xmrig | 6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d

Analysis

max time kernel
151s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 23:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
Size

1.6MB
MD5

96492767a0c2fc4141418c6581738f15
SHA1

47ca0d2de33903670162473158f07aa240050d84
SHA256

6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d
SHA512

eff6733a19399c366deea4173041f19ddf5d4c16fc745959ee5cd3bd5c6dc3dbce4da3690fcd235d9387de25c703fbaa736e1c04716228722fab8185477c297f
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsZLHYm2WVDtdpR1:Lz071uv4BPMkFfdg6NsNtJVlR1

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 44 IoCs

resource	yara_rule
behavioral2/memory/4612-59-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4400-58-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/312-62-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1424-64-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5064-63-0x00007FF659E80000-0x00007FF65A272000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3092-61-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1328-86-0x00007FF666140000-0x00007FF666532000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4908-88-0x00007FF641240000-0x00007FF641632000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1772-87-0x00007FF760DA0000-0x00007FF761192000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3600-96-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3148-121-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2636-124-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4676-131-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2068-146-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3400-153-0x00007FF770630000-0x00007FF770A22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4976-158-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2612-156-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3724-149-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3148-257-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/624-275-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1820-274-0x00007FF712A80000-0x00007FF712E72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1612-299-0x00007FF691450000-0x00007FF691842000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2052-115-0x00007FF778310000-0x00007FF778702000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4348-114-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3600-684-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2052-2005-0x00007FF778310000-0x00007FF778702000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4976-2041-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2636-2039-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2612-2047-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3724-2046-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1612-2055-0x00007FF691450000-0x00007FF691842000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1964-2038-0x00007FF6A84C0000-0x00007FF6A88B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2068-2012-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3400-2029-0x00007FF770630000-0x00007FF770A22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4748-2009-0x00007FF643590000-0x00007FF643982000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4348-2008-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3600-2007-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4612-1708-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/312-1706-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3092-1704-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5064-1701-0x00007FF659E80000-0x00007FF65A272000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1424-1699-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4400-1681-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4676-1682-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3148-0-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	UPX
behavioral2/files/0x000800000002326a-4.dat	UPX
behavioral2/memory/4676-8-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	UPX
behavioral2/files/0x000800000002326d-11.dat	UPX
behavioral2/files/0x0008000000023270-12.dat	UPX
behavioral2/files/0x0008000000023273-33.dat	UPX
behavioral2/files/0x000800000002326e-34.dat	UPX
behavioral2/files/0x0009000000023272-41.dat	UPX
behavioral2/files/0x0007000000023274-48.dat	UPX
behavioral2/files/0x0007000000023275-54.dat	UPX
behavioral2/files/0x0007000000023276-55.dat	UPX
behavioral2/memory/4612-59-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp	UPX
behavioral2/memory/4400-58-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp	UPX
behavioral2/memory/312-62-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp	UPX
behavioral2/memory/1424-64-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp	UPX
behavioral2/memory/624-66-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp	UPX
behavioral2/memory/1820-65-0x00007FF712A80000-0x00007FF712E72000-memory.dmp	UPX
behavioral2/memory/5064-63-0x00007FF659E80000-0x00007FF65A272000-memory.dmp	UPX
behavioral2/memory/3092-61-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp	UPX
behavioral2/files/0x0007000000023278-76.dat	UPX
behavioral2/files/0x0007000000023277-79.dat	UPX
behavioral2/files/0x0007000000023279-84.dat	UPX
behavioral2/memory/1328-86-0x00007FF666140000-0x00007FF666532000-memory.dmp	UPX
behavioral2/memory/4908-88-0x00007FF641240000-0x00007FF641632000-memory.dmp	UPX
behavioral2/memory/1772-87-0x00007FF760DA0000-0x00007FF761192000-memory.dmp	UPX
behavioral2/files/0x000700000002327a-91.dat	UPX
behavioral2/memory/3600-96-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	UPX
behavioral2/files/0x000700000002327c-101.dat	UPX
behavioral2/files/0x000700000002327e-105.dat	UPX
behavioral2/files/0x000700000002327b-106.dat	UPX
behavioral2/memory/3148-121-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	UPX
behavioral2/memory/2636-124-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp	UPX
behavioral2/files/0x0007000000023282-129.dat	UPX
behavioral2/memory/4676-131-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	UPX
behavioral2/memory/1964-140-0x00007FF6A84C0000-0x00007FF6A88B2000-memory.dmp	UPX
behavioral2/memory/2068-146-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp	UPX
behavioral2/files/0x0007000000023284-151.dat	UPX
behavioral2/memory/3400-153-0x00007FF770630000-0x00007FF770A22000-memory.dmp	UPX
behavioral2/memory/4976-158-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp	UPX
behavioral2/memory/2612-156-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp	UPX
behavioral2/files/0x0007000000023285-154.dat	UPX
behavioral2/files/0x0007000000023286-162.dat	UPX
behavioral2/files/0x0007000000023287-167.dat	UPX
behavioral2/memory/3724-149-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp	UPX
behavioral2/files/0x0007000000023283-141.dat	UPX
behavioral2/files/0x0007000000023288-172.dat	UPX
behavioral2/files/0x0007000000023289-177.dat	UPX
behavioral2/files/0x000700000002328b-184.dat	UPX
behavioral2/files/0x000700000002328a-185.dat	UPX
behavioral2/files/0x000700000002328d-198.dat	UPX
behavioral2/memory/3148-257-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	UPX
behavioral2/memory/624-275-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp	UPX
behavioral2/memory/1820-274-0x00007FF712A80000-0x00007FF712E72000-memory.dmp	UPX
behavioral2/files/0x000700000002328f-205.dat	UPX
behavioral2/files/0x000700000002328e-202.dat	UPX
behavioral2/files/0x000700000002328c-196.dat	UPX
behavioral2/memory/1612-299-0x00007FF691450000-0x00007FF691842000-memory.dmp	UPX
behavioral2/files/0x0007000000023281-139.dat	UPX
behavioral2/files/0x0007000000023280-127.dat	UPX
behavioral2/files/0x000700000002327f-116.dat	UPX
behavioral2/memory/2052-115-0x00007FF778310000-0x00007FF778702000-memory.dmp	UPX
behavioral2/memory/4348-114-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp	UPX
behavioral2/memory/4748-111-0x00007FF643590000-0x00007FF643982000-memory.dmp	UPX
behavioral2/memory/3600-684-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	UPX

XMRig Miner payload 44 IoCs

miner

resource	yara_rule
behavioral2/memory/4612-59-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp	xmrig
behavioral2/memory/4400-58-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp	xmrig
behavioral2/memory/312-62-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp	xmrig
behavioral2/memory/1424-64-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp	xmrig
behavioral2/memory/5064-63-0x00007FF659E80000-0x00007FF65A272000-memory.dmp	xmrig
behavioral2/memory/3092-61-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp	xmrig
behavioral2/memory/1328-86-0x00007FF666140000-0x00007FF666532000-memory.dmp	xmrig
behavioral2/memory/4908-88-0x00007FF641240000-0x00007FF641632000-memory.dmp	xmrig
behavioral2/memory/1772-87-0x00007FF760DA0000-0x00007FF761192000-memory.dmp	xmrig
behavioral2/memory/3600-96-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	xmrig
behavioral2/memory/3148-121-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	xmrig
behavioral2/memory/2636-124-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp	xmrig
behavioral2/memory/4676-131-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	xmrig
behavioral2/memory/2068-146-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp	xmrig
behavioral2/memory/3400-153-0x00007FF770630000-0x00007FF770A22000-memory.dmp	xmrig
behavioral2/memory/4976-158-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp	xmrig
behavioral2/memory/2612-156-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp	xmrig
behavioral2/memory/3724-149-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp	xmrig
behavioral2/memory/3148-257-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	xmrig
behavioral2/memory/624-275-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp	xmrig
behavioral2/memory/1820-274-0x00007FF712A80000-0x00007FF712E72000-memory.dmp	xmrig
behavioral2/memory/1612-299-0x00007FF691450000-0x00007FF691842000-memory.dmp	xmrig
behavioral2/memory/2052-115-0x00007FF778310000-0x00007FF778702000-memory.dmp	xmrig
behavioral2/memory/4348-114-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp	xmrig
behavioral2/memory/3600-684-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	xmrig
behavioral2/memory/2052-2005-0x00007FF778310000-0x00007FF778702000-memory.dmp	xmrig
behavioral2/memory/4976-2041-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp	xmrig
behavioral2/memory/2636-2039-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp	xmrig
behavioral2/memory/2612-2047-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp	xmrig
behavioral2/memory/3724-2046-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp	xmrig
behavioral2/memory/1612-2055-0x00007FF691450000-0x00007FF691842000-memory.dmp	xmrig
behavioral2/memory/1964-2038-0x00007FF6A84C0000-0x00007FF6A88B2000-memory.dmp	xmrig
behavioral2/memory/2068-2012-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp	xmrig
behavioral2/memory/3400-2029-0x00007FF770630000-0x00007FF770A22000-memory.dmp	xmrig
behavioral2/memory/4748-2009-0x00007FF643590000-0x00007FF643982000-memory.dmp	xmrig
behavioral2/memory/4348-2008-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp	xmrig
behavioral2/memory/3600-2007-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	xmrig
behavioral2/memory/4612-1708-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp	xmrig
behavioral2/memory/312-1706-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp	xmrig
behavioral2/memory/3092-1704-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp	xmrig
behavioral2/memory/5064-1701-0x00007FF659E80000-0x00007FF65A272000-memory.dmp	xmrig
behavioral2/memory/1424-1699-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp	xmrig
behavioral2/memory/4400-1681-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp	xmrig
behavioral2/memory/4676-1682-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	2148	powershell.exe
8	2148	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2148	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4676	LGyOgGr.exe
4400	ZipgePL.exe
4612	gyikEBc.exe
3092	cHIKLyd.exe
312	oQUDCHu.exe
5064	gFARccR.exe
1424	wbiomjt.exe
1820	zCIvSON.exe
624	MhWeBIa.exe
1328	trKELTW.exe
1772	gKsqJwA.exe
4908	goqdncO.exe
3600	OgpOZmC.exe
4748	gcqpuJP.exe
4348	LyuGuFs.exe
2052	nzAPjDg.exe
2636	UYvrIQz.exe
2068	IpxCvGh.exe
3724	SlUatWn.exe
1964	nRXGipR.exe
3400	qkqBLOb.exe
2612	wkYuwgC.exe
4976	JWdgDGM.exe
1612	yVInzMp.exe
4280	tPPKjKS.exe
3468	quCGyPw.exe
2572	TXEfplK.exe
228	qlsueOb.exe
8	PuYQHnu.exe
652	QTtcBIu.exe
5012	GrNcjmX.exe
4084	jQDqGmp.exe
3864	tQLHcGm.exe
844	XoxGhVR.exe
4752	FkmmoSq.exe
1848	NnOTmCf.exe
2132	laDFIZM.exe
3512	jEOoDna.exe
4388	gHNJMHA.exe
4012	inYwQgR.exe
2280	sLczMRt.exe
2740	OeFOdpc.exe
4472	JMANNPG.exe
4324	cwqRgVM.exe
4496	ttncrys.exe
2900	DEoWaBN.exe
1560	MtcwpwW.exe
2316	oBYqDNJ.exe
1396	dpxaOxm.exe
1332	VrmBPSZ.exe
408	vihyARl.exe
456	UOMhIRK.exe
1504	bDLgzCn.exe
4696	DAnqhkw.exe
1456	oGLPlnL.exe
232	EYBtCMm.exe
4660	RfTSBnZ.exe
3180	PkfNpio.exe
2672	wlpiiBm.exe
1496	HfJnJqe.exe
1484	REzWGxR.exe
3804	ermsZln.exe
1036	DmkIcLB.exe
3568	wTKaIdA.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3148-0-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	upx
behavioral2/files/0x000800000002326a-4.dat	upx
behavioral2/memory/4676-8-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	upx
behavioral2/files/0x000800000002326d-11.dat	upx
behavioral2/files/0x0008000000023270-12.dat	upx
behavioral2/files/0x0008000000023273-33.dat	upx
behavioral2/files/0x000800000002326e-34.dat	upx
behavioral2/files/0x0009000000023272-41.dat	upx
behavioral2/files/0x0007000000023274-48.dat	upx
behavioral2/files/0x0007000000023275-54.dat	upx
behavioral2/files/0x0007000000023276-55.dat	upx
behavioral2/memory/4612-59-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp	upx
behavioral2/memory/4400-58-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp	upx
behavioral2/memory/312-62-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp	upx
behavioral2/memory/1424-64-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp	upx
behavioral2/memory/624-66-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp	upx
behavioral2/memory/1820-65-0x00007FF712A80000-0x00007FF712E72000-memory.dmp	upx
behavioral2/memory/5064-63-0x00007FF659E80000-0x00007FF65A272000-memory.dmp	upx
behavioral2/memory/3092-61-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp	upx
behavioral2/files/0x0007000000023278-76.dat	upx
behavioral2/files/0x0007000000023277-79.dat	upx
behavioral2/files/0x0007000000023279-84.dat	upx
behavioral2/memory/1328-86-0x00007FF666140000-0x00007FF666532000-memory.dmp	upx
behavioral2/memory/4908-88-0x00007FF641240000-0x00007FF641632000-memory.dmp	upx
behavioral2/memory/1772-87-0x00007FF760DA0000-0x00007FF761192000-memory.dmp	upx
behavioral2/files/0x000700000002327a-91.dat	upx
behavioral2/memory/3600-96-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	upx
behavioral2/files/0x000700000002327c-101.dat	upx
behavioral2/files/0x000700000002327e-105.dat	upx
behavioral2/files/0x000700000002327b-106.dat	upx
behavioral2/memory/3148-121-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	upx
behavioral2/memory/2636-124-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp	upx
behavioral2/files/0x0007000000023282-129.dat	upx
behavioral2/memory/4676-131-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp	upx
behavioral2/memory/1964-140-0x00007FF6A84C0000-0x00007FF6A88B2000-memory.dmp	upx
behavioral2/memory/2068-146-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp	upx
behavioral2/files/0x0007000000023284-151.dat	upx
behavioral2/memory/3400-153-0x00007FF770630000-0x00007FF770A22000-memory.dmp	upx
behavioral2/memory/4976-158-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp	upx
behavioral2/memory/2612-156-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp	upx
behavioral2/files/0x0007000000023285-154.dat	upx
behavioral2/files/0x0007000000023286-162.dat	upx
behavioral2/files/0x0007000000023287-167.dat	upx
behavioral2/memory/3724-149-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp	upx
behavioral2/files/0x0007000000023283-141.dat	upx
behavioral2/files/0x0007000000023288-172.dat	upx
behavioral2/files/0x0007000000023289-177.dat	upx
behavioral2/files/0x000700000002328b-184.dat	upx
behavioral2/files/0x000700000002328a-185.dat	upx
behavioral2/files/0x000700000002328d-198.dat	upx
behavioral2/memory/3148-257-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp	upx
behavioral2/memory/624-275-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp	upx
behavioral2/memory/1820-274-0x00007FF712A80000-0x00007FF712E72000-memory.dmp	upx
behavioral2/files/0x000700000002328f-205.dat	upx
behavioral2/files/0x000700000002328e-202.dat	upx
behavioral2/files/0x000700000002328c-196.dat	upx
behavioral2/memory/1612-299-0x00007FF691450000-0x00007FF691842000-memory.dmp	upx
behavioral2/files/0x0007000000023281-139.dat	upx
behavioral2/files/0x0007000000023280-127.dat	upx
behavioral2/files/0x000700000002327f-116.dat	upx
behavioral2/memory/2052-115-0x00007FF778310000-0x00007FF778702000-memory.dmp	upx
behavioral2/memory/4348-114-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp	upx
behavioral2/memory/4748-111-0x00007FF643590000-0x00007FF643982000-memory.dmp	upx
behavioral2/memory/3600-684-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FkmmoSq.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\QyGzKrE.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\VVTWUqa.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\ynnezzC.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\juNWawv.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\nHAwbIn.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\ECrpfwX.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\UYvrIQz.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\OgzUTVL.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\pniAyOb.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\zQXlgoN.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\AgmiYRw.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\NzhyOkZ.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\upUtYIS.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\XgHffmG.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\onOPDPT.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\DmkIcLB.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\KaPoWfA.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\SiaKBKS.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\VssqjzL.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\uuwQGFr.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\vofYOmI.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\vNSzDJn.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\sHHgJuU.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\vihyARl.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\EhQFCXA.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\LUAjQaA.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\IyuFJao.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\CcRKvtO.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\Lvouzyy.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\fSHxIjt.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\EPqLqlO.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\CjgOyAz.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\JboQrRe.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\sYhqCqA.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\hBfWXWC.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\nnOadPW.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\FtDVQbG.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\upSgUfV.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\WVkIPJa.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\eCPYcOA.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\fZWXAyP.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\EZdNUwy.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\PNDTTZM.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\JzpxpZT.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\gabAXik.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\IpzLNcA.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\paYauzH.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\FYJOird.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\ukCuYrD.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\RTLQFQx.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\BTWNCqM.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\ihxRtUU.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\oqAhTVd.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\tBKBcCY.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\HfJnJqe.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\eqXNQrx.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\IVERrjE.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\oRxDKTZ.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\EAvQcmq.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\quCGyPw.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\PuYQHnu.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\fNcXZDH.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
File created	C:\Windows\System\fyJwIif.exe	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2148	powershell.exe
2148	powershell.exe
2148	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
Token: SeLockMemoryPrivilege	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
Token: SeDebugPrivilege	2148	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 2148	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	92
PID 3148 wrote to memory of 2148	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	92
PID 3148 wrote to memory of 4676	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	93
PID 3148 wrote to memory of 4676	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	93
PID 3148 wrote to memory of 4400	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	94
PID 3148 wrote to memory of 4400	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	94
PID 3148 wrote to memory of 4612	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	95
PID 3148 wrote to memory of 4612	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	95
PID 3148 wrote to memory of 3092	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	96
PID 3148 wrote to memory of 3092	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	96
PID 3148 wrote to memory of 312	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	97
PID 3148 wrote to memory of 312	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	97
PID 3148 wrote to memory of 5064	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	98
PID 3148 wrote to memory of 5064	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	98
PID 3148 wrote to memory of 1424	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	99
PID 3148 wrote to memory of 1424	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	99
PID 3148 wrote to memory of 1820	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	100
PID 3148 wrote to memory of 1820	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	100
PID 3148 wrote to memory of 624	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	101
PID 3148 wrote to memory of 624	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	101
PID 3148 wrote to memory of 1328	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	102
PID 3148 wrote to memory of 1328	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	102
PID 3148 wrote to memory of 1772	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	103
PID 3148 wrote to memory of 1772	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	103
PID 3148 wrote to memory of 4908	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	104
PID 3148 wrote to memory of 4908	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	104
PID 3148 wrote to memory of 3600	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	105
PID 3148 wrote to memory of 3600	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	105
PID 3148 wrote to memory of 4748	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	106
PID 3148 wrote to memory of 4748	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	106
PID 3148 wrote to memory of 4348	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	107
PID 3148 wrote to memory of 4348	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	107
PID 3148 wrote to memory of 2052	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	108
PID 3148 wrote to memory of 2052	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	108
PID 3148 wrote to memory of 2636	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	109
PID 3148 wrote to memory of 2636	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	109
PID 3148 wrote to memory of 2068	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	110
PID 3148 wrote to memory of 2068	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	110
PID 3148 wrote to memory of 1964	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	111
PID 3148 wrote to memory of 1964	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	111
PID 3148 wrote to memory of 3724	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	112
PID 3148 wrote to memory of 3724	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	112
PID 3148 wrote to memory of 3400	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	113
PID 3148 wrote to memory of 3400	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	113
PID 3148 wrote to memory of 2612	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	114
PID 3148 wrote to memory of 2612	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	114
PID 3148 wrote to memory of 4976	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	115
PID 3148 wrote to memory of 4976	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	115
PID 3148 wrote to memory of 1612	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	116
PID 3148 wrote to memory of 1612	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	116
PID 3148 wrote to memory of 4280	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	117
PID 3148 wrote to memory of 4280	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	117
PID 3148 wrote to memory of 3468	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	118
PID 3148 wrote to memory of 3468	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	118
PID 3148 wrote to memory of 2572	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	119
PID 3148 wrote to memory of 2572	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	119
PID 3148 wrote to memory of 228	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	120
PID 3148 wrote to memory of 228	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	120
PID 3148 wrote to memory of 8	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	121
PID 3148 wrote to memory of 8	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	121
PID 3148 wrote to memory of 652	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	122
PID 3148 wrote to memory of 652	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	122
PID 3148 wrote to memory of 5012	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	123
PID 3148 wrote to memory of 5012	3148	6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe	123

C:\Users\Admin\AppData\Local\Temp\6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe
"C:\Users\Admin\AppData\Local\Temp\6e6effb5b6869c6436b04ca6837af185ec141c1125d824830329186f86fee79d.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2148
- C:\Windows\System\LGyOgGr.exe
  C:\Windows\System\LGyOgGr.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\ZipgePL.exe
  C:\Windows\System\ZipgePL.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\gyikEBc.exe
  C:\Windows\System\gyikEBc.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\cHIKLyd.exe
  C:\Windows\System\cHIKLyd.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\oQUDCHu.exe
  C:\Windows\System\oQUDCHu.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\gFARccR.exe
  C:\Windows\System\gFARccR.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\wbiomjt.exe
  C:\Windows\System\wbiomjt.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\zCIvSON.exe
  C:\Windows\System\zCIvSON.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\MhWeBIa.exe
  C:\Windows\System\MhWeBIa.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\trKELTW.exe
  C:\Windows\System\trKELTW.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\gKsqJwA.exe
  C:\Windows\System\gKsqJwA.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\goqdncO.exe
  C:\Windows\System\goqdncO.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\OgpOZmC.exe
  C:\Windows\System\OgpOZmC.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\gcqpuJP.exe
  C:\Windows\System\gcqpuJP.exe
  2⤵
  - Executes dropped EXE
  PID:4748
- C:\Windows\System\LyuGuFs.exe
  C:\Windows\System\LyuGuFs.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\nzAPjDg.exe
  C:\Windows\System\nzAPjDg.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\UYvrIQz.exe
  C:\Windows\System\UYvrIQz.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\IpxCvGh.exe
  C:\Windows\System\IpxCvGh.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\nRXGipR.exe
  C:\Windows\System\nRXGipR.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\SlUatWn.exe
  C:\Windows\System\SlUatWn.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\qkqBLOb.exe
  C:\Windows\System\qkqBLOb.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\wkYuwgC.exe
  C:\Windows\System\wkYuwgC.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\JWdgDGM.exe
  C:\Windows\System\JWdgDGM.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\yVInzMp.exe
  C:\Windows\System\yVInzMp.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\tPPKjKS.exe
  C:\Windows\System\tPPKjKS.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\quCGyPw.exe
  C:\Windows\System\quCGyPw.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\TXEfplK.exe
  C:\Windows\System\TXEfplK.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\qlsueOb.exe
  C:\Windows\System\qlsueOb.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\PuYQHnu.exe
  C:\Windows\System\PuYQHnu.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\QTtcBIu.exe
  C:\Windows\System\QTtcBIu.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\GrNcjmX.exe
  C:\Windows\System\GrNcjmX.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\jQDqGmp.exe
  C:\Windows\System\jQDqGmp.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\tQLHcGm.exe
  C:\Windows\System\tQLHcGm.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\XoxGhVR.exe
  C:\Windows\System\XoxGhVR.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\FkmmoSq.exe
  C:\Windows\System\FkmmoSq.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\NnOTmCf.exe
  C:\Windows\System\NnOTmCf.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\laDFIZM.exe
  C:\Windows\System\laDFIZM.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\jEOoDna.exe
  C:\Windows\System\jEOoDna.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\gHNJMHA.exe
  C:\Windows\System\gHNJMHA.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\inYwQgR.exe
  C:\Windows\System\inYwQgR.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\sLczMRt.exe
  C:\Windows\System\sLczMRt.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\OeFOdpc.exe
  C:\Windows\System\OeFOdpc.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\JMANNPG.exe
  C:\Windows\System\JMANNPG.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\cwqRgVM.exe
  C:\Windows\System\cwqRgVM.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\ttncrys.exe
  C:\Windows\System\ttncrys.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\DEoWaBN.exe
  C:\Windows\System\DEoWaBN.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\MtcwpwW.exe
  C:\Windows\System\MtcwpwW.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\oBYqDNJ.exe
  C:\Windows\System\oBYqDNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\dpxaOxm.exe
  C:\Windows\System\dpxaOxm.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\VrmBPSZ.exe
  C:\Windows\System\VrmBPSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\vihyARl.exe
  C:\Windows\System\vihyARl.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\UOMhIRK.exe
  C:\Windows\System\UOMhIRK.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\bDLgzCn.exe
  C:\Windows\System\bDLgzCn.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\DAnqhkw.exe
  C:\Windows\System\DAnqhkw.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\oGLPlnL.exe
  C:\Windows\System\oGLPlnL.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\EYBtCMm.exe
  C:\Windows\System\EYBtCMm.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\RfTSBnZ.exe
  C:\Windows\System\RfTSBnZ.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\PkfNpio.exe
  C:\Windows\System\PkfNpio.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\wlpiiBm.exe
  C:\Windows\System\wlpiiBm.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\HfJnJqe.exe
  C:\Windows\System\HfJnJqe.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\REzWGxR.exe
  C:\Windows\System\REzWGxR.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\ermsZln.exe
  C:\Windows\System\ermsZln.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\DmkIcLB.exe
  C:\Windows\System\DmkIcLB.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\wTKaIdA.exe
  C:\Windows\System\wTKaIdA.exe
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System\DijNVND.exe
  C:\Windows\System\DijNVND.exe
  2⤵
  PID:1452
- C:\Windows\System\HETszhD.exe
  C:\Windows\System\HETszhD.exe
  2⤵
  PID:3144
- C:\Windows\System\bFZzWzI.exe
  C:\Windows\System\bFZzWzI.exe
  2⤵
  PID:4664
- C:\Windows\System\OgzUTVL.exe
  C:\Windows\System\OgzUTVL.exe
  2⤵
  PID:3732
- C:\Windows\System\bnXSCYQ.exe
  C:\Windows\System\bnXSCYQ.exe
  2⤵
  PID:5172
- C:\Windows\System\PwnvvdV.exe
  C:\Windows\System\PwnvvdV.exe
  2⤵
  PID:5188
- C:\Windows\System\UHurSZu.exe
  C:\Windows\System\UHurSZu.exe
  2⤵
  PID:5228
- C:\Windows\System\AtgGrGv.exe
  C:\Windows\System\AtgGrGv.exe
  2⤵
  PID:5264
- C:\Windows\System\qbbQaKj.exe
  C:\Windows\System\qbbQaKj.exe
  2⤵
  PID:5280
- C:\Windows\System\uFZuuZr.exe
  C:\Windows\System\uFZuuZr.exe
  2⤵
  PID:5320
- C:\Windows\System\kRZuuKX.exe
  C:\Windows\System\kRZuuKX.exe
  2⤵
  PID:5352
- C:\Windows\System\ljsdpPL.exe
  C:\Windows\System\ljsdpPL.exe
  2⤵
  PID:5380
- C:\Windows\System\WNAVofB.exe
  C:\Windows\System\WNAVofB.exe
  2⤵
  PID:5408
- C:\Windows\System\EZdNUwy.exe
  C:\Windows\System\EZdNUwy.exe
  2⤵
  PID:5436
- C:\Windows\System\HKHhwsk.exe
  C:\Windows\System\HKHhwsk.exe
  2⤵
  PID:5456
- C:\Windows\System\MDIRqJa.exe
  C:\Windows\System\MDIRqJa.exe
  2⤵
  PID:5492
- C:\Windows\System\qtjIbqi.exe
  C:\Windows\System\qtjIbqi.exe
  2⤵
  PID:5532
- C:\Windows\System\xvPWHWK.exe
  C:\Windows\System\xvPWHWK.exe
  2⤵
  PID:5616
- C:\Windows\System\KDoItYT.exe
  C:\Windows\System\KDoItYT.exe
  2⤵
  PID:5644
- C:\Windows\System\tJAXSET.exe
  C:\Windows\System\tJAXSET.exe
  2⤵
  PID:5668
- C:\Windows\System\yqfKBRU.exe
  C:\Windows\System\yqfKBRU.exe
  2⤵
  PID:5700
- C:\Windows\System\tJaRqxa.exe
  C:\Windows\System\tJaRqxa.exe
  2⤵
  PID:5728
- C:\Windows\System\ZcFVOdi.exe
  C:\Windows\System\ZcFVOdi.exe
  2⤵
  PID:5756
- C:\Windows\System\HhZXHOf.exe
  C:\Windows\System\HhZXHOf.exe
  2⤵
  PID:5772
- C:\Windows\System\ezxaMZf.exe
  C:\Windows\System\ezxaMZf.exe
  2⤵
  PID:5816
- C:\Windows\System\QZueNdz.exe
  C:\Windows\System\QZueNdz.exe
  2⤵
  PID:5844
- C:\Windows\System\fTulzze.exe
  C:\Windows\System\fTulzze.exe
  2⤵
  PID:5872
- C:\Windows\System\znKFDfs.exe
  C:\Windows\System\znKFDfs.exe
  2⤵
  PID:5900
- C:\Windows\System\eTzzpTq.exe
  C:\Windows\System\eTzzpTq.exe
  2⤵
  PID:5916
- C:\Windows\System\fSMzHsy.exe
  C:\Windows\System\fSMzHsy.exe
  2⤵
  PID:5940
- C:\Windows\System\ZxCFrGq.exe
  C:\Windows\System\ZxCFrGq.exe
  2⤵
  PID:5968
- C:\Windows\System\CnTIbtb.exe
  C:\Windows\System\CnTIbtb.exe
  2⤵
  PID:5992
- C:\Windows\System\jUBIgez.exe
  C:\Windows\System\jUBIgez.exe
  2⤵
  PID:6008
- C:\Windows\System\YoBxqyk.exe
  C:\Windows\System\YoBxqyk.exe
  2⤵
  PID:6040
- C:\Windows\System\nGbPKXB.exe
  C:\Windows\System\nGbPKXB.exe
  2⤵
  PID:6060
- C:\Windows\System\xZimFEr.exe
  C:\Windows\System\xZimFEr.exe
  2⤵
  PID:6076
- C:\Windows\System\OFwEOcL.exe
  C:\Windows\System\OFwEOcL.exe
  2⤵
  PID:6100
- C:\Windows\System\YZObtmj.exe
  C:\Windows\System\YZObtmj.exe
  2⤵
  PID:6120
- C:\Windows\System\NqrnRVR.exe
  C:\Windows\System\NqrnRVR.exe
  2⤵
  PID:5132
- C:\Windows\System\ykuRyHy.exe
  C:\Windows\System\ykuRyHy.exe
  2⤵
  PID:5144
- C:\Windows\System\HgwMush.exe
  C:\Windows\System\HgwMush.exe
  2⤵
  PID:5204
- C:\Windows\System\JoYtyBm.exe
  C:\Windows\System\JoYtyBm.exe
  2⤵
  PID:5272
- C:\Windows\System\DAFaRHt.exe
  C:\Windows\System\DAFaRHt.exe
  2⤵
  PID:5344
- C:\Windows\System\KqiEKYc.exe
  C:\Windows\System\KqiEKYc.exe
  2⤵
  PID:5420
- C:\Windows\System\sNspqyP.exe
  C:\Windows\System\sNspqyP.exe
  2⤵
  PID:5452
- C:\Windows\System\nEdVGoM.exe
  C:\Windows\System\nEdVGoM.exe
  2⤵
  PID:5544
- C:\Windows\System\CeXhqxH.exe
  C:\Windows\System\CeXhqxH.exe
  2⤵
  PID:5548
- C:\Windows\System\GJdcAEQ.exe
  C:\Windows\System\GJdcAEQ.exe
  2⤵
  PID:5600
- C:\Windows\System\GHeFBlv.exe
  C:\Windows\System\GHeFBlv.exe
  2⤵
  PID:5640
- C:\Windows\System\gIiYjlM.exe
  C:\Windows\System\gIiYjlM.exe
  2⤵
  PID:5684
- C:\Windows\System\CdMSrbW.exe
  C:\Windows\System\CdMSrbW.exe
  2⤵
  PID:2184
- C:\Windows\System\JLhUstI.exe
  C:\Windows\System\JLhUstI.exe
  2⤵
  PID:3532
- C:\Windows\System\hBfWXWC.exe
  C:\Windows\System\hBfWXWC.exe
  2⤵
  PID:5856
- C:\Windows\System\iaSjynl.exe
  C:\Windows\System\iaSjynl.exe
  2⤵
  PID:5948
- C:\Windows\System\InOwqOo.exe
  C:\Windows\System\InOwqOo.exe
  2⤵
  PID:5984
- C:\Windows\System\PNDTTZM.exe
  C:\Windows\System\PNDTTZM.exe
  2⤵
  PID:6056
- C:\Windows\System\zffGLiq.exe
  C:\Windows\System\zffGLiq.exe
  2⤵
  PID:6096
- C:\Windows\System\pnztSdT.exe
  C:\Windows\System\pnztSdT.exe
  2⤵
  PID:5136
- C:\Windows\System\tJzMHYO.exe
  C:\Windows\System\tJzMHYO.exe
  2⤵
  PID:5252
- C:\Windows\System\lDeRwTD.exe
  C:\Windows\System\lDeRwTD.exe
  2⤵
  PID:5364
- C:\Windows\System\yzsYgAg.exe
  C:\Windows\System\yzsYgAg.exe
  2⤵
  PID:5528
- C:\Windows\System\lxwqxmv.exe
  C:\Windows\System\lxwqxmv.exe
  2⤵
  PID:5608
- C:\Windows\System\jwWbIUD.exe
  C:\Windows\System\jwWbIUD.exe
  2⤵
  PID:5592
- C:\Windows\System\wyZUnGT.exe
  C:\Windows\System\wyZUnGT.exe
  2⤵
  PID:3120
- C:\Windows\System\ALJrkHq.exe
  C:\Windows\System\ALJrkHq.exe
  2⤵
  PID:2340
- C:\Windows\System\DHFtAJY.exe
  C:\Windows\System\DHFtAJY.exe
  2⤵
  PID:6092
- C:\Windows\System\cxwDVYJ.exe
  C:\Windows\System\cxwDVYJ.exe
  2⤵
  PID:5260
- C:\Windows\System\ZXctqxl.exe
  C:\Windows\System\ZXctqxl.exe
  2⤵
  PID:5388
- C:\Windows\System\tmkNuEs.exe
  C:\Windows\System\tmkNuEs.exe
  2⤵
  PID:5500
- C:\Windows\System\WusMdOs.exe
  C:\Windows\System\WusMdOs.exe
  2⤵
  PID:5936
- C:\Windows\System\RRvAYTa.exe
  C:\Windows\System\RRvAYTa.exe
  2⤵
  PID:5216
- C:\Windows\System\QIwelDT.exe
  C:\Windows\System\QIwelDT.exe
  2⤵
  PID:5568
- C:\Windows\System\JzpxpZT.exe
  C:\Windows\System\JzpxpZT.exe
  2⤵
  PID:6160
- C:\Windows\System\jTIlJeB.exe
  C:\Windows\System\jTIlJeB.exe
  2⤵
  PID:6208
- C:\Windows\System\zASDpDm.exe
  C:\Windows\System\zASDpDm.exe
  2⤵
  PID:6252
- C:\Windows\System\HQCwtSm.exe
  C:\Windows\System\HQCwtSm.exe
  2⤵
  PID:6272
- C:\Windows\System\YTDZziz.exe
  C:\Windows\System\YTDZziz.exe
  2⤵
  PID:6300
- C:\Windows\System\gclDecN.exe
  C:\Windows\System\gclDecN.exe
  2⤵
  PID:6320
- C:\Windows\System\AxLHQIz.exe
  C:\Windows\System\AxLHQIz.exe
  2⤵
  PID:6336
- C:\Windows\System\bstItFD.exe
  C:\Windows\System\bstItFD.exe
  2⤵
  PID:6356
- C:\Windows\System\VwhABFd.exe
  C:\Windows\System\VwhABFd.exe
  2⤵
  PID:6372
- C:\Windows\System\kuJITQc.exe
  C:\Windows\System\kuJITQc.exe
  2⤵
  PID:6392
- C:\Windows\System\tVVaNRD.exe
  C:\Windows\System\tVVaNRD.exe
  2⤵
  PID:6424
- C:\Windows\System\MAjQtGW.exe
  C:\Windows\System\MAjQtGW.exe
  2⤵
  PID:6448
- C:\Windows\System\mEIpMSE.exe
  C:\Windows\System\mEIpMSE.exe
  2⤵
  PID:6464
- C:\Windows\System\qMDILFd.exe
  C:\Windows\System\qMDILFd.exe
  2⤵
  PID:6488
- C:\Windows\System\NwmNkAn.exe
  C:\Windows\System\NwmNkAn.exe
  2⤵
  PID:6552
- C:\Windows\System\RQwfcyL.exe
  C:\Windows\System\RQwfcyL.exe
  2⤵
  PID:6588
- C:\Windows\System\oKMKvsw.exe
  C:\Windows\System\oKMKvsw.exe
  2⤵
  PID:6608
- C:\Windows\System\MItetWr.exe
  C:\Windows\System\MItetWr.exe
  2⤵
  PID:6644
- C:\Windows\System\yvIjqIr.exe
  C:\Windows\System\yvIjqIr.exe
  2⤵
  PID:6672
- C:\Windows\System\QeRXrbF.exe
  C:\Windows\System\QeRXrbF.exe
  2⤵
  PID:6688
- C:\Windows\System\PJOfDoc.exe
  C:\Windows\System\PJOfDoc.exe
  2⤵
  PID:6716
- C:\Windows\System\GcJkwBm.exe
  C:\Windows\System\GcJkwBm.exe
  2⤵
  PID:6736
- C:\Windows\System\HttVuea.exe
  C:\Windows\System\HttVuea.exe
  2⤵
  PID:6776
- C:\Windows\System\nnOadPW.exe
  C:\Windows\System\nnOadPW.exe
  2⤵
  PID:6796
- C:\Windows\System\HHLcyTo.exe
  C:\Windows\System\HHLcyTo.exe
  2⤵
  PID:6872
- C:\Windows\System\wtRNIhc.exe
  C:\Windows\System\wtRNIhc.exe
  2⤵
  PID:6892
- C:\Windows\System\gYIahiN.exe
  C:\Windows\System\gYIahiN.exe
  2⤵
  PID:6952
- C:\Windows\System\uNIBPqm.exe
  C:\Windows\System\uNIBPqm.exe
  2⤵
  PID:6984
- C:\Windows\System\RweoMcQ.exe
  C:\Windows\System\RweoMcQ.exe
  2⤵
  PID:7004
- C:\Windows\System\CHUajlx.exe
  C:\Windows\System\CHUajlx.exe
  2⤵
  PID:7036
- C:\Windows\System\GrvAEvm.exe
  C:\Windows\System\GrvAEvm.exe
  2⤵
  PID:7056
- C:\Windows\System\OxboQgR.exe
  C:\Windows\System\OxboQgR.exe
  2⤵
  PID:7072
- C:\Windows\System\mLplnio.exe
  C:\Windows\System\mLplnio.exe
  2⤵
  PID:7116
- C:\Windows\System\fSHxIjt.exe
  C:\Windows\System\fSHxIjt.exe
  2⤵
  PID:7132
- C:\Windows\System\EPqLqlO.exe
  C:\Windows\System\EPqLqlO.exe
  2⤵
  PID:7148
- C:\Windows\System\pKUDkvP.exe
  C:\Windows\System\pKUDkvP.exe
  2⤵
  PID:7164
- C:\Windows\System\iEFsOgb.exe
  C:\Windows\System\iEFsOgb.exe
  2⤵
  PID:6156
- C:\Windows\System\nOgHMQD.exe
  C:\Windows\System\nOgHMQD.exe
  2⤵
  PID:6228
- C:\Windows\System\dyPVunU.exe
  C:\Windows\System\dyPVunU.exe
  2⤵
  PID:6268
- C:\Windows\System\nuMgyJx.exe
  C:\Windows\System\nuMgyJx.exe
  2⤵
  PID:6312
- C:\Windows\System\APMWyyU.exe
  C:\Windows\System\APMWyyU.exe
  2⤵
  PID:6444
- C:\Windows\System\vsyRQLN.exe
  C:\Windows\System\vsyRQLN.exe
  2⤵
  PID:6352
- C:\Windows\System\PlnDbvd.exe
  C:\Windows\System\PlnDbvd.exe
  2⤵
  PID:6456
- C:\Windows\System\CfMTyFW.exe
  C:\Windows\System\CfMTyFW.exe
  2⤵
  PID:6532
- C:\Windows\System\SzIVYMG.exe
  C:\Windows\System\SzIVYMG.exe
  2⤵
  PID:6508
- C:\Windows\System\eOXgHRi.exe
  C:\Windows\System\eOXgHRi.exe
  2⤵
  PID:6600
- C:\Windows\System\wraYZti.exe
  C:\Windows\System\wraYZti.exe
  2⤵
  PID:6656
- C:\Windows\System\tGZCUhP.exe
  C:\Windows\System\tGZCUhP.exe
  2⤵
  PID:6732
- C:\Windows\System\pIlaLpj.exe
  C:\Windows\System\pIlaLpj.exe
  2⤵
  PID:6756
- C:\Windows\System\fXKiMTg.exe
  C:\Windows\System\fXKiMTg.exe
  2⤵
  PID:6848
- C:\Windows\System\VepLEyA.exe
  C:\Windows\System\VepLEyA.exe
  2⤵
  PID:6884
- C:\Windows\System\auUrNjn.exe
  C:\Windows\System\auUrNjn.exe
  2⤵
  PID:6944
- C:\Windows\System\nHhnfcN.exe
  C:\Windows\System\nHhnfcN.exe
  2⤵
  PID:6936
- C:\Windows\System\gOoDXuz.exe
  C:\Windows\System\gOoDXuz.exe
  2⤵
  PID:7052
- C:\Windows\System\dxGoOWY.exe
  C:\Windows\System\dxGoOWY.exe
  2⤵
  PID:7100
- C:\Windows\System\bygbEtg.exe
  C:\Windows\System\bygbEtg.exe
  2⤵
  PID:7096
- C:\Windows\System\CrsBSCh.exe
  C:\Windows\System\CrsBSCh.exe
  2⤵
  PID:6400
- C:\Windows\System\KaPoWfA.exe
  C:\Windows\System\KaPoWfA.exe
  2⤵
  PID:6528
- C:\Windows\System\ZdfQoik.exe
  C:\Windows\System\ZdfQoik.exe
  2⤵
  PID:6384
- C:\Windows\System\FEORDxy.exe
  C:\Windows\System\FEORDxy.exe
  2⤵
  PID:6236
- C:\Windows\System\lZiuvNW.exe
  C:\Windows\System\lZiuvNW.exe
  2⤵
  PID:6316
- C:\Windows\System\OqWkCqU.exe
  C:\Windows\System\OqWkCqU.exe
  2⤵
  PID:6828
- C:\Windows\System\PJFVFdL.exe
  C:\Windows\System\PJFVFdL.exe
  2⤵
  PID:6420
- C:\Windows\System\rXATjbY.exe
  C:\Windows\System\rXATjbY.exe
  2⤵
  PID:7192
- C:\Windows\System\ttVibzC.exe
  C:\Windows\System\ttVibzC.exe
  2⤵
  PID:7208
- C:\Windows\System\SiaKBKS.exe
  C:\Windows\System\SiaKBKS.exe
  2⤵
  PID:7232
- C:\Windows\System\ZDXeQSc.exe
  C:\Windows\System\ZDXeQSc.exe
  2⤵
  PID:7260
- C:\Windows\System\qnPOniG.exe
  C:\Windows\System\qnPOniG.exe
  2⤵
  PID:7276
- C:\Windows\System\eAqODHC.exe
  C:\Windows\System\eAqODHC.exe
  2⤵
  PID:7304
- C:\Windows\System\xtDVuzo.exe
  C:\Windows\System\xtDVuzo.exe
  2⤵
  PID:7324
- C:\Windows\System\JlgJrEq.exe
  C:\Windows\System\JlgJrEq.exe
  2⤵
  PID:7340
- C:\Windows\System\OgkJOgx.exe
  C:\Windows\System\OgkJOgx.exe
  2⤵
  PID:7360
- C:\Windows\System\hFcbaDI.exe
  C:\Windows\System\hFcbaDI.exe
  2⤵
  PID:7384
- C:\Windows\System\pobzsND.exe
  C:\Windows\System\pobzsND.exe
  2⤵
  PID:7404
- C:\Windows\System\hXhRGQA.exe
  C:\Windows\System\hXhRGQA.exe
  2⤵
  PID:7420
- C:\Windows\System\UsmkvMy.exe
  C:\Windows\System\UsmkvMy.exe
  2⤵
  PID:7444
- C:\Windows\System\oqAhTVd.exe
  C:\Windows\System\oqAhTVd.exe
  2⤵
  PID:7460
- C:\Windows\System\kCYOGyU.exe
  C:\Windows\System\kCYOGyU.exe
  2⤵
  PID:7484
- C:\Windows\System\uLlwkHE.exe
  C:\Windows\System\uLlwkHE.exe
  2⤵
  PID:7500
- C:\Windows\System\LfEMGVp.exe
  C:\Windows\System\LfEMGVp.exe
  2⤵
  PID:7516
- C:\Windows\System\rWwpQkE.exe
  C:\Windows\System\rWwpQkE.exe
  2⤵
  PID:7536
- C:\Windows\System\yzlghQk.exe
  C:\Windows\System\yzlghQk.exe
  2⤵
  PID:7556
- C:\Windows\System\HgOnFGm.exe
  C:\Windows\System\HgOnFGm.exe
  2⤵
  PID:7580
- C:\Windows\System\ePCQpvx.exe
  C:\Windows\System\ePCQpvx.exe
  2⤵
  PID:7604
- C:\Windows\System\vOEwWwj.exe
  C:\Windows\System\vOEwWwj.exe
  2⤵
  PID:7624
- C:\Windows\System\OHjlcNC.exe
  C:\Windows\System\OHjlcNC.exe
  2⤵
  PID:7644
- C:\Windows\System\ffBMcmI.exe
  C:\Windows\System\ffBMcmI.exe
  2⤵
  PID:7664
- C:\Windows\System\DboervA.exe
  C:\Windows\System\DboervA.exe
  2⤵
  PID:7684
- C:\Windows\System\LTEbEXd.exe
  C:\Windows\System\LTEbEXd.exe
  2⤵
  PID:7708
- C:\Windows\System\iNYKGGS.exe
  C:\Windows\System\iNYKGGS.exe
  2⤵
  PID:7724
- C:\Windows\System\bCURtsX.exe
  C:\Windows\System\bCURtsX.exe
  2⤵
  PID:7744
- C:\Windows\System\oLDiooN.exe
  C:\Windows\System\oLDiooN.exe
  2⤵
  PID:7768
- C:\Windows\System\bfLljjP.exe
  C:\Windows\System\bfLljjP.exe
  2⤵
  PID:7796
- C:\Windows\System\IgrQzXV.exe
  C:\Windows\System\IgrQzXV.exe
  2⤵
  PID:7820
- C:\Windows\System\witRKdm.exe
  C:\Windows\System\witRKdm.exe
  2⤵
  PID:7836
- C:\Windows\System\EDhzvbp.exe
  C:\Windows\System\EDhzvbp.exe
  2⤵
  PID:7852
- C:\Windows\System\OhEoWIA.exe
  C:\Windows\System\OhEoWIA.exe
  2⤵
  PID:7876
- C:\Windows\System\TRxSGLO.exe
  C:\Windows\System\TRxSGLO.exe
  2⤵
  PID:7896
- C:\Windows\System\LGaujFo.exe
  C:\Windows\System\LGaujFo.exe
  2⤵
  PID:7916
- C:\Windows\System\gEndITX.exe
  C:\Windows\System\gEndITX.exe
  2⤵
  PID:7932
- C:\Windows\System\DnZjywx.exe
  C:\Windows\System\DnZjywx.exe
  2⤵
  PID:8116
- C:\Windows\System\VmVduvV.exe
  C:\Windows\System\VmVduvV.exe
  2⤵
  PID:8136
- C:\Windows\System\dbNrkBN.exe
  C:\Windows\System\dbNrkBN.exe
  2⤵
  PID:8168
- C:\Windows\System\zacdZBw.exe
  C:\Windows\System\zacdZBw.exe
  2⤵
  PID:6724
- C:\Windows\System\yecvCSV.exe
  C:\Windows\System\yecvCSV.exe
  2⤵
  PID:6616
- C:\Windows\System\bVBWNXz.exe
  C:\Windows\System\bVBWNXz.exe
  2⤵
  PID:7144
- C:\Windows\System\LCZlMtV.exe
  C:\Windows\System\LCZlMtV.exe
  2⤵
  PID:5100
- C:\Windows\System\MIFMjBD.exe
  C:\Windows\System\MIFMjBD.exe
  2⤵
  PID:7252
- C:\Windows\System\VBYBJNc.exe
  C:\Windows\System\VBYBJNc.exe
  2⤵
  PID:7356
- C:\Windows\System\OQCPmMD.exe
  C:\Windows\System\OQCPmMD.exe
  2⤵
  PID:6964
- C:\Windows\System\FUIrjgP.exe
  C:\Windows\System\FUIrjgP.exe
  2⤵
  PID:6576
- C:\Windows\System\CLyGmzP.exe
  C:\Windows\System\CLyGmzP.exe
  2⤵
  PID:7296
- C:\Windows\System\kYUcqFT.exe
  C:\Windows\System\kYUcqFT.exe
  2⤵
  PID:7676
- C:\Windows\System\DOpMbmK.exe
  C:\Windows\System\DOpMbmK.exe
  2⤵
  PID:6440
- C:\Windows\System\wOWzpZQ.exe
  C:\Windows\System\wOWzpZQ.exe
  2⤵
  PID:7808
- C:\Windows\System\sXXvEHL.exe
  C:\Windows\System\sXXvEHL.exe
  2⤵
  PID:7468
- C:\Windows\System\OSNemvn.exe
  C:\Windows\System\OSNemvn.exe
  2⤵
  PID:7912
- C:\Windows\System\YhNnEzn.exe
  C:\Windows\System\YhNnEzn.exe
  2⤵
  PID:6388
- C:\Windows\System\qYHpTko.exe
  C:\Windows\System\qYHpTko.exe
  2⤵
  PID:7596
- C:\Windows\System\QZrDoCS.exe
  C:\Windows\System\QZrDoCS.exe
  2⤵
  PID:7620
- C:\Windows\System\YACGDcf.exe
  C:\Windows\System\YACGDcf.exe
  2⤵
  PID:7680
- C:\Windows\System\IYAQAvQ.exe
  C:\Windows\System\IYAQAvQ.exe
  2⤵
  PID:7740
- C:\Windows\System\LpdmQvJ.exe
  C:\Windows\System\LpdmQvJ.exe
  2⤵
  PID:7868
- C:\Windows\System\pniAyOb.exe
  C:\Windows\System\pniAyOb.exe
  2⤵
  PID:8208
- C:\Windows\System\EMfbBJN.exe
  C:\Windows\System\EMfbBJN.exe
  2⤵
  PID:8228
- C:\Windows\System\PLiYSfy.exe
  C:\Windows\System\PLiYSfy.exe
  2⤵
  PID:8248
- C:\Windows\System\VvBsYbf.exe
  C:\Windows\System\VvBsYbf.exe
  2⤵
  PID:8264
- C:\Windows\System\UXDNieL.exe
  C:\Windows\System\UXDNieL.exe
  2⤵
  PID:8288
- C:\Windows\System\dxfxwRx.exe
  C:\Windows\System\dxfxwRx.exe
  2⤵
  PID:8312
- C:\Windows\System\voErKrj.exe
  C:\Windows\System\voErKrj.exe
  2⤵
  PID:8328
- C:\Windows\System\BzPtwUf.exe
  C:\Windows\System\BzPtwUf.exe
  2⤵
  PID:8356
- C:\Windows\System\yYxnBJN.exe
  C:\Windows\System\yYxnBJN.exe
  2⤵
  PID:8372
- C:\Windows\System\FdMcXHP.exe
  C:\Windows\System\FdMcXHP.exe
  2⤵
  PID:8392
- C:\Windows\System\ypfKsHn.exe
  C:\Windows\System\ypfKsHn.exe
  2⤵
  PID:8416
- C:\Windows\System\zQXlgoN.exe
  C:\Windows\System\zQXlgoN.exe
  2⤵
  PID:8436
- C:\Windows\System\edUuzRQ.exe
  C:\Windows\System\edUuzRQ.exe
  2⤵
  PID:8460
- C:\Windows\System\NgMmhuW.exe
  C:\Windows\System\NgMmhuW.exe
  2⤵
  PID:8476
- C:\Windows\System\xrYLisw.exe
  C:\Windows\System\xrYLisw.exe
  2⤵
  PID:8500
- C:\Windows\System\ZJFufFn.exe
  C:\Windows\System\ZJFufFn.exe
  2⤵
  PID:8520
- C:\Windows\System\MDknzSo.exe
  C:\Windows\System\MDknzSo.exe
  2⤵
  PID:8540
- C:\Windows\System\VssqjzL.exe
  C:\Windows\System\VssqjzL.exe
  2⤵
  PID:8560
- C:\Windows\System\fNcXZDH.exe
  C:\Windows\System\fNcXZDH.exe
  2⤵
  PID:8576
- C:\Windows\System\TvqjfuR.exe
  C:\Windows\System\TvqjfuR.exe
  2⤵
  PID:8604
- C:\Windows\System\vjXyAyh.exe
  C:\Windows\System\vjXyAyh.exe
  2⤵
  PID:8620
- C:\Windows\System\eZSDpzw.exe
  C:\Windows\System\eZSDpzw.exe
  2⤵
  PID:8640
- C:\Windows\System\EHsrWtH.exe
  C:\Windows\System\EHsrWtH.exe
  2⤵
  PID:8660
- C:\Windows\System\jQjANPG.exe
  C:\Windows\System\jQjANPG.exe
  2⤵
  PID:8680
- C:\Windows\System\RDgkesR.exe
  C:\Windows\System\RDgkesR.exe
  2⤵
  PID:8704
- C:\Windows\System\ZTCSOCs.exe
  C:\Windows\System\ZTCSOCs.exe
  2⤵
  PID:8724
- C:\Windows\System\jxfZWel.exe
  C:\Windows\System\jxfZWel.exe
  2⤵
  PID:8748
- C:\Windows\System\bTrqcCj.exe
  C:\Windows\System\bTrqcCj.exe
  2⤵
  PID:8764
- C:\Windows\System\yGLzrGj.exe
  C:\Windows\System\yGLzrGj.exe
  2⤵
  PID:8784
- C:\Windows\System\TWetIYB.exe
  C:\Windows\System\TWetIYB.exe
  2⤵
  PID:8804
- C:\Windows\System\DSHsgdi.exe
  C:\Windows\System\DSHsgdi.exe
  2⤵
  PID:8820
- C:\Windows\System\ZoomZsW.exe
  C:\Windows\System\ZoomZsW.exe
  2⤵
  PID:8848
- C:\Windows\System\PzUrDWQ.exe
  C:\Windows\System\PzUrDWQ.exe
  2⤵
  PID:8868
- C:\Windows\System\rrcrXEz.exe
  C:\Windows\System\rrcrXEz.exe
  2⤵
  PID:8884
- C:\Windows\System\bzcQmGq.exe
  C:\Windows\System\bzcQmGq.exe
  2⤵
  PID:8904
- C:\Windows\System\ebUcHbl.exe
  C:\Windows\System\ebUcHbl.exe
  2⤵
  PID:8920
- C:\Windows\System\IcOACAX.exe
  C:\Windows\System\IcOACAX.exe
  2⤵
  PID:8940
- C:\Windows\System\SEpHYjj.exe
  C:\Windows\System\SEpHYjj.exe
  2⤵
  PID:8960
- C:\Windows\System\SzjoVdp.exe
  C:\Windows\System\SzjoVdp.exe
  2⤵
  PID:8980
- C:\Windows\System\QyGzKrE.exe
  C:\Windows\System\QyGzKrE.exe
  2⤵
  PID:9000
- C:\Windows\System\sEgmWmG.exe
  C:\Windows\System\sEgmWmG.exe
  2⤵
  PID:9020
- C:\Windows\System\aTZwnDk.exe
  C:\Windows\System\aTZwnDk.exe
  2⤵
  PID:8772
- C:\Windows\System\uxDdGjQ.exe
  C:\Windows\System\uxDdGjQ.exe
  2⤵
  PID:8828
- C:\Windows\System\JXpRVjy.exe
  C:\Windows\System\JXpRVjy.exe
  2⤵
  PID:9016
- C:\Windows\System\RHLjobl.exe
  C:\Windows\System\RHLjobl.exe
  2⤵
  PID:4016
- C:\Windows\System\wWtHQbV.exe
  C:\Windows\System\wWtHQbV.exe
  2⤵
  PID:8388
- C:\Windows\System\POYlXBX.exe
  C:\Windows\System\POYlXBX.exe
  2⤵
  PID:6332
- C:\Windows\System\iyzINpv.exe
  C:\Windows\System\iyzINpv.exe
  2⤵
  PID:8616
- C:\Windows\System\zEbNzRL.exe
  C:\Windows\System\zEbNzRL.exe
  2⤵
  PID:7480
- C:\Windows\System\PTQrnLX.exe
  C:\Windows\System\PTQrnLX.exe
  2⤵
  PID:6772
- C:\Windows\System\LsGCzPw.exe
  C:\Windows\System\LsGCzPw.exe
  2⤵
  PID:8244
- C:\Windows\System\zordDAP.exe
  C:\Windows\System\zordDAP.exe
  2⤵
  PID:8556
- C:\Windows\System\VVTWUqa.exe
  C:\Windows\System\VVTWUqa.exe
  2⤵
  PID:8548
- C:\Windows\System\YmVaQoP.exe
  C:\Windows\System\YmVaQoP.exe
  2⤵
  PID:8240
- C:\Windows\System\VWoQqcq.exe
  C:\Windows\System\VWoQqcq.exe
  2⤵
  PID:7228
- C:\Windows\System\pmntwzR.exe
  C:\Windows\System\pmntwzR.exe
  2⤵
  PID:8636
- C:\Windows\System\LJFHbUv.exe
  C:\Windows\System\LJFHbUv.exe
  2⤵
  PID:2264
- C:\Windows\System\cShnmwP.exe
  C:\Windows\System\cShnmwP.exe
  2⤵
  PID:8996
- C:\Windows\System\BdvisUy.exe
  C:\Windows\System\BdvisUy.exe
  2⤵
  PID:6524
- C:\Windows\System\VOmASyd.exe
  C:\Windows\System\VOmASyd.exe
  2⤵
  PID:7548
- C:\Windows\System\IlhxilS.exe
  C:\Windows\System\IlhxilS.exe
  2⤵
  PID:8412
- C:\Windows\System\DQBpGnB.exe
  C:\Windows\System\DQBpGnB.exe
  2⤵
  PID:9172
- C:\Windows\System\MjdsLVb.exe
  C:\Windows\System\MjdsLVb.exe
  2⤵
  PID:8776
- C:\Windows\System\dKqaZCz.exe
  C:\Windows\System\dKqaZCz.exe
  2⤵
  PID:8796
- C:\Windows\System\mgEzJyg.exe
  C:\Windows\System\mgEzJyg.exe
  2⤵
  PID:8896
- C:\Windows\System\ynnezzC.exe
  C:\Windows\System\ynnezzC.exe
  2⤵
  PID:4056
- C:\Windows\System\UnUicUJ.exe
  C:\Windows\System\UnUicUJ.exe
  2⤵
  PID:9224
- C:\Windows\System\MbDLmxy.exe
  C:\Windows\System\MbDLmxy.exe
  2⤵
  PID:9244
- C:\Windows\System\kjhQyeU.exe
  C:\Windows\System\kjhQyeU.exe
  2⤵
  PID:9264
- C:\Windows\System\OwOLDUQ.exe
  C:\Windows\System\OwOLDUQ.exe
  2⤵
  PID:9284
- C:\Windows\System\MbRuPav.exe
  C:\Windows\System\MbRuPav.exe
  2⤵
  PID:9300
- C:\Windows\System\YSfqUvv.exe
  C:\Windows\System\YSfqUvv.exe
  2⤵
  PID:9316
- C:\Windows\System\ObgURNs.exe
  C:\Windows\System\ObgURNs.exe
  2⤵
  PID:9332
- C:\Windows\System\YPOnskR.exe
  C:\Windows\System\YPOnskR.exe
  2⤵
  PID:9348
- C:\Windows\System\ECoqqDZ.exe
  C:\Windows\System\ECoqqDZ.exe
  2⤵
  PID:9372
- C:\Windows\System\iALMRwb.exe
  C:\Windows\System\iALMRwb.exe
  2⤵
  PID:9392
- C:\Windows\System\eqXNQrx.exe
  C:\Windows\System\eqXNQrx.exe
  2⤵
  PID:9412
- C:\Windows\System\qyPXDZY.exe
  C:\Windows\System\qyPXDZY.exe
  2⤵
  PID:9428
- C:\Windows\System\cuRkslL.exe
  C:\Windows\System\cuRkslL.exe
  2⤵
  PID:9448
- C:\Windows\System\jfhvkdg.exe
  C:\Windows\System\jfhvkdg.exe
  2⤵
  PID:9472
- C:\Windows\System\ZAbhKtH.exe
  C:\Windows\System\ZAbhKtH.exe
  2⤵
  PID:9492
- C:\Windows\System\gabAXik.exe
  C:\Windows\System\gabAXik.exe
  2⤵
  PID:9512
- C:\Windows\System\yGJLxkx.exe
  C:\Windows\System\yGJLxkx.exe
  2⤵
  PID:9528
- C:\Windows\System\pGwAxNl.exe
  C:\Windows\System\pGwAxNl.exe
  2⤵
  PID:9548
- C:\Windows\System\hahuvka.exe
  C:\Windows\System\hahuvka.exe
  2⤵
  PID:9568
- C:\Windows\System\CeKEcbk.exe
  C:\Windows\System\CeKEcbk.exe
  2⤵
  PID:9592
- C:\Windows\System\ofyvgQg.exe
  C:\Windows\System\ofyvgQg.exe
  2⤵
  PID:9608
- C:\Windows\System\aRgWhao.exe
  C:\Windows\System\aRgWhao.exe
  2⤵
  PID:9632
- C:\Windows\System\MZYAmQl.exe
  C:\Windows\System\MZYAmQl.exe
  2⤵
  PID:9656
- C:\Windows\System\GBcBiCX.exe
  C:\Windows\System\GBcBiCX.exe
  2⤵
  PID:9672
- C:\Windows\System\cxpwzjY.exe
  C:\Windows\System\cxpwzjY.exe
  2⤵
  PID:9696
- C:\Windows\System\UhfjHmN.exe
  C:\Windows\System\UhfjHmN.exe
  2⤵
  PID:9716
- C:\Windows\System\PioFCqz.exe
  C:\Windows\System\PioFCqz.exe
  2⤵
  PID:9736
- C:\Windows\System\kzeieFF.exe
  C:\Windows\System\kzeieFF.exe
  2⤵
  PID:9756
- C:\Windows\System\jrqcAXn.exe
  C:\Windows\System\jrqcAXn.exe
  2⤵
  PID:9776
- C:\Windows\System\uuwQGFr.exe
  C:\Windows\System\uuwQGFr.exe
  2⤵
  PID:9808
- C:\Windows\System\WyajlRe.exe
  C:\Windows\System\WyajlRe.exe
  2⤵
  PID:9828
- C:\Windows\System\imAboDM.exe
  C:\Windows\System\imAboDM.exe
  2⤵
  PID:9848
- C:\Windows\System\eUOgIOS.exe
  C:\Windows\System\eUOgIOS.exe
  2⤵
  PID:9864
- C:\Windows\System\hiUyeJF.exe
  C:\Windows\System\hiUyeJF.exe
  2⤵
  PID:9888
- C:\Windows\System\kGWOCDP.exe
  C:\Windows\System\kGWOCDP.exe
  2⤵
  PID:9904
- C:\Windows\System\blPRFNV.exe
  C:\Windows\System\blPRFNV.exe
  2⤵
  PID:9924
- C:\Windows\System\cOQklyV.exe
  C:\Windows\System\cOQklyV.exe
  2⤵
  PID:9940
- C:\Windows\System\NlmsknZ.exe
  C:\Windows\System\NlmsknZ.exe
  2⤵
  PID:9960
- C:\Windows\System\UuKeMSY.exe
  C:\Windows\System\UuKeMSY.exe
  2⤵
  PID:9984
- C:\Windows\System\bytxArx.exe
  C:\Windows\System\bytxArx.exe
  2⤵
  PID:10004
- C:\Windows\System\FtDVQbG.exe
  C:\Windows\System\FtDVQbG.exe
  2⤵
  PID:10024
- C:\Windows\System\uBmWMRG.exe
  C:\Windows\System\uBmWMRG.exe
  2⤵
  PID:10044
- C:\Windows\System\ukCuYrD.exe
  C:\Windows\System\ukCuYrD.exe
  2⤵
  PID:10064
- C:\Windows\System\gcYKKsN.exe
  C:\Windows\System\gcYKKsN.exe
  2⤵
  PID:10080
- C:\Windows\System\RTLQFQx.exe
  C:\Windows\System\RTLQFQx.exe
  2⤵
  PID:10100
- C:\Windows\System\HKEoQsu.exe
  C:\Windows\System\HKEoQsu.exe
  2⤵
  PID:10120
- C:\Windows\System\GynQplw.exe
  C:\Windows\System\GynQplw.exe
  2⤵
  PID:10140
- C:\Windows\System\kxLFGgQ.exe
  C:\Windows\System\kxLFGgQ.exe
  2⤵
  PID:10160
- C:\Windows\System\drUYLmU.exe
  C:\Windows\System\drUYLmU.exe
  2⤵
  PID:10180
- C:\Windows\System\FaQKWHj.exe
  C:\Windows\System\FaQKWHj.exe
  2⤵
  PID:10200
- C:\Windows\System\rrzxgAu.exe
  C:\Windows\System\rrzxgAu.exe
  2⤵
  PID:10220
- C:\Windows\System\giEOUQj.exe
  C:\Windows\System\giEOUQj.exe
  2⤵
  PID:8468
- C:\Windows\System\DCuEeMs.exe
  C:\Windows\System\DCuEeMs.exe
  2⤵
  PID:8692
- C:\Windows\System\FHMzmLQ.exe
  C:\Windows\System\FHMzmLQ.exe
  2⤵
  PID:8284
- C:\Windows\System\bawCMhH.exe
  C:\Windows\System\bawCMhH.exe
  2⤵
  PID:8672
- C:\Windows\System\EhQFCXA.exe
  C:\Windows\System\EhQFCXA.exe
  2⤵
  PID:9260
- C:\Windows\System\zsgliRV.exe
  C:\Windows\System\zsgliRV.exe
  2⤵
  PID:9324
- C:\Windows\System\IpzLNcA.exe
  C:\Windows\System\IpzLNcA.exe
  2⤵
  PID:9712
- C:\Windows\System\WhSHQjz.exe
  C:\Windows\System\WhSHQjz.exe
  2⤵
  PID:9488
- C:\Windows\System\fyJwIif.exe
  C:\Windows\System\fyJwIif.exe
  2⤵
  PID:8612
- C:\Windows\System\nSeqbmH.exe
  C:\Windows\System\nSeqbmH.exe
  2⤵
  PID:9600
- C:\Windows\System\paYauzH.exe
  C:\Windows\System\paYauzH.exe
  2⤵
  PID:9820
- C:\Windows\System\vofYOmI.exe
  C:\Windows\System\vofYOmI.exe
  2⤵
  PID:9956
- C:\Windows\System\PHLmqrp.exe
  C:\Windows\System\PHLmqrp.exe
  2⤵
  PID:9728
- C:\Windows\System\eVPEZSL.exe
  C:\Windows\System\eVPEZSL.exe
  2⤵
  PID:9628
- C:\Windows\System\ftXxjUZ.exe
  C:\Windows\System\ftXxjUZ.exe
  2⤵
  PID:9952
- C:\Windows\System\jagcHYK.exe
  C:\Windows\System\jagcHYK.exe
  2⤵
  PID:9464
- C:\Windows\System\XcntFnG.exe
  C:\Windows\System\XcntFnG.exe
  2⤵
  PID:10176
- C:\Windows\System\jqLipkw.exe
  C:\Windows\System\jqLipkw.exe
  2⤵
  PID:10244
- C:\Windows\System\aGfgdAe.exe
  C:\Windows\System\aGfgdAe.exe
  2⤵
  PID:10264
- C:\Windows\System\exKHzlm.exe
  C:\Windows\System\exKHzlm.exe
  2⤵
  PID:10288
- C:\Windows\System\gxjbCYJ.exe
  C:\Windows\System\gxjbCYJ.exe
  2⤵
  PID:10312
- C:\Windows\System\vmmppLC.exe
  C:\Windows\System\vmmppLC.exe
  2⤵
  PID:10332
- C:\Windows\System\ZbtbfgF.exe
  C:\Windows\System\ZbtbfgF.exe
  2⤵
  PID:10356
- C:\Windows\System\ALJhKQg.exe
  C:\Windows\System\ALJhKQg.exe
  2⤵
  PID:10380
- C:\Windows\System\ktPcUkm.exe
  C:\Windows\System\ktPcUkm.exe
  2⤵
  PID:10408
- C:\Windows\System\qFNSTcE.exe
  C:\Windows\System\qFNSTcE.exe
  2⤵
  PID:10428
- C:\Windows\System\ACAGfiG.exe
  C:\Windows\System\ACAGfiG.exe
  2⤵
  PID:10448
- C:\Windows\System\GHYaUbR.exe
  C:\Windows\System\GHYaUbR.exe
  2⤵
  PID:10488
- C:\Windows\System\GRaHkEe.exe
  C:\Windows\System\GRaHkEe.exe
  2⤵
  PID:10512
- C:\Windows\System\CyQPRCj.exe
  C:\Windows\System\CyQPRCj.exe
  2⤵
  PID:10532
- C:\Windows\System\zHkxdFZ.exe
  C:\Windows\System\zHkxdFZ.exe
  2⤵
  PID:10552
- C:\Windows\System\LisnvdR.exe
  C:\Windows\System\LisnvdR.exe
  2⤵
  PID:10584
- C:\Windows\System\yRjoFHz.exe
  C:\Windows\System\yRjoFHz.exe
  2⤵
  PID:10600
- C:\Windows\System\OiUQuJq.exe
  C:\Windows\System\OiUQuJq.exe
  2⤵
  PID:10624
- C:\Windows\System\rFUljvM.exe
  C:\Windows\System\rFUljvM.exe
  2⤵
  PID:10648
- C:\Windows\System\QVKeExo.exe
  C:\Windows\System\QVKeExo.exe
  2⤵
  PID:10668
- C:\Windows\System\pfxSDsr.exe
  C:\Windows\System\pfxSDsr.exe
  2⤵
  PID:10684
- C:\Windows\System\CjgOyAz.exe
  C:\Windows\System\CjgOyAz.exe
  2⤵
  PID:10704
- C:\Windows\System\ddRcEmP.exe
  C:\Windows\System\ddRcEmP.exe
  2⤵
  PID:10724
- C:\Windows\System\zKOUngJ.exe
  C:\Windows\System\zKOUngJ.exe
  2⤵
  PID:10748
- C:\Windows\System\GSPTLqM.exe
  C:\Windows\System\GSPTLqM.exe
  2⤵
  PID:10852
- C:\Windows\System\VIsMcyC.exe
  C:\Windows\System\VIsMcyC.exe
  2⤵
  PID:10872
- C:\Windows\System\VpLnEdK.exe
  C:\Windows\System\VpLnEdK.exe
  2⤵
  PID:10964
- C:\Windows\System\huuSVXY.exe
  C:\Windows\System\huuSVXY.exe
  2⤵
  PID:10984
- C:\Windows\System\oCoLdQE.exe
  C:\Windows\System\oCoLdQE.exe
  2⤵
  PID:11000
- C:\Windows\System\mrycspe.exe
  C:\Windows\System\mrycspe.exe
  2⤵
  PID:11024
- C:\Windows\System\BEXwkgE.exe
  C:\Windows\System\BEXwkgE.exe
  2⤵
  PID:11044
- C:\Windows\System\SkGZzdQ.exe
  C:\Windows\System\SkGZzdQ.exe
  2⤵
  PID:11064
- C:\Windows\System\RZrmowE.exe
  C:\Windows\System\RZrmowE.exe
  2⤵
  PID:11088
- C:\Windows\System\INRkVwT.exe
  C:\Windows\System\INRkVwT.exe
  2⤵
  PID:11108
- C:\Windows\System\chGWgCU.exe
  C:\Windows\System\chGWgCU.exe
  2⤵
  PID:11124
- C:\Windows\System\ZrWxAxO.exe
  C:\Windows\System\ZrWxAxO.exe
  2⤵
  PID:11148
- C:\Windows\System\DiAUiGQ.exe
  C:\Windows\System\DiAUiGQ.exe
  2⤵
  PID:11172
- C:\Windows\System\EwNENnb.exe
  C:\Windows\System\EwNENnb.exe
  2⤵
  PID:11192
- C:\Windows\System\LZVySUh.exe
  C:\Windows\System\LZVySUh.exe
  2⤵
  PID:11212
- C:\Windows\System\FNcTUNK.exe
  C:\Windows\System\FNcTUNK.exe
  2⤵
  PID:11236
- C:\Windows\System\UdpdxRY.exe
  C:\Windows\System\UdpdxRY.exe
  2⤵
  PID:11252
- C:\Windows\System\ywdNAnA.exe
  C:\Windows\System\ywdNAnA.exe
  2⤵
  PID:9856
- C:\Windows\System\DzRRagH.exe
  C:\Windows\System\DzRRagH.exe
  2⤵
  PID:2864
- C:\Windows\System\aiJjuOT.exe
  C:\Windows\System\aiJjuOT.exe
  2⤵
  PID:9816
- C:\Windows\System\bUWptmD.exe
  C:\Windows\System\bUWptmD.exe
  2⤵
  PID:9544
- C:\Windows\System\fMchaaP.exe
  C:\Windows\System\fMchaaP.exe
  2⤵
  PID:10524
- C:\Windows\System\oGTKYHf.exe
  C:\Windows\System\oGTKYHf.exe
  2⤵
  PID:10572
- C:\Windows\System\IAvgAcn.exe
  C:\Windows\System\IAvgAcn.exe
  2⤵
  PID:10616
- C:\Windows\System\lIUaXwi.exe
  C:\Windows\System\lIUaXwi.exe
  2⤵
  PID:4456
- C:\Windows\System\vtICXOH.exe
  C:\Windows\System\vtICXOH.exe
  2⤵
  PID:8176
- C:\Windows\System\EUkPedw.exe
  C:\Windows\System\EUkPedw.exe
  2⤵
  PID:10256
- C:\Windows\System\rVIAvtG.exe
  C:\Windows\System\rVIAvtG.exe
  2⤵
  PID:10324
- C:\Windows\System\zhrMrIA.exe
  C:\Windows\System\zhrMrIA.exe
  2⤵
  PID:10368
- C:\Windows\System\FauOjWb.exe
  C:\Windows\System\FauOjWb.exe
  2⤵
  PID:10416
- C:\Windows\System\AmxJhzk.exe
  C:\Windows\System\AmxJhzk.exe
  2⤵
  PID:10444
- C:\Windows\System\oFAPXqq.exe
  C:\Windows\System\oFAPXqq.exe
  2⤵
  PID:10732
- C:\Windows\System\fSPSMZc.exe
  C:\Windows\System\fSPSMZc.exe
  2⤵
  PID:11336
- C:\Windows\System\AlCpLNM.exe
  C:\Windows\System\AlCpLNM.exe
  2⤵
  PID:11352
- C:\Windows\System\TLJbkic.exe
  C:\Windows\System\TLJbkic.exe
  2⤵
  PID:11372
- C:\Windows\System\VtkdaTs.exe
  C:\Windows\System\VtkdaTs.exe
  2⤵
  PID:11400
- C:\Windows\System\SyzDtNF.exe
  C:\Windows\System\SyzDtNF.exe
  2⤵
  PID:11420
- C:\Windows\System\geEgUHo.exe
  C:\Windows\System\geEgUHo.exe
  2⤵
  PID:11436
- C:\Windows\System\veEiGOY.exe
  C:\Windows\System\veEiGOY.exe
  2⤵
  PID:11460
- C:\Windows\System\YuWCUBe.exe
  C:\Windows\System\YuWCUBe.exe
  2⤵
  PID:11476
- C:\Windows\System\BTWNCqM.exe
  C:\Windows\System\BTWNCqM.exe
  2⤵
  PID:11500
- C:\Windows\System\MAAPQHO.exe
  C:\Windows\System\MAAPQHO.exe
  2⤵
  PID:11520
- C:\Windows\System\aiqnDEy.exe
  C:\Windows\System\aiqnDEy.exe
  2⤵
  PID:11536
- C:\Windows\System\cYJuRsU.exe
  C:\Windows\System\cYJuRsU.exe
  2⤵
  PID:11560
- C:\Windows\System\YfAJoJL.exe
  C:\Windows\System\YfAJoJL.exe
  2⤵
  PID:11632
- C:\Windows\System\ijbAAXY.exe
  C:\Windows\System\ijbAAXY.exe
  2⤵
  PID:11648
- C:\Windows\System\VoRpFIC.exe
  C:\Windows\System\VoRpFIC.exe
  2⤵
  PID:11668
- C:\Windows\System\BoDhNDl.exe
  C:\Windows\System\BoDhNDl.exe
  2⤵
  PID:11688
- C:\Windows\System\ubckjzb.exe
  C:\Windows\System\ubckjzb.exe
  2⤵
  PID:11704
- C:\Windows\System\GodZytG.exe
  C:\Windows\System\GodZytG.exe
  2⤵
  PID:11720
- C:\Windows\System\ncnKqSW.exe
  C:\Windows\System\ncnKqSW.exe
  2⤵
  PID:11736
- C:\Windows\System\QMGLAmL.exe
  C:\Windows\System\QMGLAmL.exe
  2⤵
  PID:11760
- C:\Windows\System\TPtniTh.exe
  C:\Windows\System\TPtniTh.exe
  2⤵
  PID:11776
- C:\Windows\System\jYMxHXZ.exe
  C:\Windows\System\jYMxHXZ.exe
  2⤵
  PID:11800
- C:\Windows\System\eylpkId.exe
  C:\Windows\System\eylpkId.exe
  2⤵
  PID:11824
- C:\Windows\System\eyOYHYh.exe
  C:\Windows\System\eyOYHYh.exe
  2⤵
  PID:11848
- C:\Windows\System\Hiywueq.exe
  C:\Windows\System\Hiywueq.exe
  2⤵
  PID:11872
- C:\Windows\System\bmSSYIK.exe
  C:\Windows\System\bmSSYIK.exe
  2⤵
  PID:11888
- C:\Windows\System\vmohUyp.exe
  C:\Windows\System\vmohUyp.exe
  2⤵
  PID:11908
- C:\Windows\System\IPVrhWn.exe
  C:\Windows\System\IPVrhWn.exe
  2⤵
  PID:11932
- C:\Windows\System\EZWYQoJ.exe
  C:\Windows\System\EZWYQoJ.exe
  2⤵
  PID:11956
- C:\Windows\System\UEpnQtZ.exe
  C:\Windows\System\UEpnQtZ.exe
  2⤵
  PID:11976
- C:\Windows\System\LUAjQaA.exe
  C:\Windows\System\LUAjQaA.exe
  2⤵
  PID:12008
- C:\Windows\System\ZSjoMZF.exe
  C:\Windows\System\ZSjoMZF.exe
  2⤵
  PID:12032
- C:\Windows\System\ZXCuTHP.exe
  C:\Windows\System\ZXCuTHP.exe
  2⤵
  PID:12056
- C:\Windows\System\ppmKcMS.exe
  C:\Windows\System\ppmKcMS.exe
  2⤵
  PID:12076
- C:\Windows\System\HXqXiXq.exe
  C:\Windows\System\HXqXiXq.exe
  2⤵
  PID:12092
- C:\Windows\System\KlskYCe.exe
  C:\Windows\System\KlskYCe.exe
  2⤵
  PID:12112
- C:\Windows\System\IVERrjE.exe
  C:\Windows\System\IVERrjE.exe
  2⤵
  PID:12132
- C:\Windows\System\XUwCukB.exe
  C:\Windows\System\XUwCukB.exe
  2⤵
  PID:12156
- C:\Windows\System\pXPYtHm.exe
  C:\Windows\System\pXPYtHm.exe
  2⤵
  PID:12176
- C:\Windows\System\CiGFoYX.exe
  C:\Windows\System\CiGFoYX.exe
  2⤵
  PID:12200
- C:\Windows\System\nbMOafB.exe
  C:\Windows\System\nbMOafB.exe
  2⤵
  PID:12224
- C:\Windows\System\vQGBuZy.exe
  C:\Windows\System\vQGBuZy.exe
  2⤵
  PID:12240
- C:\Windows\System\dFRusWp.exe
  C:\Windows\System\dFRusWp.exe
  2⤵
  PID:12260
- C:\Windows\System\jNIjaVI.exe
  C:\Windows\System\jNIjaVI.exe
  2⤵
  PID:12284
- C:\Windows\System\eCPYcOA.exe
  C:\Windows\System\eCPYcOA.exe
  2⤵
  PID:9920
- C:\Windows\System\btouhnw.exe
  C:\Windows\System\btouhnw.exe
  2⤵
  PID:10440
- C:\Windows\System\qfZejSR.exe
  C:\Windows\System\qfZejSR.exe
  2⤵
  PID:10844
- C:\Windows\System\beOApFL.exe
  C:\Windows\System\beOApFL.exe
  2⤵
  PID:11072
- C:\Windows\System\sscyYKT.exe
  C:\Windows\System\sscyYKT.exe
  2⤵
  PID:11180
- C:\Windows\System\RpPPgPx.exe
  C:\Windows\System\RpPPgPx.exe
  2⤵
  PID:2076
- C:\Windows\System\yXWsVfS.exe
  C:\Windows\System\yXWsVfS.exe
  2⤵
  PID:12140
- C:\Windows\System\ugExqrv.exe
  C:\Windows\System\ugExqrv.exe
  2⤵
  PID:4624
- C:\Windows\System\VfMKBDn.exe
  C:\Windows\System\VfMKBDn.exe
  2⤵
  PID:11716
- C:\Windows\System\CWNhjdb.exe
  C:\Windows\System\CWNhjdb.exe
  2⤵
  PID:11784
- C:\Windows\System\DoPuQeT.exe
  C:\Windows\System\DoPuQeT.exe
  2⤵
  PID:11820
- C:\Windows\System\rivosGm.exe
  C:\Windows\System\rivosGm.exe
  2⤵
  PID:1968
- C:\Windows\System\CoWxZnx.exe
  C:\Windows\System\CoWxZnx.exe
  2⤵
  PID:11928
- C:\Windows\System\tBKBcCY.exe
  C:\Windows\System\tBKBcCY.exe
  2⤵
  PID:11992
- C:\Windows\System\hdYkOtX.exe
  C:\Windows\System\hdYkOtX.exe
  2⤵
  PID:11984
- C:\Windows\System\IyuFJao.exe
  C:\Windows\System\IyuFJao.exe
  2⤵
  PID:12124
- C:\Windows\System\MdilZvA.exe
  C:\Windows\System\MdilZvA.exe
  2⤵
  PID:12196
- C:\Windows\System\oRxDKTZ.exe
  C:\Windows\System\oRxDKTZ.exe
  2⤵
  PID:12268
- C:\Windows\System\gCNWVJT.exe
  C:\Windows\System\gCNWVJT.exe
  2⤵
  PID:10864
- C:\Windows\System\fxoMyoP.exe
  C:\Windows\System\fxoMyoP.exe
  2⤵
  PID:10740
- C:\Windows\System\wdTPooR.exe
  C:\Windows\System\wdTPooR.exe
  2⤵
  PID:1896
- C:\Windows\System\AgmiYRw.exe
  C:\Windows\System\AgmiYRw.exe
  2⤵
  PID:12308
- C:\Windows\System\pblWKPD.exe
  C:\Windows\System\pblWKPD.exe
  2⤵
  PID:12332
- C:\Windows\System\AtDtEML.exe
  C:\Windows\System\AtDtEML.exe
  2⤵
  PID:12352
- C:\Windows\System\zKvNpNf.exe
  C:\Windows\System\zKvNpNf.exe
  2⤵
  PID:12376
- C:\Windows\System\TQPsaUF.exe
  C:\Windows\System\TQPsaUF.exe
  2⤵
  PID:12524
- C:\Windows\System\kMDekhm.exe
  C:\Windows\System\kMDekhm.exe
  2⤵
  PID:12544
- C:\Windows\System\oSrptzc.exe
  C:\Windows\System\oSrptzc.exe
  2⤵
  PID:12564
- C:\Windows\System\TUahhse.exe
  C:\Windows\System\TUahhse.exe
  2⤵
  PID:12584
- C:\Windows\System\AjQlrFX.exe
  C:\Windows\System\AjQlrFX.exe
  2⤵
  PID:12672
- C:\Windows\System\JqBTtpj.exe
  C:\Windows\System\JqBTtpj.exe
  2⤵
  PID:12692
- C:\Windows\System\eyRIcoG.exe
  C:\Windows\System\eyRIcoG.exe
  2⤵
  PID:12712
- C:\Windows\System\ukxzfhC.exe
  C:\Windows\System\ukxzfhC.exe
  2⤵
  PID:12736
- C:\Windows\System\iHpBJHY.exe
  C:\Windows\System\iHpBJHY.exe
  2⤵
  PID:12768
- C:\Windows\System\FTSWBdk.exe
  C:\Windows\System\FTSWBdk.exe
  2⤵
  PID:12784
- C:\Windows\System\sJBjZMf.exe
  C:\Windows\System\sJBjZMf.exe
  2⤵
  PID:12800
- C:\Windows\System\BrPHZKw.exe
  C:\Windows\System\BrPHZKw.exe
  2⤵
  PID:12820
- C:\Windows\System\NzhyOkZ.exe
  C:\Windows\System\NzhyOkZ.exe
  2⤵
  PID:12836
- C:\Windows\System\VDKvBLX.exe
  C:\Windows\System\VDKvBLX.exe
  2⤵
  PID:12852
- C:\Windows\System\jfqebZI.exe
  C:\Windows\System\jfqebZI.exe
  2⤵
  PID:12868
- C:\Windows\System\ayTRwte.exe
  C:\Windows\System\ayTRwte.exe
  2⤵
  PID:12884
- C:\Windows\System\MAmbrkm.exe
  C:\Windows\System\MAmbrkm.exe
  2⤵
  PID:12916
- C:\Windows\System\OjZQCoI.exe
  C:\Windows\System\OjZQCoI.exe
  2⤵
  PID:12940
- C:\Windows\System\JGzLfCP.exe
  C:\Windows\System\JGzLfCP.exe
  2⤵
  PID:12956
- C:\Windows\System\FuvGYOd.exe
  C:\Windows\System\FuvGYOd.exe
  2⤵
  PID:12980
- C:\Windows\System\PmHuodk.exe
  C:\Windows\System\PmHuodk.exe
  2⤵
  PID:13000
- C:\Windows\System\SfwrDfs.exe
  C:\Windows\System\SfwrDfs.exe
  2⤵
  PID:13024
- C:\Windows\System\erassTy.exe
  C:\Windows\System\erassTy.exe
  2⤵
  PID:13044
- C:\Windows\System\BDPzSuh.exe
  C:\Windows\System\BDPzSuh.exe
  2⤵
  PID:13068
- C:\Windows\System\HGbrRyT.exe
  C:\Windows\System\HGbrRyT.exe
  2⤵
  PID:13096
- C:\Windows\System\eAIuHfR.exe
  C:\Windows\System\eAIuHfR.exe
  2⤵
  PID:13116
- C:\Windows\System\avkVRkT.exe
  C:\Windows\System\avkVRkT.exe
  2⤵
  PID:13136
- C:\Windows\System\gfjVaUi.exe
  C:\Windows\System\gfjVaUi.exe
  2⤵
  PID:13164
- C:\Windows\System\pjMBKox.exe
  C:\Windows\System\pjMBKox.exe
  2⤵
  PID:13188
- C:\Windows\System\YCoItQM.exe
  C:\Windows\System\YCoItQM.exe
  2⤵
  PID:13208
- C:\Windows\System\zBYWpFD.exe
  C:\Windows\System\zBYWpFD.exe
  2⤵
  PID:13228
- C:\Windows\System\LlzsxAb.exe
  C:\Windows\System\LlzsxAb.exe
  2⤵
  PID:13252
- C:\Windows\System\hcwnYkg.exe
  C:\Windows\System\hcwnYkg.exe
  2⤵
  PID:13268
- C:\Windows\System\WBssMVs.exe
  C:\Windows\System\WBssMVs.exe
  2⤵
  PID:13284
- C:\Windows\System\xwCKWaH.exe
  C:\Windows\System\xwCKWaH.exe
  2⤵
  PID:13308
- C:\Windows\System\WObSKGL.exe
  C:\Windows\System\WObSKGL.exe
  2⤵
  PID:12108
- C:\Windows\System\QXOgUwz.exe
  C:\Windows\System\QXOgUwz.exe
  2⤵
  PID:11728
- C:\Windows\System\lNTKgtg.exe
  C:\Windows\System\lNTKgtg.exe
  2⤵
  PID:3356
- C:\Windows\System\pSERrhq.exe
  C:\Windows\System\pSERrhq.exe
  2⤵
  PID:11808
- C:\Windows\System\wClRMJO.exe
  C:\Windows\System\wClRMJO.exe
  2⤵
  PID:11972
- C:\Windows\System\DTJzXPl.exe
  C:\Windows\System\DTJzXPl.exe
  2⤵
  PID:11380
- C:\Windows\System\kLzkCNX.exe
  C:\Windows\System\kLzkCNX.exe
  2⤵
  PID:2880
- C:\Windows\System\MIUjXTW.exe
  C:\Windows\System\MIUjXTW.exe
  2⤵
  PID:12072
- C:\Windows\System\ZkwmpfG.exe
  C:\Windows\System\ZkwmpfG.exe
  2⤵
  PID:12404
- C:\Windows\System\PrcStFz.exe
  C:\Windows\System\PrcStFz.exe
  2⤵
  PID:12052
- C:\Windows\System\vEOrlHy.exe
  C:\Windows\System\vEOrlHy.exe
  2⤵
  PID:9992
- C:\Windows\System\vMJKMza.exe
  C:\Windows\System\vMJKMza.exe
  2⤵
  PID:12328
- C:\Windows\System\ClqwiWF.exe
  C:\Windows\System\ClqwiWF.exe
  2⤵
  PID:12476
- C:\Windows\System\JboQrRe.exe
  C:\Windows\System\JboQrRe.exe
  2⤵
  PID:4684
- C:\Windows\System\HYdIjii.exe
  C:\Windows\System\HYdIjii.exe
  2⤵
  PID:10468
- C:\Windows\System\BQaGdWv.exe
  C:\Windows\System\BQaGdWv.exe
  2⤵
  PID:11416
- C:\Windows\System\MzaLpfn.exe
  C:\Windows\System\MzaLpfn.exe
  2⤵
  PID:11796
- C:\Windows\System\CBjVBhb.exe
  C:\Windows\System\CBjVBhb.exe
  2⤵
  PID:12752
- C:\Windows\System\VSwKHzS.exe
  C:\Windows\System\VSwKHzS.exe
  2⤵
  PID:12892
- C:\Windows\System\JKWdaDX.exe
  C:\Windows\System\JKWdaDX.exe
  2⤵
  PID:13008
- C:\Windows\System\chEqwxv.exe
  C:\Windows\System\chEqwxv.exe
  2⤵
  PID:12560
- C:\Windows\System\PyTbMcv.exe
  C:\Windows\System\PyTbMcv.exe
  2⤵
  PID:12744
- C:\Windows\System\RIyyHgW.exe
  C:\Windows\System\RIyyHgW.exe
  2⤵
  PID:13036
- C:\Windows\System\CeZNisd.exe
  C:\Windows\System\CeZNisd.exe
  2⤵
  PID:13076
- C:\Windows\System\lhFQVQq.exe
  C:\Windows\System\lhFQVQq.exe
  2⤵
  PID:13128
- C:\Windows\System\nEtnOsp.exe
  C:\Windows\System\nEtnOsp.exe
  2⤵
  PID:13172
- C:\Windows\System\JAaWduY.exe
  C:\Windows\System\JAaWduY.exe
  2⤵
  PID:13220
- C:\Windows\System\LWfHBpu.exe
  C:\Windows\System\LWfHBpu.exe
  2⤵
  PID:12996
- C:\Windows\System\XGWwuUa.exe
  C:\Windows\System\XGWwuUa.exe
  2⤵
  PID:9340
- C:\Windows\System\XgHffmG.exe
  C:\Windows\System\XgHffmG.exe
  2⤵
  PID:10504
- C:\Windows\System\iJrPINI.exe
  C:\Windows\System\iJrPINI.exe
  2⤵
  PID:14048
- C:\Windows\System\BGLLNeX.exe
  C:\Windows\System\BGLLNeX.exe
  2⤵
  PID:14120
- C:\Windows\System\zoujaZs.exe
  C:\Windows\System\zoujaZs.exe
  2⤵
  PID:14140
- C:\Windows\System\DvzvKQg.exe
  C:\Windows\System\DvzvKQg.exe
  2⤵
  PID:14160
- C:\Windows\System\pHoprJn.exe
  C:\Windows\System\pHoprJn.exe
  2⤵
  PID:14180
- C:\Windows\System\iHciwCo.exe
  C:\Windows\System\iHciwCo.exe
  2⤵
  PID:14196
- C:\Windows\System\PeTyshb.exe
  C:\Windows\System\PeTyshb.exe
  2⤵
  PID:14212
- C:\Windows\System\vNSzDJn.exe
  C:\Windows\System\vNSzDJn.exe
  2⤵
  PID:14232
- C:\Windows\System\NcPGugl.exe
  C:\Windows\System\NcPGugl.exe
  2⤵
  PID:14248
- C:\Windows\System\RajUvBZ.exe
  C:\Windows\System\RajUvBZ.exe
  2⤵
  PID:14308
- C:\Windows\System\NAIImmS.exe
  C:\Windows\System\NAIImmS.exe
  2⤵
  PID:14324
- C:\Windows\System\sHHgJuU.exe
  C:\Windows\System\sHHgJuU.exe
  2⤵
  PID:12324
- C:\Windows\System\emplEKn.exe
  C:\Windows\System\emplEKn.exe
  2⤵
  PID:12340
- C:\Windows\System\kVntQGC.exe
  C:\Windows\System\kVntQGC.exe
  2⤵
  PID:3648
- C:\Windows\System\WMJcMAv.exe
  C:\Windows\System\WMJcMAv.exe
  2⤵
  PID:11676
- C:\Windows\System\WEgHLGf.exe
  C:\Windows\System\WEgHLGf.exe
  2⤵
  PID:12220
- C:\Windows\System\RAgjobd.exe
  C:\Windows\System\RAgjobd.exe
  2⤵
  PID:11772
- C:\Windows\System\cTcSSbX.exe
  C:\Windows\System\cTcSSbX.exe
  2⤵
  PID:13364
- C:\Windows\System\obJoftn.exe
  C:\Windows\System\obJoftn.exe
  2⤵
  PID:13512
- C:\Windows\System\iaSSMtQ.exe
  C:\Windows\System\iaSSMtQ.exe
  2⤵
  PID:13612
- C:\Windows\System\AQxQDtC.exe
  C:\Windows\System\AQxQDtC.exe
  2⤵
  PID:13532
- C:\Windows\System\qXRDWeN.exe
  C:\Windows\System\qXRDWeN.exe
  2⤵
  PID:13568
- C:\Windows\System\KnkWloZ.exe
  C:\Windows\System\KnkWloZ.exe
  2⤵
  PID:13584
- C:\Windows\System\hSsKaTG.exe
  C:\Windows\System\hSsKaTG.exe
  2⤵
  PID:13600
- C:\Windows\System\izMeEqe.exe
  C:\Windows\System\izMeEqe.exe
  2⤵
  PID:13644
- C:\Windows\System\olCUBtk.exe
  C:\Windows\System\olCUBtk.exe
  2⤵
  PID:13652
- C:\Windows\System\dyjKEvl.exe
  C:\Windows\System\dyjKEvl.exe
  2⤵
  PID:1248
- C:\Windows\System\qOiULoZ.exe
  C:\Windows\System\qOiULoZ.exe
  2⤵
  PID:13968
- C:\Windows\System\zHdsKrB.exe
  C:\Windows\System\zHdsKrB.exe
  2⤵
  PID:13868
- C:\Windows\System\stKSLEX.exe
  C:\Windows\System\stKSLEX.exe
  2⤵
  PID:5212
- C:\Windows\System\IxExaJR.exe
  C:\Windows\System\IxExaJR.exe
  2⤵
  PID:13888
- C:\Windows\System\raPbEDG.exe
  C:\Windows\System\raPbEDG.exe
  2⤵
  PID:13872
- C:\Windows\System\EAvQcmq.exe
  C:\Windows\System\EAvQcmq.exe
  2⤵
  PID:1916
- C:\Windows\System\eRhWpGm.exe
  C:\Windows\System\eRhWpGm.exe
  2⤵
  PID:13764
- C:\Windows\System\MAscKeL.exe
  C:\Windows\System\MAscKeL.exe
  2⤵
  PID:3252
- C:\Windows\System\uCyNQZL.exe
  C:\Windows\System\uCyNQZL.exe
  2⤵
  PID:4492
- C:\Windows\System\upUtYIS.exe
  C:\Windows\System\upUtYIS.exe
  2⤵
  PID:14040
- C:\Windows\System\VnuPnlY.exe
  C:\Windows\System\VnuPnlY.exe
  2⤵
  PID:14004
- C:\Windows\System\tEEBcgl.exe
  C:\Windows\System\tEEBcgl.exe
  2⤵
  PID:14028
- C:\Windows\System\plgHuum.exe
  C:\Windows\System\plgHuum.exe
  2⤵
  PID:14044
- C:\Windows\System\WVkIPJa.exe
  C:\Windows\System\WVkIPJa.exe
  2⤵
  PID:14228
- C:\Windows\System\VkoUkMr.exe
  C:\Windows\System\VkoUkMr.exe
  2⤵
  PID:9504
- C:\Windows\System\BXOfqPM.exe
  C:\Windows\System\BXOfqPM.exe
  2⤵
  PID:14288
- C:\Windows\System\QTYfOFO.exe
  C:\Windows\System\QTYfOFO.exe
  2⤵
  PID:5312
- C:\Windows\System\TpkiBOi.exe
  C:\Windows\System\TpkiBOi.exe
  2⤵
  PID:1548
- C:\Windows\System\uXcpcLY.exe
  C:\Windows\System\uXcpcLY.exe
  2⤵
  PID:13032
- C:\Windows\System\ltrgwjL.exe
  C:\Windows\System\ltrgwjL.exe
  2⤵
  PID:4304
- C:\Windows\System\IAeYqqH.exe
  C:\Windows\System\IAeYqqH.exe
  2⤵
  PID:516
- C:\Windows\System\ZAoMOkx.exe
  C:\Windows\System\ZAoMOkx.exe
  2⤵
  PID:12580
- C:\Windows\System\cHNrJTe.exe
  C:\Windows\System\cHNrJTe.exe
  2⤵
  PID:14300
- C:\Windows\System\tTgAeBd.exe
  C:\Windows\System\tTgAeBd.exe
  2⤵
  PID:12848
- C:\Windows\System\LRSfdNF.exe
  C:\Windows\System\LRSfdNF.exe
  2⤵
  PID:5476
- C:\Windows\System\PKWyuFF.exe
  C:\Windows\System\PKWyuFF.exe
  2⤵
  PID:752
- C:\Windows\System\jASALCL.exe
  C:\Windows\System\jASALCL.exe
  2⤵
  PID:5636
- C:\Windows\System\lvFUxxp.exe
  C:\Windows\System\lvFUxxp.exe
  2⤵
  PID:4232
- C:\Windows\System\NQTifyE.exe
  C:\Windows\System\NQTifyE.exe
  2⤵
  PID:13684
- C:\Windows\System\LuyoxXj.exe
  C:\Windows\System\LuyoxXj.exe
  2⤵
  PID:5716
- C:\Windows\System\miVUKTr.exe
  C:\Windows\System\miVUKTr.exe
  2⤵
  PID:5804
- C:\Windows\System\THumjee.exe
  C:\Windows\System\THumjee.exe
  2⤵
  PID:12424
- C:\Windows\System\zXagPwB.exe
  C:\Windows\System\zXagPwB.exe
  2⤵
  PID:13396
- C:\Windows\System\DQpcCJA.exe
  C:\Windows\System\DQpcCJA.exe
  2⤵
  PID:13544
- C:\Windows\System\vBxHQZq.exe
  C:\Windows\System\vBxHQZq.exe
  2⤵
  PID:1552
- C:\Windows\System\uuhSlqm.exe
  C:\Windows\System\uuhSlqm.exe
  2⤵
  PID:13592
- C:\Windows\System\baPJdNk.exe
  C:\Windows\System\baPJdNk.exe
  2⤵
  PID:4632
- C:\Windows\System\tTZDXtF.exe
  C:\Windows\System\tTZDXtF.exe
  2⤵
  PID:5128
- C:\Windows\System\OQsSKAN.exe
  C:\Windows\System\OQsSKAN.exe
  2⤵
  PID:13896
- C:\Windows\System\PdNWugh.exe
  C:\Windows\System\PdNWugh.exe
  2⤵
  PID:13944
- C:\Windows\System\cmmfSSQ.exe
  C:\Windows\System\cmmfSSQ.exe
  2⤵
  PID:5480
- C:\Windows\System\ZqepdaF.exe
  C:\Windows\System\ZqepdaF.exe
  2⤵
  PID:14148
- C:\Windows\System\GBENWxB.exe
  C:\Windows\System\GBENWxB.exe
  2⤵
  PID:3296
- C:\Windows\System\MfwgYpS.exe
  C:\Windows\System\MfwgYpS.exe
  2⤵
  PID:13904
- C:\Windows\System\xwFkQtB.exe
  C:\Windows\System\xwFkQtB.exe
  2⤵
  PID:14276
- C:\Windows\System\VUrVqUH.exe
  C:\Windows\System\VUrVqUH.exe
  2⤵
  PID:13564
- C:\Windows\System\mnIRGJF.exe
  C:\Windows\System\mnIRGJF.exe
  2⤵
  PID:4200
- C:\Windows\System\hMAzkkw.exe
  C:\Windows\System\hMAzkkw.exe
  2⤵
  PID:904
- C:\Windows\System\gCuOIgo.exe
  C:\Windows\System\gCuOIgo.exe
  2⤵
  PID:13924
- C:\Windows\System\HyoBEkc.exe
  C:\Windows\System\HyoBEkc.exe
  2⤵
  PID:11628
- C:\Windows\System\kzuFUzg.exe
  C:\Windows\System\kzuFUzg.exe
  2⤵
  PID:12724
- C:\Windows\System\mvtHXKp.exe
  C:\Windows\System\mvtHXKp.exe
  2⤵
  PID:14036
- C:\Windows\System\nNdtrMR.exe
  C:\Windows\System\nNdtrMR.exe
  2⤵
  PID:4524
- C:\Windows\System\JETfPAg.exe
  C:\Windows\System\JETfPAg.exe
  2⤵
  PID:13628
- C:\Windows\System\KLfMCzr.exe
  C:\Windows\System\KLfMCzr.exe
  2⤵
  PID:12472
- C:\Windows\System\QAOnvvR.exe
  C:\Windows\System\QAOnvvR.exe
  2⤵
  PID:2160
- C:\Windows\System\dZBSUwC.exe
  C:\Windows\System\dZBSUwC.exe
  2⤵
  PID:2140
- C:\Windows\System\ioczuVZ.exe
  C:\Windows\System\ioczuVZ.exe
  2⤵
  PID:1264
- C:\Windows\System\dOhiegp.exe
  C:\Windows\System\dOhiegp.exe
  2⤵
  PID:5928
- C:\Windows\System\USxJkHX.exe
  C:\Windows\System\USxJkHX.exe
  2⤵
  PID:5964
- C:\Windows\System\mkRfHqK.exe
  C:\Windows\System\mkRfHqK.exe
  2⤵
  PID:12576
- C:\Windows\System\WDgZPbr.exe
  C:\Windows\System\WDgZPbr.exe
  2⤵
  PID:13808
- C:\Windows\System\zysCpCU.exe
  C:\Windows\System\zysCpCU.exe
  2⤵
  PID:13472
- C:\Windows\System\flQexOp.exe
  C:\Windows\System\flQexOp.exe
  2⤵
  PID:13508
- C:\Windows\System\BOZKmnb.exe
  C:\Windows\System\BOZKmnb.exe
  2⤵
  PID:2776
- C:\Windows\System\AwszkQR.exe
  C:\Windows\System\AwszkQR.exe
  2⤵
  PID:5248
- C:\Windows\System\TnbxLBz.exe
  C:\Windows\System\TnbxLBz.exe
  2⤵
  PID:1048
- C:\Windows\System\dGYkYfv.exe
  C:\Windows\System\dGYkYfv.exe
  2⤵
  PID:1384
- C:\Windows\System\fbYinYM.exe
  C:\Windows\System\fbYinYM.exe
  2⤵
  PID:1568
- C:\Windows\System\HtRHTaL.exe
  C:\Windows\System\HtRHTaL.exe
  2⤵
  PID:13144
- C:\Windows\System\NGqtnha.exe
  C:\Windows\System\NGqtnha.exe
  2⤵
  PID:14008
- C:\Windows\System\qyzrozv.exe
  C:\Windows\System\qyzrozv.exe
  2⤵
  PID:14224
- C:\Windows\System\VfOnhee.exe
  C:\Windows\System\VfOnhee.exe
  2⤵
  PID:3828
- C:\Windows\System\vbCTxUz.exe
  C:\Windows\System\vbCTxUz.exe
  2⤵
  PID:4984
- C:\Windows\System\JIVWkrB.exe
  C:\Windows\System\JIVWkrB.exe
  2⤵
  PID:5784
- C:\Windows\System\JKGazqK.exe
  C:\Windows\System\JKGazqK.exe
  2⤵
  PID:5892
- C:\Windows\System\NCTmkfu.exe
  C:\Windows\System\NCTmkfu.exe
  2⤵
  PID:13768
- C:\Windows\System\yheCMkc.exe
  C:\Windows\System\yheCMkc.exe
  2⤵
  PID:2496
- C:\Windows\System\NaNtdnC.exe
  C:\Windows\System\NaNtdnC.exe
  2⤵
  PID:2464
- C:\Windows\System\smmXQyI.exe
  C:\Windows\System\smmXQyI.exe
  2⤵
  PID:5220
- C:\Windows\System\cAJKtYb.exe
  C:\Windows\System\cAJKtYb.exe
  2⤵
  PID:14000
- C:\Windows\System\SWLkOpu.exe
  C:\Windows\System\SWLkOpu.exe
  2⤵
  PID:5588
- C:\Windows\System\eYDHBUL.exe
  C:\Windows\System\eYDHBUL.exe
  2⤵
  PID:14108
- C:\Windows\System\BBggGvo.exe
  C:\Windows\System\BBggGvo.exe
  2⤵
  PID:1824
- C:\Windows\System\NKNRyoc.exe
  C:\Windows\System\NKNRyoc.exe
  2⤵
  PID:4716
- C:\Windows\System\JDYfTec.exe
  C:\Windows\System\JDYfTec.exe
  2⤵
  PID:5924
- C:\Windows\System\aCKlXig.exe
  C:\Windows\System\aCKlXig.exe
  2⤵
  PID:13760
- C:\Windows\System\RejZtAW.exe
  C:\Windows\System\RejZtAW.exe
  2⤵
  PID:9556
- C:\Windows\System\iGEgAhB.exe
  C:\Windows\System\iGEgAhB.exe
  2⤵
  PID:3944
- C:\Windows\System\rOpTtMy.exe
  C:\Windows\System\rOpTtMy.exe
  2⤵
  PID:1464
- C:\Windows\System\KLmdcDs.exe
  C:\Windows\System\KLmdcDs.exe
  2⤵
  PID:3012
- C:\Windows\System\pkqIiyq.exe
  C:\Windows\System\pkqIiyq.exe
  2⤵
  PID:14080
- C:\Windows\System\EKBGrbN.exe
  C:\Windows\System\EKBGrbN.exe
  2⤵
  PID:4480
- C:\Windows\System\WRTFrCi.exe
  C:\Windows\System\WRTFrCi.exe
  2⤵
  PID:4004
- C:\Windows\System\QmTgcUP.exe
  C:\Windows\System\QmTgcUP.exe
  2⤵
  PID:4256
- C:\Windows\System\iEklWFT.exe
  C:\Windows\System\iEklWFT.exe
  2⤵
  PID:4036
- C:\Windows\System\iARcrQr.exe
  C:\Windows\System\iARcrQr.exe
  2⤵
  PID:1892
- C:\Windows\System\UMLlQkm.exe
  C:\Windows\System\UMLlQkm.exe
  2⤵
  PID:3152
- C:\Windows\System\hwlYHUQ.exe
  C:\Windows\System\hwlYHUQ.exe
  2⤵
  PID:6132
- C:\Windows\System\qYivmWO.exe
  C:\Windows\System\qYivmWO.exe
  2⤵
  PID:13936
- C:\Windows\System\iopnciu.exe
  C:\Windows\System\iopnciu.exe
  2⤵
  PID:5988
- C:\Windows\System\iorPBlS.exe
  C:\Windows\System\iorPBlS.exe
  2⤵
  PID:14508
- C:\Windows\System\jtsXFtA.exe
  C:\Windows\System\jtsXFtA.exe
  2⤵
  PID:14536
- C:\Windows\System\VeidVnZ.exe
  C:\Windows\System\VeidVnZ.exe
  2⤵
  PID:14552
- C:\Windows\System\mkdYIAD.exe
  C:\Windows\System\mkdYIAD.exe
  2⤵
  PID:14580
- C:\Windows\System\AYyprPH.exe
  C:\Windows\System\AYyprPH.exe
  2⤵
  PID:14600
- C:\Windows\System\jMCkNnk.exe
  C:\Windows\System\jMCkNnk.exe
  2⤵
  PID:14620
- C:\Windows\System\OkLCMNL.exe
  C:\Windows\System\OkLCMNL.exe
  2⤵
  PID:14636
- C:\Windows\System\yeLCUDQ.exe
  C:\Windows\System\yeLCUDQ.exe
  2⤵
  PID:14652
- C:\Windows\System\sxRgNon.exe
  C:\Windows\System\sxRgNon.exe
  2⤵
  PID:14668
- C:\Windows\System\OSmjIve.exe
  C:\Windows\System\OSmjIve.exe
  2⤵
  PID:14684
- C:\Windows\System\QYQMVDd.exe
  C:\Windows\System\QYQMVDd.exe
  2⤵
  PID:14708
- C:\Windows\System\hideqaj.exe
  C:\Windows\System\hideqaj.exe
  2⤵
  PID:14728
- C:\Windows\System\eykYZgk.exe
  C:\Windows\System\eykYZgk.exe
  2⤵
  PID:14744
- C:\Windows\System\oEabOaU.exe
  C:\Windows\System\oEabOaU.exe
  2⤵
  PID:14768
- C:\Windows\System\zwAxwYf.exe
  C:\Windows\System\zwAxwYf.exe
  2⤵
  PID:14788
- C:\Windows\System\JBfKzoD.exe
  C:\Windows\System\JBfKzoD.exe
  2⤵
  PID:14804
- C:\Windows\System\PKVxqVz.exe
  C:\Windows\System\PKVxqVz.exe
  2⤵
  PID:14820
- C:\Windows\System\CemIHNb.exe
  C:\Windows\System\CemIHNb.exe
  2⤵
  PID:14840
- C:\Windows\System\TFxzKbB.exe
  C:\Windows\System\TFxzKbB.exe
  2⤵
  PID:14860
- C:\Windows\System\RmluPjs.exe
  C:\Windows\System\RmluPjs.exe
  2⤵
  PID:14932
- C:\Windows\System\bGrUNUM.exe
  C:\Windows\System\bGrUNUM.exe
  2⤵
  PID:14948
- C:\Windows\System\Vndeiaq.exe
  C:\Windows\System\Vndeiaq.exe
  2⤵
  PID:14972
- C:\Windows\System\nHaRMib.exe
  C:\Windows\System\nHaRMib.exe
  2⤵
  PID:15004
- C:\Windows\System\UZknoFp.exe
  C:\Windows\System\UZknoFp.exe
  2⤵
  PID:15024
- C:\Windows\System\qDlPgOe.exe
  C:\Windows\System\qDlPgOe.exe
  2⤵
  PID:15052
- C:\Windows\System\ckCEmJy.exe
  C:\Windows\System\ckCEmJy.exe
  2⤵
  PID:15072
- C:\Windows\System\ycYzCSS.exe
  C:\Windows\System\ycYzCSS.exe
  2⤵
  PID:15092
- C:\Windows\System\WXgZajY.exe
  C:\Windows\System\WXgZajY.exe
  2⤵
  PID:15108
- C:\Windows\System\VOGlebD.exe
  C:\Windows\System\VOGlebD.exe
  2⤵
  PID:15124
- C:\Windows\System\FqXglDA.exe
  C:\Windows\System\FqXglDA.exe
  2⤵
  PID:15152
- C:\Windows\System\USXsYol.exe
  C:\Windows\System\USXsYol.exe
  2⤵
  PID:15264
- C:\Windows\System\BrHvgcR.exe
  C:\Windows\System\BrHvgcR.exe
  2⤵
  PID:15280
- C:\Windows\System\ikvuRWW.exe
  C:\Windows\System\ikvuRWW.exe
  2⤵
  PID:15296
- C:\Windows\System\KednOLK.exe
  C:\Windows\System\KednOLK.exe
  2⤵
  PID:15348
- C:\Windows\System\gXWJONA.exe
  C:\Windows\System\gXWJONA.exe
  2⤵
  PID:12436
- C:\Windows\System\LHFZMsI.exe
  C:\Windows\System\LHFZMsI.exe
  2⤵
  PID:12720
- C:\Windows\System\fHmtWZf.exe
  C:\Windows\System\fHmtWZf.exe
  2⤵
  PID:5788
- C:\Windows\System\qpzXegj.exe
  C:\Windows\System\qpzXegj.exe
  2⤵
  PID:14408
- C:\Windows\System\tNqTWbC.exe
  C:\Windows\System\tNqTWbC.exe
  2⤵
  PID:14428
- C:\Windows\System\dkgxteq.exe
  C:\Windows\System\dkgxteq.exe
  2⤵
  PID:3188
- C:\Windows\System\ORUtdsM.exe
  C:\Windows\System\ORUtdsM.exe
  2⤵
  PID:14700
- C:\Windows\System\QEzzwNg.exe
  C:\Windows\System\QEzzwNg.exe
  2⤵
  PID:14780
- C:\Windows\System\reSqSOQ.exe
  C:\Windows\System\reSqSOQ.exe
  2⤵
  PID:14648
- C:\Windows\System\qVxfesQ.exe
  C:\Windows\System\qVxfesQ.exe
  2⤵
  PID:14676
- C:\Windows\System\KsilqwM.exe
  C:\Windows\System\KsilqwM.exe
  2⤵
  PID:14724
- C:\Windows\System\vJwvCmB.exe
  C:\Windows\System\vJwvCmB.exe
  2⤵
  PID:14784
- C:\Windows\System\vNJOEYq.exe
  C:\Windows\System\vNJOEYq.exe
  2⤵
  PID:14828
- C:\Windows\System\DBErMTE.exe
  C:\Windows\System\DBErMTE.exe
  2⤵
  PID:14956
- C:\Windows\System\gszbQDB.exe
  C:\Windows\System\gszbQDB.exe
  2⤵
  PID:800
- C:\Windows\System\nmEahnL.exe
  C:\Windows\System\nmEahnL.exe
  2⤵
  PID:15032
- C:\Windows\System\idWGyMM.exe
  C:\Windows\System\idWGyMM.exe
  2⤵
  PID:15080
- C:\Windows\System\PABtzEj.exe
  C:\Windows\System\PABtzEj.exe
  2⤵
  PID:15164
- C:\Windows\System\JLrnZXg.exe
  C:\Windows\System\JLrnZXg.exe
  2⤵
  PID:6480
- C:\Windows\System\kSdorKs.exe
  C:\Windows\System\kSdorKs.exe
  2⤵
  PID:15224
- C:\Windows\System\uVFKAau.exe
  C:\Windows\System\uVFKAau.exe
  2⤵
  PID:15248
- C:\Windows\System\hoAkxmX.exe
  C:\Windows\System\hoAkxmX.exe
  2⤵
  PID:6540
- C:\Windows\System\kfnsMud.exe
  C:\Windows\System\kfnsMud.exe
  2⤵
  PID:15308
- C:\Windows\System\KnOZmSC.exe
  C:\Windows\System\KnOZmSC.exe
  2⤵
  PID:15332
- C:\Windows\System\NCueFPc.exe
  C:\Windows\System\NCueFPc.exe
  2⤵
  PID:15116
- C:\Windows\System\faGAkpW.exe
  C:\Windows\System\faGAkpW.exe
  2⤵
  PID:6620
- C:\Windows\System\YCADvjW.exe
  C:\Windows\System\YCADvjW.exe
  2⤵
  PID:6760
- C:\Windows\System\foXHbFX.exe
  C:\Windows\System\foXHbFX.exe
  2⤵
  PID:14388
- C:\Windows\System\bncErzl.exe
  C:\Windows\System\bncErzl.exe
  2⤵
  PID:6908
- C:\Windows\System\DhJawTm.exe
  C:\Windows\System\DhJawTm.exe
  2⤵
  PID:15356
- C:\Windows\System\RJYNrIQ.exe
  C:\Windows\System\RJYNrIQ.exe
  2⤵
  PID:5360
- C:\Windows\System\FLLDiLN.exe
  C:\Windows\System\FLLDiLN.exe
  2⤵
  PID:5200
- C:\Windows\System\XSemoTF.exe
  C:\Windows\System\XSemoTF.exe
  2⤵
  PID:15212
- C:\Windows\System\miFGewm.exe
  C:\Windows\System\miFGewm.exe
  2⤵
  PID:6516
- C:\Windows\System\nrGsXVS.exe
  C:\Windows\System\nrGsXVS.exe
  2⤵
  PID:10860
- C:\Windows\System\LNORRol.exe
  C:\Windows\System\LNORRol.exe
  2⤵
  PID:11548
- C:\Windows\System\brNRkoO.exe
  C:\Windows\System\brNRkoO.exe
  2⤵
  PID:4740
- C:\Windows\System\BpoLNjp.exe
  C:\Windows\System\BpoLNjp.exe
  2⤵
  PID:15320
- C:\Windows\System\wtAgsBF.exe
  C:\Windows\System\wtAgsBF.exe
  2⤵
  PID:15100
- C:\Windows\System\mIOwVtD.exe
  C:\Windows\System\mIOwVtD.exe
  2⤵
  PID:6224
- C:\Windows\System\WHcpTYU.exe
  C:\Windows\System\WHcpTYU.exe
  2⤵
  PID:14888
- C:\Windows\System\eJTAdwO.exe
  C:\Windows\System\eJTAdwO.exe
  2⤵
  PID:14460
- C:\Windows\System\XRrTLSk.exe
  C:\Windows\System\XRrTLSk.exe
  2⤵
  PID:6928
- C:\Windows\System\EGZygMJ.exe
  C:\Windows\System\EGZygMJ.exe
  2⤵
  PID:6536
- C:\Windows\System\WnDHRyR.exe
  C:\Windows\System\WnDHRyR.exe
  2⤵
  PID:12604
- C:\Windows\System\xSDBtNT.exe
  C:\Windows\System\xSDBtNT.exe
  2⤵
  PID:8076
- C:\Windows\System\zFOtgcV.exe
  C:\Windows\System\zFOtgcV.exe
  2⤵
  PID:15120
- C:\Windows\System\uFnQHeF.exe
  C:\Windows\System\uFnQHeF.exe
  2⤵
  PID:8044
- C:\Windows\System\fWylPku.exe
  C:\Windows\System\fWylPku.exe
  2⤵
  PID:6664
- C:\Windows\System\FkfQBGI.exe
  C:\Windows\System\FkfQBGI.exe
  2⤵
  PID:7952
- C:\Windows\System\JlYUQnS.exe
  C:\Windows\System\JlYUQnS.exe
  2⤵
  PID:7020
- C:\Windows\System\MzmBrls.exe
  C:\Windows\System\MzmBrls.exe
  2⤵
  PID:5464
- C:\Windows\System\MeJZrrX.exe
  C:\Windows\System\MeJZrrX.exe
  2⤵
  PID:7592
- C:\Windows\System\tfODeOH.exe
  C:\Windows\System\tfODeOH.exe
  2⤵
  PID:6244
- C:\Windows\System\pTsfVIt.exe
  C:\Windows\System\pTsfVIt.exe
  2⤵
  PID:6792
- C:\Windows\System\YdzLbOA.exe
  C:\Windows\System\YdzLbOA.exe
  2⤵
  PID:14396
- C:\Windows\System\nlSUXyO.exe
  C:\Windows\System\nlSUXyO.exe
  2⤵
  PID:8092
- C:\Windows\System\EONQRIh.exe
  C:\Windows\System\EONQRIh.exe
  2⤵
  PID:14644
- C:\Windows\System\RmvSdrs.exe
  C:\Windows\System\RmvSdrs.exe
  2⤵
  PID:6680
- C:\Windows\System\hJxxFyr.exe
  C:\Windows\System\hJxxFyr.exe
  2⤵
  PID:14392
- C:\Windows\System\zjgkqQc.exe
  C:\Windows\System\zjgkqQc.exe
  2⤵
  PID:5980
- C:\Windows\System\bopkEHQ.exe
  C:\Windows\System\bopkEHQ.exe
  2⤵
  PID:6068
- C:\Windows\System\ocZFXtO.exe
  C:\Windows\System\ocZFXtO.exe
  2⤵
  PID:6240
- C:\Windows\System\WVETpiA.exe
  C:\Windows\System\WVETpiA.exe
  2⤵
  PID:7080
- C:\Windows\System\hqaIujc.exe
  C:\Windows\System\hqaIujc.exe
  2⤵
  PID:7368
- C:\Windows\System\tvPfQtw.exe
  C:\Windows\System\tvPfQtw.exe
  2⤵
  PID:14528
- C:\Windows\System\USWRCid.exe
  C:\Windows\System\USWRCid.exe
  2⤵
  PID:7776
- C:\Windows\System\oMFcgrW.exe
  C:\Windows\System\oMFcgrW.exe
  2⤵
  PID:7380
- C:\Windows\System\uTsxmQl.exe
  C:\Windows\System\uTsxmQl.exe
  2⤵
  PID:11412
- C:\Windows\System\GISQVtC.exe
  C:\Windows\System\GISQVtC.exe
  2⤵
  PID:9080
- C:\Windows\System\NlPEQFM.exe
  C:\Windows\System\NlPEQFM.exe
  2⤵
  PID:9044
- C:\Windows\System\qElzuLN.exe
  C:\Windows\System\qElzuLN.exe
  2⤵
  PID:5564
- C:\Windows\System\KLWqeOh.exe
  C:\Windows\System\KLWqeOh.exe
  2⤵
  PID:8400
- C:\Windows\System\SUBHofg.exe
  C:\Windows\System\SUBHofg.exe
  2⤵
  PID:8276
- C:\Windows\System\rsJElHw.exe
  C:\Windows\System\rsJElHw.exe
  2⤵
  PID:8928
- C:\Windows\System\vxmSvYA.exe
  C:\Windows\System\vxmSvYA.exe
  2⤵
  PID:11076
- C:\Windows\System\ctyBTxg.exe
  C:\Windows\System\ctyBTxg.exe
  2⤵
  PID:11368
- C:\Windows\System\EwiCyJj.exe
  C:\Windows\System\EwiCyJj.exe
  2⤵
  PID:14596
- C:\Windows\System\fgBLfbu.exe
  C:\Windows\System\fgBLfbu.exe
  2⤵
  PID:7944
- C:\Windows\System\FJArnWP.exe
  C:\Windows\System\FJArnWP.exe
  2⤵
  PID:8508
- C:\Windows\System\FazQTrM.exe
  C:\Windows\System\FazQTrM.exe
  2⤵
  PID:7652
- C:\Windows\System\NmarriB.exe
  C:\Windows\System\NmarriB.exe
  2⤵
  PID:3124
- C:\Windows\System\WIurITl.exe
  C:\Windows\System\WIurITl.exe
  2⤵
  PID:11488
- C:\Windows\System\EokObXV.exe
  C:\Windows\System\EokObXV.exe
  2⤵
  PID:9008
- C:\Windows\System\sVYEHhi.exe
  C:\Windows\System\sVYEHhi.exe
  2⤵
  PID:9204
- C:\Windows\System\CkPWytc.exe
  C:\Windows\System\CkPWytc.exe
  2⤵
  PID:15316
- C:\Windows\System\dvrYrmF.exe
  C:\Windows\System\dvrYrmF.exe
  2⤵
  PID:6348
- C:\Windows\System\lQffFBN.exe
  C:\Windows\System\lQffFBN.exe
  2⤵
  PID:7660
- C:\Windows\System\beFYjtX.exe
  C:\Windows\System\beFYjtX.exe
  2⤵
  PID:9060
- C:\Windows\System\yUBHJpL.exe
  C:\Windows\System\yUBHJpL.exe
  2⤵
  PID:8968
- C:\Windows\System\vJBtfim.exe
  C:\Windows\System\vJBtfim.exe
  2⤵
  PID:14352
- C:\Windows\System\LoVlOwu.exe
  C:\Windows\System\LoVlOwu.exe
  2⤵
  PID:14776
- C:\Windows\System\rKBokKS.exe
  C:\Windows\System\rKBokKS.exe
  2⤵
  PID:7220
- C:\Windows\System\mWHpnup.exe
  C:\Windows\System\mWHpnup.exe
  2⤵
  PID:15068
- C:\Windows\System\BXncOzS.exe
  C:\Windows\System\BXncOzS.exe
  2⤵
  PID:7436
- C:\Windows\System\kjEzNXT.exe
  C:\Windows\System\kjEzNXT.exe
  2⤵
  PID:15236
- C:\Windows\System\VLdPEwR.exe
  C:\Windows\System\VLdPEwR.exe
  2⤵
  PID:6808
- C:\Windows\System\gnTBbaz.exe
  C:\Windows\System\gnTBbaz.exe
  2⤵
  PID:11484
- C:\Windows\System\qXFtfzO.exe
  C:\Windows\System\qXFtfzO.exe
  2⤵
  PID:3776
- C:\Windows\System\aPwLOKo.exe
  C:\Windows\System\aPwLOKo.exe
  2⤵
  PID:15288
- C:\Windows\System\wkxrWGj.exe
  C:\Windows\System\wkxrWGj.exe
  2⤵
  PID:9196
- C:\Windows\System\LPtHLQD.exe
  C:\Windows\System\LPtHLQD.exe
  2⤵
  PID:9064
- C:\Windows\System\YCnPomW.exe
  C:\Windows\System\YCnPomW.exe
  2⤵
  PID:8676
- C:\Windows\System\CKMRRXo.exe
  C:\Windows\System\CKMRRXo.exe
  2⤵
  PID:9132
- C:\Windows\System\SgbhFLW.exe
  C:\Windows\System\SgbhFLW.exe
  2⤵
  PID:14568
- C:\Windows\System\twiEQFl.exe
  C:\Windows\System\twiEQFl.exe
  2⤵
  PID:7432
- C:\Windows\System\bQkqmZk.exe
  C:\Windows\System\bQkqmZk.exe
  2⤵
  PID:8744
- C:\Windows\System\AEzrgkZ.exe
  C:\Windows\System\AEzrgkZ.exe
  2⤵
  PID:11360
- C:\Windows\System\EPsmlRI.exe
  C:\Windows\System\EPsmlRI.exe
  2⤵
  PID:8912
- C:\Windows\System\bmvszRw.exe
  C:\Windows\System\bmvszRw.exe
  2⤵
  PID:9092
- C:\Windows\System\XYTgfFD.exe
  C:\Windows\System\XYTgfFD.exe
  2⤵
  PID:6900
- C:\Windows\System\NfYGQqo.exe
  C:\Windows\System\NfYGQqo.exe
  2⤵
  PID:9176
- C:\Windows\System\GSexFOO.exe
  C:\Windows\System\GSexFOO.exe
  2⤵
  PID:8976
- C:\Windows\System\JkSAYDx.exe
  C:\Windows\System\JkSAYDx.exe
  2⤵
  PID:7940
- C:\Windows\System\rkbcjll.exe
  C:\Windows\System\rkbcjll.exe
  2⤵
  PID:9160
- C:\Windows\System\uKxyNUO.exe
  C:\Windows\System\uKxyNUO.exe
  2⤵
  PID:8300
- C:\Windows\System\dsdIyGu.exe
  C:\Windows\System\dsdIyGu.exe
  2⤵
  PID:6136
- C:\Windows\System\NwBllao.exe
  C:\Windows\System\NwBllao.exe
  2⤵
  PID:7156
- C:\Windows\System\liolcwj.exe
  C:\Windows\System\liolcwj.exe
  2⤵
  PID:14940
- C:\Windows\System\hyEYzHp.exe
  C:\Windows\System\hyEYzHp.exe
  2⤵
  PID:15340
- C:\Windows\System\qeIWYTY.exe
  C:\Windows\System\qeIWYTY.exe
  2⤵
  PID:15196
- C:\Windows\System\ABEmUeG.exe
  C:\Windows\System\ABEmUeG.exe
  2⤵
  PID:7284
- C:\Windows\System\OGzoHFW.exe
  C:\Windows\System\OGzoHFW.exe
  2⤵
  PID:8740
- C:\Windows\System\AeYhTpL.exe
  C:\Windows\System\AeYhTpL.exe
  2⤵
  PID:7532
- C:\Windows\System\GWnjUHA.exe
  C:\Windows\System\GWnjUHA.exe
  2⤵
  PID:8220
- C:\Windows\System\TXsMqDU.exe
  C:\Windows\System\TXsMqDU.exe
  2⤵
  PID:7568
- C:\Windows\System\UyhxFyk.exe
  C:\Windows\System\UyhxFyk.exe
  2⤵
  PID:8880
- C:\Windows\System\PLeKMSG.exe
  C:\Windows\System\PLeKMSG.exe
  2⤵
  PID:14476
- C:\Windows\System\zWsCttI.exe
  C:\Windows\System\zWsCttI.exe
  2⤵
  PID:7764
- C:\Windows\System\metjVdC.exe
  C:\Windows\System\metjVdC.exe
  2⤵
  PID:5520
- C:\Windows\System\zghyWjy.exe
  C:\Windows\System\zghyWjy.exe
  2⤵
  PID:8712
- C:\Windows\System\SSrVtZd.exe
  C:\Windows\System\SSrVtZd.exe
  2⤵
  PID:7044
- C:\Windows\System\rLeIraE.exe
  C:\Windows\System\rLeIraE.exe
  2⤵
  PID:8932
- C:\Windows\System\bTbJHUt.exe
  C:\Windows\System\bTbJHUt.exe
  2⤵
  PID:8112
- C:\Windows\System\WEzoWVD.exe
  C:\Windows\System\WEzoWVD.exe
  2⤵
  PID:2592
- C:\Windows\System\zidewdG.exe
  C:\Windows\System\zidewdG.exe
  2⤵
  PID:8424
- C:\Windows\System\OmzwbmB.exe
  C:\Windows\System\OmzwbmB.exe
  2⤵
  PID:8952
- C:\Windows\System\rJBUVQF.exe
  C:\Windows\System\rJBUVQF.exe
  2⤵
  PID:9692
- C:\Windows\System\bMuHwJp.exe
  C:\Windows\System\bMuHwJp.exe
  2⤵
  PID:6416
- C:\Windows\System\LhwQVnN.exe
  C:\Windows\System\LhwQVnN.exe
  2⤵
  PID:14464
- C:\Windows\System\Bdejbev.exe
  C:\Windows\System\Bdejbev.exe
  2⤵
  PID:4868
- C:\Windows\System\cYUHySg.exe
  C:\Windows\System\cYUHySg.exe
  2⤵
  PID:9252
- C:\Windows\System\KOSFFxH.exe
  C:\Windows\System\KOSFFxH.exe
  2⤵
  PID:15220
- C:\Windows\System\DIJRiNf.exe
  C:\Windows\System\DIJRiNf.exe
  2⤵
  PID:14632
- C:\Windows\System\EPcNZqJ.exe
  C:\Windows\System\EPcNZqJ.exe
  2⤵
  PID:5908
- C:\Windows\System\YGdSBRu.exe
  C:\Windows\System\YGdSBRu.exe
  2⤵
  PID:14436
- C:\Windows\System\kWHBBlH.exe
  C:\Windows\System\kWHBBlH.exe
  2⤵
  PID:7960
- C:\Windows\System\ZDuFZvo.exe
  C:\Windows\System\ZDuFZvo.exe
  2⤵
  PID:4572
- C:\Windows\System\bpYFHAr.exe
  C:\Windows\System\bpYFHAr.exe
  2⤵
  PID:9876
- C:\Windows\System\ePefVYD.exe
  C:\Windows\System\ePefVYD.exe
  2⤵
  PID:9724
- C:\Windows\System\JUMvLxJ.exe
  C:\Windows\System\JUMvLxJ.exe
  2⤵
  PID:7884
- C:\Windows\System\AoWOzqs.exe
  C:\Windows\System\AoWOzqs.exe
  2⤵
  PID:10376
- C:\Windows\System\byoNaCx.exe
  C:\Windows\System\byoNaCx.exe
  2⤵
  PID:9156
- C:\Windows\System\XNJBhqG.exe
  C:\Windows\System\XNJBhqG.exe
  2⤵
  PID:8384
- C:\Windows\System\vOpTeGU.exe
  C:\Windows\System\vOpTeGU.exe
  2⤵
  PID:9624
- C:\Windows\System\SOdOCOo.exe
  C:\Windows\System\SOdOCOo.exe
  2⤵
  PID:8648
- C:\Windows\System\gtPKWOb.exe
  C:\Windows\System\gtPKWOb.exe
  2⤵
  PID:14520
- C:\Windows\System\cYQmQug.exe
  C:\Windows\System\cYQmQug.exe
  2⤵
  PID:10088
- C:\Windows\System\QJynQJU.exe
  C:\Windows\System\QJynQJU.exe
  2⤵
  PID:9200
- C:\Windows\System\BaGWZuv.exe
  C:\Windows\System\BaGWZuv.exe
  2⤵
  PID:8832
- C:\Windows\System\nYaULUG.exe
  C:\Windows\System\nYaULUG.exe
  2⤵
  PID:7316
- C:\Windows\System\PbIthAc.exe
  C:\Windows\System\PbIthAc.exe
  2⤵
  PID:8584
- C:\Windows\System\KoHDtgb.exe
  C:\Windows\System\KoHDtgb.exe
  2⤵
  PID:14588
- C:\Windows\System\AtRHjuQ.exe
  C:\Windows\System\AtRHjuQ.exe
  2⤵
  PID:9280
- C:\Windows\System\ZSfDcjk.exe
  C:\Windows\System\ZSfDcjk.exe
  2⤵
  PID:8568
- C:\Windows\System\nEvoqVj.exe
  C:\Windows\System\nEvoqVj.exe
  2⤵
  PID:10096
- C:\Windows\System\OvQfoGc.exe
  C:\Windows\System\OvQfoGc.exe
  2⤵
  PID:15364
- C:\Windows\System\xnxGqZJ.exe
  C:\Windows\System\xnxGqZJ.exe
  2⤵
  PID:15388
- C:\Windows\System\cLGOJLu.exe
  C:\Windows\System\cLGOJLu.exe
  2⤵
  PID:15408
- C:\Windows\System\eHMKmZU.exe
  C:\Windows\System\eHMKmZU.exe
  2⤵
  PID:15424
- C:\Windows\System\qNaZBRC.exe
  C:\Windows\System\qNaZBRC.exe
  2⤵
  PID:15440
- C:\Windows\System\ZveKMDF.exe
  C:\Windows\System\ZveKMDF.exe
  2⤵
  PID:15460
- C:\Windows\System\zPkeojc.exe
  C:\Windows\System\zPkeojc.exe
  2⤵
  PID:15488
- C:\Windows\System\ARKHmPf.exe
  C:\Windows\System\ARKHmPf.exe
  2⤵
  PID:15512
- C:\Windows\System\crOJFMo.exe
  C:\Windows\System\crOJFMo.exe
  2⤵
  PID:15532
- C:\Windows\System\HQWQvbJ.exe
  C:\Windows\System\HQWQvbJ.exe
  2⤵
  PID:15552
- C:\Windows\System\ZBDKQkF.exe
  C:\Windows\System\ZBDKQkF.exe
  2⤵
  PID:15576
- C:\Windows\System\Llraqzd.exe
  C:\Windows\System\Llraqzd.exe
  2⤵
  PID:15596
- C:\Windows\System\TiidHff.exe
  C:\Windows\System\TiidHff.exe
  2⤵
  PID:15616
- C:\Windows\System\KaekGVZ.exe
  C:\Windows\System\KaekGVZ.exe
  2⤵
  PID:15640
- C:\Windows\System\wGbBrYF.exe
  C:\Windows\System\wGbBrYF.exe
  2⤵
  PID:15664
- C:\Windows\System\sEEaVcM.exe
  C:\Windows\System\sEEaVcM.exe
  2⤵
  PID:15688
- C:\Windows\System\KerFlaY.exe
  C:\Windows\System\KerFlaY.exe
  2⤵
  PID:15708
- C:\Windows\System\GpiNhln.exe
  C:\Windows\System\GpiNhln.exe
  2⤵
  PID:15724
- C:\Windows\System\MCZUihF.exe
  C:\Windows\System\MCZUihF.exe
  2⤵
  PID:15748
- C:\Windows\System\OxFleez.exe
  C:\Windows\System\OxFleez.exe
  2⤵
  PID:12684
- C:\Windows\System\SxHqJmZ.exe
  C:\Windows\System\SxHqJmZ.exe
  2⤵
  PID:9540
- C:\Windows\System\IyZbEuG.exe
  C:\Windows\System\IyZbEuG.exe
  2⤵
  PID:9140
- C:\Windows\System\BGlkGIN.exe
  C:\Windows\System\BGlkGIN.exe
  2⤵
  PID:9980
- C:\Windows\System\ZgvCdQa.exe
  C:\Windows\System\ZgvCdQa.exe
  2⤵
  PID:7760
- C:\Windows\System\SwmuGhP.exe
  C:\Windows\System\SwmuGhP.exe
  2⤵
  PID:9976
- C:\Windows\System\DPYQkjL.exe
  C:\Windows\System\DPYQkjL.exe
  2⤵
  PID:14128
- C:\Windows\System\JcRrxvC.exe
  C:\Windows\System\JcRrxvC.exe
  2⤵
  PID:9804
- C:\Windows\System\vmVaOtf.exe
  C:\Windows\System\vmVaOtf.exe
  2⤵
  PID:2188
- C:\Windows\System\dAtGexS.exe
  C:\Windows\System\dAtGexS.exe
  2⤵
  PID:10776
- C:\Windows\System\iQXHtHV.exe
  C:\Windows\System\iQXHtHV.exe
  2⤵
  PID:9796
- C:\Windows\System\RvpAuGH.exe
  C:\Windows\System\RvpAuGH.exe
  2⤵
  PID:5376
- C:\Windows\System\DFRBuHG.exe
  C:\Windows\System\DFRBuHG.exe
  2⤵
  PID:9292
- C:\Windows\System\EzlBXMT.exe
  C:\Windows\System\EzlBXMT.exe
  2⤵
  PID:332
- C:\Windows\System\IGUFksp.exe
  C:\Windows\System\IGUFksp.exe
  2⤵
  PID:15456
- C:\Windows\System\LdYGZnI.exe
  C:\Windows\System\LdYGZnI.exe
  2⤵
  PID:10520
- C:\Windows\System\EnrTkoz.exe
  C:\Windows\System\EnrTkoz.exe
  2⤵
  PID:9460
- C:\Windows\System\BObRNyj.exe
  C:\Windows\System\BObRNyj.exe
  2⤵
  PID:7844
- C:\Windows\System\IKhTzlH.exe
  C:\Windows\System\IKhTzlH.exe
  2⤵
  PID:14980
- C:\Windows\System\fVxvJVP.exe
  C:\Windows\System\fVxvJVP.exe
  2⤵
  PID:6652
- C:\Windows\System\umKgnQG.exe
  C:\Windows\System\umKgnQG.exe
  2⤵
  PID:14088
- C:\Windows\System\JqwUHeF.exe
  C:\Windows\System\JqwUHeF.exe
  2⤵
  PID:12252
- C:\Windows\System\wqGadUt.exe
  C:\Windows\System\wqGadUt.exe
  2⤵
  PID:8124
- C:\Windows\System\SHoNIPR.exe
  C:\Windows\System\SHoNIPR.exe
  2⤵
  PID:10300
- C:\Windows\System\ozFPnuC.exe
  C:\Windows\System\ozFPnuC.exe
  2⤵
  PID:9012
- C:\Windows\System\qbBvgEo.exe
  C:\Windows\System\qbBvgEo.exe
  2⤵
  PID:15864
- C:\Windows\System\mybSley.exe
  C:\Windows\System\mybSley.exe
  2⤵
  PID:11620
- C:\Windows\System\uaLCqpY.exe
  C:\Windows\System\uaLCqpY.exe
  2⤵
  PID:12668
- C:\Windows\System\wppYerQ.exe
  C:\Windows\System\wppYerQ.exe
  2⤵
  PID:10032
- C:\Windows\System\fuHEWnB.exe
  C:\Windows\System\fuHEWnB.exe
  2⤵
  PID:15912
- C:\Windows\System\uLeYHsq.exe
  C:\Windows\System\uLeYHsq.exe
  2⤵
  PID:15484
- C:\Windows\System\LVzVjPA.exe
  C:\Windows\System\LVzVjPA.exe
  2⤵
  PID:15584
- C:\Windows\System\WXHJgay.exe
  C:\Windows\System\WXHJgay.exe
  2⤵
  PID:15976
- C:\Windows\System\TmFlpOY.exe
  C:\Windows\System\TmFlpOY.exe
  2⤵
  PID:10744
- C:\Windows\System\PBkdZGW.exe
  C:\Windows\System\PBkdZGW.exe
  2⤵
  PID:7904
- C:\Windows\System\qNYZwZD.exe
  C:\Windows\System\qNYZwZD.exe
  2⤵
  PID:15764
- C:\Windows\System\sdeGBjl.exe
  C:\Windows\System\sdeGBjl.exe
  2⤵
  PID:9708
- C:\Windows\System\obbaViv.exe
  C:\Windows\System\obbaViv.exe
  2⤵
  PID:15784
- C:\Windows\System\xkEMKRI.exe
  C:\Windows\System\xkEMKRI.exe
  2⤵
  PID:13352
- C:\Windows\System\oLcukpl.exe
  C:\Windows\System\oLcukpl.exe
  2⤵
  PID:14376
- C:\Windows\System\XbbaBcq.exe
  C:\Windows\System\XbbaBcq.exe
  2⤵
  PID:8596
- C:\Windows\System\GsEVoaN.exe
  C:\Windows\System\GsEVoaN.exe
  2⤵
  PID:10816
- C:\Windows\System\OAMIaQv.exe
  C:\Windows\System\OAMIaQv.exe
  2⤵
  PID:10896
- C:\Windows\System\ApvMpHG.exe
  C:\Windows\System\ApvMpHG.exe
  2⤵
  PID:15660
- C:\Windows\System\iXlYxvq.exe
  C:\Windows\System\iXlYxvq.exe
  2⤵
  PID:15992
- C:\Windows\System\RJrZDMS.exe
  C:\Windows\System\RJrZDMS.exe
  2⤵
  PID:10188
- C:\Windows\System\rGPWgcf.exe
  C:\Windows\System\rGPWgcf.exe
  2⤵
  PID:9668
- C:\Windows\System\mwSaFkg.exe
  C:\Windows\System\mwSaFkg.exe
  2⤵
  PID:13404
- C:\Windows\System\ggPqvsk.exe
  C:\Windows\System\ggPqvsk.exe
  2⤵
  PID:13388
- C:\Windows\System\tVrsSdy.exe
  C:\Windows\System\tVrsSdy.exe
  2⤵
  PID:16292
- C:\Windows\System\rysyKUF.exe
  C:\Windows\System\rysyKUF.exe
  2⤵
  PID:16124
- C:\Windows\System\ckVUGTL.exe
  C:\Windows\System\ckVUGTL.exe
  2⤵
  PID:9384
- C:\Windows\System\QSWptho.exe
  C:\Windows\System\QSWptho.exe
  2⤵
  PID:11224
- C:\Windows\System\SnHbTXe.exe
  C:\Windows\System\SnHbTXe.exe
  2⤵
  PID:9748
- C:\Windows\System\brzRnoY.exe
  C:\Windows\System\brzRnoY.exe
  2⤵
  PID:11292
- C:\Windows\System\fOICLip.exe
  C:\Windows\System\fOICLip.exe
  2⤵
  PID:16084
- C:\Windows\System\qmmdXBa.exe
  C:\Windows\System\qmmdXBa.exe
  2⤵
  PID:16096
- C:\Windows\System\yaycgae.exe
  C:\Windows\System\yaycgae.exe
  2⤵
  PID:11836
- C:\Windows\System\KOtXPKr.exe
  C:\Windows\System\KOtXPKr.exe
  2⤵
  PID:15736
- C:\Windows\System\gpDwgZt.exe
  C:\Windows\System\gpDwgZt.exe
  2⤵
  PID:10960
- C:\Windows\System\WzCKTyq.exe
  C:\Windows\System\WzCKTyq.exe
  2⤵
  PID:10212
- C:\Windows\System\gibrynO.exe
  C:\Windows\System\gibrynO.exe
  2⤵
  PID:11348
- C:\Windows\System\SvrlPTM.exe
  C:\Windows\System\SvrlPTM.exe
  2⤵
  PID:15840
- C:\Windows\System\ZIHCVCP.exe
  C:\Windows\System\ZIHCVCP.exe
  2⤵
  PID:9912
- C:\Windows\System\OljiyOR.exe
  C:\Windows\System\OljiyOR.exe
  2⤵
  PID:7656
- C:\Windows\System\VqjfxNy.exe
  C:\Windows\System\VqjfxNy.exe
  2⤵
  PID:13964
- C:\Windows\System\mogjhCe.exe
  C:\Windows\System\mogjhCe.exe
  2⤵
  PID:16240
- C:\Windows\System\metmLwF.exe
  C:\Windows\System\metmLwF.exe
  2⤵
  PID:12760
- C:\Windows\System\bQzZRBp.exe
  C:\Windows\System\bQzZRBp.exe
  2⤵
  PID:10276
- C:\Windows\System\wbCVCPR.exe
  C:\Windows\System\wbCVCPR.exe
  2⤵
  PID:11516
- C:\Windows\System\nmnaGcW.exe
  C:\Windows\System\nmnaGcW.exe
  2⤵
  PID:12212
- C:\Windows\System\xJbgbiG.exe
  C:\Windows\System\xJbgbiG.exe
  2⤵
  PID:14524
- C:\Windows\System\qWTauLt.exe
  C:\Windows\System\qWTauLt.exe
  2⤵
  PID:11432
- C:\Windows\System\yLAprrU.exe
  C:\Windows\System\yLAprrU.exe
  2⤵
  PID:10476
- C:\Windows\System\TQYXgnU.exe
  C:\Windows\System\TQYXgnU.exe
  2⤵
  PID:11748
- C:\Windows\System\QQeSFBn.exe
  C:\Windows\System\QQeSFBn.exe
  2⤵
  PID:10404
- C:\Windows\System\qJDwTjh.exe
  C:\Windows\System\qJDwTjh.exe
  2⤵
  PID:12120
- C:\Windows\System\EXJnbmr.exe
  C:\Windows\System\EXJnbmr.exe
  2⤵
  PID:10972
- C:\Windows\System\DcIPsXS.exe
  C:\Windows\System\DcIPsXS.exe
  2⤵
  PID:1184
- C:\Windows\System\amqAYcB.exe
  C:\Windows\System\amqAYcB.exe
  2⤵
  PID:5744
- C:\Windows\System\SJTDaGM.exe
  C:\Windows\System\SJTDaGM.exe
  2⤵
  PID:12844
- C:\Windows\System\HvpEqBk.exe
  C:\Windows\System\HvpEqBk.exe
  2⤵
  PID:3712
- C:\Windows\System\LDEkDth.exe
  C:\Windows\System\LDEkDth.exe
  2⤵
  PID:15648
- C:\Windows\System\mzJTXCC.exe
  C:\Windows\System\mzJTXCC.exe
  2⤵
  PID:10916
- C:\Windows\System\UejcZGi.exe
  C:\Windows\System\UejcZGi.exe
  2⤵
  PID:10540
- C:\Windows\System\uWsZESG.exe
  C:\Windows\System\uWsZESG.exe
  2⤵
  PID:12464
- C:\Windows\System\ovUDmsq.exe
  C:\Windows\System\ovUDmsq.exe
  2⤵
  PID:10612
- C:\Windows\System\HmxJVsa.exe
  C:\Windows\System\HmxJVsa.exe
  2⤵
  PID:13156
- C:\Windows\System\dBPRMRb.exe
  C:\Windows\System\dBPRMRb.exe
  2⤵
  PID:15852
- C:\Windows\System\bzmNUTG.exe
  C:\Windows\System\bzmNUTG.exe
  2⤵
  PID:11364
- C:\Windows\System\BLlwpUF.exe
  C:\Windows\System\BLlwpUF.exe
  2⤵
  PID:9360
- C:\Windows\System\GXMuwYO.exe
  C:\Windows\System\GXMuwYO.exe
  2⤵
  PID:11968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:12600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l5pvnhgp.ljc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\GrNcjmX.exe

Filesize
1.6MB

MD5
a8865ff3137df8f3f113e911f0c90863

SHA1
22931a999adb4165568234775283c8f6b68556a1

SHA256
16231c652af03274139c95cf55fc56018b0f411e2f04383108c4a9688d1773f1

SHA512
678a3c94b2354c0cdf0525f08bb499de17baba0582a4e0dd3a884f029eff67b0ebec6b33736c36630a1502f9e2d9c69c624525823df7bc1f2e9955344869f862

Download Submit
C:\Windows\System\IpxCvGh.exe

Filesize
1.6MB

MD5
b341f3a422a18fc9041b5121e9f4c43a

SHA1
e00209f604e1e5f195ae67d6f668b8b0c6c6c4f6

SHA256
aeee364f6f6f6a0cb55e954549d77a6e12e662a61d58d16ca224d91166a6639c

SHA512
0de70ca6e19b692d5138aff58759ec6c3bd568ee98a96d0ea3eeb32884eb62f58bbd77aa02014af25ec6fa1721269527f070586d8892fd2e238284eabd9fff48

Download Submit
C:\Windows\System\JWdgDGM.exe

Filesize
1.6MB

MD5
08a41412843a4e81f81b8d350f40508b

SHA1
cf7947bdfbba801605f5bbf708366af81d45db75

SHA256
a01d8d92568a959a9f5d8344943460285018b492c39ed94682e4a98cbd54881a

SHA512
1eca1e4ede4e0c1175bff1e1ee3ec4bece60713f3263b8bba94bbcb917b7b61e53d0f14f0772a44f4555264b7bea8a4b8d4cf7a5ea4624c7175e5f6967c82b76

Download Submit
C:\Windows\System\LGyOgGr.exe

Filesize
1.6MB

MD5
427e1b70a57528d52d99136a00d9e013

SHA1
c0a782962201799ea7187d6f9479534b1709d77b

SHA256
b43b975f428dd1c1b6ba0f67ec71c27f7f73202649bbc326eccf1387f5d1f29a

SHA512
77251179cbf69f5799966caf413ad7e3e56fa8722f57208113378a89391f2f41f850c257c173e7def6083b0ea166738a865065b6fe9f5dd23374fe487e1a5b35

Download Submit
C:\Windows\System\LyuGuFs.exe

Filesize
1.6MB

MD5
6b5ca9a9f7ef931e2db350fa5e6b4cd4

SHA1
6f8740d800f77a88a1537b3296a01c89ccdd0970

SHA256
1493f2d87c3493d2484277926cd19ac36384b00e742eb16ca3ee2146760137ec

SHA512
ce30c732f56585dcee32f8a38996c9e1daf3b7ea3668aab0fbf9b2ed7485fb1ff0c5ead017ca3c56cd4557855adf1896928bb8ae3ef2f100f5260e2d57f7413c

Download Submit
C:\Windows\System\MhWeBIa.exe

Filesize
1.6MB

MD5
69f6a918614ac3240dde95e7cfd639ff

SHA1
0724e43b5775960dc59446d6e628b2e4a147de8c

SHA256
e9c52583f57f18a437a990c1a777c591f99e71f2388827f94fe5a8c54b2d835d

SHA512
e33e9e332500c85571a59c4c4118ebb95ce2e2dd6b88e5f05b7d991589f6b1120e5fe9d1cd21161c4e1bcaf377417abdc4320e8fb074c86209930ded2304afc5

Download Submit
C:\Windows\System\OgpOZmC.exe

Filesize
1.6MB

MD5
49bc6007150fc94eaced49273b73bf0b

SHA1
38f77b3bdc48d4cf4f6e22b87e7f82e02f480343

SHA256
5c9bdbc9f2a127aa45f221547669f6a937e73f8962f7dd5a72a06e1efa97a7e4

SHA512
0db29d178702793b0d09b886048c1c2b9e2bddfa9b77f881324446bae8ab266dcc370a179934e0d12fa22ad49186b27dd5c30ce80ec07dd6a926a37baeb7675e

Download Submit
C:\Windows\System\PuYQHnu.exe

Filesize
1.6MB

MD5
bd8f9684c415e3b4b913435e7d58cb9e

SHA1
afd176f51e571b35856ef4b3ceb4cda3a6731343

SHA256
8337ecbf69bc28a1f25b68586054f6e983bcf0f4666f5a901ba6221824a54fce

SHA512
eee75ef7d885169ea0531339a19107ff034ce9914cadbb670b467f107591d88151db67b00fc0ec93851f76a0a1cb517702ded93ca7e26742dced695154284409

Download Submit
C:\Windows\System\QTtcBIu.exe

Filesize
1.6MB

MD5
d4748826a025a2e94c4b72b7eec31518

SHA1
d439351fb561b1e3d476fca66d9ee5548da0e4c0

SHA256
556a5ea24aec4fcdc4ce09c08e7c20cf3b1b24992e00b8d7330b7df8f3a660f8

SHA512
73239cac02ea5eee92eb6b872bcb3e289edddc57a613e53c6ba6b1a7d8988fa24f9286e4a89c4a048c00c02e3157b718d8d010ba4ce4d1d587f04301d0e1bf2e

Download Submit
C:\Windows\System\SlUatWn.exe

Filesize
1.6MB

MD5
64300982e38aacd33e9527271b212b8a

SHA1
e187a1118be4837a9d7758cf688a568564e45892

SHA256
b83211d06f7271c1f5b86a9920aec5b46302d957d7f1496fa51d4e1b4ce5b4a1

SHA512
20b7b836789b0c878e73cb12672a512582730834ddbfd7b4c72aa0a6c828f415c6f7cb2b8167f34ae8df3d7b5e591f3fd376d98d4d80e70bbd06b6334c0c1b68

Download Submit
C:\Windows\System\TXEfplK.exe

Filesize
1.6MB

MD5
26c9af222afec4c666975cf9600d30d8

SHA1
2df5fe7e6195b5415d9224e65b898e24f6212c4e

SHA256
7b25e2d71dcdbe5a12145f13cbc590cb2081ddf3bb4cf0263f9a39161c330b65

SHA512
c0ca2876f7dfcb3732bd07355fb77ddde49af8b2e1564e1eac27042e6a968e79a7953a4318544153e4a2e53c63e623ec881573d30f79a23d9222b0481c1ac6a4

Download Submit
C:\Windows\System\UYvrIQz.exe

Filesize
1.6MB

MD5
2a73fae6963a07c8799572b027cce6cc

SHA1
03f2b1b5e1845442b0fe40cc66c188ef675b8f7c

SHA256
e57326de7172d0eb67dbd5e839d23b2ac932cc3033beacfb65658f90ccfd375c

SHA512
960878099bb992440b5f19072b41cf30c65f047b413aac1257cde11e6ccfd41592829f9ba96cb48c6bd4cfdae81037d4487b0f15c69bbdd1ab788b223a695fef

Download Submit
C:\Windows\System\ZipgePL.exe

Filesize
1.6MB

MD5
1ac5b57dec2b4e00fa742daaadfdf4a6

SHA1
38dc50cac73af42c5dbafef875fe3ca5096b7a7c

SHA256
c96563d119d1f30aa32c655c6b5faee238eb2b94a75c0357eb953d5a7e5e410c

SHA512
b23fe63c7dd21eed03c81c398c9cbe18a4ce554b36829718b6dba73896c28ba4df88db93e1077761baa52e07ea2e52eeff017a7ee4560f9d8d87cdaa35e95282

Download Submit
C:\Windows\System\cHIKLyd.exe

Filesize
1.6MB

MD5
2b7c63b8c89698ad88c4213a2727b5f8

SHA1
0b7fe06e4d597e46939ce65fe382f1828d56394c

SHA256
d4d04260ac3708457b66c16cf94500cecbc0ef02e0e44823b8a58d52872bff17

SHA512
cdcb29153bfdb36d83399ebc8871e7e696aeb260d790227836028a1ea0801f001f23d3559a9cf9a4b9a590e6a6fefc8957479ecf1ced5474ce545de5d5ff3d86

Download Submit
C:\Windows\System\gFARccR.exe

Filesize
1.6MB

MD5
22328c28a9313a8aff01113ab7796c44

SHA1
27a252510d2030fd361ffaaf7a35f5a642911fd8

SHA256
48dee59f7e0c2b51e4fdaa01abcd6d899c058595aa16786f0975397376aa24eb

SHA512
98d86a6390632d4f0402759d382c78a6b75c6e879b5e49d8dfecdcf4b2eb79bb9de6a32fc64223094b458fcd02546812951232e5dd72fe5d4bdf2209e0436439

Download Submit
C:\Windows\System\gKsqJwA.exe

Filesize
1.6MB

MD5
b07c03aa53ae7bc4260bf9c0489a73c0

SHA1
fdb62c4e846caade8cd28836e8f96f419bc1349a

SHA256
70ae46147d075e601194278a864a5ffa62f2f838cc17b7437be46f688a321b55

SHA512
f91c5b281ca19c6e8604a78683f66a00adfc3df0b536076f028cd2442562d879de3e462868fa71d1207a017b78c7393edb6b4d4e467d4cad31808f79f959018f

Download Submit
C:\Windows\System\gcqpuJP.exe

Filesize
1.6MB

MD5
60e50d89145435a0566d4253e43dd361

SHA1
d4c6e7c039d2ccf6c95669e291ac6e3e3af61bd8

SHA256
9cba218a6411dde3593685560b1b9a048e4a0494e12b658be435fa53b6e617cd

SHA512
6a187e4a420f57ede26fe5c96438ff40e7b9cf93b2b17a9e04fc3c9399e27d96398acc68d38069dc65a1cc6b4e8c1e9317f786ae2dc7a4021c543a6ee8387201

Download Submit
C:\Windows\System\goqdncO.exe

Filesize
1.6MB

MD5
bd149f1c94441778705d60dea70735eb

SHA1
ced41ff1b86eda1885f607199585235e43d07aea

SHA256
454c91adc1888f46a6c287d961ad04eb91869475012dba3da41b15dfc3208909

SHA512
f234879504f2265ad6bbe1c0799da9a510f7c9d8c5921e29b71f854b4d6aa20b2b32d65956f5c45c1e4dbeaadda2b331c71cc624525ce9b2a5cbe731164abfec

Download Submit
C:\Windows\System\gyikEBc.exe

Filesize
1.6MB

MD5
b873ab24437990d584286f6640436167

SHA1
bd6cf0daeb70d1c0159928f99a67946ab7f7c270

SHA256
110082012d2b6dd76b06b30a9bc5f0a3392ca0627d395c5f8cfb460046a74c9b

SHA512
56230950e2f48f8bab0ccda7fdb9deced3d16599e14aa11b8f18df6fbe9ac6eddb660f382aac839a461fcd227e2ffcba8863494b800e18a4ffdb3fe684633104

Download Submit
C:\Windows\System\jQDqGmp.exe

Filesize
1.6MB

MD5
5c7bc70c0303bcfdf0dacffb936f3837

SHA1
cbbcc06503e4c0033c19daf7f75d526da5292867

SHA256
ac554e7ceb2cb468b6b37b7819f381d83846430bccdf5f3eed00431426282201

SHA512
a370f0937b53870b5818a94410187247a1c5693ab803f1c8fc5052e6f6e41bd80838869db27c976cd3952cf3aaf399e2177364503e98b7af48410e247dcac097

Download Submit
C:\Windows\System\nRXGipR.exe

Filesize
1.6MB

MD5
89fa0f9adaebb4b381685a02710e0234

SHA1
c07e67719805ec3c226504f2171ff875abafae01

SHA256
e36de1c3141028c57d962f1c3866d0b78d5cd98489811d1693f372cc7b7b6d5b

SHA512
7587a91889ac2d3bb012481bebc73a083f039e6227726ebe736e31001813df427202d123d0f99664e3f7e865b0883509cbac0f511a1f518d0372f5f7ec59e9bc

Download Submit
C:\Windows\System\nzAPjDg.exe

Filesize
1.6MB

MD5
bf138137d340bef82567b43ca5649def

SHA1
578fac0cf1896d65c0e508aa46cadd6c39fa22f5

SHA256
f7947804ca4470600e3e7404c745367788da0144b5ce1ba5cb1c59067d20b35c

SHA512
d68a4b90abed971376ab05fb904125fc61b65114bea203acd25be073e7e7f2790a91a5aacb3398d615ba6dbffb3f2f1528129119219aba0e6920bbe48492683d

Download Submit
C:\Windows\System\oQUDCHu.exe

Filesize
1.6MB

MD5
aff997908e696ec603c54e72b7750898

SHA1
fb649bf967b6ecf6350cd8c42fec8f1556cee4be

SHA256
578102f13d120422e179b114f691572401451314c69fca688f788005fd205b26

SHA512
92eb2cc4c95fdcbe184f8dfacdffc7148b13813b366cccbf745c819c8511decec65994db38c7f4ba3e747e3781bf609e859361f6e4d4a92efb822e59a47ef148

Download Submit
C:\Windows\System\qkqBLOb.exe

Filesize
1.6MB

MD5
0e42185a496b18ffb8263cdb77767cfd

SHA1
205ead23b39e45aca59e897ef00ea995c9ddeeaf

SHA256
6c9d6869543c9b5614f85f7f4684d2d57e2ce549d0599b0e19227e460e0d307c

SHA512
d7a2ad2c3221729bbd84413df4751b13a7af823a76e43509863d572ee737d91f59c37b9ecdf246b6256d4463bacd8930a31a48988a75a82abfea79d1f5dd5db1

Download Submit
C:\Windows\System\qlsueOb.exe

Filesize
1.6MB

MD5
de77c8421e31933944cb1f85d502407d

SHA1
e8d971ca9a872703c67c1b382475c93aa5e9d345

SHA256
08fa334d34dbc6a3db8f5f2949d8c52ca6c0fbfcb66d2581c72d662844e6bab6

SHA512
5fcca34b86988e16a7696a3960531c799ea82c8e0d3706833a15206f0d5d897b43a1b0e580edbeb941f55aa3fae58e611d03da5c56705c0bf9a96fc97f6eb8e8

Download Submit
C:\Windows\System\quCGyPw.exe

Filesize
1.6MB

MD5
a6f045f7b6c5a11bcc9776cc9b7bf0a7

SHA1
ba1bd7219512d18d234d871bad4c677d36ed308f

SHA256
cf404921842f81929e4a08651b8d39a5141659e716b4e341c81a18629974b03e

SHA512
e89eb194acd06b12026038e985af8aa8ebb02379a4d0bfa69a971e4c6a2b0fc0a83aec7773069db2bbbf5bef822ae02b0f93abe812730b0bb647a483770ea86e

Download Submit
C:\Windows\System\tPPKjKS.exe

Filesize
1.6MB

MD5
a2d46b1ccd3a7dc9bfd5fd9b96fba283

SHA1
0ad8da6ea071885a6392a2bf60af0e8634c286a4

SHA256
45cafadce9499d3e5d588b352aef52ed9e5fdd42e1962c67c89650f80effdcaa

SHA512
a2411ac29ac9824af16b347b1d0491516a84007e846c0853050c5fbd636219365c4fddc592aea143d06bcf70e6c0897629168ff4a1b066de1b279153b21f2787

Download Submit
C:\Windows\System\tQLHcGm.exe

Filesize
1.6MB

MD5
c1b73fbb3b0959187c4b3f9615acd9c4

SHA1
b7a48dbf33528fb10ecb2450fdf2c3ab2441217f

SHA256
cd7d07e3f7071e47ac253df4950d9a3624e056614f9dc76e8b07dec50597b113

SHA512
47e91b348c0510545a465a90614c1afd12b63f35c58c21820affe25ad32a14062be20aef5d6bddceb499b952abdb037ec2ba2ea7a399b6d84b6518f29bec1e07

Download Submit
C:\Windows\System\trKELTW.exe

Filesize
1.6MB

MD5
acb3e8c159d66f5f1299c3f23b29acd0

SHA1
66386c3642e0d3cde62a776fff3a5e9dd75635d4

SHA256
a6ede5456bebdde65b61545d747edaf25cb060fb0c5289cad4773c589a638b51

SHA512
007b099485d032af157b713b01149305ac68ea7e26613a9d66c826ef55533c09e79fc564aad8216708c3e0c28d778b687f9701d4f18211f095306e179447a184

Download Submit
C:\Windows\System\wbiomjt.exe

Filesize
1.6MB

MD5
3eb1e7c4e50b0904c66908af098b42ca

SHA1
1d951def0883d28ca667a1b796c61e4a3ff6748d

SHA256
c681b5de5b8f91c55733240d9e39391ef22cf83c2cf9dd135674e80643682695

SHA512
59aff009fec55dec8a703dc97ae97053a0bae70924091a0f99e4a7283704a7a762cac75fc0bf5d590b298ab0df604e3d198d8188e4a8bbe161cbf05569523d81

Download Submit
C:\Windows\System\wkYuwgC.exe

Filesize
1.6MB

MD5
8b29d298392f5c6ed2995e30c521e8bc

SHA1
31f617acc31d9425fa779e9a6dde22f56a604be6

SHA256
ba20954f2d803568818b3f7672918c561fb55ccce3b5a36835d07a4098de24a3

SHA512
6bc8dbeb9a46d053c39a44bd751c2d5f81ef7f657576b5343d7945a96ebc2174c2ef541c206da525ec846847a87b7727e87624bbf234a4c085b717d0a320e262

Download Submit
C:\Windows\System\yVInzMp.exe

Filesize
1.6MB

MD5
674e2a28fb7a0b2e9d8a4190393b518e

SHA1
25c279ad0664db28bb27299bd1786b31f1f90020

SHA256
51fcbce32e1f0fae3d78a23b8710374ee5fd1b505cf008b4e93734275fb2bf6c

SHA512
2846841a5a38f6eab80a779142f5c10784120b1f407c4b99f90640b26d82716c0834b93510dcd053c3674277fe7070dc34e73062210342af5af8e12fde3256c0

Download Submit
C:\Windows\System\zCIvSON.exe

Filesize
1.6MB

MD5
76554d7871160772ae516d88af86d021

SHA1
0809bca5fc784e34b6dfd156d5277c470637bb95

SHA256
996caef7dbaaca89f7060c37a464255746977eb3c08b9af215d5d6f9b5f37701

SHA512
b1a3627cbbf441c62f169b3bf22fd8643ade05e8626a62adcb43d90088b4c4925e02f008ede87dc5c99a26a2f37718d2d20387bf333b389cc014566ae1ef9171

Download Submit
memory/312-1706-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp

Filesize
3.9MB

Download
memory/312-62-0x00007FF61CC30000-0x00007FF61D022000-memory.dmp

Filesize
3.9MB

Download
memory/624-275-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp

Filesize
3.9MB

Download
memory/624-66-0x00007FF7AEC10000-0x00007FF7AF002000-memory.dmp

Filesize
3.9MB

Download
memory/1328-86-0x00007FF666140000-0x00007FF666532000-memory.dmp

Filesize
3.9MB

Download
memory/1424-64-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp

Filesize
3.9MB

Download
memory/1424-1699-0x00007FF798F00000-0x00007FF7992F2000-memory.dmp

Filesize
3.9MB

Download
memory/1612-299-0x00007FF691450000-0x00007FF691842000-memory.dmp

Filesize
3.9MB

Download
memory/1612-2055-0x00007FF691450000-0x00007FF691842000-memory.dmp

Filesize
3.9MB

Download
memory/1772-87-0x00007FF760DA0000-0x00007FF761192000-memory.dmp

Filesize
3.9MB

Download
memory/1820-274-0x00007FF712A80000-0x00007FF712E72000-memory.dmp

Filesize
3.9MB

Download
memory/1820-65-0x00007FF712A80000-0x00007FF712E72000-memory.dmp

Filesize
3.9MB

Download
memory/1964-2038-0x00007FF6A84C0000-0x00007FF6A88B2000-memory.dmp

Filesize
3.9MB

Download
memory/1964-140-0x00007FF6A84C0000-0x00007FF6A88B2000-memory.dmp

Filesize
3.9MB

Download
memory/2052-115-0x00007FF778310000-0x00007FF778702000-memory.dmp

Filesize
3.9MB

Download
memory/2052-2005-0x00007FF778310000-0x00007FF778702000-memory.dmp

Filesize
3.9MB

Download
memory/2068-2012-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp

Filesize
3.9MB

Download
memory/2068-146-0x00007FF694BA0000-0x00007FF694F92000-memory.dmp

Filesize
3.9MB

Download
memory/2148-56-0x00007FFAE92C0000-0x00007FFAE9D81000-memory.dmp

Filesize
10.8MB

Download
memory/2148-157-0x00007FFAE92C3000-0x00007FFAE92C5000-memory.dmp

Filesize
8KB

Download
memory/2148-136-0x00007FFAE92C0000-0x00007FFAE9D81000-memory.dmp

Filesize
10.8MB

Download
memory/2148-67-0x00007FFAE92C0000-0x00007FFAE9D81000-memory.dmp

Filesize
10.8MB

Download
memory/2148-60-0x00007FFAE92C0000-0x00007FFAE9D81000-memory.dmp

Filesize
10.8MB

Download
memory/2148-282-0x00007FFAE92C0000-0x00007FFAE9D81000-memory.dmp

Filesize
10.8MB

Download
memory/2148-191-0x000001D5BCA80000-0x000001D5BD226000-memory.dmp

Filesize
7.6MB

Download
memory/2148-20-0x000001D5A3380000-0x000001D5A33A2000-memory.dmp

Filesize
136KB

Download
memory/2148-9-0x00007FFAE92C3000-0x00007FFAE92C5000-memory.dmp

Filesize
8KB

Download
memory/2612-156-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp

Filesize
3.9MB

Download
memory/2612-2047-0x00007FF6CCB60000-0x00007FF6CCF52000-memory.dmp

Filesize
3.9MB

Download
memory/2636-124-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp

Filesize
3.9MB

Download
memory/2636-2039-0x00007FF65D9C0000-0x00007FF65DDB2000-memory.dmp

Filesize
3.9MB

Download
memory/3092-61-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp

Filesize
3.9MB

Download
memory/3092-1704-0x00007FF6E8EA0000-0x00007FF6E9292000-memory.dmp

Filesize
3.9MB

Download
memory/3148-1-0x00000200CC150000-0x00000200CC160000-memory.dmp

Filesize
64KB

Download
memory/3148-0-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp

Filesize
3.9MB

Download
memory/3148-121-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp

Filesize
3.9MB

Download
memory/3148-257-0x00007FF7B1510000-0x00007FF7B1902000-memory.dmp

Filesize
3.9MB

Download
memory/3400-153-0x00007FF770630000-0x00007FF770A22000-memory.dmp

Filesize
3.9MB

Download
memory/3400-2029-0x00007FF770630000-0x00007FF770A22000-memory.dmp

Filesize
3.9MB

Download
memory/3600-96-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp

Filesize
3.9MB

Download
memory/3600-684-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp

Filesize
3.9MB

Download
memory/3600-2007-0x00007FF63A1F0000-0x00007FF63A5E2000-memory.dmp

Filesize
3.9MB

Download
memory/3724-149-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp

Filesize
3.9MB

Download
memory/3724-2046-0x00007FF63CD40000-0x00007FF63D132000-memory.dmp

Filesize
3.9MB

Download
memory/4348-114-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2008-0x00007FF7E9AD0000-0x00007FF7E9EC2000-memory.dmp

Filesize
3.9MB

Download
memory/4400-1681-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp

Filesize
3.9MB

Download
memory/4400-58-0x00007FF7FDF00000-0x00007FF7FE2F2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-1708-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-59-0x00007FF61FDF0000-0x00007FF6201E2000-memory.dmp

Filesize
3.9MB

Download
memory/4676-8-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp

Filesize
3.9MB

Download
memory/4676-131-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp

Filesize
3.9MB

Download
memory/4676-1682-0x00007FF6A1390000-0x00007FF6A1782000-memory.dmp

Filesize
3.9MB

Download
memory/4748-2009-0x00007FF643590000-0x00007FF643982000-memory.dmp

Filesize
3.9MB

Download
memory/4748-111-0x00007FF643590000-0x00007FF643982000-memory.dmp

Filesize
3.9MB

Download
memory/4908-88-0x00007FF641240000-0x00007FF641632000-memory.dmp

Filesize
3.9MB

Download
memory/4976-158-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp

Filesize
3.9MB

Download
memory/4976-2041-0x00007FF7DE7D0000-0x00007FF7DEBC2000-memory.dmp

Filesize
3.9MB

Download
memory/5064-63-0x00007FF659E80000-0x00007FF65A272000-memory.dmp

Filesize
3.9MB

Download
memory/5064-1701-0x00007FF659E80000-0x00007FF65A272000-memory.dmp

Filesize
3.9MB

Download