xmrig | 17654c51b99655a61371071e1a4212726654bc8e80e086444d53047f81bf08a0

Analysis

max time kernel
115s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 13:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f8b37019d038ac900b133252ac204470N.exe
Size

1.9MB
MD5

f8b37019d038ac900b133252ac204470
SHA1

11dce81101a0b696e0063f89be11299815a98261
SHA256

17654c51b99655a61371071e1a4212726654bc8e80e086444d53047f81bf08a0
SHA512

1ee2884605022b48de5f543a8f2af2342448abae59b0caaa2805a25d15c9c0fea78fafba31b6f12c649de6a25d1465595e2d5ae1dc78c1f9bc8d230e207b107a
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNI/TQ9f27dvapbkS+rvWYs4O:Lz071uv4BPMkFfdk2a2yKmks

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/4040-18-0x00007FF659230000-0x00007FF659622000-memory.dmp	xmrig
behavioral2/memory/4752-206-0x00007FF7E3110000-0x00007FF7E3502000-memory.dmp	xmrig
behavioral2/memory/1856-278-0x00007FF6F0570000-0x00007FF6F0962000-memory.dmp	xmrig
behavioral2/memory/2768-296-0x00007FF664290000-0x00007FF664682000-memory.dmp	xmrig
behavioral2/memory/804-300-0x00007FF714B10000-0x00007FF714F02000-memory.dmp	xmrig
behavioral2/memory/3796-299-0x00007FF6F58F0000-0x00007FF6F5CE2000-memory.dmp	xmrig
behavioral2/memory/4292-298-0x00007FF7869B0000-0x00007FF786DA2000-memory.dmp	xmrig
behavioral2/memory/3044-297-0x00007FF730840000-0x00007FF730C32000-memory.dmp	xmrig
behavioral2/memory/4236-295-0x00007FF66BF00000-0x00007FF66C2F2000-memory.dmp	xmrig
behavioral2/memory/3872-294-0x00007FF609450000-0x00007FF609842000-memory.dmp	xmrig
behavioral2/memory/1492-293-0x00007FF754060000-0x00007FF754452000-memory.dmp	xmrig
behavioral2/memory/2416-292-0x00007FF6EC370000-0x00007FF6EC762000-memory.dmp	xmrig
behavioral2/memory/1736-291-0x00007FF718AA0000-0x00007FF718E92000-memory.dmp	xmrig
behavioral2/memory/4272-290-0x00007FF765CA0000-0x00007FF766092000-memory.dmp	xmrig
behavioral2/memory/2796-289-0x00007FF6FA3C0000-0x00007FF6FA7B2000-memory.dmp	xmrig
behavioral2/memory/2868-288-0x00007FF6432E0000-0x00007FF6436D2000-memory.dmp	xmrig
behavioral2/memory/1192-275-0x00007FF72BD90000-0x00007FF72C182000-memory.dmp	xmrig
behavioral2/memory/3324-197-0x00007FF76B6C0000-0x00007FF76BAB2000-memory.dmp	xmrig
behavioral2/memory/2096-194-0x00007FF6FD770000-0x00007FF6FDB62000-memory.dmp	xmrig
behavioral2/memory/4980-1846-0x00007FF671BA0000-0x00007FF671F92000-memory.dmp	xmrig
behavioral2/memory/4204-2118-0x00007FF70C160000-0x00007FF70C552000-memory.dmp	xmrig
behavioral2/memory/2364-2123-0x00007FF792600000-0x00007FF7929F2000-memory.dmp	xmrig
behavioral2/memory/2884-2121-0x00007FF687E90000-0x00007FF688282000-memory.dmp	xmrig
behavioral2/memory/1508-2120-0x00007FF6AECD0000-0x00007FF6AF0C2000-memory.dmp	xmrig
behavioral2/memory/5016-2132-0x00007FF7AE4C0000-0x00007FF7AE8B2000-memory.dmp	xmrig
behavioral2/memory/4040-2217-0x00007FF659230000-0x00007FF659622000-memory.dmp	xmrig
behavioral2/memory/4204-2219-0x00007FF70C160000-0x00007FF70C552000-memory.dmp	xmrig
behavioral2/memory/2768-2221-0x00007FF664290000-0x00007FF664682000-memory.dmp	xmrig
behavioral2/memory/5016-2227-0x00007FF7AE4C0000-0x00007FF7AE8B2000-memory.dmp	xmrig
behavioral2/memory/3044-2225-0x00007FF730840000-0x00007FF730C32000-memory.dmp	xmrig
behavioral2/memory/1508-2224-0x00007FF6AECD0000-0x00007FF6AF0C2000-memory.dmp	xmrig
behavioral2/memory/3796-2229-0x00007FF6F58F0000-0x00007FF6F5CE2000-memory.dmp	xmrig
behavioral2/memory/4292-2247-0x00007FF7869B0000-0x00007FF786DA2000-memory.dmp	xmrig
behavioral2/memory/2884-2244-0x00007FF687E90000-0x00007FF688282000-memory.dmp	xmrig
behavioral2/memory/2364-2246-0x00007FF792600000-0x00007FF7929F2000-memory.dmp	xmrig
behavioral2/memory/2096-2245-0x00007FF6FD770000-0x00007FF6FDB62000-memory.dmp	xmrig
behavioral2/memory/3872-2264-0x00007FF609450000-0x00007FF609842000-memory.dmp	xmrig
behavioral2/memory/2416-2277-0x00007FF6EC370000-0x00007FF6EC762000-memory.dmp	xmrig
behavioral2/memory/4236-2270-0x00007FF66BF00000-0x00007FF66C2F2000-memory.dmp	xmrig
behavioral2/memory/1492-2268-0x00007FF754060000-0x00007FF754452000-memory.dmp	xmrig
behavioral2/memory/2868-2262-0x00007FF6432E0000-0x00007FF6436D2000-memory.dmp	xmrig
behavioral2/memory/1856-2260-0x00007FF6F0570000-0x00007FF6F0962000-memory.dmp	xmrig
behavioral2/memory/1192-2257-0x00007FF72BD90000-0x00007FF72C182000-memory.dmp	xmrig
behavioral2/memory/1736-2255-0x00007FF718AA0000-0x00007FF718E92000-memory.dmp	xmrig
behavioral2/memory/3324-2254-0x00007FF76B6C0000-0x00007FF76BAB2000-memory.dmp	xmrig
behavioral2/memory/4272-2252-0x00007FF765CA0000-0x00007FF766092000-memory.dmp	xmrig
behavioral2/memory/4752-2248-0x00007FF7E3110000-0x00007FF7E3502000-memory.dmp	xmrig
behavioral2/memory/2796-2266-0x00007FF6FA3C0000-0x00007FF6FA7B2000-memory.dmp	xmrig
behavioral2/memory/804-2357-0x00007FF714B10000-0x00007FF714F02000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
5	1100	powershell.exe
9	1100	powershell.exe
11	1100	powershell.exe
12	1100	powershell.exe
14	1100	powershell.exe
25	1100	powershell.exe
26	1100	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1100	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4040	RYGqHoF.exe
4204	fabVlcE.exe
2768	WMEimkY.exe
3044	FnyjmDP.exe
5016	CfabLVv.exe
1508	JfGPGJR.exe
4292	ZdNisom.exe
2884	iEhugWz.exe
2364	OsAvebh.exe
2096	JGyIWbl.exe
3324	WmHYzBa.exe
4752	TiGyQZv.exe
1192	QMSnXwQ.exe
3796	nJhceAQ.exe
1856	TveAZdp.exe
2868	CoJyZlr.exe
2796	JqjRPQF.exe
4272	kNUcIPu.exe
1736	EKQVaap.exe
804	jLiMVQp.exe
2416	lPdURZK.exe
1492	xYxIWIZ.exe
3872	jFPqEib.exe
4236	owZLgfb.exe
1344	wrXMlqi.exe
716	uHgKUbi.exe
1020	pnzVtkD.exe
3628	BbqJzsT.exe
2576	VuvRyZB.exe
3128	HsRtnBd.exe
3180	wazwEFT.exe
2100	VKqxxLF.exe
4440	GdzrbNk.exe
4500	jHvYazA.exe
2504	aqjwnFw.exe
1132	BSYgLNb.exe
4328	yhXeRHe.exe
4088	HgRBJDp.exe
3592	lugqkGG.exe
3392	TxPGdyz.exe
3340	ZiJsdVg.exe
2356	ETqEyqj.exe
3564	POpzSpT.exe
656	XTqQzyS.exe
3772	KDvJJFH.exe
4360	AgirAUH.exe
2748	TIsIxzs.exe
4972	qogwnTn.exe
2548	LtRBYlY.exe
3120	XhTgWys.exe
2976	MGqscrU.exe
5136	eDCdSqz.exe
5216	TbCqlBY.exe
5236	PEgxqAI.exe
5276	YgijodX.exe
5296	xwcglSt.exe
5316	LbElHTq.exe
5352	fAjZqvb.exe
5376	GccWiZh.exe
5400	rtrzJWp.exe
5416	LhVQZyy.exe
5448	JAJWSnx.exe
5464	MnhlqkT.exe
5480	unzzKoW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4980-0-0x00007FF671BA0000-0x00007FF671F92000-memory.dmp	upx
behavioral2/memory/4040-18-0x00007FF659230000-0x00007FF659622000-memory.dmp	upx
behavioral2/files/0x0008000000023559-23.dat	upx
behavioral2/files/0x0009000000023556-33.dat	upx
behavioral2/files/0x0008000000023562-79.dat	upx
behavioral2/files/0x0008000000023557-44.dat	upx
behavioral2/files/0x000800000002355b-39.dat	upx
behavioral2/files/0x000800000002355e-57.dat	upx
behavioral2/files/0x000900000002355a-38.dat	upx
behavioral2/memory/5016-28-0x00007FF7AE4C0000-0x00007FF7AE8B2000-memory.dmp	upx
behavioral2/files/0x000900000002353e-27.dat	upx
behavioral2/memory/4204-24-0x00007FF70C160000-0x00007FF70C552000-memory.dmp	upx
behavioral2/files/0x0009000000023558-22.dat	upx
behavioral2/files/0x000900000002356a-110.dat	upx
behavioral2/memory/4752-206-0x00007FF7E3110000-0x00007FF7E3502000-memory.dmp	upx
behavioral2/memory/1856-278-0x00007FF6F0570000-0x00007FF6F0962000-memory.dmp	upx
behavioral2/memory/2768-296-0x00007FF664290000-0x00007FF664682000-memory.dmp	upx
behavioral2/memory/804-300-0x00007FF714B10000-0x00007FF714F02000-memory.dmp	upx
behavioral2/memory/3796-299-0x00007FF6F58F0000-0x00007FF6F5CE2000-memory.dmp	upx
behavioral2/memory/4292-298-0x00007FF7869B0000-0x00007FF786DA2000-memory.dmp	upx
behavioral2/memory/3044-297-0x00007FF730840000-0x00007FF730C32000-memory.dmp	upx
behavioral2/memory/4236-295-0x00007FF66BF00000-0x00007FF66C2F2000-memory.dmp	upx
behavioral2/memory/3872-294-0x00007FF609450000-0x00007FF609842000-memory.dmp	upx
behavioral2/memory/1492-293-0x00007FF754060000-0x00007FF754452000-memory.dmp	upx
behavioral2/memory/2416-292-0x00007FF6EC370000-0x00007FF6EC762000-memory.dmp	upx
behavioral2/memory/1736-291-0x00007FF718AA0000-0x00007FF718E92000-memory.dmp	upx
behavioral2/memory/4272-290-0x00007FF765CA0000-0x00007FF766092000-memory.dmp	upx
behavioral2/memory/2796-289-0x00007FF6FA3C0000-0x00007FF6FA7B2000-memory.dmp	upx
behavioral2/memory/2868-288-0x00007FF6432E0000-0x00007FF6436D2000-memory.dmp	upx
behavioral2/memory/1192-275-0x00007FF72BD90000-0x00007FF72C182000-memory.dmp	upx
behavioral2/memory/3324-197-0x00007FF76B6C0000-0x00007FF76BAB2000-memory.dmp	upx
behavioral2/memory/2096-194-0x00007FF6FD770000-0x00007FF6FDB62000-memory.dmp	upx
behavioral2/files/0x000800000002357d-189.dat	upx
behavioral2/files/0x000800000002356f-187.dat	upx
behavioral2/files/0x000900000002357c-184.dat	upx
behavioral2/files/0x000800000002357b-182.dat	upx
behavioral2/files/0x0009000000023564-180.dat	upx
behavioral2/files/0x000900000002357a-179.dat	upx
behavioral2/files/0x0008000000023579-178.dat	upx
behavioral2/files/0x0009000000023578-175.dat	upx
behavioral2/files/0x000800000002356d-173.dat	upx
behavioral2/files/0x0008000000023577-172.dat	upx
behavioral2/files/0x0008000000023576-171.dat	upx
behavioral2/files/0x0008000000023575-170.dat	upx
behavioral2/files/0x0008000000023563-167.dat	upx
behavioral2/files/0x0009000000023574-166.dat	upx
behavioral2/files/0x0008000000023573-164.dat	upx
behavioral2/files/0x0009000000023572-163.dat	upx
behavioral2/files/0x0008000000023571-153.dat	upx
behavioral2/memory/2364-152-0x00007FF792600000-0x00007FF7929F2000-memory.dmp	upx
behavioral2/files/0x0009000000023566-144.dat	upx
behavioral2/memory/4980-1846-0x00007FF671BA0000-0x00007FF671F92000-memory.dmp	upx
behavioral2/files/0x0008000000023565-143.dat	upx
behavioral2/files/0x0008000000023567-140.dat	upx
behavioral2/files/0x0009000000023560-137.dat	upx
behavioral2/files/0x000900000002356e-129.dat	upx
behavioral2/files/0x000800000002355f-128.dat	upx
behavioral2/files/0x000800000002356b-112.dat	upx
behavioral2/memory/2884-102-0x00007FF687E90000-0x00007FF688282000-memory.dmp	upx
behavioral2/files/0x0008000000023569-101.dat	upx
behavioral2/files/0x0009000000023568-100.dat	upx
behavioral2/files/0x0009000000023570-147.dat	upx
behavioral2/files/0x000900000002355c-126.dat	upx
behavioral2/files/0x000900000002356c-115.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
5	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TYKFLkC.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\HrJDexV.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\ACcvZWD.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\SdFVsHN.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\ZiJsdVg.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\ZzVfakQ.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\tBwImFC.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\RggMOJf.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\BSYgLNb.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\megYygN.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\mRsNiEL.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\xbNqsWM.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\mGIGkjA.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\hWKnRjC.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\JSzgvWv.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\IMKHelE.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\HgSLWmo.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\GrNHCtB.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\fSdfcps.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\hfmSJjK.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\AelFuqx.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\wfSxiEx.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\VKqxxLF.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\CdxlQsn.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\SRsGxlR.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\DgxaELr.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\jZSMuBg.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\RzdpaSC.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\cSeoiYg.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\MYXRmsa.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\hAJaSLg.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\LtRBYlY.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\PeucTZs.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\hdmrYEg.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\TveAZdp.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\mbXFqnS.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\IONHEsd.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\HbHSBCY.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\uIPQQOG.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\zQXjccc.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\JtyehRp.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\ffVZeGm.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\WMEimkY.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\XhTgWys.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\WPERoMO.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\KhQqpNq.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\sIfDsYa.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\FWfEJjD.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\bYGYPTs.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\coPolOo.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\iGYAkdQ.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\MGqscrU.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\GccWiZh.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\EYSJkan.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\wsJoDVm.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\BDDJAQq.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\rssSpzR.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\vwlmVjQ.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\wbxorbc.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\iWFlBSq.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\YDOlAvr.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\oBpmpIP.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\dpiYMnp.exe	f8b37019d038ac900b133252ac204470N.exe
File created	C:\Windows\System\bjGyyCZ.exe	f8b37019d038ac900b133252ac204470N.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1100	powershell.exe
1100	powershell.exe
1100	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4980	f8b37019d038ac900b133252ac204470N.exe
Token: SeLockMemoryPrivilege	4980	f8b37019d038ac900b133252ac204470N.exe
Token: SeDebugPrivilege	1100	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 1100	4980	f8b37019d038ac900b133252ac204470N.exe	92
PID 4980 wrote to memory of 1100	4980	f8b37019d038ac900b133252ac204470N.exe	92
PID 4980 wrote to memory of 4040	4980	f8b37019d038ac900b133252ac204470N.exe	93
PID 4980 wrote to memory of 4040	4980	f8b37019d038ac900b133252ac204470N.exe	93
PID 4980 wrote to memory of 4204	4980	f8b37019d038ac900b133252ac204470N.exe	95
PID 4980 wrote to memory of 4204	4980	f8b37019d038ac900b133252ac204470N.exe	95
PID 4980 wrote to memory of 2768	4980	f8b37019d038ac900b133252ac204470N.exe	96
PID 4980 wrote to memory of 2768	4980	f8b37019d038ac900b133252ac204470N.exe	96
PID 4980 wrote to memory of 3044	4980	f8b37019d038ac900b133252ac204470N.exe	97
PID 4980 wrote to memory of 3044	4980	f8b37019d038ac900b133252ac204470N.exe	97
PID 4980 wrote to memory of 5016	4980	f8b37019d038ac900b133252ac204470N.exe	98
PID 4980 wrote to memory of 5016	4980	f8b37019d038ac900b133252ac204470N.exe	98
PID 4980 wrote to memory of 1508	4980	f8b37019d038ac900b133252ac204470N.exe	100
PID 4980 wrote to memory of 1508	4980	f8b37019d038ac900b133252ac204470N.exe	100
PID 4980 wrote to memory of 4292	4980	f8b37019d038ac900b133252ac204470N.exe	101
PID 4980 wrote to memory of 4292	4980	f8b37019d038ac900b133252ac204470N.exe	101
PID 4980 wrote to memory of 2884	4980	f8b37019d038ac900b133252ac204470N.exe	102
PID 4980 wrote to memory of 2884	4980	f8b37019d038ac900b133252ac204470N.exe	102
PID 4980 wrote to memory of 3324	4980	f8b37019d038ac900b133252ac204470N.exe	103
PID 4980 wrote to memory of 3324	4980	f8b37019d038ac900b133252ac204470N.exe	103
PID 4980 wrote to memory of 2364	4980	f8b37019d038ac900b133252ac204470N.exe	104
PID 4980 wrote to memory of 2364	4980	f8b37019d038ac900b133252ac204470N.exe	104
PID 4980 wrote to memory of 2096	4980	f8b37019d038ac900b133252ac204470N.exe	105
PID 4980 wrote to memory of 2096	4980	f8b37019d038ac900b133252ac204470N.exe	105
PID 4980 wrote to memory of 4752	4980	f8b37019d038ac900b133252ac204470N.exe	106
PID 4980 wrote to memory of 4752	4980	f8b37019d038ac900b133252ac204470N.exe	106
PID 4980 wrote to memory of 1192	4980	f8b37019d038ac900b133252ac204470N.exe	107
PID 4980 wrote to memory of 1192	4980	f8b37019d038ac900b133252ac204470N.exe	107
PID 4980 wrote to memory of 3796	4980	f8b37019d038ac900b133252ac204470N.exe	108
PID 4980 wrote to memory of 3796	4980	f8b37019d038ac900b133252ac204470N.exe	108
PID 4980 wrote to memory of 1856	4980	f8b37019d038ac900b133252ac204470N.exe	109
PID 4980 wrote to memory of 1856	4980	f8b37019d038ac900b133252ac204470N.exe	109
PID 4980 wrote to memory of 2868	4980	f8b37019d038ac900b133252ac204470N.exe	110
PID 4980 wrote to memory of 2868	4980	f8b37019d038ac900b133252ac204470N.exe	110
PID 4980 wrote to memory of 2796	4980	f8b37019d038ac900b133252ac204470N.exe	111
PID 4980 wrote to memory of 2796	4980	f8b37019d038ac900b133252ac204470N.exe	111
PID 4980 wrote to memory of 716	4980	f8b37019d038ac900b133252ac204470N.exe	112
PID 4980 wrote to memory of 716	4980	f8b37019d038ac900b133252ac204470N.exe	112
PID 4980 wrote to memory of 1020	4980	f8b37019d038ac900b133252ac204470N.exe	113
PID 4980 wrote to memory of 1020	4980	f8b37019d038ac900b133252ac204470N.exe	113
PID 4980 wrote to memory of 3628	4980	f8b37019d038ac900b133252ac204470N.exe	114
PID 4980 wrote to memory of 3628	4980	f8b37019d038ac900b133252ac204470N.exe	114
PID 4980 wrote to memory of 4272	4980	f8b37019d038ac900b133252ac204470N.exe	115
PID 4980 wrote to memory of 4272	4980	f8b37019d038ac900b133252ac204470N.exe	115
PID 4980 wrote to memory of 1736	4980	f8b37019d038ac900b133252ac204470N.exe	116
PID 4980 wrote to memory of 1736	4980	f8b37019d038ac900b133252ac204470N.exe	116
PID 4980 wrote to memory of 804	4980	f8b37019d038ac900b133252ac204470N.exe	117
PID 4980 wrote to memory of 804	4980	f8b37019d038ac900b133252ac204470N.exe	117
PID 4980 wrote to memory of 2416	4980	f8b37019d038ac900b133252ac204470N.exe	118
PID 4980 wrote to memory of 2416	4980	f8b37019d038ac900b133252ac204470N.exe	118
PID 4980 wrote to memory of 1492	4980	f8b37019d038ac900b133252ac204470N.exe	119
PID 4980 wrote to memory of 1492	4980	f8b37019d038ac900b133252ac204470N.exe	119
PID 4980 wrote to memory of 3872	4980	f8b37019d038ac900b133252ac204470N.exe	120
PID 4980 wrote to memory of 3872	4980	f8b37019d038ac900b133252ac204470N.exe	120
PID 4980 wrote to memory of 4236	4980	f8b37019d038ac900b133252ac204470N.exe	121
PID 4980 wrote to memory of 4236	4980	f8b37019d038ac900b133252ac204470N.exe	121
PID 4980 wrote to memory of 1344	4980	f8b37019d038ac900b133252ac204470N.exe	122
PID 4980 wrote to memory of 1344	4980	f8b37019d038ac900b133252ac204470N.exe	122
PID 4980 wrote to memory of 2576	4980	f8b37019d038ac900b133252ac204470N.exe	123
PID 4980 wrote to memory of 2576	4980	f8b37019d038ac900b133252ac204470N.exe	123
PID 4980 wrote to memory of 3128	4980	f8b37019d038ac900b133252ac204470N.exe	124
PID 4980 wrote to memory of 3128	4980	f8b37019d038ac900b133252ac204470N.exe	124
PID 4980 wrote to memory of 3180	4980	f8b37019d038ac900b133252ac204470N.exe	125
PID 4980 wrote to memory of 3180	4980	f8b37019d038ac900b133252ac204470N.exe	125

C:\Users\Admin\AppData\Local\Temp\f8b37019d038ac900b133252ac204470N.exe
"C:\Users\Admin\AppData\Local\Temp\f8b37019d038ac900b133252ac204470N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1100
- C:\Windows\System\RYGqHoF.exe
  C:\Windows\System\RYGqHoF.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\fabVlcE.exe
  C:\Windows\System\fabVlcE.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\WMEimkY.exe
  C:\Windows\System\WMEimkY.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\FnyjmDP.exe
  C:\Windows\System\FnyjmDP.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\CfabLVv.exe
  C:\Windows\System\CfabLVv.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\JfGPGJR.exe
  C:\Windows\System\JfGPGJR.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\ZdNisom.exe
  C:\Windows\System\ZdNisom.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\iEhugWz.exe
  C:\Windows\System\iEhugWz.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\WmHYzBa.exe
  C:\Windows\System\WmHYzBa.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\OsAvebh.exe
  C:\Windows\System\OsAvebh.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\JGyIWbl.exe
  C:\Windows\System\JGyIWbl.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\TiGyQZv.exe
  C:\Windows\System\TiGyQZv.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\QMSnXwQ.exe
  C:\Windows\System\QMSnXwQ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\nJhceAQ.exe
  C:\Windows\System\nJhceAQ.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\TveAZdp.exe
  C:\Windows\System\TveAZdp.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\CoJyZlr.exe
  C:\Windows\System\CoJyZlr.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\JqjRPQF.exe
  C:\Windows\System\JqjRPQF.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\uHgKUbi.exe
  C:\Windows\System\uHgKUbi.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\pnzVtkD.exe
  C:\Windows\System\pnzVtkD.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\BbqJzsT.exe
  C:\Windows\System\BbqJzsT.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\kNUcIPu.exe
  C:\Windows\System\kNUcIPu.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\EKQVaap.exe
  C:\Windows\System\EKQVaap.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\jLiMVQp.exe
  C:\Windows\System\jLiMVQp.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\lPdURZK.exe
  C:\Windows\System\lPdURZK.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\xYxIWIZ.exe
  C:\Windows\System\xYxIWIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\jFPqEib.exe
  C:\Windows\System\jFPqEib.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\owZLgfb.exe
  C:\Windows\System\owZLgfb.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\wrXMlqi.exe
  C:\Windows\System\wrXMlqi.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\VuvRyZB.exe
  C:\Windows\System\VuvRyZB.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\HsRtnBd.exe
  C:\Windows\System\HsRtnBd.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\wazwEFT.exe
  C:\Windows\System\wazwEFT.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\VKqxxLF.exe
  C:\Windows\System\VKqxxLF.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\GdzrbNk.exe
  C:\Windows\System\GdzrbNk.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\jHvYazA.exe
  C:\Windows\System\jHvYazA.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\aqjwnFw.exe
  C:\Windows\System\aqjwnFw.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BSYgLNb.exe
  C:\Windows\System\BSYgLNb.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\yhXeRHe.exe
  C:\Windows\System\yhXeRHe.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\HgRBJDp.exe
  C:\Windows\System\HgRBJDp.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\lugqkGG.exe
  C:\Windows\System\lugqkGG.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\TxPGdyz.exe
  C:\Windows\System\TxPGdyz.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\ZiJsdVg.exe
  C:\Windows\System\ZiJsdVg.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\ETqEyqj.exe
  C:\Windows\System\ETqEyqj.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\POpzSpT.exe
  C:\Windows\System\POpzSpT.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\XTqQzyS.exe
  C:\Windows\System\XTqQzyS.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\KDvJJFH.exe
  C:\Windows\System\KDvJJFH.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\AgirAUH.exe
  C:\Windows\System\AgirAUH.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\TIsIxzs.exe
  C:\Windows\System\TIsIxzs.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\qogwnTn.exe
  C:\Windows\System\qogwnTn.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\LtRBYlY.exe
  C:\Windows\System\LtRBYlY.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\XhTgWys.exe
  C:\Windows\System\XhTgWys.exe
  2⤵
  - Executes dropped EXE
  PID:3120
- C:\Windows\System\MGqscrU.exe
  C:\Windows\System\MGqscrU.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\eDCdSqz.exe
  C:\Windows\System\eDCdSqz.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\TbCqlBY.exe
  C:\Windows\System\TbCqlBY.exe
  2⤵
  - Executes dropped EXE
  PID:5216
- C:\Windows\System\PEgxqAI.exe
  C:\Windows\System\PEgxqAI.exe
  2⤵
  - Executes dropped EXE
  PID:5236
- C:\Windows\System\DqYWNrx.exe
  C:\Windows\System\DqYWNrx.exe
  2⤵
  PID:5252
- C:\Windows\System\YgijodX.exe
  C:\Windows\System\YgijodX.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\xwcglSt.exe
  C:\Windows\System\xwcglSt.exe
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Windows\System\LbElHTq.exe
  C:\Windows\System\LbElHTq.exe
  2⤵
  - Executes dropped EXE
  PID:5316
- C:\Windows\System\fAjZqvb.exe
  C:\Windows\System\fAjZqvb.exe
  2⤵
  - Executes dropped EXE
  PID:5352
- C:\Windows\System\GccWiZh.exe
  C:\Windows\System\GccWiZh.exe
  2⤵
  - Executes dropped EXE
  PID:5376
- C:\Windows\System\rtrzJWp.exe
  C:\Windows\System\rtrzJWp.exe
  2⤵
  - Executes dropped EXE
  PID:5400
- C:\Windows\System\LhVQZyy.exe
  C:\Windows\System\LhVQZyy.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Windows\System\JAJWSnx.exe
  C:\Windows\System\JAJWSnx.exe
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Windows\System\MnhlqkT.exe
  C:\Windows\System\MnhlqkT.exe
  2⤵
  - Executes dropped EXE
  PID:5464
- C:\Windows\System\unzzKoW.exe
  C:\Windows\System\unzzKoW.exe
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\System\bxmmunU.exe
  C:\Windows\System\bxmmunU.exe
  2⤵
  PID:5504
- C:\Windows\System\WudfDEn.exe
  C:\Windows\System\WudfDEn.exe
  2⤵
  PID:5532
- C:\Windows\System\zjICfYK.exe
  C:\Windows\System\zjICfYK.exe
  2⤵
  PID:5560
- C:\Windows\System\IMKHelE.exe
  C:\Windows\System\IMKHelE.exe
  2⤵
  PID:5576
- C:\Windows\System\bYGYPTs.exe
  C:\Windows\System\bYGYPTs.exe
  2⤵
  PID:5596
- C:\Windows\System\nhkWLtL.exe
  C:\Windows\System\nhkWLtL.exe
  2⤵
  PID:5612
- C:\Windows\System\iqSPghE.exe
  C:\Windows\System\iqSPghE.exe
  2⤵
  PID:5644
- C:\Windows\System\znGiPTJ.exe
  C:\Windows\System\znGiPTJ.exe
  2⤵
  PID:5660
- C:\Windows\System\fJYSsmA.exe
  C:\Windows\System\fJYSsmA.exe
  2⤵
  PID:5676
- C:\Windows\System\vwlmVjQ.exe
  C:\Windows\System\vwlmVjQ.exe
  2⤵
  PID:5696
- C:\Windows\System\ubXaDzk.exe
  C:\Windows\System\ubXaDzk.exe
  2⤵
  PID:5712
- C:\Windows\System\HYjArLE.exe
  C:\Windows\System\HYjArLE.exe
  2⤵
  PID:5728
- C:\Windows\System\hDLtGGr.exe
  C:\Windows\System\hDLtGGr.exe
  2⤵
  PID:5744
- C:\Windows\System\ZzVfakQ.exe
  C:\Windows\System\ZzVfakQ.exe
  2⤵
  PID:5772
- C:\Windows\System\eEWTOSi.exe
  C:\Windows\System\eEWTOSi.exe
  2⤵
  PID:5796
- C:\Windows\System\mGrReHf.exe
  C:\Windows\System\mGrReHf.exe
  2⤵
  PID:5828
- C:\Windows\System\eKfwWfu.exe
  C:\Windows\System\eKfwWfu.exe
  2⤵
  PID:5844
- C:\Windows\System\ntuhYsv.exe
  C:\Windows\System\ntuhYsv.exe
  2⤵
  PID:3568
- C:\Windows\System\kpVAyhT.exe
  C:\Windows\System\kpVAyhT.exe
  2⤵
  PID:2068
- C:\Windows\System\tMDIjYy.exe
  C:\Windows\System\tMDIjYy.exe
  2⤵
  PID:3740
- C:\Windows\System\GUoJrew.exe
  C:\Windows\System\GUoJrew.exe
  2⤵
  PID:3040
- C:\Windows\System\ToNPltC.exe
  C:\Windows\System\ToNPltC.exe
  2⤵
  PID:5044
- C:\Windows\System\xnBOWhH.exe
  C:\Windows\System\xnBOWhH.exe
  2⤵
  PID:5144
- C:\Windows\System\TrMBrpE.exe
  C:\Windows\System\TrMBrpE.exe
  2⤵
  PID:5208
- C:\Windows\System\ZxjoxQb.exe
  C:\Windows\System\ZxjoxQb.exe
  2⤵
  PID:5248
- C:\Windows\System\fCBcgBL.exe
  C:\Windows\System\fCBcgBL.exe
  2⤵
  PID:6632
- C:\Windows\System\YOFvmHg.exe
  C:\Windows\System\YOFvmHg.exe
  2⤵
  PID:6656
- C:\Windows\System\gFMrrue.exe
  C:\Windows\System\gFMrrue.exe
  2⤵
  PID:6676
- C:\Windows\System\hEnnpjd.exe
  C:\Windows\System\hEnnpjd.exe
  2⤵
  PID:6708
- C:\Windows\System\luRiuYR.exe
  C:\Windows\System\luRiuYR.exe
  2⤵
  PID:6744
- C:\Windows\System\cgJdOYf.exe
  C:\Windows\System\cgJdOYf.exe
  2⤵
  PID:6788
- C:\Windows\System\EPJsQNX.exe
  C:\Windows\System\EPJsQNX.exe
  2⤵
  PID:6832
- C:\Windows\System\ySEVLve.exe
  C:\Windows\System\ySEVLve.exe
  2⤵
  PID:6848
- C:\Windows\System\NIKhrmV.exe
  C:\Windows\System\NIKhrmV.exe
  2⤵
  PID:6864
- C:\Windows\System\oQamuNE.exe
  C:\Windows\System\oQamuNE.exe
  2⤵
  PID:6880
- C:\Windows\System\YMSExmr.exe
  C:\Windows\System\YMSExmr.exe
  2⤵
  PID:6896
- C:\Windows\System\XEaqUly.exe
  C:\Windows\System\XEaqUly.exe
  2⤵
  PID:6912
- C:\Windows\System\IONHEsd.exe
  C:\Windows\System\IONHEsd.exe
  2⤵
  PID:6928
- C:\Windows\System\SeZSNei.exe
  C:\Windows\System\SeZSNei.exe
  2⤵
  PID:6944
- C:\Windows\System\CoSHtvF.exe
  C:\Windows\System\CoSHtvF.exe
  2⤵
  PID:6960
- C:\Windows\System\uJBenwO.exe
  C:\Windows\System\uJBenwO.exe
  2⤵
  PID:6976
- C:\Windows\System\BaYkigH.exe
  C:\Windows\System\BaYkigH.exe
  2⤵
  PID:6992
- C:\Windows\System\HRqYvlD.exe
  C:\Windows\System\HRqYvlD.exe
  2⤵
  PID:7008
- C:\Windows\System\LnOClxl.exe
  C:\Windows\System\LnOClxl.exe
  2⤵
  PID:7024
- C:\Windows\System\hfmSJjK.exe
  C:\Windows\System\hfmSJjK.exe
  2⤵
  PID:7040
- C:\Windows\System\HbHSBCY.exe
  C:\Windows\System\HbHSBCY.exe
  2⤵
  PID:7056
- C:\Windows\System\LeFWFrK.exe
  C:\Windows\System\LeFWFrK.exe
  2⤵
  PID:7072
- C:\Windows\System\tThIyYC.exe
  C:\Windows\System\tThIyYC.exe
  2⤵
  PID:7088
- C:\Windows\System\KujuQTG.exe
  C:\Windows\System\KujuQTG.exe
  2⤵
  PID:7124
- C:\Windows\System\EMesnXA.exe
  C:\Windows\System\EMesnXA.exe
  2⤵
  PID:3720
- C:\Windows\System\fsRDAcF.exe
  C:\Windows\System\fsRDAcF.exe
  2⤵
  PID:5040
- C:\Windows\System\AbMsWsQ.exe
  C:\Windows\System\AbMsWsQ.exe
  2⤵
  PID:4596
- C:\Windows\System\mxkkKQQ.exe
  C:\Windows\System\mxkkKQQ.exe
  2⤵
  PID:4244
- C:\Windows\System\uYWHGJm.exe
  C:\Windows\System\uYWHGJm.exe
  2⤵
  PID:3216
- C:\Windows\System\iwcthlW.exe
  C:\Windows\System\iwcthlW.exe
  2⤵
  PID:4816
- C:\Windows\System\SnCznls.exe
  C:\Windows\System\SnCznls.exe
  2⤵
  PID:1164
- C:\Windows\System\mtIplMC.exe
  C:\Windows\System\mtIplMC.exe
  2⤵
  PID:5172
- C:\Windows\System\rIjvosE.exe
  C:\Windows\System\rIjvosE.exe
  2⤵
  PID:5232
- C:\Windows\System\eIkqrcK.exe
  C:\Windows\System\eIkqrcK.exe
  2⤵
  PID:5308
- C:\Windows\System\Jsydesf.exe
  C:\Windows\System\Jsydesf.exe
  2⤵
  PID:5360
- C:\Windows\System\FuaKnBx.exe
  C:\Windows\System\FuaKnBx.exe
  2⤵
  PID:5388
- C:\Windows\System\IrTruBA.exe
  C:\Windows\System\IrTruBA.exe
  2⤵
  PID:5428
- C:\Windows\System\UWwYcwZ.exe
  C:\Windows\System\UWwYcwZ.exe
  2⤵
  PID:5724
- C:\Windows\System\GbAuKMX.exe
  C:\Windows\System\GbAuKMX.exe
  2⤵
  PID:5904
- C:\Windows\System\pIsUUTg.exe
  C:\Windows\System\pIsUUTg.exe
  2⤵
  PID:2012
- C:\Windows\System\LvNMqFe.exe
  C:\Windows\System\LvNMqFe.exe
  2⤵
  PID:1496
- C:\Windows\System\DYSfBEI.exe
  C:\Windows\System\DYSfBEI.exe
  2⤵
  PID:2316
- C:\Windows\System\ekUroLl.exe
  C:\Windows\System\ekUroLl.exe
  2⤵
  PID:6356
- C:\Windows\System\ZLIQloO.exe
  C:\Windows\System\ZLIQloO.exe
  2⤵
  PID:4256
- C:\Windows\System\eSPIrIS.exe
  C:\Windows\System\eSPIrIS.exe
  2⤵
  PID:2656
- C:\Windows\System\HihrEJl.exe
  C:\Windows\System\HihrEJl.exe
  2⤵
  PID:2588
- C:\Windows\System\ApmOozp.exe
  C:\Windows\System\ApmOozp.exe
  2⤵
  PID:4452
- C:\Windows\System\NACOaXo.exe
  C:\Windows\System\NACOaXo.exe
  2⤵
  PID:5024
- C:\Windows\System\vqDRLUA.exe
  C:\Windows\System\vqDRLUA.exe
  2⤵
  PID:4868
- C:\Windows\System\FVBfsTD.exe
  C:\Windows\System\FVBfsTD.exe
  2⤵
  PID:1584
- C:\Windows\System\DvLtPkd.exe
  C:\Windows\System\DvLtPkd.exe
  2⤵
  PID:4976
- C:\Windows\System\aPxtAvY.exe
  C:\Windows\System\aPxtAvY.exe
  2⤵
  PID:1944
- C:\Windows\System\mUxQSvh.exe
  C:\Windows\System\mUxQSvh.exe
  2⤵
  PID:4084
- C:\Windows\System\PziTqMS.exe
  C:\Windows\System\PziTqMS.exe
  2⤵
  PID:4572
- C:\Windows\System\yWQPHhX.exe
  C:\Windows\System\yWQPHhX.exe
  2⤵
  PID:5116
- C:\Windows\System\kHkjMhr.exe
  C:\Windows\System\kHkjMhr.exe
  2⤵
  PID:6396
- C:\Windows\System\nHrBnsp.exe
  C:\Windows\System\nHrBnsp.exe
  2⤵
  PID:6412
- C:\Windows\System\fwASDmr.exe
  C:\Windows\System\fwASDmr.exe
  2⤵
  PID:6456
- C:\Windows\System\rtMEBWT.exe
  C:\Windows\System\rtMEBWT.exe
  2⤵
  PID:6468
- C:\Windows\System\fvBnWWd.exe
  C:\Windows\System\fvBnWWd.exe
  2⤵
  PID:6492
- C:\Windows\System\ybVhHMV.exe
  C:\Windows\System\ybVhHMV.exe
  2⤵
  PID:6500
- C:\Windows\System\HrtEPGE.exe
  C:\Windows\System\HrtEPGE.exe
  2⤵
  PID:6508
- C:\Windows\System\AelFuqx.exe
  C:\Windows\System\AelFuqx.exe
  2⤵
  PID:6524
- C:\Windows\System\tRDJlrg.exe
  C:\Windows\System\tRDJlrg.exe
  2⤵
  PID:6540
- C:\Windows\System\QAYMhAI.exe
  C:\Windows\System\QAYMhAI.exe
  2⤵
  PID:5784
- C:\Windows\System\YqLEgXM.exe
  C:\Windows\System\YqLEgXM.exe
  2⤵
  PID:6560
- C:\Windows\System\gHQdkUr.exe
  C:\Windows\System\gHQdkUr.exe
  2⤵
  PID:5204
- C:\Windows\System\vdamYov.exe
  C:\Windows\System\vdamYov.exe
  2⤵
  PID:6580
- C:\Windows\System\CnEGONi.exe
  C:\Windows\System\CnEGONi.exe
  2⤵
  PID:6592
- C:\Windows\System\pZoNSeO.exe
  C:\Windows\System\pZoNSeO.exe
  2⤵
  PID:5984
- C:\Windows\System\KKDKvAJ.exe
  C:\Windows\System\KKDKvAJ.exe
  2⤵
  PID:1104
- C:\Windows\System\TYXncEZ.exe
  C:\Windows\System\TYXncEZ.exe
  2⤵
  PID:6668
- C:\Windows\System\dwHKGwe.exe
  C:\Windows\System\dwHKGwe.exe
  2⤵
  PID:6720
- C:\Windows\System\qMUOchX.exe
  C:\Windows\System\qMUOchX.exe
  2⤵
  PID:6644
- C:\Windows\System\TRMSuDR.exe
  C:\Windows\System\TRMSuDR.exe
  2⤵
  PID:6920
- C:\Windows\System\eygAhVV.exe
  C:\Windows\System\eygAhVV.exe
  2⤵
  PID:6684
- C:\Windows\System\CMvyFmA.exe
  C:\Windows\System\CMvyFmA.exe
  2⤵
  PID:7160
- C:\Windows\System\hWKnRjC.exe
  C:\Windows\System\hWKnRjC.exe
  2⤵
  PID:6768
- C:\Windows\System\CHFMHmJ.exe
  C:\Windows\System\CHFMHmJ.exe
  2⤵
  PID:4600
- C:\Windows\System\JqTvzjK.exe
  C:\Windows\System\JqTvzjK.exe
  2⤵
  PID:6804
- C:\Windows\System\axBlbrL.exe
  C:\Windows\System\axBlbrL.exe
  2⤵
  PID:7000
- C:\Windows\System\loePVbe.exe
  C:\Windows\System\loePVbe.exe
  2⤵
  PID:7084
- C:\Windows\System\WCzrdCI.exe
  C:\Windows\System\WCzrdCI.exe
  2⤵
  PID:5344
- C:\Windows\System\ePPDQWy.exe
  C:\Windows\System\ePPDQWy.exe
  2⤵
  PID:1112
- C:\Windows\System\ueDyDRL.exe
  C:\Windows\System\ueDyDRL.exe
  2⤵
  PID:2440
- C:\Windows\System\VDoJkDy.exe
  C:\Windows\System\VDoJkDy.exe
  2⤵
  PID:5092
- C:\Windows\System\XOHplSA.exe
  C:\Windows\System\XOHplSA.exe
  2⤵
  PID:6756
- C:\Windows\System\rPSluZB.exe
  C:\Windows\System\rPSluZB.exe
  2⤵
  PID:1128
- C:\Windows\System\fOJEJDv.exe
  C:\Windows\System\fOJEJDv.exe
  2⤵
  PID:6876
- C:\Windows\System\jSIwoMN.exe
  C:\Windows\System\jSIwoMN.exe
  2⤵
  PID:6972
- C:\Windows\System\jatOGVV.exe
  C:\Windows\System\jatOGVV.exe
  2⤵
  PID:4352
- C:\Windows\System\lOByDkj.exe
  C:\Windows\System\lOByDkj.exe
  2⤵
  PID:5268
- C:\Windows\System\uKXhUGV.exe
  C:\Windows\System\uKXhUGV.exe
  2⤵
  PID:6452
- C:\Windows\System\SXkGNTV.exe
  C:\Windows\System\SXkGNTV.exe
  2⤵
  PID:5304
- C:\Windows\System\wbxorbc.exe
  C:\Windows\System\wbxorbc.exe
  2⤵
  PID:7136
- C:\Windows\System\rarlnxz.exe
  C:\Windows\System\rarlnxz.exe
  2⤵
  PID:3716
- C:\Windows\System\xeYCKZR.exe
  C:\Windows\System\xeYCKZR.exe
  2⤵
  PID:4396
- C:\Windows\System\qglgmaa.exe
  C:\Windows\System\qglgmaa.exe
  2⤵
  PID:512
- C:\Windows\System\xWiWfez.exe
  C:\Windows\System\xWiWfez.exe
  2⤵
  PID:1712
- C:\Windows\System\DLTCEsr.exe
  C:\Windows\System\DLTCEsr.exe
  2⤵
  PID:2080
- C:\Windows\System\TWnCpbL.exe
  C:\Windows\System\TWnCpbL.exe
  2⤵
  PID:6716
- C:\Windows\System\FVpuvww.exe
  C:\Windows\System\FVpuvww.exe
  2⤵
  PID:7184
- C:\Windows\System\uIPQQOG.exe
  C:\Windows\System\uIPQQOG.exe
  2⤵
  PID:7204
- C:\Windows\System\wKZlAda.exe
  C:\Windows\System\wKZlAda.exe
  2⤵
  PID:7224
- C:\Windows\System\mbXFqnS.exe
  C:\Windows\System\mbXFqnS.exe
  2⤵
  PID:7244
- C:\Windows\System\MHVitfU.exe
  C:\Windows\System\MHVitfU.exe
  2⤵
  PID:7264
- C:\Windows\System\nzCXKyn.exe
  C:\Windows\System\nzCXKyn.exe
  2⤵
  PID:7288
- C:\Windows\System\iDeGxgn.exe
  C:\Windows\System\iDeGxgn.exe
  2⤵
  PID:7304
- C:\Windows\System\owHwVfD.exe
  C:\Windows\System\owHwVfD.exe
  2⤵
  PID:7328
- C:\Windows\System\JSzgvWv.exe
  C:\Windows\System\JSzgvWv.exe
  2⤵
  PID:7352
- C:\Windows\System\UAjJXHd.exe
  C:\Windows\System\UAjJXHd.exe
  2⤵
  PID:7376
- C:\Windows\System\lboeMdQ.exe
  C:\Windows\System\lboeMdQ.exe
  2⤵
  PID:7396
- C:\Windows\System\AaUoJSc.exe
  C:\Windows\System\AaUoJSc.exe
  2⤵
  PID:7416
- C:\Windows\System\YBEfPba.exe
  C:\Windows\System\YBEfPba.exe
  2⤵
  PID:7444
- C:\Windows\System\BqSFXlz.exe
  C:\Windows\System\BqSFXlz.exe
  2⤵
  PID:7472
- C:\Windows\System\fUFjYoY.exe
  C:\Windows\System\fUFjYoY.exe
  2⤵
  PID:7496
- C:\Windows\System\vySXuxC.exe
  C:\Windows\System\vySXuxC.exe
  2⤵
  PID:7524
- C:\Windows\System\epVnmrq.exe
  C:\Windows\System\epVnmrq.exe
  2⤵
  PID:7540
- C:\Windows\System\ZIlLxCN.exe
  C:\Windows\System\ZIlLxCN.exe
  2⤵
  PID:7560
- C:\Windows\System\EHdxiTJ.exe
  C:\Windows\System\EHdxiTJ.exe
  2⤵
  PID:7588
- C:\Windows\System\wETZxlr.exe
  C:\Windows\System\wETZxlr.exe
  2⤵
  PID:7604
- C:\Windows\System\lVMRyqc.exe
  C:\Windows\System\lVMRyqc.exe
  2⤵
  PID:7628
- C:\Windows\System\nCNtDFw.exe
  C:\Windows\System\nCNtDFw.exe
  2⤵
  PID:7652
- C:\Windows\System\QPOUiVe.exe
  C:\Windows\System\QPOUiVe.exe
  2⤵
  PID:7672
- C:\Windows\System\lKpAqHA.exe
  C:\Windows\System\lKpAqHA.exe
  2⤵
  PID:7780
- C:\Windows\System\iJrNLVq.exe
  C:\Windows\System\iJrNLVq.exe
  2⤵
  PID:7824
- C:\Windows\System\GrNHCtB.exe
  C:\Windows\System\GrNHCtB.exe
  2⤵
  PID:7848
- C:\Windows\System\vLsfNDJ.exe
  C:\Windows\System\vLsfNDJ.exe
  2⤵
  PID:7864
- C:\Windows\System\bMppFgF.exe
  C:\Windows\System\bMppFgF.exe
  2⤵
  PID:7892
- C:\Windows\System\QLOrsLn.exe
  C:\Windows\System\QLOrsLn.exe
  2⤵
  PID:7920
- C:\Windows\System\TFOGcDY.exe
  C:\Windows\System\TFOGcDY.exe
  2⤵
  PID:7944
- C:\Windows\System\VLtjhRA.exe
  C:\Windows\System\VLtjhRA.exe
  2⤵
  PID:7960
- C:\Windows\System\HdIrXmW.exe
  C:\Windows\System\HdIrXmW.exe
  2⤵
  PID:7984
- C:\Windows\System\INZeqCx.exe
  C:\Windows\System\INZeqCx.exe
  2⤵
  PID:8012
- C:\Windows\System\EylnkWh.exe
  C:\Windows\System\EylnkWh.exe
  2⤵
  PID:8028
- C:\Windows\System\FNRwwOd.exe
  C:\Windows\System\FNRwwOd.exe
  2⤵
  PID:8044
- C:\Windows\System\XEbTlOA.exe
  C:\Windows\System\XEbTlOA.exe
  2⤵
  PID:8064
- C:\Windows\System\MpYgPzU.exe
  C:\Windows\System\MpYgPzU.exe
  2⤵
  PID:8084
- C:\Windows\System\VClslgo.exe
  C:\Windows\System\VClslgo.exe
  2⤵
  PID:8112
- C:\Windows\System\BQOZkZn.exe
  C:\Windows\System\BQOZkZn.exe
  2⤵
  PID:8132
- C:\Windows\System\oaxbPGV.exe
  C:\Windows\System\oaxbPGV.exe
  2⤵
  PID:8148
- C:\Windows\System\nyiLsQi.exe
  C:\Windows\System\nyiLsQi.exe
  2⤵
  PID:8176
- C:\Windows\System\yyoQXLQ.exe
  C:\Windows\System\yyoQXLQ.exe
  2⤵
  PID:3612
- C:\Windows\System\CLcBnUC.exe
  C:\Windows\System\CLcBnUC.exe
  2⤵
  PID:1044
- C:\Windows\System\cIlKfsP.exe
  C:\Windows\System\cIlKfsP.exe
  2⤵
  PID:6436
- C:\Windows\System\kgHkAwL.exe
  C:\Windows\System\kgHkAwL.exe
  2⤵
  PID:5288
- C:\Windows\System\HoDYgBU.exe
  C:\Windows\System\HoDYgBU.exe
  2⤵
  PID:5892
- C:\Windows\System\XYJewQG.exe
  C:\Windows\System\XYJewQG.exe
  2⤵
  PID:244
- C:\Windows\System\MbQsDqp.exe
  C:\Windows\System\MbQsDqp.exe
  2⤵
  PID:6872
- C:\Windows\System\xDJPSte.exe
  C:\Windows\System\xDJPSte.exe
  2⤵
  PID:2992
- C:\Windows\System\YTcIvLX.exe
  C:\Windows\System\YTcIvLX.exe
  2⤵
  PID:6732
- C:\Windows\System\urwcHkp.exe
  C:\Windows\System\urwcHkp.exe
  2⤵
  PID:6420
- C:\Windows\System\PeucTZs.exe
  C:\Windows\System\PeucTZs.exe
  2⤵
  PID:1644
- C:\Windows\System\QtoitDM.exe
  C:\Windows\System\QtoitDM.exe
  2⤵
  PID:3492
- C:\Windows\System\MlgUtmn.exe
  C:\Windows\System\MlgUtmn.exe
  2⤵
  PID:6404
- C:\Windows\System\spSpKnt.exe
  C:\Windows\System\spSpKnt.exe
  2⤵
  PID:7552
- C:\Windows\System\IKKaoqO.exe
  C:\Windows\System\IKKaoqO.exe
  2⤵
  PID:7584
- C:\Windows\System\IZkEVqW.exe
  C:\Windows\System\IZkEVqW.exe
  2⤵
  PID:7636
- C:\Windows\System\xoULAIE.exe
  C:\Windows\System\xoULAIE.exe
  2⤵
  PID:7668
- C:\Windows\System\RCUthcx.exe
  C:\Windows\System\RCUthcx.exe
  2⤵
  PID:6352
- C:\Windows\System\JsxZgQW.exe
  C:\Windows\System\JsxZgQW.exe
  2⤵
  PID:8196
- C:\Windows\System\dJGcvTg.exe
  C:\Windows\System\dJGcvTg.exe
  2⤵
  PID:8216
- C:\Windows\System\OXKpTqX.exe
  C:\Windows\System\OXKpTqX.exe
  2⤵
  PID:8244
- C:\Windows\System\pKYZGCv.exe
  C:\Windows\System\pKYZGCv.exe
  2⤵
  PID:8264
- C:\Windows\System\uXPnBjw.exe
  C:\Windows\System\uXPnBjw.exe
  2⤵
  PID:8288
- C:\Windows\System\VTCBBaY.exe
  C:\Windows\System\VTCBBaY.exe
  2⤵
  PID:8308
- C:\Windows\System\JbKnooX.exe
  C:\Windows\System\JbKnooX.exe
  2⤵
  PID:8332
- C:\Windows\System\dacXdTH.exe
  C:\Windows\System\dacXdTH.exe
  2⤵
  PID:8348
- C:\Windows\System\quEiNee.exe
  C:\Windows\System\quEiNee.exe
  2⤵
  PID:8376
- C:\Windows\System\sSojrVv.exe
  C:\Windows\System\sSojrVv.exe
  2⤵
  PID:8404
- C:\Windows\System\ZVGEzGS.exe
  C:\Windows\System\ZVGEzGS.exe
  2⤵
  PID:8424
- C:\Windows\System\LMkOKYK.exe
  C:\Windows\System\LMkOKYK.exe
  2⤵
  PID:8448
- C:\Windows\System\arwvQuM.exe
  C:\Windows\System\arwvQuM.exe
  2⤵
  PID:8464
- C:\Windows\System\qpwVKVJ.exe
  C:\Windows\System\qpwVKVJ.exe
  2⤵
  PID:8496
- C:\Windows\System\INkFHCb.exe
  C:\Windows\System\INkFHCb.exe
  2⤵
  PID:8520
- C:\Windows\System\jFHKqEI.exe
  C:\Windows\System\jFHKqEI.exe
  2⤵
  PID:8552
- C:\Windows\System\jKvLLRt.exe
  C:\Windows\System\jKvLLRt.exe
  2⤵
  PID:8572
- C:\Windows\System\OmHBbOe.exe
  C:\Windows\System\OmHBbOe.exe
  2⤵
  PID:8588
- C:\Windows\System\VYHriwx.exe
  C:\Windows\System\VYHriwx.exe
  2⤵
  PID:8612
- C:\Windows\System\XSgrBzT.exe
  C:\Windows\System\XSgrBzT.exe
  2⤵
  PID:8628
- C:\Windows\System\XBXkFLI.exe
  C:\Windows\System\XBXkFLI.exe
  2⤵
  PID:8660
- C:\Windows\System\zPuoyMi.exe
  C:\Windows\System\zPuoyMi.exe
  2⤵
  PID:8684
- C:\Windows\System\wDIdBHe.exe
  C:\Windows\System\wDIdBHe.exe
  2⤵
  PID:8704
- C:\Windows\System\hTEQPHz.exe
  C:\Windows\System\hTEQPHz.exe
  2⤵
  PID:8724
- C:\Windows\System\TYKFLkC.exe
  C:\Windows\System\TYKFLkC.exe
  2⤵
  PID:8748
- C:\Windows\System\HrJDexV.exe
  C:\Windows\System\HrJDexV.exe
  2⤵
  PID:8764
- C:\Windows\System\FyndEtW.exe
  C:\Windows\System\FyndEtW.exe
  2⤵
  PID:8796
- C:\Windows\System\JUPqwEA.exe
  C:\Windows\System\JUPqwEA.exe
  2⤵
  PID:8812
- C:\Windows\System\MnKOvdp.exe
  C:\Windows\System\MnKOvdp.exe
  2⤵
  PID:8836
- C:\Windows\System\aPrPzsA.exe
  C:\Windows\System\aPrPzsA.exe
  2⤵
  PID:8852
- C:\Windows\System\zQXjccc.exe
  C:\Windows\System\zQXjccc.exe
  2⤵
  PID:8868
- C:\Windows\System\CdxlQsn.exe
  C:\Windows\System\CdxlQsn.exe
  2⤵
  PID:8892
- C:\Windows\System\PwdGFCI.exe
  C:\Windows\System\PwdGFCI.exe
  2⤵
  PID:8916
- C:\Windows\System\PhdIOdE.exe
  C:\Windows\System\PhdIOdE.exe
  2⤵
  PID:8936
- C:\Windows\System\LxPBZXm.exe
  C:\Windows\System\LxPBZXm.exe
  2⤵
  PID:8956
- C:\Windows\System\PqZPsEr.exe
  C:\Windows\System\PqZPsEr.exe
  2⤵
  PID:8980
- C:\Windows\System\EFEvCWB.exe
  C:\Windows\System\EFEvCWB.exe
  2⤵
  PID:9000
- C:\Windows\System\wtgGmOJ.exe
  C:\Windows\System\wtgGmOJ.exe
  2⤵
  PID:9020
- C:\Windows\System\BrItnfE.exe
  C:\Windows\System\BrItnfE.exe
  2⤵
  PID:9044
- C:\Windows\System\JtyehRp.exe
  C:\Windows\System\JtyehRp.exe
  2⤵
  PID:9060
- C:\Windows\System\eetkgGL.exe
  C:\Windows\System\eetkgGL.exe
  2⤵
  PID:9084
- C:\Windows\System\mrPMDZs.exe
  C:\Windows\System\mrPMDZs.exe
  2⤵
  PID:9104
- C:\Windows\System\capmlfn.exe
  C:\Windows\System\capmlfn.exe
  2⤵
  PID:9124
- C:\Windows\System\okJQssk.exe
  C:\Windows\System\okJQssk.exe
  2⤵
  PID:9148
- C:\Windows\System\FSAnEWI.exe
  C:\Windows\System\FSAnEWI.exe
  2⤵
  PID:9168
- C:\Windows\System\eMIsLnC.exe
  C:\Windows\System\eMIsLnC.exe
  2⤵
  PID:9188
- C:\Windows\System\avDuwPe.exe
  C:\Windows\System\avDuwPe.exe
  2⤵
  PID:9208
- C:\Windows\System\ZaLXKtz.exe
  C:\Windows\System\ZaLXKtz.exe
  2⤵
  PID:6572
- C:\Windows\System\UBfnKGM.exe
  C:\Windows\System\UBfnKGM.exe
  2⤵
  PID:5972
- C:\Windows\System\CuUaZhL.exe
  C:\Windows\System\CuUaZhL.exe
  2⤵
  PID:4524
- C:\Windows\System\huZJXAB.exe
  C:\Windows\System\huZJXAB.exe
  2⤵
  PID:2972
- C:\Windows\System\TbzTHhA.exe
  C:\Windows\System\TbzTHhA.exe
  2⤵
  PID:7832
- C:\Windows\System\rgxUszh.exe
  C:\Windows\System\rgxUszh.exe
  2⤵
  PID:7880
- C:\Windows\System\aupqLwX.exe
  C:\Windows\System\aupqLwX.exe
  2⤵
  PID:6180
- C:\Windows\System\tcHllDe.exe
  C:\Windows\System\tcHllDe.exe
  2⤵
  PID:7176
- C:\Windows\System\aCMOIFp.exe
  C:\Windows\System\aCMOIFp.exe
  2⤵
  PID:7240
- C:\Windows\System\xZSsFtp.exe
  C:\Windows\System\xZSsFtp.exe
  2⤵
  PID:7952
- C:\Windows\System\XlFngaG.exe
  C:\Windows\System\XlFngaG.exe
  2⤵
  PID:7324
- C:\Windows\System\eOmbotR.exe
  C:\Windows\System\eOmbotR.exe
  2⤵
  PID:7360
- C:\Windows\System\npcrnUF.exe
  C:\Windows\System\npcrnUF.exe
  2⤵
  PID:7412
- C:\Windows\System\ffVZeGm.exe
  C:\Windows\System\ffVZeGm.exe
  2⤵
  PID:7440
- C:\Windows\System\AquCBjG.exe
  C:\Windows\System\AquCBjG.exe
  2⤵
  PID:8024
- C:\Windows\System\mTHIPAy.exe
  C:\Windows\System\mTHIPAy.exe
  2⤵
  PID:6776
- C:\Windows\System\mRsNiEL.exe
  C:\Windows\System\mRsNiEL.exe
  2⤵
  PID:7492
- C:\Windows\System\megYygN.exe
  C:\Windows\System\megYygN.exe
  2⤵
  PID:7520
- C:\Windows\System\IUfvpXF.exe
  C:\Windows\System\IUfvpXF.exe
  2⤵
  PID:6816
- C:\Windows\System\pDIDPen.exe
  C:\Windows\System\pDIDPen.exe
  2⤵
  PID:7596
- C:\Windows\System\KFLatbu.exe
  C:\Windows\System\KFLatbu.exe
  2⤵
  PID:8184
- C:\Windows\System\opDWWrQ.exe
  C:\Windows\System\opDWWrQ.exe
  2⤵
  PID:4884
- C:\Windows\System\twpbulE.exe
  C:\Windows\System\twpbulE.exe
  2⤵
  PID:7016
- C:\Windows\System\QildRdv.exe
  C:\Windows\System\QildRdv.exe
  2⤵
  PID:7216
- C:\Windows\System\wyatIny.exe
  C:\Windows\System\wyatIny.exe
  2⤵
  PID:6480
- C:\Windows\System\FIYTobr.exe
  C:\Windows\System\FIYTobr.exe
  2⤵
  PID:5424
- C:\Windows\System\AqUjqvs.exe
  C:\Windows\System\AqUjqvs.exe
  2⤵
  PID:8256
- C:\Windows\System\pjZEZHK.exe
  C:\Windows\System\pjZEZHK.exe
  2⤵
  PID:8356
- C:\Windows\System\HGXkBOo.exe
  C:\Windows\System\HGXkBOo.exe
  2⤵
  PID:8460
- C:\Windows\System\XMlPxjX.exe
  C:\Windows\System\XMlPxjX.exe
  2⤵
  PID:8516
- C:\Windows\System\zbcGhQQ.exe
  C:\Windows\System\zbcGhQQ.exe
  2⤵
  PID:7836
- C:\Windows\System\cSeoiYg.exe
  C:\Windows\System\cSeoiYg.exe
  2⤵
  PID:8636
- C:\Windows\System\Xaeyfke.exe
  C:\Windows\System\Xaeyfke.exe
  2⤵
  PID:8676
- C:\Windows\System\PdtmApm.exe
  C:\Windows\System\PdtmApm.exe
  2⤵
  PID:9224
- C:\Windows\System\MwLBxQW.exe
  C:\Windows\System\MwLBxQW.exe
  2⤵
  PID:9248
- C:\Windows\System\WFDoRkn.exe
  C:\Windows\System\WFDoRkn.exe
  2⤵
  PID:9268
- C:\Windows\System\HZpVwuN.exe
  C:\Windows\System\HZpVwuN.exe
  2⤵
  PID:9292
- C:\Windows\System\rBMAlTO.exe
  C:\Windows\System\rBMAlTO.exe
  2⤵
  PID:9312
- C:\Windows\System\hYFRtVw.exe
  C:\Windows\System\hYFRtVw.exe
  2⤵
  PID:9340
- C:\Windows\System\rDGRHya.exe
  C:\Windows\System\rDGRHya.exe
  2⤵
  PID:9356
- C:\Windows\System\gdtDcYh.exe
  C:\Windows\System\gdtDcYh.exe
  2⤵
  PID:9392
- C:\Windows\System\nfkdhUF.exe
  C:\Windows\System\nfkdhUF.exe
  2⤵
  PID:9420
- C:\Windows\System\ZtCjwbU.exe
  C:\Windows\System\ZtCjwbU.exe
  2⤵
  PID:9440
- C:\Windows\System\QtdlNaR.exe
  C:\Windows\System\QtdlNaR.exe
  2⤵
  PID:9464
- C:\Windows\System\ibCbndO.exe
  C:\Windows\System\ibCbndO.exe
  2⤵
  PID:9488
- C:\Windows\System\mAIyxGc.exe
  C:\Windows\System\mAIyxGc.exe
  2⤵
  PID:9528
- C:\Windows\System\AcmRzpo.exe
  C:\Windows\System\AcmRzpo.exe
  2⤵
  PID:9544
- C:\Windows\System\PrNCQRa.exe
  C:\Windows\System\PrNCQRa.exe
  2⤵
  PID:9560
- C:\Windows\System\bWYbfyd.exe
  C:\Windows\System\bWYbfyd.exe
  2⤵
  PID:9576
- C:\Windows\System\pWXfoMm.exe
  C:\Windows\System\pWXfoMm.exe
  2⤵
  PID:9596
- C:\Windows\System\ekZINjV.exe
  C:\Windows\System\ekZINjV.exe
  2⤵
  PID:9620
- C:\Windows\System\kZWbUAp.exe
  C:\Windows\System\kZWbUAp.exe
  2⤵
  PID:9644
- C:\Windows\System\sDKBEGR.exe
  C:\Windows\System\sDKBEGR.exe
  2⤵
  PID:9664
- C:\Windows\System\olhhytC.exe
  C:\Windows\System\olhhytC.exe
  2⤵
  PID:9684
- C:\Windows\System\WXvzhQW.exe
  C:\Windows\System\WXvzhQW.exe
  2⤵
  PID:9704
- C:\Windows\System\WREGbQR.exe
  C:\Windows\System\WREGbQR.exe
  2⤵
  PID:9724
- C:\Windows\System\SdJUopm.exe
  C:\Windows\System\SdJUopm.exe
  2⤵
  PID:9748
- C:\Windows\System\rAOmXrf.exe
  C:\Windows\System\rAOmXrf.exe
  2⤵
  PID:9776
- C:\Windows\System\ACcvZWD.exe
  C:\Windows\System\ACcvZWD.exe
  2⤵
  PID:9800
- C:\Windows\System\EYSJkan.exe
  C:\Windows\System\EYSJkan.exe
  2⤵
  PID:9816
- C:\Windows\System\GwwOWeb.exe
  C:\Windows\System\GwwOWeb.exe
  2⤵
  PID:9840
- C:\Windows\System\zPIEioW.exe
  C:\Windows\System\zPIEioW.exe
  2⤵
  PID:9868
- C:\Windows\System\amVFFnU.exe
  C:\Windows\System\amVFFnU.exe
  2⤵
  PID:9892
- C:\Windows\System\mdrhPDC.exe
  C:\Windows\System\mdrhPDC.exe
  2⤵
  PID:9912
- C:\Windows\System\FFheFch.exe
  C:\Windows\System\FFheFch.exe
  2⤵
  PID:9932
- C:\Windows\System\tBwImFC.exe
  C:\Windows\System\tBwImFC.exe
  2⤵
  PID:9952
- C:\Windows\System\sIfDsYa.exe
  C:\Windows\System\sIfDsYa.exe
  2⤵
  PID:9972
- C:\Windows\System\lCKWmge.exe
  C:\Windows\System\lCKWmge.exe
  2⤵
  PID:9992
- C:\Windows\System\bjGyyCZ.exe
  C:\Windows\System\bjGyyCZ.exe
  2⤵
  PID:10016
- C:\Windows\System\xbbbHvI.exe
  C:\Windows\System\xbbbHvI.exe
  2⤵
  PID:10036
- C:\Windows\System\lowVokJ.exe
  C:\Windows\System\lowVokJ.exe
  2⤵
  PID:10056
- C:\Windows\System\WnedGmP.exe
  C:\Windows\System\WnedGmP.exe
  2⤵
  PID:10080
- C:\Windows\System\YsrZxqG.exe
  C:\Windows\System\YsrZxqG.exe
  2⤵
  PID:10096
- C:\Windows\System\wsJoDVm.exe
  C:\Windows\System\wsJoDVm.exe
  2⤵
  PID:10120
- C:\Windows\System\LDjeRsP.exe
  C:\Windows\System\LDjeRsP.exe
  2⤵
  PID:10140
- C:\Windows\System\SXHhrBE.exe
  C:\Windows\System\SXHhrBE.exe
  2⤵
  PID:10160
- C:\Windows\System\BWLvJlc.exe
  C:\Windows\System\BWLvJlc.exe
  2⤵
  PID:10184
- C:\Windows\System\BKVWJoN.exe
  C:\Windows\System\BKVWJoN.exe
  2⤵
  PID:10200
- C:\Windows\System\NPuAYoY.exe
  C:\Windows\System\NPuAYoY.exe
  2⤵
  PID:10220
- C:\Windows\System\iGIUTnD.exe
  C:\Windows\System\iGIUTnD.exe
  2⤵
  PID:7272
- C:\Windows\System\rvCBvAG.exe
  C:\Windows\System\rvCBvAG.exe
  2⤵
  PID:7432
- C:\Windows\System\lCKLfqI.exe
  C:\Windows\System\lCKLfqI.exe
  2⤵
  PID:8908
- C:\Windows\System\HgSLWmo.exe
  C:\Windows\System\HgSLWmo.exe
  2⤵
  PID:9016
- C:\Windows\System\NqVdXwx.exe
  C:\Windows\System\NqVdXwx.exe
  2⤵
  PID:9136
- C:\Windows\System\jemomLL.exe
  C:\Windows\System\jemomLL.exe
  2⤵
  PID:9164
- C:\Windows\System\qkMTmRO.exe
  C:\Windows\System\qkMTmRO.exe
  2⤵
  PID:5384
- C:\Windows\System\IgOePuR.exe
  C:\Windows\System\IgOePuR.exe
  2⤵
  PID:3580
- C:\Windows\System\CzCNAZO.exe
  C:\Windows\System\CzCNAZO.exe
  2⤵
  PID:7260
- C:\Windows\System\gZGHAsx.exe
  C:\Windows\System\gZGHAsx.exe
  2⤵
  PID:7020
- C:\Windows\System\MWDIekJ.exe
  C:\Windows\System\MWDIekJ.exe
  2⤵
  PID:7384
- C:\Windows\System\TcJwHHk.exe
  C:\Windows\System\TcJwHHk.exe
  2⤵
  PID:7148
- C:\Windows\System\eDuVdBC.exe
  C:\Windows\System\eDuVdBC.exe
  2⤵
  PID:6696
- C:\Windows\System\XBjticU.exe
  C:\Windows\System\XBjticU.exe
  2⤵
  PID:8420
- C:\Windows\System\gtDSkzE.exe
  C:\Windows\System\gtDSkzE.exe
  2⤵
  PID:7792
- C:\Windows\System\TAWTTBg.exe
  C:\Windows\System\TAWTTBg.exe
  2⤵
  PID:8560
- C:\Windows\System\flEpdJT.exe
  C:\Windows\System\flEpdJT.exe
  2⤵
  PID:8512
- C:\Windows\System\UKXWwJw.exe
  C:\Windows\System\UKXWwJw.exe
  2⤵
  PID:8732
- C:\Windows\System\ZjBFhnw.exe
  C:\Windows\System\ZjBFhnw.exe
  2⤵
  PID:8776
- C:\Windows\System\xzXTZBU.exe
  C:\Windows\System\xzXTZBU.exe
  2⤵
  PID:10256
- C:\Windows\System\VtxlXtr.exe
  C:\Windows\System\VtxlXtr.exe
  2⤵
  PID:10284
- C:\Windows\System\DVOexMZ.exe
  C:\Windows\System\DVOexMZ.exe
  2⤵
  PID:10300
- C:\Windows\System\juHGSfu.exe
  C:\Windows\System\juHGSfu.exe
  2⤵
  PID:10324
- C:\Windows\System\BDDJAQq.exe
  C:\Windows\System\BDDJAQq.exe
  2⤵
  PID:10344
- C:\Windows\System\WwSsuBR.exe
  C:\Windows\System\WwSsuBR.exe
  2⤵
  PID:10364
- C:\Windows\System\xbNqsWM.exe
  C:\Windows\System\xbNqsWM.exe
  2⤵
  PID:10388
- C:\Windows\System\SlUuSFB.exe
  C:\Windows\System\SlUuSFB.exe
  2⤵
  PID:10424
- C:\Windows\System\mJkhrgW.exe
  C:\Windows\System\mJkhrgW.exe
  2⤵
  PID:10460
- C:\Windows\System\pjFyqNg.exe
  C:\Windows\System\pjFyqNg.exe
  2⤵
  PID:10480
- C:\Windows\System\COoCEZO.exe
  C:\Windows\System\COoCEZO.exe
  2⤵
  PID:10500
- C:\Windows\System\sbGsyWq.exe
  C:\Windows\System\sbGsyWq.exe
  2⤵
  PID:10524
- C:\Windows\System\YDobmPr.exe
  C:\Windows\System\YDobmPr.exe
  2⤵
  PID:10548
- C:\Windows\System\PrkWham.exe
  C:\Windows\System\PrkWham.exe
  2⤵
  PID:10564
- C:\Windows\System\CiGiums.exe
  C:\Windows\System\CiGiums.exe
  2⤵
  PID:10584
- C:\Windows\System\NskwDQh.exe
  C:\Windows\System\NskwDQh.exe
  2⤵
  PID:10608
- C:\Windows\System\McGZeUT.exe
  C:\Windows\System\McGZeUT.exe
  2⤵
  PID:10628
- C:\Windows\System\IsQpAGp.exe
  C:\Windows\System\IsQpAGp.exe
  2⤵
  PID:10652
- C:\Windows\System\MYXRmsa.exe
  C:\Windows\System\MYXRmsa.exe
  2⤵
  PID:10672
- C:\Windows\System\HjutdUC.exe
  C:\Windows\System\HjutdUC.exe
  2⤵
  PID:10692
- C:\Windows\System\BNbowfz.exe
  C:\Windows\System\BNbowfz.exe
  2⤵
  PID:10712
- C:\Windows\System\SdFVsHN.exe
  C:\Windows\System\SdFVsHN.exe
  2⤵
  PID:10736
- C:\Windows\System\ZTbegen.exe
  C:\Windows\System\ZTbegen.exe
  2⤵
  PID:10756
- C:\Windows\System\NVOfthD.exe
  C:\Windows\System\NVOfthD.exe
  2⤵
  PID:10776
- C:\Windows\System\pGBvlqA.exe
  C:\Windows\System\pGBvlqA.exe
  2⤵
  PID:10800
- C:\Windows\System\qibQSLP.exe
  C:\Windows\System\qibQSLP.exe
  2⤵
  PID:10824
- C:\Windows\System\oSgJlMh.exe
  C:\Windows\System\oSgJlMh.exe
  2⤵
  PID:10848
- C:\Windows\System\zJkodar.exe
  C:\Windows\System\zJkodar.exe
  2⤵
  PID:10864
- C:\Windows\System\Nugmzcq.exe
  C:\Windows\System\Nugmzcq.exe
  2⤵
  PID:10884
- C:\Windows\System\NtUzoxk.exe
  C:\Windows\System\NtUzoxk.exe
  2⤵
  PID:10904
- C:\Windows\System\vuJkYrr.exe
  C:\Windows\System\vuJkYrr.exe
  2⤵
  PID:10928
- C:\Windows\System\gdQpQBx.exe
  C:\Windows\System\gdQpQBx.exe
  2⤵
  PID:10948
- C:\Windows\System\tYxCojE.exe
  C:\Windows\System\tYxCojE.exe
  2⤵
  PID:10964
- C:\Windows\System\XeiAgef.exe
  C:\Windows\System\XeiAgef.exe
  2⤵
  PID:10992
- C:\Windows\System\DvBYsVw.exe
  C:\Windows\System\DvBYsVw.exe
  2⤵
  PID:11012
- C:\Windows\System\CfyMXyJ.exe
  C:\Windows\System\CfyMXyJ.exe
  2⤵
  PID:11032
- C:\Windows\System\mJqnxVn.exe
  C:\Windows\System\mJqnxVn.exe
  2⤵
  PID:11056
- C:\Windows\System\amuSEgb.exe
  C:\Windows\System\amuSEgb.exe
  2⤵
  PID:11076
- C:\Windows\System\DOwsNls.exe
  C:\Windows\System\DOwsNls.exe
  2⤵
  PID:11104
- C:\Windows\System\NuLdcuN.exe
  C:\Windows\System\NuLdcuN.exe
  2⤵
  PID:11128
- C:\Windows\System\athXDxe.exe
  C:\Windows\System\athXDxe.exe
  2⤵
  PID:11160
- C:\Windows\System\MTagumY.exe
  C:\Windows\System\MTagumY.exe
  2⤵
  PID:11176
- C:\Windows\System\zgCVZlF.exe
  C:\Windows\System\zgCVZlF.exe
  2⤵
  PID:9040
- C:\Windows\System\zBpteev.exe
  C:\Windows\System\zBpteev.exe
  2⤵
  PID:9076
- C:\Windows\System\valOnWW.exe
  C:\Windows\System\valOnWW.exe
  2⤵
  PID:8140
- C:\Windows\System\iWFlBSq.exe
  C:\Windows\System\iWFlBSq.exe
  2⤵
  PID:5968
- C:\Windows\System\jVrpLap.exe
  C:\Windows\System\jVrpLap.exe
  2⤵
  PID:9744
- C:\Windows\System\RpuusYr.exe
  C:\Windows\System\RpuusYr.exe
  2⤵
  PID:9788
- C:\Windows\System\NpNazNy.exe
  C:\Windows\System\NpNazNy.exe
  2⤵
  PID:7816
- C:\Windows\System\DBIPifi.exe
  C:\Windows\System\DBIPifi.exe
  2⤵
  PID:4756
- C:\Windows\System\IkFFFyz.exe
  C:\Windows\System\IkFFFyz.exe
  2⤵
  PID:1516
- C:\Windows\System\nBmGPPj.exe
  C:\Windows\System\nBmGPPj.exe
  2⤵
  PID:9884
- C:\Windows\System\YDOlAvr.exe
  C:\Windows\System\YDOlAvr.exe
  2⤵
  PID:1960
- C:\Windows\System\hdmrYEg.exe
  C:\Windows\System\hdmrYEg.exe
  2⤵
  PID:8204
- C:\Windows\System\WrdJvKR.exe
  C:\Windows\System\WrdJvKR.exe
  2⤵
  PID:8236
- C:\Windows\System\mGIGkjA.exe
  C:\Windows\System\mGIGkjA.exe
  2⤵
  PID:10196
- C:\Windows\System\ifiISDT.exe
  C:\Windows\System\ifiISDT.exe
  2⤵
  PID:8316
- C:\Windows\System\RiyFKEK.exe
  C:\Windows\System\RiyFKEK.exe
  2⤵
  PID:7568
- C:\Windows\System\HOHHIto.exe
  C:\Windows\System\HOHHIto.exe
  2⤵
  PID:11280
- C:\Windows\System\NAmSgXY.exe
  C:\Windows\System\NAmSgXY.exe
  2⤵
  PID:11296
- C:\Windows\System\coPolOo.exe
  C:\Windows\System\coPolOo.exe
  2⤵
  PID:11320
- C:\Windows\System\KBLcXFh.exe
  C:\Windows\System\KBLcXFh.exe
  2⤵
  PID:11344
- C:\Windows\System\TdHvAzO.exe
  C:\Windows\System\TdHvAzO.exe
  2⤵
  PID:11360
- C:\Windows\System\BsIASGn.exe
  C:\Windows\System\BsIASGn.exe
  2⤵
  PID:11384
- C:\Windows\System\urpTOph.exe
  C:\Windows\System\urpTOph.exe
  2⤵
  PID:11400
- C:\Windows\System\hsmPZjD.exe
  C:\Windows\System\hsmPZjD.exe
  2⤵
  PID:11420
- C:\Windows\System\rSIIPNj.exe
  C:\Windows\System\rSIIPNj.exe
  2⤵
  PID:11436
- C:\Windows\System\qBGlaZZ.exe
  C:\Windows\System\qBGlaZZ.exe
  2⤵
  PID:11452
- C:\Windows\System\viAqjfw.exe
  C:\Windows\System\viAqjfw.exe
  2⤵
  PID:11468
- C:\Windows\System\IOyYHDK.exe
  C:\Windows\System\IOyYHDK.exe
  2⤵
  PID:11492
- C:\Windows\System\jEkZIJc.exe
  C:\Windows\System\jEkZIJc.exe
  2⤵
  PID:11516
- C:\Windows\System\ZKKazKJ.exe
  C:\Windows\System\ZKKazKJ.exe
  2⤵
  PID:11532
- C:\Windows\System\POGpUZW.exe
  C:\Windows\System\POGpUZW.exe
  2⤵
  PID:11548
- C:\Windows\System\DhvjiUU.exe
  C:\Windows\System\DhvjiUU.exe
  2⤵
  PID:11572
- C:\Windows\System\pXYXzhV.exe
  C:\Windows\System\pXYXzhV.exe
  2⤵
  PID:11588
- C:\Windows\System\tfIxXdT.exe
  C:\Windows\System\tfIxXdT.exe
  2⤵
  PID:11604
- C:\Windows\System\yGVtNaE.exe
  C:\Windows\System\yGVtNaE.exe
  2⤵
  PID:11624
- C:\Windows\System\XwjBwGk.exe
  C:\Windows\System\XwjBwGk.exe
  2⤵
  PID:11644
- C:\Windows\System\ahescik.exe
  C:\Windows\System\ahescik.exe
  2⤵
  PID:11660
- C:\Windows\System\SRsGxlR.exe
  C:\Windows\System\SRsGxlR.exe
  2⤵
  PID:11680
- C:\Windows\System\uBfpFkh.exe
  C:\Windows\System\uBfpFkh.exe
  2⤵
  PID:11724
- C:\Windows\System\sSxkHyp.exe
  C:\Windows\System\sSxkHyp.exe
  2⤵
  PID:11752
- C:\Windows\System\JTxfKpp.exe
  C:\Windows\System\JTxfKpp.exe
  2⤵
  PID:11776
- C:\Windows\System\iGYAkdQ.exe
  C:\Windows\System\iGYAkdQ.exe
  2⤵
  PID:11804
- C:\Windows\System\qpzNLjM.exe
  C:\Windows\System\qpzNLjM.exe
  2⤵
  PID:11824
- C:\Windows\System\GdGWkeQ.exe
  C:\Windows\System\GdGWkeQ.exe
  2⤵
  PID:11848
- C:\Windows\System\uZDYrtd.exe
  C:\Windows\System\uZDYrtd.exe
  2⤵
  PID:11872
- C:\Windows\System\txExjdA.exe
  C:\Windows\System\txExjdA.exe
  2⤵
  PID:11896
- C:\Windows\System\GXyCHpc.exe
  C:\Windows\System\GXyCHpc.exe
  2⤵
  PID:11920
- C:\Windows\System\yryyApQ.exe
  C:\Windows\System\yryyApQ.exe
  2⤵
  PID:11944
- C:\Windows\System\lNlXWoJ.exe
  C:\Windows\System\lNlXWoJ.exe
  2⤵
  PID:11968
- C:\Windows\System\ghdCmTT.exe
  C:\Windows\System\ghdCmTT.exe
  2⤵
  PID:11988
- C:\Windows\System\huOERfc.exe
  C:\Windows\System\huOERfc.exe
  2⤵
  PID:12008
- C:\Windows\System\opiXqne.exe
  C:\Windows\System\opiXqne.exe
  2⤵
  PID:12032
- C:\Windows\System\TLwGmwm.exe
  C:\Windows\System\TLwGmwm.exe
  2⤵
  PID:12056
- C:\Windows\System\ZIrKDqY.exe
  C:\Windows\System\ZIrKDqY.exe
  2⤵
  PID:12076
- C:\Windows\System\yopwChg.exe
  C:\Windows\System\yopwChg.exe
  2⤵
  PID:12104
- C:\Windows\System\aslJeJW.exe
  C:\Windows\System\aslJeJW.exe
  2⤵
  PID:12128
- C:\Windows\System\qdpzLIC.exe
  C:\Windows\System\qdpzLIC.exe
  2⤵
  PID:12152
- C:\Windows\System\PEZKScx.exe
  C:\Windows\System\PEZKScx.exe
  2⤵
  PID:12184
- C:\Windows\System\ouSeyTO.exe
  C:\Windows\System\ouSeyTO.exe
  2⤵
  PID:12204
- C:\Windows\System\ajSKAdp.exe
  C:\Windows\System\ajSKAdp.exe
  2⤵
  PID:12228
- C:\Windows\System\wqFUZkm.exe
  C:\Windows\System\wqFUZkm.exe
  2⤵
  PID:12248
- C:\Windows\System\HTudgZr.exe
  C:\Windows\System\HTudgZr.exe
  2⤵
  PID:12276
- C:\Windows\System\IBAOfoP.exe
  C:\Windows\System\IBAOfoP.exe
  2⤵
  PID:8440
- C:\Windows\System\fhMnMwQ.exe
  C:\Windows\System\fhMnMwQ.exe
  2⤵
  PID:8480
- C:\Windows\System\wfSxiEx.exe
  C:\Windows\System\wfSxiEx.exe
  2⤵
  PID:7736
- C:\Windows\System\ISXfRDb.exe
  C:\Windows\System\ISXfRDb.exe
  2⤵
  PID:8668
- C:\Windows\System\ABnduaB.exe
  C:\Windows\System\ABnduaB.exe
  2⤵
  PID:8272
- C:\Windows\System\mkihdzc.exe
  C:\Windows\System\mkihdzc.exe
  2⤵
  PID:8640
- C:\Windows\System\wxnqsyN.exe
  C:\Windows\System\wxnqsyN.exe
  2⤵
  PID:8788
- C:\Windows\System\DgxaELr.exe
  C:\Windows\System\DgxaELr.exe
  2⤵
  PID:9336
- C:\Windows\System\PzwqXiP.exe
  C:\Windows\System\PzwqXiP.exe
  2⤵
  PID:10340
- C:\Windows\System\feSOFXl.exe
  C:\Windows\System\feSOFXl.exe
  2⤵
  PID:10400
- C:\Windows\System\UrBohga.exe
  C:\Windows\System\UrBohga.exe
  2⤵
  PID:8900
- C:\Windows\System\UuwPhkP.exe
  C:\Windows\System\UuwPhkP.exe
  2⤵
  PID:8932
- C:\Windows\System\aRFQcyt.exe
  C:\Windows\System\aRFQcyt.exe
  2⤵
  PID:10572
- C:\Windows\System\HYwbKuo.exe
  C:\Windows\System\HYwbKuo.exe
  2⤵
  PID:10708
- C:\Windows\System\hlPLCdZ.exe
  C:\Windows\System\hlPLCdZ.exe
  2⤵
  PID:12328
- C:\Windows\System\FWfEJjD.exe
  C:\Windows\System\FWfEJjD.exe
  2⤵
  PID:12348
- C:\Windows\System\obAaimM.exe
  C:\Windows\System\obAaimM.exe
  2⤵
  PID:12364
- C:\Windows\System\mhEqCtc.exe
  C:\Windows\System\mhEqCtc.exe
  2⤵
  PID:12380
- C:\Windows\System\vXkgQZh.exe
  C:\Windows\System\vXkgQZh.exe
  2⤵
  PID:12408
- C:\Windows\System\JIxlyFz.exe
  C:\Windows\System\JIxlyFz.exe
  2⤵
  PID:12428
- C:\Windows\System\DASZfpd.exe
  C:\Windows\System\DASZfpd.exe
  2⤵
  PID:12448
- C:\Windows\System\JabRikm.exe
  C:\Windows\System\JabRikm.exe
  2⤵
  PID:12464
- C:\Windows\System\nclPIrd.exe
  C:\Windows\System\nclPIrd.exe
  2⤵
  PID:12480
- C:\Windows\System\bwSQmhi.exe
  C:\Windows\System\bwSQmhi.exe
  2⤵
  PID:12496
- C:\Windows\System\nUGhstI.exe
  C:\Windows\System\nUGhstI.exe
  2⤵
  PID:12512
- C:\Windows\System\nWCgvHf.exe
  C:\Windows\System\nWCgvHf.exe
  2⤵
  PID:12528
- C:\Windows\System\ikixnZM.exe
  C:\Windows\System\ikixnZM.exe
  2⤵
  PID:12544
- C:\Windows\System\lNFvfje.exe
  C:\Windows\System\lNFvfje.exe
  2⤵
  PID:12560
- C:\Windows\System\KsErJEY.exe
  C:\Windows\System\KsErJEY.exe
  2⤵
  PID:12576
- C:\Windows\System\uVmjyMl.exe
  C:\Windows\System\uVmjyMl.exe
  2⤵
  PID:12592
- C:\Windows\System\PQaQweZ.exe
  C:\Windows\System\PQaQweZ.exe
  2⤵
  PID:12612
- C:\Windows\System\rvTLbaP.exe
  C:\Windows\System\rvTLbaP.exe
  2⤵
  PID:12636
- C:\Windows\System\nQxfnch.exe
  C:\Windows\System\nQxfnch.exe
  2⤵
  PID:12660
- C:\Windows\System\rBMIaJE.exe
  C:\Windows\System\rBMIaJE.exe
  2⤵
  PID:12684
- C:\Windows\System\MlEmbEy.exe
  C:\Windows\System\MlEmbEy.exe
  2⤵
  PID:12704
- C:\Windows\System\nsonrDm.exe
  C:\Windows\System\nsonrDm.exe
  2⤵
  PID:12724
- C:\Windows\System\tdEUzCl.exe
  C:\Windows\System\tdEUzCl.exe
  2⤵
  PID:12748
- C:\Windows\System\fWHlUNa.exe
  C:\Windows\System\fWHlUNa.exe
  2⤵
  PID:12764
- C:\Windows\System\oPlTmsA.exe
  C:\Windows\System\oPlTmsA.exe
  2⤵
  PID:12784
- C:\Windows\System\JVyfwPG.exe
  C:\Windows\System\JVyfwPG.exe
  2⤵
  PID:12804
- C:\Windows\System\kQpfJPx.exe
  C:\Windows\System\kQpfJPx.exe
  2⤵
  PID:12824
- C:\Windows\System\njsSFuO.exe
  C:\Windows\System\njsSFuO.exe
  2⤵
  PID:12844
- C:\Windows\System\hKzfjVD.exe
  C:\Windows\System\hKzfjVD.exe
  2⤵
  PID:12864
- C:\Windows\System\FKPIWJx.exe
  C:\Windows\System\FKPIWJx.exe
  2⤵
  PID:12884
- C:\Windows\System\oBpmpIP.exe
  C:\Windows\System\oBpmpIP.exe
  2⤵
  PID:12908
- C:\Windows\System\WPERoMO.exe
  C:\Windows\System\WPERoMO.exe
  2⤵
  PID:12932
- C:\Windows\System\UWCTZJM.exe
  C:\Windows\System\UWCTZJM.exe
  2⤵
  PID:12952
- C:\Windows\System\XIhaENR.exe
  C:\Windows\System\XIhaENR.exe
  2⤵
  PID:12988
- C:\Windows\System\qFsHCEP.exe
  C:\Windows\System\qFsHCEP.exe
  2⤵
  PID:13048
- C:\Windows\System\okUlmMW.exe
  C:\Windows\System\okUlmMW.exe
  2⤵
  PID:13084
- C:\Windows\System\btGadcM.exe
  C:\Windows\System\btGadcM.exe
  2⤵
  PID:13104
- C:\Windows\System\YFeCxYh.exe
  C:\Windows\System\YFeCxYh.exe
  2⤵
  PID:13124
- C:\Windows\System\ORDdDiM.exe
  C:\Windows\System\ORDdDiM.exe
  2⤵
  PID:13148
- C:\Windows\System\iyUyGwq.exe
  C:\Windows\System\iyUyGwq.exe
  2⤵
  PID:13172
- C:\Windows\System\knOpguR.exe
  C:\Windows\System\knOpguR.exe
  2⤵
  PID:13200
- C:\Windows\System\nqwcpoz.exe
  C:\Windows\System\nqwcpoz.exe
  2⤵
  PID:13216
- C:\Windows\System\aOxnxWu.exe
  C:\Windows\System\aOxnxWu.exe
  2⤵
  PID:13248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4440,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:8
1⤵
PID:6608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qw0ys4ny.jo2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BSYgLNb.exe

Filesize
1.9MB

MD5
6d68aa6a71b60fa8966d1608748c6283

SHA1
6d212b69e6b9bc3c0c717ca979e91225ec74d826

SHA256
7b81ac2bd2d9a0c165235a336aa32d3eba297b667c92eaabf072807a69375797

SHA512
11c64e2eef8640669c8b1e471b8439bbc9794b339c33223bfce8c69c13e246c286adab7a81ab5bd7f253304907905f4d326c32ff9a0bbc7858e09a7c92c3e2db

Download Submit
C:\Windows\System\BbqJzsT.exe

Filesize
1.9MB

MD5
884d79e42f080df7b972a2c77a73253a

SHA1
2d96dc2d02d3c75ea805e90fed07bb86d54775b3

SHA256
40a01e4dab57db27d2af39f415e5fbe8d301b5b8b516e9c78a6784dc4f9b8dbf

SHA512
8e49017657121f778ccf76f78849bb3ad60076c948375eacfc4288ef0d1192abe06ffdfa0d4769364d496a36d9986488e9b46681d214ab49651a84f714ac0d59

Download Submit
C:\Windows\System\CfabLVv.exe

Filesize
1.9MB

MD5
cdf312a166a16cc1f39eb1ca8438bd88

SHA1
d88bbce35d2751baf1c4f1bc4fd3923f66a5ff40

SHA256
daf4104e7315953c9b24d49f7cfae490be3424660597d49b7187cd0164f00b9c

SHA512
46613e400a179f441b9f278385ab3d617c2ef970e4a50f760c009d5132933acf6dcdde2e57e4ce1d8623da1d7887737f3b91b1d44cc90d31cba31ae5ce5c99a9

Download Submit
C:\Windows\System\CoJyZlr.exe

Filesize
1.9MB

MD5
9dc332c883edbbe43ea757dc9b1c7b09

SHA1
56e7ef04772295319aef12ae66dac5f8ae6738f5

SHA256
83993628415c77b66ea1453eb26dae8d1ddbfcc99aa0d5f0f2cad83207c1ddd7

SHA512
aaefe29dbe858bd42a67d0db2da471fbc73bcaac9e37c3944c2930fbda580e876348942cb0dee8da95aca3fe67ed85bcc91a0227c2f7552f317d9cd06ba7cc63

Download Submit
C:\Windows\System\EKQVaap.exe

Filesize
1.9MB

MD5
e3182fe880d39172a8c4ea7888aa8a2b

SHA1
16dea415e2ae492a37669bf1fe8da53f6a7f959c

SHA256
86b89ce970f2824970e6259416931813ff1124036228e7e62714102d1062af99

SHA512
b6d0d1ca2c23bfa07ef3da2bf44a0670416a91c74f98dc50a7e18c4ac9c14f075e52064120775164e994b878882f42c9d1e384acbff4914425e7cd1550418dd7

Download Submit
C:\Windows\System\ETqEyqj.exe

Filesize
1.9MB

MD5
a5699775238c32c502523349642fee52

SHA1
870b47d3fdec46aa7940d98347251536e3d05df1

SHA256
5c0c2a4075b5e97b037c3d8728224cbb9803f65e16120e20fed57a73f460cde2

SHA512
6101f595fbec3c7d002d42c5044b4c033c22f51237f741ccd3794c23542dabdccaf93e0cddd026978d6cabf2711e966cd4fa3724660ebdd68b450e6f106c1905

Download Submit
C:\Windows\System\FnyjmDP.exe

Filesize
1.9MB

MD5
4d34ea890079c03ae5e8fd5dc8edb159

SHA1
17f4df6e084119a0128d5c4906411deadf4808ec

SHA256
407850c0d8d8590de07d2b8ba0b44ac1691c3cbe47cd64d67ab1b8368f81df2c

SHA512
a8e8c7e4d52415a9649f6c7fda18f27f946f2433791026e172605317bf1a46a455680affe5bb3c773d34848b33ac981a632338e2172fb1ee86690cfac0854a96

Download Submit
C:\Windows\System\GdzrbNk.exe

Filesize
1.9MB

MD5
ebd0410f819aa5db59236e473514e418

SHA1
3b86355b0cb77c56ed560dcf681ea353c8f34f20

SHA256
cc4a7ca6832635809cb4d2180f9f4bf0a89862b52b9206c089c0e7d3b840ff8b

SHA512
d767732208852e3a901f579835c458e6e16632156e17b9f775516401a21a378b63d55bf56d133050a7a45111c7fc03531d7cb6fcf38583447b723b07fc1c9374

Download Submit
C:\Windows\System\HgRBJDp.exe

Filesize
1.9MB

MD5
de9786385692940f770dc7c26b971b91

SHA1
f8dc39b68fb310e694e4a64702f18ffd68b53213

SHA256
4cc4609e92aec81a91d7ab80be8ccaf2f57735e53d2e370c66e92d53241fb13e

SHA512
7caaddf82efeebca3776137a8e22521cefcdb62aa81323a04dcf342b38ad9047366eb182db300b6b2fa3bf30289482034e8626ee4c735158b936c8bfba90419c

Download Submit
C:\Windows\System\HsRtnBd.exe

Filesize
1.9MB

MD5
fa2db89599b590f8016f2f8f8f78c086

SHA1
c74cb1321e36193d704a72d7aaa4e2e03f5036e1

SHA256
f67b4ca03c4f6e8556a76dc0ae103c3a2710b4b6da28f694144e9358aef8037b

SHA512
5bc9f444d3ecdb4483a82bce3c86d5741f809562682d14fefa4fef2e2d53068e0c5bf544121c525eba404e6e0a1a8337e1420940393b2d5c961732c290001573

Download Submit
C:\Windows\System\JGyIWbl.exe

Filesize
1.9MB

MD5
b38bca66eaecc1ed2c8059dc5bac5b59

SHA1
9c86e023d5579a1bce24d4625a9b0ebfc650b1f5

SHA256
bdb0175d501d8814bf5c22223f99fa8fdb38aabf71a21feb32f565baaa011ed2

SHA512
a23ceefff082c66c6bcc8b099233a43c4568f79be9d81af5b8169e619b2be630b8da0093b0389a4184a82efd0f8d1adad561d19949a14aec5abd908c522d5320

Download Submit
C:\Windows\System\JfGPGJR.exe

Filesize
1.9MB

MD5
be79e8a1362cbfbdd779d5311d1092ee

SHA1
33aa6a0bd1f6b37500638383c152c1d2122add1d

SHA256
1c75ce17296ef724b1fa5ee0314d30604ddbc6e9e199985c1abcf9fcfde25c58

SHA512
323b0f460b9b61587a1768a19b46cd1e4314607256b5bca9c5d70deefa4f64ba7cf5f0aadca2f99b9fcfc195a4b26be8cde8159cc809c9770ac8ea36b8c3c314

Download Submit
C:\Windows\System\JqjRPQF.exe

Filesize
1.9MB

MD5
f689e1e7e209f1db96f624811dbf1940

SHA1
0e4b7aeff1da050913425e1fe0a16114d2b77bd7

SHA256
3a4fad52b38a3514cef541dfd0c1b212b0227f8c0bf81bd5ed0e0974cae4ad63

SHA512
c0b7bdbcdfd4cb794fcd0fb6a67ddb5e9f107cbb0659f9d7be59aea0ff38def3b03128a09ab9035b3005ed5473b6bbb68cb40b1660cda8ac317e4e923d2c1e07

Download Submit
C:\Windows\System\OsAvebh.exe

Filesize
1.9MB

MD5
c63feac8b30418e222210a40a6cfadfe

SHA1
c378c43ba4c792697d12bc34276a207d95a30040

SHA256
2b60f24833b3497dc9a23b35885562fe3710616864d0c534811bb34d854b42fb

SHA512
ff78d788f0fbbe456ec7ca574ff6740e1f1922a57325b0e550e3dae748c54a2849584836b9b4c8564f2f4933f613675ec8d7c49231524a6e41828c1375da4ce2

Download Submit
C:\Windows\System\QMSnXwQ.exe

Filesize
1.9MB

MD5
58447fd62f35429bbf3721530822bb98

SHA1
a59159bf485aa6f64c109d0b1f959e23500e828e

SHA256
339e9b1119e7259c5df830896f57d73901c6912a692b470d40b736c8a67134cf

SHA512
3b608ad1e7ba3de648612f78a11121cc65d9f3fc25991efafb64dbde3200462ecfc67cd1834c5a1b6000ad683f35a018c2894ea4f1a92edbd75cdeec016066d9

Download Submit
C:\Windows\System\RYGqHoF.exe

Filesize
1.9MB

MD5
0ad29b671b36d02e1145ec9d014e45d7

SHA1
9ea9dd9d76198cfd062c88eefd4a5cf4a2bf4530

SHA256
273b2671ce0985e78064eaff3d5d8a660eae7dd230bc0ca1b525619ac1d28b1a

SHA512
9f931e4c35d21e9ba94cf38db0b8d8a447423b7a789f5c9ec815fcb83c16e58378a3ad0eed575a31211f6e54ac22e8ed0f2b9ad4c495755b3e4fe1545399b119

Download Submit
C:\Windows\System\TiGyQZv.exe

Filesize
1.9MB

MD5
8ee1b1ba3890a9a127327edc6fffd551

SHA1
53cc5f65e69e467a4f8f892cc57e597debc6795d

SHA256
556bf99e5f78f63335940cfab70258252b7172730a81c8d1a586384575428827

SHA512
26c10008c925325e19eb96287aa107bc7e492a547c96310e731c9f9b063211503593700a6fc3209320df8a4b3e02d1ef6930295dc85bae4db976a022aca5a755

Download Submit
C:\Windows\System\TveAZdp.exe

Filesize
1.9MB

MD5
e56a9bcc857e66f28c49fc13dc4ea5be

SHA1
8f7ee01576ec51018727c54a9bf6f957dec4d884

SHA256
885b0d3e5f87692ec019419b0bdec49bddda10c52a6c740a51f7e1b3c29968bf

SHA512
ec85e8f1f47cea5ded4f18aadb0176aff320600fe7e3d5e33a680e3a3925f4ecdc64b569a68638b03fb3ff93dc535ae6e0a09e7d0ce8467f4f870fffdf9cffbf

Download Submit
C:\Windows\System\TxPGdyz.exe

Filesize
1.9MB

MD5
00ab22eac7f0bb799219ab0e6ec9bab1

SHA1
71a96a62eef10cb175d934b55dc4f887b4c2672d

SHA256
954e786b14c13cbe59dda8c6497c17cdf35ff32a4a7b8ecc010114cc3f47f7cf

SHA512
fddb3d746906eecfc17f827ad7cb7096772be5d022809eb03facc916063e7a37a3f5eeae5dd72dc2f4c41e3532461b5162a4fa992024bf5c91f48aec07118795

Download Submit
C:\Windows\System\VKqxxLF.exe

Filesize
1.9MB

MD5
319b1d79dd3aee546918ddf6799deabd

SHA1
49d843192adfa71479f58165969be2712560fe4a

SHA256
803603ee59e02e92cc59fbbef9856151e9cbed281c3a81fbea63c72713434415

SHA512
c4dfc462834447483659a3d01e0f4ff88355604f4f076c17998d31499445dc2be370a170702f08f9c0c30dd27b3d5a11f55494bdd16aa840e79222a962d8549e

Download Submit
C:\Windows\System\VuvRyZB.exe

Filesize
1.9MB

MD5
d94ed2b58dc74c4e37835db90f3420e5

SHA1
ace4c9ee8cbcad3efa2067107e85dcad0dbae729

SHA256
a5df08950990fd318fa4653c788c4574d8dd83d9a0e141d42f3bcc8935feebc5

SHA512
b2f928a1b064413160be6f877d2ce3bbfa90e81d53c44827e78074a8ea9ac8700f31abc0851c5b7212de1edb0aaeb96cdec6b22c505ba2ec61ccaa1ff59a4465

Download Submit
C:\Windows\System\WMEimkY.exe

Filesize
1.9MB

MD5
2ce2256f634cfcf43f1edb45246dcdbc

SHA1
f769ab1bb9ba1838624070a7239f5e7d977badf3

SHA256
0048e1f6c692e93f263d227670e850a927ad6095e71a9782fb6a932d450c1103

SHA512
61f9226f1004c65149751e64f1e744158f07d3a59c183d90bea50d4eccfbcfe42409cc56f81a4923326a37f7f6dd52fc8adfae2cfc6fa89a86e52bce2d040add

Download Submit
C:\Windows\System\WmHYzBa.exe

Filesize
1.9MB

MD5
6b8fce78a955290676c5b56488501eec

SHA1
550d01c41db199d29e09af1d2ea2f53b48660bba

SHA256
a024882404ae4711ebc2da7c8746c62e48f3eb3861ea4f593523678ee67d103e

SHA512
2b932deedd87b5a1445fc3d7ac83a5c5b03ed3d1a870630458c24b93d6fb8786c235bd5bd9569ced04fbafdf5b07b159c20b64f2f07b38cd35b74a50ab909440

Download Submit
C:\Windows\System\ZdNisom.exe

Filesize
1.9MB

MD5
59528387ecee9ab70a7d4002fdb2c0ac

SHA1
94ad029dfaf52e665c03ab994e26aeee8194537c

SHA256
625b9a5fdfd65bb0e68554538a4acef9fe5bcb00395e9e54b2eb3d2a5e294a82

SHA512
34991bbd81b76488853a6692cecd6997ad51dac8cdb1decf6fdae258aa0325cb5c52d311a91097188a049d52a6e21691c81de86588de441af985f3579db000a8

Download Submit
C:\Windows\System\ZiJsdVg.exe

Filesize
1.9MB

MD5
d873565b9c3fe5a8d04dc19c7aa3e793

SHA1
907abb70189361b2241502fa53e3b7a764e448f3

SHA256
044d5c213f3bac5ddc2808e4c662494234c736f0abbc6cd9796d3fef68eb3232

SHA512
86937748243fa53730ea50ecfce1ddc7e3cb6dc8f33311de0249ff0a97a286e305adeb43e7472ea277e313f41d5379ac6cbba6b73349d0ed587c5afea8b2c4ea

Download Submit
C:\Windows\System\aqjwnFw.exe

Filesize
1.9MB

MD5
254a147e19cc3b201905e68234813828

SHA1
c4ae11f2104cf40331467a0d4f28f644d75f9187

SHA256
109d77e602ad21c144a013dc16897d0dc7a0056353ddb0ef31081d2ee7c270ac

SHA512
047556d08eebb7fdb42509a031ee33e39f8f99ad210cc503782a5f23615d4b62f359b6a40fe081107cdd8a3cf9d8bf9d3ccff7a2fde323c3bd1b98f14565ec00

Download Submit
C:\Windows\System\fabVlcE.exe

Filesize
1.9MB

MD5
aa7e437749c7cefbf7ec5cec1be57b6d

SHA1
3584daeea9bc97ca47d39c1dd2ef9a30deb7ae45

SHA256
414d69b37ed6c29fa3019c4adc66ca3d9e77137f2ccda81ec88995ffad756a4c

SHA512
22d296a19950dd8bd7ce3e6d6bff137a491cd4fe59c6ac48feb391d5e3ed6523064eacde44cf9b20829e6aa0595737c186da3a24e7f508bd11548f879b4d12ba

Download Submit
C:\Windows\System\iEhugWz.exe

Filesize
1.9MB

MD5
3adff861fac4f6234ded39e6d4de5db4

SHA1
10060caa3166b0a5e2bf9d16f000da0a09def4e3

SHA256
c650206604b811d4f98274a4e2fbb60ac345a79f26383653643eefd50dc211c3

SHA512
bc6147cbe5647b9a76d1e3ab8e9648ba112266c23443dd444fca99ac491b28c9b85aff5523b68229b38535e16b43beb3dd5d10702a61c72f2ba2eb21e6a7f871

Download Submit
C:\Windows\System\jFPqEib.exe

Filesize
1.9MB

MD5
22deddd4af3e50018cf28f7063671647

SHA1
f75ba5d3e1f1944cf43b4680a8b9b3c34b65577e

SHA256
7911745d3a70a80f020449e0f0d8bed94f616aeefad17317da6c03353f59ba3c

SHA512
638ee3d244bd47b8f92fccf728fab647043e7dc0d4c747e22c21eb2001446a17f1b406d963fcc92dec93ce3d092c1f8f06a34ecc81337f72636827c811a6637c

Download Submit
C:\Windows\System\jHvYazA.exe

Filesize
1.9MB

MD5
44a3f1600a939d126034180837977243

SHA1
2dfe0ca3ee6d011de35bbc54420d735830616ff5

SHA256
e95cf59bc6e44d66b5a5c10e7fe972e109b92c19f2cb3562da121974208b8ab3

SHA512
595efce924a04178aa21d38210b9c6e9bda6df328f478d5ac952e2e8efef0169ce5c16bad1daddbbb6ac6a82b1bc60ef3276c0b08dfdd541bd37de025850b635

Download Submit
C:\Windows\System\jLiMVQp.exe

Filesize
1.9MB

MD5
4ebcc87cc7334fd3e1d2c5025afa12f6

SHA1
aaf55861e3425d3591f910922487bc0c48ca5776

SHA256
5db2f40a0cddbef0886fe7b73349498fe44795654b46872d029d0d98f2262c1e

SHA512
674695df475960cf20f58da5d96f52238bc6eeff2256d54643cf3f47149780ad7d0aecf6a327f1521d747079d9d7d1a19a48492382cbe09b9f7aeb7cd1b0d096

Download Submit
C:\Windows\System\kNUcIPu.exe

Filesize
1.9MB

MD5
e474c0a388609cdc3752787b67ebf82b

SHA1
33817f252339bbfc31295537fb53a94b887edc0e

SHA256
6f44199034d0eac9320f4c3f2a4a059c2726ee4088bb9f7b8a4c08e032309dd1

SHA512
1d05ec3c7d608dbf3d7202979a7d2f88cf2f2e98724222096b93f021dfd4706d94e600992962d9c279f8f965cd59f8f2189337484e13517d2e1bcb5cbbe33ba4

Download Submit
C:\Windows\System\lPdURZK.exe

Filesize
1.9MB

MD5
6336630863f2b4237f5f5bc4d8f27603

SHA1
c060d8e1c78336429dbdc1ff57caac1042489f9d

SHA256
cd866054d9d68faf5ed4c3b2895f1cbd22357b0e14265db63c985206b3a4ba50

SHA512
a3817e990e79aeb843a977a1afaa68b03a5db07977f8435851cb3f93e95cb8e606525e1fbe5d460ab49f2e5ff301c512a8d3b601a3d30feed675dfd2e654b4f0

Download Submit
C:\Windows\System\lugqkGG.exe

Filesize
1.9MB

MD5
b4343c6f1e55152cf6e9581ac4f6718d

SHA1
18799f2293f2485fd4c6582891b446a4fc3956b1

SHA256
6bc75717af2475c5b40eefb878ea9eb48697b660815c5226c2335ee73c92033f

SHA512
05e625cf9ffa48831ed441cdbf1517437af73c7c94ca0356edc277cbd4d01c5e6732ae07967463c3f9193b9f1e4a145ebb7fe66dd94c9dc0b3fd83c7d9dcd135

Download Submit
C:\Windows\System\nJhceAQ.exe

Filesize
1.9MB

MD5
5729a16f6ed38b46a20d1328591a3195

SHA1
c8769f24b93adbdaed806cbcea7fddd0e3d3a36a

SHA256
2ed37bab41ae0dade4b47eb75b7cb655d401b7c1a252227151261201bdfdeec5

SHA512
794201f0c58e1a61f93b640276ac78876ef269df512ffb259633e84d3aabd50fa72a881b3cbccb2a274a91a5e1b7ce9470d72f2cb48034af37deac0d27802aae

Download Submit
C:\Windows\System\owZLgfb.exe

Filesize
1.9MB

MD5
771971c2f9e8541e8e328327dea9bb75

SHA1
b7bec59fc7332a43e1282e98d98fb12b1355e17b

SHA256
41fefe708af23ee9d1864c3eb09625b330084a4cba4273c7b00296b8aa86d5fa

SHA512
841d63b311f839b5a07c48f35829ef1df56db5925662782227d998428b6d225df227141a45146b378129193c8ff0b87ce70ed41839d8f5b6da640b8ce05efc95

Download Submit
C:\Windows\System\pnzVtkD.exe

Filesize
1.9MB

MD5
c74f25fe8158b0a140b656841b9ecd35

SHA1
9e7c44b72e8fb609c968060e18eca38bbd451a50

SHA256
8fa7f27ce3f6bc1189914c264d7e0548c1a68b581a1a29d95fa73669120da2c9

SHA512
12e8e68577cbb13ebb3558b2ddcd77764eb76f2d2a02c32682f5b3d1a2d2b4b362b08ca717d133cacc14b880b4c83d45e2994dac45f4f109434b8a82415359b4

Download Submit
C:\Windows\System\uHgKUbi.exe

Filesize
1.9MB

MD5
7165d7afe1a7444ad9c998d131e986ac

SHA1
c7f6db9e1b62fc946a52e1315ebc377061f7cd1b

SHA256
1a1cf72923ca65f115030fb2b96861bc89c8fbbe5d5d092efeec654081797a26

SHA512
c26bfe874ba625d909e645024d26ec673059dd9afaa2563818695c6bfebe63c7a6560f8688fad3f45347da6350eb3ddcd576cd86fe54d5a7bb3be2293187ea00

Download Submit
C:\Windows\System\wazwEFT.exe

Filesize
1.9MB

MD5
8b44cbacc48113d8d23ca529012b0753

SHA1
2d131914f8c110ce0d7868f246a1d05f7b2c0215

SHA256
ad81644ee2b57b98256d4236a003b8e4deaae61592e8b3d94808f803221aaa97

SHA512
7af75e17c552ade27f165104c4414d5f6aa3d893105c8c943315405c6b5ad3fbd7e4ef8065c6d4f70eed05706725db0bc27023b3b8f5dc281050acb7752ee897

Download Submit
C:\Windows\System\wrXMlqi.exe

Filesize
1.9MB

MD5
fe3a9e73fcbd9d66838ff29c2bd5171c

SHA1
1092c790bf549e146b7ca9d36373733ed1a79748

SHA256
b94243b182d6a06fbbd1b8f541f520414e30b983dc7af515691e97146f34837d

SHA512
d4e2642c8e19663d8f15b0ce0354623c829424a9b180e570832b7b231fd723921342387ff0e8c60898c1e647b1d3af676af92056224f39bffa0ffa8c907a0b13

Download Submit
C:\Windows\System\xYxIWIZ.exe

Filesize
1.9MB

MD5
b63ba2f79c477345d4cb169a8bd96317

SHA1
2aee8c6ff8108a0fea620823d9e625ec1de818fe

SHA256
afd03ff4ee1d8298849f358e93a24f70519323bb2c06e8caacdad6af0ab1c96a

SHA512
fc294151888717e518441f143b89f34be5885afc5dad21ad8914a99c2e40ab511414b14572e82518af15d11f7bbaf63e07a9fe99b8309e6b62eaa586d1d5bbaa

Download Submit
C:\Windows\System\yhXeRHe.exe

Filesize
1.9MB

MD5
0d3937f4ed51c416c6416c978e4be38a

SHA1
cbeea161ee1bf28a6c044953c1fb4ba7a406fec2

SHA256
b462379d974b0e2f0ce908fada72f5dc24882276687a69d4650115475793c116

SHA512
f842c45bdcd6c967a0cf743c89684edf0dc8b9c2529300e34eb941b0ae509f3e38b1a753f7e7e9b1848303bbe99dc31b88112aea5c10d6869e6a038efbc5fbaf

Download Submit
memory/804-300-0x00007FF714B10000-0x00007FF714F02000-memory.dmp

Filesize
3.9MB

Download
memory/804-2357-0x00007FF714B10000-0x00007FF714F02000-memory.dmp

Filesize
3.9MB

Download
memory/1100-367-0x000002625AC70000-0x000002625AC92000-memory.dmp

Filesize
136KB

Download
memory/1100-368-0x0000026275BE0000-0x0000026276386000-memory.dmp

Filesize
7.6MB

Download
memory/1192-2257-0x00007FF72BD90000-0x00007FF72C182000-memory.dmp

Filesize
3.9MB

Download
memory/1192-275-0x00007FF72BD90000-0x00007FF72C182000-memory.dmp

Filesize
3.9MB

Download
memory/1492-2268-0x00007FF754060000-0x00007FF754452000-memory.dmp

Filesize
3.9MB

Download
memory/1492-293-0x00007FF754060000-0x00007FF754452000-memory.dmp

Filesize
3.9MB

Download
memory/1508-2224-0x00007FF6AECD0000-0x00007FF6AF0C2000-memory.dmp

Filesize
3.9MB

Download
memory/1508-2120-0x00007FF6AECD0000-0x00007FF6AF0C2000-memory.dmp

Filesize
3.9MB

Download
memory/1508-67-0x00007FF6AECD0000-0x00007FF6AF0C2000-memory.dmp

Filesize
3.9MB

Download
memory/1736-291-0x00007FF718AA0000-0x00007FF718E92000-memory.dmp

Filesize
3.9MB

Download
memory/1736-2255-0x00007FF718AA0000-0x00007FF718E92000-memory.dmp

Filesize
3.9MB

Download
memory/1856-278-0x00007FF6F0570000-0x00007FF6F0962000-memory.dmp

Filesize
3.9MB

Download
memory/1856-2260-0x00007FF6F0570000-0x00007FF6F0962000-memory.dmp

Filesize
3.9MB

Download
memory/2096-194-0x00007FF6FD770000-0x00007FF6FDB62000-memory.dmp

Filesize
3.9MB

Download
memory/2096-2245-0x00007FF6FD770000-0x00007FF6FDB62000-memory.dmp

Filesize
3.9MB

Download
memory/2364-2246-0x00007FF792600000-0x00007FF7929F2000-memory.dmp

Filesize
3.9MB

Download
memory/2364-152-0x00007FF792600000-0x00007FF7929F2000-memory.dmp

Filesize
3.9MB

Download
memory/2364-2123-0x00007FF792600000-0x00007FF7929F2000-memory.dmp

Filesize
3.9MB

Download
memory/2416-2277-0x00007FF6EC370000-0x00007FF6EC762000-memory.dmp

Filesize
3.9MB

Download
memory/2416-292-0x00007FF6EC370000-0x00007FF6EC762000-memory.dmp

Filesize
3.9MB

Download
memory/2768-296-0x00007FF664290000-0x00007FF664682000-memory.dmp

Filesize
3.9MB

Download
memory/2768-2221-0x00007FF664290000-0x00007FF664682000-memory.dmp

Filesize
3.9MB

Download
memory/2796-289-0x00007FF6FA3C0000-0x00007FF6FA7B2000-memory.dmp

Filesize
3.9MB

Download
memory/2796-2266-0x00007FF6FA3C0000-0x00007FF6FA7B2000-memory.dmp

Filesize
3.9MB

Download
memory/2868-288-0x00007FF6432E0000-0x00007FF6436D2000-memory.dmp

Filesize
3.9MB

Download
memory/2868-2262-0x00007FF6432E0000-0x00007FF6436D2000-memory.dmp

Filesize
3.9MB

Download
memory/2884-2121-0x00007FF687E90000-0x00007FF688282000-memory.dmp

Filesize
3.9MB

Download
memory/2884-102-0x00007FF687E90000-0x00007FF688282000-memory.dmp

Filesize
3.9MB

Download
memory/2884-2244-0x00007FF687E90000-0x00007FF688282000-memory.dmp

Filesize
3.9MB

Download
memory/3044-2225-0x00007FF730840000-0x00007FF730C32000-memory.dmp

Filesize
3.9MB

Download
memory/3044-297-0x00007FF730840000-0x00007FF730C32000-memory.dmp

Filesize
3.9MB

Download
memory/3324-2254-0x00007FF76B6C0000-0x00007FF76BAB2000-memory.dmp

Filesize
3.9MB

Download
memory/3324-197-0x00007FF76B6C0000-0x00007FF76BAB2000-memory.dmp

Filesize
3.9MB

Download
memory/3796-299-0x00007FF6F58F0000-0x00007FF6F5CE2000-memory.dmp

Filesize
3.9MB

Download
memory/3796-2229-0x00007FF6F58F0000-0x00007FF6F5CE2000-memory.dmp

Filesize
3.9MB

Download
memory/3872-294-0x00007FF609450000-0x00007FF609842000-memory.dmp

Filesize
3.9MB

Download
memory/3872-2264-0x00007FF609450000-0x00007FF609842000-memory.dmp

Filesize
3.9MB

Download
memory/4040-18-0x00007FF659230000-0x00007FF659622000-memory.dmp

Filesize
3.9MB

Download
memory/4040-2217-0x00007FF659230000-0x00007FF659622000-memory.dmp

Filesize
3.9MB

Download
memory/4204-24-0x00007FF70C160000-0x00007FF70C552000-memory.dmp

Filesize
3.9MB

Download
memory/4204-2219-0x00007FF70C160000-0x00007FF70C552000-memory.dmp

Filesize
3.9MB

Download
memory/4204-2118-0x00007FF70C160000-0x00007FF70C552000-memory.dmp

Filesize
3.9MB

Download
memory/4236-295-0x00007FF66BF00000-0x00007FF66C2F2000-memory.dmp

Filesize
3.9MB

Download
memory/4236-2270-0x00007FF66BF00000-0x00007FF66C2F2000-memory.dmp

Filesize
3.9MB

Download
memory/4272-290-0x00007FF765CA0000-0x00007FF766092000-memory.dmp

Filesize
3.9MB

Download
memory/4272-2252-0x00007FF765CA0000-0x00007FF766092000-memory.dmp

Filesize
3.9MB

Download
memory/4292-298-0x00007FF7869B0000-0x00007FF786DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4292-2247-0x00007FF7869B0000-0x00007FF786DA2000-memory.dmp

Filesize
3.9MB

Download
memory/4752-206-0x00007FF7E3110000-0x00007FF7E3502000-memory.dmp

Filesize
3.9MB

Download
memory/4752-2248-0x00007FF7E3110000-0x00007FF7E3502000-memory.dmp

Filesize
3.9MB

Download
memory/4980-1846-0x00007FF671BA0000-0x00007FF671F92000-memory.dmp

Filesize
3.9MB

Download
memory/4980-0-0x00007FF671BA0000-0x00007FF671F92000-memory.dmp

Filesize
3.9MB

Download
memory/4980-1-0x0000029507290000-0x00000295072A0000-memory.dmp

Filesize
64KB

Download
memory/5016-2227-0x00007FF7AE4C0000-0x00007FF7AE8B2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-28-0x00007FF7AE4C0000-0x00007FF7AE8B2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-2132-0x00007FF7AE4C0000-0x00007FF7AE8B2000-memory.dmp

Filesize
3.9MB

Download