xmrig | 94d608f28f6ed5142d5c7bb0bea1ca9c84b5d91457b35806553981690fb9e9c9

Analysis

max time kernel
102s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bad1dea2682fd1f0291cbff7c7185f90N.exe
Size

1.2MB
MD5

bad1dea2682fd1f0291cbff7c7185f90
SHA1

5bb240b775dc4b513528cf576c9622e47b74463f
SHA256

94d608f28f6ed5142d5c7bb0bea1ca9c84b5d91457b35806553981690fb9e9c9
SHA512

c7a3a600ad75a4702716c76708fd9727f0be0e9252a2d5147f0f94e5f9b8b006d90ed825de6d6cd69ca36784f4493764b3cde03ced17110f97407da322cb47b0
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwg3Hl5pCB:Lz071uv4BPMkHC0IlnAC7+

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 14808 created 2568	14808	WerFaultSecure.exe	80

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/320-94-0x00007FF74DA50000-0x00007FF74DE42000-memory.dmp	xmrig
behavioral2/memory/2124-177-0x00007FF6EE5F0000-0x00007FF6EE9E2000-memory.dmp	xmrig
behavioral2/memory/2400-171-0x00007FF7C7F00000-0x00007FF7C82F2000-memory.dmp	xmrig
behavioral2/memory/1416-165-0x00007FF76F680000-0x00007FF76FA72000-memory.dmp	xmrig
behavioral2/memory/3696-164-0x00007FF74D840000-0x00007FF74DC32000-memory.dmp	xmrig
behavioral2/memory/4664-158-0x00007FF641270000-0x00007FF641662000-memory.dmp	xmrig
behavioral2/memory/4276-152-0x00007FF76DB80000-0x00007FF76DF72000-memory.dmp	xmrig
behavioral2/memory/4608-146-0x00007FF6F7F10000-0x00007FF6F8302000-memory.dmp	xmrig
behavioral2/memory/1412-140-0x00007FF7225F0000-0x00007FF7229E2000-memory.dmp	xmrig
behavioral2/memory/2688-134-0x00007FF6C1950000-0x00007FF6C1D42000-memory.dmp	xmrig
behavioral2/memory/2284-133-0x00007FF7488D0000-0x00007FF748CC2000-memory.dmp	xmrig
behavioral2/memory/2296-127-0x00007FF6C6FC0000-0x00007FF6C73B2000-memory.dmp	xmrig
behavioral2/memory/1036-121-0x00007FF62A980000-0x00007FF62AD72000-memory.dmp	xmrig
behavioral2/memory/3508-120-0x00007FF7F9200000-0x00007FF7F95F2000-memory.dmp	xmrig
behavioral2/memory/3620-116-0x00007FF721D50000-0x00007FF722142000-memory.dmp	xmrig
behavioral2/memory/3460-115-0x00007FF6A8230000-0x00007FF6A8622000-memory.dmp	xmrig
behavioral2/memory/1656-109-0x00007FF79BA20000-0x00007FF79BE12000-memory.dmp	xmrig
behavioral2/memory/3416-95-0x00007FF7E7700000-0x00007FF7E7AF2000-memory.dmp	xmrig
behavioral2/memory/348-86-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp	xmrig
behavioral2/memory/4072-78-0x00007FF6CBE40000-0x00007FF6CC232000-memory.dmp	xmrig
behavioral2/memory/1548-77-0x00007FF71AAC0000-0x00007FF71AEB2000-memory.dmp	xmrig
behavioral2/memory/3180-70-0x00007FF638290000-0x00007FF638682000-memory.dmp	xmrig
behavioral2/memory/3296-58-0x00007FF717130000-0x00007FF717522000-memory.dmp	xmrig
behavioral2/memory/924-2721-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp	xmrig
behavioral2/memory/3620-2732-0x00007FF721D50000-0x00007FF722142000-memory.dmp	xmrig
behavioral2/memory/924-2734-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp	xmrig
behavioral2/memory/3296-2738-0x00007FF717130000-0x00007FF717522000-memory.dmp	xmrig
behavioral2/memory/3180-2740-0x00007FF638290000-0x00007FF638682000-memory.dmp	xmrig
behavioral2/memory/3508-2737-0x00007FF7F9200000-0x00007FF7F95F2000-memory.dmp	xmrig
behavioral2/memory/348-2747-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp	xmrig
behavioral2/memory/3416-2752-0x00007FF7E7700000-0x00007FF7E7AF2000-memory.dmp	xmrig
behavioral2/memory/1656-2756-0x00007FF79BA20000-0x00007FF79BE12000-memory.dmp	xmrig
behavioral2/memory/3460-2760-0x00007FF6A8230000-0x00007FF6A8622000-memory.dmp	xmrig
behavioral2/memory/2284-2759-0x00007FF7488D0000-0x00007FF748CC2000-memory.dmp	xmrig
behavioral2/memory/2688-2762-0x00007FF6C1950000-0x00007FF6C1D42000-memory.dmp	xmrig
behavioral2/memory/2296-2754-0x00007FF6C6FC0000-0x00007FF6C73B2000-memory.dmp	xmrig
behavioral2/memory/1036-2750-0x00007FF62A980000-0x00007FF62AD72000-memory.dmp	xmrig
behavioral2/memory/1548-2748-0x00007FF71AAC0000-0x00007FF71AEB2000-memory.dmp	xmrig
behavioral2/memory/320-2745-0x00007FF74DA50000-0x00007FF74DE42000-memory.dmp	xmrig
behavioral2/memory/4072-2744-0x00007FF6CBE40000-0x00007FF6CC232000-memory.dmp	xmrig
behavioral2/memory/1412-2770-0x00007FF7225F0000-0x00007FF7229E2000-memory.dmp	xmrig
behavioral2/memory/4276-2766-0x00007FF76DB80000-0x00007FF76DF72000-memory.dmp	xmrig
behavioral2/memory/4608-2788-0x00007FF6F7F10000-0x00007FF6F8302000-memory.dmp	xmrig
behavioral2/memory/2400-2791-0x00007FF7C7F00000-0x00007FF7C82F2000-memory.dmp	xmrig
behavioral2/memory/4664-2789-0x00007FF641270000-0x00007FF641662000-memory.dmp	xmrig
behavioral2/memory/1416-2786-0x00007FF76F680000-0x00007FF76FA72000-memory.dmp	xmrig
behavioral2/memory/2124-2769-0x00007FF6EE5F0000-0x00007FF6EE9E2000-memory.dmp	xmrig
behavioral2/memory/3696-2765-0x00007FF74D840000-0x00007FF74DC32000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
8	2880	powershell.exe
10	2880	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2880	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
924	tpQllPR.exe
3620	JRjqEcv.exe
3508	FQZpgkR.exe
3296	ODfJjYh.exe
3180	KwdrQnX.exe
1036	JCIadGy.exe
1548	iXGZJGN.exe
4072	vMtGDeT.exe
348	mGZqFfU.exe
320	aytnmdQ.exe
3416	CgpqEXp.exe
2296	itwygeq.exe
1656	FlnESNm.exe
2284	YpAQySQ.exe
3460	IuyHgwd.exe
2688	HASKxPW.exe
1412	gglarqF.exe
4608	BzpcgOd.exe
4276	peiMWmJ.exe
4664	bHwXlFH.exe
3696	OxctAij.exe
1416	CnERzRR.exe
2400	nNuiycu.exe
2124	QTpEibK.exe
2148	WwAKXWn.exe
3932	fAerWiL.exe
892	wRIdGeH.exe
2584	CHohpzf.exe
3136	AElZsMu.exe
2904	gSSjDYW.exe
4528	EJKTWLr.exe
4264	DaIUteE.exe
4640	NAWcDcy.exe
5024	btTofSV.exe
1272	tlihGgz.exe
3848	KNcgnjs.exe
1840	hHePBUy.exe
3560	dojgbGM.exe
4704	vwfnllQ.exe
1632	wUzApml.exe
4120	sOAXmlF.exe
584	EyEDNcy.exe
3844	CLowOOZ.exe
4372	BurdZwT.exe
4376	qmwZGGO.exe
2464	yyAEcwR.exe
2168	ufFFGZt.exe
2128	SLDaojs.exe
4996	FIPGhHc.exe
4540	sjyaeJJ.exe
4444	uPBVcYi.exe
3448	tUtmKJc.exe
4076	NudXYyA.exe
3500	jvoWSNJ.exe
4684	GyjzGRf.exe
2252	iLoCPtq.exe
1624	wuprjLg.exe
2160	rwNYrMe.exe
1348	MUvfCkE.exe
5052	gaKpNgQ.exe
452	uxTyruF.exe
3304	PjyWllA.exe
2944	SLFEcPV.exe
660	eGymOpw.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3480-0-0x00007FF681D60000-0x00007FF682152000-memory.dmp	upx
behavioral2/files/0x000900000002346e-5.dat	upx
behavioral2/files/0x00070000000234ca-17.dat	upx
behavioral2/memory/924-11-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp	upx
behavioral2/files/0x00070000000234c9-9.dat	upx
behavioral2/files/0x00070000000234cb-21.dat	upx
behavioral2/files/0x00070000000234d2-52.dat	upx
behavioral2/files/0x00070000000234d1-51.dat	upx
behavioral2/files/0x00070000000234d0-61.dat	upx
behavioral2/files/0x00070000000234d3-82.dat	upx
behavioral2/memory/320-94-0x00007FF74DA50000-0x00007FF74DE42000-memory.dmp	upx
behavioral2/files/0x00080000000234c6-110.dat	upx
behavioral2/files/0x00070000000234d9-117.dat	upx
behavioral2/files/0x00080000000234db-130.dat	upx
behavioral2/files/0x00080000000234da-155.dat	upx
behavioral2/files/0x00070000000234e3-188.dat	upx
behavioral2/files/0x00070000000234e7-200.dat	upx
behavioral2/files/0x00070000000234e5-198.dat	upx
behavioral2/files/0x00070000000234e6-195.dat	upx
behavioral2/files/0x00070000000234e4-193.dat	upx
behavioral2/files/0x00070000000234e2-183.dat	upx
behavioral2/files/0x00070000000234e1-178.dat	upx
behavioral2/memory/2124-177-0x00007FF6EE5F0000-0x00007FF6EE9E2000-memory.dmp	upx
behavioral2/files/0x00070000000234e0-172.dat	upx
behavioral2/memory/2400-171-0x00007FF7C7F00000-0x00007FF7C82F2000-memory.dmp	upx
behavioral2/memory/1416-165-0x00007FF76F680000-0x00007FF76FA72000-memory.dmp	upx
behavioral2/memory/3696-164-0x00007FF74D840000-0x00007FF74DC32000-memory.dmp	upx
behavioral2/files/0x00070000000234df-159.dat	upx
behavioral2/memory/4664-158-0x00007FF641270000-0x00007FF641662000-memory.dmp	upx
behavioral2/files/0x00070000000234de-153.dat	upx
behavioral2/memory/4276-152-0x00007FF76DB80000-0x00007FF76DF72000-memory.dmp	upx
behavioral2/files/0x00070000000234dd-147.dat	upx
behavioral2/memory/4608-146-0x00007FF6F7F10000-0x00007FF6F8302000-memory.dmp	upx
behavioral2/memory/1412-140-0x00007FF7225F0000-0x00007FF7229E2000-memory.dmp	upx
behavioral2/files/0x00070000000234dc-135.dat	upx
behavioral2/memory/2688-134-0x00007FF6C1950000-0x00007FF6C1D42000-memory.dmp	upx
behavioral2/memory/2284-133-0x00007FF7488D0000-0x00007FF748CC2000-memory.dmp	upx
behavioral2/memory/2296-127-0x00007FF6C6FC0000-0x00007FF6C73B2000-memory.dmp	upx
behavioral2/memory/1036-121-0x00007FF62A980000-0x00007FF62AD72000-memory.dmp	upx
behavioral2/memory/3508-120-0x00007FF7F9200000-0x00007FF7F95F2000-memory.dmp	upx
behavioral2/memory/3620-116-0x00007FF721D50000-0x00007FF722142000-memory.dmp	upx
behavioral2/memory/3460-115-0x00007FF6A8230000-0x00007FF6A8622000-memory.dmp	upx
behavioral2/files/0x00070000000234d8-113.dat	upx
behavioral2/memory/1656-109-0x00007FF79BA20000-0x00007FF79BE12000-memory.dmp	upx
behavioral2/files/0x00070000000234d7-98.dat	upx
behavioral2/memory/3416-95-0x00007FF7E7700000-0x00007FF7E7AF2000-memory.dmp	upx
behavioral2/files/0x00070000000234d6-89.dat	upx
behavioral2/files/0x00070000000234d5-88.dat	upx
behavioral2/memory/348-86-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp	upx
behavioral2/files/0x00070000000234d4-84.dat	upx
behavioral2/memory/4072-78-0x00007FF6CBE40000-0x00007FF6CC232000-memory.dmp	upx
behavioral2/memory/1548-77-0x00007FF71AAC0000-0x00007FF71AEB2000-memory.dmp	upx
behavioral2/memory/3180-70-0x00007FF638290000-0x00007FF638682000-memory.dmp	upx
behavioral2/memory/3296-58-0x00007FF717130000-0x00007FF717522000-memory.dmp	upx
behavioral2/files/0x00070000000234cf-49.dat	upx
behavioral2/files/0x00070000000234ce-46.dat	upx
behavioral2/files/0x00070000000234cd-34.dat	upx
behavioral2/files/0x00070000000234cc-29.dat	upx
behavioral2/memory/924-2721-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp	upx
behavioral2/memory/3620-2732-0x00007FF721D50000-0x00007FF722142000-memory.dmp	upx
behavioral2/memory/924-2734-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp	upx
behavioral2/memory/3296-2738-0x00007FF717130000-0x00007FF717522000-memory.dmp	upx
behavioral2/memory/3180-2740-0x00007FF638290000-0x00007FF638682000-memory.dmp	upx
behavioral2/memory/3508-2737-0x00007FF7F9200000-0x00007FF7F95F2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QBFhIaO.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\KmmAAkB.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\fCHceBZ.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\WpvcVhT.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\QWNlREY.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\aSNbYdW.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\SGyZSUT.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\qQZNVzL.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\YpVXtLt.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\WVmKdrA.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\axJGqdh.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\jrIbvBM.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\qQoPrIN.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\GNZYIPl.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\zZiQwUw.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\GgABcyQ.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\unkUUKw.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\vSsswwC.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\dzbYkyY.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\isPCBjS.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\YbPGoZV.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\jkBzNzV.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\dojgbGM.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\lVoChUm.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\mwadtNQ.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\tGqRSWh.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\peiMWmJ.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\duHbZzM.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\adZLvjv.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\ZKBcRlW.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\bnDbQMy.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\JZQkrBZ.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\BHcwQgl.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\uXIHcnU.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\HtYsWjN.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\vSOMwWx.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\FvBGsqA.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\cuRVuGL.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\krxOEaE.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\YgSwrlY.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\tIhueTh.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\bqDRxvI.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\cfXPyUy.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\cWDKmQk.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\YfnGVds.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\YmmqWci.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\aCHgzzX.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\YeEPAVt.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\QaWjmKv.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\XmvknJc.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\suPxzao.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\BERqsOt.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\hRtKGHQ.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\MUvfCkE.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\oAuDTDF.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\qjYLhmc.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\sMGEjaH.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\fybmtid.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\OnTVchN.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\iJqvdLu.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\zXCUqJn.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\jXvTCwB.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\zVLfjAW.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe
File created	C:\Windows\System\FZswjfX.exe	bad1dea2682fd1f0291cbff7c7185f90N.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFaultSecure.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFaultSecure.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFaultSecure.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2880	powershell.exe
2880	powershell.exe
2880	powershell.exe
15156	WerFaultSecure.exe
15156	WerFaultSecure.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe
Token: SeLockMemoryPrivilege	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe
Token: SeDebugPrivilege	2880	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 2880	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	85
PID 3480 wrote to memory of 2880	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	85
PID 3480 wrote to memory of 924	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	86
PID 3480 wrote to memory of 924	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	86
PID 3480 wrote to memory of 3620	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	87
PID 3480 wrote to memory of 3620	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	87
PID 3480 wrote to memory of 3508	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	88
PID 3480 wrote to memory of 3508	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	88
PID 3480 wrote to memory of 3296	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	89
PID 3480 wrote to memory of 3296	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	89
PID 3480 wrote to memory of 3180	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	90
PID 3480 wrote to memory of 3180	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	90
PID 3480 wrote to memory of 1036	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	91
PID 3480 wrote to memory of 1036	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	91
PID 3480 wrote to memory of 1548	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	92
PID 3480 wrote to memory of 1548	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	92
PID 3480 wrote to memory of 4072	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	93
PID 3480 wrote to memory of 4072	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	93
PID 3480 wrote to memory of 348	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	94
PID 3480 wrote to memory of 348	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	94
PID 3480 wrote to memory of 320	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	95
PID 3480 wrote to memory of 320	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	95
PID 3480 wrote to memory of 3416	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	96
PID 3480 wrote to memory of 3416	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	96
PID 3480 wrote to memory of 2296	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	97
PID 3480 wrote to memory of 2296	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	97
PID 3480 wrote to memory of 1656	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	98
PID 3480 wrote to memory of 1656	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	98
PID 3480 wrote to memory of 2284	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	99
PID 3480 wrote to memory of 2284	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	99
PID 3480 wrote to memory of 3460	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	100
PID 3480 wrote to memory of 3460	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	100
PID 3480 wrote to memory of 2688	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	101
PID 3480 wrote to memory of 2688	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	101
PID 3480 wrote to memory of 1412	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	102
PID 3480 wrote to memory of 1412	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	102
PID 3480 wrote to memory of 4608	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	103
PID 3480 wrote to memory of 4608	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	103
PID 3480 wrote to memory of 4276	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	104
PID 3480 wrote to memory of 4276	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	104
PID 3480 wrote to memory of 4664	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	105
PID 3480 wrote to memory of 4664	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	105
PID 3480 wrote to memory of 3696	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	106
PID 3480 wrote to memory of 3696	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	106
PID 3480 wrote to memory of 1416	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	107
PID 3480 wrote to memory of 1416	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	107
PID 3480 wrote to memory of 2400	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	108
PID 3480 wrote to memory of 2400	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	108
PID 3480 wrote to memory of 2124	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	109
PID 3480 wrote to memory of 2124	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	109
PID 3480 wrote to memory of 2148	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	110
PID 3480 wrote to memory of 2148	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	110
PID 3480 wrote to memory of 3932	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	111
PID 3480 wrote to memory of 3932	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	111
PID 3480 wrote to memory of 892	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	112
PID 3480 wrote to memory of 892	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	112
PID 3480 wrote to memory of 2584	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	113
PID 3480 wrote to memory of 2584	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	113
PID 3480 wrote to memory of 3136	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	114
PID 3480 wrote to memory of 3136	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	114
PID 3480 wrote to memory of 2904	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	115
PID 3480 wrote to memory of 2904	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	115
PID 3480 wrote to memory of 4528	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	116
PID 3480 wrote to memory of 4528	3480	bad1dea2682fd1f0291cbff7c7185f90N.exe	116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
1⤵
PID:2568
- C:\Windows\system32\WerFaultSecure.exe
  C:\Windows\system32\WerFaultSecure.exe -u -p 2568 -s 2132
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:15156

C:\Users\Admin\AppData\Local\Temp\bad1dea2682fd1f0291cbff7c7185f90N.exe
"C:\Users\Admin\AppData\Local\Temp\bad1dea2682fd1f0291cbff7c7185f90N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2880
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2880" "2984" "2924" "2988" "0" "0" "2992" "0" "0" "0" "0" "0"
    3⤵
    PID:12656
- C:\Windows\System\tpQllPR.exe
  C:\Windows\System\tpQllPR.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\JRjqEcv.exe
  C:\Windows\System\JRjqEcv.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\FQZpgkR.exe
  C:\Windows\System\FQZpgkR.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\ODfJjYh.exe
  C:\Windows\System\ODfJjYh.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\KwdrQnX.exe
  C:\Windows\System\KwdrQnX.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\JCIadGy.exe
  C:\Windows\System\JCIadGy.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\iXGZJGN.exe
  C:\Windows\System\iXGZJGN.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\vMtGDeT.exe
  C:\Windows\System\vMtGDeT.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\mGZqFfU.exe
  C:\Windows\System\mGZqFfU.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\aytnmdQ.exe
  C:\Windows\System\aytnmdQ.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\CgpqEXp.exe
  C:\Windows\System\CgpqEXp.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\itwygeq.exe
  C:\Windows\System\itwygeq.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\FlnESNm.exe
  C:\Windows\System\FlnESNm.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\YpAQySQ.exe
  C:\Windows\System\YpAQySQ.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\IuyHgwd.exe
  C:\Windows\System\IuyHgwd.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\HASKxPW.exe
  C:\Windows\System\HASKxPW.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\gglarqF.exe
  C:\Windows\System\gglarqF.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\BzpcgOd.exe
  C:\Windows\System\BzpcgOd.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\peiMWmJ.exe
  C:\Windows\System\peiMWmJ.exe
  2⤵
  - Executes dropped EXE
  PID:4276
- C:\Windows\System\bHwXlFH.exe
  C:\Windows\System\bHwXlFH.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\OxctAij.exe
  C:\Windows\System\OxctAij.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\CnERzRR.exe
  C:\Windows\System\CnERzRR.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\nNuiycu.exe
  C:\Windows\System\nNuiycu.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\QTpEibK.exe
  C:\Windows\System\QTpEibK.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\WwAKXWn.exe
  C:\Windows\System\WwAKXWn.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\fAerWiL.exe
  C:\Windows\System\fAerWiL.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\wRIdGeH.exe
  C:\Windows\System\wRIdGeH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\CHohpzf.exe
  C:\Windows\System\CHohpzf.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\AElZsMu.exe
  C:\Windows\System\AElZsMu.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\gSSjDYW.exe
  C:\Windows\System\gSSjDYW.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\EJKTWLr.exe
  C:\Windows\System\EJKTWLr.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\DaIUteE.exe
  C:\Windows\System\DaIUteE.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\NAWcDcy.exe
  C:\Windows\System\NAWcDcy.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\btTofSV.exe
  C:\Windows\System\btTofSV.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\tlihGgz.exe
  C:\Windows\System\tlihGgz.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\KNcgnjs.exe
  C:\Windows\System\KNcgnjs.exe
  2⤵
  - Executes dropped EXE
  PID:3848
- C:\Windows\System\hHePBUy.exe
  C:\Windows\System\hHePBUy.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\dojgbGM.exe
  C:\Windows\System\dojgbGM.exe
  2⤵
  - Executes dropped EXE
  PID:3560
- C:\Windows\System\vwfnllQ.exe
  C:\Windows\System\vwfnllQ.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\wUzApml.exe
  C:\Windows\System\wUzApml.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\sOAXmlF.exe
  C:\Windows\System\sOAXmlF.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\EyEDNcy.exe
  C:\Windows\System\EyEDNcy.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\CLowOOZ.exe
  C:\Windows\System\CLowOOZ.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\BurdZwT.exe
  C:\Windows\System\BurdZwT.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\qmwZGGO.exe
  C:\Windows\System\qmwZGGO.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\yyAEcwR.exe
  C:\Windows\System\yyAEcwR.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\ufFFGZt.exe
  C:\Windows\System\ufFFGZt.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\SLDaojs.exe
  C:\Windows\System\SLDaojs.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\FIPGhHc.exe
  C:\Windows\System\FIPGhHc.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\sjyaeJJ.exe
  C:\Windows\System\sjyaeJJ.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\uPBVcYi.exe
  C:\Windows\System\uPBVcYi.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\tUtmKJc.exe
  C:\Windows\System\tUtmKJc.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\NudXYyA.exe
  C:\Windows\System\NudXYyA.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\jvoWSNJ.exe
  C:\Windows\System\jvoWSNJ.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\GyjzGRf.exe
  C:\Windows\System\GyjzGRf.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\iLoCPtq.exe
  C:\Windows\System\iLoCPtq.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\wuprjLg.exe
  C:\Windows\System\wuprjLg.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\rwNYrMe.exe
  C:\Windows\System\rwNYrMe.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\MUvfCkE.exe
  C:\Windows\System\MUvfCkE.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\gaKpNgQ.exe
  C:\Windows\System\gaKpNgQ.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\uxTyruF.exe
  C:\Windows\System\uxTyruF.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\PjyWllA.exe
  C:\Windows\System\PjyWllA.exe
  2⤵
  - Executes dropped EXE
  PID:3304
- C:\Windows\System\SLFEcPV.exe
  C:\Windows\System\SLFEcPV.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\eGymOpw.exe
  C:\Windows\System\eGymOpw.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\wLdBGac.exe
  C:\Windows\System\wLdBGac.exe
  2⤵
  PID:3920
- C:\Windows\System\HFmsmgx.exe
  C:\Windows\System\HFmsmgx.exe
  2⤵
  PID:4480
- C:\Windows\System\DGbKMQi.exe
  C:\Windows\System\DGbKMQi.exe
  2⤵
  PID:3520
- C:\Windows\System\cmpbFTm.exe
  C:\Windows\System\cmpbFTm.exe
  2⤵
  PID:1192
- C:\Windows\System\AZFzwFa.exe
  C:\Windows\System\AZFzwFa.exe
  2⤵
  PID:4976
- C:\Windows\System\bjgaGjO.exe
  C:\Windows\System\bjgaGjO.exe
  2⤵
  PID:3960
- C:\Windows\System\asDxQve.exe
  C:\Windows\System\asDxQve.exe
  2⤵
  PID:4560
- C:\Windows\System\NCeVcAj.exe
  C:\Windows\System\NCeVcAj.exe
  2⤵
  PID:1764
- C:\Windows\System\zONOHAj.exe
  C:\Windows\System\zONOHAj.exe
  2⤵
  PID:5168
- C:\Windows\System\dEgFQlM.exe
  C:\Windows\System\dEgFQlM.exe
  2⤵
  PID:5188
- C:\Windows\System\zZGJfEu.exe
  C:\Windows\System\zZGJfEu.exe
  2⤵
  PID:5216
- C:\Windows\System\upfxHlr.exe
  C:\Windows\System\upfxHlr.exe
  2⤵
  PID:5232
- C:\Windows\System\WAJQJDN.exe
  C:\Windows\System\WAJQJDN.exe
  2⤵
  PID:5260
- C:\Windows\System\MsbSALn.exe
  C:\Windows\System\MsbSALn.exe
  2⤵
  PID:5284
- C:\Windows\System\MlfJqdQ.exe
  C:\Windows\System\MlfJqdQ.exe
  2⤵
  PID:5316
- C:\Windows\System\ozYxckx.exe
  C:\Windows\System\ozYxckx.exe
  2⤵
  PID:5344
- C:\Windows\System\DywcyGt.exe
  C:\Windows\System\DywcyGt.exe
  2⤵
  PID:5376
- C:\Windows\System\dVcgSwx.exe
  C:\Windows\System\dVcgSwx.exe
  2⤵
  PID:5404
- C:\Windows\System\aHeaEJe.exe
  C:\Windows\System\aHeaEJe.exe
  2⤵
  PID:5436
- C:\Windows\System\buFRfoS.exe
  C:\Windows\System\buFRfoS.exe
  2⤵
  PID:5468
- C:\Windows\System\ZvjDkwN.exe
  C:\Windows\System\ZvjDkwN.exe
  2⤵
  PID:5492
- C:\Windows\System\FcDaTUG.exe
  C:\Windows\System\FcDaTUG.exe
  2⤵
  PID:5520
- C:\Windows\System\wkuZIXs.exe
  C:\Windows\System\wkuZIXs.exe
  2⤵
  PID:5548
- C:\Windows\System\tzGOMjR.exe
  C:\Windows\System\tzGOMjR.exe
  2⤵
  PID:5576
- C:\Windows\System\oOTNMAw.exe
  C:\Windows\System\oOTNMAw.exe
  2⤵
  PID:5612
- C:\Windows\System\tvCFClW.exe
  C:\Windows\System\tvCFClW.exe
  2⤵
  PID:5640
- C:\Windows\System\dYHojWl.exe
  C:\Windows\System\dYHojWl.exe
  2⤵
  PID:5664
- C:\Windows\System\apmbnvp.exe
  C:\Windows\System\apmbnvp.exe
  2⤵
  PID:5696
- C:\Windows\System\vEjoPcs.exe
  C:\Windows\System\vEjoPcs.exe
  2⤵
  PID:5724
- C:\Windows\System\hTPArwO.exe
  C:\Windows\System\hTPArwO.exe
  2⤵
  PID:5752
- C:\Windows\System\wEdHGID.exe
  C:\Windows\System\wEdHGID.exe
  2⤵
  PID:5780
- C:\Windows\System\tZGErIx.exe
  C:\Windows\System\tZGErIx.exe
  2⤵
  PID:5804
- C:\Windows\System\WdNmKAE.exe
  C:\Windows\System\WdNmKAE.exe
  2⤵
  PID:5836
- C:\Windows\System\XhNlILP.exe
  C:\Windows\System\XhNlILP.exe
  2⤵
  PID:5864
- C:\Windows\System\RsvFttz.exe
  C:\Windows\System\RsvFttz.exe
  2⤵
  PID:5892
- C:\Windows\System\RHPEgfo.exe
  C:\Windows\System\RHPEgfo.exe
  2⤵
  PID:5920
- C:\Windows\System\zXCUqJn.exe
  C:\Windows\System\zXCUqJn.exe
  2⤵
  PID:5948
- C:\Windows\System\FViBTYL.exe
  C:\Windows\System\FViBTYL.exe
  2⤵
  PID:5980
- C:\Windows\System\bnDbQMy.exe
  C:\Windows\System\bnDbQMy.exe
  2⤵
  PID:6008
- C:\Windows\System\hrPeCZF.exe
  C:\Windows\System\hrPeCZF.exe
  2⤵
  PID:6032
- C:\Windows\System\dMkaVkx.exe
  C:\Windows\System\dMkaVkx.exe
  2⤵
  PID:6064
- C:\Windows\System\DusyYXY.exe
  C:\Windows\System\DusyYXY.exe
  2⤵
  PID:6092
- C:\Windows\System\djSwvvA.exe
  C:\Windows\System\djSwvvA.exe
  2⤵
  PID:6128
- C:\Windows\System\UPPoYtV.exe
  C:\Windows\System\UPPoYtV.exe
  2⤵
  PID:4848
- C:\Windows\System\mWdRQtt.exe
  C:\Windows\System\mWdRQtt.exe
  2⤵
  PID:4948
- C:\Windows\System\JzzqWsZ.exe
  C:\Windows\System\JzzqWsZ.exe
  2⤵
  PID:2956
- C:\Windows\System\jARAqSH.exe
  C:\Windows\System\jARAqSH.exe
  2⤵
  PID:1952
- C:\Windows\System\EMCOBTR.exe
  C:\Windows\System\EMCOBTR.exe
  2⤵
  PID:1880
- C:\Windows\System\ypQhvIv.exe
  C:\Windows\System\ypQhvIv.exe
  2⤵
  PID:4164
- C:\Windows\System\CxIlEVG.exe
  C:\Windows\System\CxIlEVG.exe
  2⤵
  PID:1168
- C:\Windows\System\CFVyiVb.exe
  C:\Windows\System\CFVyiVb.exe
  2⤵
  PID:5132
- C:\Windows\System\yBByXYu.exe
  C:\Windows\System\yBByXYu.exe
  2⤵
  PID:5184
- C:\Windows\System\QWNlREY.exe
  C:\Windows\System\QWNlREY.exe
  2⤵
  PID:180
- C:\Windows\System\rQBlIwY.exe
  C:\Windows\System\rQBlIwY.exe
  2⤵
  PID:5308
- C:\Windows\System\HiaadPu.exe
  C:\Windows\System\HiaadPu.exe
  2⤵
  PID:5364
- C:\Windows\System\VDEbASB.exe
  C:\Windows\System\VDEbASB.exe
  2⤵
  PID:5428
- C:\Windows\System\lVoChUm.exe
  C:\Windows\System\lVoChUm.exe
  2⤵
  PID:5508
- C:\Windows\System\yieaoeg.exe
  C:\Windows\System\yieaoeg.exe
  2⤵
  PID:5564
- C:\Windows\System\duHbZzM.exe
  C:\Windows\System\duHbZzM.exe
  2⤵
  PID:5624
- C:\Windows\System\ntRfDDf.exe
  C:\Windows\System\ntRfDDf.exe
  2⤵
  PID:5680
- C:\Windows\System\cClwazv.exe
  C:\Windows\System\cClwazv.exe
  2⤵
  PID:5736
- C:\Windows\System\XtYTWjC.exe
  C:\Windows\System\XtYTWjC.exe
  2⤵
  PID:5796
- C:\Windows\System\sVvaHxg.exe
  C:\Windows\System\sVvaHxg.exe
  2⤵
  PID:5856
- C:\Windows\System\JvZruOP.exe
  C:\Windows\System\JvZruOP.exe
  2⤵
  PID:2752
- C:\Windows\System\vSOMwWx.exe
  C:\Windows\System\vSOMwWx.exe
  2⤵
  PID:5968
- C:\Windows\System\aCHgzzX.exe
  C:\Windows\System\aCHgzzX.exe
  2⤵
  PID:6024
- C:\Windows\System\Bpzueza.exe
  C:\Windows\System\Bpzueza.exe
  2⤵
  PID:6080
- C:\Windows\System\ZIaFAXJ.exe
  C:\Windows\System\ZIaFAXJ.exe
  2⤵
  PID:6124
- C:\Windows\System\TYalgtx.exe
  C:\Windows\System\TYalgtx.exe
  2⤵
  PID:2312
- C:\Windows\System\VSNVVJo.exe
  C:\Windows\System\VSNVVJo.exe
  2⤵
  PID:1432
- C:\Windows\System\eUcdUhB.exe
  C:\Windows\System\eUcdUhB.exe
  2⤵
  PID:3456
- C:\Windows\System\hxdrRlL.exe
  C:\Windows\System\hxdrRlL.exe
  2⤵
  PID:5144
- C:\Windows\System\XFkRiNk.exe
  C:\Windows\System\XFkRiNk.exe
  2⤵
  PID:5272
- C:\Windows\System\kaQRVor.exe
  C:\Windows\System\kaQRVor.exe
  2⤵
  PID:5420
- C:\Windows\System\STlyRID.exe
  C:\Windows\System\STlyRID.exe
  2⤵
  PID:5540
- C:\Windows\System\cfXPyUy.exe
  C:\Windows\System\cfXPyUy.exe
  2⤵
  PID:5708
- C:\Windows\System\wYFujbs.exe
  C:\Windows\System\wYFujbs.exe
  2⤵
  PID:5824
- C:\Windows\System\aGNcSmX.exe
  C:\Windows\System\aGNcSmX.exe
  2⤵
  PID:5908
- C:\Windows\System\vCFDxSF.exe
  C:\Windows\System\vCFDxSF.exe
  2⤵
  PID:6056
- C:\Windows\System\mTIimMo.exe
  C:\Windows\System\mTIimMo.exe
  2⤵
  PID:3868
- C:\Windows\System\xOHFfPO.exe
  C:\Windows\System\xOHFfPO.exe
  2⤵
  PID:3004
- C:\Windows\System\iXJKUla.exe
  C:\Windows\System\iXJKUla.exe
  2⤵
  PID:3408
- C:\Windows\System\ZZwKtkY.exe
  C:\Windows\System\ZZwKtkY.exe
  2⤵
  PID:5228
- C:\Windows\System\qyvGbDA.exe
  C:\Windows\System\qyvGbDA.exe
  2⤵
  PID:5400
- C:\Windows\System\BRsufdy.exe
  C:\Windows\System\BRsufdy.exe
  2⤵
  PID:5652
- C:\Windows\System\GZiDcng.exe
  C:\Windows\System\GZiDcng.exe
  2⤵
  PID:5772
- C:\Windows\System\NtBEYnR.exe
  C:\Windows\System\NtBEYnR.exe
  2⤵
  PID:1628
- C:\Windows\System\mLWZwuY.exe
  C:\Windows\System\mLWZwuY.exe
  2⤵
  PID:3872
- C:\Windows\System\NvFvTXT.exe
  C:\Windows\System\NvFvTXT.exe
  2⤵
  PID:2656
- C:\Windows\System\oMYwJLi.exe
  C:\Windows\System\oMYwJLi.exe
  2⤵
  PID:5112
- C:\Windows\System\zMMQzxS.exe
  C:\Windows\System\zMMQzxS.exe
  2⤵
  PID:312
- C:\Windows\System\BxFAdUZ.exe
  C:\Windows\System\BxFAdUZ.exe
  2⤵
  PID:3288
- C:\Windows\System\ISMAmye.exe
  C:\Windows\System\ISMAmye.exe
  2⤵
  PID:6172
- C:\Windows\System\YKpxZZk.exe
  C:\Windows\System\YKpxZZk.exe
  2⤵
  PID:6200
- C:\Windows\System\LOpmsXQ.exe
  C:\Windows\System\LOpmsXQ.exe
  2⤵
  PID:6228
- C:\Windows\System\shmOtdG.exe
  C:\Windows\System\shmOtdG.exe
  2⤵
  PID:6256
- C:\Windows\System\qQoPrIN.exe
  C:\Windows\System\qQoPrIN.exe
  2⤵
  PID:6284
- C:\Windows\System\pDIjZkR.exe
  C:\Windows\System\pDIjZkR.exe
  2⤵
  PID:6312
- C:\Windows\System\azGDXJD.exe
  C:\Windows\System\azGDXJD.exe
  2⤵
  PID:6340
- C:\Windows\System\UZSjyom.exe
  C:\Windows\System\UZSjyom.exe
  2⤵
  PID:6368
- C:\Windows\System\OAJaftQ.exe
  C:\Windows\System\OAJaftQ.exe
  2⤵
  PID:6396
- C:\Windows\System\FvBGsqA.exe
  C:\Windows\System\FvBGsqA.exe
  2⤵
  PID:6424
- C:\Windows\System\CQgXJtn.exe
  C:\Windows\System\CQgXJtn.exe
  2⤵
  PID:6452
- C:\Windows\System\PqFSJMK.exe
  C:\Windows\System\PqFSJMK.exe
  2⤵
  PID:6480
- C:\Windows\System\QsPpRHn.exe
  C:\Windows\System\QsPpRHn.exe
  2⤵
  PID:6508
- C:\Windows\System\MrFmHVF.exe
  C:\Windows\System\MrFmHVF.exe
  2⤵
  PID:6536
- C:\Windows\System\kTClSmD.exe
  C:\Windows\System\kTClSmD.exe
  2⤵
  PID:6564
- C:\Windows\System\GTvDoOd.exe
  C:\Windows\System\GTvDoOd.exe
  2⤵
  PID:6592
- C:\Windows\System\fnkmevQ.exe
  C:\Windows\System\fnkmevQ.exe
  2⤵
  PID:6620
- C:\Windows\System\ryGHlgn.exe
  C:\Windows\System\ryGHlgn.exe
  2⤵
  PID:6648
- C:\Windows\System\gVgQkEA.exe
  C:\Windows\System\gVgQkEA.exe
  2⤵
  PID:6676
- C:\Windows\System\yanIwbz.exe
  C:\Windows\System\yanIwbz.exe
  2⤵
  PID:6704
- C:\Windows\System\pVFYulw.exe
  C:\Windows\System\pVFYulw.exe
  2⤵
  PID:6732
- C:\Windows\System\GDgSZfP.exe
  C:\Windows\System\GDgSZfP.exe
  2⤵
  PID:6760
- C:\Windows\System\wDKVvNc.exe
  C:\Windows\System\wDKVvNc.exe
  2⤵
  PID:6788
- C:\Windows\System\jZIVNEv.exe
  C:\Windows\System\jZIVNEv.exe
  2⤵
  PID:6816
- C:\Windows\System\RyXBuUn.exe
  C:\Windows\System\RyXBuUn.exe
  2⤵
  PID:6844
- C:\Windows\System\CbeoLXF.exe
  C:\Windows\System\CbeoLXF.exe
  2⤵
  PID:6872
- C:\Windows\System\DdeJJtM.exe
  C:\Windows\System\DdeJJtM.exe
  2⤵
  PID:6904
- C:\Windows\System\FLDVxKN.exe
  C:\Windows\System\FLDVxKN.exe
  2⤵
  PID:6928
- C:\Windows\System\aPrAoGO.exe
  C:\Windows\System\aPrAoGO.exe
  2⤵
  PID:6956
- C:\Windows\System\RlZKcTl.exe
  C:\Windows\System\RlZKcTl.exe
  2⤵
  PID:6988
- C:\Windows\System\gAVMqsr.exe
  C:\Windows\System\gAVMqsr.exe
  2⤵
  PID:7016
- C:\Windows\System\uejUSCA.exe
  C:\Windows\System\uejUSCA.exe
  2⤵
  PID:7040
- C:\Windows\System\zoNTAvp.exe
  C:\Windows\System\zoNTAvp.exe
  2⤵
  PID:7068
- C:\Windows\System\OiqfYVB.exe
  C:\Windows\System\OiqfYVB.exe
  2⤵
  PID:7096
- C:\Windows\System\QKMobMU.exe
  C:\Windows\System\QKMobMU.exe
  2⤵
  PID:7124
- C:\Windows\System\sqiCKqX.exe
  C:\Windows\System\sqiCKqX.exe
  2⤵
  PID:7152
- C:\Windows\System\shbrsaE.exe
  C:\Windows\System\shbrsaE.exe
  2⤵
  PID:4972
- C:\Windows\System\ivNdnxt.exe
  C:\Windows\System\ivNdnxt.exe
  2⤵
  PID:940
- C:\Windows\System\RxcrwEj.exe
  C:\Windows\System\RxcrwEj.exe
  2⤵
  PID:6168
- C:\Windows\System\uBgyUAn.exe
  C:\Windows\System\uBgyUAn.exe
  2⤵
  PID:6244
- C:\Windows\System\uPOQGst.exe
  C:\Windows\System\uPOQGst.exe
  2⤵
  PID:6304
- C:\Windows\System\HECnMPX.exe
  C:\Windows\System\HECnMPX.exe
  2⤵
  PID:6364
- C:\Windows\System\EbVBeHC.exe
  C:\Windows\System\EbVBeHC.exe
  2⤵
  PID:6440
- C:\Windows\System\VpqdcFQ.exe
  C:\Windows\System\VpqdcFQ.exe
  2⤵
  PID:6500
- C:\Windows\System\anYQmGP.exe
  C:\Windows\System\anYQmGP.exe
  2⤵
  PID:6560
- C:\Windows\System\xxzWVlu.exe
  C:\Windows\System\xxzWVlu.exe
  2⤵
  PID:6644
- C:\Windows\System\SFqJzPI.exe
  C:\Windows\System\SFqJzPI.exe
  2⤵
  PID:6700
- C:\Windows\System\NhmePLj.exe
  C:\Windows\System\NhmePLj.exe
  2⤵
  PID:6756
- C:\Windows\System\vBzCwXL.exe
  C:\Windows\System\vBzCwXL.exe
  2⤵
  PID:6832
- C:\Windows\System\oCgVGIa.exe
  C:\Windows\System\oCgVGIa.exe
  2⤵
  PID:6892
- C:\Windows\System\pBLoeQs.exe
  C:\Windows\System\pBLoeQs.exe
  2⤵
  PID:6948
- C:\Windows\System\tDvYTfI.exe
  C:\Windows\System\tDvYTfI.exe
  2⤵
  PID:7028
- C:\Windows\System\CFGuohW.exe
  C:\Windows\System\CFGuohW.exe
  2⤵
  PID:7084
- C:\Windows\System\lqteRMs.exe
  C:\Windows\System\lqteRMs.exe
  2⤵
  PID:5904
- C:\Windows\System\FYFjaVZ.exe
  C:\Windows\System\FYFjaVZ.exe
  2⤵
  PID:6280
- C:\Windows\System\MuYvfnI.exe
  C:\Windows\System\MuYvfnI.exe
  2⤵
  PID:6412
- C:\Windows\System\GdHPidn.exe
  C:\Windows\System\GdHPidn.exe
  2⤵
  PID:6588
- C:\Windows\System\HHdsSOw.exe
  C:\Windows\System\HHdsSOw.exe
  2⤵
  PID:6696
- C:\Windows\System\IhRTxEQ.exe
  C:\Windows\System\IhRTxEQ.exe
  2⤵
  PID:6752
- C:\Windows\System\hPrqpPY.exe
  C:\Windows\System\hPrqpPY.exe
  2⤵
  PID:2704
- C:\Windows\System\wSUgyXj.exe
  C:\Windows\System\wSUgyXj.exe
  2⤵
  PID:1692
- C:\Windows\System\YBgUuDV.exe
  C:\Windows\System\YBgUuDV.exe
  2⤵
  PID:3348
- C:\Windows\System\npvymib.exe
  C:\Windows\System\npvymib.exe
  2⤵
  PID:4068
- C:\Windows\System\fQUhZqY.exe
  C:\Windows\System\fQUhZqY.exe
  2⤵
  PID:4548
- C:\Windows\System\ZsjGoKg.exe
  C:\Windows\System\ZsjGoKg.exe
  2⤵
  PID:6868
- C:\Windows\System\WwrFYSh.exe
  C:\Windows\System\WwrFYSh.exe
  2⤵
  PID:3076
- C:\Windows\System\xaxayio.exe
  C:\Windows\System\xaxayio.exe
  2⤵
  PID:6336
- C:\Windows\System\hOEmpUI.exe
  C:\Windows\System\hOEmpUI.exe
  2⤵
  PID:5020
- C:\Windows\System\NCroRMj.exe
  C:\Windows\System\NCroRMj.exe
  2⤵
  PID:6924
- C:\Windows\System\rsajQXv.exe
  C:\Windows\System\rsajQXv.exe
  2⤵
  PID:1200
- C:\Windows\System\QDnLYcM.exe
  C:\Windows\System\QDnLYcM.exe
  2⤵
  PID:7184
- C:\Windows\System\KlmWhpf.exe
  C:\Windows\System\KlmWhpf.exe
  2⤵
  PID:7208
- C:\Windows\System\vJeWDvi.exe
  C:\Windows\System\vJeWDvi.exe
  2⤵
  PID:7228
- C:\Windows\System\LpsOiFz.exe
  C:\Windows\System\LpsOiFz.exe
  2⤵
  PID:7244
- C:\Windows\System\sQxnbJd.exe
  C:\Windows\System\sQxnbJd.exe
  2⤵
  PID:7292
- C:\Windows\System\bCZQcpe.exe
  C:\Windows\System\bCZQcpe.exe
  2⤵
  PID:7312
- C:\Windows\System\TzHghDH.exe
  C:\Windows\System\TzHghDH.exe
  2⤵
  PID:7364
- C:\Windows\System\NcNAMWq.exe
  C:\Windows\System\NcNAMWq.exe
  2⤵
  PID:7408
- C:\Windows\System\dnRwNjS.exe
  C:\Windows\System\dnRwNjS.exe
  2⤵
  PID:7432
- C:\Windows\System\jxChasv.exe
  C:\Windows\System\jxChasv.exe
  2⤵
  PID:7452
- C:\Windows\System\cIeAevP.exe
  C:\Windows\System\cIeAevP.exe
  2⤵
  PID:7468
- C:\Windows\System\MXQlBCr.exe
  C:\Windows\System\MXQlBCr.exe
  2⤵
  PID:7496
- C:\Windows\System\cbUTziu.exe
  C:\Windows\System\cbUTziu.exe
  2⤵
  PID:7512
- C:\Windows\System\SFHfWZM.exe
  C:\Windows\System\SFHfWZM.exe
  2⤵
  PID:7532
- C:\Windows\System\gwunaPS.exe
  C:\Windows\System\gwunaPS.exe
  2⤵
  PID:7568
- C:\Windows\System\jWiNiYU.exe
  C:\Windows\System\jWiNiYU.exe
  2⤵
  PID:7640
- C:\Windows\System\aTVZLvi.exe
  C:\Windows\System\aTVZLvi.exe
  2⤵
  PID:7660
- C:\Windows\System\egMwwcC.exe
  C:\Windows\System\egMwwcC.exe
  2⤵
  PID:7688
- C:\Windows\System\qYEfOXD.exe
  C:\Windows\System\qYEfOXD.exe
  2⤵
  PID:7716
- C:\Windows\System\dpLOkvB.exe
  C:\Windows\System\dpLOkvB.exe
  2⤵
  PID:7736
- C:\Windows\System\aCCjeAM.exe
  C:\Windows\System\aCCjeAM.exe
  2⤵
  PID:7752
- C:\Windows\System\bYLBMBI.exe
  C:\Windows\System\bYLBMBI.exe
  2⤵
  PID:7772
- C:\Windows\System\ZTKRIQg.exe
  C:\Windows\System\ZTKRIQg.exe
  2⤵
  PID:7796
- C:\Windows\System\GgGnAKm.exe
  C:\Windows\System\GgGnAKm.exe
  2⤵
  PID:7816
- C:\Windows\System\ozVibVK.exe
  C:\Windows\System\ozVibVK.exe
  2⤵
  PID:7836
- C:\Windows\System\QCKNvKM.exe
  C:\Windows\System\QCKNvKM.exe
  2⤵
  PID:7856
- C:\Windows\System\TqnoeFr.exe
  C:\Windows\System\TqnoeFr.exe
  2⤵
  PID:7880
- C:\Windows\System\cpsbUpL.exe
  C:\Windows\System\cpsbUpL.exe
  2⤵
  PID:7896
- C:\Windows\System\sOqBcPf.exe
  C:\Windows\System\sOqBcPf.exe
  2⤵
  PID:7976
- C:\Windows\System\dtdeEJy.exe
  C:\Windows\System\dtdeEJy.exe
  2⤵
  PID:8008
- C:\Windows\System\USIGkzl.exe
  C:\Windows\System\USIGkzl.exe
  2⤵
  PID:8024
- C:\Windows\System\riSoqxP.exe
  C:\Windows\System\riSoqxP.exe
  2⤵
  PID:8048
- C:\Windows\System\yRcdNUv.exe
  C:\Windows\System\yRcdNUv.exe
  2⤵
  PID:8092
- C:\Windows\System\ZINDyxG.exe
  C:\Windows\System\ZINDyxG.exe
  2⤵
  PID:8108
- C:\Windows\System\jqslMSI.exe
  C:\Windows\System\jqslMSI.exe
  2⤵
  PID:8128
- C:\Windows\System\vhbyJSO.exe
  C:\Windows\System\vhbyJSO.exe
  2⤵
  PID:8152
- C:\Windows\System\mwCQISC.exe
  C:\Windows\System\mwCQISC.exe
  2⤵
  PID:8180
- C:\Windows\System\vpZSWvM.exe
  C:\Windows\System\vpZSWvM.exe
  2⤵
  PID:3236
- C:\Windows\System\cvwuflU.exe
  C:\Windows\System\cvwuflU.exe
  2⤵
  PID:7224
- C:\Windows\System\rcoogJy.exe
  C:\Windows\System\rcoogJy.exe
  2⤵
  PID:7352
- C:\Windows\System\vEGtnMK.exe
  C:\Windows\System\vEGtnMK.exe
  2⤵
  PID:7416
- C:\Windows\System\atuMdzK.exe
  C:\Windows\System\atuMdzK.exe
  2⤵
  PID:7424
- C:\Windows\System\vSsswwC.exe
  C:\Windows\System\vSsswwC.exe
  2⤵
  PID:7476
- C:\Windows\System\FNjSyEv.exe
  C:\Windows\System\FNjSyEv.exe
  2⤵
  PID:7484
- C:\Windows\System\rvMdvGd.exe
  C:\Windows\System\rvMdvGd.exe
  2⤵
  PID:7588
- C:\Windows\System\xYXIXcf.exe
  C:\Windows\System\xYXIXcf.exe
  2⤵
  PID:7632
- C:\Windows\System\HvdjvnI.exe
  C:\Windows\System\HvdjvnI.exe
  2⤵
  PID:7684
- C:\Windows\System\wVWPtat.exe
  C:\Windows\System\wVWPtat.exe
  2⤵
  PID:7724
- C:\Windows\System\iTvmWAH.exe
  C:\Windows\System\iTvmWAH.exe
  2⤵
  PID:7792
- C:\Windows\System\hACQBTy.exe
  C:\Windows\System\hACQBTy.exe
  2⤵
  PID:7832
- C:\Windows\System\xMJpvvl.exe
  C:\Windows\System\xMJpvvl.exe
  2⤵
  PID:7864
- C:\Windows\System\HFYcVfr.exe
  C:\Windows\System\HFYcVfr.exe
  2⤵
  PID:7888
- C:\Windows\System\nopVGpY.exe
  C:\Windows\System\nopVGpY.exe
  2⤵
  PID:7972
- C:\Windows\System\BljNkzz.exe
  C:\Windows\System\BljNkzz.exe
  2⤵
  PID:8040
- C:\Windows\System\fQreDQm.exe
  C:\Windows\System\fQreDQm.exe
  2⤵
  PID:8148
- C:\Windows\System\pvDSbtd.exe
  C:\Windows\System\pvDSbtd.exe
  2⤵
  PID:3372
- C:\Windows\System\TmodBSQ.exe
  C:\Windows\System\TmodBSQ.exe
  2⤵
  PID:7524
- C:\Windows\System\cWDKmQk.exe
  C:\Windows\System\cWDKmQk.exe
  2⤵
  PID:7604
- C:\Windows\System\YaAiVSe.exe
  C:\Windows\System\YaAiVSe.exe
  2⤵
  PID:7892
- C:\Windows\System\sAJpULD.exe
  C:\Windows\System\sAJpULD.exe
  2⤵
  PID:8176
- C:\Windows\System\qxlFGJq.exe
  C:\Windows\System\qxlFGJq.exe
  2⤵
  PID:8016
- C:\Windows\System\uvwTFqV.exe
  C:\Windows\System\uvwTFqV.exe
  2⤵
  PID:7260
- C:\Windows\System\HyeFUSj.exe
  C:\Windows\System\HyeFUSj.exe
  2⤵
  PID:7508
- C:\Windows\System\XzyBrdK.exe
  C:\Windows\System\XzyBrdK.exe
  2⤵
  PID:8104
- C:\Windows\System\MTGRNpZ.exe
  C:\Windows\System\MTGRNpZ.exe
  2⤵
  PID:7848
- C:\Windows\System\HvJkIWt.exe
  C:\Windows\System\HvJkIWt.exe
  2⤵
  PID:8200
- C:\Windows\System\UfNczgf.exe
  C:\Windows\System\UfNczgf.exe
  2⤵
  PID:8220
- C:\Windows\System\hNHuqsw.exe
  C:\Windows\System\hNHuqsw.exe
  2⤵
  PID:8240
- C:\Windows\System\SzyuuXl.exe
  C:\Windows\System\SzyuuXl.exe
  2⤵
  PID:8264
- C:\Windows\System\POjbGUP.exe
  C:\Windows\System\POjbGUP.exe
  2⤵
  PID:8280
- C:\Windows\System\EMHCTQK.exe
  C:\Windows\System\EMHCTQK.exe
  2⤵
  PID:8296
- C:\Windows\System\MGjPBpQ.exe
  C:\Windows\System\MGjPBpQ.exe
  2⤵
  PID:8316
- C:\Windows\System\eRFpPEa.exe
  C:\Windows\System\eRFpPEa.exe
  2⤵
  PID:8336
- C:\Windows\System\briaICr.exe
  C:\Windows\System\briaICr.exe
  2⤵
  PID:8360
- C:\Windows\System\DJNoaaT.exe
  C:\Windows\System\DJNoaaT.exe
  2⤵
  PID:8396
- C:\Windows\System\FLTpGnR.exe
  C:\Windows\System\FLTpGnR.exe
  2⤵
  PID:8420
- C:\Windows\System\XFkubca.exe
  C:\Windows\System\XFkubca.exe
  2⤵
  PID:8436
- C:\Windows\System\GgIDMmV.exe
  C:\Windows\System\GgIDMmV.exe
  2⤵
  PID:8460
- C:\Windows\System\qlrJzhX.exe
  C:\Windows\System\qlrJzhX.exe
  2⤵
  PID:8476
- C:\Windows\System\NOPJNLW.exe
  C:\Windows\System\NOPJNLW.exe
  2⤵
  PID:8504
- C:\Windows\System\uGnbCQE.exe
  C:\Windows\System\uGnbCQE.exe
  2⤵
  PID:8556
- C:\Windows\System\RdnuhNj.exe
  C:\Windows\System\RdnuhNj.exe
  2⤵
  PID:8616
- C:\Windows\System\VaCOVxC.exe
  C:\Windows\System\VaCOVxC.exe
  2⤵
  PID:8660
- C:\Windows\System\XyoURQb.exe
  C:\Windows\System\XyoURQb.exe
  2⤵
  PID:8680
- C:\Windows\System\APHBNjm.exe
  C:\Windows\System\APHBNjm.exe
  2⤵
  PID:8704
- C:\Windows\System\pWaffGg.exe
  C:\Windows\System\pWaffGg.exe
  2⤵
  PID:8768
- C:\Windows\System\HTBeeLf.exe
  C:\Windows\System\HTBeeLf.exe
  2⤵
  PID:8788
- C:\Windows\System\kUGaCsk.exe
  C:\Windows\System\kUGaCsk.exe
  2⤵
  PID:8820
- C:\Windows\System\FSrGHUm.exe
  C:\Windows\System\FSrGHUm.exe
  2⤵
  PID:8844
- C:\Windows\System\BltyknV.exe
  C:\Windows\System\BltyknV.exe
  2⤵
  PID:8872
- C:\Windows\System\gFmfKyq.exe
  C:\Windows\System\gFmfKyq.exe
  2⤵
  PID:8904
- C:\Windows\System\uzKbsNS.exe
  C:\Windows\System\uzKbsNS.exe
  2⤵
  PID:8932
- C:\Windows\System\TgwNaDQ.exe
  C:\Windows\System\TgwNaDQ.exe
  2⤵
  PID:8948
- C:\Windows\System\zMyktDB.exe
  C:\Windows\System\zMyktDB.exe
  2⤵
  PID:8976
- C:\Windows\System\AiFgmVV.exe
  C:\Windows\System\AiFgmVV.exe
  2⤵
  PID:8996
- C:\Windows\System\ZstUsRq.exe
  C:\Windows\System\ZstUsRq.exe
  2⤵
  PID:9016
- C:\Windows\System\ryexVrE.exe
  C:\Windows\System\ryexVrE.exe
  2⤵
  PID:9080
- C:\Windows\System\werbMLw.exe
  C:\Windows\System\werbMLw.exe
  2⤵
  PID:9120
- C:\Windows\System\ROcPESw.exe
  C:\Windows\System\ROcPESw.exe
  2⤵
  PID:9140
- C:\Windows\System\GloLzOq.exe
  C:\Windows\System\GloLzOq.exe
  2⤵
  PID:9156
- C:\Windows\System\DETPEqD.exe
  C:\Windows\System\DETPEqD.exe
  2⤵
  PID:9176
- C:\Windows\System\KmmAAkB.exe
  C:\Windows\System\KmmAAkB.exe
  2⤵
  PID:9192
- C:\Windows\System\piVIuMs.exe
  C:\Windows\System\piVIuMs.exe
  2⤵
  PID:9212
- C:\Windows\System\qsPVLAV.exe
  C:\Windows\System\qsPVLAV.exe
  2⤵
  PID:8216
- C:\Windows\System\SkvuzXv.exe
  C:\Windows\System\SkvuzXv.exe
  2⤵
  PID:8288
- C:\Windows\System\uveFEUT.exe
  C:\Windows\System\uveFEUT.exe
  2⤵
  PID:8312
- C:\Windows\System\NAqPYVW.exe
  C:\Windows\System\NAqPYVW.exe
  2⤵
  PID:8248
- C:\Windows\System\tuWvoYT.exe
  C:\Windows\System\tuWvoYT.exe
  2⤵
  PID:8232
- C:\Windows\System\TAeqxxp.exe
  C:\Windows\System\TAeqxxp.exe
  2⤵
  PID:8392
- C:\Windows\System\SGyZSUT.exe
  C:\Windows\System\SGyZSUT.exe
  2⤵
  PID:8428
- C:\Windows\System\asFDnuM.exe
  C:\Windows\System\asFDnuM.exe
  2⤵
  PID:8548
- C:\Windows\System\IZhaTHy.exe
  C:\Windows\System\IZhaTHy.exe
  2⤵
  PID:4472
- C:\Windows\System\YDcXobd.exe
  C:\Windows\System\YDcXobd.exe
  2⤵
  PID:8764
- C:\Windows\System\OMgIEom.exe
  C:\Windows\System\OMgIEom.exe
  2⤵
  PID:8928
- C:\Windows\System\UhsVAcf.exe
  C:\Windows\System\UhsVAcf.exe
  2⤵
  PID:9008
- C:\Windows\System\mpzAhgs.exe
  C:\Windows\System\mpzAhgs.exe
  2⤵
  PID:9092
- C:\Windows\System\kqajlbH.exe
  C:\Windows\System\kqajlbH.exe
  2⤵
  PID:9136
- C:\Windows\System\HfgqaCn.exe
  C:\Windows\System\HfgqaCn.exe
  2⤵
  PID:9200
- C:\Windows\System\lojHRZr.exe
  C:\Windows\System\lojHRZr.exe
  2⤵
  PID:8332
- C:\Windows\System\rxfewPM.exe
  C:\Windows\System\rxfewPM.exe
  2⤵
  PID:8124
- C:\Windows\System\JULWyMa.exe
  C:\Windows\System\JULWyMa.exe
  2⤵
  PID:8308
- C:\Windows\System\duKHtLr.exe
  C:\Windows\System\duKHtLr.exe
  2⤵
  PID:8828
- C:\Windows\System\UNbQxcd.exe
  C:\Windows\System\UNbQxcd.exe
  2⤵
  PID:8972
- C:\Windows\System\xjnhRBU.exe
  C:\Windows\System\xjnhRBU.exe
  2⤵
  PID:8912
- C:\Windows\System\OaZjXZK.exe
  C:\Windows\System\OaZjXZK.exe
  2⤵
  PID:9204
- C:\Windows\System\hoSCQjz.exe
  C:\Windows\System\hoSCQjz.exe
  2⤵
  PID:8716
- C:\Windows\System\IheNcIC.exe
  C:\Windows\System\IheNcIC.exe
  2⤵
  PID:8896
- C:\Windows\System\kmkMdVY.exe
  C:\Windows\System\kmkMdVY.exe
  2⤵
  PID:8600
- C:\Windows\System\MUrgspd.exe
  C:\Windows\System\MUrgspd.exe
  2⤵
  PID:8500
- C:\Windows\System\vhlWWVW.exe
  C:\Windows\System\vhlWWVW.exe
  2⤵
  PID:9240
- C:\Windows\System\bFavBUt.exe
  C:\Windows\System\bFavBUt.exe
  2⤵
  PID:9256
- C:\Windows\System\OYfKukH.exe
  C:\Windows\System\OYfKukH.exe
  2⤵
  PID:9280
- C:\Windows\System\qAQpOho.exe
  C:\Windows\System\qAQpOho.exe
  2⤵
  PID:9296
- C:\Windows\System\wHfELjY.exe
  C:\Windows\System\wHfELjY.exe
  2⤵
  PID:9336
- C:\Windows\System\NMsAKpS.exe
  C:\Windows\System\NMsAKpS.exe
  2⤵
  PID:9364
- C:\Windows\System\fIDFFjG.exe
  C:\Windows\System\fIDFFjG.exe
  2⤵
  PID:9420
- C:\Windows\System\xTgodTN.exe
  C:\Windows\System\xTgodTN.exe
  2⤵
  PID:9436
- C:\Windows\System\OWyUrJp.exe
  C:\Windows\System\OWyUrJp.exe
  2⤵
  PID:9484
- C:\Windows\System\zoridAu.exe
  C:\Windows\System\zoridAu.exe
  2⤵
  PID:9508
- C:\Windows\System\YSGmEOl.exe
  C:\Windows\System\YSGmEOl.exe
  2⤵
  PID:9532
- C:\Windows\System\hlcFYgN.exe
  C:\Windows\System\hlcFYgN.exe
  2⤵
  PID:9552
- C:\Windows\System\goYqFNr.exe
  C:\Windows\System\goYqFNr.exe
  2⤵
  PID:9576
- C:\Windows\System\nQBjGBK.exe
  C:\Windows\System\nQBjGBK.exe
  2⤵
  PID:9604
- C:\Windows\System\gqeqMxH.exe
  C:\Windows\System\gqeqMxH.exe
  2⤵
  PID:9624
- C:\Windows\System\GujqEMi.exe
  C:\Windows\System\GujqEMi.exe
  2⤵
  PID:9656
- C:\Windows\System\bpvwSCH.exe
  C:\Windows\System\bpvwSCH.exe
  2⤵
  PID:9700
- C:\Windows\System\RhrLzhm.exe
  C:\Windows\System\RhrLzhm.exe
  2⤵
  PID:9728
- C:\Windows\System\jqxSEdi.exe
  C:\Windows\System\jqxSEdi.exe
  2⤵
  PID:9748
- C:\Windows\System\FZffMrW.exe
  C:\Windows\System\FZffMrW.exe
  2⤵
  PID:9772
- C:\Windows\System\dYjClCA.exe
  C:\Windows\System\dYjClCA.exe
  2⤵
  PID:9792
- C:\Windows\System\xsUrwaa.exe
  C:\Windows\System\xsUrwaa.exe
  2⤵
  PID:9812
- C:\Windows\System\btTjQpC.exe
  C:\Windows\System\btTjQpC.exe
  2⤵
  PID:9832
- C:\Windows\System\fCHceBZ.exe
  C:\Windows\System\fCHceBZ.exe
  2⤵
  PID:9892
- C:\Windows\System\lnQKDcp.exe
  C:\Windows\System\lnQKDcp.exe
  2⤵
  PID:9916
- C:\Windows\System\uEBDqtg.exe
  C:\Windows\System\uEBDqtg.exe
  2⤵
  PID:9940
- C:\Windows\System\SjIyStg.exe
  C:\Windows\System\SjIyStg.exe
  2⤵
  PID:9968
- C:\Windows\System\lxuKJcz.exe
  C:\Windows\System\lxuKJcz.exe
  2⤵
  PID:9996
- C:\Windows\System\KwpwSqp.exe
  C:\Windows\System\KwpwSqp.exe
  2⤵
  PID:10012
- C:\Windows\System\zQLGYXe.exe
  C:\Windows\System\zQLGYXe.exe
  2⤵
  PID:10036
- C:\Windows\System\QIqKVCw.exe
  C:\Windows\System\QIqKVCw.exe
  2⤵
  PID:10052
- C:\Windows\System\unnLYId.exe
  C:\Windows\System\unnLYId.exe
  2⤵
  PID:10084
- C:\Windows\System\hLZnwac.exe
  C:\Windows\System\hLZnwac.exe
  2⤵
  PID:10128
- C:\Windows\System\hPKowhY.exe
  C:\Windows\System\hPKowhY.exe
  2⤵
  PID:10156
- C:\Windows\System\ZvyZqLw.exe
  C:\Windows\System\ZvyZqLw.exe
  2⤵
  PID:10172
- C:\Windows\System\bCUSVOH.exe
  C:\Windows\System\bCUSVOH.exe
  2⤵
  PID:10192
- C:\Windows\System\OfNHAIy.exe
  C:\Windows\System\OfNHAIy.exe
  2⤵
  PID:10224
- C:\Windows\System\BXNeRjF.exe
  C:\Windows\System\BXNeRjF.exe
  2⤵
  PID:8376
- C:\Windows\System\LtoDcJV.exe
  C:\Windows\System\LtoDcJV.exe
  2⤵
  PID:9236
- C:\Windows\System\JsTtpGN.exe
  C:\Windows\System\JsTtpGN.exe
  2⤵
  PID:9264
- C:\Windows\System\kIueshO.exe
  C:\Windows\System\kIueshO.exe
  2⤵
  PID:9356
- C:\Windows\System\jXvTCwB.exe
  C:\Windows\System\jXvTCwB.exe
  2⤵
  PID:9380
- C:\Windows\System\ovlHzNo.exe
  C:\Windows\System\ovlHzNo.exe
  2⤵
  PID:9472
- C:\Windows\System\rUJuJdG.exe
  C:\Windows\System\rUJuJdG.exe
  2⤵
  PID:9568
- C:\Windows\System\lgnsMba.exe
  C:\Windows\System\lgnsMba.exe
  2⤵
  PID:9632
- C:\Windows\System\gzwnMVa.exe
  C:\Windows\System\gzwnMVa.exe
  2⤵
  PID:9708
- C:\Windows\System\WGfWiyk.exe
  C:\Windows\System\WGfWiyk.exe
  2⤵
  PID:9740
- C:\Windows\System\oMvFGnr.exe
  C:\Windows\System\oMvFGnr.exe
  2⤵
  PID:9800
- C:\Windows\System\hXOAnqh.exe
  C:\Windows\System\hXOAnqh.exe
  2⤵
  PID:9828
- C:\Windows\System\IKaPzwA.exe
  C:\Windows\System\IKaPzwA.exe
  2⤵
  PID:9924
- C:\Windows\System\lYHnGFT.exe
  C:\Windows\System\lYHnGFT.exe
  2⤵
  PID:9980
- C:\Windows\System\lKmpJRo.exe
  C:\Windows\System\lKmpJRo.exe
  2⤵
  PID:10032
- C:\Windows\System\FZswjfX.exe
  C:\Windows\System\FZswjfX.exe
  2⤵
  PID:10116
- C:\Windows\System\mbaDgfa.exe
  C:\Windows\System\mbaDgfa.exe
  2⤵
  PID:10096
- C:\Windows\System\DYGgPew.exe
  C:\Windows\System\DYGgPew.exe
  2⤵
  PID:9344
- C:\Windows\System\HuYFXxE.exe
  C:\Windows\System\HuYFXxE.exe
  2⤵
  PID:9396
- C:\Windows\System\gAxroPs.exe
  C:\Windows\System\gAxroPs.exe
  2⤵
  PID:9524
- C:\Windows\System\xFwbxpQ.exe
  C:\Windows\System\xFwbxpQ.exe
  2⤵
  PID:9680
- C:\Windows\System\xpVgjoL.exe
  C:\Windows\System\xpVgjoL.exe
  2⤵
  PID:9592
- C:\Windows\System\GmJhJqw.exe
  C:\Windows\System\GmJhJqw.exe
  2⤵
  PID:9884
- C:\Windows\System\MLzOmmM.exe
  C:\Windows\System\MLzOmmM.exe
  2⤵
  PID:9960
- C:\Windows\System\kvZoCqe.exe
  C:\Windows\System\kvZoCqe.exe
  2⤵
  PID:10244
- C:\Windows\System\KmQplwj.exe
  C:\Windows\System\KmQplwj.exe
  2⤵
  PID:10356
- C:\Windows\System\WWWsTMO.exe
  C:\Windows\System\WWWsTMO.exe
  2⤵
  PID:10380
- C:\Windows\System\uchggLB.exe
  C:\Windows\System\uchggLB.exe
  2⤵
  PID:10396
- C:\Windows\System\rwZkSqP.exe
  C:\Windows\System\rwZkSqP.exe
  2⤵
  PID:10416
- C:\Windows\System\uRONkJJ.exe
  C:\Windows\System\uRONkJJ.exe
  2⤵
  PID:10436
- C:\Windows\System\mPhnzrY.exe
  C:\Windows\System\mPhnzrY.exe
  2⤵
  PID:10456
- C:\Windows\System\zJBivfM.exe
  C:\Windows\System\zJBivfM.exe
  2⤵
  PID:10484
- C:\Windows\System\FDsZrXd.exe
  C:\Windows\System\FDsZrXd.exe
  2⤵
  PID:10504
- C:\Windows\System\EHmfYEc.exe
  C:\Windows\System\EHmfYEc.exe
  2⤵
  PID:10540
- C:\Windows\System\ttVwpsl.exe
  C:\Windows\System\ttVwpsl.exe
  2⤵
  PID:10556
- C:\Windows\System\wJfRgBS.exe
  C:\Windows\System\wJfRgBS.exe
  2⤵
  PID:10580
- C:\Windows\System\pLKKLwy.exe
  C:\Windows\System\pLKKLwy.exe
  2⤵
  PID:10596
- C:\Windows\System\bIpiYFb.exe
  C:\Windows\System\bIpiYFb.exe
  2⤵
  PID:10616
- C:\Windows\System\KwovWIN.exe
  C:\Windows\System\KwovWIN.exe
  2⤵
  PID:10632
- C:\Windows\System\XFCRdHR.exe
  C:\Windows\System\XFCRdHR.exe
  2⤵
  PID:10664
- C:\Windows\System\zvHtxMI.exe
  C:\Windows\System\zvHtxMI.exe
  2⤵
  PID:10752
- C:\Windows\System\MjmitmJ.exe
  C:\Windows\System\MjmitmJ.exe
  2⤵
  PID:10792
- C:\Windows\System\EjMTWOL.exe
  C:\Windows\System\EjMTWOL.exe
  2⤵
  PID:10812
- C:\Windows\System\YLTCwMQ.exe
  C:\Windows\System\YLTCwMQ.exe
  2⤵
  PID:10828
- C:\Windows\System\CEtdYUS.exe
  C:\Windows\System\CEtdYUS.exe
  2⤵
  PID:10848
- C:\Windows\System\HITzYDs.exe
  C:\Windows\System\HITzYDs.exe
  2⤵
  PID:10864
- C:\Windows\System\pTnMxIE.exe
  C:\Windows\System\pTnMxIE.exe
  2⤵
  PID:10912
- C:\Windows\System\azaLyMs.exe
  C:\Windows\System\azaLyMs.exe
  2⤵
  PID:10940
- C:\Windows\System\aZAbjLq.exe
  C:\Windows\System\aZAbjLq.exe
  2⤵
  PID:10964
- C:\Windows\System\LWHVoYU.exe
  C:\Windows\System\LWHVoYU.exe
  2⤵
  PID:10992
- C:\Windows\System\OXNogqR.exe
  C:\Windows\System\OXNogqR.exe
  2⤵
  PID:11008
- C:\Windows\System\MDvarOj.exe
  C:\Windows\System\MDvarOj.exe
  2⤵
  PID:11028
- C:\Windows\System\qQZNVzL.exe
  C:\Windows\System\qQZNVzL.exe
  2⤵
  PID:11060
- C:\Windows\System\ZeWpQyc.exe
  C:\Windows\System\ZeWpQyc.exe
  2⤵
  PID:11076
- C:\Windows\System\eMEaqJY.exe
  C:\Windows\System\eMEaqJY.exe
  2⤵
  PID:11092
- C:\Windows\System\ftbVJxV.exe
  C:\Windows\System\ftbVJxV.exe
  2⤵
  PID:11108
- C:\Windows\System\xdpwIea.exe
  C:\Windows\System\xdpwIea.exe
  2⤵
  PID:11168
- C:\Windows\System\lsGCyWj.exe
  C:\Windows\System\lsGCyWj.exe
  2⤵
  PID:11184
- C:\Windows\System\jVVvCsq.exe
  C:\Windows\System\jVVvCsq.exe
  2⤵
  PID:11212
- C:\Windows\System\GyXiFZW.exe
  C:\Windows\System\GyXiFZW.exe
  2⤵
  PID:11228
- C:\Windows\System\lBGFXyk.exe
  C:\Windows\System\lBGFXyk.exe
  2⤵
  PID:11248
- C:\Windows\System\WnvGCEt.exe
  C:\Windows\System\WnvGCEt.exe
  2⤵
  PID:8796
- C:\Windows\System\ePaQbzE.exe
  C:\Windows\System\ePaQbzE.exe
  2⤵
  PID:9720
- C:\Windows\System\DpvMYmn.exe
  C:\Windows\System\DpvMYmn.exe
  2⤵
  PID:9744
- C:\Windows\System\ZzRrmEB.exe
  C:\Windows\System\ZzRrmEB.exe
  2⤵
  PID:9936
- C:\Windows\System\UrgXFlN.exe
  C:\Windows\System\UrgXFlN.exe
  2⤵
  PID:10268
- C:\Windows\System\axVSHjX.exe
  C:\Windows\System\axVSHjX.exe
  2⤵
  PID:10408
- C:\Windows\System\ykbHBMo.exe
  C:\Windows\System\ykbHBMo.exe
  2⤵
  PID:10452
- C:\Windows\System\biGegpx.exe
  C:\Windows\System\biGegpx.exe
  2⤵
  PID:10608
- C:\Windows\System\qpIHLeX.exe
  C:\Windows\System\qpIHLeX.exe
  2⤵
  PID:9384
- C:\Windows\System\amXmKNC.exe
  C:\Windows\System\amXmKNC.exe
  2⤵
  PID:10688
- C:\Windows\System\UjypKIO.exe
  C:\Windows\System\UjypKIO.exe
  2⤵
  PID:10856
- C:\Windows\System\qUkiGCG.exe
  C:\Windows\System\qUkiGCG.exe
  2⤵
  PID:10896
- C:\Windows\System\hLTwbIK.exe
  C:\Windows\System\hLTwbIK.exe
  2⤵
  PID:4584
- C:\Windows\System\gdgpvzJ.exe
  C:\Windows\System\gdgpvzJ.exe
  2⤵
  PID:11020
- C:\Windows\System\QhUfhMx.exe
  C:\Windows\System\QhUfhMx.exe
  2⤵
  PID:10988
- C:\Windows\System\KfuKmuW.exe
  C:\Windows\System\KfuKmuW.exe
  2⤵
  PID:11048
- C:\Windows\System\WVmKdrA.exe
  C:\Windows\System\WVmKdrA.exe
  2⤵
  PID:4880
- C:\Windows\System\xgaSyco.exe
  C:\Windows\System\xgaSyco.exe
  2⤵
  PID:10628
- C:\Windows\System\QsuboDH.exe
  C:\Windows\System\QsuboDH.exe
  2⤵
  PID:10716
- C:\Windows\System\HZlTYRE.exe
  C:\Windows\System\HZlTYRE.exe
  2⤵
  PID:10928
- C:\Windows\System\IDTnNVA.exe
  C:\Windows\System\IDTnNVA.exe
  2⤵
  PID:11140
- C:\Windows\System\rNjlaUd.exe
  C:\Windows\System\rNjlaUd.exe
  2⤵
  PID:11128
- C:\Windows\System\PCMiMvD.exe
  C:\Windows\System\PCMiMvD.exe
  2⤵
  PID:11244
- C:\Windows\System\zVLfjAW.exe
  C:\Windows\System\zVLfjAW.exe
  2⤵
  PID:10080
- C:\Windows\System\cOTuOws.exe
  C:\Windows\System\cOTuOws.exe
  2⤵
  PID:9492
- C:\Windows\System\UdxjUYs.exe
  C:\Windows\System\UdxjUYs.exe
  2⤵
  PID:2740
- C:\Windows\System\lCNUXYy.exe
  C:\Windows\System\lCNUXYy.exe
  2⤵
  PID:10740
- C:\Windows\System\kTtowiF.exe
  C:\Windows\System\kTtowiF.exe
  2⤵
  PID:3592
- C:\Windows\System\pWvwZKt.exe
  C:\Windows\System\pWvwZKt.exe
  2⤵
  PID:10368
- C:\Windows\System\dgQGhhP.exe
  C:\Windows\System\dgQGhhP.exe
  2⤵
  PID:10592
- C:\Windows\System\YHZGzvi.exe
  C:\Windows\System\YHZGzvi.exe
  2⤵
  PID:11284
- C:\Windows\System\oAuDTDF.exe
  C:\Windows\System\oAuDTDF.exe
  2⤵
  PID:11320
- C:\Windows\System\BlSkWmE.exe
  C:\Windows\System\BlSkWmE.exe
  2⤵
  PID:11336
- C:\Windows\System\cWDdqDf.exe
  C:\Windows\System\cWDdqDf.exe
  2⤵
  PID:11356
- C:\Windows\System\fXmyrnR.exe
  C:\Windows\System\fXmyrnR.exe
  2⤵
  PID:11372
- C:\Windows\System\UUBCoay.exe
  C:\Windows\System\UUBCoay.exe
  2⤵
  PID:11396
- C:\Windows\System\ujWQabK.exe
  C:\Windows\System\ujWQabK.exe
  2⤵
  PID:11416
- C:\Windows\System\yAgFslV.exe
  C:\Windows\System\yAgFslV.exe
  2⤵
  PID:11456
- C:\Windows\System\imPZOxY.exe
  C:\Windows\System\imPZOxY.exe
  2⤵
  PID:11496
- C:\Windows\System\HaIDMLG.exe
  C:\Windows\System\HaIDMLG.exe
  2⤵
  PID:11588
- C:\Windows\System\dsBlFkk.exe
  C:\Windows\System\dsBlFkk.exe
  2⤵
  PID:11620
- C:\Windows\System\StIlBkk.exe
  C:\Windows\System\StIlBkk.exe
  2⤵
  PID:11640
- C:\Windows\System\nCuTEXC.exe
  C:\Windows\System\nCuTEXC.exe
  2⤵
  PID:11660
- C:\Windows\System\WvwOqRr.exe
  C:\Windows\System\WvwOqRr.exe
  2⤵
  PID:11692
- C:\Windows\System\xptSCRu.exe
  C:\Windows\System\xptSCRu.exe
  2⤵
  PID:11708
- C:\Windows\System\PtMSivW.exe
  C:\Windows\System\PtMSivW.exe
  2⤵
  PID:11724
- C:\Windows\System\QFHfMfL.exe
  C:\Windows\System\QFHfMfL.exe
  2⤵
  PID:11748
- C:\Windows\System\gYiVlBe.exe
  C:\Windows\System\gYiVlBe.exe
  2⤵
  PID:11768
- C:\Windows\System\OgYURmE.exe
  C:\Windows\System\OgYURmE.exe
  2⤵
  PID:11820
- C:\Windows\System\dzIBSOs.exe
  C:\Windows\System\dzIBSOs.exe
  2⤵
  PID:11860
- C:\Windows\System\EGvFKSc.exe
  C:\Windows\System\EGvFKSc.exe
  2⤵
  PID:11880
- C:\Windows\System\GIXjgvY.exe
  C:\Windows\System\GIXjgvY.exe
  2⤵
  PID:11908
- C:\Windows\System\AYNRUKy.exe
  C:\Windows\System\AYNRUKy.exe
  2⤵
  PID:11924
- C:\Windows\System\vYydhhV.exe
  C:\Windows\System\vYydhhV.exe
  2⤵
  PID:11944
- C:\Windows\System\GuPZANr.exe
  C:\Windows\System\GuPZANr.exe
  2⤵
  PID:11980
- C:\Windows\System\DBnJnHu.exe
  C:\Windows\System\DBnJnHu.exe
  2⤵
  PID:11996
- C:\Windows\System\IsEMkge.exe
  C:\Windows\System\IsEMkge.exe
  2⤵
  PID:12040
- C:\Windows\System\WeXWniI.exe
  C:\Windows\System\WeXWniI.exe
  2⤵
  PID:12064
- C:\Windows\System\gamoImk.exe
  C:\Windows\System\gamoImk.exe
  2⤵
  PID:12084
- C:\Windows\System\mwadtNQ.exe
  C:\Windows\System\mwadtNQ.exe
  2⤵
  PID:12128
- C:\Windows\System\yNzbhBa.exe
  C:\Windows\System\yNzbhBa.exe
  2⤵
  PID:12168
- C:\Windows\System\sMGEjaH.exe
  C:\Windows\System\sMGEjaH.exe
  2⤵
  PID:12188
- C:\Windows\System\KENePhi.exe
  C:\Windows\System\KENePhi.exe
  2⤵
  PID:12220
- C:\Windows\System\jjspNDw.exe
  C:\Windows\System\jjspNDw.exe
  2⤵
  PID:12252
- C:\Windows\System\XXVfwlT.exe
  C:\Windows\System\XXVfwlT.exe
  2⤵
  PID:11256
- C:\Windows\System\YfnGVds.exe
  C:\Windows\System\YfnGVds.exe
  2⤵
  PID:10660
- C:\Windows\System\GMSjrnM.exe
  C:\Windows\System\GMSjrnM.exe
  2⤵
  PID:11332
- C:\Windows\System\fieIUtn.exe
  C:\Windows\System\fieIUtn.exe
  2⤵
  PID:11392
- C:\Windows\System\GNZYIPl.exe
  C:\Windows\System\GNZYIPl.exe
  2⤵
  PID:11448
- C:\Windows\System\fnFpwGQ.exe
  C:\Windows\System\fnFpwGQ.exe
  2⤵
  PID:11532
- C:\Windows\System\zaLDPOP.exe
  C:\Windows\System\zaLDPOP.exe
  2⤵
  PID:11540
- C:\Windows\System\cSqqNVF.exe
  C:\Windows\System\cSqqNVF.exe
  2⤵
  PID:11612
- C:\Windows\System\nDTycwx.exe
  C:\Windows\System\nDTycwx.exe
  2⤵
  PID:11652
- C:\Windows\System\krxOEaE.exe
  C:\Windows\System\krxOEaE.exe
  2⤵
  PID:11700
- C:\Windows\System\diXXCgO.exe
  C:\Windows\System\diXXCgO.exe
  2⤵
  PID:11760
- C:\Windows\System\LoQNtKp.exe
  C:\Windows\System\LoQNtKp.exe
  2⤵
  PID:11876
- C:\Windows\System\NdpETVn.exe
  C:\Windows\System\NdpETVn.exe
  2⤵
  PID:11956
- C:\Windows\System\mnLSfBH.exe
  C:\Windows\System\mnLSfBH.exe
  2⤵
  PID:12056
- C:\Windows\System\JWuqjbD.exe
  C:\Windows\System\JWuqjbD.exe
  2⤵
  PID:12124
- C:\Windows\System\JFHDgbY.exe
  C:\Windows\System\JFHDgbY.exe
  2⤵
  PID:12176
- C:\Windows\System\fdWlwyf.exe
  C:\Windows\System\fdWlwyf.exe
  2⤵
  PID:12248
- C:\Windows\System\IGvjJEt.exe
  C:\Windows\System\IGvjJEt.exe
  2⤵
  PID:12280
- C:\Windows\System\RAWkERL.exe
  C:\Windows\System\RAWkERL.exe
  2⤵
  PID:11300
- C:\Windows\System\KlRnNwP.exe
  C:\Windows\System\KlRnNwP.exe
  2⤵
  PID:11408
- C:\Windows\System\ZEGjauU.exe
  C:\Windows\System\ZEGjauU.exe
  2⤵
  PID:11656
- C:\Windows\System\kRBrhnX.exe
  C:\Windows\System\kRBrhnX.exe
  2⤵
  PID:11732
- C:\Windows\System\FKLiSYk.exe
  C:\Windows\System\FKLiSYk.exe
  2⤵
  PID:11832
- C:\Windows\System\myFiMqd.exe
  C:\Windows\System\myFiMqd.exe
  2⤵
  PID:12060
- C:\Windows\System\mxVZPsr.exe
  C:\Windows\System\mxVZPsr.exe
  2⤵
  PID:12096
- C:\Windows\System\iLJRgKf.exe
  C:\Windows\System\iLJRgKf.exe
  2⤵
  PID:12272
- C:\Windows\System\zZiQwUw.exe
  C:\Windows\System\zZiQwUw.exe
  2⤵
  PID:10432
- C:\Windows\System\aSNbYdW.exe
  C:\Windows\System\aSNbYdW.exe
  2⤵
  PID:11720
- C:\Windows\System\dzbYkyY.exe
  C:\Windows\System\dzbYkyY.exe
  2⤵
  PID:11744
- C:\Windows\System\YzXeSVA.exe
  C:\Windows\System\YzXeSVA.exe
  2⤵
  PID:12292
- C:\Windows\System\ecljwvp.exe
  C:\Windows\System\ecljwvp.exe
  2⤵
  PID:12352
- C:\Windows\System\mQlfLyz.exe
  C:\Windows\System\mQlfLyz.exe
  2⤵
  PID:12368
- C:\Windows\System\MkhmiYu.exe
  C:\Windows\System\MkhmiYu.exe
  2⤵
  PID:12404
- C:\Windows\System\qjYLhmc.exe
  C:\Windows\System\qjYLhmc.exe
  2⤵
  PID:12428
- C:\Windows\System\AmAgtdX.exe
  C:\Windows\System\AmAgtdX.exe
  2⤵
  PID:12460
- C:\Windows\System\mwRXehJ.exe
  C:\Windows\System\mwRXehJ.exe
  2⤵
  PID:12488
- C:\Windows\System\ZDoGHBA.exe
  C:\Windows\System\ZDoGHBA.exe
  2⤵
  PID:12520
- C:\Windows\System\FQdVzvR.exe
  C:\Windows\System\FQdVzvR.exe
  2⤵
  PID:12548
- C:\Windows\System\fybmtid.exe
  C:\Windows\System\fybmtid.exe
  2⤵
  PID:12596
- C:\Windows\System\ueQGZRy.exe
  C:\Windows\System\ueQGZRy.exe
  2⤵
  PID:12612
- C:\Windows\System\SWwpOJb.exe
  C:\Windows\System\SWwpOJb.exe
  2⤵
  PID:12660
- C:\Windows\System\axJGqdh.exe
  C:\Windows\System\axJGqdh.exe
  2⤵
  PID:12688
- C:\Windows\System\toISCvs.exe
  C:\Windows\System\toISCvs.exe
  2⤵
  PID:12712
- C:\Windows\System\QzGXQWI.exe
  C:\Windows\System\QzGXQWI.exe
  2⤵
  PID:12732
- C:\Windows\System\cDOFars.exe
  C:\Windows\System\cDOFars.exe
  2⤵
  PID:12764
- C:\Windows\System\jHaWamA.exe
  C:\Windows\System\jHaWamA.exe
  2⤵
  PID:12784
- C:\Windows\System\LMXcFKx.exe
  C:\Windows\System\LMXcFKx.exe
  2⤵
  PID:12812
- C:\Windows\System\EohzkKq.exe
  C:\Windows\System\EohzkKq.exe
  2⤵
  PID:12828
- C:\Windows\System\IfaEjpL.exe
  C:\Windows\System\IfaEjpL.exe
  2⤵
  PID:12848
- C:\Windows\System\ztkaZkO.exe
  C:\Windows\System\ztkaZkO.exe
  2⤵
  PID:12880
- C:\Windows\System\ARWosfi.exe
  C:\Windows\System\ARWosfi.exe
  2⤵
  PID:13232
- C:\Windows\System\iPdBrkC.exe
  C:\Windows\System\iPdBrkC.exe
  2⤵
  PID:12456
- C:\Windows\System\ZtwWfxg.exe
  C:\Windows\System\ZtwWfxg.exe
  2⤵
  PID:12864
- C:\Windows\System\NpXXzhS.exe
  C:\Windows\System\NpXXzhS.exe
  2⤵
  PID:12904
- C:\Windows\System\LffCtWS.exe
  C:\Windows\System\LffCtWS.exe
  2⤵
  PID:12928
- C:\Windows\System\nuGTxDb.exe
  C:\Windows\System\nuGTxDb.exe
  2⤵
  PID:12964
- C:\Windows\System\KwBpphf.exe
  C:\Windows\System\KwBpphf.exe
  2⤵
  PID:12984
- C:\Windows\System\FCDOHJN.exe
  C:\Windows\System\FCDOHJN.exe
  2⤵
  PID:12924
- C:\Windows\System\aPAKVKZ.exe
  C:\Windows\System\aPAKVKZ.exe
  2⤵
  PID:12944
- C:\Windows\System\iaFNfBD.exe
  C:\Windows\System\iaFNfBD.exe
  2⤵
  PID:13032
- C:\Windows\System\pkIwSOq.exe
  C:\Windows\System\pkIwSOq.exe
  2⤵
  PID:13052
- C:\Windows\System\aqIfhQk.exe
  C:\Windows\System\aqIfhQk.exe
  2⤵
  PID:13048
- C:\Windows\System\jgXUGhg.exe
  C:\Windows\System\jgXUGhg.exe
  2⤵
  PID:7704
- C:\Windows\System\iSrpDtt.exe
  C:\Windows\System\iSrpDtt.exe
  2⤵
  PID:13168
- C:\Windows\System\xhQaoKG.exe
  C:\Windows\System\xhQaoKG.exe
  2⤵
  PID:13160
- C:\Windows\System\YUSDcip.exe
  C:\Windows\System\YUSDcip.exe
  2⤵
  PID:13196
- C:\Windows\System\NlQjcST.exe
  C:\Windows\System\NlQjcST.exe
  2⤵
  PID:13228
- C:\Windows\System\tarFJNY.exe
  C:\Windows\System\tarFJNY.exe
  2⤵
  PID:2788
- C:\Windows\System\CIiymwV.exe
  C:\Windows\System\CIiymwV.exe
  2⤵
  PID:116
- C:\Windows\System\BERqsOt.exe
  C:\Windows\System\BERqsOt.exe
  2⤵
  PID:13260
- C:\Windows\System\gWCglJh.exe
  C:\Windows\System\gWCglJh.exe
  2⤵
  PID:13276
- C:\Windows\System\NHkmrtr.exe
  C:\Windows\System\NHkmrtr.exe
  2⤵
  PID:13288
- C:\Windows\System\LsTKuvX.exe
  C:\Windows\System\LsTKuvX.exe
  2⤵
  PID:13308
- C:\Windows\System\itakfIj.exe
  C:\Windows\System\itakfIj.exe
  2⤵
  PID:12036
- C:\Windows\System\YrNvBaZ.exe
  C:\Windows\System\YrNvBaZ.exe
  2⤵
  PID:12316
- C:\Windows\System\gXQuBGk.exe
  C:\Windows\System\gXQuBGk.exe
  2⤵
  PID:12384
- C:\Windows\System\txytMmM.exe
  C:\Windows\System\txytMmM.exe
  2⤵
  PID:2368
- C:\Windows\System\KNTwspT.exe
  C:\Windows\System\KNTwspT.exe
  2⤵
  PID:12396
- C:\Windows\System\IeVtXjA.exe
  C:\Windows\System\IeVtXjA.exe
  2⤵
  PID:12452
- C:\Windows\System\wrbDBkQ.exe
  C:\Windows\System\wrbDBkQ.exe
  2⤵
  PID:12480
- C:\Windows\System\hOOgUrn.exe
  C:\Windows\System\hOOgUrn.exe
  2⤵
  PID:12584
- C:\Windows\System\wvXixMP.exe
  C:\Windows\System\wvXixMP.exe
  2⤵
  PID:12540
- C:\Windows\System\IKHYuBa.exe
  C:\Windows\System\IKHYuBa.exe
  2⤵
  PID:12668
- C:\Windows\System\jyEOOfV.exe
  C:\Windows\System\jyEOOfV.exe
  2⤵
  PID:12640
- C:\Windows\System\OxlDgdY.exe
  C:\Windows\System\OxlDgdY.exe
  2⤵
  PID:12216
- C:\Windows\System\JQKaASi.exe
  C:\Windows\System\JQKaASi.exe
  2⤵
  PID:4592
- C:\Windows\System\WCpTmas.exe
  C:\Windows\System\WCpTmas.exe
  2⤵
  PID:12344
- C:\Windows\System\ATmwLLr.exe
  C:\Windows\System\ATmwLLr.exe
  2⤵
  PID:12740
- C:\Windows\System\BHugDyz.exe
  C:\Windows\System\BHugDyz.exe
  2⤵
  PID:12728
- C:\Windows\System\KGfZgNh.exe
  C:\Windows\System\KGfZgNh.exe
  2⤵
  PID:12760
- C:\Windows\System\EtXKCPn.exe
  C:\Windows\System\EtXKCPn.exe
  2⤵
  PID:13096
- C:\Windows\System\QmJKHnJ.exe
  C:\Windows\System\QmJKHnJ.exe
  2⤵
  PID:12860
- C:\Windows\System\YKqDuGB.exe
  C:\Windows\System\YKqDuGB.exe
  2⤵
  PID:12876
- C:\Windows\System\ebijDUu.exe
  C:\Windows\System\ebijDUu.exe
  2⤵
  PID:12960
- C:\Windows\System\XuTAVkD.exe
  C:\Windows\System\XuTAVkD.exe
  2⤵
  PID:12952
- C:\Windows\System\cuRVuGL.exe
  C:\Windows\System\cuRVuGL.exe
  2⤵
  PID:13036
- C:\Windows\System\WOVVRuk.exe
  C:\Windows\System\WOVVRuk.exe
  2⤵
  PID:2076
- C:\Windows\System\GXFdWwR.exe
  C:\Windows\System\GXFdWwR.exe
  2⤵
  PID:1888
- C:\Windows\System\ntratPM.exe
  C:\Windows\System\ntratPM.exe
  2⤵
  PID:4092
- C:\Windows\System\IPdzPZx.exe
  C:\Windows\System\IPdzPZx.exe
  2⤵
  PID:1892
- C:\Windows\System\juSBUgL.exe
  C:\Windows\System\juSBUgL.exe
  2⤵
  PID:5588
- C:\Windows\System\OMGhyRI.exe
  C:\Windows\System\OMGhyRI.exe
  2⤵
  PID:12972
- C:\Windows\System\rBEzByI.exe
  C:\Windows\System\rBEzByI.exe
  2⤵
  PID:13124
- C:\Windows\System\MLQaeUE.exe
  C:\Windows\System\MLQaeUE.exe
  2⤵
  PID:13164
- C:\Windows\System\bWzjcYO.exe
  C:\Windows\System\bWzjcYO.exe
  2⤵
  PID:13216
- C:\Windows\System\oQSqEYj.exe
  C:\Windows\System\oQSqEYj.exe
  2⤵
  PID:232
- C:\Windows\System\zOMXuYm.exe
  C:\Windows\System\zOMXuYm.exe
  2⤵
  PID:13272
- C:\Windows\System\bUtZwSA.exe
  C:\Windows\System\bUtZwSA.exe
  2⤵
  PID:13304
- C:\Windows\System\sqaHPzW.exe
  C:\Windows\System\sqaHPzW.exe
  2⤵
  PID:11636
- C:\Windows\System\cWQaACY.exe
  C:\Windows\System\cWQaACY.exe
  2⤵
  PID:12388
- C:\Windows\System\TYVcEhu.exe
  C:\Windows\System\TYVcEhu.exe
  2⤵
  PID:12500
- C:\Windows\System\PrBefGD.exe
  C:\Windows\System\PrBefGD.exe
  2⤵
  PID:12592
- C:\Windows\System\BHcwQgl.exe
  C:\Windows\System\BHcwQgl.exe
  2⤵
  PID:12608
- C:\Windows\System\HpeYCpT.exe
  C:\Windows\System\HpeYCpT.exe
  2⤵
  PID:12684
- C:\Windows\System\WynmpHw.exe
  C:\Windows\System\WynmpHw.exe
  2⤵
  PID:12704
- C:\Windows\System\MwBnhFa.exe
  C:\Windows\System\MwBnhFa.exe
  2⤵
  PID:12800
- C:\Windows\System\cIpclou.exe
  C:\Windows\System\cIpclou.exe
  2⤵
  PID:12804
- C:\Windows\System\FaWmLtF.exe
  C:\Windows\System\FaWmLtF.exe
  2⤵
  PID:12948
- C:\Windows\System\UYrvbMT.exe
  C:\Windows\System\UYrvbMT.exe
  2⤵
  PID:13012
- C:\Windows\System\vUKtUVY.exe
  C:\Windows\System\vUKtUVY.exe
  2⤵
  PID:3900
- C:\Windows\System\fdKfygq.exe
  C:\Windows\System\fdKfygq.exe
  2⤵
  PID:3100
- C:\Windows\System\EhAreyv.exe
  C:\Windows\System\EhAreyv.exe
  2⤵
  PID:3132
- C:\Windows\System\THtSihv.exe
  C:\Windows\System\THtSihv.exe
  2⤵
  PID:13268
- C:\Windows\System\bGHjhwp.exe
  C:\Windows\System\bGHjhwp.exe
  2⤵
  PID:12204
- C:\Windows\System\IWmGxpE.exe
  C:\Windows\System\IWmGxpE.exe
  2⤵
  PID:12424
- C:\Windows\System\sCEtFQg.exe
  C:\Windows\System\sCEtFQg.exe
  2⤵
  PID:4840
- C:\Windows\System\pgidHXJ.exe
  C:\Windows\System\pgidHXJ.exe
  2⤵
  PID:12772
- C:\Windows\System\wiFLLJF.exe
  C:\Windows\System\wiFLLJF.exe
  2⤵
  PID:12920
- C:\Windows\System\PQYIIRo.exe
  C:\Windows\System\PQYIIRo.exe
  2⤵
  PID:4448
- C:\Windows\System\HtYsWjN.exe
  C:\Windows\System\HtYsWjN.exe
  2⤵
  PID:13116
- C:\Windows\System\jrvvkAn.exe
  C:\Windows\System\jrvvkAn.exe
  2⤵
  PID:13292
- C:\Windows\System\HBQCtsd.exe
  C:\Windows\System\HBQCtsd.exe
  2⤵
  PID:12528
- C:\Windows\System\sbjEyyu.exe
  C:\Windows\System\sbjEyyu.exe
  2⤵
  PID:12824
- C:\Windows\System\jrIbvBM.exe
  C:\Windows\System\jrIbvBM.exe
  2⤵
  PID:3624
- C:\Windows\System\HtNjeDa.exe
  C:\Windows\System\HtNjeDa.exe
  2⤵
  PID:11916
- C:\Windows\System\iUqLlEk.exe
  C:\Windows\System\iUqLlEk.exe
  2⤵
  PID:1140
- C:\Windows\System\lhOJIxB.exe
  C:\Windows\System\lhOJIxB.exe
  2⤵
  PID:13328
- C:\Windows\System\CPOsoik.exe
  C:\Windows\System\CPOsoik.exe
  2⤵
  PID:13344
- C:\Windows\System\muVwvpV.exe
  C:\Windows\System\muVwvpV.exe
  2⤵
  PID:13360
- C:\Windows\System\OnXbrbQ.exe
  C:\Windows\System\OnXbrbQ.exe
  2⤵
  PID:13376
- C:\Windows\System\PXUDWQV.exe
  C:\Windows\System\PXUDWQV.exe
  2⤵
  PID:13392
- C:\Windows\System\DDLAIhj.exe
  C:\Windows\System\DDLAIhj.exe
  2⤵
  PID:13408
- C:\Windows\System\OCWmJIT.exe
  C:\Windows\System\OCWmJIT.exe
  2⤵
  PID:13424
- C:\Windows\System\eZnzSFj.exe
  C:\Windows\System\eZnzSFj.exe
  2⤵
  PID:13440
- C:\Windows\System\LFZoGFl.exe
  C:\Windows\System\LFZoGFl.exe
  2⤵
  PID:13508
- C:\Windows\System\MiEwJHt.exe
  C:\Windows\System\MiEwJHt.exe
  2⤵
  PID:13524
- C:\Windows\System\JtEMjiD.exe
  C:\Windows\System\JtEMjiD.exe
  2⤵
  PID:13540
- C:\Windows\System\NcABqdP.exe
  C:\Windows\System\NcABqdP.exe
  2⤵
  PID:13556
- C:\Windows\System\OXdTYrk.exe
  C:\Windows\System\OXdTYrk.exe
  2⤵
  PID:13572
- C:\Windows\System\RqNxIPv.exe
  C:\Windows\System\RqNxIPv.exe
  2⤵
  PID:13588
- C:\Windows\System\PDuCfmw.exe
  C:\Windows\System\PDuCfmw.exe
  2⤵
  PID:13604
- C:\Windows\System\CdFHgAS.exe
  C:\Windows\System\CdFHgAS.exe
  2⤵
  PID:13620
- C:\Windows\System\Sxnwizc.exe
  C:\Windows\System\Sxnwizc.exe
  2⤵
  PID:13636
- C:\Windows\System\qMdncbt.exe
  C:\Windows\System\qMdncbt.exe
  2⤵
  PID:13652
- C:\Windows\System\FNscZWT.exe
  C:\Windows\System\FNscZWT.exe
  2⤵
  PID:13668
- C:\Windows\System\moBHtoS.exe
  C:\Windows\System\moBHtoS.exe
  2⤵
  PID:13692
- C:\Windows\System\OSxNQhf.exe
  C:\Windows\System\OSxNQhf.exe
  2⤵
  PID:13708
- C:\Windows\System\eOOPIvm.exe
  C:\Windows\System\eOOPIvm.exe
  2⤵
  PID:13724
- C:\Windows\System\diCjsmO.exe
  C:\Windows\System\diCjsmO.exe
  2⤵
  PID:13740
- C:\Windows\System\PwOcOtV.exe
  C:\Windows\System\PwOcOtV.exe
  2⤵
  PID:13756
- C:\Windows\System\aZGRaMG.exe
  C:\Windows\System\aZGRaMG.exe
  2⤵
  PID:13776
- C:\Windows\System\NHPGNmk.exe
  C:\Windows\System\NHPGNmk.exe
  2⤵
  PID:13792
- C:\Windows\System\qktBLGl.exe
  C:\Windows\System\qktBLGl.exe
  2⤵
  PID:13812
- C:\Windows\System\ZPitYKx.exe
  C:\Windows\System\ZPitYKx.exe
  2⤵
  PID:13828
- C:\Windows\System\zRkMtZl.exe
  C:\Windows\System\zRkMtZl.exe
  2⤵
  PID:13844
- C:\Windows\System\FcFcUUR.exe
  C:\Windows\System\FcFcUUR.exe
  2⤵
  PID:13860
- C:\Windows\System\VOHUaKS.exe
  C:\Windows\System\VOHUaKS.exe
  2⤵
  PID:13876
- C:\Windows\System\hQVqyNb.exe
  C:\Windows\System\hQVqyNb.exe
  2⤵
  PID:13896
- C:\Windows\System\rkuwrDs.exe
  C:\Windows\System\rkuwrDs.exe
  2⤵
  PID:13912
- C:\Windows\System\hhXkSwY.exe
  C:\Windows\System\hhXkSwY.exe
  2⤵
  PID:13928
- C:\Windows\System\unkUUKw.exe
  C:\Windows\System\unkUUKw.exe
  2⤵
  PID:13948
- C:\Windows\System\UXUZwUk.exe
  C:\Windows\System\UXUZwUk.exe
  2⤵
  PID:13964
- C:\Windows\System\lXQAFTt.exe
  C:\Windows\System\lXQAFTt.exe
  2⤵
  PID:13980
- C:\Windows\System\OkhYWZn.exe
  C:\Windows\System\OkhYWZn.exe
  2⤵
  PID:13996
- C:\Windows\System\jvLyDqD.exe
  C:\Windows\System\jvLyDqD.exe
  2⤵
  PID:14012
- C:\Windows\System\dgDbJXW.exe
  C:\Windows\System\dgDbJXW.exe
  2⤵
  PID:14028
- C:\Windows\System\zrsmVeD.exe
  C:\Windows\System\zrsmVeD.exe
  2⤵
  PID:14044
- C:\Windows\System\mHVeHPH.exe
  C:\Windows\System\mHVeHPH.exe
  2⤵
  PID:14060
- C:\Windows\System\zTugyVt.exe
  C:\Windows\System\zTugyVt.exe
  2⤵
  PID:14076
- C:\Windows\System\TKqGzvE.exe
  C:\Windows\System\TKqGzvE.exe
  2⤵
  PID:14092
- C:\Windows\System\lWZMOgC.exe
  C:\Windows\System\lWZMOgC.exe
  2⤵
  PID:14108
- C:\Windows\System\JDuaRCG.exe
  C:\Windows\System\JDuaRCG.exe
  2⤵
  PID:14124
- C:\Windows\System\bmiUwwQ.exe
  C:\Windows\System\bmiUwwQ.exe
  2⤵
  PID:14140
- C:\Windows\System\ROjtEfJ.exe
  C:\Windows\System\ROjtEfJ.exe
  2⤵
  PID:14156
- C:\Windows\System\kvrkKun.exe
  C:\Windows\System\kvrkKun.exe
  2⤵
  PID:14172
- C:\Windows\System\xfXvsZq.exe
  C:\Windows\System\xfXvsZq.exe
  2⤵
  PID:14192
- C:\Windows\System\bxSmOki.exe
  C:\Windows\System\bxSmOki.exe
  2⤵
  PID:14208
- C:\Windows\System\iynGTZP.exe
  C:\Windows\System\iynGTZP.exe
  2⤵
  PID:14224
- C:\Windows\System\pRrrtuq.exe
  C:\Windows\System\pRrrtuq.exe
  2⤵
  PID:14240
- C:\Windows\System\ZJFmCPw.exe
  C:\Windows\System\ZJFmCPw.exe
  2⤵
  PID:14256
- C:\Windows\System\DQsnljj.exe
  C:\Windows\System\DQsnljj.exe
  2⤵
  PID:14272
- C:\Windows\System\EEIjMYL.exe
  C:\Windows\System\EEIjMYL.exe
  2⤵
  PID:14288
- C:\Windows\System\YpVXtLt.exe
  C:\Windows\System\YpVXtLt.exe
  2⤵
  PID:14304
- C:\Windows\System\sDcsaaz.exe
  C:\Windows\System\sDcsaaz.exe
  2⤵
  PID:14320
- C:\Windows\System\SBdnmOW.exe
  C:\Windows\System\SBdnmOW.exe
  2⤵
  PID:13320
- C:\Windows\System\jzSofYA.exe
  C:\Windows\System\jzSofYA.exe
  2⤵
  PID:13368
- C:\Windows\System\FCOVrFS.exe
  C:\Windows\System\FCOVrFS.exe
  2⤵
  PID:13492
- C:\Windows\System\bhTqZMd.exe
  C:\Windows\System\bhTqZMd.exe
  2⤵
  PID:13044
- C:\Windows\System\OhTjSXa.exe
  C:\Windows\System\OhTjSXa.exe
  2⤵
  PID:12656
- C:\Windows\System\RfxQFLs.exe
  C:\Windows\System\RfxQFLs.exe
  2⤵
  PID:13404
- C:\Windows\System\TJwosrZ.exe
  C:\Windows\System\TJwosrZ.exe
  2⤵
  PID:13436
- C:\Windows\System\BiCXORz.exe
  C:\Windows\System\BiCXORz.exe
  2⤵
  PID:13456
- C:\Windows\System\iEnAwOJ.exe
  C:\Windows\System\iEnAwOJ.exe
  2⤵
  PID:13472
- C:\Windows\System\LoczDiS.exe
  C:\Windows\System\LoczDiS.exe
  2⤵
  PID:13520
- C:\Windows\System\cUznxXZ.exe
  C:\Windows\System\cUznxXZ.exe
  2⤵
  PID:13552
- C:\Windows\System\JwIhIQV.exe
  C:\Windows\System\JwIhIQV.exe
  2⤵
  PID:13580
- C:\Windows\System\YOqTlJe.exe
  C:\Windows\System\YOqTlJe.exe
  2⤵
  PID:13612
- C:\Windows\System\LileQdX.exe
  C:\Windows\System\LileQdX.exe
  2⤵
  PID:13664
- C:\Windows\System\ctBWSNn.exe
  C:\Windows\System\ctBWSNn.exe
  2⤵
  PID:13716
- C:\Windows\System\iiUVpnk.exe
  C:\Windows\System\iiUVpnk.exe
  2⤵
  PID:13768
- C:\Windows\System\PmzjYge.exe
  C:\Windows\System\PmzjYge.exe
  2⤵
  PID:13840
- C:\Windows\System\gycjaPU.exe
  C:\Windows\System\gycjaPU.exe
  2⤵
  PID:13868
- C:\Windows\System\qxsJVgr.exe
  C:\Windows\System\qxsJVgr.exe
  2⤵
  PID:13904
- C:\Windows\System\zetywps.exe
  C:\Windows\System\zetywps.exe
  2⤵
  PID:13936
- C:\Windows\System\FysAVTi.exe
  C:\Windows\System\FysAVTi.exe
  2⤵
  PID:13992
- C:\Windows\System\MJOzwbK.exe
  C:\Windows\System\MJOzwbK.exe
  2⤵
  PID:13976
- C:\Windows\System\QtHcpwP.exe
  C:\Windows\System\QtHcpwP.exe
  2⤵
  PID:14036
- C:\Windows\System\bNaZQch.exe
  C:\Windows\System\bNaZQch.exe
  2⤵
  PID:14068
- C:\Windows\System\riSoMyB.exe
  C:\Windows\System\riSoMyB.exe
  2⤵
  PID:14100
- C:\Windows\System\uRPGaSa.exe
  C:\Windows\System\uRPGaSa.exe
  2⤵
  PID:14132
- C:\Windows\System\tIhueTh.exe
  C:\Windows\System\tIhueTh.exe
  2⤵
  PID:14164
- C:\Windows\System\rIZdItm.exe
  C:\Windows\System\rIZdItm.exe
  2⤵
  PID:14200
- C:\Windows\System\tPrgyXD.exe
  C:\Windows\System\tPrgyXD.exe
  2⤵
  PID:14248
- C:\Windows\System\Lnouqre.exe
  C:\Windows\System\Lnouqre.exe
  2⤵
  PID:14284
- C:\Windows\System\qRdPdzQ.exe
  C:\Windows\System\qRdPdzQ.exe
  2⤵
  PID:14316
- C:\Windows\System\bqDRxvI.exe
  C:\Windows\System\bqDRxvI.exe
  2⤵
  PID:13340
- C:\Windows\System\xxexyzM.exe
  C:\Windows\System\xxexyzM.exe
  2⤵
  PID:2964
- C:\Windows\System\srbZGIE.exe
  C:\Windows\System\srbZGIE.exe
  2⤵
  PID:13400
- C:\Windows\System\maNctuB.exe
  C:\Windows\System\maNctuB.exe
  2⤵
  PID:13452
- C:\Windows\System\dvxVeEC.exe
  C:\Windows\System\dvxVeEC.exe
  2⤵
  PID:13536
- C:\Windows\System\iJqvdLu.exe
  C:\Windows\System\iJqvdLu.exe
  2⤵
  PID:13596
- C:\Windows\System\zfnHeVQ.exe
  C:\Windows\System\zfnHeVQ.exe
  2⤵
  PID:13700
- C:\Windows\System\EFXJesA.exe
  C:\Windows\System\EFXJesA.exe
  2⤵
  PID:13808
- C:\Windows\System\umxyPUO.exe
  C:\Windows\System\umxyPUO.exe
  2⤵
  PID:13892
- C:\Windows\System\tcncnYA.exe
  C:\Windows\System\tcncnYA.exe
  2⤵
  PID:13960
- C:\Windows\System\lJbpVyk.exe
  C:\Windows\System\lJbpVyk.exe
  2⤵
  PID:14020
- C:\Windows\System\AskJXFD.exe
  C:\Windows\System\AskJXFD.exe
  2⤵
  PID:14084
- C:\Windows\System\CvljzOQ.exe
  C:\Windows\System\CvljzOQ.exe
  2⤵
  PID:14188
- C:\Windows\System\CIIkJFB.exe
  C:\Windows\System\CIIkJFB.exe
  2⤵
  PID:14264
- C:\Windows\System\DwEjEmD.exe
  C:\Windows\System\DwEjEmD.exe
  2⤵
  PID:14312
- C:\Windows\System\PdxyJtn.exe
  C:\Windows\System\PdxyJtn.exe
  2⤵
  PID:12580
- C:\Windows\System\QfTuRbG.exe
  C:\Windows\System\QfTuRbG.exe
  2⤵
  PID:13480
- C:\Windows\System\uXIHcnU.exe
  C:\Windows\System\uXIHcnU.exe
  2⤵
  PID:13632
- C:\Windows\System\mmsfIEP.exe
  C:\Windows\System\mmsfIEP.exe
  2⤵
  PID:9976
- C:\Windows\System\gKoHOvX.exe
  C:\Windows\System\gKoHOvX.exe
  2⤵
  PID:13988
- C:\Windows\System\CcvtMup.exe
  C:\Windows\System\CcvtMup.exe
  2⤵
  PID:14280
- C:\Windows\System\bloGYXb.exe
  C:\Windows\System\bloGYXb.exe
  2⤵
  PID:13548
- C:\Windows\System\smlKINQ.exe
  C:\Windows\System\smlKINQ.exe
  2⤵
  PID:14004
- C:\Windows\System\kSGEFIX.exe
  C:\Windows\System\kSGEFIX.exe
  2⤵
  PID:14356

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 2568 -i 2568 -h 508 -j 560 -s 404 -d 0
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
PID:14808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kymm2zff.n20.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AElZsMu.exe

Filesize
1.2MB

MD5
7f5da68476a3a100e4395994a9a44ad9

SHA1
7398ea35c8485ae2a5c957a21aaa05b09f3530f2

SHA256
6b653d1d66a60a2a1121d0cbe92e526d67b18d0259e83d0035683a3bdeb7d6dc

SHA512
20914bfa2d9bfe65af5deedbf85e6624584ca1e7d7f2fd3dfb74caf96e69362737038f2e379664337dde4d222993e62893692a060b66eab6cb8163585d84e709

Download Submit
C:\Windows\System\BzpcgOd.exe

Filesize
1.2MB

MD5
670779adbae017ef0c3026e1841751ae

SHA1
ba50bf6191a1a090caadb8e5fe5b661a3558bdcd

SHA256
ae877a8804aa71013b96d43e59d81a6722ceecb1f2a9ef7dd0b5824bfb662f01

SHA512
97e93c69e9b7bc4c46c722fa155dcee7e777f870b5b81e05497f59e03e688e1b0e54b0343e091400027cd1baa95d5a00992acea3193ce5975faac75470c503ee

Download Submit
C:\Windows\System\CHohpzf.exe

Filesize
1.2MB

MD5
9785eb85c05e5df2d9f80413f0b29fe3

SHA1
c92e8d286ca9b1ff4ca56dda83085ddf320d8b30

SHA256
c09c0994a7ef6affde8717ca2cfb282a380a56ffc6c8b7ef7c50a8049572d181

SHA512
5fc6012b0ff381135c858ababfc504d1625ae8bf4e9176a9ad47f9af624775139ec290d9defb113828d6a152bcb0b70d6e8ea2e6f922b2a7e93eebbf2553e838

Download Submit
C:\Windows\System\CgpqEXp.exe

Filesize
1.2MB

MD5
c1d0fb8d926a020c027cd3b97fd56314

SHA1
5dacc644eb5822154699155b74c2aed3c7a91091

SHA256
366c28d27b2ff81f180667e222a6fa039a6777c28d4d86720f0246fe5b5c777f

SHA512
460daac181ff5341cb7728f6608f33a7c15dd6207bd9b8054c6017a2401b885a3ca2314a50bade1c7ac046365a8a812f6fd071aee95379a2d84fe1301b1126eb

Download Submit
C:\Windows\System\CnERzRR.exe

Filesize
1.2MB

MD5
05d7878496c1ebfb5d437a700fa99267

SHA1
729dc40c7696662c28125eb4c2e605a0fbe7bd43

SHA256
c6a17fc862b874d4ac235d60ffed29d408d37048c8f8a53fed3658d7ba8aab73

SHA512
bb693b15bf418a2b8768d03a82d13ddb9dc7a28d1d0287b09c95d3f1c4f09938f90a5845c3ac362523fcb541a7a62166cf0d93d27bac66938190b847ecc5a52a

Download Submit
C:\Windows\System\DaIUteE.exe

Filesize
1.2MB

MD5
8f3d20646c14d55646041dc6e4318e5b

SHA1
fd8d7b109a25c0f8e9879f64487bba25b01177c0

SHA256
21101d34d63ef0e197dd257f6160ce1e6f16de78a62f69bebb156d76fa74758b

SHA512
45d8fe30777d17ed44a7625770eb571c1fae18d43ba16ba3b6db51893c9db065de7775e2ffa9e01878bb981c9635042cc99a56e98f587002f2bf483111a66f90

Download Submit
C:\Windows\System\EJKTWLr.exe

Filesize
1.2MB

MD5
342e85c021bef853a68eee99a079ddba

SHA1
abcae6fa2856ca80d4da616a1e3aa2c81fe44396

SHA256
e36ddd4a9c458d0bd09a84f16f0db71ca3a9c0f7390d368345bea4ec4d83e804

SHA512
333afd15d643c66e8cd1ec7699fc6f301dbf3ef2cf63eada2ac7a65525b125667e72fd3648dd69073979cef6d57659b729920277072c48b20dc783cd41809f29

Download Submit
C:\Windows\System\FQZpgkR.exe

Filesize
1.2MB

MD5
aea81dcded89ea04318114bf485af5af

SHA1
b4376f3827b1372c510a2daecd786d2ead6b6ae8

SHA256
8a9b01b0743702187ba98e2512f1b98dcffe6fde5dbfb6465937810d9b958dee

SHA512
93ba028306bb98598ddeff93ca20afd7bd9c33e7063cf8455eea1b2454461b01272e393d990dd74c9bdafc2521599e575d3aed605d462c31b4a6e1a8e50ce1ba

Download Submit
C:\Windows\System\FlnESNm.exe

Filesize
1.2MB

MD5
18d1b92bdb5467e482846342fe186d6f

SHA1
e2e4ad8d0e48d41f9c4011a60ba6390ed27625c7

SHA256
c8ece31f2e194a1bd7b997fe75650855a49e80f81ea6a9432312fd7cf4acedcd

SHA512
b3e64414c2ecce9e4a9e3f4a750767b33e41c278983b9a1385150ad89c55150cad9a65af2a7f06120fc2d060f3164de4458761ff875cca43b0176b154e756bc7

Download Submit
C:\Windows\System\HASKxPW.exe

Filesize
1.2MB

MD5
550852a5099d917a950ebafca7fd679b

SHA1
edcb2a43042a89cfee13fb2f44795f763e0d1d92

SHA256
2946eea1050811be28b333cc82d726972552fa405001661697a9f228536a691f

SHA512
21cbb967fad9a70e290cba43820152c801b724ecfd31cdedd43947d48659427e10e7ffa820927cb4b172129989bf185dd48fc36942003c403d29bec3c15575df

Download Submit
C:\Windows\System\IUqGvVz.exe

Filesize
8B

MD5
dab91f43054b6e50e7f72a0892c8dcb3

SHA1
8804e97ba4de55ea3d0be8416132189ff0332285

SHA256
9db6016a6acaebc6f2ddb355a7ecc96478051b888899fe73200db7a3cfcfa9dd

SHA512
9a85876336db0e0c4292987f185772d793c54b7312a061d217cd860fb4d9dbc1f5f3d8118d9b66e0059e52b59906704cc11054aecd9c662fddc81ac1f35ffb1f

Download Submit
C:\Windows\System\IuyHgwd.exe

Filesize
1.2MB

MD5
682296fca1ef07f688d119265d4ef8e1

SHA1
14bb43d5da746c79abb47c04df6c230ce69b6add

SHA256
dd10c1e5dc98cd46595e0aeca7ba72cea45bdbb7c148da9a740f7769b821be6b

SHA512
b0338244cd3e8483ab3e26b07b4de12d12451e090ecba35422c563f2c1c8f578feb9f70d4db8903600b2183c17e220f41ad97e94b9eaa774e099a9f423e80e7a

Download Submit
C:\Windows\System\JCIadGy.exe

Filesize
1.2MB

MD5
d588d446a088777748e623fcc2289ac2

SHA1
6ff11eddf76126349bc254df00de83d7780a1636

SHA256
56944479ae70113b717d5e81b64483ff363727f0a338d681ee6328d0a3084166

SHA512
5a33c83c4aa387327982207c0b9adb363f2354adbbfe21f8101475e6ba0c5ec97d501af43edca8a5b9203036b576a39bec454e5f5f7485df453299d550a7268a

Download Submit
C:\Windows\System\JRjqEcv.exe

Filesize
1.2MB

MD5
a69b9709a53a677c689888f4e0efbbd9

SHA1
a155c830d4d033a52957d1f68cea7884b0c3577e

SHA256
303a7545d4a85dbd428060265cd5c4c1b06fa8a479307fb2b111c8b1b393dc5f

SHA512
2be2724e6affc92425449a0d9a953acffd568f1e99f4ab3dc5905ed472584a02bde5f92c013e0b92ae7c0653e994c2b446a9c336a9b83c5335c0f00e81a69081

Download Submit
C:\Windows\System\KwdrQnX.exe

Filesize
1.2MB

MD5
2cfaf02db1602b3d32aec28ec92dd681

SHA1
ce4a1195302591e89fab4cbaa2bceb285fad7a0a

SHA256
68a6e11dfcd7047a3d059a45ba1f632da2ad3c8933362603661ed61b933c9053

SHA512
efc954577f63fd8c500ad647c984d1459e53cf928a7d032537df2061f4f070b27080b2d63f61632d481677fa95c51674ec825fdd5cb60b87f1e8e681af0df522

Download Submit
C:\Windows\System\NAWcDcy.exe

Filesize
1.2MB

MD5
d17705319191f22cf966f0d469d31b3a

SHA1
e1f3b8716108eff6d625371b43c5c43105020899

SHA256
73ebda439c20f07162220cfa1d078de1a0ea4eb50cb268c24c9295a55d176d67

SHA512
5386e2f58f3551f0011b296b22a6d52996404f1afba346267208314597c8325d90d03bc5cb9b8107ace4c4a606105f91dc46655a006da758c453bd2ee59110c3

Download Submit
C:\Windows\System\ODfJjYh.exe

Filesize
1.2MB

MD5
d21711eeb641d1c9a12d38444ac3aac4

SHA1
4ae8f87b0313447853e54e0fd1c454b2d85a9a12

SHA256
81151160d56a07f1804260831c11f19de163e8c97edb74db97b149dc72cc184b

SHA512
11126019568445b98564ba81dc010f3d2c1cf52783ff3859b507fc3047f3c94ad17464deaf6239e2e44ec85139a698e12874f3e4e883d96b53a7677ee73ddf6a

Download Submit
C:\Windows\System\OxctAij.exe

Filesize
1.2MB

MD5
f33bc06436e4ce01c056dbf2aac1fcdb

SHA1
1218c5efe7a10ed8e29d882eb0dd27979aea8e2f

SHA256
77a92580f3484d1b18f6e7a2a8bf833759b7eced80b4f793c2cee4376fdc4651

SHA512
2b68a6ac2389d49cba92ad1419a2610804fe91eb7938a4da53cca32c4556d3461704a8d96de1de7a339031f17a891891e3335cdadd2039a77d4a2bb077735efc

Download Submit
C:\Windows\System\QTpEibK.exe

Filesize
1.2MB

MD5
a3dbf2f595d1569113cbf987932882f4

SHA1
5c4a92ad2e527777d4a423de198ffbb45d4d734c

SHA256
b9855bf4bf840376495a553fdd1dff51c8b59397d97225b64161c1e196a9ad98

SHA512
dedf00c8b16a4bcf08544aadb6991d1f5eb7f0ed2850499a404c0b71c6ad5408766be7b30a2813020581029cf2d8fc6115c5f915d96a06e3559d55c9b408bc5d

Download Submit
C:\Windows\System\WwAKXWn.exe

Filesize
1.2MB

MD5
c5aece5bc946623e6576eebaa7f22bc1

SHA1
ab968ccb4c78ae2eb5a2e2b1ef137dc03e55f3f1

SHA256
07494177b41be063bad2a9faac196b571774ffd83321c736eead4aad2a005d4a

SHA512
4584e47480bb93984496c86c239327c1316cf3e23ef64ca9576d9c692f1057c15624c6d89f51ac3d236360ce9cd9b7efd51c5516c42560e2bb01c5a9e60900fa

Download Submit
C:\Windows\System\YpAQySQ.exe

Filesize
1.2MB

MD5
e0d7eff7d20ad6c1b5175ceec2ee1fcf

SHA1
f3c8b86e8e2d5330a8cb5824649fbac20811d330

SHA256
e5ea2dfbaaab8ce7dcb50adebb74e15c2800a4e4142faa528345920a912a01f1

SHA512
4cd1414ab3191c0af65d4a03f50f83efdfcbf0fa16ea0803ed26d78d83217a5f2d8dc39635fd3aafb298901fbf1b7f337c14169ddbec62097f66844ceb9940d2

Download Submit
C:\Windows\System\aytnmdQ.exe

Filesize
1.2MB

MD5
a024fbbfae0e8968723f8493eab70872

SHA1
b2155305e4156fd16e279154fe764244762915ec

SHA256
144bfa5d870abfb419f152a45abcf40f8719e65692b8ab66e0bacbcf4d4711e7

SHA512
a0c2c56216ffbadb3b464d16ba6e276f94bd14590297dd9d1db4deebc10b9b959e754dc354247bad4c40d3be3fc37bdae91e7be20d6f6362ba89b78c9aa3941e

Download Submit
C:\Windows\System\bHwXlFH.exe

Filesize
1.2MB

MD5
b9e141e35ed8e6912a5ce1350de2e6d5

SHA1
4c38386d5d306ecfe24d518ba5b1ab40af0d3141

SHA256
ddcc1ac76f86b7a77825dc11512f0a67ea27c051ef2e6376a9808e7b9a2b47f3

SHA512
336f798a7ed4254656bb738bcdf1bec06e13f94fe7486485dca8bc7e51227428fac4974383b851bc4092421f18aad58462110cc145ed5edf3e26b32a3c1a3b45

Download Submit
C:\Windows\System\fAerWiL.exe

Filesize
1.2MB

MD5
be20c715ef489ab8f9c37114ca993771

SHA1
bb7179a87c5179b856f6b31ef5cee020609151c8

SHA256
bdfbcaf5f82af7781591abc296ea244d69b8049f796c97044b6f86665d703671

SHA512
79023312ef9ecd9cb953693c8dbe7fb8621b0f0ebeae3ec1c0cde1306d377a8714a48c4cea2a6d897f8a6618742e26f8b012671651efbd620610e7291e87d4a7

Download Submit
C:\Windows\System\gSSjDYW.exe

Filesize
1.2MB

MD5
5a53fe0d37afb45077e37367047976e5

SHA1
4dd99735ab304ca7acc9c0c0dbb590e80af6d412

SHA256
e087ac7c46c3a72e8bfe7864bf65b5801a4796d6d1bd28d09636fb90a0b48aa8

SHA512
411f09c6fc9472cd17da2d0e3696c3923af7d42cd66d35f69d1df14513a46964a8bb581065acfef2cff7dc1d059c1f7c2e74b35af799273d483afba38e7dc45f

Download Submit
C:\Windows\System\gglarqF.exe

Filesize
1.2MB

MD5
329d0c1e6d130a18e03b4c0ed11e59a4

SHA1
892945148eb1a787c71ad1c70e98c0be244c2e1b

SHA256
89d6d82dd113fe5cd396e4fe0e62535def36d4bef08e76d45475278df25dd6dc

SHA512
376eab309eca11bae3e945d9fa416ada83a7e837fcb22712a973cfc8381ba558e54411f83b0319e60c5e3242b4d8b00162cb63cb2ac0e4a9cd8a34d279dfb8f0

Download Submit
C:\Windows\System\iXGZJGN.exe

Filesize
1.2MB

MD5
c04e25cfd4fc03183cd161d3878fb2c6

SHA1
a20e75ec26c6f048e7d249a42b45dd1cc38ec65c

SHA256
20623bf3c0da09ddd02c742e6eb95a7937faa8d4ff00e2bea993dde716e4806f

SHA512
b2dac2d78b02f22c0dd2b7fd665c1da3c48d5cd43334f6ab5e5f54cc4ae501789ec0fcf34b8418d551d4bc69fd8a9e9288840dda16f69b8c54519e8d95b28dad

Download Submit
C:\Windows\System\itwygeq.exe

Filesize
1.2MB

MD5
ae0d8e84f42e0f5b98d36f0c421d077d

SHA1
3d4109eecc4801ecdfbc060c6ba958020930a5d4

SHA256
65c2ea7059de8790a116071ff44b7424c80a966c2b0ab2387f56440b237f622a

SHA512
4b1737e86c64ac14b3225bae498248dd26f21b618975ca04890cf3da6429d3d8e966e6b2db27541021c741c26d621da09438de7bc1e2252358f725a9fab99cf8

Download Submit
C:\Windows\System\mGZqFfU.exe

Filesize
1.2MB

MD5
21d60e6ac4a72cef4c735547bbc9f16c

SHA1
cf08404244b1195811be647eb67ab2677572b683

SHA256
3f1a0100599b86c7db2f1bf9559001dda1011a8926fa4fe574e510edc0a4b024

SHA512
e8591447e836194656b73aae8c734754db1a6e665470dbedfc2738036b1bb1e6240a2eba2a1a34926d1ca3061c84ec81def6efccd5e94b03e5238e6218dd0433

Download Submit
C:\Windows\System\nNuiycu.exe

Filesize
1.2MB

MD5
991884cc3bc1d253cfe8812b2ae8b928

SHA1
8d261dae43837e88427d0f7d707daabcd99003ad

SHA256
b957c315a990fd25bf99647e3dd58be5fd16c5cc8cf88ddecaceaba6357f5c41

SHA512
8ff80417ae23b01edad5e867d720b82436ebbff1492f9487d2f02bb6da4894cce9b66ad58d4649d1308f5bb28bf8f8c860fe3dd74db16c401d8bab63dd175cd4

Download Submit
C:\Windows\System\peiMWmJ.exe

Filesize
1.2MB

MD5
30cd6aff7bce7c8575028cf8bde5662e

SHA1
d2c8fa4a43f4d5259b0011b39f6749af94e13d9e

SHA256
42a482503204ee1ee08d2a5051f2e051de59962f05b4731a16eb328970366155

SHA512
98de582acfdd72643cf052a19622e94d1c963a6760c80930fb66a42cbb1190cea36c502d471be35d479ba3c452459a55898a72157aaf65d03fc6a5931d6538e4

Download Submit
C:\Windows\System\tpQllPR.exe

Filesize
1.2MB

MD5
06ecb7482c4b0fd2f68320d00c01d6fe

SHA1
c482d4b301eab9abd9138f242a09776b26553d62

SHA256
3555636f8bb3afbc6a0387d4e6d410ca94115d17cb0f917c4c74df4396d99545

SHA512
27855dc76e50b8feba265f70b657e6c17ebe75d9106aba0c9141754f42173093c37b5ea61cab63d4ab3fc8e8cc46a96d8432f74af2bd38a665822954ef3259d6

Download Submit
C:\Windows\System\vMtGDeT.exe

Filesize
1.2MB

MD5
adbb5fb5a89dfaf94e8d429ae9d33257

SHA1
04c72f0584429037a06af5964d51584d5d16e8ce

SHA256
d553f6e3e0c295f952836f86259950c3aea08066593cdb4987705e148cea1b23

SHA512
28f2ad7ceebc9951a880ca7d4d989f8594c8298d484ae0a4653dd0e9494052858014124fbbab91697e7b39dd6a8b4aa0b44b7734a052b7e9f71b7eab969af29f

Download Submit
C:\Windows\System\wRIdGeH.exe

Filesize
1.2MB

MD5
d28671f87979229bb0619327621381b9

SHA1
62548c9da751c8bf3b199ff4e5c91a9408ab26e4

SHA256
5bb6c39a71cb97f4dc0fa567b21ffcc5739aaf6ce89726ee6d2913cea567deab

SHA512
756b0590cb6a362f13dc2fe4e2e74331e9e9d6102198c59e69a3d6f0135b6e125eb8920ab0dcd0d7026a842ceba86d3958c3464335adc89248571e398dc845ee

Download Submit
memory/320-94-0x00007FF74DA50000-0x00007FF74DE42000-memory.dmp

Filesize
3.9MB

Download
memory/320-2745-0x00007FF74DA50000-0x00007FF74DE42000-memory.dmp

Filesize
3.9MB

Download
memory/348-86-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp

Filesize
3.9MB

Download
memory/348-2747-0x00007FF7849E0000-0x00007FF784DD2000-memory.dmp

Filesize
3.9MB

Download
memory/924-2721-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp

Filesize
3.9MB

Download
memory/924-11-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp

Filesize
3.9MB

Download
memory/924-2734-0x00007FF64CFA0000-0x00007FF64D392000-memory.dmp

Filesize
3.9MB

Download
memory/1036-2750-0x00007FF62A980000-0x00007FF62AD72000-memory.dmp

Filesize
3.9MB

Download
memory/1036-121-0x00007FF62A980000-0x00007FF62AD72000-memory.dmp

Filesize
3.9MB

Download
memory/1412-2770-0x00007FF7225F0000-0x00007FF7229E2000-memory.dmp

Filesize
3.9MB

Download
memory/1412-140-0x00007FF7225F0000-0x00007FF7229E2000-memory.dmp

Filesize
3.9MB

Download
memory/1416-2786-0x00007FF76F680000-0x00007FF76FA72000-memory.dmp

Filesize
3.9MB

Download
memory/1416-165-0x00007FF76F680000-0x00007FF76FA72000-memory.dmp

Filesize
3.9MB

Download
memory/1548-2748-0x00007FF71AAC0000-0x00007FF71AEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1548-77-0x00007FF71AAC0000-0x00007FF71AEB2000-memory.dmp

Filesize
3.9MB

Download
memory/1656-109-0x00007FF79BA20000-0x00007FF79BE12000-memory.dmp

Filesize
3.9MB

Download
memory/1656-2756-0x00007FF79BA20000-0x00007FF79BE12000-memory.dmp

Filesize
3.9MB

Download
memory/2124-2769-0x00007FF6EE5F0000-0x00007FF6EE9E2000-memory.dmp

Filesize
3.9MB

Download
memory/2124-177-0x00007FF6EE5F0000-0x00007FF6EE9E2000-memory.dmp

Filesize
3.9MB

Download
memory/2284-2759-0x00007FF7488D0000-0x00007FF748CC2000-memory.dmp

Filesize
3.9MB

Download
memory/2284-133-0x00007FF7488D0000-0x00007FF748CC2000-memory.dmp

Filesize
3.9MB

Download
memory/2296-2754-0x00007FF6C6FC0000-0x00007FF6C73B2000-memory.dmp

Filesize
3.9MB

Download
memory/2296-127-0x00007FF6C6FC0000-0x00007FF6C73B2000-memory.dmp

Filesize
3.9MB

Download
memory/2400-2791-0x00007FF7C7F00000-0x00007FF7C82F2000-memory.dmp

Filesize
3.9MB

Download
memory/2400-171-0x00007FF7C7F00000-0x00007FF7C82F2000-memory.dmp

Filesize
3.9MB

Download
memory/2688-2762-0x00007FF6C1950000-0x00007FF6C1D42000-memory.dmp

Filesize
3.9MB

Download
memory/2688-134-0x00007FF6C1950000-0x00007FF6C1D42000-memory.dmp

Filesize
3.9MB

Download
memory/2880-496-0x0000017F7D1C0000-0x0000017F7D966000-memory.dmp

Filesize
7.6MB

Download
memory/2880-47-0x00007FFD48600000-0x00007FFD490C1000-memory.dmp

Filesize
10.8MB

Download
memory/2880-27-0x00007FFD48600000-0x00007FFD490C1000-memory.dmp

Filesize
10.8MB

Download
memory/2880-54-0x0000017F7BBA0000-0x0000017F7BBC2000-memory.dmp

Filesize
136KB

Download
memory/2880-12-0x00007FFD48603000-0x00007FFD48605000-memory.dmp

Filesize
8KB

Download
memory/3180-70-0x00007FF638290000-0x00007FF638682000-memory.dmp

Filesize
3.9MB

Download
memory/3180-2740-0x00007FF638290000-0x00007FF638682000-memory.dmp

Filesize
3.9MB

Download
memory/3296-2738-0x00007FF717130000-0x00007FF717522000-memory.dmp

Filesize
3.9MB

Download
memory/3296-58-0x00007FF717130000-0x00007FF717522000-memory.dmp

Filesize
3.9MB

Download
memory/3416-95-0x00007FF7E7700000-0x00007FF7E7AF2000-memory.dmp

Filesize
3.9MB

Download
memory/3416-2752-0x00007FF7E7700000-0x00007FF7E7AF2000-memory.dmp

Filesize
3.9MB

Download
memory/3460-2760-0x00007FF6A8230000-0x00007FF6A8622000-memory.dmp

Filesize
3.9MB

Download
memory/3460-115-0x00007FF6A8230000-0x00007FF6A8622000-memory.dmp

Filesize
3.9MB

Download
memory/3480-1-0x0000015FEBDE0000-0x0000015FEBDF0000-memory.dmp

Filesize
64KB

Download
memory/3480-0-0x00007FF681D60000-0x00007FF682152000-memory.dmp

Filesize
3.9MB

Download
memory/3508-2737-0x00007FF7F9200000-0x00007FF7F95F2000-memory.dmp

Filesize
3.9MB

Download
memory/3508-120-0x00007FF7F9200000-0x00007FF7F95F2000-memory.dmp

Filesize
3.9MB

Download
memory/3620-116-0x00007FF721D50000-0x00007FF722142000-memory.dmp

Filesize
3.9MB

Download
memory/3620-2732-0x00007FF721D50000-0x00007FF722142000-memory.dmp

Filesize
3.9MB

Download
memory/3696-164-0x00007FF74D840000-0x00007FF74DC32000-memory.dmp

Filesize
3.9MB

Download
memory/3696-2765-0x00007FF74D840000-0x00007FF74DC32000-memory.dmp

Filesize
3.9MB

Download
memory/4072-2744-0x00007FF6CBE40000-0x00007FF6CC232000-memory.dmp

Filesize
3.9MB

Download
memory/4072-78-0x00007FF6CBE40000-0x00007FF6CC232000-memory.dmp

Filesize
3.9MB

Download
memory/4276-2766-0x00007FF76DB80000-0x00007FF76DF72000-memory.dmp

Filesize
3.9MB

Download
memory/4276-152-0x00007FF76DB80000-0x00007FF76DF72000-memory.dmp

Filesize
3.9MB

Download
memory/4608-146-0x00007FF6F7F10000-0x00007FF6F8302000-memory.dmp

Filesize
3.9MB

Download
memory/4608-2788-0x00007FF6F7F10000-0x00007FF6F8302000-memory.dmp

Filesize
3.9MB

Download
memory/4664-2789-0x00007FF641270000-0x00007FF641662000-memory.dmp

Filesize
3.9MB

Download
memory/4664-158-0x00007FF641270000-0x00007FF641662000-memory.dmp

Filesize
3.9MB

Download