xmrig | f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
Size

3.2MB
MD5

187278c747fb285e36ce6d870af52318
SHA1

869a0fd303cdfbdd52473bc8ffbe78e2fd065401
SHA256

f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e
SHA512

6aecba5804e258ef5fe1222272860e73ac77e63fbd0007e9dae8596b2a6d1da7311de70f294f0f4a7f8f5b7f42980b4f9261a2f0be4bb69acd62a23c3552c2e2
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWx:SbBeSFkt

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/3156-0-0x00007FF641C80000-0x00007FF642076000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000400000002271f-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000400000002271f-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023257-18.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023257-20.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000900000002325a-19.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3852-25-0x00007FF6E6290000-0x00007FF6E6686000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1188-26-0x00007FF64A030000-0x00007FF64A426000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000900000002325a-30.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000900000002325a-29.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5044-32-0x00007FF6A7820000-0x00007FF6A7C16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002325b-35.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002325b-36.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2024-41-0x00007FF6F1C00000-0x00007FF6F1FF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002325e-45.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002325e-48.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023260-57.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023260-61.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023266-86.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023265-92.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023267-100.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3208-107-0x00007FF74DAA0000-0x00007FF74DE96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023269-108.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3752-114-0x00007FF716620000-0x00007FF716A16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/924-117-0x00007FF70CEE0000-0x00007FF70D2D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/452-119-0x00007FF68ACA0000-0x00007FF68B096000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4148-123-0x00007FF6B7120000-0x00007FF6B7516000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326b-132.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326c-136.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/820-140-0x00007FF679250000-0x00007FF679646000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5104-142-0x00007FF7A29C0000-0x00007FF7A2DB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2004-143-0x00007FF744310000-0x00007FF744706000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/760-141-0x00007FF6DED50000-0x00007FF6DF146000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326e-139.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326d-138.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5024-135-0x00007FF6640B0000-0x00007FF6644A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326e-134.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3992-131-0x00007FF7B7000000-0x00007FF7B73F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326d-130.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326c-129.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326b-122.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1204-118-0x00007FF71C220000-0x00007FF71C616000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326a-115.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326a-113.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2296-112-0x00007FF60E2C0000-0x00007FF60E6B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023268-104.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023264-103.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023269-99.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023266-97.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4480-96-0x00007FF7632B0000-0x00007FF7636A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023268-95.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2992-91-0x00007FF635D90000-0x00007FF636186000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023264-88.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023267-87.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1444-83-0x00007FF7E9040000-0x00007FF7E9436000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023265-82.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023263-74.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023263-73.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4408-72-0x00007FF7DF3F0000-0x00007FF7DF7E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023262-68.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023262-66.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023261-64.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023261-70.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4636-56-0x00007FF7D8F80000-0x00007FF7D9376000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3156-0-0x00007FF641C80000-0x00007FF642076000-memory.dmp	UPX
behavioral2/files/0x000400000002271f-5.dat	UPX
behavioral2/files/0x000400000002271f-6.dat	UPX
behavioral2/files/0x0008000000023257-18.dat	UPX
behavioral2/files/0x0008000000023257-20.dat	UPX
behavioral2/files/0x000900000002325a-19.dat	UPX
behavioral2/memory/3852-25-0x00007FF6E6290000-0x00007FF6E6686000-memory.dmp	UPX
behavioral2/memory/1188-26-0x00007FF64A030000-0x00007FF64A426000-memory.dmp	UPX
behavioral2/files/0x000900000002325a-30.dat	UPX
behavioral2/files/0x000900000002325a-29.dat	UPX
behavioral2/memory/5044-32-0x00007FF6A7820000-0x00007FF6A7C16000-memory.dmp	UPX
behavioral2/files/0x000800000002325b-35.dat	UPX
behavioral2/files/0x000800000002325b-36.dat	UPX
behavioral2/memory/2024-41-0x00007FF6F1C00000-0x00007FF6F1FF6000-memory.dmp	UPX
behavioral2/files/0x000700000002325e-45.dat	UPX
behavioral2/files/0x000700000002325e-48.dat	UPX
behavioral2/files/0x0007000000023260-57.dat	UPX
behavioral2/files/0x0007000000023260-61.dat	UPX
behavioral2/files/0x0007000000023266-86.dat	UPX
behavioral2/files/0x0007000000023265-92.dat	UPX
behavioral2/files/0x0007000000023267-100.dat	UPX
behavioral2/memory/3208-107-0x00007FF74DAA0000-0x00007FF74DE96000-memory.dmp	UPX
behavioral2/files/0x0007000000023269-108.dat	UPX
behavioral2/memory/3752-114-0x00007FF716620000-0x00007FF716A16000-memory.dmp	UPX
behavioral2/memory/924-117-0x00007FF70CEE0000-0x00007FF70D2D6000-memory.dmp	UPX
behavioral2/memory/452-119-0x00007FF68ACA0000-0x00007FF68B096000-memory.dmp	UPX
behavioral2/memory/4148-123-0x00007FF6B7120000-0x00007FF6B7516000-memory.dmp	UPX
behavioral2/files/0x000700000002326b-132.dat	UPX
behavioral2/files/0x000700000002326c-136.dat	UPX
behavioral2/memory/820-140-0x00007FF679250000-0x00007FF679646000-memory.dmp	UPX
behavioral2/memory/5104-142-0x00007FF7A29C0000-0x00007FF7A2DB6000-memory.dmp	UPX
behavioral2/memory/2004-143-0x00007FF744310000-0x00007FF744706000-memory.dmp	UPX
behavioral2/memory/760-141-0x00007FF6DED50000-0x00007FF6DF146000-memory.dmp	UPX
behavioral2/files/0x000700000002326e-139.dat	UPX
behavioral2/files/0x000700000002326d-138.dat	UPX
behavioral2/memory/5024-135-0x00007FF6640B0000-0x00007FF6644A6000-memory.dmp	UPX
behavioral2/files/0x000700000002326e-134.dat	UPX
behavioral2/memory/3992-131-0x00007FF7B7000000-0x00007FF7B73F6000-memory.dmp	UPX
behavioral2/files/0x000700000002326d-130.dat	UPX
behavioral2/files/0x000700000002326c-129.dat	UPX
behavioral2/files/0x000700000002326b-122.dat	UPX
behavioral2/memory/1204-118-0x00007FF71C220000-0x00007FF71C616000-memory.dmp	UPX
behavioral2/files/0x000700000002326a-115.dat	UPX
behavioral2/files/0x000700000002326a-113.dat	UPX
behavioral2/memory/2296-112-0x00007FF60E2C0000-0x00007FF60E6B6000-memory.dmp	UPX
behavioral2/files/0x0007000000023268-104.dat	UPX
behavioral2/files/0x0007000000023264-103.dat	UPX
behavioral2/files/0x0007000000023269-99.dat	UPX
behavioral2/files/0x0007000000023266-97.dat	UPX
behavioral2/memory/4480-96-0x00007FF7632B0000-0x00007FF7636A6000-memory.dmp	UPX
behavioral2/files/0x0007000000023268-95.dat	UPX
behavioral2/memory/2992-91-0x00007FF635D90000-0x00007FF636186000-memory.dmp	UPX
behavioral2/files/0x0007000000023264-88.dat	UPX
behavioral2/files/0x0007000000023267-87.dat	UPX
behavioral2/memory/1444-83-0x00007FF7E9040000-0x00007FF7E9436000-memory.dmp	UPX
behavioral2/files/0x0007000000023265-82.dat	UPX
behavioral2/files/0x0007000000023263-74.dat	UPX
behavioral2/files/0x0007000000023263-73.dat	UPX
behavioral2/memory/4408-72-0x00007FF7DF3F0000-0x00007FF7DF7E6000-memory.dmp	UPX
behavioral2/files/0x0007000000023262-68.dat	UPX
behavioral2/files/0x0007000000023262-66.dat	UPX
behavioral2/files/0x0007000000023261-64.dat	UPX
behavioral2/files/0x0007000000023261-70.dat	UPX
behavioral2/memory/4636-56-0x00007FF7D8F80000-0x00007FF7D9376000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/3156-0-0x00007FF641C80000-0x00007FF642076000-memory.dmp	xmrig
behavioral2/files/0x000400000002271f-5.dat	xmrig
behavioral2/files/0x000400000002271f-6.dat	xmrig
behavioral2/files/0x0008000000023257-18.dat	xmrig
behavioral2/files/0x0008000000023257-20.dat	xmrig
behavioral2/files/0x000900000002325a-19.dat	xmrig
behavioral2/memory/3852-25-0x00007FF6E6290000-0x00007FF6E6686000-memory.dmp	xmrig
behavioral2/memory/1188-26-0x00007FF64A030000-0x00007FF64A426000-memory.dmp	xmrig
behavioral2/files/0x000900000002325a-30.dat	xmrig
behavioral2/files/0x000900000002325a-29.dat	xmrig
behavioral2/memory/5044-32-0x00007FF6A7820000-0x00007FF6A7C16000-memory.dmp	xmrig
behavioral2/files/0x000800000002325b-35.dat	xmrig
behavioral2/files/0x000800000002325b-36.dat	xmrig
behavioral2/memory/2024-41-0x00007FF6F1C00000-0x00007FF6F1FF6000-memory.dmp	xmrig
behavioral2/files/0x000700000002325e-45.dat	xmrig
behavioral2/files/0x000700000002325e-48.dat	xmrig
behavioral2/files/0x0007000000023260-57.dat	xmrig
behavioral2/files/0x0007000000023260-61.dat	xmrig
behavioral2/files/0x0007000000023266-86.dat	xmrig
behavioral2/files/0x0007000000023265-92.dat	xmrig
behavioral2/files/0x0007000000023267-100.dat	xmrig
behavioral2/memory/3208-107-0x00007FF74DAA0000-0x00007FF74DE96000-memory.dmp	xmrig
behavioral2/files/0x0007000000023269-108.dat	xmrig
behavioral2/memory/3752-114-0x00007FF716620000-0x00007FF716A16000-memory.dmp	xmrig
behavioral2/memory/924-117-0x00007FF70CEE0000-0x00007FF70D2D6000-memory.dmp	xmrig
behavioral2/memory/452-119-0x00007FF68ACA0000-0x00007FF68B096000-memory.dmp	xmrig
behavioral2/memory/4148-123-0x00007FF6B7120000-0x00007FF6B7516000-memory.dmp	xmrig
behavioral2/files/0x000700000002326b-132.dat	xmrig
behavioral2/files/0x000700000002326c-136.dat	xmrig
behavioral2/memory/820-140-0x00007FF679250000-0x00007FF679646000-memory.dmp	xmrig
behavioral2/memory/5104-142-0x00007FF7A29C0000-0x00007FF7A2DB6000-memory.dmp	xmrig
behavioral2/memory/2004-143-0x00007FF744310000-0x00007FF744706000-memory.dmp	xmrig
behavioral2/memory/760-141-0x00007FF6DED50000-0x00007FF6DF146000-memory.dmp	xmrig
behavioral2/files/0x000700000002326e-139.dat	xmrig
behavioral2/files/0x000700000002326d-138.dat	xmrig
behavioral2/memory/5024-135-0x00007FF6640B0000-0x00007FF6644A6000-memory.dmp	xmrig
behavioral2/files/0x000700000002326e-134.dat	xmrig
behavioral2/memory/3992-131-0x00007FF7B7000000-0x00007FF7B73F6000-memory.dmp	xmrig
behavioral2/files/0x000700000002326d-130.dat	xmrig
behavioral2/files/0x000700000002326c-129.dat	xmrig
behavioral2/files/0x000700000002326b-122.dat	xmrig
behavioral2/memory/1204-118-0x00007FF71C220000-0x00007FF71C616000-memory.dmp	xmrig
behavioral2/files/0x000700000002326a-115.dat	xmrig
behavioral2/files/0x000700000002326a-113.dat	xmrig
behavioral2/memory/2296-112-0x00007FF60E2C0000-0x00007FF60E6B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023268-104.dat	xmrig
behavioral2/files/0x0007000000023264-103.dat	xmrig
behavioral2/files/0x0007000000023269-99.dat	xmrig
behavioral2/files/0x0007000000023266-97.dat	xmrig
behavioral2/memory/4480-96-0x00007FF7632B0000-0x00007FF7636A6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023268-95.dat	xmrig
behavioral2/memory/2992-91-0x00007FF635D90000-0x00007FF636186000-memory.dmp	xmrig
behavioral2/files/0x0007000000023264-88.dat	xmrig
behavioral2/files/0x0007000000023267-87.dat	xmrig
behavioral2/memory/1444-83-0x00007FF7E9040000-0x00007FF7E9436000-memory.dmp	xmrig
behavioral2/files/0x0007000000023265-82.dat	xmrig
behavioral2/files/0x0007000000023263-74.dat	xmrig
behavioral2/files/0x0007000000023263-73.dat	xmrig
behavioral2/memory/4408-72-0x00007FF7DF3F0000-0x00007FF7DF7E6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023262-68.dat	xmrig
behavioral2/files/0x0007000000023262-66.dat	xmrig
behavioral2/files/0x0007000000023261-64.dat	xmrig
behavioral2/files/0x0007000000023261-70.dat	xmrig
behavioral2/memory/4636-56-0x00007FF7D8F80000-0x00007FF7D9376000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
12	4696	powershell.exe
27	4696	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3852	vSrHpsV.exe
1188	ceNeZdy.exe
5044	ykTNeNP.exe
2024	qUpsXBV.exe
4636	LtGoMbP.exe
924	LvVKODD.exe
4408	JeSHGpE.exe
1444	JMPRdyj.exe
2992	OgNoNuS.exe
1204	DDvzrzK.exe
4480	EEGtbvX.exe
452	khZCNlV.exe
3208	LaKKiwB.exe
2296	obpsMSe.exe
3752	virLKgD.exe
4148	BeYBKXy.exe
3992	zwYJoVh.exe
5024	DlYYkMF.exe
5104	iIgkLBn.exe
820	oUfVPUh.exe
760	scMKfgW.exe
2004	RVeyLIa.exe
1484	FRqbwzz.exe
1488	ffbJIuj.exe
4768	mZLdrAD.exe
2336	EkWYzeF.exe
468	weauZmW.exe
4340	oByKtVZ.exe
4640	jisBLZy.exe
5048	ixJxAUQ.exe
1500	HWFGYtm.exe
4236	mzGqmBO.exe
4360	LGcwWgp.exe
2520	cmyttIb.exe
1688	whQeaOh.exe
3544	NwXRJnI.exe
2276	IObuMvG.exe
1360	ZypuxGq.exe
3312	PnAleKp.exe
5140	qNFyFoL.exe
5168	LVTBrTh.exe
5208	IlPWFJx.exe
5280	qRASwla.exe
5308	GzbREYY.exe
5264	XogheEk.exe
5352	owWkcWb.exe
5328	nPhaEIY.exe
5368	LujhiSC.exe
5408	SYOARRO.exe
5444	qpGybPZ.exe
5468	RufBfHI.exe
5488	aCAwtTy.exe
5532	WAjSfLF.exe
5568	xNzRJvl.exe
5628	gjNDdzD.exe
5656	CUhdwHa.exe
5680	eWHXgoS.exe
5704	dEHtJav.exe
5728	PhkfsxD.exe
5756	qOiJDMW.exe
5796	AgLAJLQ.exe
5824	AbMPfQJ.exe
5848	yYtQGhk.exe
5884	dnCJzOq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3156-0-0x00007FF641C80000-0x00007FF642076000-memory.dmp	upx
behavioral2/files/0x000400000002271f-5.dat	upx
behavioral2/files/0x000400000002271f-6.dat	upx
behavioral2/files/0x0008000000023257-18.dat	upx
behavioral2/files/0x0008000000023257-20.dat	upx
behavioral2/files/0x000900000002325a-19.dat	upx
behavioral2/memory/3852-25-0x00007FF6E6290000-0x00007FF6E6686000-memory.dmp	upx
behavioral2/memory/1188-26-0x00007FF64A030000-0x00007FF64A426000-memory.dmp	upx
behavioral2/files/0x000900000002325a-30.dat	upx
behavioral2/files/0x000900000002325a-29.dat	upx
behavioral2/memory/5044-32-0x00007FF6A7820000-0x00007FF6A7C16000-memory.dmp	upx
behavioral2/files/0x000800000002325b-35.dat	upx
behavioral2/files/0x000800000002325b-36.dat	upx
behavioral2/memory/2024-41-0x00007FF6F1C00000-0x00007FF6F1FF6000-memory.dmp	upx
behavioral2/files/0x000700000002325e-45.dat	upx
behavioral2/files/0x000700000002325e-48.dat	upx
behavioral2/files/0x0007000000023260-57.dat	upx
behavioral2/files/0x0007000000023260-61.dat	upx
behavioral2/files/0x0007000000023266-86.dat	upx
behavioral2/files/0x0007000000023265-92.dat	upx
behavioral2/files/0x0007000000023267-100.dat	upx
behavioral2/memory/3208-107-0x00007FF74DAA0000-0x00007FF74DE96000-memory.dmp	upx
behavioral2/files/0x0007000000023269-108.dat	upx
behavioral2/memory/3752-114-0x00007FF716620000-0x00007FF716A16000-memory.dmp	upx
behavioral2/memory/924-117-0x00007FF70CEE0000-0x00007FF70D2D6000-memory.dmp	upx
behavioral2/memory/452-119-0x00007FF68ACA0000-0x00007FF68B096000-memory.dmp	upx
behavioral2/memory/4148-123-0x00007FF6B7120000-0x00007FF6B7516000-memory.dmp	upx
behavioral2/files/0x000700000002326b-132.dat	upx
behavioral2/files/0x000700000002326c-136.dat	upx
behavioral2/memory/820-140-0x00007FF679250000-0x00007FF679646000-memory.dmp	upx
behavioral2/memory/5104-142-0x00007FF7A29C0000-0x00007FF7A2DB6000-memory.dmp	upx
behavioral2/memory/2004-143-0x00007FF744310000-0x00007FF744706000-memory.dmp	upx
behavioral2/memory/760-141-0x00007FF6DED50000-0x00007FF6DF146000-memory.dmp	upx
behavioral2/files/0x000700000002326e-139.dat	upx
behavioral2/files/0x000700000002326d-138.dat	upx
behavioral2/memory/5024-135-0x00007FF6640B0000-0x00007FF6644A6000-memory.dmp	upx
behavioral2/files/0x000700000002326e-134.dat	upx
behavioral2/memory/3992-131-0x00007FF7B7000000-0x00007FF7B73F6000-memory.dmp	upx
behavioral2/files/0x000700000002326d-130.dat	upx
behavioral2/files/0x000700000002326c-129.dat	upx
behavioral2/files/0x000700000002326b-122.dat	upx
behavioral2/memory/1204-118-0x00007FF71C220000-0x00007FF71C616000-memory.dmp	upx
behavioral2/files/0x000700000002326a-115.dat	upx
behavioral2/files/0x000700000002326a-113.dat	upx
behavioral2/memory/2296-112-0x00007FF60E2C0000-0x00007FF60E6B6000-memory.dmp	upx
behavioral2/files/0x0007000000023268-104.dat	upx
behavioral2/files/0x0007000000023264-103.dat	upx
behavioral2/files/0x0007000000023269-99.dat	upx
behavioral2/files/0x0007000000023266-97.dat	upx
behavioral2/memory/4480-96-0x00007FF7632B0000-0x00007FF7636A6000-memory.dmp	upx
behavioral2/files/0x0007000000023268-95.dat	upx
behavioral2/memory/2992-91-0x00007FF635D90000-0x00007FF636186000-memory.dmp	upx
behavioral2/files/0x0007000000023264-88.dat	upx
behavioral2/files/0x0007000000023267-87.dat	upx
behavioral2/memory/1444-83-0x00007FF7E9040000-0x00007FF7E9436000-memory.dmp	upx
behavioral2/files/0x0007000000023265-82.dat	upx
behavioral2/files/0x0007000000023263-74.dat	upx
behavioral2/files/0x0007000000023263-73.dat	upx
behavioral2/memory/4408-72-0x00007FF7DF3F0000-0x00007FF7DF7E6000-memory.dmp	upx
behavioral2/files/0x0007000000023262-68.dat	upx
behavioral2/files/0x0007000000023262-66.dat	upx
behavioral2/files/0x0007000000023261-64.dat	upx
behavioral2/files/0x0007000000023261-70.dat	upx
behavioral2/memory/4636-56-0x00007FF7D8F80000-0x00007FF7D9376000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
10	raw.githubusercontent.com
12	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HLQomYu.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\SAnQigt.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\lURpwUk.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\JJBIlmk.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\tbdryzD.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\chLTTLv.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\fjuOSEb.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\sZPPoSd.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\NyreYYQ.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\rgtFTUY.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\iHkxDZK.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\JQVlJJm.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\SZLbPUK.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\QDxlujs.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\uHEJyhb.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\gPqIWam.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\hhFhkXA.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\ehQuOfT.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\fZzCJRt.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\ugLKLKG.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\WlaGVzI.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\qEWfHnC.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\LGcwWgp.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\gvKyOek.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\gKRvATV.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\xmJdjHd.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\UjHGLBm.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\oxAHnAb.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\KhZVwSi.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\foaYWWr.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\TkJvLwr.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\ZtMkKRu.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\sWoaeCn.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\pcqCFvV.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\TyfkIok.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\zLFMQRH.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\EkWYzeF.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\XFybtno.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\ReYrMap.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\zntgqIP.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\shRttCx.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\DWTTfSQ.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\YWLanGI.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\dWyZyTG.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\eQKLRSE.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\WrwQyWr.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\PQzyoKz.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\LHRtBxT.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\ZcrVTYH.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\pabVNsW.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\YviqdlX.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\bnRpKMn.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\BlFomaU.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\lrAkBJj.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\CWGUgRD.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\rGICJvS.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\aBfYvNb.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\lczjNWX.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\WtTSdNx.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\SpLpmxq.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\zwNQLMj.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\CiiKeqr.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\mWyrKSL.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
File created	C:\Windows\System\wmplozD.exe	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4696	powershell.exe
4696	powershell.exe
4696	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
Token: SeDebugPrivilege	4696	powershell.exe
Token: SeLockMemoryPrivilege	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 4696	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	95
PID 3156 wrote to memory of 4696	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	95
PID 3156 wrote to memory of 3852	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	96
PID 3156 wrote to memory of 3852	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	96
PID 3156 wrote to memory of 1188	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	97
PID 3156 wrote to memory of 1188	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	97
PID 3156 wrote to memory of 5044	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	98
PID 3156 wrote to memory of 5044	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	98
PID 3156 wrote to memory of 2024	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	99
PID 3156 wrote to memory of 2024	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	99
PID 3156 wrote to memory of 4636	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	100
PID 3156 wrote to memory of 4636	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	100
PID 3156 wrote to memory of 924	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	102
PID 3156 wrote to memory of 924	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	102
PID 3156 wrote to memory of 4408	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	103
PID 3156 wrote to memory of 4408	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	103
PID 3156 wrote to memory of 1444	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	104
PID 3156 wrote to memory of 1444	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	104
PID 3156 wrote to memory of 2992	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	105
PID 3156 wrote to memory of 2992	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	105
PID 3156 wrote to memory of 1204	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	106
PID 3156 wrote to memory of 1204	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	106
PID 3156 wrote to memory of 4480	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	107
PID 3156 wrote to memory of 4480	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	107
PID 3156 wrote to memory of 3752	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	108
PID 3156 wrote to memory of 3752	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	108
PID 3156 wrote to memory of 452	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	109
PID 3156 wrote to memory of 452	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	109
PID 3156 wrote to memory of 3208	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	110
PID 3156 wrote to memory of 3208	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	110
PID 3156 wrote to memory of 2296	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	111
PID 3156 wrote to memory of 2296	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	111
PID 3156 wrote to memory of 4148	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	112
PID 3156 wrote to memory of 4148	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	112
PID 3156 wrote to memory of 3992	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	113
PID 3156 wrote to memory of 3992	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	113
PID 3156 wrote to memory of 5024	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	114
PID 3156 wrote to memory of 5024	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	114
PID 3156 wrote to memory of 5104	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	115
PID 3156 wrote to memory of 5104	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	115
PID 3156 wrote to memory of 820	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	116
PID 3156 wrote to memory of 820	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	116
PID 3156 wrote to memory of 760	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	117
PID 3156 wrote to memory of 760	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	117
PID 3156 wrote to memory of 2004	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	118
PID 3156 wrote to memory of 2004	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	118
PID 3156 wrote to memory of 1484	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	119
PID 3156 wrote to memory of 1484	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	119
PID 3156 wrote to memory of 1488	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	120
PID 3156 wrote to memory of 1488	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	120
PID 3156 wrote to memory of 4768	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	121
PID 3156 wrote to memory of 4768	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	121
PID 3156 wrote to memory of 2336	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	122
PID 3156 wrote to memory of 2336	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	122
PID 3156 wrote to memory of 468	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	123
PID 3156 wrote to memory of 468	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	123
PID 3156 wrote to memory of 4340	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	124
PID 3156 wrote to memory of 4340	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	124
PID 3156 wrote to memory of 4640	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	125
PID 3156 wrote to memory of 4640	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	125
PID 3156 wrote to memory of 5048	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	126
PID 3156 wrote to memory of 5048	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	126
PID 3156 wrote to memory of 1500	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	127
PID 3156 wrote to memory of 1500	3156	f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe	127

C:\Users\Admin\AppData\Local\Temp\f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
"C:\Users\Admin\AppData\Local\Temp\f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4696
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4696" "2948" "2904" "2952" "0" "0" "2956" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:4676
- C:\Windows\System\vSrHpsV.exe
  C:\Windows\System\vSrHpsV.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\ceNeZdy.exe
  C:\Windows\System\ceNeZdy.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\ykTNeNP.exe
  C:\Windows\System\ykTNeNP.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\qUpsXBV.exe
  C:\Windows\System\qUpsXBV.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\LtGoMbP.exe
  C:\Windows\System\LtGoMbP.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\LvVKODD.exe
  C:\Windows\System\LvVKODD.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\JeSHGpE.exe
  C:\Windows\System\JeSHGpE.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\JMPRdyj.exe
  C:\Windows\System\JMPRdyj.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\OgNoNuS.exe
  C:\Windows\System\OgNoNuS.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\DDvzrzK.exe
  C:\Windows\System\DDvzrzK.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\EEGtbvX.exe
  C:\Windows\System\EEGtbvX.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\virLKgD.exe
  C:\Windows\System\virLKgD.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\khZCNlV.exe
  C:\Windows\System\khZCNlV.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\LaKKiwB.exe
  C:\Windows\System\LaKKiwB.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\obpsMSe.exe
  C:\Windows\System\obpsMSe.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\BeYBKXy.exe
  C:\Windows\System\BeYBKXy.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\zwYJoVh.exe
  C:\Windows\System\zwYJoVh.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\DlYYkMF.exe
  C:\Windows\System\DlYYkMF.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\iIgkLBn.exe
  C:\Windows\System\iIgkLBn.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\oUfVPUh.exe
  C:\Windows\System\oUfVPUh.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\scMKfgW.exe
  C:\Windows\System\scMKfgW.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\RVeyLIa.exe
  C:\Windows\System\RVeyLIa.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\FRqbwzz.exe
  C:\Windows\System\FRqbwzz.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\ffbJIuj.exe
  C:\Windows\System\ffbJIuj.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\mZLdrAD.exe
  C:\Windows\System\mZLdrAD.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\EkWYzeF.exe
  C:\Windows\System\EkWYzeF.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\weauZmW.exe
  C:\Windows\System\weauZmW.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\oByKtVZ.exe
  C:\Windows\System\oByKtVZ.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\jisBLZy.exe
  C:\Windows\System\jisBLZy.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\ixJxAUQ.exe
  C:\Windows\System\ixJxAUQ.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\HWFGYtm.exe
  C:\Windows\System\HWFGYtm.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\mzGqmBO.exe
  C:\Windows\System\mzGqmBO.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\LGcwWgp.exe
  C:\Windows\System\LGcwWgp.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\cmyttIb.exe
  C:\Windows\System\cmyttIb.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\whQeaOh.exe
  C:\Windows\System\whQeaOh.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\NwXRJnI.exe
  C:\Windows\System\NwXRJnI.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\IObuMvG.exe
  C:\Windows\System\IObuMvG.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ZypuxGq.exe
  C:\Windows\System\ZypuxGq.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\PnAleKp.exe
  C:\Windows\System\PnAleKp.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\qNFyFoL.exe
  C:\Windows\System\qNFyFoL.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\LVTBrTh.exe
  C:\Windows\System\LVTBrTh.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\IlPWFJx.exe
  C:\Windows\System\IlPWFJx.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System\XogheEk.exe
  C:\Windows\System\XogheEk.exe
  2⤵
  - Executes dropped EXE
  PID:5264
- C:\Windows\System\qRASwla.exe
  C:\Windows\System\qRASwla.exe
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Windows\System\GzbREYY.exe
  C:\Windows\System\GzbREYY.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\nPhaEIY.exe
  C:\Windows\System\nPhaEIY.exe
  2⤵
  - Executes dropped EXE
  PID:5328
- C:\Windows\System\owWkcWb.exe
  C:\Windows\System\owWkcWb.exe
  2⤵
  - Executes dropped EXE
  PID:5352
- C:\Windows\System\LujhiSC.exe
  C:\Windows\System\LujhiSC.exe
  2⤵
  - Executes dropped EXE
  PID:5368
- C:\Windows\System\SYOARRO.exe
  C:\Windows\System\SYOARRO.exe
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\System\qpGybPZ.exe
  C:\Windows\System\qpGybPZ.exe
  2⤵
  - Executes dropped EXE
  PID:5444
- C:\Windows\System\RufBfHI.exe
  C:\Windows\System\RufBfHI.exe
  2⤵
  - Executes dropped EXE
  PID:5468
- C:\Windows\System\aCAwtTy.exe
  C:\Windows\System\aCAwtTy.exe
  2⤵
  - Executes dropped EXE
  PID:5488
- C:\Windows\System\WAjSfLF.exe
  C:\Windows\System\WAjSfLF.exe
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Windows\System\xNzRJvl.exe
  C:\Windows\System\xNzRJvl.exe
  2⤵
  - Executes dropped EXE
  PID:5568
- C:\Windows\System\gjNDdzD.exe
  C:\Windows\System\gjNDdzD.exe
  2⤵
  - Executes dropped EXE
  PID:5628
- C:\Windows\System\CUhdwHa.exe
  C:\Windows\System\CUhdwHa.exe
  2⤵
  - Executes dropped EXE
  PID:5656
- C:\Windows\System\eWHXgoS.exe
  C:\Windows\System\eWHXgoS.exe
  2⤵
  - Executes dropped EXE
  PID:5680
- C:\Windows\System\dEHtJav.exe
  C:\Windows\System\dEHtJav.exe
  2⤵
  - Executes dropped EXE
  PID:5704
- C:\Windows\System\PhkfsxD.exe
  C:\Windows\System\PhkfsxD.exe
  2⤵
  - Executes dropped EXE
  PID:5728
- C:\Windows\System\qOiJDMW.exe
  C:\Windows\System\qOiJDMW.exe
  2⤵
  - Executes dropped EXE
  PID:5756
- C:\Windows\System\AgLAJLQ.exe
  C:\Windows\System\AgLAJLQ.exe
  2⤵
  - Executes dropped EXE
  PID:5796
- C:\Windows\System\AbMPfQJ.exe
  C:\Windows\System\AbMPfQJ.exe
  2⤵
  - Executes dropped EXE
  PID:5824
- C:\Windows\System\yYtQGhk.exe
  C:\Windows\System\yYtQGhk.exe
  2⤵
  - Executes dropped EXE
  PID:5848
- C:\Windows\System\dnCJzOq.exe
  C:\Windows\System\dnCJzOq.exe
  2⤵
  - Executes dropped EXE
  PID:5884
- C:\Windows\System\Fwdquwa.exe
  C:\Windows\System\Fwdquwa.exe
  2⤵
  PID:5924
- C:\Windows\System\zXGYTzX.exe
  C:\Windows\System\zXGYTzX.exe
  2⤵
  PID:5944
- C:\Windows\System\eDOSJnR.exe
  C:\Windows\System\eDOSJnR.exe
  2⤵
  PID:5968
- C:\Windows\System\mOGexWw.exe
  C:\Windows\System\mOGexWw.exe
  2⤵
  PID:5992
- C:\Windows\System\KGtCqdq.exe
  C:\Windows\System\KGtCqdq.exe
  2⤵
  PID:6032
- C:\Windows\System\hUSnzFO.exe
  C:\Windows\System\hUSnzFO.exe
  2⤵
  PID:6060
- C:\Windows\System\GCSTIRX.exe
  C:\Windows\System\GCSTIRX.exe
  2⤵
  PID:6076
- C:\Windows\System\vdycHTT.exe
  C:\Windows\System\vdycHTT.exe
  2⤵
  PID:6092
- C:\Windows\System\ynrzpHe.exe
  C:\Windows\System\ynrzpHe.exe
  2⤵
  PID:2380
- C:\Windows\System\JlOWUEP.exe
  C:\Windows\System\JlOWUEP.exe
  2⤵
  PID:700
- C:\Windows\System\YMOnzUz.exe
  C:\Windows\System\YMOnzUz.exe
  2⤵
  PID:5248
- C:\Windows\System\WhJgItK.exe
  C:\Windows\System\WhJgItK.exe
  2⤵
  PID:5396
- C:\Windows\System\itfrKaF.exe
  C:\Windows\System\itfrKaF.exe
  2⤵
  PID:5988
- C:\Windows\System\aoyLGyl.exe
  C:\Windows\System\aoyLGyl.exe
  2⤵
  PID:6044
- C:\Windows\System\caTXoQY.exe
  C:\Windows\System\caTXoQY.exe
  2⤵
  PID:6072
- C:\Windows\System\lVsGWVi.exe
  C:\Windows\System\lVsGWVi.exe
  2⤵
  PID:5752
- C:\Windows\System\IJIBFDd.exe
  C:\Windows\System\IJIBFDd.exe
  2⤵
  PID:2856
- C:\Windows\System\RAsRaad.exe
  C:\Windows\System\RAsRaad.exe
  2⤵
  PID:2344
- C:\Windows\System\osNXBZm.exe
  C:\Windows\System\osNXBZm.exe
  2⤵
  PID:4940
- C:\Windows\System\gbwJDgG.exe
  C:\Windows\System\gbwJDgG.exe
  2⤵
  PID:4468
- C:\Windows\System\TuRTgSP.exe
  C:\Windows\System\TuRTgSP.exe
  2⤵
  PID:5692
- C:\Windows\System\aqQVYAj.exe
  C:\Windows\System\aqQVYAj.exe
  2⤵
  PID:5700
- C:\Windows\System\RBWJXax.exe
  C:\Windows\System\RBWJXax.exe
  2⤵
  PID:5724
- C:\Windows\System\YuNYKTO.exe
  C:\Windows\System\YuNYKTO.exe
  2⤵
  PID:5624
- C:\Windows\System\PMcwvQm.exe
  C:\Windows\System\PMcwvQm.exe
  2⤵
  PID:5476
- C:\Windows\System\HFpclxK.exe
  C:\Windows\System\HFpclxK.exe
  2⤵
  PID:5204
- C:\Windows\System\xZhteIu.exe
  C:\Windows\System\xZhteIu.exe
  2⤵
  PID:5132
- C:\Windows\System\TTMiYVQ.exe
  C:\Windows\System\TTMiYVQ.exe
  2⤵
  PID:3084
- C:\Windows\System\pYNbkaK.exe
  C:\Windows\System\pYNbkaK.exe
  2⤵
  PID:5940
- C:\Windows\System\qjPQUYQ.exe
  C:\Windows\System\qjPQUYQ.exe
  2⤵
  PID:5004
- C:\Windows\System\PkFGbRI.exe
  C:\Windows\System\PkFGbRI.exe
  2⤵
  PID:6068
- C:\Windows\System\ZOEqlec.exe
  C:\Windows\System\ZOEqlec.exe
  2⤵
  PID:5232
- C:\Windows\System\ZkQUYmR.exe
  C:\Windows\System\ZkQUYmR.exe
  2⤵
  PID:5108
- C:\Windows\System\ctuVthk.exe
  C:\Windows\System\ctuVthk.exe
  2⤵
  PID:2304
- C:\Windows\System\WenRjGr.exe
  C:\Windows\System\WenRjGr.exe
  2⤵
  PID:5604
- C:\Windows\System\UOynISH.exe
  C:\Windows\System\UOynISH.exe
  2⤵
  PID:4336
- C:\Windows\System\micLauQ.exe
  C:\Windows\System\micLauQ.exe
  2⤵
  PID:5904
- C:\Windows\System\TYExgVk.exe
  C:\Windows\System\TYExgVk.exe
  2⤵
  PID:5124
- C:\Windows\System\JNAwkRJ.exe
  C:\Windows\System\JNAwkRJ.exe
  2⤵
  PID:6152
- C:\Windows\System\JYbTtXz.exe
  C:\Windows\System\JYbTtXz.exe
  2⤵
  PID:6200
- C:\Windows\System\VTpXeAV.exe
  C:\Windows\System\VTpXeAV.exe
  2⤵
  PID:6220
- C:\Windows\System\RDfZOMF.exe
  C:\Windows\System\RDfZOMF.exe
  2⤵
  PID:6240
- C:\Windows\System\WrwQyWr.exe
  C:\Windows\System\WrwQyWr.exe
  2⤵
  PID:6264
- C:\Windows\System\jOHSBdy.exe
  C:\Windows\System\jOHSBdy.exe
  2⤵
  PID:6292
- C:\Windows\System\NspVXnZ.exe
  C:\Windows\System\NspVXnZ.exe
  2⤵
  PID:6316
- C:\Windows\System\wcVtyuN.exe
  C:\Windows\System\wcVtyuN.exe
  2⤵
  PID:6372
- C:\Windows\System\EXvoAKt.exe
  C:\Windows\System\EXvoAKt.exe
  2⤵
  PID:6432
- C:\Windows\System\WthzigI.exe
  C:\Windows\System\WthzigI.exe
  2⤵
  PID:6492
- C:\Windows\System\PuICqhJ.exe
  C:\Windows\System\PuICqhJ.exe
  2⤵
  PID:6516
- C:\Windows\System\FCNmOvF.exe
  C:\Windows\System\FCNmOvF.exe
  2⤵
  PID:6572
- C:\Windows\System\QXKWDBQ.exe
  C:\Windows\System\QXKWDBQ.exe
  2⤵
  PID:6624
- C:\Windows\System\WtTSdNx.exe
  C:\Windows\System\WtTSdNx.exe
  2⤵
  PID:6652
- C:\Windows\System\fRarYRg.exe
  C:\Windows\System\fRarYRg.exe
  2⤵
  PID:6672
- C:\Windows\System\yfhMLEJ.exe
  C:\Windows\System\yfhMLEJ.exe
  2⤵
  PID:6696
- C:\Windows\System\KhZVwSi.exe
  C:\Windows\System\KhZVwSi.exe
  2⤵
  PID:6716
- C:\Windows\System\FYaiIaZ.exe
  C:\Windows\System\FYaiIaZ.exe
  2⤵
  PID:6744
- C:\Windows\System\IwpwnoC.exe
  C:\Windows\System\IwpwnoC.exe
  2⤵
  PID:6768
- C:\Windows\System\SpLpmxq.exe
  C:\Windows\System\SpLpmxq.exe
  2⤵
  PID:6788
- C:\Windows\System\eLRXdYx.exe
  C:\Windows\System\eLRXdYx.exe
  2⤵
  PID:6808
- C:\Windows\System\LUQkYve.exe
  C:\Windows\System\LUQkYve.exe
  2⤵
  PID:6836
- C:\Windows\System\fnjHQrr.exe
  C:\Windows\System\fnjHQrr.exe
  2⤵
  PID:6856
- C:\Windows\System\QoPtCAe.exe
  C:\Windows\System\QoPtCAe.exe
  2⤵
  PID:6872
- C:\Windows\System\hqPJmrV.exe
  C:\Windows\System\hqPJmrV.exe
  2⤵
  PID:6916
- C:\Windows\System\KWCyeIX.exe
  C:\Windows\System\KWCyeIX.exe
  2⤵
  PID:6980
- C:\Windows\System\HaIftkq.exe
  C:\Windows\System\HaIftkq.exe
  2⤵
  PID:7008
- C:\Windows\System\AMZhpGk.exe
  C:\Windows\System\AMZhpGk.exe
  2⤵
  PID:7084
- C:\Windows\System\EOhbZZk.exe
  C:\Windows\System\EOhbZZk.exe
  2⤵
  PID:7108
- C:\Windows\System\lQwVpCi.exe
  C:\Windows\System\lQwVpCi.exe
  2⤵
  PID:7124
- C:\Windows\System\MyETjNG.exe
  C:\Windows\System\MyETjNG.exe
  2⤵
  PID:7156
- C:\Windows\System\fnrrHDw.exe
  C:\Windows\System\fnrrHDw.exe
  2⤵
  PID:5428
- C:\Windows\System\KODphZA.exe
  C:\Windows\System\KODphZA.exe
  2⤵
  PID:1420
- C:\Windows\System\jpcWNhL.exe
  C:\Windows\System\jpcWNhL.exe
  2⤵
  PID:5316
- C:\Windows\System\DTdFuDc.exe
  C:\Windows\System\DTdFuDc.exe
  2⤵
  PID:6196
- C:\Windows\System\kKTNkrl.exe
  C:\Windows\System\kKTNkrl.exe
  2⤵
  PID:6228
- C:\Windows\System\anYefGH.exe
  C:\Windows\System\anYefGH.exe
  2⤵
  PID:6344
- C:\Windows\System\pAYPQBz.exe
  C:\Windows\System\pAYPQBz.exe
  2⤵
  PID:6276
- C:\Windows\System\TYgJDgy.exe
  C:\Windows\System\TYgJDgy.exe
  2⤵
  PID:6488
- C:\Windows\System\hzmquHU.exe
  C:\Windows\System\hzmquHU.exe
  2⤵
  PID:6444
- C:\Windows\System\wWCLxWC.exe
  C:\Windows\System\wWCLxWC.exe
  2⤵
  PID:5520
- C:\Windows\System\HLQomYu.exe
  C:\Windows\System\HLQomYu.exe
  2⤵
  PID:6756
- C:\Windows\System\lLkcUtQ.exe
  C:\Windows\System\lLkcUtQ.exe
  2⤵
  PID:6800
- C:\Windows\System\OTGnrRV.exe
  C:\Windows\System\OTGnrRV.exe
  2⤵
  PID:6828
- C:\Windows\System\QioWiaW.exe
  C:\Windows\System\QioWiaW.exe
  2⤵
  PID:6864
- C:\Windows\System\UbGEIEg.exe
  C:\Windows\System\UbGEIEg.exe
  2⤵
  PID:7024
- C:\Windows\System\ObdDYxR.exe
  C:\Windows\System\ObdDYxR.exe
  2⤵
  PID:6972
- C:\Windows\System\mIkyzHr.exe
  C:\Windows\System\mIkyzHr.exe
  2⤵
  PID:7132
- C:\Windows\System\dhSWkPC.exe
  C:\Windows\System\dhSWkPC.exe
  2⤵
  PID:4924
- C:\Windows\System\IjpiYBO.exe
  C:\Windows\System\IjpiYBO.exe
  2⤵
  PID:1172
- C:\Windows\System\zoNgBnT.exe
  C:\Windows\System\zoNgBnT.exe
  2⤵
  PID:5340
- C:\Windows\System\uxuECFr.exe
  C:\Windows\System\uxuECFr.exe
  2⤵
  PID:6340
- C:\Windows\System\XKXczjD.exe
  C:\Windows\System\XKXczjD.exe
  2⤵
  PID:4128
- C:\Windows\System\CfOLknl.exe
  C:\Windows\System\CfOLknl.exe
  2⤵
  PID:6796
- C:\Windows\System\ZJxJoEB.exe
  C:\Windows\System\ZJxJoEB.exe
  2⤵
  PID:6824
- C:\Windows\System\kOHGVsK.exe
  C:\Windows\System\kOHGVsK.exe
  2⤵
  PID:7064
- C:\Windows\System\SDawPVf.exe
  C:\Windows\System\SDawPVf.exe
  2⤵
  PID:2216
- C:\Windows\System\dJNDAlm.exe
  C:\Windows\System\dJNDAlm.exe
  2⤵
  PID:5452
- C:\Windows\System\jrVigPo.exe
  C:\Windows\System\jrVigPo.exe
  2⤵
  PID:6304
- C:\Windows\System\SIloYaG.exe
  C:\Windows\System\SIloYaG.exe
  2⤵
  PID:6660
- C:\Windows\System\IXFgZbq.exe
  C:\Windows\System\IXFgZbq.exe
  2⤵
  PID:5524
- C:\Windows\System\XFybtno.exe
  C:\Windows\System\XFybtno.exe
  2⤵
  PID:6956
- C:\Windows\System\bmodDei.exe
  C:\Windows\System\bmodDei.exe
  2⤵
  PID:1004
- C:\Windows\System\tkwlEMF.exe
  C:\Windows\System\tkwlEMF.exe
  2⤵
  PID:7188
- C:\Windows\System\rgtFTUY.exe
  C:\Windows\System\rgtFTUY.exe
  2⤵
  PID:7232
- C:\Windows\System\ypwHljw.exe
  C:\Windows\System\ypwHljw.exe
  2⤵
  PID:7256
- C:\Windows\System\rKMMewZ.exe
  C:\Windows\System\rKMMewZ.exe
  2⤵
  PID:7272
- C:\Windows\System\rsWsSjk.exe
  C:\Windows\System\rsWsSjk.exe
  2⤵
  PID:7292
- C:\Windows\System\XaMKhgx.exe
  C:\Windows\System\XaMKhgx.exe
  2⤵
  PID:7336
- C:\Windows\System\PoiAoVF.exe
  C:\Windows\System\PoiAoVF.exe
  2⤵
  PID:7380
- C:\Windows\System\TZZRtQi.exe
  C:\Windows\System\TZZRtQi.exe
  2⤵
  PID:7396
- C:\Windows\System\UhCTeaR.exe
  C:\Windows\System\UhCTeaR.exe
  2⤵
  PID:7436
- C:\Windows\System\cUsNCJK.exe
  C:\Windows\System\cUsNCJK.exe
  2⤵
  PID:7460
- C:\Windows\System\nLNZKMT.exe
  C:\Windows\System\nLNZKMT.exe
  2⤵
  PID:7480
- C:\Windows\System\TQHpdzC.exe
  C:\Windows\System\TQHpdzC.exe
  2⤵
  PID:7512
- C:\Windows\System\fOWJelF.exe
  C:\Windows\System\fOWJelF.exe
  2⤵
  PID:7536
- C:\Windows\System\cTxMSow.exe
  C:\Windows\System\cTxMSow.exe
  2⤵
  PID:7552
- C:\Windows\System\eqnRYOP.exe
  C:\Windows\System\eqnRYOP.exe
  2⤵
  PID:7568
- C:\Windows\System\hqroAMJ.exe
  C:\Windows\System\hqroAMJ.exe
  2⤵
  PID:7628
- C:\Windows\System\OhCKzFZ.exe
  C:\Windows\System\OhCKzFZ.exe
  2⤵
  PID:7692
- C:\Windows\System\rVRQTfI.exe
  C:\Windows\System\rVRQTfI.exe
  2⤵
  PID:7712
- C:\Windows\System\RHmWPjd.exe
  C:\Windows\System\RHmWPjd.exe
  2⤵
  PID:7744
- C:\Windows\System\OnqbUWV.exe
  C:\Windows\System\OnqbUWV.exe
  2⤵
  PID:7764
- C:\Windows\System\EYCOHeW.exe
  C:\Windows\System\EYCOHeW.exe
  2⤵
  PID:7784
- C:\Windows\System\LEompPE.exe
  C:\Windows\System\LEompPE.exe
  2⤵
  PID:7828
- C:\Windows\System\rOyJDVY.exe
  C:\Windows\System\rOyJDVY.exe
  2⤵
  PID:7872
- C:\Windows\System\QuebubH.exe
  C:\Windows\System\QuebubH.exe
  2⤵
  PID:7908
- C:\Windows\System\ZWTCmMe.exe
  C:\Windows\System\ZWTCmMe.exe
  2⤵
  PID:7932
- C:\Windows\System\oGSYTYU.exe
  C:\Windows\System\oGSYTYU.exe
  2⤵
  PID:7972
- C:\Windows\System\tQofFjb.exe
  C:\Windows\System\tQofFjb.exe
  2⤵
  PID:7988
- C:\Windows\System\hWfCWjI.exe
  C:\Windows\System\hWfCWjI.exe
  2⤵
  PID:8008
- C:\Windows\System\ycHSKey.exe
  C:\Windows\System\ycHSKey.exe
  2⤵
  PID:8024
- C:\Windows\System\zQagfRz.exe
  C:\Windows\System\zQagfRz.exe
  2⤵
  PID:8048
- C:\Windows\System\XwGeflz.exe
  C:\Windows\System\XwGeflz.exe
  2⤵
  PID:8096
- C:\Windows\System\fxstNOG.exe
  C:\Windows\System\fxstNOG.exe
  2⤵
  PID:8120
- C:\Windows\System\QfhUwvf.exe
  C:\Windows\System\QfhUwvf.exe
  2⤵
  PID:8140
- C:\Windows\System\pEwZzHs.exe
  C:\Windows\System\pEwZzHs.exe
  2⤵
  PID:8164
- C:\Windows\System\lAcNGrk.exe
  C:\Windows\System\lAcNGrk.exe
  2⤵
  PID:8180
- C:\Windows\System\ucYZBuA.exe
  C:\Windows\System\ucYZBuA.exe
  2⤵
  PID:7104
- C:\Windows\System\dTbEkfb.exe
  C:\Windows\System\dTbEkfb.exe
  2⤵
  PID:7224
- C:\Windows\System\pZcESxU.exe
  C:\Windows\System\pZcESxU.exe
  2⤵
  PID:7280
- C:\Windows\System\fZzMJIU.exe
  C:\Windows\System\fZzMJIU.exe
  2⤵
  PID:7408
- C:\Windows\System\xPgnvrH.exe
  C:\Windows\System\xPgnvrH.exe
  2⤵
  PID:7004
- C:\Windows\System\TjPDVDd.exe
  C:\Windows\System\TjPDVDd.exe
  2⤵
  PID:4076
- C:\Windows\System\AbVWfDp.exe
  C:\Windows\System\AbVWfDp.exe
  2⤵
  PID:7524
- C:\Windows\System\ykJqiMz.exe
  C:\Windows\System\ykJqiMz.exe
  2⤵
  PID:7584
- C:\Windows\System\OSeVkBl.exe
  C:\Windows\System\OSeVkBl.exe
  2⤵
  PID:7612
- C:\Windows\System\QNOAptu.exe
  C:\Windows\System\QNOAptu.exe
  2⤵
  PID:7640
- C:\Windows\System\ocaijAG.exe
  C:\Windows\System\ocaijAG.exe
  2⤵
  PID:7756
- C:\Windows\System\EIglbzi.exe
  C:\Windows\System\EIglbzi.exe
  2⤵
  PID:7852
- C:\Windows\System\oXMoYtY.exe
  C:\Windows\System\oXMoYtY.exe
  2⤵
  PID:7820
- C:\Windows\System\iHkxDZK.exe
  C:\Windows\System\iHkxDZK.exe
  2⤵
  PID:7920
- C:\Windows\System\hzWMaAl.exe
  C:\Windows\System\hzWMaAl.exe
  2⤵
  PID:7956
- C:\Windows\System\pkcFWcC.exe
  C:\Windows\System\pkcFWcC.exe
  2⤵
  PID:8000
- C:\Windows\System\KmLWNZI.exe
  C:\Windows\System\KmLWNZI.exe
  2⤵
  PID:8004
- C:\Windows\System\IcmlzCK.exe
  C:\Windows\System\IcmlzCK.exe
  2⤵
  PID:8072
- C:\Windows\System\DjHEDYQ.exe
  C:\Windows\System\DjHEDYQ.exe
  2⤵
  PID:8156
- C:\Windows\System\osIvKNJ.exe
  C:\Windows\System\osIvKNJ.exe
  2⤵
  PID:6928
- C:\Windows\System\XxHHtku.exe
  C:\Windows\System\XxHHtku.exe
  2⤵
  PID:7452
- C:\Windows\System\rfXtQju.exe
  C:\Windows\System\rfXtQju.exe
  2⤵
  PID:7980
- C:\Windows\System\gXjwJMW.exe
  C:\Windows\System\gXjwJMW.exe
  2⤵
  PID:7996
- C:\Windows\System\LvYYbod.exe
  C:\Windows\System\LvYYbod.exe
  2⤵
  PID:7984
- C:\Windows\System\IkyTqHu.exe
  C:\Windows\System\IkyTqHu.exe
  2⤵
  PID:8112
- C:\Windows\System\llzAncA.exe
  C:\Windows\System\llzAncA.exe
  2⤵
  PID:2464
- C:\Windows\System\xelrRym.exe
  C:\Windows\System\xelrRym.exe
  2⤵
  PID:7736
- C:\Windows\System\FqTWPLk.exe
  C:\Windows\System\FqTWPLk.exe
  2⤵
  PID:7468
- C:\Windows\System\xxmDUHs.exe
  C:\Windows\System\xxmDUHs.exe
  2⤵
  PID:2984
- C:\Windows\System\KMQEqrM.exe
  C:\Windows\System\KMQEqrM.exe
  2⤵
  PID:5720
- C:\Windows\System\ltTMMex.exe
  C:\Windows\System\ltTMMex.exe
  2⤵
  PID:7456
- C:\Windows\System\IqYkZNl.exe
  C:\Windows\System\IqYkZNl.exe
  2⤵
  PID:4688
- C:\Windows\System\ldPTYDm.exe
  C:\Windows\System\ldPTYDm.exe
  2⤵
  PID:8224
- C:\Windows\System\nsvYSDF.exe
  C:\Windows\System\nsvYSDF.exe
  2⤵
  PID:8240
- C:\Windows\System\NTKFAMZ.exe
  C:\Windows\System\NTKFAMZ.exe
  2⤵
  PID:8264
- C:\Windows\System\HPNwgQr.exe
  C:\Windows\System\HPNwgQr.exe
  2⤵
  PID:8288
- C:\Windows\System\qlYhYNz.exe
  C:\Windows\System\qlYhYNz.exe
  2⤵
  PID:8312
- C:\Windows\System\RcvDXqD.exe
  C:\Windows\System\RcvDXqD.exe
  2⤵
  PID:8328
- C:\Windows\System\EOxNBkh.exe
  C:\Windows\System\EOxNBkh.exe
  2⤵
  PID:8372
- C:\Windows\System\lHgTSNO.exe
  C:\Windows\System\lHgTSNO.exe
  2⤵
  PID:8400
- C:\Windows\System\cEHLudr.exe
  C:\Windows\System\cEHLudr.exe
  2⤵
  PID:8424
- C:\Windows\System\FimBwvL.exe
  C:\Windows\System\FimBwvL.exe
  2⤵
  PID:8440
- C:\Windows\System\WGihxhs.exe
  C:\Windows\System\WGihxhs.exe
  2⤵
  PID:8460
- C:\Windows\System\BLwffek.exe
  C:\Windows\System\BLwffek.exe
  2⤵
  PID:8484
- C:\Windows\System\eFbcwJW.exe
  C:\Windows\System\eFbcwJW.exe
  2⤵
  PID:8508
- C:\Windows\System\idRCsNf.exe
  C:\Windows\System\idRCsNf.exe
  2⤵
  PID:8548
- C:\Windows\System\ZZGOokV.exe
  C:\Windows\System\ZZGOokV.exe
  2⤵
  PID:8568
- C:\Windows\System\reYfjUF.exe
  C:\Windows\System\reYfjUF.exe
  2⤵
  PID:8592
- C:\Windows\System\bnRpKMn.exe
  C:\Windows\System\bnRpKMn.exe
  2⤵
  PID:8636
- C:\Windows\System\tbXaoEH.exe
  C:\Windows\System\tbXaoEH.exe
  2⤵
  PID:8652
- C:\Windows\System\qgNaRQo.exe
  C:\Windows\System\qgNaRQo.exe
  2⤵
  PID:8684
- C:\Windows\System\bWZEELt.exe
  C:\Windows\System\bWZEELt.exe
  2⤵
  PID:8756
- C:\Windows\System\eQnQYZg.exe
  C:\Windows\System\eQnQYZg.exe
  2⤵
  PID:8776
- C:\Windows\System\BljEvWY.exe
  C:\Windows\System\BljEvWY.exe
  2⤵
  PID:8816
- C:\Windows\System\rXqdKMO.exe
  C:\Windows\System\rXqdKMO.exe
  2⤵
  PID:8840
- C:\Windows\System\imZMjjd.exe
  C:\Windows\System\imZMjjd.exe
  2⤵
  PID:8904
- C:\Windows\System\WbaggEl.exe
  C:\Windows\System\WbaggEl.exe
  2⤵
  PID:8992
- C:\Windows\System\vfQAznA.exe
  C:\Windows\System\vfQAznA.exe
  2⤵
  PID:9008
- C:\Windows\System\ZFCGSij.exe
  C:\Windows\System\ZFCGSij.exe
  2⤵
  PID:9120
- C:\Windows\System\VxwGKvn.exe
  C:\Windows\System\VxwGKvn.exe
  2⤵
  PID:9136
- C:\Windows\System\EEoLSwY.exe
  C:\Windows\System\EEoLSwY.exe
  2⤵
  PID:9156
- C:\Windows\System\lsQQeju.exe
  C:\Windows\System\lsQQeju.exe
  2⤵
  PID:9172
- C:\Windows\System\xbCLTcq.exe
  C:\Windows\System\xbCLTcq.exe
  2⤵
  PID:9196
- C:\Windows\System\MevcoPi.exe
  C:\Windows\System\MevcoPi.exe
  2⤵
  PID:9212
- C:\Windows\System\umMzmdj.exe
  C:\Windows\System\umMzmdj.exe
  2⤵
  PID:712
- C:\Windows\System\YXKnvoi.exe
  C:\Windows\System\YXKnvoi.exe
  2⤵
  PID:8236
- C:\Windows\System\CyEDJNm.exe
  C:\Windows\System\CyEDJNm.exe
  2⤵
  PID:8348
- C:\Windows\System\JnzskKf.exe
  C:\Windows\System\JnzskKf.exe
  2⤵
  PID:8388
- C:\Windows\System\BYqxXbJ.exe
  C:\Windows\System\BYqxXbJ.exe
  2⤵
  PID:8420
- C:\Windows\System\ZkoyhzA.exe
  C:\Windows\System\ZkoyhzA.exe
  2⤵
  PID:8396
- C:\Windows\System\UZNzvvk.exe
  C:\Windows\System\UZNzvvk.exe
  2⤵
  PID:8480
- C:\Windows\System\vIGUaVs.exe
  C:\Windows\System\vIGUaVs.exe
  2⤵
  PID:8620
- C:\Windows\System\iCPMRpF.exe
  C:\Windows\System\iCPMRpF.exe
  2⤵
  PID:8728
- C:\Windows\System\HxCeZbk.exe
  C:\Windows\System\HxCeZbk.exe
  2⤵
  PID:640
- C:\Windows\System\zEKVjjb.exe
  C:\Windows\System\zEKVjjb.exe
  2⤵
  PID:8812
- C:\Windows\System\TrjQYVq.exe
  C:\Windows\System\TrjQYVq.exe
  2⤵
  PID:8808
- C:\Windows\System\jaJxkKP.exe
  C:\Windows\System\jaJxkKP.exe
  2⤵
  PID:8896
- C:\Windows\System\ubhSRPv.exe
  C:\Windows\System\ubhSRPv.exe
  2⤵
  PID:8852
- C:\Windows\System\MGfJedv.exe
  C:\Windows\System\MGfJedv.exe
  2⤵
  PID:2924
- C:\Windows\System\zwNQLMj.exe
  C:\Windows\System\zwNQLMj.exe
  2⤵
  PID:5080
- C:\Windows\System\OBOTSGO.exe
  C:\Windows\System\OBOTSGO.exe
  2⤵
  PID:8980
- C:\Windows\System\HSkRfkF.exe
  C:\Windows\System\HSkRfkF.exe
  2⤵
  PID:9016
- C:\Windows\System\kTqMiJC.exe
  C:\Windows\System\kTqMiJC.exe
  2⤵
  PID:8260
- C:\Windows\System\FarZqKQ.exe
  C:\Windows\System\FarZqKQ.exe
  2⤵
  PID:9092
- C:\Windows\System\KBwVVQr.exe
  C:\Windows\System\KBwVVQr.exe
  2⤵
  PID:2888
- C:\Windows\System\xoDjIte.exe
  C:\Windows\System\xoDjIte.exe
  2⤵
  PID:6608
- C:\Windows\System\PxyDxJz.exe
  C:\Windows\System\PxyDxJz.exe
  2⤵
  PID:8212
- C:\Windows\System\qkiFZNx.exe
  C:\Windows\System\qkiFZNx.exe
  2⤵
  PID:8252
- C:\Windows\System\dxERhvC.exe
  C:\Windows\System\dxERhvC.exe
  2⤵
  PID:8344
- C:\Windows\System\KFjzeMP.exe
  C:\Windows\System\KFjzeMP.exe
  2⤵
  PID:8304
- C:\Windows\System\nwITiNS.exe
  C:\Windows\System\nwITiNS.exe
  2⤵
  PID:6644
- C:\Windows\System\LDsaXjb.exe
  C:\Windows\System\LDsaXjb.exe
  2⤵
  PID:8764
- C:\Windows\System\oyzRlaA.exe
  C:\Windows\System\oyzRlaA.exe
  2⤵
  PID:8720
- C:\Windows\System\GCREhMy.exe
  C:\Windows\System\GCREhMy.exe
  2⤵
  PID:8948
- C:\Windows\System\eytlHXQ.exe
  C:\Windows\System\eytlHXQ.exe
  2⤵
  PID:8988
- C:\Windows\System\siqNIbD.exe
  C:\Windows\System\siqNIbD.exe
  2⤵
  PID:3288
- C:\Windows\System\GCLAAZn.exe
  C:\Windows\System\GCLAAZn.exe
  2⤵
  PID:9204
- C:\Windows\System\MDLPhlO.exe
  C:\Windows\System\MDLPhlO.exe
  2⤵
  PID:8448
- C:\Windows\System\BwSLTJh.exe
  C:\Windows\System\BwSLTJh.exe
  2⤵
  PID:4916
- C:\Windows\System\DoOjGJb.exe
  C:\Windows\System\DoOjGJb.exe
  2⤵
  PID:9036
- C:\Windows\System\eYdtCcd.exe
  C:\Windows\System\eYdtCcd.exe
  2⤵
  PID:8888
- C:\Windows\System\oQQKyZY.exe
  C:\Windows\System\oQQKyZY.exe
  2⤵
  PID:8200
- C:\Windows\System\PwkDCpH.exe
  C:\Windows\System\PwkDCpH.exe
  2⤵
  PID:3504
- C:\Windows\System\ZLKVJqW.exe
  C:\Windows\System\ZLKVJqW.exe
  2⤵
  PID:4516
- C:\Windows\System\kZbfpjC.exe
  C:\Windows\System\kZbfpjC.exe
  2⤵
  PID:9144
- C:\Windows\System\OQhwHjp.exe
  C:\Windows\System\OQhwHjp.exe
  2⤵
  PID:4856
- C:\Windows\System\ZJmSnTy.exe
  C:\Windows\System\ZJmSnTy.exe
  2⤵
  PID:9224
- C:\Windows\System\wCFDdKP.exe
  C:\Windows\System\wCFDdKP.exe
  2⤵
  PID:9248
- C:\Windows\System\sIWlUTP.exe
  C:\Windows\System\sIWlUTP.exe
  2⤵
  PID:9268
- C:\Windows\System\WOoZDAz.exe
  C:\Windows\System\WOoZDAz.exe
  2⤵
  PID:9336
- C:\Windows\System\eLLejrs.exe
  C:\Windows\System\eLLejrs.exe
  2⤵
  PID:9356
- C:\Windows\System\WbFsCbn.exe
  C:\Windows\System\WbFsCbn.exe
  2⤵
  PID:9380
- C:\Windows\System\FgcsmZf.exe
  C:\Windows\System\FgcsmZf.exe
  2⤵
  PID:9404
- C:\Windows\System\SlyOoac.exe
  C:\Windows\System\SlyOoac.exe
  2⤵
  PID:9428
- C:\Windows\System\uwexkfI.exe
  C:\Windows\System\uwexkfI.exe
  2⤵
  PID:9472
- C:\Windows\System\DmQRGfd.exe
  C:\Windows\System\DmQRGfd.exe
  2⤵
  PID:9492
- C:\Windows\System\SAnQigt.exe
  C:\Windows\System\SAnQigt.exe
  2⤵
  PID:9512
- C:\Windows\System\hlUdTMo.exe
  C:\Windows\System\hlUdTMo.exe
  2⤵
  PID:9548
- C:\Windows\System\xRiNSIC.exe
  C:\Windows\System\xRiNSIC.exe
  2⤵
  PID:9572
- C:\Windows\System\MvxlhEL.exe
  C:\Windows\System\MvxlhEL.exe
  2⤵
  PID:9588
- C:\Windows\System\TJjbYtp.exe
  C:\Windows\System\TJjbYtp.exe
  2⤵
  PID:9612
- C:\Windows\System\kxPmnlo.exe
  C:\Windows\System\kxPmnlo.exe
  2⤵
  PID:9644
- C:\Windows\System\vNsXUgD.exe
  C:\Windows\System\vNsXUgD.exe
  2⤵
  PID:9668
- C:\Windows\System\DfMnrQw.exe
  C:\Windows\System\DfMnrQw.exe
  2⤵
  PID:9684
- C:\Windows\System\WdehOmx.exe
  C:\Windows\System\WdehOmx.exe
  2⤵
  PID:9708
- C:\Windows\System\mWrabpD.exe
  C:\Windows\System\mWrabpD.exe
  2⤵
  PID:9732
- C:\Windows\System\zjVrwdj.exe
  C:\Windows\System\zjVrwdj.exe
  2⤵
  PID:9796
- C:\Windows\System\NYpTowk.exe
  C:\Windows\System\NYpTowk.exe
  2⤵
  PID:9848
- C:\Windows\System\ReYrMap.exe
  C:\Windows\System\ReYrMap.exe
  2⤵
  PID:9904
- C:\Windows\System\cJDrzSR.exe
  C:\Windows\System\cJDrzSR.exe
  2⤵
  PID:9952
- C:\Windows\System\NyeCnap.exe
  C:\Windows\System\NyeCnap.exe
  2⤵
  PID:9980
- C:\Windows\System\mKkiRMs.exe
  C:\Windows\System\mKkiRMs.exe
  2⤵
  PID:9996
- C:\Windows\System\aVKQbAA.exe
  C:\Windows\System\aVKQbAA.exe
  2⤵
  PID:10024
- C:\Windows\System\HjrvrVX.exe
  C:\Windows\System\HjrvrVX.exe
  2⤵
  PID:10044
- C:\Windows\System\rIdetON.exe
  C:\Windows\System\rIdetON.exe
  2⤵
  PID:10068
- C:\Windows\System\OAxSdQH.exe
  C:\Windows\System\OAxSdQH.exe
  2⤵
  PID:10092
- C:\Windows\System\FPGlkTv.exe
  C:\Windows\System\FPGlkTv.exe
  2⤵
  PID:10132
- C:\Windows\System\ZtMkKRu.exe
  C:\Windows\System\ZtMkKRu.exe
  2⤵
  PID:10156
- C:\Windows\System\HIJobEh.exe
  C:\Windows\System\HIJobEh.exe
  2⤵
  PID:10172
- C:\Windows\System\ZGKliWY.exe
  C:\Windows\System\ZGKliWY.exe
  2⤵
  PID:10200
- C:\Windows\System\ocpmUML.exe
  C:\Windows\System\ocpmUML.exe
  2⤵
  PID:10220
- C:\Windows\System\mEaWZTL.exe
  C:\Windows\System\mEaWZTL.exe
  2⤵
  PID:8680
- C:\Windows\System\uXdAYYg.exe
  C:\Windows\System\uXdAYYg.exe
  2⤵
  PID:9284
- C:\Windows\System\TDGzDJg.exe
  C:\Windows\System\TDGzDJg.exe
  2⤵
  PID:9316
- C:\Windows\System\BwBBArs.exe
  C:\Windows\System\BwBBArs.exe
  2⤵
  PID:9396
- C:\Windows\System\rohhPHU.exe
  C:\Windows\System\rohhPHU.exe
  2⤵
  PID:9328
- C:\Windows\System\GuNJSWf.exe
  C:\Windows\System\GuNJSWf.exe
  2⤵
  PID:9264
- C:\Windows\System\hglFhmx.exe
  C:\Windows\System\hglFhmx.exe
  2⤵
  PID:9420
- C:\Windows\System\WrbUoec.exe
  C:\Windows\System\WrbUoec.exe
  2⤵
  PID:9500
- C:\Windows\System\ekreKGb.exe
  C:\Windows\System\ekreKGb.exe
  2⤵
  PID:9580
- C:\Windows\System\YmxdTBc.exe
  C:\Windows\System\YmxdTBc.exe
  2⤵
  PID:9724
- C:\Windows\System\pREKlyQ.exe
  C:\Windows\System\pREKlyQ.exe
  2⤵
  PID:9768
- C:\Windows\System\ofvwnXk.exe
  C:\Windows\System\ofvwnXk.exe
  2⤵
  PID:9804
- C:\Windows\System\frkokSe.exe
  C:\Windows\System\frkokSe.exe
  2⤵
  PID:9840
- C:\Windows\System\tvBonDK.exe
  C:\Windows\System\tvBonDK.exe
  2⤵
  PID:9564
- C:\Windows\System\YzoqpMq.exe
  C:\Windows\System\YzoqpMq.exe
  2⤵
  PID:10164
- C:\Windows\System\QYfwaCN.exe
  C:\Windows\System\QYfwaCN.exe
  2⤵
  PID:10212
- C:\Windows\System\DXrfoyt.exe
  C:\Windows\System\DXrfoyt.exe
  2⤵
  PID:10192
- C:\Windows\System\qXZcVxD.exe
  C:\Windows\System\qXZcVxD.exe
  2⤵
  PID:3976
- C:\Windows\System\nlyikQS.exe
  C:\Windows\System\nlyikQS.exe
  2⤵
  PID:10196
- C:\Windows\System\IuKOXpv.exe
  C:\Windows\System\IuKOXpv.exe
  2⤵
  PID:9632
- C:\Windows\System\aSBDRxt.exe
  C:\Windows\System\aSBDRxt.exe
  2⤵
  PID:9832
- C:\Windows\System\ShGqmxq.exe
  C:\Windows\System\ShGqmxq.exe
  2⤵
  PID:3712
- C:\Windows\System\xORKiKl.exe
  C:\Windows\System\xORKiKl.exe
  2⤵
  PID:9664
- C:\Windows\System\cqsnRqw.exe
  C:\Windows\System\cqsnRqw.exe
  2⤵
  PID:9880
- C:\Windows\System\AtENOrr.exe
  C:\Windows\System\AtENOrr.exe
  2⤵
  PID:3648
- C:\Windows\System\KrSDfQu.exe
  C:\Windows\System\KrSDfQu.exe
  2⤵
  PID:4008
- C:\Windows\System\vNgdInW.exe
  C:\Windows\System\vNgdInW.exe
  2⤵
  PID:876
- C:\Windows\System\ZNPVeqv.exe
  C:\Windows\System\ZNPVeqv.exe
  2⤵
  PID:4116
- C:\Windows\System\lfDocIt.exe
  C:\Windows\System\lfDocIt.exe
  2⤵
  PID:9696
- C:\Windows\System\ZxxhiuX.exe
  C:\Windows\System\ZxxhiuX.exe
  2⤵
  PID:9720
- C:\Windows\System\lZPQxzz.exe
  C:\Windows\System\lZPQxzz.exe
  2⤵
  PID:4388
- C:\Windows\System\bweSEjq.exe
  C:\Windows\System\bweSEjq.exe
  2⤵
  PID:10236
- C:\Windows\System\fNakXtl.exe
  C:\Windows\System\fNakXtl.exe
  2⤵
  PID:9872
- C:\Windows\System\RgfkrRK.exe
  C:\Windows\System\RgfkrRK.exe
  2⤵
  PID:9976
- C:\Windows\System\JlKKwCT.exe
  C:\Windows\System\JlKKwCT.exe
  2⤵
  PID:9916
- C:\Windows\System\SAZQFjv.exe
  C:\Windows\System\SAZQFjv.exe
  2⤵
  PID:5588
- C:\Windows\System\hhFhkXA.exe
  C:\Windows\System\hhFhkXA.exe
  2⤵
  PID:5600
- C:\Windows\System\qHxoLaL.exe
  C:\Windows\System\qHxoLaL.exe
  2⤵
  PID:2432
- C:\Windows\System\WqlLCRm.exe
  C:\Windows\System\WqlLCRm.exe
  2⤵
  PID:5440
- C:\Windows\System\uiMoACG.exe
  C:\Windows\System\uiMoACG.exe
  2⤵
  PID:5512
- C:\Windows\System\cDqdTBe.exe
  C:\Windows\System\cDqdTBe.exe
  2⤵
  PID:9932
- C:\Windows\System\iiyqcZF.exe
  C:\Windows\System\iiyqcZF.exe
  2⤵
  PID:5620
- C:\Windows\System\lrAkBJj.exe
  C:\Windows\System\lrAkBJj.exe
  2⤵
  PID:5500
- C:\Windows\System\aQZEALd.exe
  C:\Windows\System\aQZEALd.exe
  2⤵
  PID:5392
- C:\Windows\System\YpykysF.exe
  C:\Windows\System\YpykysF.exe
  2⤵
  PID:10248
- C:\Windows\System\qFpWQOb.exe
  C:\Windows\System\qFpWQOb.exe
  2⤵
  PID:10272
- C:\Windows\System\wbqLqQU.exe
  C:\Windows\System\wbqLqQU.exe
  2⤵
  PID:10288
- C:\Windows\System\WAiessC.exe
  C:\Windows\System\WAiessC.exe
  2⤵
  PID:10336
- C:\Windows\System\BjcNIRj.exe
  C:\Windows\System\BjcNIRj.exe
  2⤵
  PID:10360
- C:\Windows\System\zntgqIP.exe
  C:\Windows\System\zntgqIP.exe
  2⤵
  PID:10384
- C:\Windows\System\HrxIUsl.exe
  C:\Windows\System\HrxIUsl.exe
  2⤵
  PID:10400
- C:\Windows\System\iIqyVhd.exe
  C:\Windows\System\iIqyVhd.exe
  2⤵
  PID:10448
- C:\Windows\System\lQcQXQv.exe
  C:\Windows\System\lQcQXQv.exe
  2⤵
  PID:10468
- C:\Windows\System\EGQtTKB.exe
  C:\Windows\System\EGQtTKB.exe
  2⤵
  PID:10496
- C:\Windows\System\JxbMIol.exe
  C:\Windows\System\JxbMIol.exe
  2⤵
  PID:10520
- C:\Windows\System\qbsyCOO.exe
  C:\Windows\System\qbsyCOO.exe
  2⤵
  PID:10564
- C:\Windows\System\paSEZOl.exe
  C:\Windows\System\paSEZOl.exe
  2⤵
  PID:10588
- C:\Windows\System\tBwdMUG.exe
  C:\Windows\System\tBwdMUG.exe
  2⤵
  PID:10608
- C:\Windows\System\bxhBdLl.exe
  C:\Windows\System\bxhBdLl.exe
  2⤵
  PID:10668
- C:\Windows\System\VwyOADW.exe
  C:\Windows\System\VwyOADW.exe
  2⤵
  PID:10688
- C:\Windows\System\cZTFWMo.exe
  C:\Windows\System\cZTFWMo.exe
  2⤵
  PID:10708
- C:\Windows\System\VqeuRdZ.exe
  C:\Windows\System\VqeuRdZ.exe
  2⤵
  PID:10728
- C:\Windows\System\xNMgNRE.exe
  C:\Windows\System\xNMgNRE.exe
  2⤵
  PID:10784
- C:\Windows\System\oIMtUbD.exe
  C:\Windows\System\oIMtUbD.exe
  2⤵
  PID:10848
- C:\Windows\System\xBNVWGA.exe
  C:\Windows\System\xBNVWGA.exe
  2⤵
  PID:10868
- C:\Windows\System\PQzyoKz.exe
  C:\Windows\System\PQzyoKz.exe
  2⤵
  PID:10892
- C:\Windows\System\pnWIbQq.exe
  C:\Windows\System\pnWIbQq.exe
  2⤵
  PID:10956
- C:\Windows\System\YdROPsS.exe
  C:\Windows\System\YdROPsS.exe
  2⤵
  PID:10984
- C:\Windows\System\zsBDGdL.exe
  C:\Windows\System\zsBDGdL.exe
  2⤵
  PID:11016
- C:\Windows\System\MqmiIcR.exe
  C:\Windows\System\MqmiIcR.exe
  2⤵
  PID:11036
- C:\Windows\System\GlDvNdj.exe
  C:\Windows\System\GlDvNdj.exe
  2⤵
  PID:11052
- C:\Windows\System\flTKHXt.exe
  C:\Windows\System\flTKHXt.exe
  2⤵
  PID:11104
- C:\Windows\System\xHQaHSN.exe
  C:\Windows\System\xHQaHSN.exe
  2⤵
  PID:11140
- C:\Windows\System\OJQLaQu.exe
  C:\Windows\System\OJQLaQu.exe
  2⤵
  PID:11200
- C:\Windows\System\lURpwUk.exe
  C:\Windows\System\lURpwUk.exe
  2⤵
  PID:11248
- C:\Windows\System\trqfQaj.exe
  C:\Windows\System\trqfQaj.exe
  2⤵
  PID:5200
- C:\Windows\System\JhtzuwR.exe
  C:\Windows\System\JhtzuwR.exe
  2⤵
  PID:5792
- C:\Windows\System\JQVlJJm.exe
  C:\Windows\System\JQVlJJm.exe
  2⤵
  PID:5864
- C:\Windows\System\vLtRhww.exe
  C:\Windows\System\vLtRhww.exe
  2⤵
  PID:10316
- C:\Windows\System\XtwHjbR.exe
  C:\Windows\System\XtwHjbR.exe
  2⤵
  PID:10328
- C:\Windows\System\sYQivWv.exe
  C:\Windows\System\sYQivWv.exe
  2⤵
  PID:10392
- C:\Windows\System\FyZrXGc.exe
  C:\Windows\System\FyZrXGc.exe
  2⤵
  PID:9236
- C:\Windows\System\JDJSyAR.exe
  C:\Windows\System\JDJSyAR.exe
  2⤵
  PID:10432
- C:\Windows\System\WwqnoAp.exe
  C:\Windows\System\WwqnoAp.exe
  2⤵
  PID:6000
- C:\Windows\System\shRttCx.exe
  C:\Windows\System\shRttCx.exe
  2⤵
  PID:10584
- C:\Windows\System\yiawjsO.exe
  C:\Windows\System\yiawjsO.exe
  2⤵
  PID:10684
- C:\Windows\System\KehivlH.exe
  C:\Windows\System\KehivlH.exe
  2⤵
  PID:10576
- C:\Windows\System\wSBAVNk.exe
  C:\Windows\System\wSBAVNk.exe
  2⤵
  PID:6008
- C:\Windows\System\TdPrWMq.exe
  C:\Windows\System\TdPrWMq.exe
  2⤵
  PID:1988
- C:\Windows\System\WFNplmD.exe
  C:\Windows\System\WFNplmD.exe
  2⤵
  PID:10808
- C:\Windows\System\uDOXecS.exe
  C:\Windows\System\uDOXecS.exe
  2⤵
  PID:6388
- C:\Windows\System\nYaArUF.exe
  C:\Windows\System\nYaArUF.exe
  2⤵
  PID:5908
- C:\Windows\System\wIvYQdl.exe
  C:\Windows\System\wIvYQdl.exe
  2⤵
  PID:11048
- C:\Windows\System\UtIbLPv.exe
  C:\Windows\System\UtIbLPv.exe
  2⤵
  PID:5348
- C:\Windows\System\ObMKpCL.exe
  C:\Windows\System\ObMKpCL.exe
  2⤵
  PID:10948
- C:\Windows\System\VnJMaDN.exe
  C:\Windows\System\VnJMaDN.exe
  2⤵
  PID:5424
- C:\Windows\System\qZuvXQX.exe
  C:\Windows\System\qZuvXQX.exe
  2⤵
  PID:11088
- C:\Windows\System\hIWhYYc.exe
  C:\Windows\System\hIWhYYc.exe
  2⤵
  PID:11172
- C:\Windows\System\FWJyhDN.exe
  C:\Windows\System\FWJyhDN.exe
  2⤵
  PID:5236
- C:\Windows\System\oqRtdwo.exe
  C:\Windows\System\oqRtdwo.exe
  2⤵
  PID:7880
- C:\Windows\System\bPqyiAf.exe
  C:\Windows\System\bPqyiAf.exe
  2⤵
  PID:6500
- C:\Windows\System\bTeoOSj.exe
  C:\Windows\System\bTeoOSj.exe
  2⤵
  PID:5376
- C:\Windows\System\PcAglOH.exe
  C:\Windows\System\PcAglOH.exe
  2⤵
  PID:3968
- C:\Windows\System\NoKfvwp.exe
  C:\Windows\System\NoKfvwp.exe
  2⤵
  PID:5768
- C:\Windows\System\XwGhujG.exe
  C:\Windows\System\XwGhujG.exe
  2⤵
  PID:10380
- C:\Windows\System\WfHestj.exe
  C:\Windows\System\WfHestj.exe
  2⤵
  PID:5872
- C:\Windows\System\hwbebZJ.exe
  C:\Windows\System\hwbebZJ.exe
  2⤵
  PID:10464
- C:\Windows\System\QJjJHkF.exe
  C:\Windows\System\QJjJHkF.exe
  2⤵
  PID:5184
- C:\Windows\System\ihFUcwb.exe
  C:\Windows\System\ihFUcwb.exe
  2⤵
  PID:10720
- C:\Windows\System\tSvonxh.exe
  C:\Windows\System\tSvonxh.exe
  2⤵
  PID:4652
- C:\Windows\System\ASRvpEl.exe
  C:\Windows\System\ASRvpEl.exe
  2⤵
  PID:11044
- C:\Windows\System\UtJjCog.exe
  C:\Windows\System\UtJjCog.exe
  2⤵
  PID:10920
- C:\Windows\System\slaLFxw.exe
  C:\Windows\System\slaLFxw.exe
  2⤵
  PID:11024
- C:\Windows\System\iQWnkgP.exe
  C:\Windows\System\iQWnkgP.exe
  2⤵
  PID:1720
- C:\Windows\System\FZJfdFa.exe
  C:\Windows\System\FZJfdFa.exe
  2⤵
  PID:11084
- C:\Windows\System\MShCKvP.exe
  C:\Windows\System\MShCKvP.exe
  2⤵
  PID:2360
- C:\Windows\System\rQXVEgM.exe
  C:\Windows\System\rQXVEgM.exe
  2⤵
  PID:11212
- C:\Windows\System\ytyktMW.exe
  C:\Windows\System\ytyktMW.exe
  2⤵
  PID:4884
- C:\Windows\System\GHnAUMp.exe
  C:\Windows\System\GHnAUMp.exe
  2⤵
  PID:11260
- C:\Windows\System\eyZQbUw.exe
  C:\Windows\System\eyZQbUw.exe
  2⤵
  PID:5336
- C:\Windows\System\xqMzIVf.exe
  C:\Windows\System\xqMzIVf.exe
  2⤵
  PID:10260
- C:\Windows\System\KvttoIg.exe
  C:\Windows\System\KvttoIg.exe
  2⤵
  PID:10488
- C:\Windows\System\oDrGBCU.exe
  C:\Windows\System\oDrGBCU.exe
  2⤵
  PID:10508
- C:\Windows\System\ANmHkES.exe
  C:\Windows\System\ANmHkES.exe
  2⤵
  PID:10556
- C:\Windows\System\GlDPuru.exe
  C:\Windows\System\GlDPuru.exe
  2⤵
  PID:10664
- C:\Windows\System\HbenPUT.exe
  C:\Windows\System\HbenPUT.exe
  2⤵
  PID:6180
- C:\Windows\System\pcqCFvV.exe
  C:\Windows\System\pcqCFvV.exe
  2⤵
  PID:4352
- C:\Windows\System\dDKhPAg.exe
  C:\Windows\System\dDKhPAg.exe
  2⤵
  PID:6040
- C:\Windows\System\YIitkvF.exe
  C:\Windows\System\YIitkvF.exe
  2⤵
  PID:10764
- C:\Windows\System\VjXcjmT.exe
  C:\Windows\System\VjXcjmT.exe
  2⤵
  PID:5912
- C:\Windows\System\hscFIKp.exe
  C:\Windows\System\hscFIKp.exe
  2⤵
  PID:10804
- C:\Windows\System\CLZHuig.exe
  C:\Windows\System\CLZHuig.exe
  2⤵
  PID:10812
- C:\Windows\System\rAGqVDn.exe
  C:\Windows\System\rAGqVDn.exe
  2⤵
  PID:6288
- C:\Windows\System\LeUDnkg.exe
  C:\Windows\System\LeUDnkg.exe
  2⤵
  PID:6312
- C:\Windows\System\TxGISxa.exe
  C:\Windows\System\TxGISxa.exe
  2⤵
  PID:11032
- C:\Windows\System\DVuasvX.exe
  C:\Windows\System\DVuasvX.exe
  2⤵
  PID:6392
- C:\Windows\System\aELSxVF.exe
  C:\Windows\System\aELSxVF.exe
  2⤵
  PID:11028
- C:\Windows\System\rGievJe.exe
  C:\Windows\System\rGievJe.exe
  2⤵
  PID:6468
- C:\Windows\System\SjLSJoT.exe
  C:\Windows\System\SjLSJoT.exe
  2⤵
  PID:6416
- C:\Windows\System\XGyZTit.exe
  C:\Windows\System\XGyZTit.exe
  2⤵
  PID:6460
- C:\Windows\System\QheXmtO.exe
  C:\Windows\System\QheXmtO.exe
  2⤵
  PID:5808
- C:\Windows\System\whGyiJd.exe
  C:\Windows\System\whGyiJd.exe
  2⤵
  PID:1136
- C:\Windows\System\tbdryzD.exe
  C:\Windows\System\tbdryzD.exe
  2⤵
  PID:6884
- C:\Windows\System\bKFPUUH.exe
  C:\Windows\System\bKFPUUH.exe
  2⤵
  PID:5652
- C:\Windows\System\LFVPSwA.exe
  C:\Windows\System\LFVPSwA.exe
  2⤵
  PID:7048
- C:\Windows\System\debemeQ.exe
  C:\Windows\System\debemeQ.exe
  2⤵
  PID:5836
- C:\Windows\System\deoZSbl.exe
  C:\Windows\System\deoZSbl.exe
  2⤵
  PID:6552
- C:\Windows\System\PhbvxOu.exe
  C:\Windows\System\PhbvxOu.exe
  2⤵
  PID:6604
- C:\Windows\System\QFSzGeE.exe
  C:\Windows\System\QFSzGeE.exe
  2⤵
  PID:6680
- C:\Windows\System\cWkyPUO.exe
  C:\Windows\System\cWkyPUO.exe
  2⤵
  PID:4204
- C:\Windows\System\bfikcoO.exe
  C:\Windows\System\bfikcoO.exe
  2⤵
  PID:7028
- C:\Windows\System\ASdiZTn.exe
  C:\Windows\System\ASdiZTn.exe
  2⤵
  PID:11228
- C:\Windows\System\sDhloHG.exe
  C:\Windows\System\sDhloHG.exe
  2⤵
  PID:5220
- C:\Windows\System\rcflddR.exe
  C:\Windows\System\rcflddR.exe
  2⤵
  PID:10376
- C:\Windows\System\BESTdEO.exe
  C:\Windows\System\BESTdEO.exe
  2⤵
  PID:10456
- C:\Windows\System\BaebBTf.exe
  C:\Windows\System\BaebBTf.exe
  2⤵
  PID:5276
- C:\Windows\System\MVcgHBj.exe
  C:\Windows\System\MVcgHBj.exe
  2⤵
  PID:7092
- C:\Windows\System\gvKyOek.exe
  C:\Windows\System\gvKyOek.exe
  2⤵
  PID:5648
- C:\Windows\System\bVyqdXg.exe
  C:\Windows\System\bVyqdXg.exe
  2⤵
  PID:4820
- C:\Windows\System\jbJWSws.exe
  C:\Windows\System\jbJWSws.exe
  2⤵
  PID:4296
- C:\Windows\System\TdbxLvB.exe
  C:\Windows\System\TdbxLvB.exe
  2⤵
  PID:6364
- C:\Windows\System\kNtNMdZ.exe
  C:\Windows\System\kNtNMdZ.exe
  2⤵
  PID:6396
- C:\Windows\System\hIkArfV.exe
  C:\Windows\System\hIkArfV.exe
  2⤵
  PID:6540
- C:\Windows\System\NZDbfln.exe
  C:\Windows\System\NZDbfln.exe
  2⤵
  PID:6620
- C:\Windows\System\EYFkBlM.exe
  C:\Windows\System\EYFkBlM.exe
  2⤵
  PID:6668
- C:\Windows\System\ACYBONi.exe
  C:\Windows\System\ACYBONi.exe
  2⤵
  PID:5816
- C:\Windows\System\liRCMpL.exe
  C:\Windows\System\liRCMpL.exe
  2⤵
  PID:6336
- C:\Windows\System\fcSHLkt.exe
  C:\Windows\System\fcSHLkt.exe
  2⤵
  PID:6584
- C:\Windows\System\HCdRllx.exe
  C:\Windows\System\HCdRllx.exe
  2⤵
  PID:7072
- C:\Windows\System\ebcElkT.exe
  C:\Windows\System\ebcElkT.exe
  2⤵
  PID:10940
- C:\Windows\System\hSNmkZU.exe
  C:\Windows\System\hSNmkZU.exe
  2⤵
  PID:7036
- C:\Windows\System\CWGUgRD.exe
  C:\Windows\System\CWGUgRD.exe
  2⤵
  PID:6992
- C:\Windows\System\DuBPSYJ.exe
  C:\Windows\System\DuBPSYJ.exe
  2⤵
  PID:6752
- C:\Windows\System\oQMPOTE.exe
  C:\Windows\System\oQMPOTE.exe
  2⤵
  PID:6976
- C:\Windows\System\gKRvATV.exe
  C:\Windows\System\gKRvATV.exe
  2⤵
  PID:7080
- C:\Windows\System\PMAzAra.exe
  C:\Windows\System\PMAzAra.exe
  2⤵
  PID:6440
- C:\Windows\System\roaMszA.exe
  C:\Windows\System\roaMszA.exe
  2⤵
  PID:11244
- C:\Windows\System\VuGixoR.exe
  C:\Windows\System\VuGixoR.exe
  2⤵
  PID:6640
- C:\Windows\System\gbcosuG.exe
  C:\Windows\System\gbcosuG.exe
  2⤵
  PID:6740
- C:\Windows\System\ZcrVTYH.exe
  C:\Windows\System\ZcrVTYH.exe
  2⤵
  PID:10536
- C:\Windows\System\KsvKCgz.exe
  C:\Windows\System\KsvKCgz.exe
  2⤵
  PID:7144
- C:\Windows\System\lzPEXzK.exe
  C:\Windows\System\lzPEXzK.exe
  2⤵
  PID:10616
- C:\Windows\System\RxHLpye.exe
  C:\Windows\System\RxHLpye.exe
  2⤵
  PID:3564
- C:\Windows\System\SxfcAEn.exe
  C:\Windows\System\SxfcAEn.exe
  2⤵
  PID:10516
- C:\Windows\System\QDxlujs.exe
  C:\Windows\System\QDxlujs.exe
  2⤵
  PID:6880
- C:\Windows\System\uOUWUOF.exe
  C:\Windows\System\uOUWUOF.exe
  2⤵
  PID:8504
- C:\Windows\System\OcGWYfs.exe
  C:\Windows\System\OcGWYfs.exe
  2⤵
  PID:6324
- C:\Windows\System\VTGvJpZ.exe
  C:\Windows\System\VTGvJpZ.exe
  2⤵
  PID:5160
- C:\Windows\System\hASwnzo.exe
  C:\Windows\System\hASwnzo.exe
  2⤵
  PID:6452
- C:\Windows\System\pkahtlK.exe
  C:\Windows\System\pkahtlK.exe
  2⤵
  PID:7316
- C:\Windows\System\RrcghLU.exe
  C:\Windows\System\RrcghLU.exe
  2⤵
  PID:7208
- C:\Windows\System\kBexhdo.exe
  C:\Windows\System\kBexhdo.exe
  2⤵
  PID:7420
- C:\Windows\System\RKgyizJ.exe
  C:\Windows\System\RKgyizJ.exe
  2⤵
  PID:4220
- C:\Windows\System\TGPZjic.exe
  C:\Windows\System\TGPZjic.exe
  2⤵
  PID:6280
- C:\Windows\System\XFzJeXy.exe
  C:\Windows\System\XFzJeXy.exe
  2⤵
  PID:7656
- C:\Windows\System\BZDuORV.exe
  C:\Windows\System\BZDuORV.exe
  2⤵
  PID:7636
- C:\Windows\System\NGueqUH.exe
  C:\Windows\System\NGueqUH.exe
  2⤵
  PID:7348
- C:\Windows\System\CIiwVDi.exe
  C:\Windows\System\CIiwVDi.exe
  2⤵
  PID:7588
- C:\Windows\System\ickQPXp.exe
  C:\Windows\System\ickQPXp.exe
  2⤵
  PID:5320
- C:\Windows\System\yKpZhor.exe
  C:\Windows\System\yKpZhor.exe
  2⤵
  PID:7728
- C:\Windows\System\sNYcSNj.exe
  C:\Windows\System\sNYcSNj.exe
  2⤵
  PID:5288
- C:\Windows\System\WMaRndB.exe
  C:\Windows\System\WMaRndB.exe
  2⤵
  PID:6348
- C:\Windows\System\CuNIqNT.exe
  C:\Windows\System\CuNIqNT.exe
  2⤵
  PID:7848
- C:\Windows\System\uHEJyhb.exe
  C:\Windows\System\uHEJyhb.exe
  2⤵
  PID:5812
- C:\Windows\System\onujHDX.exe
  C:\Windows\System\onujHDX.exe
  2⤵
  PID:7964
- C:\Windows\System\WtQbhzW.exe
  C:\Windows\System\WtQbhzW.exe
  2⤵
  PID:6476
- C:\Windows\System\gBoWdBD.exe
  C:\Windows\System\gBoWdBD.exe
  2⤵
  PID:7968
- C:\Windows\System\YyVMVlU.exe
  C:\Windows\System\YyVMVlU.exe
  2⤵
  PID:7068
- C:\Windows\System\TdckIjF.exe
  C:\Windows\System\TdckIjF.exe
  2⤵
  PID:6948
- C:\Windows\System\mpETCAE.exe
  C:\Windows\System\mpETCAE.exe
  2⤵
  PID:2892
- C:\Windows\System\osRquwh.exe
  C:\Windows\System\osRquwh.exe
  2⤵
  PID:2528
- C:\Windows\System\ahvkaFl.exe
  C:\Windows\System\ahvkaFl.exe
  2⤵
  PID:8084
- C:\Windows\System\fsogVia.exe
  C:\Windows\System\fsogVia.exe
  2⤵
  PID:11000
- C:\Windows\System\tfdqOxz.exe
  C:\Windows\System\tfdqOxz.exe
  2⤵
  PID:11220
- C:\Windows\System\ABTkXTs.exe
  C:\Windows\System\ABTkXTs.exe
  2⤵
  PID:3104
- C:\Windows\System\xrqWofx.exe
  C:\Windows\System\xrqWofx.exe
  2⤵
  PID:10484
- C:\Windows\System\qDEduIi.exe
  C:\Windows\System\qDEduIi.exe
  2⤵
  PID:7140
- C:\Windows\System\jSppiwq.exe
  C:\Windows\System\jSppiwq.exe
  2⤵
  PID:6168
- C:\Windows\System\BuuwCbE.exe
  C:\Windows\System\BuuwCbE.exe
  2⤵
  PID:7164
- C:\Windows\System\coOXshn.exe
  C:\Windows\System\coOXshn.exe
  2⤵
  PID:7352
- C:\Windows\System\ehQuOfT.exe
  C:\Windows\System\ehQuOfT.exe
  2⤵
  PID:7204
- C:\Windows\System\Czorkqq.exe
  C:\Windows\System\Czorkqq.exe
  2⤵
  PID:7332
- C:\Windows\System\TWmneeS.exe
  C:\Windows\System\TWmneeS.exe
  2⤵
  PID:6612
- C:\Windows\System\MemPUCi.exe
  C:\Windows\System\MemPUCi.exe
  2⤵
  PID:6164
- C:\Windows\System\VneGfsV.exe
  C:\Windows\System\VneGfsV.exe
  2⤵
  PID:7708
- C:\Windows\System\AStLzPJ.exe
  C:\Windows\System\AStLzPJ.exe
  2⤵
  PID:6300
- C:\Windows\System\cMxwXES.exe
  C:\Windows\System\cMxwXES.exe
  2⤵
  PID:7700
- C:\Windows\System\TtCpbXX.exe
  C:\Windows\System\TtCpbXX.exe
  2⤵
  PID:7740
- C:\Windows\System\uFkQkuw.exe
  C:\Windows\System\uFkQkuw.exe
  2⤵
  PID:7364
- C:\Windows\System\VsOSFRY.exe
  C:\Windows\System\VsOSFRY.exe
  2⤵
  PID:7576
- C:\Windows\System\VViXMzP.exe
  C:\Windows\System\VViXMzP.exe
  2⤵
  PID:6188
- C:\Windows\System\LcElpAc.exe
  C:\Windows\System\LcElpAc.exe
  2⤵
  PID:7444
- C:\Windows\System\EOrZjFi.exe
  C:\Windows\System\EOrZjFi.exe
  2⤵
  PID:8092
- C:\Windows\System\yIqfiUt.exe
  C:\Windows\System\yIqfiUt.exe
  2⤵
  PID:7324
- C:\Windows\System\rGICJvS.exe
  C:\Windows\System\rGICJvS.exe
  2⤵
  PID:7944
- C:\Windows\System\LHFkZJG.exe
  C:\Windows\System\LHFkZJG.exe
  2⤵
  PID:8172
- C:\Windows\System\ZdVlSQX.exe
  C:\Windows\System\ZdVlSQX.exe
  2⤵
  PID:7896
- C:\Windows\System\qqAKecw.exe
  C:\Windows\System\qqAKecw.exe
  2⤵
  PID:7760
- C:\Windows\System\OLxcEdI.exe
  C:\Windows\System\OLxcEdI.exe
  2⤵
  PID:6408
- C:\Windows\System\ucIuMBk.exe
  C:\Windows\System\ucIuMBk.exe
  2⤵
  PID:7824
- C:\Windows\System\MUdiswZ.exe
  C:\Windows\System\MUdiswZ.exe
  2⤵
  PID:7560
- C:\Windows\System\NtwkBYm.exe
  C:\Windows\System\NtwkBYm.exe
  2⤵
  PID:6448
- C:\Windows\System\YUYURrm.exe
  C:\Windows\System\YUYURrm.exe
  2⤵
  PID:8040
- C:\Windows\System\wjElxuh.exe
  C:\Windows\System\wjElxuh.exe
  2⤵
  PID:6616
- C:\Windows\System\OSgzeUa.exe
  C:\Windows\System\OSgzeUa.exe
  2⤵
  PID:7916
- C:\Windows\System\vQIJttw.exe
  C:\Windows\System\vQIJttw.exe
  2⤵
  PID:2044
- C:\Windows\System\jnYjydd.exe
  C:\Windows\System\jnYjydd.exe
  2⤵
  PID:6848
- C:\Windows\System\rlPbEoZ.exe
  C:\Windows\System\rlPbEoZ.exe
  2⤵
  PID:6568
- C:\Windows\System\WNaDZSE.exe
  C:\Windows\System\WNaDZSE.exe
  2⤵
  PID:8136
- C:\Windows\System\PXypjRC.exe
  C:\Windows\System\PXypjRC.exe
  2⤵
  PID:8060
- C:\Windows\System\rjqxdwl.exe
  C:\Windows\System\rjqxdwl.exe
  2⤵
  PID:8064
- C:\Windows\System\WhVEHwZ.exe
  C:\Windows\System\WhVEHwZ.exe
  2⤵
  PID:11124
- C:\Windows\System\tRaYtwm.exe
  C:\Windows\System\tRaYtwm.exe
  2⤵
  PID:7060
- C:\Windows\System\GmaRQvT.exe
  C:\Windows\System\GmaRQvT.exe
  2⤵
  PID:10880
- C:\Windows\System\kalvmZh.exe
  C:\Windows\System\kalvmZh.exe
  2⤵
  PID:10724
- C:\Windows\System\EpjIyZQ.exe
  C:\Windows\System\EpjIyZQ.exe
  2⤵
  PID:6592
- C:\Windows\System\UBTvYYi.exe
  C:\Windows\System\UBTvYYi.exe
  2⤵
  PID:6160
- C:\Windows\System\lHooqmq.exe
  C:\Windows\System\lHooqmq.exe
  2⤵
  PID:7780
- C:\Windows\System\KRHtLFS.exe
  C:\Windows\System\KRHtLFS.exe
  2⤵
  PID:7800
- C:\Windows\System\XIYqLas.exe
  C:\Windows\System\XIYqLas.exe
  2⤵
  PID:6684
- C:\Windows\System\MbkWOJL.exe
  C:\Windows\System\MbkWOJL.exe
  2⤵
  PID:7884
- C:\Windows\System\ELQDLIQ.exe
  C:\Windows\System\ELQDLIQ.exe
  2⤵
  PID:7892
- C:\Windows\System\UnBmomF.exe
  C:\Windows\System\UnBmomF.exe
  2⤵
  PID:7548
- C:\Windows\System\KFabdNu.exe
  C:\Windows\System\KFabdNu.exe
  2⤵
  PID:8056
- C:\Windows\System\pLcDUMr.exe
  C:\Windows\System\pLcDUMr.exe
  2⤵
  PID:7368
- C:\Windows\System\mYoomhX.exe
  C:\Windows\System\mYoomhX.exe
  2⤵
  PID:5020
- C:\Windows\System\JfxoaNM.exe
  C:\Windows\System\JfxoaNM.exe
  2⤵
  PID:7448
- C:\Windows\System\IArihZH.exe
  C:\Windows\System\IArihZH.exe
  2⤵
  PID:7184
- C:\Windows\System\EMLPbJy.exe
  C:\Windows\System\EMLPbJy.exe
  2⤵
  PID:10900
- C:\Windows\System\btaMJem.exe
  C:\Windows\System\btaMJem.exe
  2⤵
  PID:7732
- C:\Windows\System\OQBVFig.exe
  C:\Windows\System\OQBVFig.exe
  2⤵
  PID:9608
- C:\Windows\System\Crqlxdj.exe
  C:\Windows\System\Crqlxdj.exe
  2⤵
  PID:3620
- C:\Windows\System\SFUHmBs.exe
  C:\Windows\System\SFUHmBs.exe
  2⤵
  PID:7496
- C:\Windows\System\keqOdGH.exe
  C:\Windows\System\keqOdGH.exe
  2⤵
  PID:5788
- C:\Windows\System\UYguIxM.exe
  C:\Windows\System\UYguIxM.exe
  2⤵
  PID:3668
- C:\Windows\System\NGqbUXK.exe
  C:\Windows\System\NGqbUXK.exe
  2⤵
  PID:7284
- C:\Windows\System\jNowKqd.exe
  C:\Windows\System\jNowKqd.exe
  2⤵
  PID:7432
- C:\Windows\System\cpuUTzt.exe
  C:\Windows\System\cpuUTzt.exe
  2⤵
  PID:8340
- C:\Windows\System\cAGxncg.exe
  C:\Windows\System\cAGxncg.exe
  2⤵
  PID:7840
- C:\Windows\System\uPVcJnb.exe
  C:\Windows\System\uPVcJnb.exe
  2⤵
  PID:8272
- C:\Windows\System\kjfeqjw.exe
  C:\Windows\System\kjfeqjw.exe
  2⤵
  PID:7624
- C:\Windows\System\samUWun.exe
  C:\Windows\System\samUWun.exe
  2⤵
  PID:6936
- C:\Windows\System\tfTBrei.exe
  C:\Windows\System\tfTBrei.exe
  2⤵
  PID:8472
- C:\Windows\System\mStVMtU.exe
  C:\Windows\System\mStVMtU.exe
  2⤵
  PID:8364
- C:\Windows\System\kHJAcRW.exe
  C:\Windows\System\kHJAcRW.exe
  2⤵
  PID:1376
- C:\Windows\System\KnWZAYK.exe
  C:\Windows\System\KnWZAYK.exe
  2⤵
  PID:8556
- C:\Windows\System\JnWhzLK.exe
  C:\Windows\System\JnWhzLK.exe
  2⤵
  PID:6428
- C:\Windows\System\zLFMQRH.exe
  C:\Windows\System\zLFMQRH.exe
  2⤵
  PID:8576
- C:\Windows\System\GmwoYXn.exe
  C:\Windows\System\GmwoYXn.exe
  2⤵
  PID:6308
- C:\Windows\System\wEDslNE.exe
  C:\Windows\System\wEDslNE.exe
  2⤵
  PID:6212
- C:\Windows\System\bLpzJba.exe
  C:\Windows\System\bLpzJba.exe
  2⤵
  PID:11284
- C:\Windows\System\Malvonk.exe
  C:\Windows\System\Malvonk.exe
  2⤵
  PID:11380
- C:\Windows\System\WQILNbT.exe
  C:\Windows\System\WQILNbT.exe
  2⤵
  PID:11400
- C:\Windows\System\UnAVCDE.exe
  C:\Windows\System\UnAVCDE.exe
  2⤵
  PID:11416
- C:\Windows\System\ZNvZkAI.exe
  C:\Windows\System\ZNvZkAI.exe
  2⤵
  PID:11436
- C:\Windows\System\YqrneRb.exe
  C:\Windows\System\YqrneRb.exe
  2⤵
  PID:11456
- C:\Windows\System\taaeiSd.exe
  C:\Windows\System\taaeiSd.exe
  2⤵
  PID:11472
- C:\Windows\System\SnjASYv.exe
  C:\Windows\System\SnjASYv.exe
  2⤵
  PID:11492
- C:\Windows\System\BgwscmA.exe
  C:\Windows\System\BgwscmA.exe
  2⤵
  PID:11532
- C:\Windows\System\OMThjmz.exe
  C:\Windows\System\OMThjmz.exe
  2⤵
  PID:11548
- C:\Windows\System\wigCZNB.exe
  C:\Windows\System\wigCZNB.exe
  2⤵
  PID:11564
- C:\Windows\System\fAciGaj.exe
  C:\Windows\System\fAciGaj.exe
  2⤵
  PID:11584
- C:\Windows\System\UIgqwUY.exe
  C:\Windows\System\UIgqwUY.exe
  2⤵
  PID:11608
- C:\Windows\System\TzGQfUu.exe
  C:\Windows\System\TzGQfUu.exe
  2⤵
  PID:11628
- C:\Windows\System\dwAelWt.exe
  C:\Windows\System\dwAelWt.exe
  2⤵
  PID:11652
- C:\Windows\System\FLjFMYX.exe
  C:\Windows\System\FLjFMYX.exe
  2⤵
  PID:11672
- C:\Windows\System\JfJYtsR.exe
  C:\Windows\System\JfJYtsR.exe
  2⤵
  PID:11692
- C:\Windows\System\huVKnnV.exe
  C:\Windows\System\huVKnnV.exe
  2⤵
  PID:11712
- C:\Windows\System\uNjnhgs.exe
  C:\Windows\System\uNjnhgs.exe
  2⤵
  PID:11728
- C:\Windows\System\EWEfIAj.exe
  C:\Windows\System\EWEfIAj.exe
  2⤵
  PID:11752
- C:\Windows\System\EuflZnR.exe
  C:\Windows\System\EuflZnR.exe
  2⤵
  PID:11772
- C:\Windows\System\FgZJqkz.exe
  C:\Windows\System\FgZJqkz.exe
  2⤵
  PID:11796
- C:\Windows\System\HDazFks.exe
  C:\Windows\System\HDazFks.exe
  2⤵
  PID:11824
- C:\Windows\System\gbpUJYr.exe
  C:\Windows\System\gbpUJYr.exe
  2⤵
  PID:11844
- C:\Windows\System\SZYvVVd.exe
  C:\Windows\System\SZYvVVd.exe
  2⤵
  PID:11860
- C:\Windows\System\FDQXJZb.exe
  C:\Windows\System\FDQXJZb.exe
  2⤵
  PID:11876
- C:\Windows\System\KvsbPAg.exe
  C:\Windows\System\KvsbPAg.exe
  2⤵
  PID:11896
- C:\Windows\System\toeuXwO.exe
  C:\Windows\System\toeuXwO.exe
  2⤵
  PID:11924
- C:\Windows\System\aBfYvNb.exe
  C:\Windows\System\aBfYvNb.exe
  2⤵
  PID:11948
- C:\Windows\System\YbSuWSU.exe
  C:\Windows\System\YbSuWSU.exe
  2⤵
  PID:11964
- C:\Windows\System\KsRSbwl.exe
  C:\Windows\System\KsRSbwl.exe
  2⤵
  PID:11984
- C:\Windows\System\rnfbLSn.exe
  C:\Windows\System\rnfbLSn.exe
  2⤵
  PID:12004
- C:\Windows\System\SulDuIr.exe
  C:\Windows\System\SulDuIr.exe
  2⤵
  PID:12028
- C:\Windows\System\PnlkkBQ.exe
  C:\Windows\System\PnlkkBQ.exe
  2⤵
  PID:12048
- C:\Windows\System\jNfgYOe.exe
  C:\Windows\System\jNfgYOe.exe
  2⤵
  PID:12064
- C:\Windows\System\QlJuCPV.exe
  C:\Windows\System\QlJuCPV.exe
  2⤵
  PID:12080
- C:\Windows\System\Uixwvkv.exe
  C:\Windows\System\Uixwvkv.exe
  2⤵
  PID:12096
- C:\Windows\System\DSwIzus.exe
  C:\Windows\System\DSwIzus.exe
  2⤵
  PID:12124
- C:\Windows\System\EKYnbQU.exe
  C:\Windows\System\EKYnbQU.exe
  2⤵
  PID:12148
- C:\Windows\System\PGHlTpV.exe
  C:\Windows\System\PGHlTpV.exe
  2⤵
  PID:12168
- C:\Windows\System\WuGIAiT.exe
  C:\Windows\System\WuGIAiT.exe
  2⤵
  PID:12192
- C:\Windows\System\FdJDGoV.exe
  C:\Windows\System\FdJDGoV.exe
  2⤵
  PID:12220
- C:\Windows\System\dmfKJXa.exe
  C:\Windows\System\dmfKJXa.exe
  2⤵
  PID:12240
- C:\Windows\System\vBInWEH.exe
  C:\Windows\System\vBInWEH.exe
  2⤵
  PID:12260
- C:\Windows\System\fjuOSEb.exe
  C:\Windows\System\fjuOSEb.exe
  2⤵
  PID:12280
- C:\Windows\System\lLgwvWT.exe
  C:\Windows\System\lLgwvWT.exe
  2⤵
  PID:10640
- C:\Windows\System\Alerpws.exe
  C:\Windows\System\Alerpws.exe
  2⤵
  PID:8828
- C:\Windows\System\fNbZjBW.exe
  C:\Windows\System\fNbZjBW.exe
  2⤵
  PID:3540
- C:\Windows\System\VmsRNCX.exe
  C:\Windows\System\VmsRNCX.exe
  2⤵
  PID:5876
- C:\Windows\System\hLkWHGR.exe
  C:\Windows\System\hLkWHGR.exe
  2⤵
  PID:9020
- C:\Windows\System\foaYWWr.exe
  C:\Windows\System\foaYWWr.exe
  2⤵
  PID:6896
- C:\Windows\System\qTuzgwl.exe
  C:\Windows\System\qTuzgwl.exe
  2⤵
  PID:4900
- C:\Windows\System\aGeffDF.exe
  C:\Windows\System\aGeffDF.exe
  2⤵
  PID:9064
- C:\Windows\System\IQuqpXB.exe
  C:\Windows\System\IQuqpXB.exe
  2⤵
  PID:2204
- C:\Windows\System\UDxwCUQ.exe
  C:\Windows\System\UDxwCUQ.exe
  2⤵
  PID:7924
- C:\Windows\System\eBfSZZg.exe
  C:\Windows\System\eBfSZZg.exe
  2⤵
  PID:7940
- C:\Windows\System\ilWpGFw.exe
  C:\Windows\System\ilWpGFw.exe
  2⤵
  PID:11320
- C:\Windows\System\vYYYtwj.exe
  C:\Windows\System\vYYYtwj.exe
  2⤵
  PID:10972
- C:\Windows\System\fjPoJUK.exe
  C:\Windows\System\fjPoJUK.exe
  2⤵
  PID:8524
- C:\Windows\System\wfXIjQg.exe
  C:\Windows\System\wfXIjQg.exe
  2⤵
  PID:8824
- C:\Windows\System\joBQAKD.exe
  C:\Windows\System\joBQAKD.exe
  2⤵
  PID:7532
- C:\Windows\System\hyhvLwl.exe
  C:\Windows\System\hyhvLwl.exe
  2⤵
  PID:8748
- C:\Windows\System\dhqHpMT.exe
  C:\Windows\System\dhqHpMT.exe
  2⤵
  PID:8792
- C:\Windows\System\dRDZJXj.exe
  C:\Windows\System\dRDZJXj.exe
  2⤵
  PID:8900
- C:\Windows\System\LLlpmly.exe
  C:\Windows\System\LLlpmly.exe
  2⤵
  PID:8108
- C:\Windows\System\wnTnmdX.exe
  C:\Windows\System\wnTnmdX.exe
  2⤵
  PID:7200
- C:\Windows\System\pabVNsW.exe
  C:\Windows\System\pabVNsW.exe
  2⤵
  PID:8220
- C:\Windows\System\xmJdjHd.exe
  C:\Windows\System\xmJdjHd.exe
  2⤵
  PID:8352
- C:\Windows\System\mUjMgCW.exe
  C:\Windows\System\mUjMgCW.exe
  2⤵
  PID:8580
- C:\Windows\System\tnIfGmu.exe
  C:\Windows\System\tnIfGmu.exe
  2⤵
  PID:11336
- C:\Windows\System\zyctpdV.exe
  C:\Windows\System\zyctpdV.exe
  2⤵
  PID:11348
- C:\Windows\System\fsFpUIw.exe
  C:\Windows\System\fsFpUIw.exe
  2⤵
  PID:11388
- C:\Windows\System\gwvauVa.exe
  C:\Windows\System\gwvauVa.exe
  2⤵
  PID:8876
- C:\Windows\System\pxAAKOR.exe
  C:\Windows\System\pxAAKOR.exe
  2⤵
  PID:8772
- C:\Windows\System\rqkGWpe.exe
  C:\Windows\System\rqkGWpe.exe
  2⤵
  PID:11352
- C:\Windows\System\mSXgvzi.exe
  C:\Windows\System\mSXgvzi.exe
  2⤵
  PID:11376
- C:\Windows\System\flTZZGZ.exe
  C:\Windows\System\flTZZGZ.exe
  2⤵
  PID:8588
- C:\Windows\System\IzleUHz.exe
  C:\Windows\System\IzleUHz.exe
  2⤵
  PID:1596
- C:\Windows\System\zQPymLK.exe
  C:\Windows\System\zQPymLK.exe
  2⤵
  PID:11484
- C:\Windows\System\ywgdNIM.exe
  C:\Windows\System\ywgdNIM.exe
  2⤵
  PID:11448
- C:\Windows\System\uEwfDpg.exe
  C:\Windows\System\uEwfDpg.exe
  2⤵
  PID:532
- C:\Windows\System\lldImia.exe
  C:\Windows\System\lldImia.exe
  2⤵
  PID:11452
- C:\Windows\System\bjQKyoi.exe
  C:\Windows\System\bjQKyoi.exe
  2⤵
  PID:8436
- C:\Windows\System\XAsbHaI.exe
  C:\Windows\System\XAsbHaI.exe
  2⤵
  PID:11524
- C:\Windows\System\EoDcjkf.exe
  C:\Windows\System\EoDcjkf.exe
  2⤵
  PID:11544
- C:\Windows\System\rsQXQQg.exe
  C:\Windows\System\rsQXQQg.exe
  2⤵
  PID:8584
- C:\Windows\System\zaWkloH.exe
  C:\Windows\System\zaWkloH.exe
  2⤵
  PID:8664
- C:\Windows\System\mRdKBTs.exe
  C:\Windows\System\mRdKBTs.exe
  2⤵
  PID:8964
- C:\Windows\System\tgodzKY.exe
  C:\Windows\System\tgodzKY.exe
  2⤵
  PID:1156
- C:\Windows\System\HhHugID.exe
  C:\Windows\System\HhHugID.exe
  2⤵
  PID:1252
- C:\Windows\System\nwTVnMZ.exe
  C:\Windows\System\nwTVnMZ.exe
  2⤵
  PID:11604
- C:\Windows\System\bWRHAja.exe
  C:\Windows\System\bWRHAja.exe
  2⤵
  PID:11616
- C:\Windows\System\bsoBeLj.exe
  C:\Windows\System\bsoBeLj.exe
  2⤵
  PID:8836
- C:\Windows\System\xzjvQLH.exe
  C:\Windows\System\xzjvQLH.exe
  2⤵
  PID:11504
- C:\Windows\System\rvyFuOh.exe
  C:\Windows\System\rvyFuOh.exe
  2⤵
  PID:9304
- C:\Windows\System\vhHVrGM.exe
  C:\Windows\System\vhHVrGM.exe
  2⤵
  PID:9312
- C:\Windows\System\qeVkUyC.exe
  C:\Windows\System\qeVkUyC.exe
  2⤵
  PID:9348
- C:\Windows\System\eixCOmW.exe
  C:\Windows\System\eixCOmW.exe
  2⤵
  PID:11660
- C:\Windows\System\rucKGPx.exe
  C:\Windows\System\rucKGPx.exe
  2⤵
  PID:9452
- C:\Windows\System\fASblUH.exe
  C:\Windows\System\fASblUH.exe
  2⤵
  PID:11720
- C:\Windows\System\bahsKPW.exe
  C:\Windows\System\bahsKPW.exe
  2⤵
  PID:11740
- C:\Windows\System\RhMggHT.exe
  C:\Windows\System\RhMggHT.exe
  2⤵
  PID:9640
- C:\Windows\System\CckUmrD.exe
  C:\Windows\System\CckUmrD.exe
  2⤵
  PID:9556
- C:\Windows\System\saQqzxG.exe
  C:\Windows\System\saQqzxG.exe
  2⤵
  PID:9764
- C:\Windows\System\bzBrtrz.exe
  C:\Windows\System\bzBrtrz.exe
  2⤵
  PID:9240
- C:\Windows\System\NrOaHlQ.exe
  C:\Windows\System\NrOaHlQ.exe
  2⤵
  PID:9960
- C:\Windows\System\qXDUlCB.exe
  C:\Windows\System\qXDUlCB.exe
  2⤵
  PID:10120
- C:\Windows\System\ythLTfe.exe
  C:\Windows\System\ythLTfe.exe
  2⤵
  PID:9940
- C:\Windows\System\unTkLlX.exe
  C:\Windows\System\unTkLlX.exe
  2⤵
  PID:10140
- C:\Windows\System\wFMfIzy.exe
  C:\Windows\System\wFMfIzy.exe
  2⤵
  PID:9824
- C:\Windows\System\cdJUpqS.exe
  C:\Windows\System\cdJUpqS.exe
  2⤵
  PID:11892
- C:\Windows\System\PqZnoPd.exe
  C:\Windows\System\PqZnoPd.exe
  2⤵
  PID:9560
- C:\Windows\System\fSGghLu.exe
  C:\Windows\System\fSGghLu.exe
  2⤵
  PID:8232
- C:\Windows\System\FQLzKIN.exe
  C:\Windows\System\FQLzKIN.exe
  2⤵
  PID:9540
- C:\Windows\System\NxhmJSR.exe
  C:\Windows\System\NxhmJSR.exe
  2⤵
  PID:11884
- C:\Windows\System\DhmXRuH.exe
  C:\Windows\System\DhmXRuH.exe
  2⤵
  PID:9628
- C:\Windows\System\qAVuYZs.exe
  C:\Windows\System\qAVuYZs.exe
  2⤵
  PID:9692
- C:\Windows\System\jgYzrbS.exe
  C:\Windows\System\jgYzrbS.exe
  2⤵
  PID:11972
- C:\Windows\System\vnmTWfx.exe
  C:\Windows\System\vnmTWfx.exe
  2⤵
  PID:12024
- C:\Windows\System\QSHbboU.exe
  C:\Windows\System\QSHbboU.exe
  2⤵
  PID:12112
- C:\Windows\System\ziazMQZ.exe
  C:\Windows\System\ziazMQZ.exe
  2⤵
  PID:12140
- C:\Windows\System\umWRKgU.exe
  C:\Windows\System\umWRKgU.exe
  2⤵
  PID:12176
- C:\Windows\System\OhTQACZ.exe
  C:\Windows\System\OhTQACZ.exe
  2⤵
  PID:12204
- C:\Windows\System\ZvggYuL.exe
  C:\Windows\System\ZvggYuL.exe
  2⤵
  PID:12236
- C:\Windows\System\uRQgTTF.exe
  C:\Windows\System\uRQgTTF.exe
  2⤵
  PID:12276
- C:\Windows\System\ZzWehCi.exe
  C:\Windows\System\ZzWehCi.exe
  2⤵
  PID:1120
- C:\Windows\System\jQbcfzk.exe
  C:\Windows\System\jQbcfzk.exe
  2⤵
  PID:8356
- C:\Windows\System\HHQAwGx.exe
  C:\Windows\System\HHQAwGx.exe
  2⤵
  PID:7312
- C:\Windows\System\HqgmxnC.exe
  C:\Windows\System\HqgmxnC.exe
  2⤵
  PID:11280
- C:\Windows\System\esBUhFE.exe
  C:\Windows\System\esBUhFE.exe
  2⤵
  PID:12016
- C:\Windows\System\iFOLjJZ.exe
  C:\Windows\System\iFOLjJZ.exe
  2⤵
  PID:8880
- C:\Windows\System\xVyDhVw.exe
  C:\Windows\System\xVyDhVw.exe
  2⤵
  PID:11908
- C:\Windows\System\fDHZiTG.exe
  C:\Windows\System\fDHZiTG.exe
  2⤵
  PID:8752
- C:\Windows\System\PZHTkvo.exe
  C:\Windows\System\PZHTkvo.exe
  2⤵
  PID:11368
- C:\Windows\System\dmtYorO.exe
  C:\Windows\System\dmtYorO.exe
  2⤵
  PID:8204
- C:\Windows\System\ELxuiEy.exe
  C:\Windows\System\ELxuiEy.exe
  2⤵
  PID:8892
- C:\Windows\System\TareLoH.exe
  C:\Windows\System\TareLoH.exe
  2⤵
  PID:2712
- C:\Windows\System\xCWPtIh.exe
  C:\Windows\System\xCWPtIh.exe
  2⤵
  PID:8276
- C:\Windows\System\yAuCCOn.exe
  C:\Windows\System\yAuCCOn.exe
  2⤵
  PID:2612
- C:\Windows\System\TQmyxpw.exe
  C:\Windows\System\TQmyxpw.exe
  2⤵
  PID:11392
- C:\Windows\System\SnaBrGo.exe
  C:\Windows\System\SnaBrGo.exe
  2⤵
  PID:9168
- C:\Windows\System\tWKOdqY.exe
  C:\Windows\System\tWKOdqY.exe
  2⤵
  PID:11500
- C:\Windows\System\xopoIxc.exe
  C:\Windows\System\xopoIxc.exe
  2⤵
  PID:9084
- C:\Windows\System\gqXpExd.exe
  C:\Windows\System\gqXpExd.exe
  2⤵
  PID:9508
- C:\Windows\System\APhUYby.exe
  C:\Windows\System\APhUYby.exe
  2⤵
  PID:3224
- C:\Windows\System\AIZrSah.exe
  C:\Windows\System\AIZrSah.exe
  2⤵
  PID:9208
- C:\Windows\System\gQScWUX.exe
  C:\Windows\System\gQScWUX.exe
  2⤵
  PID:9072
- C:\Windows\System\dKAXLNy.exe
  C:\Windows\System\dKAXLNy.exe
  2⤵
  PID:2540
- C:\Windows\System\OjdTTGb.exe
  C:\Windows\System\OjdTTGb.exe
  2⤵
  PID:8648
- C:\Windows\System\CfxDLkl.exe
  C:\Windows\System\CfxDLkl.exe
  2⤵
  PID:9372
- C:\Windows\System\lEqaGar.exe
  C:\Windows\System\lEqaGar.exe
  2⤵
  PID:9276
- C:\Windows\System\NcMjIyI.exe
  C:\Windows\System\NcMjIyI.exe
  2⤵
  PID:9448
- C:\Windows\System\wmplozD.exe
  C:\Windows\System\wmplozD.exe
  2⤵
  PID:9868
- C:\Windows\System\DMhvjqB.exe
  C:\Windows\System\DMhvjqB.exe
  2⤵
  PID:9444
- C:\Windows\System\tIQmJJx.exe
  C:\Windows\System\tIQmJJx.exe
  2⤵
  PID:11700
- C:\Windows\System\bQIqIBY.exe
  C:\Windows\System\bQIqIBY.exe
  2⤵
  PID:10036
- C:\Windows\System\mvYEwbh.exe
  C:\Windows\System\mvYEwbh.exe
  2⤵
  PID:9988
- C:\Windows\System\nCWTdXh.exe
  C:\Windows\System\nCWTdXh.exe
  2⤵
  PID:9636
- C:\Windows\System\mysiuuj.exe
  C:\Windows\System\mysiuuj.exe
  2⤵
  PID:9836
- C:\Windows\System\zUqexCc.exe
  C:\Windows\System\zUqexCc.exe
  2⤵
  PID:9440
- C:\Windows\System\fceBdYe.exe
  C:\Windows\System\fceBdYe.exe
  2⤵
  PID:10232
- C:\Windows\System\nxhKVqZ.exe
  C:\Windows\System\nxhKVqZ.exe
  2⤵
  PID:3936
- C:\Windows\System\sQSPBpL.exe
  C:\Windows\System\sQSPBpL.exe
  2⤵
  PID:9924
- C:\Windows\System\hHTtyjH.exe
  C:\Windows\System\hHTtyjH.exe
  2⤵
  PID:9260
- C:\Windows\System\tpJhdZz.exe
  C:\Windows\System\tpJhdZz.exe
  2⤵
  PID:10216
- C:\Windows\System\vCxYnUN.exe
  C:\Windows\System\vCxYnUN.exe
  2⤵
  PID:9820
- C:\Windows\System\TKASePP.exe
  C:\Windows\System\TKASePP.exe
  2⤵
  PID:9544
- C:\Windows\System\FAPNxVr.exe
  C:\Windows\System\FAPNxVr.exe
  2⤵
  PID:11980
- C:\Windows\System\ZuCqlEa.exe
  C:\Windows\System\ZuCqlEa.exe
  2⤵
  PID:11996
- C:\Windows\System\TYnqATZ.exe
  C:\Windows\System\TYnqATZ.exe
  2⤵
  PID:9624
- C:\Windows\System\gVOZFcv.exe
  C:\Windows\System\gVOZFcv.exe
  2⤵
  PID:12056
- C:\Windows\System\DFGtBJO.exe
  C:\Windows\System\DFGtBJO.exe
  2⤵
  PID:4568
- C:\Windows\System\gWUehEJ.exe
  C:\Windows\System\gWUehEJ.exe
  2⤵
  PID:11704
- C:\Windows\System\olWNLUU.exe
  C:\Windows\System\olWNLUU.exe
  2⤵
  PID:12088
- C:\Windows\System\fZzCJRt.exe
  C:\Windows\System\fZzCJRt.exe
  2⤵
  PID:12184
- C:\Windows\System\fSAHvZz.exe
  C:\Windows\System\fSAHvZz.exe
  2⤵
  PID:1836
- C:\Windows\System\ZMapwNA.exe
  C:\Windows\System\ZMapwNA.exe
  2⤵
  PID:6960
- C:\Windows\System\TFUFuUn.exe
  C:\Windows\System\TFUFuUn.exe
  2⤵
  PID:7752
- C:\Windows\System\GUqQebW.exe
  C:\Windows\System\GUqQebW.exe
  2⤵
  PID:7604
- C:\Windows\System\inJkYDu.exe
  C:\Windows\System\inJkYDu.exe
  2⤵
  PID:5464
- C:\Windows\System\evwGKIE.exe
  C:\Windows\System\evwGKIE.exe
  2⤵
  PID:1656
- C:\Windows\System\SqYzYXH.exe
  C:\Windows\System\SqYzYXH.exe
  2⤵
  PID:9056
- C:\Windows\System\gIsgPIA.exe
  C:\Windows\System\gIsgPIA.exe
  2⤵
  PID:8528
- C:\Windows\System\XFEkrUM.exe
  C:\Windows\System\XFEkrUM.exe
  2⤵
  PID:8336
- C:\Windows\System\ptpecTy.exe
  C:\Windows\System\ptpecTy.exe
  2⤵
  PID:5608
- C:\Windows\System\fNoWUam.exe
  C:\Windows\System\fNoWUam.exe
  2⤵
  PID:11356
- C:\Windows\System\KRBHCRj.exe
  C:\Windows\System\KRBHCRj.exe
  2⤵
  PID:5676
- C:\Windows\System\NzxSlfn.exe
  C:\Windows\System\NzxSlfn.exe
  2⤵
  PID:8612
- C:\Windows\System\dWyZyTG.exe
  C:\Windows\System\dWyZyTG.exe
  2⤵
  PID:3276
- C:\Windows\System\BbRodty.exe
  C:\Windows\System\BbRodty.exe
  2⤵
  PID:8380
- C:\Windows\System\XnEtZwH.exe
  C:\Windows\System\XnEtZwH.exe
  2⤵
  PID:11364
- C:\Windows\System\VQrjWsv.exe
  C:\Windows\System\VQrjWsv.exe
  2⤵
  PID:7928
- C:\Windows\System\pvsSTNh.exe
  C:\Windows\System\pvsSTNh.exe
  2⤵
  PID:11372
- C:\Windows\System\vmfiwjW.exe
  C:\Windows\System\vmfiwjW.exe
  2⤵
  PID:8744
- C:\Windows\System\CvoPkXX.exe
  C:\Windows\System\CvoPkXX.exe
  2⤵
  PID:11412
- C:\Windows\System\MsmZbZx.exe
  C:\Windows\System\MsmZbZx.exe
  2⤵
  PID:1868
- C:\Windows\System\WHvCYqc.exe
  C:\Windows\System\WHvCYqc.exe
  2⤵
  PID:10324
- C:\Windows\System\JdneZpt.exe
  C:\Windows\System\JdneZpt.exe
  2⤵
  PID:10824
- C:\Windows\System\lnPJtvm.exe
  C:\Windows\System\lnPJtvm.exe
  2⤵
  PID:5764
- C:\Windows\System\qsmBtMO.exe
  C:\Windows\System\qsmBtMO.exe
  2⤵
  PID:10264
- C:\Windows\System\bTsKWTE.exe
  C:\Windows\System\bTsKWTE.exe
  2⤵
  PID:11196
- C:\Windows\System\FAnchQj.exe
  C:\Windows\System\FAnchQj.exe
  2⤵
  PID:10792
- C:\Windows\System\PjJBRKb.exe
  C:\Windows\System\PjJBRKb.exe
  2⤵
  PID:9044
- C:\Windows\System\AGAmDWb.exe
  C:\Windows\System\AGAmDWb.exe
  2⤵
  PID:9032
- C:\Windows\System\rMdPNjJ.exe
  C:\Windows\System\rMdPNjJ.exe
  2⤵
  PID:11216
- C:\Windows\System\nXBmARA.exe
  C:\Windows\System\nXBmARA.exe
  2⤵
  PID:10256
- C:\Windows\System\lwfiDup.exe
  C:\Windows\System\lwfiDup.exe
  2⤵
  PID:10744
- C:\Windows\System\naDDzNt.exe
  C:\Windows\System\naDDzNt.exe
  2⤵
  PID:11236
- C:\Windows\System\ipcVUYM.exe
  C:\Windows\System\ipcVUYM.exe
  2⤵
  PID:10492
- C:\Windows\System\CfNUGNa.exe
  C:\Windows\System\CfNUGNa.exe
  2⤵
  PID:11192
- C:\Windows\System\fCaRtpZ.exe
  C:\Windows\System\fCaRtpZ.exe
  2⤵
  PID:10280
- C:\Windows\System\agzBDjS.exe
  C:\Windows\System\agzBDjS.exe
  2⤵
  PID:11232
- C:\Windows\System\upIcvag.exe
  C:\Windows\System\upIcvag.exe
  2⤵
  PID:5952
- C:\Windows\System\uwIrmkm.exe
  C:\Windows\System\uwIrmkm.exe
  2⤵
  PID:10228
- C:\Windows\System\ZCJhnjp.exe
  C:\Windows\System\ZCJhnjp.exe
  2⤵
  PID:2660
- C:\Windows\System\IWzfVds.exe
  C:\Windows\System\IWzfVds.exe
  2⤵
  PID:6124
- C:\Windows\System\IGMdoIy.exe
  C:\Windows\System\IGMdoIy.exe
  2⤵
  PID:184
- C:\Windows\System\aaXVHFg.exe
  C:\Windows\System\aaXVHFg.exe
  2⤵
  PID:9128
- C:\Windows\System\PdHarau.exe
  C:\Windows\System\PdHarau.exe
  2⤵
  PID:8704
- C:\Windows\System\KrbqSgI.exe
  C:\Windows\System\KrbqSgI.exe
  2⤵
  PID:5292
- C:\Windows\System\nXlzMyU.exe
  C:\Windows\System\nXlzMyU.exe
  2⤵
  PID:8360
- C:\Windows\System\tWWnFkU.exe
  C:\Windows\System\tWWnFkU.exe
  2⤵
  PID:4952
- C:\Windows\System\YFQULdf.exe
  C:\Windows\System\YFQULdf.exe
  2⤵
  PID:8724
- C:\Windows\System\vihSSTU.exe
  C:\Windows\System\vihSSTU.exe
  2⤵
  PID:11648
- C:\Windows\System\ZQpJAzp.exe
  C:\Windows\System\ZQpJAzp.exe
  2⤵
  PID:10980
- C:\Windows\System\fdcaUfW.exe
  C:\Windows\System\fdcaUfW.exe
  2⤵
  PID:9436
- C:\Windows\System\dpWXIaJ.exe
  C:\Windows\System\dpWXIaJ.exe
  2⤵
  PID:11160
- C:\Windows\System\FuzEysJ.exe
  C:\Windows\System\FuzEysJ.exe
  2⤵
  PID:11132
- C:\Windows\System\xVBzFBa.exe
  C:\Windows\System\xVBzFBa.exe
  2⤵
  PID:11152
- C:\Windows\System\RGIWJhC.exe
  C:\Windows\System\RGIWJhC.exe
  2⤵
  PID:11764
- C:\Windows\System\GFfNjml.exe
  C:\Windows\System\GFfNjml.exe
  2⤵
  PID:9968
- C:\Windows\System\EUXAGtY.exe
  C:\Windows\System\EUXAGtY.exe
  2⤵
  PID:11792
- C:\Windows\System\DIlLguh.exe
  C:\Windows\System\DIlLguh.exe
  2⤵
  PID:10080
- C:\Windows\System\PSAnOIk.exe
  C:\Windows\System\PSAnOIk.exe
  2⤵
  PID:9812
- C:\Windows\System\iquhqzG.exe
  C:\Windows\System\iquhqzG.exe
  2⤵
  PID:1192
- C:\Windows\System\fKqPTFk.exe
  C:\Windows\System\fKqPTFk.exe
  2⤵
  PID:10084
- C:\Windows\System\oFgmDhN.exe
  C:\Windows\System\oFgmDhN.exe
  2⤵
  PID:11856
- C:\Windows\System\YviqdlX.exe
  C:\Windows\System\YviqdlX.exe
  2⤵
  PID:11540
- C:\Windows\System\gRFxSny.exe
  C:\Windows\System\gRFxSny.exe
  2⤵
  PID:9148
- C:\Windows\System\vfNLYAJ.exe
  C:\Windows\System\vfNLYAJ.exe
  2⤵
  PID:11932
- C:\Windows\System\ktnGFuO.exe
  C:\Windows\System\ktnGFuO.exe
  2⤵
  PID:10104
- C:\Windows\System\gPqIWam.exe
  C:\Windows\System\gPqIWam.exe
  2⤵
  PID:10032
- C:\Windows\System\dJRVSfL.exe
  C:\Windows\System\dJRVSfL.exe
  2⤵
  PID:12116
- C:\Windows\System\UZEaGKz.exe
  C:\Windows\System\UZEaGKz.exe
  2⤵
  PID:10208
- C:\Windows\System\USioxVT.exe
  C:\Windows\System\USioxVT.exe
  2⤵
  PID:12136
- C:\Windows\System\uOtPcfn.exe
  C:\Windows\System\uOtPcfn.exe
  2⤵
  PID:12132
- C:\Windows\System\gwpVxnd.exe
  C:\Windows\System\gwpVxnd.exe
  2⤵
  PID:4472
- C:\Windows\System\zqinyXP.exe
  C:\Windows\System\zqinyXP.exe
  2⤵
  PID:4576
- C:\Windows\System\LKsfEWH.exe
  C:\Windows\System\LKsfEWH.exe
  2⤵
  PID:9416
- C:\Windows\System\kQSYyHy.exe
  C:\Windows\System\kQSYyHy.exe
  2⤵
  PID:7504
- C:\Windows\System\fPlRvUV.exe
  C:\Windows\System\fPlRvUV.exe
  2⤵
  PID:7244
- C:\Windows\System\fARkbBq.exe
  C:\Windows\System\fARkbBq.exe
  2⤵
  PID:5688
- C:\Windows\System\ecoDugw.exe
  C:\Windows\System\ecoDugw.exe
  2⤵
  PID:8216
- C:\Windows\System\VAKcgJu.exe
  C:\Windows\System\VAKcgJu.exe
  2⤵
  PID:3792
- C:\Windows\System\HrdzMkv.exe
  C:\Windows\System\HrdzMkv.exe
  2⤵
  PID:7304
- C:\Windows\System\YjEturV.exe
  C:\Windows\System\YjEturV.exe
  2⤵
  PID:4024
- C:\Windows\System\Laihsog.exe
  C:\Windows\System\Laihsog.exe
  2⤵
  PID:8560
- C:\Windows\System\qfJSHMi.exe
  C:\Windows\System\qfJSHMi.exe
  2⤵
  PID:6816
- C:\Windows\System\ELPTEgZ.exe
  C:\Windows\System\ELPTEgZ.exe
  2⤵
  PID:2404
- C:\Windows\System\CHSliAz.exe
  C:\Windows\System\CHSliAz.exe
  2⤵
  PID:11428
- C:\Windows\System\nnKRKbM.exe
  C:\Windows\System\nnKRKbM.exe
  2⤵
  PID:3920
- C:\Windows\System\AAtAUCP.exe
  C:\Windows\System\AAtAUCP.exe
  2⤵
  PID:5804
- C:\Windows\System\PvIPJVf.exe
  C:\Windows\System\PvIPJVf.exe
  2⤵
  PID:10580
- C:\Windows\System\NQtDosv.exe
  C:\Windows\System\NQtDosv.exe
  2⤵
  PID:10528
- C:\Windows\System\MdHlTrR.exe
  C:\Windows\System\MdHlTrR.exe
  2⤵
  PID:10996
- C:\Windows\System\DlzNhyL.exe
  C:\Windows\System\DlzNhyL.exe
  2⤵
  PID:11004
- C:\Windows\System\XNWWKXX.exe
  C:\Windows\System\XNWWKXX.exe
  2⤵
  PID:3632
- C:\Windows\System\vRrPGRI.exe
  C:\Windows\System\vRrPGRI.exe
  2⤵
  PID:3316
- C:\Windows\System\PqjZcHg.exe
  C:\Windows\System\PqjZcHg.exe
  2⤵
  PID:3780
- C:\Windows\System\amJENUc.exe
  C:\Windows\System\amJENUc.exe
  2⤵
  PID:5128
- C:\Windows\System\sctGWVm.exe
  C:\Windows\System\sctGWVm.exe
  2⤵
  PID:10312
- C:\Windows\System\yZlIEyg.exe
  C:\Windows\System\yZlIEyg.exe
  2⤵
  PID:10504
- C:\Windows\System\hgMBKyS.exe
  C:\Windows\System\hgMBKyS.exe
  2⤵
  PID:5900
- C:\Windows\System\mfklXKU.exe
  C:\Windows\System\mfklXKU.exe
  2⤵
  PID:11136
- C:\Windows\System\hejqeBR.exe
  C:\Windows\System\hejqeBR.exe
  2⤵
  PID:10352
- C:\Windows\System\JKukxvE.exe
  C:\Windows\System\JKukxvE.exe
  2⤵
  PID:10680
- C:\Windows\System\VsmeDdD.exe
  C:\Windows\System\VsmeDdD.exe
  2⤵
  PID:4644
- C:\Windows\System\OTcCzVm.exe
  C:\Windows\System\OTcCzVm.exe
  2⤵
  PID:6052
- C:\Windows\System\BFcNZts.exe
  C:\Windows\System\BFcNZts.exe
  2⤵
  PID:10860
- C:\Windows\System\oypmllH.exe
  C:\Windows\System\oypmllH.exe
  2⤵
  PID:10776
- C:\Windows\System\FgJbPJh.exe
  C:\Windows\System\FgJbPJh.exe
  2⤵
  PID:8736
- C:\Windows\System\wtFMQPl.exe
  C:\Windows\System\wtFMQPl.exe
  2⤵
  PID:11560
- C:\Windows\System\GgzCbOi.exe
  C:\Windows\System\GgzCbOi.exe
  2⤵
  PID:9700
- C:\Windows\System\cRhHwxp.exe
  C:\Windows\System\cRhHwxp.exe
  2⤵
  PID:11112
- C:\Windows\System\QGdsUOR.exe
  C:\Windows\System\QGdsUOR.exe
  2⤵
  PID:9456
- C:\Windows\System\QtnBnKS.exe
  C:\Windows\System\QtnBnKS.exe
  2⤵
  PID:9884
- C:\Windows\System\EoNnwBU.exe
  C:\Windows\System\EoNnwBU.exe
  2⤵
  PID:10076
- C:\Windows\System\YivKmAn.exe
  C:\Windows\System\YivKmAn.exe
  2⤵
  PID:9104
- C:\Windows\System\HpOAytD.exe
  C:\Windows\System\HpOAytD.exe
  2⤵
  PID:9460
- C:\Windows\System\acMIYrp.exe
  C:\Windows\System\acMIYrp.exe
  2⤵
  PID:9792
- C:\Windows\System\nEcixkT.exe
  C:\Windows\System\nEcixkT.exe
  2⤵
  PID:9060
- C:\Windows\System\TyfkIok.exe
  C:\Windows\System\TyfkIok.exe
  2⤵
  PID:11992
- C:\Windows\System\spwHmPi.exe
  C:\Windows\System\spwHmPi.exe
  2⤵
  PID:11976
- C:\Windows\System\ZPJwiPb.exe
  C:\Windows\System\ZPJwiPb.exe
  2⤵
  PID:5152
- C:\Windows\System\YHJKArN.exe
  C:\Windows\System\YHJKArN.exe
  2⤵
  PID:12164
- C:\Windows\System\PzRmuOE.exe
  C:\Windows\System\PzRmuOE.exe
  2⤵
  PID:7424
- C:\Windows\System\yjxctHb.exe
  C:\Windows\System\yjxctHb.exe
  2⤵
  PID:8732
- C:\Windows\System\njNBJcI.exe
  C:\Windows\System\njNBJcI.exe
  2⤵
  PID:8784
- C:\Windows\System\Sdgsnqg.exe
  C:\Windows\System\Sdgsnqg.exe
  2⤵
  PID:9068
- C:\Windows\System\ZmWqrfb.exe
  C:\Windows\System\ZmWqrfb.exe
  2⤵
  PID:7816
- C:\Windows\System\jhIkzkq.exe
  C:\Windows\System\jhIkzkq.exe
  2⤵
  PID:4624
- C:\Windows\System\tfXbqOZ.exe
  C:\Windows\System\tfXbqOZ.exe
  2⤵
  PID:9752
- C:\Windows\System\chOJMXF.exe
  C:\Windows\System\chOJMXF.exe
  2⤵
  PID:5052
- C:\Windows\System\FXUqFXO.exe
  C:\Windows\System\FXUqFXO.exe
  2⤵
  PID:3536
- C:\Windows\System\fnqdoAs.exe
  C:\Windows\System\fnqdoAs.exe
  2⤵
  PID:10544
- C:\Windows\System\TEXYnuo.exe
  C:\Windows\System\TEXYnuo.exe
  2⤵
  PID:11096
- C:\Windows\System\QZtFNMs.exe
  C:\Windows\System\QZtFNMs.exe
  2⤵
  PID:11148
- C:\Windows\System\YvLlqTJ.exe
  C:\Windows\System\YvLlqTJ.exe
  2⤵
  PID:10952
- C:\Windows\System\IQguclO.exe
  C:\Windows\System\IQguclO.exe
  2⤵
  PID:708
- C:\Windows\System\GIYZqYf.exe
  C:\Windows\System\GIYZqYf.exe
  2⤵
  PID:3816
- C:\Windows\System\DBlInFT.exe
  C:\Windows\System\DBlInFT.exe
  2⤵
  PID:4500
- C:\Windows\System\rVrqDSX.exe
  C:\Windows\System\rVrqDSX.exe
  2⤵
  PID:11488
- C:\Windows\System\CJWvddz.exe
  C:\Windows\System\CJWvddz.exe
  2⤵
  PID:10408
- C:\Windows\System\yanottw.exe
  C:\Windows\System\yanottw.exe
  2⤵
  PID:10604
- C:\Windows\System\UMGyaej.exe
  C:\Windows\System\UMGyaej.exe
  2⤵
  PID:10756
- C:\Windows\System\QsZoVJq.exe
  C:\Windows\System\QsZoVJq.exe
  2⤵
  PID:6104
- C:\Windows\System\BdyDScs.exe
  C:\Windows\System\BdyDScs.exe
  2⤵
  PID:1340
- C:\Windows\System\rMxAFgC.exe
  C:\Windows\System\rMxAFgC.exe
  2⤵
  PID:11592
- C:\Windows\System\oClbMJt.exe
  C:\Windows\System\oClbMJt.exe
  2⤵
  PID:5560
- C:\Windows\System\ggudhVO.exe
  C:\Windows\System\ggudhVO.exe
  2⤵
  PID:10016
- C:\Windows\System\dPNwXzn.exe
  C:\Windows\System\dPNwXzn.exe
  2⤵
  PID:9716
- C:\Windows\System\oEGykLL.exe
  C:\Windows\System\oEGykLL.exe
  2⤵
  PID:11780
- C:\Windows\System\mZTNCaz.exe
  C:\Windows\System\mZTNCaz.exe
  2⤵
  PID:9896
- C:\Windows\System\CGmpaIz.exe
  C:\Windows\System\CGmpaIz.exe
  2⤵
  PID:9844
- C:\Windows\System\bTpFlGZ.exe
  C:\Windows\System\bTpFlGZ.exe
  2⤵
  PID:7404
- C:\Windows\System\ktUtaPY.exe
  C:\Windows\System\ktUtaPY.exe
  2⤵
  PID:588
- C:\Windows\System\NIYGnFB.exe
  C:\Windows\System\NIYGnFB.exe
  2⤵
  PID:11916
- C:\Windows\System\caCdZtT.exe
  C:\Windows\System\caCdZtT.exe
  2⤵
  PID:9464
- C:\Windows\System\tukrcyd.exe
  C:\Windows\System\tukrcyd.exe
  2⤵
  PID:9744
- C:\Windows\System\DTwgmmn.exe
  C:\Windows\System\DTwgmmn.exe
  2⤵
  PID:1972
- C:\Windows\System\RJcLWUP.exe
  C:\Windows\System\RJcLWUP.exe
  2⤵
  PID:12212
- C:\Windows\System\wvQVhum.exe
  C:\Windows\System\wvQVhum.exe
  2⤵
  PID:6512
- C:\Windows\System\ZjEpzyw.exe
  C:\Windows\System\ZjEpzyw.exe
  2⤵
  PID:6484
- C:\Windows\System\yYDSBXk.exe
  C:\Windows\System\yYDSBXk.exe
  2⤵
  PID:9816
- C:\Windows\System\lVWjGuu.exe
  C:\Windows\System\lVWjGuu.exe
  2⤵
  PID:10944
- C:\Windows\System\hNRBPOI.exe
  C:\Windows\System\hNRBPOI.exe
  2⤵
  PID:6648
- C:\Windows\System\xOaFvkr.exe
  C:\Windows\System\xOaFvkr.exe
  2⤵
  PID:10560
- C:\Windows\System\MSrkgGg.exe
  C:\Windows\System\MSrkgGg.exe
  2⤵
  PID:10928
- C:\Windows\System\ZVCtKGm.exe
  C:\Windows\System\ZVCtKGm.exe
  2⤵
  PID:5640
- C:\Windows\System\iIAsKFD.exe
  C:\Windows\System\iIAsKFD.exe
  2⤵
  PID:11256
- C:\Windows\System\nHklpio.exe
  C:\Windows\System\nHklpio.exe
  2⤵
  PID:1916
- C:\Windows\System\HkyYnRa.exe
  C:\Windows\System\HkyYnRa.exe
  2⤵
  PID:10676
- C:\Windows\System\DAKGUmR.exe
  C:\Windows\System\DAKGUmR.exe
  2⤵
  PID:8300
- C:\Windows\System\oAkwggS.exe
  C:\Windows\System\oAkwggS.exe
  2⤵
  PID:8856
- C:\Windows\System\LsTdcnT.exe
  C:\Windows\System\LsTdcnT.exe
  2⤵
  PID:11600
- C:\Windows\System\ckWYlnz.exe
  C:\Windows\System\ckWYlnz.exe
  2⤵
  PID:7724
- C:\Windows\System\mKxJFTt.exe
  C:\Windows\System\mKxJFTt.exe
  2⤵
  PID:9704
- C:\Windows\System\kAiiyhU.exe
  C:\Windows\System\kAiiyhU.exe
  2⤵
  PID:2536
- C:\Windows\System\jysGYtY.exe
  C:\Windows\System\jysGYtY.exe
  2⤵
  PID:4972
- C:\Windows\System\chLTTLv.exe
  C:\Windows\System\chLTTLv.exe
  2⤵
  PID:4676
- C:\Windows\System\LgxrSEv.exe
  C:\Windows\System\LgxrSEv.exe
  2⤵
  PID:5868
- C:\Windows\System\SpagswK.exe
  C:\Windows\System\SpagswK.exe
  2⤵
  PID:312
- C:\Windows\System\KSMOLEi.exe
  C:\Windows\System\KSMOLEi.exe
  2⤵
  PID:2220
- C:\Windows\System\jcLLtsx.exe
  C:\Windows\System\jcLLtsx.exe
  2⤵
  PID:1040
- C:\Windows\System\BNARwaQ.exe
  C:\Windows\System\BNARwaQ.exe
  2⤵
  PID:11292
- C:\Windows\System\JJipmtg.exe
  C:\Windows\System\JJipmtg.exe
  2⤵
  PID:6852
- C:\Windows\System\xlmLMHc.exe
  C:\Windows\System\xlmLMHc.exe
  2⤵
  PID:2280
- C:\Windows\System\RPjdVAc.exe
  C:\Windows\System\RPjdVAc.exe
  2⤵
  PID:10696
- C:\Windows\System\VqYfOGW.exe
  C:\Windows\System\VqYfOGW.exe
  2⤵
  PID:1724
- C:\Windows\System\uIJngCY.exe
  C:\Windows\System\uIJngCY.exe
  2⤵
  PID:3440
- C:\Windows\System\yFqrcot.exe
  C:\Windows\System\yFqrcot.exe
  2⤵
  PID:10800
- C:\Windows\System\gBZNBde.exe
  C:\Windows\System\gBZNBde.exe
  2⤵
  PID:8920
- C:\Windows\System\pKvHuVF.exe
  C:\Windows\System\pKvHuVF.exe
  2⤵
  PID:2532
- C:\Windows\System\yzCrKnY.exe
  C:\Windows\System\yzCrKnY.exe
  2⤵
  PID:11668
- C:\Windows\System\QJTqqZN.exe
  C:\Windows\System\QJTqqZN.exe
  2⤵
  PID:10008
- C:\Windows\System\HJlWCzu.exe
  C:\Windows\System\HJlWCzu.exe
  2⤵
  PID:396
- C:\Windows\System\fOnXGhl.exe
  C:\Windows\System\fOnXGhl.exe
  2⤵
  PID:4716
- C:\Windows\System\LMEFzhg.exe
  C:\Windows\System\LMEFzhg.exe
  2⤵
  PID:7288
- C:\Windows\System\jQHQapJ.exe
  C:\Windows\System\jQHQapJ.exe
  2⤵
  PID:8532
- C:\Windows\System\lmgVBwa.exe
  C:\Windows\System\lmgVBwa.exe
  2⤵
  PID:4208
- C:\Windows\System\PKToCpk.exe
  C:\Windows\System\PKToCpk.exe
  2⤵
  PID:11464
- C:\Windows\System\jdOWiyJ.exe
  C:\Windows\System\jdOWiyJ.exe
  2⤵
  PID:10572
- C:\Windows\System\LHCOjzc.exe
  C:\Windows\System\LHCOjzc.exe
  2⤵
  PID:11168
- C:\Windows\System\TkJvLwr.exe
  C:\Windows\System\TkJvLwr.exe
  2⤵
  PID:8716
- C:\Windows\System\gyWYacO.exe
  C:\Windows\System\gyWYacO.exe
  2⤵
  PID:856
- C:\Windows\System\AaJcDmZ.exe
  C:\Windows\System\AaJcDmZ.exe
  2⤵
  PID:6380
- C:\Windows\System\GOpaCNH.exe
  C:\Windows\System\GOpaCNH.exe
  2⤵
  PID:9164
- C:\Windows\System\cJEcMGv.exe
  C:\Windows\System\cJEcMGv.exe
  2⤵
  PID:5176
- C:\Windows\System\eaJqENt.exe
  C:\Windows\System\eaJqENt.exe
  2⤵
  PID:5196
- C:\Windows\System\YZtlIQP.exe
  C:\Windows\System\YZtlIQP.exe
  2⤵
  PID:10932
- C:\Windows\System\sfrjrZd.exe
  C:\Windows\System\sfrjrZd.exe
  2⤵
  PID:260
- C:\Windows\System\BCBMdHW.exe
  C:\Windows\System\BCBMdHW.exe
  2⤵
  PID:7844
- C:\Windows\System\NqNQsBJ.exe
  C:\Windows\System\NqNQsBJ.exe
  2⤵
  PID:4728
- C:\Windows\System\EnGNeMD.exe
  C:\Windows\System\EnGNeMD.exe
  2⤵
  PID:4484
- C:\Windows\System\wKuFlBl.exe
  C:\Windows\System\wKuFlBl.exe
  2⤵
  PID:9944
- C:\Windows\System\hGOIIDn.exe
  C:\Windows\System\hGOIIDn.exe
  2⤵
  PID:3404
- C:\Windows\System\tlhTrwI.exe
  C:\Windows\System\tlhTrwI.exe
  2⤵
  PID:9256
- C:\Windows\System\YytbCbs.exe
  C:\Windows\System\YytbCbs.exe
  2⤵
  PID:10904
- C:\Windows\System\qvwSdbk.exe
  C:\Windows\System\qvwSdbk.exe
  2⤵
  PID:9188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:8700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bmbxbc3c.dkr.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BeYBKXy.exe

Filesize
1.9MB

MD5
40be4487f4f35258ff60e9cbdc5cfed3

SHA1
adcfbb79b302b36948097229a976fe7a2739fc00

SHA256
1d5a4f309716c0dd2b52d2aa9231891cc4e919fe45707c892c601ba91fe3ae09

SHA512
e8318d5c8e4249e8d72e44918b6b10b39ca2826e72b9298c9bbd7d8fe4e289d845a825722d6b34f0ee106285c6b00435b0f7fadde0686a68d1c0d0defa38c7a2

Download Submit
C:\Windows\System\BeYBKXy.exe

Filesize
1.8MB

MD5
80f9f1c8beac0a2c6fd8292c7e66574e

SHA1
2c1ece98536d3057993ec8d16210a6988dd7519f

SHA256
a8c128be11ab847dcf829ceccfe00f4750360f909172c2e6eeb6954f537f685f

SHA512
033db2738b671a15755c1f5d6470d8b3855496e8a436d7f138bfcfc4d253e251b7f580cf5d7543577321cf3e6cd4d8769119cf783e1e6f7ad0328ec9f6d97241

Download Submit
C:\Windows\System\DDvzrzK.exe

Filesize
2.8MB

MD5
ca247397f9650b8166343e4c423395fd

SHA1
a6feba3e2268d4df1269ba41038afdc3f0a16ade

SHA256
b2d2831bcc755c495c81fefa2529f02ed7ffad116b4887208735592160c592e8

SHA512
89ad925b576b8cf7f8db6359b190e30fcc7cc5f4d83706ecc103071c85b49abf4ed81a3845948a3d8766ea2c45e601cfc72789c83996a31994a64861ac2a38c9

Download Submit
C:\Windows\System\DDvzrzK.exe

Filesize
2.9MB

MD5
993104965d81a34b8987f9a56ea79998

SHA1
4cf31b90c256969ca15b07ddced027a59c4b281a

SHA256
581086132002c4f5d7d497cd9990d82da33250b2a1aaed84c6b33efb67c1f018

SHA512
7718e0d06ebdcd09cf6369936e3a9fea0712752fc47665380bbf593d17378251aae48f7434fb1c0ef248a637f247f2d8ede57530fa6bb3e95e79c3bf3d247d65

Download Submit
C:\Windows\System\DlYYkMF.exe

Filesize
1.2MB

MD5
cc468190a224b2a494ed8ef2a95974d0

SHA1
0a85cd260d79ae42d9f3fbd7a0a94e402a2af7af

SHA256
61577629aeba3fb54b1dbf1f9245b002a6044fe12d41d7d7f02c0f4f4e0d2cae

SHA512
c4c6951c9ea7af66a9de35c3871d5daaa35d52fb39609624be44073bfb06d299d11bd9aab1387ae828f2cb97fdb2ebed8132a4e7a3127d427a8fd25d75a6ba67

Download Submit
C:\Windows\System\DlYYkMF.exe

Filesize
919KB

MD5
2971f5d867c31fa2a0fe4064d562f6e8

SHA1
3f06a6ec77e1eada6ab49a31303563d6c319437d

SHA256
70fd19e48d76a509b56dfa7b46bc2f3af2bc8cb82f5b54b61eb9bcea66f2121a

SHA512
cf30053cd4cd1047b8a4510bc5be655d0483240af3ebbd4ff1833e4be62969866ae2f8fafaefde2c2152e77c10c9bb7049e0d4e0790fe28319aa53b4b8390784

Download Submit
C:\Windows\System\EEGtbvX.exe

Filesize
2.2MB

MD5
12d95a82fdc31b132aecaf8cb5b624a1

SHA1
45459dab492d25b68cc605c204f97da63b42e3c6

SHA256
5844808c625176be855a7a364875b33ac96f4c59a620a3bb10b917d5f65d00bf

SHA512
1236ce5bc416255a6cfda652a235aff29890cc0d920d48be7012c9f6e70960679c5a2aa78d19ecfec0366e0d21ab7c11f1acd7bb741fcbc5426732faccbaf95a

Download Submit
C:\Windows\System\EEGtbvX.exe

Filesize
2.0MB

MD5
64ade99a9b4e1809cbb043e0846bb728

SHA1
26a1137c037db09d7aac856e1730af5fa20c4ed5

SHA256
7823192124af1293034583e4800e37f7fd9efa74917e6cc71a901797db6551cc

SHA512
a685333830499b527c4de28b71419ec94cff7a6bd2a18b8af6b1920c982867b978112dfb9d1b1ab4563761f33cf3252f6ce2d5dc62ed016d1742f2f2f5ad7d03

Download Submit
C:\Windows\System\EkWYzeF.exe

Filesize
331KB

MD5
30d20db07193d6360118a94cf4c3e6c0

SHA1
a9ceec35315a3478b9c39879c3111616dd2bd495

SHA256
d988bad4b73401b4f19b02ce99a26b2e434a21e0e457e57efccac567aa1c9390

SHA512
6ada884a894196452d6167407e56786dae42490f155be83994806d47264464570c52e8b904423904181524fda118cc918a971d2abca38685929e202880fb9e4f

Download Submit
C:\Windows\System\EkWYzeF.exe

Filesize
387KB

MD5
9042408378b9f646826951b76676bb7c

SHA1
58c96c372c02630d0aaebbcfd03cd6a4ed7f268f

SHA256
cf4ca03fa3ea177981170be93546510d830128d64005ae36b2917c86ed3dda97

SHA512
fe9805e1db445fab8b5c73e7a9bf4a28a15f8023194e46d900a1a91c644d3e8f149b65cb0785f48abbfea4c3e477158d7d51740b0ed274faf3d2f6c77ba29f69

Download Submit
C:\Windows\System\FRqbwzz.exe

Filesize
287KB

MD5
b488e5d332f8221e1cf54e577b27a02b

SHA1
6cd765ef518f97ecbb1cafc37da9dde62f825717

SHA256
06fabf84a3d07beb1aaf78e851dba2a866184f20482a026efd65ab516578d424

SHA512
bda459763cb905d165f5bc2a83c086fd856be90bc9884e6e9886a783ee8a66ab4eaf4d79ea8cdab55dc23ae5944be1d31f23654226fdfcda5cf7f9a08df8b53b

Download Submit
C:\Windows\System\FRqbwzz.exe

Filesize
300KB

MD5
2e7a926eab8e6d0ec3b444983414fefe

SHA1
77a83d779022a2bcd296412c90beeafe4c34d266

SHA256
2554fd10f5d9a63597a8e8f13b69e9fe5d66d2b0038c83de15c4a1eb31225ac6

SHA512
ebee3f4c4d40e8215a6a236577e6fc9fabc82885ab6deab39efe34b62c275ddee5e4be6cf35c3b487c7b12a48eb79c9762b2d15c1d0c4be0be51ecc5b23edb09

Download Submit
C:\Windows\System\HWFGYtm.exe

Filesize
224KB

MD5
01a626a5958cbf6aa83bfd3e21743d3f

SHA1
4d42a7d262cdf86d58ac51972d28aa3e923d58c9

SHA256
86f3027e2ba8449a695afc004ab50c2cec8def84a2a39e08853fc497c607b776

SHA512
bedd26b47e39a1a63f2c1b7d18f9a2f10301a1d34eb4f2543f3b1f5ffe03d544bfaa2d8ff863b9ed433a8d576be4aac2d12582ee9d86bb494b86f348ee65a618

Download Submit
C:\Windows\System\HWFGYtm.exe

Filesize
2.5MB

MD5
9a6b7ea1c635fbd99d65350fe91ba279

SHA1
cb11629ab7c7ee7f81951f434bfc961c4f01d83f

SHA256
94b29492dc3fe2b5745d34cff20c7897d001963683ef71194a8ff4bb05e6839b

SHA512
118a34ca2c797fbc75724dc67c233cc64c691573bb3656a5d83642c85f2b38bc120237e1ba2d6e015cd916cdd52d5a8e1b1ffae3e12df59629536a5cf0324bfe

Download Submit
C:\Windows\System\JMPRdyj.exe

Filesize
705KB

MD5
675ef9e2fa8baa1b05e135af717e5996

SHA1
a3c0c214722a23b62b2801127e40d83957e3e512

SHA256
f4ec2d822a3a57f5ccdb7fd4bfa7deef1521d5ca80d30e085924feebd8d495dc

SHA512
b5079a80db91aee7bfe10f05aaf00e061d6548dc4d6df387ab819f3a7086c2a46a859ae257ba5ba7467eccb579906451e21a8131ae63d3478163a35b630bbfbe

Download Submit
C:\Windows\System\JMPRdyj.exe

Filesize
641KB

MD5
8d4a8193fb5a1d837876fae9c44a1ac0

SHA1
ec670423b88cdaa4398718db3a63cc0e63e9e20b

SHA256
457d15ec2ff38e1a342453678c89c739996657dad40e6d4398c5831c37ca5167

SHA512
018323ae43afba89ab73137753def8c33f15cc7b058a1d0ee8978fa5f7f1cdfd76d98273d3116788c07d67a1cbebdaf830beb24a228e5336c454511fc8d686b1

Download Submit
C:\Windows\System\JeSHGpE.exe

Filesize
2.7MB

MD5
5e5092ac0f2377554c3e023c1dad14e1

SHA1
304acf37a565c2476ef53bcac1d4a6cb170f5541

SHA256
cf8047b3672201e83d7fa539e1d7803bc8b36abb19b06910c06b861c555c58fb

SHA512
d55fc4276f2334d3c9fa84c369ad41d4ae50c9635c4fcca0815f077a659e730aa1a4ba9e123790049578a1ff30c35955cffaa805c371cd581030be0ec7c4ff0a

Download Submit
C:\Windows\System\JeSHGpE.exe

Filesize
3.1MB

MD5
f6b3ac5b3315568d2838dfe4baece0ea

SHA1
fdba1c3c0cd58437de8377fe9ad0c604438002ca

SHA256
85c7b50fe3112655384acef29de9921e31cfcc1e196a0d1b83c1fa7949e522e0

SHA512
15d0abf8bb8910d4c3a18072d84d02259d6da6c1c8e2406baaaf4dcded3deeeb2ac2cb1fff2fe37844ea346e6bc8479e045b29ead3bd82b7e80c9ac3702133bf

Download Submit
C:\Windows\System\LGcwWgp.exe

Filesize
106KB

MD5
c1952070e6d192a3c08b83946d8d6ee6

SHA1
ee2fe14740f8b8d768cb252b298dc7e41c33b8f3

SHA256
90f21d17f8825a092d57ed2410e428822bb1b21e70b10f06da7b9d9fb9a0d765

SHA512
ae5a7ae34fe576102884557b7328d356908949cc8bbe7074c16fe4b09d1e3380f20e24e332fef6a42654432ab2aeb84edca770772628af634a11d66294b3671d

Download Submit
C:\Windows\System\LaKKiwB.exe

Filesize
264KB

MD5
009c3bbcdb37784e80e70414f13d046a

SHA1
c3b16ff73f3fde3eb33a1404b4b6a99e5417cfb9

SHA256
406a49a94d8f511e8deb731ff18cc1b2bf21109b8c31524115c09c638ccf94cd

SHA512
f2c5aaa0ec55d1750234f28be46af49578aaf5eb9eea0cddd77051fa63d5bf76ee91ca9fd0bebb5eb73d5605f19afa91e2b99688c9ea50a3e986696ff338a555

Download Submit
C:\Windows\System\LaKKiwB.exe

Filesize
2.0MB

MD5
5203be818c90e7ea0febc78a2b342eb6

SHA1
1d269e170b3a39d65fa964dda2ea4db1af8db7a6

SHA256
e1063f53966d66d19f0c35a1eb204e93f066a4f30dbbb7830909baebed0b7110

SHA512
3d6377eff13455f37d53b898b31dc238d27d8c4cf05732cf84c273b77321066020265d9ef4eda3fa3b18ccd887d30b8a84144d5ff01aa7a144638b086e8464e6

Download Submit
C:\Windows\System\LtGoMbP.exe

Filesize
3.2MB

MD5
d4f04d28a7717dbc1e41011398f6b0ed

SHA1
dbc918188ec84046e5f275ac7c1c20efdd3f9035

SHA256
ad64af3343f5e02c7339843d5c2c9c54af9d3c2082cc20140ea606180af4b339

SHA512
ba02c005fb6191c81246121590144d17d46d2127872f6c95129ad5436b18db62e09d2098b7a3d9fcf291390ed08de01296da0813d8569406ae9e63b7eb05a92f

Download Submit
C:\Windows\System\LvVKODD.exe

Filesize
256KB

MD5
88378dfd338095457afd4118632d1638

SHA1
72d639166d2ac9e089c67c4d5d3bb9c469c4a91c

SHA256
fbf5e2889e8f26ed9fa194de059531318728f6b6119312a77d0520d7f69cc6c4

SHA512
9f8718a49cf1955035e70ee2f5bdfe60308ec4722eddfcb1d204c3a701c29fae45cde0aebe2898f85e9f0fc4d144489f9f4c7087f1985fd29f13673a09a0be55

Download Submit
C:\Windows\System\LvVKODD.exe

Filesize
64KB

MD5
f61c033bf90b57d89bbda83991a10cb8

SHA1
4dd1989432a3c70ae1d2a687aed6495d1257fd5f

SHA256
dbf10af3247ddefb7b9c32009a80a6bf7d4375b499071bdb078f40bd53daed8d

SHA512
4fba3cdd8da9ea55317fed64c7e23f6810baf3b5e602836f81078cdb4f71e6da87d5b82e0047f440ddc702d4fe26c4c03bc618ca357176222ea8c6ddc485e7d7

Download Submit
C:\Windows\System\OgNoNuS.exe

Filesize
2.8MB

MD5
4d05df79893790ff59254ba0c2af77de

SHA1
db143395fd38a663d3a10e481be11dc22b190e78

SHA256
f210a53535aee974481a24a00d50caf3552dfaf4594b518e824b2dd83f317ce0

SHA512
4199ac6c260ee4484b7446ac3a5c331ba806d119541e38f4cd651f98f0d6bcca07dc9d5da871deaefa46cf305a34f36d0edc91cbdbbeeebc7ee8ccc64dfb4059

Download Submit
C:\Windows\System\OgNoNuS.exe

Filesize
3.2MB

MD5
2e7d7ac0b66d11fb64f05e095a6c6264

SHA1
a6ed65bde3b86188bb4f95d3e78b8df6c1cc6b55

SHA256
6cd5c73777487732839f95a64a121e82f4c16795a55cbf402764e7e81d1991d4

SHA512
34f872ceec652515a935192d4dd55f222b9234e90b22dbe4e006749505bf96f2b1c1524f98e3aeda63c800a69359d8cafbfb7c31bb578b7c1c81569571940b8a

Download Submit
C:\Windows\System\RVeyLIa.exe

Filesize
255KB

MD5
0c13dad06678d067f2e141b2c69dffb2

SHA1
816b301595566c44b1f729568c3abfaa903b69d2

SHA256
cfa0f98965dda9a3d831846c702d9fa2b7cbae510374a87c79db79e7bc1d9a58

SHA512
1b53634b5d47d5ce53aa24bda39effe395e4a95617c47495f9f187b9382d63c3a11ddbbcea3c182b2d71307eebe01980fb0a16c318210509d9e9c2b4e590f6d4

Download Submit
C:\Windows\System\RVeyLIa.exe

Filesize
138KB

MD5
bcf8c2f8ed411ee5962788fbc523d425

SHA1
82a5e6ee86bf5bd58eb53bd125bc9e84bc71197e

SHA256
a86955a1789fe8d0a1e7902cca7cc7bec066470cd66184bd3398d64544779182

SHA512
8ad3f71952a02323425dc345f9b0a72179939c1cafd2b9029002b6d6cce10fced34db94ad0bfea985d52023d0115e7bd6a21c0ea2fe3b87012a5a0fb84d39b0a

Download Submit
C:\Windows\System\ceNeZdy.exe

Filesize
1.2MB

MD5
97c0ee6506603560429dc26dd2ad5cd7

SHA1
6e7b071093de08310bce6f1b37dd551889a3b165

SHA256
0514580f02a28657b594486d42424bc9bb86f1fefa162d415a2cd1ed8abcf106

SHA512
4a22d7233d0855637aeebfe7418ab104e90ecc76112fb80f924b4905c3aadc7050f47eafc4963aeedd0ac56600e77175e1e1673c7813758601d88805a8a88bfb

Download Submit
C:\Windows\System\ceNeZdy.exe

Filesize
1.4MB

MD5
c07a4dadb3a1539a8b980ff49bfd6134

SHA1
b1f886ad0a3de72691c1c6f68f57ab0494bca5da

SHA256
28b4bc15e32a39daadd5770a969ee7f957abde3a160b22e55d99d4d8bc808d73

SHA512
3633aa8602c300cf40f98a6009a86f596e1b5e16af850f87033462172e5f2d67468b3fda9427b5f045828b66c665afbafe38d8a39dbffadb9674ec21ea76feff

Download Submit
C:\Windows\System\ffbJIuj.exe

Filesize
55KB

MD5
436553c83eb4a75d34cf9b5682ad3ec4

SHA1
63bb476f4ca87762dfe76aaea45e527f6b5d0fc9

SHA256
44bb08b54493151564406ccd9eba0030983da478e835096f7ee9b34c7cfcab1e

SHA512
8135e2b01962cbd08f18480c1dc4c82243c6dc39ab92505999d41ff6e951506091bcbb01d706e4eff9600604d0393daaeb59d772f1b401f6aae2bcee7b1e38eb

Download Submit
C:\Windows\System\ffbJIuj.exe

Filesize
42KB

MD5
ef78f660a21a0a10707ca42e8a088ce2

SHA1
8aacb7f59aab478430fad040acb8bd774c18de22

SHA256
ac589b720abf16f593c81357c4f046f2d9690e17a82c4abae4d19fc5fa6238ba

SHA512
ceb499049d469f67a4b7b0c3de49cb04f1b1a52b6f4330ffb777f316fb33c2ef580dba98c2c741411f2316da9e854043f5c2d1acf80f9ae2f14f3ee006f48bca

Download Submit
C:\Windows\System\iIgkLBn.exe

Filesize
950KB

MD5
095b936620e37592f80cd0dada5c1ae8

SHA1
5102b75c4093552e5599b40bbf6f94bee772fe03

SHA256
31e6ef3da9c96f2418422d5ee82e9dd2633800fd9aba249145f9d8eeb20d1f93

SHA512
c32d428e175936f6307e895f257d23ce9fd91d16464673ed550e7229af7899cd74b7655f60d8615d3f4684b8723118d9301f73826fb74cf687b5c49102bb66ed

Download Submit
C:\Windows\System\iIgkLBn.exe

Filesize
312KB

MD5
00b64e0cedc28f800f2ffa719506aa5c

SHA1
7c0f3893a864bd9e20496409825a93d044d77ba3

SHA256
25c7ff29b3887928041af327b3e0409ab94b42e200316f7bd9f2a5bace0a1d55

SHA512
2be47744298783942c8d0c4e01e22320fc8fd7126b4fd60400bbb85facc931c735cb36e40f6ef5f3df62f07194373c42241b56c569360c7e251184482f0ce352

Download Submit
C:\Windows\System\ixJxAUQ.exe

Filesize
2.3MB

MD5
a09e4df015a51bbd8e9e6fec395ec300

SHA1
d6e6ef25601760428a662747280fc040670d3553

SHA256
b14cca77b5e71139c64ad23bd82fbf8eae27b31094003b98974c70044bbdab39

SHA512
dd53387fcc74748aa8f23a99547e4f2686d2e741b61d7fe4d23d6c48c7bb8f5bdc39db8b7c74fd4a86217576e08ce8dc777caa0e18b8e42e720fec00b8d35100

Download Submit
C:\Windows\System\ixJxAUQ.exe

Filesize
2.0MB

MD5
d889bd235b11b584d94e65f5e790e15e

SHA1
cd2a2c24fd709f2c2cfaa1e781bb6ab8a2ad2497

SHA256
2e0a8f6c8d48abb7e91e376d4a93569d7850a7367527af20a7f974eb97c8e389

SHA512
9826eaac77c27207660251d4e831d49480f1ff412bb207a56da6ce0202af21865ef89b25cb817c5fbde752969da4880f43cf63c85e85ff198ccaf4876092cdff

Download Submit
C:\Windows\System\jisBLZy.exe

Filesize
2.7MB

MD5
f595c3319d27249e7373b03fe813b097

SHA1
518a7c47513d29ef79f1e42ecc3221dbcd38b0d9

SHA256
734590eafd975a9b41c35752cd5b15abba74eb239daea89d31881dc9d331abff

SHA512
ac45619a972e18c3d1cd61eaeb8d122a367e37677d82bd0ce73c6dbdf32e8bd01f8fed521abf53694fd2967146711be6a162c4e6ff8ada35294e46d71d774377

Download Submit
C:\Windows\System\jisBLZy.exe

Filesize
224KB

MD5
37d55f299718615cd74b7c7e916ed5c2

SHA1
9dd25b27ce4ffe5e616d14d0bae02a826ddcd620

SHA256
342d5bd9d6ad19bf2f166681225b5db29e358f461a64b2e22004f4dcb6380248

SHA512
4349c4c4de9d407e7b338e1ee399b2152ea61c3178f7a490b13890b80af92b7d82af3592d87e51e225d8a5fa1e55088d2b8f5baae9cfa6f377c03c4999a63fff

Download Submit
C:\Windows\System\khZCNlV.exe

Filesize
1.8MB

MD5
3e196b549bb33c331dd70f7a5fb30037

SHA1
d5949e78841f17557049b2660bb089c28b6a1871

SHA256
5d78f09c08a99ce132bf1de938dfa6314426aa382162a6ff51821e92b235ca96

SHA512
7c2b2931a7e2ca9e9bc73a22fb8942edabefabae75c72c482dd447a4f1aeada8fec3ddeef9685b81b88e7163788877d9122832bafc70ce77c04a1bf6cc0b9500

Download Submit
C:\Windows\System\khZCNlV.exe

Filesize
217KB

MD5
e44dac79b100e7b6dd6a74d70191288e

SHA1
60eca635ac21b19d018dddfc80b7b50d692d82a6

SHA256
8181c5813a8018e133436561939994bfafbe2b70c0a2efec1311932df210db65

SHA512
b735227e42093eda25284ae261d46d3c70aa63e7ba8ade1d92dc389a3dbf69769db120e33a23942b5ba8aba371bcf0a3d4c490f538bdb92901f5d7b674ee5368

Download Submit
C:\Windows\System\mZLdrAD.exe

Filesize
98KB

MD5
d7226be8603c750ed682c8eeefcb3828

SHA1
fed3fd01aa86a9a4e49ce5b25d8529f27a184bb2

SHA256
99ecbaadd1011f2297ca200aeb3f0d942b87bd250644948dec32e4e18f75b070

SHA512
c1506c75c59a7c6114539f09e47064ceb8627b0a5066885f1b3567b4d5f19af73960e66171ef9efeabcb6b752b6b58ce523f2bb0337a720fe5327aeb84bf0e04

Download Submit
C:\Windows\System\mZLdrAD.exe

Filesize
149KB

MD5
000a84301d08d276503a8948a83e4917

SHA1
18f26f9760616f181d83aadee454fc9c4bb6724e

SHA256
36fdff4585fea942c5c9d40c7bc917adda3f431e115a8d26e0172332d81cb1e2

SHA512
3e26db67caed3ce00909bd972cf9564d1361c7e97b1d535a87efe56cae21359765fa8eaa596d447bee4d3bfa2a1f8f466d174a9ccc4bf11e313db57e21336bd2

Download Submit
C:\Windows\System\mzGqmBO.exe

Filesize
176KB

MD5
f7a7fe771dcc21f1b09e48e47fe608f7

SHA1
a4ee668d1b211f9a9265aede468323a22d4b758c

SHA256
71643f000263c7b2385f6554b72433ad2f393864e7650fc02784f8bb27c2f16f

SHA512
70a20649e187fa80fc14d743b8b456cdb5abb369610c2cf173a306f35bebc5d4d27f8c520d4fc0c1d8a28fd81189eaf495095edda514a153e09f75f216b2806c

Download Submit
C:\Windows\System\oByKtVZ.exe

Filesize
213KB

MD5
85b54847ed6d7925da19969427ccc41a

SHA1
b1f3e0b9d233068670388b1459393eaab97a61aa

SHA256
1ad7411f5b917a8ff8d82bd4a2a1dffac4f7fc62ff38aae8934053ef3eaca2c2

SHA512
aaece63ad502d0a0a11153ffa300cf28dc6565f838d000bcbba538b76be6ee37ec09b325036eebe57cb30df5a77852ebb6849aa7b61bdf8373168130d003129f

Download Submit
C:\Windows\System\oByKtVZ.exe

Filesize
326KB

MD5
918810eeec720446b12c1f85dc435570

SHA1
9797f63559363b16230fd1d0e9d37a364f6e3dca

SHA256
ec601de1f33f1ea72eecdb8ef496f01a12abd8394caf8dade5f51a149151e6d6

SHA512
3b7b7ec151e0d2e5557bf4e6f0c4392a2061df04cbc25e5d99bd06967ab7f0d1b1d81753e9cdc461edce3b80c3544a5985787d7b073291ef29c6088a534cfd55

Download Submit
C:\Windows\System\oUfVPUh.exe

Filesize
710KB

MD5
9184dfeb4a73c97a5db5daab0d645c80

SHA1
a1b0775e9d06d1e9ae3bedc1c2a732e02c10baea

SHA256
fcc654c81b9a7441abda99d2403e81c45eb5171335c3fdeca5a31f141470c9bc

SHA512
f894e050286414d2859a78f4d664f65c974485c59eff5bdee1f851476211099bc9e780873f106257973dc3301d11ff5bbd4cb076dbaa436d148c537feab43fc7

Download Submit
C:\Windows\System\oUfVPUh.exe

Filesize
143KB

MD5
aa1bd1b3c2a61ab1f21d1a889e67afa5

SHA1
fa3fd97488a43f14a41b7660c497696f16ea33c3

SHA256
ed8795dda9b3695489e616b2f3e539ca13f545b60d4a8ee901cdc4512d541bf5

SHA512
9df32c3ea8b71d863f0a2393c6bdbf2bd3cc48a22748eb9a886e46a46d330af77011d4d52a349a6f33626cbff58edf5b38230137df3c3cdba041ff8d5fa2a496

Download Submit
C:\Windows\System\obpsMSe.exe

Filesize
177KB

MD5
4ca9e4e916aafac627866f05f5a2c31f

SHA1
082fec314076c8005fbf729b2cded8e85abc8e5a

SHA256
23cf8c42de0a7e3a8b96ec848e22bf278fa1eeed4cc9e6668ac7d376918c5c2b

SHA512
d31e333c2482046324dfb1c1be967fd1905f747052e16703df6575e4b79ff512c6804a0b89167ff11fb923b74a678fd0291b7721c62f6ad1e667c41b4a47a4de

Download Submit
C:\Windows\System\obpsMSe.exe

Filesize
1.8MB

MD5
927710cfba812bda3984597d8c05da1c

SHA1
8dd7fb480014c0f218d2d016d6b361822f4853ec

SHA256
6b89e1c02a17236620cefee64320d2a94bf06d361b7a0b1d4c15848425976933

SHA512
42e8eda21da25e313e11c494b0cae2a0a90468960c9d0e49aa87349e33dd4c628847dab6bb2dc0743d1cdc6ea36df01ac133b6bf2f5abdc6edcc3773c64e430f

Download Submit
C:\Windows\System\qUpsXBV.exe

Filesize
576KB

MD5
b2ba68a73db4d16d334d6063c3c1d96c

SHA1
40f751860d05a0720c6e70284af3a93985258e50

SHA256
154585394c1b63e96c6563a77bfab71be9302b3e98e91b11756552572770acf3

SHA512
27211f7987b788915c444d43a7d7201a76dbcab87665ec02c047f243e47e5e13cac553b7cd6c3e269268e1ca81c5671fc9c68729c3f3573279c86374123724d7

Download Submit
C:\Windows\System\qUpsXBV.exe

Filesize
512KB

MD5
11919e0af7b24147ac37cca00c131c08

SHA1
51eab11b595b560c0f72211a12292f040f64ae1d

SHA256
a7af9d97db88616ccc62ccadac85874aeaa7586513a10601cac25ae399e8a745

SHA512
9fcff0829323b730f336c14aebee40a0d3e43ec1ddd2fea6e8f617259cec15b88841574db7ae5b34cf89ecab7ba6878fef9c1fabc26d29234ea49badc2dd064b

Download Submit
C:\Windows\System\scMKfgW.exe

Filesize
894KB

MD5
99df17d9b002b5d73fe1af86502af672

SHA1
c2309b5f108b841ae59e8657c40de8de847e379c

SHA256
98bc1fc291e4610ef3eb64419d69abadf7f44abfbc377a6d598760c9ee31ef0c

SHA512
efde41c0437841b12d29b4f8704f1041fe8ae02e6ac5f6951e2a92b3223cf4216e0800967f535fb8fc760d5450a135d723e44267bce62f8d0613c85062dff153

Download Submit
C:\Windows\System\scMKfgW.exe

Filesize
183KB

MD5
6c6eab5e72c4f353a909fff33f3469db

SHA1
db6f1e943f4064beb3384165f705ec90225db821

SHA256
20c5477217027cfdaa58a9e3f29860d142f4102fa20d59d3f236df228eef036e

SHA512
1c9acc877e8a5b1c0065d0a35b5af4b42f5c289ec6279a888d1f07013ef692b596bc98f8a94c475986a78128e53745e30dd2a6a1261bce2dab57635f94f9cefe

Download Submit
C:\Windows\System\uPIFQcg.exe

Filesize
8B

MD5
890903962eda8433c4bf90d771684f99

SHA1
7f8f7b02a55d2698a8af5512bf4728ece5f696b2

SHA256
18444e5be4d3a7890d1803adf8c67a414e46a3f9e70d9f0195de9d987e04c441

SHA512
b9a46107f280cd1369a47d47944d4af2a7d0f74adbb8a49187ee2f52fa6c706c8206cfdc85d7a27fc84eea5103640a34c7996d1fd07b8e62a24ab539f9adaf3e

Download Submit
C:\Windows\System\vSrHpsV.exe

Filesize
2.4MB

MD5
057185d221aa30d957b6ddb58c3cbc90

SHA1
f045ba454658392789096a4d321b73fe3eaecc40

SHA256
376e80083c9885fff803e39be50b58c1a87e0793cc1a632a909ea5e8e110c50c

SHA512
8881e8cbfb0900d42979ddfdb265900e18a7d22908c2a4cbfcaa57d3dbca5d6456907d4cab72e7c3994d93d7a682935a6403a3046720a97837d35f0c7f97885b

Download Submit
C:\Windows\System\vSrHpsV.exe

Filesize
2.1MB

MD5
74cf984b55214a05ae7ba143c1cbeb2a

SHA1
08bec62a1dbe5033b2bb34f63f2110c2e65f3366

SHA256
08feb3598b53d9b1599b2c5f9bec25d2f62a9ac986af3e2a6df3fad1fdb609da

SHA512
dda4922f87815c7ee6f545efede95084cf74d8c25798bf5e330ad112fa7c952a70ee470848919ec3631cae88210b5610ffa50f9ea44efd3cef5ff031ec6cc4b2

Download Submit
C:\Windows\System\virLKgD.exe

Filesize
1.8MB

MD5
ad3c14defd4a06542edcc54a3f3b8372

SHA1
ae48b58af10c08c03f1f87c2b161a3629b2b112f

SHA256
00ea2ddb66f71ef98727562bd09b724e4d6beb8bb2ccf9444670649c0bf84093

SHA512
7091d98e3925bc6bffa3f489f99bbd11938ece0c3aa7c39dd4ded12cb18261bfc3405cf809a52af9af3fb6aa9d5408b1a77f59c8ebb9aaf3445ed07ce97f8425

Download Submit
C:\Windows\System\virLKgD.exe

Filesize
1.9MB

MD5
859c1f91fc15abbbff0957aacca81917

SHA1
d405bf6192e6f8fa6b0b4b8c0ea0d5a1bb7d9bd7

SHA256
1f6c19e67cb9acc767f065cd462baca7168f13773fedc1350d1dbb50c4b9820f

SHA512
2b6fa1a16675e9502d6ca37ac860ef512dff1715d5be05af778eca9ccc3c92ede0ff717149865eaf2b7e8bdc4084ac6e2a889aeaedb9028e8df23ec4beb725af

Download Submit
C:\Windows\System\weauZmW.exe

Filesize
188KB

MD5
085d0134e9f763b1fc6ff658b880f2ee

SHA1
37d6ce1daea9352043fb3927d37ec09e7bf6f895

SHA256
025e0aeec921bdcaf612e43cb03f12367667beac05026a3f553cc11b3ca7e9f8

SHA512
af166348c545f3ca3ebabcefe9720e5c14825c02b4b986a9fd4958149addfe407df9339113b14c8bc94ac4d4b821ee1ac3a3b97a120111761abe719616420bbe

Download Submit
C:\Windows\System\weauZmW.exe

Filesize
382KB

MD5
61ad113f09d292a351ab6bb9b0c7db29

SHA1
eeab2b6552fb9168e77f6ab03e81ebc4481a482a

SHA256
d1dbb07f202cb00db49c653934e63a0c691c3460ed8b8a421c117ff050f50b5b

SHA512
2fd446347c6d0c19a5663571aad5d357e28568e33fa61283ee6507ec24acfe1f24ffb62670c581a3d27b5c16c5b972a9c92e853a9651f9edd2856a961d2ad5ab

Download Submit
C:\Windows\System\ykTNeNP.exe

Filesize
933KB

MD5
2c9549db097f2006ecc5a854262bd4bf

SHA1
23a49b80f6a2e9fe38c080a18b3580e957e88155

SHA256
3dc2888c5402640b9bdbe24cff84d82865dce5236c65bf50f3606807ed04ce70

SHA512
ec96d3fd71d27c86bb43941da914b4261c74cd2743c00066f8f086dbae30778d57cd67ad2d3ba59e2ca88645667cb5b01af5459137fa63a9dbcd6cb78ff68808

Download Submit
C:\Windows\System\ykTNeNP.exe

Filesize
1024KB

MD5
ccd7e31144c9a6c08a27e3bedd8595da

SHA1
7552e10ef0c413d55dd4eb57ab8f205b233df64e

SHA256
255ed5e02f8a0c643044a2516cf5a6f7f24e4307347872f0b33f6db87e9350a6

SHA512
c8fdef843fe6cf141f6e4a77f992721adc0be2aef770fad32a257fa90c32a312d6a7ae40aaaae8be5de0cfadb869a45cd1688821f5fabf67cadbfdb854c24ff3

Download Submit
C:\Windows\System\ykTNeNP.exe

Filesize
1.2MB

MD5
7f8e0a6822531fc1039d8a6bce159083

SHA1
47f95f1a7a9eaabad4c50ffd816906e278c8681b

SHA256
7a9b71aff99bdc53b469fe135d78fffcb8e850e481cd5dafb394f3135a4b110a

SHA512
3e01ce51d419b5de20cca0c3752b0e65c3202aa31ad07946000247de428decb271df4d7e3c87c55d789b045bebf11c9d1f77094a55f7186c779e72c45cd12ea4

Download Submit
C:\Windows\System\zwYJoVh.exe

Filesize
60KB

MD5
bcd3120cfaed40c19da22c2acd38e048

SHA1
96d09df9bd249dfeb8495510371db1fbcecb9dd9

SHA256
50eb8f1276a713be95430a9c227a97730347cece234586cfc76dce1a03afae82

SHA512
e81accc759cc3cc0c92bb828f6b1853b7139fb8a58b684912556464ad0d9c11b053f15fad3b5e1a97c5a7b5062449d40454f27eeae18905e9edf2991e2b5a34f

Download Submit
C:\Windows\System\zwYJoVh.exe

Filesize
1.8MB

MD5
04ffd1744862a9d28ef5066e1608fd1d

SHA1
0ffd702f859be790851d74ed0ff2ec32116a894a

SHA256
5240f490d7bc3df5b295d837b37a0b58d04ea07b9f0f25b9a3cf96f1d527d122

SHA512
d961c2cb1bba3f2c5dc411d80ffb83f1ec1a32c74cd551aee46f2b06229f2e233be172532242542a009cb82d18e76dc14e211544673d44186f9be6e6048eaa7e

Download Submit
memory/452-119-0x00007FF68ACA0000-0x00007FF68B096000-memory.dmp

Filesize
4.0MB

Download
memory/468-185-0x00007FF788C00000-0x00007FF788FF6000-memory.dmp

Filesize
4.0MB

Download
memory/760-141-0x00007FF6DED50000-0x00007FF6DF146000-memory.dmp

Filesize
4.0MB

Download
memory/820-140-0x00007FF679250000-0x00007FF679646000-memory.dmp

Filesize
4.0MB

Download
memory/924-117-0x00007FF70CEE0000-0x00007FF70D2D6000-memory.dmp

Filesize
4.0MB

Download
memory/1188-26-0x00007FF64A030000-0x00007FF64A426000-memory.dmp

Filesize
4.0MB

Download
memory/1204-118-0x00007FF71C220000-0x00007FF71C616000-memory.dmp

Filesize
4.0MB

Download
memory/1444-83-0x00007FF7E9040000-0x00007FF7E9436000-memory.dmp

Filesize
4.0MB

Download
memory/1484-162-0x00007FF690210000-0x00007FF690606000-memory.dmp

Filesize
4.0MB

Download
memory/1488-166-0x00007FF63DF60000-0x00007FF63E356000-memory.dmp

Filesize
4.0MB

Download
memory/1500-207-0x00007FF73A2B0000-0x00007FF73A6A6000-memory.dmp

Filesize
4.0MB

Download
memory/1688-290-0x00007FF774760000-0x00007FF774B56000-memory.dmp

Filesize
4.0MB

Download
memory/2004-143-0x00007FF744310000-0x00007FF744706000-memory.dmp

Filesize
4.0MB

Download
memory/2024-41-0x00007FF6F1C00000-0x00007FF6F1FF6000-memory.dmp

Filesize
4.0MB

Download
memory/2276-301-0x00007FF72EAA0000-0x00007FF72EE96000-memory.dmp

Filesize
4.0MB

Download
memory/2296-112-0x00007FF60E2C0000-0x00007FF60E6B6000-memory.dmp

Filesize
4.0MB

Download
memory/2336-180-0x00007FF6568F0000-0x00007FF656CE6000-memory.dmp

Filesize
4.0MB

Download
memory/2520-274-0x00007FF77B650000-0x00007FF77BA46000-memory.dmp

Filesize
4.0MB

Download
memory/2992-91-0x00007FF635D90000-0x00007FF636186000-memory.dmp

Filesize
4.0MB

Download
memory/3156-175-0x00007FF641C80000-0x00007FF642076000-memory.dmp

Filesize
4.0MB

Download
memory/3156-0-0x00007FF641C80000-0x00007FF642076000-memory.dmp

Filesize
4.0MB

Download
memory/3156-1-0x00000235883C0000-0x00000235883D0000-memory.dmp

Filesize
64KB

Download
memory/3208-107-0x00007FF74DAA0000-0x00007FF74DE96000-memory.dmp

Filesize
4.0MB

Download
memory/3312-305-0x00007FF69D390000-0x00007FF69D786000-memory.dmp

Filesize
4.0MB

Download
memory/3544-223-0x00007FF635620000-0x00007FF635A16000-memory.dmp

Filesize
4.0MB

Download
memory/3752-114-0x00007FF716620000-0x00007FF716A16000-memory.dmp

Filesize
4.0MB

Download
memory/3852-25-0x00007FF6E6290000-0x00007FF6E6686000-memory.dmp

Filesize
4.0MB

Download
memory/3992-131-0x00007FF7B7000000-0x00007FF7B73F6000-memory.dmp

Filesize
4.0MB

Download
memory/4148-279-0x00007FF6B7120000-0x00007FF6B7516000-memory.dmp

Filesize
4.0MB

Download
memory/4148-123-0x00007FF6B7120000-0x00007FF6B7516000-memory.dmp

Filesize
4.0MB

Download
memory/4236-230-0x00007FF63A920000-0x00007FF63AD16000-memory.dmp

Filesize
4.0MB

Download
memory/4340-189-0x00007FF6EAC40000-0x00007FF6EB036000-memory.dmp

Filesize
4.0MB

Download
memory/4360-240-0x00007FF66A760000-0x00007FF66AB56000-memory.dmp

Filesize
4.0MB

Download
memory/4408-72-0x00007FF7DF3F0000-0x00007FF7DF7E6000-memory.dmp

Filesize
4.0MB

Download
memory/4480-96-0x00007FF7632B0000-0x00007FF7636A6000-memory.dmp

Filesize
4.0MB

Download
memory/4636-246-0x00007FF7D8F80000-0x00007FF7D9376000-memory.dmp

Filesize
4.0MB

Download
memory/4636-56-0x00007FF7D8F80000-0x00007FF7D9376000-memory.dmp

Filesize
4.0MB

Download
memory/4640-194-0x00007FF7FE020000-0x00007FF7FE416000-memory.dmp

Filesize
4.0MB

Download
memory/4696-23-0x00007FFE6D0C0000-0x00007FFE6DB81000-memory.dmp

Filesize
10.8MB

Download
memory/4696-24-0x000001B2249E0000-0x000001B2249F0000-memory.dmp

Filesize
64KB

Download
memory/4696-22-0x000001B226C60000-0x000001B226C82000-memory.dmp

Filesize
136KB

Download
memory/4696-176-0x00007FFE6D0C0000-0x00007FFE6DB81000-memory.dmp

Filesize
10.8MB

Download
memory/4768-171-0x00007FF689630000-0x00007FF689A26000-memory.dmp

Filesize
4.0MB

Download
memory/5024-135-0x00007FF6640B0000-0x00007FF6644A6000-memory.dmp

Filesize
4.0MB

Download
memory/5044-32-0x00007FF6A7820000-0x00007FF6A7C16000-memory.dmp

Filesize
4.0MB

Download
memory/5048-199-0x00007FF6F53D0000-0x00007FF6F57C6000-memory.dmp

Filesize
4.0MB

Download
memory/5104-142-0x00007FF7A29C0000-0x00007FF7A2DB6000-memory.dmp

Filesize
4.0MB

Download
memory/5140-307-0x00007FF767990000-0x00007FF767D86000-memory.dmp

Filesize
4.0MB

Download
memory/5168-310-0x00007FF78C560000-0x00007FF78C956000-memory.dmp

Filesize
4.0MB

Download
memory/5280-324-0x00007FF7545B0000-0x00007FF7549A6000-memory.dmp

Filesize
4.0MB

Download
memory/5308-332-0x00007FF7D17F0000-0x00007FF7D1BE6000-memory.dmp

Filesize
4.0MB

Download
memory/5352-343-0x00007FF724AB0000-0x00007FF724EA6000-memory.dmp

Filesize
4.0MB

Download
memory/5408-345-0x00007FF7FCC00000-0x00007FF7FCFF6000-memory.dmp

Filesize
4.0MB

Download
memory/5444-351-0x00007FF670F20000-0x00007FF671316000-memory.dmp

Filesize
4.0MB

Download
memory/5468-352-0x00007FF6D1CC0000-0x00007FF6D20B6000-memory.dmp

Filesize
4.0MB

Download
memory/5656-354-0x00007FF6974B0000-0x00007FF6978A6000-memory.dmp

Filesize
4.0MB

Download
memory/5704-355-0x00007FF792570000-0x00007FF792966000-memory.dmp

Filesize
4.0MB

Download
memory/5728-356-0x00007FF621240000-0x00007FF621636000-memory.dmp

Filesize
4.0MB

Download
memory/5824-357-0x00007FF72B510000-0x00007FF72B906000-memory.dmp

Filesize
4.0MB

Download
memory/5848-358-0x00007FF7D6920000-0x00007FF7D6D16000-memory.dmp

Filesize
4.0MB

Download
memory/5944-359-0x00007FF6C2EC0000-0x00007FF6C32B6000-memory.dmp

Filesize
4.0MB

Download
memory/5968-360-0x00007FF7BDD60000-0x00007FF7BE156000-memory.dmp

Filesize
4.0MB

Download
memory/5992-361-0x00007FF76A7E0000-0x00007FF76ABD6000-memory.dmp

Filesize
4.0MB

Download
memory/6032-362-0x00007FF617CC0000-0x00007FF6180B6000-memory.dmp

Filesize
4.0MB

Download
memory/6076-363-0x00007FF700370000-0x00007FF700766000-memory.dmp

Filesize
4.0MB

Download