xmrig | 6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
Size

3.2MB
MD5

24c9c9af1e37266bde3c8791524165b1
SHA1

bd381ccb173e6bd597c9a56e1f49a317b8bf2bad
SHA256

6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79
SHA512

dcfe87a71e98c6e0c022f2a176e95ccfe1c79867200854bdc88697794b2df535403fa345527438351156788ce47f0f2e2c67568b06e2df99db812e45b7e5a6e8
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWj:SbBeSFkX

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/4188-0-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000900000002325c-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002325e-10.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002325d-21.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002325f-32.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4912-38-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002325b-41.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023261-48.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023262-53.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023263-65.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023264-70.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023265-73.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2860-79-0x00007FF6803C0000-0x00007FF6807B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023266-83.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3144-91-0x00007FF790BD0000-0x00007FF790FC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023267-94.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023269-101.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326a-105.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326b-110.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2596-114-0x00007FF612DA0000-0x00007FF613196000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1012-115-0x00007FF7984F0000-0x00007FF7988E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2368-113-0x00007FF7906B0000-0x00007FF790AA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4480-104-0x00007FF6315F0000-0x00007FF6319E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023268-99.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1312-98-0x00007FF7D45D0000-0x00007FF7D49C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1412-93-0x00007FF6CC030000-0x00007FF6CC426000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2084-85-0x00007FF7A9ED0000-0x00007FF7AA2C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4500-82-0x00007FF6235D0000-0x00007FF6239C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326c-118.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326d-126.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4080-128-0x00007FF68B710000-0x00007FF68BB06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1468-129-0x00007FF603420000-0x00007FF603816000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4340-69-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1188-62-0x00007FF781270000-0x00007FF781666000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023260-54.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1056-52-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1544-49-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3468-42-0x00007FF622260000-0x00007FF622656000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1364-39-0x00007FF793C90000-0x00007FF794086000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326e-135.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326f-140.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023270-145.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023271-150.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023272-154.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023273-159.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023274-165.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4324-167-0x00007FF6F5C00000-0x00007FF6F5FF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4756-169-0x00007FF76A6C0000-0x00007FF76AAB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4108-162-0x00007FF7D2500000-0x00007FF7D28F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2156-170-0x00007FF63FB50000-0x00007FF63FF46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4784-171-0x00007FF6FFFF0000-0x00007FF7003E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023275-175.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023276-180.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023277-186.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023278-191.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023279-196.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002327a-201.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4188-287-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1056-483-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1544-1541-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4912-1564-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1364-1563-0x00007FF793C90000-0x00007FF794086000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3468-1580-0x00007FF622260000-0x00007FF622656000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4340-1596-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4188-0-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	UPX
behavioral2/files/0x000900000002325c-6.dat	UPX
behavioral2/files/0x000700000002325e-10.dat	UPX
behavioral2/files/0x000700000002325d-21.dat	UPX
behavioral2/files/0x000700000002325f-32.dat	UPX
behavioral2/memory/4912-38-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	UPX
behavioral2/files/0x000800000002325b-41.dat	UPX
behavioral2/files/0x0008000000023261-48.dat	UPX
behavioral2/files/0x0007000000023262-53.dat	UPX
behavioral2/files/0x0007000000023263-65.dat	UPX
behavioral2/files/0x0007000000023264-70.dat	UPX
behavioral2/files/0x0007000000023265-73.dat	UPX
behavioral2/memory/2860-79-0x00007FF6803C0000-0x00007FF6807B6000-memory.dmp	UPX
behavioral2/files/0x0007000000023266-83.dat	UPX
behavioral2/memory/3144-91-0x00007FF790BD0000-0x00007FF790FC6000-memory.dmp	UPX
behavioral2/files/0x0007000000023267-94.dat	UPX
behavioral2/files/0x0007000000023269-101.dat	UPX
behavioral2/files/0x000700000002326a-105.dat	UPX
behavioral2/files/0x000700000002326b-110.dat	UPX
behavioral2/memory/2596-114-0x00007FF612DA0000-0x00007FF613196000-memory.dmp	UPX
behavioral2/memory/1012-115-0x00007FF7984F0000-0x00007FF7988E6000-memory.dmp	UPX
behavioral2/memory/2368-113-0x00007FF7906B0000-0x00007FF790AA6000-memory.dmp	UPX
behavioral2/memory/4480-104-0x00007FF6315F0000-0x00007FF6319E6000-memory.dmp	UPX
behavioral2/files/0x0007000000023268-99.dat	UPX
behavioral2/memory/1312-98-0x00007FF7D45D0000-0x00007FF7D49C6000-memory.dmp	UPX
behavioral2/memory/1412-93-0x00007FF6CC030000-0x00007FF6CC426000-memory.dmp	UPX
behavioral2/memory/2084-85-0x00007FF7A9ED0000-0x00007FF7AA2C6000-memory.dmp	UPX
behavioral2/memory/4500-82-0x00007FF6235D0000-0x00007FF6239C6000-memory.dmp	UPX
behavioral2/files/0x000700000002326c-118.dat	UPX
behavioral2/files/0x000700000002326d-126.dat	UPX
behavioral2/memory/4080-128-0x00007FF68B710000-0x00007FF68BB06000-memory.dmp	UPX
behavioral2/memory/1468-129-0x00007FF603420000-0x00007FF603816000-memory.dmp	UPX
behavioral2/memory/4340-69-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	UPX
behavioral2/memory/1188-62-0x00007FF781270000-0x00007FF781666000-memory.dmp	UPX
behavioral2/files/0x0008000000023260-54.dat	UPX
behavioral2/memory/1056-52-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	UPX
behavioral2/memory/1544-49-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	UPX
behavioral2/memory/3468-42-0x00007FF622260000-0x00007FF622656000-memory.dmp	UPX
behavioral2/memory/1364-39-0x00007FF793C90000-0x00007FF794086000-memory.dmp	UPX
behavioral2/files/0x000700000002326e-135.dat	UPX
behavioral2/files/0x000700000002326f-140.dat	UPX
behavioral2/files/0x0007000000023270-145.dat	UPX
behavioral2/files/0x0007000000023271-150.dat	UPX
behavioral2/files/0x0007000000023272-154.dat	UPX
behavioral2/files/0x0007000000023273-159.dat	UPX
behavioral2/files/0x0007000000023274-165.dat	UPX
behavioral2/memory/4324-167-0x00007FF6F5C00000-0x00007FF6F5FF6000-memory.dmp	UPX
behavioral2/memory/4756-169-0x00007FF76A6C0000-0x00007FF76AAB6000-memory.dmp	UPX
behavioral2/memory/4108-162-0x00007FF7D2500000-0x00007FF7D28F6000-memory.dmp	UPX
behavioral2/memory/2156-170-0x00007FF63FB50000-0x00007FF63FF46000-memory.dmp	UPX
behavioral2/memory/4784-171-0x00007FF6FFFF0000-0x00007FF7003E6000-memory.dmp	UPX
behavioral2/files/0x0007000000023275-175.dat	UPX
behavioral2/files/0x0007000000023276-180.dat	UPX
behavioral2/files/0x0007000000023277-186.dat	UPX
behavioral2/files/0x0007000000023278-191.dat	UPX
behavioral2/files/0x0007000000023279-196.dat	UPX
behavioral2/files/0x000700000002327a-201.dat	UPX
behavioral2/memory/4188-287-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	UPX
behavioral2/memory/1056-483-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	UPX
behavioral2/memory/1544-1541-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	UPX
behavioral2/memory/4912-1564-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	UPX
behavioral2/memory/1364-1563-0x00007FF793C90000-0x00007FF794086000-memory.dmp	UPX
behavioral2/memory/3468-1580-0x00007FF622260000-0x00007FF622656000-memory.dmp	UPX
behavioral2/memory/4340-1596-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4188-0-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	xmrig
behavioral2/files/0x000900000002325c-6.dat	xmrig
behavioral2/files/0x000700000002325e-10.dat	xmrig
behavioral2/files/0x000700000002325d-21.dat	xmrig
behavioral2/files/0x000700000002325f-32.dat	xmrig
behavioral2/memory/4912-38-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	xmrig
behavioral2/files/0x000800000002325b-41.dat	xmrig
behavioral2/files/0x0008000000023261-48.dat	xmrig
behavioral2/files/0x0007000000023262-53.dat	xmrig
behavioral2/files/0x0007000000023263-65.dat	xmrig
behavioral2/files/0x0007000000023264-70.dat	xmrig
behavioral2/files/0x0007000000023265-73.dat	xmrig
behavioral2/memory/2860-79-0x00007FF6803C0000-0x00007FF6807B6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023266-83.dat	xmrig
behavioral2/memory/3144-91-0x00007FF790BD0000-0x00007FF790FC6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023267-94.dat	xmrig
behavioral2/files/0x0007000000023269-101.dat	xmrig
behavioral2/files/0x000700000002326a-105.dat	xmrig
behavioral2/files/0x000700000002326b-110.dat	xmrig
behavioral2/memory/2596-114-0x00007FF612DA0000-0x00007FF613196000-memory.dmp	xmrig
behavioral2/memory/1012-115-0x00007FF7984F0000-0x00007FF7988E6000-memory.dmp	xmrig
behavioral2/memory/2368-113-0x00007FF7906B0000-0x00007FF790AA6000-memory.dmp	xmrig
behavioral2/memory/4480-104-0x00007FF6315F0000-0x00007FF6319E6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023268-99.dat	xmrig
behavioral2/memory/1312-98-0x00007FF7D45D0000-0x00007FF7D49C6000-memory.dmp	xmrig
behavioral2/memory/1412-93-0x00007FF6CC030000-0x00007FF6CC426000-memory.dmp	xmrig
behavioral2/memory/2084-85-0x00007FF7A9ED0000-0x00007FF7AA2C6000-memory.dmp	xmrig
behavioral2/memory/4500-82-0x00007FF6235D0000-0x00007FF6239C6000-memory.dmp	xmrig
behavioral2/files/0x000700000002326c-118.dat	xmrig
behavioral2/files/0x000700000002326d-126.dat	xmrig
behavioral2/memory/4080-128-0x00007FF68B710000-0x00007FF68BB06000-memory.dmp	xmrig
behavioral2/memory/1468-129-0x00007FF603420000-0x00007FF603816000-memory.dmp	xmrig
behavioral2/memory/4340-69-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	xmrig
behavioral2/memory/1188-62-0x00007FF781270000-0x00007FF781666000-memory.dmp	xmrig
behavioral2/files/0x0008000000023260-54.dat	xmrig
behavioral2/memory/1056-52-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	xmrig
behavioral2/memory/1544-49-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	xmrig
behavioral2/memory/3468-42-0x00007FF622260000-0x00007FF622656000-memory.dmp	xmrig
behavioral2/memory/1364-39-0x00007FF793C90000-0x00007FF794086000-memory.dmp	xmrig
behavioral2/files/0x000700000002326e-135.dat	xmrig
behavioral2/files/0x000700000002326f-140.dat	xmrig
behavioral2/files/0x0007000000023270-145.dat	xmrig
behavioral2/files/0x0007000000023271-150.dat	xmrig
behavioral2/files/0x0007000000023272-154.dat	xmrig
behavioral2/files/0x0007000000023273-159.dat	xmrig
behavioral2/files/0x0007000000023274-165.dat	xmrig
behavioral2/memory/4324-167-0x00007FF6F5C00000-0x00007FF6F5FF6000-memory.dmp	xmrig
behavioral2/memory/4756-169-0x00007FF76A6C0000-0x00007FF76AAB6000-memory.dmp	xmrig
behavioral2/memory/4108-162-0x00007FF7D2500000-0x00007FF7D28F6000-memory.dmp	xmrig
behavioral2/memory/2156-170-0x00007FF63FB50000-0x00007FF63FF46000-memory.dmp	xmrig
behavioral2/memory/4784-171-0x00007FF6FFFF0000-0x00007FF7003E6000-memory.dmp	xmrig
behavioral2/files/0x0007000000023275-175.dat	xmrig
behavioral2/files/0x0007000000023276-180.dat	xmrig
behavioral2/files/0x0007000000023277-186.dat	xmrig
behavioral2/files/0x0007000000023278-191.dat	xmrig
behavioral2/files/0x0007000000023279-196.dat	xmrig
behavioral2/files/0x000700000002327a-201.dat	xmrig
behavioral2/memory/4188-287-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	xmrig
behavioral2/memory/1056-483-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	xmrig
behavioral2/memory/1544-1541-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	xmrig
behavioral2/memory/4912-1564-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	xmrig
behavioral2/memory/1364-1563-0x00007FF793C90000-0x00007FF794086000-memory.dmp	xmrig
behavioral2/memory/3468-1580-0x00007FF622260000-0x00007FF622656000-memory.dmp	xmrig
behavioral2/memory/4340-1596-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
9	1460	powershell.exe
11	1460	powershell.exe
29	1460	powershell.exe
30	1460	powershell.exe
31	1460	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1460	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1544	rztZnBj.exe
4912	vliVNSH.exe
1364	rRuvMDX.exe
3468	qeNxPLf.exe
1056	GeUbKOo.exe
4340	hYxOhqR.exe
1188	dAjPNsT.exe
2860	xnrqbJc.exe
4500	QIixfnz.exe
3144	mYwqzkm.exe
2084	mVXxtiS.exe
1412	RKMiuuB.exe
1312	XcZOtVu.exe
4480	fRoVciI.exe
2368	tSQjYle.exe
2596	MJJhINr.exe
1012	jsGLlsx.exe
4080	gwvroSe.exe
1468	ZHWNHzX.exe
4108	tIQXJlp.exe
4324	GTEFEYD.exe
4756	dhuePSy.exe
2156	kSvhMIt.exe
4784	wGAIjkd.exe
568	ymoKLXB.exe
4584	KVoAOBJ.exe
2680	lRDQgko.exe
2060	KbiqYyn.exe
2760	dxagIAj.exe
416	yqcOGws.exe
3608	uOYPuML.exe
1864	EZJBBKS.exe
4576	yooltyd.exe
3724	HrtHSRx.exe
2936	sHPfTAv.exe
4036	Bggpjqc.exe
4760	QJVheKm.exe
3464	uIqlCNr.exe
5044	tYbpEYz.exe
4984	qrBMEds.exe
2152	RPEGMBL.exe
1300	eDfgQqV.exe
2348	UaotwXa.exe
3632	vosmmEW.exe
4356	FWxwTyD.exe
4848	FImGFoD.exe
5076	YqFjNAW.exe
1944	ekPoDuF.exe
4424	fMoefWw.exe
1516	MLGPYpN.exe
892	qLRvNdq.exe
1216	SfnqJyc.exe
1016	UhVmepu.exe
708	iYqHMSM.exe
1332	kwMbzIK.exe
2620	sbnwLAv.exe
4004	isTNDzI.exe
4400	cNXEkCp.exe
4168	pXTWUtF.exe
4312	HAHMGpL.exe
4392	usCgdkG.exe
3252	NTuWnFo.exe
3264	ZlgFSYj.exe
60	lbYvCwR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4188-0-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	upx
behavioral2/files/0x000900000002325c-6.dat	upx
behavioral2/files/0x000700000002325e-10.dat	upx
behavioral2/files/0x000700000002325d-21.dat	upx
behavioral2/files/0x000700000002325f-32.dat	upx
behavioral2/memory/4912-38-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	upx
behavioral2/files/0x000800000002325b-41.dat	upx
behavioral2/files/0x0008000000023261-48.dat	upx
behavioral2/files/0x0007000000023262-53.dat	upx
behavioral2/files/0x0007000000023263-65.dat	upx
behavioral2/files/0x0007000000023264-70.dat	upx
behavioral2/files/0x0007000000023265-73.dat	upx
behavioral2/memory/2860-79-0x00007FF6803C0000-0x00007FF6807B6000-memory.dmp	upx
behavioral2/files/0x0007000000023266-83.dat	upx
behavioral2/memory/3144-91-0x00007FF790BD0000-0x00007FF790FC6000-memory.dmp	upx
behavioral2/files/0x0007000000023267-94.dat	upx
behavioral2/files/0x0007000000023269-101.dat	upx
behavioral2/files/0x000700000002326a-105.dat	upx
behavioral2/files/0x000700000002326b-110.dat	upx
behavioral2/memory/2596-114-0x00007FF612DA0000-0x00007FF613196000-memory.dmp	upx
behavioral2/memory/1012-115-0x00007FF7984F0000-0x00007FF7988E6000-memory.dmp	upx
behavioral2/memory/2368-113-0x00007FF7906B0000-0x00007FF790AA6000-memory.dmp	upx
behavioral2/memory/4480-104-0x00007FF6315F0000-0x00007FF6319E6000-memory.dmp	upx
behavioral2/files/0x0007000000023268-99.dat	upx
behavioral2/memory/1312-98-0x00007FF7D45D0000-0x00007FF7D49C6000-memory.dmp	upx
behavioral2/memory/1412-93-0x00007FF6CC030000-0x00007FF6CC426000-memory.dmp	upx
behavioral2/memory/2084-85-0x00007FF7A9ED0000-0x00007FF7AA2C6000-memory.dmp	upx
behavioral2/memory/4500-82-0x00007FF6235D0000-0x00007FF6239C6000-memory.dmp	upx
behavioral2/files/0x000700000002326c-118.dat	upx
behavioral2/files/0x000700000002326d-126.dat	upx
behavioral2/memory/4080-128-0x00007FF68B710000-0x00007FF68BB06000-memory.dmp	upx
behavioral2/memory/1468-129-0x00007FF603420000-0x00007FF603816000-memory.dmp	upx
behavioral2/memory/4340-69-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	upx
behavioral2/memory/1188-62-0x00007FF781270000-0x00007FF781666000-memory.dmp	upx
behavioral2/files/0x0008000000023260-54.dat	upx
behavioral2/memory/1056-52-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	upx
behavioral2/memory/1544-49-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	upx
behavioral2/memory/3468-42-0x00007FF622260000-0x00007FF622656000-memory.dmp	upx
behavioral2/memory/1364-39-0x00007FF793C90000-0x00007FF794086000-memory.dmp	upx
behavioral2/files/0x000700000002326e-135.dat	upx
behavioral2/files/0x000700000002326f-140.dat	upx
behavioral2/files/0x0007000000023270-145.dat	upx
behavioral2/files/0x0007000000023271-150.dat	upx
behavioral2/files/0x0007000000023272-154.dat	upx
behavioral2/files/0x0007000000023273-159.dat	upx
behavioral2/files/0x0007000000023274-165.dat	upx
behavioral2/memory/4324-167-0x00007FF6F5C00000-0x00007FF6F5FF6000-memory.dmp	upx
behavioral2/memory/4756-169-0x00007FF76A6C0000-0x00007FF76AAB6000-memory.dmp	upx
behavioral2/memory/4108-162-0x00007FF7D2500000-0x00007FF7D28F6000-memory.dmp	upx
behavioral2/memory/2156-170-0x00007FF63FB50000-0x00007FF63FF46000-memory.dmp	upx
behavioral2/memory/4784-171-0x00007FF6FFFF0000-0x00007FF7003E6000-memory.dmp	upx
behavioral2/files/0x0007000000023275-175.dat	upx
behavioral2/files/0x0007000000023276-180.dat	upx
behavioral2/files/0x0007000000023277-186.dat	upx
behavioral2/files/0x0007000000023278-191.dat	upx
behavioral2/files/0x0007000000023279-196.dat	upx
behavioral2/files/0x000700000002327a-201.dat	upx
behavioral2/memory/4188-287-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp	upx
behavioral2/memory/1056-483-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp	upx
behavioral2/memory/1544-1541-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp	upx
behavioral2/memory/4912-1564-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp	upx
behavioral2/memory/1364-1563-0x00007FF793C90000-0x00007FF794086000-memory.dmp	upx
behavioral2/memory/3468-1580-0x00007FF622260000-0x00007FF622656000-memory.dmp	upx
behavioral2/memory/4340-1596-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wjLzWfN.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\ezEOUIh.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\MzZBKeZ.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\YwLcoup.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\paRerqw.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\GejeksW.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\XPiGaro.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\OIpQmqg.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\SJbgdVH.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\bNQiKOW.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\ooQznkY.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\XOiCMPV.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\huZsbLd.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\qWEXpFB.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\OoWsQfG.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\CjkKHDq.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\AiArEkp.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\IGvJrRX.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\enYfMsw.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\lMdBRKY.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\frpVOax.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\TsWKiLP.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\PzVCLMu.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\rkhpNIk.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\InWxLzy.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\GPjbNMx.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\rcvaCRJ.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\glvWrvC.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\FEfDVJA.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\xQSneVF.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\WCJOoHR.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\PjPIgKv.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\MSyswQr.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\gBOfwqg.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\GjdMDyc.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\NGnmzrt.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\wgzjRYn.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\wZCbfVU.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\zSAezVo.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\xiWraub.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\kJvZLAU.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\TbsuqXC.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\hTdAkKl.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\QgcgPlr.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\mKTRhEt.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\uCzVEGY.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\oghHVxP.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\HCNhWPS.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\PepKbPi.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\GvkjOnq.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\uZKDJyx.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\xhWyBMS.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\QCSpobM.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\pNartzW.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\tuGDNvb.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\iZCspbd.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\SMFclud.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\gMeZGcU.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\ACrrMEa.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\FMyDXlR.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\UJYhKIN.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\tjmYLjo.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\rPLXDrJ.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
File created	C:\Windows\System\swQNqJt.exe	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1460	powershell.exe
1460	powershell.exe
1460	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
Token: SeDebugPrivilege	1460	powershell.exe
Token: SeLockMemoryPrivilege	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 1460	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	92
PID 4188 wrote to memory of 1460	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	92
PID 4188 wrote to memory of 1544	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	93
PID 4188 wrote to memory of 1544	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	93
PID 4188 wrote to memory of 4912	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	94
PID 4188 wrote to memory of 4912	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	94
PID 4188 wrote to memory of 1364	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	95
PID 4188 wrote to memory of 1364	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	95
PID 4188 wrote to memory of 3468	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	96
PID 4188 wrote to memory of 3468	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	96
PID 4188 wrote to memory of 1056	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	97
PID 4188 wrote to memory of 1056	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	97
PID 4188 wrote to memory of 4340	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	98
PID 4188 wrote to memory of 4340	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	98
PID 4188 wrote to memory of 1188	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	99
PID 4188 wrote to memory of 1188	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	99
PID 4188 wrote to memory of 2860	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	100
PID 4188 wrote to memory of 2860	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	100
PID 4188 wrote to memory of 4500	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	101
PID 4188 wrote to memory of 4500	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	101
PID 4188 wrote to memory of 3144	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	102
PID 4188 wrote to memory of 3144	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	102
PID 4188 wrote to memory of 2084	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	103
PID 4188 wrote to memory of 2084	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	103
PID 4188 wrote to memory of 1412	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	104
PID 4188 wrote to memory of 1412	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	104
PID 4188 wrote to memory of 1312	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	105
PID 4188 wrote to memory of 1312	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	105
PID 4188 wrote to memory of 4480	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	106
PID 4188 wrote to memory of 4480	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	106
PID 4188 wrote to memory of 2368	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	107
PID 4188 wrote to memory of 2368	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	107
PID 4188 wrote to memory of 2596	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	108
PID 4188 wrote to memory of 2596	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	108
PID 4188 wrote to memory of 1012	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	109
PID 4188 wrote to memory of 1012	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	109
PID 4188 wrote to memory of 4080	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	110
PID 4188 wrote to memory of 4080	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	110
PID 4188 wrote to memory of 1468	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	111
PID 4188 wrote to memory of 1468	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	111
PID 4188 wrote to memory of 4108	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	112
PID 4188 wrote to memory of 4108	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	112
PID 4188 wrote to memory of 4324	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	113
PID 4188 wrote to memory of 4324	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	113
PID 4188 wrote to memory of 4756	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	114
PID 4188 wrote to memory of 4756	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	114
PID 4188 wrote to memory of 2156	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	115
PID 4188 wrote to memory of 2156	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	115
PID 4188 wrote to memory of 4784	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	116
PID 4188 wrote to memory of 4784	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	116
PID 4188 wrote to memory of 568	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	117
PID 4188 wrote to memory of 568	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	117
PID 4188 wrote to memory of 4584	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	118
PID 4188 wrote to memory of 4584	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	118
PID 4188 wrote to memory of 2680	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	119
PID 4188 wrote to memory of 2680	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	119
PID 4188 wrote to memory of 2060	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	120
PID 4188 wrote to memory of 2060	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	120
PID 4188 wrote to memory of 2760	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	121
PID 4188 wrote to memory of 2760	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	121
PID 4188 wrote to memory of 416	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	122
PID 4188 wrote to memory of 416	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	122
PID 4188 wrote to memory of 3608	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	123
PID 4188 wrote to memory of 3608	4188	6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe	123

C:\Users\Admin\AppData\Local\Temp\6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe
"C:\Users\Admin\AppData\Local\Temp\6b393897d3b79ee439e3fa4bb1e979889c390b080968fb8c5a5315a35d388a79.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1460
- C:\Windows\System\rztZnBj.exe
  C:\Windows\System\rztZnBj.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\vliVNSH.exe
  C:\Windows\System\vliVNSH.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\rRuvMDX.exe
  C:\Windows\System\rRuvMDX.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\qeNxPLf.exe
  C:\Windows\System\qeNxPLf.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\GeUbKOo.exe
  C:\Windows\System\GeUbKOo.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hYxOhqR.exe
  C:\Windows\System\hYxOhqR.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\dAjPNsT.exe
  C:\Windows\System\dAjPNsT.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\xnrqbJc.exe
  C:\Windows\System\xnrqbJc.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\QIixfnz.exe
  C:\Windows\System\QIixfnz.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\mYwqzkm.exe
  C:\Windows\System\mYwqzkm.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\mVXxtiS.exe
  C:\Windows\System\mVXxtiS.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\RKMiuuB.exe
  C:\Windows\System\RKMiuuB.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\XcZOtVu.exe
  C:\Windows\System\XcZOtVu.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\fRoVciI.exe
  C:\Windows\System\fRoVciI.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\tSQjYle.exe
  C:\Windows\System\tSQjYle.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\MJJhINr.exe
  C:\Windows\System\MJJhINr.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\jsGLlsx.exe
  C:\Windows\System\jsGLlsx.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\gwvroSe.exe
  C:\Windows\System\gwvroSe.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\ZHWNHzX.exe
  C:\Windows\System\ZHWNHzX.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\tIQXJlp.exe
  C:\Windows\System\tIQXJlp.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\GTEFEYD.exe
  C:\Windows\System\GTEFEYD.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\dhuePSy.exe
  C:\Windows\System\dhuePSy.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\kSvhMIt.exe
  C:\Windows\System\kSvhMIt.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\wGAIjkd.exe
  C:\Windows\System\wGAIjkd.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\ymoKLXB.exe
  C:\Windows\System\ymoKLXB.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\KVoAOBJ.exe
  C:\Windows\System\KVoAOBJ.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\lRDQgko.exe
  C:\Windows\System\lRDQgko.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\KbiqYyn.exe
  C:\Windows\System\KbiqYyn.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\dxagIAj.exe
  C:\Windows\System\dxagIAj.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\yqcOGws.exe
  C:\Windows\System\yqcOGws.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\uOYPuML.exe
  C:\Windows\System\uOYPuML.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\EZJBBKS.exe
  C:\Windows\System\EZJBBKS.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\yooltyd.exe
  C:\Windows\System\yooltyd.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\HrtHSRx.exe
  C:\Windows\System\HrtHSRx.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\sHPfTAv.exe
  C:\Windows\System\sHPfTAv.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\Bggpjqc.exe
  C:\Windows\System\Bggpjqc.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\QJVheKm.exe
  C:\Windows\System\QJVheKm.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\uIqlCNr.exe
  C:\Windows\System\uIqlCNr.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\tYbpEYz.exe
  C:\Windows\System\tYbpEYz.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\qrBMEds.exe
  C:\Windows\System\qrBMEds.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\RPEGMBL.exe
  C:\Windows\System\RPEGMBL.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\eDfgQqV.exe
  C:\Windows\System\eDfgQqV.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\UaotwXa.exe
  C:\Windows\System\UaotwXa.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\vosmmEW.exe
  C:\Windows\System\vosmmEW.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\FWxwTyD.exe
  C:\Windows\System\FWxwTyD.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\FImGFoD.exe
  C:\Windows\System\FImGFoD.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\YqFjNAW.exe
  C:\Windows\System\YqFjNAW.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\ekPoDuF.exe
  C:\Windows\System\ekPoDuF.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\fMoefWw.exe
  C:\Windows\System\fMoefWw.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\MLGPYpN.exe
  C:\Windows\System\MLGPYpN.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\qLRvNdq.exe
  C:\Windows\System\qLRvNdq.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\SfnqJyc.exe
  C:\Windows\System\SfnqJyc.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\UhVmepu.exe
  C:\Windows\System\UhVmepu.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\iYqHMSM.exe
  C:\Windows\System\iYqHMSM.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\kwMbzIK.exe
  C:\Windows\System\kwMbzIK.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\sbnwLAv.exe
  C:\Windows\System\sbnwLAv.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\isTNDzI.exe
  C:\Windows\System\isTNDzI.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\cNXEkCp.exe
  C:\Windows\System\cNXEkCp.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\pXTWUtF.exe
  C:\Windows\System\pXTWUtF.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\HAHMGpL.exe
  C:\Windows\System\HAHMGpL.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\usCgdkG.exe
  C:\Windows\System\usCgdkG.exe
  2⤵
  - Executes dropped EXE
  PID:4392
- C:\Windows\System\NTuWnFo.exe
  C:\Windows\System\NTuWnFo.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\ZlgFSYj.exe
  C:\Windows\System\ZlgFSYj.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\lbYvCwR.exe
  C:\Windows\System\lbYvCwR.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\LwTazGq.exe
  C:\Windows\System\LwTazGq.exe
  2⤵
  PID:1564
- C:\Windows\System\gMeZGcU.exe
  C:\Windows\System\gMeZGcU.exe
  2⤵
  PID:3472
- C:\Windows\System\hFrTUhg.exe
  C:\Windows\System\hFrTUhg.exe
  2⤵
  PID:1860
- C:\Windows\System\iliNOkk.exe
  C:\Windows\System\iliNOkk.exe
  2⤵
  PID:4836
- C:\Windows\System\jSsiAVH.exe
  C:\Windows\System\jSsiAVH.exe
  2⤵
  PID:2784
- C:\Windows\System\kujEkPk.exe
  C:\Windows\System\kujEkPk.exe
  2⤵
  PID:4812
- C:\Windows\System\MmaKvnQ.exe
  C:\Windows\System\MmaKvnQ.exe
  2⤵
  PID:1824
- C:\Windows\System\AxnYqbT.exe
  C:\Windows\System\AxnYqbT.exe
  2⤵
  PID:5124
- C:\Windows\System\xiKQzfe.exe
  C:\Windows\System\xiKQzfe.exe
  2⤵
  PID:5156
- C:\Windows\System\EuzDQsb.exe
  C:\Windows\System\EuzDQsb.exe
  2⤵
  PID:5184
- C:\Windows\System\ElTYULr.exe
  C:\Windows\System\ElTYULr.exe
  2⤵
  PID:5212
- C:\Windows\System\eIHBVoN.exe
  C:\Windows\System\eIHBVoN.exe
  2⤵
  PID:5240
- C:\Windows\System\XLPDoWd.exe
  C:\Windows\System\XLPDoWd.exe
  2⤵
  PID:5264
- C:\Windows\System\jLSLudd.exe
  C:\Windows\System\jLSLudd.exe
  2⤵
  PID:5312
- C:\Windows\System\Lywuogq.exe
  C:\Windows\System\Lywuogq.exe
  2⤵
  PID:5332
- C:\Windows\System\VspRZUB.exe
  C:\Windows\System\VspRZUB.exe
  2⤵
  PID:5364
- C:\Windows\System\DVJGjJM.exe
  C:\Windows\System\DVJGjJM.exe
  2⤵
  PID:5400
- C:\Windows\System\qfNURJF.exe
  C:\Windows\System\qfNURJF.exe
  2⤵
  PID:5428
- C:\Windows\System\yhgAAUs.exe
  C:\Windows\System\yhgAAUs.exe
  2⤵
  PID:5456
- C:\Windows\System\qmMarJL.exe
  C:\Windows\System\qmMarJL.exe
  2⤵
  PID:5488
- C:\Windows\System\jOWoknb.exe
  C:\Windows\System\jOWoknb.exe
  2⤵
  PID:5512
- C:\Windows\System\XjcRbMg.exe
  C:\Windows\System\XjcRbMg.exe
  2⤵
  PID:5540
- C:\Windows\System\TlNKkIr.exe
  C:\Windows\System\TlNKkIr.exe
  2⤵
  PID:5568
- C:\Windows\System\QTskKjm.exe
  C:\Windows\System\QTskKjm.exe
  2⤵
  PID:5596
- C:\Windows\System\fkiiaRJ.exe
  C:\Windows\System\fkiiaRJ.exe
  2⤵
  PID:5624
- C:\Windows\System\KkLXcqh.exe
  C:\Windows\System\KkLXcqh.exe
  2⤵
  PID:5652
- C:\Windows\System\uCzVEGY.exe
  C:\Windows\System\uCzVEGY.exe
  2⤵
  PID:5680
- C:\Windows\System\XFqrJxf.exe
  C:\Windows\System\XFqrJxf.exe
  2⤵
  PID:5708
- C:\Windows\System\CQbibBs.exe
  C:\Windows\System\CQbibBs.exe
  2⤵
  PID:5736
- C:\Windows\System\VVUFSFV.exe
  C:\Windows\System\VVUFSFV.exe
  2⤵
  PID:5764
- C:\Windows\System\Hulinrm.exe
  C:\Windows\System\Hulinrm.exe
  2⤵
  PID:5792
- C:\Windows\System\ZngddpN.exe
  C:\Windows\System\ZngddpN.exe
  2⤵
  PID:5824
- C:\Windows\System\iKafmWq.exe
  C:\Windows\System\iKafmWq.exe
  2⤵
  PID:5856
- C:\Windows\System\cQZPNmE.exe
  C:\Windows\System\cQZPNmE.exe
  2⤵
  PID:5884
- C:\Windows\System\iSpQZOi.exe
  C:\Windows\System\iSpQZOi.exe
  2⤵
  PID:5916
- C:\Windows\System\lJYlydq.exe
  C:\Windows\System\lJYlydq.exe
  2⤵
  PID:5944
- C:\Windows\System\slUKTzN.exe
  C:\Windows\System\slUKTzN.exe
  2⤵
  PID:5972
- C:\Windows\System\FPbrxBb.exe
  C:\Windows\System\FPbrxBb.exe
  2⤵
  PID:6004
- C:\Windows\System\dJhbQDM.exe
  C:\Windows\System\dJhbQDM.exe
  2⤵
  PID:6028
- C:\Windows\System\drOjRfR.exe
  C:\Windows\System\drOjRfR.exe
  2⤵
  PID:6056
- C:\Windows\System\wcaXQyB.exe
  C:\Windows\System\wcaXQyB.exe
  2⤵
  PID:6084
- C:\Windows\System\mFVLMer.exe
  C:\Windows\System\mFVLMer.exe
  2⤵
  PID:6112
- C:\Windows\System\wnLnGFM.exe
  C:\Windows\System\wnLnGFM.exe
  2⤵
  PID:6140
- C:\Windows\System\WFEvTOl.exe
  C:\Windows\System\WFEvTOl.exe
  2⤵
  PID:5172
- C:\Windows\System\hMUNASb.exe
  C:\Windows\System\hMUNASb.exe
  2⤵
  PID:5224
- C:\Windows\System\PhHVJvD.exe
  C:\Windows\System\PhHVJvD.exe
  2⤵
  PID:5292
- C:\Windows\System\iXVqJdK.exe
  C:\Windows\System\iXVqJdK.exe
  2⤵
  PID:5356
- C:\Windows\System\RcDbfbj.exe
  C:\Windows\System\RcDbfbj.exe
  2⤵
  PID:392
- C:\Windows\System\GSzQdKg.exe
  C:\Windows\System\GSzQdKg.exe
  2⤵
  PID:4408
- C:\Windows\System\rsWICfv.exe
  C:\Windows\System\rsWICfv.exe
  2⤵
  PID:5536
- C:\Windows\System\YYIwEZK.exe
  C:\Windows\System\YYIwEZK.exe
  2⤵
  PID:5616
- C:\Windows\System\bpnVvQn.exe
  C:\Windows\System\bpnVvQn.exe
  2⤵
  PID:5676
- C:\Windows\System\PELkuBT.exe
  C:\Windows\System\PELkuBT.exe
  2⤵
  PID:5728
- C:\Windows\System\ojQBxLs.exe
  C:\Windows\System\ojQBxLs.exe
  2⤵
  PID:5284
- C:\Windows\System\QpXLNwf.exe
  C:\Windows\System\QpXLNwf.exe
  2⤵
  PID:5880
- C:\Windows\System\ALrtoWy.exe
  C:\Windows\System\ALrtoWy.exe
  2⤵
  PID:5956
- C:\Windows\System\xdznYRL.exe
  C:\Windows\System\xdznYRL.exe
  2⤵
  PID:6024
- C:\Windows\System\SghmVUe.exe
  C:\Windows\System\SghmVUe.exe
  2⤵
  PID:6096
- C:\Windows\System\IRPeTth.exe
  C:\Windows\System\IRPeTth.exe
  2⤵
  PID:6132
- C:\Windows\System\OKhHKgy.exe
  C:\Windows\System\OKhHKgy.exe
  2⤵
  PID:5208
- C:\Windows\System\gaVWuEB.exe
  C:\Windows\System\gaVWuEB.exe
  2⤵
  PID:5352
- C:\Windows\System\OIpQmqg.exe
  C:\Windows\System\OIpQmqg.exe
  2⤵
  PID:5508
- C:\Windows\System\OeNgcNL.exe
  C:\Windows\System\OeNgcNL.exe
  2⤵
  PID:5648
- C:\Windows\System\cmiGtxM.exe
  C:\Windows\System\cmiGtxM.exe
  2⤵
  PID:5720
- C:\Windows\System\bfJrABw.exe
  C:\Windows\System\bfJrABw.exe
  2⤵
  PID:5904
- C:\Windows\System\ubXiCxJ.exe
  C:\Windows\System\ubXiCxJ.exe
  2⤵
  PID:6124
- C:\Windows\System\wFKtbOp.exe
  C:\Windows\System\wFKtbOp.exe
  2⤵
  PID:5468
- C:\Windows\System\SkGJmaO.exe
  C:\Windows\System\SkGJmaO.exe
  2⤵
  PID:5396
- C:\Windows\System\MjuKQXT.exe
  C:\Windows\System\MjuKQXT.exe
  2⤵
  PID:4800
- C:\Windows\System\zbcdfOo.exe
  C:\Windows\System\zbcdfOo.exe
  2⤵
  PID:5144
- C:\Windows\System\GOiWVKk.exe
  C:\Windows\System\GOiWVKk.exe
  2⤵
  PID:6168
- C:\Windows\System\MOtMJNz.exe
  C:\Windows\System\MOtMJNz.exe
  2⤵
  PID:6196
- C:\Windows\System\WmqCtcr.exe
  C:\Windows\System\WmqCtcr.exe
  2⤵
  PID:6224
- C:\Windows\System\OMABMJp.exe
  C:\Windows\System\OMABMJp.exe
  2⤵
  PID:6252
- C:\Windows\System\cupxiKN.exe
  C:\Windows\System\cupxiKN.exe
  2⤵
  PID:6280
- C:\Windows\System\mkJUpab.exe
  C:\Windows\System\mkJUpab.exe
  2⤵
  PID:6320
- C:\Windows\System\MvIJrZz.exe
  C:\Windows\System\MvIJrZz.exe
  2⤵
  PID:6336
- C:\Windows\System\uDRFayA.exe
  C:\Windows\System\uDRFayA.exe
  2⤵
  PID:6364
- C:\Windows\System\kBsYZzz.exe
  C:\Windows\System\kBsYZzz.exe
  2⤵
  PID:6396
- C:\Windows\System\ngAeJSv.exe
  C:\Windows\System\ngAeJSv.exe
  2⤵
  PID:6424
- C:\Windows\System\VAQEZgh.exe
  C:\Windows\System\VAQEZgh.exe
  2⤵
  PID:6440
- C:\Windows\System\qeCrJag.exe
  C:\Windows\System\qeCrJag.exe
  2⤵
  PID:6476
- C:\Windows\System\ZMBNVka.exe
  C:\Windows\System\ZMBNVka.exe
  2⤵
  PID:6516
- C:\Windows\System\jKDFSYI.exe
  C:\Windows\System\jKDFSYI.exe
  2⤵
  PID:6552
- C:\Windows\System\RWXFjYY.exe
  C:\Windows\System\RWXFjYY.exe
  2⤵
  PID:6580
- C:\Windows\System\lTazsyQ.exe
  C:\Windows\System\lTazsyQ.exe
  2⤵
  PID:6608
- C:\Windows\System\VajcQkj.exe
  C:\Windows\System\VajcQkj.exe
  2⤵
  PID:6636
- C:\Windows\System\xlVeJtE.exe
  C:\Windows\System\xlVeJtE.exe
  2⤵
  PID:6672
- C:\Windows\System\AZEzWrW.exe
  C:\Windows\System\AZEzWrW.exe
  2⤵
  PID:6692
- C:\Windows\System\GbZkwFS.exe
  C:\Windows\System\GbZkwFS.exe
  2⤵
  PID:6720
- C:\Windows\System\XIegvUN.exe
  C:\Windows\System\XIegvUN.exe
  2⤵
  PID:6748
- C:\Windows\System\HmCfoUV.exe
  C:\Windows\System\HmCfoUV.exe
  2⤵
  PID:6776
- C:\Windows\System\IUfJNNZ.exe
  C:\Windows\System\IUfJNNZ.exe
  2⤵
  PID:6820
- C:\Windows\System\cCFlIql.exe
  C:\Windows\System\cCFlIql.exe
  2⤵
  PID:6848
- C:\Windows\System\Poiqhrn.exe
  C:\Windows\System\Poiqhrn.exe
  2⤵
  PID:6876
- C:\Windows\System\LXuTUXY.exe
  C:\Windows\System\LXuTUXY.exe
  2⤵
  PID:6912
- C:\Windows\System\xDAwYaM.exe
  C:\Windows\System\xDAwYaM.exe
  2⤵
  PID:6928
- C:\Windows\System\vRMZCuv.exe
  C:\Windows\System\vRMZCuv.exe
  2⤵
  PID:6956
- C:\Windows\System\acJeBey.exe
  C:\Windows\System\acJeBey.exe
  2⤵
  PID:7000
- C:\Windows\System\lxtsSFi.exe
  C:\Windows\System\lxtsSFi.exe
  2⤵
  PID:7028
- C:\Windows\System\IzVZHut.exe
  C:\Windows\System\IzVZHut.exe
  2⤵
  PID:7056
- C:\Windows\System\glVsGBg.exe
  C:\Windows\System\glVsGBg.exe
  2⤵
  PID:7084
- C:\Windows\System\tIPwNKG.exe
  C:\Windows\System\tIPwNKG.exe
  2⤵
  PID:7124
- C:\Windows\System\FXooaEP.exe
  C:\Windows\System\FXooaEP.exe
  2⤵
  PID:7156
- C:\Windows\System\TkoTMTd.exe
  C:\Windows\System\TkoTMTd.exe
  2⤵
  PID:6208
- C:\Windows\System\PbNZPNJ.exe
  C:\Windows\System\PbNZPNJ.exe
  2⤵
  PID:6300
- C:\Windows\System\KksWgOV.exe
  C:\Windows\System\KksWgOV.exe
  2⤵
  PID:6388
- C:\Windows\System\QdZbGIC.exe
  C:\Windows\System\QdZbGIC.exe
  2⤵
  PID:6492
- C:\Windows\System\WemgQck.exe
  C:\Windows\System\WemgQck.exe
  2⤵
  PID:6652
- C:\Windows\System\ENUJLgV.exe
  C:\Windows\System\ENUJLgV.exe
  2⤵
  PID:6740
- C:\Windows\System\WnRoLXw.exe
  C:\Windows\System\WnRoLXw.exe
  2⤵
  PID:6860
- C:\Windows\System\VNlzzCZ.exe
  C:\Windows\System\VNlzzCZ.exe
  2⤵
  PID:7068
- C:\Windows\System\YDetwnX.exe
  C:\Windows\System\YDetwnX.exe
  2⤵
  PID:6248
- C:\Windows\System\TOYwUgA.exe
  C:\Windows\System\TOYwUgA.exe
  2⤵
  PID:6456
- C:\Windows\System\MVWarYx.exe
  C:\Windows\System\MVWarYx.exe
  2⤵
  PID:6660
- C:\Windows\System\friPfKc.exe
  C:\Windows\System\friPfKc.exe
  2⤵
  PID:6904
- C:\Windows\System\wgzjRYn.exe
  C:\Windows\System\wgzjRYn.exe
  2⤵
  PID:7104
- C:\Windows\System\FpDXmXx.exe
  C:\Windows\System\FpDXmXx.exe
  2⤵
  PID:6356
- C:\Windows\System\UKPyxgr.exe
  C:\Windows\System\UKPyxgr.exe
  2⤵
  PID:6548
- C:\Windows\System\SHFDsUu.exe
  C:\Windows\System\SHFDsUu.exe
  2⤵
  PID:6952
- C:\Windows\System\fGbhPLr.exe
  C:\Windows\System\fGbhPLr.exe
  2⤵
  PID:7044
- C:\Windows\System\qkmaFpX.exe
  C:\Windows\System\qkmaFpX.exe
  2⤵
  PID:7052
- C:\Windows\System\crMoqLK.exe
  C:\Windows\System\crMoqLK.exe
  2⤵
  PID:3452
- C:\Windows\System\vyAVnPw.exe
  C:\Windows\System\vyAVnPw.exe
  2⤵
  PID:6704
- C:\Windows\System\eceiucI.exe
  C:\Windows\System\eceiucI.exe
  2⤵
  PID:6968
- C:\Windows\System\PYYtJkL.exe
  C:\Windows\System\PYYtJkL.exe
  2⤵
  PID:6592
- C:\Windows\System\JOiffUl.exe
  C:\Windows\System\JOiffUl.exe
  2⤵
  PID:3712
- C:\Windows\System\FWzHwfT.exe
  C:\Windows\System\FWzHwfT.exe
  2⤵
  PID:6684
- C:\Windows\System\iiHEvQU.exe
  C:\Windows\System\iiHEvQU.exe
  2⤵
  PID:6832
- C:\Windows\System\ZTbltEm.exe
  C:\Windows\System\ZTbltEm.exe
  2⤵
  PID:6220
- C:\Windows\System\xzzUGGj.exe
  C:\Windows\System\xzzUGGj.exe
  2⤵
  PID:7048
- C:\Windows\System\RxHUzgP.exe
  C:\Windows\System\RxHUzgP.exe
  2⤵
  PID:6348
- C:\Windows\System\jMOYvnf.exe
  C:\Windows\System\jMOYvnf.exe
  2⤵
  PID:7200
- C:\Windows\System\RWuGMkj.exe
  C:\Windows\System\RWuGMkj.exe
  2⤵
  PID:7232
- C:\Windows\System\MZmtpRS.exe
  C:\Windows\System\MZmtpRS.exe
  2⤵
  PID:7280
- C:\Windows\System\FlxinkK.exe
  C:\Windows\System\FlxinkK.exe
  2⤵
  PID:7316
- C:\Windows\System\SxjYQqC.exe
  C:\Windows\System\SxjYQqC.exe
  2⤵
  PID:7352
- C:\Windows\System\Szzpfeb.exe
  C:\Windows\System\Szzpfeb.exe
  2⤵
  PID:7384
- C:\Windows\System\kElLsxy.exe
  C:\Windows\System\kElLsxy.exe
  2⤵
  PID:7428
- C:\Windows\System\mLvWeQK.exe
  C:\Windows\System\mLvWeQK.exe
  2⤵
  PID:7472
- C:\Windows\System\OoWsQfG.exe
  C:\Windows\System\OoWsQfG.exe
  2⤵
  PID:7532
- C:\Windows\System\IukCqKF.exe
  C:\Windows\System\IukCqKF.exe
  2⤵
  PID:7572
- C:\Windows\System\JiECzEu.exe
  C:\Windows\System\JiECzEu.exe
  2⤵
  PID:7612
- C:\Windows\System\iRpxEHB.exe
  C:\Windows\System\iRpxEHB.exe
  2⤵
  PID:7652
- C:\Windows\System\fKPdlbA.exe
  C:\Windows\System\fKPdlbA.exe
  2⤵
  PID:7712
- C:\Windows\System\ObeHIGX.exe
  C:\Windows\System\ObeHIGX.exe
  2⤵
  PID:7756
- C:\Windows\System\FHDsRuT.exe
  C:\Windows\System\FHDsRuT.exe
  2⤵
  PID:7804
- C:\Windows\System\DsHsuRe.exe
  C:\Windows\System\DsHsuRe.exe
  2⤵
  PID:7828
- C:\Windows\System\wHqvBYx.exe
  C:\Windows\System\wHqvBYx.exe
  2⤵
  PID:7852
- C:\Windows\System\iilZOZe.exe
  C:\Windows\System\iilZOZe.exe
  2⤵
  PID:7892
- C:\Windows\System\GdBwyxm.exe
  C:\Windows\System\GdBwyxm.exe
  2⤵
  PID:7936
- C:\Windows\System\bUcRrSt.exe
  C:\Windows\System\bUcRrSt.exe
  2⤵
  PID:7976
- C:\Windows\System\MECyfai.exe
  C:\Windows\System\MECyfai.exe
  2⤵
  PID:8016
- C:\Windows\System\ETArcPH.exe
  C:\Windows\System\ETArcPH.exe
  2⤵
  PID:8056
- C:\Windows\System\WbyRdQJ.exe
  C:\Windows\System\WbyRdQJ.exe
  2⤵
  PID:8084
- C:\Windows\System\KOjTfbO.exe
  C:\Windows\System\KOjTfbO.exe
  2⤵
  PID:8116
- C:\Windows\System\XFliPwO.exe
  C:\Windows\System\XFliPwO.exe
  2⤵
  PID:8148
- C:\Windows\System\utKEiYP.exe
  C:\Windows\System\utKEiYP.exe
  2⤵
  PID:8184
- C:\Windows\System\ayfthbS.exe
  C:\Windows\System\ayfthbS.exe
  2⤵
  PID:1556
- C:\Windows\System\Cflalfv.exe
  C:\Windows\System\Cflalfv.exe
  2⤵
  PID:7208
- C:\Windows\System\svegHIF.exe
  C:\Windows\System\svegHIF.exe
  2⤵
  PID:7272
- C:\Windows\System\nAIJHVK.exe
  C:\Windows\System\nAIJHVK.exe
  2⤵
  PID:7332
- C:\Windows\System\LcfjJtl.exe
  C:\Windows\System\LcfjJtl.exe
  2⤵
  PID:7380
- C:\Windows\System\TfJsQuk.exe
  C:\Windows\System\TfJsQuk.exe
  2⤵
  PID:7456
- C:\Windows\System\uUwqKzp.exe
  C:\Windows\System\uUwqKzp.exe
  2⤵
  PID:7488
- C:\Windows\System\pyTAjTg.exe
  C:\Windows\System\pyTAjTg.exe
  2⤵
  PID:7564
- C:\Windows\System\DzpMrSr.exe
  C:\Windows\System\DzpMrSr.exe
  2⤵
  PID:7644
- C:\Windows\System\fgVfRzt.exe
  C:\Windows\System\fgVfRzt.exe
  2⤵
  PID:7692
- C:\Windows\System\YGGuldf.exe
  C:\Windows\System\YGGuldf.exe
  2⤵
  PID:7752
- C:\Windows\System\pLjEWLn.exe
  C:\Windows\System\pLjEWLn.exe
  2⤵
  PID:7816
- C:\Windows\System\JGvTBOv.exe
  C:\Windows\System\JGvTBOv.exe
  2⤵
  PID:7848
- C:\Windows\System\RrNXFDx.exe
  C:\Windows\System\RrNXFDx.exe
  2⤵
  PID:7904
- C:\Windows\System\RhFxnmp.exe
  C:\Windows\System\RhFxnmp.exe
  2⤵
  PID:7988
- C:\Windows\System\TTRHWdl.exe
  C:\Windows\System\TTRHWdl.exe
  2⤵
  PID:8052
- C:\Windows\System\KuZKJyx.exe
  C:\Windows\System\KuZKJyx.exe
  2⤵
  PID:8112
- C:\Windows\System\TmxllQz.exe
  C:\Windows\System\TmxllQz.exe
  2⤵
  PID:3780
- C:\Windows\System\VOhvUof.exe
  C:\Windows\System\VOhvUof.exe
  2⤵
  PID:7308
- C:\Windows\System\QYkNBLF.exe
  C:\Windows\System\QYkNBLF.exe
  2⤵
  PID:7372
- C:\Windows\System\gGtJZeI.exe
  C:\Windows\System\gGtJZeI.exe
  2⤵
  PID:7508
- C:\Windows\System\yKWmMpg.exe
  C:\Windows\System\yKWmMpg.exe
  2⤵
  PID:7600
- C:\Windows\System\GxlsOpo.exe
  C:\Windows\System\GxlsOpo.exe
  2⤵
  PID:7748
- C:\Windows\System\KZlJZNQ.exe
  C:\Windows\System\KZlJZNQ.exe
  2⤵
  PID:7880
- C:\Windows\System\qgPYxdw.exe
  C:\Windows\System\qgPYxdw.exe
  2⤵
  PID:8024
- C:\Windows\System\xcujkky.exe
  C:\Windows\System\xcujkky.exe
  2⤵
  PID:8164
- C:\Windows\System\FYMHDHK.exe
  C:\Windows\System\FYMHDHK.exe
  2⤵
  PID:4048
- C:\Windows\System\qkEDRoM.exe
  C:\Windows\System\qkEDRoM.exe
  2⤵
  PID:7464
- C:\Windows\System\pmQYMRP.exe
  C:\Windows\System\pmQYMRP.exe
  2⤵
  PID:7916
- C:\Windows\System\IRmPMzf.exe
  C:\Windows\System\IRmPMzf.exe
  2⤵
  PID:7440
- C:\Windows\System\uIRkERL.exe
  C:\Windows\System\uIRkERL.exe
  2⤵
  PID:5060
- C:\Windows\System\iPrmbGc.exe
  C:\Windows\System\iPrmbGc.exe
  2⤵
  PID:8200
- C:\Windows\System\YgvCDaF.exe
  C:\Windows\System\YgvCDaF.exe
  2⤵
  PID:8232
- C:\Windows\System\eyRJZVi.exe
  C:\Windows\System\eyRJZVi.exe
  2⤵
  PID:8268
- C:\Windows\System\kOJYfLq.exe
  C:\Windows\System\kOJYfLq.exe
  2⤵
  PID:8284
- C:\Windows\System\BrBZEio.exe
  C:\Windows\System\BrBZEio.exe
  2⤵
  PID:8324
- C:\Windows\System\OQadXIc.exe
  C:\Windows\System\OQadXIc.exe
  2⤵
  PID:8348
- C:\Windows\System\vMUPZzm.exe
  C:\Windows\System\vMUPZzm.exe
  2⤵
  PID:8388
- C:\Windows\System\EWILiqj.exe
  C:\Windows\System\EWILiqj.exe
  2⤵
  PID:8416
- C:\Windows\System\joLySMU.exe
  C:\Windows\System\joLySMU.exe
  2⤵
  PID:8444
- C:\Windows\System\AGOzRNC.exe
  C:\Windows\System\AGOzRNC.exe
  2⤵
  PID:8460
- C:\Windows\System\Tsfagjm.exe
  C:\Windows\System\Tsfagjm.exe
  2⤵
  PID:8500
- C:\Windows\System\lybOEpY.exe
  C:\Windows\System\lybOEpY.exe
  2⤵
  PID:8528
- C:\Windows\System\SucbpBZ.exe
  C:\Windows\System\SucbpBZ.exe
  2⤵
  PID:8556
- C:\Windows\System\lyXbAWA.exe
  C:\Windows\System\lyXbAWA.exe
  2⤵
  PID:8588
- C:\Windows\System\QVWIQfk.exe
  C:\Windows\System\QVWIQfk.exe
  2⤵
  PID:8620
- C:\Windows\System\xhWyBMS.exe
  C:\Windows\System\xhWyBMS.exe
  2⤵
  PID:8636
- C:\Windows\System\VfqufIN.exe
  C:\Windows\System\VfqufIN.exe
  2⤵
  PID:8664
- C:\Windows\System\wzkkelc.exe
  C:\Windows\System\wzkkelc.exe
  2⤵
  PID:8692
- C:\Windows\System\OrMxyef.exe
  C:\Windows\System\OrMxyef.exe
  2⤵
  PID:8716
- C:\Windows\System\nXiqmfy.exe
  C:\Windows\System\nXiqmfy.exe
  2⤵
  PID:8744
- C:\Windows\System\YbLVSRS.exe
  C:\Windows\System\YbLVSRS.exe
  2⤵
  PID:8764
- C:\Windows\System\FPstAzh.exe
  C:\Windows\System\FPstAzh.exe
  2⤵
  PID:8796
- C:\Windows\System\NhjuQCe.exe
  C:\Windows\System\NhjuQCe.exe
  2⤵
  PID:8812
- C:\Windows\System\Nsbjzbu.exe
  C:\Windows\System\Nsbjzbu.exe
  2⤵
  PID:8832
- C:\Windows\System\CUoeiRv.exe
  C:\Windows\System\CUoeiRv.exe
  2⤵
  PID:8848
- C:\Windows\System\mHjJFKy.exe
  C:\Windows\System\mHjJFKy.exe
  2⤵
  PID:8876
- C:\Windows\System\LXqurlP.exe
  C:\Windows\System\LXqurlP.exe
  2⤵
  PID:8912
- C:\Windows\System\OioeGlw.exe
  C:\Windows\System\OioeGlw.exe
  2⤵
  PID:8948
- C:\Windows\System\jcWjbgs.exe
  C:\Windows\System\jcWjbgs.exe
  2⤵
  PID:8980
- C:\Windows\System\SyZYaOy.exe
  C:\Windows\System\SyZYaOy.exe
  2⤵
  PID:9036
- C:\Windows\System\RQfLToU.exe
  C:\Windows\System\RQfLToU.exe
  2⤵
  PID:9064
- C:\Windows\System\rPdlPxv.exe
  C:\Windows\System\rPdlPxv.exe
  2⤵
  PID:9104
- C:\Windows\System\zzHCyWf.exe
  C:\Windows\System\zzHCyWf.exe
  2⤵
  PID:9124
- C:\Windows\System\ElcANZj.exe
  C:\Windows\System\ElcANZj.exe
  2⤵
  PID:9160
- C:\Windows\System\GkLbmGW.exe
  C:\Windows\System\GkLbmGW.exe
  2⤵
  PID:9176
- C:\Windows\System\ZRIATeM.exe
  C:\Windows\System\ZRIATeM.exe
  2⤵
  PID:9204
- C:\Windows\System\ICzOzfm.exe
  C:\Windows\System\ICzOzfm.exe
  2⤵
  PID:8236
- C:\Windows\System\tYrsgvZ.exe
  C:\Windows\System\tYrsgvZ.exe
  2⤵
  PID:8280
- C:\Windows\System\NIWTPrA.exe
  C:\Windows\System\NIWTPrA.exe
  2⤵
  PID:8372
- C:\Windows\System\NzOEwYw.exe
  C:\Windows\System\NzOEwYw.exe
  2⤵
  PID:8436
- C:\Windows\System\iZcVeIS.exe
  C:\Windows\System\iZcVeIS.exe
  2⤵
  PID:8484
- C:\Windows\System\xfjZnDS.exe
  C:\Windows\System\xfjZnDS.exe
  2⤵
  PID:8568
- C:\Windows\System\KRUbclf.exe
  C:\Windows\System\KRUbclf.exe
  2⤵
  PID:8632
- C:\Windows\System\dqtmgIk.exe
  C:\Windows\System\dqtmgIk.exe
  2⤵
  PID:8680
- C:\Windows\System\JKcgooh.exe
  C:\Windows\System\JKcgooh.exe
  2⤵
  PID:8752
- C:\Windows\System\tEpyBEt.exe
  C:\Windows\System\tEpyBEt.exe
  2⤵
  PID:8804
- C:\Windows\System\VomnGOm.exe
  C:\Windows\System\VomnGOm.exe
  2⤵
  PID:8904
- C:\Windows\System\FxujBtD.exe
  C:\Windows\System\FxujBtD.exe
  2⤵
  PID:8940
- C:\Windows\System\OQBqiLo.exe
  C:\Windows\System\OQBqiLo.exe
  2⤵
  PID:8988
- C:\Windows\System\ZcVkNhn.exe
  C:\Windows\System\ZcVkNhn.exe
  2⤵
  PID:9076
- C:\Windows\System\GAHkzkR.exe
  C:\Windows\System\GAHkzkR.exe
  2⤵
  PID:9148
- C:\Windows\System\BUAcSyV.exe
  C:\Windows\System\BUAcSyV.exe
  2⤵
  PID:7784
- C:\Windows\System\qDifkhu.exe
  C:\Windows\System\qDifkhu.exe
  2⤵
  PID:8344
- C:\Windows\System\ddnOpec.exe
  C:\Windows\System\ddnOpec.exe
  2⤵
  PID:8544
- C:\Windows\System\IFeXicd.exe
  C:\Windows\System\IFeXicd.exe
  2⤵
  PID:8660
- C:\Windows\System\NbMbThd.exe
  C:\Windows\System\NbMbThd.exe
  2⤵
  PID:8792
- C:\Windows\System\tgUaZHG.exe
  C:\Windows\System\tgUaZHG.exe
  2⤵
  PID:8924
- C:\Windows\System\kWLHPzc.exe
  C:\Windows\System\kWLHPzc.exe
  2⤵
  PID:9112
- C:\Windows\System\ZCgZemC.exe
  C:\Windows\System\ZCgZemC.exe
  2⤵
  PID:8276
- C:\Windows\System\tOcIgGH.exe
  C:\Windows\System\tOcIgGH.exe
  2⤵
  PID:8600
- C:\Windows\System\UtdmzWV.exe
  C:\Windows\System\UtdmzWV.exe
  2⤵
  PID:8780
- C:\Windows\System\rySlVkQ.exe
  C:\Windows\System\rySlVkQ.exe
  2⤵
  PID:9188
- C:\Windows\System\cnhMzYl.exe
  C:\Windows\System\cnhMzYl.exe
  2⤵
  PID:8616
- C:\Windows\System\bzOkSuu.exe
  C:\Windows\System\bzOkSuu.exe
  2⤵
  PID:9236
- C:\Windows\System\FxKqdFz.exe
  C:\Windows\System\FxKqdFz.exe
  2⤵
  PID:9252
- C:\Windows\System\yJpNgOD.exe
  C:\Windows\System\yJpNgOD.exe
  2⤵
  PID:9296
- C:\Windows\System\hnqgNtp.exe
  C:\Windows\System\hnqgNtp.exe
  2⤵
  PID:9320
- C:\Windows\System\VujczXW.exe
  C:\Windows\System\VujczXW.exe
  2⤵
  PID:9348
- C:\Windows\System\DNwPGvF.exe
  C:\Windows\System\DNwPGvF.exe
  2⤵
  PID:9376
- C:\Windows\System\pProgFu.exe
  C:\Windows\System\pProgFu.exe
  2⤵
  PID:9404
- C:\Windows\System\cyZKliT.exe
  C:\Windows\System\cyZKliT.exe
  2⤵
  PID:9420
- C:\Windows\System\NdJkzoe.exe
  C:\Windows\System\NdJkzoe.exe
  2⤵
  PID:9440
- C:\Windows\System\vhhDdMn.exe
  C:\Windows\System\vhhDdMn.exe
  2⤵
  PID:9492
- C:\Windows\System\LmqNjiM.exe
  C:\Windows\System\LmqNjiM.exe
  2⤵
  PID:9520
- C:\Windows\System\acHDoQO.exe
  C:\Windows\System\acHDoQO.exe
  2⤵
  PID:9544
- C:\Windows\System\LqfrxYL.exe
  C:\Windows\System\LqfrxYL.exe
  2⤵
  PID:9564
- C:\Windows\System\oGnfmDf.exe
  C:\Windows\System\oGnfmDf.exe
  2⤵
  PID:9596
- C:\Windows\System\IVvNEZi.exe
  C:\Windows\System\IVvNEZi.exe
  2⤵
  PID:9632
- C:\Windows\System\GdVBbvN.exe
  C:\Windows\System\GdVBbvN.exe
  2⤵
  PID:9660
- C:\Windows\System\dfFQFHV.exe
  C:\Windows\System\dfFQFHV.exe
  2⤵
  PID:9676
- C:\Windows\System\KvSDiCi.exe
  C:\Windows\System\KvSDiCi.exe
  2⤵
  PID:9716
- C:\Windows\System\nhIeeiP.exe
  C:\Windows\System\nhIeeiP.exe
  2⤵
  PID:9744
- C:\Windows\System\jllobXt.exe
  C:\Windows\System\jllobXt.exe
  2⤵
  PID:9792
- C:\Windows\System\fKdDgPB.exe
  C:\Windows\System\fKdDgPB.exe
  2⤵
  PID:9812
- C:\Windows\System\GFCQTOe.exe
  C:\Windows\System\GFCQTOe.exe
  2⤵
  PID:9836
- C:\Windows\System\LYvzbTK.exe
  C:\Windows\System\LYvzbTK.exe
  2⤵
  PID:9860
- C:\Windows\System\XxzXWTZ.exe
  C:\Windows\System\XxzXWTZ.exe
  2⤵
  PID:9888
- C:\Windows\System\qaWALML.exe
  C:\Windows\System\qaWALML.exe
  2⤵
  PID:9916
- C:\Windows\System\xQSneVF.exe
  C:\Windows\System\xQSneVF.exe
  2⤵
  PID:9948
- C:\Windows\System\ZwpViQR.exe
  C:\Windows\System\ZwpViQR.exe
  2⤵
  PID:9980
- C:\Windows\System\bDdNjzR.exe
  C:\Windows\System\bDdNjzR.exe
  2⤵
  PID:10012
- C:\Windows\System\EzzVVyE.exe
  C:\Windows\System\EzzVVyE.exe
  2⤵
  PID:10040
- C:\Windows\System\nZiBNHW.exe
  C:\Windows\System\nZiBNHW.exe
  2⤵
  PID:10064
- C:\Windows\System\qSCUHrH.exe
  C:\Windows\System\qSCUHrH.exe
  2⤵
  PID:10080
- C:\Windows\System\OJsGZxd.exe
  C:\Windows\System\OJsGZxd.exe
  2⤵
  PID:10112
- C:\Windows\System\lZjVvYg.exe
  C:\Windows\System\lZjVvYg.exe
  2⤵
  PID:10132
- C:\Windows\System\jMUJraZ.exe
  C:\Windows\System\jMUJraZ.exe
  2⤵
  PID:10152
- C:\Windows\System\FEBSTSe.exe
  C:\Windows\System\FEBSTSe.exe
  2⤵
  PID:10192
- C:\Windows\System\EVGpKTZ.exe
  C:\Windows\System\EVGpKTZ.exe
  2⤵
  PID:10232
- C:\Windows\System\OqKwEoV.exe
  C:\Windows\System\OqKwEoV.exe
  2⤵
  PID:9228
- C:\Windows\System\eykFXnd.exe
  C:\Windows\System\eykFXnd.exe
  2⤵
  PID:9316
- C:\Windows\System\FpqEePE.exe
  C:\Windows\System\FpqEePE.exe
  2⤵
  PID:9388
- C:\Windows\System\NDTxXRC.exe
  C:\Windows\System\NDTxXRC.exe
  2⤵
  PID:9448
- C:\Windows\System\cGejJGw.exe
  C:\Windows\System\cGejJGw.exe
  2⤵
  PID:7368
- C:\Windows\System\SzyFlLC.exe
  C:\Windows\System\SzyFlLC.exe
  2⤵
  PID:7268
- C:\Windows\System\GzddrgP.exe
  C:\Windows\System\GzddrgP.exe
  2⤵
  PID:9552
- C:\Windows\System\dYOlFRB.exe
  C:\Windows\System\dYOlFRB.exe
  2⤵
  PID:9584
- C:\Windows\System\ROvRgTe.exe
  C:\Windows\System\ROvRgTe.exe
  2⤵
  PID:9668
- C:\Windows\System\VviicHg.exe
  C:\Windows\System\VviicHg.exe
  2⤵
  PID:9736
- C:\Windows\System\SDoTYNn.exe
  C:\Windows\System\SDoTYNn.exe
  2⤵
  PID:9800
- C:\Windows\System\skHCYuZ.exe
  C:\Windows\System\skHCYuZ.exe
  2⤵
  PID:9872
- C:\Windows\System\dxqLXgM.exe
  C:\Windows\System\dxqLXgM.exe
  2⤵
  PID:9928
- C:\Windows\System\YPrMDpE.exe
  C:\Windows\System\YPrMDpE.exe
  2⤵
  PID:10004
- C:\Windows\System\AkatCho.exe
  C:\Windows\System\AkatCho.exe
  2⤵
  PID:10072
- C:\Windows\System\tubNsrj.exe
  C:\Windows\System\tubNsrj.exe
  2⤵
  PID:10104
- C:\Windows\System\pEgYApq.exe
  C:\Windows\System\pEgYApq.exe
  2⤵
  PID:10216
- C:\Windows\System\pLnDnWA.exe
  C:\Windows\System\pLnDnWA.exe
  2⤵
  PID:9284
- C:\Windows\System\cYnldNo.exe
  C:\Windows\System\cYnldNo.exe
  2⤵
  PID:9412
- C:\Windows\System\OyCRdUh.exe
  C:\Windows\System\OyCRdUh.exe
  2⤵
  PID:9504
- C:\Windows\System\BRHvrrq.exe
  C:\Windows\System\BRHvrrq.exe
  2⤵
  PID:9628
- C:\Windows\System\glbDKxJ.exe
  C:\Windows\System\glbDKxJ.exe
  2⤵
  PID:9764
- C:\Windows\System\lyTQalh.exe
  C:\Windows\System\lyTQalh.exe
  2⤵
  PID:9936
- C:\Windows\System\mQpMnPO.exe
  C:\Windows\System\mQpMnPO.exe
  2⤵
  PID:10048
- C:\Windows\System\VOBtaPa.exe
  C:\Windows\System\VOBtaPa.exe
  2⤵
  PID:9264
- C:\Windows\System\CvYfdzm.exe
  C:\Windows\System\CvYfdzm.exe
  2⤵
  PID:7396
- C:\Windows\System\HGBMZvd.exe
  C:\Windows\System\HGBMZvd.exe
  2⤵
  PID:9844
- C:\Windows\System\jHoNXZQ.exe
  C:\Windows\System\jHoNXZQ.exe
  2⤵
  PID:10120
- C:\Windows\System\dYJpwFW.exe
  C:\Windows\System\dYJpwFW.exe
  2⤵
  PID:9712
- C:\Windows\System\DplewAA.exe
  C:\Windows\System\DplewAA.exe
  2⤵
  PID:9004
- C:\Windows\System\ThOvOSX.exe
  C:\Windows\System\ThOvOSX.exe
  2⤵
  PID:10256
- C:\Windows\System\JxBSlwd.exe
  C:\Windows\System\JxBSlwd.exe
  2⤵
  PID:10284
- C:\Windows\System\dQdYdkk.exe
  C:\Windows\System\dQdYdkk.exe
  2⤵
  PID:10308
- C:\Windows\System\xiWraub.exe
  C:\Windows\System\xiWraub.exe
  2⤵
  PID:10340
- C:\Windows\System\VKCgjhw.exe
  C:\Windows\System\VKCgjhw.exe
  2⤵
  PID:10368
- C:\Windows\System\ETaMhCn.exe
  C:\Windows\System\ETaMhCn.exe
  2⤵
  PID:10384
- C:\Windows\System\roIGoIL.exe
  C:\Windows\System\roIGoIL.exe
  2⤵
  PID:10424
- C:\Windows\System\WAXOOBU.exe
  C:\Windows\System\WAXOOBU.exe
  2⤵
  PID:10444
- C:\Windows\System\GpirKYY.exe
  C:\Windows\System\GpirKYY.exe
  2⤵
  PID:10476
- C:\Windows\System\HsBerAK.exe
  C:\Windows\System\HsBerAK.exe
  2⤵
  PID:10508
- C:\Windows\System\BNsPMXV.exe
  C:\Windows\System\BNsPMXV.exe
  2⤵
  PID:10536
- C:\Windows\System\fztkWTG.exe
  C:\Windows\System\fztkWTG.exe
  2⤵
  PID:10564
- C:\Windows\System\YwCQDHk.exe
  C:\Windows\System\YwCQDHk.exe
  2⤵
  PID:10592
- C:\Windows\System\fsXSQTD.exe
  C:\Windows\System\fsXSQTD.exe
  2⤵
  PID:10620
- C:\Windows\System\SOCdQsc.exe
  C:\Windows\System\SOCdQsc.exe
  2⤵
  PID:10648
- C:\Windows\System\BWlTRUy.exe
  C:\Windows\System\BWlTRUy.exe
  2⤵
  PID:10680
- C:\Windows\System\sXJPgxp.exe
  C:\Windows\System\sXJPgxp.exe
  2⤵
  PID:10724
- C:\Windows\System\lYYrcwD.exe
  C:\Windows\System\lYYrcwD.exe
  2⤵
  PID:10740
- C:\Windows\System\yLUQnor.exe
  C:\Windows\System\yLUQnor.exe
  2⤵
  PID:10760
- C:\Windows\System\GvEZMWR.exe
  C:\Windows\System\GvEZMWR.exe
  2⤵
  PID:10796
- C:\Windows\System\jVEikBI.exe
  C:\Windows\System\jVEikBI.exe
  2⤵
  PID:10832
- C:\Windows\System\oQzYqOm.exe
  C:\Windows\System\oQzYqOm.exe
  2⤵
  PID:10860
- C:\Windows\System\xQDzjIc.exe
  C:\Windows\System\xQDzjIc.exe
  2⤵
  PID:10888
- C:\Windows\System\nrtIkGe.exe
  C:\Windows\System\nrtIkGe.exe
  2⤵
  PID:10904
- C:\Windows\System\TkbNjme.exe
  C:\Windows\System\TkbNjme.exe
  2⤵
  PID:10920
- C:\Windows\System\ZgvlKTH.exe
  C:\Windows\System\ZgvlKTH.exe
  2⤵
  PID:10960
- C:\Windows\System\hGVHGKu.exe
  C:\Windows\System\hGVHGKu.exe
  2⤵
  PID:10996
- C:\Windows\System\kTckGGX.exe
  C:\Windows\System\kTckGGX.exe
  2⤵
  PID:11028
- C:\Windows\System\IKtVaDQ.exe
  C:\Windows\System\IKtVaDQ.exe
  2⤵
  PID:11068
- C:\Windows\System\PFRpHKs.exe
  C:\Windows\System\PFRpHKs.exe
  2⤵
  PID:11084
- C:\Windows\System\bgfXhLy.exe
  C:\Windows\System\bgfXhLy.exe
  2⤵
  PID:11116
- C:\Windows\System\fbJyxZZ.exe
  C:\Windows\System\fbJyxZZ.exe
  2⤵
  PID:11136
- C:\Windows\System\SJbgdVH.exe
  C:\Windows\System\SJbgdVH.exe
  2⤵
  PID:11184
- C:\Windows\System\ejwZxzE.exe
  C:\Windows\System\ejwZxzE.exe
  2⤵
  PID:11212
- C:\Windows\System\JdRXvfJ.exe
  C:\Windows\System\JdRXvfJ.exe
  2⤵
  PID:11240
- C:\Windows\System\tanNlBN.exe
  C:\Windows\System\tanNlBN.exe
  2⤵
  PID:10248
- C:\Windows\System\liuBTyc.exe
  C:\Windows\System\liuBTyc.exe
  2⤵
  PID:10336
- C:\Windows\System\ppsDwnm.exe
  C:\Windows\System\ppsDwnm.exe
  2⤵
  PID:10408
- C:\Windows\System\BFzRJEl.exe
  C:\Windows\System\BFzRJEl.exe
  2⤵
  PID:10496
- C:\Windows\System\RfUsiSh.exe
  C:\Windows\System\RfUsiSh.exe
  2⤵
  PID:10576
- C:\Windows\System\PNDBNNX.exe
  C:\Windows\System\PNDBNNX.exe
  2⤵
  PID:10644
- C:\Windows\System\KWVJekb.exe
  C:\Windows\System\KWVJekb.exe
  2⤵
  PID:9876
- C:\Windows\System\nEWzNvb.exe
  C:\Windows\System\nEWzNvb.exe
  2⤵
  PID:2216
- C:\Windows\System\TczqssS.exe
  C:\Windows\System\TczqssS.exe
  2⤵
  PID:10732
- C:\Windows\System\wrlhjwJ.exe
  C:\Windows\System\wrlhjwJ.exe
  2⤵
  PID:10780
- C:\Windows\System\HKPJPPS.exe
  C:\Windows\System\HKPJPPS.exe
  2⤵
  PID:10824
- C:\Windows\System\TOcEvlF.exe
  C:\Windows\System\TOcEvlF.exe
  2⤵
  PID:10880
- C:\Windows\System\xRsWNwD.exe
  C:\Windows\System\xRsWNwD.exe
  2⤵
  PID:4380
- C:\Windows\System\JmCCYaH.exe
  C:\Windows\System\JmCCYaH.exe
  2⤵
  PID:10912
- C:\Windows\System\GRJrYdB.exe
  C:\Windows\System\GRJrYdB.exe
  2⤵
  PID:4456
- C:\Windows\System\nbHhQsp.exe
  C:\Windows\System\nbHhQsp.exe
  2⤵
  PID:2188
- C:\Windows\System\SfxpBhu.exe
  C:\Windows\System\SfxpBhu.exe
  2⤵
  PID:11204
- C:\Windows\System\MXlyQCQ.exe
  C:\Windows\System\MXlyQCQ.exe
  2⤵
  PID:10328
- C:\Windows\System\KeCKicP.exe
  C:\Windows\System\KeCKicP.exe
  2⤵
  PID:10380
- C:\Windows\System\iMLNqFL.exe
  C:\Windows\System\iMLNqFL.exe
  2⤵
  PID:1368
- C:\Windows\System\upGPkwX.exe
  C:\Windows\System\upGPkwX.exe
  2⤵
  PID:10556
- C:\Windows\System\lVIWSsR.exe
  C:\Windows\System\lVIWSsR.exe
  2⤵
  PID:10676
- C:\Windows\System\UnkZEDi.exe
  C:\Windows\System\UnkZEDi.exe
  2⤵
  PID:7632
- C:\Windows\System\rkhpNIk.exe
  C:\Windows\System\rkhpNIk.exe
  2⤵
  PID:10756
- C:\Windows\System\CVNxVTA.exe
  C:\Windows\System\CVNxVTA.exe
  2⤵
  PID:4964
- C:\Windows\System\brHwQsa.exe
  C:\Windows\System\brHwQsa.exe
  2⤵
  PID:10916
- C:\Windows\System\yufepvG.exe
  C:\Windows\System\yufepvG.exe
  2⤵
  PID:2140
- C:\Windows\System\kBKwgPJ.exe
  C:\Windows\System\kBKwgPJ.exe
  2⤵
  PID:1692
- C:\Windows\System\sQQiFkv.exe
  C:\Windows\System\sQQiFkv.exe
  2⤵
  PID:11248
- C:\Windows\System\PvgBxDl.exe
  C:\Windows\System\PvgBxDl.exe
  2⤵
  PID:4580
- C:\Windows\System\aTVwotI.exe
  C:\Windows\System\aTVwotI.exe
  2⤵
  PID:10672
- C:\Windows\System\wloDEVk.exe
  C:\Windows\System\wloDEVk.exe
  2⤵
  PID:10820
- C:\Windows\System\JNqcSkQ.exe
  C:\Windows\System\JNqcSkQ.exe
  2⤵
  PID:10520
- C:\Windows\System\KRkKiPm.exe
  C:\Windows\System\KRkKiPm.exe
  2⤵
  PID:10940
- C:\Windows\System\AfDiPrY.exe
  C:\Windows\System\AfDiPrY.exe
  2⤵
  PID:7604
- C:\Windows\System\TQUjIev.exe
  C:\Windows\System\TQUjIev.exe
  2⤵
  PID:1964
- C:\Windows\System\paRerqw.exe
  C:\Windows\System\paRerqw.exe
  2⤵
  PID:10952
- C:\Windows\System\MirBzKH.exe
  C:\Windows\System\MirBzKH.exe
  2⤵
  PID:1492
- C:\Windows\System\EVNWyiu.exe
  C:\Windows\System\EVNWyiu.exe
  2⤵
  PID:3396
- C:\Windows\System\huZsbLd.exe
  C:\Windows\System\huZsbLd.exe
  2⤵
  PID:4520
- C:\Windows\System\DQkmWSs.exe
  C:\Windows\System\DQkmWSs.exe
  2⤵
  PID:11304
- C:\Windows\System\FEaFZom.exe
  C:\Windows\System\FEaFZom.exe
  2⤵
  PID:11388
- C:\Windows\System\DKyztpv.exe
  C:\Windows\System\DKyztpv.exe
  2⤵
  PID:11424
- C:\Windows\System\QRUXCRM.exe
  C:\Windows\System\QRUXCRM.exe
  2⤵
  PID:11456
- C:\Windows\System\UcQuaIA.exe
  C:\Windows\System\UcQuaIA.exe
  2⤵
  PID:11476
- C:\Windows\System\ZvFHCAZ.exe
  C:\Windows\System\ZvFHCAZ.exe
  2⤵
  PID:11516
- C:\Windows\System\InWxLzy.exe
  C:\Windows\System\InWxLzy.exe
  2⤵
  PID:11544
- C:\Windows\System\MwYMLFn.exe
  C:\Windows\System\MwYMLFn.exe
  2⤵
  PID:11568
- C:\Windows\System\rFPoIZp.exe
  C:\Windows\System\rFPoIZp.exe
  2⤵
  PID:11588
- C:\Windows\System\vnLgxam.exe
  C:\Windows\System\vnLgxam.exe
  2⤵
  PID:11632
- C:\Windows\System\UlrxzMR.exe
  C:\Windows\System\UlrxzMR.exe
  2⤵
  PID:11648
- C:\Windows\System\BHyIuih.exe
  C:\Windows\System\BHyIuih.exe
  2⤵
  PID:11684
- C:\Windows\System\YlgUSEp.exe
  C:\Windows\System\YlgUSEp.exe
  2⤵
  PID:11704
- C:\Windows\System\NqFclmc.exe
  C:\Windows\System\NqFclmc.exe
  2⤵
  PID:11752
- C:\Windows\System\IJTXkqN.exe
  C:\Windows\System\IJTXkqN.exe
  2⤵
  PID:11832
- C:\Windows\System\OogCbcf.exe
  C:\Windows\System\OogCbcf.exe
  2⤵
  PID:11864
- C:\Windows\System\HJYJOOQ.exe
  C:\Windows\System\HJYJOOQ.exe
  2⤵
  PID:11920
- C:\Windows\System\owiwhKp.exe
  C:\Windows\System\owiwhKp.exe
  2⤵
  PID:11956
- C:\Windows\System\HfeQXIc.exe
  C:\Windows\System\HfeQXIc.exe
  2⤵
  PID:11988
- C:\Windows\System\TrljroH.exe
  C:\Windows\System\TrljroH.exe
  2⤵
  PID:12008
- C:\Windows\System\RmWsIWL.exe
  C:\Windows\System\RmWsIWL.exe
  2⤵
  PID:12056
- C:\Windows\System\pURpZYy.exe
  C:\Windows\System\pURpZYy.exe
  2⤵
  PID:12084
- C:\Windows\System\GVUDgGE.exe
  C:\Windows\System\GVUDgGE.exe
  2⤵
  PID:12112
- C:\Windows\System\gbbKWbW.exe
  C:\Windows\System\gbbKWbW.exe
  2⤵
  PID:12136
- C:\Windows\System\FHgnmWx.exe
  C:\Windows\System\FHgnmWx.exe
  2⤵
  PID:12160
- C:\Windows\System\HMpYIMY.exe
  C:\Windows\System\HMpYIMY.exe
  2⤵
  PID:12176
- C:\Windows\System\gmqleOE.exe
  C:\Windows\System\gmqleOE.exe
  2⤵
  PID:12224
- C:\Windows\System\bFjAhod.exe
  C:\Windows\System\bFjAhod.exe
  2⤵
  PID:12268
- C:\Windows\System\bfOXoKp.exe
  C:\Windows\System\bfOXoKp.exe
  2⤵
  PID:12284
- C:\Windows\System\GCdoosY.exe
  C:\Windows\System\GCdoosY.exe
  2⤵
  PID:2820
- C:\Windows\System\AueiyaZ.exe
  C:\Windows\System\AueiyaZ.exe
  2⤵
  PID:3216
- C:\Windows\System\NIBNfYq.exe
  C:\Windows\System\NIBNfYq.exe
  2⤵
  PID:11280
- C:\Windows\System\pBFAjZl.exe
  C:\Windows\System\pBFAjZl.exe
  2⤵
  PID:4892
- C:\Windows\System\gbloESb.exe
  C:\Windows\System\gbloESb.exe
  2⤵
  PID:4428
- C:\Windows\System\sbYbnAO.exe
  C:\Windows\System\sbYbnAO.exe
  2⤵
  PID:11496
- C:\Windows\System\CIzPnkX.exe
  C:\Windows\System\CIzPnkX.exe
  2⤵
  PID:11528
- C:\Windows\System\CaBzIbI.exe
  C:\Windows\System\CaBzIbI.exe
  2⤵
  PID:11584
- C:\Windows\System\hcTKnvA.exe
  C:\Windows\System\hcTKnvA.exe
  2⤵
  PID:1380
- C:\Windows\System\wZCbfVU.exe
  C:\Windows\System\wZCbfVU.exe
  2⤵
  PID:11724
- C:\Windows\System\FJDZRcq.exe
  C:\Windows\System\FJDZRcq.exe
  2⤵
  PID:832
- C:\Windows\System\PUelHDg.exe
  C:\Windows\System\PUelHDg.exe
  2⤵
  PID:840
- C:\Windows\System\AzFgOfo.exe
  C:\Windows\System\AzFgOfo.exe
  2⤵
  PID:11852
- C:\Windows\System\KIKjHen.exe
  C:\Windows\System\KIKjHen.exe
  2⤵
  PID:10460
- C:\Windows\System\VrdwVIJ.exe
  C:\Windows\System\VrdwVIJ.exe
  2⤵
  PID:2096
- C:\Windows\System\nYVLbwD.exe
  C:\Windows\System\nYVLbwD.exe
  2⤵
  PID:12036
- C:\Windows\System\AqwLXEL.exe
  C:\Windows\System\AqwLXEL.exe
  2⤵
  PID:11268
- C:\Windows\System\oqJwQtm.exe
  C:\Windows\System\oqJwQtm.exe
  2⤵
  PID:4352
- C:\Windows\System\RdSdFub.exe
  C:\Windows\System\RdSdFub.exe
  2⤵
  PID:3700
- C:\Windows\System\bnJdxQB.exe
  C:\Windows\System\bnJdxQB.exe
  2⤵
  PID:12132
- C:\Windows\System\NMQSign.exe
  C:\Windows\System\NMQSign.exe
  2⤵
  PID:12168
- C:\Windows\System\jTCrzGu.exe
  C:\Windows\System\jTCrzGu.exe
  2⤵
  PID:12240
- C:\Windows\System\cbxATrN.exe
  C:\Windows\System\cbxATrN.exe
  2⤵
  PID:5024
- C:\Windows\System\cVfBGFp.exe
  C:\Windows\System\cVfBGFp.exe
  2⤵
  PID:960
- C:\Windows\System\SsuGFoK.exe
  C:\Windows\System\SsuGFoK.exe
  2⤵
  PID:11288
- C:\Windows\System\MWgdddL.exe
  C:\Windows\System\MWgdddL.exe
  2⤵
  PID:1980
- C:\Windows\System\ikudsLO.exe
  C:\Windows\System\ikudsLO.exe
  2⤵
  PID:1112
- C:\Windows\System\WgRLpVC.exe
  C:\Windows\System\WgRLpVC.exe
  2⤵
  PID:11680
- C:\Windows\System\smoiEYQ.exe
  C:\Windows\System\smoiEYQ.exe
  2⤵
  PID:3996
- C:\Windows\System\qpwMpYw.exe
  C:\Windows\System\qpwMpYw.exe
  2⤵
  PID:4308
- C:\Windows\System\PxfYbUb.exe
  C:\Windows\System\PxfYbUb.exe
  2⤵
  PID:5008
- C:\Windows\System\XiTVVot.exe
  C:\Windows\System\XiTVVot.exe
  2⤵
  PID:4416
- C:\Windows\System\VajyIQb.exe
  C:\Windows\System\VajyIQb.exe
  2⤵
  PID:5228
- C:\Windows\System\PTAYPoX.exe
  C:\Windows\System\PTAYPoX.exe
  2⤵
  PID:2612
- C:\Windows\System\hypUHsf.exe
  C:\Windows\System\hypUHsf.exe
  2⤵
  PID:5100
- C:\Windows\System\wWOPpMj.exe
  C:\Windows\System\wWOPpMj.exe
  2⤵
  PID:11420
- C:\Windows\System\WNtvyLY.exe
  C:\Windows\System\WNtvyLY.exe
  2⤵
  PID:5472
- C:\Windows\System\GqNjYmC.exe
  C:\Windows\System\GqNjYmC.exe
  2⤵
  PID:3368
- C:\Windows\System\UBhvvQD.exe
  C:\Windows\System\UBhvvQD.exe
  2⤵
  PID:10856
- C:\Windows\System\msvRQjs.exe
  C:\Windows\System\msvRQjs.exe
  2⤵
  PID:5604
- C:\Windows\System\hhmIyTX.exe
  C:\Windows\System\hhmIyTX.exe
  2⤵
  PID:12124
- C:\Windows\System\lbhYuUY.exe
  C:\Windows\System\lbhYuUY.exe
  2⤵
  PID:5296
- C:\Windows\System\xzTDpUp.exe
  C:\Windows\System\xzTDpUp.exe
  2⤵
  PID:5772
- C:\Windows\System\BdZQuex.exe
  C:\Windows\System\BdZQuex.exe
  2⤵
  PID:5872
- C:\Windows\System\YFMPYto.exe
  C:\Windows\System\YFMPYto.exe
  2⤵
  PID:11668
- C:\Windows\System\IpPeZIm.exe
  C:\Windows\System\IpPeZIm.exe
  2⤵
  PID:5528
- C:\Windows\System\CjkKHDq.exe
  C:\Windows\System\CjkKHDq.exe
  2⤵
  PID:11884
- C:\Windows\System\NJoQqaC.exe
  C:\Windows\System\NJoQqaC.exe
  2⤵
  PID:6072
- C:\Windows\System\uuIXhmh.exe
  C:\Windows\System\uuIXhmh.exe
  2⤵
  PID:1376
- C:\Windows\System\UDlieQc.exe
  C:\Windows\System\UDlieQc.exe
  2⤵
  PID:512
- C:\Windows\System\xZLcyCx.exe
  C:\Windows\System\xZLcyCx.exe
  2⤵
  PID:5744
- C:\Windows\System\uwukWVm.exe
  C:\Windows\System\uwukWVm.exe
  2⤵
  PID:5380
- C:\Windows\System\cBNxbHr.exe
  C:\Windows\System\cBNxbHr.exe
  2⤵
  PID:5552
- C:\Windows\System\WUDiQvn.exe
  C:\Windows\System\WUDiQvn.exe
  2⤵
  PID:5760
- C:\Windows\System\cjOMknN.exe
  C:\Windows\System\cjOMknN.exe
  2⤵
  PID:5820
- C:\Windows\System\HGYBgzs.exe
  C:\Windows\System\HGYBgzs.exe
  2⤵
  PID:5988
- C:\Windows\System\AuiPKzo.exe
  C:\Windows\System\AuiPKzo.exe
  2⤵
  PID:5140
- C:\Windows\System\vAiWtrP.exe
  C:\Windows\System\vAiWtrP.exe
  2⤵
  PID:3872
- C:\Windows\System\GAetrnN.exe
  C:\Windows\System\GAetrnN.exe
  2⤵
  PID:1756
- C:\Windows\System\ussDLyp.exe
  C:\Windows\System\ussDLyp.exe
  2⤵
  PID:12192
- C:\Windows\System\FbpEjco.exe
  C:\Windows\System\FbpEjco.exe
  2⤵
  PID:6076
- C:\Windows\System\iOXWdSt.exe
  C:\Windows\System\iOXWdSt.exe
  2⤵
  PID:5832
- C:\Windows\System\zaRIHDN.exe
  C:\Windows\System\zaRIHDN.exe
  2⤵
  PID:5960
- C:\Windows\System\QwQijOD.exe
  C:\Windows\System\QwQijOD.exe
  2⤵
  PID:5152
- C:\Windows\System\YJIDPnY.exe
  C:\Windows\System\YJIDPnY.exe
  2⤵
  PID:5912
- C:\Windows\System\YaKFRrr.exe
  C:\Windows\System\YaKFRrr.exe
  2⤵
  PID:6236
- C:\Windows\System\bEbLKRr.exe
  C:\Windows\System\bEbLKRr.exe
  2⤵
  PID:6264
- C:\Windows\System\RXeTmMr.exe
  C:\Windows\System\RXeTmMr.exe
  2⤵
  PID:6156
- C:\Windows\System\gobexDa.exe
  C:\Windows\System\gobexDa.exe
  2⤵
  PID:6296
- C:\Windows\System\tuCusKv.exe
  C:\Windows\System\tuCusKv.exe
  2⤵
  PID:12308
- C:\Windows\System\milHujt.exe
  C:\Windows\System\milHujt.exe
  2⤵
  PID:12336
- C:\Windows\System\ZZzMRgT.exe
  C:\Windows\System\ZZzMRgT.exe
  2⤵
  PID:12352
- C:\Windows\System\RHUrnFP.exe
  C:\Windows\System\RHUrnFP.exe
  2⤵
  PID:12392
- C:\Windows\System\fJABxse.exe
  C:\Windows\System\fJABxse.exe
  2⤵
  PID:12420
- C:\Windows\System\Oxmcrpt.exe
  C:\Windows\System\Oxmcrpt.exe
  2⤵
  PID:12448
- C:\Windows\System\uOdqjfl.exe
  C:\Windows\System\uOdqjfl.exe
  2⤵
  PID:12476
- C:\Windows\System\KsbkDBw.exe
  C:\Windows\System\KsbkDBw.exe
  2⤵
  PID:12504
- C:\Windows\System\lVfveft.exe
  C:\Windows\System\lVfveft.exe
  2⤵
  PID:12532
- C:\Windows\System\IPuFeLa.exe
  C:\Windows\System\IPuFeLa.exe
  2⤵
  PID:12568
- C:\Windows\System\fuAzDlt.exe
  C:\Windows\System\fuAzDlt.exe
  2⤵
  PID:12608
- C:\Windows\System\SmdwlIP.exe
  C:\Windows\System\SmdwlIP.exe
  2⤵
  PID:12628
- C:\Windows\System\MjMUWKS.exe
  C:\Windows\System\MjMUWKS.exe
  2⤵
  PID:12660
- C:\Windows\System\udHpWww.exe
  C:\Windows\System\udHpWww.exe
  2⤵
  PID:12696
- C:\Windows\System\RneWQhj.exe
  C:\Windows\System\RneWQhj.exe
  2⤵
  PID:12720
- C:\Windows\System\wyeOrOd.exe
  C:\Windows\System\wyeOrOd.exe
  2⤵
  PID:12768
- C:\Windows\System\vnNHKVs.exe
  C:\Windows\System\vnNHKVs.exe
  2⤵
  PID:12792
- C:\Windows\System\yRXWmqk.exe
  C:\Windows\System\yRXWmqk.exe
  2⤵
  PID:12824
- C:\Windows\System\bNfANuc.exe
  C:\Windows\System\bNfANuc.exe
  2⤵
  PID:12864
- C:\Windows\System\gwvDXSV.exe
  C:\Windows\System\gwvDXSV.exe
  2⤵
  PID:12896
- C:\Windows\System\cVqfSwj.exe
  C:\Windows\System\cVqfSwj.exe
  2⤵
  PID:12924
- C:\Windows\System\MSBYKKL.exe
  C:\Windows\System\MSBYKKL.exe
  2⤵
  PID:12952
- C:\Windows\System\woJXboE.exe
  C:\Windows\System\woJXboE.exe
  2⤵
  PID:13000
- C:\Windows\System\nDdLlba.exe
  C:\Windows\System\nDdLlba.exe
  2⤵
  PID:13044
- C:\Windows\System\clGxtWN.exe
  C:\Windows\System\clGxtWN.exe
  2⤵
  PID:13072
- C:\Windows\System\BioABoI.exe
  C:\Windows\System\BioABoI.exe
  2⤵
  PID:13104
- C:\Windows\System\jNKbRzY.exe
  C:\Windows\System\jNKbRzY.exe
  2⤵
  PID:13164
- C:\Windows\System\FlsamUS.exe
  C:\Windows\System\FlsamUS.exe
  2⤵
  PID:13180
- C:\Windows\System\zFNscjL.exe
  C:\Windows\System\zFNscjL.exe
  2⤵
  PID:13200
- C:\Windows\System\bZurNCD.exe
  C:\Windows\System\bZurNCD.exe
  2⤵
  PID:13232
- C:\Windows\System\LBKNaMC.exe
  C:\Windows\System\LBKNaMC.exe
  2⤵
  PID:13260
- C:\Windows\System\WqmPqdn.exe
  C:\Windows\System\WqmPqdn.exe
  2⤵
  PID:13284
- C:\Windows\System\YcdnrYe.exe
  C:\Windows\System\YcdnrYe.exe
  2⤵
  PID:6308
- C:\Windows\System\VGwoXRr.exe
  C:\Windows\System\VGwoXRr.exe
  2⤵
  PID:12304
- C:\Windows\System\rWzgToW.exe
  C:\Windows\System\rWzgToW.exe
  2⤵
  PID:12344
- C:\Windows\System\YunXjbv.exe
  C:\Windows\System\YunXjbv.exe
  2⤵
  PID:12432
- C:\Windows\System\qEvwwpT.exe
  C:\Windows\System\qEvwwpT.exe
  2⤵
  PID:12488
- C:\Windows\System\acHzTeJ.exe
  C:\Windows\System\acHzTeJ.exe
  2⤵
  PID:12524
- C:\Windows\System\kwNaYed.exe
  C:\Windows\System\kwNaYed.exe
  2⤵
  PID:6664
- C:\Windows\System\vgnnPjm.exe
  C:\Windows\System\vgnnPjm.exe
  2⤵
  PID:12624
- C:\Windows\System\ezEOUIh.exe
  C:\Windows\System\ezEOUIh.exe
  2⤵
  PID:6756
- C:\Windows\System\MrHeITc.exe
  C:\Windows\System\MrHeITc.exe
  2⤵
  PID:4412
- C:\Windows\System\cTjMTld.exe
  C:\Windows\System\cTjMTld.exe
  2⤵
  PID:6828
- C:\Windows\System\BSjqCaZ.exe
  C:\Windows\System\BSjqCaZ.exe
  2⤵
  PID:12800
- C:\Windows\System\pFtXqMa.exe
  C:\Windows\System\pFtXqMa.exe
  2⤵
  PID:12872
- C:\Windows\System\jcOxWUK.exe
  C:\Windows\System\jcOxWUK.exe
  2⤵
  PID:7008
- C:\Windows\System\LEhfdQG.exe
  C:\Windows\System\LEhfdQG.exe
  2⤵
  PID:13060
- C:\Windows\System\vSttOSB.exe
  C:\Windows\System\vSttOSB.exe
  2⤵
  PID:6360
- C:\Windows\System\dwiDmuO.exe
  C:\Windows\System\dwiDmuO.exe
  2⤵
  PID:13176
- C:\Windows\System\fsvlweO.exe
  C:\Windows\System\fsvlweO.exe
  2⤵
  PID:12492
- C:\Windows\System\rQtmJdw.exe
  C:\Windows\System\rQtmJdw.exe
  2⤵
  PID:6268
- C:\Windows\System\cZjKKhl.exe
  C:\Windows\System\cZjKKhl.exe
  2⤵
  PID:6700
- C:\Windows\System\mqcDJUB.exe
  C:\Windows\System\mqcDJUB.exe
  2⤵
  PID:7040
- C:\Windows\System\UcgKwdC.exe
  C:\Windows\System\UcgKwdC.exe
  2⤵
  PID:13012
- C:\Windows\System\PwlXwpG.exe
  C:\Windows\System\PwlXwpG.exe
  2⤵
  PID:6244
- C:\Windows\System\PVqrJgO.exe
  C:\Windows\System\PVqrJgO.exe
  2⤵
  PID:6868
- C:\Windows\System\EHRYLTC.exe
  C:\Windows\System\EHRYLTC.exe
  2⤵
  PID:6924
- C:\Windows\System\TEoaajl.exe
  C:\Windows\System\TEoaajl.exe
  2⤵
  PID:13172
- C:\Windows\System\JmNSLYg.exe
  C:\Windows\System\JmNSLYg.exe
  2⤵
  PID:13300
- C:\Windows\System\pYleiUa.exe
  C:\Windows\System\pYleiUa.exe
  2⤵
  PID:12328
- C:\Windows\System\wnWMYJu.exe
  C:\Windows\System\wnWMYJu.exe
  2⤵
  PID:7116
- C:\Windows\System\pJphlXg.exe
  C:\Windows\System\pJphlXg.exe
  2⤵
  PID:1236
- C:\Windows\System\phFPznh.exe
  C:\Windows\System\phFPznh.exe
  2⤵
  PID:8096
- C:\Windows\System\MvjmEnr.exe
  C:\Windows\System\MvjmEnr.exe
  2⤵
  PID:8136
- C:\Windows\System\HrCQPRt.exe
  C:\Windows\System\HrCQPRt.exe
  2⤵
  PID:6988
- C:\Windows\System\rBtatOv.exe
  C:\Windows\System\rBtatOv.exe
  2⤵
  PID:6936
- C:\Windows\System\wRHdYaX.exe
  C:\Windows\System\wRHdYaX.exe
  2⤵
  PID:7304
- C:\Windows\System\VxdfRuZ.exe
  C:\Windows\System\VxdfRuZ.exe
  2⤵
  PID:7408
- C:\Windows\System\yGRafgF.exe
  C:\Windows\System\yGRafgF.exe
  2⤵
  PID:7064
- C:\Windows\System\Ioeorbd.exe
  C:\Windows\System\Ioeorbd.exe
  2⤵
  PID:12976
- C:\Windows\System\lqPbKsz.exe
  C:\Windows\System\lqPbKsz.exe
  2⤵
  PID:8172
- C:\Windows\System\oghHVxP.exe
  C:\Windows\System\oghHVxP.exe
  2⤵
  PID:13092
- C:\Windows\System\yHRzeft.exe
  C:\Windows\System\yHRzeft.exe
  2⤵
  PID:13028
- C:\Windows\System\dPXjgXQ.exe
  C:\Windows\System\dPXjgXQ.exe
  2⤵
  PID:2480
- C:\Windows\System\SCGCzVL.exe
  C:\Windows\System\SCGCzVL.exe
  2⤵
  PID:8108
- C:\Windows\System\keCSjNp.exe
  C:\Windows\System\keCSjNp.exe
  2⤵
  PID:7264
- C:\Windows\System\JEJpbAz.exe
  C:\Windows\System\JEJpbAz.exe
  2⤵
  PID:6380
- C:\Windows\System\UJYhKIN.exe
  C:\Windows\System\UJYhKIN.exe
  2⤵
  PID:8144
- C:\Windows\System\aAsZIjI.exe
  C:\Windows\System\aAsZIjI.exe
  2⤵
  PID:1620
- C:\Windows\System\NYmZtqX.exe
  C:\Windows\System\NYmZtqX.exe
  2⤵
  PID:5072
- C:\Windows\System\hbGiLKH.exe
  C:\Windows\System\hbGiLKH.exe
  2⤵
  PID:1956
- C:\Windows\System\toEKzGU.exe
  C:\Windows\System\toEKzGU.exe
  2⤵
  PID:8304
- C:\Windows\System\IymaSrd.exe
  C:\Windows\System\IymaSrd.exe
  2⤵
  PID:7172
- C:\Windows\System\SfdVdAS.exe
  C:\Windows\System\SfdVdAS.exe
  2⤵
  PID:8376
- C:\Windows\System\tjmYLjo.exe
  C:\Windows\System\tjmYLjo.exe
  2⤵
  PID:8396
- C:\Windows\System\cnwymFs.exe
  C:\Windows\System\cnwymFs.exe
  2⤵
  PID:6260
- C:\Windows\System\TxdMmvJ.exe
  C:\Windows\System\TxdMmvJ.exe
  2⤵
  PID:8516
- C:\Windows\System\wsjtHsD.exe
  C:\Windows\System\wsjtHsD.exe
  2⤵
  PID:13080
- C:\Windows\System\ACeskqO.exe
  C:\Windows\System\ACeskqO.exe
  2⤵
  PID:5248
- C:\Windows\System\AhoSBko.exe
  C:\Windows\System\AhoSBko.exe
  2⤵
  PID:8644
- C:\Windows\System\dNFrNna.exe
  C:\Windows\System\dNFrNna.exe
  2⤵
  PID:5360
- C:\Windows\System\ILriYaX.exe
  C:\Windows\System\ILriYaX.exe
  2⤵
  PID:2772
- C:\Windows\System\tVNufLU.exe
  C:\Windows\System\tVNufLU.exe
  2⤵
  PID:8208
- C:\Windows\System\SwIORtn.exe
  C:\Windows\System\SwIORtn.exe
  2⤵
  PID:8248
- C:\Windows\System\oPoPYIQ.exe
  C:\Windows\System\oPoPYIQ.exe
  2⤵
  PID:9156
- C:\Windows\System\PhyNOLC.exe
  C:\Windows\System\PhyNOLC.exe
  2⤵
  PID:3540
- C:\Windows\System\mjHcxwE.exe
  C:\Windows\System\mjHcxwE.exe
  2⤵
  PID:8424
- C:\Windows\System\ueGQWBv.exe
  C:\Windows\System\ueGQWBv.exe
  2⤵
  PID:8408
- C:\Windows\System\weDoYhm.exe
  C:\Windows\System\weDoYhm.exe
  2⤵
  PID:8572
- C:\Windows\System\PBkRJOw.exe
  C:\Windows\System\PBkRJOw.exe
  2⤵
  PID:5992
- C:\Windows\System\xufykqT.exe
  C:\Windows\System\xufykqT.exe
  2⤵
  PID:12592
- C:\Windows\System\kXJmQYP.exe
  C:\Windows\System\kXJmQYP.exe
  2⤵
  PID:9072
- C:\Windows\System\MWRALQx.exe
  C:\Windows\System\MWRALQx.exe
  2⤵
  PID:12920
- C:\Windows\System\qfnMMqO.exe
  C:\Windows\System\qfnMMqO.exe
  2⤵
  PID:8252
- C:\Windows\System\iKpTCAR.exe
  C:\Windows\System\iKpTCAR.exe
  2⤵
  PID:8536
- C:\Windows\System\tYQUeic.exe
  C:\Windows\System\tYQUeic.exe
  2⤵
  PID:13220
- C:\Windows\System\WCJOoHR.exe
  C:\Windows\System\WCJOoHR.exe
  2⤵
  PID:8552
- C:\Windows\System\TUQFjpb.exe
  C:\Windows\System\TUQFjpb.exe
  2⤵
  PID:12716
- C:\Windows\System\vyWlPRU.exe
  C:\Windows\System\vyWlPRU.exe
  2⤵
  PID:8872
- C:\Windows\System\qqjqujy.exe
  C:\Windows\System\qqjqujy.exe
  2⤵
  PID:9120
- C:\Windows\System\hURINQn.exe
  C:\Windows\System\hURINQn.exe
  2⤵
  PID:8440
- C:\Windows\System\OkTlgHU.exe
  C:\Windows\System\OkTlgHU.exe
  2⤵
  PID:1076
- C:\Windows\System\MZJaMVa.exe
  C:\Windows\System\MZJaMVa.exe
  2⤵
  PID:9088
- C:\Windows\System\ZftCkxJ.exe
  C:\Windows\System\ZftCkxJ.exe
  2⤵
  PID:8296
- C:\Windows\System\UfLEgSf.exe
  C:\Windows\System\UfLEgSf.exe
  2⤵
  PID:8076
- C:\Windows\System\uiLaZWZ.exe
  C:\Windows\System\uiLaZWZ.exe
  2⤵
  PID:5996
- C:\Windows\System\nUQZynX.exe
  C:\Windows\System\nUQZynX.exe
  2⤵
  PID:5936
- C:\Windows\System\MzZBKeZ.exe
  C:\Windows\System\MzZBKeZ.exe
  2⤵
  PID:5348
- C:\Windows\System\HSRKkqT.exe
  C:\Windows\System\HSRKkqT.exe
  2⤵
  PID:9328
- C:\Windows\System\JVaqsMR.exe
  C:\Windows\System\JVaqsMR.exe
  2⤵
  PID:9384
- C:\Windows\System\WcYyWxB.exe
  C:\Windows\System\WcYyWxB.exe
  2⤵
  PID:9608
- C:\Windows\System\OgsyghM.exe
  C:\Windows\System\OgsyghM.exe
  2⤵
  PID:9724
- C:\Windows\System\GiMTJUB.exe
  C:\Windows\System\GiMTJUB.exe
  2⤵
  PID:9464
- C:\Windows\System\rROCDzM.exe
  C:\Windows\System\rROCDzM.exe
  2⤵
  PID:9588
- C:\Windows\System\HazGjaw.exe
  C:\Windows\System\HazGjaw.exe
  2⤵
  PID:9732
- C:\Windows\System\peXrivt.exe
  C:\Windows\System\peXrivt.exe
  2⤵
  PID:6540
- C:\Windows\System\ZnMVCGn.exe
  C:\Windows\System\ZnMVCGn.exe
  2⤵
  PID:9192
- C:\Windows\System\acNObJG.exe
  C:\Windows\System\acNObJG.exe
  2⤵
  PID:13336
- C:\Windows\System\nJwYkqp.exe
  C:\Windows\System\nJwYkqp.exe
  2⤵
  PID:13380
- C:\Windows\System\wCxeQbT.exe
  C:\Windows\System\wCxeQbT.exe
  2⤵
  PID:13412
- C:\Windows\System\TtaKAkk.exe
  C:\Windows\System\TtaKAkk.exe
  2⤵
  PID:13432
- C:\Windows\System\FISTnap.exe
  C:\Windows\System\FISTnap.exe
  2⤵
  PID:13456
- C:\Windows\System\AiArEkp.exe
  C:\Windows\System\AiArEkp.exe
  2⤵
  PID:13492
- C:\Windows\System\bkgMKFX.exe
  C:\Windows\System\bkgMKFX.exe
  2⤵
  PID:13512
- C:\Windows\System\HdsYOqP.exe
  C:\Windows\System\HdsYOqP.exe
  2⤵
  PID:13540
- C:\Windows\System\vVMAjvw.exe
  C:\Windows\System\vVMAjvw.exe
  2⤵
  PID:13568
- C:\Windows\System\yjsBKAb.exe
  C:\Windows\System\yjsBKAb.exe
  2⤵
  PID:13596
- C:\Windows\System\AhZjtTz.exe
  C:\Windows\System\AhZjtTz.exe
  2⤵
  PID:13632
- C:\Windows\System\dtBqCwa.exe
  C:\Windows\System\dtBqCwa.exe
  2⤵
  PID:13656
- C:\Windows\System\DiZOXUo.exe
  C:\Windows\System\DiZOXUo.exe
  2⤵
  PID:13688
- C:\Windows\System\FHBTFde.exe
  C:\Windows\System\FHBTFde.exe
  2⤵
  PID:13720
- C:\Windows\System\mAKSiox.exe
  C:\Windows\System\mAKSiox.exe
  2⤵
  PID:13748
- C:\Windows\System\hYMPhhi.exe
  C:\Windows\System\hYMPhhi.exe
  2⤵
  PID:13780
- C:\Windows\System\yXcRtUN.exe
  C:\Windows\System\yXcRtUN.exe
  2⤵
  PID:13804
- C:\Windows\System\OXLVveF.exe
  C:\Windows\System\OXLVveF.exe
  2⤵
  PID:13832
- C:\Windows\System\vyVgiNv.exe
  C:\Windows\System\vyVgiNv.exe
  2⤵
  PID:13864
- C:\Windows\System\vmOcYOu.exe
  C:\Windows\System\vmOcYOu.exe
  2⤵
  PID:13908
- C:\Windows\System\gyGDXxg.exe
  C:\Windows\System\gyGDXxg.exe
  2⤵
  PID:13940
- C:\Windows\System\TGfJWmZ.exe
  C:\Windows\System\TGfJWmZ.exe
  2⤵
  PID:13964
- C:\Windows\System\owhuYVI.exe
  C:\Windows\System\owhuYVI.exe
  2⤵
  PID:13984
- C:\Windows\System\SbEuBpH.exe
  C:\Windows\System\SbEuBpH.exe
  2⤵
  PID:14024
- C:\Windows\System\KWvcnCo.exe
  C:\Windows\System\KWvcnCo.exe
  2⤵
  PID:14044
- C:\Windows\System\TObYWEw.exe
  C:\Windows\System\TObYWEw.exe
  2⤵
  PID:14076
- C:\Windows\System\cbiraZI.exe
  C:\Windows\System\cbiraZI.exe
  2⤵
  PID:14100
- C:\Windows\System\vpXKdPq.exe
  C:\Windows\System\vpXKdPq.exe
  2⤵
  PID:14132
- C:\Windows\System\axXBwzN.exe
  C:\Windows\System\axXBwzN.exe
  2⤵
  PID:14168
- C:\Windows\System\Pwhzell.exe
  C:\Windows\System\Pwhzell.exe
  2⤵
  PID:14196
- C:\Windows\System\PjPIgKv.exe
  C:\Windows\System\PjPIgKv.exe
  2⤵
  PID:14212
- C:\Windows\System\lAQScOs.exe
  C:\Windows\System\lAQScOs.exe
  2⤵
  PID:14256
- C:\Windows\System\jhGKgWv.exe
  C:\Windows\System\jhGKgWv.exe
  2⤵
  PID:14284
- C:\Windows\System\euWcecd.exe
  C:\Windows\System\euWcecd.exe
  2⤵
  PID:14300
- C:\Windows\System\FnOAIzf.exe
  C:\Windows\System\FnOAIzf.exe
  2⤵
  PID:6472
- C:\Windows\System\DHeJcGR.exe
  C:\Windows\System\DHeJcGR.exe
  2⤵
  PID:10200
- C:\Windows\System\MrzmUZj.exe
  C:\Windows\System\MrzmUZj.exe
  2⤵
  PID:13408
- C:\Windows\System\vhQYjtJ.exe
  C:\Windows\System\vhQYjtJ.exe
  2⤵
  PID:9048
- C:\Windows\System\LXLCggn.exe
  C:\Windows\System\LXLCggn.exe
  2⤵
  PID:13484
- C:\Windows\System\pdgUjIG.exe
  C:\Windows\System\pdgUjIG.exe
  2⤵
  PID:9620
- C:\Windows\System\hmRFrvk.exe
  C:\Windows\System\hmRFrvk.exe
  2⤵
  PID:13536
- C:\Windows\System\zFmuEhq.exe
  C:\Windows\System\zFmuEhq.exe
  2⤵
  PID:7140
- C:\Windows\System\YwLcoup.exe
  C:\Windows\System\YwLcoup.exe
  2⤵
  PID:4996
- C:\Windows\System\eYyMtyb.exe
  C:\Windows\System\eYyMtyb.exe
  2⤵
  PID:13648
- C:\Windows\System\AMesSJP.exe
  C:\Windows\System\AMesSJP.exe
  2⤵
  PID:6576
- C:\Windows\System\KdViJDP.exe
  C:\Windows\System\KdViJDP.exe
  2⤵
  PID:13680
- C:\Windows\System\KdHQxPV.exe
  C:\Windows\System\KdHQxPV.exe
  2⤵
  PID:6760
- C:\Windows\System\tvGmXmT.exe
  C:\Windows\System\tvGmXmT.exe
  2⤵
  PID:10024
- C:\Windows\System\RWCKnpF.exe
  C:\Windows\System\RWCKnpF.exe
  2⤵
  PID:9592
- C:\Windows\System\QCSpobM.exe
  C:\Windows\System\QCSpobM.exe
  2⤵
  PID:9904
- C:\Windows\System\exhoUVs.exe
  C:\Windows\System\exhoUVs.exe
  2⤵
  PID:13788
- C:\Windows\System\lNjiaHG.exe
  C:\Windows\System\lNjiaHG.exe
  2⤵
  PID:13828
- C:\Windows\System\hoFNtJm.exe
  C:\Windows\System\hoFNtJm.exe
  2⤵
  PID:10392
- C:\Windows\System\VhCjCBa.exe
  C:\Windows\System\VhCjCBa.exe
  2⤵
  PID:10484
- C:\Windows\System\MSyswQr.exe
  C:\Windows\System\MSyswQr.exe
  2⤵
  PID:13904
- C:\Windows\System\ZYDDWmh.exe
  C:\Windows\System\ZYDDWmh.exe
  2⤵
  PID:10544
- C:\Windows\System\eHyIgZH.exe
  C:\Windows\System\eHyIgZH.exe
  2⤵
  PID:1800
- C:\Windows\System\TTjzCLD.exe
  C:\Windows\System\TTjzCLD.exe
  2⤵
  PID:10588
- C:\Windows\System\KdmAyxW.exe
  C:\Windows\System\KdmAyxW.exe
  2⤵
  PID:10656
- C:\Windows\System\JBEHtMc.exe
  C:\Windows\System\JBEHtMc.exe
  2⤵
  PID:6180
- C:\Windows\System\DfpzTdq.exe
  C:\Windows\System\DfpzTdq.exe
  2⤵
  PID:13960
- C:\Windows\System\wrvlFdB.exe
  C:\Windows\System\wrvlFdB.exe
  2⤵
  PID:13980
- C:\Windows\System\FJdDvld.exe
  C:\Windows\System\FJdDvld.exe
  2⤵
  PID:14000
- C:\Windows\System\maZZfsl.exe
  C:\Windows\System\maZZfsl.exe
  2⤵
  PID:7300
- C:\Windows\System\RnLqsxf.exe
  C:\Windows\System\RnLqsxf.exe
  2⤵
  PID:7444
- C:\Windows\System\iKvYJYn.exe
  C:\Windows\System\iKvYJYn.exe
  2⤵
  PID:14068
- C:\Windows\System\lPQcGvv.exe
  C:\Windows\System\lPQcGvv.exe
  2⤵
  PID:14124
- C:\Windows\System\RUOHdHQ.exe
  C:\Windows\System\RUOHdHQ.exe
  2⤵
  PID:14148
- C:\Windows\System\TYaagUZ.exe
  C:\Windows\System\TYaagUZ.exe
  2⤵
  PID:14180
- C:\Windows\System\LbxeMzO.exe
  C:\Windows\System\LbxeMzO.exe
  2⤵
  PID:14208
- C:\Windows\System\FtOsCfo.exe
  C:\Windows\System\FtOsCfo.exe
  2⤵
  PID:14236
- C:\Windows\System\joaPNgw.exe
  C:\Windows\System\joaPNgw.exe
  2⤵
  PID:14276
- C:\Windows\System\kqDmvuv.exe
  C:\Windows\System\kqDmvuv.exe
  2⤵
  PID:7772
- C:\Windows\System\xxPSqBX.exe
  C:\Windows\System\xxPSqBX.exe
  2⤵
  PID:7860
- C:\Windows\System\zgVYASe.exe
  C:\Windows\System\zgVYASe.exe
  2⤵
  PID:14312
- C:\Windows\System\OvMTBko.exe
  C:\Windows\System\OvMTBko.exe
  2⤵
  PID:7544
- C:\Windows\System\nrLwmKX.exe
  C:\Windows\System\nrLwmKX.exe
  2⤵
  PID:8860
- C:\Windows\System\ymbfyAo.exe
  C:\Windows\System\ymbfyAo.exe
  2⤵
  PID:11228
- C:\Windows\System\DOPSUAb.exe
  C:\Windows\System\DOPSUAb.exe
  2⤵
  PID:7948
- C:\Windows\System\GFPGsCI.exe
  C:\Windows\System\GFPGsCI.exe
  2⤵
  PID:13452
- C:\Windows\System\iFWdCSk.exe
  C:\Windows\System\iFWdCSk.exe
  2⤵
  PID:6996
- C:\Windows\System\GZMjvCE.exe
  C:\Windows\System\GZMjvCE.exe
  2⤵
  PID:10528
- C:\Windows\System\DRAMFuG.exe
  C:\Windows\System\DRAMFuG.exe
  2⤵
  PID:8612
- C:\Windows\System\wsKeSxa.exe
  C:\Windows\System\wsKeSxa.exe
  2⤵
  PID:13624
- C:\Windows\System\MORCzIq.exe
  C:\Windows\System\MORCzIq.exe
  2⤵
  PID:8732
- C:\Windows\System\NBWPgze.exe
  C:\Windows\System\NBWPgze.exe
  2⤵
  PID:9704
- C:\Windows\System\joVYPNL.exe
  C:\Windows\System\joVYPNL.exe
  2⤵
  PID:8900
- C:\Windows\System\OdNtLGZ.exe
  C:\Windows\System\OdNtLGZ.exe
  2⤵
  PID:8960
- C:\Windows\System\iWnGItO.exe
  C:\Windows\System\iWnGItO.exe
  2⤵
  PID:9032
- C:\Windows\System\egcXgeh.exe
  C:\Windows\System\egcXgeh.exe
  2⤵
  PID:9016
- C:\Windows\System\JBehdlJ.exe
  C:\Windows\System\JBehdlJ.exe
  2⤵
  PID:7120
- C:\Windows\System\NfQonMA.exe
  C:\Windows\System\NfQonMA.exe
  2⤵
  PID:8472
- C:\Windows\System\oXoxnSn.exe
  C:\Windows\System\oXoxnSn.exe
  2⤵
  PID:13868
- C:\Windows\System\ahoZgeL.exe
  C:\Windows\System\ahoZgeL.exe
  2⤵
  PID:8676
- C:\Windows\System\ACrrMEa.exe
  C:\Windows\System\ACrrMEa.exe
  2⤵
  PID:8908
- C:\Windows\System\GxOWfkk.exe
  C:\Windows\System\GxOWfkk.exe
  2⤵
  PID:11356
- C:\Windows\System\PHaQnuo.exe
  C:\Windows\System\PHaQnuo.exe
  2⤵
  PID:10600
- C:\Windows\System\xgwPIUo.exe
  C:\Windows\System\xgwPIUo.exe
  2⤵
  PID:4388
- C:\Windows\System\cBbgKgL.exe
  C:\Windows\System\cBbgKgL.exe
  2⤵
  PID:3656
- C:\Windows\System\JoZGCfe.exe
  C:\Windows\System\JoZGCfe.exe
  2⤵
  PID:13976
- C:\Windows\System\aVUZbLV.exe
  C:\Windows\System\aVUZbLV.exe
  2⤵
  PID:7292
- C:\Windows\System\LhqsUzo.exe
  C:\Windows\System\LhqsUzo.exe
  2⤵
  PID:10748
- C:\Windows\System\RaRSYMF.exe
  C:\Windows\System\RaRSYMF.exe
  2⤵
  PID:9488
- C:\Windows\System\spmyhun.exe
  C:\Windows\System\spmyhun.exe
  2⤵
  PID:9536
- C:\Windows\System\mwMKrsg.exe
  C:\Windows\System\mwMKrsg.exe
  2⤵
  PID:14156
- C:\Windows\System\oOniHbF.exe
  C:\Windows\System\oOniHbF.exe
  2⤵
  PID:9788
- C:\Windows\System\pNMjRUK.exe
  C:\Windows\System\pNMjRUK.exe
  2⤵
  PID:4992
- C:\Windows\System\NRwOHuU.exe
  C:\Windows\System\NRwOHuU.exe
  2⤵
  PID:14252
- C:\Windows\System\DdnpRDO.exe
  C:\Windows\System\DdnpRDO.exe
  2⤵
  PID:11336
- C:\Windows\System\ZNisCQa.exe
  C:\Windows\System\ZNisCQa.exe
  2⤵
  PID:14296
- C:\Windows\System\VOHfGoO.exe
  C:\Windows\System\VOHfGoO.exe
  2⤵
  PID:14328
- C:\Windows\System\vqSWoWT.exe
  C:\Windows\System\vqSWoWT.exe
  2⤵
  PID:14316
- C:\Windows\System\izGEyQj.exe
  C:\Windows\System\izGEyQj.exe
  2⤵
  PID:3844
- C:\Windows\System\kFoHJWt.exe
  C:\Windows\System\kFoHJWt.exe
  2⤵
  PID:11168
- C:\Windows\System\AgPniUX.exe
  C:\Windows\System\AgPniUX.exe
  2⤵
  PID:11532
- C:\Windows\System\uNHAFsC.exe
  C:\Windows\System\uNHAFsC.exe
  2⤵
  PID:7180
- C:\Windows\System\tSGpLsm.exe
  C:\Windows\System\tSGpLsm.exe
  2⤵
  PID:10432
- C:\Windows\System\cTqSKWo.exe
  C:\Windows\System\cTqSKWo.exe
  2⤵
  PID:13548
- C:\Windows\System\nvPHMfP.exe
  C:\Windows\System\nvPHMfP.exe
  2⤵
  PID:10160
- C:\Windows\System\ffTdDgf.exe
  C:\Windows\System\ffTdDgf.exe
  2⤵
  PID:10716
- C:\Windows\System\qRNGmuu.exe
  C:\Windows\System\qRNGmuu.exe
  2⤵
  PID:10868
- C:\Windows\System\DVKowaO.exe
  C:\Windows\System\DVKowaO.exe
  2⤵
  PID:4256
- C:\Windows\System\QFDjTMV.exe
  C:\Windows\System\QFDjTMV.exe
  2⤵
  PID:8976
- C:\Windows\System\gTjTFhx.exe
  C:\Windows\System\gTjTFhx.exe
  2⤵
  PID:12072
- C:\Windows\System\lhWeuFo.exe
  C:\Windows\System\lhWeuFo.exe
  2⤵
  PID:10300
- C:\Windows\System\yABavbH.exe
  C:\Windows\System\yABavbH.exe
  2⤵
  PID:10412
- C:\Windows\System\bzuoFna.exe
  C:\Windows\System\bzuoFna.exe
  2⤵
  PID:12264
- C:\Windows\System\BhgyEBH.exe
  C:\Windows\System\BhgyEBH.exe
  2⤵
  PID:8320
- C:\Windows\System\OZxFSlm.exe
  C:\Windows\System\OZxFSlm.exe
  2⤵
  PID:10636
- C:\Windows\System\BZVDUbr.exe
  C:\Windows\System\BZVDUbr.exe
  2⤵
  PID:6508
- C:\Windows\System\neoAHlv.exe
  C:\Windows\System\neoAHlv.exe
  2⤵
  PID:11664
- C:\Windows\System\PeZIPer.exe
  C:\Windows\System\PeZIPer.exe
  2⤵
  PID:688
- C:\Windows\System\mlwtAxe.exe
  C:\Windows\System\mlwtAxe.exe
  2⤵
  PID:11940
- C:\Windows\System\jxRODIP.exe
  C:\Windows\System\jxRODIP.exe
  2⤵
  PID:3676
- C:\Windows\System\TmkwfBo.exe
  C:\Windows\System\TmkwfBo.exe
  2⤵
  PID:7460
- C:\Windows\System\kEjYDzd.exe
  C:\Windows\System\kEjYDzd.exe
  2⤵
  PID:9400
- C:\Windows\System\FwlzDJk.exe
  C:\Windows\System\FwlzDJk.exe
  2⤵
  PID:9580
- C:\Windows\System\npLzDvx.exe
  C:\Windows\System\npLzDvx.exe
  2⤵
  PID:7796
- C:\Windows\System\IbAjPEl.exe
  C:\Windows\System\IbAjPEl.exe
  2⤵
  PID:11452
- C:\Windows\System\PjErekc.exe
  C:\Windows\System\PjErekc.exe
  2⤵
  PID:7340
- C:\Windows\System\lcGfbey.exe
  C:\Windows\System\lcGfbey.exe
  2⤵
  PID:10052
- C:\Windows\System\wODtnOz.exe
  C:\Windows\System\wODtnOz.exe
  2⤵
  PID:5388
- C:\Windows\System\vLxKvez.exe
  C:\Windows\System\vLxKvez.exe
  2⤵
  PID:7184
- C:\Windows\System\cenzKtj.exe
  C:\Windows\System\cenzKtj.exe
  2⤵
  PID:12076
- C:\Windows\System\FtgUYCW.exe
  C:\Windows\System\FtgUYCW.exe
  2⤵
  PID:13476
- C:\Windows\System\xuKtZzO.exe
  C:\Windows\System\xuKtZzO.exe
  2⤵
  PID:10032
- C:\Windows\System\XYByvey.exe
  C:\Windows\System\XYByvey.exe
  2⤵
  PID:10976
- C:\Windows\System\oyKMCUT.exe
  C:\Windows\System\oyKMCUT.exe
  2⤵
  PID:10808
- C:\Windows\System\QfrjXFt.exe
  C:\Windows\System\QfrjXFt.exe
  2⤵
  PID:11060
- C:\Windows\System\pNartzW.exe
  C:\Windows\System\pNartzW.exe
  2⤵
  PID:9728
- C:\Windows\System\eizbjiP.exe
  C:\Windows\System\eizbjiP.exe
  2⤵
  PID:12044
- C:\Windows\System\LRILwGH.exe
  C:\Windows\System\LRILwGH.exe
  2⤵
  PID:13744
- C:\Windows\System\uAmAuNT.exe
  C:\Windows\System\uAmAuNT.exe
  2⤵
  PID:12128
- C:\Windows\System\wNBOUOI.exe
  C:\Windows\System\wNBOUOI.exe
  2⤵
  PID:5840
- C:\Windows\System\fxTiDLu.exe
  C:\Windows\System\fxTiDLu.exe
  2⤵
  PID:5980
- C:\Windows\System\ZMCSetY.exe
  C:\Windows\System\ZMCSetY.exe
  2⤵
  PID:10292
- C:\Windows\System\QBwWSvZ.exe
  C:\Windows\System\QBwWSvZ.exe
  2⤵
  PID:6100
- C:\Windows\System\LCVJFFh.exe
  C:\Windows\System\LCVJFFh.exe
  2⤵
  PID:5392
- C:\Windows\System\ZzDJlSD.exe
  C:\Windows\System\ZzDJlSD.exe
  2⤵
  PID:10640
- C:\Windows\System\BqugxEJ.exe
  C:\Windows\System\BqugxEJ.exe
  2⤵
  PID:10844
- C:\Windows\System\SYuFvey.exe
  C:\Windows\System\SYuFvey.exe
  2⤵
  PID:7192
- C:\Windows\System\vpmmnNB.exe
  C:\Windows\System\vpmmnNB.exe
  2⤵
  PID:12104
- C:\Windows\System\lonOCMv.exe
  C:\Windows\System\lonOCMv.exe
  2⤵
  PID:7776
- C:\Windows\System\GTJqxBt.exe
  C:\Windows\System\GTJqxBt.exe
  2⤵
  PID:3480
- C:\Windows\System\yAPKZDs.exe
  C:\Windows\System\yAPKZDs.exe
  2⤵
  PID:11064
- C:\Windows\System\YVOhVYX.exe
  C:\Windows\System\YVOhVYX.exe
  2⤵
  PID:12516
- C:\Windows\System\PMrtFih.exe
  C:\Windows\System\PMrtFih.exe
  2⤵
  PID:12596
- C:\Windows\System\bJlCfbY.exe
  C:\Windows\System\bJlCfbY.exe
  2⤵
  PID:12636
- C:\Windows\System\eErbcuK.exe
  C:\Windows\System\eErbcuK.exe
  2⤵
  PID:11172
- C:\Windows\System\zWxkLRr.exe
  C:\Windows\System\zWxkLRr.exe
  2⤵
  PID:9232
- C:\Windows\System\SeYmGZT.exe
  C:\Windows\System\SeYmGZT.exe
  2⤵
  PID:9696
- C:\Windows\System\LBVoiHv.exe
  C:\Windows\System\LBVoiHv.exe
  2⤵
  PID:13564
- C:\Windows\System\XnFrqNh.exe
  C:\Windows\System\XnFrqNh.exe
  2⤵
  PID:10720
- C:\Windows\System\iZCspbd.exe
  C:\Windows\System\iZCspbd.exe
  2⤵
  PID:11400
- C:\Windows\System\zibdrtt.exe
  C:\Windows\System\zibdrtt.exe
  2⤵
  PID:4220
- C:\Windows\System\BpToYJv.exe
  C:\Windows\System\BpToYJv.exe
  2⤵
  PID:13152
- C:\Windows\System\DTbhXoU.exe
  C:\Windows\System\DTbhXoU.exe
  2⤵
  PID:11444
- C:\Windows\System\jkRNIBn.exe
  C:\Windows\System\jkRNIBn.exe
  2⤵
  PID:11236
- C:\Windows\System\zsHDTxy.exe
  C:\Windows\System\zsHDTxy.exe
  2⤵
  PID:1524
- C:\Windows\System\iYEClKp.exe
  C:\Windows\System\iYEClKp.exe
  2⤵
  PID:3588
- C:\Windows\System\xZkbRJr.exe
  C:\Windows\System\xZkbRJr.exe
  2⤵
  PID:13084
- C:\Windows\System\ANUSgdf.exe
  C:\Windows\System\ANUSgdf.exe
  2⤵
  PID:10812
- C:\Windows\System\BygVVWc.exe
  C:\Windows\System\BygVVWc.exe
  2⤵
  PID:10632
- C:\Windows\System\DWJtQVx.exe
  C:\Windows\System\DWJtQVx.exe
  2⤵
  PID:11112
- C:\Windows\System\JUVEIwg.exe
  C:\Windows\System\JUVEIwg.exe
  2⤵
  PID:12528
- C:\Windows\System\XhGtKSc.exe
  C:\Windows\System\XhGtKSc.exe
  2⤵
  PID:6708
- C:\Windows\System\bnixzOw.exe
  C:\Windows\System\bnixzOw.exe
  2⤵
  PID:9472
- C:\Windows\System\qrvbXPw.exe
  C:\Windows\System\qrvbXPw.exe
  2⤵
  PID:11276
- C:\Windows\System\fkZGwoP.exe
  C:\Windows\System\fkZGwoP.exe
  2⤵
  PID:11324
- C:\Windows\System\JFptTsh.exe
  C:\Windows\System\JFptTsh.exe
  2⤵
  PID:7016
- C:\Windows\System\NrIEVFm.exe
  C:\Windows\System\NrIEVFm.exe
  2⤵
  PID:7072
- C:\Windows\System\skxJEMR.exe
  C:\Windows\System\skxJEMR.exe
  2⤵
  PID:12676
- C:\Windows\System\CNfgROP.exe
  C:\Windows\System\CNfgROP.exe
  2⤵
  PID:10788
- C:\Windows\System\inQKrqC.exe
  C:\Windows\System\inQKrqC.exe
  2⤵
  PID:11576
- C:\Windows\System\zAnBPaI.exe
  C:\Windows\System\zAnBPaI.exe
  2⤵
  PID:5304
- C:\Windows\System\IeAEfGH.exe
  C:\Windows\System\IeAEfGH.exe
  2⤵
  PID:9924
- C:\Windows\System\yWAbENz.exe
  C:\Windows\System\yWAbENz.exe
  2⤵
  PID:11676
- C:\Windows\System\pzOQFoM.exe
  C:\Windows\System\pzOQFoM.exe
  2⤵
  PID:11744
- C:\Windows\System\IxaHpRl.exe
  C:\Windows\System\IxaHpRl.exe
  2⤵
  PID:3032
- C:\Windows\System\KtNWtqu.exe
  C:\Windows\System\KtNWtqu.exe
  2⤵
  PID:12668
- C:\Windows\System\xKMnZNj.exe
  C:\Windows\System\xKMnZNj.exe
  2⤵
  PID:9132
- C:\Windows\System\sQOUayO.exe
  C:\Windows\System\sQOUayO.exe
  2⤵
  PID:10468
- C:\Windows\System\mbEkBwk.exe
  C:\Windows\System\mbEkBwk.exe
  2⤵
  PID:748
- C:\Windows\System\jeHOstF.exe
  C:\Windows\System\jeHOstF.exe
  2⤵
  PID:2900
- C:\Windows\System\rqosAsq.exe
  C:\Windows\System\rqosAsq.exe
  2⤵
  PID:12692
- C:\Windows\System\TfmIyyK.exe
  C:\Windows\System\TfmIyyK.exe
  2⤵
  PID:12220
- C:\Windows\System\jaTyHnV.exe
  C:\Windows\System\jaTyHnV.exe
  2⤵
  PID:12968
- C:\Windows\System\mAyRsjt.exe
  C:\Windows\System\mAyRsjt.exe
  2⤵
  PID:11320
- C:\Windows\System\DcCjrqm.exe
  C:\Windows\System\DcCjrqm.exe
  2⤵
  PID:11464
- C:\Windows\System\IqfTgVK.exe
  C:\Windows\System\IqfTgVK.exe
  2⤵
  PID:10452
- C:\Windows\System\hMwqrdZ.exe
  C:\Windows\System\hMwqrdZ.exe
  2⤵
  PID:6344
- C:\Windows\System\IGvJrRX.exe
  C:\Windows\System\IGvJrRX.exe
  2⤵
  PID:7864
- C:\Windows\System\dAqCWiw.exe
  C:\Windows\System\dAqCWiw.exe
  2⤵
  PID:6620
- C:\Windows\System\taFIENz.exe
  C:\Windows\System\taFIENz.exe
  2⤵
  PID:3044
- C:\Windows\System\HfopVni.exe
  C:\Windows\System\HfopVni.exe
  2⤵
  PID:12940
- C:\Windows\System\BMNBEEt.exe
  C:\Windows\System\BMNBEEt.exe
  2⤵
  PID:860
- C:\Windows\System\VVilpJu.exe
  C:\Windows\System\VVilpJu.exe
  2⤵
  PID:12548
- C:\Windows\System\ZNfxFOo.exe
  C:\Windows\System\ZNfxFOo.exe
  2⤵
  PID:10244
- C:\Windows\System\edrIFwL.exe
  C:\Windows\System\edrIFwL.exe
  2⤵
  PID:4372
- C:\Windows\System\JQbrSrC.exe
  C:\Windows\System\JQbrSrC.exe
  2⤵
  PID:2032
- C:\Windows\System\NsmmQUo.exe
  C:\Windows\System\NsmmQUo.exe
  2⤵
  PID:3704
- C:\Windows\System\AcwCRYk.exe
  C:\Windows\System\AcwCRYk.exe
  2⤵
  PID:2164
- C:\Windows\System\kbTbHZh.exe
  C:\Windows\System\kbTbHZh.exe
  2⤵
  PID:12152
- C:\Windows\System\KgswLjd.exe
  C:\Windows\System\KgswLjd.exe
  2⤵
  PID:11888
- C:\Windows\System\cIPGhge.exe
  C:\Windows\System\cIPGhge.exe
  2⤵
  PID:12932
- C:\Windows\System\sMJhobJ.exe
  C:\Windows\System\sMJhobJ.exe
  2⤵
  PID:12016
- C:\Windows\System\cfJKCus.exe
  C:\Windows\System\cfJKCus.exe
  2⤵
  PID:12204
- C:\Windows\System\PJEKpnL.exe
  C:\Windows\System\PJEKpnL.exe
  2⤵
  PID:11628
- C:\Windows\System\PPMMxma.exe
  C:\Windows\System\PPMMxma.exe
  2⤵
  PID:12024
- C:\Windows\System\KtJAFvK.exe
  C:\Windows\System\KtJAFvK.exe
  2⤵
  PID:5612
- C:\Windows\System\HlFgYnL.exe
  C:\Windows\System\HlFgYnL.exe
  2⤵
  PID:9084
- C:\Windows\System\IurbELJ.exe
  C:\Windows\System\IurbELJ.exe
  2⤵
  PID:8012
- C:\Windows\System\yvCfWIi.exe
  C:\Windows\System\yvCfWIi.exe
  2⤵
  PID:2448
- C:\Windows\System\WkiPwkG.exe
  C:\Windows\System\WkiPwkG.exe
  2⤵
  PID:2416
- C:\Windows\System\VgNwtJY.exe
  C:\Windows\System\VgNwtJY.exe
  2⤵
  PID:6288
- C:\Windows\System\VjvZHcj.exe
  C:\Windows\System\VjvZHcj.exe
  2⤵
  PID:8412
- C:\Windows\System\YtWGOBR.exe
  C:\Windows\System\YtWGOBR.exe
  2⤵
  PID:9172
- C:\Windows\System\ouHOEpg.exe
  C:\Windows\System\ouHOEpg.exe
  2⤵
  PID:11540
- C:\Windows\System\IUePFHv.exe
  C:\Windows\System\IUePFHv.exe
  2⤵
  PID:3880
- C:\Windows\System\AqnXfyc.exe
  C:\Windows\System\AqnXfyc.exe
  2⤵
  PID:9028
- C:\Windows\System\mlrZxkP.exe
  C:\Windows\System\mlrZxkP.exe
  2⤵
  PID:9224
- C:\Windows\System\UxLLztY.exe
  C:\Windows\System\UxLLztY.exe
  2⤵
  PID:12052
- C:\Windows\System\ENJCktW.exe
  C:\Windows\System\ENJCktW.exe
  2⤵
  PID:5452
- C:\Windows\System\RJUjSBi.exe
  C:\Windows\System\RJUjSBi.exe
  2⤵
  PID:8656
- C:\Windows\System\vFVLZkw.exe
  C:\Windows\System\vFVLZkw.exe
  2⤵
  PID:6040
- C:\Windows\System\ZAsJiDG.exe
  C:\Windows\System\ZAsJiDG.exe
  2⤵
  PID:12300
- C:\Windows\System\yodLDGU.exe
  C:\Windows\System\yodLDGU.exe
  2⤵
  PID:5892
- C:\Windows\System\IKpfgMc.exe
  C:\Windows\System\IKpfgMc.exe
  2⤵
  PID:11620
- C:\Windows\System\gLxdEXA.exe
  C:\Windows\System\gLxdEXA.exe
  2⤵
  PID:6068
- C:\Windows\System\lMdBRKY.exe
  C:\Windows\System\lMdBRKY.exe
  2⤵
  PID:6012
- C:\Windows\System\OZHPiew.exe
  C:\Windows\System\OZHPiew.exe
  2⤵
  PID:12496
- C:\Windows\System\AuDuFBG.exe
  C:\Windows\System\AuDuFBG.exe
  2⤵
  PID:12620
- C:\Windows\System\ebmQdWJ.exe
  C:\Windows\System\ebmQdWJ.exe
  2⤵
  PID:14348
- C:\Windows\System\RXbFXcw.exe
  C:\Windows\System\RXbFXcw.exe
  2⤵
  PID:14376
- C:\Windows\System\FDOXygg.exe
  C:\Windows\System\FDOXygg.exe
  2⤵
  PID:14404
- C:\Windows\System\VFEKqSg.exe
  C:\Windows\System\VFEKqSg.exe
  2⤵
  PID:14436
- C:\Windows\System\SAZilry.exe
  C:\Windows\System\SAZilry.exe
  2⤵
  PID:14460
- C:\Windows\System\bsSoUOu.exe
  C:\Windows\System\bsSoUOu.exe
  2⤵
  PID:14488
- C:\Windows\System\fIwrySs.exe
  C:\Windows\System\fIwrySs.exe
  2⤵
  PID:14516
- C:\Windows\System\TlooHPZ.exe
  C:\Windows\System\TlooHPZ.exe
  2⤵
  PID:14536
- C:\Windows\System\TsWKiLP.exe
  C:\Windows\System\TsWKiLP.exe
  2⤵
  PID:14572
- C:\Windows\System\bumwzaR.exe
  C:\Windows\System\bumwzaR.exe
  2⤵
  PID:14600
- C:\Windows\System\YjUWsNM.exe
  C:\Windows\System\YjUWsNM.exe
  2⤵
  PID:14632
- C:\Windows\System\VKSWNno.exe
  C:\Windows\System\VKSWNno.exe
  2⤵
  PID:14656
- C:\Windows\System\wCHvMqw.exe
  C:\Windows\System\wCHvMqw.exe
  2⤵
  PID:14684
- C:\Windows\System\ASpkaFA.exe
  C:\Windows\System\ASpkaFA.exe
  2⤵
  PID:14716
- C:\Windows\System\JbqKOLr.exe
  C:\Windows\System\JbqKOLr.exe
  2⤵
  PID:14744
- C:\Windows\System\uDXJfjB.exe
  C:\Windows\System\uDXJfjB.exe
  2⤵
  PID:14772
- C:\Windows\System\zpPyUal.exe
  C:\Windows\System\zpPyUal.exe
  2⤵
  PID:14800
- C:\Windows\System\MEKUsCe.exe
  C:\Windows\System\MEKUsCe.exe
  2⤵
  PID:14828
- C:\Windows\System\tQFqQaq.exe
  C:\Windows\System\tQFqQaq.exe
  2⤵
  PID:14856
- C:\Windows\System\CGbdAwY.exe
  C:\Windows\System\CGbdAwY.exe
  2⤵
  PID:14884
- C:\Windows\System\EOBZHiH.exe
  C:\Windows\System\EOBZHiH.exe
  2⤵
  PID:14912
- C:\Windows\System\dQVNwbY.exe
  C:\Windows\System\dQVNwbY.exe
  2⤵
  PID:14940
- C:\Windows\System\gBOfwqg.exe
  C:\Windows\System\gBOfwqg.exe
  2⤵
  PID:14960
- C:\Windows\System\WtzGlmV.exe
  C:\Windows\System\WtzGlmV.exe
  2⤵
  PID:14996
- C:\Windows\System\wOUPFwi.exe
  C:\Windows\System\wOUPFwi.exe
  2⤵
  PID:15028
- C:\Windows\System\bXPzgSw.exe
  C:\Windows\System\bXPzgSw.exe
  2⤵
  PID:15052
- C:\Windows\System\keRrvKf.exe
  C:\Windows\System\keRrvKf.exe
  2⤵
  PID:15080
- C:\Windows\System\YRtyrtI.exe
  C:\Windows\System\YRtyrtI.exe
  2⤵
  PID:15108
- C:\Windows\System\SRzTRmS.exe
  C:\Windows\System\SRzTRmS.exe
  2⤵
  PID:15140
- C:\Windows\System\RnMnPKT.exe
  C:\Windows\System\RnMnPKT.exe
  2⤵
  PID:15168
- C:\Windows\System\TdRLaHx.exe
  C:\Windows\System\TdRLaHx.exe
  2⤵
  PID:15184
- C:\Windows\System\TOFwcCq.exe
  C:\Windows\System\TOFwcCq.exe
  2⤵
  PID:15220
- C:\Windows\System\zoDignC.exe
  C:\Windows\System\zoDignC.exe
  2⤵
  PID:15248
- C:\Windows\System\LrRdggK.exe
  C:\Windows\System\LrRdggK.exe
  2⤵
  PID:15280
- C:\Windows\System\SevUeUi.exe
  C:\Windows\System\SevUeUi.exe
  2⤵
  PID:15304
- C:\Windows\System\PzVCLMu.exe
  C:\Windows\System\PzVCLMu.exe
  2⤵
  PID:15336
- C:\Windows\System\lKbeMZw.exe
  C:\Windows\System\lKbeMZw.exe
  2⤵
  PID:14340
- C:\Windows\System\YmwoZRW.exe
  C:\Windows\System\YmwoZRW.exe
  2⤵
  PID:12812
- C:\Windows\System\zzhwxTk.exe
  C:\Windows\System\zzhwxTk.exe
  2⤵
  PID:14396
- C:\Windows\System\SVYeGaa.exe
  C:\Windows\System\SVYeGaa.exe
  2⤵
  PID:14444
- C:\Windows\System\NjDgRbl.exe
  C:\Windows\System\NjDgRbl.exe
  2⤵
  PID:14472
- C:\Windows\System\JOlBEpx.exe
  C:\Windows\System\JOlBEpx.exe
  2⤵
  PID:14508
- C:\Windows\System\iAzfgiA.exe
  C:\Windows\System\iAzfgiA.exe
  2⤵
  PID:14568
- C:\Windows\System\FgziEtK.exe
  C:\Windows\System\FgziEtK.exe
  2⤵
  PID:14640
- C:\Windows\System\FIlPWvh.exe
  C:\Windows\System\FIlPWvh.exe
  2⤵
  PID:14728
- C:\Windows\System\kJvZLAU.exe
  C:\Windows\System\kJvZLAU.exe
  2⤵
  PID:14764
- C:\Windows\System\QHUXzrp.exe
  C:\Windows\System\QHUXzrp.exe
  2⤵
  PID:14824
- C:\Windows\System\xIZmwym.exe
  C:\Windows\System\xIZmwym.exe
  2⤵
  PID:14896
- C:\Windows\System\qsoAmjE.exe
  C:\Windows\System\qsoAmjE.exe
  2⤵
  PID:13244
- C:\Windows\System\fwnaWVz.exe
  C:\Windows\System\fwnaWVz.exe
  2⤵
  PID:13252
- C:\Windows\System\QhfYNmi.exe
  C:\Windows\System\QhfYNmi.exe
  2⤵
  PID:14980
- C:\Windows\System\JidgdKp.exe
  C:\Windows\System\JidgdKp.exe
  2⤵
  PID:6452
- C:\Windows\System\NeDyjdk.exe
  C:\Windows\System\NeDyjdk.exe
  2⤵
  PID:15076
- C:\Windows\System\xkxMAWH.exe
  C:\Windows\System\xkxMAWH.exe
  2⤵
  PID:12760
- C:\Windows\System\ByOiPQh.exe
  C:\Windows\System\ByOiPQh.exe
  2⤵
  PID:15196
- C:\Windows\System\TJFnBYB.exe
  C:\Windows\System\TJFnBYB.exe
  2⤵
  PID:15244
- C:\Windows\System\exgUluM.exe
  C:\Windows\System\exgUluM.exe
  2⤵
  PID:15272
- C:\Windows\System\fHuBOTN.exe
  C:\Windows\System\fHuBOTN.exe
  2⤵
  PID:15348
- C:\Windows\System\KtPkiea.exe
  C:\Windows\System\KtPkiea.exe
  2⤵
  PID:6420
- C:\Windows\System\GbkSqaW.exe
  C:\Windows\System\GbkSqaW.exe
  2⤵
  PID:12948
- C:\Windows\System\RoGSpOO.exe
  C:\Windows\System\RoGSpOO.exe
  2⤵
  PID:14624
- C:\Windows\System\HCNhWPS.exe
  C:\Windows\System\HCNhWPS.exe
  2⤵
  PID:13240
- C:\Windows\System\DcKwUMH.exe
  C:\Windows\System\DcKwUMH.exe
  2⤵
  PID:14760
- C:\Windows\System\MPzJZst.exe
  C:\Windows\System\MPzJZst.exe
  2⤵
  PID:12788
- C:\Windows\System\vTdYmmk.exe
  C:\Windows\System\vTdYmmk.exe
  2⤵
  PID:13308
- C:\Windows\System\OKHHueO.exe
  C:\Windows\System\OKHHueO.exe
  2⤵
  PID:14968
- C:\Windows\System\xkoqoAQ.exe
  C:\Windows\System\xkoqoAQ.exe
  2⤵
  PID:5564
- C:\Windows\System\vOCEgfz.exe
  C:\Windows\System\vOCEgfz.exe
  2⤵
  PID:7036
- C:\Windows\System\QOUkelc.exe
  C:\Windows\System\QOUkelc.exe
  2⤵
  PID:15268
- C:\Windows\System\LXRPufB.exe
  C:\Windows\System\LXRPufB.exe
  2⤵
  PID:12832
- C:\Windows\System\Nwjgxsh.exe
  C:\Windows\System\Nwjgxsh.exe
  2⤵
  PID:14500
- C:\Windows\System\OffsJoa.exe
  C:\Windows\System\OffsJoa.exe
  2⤵
  PID:13256
- C:\Windows\System\KaaWcwE.exe
  C:\Windows\System\KaaWcwE.exe
  2⤵
  PID:14812
- C:\Windows\System\feoJzXe.exe
  C:\Windows\System\feoJzXe.exe
  2⤵
  PID:14904
- C:\Windows\System\HTqEUaS.exe
  C:\Windows\System\HTqEUaS.exe
  2⤵
  PID:7344
- C:\Windows\System\BUlsFfV.exe
  C:\Windows\System\BUlsFfV.exe
  2⤵
  PID:12752
- C:\Windows\System\bNTzMfw.exe
  C:\Windows\System\bNTzMfw.exe
  2⤵
  PID:7252
- C:\Windows\System\ISFoLZh.exe
  C:\Windows\System\ISFoLZh.exe
  2⤵
  PID:4452
- C:\Windows\System\dYbCSwH.exe
  C:\Windows\System\dYbCSwH.exe
  2⤵
  PID:12296
- C:\Windows\System\UIfUrhH.exe
  C:\Windows\System\UIfUrhH.exe
  2⤵
  PID:6464
- C:\Windows\System\bIluAix.exe
  C:\Windows\System\bIluAix.exe
  2⤵
  PID:6844
- C:\Windows\System\hyZXCfV.exe
  C:\Windows\System\hyZXCfV.exe
  2⤵
  PID:14932
- C:\Windows\System\fwLNalE.exe
  C:\Windows\System\fwLNalE.exe
  2⤵
  PID:7960
- C:\Windows\System\siWfcDy.exe
  C:\Windows\System\siWfcDy.exe
  2⤵
  PID:2732
- C:\Windows\System\liDLdrf.exe
  C:\Windows\System\liDLdrf.exe
  2⤵
  PID:14424
- C:\Windows\System\uNDumKU.exe
  C:\Windows\System\uNDumKU.exe
  2⤵
  PID:14704
- C:\Windows\System\oeKqfSA.exe
  C:\Windows\System\oeKqfSA.exe
  2⤵
  PID:7228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3644 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
1⤵
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tqsetfl2.ann.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\EZJBBKS.exe

Filesize
3.2MB

MD5
60031466bd8b1e5916296633c99581e7

SHA1
20b7ddb3085f96c86271f0bafe055de7bdf67c4e

SHA256
1c3e23620ef5500fcde0c89a57e0f5fd0026a4e26764172a1dbf1e21924a50e8

SHA512
7156ac7aeae4b3bbba7444901b6ec63ed81a001c79f939551329d6b9c36da4a8ea1300efb802a3daa29033a67892505a3e8248a0910e712a022eb50d28389b0b

Download Submit
C:\Windows\System\GTEFEYD.exe

Filesize
3.2MB

MD5
ddde2316cbb7418a97d0bbd35e66d9a0

SHA1
270e3d76dd1a825818f25bf3ee2d2bdbd3a99286

SHA256
293f55c7125f9644234651c2a4d42031d621db8b41845d9874add96953b18dab

SHA512
216dec65ac1e39a402b93da20cdca48316166f5101040883fa94477ccd767e3aaff8db640c8822dd6e6785018666bfa42722e5a2c9f9bdd59d1d18e9d1171e0a

Download Submit
C:\Windows\System\GeUbKOo.exe

Filesize
3.2MB

MD5
1e9761a6933b7a04de9fb60208b1d921

SHA1
ff5c210c5e90be7de335a84c1a99f013588881a1

SHA256
0a6c4409defedd87e936985f8fb92ba7823fdf4e1c32d855ecbab9bca7e86701

SHA512
4f49d3de944760d2c9dae8311a8138e885e6ffed2a4bcc4282fd70700f6aa7f3257dd94fe8fd3139c58f62d42d81c0afae87c017922817898921624dbab4c560

Download Submit
C:\Windows\System\KVoAOBJ.exe

Filesize
3.2MB

MD5
bb14b1fd5a1a18ab50645888a395710e

SHA1
a318f6bd7360ca0ea83a488110b901cc869146cd

SHA256
f4013bba27fbe496be2b5c0a8564fd90b420e08abb54e2c4155d3e061e8171d7

SHA512
ebfbb1ae82c38ca13a35e987bb521261d5bfc0dcc6e7e31889a0cdd88d18d085a86e283f50e5ffd195dd359dd4358e66586401f003dac249b88c22546f2f1db2

Download Submit
C:\Windows\System\KbiqYyn.exe

Filesize
3.2MB

MD5
574745d0b9672b13f5d7269a199e3020

SHA1
40251365a36e2bcf02aeb1e786649c831090b230

SHA256
9a30eea2cf3e877b135c099614b9281d04b4b19706cec8cce4895547e19de867

SHA512
8e404a02e949289052693405957b2305a2df7510315c34fa8a6ff6347407c831fbbcd7f69d503db79ca5b68d5f77d4c5a54de33174f4c57232798e9da3319c4b

Download Submit
C:\Windows\System\MJJhINr.exe

Filesize
3.2MB

MD5
438a86bda4cc929277882cc393182912

SHA1
efdc3a159718e0924ff625f89094896688a7d835

SHA256
85dc3f57dbc7488a7af7c5024af1666f610e00b7f662b54b48750fd6cad287b5

SHA512
a82d378b7c1a97c33a012dc535b5a7cb6b41f3a3e97b1ab9a4d8e9afec4330403d53685ee2d42fc067cbe6a95342bb2c2c961f3438101da2b9192812c02a5ef2

Download Submit
C:\Windows\System\QIixfnz.exe

Filesize
3.2MB

MD5
0c174c39e126dd81f4b986108a4fb005

SHA1
6c3bf5280ca0259fbdb1691a83447ee7f34f0a95

SHA256
53a14338ea0a65135c344bb1f6e659d0ef6bb3543bc0a6607e7b08be944cee89

SHA512
a30feb5281adff122f1f3cb944408dda47352324486fb134427336083f1dce44c47f46b5bce022167681df019e5e5604c12eadc2227af2fec8494aea99cfff8d

Download Submit
C:\Windows\System\RKMiuuB.exe

Filesize
3.2MB

MD5
c9e5255feb12125f60000d7b726e10e0

SHA1
80f799ac163551f729459ec7c8e901ef1c310c08

SHA256
a19aee8643bb5b15d643dedc7d4bee99e0e0a7ab960bd41678daccd9532621de

SHA512
ba2d8834b2a6a482f54b24c23dfbbf00901d2d836b6b8f418abfc6ccbbc0be0688ac8ec439129904e5684c741af379120bd3aaadea831818eb6f65b8c2242865

Download Submit
C:\Windows\System\XcZOtVu.exe

Filesize
3.2MB

MD5
4d892fa893e1bee895e0119a218a6615

SHA1
382aecf9743556d8555724fea523efed224ae2e7

SHA256
d9fc6e449fd3c94778224487cba82dd1d098d748ff30dd8e065e3f66687d3fa9

SHA512
e0388d4226cf1b97c7ee795ab0f0f286fac75499bbc0a24b07cb34a1cc7dbf79c4e85f13f15fe77723d6994e7251612aa519e2908f8c523eaa3fb987d477f251

Download Submit
C:\Windows\System\ZHWNHzX.exe

Filesize
3.2MB

MD5
0d33ecf34388fbe53ccb381280063043

SHA1
f04d74643bd61c650db47d83591070d3f68664a6

SHA256
77652495589d142c98dc31f1e4770cc511fb84c574093f1c2f6838fb5d877a09

SHA512
e1678eace9bfbef019ce0c1579e962bbabda66006e3c26d58b2030c1c81891d936d1fa972bd5ca45708d82379a8b8cbafb3d5529bf3826046d34e7d420f791bb

Download Submit
C:\Windows\System\dAjPNsT.exe

Filesize
3.2MB

MD5
44bab4b8db37765ead0581c11db516ff

SHA1
17bb576915c9bc8d6e5b96c42281c34409fd6d78

SHA256
92f1c06eeb68cd34897076c1291855c8e2d77b3fbedfa6ea8e271b364f0ecf19

SHA512
408ff5adf6fa6b5a6671adfbd26acd209d2cf657ba5862ea6bf310798873027f9a889190e6d56bcd1ce347289347881f1c1b9bc6f04d1216ee1ff2e295064d3b

Download Submit
C:\Windows\System\dhuePSy.exe

Filesize
3.2MB

MD5
4d444ea01b61d210cdf80839413d5299

SHA1
7ed214d1354150c1c11ed41f727363fb43ff87cb

SHA256
ab58faff196b9acb15527471ef625fe63f75277a7466e8372d3cf23ceee86441

SHA512
31ca7aa9115abacb1f388c8c01d553122469819a8c74e4a99f27bef9eb32861f2f4f1620157f13cbdfe57c3f34c68dafa5f189d063bc2195cc1f971be36bbfe8

Download Submit
C:\Windows\System\dxagIAj.exe

Filesize
3.2MB

MD5
817292031d4aced6a02b324f3000609a

SHA1
a8794374e01c53a36d55c7620ac937a08afd00a5

SHA256
602432fff3a5a6a6900c1b004bfbd932e395b46076daf474a523468384567aeb

SHA512
1d74a0a887416921d2c94860756c95a59a7f644baaff4f43ac08273253eef4767f1d9b83f461f32f77820ce746d2ac35a126a1c648b38f70fbb59bd14e097e75

Download Submit
C:\Windows\System\fRoVciI.exe

Filesize
3.2MB

MD5
9dc41285d05dda952449ad0f2b74617f

SHA1
8ee26440b06c7fbb59ba6825b7970243dc59ad35

SHA256
1bbe55d7a059e18ff8b36a781b939d734dc2acd79f6ada778430f6f1624f67d8

SHA512
d679a9dd393103e946415aa3e68fe0cd7815c46a575807f71944f27b9aaa7fe1faee5884b3208ecfd3388981ef79c4497392fdbd8d66611fe27c1d148fadc454

Download Submit
C:\Windows\System\gwvroSe.exe

Filesize
3.2MB

MD5
ace9370f842756d9bff75a1567390de8

SHA1
db374702b67d0b12feda5a0e3dd5ffaec87c1c7b

SHA256
8fcc8e1e571c95d00d0d64d1c7d7f4b4dba61ad16721fa0c9f414b1a01fc685a

SHA512
8708cf417cae7a3c423e9e33fff5849d5e44d07b6566186c1e383c89eb4804916a9b1b168ced372e4405912a8b99f3cf7ef1bcab5e4a42ca74a8f18aef86c113

Download Submit
C:\Windows\System\hYxOhqR.exe

Filesize
3.2MB

MD5
3c95f38400585361c8d7870cede84c56

SHA1
baf435486571596c6ff84f930236ccd6a0eca3c1

SHA256
d41c9f24b13c77297524f9f5371fb5c56a6ffe188ca3691f22e2e00f0951d45a

SHA512
7e0d815df53adbea2afcb2d113224aa9a70686185ca60d925584600e1c4bfeaa8654016157f542188e34ad8b147ae7bcee64552421aed5413cbc42d61bec6e89

Download Submit
C:\Windows\System\jsGLlsx.exe

Filesize
3.2MB

MD5
5d6387b10f53f9bdd4f282d585b06fb7

SHA1
bc3341de89c625674b858760c0a0bc10ae2ec070

SHA256
1ea6d7077c610c7b1695696b4134d074d2e91480d28cb46f05e4254f6ea2b5cb

SHA512
2006e7c2f0ba8205a34aa4a40f91c54d32cd672563f8f66220e89c6d17b9661203d987de3f3b2d38b94619bc7f85ae68fc11f332b4991edea5cc8d1f26da7d96

Download Submit
C:\Windows\System\kSvhMIt.exe

Filesize
3.2MB

MD5
d5d413926547d45a575fc0fe8702e9e6

SHA1
026b239245ba31e56332cab1fc1531ce749bddee

SHA256
20d2fb73721c3dc423ccd896cea5ff640b59cba90e78a9b11efce86fab92e576

SHA512
b1bf7090e1833fd693150b6be7300bcbe75aa56e7d63b51814f1f8506a75243533c7f25da5f87347f562b605ba9cd9c7da41c7e117a30991399677e76819b8d8

Download Submit
C:\Windows\System\lRDQgko.exe

Filesize
3.2MB

MD5
07975426dbbf074ee3d02d3909765b86

SHA1
e6f827bf93b69bc4ee02e8587b42ae21be82337b

SHA256
d3a24c237160e1ea67005c1b29cd4784dbf0cef8693f1f20fb720b16b2441914

SHA512
8fd46d9efd81499cc61e004119fa045bdad0492f5532efee48b583ffcad2d283ab14ca8cbf3d2afab20f3c1aa263522089dcefb45bfe11760d2126111e97b8a2

Download Submit
C:\Windows\System\mVXxtiS.exe

Filesize
3.2MB

MD5
e149ec44520aa0430eeecdd66d4ebeae

SHA1
e8cf2e62c035a933198b11bf6af4edd025591234

SHA256
5a87979b01d4c7a6cbf6511187295ff1e9901620c751f8f7322350e0c5fada1e

SHA512
e9852368b6eb41bec6cb349ed3c67c55a4ffdc1293ae786c48cd6b31e4c5c1bda38546828cb4774fc33f2c20ffd7d7f637bba7045c482dfe5a8d76be8a68bc91

Download Submit
C:\Windows\System\mYwqzkm.exe

Filesize
3.2MB

MD5
963e79548f301597ae0da04b46248dd0

SHA1
45318dcc5ddac29037fbf709b85ac1be165e71ec

SHA256
14795fd3d7e8189fd15d5ee9336b707fa41c573184174b210ad6e34e9ee46b89

SHA512
df5e74aa64cf3f0b04a702d8783057e62a8af509ead4cda6d8ff1c0a0bef572ac475a824e58e3718702ce44a11264a304841b4fcec324711fc2f86794d1f1b52

Download Submit
C:\Windows\System\qeNxPLf.exe

Filesize
3.2MB

MD5
ae93b1656cdbd41ba76bafab122d5d6f

SHA1
e2d1e5f2cba025dcee2af693804c43efcf6b811e

SHA256
16482fbf7e8aac51d7e068dd193dd3c9d30c3817fa2c93ea3a9bc14f051c11d0

SHA512
713f84a4df934c48e24c1b98edd821cbf48ff3b00080f888426e6de2fe06476a036e8f6096d4118344f305704993a489d1116fb4b2ce97ffe2b025e858d7994f

Download Submit
C:\Windows\System\rRuvMDX.exe

Filesize
3.2MB

MD5
c0ff08ae0b67a9f30b6cae3d94b57fe6

SHA1
fbcf19828dd807f9ad1a908a4e613dcc56f01ad6

SHA256
121d39c7f760cc186f593ef6307be8b7bb26becf8ce2284dbfb8bd4350ba1756

SHA512
38ca781016a5ea88c4dca0c438a925c0a9d3650057eeaf330c95cf756b9afb9b26cdff3b2069c51e2fe2e72fd250df662b5452c5de4587df2be19c01f4c92773

Download Submit
C:\Windows\System\rztZnBj.exe

Filesize
3.2MB

MD5
e1048cbb0281817e79337f640fd54b02

SHA1
d929b050110c59a8ab8d0cedfdb8eec91aecc597

SHA256
9409465a793763b64f7076dc6110f73791bc147c97994ae1e6bab054a9739b3b

SHA512
abba6d3614e6581707a0f989acc29482e7e2942fa7a0095058292cbe2ccf48f74dfac946a1db9ec7f68e26fd883f78d573271848eaddcf51383948817426297b

Download Submit
C:\Windows\System\tIQXJlp.exe

Filesize
3.2MB

MD5
361b88833c5dc579bc4b84495f46b1e4

SHA1
0139cc5fb4e0d079cdfd70539f2a0942416d43d7

SHA256
73c1e1d6bf70a1567b61eddc97b546741ab398004ddddd889ee75535d8e7a593

SHA512
2bae5aa239de55500e596a5efff788e842538dd33be92e1ae8938e36bb172c7f032e76117a26ecc2b4b10970bd4cec4c826f63ca0ac30a5ebf71e20ad93c99d5

Download Submit
C:\Windows\System\tSQjYle.exe

Filesize
3.2MB

MD5
9d581b4ad85f2d4f466ad4841c429426

SHA1
e5e9849444169baa92dcb32a22ee55ee28dbc0c7

SHA256
2b944fe8658942fd5efbc6dc42765bc40b4f3c85fb447f38564186c94effabc2

SHA512
c340b0098bd189d0093b5fe5a04ce947fa3a7ab5f7857eba9908210ebf2436d7a6087f9464cdf00182e65703a853d1dbef84fd2cfc66a6808e5b9b961de70798

Download Submit
C:\Windows\System\uOYPuML.exe

Filesize
3.2MB

MD5
bfd2c404a33b4e49065639c8d32e427c

SHA1
b3598051d5dadd1cadd11e6b251cdabf94764130

SHA256
84fce48e88f194a4d5bcc027e01b5b66a3b094d938a4061f70d7bc3d35da74c5

SHA512
34302e14568e959f1678fa1ca4f4c35b156f3e52f4e5afe3d8cdd9ab4d3125f9e2393f31f78865c1c7f0fd3acc9cea488f95c0a78433b0a94f62d94cffb5246d

Download Submit
C:\Windows\System\vliVNSH.exe

Filesize
3.2MB

MD5
89f62d66ed0d968b1f7eca461edcb332

SHA1
ac6fda82f4fcd96c48633f1163c933641d429e7b

SHA256
358d1c75ef9481d83baba2d5bcbeb3f2267a91fac64a2781d3c9df8f6f2dda92

SHA512
c53ecc18e2e5750a62f8ab6cdd5ccb8ef109e454b8b11fc7752966fe9c1b25ad1f69c2a8741cdbd0622974a7b72512b5ec195fda1f85dd45bb0efa5fbb733b54

Download Submit
C:\Windows\System\wGAIjkd.exe

Filesize
3.2MB

MD5
000d738e2266de57cb5a4b51a34706ba

SHA1
a5844d59a158754cb96bc6bbcd3fcc9846e42e5b

SHA256
1e40d78c53a9530a7efcbfba82ec2d64ea9e4040863f503dd8edd8b1dad97db2

SHA512
b185f8bf281aab0a3b54e9e3d9062653d731e2ec4b5c715030685c3b221a10bf9add56f5bb75d8e367de6cdd8018f0705883c0f1900eb0014cdfac9cfb84ae49

Download Submit
C:\Windows\System\xnrqbJc.exe

Filesize
3.2MB

MD5
a7be9f544fbe3a9974c9a76c86b012d7

SHA1
b72d809769c926e790f21d828cf65f9b82d3e66a

SHA256
bd5314bbda5a9c2a86eff39a491e6cb386697bde9d8c38960457c67405c670aa

SHA512
ebe56e532147397f18869a6030b7afccc808471bc6099774a0012afd7efa3c25f4722a8b5bf27925ed07d30d8918cf0e156ca6e9fc43788e5070ace70fac5cfe

Download Submit
C:\Windows\System\ymoKLXB.exe

Filesize
3.2MB

MD5
0d7286b1fbc826b55200db65dc32ae98

SHA1
6de45f8f8e29244a530d77050f5152a51c419cfe

SHA256
1590e822a1e47c8b7bf1f3480337222fdef5113133ac6805f594eb28cebca654

SHA512
2916723891f4e6d7c16959c6e09ce2b416acf397f17a6834952c38c282602b3b5d2aebadd07b0678b9e238a0f64b86dde1e1d0dc1a78d45cf4ad164a2abad0d2

Download Submit
C:\Windows\System\yqcOGws.exe

Filesize
3.2MB

MD5
d2bd7d8168186b9fb3c1f6670578bf4a

SHA1
286018a75a0b8140f8dc84eb205347f086bfb7a1

SHA256
b7d390e684d6914d2c9b4e930a2040cf86c5ac8269e7ec3c84f4ea78ca716ccb

SHA512
f3c33e50633a58f0e52ff87526383d57a1ffe1ca21b4627451e10658a4fda2ea62797a8f8c0f016f7b6964b8fc48c5d378775b4c90353141cb33c739c5f0a778

Download Submit
memory/1012-1717-0x00007FF7984F0000-0x00007FF7988E6000-memory.dmp

Filesize
4.0MB

Download
memory/1012-115-0x00007FF7984F0000-0x00007FF7988E6000-memory.dmp

Filesize
4.0MB

Download
memory/1012-1723-0x00007FF7984F0000-0x00007FF7988E6000-memory.dmp

Filesize
4.0MB

Download
memory/1056-1597-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp

Filesize
4.0MB

Download
memory/1056-483-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp

Filesize
4.0MB

Download
memory/1056-52-0x00007FF720AF0000-0x00007FF720EE6000-memory.dmp

Filesize
4.0MB

Download
memory/1188-1599-0x00007FF781270000-0x00007FF781666000-memory.dmp

Filesize
4.0MB

Download
memory/1188-62-0x00007FF781270000-0x00007FF781666000-memory.dmp

Filesize
4.0MB

Download
memory/1312-98-0x00007FF7D45D0000-0x00007FF7D49C6000-memory.dmp

Filesize
4.0MB

Download
memory/1312-1649-0x00007FF7D45D0000-0x00007FF7D49C6000-memory.dmp

Filesize
4.0MB

Download
memory/1364-39-0x00007FF793C90000-0x00007FF794086000-memory.dmp

Filesize
4.0MB

Download
memory/1364-1563-0x00007FF793C90000-0x00007FF794086000-memory.dmp

Filesize
4.0MB

Download
memory/1412-93-0x00007FF6CC030000-0x00007FF6CC426000-memory.dmp

Filesize
4.0MB

Download
memory/1412-1623-0x00007FF6CC030000-0x00007FF6CC426000-memory.dmp

Filesize
4.0MB

Download
memory/1460-11-0x000001D72B670000-0x000001D72B692000-memory.dmp

Filesize
136KB

Download
memory/1460-3-0x00007FFDB9F93000-0x00007FFDB9F95000-memory.dmp

Filesize
8KB

Download
memory/1460-34-0x00007FFDB9F90000-0x00007FFDBAA51000-memory.dmp

Filesize
10.8MB

Download
memory/1460-31-0x00007FFDB9F90000-0x00007FFDBAA51000-memory.dmp

Filesize
10.8MB

Download
memory/1460-304-0x00007FFDB9F90000-0x00007FFDBAA51000-memory.dmp

Filesize
10.8MB

Download
memory/1460-172-0x00007FFDB9F90000-0x00007FFDBAA51000-memory.dmp

Filesize
10.8MB

Download
memory/1460-130-0x000001D72C380000-0x000001D72CB26000-memory.dmp

Filesize
7.6MB

Download
memory/1468-129-0x00007FF603420000-0x00007FF603816000-memory.dmp

Filesize
4.0MB

Download
memory/1468-1729-0x00007FF603420000-0x00007FF603816000-memory.dmp

Filesize
4.0MB

Download
memory/1544-1541-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp

Filesize
4.0MB

Download
memory/1544-49-0x00007FF7977C0000-0x00007FF797BB6000-memory.dmp

Filesize
4.0MB

Download
memory/2084-85-0x00007FF7A9ED0000-0x00007FF7AA2C6000-memory.dmp

Filesize
4.0MB

Download
memory/2084-1617-0x00007FF7A9ED0000-0x00007FF7AA2C6000-memory.dmp

Filesize
4.0MB

Download
memory/2156-170-0x00007FF63FB50000-0x00007FF63FF46000-memory.dmp

Filesize
4.0MB

Download
memory/2156-1925-0x00007FF63FB50000-0x00007FF63FF46000-memory.dmp

Filesize
4.0MB

Download
memory/2368-113-0x00007FF7906B0000-0x00007FF790AA6000-memory.dmp

Filesize
4.0MB

Download
memory/2368-1653-0x00007FF7906B0000-0x00007FF790AA6000-memory.dmp

Filesize
4.0MB

Download
memory/2596-1712-0x00007FF612DA0000-0x00007FF613196000-memory.dmp

Filesize
4.0MB

Download
memory/2596-1719-0x00007FF612DA0000-0x00007FF613196000-memory.dmp

Filesize
4.0MB

Download
memory/2596-114-0x00007FF612DA0000-0x00007FF613196000-memory.dmp

Filesize
4.0MB

Download
memory/2860-1612-0x00007FF6803C0000-0x00007FF6807B6000-memory.dmp

Filesize
4.0MB

Download
memory/2860-79-0x00007FF6803C0000-0x00007FF6807B6000-memory.dmp

Filesize
4.0MB

Download
memory/3144-1613-0x00007FF790BD0000-0x00007FF790FC6000-memory.dmp

Filesize
4.0MB

Download
memory/3144-91-0x00007FF790BD0000-0x00007FF790FC6000-memory.dmp

Filesize
4.0MB

Download
memory/3468-1580-0x00007FF622260000-0x00007FF622656000-memory.dmp

Filesize
4.0MB

Download
memory/3468-42-0x00007FF622260000-0x00007FF622656000-memory.dmp

Filesize
4.0MB

Download
memory/4080-128-0x00007FF68B710000-0x00007FF68BB06000-memory.dmp

Filesize
4.0MB

Download
memory/4080-1726-0x00007FF68B710000-0x00007FF68BB06000-memory.dmp

Filesize
4.0MB

Download
memory/4108-162-0x00007FF7D2500000-0x00007FF7D28F6000-memory.dmp

Filesize
4.0MB

Download
memory/4108-1903-0x00007FF7D2500000-0x00007FF7D28F6000-memory.dmp

Filesize
4.0MB

Download
memory/4188-287-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp

Filesize
4.0MB

Download
memory/4188-0-0x00007FF6D1290000-0x00007FF6D1686000-memory.dmp

Filesize
4.0MB

Download
memory/4188-1-0x000002217C830000-0x000002217C840000-memory.dmp

Filesize
64KB

Download
memory/4324-167-0x00007FF6F5C00000-0x00007FF6F5FF6000-memory.dmp

Filesize
4.0MB

Download
memory/4324-1908-0x00007FF6F5C00000-0x00007FF6F5FF6000-memory.dmp

Filesize
4.0MB

Download
memory/4340-69-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp

Filesize
4.0MB

Download
memory/4340-1596-0x00007FF6A96D0000-0x00007FF6A9AC6000-memory.dmp

Filesize
4.0MB

Download
memory/4480-1643-0x00007FF6315F0000-0x00007FF6319E6000-memory.dmp

Filesize
4.0MB

Download
memory/4480-104-0x00007FF6315F0000-0x00007FF6319E6000-memory.dmp

Filesize
4.0MB

Download
memory/4500-82-0x00007FF6235D0000-0x00007FF6239C6000-memory.dmp

Filesize
4.0MB

Download
memory/4500-1611-0x00007FF6235D0000-0x00007FF6239C6000-memory.dmp

Filesize
4.0MB

Download
memory/4756-169-0x00007FF76A6C0000-0x00007FF76AAB6000-memory.dmp

Filesize
4.0MB

Download
memory/4756-1912-0x00007FF76A6C0000-0x00007FF76AAB6000-memory.dmp

Filesize
4.0MB

Download
memory/4784-171-0x00007FF6FFFF0000-0x00007FF7003E6000-memory.dmp

Filesize
4.0MB

Download
memory/4784-1965-0x00007FF6FFFF0000-0x00007FF7003E6000-memory.dmp

Filesize
4.0MB

Download
memory/4912-1564-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp

Filesize
4.0MB

Download
memory/4912-38-0x00007FF7D5C50000-0x00007FF7D6046000-memory.dmp

Filesize
4.0MB

Download