windows\System\XkVWIOE.exe
  2⤵
  PID:4908
- C:\Windows\System\CqGVhgt.exe
  C:\Windows\System\CqGVhgt.exe
  2⤵
  PID:4864
- C:\Windows\System\RgrfvAr.exe
  C:\Windows\System\RgrfvAr.exe
  2⤵
  PID:208
- C:\Windows\System\UnLQNtX.exe
  C:\Windows\System\UnLQNtX.exe
  2⤵
  PID:3476
- C:\Windows\System\oiIqaEW.exe
  C:\Windows\System\oiIqaEW.exe
  2⤵
  PID:1816
- C:\Windows\System\ddmHWPx.exe
  C:\Windows\System\ddmHWPx.exe
  2⤵
  PID:3092
- C:\Windows\System\zYkFjTs.exe
  C:\Windows\System\zYkFjTs.exe
  2⤵
  PID:536
- C:\Windows\System\HAPNTPI.exe
  C:\Windows\System\HAPNTPI.exe
  2⤵
  PID:4996
- C:\Windows\System\ozlsyDo.exe
  C:\Windows\System\ozlsyDo.exe
  2⤵
  PID:756
- C:\Windows\System\CgrXtzk.exe
  C:\Windows\System\CgrXtzk.exe
  2⤵
  PID:4384
- C:\Windows\System\WcGUoHg.exe
  C:\Windows\System\WcGUoHg.exe
  2⤵
  PID:4064
- C:\Windows\System\HfWpllD.exe
  C:\Windows\System\HfWpllD.exe
  2⤵
  PID:3900
- C:\Windows\System\YxHUVrp.exe
  C:\Windows\System\YxHUVrp.exe
  2⤵
  PID:4612
- C:\Windows\System\XoQBDmx.exe
  C:\Windows\System\XoQBDmx.exe
  2⤵
  PID:4440
- C:\Windows\System\LKUBHXo.exe
  C:\Windows\System\LKUBHXo.exe
  2⤵
  PID:1264
- C:\Windows\System\EsVlceV.exe
  C:\Windows\System\EsVlceV.exe
  2⤵
  PID:3552
- C:\Windows\System\vWTzQss.exe
  C:\Windows\System\vWTzQss.exe
  2⤵
  PID:2876
- C:\Windows\System\loIjeMb.exe
  C:\Windows\System\loIjeMb.exe
  2⤵
  PID:3164
- C:\Windows\System\zvVuSwV.exe
  C:\Windows\System\zvVuSwV.exe
  2⤵
  PID:4920
- C:\Windows\System\RrcdnZj.exe
  C:\Windows\System\RrcdnZj.exe
  2⤵
  PID:856
- C:\Windows\System\CRlGMuP.exe
  C:\Windows\System\CRlGMuP.exe
  2⤵
  PID:928
- C:\Windows\System\asWheUC.exe
  C:\Windows\System\asWheUC.exe
  2⤵
  PID:5064
- C:\Windows\System\MdvLYPQ.exe
  C:\Windows\System\MdvLYPQ.exe
  2⤵
  PID:4200
- C:\Windows\System\idCvbtV.exe
  C:\Windows\System\idCvbtV.exe
  2⤵
  PID:540
- C:\Windows\System\HbRrJMr.exe
  C:\Windows\System\HbRrJMr.exe
  2⤵
  PID:3384
- C:\Windows\System\IPWHfiH.exe
  C:\Windows\System\IPWHfiH.exe
  2⤵
  PID:992
- C:\Windows\System\OqegCLu.exe
  C:\Windows\System\OqegCLu.exe
  2⤵
  PID:4620
- C:\Windows\System\OSfxBpC.exe
  C:\Windows\System\OSfxBpC.exe
  2⤵
  PID:3224
- C:\Windows\System\CsOVfxK.exe
  C:\Windows\System\CsOVfxK.exe
  2⤵
  PID:1220
- C:\Windows\System\sECuPcq.exe
  C:\Windows\System\sECuPcq.exe
  2⤵
  PID:1528
- C:\Windows\System\LktbKKS.exe
  C:\Windows\System\LktbKKS.exe
  2⤵
  PID:5128
- C:\Windows\System\wYPloBH.exe
  C:\Windows\System\wYPloBH.exe
  2⤵
  PID:5156
- C:\Windows\System\OWnjKzT.exe
  C:\Windows\System\OWnjKzT.exe
  2⤵
  PID:5216
- C:\Windows\System\HtUMxMQ.exe
  C:\Windows\System\HtUMxMQ.exe
  2⤵
  PID:5240
- C:\Windows\System\nKHBFCP.exe
  C:\Windows\System\nKHBFCP.exe
  2⤵
  PID:5268
- C:\Windows\System\ASribnD.exe
  C:\Windows\System\ASribnD.exe
  2⤵
  PID:5308
- C:\Windows\System\lvMcElq.exe
  C:\Windows\System\lvMcElq.exe
  2⤵
  PID:5328
- C:\Windows\System\TIWrshG.exe
  C:\Windows\System\TIWrshG.exe
  2⤵
  PID:5352
- C:\Windows\System\cuQsPak.exe
  C:\Windows\System\cuQsPak.exe
  2⤵
  PID:5372
- C:\Windows\System\CQDJnnM.exe
  C:\Windows\System\CQDJnnM.exe
  2⤵
  PID:5396
- C:\Windows\System\FyYjUTX.exe
  C:\Windows\System\FyYjUTX.exe
  2⤵
  PID:5452
- C:\Windows\System\CdEprBG.exe
  C:\Windows\System\CdEprBG.exe
  2⤵
  PID:5488
- C:\Windows\System\DfDbgpQ.exe
  C:\Windows\System\DfDbgpQ.exe
  2⤵
  PID:5516
- C:\Windows\System\ZdrzWEA.exe
  C:\Windows\System\ZdrzWEA.exe
  2⤵
  PID:5540
- C:\Windows\System\fITYhiD.exe
  C:\Windows\System\fITYhiD.exe
  2⤵
  PID:5576
- C:\Windows\System\jCxLsLT.exe
  C:\Windows\System\jCxLsLT.exe
  2⤵
  PID:5592
- C:\Windows\System\aWxqwip.exe
  C:\Windows\System\aWxqwip.exe
  2⤵
  PID:5616
- C:\Windows\System\lTYZPIF.exe
  C:\Windows\System\lTYZPIF.exe
  2⤵
  PID:5640
- C:\Windows\System\zPXbPQs.exe
  C:\Windows\System\zPXbPQs.exe
  2⤵
  PID:5660
- C:\Windows\System\ccnjGsG.exe
  C:\Windows\System\ccnjGsG.exe
  2⤵
  PID:5688
- C:\Windows\System\ureHsyg.exe
  C:\Windows\System\ureHsyg.exe
  2⤵
  PID:5712
- C:\Windows\System\kWANgBm.exe
  C:\Windows\System\kWANgBm.exe
  2⤵
  PID:5768
- C:\Windows\System\utgwJJB.exe
  C:\Windows\System\utgwJJB.exe
  2⤵
  PID:5828
- C:\Windows\System\AGbmCgG.exe
  C:\Windows\System\AGbmCgG.exe
  2⤵
  PID:5852
- C:\Windows\System\YlcIHgb.exe
  C:\Windows\System\YlcIHgb.exe
  2⤵
  PID:5876
- C:\Windows\System\vlMTuMi.exe
  C:\Windows\System\vlMTuMi.exe
  2⤵
  PID:5904
- C:\Windows\System\StPtmfl.exe
  C:\Windows\System\StPtmfl.exe
  2⤵
  PID:5928
- C:\Windows\System\cNzjHQA.exe
  C:\Windows\System\cNzjHQA.exe
  2⤵
  PID:5984
- C:\Windows\System\pqYxFlO.exe
  C:\Windows\System\pqYxFlO.exe
  2⤵
  PID:6012
- C:\Windows\System\cIWpXfa.exe
  C:\Windows\System\cIWpXfa.exe
  2⤵
  PID:6056
- C:\Windows\System\diJsTBt.exe
  C:\Windows\System\diJsTBt.exe
  2⤵
  PID:6096
- C:\Windows\System\YmBpFdQ.exe
  C:\Windows\System\YmBpFdQ.exe
  2⤵
  PID:6112
- C:\Windows\System\xoiSKQp.exe
  C:\Windows\System\xoiSKQp.exe
  2⤵
  PID:4776
- C:\Windows\System\YAgzCAk.exe
  C:\Windows\System\YAgzCAk.exe
  2⤵
  PID:5172
- C:\Windows\System\rEpiPzf.exe
  C:\Windows\System\rEpiPzf.exe
  2⤵
  PID:5192
- C:\Windows\System\tXDnQRs.exe
  C:\Windows\System\tXDnQRs.exe
  2⤵
  PID:5364
- C:\Windows\System\nvkCMDT.exe
  C:\Windows\System\nvkCMDT.exe
  2⤵
  PID:5528
- C:\Windows\System\dgrMqmP.exe
  C:\Windows\System\dgrMqmP.exe
  2⤵
  PID:5536
- C:\Windows\System\VvPQOvZ.exe
  C:\Windows\System\VvPQOvZ.exe
  2⤵
  PID:5612
- C:\Windows\System\ASdrpoK.exe
  C:\Windows\System\ASdrpoK.exe
  2⤵
  PID:1060
- C:\Windows\System\BjhGZAp.exe
  C:\Windows\System\BjhGZAp.exe
  2⤵
  PID:5636
- C:\Windows\System\NimMMHo.exe
  C:\Windows\System\NimMMHo.exe
  2⤵
  PID:5844
- C:\Windows\System\UhUFoeN.exe
  C:\Windows\System\UhUFoeN.exe
  2⤵
  PID:5744
- C:\Windows\System\DNSkmQY.exe
  C:\Windows\System\DNSkmQY.exe
  2⤵
  PID:5952
- C:\Windows\System\kaKGVBk.exe
  C:\Windows\System\kaKGVBk.exe
  2⤵
  PID:5992
- C:\Windows\System\GVjRgbc.exe
  C:\Windows\System\GVjRgbc.exe
  2⤵
  PID:5968
- C:\Windows\System\WsnTiMx.exe
  C:\Windows\System\WsnTiMx.exe
  2⤵
  PID:6068
- C:\Windows\System\HSDPreM.exe
  C:\Windows\System\HSDPreM.exe
  2⤵
  PID:6124
- C:\Windows\System\GlmACWV.exe
  C:\Windows\System\GlmACWV.exe
  2⤵
  PID:5148
- C:\Windows\System\zzHbSmS.exe
  C:\Windows\System\zzHbSmS.exe
  2⤵
  PID:5360
- C:\Windows\System\mepeCoa.exe
  C:\Windows\System\mepeCoa.exe
  2⤵
  PID:5416
- C:\Windows\System\HEKOVmY.exe
  C:\Windows\System\HEKOVmY.exe
  2⤵
  PID:5468
- C:\Windows\System\sWOISix.exe
  C:\Windows\System\sWOISix.exe
  2⤵
  PID:5608
- C:\Windows\System\dFeBQVb.exe
  C:\Windows\System\dFeBQVb.exe
  2⤵
  PID:5656
- C:\Windows\System\XGXqYAD.exe
  C:\Windows\System\XGXqYAD.exe
  2⤵
  PID:5796
- C:\Windows\System\SQouteb.exe
  C:\Windows\System\SQouteb.exe
  2⤵
  PID:5860
- C:\Windows\System\uHfWuhq.exe
  C:\Windows\System\uHfWuhq.exe
  2⤵
  PID:5940
- C:\Windows\System\IokoFdF.exe
  C:\Windows\System\IokoFdF.exe
  2⤵
  PID:5136
- C:\Windows\System\iHekXUL.exe
  C:\Windows\System\iHekXUL.exe
  2⤵
  PID:5652
- C:\Windows\System\tQFrYFi.exe
  C:\Windows\System\tQFrYFi.exe
  2⤵
  PID:5564
- C:\Windows\System\HXrzuPY.exe
  C:\Windows\System\HXrzuPY.exe
  2⤵
  PID:5788
- C:\Windows\System\TGGDbms.exe
  C:\Windows\System\TGGDbms.exe
  2⤵
  PID:5868
- C:\Windows\System\FFCYimL.exe
  C:\Windows\System\FFCYimL.exe
  2⤵
  PID:5420
- C:\Windows\System\uimitPP.exe
  C:\Windows\System\uimitPP.exe
  2⤵
  PID:6000
- C:\Windows\System\elpVBmG.exe
  C:\Windows\System\elpVBmG.exe
  2⤵
  PID:6160
- C:\Windows\System\qyHNObr.exe
  C:\Windows\System\qyHNObr.exe
  2⤵
  PID:6184
- C:\Windows\System\ltEnFph.exe
  C:\Windows\System\ltEnFph.exe
  2⤵
  PID:6220
- C:\Windows\System\earnWfF.exe
  C:\Windows\System\earnWfF.exe
  2⤵
  PID:6256
- C:\Windows\System\zAVXgFE.exe
  C:\Windows\System\zAVXgFE.exe
  2⤵
  PID:6272
- C:\Windows\System\Osmkhmg.exe
  C:\Windows\System\Osmkhmg.exe
  2⤵
  PID:6300
- C:\Windows\System\IDvpnAT.exe
  C:\Windows\System\IDvpnAT.exe
  2⤵
  PID:6340
- C:\Windows\System\txOvCid.exe
  C:\Windows\System\txOvCid.exe
  2⤵
  PID:6360
- C:\Windows\System\IJqisfT.exe
  C:\Windows\System\IJqisfT.exe
  2⤵
  PID:6412
- C:\Windows\System\ZFqzDHd.exe
  C:\Windows\System\ZFqzDHd.exe
  2⤵
  PID:6436
- C:\Windows\System\daKVXtc.exe
  C:\Windows\System\daKVXtc.exe
  2⤵
  PID:6456
- C:\Windows\System\swXtrVj.exe
  C:\Windows\System\swXtrVj.exe
  2⤵
  PID:6492
- C:\Windows\System\hqQqqQv.exe
  C:\Windows\System\hqQqqQv.exe
  2⤵
  PID:6516
- C:\Windows\System\GHGuRij.exe
  C:\Windows\System\GHGuRij.exe
  2⤵
  PID:6564
- C:\Windows\System\ccqIrEX.exe
  C:\Windows\System\ccqIrEX.exe
  2⤵
  PID:6584
- C:\Windows\System\MZUPKru.exe
  C:\Windows\System\MZUPKru.exe
  2⤵
  PID:6612
- C:\Windows\System\SzaOREK.exe
  C:\Windows\System\SzaOREK.exe
  2⤵
  PID:6644
- C:\Windows\System\kukwmeJ.exe
  C:\Windows\System\kukwmeJ.exe
  2⤵
  PID:6668
- C:\Windows\System\hXuqUsQ.exe
  C:\Windows\System\hXuqUsQ.exe
  2⤵
  PID:6696
- C:\Windows\System\SssYhEL.exe
  C:\Windows\System\SssYhEL.exe
  2⤵
  PID:6716
- C:\Windows\System\mxXwIsl.exe
  C:\Windows\System\mxXwIsl.exe
  2⤵
  PID:6744
- C:\Windows\System\laCAqwC.exe
  C:\Windows\System\laCAqwC.exe
  2⤵
  PID:6764
- C:\Windows\System\dBqYlXx.exe
  C:\Windows\System\dBqYlXx.exe
  2⤵
  PID:6808
- C:\Windows\System\aNyruKl.exe
  C:\Windows\System\aNyruKl.exe
  2⤵
  PID:6824
- C:\Windows\System\MvOnVuv.exe
  C:\Windows\System\MvOnVuv.exe
  2⤵
  PID:6876
- C:\Windows\System\vCWzvXO.exe
  C:\Windows\System\vCWzvXO.exe
  2⤵
  PID:6904
- C:\Windows\System\CLYnxNV.exe
  C:\Windows\System\CLYnxNV.exe
  2⤵
  PID:6952
- C:\Windows\System\qgKmfnU.exe
  C:\Windows\System\qgKmfnU.exe
  2⤵
  PID:6980
- C:\Windows\System\uogJuKU.exe
  C:\Windows\System\uogJuKU.exe
  2⤵
  PID:7008
- C:\Windows\System\YrSMZwr.exe
  C:\Windows\System\YrSMZwr.exe
  2⤵
  PID:7040
- C:\Windows\System\bfYQqfm.exe
  C:\Windows\System\bfYQqfm.exe
  2⤵
  PID:7068
- C:\Windows\System\DyADMTt.exe
  C:\Windows\System\DyADMTt.exe
  2⤵
  PID:7124
- C:\Windows\System\lSSPzLJ.exe
  C:\Windows\System\lSSPzLJ.exe
  2⤵
  PID:7144
- C:\Windows\System\iqWMQfn.exe
  C:\Windows\System\iqWMQfn.exe
  2⤵
  PID:6008
- C:\Windows\System\tiMKNNs.exe
  C:\Windows\System\tiMKNNs.exe
  2⤵
  PID:6176
- C:\Windows\System\tEUjpNp.exe
  C:\Windows\System\tEUjpNp.exe
  2⤵
  PID:6264
- C:\Windows\System\sDrsqiu.exe
  C:\Windows\System\sDrsqiu.exe
  2⤵
  PID:5096
- C:\Windows\System\jLNZCrh.exe
  C:\Windows\System\jLNZCrh.exe
  2⤵
  PID:6356
- C:\Windows\System\BihcUWM.exe
  C:\Windows\System\BihcUWM.exe
  2⤵
  PID:6352
- C:\Windows\System\NeOHHZn.exe
  C:\Windows\System\NeOHHZn.exe
  2⤵
  PID:6528
- C:\Windows\System\dGQgiJX.exe
  C:\Windows\System\dGQgiJX.exe
  2⤵
  PID:6484
- C:\Windows\System\qtadDzj.exe
  C:\Windows\System\qtadDzj.exe
  2⤵
  PID:6596
- C:\Windows\System\VLhhlPS.exe
  C:\Windows\System\VLhhlPS.exe
  2⤵
  PID:6688
- C:\Windows\System\MvSkcgK.exe
  C:\Windows\System\MvSkcgK.exe
  2⤵
  PID:6652
- C:\Windows\System\WKSyvmD.exe
  C:\Windows\System\WKSyvmD.exe
  2⤵
  PID:6756
- C:\Windows\System\SzPAzOl.exe
  C:\Windows\System\SzPAzOl.exe
  2⤵
  PID:6856
- C:\Windows\System\jpogdkU.exe
  C:\Windows\System\jpogdkU.exe
  2⤵
  PID:6884
- C:\Windows\System\hMMZqAB.exe
  C:\Windows\System\hMMZqAB.exe
  2⤵
  PID:6972
- C:\Windows\System\bryugaW.exe
  C:\Windows\System\bryugaW.exe
  2⤵
  PID:6988
- C:\Windows\System\FuxguxN.exe
  C:\Windows\System\FuxguxN.exe
  2⤵
  PID:7052
- C:\Windows\System\nWyOrdp.exe
  C:\Windows\System\nWyOrdp.exe
  2⤵
  PID:7164
- C:\Windows\System\OtaIWEw.exe
  C:\Windows\System\OtaIWEw.exe
  2⤵
  PID:5728
- C:\Windows\System\uvvoZUz.exe
  C:\Windows\System\uvvoZUz.exe
  2⤵
  PID:6280
- C:\Windows\System\vPoRYHL.exe
  C:\Windows\System\vPoRYHL.exe
  2⤵
  PID:6512
- C:\Windows\System\UthpTqN.exe
  C:\Windows\System\UthpTqN.exe
  2⤵
  PID:6604
- C:\Windows\System\EDdTIwp.exe
  C:\Windows\System\EDdTIwp.exe
  2⤵
  PID:6680
- C:\Windows\System\isnlAEI.exe
  C:\Windows\System\isnlAEI.exe
  2⤵
  PID:6960
- C:\Windows\System\hTqIEnb.exe
  C:\Windows\System\hTqIEnb.exe
  2⤵
  PID:7020
- C:\Windows\System\SnOMkQj.exe
  C:\Windows\System\SnOMkQj.exe
  2⤵
  PID:6372
- C:\Windows\System\tactjgE.exe
  C:\Windows\System\tactjgE.exe
  2⤵
  PID:7116
- C:\Windows\System\bamBQeG.exe
  C:\Windows\System\bamBQeG.exe
  2⤵
  PID:6776
- C:\Windows\System\yRDCJkv.exe
  C:\Windows\System\yRDCJkv.exe
  2⤵
  PID:6664
- C:\Windows\System\njghiRu.exe
  C:\Windows\System\njghiRu.exe
  2⤵
  PID:6212
- C:\Windows\System\SrwOmDA.exe
  C:\Windows\System\SrwOmDA.exe
  2⤵
  PID:6080
- C:\Windows\System\aARQDbW.exe
  C:\Windows\System\aARQDbW.exe
  2⤵
  PID:7180
- C:\Windows\System\ghvrxAt.exe
  C:\Windows\System\ghvrxAt.exe
  2⤵
  PID:7204
- C:\Windows\System\SzIXXzs.exe
  C:\Windows\System\SzIXXzs.exe
  2⤵
  PID:7236
- C:\Windows\System\RYOowAq.exe
  C:\Windows\System\RYOowAq.exe
  2⤵
  PID:7256
- C:\Windows\System\SbIQRHs.exe
  C:\Windows\System\SbIQRHs.exe
  2⤵
  PID:7284
- C:\Windows\System\lZMOEup.exe
  C:\Windows\System\lZMOEup.exe
  2⤵
  PID:7328
- C:\Windows\System\WwmwEiP.exe
  C:\Windows\System\WwmwEiP.exe
  2⤵
  PID:7380
- C:\Windows\System\dopLwgs.exe
  C:\Windows\System\dopLwgs.exe
  2⤵
  PID:7404
- C:\Windows\System\iWTQBJM.exe
  C:\Windows\System\iWTQBJM.exe
  2⤵
  PID:7428
- C:\Windows\System\sHefUTt.exe
  C:\Windows\System\sHefUTt.exe
  2⤵
  PID:7448
- C:\Windows\System\zpDMKAZ.exe
  C:\Windows\System\zpDMKAZ.exe
  2⤵
  PID:7472
- C:\Windows\System\npzcNAf.exe
  C:\Windows\System\npzcNAf.exe
  2⤵
  PID:7496
- C:\Windows\System\qSDzpTZ.exe
  C:\Windows\System\qSDzpTZ.exe
  2⤵
  PID:7524
- C:\Windows\System\upziAmy.exe
  C:\Windows\System\upziAmy.exe
  2⤵
  PID:7548
- C:\Windows\System\SdhHrqp.exe
  C:\Windows\System\SdhHrqp.exe
  2⤵
  PID:7576
- C:\Windows\System\jMhDjvT.exe
  C:\Windows\System\jMhDjvT.exe
  2⤵
  PID:7592
- C:\Windows\System\EqGzBGH.exe
  C:\Windows\System\EqGzBGH.exe
  2⤵
  PID:7624
- C:\Windows\System\rTZOfbg.exe
  C:\Windows\System\rTZOfbg.exe
  2⤵
  PID:7652
- C:\Windows\System\IqURByN.exe
  C:\Windows\System\IqURByN.exe
  2⤵
  PID:7668
- C:\Windows\System\YRyPzDi.exe
  C:\Windows\System\YRyPzDi.exe
  2⤵
  PID:7696
- C:\Windows\System\ZgZTlRU.exe
  C:\Windows\System\ZgZTlRU.exe
  2⤵
  PID:7720
- C:\Windows\System\wtPKFJj.exe
  C:\Windows\System\wtPKFJj.exe
  2⤵
  PID:7744
- C:\Windows\System\rysuOQR.exe
  C:\Windows\System\rysuOQR.exe
  2⤵
  PID:7764
- C:\Windows\System\ncIEgVZ.exe
  C:\Windows\System\ncIEgVZ.exe
  2⤵
  PID:7816
- C:\Windows\System\rwOGzxI.exe
  C:\Windows\System\rwOGzxI.exe
  2⤵
  PID:7844
- C:\Windows\System\OEFKYVi.exe
  C:\Windows\System\OEFKYVi.exe
  2⤵
  PID:7924
- C:\Windows\System\fUEWcZV.exe
  C:\Windows\System\fUEWcZV.exe
  2⤵
  PID:7944
- C:\Windows\System\pNKLNps.exe
  C:\Windows\System\pNKLNps.exe
  2⤵
  PID:7988
- C:\Windows\System\irxcNbt.exe
  C:\Windows\System\irxcNbt.exe
  2⤵
  PID:8028
- C:\Windows\System\RhdKPrR.exe
  C:\Windows\System\RhdKPrR.exe
  2⤵
  PID:8044
- C:\Windows\System\ddUiAMo.exe
  C:\Windows\System\ddUiAMo.exe
  2⤵
  PID:8068
- C:\Windows\System\fwWRryW.exe
  C:\Windows\System\fwWRryW.exe
  2⤵
  PID:8108
- C:\Windows\System\OPlgTWG.exe
  C:\Windows\System\OPlgTWG.exe
  2⤵
  PID:8152
- C:\Windows\System\vqNbcWB.exe
  C:\Windows\System\vqNbcWB.exe
  2⤵
  PID:8176
- C:\Windows\System\hwJuaIl.exe
  C:\Windows\System\hwJuaIl.exe
  2⤵
  PID:6944
- C:\Windows\System\kPGCYAU.exe
  C:\Windows\System\kPGCYAU.exe
  2⤵
  PID:7224
- C:\Windows\System\dcizJkn.exe
  C:\Windows\System\dcizJkn.exe
  2⤵
  PID:7368
- C:\Windows\System\kaOZLei.exe
  C:\Windows\System\kaOZLei.exe
  2⤵
  PID:7504
- C:\Windows\System\KxdGzkB.exe
  C:\Windows\System\KxdGzkB.exe
  2⤵
  PID:7556
- C:\Windows\System\QFaLgsJ.exe
  C:\Windows\System\QFaLgsJ.exe
  2⤵
  PID:7636
- C:\Windows\System\izaKakp.exe
  C:\Windows\System\izaKakp.exe
  2⤵
  PID:7684
- C:\Windows\System\beSkPeY.exe
  C:\Windows\System\beSkPeY.exe
  2⤵
  PID:7756
- C:\Windows\System\folhOIT.exe
  C:\Windows\System\folhOIT.exe
  2⤵
  PID:7664
- C:\Windows\System\guPmYfG.exe
  C:\Windows\System\guPmYfG.exe
  2⤵
  PID:7704
- C:\Windows\System\njvEzbI.exe
  C:\Windows\System\njvEzbI.exe
  2⤵
  PID:7836
- C:\Windows\System\pAekBKj.exe
  C:\Windows\System\pAekBKj.exe
  2⤵
  PID:7912
- C:\Windows\System\ciCjuLm.exe
  C:\Windows\System\ciCjuLm.exe
  2⤵
  PID:8076
- C:\Windows\System\FQJjpPV.exe
  C:\Windows\System\FQJjpPV.exe
  2⤵
  PID:8164
- C:\Windows\System\WcytTUU.exe
  C:\Windows\System\WcytTUU.exe
  2⤵
  PID:7252
- C:\Windows\System\UnQCAsP.exe
  C:\Windows\System\UnQCAsP.exe
  2⤵
  PID:7296
- C:\Windows\System\twZxDwY.exe
  C:\Windows\System\twZxDwY.exe
  2⤵
  PID:7540
- C:\Windows\System\PTNwUpr.exe
  C:\Windows\System\PTNwUpr.exe
  2⤵
  PID:7440
- C:\Windows\System\HoRrFUA.exe
  C:\Windows\System\HoRrFUA.exe
  2⤵
  PID:7608
- C:\Windows\System\TDbKEac.exe
  C:\Windows\System\TDbKEac.exe
  2⤵
  PID:7660
- C:\Windows\System\wFnaPSx.exe
  C:\Windows\System\wFnaPSx.exe
  2⤵
  PID:7812
- C:\Windows\System\blMnrQH.exe
  C:\Windows\System\blMnrQH.exe
  2⤵
  PID:8040
- C:\Windows\System\IlxUZcP.exe
  C:\Windows\System\IlxUZcP.exe
  2⤵
  PID:7460
- C:\Windows\System\uoKBsZk.exe
  C:\Windows\System\uoKBsZk.exe
  2⤵
  PID:7228
- C:\Windows\System\MJpFluo.exe
  C:\Windows\System\MJpFluo.exe
  2⤵
  PID:7788
- C:\Windows\System\dpEZwNs.exe
  C:\Windows\System\dpEZwNs.exe
  2⤵
  PID:8124
- C:\Windows\System\zexQwMW.exe
  C:\Windows\System\zexQwMW.exe
  2⤵
  PID:8140
- C:\Windows\System\GCwZncb.exe
  C:\Windows\System\GCwZncb.exe
  2⤵
  PID:7464
- C:\Windows\System\VmKUsko.exe
  C:\Windows\System\VmKUsko.exe
  2⤵
  PID:8196
- C:\Windows\System\Lfhiboa.exe
  C:\Windows\System\Lfhiboa.exe
  2⤵
  PID:8232
- C:\Windows\System\EDTWWoI.exe
  C:\Windows\System\EDTWWoI.exe
  2⤵
  PID:8256
- C:\Windows\System\FdsTCEm.exe
  C:\Windows\System\FdsTCEm.exe
  2⤵
  PID:8276
- C:\Windows\System\UprTgPj.exe
  C:\Windows\System\UprTgPj.exe
  2⤵
  PID:8300
- C:\Windows\System\EzyAThV.exe
  C:\Windows\System\EzyAThV.exe
  2⤵
  PID:8320
- C:\Windows\System\lWPqfML.exe
  C:\Windows\System\lWPqfML.exe
  2⤵
  PID:8344
- C:\Windows\System\KqURKHU.exe
  C:\Windows\System\KqURKHU.exe
  2⤵
  PID:8368
- C:\Windows\System\waWCOoV.exe
  C:\Windows\System\waWCOoV.exe
  2⤵
  PID:8408
- C:\Windows\System\CPmvBvh.exe
  C:\Windows\System\CPmvBvh.exe
  2⤵
  PID:8456
- C:\Windows\System\mbKOhsk.exe
  C:\Windows\System\mbKOhsk.exe
  2⤵
  PID:8484
- C:\Windows\System\TeuNzBD.exe
  C:\Windows\System\TeuNzBD.exe
  2⤵
  PID:8504
- C:\Windows\System\aLmqFYA.exe
  C:\Windows\System\aLmqFYA.exe
  2⤵
  PID:8520
- C:\Windows\System\laYRMjR.exe
  C:\Windows\System\laYRMjR.exe
  2⤵
  PID:8556
- C:\Windows\System\nPGfSdi.exe
  C:\Windows\System\nPGfSdi.exe
  2⤵
  PID:8576
- C:\Windows\System\PBPeaqG.exe
  C:\Windows\System\PBPeaqG.exe
  2⤵
  PID:8604
- C:\Windows\System\CsVroey.exe
  C:\Windows\System\CsVroey.exe
  2⤵
  PID:8636
- C:\Windows\System\TmxsUUo.exe
  C:\Windows\System\TmxsUUo.exe
  2⤵
  PID:8660
- C:\Windows\System\nhlIpzJ.exe
  C:\Windows\System\nhlIpzJ.exe
  2⤵
  PID:8732
- C:\Windows\System\pEyxNbi.exe
  C:\Windows\System\pEyxNbi.exe
  2⤵
  PID:8748
- C:\Windows\System\pwwxhxC.exe
  C:\Windows\System\pwwxhxC.exe
  2⤵
  PID:8768
- C:\Windows\System\qocXyCj.exe
  C:\Windows\System\qocXyCj.exe
  2⤵
  PID:8792
- C:\Windows\System\QMgIoti.exe
  C:\Windows\System\QMgIoti.exe
  2⤵
  PID:8812
- C:\Windows\System\lbqgfyo.exe
  C:\Windows\System\lbqgfyo.exe
  2⤵
  PID:8848
- C:\Windows\System\RJfylsj.exe
  C:\Windows\System\RJfylsj.exe
  2⤵
  PID:8868
- C:\Windows\System\BBFtLGx.exe
  C:\Windows\System\BBFtLGx.exe
  2⤵
  PID:8896
- C:\Windows\System\fbBdgWN.exe
  C:\Windows\System\fbBdgWN.exe
  2⤵
  PID:8924
- C:\Windows\System\pPFOQaE.exe
  C:\Windows\System\pPFOQaE.exe
  2⤵
  PID:8948
- C:\Windows\System\OdxZPNz.exe
  C:\Windows\System\OdxZPNz.exe
  2⤵
  PID:8972
- C:\Windows\System\nzezoiR.exe
  C:\Windows\System\nzezoiR.exe
  2⤵
  PID:9016
- C:\Windows\System\yviBlao.exe
  C:\Windows\System\yviBlao.exe
  2⤵
  PID:9052
- C:\Windows\System\NDLpcPT.exe
  C:\Windows\System\NDLpcPT.exe
  2⤵
  PID:9076
- C:\Windows\System\jcguapy.exe
  C:\Windows\System\jcguapy.exe
  2⤵
  PID:9092
- C:\Windows\System\pKKDqtN.exe
  C:\Windows\System\pKKDqtN.exe
  2⤵
  PID:9116
- C:\Windows\System\VwuYvqX.exe
  C:\Windows\System\VwuYvqX.exe
  2⤵
  PID:9156
- C:\Windows\System\wvYgakR.exe
  C:\Windows\System\wvYgakR.exe
  2⤵
  PID:9180
- C:\Windows\System\qllXsca.exe
  C:\Windows\System\qllXsca.exe
  2⤵
  PID:9200
- C:\Windows\System\WesKAjf.exe
  C:\Windows\System\WesKAjf.exe
  2⤵
  PID:8188
- C:\Windows\System\OGtBCUP.exe
  C:\Windows\System\OGtBCUP.exe
  2⤵
  PID:8224
- C:\Windows\System\poWaPdl.exe
  C:\Windows\System\poWaPdl.exe
  2⤵
  PID:8292
- C:\Windows\System\pmFXpVY.exe
  C:\Windows\System\pmFXpVY.exe
  2⤵
  PID:8336
- C:\Windows\System\ErBTKnA.exe
  C:\Windows\System\ErBTKnA.exe
  2⤵
  PID:8480
- C:\Windows\System\QYXoWbV.exe
  C:\Windows\System\QYXoWbV.exe
  2⤵
  PID:8496
- C:\Windows\System\QzDBFwD.exe
  C:\Windows\System\QzDBFwD.exe
  2⤵
  PID:8628
- C:\Windows\System\bsMyXzW.exe
  C:\Windows\System\bsMyXzW.exe
  2⤵
  PID:8684
- C:\Windows\System\QOkxKVG.exe
  C:\Windows\System\QOkxKVG.exe
  2⤵
  PID:8712
- C:\Windows\System\IYcAlKw.exe
  C:\Windows\System\IYcAlKw.exe
  2⤵
  PID:8776
- C:\Windows\System\UMvQLPF.exe
  C:\Windows\System\UMvQLPF.exe
  2⤵
  PID:8832
- C:\Windows\System\tNMFoJa.exe
  C:\Windows\System\tNMFoJa.exe
  2⤵
  PID:8880
- C:\Windows\System\yPANPrz.exe
  C:\Windows\System\yPANPrz.exe
  2⤵
  PID:8960
- C:\Windows\System\uccMJjj.exe
  C:\Windows\System\uccMJjj.exe
  2⤵
  PID:9044
- C:\Windows\System\dRITDlE.exe
  C:\Windows\System\dRITDlE.exe
  2⤵
  PID:9136
- C:\Windows\System\AuuMgPz.exe
  C:\Windows\System\AuuMgPz.exe
  2⤵
  PID:9196
- C:\Windows\System\BaSGwSc.exe
  C:\Windows\System\BaSGwSc.exe
  2⤵
  PID:8240
- C:\Windows\System\jzwXGgs.exe
  C:\Windows\System\jzwXGgs.exe
  2⤵
  PID:8452
- C:\Windows\System\ELWaoyK.exe
  C:\Windows\System\ELWaoyK.exe
  2⤵
  PID:8572
- C:\Windows\System\MWuJUOB.exe
  C:\Windows\System\MWuJUOB.exe
  2⤵
  PID:8716
- C:\Windows\System\YWjpRFJ.exe
  C:\Windows\System\YWjpRFJ.exe
  2⤵
  PID:8864
- C:\Windows\System\Tohnipa.exe
  C:\Windows\System\Tohnipa.exe
  2⤵
  PID:8992
- C:\Windows\System\TumZDNb.exe
  C:\Windows\System\TumZDNb.exe
  2⤵
  PID:9008
- C:\Windows\System\wvmNOJN.exe
  C:\Windows\System\wvmNOJN.exe
  2⤵
  PID:9168
- C:\Windows\System\tqggeWD.exe
  C:\Windows\System\tqggeWD.exe
  2⤵
  PID:8436
- C:\Windows\System\LvUetSU.exe
  C:\Windows\System\LvUetSU.exe
  2⤵
  PID:8616
- C:\Windows\System\FXbTQIs.exe
  C:\Windows\System\FXbTQIs.exe
  2⤵
  PID:8308
- C:\Windows\System\iWIxbOR.exe
  C:\Windows\System\iWIxbOR.exe
  2⤵
  PID:9252
- C:\Windows\System\VKBjPWl.exe
  C:\Windows\System\VKBjPWl.exe
  2⤵
  PID:9276
- C:\Windows\System\gNrBnXN.exe
  C:\Windows\System\gNrBnXN.exe
  2⤵
  PID:9316
- C:\Windows\System\mSKuJEJ.exe
  C:\Windows\System\mSKuJEJ.exe
  2⤵
  PID:9344
- C:\Windows\System\lJQQZsL.exe
  C:\Windows\System\lJQQZsL.exe
  2⤵
  PID:9368
- C:\Windows\System\CMbhUZW.exe
  C:\Windows\System\CMbhUZW.exe
  2⤵
  PID:9400
- C:\Windows\System\EnrjHps.exe
  C:\Windows\System\EnrjHps.exe
  2⤵
  PID:9428
- C:\Windows\System\ZVjXQZa.exe
  C:\Windows\System\ZVjXQZa.exe
  2⤵
  PID:9444
- C:\Windows\System\OyqpKsS.exe
  C:\Windows\System\OyqpKsS.exe
  2⤵
  PID:9460
- C:\Windows\System\WJeXqsC.exe
  C:\Windows\System\WJeXqsC.exe
  2⤵
  PID:9480
- C:\Windows\System\ccNwhBm.exe
  C:\Windows\System\ccNwhBm.exe
  2⤵
  PID:9504
- C:\Windows\System\iWvhQyU.exe
  C:\Windows\System\iWvhQyU.exe
  2⤵
  PID:9524
- C:\Windows\System\DxwBYVO.exe
  C:\Windows\System\DxwBYVO.exe
  2⤵
  PID:9548
- C:\Windows\System\mVukglO.exe
  C:\Windows\System\mVukglO.exe
  2⤵
  PID:9568
- C:\Windows\System\oheIYqp.exe
  C:\Windows\System\oheIYqp.exe
  2⤵
  PID:9596
- C:\Windows\System\RJOGgMD.exe
  C:\Windows\System\RJOGgMD.exe
  2⤵
  PID:9620
- C:\Windows\System\HHehrCO.exe
  C:\Windows\System\HHehrCO.exe
  2⤵
  PID:9656
- C:\Windows\System\ZTjMIPi.exe
  C:\Windows\System\ZTjMIPi.exe
  2⤵
  PID:9684
- C:\Windows\System\AiCBtYc.exe
  C:\Windows\System\AiCBtYc.exe
  2⤵
  PID:9720
- C:\Windows\System\qicfZyO.exe
  C:\Windows\System\qicfZyO.exe
  2⤵
  PID:9788
- C:\Windows\System\fpDYSVo.exe
  C:\Windows\System\fpDYSVo.exe
  2⤵
  PID:9820
- C:\Windows\System\QzPSyEs.exe
  C:\Windows\System\QzPSyEs.exe
  2⤵
  PID:9844
- C:\Windows\System\CFLTUkP.exe
  C:\Windows\System\CFLTUkP.exe
  2⤵
  PID:9864
- C:\Windows\System\fsXjpZC.exe
  C:\Windows\System\fsXjpZC.exe
  2⤵
  PID:9884
- C:\Windows\System\DRCUFcz.exe
  C:\Windows\System\DRCUFcz.exe
  2⤵
  PID:9912
- C:\Windows\System\MahSJvS.exe
  C:\Windows\System\MahSJvS.exe
  2⤵
  PID:9936
- C:\Windows\System\VOHcZYm.exe
  C:\Windows\System\VOHcZYm.exe
  2⤵
  PID:9980
- C:\Windows\System\PMlxFmh.exe
  C:\Windows\System\PMlxFmh.exe
  2⤵
  PID:10004
- C:\Windows\System\mQSLVDc.exe
  C:\Windows\System\mQSLVDc.exe
  2⤵
  PID:10044
- C:\Windows\System\UGCkNKi.exe
  C:\Windows\System\UGCkNKi.exe
  2⤵
  PID:10068
- C:\Windows\System\SVwQjJe.exe
  C:\Windows\System\SVwQjJe.exe
  2⤵
  PID:10088
- C:\Windows\System\unzUtce.exe
  C:\Windows\System\unzUtce.exe
  2⤵
  PID:10104
- C:\Windows\System\UltYbYi.exe
  C:\Windows\System\UltYbYi.exe
  2⤵
  PID:10124
- C:\Windows\System\ojdCkKb.exe
  C:\Windows\System\ojdCkKb.exe
  2⤵
  PID:10176
- C:\Windows\System\RXmZXEt.exe
  C:\Windows\System\RXmZXEt.exe
  2⤵
  PID:10200
- C:\Windows\System\ptQgahj.exe
  C:\Windows\System\ptQgahj.exe
  2⤵
  PID:10216
- C:\Windows\System\xBojJKM.exe
  C:\Windows\System\xBojJKM.exe
  2⤵
  PID:8704
- C:\Windows\System\pzfEOoM.exe
  C:\Windows\System\pzfEOoM.exe
  2⤵
  PID:9272
- C:\Windows\System\mKhdpQd.exe
  C:\Windows\System\mKhdpQd.exe
  2⤵
  PID:9340
- C:\Windows\System\lpwiOCo.exe
  C:\Windows\System\lpwiOCo.exe
  2⤵
  PID:9392
- C:\Windows\System\ZEJpjRv.exe
  C:\Windows\System\ZEJpjRv.exe
  2⤵
  PID:9456
- C:\Windows\System\WVyTzcX.exe
  C:\Windows\System\WVyTzcX.exe
  2⤵
  PID:9496
- C:\Windows\System\RLvWeMx.exe
  C:\Windows\System\RLvWeMx.exe
  2⤵
  PID:9540
- C:\Windows\System\QuktcZK.exe
  C:\Windows\System\QuktcZK.exe
  2⤵
  PID:9588
- C:\Windows\System\BTZXznd.exe
  C:\Windows\System\BTZXznd.exe
  2⤵
  PID:9672
- C:\Windows\System\LHenuCM.exe
  C:\Windows\System\LHenuCM.exe
  2⤵
  PID:9784
- C:\Windows\System\QXeboZK.exe
  C:\Windows\System\QXeboZK.exe
  2⤵
  PID:9836
- C:\Windows\System\KjTUlRk.exe
  C:\Windows\System\KjTUlRk.exe
  2⤵
  PID:9880
- C:\Windows\System\tBHFnOh.exe
  C:\Windows\System\tBHFnOh.exe
  2⤵
  PID:9968
- C:\Windows\System\peuUpMV.exe
  C:\Windows\System\peuUpMV.exe
  2⤵
  PID:10024
- C:\Windows\System\XQkfCiC.exe
  C:\Windows\System\XQkfCiC.exe
  2⤵
  PID:10080
- C:\Windows\System\TgUuUuz.exe
  C:\Windows\System\TgUuUuz.exe
  2⤵
  PID:10144
- C:\Windows\System\lrPwgMo.exe
  C:\Windows\System\lrPwgMo.exe
  2⤵
  PID:8596
- C:\Windows\System\KOzyZBT.exe
  C:\Windows\System\KOzyZBT.exe
  2⤵
  PID:9380
- C:\Windows\System\YurZiHi.exe
  C:\Windows\System\YurZiHi.exe
  2⤵
  PID:9452
- C:\Windows\System\PeKTQbc.exe
  C:\Windows\System\PeKTQbc.exe
  2⤵
  PID:9516
- C:\Windows\System\zwGqbJv.exe
  C:\Windows\System\zwGqbJv.exe
  2⤵
  PID:9860
- C:\Windows\System\OWrunnF.exe
  C:\Windows\System\OWrunnF.exe
  2⤵
  PID:9904
- C:\Windows\System\PaYCDLm.exe
  C:\Windows\System\PaYCDLm.exe
  2⤵
  PID:10136
- C:\Windows\System\nZqjrFh.exe
  C:\Windows\System\nZqjrFh.exe
  2⤵
  PID:10196
- C:\Windows\System\JIiKmRI.exe
  C:\Windows\System\JIiKmRI.exe
  2⤵
  PID:9576
- C:\Windows\System\kLBUKWB.exe
  C:\Windows\System\kLBUKWB.exe
  2⤵
  PID:9956
- C:\Windows\System\vlYSnqa.exe
  C:\Windows\System\vlYSnqa.exe
  2⤵
  PID:10116
- C:\Windows\System\kPMKMxF.exe
  C:\Windows\System\kPMKMxF.exe
  2⤵
  PID:9832
- C:\Windows\System\cnrIcjB.exe
  C:\Windows\System\cnrIcjB.exe
  2⤵
  PID:10268
- C:\Windows\System\idLzLCI.exe
  C:\Windows\System\idLzLCI.exe
  2⤵
  PID:10288
- C:\Windows\System\tyawlbA.exe
  C:\Windows\System\tyawlbA.exe
  2⤵
  PID:10336
- C:\Windows\System\SxwGJOX.exe
  C:\Windows\System\SxwGJOX.exe
  2⤵
  PID:10372
- C:\Windows\System\GBosamv.exe
  C:\Windows\System\GBosamv.exe
  2⤵
  PID:10416
- C:\Windows\System\gRsJPYv.exe
  C:\Windows\System\gRsJPYv.exe
  2⤵
  PID:10432
- C:\Windows\System\eFcmRYc.exe
  C:\Windows\System\eFcmRYc.exe
  2⤵
  PID:10448
- C:\Windows\System\ZkpOtcC.exe
  C:\Windows\System\ZkpOtcC.exe
  2⤵
  PID:10464
- C:\Windows\System\XOLXssm.exe
  C:\Windows\System\XOLXssm.exe
  2⤵
  PID:10480
- C:\Windows\System\OqgnjdT.exe
  C:\Windows\System\OqgnjdT.exe
  2⤵
  PID:10500
- C:\Windows\System\HnNaVKY.exe
  C:\Windows\System\HnNaVKY.exe
  2⤵
  PID:10516
- C:\Windows\System\kTxUijM.exe
  C:\Windows\System\kTxUijM.exe
  2⤵
  PID:10532
- C:\Windows\System\WJEkSMZ.exe
  C:\Windows\System\WJEkSMZ.exe
  2⤵
  PID:10600
- C:\Windows\System\bFspPdt.exe
  C:\Windows\System\bFspPdt.exe
  2⤵
  PID:10628
- C:\Windows\System\cFOIwKL.exe
  C:\Windows\System\cFOIwKL.exe
  2⤵
  PID:10648
- C:\Windows\System\KIbOSaw.exe
  C:\Windows\System\KIbOSaw.exe
  2⤵
  PID:10672
- C:\Windows\System\XnXuwZI.exe
  C:\Windows\System\XnXuwZI.exe
  2⤵
  PID:10692
- C:\Windows\System\xLYRoHk.exe
  C:\Windows\System\xLYRoHk.exe
  2⤵
  PID:10724
- C:\Windows\System\vvCusSI.exe
  C:\Windows\System\vvCusSI.exe
  2⤵
  PID:10748
- C:\Windows\System\cGPbfNw.exe
  C:\Windows\System\cGPbfNw.exe
  2⤵
  PID:10772
- C:\Windows\System\PilIZjf.exe
  C:\Windows\System\PilIZjf.exe
  2⤵
  PID:10792
- C:\Windows\System\ccSnVta.exe
  C:\Windows\System\ccSnVta.exe
  2⤵
  PID:10812
- C:\Windows\System\kjuJKLX.exe
  C:\Windows\System\kjuJKLX.exe
  2⤵
  PID:10876
- C:\Windows\System\eBTWCgU.exe
  C:\Windows\System\eBTWCgU.exe
  2⤵
  PID:10900
- C:\Windows\System\UNqovGe.exe
  C:\Windows\System\UNqovGe.exe
  2⤵
  PID:10924
- C:\Windows\System\WyvPGGw.exe
  C:\Windows\System\WyvPGGw.exe
  2⤵
  PID:10948
- C:\Windows\System\RkwYRet.exe
  C:\Windows\System\RkwYRet.exe
  2⤵
  PID:10976
- C:\Windows\System\ZBWiYiM.exe
  C:\Windows\System\ZBWiYiM.exe
  2⤵
  PID:11000
- C:\Windows\System\IiBiHFr.exe
  C:\Windows\System\IiBiHFr.exe
  2⤵
  PID:11024
- C:\Windows\System\lygQUWJ.exe
  C:\Windows\System\lygQUWJ.exe
  2⤵
  PID:11040
- C:\Windows\System\JsiJSbL.exe
  C:\Windows\System\JsiJSbL.exe
  2⤵
  PID:11068
- C:\Windows\System\FDiDlep.exe
  C:\Windows\System\FDiDlep.exe
  2⤵
  PID:11108
- C:\Windows\System\BvOwdrl.exe
  C:\Windows\System\BvOwdrl.exe
  2⤵
  PID:11128
- C:\Windows\System\qrXQOwT.exe
  C:\Windows\System\qrXQOwT.exe
  2⤵
  PID:11192
- C:\Windows\System\jigeSqw.exe
  C:\Windows\System\jigeSqw.exe
  2⤵
  PID:11228
- C:\Windows\System\FXFhLpN.exe
  C:\Windows\System\FXFhLpN.exe
  2⤵
  PID:11244
- C:\Windows\System\hUZABpj.exe
  C:\Windows\System\hUZABpj.exe
  2⤵
  PID:9756
- C:\Windows\System\iFrBKBf.exe
  C:\Windows\System\iFrBKBf.exe
  2⤵
  PID:10308
- C:\Windows\System\mGSDqgm.exe
  C:\Windows\System\mGSDqgm.exe
  2⤵
  PID:10368
- C:\Windows\System\elNnFYE.exe
  C:\Windows\System\elNnFYE.exe
  2⤵
  PID:10408
- C:\Windows\System\onbeAkL.exe
  C:\Windows\System\onbeAkL.exe
  2⤵
  PID:10476
- C:\Windows\System\OpxzXme.exe
  C:\Windows\System\OpxzXme.exe
  2⤵
  PID:10524
- C:\Windows\System\CaxBumx.exe
  C:\Windows\System\CaxBumx.exe
  2⤵
  PID:10612
- C:\Windows\System\cKGGNFS.exe
  C:\Windows\System\cKGGNFS.exe
  2⤵
  PID:10588
- C:\Windows\System\MdlYPoo.exe
  C:\Windows\System\MdlYPoo.exe
  2⤵
  PID:10660
- C:\Windows\System\OSAoLeR.exe
  C:\Windows\System\OSAoLeR.exe
  2⤵
  PID:10828
- C:\Windows\System\VnNDFHw.exe
  C:\Windows\System\VnNDFHw.exe
  2⤵
  PID:10940
- C:\Windows\System\hiNsPAL.exe
  C:\Windows\System\hiNsPAL.exe
  2⤵
  PID:10920
- C:\Windows\System\tWLCpuW.exe
  C:\Windows\System\tWLCpuW.exe
  2⤵
  PID:11048
- C:\Windows\System\KoaKTrL.exe
  C:\Windows\System\KoaKTrL.exe
  2⤵
  PID:11060
- C:\Windows\System\nyrCXTu.exe
  C:\Windows\System\nyrCXTu.exe
  2⤵
  PID:11136
- C:\Windows\System\QwtzzaF.exe
  C:\Windows\System\QwtzzaF.exe
  2⤵
  PID:11236
- C:\Windows\System\kKWPjKl.exe
  C:\Windows\System\kKWPjKl.exe
  2⤵
  PID:10348
- C:\Windows\System\XjlMUvt.exe
  C:\Windows\System\XjlMUvt.exe
  2⤵
  PID:10384
- C:\Windows\System\EDHuOgq.exe
  C:\Windows\System\EDHuOgq.exe
  2⤵
  PID:10508
- C:\Windows\System\oYasnRL.exe
  C:\Windows\System\oYasnRL.exe
  2⤵
  PID:10684
- C:\Windows\System\WcXRojn.exe
  C:\Windows\System\WcXRojn.exe
  2⤵
  PID:10808
- C:\Windows\System\WZXbwOt.exe
  C:\Windows\System\WZXbwOt.exe
  2⤵
  PID:10884
- C:\Windows\System\ioWJASH.exe
  C:\Windows\System\ioWJASH.exe
  2⤵
  PID:11092
- C:\Windows\System\yZHTkMt.exe
  C:\Windows\System\yZHTkMt.exe
  2⤵
  PID:11240
- C:\Windows\System\MEMvGHy.exe
  C:\Windows\System\MEMvGHy.exe
  2⤵
  PID:10644
- C:\Windows\System\jeTbjVZ.exe
  C:\Windows\System\jeTbjVZ.exe
  2⤵
  PID:10000
- C:\Windows\System\GApogCV.exe
  C:\Windows\System\GApogCV.exe
  2⤵
  PID:10424
- C:\Windows\System\qWkpVMC.exe
  C:\Windows\System\qWkpVMC.exe
  2⤵
  PID:10608
- C:\Windows\System\UlTNHLn.exe
  C:\Windows\System\UlTNHLn.exe
  2⤵
  PID:11268
- C:\Windows\System\sKMMTKY.exe
  C:\Windows\System\sKMMTKY.exe
  2⤵
  PID:11312
- C:\Windows\System\sjAPqkS.exe
  C:\Windows\System\sjAPqkS.exe
  2⤵
  PID:11336
- C:\Windows\System\uoDYXsM.exe
  C:\Windows\System\uoDYXsM.exe
  2⤵
  PID:11360
- C:\Windows\System\NLLZHNo.exe
  C:\Windows\System\NLLZHNo.exe
  2⤵
  PID:11380
- C:\Windows\System\uwyecSu.exe
  C:\Windows\System\uwyecSu.exe
  2⤵
  PID:11408
- C:\Windows\System\gwFvUfi.exe
  C:\Windows\System\gwFvUfi.exe
  2⤵
  PID:11428
- C:\Windows\System\HyxxSJm.exe
  C:\Windows\System\HyxxSJm.exe
  2⤵
  PID:11448
- C:\Windows\System\kstKHbo.exe
  C:\Windows\System\kstKHbo.exe
  2⤵
  PID:11472
- C:\Windows\System\VaREDHp.exe
  C:\Windows\System\VaREDHp.exe
  2⤵
  PID:11496
- C:\Windows\System\AtBtctj.exe
  C:\Windows\System\AtBtctj.exe
  2⤵
  PID:11516
- C:\Windows\System\BWvAGHu.exe
  C:\Windows\System\BWvAGHu.exe
  2⤵
  PID:11556
- C:\Windows\System\ypkLHfp.exe
  C:\Windows\System\ypkLHfp.exe
  2⤵
  PID:11580
- C:\Windows\System\ECnAuJT.exe
  C:\Windows\System\ECnAuJT.exe
  2⤵
  PID:11604
- C:\Windows\System\EVrVWOQ.exe
  C:\Windows\System\EVrVWOQ.exe
  2⤵
  PID:11676
- C:\Windows\System\nGLCTiy.exe
  C:\Windows\System\nGLCTiy.exe
  2⤵
  PID:11700
- C:\Windows\System\CJNZiTB.exe
  C:\Windows\System\CJNZiTB.exe
  2⤵
  PID:11728
- C:\Windows\System\nfMhLcX.exe
  C:\Windows\System\nfMhLcX.exe
  2⤵
  PID:11748
- C:\Windows\System\XbAfjGM.exe
  C:\Windows\System\XbAfjGM.exe
  2⤵
  PID:11776
- C:\Windows\System\EfCROGy.exe
  C:\Windows\System\EfCROGy.exe
  2⤵
  PID:11800
- C:\Windows\System\BRBbxRK.exe
  C:\Windows\System\BRBbxRK.exe
  2⤵
  PID:11820
- C:\Windows\System\RCPzotw.exe
  C:\Windows\System\RCPzotw.exe
  2⤵
  PID:11844
- C:\Windows\System\yvLcOwV.exe
  C:\Windows\System\yvLcOwV.exe
  2⤵
  PID:11872
- C:\Windows\System\swShPdI.exe
  C:\Windows\System\swShPdI.exe
  2⤵
  PID:11904
- C:\Windows\System\FjrKHoM.exe
  C:\Windows\System\FjrKHoM.exe
  2⤵
  PID:11932
- C:\Windows\System\gxfRgdm.exe
  C:\Windows\System\gxfRgdm.exe
  2⤵
  PID:11952
- C:\Windows\System\CFTjueQ.exe
  C:\Windows\System\CFTjueQ.exe
  2⤵
  PID:11976
- C:\Windows\System\rEHZkoe.exe
  C:\Windows\System\rEHZkoe.exe
  2⤵
  PID:12000
- C:\Windows\System\AUrphlK.exe
  C:\Windows\System\AUrphlK.exe
  2⤵
  PID:12036
- C:\Windows\System\Wfqxwwa.exe
  C:\Windows\System\Wfqxwwa.exe
  2⤵
  PID:12076
- C:\Windows\System\sLBEjYi.exe
  C:\Windows\System\sLBEjYi.exe
  2⤵
  PID:12112
- C:\Windows\System\BJbuCRd.exe
  C:\Windows\System\BJbuCRd.exe
  2⤵
  PID:12132
- C:\Windows\System\CGZekNG.exe
  C:\Windows\System\CGZekNG.exe
  2⤵
  PID:12160
- C:\Windows\System\ASfXnDj.exe
  C:\Windows\System\ASfXnDj.exe
  2⤵
  PID:12180
- C:\Windows\System\isVIRKz.exe
  C:\Windows\System\isVIRKz.exe
  2⤵
  PID:12232
- C:\Windows\System\VIyhWwp.exe
  C:\Windows\System\VIyhWwp.exe
  2⤵
  PID:12264
- C:\Windows\System\LyVpOgm.exe
  C:\Windows\System\LyVpOgm.exe
  2⤵
  PID:12280
- C:\Windows\System\IkvUXlV.exe
  C:\Windows\System\IkvUXlV.exe
  2⤵
  PID:11304
- C:\Windows\System\KEIDYee.exe
  C:\Windows\System\KEIDYee.exe
  2⤵
  PID:11348
- C:\Windows\System\ltNwUnU.exe
  C:\Windows\System\ltNwUnU.exe
  2⤵
  PID:11420
- C:\Windows\System\nbNpWPz.exe
  C:\Windows\System\nbNpWPz.exe
  2⤵
  PID:11508
- C:\Windows\System\rNAEXNb.exe
  C:\Windows\System\rNAEXNb.exe
  2⤵
  PID:11576
- C:\Windows\System\OYtbZJa.exe
  C:\Windows\System\OYtbZJa.exe
  2⤵
  PID:11616
- C:\Windows\System\EbRyMwm.exe
  C:\Windows\System\EbRyMwm.exe
  2⤵
  PID:11696
- C:\Windows\System\qukdmep.exe
  C:\Windows\System\qukdmep.exe
  2⤵
  PID:11784
- C:\Windows\System\pdHOlqI.exe
  C:\Windows\System\pdHOlqI.exe
  2⤵
  PID:11812
- C:\Windows\System\EQkCDff.exe
  C:\Windows\System\EQkCDff.exe
  2⤵
  PID:11840
- C:\Windows\System\hbGgIFz.exe
  C:\Windows\System\hbGgIFz.exe
  2⤵
  PID:1480
- C:\Windows\System\AgjeAOv.exe
  C:\Windows\System\AgjeAOv.exe
  2⤵
  PID:12044
- C:\Windows\System\MJBJRyr.exe
  C:\Windows\System\MJBJRyr.exe
  2⤵
  PID:4464
- C:\Windows\System\YEZFUVG.exe
  C:\Windows\System\YEZFUVG.exe
  2⤵
  PID:12124
- C:\Windows\System\tOOGLlW.exe
  C:\Windows\System\tOOGLlW.exe
  2⤵
  PID:12156
- C:\Windows\System\VdzreNW.exe
  C:\Windows\System\VdzreNW.exe
  2⤵
  PID:12224
- C:\Windows\System\TJXgFNu.exe
  C:\Windows\System\TJXgFNu.exe
  2⤵
  PID:12272
- C:\Windows\System\XpUExFS.exe
  C:\Windows\System\XpUExFS.exe
  2⤵
  PID:11536
- C:\Windows\System\KdAdioK.exe
  C:\Windows\System\KdAdioK.exe
  2⤵
  PID:11600
- C:\Windows\System\tccfvwi.exe
  C:\Windows\System\tccfvwi.exe
  2⤵
  PID:11688
- C:\Windows\System\QoJxxDh.exe
  C:\Windows\System\QoJxxDh.exe
  2⤵
  PID:11884
- C:\Windows\System\lFiBUiA.exe
  C:\Windows\System\lFiBUiA.exe
  2⤵
  PID:12032
- C:\Windows\System\qatFXKh.exe
  C:\Windows\System\qatFXKh.exe
  2⤵
  PID:12068
- C:\Windows\System\oDyMFFi.exe
  C:\Windows\System\oDyMFFi.exe
  2⤵
  PID:12256
- C:\Windows\System\eCJwXzo.exe
  C:\Windows\System\eCJwXzo.exe
  2⤵
  PID:11588
- C:\Windows\System\MxfQeII.exe
  C:\Windows\System\MxfQeII.exe
  2⤵
  PID:11896
- C:\Windows\System\BgnJEcd.exe
  C:\Windows\System\BgnJEcd.exe
  2⤵
  PID:12204
- C:\Windows\System\BsjoEDo.exe
  C:\Windows\System\BsjoEDo.exe
  2⤵
  PID:11768
- C:\Windows\System\LzYBekc.exe
  C:\Windows\System\LzYBekc.exe
  2⤵
  PID:11948
- C:\Windows\System\IugnLfO.exe
  C:\Windows\System\IugnLfO.exe
  2⤵
  PID:12300
- C:\Windows\System\yhLVXhL.exe
  C:\Windows\System\yhLVXhL.exe
  2⤵
  PID:12348
- C:\Windows\System\uJAaPJe.exe
  C:\Windows\System\uJAaPJe.exe
  2⤵
  PID:12372
- C:\Windows\System\nDFyOcL.exe
  C:\Windows\System\nDFyOcL.exe
  2⤵
  PID:12400
- C:\Windows\System\JhHSdpb.exe
  C:\Windows\System\JhHSdpb.exe
  2⤵
  PID:12420
- C:\Windows\System\PPwwHzC.exe
  C:\Windows\System\PPwwHzC.exe
  2⤵
  PID:12440
- C:\Windows\System\NaTsMEl.exe
  C:\Windows\System\NaTsMEl.exe
  2⤵
  PID:12464
- C:\Windows\System\NWdEnbQ.exe
  C:\Windows\System\NWdEnbQ.exe
  2⤵
  PID:12504
- C:\Windows\System\mHHPXkK.exe
  C:\Windows\System\mHHPXkK.exe
  2⤵
  PID:12532
- C:\Windows\System\fxCzPCb.exe
  C:\Windows\System\fxCzPCb.exe
  2⤵
  PID:12556
- C:\Windows\System\McFyVoW.exe
  C:\Windows\System\McFyVoW.exe
  2⤵
  PID:12600
- C:\Windows\System\pgCNAoo.exe
  C:\Windows\System\pgCNAoo.exe
  2⤵
  PID:12620
- C:\Windows\System\ELpRFIv.exe
  C:\Windows\System\ELpRFIv.exe
  2⤵
  PID:12652
- C:\Windows\System\rzVOIfc.exe
  C:\Windows\System\rzVOIfc.exe
  2⤵
  PID:12676
- C:\Windows\System\mTMmCkE.exe
  C:\Windows\System\mTMmCkE.exe
  2⤵
  PID:12700
- C:\Windows\System\aZumryz.exe
  C:\Windows\System\aZumryz.exe
  2⤵
  PID:12724
- C:\Windows\System\dfVEaWd.exe
  C:\Windows\System\dfVEaWd.exe
  2⤵
  PID:12744
- C:\Windows\System\VxydXyW.exe
  C:\Windows\System\VxydXyW.exe
  2⤵
  PID:12772
- C:\Windows\System\EgUzkFi.exe
  C:\Windows\System\EgUzkFi.exe
  2⤵
  PID:12800
- C:\Windows\System\pxvcCEI.exe
  C:\Windows\System\pxvcCEI.exe
  2⤵
  PID:12828
- C:\Windows\System\LrXWvRC.exe
  C:\Windows\System\LrXWvRC.exe
  2⤵
  PID:12880
- C:\Windows\System\HXswjvz.exe
  C:\Windows\System\HXswjvz.exe
  2⤵
  PID:12904
- C:\Windows\System\ZOIGsEB.exe
  C:\Windows\System\ZOIGsEB.exe
  2⤵
  PID:12940
- C:\Windows\System\VDzipCl.exe
  C:\Windows\System\VDzipCl.exe
  2⤵
  PID:12960
- C:\Windows\System\Jqgnenz.exe
  C:\Windows\System\Jqgnenz.exe
  2⤵
  PID:13000
- C:\Windows\System\gUFeSSa.exe
  C:\Windows\System\gUFeSSa.exe
  2⤵
  PID:13024
- C:\Windows\System\JtIoKGG.exe
  C:\Windows\System\JtIoKGG.exe
  2⤵
  PID:13048
- C:\Windows\System\uNgROiv.exe
  C:\Windows\System\uNgROiv.exe
  2⤵
  PID:13076
- C:\Windows\System\fAhlmFc.exe
  C:\Windows\System\fAhlmFc.exe
  2⤵
  PID:13100
- C:\Windows\System\PzfhZZh.exe
  C:\Windows\System\PzfhZZh.exe
  2⤵
  PID:13128
- C:\Windows\System\aBLrxpi.exe
  C:\Windows\System\aBLrxpi.exe
  2⤵
  PID:13148
- C:\Windows\System\ZQqOYUM.exe
  C:\Windows\System\ZQqOYUM.exe
  2⤵
  PID:13176
- C:\Windows\System\tlbaCAd.exe
  C:\Windows\System\tlbaCAd.exe
  2⤵
  PID:13256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yfdcvvjp.4j2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AhUCiOK.exe

Filesize
2.3MB

MD5
cbdc76dc9327815a7943628cab8dd0ee

SHA1
80c940814bd8dde0591f524380ac0ac0d0242346

SHA256
caf847981dce0180a3ccc504125d1bd29d4de11159235d8a6d4252eb023301a3

SHA512
9373d171465590f3d939c6048cd05a0eb9cf0a0a7eb2b7d5c43bff2577e128fb8a33bfca237ef8890eb1181a079f5b6a0cf2aa063f114ab19df9153fb7bd7c8c

Download Submit
C:\Windows\System\BBZfTtk.exe

Filesize
2.3MB

MD5
31f1d4b88c3ed1930c0267cc35fa24b6

SHA1
376f3d7d9a7955a7f4e2c1f69c78b430f91ad290

SHA256
122dd37521243ab64f997864af9daad4c2e9c8b61dd48a129c48ccbd512eea1d

SHA512
1f29420f94df8c89e8df690df8e51c9cd0874652c1869590b62cc3f75a0685e7d31062603a91ebcd851926e231a72a76a822b13555ed1a633874bb79782e8d2d

Download Submit
C:\Windows\System\BbRwUFb.exe

Filesize
2.3MB

MD5
0f103a2b264da3b0a6889236777b10b9

SHA1
29cda0393df79b0030502660b402f2dc042c727e

SHA256
d487e528e693a8f20d82571963007cab63e1b5cbddc9ce7fc2af2a230ea25e83

SHA512
dbbc6a3068aaa3fa3300333856f54d783f6a4ec08abb55ee912cef6858740b48c6e6230a54e82343616dcf847d7d61d32dcaaf8fb0a069cf59c69c071d81be36

Download Submit
C:\Windows\System\CHnKttM.exe

Filesize
2.3MB

MD5
982ab51120b04b841a088da9cc66a773

SHA1
1a2177df8e14283fae59d587d4ece648bdd13711

SHA256
96ba8dbc8db9ee40e8856923a7fcf2b3d8d0e5fed31253e3af0b2b27c02a613e

SHA512
81d927cb1225c775732275ebdd8eba515bbbca5fcb3c1876905c2e1c327ba11c0c06ac0030ea69e2de40633949d7ecc947ed18e2e2e29b15cb7a792d176b745d

Download Submit
C:\Windows\System\CiuVBIV.exe

Filesize
2.3MB

MD5
4399a5aabfab99a63ac29b732894c774

SHA1
e559357143c2a9edd8e4b670df87788bb77730f6

SHA256
5671ec93c8359b8a6210d2d403e076a6d6215188c01c2cb88ecadbfac60dbf4d

SHA512
28ed3f576a057e85ead639ef3b1861a24180102e9f6c40e3f7b347818b14583888310ad2a40da70cfd541910737f610ddbc6bd64f91560c46cafe75fc610fe96

Download Submit
C:\Windows\System\DBCddic.exe

Filesize
2.3MB

MD5
35f9c889fe3926b009083ad13ebb7d33

SHA1
e9a802ca419ffe443c58895f7eb20e28dfe13b36

SHA256
da0d2c6d830150095c6c12e1c11fcb3ce28528ce746355cbfe59690cd0bc22ee

SHA512
0605b391b0ed25052ad6dfc4a7426ac0b416b655fbbd7e84c88da415a093838828afd363583d4a4a1ec6c62a5ac8ec8722598d9402b17854eb5934562c69d918

Download Submit
C:\Windows\System\DZKNiUP.exe

Filesize
2.3MB

MD5
7e0e6f211f68845a3155b212c884ac5f

SHA1
9e73ddb897c49474aa73bd13f0d6eced56638b39

SHA256
e03fd27f126ae9ad951099e662a592b7eaa9e667eac670a023126fb44365544b

SHA512
787b9729690720b4ce835bb0baf0dc4cbd0ef7f2085b0df51426a8d429e7d93be2b1a6d697d35259271cd9ae6454f7529ec51bed871a2e33bc0b2fd97eb5a57e

Download Submit
C:\Windows\System\GvPIewH.exe

Filesize
2.3MB

MD5
2c5a6ab954e21333887376f6b7c7dc2d

SHA1
eb361bc1c232cafb41aadf415c80376f961c43ca

SHA256
ff75dc49b6b6ff35029f789ed1b8085e699b3d0bd0a3364adb4aa4f0c9ee150e

SHA512
051dc94ccebe47c68847dd8c96f81ae53f45ef20cb543beb62c264be4c0375b263b4e331c5d19a6b26370ebe349d21e4e7210b504a7fdece905523129b5752bb

Download Submit
C:\Windows\System\HbPARAu.exe

Filesize
2.3MB

MD5
6e48524fe7757ef17d7293d2a9eeb417

SHA1
e19881f2029ba02ba79795eb5b93399947860ddb

SHA256
22bc00387b4301bbc2d7e304a3fde43ac2819a3e09d0be023eea4ac563e5fe07

SHA512
cf15ea4adad68db2e5a9aa40766019e0ce80e18232e8d662f1e548c29b9f819eaa8f55fe849972030346a0476ba13d888ff5a6f89901ffa81ddee3e1efbd06ed

Download Submit
C:\Windows\System\KmOKLFM.exe

Filesize
2.3MB

MD5
8d8649262bcf27fe9caef8c7f9530b11

SHA1
774123647e4cb33fb13d959b41b263dca77ff136

SHA256
455be7d3d9e5f70719973b0d1600a317a99dd3057fe9d3671e0af5a6b0534057

SHA512
35754d432dd1d7a207663d75880ab9b8454bc3b06683969dac4f8048755ab67a47529e948acac483cd9fc77869e4bfedf15e34c80451ae1b97b2ac21445ae923

Download Submit
C:\Windows\System\ODDUwmy.exe

Filesize
2.3MB

MD5
b05dda633082d680757cfb100ec4c7da

SHA1
3873a4a13d0ab2698c0445ab52722d953ad38280

SHA256
24a8029ff025cb8340e1cca2ff473ddae858845d0d12945ff4998e5da0ae0eee

SHA512
0c218be316b3a371b3a47c6e84c77d51bf5c9c23f33919a73819e89d851f2282e79b4db0a17e6d42229b1954aeec8e5a30be6780f72004cfae616ddc42fafcb0

Download Submit
C:\Windows\System\TCKdBzi.exe

Filesize
2.3MB

MD5
22818c780ed0879352be9462d07d5c44

SHA1
b7721f78d9c496f963ab0980dcc75faaf4d3a96c

SHA256
9dfab63e75eae5f159779ed333129e22f275fb7ba119919db64c605ce6a49d7b

SHA512
178d5fe7e366f918ffc29d737028e4c031c14e3c46b8408f347196c01439a07c0e84b2081f9995949c8bb4da2fde95cf320220d46927ed3089a4b6c7e2f02593

Download Submit
C:\Windows\System\XMpTdwv.exe

Filesize
2.3MB

MD5
00349cb3199820e3243f2ca7470c19aa

SHA1
63a3d11d00b5b74b0f19e091e0144a86a3c74faa

SHA256
54a2db37267b39da429f7c0a5ef54e798ffb6b65b7c97779dd01234bf99f0830

SHA512
28f864bbcad987d387b5c828d307d33b6d1399c07be18c1e85079fd99fe49e3f1215a9c09f903b02c8be82281e283b26a43d441fe5d2f97fbd1cbe8865dfed78

Download Submit
C:\Windows\System\YssAUdR.exe

Filesize
2.3MB

MD5
99f35572a2939ce20593ea0d412dde74

SHA1
28efb53ab578929829d58dd0c9d74bcfbb8233a9

SHA256
a1d27292b5e27bc85f119241f1d2ab35c703ef25f840ba400365340744b6c11b

SHA512
890b48a88b109c52e13700fd507fa2d7b7540b0f76638ca4d0e76b82085dcc6e1309f12fc01eea9f1954842b073469cf0712c6df6f1a9eda72e7283811e2889d

Download Submit
C:\Windows\System\aEAlxNw.exe

Filesize
2.3MB

MD5
e687c946439e233c84df06792d7e5652

SHA1
2d2fae9f5b8167b158fd24cc55d8576623cb1792

SHA256
a097fd81a0462b5bbcf402e9458c8c5ee8af5936c472eeb080f6e88176301ede

SHA512
266b54faa2834b6aa311296c16e8801bb734301c82c35fe56aeeb9ab0df77c727fb764f11ddd32620c742be9726a04bfca3d67b68835f2cfaf8f1860e1b2f4ec

Download Submit
C:\Windows\System\bFmFjAb.exe

Filesize
2.3MB

MD5
146e8fba613bac11458180e4e9b39282

SHA1
80dc4b616057b0084e6ccd444398ee6142594c55

SHA256
732525413b47ac0db5b244ca31bc2a00a2d11300b3034f42176d9fce782bbad3

SHA512
0e66ecab019b495d0df8bb441939b0665ce884571448c45ef80f42780706e17c3268efccf8adb7a09133beab5c399595cd07e11406072741be02572378008575

Download Submit
C:\Windows\System\bnCscwZ.exe

Filesize
2.3MB

MD5
2a040bfe7e3c119d4aa8d4d63ebe2d6b

SHA1
01fda317bc0decafbc3775114cf217e21cccc968

SHA256
c0d4a0a0a91f4e4c335c059762034d243559c11a2e63107d66b39fbcb485ff0a

SHA512
6e6be456cd47d86e9918c99ef06542f2fa4658e53e3c1aeeb11ad969daf216ec6df419a8d66c5325fd303e0be5ee1d3322c5e74ca6cde3ec355503a84c51d4ea

Download Submit
C:\Windows\System\cKqgzSL.exe

Filesize
2.3MB

MD5
83f0efcceb2acfb2388d988ebc2f0c65

SHA1
43d580e1c56b05d805c5bb4ab9ff084bd6ed6750

SHA256
e2ce0f6ffd2fbd7991a987f0427ce0caec68a902d08792f9e68d4ddd428fcafa

SHA512
a3d46d0d19f775b3f2bc0391bdbeb92866c57127f24f80a4e45eddc996be23d72c196c8f97206f74e30a30bd5b6b1e8179139884b3f944073e9703dff70ebed1

Download Submit
C:\Windows\System\ceohzdO.exe

Filesize
2.3MB

MD5
27af95c11d71437733690e43403475ac

SHA1
09aaeef7270d60ed3ec64124f5f8eeda10981485

SHA256
32b2c7a7dd8be7e0b01a46a0bb7bd63ef152b669a04df48b2a346fb2545d23ae

SHA512
d876d70be6ee8188d06a2af78aebd3e6a865fe3b426a5c53ecb944b79945ce05908f0a3c914663054a792866ac8df7e39fd26243c5f6125d13434d7b841d4759

Download Submit
C:\Windows\System\gXOPtCC.exe

Filesize
2.3MB

MD5
ea440cff10f3700a49147b005dafc21f

SHA1
cb0c9eb03fc098bdc91e0f488622d5e71739a6f4

SHA256
cb618774ee3baba7a94890acfa6cfa022491ff1db90c18477b3415e63d992ac5

SHA512
3d6add4cd6b502894cdeca4aeed866ca5e4771c1fdec11155ccda09c8f5417d17a5f3f4c9efb47e9707f9364f580be9e13f97da1013c95a1dc0d8643d61415dc

Download Submit
C:\Windows\System\gfaUyMe.exe

Filesize
2.3MB

MD5
d8449b04bc5fca0af797721da42b4e1e

SHA1
e4a689aa1d3a4087ece4a43bfb89e8a90fae0088

SHA256
47769612d74462475429e0ff84f247d6a9a74de4b330f5becb36f1e340fbc0c6

SHA512
99848e2d195f6fd378804d5a1ebc04c4ca601dddf5bdc44df54e6da4618ab3abedc4cfb8262f95243d0e231feab647467784163f1a2057b6737412ca2061a872

Download Submit
C:\Windows\System\hcRXFjn.exe

Filesize
2.3MB

MD5
ecedfbb32ac3356d421cb0c96e2dbe45

SHA1
e6f91058b36d24b51c45c0ce13ab904a11e26b7a

SHA256
e43db54c606f0fa42590c41639934daca850ecbbe216c1ee1b7f73121a59e39d

SHA512
979e5775a15e0c92dcf79641acf281b1856b97e1f92fdfd777f3e5ead6ed4a77bf2251017de60cf6191176c86d176fe6e27b9df1256f05e772f0df44edbcd2e0

Download Submit
C:\Windows\System\iHadXqZ.exe

Filesize
2.3MB

MD5
a9b7c76e336da48b4160f797ffbeb9bd

SHA1
a7a07d041c421a7499d72c24426c715a302f1949

SHA256
598a15140cc286834b5949def9fc902abdd7bc771d3ea815696680d9c8721839

SHA512
cd29e562a3a82897cc9cba0b4ceb97625849f35cf42efdf45f14ceed60e065ac247d88d5f3f74979e198be85629e97ba7c71d604825f129420d4691ae560c4b1

Download Submit
C:\Windows\System\jzVflqZ.exe

Filesize
2.3MB

MD5
9460cec7635f31e69ab6708088bbe0f3

SHA1
796e25bc2a7a3b3a07af9187abf61b55c6224154

SHA256
82b127d6fcced52d22e59bb9200cc1f74a7535a37fcc305e276f23767de966f2

SHA512
211ead9858c424029b7ee8e72581bf9dda854449733e98b44f24a277ebadb6ffe5860b9ecbd6332875069f8c9f242649897a74ec50ed05786e713ad25a6d5bc4

Download Submit
C:\Windows\System\lyYnzVs.exe

Filesize
2.3MB

MD5
3843e486895c5fd9b505c6dc2b6ea266

SHA1
da2e5d4b11b942a87acbba413b64cb77af4b1525

SHA256
f8eba5386c6ab3827111e73ffe8cf6c1a689bfe1271a537e138650adf397860f

SHA512
09dc98c1762040002c1d8684dbc0306dbb4f32cec3cad6b90e6ab088210917e46030cba98f85276a1a623ae4a2316af95a36172f34865e80d914a98fdc42fd7b

Download Submit
C:\Windows\System\mXrrlpf.exe

Filesize
2.3MB

MD5
70248038070eb48c53c6559cebd9c9f1

SHA1
3305a97e6103bcd23421c4add3628f022727d9c4

SHA256
43418e352b64f16ee9d8df204fb1bc55f05d8a8a55b1125ccb6761bad2960863

SHA512
4deb30066be95b047ac82ad15b2834d1e578bfbdb989292a14a1fe8530954dd593d7277aed2d7bb546c99b6d76783467e45f4b4202fe989d487ddbf313b0bbab

Download Submit
C:\Windows\System\oFtqISK.exe

Filesize
2.3MB

MD5
6005b9e30d1e92f9932976cb85512412

SHA1
71acfaec636c1511fba0c31f7358626999aeb0e2

SHA256
389d8089e145aa921cd686d6768c367ad46e3581f60289121cc987030943ff23

SHA512
1dfeb4721e8d2afbe06f8c48a3a52b8ede40d2b93dbf6a01dea5ebd948fc16f8a9c21cb66655cbb36f8f33d4f54bbb87b74c9de3c7c1e3514ff3a3888dd25468

Download Submit
C:\Windows\System\olbvzGG.exe

Filesize
2.3MB

MD5
371eb1ad72a5dfbe164622847ca806d9

SHA1
cae55194bb164c218972d67fa214098216ae88c9

SHA256
32d710877c51963501cd76d7b9c011160cd5c98b4b38d7497f391374ec69a0bf

SHA512
87c67493583dda92b5f3fdd12aa6ffff8098c906e24a1b3c2065658541a00d6e03f1de86b86afbb78a2e81bd5b99c9381149460422b2c26ff9cc0fee4a9792fc

Download Submit
C:\Windows\System\pdULZWX.exe

Filesize
2.3MB

MD5
35fa5bf306bf89d33718d199fbc40416

SHA1
6395c3015543f529c2ea12a8dd4c9b556c17c100

SHA256
63d61f4ae2c72f3acfd8d46c2aef27a2dae192759edd0e4e7706b19f76f92b3a

SHA512
bac9795df0604dcdb101c6f3ec7aa5d80eee3862ed07e4c4dc4689529229bd53a47606452e6c5d71a78730775d0e290ba916539902da5eed1ccf9e108d5ef0ed

Download Submit
C:\Windows\System\qNivvJc.exe

Filesize
2.3MB

MD5
ed1e4bb974552a836be18e40bca28684

SHA1
a51b7aa8378d536772f8f4f36a622b9034766434

SHA256
013771233641cd93aa8590941673745997af0f566c9dbce58344482cc0d807d2

SHA512
2dda81d88be5962495e9b3fa31aa59d7fa19bf0aa669a0b6ada9121c00ca34731714a19ae7de8558bdf8e21baf53943df12100416929731861aa587a3314eac6

Download Submit
C:\Windows\System\qRzSHLQ.exe

Filesize
2.3MB

MD5
1cd627d1f4395b992f9e41acbc41d886

SHA1
173096e877384321d9c3a2e78abf0b1add4026bf

SHA256
1cf4c7fe78d07b677beafaf06af8da3d25e94006a6b3317cb94f0a3cd028b29d

SHA512
519a890561656f08f22d0392d69ea0382996111da55b6c2e51aff4761575ff919fc9209e52c154dc55fbc8db54d9ad643b38320b363ded0a612f9b579c3bf71e

Download Submit
C:\Windows\System\rLRwEhQ.exe

Filesize
2.3MB

MD5
eedc431bf6c4965e8966b837634192ef

SHA1
443572275ee09b77103623634af401a60ba8e9c3

SHA256
ffae1fcffb865a22035baf5a52a08daeaaa71cf90dbb93dd2d9da0b1405c6327

SHA512
257fbdf5beb5f1e0947de75835916741a9c09da3cf4870132f894e37e888ac9cde8392570c1ff5c021cc1233df78a479c71eb55cbd47f44a0df019b5da405a05

Download Submit
C:\Windows\System\rXQZTJq.exe

Filesize
2.3MB

MD5
1d3c62a57d1a695d7dacdb574df8f51a

SHA1
211241b7fa82d85c418c0b1be62892a010661823

SHA256
3a668efe277c7d5737d90dc593accaace20f63a05504d388e82b52e58d6f98cd

SHA512
4edb8f9d12aa01e40ee08b458de5c7a8e52f38fb3af8ee7131f698d1767f90acef2981295f3536dac4b9a530221911679d880eb2894136aa8714114f80268896

Download Submit
C:\Windows\System\sqtkpLn.exe

Filesize
2.3MB

MD5
00b4b9abcb1e072cdfc519f1019fd793

SHA1
2d671e48318105aecd8c6749131dba60c636fad0

SHA256
f37955204a57c103c9f4ba759ae91923f417e5213ec672da9cd1a812a9e7f8a2

SHA512
e36b1310df0b0bd4bb679c73fef1ebe11810308a82d2537496d6fa1c8bb9feb2dad4fc25d804f44700ab5127d34e2edfde19bf42da4ea602e31e50e432a1eca1

Download Submit
C:\Windows\System\wcnaJGd.exe

Filesize
2.3MB

MD5
6cd4c0601b7afe6db2802d12ee7c9ccd

SHA1
e163115370762662cb9846054308587185197bf1

SHA256
d5db2837c9857ac3e9f8efb1bb4a15baf1d72297746bc752514509bbd76c252e

SHA512
a1c5cbeab271d069e8f789666e8f044fb7d88c6e2f1ce5357797970686506372ebaef65909740608f6f026a859d07427db2d44d9763a0a5a6433126341895381

Download Submit
C:\Windows\System\xOAHUHu.exe

Filesize
2.3MB

MD5
53301efe18a998ae1593e1b4298bee11

SHA1
27b624340f6470c6653f589b89ab7d8083df4a0c

SHA256
54e2c830999c672ddfc7cc4ff380e051f459448658e1ab5fa2fca3086a7d2ca1

SHA512
600eddcc97636ead3d55b0e0255b0f3bfde7aa60d279ba5f8b2601bc573f9afce5bf3cbc61d910dd7702e2ba1aab1cb21522aa97ae3bbdf49d0ac76d090fc8c9

Download Submit
C:\Windows\System\yJoVekX.exe

Filesize
2.3MB

MD5
59e385c6f83f979bf7fd8176112edec5

SHA1
31ec8c1150ef8b70e340e226bace5052b3855678

SHA256
f8633b17bdb1331f52d735a6a0150c002ce40b981fdae5b26d41abfface50d00

SHA512
51e89d5c4f50815e79c454d4bac7b58e1389f4b8afad7a1779f144463ec5110b3f0d3397a1cdff282c6248d43f497723bca296c3340472a8315ab46873ce9144

Download Submit
memory/376-183-0x00007FF72B090000-0x00007FF72B482000-memory.dmp

Filesize
3.9MB

Download
memory/376-2384-0x00007FF72B090000-0x00007FF72B482000-memory.dmp

Filesize
3.9MB

Download
memory/612-101-0x00007FF786180000-0x00007FF786572000-memory.dmp

Filesize
3.9MB

Download
memory/612-2336-0x00007FF786180000-0x00007FF786572000-memory.dmp

Filesize
3.9MB

Download
memory/780-2393-0x00007FF7B7E30000-0x00007FF7B8222000-memory.dmp

Filesize
3.9MB

Download
memory/780-253-0x00007FF7B7E30000-0x00007FF7B8222000-memory.dmp

Filesize
3.9MB

Download
memory/872-9-0x00007FF746D60000-0x00007FF747152000-memory.dmp

Filesize
3.9MB

Download
memory/872-89-0x00007FF746D60000-0x00007FF747152000-memory.dmp

Filesize
3.9MB

Download
memory/872-2296-0x00007FF746D60000-0x00007FF747152000-memory.dmp

Filesize
3.9MB

Download
memory/1140-2309-0x00007FF7F2F00000-0x00007FF7F32F2000-memory.dmp

Filesize
3.9MB

Download
memory/1140-232-0x00007FF7F2F00000-0x00007FF7F32F2000-memory.dmp

Filesize
3.9MB

Download
memory/1140-39-0x00007FF7F2F00000-0x00007FF7F32F2000-memory.dmp

Filesize
3.9MB

Download
memory/1300-60-0x00000200751F0000-0x0000020075996000-memory.dmp

Filesize
7.6MB

Download
memory/1300-59-0x0000020074640000-0x0000020074662000-memory.dmp

Filesize
136KB

Download
memory/1604-167-0x00007FF657250000-0x00007FF657642000-memory.dmp

Filesize
3.9MB

Download
memory/1604-2302-0x00007FF657250000-0x00007FF657642000-memory.dmp

Filesize
3.9MB

Download
memory/1604-22-0x00007FF657250000-0x00007FF657642000-memory.dmp

Filesize
3.9MB

Download
memory/1732-105-0x00007FF7C20B0000-0x00007FF7C24A2000-memory.dmp

Filesize
3.9MB

Download
memory/1732-2337-0x00007FF7C20B0000-0x00007FF7C24A2000-memory.dmp

Filesize
3.9MB

Download
memory/1820-235-0x00007FF652680000-0x00007FF652A72000-memory.dmp

Filesize
3.9MB

Download
memory/1820-2388-0x00007FF652680000-0x00007FF652A72000-memory.dmp

Filesize
3.9MB

Download
memory/1828-2175-0x00007FF601390000-0x00007FF601782000-memory.dmp

Filesize
3.9MB

Download
memory/1828-2333-0x00007FF601390000-0x00007FF601782000-memory.dmp

Filesize
3.9MB

Download
memory/1828-80-0x00007FF601390000-0x00007FF601782000-memory.dmp

Filesize
3.9MB

Download
memory/2000-94-0x00007FF741F50000-0x00007FF742342000-memory.dmp

Filesize
3.9MB

Download
memory/2000-2332-0x00007FF741F50000-0x00007FF742342000-memory.dmp

Filesize
3.9MB

Download
memory/2136-83-0x00007FF622940000-0x00007FF622D32000-memory.dmp

Filesize
3.9MB

Download
memory/2136-0-0x00007FF622940000-0x00007FF622D32000-memory.dmp

Filesize
3.9MB

Download
memory/2136-1-0x000001C1F7AC0000-0x000001C1F7AD0000-memory.dmp

Filesize
64KB

Download
memory/2224-2304-0x00007FF736440000-0x00007FF736832000-memory.dmp

Filesize
3.9MB

Download
memory/2224-46-0x00007FF736440000-0x00007FF736832000-memory.dmp

Filesize
3.9MB

Download
memory/2280-2340-0x00007FF79AA00000-0x00007FF79ADF2000-memory.dmp

Filesize
3.9MB

Download
memory/2280-99-0x00007FF79AA00000-0x00007FF79ADF2000-memory.dmp

Filesize
3.9MB

Download
memory/2328-128-0x00007FF7364A0000-0x00007FF736892000-memory.dmp

Filesize
3.9MB

Download
memory/2328-2344-0x00007FF7364A0000-0x00007FF736892000-memory.dmp

Filesize
3.9MB

Download
memory/2328-2252-0x00007FF7364A0000-0x00007FF736892000-memory.dmp

Filesize
3.9MB

Download
memory/2456-123-0x00007FF7274E0000-0x00007FF7278D2000-memory.dmp

Filesize
3.9MB

Download
memory/2456-2349-0x00007FF7274E0000-0x00007FF7278D2000-memory.dmp

Filesize
3.9MB

Download
memory/2512-2385-0x00007FF790D20000-0x00007FF791112000-memory.dmp

Filesize
3.9MB

Download
memory/2512-217-0x00007FF790D20000-0x00007FF791112000-memory.dmp

Filesize
3.9MB

Download
memory/3024-2346-0x00007FF708A50000-0x00007FF708E42000-memory.dmp

Filesize
3.9MB

Download
memory/3024-124-0x00007FF708A50000-0x00007FF708E42000-memory.dmp

Filesize
3.9MB

Download
memory/3032-16-0x00007FF7DC630000-0x00007FF7DCA22000-memory.dmp

Filesize
3.9MB

Download
memory/3032-2298-0x00007FF7DC630000-0x00007FF7DCA22000-memory.dmp

Filesize
3.9MB

Download
memory/3032-120-0x00007FF7DC630000-0x00007FF7DCA22000-memory.dmp

Filesize
3.9MB

Download
memory/3136-2300-0x00007FF77EDF0000-0x00007FF77F1E2000-memory.dmp

Filesize
3.9MB

Download
memory/3136-214-0x00007FF77EDF0000-0x00007FF77F1E2000-memory.dmp

Filesize
3.9MB

Download
memory/3136-25-0x00007FF77EDF0000-0x00007FF77F1E2000-memory.dmp

Filesize
3.9MB

Download
memory/3192-119-0x00007FF6D3230000-0x00007FF6D3622000-memory.dmp

Filesize
3.9MB

Download
memory/3192-2348-0x00007FF6D3230000-0x00007FF6D3622000-memory.dmp

Filesize
3.9MB

Download
memory/3860-2389-0x00007FF708FE0000-0x00007FF7093D2000-memory.dmp

Filesize
3.9MB

Download
memory/3860-2274-0x00007FF708FE0000-0x00007FF7093D2000-memory.dmp

Filesize
3.9MB

Download
memory/3860-189-0x00007FF708FE0000-0x00007FF7093D2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-2351-0x00007FF6CA7E0000-0x00007FF6CABD2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-2273-0x00007FF6CA7E0000-0x00007FF6CABD2000-memory.dmp

Filesize
3.9MB

Download
memory/4196-129-0x00007FF6CA7E0000-0x00007FF6CABD2000-memory.dmp

Filesize
3.9MB

Download
memory/4320-31-0x00007FF66EAA0000-0x00007FF66EE92000-memory.dmp

Filesize
3.9MB

Download
memory/4320-2306-0x00007FF66EAA0000-0x00007FF66EE92000-memory.dmp

Filesize
3.9MB

Download
memory/4320-168-0x00007FF66EAA0000-0x00007FF66EE92000-memory.dmp

Filesize
3.9MB

Download
memory/4392-2341-0x00007FF799860000-0x00007FF799C52000-memory.dmp

Filesize
3.9MB

Download
memory/4392-1179-0x00007FF799860000-0x00007FF799C52000-memory.dmp

Filesize
3.9MB

Download
memory/4392-75-0x00007FF799860000-0x00007FF799C52000-memory.dmp

Filesize
3.9MB

Download
memory/4452-2310-0x00007FF608060000-0x00007FF608452000-memory.dmp

Filesize
3.9MB

Download
memory/4452-64-0x00007FF608060000-0x00007FF608452000-memory.dmp

Filesize
3.9MB

Download