xmrig | e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
Size

3.1MB
MD5

ede281a239f539cfcb9918e78c1a2856
SHA1

c7bbcf0759dd3a1e444c72c38ba310a653ccc0a0
SHA256

e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4
SHA512

cf48b0a1f67e8fda549d693136a465f7fbac44020beb803a7fc7cd9fc9d66976a74bc4be3fad45cbcdf7a978a3033494e13068af98cb5b6f9dbf61457e28f445
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW4:SbBeSFks

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 63 IoCs

resource	yara_rule
behavioral2/memory/4196-0-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000a00000002342c-5.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023447-15.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023449-25.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023448-23.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023446-19.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2848-17-0x00007FF7BD240000-0x00007FF7BD636000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002344a-35.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002344d-56.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002344b-61.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023450-71.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023452-82.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023453-92.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023455-102.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023457-111.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002345a-121.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002345c-131.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002345e-141.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023461-156.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2200-669-0x00007FF7581E0000-0x00007FF7585D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3976-670-0x00007FF747C50000-0x00007FF748046000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1960-674-0x00007FF650E70000-0x00007FF651266000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1504-701-0x00007FF672020000-0x00007FF672416000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3704-711-0x00007FF7709A0000-0x00007FF770D96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4972-708-0x00007FF731B40000-0x00007FF731F36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3984-693-0x00007FF623430000-0x00007FF623826000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2388-686-0x00007FF64A740000-0x00007FF64AB36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1588-684-0x00007FF6F35C0000-0x00007FF6F39B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3708-678-0x00007FF768030000-0x00007FF768426000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/8-728-0x00007FF7E1E30000-0x00007FF7E2226000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3400-751-0x00007FF66CBA0000-0x00007FF66CF96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/936-773-0x00007FF68E210000-0x00007FF68E606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1948-783-0x00007FF73BF90000-0x00007FF73C386000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2100-784-0x00007FF6AF070000-0x00007FF6AF466000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2644-788-0x00007FF65B310000-0x00007FF65B706000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1208-777-0x00007FF6E5D40000-0x00007FF6E6136000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3476-772-0x00007FF6CE920000-0x00007FF6CED16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2068-768-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4964-763-0x00007FF74F1C0000-0x00007FF74F5B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1452-753-0x00007FF614540000-0x00007FF614936000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2288-738-0x00007FF751210000-0x00007FF751606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3956-716-0x00007FF6E7570000-0x00007FF6E7966000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023465-176.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023463-174.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023464-171.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023462-164.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023460-159.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002345f-154.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002345d-144.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002345b-134.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023459-124.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023458-117.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023456-107.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023454-97.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002344e-87.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000800000002344f-77.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023451-69.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002344c-59.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4196-2041-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1504-2392-0x00007FF672020000-0x00007FF672416000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2288-2421-0x00007FF751210000-0x00007FF751606000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1452-2428-0x00007FF614540000-0x00007FF614936000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2068-2434-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 63 IoCs

resource	yara_rule
behavioral2/memory/4196-0-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	UPX
behavioral2/files/0x000a00000002342c-5.dat	UPX
behavioral2/files/0x0007000000023447-15.dat	UPX
behavioral2/files/0x0007000000023449-25.dat	UPX
behavioral2/files/0x0007000000023448-23.dat	UPX
behavioral2/files/0x0007000000023446-19.dat	UPX
behavioral2/memory/2848-17-0x00007FF7BD240000-0x00007FF7BD636000-memory.dmp	UPX
behavioral2/files/0x000700000002344a-35.dat	UPX
behavioral2/files/0x000700000002344d-56.dat	UPX
behavioral2/files/0x000700000002344b-61.dat	UPX
behavioral2/files/0x0007000000023450-71.dat	UPX
behavioral2/files/0x0007000000023452-82.dat	UPX
behavioral2/files/0x0007000000023453-92.dat	UPX
behavioral2/files/0x0007000000023455-102.dat	UPX
behavioral2/files/0x0007000000023457-111.dat	UPX
behavioral2/files/0x000700000002345a-121.dat	UPX
behavioral2/files/0x000700000002345c-131.dat	UPX
behavioral2/files/0x000700000002345e-141.dat	UPX
behavioral2/files/0x0007000000023461-156.dat	UPX
behavioral2/memory/2200-669-0x00007FF7581E0000-0x00007FF7585D6000-memory.dmp	UPX
behavioral2/memory/3976-670-0x00007FF747C50000-0x00007FF748046000-memory.dmp	UPX
behavioral2/memory/1960-674-0x00007FF650E70000-0x00007FF651266000-memory.dmp	UPX
behavioral2/memory/1504-701-0x00007FF672020000-0x00007FF672416000-memory.dmp	UPX
behavioral2/memory/3704-711-0x00007FF7709A0000-0x00007FF770D96000-memory.dmp	UPX
behavioral2/memory/4972-708-0x00007FF731B40000-0x00007FF731F36000-memory.dmp	UPX
behavioral2/memory/3984-693-0x00007FF623430000-0x00007FF623826000-memory.dmp	UPX
behavioral2/memory/2388-686-0x00007FF64A740000-0x00007FF64AB36000-memory.dmp	UPX
behavioral2/memory/1588-684-0x00007FF6F35C0000-0x00007FF6F39B6000-memory.dmp	UPX
behavioral2/memory/3708-678-0x00007FF768030000-0x00007FF768426000-memory.dmp	UPX
behavioral2/memory/8-728-0x00007FF7E1E30000-0x00007FF7E2226000-memory.dmp	UPX
behavioral2/memory/3400-751-0x00007FF66CBA0000-0x00007FF66CF96000-memory.dmp	UPX
behavioral2/memory/936-773-0x00007FF68E210000-0x00007FF68E606000-memory.dmp	UPX
behavioral2/memory/1948-783-0x00007FF73BF90000-0x00007FF73C386000-memory.dmp	UPX
behavioral2/memory/2100-784-0x00007FF6AF070000-0x00007FF6AF466000-memory.dmp	UPX
behavioral2/memory/2644-788-0x00007FF65B310000-0x00007FF65B706000-memory.dmp	UPX
behavioral2/memory/1208-777-0x00007FF6E5D40000-0x00007FF6E6136000-memory.dmp	UPX
behavioral2/memory/3476-772-0x00007FF6CE920000-0x00007FF6CED16000-memory.dmp	UPX
behavioral2/memory/2068-768-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	UPX
behavioral2/memory/4964-763-0x00007FF74F1C0000-0x00007FF74F5B6000-memory.dmp	UPX
behavioral2/memory/1452-753-0x00007FF614540000-0x00007FF614936000-memory.dmp	UPX
behavioral2/memory/2288-738-0x00007FF751210000-0x00007FF751606000-memory.dmp	UPX
behavioral2/memory/3956-716-0x00007FF6E7570000-0x00007FF6E7966000-memory.dmp	UPX
behavioral2/files/0x0007000000023465-176.dat	UPX
behavioral2/files/0x0007000000023463-174.dat	UPX
behavioral2/files/0x0007000000023464-171.dat	UPX
behavioral2/files/0x0007000000023462-164.dat	UPX
behavioral2/files/0x0007000000023460-159.dat	UPX
behavioral2/files/0x000700000002345f-154.dat	UPX
behavioral2/files/0x000700000002345d-144.dat	UPX
behavioral2/files/0x000700000002345b-134.dat	UPX
behavioral2/files/0x0007000000023459-124.dat	UPX
behavioral2/files/0x0007000000023458-117.dat	UPX
behavioral2/files/0x0007000000023456-107.dat	UPX
behavioral2/files/0x0007000000023454-97.dat	UPX
behavioral2/files/0x000800000002344e-87.dat	UPX
behavioral2/files/0x000800000002344f-77.dat	UPX
behavioral2/files/0x0007000000023451-69.dat	UPX
behavioral2/files/0x000700000002344c-59.dat	UPX
behavioral2/memory/4196-2041-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	UPX
behavioral2/memory/1504-2392-0x00007FF672020000-0x00007FF672416000-memory.dmp	UPX
behavioral2/memory/2288-2421-0x00007FF751210000-0x00007FF751606000-memory.dmp	UPX
behavioral2/memory/1452-2428-0x00007FF614540000-0x00007FF614936000-memory.dmp	UPX
behavioral2/memory/2068-2434-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	UPX

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral2/memory/4196-0-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	xmrig
behavioral2/files/0x000a00000002342c-5.dat	xmrig
behavioral2/files/0x0007000000023447-15.dat	xmrig
behavioral2/files/0x0007000000023449-25.dat	xmrig
behavioral2/files/0x0007000000023448-23.dat	xmrig
behavioral2/files/0x0007000000023446-19.dat	xmrig
behavioral2/memory/2848-17-0x00007FF7BD240000-0x00007FF7BD636000-memory.dmp	xmrig
behavioral2/files/0x000700000002344a-35.dat	xmrig
behavioral2/files/0x000700000002344d-56.dat	xmrig
behavioral2/files/0x000700000002344b-61.dat	xmrig
behavioral2/files/0x0007000000023450-71.dat	xmrig
behavioral2/files/0x0007000000023452-82.dat	xmrig
behavioral2/files/0x0007000000023453-92.dat	xmrig
behavioral2/files/0x0007000000023455-102.dat	xmrig
behavioral2/files/0x0007000000023457-111.dat	xmrig
behavioral2/files/0x000700000002345a-121.dat	xmrig
behavioral2/files/0x000700000002345c-131.dat	xmrig
behavioral2/files/0x000700000002345e-141.dat	xmrig
behavioral2/files/0x0007000000023461-156.dat	xmrig
behavioral2/memory/2200-669-0x00007FF7581E0000-0x00007FF7585D6000-memory.dmp	xmrig
behavioral2/memory/3976-670-0x00007FF747C50000-0x00007FF748046000-memory.dmp	xmrig
behavioral2/memory/1960-674-0x00007FF650E70000-0x00007FF651266000-memory.dmp	xmrig
behavioral2/memory/1504-701-0x00007FF672020000-0x00007FF672416000-memory.dmp	xmrig
behavioral2/memory/3704-711-0x00007FF7709A0000-0x00007FF770D96000-memory.dmp	xmrig
behavioral2/memory/4972-708-0x00007FF731B40000-0x00007FF731F36000-memory.dmp	xmrig
behavioral2/memory/3984-693-0x00007FF623430000-0x00007FF623826000-memory.dmp	xmrig
behavioral2/memory/2388-686-0x00007FF64A740000-0x00007FF64AB36000-memory.dmp	xmrig
behavioral2/memory/1588-684-0x00007FF6F35C0000-0x00007FF6F39B6000-memory.dmp	xmrig
behavioral2/memory/3708-678-0x00007FF768030000-0x00007FF768426000-memory.dmp	xmrig
behavioral2/memory/8-728-0x00007FF7E1E30000-0x00007FF7E2226000-memory.dmp	xmrig
behavioral2/memory/3400-751-0x00007FF66CBA0000-0x00007FF66CF96000-memory.dmp	xmrig
behavioral2/memory/936-773-0x00007FF68E210000-0x00007FF68E606000-memory.dmp	xmrig
behavioral2/memory/1948-783-0x00007FF73BF90000-0x00007FF73C386000-memory.dmp	xmrig
behavioral2/memory/2100-784-0x00007FF6AF070000-0x00007FF6AF466000-memory.dmp	xmrig
behavioral2/memory/2644-788-0x00007FF65B310000-0x00007FF65B706000-memory.dmp	xmrig
behavioral2/memory/1208-777-0x00007FF6E5D40000-0x00007FF6E6136000-memory.dmp	xmrig
behavioral2/memory/3476-772-0x00007FF6CE920000-0x00007FF6CED16000-memory.dmp	xmrig
behavioral2/memory/2068-768-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	xmrig
behavioral2/memory/4964-763-0x00007FF74F1C0000-0x00007FF74F5B6000-memory.dmp	xmrig
behavioral2/memory/1452-753-0x00007FF614540000-0x00007FF614936000-memory.dmp	xmrig
behavioral2/memory/2288-738-0x00007FF751210000-0x00007FF751606000-memory.dmp	xmrig
behavioral2/memory/3956-716-0x00007FF6E7570000-0x00007FF6E7966000-memory.dmp	xmrig
behavioral2/files/0x0007000000023465-176.dat	xmrig
behavioral2/files/0x0007000000023463-174.dat	xmrig
behavioral2/files/0x0007000000023464-171.dat	xmrig
behavioral2/files/0x0007000000023462-164.dat	xmrig
behavioral2/files/0x0007000000023460-159.dat	xmrig
behavioral2/files/0x000700000002345f-154.dat	xmrig
behavioral2/files/0x000700000002345d-144.dat	xmrig
behavioral2/files/0x000700000002345b-134.dat	xmrig
behavioral2/files/0x0007000000023459-124.dat	xmrig
behavioral2/files/0x0007000000023458-117.dat	xmrig
behavioral2/files/0x0007000000023456-107.dat	xmrig
behavioral2/files/0x0007000000023454-97.dat	xmrig
behavioral2/files/0x000800000002344e-87.dat	xmrig
behavioral2/files/0x000800000002344f-77.dat	xmrig
behavioral2/files/0x0007000000023451-69.dat	xmrig
behavioral2/files/0x000700000002344c-59.dat	xmrig
behavioral2/memory/4196-2041-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	xmrig
behavioral2/memory/1504-2392-0x00007FF672020000-0x00007FF672416000-memory.dmp	xmrig
behavioral2/memory/2288-2421-0x00007FF751210000-0x00007FF751606000-memory.dmp	xmrig
behavioral2/memory/1452-2428-0x00007FF614540000-0x00007FF614936000-memory.dmp	xmrig
behavioral2/memory/2068-2434-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	xmrig

Blocklisted process makes network request 6 IoCs

flow	pid	Process
8	1892	powershell.exe
10	1892	powershell.exe
14	1892	powershell.exe
15	1892	powershell.exe
17	1892	powershell.exe
20	1892	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1892	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2848	HQcASqx.exe
1948	ucxzXVY.exe
2200	asxCObw.exe
3976	VLcsBbi.exe
2100	rjZPLvY.exe
1960	SwSLdSq.exe
3708	jZicaod.exe
2644	EyGIvmH.exe
1588	JHPZtpp.exe
2388	JoyYKCh.exe
3984	bsxSxFe.exe
1504	jHJeSZJ.exe
4972	lFXNFMv.exe
3704	yrEzSHZ.exe
3956	HrgGdKK.exe
8	ziXtBYT.exe
2288	PFkJmeM.exe
3400	reGIFgB.exe
1452	dYEScXi.exe
4964	KGNSoXE.exe
2068	pEqfrgw.exe
3476	eTFkinw.exe
936	iXDhhue.exe
1208	HpqpyJX.exe
3620	JGBTDEY.exe
5084	XqvnXkk.exe
1364	ZObbGUC.exe
2060	gzpZEKR.exe
4124	OIFWHsx.exe
3428	mWHplvd.exe
4924	YJKAbnS.exe
4216	RWGvsCO.exe
2300	MUSfYmN.exe
4212	RlejFsH.exe
2104	wAoLngr.exe
2680	PiXQfZr.exe
4504	bJspkEu.exe
4104	LKBIbHX.exe
2888	DwgLXvw.exe
2628	DFcoDKT.exe
4468	KgCRFuY.exe
3832	syrSZFT.exe
636	rYXOwcf.exe
1216	jdFvSnt.exe
3396	plalpOh.exe
1060	TdCQDpf.exe
4444	JRFwAQu.exe
1004	RWiiMhP.exe
4948	qJVDyOH.exe
2684	uAUaHeb.exe
4472	cKvCFLl.exe
64	oCPqbHx.exe
1220	AnKmazg.exe
5096	ppriZFh.exe
4800	TLbLhLG.exe
2924	uBEDWML.exe
3088	tFbnYBS.exe
4652	XtESyZy.exe
736	KOEgYAY.exe
1464	DEkAqsR.exe
1824	qnvkCJy.exe
3860	hRvldfR.exe
4836	NLbpETF.exe
1440	FTuYvdH.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4196-0-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	upx
behavioral2/files/0x000a00000002342c-5.dat	upx
behavioral2/files/0x0007000000023447-15.dat	upx
behavioral2/files/0x0007000000023449-25.dat	upx
behavioral2/files/0x0007000000023448-23.dat	upx
behavioral2/files/0x0007000000023446-19.dat	upx
behavioral2/memory/2848-17-0x00007FF7BD240000-0x00007FF7BD636000-memory.dmp	upx
behavioral2/files/0x000700000002344a-35.dat	upx
behavioral2/files/0x000700000002344d-56.dat	upx
behavioral2/files/0x000700000002344b-61.dat	upx
behavioral2/files/0x0007000000023450-71.dat	upx
behavioral2/files/0x0007000000023452-82.dat	upx
behavioral2/files/0x0007000000023453-92.dat	upx
behavioral2/files/0x0007000000023455-102.dat	upx
behavioral2/files/0x0007000000023457-111.dat	upx
behavioral2/files/0x000700000002345a-121.dat	upx
behavioral2/files/0x000700000002345c-131.dat	upx
behavioral2/files/0x000700000002345e-141.dat	upx
behavioral2/files/0x0007000000023461-156.dat	upx
behavioral2/memory/2200-669-0x00007FF7581E0000-0x00007FF7585D6000-memory.dmp	upx
behavioral2/memory/3976-670-0x00007FF747C50000-0x00007FF748046000-memory.dmp	upx
behavioral2/memory/1960-674-0x00007FF650E70000-0x00007FF651266000-memory.dmp	upx
behavioral2/memory/1504-701-0x00007FF672020000-0x00007FF672416000-memory.dmp	upx
behavioral2/memory/3704-711-0x00007FF7709A0000-0x00007FF770D96000-memory.dmp	upx
behavioral2/memory/4972-708-0x00007FF731B40000-0x00007FF731F36000-memory.dmp	upx
behavioral2/memory/3984-693-0x00007FF623430000-0x00007FF623826000-memory.dmp	upx
behavioral2/memory/2388-686-0x00007FF64A740000-0x00007FF64AB36000-memory.dmp	upx
behavioral2/memory/1588-684-0x00007FF6F35C0000-0x00007FF6F39B6000-memory.dmp	upx
behavioral2/memory/3708-678-0x00007FF768030000-0x00007FF768426000-memory.dmp	upx
behavioral2/memory/8-728-0x00007FF7E1E30000-0x00007FF7E2226000-memory.dmp	upx
behavioral2/memory/3400-751-0x00007FF66CBA0000-0x00007FF66CF96000-memory.dmp	upx
behavioral2/memory/936-773-0x00007FF68E210000-0x00007FF68E606000-memory.dmp	upx
behavioral2/memory/1948-783-0x00007FF73BF90000-0x00007FF73C386000-memory.dmp	upx
behavioral2/memory/2100-784-0x00007FF6AF070000-0x00007FF6AF466000-memory.dmp	upx
behavioral2/memory/2644-788-0x00007FF65B310000-0x00007FF65B706000-memory.dmp	upx
behavioral2/memory/1208-777-0x00007FF6E5D40000-0x00007FF6E6136000-memory.dmp	upx
behavioral2/memory/3476-772-0x00007FF6CE920000-0x00007FF6CED16000-memory.dmp	upx
behavioral2/memory/2068-768-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	upx
behavioral2/memory/4964-763-0x00007FF74F1C0000-0x00007FF74F5B6000-memory.dmp	upx
behavioral2/memory/1452-753-0x00007FF614540000-0x00007FF614936000-memory.dmp	upx
behavioral2/memory/2288-738-0x00007FF751210000-0x00007FF751606000-memory.dmp	upx
behavioral2/memory/3956-716-0x00007FF6E7570000-0x00007FF6E7966000-memory.dmp	upx
behavioral2/files/0x0007000000023465-176.dat	upx
behavioral2/files/0x0007000000023463-174.dat	upx
behavioral2/files/0x0007000000023464-171.dat	upx
behavioral2/files/0x0007000000023462-164.dat	upx
behavioral2/files/0x0007000000023460-159.dat	upx
behavioral2/files/0x000700000002345f-154.dat	upx
behavioral2/files/0x000700000002345d-144.dat	upx
behavioral2/files/0x000700000002345b-134.dat	upx
behavioral2/files/0x0007000000023459-124.dat	upx
behavioral2/files/0x0007000000023458-117.dat	upx
behavioral2/files/0x0007000000023456-107.dat	upx
behavioral2/files/0x0007000000023454-97.dat	upx
behavioral2/files/0x000800000002344e-87.dat	upx
behavioral2/files/0x000800000002344f-77.dat	upx
behavioral2/files/0x0007000000023451-69.dat	upx
behavioral2/files/0x000700000002344c-59.dat	upx
behavioral2/memory/4196-2041-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp	upx
behavioral2/memory/1504-2392-0x00007FF672020000-0x00007FF672416000-memory.dmp	upx
behavioral2/memory/2288-2421-0x00007FF751210000-0x00007FF751606000-memory.dmp	upx
behavioral2/memory/1452-2428-0x00007FF614540000-0x00007FF614936000-memory.dmp	upx
behavioral2/memory/2068-2434-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xnGkUAv.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\ioGUCTT.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\RhLJBsf.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\ifwCpGu.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\LDjHUhO.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\XVfFYZd.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\tSPDQQp.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\MKxuBJS.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\efESWXR.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\shBpYtJ.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\QdENLTR.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\OcvgCuF.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\mnqleAZ.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\diQKvow.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\yXWVqeM.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\RROllpD.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\VdDcZMc.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\bEnCfFS.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\VCUhHlT.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\pJQfLdN.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\qRHWvKE.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\yMrfPds.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\vbNYOWP.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\TJhaCbv.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\dLVusDl.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\RuIXyJl.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\EvBgwXz.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\mjfkyHI.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\rwCUxxN.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\ukkIExs.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\PfLwLZv.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\mIjHuXe.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\sDyYjUy.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\GxfYkXx.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\DhfnEcp.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\UxjUHgf.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\RsjbgTe.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\ZOtKCbu.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\mzKZIKe.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\bCbSmUB.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\wAIxZqp.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\CQpVJjr.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\ZIvvrem.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\mAmQOEx.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\AHvRLOn.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\wtdGeOO.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\ozNnuHJ.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\jrnTehS.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\FhrLWLt.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\rXVlSUu.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\dXNFWJg.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\hZzxvzW.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\ukPzBcH.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\XUjZXxP.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\KPawkKG.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\JOHxjRa.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\sSbmqOA.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\gxYdnbL.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\bwZykLq.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\pzNGpAu.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\exqTFIk.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\xSvVLVN.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\JvuyTqB.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
File created	C:\Windows\System\QtUlRSP.exe	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1892	powershell.exe
1892	powershell.exe
1892	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
Token: SeLockMemoryPrivilege	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
Token: SeDebugPrivilege	1892	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 1892	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	82
PID 4196 wrote to memory of 1892	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	82
PID 4196 wrote to memory of 2848	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	83
PID 4196 wrote to memory of 2848	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	83
PID 4196 wrote to memory of 1948	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	84
PID 4196 wrote to memory of 1948	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	84
PID 4196 wrote to memory of 2200	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	85
PID 4196 wrote to memory of 2200	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	85
PID 4196 wrote to memory of 3976	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	86
PID 4196 wrote to memory of 3976	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	86
PID 4196 wrote to memory of 2100	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	87
PID 4196 wrote to memory of 2100	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	87
PID 4196 wrote to memory of 1960	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	88
PID 4196 wrote to memory of 1960	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	88
PID 4196 wrote to memory of 3708	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	89
PID 4196 wrote to memory of 3708	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	89
PID 4196 wrote to memory of 2644	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	90
PID 4196 wrote to memory of 2644	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	90
PID 4196 wrote to memory of 1588	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	91
PID 4196 wrote to memory of 1588	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	91
PID 4196 wrote to memory of 2388	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	92
PID 4196 wrote to memory of 2388	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	92
PID 4196 wrote to memory of 3984	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	93
PID 4196 wrote to memory of 3984	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	93
PID 4196 wrote to memory of 1504	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	94
PID 4196 wrote to memory of 1504	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	94
PID 4196 wrote to memory of 4972	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	95
PID 4196 wrote to memory of 4972	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	95
PID 4196 wrote to memory of 3704	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	96
PID 4196 wrote to memory of 3704	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	96
PID 4196 wrote to memory of 3956	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	97
PID 4196 wrote to memory of 3956	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	97
PID 4196 wrote to memory of 8	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	98
PID 4196 wrote to memory of 8	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	98
PID 4196 wrote to memory of 2288	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	99
PID 4196 wrote to memory of 2288	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	99
PID 4196 wrote to memory of 3400	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	100
PID 4196 wrote to memory of 3400	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	100
PID 4196 wrote to memory of 1452	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	101
PID 4196 wrote to memory of 1452	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	101
PID 4196 wrote to memory of 4964	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	102
PID 4196 wrote to memory of 4964	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	102
PID 4196 wrote to memory of 2068	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	103
PID 4196 wrote to memory of 2068	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	103
PID 4196 wrote to memory of 3476	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	104
PID 4196 wrote to memory of 3476	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	104
PID 4196 wrote to memory of 936	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	105
PID 4196 wrote to memory of 936	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	105
PID 4196 wrote to memory of 1208	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	106
PID 4196 wrote to memory of 1208	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	106
PID 4196 wrote to memory of 3620	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	107
PID 4196 wrote to memory of 3620	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	107
PID 4196 wrote to memory of 5084	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	108
PID 4196 wrote to memory of 5084	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	108
PID 4196 wrote to memory of 1364	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	109
PID 4196 wrote to memory of 1364	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	109
PID 4196 wrote to memory of 2060	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	110
PID 4196 wrote to memory of 2060	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	110
PID 4196 wrote to memory of 4124	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	111
PID 4196 wrote to memory of 4124	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	111
PID 4196 wrote to memory of 3428	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	112
PID 4196 wrote to memory of 3428	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	112
PID 4196 wrote to memory of 4924	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	113
PID 4196 wrote to memory of 4924	4196	e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe	113

C:\Users\Admin\AppData\Local\Temp\e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe
"C:\Users\Admin\AppData\Local\Temp\e91bd995fb15042285f4fdf483d8f6f7e65be790532edb7d7d313e9689229de4.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1892
- C:\Windows\System\HQcASqx.exe
  C:\Windows\System\HQcASqx.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ucxzXVY.exe
  C:\Windows\System\ucxzXVY.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\asxCObw.exe
  C:\Windows\System\asxCObw.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\VLcsBbi.exe
  C:\Windows\System\VLcsBbi.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\rjZPLvY.exe
  C:\Windows\System\rjZPLvY.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\SwSLdSq.exe
  C:\Windows\System\SwSLdSq.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\jZicaod.exe
  C:\Windows\System\jZicaod.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\EyGIvmH.exe
  C:\Windows\System\EyGIvmH.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\JHPZtpp.exe
  C:\Windows\System\JHPZtpp.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\JoyYKCh.exe
  C:\Windows\System\JoyYKCh.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\bsxSxFe.exe
  C:\Windows\System\bsxSxFe.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\jHJeSZJ.exe
  C:\Windows\System\jHJeSZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\lFXNFMv.exe
  C:\Windows\System\lFXNFMv.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\yrEzSHZ.exe
  C:\Windows\System\yrEzSHZ.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\HrgGdKK.exe
  C:\Windows\System\HrgGdKK.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\ziXtBYT.exe
  C:\Windows\System\ziXtBYT.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\PFkJmeM.exe
  C:\Windows\System\PFkJmeM.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\reGIFgB.exe
  C:\Windows\System\reGIFgB.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\dYEScXi.exe
  C:\Windows\System\dYEScXi.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\KGNSoXE.exe
  C:\Windows\System\KGNSoXE.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\pEqfrgw.exe
  C:\Windows\System\pEqfrgw.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\eTFkinw.exe
  C:\Windows\System\eTFkinw.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\iXDhhue.exe
  C:\Windows\System\iXDhhue.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\HpqpyJX.exe
  C:\Windows\System\HpqpyJX.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\JGBTDEY.exe
  C:\Windows\System\JGBTDEY.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\XqvnXkk.exe
  C:\Windows\System\XqvnXkk.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\ZObbGUC.exe
  C:\Windows\System\ZObbGUC.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\gzpZEKR.exe
  C:\Windows\System\gzpZEKR.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\OIFWHsx.exe
  C:\Windows\System\OIFWHsx.exe
  2⤵
  - Executes dropped EXE
  PID:4124
- C:\Windows\System\mWHplvd.exe
  C:\Windows\System\mWHplvd.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\YJKAbnS.exe
  C:\Windows\System\YJKAbnS.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\RWGvsCO.exe
  C:\Windows\System\RWGvsCO.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\MUSfYmN.exe
  C:\Windows\System\MUSfYmN.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\RlejFsH.exe
  C:\Windows\System\RlejFsH.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\wAoLngr.exe
  C:\Windows\System\wAoLngr.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\PiXQfZr.exe
  C:\Windows\System\PiXQfZr.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\bJspkEu.exe
  C:\Windows\System\bJspkEu.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\LKBIbHX.exe
  C:\Windows\System\LKBIbHX.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\DwgLXvw.exe
  C:\Windows\System\DwgLXvw.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\DFcoDKT.exe
  C:\Windows\System\DFcoDKT.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\KgCRFuY.exe
  C:\Windows\System\KgCRFuY.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\syrSZFT.exe
  C:\Windows\System\syrSZFT.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\rYXOwcf.exe
  C:\Windows\System\rYXOwcf.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\jdFvSnt.exe
  C:\Windows\System\jdFvSnt.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\plalpOh.exe
  C:\Windows\System\plalpOh.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\TdCQDpf.exe
  C:\Windows\System\TdCQDpf.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\JRFwAQu.exe
  C:\Windows\System\JRFwAQu.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\RWiiMhP.exe
  C:\Windows\System\RWiiMhP.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\qJVDyOH.exe
  C:\Windows\System\qJVDyOH.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\uAUaHeb.exe
  C:\Windows\System\uAUaHeb.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\cKvCFLl.exe
  C:\Windows\System\cKvCFLl.exe
  2⤵
  - Executes dropped EXE
  PID:4472
- C:\Windows\System\oCPqbHx.exe
  C:\Windows\System\oCPqbHx.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\AnKmazg.exe
  C:\Windows\System\AnKmazg.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\ppriZFh.exe
  C:\Windows\System\ppriZFh.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\TLbLhLG.exe
  C:\Windows\System\TLbLhLG.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\uBEDWML.exe
  C:\Windows\System\uBEDWML.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\tFbnYBS.exe
  C:\Windows\System\tFbnYBS.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\XtESyZy.exe
  C:\Windows\System\XtESyZy.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\KOEgYAY.exe
  C:\Windows\System\KOEgYAY.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\DEkAqsR.exe
  C:\Windows\System\DEkAqsR.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\qnvkCJy.exe
  C:\Windows\System\qnvkCJy.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\hRvldfR.exe
  C:\Windows\System\hRvldfR.exe
  2⤵
  - Executes dropped EXE
  PID:3860
- C:\Windows\System\NLbpETF.exe
  C:\Windows\System\NLbpETF.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\FTuYvdH.exe
  C:\Windows\System\FTuYvdH.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\PyPglhk.exe
  C:\Windows\System\PyPglhk.exe
  2⤵
  PID:5012
- C:\Windows\System\xmgnPWG.exe
  C:\Windows\System\xmgnPWG.exe
  2⤵
  PID:4788
- C:\Windows\System\QIzUwSS.exe
  C:\Windows\System\QIzUwSS.exe
  2⤵
  PID:4388
- C:\Windows\System\EmhiLzQ.exe
  C:\Windows\System\EmhiLzQ.exe
  2⤵
  PID:4120
- C:\Windows\System\VSLOYjn.exe
  C:\Windows\System\VSLOYjn.exe
  2⤵
  PID:5036
- C:\Windows\System\RtkacAJ.exe
  C:\Windows\System\RtkacAJ.exe
  2⤵
  PID:4584
- C:\Windows\System\FYdfJZJ.exe
  C:\Windows\System\FYdfJZJ.exe
  2⤵
  PID:4636
- C:\Windows\System\KetvJoe.exe
  C:\Windows\System\KetvJoe.exe
  2⤵
  PID:4488
- C:\Windows\System\dvVTvLY.exe
  C:\Windows\System\dvVTvLY.exe
  2⤵
  PID:4884
- C:\Windows\System\LKVqYQv.exe
  C:\Windows\System\LKVqYQv.exe
  2⤵
  PID:3964
- C:\Windows\System\IMsWFxE.exe
  C:\Windows\System\IMsWFxE.exe
  2⤵
  PID:4248
- C:\Windows\System\cIymgQY.exe
  C:\Windows\System\cIymgQY.exe
  2⤵
  PID:1380
- C:\Windows\System\auZpQXH.exe
  C:\Windows\System\auZpQXH.exe
  2⤵
  PID:5144
- C:\Windows\System\UScDXMD.exe
  C:\Windows\System\UScDXMD.exe
  2⤵
  PID:5208
- C:\Windows\System\LGItcBU.exe
  C:\Windows\System\LGItcBU.exe
  2⤵
  PID:5224
- C:\Windows\System\yPREXRx.exe
  C:\Windows\System\yPREXRx.exe
  2⤵
  PID:5240
- C:\Windows\System\KVfcFNk.exe
  C:\Windows\System\KVfcFNk.exe
  2⤵
  PID:5268
- C:\Windows\System\uVziKlM.exe
  C:\Windows\System\uVziKlM.exe
  2⤵
  PID:5292
- C:\Windows\System\kjQxUQP.exe
  C:\Windows\System\kjQxUQP.exe
  2⤵
  PID:5320
- C:\Windows\System\GhMtnlp.exe
  C:\Windows\System\GhMtnlp.exe
  2⤵
  PID:5352
- C:\Windows\System\SPjuoGM.exe
  C:\Windows\System\SPjuoGM.exe
  2⤵
  PID:5380
- C:\Windows\System\gezwBqw.exe
  C:\Windows\System\gezwBqw.exe
  2⤵
  PID:5408
- C:\Windows\System\otvnpVs.exe
  C:\Windows\System\otvnpVs.exe
  2⤵
  PID:5436
- C:\Windows\System\IxWNceg.exe
  C:\Windows\System\IxWNceg.exe
  2⤵
  PID:5464
- C:\Windows\System\OxgtOtY.exe
  C:\Windows\System\OxgtOtY.exe
  2⤵
  PID:5492
- C:\Windows\System\OeAsmLU.exe
  C:\Windows\System\OeAsmLU.exe
  2⤵
  PID:5516
- C:\Windows\System\TUHmrov.exe
  C:\Windows\System\TUHmrov.exe
  2⤵
  PID:5544
- C:\Windows\System\NgwxyHa.exe
  C:\Windows\System\NgwxyHa.exe
  2⤵
  PID:5564
- C:\Windows\System\CfIsyjG.exe
  C:\Windows\System\CfIsyjG.exe
  2⤵
  PID:5588
- C:\Windows\System\ZBxdGeI.exe
  C:\Windows\System\ZBxdGeI.exe
  2⤵
  PID:5620
- C:\Windows\System\QjDfGrk.exe
  C:\Windows\System\QjDfGrk.exe
  2⤵
  PID:5648
- C:\Windows\System\TfAdVWR.exe
  C:\Windows\System\TfAdVWR.exe
  2⤵
  PID:5676
- C:\Windows\System\kQLqJQA.exe
  C:\Windows\System\kQLqJQA.exe
  2⤵
  PID:5708
- C:\Windows\System\djGjEOF.exe
  C:\Windows\System\djGjEOF.exe
  2⤵
  PID:5736
- C:\Windows\System\KIemPoZ.exe
  C:\Windows\System\KIemPoZ.exe
  2⤵
  PID:5764
- C:\Windows\System\zECpFxp.exe
  C:\Windows\System\zECpFxp.exe
  2⤵
  PID:5792
- C:\Windows\System\QqMCGHc.exe
  C:\Windows\System\QqMCGHc.exe
  2⤵
  PID:5820
- C:\Windows\System\qqahQhC.exe
  C:\Windows\System\qqahQhC.exe
  2⤵
  PID:5848
- C:\Windows\System\ocVrgyO.exe
  C:\Windows\System\ocVrgyO.exe
  2⤵
  PID:5876
- C:\Windows\System\ddPPcdw.exe
  C:\Windows\System\ddPPcdw.exe
  2⤵
  PID:5904
- C:\Windows\System\QtIlayd.exe
  C:\Windows\System\QtIlayd.exe
  2⤵
  PID:5932
- C:\Windows\System\lbszfns.exe
  C:\Windows\System\lbszfns.exe
  2⤵
  PID:5960
- C:\Windows\System\jWoqMjp.exe
  C:\Windows\System\jWoqMjp.exe
  2⤵
  PID:5988
- C:\Windows\System\WfqhvtC.exe
  C:\Windows\System\WfqhvtC.exe
  2⤵
  PID:6016
- C:\Windows\System\THkFqLx.exe
  C:\Windows\System\THkFqLx.exe
  2⤵
  PID:6044
- C:\Windows\System\JVmRrwn.exe
  C:\Windows\System\JVmRrwn.exe
  2⤵
  PID:6076
- C:\Windows\System\CDwLVfH.exe
  C:\Windows\System\CDwLVfH.exe
  2⤵
  PID:6100
- C:\Windows\System\DlpTbBV.exe
  C:\Windows\System\DlpTbBV.exe
  2⤵
  PID:6132
- C:\Windows\System\RkXtyKX.exe
  C:\Windows\System\RkXtyKX.exe
  2⤵
  PID:2724
- C:\Windows\System\mvkUaQg.exe
  C:\Windows\System\mvkUaQg.exe
  2⤵
  PID:2612
- C:\Windows\System\pGAtjJz.exe
  C:\Windows\System\pGAtjJz.exe
  2⤵
  PID:672
- C:\Windows\System\YYpfDKu.exe
  C:\Windows\System\YYpfDKu.exe
  2⤵
  PID:2784
- C:\Windows\System\EQGoDZu.exe
  C:\Windows\System\EQGoDZu.exe
  2⤵
  PID:5172
- C:\Windows\System\EDAzZNZ.exe
  C:\Windows\System\EDAzZNZ.exe
  2⤵
  PID:5252
- C:\Windows\System\kuUzIkC.exe
  C:\Windows\System\kuUzIkC.exe
  2⤵
  PID:5312
- C:\Windows\System\pVIPurx.exe
  C:\Windows\System\pVIPurx.exe
  2⤵
  PID:5368
- C:\Windows\System\XGgoiAF.exe
  C:\Windows\System\XGgoiAF.exe
  2⤵
  PID:5448
- C:\Windows\System\JbTlBnR.exe
  C:\Windows\System\JbTlBnR.exe
  2⤵
  PID:5508
- C:\Windows\System\TejNWEM.exe
  C:\Windows\System\TejNWEM.exe
  2⤵
  PID:5576
- C:\Windows\System\aigRncU.exe
  C:\Windows\System\aigRncU.exe
  2⤵
  PID:5636
- C:\Windows\System\IhGmDhQ.exe
  C:\Windows\System\IhGmDhQ.exe
  2⤵
  PID:5700
- C:\Windows\System\eFFuGlW.exe
  C:\Windows\System\eFFuGlW.exe
  2⤵
  PID:5776
- C:\Windows\System\VECjgbr.exe
  C:\Windows\System\VECjgbr.exe
  2⤵
  PID:5836
- C:\Windows\System\WbVmdkV.exe
  C:\Windows\System\WbVmdkV.exe
  2⤵
  PID:5896
- C:\Windows\System\rNfbnvD.exe
  C:\Windows\System\rNfbnvD.exe
  2⤵
  PID:5972
- C:\Windows\System\zQActFV.exe
  C:\Windows\System\zQActFV.exe
  2⤵
  PID:6028
- C:\Windows\System\wwUcWjB.exe
  C:\Windows\System\wwUcWjB.exe
  2⤵
  PID:6092
- C:\Windows\System\jvzKjLG.exe
  C:\Windows\System\jvzKjLG.exe
  2⤵
  PID:1500
- C:\Windows\System\plguetQ.exe
  C:\Windows\System\plguetQ.exe
  2⤵
  PID:5064
- C:\Windows\System\txrHOOE.exe
  C:\Windows\System\txrHOOE.exe
  2⤵
  PID:5160
- C:\Windows\System\scqUiqN.exe
  C:\Windows\System\scqUiqN.exe
  2⤵
  PID:5340
- C:\Windows\System\eZDWHIo.exe
  C:\Windows\System\eZDWHIo.exe
  2⤵
  PID:5480
- C:\Windows\System\iZANwGC.exe
  C:\Windows\System\iZANwGC.exe
  2⤵
  PID:5608
- C:\Windows\System\XwfOKtG.exe
  C:\Windows\System\XwfOKtG.exe
  2⤵
  PID:5804
- C:\Windows\System\somcezd.exe
  C:\Windows\System\somcezd.exe
  2⤵
  PID:5944
- C:\Windows\System\JsxNcMa.exe
  C:\Windows\System\JsxNcMa.exe
  2⤵
  PID:6164
- C:\Windows\System\GEOCTxc.exe
  C:\Windows\System\GEOCTxc.exe
  2⤵
  PID:6192
- C:\Windows\System\MPFXyGg.exe
  C:\Windows\System\MPFXyGg.exe
  2⤵
  PID:6220
- C:\Windows\System\okyEiIB.exe
  C:\Windows\System\okyEiIB.exe
  2⤵
  PID:6248
- C:\Windows\System\gNCLWIi.exe
  C:\Windows\System\gNCLWIi.exe
  2⤵
  PID:6276
- C:\Windows\System\hLURXRA.exe
  C:\Windows\System\hLURXRA.exe
  2⤵
  PID:6304
- C:\Windows\System\DAbAvjl.exe
  C:\Windows\System\DAbAvjl.exe
  2⤵
  PID:6332
- C:\Windows\System\iCtYoet.exe
  C:\Windows\System\iCtYoet.exe
  2⤵
  PID:6360
- C:\Windows\System\KnMussu.exe
  C:\Windows\System\KnMussu.exe
  2⤵
  PID:6388
- C:\Windows\System\puNrmvy.exe
  C:\Windows\System\puNrmvy.exe
  2⤵
  PID:6412
- C:\Windows\System\vsLZmlX.exe
  C:\Windows\System\vsLZmlX.exe
  2⤵
  PID:6444
- C:\Windows\System\LJGlewS.exe
  C:\Windows\System\LJGlewS.exe
  2⤵
  PID:6468
- C:\Windows\System\UyySzKr.exe
  C:\Windows\System\UyySzKr.exe
  2⤵
  PID:6504
- C:\Windows\System\nvNHzmE.exe
  C:\Windows\System\nvNHzmE.exe
  2⤵
  PID:6528
- C:\Windows\System\TjEmhVV.exe
  C:\Windows\System\TjEmhVV.exe
  2⤵
  PID:6556
- C:\Windows\System\EKLatPm.exe
  C:\Windows\System\EKLatPm.exe
  2⤵
  PID:6584
- C:\Windows\System\PnAYbFH.exe
  C:\Windows\System\PnAYbFH.exe
  2⤵
  PID:6620
- C:\Windows\System\euuuWQc.exe
  C:\Windows\System\euuuWQc.exe
  2⤵
  PID:6640
- C:\Windows\System\hmHMyCz.exe
  C:\Windows\System\hmHMyCz.exe
  2⤵
  PID:6672
- C:\Windows\System\kHVxULG.exe
  C:\Windows\System\kHVxULG.exe
  2⤵
  PID:6696
- C:\Windows\System\ENJljXd.exe
  C:\Windows\System\ENJljXd.exe
  2⤵
  PID:6720
- C:\Windows\System\lbvdAfD.exe
  C:\Windows\System\lbvdAfD.exe
  2⤵
  PID:6752
- C:\Windows\System\INRpwHG.exe
  C:\Windows\System\INRpwHG.exe
  2⤵
  PID:6780
- C:\Windows\System\MYrfUWx.exe
  C:\Windows\System\MYrfUWx.exe
  2⤵
  PID:6808
- C:\Windows\System\qMLpKJb.exe
  C:\Windows\System\qMLpKJb.exe
  2⤵
  PID:6836
- C:\Windows\System\YPLBFAE.exe
  C:\Windows\System\YPLBFAE.exe
  2⤵
  PID:6864
- C:\Windows\System\zFsuPAd.exe
  C:\Windows\System\zFsuPAd.exe
  2⤵
  PID:6892
- C:\Windows\System\hpiaxtf.exe
  C:\Windows\System\hpiaxtf.exe
  2⤵
  PID:6920
- C:\Windows\System\HoazkSK.exe
  C:\Windows\System\HoazkSK.exe
  2⤵
  PID:6948
- C:\Windows\System\DkRNSbB.exe
  C:\Windows\System\DkRNSbB.exe
  2⤵
  PID:6976
- C:\Windows\System\ZzQupne.exe
  C:\Windows\System\ZzQupne.exe
  2⤵
  PID:7000
- C:\Windows\System\noQKdIc.exe
  C:\Windows\System\noQKdIc.exe
  2⤵
  PID:7032
- C:\Windows\System\ZIamqqi.exe
  C:\Windows\System\ZIamqqi.exe
  2⤵
  PID:7060
- C:\Windows\System\wFNnAWj.exe
  C:\Windows\System\wFNnAWj.exe
  2⤵
  PID:7088
- C:\Windows\System\OgMKqQh.exe
  C:\Windows\System\OgMKqQh.exe
  2⤵
  PID:7116
- C:\Windows\System\DgJdIXA.exe
  C:\Windows\System\DgJdIXA.exe
  2⤵
  PID:7140
- C:\Windows\System\hZEJePI.exe
  C:\Windows\System\hZEJePI.exe
  2⤵
  PID:6004
- C:\Windows\System\tVDqlGD.exe
  C:\Windows\System\tVDqlGD.exe
  2⤵
  PID:2188
- C:\Windows\System\dzszukO.exe
  C:\Windows\System\dzszukO.exe
  2⤵
  PID:5232
- C:\Windows\System\sVMlaJO.exe
  C:\Windows\System\sVMlaJO.exe
  2⤵
  PID:5556
- C:\Windows\System\VtRUWZj.exe
  C:\Windows\System\VtRUWZj.exe
  2⤵
  PID:5888
- C:\Windows\System\mpBvAoW.exe
  C:\Windows\System\mpBvAoW.exe
  2⤵
  PID:6204
- C:\Windows\System\zkLmoEo.exe
  C:\Windows\System\zkLmoEo.exe
  2⤵
  PID:6268
- C:\Windows\System\tfTWxVO.exe
  C:\Windows\System\tfTWxVO.exe
  2⤵
  PID:6344
- C:\Windows\System\qOLtDnx.exe
  C:\Windows\System\qOLtDnx.exe
  2⤵
  PID:6408
- C:\Windows\System\TNBXiru.exe
  C:\Windows\System\TNBXiru.exe
  2⤵
  PID:6460
- C:\Windows\System\apxKkYd.exe
  C:\Windows\System\apxKkYd.exe
  2⤵
  PID:6524
- C:\Windows\System\fbNYgqp.exe
  C:\Windows\System\fbNYgqp.exe
  2⤵
  PID:6596
- C:\Windows\System\KeBSfPu.exe
  C:\Windows\System\KeBSfPu.exe
  2⤵
  PID:6636
- C:\Windows\System\kkkEdkj.exe
  C:\Windows\System\kkkEdkj.exe
  2⤵
  PID:6688
- C:\Windows\System\UbALJiv.exe
  C:\Windows\System\UbALJiv.exe
  2⤵
  PID:6740
- C:\Windows\System\Rbkkazt.exe
  C:\Windows\System\Rbkkazt.exe
  2⤵
  PID:6800
- C:\Windows\System\CyMsHIp.exe
  C:\Windows\System\CyMsHIp.exe
  2⤵
  PID:6852
- C:\Windows\System\UGelUKK.exe
  C:\Windows\System\UGelUKK.exe
  2⤵
  PID:6908
- C:\Windows\System\IGHrbvv.exe
  C:\Windows\System\IGHrbvv.exe
  2⤵
  PID:6964
- C:\Windows\System\mVlKxXq.exe
  C:\Windows\System\mVlKxXq.exe
  2⤵
  PID:2040
- C:\Windows\System\rebednQ.exe
  C:\Windows\System\rebednQ.exe
  2⤵
  PID:7072
- C:\Windows\System\EUtnpVj.exe
  C:\Windows\System\EUtnpVj.exe
  2⤵
  PID:400
- C:\Windows\System\iqQvChq.exe
  C:\Windows\System\iqQvChq.exe
  2⤵
  PID:1772
- C:\Windows\System\rXppuDR.exe
  C:\Windows\System\rXppuDR.exe
  2⤵
  PID:6232
- C:\Windows\System\MlifiSO.exe
  C:\Windows\System\MlifiSO.exe
  2⤵
  PID:6380
- C:\Windows\System\rKZjfVI.exe
  C:\Windows\System\rKZjfVI.exe
  2⤵
  PID:6496
- C:\Windows\System\GLpvJMr.exe
  C:\Windows\System\GLpvJMr.exe
  2⤵
  PID:6576
- C:\Windows\System\PIkDDHa.exe
  C:\Windows\System\PIkDDHa.exe
  2⤵
  PID:1088
- C:\Windows\System\PJZzaQR.exe
  C:\Windows\System\PJZzaQR.exe
  2⤵
  PID:6716
- C:\Windows\System\EOvozFO.exe
  C:\Windows\System\EOvozFO.exe
  2⤵
  PID:1396
- C:\Windows\System\ADQRYvM.exe
  C:\Windows\System\ADQRYvM.exe
  2⤵
  PID:6880
- C:\Windows\System\OnpeyPx.exe
  C:\Windows\System\OnpeyPx.exe
  2⤵
  PID:4592
- C:\Windows\System\JSDcuJo.exe
  C:\Windows\System\JSDcuJo.exe
  2⤵
  PID:6992
- C:\Windows\System\RTfyfgX.exe
  C:\Windows\System\RTfyfgX.exe
  2⤵
  PID:7048
- C:\Windows\System\TDjAlUg.exe
  C:\Windows\System\TDjAlUg.exe
  2⤵
  PID:860
- C:\Windows\System\uSlgizW.exe
  C:\Windows\System\uSlgizW.exe
  2⤵
  PID:7108
- C:\Windows\System\kzPiNDq.exe
  C:\Windows\System\kzPiNDq.exe
  2⤵
  PID:4532
- C:\Windows\System\fhacMFB.exe
  C:\Windows\System\fhacMFB.exe
  2⤵
  PID:1796
- C:\Windows\System\HoQEOlb.exe
  C:\Windows\System\HoQEOlb.exe
  2⤵
  PID:4108
- C:\Windows\System\iDKqHrf.exe
  C:\Windows\System\iDKqHrf.exe
  2⤵
  PID:6180
- C:\Windows\System\uLNYWjv.exe
  C:\Windows\System\uLNYWjv.exe
  2⤵
  PID:3320
- C:\Windows\System\MXYsbvI.exe
  C:\Windows\System\MXYsbvI.exe
  2⤵
  PID:3268
- C:\Windows\System\WvcJpoB.exe
  C:\Windows\System\WvcJpoB.exe
  2⤵
  PID:6848
- C:\Windows\System\TkrXncu.exe
  C:\Windows\System\TkrXncu.exe
  2⤵
  PID:4228
- C:\Windows\System\xAWKePn.exe
  C:\Windows\System\xAWKePn.exe
  2⤵
  PID:1600
- C:\Windows\System\YdndSoM.exe
  C:\Windows\System\YdndSoM.exe
  2⤵
  PID:7180
- C:\Windows\System\RxobZpy.exe
  C:\Windows\System\RxobZpy.exe
  2⤵
  PID:7204
- C:\Windows\System\xtBtwUk.exe
  C:\Windows\System\xtBtwUk.exe
  2⤵
  PID:7284
- C:\Windows\System\TKGGZDk.exe
  C:\Windows\System\TKGGZDk.exe
  2⤵
  PID:7324
- C:\Windows\System\CPIKWxx.exe
  C:\Windows\System\CPIKWxx.exe
  2⤵
  PID:7352
- C:\Windows\System\KDwoktg.exe
  C:\Windows\System\KDwoktg.exe
  2⤵
  PID:7396
- C:\Windows\System\QtUlRSP.exe
  C:\Windows\System\QtUlRSP.exe
  2⤵
  PID:7432
- C:\Windows\System\nKGhGJA.exe
  C:\Windows\System\nKGhGJA.exe
  2⤵
  PID:7456
- C:\Windows\System\eAehoXh.exe
  C:\Windows\System\eAehoXh.exe
  2⤵
  PID:7520
- C:\Windows\System\gxsucOn.exe
  C:\Windows\System\gxsucOn.exe
  2⤵
  PID:7824
- C:\Windows\System\uByVMYV.exe
  C:\Windows\System\uByVMYV.exe
  2⤵
  PID:7888
- C:\Windows\System\bgwdGiK.exe
  C:\Windows\System\bgwdGiK.exe
  2⤵
  PID:7920
- C:\Windows\System\fWjXAQI.exe
  C:\Windows\System\fWjXAQI.exe
  2⤵
  PID:7952
- C:\Windows\System\vXkhFlN.exe
  C:\Windows\System\vXkhFlN.exe
  2⤵
  PID:7988
- C:\Windows\System\ZbTUbrI.exe
  C:\Windows\System\ZbTUbrI.exe
  2⤵
  PID:8052
- C:\Windows\System\yrfmQYG.exe
  C:\Windows\System\yrfmQYG.exe
  2⤵
  PID:8092
- C:\Windows\System\DDFquDi.exe
  C:\Windows\System\DDFquDi.exe
  2⤵
  PID:8128
- C:\Windows\System\VYMGnEY.exe
  C:\Windows\System\VYMGnEY.exe
  2⤵
  PID:8164
- C:\Windows\System\NuTvyqk.exe
  C:\Windows\System\NuTvyqk.exe
  2⤵
  PID:8188
- C:\Windows\System\NoDQGHt.exe
  C:\Windows\System\NoDQGHt.exe
  2⤵
  PID:6456
- C:\Windows\System\OkouOhC.exe
  C:\Windows\System\OkouOhC.exe
  2⤵
  PID:7192
- C:\Windows\System\OOcsmCB.exe
  C:\Windows\System\OOcsmCB.exe
  2⤵
  PID:7272
- C:\Windows\System\NhEKCuz.exe
  C:\Windows\System\NhEKCuz.exe
  2⤵
  PID:7344
- C:\Windows\System\GYCIQsb.exe
  C:\Windows\System\GYCIQsb.exe
  2⤵
  PID:7544
- C:\Windows\System\XDAXPCo.exe
  C:\Windows\System\XDAXPCo.exe
  2⤵
  PID:3808
- C:\Windows\System\DHDhNfb.exe
  C:\Windows\System\DHDhNfb.exe
  2⤵
  PID:7624
- C:\Windows\System\DaYYReF.exe
  C:\Windows\System\DaYYReF.exe
  2⤵
  PID:7640
- C:\Windows\System\ZrWrhSy.exe
  C:\Windows\System\ZrWrhSy.exe
  2⤵
  PID:7688
- C:\Windows\System\GCZZhOY.exe
  C:\Windows\System\GCZZhOY.exe
  2⤵
  PID:7712
- C:\Windows\System\xkXwtCT.exe
  C:\Windows\System\xkXwtCT.exe
  2⤵
  PID:7748
- C:\Windows\System\ijWcrJI.exe
  C:\Windows\System\ijWcrJI.exe
  2⤵
  PID:7864
- C:\Windows\System\XFvtRvY.exe
  C:\Windows\System\XFvtRvY.exe
  2⤵
  PID:7876
- C:\Windows\System\bndIcMs.exe
  C:\Windows\System\bndIcMs.exe
  2⤵
  PID:7948
- C:\Windows\System\jXyjzcv.exe
  C:\Windows\System\jXyjzcv.exe
  2⤵
  PID:8000
- C:\Windows\System\utOZsAG.exe
  C:\Windows\System\utOZsAG.exe
  2⤵
  PID:8124
- C:\Windows\System\NKfoOXy.exe
  C:\Windows\System\NKfoOXy.exe
  2⤵
  PID:8152
- C:\Windows\System\WWpqzJM.exe
  C:\Windows\System\WWpqzJM.exe
  2⤵
  PID:2764
- C:\Windows\System\XIZGBWG.exe
  C:\Windows\System\XIZGBWG.exe
  2⤵
  PID:6632
- C:\Windows\System\Alysxss.exe
  C:\Windows\System\Alysxss.exe
  2⤵
  PID:7156
- C:\Windows\System\gEkBSnN.exe
  C:\Windows\System\gEkBSnN.exe
  2⤵
  PID:7428
- C:\Windows\System\erGpVfz.exe
  C:\Windows\System\erGpVfz.exe
  2⤵
  PID:2024
- C:\Windows\System\zyHXVDk.exe
  C:\Windows\System\zyHXVDk.exe
  2⤵
  PID:6568
- C:\Windows\System\nolxMgY.exe
  C:\Windows\System\nolxMgY.exe
  2⤵
  PID:7668
- C:\Windows\System\mpURyab.exe
  C:\Windows\System\mpURyab.exe
  2⤵
  PID:7504
- C:\Windows\System\ZEwjxMx.exe
  C:\Windows\System\ZEwjxMx.exe
  2⤵
  PID:7840
- C:\Windows\System\sFbJQNh.exe
  C:\Windows\System\sFbJQNh.exe
  2⤵
  PID:7936
- C:\Windows\System\ocVoNJe.exe
  C:\Windows\System\ocVoNJe.exe
  2⤵
  PID:8008
- C:\Windows\System\JNTRooy.exe
  C:\Windows\System\JNTRooy.exe
  2⤵
  PID:8108
- C:\Windows\System\FYnrwrm.exe
  C:\Windows\System\FYnrwrm.exe
  2⤵
  PID:2588
- C:\Windows\System\QdlrhRA.exe
  C:\Windows\System\QdlrhRA.exe
  2⤵
  PID:5420
- C:\Windows\System\gZGUtDd.exe
  C:\Windows\System\gZGUtDd.exe
  2⤵
  PID:7424
- C:\Windows\System\coAuGhf.exe
  C:\Windows\System\coAuGhf.exe
  2⤵
  PID:848
- C:\Windows\System\uNHqKwm.exe
  C:\Windows\System\uNHqKwm.exe
  2⤵
  PID:7408
- C:\Windows\System\yeHNUHQ.exe
  C:\Windows\System\yeHNUHQ.exe
  2⤵
  PID:7908
- C:\Windows\System\BShivuc.exe
  C:\Windows\System\BShivuc.exe
  2⤵
  PID:8072
- C:\Windows\System\VVDWjSW.exe
  C:\Windows\System\VVDWjSW.exe
  2⤵
  PID:7256
- C:\Windows\System\fBurquN.exe
  C:\Windows\System\fBurquN.exe
  2⤵
  PID:7616
- C:\Windows\System\ESHiVcq.exe
  C:\Windows\System\ESHiVcq.exe
  2⤵
  PID:3564
- C:\Windows\System\GzPhyKk.exe
  C:\Windows\System\GzPhyKk.exe
  2⤵
  PID:7904
- C:\Windows\System\jgTnePB.exe
  C:\Windows\System\jgTnePB.exe
  2⤵
  PID:8120
- C:\Windows\System\KdssakL.exe
  C:\Windows\System\KdssakL.exe
  2⤵
  PID:7360
- C:\Windows\System\tIUdyaZ.exe
  C:\Windows\System\tIUdyaZ.exe
  2⤵
  PID:772
- C:\Windows\System\VzquDDc.exe
  C:\Windows\System\VzquDDc.exe
  2⤵
  PID:8116
- C:\Windows\System\gUFzANi.exe
  C:\Windows\System\gUFzANi.exe
  2⤵
  PID:7332
- C:\Windows\System\IYBqHCu.exe
  C:\Windows\System\IYBqHCu.exe
  2⤵
  PID:5424
- C:\Windows\System\yOqMONI.exe
  C:\Windows\System\yOqMONI.exe
  2⤵
  PID:8208
- C:\Windows\System\eujlGsZ.exe
  C:\Windows\System\eujlGsZ.exe
  2⤵
  PID:8240
- C:\Windows\System\FIWYxts.exe
  C:\Windows\System\FIWYxts.exe
  2⤵
  PID:8268
- C:\Windows\System\YCGzvIP.exe
  C:\Windows\System\YCGzvIP.exe
  2⤵
  PID:8312
- C:\Windows\System\eZLNhOA.exe
  C:\Windows\System\eZLNhOA.exe
  2⤵
  PID:8356
- C:\Windows\System\CWsfPMS.exe
  C:\Windows\System\CWsfPMS.exe
  2⤵
  PID:8376
- C:\Windows\System\IGCHttx.exe
  C:\Windows\System\IGCHttx.exe
  2⤵
  PID:8416
- C:\Windows\System\HhBVEwE.exe
  C:\Windows\System\HhBVEwE.exe
  2⤵
  PID:8452
- C:\Windows\System\lsFhpxp.exe
  C:\Windows\System\lsFhpxp.exe
  2⤵
  PID:8488
- C:\Windows\System\svLqeHh.exe
  C:\Windows\System\svLqeHh.exe
  2⤵
  PID:8520
- C:\Windows\System\tgpHkzD.exe
  C:\Windows\System\tgpHkzD.exe
  2⤵
  PID:8556
- C:\Windows\System\HduVFlj.exe
  C:\Windows\System\HduVFlj.exe
  2⤵
  PID:8588
- C:\Windows\System\wgUWslG.exe
  C:\Windows\System\wgUWslG.exe
  2⤵
  PID:8624
- C:\Windows\System\WxDrdBX.exe
  C:\Windows\System\WxDrdBX.exe
  2⤵
  PID:8644
- C:\Windows\System\SIiJNKi.exe
  C:\Windows\System\SIiJNKi.exe
  2⤵
  PID:8680
- C:\Windows\System\pJFZxqv.exe
  C:\Windows\System\pJFZxqv.exe
  2⤵
  PID:8724
- C:\Windows\System\XTOaLfK.exe
  C:\Windows\System\XTOaLfK.exe
  2⤵
  PID:8760
- C:\Windows\System\EnLYaWg.exe
  C:\Windows\System\EnLYaWg.exe
  2⤵
  PID:8792
- C:\Windows\System\LMuNKKH.exe
  C:\Windows\System\LMuNKKH.exe
  2⤵
  PID:8824
- C:\Windows\System\HJDWTtt.exe
  C:\Windows\System\HJDWTtt.exe
  2⤵
  PID:8860
- C:\Windows\System\qtvJbaq.exe
  C:\Windows\System\qtvJbaq.exe
  2⤵
  PID:8904
- C:\Windows\System\NMvAKaG.exe
  C:\Windows\System\NMvAKaG.exe
  2⤵
  PID:8964
- C:\Windows\System\hlBLUXv.exe
  C:\Windows\System\hlBLUXv.exe
  2⤵
  PID:9032
- C:\Windows\System\XYmEelY.exe
  C:\Windows\System\XYmEelY.exe
  2⤵
  PID:9056
- C:\Windows\System\AFJrRbm.exe
  C:\Windows\System\AFJrRbm.exe
  2⤵
  PID:9096
- C:\Windows\System\JrLuTrk.exe
  C:\Windows\System\JrLuTrk.exe
  2⤵
  PID:9132
- C:\Windows\System\fItXjvd.exe
  C:\Windows\System\fItXjvd.exe
  2⤵
  PID:9168
- C:\Windows\System\vZafbtl.exe
  C:\Windows\System\vZafbtl.exe
  2⤵
  PID:9204
- C:\Windows\System\mLcWunT.exe
  C:\Windows\System\mLcWunT.exe
  2⤵
  PID:8048
- C:\Windows\System\krnZarF.exe
  C:\Windows\System\krnZarF.exe
  2⤵
  PID:8252
- C:\Windows\System\kRsEPPe.exe
  C:\Windows\System\kRsEPPe.exe
  2⤵
  PID:8288
- C:\Windows\System\dCqNfbC.exe
  C:\Windows\System\dCqNfbC.exe
  2⤵
  PID:8400
- C:\Windows\System\OOwyLOP.exe
  C:\Windows\System\OOwyLOP.exe
  2⤵
  PID:8448
- C:\Windows\System\QgTcYkL.exe
  C:\Windows\System\QgTcYkL.exe
  2⤵
  PID:8480
- C:\Windows\System\uFpoaIN.exe
  C:\Windows\System\uFpoaIN.exe
  2⤵
  PID:8544
- C:\Windows\System\IoPqFwW.exe
  C:\Windows\System\IoPqFwW.exe
  2⤵
  PID:6792
- C:\Windows\System\tfkThwG.exe
  C:\Windows\System\tfkThwG.exe
  2⤵
  PID:8656
- C:\Windows\System\MCbrdXd.exe
  C:\Windows\System\MCbrdXd.exe
  2⤵
  PID:8696
- C:\Windows\System\mLEXGny.exe
  C:\Windows\System\mLEXGny.exe
  2⤵
  PID:8756
- C:\Windows\System\OjyJVTd.exe
  C:\Windows\System\OjyJVTd.exe
  2⤵
  PID:8820
- C:\Windows\System\FrrNbqS.exe
  C:\Windows\System\FrrNbqS.exe
  2⤵
  PID:8872
- C:\Windows\System\LzzQJlK.exe
  C:\Windows\System\LzzQJlK.exe
  2⤵
  PID:8924
- C:\Windows\System\hNxQjxl.exe
  C:\Windows\System\hNxQjxl.exe
  2⤵
  PID:8976
- C:\Windows\System\oBZiFbi.exe
  C:\Windows\System\oBZiFbi.exe
  2⤵
  PID:7808
- C:\Windows\System\cgtoxEp.exe
  C:\Windows\System\cgtoxEp.exe
  2⤵
  PID:9048
- C:\Windows\System\IVTpkyX.exe
  C:\Windows\System\IVTpkyX.exe
  2⤵
  PID:9108
- C:\Windows\System\pDnpXMU.exe
  C:\Windows\System\pDnpXMU.exe
  2⤵
  PID:9164
- C:\Windows\System\Yijcqvs.exe
  C:\Windows\System\Yijcqvs.exe
  2⤵
  PID:9184
- C:\Windows\System\WwrnsXs.exe
  C:\Windows\System\WwrnsXs.exe
  2⤵
  PID:7716
- C:\Windows\System\zldoHux.exe
  C:\Windows\System\zldoHux.exe
  2⤵
  PID:8280
- C:\Windows\System\umoBieE.exe
  C:\Windows\System\umoBieE.exe
  2⤵
  PID:8548
- C:\Windows\System\oVRpsgN.exe
  C:\Windows\System\oVRpsgN.exe
  2⤵
  PID:8672
- C:\Windows\System\bCqfUVi.exe
  C:\Windows\System\bCqfUVi.exe
  2⤵
  PID:8808
- C:\Windows\System\Dlosuvn.exe
  C:\Windows\System\Dlosuvn.exe
  2⤵
  PID:8900
- C:\Windows\System\UdgxFaq.exe
  C:\Windows\System\UdgxFaq.exe
  2⤵
  PID:8952
- C:\Windows\System\CYDSFUU.exe
  C:\Windows\System\CYDSFUU.exe
  2⤵
  PID:7768
- C:\Windows\System\NPUfOMQ.exe
  C:\Windows\System\NPUfOMQ.exe
  2⤵
  PID:9124
- C:\Windows\System\PGqgcKI.exe
  C:\Windows\System\PGqgcKI.exe
  2⤵
  PID:8436
- C:\Windows\System\eNGHLFp.exe
  C:\Windows\System\eNGHLFp.exe
  2⤵
  PID:8856
- C:\Windows\System\BuWzrJm.exe
  C:\Windows\System\BuWzrJm.exe
  2⤵
  PID:9140
- C:\Windows\System\dsbHnug.exe
  C:\Windows\System\dsbHnug.exe
  2⤵
  PID:8476
- C:\Windows\System\qhFRWED.exe
  C:\Windows\System\qhFRWED.exe
  2⤵
  PID:9072
- C:\Windows\System\zZmsNnC.exe
  C:\Windows\System\zZmsNnC.exe
  2⤵
  PID:8992
- C:\Windows\System\vzCXVFF.exe
  C:\Windows\System\vzCXVFF.exe
  2⤵
  PID:9252
- C:\Windows\System\TmNdOVa.exe
  C:\Windows\System\TmNdOVa.exe
  2⤵
  PID:9280
- C:\Windows\System\oMiwYBy.exe
  C:\Windows\System\oMiwYBy.exe
  2⤵
  PID:9308
- C:\Windows\System\FqSLhRJ.exe
  C:\Windows\System\FqSLhRJ.exe
  2⤵
  PID:9340
- C:\Windows\System\LfrrCHp.exe
  C:\Windows\System\LfrrCHp.exe
  2⤵
  PID:9368
- C:\Windows\System\FoBebkl.exe
  C:\Windows\System\FoBebkl.exe
  2⤵
  PID:9388
- C:\Windows\System\QaFzOpf.exe
  C:\Windows\System\QaFzOpf.exe
  2⤵
  PID:9424
- C:\Windows\System\lhMgOqe.exe
  C:\Windows\System\lhMgOqe.exe
  2⤵
  PID:9452
- C:\Windows\System\jXLrgEJ.exe
  C:\Windows\System\jXLrgEJ.exe
  2⤵
  PID:9480
- C:\Windows\System\nhMfozG.exe
  C:\Windows\System\nhMfozG.exe
  2⤵
  PID:9496
- C:\Windows\System\fDpTaai.exe
  C:\Windows\System\fDpTaai.exe
  2⤵
  PID:9536
- C:\Windows\System\mIjHuXe.exe
  C:\Windows\System\mIjHuXe.exe
  2⤵
  PID:9564
- C:\Windows\System\gfvaxCa.exe
  C:\Windows\System\gfvaxCa.exe
  2⤵
  PID:9584
- C:\Windows\System\IRTvhzt.exe
  C:\Windows\System\IRTvhzt.exe
  2⤵
  PID:9620
- C:\Windows\System\lcRaQYj.exe
  C:\Windows\System\lcRaQYj.exe
  2⤵
  PID:9648
- C:\Windows\System\cXPHQcF.exe
  C:\Windows\System\cXPHQcF.exe
  2⤵
  PID:9664
- C:\Windows\System\KPVqJrC.exe
  C:\Windows\System\KPVqJrC.exe
  2⤵
  PID:9700
- C:\Windows\System\HMdIpjk.exe
  C:\Windows\System\HMdIpjk.exe
  2⤵
  PID:9748
- C:\Windows\System\DCNoJBI.exe
  C:\Windows\System\DCNoJBI.exe
  2⤵
  PID:9772
- C:\Windows\System\UYcKzqL.exe
  C:\Windows\System\UYcKzqL.exe
  2⤵
  PID:9812
- C:\Windows\System\cFwMphL.exe
  C:\Windows\System\cFwMphL.exe
  2⤵
  PID:9848
- C:\Windows\System\FZCgtIt.exe
  C:\Windows\System\FZCgtIt.exe
  2⤵
  PID:9872
- C:\Windows\System\EcKTXIm.exe
  C:\Windows\System\EcKTXIm.exe
  2⤵
  PID:9916
- C:\Windows\System\DktOqGb.exe
  C:\Windows\System\DktOqGb.exe
  2⤵
  PID:9944
- C:\Windows\System\hVoidLx.exe
  C:\Windows\System\hVoidLx.exe
  2⤵
  PID:9972
- C:\Windows\System\CwBEYHp.exe
  C:\Windows\System\CwBEYHp.exe
  2⤵
  PID:10000
- C:\Windows\System\gTHuMJK.exe
  C:\Windows\System\gTHuMJK.exe
  2⤵
  PID:10028
- C:\Windows\System\oBXQOWV.exe
  C:\Windows\System\oBXQOWV.exe
  2⤵
  PID:10056
- C:\Windows\System\AjsgUMO.exe
  C:\Windows\System\AjsgUMO.exe
  2⤵
  PID:10072
- C:\Windows\System\GFdifyw.exe
  C:\Windows\System\GFdifyw.exe
  2⤵
  PID:10104
- C:\Windows\System\IUMTHMX.exe
  C:\Windows\System\IUMTHMX.exe
  2⤵
  PID:10124
- C:\Windows\System\tUdqCfn.exe
  C:\Windows\System\tUdqCfn.exe
  2⤵
  PID:10168
- C:\Windows\System\yWPoTIi.exe
  C:\Windows\System\yWPoTIi.exe
  2⤵
  PID:10196
- C:\Windows\System\amhsSkD.exe
  C:\Windows\System\amhsSkD.exe
  2⤵
  PID:10224
- C:\Windows\System\qVJnyxE.exe
  C:\Windows\System\qVJnyxE.exe
  2⤵
  PID:9248
- C:\Windows\System\CJHiSnN.exe
  C:\Windows\System\CJHiSnN.exe
  2⤵
  PID:9328
- C:\Windows\System\HjWdBHU.exe
  C:\Windows\System\HjWdBHU.exe
  2⤵
  PID:9364
- C:\Windows\System\xBltNgY.exe
  C:\Windows\System\xBltNgY.exe
  2⤵
  PID:9464
- C:\Windows\System\SHDQqNK.exe
  C:\Windows\System\SHDQqNK.exe
  2⤵
  PID:9492
- C:\Windows\System\ABcwwgG.exe
  C:\Windows\System\ABcwwgG.exe
  2⤵
  PID:9608
- C:\Windows\System\VCapmmI.exe
  C:\Windows\System\VCapmmI.exe
  2⤵
  PID:9680
- C:\Windows\System\YbpffRn.exe
  C:\Windows\System\YbpffRn.exe
  2⤵
  PID:9744
- C:\Windows\System\ogSHhaQ.exe
  C:\Windows\System\ogSHhaQ.exe
  2⤵
  PID:9820
- C:\Windows\System\YZCYnpd.exe
  C:\Windows\System\YZCYnpd.exe
  2⤵
  PID:9904
- C:\Windows\System\HgjtBrD.exe
  C:\Windows\System\HgjtBrD.exe
  2⤵
  PID:9968
- C:\Windows\System\rvKwhaX.exe
  C:\Windows\System\rvKwhaX.exe
  2⤵
  PID:10044
- C:\Windows\System\rZDrfIW.exe
  C:\Windows\System\rZDrfIW.exe
  2⤵
  PID:10064
- C:\Windows\System\ATYZeEN.exe
  C:\Windows\System\ATYZeEN.exe
  2⤵
  PID:10156
- C:\Windows\System\SszVIWQ.exe
  C:\Windows\System\SszVIWQ.exe
  2⤵
  PID:9244
- C:\Windows\System\Qmvzidc.exe
  C:\Windows\System\Qmvzidc.exe
  2⤵
  PID:9440
- C:\Windows\System\PzdrPSZ.exe
  C:\Windows\System\PzdrPSZ.exe
  2⤵
  PID:9548
- C:\Windows\System\XvEZoqP.exe
  C:\Windows\System\XvEZoqP.exe
  2⤵
  PID:9740
- C:\Windows\System\CwsrwgQ.exe
  C:\Windows\System\CwsrwgQ.exe
  2⤵
  PID:9960
- C:\Windows\System\vJNOAcu.exe
  C:\Windows\System\vJNOAcu.exe
  2⤵
  PID:10068
- C:\Windows\System\zBnERKU.exe
  C:\Windows\System\zBnERKU.exe
  2⤵
  PID:10236
- C:\Windows\System\LvIOBhV.exe
  C:\Windows\System\LvIOBhV.exe
  2⤵
  PID:9784
- C:\Windows\System\cQCvFRz.exe
  C:\Windows\System\cQCvFRz.exe
  2⤵
  PID:9864
- C:\Windows\System\rJGYiQf.exe
  C:\Windows\System\rJGYiQf.exe
  2⤵
  PID:2360
- C:\Windows\System\IyPGcZh.exe
  C:\Windows\System\IyPGcZh.exe
  2⤵
  PID:9488
- C:\Windows\System\lCkhoBy.exe
  C:\Windows\System\lCkhoBy.exe
  2⤵
  PID:10264
- C:\Windows\System\EothuKB.exe
  C:\Windows\System\EothuKB.exe
  2⤵
  PID:10296
- C:\Windows\System\xpqZZTc.exe
  C:\Windows\System\xpqZZTc.exe
  2⤵
  PID:10320
- C:\Windows\System\lcUWPvg.exe
  C:\Windows\System\lcUWPvg.exe
  2⤵
  PID:10360
- C:\Windows\System\LlBPUZN.exe
  C:\Windows\System\LlBPUZN.exe
  2⤵
  PID:10388
- C:\Windows\System\hiayXja.exe
  C:\Windows\System\hiayXja.exe
  2⤵
  PID:10404
- C:\Windows\System\RbrUhNn.exe
  C:\Windows\System\RbrUhNn.exe
  2⤵
  PID:10440
- C:\Windows\System\ndfXsBu.exe
  C:\Windows\System\ndfXsBu.exe
  2⤵
  PID:10472
- C:\Windows\System\tkWgVvo.exe
  C:\Windows\System\tkWgVvo.exe
  2⤵
  PID:10512
- C:\Windows\System\yStiUaG.exe
  C:\Windows\System\yStiUaG.exe
  2⤵
  PID:10556
- C:\Windows\System\bCSIFts.exe
  C:\Windows\System\bCSIFts.exe
  2⤵
  PID:10580
- C:\Windows\System\MHMQVIu.exe
  C:\Windows\System\MHMQVIu.exe
  2⤵
  PID:10636
- C:\Windows\System\YmYhxeC.exe
  C:\Windows\System\YmYhxeC.exe
  2⤵
  PID:10676
- C:\Windows\System\pohXNRj.exe
  C:\Windows\System\pohXNRj.exe
  2⤵
  PID:10704
- C:\Windows\System\mUdVBqo.exe
  C:\Windows\System\mUdVBqo.exe
  2⤵
  PID:10732
- C:\Windows\System\jNhPpOW.exe
  C:\Windows\System\jNhPpOW.exe
  2⤵
  PID:10764
- C:\Windows\System\CgkcGoj.exe
  C:\Windows\System\CgkcGoj.exe
  2⤵
  PID:10796
- C:\Windows\System\mfCigUF.exe
  C:\Windows\System\mfCigUF.exe
  2⤵
  PID:10812
- C:\Windows\System\KuumGUy.exe
  C:\Windows\System\KuumGUy.exe
  2⤵
  PID:10868
- C:\Windows\System\niQjEOY.exe
  C:\Windows\System\niQjEOY.exe
  2⤵
  PID:10916
- C:\Windows\System\ywxIOeY.exe
  C:\Windows\System\ywxIOeY.exe
  2⤵
  PID:10952
- C:\Windows\System\JWBcNjq.exe
  C:\Windows\System\JWBcNjq.exe
  2⤵
  PID:11024
- C:\Windows\System\DTZVWHh.exe
  C:\Windows\System\DTZVWHh.exe
  2⤵
  PID:11056
- C:\Windows\System\TbcHjND.exe
  C:\Windows\System\TbcHjND.exe
  2⤵
  PID:11080
- C:\Windows\System\sohJJpR.exe
  C:\Windows\System\sohJJpR.exe
  2⤵
  PID:11100
- C:\Windows\System\fmeaDJi.exe
  C:\Windows\System\fmeaDJi.exe
  2⤵
  PID:11128
- C:\Windows\System\mExzEEp.exe
  C:\Windows\System\mExzEEp.exe
  2⤵
  PID:11168
- C:\Windows\System\igtgMhc.exe
  C:\Windows\System\igtgMhc.exe
  2⤵
  PID:11188
- C:\Windows\System\LFvPMmm.exe
  C:\Windows\System\LFvPMmm.exe
  2⤵
  PID:11236
- C:\Windows\System\aHuWmrc.exe
  C:\Windows\System\aHuWmrc.exe
  2⤵
  PID:10248
- C:\Windows\System\sxuAtDb.exe
  C:\Windows\System\sxuAtDb.exe
  2⤵
  PID:10312
- C:\Windows\System\YcgSkyg.exe
  C:\Windows\System\YcgSkyg.exe
  2⤵
  PID:3992
- C:\Windows\System\katqFnb.exe
  C:\Windows\System\katqFnb.exe
  2⤵
  PID:1424
- C:\Windows\System\uekEvvq.exe
  C:\Windows\System\uekEvvq.exe
  2⤵
  PID:10428
- C:\Windows\System\tAeYFjj.exe
  C:\Windows\System\tAeYFjj.exe
  2⤵
  PID:10464
- C:\Windows\System\KlFizmj.exe
  C:\Windows\System\KlFizmj.exe
  2⤵
  PID:10544
- C:\Windows\System\cMxXdvM.exe
  C:\Windows\System\cMxXdvM.exe
  2⤵
  PID:10756
- C:\Windows\System\NFjbkns.exe
  C:\Windows\System\NFjbkns.exe
  2⤵
  PID:10808
- C:\Windows\System\eAnxESe.exe
  C:\Windows\System\eAnxESe.exe
  2⤵
  PID:10904
- C:\Windows\System\ZlMEEyA.exe
  C:\Windows\System\ZlMEEyA.exe
  2⤵
  PID:11004
- C:\Windows\System\JlMVycD.exe
  C:\Windows\System\JlMVycD.exe
  2⤵
  PID:11076
- C:\Windows\System\LpzwweV.exe
  C:\Windows\System\LpzwweV.exe
  2⤵
  PID:11068
- C:\Windows\System\csTgRSE.exe
  C:\Windows\System\csTgRSE.exe
  2⤵
  PID:11180
- C:\Windows\System\XwqpcVe.exe
  C:\Windows\System\XwqpcVe.exe
  2⤵
  PID:10284
- C:\Windows\System\ekfMpUy.exe
  C:\Windows\System\ekfMpUy.exe
  2⤵
  PID:10400
- C:\Windows\System\XWybzWt.exe
  C:\Windows\System\XWybzWt.exe
  2⤵
  PID:10524
- C:\Windows\System\rVVwaow.exe
  C:\Windows\System\rVVwaow.exe
  2⤵
  PID:10668
- C:\Windows\System\evvQvcm.exe
  C:\Windows\System\evvQvcm.exe
  2⤵
  PID:10968
- C:\Windows\System\VljJhoS.exe
  C:\Windows\System\VljJhoS.exe
  2⤵
  PID:11120
- C:\Windows\System\LtuuuCH.exe
  C:\Windows\System\LtuuuCH.exe
  2⤵
  PID:10340
- C:\Windows\System\JOHOnNi.exe
  C:\Windows\System\JOHOnNi.exe
  2⤵
  PID:10608
- C:\Windows\System\oCsbbxm.exe
  C:\Windows\System\oCsbbxm.exe
  2⤵
  PID:11040
- C:\Windows\System\NtPonYG.exe
  C:\Windows\System\NtPonYG.exe
  2⤵
  PID:10672
- C:\Windows\System\HDGgKiV.exe
  C:\Windows\System\HDGgKiV.exe
  2⤵
  PID:4824
- C:\Windows\System\umQGzjr.exe
  C:\Windows\System\umQGzjr.exe
  2⤵
  PID:11280
- C:\Windows\System\TXPqiSE.exe
  C:\Windows\System\TXPqiSE.exe
  2⤵
  PID:11300
- C:\Windows\System\OlnCmLv.exe
  C:\Windows\System\OlnCmLv.exe
  2⤵
  PID:11324
- C:\Windows\System\UIpszAu.exe
  C:\Windows\System\UIpszAu.exe
  2⤵
  PID:11340
- C:\Windows\System\iNnvMZb.exe
  C:\Windows\System\iNnvMZb.exe
  2⤵
  PID:11384
- C:\Windows\System\GdxdNrj.exe
  C:\Windows\System\GdxdNrj.exe
  2⤵
  PID:11420
- C:\Windows\System\jzoDzVM.exe
  C:\Windows\System\jzoDzVM.exe
  2⤵
  PID:11448
- C:\Windows\System\orWJKkd.exe
  C:\Windows\System\orWJKkd.exe
  2⤵
  PID:11464
- C:\Windows\System\JZCcVbQ.exe
  C:\Windows\System\JZCcVbQ.exe
  2⤵
  PID:11492
- C:\Windows\System\qhysPJI.exe
  C:\Windows\System\qhysPJI.exe
  2⤵
  PID:11516
- C:\Windows\System\RfFrxIp.exe
  C:\Windows\System\RfFrxIp.exe
  2⤵
  PID:11564
- C:\Windows\System\UkqLVkP.exe
  C:\Windows\System\UkqLVkP.exe
  2⤵
  PID:11592
- C:\Windows\System\vuBhYDB.exe
  C:\Windows\System\vuBhYDB.exe
  2⤵
  PID:11608
- C:\Windows\System\zKOgckz.exe
  C:\Windows\System\zKOgckz.exe
  2⤵
  PID:11648
- C:\Windows\System\vidKRnn.exe
  C:\Windows\System\vidKRnn.exe
  2⤵
  PID:11676
- C:\Windows\System\ZmmCaPR.exe
  C:\Windows\System\ZmmCaPR.exe
  2⤵
  PID:11692
- C:\Windows\System\smSTWlU.exe
  C:\Windows\System\smSTWlU.exe
  2⤵
  PID:11732
- C:\Windows\System\SbRYemu.exe
  C:\Windows\System\SbRYemu.exe
  2⤵
  PID:11760
- C:\Windows\System\iChxSvt.exe
  C:\Windows\System\iChxSvt.exe
  2⤵
  PID:11788
- C:\Windows\System\CrsMYBn.exe
  C:\Windows\System\CrsMYBn.exe
  2⤵
  PID:11804
- C:\Windows\System\PZgIIYN.exe
  C:\Windows\System\PZgIIYN.exe
  2⤵
  PID:11820
- C:\Windows\System\qQcnVgi.exe
  C:\Windows\System\qQcnVgi.exe
  2⤵
  PID:11856
- C:\Windows\System\rslBkfC.exe
  C:\Windows\System\rslBkfC.exe
  2⤵
  PID:11900
- C:\Windows\System\GmeLDkH.exe
  C:\Windows\System\GmeLDkH.exe
  2⤵
  PID:11928
- C:\Windows\System\qtTNBts.exe
  C:\Windows\System\qtTNBts.exe
  2⤵
  PID:11956
- C:\Windows\System\HtTyHNi.exe
  C:\Windows\System\HtTyHNi.exe
  2⤵
  PID:11984
- C:\Windows\System\wNAVWMl.exe
  C:\Windows\System\wNAVWMl.exe
  2⤵
  PID:12012
- C:\Windows\System\YtzhJtX.exe
  C:\Windows\System\YtzhJtX.exe
  2⤵
  PID:12040
- C:\Windows\System\bDoKMKM.exe
  C:\Windows\System\bDoKMKM.exe
  2⤵
  PID:12068
- C:\Windows\System\DVixAij.exe
  C:\Windows\System\DVixAij.exe
  2⤵
  PID:12096
- C:\Windows\System\xnQAmtq.exe
  C:\Windows\System\xnQAmtq.exe
  2⤵
  PID:12124
- C:\Windows\System\nMAcisY.exe
  C:\Windows\System\nMAcisY.exe
  2⤵
  PID:12152
- C:\Windows\System\oQImeke.exe
  C:\Windows\System\oQImeke.exe
  2⤵
  PID:12180
- C:\Windows\System\bbYtvRm.exe
  C:\Windows\System\bbYtvRm.exe
  2⤵
  PID:12208
- C:\Windows\System\TgWMzmY.exe
  C:\Windows\System\TgWMzmY.exe
  2⤵
  PID:12244
- C:\Windows\System\yKGnvJX.exe
  C:\Windows\System\yKGnvJX.exe
  2⤵
  PID:1144
- C:\Windows\System\SIjcrzb.exe
  C:\Windows\System\SIjcrzb.exe
  2⤵
  PID:1356
- C:\Windows\System\msLluHI.exe
  C:\Windows\System\msLluHI.exe
  2⤵
  PID:11316
- C:\Windows\System\HIbrkZJ.exe
  C:\Windows\System\HIbrkZJ.exe
  2⤵
  PID:11364
- C:\Windows\System\WdTSKFQ.exe
  C:\Windows\System\WdTSKFQ.exe
  2⤵
  PID:11444
- C:\Windows\System\KBMztaI.exe
  C:\Windows\System\KBMztaI.exe
  2⤵
  PID:11508
- C:\Windows\System\gwDUesq.exe
  C:\Windows\System\gwDUesq.exe
  2⤵
  PID:11576
- C:\Windows\System\OMyxdCT.exe
  C:\Windows\System\OMyxdCT.exe
  2⤵
  PID:11664
- C:\Windows\System\gHeCgDO.exe
  C:\Windows\System\gHeCgDO.exe
  2⤵
  PID:11728
- C:\Windows\System\LXDqwKb.exe
  C:\Windows\System\LXDqwKb.exe
  2⤵
  PID:11800
- C:\Windows\System\bxZbNmI.exe
  C:\Windows\System\bxZbNmI.exe
  2⤵
  PID:11872
- C:\Windows\System\TrabKMI.exe
  C:\Windows\System\TrabKMI.exe
  2⤵
  PID:11940
- C:\Windows\System\aIXfZEn.exe
  C:\Windows\System\aIXfZEn.exe
  2⤵
  PID:12004
- C:\Windows\System\jZHalAl.exe
  C:\Windows\System\jZHalAl.exe
  2⤵
  PID:12060
- C:\Windows\System\VLhJTDo.exe
  C:\Windows\System\VLhJTDo.exe
  2⤵
  PID:12136
- C:\Windows\System\WRShksD.exe
  C:\Windows\System\WRShksD.exe
  2⤵
  PID:12204
- C:\Windows\System\bJpluhl.exe
  C:\Windows\System\bJpluhl.exe
  2⤵
  PID:11248
- C:\Windows\System\BPQkqOC.exe
  C:\Windows\System\BPQkqOC.exe
  2⤵
  PID:11352
- C:\Windows\System\PxJgWjr.exe
  C:\Windows\System\PxJgWjr.exe
  2⤵
  PID:11500
- C:\Windows\System\NWLzdxq.exe
  C:\Windows\System\NWLzdxq.exe
  2⤵
  PID:11684
- C:\Windows\System\baRGRRE.exe
  C:\Windows\System\baRGRRE.exe
  2⤵
  PID:11724
- C:\Windows\System\DRuMISt.exe
  C:\Windows\System\DRuMISt.exe
  2⤵
  PID:11832
- C:\Windows\System\lAWlEKc.exe
  C:\Windows\System\lAWlEKc.exe
  2⤵
  PID:11996
- C:\Windows\System\tKXwvtm.exe
  C:\Windows\System\tKXwvtm.exe
  2⤵
  PID:12116
- C:\Windows\System\UEHzzVf.exe
  C:\Windows\System\UEHzzVf.exe
  2⤵
  PID:12272
- C:\Windows\System\lhvgVvf.exe
  C:\Windows\System\lhvgVvf.exe
  2⤵
  PID:11580
- C:\Windows\System\MnDXLMk.exe
  C:\Windows\System\MnDXLMk.exe
  2⤵
  PID:11920
- C:\Windows\System\SKkOvYm.exe
  C:\Windows\System\SKkOvYm.exe
  2⤵
  PID:11476
- C:\Windows\System\mhBcWdQ.exe
  C:\Windows\System\mhBcWdQ.exe
  2⤵
  PID:12300
- C:\Windows\System\ZcroalK.exe
  C:\Windows\System\ZcroalK.exe
  2⤵
  PID:12328
- C:\Windows\System\rWvLQSj.exe
  C:\Windows\System\rWvLQSj.exe
  2⤵
  PID:12356
- C:\Windows\System\bUiwEfF.exe
  C:\Windows\System\bUiwEfF.exe
  2⤵
  PID:12392
- C:\Windows\System\cvgZkxL.exe
  C:\Windows\System\cvgZkxL.exe
  2⤵
  PID:12420
- C:\Windows\System\PhtQWVS.exe
  C:\Windows\System\PhtQWVS.exe
  2⤵
  PID:12448
- C:\Windows\System\rpHDNLn.exe
  C:\Windows\System\rpHDNLn.exe
  2⤵
  PID:12476
- C:\Windows\System\HFPDRIb.exe
  C:\Windows\System\HFPDRIb.exe
  2⤵
  PID:12504
- C:\Windows\System\XvJIPtY.exe
  C:\Windows\System\XvJIPtY.exe
  2⤵
  PID:12532
- C:\Windows\System\ggEGyLe.exe
  C:\Windows\System\ggEGyLe.exe
  2⤵
  PID:12560
- C:\Windows\System\FGSUlcc.exe
  C:\Windows\System\FGSUlcc.exe
  2⤵
  PID:12588
- C:\Windows\System\RsTfsUF.exe
  C:\Windows\System\RsTfsUF.exe
  2⤵
  PID:12616
- C:\Windows\System\xvlDSZZ.exe
  C:\Windows\System\xvlDSZZ.exe
  2⤵
  PID:12644
- C:\Windows\System\Ejjirhh.exe
  C:\Windows\System\Ejjirhh.exe
  2⤵
  PID:12672
- C:\Windows\System\fpAfWMP.exe
  C:\Windows\System\fpAfWMP.exe
  2⤵
  PID:12700
- C:\Windows\System\tervqqm.exe
  C:\Windows\System\tervqqm.exe
  2⤵
  PID:12728
- C:\Windows\System\QVKzZhx.exe
  C:\Windows\System\QVKzZhx.exe
  2⤵
  PID:12752
- C:\Windows\System\LUKJZOB.exe
  C:\Windows\System\LUKJZOB.exe
  2⤵
  PID:12780
- C:\Windows\System\qkJsfbG.exe
  C:\Windows\System\qkJsfbG.exe
  2⤵
  PID:12820
- C:\Windows\System\LEIYMSs.exe
  C:\Windows\System\LEIYMSs.exe
  2⤵
  PID:12848
- C:\Windows\System\WqhZPtI.exe
  C:\Windows\System\WqhZPtI.exe
  2⤵
  PID:12880
- C:\Windows\System\KkhcIFH.exe
  C:\Windows\System\KkhcIFH.exe
  2⤵
  PID:12908
- C:\Windows\System\vpfayPI.exe
  C:\Windows\System\vpfayPI.exe
  2⤵
  PID:12936
- C:\Windows\System\ulcQlHp.exe
  C:\Windows\System\ulcQlHp.exe
  2⤵
  PID:12964
- C:\Windows\System\CUHcxSx.exe
  C:\Windows\System\CUHcxSx.exe
  2⤵
  PID:12992
- C:\Windows\System\OLAhXzc.exe
  C:\Windows\System\OLAhXzc.exe
  2⤵
  PID:12572
- C:\Windows\System\okhFice.exe
  C:\Windows\System\okhFice.exe
  2⤵
  PID:12608
- C:\Windows\System\DxxdPvG.exe
  C:\Windows\System\DxxdPvG.exe
  2⤵
  PID:12668
- C:\Windows\System\RIREgGT.exe
  C:\Windows\System\RIREgGT.exe
  2⤵
  PID:12768
- C:\Windows\System\ksSylkz.exe
  C:\Windows\System\ksSylkz.exe
  2⤵
  PID:12808
- C:\Windows\System\zGtXllV.exe
  C:\Windows\System\zGtXllV.exe
  2⤵
  PID:12876
- C:\Windows\System\WsUSwpP.exe
  C:\Windows\System\WsUSwpP.exe
  2⤵
  PID:12948
- C:\Windows\System\EPOaGqB.exe
  C:\Windows\System\EPOaGqB.exe
  2⤵
  PID:13016
- C:\Windows\System\yruCPXo.exe
  C:\Windows\System\yruCPXo.exe
  2⤵
  PID:13056
- C:\Windows\System\rtrLmGa.exe
  C:\Windows\System\rtrLmGa.exe
  2⤵
  PID:13088
- C:\Windows\System\WoMZSYu.exe
  C:\Windows\System\WoMZSYu.exe
  2⤵
  PID:13112
- C:\Windows\System\FRSjMjy.exe
  C:\Windows\System\FRSjMjy.exe
  2⤵
  PID:13136
- C:\Windows\System\qNAXngu.exe
  C:\Windows\System\qNAXngu.exe
  2⤵
  PID:13164
- C:\Windows\System\cCKsmpi.exe
  C:\Windows\System\cCKsmpi.exe
  2⤵
  PID:13192
- C:\Windows\System\vaYoCwm.exe
  C:\Windows\System\vaYoCwm.exe
  2⤵
  PID:13220
- C:\Windows\System\CemDITS.exe
  C:\Windows\System\CemDITS.exe
  2⤵
  PID:13236
- C:\Windows\System\vxhkFSr.exe
  C:\Windows\System\vxhkFSr.exe
  2⤵
  PID:9788
- C:\Windows\System\DOlhZEV.exe
  C:\Windows\System\DOlhZEV.exe
  2⤵
  PID:10308
- C:\Windows\System\mshLBxH.exe
  C:\Windows\System\mshLBxH.exe
  2⤵
  PID:4352
- C:\Windows\System\phobHiq.exe
  C:\Windows\System\phobHiq.exe
  2⤵
  PID:2260
- C:\Windows\System\xLfAdcz.exe
  C:\Windows\System\xLfAdcz.exe
  2⤵
  PID:12320
- C:\Windows\System\eWPiUid.exe
  C:\Windows\System\eWPiUid.exe
  2⤵
  PID:544
- C:\Windows\System\YUDPVMT.exe
  C:\Windows\System\YUDPVMT.exe
  2⤵
  PID:12412
- C:\Windows\System\SKXDvWw.exe
  C:\Windows\System\SKXDvWw.exe
  2⤵
  PID:13288
- C:\Windows\System\JJwYriz.exe
  C:\Windows\System\JJwYriz.exe
  2⤵
  PID:12416
- C:\Windows\System\UGtsLQd.exe
  C:\Windows\System\UGtsLQd.exe
  2⤵
  PID:5332
- C:\Windows\System\KxLydfF.exe
  C:\Windows\System\KxLydfF.exe
  2⤵
  PID:5168
- C:\Windows\System\TNnATWS.exe
  C:\Windows\System\TNnATWS.exe
  2⤵
  PID:7124
- C:\Windows\System\AeujlKj.exe
  C:\Windows\System\AeujlKj.exe
  2⤵
  PID:2932
- C:\Windows\System\dWkcwGD.exe
  C:\Windows\System\dWkcwGD.exe
  2⤵
  PID:12656
- C:\Windows\System\fEfckMP.exe
  C:\Windows\System\fEfckMP.exe
  2⤵
  PID:3008
- C:\Windows\System\rKoLzFP.exe
  C:\Windows\System\rKoLzFP.exe
  2⤵
  PID:5092
- C:\Windows\System\IqRsHVp.exe
  C:\Windows\System\IqRsHVp.exe
  2⤵
  PID:12696
- C:\Windows\System\AwXiezD.exe
  C:\Windows\System\AwXiezD.exe
  2⤵
  PID:12812
- C:\Windows\System\QaHlHqK.exe
  C:\Windows\System\QaHlHqK.exe
  2⤵
  PID:12976
- C:\Windows\System\FztAkfd.exe
  C:\Windows\System\FztAkfd.exe
  2⤵
  PID:13100
- C:\Windows\System\aNfSZZY.exe
  C:\Windows\System\aNfSZZY.exe
  2⤵
  PID:13132
- C:\Windows\System\wwNNrYR.exe
  C:\Windows\System\wwNNrYR.exe
  2⤵
  PID:13204
- C:\Windows\System\diRntvG.exe
  C:\Windows\System\diRntvG.exe
  2⤵
  PID:9768
- C:\Windows\System\tDySDRK.exe
  C:\Windows\System\tDySDRK.exe
  2⤵
  PID:876
- C:\Windows\System\zGoviQn.exe
  C:\Windows\System\zGoviQn.exe
  2⤵
  PID:3060
- C:\Windows\System\TJXUSdJ.exe
  C:\Windows\System\TJXUSdJ.exe
  2⤵
  PID:12352
- C:\Windows\System\KtXKOBl.exe
  C:\Windows\System\KtXKOBl.exe
  2⤵
  PID:5304
- C:\Windows\System\hzLWcgS.exe
  C:\Windows\System\hzLWcgS.exe
  2⤵
  PID:12496
- C:\Windows\System\GYSpcwo.exe
  C:\Windows\System\GYSpcwo.exe
  2⤵
  PID:2364
- C:\Windows\System\IAHaxpA.exe
  C:\Windows\System\IAHaxpA.exe
  2⤵
  PID:12868
- C:\Windows\System\xceVRaO.exe
  C:\Windows\System\xceVRaO.exe
  2⤵
  PID:13052
- C:\Windows\System\hweRTup.exe
  C:\Windows\System\hweRTup.exe
  2⤵
  PID:13188
- C:\Windows\System\NwocZeX.exe
  C:\Windows\System\NwocZeX.exe
  2⤵
  PID:12636
- C:\Windows\System\jQEQIzW.exe
  C:\Windows\System\jQEQIzW.exe
  2⤵
  PID:1112
- C:\Windows\System\aHkIcLv.exe
  C:\Windows\System\aHkIcLv.exe
  2⤵
  PID:4676
- C:\Windows\System\zqGtrxU.exe
  C:\Windows\System\zqGtrxU.exe
  2⤵
  PID:4976
- C:\Windows\System\gBDhZjq.exe
  C:\Windows\System\gBDhZjq.exe
  2⤵
  PID:4560
- C:\Windows\System\lzhlaCj.exe
  C:\Windows\System\lzhlaCj.exe
  2⤵
  PID:7560
- C:\Windows\System\XvvvPud.exe
  C:\Windows\System\XvvvPud.exe
  2⤵
  PID:13252
- C:\Windows\System\ryXokGU.exe
  C:\Windows\System\ryXokGU.exe
  2⤵
  PID:4960
- C:\Windows\System\nznYwzU.exe
  C:\Windows\System\nznYwzU.exe
  2⤵
  PID:5088
- C:\Windows\System\jTKsGkI.exe
  C:\Windows\System\jTKsGkI.exe
  2⤵
  PID:560
- C:\Windows\System\rkjQWdp.exe
  C:\Windows\System\rkjQWdp.exe
  2⤵
  PID:2424
- C:\Windows\System\ZjjYYQw.exe
  C:\Windows\System\ZjjYYQw.exe
  2⤵
  PID:2448
- C:\Windows\System\OcgEvnY.exe
  C:\Windows\System\OcgEvnY.exe
  2⤵
  PID:12472
- C:\Windows\System\yOrrEJP.exe
  C:\Windows\System\yOrrEJP.exe
  2⤵
  PID:892
- C:\Windows\System\YnmtNFC.exe
  C:\Windows\System\YnmtNFC.exe
  2⤵
  PID:3844
- C:\Windows\System\fdevZMV.exe
  C:\Windows\System\fdevZMV.exe
  2⤵
  PID:4912
- C:\Windows\System\LqQSLcp.exe
  C:\Windows\System\LqQSLcp.exe
  2⤵
  PID:4552
- C:\Windows\System\IuXsuPf.exe
  C:\Windows\System\IuXsuPf.exe
  2⤵
  PID:5192
- C:\Windows\System\FzMdTdG.exe
  C:\Windows\System\FzMdTdG.exe
  2⤵
  PID:880
- C:\Windows\System\skncJYZ.exe
  C:\Windows\System\skncJYZ.exe
  2⤵
  PID:4260
- C:\Windows\System\JBfBxVd.exe
  C:\Windows\System\JBfBxVd.exe
  2⤵
  PID:1652
- C:\Windows\System\KtmUlMK.exe
  C:\Windows\System\KtmUlMK.exe
  2⤵
  PID:3084
- C:\Windows\System\GsjAHQF.exe
  C:\Windows\System\GsjAHQF.exe
  2⤵
  PID:2460
- C:\Windows\System\lGhBWrM.exe
  C:\Windows\System\lGhBWrM.exe
  2⤵
  PID:4928
- C:\Windows\System\vDqaXiy.exe
  C:\Windows\System\vDqaXiy.exe
  2⤵
  PID:3664
- C:\Windows\System\oLLzMeN.exe
  C:\Windows\System\oLLzMeN.exe
  2⤵
  PID:1984
- C:\Windows\System\pOqijWR.exe
  C:\Windows\System\pOqijWR.exe
  2⤵
  PID:13320
- C:\Windows\System\sdaOEmF.exe
  C:\Windows\System\sdaOEmF.exe
  2⤵
  PID:13348
- C:\Windows\System\zfbqjHe.exe
  C:\Windows\System\zfbqjHe.exe
  2⤵
  PID:13376
- C:\Windows\System\ImRiBkG.exe
  C:\Windows\System\ImRiBkG.exe
  2⤵
  PID:13404
- C:\Windows\System\JavRXMQ.exe
  C:\Windows\System\JavRXMQ.exe
  2⤵
  PID:13432
- C:\Windows\System\RLLDwBk.exe
  C:\Windows\System\RLLDwBk.exe
  2⤵
  PID:13496
- C:\Windows\System\hnAduAo.exe
  C:\Windows\System\hnAduAo.exe
  2⤵
  PID:13512
- C:\Windows\System\eBcHZkj.exe
  C:\Windows\System\eBcHZkj.exe
  2⤵
  PID:13540
- C:\Windows\System\kxlzqVp.exe
  C:\Windows\System\kxlzqVp.exe
  2⤵
  PID:13568
- C:\Windows\System\BFKvaBk.exe
  C:\Windows\System\BFKvaBk.exe
  2⤵
  PID:13600
- C:\Windows\System\HFzXSVb.exe
  C:\Windows\System\HFzXSVb.exe
  2⤵
  PID:13624
- C:\Windows\System\zuJPDTE.exe
  C:\Windows\System\zuJPDTE.exe
  2⤵
  PID:13664
- C:\Windows\System\JKLPEmd.exe
  C:\Windows\System\JKLPEmd.exe
  2⤵
  PID:13728
- C:\Windows\System\iDIewkg.exe
  C:\Windows\System\iDIewkg.exe
  2⤵
  PID:13756
- C:\Windows\System\tQQONfG.exe
  C:\Windows\System\tQQONfG.exe
  2⤵
  PID:13772
- C:\Windows\System\zfprCik.exe
  C:\Windows\System\zfprCik.exe
  2⤵
  PID:13800
- C:\Windows\System\wIdiegZ.exe
  C:\Windows\System\wIdiegZ.exe
  2⤵
  PID:13828
- C:\Windows\System\GxfYkXx.exe
  C:\Windows\System\GxfYkXx.exe
  2⤵
  PID:13856
- C:\Windows\System\xNNBgci.exe
  C:\Windows\System\xNNBgci.exe
  2⤵
  PID:13884
- C:\Windows\System\LkRmMAT.exe
  C:\Windows\System\LkRmMAT.exe
  2⤵
  PID:13912
- C:\Windows\System\MJEbUMW.exe
  C:\Windows\System\MJEbUMW.exe
  2⤵
  PID:13980
- C:\Windows\System\kSLpJRI.exe
  C:\Windows\System\kSLpJRI.exe
  2⤵
  PID:13996
- C:\Windows\System\HXACVRw.exe
  C:\Windows\System\HXACVRw.exe
  2⤵
  PID:14024
- C:\Windows\System\RwLpXOe.exe
  C:\Windows\System\RwLpXOe.exe
  2⤵
  PID:14056
- C:\Windows\System\ioGUCTT.exe
  C:\Windows\System\ioGUCTT.exe
  2⤵
  PID:14080
- C:\Windows\System\FIJQAnf.exe
  C:\Windows\System\FIJQAnf.exe
  2⤵
  PID:14112
- C:\Windows\System\guPnDTu.exe
  C:\Windows\System\guPnDTu.exe
  2⤵
  PID:14136
- C:\Windows\System\zkyHxyN.exe
  C:\Windows\System\zkyHxyN.exe
  2⤵
  PID:14164
- C:\Windows\System\KGgqUPG.exe
  C:\Windows\System\KGgqUPG.exe
  2⤵
  PID:14224
- C:\Windows\System\IUdYCHI.exe
  C:\Windows\System\IUdYCHI.exe
  2⤵
  PID:14240
- C:\Windows\System\bCAneXo.exe
  C:\Windows\System\bCAneXo.exe
  2⤵
  PID:14268
- C:\Windows\System\nPYnmOT.exe
  C:\Windows\System\nPYnmOT.exe
  2⤵
  PID:14300
- C:\Windows\System\VkbEsNm.exe
  C:\Windows\System\VkbEsNm.exe
  2⤵
  PID:14324
- C:\Windows\System\kKysgTt.exe
  C:\Windows\System\kKysgTt.exe
  2⤵
  PID:1296
- C:\Windows\System\zjGoBiM.exe
  C:\Windows\System\zjGoBiM.exe
  2⤵
  PID:13424
- C:\Windows\System\UyybpTt.exe
  C:\Windows\System\UyybpTt.exe
  2⤵
  PID:624
- C:\Windows\System\BYzgmyX.exe
  C:\Windows\System\BYzgmyX.exe
  2⤵
  PID:13484
- C:\Windows\System\tNTJwAI.exe
  C:\Windows\System\tNTJwAI.exe
  2⤵
  PID:13524
- C:\Windows\System\ClLnRZq.exe
  C:\Windows\System\ClLnRZq.exe
  2⤵
  PID:208
- C:\Windows\System\GmLWjOw.exe
  C:\Windows\System\GmLWjOw.exe
  2⤵
  PID:4576
- C:\Windows\System\SLDnkOW.exe
  C:\Windows\System\SLDnkOW.exe
  2⤵
  PID:2096
- C:\Windows\System\lSLDQIj.exe
  C:\Windows\System\lSLDQIj.exe
  2⤵
  PID:13936
- C:\Windows\System\hoaaXwF.exe
  C:\Windows\System\hoaaXwF.exe
  2⤵
  PID:7928
- C:\Windows\System\DZIgMLM.exe
  C:\Windows\System\DZIgMLM.exe
  2⤵
  PID:13968
- C:\Windows\System\mIPtcPM.exe
  C:\Windows\System\mIPtcPM.exe
  2⤵
  PID:3488
- C:\Windows\System\diTTTkq.exe
  C:\Windows\System\diTTTkq.exe
  2⤵
  PID:13992
- C:\Windows\System\gWVXpwp.exe
  C:\Windows\System\gWVXpwp.exe
  2⤵
  PID:8068
- C:\Windows\System\rfxDZIa.exe
  C:\Windows\System\rfxDZIa.exe
  2⤵
  PID:14064
- C:\Windows\System\AyOQyLi.exe
  C:\Windows\System\AyOQyLi.exe
  2⤵
  PID:4136
- C:\Windows\System\SmQJozb.exe
  C:\Windows\System\SmQJozb.exe
  2⤵
  PID:4000
- C:\Windows\System\oBlfUmG.exe
  C:\Windows\System\oBlfUmG.exe
  2⤵
  PID:14216
- C:\Windows\System\HtlyIQq.exe
  C:\Windows\System\HtlyIQq.exe
  2⤵
  PID:14232
- C:\Windows\System\oEUpvWq.exe
  C:\Windows\System\oEUpvWq.exe
  2⤵
  PID:4776
- C:\Windows\System\VJwlMHW.exe
  C:\Windows\System\VJwlMHW.exe
  2⤵
  PID:7660
- C:\Windows\System\OdUlbus.exe
  C:\Windows\System\OdUlbus.exe
  2⤵
  PID:13316
- C:\Windows\System\LScwQLl.exe
  C:\Windows\System\LScwQLl.exe
  2⤵
  PID:13332
- C:\Windows\System\fsJGcNn.exe
  C:\Windows\System\fsJGcNn.exe
  2⤵
  PID:7536
- C:\Windows\System\YzErNsc.exe
  C:\Windows\System\YzErNsc.exe
  2⤵
  PID:1728
- C:\Windows\System\nREiizx.exe
  C:\Windows\System\nREiizx.exe
  2⤵
  PID:8032
- C:\Windows\System\StrTDGP.exe
  C:\Windows\System\StrTDGP.exe
  2⤵
  PID:13532
- C:\Windows\System\AJOeeZU.exe
  C:\Windows\System\AJOeeZU.exe
  2⤵
  PID:13564
- C:\Windows\System\MODgzBH.exe
  C:\Windows\System\MODgzBH.exe
  2⤵
  PID:2392
- C:\Windows\System\jrnTehS.exe
  C:\Windows\System\jrnTehS.exe
  2⤵
  PID:7704
- C:\Windows\System\jczukPA.exe
  C:\Windows\System\jczukPA.exe
  2⤵
  PID:13784
- C:\Windows\System\xXdQQUO.exe
  C:\Windows\System\xXdQQUO.exe
  2⤵
  PID:8044
- C:\Windows\System\xmbndtR.exe
  C:\Windows\System\xmbndtR.exe
  2⤵
  PID:8184
- C:\Windows\System\HPGGedg.exe
  C:\Windows\System\HPGGedg.exe
  2⤵
  PID:13880
- C:\Windows\System\mIvRpPJ.exe
  C:\Windows\System\mIvRpPJ.exe
  2⤵
  PID:5460
- C:\Windows\System\ehWZMnM.exe
  C:\Windows\System\ehWZMnM.exe
  2⤵
  PID:7776
- C:\Windows\System\nObtfBw.exe
  C:\Windows\System\nObtfBw.exe
  2⤵
  PID:4088
- C:\Windows\System\uZuHWxy.exe
  C:\Windows\System\uZuHWxy.exe
  2⤵
  PID:8076
- C:\Windows\System\TjcOPRY.exe
  C:\Windows\System\TjcOPRY.exe
  2⤵
  PID:3208
- C:\Windows\System\MZIPQIs.exe
  C:\Windows\System\MZIPQIs.exe
  2⤵
  PID:7680
- C:\Windows\System\sWSABEH.exe
  C:\Windows\System\sWSABEH.exe
  2⤵
  PID:7248
- C:\Windows\System\YgFRWzr.exe
  C:\Windows\System\YgFRWzr.exe
  2⤵
  PID:7448
- C:\Windows\System\DuWmCls.exe
  C:\Windows\System\DuWmCls.exe
  2⤵
  PID:7444
- C:\Windows\System\qEZNrNZ.exe
  C:\Windows\System\qEZNrNZ.exe
  2⤵
  PID:3136
- C:\Windows\System\XiaHghi.exe
  C:\Windows\System\XiaHghi.exe
  2⤵
  PID:14208
- C:\Windows\System\NVGcxhV.exe
  C:\Windows\System\NVGcxhV.exe
  2⤵
  PID:5060
- C:\Windows\System\omXsSdE.exe
  C:\Windows\System\omXsSdE.exe
  2⤵
  PID:5772
- C:\Windows\System\tAwuTbC.exe
  C:\Windows\System\tAwuTbC.exe
  2⤵
  PID:14260
- C:\Windows\System\iPDAMac.exe
  C:\Windows\System\iPDAMac.exe
  2⤵
  PID:8296
- C:\Windows\System\jWfhLDm.exe
  C:\Windows\System\jWfhLDm.exe
  2⤵
  PID:10820
- C:\Windows\System\dvYAYyw.exe
  C:\Windows\System\dvYAYyw.exe
  2⤵
  PID:5884
- C:\Windows\System\Ypefuqs.exe
  C:\Windows\System\Ypefuqs.exe
  2⤵
  PID:8396
- C:\Windows\System\qPNgZPk.exe
  C:\Windows\System\qPNgZPk.exe
  2⤵
  PID:5928
- C:\Windows\System\bzOxOvs.exe
  C:\Windows\System\bzOxOvs.exe
  2⤵
  PID:5956
- C:\Windows\System\UJkkJrF.exe
  C:\Windows\System\UJkkJrF.exe
  2⤵
  PID:13636
- C:\Windows\System\VWAujto.exe
  C:\Windows\System\VWAujto.exe
  2⤵
  PID:13692
- C:\Windows\System\oVbqSSK.exe
  C:\Windows\System\oVbqSSK.exe
  2⤵
  PID:2984
- C:\Windows\System\pFBkouP.exe
  C:\Windows\System\pFBkouP.exe
  2⤵
  PID:8704
- C:\Windows\System\ragzvAJ.exe
  C:\Windows\System\ragzvAJ.exe
  2⤵
  PID:2988
- C:\Windows\System\PSyQEsy.exe
  C:\Windows\System\PSyQEsy.exe
  2⤵
  PID:5264
- C:\Windows\System\xYivGHu.exe
  C:\Windows\System\xYivGHu.exe
  2⤵
  PID:3736
- C:\Windows\System\WbAozjo.exe
  C:\Windows\System\WbAozjo.exe
  2⤵
  PID:5328
- C:\Windows\System\qvhrXiu.exe
  C:\Windows\System\qvhrXiu.exe
  2⤵
  PID:5376
- C:\Windows\System\uGbDSfJ.exe
  C:\Windows\System\uGbDSfJ.exe
  2⤵
  PID:2936
- C:\Windows\System\enYfKXD.exe
  C:\Windows\System\enYfKXD.exe
  2⤵
  PID:7944
- C:\Windows\System\wMoSObk.exe
  C:\Windows\System\wMoSObk.exe
  2⤵
  PID:7968
- C:\Windows\System\SDOGkgf.exe
  C:\Windows\System\SDOGkgf.exe
  2⤵
  PID:5504
- C:\Windows\System\spNdbVJ.exe
  C:\Windows\System\spNdbVJ.exe
  2⤵
  PID:7652
- C:\Windows\System\CAVKJRS.exe
  C:\Windows\System\CAVKJRS.exe
  2⤵
  PID:8200
- C:\Windows\System\ucDQRth.exe
  C:\Windows\System\ucDQRth.exe
  2⤵
  PID:5660
- C:\Windows\System\WianMSj.exe
  C:\Windows\System\WianMSj.exe
  2⤵
  PID:14160
- C:\Windows\System\RbxsSWX.exe
  C:\Windows\System\RbxsSWX.exe
  2⤵
  PID:8428
- C:\Windows\System\dLhqHZH.exe
  C:\Windows\System\dLhqHZH.exe
  2⤵
  PID:5684
- C:\Windows\System\snwjmJQ.exe
  C:\Windows\System\snwjmJQ.exe
  2⤵
  PID:5920
- C:\Windows\System\BqRVKBH.exe
  C:\Windows\System\BqRVKBH.exe
  2⤵
  PID:5980
- C:\Windows\System\PVEJzla.exe
  C:\Windows\System\PVEJzla.exe
  2⤵
  PID:8608
- C:\Windows\System\sNDLUXV.exe
  C:\Windows\System\sNDLUXV.exe
  2⤵
  PID:7664
- C:\Windows\System\pFXcuRc.exe
  C:\Windows\System\pFXcuRc.exe
  2⤵
  PID:8776
- C:\Windows\System\iFIRBON.exe
  C:\Windows\System\iFIRBON.exe
  2⤵
  PID:10832
- C:\Windows\System\aurnwKB.exe
  C:\Windows\System\aurnwKB.exe
  2⤵
  PID:13368
- C:\Windows\System\tZmHkgP.exe
  C:\Windows\System\tZmHkgP.exe
  2⤵
  PID:8960
- C:\Windows\System\WoqTWaP.exe
  C:\Windows\System\WoqTWaP.exe
  2⤵
  PID:8388
- C:\Windows\System\kiawrre.exe
  C:\Windows\System\kiawrre.exe
  2⤵
  PID:13420
- C:\Windows\System\DoEZQFt.exe
  C:\Windows\System\DoEZQFt.exe
  2⤵
  PID:9116
- C:\Windows\System\OnyjRxd.exe
  C:\Windows\System\OnyjRxd.exe
  2⤵
  PID:13464
- C:\Windows\System\pgesLNX.exe
  C:\Windows\System\pgesLNX.exe
  2⤵
  PID:5924
- C:\Windows\System\nvUWwoF.exe
  C:\Windows\System\nvUWwoF.exe
  2⤵
  PID:13504
- C:\Windows\System\EGZalcB.exe
  C:\Windows\System\EGZalcB.exe
  2⤵
  PID:8600
- C:\Windows\System\cPPueWa.exe
  C:\Windows\System\cPPueWa.exe
  2⤵
  PID:6172
- C:\Windows\System\WeFpobf.exe
  C:\Windows\System\WeFpobf.exe
  2⤵
  PID:6200
- C:\Windows\System\IbLsFWd.exe
  C:\Windows\System\IbLsFWd.exe
  2⤵
  PID:6940
- C:\Windows\System\QIiTiDR.exe
  C:\Windows\System\QIiTiDR.exe
  2⤵
  PID:6112
- C:\Windows\System\kNaIfSx.exe
  C:\Windows\System\kNaIfSx.exe
  2⤵
  PID:13764
- C:\Windows\System\rhQwZoq.exe
  C:\Windows\System\rhQwZoq.exe
  2⤵
  PID:8652
- C:\Windows\System\DBYNGcn.exe
  C:\Windows\System\DBYNGcn.exe
  2⤵
  PID:6356
- C:\Windows\System\qGiKetf.exe
  C:\Windows\System\qGiKetf.exe
  2⤵
  PID:9240
- C:\Windows\System\oYZkaot.exe
  C:\Windows\System\oYZkaot.exe
  2⤵
  PID:6420
- C:\Windows\System\TlCwMdd.exe
  C:\Windows\System\TlCwMdd.exe
  2⤵
  PID:9316
- C:\Windows\System\RrQlzvw.exe
  C:\Windows\System\RrQlzvw.exe
  2⤵
  PID:9404
- C:\Windows\System\wpofjkn.exe
  C:\Windows\System\wpofjkn.exe
  2⤵
  PID:9508
- C:\Windows\System\VOovyGP.exe
  C:\Windows\System\VOovyGP.exe
  2⤵
  PID:13868
- C:\Windows\System\QUKpBsv.exe
  C:\Windows\System\QUKpBsv.exe
  2⤵
  PID:6536
- C:\Windows\System\QsrWSor.exe
  C:\Windows\System\QsrWSor.exe
  2⤵
  PID:5236
- C:\Windows\System\SJuTpSh.exe
  C:\Windows\System\SJuTpSh.exe
  2⤵
  PID:5488
- C:\Windows\System\KWPMoku.exe
  C:\Windows\System\KWPMoku.exe
  2⤵
  PID:13948
- C:\Windows\System\qJfDzOS.exe
  C:\Windows\System\qJfDzOS.exe
  2⤵
  PID:9692
- C:\Windows\System\nCuALEH.exe
  C:\Windows\System\nCuALEH.exe
  2⤵
  PID:9192
- C:\Windows\System\EwpNkXm.exe
  C:\Windows\System\EwpNkXm.exe
  2⤵
  PID:6664
- C:\Windows\System\wbskVqH.exe
  C:\Windows\System\wbskVqH.exe
  2⤵
  PID:5756
- C:\Windows\System\JmyrhFL.exe
  C:\Windows\System\JmyrhFL.exe
  2⤵
  PID:5784
- C:\Windows\System\CsWJwHP.exe
  C:\Windows\System\CsWJwHP.exe
  2⤵
  PID:9512
- C:\Windows\System\PmNDCeJ.exe
  C:\Windows\System\PmNDCeJ.exe
  2⤵
  PID:7148
- C:\Windows\System\xyRfxbi.exe
  C:\Windows\System\xyRfxbi.exe
  2⤵
  PID:5136
- C:\Windows\System\cBTzfMj.exe
  C:\Windows\System\cBTzfMj.exe
  2⤵
  PID:9992
- C:\Windows\System\wBxGSNz.exe
  C:\Windows\System\wBxGSNz.exe
  2⤵
  PID:2292
- C:\Windows\System\qIBradO.exe
  C:\Windows\System\qIBradO.exe
  2⤵
  PID:6284
- C:\Windows\System\zCRRHfA.exe
  C:\Windows\System\zCRRHfA.exe
  2⤵
  PID:9156
- C:\Windows\System\UvgtuPf.exe
  C:\Windows\System\UvgtuPf.exe
  2⤵
  PID:6152
- C:\Windows\System\SCINxCV.exe
  C:\Windows\System\SCINxCV.exe
  2⤵
  PID:9940
- C:\Windows\System\qYVEHNx.exe
  C:\Windows\System\qYVEHNx.exe
  2⤵
  PID:6292
- C:\Windows\System\mJgxfIS.exe
  C:\Windows\System\mJgxfIS.exe
  2⤵
  PID:9352
- C:\Windows\System\aATgMva.exe
  C:\Windows\System\aATgMva.exe
  2⤵
  PID:6328
- C:\Windows\System\MprSwXY.exe
  C:\Windows\System\MprSwXY.exe
  2⤵
  PID:6488
- C:\Windows\System\nunqICP.exe
  C:\Windows\System\nunqICP.exe
  2⤵
  PID:9260
- C:\Windows\System\FcDJhaA.exe
  C:\Windows\System\FcDJhaA.exe
  2⤵
  PID:9556
- C:\Windows\System\wgzkBPv.exe
  C:\Windows\System\wgzkBPv.exe
  2⤵
  PID:13876
- C:\Windows\System\hBcbtGd.exe
  C:\Windows\System\hBcbtGd.exe
  2⤵
  PID:6768
- C:\Windows\System\qGRRZlt.exe
  C:\Windows\System\qGRRZlt.exe
  2⤵
  PID:6476
- C:\Windows\System\axoQQTn.exe
  C:\Windows\System\axoQQTn.exe
  2⤵
  PID:10480
- C:\Windows\System\kzjFUTu.exe
  C:\Windows\System\kzjFUTu.exe
  2⤵
  PID:10520
- C:\Windows\System\nkJPdTL.exe
  C:\Windows\System\nkJPdTL.exe
  2⤵
  PID:6660
- C:\Windows\System\XNVOAxA.exe
  C:\Windows\System\XNVOAxA.exe
  2⤵
  PID:7020
- C:\Windows\System\ZYqJjXw.exe
  C:\Windows\System\ZYqJjXw.exe
  2⤵
  PID:7080
- C:\Windows\System\nENyHMO.exe
  C:\Windows\System\nENyHMO.exe
  2⤵
  PID:6684
- C:\Windows\System\ttoVjWf.exe
  C:\Windows\System\ttoVjWf.exe
  2⤵
  PID:10724
- C:\Windows\System\cmBNadR.exe
  C:\Windows\System\cmBNadR.exe
  2⤵
  PID:6748
- C:\Windows\System\mNgEeNe.exe
  C:\Windows\System\mNgEeNe.exe
  2⤵
  PID:9884
- C:\Windows\System\JFYGReg.exe
  C:\Windows\System\JFYGReg.exe
  2⤵
  PID:14092
- C:\Windows\System\FzQokIl.exe
  C:\Windows\System\FzQokIl.exe
  2⤵
  PID:11148
- C:\Windows\System\yYfrHFs.exe
  C:\Windows\System\yYfrHFs.exe
  2⤵
  PID:2740
- C:\Windows\System\CNEhMWa.exe
  C:\Windows\System\CNEhMWa.exe
  2⤵
  PID:11208
- C:\Windows\System\VKssotA.exe
  C:\Windows\System\VKssotA.exe
  2⤵
  PID:11560
- C:\Windows\System\vxJJWoL.exe
  C:\Windows\System\vxJJWoL.exe
  2⤵
  PID:6984
- C:\Windows\System\bEvdmip.exe
  C:\Windows\System\bEvdmip.exe
  2⤵
  PID:5864
- C:\Windows\System\UEOOTaT.exe
  C:\Windows\System\UEOOTaT.exe
  2⤵
  PID:10344
- C:\Windows\System\rhQpGIq.exe
  C:\Windows\System\rhQpGIq.exe
  2⤵
  PID:9224
- C:\Windows\System\SomeseE.exe
  C:\Windows\System\SomeseE.exe
  2⤵
  PID:3376
- C:\Windows\System\nCbWNlr.exe
  C:\Windows\System\nCbWNlr.exe
  2⤵
  PID:10484
- C:\Windows\System\NESMLrH.exe
  C:\Windows\System\NESMLrH.exe
  2⤵
  PID:10740
- C:\Windows\System\TIXuYMF.exe
  C:\Windows\System\TIXuYMF.exe
  2⤵
  PID:2256
- C:\Windows\System\DjhhFWy.exe
  C:\Windows\System\DjhhFWy.exe
  2⤵
  PID:10860
- C:\Windows\System\WJOvbcc.exe
  C:\Windows\System\WJOvbcc.exe
  2⤵
  PID:12064
- C:\Windows\System\VWzkzoB.exe
  C:\Windows\System\VWzkzoB.exe
  2⤵
  PID:10944
- C:\Windows\System\VVQimfr.exe
  C:\Windows\System\VVQimfr.exe
  2⤵
  PID:1604
- C:\Windows\System\XmHFSDD.exe
  C:\Windows\System\XmHFSDD.exe
  2⤵
  PID:7096
- C:\Windows\System\iqHnimA.exe
  C:\Windows\System\iqHnimA.exe
  2⤵
  PID:11212
- C:\Windows\System\pxSrRDe.exe
  C:\Windows\System\pxSrRDe.exe
  2⤵
  PID:13560
- C:\Windows\System\TpYVYMI.exe
  C:\Windows\System\TpYVYMI.exe
  2⤵
  PID:9764
- C:\Windows\System\BSkEuzZ.exe
  C:\Windows\System\BSkEuzZ.exe
  2⤵
  PID:12464
- C:\Windows\System\aMEXvRa.exe
  C:\Windows\System\aMEXvRa.exe
  2⤵
  PID:10844
- C:\Windows\System\gyvecEq.exe
  C:\Windows\System\gyvecEq.exe
  2⤵
  PID:10864
- C:\Windows\System\RdWxtDW.exe
  C:\Windows\System\RdWxtDW.exe
  2⤵
  PID:12512
- C:\Windows\System\XeYVELN.exe
  C:\Windows\System\XeYVELN.exe
  2⤵
  PID:9956
- C:\Windows\System\MsHMBHC.exe
  C:\Windows\System\MsHMBHC.exe
  2⤵
  PID:12568
- C:\Windows\System\zWJKOYt.exe
  C:\Windows\System\zWJKOYt.exe
  2⤵
  PID:3848
- C:\Windows\System\LmiuDYd.exe
  C:\Windows\System\LmiuDYd.exe
  2⤵
  PID:12680
- C:\Windows\System\uKIUtkl.exe
  C:\Windows\System\uKIUtkl.exe
  2⤵
  PID:10088
- C:\Windows\System\ZrCWIGK.exe
  C:\Windows\System\ZrCWIGK.exe
  2⤵
  PID:12716
- C:\Windows\System\kEZrDkn.exe
  C:\Windows\System\kEZrDkn.exe
  2⤵
  PID:11268
- C:\Windows\System\AOIGGAT.exe
  C:\Windows\System\AOIGGAT.exe
  2⤵
  PID:12760
- C:\Windows\System\dFKXwcM.exe
  C:\Windows\System\dFKXwcM.exe
  2⤵
  PID:8812
- C:\Windows\System\VgRoSJX.exe
  C:\Windows\System\VgRoSJX.exe
  2⤵
  PID:12836
- C:\Windows\System\JTQudBP.exe
  C:\Windows\System\JTQudBP.exe
  2⤵
  PID:7216
- C:\Windows\System\FNYhSol.exe
  C:\Windows\System\FNYhSol.exe
  2⤵
  PID:10132
- C:\Windows\System\FXbtJtO.exe
  C:\Windows\System\FXbtJtO.exe
  2⤵
  PID:11432
- C:\Windows\System\kenWMiC.exe
  C:\Windows\System\kenWMiC.exe
  2⤵
  PID:6384
- C:\Windows\System\IReFVUF.exe
  C:\Windows\System\IReFVUF.exe
  2⤵
  PID:12952
- C:\Windows\System\SLYtmKn.exe
  C:\Windows\System\SLYtmKn.exe
  2⤵
  PID:11584
- C:\Windows\System\tHHYIjV.exe
  C:\Windows\System\tHHYIjV.exe
  2⤵
  PID:11588
- C:\Windows\System\tvanrgR.exe
  C:\Windows\System\tvanrgR.exe
  2⤵
  PID:11748
- C:\Windows\System\ImhBYWG.exe
  C:\Windows\System\ImhBYWG.exe
  2⤵
  PID:11836
- C:\Windows\System\qluUOEA.exe
  C:\Windows\System\qluUOEA.exe
  2⤵
  PID:11944
- C:\Windows\System\YkwhtzL.exe
  C:\Windows\System\YkwhtzL.exe
  2⤵
  PID:7244
- C:\Windows\System\msETWtN.exe
  C:\Windows\System\msETWtN.exe
  2⤵
  PID:12028
- C:\Windows\System\RyuzUKO.exe
  C:\Windows\System\RyuzUKO.exe
  2⤵
  PID:9504
- C:\Windows\System\hDzFimW.exe
  C:\Windows\System\hDzFimW.exe
  2⤵
  PID:12048
- C:\Windows\System\PcrMlKn.exe
  C:\Windows\System\PcrMlKn.exe
  2⤵
  PID:7468
- C:\Windows\System\KWmqOjB.exe
  C:\Windows\System\KWmqOjB.exe
  2⤵
  PID:12084
- C:\Windows\System\uWEKGNL.exe
  C:\Windows\System\uWEKGNL.exe
  2⤵
  PID:12104
- C:\Windows\System\vdaQwDG.exe
  C:\Windows\System\vdaQwDG.exe
  2⤵
  PID:10504
- C:\Windows\System\NZVCFee.exe
  C:\Windows\System\NZVCFee.exe
  2⤵
  PID:12168
- C:\Windows\System\XhdurPZ.exe
  C:\Windows\System\XhdurPZ.exe
  2⤵
  PID:12232
- C:\Windows\System\YbSUtoo.exe
  C:\Windows\System\YbSUtoo.exe
  2⤵
  PID:3768
- C:\Windows\System\NYZFWNw.exe
  C:\Windows\System\NYZFWNw.exe
  2⤵
  PID:11276
- C:\Windows\System\dCvsGIr.exe
  C:\Windows\System\dCvsGIr.exe
  2⤵
  PID:5724
- C:\Windows\System\kqYuSOe.exe
  C:\Windows\System\kqYuSOe.exe
  2⤵
  PID:5860
- C:\Windows\System\olIUrAt.exe
  C:\Windows\System\olIUrAt.exe
  2⤵
  PID:11632
- C:\Windows\System\uEhZvvw.exe
  C:\Windows\System\uEhZvvw.exe
  2⤵
  PID:10992
- C:\Windows\System\CKDVkqf.exe
  C:\Windows\System\CKDVkqf.exe
  2⤵
  PID:7316
- C:\Windows\System\srOlVsG.exe
  C:\Windows\System\srOlVsG.exe
  2⤵
  PID:11912
- C:\Windows\System\VHfnDIS.exe
  C:\Windows\System\VHfnDIS.exe
  2⤵
  PID:10036
- C:\Windows\System\KSlRrrs.exe
  C:\Windows\System\KSlRrrs.exe
  2⤵
  PID:6888
- C:\Windows\System\PiaGaUM.exe
  C:\Windows\System\PiaGaUM.exe
  2⤵
  PID:8736
- C:\Windows\System\cHhmsBu.exe
  C:\Windows\System\cHhmsBu.exe
  2⤵
  PID:12108
- C:\Windows\System\pqENyYB.exe
  C:\Windows\System\pqENyYB.exe
  2⤵
  PID:8284
- C:\Windows\System\tiOZnZR.exe
  C:\Windows\System\tiOZnZR.exe
  2⤵
  PID:1444
- C:\Windows\System\SFmQMFp.exe
  C:\Windows\System\SFmQMFp.exe
  2⤵
  PID:10256
- C:\Windows\System\blmHhqo.exe
  C:\Windows\System\blmHhqo.exe
  2⤵
  PID:5748
- C:\Windows\System\KmsOiuv.exe
  C:\Windows\System\KmsOiuv.exe
  2⤵
  PID:10720
- C:\Windows\System\TvqaXXM.exe
  C:\Windows\System\TvqaXXM.exe
  2⤵
  PID:7752
- C:\Windows\System\iDcSejo.exe
  C:\Windows\System\iDcSejo.exe
  2⤵
  PID:12316
- C:\Windows\System\vnWEGse.exe
  C:\Windows\System\vnWEGse.exe
  2⤵
  PID:2776
- C:\Windows\System\IDIaGMA.exe
  C:\Windows\System\IDIaGMA.exe
  2⤵
  PID:9696
- C:\Windows\System\lPdaKRK.exe
  C:\Windows\System\lPdaKRK.exe
  2⤵
  PID:9808
- C:\Windows\System\LdqGdhB.exe
  C:\Windows\System\LdqGdhB.exe
  2⤵
  PID:6064
- C:\Windows\System\yTlDuhp.exe
  C:\Windows\System\yTlDuhp.exe
  2⤵
  PID:12548
- C:\Windows\System\CgjNpsi.exe
  C:\Windows\System\CgjNpsi.exe
  2⤵
  PID:732
- C:\Windows\System\IHJXzwY.exe
  C:\Windows\System\IHJXzwY.exe
  2⤵
  PID:7832
- C:\Windows\System\sLiCnxa.exe
  C:\Windows\System\sLiCnxa.exe
  2⤵
  PID:5284
- C:\Windows\System\oSytaZJ.exe
  C:\Windows\System\oSytaZJ.exe
  2⤵
  PID:7868
- C:\Windows\System\YugIjmp.exe
  C:\Windows\System\YugIjmp.exe
  2⤵
  PID:9856
- C:\Windows\System\uNhXfgX.exe
  C:\Windows\System\uNhXfgX.exe
  2⤵
  PID:7636
- C:\Windows\System\QpbmgKw.exe
  C:\Windows\System\QpbmgKw.exe
  2⤵
  PID:11392
- C:\Windows\System\jJVJQyZ.exe
  C:\Windows\System\jJVJQyZ.exe
  2⤵
  PID:12888
- C:\Windows\System\axKeIEF.exe
  C:\Windows\System\axKeIEF.exe
  2⤵
  PID:224
- C:\Windows\System\PJDtyQo.exe
  C:\Windows\System\PJDtyQo.exe
  2⤵
  PID:9336
- C:\Windows\System\qWZUfXZ.exe
  C:\Windows\System\qWZUfXZ.exe
  2⤵
  PID:7252
- C:\Windows\System\KoHEBsQ.exe
  C:\Windows\System\KoHEBsQ.exe
  2⤵
  PID:11700
- C:\Windows\System\dFdHmOk.exe
  C:\Windows\System\dFdHmOk.exe
  2⤵
  PID:11896
- C:\Windows\System\rXVlSUu.exe
  C:\Windows\System\rXVlSUu.exe
  2⤵
  PID:7296
- C:\Windows\System\iBmTLoS.exe
  C:\Windows\System\iBmTLoS.exe
  2⤵
  PID:12056
- C:\Windows\System\qGlDsTk.exe
  C:\Windows\System\qGlDsTk.exe
  2⤵
  PID:7348
- C:\Windows\System\cHtwPwl.exe
  C:\Windows\System\cHtwPwl.exe
  2⤵
  PID:12120
- C:\Windows\System\MEqqQIK.exe
  C:\Windows\System\MEqqQIK.exe
  2⤵
  PID:9720
- C:\Windows\System\hihaaDy.exe
  C:\Windows\System\hihaaDy.exe
  2⤵
  PID:12280
- C:\Windows\System\WCeiIsP.exe
  C:\Windows\System\WCeiIsP.exe
  2⤵
  PID:10776
- C:\Windows\System\OJOYHEg.exe
  C:\Windows\System\OJOYHEg.exe
  2⤵
  PID:11396
- C:\Windows\System\ozcYFzP.exe
  C:\Windows\System\ozcYFzP.exe
  2⤵
  PID:3372
- C:\Windows\System\cFiVtRF.exe
  C:\Windows\System\cFiVtRF.exe
  2⤵
  PID:11548
- C:\Windows\System\VhvUFnY.exe
  C:\Windows\System\VhvUFnY.exe
  2⤵
  PID:10092
- C:\Windows\System\TXLryUW.exe
  C:\Windows\System\TXLryUW.exe
  2⤵
  PID:8784
- C:\Windows\System\MWOiNRe.exe
  C:\Windows\System\MWOiNRe.exe
  2⤵
  PID:10148
- C:\Windows\System\raSAUnT.exe
  C:\Windows\System\raSAUnT.exe
  2⤵
  PID:12228
- C:\Windows\System\LNNFBnh.exe
  C:\Windows\System\LNNFBnh.exe
  2⤵
  PID:8140
- C:\Windows\System\krMRIxq.exe
  C:\Windows\System\krMRIxq.exe
  2⤵
  PID:9592
- C:\Windows\System\XooDejk.exe
  C:\Windows\System\XooDejk.exe
  2⤵
  PID:7844
- C:\Windows\System\lmnVoJk.exe
  C:\Windows\System\lmnVoJk.exe
  2⤵
  PID:10688
- C:\Windows\System\GZePqww.exe
  C:\Windows\System\GZePqww.exe
  2⤵
  PID:5536
- C:\Windows\System\FHKnWNh.exe
  C:\Windows\System\FHKnWNh.exe
  2⤵
  PID:9640
- C:\Windows\System\aeCTyeD.exe
  C:\Windows\System\aeCTyeD.exe
  2⤵
  PID:10396
- C:\Windows\System\ttgEdqp.exe
  C:\Windows\System\ttgEdqp.exe
  2⤵
  PID:3684
- C:\Windows\System\BSVeVEg.exe
  C:\Windows\System\BSVeVEg.exe
  2⤵
  PID:12688
- C:\Windows\System\gUiobuJ.exe
  C:\Windows\System\gUiobuJ.exe
  2⤵
  PID:9212
- C:\Windows\System\aALJNFu.exe
  C:\Windows\System\aALJNFu.exe
  2⤵
  PID:12776
- C:\Windows\System\AokgBke.exe
  C:\Windows\System\AokgBke.exe
  2⤵
  PID:11308
- C:\Windows\System\mVeNAqi.exe
  C:\Windows\System\mVeNAqi.exe
  2⤵
  PID:9180
- C:\Windows\System\VLYWpyg.exe
  C:\Windows\System\VLYWpyg.exe
  2⤵
  PID:11656
- C:\Windows\System\YnEyGUJ.exe
  C:\Windows\System\YnEyGUJ.exe
  2⤵
  PID:9524
- C:\Windows\System\wVJbtNW.exe
  C:\Windows\System\wVJbtNW.exe
  2⤵
  PID:7420
- C:\Windows\System\BfcTYnJ.exe
  C:\Windows\System\BfcTYnJ.exe
  2⤵
  PID:8596
- C:\Windows\System\wGmFeyV.exe
  C:\Windows\System\wGmFeyV.exe
  2⤵
  PID:10976
- C:\Windows\System\emBluqo.exe
  C:\Windows\System\emBluqo.exe
  2⤵
  PID:11972
- C:\Windows\System\MTxCcfV.exe
  C:\Windows\System\MTxCcfV.exe
  2⤵
  PID:12148
- C:\Windows\System\xMIkOoO.exe
  C:\Windows\System\xMIkOoO.exe
  2⤵
  PID:6944
- C:\Windows\System\fWJYEQG.exe
  C:\Windows\System\fWJYEQG.exe
  2⤵
  PID:7280
- C:\Windows\System\dxXblSF.exe
  C:\Windows\System\dxXblSF.exe
  2⤵
  PID:11720
- C:\Windows\System\fWVEMPM.exe
  C:\Windows\System\fWVEMPM.exe
  2⤵
  PID:8880
- C:\Windows\System\WsWXOgE.exe
  C:\Windows\System\WsWXOgE.exe
  2⤵
  PID:12624
- C:\Windows\System\shBpYtJ.exe
  C:\Windows\System\shBpYtJ.exe
  2⤵
  PID:12800
- C:\Windows\System\vULBNVr.exe
  C:\Windows\System\vULBNVr.exe
  2⤵
  PID:10244
- C:\Windows\System\eddThau.exe
  C:\Windows\System\eddThau.exe
  2⤵
  PID:7480
- C:\Windows\System\JrLtVIS.exe
  C:\Windows\System\JrLtVIS.exe
  2⤵
  PID:4740
- C:\Windows\System\rqckHpd.exe
  C:\Windows\System\rqckHpd.exe
  2⤵
  PID:10080
- C:\Windows\System\NcmfncQ.exe
  C:\Windows\System\NcmfncQ.exe
  2⤵
  PID:8344
- C:\Windows\System\aRooKcY.exe
  C:\Windows\System\aRooKcY.exe
  2⤵
  PID:2736
- C:\Windows\System\dTREBIu.exe
  C:\Windows\System\dTREBIu.exe
  2⤵
  PID:11456
- C:\Windows\System\UBeGZwx.exe
  C:\Windows\System\UBeGZwx.exe
  2⤵
  PID:5416
- C:\Windows\System\PfjDzIt.exe
  C:\Windows\System\PfjDzIt.exe
  2⤵
  PID:6816
- C:\Windows\System\oNaQFIE.exe
  C:\Windows\System\oNaQFIE.exe
  2⤵
  PID:7732
- C:\Windows\System\qhqJMdY.exe
  C:\Windows\System\qhqJMdY.exe
  2⤵
  PID:2332
- C:\Windows\System\zmJgEvP.exe
  C:\Windows\System\zmJgEvP.exe
  2⤵
  PID:2520
- C:\Windows\System\juGCMdS.exe
  C:\Windows\System\juGCMdS.exe
  2⤵
  PID:10384
- C:\Windows\System\NoPdgbb.exe
  C:\Windows\System\NoPdgbb.exe
  2⤵
  PID:8216
- C:\Windows\System\SDMkoAE.exe
  C:\Windows\System\SDMkoAE.exe
  2⤵
  PID:244
- C:\Windows\System\jolJIDg.exe
  C:\Windows\System\jolJIDg.exe
  2⤵
  PID:7756
- C:\Windows\System\ytLCFJB.exe
  C:\Windows\System\ytLCFJB.exe
  2⤵
  PID:7728
- C:\Windows\System\lbZPvlW.exe
  C:\Windows\System\lbZPvlW.exe
  2⤵
  PID:14368
- C:\Windows\System\hlKaLzs.exe
  C:\Windows\System\hlKaLzs.exe
  2⤵
  PID:14412
- C:\Windows\System\yaWvKBm.exe
  C:\Windows\System\yaWvKBm.exe
  2⤵
  PID:14440
- C:\Windows\System\BeFnNCo.exe
  C:\Windows\System\BeFnNCo.exe
  2⤵
  PID:14468
- C:\Windows\System\QRKhMST.exe
  C:\Windows\System\QRKhMST.exe
  2⤵
  PID:14500
- C:\Windows\System\lFaeFVa.exe
  C:\Windows\System\lFaeFVa.exe
  2⤵
  PID:14524
- C:\Windows\System\UisMixY.exe
  C:\Windows\System\UisMixY.exe
  2⤵
  PID:14552
- C:\Windows\System\MEYdBpi.exe
  C:\Windows\System\MEYdBpi.exe
  2⤵
  PID:14584
- C:\Windows\System\lUZOjmD.exe
  C:\Windows\System\lUZOjmD.exe
  2⤵
  PID:14624
- C:\Windows\System\SNQfVlj.exe
  C:\Windows\System\SNQfVlj.exe
  2⤵
  PID:14644
- C:\Windows\System\jhTobwM.exe
  C:\Windows\System\jhTobwM.exe
  2⤵
  PID:14676
- C:\Windows\System\jUzofUG.exe
  C:\Windows\System\jUzofUG.exe
  2⤵
  PID:14696
- C:\Windows\System\qNLhRzY.exe
  C:\Windows\System\qNLhRzY.exe
  2⤵
  PID:14736
- C:\Windows\System\YFzilDs.exe
  C:\Windows\System\YFzilDs.exe
  2⤵
  PID:14760
- C:\Windows\System\aGIxxFp.exe
  C:\Windows\System\aGIxxFp.exe
  2⤵
  PID:14780
- C:\Windows\System\ctlsdYe.exe
  C:\Windows\System\ctlsdYe.exe
  2⤵
  PID:14820
- C:\Windows\System\cflTSAL.exe
  C:\Windows\System\cflTSAL.exe
  2⤵
  PID:14860
- C:\Windows\System\iooNJsf.exe
  C:\Windows\System\iooNJsf.exe
  2⤵
  PID:14884
- C:\Windows\System\zjSYyBT.exe
  C:\Windows\System\zjSYyBT.exe
  2⤵
  PID:14912
- C:\Windows\System\UxLgjnp.exe
  C:\Windows\System\UxLgjnp.exe
  2⤵
  PID:14948
- C:\Windows\System\dpluDuH.exe
  C:\Windows\System\dpluDuH.exe
  2⤵
  PID:14964
- C:\Windows\System\ybpiOXu.exe
  C:\Windows\System\ybpiOXu.exe
  2⤵
  PID:15004
- C:\Windows\System\MHuxozo.exe
  C:\Windows\System\MHuxozo.exe
  2⤵
  PID:15020
- C:\Windows\System\qOqpVKO.exe
  C:\Windows\System\qOqpVKO.exe
  2⤵
  PID:15052
- C:\Windows\System\POICCEy.exe
  C:\Windows\System\POICCEy.exe
  2⤵
  PID:15080
- C:\Windows\System\DXVTqNu.exe
  C:\Windows\System\DXVTqNu.exe
  2⤵
  PID:15104
- C:\Windows\System\vfBDzUE.exe
  C:\Windows\System\vfBDzUE.exe
  2⤵
  PID:15144
- C:\Windows\System\AiIWzKD.exe
  C:\Windows\System\AiIWzKD.exe
  2⤵
  PID:15168
- C:\Windows\System\LYqwAXF.exe
  C:\Windows\System\LYqwAXF.exe
  2⤵
  PID:15196
- C:\Windows\System\RjTgThD.exe
  C:\Windows\System\RjTgThD.exe
  2⤵
  PID:15224
- C:\Windows\System\AhqybAS.exe
  C:\Windows\System\AhqybAS.exe
  2⤵
  PID:15244
- C:\Windows\System\FwhTDcL.exe
  C:\Windows\System\FwhTDcL.exe
  2⤵
  PID:15272
- C:\Windows\System\MoNtxOh.exe
  C:\Windows\System\MoNtxOh.exe
  2⤵
  PID:15308
- C:\Windows\System\QSDZoZH.exe
  C:\Windows\System\QSDZoZH.exe
  2⤵
  PID:15332
- C:\Windows\System\wwoFSMt.exe
  C:\Windows\System\wwoFSMt.exe
  2⤵
  PID:11136
- C:\Windows\System\TzQKXLx.exe
  C:\Windows\System\TzQKXLx.exe
  2⤵
  PID:14380
- C:\Windows\System\YxUKJhZ.exe
  C:\Windows\System\YxUKJhZ.exe
  2⤵
  PID:14428
- C:\Windows\System\hWEFYIw.exe
  C:\Windows\System\hWEFYIw.exe
  2⤵
  PID:14492
- C:\Windows\System\aRpuvsn.exe
  C:\Windows\System\aRpuvsn.exe
  2⤵
  PID:14544
- C:\Windows\System\AqqaHLp.exe
  C:\Windows\System\AqqaHLp.exe
  2⤵
  PID:14592
- C:\Windows\System\oFbnCVG.exe
  C:\Windows\System\oFbnCVG.exe
  2⤵
  PID:14672
- C:\Windows\System\eedWxqE.exe
  C:\Windows\System\eedWxqE.exe
  2⤵
  PID:14732
- C:\Windows\System\maYFsQH.exe
  C:\Windows\System\maYFsQH.exe
  2⤵
  PID:14816
- C:\Windows\System\seLFFRG.exe
  C:\Windows\System\seLFFRG.exe
  2⤵
  PID:14848
- C:\Windows\System\oEcfBHc.exe
  C:\Windows\System\oEcfBHc.exe
  2⤵
  PID:14812
- C:\Windows\System\mBydHQQ.exe
  C:\Windows\System\mBydHQQ.exe
  2⤵
  PID:14996
- C:\Windows\System\ihxINmB.exe
  C:\Windows\System\ihxINmB.exe
  2⤵
  PID:15044
- C:\Windows\System\NzPcdTa.exe
  C:\Windows\System\NzPcdTa.exe
  2⤵
  PID:15088
- C:\Windows\System\SQfhKIQ.exe
  C:\Windows\System\SQfhKIQ.exe
  2⤵
  PID:15160
- C:\Windows\System\hopeuLS.exe
  C:\Windows\System\hopeuLS.exe
  2⤵
  PID:15232
- C:\Windows\System\mfmgnvq.exe
  C:\Windows\System\mfmgnvq.exe
  2⤵
  PID:15284
- C:\Windows\System\SrVyZSy.exe
  C:\Windows\System\SrVyZSy.exe
  2⤵
  PID:15340
- C:\Windows\System\qJpolAf.exe
  C:\Windows\System\qJpolAf.exe
  2⤵
  PID:14364
- C:\Windows\System\EoWugzR.exe
  C:\Windows\System\EoWugzR.exe
  2⤵
  PID:14484
- C:\Windows\System\DxwSZAQ.exe
  C:\Windows\System\DxwSZAQ.exe
  2⤵
  PID:8920
- C:\Windows\System\bjLuDxJ.exe
  C:\Windows\System\bjLuDxJ.exe
  2⤵
  PID:14616
- C:\Windows\System\TQyyGfq.exe
  C:\Windows\System\TQyyGfq.exe
  2⤵
  PID:14768
- C:\Windows\System\xKADjKx.exe
  C:\Windows\System\xKADjKx.exe
  2⤵
  PID:14852
- C:\Windows\System\ptOsmtQ.exe
  C:\Windows\System\ptOsmtQ.exe
  2⤵
  PID:15016
- C:\Windows\System\FDHYpED.exe
  C:\Windows\System\FDHYpED.exe
  2⤵
  PID:15180
- C:\Windows\System\MNuylUJ.exe
  C:\Windows\System\MNuylUJ.exe
  2⤵
  PID:15240
- C:\Windows\System\dItduKc.exe
  C:\Windows\System\dItduKc.exe
  2⤵
  PID:14452
- C:\Windows\System\slPBXeU.exe
  C:\Windows\System\slPBXeU.exe
  2⤵
  PID:8956
- C:\Windows\System\jpYDSBC.exe
  C:\Windows\System\jpYDSBC.exe
  2⤵
  PID:14776
- C:\Windows\System\xrOwUxu.exe
  C:\Windows\System\xrOwUxu.exe
  2⤵
  PID:15208
- C:\Windows\System\KcqWXEC.exe
  C:\Windows\System\KcqWXEC.exe
  2⤵
  PID:8896
- C:\Windows\System\rvFBDce.exe
  C:\Windows\System\rvFBDce.exe
  2⤵
  PID:15320
- C:\Windows\System\GBKEUKj.exe
  C:\Windows\System\GBKEUKj.exe
  2⤵
  PID:11320
- C:\Windows\System\zqUnMbu.exe
  C:\Windows\System\zqUnMbu.exe
  2⤵
  PID:15384
- C:\Windows\System\ROPhrhz.exe
  C:\Windows\System\ROPhrhz.exe
  2⤵
  PID:15416
- C:\Windows\System\NXzEEqj.exe
  C:\Windows\System\NXzEEqj.exe
  2⤵
  PID:15440
- C:\Windows\System\TTKjLtq.exe
  C:\Windows\System\TTKjLtq.exe
  2⤵
  PID:15468
- C:\Windows\System\allggRL.exe
  C:\Windows\System\allggRL.exe
  2⤵
  PID:15500
- C:\Windows\System\JeMLmXB.exe
  C:\Windows\System\JeMLmXB.exe
  2⤵
  PID:15524
- C:\Windows\System\KrryhPf.exe
  C:\Windows\System\KrryhPf.exe
  2⤵
  PID:15552
- C:\Windows\System\KXLxoVJ.exe
  C:\Windows\System\KXLxoVJ.exe
  2⤵
  PID:15576
- C:\Windows\System\UBAiTWS.exe
  C:\Windows\System\UBAiTWS.exe
  2⤵
  PID:15600
- C:\Windows\System\UeyQacJ.exe
  C:\Windows\System\UeyQacJ.exe
  2⤵
  PID:15628
- C:\Windows\System\elxdjeM.exe
  C:\Windows\System\elxdjeM.exe
  2⤵
  PID:15668
- C:\Windows\System\RQwtJPE.exe
  C:\Windows\System\RQwtJPE.exe
  2⤵
  PID:15684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o3hisemx.rvp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\EyGIvmH.exe

Filesize
3.1MB

MD5
24cc66bec97867dd9604f3abda2d3295

SHA1
17052718593a7190790f8a0fcdc2fcd99eec5555

SHA256
f556d813790b37577e8308ae0fe29cc7ab22a52fd3981d8da3d1a4ad57d04aed

SHA512
2f57fc3954ca9650b0210ba10e1036a1c4863f8b70ee6d31486e3cc484908b43348ccf2176183b94a9988cd0f282d8a4c5bd86bb13c592387f56cad494cf70c4

Download Submit
C:\Windows\System\HQcASqx.exe

Filesize
3.1MB

MD5
e0d5ddbd0d8f358626355c20d0189640

SHA1
59596e052a76666bcbdcfee0de05046061aa54ac

SHA256
047271109d7b78083dd86103b99761a41e5c2fc9b0452c04cb1ac973668e6cae

SHA512
0cb5f6948042917df540990571f8fcd2cc97f50dc3cbce58d8a09ed04f5e643f933a2e83cce46071957f80c1e922a72e1ab9b6144c06ea06f71167116a942bf4

Download Submit
C:\Windows\System\HpqpyJX.exe

Filesize
3.1MB

MD5
425a2d74a990677b3bd0bb5eec3c1e45

SHA1
1660121191b165d7335da8496aef5662c4603fe7

SHA256
3dd0e53cf9f66f192dec88392a096e0c16c67f4ac433c2718c51fac4f1bdc07c

SHA512
053a92adb3202c99f52cc6b181f2fd462d4ce602de3582ebba099e418d192ed622b3c9cef3d185a25fadf51026af5bef18d609aa6b0671ca17d26c6d1efbefe6

Download Submit
C:\Windows\System\HrgGdKK.exe

Filesize
3.1MB

MD5
32cafcdaf6dd27e52371672becb8c314

SHA1
c8b68bbc21dbf12316c97f598671dbda4c578093

SHA256
116b60d82cbc84bcb9799df513c9589ee097ffef393fd896abfd9c35920afee8

SHA512
7fb01a74cdeb5aa25a1473d0931ff63b47a0d687159361bba94ef3fed337b906098f3d55bcf85940851aca175a44474c5705365d3933b2174f6bf08ea94df9b5

Download Submit
C:\Windows\System\JGBTDEY.exe

Filesize
3.1MB

MD5
1a7ab0fd4932ea36aaabb2a409065a78

SHA1
7695fcba4a7badb9d403f70bada2472bcb2b686d

SHA256
af88d64f1de0b62a8507e275864b2111453538bbc04ae1cc6848508edbcd20a3

SHA512
c5f07dbe358ae9b406486b55f53d019cd2e95c8b8b282b8af9ec0621ca307208e15266e762e74fdc4f49224129aa4e26f7cd9b0827c406c39937e7bd37a52b03

Download Submit
C:\Windows\System\JHPZtpp.exe

Filesize
3.1MB

MD5
d6d286266264b75988662ab472e37e11

SHA1
8781aa783eaa4f5d03adc8471c954099c96cd0d9

SHA256
e925cb980e0866a5ebbfe8cfbc3839fe7b584c912efb1db502b915a2680506cb

SHA512
97e66b236e4dec56ff3ff2e18d15739d38a0c4f7a90947532363cff82c73172c418539294c1062aa16f8c38a9f37480d6c7c6721497260211fb919804935deaa

Download Submit
C:\Windows\System\JoyYKCh.exe

Filesize
3.1MB

MD5
648924ce2535f9270bd4156562bf219b

SHA1
18580492e4131cdc1a18b6c7fd4d4450862da75c

SHA256
56a4895389b58f6fb90d923b04c61655fd43379ed2e6a3f4ad3f8b038b48e916

SHA512
de2e19dfbf5e13622b618a3e27f4a2ef90fc6be59cf3f35dd17370928dc2a74e92dfdb20e9c77df2d10e6e77f230ff432b6de88c0f26fb8d1cf8824371b6dfe3

Download Submit
C:\Windows\System\KGNSoXE.exe

Filesize
3.1MB

MD5
c53b12139ceb2b9bef483a535021b4e8

SHA1
4c2943993465b88ae16dc4f4c194e211299bbfa1

SHA256
8d8be8c098f5dcc5e61187724b30d375e93684979bf1ff98247246cd364b700e

SHA512
6b00acbd95cb010d69dfde7161bee49cef8b384036542cbcbef053c629bc16822c2163a4d9800b7d32d2ed1409bac79f7a4456ff10a25fe484bb086d5800619e

Download Submit
C:\Windows\System\MUSfYmN.exe

Filesize
3.1MB

MD5
7756a1f7348d3ac54b514fdb4631e0d6

SHA1
80983515098dd61338fceea4356ad686b866e91d

SHA256
57d091a54eeb3a63de0de4eb5844932e8e516f5fd14ef75688177d48526976b2

SHA512
0fbfd82c913a6aab66ef1742575f1ac298ccfa8f89130572f0e04e4a2c8b0be27190494651f395784459edb9e3d280158c95942b84c4dde192a96a8f8dfcbef9

Download Submit
C:\Windows\System\OIFWHsx.exe

Filesize
3.1MB

MD5
400253d48c6d47460015a96387c39e95

SHA1
8f54baa4f4629d37232447c663671a8b0e5bd84f

SHA256
cccb121cb20d5d89f679aab0810de2596e1913900f831d8f6cc7cbb3e7459d39

SHA512
fe82dc196cd45333c1d8e3d36aa4415fdac44c6cc6b41d6f02e3154e902008281edc992b4db1bf2cecf0927a0872dbb6d258cb1c740cf16b0a2504fd806d3d9f

Download Submit
C:\Windows\System\PFkJmeM.exe

Filesize
3.1MB

MD5
013e02257c8b06b0faa6b25ca9c26f19

SHA1
73fb02a9f7bdfb3457ba5f6c28ebc8994fad61bf

SHA256
fd1e29dc4dff5d5441beaa3a1685c993646c57c065499745a0672d2bf1d6ac95

SHA512
9613bde31f032f5c9acaed7a5a75abf6f31dda4349e2eae9e6d07ec14e2d11fb61cc1e70e4fdb73a23c706d0ca60fe264201ca4d32fae098c303c9315a6c0028

Download Submit
C:\Windows\System\RWGvsCO.exe

Filesize
3.1MB

MD5
4a2fbf0c5c568689b7f762a92cab0274

SHA1
a0fee088c4b85d543dbbaacaebdf8be82eaeb04a

SHA256
48b4e822dda974b12705c8183d32773514483d3fe22a0092951aa616f54af1f3

SHA512
f50aba3708045001f6ed51cf35ab7d62b1a4f98f0aa4f0e4f9806cf0124589c96ae4fd7851ca04320d17cf00b6d5a7b7b56dc73871dfdc5b297a36a8c2088e5c

Download Submit
C:\Windows\System\SwSLdSq.exe

Filesize
3.1MB

MD5
54801506c78d0bcf3d8290b581eb5303

SHA1
0ddc7e976dbc3340f15b3f7febd7cecba0cefde7

SHA256
93a184408431ea9bd0b51988a144945b62b917055ad0cae7472defab1c8c8e0b

SHA512
69b784d3865ccaf86013f561cfaa6df417ed03fe7850ee5d9342cbe76d94464bc2505e8b35ee8185d09d90c315f1bcbca015830eb0721fd6f519f6dacc389ea9

Download Submit
C:\Windows\System\VLcsBbi.exe

Filesize
3.1MB

MD5
92d16da395957dc542ad9ee9fc8e75f9

SHA1
ef9d82bd54f6ecd32fc5501b27a27a42132a1c16

SHA256
bf14e81d65f6e9cffa1265c7098bc8aac01e7961c64438c6022a70fba48fb667

SHA512
ce05a8fc9782bfef8ba7d5380794936972aef6c66d282b9372a4bce19e7e5d5057b5f6ae25e6286a345713265bf20716beb07c52a02735d67d997ac9f8541ca0

Download Submit
C:\Windows\System\XqvnXkk.exe

Filesize
3.1MB

MD5
9e7db80081d8a5ee135aa49bd0b2c1da

SHA1
02e48ece7fb1711e597a60e58c1e7789acf985b9

SHA256
6e835bfab18353521190234cdaabb7d23f60a171a03427e0cf133f25009a8d69

SHA512
7bb73dc1e2700aa24ccf04d5e987809cdd2c8e86bed7804b0bc33ea51a0a981ea2d5e3482c472febd2878bfe20c1ef2bd1d9391d9ca76d7a4c3d336007577fab

Download Submit
C:\Windows\System\YJKAbnS.exe

Filesize
3.1MB

MD5
a0f395df84d304ef7b8afde3bda1bf9a

SHA1
1a19792c5bffa810f7fc5891fd0a4682e65f4bd3

SHA256
4d5b6118bb63ea5250adb1c3cf790a66642d2eae2b5e41e01ff796037eb2ce2a

SHA512
68247b3d249c4744a1b6a0395b2adbe8f1873363f1fd5a038b92701aa9e8cda6fbafa781114e2e762e94d61e1177798ac7ba153510b7ac11c07a737747b8beec

Download Submit
C:\Windows\System\ZObbGUC.exe

Filesize
3.1MB

MD5
b2e0eff7cef16eec93a7c9b2a6b5b2e0

SHA1
4a976c101c8d1a7b9eedf2c40f7b5b220d893fdd

SHA256
9ecc44c6e1bbf4388f714c04362d7f51cbe558ccbd04c7486cd759aed277bfa1

SHA512
cfa26d90d82ec41a848cb36075eaa44445baf64d065648252dacf6feb57a968adc8a9c690802c8e9104c4dcbc5b0f9527e4dd0fb14987925c3cdede5bbc2a58b

Download Submit
C:\Windows\System\asxCObw.exe

Filesize
3.1MB

MD5
72eb2270ab795a765423a149d7c0a005

SHA1
28c825c81f8cbe91e36ba90a724b47131d0483d6

SHA256
4ddf6279bebd8b2d03c7af5f62c7471e8ff4352abd6144d95307d91555b5fec8

SHA512
7f2a0448287acb992b1e05820e12424062e24f5f238976ff4144c5ba022e48ba5b8654007bc3f155b12675fa97f32d9adef7925d270a88377b6a45afeb1f72ee

Download Submit
C:\Windows\System\bsxSxFe.exe

Filesize
3.1MB

MD5
6ff2888662fd7d4d41a688a7e5b198ae

SHA1
62df90f0336a235489ace967668be6a3e41a476f

SHA256
f02a065f325422474a85aac05b8e4dd6cd8cac9bfc6180aa4545d1ca3eb91ae7

SHA512
a70ebae46ba3aa65b5271272687f5c8256aaa96919e9bc520b8f5d4d89cc551c6835df95f8228de30d59b6ff6ad62bce41fc423d49562cfda7e1a028b0a3ab3f

Download Submit
C:\Windows\System\dYEScXi.exe

Filesize
3.1MB

MD5
1d9c8b018e3c906d3a5ef4c274e21205

SHA1
e28a4aed38ee3d4f8e90e79a0ce7fd8d0cc5168a

SHA256
daf1efeb99528c5a8d1a0627a56b71a4d7020faf0f0ce750d465d1d6fd8a7a5d

SHA512
1497c23b56581ce23918ff900faf817dfc9da2ce0fc68330f39e28f547a2901f959c54a0f13a3991494ea3423eb63262f2741c8c36f57f6d80a4dc7bb1db3b3e

Download Submit
C:\Windows\System\eTFkinw.exe

Filesize
3.1MB

MD5
de6a202b3a958138c4d0f64e7adb071d

SHA1
f7a12853997e82b5b52c70380f881a4c14547663

SHA256
aa29ddb9325b4bec6f51de44e78e1d9d63c5e8c661e5f4c5be11ec667f4c16b7

SHA512
44a321c464313c01b4fe93d55881d8d4044be1289b2163caeafbdc56245b0314a488391402f50e2067db9c95e50d64442e1c17c5f91573d4fe71c9680cb52025

Download Submit
C:\Windows\System\fHQOdZR.exe

Filesize
8B

MD5
69a2459cf267ca53a07e1000877ec5f5

SHA1
6180fdab39e41b082a5f032106ea0881035fc630

SHA256
ada8e0c66fd35906bd1beeda81d420b6e5f6b475841d10e62bd6374afbeacb69

SHA512
856cc19353d1aa3d8ce28f9d4a1fe10bf85ecb48b19883b3993f89b4192a7bd4dbaf2f158bd3e246dfcbb6a46252185b62c3e867aadc7a9e5bf0721b6b86c55b

Download Submit
C:\Windows\System\gzpZEKR.exe

Filesize
3.1MB

MD5
dae923e930b39430b408aa032ab168fa

SHA1
4dda318a62d95ce9f3d63cfcca8508d0311b67b7

SHA256
604fd4da68151a17939f7c03f7c33c2268c3b00497b34df01b498407ae9aa28c

SHA512
0d33e72925afc23ba22700fd363af7a6d0baa2eec2c0ac039e0be551c6547eb7f458063e03a7a05236d6e1679d0ee2252f459ed3a618f68bf5596da47164bfcd

Download Submit
C:\Windows\System\iXDhhue.exe

Filesize
3.1MB

MD5
d548d85f6a7e91e7fe6d6f19549d3992

SHA1
b293387f1e6600199a3f6815ae18d7e6042a5716

SHA256
165173c5094980d8964927e48f22c4f7075319e05f2c15567ca5faebf10cd332

SHA512
55303bcd6517460a7ba7bbf7c6f805e644317c18397d94c49cfcd63053c1206881402ff15096a62deca314571753be036f51438084a6a8804eb0185caa59b72b

Download Submit
C:\Windows\System\jHJeSZJ.exe

Filesize
3.1MB

MD5
1e0c107387202724dd76b0c0f36e643f

SHA1
b4e6b6cd29b58a5dab7a3bbc2e6d965ef86151bb

SHA256
10a294139df41dc548b2b37d3b9d63f67bb61ca59e18ce3205842b667b741b00

SHA512
094413e5c1ffb3f60598e16135baf3ecba41e38c25e8d47363680601b92f5960961e48b57f55532cf9caab27918aaba1686b745e2f7b7d640645f07b922cf949

Download Submit
C:\Windows\System\jZicaod.exe

Filesize
3.1MB

MD5
c3fa0fb4b2fead87f93d2f25b9b0b646

SHA1
f84d5614e13ebcaa3525d6790331f96af1991382

SHA256
eeb443762452752f4eabf4f7c7bae7ba05a2dad321efd156f6aadd6888de6bb1

SHA512
2ce9352aa736461ec5a4aaca6ca4b3634ba5e8a6baf1a5778a6bb02be5e14863ffcce3ede00bc5d8dc6802c1d2bac68ee129df46791dbd0e4812741bbaee1bd6

Download Submit
C:\Windows\System\lFXNFMv.exe

Filesize
3.1MB

MD5
a667cfdc8d8c2b3076232d1561bd5178

SHA1
3fc207884100d9a0e5533da5933872125ae85be9

SHA256
493e06ba3eb2e55ca905eff5324a7a67379396b30ffd7dd8b617c7979f62a212

SHA512
8efd73936e6f81e66eb2cb8096cbdacfeddda3566dba18927160ed67caf231d412d12488754e8ba303d9fa34a5ce99d9698af0fc59230fd55abc6a3c792b05fa

Download Submit
C:\Windows\System\mWHplvd.exe

Filesize
3.1MB

MD5
82833db50ddbc05f520ab35884abe74b

SHA1
62ed7455db98dca115495923ceea9388b22bf166

SHA256
bf0e9bf67a593aa4080f92e1c67484bf509fba3da4f07b3757070628183a23b1

SHA512
9746c87a7a55f0423f04d1d12987a37ca3dcc79324b28f64aa3e466afb1a13892622ae8a0f0ae643925a4579b09e307862ffe4a84181903bde83e84ab54e68e0

Download Submit
C:\Windows\System\pEqfrgw.exe

Filesize
3.1MB

MD5
cee5b8956bad3dcc7993e858e5ae55fd

SHA1
905be890382900091f71030f164d6b5a903f443e

SHA256
b2eadcb824f39ab3623ae5da7e6a466392be54377d3dd1bacd9d7a20c2bb62fe

SHA512
b623bc39bd4f90c999748829650a2aaf26791c59118f4226b101b19d558176ac72c5419eaabc4236476d227b46c5eeba0ad743247dfe8375959149aa3bc8f123

Download Submit
C:\Windows\System\rSLGnBw.exe

Filesize
18B

MD5
d4c53945d0b50cca8ee3c39950f75a96

SHA1
b80a0451cdd1f089663f9ee7b74d1e73ad057fdf

SHA256
c14bc0d583a2e28b394647d06f8fa7c0ff4cba50b7739e8641ff8669f7856a43

SHA512
298bc37c5e19145fc001cebfa843e38909335e86d2dcf1fd6f1a57c9dd72abb4d7c4e4ca9f9b743b79fd750b428a6154b00b7c45d2e633fde4a9fab32fec45b0

Download Submit
C:\Windows\System\reGIFgB.exe

Filesize
3.1MB

MD5
9d306c67e89ace624b240748025a9c7a

SHA1
fca4c33b505613c31d05cf10c045ad3f88e2213d

SHA256
822436536da8f8f7698eb2547cbbeff4b55d91bff1f460180b5d313f27cd45f4

SHA512
9ec189c80364c83bb6627a82194073e46f2a1a07bae26dc9b94d093066598f8412f83b48eb5d419b40fcedaa30b0fd1113997adff60c96be09b35fc030c626d4

Download Submit
C:\Windows\System\rjZPLvY.exe

Filesize
3.1MB

MD5
8d2fbce5d844ea3cf3bf954800b51534

SHA1
2195162652bce1dad314b399ad7aed3b7420c100

SHA256
680452130c482d4254725db7b8cb536f0f17929ddc169ae111f445ffe2f9b9a6

SHA512
f82bec69f066afe48c8159d814edd63ca6b368c5a8a4688a8a379c52e2a2c2f95e0a74ab30c99e4466ddad6e0ceb89f0544c7014f156b0f3af4ae5e85bd557b9

Download Submit
C:\Windows\System\ucxzXVY.exe

Filesize
3.1MB

MD5
038102b503ad6ab15edb42c6c36b1168

SHA1
3710813ff711ce360aab97e3e512e27003cfbf62

SHA256
213ff0841f60d0bd58341cf9cb3e781b271b031578d1d3a42b4ee1a34382ecf1

SHA512
a21f679b7daa55c34e68477e1bc05c5922ef97a2305a11603cb8873ca8d2852059a4a81dde54b752054a9f55e867c2b967e0b89cbee099653d2d90c523f56788

Download Submit
C:\Windows\System\yrEzSHZ.exe

Filesize
3.1MB

MD5
529908b58413386882a7f38756f43174

SHA1
fcae30b17b6bbc25ea7a2e66dffa3aaa1ce5c798

SHA256
c061ed3beca421a62ab87654d78d219d60ac4fde2d7bbdf1cfeacdafa7386b18

SHA512
eb2ec1f39bda566e205d5f37db961d6885cd0f558eb2c87da35c9874de5388882934d0c4307a5a938999b787b5f861497973f6485c1bdc454c29c56280464e14

Download Submit
C:\Windows\System\ziXtBYT.exe

Filesize
3.1MB

MD5
8aecceb4d8e38d03eedf314c09ce509f

SHA1
71f22e1f0943fed2dc77275c9f472e3ce7282d57

SHA256
70fcab1b8ad439cc921805d0b281166480d8bb7643665ff6ed6f7dc11cd89e38

SHA512
16fdb95264a53a1a2da0e05411580917fa4ce756cdb5412b9efa563dae3c36d435a5892b0335b36c9473708fb3e50e5786233984b756768c88ff0dc3a7c54496

Download Submit
memory/8-728-0x00007FF7E1E30000-0x00007FF7E2226000-memory.dmp

Filesize
4.0MB

Download
memory/936-773-0x00007FF68E210000-0x00007FF68E606000-memory.dmp

Filesize
4.0MB

Download
memory/1208-777-0x00007FF6E5D40000-0x00007FF6E6136000-memory.dmp

Filesize
4.0MB

Download
memory/1452-2428-0x00007FF614540000-0x00007FF614936000-memory.dmp

Filesize
4.0MB

Download
memory/1452-753-0x00007FF614540000-0x00007FF614936000-memory.dmp

Filesize
4.0MB

Download
memory/1504-2392-0x00007FF672020000-0x00007FF672416000-memory.dmp

Filesize
4.0MB

Download
memory/1504-701-0x00007FF672020000-0x00007FF672416000-memory.dmp

Filesize
4.0MB

Download
memory/1588-684-0x00007FF6F35C0000-0x00007FF6F39B6000-memory.dmp

Filesize
4.0MB

Download
memory/1892-668-0x00007FFE776A0000-0x00007FFE78161000-memory.dmp

Filesize
10.8MB

Download
memory/1892-18-0x00007FFE776A3000-0x00007FFE776A5000-memory.dmp

Filesize
8KB

Download
memory/1892-402-0x0000020C5C9C0000-0x0000020C5D166000-memory.dmp

Filesize
7.6MB

Download
memory/1892-2043-0x00007FFE776A3000-0x00007FFE776A5000-memory.dmp

Filesize
8KB

Download
memory/1892-2042-0x00007FFE776A0000-0x00007FFE78161000-memory.dmp

Filesize
10.8MB

Download
memory/1892-51-0x00007FFE776A0000-0x00007FFE78161000-memory.dmp

Filesize
10.8MB

Download
memory/1892-53-0x0000020C41960000-0x0000020C41982000-memory.dmp

Filesize
136KB

Download
memory/1948-783-0x00007FF73BF90000-0x00007FF73C386000-memory.dmp

Filesize
4.0MB

Download
memory/1960-674-0x00007FF650E70000-0x00007FF651266000-memory.dmp

Filesize
4.0MB

Download
memory/2068-2434-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp

Filesize
4.0MB

Download
memory/2068-768-0x00007FF7D18D0000-0x00007FF7D1CC6000-memory.dmp

Filesize
4.0MB

Download
memory/2100-784-0x00007FF6AF070000-0x00007FF6AF466000-memory.dmp

Filesize
4.0MB

Download
memory/2200-669-0x00007FF7581E0000-0x00007FF7585D6000-memory.dmp

Filesize
4.0MB

Download
memory/2288-2421-0x00007FF751210000-0x00007FF751606000-memory.dmp

Filesize
4.0MB

Download
memory/2288-738-0x00007FF751210000-0x00007FF751606000-memory.dmp

Filesize
4.0MB

Download
memory/2388-686-0x00007FF64A740000-0x00007FF64AB36000-memory.dmp

Filesize
4.0MB

Download
memory/2644-788-0x00007FF65B310000-0x00007FF65B706000-memory.dmp

Filesize
4.0MB

Download
memory/2848-17-0x00007FF7BD240000-0x00007FF7BD636000-memory.dmp

Filesize
4.0MB

Download
memory/3400-751-0x00007FF66CBA0000-0x00007FF66CF96000-memory.dmp

Filesize
4.0MB

Download
memory/3476-772-0x00007FF6CE920000-0x00007FF6CED16000-memory.dmp

Filesize
4.0MB

Download
memory/3704-711-0x00007FF7709A0000-0x00007FF770D96000-memory.dmp

Filesize
4.0MB

Download
memory/3708-678-0x00007FF768030000-0x00007FF768426000-memory.dmp

Filesize
4.0MB

Download
memory/3956-716-0x00007FF6E7570000-0x00007FF6E7966000-memory.dmp

Filesize
4.0MB

Download
memory/3976-670-0x00007FF747C50000-0x00007FF748046000-memory.dmp

Filesize
4.0MB

Download
memory/3984-693-0x00007FF623430000-0x00007FF623826000-memory.dmp

Filesize
4.0MB

Download
memory/4196-0-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp

Filesize
4.0MB

Download
memory/4196-1-0x0000022502370000-0x0000022502380000-memory.dmp

Filesize
64KB

Download
memory/4196-2041-0x00007FF76DF10000-0x00007FF76E306000-memory.dmp

Filesize
4.0MB

Download
memory/4964-763-0x00007FF74F1C0000-0x00007FF74F5B6000-memory.dmp

Filesize
4.0MB

Download
memory/4972-708-0x00007FF731B40000-0x00007FF731F36000-memory.dmp

Filesize
4.0MB

Download