xmrig | 6263bfaec3b8579db3d1b6b2081421e0e80f19fe22f637f5d22463b25df73898

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44fd2dafcc91e4c5e3237c8c79ec73f0.exe
Size

973KB
MD5

44fd2dafcc91e4c5e3237c8c79ec73f0
SHA1

e6d95a07e70c1bae37e062ec912b3acb0d751fc1
SHA256

6263bfaec3b8579db3d1b6b2081421e0e80f19fe22f637f5d22463b25df73898
SHA512

8fb5300476880e8171fc5b16471d8bf7c1525ab62e0a0793e1aa55faf7c0f37e99ad10246eb61473476279a892404f9bf55431ff7c111470617edf68b747adfb
SSDEEP

24576:zv3/fTLF671TilQFG4P5PmK/lzapjlRPRWRQJIA:Lz071uv4BPm6l+XPRWdA

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/3936-588-0x00007FF6F9540000-0x00007FF6F9932000-memory.dmp	xmrig
behavioral2/memory/1860-661-0x00007FF727530000-0x00007FF727922000-memory.dmp	xmrig
behavioral2/memory/3812-665-0x00007FF7C7920000-0x00007FF7C7D12000-memory.dmp	xmrig
behavioral2/memory/1500-898-0x00007FF774A00000-0x00007FF774DF2000-memory.dmp	xmrig
behavioral2/memory/2032-1243-0x00007FF6B05C0000-0x00007FF6B09B2000-memory.dmp	xmrig
behavioral2/memory/4796-1616-0x00007FF76A890000-0x00007FF76AC82000-memory.dmp	xmrig
behavioral2/memory/1696-1615-0x00007FF688FA0000-0x00007FF689392000-memory.dmp	xmrig
behavioral2/memory/1064-1617-0x00007FF6790B0000-0x00007FF6794A2000-memory.dmp	xmrig
behavioral2/memory/3620-1504-0x00007FF63C5A0000-0x00007FF63C992000-memory.dmp	xmrig
behavioral2/memory/2464-1136-0x00007FF652930000-0x00007FF652D22000-memory.dmp	xmrig
behavioral2/memory/1648-895-0x00007FF64BD30000-0x00007FF64C122000-memory.dmp	xmrig
behavioral2/memory/3864-791-0x00007FF695D60000-0x00007FF696152000-memory.dmp	xmrig
behavioral2/memory/1560-790-0x00007FF687F80000-0x00007FF688372000-memory.dmp	xmrig
behavioral2/memory/3672-667-0x00007FF6854D0000-0x00007FF6858C2000-memory.dmp	xmrig
behavioral2/memory/3068-664-0x00007FF6FC5C0000-0x00007FF6FC9B2000-memory.dmp	xmrig
behavioral2/memory/4112-663-0x00007FF778FC0000-0x00007FF7793B2000-memory.dmp	xmrig
behavioral2/memory/3244-662-0x00007FF7D0EB0000-0x00007FF7D12A2000-memory.dmp	xmrig
behavioral2/memory/648-660-0x00007FF74B0C0000-0x00007FF74B4B2000-memory.dmp	xmrig
behavioral2/memory/4264-659-0x00007FF794C60000-0x00007FF795052000-memory.dmp	xmrig
behavioral2/memory/3900-656-0x00007FF6B1530000-0x00007FF6B1922000-memory.dmp	xmrig
behavioral2/memory/1264-405-0x00007FF772260000-0x00007FF772652000-memory.dmp	xmrig
behavioral2/memory/2532-3948-0x00007FF756D80000-0x00007FF757172000-memory.dmp	xmrig
behavioral2/memory/2364-3954-0x00007FF660AB0000-0x00007FF660EA2000-memory.dmp	xmrig
behavioral2/memory/2532-3956-0x00007FF756D80000-0x00007FF757172000-memory.dmp	xmrig
behavioral2/memory/1264-3958-0x00007FF772260000-0x00007FF772652000-memory.dmp	xmrig
behavioral2/memory/1560-3964-0x00007FF687F80000-0x00007FF688372000-memory.dmp	xmrig
behavioral2/memory/3936-3965-0x00007FF6F9540000-0x00007FF6F9932000-memory.dmp	xmrig
behavioral2/memory/3068-3967-0x00007FF6FC5C0000-0x00007FF6FC9B2000-memory.dmp	xmrig
behavioral2/memory/3900-3961-0x00007FF6B1530000-0x00007FF6B1922000-memory.dmp	xmrig
behavioral2/memory/1500-3977-0x00007FF774A00000-0x00007FF774DF2000-memory.dmp	xmrig
behavioral2/memory/4264-3982-0x00007FF794C60000-0x00007FF795052000-memory.dmp	xmrig
behavioral2/memory/3812-3986-0x00007FF7C7920000-0x00007FF7C7D12000-memory.dmp	xmrig
behavioral2/memory/648-3988-0x00007FF74B0C0000-0x00007FF74B4B2000-memory.dmp	xmrig
behavioral2/memory/3864-3981-0x00007FF695D60000-0x00007FF696152000-memory.dmp	xmrig
behavioral2/memory/1648-3979-0x00007FF64BD30000-0x00007FF64C122000-memory.dmp	xmrig
behavioral2/memory/3244-3975-0x00007FF7D0EB0000-0x00007FF7D12A2000-memory.dmp	xmrig
behavioral2/memory/2464-3973-0x00007FF652930000-0x00007FF652D22000-memory.dmp	xmrig
behavioral2/memory/1064-3971-0x00007FF6790B0000-0x00007FF6794A2000-memory.dmp	xmrig
behavioral2/memory/3672-3991-0x00007FF6854D0000-0x00007FF6858C2000-memory.dmp	xmrig
behavioral2/memory/1860-4013-0x00007FF727530000-0x00007FF727922000-memory.dmp	xmrig
behavioral2/memory/2032-4012-0x00007FF6B05C0000-0x00007FF6B09B2000-memory.dmp	xmrig
behavioral2/memory/4112-3998-0x00007FF778FC0000-0x00007FF7793B2000-memory.dmp	xmrig
behavioral2/memory/1696-3997-0x00007FF688FA0000-0x00007FF689392000-memory.dmp	xmrig
behavioral2/memory/3620-4000-0x00007FF63C5A0000-0x00007FF63C992000-memory.dmp	xmrig
behavioral2/memory/4796-4111-0x00007FF76A890000-0x00007FF76AC82000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4816	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2532	VwyeMED.exe
2364	FKJHQUn.exe
1264	Tacbnnn.exe
3936	uBlUnIn.exe
3900	wZDmVOh.exe
1084	yInVVMI.exe
4264	qjdejfC.exe
648	KrtyFHt.exe
1860	zxtUIaF.exe
3244	hRCCyrr.exe
4112	MHhBfWo.exe
3068	qDLcawW.exe
3812	UKbtrkX.exe
3672	YMpaJJg.exe
1560	zcxhzCs.exe
3864	zmhIuYR.exe
1648	vfvnvyE.exe
1500	NnGAVVy.exe
2464	FsazFAF.exe
2032	KnmOynq.exe
3620	nGNzlGi.exe
1696	lMZIhkg.exe
4796	kVpGCjJ.exe
1064	TpESiPU.exe
4664	ovhjimc.exe
4988	ZEutSRW.exe
4076	usvkEuT.exe
3940	gbuQUuB.exe
2624	uleskIl.exe
1496	ifNZMNv.exe
4408	xeieBwa.exe
540	amhmlLZ.exe
720	iQPxbZz.exe
1152	mZmKuER.exe
1212	iyRNnCV.exe
4712	XcImiRn.exe
2876	VMKTdCf.exe
4968	zAlWYrH.exe
5004	TnTXKXd.exe
2004	aDIelaJ.exe
1028	NRCPkXm.exe
2308	BXKOnxL.exe
856	ueLITUj.exe
1652	UJYajHK.exe
1572	aWYUXhX.exe
2948	syqNcjr.exe
4892	MneGqZS.exe
4144	ZgDYXzE.exe
4272	WdqSuPA.exe
2816	PfKAVGB.exe
2824	RBWDDaS.exe
2224	azAVrpK.exe
3732	nXKokkD.exe
1812	CAfpKKV.exe
2684	PQackHY.exe
1092	VhDhRhd.exe
3096	qJYcIcb.exe
4224	kZmcnwU.exe
1076	ilQGiIz.exe
3528	OnFRHXi.exe
4008	XtQDObD.exe
1720	zhptyzG.exe
2388	RMMKeCk.exe
1928	ZpTewGS.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/760-0-0x00007FF7E1110000-0x00007FF7E1502000-memory.dmp	upx
behavioral2/files/0x000700000002344e-7.dat	upx
behavioral2/files/0x0008000000023258-29.dat	upx
behavioral2/files/0x000700000002345d-94.dat	upx
behavioral2/files/0x000700000002345b-91.dat	upx
behavioral2/files/0x000700000002345c-89.dat	upx
behavioral2/files/0x0007000000023454-82.dat	upx
behavioral2/files/0x0007000000023459-78.dat	upx
behavioral2/files/0x0007000000023465-134.dat	upx
behavioral2/files/0x0007000000023453-73.dat	upx
behavioral2/files/0x0007000000023462-119.dat	upx
behavioral2/files/0x0007000000023458-68.dat	upx
behavioral2/files/0x0007000000023460-109.dat	upx
behavioral2/files/0x000700000002345e-104.dat	upx
behavioral2/files/0x0007000000023457-54.dat	upx
behavioral2/files/0x0007000000023456-53.dat	upx
behavioral2/files/0x0007000000023451-46.dat	upx
behavioral2/memory/3936-588-0x00007FF6F9540000-0x00007FF6F9932000-memory.dmp	upx
behavioral2/memory/1860-661-0x00007FF727530000-0x00007FF727922000-memory.dmp	upx
behavioral2/memory/3812-665-0x00007FF7C7920000-0x00007FF7C7D12000-memory.dmp	upx
behavioral2/memory/1500-898-0x00007FF774A00000-0x00007FF774DF2000-memory.dmp	upx
behavioral2/memory/2032-1243-0x00007FF6B05C0000-0x00007FF6B09B2000-memory.dmp	upx
behavioral2/memory/4796-1616-0x00007FF76A890000-0x00007FF76AC82000-memory.dmp	upx
behavioral2/memory/1696-1615-0x00007FF688FA0000-0x00007FF689392000-memory.dmp	upx
behavioral2/memory/1064-1617-0x00007FF6790B0000-0x00007FF6794A2000-memory.dmp	upx
behavioral2/memory/3620-1504-0x00007FF63C5A0000-0x00007FF63C992000-memory.dmp	upx
behavioral2/memory/2464-1136-0x00007FF652930000-0x00007FF652D22000-memory.dmp	upx
behavioral2/memory/1648-895-0x00007FF64BD30000-0x00007FF64C122000-memory.dmp	upx
behavioral2/memory/3864-791-0x00007FF695D60000-0x00007FF696152000-memory.dmp	upx
behavioral2/memory/1560-790-0x00007FF687F80000-0x00007FF688372000-memory.dmp	upx
behavioral2/memory/3672-667-0x00007FF6854D0000-0x00007FF6858C2000-memory.dmp	upx
behavioral2/memory/3068-664-0x00007FF6FC5C0000-0x00007FF6FC9B2000-memory.dmp	upx
behavioral2/memory/4112-663-0x00007FF778FC0000-0x00007FF7793B2000-memory.dmp	upx
behavioral2/memory/3244-662-0x00007FF7D0EB0000-0x00007FF7D12A2000-memory.dmp	upx
behavioral2/memory/648-660-0x00007FF74B0C0000-0x00007FF74B4B2000-memory.dmp	upx
behavioral2/memory/4264-659-0x00007FF794C60000-0x00007FF795052000-memory.dmp	upx
behavioral2/memory/3900-656-0x00007FF6B1530000-0x00007FF6B1922000-memory.dmp	upx
behavioral2/memory/1264-405-0x00007FF772260000-0x00007FF772652000-memory.dmp	upx
behavioral2/files/0x0007000000023464-223.dat	upx
behavioral2/files/0x0007000000023473-216.dat	upx
behavioral2/files/0x0007000000023472-210.dat	upx
behavioral2/files/0x0007000000023471-208.dat	upx
behavioral2/files/0x0007000000023470-203.dat	upx
behavioral2/files/0x000700000002346f-198.dat	upx
behavioral2/files/0x000700000002346d-186.dat	upx
behavioral2/files/0x000700000002346e-185.dat	upx
behavioral2/files/0x0007000000023452-183.dat	upx
behavioral2/files/0x000700000002346c-178.dat	upx
behavioral2/files/0x000700000002345f-177.dat	upx
behavioral2/files/0x000700000002346b-170.dat	upx
behavioral2/files/0x000700000002346a-162.dat	upx
behavioral2/files/0x0007000000023455-155.dat	upx
behavioral2/files/0x0007000000023469-151.dat	upx
behavioral2/files/0x0007000000023468-145.dat	upx
behavioral2/files/0x000700000002345a-141.dat	upx
behavioral2/files/0x0007000000023467-138.dat	upx
behavioral2/files/0x0007000000023466-137.dat	upx
behavioral2/files/0x0007000000023463-123.dat	upx
behavioral2/files/0x0007000000023461-110.dat	upx
behavioral2/files/0x0007000000023450-75.dat	upx
behavioral2/files/0x000700000002344f-65.dat	upx
behavioral2/memory/2532-18-0x00007FF756D80000-0x00007FF757172000-memory.dmp	upx
behavioral2/files/0x000800000002344d-11.dat	upx
behavioral2/memory/2532-3948-0x00007FF756D80000-0x00007FF757172000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KALWCuY.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\bcKSkiF.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\zCrZnFq.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\ynbtAUZ.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\kuZnSKV.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\qtCGimY.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\AAZKkcC.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\rhcoWVL.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\KCzlIKp.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\rbdxcsH.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\tqjdMiy.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\slkYikZ.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\jRdGGJN.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\sHqSlKg.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\tSxJjwo.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\wlKNnTA.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\NanCdqN.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\YiWyZCS.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\sWxtBrQ.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\pXtZTrZ.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\nFnJYCZ.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\EaVAQuX.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\PnKdcfP.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\OpnPpIf.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\bRrNDZL.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\ZdXctFw.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\mpLpgHI.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\tGYAdSJ.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\bdntibm.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\soDHKti.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\uDGEsLq.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\JnTeEue.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\YpnbDrv.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\uuhsNVs.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\DXFMywG.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\BGkgUPU.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\EcHZiRP.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\pmewFXd.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\BFPEhzc.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\IUiGrUY.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\CPwryHc.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\RYsXBnK.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\TjoGehY.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\CYghUBJ.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\fugNhij.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\jNAbLen.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\hCMVxuI.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\aKaSDHv.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\qiHOCZY.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\lAIegcA.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\reLMwnM.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\daXIPad.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\hbvlpmM.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\xSeJlZY.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\ehCXtDK.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\NNKzgqC.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\fiDwphE.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\AeMySxz.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\HiHAmvW.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\hJzGGtt.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\LSHqDky.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\hBEqaNk.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\YSMTbKe.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
File created	C:\Windows\System\xbbmjaV.exe	44fd2dafcc91e4c5e3237c8c79ec73f0.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4816	powershell.exe
4816	powershell.exe
4816	powershell.exe
4816	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4816	powershell.exe
Token: SeLockMemoryPrivilege	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
Token: SeLockMemoryPrivilege	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe
Token: SeCreateGlobalPrivilege	3140	dwm.exe
Token: SeChangeNotifyPrivilege	3140	dwm.exe
Token: 33	3140	dwm.exe
Token: SeIncBasePriorityPrivilege	3140	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 4816	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	83
PID 760 wrote to memory of 4816	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	83
PID 760 wrote to memory of 2532	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	84
PID 760 wrote to memory of 2532	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	84
PID 760 wrote to memory of 2364	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	86
PID 760 wrote to memory of 2364	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	86
PID 760 wrote to memory of 1264	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	87
PID 760 wrote to memory of 1264	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	87
PID 760 wrote to memory of 1084	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	88
PID 760 wrote to memory of 1084	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	88
PID 760 wrote to memory of 3936	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	89
PID 760 wrote to memory of 3936	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	89
PID 760 wrote to memory of 3900	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	90
PID 760 wrote to memory of 3900	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	90
PID 760 wrote to memory of 4112	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	91
PID 760 wrote to memory of 4112	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	91
PID 760 wrote to memory of 4264	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	92
PID 760 wrote to memory of 4264	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	92
PID 760 wrote to memory of 648	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	93
PID 760 wrote to memory of 648	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	93
PID 760 wrote to memory of 1500	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	94
PID 760 wrote to memory of 1500	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	94
PID 760 wrote to memory of 1860	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	95
PID 760 wrote to memory of 1860	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	95
PID 760 wrote to memory of 3244	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	96
PID 760 wrote to memory of 3244	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	96
PID 760 wrote to memory of 3068	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	97
PID 760 wrote to memory of 3068	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	97
PID 760 wrote to memory of 3812	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	98
PID 760 wrote to memory of 3812	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	98
PID 760 wrote to memory of 3672	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	99
PID 760 wrote to memory of 3672	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	99
PID 760 wrote to memory of 1560	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	100
PID 760 wrote to memory of 1560	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	100
PID 760 wrote to memory of 3864	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	101
PID 760 wrote to memory of 3864	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	101
PID 760 wrote to memory of 1648	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	102
PID 760 wrote to memory of 1648	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	102
PID 760 wrote to memory of 2464	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	103
PID 760 wrote to memory of 2464	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	103
PID 760 wrote to memory of 2032	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	104
PID 760 wrote to memory of 2032	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	104
PID 760 wrote to memory of 3620	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	105
PID 760 wrote to memory of 3620	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	105
PID 760 wrote to memory of 1696	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	106
PID 760 wrote to memory of 1696	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	106
PID 760 wrote to memory of 4796	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	107
PID 760 wrote to memory of 4796	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	107
PID 760 wrote to memory of 1064	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	108
PID 760 wrote to memory of 1064	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	108
PID 760 wrote to memory of 2004	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	109
PID 760 wrote to memory of 2004	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	109
PID 760 wrote to memory of 4664	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	110
PID 760 wrote to memory of 4664	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	110
PID 760 wrote to memory of 4988	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	111
PID 760 wrote to memory of 4988	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	111
PID 760 wrote to memory of 4076	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	112
PID 760 wrote to memory of 4076	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	112
PID 760 wrote to memory of 3940	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	113
PID 760 wrote to memory of 3940	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	113
PID 760 wrote to memory of 2624	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	114
PID 760 wrote to memory of 2624	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	114
PID 760 wrote to memory of 1496	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	115
PID 760 wrote to memory of 1496	760	44fd2dafcc91e4c5e3237c8c79ec73f0.exe	115

C:\Users\Admin\AppData\Local\Temp\44fd2dafcc91e4c5e3237c8c79ec73f0.exe
"C:\Users\Admin\AppData\Local\Temp\44fd2dafcc91e4c5e3237c8c79ec73f0.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4816
- C:\Windows\System\VwyeMED.exe
  C:\Windows\System\VwyeMED.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\FKJHQUn.exe
  C:\Windows\System\FKJHQUn.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\Tacbnnn.exe
  C:\Windows\System\Tacbnnn.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\yInVVMI.exe
  C:\Windows\System\yInVVMI.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\uBlUnIn.exe
  C:\Windows\System\uBlUnIn.exe
  2⤵
  - Executes dropped EXE
  PID:3936
- C:\Windows\System\wZDmVOh.exe
  C:\Windows\System\wZDmVOh.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\MHhBfWo.exe
  C:\Windows\System\MHhBfWo.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\qjdejfC.exe
  C:\Windows\System\qjdejfC.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\KrtyFHt.exe
  C:\Windows\System\KrtyFHt.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\NnGAVVy.exe
  C:\Windows\System\NnGAVVy.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\zxtUIaF.exe
  C:\Windows\System\zxtUIaF.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\hRCCyrr.exe
  C:\Windows\System\hRCCyrr.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\qDLcawW.exe
  C:\Windows\System\qDLcawW.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\UKbtrkX.exe
  C:\Windows\System\UKbtrkX.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\YMpaJJg.exe
  C:\Windows\System\YMpaJJg.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\zcxhzCs.exe
  C:\Windows\System\zcxhzCs.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\zmhIuYR.exe
  C:\Windows\System\zmhIuYR.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\vfvnvyE.exe
  C:\Windows\System\vfvnvyE.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\FsazFAF.exe
  C:\Windows\System\FsazFAF.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\KnmOynq.exe
  C:\Windows\System\KnmOynq.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\nGNzlGi.exe
  C:\Windows\System\nGNzlGi.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\lMZIhkg.exe
  C:\Windows\System\lMZIhkg.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\kVpGCjJ.exe
  C:\Windows\System\kVpGCjJ.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\TpESiPU.exe
  C:\Windows\System\TpESiPU.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\aDIelaJ.exe
  C:\Windows\System\aDIelaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\ovhjimc.exe
  C:\Windows\System\ovhjimc.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\ZEutSRW.exe
  C:\Windows\System\ZEutSRW.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\usvkEuT.exe
  C:\Windows\System\usvkEuT.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\gbuQUuB.exe
  C:\Windows\System\gbuQUuB.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\uleskIl.exe
  C:\Windows\System\uleskIl.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ifNZMNv.exe
  C:\Windows\System\ifNZMNv.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\xeieBwa.exe
  C:\Windows\System\xeieBwa.exe
  2⤵
  - Executes dropped EXE
  PID:4408
- C:\Windows\System\amhmlLZ.exe
  C:\Windows\System\amhmlLZ.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\iQPxbZz.exe
  C:\Windows\System\iQPxbZz.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\mZmKuER.exe
  C:\Windows\System\mZmKuER.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\iyRNnCV.exe
  C:\Windows\System\iyRNnCV.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\XcImiRn.exe
  C:\Windows\System\XcImiRn.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\VMKTdCf.exe
  C:\Windows\System\VMKTdCf.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\zAlWYrH.exe
  C:\Windows\System\zAlWYrH.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\TnTXKXd.exe
  C:\Windows\System\TnTXKXd.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\ZpTewGS.exe
  C:\Windows\System\ZpTewGS.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\NRCPkXm.exe
  C:\Windows\System\NRCPkXm.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\BXKOnxL.exe
  C:\Windows\System\BXKOnxL.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ueLITUj.exe
  C:\Windows\System\ueLITUj.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\UJYajHK.exe
  C:\Windows\System\UJYajHK.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\aWYUXhX.exe
  C:\Windows\System\aWYUXhX.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\syqNcjr.exe
  C:\Windows\System\syqNcjr.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\MneGqZS.exe
  C:\Windows\System\MneGqZS.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\ZgDYXzE.exe
  C:\Windows\System\ZgDYXzE.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\WdqSuPA.exe
  C:\Windows\System\WdqSuPA.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\PfKAVGB.exe
  C:\Windows\System\PfKAVGB.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\RBWDDaS.exe
  C:\Windows\System\RBWDDaS.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\azAVrpK.exe
  C:\Windows\System\azAVrpK.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\nXKokkD.exe
  C:\Windows\System\nXKokkD.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\CAfpKKV.exe
  C:\Windows\System\CAfpKKV.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\PQackHY.exe
  C:\Windows\System\PQackHY.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\VhDhRhd.exe
  C:\Windows\System\VhDhRhd.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\qJYcIcb.exe
  C:\Windows\System\qJYcIcb.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\kZmcnwU.exe
  C:\Windows\System\kZmcnwU.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\ilQGiIz.exe
  C:\Windows\System\ilQGiIz.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\xBfDZJZ.exe
  C:\Windows\System\xBfDZJZ.exe
  2⤵
  PID:2616
- C:\Windows\System\OnFRHXi.exe
  C:\Windows\System\OnFRHXi.exe
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System\XtQDObD.exe
  C:\Windows\System\XtQDObD.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\xPvCzMO.exe
  C:\Windows\System\xPvCzMO.exe
  2⤵
  PID:3576
- C:\Windows\System\zhptyzG.exe
  C:\Windows\System\zhptyzG.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\RMMKeCk.exe
  C:\Windows\System\RMMKeCk.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\skbZHLk.exe
  C:\Windows\System\skbZHLk.exe
  2⤵
  PID:224
- C:\Windows\System\SACgLsK.exe
  C:\Windows\System\SACgLsK.exe
  2⤵
  PID:4520
- C:\Windows\System\dblHYOY.exe
  C:\Windows\System\dblHYOY.exe
  2⤵
  PID:4364
- C:\Windows\System\lcikMKM.exe
  C:\Windows\System\lcikMKM.exe
  2⤵
  PID:1568
- C:\Windows\System\igghWcg.exe
  C:\Windows\System\igghWcg.exe
  2⤵
  PID:4192
- C:\Windows\System\dFFanCc.exe
  C:\Windows\System\dFFanCc.exe
  2⤵
  PID:3728
- C:\Windows\System\AgTmJmK.exe
  C:\Windows\System\AgTmJmK.exe
  2⤵
  PID:2368
- C:\Windows\System\CgiiCDF.exe
  C:\Windows\System\CgiiCDF.exe
  2⤵
  PID:2276
- C:\Windows\System\kMhqqPC.exe
  C:\Windows\System\kMhqqPC.exe
  2⤵
  PID:3924
- C:\Windows\System\GGTwVUq.exe
  C:\Windows\System\GGTwVUq.exe
  2⤵
  PID:4284
- C:\Windows\System\BQTbRaD.exe
  C:\Windows\System\BQTbRaD.exe
  2⤵
  PID:456
- C:\Windows\System\cvrDrvv.exe
  C:\Windows\System\cvrDrvv.exe
  2⤵
  PID:3400
- C:\Windows\System\FuhpLIk.exe
  C:\Windows\System\FuhpLIk.exe
  2⤵
  PID:1396
- C:\Windows\System\RQzDjxl.exe
  C:\Windows\System\RQzDjxl.exe
  2⤵
  PID:5032
- C:\Windows\System\GoKAwcI.exe
  C:\Windows\System\GoKAwcI.exe
  2⤵
  PID:412
- C:\Windows\System\GOdboOI.exe
  C:\Windows\System\GOdboOI.exe
  2⤵
  PID:2644
- C:\Windows\System\OpnPpIf.exe
  C:\Windows\System\OpnPpIf.exe
  2⤵
  PID:216
- C:\Windows\System\GGhEFjC.exe
  C:\Windows\System\GGhEFjC.exe
  2⤵
  PID:5128
- C:\Windows\System\sIfPHFt.exe
  C:\Windows\System\sIfPHFt.exe
  2⤵
  PID:5152
- C:\Windows\System\HzdKsOH.exe
  C:\Windows\System\HzdKsOH.exe
  2⤵
  PID:5172
- C:\Windows\System\pTmAZra.exe
  C:\Windows\System\pTmAZra.exe
  2⤵
  PID:5196
- C:\Windows\System\GcTHnQp.exe
  C:\Windows\System\GcTHnQp.exe
  2⤵
  PID:5212
- C:\Windows\System\SKEvSLe.exe
  C:\Windows\System\SKEvSLe.exe
  2⤵
  PID:5236
- C:\Windows\System\iXaHuqC.exe
  C:\Windows\System\iXaHuqC.exe
  2⤵
  PID:5252
- C:\Windows\System\bRrNDZL.exe
  C:\Windows\System\bRrNDZL.exe
  2⤵
  PID:5272
- C:\Windows\System\EmyDjuP.exe
  C:\Windows\System\EmyDjuP.exe
  2⤵
  PID:5288
- C:\Windows\System\mOZEVHw.exe
  C:\Windows\System\mOZEVHw.exe
  2⤵
  PID:5316
- C:\Windows\System\AkAnUtV.exe
  C:\Windows\System\AkAnUtV.exe
  2⤵
  PID:5332
- C:\Windows\System\HiiFSVP.exe
  C:\Windows\System\HiiFSVP.exe
  2⤵
  PID:5356
- C:\Windows\System\CLzVuTg.exe
  C:\Windows\System\CLzVuTg.exe
  2⤵
  PID:5372
- C:\Windows\System\LwuTBHa.exe
  C:\Windows\System\LwuTBHa.exe
  2⤵
  PID:5392
- C:\Windows\System\uzDHDhD.exe
  C:\Windows\System\uzDHDhD.exe
  2⤵
  PID:5412
- C:\Windows\System\jsvDoWV.exe
  C:\Windows\System\jsvDoWV.exe
  2⤵
  PID:5432
- C:\Windows\System\zatrFTR.exe
  C:\Windows\System\zatrFTR.exe
  2⤵
  PID:5448
- C:\Windows\System\tVHHbTO.exe
  C:\Windows\System\tVHHbTO.exe
  2⤵
  PID:5468
- C:\Windows\System\eDePJTM.exe
  C:\Windows\System\eDePJTM.exe
  2⤵
  PID:5488
- C:\Windows\System\najjOPr.exe
  C:\Windows\System\najjOPr.exe
  2⤵
  PID:5504
- C:\Windows\System\fZTCbQu.exe
  C:\Windows\System\fZTCbQu.exe
  2⤵
  PID:5520
- C:\Windows\System\BwASvHC.exe
  C:\Windows\System\BwASvHC.exe
  2⤵
  PID:5540
- C:\Windows\System\CldeeZC.exe
  C:\Windows\System\CldeeZC.exe
  2⤵
  PID:5560
- C:\Windows\System\BduJFqG.exe
  C:\Windows\System\BduJFqG.exe
  2⤵
  PID:5580
- C:\Windows\System\EAOOIcm.exe
  C:\Windows\System\EAOOIcm.exe
  2⤵
  PID:5596
- C:\Windows\System\kUpMgvu.exe
  C:\Windows\System\kUpMgvu.exe
  2⤵
  PID:5620
- C:\Windows\System\ohvCiOW.exe
  C:\Windows\System\ohvCiOW.exe
  2⤵
  PID:5636
- C:\Windows\System\IAKubzp.exe
  C:\Windows\System\IAKubzp.exe
  2⤵
  PID:5652
- C:\Windows\System\dakSGfr.exe
  C:\Windows\System\dakSGfr.exe
  2⤵
  PID:5676
- C:\Windows\System\IqQhmwQ.exe
  C:\Windows\System\IqQhmwQ.exe
  2⤵
  PID:5692
- C:\Windows\System\HFtVFoD.exe
  C:\Windows\System\HFtVFoD.exe
  2⤵
  PID:5716
- C:\Windows\System\aVZwzsN.exe
  C:\Windows\System\aVZwzsN.exe
  2⤵
  PID:5732
- C:\Windows\System\VAOGbDj.exe
  C:\Windows\System\VAOGbDj.exe
  2⤵
  PID:5756
- C:\Windows\System\GMONmgp.exe
  C:\Windows\System\GMONmgp.exe
  2⤵
  PID:5788
- C:\Windows\System\VWuggGb.exe
  C:\Windows\System\VWuggGb.exe
  2⤵
  PID:5804
- C:\Windows\System\EgDjJlS.exe
  C:\Windows\System\EgDjJlS.exe
  2⤵
  PID:5836
- C:\Windows\System\icDsoyj.exe
  C:\Windows\System\icDsoyj.exe
  2⤵
  PID:5852
- C:\Windows\System\rJCXQpK.exe
  C:\Windows\System\rJCXQpK.exe
  2⤵
  PID:5868
- C:\Windows\System\boBBQlN.exe
  C:\Windows\System\boBBQlN.exe
  2⤵
  PID:5884
- C:\Windows\System\ptXOgTV.exe
  C:\Windows\System\ptXOgTV.exe
  2⤵
  PID:5908
- C:\Windows\System\nZKtkGb.exe
  C:\Windows\System\nZKtkGb.exe
  2⤵
  PID:5924
- C:\Windows\System\EVwKMvX.exe
  C:\Windows\System\EVwKMvX.exe
  2⤵
  PID:5952
- C:\Windows\System\uQuzKjO.exe
  C:\Windows\System\uQuzKjO.exe
  2⤵
  PID:5972
- C:\Windows\System\QTlFRIx.exe
  C:\Windows\System\QTlFRIx.exe
  2⤵
  PID:5992
- C:\Windows\System\YKQyoHl.exe
  C:\Windows\System\YKQyoHl.exe
  2⤵
  PID:6056
- C:\Windows\System\UmmFjww.exe
  C:\Windows\System\UmmFjww.exe
  2⤵
  PID:6080
- C:\Windows\System\TTdsJwb.exe
  C:\Windows\System\TTdsJwb.exe
  2⤵
  PID:6096
- C:\Windows\System\qYFdaSX.exe
  C:\Windows\System\qYFdaSX.exe
  2⤵
  PID:6116
- C:\Windows\System\nwLsKOf.exe
  C:\Windows\System\nwLsKOf.exe
  2⤵
  PID:6132
- C:\Windows\System\eCPaOYT.exe
  C:\Windows\System\eCPaOYT.exe
  2⤵
  PID:2572
- C:\Windows\System\mWuuhMu.exe
  C:\Windows\System\mWuuhMu.exe
  2⤵
  PID:2372
- C:\Windows\System\sMheXHc.exe
  C:\Windows\System\sMheXHc.exe
  2⤵
  PID:1520
- C:\Windows\System\OEPcSNA.exe
  C:\Windows\System\OEPcSNA.exe
  2⤵
  PID:2720
- C:\Windows\System\CkivHOe.exe
  C:\Windows\System\CkivHOe.exe
  2⤵
  PID:3692
- C:\Windows\System\qvsDrYF.exe
  C:\Windows\System\qvsDrYF.exe
  2⤵
  PID:1656
- C:\Windows\System\jFVbooJ.exe
  C:\Windows\System\jFVbooJ.exe
  2⤵
  PID:1628
- C:\Windows\System\ySZilbo.exe
  C:\Windows\System\ySZilbo.exe
  2⤵
  PID:4856
- C:\Windows\System\GLqhTYa.exe
  C:\Windows\System\GLqhTYa.exe
  2⤵
  PID:4148
- C:\Windows\System\ZwwRgDd.exe
  C:\Windows\System\ZwwRgDd.exe
  2⤵
  PID:1524
- C:\Windows\System\xruZsQT.exe
  C:\Windows\System\xruZsQT.exe
  2⤵
  PID:4844
- C:\Windows\System\tSVYLSr.exe
  C:\Windows\System\tSVYLSr.exe
  2⤵
  PID:4668
- C:\Windows\System\ROAAoiW.exe
  C:\Windows\System\ROAAoiW.exe
  2⤵
  PID:5188
- C:\Windows\System\svuBtWV.exe
  C:\Windows\System\svuBtWV.exe
  2⤵
  PID:5224
- C:\Windows\System\OYLaZvG.exe
  C:\Windows\System\OYLaZvG.exe
  2⤵
  PID:5324
- C:\Windows\System\BEVWqsV.exe
  C:\Windows\System\BEVWqsV.exe
  2⤵
  PID:5340
- C:\Windows\System\AAhBOQJ.exe
  C:\Windows\System\AAhBOQJ.exe
  2⤵
  PID:5352
- C:\Windows\System\ljuUwtg.exe
  C:\Windows\System\ljuUwtg.exe
  2⤵
  PID:5384
- C:\Windows\System\JhBuPEa.exe
  C:\Windows\System\JhBuPEa.exe
  2⤵
  PID:828
- C:\Windows\System\OURORhW.exe
  C:\Windows\System\OURORhW.exe
  2⤵
  PID:5464
- C:\Windows\System\qAStYCz.exe
  C:\Windows\System\qAStYCz.exe
  2⤵
  PID:184
- C:\Windows\System\qgJFPjx.exe
  C:\Windows\System\qgJFPjx.exe
  2⤵
  PID:3992
- C:\Windows\System\rYXHIEd.exe
  C:\Windows\System\rYXHIEd.exe
  2⤵
  PID:4488
- C:\Windows\System\iFPSwQO.exe
  C:\Windows\System\iFPSwQO.exe
  2⤵
  PID:2996
- C:\Windows\System\zrQGijx.exe
  C:\Windows\System\zrQGijx.exe
  2⤵
  PID:6152
- C:\Windows\System\XrUeugo.exe
  C:\Windows\System\XrUeugo.exe
  2⤵
  PID:6168
- C:\Windows\System\tskBmHG.exe
  C:\Windows\System\tskBmHG.exe
  2⤵
  PID:6188
- C:\Windows\System\QNbdbmr.exe
  C:\Windows\System\QNbdbmr.exe
  2⤵
  PID:6208
- C:\Windows\System\xJberdm.exe
  C:\Windows\System\xJberdm.exe
  2⤵
  PID:6224
- C:\Windows\System\GLKUUkQ.exe
  C:\Windows\System\GLKUUkQ.exe
  2⤵
  PID:6244
- C:\Windows\System\nwuHavq.exe
  C:\Windows\System\nwuHavq.exe
  2⤵
  PID:6260
- C:\Windows\System\fKGNmSs.exe
  C:\Windows\System\fKGNmSs.exe
  2⤵
  PID:6276
- C:\Windows\System\lftnRdh.exe
  C:\Windows\System\lftnRdh.exe
  2⤵
  PID:6300
- C:\Windows\System\XxqrUWz.exe
  C:\Windows\System\XxqrUWz.exe
  2⤵
  PID:6316
- C:\Windows\System\AAmEydG.exe
  C:\Windows\System\AAmEydG.exe
  2⤵
  PID:6336
- C:\Windows\System\ZdXctFw.exe
  C:\Windows\System\ZdXctFw.exe
  2⤵
  PID:6360
- C:\Windows\System\RKqXMeh.exe
  C:\Windows\System\RKqXMeh.exe
  2⤵
  PID:6380
- C:\Windows\System\NSosXOW.exe
  C:\Windows\System\NSosXOW.exe
  2⤵
  PID:6404
- C:\Windows\System\nYpvLeV.exe
  C:\Windows\System\nYpvLeV.exe
  2⤵
  PID:6428
- C:\Windows\System\nDDMgms.exe
  C:\Windows\System\nDDMgms.exe
  2⤵
  PID:6448
- C:\Windows\System\GQemkjP.exe
  C:\Windows\System\GQemkjP.exe
  2⤵
  PID:6468
- C:\Windows\System\qYzQLtU.exe
  C:\Windows\System\qYzQLtU.exe
  2⤵
  PID:6492
- C:\Windows\System\MpHVRke.exe
  C:\Windows\System\MpHVRke.exe
  2⤵
  PID:6512
- C:\Windows\System\oTVsCkG.exe
  C:\Windows\System\oTVsCkG.exe
  2⤵
  PID:6528
- C:\Windows\System\TgfYzbU.exe
  C:\Windows\System\TgfYzbU.exe
  2⤵
  PID:6552
- C:\Windows\System\pXIbzSu.exe
  C:\Windows\System\pXIbzSu.exe
  2⤵
  PID:6568
- C:\Windows\System\fROWVNG.exe
  C:\Windows\System\fROWVNG.exe
  2⤵
  PID:6588
- C:\Windows\System\YaaHidP.exe
  C:\Windows\System\YaaHidP.exe
  2⤵
  PID:6604
- C:\Windows\System\tqjdMiy.exe
  C:\Windows\System\tqjdMiy.exe
  2⤵
  PID:6628
- C:\Windows\System\niUNKKK.exe
  C:\Windows\System\niUNKKK.exe
  2⤵
  PID:6652
- C:\Windows\System\OogZlFC.exe
  C:\Windows\System\OogZlFC.exe
  2⤵
  PID:6668
- C:\Windows\System\wdWjXkX.exe
  C:\Windows\System\wdWjXkX.exe
  2⤵
  PID:6704
- C:\Windows\System\RNyRSSy.exe
  C:\Windows\System\RNyRSSy.exe
  2⤵
  PID:6724
- C:\Windows\System\aocNdoJ.exe
  C:\Windows\System\aocNdoJ.exe
  2⤵
  PID:6740
- C:\Windows\System\gfuRtro.exe
  C:\Windows\System\gfuRtro.exe
  2⤵
  PID:6764
- C:\Windows\System\vthUsPB.exe
  C:\Windows\System\vthUsPB.exe
  2⤵
  PID:6784
- C:\Windows\System\afdEjRy.exe
  C:\Windows\System\afdEjRy.exe
  2⤵
  PID:6804
- C:\Windows\System\OssLgMd.exe
  C:\Windows\System\OssLgMd.exe
  2⤵
  PID:6820
- C:\Windows\System\KVEIiXp.exe
  C:\Windows\System\KVEIiXp.exe
  2⤵
  PID:6836
- C:\Windows\System\SoQwJZB.exe
  C:\Windows\System\SoQwJZB.exe
  2⤵
  PID:6856
- C:\Windows\System\ansVJae.exe
  C:\Windows\System\ansVJae.exe
  2⤵
  PID:6876
- C:\Windows\System\PYtIYVD.exe
  C:\Windows\System\PYtIYVD.exe
  2⤵
  PID:6892
- C:\Windows\System\yVmUmNW.exe
  C:\Windows\System\yVmUmNW.exe
  2⤵
  PID:6908
- C:\Windows\System\IbtJQCX.exe
  C:\Windows\System\IbtJQCX.exe
  2⤵
  PID:6936
- C:\Windows\System\xLRPkFL.exe
  C:\Windows\System\xLRPkFL.exe
  2⤵
  PID:6952
- C:\Windows\System\TcHAxET.exe
  C:\Windows\System\TcHAxET.exe
  2⤵
  PID:6980
- C:\Windows\System\KPOsGPn.exe
  C:\Windows\System\KPOsGPn.exe
  2⤵
  PID:6996
- C:\Windows\System\ZgUiGbo.exe
  C:\Windows\System\ZgUiGbo.exe
  2⤵
  PID:7016
- C:\Windows\System\YoqMgwV.exe
  C:\Windows\System\YoqMgwV.exe
  2⤵
  PID:7040
- C:\Windows\System\PTvmdVx.exe
  C:\Windows\System\PTvmdVx.exe
  2⤵
  PID:7056
- C:\Windows\System\hPjnGwt.exe
  C:\Windows\System\hPjnGwt.exe
  2⤵
  PID:7080
- C:\Windows\System\vqppswq.exe
  C:\Windows\System\vqppswq.exe
  2⤵
  PID:7100
- C:\Windows\System\FYEeOGZ.exe
  C:\Windows\System\FYEeOGZ.exe
  2⤵
  PID:7116
- C:\Windows\System\FcTbgNL.exe
  C:\Windows\System\FcTbgNL.exe
  2⤵
  PID:7136
- C:\Windows\System\SkAJPSF.exe
  C:\Windows\System\SkAJPSF.exe
  2⤵
  PID:7156
- C:\Windows\System\DeFIfcm.exe
  C:\Windows\System\DeFIfcm.exe
  2⤵
  PID:2184
- C:\Windows\System\bogpeqf.exe
  C:\Windows\System\bogpeqf.exe
  2⤵
  PID:5648
- C:\Windows\System\rBmGxNj.exe
  C:\Windows\System\rBmGxNj.exe
  2⤵
  PID:1596
- C:\Windows\System\UQmTkSC.exe
  C:\Windows\System\UQmTkSC.exe
  2⤵
  PID:3220
- C:\Windows\System\NKWFyYn.exe
  C:\Windows\System\NKWFyYn.exe
  2⤵
  PID:2344
- C:\Windows\System\dpuJNby.exe
  C:\Windows\System\dpuJNby.exe
  2⤵
  PID:5876
- C:\Windows\System\nukzLGp.exe
  C:\Windows\System\nukzLGp.exe
  2⤵
  PID:5916
- C:\Windows\System\RTVBbvG.exe
  C:\Windows\System\RTVBbvG.exe
  2⤵
  PID:4552
- C:\Windows\System\IWScntt.exe
  C:\Windows\System\IWScntt.exe
  2⤵
  PID:2924
- C:\Windows\System\TeBvNCX.exe
  C:\Windows\System\TeBvNCX.exe
  2⤵
  PID:6020
- C:\Windows\System\kfwKrWd.exe
  C:\Windows\System\kfwKrWd.exe
  2⤵
  PID:4404
- C:\Windows\System\VwSAVrJ.exe
  C:\Windows\System\VwSAVrJ.exe
  2⤵
  PID:5124
- C:\Windows\System\xLVWonI.exe
  C:\Windows\System\xLVWonI.exe
  2⤵
  PID:6064
- C:\Windows\System\OpiXTmy.exe
  C:\Windows\System\OpiXTmy.exe
  2⤵
  PID:6124
- C:\Windows\System\FNwursz.exe
  C:\Windows\System\FNwursz.exe
  2⤵
  PID:5248
- C:\Windows\System\aCMGETw.exe
  C:\Windows\System\aCMGETw.exe
  2⤵
  PID:3540
- C:\Windows\System\pROFIYn.exe
  C:\Windows\System\pROFIYn.exe
  2⤵
  PID:524
- C:\Windows\System\faaRiYl.exe
  C:\Windows\System\faaRiYl.exe
  2⤵
  PID:5444
- C:\Windows\System\jlwEFbL.exe
  C:\Windows\System\jlwEFbL.exe
  2⤵
  PID:7176
- C:\Windows\System\gOtNcEg.exe
  C:\Windows\System\gOtNcEg.exe
  2⤵
  PID:7200
- C:\Windows\System\gNUohTy.exe
  C:\Windows\System\gNUohTy.exe
  2⤵
  PID:7216
- C:\Windows\System\juvhiqF.exe
  C:\Windows\System\juvhiqF.exe
  2⤵
  PID:7236
- C:\Windows\System\QXQdQqm.exe
  C:\Windows\System\QXQdQqm.exe
  2⤵
  PID:7252
- C:\Windows\System\oCeyYtd.exe
  C:\Windows\System\oCeyYtd.exe
  2⤵
  PID:7280
- C:\Windows\System\JmypbNg.exe
  C:\Windows\System\JmypbNg.exe
  2⤵
  PID:7304
- C:\Windows\System\VAptjLU.exe
  C:\Windows\System\VAptjLU.exe
  2⤵
  PID:7324
- C:\Windows\System\tKVRxyf.exe
  C:\Windows\System\tKVRxyf.exe
  2⤵
  PID:7340
- C:\Windows\System\QdDUhqS.exe
  C:\Windows\System\QdDUhqS.exe
  2⤵
  PID:7356
- C:\Windows\System\xsCzylZ.exe
  C:\Windows\System\xsCzylZ.exe
  2⤵
  PID:7380
- C:\Windows\System\vVZdNKU.exe
  C:\Windows\System\vVZdNKU.exe
  2⤵
  PID:7396
- C:\Windows\System\dyYnOiG.exe
  C:\Windows\System\dyYnOiG.exe
  2⤵
  PID:7420
- C:\Windows\System\JhODBPC.exe
  C:\Windows\System\JhODBPC.exe
  2⤵
  PID:7444
- C:\Windows\System\BmlBqGh.exe
  C:\Windows\System\BmlBqGh.exe
  2⤵
  PID:7464
- C:\Windows\System\SCnTmIP.exe
  C:\Windows\System\SCnTmIP.exe
  2⤵
  PID:7480
- C:\Windows\System\aiKXmfz.exe
  C:\Windows\System\aiKXmfz.exe
  2⤵
  PID:7504
- C:\Windows\System\CaPLnVR.exe
  C:\Windows\System\CaPLnVR.exe
  2⤵
  PID:7520
- C:\Windows\System\QAzsqlz.exe
  C:\Windows\System\QAzsqlz.exe
  2⤵
  PID:7540
- C:\Windows\System\GKszXFc.exe
  C:\Windows\System\GKszXFc.exe
  2⤵
  PID:7556
- C:\Windows\System\dADeegl.exe
  C:\Windows\System\dADeegl.exe
  2⤵
  PID:7584
- C:\Windows\System\pzzUAbF.exe
  C:\Windows\System\pzzUAbF.exe
  2⤵
  PID:7604
- C:\Windows\System\Pchkzet.exe
  C:\Windows\System\Pchkzet.exe
  2⤵
  PID:7620
- C:\Windows\System\XxHICJZ.exe
  C:\Windows\System\XxHICJZ.exe
  2⤵
  PID:7648
- C:\Windows\System\XOWzSAF.exe
  C:\Windows\System\XOWzSAF.exe
  2⤵
  PID:7668
- C:\Windows\System\pmZoOJI.exe
  C:\Windows\System\pmZoOJI.exe
  2⤵
  PID:7688
- C:\Windows\System\ctOZnsb.exe
  C:\Windows\System\ctOZnsb.exe
  2⤵
  PID:7708
- C:\Windows\System\KewsCHS.exe
  C:\Windows\System\KewsCHS.exe
  2⤵
  PID:7936
- C:\Windows\System\vYojffz.exe
  C:\Windows\System\vYojffz.exe
  2⤵
  PID:7960
- C:\Windows\System\vGkfZTV.exe
  C:\Windows\System\vGkfZTV.exe
  2⤵
  PID:7976
- C:\Windows\System\FCrxarG.exe
  C:\Windows\System\FCrxarG.exe
  2⤵
  PID:7992
- C:\Windows\System\cgjHWWi.exe
  C:\Windows\System\cgjHWWi.exe
  2⤵
  PID:8008
- C:\Windows\System\Fnlffyc.exe
  C:\Windows\System\Fnlffyc.exe
  2⤵
  PID:8024
- C:\Windows\System\xnPuqMb.exe
  C:\Windows\System\xnPuqMb.exe
  2⤵
  PID:8040
- C:\Windows\System\VazqoET.exe
  C:\Windows\System\VazqoET.exe
  2⤵
  PID:8056
- C:\Windows\System\LFCWprU.exe
  C:\Windows\System\LFCWprU.exe
  2⤵
  PID:8072
- C:\Windows\System\dWxAadg.exe
  C:\Windows\System\dWxAadg.exe
  2⤵
  PID:8100
- C:\Windows\System\JHhvQho.exe
  C:\Windows\System\JHhvQho.exe
  2⤵
  PID:8120
- C:\Windows\System\WfxeiRu.exe
  C:\Windows\System\WfxeiRu.exe
  2⤵
  PID:8140
- C:\Windows\System\SowSObD.exe
  C:\Windows\System\SowSObD.exe
  2⤵
  PID:8156
- C:\Windows\System\HNYYqeL.exe
  C:\Windows\System\HNYYqeL.exe
  2⤵
  PID:8180
- C:\Windows\System\takFsAv.exe
  C:\Windows\System\takFsAv.exe
  2⤵
  PID:3100
- C:\Windows\System\jypgJiC.exe
  C:\Windows\System\jypgJiC.exe
  2⤵
  PID:5528
- C:\Windows\System\GnJdRTN.exe
  C:\Windows\System\GnJdRTN.exe
  2⤵
  PID:6240
- C:\Windows\System\SgGqCco.exe
  C:\Windows\System\SgGqCco.exe
  2⤵
  PID:6296
- C:\Windows\System\OxfvYGj.exe
  C:\Windows\System\OxfvYGj.exe
  2⤵
  PID:5664
- C:\Windows\System\vjhvPRS.exe
  C:\Windows\System\vjhvPRS.exe
  2⤵
  PID:6352
- C:\Windows\System\WmsWPvf.exe
  C:\Windows\System\WmsWPvf.exe
  2⤵
  PID:3408
- C:\Windows\System\hpiiyzn.exe
  C:\Windows\System\hpiiyzn.exe
  2⤵
  PID:996
- C:\Windows\System\MLEkoIr.exe
  C:\Windows\System\MLEkoIr.exe
  2⤵
  PID:3548
- C:\Windows\System\twcAXko.exe
  C:\Windows\System\twcAXko.exe
  2⤵
  PID:1384
- C:\Windows\System\ZQRtUFM.exe
  C:\Windows\System\ZQRtUFM.exe
  2⤵
  PID:3104
- C:\Windows\System\plMGspp.exe
  C:\Windows\System\plMGspp.exe
  2⤵
  PID:2036
- C:\Windows\System\WsGApYM.exe
  C:\Windows\System\WsGApYM.exe
  2⤵
  PID:1492
- C:\Windows\System\FeTUpNd.exe
  C:\Windows\System\FeTUpNd.exe
  2⤵
  PID:4044
- C:\Windows\System\DvAzEke.exe
  C:\Windows\System\DvAzEke.exe
  2⤵
  PID:5104
- C:\Windows\System\cgKuAme.exe
  C:\Windows\System\cgKuAme.exe
  2⤵
  PID:5404
- C:\Windows\System\VyUIKuV.exe
  C:\Windows\System\VyUIKuV.exe
  2⤵
  PID:1460
- C:\Windows\System\TgUfFMG.exe
  C:\Windows\System\TgUfFMG.exe
  2⤵
  PID:3520
- C:\Windows\System\jVPzQmN.exe
  C:\Windows\System\jVPzQmN.exe
  2⤵
  PID:3536
- C:\Windows\System\sHqSlKg.exe
  C:\Windows\System\sHqSlKg.exe
  2⤵
  PID:5588
- C:\Windows\System\UTknRkt.exe
  C:\Windows\System\UTknRkt.exe
  2⤵
  PID:7064
- C:\Windows\System\zjBzlih.exe
  C:\Windows\System\zjBzlih.exe
  2⤵
  PID:8584
- C:\Windows\System\NeBUUVz.exe
  C:\Windows\System\NeBUUVz.exe
  2⤵
  PID:8604
- C:\Windows\System\OxRCOuX.exe
  C:\Windows\System\OxRCOuX.exe
  2⤵
  PID:8640
- C:\Windows\System\oxLqOcX.exe
  C:\Windows\System\oxLqOcX.exe
  2⤵
  PID:8660
- C:\Windows\System\lQjLKBD.exe
  C:\Windows\System\lQjLKBD.exe
  2⤵
  PID:8684
- C:\Windows\System\QUjekTL.exe
  C:\Windows\System\QUjekTL.exe
  2⤵
  PID:8704
- C:\Windows\System\dxumvYg.exe
  C:\Windows\System\dxumvYg.exe
  2⤵
  PID:8736
- C:\Windows\System\FjjVNqa.exe
  C:\Windows\System\FjjVNqa.exe
  2⤵
  PID:8772
- C:\Windows\System\rNUAFMY.exe
  C:\Windows\System\rNUAFMY.exe
  2⤵
  PID:8788
- C:\Windows\System\NFxQMZa.exe
  C:\Windows\System\NFxQMZa.exe
  2⤵
  PID:8816
- C:\Windows\System\oDqwyjS.exe
  C:\Windows\System\oDqwyjS.exe
  2⤵
  PID:8832
- C:\Windows\System\vjcUDxU.exe
  C:\Windows\System\vjcUDxU.exe
  2⤵
  PID:8860
- C:\Windows\System\kuZnSKV.exe
  C:\Windows\System\kuZnSKV.exe
  2⤵
  PID:8876
- C:\Windows\System\xFQgfWz.exe
  C:\Windows\System\xFQgfWz.exe
  2⤵
  PID:8904
- C:\Windows\System\XMeWjcy.exe
  C:\Windows\System\XMeWjcy.exe
  2⤵
  PID:8924
- C:\Windows\System\eCaHvkZ.exe
  C:\Windows\System\eCaHvkZ.exe
  2⤵
  PID:8944
- C:\Windows\System\oOkxaCa.exe
  C:\Windows\System\oOkxaCa.exe
  2⤵
  PID:8964
- C:\Windows\System\FXIvgmN.exe
  C:\Windows\System\FXIvgmN.exe
  2⤵
  PID:8984
- C:\Windows\System\hzTiJvl.exe
  C:\Windows\System\hzTiJvl.exe
  2⤵
  PID:9004
- C:\Windows\System\DByqNqU.exe
  C:\Windows\System\DByqNqU.exe
  2⤵
  PID:9024
- C:\Windows\System\YeOpReS.exe
  C:\Windows\System\YeOpReS.exe
  2⤵
  PID:9040
- C:\Windows\System\pInXmSz.exe
  C:\Windows\System\pInXmSz.exe
  2⤵
  PID:9056
- C:\Windows\System\PPHsQve.exe
  C:\Windows\System\PPHsQve.exe
  2⤵
  PID:9072
- C:\Windows\System\PKeIFev.exe
  C:\Windows\System\PKeIFev.exe
  2⤵
  PID:9088
- C:\Windows\System\BhnAzkv.exe
  C:\Windows\System\BhnAzkv.exe
  2⤵
  PID:9104
- C:\Windows\System\ypVnMSc.exe
  C:\Windows\System\ypVnMSc.exe
  2⤵
  PID:9124
- C:\Windows\System\jhMcyrn.exe
  C:\Windows\System\jhMcyrn.exe
  2⤵
  PID:9140
- C:\Windows\System\BzbJcAh.exe
  C:\Windows\System\BzbJcAh.exe
  2⤵
  PID:9164
- C:\Windows\System\wcLaLQI.exe
  C:\Windows\System\wcLaLQI.exe
  2⤵
  PID:9180
- C:\Windows\System\ISeTxcb.exe
  C:\Windows\System\ISeTxcb.exe
  2⤵
  PID:9204
- C:\Windows\System\PEArhMQ.exe
  C:\Windows\System\PEArhMQ.exe
  2⤵
  PID:6488
- C:\Windows\System\tMBufZA.exe
  C:\Windows\System\tMBufZA.exe
  2⤵
  PID:6640
- C:\Windows\System\PHREYRs.exe
  C:\Windows\System\PHREYRs.exe
  2⤵
  PID:6684
- C:\Windows\System\KgHBpoa.exe
  C:\Windows\System\KgHBpoa.exe
  2⤵
  PID:1672
- C:\Windows\System\avEoeiG.exe
  C:\Windows\System\avEoeiG.exe
  2⤵
  PID:7456
- C:\Windows\System\uAiSuup.exe
  C:\Windows\System\uAiSuup.exe
  2⤵
  PID:6852
- C:\Windows\System\SNngbHp.exe
  C:\Windows\System\SNngbHp.exe
  2⤵
  PID:4704
- C:\Windows\System\uxOxrDu.exe
  C:\Windows\System\uxOxrDu.exe
  2⤵
  PID:4720
- C:\Windows\System\WYosGDP.exe
  C:\Windows\System\WYosGDP.exe
  2⤵
  PID:4452
- C:\Windows\System\XBVWvxZ.exe
  C:\Windows\System\XBVWvxZ.exe
  2⤵
  PID:7096
- C:\Windows\System\RXlIGfl.exe
  C:\Windows\System\RXlIGfl.exe
  2⤵
  PID:4368
- C:\Windows\System\VHvhOkg.exe
  C:\Windows\System\VHvhOkg.exe
  2⤵
  PID:1324
- C:\Windows\System\tBYQsGa.exe
  C:\Windows\System\tBYQsGa.exe
  2⤵
  PID:7572
- C:\Windows\System\iEpJbzd.exe
  C:\Windows\System\iEpJbzd.exe
  2⤵
  PID:2920
- C:\Windows\System\UJXYZSO.exe
  C:\Windows\System\UJXYZSO.exe
  2⤵
  PID:5296
- C:\Windows\System\CTRLlhz.exe
  C:\Windows\System\CTRLlhz.exe
  2⤵
  PID:7640
- C:\Windows\System\KALWCuY.exe
  C:\Windows\System\KALWCuY.exe
  2⤵
  PID:6140
- C:\Windows\System\rlvEbzf.exe
  C:\Windows\System\rlvEbzf.exe
  2⤵
  PID:7492
- C:\Windows\System\VaQormU.exe
  C:\Windows\System\VaQormU.exe
  2⤵
  PID:6160
- C:\Windows\System\qfFYlen.exe
  C:\Windows\System\qfFYlen.exe
  2⤵
  PID:6220
- C:\Windows\System\pHUAHSn.exe
  C:\Windows\System\pHUAHSn.exe
  2⤵
  PID:7888
- C:\Windows\System\TeButGh.exe
  C:\Windows\System\TeButGh.exe
  2⤵
  PID:7920
- C:\Windows\System\lmHszbs.exe
  C:\Windows\System\lmHszbs.exe
  2⤵
  PID:8004
- C:\Windows\System\rJMqqev.exe
  C:\Windows\System\rJMqqev.exe
  2⤵
  PID:8084
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 8084 -s 160
    3⤵
    PID:11596
- C:\Windows\System\wDIWfJE.exe
  C:\Windows\System\wDIWfJE.exe
  2⤵
  PID:8176
- C:\Windows\System\SVcUxKW.exe
  C:\Windows\System\SVcUxKW.exe
  2⤵
  PID:6236
- C:\Windows\System\ETWTLYv.exe
  C:\Windows\System\ETWTLYv.exe
  2⤵
  PID:2664
- C:\Windows\System\DBNeprA.exe
  C:\Windows\System\DBNeprA.exe
  2⤵
  PID:6272
- C:\Windows\System\XirglFE.exe
  C:\Windows\System\XirglFE.exe
  2⤵
  PID:5980
- C:\Windows\System\XupWMYn.exe
  C:\Windows\System\XupWMYn.exe
  2⤵
  PID:8172
- C:\Windows\System\qFQQNGy.exe
  C:\Windows\System\qFQQNGy.exe
  2⤵
  PID:8108
- C:\Windows\System\ymLKNZd.exe
  C:\Windows\System\ymLKNZd.exe
  2⤵
  PID:7968
- C:\Windows\System\CARLGyh.exe
  C:\Windows\System\CARLGyh.exe
  2⤵
  PID:5812
- C:\Windows\System\yUuRLeF.exe
  C:\Windows\System\yUuRLeF.exe
  2⤵
  PID:1908
- C:\Windows\System\YqPsOUL.exe
  C:\Windows\System\YqPsOUL.exe
  2⤵
  PID:5632
- C:\Windows\System\TiKsUHM.exe
  C:\Windows\System\TiKsUHM.exe
  2⤵
  PID:5944
- C:\Windows\System\cyVrXIL.exe
  C:\Windows\System\cyVrXIL.exe
  2⤵
  PID:7612
- C:\Windows\System\GiAZEkI.exe
  C:\Windows\System\GiAZEkI.exe
  2⤵
  PID:7108
- C:\Windows\System\aKAXFhr.exe
  C:\Windows\System\aKAXFhr.exe
  2⤵
  PID:9228
- C:\Windows\System\GvXeWEl.exe
  C:\Windows\System\GvXeWEl.exe
  2⤵
  PID:9244
- C:\Windows\System\PaCQnTd.exe
  C:\Windows\System\PaCQnTd.exe
  2⤵
  PID:9268
- C:\Windows\System\hzicHAG.exe
  C:\Windows\System\hzicHAG.exe
  2⤵
  PID:9288
- C:\Windows\System\vqqqvYx.exe
  C:\Windows\System\vqqqvYx.exe
  2⤵
  PID:9308
- C:\Windows\System\eSObsFC.exe
  C:\Windows\System\eSObsFC.exe
  2⤵
  PID:9328
- C:\Windows\System\NlqWELV.exe
  C:\Windows\System\NlqWELV.exe
  2⤵
  PID:9348
- C:\Windows\System\TvYayda.exe
  C:\Windows\System\TvYayda.exe
  2⤵
  PID:9372
- C:\Windows\System\vvVLcNo.exe
  C:\Windows\System\vvVLcNo.exe
  2⤵
  PID:9392
- C:\Windows\System\BleFssv.exe
  C:\Windows\System\BleFssv.exe
  2⤵
  PID:9408
- C:\Windows\System\KJluaIK.exe
  C:\Windows\System\KJluaIK.exe
  2⤵
  PID:9432
- C:\Windows\System\XGufHSD.exe
  C:\Windows\System\XGufHSD.exe
  2⤵
  PID:9448
- C:\Windows\System\dzLDmfs.exe
  C:\Windows\System\dzLDmfs.exe
  2⤵
  PID:9488
- C:\Windows\System\AoSXbWp.exe
  C:\Windows\System\AoSXbWp.exe
  2⤵
  PID:9508
- C:\Windows\System\CJzfwnQ.exe
  C:\Windows\System\CJzfwnQ.exe
  2⤵
  PID:9528
- C:\Windows\System\vmpofaF.exe
  C:\Windows\System\vmpofaF.exe
  2⤵
  PID:9548
- C:\Windows\System\EHuMOis.exe
  C:\Windows\System\EHuMOis.exe
  2⤵
  PID:9568
- C:\Windows\System\qndOBUb.exe
  C:\Windows\System\qndOBUb.exe
  2⤵
  PID:9588
- C:\Windows\System\qVgaIQb.exe
  C:\Windows\System\qVgaIQb.exe
  2⤵
  PID:9604
- C:\Windows\System\mpLpgHI.exe
  C:\Windows\System\mpLpgHI.exe
  2⤵
  PID:9636
- C:\Windows\System\JfoDLBL.exe
  C:\Windows\System\JfoDLBL.exe
  2⤵
  PID:9652
- C:\Windows\System\UghoMYd.exe
  C:\Windows\System\UghoMYd.exe
  2⤵
  PID:9688
- C:\Windows\System\YSMTbKe.exe
  C:\Windows\System\YSMTbKe.exe
  2⤵
  PID:9712
- C:\Windows\System\yGQNZCD.exe
  C:\Windows\System\yGQNZCD.exe
  2⤵
  PID:9728
- C:\Windows\System\RrSPKxg.exe
  C:\Windows\System\RrSPKxg.exe
  2⤵
  PID:9752
- C:\Windows\System\MdklIsZ.exe
  C:\Windows\System\MdklIsZ.exe
  2⤵
  PID:9768
- C:\Windows\System\kfpxlWg.exe
  C:\Windows\System\kfpxlWg.exe
  2⤵
  PID:9796
- C:\Windows\System\zUzPPIy.exe
  C:\Windows\System\zUzPPIy.exe
  2⤵
  PID:9844
- C:\Windows\System\ftCOBPH.exe
  C:\Windows\System\ftCOBPH.exe
  2⤵
  PID:9860
- C:\Windows\System\dQBXCHc.exe
  C:\Windows\System\dQBXCHc.exe
  2⤵
  PID:9884
- C:\Windows\System\MdxIJiq.exe
  C:\Windows\System\MdxIJiq.exe
  2⤵
  PID:9904
- C:\Windows\System\tKZNmMs.exe
  C:\Windows\System\tKZNmMs.exe
  2⤵
  PID:9924
- C:\Windows\System\LbsCfvT.exe
  C:\Windows\System\LbsCfvT.exe
  2⤵
  PID:9940
- C:\Windows\System\cnypBgN.exe
  C:\Windows\System\cnypBgN.exe
  2⤵
  PID:9960
- C:\Windows\System\rlokvAx.exe
  C:\Windows\System\rlokvAx.exe
  2⤵
  PID:9976
- C:\Windows\System\mAGJdrB.exe
  C:\Windows\System\mAGJdrB.exe
  2⤵
  PID:9992
- C:\Windows\System\OoTZqsF.exe
  C:\Windows\System\OoTZqsF.exe
  2⤵
  PID:10008
- C:\Windows\System\bWaYtDI.exe
  C:\Windows\System\bWaYtDI.exe
  2⤵
  PID:10024
- C:\Windows\System\lvbMSWr.exe
  C:\Windows\System\lvbMSWr.exe
  2⤵
  PID:10052
- C:\Windows\System\yjpZtSc.exe
  C:\Windows\System\yjpZtSc.exe
  2⤵
  PID:10068
- C:\Windows\System\hkqVykp.exe
  C:\Windows\System\hkqVykp.exe
  2⤵
  PID:10088
- C:\Windows\System\kNlTcVt.exe
  C:\Windows\System\kNlTcVt.exe
  2⤵
  PID:10112
- C:\Windows\System\vrcbZsH.exe
  C:\Windows\System\vrcbZsH.exe
  2⤵
  PID:10128
- C:\Windows\System\wQQPsaP.exe
  C:\Windows\System\wQQPsaP.exe
  2⤵
  PID:10148
- C:\Windows\System\lCaoMay.exe
  C:\Windows\System\lCaoMay.exe
  2⤵
  PID:10172
- C:\Windows\System\tfoPirZ.exe
  C:\Windows\System\tfoPirZ.exe
  2⤵
  PID:10192
- C:\Windows\System\PKGVYMd.exe
  C:\Windows\System\PKGVYMd.exe
  2⤵
  PID:10212
- C:\Windows\System\zsOQBgk.exe
  C:\Windows\System\zsOQBgk.exe
  2⤵
  PID:10236
- C:\Windows\System\lHnQJDc.exe
  C:\Windows\System\lHnQJDc.exe
  2⤵
  PID:8308
- C:\Windows\System\bDmLWIs.exe
  C:\Windows\System\bDmLWIs.exe
  2⤵
  PID:5536
- C:\Windows\System\mNaDNun.exe
  C:\Windows\System\mNaDNun.exe
  2⤵
  PID:2872
- C:\Windows\System\DtrJbyb.exe
  C:\Windows\System\DtrJbyb.exe
  2⤵
  PID:4980
- C:\Windows\System\UyBtpLB.exe
  C:\Windows\System\UyBtpLB.exe
  2⤵
  PID:8632
- C:\Windows\System\QpbHgcJ.exe
  C:\Windows\System\QpbHgcJ.exe
  2⤵
  PID:8696
- C:\Windows\System\LqDlmHc.exe
  C:\Windows\System\LqDlmHc.exe
  2⤵
  PID:7316
- C:\Windows\System\YnSHJWC.exe
  C:\Windows\System\YnSHJWC.exe
  2⤵
  PID:4936
- C:\Windows\System\lOVaXCe.exe
  C:\Windows\System\lOVaXCe.exe
  2⤵
  PID:7904
- C:\Windows\System\DpCfiPG.exe
  C:\Windows\System\DpCfiPG.exe
  2⤵
  PID:8916
- C:\Windows\System\ZCNBRXN.exe
  C:\Windows\System\ZCNBRXN.exe
  2⤵
  PID:8960
- C:\Windows\System\QxkvYbl.exe
  C:\Windows\System\QxkvYbl.exe
  2⤵
  PID:9064
- C:\Windows\System\fPzXgBP.exe
  C:\Windows\System\fPzXgBP.exe
  2⤵
  PID:6736
- C:\Windows\System\SlopSsk.exe
  C:\Windows\System\SlopSsk.exe
  2⤵
  PID:3932
- C:\Windows\System\nwsqgGB.exe
  C:\Windows\System\nwsqgGB.exe
  2⤵
  PID:3444
- C:\Windows\System\eBEbykp.exe
  C:\Windows\System\eBEbykp.exe
  2⤵
  PID:1436
- C:\Windows\System\rgRwPma.exe
  C:\Windows\System\rgRwPma.exe
  2⤵
  PID:1704
- C:\Windows\System\jzaksMR.exe
  C:\Windows\System\jzaksMR.exe
  2⤵
  PID:10264
- C:\Windows\System\gTTfmRR.exe
  C:\Windows\System\gTTfmRR.exe
  2⤵
  PID:10280
- C:\Windows\System\aMdYMxC.exe
  C:\Windows\System\aMdYMxC.exe
  2⤵
  PID:10304
- C:\Windows\System\ONKKpXg.exe
  C:\Windows\System\ONKKpXg.exe
  2⤵
  PID:10324
- C:\Windows\System\KHQyuqy.exe
  C:\Windows\System\KHQyuqy.exe
  2⤵
  PID:10344
- C:\Windows\System\UBZmGKS.exe
  C:\Windows\System\UBZmGKS.exe
  2⤵
  PID:10416
- C:\Windows\System\mFHCofq.exe
  C:\Windows\System\mFHCofq.exe
  2⤵
  PID:10436
- C:\Windows\System\OzrddhD.exe
  C:\Windows\System\OzrddhD.exe
  2⤵
  PID:10456
- C:\Windows\System\wQuhJLZ.exe
  C:\Windows\System\wQuhJLZ.exe
  2⤵
  PID:10480
- C:\Windows\System\tOlfDWE.exe
  C:\Windows\System\tOlfDWE.exe
  2⤵
  PID:10496
- C:\Windows\System\stYUhVk.exe
  C:\Windows\System\stYUhVk.exe
  2⤵
  PID:10516
- C:\Windows\System\dTAwXXX.exe
  C:\Windows\System\dTAwXXX.exe
  2⤵
  PID:10536
- C:\Windows\System\oIlAxfa.exe
  C:\Windows\System\oIlAxfa.exe
  2⤵
  PID:10556
- C:\Windows\System\BaCnETw.exe
  C:\Windows\System\BaCnETw.exe
  2⤵
  PID:10576
- C:\Windows\System\EcHZiRP.exe
  C:\Windows\System\EcHZiRP.exe
  2⤵
  PID:10592
- C:\Windows\System\cILWoux.exe
  C:\Windows\System\cILWoux.exe
  2⤵
  PID:5088
- C:\Windows\System\FczIUVo.exe
  C:\Windows\System\FczIUVo.exe
  2⤵
  PID:7192
- C:\Windows\System\IjixObb.exe
  C:\Windows\System\IjixObb.exe
  2⤵
  PID:9444
- C:\Windows\System\dTxmeSt.exe
  C:\Windows\System\dTxmeSt.exe
  2⤵
  PID:9504
- C:\Windows\System\jSAUXeg.exe
  C:\Windows\System\jSAUXeg.exe
  2⤵
  PID:9612
- C:\Windows\System\LmZMWMK.exe
  C:\Windows\System\LmZMWMK.exe
  2⤵
  PID:4756
- C:\Windows\System\wwgaMFu.exe
  C:\Windows\System\wwgaMFu.exe
  2⤵
  PID:3488
- C:\Windows\System\hiwHzcO.exe
  C:\Windows\System\hiwHzcO.exe
  2⤵
  PID:9672
- C:\Windows\System\WeqJvAf.exe
  C:\Windows\System\WeqJvAf.exe
  2⤵
  PID:5612
- C:\Windows\System\GFhaHdt.exe
  C:\Windows\System\GFhaHdt.exe
  2⤵
  PID:7932
- C:\Windows\System\ViQXuSQ.exe
  C:\Windows\System\ViQXuSQ.exe
  2⤵
  PID:8560
- C:\Windows\System\NRqEEqX.exe
  C:\Windows\System\NRqEEqX.exe
  2⤵
  PID:9880
- C:\Windows\System\EFibugT.exe
  C:\Windows\System\EFibugT.exe
  2⤵
  PID:9972
- C:\Windows\System\rDLiNcO.exe
  C:\Windows\System\rDLiNcO.exe
  2⤵
  PID:10016
- C:\Windows\System\xUmLYmq.exe
  C:\Windows\System\xUmLYmq.exe
  2⤵
  PID:8756
- C:\Windows\System\VReCXtk.exe
  C:\Windows\System\VReCXtk.exe
  2⤵
  PID:1788
- C:\Windows\System\IRXdZpU.exe
  C:\Windows\System\IRXdZpU.exe
  2⤵
  PID:8300
- C:\Windows\System\MLYprIC.exe
  C:\Windows\System\MLYprIC.exe
  2⤵
  PID:2384
- C:\Windows\System\VFuOfen.exe
  C:\Windows\System\VFuOfen.exe
  2⤵
  PID:6624
- C:\Windows\System\hCMVxuI.exe
  C:\Windows\System\hCMVxuI.exe
  2⤵
  PID:1392
- C:\Windows\System\JHVRupy.exe
  C:\Windows\System\JHVRupy.exe
  2⤵
  PID:6104
- C:\Windows\System\OtjISzY.exe
  C:\Windows\System\OtjISzY.exe
  2⤵
  PID:8216
- C:\Windows\System\zuKZAhA.exe
  C:\Windows\System\zuKZAhA.exe
  2⤵
  PID:9240
- C:\Windows\System\IPwnkFh.exe
  C:\Windows\System\IPwnkFh.exe
  2⤵
  PID:9284
- C:\Windows\System\iayaxTf.exe
  C:\Windows\System\iayaxTf.exe
  2⤵
  PID:9336
- C:\Windows\System\nIvWzlx.exe
  C:\Windows\System\nIvWzlx.exe
  2⤵
  PID:9360
- C:\Windows\System\USvAVNp.exe
  C:\Windows\System\USvAVNp.exe
  2⤵
  PID:10432
- C:\Windows\System\NgrybDC.exe
  C:\Windows\System\NgrybDC.exe
  2⤵
  PID:10468
- C:\Windows\System\kFbOQWq.exe
  C:\Windows\System\kFbOQWq.exe
  2⤵
  PID:10524
- C:\Windows\System\MzUSYdz.exe
  C:\Windows\System\MzUSYdz.exe
  2⤵
  PID:9660
- C:\Windows\System\fficyRL.exe
  C:\Windows\System\fficyRL.exe
  2⤵
  PID:9748
- C:\Windows\System\OzJMZNF.exe
  C:\Windows\System\OzJMZNF.exe
  2⤵
  PID:9776
- C:\Windows\System\WvpWdsS.exe
  C:\Windows\System\WvpWdsS.exe
  2⤵
  PID:8476
- C:\Windows\System\abXGJVq.exe
  C:\Windows\System\abXGJVq.exe
  2⤵
  PID:8516
- C:\Windows\System\xDkhoyA.exe
  C:\Windows\System\xDkhoyA.exe
  2⤵
  PID:9836
- C:\Windows\System\cVQXIgj.exe
  C:\Windows\System\cVQXIgj.exe
  2⤵
  PID:9900
- C:\Windows\System\nTSSHys.exe
  C:\Windows\System\nTSSHys.exe
  2⤵
  PID:9916
- C:\Windows\System\pmewFXd.exe
  C:\Windows\System\pmewFXd.exe
  2⤵
  PID:10032
- C:\Windows\System\ufbRvOp.exe
  C:\Windows\System\ufbRvOp.exe
  2⤵
  PID:3660
- C:\Windows\System\qmKzrsp.exe
  C:\Windows\System\qmKzrsp.exe
  2⤵
  PID:11280
- C:\Windows\System\giYlbPo.exe
  C:\Windows\System\giYlbPo.exe
  2⤵
  PID:11296
- C:\Windows\System\WeguAhw.exe
  C:\Windows\System\WeguAhw.exe
  2⤵
  PID:11312
- C:\Windows\System\IWqjaaQ.exe
  C:\Windows\System\IWqjaaQ.exe
  2⤵
  PID:11328
- C:\Windows\System\iVknPxX.exe
  C:\Windows\System\iVknPxX.exe
  2⤵
  PID:11348
- C:\Windows\System\gWDZJuA.exe
  C:\Windows\System\gWDZJuA.exe
  2⤵
  PID:11364
- C:\Windows\System\IojCLRf.exe
  C:\Windows\System\IojCLRf.exe
  2⤵
  PID:11380
- C:\Windows\System\BFPEhzc.exe
  C:\Windows\System\BFPEhzc.exe
  2⤵
  PID:11396
- C:\Windows\System\keXQMnI.exe
  C:\Windows\System\keXQMnI.exe
  2⤵
  PID:11420
- C:\Windows\System\lBMVWFg.exe
  C:\Windows\System\lBMVWFg.exe
  2⤵
  PID:11440
- C:\Windows\System\uNwsrIa.exe
  C:\Windows\System\uNwsrIa.exe
  2⤵
  PID:11456
- C:\Windows\System\WYpTDHI.exe
  C:\Windows\System\WYpTDHI.exe
  2⤵
  PID:11472
- C:\Windows\System\zIilzLl.exe
  C:\Windows\System\zIilzLl.exe
  2⤵
  PID:11488
- C:\Windows\System\eJRVLto.exe
  C:\Windows\System\eJRVLto.exe
  2⤵
  PID:11504
- C:\Windows\System\bcouFOJ.exe
  C:\Windows\System\bcouFOJ.exe
  2⤵
  PID:11520
- C:\Windows\System\GPHZwRU.exe
  C:\Windows\System\GPHZwRU.exe
  2⤵
  PID:11536
- C:\Windows\System\PsmiXSD.exe
  C:\Windows\System\PsmiXSD.exe
  2⤵
  PID:11552
- C:\Windows\System\dAdCHLM.exe
  C:\Windows\System\dAdCHLM.exe
  2⤵
  PID:11568
- C:\Windows\System\NkTLXpT.exe
  C:\Windows\System\NkTLXpT.exe
  2⤵
  PID:11584
- C:\Windows\System\wPfwKpa.exe
  C:\Windows\System\wPfwKpa.exe
  2⤵
  PID:11600
- C:\Windows\System\lgLRKbo.exe
  C:\Windows\System\lgLRKbo.exe
  2⤵
  PID:11616
- C:\Windows\System\WIhwTvH.exe
  C:\Windows\System\WIhwTvH.exe
  2⤵
  PID:11636
- C:\Windows\System\HQZthSN.exe
  C:\Windows\System\HQZthSN.exe
  2⤵
  PID:11652
- C:\Windows\System\CLoOjuO.exe
  C:\Windows\System\CLoOjuO.exe
  2⤵
  PID:11672
- C:\Windows\System\EQwAsMa.exe
  C:\Windows\System\EQwAsMa.exe
  2⤵
  PID:11688
- C:\Windows\System\BBRepVp.exe
  C:\Windows\System\BBRepVp.exe
  2⤵
  PID:11704
- C:\Windows\System\WTQJPGi.exe
  C:\Windows\System\WTQJPGi.exe
  2⤵
  PID:11720
- C:\Windows\System\rstJbPC.exe
  C:\Windows\System\rstJbPC.exe
  2⤵
  PID:11736
- C:\Windows\System\QJQjZuQ.exe
  C:\Windows\System\QJQjZuQ.exe
  2⤵
  PID:11752
- C:\Windows\System\XoXbIzW.exe
  C:\Windows\System\XoXbIzW.exe
  2⤵
  PID:11772
- C:\Windows\System\igjGGum.exe
  C:\Windows\System\igjGGum.exe
  2⤵
  PID:11788
- C:\Windows\System\GdXKFPD.exe
  C:\Windows\System\GdXKFPD.exe
  2⤵
  PID:11808
- C:\Windows\System\rwPkxxT.exe
  C:\Windows\System\rwPkxxT.exe
  2⤵
  PID:11824
- C:\Windows\System\PIPYiUx.exe
  C:\Windows\System\PIPYiUx.exe
  2⤵
  PID:11844
- C:\Windows\System\SaFVTFS.exe
  C:\Windows\System\SaFVTFS.exe
  2⤵
  PID:11860
- C:\Windows\System\OlrVGAa.exe
  C:\Windows\System\OlrVGAa.exe
  2⤵
  PID:11880
- C:\Windows\System\LVKBwgn.exe
  C:\Windows\System\LVKBwgn.exe
  2⤵
  PID:11896
- C:\Windows\System\JGGKoUJ.exe
  C:\Windows\System\JGGKoUJ.exe
  2⤵
  PID:11912
- C:\Windows\System\xCbqvDr.exe
  C:\Windows\System\xCbqvDr.exe
  2⤵
  PID:11928
- C:\Windows\System\sBuxrlg.exe
  C:\Windows\System\sBuxrlg.exe
  2⤵
  PID:11944
- C:\Windows\System\xbbmjaV.exe
  C:\Windows\System\xbbmjaV.exe
  2⤵
  PID:11960
- C:\Windows\System\pKCFOFI.exe
  C:\Windows\System\pKCFOFI.exe
  2⤵
  PID:11980
- C:\Windows\System\ZMdTaEP.exe
  C:\Windows\System\ZMdTaEP.exe
  2⤵
  PID:11996
- C:\Windows\System\nuQzFBY.exe
  C:\Windows\System\nuQzFBY.exe
  2⤵
  PID:12028
- C:\Windows\System\AsDOXHj.exe
  C:\Windows\System\AsDOXHj.exe
  2⤵
  PID:12044
- C:\Windows\System\rwCjLNt.exe
  C:\Windows\System\rwCjLNt.exe
  2⤵
  PID:12064
- C:\Windows\System\NvdlZBX.exe
  C:\Windows\System\NvdlZBX.exe
  2⤵
  PID:12088
- C:\Windows\System\rCkCOAb.exe
  C:\Windows\System\rCkCOAb.exe
  2⤵
  PID:12112
- C:\Windows\System\gRprvjW.exe
  C:\Windows\System\gRprvjW.exe
  2⤵
  PID:12128
- C:\Windows\System\PobYbcs.exe
  C:\Windows\System\PobYbcs.exe
  2⤵
  PID:12148
- C:\Windows\System\phFQvBq.exe
  C:\Windows\System\phFQvBq.exe
  2⤵
  PID:12172
- C:\Windows\System\pNrlXbD.exe
  C:\Windows\System\pNrlXbD.exe
  2⤵
  PID:12192
- C:\Windows\System\KneKdtA.exe
  C:\Windows\System\KneKdtA.exe
  2⤵
  PID:12216
- C:\Windows\System\ckHvZmm.exe
  C:\Windows\System\ckHvZmm.exe
  2⤵
  PID:12232
- C:\Windows\System\AvBGplc.exe
  C:\Windows\System\AvBGplc.exe
  2⤵
  PID:12256
- C:\Windows\System\aKaSDHv.exe
  C:\Windows\System\aKaSDHv.exe
  2⤵
  PID:12284
- C:\Windows\System\SbMraGi.exe
  C:\Windows\System\SbMraGi.exe
  2⤵
  PID:8828
- C:\Windows\System\eMzvPAE.exe
  C:\Windows\System\eMzvPAE.exe
  2⤵
  PID:1936
- C:\Windows\System\CcMYopQ.exe
  C:\Windows\System\CcMYopQ.exe
  2⤵
  PID:9036
- C:\Windows\System\oocbObU.exe
  C:\Windows\System\oocbObU.exe
  2⤵
  PID:10200
- C:\Windows\System\JVVRiPa.exe
  C:\Windows\System\JVVRiPa.exe
  2⤵
  PID:12292
- C:\Windows\System\BRPRdYl.exe
  C:\Windows\System\BRPRdYl.exe
  2⤵
  PID:12312
- C:\Windows\System\xqvGBTQ.exe
  C:\Windows\System\xqvGBTQ.exe
  2⤵
  PID:12340
- C:\Windows\System\nyJXMou.exe
  C:\Windows\System\nyJXMou.exe
  2⤵
  PID:12356
- C:\Windows\System\LfUpYVa.exe
  C:\Windows\System\LfUpYVa.exe
  2⤵
  PID:12384
- C:\Windows\System\jaLgNHq.exe
  C:\Windows\System\jaLgNHq.exe
  2⤵
  PID:12400
- C:\Windows\System\blOFlfT.exe
  C:\Windows\System\blOFlfT.exe
  2⤵
  PID:12420
- C:\Windows\System\nDMmBWy.exe
  C:\Windows\System\nDMmBWy.exe
  2⤵
  PID:12460
- C:\Windows\System\sJlfQsB.exe
  C:\Windows\System\sJlfQsB.exe
  2⤵
  PID:12476
- C:\Windows\System\nyGCvPW.exe
  C:\Windows\System\nyGCvPW.exe
  2⤵
  PID:12508
- C:\Windows\System\fvTwhVu.exe
  C:\Windows\System\fvTwhVu.exe
  2⤵
  PID:12532
- C:\Windows\System\lHQBXMJ.exe
  C:\Windows\System\lHQBXMJ.exe
  2⤵
  PID:12548
- C:\Windows\System\YYmvbmM.exe
  C:\Windows\System\YYmvbmM.exe
  2⤵
  PID:12572
- C:\Windows\System\qfczAKG.exe
  C:\Windows\System\qfczAKG.exe
  2⤵
  PID:12600
- C:\Windows\System\zRlMtvQ.exe
  C:\Windows\System\zRlMtvQ.exe
  2⤵
  PID:12624
- C:\Windows\System\gssfaIK.exe
  C:\Windows\System\gssfaIK.exe
  2⤵
  PID:12648
- C:\Windows\System\wboKcyj.exe
  C:\Windows\System\wboKcyj.exe
  2⤵
  PID:12664
- C:\Windows\System\tCMDlUh.exe
  C:\Windows\System\tCMDlUh.exe
  2⤵
  PID:12680
- C:\Windows\System\McIznyQ.exe
  C:\Windows\System\McIznyQ.exe
  2⤵
  PID:12696
- C:\Windows\System\xvwHGwP.exe
  C:\Windows\System\xvwHGwP.exe
  2⤵
  PID:12712
- C:\Windows\System\ztPQSoW.exe
  C:\Windows\System\ztPQSoW.exe
  2⤵
  PID:12728
- C:\Windows\System\IYRocTR.exe
  C:\Windows\System\IYRocTR.exe
  2⤵
  PID:12744
- C:\Windows\System\YyWUYLe.exe
  C:\Windows\System\YyWUYLe.exe
  2⤵
  PID:12784
- C:\Windows\System\LrNSQmb.exe
  C:\Windows\System\LrNSQmb.exe
  2⤵
  PID:12824
- C:\Windows\System\uvYLgak.exe
  C:\Windows\System\uvYLgak.exe
  2⤵
  PID:12872
- C:\Windows\System\melKAOk.exe
  C:\Windows\System\melKAOk.exe
  2⤵
  PID:12892
- C:\Windows\System\zIvAfHH.exe
  C:\Windows\System\zIvAfHH.exe
  2⤵
  PID:12940
- C:\Windows\System\KXpXexc.exe
  C:\Windows\System\KXpXexc.exe
  2⤵
  PID:12992
- C:\Windows\System\JRgeHvi.exe
  C:\Windows\System\JRgeHvi.exe
  2⤵
  PID:13032
- C:\Windows\System\VhQWBxc.exe
  C:\Windows\System\VhQWBxc.exe
  2⤵
  PID:13064
- C:\Windows\System\OjXgjSJ.exe
  C:\Windows\System\OjXgjSJ.exe
  2⤵
  PID:13112
- C:\Windows\System\ixaNhBA.exe
  C:\Windows\System\ixaNhBA.exe
  2⤵
  PID:7092
- C:\Windows\System\LiIyqgX.exe
  C:\Windows\System\LiIyqgX.exe
  2⤵
  PID:8116
- C:\Windows\System\NTeiozB.exe
  C:\Windows\System\NTeiozB.exe
  2⤵
  PID:10336
- C:\Windows\System\AqWMVJJ.exe
  C:\Windows\System\AqWMVJJ.exe
  2⤵
  PID:8148
- C:\Windows\System\mPZazgK.exe
  C:\Windows\System\mPZazgK.exe
  2⤵
  PID:7716
- C:\Windows\System\HPdXGag.exe
  C:\Windows\System\HPdXGag.exe
  2⤵
  PID:7144
- C:\Windows\System\gahEHOv.exe
  C:\Windows\System\gahEHOv.exe
  2⤵
  PID:11080
- C:\Windows\System\JJPqyAT.exe
  C:\Windows\System\JJPqyAT.exe
  2⤵
  PID:5780
- C:\Windows\System\bTAsMLM.exe
  C:\Windows\System\bTAsMLM.exe
  2⤵
  PID:9424
- C:\Windows\System\ptIPytS.exe
  C:\Windows\System\ptIPytS.exe
  2⤵
  PID:9440
- C:\Windows\System\vtMUCJv.exe
  C:\Windows\System\vtMUCJv.exe
  2⤵
  PID:9736
- C:\Windows\System\AEcKuXL.exe
  C:\Windows\System\AEcKuXL.exe
  2⤵
  PID:9624
- C:\Windows\System\YcNZzUD.exe
  C:\Windows\System\YcNZzUD.exe
  2⤵
  PID:10672
- C:\Windows\System\lTAsWzS.exe
  C:\Windows\System\lTAsWzS.exe
  2⤵
  PID:9012
- C:\Windows\System\BtCjuuB.exe
  C:\Windows\System\BtCjuuB.exe
  2⤵
  PID:6828
- C:\Windows\System\indXark.exe
  C:\Windows\System\indXark.exe
  2⤵
  PID:4120
- C:\Windows\System\hWXWxVy.exe
  C:\Windows\System\hWXWxVy.exe
  2⤵
  PID:9648
- C:\Windows\System\lMbARue.exe
  C:\Windows\System\lMbARue.exe
  2⤵
  PID:5672
- C:\Windows\System\HxPlRXC.exe
  C:\Windows\System\HxPlRXC.exe
  2⤵
  PID:9724
- C:\Windows\System\wNeJrHT.exe
  C:\Windows\System\wNeJrHT.exe
  2⤵
  PID:9956
- C:\Windows\System\EKXtTOb.exe
  C:\Windows\System\EKXtTOb.exe
  2⤵
  PID:10120
- C:\Windows\System\xFqUHGi.exe
  C:\Windows\System\xFqUHGi.exe
  2⤵
  PID:11580
- C:\Windows\System\sWxtBrQ.exe
  C:\Windows\System\sWxtBrQ.exe
  2⤵
  PID:12884
- C:\Windows\System\pjLijrS.exe
  C:\Windows\System\pjLijrS.exe
  2⤵
  PID:2376
- C:\Windows\System\ntyexSZ.exe
  C:\Windows\System\ntyexSZ.exe
  2⤵
  PID:4908
- C:\Windows\System\ZewwZwY.exe
  C:\Windows\System\ZewwZwY.exe
  2⤵
  PID:7684
- C:\Windows\System\ZmGQDfQ.exe
  C:\Windows\System\ZmGQDfQ.exe
  2⤵
  PID:12516
- C:\Windows\System\SELGhNR.exe
  C:\Windows\System\SELGhNR.exe
  2⤵
  PID:3248
- C:\Windows\System\kRuQWcF.exe
  C:\Windows\System\kRuQWcF.exe
  2⤵
  PID:12328
- C:\Windows\System\OucvIdj.exe
  C:\Windows\System\OucvIdj.exe
  2⤵
  PID:6524
- C:\Windows\System\bvJDrEp.exe
  C:\Windows\System\bvJDrEp.exe
  2⤵
  PID:1000
- C:\Windows\System\dVDhIMn.exe
  C:\Windows\System\dVDhIMn.exe
  2⤵
  PID:9324
- C:\Windows\System\qkvEfgB.exe
  C:\Windows\System\qkvEfgB.exe
  2⤵
  PID:10784
- C:\Windows\System\JojCJYQ.exe
  C:\Windows\System\JojCJYQ.exe
  2⤵
  PID:11892
- C:\Windows\System\OMZKqRn.exe
  C:\Windows\System\OMZKqRn.exe
  2⤵
  PID:12228
- C:\Windows\System\eeXpJSc.exe
  C:\Windows\System\eeXpJSc.exe
  2⤵
  PID:10884
- C:\Windows\System\iWUTQTv.exe
  C:\Windows\System\iWUTQTv.exe
  2⤵
  PID:12472
- C:\Windows\System\OrEVJXp.exe
  C:\Windows\System\OrEVJXp.exe
  2⤵
  PID:10948
- C:\Windows\System\xfGerRt.exe
  C:\Windows\System\xfGerRt.exe
  2⤵
  PID:7076
- C:\Windows\System\OZRwvoG.exe
  C:\Windows\System\OZRwvoG.exe
  2⤵
  PID:11228
- C:\Windows\System\IQAQyZG.exe
  C:\Windows\System\IQAQyZG.exe
  2⤵
  PID:12672
- C:\Windows\System\FxTaswF.exe
  C:\Windows\System\FxTaswF.exe
  2⤵
  PID:12720
- C:\Windows\System\tSxJjwo.exe
  C:\Windows\System\tSxJjwo.exe
  2⤵
  PID:3896
- C:\Windows\System\KvYHLVo.exe
  C:\Windows\System\KvYHLVo.exe
  2⤵
  PID:11236
- C:\Windows\System\qcAVXcW.exe
  C:\Windows\System\qcAVXcW.exe
  2⤵
  PID:2796
- C:\Windows\System\WgYLSqq.exe
  C:\Windows\System\WgYLSqq.exe
  2⤵
  PID:12912
- C:\Windows\System\qPzPTuG.exe
  C:\Windows\System\qPzPTuG.exe
  2⤵
  PID:10220
- C:\Windows\System\EtgFiUt.exe
  C:\Windows\System\EtgFiUt.exe
  2⤵
  PID:12012
- C:\Windows\System\FCnmmaq.exe
  C:\Windows\System\FCnmmaq.exe
  2⤵
  PID:12588
- C:\Windows\System\AsFFyEn.exe
  C:\Windows\System\AsFFyEn.exe
  2⤵
  PID:8592
- C:\Windows\System\ypzjhDL.exe
  C:\Windows\System\ypzjhDL.exe
  2⤵
  PID:12968
- C:\Windows\System\AqUjlcx.exe
  C:\Windows\System\AqUjlcx.exe
  2⤵
  PID:11820
- C:\Windows\System\DQAfdEo.exe
  C:\Windows\System\DQAfdEo.exe
  2⤵
  PID:8672
- C:\Windows\System\fTruyXj.exe
  C:\Windows\System\fTruyXj.exe
  2⤵
  PID:11668
- C:\Windows\System\pCByGOA.exe
  C:\Windows\System\pCByGOA.exe
  2⤵
  PID:9388
- C:\Windows\System\fuObZxl.exe
  C:\Windows\System\fuObZxl.exe
  2⤵
  PID:9172
- C:\Windows\System\JnEwepB.exe
  C:\Windows\System\JnEwepB.exe
  2⤵
  PID:9156
- C:\Windows\System\qEkJuBH.exe
  C:\Windows\System\qEkJuBH.exe
  2⤵
  PID:8900
- C:\Windows\System\fWvipQz.exe
  C:\Windows\System\fWvipQz.exe
  2⤵
  PID:2864
- C:\Windows\System\ctwjYjh.exe
  C:\Windows\System\ctwjYjh.exe
  2⤵
  PID:11516
- C:\Windows\System\JYRfXMS.exe
  C:\Windows\System\JYRfXMS.exe
  2⤵
  PID:12568
- C:\Windows\System\aPezUoo.exe
  C:\Windows\System\aPezUoo.exe
  2⤵
  PID:10276
- C:\Windows\System\sEAmUct.exe
  C:\Windows\System\sEAmUct.exe
  2⤵
  PID:12660
- C:\Windows\System\klcYaiL.exe
  C:\Windows\System\klcYaiL.exe
  2⤵
  PID:10572
- C:\Windows\System\CSHonBq.exe
  C:\Windows\System\CSHonBq.exe
  2⤵
  PID:11628
- C:\Windows\System\BmYbpJH.exe
  C:\Windows\System\BmYbpJH.exe
  2⤵
  PID:8868
- C:\Windows\System\DtTtoKN.exe
  C:\Windows\System\DtTtoKN.exe
  2⤵
  PID:10184
- C:\Windows\System\krwovGz.exe
  C:\Windows\System\krwovGz.exe
  2⤵
  PID:6200
- C:\Windows\System\PPRPgWP.exe
  C:\Windows\System\PPRPgWP.exe
  2⤵
  PID:12920
- C:\Windows\System\VHmxOUV.exe
  C:\Windows\System\VHmxOUV.exe
  2⤵
  PID:11868
- C:\Windows\System\ZCeuDqb.exe
  C:\Windows\System\ZCeuDqb.exe
  2⤵
  PID:12708
- C:\Windows\System\oXnPobZ.exe
  C:\Windows\System\oXnPobZ.exe
  2⤵
  PID:8464
- C:\Windows\System\slkYikZ.exe
  C:\Windows\System\slkYikZ.exe
  2⤵
  PID:11484
- C:\Windows\System\UUdgHJp.exe
  C:\Windows\System\UUdgHJp.exe
  2⤵
  PID:5264
- C:\Windows\System\LXkViDO.exe
  C:\Windows\System\LXkViDO.exe
  2⤵
  PID:11832
- C:\Windows\System\KWfBngP.exe
  C:\Windows\System\KWfBngP.exe
  2⤵
  PID:12544
- C:\Windows\System\Jnfyleh.exe
  C:\Windows\System\Jnfyleh.exe
  2⤵
  PID:9476
- C:\Windows\System\LsxHlfm.exe
  C:\Windows\System\LsxHlfm.exe
  2⤵
  PID:12636
- C:\Windows\System\QAuBuxB.exe
  C:\Windows\System\QAuBuxB.exe
  2⤵
  PID:3928
- C:\Windows\System\IUiGrUY.exe
  C:\Windows\System\IUiGrUY.exe
  2⤵
  PID:7164
- C:\Windows\System\jPAqMfU.exe
  C:\Windows\System\jPAqMfU.exe
  2⤵
  PID:10248
- C:\Windows\System\LqxjXFJ.exe
  C:\Windows\System\LqxjXFJ.exe
  2⤵
  PID:1008
- C:\Windows\System\XXyilBf.exe
  C:\Windows\System\XXyilBf.exe
  2⤵
  PID:11172
- C:\Windows\System\KnYyMtf.exe
  C:\Windows\System\KnYyMtf.exe
  2⤵
  PID:9456
- C:\Windows\System\eiTUlNy.exe
  C:\Windows\System\eiTUlNy.exe
  2⤵
  PID:4848
- C:\Windows\System\RDnKXOz.exe
  C:\Windows\System\RDnKXOz.exe
  2⤵
  PID:12372
- C:\Windows\System\EfMLSGq.exe
  C:\Windows\System\EfMLSGq.exe
  2⤵
  PID:9084
- C:\Windows\System\SfzwWwT.exe
  C:\Windows\System\SfzwWwT.exe
  2⤵
  PID:6440
- C:\Windows\System\CkkyoFV.exe
  C:\Windows\System\CkkyoFV.exe
  2⤵
  PID:11784
- C:\Windows\System\VKuPOJB.exe
  C:\Windows\System\VKuPOJB.exe
  2⤵
  PID:10408
- C:\Windows\System\sGNeMyg.exe
  C:\Windows\System\sGNeMyg.exe
  2⤵
  PID:4792
- C:\Windows\System\jRdGGJN.exe
  C:\Windows\System\jRdGGJN.exe
  2⤵
  PID:7796
- C:\Windows\System\rZvxzZj.exe
  C:\Windows\System\rZvxzZj.exe
  2⤵
  PID:12520
- C:\Windows\System\ktxLqOR.exe
  C:\Windows\System\ktxLqOR.exe
  2⤵
  PID:1852
- C:\Windows\System\EgyIWAE.exe
  C:\Windows\System\EgyIWAE.exe
  2⤵
  PID:11596
- C:\Windows\System\gcrfFkh.exe
  C:\Windows\System\gcrfFkh.exe
  2⤵
  PID:10916
- C:\Windows\System\WRpvHcB.exe
  C:\Windows\System\WRpvHcB.exe
  2⤵
  PID:7900
- C:\Windows\System\irYKBdg.exe
  C:\Windows\System\irYKBdg.exe
  2⤵
  PID:4468
- C:\Windows\System\HjVddNJ.exe
  C:\Windows\System\HjVddNJ.exe
  2⤵
  PID:11684
- C:\Windows\System\xOMTpYw.exe
  C:\Windows\System\xOMTpYw.exe
  2⤵
  PID:2424
- C:\Windows\System\VvMdvpb.exe
  C:\Windows\System\VvMdvpb.exe
  2⤵
  PID:688
- C:\Windows\System\HpBLjFb.exe
  C:\Windows\System\HpBLjFb.exe
  2⤵
  PID:1624
- C:\Windows\System\sCbKjdK.exe
  C:\Windows\System\sCbKjdK.exe
  2⤵
  PID:13324
- C:\Windows\System\pZdtzKp.exe
  C:\Windows\System\pZdtzKp.exe
  2⤵
  PID:13344
- C:\Windows\System\fHDDBXV.exe
  C:\Windows\System\fHDDBXV.exe
  2⤵
  PID:13624
- C:\Windows\System\ftbTtmH.exe
  C:\Windows\System\ftbTtmH.exe
  2⤵
  PID:13640
- C:\Windows\System\thGEmSM.exe
  C:\Windows\System\thGEmSM.exe
  2⤵
  PID:13656
- C:\Windows\System\jpxBfHw.exe
  C:\Windows\System\jpxBfHw.exe
  2⤵
  PID:13676
- C:\Windows\System\PrbYyMb.exe
  C:\Windows\System\PrbYyMb.exe
  2⤵
  PID:13696
- C:\Windows\System\GnenJrv.exe
  C:\Windows\System\GnenJrv.exe
  2⤵
  PID:13716
- C:\Windows\System\CPwryHc.exe
  C:\Windows\System\CPwryHc.exe
  2⤵
  PID:13736
- C:\Windows\System\iPTmAet.exe
  C:\Windows\System\iPTmAet.exe
  2⤵
  PID:13752
- C:\Windows\System\YcQLIZd.exe
  C:\Windows\System\YcQLIZd.exe
  2⤵
  PID:13784
- C:\Windows\System\VEyJran.exe
  C:\Windows\System\VEyJran.exe
  2⤵
  PID:13808
- C:\Windows\System\uoKKgmz.exe
  C:\Windows\System\uoKKgmz.exe
  2⤵
  PID:13828
- C:\Windows\System\nCdPYIn.exe
  C:\Windows\System\nCdPYIn.exe
  2⤵
  PID:13860
- C:\Windows\System\oDBoomy.exe
  C:\Windows\System\oDBoomy.exe
  2⤵
  PID:13892
- C:\Windows\System\NNKzgqC.exe
  C:\Windows\System\NNKzgqC.exe
  2⤵
  PID:13912
- C:\Windows\System\fEIyCzd.exe
  C:\Windows\System\fEIyCzd.exe
  2⤵
  PID:13928
- C:\Windows\System\SvVTnCs.exe
  C:\Windows\System\SvVTnCs.exe
  2⤵
  PID:13956
- C:\Windows\System\vDwFONE.exe
  C:\Windows\System\vDwFONE.exe
  2⤵
  PID:13972
- C:\Windows\System\JOWCPYs.exe
  C:\Windows\System\JOWCPYs.exe
  2⤵
  PID:13992
- C:\Windows\System\fiDwphE.exe
  C:\Windows\System\fiDwphE.exe
  2⤵
  PID:14020
- C:\Windows\System\yFUpObz.exe
  C:\Windows\System\yFUpObz.exe
  2⤵
  PID:14044
- C:\Windows\System\KKcwzXC.exe
  C:\Windows\System\KKcwzXC.exe
  2⤵
  PID:14256
- C:\Windows\System\baIOLPc.exe
  C:\Windows\System\baIOLPc.exe
  2⤵
  PID:14272
- C:\Windows\System\odGnyOd.exe
  C:\Windows\System\odGnyOd.exe
  2⤵
  PID:14292
- C:\Windows\System\HVvdlec.exe
  C:\Windows\System\HVvdlec.exe
  2⤵
  PID:12416
- C:\Windows\System\eMgTcIM.exe
  C:\Windows\System\eMgTcIM.exe
  2⤵
  PID:11940
- C:\Windows\System\kiZqEdO.exe
  C:\Windows\System\kiZqEdO.exe
  2⤵
  PID:9300
- C:\Windows\System\NWwfTIu.exe
  C:\Windows\System\NWwfTIu.exe
  2⤵
  PID:4000
- C:\Windows\System\mWJWXtU.exe
  C:\Windows\System\mWJWXtU.exe
  2⤵
  PID:12408
- C:\Windows\System\GKgzXKK.exe
  C:\Windows\System\GKgzXKK.exe
  2⤵
  PID:13072
- C:\Windows\System\NjLZtpt.exe
  C:\Windows\System\NjLZtpt.exe
  2⤵
  PID:13128
- C:\Windows\System\HisOJOq.exe
  C:\Windows\System\HisOJOq.exe
  2⤵
  PID:12764
- C:\Windows\System\NbiVJxz.exe
  C:\Windows\System\NbiVJxz.exe
  2⤵
  PID:4784
- C:\Windows\System\pNJsmRY.exe
  C:\Windows\System\pNJsmRY.exe
  2⤵
  PID:9220
- C:\Windows\System\gbvtmDy.exe
  C:\Windows\System\gbvtmDy.exe
  2⤵
  PID:4340
- C:\Windows\System\IAdmVim.exe
  C:\Windows\System\IAdmVim.exe
  2⤵
  PID:13340
- C:\Windows\System\HsfTkIx.exe
  C:\Windows\System\HsfTkIx.exe
  2⤵
  PID:13428
- C:\Windows\System\SAsjKJY.exe
  C:\Windows\System\SAsjKJY.exe
  2⤵
  PID:13452
- C:\Windows\System\QwcBWLm.exe
  C:\Windows\System\QwcBWLm.exe
  2⤵
  PID:13456
- C:\Windows\System\wIiQVvS.exe
  C:\Windows\System\wIiQVvS.exe
  2⤵
  PID:13488
- C:\Windows\System\baTmpbq.exe
  C:\Windows\System\baTmpbq.exe
  2⤵
  PID:13512
- C:\Windows\System\BITHvTi.exe
  C:\Windows\System\BITHvTi.exe
  2⤵
  PID:9200
- C:\Windows\System\EHSLieN.exe
  C:\Windows\System\EHSLieN.exe
  2⤵
  PID:7884
- C:\Windows\System\hggUeyR.exe
  C:\Windows\System\hggUeyR.exe
  2⤵
  PID:6480
- C:\Windows\System\bFoJMYN.exe
  C:\Windows\System\bFoJMYN.exe
  2⤵
  PID:13224
- C:\Windows\System\icBjJfd.exe
  C:\Windows\System\icBjJfd.exe
  2⤵
  PID:13044
- C:\Windows\System\FCQhgee.exe
  C:\Windows\System\FCQhgee.exe
  2⤵
  PID:5428
- C:\Windows\System\apkTTSu.exe
  C:\Windows\System\apkTTSu.exe
  2⤵
  PID:14100
- C:\Windows\System\rudaHoo.exe
  C:\Windows\System\rudaHoo.exe
  2⤵
  PID:14140
- C:\Windows\System\wQDWlWX.exe
  C:\Windows\System\wQDWlWX.exe
  2⤵
  PID:14308
- C:\Windows\System\FemwEbk.exe
  C:\Windows\System\FemwEbk.exe
  2⤵
  PID:14248

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3140

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:14008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_x1tyydag.ble.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\FKJHQUn.exe

Filesize
974KB

MD5
1b43745154f4553ee26ab26367358fc8

SHA1
4042899b94e6dfbfd02d7909913fe02a825541f9

SHA256
0db2ffd87a7307a35398a1427c4006f55fd5dcea9f0399d56daeae69990b3746

SHA512
30c32f08618c5fd6fd7a5456cd24f3c76548b8c64372ddec511c84cf2efbc316fb8da91a1ee7ab99981ffae22df82eeaa02836eb284ca59cf4b94a88c1e51493

Download Submit
C:\Windows\System\FsazFAF.exe

Filesize
978KB

MD5
fc15b70809f2e3479fdc93628cc322e1

SHA1
0e60f74a0ba0947c76a60d2bb4004b0478fa32e9

SHA256
4487df8aed3cfa0099c3615b5359cda28986be2d45b5df035b314a3abcccd0a5

SHA512
cd0888f7688868cf659334a19711d24f6a1a2ec49340a77104a870c4e0d9f9eefb9a81b723777a1ca22c0a48e2bf955fdb0f94266353139ab755408c8c610ca5

Download Submit
C:\Windows\System\IkXyEoB.exe

Filesize
8B

MD5
8be9e46361350d736a6e40817f4a5fd0

SHA1
29a6ea672fff4dbe94ce85d64bac95f6329ad278

SHA256
09d8e1162399d5101e668890b281756e9e90a3b57f5096a5401529b8cf8ab474

SHA512
2fe1a48a306a5a0e8958f0e4036f28d14f45faa8bbcc2b11e3298de8119d1f48984e8deb856290966453f639d25d2173a1de51632ba52a36cc5a939a1e9387e2

Download Submit
C:\Windows\System\KnmOynq.exe

Filesize
978KB

MD5
51509ddf83bf26afef7691ae7e641b24

SHA1
3567534b9c015e615d7d27f87071c8c12ff994d9

SHA256
7cf5029d7b6e82f39a8456cf085a9dc1c54c77a4696c5446f2ae9546c74b09a1

SHA512
0ed69611646a22406056cbb4a1c11a153271aef8edd2cc7f75cf305cae64e3fbb5c5846c6fe821ec24dceaf380eafa7b13f26f92376c54ca4e43a4d8093767ac

Download Submit
C:\Windows\System\KrtyFHt.exe

Filesize
975KB

MD5
1eecc71eb615873d938e5d8720c988e0

SHA1
476b4eb9123ae95477819209425f877b645d78b4

SHA256
817d15a07940e8c98d98f3bb215ab257954f210866f3831bd90c8570098793f5

SHA512
71c5b6a521c4c2e59ce92d77305bfa4a2126f4cc18ed755f6ef359811b97b48d2166bc7070415dc5afcd320291e299b2900482f69d87ac7aca0d27ce6e36f276

Download Submit
C:\Windows\System\MHhBfWo.exe

Filesize
975KB

MD5
b18951feda2cda8580c84fb09e00801f

SHA1
d4cae1e46af0a485f6891ce0f1c77e02e54a3c0a

SHA256
b7d27dcfe0061dc1c659c7cc2cf37fe4a1b4ee6af39339026e48ee1e99566c29

SHA512
5715bbb67c3fd7bc6f9bd93a5da1ea739174aa3373efa54f8c3a4d97dd5e6af28c1f60ffaeccc243203d0345adc3fc66ffdae002d3e1b1a64c8eff2fc1a85526

Download Submit
C:\Windows\System\NnGAVVy.exe

Filesize
975KB

MD5
e1b7c3e5a0ff92083ab3ce2cad8594a5

SHA1
a4ab143eca5e45f0a1161e9aa47fc51333793398

SHA256
1edb99fbb6c451e54c5c633efcedd60b054ea963418d6456963a7d1df36b85b3

SHA512
133c6417c89860c8bdbd6c6e0ef3d96ebd3a7a10743ec02d91ea7af3711c23741b130965ab3f467a2bf5ad2f0c31e7cb46b12f6a33d67373f0cf6d13b2fad9b8

Download Submit
C:\Windows\System\Tacbnnn.exe

Filesize
974KB

MD5
abee80076d73e5b20b2fd0cf89476f71

SHA1
767d50b60dbac8616a477e3aef1460b37448f91a

SHA256
2987addf2c0a959fdab27774a1adafb45507fd4ab74b48cef0e2cb849ad2529d

SHA512
05fa907fde0920c393edeac2bbf874241ab4541762ce7232540cfc94075de87c191a5936a74d18bbbb7b34879b71b5b75955a71cb4e002761dc08841f6365077

Download Submit
C:\Windows\System\TnTXKXd.exe

Filesize
983KB

MD5
8175ad04815427ce48fdcc98d9f83fa6

SHA1
789e13dd3c423b1f0aa79356b6ff12109540902b

SHA256
afc4ad560fd6312d5c83d29e5110a3c55b84b0ca7cc26567a2a285a6d8dc314e

SHA512
2a03453d9c405d55eb61e69d40167162def6dddb3bd92aefdf38d770722a64c0c318a479360ee91777a62f3a8dddb986c06bb52a3c7d80da26b0b597b44ac847

Download Submit
C:\Windows\System\TpESiPU.exe

Filesize
979KB

MD5
0fd9d3dec678c517fbe11f4ba3cd26bd

SHA1
66eb2a3c25d8057a4f686b666fb71bc0c08c1129

SHA256
32a03b72fa2c62dfd5bd49ef3dfd2d17fbd92944cc8a5a2bc657f687da2f9817

SHA512
5a79df4e18bd476a05db7f4596239e09acb6f203c266460dee200b3537b180431d6851c58b2d610f174626826ff2de7261caca7e43180f2fab28192be1649def

Download Submit
C:\Windows\System\UKbtrkX.exe

Filesize
976KB

MD5
ca173565494e0c37a74a25c1ca6ca65b

SHA1
055339c4cecdc46adc4cb9b4e568f9c17392652f

SHA256
7dd1cc5bb4e18f8b0ad3d6e74e93f817cb60a05d4e8c7e40028145a4a27a5f4b

SHA512
2f4d1f7a48824ff590594232053fe7027c800813d60f61e5c0b640445dd79ff78c923de6e8b4d145aefeb6b45175b9d91b9322b46ef0ae62f828adcf82c604a2

Download Submit
C:\Windows\System\VMKTdCf.exe

Filesize
982KB

MD5
34a067caabc3884fe2485dc23c170218

SHA1
a8e2cf12b009064d018099b8c084ce4ecce0482c

SHA256
7b7a09ef3c82b70beb1e46179216596ea95eea3e5f80acff58d04e50b251f46b

SHA512
61deb82834921a5a05a1be5591ce3f7babe98f04086f18569986c567c78411bd3cb1461da54039852339273b6fc49b44b1ca0f3ddaf22803f40477af0aae7e7c

Download Submit
C:\Windows\System\VwyeMED.exe

Filesize
973KB

MD5
dc662c43e34fc6261b603cc32462e78d

SHA1
1b666d364ccb79f6328bdda73b10325f7259778e

SHA256
6aa72705da7611ee2eabc9e972235d28d72a35c96516fa11a07f10da587bfc18

SHA512
4a2754303d91f471c44dd116a56fe51a7d5a9c81f6bff218050ecc504355526b5b7d2e2ad7dcdb119a89a6b972dbb30c155ead614c71353cff3779e2499fe104

Download Submit
C:\Windows\System\XcImiRn.exe

Filesize
982KB

MD5
4578f17d63cb76aa23d1b89ec6e7bc34

SHA1
943ee0ad671d08cd2243e68fff11b549bad98d09

SHA256
28b6c0b10c04332d8a7413713fce6d9ddd563954c552fab042d4f7cbd7863783

SHA512
50fe9be77a48a8c36d00d3ae0db1be1fc6300471e65857b0c6f9039a82da5476c7367a4e359a3fe1394c15648f1b333887c56ce9917727bd347396f2f376ce9c

Download Submit
C:\Windows\System\YMpaJJg.exe

Filesize
977KB

MD5
f92628beef0eea2acae8432231e8483a

SHA1
fc383389b427e967c226959982b0c060c0554408

SHA256
7f2144bd092be65698748446fd394ea2f7bc67adb6fc66f735e8a4ee2ab757c5

SHA512
d2e0a3f67f81de9b52c4ec7f27515ebea6e9f459dfe3d9eb5f0a43f626e3c987d9cd5c5f56a49ef079e31a9d27a6e3394f0ed539be15c07115361ca262a4fd23

Download Submit
C:\Windows\System\ZEutSRW.exe

Filesize
980KB

MD5
51e732d063593fe28a01578aca0266c7

SHA1
b21418b4fbc4b54dba7bf776edeaa8ac8501fb3d

SHA256
67311a2ff3d75f63ec3e484886d442facb8af2d0d3fa312c9f4ccc4b153f87a2

SHA512
5676b8e6e5fa8d2a5b146cf3ae31645b1077590f0ffdd46f3f45136592ee5eedb68ca4eee4149685d24409972ba8a1cd21a55c0f4ea75be8b175d1130aecc0ba

Download Submit
C:\Windows\System\aDIelaJ.exe

Filesize
979KB

MD5
68479eadbe8fb57214f97a8430f9d7cd

SHA1
5f5965613f3b3ed77c0c067f4f7457cdd1aab378

SHA256
63b93a6b1dcca0ebf2dc2630440b40ad3317f1dcff40f124dd7301243a8a1890

SHA512
068061070df66787b5daa63f6f2337595ea0f30086c818e7854fdcc226469e2ece53564e2bed12ed3809055b1139215bf1cb457d3a6565251e3d5234b736e31f

Download Submit
C:\Windows\System\amhmlLZ.exe

Filesize
981KB

MD5
8788f3a9a35b62668e6dbeac44434006

SHA1
94698abb24d2f3fb9f7cb91ca1d08de160f3078a

SHA256
02e7dbda0a6ab0a835a2cc72f3937b36b2143b9c7b87c6b3aba4df294e582fd8

SHA512
0fabaecc904669694e0d657f2c60c6dddc65663b6d7abf035a48bf2cbe6f068cadf05b606708ea87ee378111a326c80008561a71257939ac7e08e9001dae4e1f

Download Submit
C:\Windows\System\gbuQUuB.exe

Filesize
980KB

MD5
bf1dbfaf13166bb69d91b631d4b084b0

SHA1
62165fe7ee8095dd1d0f91ba25ec5bdf94eb9a59

SHA256
e67474eb926850b9395afb5587c7f27ea4cb93976606a0d9fede6d4ba83d68d7

SHA512
2eb8d579a3872cba6086e47a55c735b0c972a237db21a3394d160c1af20b64cbdb442ed51a17b00aeaa66e005ff0454e8efe67dc62b83b6b911ecf7a531e683e

Download Submit
C:\Windows\System\hRCCyrr.exe

Filesize
976KB

MD5
2eeed17dc5c2623dd0fb6d013619b25a

SHA1
95602ce439c0b201560e031f2838971f29dadbf1

SHA256
588c165d3a5aae6bf739c4af31da33742ca9815c6798835aa0e55760acbb1808

SHA512
8ba973bc2275ef23332a20d7d706ded68cb0805d157caac63f880d4b42f468888c08e30e6bea4602f77d74a3c0fb97b7e0cd3e02aeac0ce4af45e73efbf3d1fe

Download Submit
C:\Windows\System\iQPxbZz.exe

Filesize
981KB

MD5
ba6f1b00e4156bad58c0e8eb4955f88e

SHA1
97c534ed2b7277391c1ca393039afc109642cbcd

SHA256
40818cd7071f16404df9fd463d028b812600558246528caafc6836d5457e413e

SHA512
074a3da7208b496599003b971a58088cfbbd6a261fb0bd7233ee81c39701f1d9d91910853008e3609dbf102d266665907872b47d9bffa0133cfda251a3ab4819

Download Submit
C:\Windows\System\ifNZMNv.exe

Filesize
981KB

MD5
381f24deffecef2e60e0c3131b24b713

SHA1
4b8cb7d7568b908579ef47c285a71bd87b79acfc

SHA256
d25c59c2ec64a381dc34f496509ec1a6d8c0876ff44351d8ac34ef0e34a62a7f

SHA512
ac4c64925f033c216d47a5f8e5242110a7c2f90c54d08bec0a2cc8fc4831d0724c8b6d5127cffd6ca452216a9217cc9474f48a3200a5c96b8b4f4b92517512a5

Download Submit
C:\Windows\System\iyRNnCV.exe

Filesize
982KB

MD5
29b9bbcf08f76d4d5c6c4dbb2e515261

SHA1
27b2bc7967514e1e15e9b7e5ad1218a22470bfdd

SHA256
cb60f26f6e349cb1c663b069fc02e6d5fe2f3db104e02687f9dd123ad5d47a0c

SHA512
141bb51e25a632f5dc34df3671daa82b406fdff2a6b692eba2a8cbaaf16983b8383cf9d75864122733c63ca5780ef8f2773a7c6c672c2d2dc7cee0a1cc6eb082

Download Submit
C:\Windows\System\kVpGCjJ.exe

Filesize
979KB

MD5
8471c8afdd3197883245c306c979ce06

SHA1
9750756387be3956a2b313c4c43ae797ca98e481

SHA256
10c5fe1f771f0ac79cf9a18bba030ec7689247e6fcc9ef41d418ce2662b7ba33

SHA512
ba14273fc92cb5c971b192611c64377047c84bcc50e41328f8530b773ac6b5bd71daa34fabeadb9928f0e378fbc6126c26363538c2b4ab0ade4c2a170a432ad4

Download Submit
C:\Windows\System\lMZIhkg.exe

Filesize
978KB

MD5
7a187ae849db84d8fc4b87c08a71afb8

SHA1
6f65baec1a667783fb4929c972114f9ff16b845a

SHA256
971efecfdbe6f7ad445d0ea0eb5f9199ce5e9944e1594b5b80d53bf0a1bc8c8b

SHA512
f75925e159fdc6eaa1b91a4b9ca222f01a50dc11078b0d07ebde71a20eba391bc34e55f543ceca38bbd154ba978316a7b473e4e9e1afbaf4a9e2046e82cf7fb2

Download Submit
C:\Windows\System\mZmKuER.exe

Filesize
982KB

MD5
0095fd6377bbd0a9404db2837578367a

SHA1
4500e26d9974aaa3cd8c23a44fbe7365d3fafc7d

SHA256
db5148a0e72e2a5cb2db87297693da35124b9986ecc2d6130ca3de6d323213a0

SHA512
759df078ebc2d74f7bbe0989b40c6902304affaa465f162b1762f948aedfdcac8c923690ea980640dbd8538484deb6a3f094745b73f44a288e330403b6a5e1d6

Download Submit
C:\Windows\System\nGNzlGi.exe

Filesize
978KB

MD5
432cc5b4e857ab06508332f774d737f4

SHA1
fa1a400c9fa611f6ce499330e4685f31932bfda0

SHA256
c847ada6fcf8c90d567e0ee41ba66672c36040b97b3957514dd1ec8d1be43766

SHA512
33d9c147d5752b2954638712a703d261c492a36e138052244e99cfd9781205ec6ab83614b9b93c33ce0bfe6b63b15d6d6187492f3b6e28e61cedaab0de179541

Download Submit
C:\Windows\System\ovhjimc.exe

Filesize
979KB

MD5
cbf9bd7cef02d61973fcc98253e9f119

SHA1
27237646c3dcf001372ab19ccbfe5c6e9502d42f

SHA256
5374ff43ac0b237034d2e9a582dd4b26b2be78028664eaae639edf727cab09f4

SHA512
8eea9ce45b29e2fde0882c0f91b33df9d9f030c3e8f1e6c27dcd5de7ba7b80008326894dc920c6b5c17cb2aaad29813fae049b0d2c72a9ac7a95027a3e829706

Download Submit
C:\Windows\System\qDLcawW.exe

Filesize
976KB

MD5
9741911a4950678acdc72122f997f87e

SHA1
de938626bbed552d708c1a4c805057a25aa3a5e3

SHA256
a9d77f32de536117eeefc9038b88ae30ba472eed2b2727b73042eea2c07e24b9

SHA512
91a99df0284a6cd0586d2a86980406b8b41cd9ef7ddd02effdc2951b6bd017cbe9b3b4b4e7d1fc70b3c20068b14d62070811976bbeadc534efe5e9ae5933e52e

Download Submit
C:\Windows\System\qjdejfC.exe

Filesize
975KB

MD5
20047b1982e45ffc7c45a65c1a79d136

SHA1
97d4f93800604512ad79914249992fc6a27bfc26

SHA256
d38300a58cf8905403acce46402d6b9b066511c2be1700e3eb2bb88e6943c6ba

SHA512
4d45b94dcaea52d78ddd1b4e42b19ca103de284532be8761d8e8b36d7ee1e75af661914ef529bb242e3ef4c91a055d8a98dc1b9c0afea80ac6ce7263c2102476

Download Submit
C:\Windows\System\uBlUnIn.exe

Filesize
974KB

MD5
fa29bae66c0787b02bb8508f4172f1e5

SHA1
c957dc57a6f913cbc9b6714c00d0ae987abf97be

SHA256
10363b070dbdd0d74cbe020f2584b3852d43bf9d166f3c9ac0324388a1266bf6

SHA512
a0cac461b93ec1099bdeeea2776abadcea1ffd2748925a2a51ad00051683cb1a8f84cb7a5577212043c3e87bff95787f73a2f2c5ac23cbb6f5067b02f3d77692

Download Submit
C:\Windows\System\uleskIl.exe

Filesize
980KB

MD5
f550f30baeb82a62ea64ed098b5bd1a8

SHA1
9673f5941107d15c82047b329721c91767143293

SHA256
1b972e33b526d69c35cf4f8fdc049ee33b0177b1f3749c6eb5ff2cb8b4d3700a

SHA512
a51c435898f10a7dfacfe2821a8069112357103de1452ec782d64eeda096bfb7770d8184b2bcc2af7d2337a656344578aebde1f9bf3b36466fcee53e9f72c470

Download Submit
C:\Windows\System\usvkEuT.exe

Filesize
980KB

MD5
83b3dd92aa2de611b595f6d955e9fe78

SHA1
e6faddb22c51dc6c3f12114f16efafedc9479221

SHA256
4bbcbcc9d94b2ae186a4ac032456df750c7dce3f96c300a8745580689005787b

SHA512
a8a318bf5a0c77725202db013321f48477712d0e14b01a5760fb38f5b0b9ecfd417d791813abb76bcd75dd5fd77e8221faf1642926010803d9324070d536d84e

Download Submit
C:\Windows\System\vfvnvyE.exe

Filesize
977KB

MD5
e49321fbbd021a3679495281e3575a9e

SHA1
801751ce5772c543ba48bb823ceacf02c3a12a80

SHA256
063526dd9e7fccdc35720b190bf81a48883a222fe970e92edc92a3acc1b6796a

SHA512
452cf4e02988637429ab96031cf5a79d7149ec0be1286cf59f41d065b6c4a44327adaa84e1cab01340a3a24ba103207465b7000d96d056af5934efa6fad778b5

Download Submit
C:\Windows\System\wZDmVOh.exe

Filesize
975KB

MD5
7ce43ba41ff7bc2f422376a52e05509b

SHA1
03e8a190795b4f5c42dcd2cef78252b66eb16f5d

SHA256
49ebfaf1b2091f0f96701c9b2d9cd29c4a269b20c9372ff8699b8290d3dd1939

SHA512
9d5b8427908d8ab12513979a67f93bf5ef4ee75a2376ec58f86bee3fd4c51d2213eec8a0d566d5b94960ec79847188f44025bd603b204e752928e57c28e6ae7d

Download Submit
C:\Windows\System\xeieBwa.exe

Filesize
981KB

MD5
8d01dd4c1cab75d318c9c97c7790b1ea

SHA1
c0c45a8bb9225e12e333924714e3767115f9dd97

SHA256
9b19688c537dae2967b05d759d6512db801e6f8040302a2dff46873c7d114fd8

SHA512
fa64a5808f667bc3e8e122d6c10a120f2f30024bc24f9c354d3328c8fd145b047565e99329c167992bebadbec85c7885053cd362ac6a0cb2e461df6a898c7c68

Download Submit
C:\Windows\System\yInVVMI.exe

Filesize
974KB

MD5
93eef8299fdb9e9af65ac7ec11a1a212

SHA1
0be71512a1fe1271796d237d9be0d3a4f83b5e59

SHA256
7287f3a57a6dcea544c4788a6996e3d7d67483ad0c9704c41475fde6c88a0001

SHA512
a4d4dabc624e8348d1f0d9aa0e3b15a7146099d1e18bd8b9542dce9e05aa37bb961a759bc5c99a11f825e75d5567f67b0b14dfb3f69e6924c8a180e88988d2f6

Download Submit
C:\Windows\System\zAlWYrH.exe

Filesize
983KB

MD5
f8648ca851bcafcc664fe9d1d4b81593

SHA1
7d63caf9e0a8f774e0bc873c3daff28955ca6166

SHA256
e6d0b204d8546f77dc97d773a9673a3ad97db613f5aae673c70c8aa26b179064

SHA512
9dc358490593151d5a935e6424e0a85dd33d914ca3ab956e390408ca4523680506396f3c479a233ea17b481cd2509c49ef9723dbc4700b7969bf58337b9295b0

Download Submit
C:\Windows\System\zcxhzCs.exe

Filesize
977KB

MD5
b36d75c724b4c5fab4b95d2630871bc5

SHA1
d927b04c2c1014c91b151f1e6b61c83eb77de223

SHA256
672e25a6d51f972ea9163d29693f4751043d5087acbc37d42f7787ad7a49e772

SHA512
e9590daa3a0e1c178b412868034ef066cc3f2e30e9a1518e0640e8aca9712859fce7c14a3457818141c0bf3d0a643b9d6838689ecc52d5cefb0a5d90215cb387

Download Submit
C:\Windows\System\zmhIuYR.exe

Filesize
977KB

MD5
ed6a10ea3c13f74a9e0fa6245b64ffff

SHA1
ad22b55d91ffd4eed5a241a2537440eeaa22a073

SHA256
1fcac1b4e5bb8f843973b2f2f27016052d7e6d7f02a3eaf54fdf770b8d3a9ccd

SHA512
72b06b749046a55c004dcf456e4c0130fa0e11498f2bd51a825de4a3b0397414ccbd802f23db58879b0ceb703695525afc1be503c7b6ff5b5772f5d7923b5e67

Download Submit
C:\Windows\System\zxtUIaF.exe

Filesize
976KB

MD5
0fc25be21fad47906bea6f6ec576cdf5

SHA1
6a4b5ae7326ddda6e14cb51377adbb1e27965523

SHA256
d419fcd36da28571a48a1c83706df2881b36ed023307fe5c11f3e3f4d5973d7b

SHA512
9aa8ed47cc1f9c06265a5c76a7306f99224eac90d80e78e6e0298dac6c3ed1967a250ce2ac640590af64e10b67450980b3b30996152a90a478cb19382c1efb4c

Download Submit
memory/648-660-0x00007FF74B0C0000-0x00007FF74B4B2000-memory.dmp

Filesize
3.9MB

Download
memory/648-3988-0x00007FF74B0C0000-0x00007FF74B4B2000-memory.dmp

Filesize
3.9MB

Download
memory/760-1-0x00000220A8180000-0x00000220A8190000-memory.dmp

Filesize
64KB

Download
memory/760-0-0x00007FF7E1110000-0x00007FF7E1502000-memory.dmp

Filesize
3.9MB

Download
memory/1064-3971-0x00007FF6790B0000-0x00007FF6794A2000-memory.dmp

Filesize
3.9MB

Download
memory/1064-1617-0x00007FF6790B0000-0x00007FF6794A2000-memory.dmp

Filesize
3.9MB

Download
memory/1264-3958-0x00007FF772260000-0x00007FF772652000-memory.dmp

Filesize
3.9MB

Download
memory/1264-405-0x00007FF772260000-0x00007FF772652000-memory.dmp

Filesize
3.9MB

Download
memory/1500-898-0x00007FF774A00000-0x00007FF774DF2000-memory.dmp

Filesize
3.9MB

Download
memory/1500-3977-0x00007FF774A00000-0x00007FF774DF2000-memory.dmp

Filesize
3.9MB

Download
memory/1560-3964-0x00007FF687F80000-0x00007FF688372000-memory.dmp

Filesize
3.9MB

Download
memory/1560-790-0x00007FF687F80000-0x00007FF688372000-memory.dmp

Filesize
3.9MB

Download
memory/1648-3979-0x00007FF64BD30000-0x00007FF64C122000-memory.dmp

Filesize
3.9MB

Download
memory/1648-895-0x00007FF64BD30000-0x00007FF64C122000-memory.dmp

Filesize
3.9MB

Download
memory/1696-3997-0x00007FF688FA0000-0x00007FF689392000-memory.dmp

Filesize
3.9MB

Download
memory/1696-1615-0x00007FF688FA0000-0x00007FF689392000-memory.dmp

Filesize
3.9MB

Download
memory/1860-4013-0x00007FF727530000-0x00007FF727922000-memory.dmp

Filesize
3.9MB

Download
memory/1860-661-0x00007FF727530000-0x00007FF727922000-memory.dmp

Filesize
3.9MB

Download
memory/2032-4012-0x00007FF6B05C0000-0x00007FF6B09B2000-memory.dmp

Filesize
3.9MB

Download
memory/2032-1243-0x00007FF6B05C0000-0x00007FF6B09B2000-memory.dmp

Filesize
3.9MB

Download
memory/2364-3954-0x00007FF660AB0000-0x00007FF660EA2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-1136-0x00007FF652930000-0x00007FF652D22000-memory.dmp

Filesize
3.9MB

Download
memory/2464-3973-0x00007FF652930000-0x00007FF652D22000-memory.dmp

Filesize
3.9MB

Download
memory/2532-3956-0x00007FF756D80000-0x00007FF757172000-memory.dmp

Filesize
3.9MB

Download
memory/2532-18-0x00007FF756D80000-0x00007FF757172000-memory.dmp

Filesize
3.9MB

Download
memory/2532-3948-0x00007FF756D80000-0x00007FF757172000-memory.dmp

Filesize
3.9MB

Download
memory/3068-3967-0x00007FF6FC5C0000-0x00007FF6FC9B2000-memory.dmp

Filesize
3.9MB

Download
memory/3068-664-0x00007FF6FC5C0000-0x00007FF6FC9B2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-3975-0x00007FF7D0EB0000-0x00007FF7D12A2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-662-0x00007FF7D0EB0000-0x00007FF7D12A2000-memory.dmp

Filesize
3.9MB

Download
memory/3620-1504-0x00007FF63C5A0000-0x00007FF63C992000-memory.dmp

Filesize
3.9MB

Download
memory/3620-4000-0x00007FF63C5A0000-0x00007FF63C992000-memory.dmp

Filesize
3.9MB

Download
memory/3672-3991-0x00007FF6854D0000-0x00007FF6858C2000-memory.dmp

Filesize
3.9MB

Download
memory/3672-667-0x00007FF6854D0000-0x00007FF6858C2000-memory.dmp

Filesize
3.9MB

Download
memory/3812-3986-0x00007FF7C7920000-0x00007FF7C7D12000-memory.dmp

Filesize
3.9MB

Download
memory/3812-665-0x00007FF7C7920000-0x00007FF7C7D12000-memory.dmp

Filesize
3.9MB

Download
memory/3864-3981-0x00007FF695D60000-0x00007FF696152000-memory.dmp

Filesize
3.9MB

Download
memory/3864-791-0x00007FF695D60000-0x00007FF696152000-memory.dmp

Filesize
3.9MB

Download
memory/3900-3961-0x00007FF6B1530000-0x00007FF6B1922000-memory.dmp

Filesize
3.9MB

Download
memory/3900-656-0x00007FF6B1530000-0x00007FF6B1922000-memory.dmp

Filesize
3.9MB

Download
memory/3936-3965-0x00007FF6F9540000-0x00007FF6F9932000-memory.dmp

Filesize
3.9MB

Download
memory/3936-588-0x00007FF6F9540000-0x00007FF6F9932000-memory.dmp

Filesize
3.9MB

Download
memory/4112-3998-0x00007FF778FC0000-0x00007FF7793B2000-memory.dmp

Filesize
3.9MB

Download
memory/4112-663-0x00007FF778FC0000-0x00007FF7793B2000-memory.dmp

Filesize
3.9MB

Download
memory/4264-3982-0x00007FF794C60000-0x00007FF795052000-memory.dmp

Filesize
3.9MB

Download
memory/4264-659-0x00007FF794C60000-0x00007FF795052000-memory.dmp

Filesize
3.9MB

Download
memory/4796-1616-0x00007FF76A890000-0x00007FF76AC82000-memory.dmp

Filesize
3.9MB

Download
memory/4796-4111-0x00007FF76A890000-0x00007FF76AC82000-memory.dmp

Filesize
3.9MB

Download
memory/4816-666-0x00007FFAE0970000-0x00007FFAE1431000-memory.dmp

Filesize
10.8MB

Download
memory/4816-32-0x00007FFAE0973000-0x00007FFAE0975000-memory.dmp

Filesize
8KB

Download
memory/4816-297-0x00007FFAE0970000-0x00007FFAE1431000-memory.dmp

Filesize
10.8MB

Download
memory/4816-1015-0x00000292FC680000-0x00000292FC6A2000-memory.dmp

Filesize
136KB

Download
memory/4816-2528-0x00007FFAE0970000-0x00007FFAE1431000-memory.dmp

Filesize
10.8MB

Download