xmrig | 8862c2052bc5ce19a6155a31d3e05c3fef9b87bccb390ead28f366781bbd22bc

Analysis

max time kernel
150s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 10:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

053b410e0f7fc23a563c7ec455b272c0N.exe
Size

1.9MB
MD5

053b410e0f7fc23a563c7ec455b272c0
SHA1

bf00425b674bcaae905e88c8dae028a9d7d2af93
SHA256

8862c2052bc5ce19a6155a31d3e05c3fef9b87bccb390ead28f366781bbd22bc
SHA512

393d4dcf94c1d4ddd2a89e542c535743ba6fee8f966716762fed0e828db2f26979c503093fc2cd9a8859481d6c8805280e0193ce2bd9ef565e4bb0bbfffa7b8c
SSDEEP

49152:Lz071uv4BPMkyW10/w16BvZX71Fq86zU6:NABD

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 26 IoCs

miner

resource	yara_rule
behavioral2/memory/1508-301-0x00007FF78D280000-0x00007FF78D672000-memory.dmp	xmrig
behavioral2/memory/472-307-0x00007FF7D3860000-0x00007FF7D3C52000-memory.dmp	xmrig
behavioral2/memory/2476-314-0x00007FF671700000-0x00007FF671AF2000-memory.dmp	xmrig
behavioral2/memory/4080-313-0x00007FF654320000-0x00007FF654712000-memory.dmp	xmrig
behavioral2/memory/4368-312-0x00007FF76D2F0000-0x00007FF76D6E2000-memory.dmp	xmrig
behavioral2/memory/4476-311-0x00007FF61A700000-0x00007FF61AAF2000-memory.dmp	xmrig
behavioral2/memory/4484-310-0x00007FF634680000-0x00007FF634A72000-memory.dmp	xmrig
behavioral2/memory/2588-309-0x00007FF774A20000-0x00007FF774E12000-memory.dmp	xmrig
behavioral2/memory/4992-308-0x00007FF65EEA0000-0x00007FF65F292000-memory.dmp	xmrig
behavioral2/memory/4876-306-0x00007FF635B80000-0x00007FF635F72000-memory.dmp	xmrig
behavioral2/memory/4060-305-0x00007FF754B50000-0x00007FF754F42000-memory.dmp	xmrig
behavioral2/memory/408-304-0x00007FF7E1380000-0x00007FF7E1772000-memory.dmp	xmrig
behavioral2/memory/116-303-0x00007FF796920000-0x00007FF796D12000-memory.dmp	xmrig
behavioral2/memory/1560-302-0x00007FF620F90000-0x00007FF621382000-memory.dmp	xmrig
behavioral2/memory/1256-300-0x00007FF770360000-0x00007FF770752000-memory.dmp	xmrig
behavioral2/memory/5068-299-0x00007FF681D90000-0x00007FF682182000-memory.dmp	xmrig
behavioral2/memory/3332-298-0x00007FF64A930000-0x00007FF64AD22000-memory.dmp	xmrig
behavioral2/memory/3972-297-0x00007FF608E70000-0x00007FF609262000-memory.dmp	xmrig
behavioral2/memory/4008-296-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp	xmrig
behavioral2/memory/4224-102-0x00007FF797270000-0x00007FF797662000-memory.dmp	xmrig
behavioral2/memory/3880-47-0x00007FF639B60000-0x00007FF639F52000-memory.dmp	xmrig
behavioral2/memory/2860-15-0x00007FF6E78B0000-0x00007FF6E7CA2000-memory.dmp	xmrig
behavioral2/memory/2040-3811-0x00007FF65ACF0000-0x00007FF65B0E2000-memory.dmp	xmrig
behavioral2/memory/1804-3808-0x00007FF7ECE70000-0x00007FF7ED262000-memory.dmp	xmrig
behavioral2/memory/2860-3805-0x00007FF6E78B0000-0x00007FF6E7CA2000-memory.dmp	xmrig
behavioral2/memory/2832-3810-0x00007FF6A8060000-0x00007FF6A8452000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
456	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2860	CcSXHcm.exe
3880	hEUCrVo.exe
1804	lHFQUOy.exe
2832	preYvuZ.exe
4224	dfQTbFV.exe
4476	kKFLQEA.exe
4008	XgicrMM.exe
3972	FGkilGn.exe
3332	sQxGlHB.exe
5068	BwEQwrN.exe
4368	qXMnPzF.exe
1256	gjHaBcm.exe
1508	RYiQFNK.exe
1560	LKJqJuH.exe
116	gtJphdG.exe
4080	NOqQpZU.exe
408	Urquvfy.exe
4060	ljjQggs.exe
4876	adFHkHg.exe
472	HnLPcHY.exe
2476	PDtPxXj.exe
4992	kihDyTP.exe
2588	xatxVhF.exe
4484	uBiLlwY.exe
3136	zTjFVEM.exe
1632	SxzVlww.exe
5024	LJlutJx.exe
1616	izREjJq.exe
844	DbVXtai.exe
3060	vlBeniM.exe
3224	OYjvycA.exe
2792	OYOZQLn.exe
4592	YtLeetJ.exe
2060	ojxGqTI.exe
3532	qtgIkOo.exe
4444	XrKVrvn.exe
3108	HfXoSua.exe
1436	TzGKLvm.exe
2660	XWKvxsW.exe
2152	WayzGhX.exe
1308	HRxfNML.exe
396	nWEINiy.exe
2160	dooaLKI.exe
2968	WehOwKj.exe
1912	gEHAhhY.exe
5000	dMMOWLK.exe
4672	BAvWIDm.exe
920	AvUtdjF.exe
3028	KRCKDQN.exe
4956	PBYGqml.exe
3548	cgSXUNX.exe
3772	jRhzrpL.exe
4596	zYYxEPd.exe
1384	nzHQYWN.exe
1908	LcOtFYT.exe
3392	KVmBtay.exe
5044	mNxCsKf.exe
1208	IlDSoap.exe
4388	mwxtFZw.exe
4084	uPbgNzk.exe
1832	DxgDYPf.exe
1636	GohynAC.exe
1836	FezXKyN.exe
2488	QwLaqHs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2040-0-0x00007FF65ACF0000-0x00007FF65B0E2000-memory.dmp	upx
behavioral2/files/0x000600000002324e-5.dat	upx
behavioral2/files/0x000700000002341b-41.dat	upx
behavioral2/files/0x000700000002341f-66.dat	upx
behavioral2/files/0x0007000000023423-88.dat	upx
behavioral2/files/0x000700000002342b-116.dat	upx
behavioral2/files/0x000700000002342c-119.dat	upx
behavioral2/files/0x0007000000023430-172.dat	upx
behavioral2/memory/1508-301-0x00007FF78D280000-0x00007FF78D672000-memory.dmp	upx
behavioral2/memory/472-307-0x00007FF7D3860000-0x00007FF7D3C52000-memory.dmp	upx
behavioral2/memory/2476-314-0x00007FF671700000-0x00007FF671AF2000-memory.dmp	upx
behavioral2/memory/4080-313-0x00007FF654320000-0x00007FF654712000-memory.dmp	upx
behavioral2/memory/4368-312-0x00007FF76D2F0000-0x00007FF76D6E2000-memory.dmp	upx
behavioral2/memory/4476-311-0x00007FF61A700000-0x00007FF61AAF2000-memory.dmp	upx
behavioral2/memory/4484-310-0x00007FF634680000-0x00007FF634A72000-memory.dmp	upx
behavioral2/memory/2588-309-0x00007FF774A20000-0x00007FF774E12000-memory.dmp	upx
behavioral2/memory/4992-308-0x00007FF65EEA0000-0x00007FF65F292000-memory.dmp	upx
behavioral2/memory/4876-306-0x00007FF635B80000-0x00007FF635F72000-memory.dmp	upx
behavioral2/memory/4060-305-0x00007FF754B50000-0x00007FF754F42000-memory.dmp	upx
behavioral2/memory/408-304-0x00007FF7E1380000-0x00007FF7E1772000-memory.dmp	upx
behavioral2/memory/116-303-0x00007FF796920000-0x00007FF796D12000-memory.dmp	upx
behavioral2/memory/1560-302-0x00007FF620F90000-0x00007FF621382000-memory.dmp	upx
behavioral2/memory/1256-300-0x00007FF770360000-0x00007FF770752000-memory.dmp	upx
behavioral2/memory/5068-299-0x00007FF681D90000-0x00007FF682182000-memory.dmp	upx
behavioral2/memory/3332-298-0x00007FF64A930000-0x00007FF64AD22000-memory.dmp	upx
behavioral2/memory/3972-297-0x00007FF608E70000-0x00007FF609262000-memory.dmp	upx
behavioral2/memory/4008-296-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp	upx
behavioral2/files/0x0007000000023439-200.dat	upx
behavioral2/files/0x000700000002343a-198.dat	upx
behavioral2/files/0x0007000000023437-193.dat	upx
behavioral2/files/0x0007000000023436-191.dat	upx
behavioral2/files/0x0007000000023435-190.dat	upx
behavioral2/files/0x0007000000023434-186.dat	upx
behavioral2/files/0x0007000000023433-181.dat	upx
behavioral2/files/0x0007000000023432-178.dat	upx
behavioral2/files/0x0007000000023431-173.dat	upx
behavioral2/files/0x000700000002342a-156.dat	upx
behavioral2/files/0x0007000000023427-155.dat	upx
behavioral2/files/0x000700000002342f-154.dat	upx
behavioral2/files/0x000700000002342e-152.dat	upx
behavioral2/files/0x000700000002342d-149.dat	upx
behavioral2/files/0x0007000000023426-145.dat	upx
behavioral2/files/0x0007000000023421-142.dat	upx
behavioral2/files/0x0007000000023425-137.dat	upx
behavioral2/files/0x0007000000023420-127.dat	upx
behavioral2/files/0x0007000000023422-112.dat	upx
behavioral2/files/0x0007000000023429-111.dat	upx
behavioral2/files/0x0007000000023428-107.dat	upx
behavioral2/files/0x0007000000023424-99.dat	upx
behavioral2/files/0x000700000002341c-97.dat	upx
behavioral2/memory/4224-102-0x00007FF797270000-0x00007FF797662000-memory.dmp	upx
behavioral2/memory/2832-75-0x00007FF6A8060000-0x00007FF6A8452000-memory.dmp	upx
behavioral2/files/0x0007000000023418-68.dat	upx
behavioral2/files/0x000700000002341e-60.dat	upx
behavioral2/files/0x000700000002341d-59.dat	upx
behavioral2/files/0x000700000002341a-57.dat	upx
behavioral2/files/0x0007000000023419-78.dat	upx
behavioral2/memory/1804-52-0x00007FF7ECE70000-0x00007FF7ED262000-memory.dmp	upx
behavioral2/memory/3880-47-0x00007FF639B60000-0x00007FF639F52000-memory.dmp	upx
behavioral2/files/0x0007000000023417-35.dat	upx
behavioral2/files/0x0007000000023416-55.dat	upx
behavioral2/files/0x0007000000023415-51.dat	upx
behavioral2/files/0x0008000000023414-27.dat	upx
behavioral2/memory/2860-15-0x00007FF6E78B0000-0x00007FF6E7CA2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lueShvb.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\LWvaFwh.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\kyXTAQx.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\JFIEIFv.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\vpVYCyA.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\eAMBKOF.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\OMMrqsN.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\tialXrs.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\JcYDrNW.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\AWENTBW.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\qhsJPKz.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\KxABpkp.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\MiAdHQd.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\FjBaQjB.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\WXfwgPE.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\OZwBsee.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\VclWDGn.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\YYVRzjA.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\dSyxSxX.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\IBYHkRT.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\ETVkdDB.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\InjIpdG.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\CfsOfsJ.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\DldMNzo.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\OYOZQLn.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\qKycHPc.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\NGwkBlR.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\GgBpTdq.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\ZoUtKay.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\zBZiYkT.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\DmpncSM.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\eoKLyRt.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\fQMczSJ.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\JxeDBwP.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\ERbzYdI.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\wELWzga.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\CYacFwX.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\IdicYmL.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\plNQuhL.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\aCslVuK.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\qbBzJbS.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\sflAyQY.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\pULyKlr.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\wFVygzl.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\lrldWwS.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\ikqyfdL.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\FWfHdll.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\xVwZdeQ.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\LCWNTdt.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\LJILhdi.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\ZbzSEYC.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\ZQdiykz.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\JbYCrzT.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\XkuviFw.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\IvsxBHH.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\QoCKdmu.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\detqbIV.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\qfDnRAt.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\YvclRrx.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\rSGZCpy.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\aQuywrg.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\zUCpWid.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\geNoxlD.exe	053b410e0f7fc23a563c7ec455b272c0N.exe
File created	C:\Windows\System\YXDLWxw.exe	053b410e0f7fc23a563c7ec455b272c0N.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
456	powershell.exe
456	powershell.exe
456	powershell.exe
456	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
10956	Process not Found
1288	Process not Found
9100	Process not Found
7212	Process not Found
7532	Process not Found
8904	Process not Found
5852	Process not Found
6420	Process not Found
7208	Process not Found
5628	Process not Found
4560	Process not Found
7104	Process not Found
10384	Process not Found
3756	Process not Found
868	Process not Found
12832	Process not Found
9232	Process not Found
10484	Process not Found
10980	Process not Found
9988	Process not Found
11388	Process not Found
7732	Process not Found
11396	Process not Found
10464	Process not Found
9244	Process not Found
9588	Process not Found
7996	Process not Found
13000	Process not Found
12548	Process not Found
7908	Process not Found
10572	Process not Found
12976	Process not Found
11296	Process not Found
8776	Process not Found
7300	Process not Found
12112	Process not Found
8112	Process not Found
11824	Process not Found
12972	Process not Found
12304	Process not Found
11300	Process not Found
13212	Process not Found
3700	Process not Found
3576	Process not Found
1292	Process not Found
760	Process not Found
1708	Process not Found
2528	Process not Found
11340	Process not Found
3600	Process not Found
3680	Process not Found
13800	Process not Found
3148	Process not Found
3980	Process not Found
4312	Process not Found
3500	Process not Found
1336	Process not Found
4676	Process not Found
3592	Process not Found
13892	Process not Found
820	Process not Found
5092	Process not Found
4852	Process not Found
3676	Process not Found

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2040	053b410e0f7fc23a563c7ec455b272c0N.exe
Token: SeDebugPrivilege	456	powershell.exe
Token: SeLockMemoryPrivilege	2040	053b410e0f7fc23a563c7ec455b272c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 456	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	83
PID 2040 wrote to memory of 456	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	83
PID 2040 wrote to memory of 2860	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	84
PID 2040 wrote to memory of 2860	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	84
PID 2040 wrote to memory of 3880	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	85
PID 2040 wrote to memory of 3880	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	85
PID 2040 wrote to memory of 1804	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	86
PID 2040 wrote to memory of 1804	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	86
PID 2040 wrote to memory of 2832	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	87
PID 2040 wrote to memory of 2832	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	87
PID 2040 wrote to memory of 4224	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	88
PID 2040 wrote to memory of 4224	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	88
PID 2040 wrote to memory of 4476	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	89
PID 2040 wrote to memory of 4476	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	89
PID 2040 wrote to memory of 4008	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	90
PID 2040 wrote to memory of 4008	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	90
PID 2040 wrote to memory of 3972	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	91
PID 2040 wrote to memory of 3972	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	91
PID 2040 wrote to memory of 3332	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	92
PID 2040 wrote to memory of 3332	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	92
PID 2040 wrote to memory of 5068	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	93
PID 2040 wrote to memory of 5068	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	93
PID 2040 wrote to memory of 4368	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	94
PID 2040 wrote to memory of 4368	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	94
PID 2040 wrote to memory of 1256	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	95
PID 2040 wrote to memory of 1256	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	95
PID 2040 wrote to memory of 1508	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	96
PID 2040 wrote to memory of 1508	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	96
PID 2040 wrote to memory of 1560	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	97
PID 2040 wrote to memory of 1560	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	97
PID 2040 wrote to memory of 116	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	98
PID 2040 wrote to memory of 116	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	98
PID 2040 wrote to memory of 4080	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	99
PID 2040 wrote to memory of 4080	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	99
PID 2040 wrote to memory of 408	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	100
PID 2040 wrote to memory of 408	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	100
PID 2040 wrote to memory of 4060	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	101
PID 2040 wrote to memory of 4060	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	101
PID 2040 wrote to memory of 4876	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	102
PID 2040 wrote to memory of 4876	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	102
PID 2040 wrote to memory of 472	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	103
PID 2040 wrote to memory of 472	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	103
PID 2040 wrote to memory of 2476	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	104
PID 2040 wrote to memory of 2476	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	104
PID 2040 wrote to memory of 4992	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	105
PID 2040 wrote to memory of 4992	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	105
PID 2040 wrote to memory of 2588	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	106
PID 2040 wrote to memory of 2588	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	106
PID 2040 wrote to memory of 4484	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	107
PID 2040 wrote to memory of 4484	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	107
PID 2040 wrote to memory of 3136	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	108
PID 2040 wrote to memory of 3136	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	108
PID 2040 wrote to memory of 1632	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	109
PID 2040 wrote to memory of 1632	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	109
PID 2040 wrote to memory of 5024	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	110
PID 2040 wrote to memory of 5024	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	110
PID 2040 wrote to memory of 1616	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	111
PID 2040 wrote to memory of 1616	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	111
PID 2040 wrote to memory of 844	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	112
PID 2040 wrote to memory of 844	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	112
PID 2040 wrote to memory of 3060	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	113
PID 2040 wrote to memory of 3060	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	113
PID 2040 wrote to memory of 3224	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	114
PID 2040 wrote to memory of 3224	2040	053b410e0f7fc23a563c7ec455b272c0N.exe	114

C:\Users\Admin\AppData\Local\Temp\053b410e0f7fc23a563c7ec455b272c0N.exe
"C:\Users\Admin\AppData\Local\Temp\053b410e0f7fc23a563c7ec455b272c0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:456
- C:\Windows\System\CcSXHcm.exe
  C:\Windows\System\CcSXHcm.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\hEUCrVo.exe
  C:\Windows\System\hEUCrVo.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\lHFQUOy.exe
  C:\Windows\System\lHFQUOy.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\preYvuZ.exe
  C:\Windows\System\preYvuZ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\dfQTbFV.exe
  C:\Windows\System\dfQTbFV.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\kKFLQEA.exe
  C:\Windows\System\kKFLQEA.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\XgicrMM.exe
  C:\Windows\System\XgicrMM.exe
  2⤵
  - Executes dropped EXE
  PID:4008
- C:\Windows\System\FGkilGn.exe
  C:\Windows\System\FGkilGn.exe
  2⤵
  - Executes dropped EXE
  PID:3972
- C:\Windows\System\sQxGlHB.exe
  C:\Windows\System\sQxGlHB.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\BwEQwrN.exe
  C:\Windows\System\BwEQwrN.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\qXMnPzF.exe
  C:\Windows\System\qXMnPzF.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\gjHaBcm.exe
  C:\Windows\System\gjHaBcm.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\RYiQFNK.exe
  C:\Windows\System\RYiQFNK.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\LKJqJuH.exe
  C:\Windows\System\LKJqJuH.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\gtJphdG.exe
  C:\Windows\System\gtJphdG.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\NOqQpZU.exe
  C:\Windows\System\NOqQpZU.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\Urquvfy.exe
  C:\Windows\System\Urquvfy.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\ljjQggs.exe
  C:\Windows\System\ljjQggs.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\adFHkHg.exe
  C:\Windows\System\adFHkHg.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\HnLPcHY.exe
  C:\Windows\System\HnLPcHY.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\PDtPxXj.exe
  C:\Windows\System\PDtPxXj.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\kihDyTP.exe
  C:\Windows\System\kihDyTP.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\xatxVhF.exe
  C:\Windows\System\xatxVhF.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\uBiLlwY.exe
  C:\Windows\System\uBiLlwY.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\zTjFVEM.exe
  C:\Windows\System\zTjFVEM.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\SxzVlww.exe
  C:\Windows\System\SxzVlww.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\LJlutJx.exe
  C:\Windows\System\LJlutJx.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\izREjJq.exe
  C:\Windows\System\izREjJq.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\DbVXtai.exe
  C:\Windows\System\DbVXtai.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\vlBeniM.exe
  C:\Windows\System\vlBeniM.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\OYjvycA.exe
  C:\Windows\System\OYjvycA.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\OYOZQLn.exe
  C:\Windows\System\OYOZQLn.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\YtLeetJ.exe
  C:\Windows\System\YtLeetJ.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\ojxGqTI.exe
  C:\Windows\System\ojxGqTI.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\qtgIkOo.exe
  C:\Windows\System\qtgIkOo.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\XrKVrvn.exe
  C:\Windows\System\XrKVrvn.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\HfXoSua.exe
  C:\Windows\System\HfXoSua.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\KRCKDQN.exe
  C:\Windows\System\KRCKDQN.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\TzGKLvm.exe
  C:\Windows\System\TzGKLvm.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\XWKvxsW.exe
  C:\Windows\System\XWKvxsW.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\WayzGhX.exe
  C:\Windows\System\WayzGhX.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\HRxfNML.exe
  C:\Windows\System\HRxfNML.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\nWEINiy.exe
  C:\Windows\System\nWEINiy.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\dooaLKI.exe
  C:\Windows\System\dooaLKI.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\WehOwKj.exe
  C:\Windows\System\WehOwKj.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\gEHAhhY.exe
  C:\Windows\System\gEHAhhY.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\dMMOWLK.exe
  C:\Windows\System\dMMOWLK.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\BAvWIDm.exe
  C:\Windows\System\BAvWIDm.exe
  2⤵
  - Executes dropped EXE
  PID:4672
- C:\Windows\System\AvUtdjF.exe
  C:\Windows\System\AvUtdjF.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\PBYGqml.exe
  C:\Windows\System\PBYGqml.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\LcOtFYT.exe
  C:\Windows\System\LcOtFYT.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\cgSXUNX.exe
  C:\Windows\System\cgSXUNX.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\jRhzrpL.exe
  C:\Windows\System\jRhzrpL.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\zYYxEPd.exe
  C:\Windows\System\zYYxEPd.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\nzHQYWN.exe
  C:\Windows\System\nzHQYWN.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\KVmBtay.exe
  C:\Windows\System\KVmBtay.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\mNxCsKf.exe
  C:\Windows\System\mNxCsKf.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\IlDSoap.exe
  C:\Windows\System\IlDSoap.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\mwxtFZw.exe
  C:\Windows\System\mwxtFZw.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\uPbgNzk.exe
  C:\Windows\System\uPbgNzk.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\DxgDYPf.exe
  C:\Windows\System\DxgDYPf.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\GohynAC.exe
  C:\Windows\System\GohynAC.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\FezXKyN.exe
  C:\Windows\System\FezXKyN.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\QwLaqHs.exe
  C:\Windows\System\QwLaqHs.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\DmxVcpu.exe
  C:\Windows\System\DmxVcpu.exe
  2⤵
  PID:848
- C:\Windows\System\mntudhe.exe
  C:\Windows\System\mntudhe.exe
  2⤵
  PID:3032
- C:\Windows\System\JsSUtTc.exe
  C:\Windows\System\JsSUtTc.exe
  2⤵
  PID:4264
- C:\Windows\System\lzWEyMK.exe
  C:\Windows\System\lzWEyMK.exe
  2⤵
  PID:1588
- C:\Windows\System\yDcAdsS.exe
  C:\Windows\System\yDcAdsS.exe
  2⤵
  PID:1496
- C:\Windows\System\EooZgBF.exe
  C:\Windows\System\EooZgBF.exe
  2⤵
  PID:228
- C:\Windows\System\mqFVFdP.exe
  C:\Windows\System\mqFVFdP.exe
  2⤵
  PID:1344
- C:\Windows\System\eJCZwVL.exe
  C:\Windows\System\eJCZwVL.exe
  2⤵
  PID:3428
- C:\Windows\System\GlSNPka.exe
  C:\Windows\System\GlSNPka.exe
  2⤵
  PID:4944
- C:\Windows\System\ACGYATL.exe
  C:\Windows\System\ACGYATL.exe
  2⤵
  PID:1136
- C:\Windows\System\eRyDyxz.exe
  C:\Windows\System\eRyDyxz.exe
  2⤵
  PID:4524
- C:\Windows\System\VHhUqXI.exe
  C:\Windows\System\VHhUqXI.exe
  2⤵
  PID:3480
- C:\Windows\System\qkmkQkC.exe
  C:\Windows\System\qkmkQkC.exe
  2⤵
  PID:1124
- C:\Windows\System\KSRPdyh.exe
  C:\Windows\System\KSRPdyh.exe
  2⤵
  PID:5004
- C:\Windows\System\ZowxLIg.exe
  C:\Windows\System\ZowxLIg.exe
  2⤵
  PID:748
- C:\Windows\System\NgQxNzq.exe
  C:\Windows\System\NgQxNzq.exe
  2⤵
  PID:2352
- C:\Windows\System\muFJDOh.exe
  C:\Windows\System\muFJDOh.exe
  2⤵
  PID:4988
- C:\Windows\System\WOzdHXZ.exe
  C:\Windows\System\WOzdHXZ.exe
  2⤵
  PID:2908
- C:\Windows\System\ribxYEG.exe
  C:\Windows\System\ribxYEG.exe
  2⤵
  PID:2264
- C:\Windows\System\PSTJlxD.exe
  C:\Windows\System\PSTJlxD.exe
  2⤵
  PID:4888
- C:\Windows\System\bswsPyN.exe
  C:\Windows\System\bswsPyN.exe
  2⤵
  PID:5300
- C:\Windows\System\RsNRiNb.exe
  C:\Windows\System\RsNRiNb.exe
  2⤵
  PID:5320
- C:\Windows\System\quqDDgE.exe
  C:\Windows\System\quqDDgE.exe
  2⤵
  PID:5344
- C:\Windows\System\qqwCzdi.exe
  C:\Windows\System\qqwCzdi.exe
  2⤵
  PID:5364
- C:\Windows\System\zuyuMgT.exe
  C:\Windows\System\zuyuMgT.exe
  2⤵
  PID:5388
- C:\Windows\System\pxOmMjW.exe
  C:\Windows\System\pxOmMjW.exe
  2⤵
  PID:5404
- C:\Windows\System\QpwkHmO.exe
  C:\Windows\System\QpwkHmO.exe
  2⤵
  PID:5432
- C:\Windows\System\sxSYEnN.exe
  C:\Windows\System\sxSYEnN.exe
  2⤵
  PID:5452
- C:\Windows\System\stVUyaI.exe
  C:\Windows\System\stVUyaI.exe
  2⤵
  PID:5468
- C:\Windows\System\luQUQAq.exe
  C:\Windows\System\luQUQAq.exe
  2⤵
  PID:5496
- C:\Windows\System\MkkLHAC.exe
  C:\Windows\System\MkkLHAC.exe
  2⤵
  PID:5520
- C:\Windows\System\AfWaxWW.exe
  C:\Windows\System\AfWaxWW.exe
  2⤵
  PID:5536
- C:\Windows\System\yvrzUrv.exe
  C:\Windows\System\yvrzUrv.exe
  2⤵
  PID:5556
- C:\Windows\System\WvPmtVd.exe
  C:\Windows\System\WvPmtVd.exe
  2⤵
  PID:5580
- C:\Windows\System\qvivPgU.exe
  C:\Windows\System\qvivPgU.exe
  2⤵
  PID:5596
- C:\Windows\System\QPjXAVd.exe
  C:\Windows\System\QPjXAVd.exe
  2⤵
  PID:5620
- C:\Windows\System\fuTLnxf.exe
  C:\Windows\System\fuTLnxf.exe
  2⤵
  PID:5636
- C:\Windows\System\yDeOMuP.exe
  C:\Windows\System\yDeOMuP.exe
  2⤵
  PID:5660
- C:\Windows\System\QnATsjg.exe
  C:\Windows\System\QnATsjg.exe
  2⤵
  PID:5680
- C:\Windows\System\pCWdXFQ.exe
  C:\Windows\System\pCWdXFQ.exe
  2⤵
  PID:5696
- C:\Windows\System\qNezHFB.exe
  C:\Windows\System\qNezHFB.exe
  2⤵
  PID:5732
- C:\Windows\System\kZXwJcm.exe
  C:\Windows\System\kZXwJcm.exe
  2⤵
  PID:5756
- C:\Windows\System\nzWNgYI.exe
  C:\Windows\System\nzWNgYI.exe
  2⤵
  PID:5776
- C:\Windows\System\XOFQbYW.exe
  C:\Windows\System\XOFQbYW.exe
  2⤵
  PID:5796
- C:\Windows\System\cLHqRjq.exe
  C:\Windows\System\cLHqRjq.exe
  2⤵
  PID:5820
- C:\Windows\System\JhVudjp.exe
  C:\Windows\System\JhVudjp.exe
  2⤵
  PID:5840
- C:\Windows\System\bvYUYeO.exe
  C:\Windows\System\bvYUYeO.exe
  2⤵
  PID:5856
- C:\Windows\System\chIRoMp.exe
  C:\Windows\System\chIRoMp.exe
  2⤵
  PID:5876
- C:\Windows\System\DuBOWLm.exe
  C:\Windows\System\DuBOWLm.exe
  2⤵
  PID:5892
- C:\Windows\System\ZuOLIPo.exe
  C:\Windows\System\ZuOLIPo.exe
  2⤵
  PID:5916
- C:\Windows\System\oGaLfLf.exe
  C:\Windows\System\oGaLfLf.exe
  2⤵
  PID:5936
- C:\Windows\System\cyWEnDU.exe
  C:\Windows\System\cyWEnDU.exe
  2⤵
  PID:5952
- C:\Windows\System\OMfJphp.exe
  C:\Windows\System\OMfJphp.exe
  2⤵
  PID:5968
- C:\Windows\System\cXNpZGD.exe
  C:\Windows\System\cXNpZGD.exe
  2⤵
  PID:5992
- C:\Windows\System\eRPeisA.exe
  C:\Windows\System\eRPeisA.exe
  2⤵
  PID:6008
- C:\Windows\System\crBIlIm.exe
  C:\Windows\System\crBIlIm.exe
  2⤵
  PID:6040
- C:\Windows\System\IuyXhNJ.exe
  C:\Windows\System\IuyXhNJ.exe
  2⤵
  PID:6064
- C:\Windows\System\rxChAVM.exe
  C:\Windows\System\rxChAVM.exe
  2⤵
  PID:6084
- C:\Windows\System\CgvErOx.exe
  C:\Windows\System\CgvErOx.exe
  2⤵
  PID:6104
- C:\Windows\System\LbyoKri.exe
  C:\Windows\System\LbyoKri.exe
  2⤵
  PID:6128
- C:\Windows\System\dXSXfhU.exe
  C:\Windows\System\dXSXfhU.exe
  2⤵
  PID:1232
- C:\Windows\System\ScCATcs.exe
  C:\Windows\System\ScCATcs.exe
  2⤵
  PID:2796
- C:\Windows\System\rBZVMqN.exe
  C:\Windows\System\rBZVMqN.exe
  2⤵
  PID:4556
- C:\Windows\System\KRrIPVo.exe
  C:\Windows\System\KRrIPVo.exe
  2⤵
  PID:3688
- C:\Windows\System\toxFmtG.exe
  C:\Windows\System\toxFmtG.exe
  2⤵
  PID:3292
- C:\Windows\System\VvIRfGF.exe
  C:\Windows\System\VvIRfGF.exe
  2⤵
  PID:516
- C:\Windows\System\ynSbVDq.exe
  C:\Windows\System\ynSbVDq.exe
  2⤵
  PID:1936
- C:\Windows\System\iekVAoj.exe
  C:\Windows\System\iekVAoj.exe
  2⤵
  PID:224
- C:\Windows\System\xgQYuyE.exe
  C:\Windows\System\xgQYuyE.exe
  2⤵
  PID:3100
- C:\Windows\System\Ixoufjp.exe
  C:\Windows\System\Ixoufjp.exe
  2⤵
  PID:2740
- C:\Windows\System\BzmHpYg.exe
  C:\Windows\System\BzmHpYg.exe
  2⤵
  PID:3064
- C:\Windows\System\xKbusHU.exe
  C:\Windows\System\xKbusHU.exe
  2⤵
  PID:3584
- C:\Windows\System\wKcRvDP.exe
  C:\Windows\System\wKcRvDP.exe
  2⤵
  PID:3128
- C:\Windows\System\UOvylvj.exe
  C:\Windows\System\UOvylvj.exe
  2⤵
  PID:4828
- C:\Windows\System\ctfmBLZ.exe
  C:\Windows\System\ctfmBLZ.exe
  2⤵
  PID:3960
- C:\Windows\System\xDxrdAy.exe
  C:\Windows\System\xDxrdAy.exe
  2⤵
  PID:2276
- C:\Windows\System\hmKAfyL.exe
  C:\Windows\System\hmKAfyL.exe
  2⤵
  PID:1076
- C:\Windows\System\lCDsEzu.exe
  C:\Windows\System\lCDsEzu.exe
  2⤵
  PID:1116
- C:\Windows\System\OfNRijd.exe
  C:\Windows\System\OfNRijd.exe
  2⤵
  PID:1452
- C:\Windows\System\DzkVtYF.exe
  C:\Windows\System\DzkVtYF.exe
  2⤵
  PID:3628
- C:\Windows\System\hQyxxSE.exe
  C:\Windows\System\hQyxxSE.exe
  2⤵
  PID:1696
- C:\Windows\System\YQKFHle.exe
  C:\Windows\System\YQKFHle.exe
  2⤵
  PID:2176
- C:\Windows\System\eQZDFUU.exe
  C:\Windows\System\eQZDFUU.exe
  2⤵
  PID:4284
- C:\Windows\System\jYYvJEB.exe
  C:\Windows\System\jYYvJEB.exe
  2⤵
  PID:1760
- C:\Windows\System\UeSDFFA.exe
  C:\Windows\System\UeSDFFA.exe
  2⤵
  PID:3992
- C:\Windows\System\ObmiAJv.exe
  C:\Windows\System\ObmiAJv.exe
  2⤵
  PID:4576
- C:\Windows\System\fFdZUhP.exe
  C:\Windows\System\fFdZUhP.exe
  2⤵
  PID:5296
- C:\Windows\System\QwhgNJR.exe
  C:\Windows\System\QwhgNJR.exe
  2⤵
  PID:5372
- C:\Windows\System\TVqHkZo.exe
  C:\Windows\System\TVqHkZo.exe
  2⤵
  PID:5444
- C:\Windows\System\irjyUOB.exe
  C:\Windows\System\irjyUOB.exe
  2⤵
  PID:5508
- C:\Windows\System\XkqZtzM.exe
  C:\Windows\System\XkqZtzM.exe
  2⤵
  PID:5552
- C:\Windows\System\zjkkLOX.exe
  C:\Windows\System\zjkkLOX.exe
  2⤵
  PID:5644
- C:\Windows\System\yYUovnr.exe
  C:\Windows\System\yYUovnr.exe
  2⤵
  PID:5688
- C:\Windows\System\SgjTvjQ.exe
  C:\Windows\System\SgjTvjQ.exe
  2⤵
  PID:5772
- C:\Windows\System\efmTalv.exe
  C:\Windows\System\efmTalv.exe
  2⤵
  PID:5440
- C:\Windows\System\lrldWwS.exe
  C:\Windows\System\lrldWwS.exe
  2⤵
  PID:5864
- C:\Windows\System\IlPprrP.exe
  C:\Windows\System\IlPprrP.exe
  2⤵
  PID:5236
- C:\Windows\System\qYkhlfG.exe
  C:\Windows\System\qYkhlfG.exe
  2⤵
  PID:5260
- C:\Windows\System\YvclRrx.exe
  C:\Windows\System\YvclRrx.exe
  2⤵
  PID:5336
- C:\Windows\System\YCFqvCD.exe
  C:\Windows\System\YCFqvCD.exe
  2⤵
  PID:5788
- C:\Windows\System\pmSwlfV.exe
  C:\Windows\System\pmSwlfV.exe
  2⤵
  PID:364
- C:\Windows\System\ywmSYNN.exe
  C:\Windows\System\ywmSYNN.exe
  2⤵
  PID:6152
- C:\Windows\System\BKnNLAp.exe
  C:\Windows\System\BKnNLAp.exe
  2⤵
  PID:6168
- C:\Windows\System\JwFlcZf.exe
  C:\Windows\System\JwFlcZf.exe
  2⤵
  PID:6192
- C:\Windows\System\CIrEqCl.exe
  C:\Windows\System\CIrEqCl.exe
  2⤵
  PID:6216
- C:\Windows\System\Qsrwewz.exe
  C:\Windows\System\Qsrwewz.exe
  2⤵
  PID:6232
- C:\Windows\System\UKWurOD.exe
  C:\Windows\System\UKWurOD.exe
  2⤵
  PID:6260
- C:\Windows\System\mAHQFnT.exe
  C:\Windows\System\mAHQFnT.exe
  2⤵
  PID:6276
- C:\Windows\System\gJUJpDd.exe
  C:\Windows\System\gJUJpDd.exe
  2⤵
  PID:6304
- C:\Windows\System\qLRTjHC.exe
  C:\Windows\System\qLRTjHC.exe
  2⤵
  PID:6324
- C:\Windows\System\chBvdrw.exe
  C:\Windows\System\chBvdrw.exe
  2⤵
  PID:6356
- C:\Windows\System\JPAuUWQ.exe
  C:\Windows\System\JPAuUWQ.exe
  2⤵
  PID:6380
- C:\Windows\System\NgesRkz.exe
  C:\Windows\System\NgesRkz.exe
  2⤵
  PID:6408
- C:\Windows\System\oErGlmv.exe
  C:\Windows\System\oErGlmv.exe
  2⤵
  PID:6424
- C:\Windows\System\sdFYqlg.exe
  C:\Windows\System\sdFYqlg.exe
  2⤵
  PID:6448
- C:\Windows\System\PkIdPbc.exe
  C:\Windows\System\PkIdPbc.exe
  2⤵
  PID:6476
- C:\Windows\System\GFhCMsN.exe
  C:\Windows\System\GFhCMsN.exe
  2⤵
  PID:6492
- C:\Windows\System\CwSxcfB.exe
  C:\Windows\System\CwSxcfB.exe
  2⤵
  PID:6516
- C:\Windows\System\FuYNZnh.exe
  C:\Windows\System\FuYNZnh.exe
  2⤵
  PID:6536
- C:\Windows\System\rxcJROM.exe
  C:\Windows\System\rxcJROM.exe
  2⤵
  PID:6568
- C:\Windows\System\WmZJxYK.exe
  C:\Windows\System\WmZJxYK.exe
  2⤵
  PID:6592
- C:\Windows\System\TRXGwTr.exe
  C:\Windows\System\TRXGwTr.exe
  2⤵
  PID:6608
- C:\Windows\System\TxQfVmc.exe
  C:\Windows\System\TxQfVmc.exe
  2⤵
  PID:6632
- C:\Windows\System\jXnUklI.exe
  C:\Windows\System\jXnUklI.exe
  2⤵
  PID:6656
- C:\Windows\System\gbTfVDK.exe
  C:\Windows\System\gbTfVDK.exe
  2⤵
  PID:6676
- C:\Windows\System\FzIrxmp.exe
  C:\Windows\System\FzIrxmp.exe
  2⤵
  PID:6700
- C:\Windows\System\ZVLwwkT.exe
  C:\Windows\System\ZVLwwkT.exe
  2⤵
  PID:6720
- C:\Windows\System\pwWNELZ.exe
  C:\Windows\System\pwWNELZ.exe
  2⤵
  PID:6744
- C:\Windows\System\LhJFDRE.exe
  C:\Windows\System\LhJFDRE.exe
  2⤵
  PID:6788
- C:\Windows\System\aJXnxph.exe
  C:\Windows\System\aJXnxph.exe
  2⤵
  PID:6804
- C:\Windows\System\ZrVAGQa.exe
  C:\Windows\System\ZrVAGQa.exe
  2⤵
  PID:6824
- C:\Windows\System\XpTuYlS.exe
  C:\Windows\System\XpTuYlS.exe
  2⤵
  PID:6848
- C:\Windows\System\aTKecwi.exe
  C:\Windows\System\aTKecwi.exe
  2⤵
  PID:6864
- C:\Windows\System\gmxpzjQ.exe
  C:\Windows\System\gmxpzjQ.exe
  2⤵
  PID:6892
- C:\Windows\System\MIjNfUk.exe
  C:\Windows\System\MIjNfUk.exe
  2⤵
  PID:6908
- C:\Windows\System\OMoigBB.exe
  C:\Windows\System\OMoigBB.exe
  2⤵
  PID:6932
- C:\Windows\System\CnbGpbT.exe
  C:\Windows\System\CnbGpbT.exe
  2⤵
  PID:6948
- C:\Windows\System\zjDjxjE.exe
  C:\Windows\System\zjDjxjE.exe
  2⤵
  PID:6976
- C:\Windows\System\NSbMMJV.exe
  C:\Windows\System\NSbMMJV.exe
  2⤵
  PID:7004
- C:\Windows\System\anNmeOy.exe
  C:\Windows\System\anNmeOy.exe
  2⤵
  PID:7032
- C:\Windows\System\eBBSlgp.exe
  C:\Windows\System\eBBSlgp.exe
  2⤵
  PID:7048
- C:\Windows\System\hlJbJpF.exe
  C:\Windows\System\hlJbJpF.exe
  2⤵
  PID:7080
- C:\Windows\System\AZzGENF.exe
  C:\Windows\System\AZzGENF.exe
  2⤵
  PID:7096
- C:\Windows\System\LJILhdi.exe
  C:\Windows\System\LJILhdi.exe
  2⤵
  PID:7124
- C:\Windows\System\QWlVJBa.exe
  C:\Windows\System\QWlVJBa.exe
  2⤵
  PID:7140
- C:\Windows\System\dPwcbvk.exe
  C:\Windows\System\dPwcbvk.exe
  2⤵
  PID:5884
- C:\Windows\System\XkuviFw.exe
  C:\Windows\System\XkuviFw.exe
  2⤵
  PID:1824
- C:\Windows\System\quuTOpn.exe
  C:\Windows\System\quuTOpn.exe
  2⤵
  PID:3336
- C:\Windows\System\gusFAcg.exe
  C:\Windows\System\gusFAcg.exe
  2⤵
  PID:3620
- C:\Windows\System\zQJFoDm.exe
  C:\Windows\System\zQJFoDm.exe
  2⤵
  PID:5944
- C:\Windows\System\YYVRzjA.exe
  C:\Windows\System\YYVRzjA.exe
  2⤵
  PID:1656
- C:\Windows\System\NcmdGpd.exe
  C:\Windows\System\NcmdGpd.exe
  2⤵
  PID:6140
- C:\Windows\System\nHwxnLB.exe
  C:\Windows\System\nHwxnLB.exe
  2⤵
  PID:5244
- C:\Windows\System\JLotnkS.exe
  C:\Windows\System\JLotnkS.exe
  2⤵
  PID:5832
- C:\Windows\System\QrLxbjT.exe
  C:\Windows\System\QrLxbjT.exe
  2⤵
  PID:6028
- C:\Windows\System\NAPYxex.exe
  C:\Windows\System\NAPYxex.exe
  2⤵
  PID:6100
- C:\Windows\System\jUznDDE.exe
  C:\Windows\System\jUznDDE.exe
  2⤵
  PID:6148
- C:\Windows\System\TJQuZgR.exe
  C:\Windows\System\TJQuZgR.exe
  2⤵
  PID:6208
- C:\Windows\System\VeREAsj.exe
  C:\Windows\System\VeREAsj.exe
  2⤵
  PID:2328
- C:\Windows\System\ngcUDek.exe
  C:\Windows\System\ngcUDek.exe
  2⤵
  PID:6272
- C:\Windows\System\puYnpoj.exe
  C:\Windows\System\puYnpoj.exe
  2⤵
  PID:6348
- C:\Windows\System\NasitNp.exe
  C:\Windows\System\NasitNp.exe
  2⤵
  PID:3512
- C:\Windows\System\BEEqAFn.exe
  C:\Windows\System\BEEqAFn.exe
  2⤵
  PID:6004
- C:\Windows\System\VsBNMMg.exe
  C:\Windows\System\VsBNMMg.exe
  2⤵
  PID:6080
- C:\Windows\System\lUUfGdY.exe
  C:\Windows\System\lUUfGdY.exe
  2⤵
  PID:6112
- C:\Windows\System\GokGJiW.exe
  C:\Windows\System\GokGJiW.exe
  2⤵
  PID:6584
- C:\Windows\System\bNnbhbJ.exe
  C:\Windows\System\bNnbhbJ.exe
  2⤵
  PID:4428
- C:\Windows\System\nLHZeJf.exe
  C:\Windows\System\nLHZeJf.exe
  2⤵
  PID:3508
- C:\Windows\System\quINjdc.exe
  C:\Windows\System\quINjdc.exe
  2⤵
  PID:1488
- C:\Windows\System\GfjWjPM.exe
  C:\Windows\System\GfjWjPM.exe
  2⤵
  PID:3176
- C:\Windows\System\HqWZiQA.exe
  C:\Windows\System\HqWZiQA.exe
  2⤵
  PID:3092
- C:\Windows\System\JxeDBwP.exe
  C:\Windows\System\JxeDBwP.exe
  2⤵
  PID:6352
- C:\Windows\System\SVcOOnO.exe
  C:\Windows\System\SVcOOnO.exe
  2⤵
  PID:3684
- C:\Windows\System\wPGqnVd.exe
  C:\Windows\System\wPGqnVd.exe
  2⤵
  PID:6456
- C:\Windows\System\dXDiIpW.exe
  C:\Windows\System\dXDiIpW.exe
  2⤵
  PID:7176
- C:\Windows\System\gXHRYfJ.exe
  C:\Windows\System\gXHRYfJ.exe
  2⤵
  PID:7196
- C:\Windows\System\ICxreHH.exe
  C:\Windows\System\ICxreHH.exe
  2⤵
  PID:7216
- C:\Windows\System\mseMrSo.exe
  C:\Windows\System\mseMrSo.exe
  2⤵
  PID:7232
- C:\Windows\System\GWIbBvz.exe
  C:\Windows\System\GWIbBvz.exe
  2⤵
  PID:7256
- C:\Windows\System\zSmCqlK.exe
  C:\Windows\System\zSmCqlK.exe
  2⤵
  PID:7272
- C:\Windows\System\hUqBGmB.exe
  C:\Windows\System\hUqBGmB.exe
  2⤵
  PID:7292
- C:\Windows\System\rKZatBx.exe
  C:\Windows\System\rKZatBx.exe
  2⤵
  PID:7324
- C:\Windows\System\tfScjBK.exe
  C:\Windows\System\tfScjBK.exe
  2⤵
  PID:7348
- C:\Windows\System\tKOBZQv.exe
  C:\Windows\System\tKOBZQv.exe
  2⤵
  PID:7372
- C:\Windows\System\kvNTquK.exe
  C:\Windows\System\kvNTquK.exe
  2⤵
  PID:7396
- C:\Windows\System\xAYCXFw.exe
  C:\Windows\System\xAYCXFw.exe
  2⤵
  PID:7416
- C:\Windows\System\TLpLnTo.exe
  C:\Windows\System\TLpLnTo.exe
  2⤵
  PID:7436
- C:\Windows\System\EesxNdt.exe
  C:\Windows\System\EesxNdt.exe
  2⤵
  PID:7464
- C:\Windows\System\KgoUAVh.exe
  C:\Windows\System\KgoUAVh.exe
  2⤵
  PID:7492
- C:\Windows\System\hSbfuyy.exe
  C:\Windows\System\hSbfuyy.exe
  2⤵
  PID:7512
- C:\Windows\System\QMnnKAp.exe
  C:\Windows\System\QMnnKAp.exe
  2⤵
  PID:7536
- C:\Windows\System\TIoJlpX.exe
  C:\Windows\System\TIoJlpX.exe
  2⤵
  PID:7556
- C:\Windows\System\YuTJBsd.exe
  C:\Windows\System\YuTJBsd.exe
  2⤵
  PID:7580
- C:\Windows\System\KEEUDhm.exe
  C:\Windows\System\KEEUDhm.exe
  2⤵
  PID:7604
- C:\Windows\System\PCXAjYq.exe
  C:\Windows\System\PCXAjYq.exe
  2⤵
  PID:7632
- C:\Windows\System\AIrYPkV.exe
  C:\Windows\System\AIrYPkV.exe
  2⤵
  PID:7648
- C:\Windows\System\FsoDBKq.exe
  C:\Windows\System\FsoDBKq.exe
  2⤵
  PID:7672
- C:\Windows\System\IyXciBK.exe
  C:\Windows\System\IyXciBK.exe
  2⤵
  PID:7692
- C:\Windows\System\UBWEoZg.exe
  C:\Windows\System\UBWEoZg.exe
  2⤵
  PID:7712
- C:\Windows\System\JsIxETI.exe
  C:\Windows\System\JsIxETI.exe
  2⤵
  PID:7736
- C:\Windows\System\InjIpdG.exe
  C:\Windows\System\InjIpdG.exe
  2⤵
  PID:7764
- C:\Windows\System\IWDGyiW.exe
  C:\Windows\System\IWDGyiW.exe
  2⤵
  PID:7784
- C:\Windows\System\vdvlreS.exe
  C:\Windows\System\vdvlreS.exe
  2⤵
  PID:7804
- C:\Windows\System\DCLGxua.exe
  C:\Windows\System\DCLGxua.exe
  2⤵
  PID:7824
- C:\Windows\System\Fejeoeo.exe
  C:\Windows\System\Fejeoeo.exe
  2⤵
  PID:7848
- C:\Windows\System\ArZBEpA.exe
  C:\Windows\System\ArZBEpA.exe
  2⤵
  PID:7872
- C:\Windows\System\JXOsgEU.exe
  C:\Windows\System\JXOsgEU.exe
  2⤵
  PID:7896
- C:\Windows\System\dvnIFqf.exe
  C:\Windows\System\dvnIFqf.exe
  2⤵
  PID:7916
- C:\Windows\System\vQgGPwz.exe
  C:\Windows\System\vQgGPwz.exe
  2⤵
  PID:7940
- C:\Windows\System\MIKtHkc.exe
  C:\Windows\System\MIKtHkc.exe
  2⤵
  PID:7960
- C:\Windows\System\CuaRrsB.exe
  C:\Windows\System\CuaRrsB.exe
  2⤵
  PID:7980
- C:\Windows\System\KDdXSPH.exe
  C:\Windows\System\KDdXSPH.exe
  2⤵
  PID:8004
- C:\Windows\System\BrZyvzl.exe
  C:\Windows\System\BrZyvzl.exe
  2⤵
  PID:8020
- C:\Windows\System\pasEOWZ.exe
  C:\Windows\System\pasEOWZ.exe
  2⤵
  PID:8044
- C:\Windows\System\qKycHPc.exe
  C:\Windows\System\qKycHPc.exe
  2⤵
  PID:8076
- C:\Windows\System\gdhUMIK.exe
  C:\Windows\System\gdhUMIK.exe
  2⤵
  PID:8096
- C:\Windows\System\zBqswwJ.exe
  C:\Windows\System\zBqswwJ.exe
  2⤵
  PID:8116
- C:\Windows\System\fwpiziz.exe
  C:\Windows\System\fwpiziz.exe
  2⤵
  PID:8140
- C:\Windows\System\XtjDdcP.exe
  C:\Windows\System\XtjDdcP.exe
  2⤵
  PID:8164
- C:\Windows\System\AtfKRNd.exe
  C:\Windows\System\AtfKRNd.exe
  2⤵
  PID:8184
- C:\Windows\System\iSlkkGt.exe
  C:\Windows\System\iSlkkGt.exe
  2⤵
  PID:5548
- C:\Windows\System\xZamZvE.exe
  C:\Windows\System\xZamZvE.exe
  2⤵
  PID:6692
- C:\Windows\System\rJJqTlm.exe
  C:\Windows\System\rJJqTlm.exe
  2⤵
  PID:5588
- C:\Windows\System\UQBsosK.exe
  C:\Windows\System\UQBsosK.exe
  2⤵
  PID:2168
- C:\Windows\System\DmvGscu.exe
  C:\Windows\System\DmvGscu.exe
  2⤵
  PID:5948
- C:\Windows\System\tGHWlut.exe
  C:\Windows\System\tGHWlut.exe
  2⤵
  PID:6184
- C:\Windows\System\XvEFvfG.exe
  C:\Windows\System\XvEFvfG.exe
  2⤵
  PID:4940
- C:\Windows\System\SvNJngQ.exe
  C:\Windows\System\SvNJngQ.exe
  2⤵
  PID:6560
- C:\Windows\System\jkOiYqo.exe
  C:\Windows\System\jkOiYqo.exe
  2⤵
  PID:6576
- C:\Windows\System\WonkpAu.exe
  C:\Windows\System\WonkpAu.exe
  2⤵
  PID:6488
- C:\Windows\System\wjsiEbJ.exe
  C:\Windows\System\wjsiEbJ.exe
  2⤵
  PID:6528
- C:\Windows\System\DsFeUYN.exe
  C:\Windows\System\DsFeUYN.exe
  2⤵
  PID:796
- C:\Windows\System\bcLOveD.exe
  C:\Windows\System\bcLOveD.exe
  2⤵
  PID:7228
- C:\Windows\System\WdmzAuD.exe
  C:\Windows\System\WdmzAuD.exe
  2⤵
  PID:7264
- C:\Windows\System\hMJLZkN.exe
  C:\Windows\System\hMJLZkN.exe
  2⤵
  PID:8212
- C:\Windows\System\QaXEjTK.exe
  C:\Windows\System\QaXEjTK.exe
  2⤵
  PID:8236
- C:\Windows\System\znAeTOQ.exe
  C:\Windows\System\znAeTOQ.exe
  2⤵
  PID:8288
- C:\Windows\System\WggNxHw.exe
  C:\Windows\System\WggNxHw.exe
  2⤵
  PID:8308
- C:\Windows\System\fJvWNFX.exe
  C:\Windows\System\fJvWNFX.exe
  2⤵
  PID:8328
- C:\Windows\System\VRKIoTz.exe
  C:\Windows\System\VRKIoTz.exe
  2⤵
  PID:8344
- C:\Windows\System\bsluxEB.exe
  C:\Windows\System\bsluxEB.exe
  2⤵
  PID:8380
- C:\Windows\System\SSxYyFa.exe
  C:\Windows\System\SSxYyFa.exe
  2⤵
  PID:8400
- C:\Windows\System\SQFpsZe.exe
  C:\Windows\System\SQFpsZe.exe
  2⤵
  PID:8420
- C:\Windows\System\rrygzMU.exe
  C:\Windows\System\rrygzMU.exe
  2⤵
  PID:8444
- C:\Windows\System\agXLBVn.exe
  C:\Windows\System\agXLBVn.exe
  2⤵
  PID:8468
- C:\Windows\System\AfpXYdl.exe
  C:\Windows\System\AfpXYdl.exe
  2⤵
  PID:8500
- C:\Windows\System\MvqNrQm.exe
  C:\Windows\System\MvqNrQm.exe
  2⤵
  PID:8520
- C:\Windows\System\NULXRBG.exe
  C:\Windows\System\NULXRBG.exe
  2⤵
  PID:8544
- C:\Windows\System\KyvimJF.exe
  C:\Windows\System\KyvimJF.exe
  2⤵
  PID:8564
- C:\Windows\System\KLnQbLa.exe
  C:\Windows\System\KLnQbLa.exe
  2⤵
  PID:8584
- C:\Windows\System\xshjhup.exe
  C:\Windows\System\xshjhup.exe
  2⤵
  PID:8608
- C:\Windows\System\FdzKEiR.exe
  C:\Windows\System\FdzKEiR.exe
  2⤵
  PID:8640
- C:\Windows\System\ODLBvjN.exe
  C:\Windows\System\ODLBvjN.exe
  2⤵
  PID:8660
- C:\Windows\System\hIcLdrV.exe
  C:\Windows\System\hIcLdrV.exe
  2⤵
  PID:8696
- C:\Windows\System\SeMvShN.exe
  C:\Windows\System\SeMvShN.exe
  2⤵
  PID:8720
- C:\Windows\System\zjdrnLu.exe
  C:\Windows\System\zjdrnLu.exe
  2⤵
  PID:8744
- C:\Windows\System\OOKnSwq.exe
  C:\Windows\System\OOKnSwq.exe
  2⤵
  PID:8760
- C:\Windows\System\nxZPVIR.exe
  C:\Windows\System\nxZPVIR.exe
  2⤵
  PID:8788
- C:\Windows\System\iBMigHs.exe
  C:\Windows\System\iBMigHs.exe
  2⤵
  PID:8812
- C:\Windows\System\JGwiXdq.exe
  C:\Windows\System\JGwiXdq.exe
  2⤵
  PID:8832
- C:\Windows\System\nnZbDHX.exe
  C:\Windows\System\nnZbDHX.exe
  2⤵
  PID:8852
- C:\Windows\System\ViCXqkY.exe
  C:\Windows\System\ViCXqkY.exe
  2⤵
  PID:8872
- C:\Windows\System\zVJbCwf.exe
  C:\Windows\System\zVJbCwf.exe
  2⤵
  PID:8892
- C:\Windows\System\eCiqMQM.exe
  C:\Windows\System\eCiqMQM.exe
  2⤵
  PID:8912
- C:\Windows\System\WGVGzUc.exe
  C:\Windows\System\WGVGzUc.exe
  2⤵
  PID:8936
- C:\Windows\System\nyxlfoq.exe
  C:\Windows\System\nyxlfoq.exe
  2⤵
  PID:8956
- C:\Windows\System\syBYKrl.exe
  C:\Windows\System\syBYKrl.exe
  2⤵
  PID:8976
- C:\Windows\System\ctWjizV.exe
  C:\Windows\System\ctWjizV.exe
  2⤵
  PID:9008
- C:\Windows\System\iYIhbsg.exe
  C:\Windows\System\iYIhbsg.exe
  2⤵
  PID:9032
- C:\Windows\System\YKNNubH.exe
  C:\Windows\System\YKNNubH.exe
  2⤵
  PID:9056
- C:\Windows\System\HBmSyVS.exe
  C:\Windows\System\HBmSyVS.exe
  2⤵
  PID:9076
- C:\Windows\System\ZghUZeR.exe
  C:\Windows\System\ZghUZeR.exe
  2⤵
  PID:7884
- C:\Windows\System\idkngKo.exe
  C:\Windows\System\idkngKo.exe
  2⤵
  PID:7976
- C:\Windows\System\pOSFbVk.exe
  C:\Windows\System\pOSFbVk.exe
  2⤵
  PID:8028
- C:\Windows\System\zBZiYkT.exe
  C:\Windows\System\zBZiYkT.exe
  2⤵
  PID:7136
- C:\Windows\System\bkdvgne.exe
  C:\Windows\System\bkdvgne.exe
  2⤵
  PID:8180
- C:\Windows\System\BygdVdz.exe
  C:\Windows\System\BygdVdz.exe
  2⤵
  PID:6136
- C:\Windows\System\SfZASuS.exe
  C:\Windows\System\SfZASuS.exe
  2⤵
  PID:2736
- C:\Windows\System\TZXFGRI.exe
  C:\Windows\System\TZXFGRI.exe
  2⤵
  PID:5724
- C:\Windows\System\woAinLQ.exe
  C:\Windows\System\woAinLQ.exe
  2⤵
  PID:8416
- C:\Windows\System\kTubzuX.exe
  C:\Windows\System\kTubzuX.exe
  2⤵
  PID:7548
- C:\Windows\System\CfsOfsJ.exe
  C:\Windows\System\CfsOfsJ.exe
  2⤵
  PID:7640
- C:\Windows\System\AoyDMPJ.exe
  C:\Windows\System\AoyDMPJ.exe
  2⤵
  PID:8732
- C:\Windows\System\PmcIvJV.exe
  C:\Windows\System\PmcIvJV.exe
  2⤵
  PID:7820
- C:\Windows\System\PCukJWI.exe
  C:\Windows\System\PCukJWI.exe
  2⤵
  PID:8824
- C:\Windows\System\LdJOeXz.exe
  C:\Windows\System\LdJOeXz.exe
  2⤵
  PID:6000
- C:\Windows\System\WXfwgPE.exe
  C:\Windows\System\WXfwgPE.exe
  2⤵
  PID:9024
- C:\Windows\System\bpWwuZu.exe
  C:\Windows\System\bpWwuZu.exe
  2⤵
  PID:9064
- C:\Windows\System\mbGGeYM.exe
  C:\Windows\System\mbGGeYM.exe
  2⤵
  PID:9092
- C:\Windows\System\gsSgNTm.exe
  C:\Windows\System\gsSgNTm.exe
  2⤵
  PID:5484
- C:\Windows\System\wYzjOEX.exe
  C:\Windows\System\wYzjOEX.exe
  2⤵
  PID:6372
- C:\Windows\System\YlLqdlT.exe
  C:\Windows\System\YlLqdlT.exe
  2⤵
  PID:7188
- C:\Windows\System\khGLaTm.exe
  C:\Windows\System\khGLaTm.exe
  2⤵
  PID:6436
- C:\Windows\System\PQjWjcV.exe
  C:\Windows\System\PQjWjcV.exe
  2⤵
  PID:400
- C:\Windows\System\BNCiqBz.exe
  C:\Windows\System\BNCiqBz.exe
  2⤵
  PID:7308
- C:\Windows\System\qudLbjr.exe
  C:\Windows\System\qudLbjr.exe
  2⤵
  PID:7356
- C:\Windows\System\buPxAMF.exe
  C:\Windows\System\buPxAMF.exe
  2⤵
  PID:7428
- C:\Windows\System\YgQrNJT.exe
  C:\Windows\System\YgQrNJT.exe
  2⤵
  PID:7476
- C:\Windows\System\MvnLIFM.exe
  C:\Windows\System\MvnLIFM.exe
  2⤵
  PID:9236
- C:\Windows\System\XfEBTjp.exe
  C:\Windows\System\XfEBTjp.exe
  2⤵
  PID:9256
- C:\Windows\System\JKnoAij.exe
  C:\Windows\System\JKnoAij.exe
  2⤵
  PID:9280
- C:\Windows\System\XMcJxoF.exe
  C:\Windows\System\XMcJxoF.exe
  2⤵
  PID:9304
- C:\Windows\System\BSYnMXH.exe
  C:\Windows\System\BSYnMXH.exe
  2⤵
  PID:9320
- C:\Windows\System\FgLBZTG.exe
  C:\Windows\System\FgLBZTG.exe
  2⤵
  PID:9368
- C:\Windows\System\uVWJHqz.exe
  C:\Windows\System\uVWJHqz.exe
  2⤵
  PID:9388
- C:\Windows\System\EhIDQoa.exe
  C:\Windows\System\EhIDQoa.exe
  2⤵
  PID:9428
- C:\Windows\System\YgatjCf.exe
  C:\Windows\System\YgatjCf.exe
  2⤵
  PID:9448
- C:\Windows\System\cYLDlNV.exe
  C:\Windows\System\cYLDlNV.exe
  2⤵
  PID:9480
- C:\Windows\System\NZekQLe.exe
  C:\Windows\System\NZekQLe.exe
  2⤵
  PID:9516
- C:\Windows\System\WMWldCQ.exe
  C:\Windows\System\WMWldCQ.exe
  2⤵
  PID:9540
- C:\Windows\System\TfyVFIR.exe
  C:\Windows\System\TfyVFIR.exe
  2⤵
  PID:9560
- C:\Windows\System\fsDQJiD.exe
  C:\Windows\System\fsDQJiD.exe
  2⤵
  PID:9596
- C:\Windows\System\EidyYWI.exe
  C:\Windows\System\EidyYWI.exe
  2⤵
  PID:9620
- C:\Windows\System\IpWerdp.exe
  C:\Windows\System\IpWerdp.exe
  2⤵
  PID:9644
- C:\Windows\System\SqLhYyf.exe
  C:\Windows\System\SqLhYyf.exe
  2⤵
  PID:9664
- C:\Windows\System\akidRNo.exe
  C:\Windows\System\akidRNo.exe
  2⤵
  PID:9684
- C:\Windows\System\YMhICYS.exe
  C:\Windows\System\YMhICYS.exe
  2⤵
  PID:9712
- C:\Windows\System\EqZcOOz.exe
  C:\Windows\System\EqZcOOz.exe
  2⤵
  PID:9728
- C:\Windows\System\xAyQFkt.exe
  C:\Windows\System\xAyQFkt.exe
  2⤵
  PID:9748
- C:\Windows\System\cqVbcwG.exe
  C:\Windows\System\cqVbcwG.exe
  2⤵
  PID:9772
- C:\Windows\System\dHvYNhl.exe
  C:\Windows\System\dHvYNhl.exe
  2⤵
  PID:9796
- C:\Windows\System\XzhVbHk.exe
  C:\Windows\System\XzhVbHk.exe
  2⤵
  PID:9816
- C:\Windows\System\oXxrdeH.exe
  C:\Windows\System\oXxrdeH.exe
  2⤵
  PID:9840
- C:\Windows\System\OQuBtrn.exe
  C:\Windows\System\OQuBtrn.exe
  2⤵
  PID:9864
- C:\Windows\System\GTVxRrF.exe
  C:\Windows\System\GTVxRrF.exe
  2⤵
  PID:9888
- C:\Windows\System\RSbXVVV.exe
  C:\Windows\System\RSbXVVV.exe
  2⤵
  PID:9908
- C:\Windows\System\jtufPJh.exe
  C:\Windows\System\jtufPJh.exe
  2⤵
  PID:9952
- C:\Windows\System\pFUKoxh.exe
  C:\Windows\System\pFUKoxh.exe
  2⤵
  PID:9972
- C:\Windows\System\NCDAoxB.exe
  C:\Windows\System\NCDAoxB.exe
  2⤵
  PID:10004
- C:\Windows\System\oQHpAvq.exe
  C:\Windows\System\oQHpAvq.exe
  2⤵
  PID:10040
- C:\Windows\System\TIHZKDk.exe
  C:\Windows\System\TIHZKDk.exe
  2⤵
  PID:10056
- C:\Windows\System\xzitira.exe
  C:\Windows\System\xzitira.exe
  2⤵
  PID:10072
- C:\Windows\System\WgoHWdC.exe
  C:\Windows\System\WgoHWdC.exe
  2⤵
  PID:10092
- C:\Windows\System\kfDplvw.exe
  C:\Windows\System\kfDplvw.exe
  2⤵
  PID:10108
- C:\Windows\System\RKXlCzM.exe
  C:\Windows\System\RKXlCzM.exe
  2⤵
  PID:10128
- C:\Windows\System\cGOeSuV.exe
  C:\Windows\System\cGOeSuV.exe
  2⤵
  PID:10148
- C:\Windows\System\dSyxSxX.exe
  C:\Windows\System\dSyxSxX.exe
  2⤵
  PID:10168
- C:\Windows\System\cOuTAOi.exe
  C:\Windows\System\cOuTAOi.exe
  2⤵
  PID:10196
- C:\Windows\System\KtveBbe.exe
  C:\Windows\System\KtveBbe.exe
  2⤵
  PID:10216
- C:\Windows\System\vlrIMtl.exe
  C:\Windows\System\vlrIMtl.exe
  2⤵
  PID:10236
- C:\Windows\System\zOvbsmX.exe
  C:\Windows\System\zOvbsmX.exe
  2⤵
  PID:7576
- C:\Windows\System\gbyIxdm.exe
  C:\Windows\System\gbyIxdm.exe
  2⤵
  PID:8672
- C:\Windows\System\RaPqjYv.exe
  C:\Windows\System\RaPqjYv.exe
  2⤵
  PID:7752
- C:\Windows\System\nkhqpiQ.exe
  C:\Windows\System\nkhqpiQ.exe
  2⤵
  PID:8844
- C:\Windows\System\MkTHIZq.exe
  C:\Windows\System\MkTHIZq.exe
  2⤵
  PID:7972
- C:\Windows\System\cXqQHht.exe
  C:\Windows\System\cXqQHht.exe
  2⤵
  PID:8932
- C:\Windows\System\XBMrKTb.exe
  C:\Windows\System\XBMrKTb.exe
  2⤵
  PID:8092
- C:\Windows\System\WfeiOiz.exe
  C:\Windows\System\WfeiOiz.exe
  2⤵
  PID:4588
- C:\Windows\System\qomufto.exe
  C:\Windows\System\qomufto.exe
  2⤵
  PID:8176
- C:\Windows\System\Fllsull.exe
  C:\Windows\System\Fllsull.exe
  2⤵
  PID:6228
- C:\Windows\System\FpJfAWt.exe
  C:\Windows\System\FpJfAWt.exe
  2⤵
  PID:7520
- C:\Windows\System\wfuObWT.exe
  C:\Windows\System\wfuObWT.exe
  2⤵
  PID:9144
- C:\Windows\System\gWTmWDF.exe
  C:\Windows\System\gWTmWDF.exe
  2⤵
  PID:8784
- C:\Windows\System\VXPFyng.exe
  C:\Windows\System\VXPFyng.exe
  2⤵
  PID:8952
- C:\Windows\System\LCZXZFI.exe
  C:\Windows\System\LCZXZFI.exe
  2⤵
  PID:10252
- C:\Windows\System\pKNHUgW.exe
  C:\Windows\System\pKNHUgW.exe
  2⤵
  PID:10272
- C:\Windows\System\OcWWcIZ.exe
  C:\Windows\System\OcWWcIZ.exe
  2⤵
  PID:10292
- C:\Windows\System\YMsErCj.exe
  C:\Windows\System\YMsErCj.exe
  2⤵
  PID:10316
- C:\Windows\System\fHFadBo.exe
  C:\Windows\System\fHFadBo.exe
  2⤵
  PID:10336
- C:\Windows\System\auUmxJH.exe
  C:\Windows\System\auUmxJH.exe
  2⤵
  PID:10364
- C:\Windows\System\vndYzwl.exe
  C:\Windows\System\vndYzwl.exe
  2⤵
  PID:10388
- C:\Windows\System\QxpJuTX.exe
  C:\Windows\System\QxpJuTX.exe
  2⤵
  PID:10420
- C:\Windows\System\aMsacRk.exe
  C:\Windows\System\aMsacRk.exe
  2⤵
  PID:10552
- C:\Windows\System\yLDyiBC.exe
  C:\Windows\System\yLDyiBC.exe
  2⤵
  PID:10584
- C:\Windows\System\tvtGiAf.exe
  C:\Windows\System\tvtGiAf.exe
  2⤵
  PID:10604
- C:\Windows\System\lUQRkKm.exe
  C:\Windows\System\lUQRkKm.exe
  2⤵
  PID:10624
- C:\Windows\System\frxwlqS.exe
  C:\Windows\System\frxwlqS.exe
  2⤵
  PID:10644
- C:\Windows\System\CBkZtzK.exe
  C:\Windows\System\CBkZtzK.exe
  2⤵
  PID:10668
- C:\Windows\System\mSECCqc.exe
  C:\Windows\System\mSECCqc.exe
  2⤵
  PID:10692
- C:\Windows\System\VVRhWKq.exe
  C:\Windows\System\VVRhWKq.exe
  2⤵
  PID:10712
- C:\Windows\System\VpetuzV.exe
  C:\Windows\System\VpetuzV.exe
  2⤵
  PID:10732
- C:\Windows\System\kMFDPzp.exe
  C:\Windows\System\kMFDPzp.exe
  2⤵
  PID:10756
- C:\Windows\System\ytEXrsW.exe
  C:\Windows\System\ytEXrsW.exe
  2⤵
  PID:10780
- C:\Windows\System\MYJAxSi.exe
  C:\Windows\System\MYJAxSi.exe
  2⤵
  PID:10800
- C:\Windows\System\XzYLtWc.exe
  C:\Windows\System\XzYLtWc.exe
  2⤵
  PID:10824
- C:\Windows\System\btGASDF.exe
  C:\Windows\System\btGASDF.exe
  2⤵
  PID:10848
- C:\Windows\System\HZUqsoN.exe
  C:\Windows\System\HZUqsoN.exe
  2⤵
  PID:10868
- C:\Windows\System\FkotvWV.exe
  C:\Windows\System\FkotvWV.exe
  2⤵
  PID:10892
- C:\Windows\System\MRZReBO.exe
  C:\Windows\System\MRZReBO.exe
  2⤵
  PID:10920
- C:\Windows\System\rSPkwlW.exe
  C:\Windows\System\rSPkwlW.exe
  2⤵
  PID:10944
- C:\Windows\System\wanmasR.exe
  C:\Windows\System\wanmasR.exe
  2⤵
  PID:10964
- C:\Windows\System\gTkRcvV.exe
  C:\Windows\System\gTkRcvV.exe
  2⤵
  PID:10992
- C:\Windows\System\gOtRiFs.exe
  C:\Windows\System\gOtRiFs.exe
  2⤵
  PID:11016
- C:\Windows\System\BAlbSoc.exe
  C:\Windows\System\BAlbSoc.exe
  2⤵
  PID:11032
- C:\Windows\System\nqsTmJE.exe
  C:\Windows\System\nqsTmJE.exe
  2⤵
  PID:11052
- C:\Windows\System\ZLUhhpd.exe
  C:\Windows\System\ZLUhhpd.exe
  2⤵
  PID:11068
- C:\Windows\System\kGgLipb.exe
  C:\Windows\System\kGgLipb.exe
  2⤵
  PID:11084
- C:\Windows\System\IxFdWHv.exe
  C:\Windows\System\IxFdWHv.exe
  2⤵
  PID:11100
- C:\Windows\System\MZtKDgM.exe
  C:\Windows\System\MZtKDgM.exe
  2⤵
  PID:11116
- C:\Windows\System\adMkWQo.exe
  C:\Windows\System\adMkWQo.exe
  2⤵
  PID:11132
- C:\Windows\System\mokUloe.exe
  C:\Windows\System\mokUloe.exe
  2⤵
  PID:11156
- C:\Windows\System\XiZMFRA.exe
  C:\Windows\System\XiZMFRA.exe
  2⤵
  PID:11180
- C:\Windows\System\nRvQDMF.exe
  C:\Windows\System\nRvQDMF.exe
  2⤵
  PID:11196
- C:\Windows\System\bvfhRZf.exe
  C:\Windows\System\bvfhRZf.exe
  2⤵
  PID:11212
- C:\Windows\System\DAzqVjw.exe
  C:\Windows\System\DAzqVjw.exe
  2⤵
  PID:11236
- C:\Windows\System\uyDXfPc.exe
  C:\Windows\System\uyDXfPc.exe
  2⤵
  PID:6512
- C:\Windows\System\kuwoGBh.exe
  C:\Windows\System\kuwoGBh.exe
  2⤵
  PID:3016
- C:\Windows\System\MlOtGQs.exe
  C:\Windows\System\MlOtGQs.exe
  2⤵
  PID:8244
- C:\Windows\System\PKiwQvd.exe
  C:\Windows\System\PKiwQvd.exe
  2⤵
  PID:8364
- C:\Windows\System\wWabnau.exe
  C:\Windows\System\wWabnau.exe
  2⤵
  PID:8456
- C:\Windows\System\UvwATBy.exe
  C:\Windows\System\UvwATBy.exe
  2⤵
  PID:8516
- C:\Windows\System\eTFMIeh.exe
  C:\Windows\System\eTFMIeh.exe
  2⤵
  PID:8560
- C:\Windows\System\DQlxGSH.exe
  C:\Windows\System\DQlxGSH.exe
  2⤵
  PID:8600
- C:\Windows\System\ndNeOke.exe
  C:\Windows\System\ndNeOke.exe
  2⤵
  PID:8680
- C:\Windows\System\PhlkroX.exe
  C:\Windows\System\PhlkroX.exe
  2⤵
  PID:7856
- C:\Windows\System\mbNxZBS.exe
  C:\Windows\System\mbNxZBS.exe
  2⤵
  PID:9656
- C:\Windows\System\SkzsHpg.exe
  C:\Windows\System\SkzsHpg.exe
  2⤵
  PID:9744
- C:\Windows\System\hDSlbAw.exe
  C:\Windows\System\hDSlbAw.exe
  2⤵
  PID:9804
- C:\Windows\System\xpZPnGz.exe
  C:\Windows\System\xpZPnGz.exe
  2⤵
  PID:9904
- C:\Windows\System\kpwdgmi.exe
  C:\Windows\System\kpwdgmi.exe
  2⤵
  PID:10028
- C:\Windows\System\cHClARr.exe
  C:\Windows\System\cHClARr.exe
  2⤵
  PID:10068
- C:\Windows\System\RbChtON.exe
  C:\Windows\System\RbChtON.exe
  2⤵
  PID:10188
- C:\Windows\System\XHVHsLR.exe
  C:\Windows\System\XHVHsLR.exe
  2⤵
  PID:10228
- C:\Windows\System\jNihsgm.exe
  C:\Windows\System\jNihsgm.exe
  2⤵
  PID:7572
- C:\Windows\System\QHtvOAu.exe
  C:\Windows\System\QHtvOAu.exe
  2⤵
  PID:8928
- C:\Windows\System\jPBGBLJ.exe
  C:\Windows\System\jPBGBLJ.exe
  2⤵
  PID:8152
- C:\Windows\System\KSJPhnh.exe
  C:\Windows\System\KSJPhnh.exe
  2⤵
  PID:10268
- C:\Windows\System\nQUBOvz.exe
  C:\Windows\System\nQUBOvz.exe
  2⤵
  PID:9112
- C:\Windows\System\TWaKNef.exe
  C:\Windows\System\TWaKNef.exe
  2⤵
  PID:11288
- C:\Windows\System\SjpZKhL.exe
  C:\Windows\System\SjpZKhL.exe
  2⤵
  PID:11308
- C:\Windows\System\fJBMCwo.exe
  C:\Windows\System\fJBMCwo.exe
  2⤵
  PID:11328
- C:\Windows\System\MvavNyU.exe
  C:\Windows\System\MvavNyU.exe
  2⤵
  PID:11348
- C:\Windows\System\ZEqvLat.exe
  C:\Windows\System\ZEqvLat.exe
  2⤵
  PID:11368
- C:\Windows\System\dknwvMA.exe
  C:\Windows\System\dknwvMA.exe
  2⤵
  PID:11400
- C:\Windows\System\wLPbFlZ.exe
  C:\Windows\System\wLPbFlZ.exe
  2⤵
  PID:11416
- C:\Windows\System\inNObhC.exe
  C:\Windows\System\inNObhC.exe
  2⤵
  PID:11436
- C:\Windows\System\ObAwLBx.exe
  C:\Windows\System\ObAwLBx.exe
  2⤵
  PID:11456
- C:\Windows\System\tLnNjpb.exe
  C:\Windows\System\tLnNjpb.exe
  2⤵
  PID:11504
- C:\Windows\System\QptJnHw.exe
  C:\Windows\System\QptJnHw.exe
  2⤵
  PID:11524
- C:\Windows\System\zXemYae.exe
  C:\Windows\System\zXemYae.exe
  2⤵
  PID:11540
- C:\Windows\System\hAoZAvQ.exe
  C:\Windows\System\hAoZAvQ.exe
  2⤵
  PID:11560
- C:\Windows\System\SIkrOmP.exe
  C:\Windows\System\SIkrOmP.exe
  2⤵
  PID:11588
- C:\Windows\System\VGbTwHU.exe
  C:\Windows\System\VGbTwHU.exe
  2⤵
  PID:11608
- C:\Windows\System\jgZxtsX.exe
  C:\Windows\System\jgZxtsX.exe
  2⤵
  PID:11628
- C:\Windows\System\zpYKRfM.exe
  C:\Windows\System\zpYKRfM.exe
  2⤵
  PID:11652
- C:\Windows\System\QoUXOLU.exe
  C:\Windows\System\QoUXOLU.exe
  2⤵
  PID:11672
- C:\Windows\System\JKuJahb.exe
  C:\Windows\System\JKuJahb.exe
  2⤵
  PID:11696
- C:\Windows\System\BEMvmyT.exe
  C:\Windows\System\BEMvmyT.exe
  2⤵
  PID:11716
- C:\Windows\System\TaTtMCJ.exe
  C:\Windows\System\TaTtMCJ.exe
  2⤵
  PID:11736
- C:\Windows\System\JsJyavw.exe
  C:\Windows\System\JsJyavw.exe
  2⤵
  PID:11768
- C:\Windows\System\KvlvrwC.exe
  C:\Windows\System\KvlvrwC.exe
  2⤵
  PID:11784
- C:\Windows\System\AdhcMLb.exe
  C:\Windows\System\AdhcMLb.exe
  2⤵
  PID:11800
- C:\Windows\System\gOWJZMO.exe
  C:\Windows\System\gOWJZMO.exe
  2⤵
  PID:11816
- C:\Windows\System\UYVfBvc.exe
  C:\Windows\System\UYVfBvc.exe
  2⤵
  PID:11836
- C:\Windows\System\ieAKRxQ.exe
  C:\Windows\System\ieAKRxQ.exe
  2⤵
  PID:11852
- C:\Windows\System\kFEQqJO.exe
  C:\Windows\System\kFEQqJO.exe
  2⤵
  PID:11872
- C:\Windows\System\XYBnIfK.exe
  C:\Windows\System\XYBnIfK.exe
  2⤵
  PID:11888
- C:\Windows\System\zDDJMli.exe
  C:\Windows\System\zDDJMli.exe
  2⤵
  PID:11916
- C:\Windows\System\pOOmNaS.exe
  C:\Windows\System\pOOmNaS.exe
  2⤵
  PID:11936
- C:\Windows\System\dlygoXy.exe
  C:\Windows\System\dlygoXy.exe
  2⤵
  PID:11956
- C:\Windows\System\aKbhQIo.exe
  C:\Windows\System\aKbhQIo.exe
  2⤵
  PID:11980
- C:\Windows\System\pGpBlgy.exe
  C:\Windows\System\pGpBlgy.exe
  2⤵
  PID:12000
- C:\Windows\System\osnBhIV.exe
  C:\Windows\System\osnBhIV.exe
  2⤵
  PID:12024
- C:\Windows\System\rsDyNwT.exe
  C:\Windows\System\rsDyNwT.exe
  2⤵
  PID:12052
- C:\Windows\System\uUPdOsC.exe
  C:\Windows\System\uUPdOsC.exe
  2⤵
  PID:12076
- C:\Windows\System\zwdRtJT.exe
  C:\Windows\System\zwdRtJT.exe
  2⤵
  PID:12096
- C:\Windows\System\mfswDEl.exe
  C:\Windows\System\mfswDEl.exe
  2⤵
  PID:12116
- C:\Windows\System\FJvHiKW.exe
  C:\Windows\System\FJvHiKW.exe
  2⤵
  PID:12140
- C:\Windows\System\KOXxJjG.exe
  C:\Windows\System\KOXxJjG.exe
  2⤵
  PID:12164
- C:\Windows\System\nHFhHWI.exe
  C:\Windows\System\nHFhHWI.exe
  2⤵
  PID:12184
- C:\Windows\System\PxuntRg.exe
  C:\Windows\System\PxuntRg.exe
  2⤵
  PID:12204
- C:\Windows\System\kKezKiA.exe
  C:\Windows\System\kKezKiA.exe
  2⤵
  PID:12224
- C:\Windows\System\ZfRgYZI.exe
  C:\Windows\System\ZfRgYZI.exe
  2⤵
  PID:12244
- C:\Windows\System\vHFjvlf.exe
  C:\Windows\System\vHFjvlf.exe
  2⤵
  PID:12268
- C:\Windows\System\APQHukv.exe
  C:\Windows\System\APQHukv.exe
  2⤵
  PID:10332
- C:\Windows\System\FnLUNOd.exe
  C:\Windows\System\FnLUNOd.exe
  2⤵
  PID:7152
- C:\Windows\System\fotWjwc.exe
  C:\Windows\System\fotWjwc.exe
  2⤵
  PID:6648
- C:\Windows\System\wxRhWlj.exe
  C:\Windows\System\wxRhWlj.exe
  2⤵
  PID:6816
- C:\Windows\System\uoKXTdJ.exe
  C:\Windows\System\uoKXTdJ.exe
  2⤵
  PID:10652
- C:\Windows\System\bLVLkCY.exe
  C:\Windows\System\bLVLkCY.exe
  2⤵
  PID:10688
- C:\Windows\System\MVAKIsZ.exe
  C:\Windows\System\MVAKIsZ.exe
  2⤵
  PID:9616
- C:\Windows\System\YHivyme.exe
  C:\Windows\System\YHivyme.exe
  2⤵
  PID:10776
- C:\Windows\System\JFIEIFv.exe
  C:\Windows\System\JFIEIFv.exe
  2⤵
  PID:10860
- C:\Windows\System\WtQZgvE.exe
  C:\Windows\System\WtQZgvE.exe
  2⤵
  PID:9788
- C:\Windows\System\kXXhPIk.exe
  C:\Windows\System\kXXhPIk.exe
  2⤵
  PID:10960
- C:\Windows\System\cGKRNuW.exe
  C:\Windows\System\cGKRNuW.exe
  2⤵
  PID:7704
- C:\Windows\System\yUrblJj.exe
  C:\Windows\System\yUrblJj.exe
  2⤵
  PID:11012
- C:\Windows\System\ZIscQSb.exe
  C:\Windows\System\ZIscQSb.exe
  2⤵
  PID:11080
- C:\Windows\System\fMCzmjB.exe
  C:\Windows\System\fMCzmjB.exe
  2⤵
  PID:11112
- C:\Windows\System\MBzOSrw.exe
  C:\Windows\System\MBzOSrw.exe
  2⤵
  PID:10104
- C:\Windows\System\sNQEhxV.exe
  C:\Windows\System\sNQEhxV.exe
  2⤵
  PID:11172
- C:\Windows\System\kDjfffT.exe
  C:\Windows\System\kDjfffT.exe
  2⤵
  PID:11192
- C:\Windows\System\afqckCP.exe
  C:\Windows\System\afqckCP.exe
  2⤵
  PID:5632
- C:\Windows\System\wceYyfk.exe
  C:\Windows\System\wceYyfk.exe
  2⤵
  PID:2104
- C:\Windows\System\CvDNAUZ.exe
  C:\Windows\System\CvDNAUZ.exe
  2⤵
  PID:7952
- C:\Windows\System\tmhLBLB.exe
  C:\Windows\System\tmhLBLB.exe
  2⤵
  PID:8396
- C:\Windows\System\nFUtPRl.exe
  C:\Windows\System\nFUtPRl.exe
  2⤵
  PID:7992
- C:\Windows\System\JXtEGaK.exe
  C:\Windows\System\JXtEGaK.exe
  2⤵
  PID:12296
- C:\Windows\System\JMaIBgo.exe
  C:\Windows\System\JMaIBgo.exe
  2⤵
  PID:12316
- C:\Windows\System\bvJBEuB.exe
  C:\Windows\System\bvJBEuB.exe
  2⤵
  PID:12336
- C:\Windows\System\ssAAHlL.exe
  C:\Windows\System\ssAAHlL.exe
  2⤵
  PID:12352
- C:\Windows\System\MCUARum.exe
  C:\Windows\System\MCUARum.exe
  2⤵
  PID:12372
- C:\Windows\System\VqucYNW.exe
  C:\Windows\System\VqucYNW.exe
  2⤵
  PID:12396
- C:\Windows\System\mKUArwl.exe
  C:\Windows\System\mKUArwl.exe
  2⤵
  PID:12420
- C:\Windows\System\bMwYJdq.exe
  C:\Windows\System\bMwYJdq.exe
  2⤵
  PID:12444
- C:\Windows\System\UQKMjiu.exe
  C:\Windows\System\UQKMjiu.exe
  2⤵
  PID:12468
- C:\Windows\System\wqHUMvL.exe
  C:\Windows\System\wqHUMvL.exe
  2⤵
  PID:12492
- C:\Windows\System\AglgvOG.exe
  C:\Windows\System\AglgvOG.exe
  2⤵
  PID:12512
- C:\Windows\System\EtDrJQU.exe
  C:\Windows\System\EtDrJQU.exe
  2⤵
  PID:12536
- C:\Windows\System\dAkUDND.exe
  C:\Windows\System\dAkUDND.exe
  2⤵
  PID:12552
- C:\Windows\System\qMbhdup.exe
  C:\Windows\System\qMbhdup.exe
  2⤵
  PID:12568
- C:\Windows\System\PAJzahH.exe
  C:\Windows\System\PAJzahH.exe
  2⤵
  PID:12584
- C:\Windows\System\vZvEIbe.exe
  C:\Windows\System\vZvEIbe.exe
  2⤵
  PID:12600
- C:\Windows\System\BtaTrjp.exe
  C:\Windows\System\BtaTrjp.exe
  2⤵
  PID:12620
- C:\Windows\System\sqLMvNW.exe
  C:\Windows\System\sqLMvNW.exe
  2⤵
  PID:12636
- C:\Windows\System\lMVJMDR.exe
  C:\Windows\System\lMVJMDR.exe
  2⤵
  PID:12652
- C:\Windows\System\zdvbXKX.exe
  C:\Windows\System\zdvbXKX.exe
  2⤵
  PID:12676
- C:\Windows\System\ORxfErs.exe
  C:\Windows\System\ORxfErs.exe
  2⤵
  PID:12692
- C:\Windows\System\awwNJVF.exe
  C:\Windows\System\awwNJVF.exe
  2⤵
  PID:12720
- C:\Windows\System\tucmZlR.exe
  C:\Windows\System\tucmZlR.exe
  2⤵
  PID:12744
- C:\Windows\System\uZrqZjL.exe
  C:\Windows\System\uZrqZjL.exe
  2⤵
  PID:12764
- C:\Windows\System\wyYlLkh.exe
  C:\Windows\System\wyYlLkh.exe
  2⤵
  PID:10532
- C:\Windows\System\LtMPqeP.exe
  C:\Windows\System\LtMPqeP.exe
  2⤵
  PID:10580
- C:\Windows\System\AKoQqbg.exe
  C:\Windows\System\AKoQqbg.exe
  2⤵
  PID:10856
- C:\Windows\System\pHKlsSD.exe
  C:\Windows\System\pHKlsSD.exe
  2⤵
  PID:11932
- C:\Windows\System\crtijvY.exe
  C:\Windows\System\crtijvY.exe
  2⤵
  PID:11024
- C:\Windows\System\nQNErhR.exe
  C:\Windows\System\nQNErhR.exe
  2⤵
  PID:12176
- C:\Windows\System\SZpRjFm.exe
  C:\Windows\System\SZpRjFm.exe
  2⤵
  PID:10708
- C:\Windows\System\tVZzUUl.exe
  C:\Windows\System\tVZzUUl.exe
  2⤵
  PID:8336
- C:\Windows\System\vFmMwnE.exe
  C:\Windows\System\vFmMwnE.exe
  2⤵
  PID:8512
- C:\Windows\System\UbRYkmA.exe
  C:\Windows\System\UbRYkmA.exe
  2⤵
  PID:11520
- C:\Windows\System\nxIPIcj.exe
  C:\Windows\System\nxIPIcj.exe
  2⤵
  PID:11556
- C:\Windows\System\ZFBaYyq.exe
  C:\Windows\System\ZFBaYyq.exe
  2⤵
  PID:11600
- C:\Windows\System\xZFgewz.exe
  C:\Windows\System\xZFgewz.exe
  2⤵
  PID:11968
- C:\Windows\System\DYGKDVc.exe
  C:\Windows\System\DYGKDVc.exe
  2⤵
  PID:12160
- C:\Windows\System\iyXujrH.exe
  C:\Windows\System\iyXujrH.exe
  2⤵
  PID:12196
- C:\Windows\System\HutVkLC.exe
  C:\Windows\System\HutVkLC.exe
  2⤵
  PID:10328
- C:\Windows\System\IXeLkDM.exe
  C:\Windows\System\IXeLkDM.exe
  2⤵
  PID:13196
- C:\Windows\System\tgKVgfY.exe
  C:\Windows\System\tgKVgfY.exe
  2⤵
  PID:13220
- C:\Windows\System\XUCJgIA.exe
  C:\Windows\System\XUCJgIA.exe
  2⤵
  PID:9088
- C:\Windows\System\WoBGLmc.exe
  C:\Windows\System\WoBGLmc.exe
  2⤵
  PID:5212
- C:\Windows\System\SWFKasE.exe
  C:\Windows\System\SWFKasE.exe
  2⤵
  PID:12560
- C:\Windows\System\NmuaQxc.exe
  C:\Windows\System\NmuaQxc.exe
  2⤵
  PID:12648
- C:\Windows\System\CUAVTSA.exe
  C:\Windows\System\CUAVTSA.exe
  2⤵
  PID:13296
- C:\Windows\System\ShhYGoL.exe
  C:\Windows\System\ShhYGoL.exe
  2⤵
  PID:12756
- C:\Windows\System\XaWFbcv.exe
  C:\Windows\System\XaWFbcv.exe
  2⤵
  PID:1328
- C:\Windows\System\vdTAKly.exe
  C:\Windows\System\vdTAKly.exe
  2⤵
  PID:12800
- C:\Windows\System\KHHyQKf.exe
  C:\Windows\System\KHHyQKf.exe
  2⤵
  PID:9968
- C:\Windows\System\MYxNdAi.exe
  C:\Windows\System\MYxNdAi.exe
  2⤵
  PID:12884
- C:\Windows\System\NTvuTWB.exe
  C:\Windows\System\NTvuTWB.exe
  2⤵
  PID:12916
- C:\Windows\System\NgFyYmD.exe
  C:\Windows\System\NgFyYmD.exe
  2⤵
  PID:12948
- C:\Windows\System\NokxsAd.exe
  C:\Windows\System\NokxsAd.exe
  2⤵
  PID:13060
- C:\Windows\System\Cmxzjhu.exe
  C:\Windows\System\Cmxzjhu.exe
  2⤵
  PID:13088
- C:\Windows\System\ofnmdgt.exe
  C:\Windows\System\ofnmdgt.exe
  2⤵
  PID:13304
- C:\Windows\System\bQLnfTB.exe
  C:\Windows\System\bQLnfTB.exe
  2⤵
  PID:6916
- C:\Windows\System\NnrAOPT.exe
  C:\Windows\System\NnrAOPT.exe
  2⤵
  PID:5196
- C:\Windows\System\brdGhPP.exe
  C:\Windows\System\brdGhPP.exe
  2⤵
  PID:11188
- C:\Windows\System\XFEeBZJ.exe
  C:\Windows\System\XFEeBZJ.exe
  2⤵
  PID:8556
- C:\Windows\System\gWnVrCO.exe
  C:\Windows\System\gWnVrCO.exe
  2⤵
  PID:3660
- C:\Windows\System\KmMgGae.exe
  C:\Windows\System\KmMgGae.exe
  2⤵
  PID:7504
- C:\Windows\System\MEzhHBo.exe
  C:\Windows\System\MEzhHBo.exe
  2⤵
  PID:9328
- C:\Windows\System\CIAHzGv.exe
  C:\Windows\System\CIAHzGv.exe
  2⤵
  PID:9396
- C:\Windows\System\CldHpjx.exe
  C:\Windows\System\CldHpjx.exe
  2⤵
  PID:10540
- C:\Windows\System\bxrqoTD.exe
  C:\Windows\System\bxrqoTD.exe
  2⤵
  PID:10596
- C:\Windows\System\OMlsDiT.exe
  C:\Windows\System\OMlsDiT.exe
  2⤵
  PID:9724
- C:\Windows\System\WyWaBSp.exe
  C:\Windows\System\WyWaBSp.exe
  2⤵
  PID:9848
- C:\Windows\System\scVgHMh.exe
  C:\Windows\System\scVgHMh.exe
  2⤵
  PID:12040
- C:\Windows\System\JpPgBsS.exe
  C:\Windows\System\JpPgBsS.exe
  2⤵
  PID:11092
- C:\Windows\System\PuGMuBL.exe
  C:\Windows\System\PuGMuBL.exe
  2⤵
  PID:11152
- C:\Windows\System\urVmtOR.exe
  C:\Windows\System\urVmtOR.exe
  2⤵
  PID:2172
- C:\Windows\System\iGbgQTg.exe
  C:\Windows\System\iGbgQTg.exe
  2⤵
  PID:12860
- C:\Windows\System\dCYFzXz.exe
  C:\Windows\System\dCYFzXz.exe
  2⤵
  PID:11444
- C:\Windows\System\UtCIPoB.exe
  C:\Windows\System\UtCIPoB.exe
  2⤵
  PID:11516
- C:\Windows\System\CTAeDUx.exe
  C:\Windows\System\CTAeDUx.exe
  2⤵
  PID:11616
- C:\Windows\System\XpEWKYc.exe
  C:\Windows\System\XpEWKYc.exe
  2⤵
  PID:9292
- C:\Windows\System\IZzSRtR.exe
  C:\Windows\System\IZzSRtR.exe
  2⤵
  PID:11756
- C:\Windows\System\OvwMoFk.exe
  C:\Windows\System\OvwMoFk.exe
  2⤵
  PID:11808
- C:\Windows\System\UROblgY.exe
  C:\Windows\System\UROblgY.exe
  2⤵
  PID:9876
- C:\Windows\System\XwRcCzE.exe
  C:\Windows\System\XwRcCzE.exe
  2⤵
  PID:11228
- C:\Windows\System\fGXxZpo.exe
  C:\Windows\System\fGXxZpo.exe
  2⤵
  PID:12108
- C:\Windows\System\OgGMkOd.exe
  C:\Windows\System\OgGMkOd.exe
  2⤵
  PID:12252
- C:\Windows\System\QysxAIh.exe
  C:\Windows\System\QysxAIh.exe
  2⤵
  PID:12404
- C:\Windows\System\UixyWFp.exe
  C:\Windows\System\UixyWFp.exe
  2⤵
  PID:13096
- C:\Windows\System\DYexvKs.exe
  C:\Windows\System\DYexvKs.exe
  2⤵
  PID:12576
- C:\Windows\System\cCmyWHX.exe
  C:\Windows\System\cCmyWHX.exe
  2⤵
  PID:3624
- C:\Windows\System\NgIjvqK.exe
  C:\Windows\System\NgIjvqK.exe
  2⤵
  PID:12820
- C:\Windows\System\IUxFiWV.exe
  C:\Windows\System\IUxFiWV.exe
  2⤵
  PID:12148
- C:\Windows\System\ifdojHG.exe
  C:\Windows\System\ifdojHG.exe
  2⤵
  PID:5160
- C:\Windows\System\aljwZsH.exe
  C:\Windows\System\aljwZsH.exe
  2⤵
  PID:12664
- C:\Windows\System\ORYNwzD.exe
  C:\Windows\System\ORYNwzD.exe
  2⤵
  PID:12984
- C:\Windows\System\qhfhIOz.exe
  C:\Windows\System\qhfhIOz.exe
  2⤵
  PID:5188
- C:\Windows\System\cMQdMOp.exe
  C:\Windows\System\cMQdMOp.exe
  2⤵
  PID:12772
- C:\Windows\System\NvbRzuS.exe
  C:\Windows\System\NvbRzuS.exe
  2⤵
  PID:9384
- C:\Windows\System\DOjapbE.exe
  C:\Windows\System\DOjapbE.exe
  2⤵
  PID:11908
- C:\Windows\System\SMbhRIM.exe
  C:\Windows\System\SMbhRIM.exe
  2⤵
  PID:4356
- C:\Windows\System\LvWDyCU.exe
  C:\Windows\System\LvWDyCU.exe
  2⤵
  PID:12752
- C:\Windows\System\dBrerWO.exe
  C:\Windows\System\dBrerWO.exe
  2⤵
  PID:12880
- C:\Windows\System\FYdjZeX.exe
  C:\Windows\System\FYdjZeX.exe
  2⤵
  PID:13192
- C:\Windows\System\rLeLdEE.exe
  C:\Windows\System\rLeLdEE.exe
  2⤵
  PID:12136
- C:\Windows\System\PHPOxpI.exe
  C:\Windows\System\PHPOxpI.exe
  2⤵
  PID:12088
- C:\Windows\System\lEfTHWV.exe
  C:\Windows\System\lEfTHWV.exe
  2⤵
  PID:11384
- C:\Windows\System\JqXubGG.exe
  C:\Windows\System\JqXubGG.exe
  2⤵
  PID:11580
- C:\Windows\System\vibkFSK.exe
  C:\Windows\System\vibkFSK.exe
  2⤵
  PID:11992
- C:\Windows\System\qlnSIBU.exe
  C:\Windows\System\qlnSIBU.exe
  2⤵
  PID:5168
- C:\Windows\System\rWETwSW.exe
  C:\Windows\System\rWETwSW.exe
  2⤵
  PID:9224
- C:\Windows\System\dnnnegO.exe
  C:\Windows\System\dnnnegO.exe
  2⤵
  PID:3464
- C:\Windows\System\yPNanCp.exe
  C:\Windows\System\yPNanCp.exe
  2⤵
  PID:11732
- C:\Windows\System\jYzXqAZ.exe
  C:\Windows\System\jYzXqAZ.exe
  2⤵
  PID:13208
- C:\Windows\System\JVdRQSV.exe
  C:\Windows\System\JVdRQSV.exe
  2⤵
  PID:13012
- C:\Windows\System\DgtUQwA.exe
  C:\Windows\System\DgtUQwA.exe
  2⤵
  PID:10752
- C:\Windows\System\OUThSYT.exe
  C:\Windows\System\OUThSYT.exe
  2⤵
  PID:5176
- C:\Windows\System\zBCKrmL.exe
  C:\Windows\System\zBCKrmL.exe
  2⤵
  PID:11060
- C:\Windows\System\PkbXHsr.exe
  C:\Windows\System\PkbXHsr.exe
  2⤵
  PID:12852
- C:\Windows\System\xjuShpn.exe
  C:\Windows\System\xjuShpn.exe
  2⤵
  PID:8072
- C:\Windows\System\uThKmjf.exe
  C:\Windows\System\uThKmjf.exe
  2⤵
  PID:5156
- C:\Windows\System\OZwBsee.exe
  C:\Windows\System\OZwBsee.exe
  2⤵
  PID:984
- C:\Windows\System\DBwUPoK.exe
  C:\Windows\System\DBwUPoK.exe
  2⤵
  PID:12156
- C:\Windows\System\kApUIIH.exe
  C:\Windows\System\kApUIIH.exe
  2⤵
  PID:11512
- C:\Windows\System\TyFdMlg.exe
  C:\Windows\System\TyFdMlg.exe
  2⤵
  PID:12828
- C:\Windows\System\uCyRsyZ.exe
  C:\Windows\System\uCyRsyZ.exe
  2⤵
  PID:11412
- C:\Windows\System\Hcawfqg.exe
  C:\Windows\System\Hcawfqg.exe
  2⤵
  PID:13332
- C:\Windows\System\gpAkkXR.exe
  C:\Windows\System\gpAkkXR.exe
  2⤵
  PID:13416
- C:\Windows\System\BFHvIYq.exe
  C:\Windows\System\BFHvIYq.exe
  2⤵
  PID:13432
- C:\Windows\System\eGwpeUw.exe
  C:\Windows\System\eGwpeUw.exe
  2⤵
  PID:13456
- C:\Windows\System\vOubyeq.exe
  C:\Windows\System\vOubyeq.exe
  2⤵
  PID:13476
- C:\Windows\System\HHlKItd.exe
  C:\Windows\System\HHlKItd.exe
  2⤵
  PID:13500
- C:\Windows\System\PwgHtIH.exe
  C:\Windows\System\PwgHtIH.exe
  2⤵
  PID:13520
- C:\Windows\System\PJPKtUy.exe
  C:\Windows\System\PJPKtUy.exe
  2⤵
  PID:13540
- C:\Windows\System\cVxxjXF.exe
  C:\Windows\System\cVxxjXF.exe
  2⤵
  PID:13564
- C:\Windows\System\BfGmpPa.exe
  C:\Windows\System\BfGmpPa.exe
  2⤵
  PID:13596
- C:\Windows\System\XxeWQbN.exe
  C:\Windows\System\XxeWQbN.exe
  2⤵
  PID:13616
- C:\Windows\System\eaMfLAh.exe
  C:\Windows\System\eaMfLAh.exe
  2⤵
  PID:13636
- C:\Windows\System\BGxZrHF.exe
  C:\Windows\System\BGxZrHF.exe
  2⤵
  PID:14176
- C:\Windows\System\ktMaNff.exe
  C:\Windows\System\ktMaNff.exe
  2⤵
  PID:14192
- C:\Windows\System\VsIzJGW.exe
  C:\Windows\System\VsIzJGW.exe
  2⤵
  PID:14212
- C:\Windows\System\DqzBajo.exe
  C:\Windows\System\DqzBajo.exe
  2⤵
  PID:14232
- C:\Windows\System\NFnxNGw.exe
  C:\Windows\System\NFnxNGw.exe
  2⤵
  PID:14256
- C:\Windows\System\JmjURtp.exe
  C:\Windows\System\JmjURtp.exe
  2⤵
  PID:14120
- C:\Windows\System\yytbhHt.exe
  C:\Windows\System\yytbhHt.exe
  2⤵
  PID:14300
- C:\Windows\System\imXSBBj.exe
  C:\Windows\System\imXSBBj.exe
  2⤵
  PID:4712
- C:\Windows\System\xDGjZBs.exe
  C:\Windows\System\xDGjZBs.exe
  2⤵
  PID:1564
- C:\Windows\System\utpIRiF.exe
  C:\Windows\System\utpIRiF.exe
  2⤵
  PID:14264
- C:\Windows\System\vCSXaUf.exe
  C:\Windows\System\vCSXaUf.exe
  2⤵
  PID:588
- C:\Windows\System\pQjqdkA.exe
  C:\Windows\System\pQjqdkA.exe
  2⤵
  PID:824
- C:\Windows\System\uenabdk.exe
  C:\Windows\System\uenabdk.exe
  2⤵
  PID:780
- C:\Windows\System\IJgTrTG.exe
  C:\Windows\System\IJgTrTG.exe
  2⤵
  PID:13468
- C:\Windows\System\fCxYoYT.exe
  C:\Windows\System\fCxYoYT.exe
  2⤵
  PID:13472
- C:\Windows\System\MpUqAhF.exe
  C:\Windows\System\MpUqAhF.exe
  2⤵
  PID:13372
- C:\Windows\System\JyEjRWY.exe
  C:\Windows\System\JyEjRWY.exe
  2⤵
  PID:13516
- C:\Windows\System\BwZqspO.exe
  C:\Windows\System\BwZqspO.exe
  2⤵
  PID:13584
- C:\Windows\System\stzWOgo.exe
  C:\Windows\System\stzWOgo.exe
  2⤵
  PID:13560
- C:\Windows\System\sXXihQi.exe
  C:\Windows\System\sXXihQi.exe
  2⤵
  PID:13720
- C:\Windows\System\vSdiJCU.exe
  C:\Windows\System\vSdiJCU.exe
  2⤵
  PID:13572
- C:\Windows\System\yPPGrDq.exe
  C:\Windows\System\yPPGrDq.exe
  2⤵
  PID:13624
- C:\Windows\System\soAAvIP.exe
  C:\Windows\System\soAAvIP.exe
  2⤵
  PID:13700
- C:\Windows\System\AKrimiy.exe
  C:\Windows\System\AKrimiy.exe
  2⤵
  PID:860
- C:\Windows\System\liEoaRN.exe
  C:\Windows\System\liEoaRN.exe
  2⤵
  PID:3020
- C:\Windows\System\fKrINrF.exe
  C:\Windows\System\fKrINrF.exe
  2⤵
  PID:13732
- C:\Windows\System\OdHIcxH.exe
  C:\Windows\System\OdHIcxH.exe
  2⤵
  PID:9928
- C:\Windows\System\OjMLnFB.exe
  C:\Windows\System\OjMLnFB.exe
  2⤵
  PID:3768
- C:\Windows\System\oShuJWa.exe
  C:\Windows\System\oShuJWa.exe
  2⤵
  PID:13832
- C:\Windows\System\sBogRxJ.exe
  C:\Windows\System\sBogRxJ.exe
  2⤵
  PID:13940
- C:\Windows\System\pLjOGii.exe
  C:\Windows\System\pLjOGii.exe
  2⤵
  PID:13936
- C:\Windows\System\vHGkqUj.exe
  C:\Windows\System\vHGkqUj.exe
  2⤵
  PID:13972
- C:\Windows\System\McIHoXJ.exe
  C:\Windows\System\McIHoXJ.exe
  2⤵
  PID:13968
- C:\Windows\System\fQMczSJ.exe
  C:\Windows\System\fQMczSJ.exe
  2⤵
  PID:14044
- C:\Windows\System\VGKFZlH.exe
  C:\Windows\System\VGKFZlH.exe
  2⤵
  PID:14012
- C:\Windows\System\ENCfUXh.exe
  C:\Windows\System\ENCfUXh.exe
  2⤵
  PID:14008
- C:\Windows\System\TxFVdXQ.exe
  C:\Windows\System\TxFVdXQ.exe
  2⤵
  PID:14100
- C:\Windows\System\noPkBNg.exe
  C:\Windows\System\noPkBNg.exe
  2⤵
  PID:14076
- C:\Windows\System\ecpwqMu.exe
  C:\Windows\System\ecpwqMu.exe
  2⤵
  PID:14132
- C:\Windows\System\TkCJKDV.exe
  C:\Windows\System\TkCJKDV.exe
  2⤵
  PID:14276
- C:\Windows\System\hEEkoLV.exe
  C:\Windows\System\hEEkoLV.exe
  2⤵
  PID:14172
- C:\Windows\System\AGNwflT.exe
  C:\Windows\System\AGNwflT.exe
  2⤵
  PID:1700
- C:\Windows\System\bPTVljE.exe
  C:\Windows\System\bPTVljE.exe
  2⤵
  PID:14268
- C:\Windows\System\JoHipgF.exe
  C:\Windows\System\JoHipgF.exe
  2⤵
  PID:1332
- C:\Windows\System\vqoFZfH.exe
  C:\Windows\System\vqoFZfH.exe
  2⤵
  PID:14332
- C:\Windows\System\tfkaYeD.exe
  C:\Windows\System\tfkaYeD.exe
  2⤵
  PID:4020
- C:\Windows\System\iYQUCaA.exe
  C:\Windows\System\iYQUCaA.exe
  2⤵
  PID:8
- C:\Windows\System\AHxrmQm.exe
  C:\Windows\System\AHxrmQm.exe
  2⤵
  PID:3644
- C:\Windows\System\QQUdTmM.exe
  C:\Windows\System\QQUdTmM.exe
  2⤵
  PID:9116
- C:\Windows\System\jTIzIJl.exe
  C:\Windows\System\jTIzIJl.exe
  2⤵
  PID:13488
- C:\Windows\System\AlnuBef.exe
  C:\Windows\System\AlnuBef.exe
  2⤵
  PID:13740
- C:\Windows\System\GmedNLT.exe
  C:\Windows\System\GmedNLT.exe
  2⤵
  PID:13664
- C:\Windows\System\ITHBCZM.exe
  C:\Windows\System\ITHBCZM.exe
  2⤵
  PID:13672
- C:\Windows\System\CyoWPMp.exe
  C:\Windows\System\CyoWPMp.exe
  2⤵
  PID:4864
- C:\Windows\System\SqRoKJC.exe
  C:\Windows\System\SqRoKJC.exe
  2⤵
  PID:13888
- C:\Windows\System\VspnAul.exe
  C:\Windows\System\VspnAul.exe
  2⤵
  PID:13796
- C:\Windows\System\KWmgmHp.exe
  C:\Windows\System\KWmgmHp.exe
  2⤵
  PID:13964
- C:\Windows\System\oDavUBC.exe
  C:\Windows\System\oDavUBC.exe
  2⤵
  PID:13852
- C:\Windows\System\kfragum.exe
  C:\Windows\System\kfragum.exe
  2⤵
  PID:13844
- C:\Windows\System\wowsiSV.exe
  C:\Windows\System\wowsiSV.exe
  2⤵
  PID:13848
- C:\Windows\System\VMIisac.exe
  C:\Windows\System\VMIisac.exe
  2⤵
  PID:14128
- C:\Windows\System\gvDRPsu.exe
  C:\Windows\System\gvDRPsu.exe
  2⤵
  PID:1192
- C:\Windows\System\DzLWQIe.exe
  C:\Windows\System\DzLWQIe.exe
  2⤵
  PID:996
- C:\Windows\System\VdELzCq.exe
  C:\Windows\System\VdELzCq.exe
  2⤵
  PID:14204
- C:\Windows\System\VqTTDfC.exe
  C:\Windows\System\VqTTDfC.exe
  2⤵
  PID:14188
- C:\Windows\System\GvmiIiM.exe
  C:\Windows\System\GvmiIiM.exe
  2⤵
  PID:13328
- C:\Windows\System\PTrFskI.exe
  C:\Windows\System\PTrFskI.exe
  2⤵
  PID:4140
- C:\Windows\System\EZnZBup.exe
  C:\Windows\System\EZnZBup.exe
  2⤵
  PID:4176
- C:\Windows\System\OuuNBlJ.exe
  C:\Windows\System\OuuNBlJ.exe
  2⤵
  PID:856
- C:\Windows\System\edsKHnE.exe
  C:\Windows\System\edsKHnE.exe
  2⤵
  PID:14156

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13848

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14108

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2776

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1204

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14160

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14284

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:8172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:8252

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

3.120.98.217:8080

053b410e0f7fc23a563c7ec455b272c0N.exe

260 B
5
3.120.98.217:8080

053b410e0f7fc23a563c7ec455b272c0N.exe

156 B
3

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cgkv443v.gsj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BwEQwrN.exe

Filesize
1.9MB

MD5
a158a41fca2e828f03b6f884c12dbf03

SHA1
5638effb9bf6d533fac8010497994c57fdb1de58

SHA256
74a7ec059ead49fa9e89fbdf70ec925c05ec6b79ff56e39debf51732ca75a003

SHA512
5906bfe324fb19198107d68a6dc625f2020725b97143b424fef630875612d4a2858e12502a56c0dda0c107a4aacafeaf91cbb3e73c4dc432f28791a0e7e9070b

Download Submit
C:\Windows\System\CcSXHcm.exe

Filesize
1.9MB

MD5
4c3229d89a0c39b4ae60d39d4c726f55

SHA1
791072994df862fee17b49b92d7d2106345319ed

SHA256
b3983310421a9cfa2bc265527d5923a3662732fbdea30537f3231685e74cf1fe

SHA512
31d0f98115f78722f1363f6731a7e896383d0a9e57d886c4259167a2b7f806985f6175e8a6351052328a14a8f7176e1a8a3daed569591c211c82d33cfa0c6a61

Download Submit
C:\Windows\System\DbVXtai.exe

Filesize
1.9MB

MD5
c1211f0b6e2e4630879c8d67813a7ecf

SHA1
282d3933e58119fc87356be0ff6553cae1802113

SHA256
e832ebbf4165e2a45a3d21911414df69bdc7e4cac601c54fc04daed83064a16b

SHA512
c53dabfeedc7dcb7d4d1a626c6535ff79e196d0601b11fcfbeced52390135fa9403db5161d5f56e905db1f441ead163bc1968ef419d604f1c3126bcd00502d7e

Download Submit
C:\Windows\System\FGkilGn.exe

Filesize
1.9MB

MD5
cec3b237a088ca607e8b3b6fdf33aaa8

SHA1
c5472163fccad2bbaab7ff4e4d4a3821ebd4d7f0

SHA256
33688e7303767a16e39d2f2d7d79691f78c8dda912a73c094c52877ef623886e

SHA512
facfe849bb41acd3174b6494c27a7e0da0cbf6abda4a7e44c1777a2c2407ad140f31215e963644bafee3c6c979f0329595741ce40d8baa2b67201ec409a6e94e

Download Submit
C:\Windows\System\HfXoSua.exe

Filesize
1.9MB

MD5
9c51f04ae1b2470a24dea4e0cc7efcea

SHA1
aa51afcb96df56a286f1c05888169c425f9f1f01

SHA256
fc53ed4259869c887fb27c6651fac5bb85c717f2f2ee643fdbe2e135a6aa5031

SHA512
fce1296a15f9e9d282c517ef4bf97a35595a4c03f6bb059458f6d3be6f2a6a4eff7efe55786a849645e01a172e77e488c4facd529502f49a3878a2651334705c

Download Submit
C:\Windows\System\HnLPcHY.exe

Filesize
1.9MB

MD5
2a1950b2224468dd0af7158cd479ecf6

SHA1
13bc9a1d025cbbd687610990e5f7661726a0dace

SHA256
3dccab2e9826682aba3c45f3634cd75da666bc7347a55c363e3a56ec65ee8ec9

SHA512
368a5444be53379624357bba03e047e4d4bedf21bbcc20ff874d3967952f536ef03979bda0d66c516a9200dfc5d8ad83fa0b139b0d765e3de49572cdece451a6

Download Submit
C:\Windows\System\LJlutJx.exe

Filesize
1.9MB

MD5
ee363dfd2657f96c62f6b2a5a7b76afd

SHA1
49f0662cbd809483552bd6a8070f6331d5e9398b

SHA256
abbe82fdf24f9542fba3d32eac608990406d94cb3cef7115aaf8e2d90d8b9159

SHA512
ce310dd1b3c0aa71b2a162e2825cde30470fe065ba4ffc789800de3dc218207dbfceb0c439bb307433141405557c1233d288f694b2738ff6b1891d3c92b3b49e

Download Submit
C:\Windows\System\LKJqJuH.exe

Filesize
1.9MB

MD5
ea8f6719be7127d87e4690c78e4384ff

SHA1
6f5590f59ecfcbb9e231179a9d8f1a22f17e54a4

SHA256
595510f4f7c446aa62b6aa8c913285803e4e17d13709ba2fba2303437a17b632

SHA512
9810705228d5842e29685aad226b0b0dea359194cbeddd8202e8a8304cd16febec0432ddad62ff29643ce844f437d37dacae6bfdd192546d6ff9abd16eab5231

Download Submit
C:\Windows\System\NOqQpZU.exe

Filesize
1.9MB

MD5
cfb6fb558726a85fe76ee3261508a154

SHA1
56a4eb9c41a6a10c022b2a3f570a5ceb041e1cc5

SHA256
15a9e0d9eea441179efe4583a1cbfe31265addf02fad243fea7eb9be844a8795

SHA512
06f7f02bd751d6d759d3b8915698a24833e6a7ea23682b02f149afd6e2e07e829aed52ff3c60505c162fbd6d8bb73acb59c6de305fc57ab3a0b26d07134e9e91

Download Submit
C:\Windows\System\OYOZQLn.exe

Filesize
1.9MB

MD5
76eb5308b29dda435cfdd07d6d44c947

SHA1
e34d82e9e5eb8cb85824e7c011b5f15db2ec8431

SHA256
d8ad239bd019b0b5d437e6043138766a62a78069eb2701f3a2c583597a547af3

SHA512
daabe81aec53b5abb12c9dec24ccafa1f45035ddca06e624d2ea2322f80cc3e1cfeb19f6963ed7fd432b1e745511211643c0774c2d5f7a8f4bbacd79102edbdc

Download Submit
C:\Windows\System\OYjvycA.exe

Filesize
1.9MB

MD5
4f0d03002576e432dbc110aa5a7ecea2

SHA1
adc7b7ad44cbe21509b59cdd19a919d06469e355

SHA256
2b70ab7d8fcfefc21d2124dab337be46fe9b80827cb36a2e08ed791ebf2c97b7

SHA512
91e7c863f12963ea7ef3fb23c4df2c6d0dac45a5b19a06cc09f752acc62456d9f163c4b24a02bce50429d055bbad2a8d5ff4cad89eba121dec11280bb3691d58

Download Submit
C:\Windows\System\PDtPxXj.exe

Filesize
1.9MB

MD5
be0e75ec29ed7ea2692fed70e4cfe8ba

SHA1
ffdac68b90be6b43379bcc0b3287e0afb5812634

SHA256
8487c08586c635e9d1bfb66ec4b71ae8327ea3ee2046faded389f992a9bde0e1

SHA512
cb50bafa0c2a0c0c43ffbb4f337e593ac108a5de792f006a78ffd588fc483981a54ab84aad24558eca3bfa09a94084d5b2dd9ba7a24ab7216e776d7c203436b7

Download Submit
C:\Windows\System\RYiQFNK.exe

Filesize
1.9MB

MD5
a18ed1a4515e342b26104aa3daba603b

SHA1
1557df7c70600ce17fb6ca471d4e8c8671140984

SHA256
60e0c36d8019849f992a79348c01cd1780b950d26a3c93e50812e66867c3173d

SHA512
2d90ae55dde15d400b33b4fe0617ba499d00a58289e0c61907862ebb7dc14808e9ced6fe3f40ffee5947aee938c47dbfa79db9e811907df41527c950bc8c0e0a

Download Submit
C:\Windows\System\SxzVlww.exe

Filesize
1.9MB

MD5
5ca010af9bc923b81d657ef27818129c

SHA1
dfb3352f411a4a6cbb1738d6e2fd79569d285f06

SHA256
4fd3dbaa9d70aa25132fc8ace264133cb1f475c6482dacd0fa4901aeb19e5a8b

SHA512
f2f76da78ead4d55e0a7d8efd64738764d2ee1dc2cc2408a0ef1cf9ad56742ce9ba527786039c9296a28bd9744b694fb7d45bd371ed3e4fb058eccf70d851a5c

Download Submit
C:\Windows\System\TzGKLvm.exe

Filesize
1.9MB

MD5
e81e7e5967d276dc90d7728f7882d55f

SHA1
9de3bf0e9bd72aa1c0491415fc84e35164bcb595

SHA256
822d42502dd70183d36d6239a990bd8e0386e6fb2aa33f19c4bb6db939070f04

SHA512
aba299b457e65bda81a7bf76936de3eee4aa5d95dc45d82068d2540f45f63f5539a696cf729747061e26160f9ba35e77ae2e24b93031ab8a17e5a354bd2a348a

Download Submit
C:\Windows\System\Urquvfy.exe

Filesize
1.9MB

MD5
d50ab0351574b7aeb05e6b65a60411ff

SHA1
e3cbab33ddf355be5830e626bacfa39827aa25da

SHA256
34299370f200221f975b02dd36d460f064e4d8e8c105f5892c2f31c444418b4a

SHA512
7659c729b10f6f97bb2d443f1b6c1c491e9e5acf1c52e1ebde6f03a067bafcc933ab40be3fc379682bdf1d239f7c13167d2323bc0140e758233015a3011cd044

Download Submit
C:\Windows\System\XWKvxsW.exe

Filesize
1.9MB

MD5
0d69d8a9419337d9b3ec3008e6cc6f59

SHA1
abde59df905306f37923224c350a2e773b9b0239

SHA256
471e2ae2002af3539b34097a50e29f0123bc8f8cd9614c4646ecef12741cd731

SHA512
65e4328d67157b2613bd96536e0cf4e1426f3b5a57e32acbf284db98fdded4d200b091c155bbd874beafc5a1bfe898f848ee97e3d652f37c3c21f35c659c3a18

Download Submit
C:\Windows\System\XgicrMM.exe

Filesize
1.9MB

MD5
339aae2d42b068dfc4c458b4c87b9a14

SHA1
d2a8953ce90c669881b355618254a60d3a289abc

SHA256
2740cdab9b4311388b211345e61ba334222f2b8c3069719943785e0cc5fe526d

SHA512
6f8ae583a1cb73b9d5b85d30f96bf5d1babf5c8aa814e9a8d0b4aa3e3cff1e48cdae9c1f3388fb109574453b1a7eb42609a26d5823ff12c8dfce80e907a58966

Download Submit
C:\Windows\System\XrKVrvn.exe

Filesize
1.9MB

MD5
9250597bf6cdc54796e8253d746b046e

SHA1
4c1b5ed5d185796653f51babd3ecd25a077b66ce

SHA256
e23f158d6dffe76676c50129736a4788d6c51fd61e57295dd2c3463ffd9f5a1d

SHA512
ff29529a63c6d17320d8af42a44cef8d99bcb0f1d37ae0622d37663f6dfae5162ff1d0a36d5d74cf2ffe25c1f7f704b3e1d28bd0192777c50a19c4fff47d03ae

Download Submit
C:\Windows\System\YtLeetJ.exe

Filesize
1.9MB

MD5
37d05c5bbb18c50544573d5919f4f4ed

SHA1
8f95e0c00120ed4d737f669b51cbda2145af6d4a

SHA256
0d13be093f571c4a58619731be948d7a89e8fe11a4e93f3fa97f6d1483733930

SHA512
4c0a0aa256dd5993800c3227a948c7c8d55937de2306b5df794bb0205fb3e4ce1dd031e10a03f9c5b729fd3aa20465300992f29be2f4c2a43f2acb28df55588b

Download Submit
C:\Windows\System\adFHkHg.exe

Filesize
1.9MB

MD5
2083ba1edf6b307d9655d858e9ae1b1d

SHA1
7f19196b68f195b4803b59253622faabb33c9ba4

SHA256
3db5ba9c5b338e7b12f15ab7da0ec89376a3e7e4ed41684e6d394bd27b86d03e

SHA512
ed6233a4891948f5e8eb51872603512182ae176ab557c168e155b620b42769bdb34f091e604df71120901d2636420700d59cc1825364dec72ee35bc65d3c8e66

Download Submit
C:\Windows\System\dfQTbFV.exe

Filesize
1.9MB

MD5
5f3a9c2727132ba6e9b15ae88b557df0

SHA1
728f1dc5a78b4f19f285aaa21a98fa8ef44d7ed0

SHA256
35285835efb72896a17a014d29ebbc34ae34697aa340354f3a40a63b795625ec

SHA512
e718e5d1b84598578e37a986aa603e76a5909a9a7abcf62de06048b8f37f2aa957ffbe66a4eb9dca6c7a443c6c5fdc1d760a1c2886db25820455bb6f353f0ef4

Download Submit
C:\Windows\System\gjHaBcm.exe

Filesize
1.9MB

MD5
150415d700683b4db4a287ec5660c2eb

SHA1
9cfc3418c4999cbcb0c47f60329f5d9fa16da73d

SHA256
849029ecf4841fcb04ec7d4a9c2d2a33e3ea3c3d27c4e0165561edaec7cdba5e

SHA512
58a1cd0a9f0cc798c22cbf4e261caa27e7be6818a484af89964f97508512270eb2c356deddeb6066eaca2ebd12a9b0ea79c613adc81ed76bd33b36c17ca266db

Download Submit
C:\Windows\System\gtJphdG.exe

Filesize
1.9MB

MD5
5b601db73858b7df37452f58c3b71618

SHA1
cac7ed448ddcaffc6062fd5ba2fddb52f2e89c2b

SHA256
f1bb10edd42308747f195a8a3afe54253d55ee03d1db72c7905738a1e99058e7

SHA512
5243a1c26d55c8afec52071e1755255faf34786980892c83ec0eff9b642e2efea30e6d362638ffddaa9c538ba0d743faae8af1a93a16580939a3d65b59bad5cf

Download Submit
C:\Windows\System\hEUCrVo.exe

Filesize
1.9MB

MD5
3e2c48d1a26c4e767fb7f73c04cac58f

SHA1
9d5e7f0f5c41028e83b04869d6426974be32b415

SHA256
90277a8dc6fd9d59640f33503c18d74221641c3720f043867cae6662d441cba1

SHA512
fa111217b927de6a0a98ec1648b1c772b4b6cadc7237bda06a7dc82c049c61b67054e7b2d148b65d46b54573937464e9d1640a2ab3cad05a44a004da81d4314c

Download Submit
C:\Windows\System\izREjJq.exe

Filesize
1.9MB

MD5
8735041d1c54809e625302f8d2f531a5

SHA1
e2b63afc7a6bba6413b4a57359dcf9836fb9fb0c

SHA256
89f2a7b3373f379b57fffe1e2739cf7b7db4b6f58fa6278ef4e92a9fc85f5bfc

SHA512
97ee979506d5333e6ebdbc8c1b8b3ff00e159054cb17b9683f7b66ecf03112318c7adb1d28bfe26523bf482b32e01d94074309dcc6891af1c5ead0e27c3baea3

Download Submit
C:\Windows\System\kKFLQEA.exe

Filesize
1.9MB

MD5
ceba75d9489e0bcd11d298c6079dc17f

SHA1
1767a2dc680878b8e8036261859539716d89cf22

SHA256
4c4638b091e2293d3e2a568262e11299a526592bf798fc7eecc43000ef425179

SHA512
3b544f4ce10d8b9c6cdb5a096ab6c765835617cfbb54b3553b0ef7a43657207c1ecbe2840476baae139638fec388b04836ae19d84af4286943e837d92b2657e2

Download Submit
C:\Windows\System\kihDyTP.exe

Filesize
1.9MB

MD5
39032cb03cef1a45edf053fb3f3f06f0

SHA1
cd83451e8325d5efee479bd2fde09ce987d14d06

SHA256
6d11f6225c88c4528fea8f2d992e18720fea8ee07e744ed95cc8ef5eb6e1b3fa

SHA512
fa3052bc1f726754253477bf0763d4c43a0b278f1197eb38ce82579c4bfd065dd7947355e5f86bfd1cadbeb6dfdfd23ae2871f1a56bd483415f4e0b8e9d6d550

Download Submit
C:\Windows\System\lHFQUOy.exe

Filesize
1.9MB

MD5
29856143ef1739e1829270758cbe9dec

SHA1
f948b8ca9e5003ebc4abdbc35c8ebd8e23ae31de

SHA256
70bf31ef68d34fb2c296cc33a17d938f082c6935d3e02cc924c9ea64ba72082b

SHA512
b994a10db4c9f7fb3fd17d6e1280630d4b19430f9df8a2e875f70d01ed9c07aa76d5665efe79c2165fa7346d93149f6a20c18a431350c808fb0d9f16d7fcc7e3

Download Submit
C:\Windows\System\ljjQggs.exe

Filesize
1.9MB

MD5
ed131f07c5b860dd9f13223eeac120a7

SHA1
65631e2382e3b2d6a5867d6c4d6e7f140d709f07

SHA256
5f41df7b328fb8856877496c10413f8b8e2f1383fde6dcbc43235d9340f57cea

SHA512
7d2c57cf92e8c32ac0b0ee46a49095ee8e5c05941ec836a0654e507af0bc392d3d8ac6146807e032a94c3531da86e2ca64ca1c831ca32e4b35256aea56664634

Download Submit
C:\Windows\System\ojxGqTI.exe

Filesize
1.9MB

MD5
7cbb6d1891c6d737a1b5fdb348c4a470

SHA1
61e6ba079f84597bcb8ea9ac69c5b3e2fb29636f

SHA256
3b6322e23e807245504f3a708ba8b49e88d1a6e7cd87c03e3cbb67304b976452

SHA512
886f8097909b3e80d7a96d99b80e2656290cf4666ee040d845582f6cf4f88e192239c980ac7f6070ee9b8c79c98ba6ad1fdea1a970df180f839ed192aaf89ff6

Download Submit
C:\Windows\System\preYvuZ.exe

Filesize
1.9MB

MD5
65956f1356e528a9f09465ab53302842

SHA1
c2edb0d35f079b2b537f2a5690d81432228e37e6

SHA256
d1c8ed977f1abbb91118d8699d4894236a3e9b591a086fa1693c8af869364a1b

SHA512
51d197f38d051c164d47bb996924f44d9421c408d169aa9e8c8314c0f2d607c4ce211aaa425d798fbea92c7efd692e11c3bca281de8405b5f87b94f29d857761

Download Submit
C:\Windows\System\qXMnPzF.exe

Filesize
1.9MB

MD5
b3f91a11d88780a0d03c4f085b42d476

SHA1
a61e68cfa64c15c1386f0d1ab6a8443b7a565016

SHA256
75358282781c25c75b6cbd0c6f53908d334f228c9f2bd6f9541b4030dc050427

SHA512
fdcbbbcc6f990a2170f824abf5be725fb9b892322f7a592a69f6aa7ca0146516cfe42a26f573182ab58c0b7f46819fd6fb4ef098f46903120747d98e1b333c67

Download Submit
C:\Windows\System\qtgIkOo.exe

Filesize
1.9MB

MD5
a10d2df16234f02b20ea3ef84329ed77

SHA1
e3fc418864c2096959743670f56b6e76c1980714

SHA256
45943237a0457fbf2e15c0aa5e556e077062bba2006c06081b8e8a98752f73bb

SHA512
63dc3bb52e7f87dc4530574b3321681c8521e88ce10a2ffe6da0a1077802289169ebc9f496687b3645f97cd25f8d4ef63384d5d319c0c875fc505162646994a9

Download Submit
C:\Windows\System\sQxGlHB.exe

Filesize
1.9MB

MD5
c45d084cf4875a28f3264fd02868b068

SHA1
aaf4e19f2e1d9ec44a2d125b8b70bf4884dffba1

SHA256
b6366c66141422dfd5007b798fa3694a152e16ffd71b0def8a4ec989934ee99a

SHA512
d9e3cb014975f3f2c22314cd2df367a73c92fce9085659d8c3c0160f461b649e8ac882b01ff113e9cfdc00359cdd03ecdfcb9a6d63c3dc8b063fdceae7fca685

Download Submit
C:\Windows\System\uBiLlwY.exe

Filesize
1.9MB

MD5
6f0f39e4298774b75c874ef98502a5d7

SHA1
d97703c61e27d68fee39c24884905b9d75702cf8

SHA256
958523e17ef2eaa984748530d8700ecf33375fdff11e06adf23ab76773f39f22

SHA512
6af670b22bf98ff6048da92fbd8e866fa0bb3815b651896d40516a0738ae7e3e0ac202a4a1290ddfcd503cf881818da0f6727c67191e6a56735485e45803176c

Download Submit
C:\Windows\System\vlBeniM.exe

Filesize
1.9MB

MD5
87f0b6536b7a37ee8cae9b161d5915f6

SHA1
aa953177ad068cbcd5f570dcc0bb00354b03e84b

SHA256
03e3e5ded320419b1e970d4db2f29ff00488d5cca071b5a38794c320e54693fa

SHA512
ffeaff15a928b2df7acc9bb1cf21c33a28dbf4380df417b9bce1fc3a43f57e7a62f5b24d1b9104e2c47cda9c498703e9d47756c3defdd401fedad4ae2ed9f74d

Download Submit
C:\Windows\System\xatxVhF.exe

Filesize
1.9MB

MD5
bbb6bcee43739113d98aa9ec5545e007

SHA1
2d225f1d110435e6d5a10ba8ff2259d249ec2ce8

SHA256
5b0039ddf81ba9260b3713471c5a6112bd08eac2aa0ff7ed23ed9dcf3bfd7395

SHA512
4b540195aa16d37be453ed3dd7630c84e544200bdf0bd3351c0b3fcefd73076d8ae848e4162c186a76e39a79bbef2c7acaa3960aa487e6c87175eb741ec62034

Download Submit
C:\Windows\System\zTjFVEM.exe

Filesize
1.9MB

MD5
9893a8a6ca8a5e6e0dd789685c9809c8

SHA1
e0711fdc3817e9145dbbf9be9bdb0413aa841fe1

SHA256
7aee5aee5bd7207772cd06ac9ebb6e507204b77575322454b7ebe7a6a0459348

SHA512
40924d48247b342946baa70e228efb5f2e98305568b6f9a06d32c089541e1aff0f0ebc7edd8a565d91f3d7d8a0c733fb9269b7f14763c453fc39968a48ea1fcb

Download Submit
memory/116-303-0x00007FF796920000-0x00007FF796D12000-memory.dmp

Filesize
3.9MB

Download
memory/408-304-0x00007FF7E1380000-0x00007FF7E1772000-memory.dmp

Filesize
3.9MB

Download
memory/456-194-0x00007FF800950000-0x00007FF801411000-memory.dmp

Filesize
10.8MB

Download
memory/456-271-0x00007FF800950000-0x00007FF801411000-memory.dmp

Filesize
10.8MB

Download
memory/456-187-0x00000166DCA30000-0x00000166DCA52000-memory.dmp

Filesize
136KB

Download
memory/456-104-0x00007FF800953000-0x00007FF800955000-memory.dmp

Filesize
8KB

Download
memory/472-307-0x00007FF7D3860000-0x00007FF7D3C52000-memory.dmp

Filesize
3.9MB

Download
memory/1256-300-0x00007FF770360000-0x00007FF770752000-memory.dmp

Filesize
3.9MB

Download
memory/1508-301-0x00007FF78D280000-0x00007FF78D672000-memory.dmp

Filesize
3.9MB

Download
memory/1560-302-0x00007FF620F90000-0x00007FF621382000-memory.dmp

Filesize
3.9MB

Download
memory/1804-52-0x00007FF7ECE70000-0x00007FF7ED262000-memory.dmp

Filesize
3.9MB

Download
memory/1804-3808-0x00007FF7ECE70000-0x00007FF7ED262000-memory.dmp

Filesize
3.9MB

Download
memory/2040-3811-0x00007FF65ACF0000-0x00007FF65B0E2000-memory.dmp

Filesize
3.9MB

Download
memory/2040-1-0x00000175609A0000-0x00000175609B0000-memory.dmp

Filesize
64KB

Download
memory/2040-0-0x00007FF65ACF0000-0x00007FF65B0E2000-memory.dmp

Filesize
3.9MB

Download
memory/2476-314-0x00007FF671700000-0x00007FF671AF2000-memory.dmp

Filesize
3.9MB

Download
memory/2588-309-0x00007FF774A20000-0x00007FF774E12000-memory.dmp

Filesize
3.9MB

Download
memory/2832-3810-0x00007FF6A8060000-0x00007FF6A8452000-memory.dmp

Filesize
3.9MB

Download
memory/2832-75-0x00007FF6A8060000-0x00007FF6A8452000-memory.dmp

Filesize
3.9MB

Download
memory/2860-3805-0x00007FF6E78B0000-0x00007FF6E7CA2000-memory.dmp

Filesize
3.9MB

Download
memory/2860-15-0x00007FF6E78B0000-0x00007FF6E7CA2000-memory.dmp

Filesize
3.9MB

Download
memory/3332-298-0x00007FF64A930000-0x00007FF64AD22000-memory.dmp

Filesize
3.9MB

Download
memory/3880-47-0x00007FF639B60000-0x00007FF639F52000-memory.dmp

Filesize
3.9MB

Download
memory/3972-297-0x00007FF608E70000-0x00007FF609262000-memory.dmp

Filesize
3.9MB

Download
memory/4008-296-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp

Filesize
3.9MB

Download
memory/4060-305-0x00007FF754B50000-0x00007FF754F42000-memory.dmp

Filesize
3.9MB

Download
memory/4080-313-0x00007FF654320000-0x00007FF654712000-memory.dmp

Filesize
3.9MB

Download
memory/4224-102-0x00007FF797270000-0x00007FF797662000-memory.dmp

Filesize
3.9MB

Download
memory/4368-312-0x00007FF76D2F0000-0x00007FF76D6E2000-memory.dmp

Filesize
3.9MB

Download
memory/4476-311-0x00007FF61A700000-0x00007FF61AAF2000-memory.dmp

Filesize
3.9MB

Download
memory/4484-310-0x00007FF634680000-0x00007FF634A72000-memory.dmp

Filesize
3.9MB

Download
memory/4876-306-0x00007FF635B80000-0x00007FF635F72000-memory.dmp

Filesize
3.9MB

Download
memory/4992-308-0x00007FF65EEA0000-0x00007FF65F292000-memory.dmp

Filesize
3.9MB

Download
memory/5068-299-0x00007FF681D90000-0x00007FF682182000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.