xmrig | c65755afb18bb1660d4d7710ddcb611745a4f34c208d4b14a30db9e03bd12e02

Analysis

max time kernel
93s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 06:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4670e9c9910018dd36d2d2439c975a00N.exe
Size

3.0MB
MD5

4670e9c9910018dd36d2d2439c975a00
SHA1

cdbf7a68990bdaa9ae818269d094bff29669e4c5
SHA256

c65755afb18bb1660d4d7710ddcb611745a4f34c208d4b14a30db9e03bd12e02
SHA512

7e3f7dab6b379d52dd79b46615b65a2a4029929c8c12f0ba01570f02fcd1bf906e66fffe12fd13d37553f493e9e0078132b1e23289163b08d00e6bf6d5f6980a
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkibTIA5sf6r+WVp:71ONtyBeSFkXV1etEKLlWUTOfeiRA2Rf

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4756-0-0x00007FF691E50000-0x00007FF692246000-memory.dmp	xmrig
behavioral2/files/0x00070000000234d2-8.dat	xmrig
behavioral2/files/0x00090000000234ca-11.dat	xmrig
behavioral2/files/0x00070000000234d3-9.dat	xmrig
behavioral2/files/0x00070000000234d4-31.dat	xmrig
behavioral2/files/0x00070000000234d7-39.dat	xmrig
behavioral2/files/0x00070000000234d8-46.dat	xmrig
behavioral2/files/0x00080000000234d5-52.dat	xmrig
behavioral2/files/0x00070000000234da-65.dat	xmrig
behavioral2/files/0x00070000000234d9-67.dat	xmrig
behavioral2/memory/4860-71-0x00007FF618040000-0x00007FF618436000-memory.dmp	xmrig
behavioral2/memory/2584-73-0x00007FF78BDC0000-0x00007FF78C1B6000-memory.dmp	xmrig
behavioral2/memory/1764-74-0x00007FF774E70000-0x00007FF775266000-memory.dmp	xmrig
behavioral2/memory/3456-72-0x00007FF7A8630000-0x00007FF7A8A26000-memory.dmp	xmrig
behavioral2/memory/2828-69-0x00007FF6386F0000-0x00007FF638AE6000-memory.dmp	xmrig
behavioral2/memory/4820-66-0x00007FF645120000-0x00007FF645516000-memory.dmp	xmrig
behavioral2/memory/4736-64-0x00007FF6FCEA0000-0x00007FF6FD296000-memory.dmp	xmrig
behavioral2/memory/3552-58-0x00007FF60D4E0000-0x00007FF60D8D6000-memory.dmp	xmrig
behavioral2/memory/1596-53-0x00007FF73D410000-0x00007FF73D806000-memory.dmp	xmrig
behavioral2/memory/4672-49-0x00007FF76B130000-0x00007FF76B526000-memory.dmp	xmrig
behavioral2/files/0x00080000000234d6-34.dat	xmrig
behavioral2/files/0x00090000000234cb-82.dat	xmrig
behavioral2/memory/1532-87-0x00007FF6B3470000-0x00007FF6B3866000-memory.dmp	xmrig
behavioral2/memory/2512-94-0x00007FF6163D0000-0x00007FF6167C6000-memory.dmp	xmrig
behavioral2/memory/3560-100-0x00007FF634B10000-0x00007FF634F06000-memory.dmp	xmrig
behavioral2/files/0x00070000000234e0-109.dat	xmrig
behavioral2/memory/4732-112-0x00007FF6A6C90000-0x00007FF6A7086000-memory.dmp	xmrig
behavioral2/files/0x00070000000234e2-125.dat	xmrig
behavioral2/files/0x00070000000234e1-123.dat	xmrig
behavioral2/files/0x00070000000234df-113.dat	xmrig
behavioral2/memory/3412-110-0x00007FF6FF970000-0x00007FF6FFD66000-memory.dmp	xmrig
behavioral2/memory/5016-107-0x00007FF69B880000-0x00007FF69BC76000-memory.dmp	xmrig
behavioral2/files/0x00070000000234de-102.dat	xmrig
behavioral2/files/0x00070000000234dc-98.dat	xmrig
behavioral2/files/0x00070000000234dd-93.dat	xmrig
behavioral2/files/0x00070000000234db-84.dat	xmrig
behavioral2/memory/3876-129-0x00007FF665420000-0x00007FF665816000-memory.dmp	xmrig
behavioral2/memory/2260-130-0x00007FF695910000-0x00007FF695D06000-memory.dmp	xmrig
behavioral2/memory/3196-131-0x00007FF64ECC0000-0x00007FF64F0B6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234e3-134.dat	xmrig
behavioral2/files/0x00070000000234e4-138.dat	xmrig
behavioral2/memory/4756-141-0x00007FF691E50000-0x00007FF692246000-memory.dmp	xmrig
behavioral2/files/0x00070000000234e5-144.dat	xmrig
behavioral2/files/0x00070000000234e8-158.dat	xmrig
behavioral2/memory/5052-175-0x00007FF640490000-0x00007FF640886000-memory.dmp	xmrig
behavioral2/files/0x00070000000234ea-178.dat	xmrig
behavioral2/files/0x00070000000234e9-176.dat	xmrig
behavioral2/memory/3468-174-0x00007FF65DFE0000-0x00007FF65E3D6000-memory.dmp	xmrig
behavioral2/memory/468-173-0x00007FF6B7FB0000-0x00007FF6B83A6000-memory.dmp	xmrig
behavioral2/memory/376-166-0x00007FF72C7D0000-0x00007FF72CBC6000-memory.dmp	xmrig
behavioral2/files/0x00070000000234e6-163.dat	xmrig
behavioral2/files/0x00070000000234e7-159.dat	xmrig
behavioral2/memory/3908-137-0x00007FF78BE80000-0x00007FF78C276000-memory.dmp	xmrig
behavioral2/files/0x0007000000023508-284.dat	xmrig
behavioral2/files/0x000700000002350e-296.dat	xmrig
behavioral2/files/0x0007000000023512-313.dat	xmrig
behavioral2/memory/1764-283-0x00007FF774E70000-0x00007FF775266000-memory.dmp	xmrig
behavioral2/files/0x00070000000234eb-270.dat	xmrig
behavioral2/files/0x0007000000023515-405.dat	xmrig
behavioral2/memory/1532-395-0x00007FF6B3470000-0x00007FF6B3866000-memory.dmp	xmrig
behavioral2/memory/3876-765-0x00007FF665420000-0x00007FF665816000-memory.dmp	xmrig
behavioral2/memory/4732-761-0x00007FF6A6C90000-0x00007FF6A7086000-memory.dmp	xmrig
behavioral2/memory/3908-1097-0x00007FF78BE80000-0x00007FF78C276000-memory.dmp	xmrig
behavioral2/memory/2828-2459-0x00007FF6386F0000-0x00007FF638AE6000-memory.dmp	xmrig

Blocklisted process makes network request 8 IoCs

flow	pid	Process
9	3264	powershell.exe
11	3264	powershell.exe
15	3264	powershell.exe
16	3264	powershell.exe
18	3264	powershell.exe
20	3264	powershell.exe
21	3264	powershell.exe
22	3264	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3264	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2828	BcfWPWL.exe
4672	YNhmxKt.exe
1596	UAjRtHb.exe
4860	axuHtkH.exe
3552	YlvKsFD.exe
4736	EGVdoHL.exe
4820	NmPkxBe.exe
3456	NzrSIvu.exe
2584	pqZlrbn.exe
1764	dWsBfNL.exe
1532	Cdfyeqj.exe
2512	svnLrsI.exe
5016	qlXfnZv.exe
3560	UgrWNPq.exe
3412	hxvwWNH.exe
3876	LBIBDoF.exe
4732	QZWPOKH.exe
3196	KoWsxUE.exe
2260	HBtwfZN.exe
3908	DrAxWtJ.exe
376	lbeZKRc.exe
468	rFhsPbZ.exe
3468	XAlnjIG.exe
5052	roZCGBS.exe
2912	wpBCQXp.exe
2632	FiRvtcp.exe
5048	JUiDHMi.exe
3140	JcKgJCT.exe
716	NnOyRnG.exe
3244	kwqBxgc.exe
3348	PqsLfXv.exe
1712	qbTWoCy.exe
2416	KdKpTwU.exe
3300	lKmgxHO.exe
4004	GknVLYx.exe
1932	tFVufnq.exe
2840	pIEXpsr.exe
2280	wXUkcVq.exe
4500	aVYtSbA.exe
3400	AfZnpUi.exe
4892	Fblpzwo.exe
5112	OvoESPQ.exe
1160	goxcYWY.exe
1088	OyNDeZK.exe
3368	DnzmDke.exe
2844	ekaElqE.exe
3080	irfYNyy.exe
2768	AcdYphK.exe
3612	GEuqjvS.exe
884	akIGgyA.exe
3980	iuraZlG.exe
4100	oxQNItu.exe
860	CDbEXLH.exe
4056	dfsvsce.exe
624	tbeRoJy.exe
4480	unYjGFx.exe
1928	bEPTEpK.exe
2748	AzhDWYc.exe
1676	SyTdWOI.exe
1644	SBjJOTY.exe
3516	ekYxUcr.exe
4356	EISJZZQ.exe
4344	xZYvevr.exe
2468	Srlnxnt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4756-0-0x00007FF691E50000-0x00007FF692246000-memory.dmp	upx
behavioral2/files/0x00070000000234d2-8.dat	upx
behavioral2/files/0x00090000000234ca-11.dat	upx
behavioral2/files/0x00070000000234d3-9.dat	upx
behavioral2/files/0x00070000000234d4-31.dat	upx
behavioral2/files/0x00070000000234d7-39.dat	upx
behavioral2/files/0x00070000000234d8-46.dat	upx
behavioral2/files/0x00080000000234d5-52.dat	upx
behavioral2/files/0x00070000000234da-65.dat	upx
behavioral2/files/0x00070000000234d9-67.dat	upx
behavioral2/memory/4860-71-0x00007FF618040000-0x00007FF618436000-memory.dmp	upx
behavioral2/memory/2584-73-0x00007FF78BDC0000-0x00007FF78C1B6000-memory.dmp	upx
behavioral2/memory/1764-74-0x00007FF774E70000-0x00007FF775266000-memory.dmp	upx
behavioral2/memory/3456-72-0x00007FF7A8630000-0x00007FF7A8A26000-memory.dmp	upx
behavioral2/memory/2828-69-0x00007FF6386F0000-0x00007FF638AE6000-memory.dmp	upx
behavioral2/memory/4820-66-0x00007FF645120000-0x00007FF645516000-memory.dmp	upx
behavioral2/memory/4736-64-0x00007FF6FCEA0000-0x00007FF6FD296000-memory.dmp	upx
behavioral2/memory/3552-58-0x00007FF60D4E0000-0x00007FF60D8D6000-memory.dmp	upx
behavioral2/memory/1596-53-0x00007FF73D410000-0x00007FF73D806000-memory.dmp	upx
behavioral2/memory/4672-49-0x00007FF76B130000-0x00007FF76B526000-memory.dmp	upx
behavioral2/files/0x00080000000234d6-34.dat	upx
behavioral2/files/0x00090000000234cb-82.dat	upx
behavioral2/memory/1532-87-0x00007FF6B3470000-0x00007FF6B3866000-memory.dmp	upx
behavioral2/memory/2512-94-0x00007FF6163D0000-0x00007FF6167C6000-memory.dmp	upx
behavioral2/memory/3560-100-0x00007FF634B10000-0x00007FF634F06000-memory.dmp	upx
behavioral2/files/0x00070000000234e0-109.dat	upx
behavioral2/memory/4732-112-0x00007FF6A6C90000-0x00007FF6A7086000-memory.dmp	upx
behavioral2/files/0x00070000000234e2-125.dat	upx
behavioral2/files/0x00070000000234e1-123.dat	upx
behavioral2/files/0x00070000000234df-113.dat	upx
behavioral2/memory/3412-110-0x00007FF6FF970000-0x00007FF6FFD66000-memory.dmp	upx
behavioral2/memory/5016-107-0x00007FF69B880000-0x00007FF69BC76000-memory.dmp	upx
behavioral2/files/0x00070000000234de-102.dat	upx
behavioral2/files/0x00070000000234dc-98.dat	upx
behavioral2/files/0x00070000000234dd-93.dat	upx
behavioral2/files/0x00070000000234db-84.dat	upx
behavioral2/memory/3876-129-0x00007FF665420000-0x00007FF665816000-memory.dmp	upx
behavioral2/memory/2260-130-0x00007FF695910000-0x00007FF695D06000-memory.dmp	upx
behavioral2/memory/3196-131-0x00007FF64ECC0000-0x00007FF64F0B6000-memory.dmp	upx
behavioral2/files/0x00070000000234e3-134.dat	upx
behavioral2/files/0x00070000000234e4-138.dat	upx
behavioral2/memory/4756-141-0x00007FF691E50000-0x00007FF692246000-memory.dmp	upx
behavioral2/files/0x00070000000234e5-144.dat	upx
behavioral2/files/0x00070000000234e8-158.dat	upx
behavioral2/memory/5052-175-0x00007FF640490000-0x00007FF640886000-memory.dmp	upx
behavioral2/files/0x00070000000234ea-178.dat	upx
behavioral2/files/0x00070000000234e9-176.dat	upx
behavioral2/memory/3468-174-0x00007FF65DFE0000-0x00007FF65E3D6000-memory.dmp	upx
behavioral2/memory/468-173-0x00007FF6B7FB0000-0x00007FF6B83A6000-memory.dmp	upx
behavioral2/memory/376-166-0x00007FF72C7D0000-0x00007FF72CBC6000-memory.dmp	upx
behavioral2/files/0x00070000000234e6-163.dat	upx
behavioral2/files/0x00070000000234e7-159.dat	upx
behavioral2/memory/3908-137-0x00007FF78BE80000-0x00007FF78C276000-memory.dmp	upx
behavioral2/files/0x0007000000023508-284.dat	upx
behavioral2/files/0x000700000002350e-296.dat	upx
behavioral2/files/0x0007000000023512-313.dat	upx
behavioral2/memory/1764-283-0x00007FF774E70000-0x00007FF775266000-memory.dmp	upx
behavioral2/files/0x00070000000234eb-270.dat	upx
behavioral2/files/0x0007000000023515-405.dat	upx
behavioral2/memory/1532-395-0x00007FF6B3470000-0x00007FF6B3866000-memory.dmp	upx
behavioral2/memory/3876-765-0x00007FF665420000-0x00007FF665816000-memory.dmp	upx
behavioral2/memory/4732-761-0x00007FF6A6C90000-0x00007FF6A7086000-memory.dmp	upx
behavioral2/memory/3908-1097-0x00007FF78BE80000-0x00007FF78C276000-memory.dmp	upx
behavioral2/memory/2828-2459-0x00007FF6386F0000-0x00007FF638AE6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XmXUQUB.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\rnPeeLv.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\mUwFKCZ.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\wRxhvXU.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\LrOwbVq.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\zOHVkQM.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\kcuYBqd.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\tFBKyPi.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\XTIOVka.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\CJtGhfg.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\HYdpRPR.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\emhCThS.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\HnRXCxR.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\yTIGkPf.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\LTHeeVZ.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\jZoKyip.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\TMxwozh.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\ylqrdrj.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\rIcBSdp.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\XoOsNvN.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\EcUNDhe.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\NIMXxhC.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\Yigxtab.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\MCqbual.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\CAJhykC.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\OScAzNJ.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\ZhHtNnk.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\prjGvll.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\NESTRft.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\vjEBEDE.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\YDRByGr.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\XVUnzoN.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\fXuiZXH.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\isaZlMM.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\ejESYmk.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\nZLHpAi.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\EdvcjHC.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\hUsRAwI.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\WmtBndF.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\KHmTiPC.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\sAUtQyE.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\sUqAKSO.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\DrAxWtJ.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\YOGLzQj.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\nuqIHSt.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\Smdcrem.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\PUercIm.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\lIrlUrG.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\iSwOeYb.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\gKMwMIq.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\WirmlBD.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\KkQjorg.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\YhTdqIP.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\sVFWxNg.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\JPuFrHR.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\twIPuiB.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\cTBWhAE.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\wfWZyyX.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\PUSEUrK.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\JZPEcsb.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\QfnkOtq.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\UCSLVgF.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\DvHgcDg.exe	4670e9c9910018dd36d2d2439c975a00N.exe
File created	C:\Windows\System\xNTajaP.exe	4670e9c9910018dd36d2d2439c975a00N.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3264	powershell.exe
3264	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3264	powershell.exe
Token: SeLockMemoryPrivilege	4756	4670e9c9910018dd36d2d2439c975a00N.exe
Token: SeLockMemoryPrivilege	4756	4670e9c9910018dd36d2d2439c975a00N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 3264	4756	4670e9c9910018dd36d2d2439c975a00N.exe	83
PID 4756 wrote to memory of 3264	4756	4670e9c9910018dd36d2d2439c975a00N.exe	83
PID 4756 wrote to memory of 2828	4756	4670e9c9910018dd36d2d2439c975a00N.exe	84
PID 4756 wrote to memory of 2828	4756	4670e9c9910018dd36d2d2439c975a00N.exe	84
PID 4756 wrote to memory of 4672	4756	4670e9c9910018dd36d2d2439c975a00N.exe	85
PID 4756 wrote to memory of 4672	4756	4670e9c9910018dd36d2d2439c975a00N.exe	85
PID 4756 wrote to memory of 1596	4756	4670e9c9910018dd36d2d2439c975a00N.exe	86
PID 4756 wrote to memory of 1596	4756	4670e9c9910018dd36d2d2439c975a00N.exe	86
PID 4756 wrote to memory of 4860	4756	4670e9c9910018dd36d2d2439c975a00N.exe	87
PID 4756 wrote to memory of 4860	4756	4670e9c9910018dd36d2d2439c975a00N.exe	87
PID 4756 wrote to memory of 3552	4756	4670e9c9910018dd36d2d2439c975a00N.exe	88
PID 4756 wrote to memory of 3552	4756	4670e9c9910018dd36d2d2439c975a00N.exe	88
PID 4756 wrote to memory of 4736	4756	4670e9c9910018dd36d2d2439c975a00N.exe	89
PID 4756 wrote to memory of 4736	4756	4670e9c9910018dd36d2d2439c975a00N.exe	89
PID 4756 wrote to memory of 4820	4756	4670e9c9910018dd36d2d2439c975a00N.exe	90
PID 4756 wrote to memory of 4820	4756	4670e9c9910018dd36d2d2439c975a00N.exe	90
PID 4756 wrote to memory of 3456	4756	4670e9c9910018dd36d2d2439c975a00N.exe	91
PID 4756 wrote to memory of 3456	4756	4670e9c9910018dd36d2d2439c975a00N.exe	91
PID 4756 wrote to memory of 2584	4756	4670e9c9910018dd36d2d2439c975a00N.exe	92
PID 4756 wrote to memory of 2584	4756	4670e9c9910018dd36d2d2439c975a00N.exe	92
PID 4756 wrote to memory of 1764	4756	4670e9c9910018dd36d2d2439c975a00N.exe	93
PID 4756 wrote to memory of 1764	4756	4670e9c9910018dd36d2d2439c975a00N.exe	93
PID 4756 wrote to memory of 1532	4756	4670e9c9910018dd36d2d2439c975a00N.exe	94
PID 4756 wrote to memory of 1532	4756	4670e9c9910018dd36d2d2439c975a00N.exe	94
PID 4756 wrote to memory of 2512	4756	4670e9c9910018dd36d2d2439c975a00N.exe	95
PID 4756 wrote to memory of 2512	4756	4670e9c9910018dd36d2d2439c975a00N.exe	95
PID 4756 wrote to memory of 5016	4756	4670e9c9910018dd36d2d2439c975a00N.exe	96
PID 4756 wrote to memory of 5016	4756	4670e9c9910018dd36d2d2439c975a00N.exe	96
PID 4756 wrote to memory of 3560	4756	4670e9c9910018dd36d2d2439c975a00N.exe	97
PID 4756 wrote to memory of 3560	4756	4670e9c9910018dd36d2d2439c975a00N.exe	97
PID 4756 wrote to memory of 3412	4756	4670e9c9910018dd36d2d2439c975a00N.exe	98
PID 4756 wrote to memory of 3412	4756	4670e9c9910018dd36d2d2439c975a00N.exe	98
PID 4756 wrote to memory of 3876	4756	4670e9c9910018dd36d2d2439c975a00N.exe	99
PID 4756 wrote to memory of 3876	4756	4670e9c9910018dd36d2d2439c975a00N.exe	99
PID 4756 wrote to memory of 4732	4756	4670e9c9910018dd36d2d2439c975a00N.exe	100
PID 4756 wrote to memory of 4732	4756	4670e9c9910018dd36d2d2439c975a00N.exe	100
PID 4756 wrote to memory of 3196	4756	4670e9c9910018dd36d2d2439c975a00N.exe	101
PID 4756 wrote to memory of 3196	4756	4670e9c9910018dd36d2d2439c975a00N.exe	101
PID 4756 wrote to memory of 2260	4756	4670e9c9910018dd36d2d2439c975a00N.exe	102
PID 4756 wrote to memory of 2260	4756	4670e9c9910018dd36d2d2439c975a00N.exe	102
PID 4756 wrote to memory of 3908	4756	4670e9c9910018dd36d2d2439c975a00N.exe	103
PID 4756 wrote to memory of 3908	4756	4670e9c9910018dd36d2d2439c975a00N.exe	103
PID 4756 wrote to memory of 376	4756	4670e9c9910018dd36d2d2439c975a00N.exe	104
PID 4756 wrote to memory of 376	4756	4670e9c9910018dd36d2d2439c975a00N.exe	104
PID 4756 wrote to memory of 468	4756	4670e9c9910018dd36d2d2439c975a00N.exe	105
PID 4756 wrote to memory of 468	4756	4670e9c9910018dd36d2d2439c975a00N.exe	105
PID 4756 wrote to memory of 3468	4756	4670e9c9910018dd36d2d2439c975a00N.exe	106
PID 4756 wrote to memory of 3468	4756	4670e9c9910018dd36d2d2439c975a00N.exe	106
PID 4756 wrote to memory of 5052	4756	4670e9c9910018dd36d2d2439c975a00N.exe	107
PID 4756 wrote to memory of 5052	4756	4670e9c9910018dd36d2d2439c975a00N.exe	107
PID 4756 wrote to memory of 2912	4756	4670e9c9910018dd36d2d2439c975a00N.exe	108
PID 4756 wrote to memory of 2912	4756	4670e9c9910018dd36d2d2439c975a00N.exe	108
PID 4756 wrote to memory of 2632	4756	4670e9c9910018dd36d2d2439c975a00N.exe	109
PID 4756 wrote to memory of 2632	4756	4670e9c9910018dd36d2d2439c975a00N.exe	109
PID 4756 wrote to memory of 5048	4756	4670e9c9910018dd36d2d2439c975a00N.exe	110
PID 4756 wrote to memory of 5048	4756	4670e9c9910018dd36d2d2439c975a00N.exe	110
PID 4756 wrote to memory of 3140	4756	4670e9c9910018dd36d2d2439c975a00N.exe	111
PID 4756 wrote to memory of 3140	4756	4670e9c9910018dd36d2d2439c975a00N.exe	111
PID 4756 wrote to memory of 716	4756	4670e9c9910018dd36d2d2439c975a00N.exe	112
PID 4756 wrote to memory of 716	4756	4670e9c9910018dd36d2d2439c975a00N.exe	112
PID 4756 wrote to memory of 3244	4756	4670e9c9910018dd36d2d2439c975a00N.exe	114
PID 4756 wrote to memory of 3244	4756	4670e9c9910018dd36d2d2439c975a00N.exe	114
PID 4756 wrote to memory of 3348	4756	4670e9c9910018dd36d2d2439c975a00N.exe	115
PID 4756 wrote to memory of 3348	4756	4670e9c9910018dd36d2d2439c975a00N.exe	115

C:\Users\Admin\AppData\Local\Temp\4670e9c9910018dd36d2d2439c975a00N.exe
"C:\Users\Admin\AppData\Local\Temp\4670e9c9910018dd36d2d2439c975a00N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3264
- C:\Windows\System\BcfWPWL.exe
  C:\Windows\System\BcfWPWL.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\YNhmxKt.exe
  C:\Windows\System\YNhmxKt.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\UAjRtHb.exe
  C:\Windows\System\UAjRtHb.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\axuHtkH.exe
  C:\Windows\System\axuHtkH.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\YlvKsFD.exe
  C:\Windows\System\YlvKsFD.exe
  2⤵
  - Executes dropped EXE
  PID:3552
- C:\Windows\System\EGVdoHL.exe
  C:\Windows\System\EGVdoHL.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\NmPkxBe.exe
  C:\Windows\System\NmPkxBe.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\NzrSIvu.exe
  C:\Windows\System\NzrSIvu.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\pqZlrbn.exe
  C:\Windows\System\pqZlrbn.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\dWsBfNL.exe
  C:\Windows\System\dWsBfNL.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\Cdfyeqj.exe
  C:\Windows\System\Cdfyeqj.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\svnLrsI.exe
  C:\Windows\System\svnLrsI.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\qlXfnZv.exe
  C:\Windows\System\qlXfnZv.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\UgrWNPq.exe
  C:\Windows\System\UgrWNPq.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\hxvwWNH.exe
  C:\Windows\System\hxvwWNH.exe
  2⤵
  - Executes dropped EXE
  PID:3412
- C:\Windows\System\LBIBDoF.exe
  C:\Windows\System\LBIBDoF.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\QZWPOKH.exe
  C:\Windows\System\QZWPOKH.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\KoWsxUE.exe
  C:\Windows\System\KoWsxUE.exe
  2⤵
  - Executes dropped EXE
  PID:3196
- C:\Windows\System\HBtwfZN.exe
  C:\Windows\System\HBtwfZN.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\DrAxWtJ.exe
  C:\Windows\System\DrAxWtJ.exe
  2⤵
  - Executes dropped EXE
  PID:3908
- C:\Windows\System\lbeZKRc.exe
  C:\Windows\System\lbeZKRc.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\rFhsPbZ.exe
  C:\Windows\System\rFhsPbZ.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\XAlnjIG.exe
  C:\Windows\System\XAlnjIG.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\roZCGBS.exe
  C:\Windows\System\roZCGBS.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\wpBCQXp.exe
  C:\Windows\System\wpBCQXp.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\FiRvtcp.exe
  C:\Windows\System\FiRvtcp.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\JUiDHMi.exe
  C:\Windows\System\JUiDHMi.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\JcKgJCT.exe
  C:\Windows\System\JcKgJCT.exe
  2⤵
  - Executes dropped EXE
  PID:3140
- C:\Windows\System\NnOyRnG.exe
  C:\Windows\System\NnOyRnG.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\kwqBxgc.exe
  C:\Windows\System\kwqBxgc.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\PqsLfXv.exe
  C:\Windows\System\PqsLfXv.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\qbTWoCy.exe
  C:\Windows\System\qbTWoCy.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\KdKpTwU.exe
  C:\Windows\System\KdKpTwU.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\lKmgxHO.exe
  C:\Windows\System\lKmgxHO.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\GknVLYx.exe
  C:\Windows\System\GknVLYx.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\tFVufnq.exe
  C:\Windows\System\tFVufnq.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\pIEXpsr.exe
  C:\Windows\System\pIEXpsr.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\wXUkcVq.exe
  C:\Windows\System\wXUkcVq.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\aVYtSbA.exe
  C:\Windows\System\aVYtSbA.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\AfZnpUi.exe
  C:\Windows\System\AfZnpUi.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\Fblpzwo.exe
  C:\Windows\System\Fblpzwo.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\OvoESPQ.exe
  C:\Windows\System\OvoESPQ.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\goxcYWY.exe
  C:\Windows\System\goxcYWY.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\OyNDeZK.exe
  C:\Windows\System\OyNDeZK.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\DnzmDke.exe
  C:\Windows\System\DnzmDke.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\ekaElqE.exe
  C:\Windows\System\ekaElqE.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\irfYNyy.exe
  C:\Windows\System\irfYNyy.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\AcdYphK.exe
  C:\Windows\System\AcdYphK.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\GEuqjvS.exe
  C:\Windows\System\GEuqjvS.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\akIGgyA.exe
  C:\Windows\System\akIGgyA.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\iuraZlG.exe
  C:\Windows\System\iuraZlG.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\oxQNItu.exe
  C:\Windows\System\oxQNItu.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\CDbEXLH.exe
  C:\Windows\System\CDbEXLH.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\dfsvsce.exe
  C:\Windows\System\dfsvsce.exe
  2⤵
  - Executes dropped EXE
  PID:4056
- C:\Windows\System\tbeRoJy.exe
  C:\Windows\System\tbeRoJy.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\unYjGFx.exe
  C:\Windows\System\unYjGFx.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\bEPTEpK.exe
  C:\Windows\System\bEPTEpK.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\AzhDWYc.exe
  C:\Windows\System\AzhDWYc.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\SyTdWOI.exe
  C:\Windows\System\SyTdWOI.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\SBjJOTY.exe
  C:\Windows\System\SBjJOTY.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ekYxUcr.exe
  C:\Windows\System\ekYxUcr.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\EISJZZQ.exe
  C:\Windows\System\EISJZZQ.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\xZYvevr.exe
  C:\Windows\System\xZYvevr.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\Srlnxnt.exe
  C:\Windows\System\Srlnxnt.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\VpLcNWN.exe
  C:\Windows\System\VpLcNWN.exe
  2⤵
  PID:2804
- C:\Windows\System\vXnAQFq.exe
  C:\Windows\System\vXnAQFq.exe
  2⤵
  PID:2064
- C:\Windows\System\tJyDINt.exe
  C:\Windows\System\tJyDINt.exe
  2⤵
  PID:4816
- C:\Windows\System\josKWXl.exe
  C:\Windows\System\josKWXl.exe
  2⤵
  PID:640
- C:\Windows\System\fDGclTZ.exe
  C:\Windows\System\fDGclTZ.exe
  2⤵
  PID:3296
- C:\Windows\System\HFkUaOh.exe
  C:\Windows\System\HFkUaOh.exe
  2⤵
  PID:3392
- C:\Windows\System\ZWNhHwh.exe
  C:\Windows\System\ZWNhHwh.exe
  2⤵
  PID:3144
- C:\Windows\System\ehVwjZX.exe
  C:\Windows\System\ehVwjZX.exe
  2⤵
  PID:4624
- C:\Windows\System\fKcXqDO.exe
  C:\Windows\System\fKcXqDO.exe
  2⤵
  PID:1312
- C:\Windows\System\BFluOHN.exe
  C:\Windows\System\BFluOHN.exe
  2⤵
  PID:3868
- C:\Windows\System\DNVKFlK.exe
  C:\Windows\System\DNVKFlK.exe
  2⤵
  PID:4876
- C:\Windows\System\GTfYwOi.exe
  C:\Windows\System\GTfYwOi.exe
  2⤵
  PID:4312
- C:\Windows\System\kJwWXDq.exe
  C:\Windows\System\kJwWXDq.exe
  2⤵
  PID:1980
- C:\Windows\System\Mokcfqj.exe
  C:\Windows\System\Mokcfqj.exe
  2⤵
  PID:1860
- C:\Windows\System\YOGLzQj.exe
  C:\Windows\System\YOGLzQj.exe
  2⤵
  PID:2060
- C:\Windows\System\fUvGBpl.exe
  C:\Windows\System\fUvGBpl.exe
  2⤵
  PID:3640
- C:\Windows\System\FgdXrru.exe
  C:\Windows\System\FgdXrru.exe
  2⤵
  PID:832
- C:\Windows\System\OjvAFMo.exe
  C:\Windows\System\OjvAFMo.exe
  2⤵
  PID:4580
- C:\Windows\System\MRrrQDE.exe
  C:\Windows\System\MRrrQDE.exe
  2⤵
  PID:2536
- C:\Windows\System\ZRisvLF.exe
  C:\Windows\System\ZRisvLF.exe
  2⤵
  PID:1164
- C:\Windows\System\RhYBQjN.exe
  C:\Windows\System\RhYBQjN.exe
  2⤵
  PID:4340
- C:\Windows\System\zEjFcfU.exe
  C:\Windows\System\zEjFcfU.exe
  2⤵
  PID:2936
- C:\Windows\System\fVeegCq.exe
  C:\Windows\System\fVeegCq.exe
  2⤵
  PID:3172
- C:\Windows\System\qvbliRG.exe
  C:\Windows\System\qvbliRG.exe
  2⤵
  PID:1804
- C:\Windows\System\PDKLvuJ.exe
  C:\Windows\System\PDKLvuJ.exe
  2⤵
  PID:5108
- C:\Windows\System\knAkagz.exe
  C:\Windows\System\knAkagz.exe
  2⤵
  PID:5080
- C:\Windows\System\ZdxiPyV.exe
  C:\Windows\System\ZdxiPyV.exe
  2⤵
  PID:1300
- C:\Windows\System\rCxANWy.exe
  C:\Windows\System\rCxANWy.exe
  2⤵
  PID:5148
- C:\Windows\System\qvsXKrU.exe
  C:\Windows\System\qvsXKrU.exe
  2⤵
  PID:5168
- C:\Windows\System\BuaCSmj.exe
  C:\Windows\System\BuaCSmj.exe
  2⤵
  PID:5196
- C:\Windows\System\CIUPqDQ.exe
  C:\Windows\System\CIUPqDQ.exe
  2⤵
  PID:5228
- C:\Windows\System\nKVgtPM.exe
  C:\Windows\System\nKVgtPM.exe
  2⤵
  PID:5256
- C:\Windows\System\QFYxgQC.exe
  C:\Windows\System\QFYxgQC.exe
  2⤵
  PID:5292
- C:\Windows\System\OYPpjPr.exe
  C:\Windows\System\OYPpjPr.exe
  2⤵
  PID:5320
- C:\Windows\System\NldqxXf.exe
  C:\Windows\System\NldqxXf.exe
  2⤵
  PID:5348
- C:\Windows\System\TLBIiPf.exe
  C:\Windows\System\TLBIiPf.exe
  2⤵
  PID:5376
- C:\Windows\System\IdHOoJs.exe
  C:\Windows\System\IdHOoJs.exe
  2⤵
  PID:5396
- C:\Windows\System\pxmRNsw.exe
  C:\Windows\System\pxmRNsw.exe
  2⤵
  PID:5428
- C:\Windows\System\VtGphRv.exe
  C:\Windows\System\VtGphRv.exe
  2⤵
  PID:5460
- C:\Windows\System\oxGjIwX.exe
  C:\Windows\System\oxGjIwX.exe
  2⤵
  PID:5488
- C:\Windows\System\ehoeTvX.exe
  C:\Windows\System\ehoeTvX.exe
  2⤵
  PID:5516
- C:\Windows\System\WNPbiwg.exe
  C:\Windows\System\WNPbiwg.exe
  2⤵
  PID:5544
- C:\Windows\System\WpAMUEY.exe
  C:\Windows\System\WpAMUEY.exe
  2⤵
  PID:5580
- C:\Windows\System\DvZsTSc.exe
  C:\Windows\System\DvZsTSc.exe
  2⤵
  PID:5608
- C:\Windows\System\obMrLTo.exe
  C:\Windows\System\obMrLTo.exe
  2⤵
  PID:5636
- C:\Windows\System\GmwCkMf.exe
  C:\Windows\System\GmwCkMf.exe
  2⤵
  PID:5668
- C:\Windows\System\vjgYptu.exe
  C:\Windows\System\vjgYptu.exe
  2⤵
  PID:5692
- C:\Windows\System\EpxeUGY.exe
  C:\Windows\System\EpxeUGY.exe
  2⤵
  PID:5728
- C:\Windows\System\MlWfKQo.exe
  C:\Windows\System\MlWfKQo.exe
  2⤵
  PID:5748
- C:\Windows\System\uQFNfgM.exe
  C:\Windows\System\uQFNfgM.exe
  2⤵
  PID:5784
- C:\Windows\System\tKQXiEZ.exe
  C:\Windows\System\tKQXiEZ.exe
  2⤵
  PID:5808
- C:\Windows\System\YSYWgky.exe
  C:\Windows\System\YSYWgky.exe
  2⤵
  PID:5836
- C:\Windows\System\TjapiZZ.exe
  C:\Windows\System\TjapiZZ.exe
  2⤵
  PID:5864
- C:\Windows\System\mSYuvpw.exe
  C:\Windows\System\mSYuvpw.exe
  2⤵
  PID:5892
- C:\Windows\System\lBXVisr.exe
  C:\Windows\System\lBXVisr.exe
  2⤵
  PID:5916
- C:\Windows\System\MzxVOqF.exe
  C:\Windows\System\MzxVOqF.exe
  2⤵
  PID:5952
- C:\Windows\System\hYpDriW.exe
  C:\Windows\System\hYpDriW.exe
  2⤵
  PID:5980
- C:\Windows\System\YfNVokc.exe
  C:\Windows\System\YfNVokc.exe
  2⤵
  PID:6008
- C:\Windows\System\DWYxcjM.exe
  C:\Windows\System\DWYxcjM.exe
  2⤵
  PID:6036
- C:\Windows\System\kLmBnCk.exe
  C:\Windows\System\kLmBnCk.exe
  2⤵
  PID:6064
- C:\Windows\System\lxxFhxQ.exe
  C:\Windows\System\lxxFhxQ.exe
  2⤵
  PID:6092
- C:\Windows\System\MnSmbBM.exe
  C:\Windows\System\MnSmbBM.exe
  2⤵
  PID:6124
- C:\Windows\System\CemxIUP.exe
  C:\Windows\System\CemxIUP.exe
  2⤵
  PID:5164
- C:\Windows\System\IkBykgV.exe
  C:\Windows\System\IkBykgV.exe
  2⤵
  PID:5208
- C:\Windows\System\lpbeByZ.exe
  C:\Windows\System\lpbeByZ.exe
  2⤵
  PID:5268
- C:\Windows\System\qhSjpla.exe
  C:\Windows\System\qhSjpla.exe
  2⤵
  PID:5308
- C:\Windows\System\nujGCCC.exe
  C:\Windows\System\nujGCCC.exe
  2⤵
  PID:5368
- C:\Windows\System\bquaATp.exe
  C:\Windows\System\bquaATp.exe
  2⤵
  PID:5416
- C:\Windows\System\jRnQaEc.exe
  C:\Windows\System\jRnQaEc.exe
  2⤵
  PID:5528
- C:\Windows\System\yywrtuy.exe
  C:\Windows\System\yywrtuy.exe
  2⤵
  PID:5564
- C:\Windows\System\EwDRjQR.exe
  C:\Windows\System\EwDRjQR.exe
  2⤵
  PID:5656
- C:\Windows\System\FwIjGiI.exe
  C:\Windows\System\FwIjGiI.exe
  2⤵
  PID:5736
- C:\Windows\System\dxTcela.exe
  C:\Windows\System\dxTcela.exe
  2⤵
  PID:5792
- C:\Windows\System\tJlKLfr.exe
  C:\Windows\System\tJlKLfr.exe
  2⤵
  PID:5828
- C:\Windows\System\tpeziLA.exe
  C:\Windows\System\tpeziLA.exe
  2⤵
  PID:5872
- C:\Windows\System\rlvInph.exe
  C:\Windows\System\rlvInph.exe
  2⤵
  PID:5964
- C:\Windows\System\oWjmqUM.exe
  C:\Windows\System\oWjmqUM.exe
  2⤵
  PID:6072
- C:\Windows\System\XopKaOL.exe
  C:\Windows\System\XopKaOL.exe
  2⤵
  PID:6112
- C:\Windows\System\fBNdlAO.exe
  C:\Windows\System\fBNdlAO.exe
  2⤵
  PID:5188
- C:\Windows\System\zDwUlhJ.exe
  C:\Windows\System\zDwUlhJ.exe
  2⤵
  PID:5304
- C:\Windows\System\wkbHtIL.exe
  C:\Windows\System\wkbHtIL.exe
  2⤵
  PID:5508
- C:\Windows\System\EvTuHac.exe
  C:\Windows\System\EvTuHac.exe
  2⤵
  PID:5652
- C:\Windows\System\KNejVge.exe
  C:\Windows\System\KNejVge.exe
  2⤵
  PID:5768
- C:\Windows\System\XZUztSA.exe
  C:\Windows\System\XZUztSA.exe
  2⤵
  PID:5932
- C:\Windows\System\bbZyYBJ.exe
  C:\Windows\System\bbZyYBJ.exe
  2⤵
  PID:5300
- C:\Windows\System\ZqoCBQd.exe
  C:\Windows\System\ZqoCBQd.exe
  2⤵
  PID:5720
- C:\Windows\System\vhvRTEk.exe
  C:\Windows\System\vhvRTEk.exe
  2⤵
  PID:5620
- C:\Windows\System\ffnvGLq.exe
  C:\Windows\System\ffnvGLq.exe
  2⤵
  PID:6152
- C:\Windows\System\ZIFPvFX.exe
  C:\Windows\System\ZIFPvFX.exe
  2⤵
  PID:6180
- C:\Windows\System\kSNXBrF.exe
  C:\Windows\System\kSNXBrF.exe
  2⤵
  PID:6212
- C:\Windows\System\TErmeyr.exe
  C:\Windows\System\TErmeyr.exe
  2⤵
  PID:6240
- C:\Windows\System\xKpLzvT.exe
  C:\Windows\System\xKpLzvT.exe
  2⤵
  PID:6268
- C:\Windows\System\TNYaCtt.exe
  C:\Windows\System\TNYaCtt.exe
  2⤵
  PID:6304
- C:\Windows\System\dvXyssI.exe
  C:\Windows\System\dvXyssI.exe
  2⤵
  PID:6332
- C:\Windows\System\MoJbPsC.exe
  C:\Windows\System\MoJbPsC.exe
  2⤵
  PID:6360
- C:\Windows\System\BCqoRsa.exe
  C:\Windows\System\BCqoRsa.exe
  2⤵
  PID:6388
- C:\Windows\System\JdbIqoV.exe
  C:\Windows\System\JdbIqoV.exe
  2⤵
  PID:6408
- C:\Windows\System\AnlvUJM.exe
  C:\Windows\System\AnlvUJM.exe
  2⤵
  PID:6444
- C:\Windows\System\qaNUieo.exe
  C:\Windows\System\qaNUieo.exe
  2⤵
  PID:6472
- C:\Windows\System\NUhBDbC.exe
  C:\Windows\System\NUhBDbC.exe
  2⤵
  PID:6496
- C:\Windows\System\lVpjGFM.exe
  C:\Windows\System\lVpjGFM.exe
  2⤵
  PID:6528
- C:\Windows\System\CentnEE.exe
  C:\Windows\System\CentnEE.exe
  2⤵
  PID:6556
- C:\Windows\System\sFgNBTx.exe
  C:\Windows\System\sFgNBTx.exe
  2⤵
  PID:6576
- C:\Windows\System\xIYJTKY.exe
  C:\Windows\System\xIYJTKY.exe
  2⤵
  PID:6612
- C:\Windows\System\PabEkHp.exe
  C:\Windows\System\PabEkHp.exe
  2⤵
  PID:6632
- C:\Windows\System\XLHvdAY.exe
  C:\Windows\System\XLHvdAY.exe
  2⤵
  PID:6648
- C:\Windows\System\kMuafCd.exe
  C:\Windows\System\kMuafCd.exe
  2⤵
  PID:6696
- C:\Windows\System\krZMKrJ.exe
  C:\Windows\System\krZMKrJ.exe
  2⤵
  PID:6716
- C:\Windows\System\hoGKNxy.exe
  C:\Windows\System\hoGKNxy.exe
  2⤵
  PID:6752
- C:\Windows\System\BmBrrSj.exe
  C:\Windows\System\BmBrrSj.exe
  2⤵
  PID:6776
- C:\Windows\System\ftVUKsr.exe
  C:\Windows\System\ftVUKsr.exe
  2⤵
  PID:6808
- C:\Windows\System\hbMhPJm.exe
  C:\Windows\System\hbMhPJm.exe
  2⤵
  PID:6828
- C:\Windows\System\hlHxiaY.exe
  C:\Windows\System\hlHxiaY.exe
  2⤵
  PID:6856
- C:\Windows\System\yIwORMI.exe
  C:\Windows\System\yIwORMI.exe
  2⤵
  PID:6884
- C:\Windows\System\uXKOSms.exe
  C:\Windows\System\uXKOSms.exe
  2⤵
  PID:6900
- C:\Windows\System\Hikvlns.exe
  C:\Windows\System\Hikvlns.exe
  2⤵
  PID:6940
- C:\Windows\System\VsojwGI.exe
  C:\Windows\System\VsojwGI.exe
  2⤵
  PID:6972
- C:\Windows\System\encpTmk.exe
  C:\Windows\System\encpTmk.exe
  2⤵
  PID:7000
- C:\Windows\System\MWhwCNl.exe
  C:\Windows\System\MWhwCNl.exe
  2⤵
  PID:7024
- C:\Windows\System\HvFRltx.exe
  C:\Windows\System\HvFRltx.exe
  2⤵
  PID:7052
- C:\Windows\System\HGoTTUd.exe
  C:\Windows\System\HGoTTUd.exe
  2⤵
  PID:7080
- C:\Windows\System\orfZtfE.exe
  C:\Windows\System\orfZtfE.exe
  2⤵
  PID:7112
- C:\Windows\System\tajeNfl.exe
  C:\Windows\System\tajeNfl.exe
  2⤵
  PID:7152
- C:\Windows\System\CNJMVVG.exe
  C:\Windows\System\CNJMVVG.exe
  2⤵
  PID:5392
- C:\Windows\System\tfQvMde.exe
  C:\Windows\System\tfQvMde.exe
  2⤵
  PID:6232
- C:\Windows\System\QevWaGP.exe
  C:\Windows\System\QevWaGP.exe
  2⤵
  PID:6292
- C:\Windows\System\lBlvTEx.exe
  C:\Windows\System\lBlvTEx.exe
  2⤵
  PID:6376
- C:\Windows\System\aGWSCoB.exe
  C:\Windows\System\aGWSCoB.exe
  2⤵
  PID:6488
- C:\Windows\System\wQbTRns.exe
  C:\Windows\System\wQbTRns.exe
  2⤵
  PID:6564
- C:\Windows\System\ztgkmpT.exe
  C:\Windows\System\ztgkmpT.exe
  2⤵
  PID:6624
- C:\Windows\System\OHmMbqY.exe
  C:\Windows\System\OHmMbqY.exe
  2⤵
  PID:6740
- C:\Windows\System\mTRYLbD.exe
  C:\Windows\System\mTRYLbD.exe
  2⤵
  PID:6816
- C:\Windows\System\UFuCuTS.exe
  C:\Windows\System\UFuCuTS.exe
  2⤵
  PID:220
- C:\Windows\System\EaARZeF.exe
  C:\Windows\System\EaARZeF.exe
  2⤵
  PID:6928
- C:\Windows\System\KFhlvFv.exe
  C:\Windows\System\KFhlvFv.exe
  2⤵
  PID:6992
- C:\Windows\System\MvKDUBF.exe
  C:\Windows\System\MvKDUBF.exe
  2⤵
  PID:7100
- C:\Windows\System\FriFIXU.exe
  C:\Windows\System\FriFIXU.exe
  2⤵
  PID:6196
- C:\Windows\System\DueXgSF.exe
  C:\Windows\System\DueXgSF.exe
  2⤵
  PID:6228
- C:\Windows\System\whsFDID.exe
  C:\Windows\System\whsFDID.exe
  2⤵
  PID:6544
- C:\Windows\System\bCMgaET.exe
  C:\Windows\System\bCMgaET.exe
  2⤵
  PID:6728
- C:\Windows\System\EzxcZHG.exe
  C:\Windows\System\EzxcZHG.exe
  2⤵
  PID:6220
- C:\Windows\System\WynHHDw.exe
  C:\Windows\System\WynHHDw.exe
  2⤵
  PID:6348
- C:\Windows\System\kfsWxkm.exe
  C:\Windows\System\kfsWxkm.exe
  2⤵
  PID:6340
- C:\Windows\System\RffMxfh.exe
  C:\Windows\System\RffMxfh.exe
  2⤵
  PID:7176
- C:\Windows\System\qcZyrOO.exe
  C:\Windows\System\qcZyrOO.exe
  2⤵
  PID:7204
- C:\Windows\System\DDdlgow.exe
  C:\Windows\System\DDdlgow.exe
  2⤵
  PID:7248
- C:\Windows\System\RSgUJDt.exe
  C:\Windows\System\RSgUJDt.exe
  2⤵
  PID:7284
- C:\Windows\System\sQXakGl.exe
  C:\Windows\System\sQXakGl.exe
  2⤵
  PID:7304
- C:\Windows\System\dXXJUBS.exe
  C:\Windows\System\dXXJUBS.exe
  2⤵
  PID:7344
- C:\Windows\System\HquesGA.exe
  C:\Windows\System\HquesGA.exe
  2⤵
  PID:7376
- C:\Windows\System\RYUsDjk.exe
  C:\Windows\System\RYUsDjk.exe
  2⤵
  PID:7392
- C:\Windows\System\hzVuloa.exe
  C:\Windows\System\hzVuloa.exe
  2⤵
  PID:7408
- C:\Windows\System\SLHzLKf.exe
  C:\Windows\System\SLHzLKf.exe
  2⤵
  PID:7444
- C:\Windows\System\hUUXgJX.exe
  C:\Windows\System\hUUXgJX.exe
  2⤵
  PID:7480
- C:\Windows\System\WOsQQeS.exe
  C:\Windows\System\WOsQQeS.exe
  2⤵
  PID:7512
- C:\Windows\System\WYIWZUm.exe
  C:\Windows\System\WYIWZUm.exe
  2⤵
  PID:7540
- C:\Windows\System\iHKHdam.exe
  C:\Windows\System\iHKHdam.exe
  2⤵
  PID:7572
- C:\Windows\System\tXricHz.exe
  C:\Windows\System\tXricHz.exe
  2⤵
  PID:7608
- C:\Windows\System\hqCzhRL.exe
  C:\Windows\System\hqCzhRL.exe
  2⤵
  PID:7636
- C:\Windows\System\AWllFrU.exe
  C:\Windows\System\AWllFrU.exe
  2⤵
  PID:7664
- C:\Windows\System\VnhDChi.exe
  C:\Windows\System\VnhDChi.exe
  2⤵
  PID:7680
- C:\Windows\System\XDCvoWp.exe
  C:\Windows\System\XDCvoWp.exe
  2⤵
  PID:7720
- C:\Windows\System\nZnETmm.exe
  C:\Windows\System\nZnETmm.exe
  2⤵
  PID:7752
- C:\Windows\System\FQZtkAM.exe
  C:\Windows\System\FQZtkAM.exe
  2⤵
  PID:7780
- C:\Windows\System\PvNZoYF.exe
  C:\Windows\System\PvNZoYF.exe
  2⤵
  PID:7804
- C:\Windows\System\NtRpGNd.exe
  C:\Windows\System\NtRpGNd.exe
  2⤵
  PID:7844
- C:\Windows\System\FXnNyCo.exe
  C:\Windows\System\FXnNyCo.exe
  2⤵
  PID:7872
- C:\Windows\System\bsJoEPy.exe
  C:\Windows\System\bsJoEPy.exe
  2⤵
  PID:7912
- C:\Windows\System\jJLsSbA.exe
  C:\Windows\System\jJLsSbA.exe
  2⤵
  PID:7940
- C:\Windows\System\FqKFAuA.exe
  C:\Windows\System\FqKFAuA.exe
  2⤵
  PID:7968
- C:\Windows\System\gPNdhix.exe
  C:\Windows\System\gPNdhix.exe
  2⤵
  PID:7996
- C:\Windows\System\khSEacY.exe
  C:\Windows\System\khSEacY.exe
  2⤵
  PID:8024
- C:\Windows\System\xJrfrCx.exe
  C:\Windows\System\xJrfrCx.exe
  2⤵
  PID:8060
- C:\Windows\System\PiHsklG.exe
  C:\Windows\System\PiHsklG.exe
  2⤵
  PID:8084
- C:\Windows\System\SWGkglL.exe
  C:\Windows\System\SWGkglL.exe
  2⤵
  PID:8112
- C:\Windows\System\wtwuQrk.exe
  C:\Windows\System\wtwuQrk.exe
  2⤵
  PID:8140
- C:\Windows\System\FMfakkq.exe
  C:\Windows\System\FMfakkq.exe
  2⤵
  PID:8172
- C:\Windows\System\AVdMCGU.exe
  C:\Windows\System\AVdMCGU.exe
  2⤵
  PID:6452
- C:\Windows\System\gsPGtaD.exe
  C:\Windows\System\gsPGtaD.exe
  2⤵
  PID:7188
- C:\Windows\System\ygsQrLn.exe
  C:\Windows\System\ygsQrLn.exe
  2⤵
  PID:7300
- C:\Windows\System\gCzKJRT.exe
  C:\Windows\System\gCzKJRT.exe
  2⤵
  PID:7372
- C:\Windows\System\NHXDIMe.exe
  C:\Windows\System\NHXDIMe.exe
  2⤵
  PID:7428
- C:\Windows\System\OCKHWiL.exe
  C:\Windows\System\OCKHWiL.exe
  2⤵
  PID:7496
- C:\Windows\System\vUuHAQF.exe
  C:\Windows\System\vUuHAQF.exe
  2⤵
  PID:7564
- C:\Windows\System\jjarcOm.exe
  C:\Windows\System\jjarcOm.exe
  2⤵
  PID:7604
- C:\Windows\System\lpDWZAg.exe
  C:\Windows\System\lpDWZAg.exe
  2⤵
  PID:7708
- C:\Windows\System\wzpxxCF.exe
  C:\Windows\System\wzpxxCF.exe
  2⤵
  PID:7768
- C:\Windows\System\OltOIRT.exe
  C:\Windows\System\OltOIRT.exe
  2⤵
  PID:7828
- C:\Windows\System\GNlmTfv.exe
  C:\Windows\System\GNlmTfv.exe
  2⤵
  PID:7928
- C:\Windows\System\rnPeeLv.exe
  C:\Windows\System\rnPeeLv.exe
  2⤵
  PID:7980
- C:\Windows\System\sHMUzyl.exe
  C:\Windows\System\sHMUzyl.exe
  2⤵
  PID:8052
- C:\Windows\System\ONiwruF.exe
  C:\Windows\System\ONiwruF.exe
  2⤵
  PID:8124
- C:\Windows\System\dVQIjwt.exe
  C:\Windows\System\dVQIjwt.exe
  2⤵
  PID:8156
- C:\Windows\System\dpXjibM.exe
  C:\Windows\System\dpXjibM.exe
  2⤵
  PID:6664
- C:\Windows\System\aabKrcO.exe
  C:\Windows\System\aabKrcO.exe
  2⤵
  PID:7400
- C:\Windows\System\AajzHEX.exe
  C:\Windows\System\AajzHEX.exe
  2⤵
  PID:7600
- C:\Windows\System\uETlBhx.exe
  C:\Windows\System\uETlBhx.exe
  2⤵
  PID:7736
- C:\Windows\System\hkbbXfK.exe
  C:\Windows\System\hkbbXfK.exe
  2⤵
  PID:7904
- C:\Windows\System\PMgtxGk.exe
  C:\Windows\System\PMgtxGk.exe
  2⤵
  PID:8008
- C:\Windows\System\Fnmdyzq.exe
  C:\Windows\System\Fnmdyzq.exe
  2⤵
  PID:8164
- C:\Windows\System\MLlCjFx.exe
  C:\Windows\System\MLlCjFx.exe
  2⤵
  PID:7404
- C:\Windows\System\CrmZAQL.exe
  C:\Windows\System\CrmZAQL.exe
  2⤵
  PID:7868
- C:\Windows\System\FPdtXDN.exe
  C:\Windows\System\FPdtXDN.exe
  2⤵
  PID:8020
- C:\Windows\System\CecEmAH.exe
  C:\Windows\System\CecEmAH.exe
  2⤵
  PID:3136
- C:\Windows\System\OoEsClF.exe
  C:\Windows\System\OoEsClF.exe
  2⤵
  PID:4768
- C:\Windows\System\QCUrwgM.exe
  C:\Windows\System\QCUrwgM.exe
  2⤵
  PID:3132
- C:\Windows\System\hzXYGAB.exe
  C:\Windows\System\hzXYGAB.exe
  2⤵
  PID:7988
- C:\Windows\System\IwhKwkl.exe
  C:\Windows\System\IwhKwkl.exe
  2⤵
  PID:1656
- C:\Windows\System\ICoxgsr.exe
  C:\Windows\System\ICoxgsr.exe
  2⤵
  PID:1476
- C:\Windows\System\DIuyRLw.exe
  C:\Windows\System\DIuyRLw.exe
  2⤵
  PID:8208
- C:\Windows\System\BUkvYRA.exe
  C:\Windows\System\BUkvYRA.exe
  2⤵
  PID:8240
- C:\Windows\System\AaFMgGf.exe
  C:\Windows\System\AaFMgGf.exe
  2⤵
  PID:8264
- C:\Windows\System\cPcWKHf.exe
  C:\Windows\System\cPcWKHf.exe
  2⤵
  PID:8292
- C:\Windows\System\seQiUsW.exe
  C:\Windows\System\seQiUsW.exe
  2⤵
  PID:8308
- C:\Windows\System\ntaHQmO.exe
  C:\Windows\System\ntaHQmO.exe
  2⤵
  PID:8336
- C:\Windows\System\YoeGHQG.exe
  C:\Windows\System\YoeGHQG.exe
  2⤵
  PID:8376
- C:\Windows\System\mJJLxCN.exe
  C:\Windows\System\mJJLxCN.exe
  2⤵
  PID:8408
- C:\Windows\System\HgVZZKq.exe
  C:\Windows\System\HgVZZKq.exe
  2⤵
  PID:8432
- C:\Windows\System\pmqAiow.exe
  C:\Windows\System\pmqAiow.exe
  2⤵
  PID:8456
- C:\Windows\System\aqQpNaz.exe
  C:\Windows\System\aqQpNaz.exe
  2⤵
  PID:8488
- C:\Windows\System\GWexjCI.exe
  C:\Windows\System\GWexjCI.exe
  2⤵
  PID:8540
- C:\Windows\System\HdcJNiF.exe
  C:\Windows\System\HdcJNiF.exe
  2⤵
  PID:8580
- C:\Windows\System\CLfeDPy.exe
  C:\Windows\System\CLfeDPy.exe
  2⤵
  PID:8612
- C:\Windows\System\YrGYjJS.exe
  C:\Windows\System\YrGYjJS.exe
  2⤵
  PID:8640
- C:\Windows\System\grMSevK.exe
  C:\Windows\System\grMSevK.exe
  2⤵
  PID:8668
- C:\Windows\System\MvQITJm.exe
  C:\Windows\System\MvQITJm.exe
  2⤵
  PID:8696
- C:\Windows\System\yHnezCU.exe
  C:\Windows\System\yHnezCU.exe
  2⤵
  PID:8728
- C:\Windows\System\dHGtDlX.exe
  C:\Windows\System\dHGtDlX.exe
  2⤵
  PID:8760
- C:\Windows\System\ydDtMBa.exe
  C:\Windows\System\ydDtMBa.exe
  2⤵
  PID:8784
- C:\Windows\System\AzjVGqV.exe
  C:\Windows\System\AzjVGqV.exe
  2⤵
  PID:8812
- C:\Windows\System\igZYwii.exe
  C:\Windows\System\igZYwii.exe
  2⤵
  PID:8840
- C:\Windows\System\ykwJxKP.exe
  C:\Windows\System\ykwJxKP.exe
  2⤵
  PID:8872
- C:\Windows\System\uvSVxQe.exe
  C:\Windows\System\uvSVxQe.exe
  2⤵
  PID:8896
- C:\Windows\System\UJCcVbd.exe
  C:\Windows\System\UJCcVbd.exe
  2⤵
  PID:8912
- C:\Windows\System\BizuzYm.exe
  C:\Windows\System\BizuzYm.exe
  2⤵
  PID:8952
- C:\Windows\System\muPnnmQ.exe
  C:\Windows\System\muPnnmQ.exe
  2⤵
  PID:8980
- C:\Windows\System\JvhuAZH.exe
  C:\Windows\System\JvhuAZH.exe
  2⤵
  PID:9008
- C:\Windows\System\EkYZGVn.exe
  C:\Windows\System\EkYZGVn.exe
  2⤵
  PID:9036
- C:\Windows\System\MqnrrOw.exe
  C:\Windows\System\MqnrrOw.exe
  2⤵
  PID:9060
- C:\Windows\System\nceIUvm.exe
  C:\Windows\System\nceIUvm.exe
  2⤵
  PID:9088
- C:\Windows\System\wdgWGvO.exe
  C:\Windows\System\wdgWGvO.exe
  2⤵
  PID:9124
- C:\Windows\System\eKcACnA.exe
  C:\Windows\System\eKcACnA.exe
  2⤵
  PID:9156
- C:\Windows\System\aCawQWe.exe
  C:\Windows\System\aCawQWe.exe
  2⤵
  PID:9176
- C:\Windows\System\HRdECbB.exe
  C:\Windows\System\HRdECbB.exe
  2⤵
  PID:9204
- C:\Windows\System\cQtINPu.exe
  C:\Windows\System\cQtINPu.exe
  2⤵
  PID:8196
- C:\Windows\System\LOfpPar.exe
  C:\Windows\System\LOfpPar.exe
  2⤵
  PID:8304
- C:\Windows\System\AEfhUsa.exe
  C:\Windows\System\AEfhUsa.exe
  2⤵
  PID:8360
- C:\Windows\System\JxRaVtS.exe
  C:\Windows\System\JxRaVtS.exe
  2⤵
  PID:8448
- C:\Windows\System\zCECTKC.exe
  C:\Windows\System\zCECTKC.exe
  2⤵
  PID:8504
- C:\Windows\System\wKKhgPU.exe
  C:\Windows\System\wKKhgPU.exe
  2⤵
  PID:8608
- C:\Windows\System\UBUFEPW.exe
  C:\Windows\System\UBUFEPW.exe
  2⤵
  PID:8652
- C:\Windows\System\iztdkFp.exe
  C:\Windows\System\iztdkFp.exe
  2⤵
  PID:8752
- C:\Windows\System\ZxZHFAJ.exe
  C:\Windows\System\ZxZHFAJ.exe
  2⤵
  PID:8804
- C:\Windows\System\Rmchzsp.exe
  C:\Windows\System\Rmchzsp.exe
  2⤵
  PID:8880
- C:\Windows\System\WfYhdsf.exe
  C:\Windows\System\WfYhdsf.exe
  2⤵
  PID:8892
- C:\Windows\System\LQsIXnB.exe
  C:\Windows\System\LQsIXnB.exe
  2⤵
  PID:9004
- C:\Windows\System\KRlNqqz.exe
  C:\Windows\System\KRlNqqz.exe
  2⤵
  PID:9072
- C:\Windows\System\wFhLhIN.exe
  C:\Windows\System\wFhLhIN.exe
  2⤵
  PID:8200
- C:\Windows\System\PJfXuxw.exe
  C:\Windows\System\PJfXuxw.exe
  2⤵
  PID:9184
- C:\Windows\System\JHGxEua.exe
  C:\Windows\System\JHGxEua.exe
  2⤵
  PID:8288
- C:\Windows\System\lhyirRA.exe
  C:\Windows\System\lhyirRA.exe
  2⤵
  PID:8508
- C:\Windows\System\xKjNixg.exe
  C:\Windows\System\xKjNixg.exe
  2⤵
  PID:8628
- C:\Windows\System\PCacoAj.exe
  C:\Windows\System\PCacoAj.exe
  2⤵
  PID:8808
- C:\Windows\System\qPcNeYU.exe
  C:\Windows\System\qPcNeYU.exe
  2⤵
  PID:8944
- C:\Windows\System\PiFCqBo.exe
  C:\Windows\System\PiFCqBo.exe
  2⤵
  PID:9032
- C:\Windows\System\SFsdXkx.exe
  C:\Windows\System\SFsdXkx.exe
  2⤵
  PID:8284
- C:\Windows\System\eBwvRRY.exe
  C:\Windows\System\eBwvRRY.exe
  2⤵
  PID:8740
- C:\Windows\System\ZsxnkkJ.exe
  C:\Windows\System\ZsxnkkJ.exe
  2⤵
  PID:8976
- C:\Windows\System\dOulTWQ.exe
  C:\Windows\System\dOulTWQ.exe
  2⤵
  PID:8632
- C:\Windows\System\UWygHue.exe
  C:\Windows\System\UWygHue.exe
  2⤵
  PID:9196
- C:\Windows\System\deSxHlt.exe
  C:\Windows\System\deSxHlt.exe
  2⤵
  PID:9244
- C:\Windows\System\MKExpId.exe
  C:\Windows\System\MKExpId.exe
  2⤵
  PID:9272
- C:\Windows\System\guLPRDm.exe
  C:\Windows\System\guLPRDm.exe
  2⤵
  PID:9288
- C:\Windows\System\ZaktdOs.exe
  C:\Windows\System\ZaktdOs.exe
  2⤵
  PID:9316
- C:\Windows\System\jWJAKZT.exe
  C:\Windows\System\jWJAKZT.exe
  2⤵
  PID:9344
- C:\Windows\System\rSQqmrw.exe
  C:\Windows\System\rSQqmrw.exe
  2⤵
  PID:9384
- C:\Windows\System\RDGgQkg.exe
  C:\Windows\System\RDGgQkg.exe
  2⤵
  PID:9400
- C:\Windows\System\QXCupqV.exe
  C:\Windows\System\QXCupqV.exe
  2⤵
  PID:9428
- C:\Windows\System\gQblebG.exe
  C:\Windows\System\gQblebG.exe
  2⤵
  PID:9468
- C:\Windows\System\TuQsIyz.exe
  C:\Windows\System\TuQsIyz.exe
  2⤵
  PID:9496
- C:\Windows\System\JObOsMx.exe
  C:\Windows\System\JObOsMx.exe
  2⤵
  PID:9524
- C:\Windows\System\KANFedc.exe
  C:\Windows\System\KANFedc.exe
  2⤵
  PID:9560
- C:\Windows\System\SimRzcX.exe
  C:\Windows\System\SimRzcX.exe
  2⤵
  PID:9580
- C:\Windows\System\GWkbWFr.exe
  C:\Windows\System\GWkbWFr.exe
  2⤵
  PID:9608
- C:\Windows\System\PxUUocy.exe
  C:\Windows\System\PxUUocy.exe
  2⤵
  PID:9640
- C:\Windows\System\deNNrWw.exe
  C:\Windows\System\deNNrWw.exe
  2⤵
  PID:9668
- C:\Windows\System\FzpNPpQ.exe
  C:\Windows\System\FzpNPpQ.exe
  2⤵
  PID:9700
- C:\Windows\System\RcthdZV.exe
  C:\Windows\System\RcthdZV.exe
  2⤵
  PID:9724
- C:\Windows\System\PPmUDZs.exe
  C:\Windows\System\PPmUDZs.exe
  2⤵
  PID:9752
- C:\Windows\System\ZshPSnP.exe
  C:\Windows\System\ZshPSnP.exe
  2⤵
  PID:9780
- C:\Windows\System\tvGRhMW.exe
  C:\Windows\System\tvGRhMW.exe
  2⤵
  PID:9796
- C:\Windows\System\UAeBvzg.exe
  C:\Windows\System\UAeBvzg.exe
  2⤵
  PID:9828
- C:\Windows\System\FgIHINv.exe
  C:\Windows\System\FgIHINv.exe
  2⤵
  PID:9864
- C:\Windows\System\hAVtPYb.exe
  C:\Windows\System\hAVtPYb.exe
  2⤵
  PID:9892
- C:\Windows\System\ejTnAWS.exe
  C:\Windows\System\ejTnAWS.exe
  2⤵
  PID:9912
- C:\Windows\System\yNtkRgd.exe
  C:\Windows\System\yNtkRgd.exe
  2⤵
  PID:9936
- C:\Windows\System\EbJdWuu.exe
  C:\Windows\System\EbJdWuu.exe
  2⤵
  PID:9956
- C:\Windows\System\tehxKHJ.exe
  C:\Windows\System\tehxKHJ.exe
  2⤵
  PID:10004
- C:\Windows\System\beLlLCv.exe
  C:\Windows\System\beLlLCv.exe
  2⤵
  PID:10032
- C:\Windows\System\wdnexFz.exe
  C:\Windows\System\wdnexFz.exe
  2⤵
  PID:10056
- C:\Windows\System\OOemVTu.exe
  C:\Windows\System\OOemVTu.exe
  2⤵
  PID:10088
- C:\Windows\System\sQGFFhi.exe
  C:\Windows\System\sQGFFhi.exe
  2⤵
  PID:10116
- C:\Windows\System\iskyLHA.exe
  C:\Windows\System\iskyLHA.exe
  2⤵
  PID:10144
- C:\Windows\System\cIfYMCo.exe
  C:\Windows\System\cIfYMCo.exe
  2⤵
  PID:10160
- C:\Windows\System\uJJLqWE.exe
  C:\Windows\System\uJJLqWE.exe
  2⤵
  PID:10200
- C:\Windows\System\esdBhXc.exe
  C:\Windows\System\esdBhXc.exe
  2⤵
  PID:10228
- C:\Windows\System\GMTUdHB.exe
  C:\Windows\System\GMTUdHB.exe
  2⤵
  PID:9232
- C:\Windows\System\UZtwWoB.exe
  C:\Windows\System\UZtwWoB.exe
  2⤵
  PID:9336
- C:\Windows\System\hfNXosR.exe
  C:\Windows\System\hfNXosR.exe
  2⤵
  PID:9412
- C:\Windows\System\xPPWeFt.exe
  C:\Windows\System\xPPWeFt.exe
  2⤵
  PID:9440
- C:\Windows\System\IdlLmqv.exe
  C:\Windows\System\IdlLmqv.exe
  2⤵
  PID:9568
- C:\Windows\System\vLfnKRO.exe
  C:\Windows\System\vLfnKRO.exe
  2⤵
  PID:9656
- C:\Windows\System\eobJaRP.exe
  C:\Windows\System\eobJaRP.exe
  2⤵
  PID:9720
- C:\Windows\System\MlyNzKp.exe
  C:\Windows\System\MlyNzKp.exe
  2⤵
  PID:9788
- C:\Windows\System\SotwyvH.exe
  C:\Windows\System\SotwyvH.exe
  2⤵
  PID:9856
- C:\Windows\System\pJsHqCV.exe
  C:\Windows\System\pJsHqCV.exe
  2⤵
  PID:9932
- C:\Windows\System\ksWVWfL.exe
  C:\Windows\System\ksWVWfL.exe
  2⤵
  PID:10000
- C:\Windows\System\yNlwqbK.exe
  C:\Windows\System\yNlwqbK.exe
  2⤵
  PID:10080
- C:\Windows\System\DmHOnrQ.exe
  C:\Windows\System\DmHOnrQ.exe
  2⤵
  PID:9236
- C:\Windows\System\ZMkimrt.exe
  C:\Windows\System\ZMkimrt.exe
  2⤵
  PID:9448
- C:\Windows\System\KERZuYw.exe
  C:\Windows\System\KERZuYw.exe
  2⤵
  PID:9652
- C:\Windows\System\sSlZjvD.exe
  C:\Windows\System\sSlZjvD.exe
  2⤵
  PID:9844
- C:\Windows\System\hlopcsK.exe
  C:\Windows\System\hlopcsK.exe
  2⤵
  PID:10048
- C:\Windows\System\aQArjca.exe
  C:\Windows\System\aQArjca.exe
  2⤵
  PID:9596
- C:\Windows\System\mOMQQoL.exe
  C:\Windows\System\mOMQQoL.exe
  2⤵
  PID:9692
- C:\Windows\System\EZTGFra.exe
  C:\Windows\System\EZTGFra.exe
  2⤵
  PID:9716
- C:\Windows\System\WbVLUXL.exe
  C:\Windows\System\WbVLUXL.exe
  2⤵
  PID:10272
- C:\Windows\System\ZYsaVvl.exe
  C:\Windows\System\ZYsaVvl.exe
  2⤵
  PID:10312
- C:\Windows\System\MsoqfMl.exe
  C:\Windows\System\MsoqfMl.exe
  2⤵
  PID:10332
- C:\Windows\System\LzvbNfw.exe
  C:\Windows\System\LzvbNfw.exe
  2⤵
  PID:10356
- C:\Windows\System\tzZvbib.exe
  C:\Windows\System\tzZvbib.exe
  2⤵
  PID:10388
- C:\Windows\System\aBOiXNB.exe
  C:\Windows\System\aBOiXNB.exe
  2⤵
  PID:10412
- C:\Windows\System\FJeEKVS.exe
  C:\Windows\System\FJeEKVS.exe
  2⤵
  PID:10452
- C:\Windows\System\QYEgqBy.exe
  C:\Windows\System\QYEgqBy.exe
  2⤵
  PID:10488
- C:\Windows\System\MUeBOHs.exe
  C:\Windows\System\MUeBOHs.exe
  2⤵
  PID:10508
- C:\Windows\System\pvaGzeS.exe
  C:\Windows\System\pvaGzeS.exe
  2⤵
  PID:10536
- C:\Windows\System\YpFpjTg.exe
  C:\Windows\System\YpFpjTg.exe
  2⤵
  PID:10564
- C:\Windows\System\nFAlzHQ.exe
  C:\Windows\System\nFAlzHQ.exe
  2⤵
  PID:10592
- C:\Windows\System\VFhfjAy.exe
  C:\Windows\System\VFhfjAy.exe
  2⤵
  PID:10620
- C:\Windows\System\hpmspYn.exe
  C:\Windows\System\hpmspYn.exe
  2⤵
  PID:10648
- C:\Windows\System\rIvkJwV.exe
  C:\Windows\System\rIvkJwV.exe
  2⤵
  PID:10676
- C:\Windows\System\TEstDGP.exe
  C:\Windows\System\TEstDGP.exe
  2⤵
  PID:10704
- C:\Windows\System\ATlXdHQ.exe
  C:\Windows\System\ATlXdHQ.exe
  2⤵
  PID:10732
- C:\Windows\System\pwNoQbs.exe
  C:\Windows\System\pwNoQbs.exe
  2⤵
  PID:10764
- C:\Windows\System\EluBter.exe
  C:\Windows\System\EluBter.exe
  2⤵
  PID:10788
- C:\Windows\System\axGKKiL.exe
  C:\Windows\System\axGKKiL.exe
  2⤵
  PID:10820
- C:\Windows\System\sGFoCfi.exe
  C:\Windows\System\sGFoCfi.exe
  2⤵
  PID:10848
- C:\Windows\System\sATNIkt.exe
  C:\Windows\System\sATNIkt.exe
  2⤵
  PID:10876
- C:\Windows\System\ZplCZps.exe
  C:\Windows\System\ZplCZps.exe
  2⤵
  PID:10904
- C:\Windows\System\VeBguvK.exe
  C:\Windows\System\VeBguvK.exe
  2⤵
  PID:10932
- C:\Windows\System\UtynJQP.exe
  C:\Windows\System\UtynJQP.exe
  2⤵
  PID:10960
- C:\Windows\System\Eqazywj.exe
  C:\Windows\System\Eqazywj.exe
  2⤵
  PID:10988
- C:\Windows\System\kRNaiIU.exe
  C:\Windows\System\kRNaiIU.exe
  2⤵
  PID:11016
- C:\Windows\System\wdUcHIY.exe
  C:\Windows\System\wdUcHIY.exe
  2⤵
  PID:11044
- C:\Windows\System\qPimbFs.exe
  C:\Windows\System\qPimbFs.exe
  2⤵
  PID:11072
- C:\Windows\System\mzHdceg.exe
  C:\Windows\System\mzHdceg.exe
  2⤵
  PID:11100
- C:\Windows\System\avmSmAM.exe
  C:\Windows\System\avmSmAM.exe
  2⤵
  PID:11128
- C:\Windows\System\KDjIhij.exe
  C:\Windows\System\KDjIhij.exe
  2⤵
  PID:11156
- C:\Windows\System\URSiMTk.exe
  C:\Windows\System\URSiMTk.exe
  2⤵
  PID:11184
- C:\Windows\System\rOsoUhi.exe
  C:\Windows\System\rOsoUhi.exe
  2⤵
  PID:11200
- C:\Windows\System\FKxVTco.exe
  C:\Windows\System\FKxVTco.exe
  2⤵
  PID:11240
- C:\Windows\System\GyCQehy.exe
  C:\Windows\System\GyCQehy.exe
  2⤵
  PID:10212
- C:\Windows\System\XzdJvVg.exe
  C:\Windows\System\XzdJvVg.exe
  2⤵
  PID:10300
- C:\Windows\System\ikYtNJE.exe
  C:\Windows\System\ikYtNJE.exe
  2⤵
  PID:10376
- C:\Windows\System\gZZowQZ.exe
  C:\Windows\System\gZZowQZ.exe
  2⤵
  PID:10436
- C:\Windows\System\knUwOCX.exe
  C:\Windows\System\knUwOCX.exe
  2⤵
  PID:10500
- C:\Windows\System\etOUAmy.exe
  C:\Windows\System\etOUAmy.exe
  2⤵
  PID:10548
- C:\Windows\System\FAtOWsC.exe
  C:\Windows\System\FAtOWsC.exe
  2⤵
  PID:10640
- C:\Windows\System\PIRvfuN.exe
  C:\Windows\System\PIRvfuN.exe
  2⤵
  PID:10700
- C:\Windows\System\bDhAvts.exe
  C:\Windows\System\bDhAvts.exe
  2⤵
  PID:10772
- C:\Windows\System\kwmxqUY.exe
  C:\Windows\System\kwmxqUY.exe
  2⤵
  PID:10840
- C:\Windows\System\DnevvCn.exe
  C:\Windows\System\DnevvCn.exe
  2⤵
  PID:10896
- C:\Windows\System\PLjgnLY.exe
  C:\Windows\System\PLjgnLY.exe
  2⤵
  PID:10956
- C:\Windows\System\prLfjxu.exe
  C:\Windows\System\prLfjxu.exe
  2⤵
  PID:11028
- C:\Windows\System\kdeIORW.exe
  C:\Windows\System\kdeIORW.exe
  2⤵
  PID:11092
- C:\Windows\System\fCSqKbT.exe
  C:\Windows\System\fCSqKbT.exe
  2⤵
  PID:11152
- C:\Windows\System\sVlgbSW.exe
  C:\Windows\System\sVlgbSW.exe
  2⤵
  PID:11216
- C:\Windows\System\dodTQDa.exe
  C:\Windows\System\dodTQDa.exe
  2⤵
  PID:10268
- C:\Windows\System\kaNXzls.exe
  C:\Windows\System\kaNXzls.exe
  2⤵
  PID:10424
- C:\Windows\System\fMAQlcY.exe
  C:\Windows\System\fMAQlcY.exe
  2⤵
  PID:10576
- C:\Windows\System\ppdeOql.exe
  C:\Windows\System\ppdeOql.exe
  2⤵
  PID:10724
- C:\Windows\System\SlmfVyV.exe
  C:\Windows\System\SlmfVyV.exe
  2⤵
  PID:10832
- C:\Windows\System\sYuuXee.exe
  C:\Windows\System\sYuuXee.exe
  2⤵
  PID:11012
- C:\Windows\System\UAuZRhu.exe
  C:\Windows\System\UAuZRhu.exe
  2⤵
  PID:11120
- C:\Windows\System\xZuNTAr.exe
  C:\Windows\System\xZuNTAr.exe
  2⤵
  PID:10320
- C:\Windows\System\ZELMglk.exe
  C:\Windows\System\ZELMglk.exe
  2⤵
  PID:10692
- C:\Windows\System\JJsJaqI.exe
  C:\Windows\System\JJsJaqI.exe
  2⤵
  PID:10872
- C:\Windows\System\RiLoKzB.exe
  C:\Windows\System\RiLoKzB.exe
  2⤵
  PID:10688
- C:\Windows\System\zEnFcaO.exe
  C:\Windows\System\zEnFcaO.exe
  2⤵
  PID:10520
- C:\Windows\System\zMkjiyp.exe
  C:\Windows\System\zMkjiyp.exe
  2⤵
  PID:11296
- C:\Windows\System\MKvRVmq.exe
  C:\Windows\System\MKvRVmq.exe
  2⤵
  PID:11312
- C:\Windows\System\peGtEtD.exe
  C:\Windows\System\peGtEtD.exe
  2⤵
  PID:11352
- C:\Windows\System\FMAFNdM.exe
  C:\Windows\System\FMAFNdM.exe
  2⤵
  PID:11384
- C:\Windows\System\NXNzzpz.exe
  C:\Windows\System\NXNzzpz.exe
  2⤵
  PID:11416
- C:\Windows\System\NSoYQpm.exe
  C:\Windows\System\NSoYQpm.exe
  2⤵
  PID:11444
- C:\Windows\System\DdXoDPn.exe
  C:\Windows\System\DdXoDPn.exe
  2⤵
  PID:11472
- C:\Windows\System\iNwYFfN.exe
  C:\Windows\System\iNwYFfN.exe
  2⤵
  PID:11500
- C:\Windows\System\XEmHroh.exe
  C:\Windows\System\XEmHroh.exe
  2⤵
  PID:11528
- C:\Windows\System\mIRBSKJ.exe
  C:\Windows\System\mIRBSKJ.exe
  2⤵
  PID:11564
- C:\Windows\System\gKpAHsK.exe
  C:\Windows\System\gKpAHsK.exe
  2⤵
  PID:11592
- C:\Windows\System\vDkfibH.exe
  C:\Windows\System\vDkfibH.exe
  2⤵
  PID:11620
- C:\Windows\System\LoPPdfU.exe
  C:\Windows\System\LoPPdfU.exe
  2⤵
  PID:11640
- C:\Windows\System\NIErDiy.exe
  C:\Windows\System\NIErDiy.exe
  2⤵
  PID:11656
- C:\Windows\System\mnZBBeZ.exe
  C:\Windows\System\mnZBBeZ.exe
  2⤵
  PID:11676
- C:\Windows\System\uiWidnK.exe
  C:\Windows\System\uiWidnK.exe
  2⤵
  PID:11696
- C:\Windows\System\ZLaEqun.exe
  C:\Windows\System\ZLaEqun.exe
  2⤵
  PID:11748
- C:\Windows\System\rQGcaBh.exe
  C:\Windows\System\rQGcaBh.exe
  2⤵
  PID:11784
- C:\Windows\System\bPPNDns.exe
  C:\Windows\System\bPPNDns.exe
  2⤵
  PID:11820
- C:\Windows\System\prVbOVQ.exe
  C:\Windows\System\prVbOVQ.exe
  2⤵
  PID:11844
- C:\Windows\System\jGeBdvp.exe
  C:\Windows\System\jGeBdvp.exe
  2⤵
  PID:11868
- C:\Windows\System\fUGVtxZ.exe
  C:\Windows\System\fUGVtxZ.exe
  2⤵
  PID:11896
- C:\Windows\System\hVTyHYo.exe
  C:\Windows\System\hVTyHYo.exe
  2⤵
  PID:11936
- C:\Windows\System\oGXNlFa.exe
  C:\Windows\System\oGXNlFa.exe
  2⤵
  PID:11964
- C:\Windows\System\ZMuqCoy.exe
  C:\Windows\System\ZMuqCoy.exe
  2⤵
  PID:11992
- C:\Windows\System\KWTWrEd.exe
  C:\Windows\System\KWTWrEd.exe
  2⤵
  PID:12020
- C:\Windows\System\ndlvSeS.exe
  C:\Windows\System\ndlvSeS.exe
  2⤵
  PID:12048
- C:\Windows\System\RJoshfa.exe
  C:\Windows\System\RJoshfa.exe
  2⤵
  PID:12076
- C:\Windows\System\IPtSkTG.exe
  C:\Windows\System\IPtSkTG.exe
  2⤵
  PID:12104
- C:\Windows\System\gDRFcwH.exe
  C:\Windows\System\gDRFcwH.exe
  2⤵
  PID:12132
- C:\Windows\System\DJcwWdK.exe
  C:\Windows\System\DJcwWdK.exe
  2⤵
  PID:12160
- C:\Windows\System\dfnfYZp.exe
  C:\Windows\System\dfnfYZp.exe
  2⤵
  PID:12188
- C:\Windows\System\GxdOJpu.exe
  C:\Windows\System\GxdOJpu.exe
  2⤵
  PID:12216
- C:\Windows\System\yCNcaEE.exe
  C:\Windows\System\yCNcaEE.exe
  2⤵
  PID:12244
- C:\Windows\System\GoVSicc.exe
  C:\Windows\System\GoVSicc.exe
  2⤵
  PID:12284
- C:\Windows\System\xLNUWXY.exe
  C:\Windows\System\xLNUWXY.exe
  2⤵
  PID:11304
- C:\Windows\System\ZoxIkyO.exe
  C:\Windows\System\ZoxIkyO.exe
  2⤵
  PID:11364
- C:\Windows\System\fFFbhAR.exe
  C:\Windows\System\fFFbhAR.exe
  2⤵
  PID:11408
- C:\Windows\System\GsNrZdk.exe
  C:\Windows\System\GsNrZdk.exe
  2⤵
  PID:11440
- C:\Windows\System\cZKPmPw.exe
  C:\Windows\System\cZKPmPw.exe
  2⤵
  PID:11496
- C:\Windows\System\iJyoTrW.exe
  C:\Windows\System\iJyoTrW.exe
  2⤵
  PID:11576
- C:\Windows\System\KNnGLYm.exe
  C:\Windows\System\KNnGLYm.exe
  2⤵
  PID:11648
- C:\Windows\System\EFiRMsh.exe
  C:\Windows\System\EFiRMsh.exe
  2⤵
  PID:11772
- C:\Windows\System\ABqWJTj.exe
  C:\Windows\System\ABqWJTj.exe
  2⤵
  PID:11852
- C:\Windows\System\JqaVhKN.exe
  C:\Windows\System\JqaVhKN.exe
  2⤵
  PID:11892
- C:\Windows\System\irfQOjX.exe
  C:\Windows\System\irfQOjX.exe
  2⤵
  PID:11960
- C:\Windows\System\OYXSFJQ.exe
  C:\Windows\System\OYXSFJQ.exe
  2⤵
  PID:12032
- C:\Windows\System\TTTaQkf.exe
  C:\Windows\System\TTTaQkf.exe
  2⤵
  PID:12100
- C:\Windows\System\tVofRVp.exe
  C:\Windows\System\tVofRVp.exe
  2⤵
  PID:6368
- C:\Windows\System\znkyfxI.exe
  C:\Windows\System\znkyfxI.exe
  2⤵
  PID:12232
- C:\Windows\System\wNIOZco.exe
  C:\Windows\System\wNIOZco.exe
  2⤵
  PID:11280
- C:\Windows\System\JMMGNnI.exe
  C:\Windows\System\JMMGNnI.exe
  2⤵
  PID:11572
- C:\Windows\System\aztrpOq.exe
  C:\Windows\System\aztrpOq.exe
  2⤵
  PID:11548
- C:\Windows\System\IGTNgXx.exe
  C:\Windows\System\IGTNgXx.exe
  2⤵
  PID:11768
- C:\Windows\System\cbJiQax.exe
  C:\Windows\System\cbJiQax.exe
  2⤵
  PID:7140
- C:\Windows\System\LufbZiL.exe
  C:\Windows\System\LufbZiL.exe
  2⤵
  PID:5476
- C:\Windows\System\WdPhOhN.exe
  C:\Windows\System\WdPhOhN.exe
  2⤵
  PID:11916
- C:\Windows\System\rMWycef.exe
  C:\Windows\System\rMWycef.exe
  2⤵
  PID:11988
- C:\Windows\System\YBqJuGy.exe
  C:\Windows\System\YBqJuGy.exe
  2⤵
  PID:12124
- C:\Windows\System\bRjIFvo.exe
  C:\Windows\System\bRjIFvo.exe
  2⤵
  PID:12264
- C:\Windows\System\cbPtUaW.exe
  C:\Windows\System\cbPtUaW.exe
  2⤵
  PID:11664
- C:\Windows\System\JqFOaTb.exe
  C:\Windows\System\JqFOaTb.exe
  2⤵
  PID:7128
- C:\Windows\System\wkqtzfC.exe
  C:\Windows\System\wkqtzfC.exe
  2⤵
  PID:3968
- C:\Windows\System\aahCvHl.exe
  C:\Windows\System\aahCvHl.exe
  2⤵
  PID:12228
- C:\Windows\System\YZQDgNS.exe
  C:\Windows\System\YZQDgNS.exe
  2⤵
  PID:5132
- C:\Windows\System\mouTnOn.exe
  C:\Windows\System\mouTnOn.exe
  2⤵
  PID:12172
- C:\Windows\System\iZGiNet.exe
  C:\Windows\System\iZGiNet.exe
  2⤵
  PID:7132
- C:\Windows\System\Vfgwgql.exe
  C:\Windows\System\Vfgwgql.exe
  2⤵
  PID:12308
- C:\Windows\System\IeqortZ.exe
  C:\Windows\System\IeqortZ.exe
  2⤵
  PID:12336
- C:\Windows\System\iyNHdHt.exe
  C:\Windows\System\iyNHdHt.exe
  2⤵
  PID:12364
- C:\Windows\System\TDACIiD.exe
  C:\Windows\System\TDACIiD.exe
  2⤵
  PID:12392
- C:\Windows\System\MFcnjwI.exe
  C:\Windows\System\MFcnjwI.exe
  2⤵
  PID:12420
- C:\Windows\System\BrIuJzR.exe
  C:\Windows\System\BrIuJzR.exe
  2⤵
  PID:12452
- C:\Windows\System\XvVhblg.exe
  C:\Windows\System\XvVhblg.exe
  2⤵
  PID:12480
- C:\Windows\System\fRDAaXr.exe
  C:\Windows\System\fRDAaXr.exe
  2⤵
  PID:12508
- C:\Windows\System\RQXMboR.exe
  C:\Windows\System\RQXMboR.exe
  2⤵
  PID:12536
- C:\Windows\System\LTHeeVZ.exe
  C:\Windows\System\LTHeeVZ.exe
  2⤵
  PID:12564
- C:\Windows\System\yMooGmx.exe
  C:\Windows\System\yMooGmx.exe
  2⤵
  PID:12592
- C:\Windows\System\PnwWlBc.exe
  C:\Windows\System\PnwWlBc.exe
  2⤵
  PID:12620
- C:\Windows\System\qdvRYQj.exe
  C:\Windows\System\qdvRYQj.exe
  2⤵
  PID:12648
- C:\Windows\System\yBsqOSs.exe
  C:\Windows\System\yBsqOSs.exe
  2⤵
  PID:12676
- C:\Windows\System\qboVjHf.exe
  C:\Windows\System\qboVjHf.exe
  2⤵
  PID:12704
- C:\Windows\System\abEwyZR.exe
  C:\Windows\System\abEwyZR.exe
  2⤵
  PID:12732
- C:\Windows\System\mgQdkQj.exe
  C:\Windows\System\mgQdkQj.exe
  2⤵
  PID:12760
- C:\Windows\System\KoHBnZg.exe
  C:\Windows\System\KoHBnZg.exe
  2⤵
  PID:12788
- C:\Windows\System\PCkjrqQ.exe
  C:\Windows\System\PCkjrqQ.exe
  2⤵
  PID:12816
- C:\Windows\System\iNYLcBm.exe
  C:\Windows\System\iNYLcBm.exe
  2⤵
  PID:12844
- C:\Windows\System\ZvwJvjg.exe
  C:\Windows\System\ZvwJvjg.exe
  2⤵
  PID:12872
- C:\Windows\System\cZsQjiA.exe
  C:\Windows\System\cZsQjiA.exe
  2⤵
  PID:12900
- C:\Windows\System\rGhrCww.exe
  C:\Windows\System\rGhrCww.exe
  2⤵
  PID:12928
- C:\Windows\System\EFCohSE.exe
  C:\Windows\System\EFCohSE.exe
  2⤵
  PID:12956
- C:\Windows\System\BUDZCUG.exe
  C:\Windows\System\BUDZCUG.exe
  2⤵
  PID:12984
- C:\Windows\System\ZWEaENz.exe
  C:\Windows\System\ZWEaENz.exe
  2⤵
  PID:13012
- C:\Windows\System\LZChIKt.exe
  C:\Windows\System\LZChIKt.exe
  2⤵
  PID:13040
- C:\Windows\System\TGBHdJK.exe
  C:\Windows\System\TGBHdJK.exe
  2⤵
  PID:13068
- C:\Windows\System\UYxedAD.exe
  C:\Windows\System\UYxedAD.exe
  2⤵
  PID:13096
- C:\Windows\System\JRIFhBS.exe
  C:\Windows\System\JRIFhBS.exe
  2⤵
  PID:13124
- C:\Windows\System\PZwipnG.exe
  C:\Windows\System\PZwipnG.exe
  2⤵
  PID:13152
- C:\Windows\System\pPMhHSq.exe
  C:\Windows\System\pPMhHSq.exe
  2⤵
  PID:13180
- C:\Windows\System\JsZLBKi.exe
  C:\Windows\System\JsZLBKi.exe
  2⤵
  PID:13208
- C:\Windows\System\ZCLSeeP.exe
  C:\Windows\System\ZCLSeeP.exe
  2⤵
  PID:13236
- C:\Windows\System\wbMPDdy.exe
  C:\Windows\System\wbMPDdy.exe
  2⤵
  PID:13264
- C:\Windows\System\NITFbdx.exe
  C:\Windows\System\NITFbdx.exe
  2⤵
  PID:13292
- C:\Windows\System\lFNcYdT.exe
  C:\Windows\System\lFNcYdT.exe
  2⤵
  PID:12304
- C:\Windows\System\YigrqZk.exe
  C:\Windows\System\YigrqZk.exe
  2⤵
  PID:12376
- C:\Windows\System\FHNzzYY.exe
  C:\Windows\System\FHNzzYY.exe
  2⤵
  PID:12444
- C:\Windows\System\IDtKNzI.exe
  C:\Windows\System\IDtKNzI.exe
  2⤵
  PID:12504
- C:\Windows\System\XhExEMU.exe
  C:\Windows\System\XhExEMU.exe
  2⤵
  PID:12576
- C:\Windows\System\UqqfqGR.exe
  C:\Windows\System\UqqfqGR.exe
  2⤵
  PID:12640
- C:\Windows\System\lYeoBdj.exe
  C:\Windows\System\lYeoBdj.exe
  2⤵
  PID:12700
- C:\Windows\System\UUwxpIS.exe
  C:\Windows\System\UUwxpIS.exe
  2⤵
  PID:12772
- C:\Windows\System\LIdOBZS.exe
  C:\Windows\System\LIdOBZS.exe
  2⤵
  PID:12836
- C:\Windows\System\YiUwoyi.exe
  C:\Windows\System\YiUwoyi.exe
  2⤵
  PID:12896
- C:\Windows\System\toKCpFc.exe
  C:\Windows\System\toKCpFc.exe
  2⤵
  PID:12968
- C:\Windows\System\CRcsnzp.exe
  C:\Windows\System\CRcsnzp.exe
  2⤵
  PID:13032
- C:\Windows\System\pWjIocw.exe
  C:\Windows\System\pWjIocw.exe
  2⤵
  PID:13092
- C:\Windows\System\ykkUFwD.exe
  C:\Windows\System\ykkUFwD.exe
  2⤵
  PID:13168
- C:\Windows\System\FWiEXea.exe
  C:\Windows\System\FWiEXea.exe
  2⤵
  PID:13228
- C:\Windows\System\MQZbFFo.exe
  C:\Windows\System\MQZbFFo.exe
  2⤵
  PID:13288
- C:\Windows\System\ibDbTCV.exe
  C:\Windows\System\ibDbTCV.exe
  2⤵
  PID:12416
- C:\Windows\System\UvwvMRA.exe
  C:\Windows\System\UvwvMRA.exe
  2⤵
  PID:12560
- C:\Windows\System\CbFFaLB.exe
  C:\Windows\System\CbFFaLB.exe
  2⤵
  PID:12696
- C:\Windows\System\JTBQDun.exe
  C:\Windows\System\JTBQDun.exe
  2⤵
  PID:12864
- C:\Windows\System\BTMDVUD.exe
  C:\Windows\System\BTMDVUD.exe
  2⤵
  PID:13008
- C:\Windows\System\vmdQYBv.exe
  C:\Windows\System\vmdQYBv.exe
  2⤵
  PID:13144
- C:\Windows\System\bbFdeuF.exe
  C:\Windows\System\bbFdeuF.exe
  2⤵
  PID:12348
- C:\Windows\System\JIZlInh.exe
  C:\Windows\System\JIZlInh.exe
  2⤵
  PID:12616
- C:\Windows\System\uFYKKyh.exe
  C:\Windows\System\uFYKKyh.exe
  2⤵
  PID:13004
- C:\Windows\System\NdorEdG.exe
  C:\Windows\System\NdorEdG.exe
  2⤵
  PID:12500
- C:\Windows\System\TIlhbKP.exe
  C:\Windows\System\TIlhbKP.exe
  2⤵
  PID:13284
- C:\Windows\System\gcQQWRv.exe
  C:\Windows\System\gcQQWRv.exe
  2⤵
  PID:13320
- C:\Windows\System\ItUzokY.exe
  C:\Windows\System\ItUzokY.exe
  2⤵
  PID:13348
- C:\Windows\System\IfoSPww.exe
  C:\Windows\System\IfoSPww.exe
  2⤵
  PID:13376
- C:\Windows\System\IiNDsfs.exe
  C:\Windows\System\IiNDsfs.exe
  2⤵
  PID:13404
- C:\Windows\System\JnVoqtO.exe
  C:\Windows\System\JnVoqtO.exe
  2⤵
  PID:13432
- C:\Windows\System\feKCALw.exe
  C:\Windows\System\feKCALw.exe
  2⤵
  PID:13460
- C:\Windows\System\vByBQYL.exe
  C:\Windows\System\vByBQYL.exe
  2⤵
  PID:13488
- C:\Windows\System\DFwBxJB.exe
  C:\Windows\System\DFwBxJB.exe
  2⤵
  PID:13516
- C:\Windows\System\oBDKgJM.exe
  C:\Windows\System\oBDKgJM.exe
  2⤵
  PID:13544
- C:\Windows\System\aXzREqt.exe
  C:\Windows\System\aXzREqt.exe
  2⤵
  PID:13572
- C:\Windows\System\VPiTDiW.exe
  C:\Windows\System\VPiTDiW.exe
  2⤵
  PID:13600
- C:\Windows\System\YpaAplI.exe
  C:\Windows\System\YpaAplI.exe
  2⤵
  PID:13628
- C:\Windows\System\OarSrwJ.exe
  C:\Windows\System\OarSrwJ.exe
  2⤵
  PID:13656
- C:\Windows\System\PcfJiHp.exe
  C:\Windows\System\PcfJiHp.exe
  2⤵
  PID:13684
- C:\Windows\System\KdHUkLg.exe
  C:\Windows\System\KdHUkLg.exe
  2⤵
  PID:13712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rftdnygg.gei.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BcfWPWL.exe

Filesize
3.0MB

MD5
1aa7c8b885054284966b7a4928d62058

SHA1
5625789a5df3dc35601c761b27d9b4ee8bf36896

SHA256
0941ec4336273cc4c4842932346132a580432257ee5fa020f6721cdc998a5c69

SHA512
00eed6b3b4a869c27c7d54a5fe9ba2a3efe213550a8fab05b09a5da749da984b94bd36166aaf99d14e58374c3d062a0a2abad35761556388a652335a609e677b

Download Submit
C:\Windows\System\Cdfyeqj.exe

Filesize
3.0MB

MD5
0a85169c2e820d41fb57cd59d40ee4ef

SHA1
6ea8eb78c0f45fc51381991d67e6d302bc7fffd3

SHA256
0d7fdba0754aca496f981255bbe51ea2dec506c8677171a59d8a6f876fd91882

SHA512
7edcb191b52de53eeacfc2ad289211e8884de1202d1e14229624ea3edfda9b414915d0cb00dbc01216d0b2665e1dc76488c1a334b47262117a5982c404087b5e

Download Submit
C:\Windows\System\DrAxWtJ.exe

Filesize
3.0MB

MD5
f736c37ea57371ae86494bc57a13a723

SHA1
42ae1960a2261ee13b5fa90d0c36b4f4db34b39a

SHA256
34a8a10bb0fbb7ecfb38f4a1b613e955878e6edb19b8e2ab77ec58f2423ab457

SHA512
765631354fe6c557a50d91252e06f32074f48244640bef025e143de58fc86d9123cb00f24c1bb32f7c131c281b3e18261327c8763cec217fd4a507cbffc5645f

Download Submit
C:\Windows\System\EGVdoHL.exe

Filesize
3.0MB

MD5
d220eb182fa1ed0924064b16d690b3f8

SHA1
76db7cc0d30e6b78dc045c3c9ba71f377203cb32

SHA256
4f88a7f6f805ff302d62c857d177ed2ae42faf5530ae1f36fea3af1b0ebe97b6

SHA512
0578a25845a4e81642dd1b9d08adaf4fceb0fe38a59d002b976aab0a3cf84f76063832cc738a287e717d07de3c174265e9e8a0accee665d62102d865c61df92c

Download Submit
C:\Windows\System\FiRvtcp.exe

Filesize
3.0MB

MD5
073ab9f970927732460ee70873ccb1d0

SHA1
37e8ed55fee6661b11da51f2bcf6c01bc7f1aa96

SHA256
9658e8c028542358b648fc940bd5892091a8f03a0824f04b81060fe305ffd99c

SHA512
820de64240445f7e4f7639a0153422a4a862e98c3678030b5871f636ba78d2ce58c2e0fb479d424438f974e392dd0dae290ce77005f5b20cdc667bd71e3de31b

Download Submit
C:\Windows\System\HBtwfZN.exe

Filesize
3.0MB

MD5
7fd3ff1a102188864fbab9985387108d

SHA1
2dc6f10384cb3f89d9d6639a59e0669d5d992de2

SHA256
83313bac5dc47dc7d3f9cd1f802eddb1f7ec34e22e99185de481359c6e0d0ae0

SHA512
0cc3fd1b6265d95d9689cf7cb8680afa2a841cf5b666cc0dde54750dd75336c97c337c59678f22cf52529facff712fd5d44d29b96e39ce9932ff99823e161625

Download Submit
C:\Windows\System\JUiDHMi.exe

Filesize
3.0MB

MD5
4e3c61cb2b3ae09021d7cc8d4cc15937

SHA1
f8135ce493a21b44a685543fc1e14415e7923378

SHA256
c3a296c279bc856abfd61e9dadda35eaac42df13b236e28a061fbae89176b85b

SHA512
376df33683fcda58153767a2fd69310dc86ef4734a65ae09d0d8ba904cc7ff137ad2191bcfb7da260e149439d64733b96ec23b76fd4a3ce26cadcad1b6ef2de1

Download Submit
C:\Windows\System\JcKgJCT.exe

Filesize
3.0MB

MD5
3beab9e3b664b468a8adc53cd62023fb

SHA1
ec18663f24077ab2341b60c203419570d007fc6c

SHA256
0e08c8536a18c081f1ab08e309e6bb9d5c8d08d95fa0b459fa8610da29f9c8cb

SHA512
52b9142150e6c935539c15adb9c2c3f933dc9623eba173caf78103bd7a42aa903a7b2a194e50a2cdf15a54482c11831fb21044a6196442f47302fced52744784

Download Submit
C:\Windows\System\KoWsxUE.exe

Filesize
3.0MB

MD5
9677892adc22853f90b984eaca641d24

SHA1
2537f39941cfd286096f0353ccaff119493fa5af

SHA256
d3d1e948334abf0c017077d737e130bdfaf6eed2cba3c9167dfbe40241110d2f

SHA512
7870b443793736b9c137e776b90901187785a8799ec575863b41c5b308eb8a83ec0990a4fee419f76f5ed54d8170763dbed43d4661a4b3ebf821740bb9761578

Download Submit
C:\Windows\System\LBIBDoF.exe

Filesize
3.0MB

MD5
6001299a433d87928082bf0dcfb7c7ad

SHA1
be140cef2f590e0da3a3d4710f9ac374fb3906ec

SHA256
fdda5e9688b81f4abedc68fe000184e5d35dd550628713bd350487dc0495f0ae

SHA512
b3c5821ea923ef9b93504d90257df4ddb13f89a95007c0f72b4f1937d01b76fa82c89ed9c5a3d56c46bbfde6114169e9f21293ed0d1dd2ca7ba67416755e7c9a

Download Submit
C:\Windows\System\NmPkxBe.exe

Filesize
3.0MB

MD5
32d213425285f047354276170eabb6dd

SHA1
e00448a3086ae92330abd6987e74aed83537bedb

SHA256
f65a3c4994f6603935ebd5f6e5bcbcc81a58273580f3c3ccae368522d7577f50

SHA512
40405670761f9cb8ca57f51a722801e0fe520ab4ee6bb6cf3298ae254bd1a7d5832814c2670213d2aa23dab1789df70c43d7578b742c2990e557564486a9a075

Download Submit
C:\Windows\System\NnOyRnG.exe

Filesize
3.0MB

MD5
c6c9f8dff7712756ff2b70eeafb4fb38

SHA1
510942d9c5218cfd74e1141e4775e6820124f18d

SHA256
bd42f0040537fbfc317f3427de04e6177d7e6eb94ae29e477ee32ae25c3ea32a

SHA512
e19d77dafb1c31ea087fea623bf00976623811bf468a1aa8dc9f5f806b4475d8629750b6a97ca3e9ec3b0903eaa0bbd8f31e560bc0d1e8a0ab3482752aa1379b

Download Submit
C:\Windows\System\NzrSIvu.exe

Filesize
3.0MB

MD5
c9d0f9826b984cf1684a5ca16c9ca88d

SHA1
f1c5c2ffa3ccf71c3c703407153d0771d43ab19b

SHA256
658cbdc2c105caff760267c06bbf8d90578fc9fc81c0580e84ca91c5488b660e

SHA512
24082b1f1983021a7d24515c4b8b158fd942d0e441ac35c37216bf38eecd32c677f50c0d59e0a92d4b2aeee908183fd8a9458cbeed4b70d12b92b2e6df8fa98b

Download Submit
C:\Windows\System\PqsLfXv.exe

Filesize
3.0MB

MD5
a71cfd82cbe30817b331ddd3becdfe93

SHA1
5331d3f4f4854403760a0f5613639200684aeb9a

SHA256
4d7c47afc74346f0c8e798f08a2f65ea2645c62dee73b0bafe79c4165a9dfee5

SHA512
61f81de8d44a14e6caccfc82cb70864283e6e07e2a2f76bdcdf7a428f388cd0ed641a2cac7b05cd79f6d2a1309d11a25ac46c1eea0d7cf168a6e0e84fe54027d

Download Submit
C:\Windows\System\QZWPOKH.exe

Filesize
3.0MB

MD5
0ae264af51eca45e459603c8332fc671

SHA1
4989680158011a64095cc4e4db53885a24caac5b

SHA256
6f7f0950638ca3d8ae031932dd21246b6c4f09ec76802c0eba87fd7a0d8cd490

SHA512
65dc6a7faaeb0a9ff07e35dec5d436bf1b38af47097c1fbdd5223bd07a1f20df7e9c7427a987e6b1b0daf0923bc6245ded575e14c71514da9efe25f54ec5e241

Download Submit
C:\Windows\System\UAjRtHb.exe

Filesize
3.0MB

MD5
2168dc00fb88882d80fc6a8324ffbb7d

SHA1
db3b2c199b1d649a1697fbd61eed3fa289834bf2

SHA256
b08a0511d2464ec91bef433c6746517ece156542badf7e900afdf9d5f165d594

SHA512
4ca171cdad8bedb4f2092fd50e2f7552e679395112c2821864bf0fb7910227a4455bb1748bfd80910da0d247f3c8ff7abad9d7da5ee85c855b9c4378d0dd86a3

Download Submit
C:\Windows\System\UgrWNPq.exe

Filesize
3.0MB

MD5
4ed4b968e4699d1fdd4c1d549e8b9617

SHA1
dcfd6782304c7008bdbcbe52b6a47180afb708fe

SHA256
1d86eb607d6b834cc28b213e7ccd40d05521c27230de03e222b03915ddae8178

SHA512
4fe565abdeb23c72462f4db7f58b35fca8e4acd39e47a6a4ba2c9b596242b729674b5183d46b730c0efff5d76a61441b64aebe035bdf065c2003a3c7b981127b

Download Submit
C:\Windows\System\XAlnjIG.exe

Filesize
3.0MB

MD5
da46c80d72958ac558b960889ecd7fe4

SHA1
5cc52a0581214f77441e1eba7a2afa7a86d71bf0

SHA256
810c6f4195bda09a2fad402a165c2b90b1f27eb99d5cfe86c4587190b5159e76

SHA512
7d2bbb0460a9e413be21e8d74976c44b9629ed304166bf08ca81cba83c893841e3d3d023e205596614fd3ba2fd866d2a009c798b84abab2d8b62c619a982754c

Download Submit
C:\Windows\System\XtPRHYy.exe

Filesize
8B

MD5
bed721f7f8f089f4cae94ba9ba652732

SHA1
1b11e1c44a27ca0e26aaa3ea89c662dd395a783c

SHA256
68118a9d1f411ebe749a82db9096312374ba85186deba158fc4a47943d642535

SHA512
e28af4fe5bf1ef27a37f4ecb38b5e1cde1203074e56e79872f86f269593fc6dd2a0c96c6dbed8e307f0b77edef2058a929099d81898667a11486ce67790b3665

Download Submit
C:\Windows\System\YNhmxKt.exe

Filesize
3.0MB

MD5
20b55e4d97854f6b30a778502f119a58

SHA1
7d3f49a64bc2944b8d8743645004065908bb0179

SHA256
092b74019a70e232ebd467cbdae28c527098d2479e3c1badd29303cf5d70c15d

SHA512
0e2db4fce8bf3cc1eb0e8f535dcff2cf4aa81ba48169d8a8f68da939f7b8c19ecb9a072bacb6f83341782ec7c931a45378a23a50cebca833338a71278f2c9d66

Download Submit
C:\Windows\System\YlvKsFD.exe

Filesize
3.0MB

MD5
4201e8100159cd51804044119fe84d85

SHA1
9e46c442362859abeacc27118ec4138a271de091

SHA256
9b2528658a43cd7e7cc5bb26f36439251b5b7a922612bef59f78716349a4e4d5

SHA512
87cf3015ed0c09f0b825f659935d4f87342de82289b3c02c3a00b02dd6ef79aed309fac21dc6f7d95807d62e62cfdfb5a3ba540cc37e99842a2410a7851922e8

Download Submit
C:\Windows\System\axuHtkH.exe

Filesize
3.0MB

MD5
1cb391615909a2fb117f1c49a5b4a61e

SHA1
36b17d53a80aaefd295423c5393a7ba8c2fbe4a1

SHA256
ca18b11c8025425583bb00a531be80002b0a04ac8ea1a4305e7656ef734e7b3a

SHA512
fc97032f81311ba43f0b5dddfffd113a7fd7e6fd2e1244aa2b3811e4bd945ca9febbb80481da9d80b7a422514a24d95b3b7b316fc475083776903563c323a894

Download Submit
C:\Windows\System\dWsBfNL.exe

Filesize
3.0MB

MD5
8d1903576b100d8e4ff6fe35ef26dd14

SHA1
6d6dce0dafa327fe05852f9062b8ccd001fa3432

SHA256
3c1573638c45c7aec04d5064f9d5620d6832035ed7e86230c4cf49323c462151

SHA512
2a4cf4b994c165a36f7a36a7e7518b448d9355a24fee928f2adb337f6ca74d51c27d49e962f2a4c25e2cb4c8901fc5f2b91f828800a3592409b4f03fb6c24752

Download Submit
C:\Windows\System\hxvwWNH.exe

Filesize
3.0MB

MD5
6ed45ef9b122b59c89705a0eba32f7ea

SHA1
f33eb889800ced03edf803341f986b3d0d94d261

SHA256
15176c5ea7920fb85dadbe913966285917efd3ecd6c13f90eb25e0b15d69fd75

SHA512
1563935589cfca0779b2a3e5d48c82c5fa099d6a9a730ed96c20bcceca37307d36a65d6172fe56a76cfbfa15f0e26b1d854047bdc01d9329de7df694a7b7df0a

Download Submit
C:\Windows\System\kwqBxgc.exe

Filesize
3.0MB

MD5
fb64ca7fb312c37801cbb5abb26e2de8

SHA1
a0e2517cf16a15fc2377de1cab2d79b42e71619e

SHA256
00b6460bff13b99e06c93e560ecad9e352d99db642f556151b94c780e85cecbc

SHA512
3cd43b44bf98541d0d318713de8cbbb77f475166801adc444960b44551265f3dc807bf96704a2f60bf66e9ff22692fe6bd99984274c567a1e629eeb7f28a98ef

Download Submit
C:\Windows\System\lbeZKRc.exe

Filesize
3.0MB

MD5
72067654e0a6e9fd9f3d0b42ecbdb81b

SHA1
4eb65746bf8719eb5c9a7721d932a60becf92430

SHA256
608291b7e9bfa4640646c8b9d7c089e64558e40e37e6ea77bf26b23aff5f9b63

SHA512
0c7062f6bfa6100b56fdb5f912353b8efd69384bd295ddbd513eaee462f3a86299d472d5691936cdb798088f86512da6b519728f43c7b664fbe71b6d89eab0b4

Download Submit
C:\Windows\System\pqZlrbn.exe

Filesize
3.0MB

MD5
7660f85f1c13998ac78b81e0d1bae617

SHA1
ddfa7ecdbb16c0aa12e7cfbad54620fdaad8f139

SHA256
1dc60fa7a999b86594cf3c77b762bfde676508a8584745af3999297d5edf97ab

SHA512
3c1589f5b6fa1f12be0ad309f4778d2ea1c77194ed80c56bea8ef41c62925357f7c86015ba3944e3fc214899b2c029c07a80d0abb3181c99276b3bd2b7260a78

Download Submit
C:\Windows\System\qbTWoCy.exe

Filesize
3.0MB

MD5
de06a417ba16f2044a016066c951043d

SHA1
2ec68dee5a66034e042f06c562f28b523d3a290e

SHA256
1b97d5e05b1098f7f7c13cad785b86cb047f5d8263b433af47b69eefb650f1d3

SHA512
343e077443512284061be85867efcb7b15ce8b37145307ac36613fe93b1a426f406ed8766f498c00ca8016b3b48d0ba95ffcae210aa97f2f469d661b30f8d564

Download Submit
C:\Windows\System\qlXfnZv.exe

Filesize
3.0MB

MD5
178cfe779f58f803e3515fb0b4bd7ded

SHA1
5abfff778cf6d18f5c58ed28dd2dd7ef42823aec

SHA256
7574a05d95344381ca705fea7ee8da932627a73c6d91f1c5d216c40dca59d43a

SHA512
1b700dc6a954966b3ae1dc7b8a82243b48370d3a0451eb9caf588c05be8dcc9d711993847c845cadde9b9f0a5c9a51ca4d0997489cd76df8746fc41eabf08fa0

Download Submit
C:\Windows\System\rFhsPbZ.exe

Filesize
3.0MB

MD5
bddf8f9b792d2a63547db2c941bf4c03

SHA1
a554c32d0c2ad7b0998a24fb47d48adaed2b3ac7

SHA256
efe1a3635e236a0b04ce5c3825ebf54c7fa2ceb11b9ab74d1428a8a71ad1d14e

SHA512
339d7f22208f570fec8526fe5071a353cffe202e129e7d72fe808920cd37fbe529477f083221e0395f197f827c235e7cb9acf7b4ca2fecfcf481f7a312ab576c

Download Submit
C:\Windows\System\roZCGBS.exe

Filesize
3.0MB

MD5
24d7f5d4bb76016586ed7782e91de2e3

SHA1
063a467a3bf76f69aa83ca5b58f05b256f766e1d

SHA256
15ef28ace62bbbeb6c303a6111fb557897761f1376e2caf52005257e7ae3aee3

SHA512
6102501c30cd26de8ee3381402a7c27c1a272257e4251eb0fc9edf7f557221a154107516da6defebef940c733640dbd36f74a46c0cce20bd569401b615dbbb56

Download Submit
C:\Windows\System\svnLrsI.exe

Filesize
3.0MB

MD5
7adca71d63e46f144b230bc3dcd40298

SHA1
c283ec9ac7d0494a6ee169d89e963a7ab1a10cab

SHA256
b9d05a126caf80d745f455771d1bd1c9548c314231fc6a9a791c638cdf2d2370

SHA512
195bbb9577765809c4e256a810db4c7eb2cf34ec5b73bfb146024b04ac56cb6312ccf76c1e7a251082a9453a6c280ebcb217c5d82904c368349ab070522ec79a

Download Submit
C:\Windows\System\wpBCQXp.exe

Filesize
3.0MB

MD5
ed592c3dff14be467e7357bb321b69d9

SHA1
46f38fee65abb85b2ccd2e64b1047fe07261ced5

SHA256
651e2a909e61a643513b30ae0f61f8ad7660703a53d2c73c951e408dfda49691

SHA512
ec88029006b4dd6fe38bd6bb749183f3ae2ab5cd62d107a768662e0a5355071d2af8180ab7f4dc01bb2b5007f16ef88b5521566150b62e2db277d26f9a4fad52

Download Submit
memory/376-2478-0x00007FF72C7D0000-0x00007FF72CBC6000-memory.dmp

Filesize
4.0MB

Download
memory/376-166-0x00007FF72C7D0000-0x00007FF72CBC6000-memory.dmp

Filesize
4.0MB

Download
memory/468-2479-0x00007FF6B7FB0000-0x00007FF6B83A6000-memory.dmp

Filesize
4.0MB

Download
memory/468-173-0x00007FF6B7FB0000-0x00007FF6B83A6000-memory.dmp

Filesize
4.0MB

Download
memory/1532-2469-0x00007FF6B3470000-0x00007FF6B3866000-memory.dmp

Filesize
4.0MB

Download
memory/1532-395-0x00007FF6B3470000-0x00007FF6B3866000-memory.dmp

Filesize
4.0MB

Download
memory/1532-87-0x00007FF6B3470000-0x00007FF6B3866000-memory.dmp

Filesize
4.0MB

Download
memory/1596-2462-0x00007FF73D410000-0x00007FF73D806000-memory.dmp

Filesize
4.0MB

Download
memory/1596-53-0x00007FF73D410000-0x00007FF73D806000-memory.dmp

Filesize
4.0MB

Download
memory/1764-74-0x00007FF774E70000-0x00007FF775266000-memory.dmp

Filesize
4.0MB

Download
memory/1764-2467-0x00007FF774E70000-0x00007FF775266000-memory.dmp

Filesize
4.0MB

Download
memory/1764-283-0x00007FF774E70000-0x00007FF775266000-memory.dmp

Filesize
4.0MB

Download
memory/2260-2476-0x00007FF695910000-0x00007FF695D06000-memory.dmp

Filesize
4.0MB

Download
memory/2260-130-0x00007FF695910000-0x00007FF695D06000-memory.dmp

Filesize
4.0MB

Download
memory/2512-94-0x00007FF6163D0000-0x00007FF6167C6000-memory.dmp

Filesize
4.0MB

Download
memory/2512-2468-0x00007FF6163D0000-0x00007FF6167C6000-memory.dmp

Filesize
4.0MB

Download
memory/2584-2466-0x00007FF78BDC0000-0x00007FF78C1B6000-memory.dmp

Filesize
4.0MB

Download
memory/2584-73-0x00007FF78BDC0000-0x00007FF78C1B6000-memory.dmp

Filesize
4.0MB

Download
memory/2828-2459-0x00007FF6386F0000-0x00007FF638AE6000-memory.dmp

Filesize
4.0MB

Download
memory/2828-69-0x00007FF6386F0000-0x00007FF638AE6000-memory.dmp

Filesize
4.0MB

Download
memory/3196-131-0x00007FF64ECC0000-0x00007FF64F0B6000-memory.dmp

Filesize
4.0MB

Download
memory/3196-2475-0x00007FF64ECC0000-0x00007FF64F0B6000-memory.dmp

Filesize
4.0MB

Download
memory/3264-27-0x00007FFD20740000-0x00007FFD21201000-memory.dmp

Filesize
10.8MB

Download
memory/3264-167-0x00007FFD20743000-0x00007FFD20745000-memory.dmp

Filesize
8KB

Download
memory/3264-127-0x000001ACDB4C0000-0x000001ACDBC66000-memory.dmp

Filesize
7.6MB

Download
memory/3264-3-0x00007FFD20743000-0x00007FFD20745000-memory.dmp

Filesize
8KB

Download
memory/3264-21-0x000001ACDA870000-0x000001ACDA892000-memory.dmp

Filesize
136KB

Download
memory/3264-148-0x00007FFD20740000-0x00007FFD21201000-memory.dmp

Filesize
10.8MB

Download
memory/3264-40-0x00007FFD20740000-0x00007FFD21201000-memory.dmp

Filesize
10.8MB

Download
memory/3412-110-0x00007FF6FF970000-0x00007FF6FFD66000-memory.dmp

Filesize
4.0MB

Download
memory/3412-2472-0x00007FF6FF970000-0x00007FF6FFD66000-memory.dmp

Filesize
4.0MB

Download
memory/3456-2465-0x00007FF7A8630000-0x00007FF7A8A26000-memory.dmp

Filesize
4.0MB

Download
memory/3456-72-0x00007FF7A8630000-0x00007FF7A8A26000-memory.dmp

Filesize
4.0MB

Download
memory/3468-174-0x00007FF65DFE0000-0x00007FF65E3D6000-memory.dmp

Filesize
4.0MB

Download
memory/3468-2481-0x00007FF65DFE0000-0x00007FF65E3D6000-memory.dmp

Filesize
4.0MB

Download
memory/3552-2460-0x00007FF60D4E0000-0x00007FF60D8D6000-memory.dmp

Filesize
4.0MB

Download
memory/3552-58-0x00007FF60D4E0000-0x00007FF60D8D6000-memory.dmp

Filesize
4.0MB

Download
memory/3560-100-0x00007FF634B10000-0x00007FF634F06000-memory.dmp

Filesize
4.0MB

Download
memory/3560-2470-0x00007FF634B10000-0x00007FF634F06000-memory.dmp

Filesize
4.0MB

Download
memory/3876-765-0x00007FF665420000-0x00007FF665816000-memory.dmp

Filesize
4.0MB

Download
memory/3876-2473-0x00007FF665420000-0x00007FF665816000-memory.dmp

Filesize
4.0MB

Download
memory/3876-129-0x00007FF665420000-0x00007FF665816000-memory.dmp

Filesize
4.0MB

Download
memory/3908-1097-0x00007FF78BE80000-0x00007FF78C276000-memory.dmp

Filesize
4.0MB

Download
memory/3908-2477-0x00007FF78BE80000-0x00007FF78C276000-memory.dmp

Filesize
4.0MB

Download
memory/3908-137-0x00007FF78BE80000-0x00007FF78C276000-memory.dmp

Filesize
4.0MB

Download
memory/4672-49-0x00007FF76B130000-0x00007FF76B526000-memory.dmp

Filesize
4.0MB

Download
memory/4672-2458-0x00007FF76B130000-0x00007FF76B526000-memory.dmp

Filesize
4.0MB

Download
memory/4732-112-0x00007FF6A6C90000-0x00007FF6A7086000-memory.dmp

Filesize
4.0MB

Download
memory/4732-2474-0x00007FF6A6C90000-0x00007FF6A7086000-memory.dmp

Filesize
4.0MB

Download
memory/4732-761-0x00007FF6A6C90000-0x00007FF6A7086000-memory.dmp

Filesize
4.0MB

Download
memory/4736-64-0x00007FF6FCEA0000-0x00007FF6FD296000-memory.dmp

Filesize
4.0MB

Download
memory/4736-2463-0x00007FF6FCEA0000-0x00007FF6FD296000-memory.dmp

Filesize
4.0MB

Download
memory/4756-0-0x00007FF691E50000-0x00007FF692246000-memory.dmp

Filesize
4.0MB

Download
memory/4756-1-0x0000017449990000-0x00000174499A0000-memory.dmp

Filesize
64KB

Download
memory/4756-141-0x00007FF691E50000-0x00007FF692246000-memory.dmp

Filesize
4.0MB

Download
memory/4820-66-0x00007FF645120000-0x00007FF645516000-memory.dmp

Filesize
4.0MB

Download
memory/4820-2464-0x00007FF645120000-0x00007FF645516000-memory.dmp

Filesize
4.0MB

Download
memory/4860-2461-0x00007FF618040000-0x00007FF618436000-memory.dmp

Filesize
4.0MB

Download
memory/4860-71-0x00007FF618040000-0x00007FF618436000-memory.dmp

Filesize
4.0MB

Download
memory/5016-2471-0x00007FF69B880000-0x00007FF69BC76000-memory.dmp

Filesize
4.0MB

Download
memory/5016-107-0x00007FF69B880000-0x00007FF69BC76000-memory.dmp

Filesize
4.0MB

Download
memory/5052-175-0x00007FF640490000-0x00007FF640886000-memory.dmp

Filesize
4.0MB

Download
memory/5052-2480-0x00007FF640490000-0x00007FF640886000-memory.dmp

Filesize
4.0MB

Download