xmrig | 872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
Size

1.7MB
MD5

f020769b01e079c05ba21885fad0da2b
SHA1

2b9ac6aeeb7e0720388b27b21f3e87cc8c59261f
SHA256

872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29
SHA512

4516bffe8e19679e661526f9f4a926a9b3c2c029f542b40122eae9b733bcc1ea16ce34a45e979da9f0a087f8603c59e8b167e103bbe11b2679111eb927345a93
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7K6WefmedkVoMCr2:Lz071uv4BPMkyW10/w16BvZuaXj2

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 48 IoCs

resource	yara_rule
behavioral2/memory/2704-125-0x00007FF70B190000-0x00007FF70B582000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4928-137-0x00007FF673480000-0x00007FF673872000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4260-179-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3236-196-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2268-185-0x00007FF719500000-0x00007FF7198F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1188-173-0x00007FF781610000-0x00007FF781A02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3716-167-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4488-161-0x00007FF730A80000-0x00007FF730E72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3884-155-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3248-149-0x00007FF6365A0000-0x00007FF636992000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4252-143-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4640-131-0x00007FF619570000-0x00007FF619962000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1536-119-0x00007FF635860000-0x00007FF635C52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2080-113-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1676-102-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/224-98-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3672-94-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5004-88-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1160-85-0x00007FF60C160000-0x00007FF60C552000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/716-79-0x00007FF650580000-0x00007FF650972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3984-65-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1852-49-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4236-25-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3688-3367-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3984-3892-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/716-3896-0x00007FF650580000-0x00007FF650972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/224-3895-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1852-3894-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4236-3888-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1676-3902-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2080-3944-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2704-3948-0x00007FF70B190000-0x00007FF70B582000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3672-3967-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4252-3986-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2268-4019-0x00007FF719500000-0x00007FF7198F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3236-4027-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4260-4016-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1188-4014-0x00007FF781610000-0x00007FF781A02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4488-4011-0x00007FF730A80000-0x00007FF730E72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3716-4009-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3884-3999-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4928-3996-0x00007FF673480000-0x00007FF673872000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3248-3983-0x00007FF6365A0000-0x00007FF636992000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4640-3968-0x00007FF619570000-0x00007FF619962000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1536-3946-0x00007FF635860000-0x00007FF635C52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1160-3901-0x00007FF60C160000-0x00007FF60C552000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5004-3899-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3688-4575-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/208-0-0x00007FF79DB00000-0x00007FF79DEF2000-memory.dmp	UPX
behavioral2/files/0x000700000002341e-6.dat	UPX
behavioral2/files/0x0008000000023419-9.dat	UPX
behavioral2/files/0x000700000002341f-30.dat	UPX
behavioral2/files/0x0007000000023421-38.dat	UPX
behavioral2/files/0x0007000000023424-52.dat	UPX
behavioral2/files/0x0007000000023426-57.dat	UPX
behavioral2/files/0x0007000000023427-66.dat	UPX
behavioral2/files/0x000700000002342a-89.dat	UPX
behavioral2/files/0x0008000000023429-95.dat	UPX
behavioral2/files/0x000700000002342b-105.dat	UPX
behavioral2/memory/2704-125-0x00007FF70B190000-0x00007FF70B582000-memory.dmp	UPX
behavioral2/memory/4928-137-0x00007FF673480000-0x00007FF673872000-memory.dmp	UPX
behavioral2/files/0x0007000000023431-150.dat	UPX
behavioral2/files/0x0007000000023435-164.dat	UPX
behavioral2/memory/4260-179-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp	UPX
behavioral2/files/0x000700000002343b-199.dat	UPX
behavioral2/files/0x0007000000023439-197.dat	UPX
behavioral2/memory/3236-196-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp	UPX
behavioral2/files/0x000700000002343a-193.dat	UPX
behavioral2/files/0x0007000000023438-191.dat	UPX
behavioral2/files/0x0007000000023437-186.dat	UPX
behavioral2/memory/2268-185-0x00007FF719500000-0x00007FF7198F2000-memory.dmp	UPX
behavioral2/files/0x0007000000023436-180.dat	UPX
behavioral2/memory/1188-173-0x00007FF781610000-0x00007FF781A02000-memory.dmp	UPX
behavioral2/files/0x0007000000023434-168.dat	UPX
behavioral2/memory/3716-167-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp	UPX
behavioral2/files/0x0007000000023433-162.dat	UPX
behavioral2/memory/4488-161-0x00007FF730A80000-0x00007FF730E72000-memory.dmp	UPX
behavioral2/files/0x0007000000023432-156.dat	UPX
behavioral2/memory/3884-155-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp	UPX
behavioral2/memory/3248-149-0x00007FF6365A0000-0x00007FF636992000-memory.dmp	UPX
behavioral2/files/0x0007000000023430-144.dat	UPX
behavioral2/memory/4252-143-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp	UPX
behavioral2/files/0x000700000002342f-138.dat	UPX
behavioral2/files/0x000700000002342e-132.dat	UPX
behavioral2/memory/4640-131-0x00007FF619570000-0x00007FF619962000-memory.dmp	UPX
behavioral2/files/0x000700000002342d-126.dat	UPX
behavioral2/files/0x000700000002342c-120.dat	UPX
behavioral2/memory/1536-119-0x00007FF635860000-0x00007FF635C52000-memory.dmp	UPX
behavioral2/memory/2080-113-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp	UPX
behavioral2/files/0x0008000000023428-108.dat	UPX
behavioral2/memory/1676-102-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp	UPX
behavioral2/memory/224-98-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	UPX
behavioral2/memory/3672-94-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp	UPX
behavioral2/memory/3688-91-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	UPX
behavioral2/memory/5004-88-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp	UPX
behavioral2/files/0x000800000002341a-86.dat	UPX
behavioral2/memory/1160-85-0x00007FF60C160000-0x00007FF60C552000-memory.dmp	UPX
behavioral2/files/0x0007000000023425-80.dat	UPX
behavioral2/memory/716-79-0x00007FF650580000-0x00007FF650972000-memory.dmp	UPX
behavioral2/memory/3984-65-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	UPX
behavioral2/files/0x0007000000023423-56.dat	UPX
behavioral2/memory/1852-49-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	UPX
behavioral2/files/0x0007000000023422-48.dat	UPX
behavioral2/files/0x0007000000023420-29.dat	UPX
behavioral2/memory/4236-25-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	UPX
behavioral2/files/0x000700000002341d-22.dat	UPX
behavioral2/memory/3688-3367-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	UPX
behavioral2/memory/3984-3892-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	UPX
behavioral2/memory/716-3896-0x00007FF650580000-0x00007FF650972000-memory.dmp	UPX
behavioral2/memory/224-3895-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	UPX
behavioral2/memory/1852-3894-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	UPX
behavioral2/memory/4236-3888-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	UPX

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/2704-125-0x00007FF70B190000-0x00007FF70B582000-memory.dmp	xmrig
behavioral2/memory/4928-137-0x00007FF673480000-0x00007FF673872000-memory.dmp	xmrig
behavioral2/memory/4260-179-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp	xmrig
behavioral2/memory/3236-196-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp	xmrig
behavioral2/memory/2268-185-0x00007FF719500000-0x00007FF7198F2000-memory.dmp	xmrig
behavioral2/memory/1188-173-0x00007FF781610000-0x00007FF781A02000-memory.dmp	xmrig
behavioral2/memory/3716-167-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp	xmrig
behavioral2/memory/4488-161-0x00007FF730A80000-0x00007FF730E72000-memory.dmp	xmrig
behavioral2/memory/3884-155-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp	xmrig
behavioral2/memory/3248-149-0x00007FF6365A0000-0x00007FF636992000-memory.dmp	xmrig
behavioral2/memory/4252-143-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp	xmrig
behavioral2/memory/4640-131-0x00007FF619570000-0x00007FF619962000-memory.dmp	xmrig
behavioral2/memory/1536-119-0x00007FF635860000-0x00007FF635C52000-memory.dmp	xmrig
behavioral2/memory/2080-113-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp	xmrig
behavioral2/memory/1676-102-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp	xmrig
behavioral2/memory/224-98-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	xmrig
behavioral2/memory/3672-94-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp	xmrig
behavioral2/memory/5004-88-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp	xmrig
behavioral2/memory/1160-85-0x00007FF60C160000-0x00007FF60C552000-memory.dmp	xmrig
behavioral2/memory/716-79-0x00007FF650580000-0x00007FF650972000-memory.dmp	xmrig
behavioral2/memory/3984-65-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	xmrig
behavioral2/memory/1852-49-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	xmrig
behavioral2/memory/4236-25-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	xmrig
behavioral2/memory/3688-3367-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	xmrig
behavioral2/memory/3984-3892-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	xmrig
behavioral2/memory/716-3896-0x00007FF650580000-0x00007FF650972000-memory.dmp	xmrig
behavioral2/memory/224-3895-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	xmrig
behavioral2/memory/1852-3894-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	xmrig
behavioral2/memory/4236-3888-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	xmrig
behavioral2/memory/1676-3902-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp	xmrig
behavioral2/memory/2080-3944-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp	xmrig
behavioral2/memory/2704-3948-0x00007FF70B190000-0x00007FF70B582000-memory.dmp	xmrig
behavioral2/memory/3672-3967-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp	xmrig
behavioral2/memory/4252-3986-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp	xmrig
behavioral2/memory/2268-4019-0x00007FF719500000-0x00007FF7198F2000-memory.dmp	xmrig
behavioral2/memory/3236-4027-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp	xmrig
behavioral2/memory/4260-4016-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp	xmrig
behavioral2/memory/1188-4014-0x00007FF781610000-0x00007FF781A02000-memory.dmp	xmrig
behavioral2/memory/4488-4011-0x00007FF730A80000-0x00007FF730E72000-memory.dmp	xmrig
behavioral2/memory/3716-4009-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp	xmrig
behavioral2/memory/3884-3999-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp	xmrig
behavioral2/memory/4928-3996-0x00007FF673480000-0x00007FF673872000-memory.dmp	xmrig
behavioral2/memory/3248-3983-0x00007FF6365A0000-0x00007FF636992000-memory.dmp	xmrig
behavioral2/memory/4640-3968-0x00007FF619570000-0x00007FF619962000-memory.dmp	xmrig
behavioral2/memory/1536-3946-0x00007FF635860000-0x00007FF635C52000-memory.dmp	xmrig
behavioral2/memory/1160-3901-0x00007FF60C160000-0x00007FF60C552000-memory.dmp	xmrig
behavioral2/memory/5004-3899-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp	xmrig
behavioral2/memory/3688-4575-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
10	1000	powershell.exe
12	1000	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1000	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
224	xBUuuUH.exe
4236	Lzjkwli.exe
1852	XUswyMV.exe
3984	wyhhUDW.exe
716	hdyURsH.exe
1676	rJopfqD.exe
1160	jhllbGz.exe
2080	zYpfxRK.exe
5004	EKgvVuT.exe
1536	bzqFWVi.exe
3688	pDOOsxI.exe
2704	eyyctGu.exe
3672	qbxHiFm.exe
4640	AhZayWa.exe
4252	REtrPPu.exe
3248	vYeVElB.exe
4928	GnRNqVL.exe
3884	HjkAFin.exe
4488	wmXyvmF.exe
3716	LhvlmLX.exe
1188	RoFVtRE.exe
4260	CbKQOuv.exe
2268	eEXXbpT.exe
3236	twFzpTG.exe
1004	SElZuob.exe
2064	ozlqAuj.exe
1196	pTPpvTs.exe
5032	uiKMmEV.exe
4776	AYfwHku.exe
4308	TirAtGK.exe
2008	aVzQxVj.exe
2524	UqbVeEy.exe
2132	xXAmiBE.exe
4840	TAAEijx.exe
2684	ryShaRt.exe
4496	kolkIIh.exe
4712	zGPSTFF.exe
4820	MYlwBwo.exe
1624	ofaavai.exe
4356	tsRGWJs.exe
4796	HCpYQMq.exe
1820	awCCoME.exe
3244	BEKNuWt.exe
2844	ekrrZGL.exe
4012	xeHEHaB.exe
4988	mKcLied.exe
1084	JqUsatr.exe
1044	mUgblmJ.exe
604	jVXDHPx.exe
316	InDOjun.exe
952	njqZeAY.exe
1824	lCJUlGr.exe
2592	MtviEvZ.exe
4092	JIlyeOR.exe
1756	QswHUYl.exe
4396	SWpGcwm.exe
2220	TwnPEPy.exe
384	pUFCRMz.exe
2468	EhvvQwo.exe
4148	ksNxUwa.exe
2636	upmGueL.exe
4452	eWVuuHf.exe
4908	IFbtqQk.exe
1268	IkufDWy.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/208-0-0x00007FF79DB00000-0x00007FF79DEF2000-memory.dmp	upx
behavioral2/files/0x000700000002341e-6.dat	upx
behavioral2/files/0x0008000000023419-9.dat	upx
behavioral2/files/0x000700000002341f-30.dat	upx
behavioral2/files/0x0007000000023421-38.dat	upx
behavioral2/files/0x0007000000023424-52.dat	upx
behavioral2/files/0x0007000000023426-57.dat	upx
behavioral2/files/0x0007000000023427-66.dat	upx
behavioral2/files/0x000700000002342a-89.dat	upx
behavioral2/files/0x0008000000023429-95.dat	upx
behavioral2/files/0x000700000002342b-105.dat	upx
behavioral2/memory/2704-125-0x00007FF70B190000-0x00007FF70B582000-memory.dmp	upx
behavioral2/memory/4928-137-0x00007FF673480000-0x00007FF673872000-memory.dmp	upx
behavioral2/files/0x0007000000023431-150.dat	upx
behavioral2/files/0x0007000000023435-164.dat	upx
behavioral2/memory/4260-179-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp	upx
behavioral2/files/0x000700000002343b-199.dat	upx
behavioral2/files/0x0007000000023439-197.dat	upx
behavioral2/memory/3236-196-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp	upx
behavioral2/files/0x000700000002343a-193.dat	upx
behavioral2/files/0x0007000000023438-191.dat	upx
behavioral2/files/0x0007000000023437-186.dat	upx
behavioral2/memory/2268-185-0x00007FF719500000-0x00007FF7198F2000-memory.dmp	upx
behavioral2/files/0x0007000000023436-180.dat	upx
behavioral2/memory/1188-173-0x00007FF781610000-0x00007FF781A02000-memory.dmp	upx
behavioral2/files/0x0007000000023434-168.dat	upx
behavioral2/memory/3716-167-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp	upx
behavioral2/files/0x0007000000023433-162.dat	upx
behavioral2/memory/4488-161-0x00007FF730A80000-0x00007FF730E72000-memory.dmp	upx
behavioral2/files/0x0007000000023432-156.dat	upx
behavioral2/memory/3884-155-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp	upx
behavioral2/memory/3248-149-0x00007FF6365A0000-0x00007FF636992000-memory.dmp	upx
behavioral2/files/0x0007000000023430-144.dat	upx
behavioral2/memory/4252-143-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp	upx
behavioral2/files/0x000700000002342f-138.dat	upx
behavioral2/files/0x000700000002342e-132.dat	upx
behavioral2/memory/4640-131-0x00007FF619570000-0x00007FF619962000-memory.dmp	upx
behavioral2/files/0x000700000002342d-126.dat	upx
behavioral2/files/0x000700000002342c-120.dat	upx
behavioral2/memory/1536-119-0x00007FF635860000-0x00007FF635C52000-memory.dmp	upx
behavioral2/memory/2080-113-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp	upx
behavioral2/files/0x0008000000023428-108.dat	upx
behavioral2/memory/1676-102-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp	upx
behavioral2/memory/224-98-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	upx
behavioral2/memory/3672-94-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp	upx
behavioral2/memory/3688-91-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	upx
behavioral2/memory/5004-88-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp	upx
behavioral2/files/0x000800000002341a-86.dat	upx
behavioral2/memory/1160-85-0x00007FF60C160000-0x00007FF60C552000-memory.dmp	upx
behavioral2/files/0x0007000000023425-80.dat	upx
behavioral2/memory/716-79-0x00007FF650580000-0x00007FF650972000-memory.dmp	upx
behavioral2/memory/3984-65-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	upx
behavioral2/files/0x0007000000023423-56.dat	upx
behavioral2/memory/1852-49-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	upx
behavioral2/files/0x0007000000023422-48.dat	upx
behavioral2/files/0x0007000000023420-29.dat	upx
behavioral2/memory/4236-25-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	upx
behavioral2/files/0x000700000002341d-22.dat	upx
behavioral2/memory/3688-3367-0x00007FF6645A0000-0x00007FF664992000-memory.dmp	upx
behavioral2/memory/3984-3892-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp	upx
behavioral2/memory/716-3896-0x00007FF650580000-0x00007FF650972000-memory.dmp	upx
behavioral2/memory/224-3895-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp	upx
behavioral2/memory/1852-3894-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp	upx
behavioral2/memory/4236-3888-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FuIFNFX.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\DNQvCSS.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KHEegbb.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\WDOVqwF.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\phQaTUX.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\LIHdpfU.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\Upewlur.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\jTYHXyv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\hBvWliq.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\DikOluy.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\UCwYNjG.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\wemzsYw.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\FWkajHN.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\AyfHPct.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\mZFxaDu.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\nfLcave.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KPCsPGm.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\CwxejKH.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\tKJNTLr.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\QLosvNp.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\xQSaerv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\hFkbBUE.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\efZaOpJ.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\QMlirII.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\IZvJgdv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\cXsMpGi.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\FjRWzvx.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\WbZTJyA.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\MmuitXX.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\izlXITq.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\kCFjoGz.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\GyiCpTa.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\hyUhgNI.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\TzumBUt.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\kqafoHy.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\BQEhaYt.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\AFcntuG.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\sALnxQf.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\CAzeOmw.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\PiEkuNR.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\VHOdCBB.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\TLiIFOn.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\kIerPPE.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\tfOYHgD.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\iPhzCnu.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\JTnauIg.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\hRUhRcv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\BxNRQGN.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\MkSYGkq.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\kcpolNp.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\cEtUbxr.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\bfwLFxg.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\boAuCLf.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ECvxfNQ.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\lpWSNSI.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ZTFBZux.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ooYIhWZ.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\SpgNrLO.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\aQKVWdK.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\HnNYGmK.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\diuuSuY.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\UuVEmMX.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KQmhWnN.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\vMuBkYs.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1000	powershell.exe
1000	powershell.exe
1000	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1000	powershell.exe
Token: SeLockMemoryPrivilege	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
Token: SeLockMemoryPrivilege	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 1000	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	84
PID 208 wrote to memory of 1000	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	84
PID 208 wrote to memory of 4236	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	85
PID 208 wrote to memory of 4236	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	85
PID 208 wrote to memory of 224	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	86
PID 208 wrote to memory of 224	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	86
PID 208 wrote to memory of 1852	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	87
PID 208 wrote to memory of 1852	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	87
PID 208 wrote to memory of 3984	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	88
PID 208 wrote to memory of 3984	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	88
PID 208 wrote to memory of 716	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	89
PID 208 wrote to memory of 716	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	89
PID 208 wrote to memory of 1676	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	90
PID 208 wrote to memory of 1676	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	90
PID 208 wrote to memory of 1160	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	91
PID 208 wrote to memory of 1160	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	91
PID 208 wrote to memory of 2080	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	92
PID 208 wrote to memory of 2080	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	92
PID 208 wrote to memory of 5004	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	93
PID 208 wrote to memory of 5004	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	93
PID 208 wrote to memory of 1536	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	94
PID 208 wrote to memory of 1536	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	94
PID 208 wrote to memory of 3688	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	95
PID 208 wrote to memory of 3688	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	95
PID 208 wrote to memory of 2704	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	96
PID 208 wrote to memory of 2704	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	96
PID 208 wrote to memory of 3672	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	97
PID 208 wrote to memory of 3672	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	97
PID 208 wrote to memory of 4640	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	98
PID 208 wrote to memory of 4640	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	98
PID 208 wrote to memory of 4252	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	99
PID 208 wrote to memory of 4252	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	99
PID 208 wrote to memory of 3248	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	100
PID 208 wrote to memory of 3248	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	100
PID 208 wrote to memory of 4928	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	101
PID 208 wrote to memory of 4928	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	101
PID 208 wrote to memory of 3884	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	102
PID 208 wrote to memory of 3884	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	102
PID 208 wrote to memory of 4488	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	103
PID 208 wrote to memory of 4488	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	103
PID 208 wrote to memory of 3716	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	104
PID 208 wrote to memory of 3716	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	104
PID 208 wrote to memory of 1188	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	105
PID 208 wrote to memory of 1188	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	105
PID 208 wrote to memory of 4260	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	106
PID 208 wrote to memory of 4260	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	106
PID 208 wrote to memory of 2268	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	107
PID 208 wrote to memory of 2268	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	107
PID 208 wrote to memory of 3236	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	108
PID 208 wrote to memory of 3236	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	108
PID 208 wrote to memory of 1004	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	109
PID 208 wrote to memory of 1004	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	109
PID 208 wrote to memory of 2064	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	110
PID 208 wrote to memory of 2064	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	110
PID 208 wrote to memory of 1196	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	111
PID 208 wrote to memory of 1196	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	111
PID 208 wrote to memory of 5032	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	112
PID 208 wrote to memory of 5032	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	112
PID 208 wrote to memory of 4776	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	113
PID 208 wrote to memory of 4776	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	113
PID 208 wrote to memory of 4308	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	114
PID 208 wrote to memory of 4308	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	114
PID 208 wrote to memory of 2008	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	115
PID 208 wrote to memory of 2008	208	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	115

C:\Users\Admin\AppData\Local\Temp\872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
"C:\Users\Admin\AppData\Local\Temp\872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1000
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "1000" "2960" "2772" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:12856
- C:\Windows\System\Lzjkwli.exe
  C:\Windows\System\Lzjkwli.exe
  2⤵
  - Executes dropped EXE
  PID:4236
- C:\Windows\System\xBUuuUH.exe
  C:\Windows\System\xBUuuUH.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\XUswyMV.exe
  C:\Windows\System\XUswyMV.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\wyhhUDW.exe
  C:\Windows\System\wyhhUDW.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\hdyURsH.exe
  C:\Windows\System\hdyURsH.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\rJopfqD.exe
  C:\Windows\System\rJopfqD.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\jhllbGz.exe
  C:\Windows\System\jhllbGz.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\zYpfxRK.exe
  C:\Windows\System\zYpfxRK.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\EKgvVuT.exe
  C:\Windows\System\EKgvVuT.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\bzqFWVi.exe
  C:\Windows\System\bzqFWVi.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\pDOOsxI.exe
  C:\Windows\System\pDOOsxI.exe
  2⤵
  - Executes dropped EXE
  PID:3688
- C:\Windows\System\eyyctGu.exe
  C:\Windows\System\eyyctGu.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\qbxHiFm.exe
  C:\Windows\System\qbxHiFm.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\AhZayWa.exe
  C:\Windows\System\AhZayWa.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\REtrPPu.exe
  C:\Windows\System\REtrPPu.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\vYeVElB.exe
  C:\Windows\System\vYeVElB.exe
  2⤵
  - Executes dropped EXE
  PID:3248
- C:\Windows\System\GnRNqVL.exe
  C:\Windows\System\GnRNqVL.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\HjkAFin.exe
  C:\Windows\System\HjkAFin.exe
  2⤵
  - Executes dropped EXE
  PID:3884
- C:\Windows\System\wmXyvmF.exe
  C:\Windows\System\wmXyvmF.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\LhvlmLX.exe
  C:\Windows\System\LhvlmLX.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\RoFVtRE.exe
  C:\Windows\System\RoFVtRE.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\CbKQOuv.exe
  C:\Windows\System\CbKQOuv.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\eEXXbpT.exe
  C:\Windows\System\eEXXbpT.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\twFzpTG.exe
  C:\Windows\System\twFzpTG.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\SElZuob.exe
  C:\Windows\System\SElZuob.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\ozlqAuj.exe
  C:\Windows\System\ozlqAuj.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\pTPpvTs.exe
  C:\Windows\System\pTPpvTs.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\uiKMmEV.exe
  C:\Windows\System\uiKMmEV.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\AYfwHku.exe
  C:\Windows\System\AYfwHku.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\TirAtGK.exe
  C:\Windows\System\TirAtGK.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\aVzQxVj.exe
  C:\Windows\System\aVzQxVj.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\UqbVeEy.exe
  C:\Windows\System\UqbVeEy.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\xXAmiBE.exe
  C:\Windows\System\xXAmiBE.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\TAAEijx.exe
  C:\Windows\System\TAAEijx.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\ryShaRt.exe
  C:\Windows\System\ryShaRt.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\kolkIIh.exe
  C:\Windows\System\kolkIIh.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\zGPSTFF.exe
  C:\Windows\System\zGPSTFF.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\MYlwBwo.exe
  C:\Windows\System\MYlwBwo.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\ofaavai.exe
  C:\Windows\System\ofaavai.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\tsRGWJs.exe
  C:\Windows\System\tsRGWJs.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\HCpYQMq.exe
  C:\Windows\System\HCpYQMq.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\awCCoME.exe
  C:\Windows\System\awCCoME.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\BEKNuWt.exe
  C:\Windows\System\BEKNuWt.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\ekrrZGL.exe
  C:\Windows\System\ekrrZGL.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\xeHEHaB.exe
  C:\Windows\System\xeHEHaB.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\mKcLied.exe
  C:\Windows\System\mKcLied.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\JqUsatr.exe
  C:\Windows\System\JqUsatr.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\mUgblmJ.exe
  C:\Windows\System\mUgblmJ.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\jVXDHPx.exe
  C:\Windows\System\jVXDHPx.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\InDOjun.exe
  C:\Windows\System\InDOjun.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\njqZeAY.exe
  C:\Windows\System\njqZeAY.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\lCJUlGr.exe
  C:\Windows\System\lCJUlGr.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\MtviEvZ.exe
  C:\Windows\System\MtviEvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\JIlyeOR.exe
  C:\Windows\System\JIlyeOR.exe
  2⤵
  - Executes dropped EXE
  PID:4092
- C:\Windows\System\QswHUYl.exe
  C:\Windows\System\QswHUYl.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\SWpGcwm.exe
  C:\Windows\System\SWpGcwm.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\TwnPEPy.exe
  C:\Windows\System\TwnPEPy.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\pUFCRMz.exe
  C:\Windows\System\pUFCRMz.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\EhvvQwo.exe
  C:\Windows\System\EhvvQwo.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ksNxUwa.exe
  C:\Windows\System\ksNxUwa.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\upmGueL.exe
  C:\Windows\System\upmGueL.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\eWVuuHf.exe
  C:\Windows\System\eWVuuHf.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\IFbtqQk.exe
  C:\Windows\System\IFbtqQk.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\IkufDWy.exe
  C:\Windows\System\IkufDWy.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\ppBgnpI.exe
  C:\Windows\System\ppBgnpI.exe
  2⤵
  PID:3012
- C:\Windows\System\vqIEAMA.exe
  C:\Windows\System\vqIEAMA.exe
  2⤵
  PID:3564
- C:\Windows\System\EoNwPvj.exe
  C:\Windows\System\EoNwPvj.exe
  2⤵
  PID:5144
- C:\Windows\System\YGBlhIE.exe
  C:\Windows\System\YGBlhIE.exe
  2⤵
  PID:5172
- C:\Windows\System\ixXsGhq.exe
  C:\Windows\System\ixXsGhq.exe
  2⤵
  PID:5200
- C:\Windows\System\BxvfROG.exe
  C:\Windows\System\BxvfROG.exe
  2⤵
  PID:5228
- C:\Windows\System\monZAuQ.exe
  C:\Windows\System\monZAuQ.exe
  2⤵
  PID:5256
- C:\Windows\System\rTbZbJJ.exe
  C:\Windows\System\rTbZbJJ.exe
  2⤵
  PID:5284
- C:\Windows\System\APHZWsn.exe
  C:\Windows\System\APHZWsn.exe
  2⤵
  PID:5312
- C:\Windows\System\cijiuCL.exe
  C:\Windows\System\cijiuCL.exe
  2⤵
  PID:5340
- C:\Windows\System\txSSAJa.exe
  C:\Windows\System\txSSAJa.exe
  2⤵
  PID:5372
- C:\Windows\System\ZNrdtpc.exe
  C:\Windows\System\ZNrdtpc.exe
  2⤵
  PID:5404
- C:\Windows\System\qcbMRhy.exe
  C:\Windows\System\qcbMRhy.exe
  2⤵
  PID:5432
- C:\Windows\System\HyHZJPl.exe
  C:\Windows\System\HyHZJPl.exe
  2⤵
  PID:5460
- C:\Windows\System\gEMzhkr.exe
  C:\Windows\System\gEMzhkr.exe
  2⤵
  PID:5488
- C:\Windows\System\oOpMEfH.exe
  C:\Windows\System\oOpMEfH.exe
  2⤵
  PID:5512
- C:\Windows\System\ObVGbiG.exe
  C:\Windows\System\ObVGbiG.exe
  2⤵
  PID:5540
- C:\Windows\System\oFFVtRP.exe
  C:\Windows\System\oFFVtRP.exe
  2⤵
  PID:5576
- C:\Windows\System\iqsQFeS.exe
  C:\Windows\System\iqsQFeS.exe
  2⤵
  PID:5604
- C:\Windows\System\CSNYfCi.exe
  C:\Windows\System\CSNYfCi.exe
  2⤵
  PID:5632
- C:\Windows\System\wkWyBYh.exe
  C:\Windows\System\wkWyBYh.exe
  2⤵
  PID:5660
- C:\Windows\System\SxbunLU.exe
  C:\Windows\System\SxbunLU.exe
  2⤵
  PID:5688
- C:\Windows\System\wOmRoPH.exe
  C:\Windows\System\wOmRoPH.exe
  2⤵
  PID:5716
- C:\Windows\System\gIJkimb.exe
  C:\Windows\System\gIJkimb.exe
  2⤵
  PID:5744
- C:\Windows\System\YgFoycZ.exe
  C:\Windows\System\YgFoycZ.exe
  2⤵
  PID:5772
- C:\Windows\System\PfYDXzv.exe
  C:\Windows\System\PfYDXzv.exe
  2⤵
  PID:5800
- C:\Windows\System\SjWMEUi.exe
  C:\Windows\System\SjWMEUi.exe
  2⤵
  PID:5824
- C:\Windows\System\fsZDlUp.exe
  C:\Windows\System\fsZDlUp.exe
  2⤵
  PID:5852
- C:\Windows\System\mfPkVgM.exe
  C:\Windows\System\mfPkVgM.exe
  2⤵
  PID:5880
- C:\Windows\System\JumBgwo.exe
  C:\Windows\System\JumBgwo.exe
  2⤵
  PID:5916
- C:\Windows\System\TDjRtGS.exe
  C:\Windows\System\TDjRtGS.exe
  2⤵
  PID:5940
- C:\Windows\System\IMOqBpJ.exe
  C:\Windows\System\IMOqBpJ.exe
  2⤵
  PID:5968
- C:\Windows\System\ZwXtAEo.exe
  C:\Windows\System\ZwXtAEo.exe
  2⤵
  PID:5996
- C:\Windows\System\MQQGbLl.exe
  C:\Windows\System\MQQGbLl.exe
  2⤵
  PID:6024
- C:\Windows\System\vSZKaQV.exe
  C:\Windows\System\vSZKaQV.exe
  2⤵
  PID:6056
- C:\Windows\System\BXBjwoV.exe
  C:\Windows\System\BXBjwoV.exe
  2⤵
  PID:6080
- C:\Windows\System\awinGpd.exe
  C:\Windows\System\awinGpd.exe
  2⤵
  PID:6112
- C:\Windows\System\EmJmnrx.exe
  C:\Windows\System\EmJmnrx.exe
  2⤵
  PID:6140
- C:\Windows\System\Huinmke.exe
  C:\Windows\System\Huinmke.exe
  2⤵
  PID:3284
- C:\Windows\System\MvYUAJV.exe
  C:\Windows\System\MvYUAJV.exe
  2⤵
  PID:2448
- C:\Windows\System\LoRjSwl.exe
  C:\Windows\System\LoRjSwl.exe
  2⤵
  PID:4780
- C:\Windows\System\LxmFecp.exe
  C:\Windows\System\LxmFecp.exe
  2⤵
  PID:760
- C:\Windows\System\GUqHQoY.exe
  C:\Windows\System\GUqHQoY.exe
  2⤵
  PID:2280
- C:\Windows\System\wbuamag.exe
  C:\Windows\System\wbuamag.exe
  2⤵
  PID:5184
- C:\Windows\System\UCDJGrX.exe
  C:\Windows\System\UCDJGrX.exe
  2⤵
  PID:5240
- C:\Windows\System\OsPoHAw.exe
  C:\Windows\System\OsPoHAw.exe
  2⤵
  PID:5300
- C:\Windows\System\iQnAiNd.exe
  C:\Windows\System\iQnAiNd.exe
  2⤵
  PID:5364
- C:\Windows\System\dQicrkc.exe
  C:\Windows\System\dQicrkc.exe
  2⤵
  PID:5448
- C:\Windows\System\INMyHgy.exe
  C:\Windows\System\INMyHgy.exe
  2⤵
  PID:5504
- C:\Windows\System\HIFrDmN.exe
  C:\Windows\System\HIFrDmN.exe
  2⤵
  PID:5568
- C:\Windows\System\oGduDpk.exe
  C:\Windows\System\oGduDpk.exe
  2⤵
  PID:5624
- C:\Windows\System\Slgmdxf.exe
  C:\Windows\System\Slgmdxf.exe
  2⤵
  PID:5676
- C:\Windows\System\rTDdMBy.exe
  C:\Windows\System\rTDdMBy.exe
  2⤵
  PID:5732
- C:\Windows\System\vEmoKpn.exe
  C:\Windows\System\vEmoKpn.exe
  2⤵
  PID:5792
- C:\Windows\System\KbCymPQ.exe
  C:\Windows\System\KbCymPQ.exe
  2⤵
  PID:5868
- C:\Windows\System\EpxoqTN.exe
  C:\Windows\System\EpxoqTN.exe
  2⤵
  PID:5928
- C:\Windows\System\qtaQsdM.exe
  C:\Windows\System\qtaQsdM.exe
  2⤵
  PID:5984
- C:\Windows\System\uqvpWYg.exe
  C:\Windows\System\uqvpWYg.exe
  2⤵
  PID:6048
- C:\Windows\System\VSiVOfO.exe
  C:\Windows\System\VSiVOfO.exe
  2⤵
  PID:6124
- C:\Windows\System\heyplSm.exe
  C:\Windows\System\heyplSm.exe
  2⤵
  PID:4500
- C:\Windows\System\amXWFWI.exe
  C:\Windows\System\amXWFWI.exe
  2⤵
  PID:3316
- C:\Windows\System\gjTXerV.exe
  C:\Windows\System\gjTXerV.exe
  2⤵
  PID:5164
- C:\Windows\System\PaHZVBk.exe
  C:\Windows\System\PaHZVBk.exe
  2⤵
  PID:4952
- C:\Windows\System\kndSPhp.exe
  C:\Windows\System\kndSPhp.exe
  2⤵
  PID:5424
- C:\Windows\System\OJVWnQc.exe
  C:\Windows\System\OJVWnQc.exe
  2⤵
  PID:5592
- C:\Windows\System\TiylINK.exe
  C:\Windows\System\TiylINK.exe
  2⤵
  PID:2628
- C:\Windows\System\zMRBXoQ.exe
  C:\Windows\System\zMRBXoQ.exe
  2⤵
  PID:5840
- C:\Windows\System\nYVUsAK.exe
  C:\Windows\System\nYVUsAK.exe
  2⤵
  PID:6012
- C:\Windows\System\lFiTvvn.exe
  C:\Windows\System\lFiTvvn.exe
  2⤵
  PID:6100
- C:\Windows\System\kZfQaMo.exe
  C:\Windows\System\kZfQaMo.exe
  2⤵
  PID:2052
- C:\Windows\System\gwVETlg.exe
  C:\Windows\System\gwVETlg.exe
  2⤵
  PID:2456
- C:\Windows\System\ZsIYCag.exe
  C:\Windows\System\ZsIYCag.exe
  2⤵
  PID:6156
- C:\Windows\System\nGJhMJF.exe
  C:\Windows\System\nGJhMJF.exe
  2⤵
  PID:6188
- C:\Windows\System\xcXDVxl.exe
  C:\Windows\System\xcXDVxl.exe
  2⤵
  PID:6204
- C:\Windows\System\AeJlUCZ.exe
  C:\Windows\System\AeJlUCZ.exe
  2⤵
  PID:6232
- C:\Windows\System\AdQZzac.exe
  C:\Windows\System\AdQZzac.exe
  2⤵
  PID:6260
- C:\Windows\System\bpMVFnG.exe
  C:\Windows\System\bpMVFnG.exe
  2⤵
  PID:6288
- C:\Windows\System\ixVPjbo.exe
  C:\Windows\System\ixVPjbo.exe
  2⤵
  PID:6316
- C:\Windows\System\KJbiILD.exe
  C:\Windows\System\KJbiILD.exe
  2⤵
  PID:6340
- C:\Windows\System\IfCbcbK.exe
  C:\Windows\System\IfCbcbK.exe
  2⤵
  PID:6372
- C:\Windows\System\eBVAKeo.exe
  C:\Windows\System\eBVAKeo.exe
  2⤵
  PID:6400
- C:\Windows\System\udUVpiL.exe
  C:\Windows\System\udUVpiL.exe
  2⤵
  PID:6428
- C:\Windows\System\pUsFOQI.exe
  C:\Windows\System\pUsFOQI.exe
  2⤵
  PID:6456
- C:\Windows\System\FgFVmNv.exe
  C:\Windows\System\FgFVmNv.exe
  2⤵
  PID:6484
- C:\Windows\System\IoevHxe.exe
  C:\Windows\System\IoevHxe.exe
  2⤵
  PID:6508
- C:\Windows\System\jIvfJGc.exe
  C:\Windows\System\jIvfJGc.exe
  2⤵
  PID:6540
- C:\Windows\System\upqFWUO.exe
  C:\Windows\System\upqFWUO.exe
  2⤵
  PID:6568
- C:\Windows\System\wyzFLml.exe
  C:\Windows\System\wyzFLml.exe
  2⤵
  PID:6596
- C:\Windows\System\LyWaIQO.exe
  C:\Windows\System\LyWaIQO.exe
  2⤵
  PID:6624
- C:\Windows\System\NfGUKmo.exe
  C:\Windows\System\NfGUKmo.exe
  2⤵
  PID:6652
- C:\Windows\System\zijMjFg.exe
  C:\Windows\System\zijMjFg.exe
  2⤵
  PID:6680
- C:\Windows\System\NTUkDco.exe
  C:\Windows\System\NTUkDco.exe
  2⤵
  PID:6704
- C:\Windows\System\iESckNf.exe
  C:\Windows\System\iESckNf.exe
  2⤵
  PID:6736
- C:\Windows\System\PQKQZBd.exe
  C:\Windows\System\PQKQZBd.exe
  2⤵
  PID:6764
- C:\Windows\System\rafkWDX.exe
  C:\Windows\System\rafkWDX.exe
  2⤵
  PID:6792
- C:\Windows\System\MFYHOHF.exe
  C:\Windows\System\MFYHOHF.exe
  2⤵
  PID:6820
- C:\Windows\System\VHrKzzF.exe
  C:\Windows\System\VHrKzzF.exe
  2⤵
  PID:6844
- C:\Windows\System\fvwPwpB.exe
  C:\Windows\System\fvwPwpB.exe
  2⤵
  PID:6876
- C:\Windows\System\FhSDGVF.exe
  C:\Windows\System\FhSDGVF.exe
  2⤵
  PID:6904
- C:\Windows\System\iLxwFwD.exe
  C:\Windows\System\iLxwFwD.exe
  2⤵
  PID:6932
- C:\Windows\System\pxRMFKJ.exe
  C:\Windows\System\pxRMFKJ.exe
  2⤵
  PID:6960
- C:\Windows\System\IyRZmFU.exe
  C:\Windows\System\IyRZmFU.exe
  2⤵
  PID:6988
- C:\Windows\System\mveHdVC.exe
  C:\Windows\System\mveHdVC.exe
  2⤵
  PID:7012
- C:\Windows\System\FMerDiq.exe
  C:\Windows\System\FMerDiq.exe
  2⤵
  PID:7044
- C:\Windows\System\aHfMdnS.exe
  C:\Windows\System\aHfMdnS.exe
  2⤵
  PID:7072
- C:\Windows\System\GERcmhX.exe
  C:\Windows\System\GERcmhX.exe
  2⤵
  PID:7100
- C:\Windows\System\CvcsRAD.exe
  C:\Windows\System\CvcsRAD.exe
  2⤵
  PID:7128
- C:\Windows\System\rUhrNGk.exe
  C:\Windows\System\rUhrNGk.exe
  2⤵
  PID:7156
- C:\Windows\System\sumqmCi.exe
  C:\Windows\System\sumqmCi.exe
  2⤵
  PID:5420
- C:\Windows\System\IHwSxOW.exe
  C:\Windows\System\IHwSxOW.exe
  2⤵
  PID:5700
- C:\Windows\System\aYiVgsi.exe
  C:\Windows\System\aYiVgsi.exe
  2⤵
  PID:2288
- C:\Windows\System\lzHVJOL.exe
  C:\Windows\System\lzHVJOL.exe
  2⤵
  PID:5088
- C:\Windows\System\OFNUNLm.exe
  C:\Windows\System\OFNUNLm.exe
  2⤵
  PID:6148
- C:\Windows\System\EIqUHTU.exe
  C:\Windows\System\EIqUHTU.exe
  2⤵
  PID:6216
- C:\Windows\System\qsNIIbA.exe
  C:\Windows\System\qsNIIbA.exe
  2⤵
  PID:6272
- C:\Windows\System\HWERqLR.exe
  C:\Windows\System\HWERqLR.exe
  2⤵
  PID:6308
- C:\Windows\System\oJqgNIs.exe
  C:\Windows\System\oJqgNIs.exe
  2⤵
  PID:6360
- C:\Windows\System\RyHoAAw.exe
  C:\Windows\System\RyHoAAw.exe
  2⤵
  PID:6412
- C:\Windows\System\kHkbRGC.exe
  C:\Windows\System\kHkbRGC.exe
  2⤵
  PID:6448
- C:\Windows\System\bDJVnUt.exe
  C:\Windows\System\bDJVnUt.exe
  2⤵
  PID:6524
- C:\Windows\System\EoNHbdU.exe
  C:\Windows\System\EoNHbdU.exe
  2⤵
  PID:6580
- C:\Windows\System\wLREzGJ.exe
  C:\Windows\System\wLREzGJ.exe
  2⤵
  PID:6612
- C:\Windows\System\UnXmnfo.exe
  C:\Windows\System\UnXmnfo.exe
  2⤵
  PID:6664
- C:\Windows\System\GWEIvXQ.exe
  C:\Windows\System\GWEIvXQ.exe
  2⤵
  PID:3256
- C:\Windows\System\NbwaXcd.exe
  C:\Windows\System\NbwaXcd.exe
  2⤵
  PID:6776
- C:\Windows\System\mBBLAuF.exe
  C:\Windows\System\mBBLAuF.exe
  2⤵
  PID:6808
- C:\Windows\System\JgEbZBf.exe
  C:\Windows\System\JgEbZBf.exe
  2⤵
  PID:6860
- C:\Windows\System\JKHtfWp.exe
  C:\Windows\System\JKHtfWp.exe
  2⤵
  PID:6892
- C:\Windows\System\sOhGxun.exe
  C:\Windows\System\sOhGxun.exe
  2⤵
  PID:6944
- C:\Windows\System\JFqfdXx.exe
  C:\Windows\System\JFqfdXx.exe
  2⤵
  PID:7000
- C:\Windows\System\MTwavxH.exe
  C:\Windows\System\MTwavxH.exe
  2⤵
  PID:2232
- C:\Windows\System\GruUsjS.exe
  C:\Windows\System\GruUsjS.exe
  2⤵
  PID:7116
- C:\Windows\System\OUrGoeI.exe
  C:\Windows\System\OUrGoeI.exe
  2⤵
  PID:5296
- C:\Windows\System\SfjyIGY.exe
  C:\Windows\System\SfjyIGY.exe
  2⤵
  PID:5672
- C:\Windows\System\LCbMkgf.exe
  C:\Windows\System\LCbMkgf.exe
  2⤵
  PID:5276
- C:\Windows\System\tlXunnQ.exe
  C:\Windows\System\tlXunnQ.exe
  2⤵
  PID:6300
- C:\Windows\System\CupjEau.exe
  C:\Windows\System\CupjEau.exe
  2⤵
  PID:872
- C:\Windows\System\hBxcfxs.exe
  C:\Windows\System\hBxcfxs.exe
  2⤵
  PID:6476
- C:\Windows\System\gSXVTsZ.exe
  C:\Windows\System\gSXVTsZ.exe
  2⤵
  PID:3796
- C:\Windows\System\yTSHvDb.exe
  C:\Windows\System\yTSHvDb.exe
  2⤵
  PID:6700
- C:\Windows\System\CkIWIus.exe
  C:\Windows\System\CkIWIus.exe
  2⤵
  PID:6836
- C:\Windows\System\lAomeBx.exe
  C:\Windows\System\lAomeBx.exe
  2⤵
  PID:6924
- C:\Windows\System\gbvKciJ.exe
  C:\Windows\System\gbvKciJ.exe
  2⤵
  PID:7036
- C:\Windows\System\tgmecwx.exe
  C:\Windows\System\tgmecwx.exe
  2⤵
  PID:1540
- C:\Windows\System\xgCRzeR.exe
  C:\Windows\System\xgCRzeR.exe
  2⤵
  PID:6196
- C:\Windows\System\KtXGUHA.exe
  C:\Windows\System\KtXGUHA.exe
  2⤵
  PID:2384
- C:\Windows\System\idanyWf.exe
  C:\Windows\System\idanyWf.exe
  2⤵
  PID:6752
- C:\Windows\System\UXVgyDq.exe
  C:\Windows\System\UXVgyDq.exe
  2⤵
  PID:6888
- C:\Windows\System\OqssSSM.exe
  C:\Windows\System\OqssSSM.exe
  2⤵
  PID:7196
- C:\Windows\System\WUFuici.exe
  C:\Windows\System\WUFuici.exe
  2⤵
  PID:7228
- C:\Windows\System\LajTKBP.exe
  C:\Windows\System\LajTKBP.exe
  2⤵
  PID:7256
- C:\Windows\System\uITzYnL.exe
  C:\Windows\System\uITzYnL.exe
  2⤵
  PID:7284
- C:\Windows\System\ctYeTOi.exe
  C:\Windows\System\ctYeTOi.exe
  2⤵
  PID:7312
- C:\Windows\System\fizpRKa.exe
  C:\Windows\System\fizpRKa.exe
  2⤵
  PID:7340
- C:\Windows\System\HsnEPEr.exe
  C:\Windows\System\HsnEPEr.exe
  2⤵
  PID:7368
- C:\Windows\System\qQswePy.exe
  C:\Windows\System\qQswePy.exe
  2⤵
  PID:7396
- C:\Windows\System\rwQouHK.exe
  C:\Windows\System\rwQouHK.exe
  2⤵
  PID:7424
- C:\Windows\System\RffBnaJ.exe
  C:\Windows\System\RffBnaJ.exe
  2⤵
  PID:7452
- C:\Windows\System\nvwRBmP.exe
  C:\Windows\System\nvwRBmP.exe
  2⤵
  PID:7480
- C:\Windows\System\zulVgOm.exe
  C:\Windows\System\zulVgOm.exe
  2⤵
  PID:7508
- C:\Windows\System\QuHxIdi.exe
  C:\Windows\System\QuHxIdi.exe
  2⤵
  PID:7544
- C:\Windows\System\jKeZAYa.exe
  C:\Windows\System\jKeZAYa.exe
  2⤵
  PID:7576
- C:\Windows\System\sQuENDm.exe
  C:\Windows\System\sQuENDm.exe
  2⤵
  PID:7592
- C:\Windows\System\TofYsnZ.exe
  C:\Windows\System\TofYsnZ.exe
  2⤵
  PID:7620
- C:\Windows\System\rGalfrq.exe
  C:\Windows\System\rGalfrq.exe
  2⤵
  PID:7648
- C:\Windows\System\ISFjzCS.exe
  C:\Windows\System\ISFjzCS.exe
  2⤵
  PID:7676
- C:\Windows\System\AhnAbqo.exe
  C:\Windows\System\AhnAbqo.exe
  2⤵
  PID:7700
- C:\Windows\System\gUShYRV.exe
  C:\Windows\System\gUShYRV.exe
  2⤵
  PID:7728
- C:\Windows\System\NXoXyZT.exe
  C:\Windows\System\NXoXyZT.exe
  2⤵
  PID:7760
- C:\Windows\System\KjKfXLa.exe
  C:\Windows\System\KjKfXLa.exe
  2⤵
  PID:7788
- C:\Windows\System\qxxOeFr.exe
  C:\Windows\System\qxxOeFr.exe
  2⤵
  PID:7876
- C:\Windows\System\xalGhku.exe
  C:\Windows\System\xalGhku.exe
  2⤵
  PID:7892
- C:\Windows\System\imznJFG.exe
  C:\Windows\System\imznJFG.exe
  2⤵
  PID:7908
- C:\Windows\System\DgRvxqC.exe
  C:\Windows\System\DgRvxqC.exe
  2⤵
  PID:7924
- C:\Windows\System\WFzBAyK.exe
  C:\Windows\System\WFzBAyK.exe
  2⤵
  PID:7940
- C:\Windows\System\TxzSCdW.exe
  C:\Windows\System\TxzSCdW.exe
  2⤵
  PID:7960
- C:\Windows\System\LLKEQWk.exe
  C:\Windows\System\LLKEQWk.exe
  2⤵
  PID:7976
- C:\Windows\System\TMqoChX.exe
  C:\Windows\System\TMqoChX.exe
  2⤵
  PID:7992
- C:\Windows\System\uRhCtap.exe
  C:\Windows\System\uRhCtap.exe
  2⤵
  PID:8012
- C:\Windows\System\cHUkeVC.exe
  C:\Windows\System\cHUkeVC.exe
  2⤵
  PID:8044
- C:\Windows\System\XZggVUn.exe
  C:\Windows\System\XZggVUn.exe
  2⤵
  PID:8072
- C:\Windows\System\fQhWzaf.exe
  C:\Windows\System\fQhWzaf.exe
  2⤵
  PID:8092
- C:\Windows\System\poznuAP.exe
  C:\Windows\System\poznuAP.exe
  2⤵
  PID:8116
- C:\Windows\System\AQvrjtS.exe
  C:\Windows\System\AQvrjtS.exe
  2⤵
  PID:8136
- C:\Windows\System\VzRPfFr.exe
  C:\Windows\System\VzRPfFr.exe
  2⤵
  PID:7028
- C:\Windows\System\MoRnPEH.exe
  C:\Windows\System\MoRnPEH.exe
  2⤵
  PID:740
- C:\Windows\System\AHGEVsQ.exe
  C:\Windows\System\AHGEVsQ.exe
  2⤵
  PID:3684
- C:\Windows\System\zTGMfPR.exe
  C:\Windows\System\zTGMfPR.exe
  2⤵
  PID:7300
- C:\Windows\System\NXCqdjj.exe
  C:\Windows\System\NXCqdjj.exe
  2⤵
  PID:7472
- C:\Windows\System\XNwqXcI.exe
  C:\Windows\System\XNwqXcI.exe
  2⤵
  PID:7532
- C:\Windows\System\bTRfrYY.exe
  C:\Windows\System\bTRfrYY.exe
  2⤵
  PID:7568
- C:\Windows\System\NAvNWTy.exe
  C:\Windows\System\NAvNWTy.exe
  2⤵
  PID:7636
- C:\Windows\System\swCwNsd.exe
  C:\Windows\System\swCwNsd.exe
  2⤵
  PID:4560
- C:\Windows\System\YDFphrk.exe
  C:\Windows\System\YDFphrk.exe
  2⤵
  PID:3752
- C:\Windows\System\GItPaTe.exe
  C:\Windows\System\GItPaTe.exe
  2⤵
  PID:7752
- C:\Windows\System\xXAPpWQ.exe
  C:\Windows\System\xXAPpWQ.exe
  2⤵
  PID:7824
- C:\Windows\System\seoeMap.exe
  C:\Windows\System\seoeMap.exe
  2⤵
  PID:1544
- C:\Windows\System\rSYnDPD.exe
  C:\Windows\System\rSYnDPD.exe
  2⤵
  PID:5036
- C:\Windows\System\BIefSCU.exe
  C:\Windows\System\BIefSCU.exe
  2⤵
  PID:3524
- C:\Windows\System\SpsdpKN.exe
  C:\Windows\System\SpsdpKN.exe
  2⤵
  PID:7780
- C:\Windows\System\pyFrWOt.exe
  C:\Windows\System\pyFrWOt.exe
  2⤵
  PID:7916
- C:\Windows\System\mtWZtlj.exe
  C:\Windows\System\mtWZtlj.exe
  2⤵
  PID:8108
- C:\Windows\System\uKTNGPN.exe
  C:\Windows\System\uKTNGPN.exe
  2⤵
  PID:8068
- C:\Windows\System\npoXAfF.exe
  C:\Windows\System\npoXAfF.exe
  2⤵
  PID:8052
- C:\Windows\System\DLWDnPN.exe
  C:\Windows\System\DLWDnPN.exe
  2⤵
  PID:8104
- C:\Windows\System\zFvcWXh.exe
  C:\Windows\System\zFvcWXh.exe
  2⤵
  PID:7192
- C:\Windows\System\yyYVKse.exe
  C:\Windows\System\yyYVKse.exe
  2⤵
  PID:7408
- C:\Windows\System\TbZWnCd.exe
  C:\Windows\System\TbZWnCd.exe
  2⤵
  PID:4016
- C:\Windows\System\bBIMVIR.exe
  C:\Windows\System\bBIMVIR.exe
  2⤵
  PID:1732
- C:\Windows\System\YIffHWh.exe
  C:\Windows\System\YIffHWh.exe
  2⤵
  PID:7724
- C:\Windows\System\RiPNjCC.exe
  C:\Windows\System\RiPNjCC.exe
  2⤵
  PID:7772
- C:\Windows\System\PzChMMg.exe
  C:\Windows\System\PzChMMg.exe
  2⤵
  PID:3856
- C:\Windows\System\OgdiIFr.exe
  C:\Windows\System\OgdiIFr.exe
  2⤵
  PID:7868
- C:\Windows\System\iZzPwaH.exe
  C:\Windows\System\iZzPwaH.exe
  2⤵
  PID:7140
- C:\Windows\System\kkBPoEz.exe
  C:\Windows\System\kkBPoEz.exe
  2⤵
  PID:8188
- C:\Windows\System\mUWhBWJ.exe
  C:\Windows\System\mUWhBWJ.exe
  2⤵
  PID:7440
- C:\Windows\System\eRusETc.exe
  C:\Windows\System\eRusETc.exe
  2⤵
  PID:7716
- C:\Windows\System\gUvGTnQ.exe
  C:\Windows\System\gUvGTnQ.exe
  2⤵
  PID:7844
- C:\Windows\System\MuibKbS.exe
  C:\Windows\System\MuibKbS.exe
  2⤵
  PID:7668
- C:\Windows\System\ylJOCcC.exe
  C:\Windows\System\ylJOCcC.exe
  2⤵
  PID:7840
- C:\Windows\System\OEksMna.exe
  C:\Windows\System\OEksMna.exe
  2⤵
  PID:8208
- C:\Windows\System\SPFMXuz.exe
  C:\Windows\System\SPFMXuz.exe
  2⤵
  PID:8224
- C:\Windows\System\zQCUSdO.exe
  C:\Windows\System\zQCUSdO.exe
  2⤵
  PID:8276
- C:\Windows\System\fxIuVGr.exe
  C:\Windows\System\fxIuVGr.exe
  2⤵
  PID:8316
- C:\Windows\System\SuInXmd.exe
  C:\Windows\System\SuInXmd.exe
  2⤵
  PID:8336
- C:\Windows\System\tYmrIcw.exe
  C:\Windows\System\tYmrIcw.exe
  2⤵
  PID:8376
- C:\Windows\System\lJkNMyv.exe
  C:\Windows\System\lJkNMyv.exe
  2⤵
  PID:8400
- C:\Windows\System\HLxtUFg.exe
  C:\Windows\System\HLxtUFg.exe
  2⤵
  PID:8416
- C:\Windows\System\yVRnFuA.exe
  C:\Windows\System\yVRnFuA.exe
  2⤵
  PID:8436
- C:\Windows\System\fHjmBfa.exe
  C:\Windows\System\fHjmBfa.exe
  2⤵
  PID:8456
- C:\Windows\System\mMxoqxo.exe
  C:\Windows\System\mMxoqxo.exe
  2⤵
  PID:8500
- C:\Windows\System\McBoKwI.exe
  C:\Windows\System\McBoKwI.exe
  2⤵
  PID:8520
- C:\Windows\System\LkPQYPJ.exe
  C:\Windows\System\LkPQYPJ.exe
  2⤵
  PID:8544
- C:\Windows\System\UFvGnrO.exe
  C:\Windows\System\UFvGnrO.exe
  2⤵
  PID:8568
- C:\Windows\System\huFUnXo.exe
  C:\Windows\System\huFUnXo.exe
  2⤵
  PID:8604
- C:\Windows\System\SouDvdX.exe
  C:\Windows\System\SouDvdX.exe
  2⤵
  PID:8652
- C:\Windows\System\dMvhPii.exe
  C:\Windows\System\dMvhPii.exe
  2⤵
  PID:8672
- C:\Windows\System\tNaWqBF.exe
  C:\Windows\System\tNaWqBF.exe
  2⤵
  PID:8700
- C:\Windows\System\RzzfNMY.exe
  C:\Windows\System\RzzfNMY.exe
  2⤵
  PID:8716
- C:\Windows\System\yqRQLxH.exe
  C:\Windows\System\yqRQLxH.exe
  2⤵
  PID:8744
- C:\Windows\System\DGVOlUN.exe
  C:\Windows\System\DGVOlUN.exe
  2⤵
  PID:8772
- C:\Windows\System\jucRdwn.exe
  C:\Windows\System\jucRdwn.exe
  2⤵
  PID:8820
- C:\Windows\System\flThxWy.exe
  C:\Windows\System\flThxWy.exe
  2⤵
  PID:8840
- C:\Windows\System\kCuknKu.exe
  C:\Windows\System\kCuknKu.exe
  2⤵
  PID:8868
- C:\Windows\System\rQsDJdy.exe
  C:\Windows\System\rQsDJdy.exe
  2⤵
  PID:8900
- C:\Windows\System\AIDqsvZ.exe
  C:\Windows\System\AIDqsvZ.exe
  2⤵
  PID:8924
- C:\Windows\System\BqXsEJC.exe
  C:\Windows\System\BqXsEJC.exe
  2⤵
  PID:8948
- C:\Windows\System\GkrJUsz.exe
  C:\Windows\System\GkrJUsz.exe
  2⤵
  PID:8964
- C:\Windows\System\DYKqZwg.exe
  C:\Windows\System\DYKqZwg.exe
  2⤵
  PID:8992
- C:\Windows\System\ZrwGXQi.exe
  C:\Windows\System\ZrwGXQi.exe
  2⤵
  PID:9012
- C:\Windows\System\KdcSBGr.exe
  C:\Windows\System\KdcSBGr.exe
  2⤵
  PID:9032
- C:\Windows\System\gmxLQSh.exe
  C:\Windows\System\gmxLQSh.exe
  2⤵
  PID:9052
- C:\Windows\System\fCUbGzR.exe
  C:\Windows\System\fCUbGzR.exe
  2⤵
  PID:9080
- C:\Windows\System\YVAKnSC.exe
  C:\Windows\System\YVAKnSC.exe
  2⤵
  PID:9104
- C:\Windows\System\sbjVeWs.exe
  C:\Windows\System\sbjVeWs.exe
  2⤵
  PID:9124
- C:\Windows\System\NhVcduQ.exe
  C:\Windows\System\NhVcduQ.exe
  2⤵
  PID:9176
- C:\Windows\System\FjbNWRK.exe
  C:\Windows\System\FjbNWRK.exe
  2⤵
  PID:9204
- C:\Windows\System\oUbrEXM.exe
  C:\Windows\System\oUbrEXM.exe
  2⤵
  PID:7564
- C:\Windows\System\ORkYlTO.exe
  C:\Windows\System\ORkYlTO.exe
  2⤵
  PID:8244
- C:\Windows\System\zAeDZrZ.exe
  C:\Windows\System\zAeDZrZ.exe
  2⤵
  PID:8352
- C:\Windows\System\kvHdzPT.exe
  C:\Windows\System\kvHdzPT.exe
  2⤵
  PID:8392
- C:\Windows\System\UOZaset.exe
  C:\Windows\System\UOZaset.exe
  2⤵
  PID:8536
- C:\Windows\System\vsGUGLU.exe
  C:\Windows\System\vsGUGLU.exe
  2⤵
  PID:8508
- C:\Windows\System\hIwkSOq.exe
  C:\Windows\System\hIwkSOq.exe
  2⤵
  PID:8644
- C:\Windows\System\HQuOFwj.exe
  C:\Windows\System\HQuOFwj.exe
  2⤵
  PID:640
- C:\Windows\System\ZNVmjTf.exe
  C:\Windows\System\ZNVmjTf.exe
  2⤵
  PID:8692
- C:\Windows\System\FUSddYu.exe
  C:\Windows\System\FUSddYu.exe
  2⤵
  PID:8736
- C:\Windows\System\JknNneh.exe
  C:\Windows\System\JknNneh.exe
  2⤵
  PID:8796
- C:\Windows\System\VZwEJEo.exe
  C:\Windows\System\VZwEJEo.exe
  2⤵
  PID:8884
- C:\Windows\System\BPPYoAz.exe
  C:\Windows\System\BPPYoAz.exe
  2⤵
  PID:9048
- C:\Windows\System\PnBeiRB.exe
  C:\Windows\System\PnBeiRB.exe
  2⤵
  PID:9020
- C:\Windows\System\ICGBuIm.exe
  C:\Windows\System\ICGBuIm.exe
  2⤵
  PID:9112
- C:\Windows\System\uGLpkVj.exe
  C:\Windows\System\uGLpkVj.exe
  2⤵
  PID:9088
- C:\Windows\System\LynMOKf.exe
  C:\Windows\System\LynMOKf.exe
  2⤵
  PID:9200
- C:\Windows\System\xaywXPW.exe
  C:\Windows\System\xaywXPW.exe
  2⤵
  PID:8264
- C:\Windows\System\VwfwAtV.exe
  C:\Windows\System\VwfwAtV.exe
  2⤵
  PID:8492
- C:\Windows\System\zdpgVoG.exe
  C:\Windows\System\zdpgVoG.exe
  2⤵
  PID:8688
- C:\Windows\System\RnGLfbq.exe
  C:\Windows\System\RnGLfbq.exe
  2⤵
  PID:8764
- C:\Windows\System\hyjObXm.exe
  C:\Windows\System\hyjObXm.exe
  2⤵
  PID:8836
- C:\Windows\System\fAwjpFZ.exe
  C:\Windows\System\fAwjpFZ.exe
  2⤵
  PID:9024
- C:\Windows\System\DbFMzMw.exe
  C:\Windows\System\DbFMzMw.exe
  2⤵
  PID:9152
- C:\Windows\System\GhlzxOf.exe
  C:\Windows\System\GhlzxOf.exe
  2⤵
  PID:8448
- C:\Windows\System\ruELggH.exe
  C:\Windows\System\ruELggH.exe
  2⤵
  PID:8596
- C:\Windows\System\zcuRMxt.exe
  C:\Windows\System\zcuRMxt.exe
  2⤵
  PID:8984
- C:\Windows\System\rSqpFnL.exe
  C:\Windows\System\rSqpFnL.exe
  2⤵
  PID:3352
- C:\Windows\System\jInmkIQ.exe
  C:\Windows\System\jInmkIQ.exe
  2⤵
  PID:7324
- C:\Windows\System\KHEegbb.exe
  C:\Windows\System\KHEegbb.exe
  2⤵
  PID:9096
- C:\Windows\System\JXuYybt.exe
  C:\Windows\System\JXuYybt.exe
  2⤵
  PID:3700
- C:\Windows\System\xIaiPnf.exe
  C:\Windows\System\xIaiPnf.exe
  2⤵
  PID:9220
- C:\Windows\System\NcBNTJu.exe
  C:\Windows\System\NcBNTJu.exe
  2⤵
  PID:9244
- C:\Windows\System\kJdejaF.exe
  C:\Windows\System\kJdejaF.exe
  2⤵
  PID:9284
- C:\Windows\System\rKjBbyz.exe
  C:\Windows\System\rKjBbyz.exe
  2⤵
  PID:9320
- C:\Windows\System\ugUxjeL.exe
  C:\Windows\System\ugUxjeL.exe
  2⤵
  PID:9340
- C:\Windows\System\uugodap.exe
  C:\Windows\System\uugodap.exe
  2⤵
  PID:9380
- C:\Windows\System\DgHWLnb.exe
  C:\Windows\System\DgHWLnb.exe
  2⤵
  PID:9404
- C:\Windows\System\tKnHnJH.exe
  C:\Windows\System\tKnHnJH.exe
  2⤵
  PID:9424
- C:\Windows\System\NLqAsXL.exe
  C:\Windows\System\NLqAsXL.exe
  2⤵
  PID:9444
- C:\Windows\System\MOpxLnu.exe
  C:\Windows\System\MOpxLnu.exe
  2⤵
  PID:9468
- C:\Windows\System\lqTiIiV.exe
  C:\Windows\System\lqTiIiV.exe
  2⤵
  PID:9532
- C:\Windows\System\TRbizue.exe
  C:\Windows\System\TRbizue.exe
  2⤵
  PID:9552
- C:\Windows\System\qtxKNMT.exe
  C:\Windows\System\qtxKNMT.exe
  2⤵
  PID:9580
- C:\Windows\System\vjcWpQX.exe
  C:\Windows\System\vjcWpQX.exe
  2⤵
  PID:9600
- C:\Windows\System\IuNzbkN.exe
  C:\Windows\System\IuNzbkN.exe
  2⤵
  PID:9624
- C:\Windows\System\XHtRwTX.exe
  C:\Windows\System\XHtRwTX.exe
  2⤵
  PID:9664
- C:\Windows\System\zBHuDVE.exe
  C:\Windows\System\zBHuDVE.exe
  2⤵
  PID:9692
- C:\Windows\System\VkZyjsz.exe
  C:\Windows\System\VkZyjsz.exe
  2⤵
  PID:9708
- C:\Windows\System\KcsHEMZ.exe
  C:\Windows\System\KcsHEMZ.exe
  2⤵
  PID:9728
- C:\Windows\System\AiHaJVY.exe
  C:\Windows\System\AiHaJVY.exe
  2⤵
  PID:9756
- C:\Windows\System\NvXnonl.exe
  C:\Windows\System\NvXnonl.exe
  2⤵
  PID:9772
- C:\Windows\System\FZqtOYK.exe
  C:\Windows\System\FZqtOYK.exe
  2⤵
  PID:9796
- C:\Windows\System\aNjsIRw.exe
  C:\Windows\System\aNjsIRw.exe
  2⤵
  PID:9816
- C:\Windows\System\yISvnEI.exe
  C:\Windows\System\yISvnEI.exe
  2⤵
  PID:9840
- C:\Windows\System\PWnDZGo.exe
  C:\Windows\System\PWnDZGo.exe
  2⤵
  PID:9892
- C:\Windows\System\ICpxXZl.exe
  C:\Windows\System\ICpxXZl.exe
  2⤵
  PID:9916
- C:\Windows\System\qHFgWlM.exe
  C:\Windows\System\qHFgWlM.exe
  2⤵
  PID:9944
- C:\Windows\System\gBAAXlL.exe
  C:\Windows\System\gBAAXlL.exe
  2⤵
  PID:9992
- C:\Windows\System\iQgXbME.exe
  C:\Windows\System\iQgXbME.exe
  2⤵
  PID:10012
- C:\Windows\System\ZLgYGem.exe
  C:\Windows\System\ZLgYGem.exe
  2⤵
  PID:10036
- C:\Windows\System\twaKTjb.exe
  C:\Windows\System\twaKTjb.exe
  2⤵
  PID:10076
- C:\Windows\System\YFvkUOm.exe
  C:\Windows\System\YFvkUOm.exe
  2⤵
  PID:10112
- C:\Windows\System\dTBHZYR.exe
  C:\Windows\System\dTBHZYR.exe
  2⤵
  PID:10128
- C:\Windows\System\zoYdcxt.exe
  C:\Windows\System\zoYdcxt.exe
  2⤵
  PID:10148
- C:\Windows\System\ThrmvMi.exe
  C:\Windows\System\ThrmvMi.exe
  2⤵
  PID:10176
- C:\Windows\System\lOFGKsd.exe
  C:\Windows\System\lOFGKsd.exe
  2⤵
  PID:10196
- C:\Windows\System\xcYFDiW.exe
  C:\Windows\System\xcYFDiW.exe
  2⤵
  PID:8632
- C:\Windows\System\dLEXPRy.exe
  C:\Windows\System\dLEXPRy.exe
  2⤵
  PID:9276
- C:\Windows\System\owXzMLW.exe
  C:\Windows\System\owXzMLW.exe
  2⤵
  PID:9300
- C:\Windows\System\lSvmzgE.exe
  C:\Windows\System\lSvmzgE.exe
  2⤵
  PID:9456
- C:\Windows\System\xzLeSaA.exe
  C:\Windows\System\xzLeSaA.exe
  2⤵
  PID:9500
- C:\Windows\System\JzPgNCj.exe
  C:\Windows\System\JzPgNCj.exe
  2⤵
  PID:9576
- C:\Windows\System\iaQxbhs.exe
  C:\Windows\System\iaQxbhs.exe
  2⤵
  PID:9608
- C:\Windows\System\CxnKHtk.exe
  C:\Windows\System\CxnKHtk.exe
  2⤵
  PID:9660
- C:\Windows\System\dejGfSX.exe
  C:\Windows\System\dejGfSX.exe
  2⤵
  PID:9764
- C:\Windows\System\SOzaAlo.exe
  C:\Windows\System\SOzaAlo.exe
  2⤵
  PID:8324
- C:\Windows\System\kYbNIVn.exe
  C:\Windows\System\kYbNIVn.exe
  2⤵
  PID:9880
- C:\Windows\System\WUCNlND.exe
  C:\Windows\System\WUCNlND.exe
  2⤵
  PID:9932
- C:\Windows\System\EAqsmWk.exe
  C:\Windows\System\EAqsmWk.exe
  2⤵
  PID:10008
- C:\Windows\System\gDpJEzW.exe
  C:\Windows\System\gDpJEzW.exe
  2⤵
  PID:10068
- C:\Windows\System\XQAKOta.exe
  C:\Windows\System\XQAKOta.exe
  2⤵
  PID:10156
- C:\Windows\System\uzJCyUR.exe
  C:\Windows\System\uzJCyUR.exe
  2⤵
  PID:9156
- C:\Windows\System\CVPdWZW.exe
  C:\Windows\System\CVPdWZW.exe
  2⤵
  PID:9308
- C:\Windows\System\ISFoJKw.exe
  C:\Windows\System\ISFoJKw.exe
  2⤵
  PID:9392
- C:\Windows\System\RGlSspj.exe
  C:\Windows\System\RGlSspj.exe
  2⤵
  PID:3420
- C:\Windows\System\abdEsNZ.exe
  C:\Windows\System\abdEsNZ.exe
  2⤵
  PID:9748
- C:\Windows\System\INcOHgk.exe
  C:\Windows\System\INcOHgk.exe
  2⤵
  PID:9836
- C:\Windows\System\CyOJWdP.exe
  C:\Windows\System\CyOJWdP.exe
  2⤵
  PID:10120
- C:\Windows\System\nVcceKf.exe
  C:\Windows\System\nVcceKf.exe
  2⤵
  PID:10088
- C:\Windows\System\zkMbkNW.exe
  C:\Windows\System\zkMbkNW.exe
  2⤵
  PID:9400
- C:\Windows\System\xMslSBc.exe
  C:\Windows\System\xMslSBc.exe
  2⤵
  PID:9592
- C:\Windows\System\nSlRUSU.exe
  C:\Windows\System\nSlRUSU.exe
  2⤵
  PID:9672
- C:\Windows\System\ZnzZEwH.exe
  C:\Windows\System\ZnzZEwH.exe
  2⤵
  PID:9964
- C:\Windows\System\MhjFmVT.exe
  C:\Windows\System\MhjFmVT.exe
  2⤵
  PID:10276
- C:\Windows\System\qDsAEqT.exe
  C:\Windows\System\qDsAEqT.exe
  2⤵
  PID:10292
- C:\Windows\System\SkfbeHd.exe
  C:\Windows\System\SkfbeHd.exe
  2⤵
  PID:10320
- C:\Windows\System\QxhPmAg.exe
  C:\Windows\System\QxhPmAg.exe
  2⤵
  PID:10340
- C:\Windows\System\LbnrKKY.exe
  C:\Windows\System\LbnrKKY.exe
  2⤵
  PID:10364
- C:\Windows\System\oOtakvW.exe
  C:\Windows\System\oOtakvW.exe
  2⤵
  PID:10384
- C:\Windows\System\VtrsHZv.exe
  C:\Windows\System\VtrsHZv.exe
  2⤵
  PID:10412
- C:\Windows\System\glyqphd.exe
  C:\Windows\System\glyqphd.exe
  2⤵
  PID:10432
- C:\Windows\System\EMTSrbr.exe
  C:\Windows\System\EMTSrbr.exe
  2⤵
  PID:10496
- C:\Windows\System\nipJyHz.exe
  C:\Windows\System\nipJyHz.exe
  2⤵
  PID:10520
- C:\Windows\System\RazleJS.exe
  C:\Windows\System\RazleJS.exe
  2⤵
  PID:10556
- C:\Windows\System\vJcIICn.exe
  C:\Windows\System\vJcIICn.exe
  2⤵
  PID:10640
- C:\Windows\System\kCBQoaR.exe
  C:\Windows\System\kCBQoaR.exe
  2⤵
  PID:10664
- C:\Windows\System\xKyEbXk.exe
  C:\Windows\System\xKyEbXk.exe
  2⤵
  PID:10680
- C:\Windows\System\gTjtVib.exe
  C:\Windows\System\gTjtVib.exe
  2⤵
  PID:10700
- C:\Windows\System\HKnVIwM.exe
  C:\Windows\System\HKnVIwM.exe
  2⤵
  PID:10716
- C:\Windows\System\CCkLUCN.exe
  C:\Windows\System\CCkLUCN.exe
  2⤵
  PID:10732
- C:\Windows\System\jnbsLZC.exe
  C:\Windows\System\jnbsLZC.exe
  2⤵
  PID:10748
- C:\Windows\System\FwwglWI.exe
  C:\Windows\System\FwwglWI.exe
  2⤵
  PID:10764
- C:\Windows\System\PffloTD.exe
  C:\Windows\System\PffloTD.exe
  2⤵
  PID:10780
- C:\Windows\System\MrOmdos.exe
  C:\Windows\System\MrOmdos.exe
  2⤵
  PID:10796
- C:\Windows\System\hwJffTy.exe
  C:\Windows\System\hwJffTy.exe
  2⤵
  PID:10812
- C:\Windows\System\tTetijx.exe
  C:\Windows\System\tTetijx.exe
  2⤵
  PID:10832
- C:\Windows\System\myUVShE.exe
  C:\Windows\System\myUVShE.exe
  2⤵
  PID:10848
- C:\Windows\System\oSERLVr.exe
  C:\Windows\System\oSERLVr.exe
  2⤵
  PID:10864
- C:\Windows\System\koNKGIP.exe
  C:\Windows\System\koNKGIP.exe
  2⤵
  PID:10908
- C:\Windows\System\gchJSyh.exe
  C:\Windows\System\gchJSyh.exe
  2⤵
  PID:10952
- C:\Windows\System\HAhOGut.exe
  C:\Windows\System\HAhOGut.exe
  2⤵
  PID:10976
- C:\Windows\System\PNFXQaU.exe
  C:\Windows\System\PNFXQaU.exe
  2⤵
  PID:11088
- C:\Windows\System\AhCwEOs.exe
  C:\Windows\System\AhCwEOs.exe
  2⤵
  PID:11104
- C:\Windows\System\dKNdSmt.exe
  C:\Windows\System\dKNdSmt.exe
  2⤵
  PID:11124
- C:\Windows\System\iHNkKEs.exe
  C:\Windows\System\iHNkKEs.exe
  2⤵
  PID:11196
- C:\Windows\System\kkbYWnc.exe
  C:\Windows\System\kkbYWnc.exe
  2⤵
  PID:11220
- C:\Windows\System\pcEsZXP.exe
  C:\Windows\System\pcEsZXP.exe
  2⤵
  PID:10284
- C:\Windows\System\PIHzLAC.exe
  C:\Windows\System\PIHzLAC.exe
  2⤵
  PID:10264
- C:\Windows\System\CNgnOmD.exe
  C:\Windows\System\CNgnOmD.exe
  2⤵
  PID:10376
- C:\Windows\System\iqsfEDc.exe
  C:\Windows\System\iqsfEDc.exe
  2⤵
  PID:10532
- C:\Windows\System\wbVtKme.exe
  C:\Windows\System\wbVtKme.exe
  2⤵
  PID:10900
- C:\Windows\System\eZWCkIh.exe
  C:\Windows\System\eZWCkIh.exe
  2⤵
  PID:10932
- C:\Windows\System\JegkHuw.exe
  C:\Windows\System\JegkHuw.exe
  2⤵
  PID:10576
- C:\Windows\System\TkNaraC.exe
  C:\Windows\System\TkNaraC.exe
  2⤵
  PID:10584
- C:\Windows\System\OwRhwIb.exe
  C:\Windows\System\OwRhwIb.exe
  2⤵
  PID:10840
- C:\Windows\System\vtsleWs.exe
  C:\Windows\System\vtsleWs.exe
  2⤵
  PID:10972
- C:\Windows\System\IXQhpsC.exe
  C:\Windows\System\IXQhpsC.exe
  2⤵
  PID:10652
- C:\Windows\System\uLTwVmN.exe
  C:\Windows\System\uLTwVmN.exe
  2⤵
  PID:11064
- C:\Windows\System\OSZghGX.exe
  C:\Windows\System\OSZghGX.exe
  2⤵
  PID:11120
- C:\Windows\System\TmIahMA.exe
  C:\Windows\System\TmIahMA.exe
  2⤵
  PID:10824
- C:\Windows\System\FrhSnsE.exe
  C:\Windows\System\FrhSnsE.exe
  2⤵
  PID:11056
- C:\Windows\System\VFJFTOB.exe
  C:\Windows\System\VFJFTOB.exe
  2⤵
  PID:11000
- C:\Windows\System\OwuJZOv.exe
  C:\Windows\System\OwuJZOv.exe
  2⤵
  PID:11176
- C:\Windows\System\unOmidN.exe
  C:\Windows\System\unOmidN.exe
  2⤵
  PID:11212
- C:\Windows\System\redQNIE.exe
  C:\Windows\System\redQNIE.exe
  2⤵
  PID:10272
- C:\Windows\System\IqcFJmL.exe
  C:\Windows\System\IqcFJmL.exe
  2⤵
  PID:10632
- C:\Windows\System\aMMLrbz.exe
  C:\Windows\System\aMMLrbz.exe
  2⤵
  PID:10604
- C:\Windows\System\GTJITJJ.exe
  C:\Windows\System\GTJITJJ.exe
  2⤵
  PID:10624
- C:\Windows\System\FkIlHWL.exe
  C:\Windows\System\FkIlHWL.exe
  2⤵
  PID:10672
- C:\Windows\System\LxcDwja.exe
  C:\Windows\System\LxcDwja.exe
  2⤵
  PID:10820
- C:\Windows\System\wccWBHy.exe
  C:\Windows\System\wccWBHy.exe
  2⤵
  PID:11148
- C:\Windows\System\LNxCXlX.exe
  C:\Windows\System\LNxCXlX.exe
  2⤵
  PID:1924
- C:\Windows\System\FEXQIRd.exe
  C:\Windows\System\FEXQIRd.exe
  2⤵
  PID:10928
- C:\Windows\System\qhSHiwb.exe
  C:\Windows\System\qhSHiwb.exe
  2⤵
  PID:11040
- C:\Windows\System\ddISewG.exe
  C:\Windows\System\ddISewG.exe
  2⤵
  PID:10792
- C:\Windows\System\vWhnQLK.exe
  C:\Windows\System\vWhnQLK.exe
  2⤵
  PID:10312
- C:\Windows\System\UYnnxUF.exe
  C:\Windows\System\UYnnxUF.exe
  2⤵
  PID:10776
- C:\Windows\System\xSqTSRm.exe
  C:\Windows\System\xSqTSRm.exe
  2⤵
  PID:11276
- C:\Windows\System\QzfcwlO.exe
  C:\Windows\System\QzfcwlO.exe
  2⤵
  PID:11304
- C:\Windows\System\hbvJhSc.exe
  C:\Windows\System\hbvJhSc.exe
  2⤵
  PID:11332
- C:\Windows\System\OQTBAef.exe
  C:\Windows\System\OQTBAef.exe
  2⤵
  PID:11372
- C:\Windows\System\mleTABQ.exe
  C:\Windows\System\mleTABQ.exe
  2⤵
  PID:11400
- C:\Windows\System\ErEwtaK.exe
  C:\Windows\System\ErEwtaK.exe
  2⤵
  PID:11424
- C:\Windows\System\TWuGOKX.exe
  C:\Windows\System\TWuGOKX.exe
  2⤵
  PID:11440
- C:\Windows\System\VDNAJda.exe
  C:\Windows\System\VDNAJda.exe
  2⤵
  PID:11456
- C:\Windows\System\NdxBvSM.exe
  C:\Windows\System\NdxBvSM.exe
  2⤵
  PID:11476
- C:\Windows\System\gvmlJZZ.exe
  C:\Windows\System\gvmlJZZ.exe
  2⤵
  PID:11520
- C:\Windows\System\EZbQdXk.exe
  C:\Windows\System\EZbQdXk.exe
  2⤵
  PID:11560
- C:\Windows\System\qTjOozK.exe
  C:\Windows\System\qTjOozK.exe
  2⤵
  PID:11604
- C:\Windows\System\cMkbHlZ.exe
  C:\Windows\System\cMkbHlZ.exe
  2⤵
  PID:11620
- C:\Windows\System\pJKVtjq.exe
  C:\Windows\System\pJKVtjq.exe
  2⤵
  PID:11652
- C:\Windows\System\RcznEvW.exe
  C:\Windows\System\RcznEvW.exe
  2⤵
  PID:11676
- C:\Windows\System\mPmZFXK.exe
  C:\Windows\System\mPmZFXK.exe
  2⤵
  PID:11700
- C:\Windows\System\OwWdwNH.exe
  C:\Windows\System\OwWdwNH.exe
  2⤵
  PID:11736
- C:\Windows\System\DJngdQf.exe
  C:\Windows\System\DJngdQf.exe
  2⤵
  PID:11764
- C:\Windows\System\aoupbIG.exe
  C:\Windows\System\aoupbIG.exe
  2⤵
  PID:11784
- C:\Windows\System\GQtUTaT.exe
  C:\Windows\System\GQtUTaT.exe
  2⤵
  PID:11812
- C:\Windows\System\bxpNbqI.exe
  C:\Windows\System\bxpNbqI.exe
  2⤵
  PID:11840
- C:\Windows\System\mRVLaPy.exe
  C:\Windows\System\mRVLaPy.exe
  2⤵
  PID:11864
- C:\Windows\System\BmWEUdL.exe
  C:\Windows\System\BmWEUdL.exe
  2⤵
  PID:11884
- C:\Windows\System\pbmRJbr.exe
  C:\Windows\System\pbmRJbr.exe
  2⤵
  PID:11908
- C:\Windows\System\jMBPmPG.exe
  C:\Windows\System\jMBPmPG.exe
  2⤵
  PID:11924
- C:\Windows\System\QIjAwYw.exe
  C:\Windows\System\QIjAwYw.exe
  2⤵
  PID:11988
- C:\Windows\System\vtsQtdx.exe
  C:\Windows\System\vtsQtdx.exe
  2⤵
  PID:12004
- C:\Windows\System\ucDQNTf.exe
  C:\Windows\System\ucDQNTf.exe
  2⤵
  PID:12024
- C:\Windows\System\vzFImTn.exe
  C:\Windows\System\vzFImTn.exe
  2⤵
  PID:12052
- C:\Windows\System\WmAgUWw.exe
  C:\Windows\System\WmAgUWw.exe
  2⤵
  PID:12072
- C:\Windows\System\FiPfzUz.exe
  C:\Windows\System\FiPfzUz.exe
  2⤵
  PID:12100
- C:\Windows\System\meRpKHP.exe
  C:\Windows\System\meRpKHP.exe
  2⤵
  PID:12144
- C:\Windows\System\OyFYkRo.exe
  C:\Windows\System\OyFYkRo.exe
  2⤵
  PID:12160
- C:\Windows\System\kWjrcpT.exe
  C:\Windows\System\kWjrcpT.exe
  2⤵
  PID:12200
- C:\Windows\System\cqhBVzE.exe
  C:\Windows\System\cqhBVzE.exe
  2⤵
  PID:12220
- C:\Windows\System\rjYtsxY.exe
  C:\Windows\System\rjYtsxY.exe
  2⤵
  PID:12264
- C:\Windows\System\naMOxGt.exe
  C:\Windows\System\naMOxGt.exe
  2⤵
  PID:10856
- C:\Windows\System\FCDtALi.exe
  C:\Windows\System\FCDtALi.exe
  2⤵
  PID:11284
- C:\Windows\System\StOHaxi.exe
  C:\Windows\System\StOHaxi.exe
  2⤵
  PID:11364
- C:\Windows\System\BlqLoET.exe
  C:\Windows\System\BlqLoET.exe
  2⤵
  PID:11420
- C:\Windows\System\TshdTdV.exe
  C:\Windows\System\TshdTdV.exe
  2⤵
  PID:11472
- C:\Windows\System\PtESksN.exe
  C:\Windows\System\PtESksN.exe
  2⤵
  PID:11516
- C:\Windows\System\LRPHvYC.exe
  C:\Windows\System\LRPHvYC.exe
  2⤵
  PID:11584
- C:\Windows\System\lzGJvAp.exe
  C:\Windows\System\lzGJvAp.exe
  2⤵
  PID:11632
- C:\Windows\System\aSsxZuh.exe
  C:\Windows\System\aSsxZuh.exe
  2⤵
  PID:11672
- C:\Windows\System\hNudazH.exe
  C:\Windows\System\hNudazH.exe
  2⤵
  PID:11716
- C:\Windows\System\IPuEoSW.exe
  C:\Windows\System\IPuEoSW.exe
  2⤵
  PID:11780
- C:\Windows\System\FbsJbXn.exe
  C:\Windows\System\FbsJbXn.exe
  2⤵
  PID:11848
- C:\Windows\System\GxaFUAP.exe
  C:\Windows\System\GxaFUAP.exe
  2⤵
  PID:4388
- C:\Windows\System\XZOYBVl.exe
  C:\Windows\System\XZOYBVl.exe
  2⤵
  PID:11916
- C:\Windows\System\anNTrwh.exe
  C:\Windows\System\anNTrwh.exe
  2⤵
  PID:11960
- C:\Windows\System\UPwTUQd.exe
  C:\Windows\System\UPwTUQd.exe
  2⤵
  PID:12036
- C:\Windows\System\FrjbFMb.exe
  C:\Windows\System\FrjbFMb.exe
  2⤵
  PID:12112
- C:\Windows\System\YLANUqA.exe
  C:\Windows\System\YLANUqA.exe
  2⤵
  PID:12192
- C:\Windows\System\YAqVMjY.exe
  C:\Windows\System\YAqVMjY.exe
  2⤵
  PID:12184
- C:\Windows\System\waoBPGR.exe
  C:\Windows\System\waoBPGR.exe
  2⤵
  PID:11316
- C:\Windows\System\ZjqlGij.exe
  C:\Windows\System\ZjqlGij.exe
  2⤵
  PID:11408
- C:\Windows\System\QFtEYEi.exe
  C:\Windows\System\QFtEYEi.exe
  2⤵
  PID:11504
- C:\Windows\System\yjXIoDs.exe
  C:\Windows\System\yjXIoDs.exe
  2⤵
  PID:11760
- C:\Windows\System\BSIUChf.exe
  C:\Windows\System\BSIUChf.exe
  2⤵
  PID:11920
- C:\Windows\System\lPWNlOt.exe
  C:\Windows\System\lPWNlOt.exe
  2⤵
  PID:11940
- C:\Windows\System\nhSrOYx.exe
  C:\Windows\System\nhSrOYx.exe
  2⤵
  PID:10408
- C:\Windows\System\XWZeDsr.exe
  C:\Windows\System\XWZeDsr.exe
  2⤵
  PID:11272
- C:\Windows\System\GWHnJzK.exe
  C:\Windows\System\GWHnJzK.exe
  2⤵
  PID:116
- C:\Windows\System\fScxCeW.exe
  C:\Windows\System\fScxCeW.exe
  2⤵
  PID:11668
- C:\Windows\System\xQnNVKA.exe
  C:\Windows\System\xQnNVKA.exe
  2⤵
  PID:12292
- C:\Windows\System\RJiwzjs.exe
  C:\Windows\System\RJiwzjs.exe
  2⤵
  PID:12332
- C:\Windows\System\hqoetZD.exe
  C:\Windows\System\hqoetZD.exe
  2⤵
  PID:12352
- C:\Windows\System\pUXVrHK.exe
  C:\Windows\System\pUXVrHK.exe
  2⤵
  PID:12412
- C:\Windows\System\mzuyJZy.exe
  C:\Windows\System\mzuyJZy.exe
  2⤵
  PID:12452
- C:\Windows\System\lgKHDjy.exe
  C:\Windows\System\lgKHDjy.exe
  2⤵
  PID:12480
- C:\Windows\System\VTRZrtV.exe
  C:\Windows\System\VTRZrtV.exe
  2⤵
  PID:12496
- C:\Windows\System\cJHoPqm.exe
  C:\Windows\System\cJHoPqm.exe
  2⤵
  PID:12516
- C:\Windows\System\dpjzGTu.exe
  C:\Windows\System\dpjzGTu.exe
  2⤵
  PID:12556
- C:\Windows\System\wzRkPTe.exe
  C:\Windows\System\wzRkPTe.exe
  2⤵
  PID:12580
- C:\Windows\System\HhdNLOF.exe
  C:\Windows\System\HhdNLOF.exe
  2⤵
  PID:12624
- C:\Windows\System\MjrlfDB.exe
  C:\Windows\System\MjrlfDB.exe
  2⤵
  PID:12648
- C:\Windows\System\jMEbiwx.exe
  C:\Windows\System\jMEbiwx.exe
  2⤵
  PID:12672
- C:\Windows\System\JtbCkHY.exe
  C:\Windows\System\JtbCkHY.exe
  2⤵
  PID:12688
- C:\Windows\System\sZRLddb.exe
  C:\Windows\System\sZRLddb.exe
  2⤵
  PID:12744
- C:\Windows\System\IifPcem.exe
  C:\Windows\System\IifPcem.exe
  2⤵
  PID:12764
- C:\Windows\System\uUUOBna.exe
  C:\Windows\System\uUUOBna.exe
  2⤵
  PID:12784
- C:\Windows\System\JXjaMkc.exe
  C:\Windows\System\JXjaMkc.exe
  2⤵
  PID:12804
- C:\Windows\System\pNemRvH.exe
  C:\Windows\System\pNemRvH.exe
  2⤵
  PID:12824
- C:\Windows\System\dcUiTEK.exe
  C:\Windows\System\dcUiTEK.exe
  2⤵
  PID:12872
- C:\Windows\System\FZULYpQ.exe
  C:\Windows\System\FZULYpQ.exe
  2⤵
  PID:12892
- C:\Windows\System\pqnljHw.exe
  C:\Windows\System\pqnljHw.exe
  2⤵
  PID:12920
- C:\Windows\System\pKwvOpl.exe
  C:\Windows\System\pKwvOpl.exe
  2⤵
  PID:12948
- C:\Windows\System\UBUpRWl.exe
  C:\Windows\System\UBUpRWl.exe
  2⤵
  PID:12984
- C:\Windows\System\oSmPNcQ.exe
  C:\Windows\System\oSmPNcQ.exe
  2⤵
  PID:13016
- C:\Windows\System\CpFEYOi.exe
  C:\Windows\System\CpFEYOi.exe
  2⤵
  PID:13036
- C:\Windows\System\SkDvViZ.exe
  C:\Windows\System\SkDvViZ.exe
  2⤵
  PID:13060
- C:\Windows\System\SmfzGXl.exe
  C:\Windows\System\SmfzGXl.exe
  2⤵
  PID:13084
- C:\Windows\System\YiDZXyh.exe
  C:\Windows\System\YiDZXyh.exe
  2⤵
  PID:13224
- C:\Windows\System\ZoQoXXD.exe
  C:\Windows\System\ZoQoXXD.exe
  2⤵
  PID:13248
- C:\Windows\System\EcSVkyV.exe
  C:\Windows\System\EcSVkyV.exe
  2⤵
  PID:13268
- C:\Windows\System\qaKEbfQ.exe
  C:\Windows\System\qaKEbfQ.exe
  2⤵
  PID:13232
- C:\Windows\System\TwfYOLW.exe
  C:\Windows\System\TwfYOLW.exe
  2⤵
  PID:13280
- C:\Windows\System\JSdiTZy.exe
  C:\Windows\System\JSdiTZy.exe
  2⤵
  PID:13288
- C:\Windows\System\EelObYj.exe
  C:\Windows\System\EelObYj.exe
  2⤵
  PID:13304
- C:\Windows\System\GrzUxGd.exe
  C:\Windows\System\GrzUxGd.exe
  2⤵
  PID:11268
- C:\Windows\System\LlENhAL.exe
  C:\Windows\System\LlENhAL.exe
  2⤵
  PID:12324
- C:\Windows\System\ytpkXGL.exe
  C:\Windows\System\ytpkXGL.exe
  2⤵
  PID:11836
- C:\Windows\System\vrEQfrQ.exe
  C:\Windows\System\vrEQfrQ.exe
  2⤵
  PID:11880
- C:\Windows\System\jowqEeV.exe
  C:\Windows\System\jowqEeV.exe
  2⤵
  PID:12168
- C:\Windows\System\CUdqpTG.exe
  C:\Windows\System\CUdqpTG.exe
  2⤵
  PID:12664
- C:\Windows\System\DTiBDuo.exe
  C:\Windows\System\DTiBDuo.exe
  2⤵
  PID:12720
- C:\Windows\System\iVmLKiv.exe
  C:\Windows\System\iVmLKiv.exe
  2⤵
  PID:12756
- C:\Windows\System\swUwQuP.exe
  C:\Windows\System\swUwQuP.exe
  2⤵
  PID:12816
- C:\Windows\System\HWhEWVd.exe
  C:\Windows\System\HWhEWVd.exe
  2⤵
  PID:4372
- C:\Windows\System\IGdTfOm.exe
  C:\Windows\System\IGdTfOm.exe
  2⤵
  PID:12888
- C:\Windows\System\KuVXkaz.exe
  C:\Windows\System\KuVXkaz.exe
  2⤵
  PID:12944
- C:\Windows\System\iAjAcBm.exe
  C:\Windows\System\iAjAcBm.exe
  2⤵
  PID:12980
- C:\Windows\System\KBpoMin.exe
  C:\Windows\System\KBpoMin.exe
  2⤵
  PID:13032
- C:\Windows\System\jPCxNrH.exe
  C:\Windows\System\jPCxNrH.exe
  2⤵
  PID:13052
- C:\Windows\System\OUmWnCM.exe
  C:\Windows\System\OUmWnCM.exe
  2⤵
  PID:13080
- C:\Windows\System\sPgGyNl.exe
  C:\Windows\System\sPgGyNl.exe
  2⤵
  PID:13184
- C:\Windows\System\QMqBgBt.exe
  C:\Windows\System\QMqBgBt.exe
  2⤵
  PID:13144
- C:\Windows\System\rhAvrdA.exe
  C:\Windows\System\rhAvrdA.exe
  2⤵
  PID:12572
- C:\Windows\System\kFMBZEt.exe
  C:\Windows\System\kFMBZEt.exe
  2⤵
  PID:12736
- C:\Windows\System\rRtWDBG.exe
  C:\Windows\System\rRtWDBG.exe
  2⤵
  PID:12864
- C:\Windows\System\yRqxFZD.exe
  C:\Windows\System\yRqxFZD.exe
  2⤵
  PID:12960
- C:\Windows\System\yXNyPXB.exe
  C:\Windows\System\yXNyPXB.exe
  2⤵
  PID:13068
- C:\Windows\System\UsVlZkU.exe
  C:\Windows\System\UsVlZkU.exe
  2⤵
  PID:13076
- C:\Windows\System\ZWYqtGw.exe
  C:\Windows\System\ZWYqtGw.exe
  2⤵
  PID:13104
- C:\Windows\System\oTYwIKp.exe
  C:\Windows\System\oTYwIKp.exe
  2⤵
  PID:4324
- C:\Windows\System\psKMAVO.exe
  C:\Windows\System\psKMAVO.exe
  2⤵
  PID:12384
- C:\Windows\System\kIerPPE.exe
  C:\Windows\System\kIerPPE.exe
  2⤵
  PID:3112
- C:\Windows\System\ULSapOH.exe
  C:\Windows\System\ULSapOH.exe
  2⤵
  PID:13256
- C:\Windows\System\fcWjokS.exe
  C:\Windows\System\fcWjokS.exe
  2⤵
  PID:13192
- C:\Windows\System\OmvWPaz.exe
  C:\Windows\System\OmvWPaz.exe
  2⤵
  PID:7080
- C:\Windows\System\GdtQbym.exe
  C:\Windows\System\GdtQbym.exe
  2⤵
  PID:4508
- C:\Windows\System\GlkaAfK.exe
  C:\Windows\System\GlkaAfK.exe
  2⤵
  PID:3064
- C:\Windows\System\XTZBzsm.exe
  C:\Windows\System\XTZBzsm.exe
  2⤵
  PID:5784
- C:\Windows\System\GVNBXBZ.exe
  C:\Windows\System\GVNBXBZ.exe
  2⤵
  PID:5156
- C:\Windows\System\xGeULnz.exe
  C:\Windows\System\xGeULnz.exe
  2⤵
  PID:332
- C:\Windows\System\XEJYbYC.exe
  C:\Windows\System\XEJYbYC.exe
  2⤵
  PID:2624
- C:\Windows\System\MvEXwpf.exe
  C:\Windows\System\MvEXwpf.exe
  2⤵
  PID:13276
- C:\Windows\System\kiTdWEA.exe
  C:\Windows\System\kiTdWEA.exe
  2⤵
  PID:12432
- C:\Windows\System\TSrrZcB.exe
  C:\Windows\System\TSrrZcB.exe
  2⤵
  PID:12836
- C:\Windows\System\lqXdaDH.exe
  C:\Windows\System\lqXdaDH.exe
  2⤵
  PID:412
- C:\Windows\System\NLWGHXD.exe
  C:\Windows\System\NLWGHXD.exe
  2⤵
  PID:13240
- C:\Windows\System\ZPNbEDj.exe
  C:\Windows\System\ZPNbEDj.exe
  2⤵
  PID:12656
- C:\Windows\System\cBkSnUe.exe
  C:\Windows\System\cBkSnUe.exe
  2⤵
  PID:5416
- C:\Windows\System\MgjcAAu.exe
  C:\Windows\System\MgjcAAu.exe
  2⤵
  PID:4932
- C:\Windows\System\ulBKLAb.exe
  C:\Windows\System\ulBKLAb.exe
  2⤵
  PID:7088
- C:\Windows\System\VlSdheh.exe
  C:\Windows\System\VlSdheh.exe
  2⤵
  PID:2076
- C:\Windows\System\vTHAUTw.exe
  C:\Windows\System\vTHAUTw.exe
  2⤵
  PID:2516
- C:\Windows\System\ioANMpt.exe
  C:\Windows\System\ioANMpt.exe
  2⤵
  PID:4748
- C:\Windows\System\soKAOES.exe
  C:\Windows\System\soKAOES.exe
  2⤵
  PID:7176
- C:\Windows\System\mqqcYYz.exe
  C:\Windows\System\mqqcYYz.exe
  2⤵
  PID:7220
- C:\Windows\System\bLviYMB.exe
  C:\Windows\System\bLviYMB.exe
  2⤵
  PID:7264
- C:\Windows\System\afZAKYQ.exe
  C:\Windows\System\afZAKYQ.exe
  2⤵
  PID:6392
- C:\Windows\System\YUGVutu.exe
  C:\Windows\System\YUGVutu.exe
  2⤵
  PID:2060
- C:\Windows\System\FciBFKg.exe
  C:\Windows\System\FciBFKg.exe
  2⤵
  PID:4512
- C:\Windows\System\ZPYGPhw.exe
  C:\Windows\System\ZPYGPhw.exe
  2⤵
  PID:12188
- C:\Windows\System\GBFVunt.exe
  C:\Windows\System\GBFVunt.exe
  2⤵
  PID:2040
- C:\Windows\System\ygdCgUu.exe
  C:\Windows\System\ygdCgUu.exe
  2⤵
  PID:3368
- C:\Windows\System\LcLtYPi.exe
  C:\Windows\System\LcLtYPi.exe
  2⤵
  PID:12464
- C:\Windows\System\GwpqSRq.exe
  C:\Windows\System\GwpqSRq.exe
  2⤵
  PID:13252
- C:\Windows\System\mEyfyoJ.exe
  C:\Windows\System\mEyfyoJ.exe
  2⤵
  PID:12536
- C:\Windows\System\cAeosLe.exe
  C:\Windows\System\cAeosLe.exe
  2⤵
  PID:4756
- C:\Windows\System\MgMMfdl.exe
  C:\Windows\System\MgMMfdl.exe
  2⤵
  PID:1056
- C:\Windows\System\dLCCtFj.exe
  C:\Windows\System\dLCCtFj.exe
  2⤵
  PID:6772
- C:\Windows\System\rjqgxIK.exe
  C:\Windows\System\rjqgxIK.exe
  2⤵
  PID:7024
- C:\Windows\System\luEWeBc.exe
  C:\Windows\System\luEWeBc.exe
  2⤵
  PID:12372
- C:\Windows\System\revIHNk.exe
  C:\Windows\System\revIHNk.exe
  2⤵
  PID:7068
- C:\Windows\System\KwgnZsU.exe
  C:\Windows\System\KwgnZsU.exe
  2⤵
  PID:6608
- C:\Windows\System\BhoxKyy.exe
  C:\Windows\System\BhoxKyy.exe
  2⤵
  PID:6728
- C:\Windows\System\lOCCSPb.exe
  C:\Windows\System\lOCCSPb.exe
  2⤵
  PID:5524
- C:\Windows\System\BtDRkJI.exe
  C:\Windows\System\BtDRkJI.exe
  2⤵
  PID:5292
- C:\Windows\System\HHjNUGO.exe
  C:\Windows\System\HHjNUGO.exe
  2⤵
  PID:6004
- C:\Windows\System\PNagRrC.exe
  C:\Windows\System\PNagRrC.exe
  2⤵
  PID:5892
- C:\Windows\System\aTyWINv.exe
  C:\Windows\System\aTyWINv.exe
  2⤵
  PID:7404
- C:\Windows\System\OLrpUhn.exe
  C:\Windows\System\OLrpUhn.exe
  2⤵
  PID:7488
- C:\Windows\System\IudnSwa.exe
  C:\Windows\System\IudnSwa.exe
  2⤵
  PID:7616
- C:\Windows\System\BxNRQGN.exe
  C:\Windows\System\BxNRQGN.exe
  2⤵
  PID:7656
- C:\Windows\System\KDOAVOQ.exe
  C:\Windows\System\KDOAVOQ.exe
  2⤵
  PID:7828
- C:\Windows\System\wRzdbhL.exe
  C:\Windows\System\wRzdbhL.exe
  2⤵
  PID:7956
- C:\Windows\System\EowGVNA.exe
  C:\Windows\System\EowGVNA.exe
  2⤵
  PID:8172
- C:\Windows\System\MwOfMlo.exe
  C:\Windows\System\MwOfMlo.exe
  2⤵
  PID:8152
- C:\Windows\System\HddXzrU.exe
  C:\Windows\System\HddXzrU.exe
  2⤵
  PID:7144
- C:\Windows\System\vVKDEPP.exe
  C:\Windows\System\vVKDEPP.exe
  2⤵
  PID:6644
- C:\Windows\System\LZrBVmT.exe
  C:\Windows\System\LZrBVmT.exe
  2⤵
  PID:7416
- C:\Windows\System\aKuSoMB.exe
  C:\Windows\System\aKuSoMB.exe
  2⤵
  PID:2368
- C:\Windows\System\gHZdQSy.exe
  C:\Windows\System\gHZdQSy.exe
  2⤵
  PID:7696
- C:\Windows\System\hGpMjTD.exe
  C:\Windows\System\hGpMjTD.exe
  2⤵
  PID:3740
- C:\Windows\System\tuaRgnv.exe
  C:\Windows\System\tuaRgnv.exe
  2⤵
  PID:2908
- C:\Windows\System\ruqcxFY.exe
  C:\Windows\System\ruqcxFY.exe
  2⤵
  PID:7932
- C:\Windows\System\FKUIDAi.exe
  C:\Windows\System\FKUIDAi.exe
  2⤵
  PID:7952
- C:\Windows\System\HMHthBH.exe
  C:\Windows\System\HMHthBH.exe
  2⤵
  PID:6640
- C:\Windows\System\dBhdtxY.exe
  C:\Windows\System\dBhdtxY.exe
  2⤵
  PID:7520
- C:\Windows\System\YxqvROB.exe
  C:\Windows\System\YxqvROB.exe
  2⤵
  PID:1520
- C:\Windows\System\ywzEJjm.exe
  C:\Windows\System\ywzEJjm.exe
  2⤵
  PID:8084
- C:\Windows\System\pvHTxPb.exe
  C:\Windows\System\pvHTxPb.exe
  2⤵
  PID:7748
- C:\Windows\System\hlBOKvz.exe
  C:\Windows\System\hlBOKvz.exe
  2⤵
  PID:7984
- C:\Windows\System\eEnvWGf.exe
  C:\Windows\System\eEnvWGf.exe
  2⤵
  PID:8252
- C:\Windows\System\gByqcKJ.exe
  C:\Windows\System\gByqcKJ.exe
  2⤵
  PID:8332
- C:\Windows\System\MkSYGkq.exe
  C:\Windows\System\MkSYGkq.exe
  2⤵
  PID:8484
- C:\Windows\System\ZDjMXTV.exe
  C:\Windows\System\ZDjMXTV.exe
  2⤵
  PID:8576
- C:\Windows\System\ataTKrU.exe
  C:\Windows\System\ataTKrU.exe
  2⤵
  PID:8684
- C:\Windows\System\rYlmfHu.exe
  C:\Windows\System\rYlmfHu.exe
  2⤵
  PID:8696
- C:\Windows\System\pKqXGWW.exe
  C:\Windows\System\pKqXGWW.exe
  2⤵
  PID:9160
- C:\Windows\System\VbKVMdX.exe
  C:\Windows\System\VbKVMdX.exe
  2⤵
  PID:9140
- C:\Windows\System\WnfqjiZ.exe
  C:\Windows\System\WnfqjiZ.exe
  2⤵
  PID:9192
- C:\Windows\System\WCtVuiQ.exe
  C:\Windows\System\WCtVuiQ.exe
  2⤵
  PID:8328
- C:\Windows\System\HdtJrhq.exe
  C:\Windows\System\HdtJrhq.exe
  2⤵
  PID:8308
- C:\Windows\System\XPFxOsz.exe
  C:\Windows\System\XPFxOsz.exe
  2⤵
  PID:8708
- C:\Windows\System\zwSsBTF.exe
  C:\Windows\System\zwSsBTF.exe
  2⤵
  PID:8344
- C:\Windows\System\KiPGAqX.exe
  C:\Windows\System\KiPGAqX.exe
  2⤵
  PID:8516
- C:\Windows\System\zogwsbv.exe
  C:\Windows\System\zogwsbv.exe
  2⤵
  PID:744
- C:\Windows\System\cCssPER.exe
  C:\Windows\System\cCssPER.exe
  2⤵
  PID:3060
- C:\Windows\System\DuxMrcS.exe
  C:\Windows\System\DuxMrcS.exe
  2⤵
  PID:12812
- C:\Windows\System\cEDHRFf.exe
  C:\Windows\System\cEDHRFf.exe
  2⤵
  PID:6008
- C:\Windows\System\qfIdthT.exe
  C:\Windows\System\qfIdthT.exe
  2⤵
  PID:2772
- C:\Windows\System\uDfgojI.exe
  C:\Windows\System\uDfgojI.exe
  2⤵
  PID:1968
- C:\Windows\System\PegkGWu.exe
  C:\Windows\System\PegkGWu.exe
  2⤵
  PID:6788
- C:\Windows\System\uSngWIH.exe
  C:\Windows\System\uSngWIH.exe
  2⤵
  PID:2960
- C:\Windows\System\mpRHcVa.exe
  C:\Windows\System\mpRHcVa.exe
  2⤵
  PID:3956
- C:\Windows\System\dfxgrHo.exe
  C:\Windows\System\dfxgrHo.exe
  2⤵
  PID:4704
- C:\Windows\System\HMCMyZO.exe
  C:\Windows\System\HMCMyZO.exe
  2⤵
  PID:4040
- C:\Windows\System\lcjmLhX.exe
  C:\Windows\System\lcjmLhX.exe
  2⤵
  PID:4968
- C:\Windows\System\OVlNLdl.exe
  C:\Windows\System\OVlNLdl.exe
  2⤵
  PID:13264
- C:\Windows\System\pOKAnWO.exe
  C:\Windows\System\pOKAnWO.exe
  2⤵
  PID:5684
- C:\Windows\System\LdDHuwA.exe
  C:\Windows\System\LdDHuwA.exe
  2⤵
  PID:5520
- C:\Windows\System\uuKHCbf.exe
  C:\Windows\System\uuKHCbf.exe
  2⤵
  PID:5384
- C:\Windows\System\oQYvGIi.exe
  C:\Windows\System\oQYvGIi.exe
  2⤵
  PID:5976
- C:\Windows\System\WowrKge.exe
  C:\Windows\System\WowrKge.exe
  2⤵
  PID:5836
- C:\Windows\System\wfXkpYR.exe
  C:\Windows\System\wfXkpYR.exe
  2⤵
  PID:7756
- C:\Windows\System\esSxgjV.exe
  C:\Windows\System\esSxgjV.exe
  2⤵
  PID:7360
- C:\Windows\System\FrsxKMx.exe
  C:\Windows\System\FrsxKMx.exe
  2⤵
  PID:4844
- C:\Windows\System\iZFZpEj.exe
  C:\Windows\System\iZFZpEj.exe
  2⤵
  PID:8312
- C:\Windows\System\OMTQEoT.exe
  C:\Windows\System\OMTQEoT.exe
  2⤵
  PID:8532
- C:\Windows\System\ZAdQzSE.exe
  C:\Windows\System\ZAdQzSE.exe
  2⤵
  PID:9036
- C:\Windows\System\QbcEzyi.exe
  C:\Windows\System\QbcEzyi.exe
  2⤵
  PID:8712
- C:\Windows\System\gCKQTAl.exe
  C:\Windows\System\gCKQTAl.exe
  2⤵
  PID:8668
- C:\Windows\System\vYaDuek.exe
  C:\Windows\System\vYaDuek.exe
  2⤵
  PID:8408
- C:\Windows\System\tLwxdWT.exe
  C:\Windows\System\tLwxdWT.exe
  2⤵
  PID:1392
- C:\Windows\System\MlIeJoA.exe
  C:\Windows\System\MlIeJoA.exe
  2⤵
  PID:5320
- C:\Windows\System\dysWAAP.exe
  C:\Windows\System\dysWAAP.exe
  2⤵
  PID:6052
- C:\Windows\System\kFFzGGG.exe
  C:\Windows\System\kFFzGGG.exe
  2⤵
  PID:3764
- C:\Windows\System\RHrYyJY.exe
  C:\Windows\System\RHrYyJY.exe
  2⤵
  PID:1356
- C:\Windows\System\HsinDmm.exe
  C:\Windows\System\HsinDmm.exe
  2⤵
  PID:4100
- C:\Windows\System\OpfmKfb.exe
  C:\Windows\System\OpfmKfb.exe
  2⤵
  PID:12644
- C:\Windows\System\XrsuJlo.exe
  C:\Windows\System\XrsuJlo.exe
  2⤵
  PID:13200
- C:\Windows\System\DyTgDFf.exe
  C:\Windows\System\DyTgDFf.exe
  2⤵
  PID:528
- C:\Windows\System\RQcpyUL.exe
  C:\Windows\System\RQcpyUL.exe
  2⤵
  PID:696
- C:\Windows\System\aNfivVs.exe
  C:\Windows\System\aNfivVs.exe
  2⤵
  PID:4268
- C:\Windows\System\BrkSXZT.exe
  C:\Windows\System\BrkSXZT.exe
  2⤵
  PID:1764
- C:\Windows\System\XijYybO.exe
  C:\Windows\System\XijYybO.exe
  2⤵
  PID:5584
- C:\Windows\System\UsfmcUU.exe
  C:\Windows\System\UsfmcUU.exe
  2⤵
  PID:5180
- C:\Windows\System\laLrQqb.exe
  C:\Windows\System\laLrQqb.exe
  2⤵
  PID:9368
- C:\Windows\System\rrGwVDG.exe
  C:\Windows\System\rrGwVDG.exe
  2⤵
  PID:9388
- C:\Windows\System\eMwcFXv.exe
  C:\Windows\System\eMwcFXv.exe
  2⤵
  PID:9476
- C:\Windows\System\wuaJOBJ.exe
  C:\Windows\System\wuaJOBJ.exe
  2⤵
  PID:9508
- C:\Windows\System\JUhTtdM.exe
  C:\Windows\System\JUhTtdM.exe
  2⤵
  PID:9540
- C:\Windows\System\dSkVnzq.exe
  C:\Windows\System\dSkVnzq.exe
  2⤵
  PID:9648
- C:\Windows\System\ItjJXzQ.exe
  C:\Windows\System\ItjJXzQ.exe
  2⤵
  PID:6136
- C:\Windows\System\IrPtEei.exe
  C:\Windows\System\IrPtEei.exe
  2⤵
  PID:12492
- C:\Windows\System\bGoilEd.exe
  C:\Windows\System\bGoilEd.exe
  2⤵
  PID:3388
- C:\Windows\System\cFdCZkt.exe
  C:\Windows\System\cFdCZkt.exe
  2⤵
  PID:1132
- C:\Windows\System\FHNrvpo.exe
  C:\Windows\System\FHNrvpo.exe
  2⤵
  PID:13228
- C:\Windows\System\toaCouf.exe
  C:\Windows\System\toaCouf.exe
  2⤵
  PID:3724
- C:\Windows\System\tExogna.exe
  C:\Windows\System\tExogna.exe
  2⤵
  PID:6252
- C:\Windows\System\RKwLEsp.exe
  C:\Windows\System\RKwLEsp.exe
  2⤵
  PID:5208
- C:\Windows\System\MKZwKci.exe
  C:\Windows\System\MKZwKci.exe
  2⤵
  PID:5248
- C:\Windows\System\qDOzNpw.exe
  C:\Windows\System\qDOzNpw.exe
  2⤵
  PID:5536
- C:\Windows\System\EdvFCTr.exe
  C:\Windows\System\EdvFCTr.exe
  2⤵
  PID:4864
- C:\Windows\System\xcPKsiz.exe
  C:\Windows\System\xcPKsiz.exe
  2⤵
  PID:1720
- C:\Windows\System\rkiImWf.exe
  C:\Windows\System\rkiImWf.exe
  2⤵
  PID:9804
- C:\Windows\System\jAldiLu.exe
  C:\Windows\System\jAldiLu.exe
  2⤵
  PID:9860
- C:\Windows\System\FRrlTXM.exe
  C:\Windows\System\FRrlTXM.exe
  2⤵
  PID:9952
- C:\Windows\System\fMvAwLs.exe
  C:\Windows\System\fMvAwLs.exe
  2⤵
  PID:9956
- C:\Windows\System\YuYcRxc.exe
  C:\Windows\System\YuYcRxc.exe
  2⤵
  PID:10028
- C:\Windows\System\mrkIdCo.exe
  C:\Windows\System\mrkIdCo.exe
  2⤵
  PID:592
- C:\Windows\System\jPhzKMv.exe
  C:\Windows\System\jPhzKMv.exe
  2⤵
  PID:4692
- C:\Windows\System\XCFiCqJ.exe
  C:\Windows\System\XCFiCqJ.exe
  2⤵
  PID:6064
- C:\Windows\System\oJpyCTL.exe
  C:\Windows\System\oJpyCTL.exe
  2⤵
  PID:1244
- C:\Windows\System\vlxcDjk.exe
  C:\Windows\System\vlxcDjk.exe
  2⤵
  PID:5564
- C:\Windows\System\yXgTsTj.exe
  C:\Windows\System\yXgTsTj.exe
  2⤵
  PID:4180
- C:\Windows\System\kJVJABE.exe
  C:\Windows\System\kJVJABE.exe
  2⤵
  PID:10092
- C:\Windows\System\bmnzbPu.exe
  C:\Windows\System\bmnzbPu.exe
  2⤵
  PID:5100
- C:\Windows\System\WhllNlO.exe
  C:\Windows\System\WhllNlO.exe
  2⤵
  PID:6328
- C:\Windows\System\ImeYryR.exe
  C:\Windows\System\ImeYryR.exe
  2⤵
  PID:12348
- C:\Windows\System\nEGdiLQ.exe
  C:\Windows\System\nEGdiLQ.exe
  2⤵
  PID:9236
- C:\Windows\System\ckWncvb.exe
  C:\Windows\System\ckWncvb.exe
  2⤵
  PID:9336
- C:\Windows\System\gPOUGCO.exe
  C:\Windows\System\gPOUGCO.exe
  2⤵
  PID:6672
- C:\Windows\System\bgMHHZp.exe
  C:\Windows\System\bgMHHZp.exe
  2⤵
  PID:2320
- C:\Windows\System\PuFXlqq.exe
  C:\Windows\System\PuFXlqq.exe
  2⤵
  PID:3360
- C:\Windows\System\fiqdpmN.exe
  C:\Windows\System\fiqdpmN.exe
  2⤵
  PID:9560
- C:\Windows\System\fwtHnjf.exe
  C:\Windows\System\fwtHnjf.exe
  2⤵
  PID:9704
- C:\Windows\System\ouNnnHm.exe
  C:\Windows\System\ouNnnHm.exe
  2⤵
  PID:5992
- C:\Windows\System\DEXLmkC.exe
  C:\Windows\System\DEXLmkC.exe
  2⤵
  PID:4516
- C:\Windows\System\YVRMFPd.exe
  C:\Windows\System\YVRMFPd.exe
  2⤵
  PID:6780
- C:\Windows\System\FmkUtGI.exe
  C:\Windows\System\FmkUtGI.exe
  2⤵
  PID:10004
- C:\Windows\System\CpfYsZG.exe
  C:\Windows\System\CpfYsZG.exe
  2⤵
  PID:6132
- C:\Windows\System\bTIYBMM.exe
  C:\Windows\System\bTIYBMM.exe
  2⤵
  PID:10204
- C:\Windows\System\LHCJcpr.exe
  C:\Windows\System\LHCJcpr.exe
  2⤵
  PID:13108
- C:\Windows\System\ixmIcUA.exe
  C:\Windows\System\ixmIcUA.exe
  2⤵
  PID:9484
- C:\Windows\System\HXjlyFx.exe
  C:\Windows\System\HXjlyFx.exe
  2⤵
  PID:9736
- C:\Windows\System\ZAJcfRf.exe
  C:\Windows\System\ZAJcfRf.exe
  2⤵
  PID:4028
- C:\Windows\System\UvjpBlu.exe
  C:\Windows\System\UvjpBlu.exe
  2⤵
  PID:6636
- C:\Windows\System\FBFuusX.exe
  C:\Windows\System\FBFuusX.exe
  2⤵
  PID:5352
- C:\Windows\System\dGNqQpD.exe
  C:\Windows\System\dGNqQpD.exe
  2⤵
  PID:5264
- C:\Windows\System\gtjKzTO.exe
  C:\Windows\System\gtjKzTO.exe
  2⤵
  PID:10444
- C:\Windows\System\aakcfbV.exe
  C:\Windows\System\aakcfbV.exe
  2⤵
  PID:5896
- C:\Windows\System\BHCxeKt.exe
  C:\Windows\System\BHCxeKt.exe
  2⤵
  PID:4532
- C:\Windows\System\OSaELiI.exe
  C:\Windows\System\OSaELiI.exe
  2⤵
  PID:6152
- C:\Windows\System\zMWnCtp.exe
  C:\Windows\System\zMWnCtp.exe
  2⤵
  PID:3656
- C:\Windows\System\PmNCxgo.exe
  C:\Windows\System\PmNCxgo.exe
  2⤵
  PID:8028
- C:\Windows\System\eGMmEFd.exe
  C:\Windows\System\eGMmEFd.exe
  2⤵
  PID:8020
- C:\Windows\System\KUdPDqA.exe
  C:\Windows\System\KUdPDqA.exe
  2⤵
  PID:8180
- C:\Windows\System\oEHkBzJ.exe
  C:\Windows\System\oEHkBzJ.exe
  2⤵
  PID:7216
- C:\Windows\System\xadZdcz.exe
  C:\Windows\System\xadZdcz.exe
  2⤵
  PID:6348
- C:\Windows\System\aOdxIXg.exe
  C:\Windows\System\aOdxIXg.exe
  2⤵
  PID:6368
- C:\Windows\System\yrMtEcx.exe
  C:\Windows\System\yrMtEcx.exe
  2⤵
  PID:1116
- C:\Windows\System\SOaDNxc.exe
  C:\Windows\System\SOaDNxc.exe
  2⤵
  PID:6424
- C:\Windows\System\LeheuUD.exe
  C:\Windows\System\LeheuUD.exe
  2⤵
  PID:6436
- C:\Windows\System\OdRzzcA.exe
  C:\Windows\System\OdRzzcA.exe
  2⤵
  PID:2036
- C:\Windows\System\WMyagLP.exe
  C:\Windows\System\WMyagLP.exe
  2⤵
  PID:6520
- C:\Windows\System\GWuYKaC.exe
  C:\Windows\System\GWuYKaC.exe
  2⤵
  PID:6564
- C:\Windows\System\XbXAeSe.exe
  C:\Windows\System\XbXAeSe.exe
  2⤵
  PID:6576
- C:\Windows\System\AOEPanx.exe
  C:\Windows\System\AOEPanx.exe
  2⤵
  PID:2256
- C:\Windows\System\idKBskv.exe
  C:\Windows\System\idKBskv.exe
  2⤵
  PID:6632
- C:\Windows\System\YbTEAip.exe
  C:\Windows\System\YbTEAip.exe
  2⤵
  PID:6660
- C:\Windows\System\CUpxZdh.exe
  C:\Windows\System\CUpxZdh.exe
  2⤵
  PID:8580
- C:\Windows\System\oxtTrUa.exe
  C:\Windows\System\oxtTrUa.exe
  2⤵
  PID:8620
- C:\Windows\System\GIjWUmi.exe
  C:\Windows\System\GIjWUmi.exe
  2⤵
  PID:11072
- C:\Windows\System\dOkHcjZ.exe
  C:\Windows\System\dOkHcjZ.exe
  2⤵
  PID:8848
- C:\Windows\System\PXgAVJT.exe
  C:\Windows\System\PXgAVJT.exe
  2⤵
  PID:10588
- C:\Windows\System\GGCXNXR.exe
  C:\Windows\System\GGCXNXR.exe
  2⤵
  PID:8920
- C:\Windows\System\GgEkxAo.exe
  C:\Windows\System\GgEkxAo.exe
  2⤵
  PID:8292
- C:\Windows\System\qnhQpVL.exe
  C:\Windows\System\qnhQpVL.exe
  2⤵
  PID:8816
- C:\Windows\System\kiQJRzG.exe
  C:\Windows\System\kiQJRzG.exe
  2⤵
  PID:6872
- C:\Windows\System\VlTZhYn.exe
  C:\Windows\System\VlTZhYn.exe
  2⤵
  PID:10688
- C:\Windows\System\EiKBuTT.exe
  C:\Windows\System\EiKBuTT.exe
  2⤵
  PID:6856
- C:\Windows\System\rDZNeqp.exe
  C:\Windows\System\rDZNeqp.exe
  2⤵
  PID:8564
- C:\Windows\System\AzgJWzd.exe
  C:\Windows\System\AzgJWzd.exe
  2⤵
  PID:6852
- C:\Windows\System\IOAARSc.exe
  C:\Windows\System\IOAARSc.exe
  2⤵
  PID:10804
- C:\Windows\System\gaVMZMK.exe
  C:\Windows\System\gaVMZMK.exe
  2⤵
  PID:8600
- C:\Windows\System\IgMyRTp.exe
  C:\Windows\System\IgMyRTp.exe
  2⤵
  PID:3728
- C:\Windows\System\xRUHxMa.exe
  C:\Windows\System\xRUHxMa.exe
  2⤵
  PID:11252
- C:\Windows\System\iZduBzq.exe
  C:\Windows\System\iZduBzq.exe
  2⤵
  PID:8236
- C:\Windows\System\BOaeNtV.exe
  C:\Windows\System\BOaeNtV.exe
  2⤵
  PID:4032
- C:\Windows\System\KDbCZnV.exe
  C:\Windows\System\KDbCZnV.exe
  2⤵
  PID:7152
- C:\Windows\System\RXaIkux.exe
  C:\Windows\System\RXaIkux.exe
  2⤵
  PID:11340
- C:\Windows\System\rBusXuK.exe
  C:\Windows\System\rBusXuK.exe
  2⤵
  PID:6032
- C:\Windows\System\EBdiDvD.exe
  C:\Windows\System\EBdiDvD.exe
  2⤵
  PID:2700
- C:\Windows\System\wOWluBX.exe
  C:\Windows\System\wOWluBX.exe
  2⤵
  PID:1900
- C:\Windows\System\DYesXTe.exe
  C:\Windows\System\DYesXTe.exe
  2⤵
  PID:4288
- C:\Windows\System\fHWSqjD.exe
  C:\Windows\System\fHWSqjD.exe
  2⤵
  PID:11724
- C:\Windows\System\itoipBM.exe
  C:\Windows\System\itoipBM.exe
  2⤵
  PID:11904
- C:\Windows\System\YfkgmKo.exe
  C:\Windows\System\YfkgmKo.exe
  2⤵
  PID:2372
- C:\Windows\System\BkFWXNY.exe
  C:\Windows\System\BkFWXNY.exe
  2⤵
  PID:12088
- C:\Windows\System\XnecCRv.exe
  C:\Windows\System\XnecCRv.exe
  2⤵
  PID:5236
- C:\Windows\System\hyUhgNI.exe
  C:\Windows\System\hyUhgNI.exe
  2⤵
  PID:12244
- C:\Windows\System\oLaIvUo.exe
  C:\Windows\System\oLaIvUo.exe
  2⤵
  PID:11032
- C:\Windows\System\titVUMs.exe
  C:\Windows\System\titVUMs.exe
  2⤵
  PID:7468
- C:\Windows\System\TanmEsf.exe
  C:\Windows\System\TanmEsf.exe
  2⤵
  PID:7060
- C:\Windows\System\TpaUMBb.exe
  C:\Windows\System\TpaUMBb.exe
  2⤵
  PID:8424
- C:\Windows\System\tNiwwGz.exe
  C:\Windows\System\tNiwwGz.exe
  2⤵
  PID:11876
- C:\Windows\System\XAPQFPb.exe
  C:\Windows\System\XAPQFPb.exe
  2⤵
  PID:8512
- C:\Windows\System\xbyIkcY.exe
  C:\Windows\System\xbyIkcY.exe
  2⤵
  PID:9004
- C:\Windows\System\kRnCFyu.exe
  C:\Windows\System\kRnCFyu.exe
  2⤵
  PID:3188
- C:\Windows\System\tiLXYww.exe
  C:\Windows\System\tiLXYww.exe
  2⤵
  PID:7096
- C:\Windows\System\nzYSzZw.exe
  C:\Windows\System\nzYSzZw.exe
  2⤵
  PID:3532
- C:\Windows\System\QaRhrDq.exe
  C:\Windows\System\QaRhrDq.exe
  2⤵
  PID:532
- C:\Windows\System\SluaisG.exe
  C:\Windows\System\SluaisG.exe
  2⤵
  PID:6388
- C:\Windows\System\jURhRyB.exe
  C:\Windows\System\jURhRyB.exe
  2⤵
  PID:6560
- C:\Windows\System\xiMaUNI.exe
  C:\Windows\System\xiMaUNI.exe
  2⤵
  PID:12420
- C:\Windows\System\UFTzaPC.exe
  C:\Windows\System\UFTzaPC.exe
  2⤵
  PID:3080
- C:\Windows\System\QqPJsgV.exe
  C:\Windows\System\QqPJsgV.exe
  2⤵
  PID:12568
- C:\Windows\System\iWjrXAA.exe
  C:\Windows\System\iWjrXAA.exe
  2⤵
  PID:12620
- C:\Windows\System\omBcxhd.exe
  C:\Windows\System\omBcxhd.exe
  2⤵
  PID:6984
- C:\Windows\System\sloKuCI.exe
  C:\Windows\System\sloKuCI.exe
  2⤵
  PID:12660
- C:\Windows\System\NPXMFtI.exe
  C:\Windows\System\NPXMFtI.exe
  2⤵
  PID:12732
- C:\Windows\System\cAwJojR.exe
  C:\Windows\System\cAwJojR.exe
  2⤵
  PID:12820
- C:\Windows\System\VZtlAFV.exe
  C:\Windows\System\VZtlAFV.exe
  2⤵
  PID:12928
- C:\Windows\System\ZoxUWHw.exe
  C:\Windows\System\ZoxUWHw.exe
  2⤵
  PID:2072
- C:\Windows\System\SifQwFD.exe
  C:\Windows\System\SifQwFD.exe
  2⤵
  PID:9232
- C:\Windows\System\bXBgifU.exe
  C:\Windows\System\bXBgifU.exe
  2⤵
  PID:9612
- C:\Windows\System\MUYHwjq.exe
  C:\Windows\System\MUYHwjq.exe
  2⤵
  PID:4428
- C:\Windows\System\fCjwRXI.exe
  C:\Windows\System\fCjwRXI.exe
  2⤵
  PID:7336
- C:\Windows\System\LHwGhik.exe
  C:\Windows\System\LHwGhik.exe
  2⤵
  PID:12972
- C:\Windows\System\GbGwgOl.exe
  C:\Windows\System\GbGwgOl.exe
  2⤵
  PID:13048
- C:\Windows\System\ZkVeEAu.exe
  C:\Windows\System\ZkVeEAu.exe
  2⤵
  PID:12604
- C:\Windows\System\cmfqClC.exe
  C:\Windows\System\cmfqClC.exe
  2⤵
  PID:6180
- C:\Windows\System\IKzuHwL.exe
  C:\Windows\System\IKzuHwL.exe
  2⤵
  PID:13212
- C:\Windows\System\yDvAfvN.exe
  C:\Windows\System\yDvAfvN.exe
  2⤵
  PID:7064
- C:\Windows\System\MBKzFMa.exe
  C:\Windows\System\MBKzFMa.exe
  2⤵
  PID:13196
- C:\Windows\System\ldoGmli.exe
  C:\Windows\System\ldoGmli.exe
  2⤵
  PID:6940
- C:\Windows\System\mAbIGCd.exe
  C:\Windows\System\mAbIGCd.exe
  2⤵
  PID:10056
- C:\Windows\System\smYcKII.exe
  C:\Windows\System\smYcKII.exe
  2⤵
  PID:4584
- C:\Windows\System\AoWjENW.exe
  C:\Windows\System\AoWjENW.exe
  2⤵
  PID:7376
- C:\Windows\System\bugnAFl.exe
  C:\Windows\System\bugnAFl.exe
  2⤵
  PID:5192
- C:\Windows\System\zFIyYQF.exe
  C:\Windows\System\zFIyYQF.exe
  2⤵
  PID:6920
- C:\Windows\System\BcnJvTo.exe
  C:\Windows\System\BcnJvTo.exe
  2⤵
  PID:10060
- C:\Windows\System\tLbGaXE.exe
  C:\Windows\System\tLbGaXE.exe
  2⤵
  PID:12488
- C:\Windows\System\JbpCIsh.exe
  C:\Windows\System\JbpCIsh.exe
  2⤵
  PID:5620
- C:\Windows\System\fLiSwci.exe
  C:\Windows\System\fLiSwci.exe
  2⤵
  PID:5588
- C:\Windows\System\OjsTlam.exe
  C:\Windows\System\OjsTlam.exe
  2⤵
  PID:4048
- C:\Windows\System\WeHoEkw.exe
  C:\Windows\System\WeHoEkw.exe
  2⤵
  PID:4964
- C:\Windows\System\ncedmML.exe
  C:\Windows\System\ncedmML.exe
  2⤵
  PID:9656
- C:\Windows\System\bmAwtcm.exe
  C:\Windows\System\bmAwtcm.exe
  2⤵
  PID:9700
- C:\Windows\System\ETPZoYm.exe
  C:\Windows\System\ETPZoYm.exe
  2⤵
  PID:9808
- C:\Windows\System\RpMjGhF.exe
  C:\Windows\System\RpMjGhF.exe
  2⤵
  PID:12364
- C:\Windows\System\cTpvbkF.exe
  C:\Windows\System\cTpvbkF.exe
  2⤵
  PID:6072
- C:\Windows\System\pQxSUNx.exe
  C:\Windows\System\pQxSUNx.exe
  2⤵
  PID:11548
- C:\Windows\System\HJekjWt.exe
  C:\Windows\System\HJekjWt.exe
  2⤵
  PID:13148
- C:\Windows\System\iXQnpsW.exe
  C:\Windows\System\iXQnpsW.exe
  2⤵
  PID:13292
- C:\Windows\System\kcpolNp.exe
  C:\Windows\System\kcpolNp.exe
  2⤵
  PID:5272
- C:\Windows\System\LHsvnhi.exe
  C:\Windows\System\LHsvnhi.exe
  2⤵
  PID:10452
- C:\Windows\System\INdADKv.exe
  C:\Windows\System\INdADKv.exe
  2⤵
  PID:5912
- C:\Windows\System\GEbyAxN.exe
  C:\Windows\System\GEbyAxN.exe
  2⤵
  PID:5904
- C:\Windows\System\FBqnVsG.exe
  C:\Windows\System\FBqnVsG.exe
  2⤵
  PID:5548
- C:\Windows\System\JSoOpLZ.exe
  C:\Windows\System\JSoOpLZ.exe
  2⤵
  PID:7628
- C:\Windows\System\NfQiprU.exe
  C:\Windows\System\NfQiprU.exe
  2⤵
  PID:10420
- C:\Windows\System\WzLplQw.exe
  C:\Windows\System\WzLplQw.exe
  2⤵
  PID:6916
- C:\Windows\System\TyyhHoO.exe
  C:\Windows\System\TyyhHoO.exe
  2⤵
  PID:8144
- C:\Windows\System\fYHlRai.exe
  C:\Windows\System\fYHlRai.exe
  2⤵
  PID:6240
- C:\Windows\System\nIIMgHA.exe
  C:\Windows\System\nIIMgHA.exe
  2⤵
  PID:7736
- C:\Windows\System\HbTJFXG.exe
  C:\Windows\System\HbTJFXG.exe
  2⤵
  PID:6380
- C:\Windows\System\ftVOfVk.exe
  C:\Windows\System\ftVOfVk.exe
  2⤵
  PID:7328
- C:\Windows\System\TFrsnGg.exe
  C:\Windows\System\TFrsnGg.exe
  2⤵
  PID:7588
- C:\Windows\System\eLdSFhe.exe
  C:\Windows\System\eLdSFhe.exe
  2⤵
  PID:4856
- C:\Windows\System\JTjyGCI.exe
  C:\Windows\System\JTjyGCI.exe
  2⤵
  PID:7296
- C:\Windows\System\UoqthKU.exe
  C:\Windows\System\UoqthKU.exe
  2⤵
  PID:3888
- C:\Windows\System\nBvwAuJ.exe
  C:\Windows\System\nBvwAuJ.exe
  2⤵
  PID:7464
- C:\Windows\System\LGVCxOB.exe
  C:\Windows\System\LGVCxOB.exe
  2⤵
  PID:8248
- C:\Windows\System\PKFzaLx.exe
  C:\Windows\System\PKFzaLx.exe
  2⤵
  PID:6712
- C:\Windows\System\luhSBxj.exe
  C:\Windows\System\luhSBxj.exe
  2⤵
  PID:8300
- C:\Windows\System\XcdTiQw.exe
  C:\Windows\System\XcdTiQw.exe
  2⤵
  PID:8756
- C:\Windows\System\frpNmHA.exe
  C:\Windows\System\frpNmHA.exe
  2⤵
  PID:8876
- C:\Windows\System\CnPLdGf.exe
  C:\Windows\System\CnPLdGf.exe
  2⤵
  PID:10356
- C:\Windows\System\TvCLZFz.exe
  C:\Windows\System\TvCLZFz.exe
  2⤵
  PID:8908
- C:\Windows\System\MKQIetE.exe
  C:\Windows\System\MKQIetE.exe
  2⤵
  PID:9144
- C:\Windows\System\LTzNQvv.exe
  C:\Windows\System\LTzNQvv.exe
  2⤵
  PID:10336
- C:\Windows\System\BKGXIgN.exe
  C:\Windows\System\BKGXIgN.exe
  2⤵
  PID:8864
- C:\Windows\System\lFnEkWP.exe
  C:\Windows\System\lFnEkWP.exe
  2⤵
  PID:11116
- C:\Windows\System\NGLnSxu.exe
  C:\Windows\System\NGLnSxu.exe
  2⤵
  PID:9120
- C:\Windows\System\nrpfWho.exe
  C:\Windows\System\nrpfWho.exe
  2⤵
  PID:4892
- C:\Windows\System\yFpYvZV.exe
  C:\Windows\System\yFpYvZV.exe
  2⤵
  PID:1572
- C:\Windows\System\IdSYWRm.exe
  C:\Windows\System\IdSYWRm.exe
  2⤵
  PID:3488
- C:\Windows\System\rqxrAmb.exe
  C:\Windows\System\rqxrAmb.exe
  2⤵
  PID:4632
- C:\Windows\System\FJzUmYN.exe
  C:\Windows\System\FJzUmYN.exe
  2⤵
  PID:11484
- C:\Windows\System\GZQSkwk.exe
  C:\Windows\System\GZQSkwk.exe
  2⤵
  PID:11628
- C:\Windows\System\ltcYSZh.exe
  C:\Windows\System\ltcYSZh.exe
  2⤵
  PID:6420
- C:\Windows\System\QmbGIjZ.exe
  C:\Windows\System\QmbGIjZ.exe
  2⤵
  PID:5696
- C:\Windows\System\rvDMRxr.exe
  C:\Windows\System\rvDMRxr.exe
  2⤵
  PID:12228
- C:\Windows\System\VWTOKbX.exe
  C:\Windows\System\VWTOKbX.exe
  2⤵
  PID:5860
- C:\Windows\System\olDBAZL.exe
  C:\Windows\System\olDBAZL.exe
  2⤵
  PID:11392
- C:\Windows\System\zgAqybM.exe
  C:\Windows\System\zgAqybM.exe
  2⤵
  PID:11532
- C:\Windows\System\OhLbeoz.exe
  C:\Windows\System\OhLbeoz.exe
  2⤵
  PID:8640
- C:\Windows\System\aZUPbgZ.exe
  C:\Windows\System\aZUPbgZ.exe
  2⤵
  PID:5908
- C:\Windows\System\kaJMVfj.exe
  C:\Windows\System\kaJMVfj.exe
  2⤵
  PID:4404
- C:\Windows\System\bQkuBQL.exe
  C:\Windows\System\bQkuBQL.exe
  2⤵
  PID:11696
- C:\Windows\System\QSONCeG.exe
  C:\Windows\System\QSONCeG.exe
  2⤵
  PID:3084
- C:\Windows\System\vIAkntx.exe
  C:\Windows\System\vIAkntx.exe
  2⤵
  PID:376
- C:\Windows\System\FZXBMOY.exe
  C:\Windows\System\FZXBMOY.exe
  2⤵
  PID:2460
- C:\Windows\System\NkrSLcM.exe
  C:\Windows\System\NkrSLcM.exe
  2⤵
  PID:12636
- C:\Windows\System\mzMFcpq.exe
  C:\Windows\System\mzMFcpq.exe
  2⤵
  PID:12700
- C:\Windows\System\PwbrBgA.exe
  C:\Windows\System\PwbrBgA.exe
  2⤵
  PID:12728
- C:\Windows\System\PPFHQtd.exe
  C:\Windows\System\PPFHQtd.exe
  2⤵
  PID:9240
- C:\Windows\System\qUHfnXE.exe
  C:\Windows\System\qUHfnXE.exe
  2⤵
  PID:12880
- C:\Windows\System\SpgNrLO.exe
  C:\Windows\System\SpgNrLO.exe
  2⤵
  PID:10400
- C:\Windows\System\uuqqZRU.exe
  C:\Windows\System\uuqqZRU.exe
  2⤵
  PID:10316
- C:\Windows\System\uilbCbi.exe
  C:\Windows\System\uilbCbi.exe
  2⤵
  PID:9316
- C:\Windows\System\YMjvELr.exe
  C:\Windows\System\YMjvELr.exe
  2⤵
  PID:10468
- C:\Windows\System\SUobPdc.exe
  C:\Windows\System\SUobPdc.exe
  2⤵
  PID:10552
- C:\Windows\System\CYuRptG.exe
  C:\Windows\System\CYuRptG.exe
  2⤵
  PID:12964
- C:\Windows\System\AHrfVsO.exe
  C:\Windows\System\AHrfVsO.exe
  2⤵
  PID:13004
- C:\Windows\System\RvFDJeh.exe
  C:\Windows\System\RvFDJeh.exe
  2⤵
  PID:13024
- C:\Windows\System\pnmHACY.exe
  C:\Windows\System\pnmHACY.exe
  2⤵
  PID:13168
- C:\Windows\System\xTVxLeg.exe
  C:\Windows\System\xTVxLeg.exe
  2⤵
  PID:13176
- C:\Windows\System\ZvIJMaH.exe
  C:\Windows\System\ZvIJMaH.exe
  2⤵
  PID:9848
- C:\Windows\System\cyWXHyK.exe
  C:\Windows\System\cyWXHyK.exe
  2⤵
  PID:9504
- C:\Windows\System\KOiVjrF.exe
  C:\Windows\System\KOiVjrF.exe
  2⤵
  PID:1620
- C:\Windows\System\CrlZwEz.exe
  C:\Windows\System\CrlZwEz.exe
  2⤵
  PID:7236
- C:\Windows\System\QZgewMJ.exe
  C:\Windows\System\QZgewMJ.exe
  2⤵
  PID:3612
- C:\Windows\System\sruWDfC.exe
  C:\Windows\System\sruWDfC.exe
  2⤵
  PID:1412
- C:\Windows\System\uqthyCY.exe
  C:\Windows\System\uqthyCY.exe
  2⤵
  PID:6968
- C:\Windows\System\JkdaAmV.exe
  C:\Windows\System\JkdaAmV.exe
  2⤵
  PID:3644
- C:\Windows\System\fpyrqhw.exe
  C:\Windows\System\fpyrqhw.exe
  2⤵
  PID:9976
- C:\Windows\System\YfpdnEu.exe
  C:\Windows\System\YfpdnEu.exe
  2⤵
  PID:11004
- C:\Windows\System\YOJOyaM.exe
  C:\Windows\System\YOJOyaM.exe
  2⤵
  PID:5012
- C:\Windows\System\ZPSXfoL.exe
  C:\Windows\System\ZPSXfoL.exe
  2⤵
  PID:11188
- C:\Windows\System\toalSal.exe
  C:\Windows\System\toalSal.exe
  2⤵
  PID:11140
- C:\Windows\System\kYsFEcr.exe
  C:\Windows\System\kYsFEcr.exe
  2⤵
  PID:10108
- C:\Windows\System\kICLVeM.exe
  C:\Windows\System\kICLVeM.exe
  2⤵
  PID:1036
- C:\Windows\System\qPFXDPK.exe
  C:\Windows\System\qPFXDPK.exe
  2⤵
  PID:12312
- C:\Windows\System\cRQrNBD.exe
  C:\Windows\System\cRQrNBD.exe
  2⤵
  PID:7164
- C:\Windows\System\EDKyDWw.exe
  C:\Windows\System\EDKyDWw.exe
  2⤵
  PID:12932
- C:\Windows\System\rztTjEs.exe
  C:\Windows\System\rztTjEs.exe
  2⤵
  PID:11236
- C:\Windows\System\KtktYfO.exe
  C:\Windows\System\KtktYfO.exe
  2⤵
  PID:4064
- C:\Windows\System\ROjdeLJ.exe
  C:\Windows\System\ROjdeLJ.exe
  2⤵
  PID:9352
- C:\Windows\System\wrZtZed.exe
  C:\Windows\System\wrZtZed.exe
  2⤵
  PID:10460
- C:\Windows\System\vCBeFxF.exe
  C:\Windows\System\vCBeFxF.exe
  2⤵
  PID:9452
- C:\Windows\System\KqFWfbw.exe
  C:\Windows\System\KqFWfbw.exe
  2⤵
  PID:5472
- C:\Windows\System\WVxbadb.exe
  C:\Windows\System\WVxbadb.exe
  2⤵
  PID:2912
- C:\Windows\System\nlkmbKY.exe
  C:\Windows\System\nlkmbKY.exe
  2⤵
  PID:10328
- C:\Windows\System\KcqKJWQ.exe
  C:\Windows\System\KcqKJWQ.exe
  2⤵
  PID:1876
- C:\Windows\System\hVITkcA.exe
  C:\Windows\System\hVITkcA.exe
  2⤵
  PID:10392
- C:\Windows\System\UPBAiqc.exe
  C:\Windows\System\UPBAiqc.exe
  2⤵
  PID:10564
- C:\Windows\System\wMEGIHj.exe
  C:\Windows\System\wMEGIHj.exe
  2⤵
  PID:10404
- C:\Windows\System\HjTiCgv.exe
  C:\Windows\System\HjTiCgv.exe
  2⤵
  PID:10756
- C:\Windows\System\yKnmfQF.exe
  C:\Windows\System\yKnmfQF.exe
  2⤵
  PID:9868
- C:\Windows\System\AyUBZVM.exe
  C:\Windows\System\AyUBZVM.exe
  2⤵
  PID:10600
- C:\Windows\System\DEHcwfI.exe
  C:\Windows\System\DEHcwfI.exe
  2⤵
  PID:10096
- C:\Windows\System\SUFnfpb.exe
  C:\Windows\System\SUFnfpb.exe
  2⤵
  PID:11016
- C:\Windows\System\XyxtPWF.exe
  C:\Windows\System\XyxtPWF.exe
  2⤵
  PID:10960
- C:\Windows\System\mtcPHXj.exe
  C:\Windows\System\mtcPHXj.exe
  2⤵
  PID:10944
- C:\Windows\System\NQjThBa.exe
  C:\Windows\System\NQjThBa.exe
  2⤵
  PID:10788
- C:\Windows\System\AGshXEQ.exe
  C:\Windows\System\AGshXEQ.exe
  2⤵
  PID:10620
- C:\Windows\System\bFsJhBU.exe
  C:\Windows\System\bFsJhBU.exe
  2⤵
  PID:10612
- C:\Windows\System\oHbdFny.exe
  C:\Windows\System\oHbdFny.exe
  2⤵
  PID:10216
- C:\Windows\System\JkHJiTC.exe
  C:\Windows\System\JkHJiTC.exe
  2⤵
  PID:5480
- C:\Windows\System\xYiJKAC.exe
  C:\Windows\System\xYiJKAC.exe
  2⤵
  PID:11060
- C:\Windows\System\nhTmnBA.exe
  C:\Windows\System\nhTmnBA.exe
  2⤵
  PID:11068
- C:\Windows\System\SkeIhHG.exe
  C:\Windows\System\SkeIhHG.exe
  2⤵
  PID:5780
- C:\Windows\System\gfOZnHM.exe
  C:\Windows\System\gfOZnHM.exe
  2⤵
  PID:7572
- C:\Windows\System\TVVDghz.exe
  C:\Windows\System\TVVDghz.exe
  2⤵
  PID:5356
- C:\Windows\System\dxIwqlC.exe
  C:\Windows\System\dxIwqlC.exe
  2⤵
  PID:4484
- C:\Windows\System\OAUnLYj.exe
  C:\Windows\System\OAUnLYj.exe
  2⤵
  PID:5500
- C:\Windows\System\lhSIyMo.exe
  C:\Windows\System\lhSIyMo.exe
  2⤵
  PID:7560
- C:\Windows\System\mTEvurC.exe
  C:\Windows\System\mTEvurC.exe
  2⤵
  PID:7552
- C:\Windows\System\YdkRGKI.exe
  C:\Windows\System\YdkRGKI.exe
  2⤵
  PID:4060
- C:\Windows\System\fQdazlV.exe
  C:\Windows\System\fQdazlV.exe
  2⤵
  PID:6172
- C:\Windows\System\douNNsh.exe
  C:\Windows\System\douNNsh.exe
  2⤵
  PID:1856
- C:\Windows\System\OURwXuh.exe
  C:\Windows\System\OURwXuh.exe
  2⤵
  PID:4760
- C:\Windows\System\dQAHPOB.exe
  C:\Windows\System\dQAHPOB.exe
  2⤵
  PID:2664
- C:\Windows\System\lzVlUwb.exe
  C:\Windows\System\lzVlUwb.exe
  2⤵
  PID:6296
- C:\Windows\System\kfYsPOi.exe
  C:\Windows\System\kfYsPOi.exe
  2⤵
  PID:6452
- C:\Windows\System\mPNTmWb.exe
  C:\Windows\System\mPNTmWb.exe
  2⤵
  PID:7224
- C:\Windows\System\njsffav.exe
  C:\Windows\System\njsffav.exe
  2⤵
  PID:4504
- C:\Windows\System\JAsJzfT.exe
  C:\Windows\System\JAsJzfT.exe
  2⤵
  PID:11416
- C:\Windows\System\UxOYFxk.exe
  C:\Windows\System\UxOYFxk.exe
  2⤵
  PID:6620
- C:\Windows\System\GsLevYy.exe
  C:\Windows\System\GsLevYy.exe
  2⤵
  PID:7604
- C:\Windows\System\mONWgor.exe
  C:\Windows\System\mONWgor.exe
  2⤵
  PID:11540
- C:\Windows\System\zCYKVVY.exe
  C:\Windows\System\zCYKVVY.exe
  2⤵
  PID:6648
- C:\Windows\System\yrHqLTP.exe
  C:\Windows\System\yrHqLTP.exe
  2⤵
  PID:8496
- C:\Windows\System\egrFwYH.exe
  C:\Windows\System\egrFwYH.exe
  2⤵
  PID:11568
- C:\Windows\System\ZONEFxv.exe
  C:\Windows\System\ZONEFxv.exe
  2⤵
  PID:8592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_okyudysb.uyt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AYfwHku.exe

Filesize
1.7MB

MD5
c33ce358476ea0632e44bc8594cd3563

SHA1
8b0143408e35c0c141f66d331de2a38b46180301

SHA256
08bbafc6172d043db163b0a02767f867d6d1f1dc10dd1ed3d981b76e68fd651d

SHA512
0c00a4d584e229f489f4c044b2f80d2d62ee7a2acbe61a66f69a3479db692bbcd4628c3e7ff803e767893581581ea0ec982a5cb57f8ff297db592c9aad2f6a9e

Download Submit
C:\Windows\System\AhZayWa.exe

Filesize
1.7MB

MD5
d3e61de91c7d644824acb793a1114b13

SHA1
c530c8be97dc385596e6d9db995893744f6f9cdf

SHA256
bee83843326519b75a6f821893264f53a0d8d9412747b6603bf709c76597d144

SHA512
b8c081c25753ceceba5c280e3e91057e251f321bd8a8242660501f793afd1478e1a3944503affc29144e947c7511c8eba7e5f28e5beb8861e2aa3578ea19f158

Download Submit
C:\Windows\System\CbKQOuv.exe

Filesize
1.7MB

MD5
f383dd5fecd56c3ae236eef72e93fa46

SHA1
367062f99e0e392b55eb9df3a058a6683c41aaa0

SHA256
08686c9233dc766fcf65aea706e4ced740ba8fa22b2e2ab7dfaf5ae14f1b478b

SHA512
c165e54d3432b674712876979925f799b8267afe8dc075cb6298b614339d518b8ff6ad9ed8444269e1e6dfbe4d54dcd0a9f812f0762e3730a477df6b6266c985

Download Submit
C:\Windows\System\EKgvVuT.exe

Filesize
1.7MB

MD5
85f0bed7e54e5393776bb0e2d1bf4ca1

SHA1
d27fa612de024a543bcedad5a27f1d48d1917015

SHA256
b0c579cc629dc11daf8944d16b6cdf783e1bc8448f0f662e5685e0c133ca8f2f

SHA512
b57ef57a622351f92a2a52993b98e88202495c5d4f4361c913d3c4c2546c455b8bcb206d18a2bd20fda713bdf41a97387ab7e7541919348e2a88f932f72b8e86

Download Submit
C:\Windows\System\GnRNqVL.exe

Filesize
1.7MB

MD5
86dbbf46e47ac38f66d623dcad4bcdd1

SHA1
133c39be7a3f26f42aaf85eddcea089dbe97d69d

SHA256
344b2db76e3dd09f1e8cd3ac6f1499fbd65c12d0a380d2b5ece54b7c9690aaac

SHA512
80f63bdbf3d28821fa4dcf4d727e8c0d2832050e51563ed9242e64e2cdc38cc18678f1f214822eeb056f977ad185aca41ffdd1f207d2c7f23234161bb4411d9d

Download Submit
C:\Windows\System\HjkAFin.exe

Filesize
1.7MB

MD5
6b632121f318c30328f46073c859926e

SHA1
51f5e44455a836c59dea6ac4fb83081d0b704766

SHA256
2b796241c9ef216df9e3edd1126a8826eba339379b6d5b4fb9e86102b723f55c

SHA512
b6f557340ec0b2a188f81a44f9e9e2adb5a5fbb4900a2c8bb69cb0974fbebdb08ea262a0019935bf50428498441b870d6ab83b858799d97bc50c3f8101e73b4c

Download Submit
C:\Windows\System\LhvlmLX.exe

Filesize
1.7MB

MD5
dc3c425e64298eda267bf1eb8e60b340

SHA1
9b4b78b7224c736aa79a544d71f777a6169cb127

SHA256
91d8159b80d8c423f92e68822eed5505e6d10067557a91020601f079eb116558

SHA512
d2ab0a2b5c0e5b6f65bdd46f5da8dc52c01e0cc17b39723f45f2779063e39d5ea93b01f247c17651edfb755f821d4bcbdb1b29e79bb5164b3b8193dfee31b3de

Download Submit
C:\Windows\System\Lzjkwli.exe

Filesize
1.7MB

MD5
6e755ac4544f4b9b98ef7ddacb8015cf

SHA1
f123639f351e4b8753c08e7f31fa5db458f3d8ef

SHA256
dbb6a3d6c3be3d11021e6b80390ba0603e7287fc092dbef78e51953d383b102b

SHA512
d5b457812902724c26a0644f18a9e93ea1bd6771a2137c9aae3d7c657b2120ad4dae064a6791d84e5db5a9229fd1f63ef0c5c5ff49817aac136ae52742d7be8c

Download Submit
C:\Windows\System\REtrPPu.exe

Filesize
1.7MB

MD5
a8de75ed5509cd637ff968ee00a25f70

SHA1
755fc639153afca566148bc3c9626034e48e0135

SHA256
cf9907b9fd16219baa2da82e4966a44efa121c22d4e77cb5ede9a41b5d72a226

SHA512
547c36379ca3738436e72ee8845f4402d40711a0c5c33eca22ea62cbc4f82066ee3ae649b13eeb1b6138d1ea8489c8536fdd184d813c4c32b2ed4bf0fd74e880

Download Submit
C:\Windows\System\RoFVtRE.exe

Filesize
1.7MB

MD5
c63bfa66e0affa937e3dab86eb965425

SHA1
d738ba15093bb26bbdd6ae0a3b9604b0ff2ec58f

SHA256
4afd7827731745407449c5567971c61e4401efa4dec4ccf7944e0d8614bcce6e

SHA512
7aa7339a7a13cee02df58de746014b1e2c54b2e628ee1090164a4a3ebc077e0ed3ef18533552bc9066298976eeaf522e1800d663dbabd31d7c087e747ac3ed81

Download Submit
C:\Windows\System\SElZuob.exe

Filesize
1.7MB

MD5
37fe584c12fcaf8dec1a3fce11422481

SHA1
52ef1aa577b042c966bd929313b8fac765732b36

SHA256
722da0377dc7bbd12ab1ed72c1cca08782cb6b527b0c8f998c202316a06ed07c

SHA512
6e1689ef8f5eaa900ac712466c27ccc14ed9587be775d0b4ebea09e200a16cbc7e052a500344a896cfea12dd7c215ea08139c5fc7a8c2a13038c78a2e9244d50

Download Submit
C:\Windows\System\TirAtGK.exe

Filesize
1.8MB

MD5
6acb1771617c34fcf7aaa4793ec09688

SHA1
afc83b544bc594a2fe628d00463ec5799cee3584

SHA256
20e084e807ddbb8703312d741b1c7204177436830d7b780d49e64157e7b9c41b

SHA512
fc42ae8620ad9dd4ea3b443086b9cdff639bbc54fc7e19c7de169393ae58a7d2f3d7914f7908a97ad39401a5bc6d8595804d709b027d2811717ae0f65ab95437

Download Submit
C:\Windows\System\UqbVeEy.exe

Filesize
1.8MB

MD5
e3ec70b56597f2791ea557c37221ba5e

SHA1
3e9b82a62e12688cbb4d832a57cbe32682b979bb

SHA256
06bf9689e4e3d733d13acc6f64c6c58f631dd7f9e3f804ac4bb98f59d8ad4484

SHA512
212fc8f380986ccbea6e389a39dc913482fbd4017d7a0ad1cdb4c00c935671ec7f3e42d11df5dd2da11ed6e84ed7ed93194d1c4cb108daab3906db9104085231

Download Submit
C:\Windows\System\XUswyMV.exe

Filesize
1.7MB

MD5
c15f735b4e0ab708cf1fba687bb6952b

SHA1
9029971484f66963cb9cff840bd4fdab2bd96907

SHA256
0373c4b9c7b8eb31c03edf8708598039d02f99896ba7212dbba6f56c34b33212

SHA512
ba3aab26e2bda82431c7f55a83bd9605bb3619d3867ff470a8d2af98cbf8941a1519b1826dcdfc1e1f62021c228406d2d3e5d6f10147a338892479244913076b

Download Submit
C:\Windows\System\aVzQxVj.exe

Filesize
1.8MB

MD5
b7af5524f7b92c459364b7eb4cba04f9

SHA1
37b5dab96eaa5eaadf2ee019f595653bb5b371c8

SHA256
59147b773c3b763e527af616fc2e6098229643e80ded4b57d03d8426e8c78054

SHA512
e18256b9c4ba9451f37f716e8114ba780fda295d153ee1a5048fe85806cb97556692e1a8f15501e5609ddfb9671da1db5fa4217ad754950b64a4279d737acd87

Download Submit
C:\Windows\System\bzqFWVi.exe

Filesize
1.7MB

MD5
76b29a623a7441b7b94da0adbf296a7a

SHA1
371929ce809dc9fa1b54bf9998b3f7145dbda609

SHA256
7d8d4e2a106e26b4f8ba01febe6eed2628e69fdbc35f81338d044f1599ffb0e6

SHA512
edf7916c51a0d8c78aba09a48a0dbf38586ab9d2a2be6cd50d96ccbf7de292bb74333941d9b609a382bc6e4f2c4e07210bc4b85fad0599c3fef54a1e9b4de0dd

Download Submit
C:\Windows\System\eEXXbpT.exe

Filesize
1.7MB

MD5
488a434ebe0c50b664f968d4707e3b9d

SHA1
c4d650ec3fca88f2d060e398933d3d69c3373ba3

SHA256
dc8465a1ec787154cf497faee10bacfe68f461d656066895df0709c49f010f7b

SHA512
70d1bf2e61b2fad784773be1b61f78fb1227393c09b0f6813e7c620983bed9b05038dd0951439ce0ed5d10d417ce9bd559520ef20c25666e25cc96053b3c75b8

Download Submit
C:\Windows\System\eyyctGu.exe

Filesize
1.7MB

MD5
994e13d5dcc471e01dc1d3d1a5ac09b4

SHA1
cf668a446cf285b81e3cb5670d796c47b16e5fde

SHA256
c8cc25278243181429ff5822d1f59ebc15b0245d5234eb6891b0837e4be90c2e

SHA512
76e2a4efd67f22e3c351f459e46b558c8b64db5ab5cc6898aa5e957b8b86c6b5d9c85fd092b50c18e6f1b7c62f46ae122269c19a5c16f91644eab8487eeaea6e

Download Submit
C:\Windows\System\hdyURsH.exe

Filesize
1.7MB

MD5
027d8c3458a01d99d050c69e0d4a0cad

SHA1
e8fb7e4baddbe04ee53840e0f63a331df2b43f28

SHA256
5ecf4970be190fd02c39dc302949a20f489d59760ef2d697237ef08730842c58

SHA512
dafc2b85aa79fde19cfae1e21e1cc2886059becbab5f3a43c4619383430133c68b672172633cabd4397025db5149a96132f0cc867084b4c00c69337e771bee48

Download Submit
C:\Windows\System\jhllbGz.exe

Filesize
1.7MB

MD5
8e41c5b609490debb61be413689ea01c

SHA1
083c0702dbbe51267aecfed5a5dfc82956aea30b

SHA256
fab49e3c228cd35ffca355f6db54096b5fda0c6fb5957d1b7a9b187af882d84f

SHA512
d73c425cc41e0704182cec2e7698e92d8f124d5cf6031ac9d4334ef82d6a9d46f623ed758652425a3f10c4e33b5b4cf66a488d90ed84176ef69fb8db98770a78

Download Submit
C:\Windows\System\nZKOUvh.exe

Filesize
8B

MD5
67d893d1a2095d39d451d08ee1cc05e9

SHA1
dad7ef4487e41ff3c3e600250e691ed16832dc94

SHA256
cc871666e89dd430f5e3dc9cc361cd1a4ecf7214b4b8daeb86cca2257079f3ce

SHA512
7799e4db272ac6c136cb55f2e50c1582a5027767dc6d148dbf159fdb6f776a047cf2ac573fbb2f2ca5a994173cf0465c93ef3f6e6c86e8981136e854def9801d

Download Submit
C:\Windows\System\ozlqAuj.exe

Filesize
1.7MB

MD5
30e160a38918db86804843f9ca3ea855

SHA1
6bd5ab3cc2fc0ae433cb289cb65dc9b91649cd3a

SHA256
5e02cd35cbf39312e5e3e439e82817672f645fc50582c8e89dd1aa0eb6dc6c35

SHA512
a7127ce16bd56942abb11af1224c5ee6a5bb5404ccdfaf36df2062d273ce36856d1479ed909b86f8e2f75530c25bcd9e42698ddda7cc37a59f18add82b81c5af

Download Submit
C:\Windows\System\pDOOsxI.exe

Filesize
1.7MB

MD5
db21fcdc505e0970c5dc5d688bcf7a47

SHA1
4f5ebd1028add32c5a345c4d5956e930081b32a0

SHA256
5c317389562dc5c9ada8097e96fcdffc2fe5a065331c9f900b1312fde0b56a89

SHA512
5200b6b87035032e00021925bab232c63e10a8aaba7137145d2769ead7194e9fba67ed9debe4fef216799412031a6c186b03f63bef1907eafc888b78046f6ccb

Download Submit
C:\Windows\System\pTPpvTs.exe

Filesize
1.7MB

MD5
7b153efffa62b7110b6a85f3b02b12f9

SHA1
ead11f40b27f0dfd766237f40bb80e8c1ad751c9

SHA256
488fbbabe49ed749b7ea935e0d7f02f42ba9e97743d0a98ba30dbcc1cf88df77

SHA512
54b08339bdb5d5f10b9e0b2db242a28ed617141f348c1d69ff060710102903159aad4a25679c35e23f1e0050ce7d41cc7cba34cc41cb0117018c6a2991d65661

Download Submit
C:\Windows\System\qbxHiFm.exe

Filesize
1.7MB

MD5
7ca526839ce816e19b0722316b6e6a3a

SHA1
3e1fd0d72ccf23d2f191c671609b3b1c2889f0b6

SHA256
a6bba5fa4c7b200835fad60e206dd5214320c41c10910f2a9c5302e44b0a8f32

SHA512
09c2a04ec2c87b9e632f8683e9efd6d2caa8eb938d91d22ea126fdc39637bcbf4f0ee246f0b6b71716826d259d58752519bdfa0edd3e6fb985e448c091f14b2f

Download Submit
C:\Windows\System\rJopfqD.exe

Filesize
1.7MB

MD5
93282ef29270628c66b411193ee716b9

SHA1
a2d4dad91ff30ed63c54e4b78ca69b8ffdd1c954

SHA256
d4fb2ba2b7f8b58266961a641a37e2ec60d649e71f5d1206778153293e1c343b

SHA512
e6ce62cd4e05e694280fbba22844b388d61a8059a98040eb7028720c2ef0b529377fb73b14070b8dc9aad51b4910da216cb2766a6f8aff05e22e7c96ada14e45

Download Submit
C:\Windows\System\twFzpTG.exe

Filesize
1.7MB

MD5
02b8708e671a08327a4270a7759b1f1e

SHA1
724a6714cefb29ff3d7f612d5db0c24df546af9d

SHA256
0cb085c84b2d30a29437cc68c99c2938331ab1a1ef19de2771b5ce91d4fe378a

SHA512
615f79c8a25010bbcc031cf6ff65728ddd03a54707f252f4fb948e312d605afc971ac0e77d944629e251b03002dc7e87e204707a500eafcd758298698f6b70fb

Download Submit
C:\Windows\System\uiKMmEV.exe

Filesize
1.7MB

MD5
75a8ec822b4263b19daa332c58f4fecc

SHA1
c2504433a52a4402e097ef29bd861a3e248f8930

SHA256
fdecbd5a00a6fbd11f95e558259594b4ecae6cacaabb5749d63630e285411c33

SHA512
710b21867152b84c647765505ce21461b47a8e0f6d0c41a9877ff5a8a41f156a869e2cd008b1a5118d6dc7c24c1c3253fb90516af1f728d8013e1ed7f9d0cdae

Download Submit
C:\Windows\System\vYeVElB.exe

Filesize
1.7MB

MD5
8c31fb094fe8018631f2d180877e95d9

SHA1
441a431a1fd76138c4485a5cbcbe9cc4a24b64e6

SHA256
f0dc650c0fa442d8c6c28acb829955b01292323eab57b284c487efda0bdffea1

SHA512
7b6e54ec7016f2db312d171749edd9d7973f97be450cfa0f9357ffca9b1bcca938e9ecbe15659b5e6f6d214defea25ffe124d48c46d376007f4c87eae6f7d73a

Download Submit
C:\Windows\System\wmXyvmF.exe

Filesize
1.7MB

MD5
14caaa3b18b93cbac1d4e8af7859750c

SHA1
3f47a1e9408d5f68767f880601669882bf696613

SHA256
9f4a5e881ba225cd27c0ea1b3e707b968b4940d22cfeb9c642cfe2046003978c

SHA512
6736e71772d0e5024e365ca2bd6581a165ff201cbfff9c6a185504627c0cb2cab84aeb63caf2ec0f4083eb54eff50bc11636c1f2c71723dfe46be3b12a9a6ddd

Download Submit
C:\Windows\System\wyhhUDW.exe

Filesize
1.7MB

MD5
9ede01ca79b9b78cf9d7a39aa8b1ddcb

SHA1
34cb09edec46bd408b60cbee426b3e39bd212f9d

SHA256
4b73571230ff712f6b079deda0564cc8fd4de845cff98a20002d24e7db32a729

SHA512
a27ec62b64610ebbbe9143233f3e64616eca21b4c5f25f2990355515f96963baf9b82b14be5a148297084763f9d2e7ebda37ab3b0ef9a4ec554af84080e6efed

Download Submit
C:\Windows\System\xBUuuUH.exe

Filesize
1.7MB

MD5
da05f139996d06c8ac51bc68e52ef16e

SHA1
d0b35d9ce9ababcf9394e009653cdcc8ce839777

SHA256
f743946582441f8dd04fe5dd39802d919e564d5d9611a01778f4230d405dc6e3

SHA512
d786f771082f91af3829124fb701dba58d31a37d008a9612e0a2a0174e818ee8c7b92452d73d0043a79bf90a6be2d303f669d98307d7501eb08b0897f87c371d

Download Submit
C:\Windows\System\xXAmiBE.exe

Filesize
1.8MB

MD5
f7e420f26002b80808a92f1dfd4b2fb4

SHA1
6fcde0a5f19f7e88f82c59b17d3a8ddc70279394

SHA256
c322157ace350807943ff2a6058d1bb0fd651d7ecce4e55d33dd3fcb7af6ba96

SHA512
d65bcbf28f0779638b545a811aaac1e2e11d12d89da13b4a21836de827011e11cb85a12fe4a73e16cf69848c214c6fef91f7c4089e0b4cb164f4c9edc64e2af3

Download Submit
C:\Windows\System\zYpfxRK.exe

Filesize
1.7MB

MD5
14b11fc48e05542389e82f05e13bc60d

SHA1
19da956ef771fc94aa13205cde0bb3b94733ff34

SHA256
7d5663993789d114d1f11e9bab9c414d3dbb715e86639d70c147b0b9bc951433

SHA512
f065338ce59e42d932a9a04e65387a22bc12015670c386670450c920bdf2f8d1172e5b8b1dabe868f34c77692a626e1635b8e9bc07a81abecdc31bcf0fbbe423

Download Submit
memory/208-0-0x00007FF79DB00000-0x00007FF79DEF2000-memory.dmp

Filesize
3.9MB

Download
memory/208-1-0x000002C8F2F00000-0x000002C8F2F10000-memory.dmp

Filesize
64KB

Download
memory/224-98-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp

Filesize
3.9MB

Download
memory/224-3895-0x00007FF7070D0000-0x00007FF7074C2000-memory.dmp

Filesize
3.9MB

Download
memory/716-3896-0x00007FF650580000-0x00007FF650972000-memory.dmp

Filesize
3.9MB

Download
memory/716-79-0x00007FF650580000-0x00007FF650972000-memory.dmp

Filesize
3.9MB

Download
memory/1000-33-0x00007FFE80DA0000-0x00007FFE81861000-memory.dmp

Filesize
10.8MB

Download
memory/1000-4034-0x00007FFE80DA0000-0x00007FFE81861000-memory.dmp

Filesize
10.8MB

Download
memory/1000-464-0x0000024777E60000-0x0000024778606000-memory.dmp

Filesize
7.6MB

Download
memory/1000-19-0x00007FFE80DA0000-0x00007FFE81861000-memory.dmp

Filesize
10.8MB

Download
memory/1000-74-0x0000024777290000-0x00000247772B2000-memory.dmp

Filesize
136KB

Download
memory/1000-7-0x00007FFE80DA3000-0x00007FFE80DA5000-memory.dmp

Filesize
8KB

Download
memory/1160-85-0x00007FF60C160000-0x00007FF60C552000-memory.dmp

Filesize
3.9MB

Download
memory/1160-3901-0x00007FF60C160000-0x00007FF60C552000-memory.dmp

Filesize
3.9MB

Download
memory/1188-4014-0x00007FF781610000-0x00007FF781A02000-memory.dmp

Filesize
3.9MB

Download
memory/1188-173-0x00007FF781610000-0x00007FF781A02000-memory.dmp

Filesize
3.9MB

Download
memory/1536-119-0x00007FF635860000-0x00007FF635C52000-memory.dmp

Filesize
3.9MB

Download
memory/1536-3946-0x00007FF635860000-0x00007FF635C52000-memory.dmp

Filesize
3.9MB

Download
memory/1676-3902-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp

Filesize
3.9MB

Download
memory/1676-102-0x00007FF7FDD40000-0x00007FF7FE132000-memory.dmp

Filesize
3.9MB

Download
memory/1852-3894-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp

Filesize
3.9MB

Download
memory/1852-49-0x00007FF6F9E30000-0x00007FF6FA222000-memory.dmp

Filesize
3.9MB

Download
memory/2080-3944-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp

Filesize
3.9MB

Download
memory/2080-113-0x00007FF6FB680000-0x00007FF6FBA72000-memory.dmp

Filesize
3.9MB

Download
memory/2268-185-0x00007FF719500000-0x00007FF7198F2000-memory.dmp

Filesize
3.9MB

Download
memory/2268-4019-0x00007FF719500000-0x00007FF7198F2000-memory.dmp

Filesize
3.9MB

Download
memory/2704-125-0x00007FF70B190000-0x00007FF70B582000-memory.dmp

Filesize
3.9MB

Download
memory/2704-3948-0x00007FF70B190000-0x00007FF70B582000-memory.dmp

Filesize
3.9MB

Download
memory/3236-4027-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp

Filesize
3.9MB

Download
memory/3236-196-0x00007FF71CA40000-0x00007FF71CE32000-memory.dmp

Filesize
3.9MB

Download
memory/3248-149-0x00007FF6365A0000-0x00007FF636992000-memory.dmp

Filesize
3.9MB

Download
memory/3248-3983-0x00007FF6365A0000-0x00007FF636992000-memory.dmp

Filesize
3.9MB

Download
memory/3672-3967-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp

Filesize
3.9MB

Download
memory/3672-94-0x00007FF7051B0000-0x00007FF7055A2000-memory.dmp

Filesize
3.9MB

Download
memory/3688-3367-0x00007FF6645A0000-0x00007FF664992000-memory.dmp

Filesize
3.9MB

Download
memory/3688-91-0x00007FF6645A0000-0x00007FF664992000-memory.dmp

Filesize
3.9MB

Download
memory/3688-4575-0x00007FF6645A0000-0x00007FF664992000-memory.dmp

Filesize
3.9MB

Download
memory/3716-167-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp

Filesize
3.9MB

Download
memory/3716-4009-0x00007FF6358F0000-0x00007FF635CE2000-memory.dmp

Filesize
3.9MB

Download
memory/3884-155-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp

Filesize
3.9MB

Download
memory/3884-3999-0x00007FF63E800000-0x00007FF63EBF2000-memory.dmp

Filesize
3.9MB

Download
memory/3984-3892-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp

Filesize
3.9MB

Download
memory/3984-65-0x00007FF69F690000-0x00007FF69FA82000-memory.dmp

Filesize
3.9MB

Download
memory/4236-3888-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp

Filesize
3.9MB

Download
memory/4236-25-0x00007FF7A10A0000-0x00007FF7A1492000-memory.dmp

Filesize
3.9MB

Download
memory/4252-143-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp

Filesize
3.9MB

Download
memory/4252-3986-0x00007FF6D3760000-0x00007FF6D3B52000-memory.dmp

Filesize
3.9MB

Download
memory/4260-4016-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp

Filesize
3.9MB

Download
memory/4260-179-0x00007FF7455D0000-0x00007FF7459C2000-memory.dmp

Filesize
3.9MB

Download
memory/4488-4011-0x00007FF730A80000-0x00007FF730E72000-memory.dmp

Filesize
3.9MB

Download
memory/4488-161-0x00007FF730A80000-0x00007FF730E72000-memory.dmp

Filesize
3.9MB

Download
memory/4640-3968-0x00007FF619570000-0x00007FF619962000-memory.dmp

Filesize
3.9MB

Download
memory/4640-131-0x00007FF619570000-0x00007FF619962000-memory.dmp

Filesize
3.9MB

Download
memory/4928-3996-0x00007FF673480000-0x00007FF673872000-memory.dmp

Filesize
3.9MB

Download
memory/4928-137-0x00007FF673480000-0x00007FF673872000-memory.dmp

Filesize
3.9MB

Download
memory/5004-88-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp

Filesize
3.9MB

Download
memory/5004-3899-0x00007FF7527D0000-0x00007FF752BC2000-memory.dmp

Filesize
3.9MB

Download