xmrig | 233a51f1da7ce902b87328a2b0033b51031502f3af370d30846d8ac153759a73

Analysis

max time kernel
95s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 02:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4bb002040f8036b93da4449d909c7210N.exe
Size

2.3MB
MD5

4bb002040f8036b93da4449d909c7210
SHA1

cb8a637fe77882016515112eb001349a0fa12f04
SHA256

233a51f1da7ce902b87328a2b0033b51031502f3af370d30846d8ac153759a73
SHA512

3a8856bbecd2591b61d2c31b3c17bb60fed861f82857a810c07c773a7893e4387fb63ce8ffc656b87dabe9e118851fdeebe5110b9e191ae3259aeef2334bc3e0
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleL+w3:NABu

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/628-25-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp	xmrig
behavioral2/memory/4572-59-0x00007FF766A40000-0x00007FF766E32000-memory.dmp	xmrig
behavioral2/memory/2724-431-0x00007FF7A8A50000-0x00007FF7A8E42000-memory.dmp	xmrig
behavioral2/memory/2300-430-0x00007FF6802D0000-0x00007FF6806C2000-memory.dmp	xmrig
behavioral2/memory/4132-432-0x00007FF7649E0000-0x00007FF764DD2000-memory.dmp	xmrig
behavioral2/memory/1284-433-0x00007FF7ECAA0000-0x00007FF7ECE92000-memory.dmp	xmrig
behavioral2/memory/4564-434-0x00007FF6F7A30000-0x00007FF6F7E22000-memory.dmp	xmrig
behavioral2/memory/2932-435-0x00007FF668E10000-0x00007FF669202000-memory.dmp	xmrig
behavioral2/memory/1316-436-0x00007FF77ECE0000-0x00007FF77F0D2000-memory.dmp	xmrig
behavioral2/memory/1036-438-0x00007FF74A2E0000-0x00007FF74A6D2000-memory.dmp	xmrig
behavioral2/memory/2956-441-0x00007FF6E3540000-0x00007FF6E3932000-memory.dmp	xmrig
behavioral2/memory/4092-440-0x00007FF6A21F0000-0x00007FF6A25E2000-memory.dmp	xmrig
behavioral2/memory/780-442-0x00007FF618670000-0x00007FF618A62000-memory.dmp	xmrig
behavioral2/memory/3556-443-0x00007FF74CE70000-0x00007FF74D262000-memory.dmp	xmrig
behavioral2/memory/4344-444-0x00007FF65E230000-0x00007FF65E622000-memory.dmp	xmrig
behavioral2/memory/4716-439-0x00007FF7AF080000-0x00007FF7AF472000-memory.dmp	xmrig
behavioral2/memory/1736-437-0x00007FF6DCF50000-0x00007FF6DD342000-memory.dmp	xmrig
behavioral2/memory/3988-448-0x00007FF6F64C0000-0x00007FF6F68B2000-memory.dmp	xmrig
behavioral2/memory/1896-459-0x00007FF766E40000-0x00007FF767232000-memory.dmp	xmrig
behavioral2/memory/2496-452-0x00007FF64A430000-0x00007FF64A822000-memory.dmp	xmrig
behavioral2/memory/1296-472-0x00007FF7E7AF0000-0x00007FF7E7EE2000-memory.dmp	xmrig
behavioral2/memory/1904-473-0x00007FF7505A0000-0x00007FF750992000-memory.dmp	xmrig
behavioral2/memory/5112-468-0x00007FF6CAF00000-0x00007FF6CB2F2000-memory.dmp	xmrig
behavioral2/memory/4436-48-0x00007FF730440000-0x00007FF730832000-memory.dmp	xmrig
behavioral2/memory/628-2193-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp	xmrig
behavioral2/memory/628-2201-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp	xmrig
behavioral2/memory/4436-2203-0x00007FF730440000-0x00007FF730832000-memory.dmp	xmrig
behavioral2/memory/1896-2205-0x00007FF766E40000-0x00007FF767232000-memory.dmp	xmrig
behavioral2/memory/2300-2209-0x00007FF6802D0000-0x00007FF6806C2000-memory.dmp	xmrig
behavioral2/memory/4572-2208-0x00007FF766A40000-0x00007FF766E32000-memory.dmp	xmrig
behavioral2/memory/1284-2211-0x00007FF7ECAA0000-0x00007FF7ECE92000-memory.dmp	xmrig
behavioral2/memory/1296-2216-0x00007FF7E7AF0000-0x00007FF7E7EE2000-memory.dmp	xmrig
behavioral2/memory/2724-2219-0x00007FF7A8A50000-0x00007FF7A8E42000-memory.dmp	xmrig
behavioral2/memory/4564-2221-0x00007FF6F7A30000-0x00007FF6F7E22000-memory.dmp	xmrig
behavioral2/memory/4132-2214-0x00007FF7649E0000-0x00007FF764DD2000-memory.dmp	xmrig
behavioral2/memory/5112-2218-0x00007FF6CAF00000-0x00007FF6CB2F2000-memory.dmp	xmrig
behavioral2/memory/4092-2244-0x00007FF6A21F0000-0x00007FF6A25E2000-memory.dmp	xmrig
behavioral2/memory/4716-2245-0x00007FF7AF080000-0x00007FF7AF472000-memory.dmp	xmrig
behavioral2/memory/2496-2250-0x00007FF64A430000-0x00007FF64A822000-memory.dmp	xmrig
behavioral2/memory/2956-2242-0x00007FF6E3540000-0x00007FF6E3932000-memory.dmp	xmrig
behavioral2/memory/780-2240-0x00007FF618670000-0x00007FF618A62000-memory.dmp	xmrig
behavioral2/memory/3556-2238-0x00007FF74CE70000-0x00007FF74D262000-memory.dmp	xmrig
behavioral2/memory/4344-2236-0x00007FF65E230000-0x00007FF65E622000-memory.dmp	xmrig
behavioral2/memory/3988-2233-0x00007FF6F64C0000-0x00007FF6F68B2000-memory.dmp	xmrig
behavioral2/memory/1316-2230-0x00007FF77ECE0000-0x00007FF77F0D2000-memory.dmp	xmrig
behavioral2/memory/2932-2228-0x00007FF668E10000-0x00007FF669202000-memory.dmp	xmrig
behavioral2/memory/1036-2224-0x00007FF74A2E0000-0x00007FF74A6D2000-memory.dmp	xmrig
behavioral2/memory/1904-2232-0x00007FF7505A0000-0x00007FF750992000-memory.dmp	xmrig
behavioral2/memory/1736-2225-0x00007FF6DCF50000-0x00007FF6DD342000-memory.dmp	xmrig

Blocklisted process makes network request 9 IoCs

flow	pid	Process
3	3256	powershell.exe
5	3256	powershell.exe
9	3256	powershell.exe
10	3256	powershell.exe
13	3256	powershell.exe
14	3256	powershell.exe
16	3256	powershell.exe
19	3256	powershell.exe
20	3256	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3256	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
628	ZiLbPds.exe
4436	CCopooS.exe
1896	yoVVSkb.exe
4572	EwdOMir.exe
2300	GMyjTPG.exe
2724	YupSfHH.exe
5112	fnWwfUW.exe
1296	kXCDoVu.exe
4132	rYfuLSO.exe
1284	SmXiMMc.exe
4564	vmlDNNY.exe
1904	lXYbvSE.exe
2932	yYGhMuZ.exe
1316	TxHyqEZ.exe
1736	WYyGItD.exe
1036	SFbHqfF.exe
4716	DgzrJCE.exe
4092	frAHjLM.exe
2956	LOJqKLL.exe
780	eZGrcOI.exe
3556	PTHfpmI.exe
4344	EYWkDIC.exe
3988	CXtmSsZ.exe
2496	uoIWgqk.exe
3732	UQpIrIh.exe
3480	NgWcojS.exe
1820	FvLIrCa.exe
1208	fpQtQEK.exe
2192	aoBDfDU.exe
1272	dCQeqck.exe
2588	WbbsqJm.exe
2060	nhClCUU.exe
772	NVaJmbe.exe
3452	TQrlOSq.exe
2208	gTuVKOH.exe
5088	JldavXn.exe
2248	NmMqpsz.exe
1580	XORzUlH.exe
1572	LqrEgAb.exe
4996	gNfgZRM.exe
4568	ViJTzpl.exe
2252	LuHwQMg.exe
4444	ZmcjYOp.exe
3080	erYBDmB.exe
2800	ebwDvZN.exe
4348	sWvTykF.exe
4336	DcjDLgb.exe
3484	ZNCRBtc.exe
2804	nawqTTE.exe
3700	uAlqkpF.exe
2980	GNJyPPF.exe
1712	CXtWXRC.exe
1772	aarPCNx.exe
4744	zgVJaBQ.exe
4792	jgdxprd.exe
1056	LSTyIFj.exe
4852	NGsmHLQ.exe
4484	RDCKmOO.exe
1868	zLWGqOe.exe
4292	LQYFwLf.exe
3844	XzWdESV.exe
4068	HUaqciT.exe
1080	UTDlakv.exe
1432	fKDsXOo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4244-0-0x00007FF7AFA60000-0x00007FF7AFE52000-memory.dmp	upx
behavioral2/files/0x0008000000023445-6.dat	upx
behavioral2/files/0x0008000000023448-17.dat	upx
behavioral2/memory/628-25-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp	upx
behavioral2/files/0x0007000000023449-30.dat	upx
behavioral2/files/0x000700000002344c-38.dat	upx
behavioral2/files/0x000800000002344a-52.dat	upx
behavioral2/memory/4572-59-0x00007FF766A40000-0x00007FF766E32000-memory.dmp	upx
behavioral2/files/0x000700000002344f-65.dat	upx
behavioral2/files/0x0007000000023453-79.dat	upx
behavioral2/files/0x0007000000023454-84.dat	upx
behavioral2/files/0x0007000000023456-99.dat	upx
behavioral2/files/0x0007000000023457-104.dat	upx
behavioral2/files/0x000700000002345a-119.dat	upx
behavioral2/files/0x000700000002345f-152.dat	upx
behavioral2/files/0x0007000000023461-162.dat	upx
behavioral2/files/0x0007000000023464-169.dat	upx
behavioral2/memory/2724-431-0x00007FF7A8A50000-0x00007FF7A8E42000-memory.dmp	upx
behavioral2/memory/2300-430-0x00007FF6802D0000-0x00007FF6806C2000-memory.dmp	upx
behavioral2/memory/4132-432-0x00007FF7649E0000-0x00007FF764DD2000-memory.dmp	upx
behavioral2/memory/1284-433-0x00007FF7ECAA0000-0x00007FF7ECE92000-memory.dmp	upx
behavioral2/memory/4564-434-0x00007FF6F7A30000-0x00007FF6F7E22000-memory.dmp	upx
behavioral2/memory/2932-435-0x00007FF668E10000-0x00007FF669202000-memory.dmp	upx
behavioral2/memory/1316-436-0x00007FF77ECE0000-0x00007FF77F0D2000-memory.dmp	upx
behavioral2/memory/1036-438-0x00007FF74A2E0000-0x00007FF74A6D2000-memory.dmp	upx
behavioral2/memory/2956-441-0x00007FF6E3540000-0x00007FF6E3932000-memory.dmp	upx
behavioral2/memory/4092-440-0x00007FF6A21F0000-0x00007FF6A25E2000-memory.dmp	upx
behavioral2/memory/780-442-0x00007FF618670000-0x00007FF618A62000-memory.dmp	upx
behavioral2/memory/3556-443-0x00007FF74CE70000-0x00007FF74D262000-memory.dmp	upx
behavioral2/memory/4344-444-0x00007FF65E230000-0x00007FF65E622000-memory.dmp	upx
behavioral2/memory/4716-439-0x00007FF7AF080000-0x00007FF7AF472000-memory.dmp	upx
behavioral2/memory/1736-437-0x00007FF6DCF50000-0x00007FF6DD342000-memory.dmp	upx
behavioral2/files/0x0007000000023466-179.dat	upx
behavioral2/files/0x0007000000023465-174.dat	upx
behavioral2/files/0x0007000000023463-172.dat	upx
behavioral2/files/0x0007000000023462-167.dat	upx
behavioral2/files/0x0007000000023460-157.dat	upx
behavioral2/files/0x000700000002345e-147.dat	upx
behavioral2/files/0x000700000002345d-142.dat	upx
behavioral2/memory/3988-448-0x00007FF6F64C0000-0x00007FF6F68B2000-memory.dmp	upx
behavioral2/memory/1896-459-0x00007FF766E40000-0x00007FF767232000-memory.dmp	upx
behavioral2/memory/2496-452-0x00007FF64A430000-0x00007FF64A822000-memory.dmp	upx
behavioral2/memory/1296-472-0x00007FF7E7AF0000-0x00007FF7E7EE2000-memory.dmp	upx
behavioral2/memory/1904-473-0x00007FF7505A0000-0x00007FF750992000-memory.dmp	upx
behavioral2/memory/5112-468-0x00007FF6CAF00000-0x00007FF6CB2F2000-memory.dmp	upx
behavioral2/files/0x000700000002345c-137.dat	upx
behavioral2/files/0x000700000002345b-132.dat	upx
behavioral2/files/0x0007000000023459-122.dat	upx
behavioral2/files/0x0007000000023458-117.dat	upx
behavioral2/files/0x0007000000023455-102.dat	upx
behavioral2/files/0x0008000000023446-97.dat	upx
behavioral2/files/0x0007000000023452-82.dat	upx
behavioral2/files/0x0007000000023451-74.dat	upx
behavioral2/files/0x0007000000023450-67.dat	upx
behavioral2/files/0x000700000002344e-58.dat	upx
behavioral2/files/0x000700000002344d-54.dat	upx
behavioral2/memory/4436-48-0x00007FF730440000-0x00007FF730832000-memory.dmp	upx
behavioral2/files/0x000800000002344b-34.dat	upx
behavioral2/memory/628-2193-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp	upx
behavioral2/memory/628-2201-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp	upx
behavioral2/memory/4436-2203-0x00007FF730440000-0x00007FF730832000-memory.dmp	upx
behavioral2/memory/1896-2205-0x00007FF766E40000-0x00007FF767232000-memory.dmp	upx
behavioral2/memory/2300-2209-0x00007FF6802D0000-0x00007FF6806C2000-memory.dmp	upx
behavioral2/memory/4572-2208-0x00007FF766A40000-0x00007FF766E32000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
2	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mTbZFYt.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\tPPBsTI.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\UtjtOzu.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\GCciVSm.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\gipYIbG.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\FvxqnpT.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\vAqQVdx.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\NVakgAV.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\vUTTcub.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\cIJCeSA.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\MXPEKdx.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\prAYDEC.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\jgmOcWA.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\IGRSfXn.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\Ouovtri.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\OksrSHP.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\vMaUXPm.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\fpltssf.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\XmirXlt.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\FYkPCRV.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\BYfZnEN.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\erYBDmB.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\nVNuOxp.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\CxuuRdW.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\WPGqoyc.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\MduQdfq.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\yxvYdGJ.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\rCbEOGB.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\ZyaHDpK.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\HjelWfm.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\Fzmjalt.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\LwXoLvS.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\hBauJpX.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\dSCpZQF.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\FkgUEwj.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\rXWpgah.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\EYWkDIC.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\mjDyVdJ.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\WMmGRaW.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\VHkueta.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\BbEYdhO.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\XORzUlH.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\ZmcjYOp.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\qosofyi.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\RXSNCqt.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\tYoTzVM.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\kurNscy.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\IBgvpML.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\ynEuoKb.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\mJQwUtC.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\zlnKkOx.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\gWcIOne.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\wPNowMg.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\aVzDJMp.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\aaIGMVc.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\ViJTzpl.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\YYuYTCj.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\UxGFjio.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\fyEZvjP.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\HUaqciT.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\yAScRwL.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\vfibYSm.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\QzDXSwM.exe	4bb002040f8036b93da4449d909c7210N.exe
File created	C:\Windows\System\MLPlIFl.exe	4bb002040f8036b93da4449d909c7210N.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3256	powershell.exe
3256	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4244	4bb002040f8036b93da4449d909c7210N.exe
Token: SeLockMemoryPrivilege	4244	4bb002040f8036b93da4449d909c7210N.exe
Token: SeDebugPrivilege	3256	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 3256	4244	4bb002040f8036b93da4449d909c7210N.exe	84
PID 4244 wrote to memory of 3256	4244	4bb002040f8036b93da4449d909c7210N.exe	84
PID 4244 wrote to memory of 628	4244	4bb002040f8036b93da4449d909c7210N.exe	85
PID 4244 wrote to memory of 628	4244	4bb002040f8036b93da4449d909c7210N.exe	85
PID 4244 wrote to memory of 4436	4244	4bb002040f8036b93da4449d909c7210N.exe	86
PID 4244 wrote to memory of 4436	4244	4bb002040f8036b93da4449d909c7210N.exe	86
PID 4244 wrote to memory of 4572	4244	4bb002040f8036b93da4449d909c7210N.exe	87
PID 4244 wrote to memory of 4572	4244	4bb002040f8036b93da4449d909c7210N.exe	87
PID 4244 wrote to memory of 1896	4244	4bb002040f8036b93da4449d909c7210N.exe	88
PID 4244 wrote to memory of 1896	4244	4bb002040f8036b93da4449d909c7210N.exe	88
PID 4244 wrote to memory of 2300	4244	4bb002040f8036b93da4449d909c7210N.exe	89
PID 4244 wrote to memory of 2300	4244	4bb002040f8036b93da4449d909c7210N.exe	89
PID 4244 wrote to memory of 2724	4244	4bb002040f8036b93da4449d909c7210N.exe	90
PID 4244 wrote to memory of 2724	4244	4bb002040f8036b93da4449d909c7210N.exe	90
PID 4244 wrote to memory of 5112	4244	4bb002040f8036b93da4449d909c7210N.exe	91
PID 4244 wrote to memory of 5112	4244	4bb002040f8036b93da4449d909c7210N.exe	91
PID 4244 wrote to memory of 1296	4244	4bb002040f8036b93da4449d909c7210N.exe	92
PID 4244 wrote to memory of 1296	4244	4bb002040f8036b93da4449d909c7210N.exe	92
PID 4244 wrote to memory of 4132	4244	4bb002040f8036b93da4449d909c7210N.exe	93
PID 4244 wrote to memory of 4132	4244	4bb002040f8036b93da4449d909c7210N.exe	93
PID 4244 wrote to memory of 1284	4244	4bb002040f8036b93da4449d909c7210N.exe	94
PID 4244 wrote to memory of 1284	4244	4bb002040f8036b93da4449d909c7210N.exe	94
PID 4244 wrote to memory of 4564	4244	4bb002040f8036b93da4449d909c7210N.exe	95
PID 4244 wrote to memory of 4564	4244	4bb002040f8036b93da4449d909c7210N.exe	95
PID 4244 wrote to memory of 1904	4244	4bb002040f8036b93da4449d909c7210N.exe	96
PID 4244 wrote to memory of 1904	4244	4bb002040f8036b93da4449d909c7210N.exe	96
PID 4244 wrote to memory of 2932	4244	4bb002040f8036b93da4449d909c7210N.exe	97
PID 4244 wrote to memory of 2932	4244	4bb002040f8036b93da4449d909c7210N.exe	97
PID 4244 wrote to memory of 1316	4244	4bb002040f8036b93da4449d909c7210N.exe	98
PID 4244 wrote to memory of 1316	4244	4bb002040f8036b93da4449d909c7210N.exe	98
PID 4244 wrote to memory of 1736	4244	4bb002040f8036b93da4449d909c7210N.exe	99
PID 4244 wrote to memory of 1736	4244	4bb002040f8036b93da4449d909c7210N.exe	99
PID 4244 wrote to memory of 1036	4244	4bb002040f8036b93da4449d909c7210N.exe	100
PID 4244 wrote to memory of 1036	4244	4bb002040f8036b93da4449d909c7210N.exe	100
PID 4244 wrote to memory of 4716	4244	4bb002040f8036b93da4449d909c7210N.exe	101
PID 4244 wrote to memory of 4716	4244	4bb002040f8036b93da4449d909c7210N.exe	101
PID 4244 wrote to memory of 4092	4244	4bb002040f8036b93da4449d909c7210N.exe	102
PID 4244 wrote to memory of 4092	4244	4bb002040f8036b93da4449d909c7210N.exe	102
PID 4244 wrote to memory of 2956	4244	4bb002040f8036b93da4449d909c7210N.exe	103
PID 4244 wrote to memory of 2956	4244	4bb002040f8036b93da4449d909c7210N.exe	103
PID 4244 wrote to memory of 780	4244	4bb002040f8036b93da4449d909c7210N.exe	104
PID 4244 wrote to memory of 780	4244	4bb002040f8036b93da4449d909c7210N.exe	104
PID 4244 wrote to memory of 3556	4244	4bb002040f8036b93da4449d909c7210N.exe	105
PID 4244 wrote to memory of 3556	4244	4bb002040f8036b93da4449d909c7210N.exe	105
PID 4244 wrote to memory of 4344	4244	4bb002040f8036b93da4449d909c7210N.exe	106
PID 4244 wrote to memory of 4344	4244	4bb002040f8036b93da4449d909c7210N.exe	106
PID 4244 wrote to memory of 3988	4244	4bb002040f8036b93da4449d909c7210N.exe	107
PID 4244 wrote to memory of 3988	4244	4bb002040f8036b93da4449d909c7210N.exe	107
PID 4244 wrote to memory of 2496	4244	4bb002040f8036b93da4449d909c7210N.exe	108
PID 4244 wrote to memory of 2496	4244	4bb002040f8036b93da4449d909c7210N.exe	108
PID 4244 wrote to memory of 3732	4244	4bb002040f8036b93da4449d909c7210N.exe	109
PID 4244 wrote to memory of 3732	4244	4bb002040f8036b93da4449d909c7210N.exe	109
PID 4244 wrote to memory of 3480	4244	4bb002040f8036b93da4449d909c7210N.exe	110
PID 4244 wrote to memory of 3480	4244	4bb002040f8036b93da4449d909c7210N.exe	110
PID 4244 wrote to memory of 1820	4244	4bb002040f8036b93da4449d909c7210N.exe	111
PID 4244 wrote to memory of 1820	4244	4bb002040f8036b93da4449d909c7210N.exe	111
PID 4244 wrote to memory of 1208	4244	4bb002040f8036b93da4449d909c7210N.exe	112
PID 4244 wrote to memory of 1208	4244	4bb002040f8036b93da4449d909c7210N.exe	112
PID 4244 wrote to memory of 2192	4244	4bb002040f8036b93da4449d909c7210N.exe	113
PID 4244 wrote to memory of 2192	4244	4bb002040f8036b93da4449d909c7210N.exe	113
PID 4244 wrote to memory of 1272	4244	4bb002040f8036b93da4449d909c7210N.exe	114
PID 4244 wrote to memory of 1272	4244	4bb002040f8036b93da4449d909c7210N.exe	114
PID 4244 wrote to memory of 2588	4244	4bb002040f8036b93da4449d909c7210N.exe	115
PID 4244 wrote to memory of 2588	4244	4bb002040f8036b93da4449d909c7210N.exe	115

C:\Users\Admin\AppData\Local\Temp\4bb002040f8036b93da4449d909c7210N.exe
"C:\Users\Admin\AppData\Local\Temp\4bb002040f8036b93da4449d909c7210N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3256
- C:\Windows\System\ZiLbPds.exe
  C:\Windows\System\ZiLbPds.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\CCopooS.exe
  C:\Windows\System\CCopooS.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\EwdOMir.exe
  C:\Windows\System\EwdOMir.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\yoVVSkb.exe
  C:\Windows\System\yoVVSkb.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\GMyjTPG.exe
  C:\Windows\System\GMyjTPG.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\YupSfHH.exe
  C:\Windows\System\YupSfHH.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\fnWwfUW.exe
  C:\Windows\System\fnWwfUW.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\kXCDoVu.exe
  C:\Windows\System\kXCDoVu.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\rYfuLSO.exe
  C:\Windows\System\rYfuLSO.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\SmXiMMc.exe
  C:\Windows\System\SmXiMMc.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\vmlDNNY.exe
  C:\Windows\System\vmlDNNY.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\lXYbvSE.exe
  C:\Windows\System\lXYbvSE.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\yYGhMuZ.exe
  C:\Windows\System\yYGhMuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\TxHyqEZ.exe
  C:\Windows\System\TxHyqEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\WYyGItD.exe
  C:\Windows\System\WYyGItD.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\SFbHqfF.exe
  C:\Windows\System\SFbHqfF.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\DgzrJCE.exe
  C:\Windows\System\DgzrJCE.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\frAHjLM.exe
  C:\Windows\System\frAHjLM.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\LOJqKLL.exe
  C:\Windows\System\LOJqKLL.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\eZGrcOI.exe
  C:\Windows\System\eZGrcOI.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\PTHfpmI.exe
  C:\Windows\System\PTHfpmI.exe
  2⤵
  - Executes dropped EXE
  PID:3556
- C:\Windows\System\EYWkDIC.exe
  C:\Windows\System\EYWkDIC.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\CXtmSsZ.exe
  C:\Windows\System\CXtmSsZ.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\uoIWgqk.exe
  C:\Windows\System\uoIWgqk.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\UQpIrIh.exe
  C:\Windows\System\UQpIrIh.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\NgWcojS.exe
  C:\Windows\System\NgWcojS.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\FvLIrCa.exe
  C:\Windows\System\FvLIrCa.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\fpQtQEK.exe
  C:\Windows\System\fpQtQEK.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\aoBDfDU.exe
  C:\Windows\System\aoBDfDU.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\dCQeqck.exe
  C:\Windows\System\dCQeqck.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\WbbsqJm.exe
  C:\Windows\System\WbbsqJm.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\nhClCUU.exe
  C:\Windows\System\nhClCUU.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\NVaJmbe.exe
  C:\Windows\System\NVaJmbe.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\TQrlOSq.exe
  C:\Windows\System\TQrlOSq.exe
  2⤵
  - Executes dropped EXE
  PID:3452
- C:\Windows\System\gTuVKOH.exe
  C:\Windows\System\gTuVKOH.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\JldavXn.exe
  C:\Windows\System\JldavXn.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\NmMqpsz.exe
  C:\Windows\System\NmMqpsz.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\XORzUlH.exe
  C:\Windows\System\XORzUlH.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\LqrEgAb.exe
  C:\Windows\System\LqrEgAb.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\gNfgZRM.exe
  C:\Windows\System\gNfgZRM.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\ViJTzpl.exe
  C:\Windows\System\ViJTzpl.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\LuHwQMg.exe
  C:\Windows\System\LuHwQMg.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\ZmcjYOp.exe
  C:\Windows\System\ZmcjYOp.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\erYBDmB.exe
  C:\Windows\System\erYBDmB.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\ebwDvZN.exe
  C:\Windows\System\ebwDvZN.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\sWvTykF.exe
  C:\Windows\System\sWvTykF.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\DcjDLgb.exe
  C:\Windows\System\DcjDLgb.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\ZNCRBtc.exe
  C:\Windows\System\ZNCRBtc.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\nawqTTE.exe
  C:\Windows\System\nawqTTE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\uAlqkpF.exe
  C:\Windows\System\uAlqkpF.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\GNJyPPF.exe
  C:\Windows\System\GNJyPPF.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\CXtWXRC.exe
  C:\Windows\System\CXtWXRC.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\aarPCNx.exe
  C:\Windows\System\aarPCNx.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\zgVJaBQ.exe
  C:\Windows\System\zgVJaBQ.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\jgdxprd.exe
  C:\Windows\System\jgdxprd.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\LSTyIFj.exe
  C:\Windows\System\LSTyIFj.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\NGsmHLQ.exe
  C:\Windows\System\NGsmHLQ.exe
  2⤵
  - Executes dropped EXE
  PID:4852
- C:\Windows\System\RDCKmOO.exe
  C:\Windows\System\RDCKmOO.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\zLWGqOe.exe
  C:\Windows\System\zLWGqOe.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\LQYFwLf.exe
  C:\Windows\System\LQYFwLf.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\XzWdESV.exe
  C:\Windows\System\XzWdESV.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\HUaqciT.exe
  C:\Windows\System\HUaqciT.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\UTDlakv.exe
  C:\Windows\System\UTDlakv.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\fKDsXOo.exe
  C:\Windows\System\fKDsXOo.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\qorGOJx.exe
  C:\Windows\System\qorGOJx.exe
  2⤵
  PID:3960
- C:\Windows\System\syHBPop.exe
  C:\Windows\System\syHBPop.exe
  2⤵
  PID:1436
- C:\Windows\System\siFEFpa.exe
  C:\Windows\System\siFEFpa.exe
  2⤵
  PID:4972
- C:\Windows\System\emSbYiC.exe
  C:\Windows\System\emSbYiC.exe
  2⤵
  PID:2788
- C:\Windows\System\mjDyVdJ.exe
  C:\Windows\System\mjDyVdJ.exe
  2⤵
  PID:2736
- C:\Windows\System\HGQbtrg.exe
  C:\Windows\System\HGQbtrg.exe
  2⤵
  PID:4404
- C:\Windows\System\PUARkcj.exe
  C:\Windows\System\PUARkcj.exe
  2⤵
  PID:4764
- C:\Windows\System\CFOPDeO.exe
  C:\Windows\System\CFOPDeO.exe
  2⤵
  PID:4452
- C:\Windows\System\CYiEzll.exe
  C:\Windows\System\CYiEzll.exe
  2⤵
  PID:3300
- C:\Windows\System\dSUXQow.exe
  C:\Windows\System\dSUXQow.exe
  2⤵
  PID:2776
- C:\Windows\System\zAHwHBU.exe
  C:\Windows\System\zAHwHBU.exe
  2⤵
  PID:4696
- C:\Windows\System\XWoFetA.exe
  C:\Windows\System\XWoFetA.exe
  2⤵
  PID:1016
- C:\Windows\System\ZWABPUD.exe
  C:\Windows\System\ZWABPUD.exe
  2⤵
  PID:5036
- C:\Windows\System\IkNEXCT.exe
  C:\Windows\System\IkNEXCT.exe
  2⤵
  PID:5008
- C:\Windows\System\Tqxgrex.exe
  C:\Windows\System\Tqxgrex.exe
  2⤵
  PID:4388
- C:\Windows\System\iazHDAs.exe
  C:\Windows\System\iazHDAs.exe
  2⤵
  PID:4116
- C:\Windows\System\CJphenK.exe
  C:\Windows\System\CJphenK.exe
  2⤵
  PID:2404
- C:\Windows\System\OEgHKRK.exe
  C:\Windows\System\OEgHKRK.exe
  2⤵
  PID:4784
- C:\Windows\System\POsWZSc.exe
  C:\Windows\System\POsWZSc.exe
  2⤵
  PID:2544
- C:\Windows\System\GCciVSm.exe
  C:\Windows\System\GCciVSm.exe
  2⤵
  PID:3280
- C:\Windows\System\HptaKdB.exe
  C:\Windows\System\HptaKdB.exe
  2⤵
  PID:2648
- C:\Windows\System\OVIUidp.exe
  C:\Windows\System\OVIUidp.exe
  2⤵
  PID:3196
- C:\Windows\System\yxvYdGJ.exe
  C:\Windows\System\yxvYdGJ.exe
  2⤵
  PID:5152
- C:\Windows\System\tDieigo.exe
  C:\Windows\System\tDieigo.exe
  2⤵
  PID:5184
- C:\Windows\System\qawyJdK.exe
  C:\Windows\System\qawyJdK.exe
  2⤵
  PID:5208
- C:\Windows\System\hBauJpX.exe
  C:\Windows\System\hBauJpX.exe
  2⤵
  PID:5240
- C:\Windows\System\fzLdGgP.exe
  C:\Windows\System\fzLdGgP.exe
  2⤵
  PID:5272
- C:\Windows\System\dhUUIop.exe
  C:\Windows\System\dhUUIop.exe
  2⤵
  PID:5300
- C:\Windows\System\SkcgSze.exe
  C:\Windows\System\SkcgSze.exe
  2⤵
  PID:5324
- C:\Windows\System\xJVgubt.exe
  C:\Windows\System\xJVgubt.exe
  2⤵
  PID:5356
- C:\Windows\System\aZpxWbF.exe
  C:\Windows\System\aZpxWbF.exe
  2⤵
  PID:5384
- C:\Windows\System\fKrhSsm.exe
  C:\Windows\System\fKrhSsm.exe
  2⤵
  PID:5412
- C:\Windows\System\IGdSezr.exe
  C:\Windows\System\IGdSezr.exe
  2⤵
  PID:5440
- C:\Windows\System\ZkHLSfC.exe
  C:\Windows\System\ZkHLSfC.exe
  2⤵
  PID:5468
- C:\Windows\System\tQPaoej.exe
  C:\Windows\System\tQPaoej.exe
  2⤵
  PID:5496
- C:\Windows\System\UaRNacu.exe
  C:\Windows\System\UaRNacu.exe
  2⤵
  PID:5524
- C:\Windows\System\PiQpbFN.exe
  C:\Windows\System\PiQpbFN.exe
  2⤵
  PID:5552
- C:\Windows\System\pBkROUp.exe
  C:\Windows\System\pBkROUp.exe
  2⤵
  PID:5576
- C:\Windows\System\YYuYTCj.exe
  C:\Windows\System\YYuYTCj.exe
  2⤵
  PID:5608
- C:\Windows\System\unIDlii.exe
  C:\Windows\System\unIDlii.exe
  2⤵
  PID:5636
- C:\Windows\System\inWgxuL.exe
  C:\Windows\System\inWgxuL.exe
  2⤵
  PID:5664
- C:\Windows\System\PPnKkuv.exe
  C:\Windows\System\PPnKkuv.exe
  2⤵
  PID:5692
- C:\Windows\System\fyBIJBl.exe
  C:\Windows\System\fyBIJBl.exe
  2⤵
  PID:5720
- C:\Windows\System\Zviajec.exe
  C:\Windows\System\Zviajec.exe
  2⤵
  PID:5744
- C:\Windows\System\IZDCmLR.exe
  C:\Windows\System\IZDCmLR.exe
  2⤵
  PID:5772
- C:\Windows\System\GVlwGYq.exe
  C:\Windows\System\GVlwGYq.exe
  2⤵
  PID:5804
- C:\Windows\System\LBOaOJF.exe
  C:\Windows\System\LBOaOJF.exe
  2⤵
  PID:5832
- C:\Windows\System\IEZKSob.exe
  C:\Windows\System\IEZKSob.exe
  2⤵
  PID:5860
- C:\Windows\System\BnqWvwm.exe
  C:\Windows\System\BnqWvwm.exe
  2⤵
  PID:5888
- C:\Windows\System\BRqNgoc.exe
  C:\Windows\System\BRqNgoc.exe
  2⤵
  PID:5916
- C:\Windows\System\uJhpLbD.exe
  C:\Windows\System\uJhpLbD.exe
  2⤵
  PID:5944
- C:\Windows\System\uiTPRNo.exe
  C:\Windows\System\uiTPRNo.exe
  2⤵
  PID:5972
- C:\Windows\System\EiPtaeK.exe
  C:\Windows\System\EiPtaeK.exe
  2⤵
  PID:6000
- C:\Windows\System\kTqXJOX.exe
  C:\Windows\System\kTqXJOX.exe
  2⤵
  PID:6116
- C:\Windows\System\ofQGCeH.exe
  C:\Windows\System\ofQGCeH.exe
  2⤵
  PID:2460
- C:\Windows\System\DVZNvMt.exe
  C:\Windows\System\DVZNvMt.exe
  2⤵
  PID:3064
- C:\Windows\System\VpBkfJM.exe
  C:\Windows\System\VpBkfJM.exe
  2⤵
  PID:2728
- C:\Windows\System\gWcIOne.exe
  C:\Windows\System\gWcIOne.exe
  2⤵
  PID:5176
- C:\Windows\System\fpltssf.exe
  C:\Windows\System\fpltssf.exe
  2⤵
  PID:5232
- C:\Windows\System\yheyilI.exe
  C:\Windows\System\yheyilI.exe
  2⤵
  PID:5284
- C:\Windows\System\TOisgCh.exe
  C:\Windows\System\TOisgCh.exe
  2⤵
  PID:4028
- C:\Windows\System\AQZkucO.exe
  C:\Windows\System\AQZkucO.exe
  2⤵
  PID:5404
- C:\Windows\System\HAsoPGv.exe
  C:\Windows\System\HAsoPGv.exe
  2⤵
  PID:5452
- C:\Windows\System\SVWIrBG.exe
  C:\Windows\System\SVWIrBG.exe
  2⤵
  PID:5480
- C:\Windows\System\IfGQqZm.exe
  C:\Windows\System\IfGQqZm.exe
  2⤵
  PID:5536
- C:\Windows\System\CunBkiu.exe
  C:\Windows\System\CunBkiu.exe
  2⤵
  PID:5600
- C:\Windows\System\lPOnRaM.exe
  C:\Windows\System\lPOnRaM.exe
  2⤵
  PID:1756
- C:\Windows\System\QKbvTDO.exe
  C:\Windows\System\QKbvTDO.exe
  2⤵
  PID:5768
- C:\Windows\System\ONtayNi.exe
  C:\Windows\System\ONtayNi.exe
  2⤵
  PID:5820
- C:\Windows\System\FsyCPyC.exe
  C:\Windows\System\FsyCPyC.exe
  2⤵
  PID:5876
- C:\Windows\System\eilVZfa.exe
  C:\Windows\System\eilVZfa.exe
  2⤵
  PID:5928
- C:\Windows\System\gDwYbpy.exe
  C:\Windows\System\gDwYbpy.exe
  2⤵
  PID:4532
- C:\Windows\System\kWAAzwi.exe
  C:\Windows\System\kWAAzwi.exe
  2⤵
  PID:3348
- C:\Windows\System\XZHYDez.exe
  C:\Windows\System\XZHYDez.exe
  2⤵
  PID:3272
- C:\Windows\System\XmKigvH.exe
  C:\Windows\System\XmKigvH.exe
  2⤵
  PID:6012
- C:\Windows\System\QmzBsXO.exe
  C:\Windows\System\QmzBsXO.exe
  2⤵
  PID:2920
- C:\Windows\System\kkznATJ.exe
  C:\Windows\System\kkznATJ.exe
  2⤵
  PID:6044
- C:\Windows\System\LbhMRHS.exe
  C:\Windows\System\LbhMRHS.exe
  2⤵
  PID:2704
- C:\Windows\System\HZXIKKs.exe
  C:\Windows\System\HZXIKKs.exe
  2⤵
  PID:6108
- C:\Windows\System\SWEcTlX.exe
  C:\Windows\System\SWEcTlX.exe
  2⤵
  PID:4856
- C:\Windows\System\XNrvzjR.exe
  C:\Windows\System\XNrvzjR.exe
  2⤵
  PID:5348
- C:\Windows\System\VgiELFD.exe
  C:\Windows\System\VgiELFD.exe
  2⤵
  PID:5376
- C:\Windows\System\eScUZOM.exe
  C:\Windows\System\eScUZOM.exe
  2⤵
  PID:5512
- C:\Windows\System\NERMHql.exe
  C:\Windows\System\NERMHql.exe
  2⤵
  PID:5648
- C:\Windows\System\HLXlSZC.exe
  C:\Windows\System\HLXlSZC.exe
  2⤵
  PID:6076
- C:\Windows\System\uLFHtVs.exe
  C:\Windows\System\uLFHtVs.exe
  2⤵
  PID:6088
- C:\Windows\System\MtfccPS.exe
  C:\Windows\System\MtfccPS.exe
  2⤵
  PID:2768
- C:\Windows\System\BCJzfIP.exe
  C:\Windows\System\BCJzfIP.exe
  2⤵
  PID:5852
- C:\Windows\System\XmirXlt.exe
  C:\Windows\System\XmirXlt.exe
  2⤵
  PID:5908
- C:\Windows\System\ZevxcFn.exe
  C:\Windows\System\ZevxcFn.exe
  2⤵
  PID:6136
- C:\Windows\System\pXcMihj.exe
  C:\Windows\System\pXcMihj.exe
  2⤵
  PID:5956
- C:\Windows\System\dSCpZQF.exe
  C:\Windows\System\dSCpZQF.exe
  2⤵
  PID:5992
- C:\Windows\System\SmRqeUw.exe
  C:\Windows\System\SmRqeUw.exe
  2⤵
  PID:3640
- C:\Windows\System\gahWhji.exe
  C:\Windows\System\gahWhji.exe
  2⤵
  PID:3784
- C:\Windows\System\tBelTVx.exe
  C:\Windows\System\tBelTVx.exe
  2⤵
  PID:5344
- C:\Windows\System\XfBBJmP.exe
  C:\Windows\System\XfBBJmP.exe
  2⤵
  PID:5592
- C:\Windows\System\OUcZmue.exe
  C:\Windows\System\OUcZmue.exe
  2⤵
  PID:6104
- C:\Windows\System\nkPXgeR.exe
  C:\Windows\System\nkPXgeR.exe
  2⤵
  PID:1628
- C:\Windows\System\hJhEsvD.exe
  C:\Windows\System\hJhEsvD.exe
  2⤵
  PID:3416
- C:\Windows\System\pJlrBxe.exe
  C:\Windows\System\pJlrBxe.exe
  2⤵
  PID:3212
- C:\Windows\System\BKxBDLa.exe
  C:\Windows\System\BKxBDLa.exe
  2⤵
  PID:3632
- C:\Windows\System\WKKRRDb.exe
  C:\Windows\System\WKKRRDb.exe
  2⤵
  PID:5148
- C:\Windows\System\MDpbOrU.exe
  C:\Windows\System\MDpbOrU.exe
  2⤵
  PID:6148
- C:\Windows\System\xdCuXaT.exe
  C:\Windows\System\xdCuXaT.exe
  2⤵
  PID:6184
- C:\Windows\System\QGyAHDm.exe
  C:\Windows\System\QGyAHDm.exe
  2⤵
  PID:6204
- C:\Windows\System\DjAUKDK.exe
  C:\Windows\System\DjAUKDK.exe
  2⤵
  PID:6228
- C:\Windows\System\hxWWwlU.exe
  C:\Windows\System\hxWWwlU.exe
  2⤵
  PID:6252
- C:\Windows\System\jgmOcWA.exe
  C:\Windows\System\jgmOcWA.exe
  2⤵
  PID:6268
- C:\Windows\System\LCfStcA.exe
  C:\Windows\System\LCfStcA.exe
  2⤵
  PID:6312
- C:\Windows\System\iCrAtzs.exe
  C:\Windows\System\iCrAtzs.exe
  2⤵
  PID:6332
- C:\Windows\System\OPTTJhY.exe
  C:\Windows\System\OPTTJhY.exe
  2⤵
  PID:6380
- C:\Windows\System\euhrBkB.exe
  C:\Windows\System\euhrBkB.exe
  2⤵
  PID:6412
- C:\Windows\System\NxskwMi.exe
  C:\Windows\System\NxskwMi.exe
  2⤵
  PID:6444
- C:\Windows\System\sCAgyYn.exe
  C:\Windows\System\sCAgyYn.exe
  2⤵
  PID:6472
- C:\Windows\System\NVakgAV.exe
  C:\Windows\System\NVakgAV.exe
  2⤵
  PID:6492
- C:\Windows\System\PnzyvNg.exe
  C:\Windows\System\PnzyvNg.exe
  2⤵
  PID:6516
- C:\Windows\System\rqkJJtO.exe
  C:\Windows\System\rqkJJtO.exe
  2⤵
  PID:6540
- C:\Windows\System\vUTTcub.exe
  C:\Windows\System\vUTTcub.exe
  2⤵
  PID:6572
- C:\Windows\System\XMGmbRe.exe
  C:\Windows\System\XMGmbRe.exe
  2⤵
  PID:6596
- C:\Windows\System\KbtwhZN.exe
  C:\Windows\System\KbtwhZN.exe
  2⤵
  PID:6616
- C:\Windows\System\nNkgXIR.exe
  C:\Windows\System\nNkgXIR.exe
  2⤵
  PID:6712
- C:\Windows\System\aAkvomV.exe
  C:\Windows\System\aAkvomV.exe
  2⤵
  PID:6740
- C:\Windows\System\gipYIbG.exe
  C:\Windows\System\gipYIbG.exe
  2⤵
  PID:6760
- C:\Windows\System\vgKLNrn.exe
  C:\Windows\System\vgKLNrn.exe
  2⤵
  PID:6780
- C:\Windows\System\bMegBks.exe
  C:\Windows\System\bMegBks.exe
  2⤵
  PID:6800
- C:\Windows\System\omeVfte.exe
  C:\Windows\System\omeVfte.exe
  2⤵
  PID:6828
- C:\Windows\System\IGRSfXn.exe
  C:\Windows\System\IGRSfXn.exe
  2⤵
  PID:6848
- C:\Windows\System\AwyhAeT.exe
  C:\Windows\System\AwyhAeT.exe
  2⤵
  PID:6872
- C:\Windows\System\BoMcigV.exe
  C:\Windows\System\BoMcigV.exe
  2⤵
  PID:6904
- C:\Windows\System\sdQPbKz.exe
  C:\Windows\System\sdQPbKz.exe
  2⤵
  PID:6920
- C:\Windows\System\qccDehd.exe
  C:\Windows\System\qccDehd.exe
  2⤵
  PID:6944
- C:\Windows\System\IbmSuoS.exe
  C:\Windows\System\IbmSuoS.exe
  2⤵
  PID:6996
- C:\Windows\System\nbwThOT.exe
  C:\Windows\System\nbwThOT.exe
  2⤵
  PID:7016
- C:\Windows\System\MXPEKdx.exe
  C:\Windows\System\MXPEKdx.exe
  2⤵
  PID:7044
- C:\Windows\System\nOJDueJ.exe
  C:\Windows\System\nOJDueJ.exe
  2⤵
  PID:7068
- C:\Windows\System\fVmJHdU.exe
  C:\Windows\System\fVmJHdU.exe
  2⤵
  PID:7088
- C:\Windows\System\XWmLHzn.exe
  C:\Windows\System\XWmLHzn.exe
  2⤵
  PID:7132
- C:\Windows\System\JvPTMBZ.exe
  C:\Windows\System\JvPTMBZ.exe
  2⤵
  PID:6052
- C:\Windows\System\XPCcuvG.exe
  C:\Windows\System\XPCcuvG.exe
  2⤵
  PID:6180
- C:\Windows\System\CMOIjsp.exe
  C:\Windows\System\CMOIjsp.exe
  2⤵
  PID:6280
- C:\Windows\System\XtDczlS.exe
  C:\Windows\System\XtDczlS.exe
  2⤵
  PID:6372
- C:\Windows\System\odgEGQP.exe
  C:\Windows\System\odgEGQP.exe
  2⤵
  PID:6436
- C:\Windows\System\dWgPGuX.exe
  C:\Windows\System\dWgPGuX.exe
  2⤵
  PID:6484
- C:\Windows\System\XbDmFcA.exe
  C:\Windows\System\XbDmFcA.exe
  2⤵
  PID:6536
- C:\Windows\System\yekrvHp.exe
  C:\Windows\System\yekrvHp.exe
  2⤵
  PID:6668
- C:\Windows\System\MxBFVSY.exe
  C:\Windows\System\MxBFVSY.exe
  2⤵
  PID:6628
- C:\Windows\System\SOeuEQS.exe
  C:\Windows\System\SOeuEQS.exe
  2⤵
  PID:6748
- C:\Windows\System\ljJQVeZ.exe
  C:\Windows\System\ljJQVeZ.exe
  2⤵
  PID:6792
- C:\Windows\System\XBXYLeR.exe
  C:\Windows\System\XBXYLeR.exe
  2⤵
  PID:6844
- C:\Windows\System\wPNowMg.exe
  C:\Windows\System\wPNowMg.exe
  2⤵
  PID:6916
- C:\Windows\System\cjLbPMz.exe
  C:\Windows\System\cjLbPMz.exe
  2⤵
  PID:7052
- C:\Windows\System\IJtdFmS.exe
  C:\Windows\System\IJtdFmS.exe
  2⤵
  PID:7024
- C:\Windows\System\mvrPVCQ.exe
  C:\Windows\System\mvrPVCQ.exe
  2⤵
  PID:7124
- C:\Windows\System\mCpIhSi.exe
  C:\Windows\System\mCpIhSi.exe
  2⤵
  PID:6220
- C:\Windows\System\vqmfJCi.exe
  C:\Windows\System\vqmfJCi.exe
  2⤵
  PID:6356
- C:\Windows\System\HxEMqDC.exe
  C:\Windows\System\HxEMqDC.exe
  2⤵
  PID:6676
- C:\Windows\System\uxuPlal.exe
  C:\Windows\System\uxuPlal.exe
  2⤵
  PID:6708
- C:\Windows\System\plEmQmF.exe
  C:\Windows\System\plEmQmF.exe
  2⤵
  PID:7156
- C:\Windows\System\VjCUTSq.exe
  C:\Windows\System\VjCUTSq.exe
  2⤵
  PID:5848
- C:\Windows\System\YnASVaI.exe
  C:\Windows\System\YnASVaI.exe
  2⤵
  PID:6260
- C:\Windows\System\ljROOJR.exe
  C:\Windows\System\ljROOJR.exe
  2⤵
  PID:6468
- C:\Windows\System\ZbhyxeT.exe
  C:\Windows\System\ZbhyxeT.exe
  2⤵
  PID:6956
- C:\Windows\System\CekSOrF.exe
  C:\Windows\System\CekSOrF.exe
  2⤵
  PID:6736
- C:\Windows\System\EhJvvOL.exe
  C:\Windows\System\EhJvvOL.exe
  2⤵
  PID:6160
- C:\Windows\System\bqHedYe.exe
  C:\Windows\System\bqHedYe.exe
  2⤵
  PID:7228
- C:\Windows\System\wUupHmb.exe
  C:\Windows\System\wUupHmb.exe
  2⤵
  PID:7256
- C:\Windows\System\OQyJyAu.exe
  C:\Windows\System\OQyJyAu.exe
  2⤵
  PID:7284
- C:\Windows\System\DLNGTHX.exe
  C:\Windows\System\DLNGTHX.exe
  2⤵
  PID:7340
- C:\Windows\System\tfkeljB.exe
  C:\Windows\System\tfkeljB.exe
  2⤵
  PID:7356
- C:\Windows\System\QEKmFxs.exe
  C:\Windows\System\QEKmFxs.exe
  2⤵
  PID:7388
- C:\Windows\System\EYRklAp.exe
  C:\Windows\System\EYRklAp.exe
  2⤵
  PID:7408
- C:\Windows\System\aeCsNWl.exe
  C:\Windows\System\aeCsNWl.exe
  2⤵
  PID:7460
- C:\Windows\System\msDehin.exe
  C:\Windows\System\msDehin.exe
  2⤵
  PID:7488
- C:\Windows\System\tcIvxyP.exe
  C:\Windows\System\tcIvxyP.exe
  2⤵
  PID:7516
- C:\Windows\System\XLEstBh.exe
  C:\Windows\System\XLEstBh.exe
  2⤵
  PID:7536
- C:\Windows\System\ssSNmmn.exe
  C:\Windows\System\ssSNmmn.exe
  2⤵
  PID:7584
- C:\Windows\System\blAedwG.exe
  C:\Windows\System\blAedwG.exe
  2⤵
  PID:7660
- C:\Windows\System\rCbEOGB.exe
  C:\Windows\System\rCbEOGB.exe
  2⤵
  PID:7692
- C:\Windows\System\NBkwcOR.exe
  C:\Windows\System\NBkwcOR.exe
  2⤵
  PID:7720
- C:\Windows\System\PZLYJBg.exe
  C:\Windows\System\PZLYJBg.exe
  2⤵
  PID:7776
- C:\Windows\System\NdDQuJl.exe
  C:\Windows\System\NdDQuJl.exe
  2⤵
  PID:7816
- C:\Windows\System\gHGWzxE.exe
  C:\Windows\System\gHGWzxE.exe
  2⤵
  PID:7852
- C:\Windows\System\AGTUEAy.exe
  C:\Windows\System\AGTUEAy.exe
  2⤵
  PID:7872
- C:\Windows\System\CSlIUMl.exe
  C:\Windows\System\CSlIUMl.exe
  2⤵
  PID:7916
- C:\Windows\System\TvPDPSD.exe
  C:\Windows\System\TvPDPSD.exe
  2⤵
  PID:7952
- C:\Windows\System\wHtbcWg.exe
  C:\Windows\System\wHtbcWg.exe
  2⤵
  PID:7984
- C:\Windows\System\oDWraXh.exe
  C:\Windows\System\oDWraXh.exe
  2⤵
  PID:8004
- C:\Windows\System\ukyOXoC.exe
  C:\Windows\System\ukyOXoC.exe
  2⤵
  PID:8084
- C:\Windows\System\XLBExfW.exe
  C:\Windows\System\XLBExfW.exe
  2⤵
  PID:8112
- C:\Windows\System\aSDMZJb.exe
  C:\Windows\System\aSDMZJb.exe
  2⤵
  PID:8168
- C:\Windows\System\DDQGAEt.exe
  C:\Windows\System\DDQGAEt.exe
  2⤵
  PID:6912
- C:\Windows\System\iWUCUxP.exe
  C:\Windows\System\iWUCUxP.exe
  2⤵
  PID:6984
- C:\Windows\System\XGlnCrZ.exe
  C:\Windows\System\XGlnCrZ.exe
  2⤵
  PID:7224
- C:\Windows\System\acnlNXe.exe
  C:\Windows\System\acnlNXe.exe
  2⤵
  PID:7212
- C:\Windows\System\mAnnVNJ.exe
  C:\Windows\System\mAnnVNJ.exe
  2⤵
  PID:7332
- C:\Windows\System\SalfpYs.exe
  C:\Windows\System\SalfpYs.exe
  2⤵
  PID:7352
- C:\Windows\System\PIJEXZb.exe
  C:\Windows\System\PIJEXZb.exe
  2⤵
  PID:7428
- C:\Windows\System\uQDUoXh.exe
  C:\Windows\System\uQDUoXh.exe
  2⤵
  PID:7592
- C:\Windows\System\CEkgEBK.exe
  C:\Windows\System\CEkgEBK.exe
  2⤵
  PID:7640
- C:\Windows\System\OyyHgPi.exe
  C:\Windows\System\OyyHgPi.exe
  2⤵
  PID:7648
- C:\Windows\System\pvWwrVV.exe
  C:\Windows\System\pvWwrVV.exe
  2⤵
  PID:7684
- C:\Windows\System\jlbOLye.exe
  C:\Windows\System\jlbOLye.exe
  2⤵
  PID:7676
- C:\Windows\System\oAneSEf.exe
  C:\Windows\System\oAneSEf.exe
  2⤵
  PID:7840
- C:\Windows\System\LPnKRag.exe
  C:\Windows\System\LPnKRag.exe
  2⤵
  PID:7880
- C:\Windows\System\Ouovtri.exe
  C:\Windows\System\Ouovtri.exe
  2⤵
  PID:7972
- C:\Windows\System\ssHWUto.exe
  C:\Windows\System\ssHWUto.exe
  2⤵
  PID:8032
- C:\Windows\System\MJEBFKE.exe
  C:\Windows\System\MJEBFKE.exe
  2⤵
  PID:8076
- C:\Windows\System\bzbIONp.exe
  C:\Windows\System\bzbIONp.exe
  2⤵
  PID:8124
- C:\Windows\System\LhIdkLC.exe
  C:\Windows\System\LhIdkLC.exe
  2⤵
  PID:8188
- C:\Windows\System\PVUUacL.exe
  C:\Windows\System\PVUUacL.exe
  2⤵
  PID:6696
- C:\Windows\System\qNZIVjk.exe
  C:\Windows\System\qNZIVjk.exe
  2⤵
  PID:7180
- C:\Windows\System\glhAjyy.exe
  C:\Windows\System\glhAjyy.exe
  2⤵
  PID:7380
- C:\Windows\System\wCIlTic.exe
  C:\Windows\System\wCIlTic.exe
  2⤵
  PID:7420
- C:\Windows\System\MsEokQq.exe
  C:\Windows\System\MsEokQq.exe
  2⤵
  PID:7624
- C:\Windows\System\HiidKhu.exe
  C:\Windows\System\HiidKhu.exe
  2⤵
  PID:7828
- C:\Windows\System\srCPSqv.exe
  C:\Windows\System\srCPSqv.exe
  2⤵
  PID:7932
- C:\Windows\System\oKbhDWx.exe
  C:\Windows\System\oKbhDWx.exe
  2⤵
  PID:8000
- C:\Windows\System\KGMkBNU.exe
  C:\Windows\System\KGMkBNU.exe
  2⤵
  PID:8160
- C:\Windows\System\mlGrKyg.exe
  C:\Windows\System\mlGrKyg.exe
  2⤵
  PID:6100
- C:\Windows\System\YKqbOWU.exe
  C:\Windows\System\YKqbOWU.exe
  2⤵
  PID:7320
- C:\Windows\System\CvdeODg.exe
  C:\Windows\System\CvdeODg.exe
  2⤵
  PID:7568
- C:\Windows\System\QROcUQh.exe
  C:\Windows\System\QROcUQh.exe
  2⤵
  PID:7796
- C:\Windows\System\XKxhgfU.exe
  C:\Windows\System\XKxhgfU.exe
  2⤵
  PID:7008
- C:\Windows\System\wDEIYXn.exe
  C:\Windows\System\wDEIYXn.exe
  2⤵
  PID:8044
- C:\Windows\System\zceuCAp.exe
  C:\Windows\System\zceuCAp.exe
  2⤵
  PID:7532
- C:\Windows\System\XaAPvMU.exe
  C:\Windows\System\XaAPvMU.exe
  2⤵
  PID:7576
- C:\Windows\System\neDwnof.exe
  C:\Windows\System\neDwnof.exe
  2⤵
  PID:7424
- C:\Windows\System\tTPGfii.exe
  C:\Windows\System\tTPGfii.exe
  2⤵
  PID:7248
- C:\Windows\System\ulGEShm.exe
  C:\Windows\System\ulGEShm.exe
  2⤵
  PID:7060
- C:\Windows\System\JQamlME.exe
  C:\Windows\System\JQamlME.exe
  2⤵
  PID:8220
- C:\Windows\System\mTbZFYt.exe
  C:\Windows\System\mTbZFYt.exe
  2⤵
  PID:8252
- C:\Windows\System\WMmGRaW.exe
  C:\Windows\System\WMmGRaW.exe
  2⤵
  PID:8272
- C:\Windows\System\ENWDvPO.exe
  C:\Windows\System\ENWDvPO.exe
  2⤵
  PID:8316
- C:\Windows\System\wMuRnQh.exe
  C:\Windows\System\wMuRnQh.exe
  2⤵
  PID:8340
- C:\Windows\System\iLZvpbK.exe
  C:\Windows\System\iLZvpbK.exe
  2⤵
  PID:8388
- C:\Windows\System\kqVlJpv.exe
  C:\Windows\System\kqVlJpv.exe
  2⤵
  PID:8436
- C:\Windows\System\GMFDnNg.exe
  C:\Windows\System\GMFDnNg.exe
  2⤵
  PID:8512
- C:\Windows\System\FkgUEwj.exe
  C:\Windows\System\FkgUEwj.exe
  2⤵
  PID:8532
- C:\Windows\System\KFUbIBK.exe
  C:\Windows\System\KFUbIBK.exe
  2⤵
  PID:8556
- C:\Windows\System\bGkIBqP.exe
  C:\Windows\System\bGkIBqP.exe
  2⤵
  PID:8572
- C:\Windows\System\zTsFWsQ.exe
  C:\Windows\System\zTsFWsQ.exe
  2⤵
  PID:8624
- C:\Windows\System\mJQwUtC.exe
  C:\Windows\System\mJQwUtC.exe
  2⤵
  PID:8644
- C:\Windows\System\xsrdmrt.exe
  C:\Windows\System\xsrdmrt.exe
  2⤵
  PID:8716
- C:\Windows\System\ZWaELgC.exe
  C:\Windows\System\ZWaELgC.exe
  2⤵
  PID:8732
- C:\Windows\System\zsOBIgb.exe
  C:\Windows\System\zsOBIgb.exe
  2⤵
  PID:8756
- C:\Windows\System\vXhbPIO.exe
  C:\Windows\System\vXhbPIO.exe
  2⤵
  PID:8792
- C:\Windows\System\gyIppTX.exe
  C:\Windows\System\gyIppTX.exe
  2⤵
  PID:8824
- C:\Windows\System\WUvpiIc.exe
  C:\Windows\System\WUvpiIc.exe
  2⤵
  PID:8864
- C:\Windows\System\prAYDEC.exe
  C:\Windows\System\prAYDEC.exe
  2⤵
  PID:8896
- C:\Windows\System\vdGLLsB.exe
  C:\Windows\System\vdGLLsB.exe
  2⤵
  PID:8956
- C:\Windows\System\ZcwTauW.exe
  C:\Windows\System\ZcwTauW.exe
  2⤵
  PID:9008
- C:\Windows\System\clADOhn.exe
  C:\Windows\System\clADOhn.exe
  2⤵
  PID:9028
- C:\Windows\System\voElrMD.exe
  C:\Windows\System\voElrMD.exe
  2⤵
  PID:9072
- C:\Windows\System\WbfWzeq.exe
  C:\Windows\System\WbfWzeq.exe
  2⤵
  PID:9140
- C:\Windows\System\lpTcUFU.exe
  C:\Windows\System\lpTcUFU.exe
  2⤵
  PID:9164
- C:\Windows\System\ljykCBe.exe
  C:\Windows\System\ljykCBe.exe
  2⤵
  PID:9192
- C:\Windows\System\gaFJeJa.exe
  C:\Windows\System\gaFJeJa.exe
  2⤵
  PID:9208
- C:\Windows\System\IPioICh.exe
  C:\Windows\System\IPioICh.exe
  2⤵
  PID:8216
- C:\Windows\System\zkAYrDU.exe
  C:\Windows\System\zkAYrDU.exe
  2⤵
  PID:7888
- C:\Windows\System\eHzbEoP.exe
  C:\Windows\System\eHzbEoP.exe
  2⤵
  PID:8240
- C:\Windows\System\nRGKaVm.exe
  C:\Windows\System\nRGKaVm.exe
  2⤵
  PID:8364
- C:\Windows\System\dLnjihu.exe
  C:\Windows\System\dLnjihu.exe
  2⤵
  PID:8420
- C:\Windows\System\ToakNvX.exe
  C:\Windows\System\ToakNvX.exe
  2⤵
  PID:8544
- C:\Windows\System\ZPvOfrL.exe
  C:\Windows\System\ZPvOfrL.exe
  2⤵
  PID:8596
- C:\Windows\System\FWBAcGR.exe
  C:\Windows\System\FWBAcGR.exe
  2⤵
  PID:8592
- C:\Windows\System\aTdBkIr.exe
  C:\Windows\System\aTdBkIr.exe
  2⤵
  PID:8708
- C:\Windows\System\IxOyRmn.exe
  C:\Windows\System\IxOyRmn.exe
  2⤵
  PID:8776
- C:\Windows\System\ykHegeF.exe
  C:\Windows\System\ykHegeF.exe
  2⤵
  PID:8880
- C:\Windows\System\tHrGwUZ.exe
  C:\Windows\System\tHrGwUZ.exe
  2⤵
  PID:8972
- C:\Windows\System\NQUWONX.exe
  C:\Windows\System\NQUWONX.exe
  2⤵
  PID:9116
- C:\Windows\System\rRvdxGT.exe
  C:\Windows\System\rRvdxGT.exe
  2⤵
  PID:8928
- C:\Windows\System\gajQUUh.exe
  C:\Windows\System\gajQUUh.exe
  2⤵
  PID:8976
- C:\Windows\System\nWrWNbo.exe
  C:\Windows\System\nWrWNbo.exe
  2⤵
  PID:9068
- C:\Windows\System\fQRuhlu.exe
  C:\Windows\System\fQRuhlu.exe
  2⤵
  PID:9160
- C:\Windows\System\GoIfUFO.exe
  C:\Windows\System\GoIfUFO.exe
  2⤵
  PID:9060
- C:\Windows\System\NkLxZZN.exe
  C:\Windows\System\NkLxZZN.exe
  2⤵
  PID:9120
- C:\Windows\System\cnxmRLS.exe
  C:\Windows\System\cnxmRLS.exe
  2⤵
  PID:8280
- C:\Windows\System\ezibrzc.exe
  C:\Windows\System\ezibrzc.exe
  2⤵
  PID:8504
- C:\Windows\System\vzglCJO.exe
  C:\Windows\System\vzglCJO.exe
  2⤵
  PID:8500
- C:\Windows\System\odcelXE.exe
  C:\Windows\System\odcelXE.exe
  2⤵
  PID:8652
- C:\Windows\System\zGqBmBH.exe
  C:\Windows\System\zGqBmBH.exe
  2⤵
  PID:8700
- C:\Windows\System\XGIlaON.exe
  C:\Windows\System\XGIlaON.exe
  2⤵
  PID:8788
- C:\Windows\System\FczgtvR.exe
  C:\Windows\System\FczgtvR.exe
  2⤵
  PID:8968
- C:\Windows\System\mBiLHdn.exe
  C:\Windows\System\mBiLHdn.exe
  2⤵
  PID:9156
- C:\Windows\System\CklNpcz.exe
  C:\Windows\System\CklNpcz.exe
  2⤵
  PID:9056
- C:\Windows\System\lnwhkWK.exe
  C:\Windows\System\lnwhkWK.exe
  2⤵
  PID:8408
- C:\Windows\System\crbdpbI.exe
  C:\Windows\System\crbdpbI.exe
  2⤵
  PID:8452
- C:\Windows\System\BCtaNqK.exe
  C:\Windows\System\BCtaNqK.exe
  2⤵
  PID:8964
- C:\Windows\System\nTmpqeb.exe
  C:\Windows\System\nTmpqeb.exe
  2⤵
  PID:8992
- C:\Windows\System\eMpksUR.exe
  C:\Windows\System\eMpksUR.exe
  2⤵
  PID:9112
- C:\Windows\System\gKRPmys.exe
  C:\Windows\System\gKRPmys.exe
  2⤵
  PID:8528
- C:\Windows\System\NKknKiN.exe
  C:\Windows\System\NKknKiN.exe
  2⤵
  PID:8684
- C:\Windows\System\sAmiUpg.exe
  C:\Windows\System\sAmiUpg.exe
  2⤵
  PID:9272
- C:\Windows\System\jNBToGx.exe
  C:\Windows\System\jNBToGx.exe
  2⤵
  PID:9320
- C:\Windows\System\IXTwosZ.exe
  C:\Windows\System\IXTwosZ.exe
  2⤵
  PID:9344
- C:\Windows\System\toHrtiw.exe
  C:\Windows\System\toHrtiw.exe
  2⤵
  PID:9376
- C:\Windows\System\xVnmFTM.exe
  C:\Windows\System\xVnmFTM.exe
  2⤵
  PID:9396
- C:\Windows\System\ZsyNTFt.exe
  C:\Windows\System\ZsyNTFt.exe
  2⤵
  PID:9440
- C:\Windows\System\ZyaHDpK.exe
  C:\Windows\System\ZyaHDpK.exe
  2⤵
  PID:9460
- C:\Windows\System\QcbJyff.exe
  C:\Windows\System\QcbJyff.exe
  2⤵
  PID:9488
- C:\Windows\System\tZMQfDp.exe
  C:\Windows\System\tZMQfDp.exe
  2⤵
  PID:9516
- C:\Windows\System\UdPgYGA.exe
  C:\Windows\System\UdPgYGA.exe
  2⤵
  PID:9540
- C:\Windows\System\rgPoggp.exe
  C:\Windows\System\rgPoggp.exe
  2⤵
  PID:9564
- C:\Windows\System\SfEHWfv.exe
  C:\Windows\System\SfEHWfv.exe
  2⤵
  PID:9584
- C:\Windows\System\NWmkvTv.exe
  C:\Windows\System\NWmkvTv.exe
  2⤵
  PID:9624
- C:\Windows\System\iNJmoje.exe
  C:\Windows\System\iNJmoje.exe
  2⤵
  PID:9652
- C:\Windows\System\NiIbrJz.exe
  C:\Windows\System\NiIbrJz.exe
  2⤵
  PID:9680
- C:\Windows\System\VvgXlLp.exe
  C:\Windows\System\VvgXlLp.exe
  2⤵
  PID:9708
- C:\Windows\System\GLuuVzo.exe
  C:\Windows\System\GLuuVzo.exe
  2⤵
  PID:9732
- C:\Windows\System\khDbuXF.exe
  C:\Windows\System\khDbuXF.exe
  2⤵
  PID:9756
- C:\Windows\System\hMnVPsC.exe
  C:\Windows\System\hMnVPsC.exe
  2⤵
  PID:9820
- C:\Windows\System\WRqKKmG.exe
  C:\Windows\System\WRqKKmG.exe
  2⤵
  PID:9840
- C:\Windows\System\iQFYnZe.exe
  C:\Windows\System\iQFYnZe.exe
  2⤵
  PID:9864
- C:\Windows\System\NGpErEu.exe
  C:\Windows\System\NGpErEu.exe
  2⤵
  PID:9892
- C:\Windows\System\dJHkkOD.exe
  C:\Windows\System\dJHkkOD.exe
  2⤵
  PID:9940
- C:\Windows\System\bwqbBWc.exe
  C:\Windows\System\bwqbBWc.exe
  2⤵
  PID:9960
- C:\Windows\System\IKMTzzk.exe
  C:\Windows\System\IKMTzzk.exe
  2⤵
  PID:9984
- C:\Windows\System\diCXQuN.exe
  C:\Windows\System\diCXQuN.exe
  2⤵
  PID:10024
- C:\Windows\System\pQxlxtg.exe
  C:\Windows\System\pQxlxtg.exe
  2⤵
  PID:10104
- C:\Windows\System\MQOWuvA.exe
  C:\Windows\System\MQOWuvA.exe
  2⤵
  PID:10124
- C:\Windows\System\vcFRajA.exe
  C:\Windows\System\vcFRajA.exe
  2⤵
  PID:10152
- C:\Windows\System\rRvfSLf.exe
  C:\Windows\System\rRvfSLf.exe
  2⤵
  PID:10168
- C:\Windows\System\oodqXiT.exe
  C:\Windows\System\oodqXiT.exe
  2⤵
  PID:10196
- C:\Windows\System\FNnaDAL.exe
  C:\Windows\System\FNnaDAL.exe
  2⤵
  PID:10216
- C:\Windows\System\IaFIbbU.exe
  C:\Windows\System\IaFIbbU.exe
  2⤵
  PID:8884
- C:\Windows\System\TTmlBjh.exe
  C:\Windows\System\TTmlBjh.exe
  2⤵
  PID:9240
- C:\Windows\System\mtIyTZS.exe
  C:\Windows\System\mtIyTZS.exe
  2⤵
  PID:9268
- C:\Windows\System\MrpBsgz.exe
  C:\Windows\System\MrpBsgz.exe
  2⤵
  PID:9312
- C:\Windows\System\jTAvYId.exe
  C:\Windows\System\jTAvYId.exe
  2⤵
  PID:9384
- C:\Windows\System\tplxzYG.exe
  C:\Windows\System\tplxzYG.exe
  2⤵
  PID:9424
- C:\Windows\System\BydaGjj.exe
  C:\Windows\System\BydaGjj.exe
  2⤵
  PID:9500
- C:\Windows\System\zXXFTnz.exe
  C:\Windows\System\zXXFTnz.exe
  2⤵
  PID:9528
- C:\Windows\System\hPOxZuX.exe
  C:\Windows\System\hPOxZuX.exe
  2⤵
  PID:9700
- C:\Windows\System\FvxqnpT.exe
  C:\Windows\System\FvxqnpT.exe
  2⤵
  PID:9752
- C:\Windows\System\zHSwZZa.exe
  C:\Windows\System\zHSwZZa.exe
  2⤵
  PID:9776
- C:\Windows\System\lFtbkYQ.exe
  C:\Windows\System\lFtbkYQ.exe
  2⤵
  PID:9748
- C:\Windows\System\cIJCeSA.exe
  C:\Windows\System\cIJCeSA.exe
  2⤵
  PID:9888
- C:\Windows\System\OfPKHrv.exe
  C:\Windows\System\OfPKHrv.exe
  2⤵
  PID:9920
- C:\Windows\System\WLFrqnW.exe
  C:\Windows\System\WLFrqnW.exe
  2⤵
  PID:9992
- C:\Windows\System\ccZCHLU.exe
  C:\Windows\System\ccZCHLU.exe
  2⤵
  PID:10048
- C:\Windows\System\JgsnhFT.exe
  C:\Windows\System\JgsnhFT.exe
  2⤵
  PID:10068
- C:\Windows\System\eYwgXZg.exe
  C:\Windows\System\eYwgXZg.exe
  2⤵
  PID:10144
- C:\Windows\System\eZVsNVL.exe
  C:\Windows\System\eZVsNVL.exe
  2⤵
  PID:8428
- C:\Windows\System\IuTJuJc.exe
  C:\Windows\System\IuTJuJc.exe
  2⤵
  PID:9420
- C:\Windows\System\BoxdwMN.exe
  C:\Windows\System\BoxdwMN.exe
  2⤵
  PID:9392
- C:\Windows\System\nVNuOxp.exe
  C:\Windows\System\nVNuOxp.exe
  2⤵
  PID:9660
- C:\Windows\System\rGdpjiF.exe
  C:\Windows\System\rGdpjiF.exe
  2⤵
  PID:9804
- C:\Windows\System\yFhDUYf.exe
  C:\Windows\System\yFhDUYf.exe
  2⤵
  PID:9796
- C:\Windows\System\bNadSgB.exe
  C:\Windows\System\bNadSgB.exe
  2⤵
  PID:10000
- C:\Windows\System\ETAVgkA.exe
  C:\Windows\System\ETAVgkA.exe
  2⤵
  PID:10016
- C:\Windows\System\vRAspLU.exe
  C:\Windows\System\vRAspLU.exe
  2⤵
  PID:10180
- C:\Windows\System\mtjdcbg.exe
  C:\Windows\System\mtjdcbg.exe
  2⤵
  PID:9292
- C:\Windows\System\hYdXeAu.exe
  C:\Windows\System\hYdXeAu.exe
  2⤵
  PID:9744
- C:\Windows\System\EuOpPhA.exe
  C:\Windows\System\EuOpPhA.exe
  2⤵
  PID:10084
- C:\Windows\System\FRzDaOk.exe
  C:\Windows\System\FRzDaOk.exe
  2⤵
  PID:9476
- C:\Windows\System\qTdDpKW.exe
  C:\Windows\System\qTdDpKW.exe
  2⤵
  PID:10288
- C:\Windows\System\LaDcMRK.exe
  C:\Windows\System\LaDcMRK.exe
  2⤵
  PID:10308
- C:\Windows\System\EwYtmTU.exe
  C:\Windows\System\EwYtmTU.exe
  2⤵
  PID:10340
- C:\Windows\System\IFSegYT.exe
  C:\Windows\System\IFSegYT.exe
  2⤵
  PID:10372
- C:\Windows\System\MRONkAi.exe
  C:\Windows\System\MRONkAi.exe
  2⤵
  PID:10396
- C:\Windows\System\wCQoUmn.exe
  C:\Windows\System\wCQoUmn.exe
  2⤵
  PID:10416
- C:\Windows\System\iTENCoE.exe
  C:\Windows\System\iTENCoE.exe
  2⤵
  PID:10456
- C:\Windows\System\EoEHCAp.exe
  C:\Windows\System\EoEHCAp.exe
  2⤵
  PID:10484
- C:\Windows\System\CsUPrmH.exe
  C:\Windows\System\CsUPrmH.exe
  2⤵
  PID:10512
- C:\Windows\System\klpGGiJ.exe
  C:\Windows\System\klpGGiJ.exe
  2⤵
  PID:10532
- C:\Windows\System\doSToof.exe
  C:\Windows\System\doSToof.exe
  2⤵
  PID:10552
- C:\Windows\System\WxVxALp.exe
  C:\Windows\System\WxVxALp.exe
  2⤵
  PID:10596
- C:\Windows\System\VUUbSyt.exe
  C:\Windows\System\VUUbSyt.exe
  2⤵
  PID:10616
- C:\Windows\System\CbMRgOD.exe
  C:\Windows\System\CbMRgOD.exe
  2⤵
  PID:10644
- C:\Windows\System\FYkPCRV.exe
  C:\Windows\System\FYkPCRV.exe
  2⤵
  PID:10672
- C:\Windows\System\dRtBJoZ.exe
  C:\Windows\System\dRtBJoZ.exe
  2⤵
  PID:10704
- C:\Windows\System\rXWpgah.exe
  C:\Windows\System\rXWpgah.exe
  2⤵
  PID:10732
- C:\Windows\System\VhkEIRR.exe
  C:\Windows\System\VhkEIRR.exe
  2⤵
  PID:10752
- C:\Windows\System\zVsKKKp.exe
  C:\Windows\System\zVsKKKp.exe
  2⤵
  PID:10772
- C:\Windows\System\dnufFqa.exe
  C:\Windows\System\dnufFqa.exe
  2⤵
  PID:10800
- C:\Windows\System\mDxcYNo.exe
  C:\Windows\System\mDxcYNo.exe
  2⤵
  PID:10836
- C:\Windows\System\QvRHYqs.exe
  C:\Windows\System\QvRHYqs.exe
  2⤵
  PID:10856
- C:\Windows\System\Yvduixa.exe
  C:\Windows\System\Yvduixa.exe
  2⤵
  PID:10884
- C:\Windows\System\KZzlZTH.exe
  C:\Windows\System\KZzlZTH.exe
  2⤵
  PID:10904
- C:\Windows\System\ZxbSMir.exe
  C:\Windows\System\ZxbSMir.exe
  2⤵
  PID:10936
- C:\Windows\System\EjCVdLA.exe
  C:\Windows\System\EjCVdLA.exe
  2⤵
  PID:10952
- C:\Windows\System\VHkueta.exe
  C:\Windows\System\VHkueta.exe
  2⤵
  PID:11008
- C:\Windows\System\mRapSZZ.exe
  C:\Windows\System\mRapSZZ.exe
  2⤵
  PID:11028
- C:\Windows\System\zlnKkOx.exe
  C:\Windows\System\zlnKkOx.exe
  2⤵
  PID:11068
- C:\Windows\System\sjnDytM.exe
  C:\Windows\System\sjnDytM.exe
  2⤵
  PID:11088
- C:\Windows\System\xrtjCxI.exe
  C:\Windows\System\xrtjCxI.exe
  2⤵
  PID:11108
- C:\Windows\System\pngMBng.exe
  C:\Windows\System\pngMBng.exe
  2⤵
  PID:11148
- C:\Windows\System\FZgzXcl.exe
  C:\Windows\System\FZgzXcl.exe
  2⤵
  PID:11172
- C:\Windows\System\JmZXbXR.exe
  C:\Windows\System\JmZXbXR.exe
  2⤵
  PID:11192
- C:\Windows\System\fVLtUww.exe
  C:\Windows\System\fVLtUww.exe
  2⤵
  PID:11212
- C:\Windows\System\jnILcee.exe
  C:\Windows\System\jnILcee.exe
  2⤵
  PID:11244
- C:\Windows\System\TMgdsPy.exe
  C:\Windows\System\TMgdsPy.exe
  2⤵
  PID:10188
- C:\Windows\System\nJyEhRT.exe
  C:\Windows\System\nJyEhRT.exe
  2⤵
  PID:10300
- C:\Windows\System\MGNmMSp.exe
  C:\Windows\System\MGNmMSp.exe
  2⤵
  PID:10352
- C:\Windows\System\CxuuRdW.exe
  C:\Windows\System\CxuuRdW.exe
  2⤵
  PID:10412
- C:\Windows\System\ODCqajn.exe
  C:\Windows\System\ODCqajn.exe
  2⤵
  PID:10472
- C:\Windows\System\oTzKdeF.exe
  C:\Windows\System\oTzKdeF.exe
  2⤵
  PID:10540
- C:\Windows\System\rKhbNgE.exe
  C:\Windows\System\rKhbNgE.exe
  2⤵
  PID:10640
- C:\Windows\System\hDEmdUe.exe
  C:\Windows\System\hDEmdUe.exe
  2⤵
  PID:10696
- C:\Windows\System\qosofyi.exe
  C:\Windows\System\qosofyi.exe
  2⤵
  PID:10728
- C:\Windows\System\sHbRggk.exe
  C:\Windows\System\sHbRggk.exe
  2⤵
  PID:10768
- C:\Windows\System\GGeOKWY.exe
  C:\Windows\System\GGeOKWY.exe
  2⤵
  PID:10920
- C:\Windows\System\aVzDJMp.exe
  C:\Windows\System\aVzDJMp.exe
  2⤵
  PID:10976
- C:\Windows\System\RXSNCqt.exe
  C:\Windows\System\RXSNCqt.exe
  2⤵
  PID:11020
- C:\Windows\System\SkFtLhj.exe
  C:\Windows\System\SkFtLhj.exe
  2⤵
  PID:11104
- C:\Windows\System\gLcIjop.exe
  C:\Windows\System\gLcIjop.exe
  2⤵
  PID:11160
- C:\Windows\System\bBCuxkm.exe
  C:\Windows\System\bBCuxkm.exe
  2⤵
  PID:11184
- C:\Windows\System\UXMVFlu.exe
  C:\Windows\System\UXMVFlu.exe
  2⤵
  PID:11260
- C:\Windows\System\AYqXPXV.exe
  C:\Windows\System\AYqXPXV.exe
  2⤵
  PID:10268
- C:\Windows\System\oIEMwVV.exe
  C:\Windows\System\oIEMwVV.exe
  2⤵
  PID:10588
- C:\Windows\System\GAfSKeR.exe
  C:\Windows\System\GAfSKeR.exe
  2⤵
  PID:10664
- C:\Windows\System\xyMdFSV.exe
  C:\Windows\System\xyMdFSV.exe
  2⤵
  PID:10724
- C:\Windows\System\besmJdv.exe
  C:\Windows\System\besmJdv.exe
  2⤵
  PID:9128
- C:\Windows\System\eEIYoyn.exe
  C:\Windows\System\eEIYoyn.exe
  2⤵
  PID:11140
- C:\Windows\System\sZNpGnS.exe
  C:\Windows\System\sZNpGnS.exe
  2⤵
  PID:10368
- C:\Windows\System\vAqQVdx.exe
  C:\Windows\System\vAqQVdx.exe
  2⤵
  PID:10636
- C:\Windows\System\tyvLqWG.exe
  C:\Windows\System\tyvLqWG.exe
  2⤵
  PID:10948
- C:\Windows\System\zoYXfsz.exe
  C:\Windows\System\zoYXfsz.exe
  2⤵
  PID:10480
- C:\Windows\System\yAScRwL.exe
  C:\Windows\System\yAScRwL.exe
  2⤵
  PID:11268
- C:\Windows\System\aaIGMVc.exe
  C:\Windows\System\aaIGMVc.exe
  2⤵
  PID:11292
- C:\Windows\System\uUqcDwj.exe
  C:\Windows\System\uUqcDwj.exe
  2⤵
  PID:11312
- C:\Windows\System\bRtHxFx.exe
  C:\Windows\System\bRtHxFx.exe
  2⤵
  PID:11340
- C:\Windows\System\KkQeQvV.exe
  C:\Windows\System\KkQeQvV.exe
  2⤵
  PID:11360
- C:\Windows\System\LgRvBUv.exe
  C:\Windows\System\LgRvBUv.exe
  2⤵
  PID:11396
- C:\Windows\System\lNTxGgQ.exe
  C:\Windows\System\lNTxGgQ.exe
  2⤵
  PID:11444
- C:\Windows\System\mKfOWEK.exe
  C:\Windows\System\mKfOWEK.exe
  2⤵
  PID:11480
- C:\Windows\System\POHkwRU.exe
  C:\Windows\System\POHkwRU.exe
  2⤵
  PID:11508
- C:\Windows\System\alcIpzp.exe
  C:\Windows\System\alcIpzp.exe
  2⤵
  PID:11528
- C:\Windows\System\UxGFjio.exe
  C:\Windows\System\UxGFjio.exe
  2⤵
  PID:11548
- C:\Windows\System\sFXIwGK.exe
  C:\Windows\System\sFXIwGK.exe
  2⤵
  PID:11576
- C:\Windows\System\vfibYSm.exe
  C:\Windows\System\vfibYSm.exe
  2⤵
  PID:11616
- C:\Windows\System\gJuAsLX.exe
  C:\Windows\System\gJuAsLX.exe
  2⤵
  PID:11644
- C:\Windows\System\FFlBhcQ.exe
  C:\Windows\System\FFlBhcQ.exe
  2⤵
  PID:11664
- C:\Windows\System\xWfSWiw.exe
  C:\Windows\System\xWfSWiw.exe
  2⤵
  PID:11692
- C:\Windows\System\lHQrJey.exe
  C:\Windows\System\lHQrJey.exe
  2⤵
  PID:11728
- C:\Windows\System\jAaZesS.exe
  C:\Windows\System\jAaZesS.exe
  2⤵
  PID:11768
- C:\Windows\System\QzDXSwM.exe
  C:\Windows\System\QzDXSwM.exe
  2⤵
  PID:11788
- C:\Windows\System\BeoTWAG.exe
  C:\Windows\System\BeoTWAG.exe
  2⤵
  PID:11816
- C:\Windows\System\bMYkmzv.exe
  C:\Windows\System\bMYkmzv.exe
  2⤵
  PID:11844
- C:\Windows\System\WPGqoyc.exe
  C:\Windows\System\WPGqoyc.exe
  2⤵
  PID:11872
- C:\Windows\System\Frossby.exe
  C:\Windows\System\Frossby.exe
  2⤵
  PID:11896
- C:\Windows\System\PQaUbMd.exe
  C:\Windows\System\PQaUbMd.exe
  2⤵
  PID:11936
- C:\Windows\System\jEFvzSG.exe
  C:\Windows\System\jEFvzSG.exe
  2⤵
  PID:11956
- C:\Windows\System\YwHMcGz.exe
  C:\Windows\System\YwHMcGz.exe
  2⤵
  PID:11980
- C:\Windows\System\BbEYdhO.exe
  C:\Windows\System\BbEYdhO.exe
  2⤵
  PID:12000
- C:\Windows\System\LtRwMpQ.exe
  C:\Windows\System\LtRwMpQ.exe
  2⤵
  PID:12024
- C:\Windows\System\uUOkbsv.exe
  C:\Windows\System\uUOkbsv.exe
  2⤵
  PID:12052
- C:\Windows\System\mWZVUre.exe
  C:\Windows\System\mWZVUre.exe
  2⤵
  PID:12072
- C:\Windows\System\jIhtCqU.exe
  C:\Windows\System\jIhtCqU.exe
  2⤵
  PID:12096
- C:\Windows\System\wsIrEJM.exe
  C:\Windows\System\wsIrEJM.exe
  2⤵
  PID:12120
- C:\Windows\System\uqEvhip.exe
  C:\Windows\System\uqEvhip.exe
  2⤵
  PID:12164
- C:\Windows\System\kOXXSfP.exe
  C:\Windows\System\kOXXSfP.exe
  2⤵
  PID:12192
- C:\Windows\System\KGWGJwq.exe
  C:\Windows\System\KGWGJwq.exe
  2⤵
  PID:12224
- C:\Windows\System\FNUobNp.exe
  C:\Windows\System\FNUobNp.exe
  2⤵
  PID:12248
- C:\Windows\System\OksrSHP.exe
  C:\Windows\System\OksrSHP.exe
  2⤵
  PID:12268
- C:\Windows\System\WbRyenE.exe
  C:\Windows\System\WbRyenE.exe
  2⤵
  PID:10740
- C:\Windows\System\RlvgNdq.exe
  C:\Windows\System\RlvgNdq.exe
  2⤵
  PID:11284
- C:\Windows\System\ezevcRL.exe
  C:\Windows\System\ezevcRL.exe
  2⤵
  PID:11376
- C:\Windows\System\LpIzCAs.exe
  C:\Windows\System\LpIzCAs.exe
  2⤵
  PID:11432
- C:\Windows\System\DRfOWnT.exe
  C:\Windows\System\DRfOWnT.exe
  2⤵
  PID:11520
- C:\Windows\System\kjdzXXV.exe
  C:\Windows\System\kjdzXXV.exe
  2⤵
  PID:11612
- C:\Windows\System\HsgsUoe.exe
  C:\Windows\System\HsgsUoe.exe
  2⤵
  PID:11720
- C:\Windows\System\NAUqhiY.exe
  C:\Windows\System\NAUqhiY.exe
  2⤵
  PID:1468
- C:\Windows\System\ffhYQtH.exe
  C:\Windows\System\ffhYQtH.exe
  2⤵
  PID:5064
- C:\Windows\System\hVzyJeG.exe
  C:\Windows\System\hVzyJeG.exe
  2⤵
  PID:11868
- C:\Windows\System\KFnbvjE.exe
  C:\Windows\System\KFnbvjE.exe
  2⤵
  PID:11892
- C:\Windows\System\GXngKOc.exe
  C:\Windows\System\GXngKOc.exe
  2⤵
  PID:11972
- C:\Windows\System\kKKasgm.exe
  C:\Windows\System\kKKasgm.exe
  2⤵
  PID:12064
- C:\Windows\System\vMaUXPm.exe
  C:\Windows\System\vMaUXPm.exe
  2⤵
  PID:12036
- C:\Windows\System\FqkOLlX.exe
  C:\Windows\System\FqkOLlX.exe
  2⤵
  PID:12116
- C:\Windows\System\iXdaJXp.exe
  C:\Windows\System\iXdaJXp.exe
  2⤵
  PID:12236
- C:\Windows\System\UcpymLs.exe
  C:\Windows\System\UcpymLs.exe
  2⤵
  PID:12260
- C:\Windows\System\mBLLdaj.exe
  C:\Windows\System\mBLLdaj.exe
  2⤵
  PID:11392
- C:\Windows\System\VfUOUCb.exe
  C:\Windows\System\VfUOUCb.exe
  2⤵
  PID:11524
- C:\Windows\System\tlQtAAD.exe
  C:\Windows\System\tlQtAAD.exe
  2⤵
  PID:11688
- C:\Windows\System\iGFezrP.exe
  C:\Windows\System\iGFezrP.exe
  2⤵
  PID:11812
- C:\Windows\System\cbnnKgb.exe
  C:\Windows\System\cbnnKgb.exe
  2⤵
  PID:11952
- C:\Windows\System\tPPBsTI.exe
  C:\Windows\System\tPPBsTI.exe
  2⤵
  PID:12092
- C:\Windows\System\KvUxHuF.exe
  C:\Windows\System\KvUxHuF.exe
  2⤵
  PID:12276
- C:\Windows\System\MLPlIFl.exe
  C:\Windows\System\MLPlIFl.exe
  2⤵
  PID:11332
- C:\Windows\System\fyEZvjP.exe
  C:\Windows\System\fyEZvjP.exe
  2⤵
  PID:11780
- C:\Windows\System\VlwyaBs.exe
  C:\Windows\System\VlwyaBs.exe
  2⤵
  PID:12188
- C:\Windows\System\HjelWfm.exe
  C:\Windows\System\HjelWfm.exe
  2⤵
  PID:11632
- C:\Windows\System\QmjvQAT.exe
  C:\Windows\System\QmjvQAT.exe
  2⤵
  PID:12264
- C:\Windows\System\BydwMwr.exe
  C:\Windows\System\BydwMwr.exe
  2⤵
  PID:12312
- C:\Windows\System\MABDwpW.exe
  C:\Windows\System\MABDwpW.exe
  2⤵
  PID:12332
- C:\Windows\System\jhllMKl.exe
  C:\Windows\System\jhllMKl.exe
  2⤵
  PID:12348
- C:\Windows\System\bwymDNC.exe
  C:\Windows\System\bwymDNC.exe
  2⤵
  PID:12376
- C:\Windows\System\EiFoprl.exe
  C:\Windows\System\EiFoprl.exe
  2⤵
  PID:12404
- C:\Windows\System\ToDEdub.exe
  C:\Windows\System\ToDEdub.exe
  2⤵
  PID:12420
- C:\Windows\System\WTQFsHd.exe
  C:\Windows\System\WTQFsHd.exe
  2⤵
  PID:12476
- C:\Windows\System\EjEnCJo.exe
  C:\Windows\System\EjEnCJo.exe
  2⤵
  PID:12492
- C:\Windows\System\QwEoBQC.exe
  C:\Windows\System\QwEoBQC.exe
  2⤵
  PID:12516
- C:\Windows\System\lrUoEuv.exe
  C:\Windows\System\lrUoEuv.exe
  2⤵
  PID:12540
- C:\Windows\System\XHOlcMY.exe
  C:\Windows\System\XHOlcMY.exe
  2⤵
  PID:12556
- C:\Windows\System\nZtRHxY.exe
  C:\Windows\System\nZtRHxY.exe
  2⤵
  PID:12604
- C:\Windows\System\ptxbXuL.exe
  C:\Windows\System\ptxbXuL.exe
  2⤵
  PID:12636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_24xoiw3b.lhg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CCopooS.exe

Filesize
2.3MB

MD5
6055dadde7c687a3e196e38113b6b66e

SHA1
865071ba68a642e5b3c65eafd47376586d66b40e

SHA256
2d7fcf3896e3b8324170db010d334e4efdc81e839340d972a4bd9713c3b8726b

SHA512
4329d6bc92da8d07bdc51649594bb9a1994fd49ef2afb5656e3c084698b1a4ed6938241b8c6d3f0e411c326d95322279e1e86fbdbea9fa46a01544c15f2d9173

Download Submit
C:\Windows\System\CXtmSsZ.exe

Filesize
2.3MB

MD5
4b377a8564952986c5cca94611e88113

SHA1
650c52b8e7e898ba8b26967f4ba4035212c31f53

SHA256
29522431ad7c37d9daea63676aad92865bccd439b3775fb8b62627add1fcd488

SHA512
1e1bf1d11087d52d28524ae21c506d35eb006babc343cd4ab681719b3bb80e7415ea44d2632df263a7adaab6e7b0f85bdea7ca44c8165a65717a87e60fb179e4

Download Submit
C:\Windows\System\DgzrJCE.exe

Filesize
2.3MB

MD5
5561ef9c3287bf0ba6cf59c0038810ed

SHA1
f0fa696ef27bb7811ef2059be42814932ab64b04

SHA256
e812287763d13a79103c89389e59a8a69e65d6faaf9a0874827bf3c6999d135f

SHA512
c1abde6eeaaf1082b3ea56c083c13e8293d31d610b73d00c7d465da0c541a3dc0cb3c0f7a03e475aeefaa9f074d12675b77e3e634ebafda3033b072d79c9ae65

Download Submit
C:\Windows\System\EYWkDIC.exe

Filesize
2.3MB

MD5
a6a4311f41fd2a59fc2995a6e37fba59

SHA1
6d5b40451054a730a0e6316de86b4100da4b1502

SHA256
fc100448628e7e61b648ddb6dba56417a74c7f59146b5b67d0a3962275854ebd

SHA512
1b533b2696943238eadbdec8b4fefa3b51affa326138c1e82cfd9ee3a2a6a352e1adedb6ea58c72b787d9958594b97c1798aa7a4bbd6f0f9dae6c313ee086be3

Download Submit
C:\Windows\System\EwdOMir.exe

Filesize
2.3MB

MD5
dd36fe037dff1ae14d9dc64dd673dbdd

SHA1
18ec2eb951aaf3ad8537645a96dfaed4fe5bf2c2

SHA256
73af59b6266b7b0d113f492313379e29481c8ce6e88684fdedcdfb374fc1999a

SHA512
584a757b78a6baca7dae76e47a806e6e08b22ef93db8bf11fe612937e1ef1ad592c172ae5cca0638aa0c4167e791f4eafb792e14b1c26d9c66d75537d0ec124b

Download Submit
C:\Windows\System\FvLIrCa.exe

Filesize
2.3MB

MD5
3789618591b300197bfa4a2b4ad72cd6

SHA1
00d123d0f02b076b1f48116b79d4abc5ed376f99

SHA256
8eaa27bc310aed22fd0afdcd3c4ad8e29cd8f610a63000824c4f0581529bc230

SHA512
e0e6a1cb20839d647a21ff173568d0e7e5e43eadfbc84e7af4e55b9c86ad4a7a48989a6eff97234231d4ba84b3135fad6ed27c0345fcc2b84e17640a63303814

Download Submit
C:\Windows\System\GMyjTPG.exe

Filesize
2.3MB

MD5
f27968819c2dfad48db2ecf6a7cbb042

SHA1
31fad816c178d22d24c728a725418979950400f3

SHA256
5ae39cdd59199248b6f575d02c64bfd4feaad21830d97e753c0aef9d5356242b

SHA512
47d672e36aa9eb5a8751ce11d54adb8ea4e94640558c25eac7d76ede28dcae114d5b28ebf787d41cab9d6675a030b7faca0d61d0fcc5e229d582feec121be559

Download Submit
C:\Windows\System\LOJqKLL.exe

Filesize
2.3MB

MD5
314656831fbdac8ddf40916405bee9dd

SHA1
5f67a51a5cac5742e7e91257dadcfe0e65c8b501

SHA256
3bec3208296cab1dfc35ba2b29b9119dfaeb4c07e8006189ffc52c4b045df6e2

SHA512
23cb8d673fe72189a1753f60cb54ea10b4c035d66a0461d97ed4f25a54d15640f8866d0e5d233693923ea4e5d084b9620be2e32ee166de211ce8b627bc78fe12

Download Submit
C:\Windows\System\NVaJmbe.exe

Filesize
2.3MB

MD5
2ea78521a199a52b0784e2eaff322497

SHA1
3b4ddb902210518c4cbe04bda2873bf1f70577b8

SHA256
15546109263a9c52a57c38a8348f206d85d06063dccebdc4d253ac00fda20fa6

SHA512
bc4219e17111cf9eea16482983cfec336508e82a36c257f0d242f814d8833994f07576a188d7f144978010b6bb9ae3aacceb1ab7c06c1dee1c2624ca7d5bbdcb

Download Submit
C:\Windows\System\NgWcojS.exe

Filesize
2.3MB

MD5
8feebf7344b19978edfbb14dc30f7222

SHA1
2aafd3129410903b9ad69ea8ddc3abd37ca4b468

SHA256
b0c04b0b6d6e8b59da09d57cb61e844fcff5f1e2462a02ce19a1b4f270d52437

SHA512
8d8289f008ef5003c4de5a7343b83e787eb2ec062d7573a85401c224169bcbe9b37f53ea9d9c93f385f611e202949ca5af2ec0ac3c60313a382de390d9714885

Download Submit
C:\Windows\System\PTHfpmI.exe

Filesize
2.3MB

MD5
f713aed79868318acbff490bc2e7a174

SHA1
fa26ac18d9a0692e80a7c7fae3bdc659149317db

SHA256
8312009e241f3f0c57d7c69bd81cb2fbec6a827b7f9c3addb4cb9a5631877769

SHA512
bfb77a7ecf1d99a0c82d4e19a77be751b1106d0403362685d09a76575128d15e363f4cc4cad5da7c1416b5f3182b6d8f8090c2331ef2298ede44fa5c9679f990

Download Submit
C:\Windows\System\SFbHqfF.exe

Filesize
2.3MB

MD5
ec904ae9c82ce53819f58b264834ba33

SHA1
cb565bec8bd1401441c27b3b1bc60c4c5b0170ee

SHA256
b2ddfe229705d82c547f3c6899121b2b63d92e299c6cda4a01de889e7e6829ed

SHA512
880d308c339a359d6b67b72887e14376ba519a53a2ddfb34fbc2f4eabb3dafbd279a1f3424424b8850eaabd671c8f702f0d4fbbb9a32acfced8940b7a09d8082

Download Submit
C:\Windows\System\SmXiMMc.exe

Filesize
2.3MB

MD5
a95bfffbdf9b6f4e0135e90ae37c9b46

SHA1
ec2093bf4dc4014ec7902d93051a2d69d95053ab

SHA256
e4a7bedd0a06f6d6828eacbf10dd0b51226f5014f00d0d787384330c9afa21aa

SHA512
3acd5c1bb692e39a131f9074181484e62af4ccc4245cfccbeda82232d620228a4078fb54fb0ded06b07d54f56b7512d6d06e1fc2dd04d9d65470e06a14abdca8

Download Submit
C:\Windows\System\TxHyqEZ.exe

Filesize
2.3MB

MD5
f63e46872c05c064ec70efe1c97c8810

SHA1
712df48082b3b36e424cb60dc21e36bc55fcf17a

SHA256
f6b0f01357a41a56875abc6959942ca539d41a1812201f120185af2f2d8b65ec

SHA512
cd44354ce044b5174fb7e0423dc18ce387c198fb333b1713d6b372bf77ec3d49e003f6e333a27daf67d00b2168361626dd03c776ccda69814c4aae07b40f1ba7

Download Submit
C:\Windows\System\UQpIrIh.exe

Filesize
2.3MB

MD5
f5ea6be438acfc6d7d5b5e2f40f245a0

SHA1
e1a195042a9a560dd3a854a7086b52e15c9e907d

SHA256
461ab2d18ac114a9375e694cb5ca8914189bd4622f530aa1daa91c3e815d88e8

SHA512
2271cdc4bcf1330cf387632ca55d4cd93fb78be31524f87b7ea3b1e6b1b85b2a12e854f35c70dbe327853a0222dc5bce785d119b4de6a150a3ad63c865a2b5f9

Download Submit
C:\Windows\System\WYyGItD.exe

Filesize
2.3MB

MD5
63f64d8f31c85d3b1b6783d5422c4c12

SHA1
b4e56053d49929b1372d6faa20decb78eebe79c9

SHA256
282cce8d109f47ac3b921aadaed53da967de75a647d7db954cd22aa9dcc07a7e

SHA512
af980b0fa76db2251a44707f75c96d09152ad42b270d1e7424d06bfa13752840609befd48a99c025e20181bde59464772336c37d45714c2e49f5f044d270b522

Download Submit
C:\Windows\System\WbbsqJm.exe

Filesize
2.3MB

MD5
ee4dd4229ea0c29c2a3bc3d0716729bf

SHA1
d8950c3da15ea382320dcb919335a5b0d8156f93

SHA256
3b15aac9ce74766063817858c5420d650eb7bc7ecd5bdb007b74e0d887130e04

SHA512
47502dddba2d610c303661555ec1ca169af6dde5c3651a4ce991cbb8e79624f727c01163de64b4248e5b9a936a55b935e3ec58dd4d22524adaad048fb1fee278

Download Submit
C:\Windows\System\YupSfHH.exe

Filesize
2.3MB

MD5
751faf6d41d63f765a1dd2b01624cc7d

SHA1
efb4ab215381c9e9b9e5733d440f89de75730dfe

SHA256
8e2f9087f093485ef5f8e4b53a462fc4e7ae840877d5e9b221ea451e9773646a

SHA512
34e59e9fb914b77f2755ee8e0a1d20520a2b1aebdb762af04ae6a7320629a781d7199099b2ec43fe14326531147a7e978e060ad7ed929ac64ae1d53db09c759c

Download Submit
C:\Windows\System\ZiLbPds.exe

Filesize
2.3MB

MD5
9ee891f7e60aeefa7a765deedc6a30b4

SHA1
50fc11943e6d628f1a21a7e230bbe9e2762012f8

SHA256
86cc27dcc88b7a68f9efc1e02f3c8a7bc53291338b7eab7ee3bd3e9784232760

SHA512
9bd193c867b4f7699be6552ef2345ffca6eb6cf1f8f0f82ed4454c2c4044d1ca1f54b03090bf55457f0324af36977e730d4e6047e722571a0cf621f8aaad4213

Download Submit
C:\Windows\System\aoBDfDU.exe

Filesize
2.3MB

MD5
7eff3352805ddd2fe20396753be6ca18

SHA1
6f284cdfe5d0dad797811c72122f612baa98901b

SHA256
7c718096a80b9f613e9894f113cb9fdd1b6af1f489093499c33926fb2fc2412f

SHA512
ab515ed02214d84a48aae0a917386615c3963d121b339b9a225b8dffd77e4a978716dd5588cbe74e51d6f5e02cc83065d643e425b8c6b8487e4d530eff990db2

Download Submit
C:\Windows\System\dCQeqck.exe

Filesize
2.3MB

MD5
8d992574200db5b2617f43069759734a

SHA1
c02d86c3ab9473e84ada1de5cd48e3c9feaba566

SHA256
865486edcd502e4ed7d66b5b3aa934472534acf8c7d43e02e5e839e755516b95

SHA512
6aadad4fbe3a22c63521c7b7062dd3de54ece02266c344fbc4c17ac144a9967a91a6264f25b6fa706a2bba6097ecc1cc357d892878b29511deea78051782fdea

Download Submit
C:\Windows\System\dNEUreh.exe

Filesize
8B

MD5
1855a32bc20d82a1da2b5edf8967f4e6

SHA1
25928e56f89ec28b56047592b93000c1d36e2a23

SHA256
197265335822dae03e837ac88a16d32bf68b201da4bc921af00edba259c1267c

SHA512
6ba43273aa11ef21001bd21641b2cb12d306e904aaff29ff56a8c7b3eadaaec0f04afabf47cd7eb2a1a7b9c79f098b4d11d9a442d2048486e96355d7914a5e67

Download Submit
C:\Windows\System\eZGrcOI.exe

Filesize
2.3MB

MD5
e886bfcc9d4ac4abd66681aaf3d4ae7d

SHA1
0251e9bb47c3f1ff4504e9fffb4a640347e9b330

SHA256
d163982a63e6a199a35848b0f596bb18f4c77cce7457f9a46577406b2f13e379

SHA512
1fa34cdde015c38756013d8a897e74832fa43f092165302425185b946345c3dacc087f1ee07643b792f39f43545dfd28f78ad5fadaccf41225687dae1c38c5bc

Download Submit
C:\Windows\System\fnWwfUW.exe

Filesize
2.3MB

MD5
26335dfccc497e742ac80d8cfdd5ef2f

SHA1
f39885278b466dee8c8338aaa13ac76b96ea5e66

SHA256
57c5a8faeb8f3793a1b1d52d32e7d2367b812cfab06ba77b4b9e3460ed58f1b7

SHA512
a2f607f14f77b02779cd9d50d42ffd3f44b821c3a05a05155c403545e38818f0aa1f52a4b47ff9c7199fe449c8f826d2c9b3075b72055baa80e677103f68811f

Download Submit
C:\Windows\System\fpQtQEK.exe

Filesize
2.3MB

MD5
6eefd2929d974e6cf336ec84bad3aaa9

SHA1
7006260e0522f8e66eaf24e49f4f716e37b97927

SHA256
124c5b642b3beb6cb4e607f8c96e75a8830b6fe9d9af9363d1146e81c8ed0a8b

SHA512
fa96177c90d36fc8a736b54d53b6e923f91b35ade3cd28d71d4f707838aaac91776549b713ffdaaf99912cd79c827b550bd5850fc04f806a299c3f6d88b31b56

Download Submit
C:\Windows\System\frAHjLM.exe

Filesize
2.3MB

MD5
9a25e5046130b2208b7a46b025a49782

SHA1
7ad849945cffe5f2d52665c7c9d5657e5778fb58

SHA256
97e5790bbc1ad37ebf536fee0efc82b99334edaf1df31ccf4a77e3c229008dfb

SHA512
ae23b516bd3075f6acf237a448c4b61e3a764905ffc4cb2865a59af651799af3646e701e1522990739ee550bdfe27f16ec578d1c642d08bc7cd3a5d3b73f2b09

Download Submit
C:\Windows\System\kXCDoVu.exe

Filesize
2.3MB

MD5
6e646155ae88924eacb9deb6f6776d14

SHA1
4a89c3292a682d51d132a59ea40f318ebe56b93f

SHA256
bcf8df5b3d9988f57055f3cd63549d74143bd0ca643590de28caff6a29fa5cae

SHA512
7b16a4e518951d1a778714de4cd0ae15b44cf1d022b875f634264cdb046b884c4751b3a391a8c4e1b5422ab098b2be0627d6947df9ab235e1302411c31643745

Download Submit
C:\Windows\System\lXYbvSE.exe

Filesize
2.3MB

MD5
6f04b9efb7f9758b0d9dfb71a6348bc0

SHA1
f87fed174dccbafd89bdb5b222d6772fd4fd6111

SHA256
5c790f51ece98ce5844e156f5699c0f6e3fedb84888c52205846369778cfd05c

SHA512
856fc64f7162f494759d223409cf6f709b084e772d8fe50532a4aab12f497efeaa1c29bd5306860afcabe6c17d189aaf24e632c230f7b7a21649479b115f1a50

Download Submit
C:\Windows\System\nhClCUU.exe

Filesize
2.3MB

MD5
cbe99b0fdcf7f3ab7df5c8d7382b8067

SHA1
3e29f3ae2a2dc7e2104605097f1cb1fe014c5508

SHA256
a8a407f0d8f07391932ca18a8e73581e71634a6a4f6651f6ac24ee5cf0919a2b

SHA512
0598b4e5007ab8b126b967f32253dfc57604ecbbf9d9b4cca5eab9a3a927f4cc9b1b5635b019eae579a10bc497f393fc2a62b41c44651d92c7a3086d540b1d2e

Download Submit
C:\Windows\System\rYfuLSO.exe

Filesize
2.3MB

MD5
f2444a3465ef96a43f2eb98630c7004f

SHA1
06718ad8164f0f0fde9163bea244642d732a279c

SHA256
6de90324e8ecc8ae81a30364904b8e180527c778abf397c29900e1d6af1450bf

SHA512
9e8799ebd2430519159ed70aafe4a4bc4c81f8b551a49d9a64f0b1bc40bb280c12d7e38756a2f9241273ce63e36be3fa4059df1720bbbeb37e8d849debaa04bc

Download Submit
C:\Windows\System\uoIWgqk.exe

Filesize
2.3MB

MD5
9349baf04d951b5d0801567e1cf4db78

SHA1
da98ff428313f7b6bbccd37002eee122b22b0d7b

SHA256
cbba86ea349ad24bd51d10589bece77a322deef13d9b5553aa9586bb82f3c979

SHA512
d2d968a39e99e497db41127ffee17a4e63f17fc1ba942384566d6b8be6e365e908dc6fd67606d68f7db7d7f2e26dc82b39a090952f173fdc469ac56373403b8a

Download Submit
C:\Windows\System\vmlDNNY.exe

Filesize
2.3MB

MD5
fd3371025f9e29e3ca4c216a7e6de9ec

SHA1
9165d60e3576820b7ad67e204fb92b71e9a878bd

SHA256
1b8ae17c8f5dc8aba13f143ce7e6a90cd56cec7b4cbc948ecfa1b114a90b192f

SHA512
e72f9bc939fe58c68ed5f754077578212515b8b8e7b9b42c321be511f7f35b488bed4b1058a5adcf9481b8b17ffee63308f47d6788ac277c95489b82309ea8c3

Download Submit
C:\Windows\System\yYGhMuZ.exe

Filesize
2.3MB

MD5
26783af97b8d9a608cf2f2684b48d9d9

SHA1
32f5e83fd0ee5d3c9012418e8c00eb1a2903ae6e

SHA256
5f7bd0038503121e37a5caaae46da57420b2d36d3e10d2f245f1131638b00747

SHA512
042894126bca983149fe3ab23e52146a33a906fc5a889ae4d267e6da64f9c64b50ca6bff4b29b0a205fa2948d846da18cc334430957842d0d6cda023275bfbc7

Download Submit
C:\Windows\System\yoVVSkb.exe

Filesize
2.3MB

MD5
50e81e3dcce8797d6f9ed1b5b0e61011

SHA1
63a916ba9fe693edfcc9c6a95860b487135c624f

SHA256
56eba8ae0e826645cf54ecf20efeba72529f0d2bc52bec95b6edb4f27ad296f6

SHA512
c72d264c64b78523e224fd9347b383a8b938a63fa68e4ee14bd3c533c2b2a391e0b724f644a6c87b2f066e527a00c4c58563ebb3c55920eeeb20bb5fa1322a43

Download Submit
memory/628-2193-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp

Filesize
3.9MB

Download
memory/628-2201-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp

Filesize
3.9MB

Download
memory/628-25-0x00007FF6000B0000-0x00007FF6004A2000-memory.dmp

Filesize
3.9MB

Download
memory/780-442-0x00007FF618670000-0x00007FF618A62000-memory.dmp

Filesize
3.9MB

Download
memory/780-2240-0x00007FF618670000-0x00007FF618A62000-memory.dmp

Filesize
3.9MB

Download
memory/1036-438-0x00007FF74A2E0000-0x00007FF74A6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1036-2224-0x00007FF74A2E0000-0x00007FF74A6D2000-memory.dmp

Filesize
3.9MB

Download
memory/1284-2211-0x00007FF7ECAA0000-0x00007FF7ECE92000-memory.dmp

Filesize
3.9MB

Download
memory/1284-433-0x00007FF7ECAA0000-0x00007FF7ECE92000-memory.dmp

Filesize
3.9MB

Download
memory/1296-2216-0x00007FF7E7AF0000-0x00007FF7E7EE2000-memory.dmp

Filesize
3.9MB

Download
memory/1296-472-0x00007FF7E7AF0000-0x00007FF7E7EE2000-memory.dmp

Filesize
3.9MB

Download
memory/1316-436-0x00007FF77ECE0000-0x00007FF77F0D2000-memory.dmp

Filesize
3.9MB

Download
memory/1316-2230-0x00007FF77ECE0000-0x00007FF77F0D2000-memory.dmp

Filesize
3.9MB

Download
memory/1736-437-0x00007FF6DCF50000-0x00007FF6DD342000-memory.dmp

Filesize
3.9MB

Download
memory/1736-2225-0x00007FF6DCF50000-0x00007FF6DD342000-memory.dmp

Filesize
3.9MB

Download
memory/1896-459-0x00007FF766E40000-0x00007FF767232000-memory.dmp

Filesize
3.9MB

Download
memory/1896-2205-0x00007FF766E40000-0x00007FF767232000-memory.dmp

Filesize
3.9MB

Download
memory/1904-473-0x00007FF7505A0000-0x00007FF750992000-memory.dmp

Filesize
3.9MB

Download
memory/1904-2232-0x00007FF7505A0000-0x00007FF750992000-memory.dmp

Filesize
3.9MB

Download
memory/2300-2209-0x00007FF6802D0000-0x00007FF6806C2000-memory.dmp

Filesize
3.9MB

Download
memory/2300-430-0x00007FF6802D0000-0x00007FF6806C2000-memory.dmp

Filesize
3.9MB

Download
memory/2496-2250-0x00007FF64A430000-0x00007FF64A822000-memory.dmp

Filesize
3.9MB

Download
memory/2496-452-0x00007FF64A430000-0x00007FF64A822000-memory.dmp

Filesize
3.9MB

Download
memory/2724-431-0x00007FF7A8A50000-0x00007FF7A8E42000-memory.dmp

Filesize
3.9MB

Download
memory/2724-2219-0x00007FF7A8A50000-0x00007FF7A8E42000-memory.dmp

Filesize
3.9MB

Download
memory/2932-2228-0x00007FF668E10000-0x00007FF669202000-memory.dmp

Filesize
3.9MB

Download
memory/2932-435-0x00007FF668E10000-0x00007FF669202000-memory.dmp

Filesize
3.9MB

Download
memory/2956-2242-0x00007FF6E3540000-0x00007FF6E3932000-memory.dmp

Filesize
3.9MB

Download
memory/2956-441-0x00007FF6E3540000-0x00007FF6E3932000-memory.dmp

Filesize
3.9MB

Download
memory/3256-10-0x00007FFDAEF30000-0x00007FFDAF9F1000-memory.dmp

Filesize
10.8MB

Download
memory/3256-22-0x0000025DF70B0000-0x0000025DF70D2000-memory.dmp

Filesize
136KB

Download
memory/3256-2191-0x00007FFDAEF33000-0x00007FFDAEF35000-memory.dmp

Filesize
8KB

Download
memory/3256-2192-0x00007FFDAEF30000-0x00007FFDAF9F1000-memory.dmp

Filesize
10.8MB

Download
memory/3256-3-0x00007FFDAEF33000-0x00007FFDAEF35000-memory.dmp

Filesize
8KB

Download
memory/3256-2194-0x00007FFDAEF30000-0x00007FFDAF9F1000-memory.dmp

Filesize
10.8MB

Download
memory/3256-329-0x0000025DF7C40000-0x0000025DF83E6000-memory.dmp

Filesize
7.6MB

Download
memory/3256-40-0x00007FFDAEF30000-0x00007FFDAF9F1000-memory.dmp

Filesize
10.8MB

Download
memory/3556-443-0x00007FF74CE70000-0x00007FF74D262000-memory.dmp

Filesize
3.9MB

Download
memory/3556-2238-0x00007FF74CE70000-0x00007FF74D262000-memory.dmp

Filesize
3.9MB

Download
memory/3988-2233-0x00007FF6F64C0000-0x00007FF6F68B2000-memory.dmp

Filesize
3.9MB

Download
memory/3988-448-0x00007FF6F64C0000-0x00007FF6F68B2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-440-0x00007FF6A21F0000-0x00007FF6A25E2000-memory.dmp

Filesize
3.9MB

Download
memory/4092-2244-0x00007FF6A21F0000-0x00007FF6A25E2000-memory.dmp

Filesize
3.9MB

Download
memory/4132-432-0x00007FF7649E0000-0x00007FF764DD2000-memory.dmp

Filesize
3.9MB

Download
memory/4132-2214-0x00007FF7649E0000-0x00007FF764DD2000-memory.dmp

Filesize
3.9MB

Download
memory/4244-1-0x00000247FCBC0000-0x00000247FCBD0000-memory.dmp

Filesize
64KB

Download
memory/4244-0-0x00007FF7AFA60000-0x00007FF7AFE52000-memory.dmp

Filesize
3.9MB

Download
memory/4344-444-0x00007FF65E230000-0x00007FF65E622000-memory.dmp

Filesize
3.9MB

Download
memory/4344-2236-0x00007FF65E230000-0x00007FF65E622000-memory.dmp

Filesize
3.9MB

Download
memory/4436-2203-0x00007FF730440000-0x00007FF730832000-memory.dmp

Filesize
3.9MB

Download
memory/4436-48-0x00007FF730440000-0x00007FF730832000-memory.dmp

Filesize
3.9MB

Download
memory/4564-2221-0x00007FF6F7A30000-0x00007FF6F7E22000-memory.dmp

Filesize
3.9MB

Download
memory/4564-434-0x00007FF6F7A30000-0x00007FF6F7E22000-memory.dmp

Filesize
3.9MB

Download
memory/4572-59-0x00007FF766A40000-0x00007FF766E32000-memory.dmp

Filesize
3.9MB

Download
memory/4572-2208-0x00007FF766A40000-0x00007FF766E32000-memory.dmp

Filesize
3.9MB

Download
memory/4716-2245-0x00007FF7AF080000-0x00007FF7AF472000-memory.dmp

Filesize
3.9MB

Download
memory/4716-439-0x00007FF7AF080000-0x00007FF7AF472000-memory.dmp

Filesize
3.9MB

Download
memory/5112-468-0x00007FF6CAF00000-0x00007FF6CB2F2000-memory.dmp

Filesize
3.9MB

Download
memory/5112-2218-0x00007FF6CAF00000-0x00007FF6CB2F2000-memory.dmp

Filesize
3.9MB

Download