xmrig | c2ae5cd486940b766be5cc188385913383118f0c8fee25fed94a472510c00027

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 08:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

897828de36e94bf3a374166c999bfff0N.exe
Size

1.7MB
MD5

897828de36e94bf3a374166c999bfff0
SHA1

ec06898ef12fb993cf20f4ba2e8cc112f3154b03
SHA256

c2ae5cd486940b766be5cc188385913383118f0c8fee25fed94a472510c00027
SHA512

0a9263a0fee7253250fe756ecf53517b00d0d211329a89cdba2d4b29e560ad0a3f9292d63051f8c64e2cef352795263995a7ccefc7c9ac7ba71524f23bd72318
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Qk7SW7r+kQQ7dXQARBa5e0ag2K0hvL7T:Lz071uv4BPMkyW10/wKV7hjSe05c2XfY

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 25 IoCs

miner

resource	yara_rule
behavioral2/memory/3940-217-0x00007FF7D7530000-0x00007FF7D7922000-memory.dmp	xmrig
behavioral2/memory/5004-252-0x00007FF7DE050000-0x00007FF7DE442000-memory.dmp	xmrig
behavioral2/memory/4528-369-0x00007FF647510000-0x00007FF647902000-memory.dmp	xmrig
behavioral2/memory/2064-489-0x00007FF7EB670000-0x00007FF7EBA62000-memory.dmp	xmrig
behavioral2/memory/3060-508-0x00007FF75FFF0000-0x00007FF7603E2000-memory.dmp	xmrig
behavioral2/memory/2844-511-0x00007FF6E1FC0000-0x00007FF6E23B2000-memory.dmp	xmrig
behavioral2/memory/4188-515-0x00007FF696690000-0x00007FF696A82000-memory.dmp	xmrig
behavioral2/memory/4420-519-0x00007FF774270000-0x00007FF774662000-memory.dmp	xmrig
behavioral2/memory/364-522-0x00007FF6E4000000-0x00007FF6E43F2000-memory.dmp	xmrig
behavioral2/memory/1320-524-0x00007FF73C690000-0x00007FF73CA82000-memory.dmp	xmrig
behavioral2/memory/2212-521-0x00007FF6A93C0000-0x00007FF6A97B2000-memory.dmp	xmrig
behavioral2/memory/4928-520-0x00007FF6B76A0000-0x00007FF6B7A92000-memory.dmp	xmrig
behavioral2/memory/4180-518-0x00007FF6B76F0000-0x00007FF6B7AE2000-memory.dmp	xmrig
behavioral2/memory/1980-517-0x00007FF7A2FC0000-0x00007FF7A33B2000-memory.dmp	xmrig
behavioral2/memory/2476-516-0x00007FF7EA4E0000-0x00007FF7EA8D2000-memory.dmp	xmrig
behavioral2/memory/5100-514-0x00007FF6BDA00000-0x00007FF6BDDF2000-memory.dmp	xmrig
behavioral2/memory/3132-513-0x00007FF683540000-0x00007FF683932000-memory.dmp	xmrig
behavioral2/memory/32-512-0x00007FF6223F0000-0x00007FF6227E2000-memory.dmp	xmrig
behavioral2/memory/232-510-0x00007FF7994F0000-0x00007FF7998E2000-memory.dmp	xmrig
behavioral2/memory/1156-509-0x00007FF7B7840000-0x00007FF7B7C32000-memory.dmp	xmrig
behavioral2/memory/4312-343-0x00007FF7E7DB0000-0x00007FF7E81A2000-memory.dmp	xmrig
behavioral2/memory/4984-328-0x00007FF767B80000-0x00007FF767F72000-memory.dmp	xmrig
behavioral2/memory/4536-180-0x00007FF7BBE90000-0x00007FF7BC282000-memory.dmp	xmrig
behavioral2/memory/4812-3607-0x00007FF693970000-0x00007FF693D62000-memory.dmp	xmrig
behavioral2/memory/872-3609-0x00007FF7009F0000-0x00007FF700DE2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
388	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
872	rsydPuJ.exe
4536	NSymPyU.exe
3940	OoBpDiD.exe
5004	uHJXYjd.exe
4984	sRCsKUA.exe
4312	MqHNYTE.exe
4528	xpeJCug.exe
1320	vCRpWpq.exe
2064	ZSFgbEW.exe
3060	ohzxHyD.exe
1156	RimfYSf.exe
232	lSMyTzO.exe
2844	UKtrZId.exe
32	annSMgU.exe
3132	RNAuZyI.exe
5100	rywodNp.exe
4188	McSpWSG.exe
2476	DYlwYDu.exe
1980	EqpRuuy.exe
4180	VNMOtoL.exe
4420	NRMqXVT.exe
4928	sznryNj.exe
2212	ERiyzBn.exe
364	HRQfXUp.exe
3012	QuzCKMr.exe
688	BwshHJh.exe
2692	KfhIwXv.exe
2296	GRWYcYk.exe
4968	HQdsWeM.exe
4872	gZekuJa.exe
3792	xfdJJOk.exe
3168	MPLqPUg.exe
2260	bcZmpDY.exe
4032	VqfAxiM.exe
3960	DWVxQTv.exe
3952	bGjAHxS.exe
1368	CWxbBqY.exe
3580	UmOKriU.exe
380	SaHhVIK.exe
2452	RJhEAPx.exe
3660	ZDeDMub.exe
2508	FrKPxIY.exe
4280	kmZpWkM.exe
1736	caElCmh.exe
4192	KgZntcY.exe
2864	eJVobyp.exe
1400	xxSVPTm.exe
2072	MuziDoU.exe
452	VizsFhm.exe
2140	AHtinmw.exe
972	XhIuPsi.exe
1524	bsHYCFj.exe
964	llcBRZc.exe
3672	gcaKGEc.exe
4676	TvsqOQd.exe
1932	wmpuxnO.exe
3468	lGXaHEe.exe
2272	TiXRaur.exe
216	JzfgwER.exe
4588	KWMRCan.exe
772	bhpkTDr.exe
2376	DmAJzmP.exe
2428	JZsrjSM.exe
3720	WqeslJP.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4812-0-0x00007FF693970000-0x00007FF693D62000-memory.dmp	upx
behavioral2/files/0x0007000000023459-7.dat	upx
behavioral2/files/0x0009000000023454-5.dat	upx
behavioral2/files/0x000700000002345c-41.dat	upx
behavioral2/files/0x0007000000023465-146.dat	upx
behavioral2/files/0x000700000002345d-100.dat	upx
behavioral2/files/0x0007000000023469-94.dat	upx
behavioral2/files/0x0007000000023468-90.dat	upx
behavioral2/files/0x0007000000023467-81.dat	upx
behavioral2/files/0x0007000000023466-78.dat	upx
behavioral2/files/0x000700000002345e-69.dat	upx
behavioral2/files/0x000700000002346a-107.dat	upx
behavioral2/files/0x0007000000023462-58.dat	upx
behavioral2/files/0x0007000000023461-56.dat	upx
behavioral2/files/0x0007000000023460-53.dat	upx
behavioral2/files/0x000700000002345f-49.dat	upx
behavioral2/files/0x0007000000023464-63.dat	upx
behavioral2/files/0x0007000000023463-61.dat	upx
behavioral2/files/0x000700000002345b-26.dat	upx
behavioral2/files/0x000700000002345a-23.dat	upx
behavioral2/memory/872-18-0x00007FF7009F0000-0x00007FF700DE2000-memory.dmp	upx
behavioral2/files/0x0007000000023458-31.dat	upx
behavioral2/files/0x000700000002347f-183.dat	upx
behavioral2/memory/3940-217-0x00007FF7D7530000-0x00007FF7D7922000-memory.dmp	upx
behavioral2/memory/5004-252-0x00007FF7DE050000-0x00007FF7DE442000-memory.dmp	upx
behavioral2/memory/4528-369-0x00007FF647510000-0x00007FF647902000-memory.dmp	upx
behavioral2/memory/2064-489-0x00007FF7EB670000-0x00007FF7EBA62000-memory.dmp	upx
behavioral2/memory/3060-508-0x00007FF75FFF0000-0x00007FF7603E2000-memory.dmp	upx
behavioral2/memory/2844-511-0x00007FF6E1FC0000-0x00007FF6E23B2000-memory.dmp	upx
behavioral2/memory/4188-515-0x00007FF696690000-0x00007FF696A82000-memory.dmp	upx
behavioral2/memory/4420-519-0x00007FF774270000-0x00007FF774662000-memory.dmp	upx
behavioral2/memory/364-522-0x00007FF6E4000000-0x00007FF6E43F2000-memory.dmp	upx
behavioral2/memory/1320-524-0x00007FF73C690000-0x00007FF73CA82000-memory.dmp	upx
behavioral2/memory/2212-521-0x00007FF6A93C0000-0x00007FF6A97B2000-memory.dmp	upx
behavioral2/memory/4928-520-0x00007FF6B76A0000-0x00007FF6B7A92000-memory.dmp	upx
behavioral2/memory/4180-518-0x00007FF6B76F0000-0x00007FF6B7AE2000-memory.dmp	upx
behavioral2/memory/1980-517-0x00007FF7A2FC0000-0x00007FF7A33B2000-memory.dmp	upx
behavioral2/memory/2476-516-0x00007FF7EA4E0000-0x00007FF7EA8D2000-memory.dmp	upx
behavioral2/memory/5100-514-0x00007FF6BDA00000-0x00007FF6BDDF2000-memory.dmp	upx
behavioral2/memory/3132-513-0x00007FF683540000-0x00007FF683932000-memory.dmp	upx
behavioral2/memory/32-512-0x00007FF6223F0000-0x00007FF6227E2000-memory.dmp	upx
behavioral2/memory/232-510-0x00007FF7994F0000-0x00007FF7998E2000-memory.dmp	upx
behavioral2/memory/1156-509-0x00007FF7B7840000-0x00007FF7B7C32000-memory.dmp	upx
behavioral2/memory/4312-343-0x00007FF7E7DB0000-0x00007FF7E81A2000-memory.dmp	upx
behavioral2/memory/4984-328-0x00007FF767B80000-0x00007FF767F72000-memory.dmp	upx
behavioral2/memory/4536-180-0x00007FF7BBE90000-0x00007FF7BC282000-memory.dmp	upx
behavioral2/files/0x000700000002347e-176.dat	upx
behavioral2/files/0x000700000002347d-172.dat	upx
behavioral2/files/0x0007000000023472-168.dat	upx
behavioral2/files/0x000700000002347c-165.dat	upx
behavioral2/files/0x000700000002347b-159.dat	upx
behavioral2/files/0x0007000000023470-157.dat	upx
behavioral2/files/0x000700000002347a-156.dat	upx
behavioral2/files/0x0007000000023479-155.dat	upx
behavioral2/files/0x000700000002346f-154.dat	upx
behavioral2/files/0x0007000000023478-153.dat	upx
behavioral2/files/0x0007000000023477-152.dat	upx
behavioral2/files/0x000700000002346b-151.dat	upx
behavioral2/files/0x0007000000023476-150.dat	upx
behavioral2/files/0x0007000000023475-145.dat	upx
behavioral2/files/0x0007000000023474-142.dat	upx
behavioral2/files/0x0007000000023473-186.dat	upx
behavioral2/files/0x0007000000023471-126.dat	upx
behavioral2/files/0x000700000002346e-120.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pSBUtKx.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\OTAvnyL.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\ZjZGMWf.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\jhihLTX.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\JGogIVD.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\dTwiPRd.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\EmtbOGi.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\XibrOxC.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\gfddyGi.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\dNaihaF.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\zDFVtAe.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\SsJcAHE.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\JzwuZyG.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\trCvliF.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\AewAIPp.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\qyftOcy.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\MIQgzPv.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\NsYcBmo.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\JFIsSFL.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\oTKgFqn.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\SaHhVIK.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\eJVobyp.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\NawCawo.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\qHEsdtz.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\hOhTTSo.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\OMKKxUn.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\FMWQSXf.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\phqYkMu.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\fZUqNEU.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\sBAxJCZ.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\QxVhgWw.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\fIDIsHi.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\WfANFif.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\gOzWqSo.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\KWMDCod.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\GlOQfmb.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\MRZpyCt.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\uZWhNyZ.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\JJmiJjK.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\oNNbUfu.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\mMMtmAq.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\OTTBjTa.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\zrZiPEX.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\bPGYtwR.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\mxXSrUo.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\bDZMLMg.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\NINihNs.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\JzMAaiW.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\AcMnXzt.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\uoBhFXI.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\fAqZMay.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\sWCPmSC.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\XGMmxGL.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\RApNBeq.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\xXqNIrS.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\WvUJREV.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\BDUWSSZ.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\hNYCdfH.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\JtObYNE.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\GkERDQs.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\WhyYwLt.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\IOnIVkI.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\hqqOQve.exe	897828de36e94bf3a374166c999bfff0N.exe
File created	C:\Windows\System\wMnwlUH.exe	897828de36e94bf3a374166c999bfff0N.exe

Modifies data under HKEY_USERS 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
388	powershell.exe
388	powershell.exe
388	powershell.exe
388	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
13748	Process not Found
5220	Process not Found
3932	Process not Found
1076	Process not Found
5308	Process not Found
5740	Process not Found
3892	Process not Found
5524	Process not Found
5528	Process not Found
6432	Process not Found
5572	Process not Found
5716	Process not Found
13560	Process not Found
5612	Process not Found
5620	Process not Found
5628	Process not Found
5748	Process not Found
5752	Process not Found
13552	Process not Found
6292	Process not Found
13652	Process not Found
5672	Process not Found
5696	Process not Found
6092	Process not Found
13444	Process not Found
5712	Process not Found
6128	Process not Found
6648	Process not Found
6132	Process not Found
1000	Process not Found
6464	Process not Found
3056	Process not Found
6500	Process not Found
620	Process not Found
3384	Process not Found
2264	Process not Found
6508	Process not Found
6516	Process not Found
13656	Process not Found
6524	Process not Found
4396	Process not Found
6536	Process not Found
6628	Process not Found
6556	Process not Found
6632	Process not Found
3080	Process not Found
6156	Process not Found
5412	Process not Found
6220	Process not Found
13812	Process not Found
6276	Process not Found
6472	Process not Found
6932	Process not Found
7368	Process not Found
13716	Process not Found
6904	Process not Found
7052	Process not Found
6596	Process not Found
7376	Process not Found
13936	Process not Found
7392	Process not Found
7396	Process not Found
7400	Process not Found
7408	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4812	897828de36e94bf3a374166c999bfff0N.exe
Token: SeLockMemoryPrivilege	4812	897828de36e94bf3a374166c999bfff0N.exe
Token: SeDebugPrivilege	388	powershell.exe
Token: SeCreateGlobalPrivilege	14004	dwm.exe
Token: SeChangeNotifyPrivilege	14004	dwm.exe
Token: 33	14004	dwm.exe
Token: SeIncBasePriorityPrivilege	14004	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 388	4812	897828de36e94bf3a374166c999bfff0N.exe	85
PID 4812 wrote to memory of 388	4812	897828de36e94bf3a374166c999bfff0N.exe	85
PID 4812 wrote to memory of 872	4812	897828de36e94bf3a374166c999bfff0N.exe	86
PID 4812 wrote to memory of 872	4812	897828de36e94bf3a374166c999bfff0N.exe	86
PID 4812 wrote to memory of 4536	4812	897828de36e94bf3a374166c999bfff0N.exe	87
PID 4812 wrote to memory of 4536	4812	897828de36e94bf3a374166c999bfff0N.exe	87
PID 4812 wrote to memory of 3940	4812	897828de36e94bf3a374166c999bfff0N.exe	88
PID 4812 wrote to memory of 3940	4812	897828de36e94bf3a374166c999bfff0N.exe	88
PID 4812 wrote to memory of 5004	4812	897828de36e94bf3a374166c999bfff0N.exe	89
PID 4812 wrote to memory of 5004	4812	897828de36e94bf3a374166c999bfff0N.exe	89
PID 4812 wrote to memory of 4984	4812	897828de36e94bf3a374166c999bfff0N.exe	90
PID 4812 wrote to memory of 4984	4812	897828de36e94bf3a374166c999bfff0N.exe	90
PID 4812 wrote to memory of 4312	4812	897828de36e94bf3a374166c999bfff0N.exe	91
PID 4812 wrote to memory of 4312	4812	897828de36e94bf3a374166c999bfff0N.exe	91
PID 4812 wrote to memory of 4528	4812	897828de36e94bf3a374166c999bfff0N.exe	92
PID 4812 wrote to memory of 4528	4812	897828de36e94bf3a374166c999bfff0N.exe	92
PID 4812 wrote to memory of 3132	4812	897828de36e94bf3a374166c999bfff0N.exe	93
PID 4812 wrote to memory of 3132	4812	897828de36e94bf3a374166c999bfff0N.exe	93
PID 4812 wrote to memory of 1320	4812	897828de36e94bf3a374166c999bfff0N.exe	94
PID 4812 wrote to memory of 1320	4812	897828de36e94bf3a374166c999bfff0N.exe	94
PID 4812 wrote to memory of 2064	4812	897828de36e94bf3a374166c999bfff0N.exe	95
PID 4812 wrote to memory of 2064	4812	897828de36e94bf3a374166c999bfff0N.exe	95
PID 4812 wrote to memory of 3060	4812	897828de36e94bf3a374166c999bfff0N.exe	96
PID 4812 wrote to memory of 3060	4812	897828de36e94bf3a374166c999bfff0N.exe	96
PID 4812 wrote to memory of 1156	4812	897828de36e94bf3a374166c999bfff0N.exe	97
PID 4812 wrote to memory of 1156	4812	897828de36e94bf3a374166c999bfff0N.exe	97
PID 4812 wrote to memory of 232	4812	897828de36e94bf3a374166c999bfff0N.exe	98
PID 4812 wrote to memory of 232	4812	897828de36e94bf3a374166c999bfff0N.exe	98
PID 4812 wrote to memory of 2844	4812	897828de36e94bf3a374166c999bfff0N.exe	99
PID 4812 wrote to memory of 2844	4812	897828de36e94bf3a374166c999bfff0N.exe	99
PID 4812 wrote to memory of 32	4812	897828de36e94bf3a374166c999bfff0N.exe	100
PID 4812 wrote to memory of 32	4812	897828de36e94bf3a374166c999bfff0N.exe	100
PID 4812 wrote to memory of 5100	4812	897828de36e94bf3a374166c999bfff0N.exe	101
PID 4812 wrote to memory of 5100	4812	897828de36e94bf3a374166c999bfff0N.exe	101
PID 4812 wrote to memory of 4188	4812	897828de36e94bf3a374166c999bfff0N.exe	102
PID 4812 wrote to memory of 4188	4812	897828de36e94bf3a374166c999bfff0N.exe	102
PID 4812 wrote to memory of 2476	4812	897828de36e94bf3a374166c999bfff0N.exe	103
PID 4812 wrote to memory of 2476	4812	897828de36e94bf3a374166c999bfff0N.exe	103
PID 4812 wrote to memory of 1980	4812	897828de36e94bf3a374166c999bfff0N.exe	104
PID 4812 wrote to memory of 1980	4812	897828de36e94bf3a374166c999bfff0N.exe	104
PID 4812 wrote to memory of 4180	4812	897828de36e94bf3a374166c999bfff0N.exe	105
PID 4812 wrote to memory of 4180	4812	897828de36e94bf3a374166c999bfff0N.exe	105
PID 4812 wrote to memory of 3792	4812	897828de36e94bf3a374166c999bfff0N.exe	106
PID 4812 wrote to memory of 3792	4812	897828de36e94bf3a374166c999bfff0N.exe	106
PID 4812 wrote to memory of 4420	4812	897828de36e94bf3a374166c999bfff0N.exe	107
PID 4812 wrote to memory of 4420	4812	897828de36e94bf3a374166c999bfff0N.exe	107
PID 4812 wrote to memory of 4928	4812	897828de36e94bf3a374166c999bfff0N.exe	108
PID 4812 wrote to memory of 4928	4812	897828de36e94bf3a374166c999bfff0N.exe	108
PID 4812 wrote to memory of 2212	4812	897828de36e94bf3a374166c999bfff0N.exe	109
PID 4812 wrote to memory of 2212	4812	897828de36e94bf3a374166c999bfff0N.exe	109
PID 4812 wrote to memory of 4032	4812	897828de36e94bf3a374166c999bfff0N.exe	110
PID 4812 wrote to memory of 4032	4812	897828de36e94bf3a374166c999bfff0N.exe	110
PID 4812 wrote to memory of 364	4812	897828de36e94bf3a374166c999bfff0N.exe	111
PID 4812 wrote to memory of 364	4812	897828de36e94bf3a374166c999bfff0N.exe	111
PID 4812 wrote to memory of 3012	4812	897828de36e94bf3a374166c999bfff0N.exe	112
PID 4812 wrote to memory of 3012	4812	897828de36e94bf3a374166c999bfff0N.exe	112
PID 4812 wrote to memory of 688	4812	897828de36e94bf3a374166c999bfff0N.exe	113
PID 4812 wrote to memory of 688	4812	897828de36e94bf3a374166c999bfff0N.exe	113
PID 4812 wrote to memory of 2692	4812	897828de36e94bf3a374166c999bfff0N.exe	114
PID 4812 wrote to memory of 2692	4812	897828de36e94bf3a374166c999bfff0N.exe	114
PID 4812 wrote to memory of 2296	4812	897828de36e94bf3a374166c999bfff0N.exe	115
PID 4812 wrote to memory of 2296	4812	897828de36e94bf3a374166c999bfff0N.exe	115
PID 4812 wrote to memory of 4968	4812	897828de36e94bf3a374166c999bfff0N.exe	116
PID 4812 wrote to memory of 4968	4812	897828de36e94bf3a374166c999bfff0N.exe	116

C:\Users\Admin\AppData\Local\Temp\897828de36e94bf3a374166c999bfff0N.exe
"C:\Users\Admin\AppData\Local\Temp\897828de36e94bf3a374166c999bfff0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:388
- C:\Windows\System\rsydPuJ.exe
  C:\Windows\System\rsydPuJ.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\NSymPyU.exe
  C:\Windows\System\NSymPyU.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\OoBpDiD.exe
  C:\Windows\System\OoBpDiD.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\uHJXYjd.exe
  C:\Windows\System\uHJXYjd.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\sRCsKUA.exe
  C:\Windows\System\sRCsKUA.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\MqHNYTE.exe
  C:\Windows\System\MqHNYTE.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\xpeJCug.exe
  C:\Windows\System\xpeJCug.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\RNAuZyI.exe
  C:\Windows\System\RNAuZyI.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\vCRpWpq.exe
  C:\Windows\System\vCRpWpq.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\ZSFgbEW.exe
  C:\Windows\System\ZSFgbEW.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ohzxHyD.exe
  C:\Windows\System\ohzxHyD.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\RimfYSf.exe
  C:\Windows\System\RimfYSf.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\lSMyTzO.exe
  C:\Windows\System\lSMyTzO.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\UKtrZId.exe
  C:\Windows\System\UKtrZId.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\annSMgU.exe
  C:\Windows\System\annSMgU.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\rywodNp.exe
  C:\Windows\System\rywodNp.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\McSpWSG.exe
  C:\Windows\System\McSpWSG.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\DYlwYDu.exe
  C:\Windows\System\DYlwYDu.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\EqpRuuy.exe
  C:\Windows\System\EqpRuuy.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\VNMOtoL.exe
  C:\Windows\System\VNMOtoL.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\xfdJJOk.exe
  C:\Windows\System\xfdJJOk.exe
  2⤵
  - Executes dropped EXE
  PID:3792
- C:\Windows\System\NRMqXVT.exe
  C:\Windows\System\NRMqXVT.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\sznryNj.exe
  C:\Windows\System\sznryNj.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\ERiyzBn.exe
  C:\Windows\System\ERiyzBn.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\VqfAxiM.exe
  C:\Windows\System\VqfAxiM.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\HRQfXUp.exe
  C:\Windows\System\HRQfXUp.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\QuzCKMr.exe
  C:\Windows\System\QuzCKMr.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BwshHJh.exe
  C:\Windows\System\BwshHJh.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\KfhIwXv.exe
  C:\Windows\System\KfhIwXv.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\GRWYcYk.exe
  C:\Windows\System\GRWYcYk.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\HQdsWeM.exe
  C:\Windows\System\HQdsWeM.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\gZekuJa.exe
  C:\Windows\System\gZekuJa.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\MPLqPUg.exe
  C:\Windows\System\MPLqPUg.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\bcZmpDY.exe
  C:\Windows\System\bcZmpDY.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\DWVxQTv.exe
  C:\Windows\System\DWVxQTv.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\bGjAHxS.exe
  C:\Windows\System\bGjAHxS.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\CWxbBqY.exe
  C:\Windows\System\CWxbBqY.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\UmOKriU.exe
  C:\Windows\System\UmOKriU.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\SaHhVIK.exe
  C:\Windows\System\SaHhVIK.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\RJhEAPx.exe
  C:\Windows\System\RJhEAPx.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\ZDeDMub.exe
  C:\Windows\System\ZDeDMub.exe
  2⤵
  - Executes dropped EXE
  PID:3660
- C:\Windows\System\FrKPxIY.exe
  C:\Windows\System\FrKPxIY.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\kmZpWkM.exe
  C:\Windows\System\kmZpWkM.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\caElCmh.exe
  C:\Windows\System\caElCmh.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\KgZntcY.exe
  C:\Windows\System\KgZntcY.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\eJVobyp.exe
  C:\Windows\System\eJVobyp.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\xxSVPTm.exe
  C:\Windows\System\xxSVPTm.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\MuziDoU.exe
  C:\Windows\System\MuziDoU.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\VizsFhm.exe
  C:\Windows\System\VizsFhm.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\AHtinmw.exe
  C:\Windows\System\AHtinmw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\kqgwlWI.exe
  C:\Windows\System\kqgwlWI.exe
  2⤵
  PID:3400
- C:\Windows\System\XhIuPsi.exe
  C:\Windows\System\XhIuPsi.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\bsHYCFj.exe
  C:\Windows\System\bsHYCFj.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\llcBRZc.exe
  C:\Windows\System\llcBRZc.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\gcaKGEc.exe
  C:\Windows\System\gcaKGEc.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\TvsqOQd.exe
  C:\Windows\System\TvsqOQd.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\wmpuxnO.exe
  C:\Windows\System\wmpuxnO.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\lGXaHEe.exe
  C:\Windows\System\lGXaHEe.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\TiXRaur.exe
  C:\Windows\System\TiXRaur.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\JzfgwER.exe
  C:\Windows\System\JzfgwER.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\KWMRCan.exe
  C:\Windows\System\KWMRCan.exe
  2⤵
  - Executes dropped EXE
  PID:4588
- C:\Windows\System\bhpkTDr.exe
  C:\Windows\System\bhpkTDr.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\DmAJzmP.exe
  C:\Windows\System\DmAJzmP.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\JZsrjSM.exe
  C:\Windows\System\JZsrjSM.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\WqeslJP.exe
  C:\Windows\System\WqeslJP.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\DVPSBWx.exe
  C:\Windows\System\DVPSBWx.exe
  2⤵
  PID:4388
- C:\Windows\System\drZkDSm.exe
  C:\Windows\System\drZkDSm.exe
  2⤵
  PID:3444
- C:\Windows\System\NBkyXfh.exe
  C:\Windows\System\NBkyXfh.exe
  2⤵
  PID:1520
- C:\Windows\System\AxGApAW.exe
  C:\Windows\System\AxGApAW.exe
  2⤵
  PID:2588
- C:\Windows\System\RnfMooi.exe
  C:\Windows\System\RnfMooi.exe
  2⤵
  PID:4940
- C:\Windows\System\gmpKpEC.exe
  C:\Windows\System\gmpKpEC.exe
  2⤵
  PID:3000
- C:\Windows\System\lXnYfvG.exe
  C:\Windows\System\lXnYfvG.exe
  2⤵
  PID:4440
- C:\Windows\System\cOaXIQU.exe
  C:\Windows\System\cOaXIQU.exe
  2⤵
  PID:2944
- C:\Windows\System\fZvmbKI.exe
  C:\Windows\System\fZvmbKI.exe
  2⤵
  PID:4200
- C:\Windows\System\NcSyLmk.exe
  C:\Windows\System\NcSyLmk.exe
  2⤵
  PID:4796
- C:\Windows\System\DifzNgt.exe
  C:\Windows\System\DifzNgt.exe
  2⤵
  PID:3864
- C:\Windows\System\hkhuhqq.exe
  C:\Windows\System\hkhuhqq.exe
  2⤵
  PID:3188
- C:\Windows\System\JuwUPsE.exe
  C:\Windows\System\JuwUPsE.exe
  2⤵
  PID:3688
- C:\Windows\System\EpcYiDJ.exe
  C:\Windows\System\EpcYiDJ.exe
  2⤵
  PID:1036
- C:\Windows\System\DRakJpk.exe
  C:\Windows\System\DRakJpk.exe
  2⤵
  PID:1944
- C:\Windows\System\SPpKDBM.exe
  C:\Windows\System\SPpKDBM.exe
  2⤵
  PID:5108
- C:\Windows\System\QzKwuaU.exe
  C:\Windows\System\QzKwuaU.exe
  2⤵
  PID:3484
- C:\Windows\System\UsjHUiP.exe
  C:\Windows\System\UsjHUiP.exe
  2⤵
  PID:4308
- C:\Windows\System\NPYAAdl.exe
  C:\Windows\System\NPYAAdl.exe
  2⤵
  PID:2872
- C:\Windows\System\XSkkeoi.exe
  C:\Windows\System\XSkkeoi.exe
  2⤵
  PID:4136
- C:\Windows\System\okETOqi.exe
  C:\Windows\System\okETOqi.exe
  2⤵
  PID:5148
- C:\Windows\System\SjSzlIS.exe
  C:\Windows\System\SjSzlIS.exe
  2⤵
  PID:5168
- C:\Windows\System\fIwIUAR.exe
  C:\Windows\System\fIwIUAR.exe
  2⤵
  PID:5192
- C:\Windows\System\OJokDmr.exe
  C:\Windows\System\OJokDmr.exe
  2⤵
  PID:5208
- C:\Windows\System\gdLeMlE.exe
  C:\Windows\System\gdLeMlE.exe
  2⤵
  PID:5232
- C:\Windows\System\MOHgavi.exe
  C:\Windows\System\MOHgavi.exe
  2⤵
  PID:5256
- C:\Windows\System\bDZMLMg.exe
  C:\Windows\System\bDZMLMg.exe
  2⤵
  PID:5272
- C:\Windows\System\uJHslFz.exe
  C:\Windows\System\uJHslFz.exe
  2⤵
  PID:5296
- C:\Windows\System\TveHCcf.exe
  C:\Windows\System\TveHCcf.exe
  2⤵
  PID:5320
- C:\Windows\System\QAaTeek.exe
  C:\Windows\System\QAaTeek.exe
  2⤵
  PID:5336
- C:\Windows\System\qsrUkHE.exe
  C:\Windows\System\qsrUkHE.exe
  2⤵
  PID:5360
- C:\Windows\System\OSEfdNA.exe
  C:\Windows\System\OSEfdNA.exe
  2⤵
  PID:5380
- C:\Windows\System\UtARguQ.exe
  C:\Windows\System\UtARguQ.exe
  2⤵
  PID:5400
- C:\Windows\System\BPIfEKE.exe
  C:\Windows\System\BPIfEKE.exe
  2⤵
  PID:5428
- C:\Windows\System\kpTMxbr.exe
  C:\Windows\System\kpTMxbr.exe
  2⤵
  PID:5448
- C:\Windows\System\nFtPmzj.exe
  C:\Windows\System\nFtPmzj.exe
  2⤵
  PID:5464
- C:\Windows\System\fBezaJE.exe
  C:\Windows\System\fBezaJE.exe
  2⤵
  PID:5488
- C:\Windows\System\dmgeGJk.exe
  C:\Windows\System\dmgeGJk.exe
  2⤵
  PID:5508
- C:\Windows\System\VWJMCTd.exe
  C:\Windows\System\VWJMCTd.exe
  2⤵
  PID:5764
- C:\Windows\System\SzKYzVZ.exe
  C:\Windows\System\SzKYzVZ.exe
  2⤵
  PID:5780
- C:\Windows\System\ASvRgqH.exe
  C:\Windows\System\ASvRgqH.exe
  2⤵
  PID:5796
- C:\Windows\System\WskilVq.exe
  C:\Windows\System\WskilVq.exe
  2⤵
  PID:5812
- C:\Windows\System\PlLlwAX.exe
  C:\Windows\System\PlLlwAX.exe
  2⤵
  PID:5828
- C:\Windows\System\mnYiDCD.exe
  C:\Windows\System\mnYiDCD.exe
  2⤵
  PID:5844
- C:\Windows\System\DYXBTyP.exe
  C:\Windows\System\DYXBTyP.exe
  2⤵
  PID:5860
- C:\Windows\System\iUPRYox.exe
  C:\Windows\System\iUPRYox.exe
  2⤵
  PID:5876
- C:\Windows\System\RtxbRUo.exe
  C:\Windows\System\RtxbRUo.exe
  2⤵
  PID:5892
- C:\Windows\System\JzwuZyG.exe
  C:\Windows\System\JzwuZyG.exe
  2⤵
  PID:5912
- C:\Windows\System\TkIwdYs.exe
  C:\Windows\System\TkIwdYs.exe
  2⤵
  PID:5936
- C:\Windows\System\HaowjVk.exe
  C:\Windows\System\HaowjVk.exe
  2⤵
  PID:5952
- C:\Windows\System\dbNFKTd.exe
  C:\Windows\System\dbNFKTd.exe
  2⤵
  PID:5984
- C:\Windows\System\aTuEZki.exe
  C:\Windows\System\aTuEZki.exe
  2⤵
  PID:6000
- C:\Windows\System\alAQCsF.exe
  C:\Windows\System\alAQCsF.exe
  2⤵
  PID:6024
- C:\Windows\System\GnQhHHb.exe
  C:\Windows\System\GnQhHHb.exe
  2⤵
  PID:6044
- C:\Windows\System\JrIdkSu.exe
  C:\Windows\System\JrIdkSu.exe
  2⤵
  PID:6068
- C:\Windows\System\kIdOEbZ.exe
  C:\Windows\System\kIdOEbZ.exe
  2⤵
  PID:6104
- C:\Windows\System\cxSdeyW.exe
  C:\Windows\System\cxSdeyW.exe
  2⤵
  PID:6136
- C:\Windows\System\caGshLW.exe
  C:\Windows\System\caGshLW.exe
  2⤵
  PID:1312
- C:\Windows\System\LZnGlUc.exe
  C:\Windows\System\LZnGlUc.exe
  2⤵
  PID:1912
- C:\Windows\System\JCPBHYW.exe
  C:\Windows\System\JCPBHYW.exe
  2⤵
  PID:1408
- C:\Windows\System\TFczSMG.exe
  C:\Windows\System\TFczSMG.exe
  2⤵
  PID:5096
- C:\Windows\System\GmNmrgJ.exe
  C:\Windows\System\GmNmrgJ.exe
  2⤵
  PID:4700
- C:\Windows\System\MUlXjAX.exe
  C:\Windows\System\MUlXjAX.exe
  2⤵
  PID:3644
- C:\Windows\System\yOAGSEU.exe
  C:\Windows\System\yOAGSEU.exe
  2⤵
  PID:4348
- C:\Windows\System\fsIPwgf.exe
  C:\Windows\System\fsIPwgf.exe
  2⤵
  PID:5032
- C:\Windows\System\LXJBIsq.exe
  C:\Windows\System\LXJBIsq.exe
  2⤵
  PID:3832
- C:\Windows\System\txtLsSM.exe
  C:\Windows\System\txtLsSM.exe
  2⤵
  PID:4484
- C:\Windows\System\fAqZMay.exe
  C:\Windows\System\fAqZMay.exe
  2⤵
  PID:4868
- C:\Windows\System\SHQDiVB.exe
  C:\Windows\System\SHQDiVB.exe
  2⤵
  PID:3632
- C:\Windows\System\ruhSgNQ.exe
  C:\Windows\System\ruhSgNQ.exe
  2⤵
  PID:416
- C:\Windows\System\gGcGdDG.exe
  C:\Windows\System\gGcGdDG.exe
  2⤵
  PID:2896
- C:\Windows\System\CBxjNWq.exe
  C:\Windows\System\CBxjNWq.exe
  2⤵
  PID:3256
- C:\Windows\System\zzUUlhv.exe
  C:\Windows\System\zzUUlhv.exe
  2⤵
  PID:4324
- C:\Windows\System\YDQMPdb.exe
  C:\Windows\System\YDQMPdb.exe
  2⤵
  PID:3904
- C:\Windows\System\SsaDYPH.exe
  C:\Windows\System\SsaDYPH.exe
  2⤵
  PID:2472
- C:\Windows\System\NamsjoA.exe
  C:\Windows\System\NamsjoA.exe
  2⤵
  PID:1420
- C:\Windows\System\bHtMBsm.exe
  C:\Windows\System\bHtMBsm.exe
  2⤵
  PID:5132
- C:\Windows\System\ndjoqyx.exe
  C:\Windows\System\ndjoqyx.exe
  2⤵
  PID:5188
- C:\Windows\System\iVIuNzI.exe
  C:\Windows\System\iVIuNzI.exe
  2⤵
  PID:5228
- C:\Windows\System\QhbKKgF.exe
  C:\Windows\System\QhbKKgF.exe
  2⤵
  PID:5268
- C:\Windows\System\jWbJcjy.exe
  C:\Windows\System\jWbJcjy.exe
  2⤵
  PID:5316
- C:\Windows\System\eBlaqoi.exe
  C:\Windows\System\eBlaqoi.exe
  2⤵
  PID:5352
- C:\Windows\System\BDCtjKG.exe
  C:\Windows\System\BDCtjKG.exe
  2⤵
  PID:5396
- C:\Windows\System\vsPcQjK.exe
  C:\Windows\System\vsPcQjK.exe
  2⤵
  PID:5480
- C:\Windows\System\Xppnyfw.exe
  C:\Windows\System\Xppnyfw.exe
  2⤵
  PID:6164
- C:\Windows\System\wpyRDCk.exe
  C:\Windows\System\wpyRDCk.exe
  2⤵
  PID:6180
- C:\Windows\System\FqSGKie.exe
  C:\Windows\System\FqSGKie.exe
  2⤵
  PID:6204
- C:\Windows\System\XKLgDhi.exe
  C:\Windows\System\XKLgDhi.exe
  2⤵
  PID:6224
- C:\Windows\System\sQWqyEN.exe
  C:\Windows\System\sQWqyEN.exe
  2⤵
  PID:6244
- C:\Windows\System\TqOnbWi.exe
  C:\Windows\System\TqOnbWi.exe
  2⤵
  PID:6268
- C:\Windows\System\ZcEiiQv.exe
  C:\Windows\System\ZcEiiQv.exe
  2⤵
  PID:6296
- C:\Windows\System\MPgGWxp.exe
  C:\Windows\System\MPgGWxp.exe
  2⤵
  PID:6312
- C:\Windows\System\gvzCfhG.exe
  C:\Windows\System\gvzCfhG.exe
  2⤵
  PID:6336
- C:\Windows\System\dRcOxdJ.exe
  C:\Windows\System\dRcOxdJ.exe
  2⤵
  PID:6356
- C:\Windows\System\SnURzCQ.exe
  C:\Windows\System\SnURzCQ.exe
  2⤵
  PID:6372
- C:\Windows\System\QXLCACT.exe
  C:\Windows\System\QXLCACT.exe
  2⤵
  PID:6392
- C:\Windows\System\AyzArAl.exe
  C:\Windows\System\AyzArAl.exe
  2⤵
  PID:6412
- C:\Windows\System\CRRehrw.exe
  C:\Windows\System\CRRehrw.exe
  2⤵
  PID:6452
- C:\Windows\System\KWMDCod.exe
  C:\Windows\System\KWMDCod.exe
  2⤵
  PID:6712
- C:\Windows\System\QxVhgWw.exe
  C:\Windows\System\QxVhgWw.exe
  2⤵
  PID:6728
- C:\Windows\System\qmtDEEA.exe
  C:\Windows\System\qmtDEEA.exe
  2⤵
  PID:6744
- C:\Windows\System\AVraWbl.exe
  C:\Windows\System\AVraWbl.exe
  2⤵
  PID:6760
- C:\Windows\System\nXddhik.exe
  C:\Windows\System\nXddhik.exe
  2⤵
  PID:6776
- C:\Windows\System\RwnERMb.exe
  C:\Windows\System\RwnERMb.exe
  2⤵
  PID:6792
- C:\Windows\System\hNhAYmT.exe
  C:\Windows\System\hNhAYmT.exe
  2⤵
  PID:6808
- C:\Windows\System\XrmVctS.exe
  C:\Windows\System\XrmVctS.exe
  2⤵
  PID:6824
- C:\Windows\System\ifVYkzV.exe
  C:\Windows\System\ifVYkzV.exe
  2⤵
  PID:6840
- C:\Windows\System\RLDFRjw.exe
  C:\Windows\System\RLDFRjw.exe
  2⤵
  PID:6860
- C:\Windows\System\Owrhdax.exe
  C:\Windows\System\Owrhdax.exe
  2⤵
  PID:6880
- C:\Windows\System\XZrrwBn.exe
  C:\Windows\System\XZrrwBn.exe
  2⤵
  PID:6896
- C:\Windows\System\RdnJUHh.exe
  C:\Windows\System\RdnJUHh.exe
  2⤵
  PID:6944
- C:\Windows\System\aFiUzjJ.exe
  C:\Windows\System\aFiUzjJ.exe
  2⤵
  PID:7084
- C:\Windows\System\phqYkMu.exe
  C:\Windows\System\phqYkMu.exe
  2⤵
  PID:7100
- C:\Windows\System\NRbdVHR.exe
  C:\Windows\System\NRbdVHR.exe
  2⤵
  PID:7116
- C:\Windows\System\zIIIXPt.exe
  C:\Windows\System\zIIIXPt.exe
  2⤵
  PID:7132
- C:\Windows\System\wJMhRti.exe
  C:\Windows\System\wJMhRti.exe
  2⤵
  PID:7152
- C:\Windows\System\cAySuIN.exe
  C:\Windows\System\cAySuIN.exe
  2⤵
  PID:5520
- C:\Windows\System\QcIYSVC.exe
  C:\Windows\System\QcIYSVC.exe
  2⤵
  PID:6032
- C:\Windows\System\acvbunB.exe
  C:\Windows\System\acvbunB.exe
  2⤵
  PID:5540
- C:\Windows\System\KcbtSuM.exe
  C:\Windows\System\KcbtSuM.exe
  2⤵
  PID:1480
- C:\Windows\System\phMeiyr.exe
  C:\Windows\System\phMeiyr.exe
  2⤵
  PID:5788
- C:\Windows\System\UuNrQKj.exe
  C:\Windows\System\UuNrQKj.exe
  2⤵
  PID:5824
- C:\Windows\System\GxpgJEq.exe
  C:\Windows\System\GxpgJEq.exe
  2⤵
  PID:5856
- C:\Windows\System\yhWdZXH.exe
  C:\Windows\System\yhWdZXH.exe
  2⤵
  PID:5888
- C:\Windows\System\dkMBUFJ.exe
  C:\Windows\System\dkMBUFJ.exe
  2⤵
  PID:6076
- C:\Windows\System\VVoyBVD.exe
  C:\Windows\System\VVoyBVD.exe
  2⤵
  PID:6120
- C:\Windows\System\xHJBoAD.exe
  C:\Windows\System\xHJBoAD.exe
  2⤵
  PID:2292
- C:\Windows\System\rEQLxTd.exe
  C:\Windows\System\rEQLxTd.exe
  2⤵
  PID:1728
- C:\Windows\System\KDcJIpH.exe
  C:\Windows\System\KDcJIpH.exe
  2⤵
  PID:2876
- C:\Windows\System\nOBHlYY.exe
  C:\Windows\System\nOBHlYY.exe
  2⤵
  PID:2436
- C:\Windows\System\NkDcIpQ.exe
  C:\Windows\System\NkDcIpQ.exe
  2⤵
  PID:2032
- C:\Windows\System\hIqbxmM.exe
  C:\Windows\System\hIqbxmM.exe
  2⤵
  PID:3992
- C:\Windows\System\MZsEnyL.exe
  C:\Windows\System\MZsEnyL.exe
  2⤵
  PID:4284
- C:\Windows\System\WDHRNzZ.exe
  C:\Windows\System\WDHRNzZ.exe
  2⤵
  PID:2384
- C:\Windows\System\OkGddEX.exe
  C:\Windows\System\OkGddEX.exe
  2⤵
  PID:1456
- C:\Windows\System\Jilvsdo.exe
  C:\Windows\System\Jilvsdo.exe
  2⤵
  PID:5156
- C:\Windows\System\SyNYrmE.exe
  C:\Windows\System\SyNYrmE.exe
  2⤵
  PID:5288
- C:\Windows\System\CSSPJBQ.exe
  C:\Windows\System\CSSPJBQ.exe
  2⤵
  PID:6152
- C:\Windows\System\WNCmpdM.exe
  C:\Windows\System\WNCmpdM.exe
  2⤵
  PID:6468
- C:\Windows\System\vcXSyQb.exe
  C:\Windows\System\vcXSyQb.exe
  2⤵
  PID:1100
- C:\Windows\System\izcDQIz.exe
  C:\Windows\System\izcDQIz.exe
  2⤵
  PID:6280
- C:\Windows\System\SbHYlWt.exe
  C:\Windows\System\SbHYlWt.exe
  2⤵
  PID:6212
- C:\Windows\System\bxmtaDS.exe
  C:\Windows\System\bxmtaDS.exe
  2⤵
  PID:6148
- C:\Windows\System\zdiRwfe.exe
  C:\Windows\System\zdiRwfe.exe
  2⤵
  PID:5368
- C:\Windows\System\MdHsbGP.exe
  C:\Windows\System\MdHsbGP.exe
  2⤵
  PID:6384
- C:\Windows\System\vDTCgpG.exe
  C:\Windows\System\vDTCgpG.exe
  2⤵
  PID:6420
- C:\Windows\System\xVqpvsM.exe
  C:\Windows\System\xVqpvsM.exe
  2⤵
  PID:7184
- C:\Windows\System\zHNyuZL.exe
  C:\Windows\System\zHNyuZL.exe
  2⤵
  PID:7200
- C:\Windows\System\zRHrOJK.exe
  C:\Windows\System\zRHrOJK.exe
  2⤵
  PID:7220
- C:\Windows\System\npkHkNn.exe
  C:\Windows\System\npkHkNn.exe
  2⤵
  PID:7240
- C:\Windows\System\pxvCYiL.exe
  C:\Windows\System\pxvCYiL.exe
  2⤵
  PID:7256
- C:\Windows\System\tVciSBs.exe
  C:\Windows\System\tVciSBs.exe
  2⤵
  PID:7276
- C:\Windows\System\DcsXsJg.exe
  C:\Windows\System\DcsXsJg.exe
  2⤵
  PID:7296
- C:\Windows\System\kaFQUmE.exe
  C:\Windows\System\kaFQUmE.exe
  2⤵
  PID:7312
- C:\Windows\System\IntwLAp.exe
  C:\Windows\System\IntwLAp.exe
  2⤵
  PID:7528
- C:\Windows\System\pBEFgEZ.exe
  C:\Windows\System\pBEFgEZ.exe
  2⤵
  PID:7548
- C:\Windows\System\yNLcCCp.exe
  C:\Windows\System\yNLcCCp.exe
  2⤵
  PID:7572
- C:\Windows\System\qRnfzop.exe
  C:\Windows\System\qRnfzop.exe
  2⤵
  PID:7592
- C:\Windows\System\xCUzGnx.exe
  C:\Windows\System\xCUzGnx.exe
  2⤵
  PID:7616
- C:\Windows\System\LyUprHO.exe
  C:\Windows\System\LyUprHO.exe
  2⤵
  PID:7644
- C:\Windows\System\WPltfns.exe
  C:\Windows\System\WPltfns.exe
  2⤵
  PID:7668
- C:\Windows\System\OHTaLep.exe
  C:\Windows\System\OHTaLep.exe
  2⤵
  PID:7692
- C:\Windows\System\JakVhuS.exe
  C:\Windows\System\JakVhuS.exe
  2⤵
  PID:7720
- C:\Windows\System\GRgfyzb.exe
  C:\Windows\System\GRgfyzb.exe
  2⤵
  PID:7760
- C:\Windows\System\bhdeYjc.exe
  C:\Windows\System\bhdeYjc.exe
  2⤵
  PID:7788
- C:\Windows\System\QFwcglW.exe
  C:\Windows\System\QFwcglW.exe
  2⤵
  PID:7804
- C:\Windows\System\kTYPZCk.exe
  C:\Windows\System\kTYPZCk.exe
  2⤵
  PID:7820
- C:\Windows\System\UEuQNPQ.exe
  C:\Windows\System\UEuQNPQ.exe
  2⤵
  PID:7836
- C:\Windows\System\VMKkspZ.exe
  C:\Windows\System\VMKkspZ.exe
  2⤵
  PID:7884
- C:\Windows\System\CyvwDXD.exe
  C:\Windows\System\CyvwDXD.exe
  2⤵
  PID:7900
- C:\Windows\System\iWsXvWe.exe
  C:\Windows\System\iWsXvWe.exe
  2⤵
  PID:7920
- C:\Windows\System\fnqLkGq.exe
  C:\Windows\System\fnqLkGq.exe
  2⤵
  PID:7940
- C:\Windows\System\lbkDaqG.exe
  C:\Windows\System\lbkDaqG.exe
  2⤵
  PID:7956
- C:\Windows\System\loAQaPt.exe
  C:\Windows\System\loAQaPt.exe
  2⤵
  PID:7980
- C:\Windows\System\rxtgEUX.exe
  C:\Windows\System\rxtgEUX.exe
  2⤵
  PID:8004
- C:\Windows\System\rOKEwIM.exe
  C:\Windows\System\rOKEwIM.exe
  2⤵
  PID:8020
- C:\Windows\System\GqFJnmJ.exe
  C:\Windows\System\GqFJnmJ.exe
  2⤵
  PID:8044
- C:\Windows\System\RNzEcPB.exe
  C:\Windows\System\RNzEcPB.exe
  2⤵
  PID:8068
- C:\Windows\System\WLNubSf.exe
  C:\Windows\System\WLNubSf.exe
  2⤵
  PID:8084
- C:\Windows\System\wUazWEo.exe
  C:\Windows\System\wUazWEo.exe
  2⤵
  PID:8108
- C:\Windows\System\SFxqtLk.exe
  C:\Windows\System\SFxqtLk.exe
  2⤵
  PID:8132
- C:\Windows\System\DHdBAgA.exe
  C:\Windows\System\DHdBAgA.exe
  2⤵
  PID:8160
- C:\Windows\System\uZWhNyZ.exe
  C:\Windows\System\uZWhNyZ.exe
  2⤵
  PID:8176
- C:\Windows\System\sWCPmSC.exe
  C:\Windows\System\sWCPmSC.exe
  2⤵
  PID:5744
- C:\Windows\System\NdebrAW.exe
  C:\Windows\System\NdebrAW.exe
  2⤵
  PID:320
- C:\Windows\System\nGUAgQe.exe
  C:\Windows\System\nGUAgQe.exe
  2⤵
  PID:1868
- C:\Windows\System\RLsxjPs.exe
  C:\Windows\System\RLsxjPs.exe
  2⤵
  PID:2728
- C:\Windows\System\uigafAF.exe
  C:\Windows\System\uigafAF.exe
  2⤵
  PID:6348
- C:\Windows\System\vGejNaH.exe
  C:\Windows\System\vGejNaH.exe
  2⤵
  PID:6160
- C:\Windows\System\dCdRSrF.exe
  C:\Windows\System\dCdRSrF.exe
  2⤵
  PID:4848
- C:\Windows\System\lSyHyDR.exe
  C:\Windows\System\lSyHyDR.exe
  2⤵
  PID:5332
- C:\Windows\System\BBZbCDV.exe
  C:\Windows\System\BBZbCDV.exe
  2⤵
  PID:8196
- C:\Windows\System\AewAIPp.exe
  C:\Windows\System\AewAIPp.exe
  2⤵
  PID:8212
- C:\Windows\System\WScNraY.exe
  C:\Windows\System\WScNraY.exe
  2⤵
  PID:8236
- C:\Windows\System\WMDfbdO.exe
  C:\Windows\System\WMDfbdO.exe
  2⤵
  PID:8260
- C:\Windows\System\NINihNs.exe
  C:\Windows\System\NINihNs.exe
  2⤵
  PID:8276
- C:\Windows\System\ieBVuLg.exe
  C:\Windows\System\ieBVuLg.exe
  2⤵
  PID:8304
- C:\Windows\System\jjOXURa.exe
  C:\Windows\System\jjOXURa.exe
  2⤵
  PID:8328
- C:\Windows\System\eTzCpkm.exe
  C:\Windows\System\eTzCpkm.exe
  2⤵
  PID:8344
- C:\Windows\System\QgLCmsJ.exe
  C:\Windows\System\QgLCmsJ.exe
  2⤵
  PID:8360
- C:\Windows\System\DNeRlCX.exe
  C:\Windows\System\DNeRlCX.exe
  2⤵
  PID:8376
- C:\Windows\System\WJPLDwm.exe
  C:\Windows\System\WJPLDwm.exe
  2⤵
  PID:8392
- C:\Windows\System\GXofFoF.exe
  C:\Windows\System\GXofFoF.exe
  2⤵
  PID:8472
- C:\Windows\System\sevKBJc.exe
  C:\Windows\System\sevKBJc.exe
  2⤵
  PID:8488
- C:\Windows\System\BoEZXAJ.exe
  C:\Windows\System\BoEZXAJ.exe
  2⤵
  PID:8508
- C:\Windows\System\inpPTZR.exe
  C:\Windows\System\inpPTZR.exe
  2⤵
  PID:8532
- C:\Windows\System\Hlvhcxl.exe
  C:\Windows\System\Hlvhcxl.exe
  2⤵
  PID:8552
- C:\Windows\System\iqfzgjC.exe
  C:\Windows\System\iqfzgjC.exe
  2⤵
  PID:8572
- C:\Windows\System\MAnvGHJ.exe
  C:\Windows\System\MAnvGHJ.exe
  2⤵
  PID:8596
- C:\Windows\System\fFAPvks.exe
  C:\Windows\System\fFAPvks.exe
  2⤵
  PID:8616
- C:\Windows\System\WVkdetQ.exe
  C:\Windows\System\WVkdetQ.exe
  2⤵
  PID:8632
- C:\Windows\System\xezkhZO.exe
  C:\Windows\System\xezkhZO.exe
  2⤵
  PID:8660
- C:\Windows\System\ojYJYGA.exe
  C:\Windows\System\ojYJYGA.exe
  2⤵
  PID:8676
- C:\Windows\System\GHUVjAh.exe
  C:\Windows\System\GHUVjAh.exe
  2⤵
  PID:8700
- C:\Windows\System\sIorIkn.exe
  C:\Windows\System\sIorIkn.exe
  2⤵
  PID:8724
- C:\Windows\System\frGQbWj.exe
  C:\Windows\System\frGQbWj.exe
  2⤵
  PID:8740
- C:\Windows\System\AgqCHQk.exe
  C:\Windows\System\AgqCHQk.exe
  2⤵
  PID:8764
- C:\Windows\System\xirZyUM.exe
  C:\Windows\System\xirZyUM.exe
  2⤵
  PID:8788
- C:\Windows\System\cIfQnrb.exe
  C:\Windows\System\cIfQnrb.exe
  2⤵
  PID:8804
- C:\Windows\System\YfAtbgK.exe
  C:\Windows\System\YfAtbgK.exe
  2⤵
  PID:8828
- C:\Windows\System\UOfhEHz.exe
  C:\Windows\System\UOfhEHz.exe
  2⤵
  PID:8844
- C:\Windows\System\VzxUfkc.exe
  C:\Windows\System\VzxUfkc.exe
  2⤵
  PID:8864
- C:\Windows\System\DdFGCrU.exe
  C:\Windows\System\DdFGCrU.exe
  2⤵
  PID:8884
- C:\Windows\System\roGXwlE.exe
  C:\Windows\System\roGXwlE.exe
  2⤵
  PID:8904
- C:\Windows\System\nwHiwlZ.exe
  C:\Windows\System\nwHiwlZ.exe
  2⤵
  PID:8928
- C:\Windows\System\AMUguEz.exe
  C:\Windows\System\AMUguEz.exe
  2⤵
  PID:8956
- C:\Windows\System\oLsKnvO.exe
  C:\Windows\System\oLsKnvO.exe
  2⤵
  PID:8976
- C:\Windows\System\YNnTRTr.exe
  C:\Windows\System\YNnTRTr.exe
  2⤵
  PID:9000
- C:\Windows\System\fiHBGav.exe
  C:\Windows\System\fiHBGav.exe
  2⤵
  PID:9024
- C:\Windows\System\BAWmZLr.exe
  C:\Windows\System\BAWmZLr.exe
  2⤵
  PID:9052
- C:\Windows\System\XMfuhJO.exe
  C:\Windows\System\XMfuhJO.exe
  2⤵
  PID:9080
- C:\Windows\System\ruzulWS.exe
  C:\Windows\System\ruzulWS.exe
  2⤵
  PID:9104
- C:\Windows\System\kqeaJOE.exe
  C:\Windows\System\kqeaJOE.exe
  2⤵
  PID:9124
- C:\Windows\System\kJZBPGy.exe
  C:\Windows\System\kJZBPGy.exe
  2⤵
  PID:9144
- C:\Windows\System\jQBUlBD.exe
  C:\Windows\System\jQBUlBD.exe
  2⤵
  PID:9168
- C:\Windows\System\DIkFknV.exe
  C:\Windows\System\DIkFknV.exe
  2⤵
  PID:9184
- C:\Windows\System\QUYpqyD.exe
  C:\Windows\System\QUYpqyD.exe
  2⤵
  PID:9208
- C:\Windows\System\vRPRzxi.exe
  C:\Windows\System\vRPRzxi.exe
  2⤵
  PID:6768
- C:\Windows\System\RdaZULI.exe
  C:\Windows\System\RdaZULI.exe
  2⤵
  PID:3112
- C:\Windows\System\ZxoQMOO.exe
  C:\Windows\System\ZxoQMOO.exe
  2⤵
  PID:6836
- C:\Windows\System\aLqiKXG.exe
  C:\Windows\System\aLqiKXG.exe
  2⤵
  PID:6892
- C:\Windows\System\kpynjty.exe
  C:\Windows\System\kpynjty.exe
  2⤵
  PID:7080
- C:\Windows\System\WAPHCGC.exe
  C:\Windows\System\WAPHCGC.exe
  2⤵
  PID:7124
- C:\Windows\System\kPkKHZs.exe
  C:\Windows\System\kPkKHZs.exe
  2⤵
  PID:7160
- C:\Windows\System\NfSGuuA.exe
  C:\Windows\System\NfSGuuA.exe
  2⤵
  PID:6016
- C:\Windows\System\fovadrR.exe
  C:\Windows\System\fovadrR.exe
  2⤵
  PID:6060
- C:\Windows\System\cORUEDP.exe
  C:\Windows\System\cORUEDP.exe
  2⤵
  PID:5624
- C:\Windows\System\HPYIVjA.exe
  C:\Windows\System\HPYIVjA.exe
  2⤵
  PID:4240
- C:\Windows\System\zxDaUov.exe
  C:\Windows\System\zxDaUov.exe
  2⤵
  PID:1116
- C:\Windows\System\hqqOQve.exe
  C:\Windows\System\hqqOQve.exe
  2⤵
  PID:5176
- C:\Windows\System\FLudxzu.exe
  C:\Windows\System\FLudxzu.exe
  2⤵
  PID:6232
- C:\Windows\System\JyiROcl.exe
  C:\Windows\System\JyiROcl.exe
  2⤵
  PID:6400
- C:\Windows\System\WViEZrZ.exe
  C:\Windows\System\WViEZrZ.exe
  2⤵
  PID:5416
- C:\Windows\System\GsXfKcP.exe
  C:\Windows\System\GsXfKcP.exe
  2⤵
  PID:7236
- C:\Windows\System\khJDojZ.exe
  C:\Windows\System\khJDojZ.exe
  2⤵
  PID:7192
- C:\Windows\System\THwfbmi.exe
  C:\Windows\System\THwfbmi.exe
  2⤵
  PID:7304
- C:\Windows\System\ktIAhIA.exe
  C:\Windows\System\ktIAhIA.exe
  2⤵
  PID:8036
- C:\Windows\System\gGbdmfZ.exe
  C:\Windows\System\gGbdmfZ.exe
  2⤵
  PID:8080
- C:\Windows\System\IvkyAtt.exe
  C:\Windows\System\IvkyAtt.exe
  2⤵
  PID:8120
- C:\Windows\System\MYfibtJ.exe
  C:\Windows\System\MYfibtJ.exe
  2⤵
  PID:1904
- C:\Windows\System\FcvJcgR.exe
  C:\Windows\System\FcvJcgR.exe
  2⤵
  PID:7496
- C:\Windows\System\vRvJanX.exe
  C:\Windows\System\vRvJanX.exe
  2⤵
  PID:7516
- C:\Windows\System\NiPvJdL.exe
  C:\Windows\System\NiPvJdL.exe
  2⤵
  PID:7556
- C:\Windows\System\IBWIaki.exe
  C:\Windows\System\IBWIaki.exe
  2⤵
  PID:7584
- C:\Windows\System\kALXloL.exe
  C:\Windows\System\kALXloL.exe
  2⤵
  PID:7636
- C:\Windows\System\xwoRBRx.exe
  C:\Windows\System\xwoRBRx.exe
  2⤵
  PID:7688
- C:\Windows\System\fIDIsHi.exe
  C:\Windows\System\fIDIsHi.exe
  2⤵
  PID:7748
- C:\Windows\System\bMHLVli.exe
  C:\Windows\System\bMHLVli.exe
  2⤵
  PID:7812
- C:\Windows\System\VIuHwse.exe
  C:\Windows\System\VIuHwse.exe
  2⤵
  PID:7844
- C:\Windows\System\jCJtXJl.exe
  C:\Windows\System\jCJtXJl.exe
  2⤵
  PID:8528
- C:\Windows\System\RSImzti.exe
  C:\Windows\System\RSImzti.exe
  2⤵
  PID:8592
- C:\Windows\System\XXVcXOy.exe
  C:\Windows\System\XXVcXOy.exe
  2⤵
  PID:8696
- C:\Windows\System\PPTfzCV.exe
  C:\Windows\System\PPTfzCV.exe
  2⤵
  PID:8756
- C:\Windows\System\Bnphrpw.exe
  C:\Windows\System\Bnphrpw.exe
  2⤵
  PID:9224
- C:\Windows\System\oDPvUPx.exe
  C:\Windows\System\oDPvUPx.exe
  2⤵
  PID:9240
- C:\Windows\System\BtlIkbC.exe
  C:\Windows\System\BtlIkbC.exe
  2⤵
  PID:9260
- C:\Windows\System\ZXKnxnt.exe
  C:\Windows\System\ZXKnxnt.exe
  2⤵
  PID:9284
- C:\Windows\System\eLGplDC.exe
  C:\Windows\System\eLGplDC.exe
  2⤵
  PID:9300
- C:\Windows\System\dvtZTYk.exe
  C:\Windows\System\dvtZTYk.exe
  2⤵
  PID:9332
- C:\Windows\System\iSaJnWI.exe
  C:\Windows\System\iSaJnWI.exe
  2⤵
  PID:9356
- C:\Windows\System\YMLpCNJ.exe
  C:\Windows\System\YMLpCNJ.exe
  2⤵
  PID:9376
- C:\Windows\System\DCBMVkZ.exe
  C:\Windows\System\DCBMVkZ.exe
  2⤵
  PID:9392
- C:\Windows\System\ozzsxHR.exe
  C:\Windows\System\ozzsxHR.exe
  2⤵
  PID:9416
- C:\Windows\System\mVsGeTt.exe
  C:\Windows\System\mVsGeTt.exe
  2⤵
  PID:9748
- C:\Windows\System\jYWixBp.exe
  C:\Windows\System\jYWixBp.exe
  2⤵
  PID:9772
- C:\Windows\System\UbbQygQ.exe
  C:\Windows\System\UbbQygQ.exe
  2⤵
  PID:9792
- C:\Windows\System\HcsmnhI.exe
  C:\Windows\System\HcsmnhI.exe
  2⤵
  PID:9812
- C:\Windows\System\XnqIwGW.exe
  C:\Windows\System\XnqIwGW.exe
  2⤵
  PID:9828
- C:\Windows\System\mFUVxJf.exe
  C:\Windows\System\mFUVxJf.exe
  2⤵
  PID:9848
- C:\Windows\System\VKROtTn.exe
  C:\Windows\System\VKROtTn.exe
  2⤵
  PID:9872
- C:\Windows\System\YnnCDdi.exe
  C:\Windows\System\YnnCDdi.exe
  2⤵
  PID:9892
- C:\Windows\System\MpSIRwp.exe
  C:\Windows\System\MpSIRwp.exe
  2⤵
  PID:9912
- C:\Windows\System\NSCmAiC.exe
  C:\Windows\System\NSCmAiC.exe
  2⤵
  PID:10024
- C:\Windows\System\yRarQJo.exe
  C:\Windows\System\yRarQJo.exe
  2⤵
  PID:10048
- C:\Windows\System\iBNeeZJ.exe
  C:\Windows\System\iBNeeZJ.exe
  2⤵
  PID:10072
- C:\Windows\System\fSFEuFu.exe
  C:\Windows\System\fSFEuFu.exe
  2⤵
  PID:10092
- C:\Windows\System\CaLlLFR.exe
  C:\Windows\System\CaLlLFR.exe
  2⤵
  PID:10112
- C:\Windows\System\UAWrMUr.exe
  C:\Windows\System\UAWrMUr.exe
  2⤵
  PID:10144
- C:\Windows\System\wMnwlUH.exe
  C:\Windows\System\wMnwlUH.exe
  2⤵
  PID:10160
- C:\Windows\System\GsCAFGO.exe
  C:\Windows\System\GsCAFGO.exe
  2⤵
  PID:10184
- C:\Windows\System\QeEudOI.exe
  C:\Windows\System\QeEudOI.exe
  2⤵
  PID:10208
- C:\Windows\System\OpXILus.exe
  C:\Windows\System\OpXILus.exe
  2⤵
  PID:10232
- C:\Windows\System\syCeNNp.exe
  C:\Windows\System\syCeNNp.exe
  2⤵
  PID:8836
- C:\Windows\System\rKrbqnA.exe
  C:\Windows\System\rKrbqnA.exe
  2⤵
  PID:8920
- C:\Windows\System\oQYhrFd.exe
  C:\Windows\System\oQYhrFd.exe
  2⤵
  PID:3424
- C:\Windows\System\RZMYPZg.exe
  C:\Windows\System\RZMYPZg.exe
  2⤵
  PID:8144
- C:\Windows\System\ewXXDSQ.exe
  C:\Windows\System\ewXXDSQ.exe
  2⤵
  PID:6908
- C:\Windows\System\NSmGFEd.exe
  C:\Windows\System\NSmGFEd.exe
  2⤵
  PID:7856
- C:\Windows\System\YAleiir.exe
  C:\Windows\System\YAleiir.exe
  2⤵
  PID:8860
- C:\Windows\System\vQfCESz.exe
  C:\Windows\System\vQfCESz.exe
  2⤵
  PID:7948
- C:\Windows\System\NLDJNTv.exe
  C:\Windows\System\NLDJNTv.exe
  2⤵
  PID:8028
- C:\Windows\System\qhmpOje.exe
  C:\Windows\System\qhmpOje.exe
  2⤵
  PID:8100
- C:\Windows\System\gpJGKrC.exe
  C:\Windows\System\gpJGKrC.exe
  2⤵
  PID:4716
- C:\Windows\System\deoFZEk.exe
  C:\Windows\System\deoFZEk.exe
  2⤵
  PID:6324
- C:\Windows\System\pxwRozj.exe
  C:\Windows\System\pxwRozj.exe
  2⤵
  PID:3676
- C:\Windows\System\LyAwadr.exe
  C:\Windows\System\LyAwadr.exe
  2⤵
  PID:9140
- C:\Windows\System\ZejrjcT.exe
  C:\Windows\System\ZejrjcT.exe
  2⤵
  PID:8208
- C:\Windows\System\bpiJACY.exe
  C:\Windows\System\bpiJACY.exe
  2⤵
  PID:8256
- C:\Windows\System\mZZUHWa.exe
  C:\Windows\System\mZZUHWa.exe
  2⤵
  PID:8340
- C:\Windows\System\hMlpSGi.exe
  C:\Windows\System\hMlpSGi.exe
  2⤵
  PID:8368
- C:\Windows\System\WMUxnTR.exe
  C:\Windows\System\WMUxnTR.exe
  2⤵
  PID:8404
- C:\Windows\System\EaJmJpI.exe
  C:\Windows\System\EaJmJpI.exe
  2⤵
  PID:8580
- C:\Windows\System\CcsYkQP.exe
  C:\Windows\System\CcsYkQP.exe
  2⤵
  PID:8656
- C:\Windows\System\ZUiwxAf.exe
  C:\Windows\System\ZUiwxAf.exe
  2⤵
  PID:8800
- C:\Windows\System\VEDMVuW.exe
  C:\Windows\System\VEDMVuW.exe
  2⤵
  PID:8936
- C:\Windows\System\FRuNzxv.exe
  C:\Windows\System\FRuNzxv.exe
  2⤵
  PID:9400
- C:\Windows\System\itUyvNN.exe
  C:\Windows\System\itUyvNN.exe
  2⤵
  PID:9048
- C:\Windows\System\MJURdvu.exe
  C:\Windows\System\MJURdvu.exe
  2⤵
  PID:9116
- C:\Windows\System\GbfywEl.exe
  C:\Windows\System\GbfywEl.exe
  2⤵
  PID:9068
- C:\Windows\System\nzBPcwj.exe
  C:\Windows\System\nzBPcwj.exe
  2⤵
  PID:9164
- C:\Windows\System\JzMAaiW.exe
  C:\Windows\System\JzMAaiW.exe
  2⤵
  PID:6720
- C:\Windows\System\qyftOcy.exe
  C:\Windows\System\qyftOcy.exe
  2⤵
  PID:10252
- C:\Windows\System\yOyEklK.exe
  C:\Windows\System\yOyEklK.exe
  2⤵
  PID:10272
- C:\Windows\System\BqymiJb.exe
  C:\Windows\System\BqymiJb.exe
  2⤵
  PID:10296
- C:\Windows\System\SOoIafV.exe
  C:\Windows\System\SOoIafV.exe
  2⤵
  PID:10320
- C:\Windows\System\TdWcNiq.exe
  C:\Windows\System\TdWcNiq.exe
  2⤵
  PID:10336
- C:\Windows\System\QiKFTfK.exe
  C:\Windows\System\QiKFTfK.exe
  2⤵
  PID:10360
- C:\Windows\System\qxxUIAt.exe
  C:\Windows\System\qxxUIAt.exe
  2⤵
  PID:10380
- C:\Windows\System\WrHRxZA.exe
  C:\Windows\System\WrHRxZA.exe
  2⤵
  PID:10408
- C:\Windows\System\QEWRRnk.exe
  C:\Windows\System\QEWRRnk.exe
  2⤵
  PID:10424
- C:\Windows\System\fJZvkZa.exe
  C:\Windows\System\fJZvkZa.exe
  2⤵
  PID:10440
- C:\Windows\System\fyFMdWj.exe
  C:\Windows\System\fyFMdWj.exe
  2⤵
  PID:10456
- C:\Windows\System\uSFEcae.exe
  C:\Windows\System\uSFEcae.exe
  2⤵
  PID:10480
- C:\Windows\System\CkAdGyC.exe
  C:\Windows\System\CkAdGyC.exe
  2⤵
  PID:10496
- C:\Windows\System\CEEmapJ.exe
  C:\Windows\System\CEEmapJ.exe
  2⤵
  PID:10552
- C:\Windows\System\ZCOTMfk.exe
  C:\Windows\System\ZCOTMfk.exe
  2⤵
  PID:10568
- C:\Windows\System\YklTyIK.exe
  C:\Windows\System\YklTyIK.exe
  2⤵
  PID:10584
- C:\Windows\System\zwAgqXO.exe
  C:\Windows\System\zwAgqXO.exe
  2⤵
  PID:10656
- C:\Windows\System\TweZZyO.exe
  C:\Windows\System\TweZZyO.exe
  2⤵
  PID:10696
- C:\Windows\System\PFIrkYL.exe
  C:\Windows\System\PFIrkYL.exe
  2⤵
  PID:10720
- C:\Windows\System\VjMowcG.exe
  C:\Windows\System\VjMowcG.exe
  2⤵
  PID:10756
- C:\Windows\System\spvMSMA.exe
  C:\Windows\System\spvMSMA.exe
  2⤵
  PID:10772
- C:\Windows\System\IjORTPi.exe
  C:\Windows\System\IjORTPi.exe
  2⤵
  PID:10856
- C:\Windows\System\YAJaoVx.exe
  C:\Windows\System\YAJaoVx.exe
  2⤵
  PID:10872
- C:\Windows\System\ZlPOTfS.exe
  C:\Windows\System\ZlPOTfS.exe
  2⤵
  PID:10896
- C:\Windows\System\fZUqNEU.exe
  C:\Windows\System\fZUqNEU.exe
  2⤵
  PID:10924
- C:\Windows\System\TLPjwVt.exe
  C:\Windows\System\TLPjwVt.exe
  2⤵
  PID:10940
- C:\Windows\System\UAbvuHg.exe
  C:\Windows\System\UAbvuHg.exe
  2⤵
  PID:10956
- C:\Windows\System\WOLLQYm.exe
  C:\Windows\System\WOLLQYm.exe
  2⤵
  PID:10972
- C:\Windows\System\gglYLBT.exe
  C:\Windows\System\gglYLBT.exe
  2⤵
  PID:10988
- C:\Windows\System\KtDsJJs.exe
  C:\Windows\System\KtDsJJs.exe
  2⤵
  PID:11004
- C:\Windows\System\XASeWAZ.exe
  C:\Windows\System\XASeWAZ.exe
  2⤵
  PID:11028
- C:\Windows\System\yVPUjDT.exe
  C:\Windows\System\yVPUjDT.exe
  2⤵
  PID:11044
- C:\Windows\System\LYXpSfd.exe
  C:\Windows\System\LYXpSfd.exe
  2⤵
  PID:11060
- C:\Windows\System\RTHPCPI.exe
  C:\Windows\System\RTHPCPI.exe
  2⤵
  PID:11076
- C:\Windows\System\iqxHhQQ.exe
  C:\Windows\System\iqxHhQQ.exe
  2⤵
  PID:11092
- C:\Windows\System\jaSVycN.exe
  C:\Windows\System\jaSVycN.exe
  2⤵
  PID:11116
- C:\Windows\System\qCMkvhB.exe
  C:\Windows\System\qCMkvhB.exe
  2⤵
  PID:11140
- C:\Windows\System\guligRd.exe
  C:\Windows\System\guligRd.exe
  2⤵
  PID:11168
- C:\Windows\System\WhKesDU.exe
  C:\Windows\System\WhKesDU.exe
  2⤵
  PID:11184
- C:\Windows\System\CxMSXdG.exe
  C:\Windows\System\CxMSXdG.exe
  2⤵
  PID:11204
- C:\Windows\System\GBbDPdc.exe
  C:\Windows\System\GBbDPdc.exe
  2⤵
  PID:11228
- C:\Windows\System\RrqYhpV.exe
  C:\Windows\System\RrqYhpV.exe
  2⤵
  PID:11256
- C:\Windows\System\odVEmJU.exe
  C:\Windows\System\odVEmJU.exe
  2⤵
  PID:3772
- C:\Windows\System\cgRGpIN.exe
  C:\Windows\System\cgRGpIN.exe
  2⤵
  PID:6924
- C:\Windows\System\GargOHf.exe
  C:\Windows\System\GargOHf.exe
  2⤵
  PID:1008
- C:\Windows\System\oNNbUfu.exe
  C:\Windows\System\oNNbUfu.exe
  2⤵
  PID:5564
- C:\Windows\System\DHFKnAE.exe
  C:\Windows\System\DHFKnAE.exe
  2⤵
  PID:5996
- C:\Windows\System\Gllvzoo.exe
  C:\Windows\System\Gllvzoo.exe
  2⤵
  PID:6112
- C:\Windows\System\PORpGZm.exe
  C:\Windows\System\PORpGZm.exe
  2⤵
  PID:5128
- C:\Windows\System\NSemvqY.exe
  C:\Windows\System\NSemvqY.exe
  2⤵
  PID:7172
- C:\Windows\System\tsENBYY.exe
  C:\Windows\System\tsENBYY.exe
  2⤵
  PID:7232
- C:\Windows\System\SQoSLLd.exe
  C:\Windows\System\SQoSLLd.exe
  2⤵
  PID:7972
- C:\Windows\System\oTzDzZB.exe
  C:\Windows\System\oTzDzZB.exe
  2⤵
  PID:8116
- C:\Windows\System\ggzsRsf.exe
  C:\Windows\System\ggzsRsf.exe
  2⤵
  PID:8248
- C:\Windows\System\veHtFyB.exe
  C:\Windows\System\veHtFyB.exe
  2⤵
  PID:7568
- C:\Windows\System\RPwZPkB.exe
  C:\Windows\System\RPwZPkB.exe
  2⤵
  PID:7632
- C:\Windows\System\lUgvzBH.exe
  C:\Windows\System\lUgvzBH.exe
  2⤵
  PID:7780
- C:\Windows\System\dHVaQob.exe
  C:\Windows\System\dHVaQob.exe
  2⤵
  PID:8496
- C:\Windows\System\XDmxOzb.exe
  C:\Windows\System\XDmxOzb.exe
  2⤵
  PID:8668
- C:\Windows\System\udHmZzt.exe
  C:\Windows\System\udHmZzt.exe
  2⤵
  PID:8772
- C:\Windows\System\SqqBnmz.exe
  C:\Windows\System\SqqBnmz.exe
  2⤵
  PID:9252
- C:\Windows\System\YmfzNGI.exe
  C:\Windows\System\YmfzNGI.exe
  2⤵
  PID:9292
- C:\Windows\System\sKRTkdm.exe
  C:\Windows\System\sKRTkdm.exe
  2⤵
  PID:9628
- C:\Windows\System\vAXXGNy.exe
  C:\Windows\System\vAXXGNy.exe
  2⤵
  PID:9372
- C:\Windows\System\mFCMwgs.exe
  C:\Windows\System\mFCMwgs.exe
  2⤵
  PID:7964
- C:\Windows\System\XibrOxC.exe
  C:\Windows\System\XibrOxC.exe
  2⤵
  PID:6172
- C:\Windows\System\vJkPUNu.exe
  C:\Windows\System\vJkPUNu.exe
  2⤵
  PID:6704
- C:\Windows\System\iiAzKvh.exe
  C:\Windows\System\iiAzKvh.exe
  2⤵
  PID:9880
- C:\Windows\System\lBznxxp.exe
  C:\Windows\System\lBznxxp.exe
  2⤵
  PID:4924
- C:\Windows\System\MWNkpLB.exe
  C:\Windows\System\MWNkpLB.exe
  2⤵
  PID:11276
- C:\Windows\System\JDhdtFg.exe
  C:\Windows\System\JDhdtFg.exe
  2⤵
  PID:11300
- C:\Windows\System\BdpWkrA.exe
  C:\Windows\System\BdpWkrA.exe
  2⤵
  PID:11328
- C:\Windows\System\ynfONtk.exe
  C:\Windows\System\ynfONtk.exe
  2⤵
  PID:11348
- C:\Windows\System\xdaLyTO.exe
  C:\Windows\System\xdaLyTO.exe
  2⤵
  PID:11364
- C:\Windows\System\UqVDhZM.exe
  C:\Windows\System\UqVDhZM.exe
  2⤵
  PID:11380
- C:\Windows\System\UxtAdDP.exe
  C:\Windows\System\UxtAdDP.exe
  2⤵
  PID:11396
- C:\Windows\System\CongrbP.exe
  C:\Windows\System\CongrbP.exe
  2⤵
  PID:11412
- C:\Windows\System\TEBjXep.exe
  C:\Windows\System\TEBjXep.exe
  2⤵
  PID:11440
- C:\Windows\System\lnQgQko.exe
  C:\Windows\System\lnQgQko.exe
  2⤵
  PID:11468
- C:\Windows\System\mMMtmAq.exe
  C:\Windows\System\mMMtmAq.exe
  2⤵
  PID:11484
- C:\Windows\System\OSrnXCE.exe
  C:\Windows\System\OSrnXCE.exe
  2⤵
  PID:11504
- C:\Windows\System\LjPwPbb.exe
  C:\Windows\System\LjPwPbb.exe
  2⤵
  PID:11528
- C:\Windows\System\vtWtwYh.exe
  C:\Windows\System\vtWtwYh.exe
  2⤵
  PID:11552
- C:\Windows\System\zDbuaqC.exe
  C:\Windows\System\zDbuaqC.exe
  2⤵
  PID:11608
- C:\Windows\System\GpejvGR.exe
  C:\Windows\System\GpejvGR.exe
  2⤵
  PID:11624
- C:\Windows\System\xgXKBzk.exe
  C:\Windows\System\xgXKBzk.exe
  2⤵
  PID:11644
- C:\Windows\System\CPdPdQo.exe
  C:\Windows\System\CPdPdQo.exe
  2⤵
  PID:11668
- C:\Windows\System\KVMYEdm.exe
  C:\Windows\System\KVMYEdm.exe
  2⤵
  PID:11692
- C:\Windows\System\UdZFiSp.exe
  C:\Windows\System\UdZFiSp.exe
  2⤵
  PID:11716
- C:\Windows\System\hnSyiZP.exe
  C:\Windows\System\hnSyiZP.exe
  2⤵
  PID:11732
- C:\Windows\System\GJKTvlT.exe
  C:\Windows\System\GJKTvlT.exe
  2⤵
  PID:11760
- C:\Windows\System\KsdumdJ.exe
  C:\Windows\System\KsdumdJ.exe
  2⤵
  PID:11776
- C:\Windows\System\dVbAaQj.exe
  C:\Windows\System\dVbAaQj.exe
  2⤵
  PID:11800
- C:\Windows\System\NsSRANA.exe
  C:\Windows\System\NsSRANA.exe
  2⤵
  PID:11820
- C:\Windows\System\lPOSsDd.exe
  C:\Windows\System\lPOSsDd.exe
  2⤵
  PID:11836
- C:\Windows\System\wNFDlKj.exe
  C:\Windows\System\wNFDlKj.exe
  2⤵
  PID:11856
- C:\Windows\System\DJIKsGC.exe
  C:\Windows\System\DJIKsGC.exe
  2⤵
  PID:11880
- C:\Windows\System\ffzGtDI.exe
  C:\Windows\System\ffzGtDI.exe
  2⤵
  PID:11896
- C:\Windows\System\yiUJquh.exe
  C:\Windows\System\yiUJquh.exe
  2⤵
  PID:11920
- C:\Windows\System\ofeRMdK.exe
  C:\Windows\System\ofeRMdK.exe
  2⤵
  PID:11940
- C:\Windows\System\OTTBjTa.exe
  C:\Windows\System\OTTBjTa.exe
  2⤵
  PID:11960
- C:\Windows\System\oHKztsz.exe
  C:\Windows\System\oHKztsz.exe
  2⤵
  PID:11980
- C:\Windows\System\YtYVizG.exe
  C:\Windows\System\YtYVizG.exe
  2⤵
  PID:12000
- C:\Windows\System\MIXMlqT.exe
  C:\Windows\System\MIXMlqT.exe
  2⤵
  PID:12024
- C:\Windows\System\NJvuOwE.exe
  C:\Windows\System\NJvuOwE.exe
  2⤵
  PID:12048
- C:\Windows\System\dIAtSBH.exe
  C:\Windows\System\dIAtSBH.exe
  2⤵
  PID:12068
- C:\Windows\System\ehlueNI.exe
  C:\Windows\System\ehlueNI.exe
  2⤵
  PID:12096
- C:\Windows\System\GZbZbvE.exe
  C:\Windows\System\GZbZbvE.exe
  2⤵
  PID:12116
- C:\Windows\System\mNhjxoQ.exe
  C:\Windows\System\mNhjxoQ.exe
  2⤵
  PID:12140
- C:\Windows\System\nGSFbWw.exe
  C:\Windows\System\nGSFbWw.exe
  2⤵
  PID:12164
- C:\Windows\System\trCvliF.exe
  C:\Windows\System\trCvliF.exe
  2⤵
  PID:12184
- C:\Windows\System\MMnQIIt.exe
  C:\Windows\System\MMnQIIt.exe
  2⤵
  PID:12204
- C:\Windows\System\xjKrDDD.exe
  C:\Windows\System\xjKrDDD.exe
  2⤵
  PID:12228
- C:\Windows\System\qwesjrF.exe
  C:\Windows\System\qwesjrF.exe
  2⤵
  PID:12252
- C:\Windows\System\fmvBdKB.exe
  C:\Windows\System\fmvBdKB.exe
  2⤵
  PID:12276
- C:\Windows\System\kYPFbWF.exe
  C:\Windows\System\kYPFbWF.exe
  2⤵
  PID:9612
- C:\Windows\System\skfYcVg.exe
  C:\Windows\System\skfYcVg.exe
  2⤵
  PID:9664
- C:\Windows\System\EcNDoTE.exe
  C:\Windows\System\EcNDoTE.exe
  2⤵
  PID:9204
- C:\Windows\System\kSJUGoT.exe
  C:\Windows\System\kSJUGoT.exe
  2⤵
  PID:6872
- C:\Windows\System\ccXNwIm.exe
  C:\Windows\System\ccXNwIm.exe
  2⤵
  PID:8352
- C:\Windows\System\QYJiiHN.exe
  C:\Windows\System\QYJiiHN.exe
  2⤵
  PID:9764
- C:\Windows\System\ysJfyCj.exe
  C:\Windows\System\ysJfyCj.exe
  2⤵
  PID:9840
- C:\Windows\System\ePkEZZm.exe
  C:\Windows\System\ePkEZZm.exe
  2⤵
  PID:9904
- C:\Windows\System\pMzTrPK.exe
  C:\Windows\System\pMzTrPK.exe
  2⤵
  PID:556
- C:\Windows\System\DFTJvmi.exe
  C:\Windows\System\DFTJvmi.exe
  2⤵
  PID:3536
- C:\Windows\System\omSUSid.exe
  C:\Windows\System\omSUSid.exe
  2⤵
  PID:10952
- C:\Windows\System\DCFzpdb.exe
  C:\Windows\System\DCFzpdb.exe
  2⤵
  PID:11012
- C:\Windows\System\CjgaNhu.exe
  C:\Windows\System\CjgaNhu.exe
  2⤵
  PID:11224
- C:\Windows\System\GDBoWGr.exe
  C:\Windows\System\GDBoWGr.exe
  2⤵
  PID:7140
- C:\Windows\System\lUGGrSG.exe
  C:\Windows\System\lUGGrSG.exe
  2⤵
  PID:8716
- C:\Windows\System\xRZyQtA.exe
  C:\Windows\System\xRZyQtA.exe
  2⤵
  PID:12292
- C:\Windows\System\MzMnSOr.exe
  C:\Windows\System\MzMnSOr.exe
  2⤵
  PID:12328
- C:\Windows\System\fzLWYNs.exe
  C:\Windows\System\fzLWYNs.exe
  2⤵
  PID:12348
- C:\Windows\System\LuggLUO.exe
  C:\Windows\System\LuggLUO.exe
  2⤵
  PID:12364
- C:\Windows\System\nhhbPwd.exe
  C:\Windows\System\nhhbPwd.exe
  2⤵
  PID:12388
- C:\Windows\System\pmVKudX.exe
  C:\Windows\System\pmVKudX.exe
  2⤵
  PID:12408
- C:\Windows\System\iqsKjex.exe
  C:\Windows\System\iqsKjex.exe
  2⤵
  PID:12432
- C:\Windows\System\tDNieVy.exe
  C:\Windows\System\tDNieVy.exe
  2⤵
  PID:12452
- C:\Windows\System\yZAwSYE.exe
  C:\Windows\System\yZAwSYE.exe
  2⤵
  PID:12468
- C:\Windows\System\OVIBmZE.exe
  C:\Windows\System\OVIBmZE.exe
  2⤵
  PID:12484
- C:\Windows\System\XysafzU.exe
  C:\Windows\System\XysafzU.exe
  2⤵
  PID:12500
- C:\Windows\System\vdtugKU.exe
  C:\Windows\System\vdtugKU.exe
  2⤵
  PID:12516
- C:\Windows\System\PHVWBrn.exe
  C:\Windows\System\PHVWBrn.exe
  2⤵
  PID:12532
- C:\Windows\System\odtusgP.exe
  C:\Windows\System\odtusgP.exe
  2⤵
  PID:12552
- C:\Windows\System\URBQEHz.exe
  C:\Windows\System\URBQEHz.exe
  2⤵
  PID:12576
- C:\Windows\System\YsThTFI.exe
  C:\Windows\System\YsThTFI.exe
  2⤵
  PID:12600
- C:\Windows\System\EnSSrgP.exe
  C:\Windows\System\EnSSrgP.exe
  2⤵
  PID:12624
- C:\Windows\System\zCBmpaT.exe
  C:\Windows\System\zCBmpaT.exe
  2⤵
  PID:12644
- C:\Windows\System\wrDhWPu.exe
  C:\Windows\System\wrDhWPu.exe
  2⤵
  PID:12664
- C:\Windows\System\MWrQYZr.exe
  C:\Windows\System\MWrQYZr.exe
  2⤵
  PID:12684
- C:\Windows\System\jZIkpqp.exe
  C:\Windows\System\jZIkpqp.exe
  2⤵
  PID:12708
- C:\Windows\System\QzYypLF.exe
  C:\Windows\System\QzYypLF.exe
  2⤵
  PID:12724
- C:\Windows\System\MxPmYqQ.exe
  C:\Windows\System\MxPmYqQ.exe
  2⤵
  PID:12740
- C:\Windows\System\txmZwFx.exe
  C:\Windows\System\txmZwFx.exe
  2⤵
  PID:12764
- C:\Windows\System\NUnJzMH.exe
  C:\Windows\System\NUnJzMH.exe
  2⤵
  PID:12788
- C:\Windows\System\sNSNgwt.exe
  C:\Windows\System\sNSNgwt.exe
  2⤵
  PID:12812
- C:\Windows\System\XzePDcq.exe
  C:\Windows\System\XzePDcq.exe
  2⤵
  PID:12836
- C:\Windows\System\OApHHqW.exe
  C:\Windows\System\OApHHqW.exe
  2⤵
  PID:12852
- C:\Windows\System\Bbizfvn.exe
  C:\Windows\System\Bbizfvn.exe
  2⤵
  PID:12876
- C:\Windows\System\PrAwZJS.exe
  C:\Windows\System\PrAwZJS.exe
  2⤵
  PID:12900
- C:\Windows\System\KNUxqoY.exe
  C:\Windows\System\KNUxqoY.exe
  2⤵
  PID:12920
- C:\Windows\System\FwtwUMo.exe
  C:\Windows\System\FwtwUMo.exe
  2⤵
  PID:12940
- C:\Windows\System\LohaBld.exe
  C:\Windows\System\LohaBld.exe
  2⤵
  PID:12964
- C:\Windows\System\rPSafFN.exe
  C:\Windows\System\rPSafFN.exe
  2⤵
  PID:12988
- C:\Windows\System\TuzZxZr.exe
  C:\Windows\System\TuzZxZr.exe
  2⤵
  PID:13012
- C:\Windows\System\WhyhoZO.exe
  C:\Windows\System\WhyhoZO.exe
  2⤵
  PID:13028
- C:\Windows\System\aqWNcxJ.exe
  C:\Windows\System\aqWNcxJ.exe
  2⤵
  PID:13048
- C:\Windows\System\SeUSSWk.exe
  C:\Windows\System\SeUSSWk.exe
  2⤵
  PID:13064
- C:\Windows\System\DEYtium.exe
  C:\Windows\System\DEYtium.exe
  2⤵
  PID:13080
- C:\Windows\System\LIDmONF.exe
  C:\Windows\System\LIDmONF.exe
  2⤵
  PID:13096
- C:\Windows\System\MrGsRIh.exe
  C:\Windows\System\MrGsRIh.exe
  2⤵
  PID:13116
- C:\Windows\System\PzYNVpU.exe
  C:\Windows\System\PzYNVpU.exe
  2⤵
  PID:13132
- C:\Windows\System\bmsNGtJ.exe
  C:\Windows\System\bmsNGtJ.exe
  2⤵
  PID:13152
- C:\Windows\System\AyihWaT.exe
  C:\Windows\System\AyihWaT.exe
  2⤵
  PID:13168
- C:\Windows\System\tsXWsqM.exe
  C:\Windows\System\tsXWsqM.exe
  2⤵
  PID:13196
- C:\Windows\System\moyFkYd.exe
  C:\Windows\System\moyFkYd.exe
  2⤵
  PID:13216
- C:\Windows\System\XEmChbl.exe
  C:\Windows\System\XEmChbl.exe
  2⤵
  PID:13240
- C:\Windows\System\xqfiJTV.exe
  C:\Windows\System\xqfiJTV.exe
  2⤵
  PID:11192
- C:\Windows\System\dlnnYWY.exe
  C:\Windows\System\dlnnYWY.exe
  2⤵
  PID:11244
- C:\Windows\System\gfddyGi.exe
  C:\Windows\System\gfddyGi.exe
  2⤵
  PID:9736
- C:\Windows\System\cJUuqjw.exe
  C:\Windows\System\cJUuqjw.exe
  2⤵
  PID:9940
- C:\Windows\System\zVFprIE.exe
  C:\Windows\System\zVFprIE.exe
  2⤵
  PID:8296
- C:\Windows\System\InWtVXF.exe
  C:\Windows\System\InWtVXF.exe
  2⤵
  PID:11072
- C:\Windows\System\bjKQdqD.exe
  C:\Windows\System\bjKQdqD.exe
  2⤵
  PID:9856
- C:\Windows\System\BFOOUYZ.exe
  C:\Windows\System\BFOOUYZ.exe
  2⤵
  PID:9316
- C:\Windows\System\tdGtmgi.exe
  C:\Windows\System\tdGtmgi.exe
  2⤵
  PID:10220
- C:\Windows\System\sIweKUA.exe
  C:\Windows\System\sIweKUA.exe
  2⤵
  PID:12152
- C:\Windows\System\CqwuNzu.exe
  C:\Windows\System\CqwuNzu.exe
  2⤵
  PID:12104
- C:\Windows\System\QmMOTZc.exe
  C:\Windows\System\QmMOTZc.exe
  2⤵
  PID:9556
- C:\Windows\System\Hmnjwqa.exe
  C:\Windows\System\Hmnjwqa.exe
  2⤵
  PID:12528
- C:\Windows\System\qMmsXaI.exe
  C:\Windows\System\qMmsXaI.exe
  2⤵
  PID:12700
- C:\Windows\System\ksKTEjF.exe
  C:\Windows\System\ksKTEjF.exe
  2⤵
  PID:12736
- C:\Windows\System\MAXEhEU.exe
  C:\Windows\System\MAXEhEU.exe
  2⤵
  PID:12780
- C:\Windows\System\qVPuHzl.exe
  C:\Windows\System\qVPuHzl.exe
  2⤵
  PID:12808
- C:\Windows\System\SJmdDPU.exe
  C:\Windows\System\SJmdDPU.exe
  2⤵
  PID:8684
- C:\Windows\System\txjlhoF.exe
  C:\Windows\System\txjlhoF.exe
  2⤵
  PID:400
- C:\Windows\System\SxPWAYa.exe
  C:\Windows\System\SxPWAYa.exe
  2⤵
  PID:10280
- C:\Windows\System\kDRHDjc.exe
  C:\Windows\System\kDRHDjc.exe
  2⤵
  PID:760
- C:\Windows\System\nHNMiun.exe
  C:\Windows\System\nHNMiun.exe
  2⤵
  PID:5840
- C:\Windows\System\BqwZFsZ.exe
  C:\Windows\System\BqwZFsZ.exe
  2⤵
  PID:10104
- C:\Windows\System\RCpVKha.exe
  C:\Windows\System\RCpVKha.exe
  2⤵
  PID:10616
- C:\Windows\System\heicUvK.exe
  C:\Windows\System\heicUvK.exe
  2⤵
  PID:10132
- C:\Windows\System\sywSFmk.exe
  C:\Windows\System\sywSFmk.exe
  2⤵
  PID:10200
- C:\Windows\System\AyVdNyq.exe
  C:\Windows\System\AyVdNyq.exe
  2⤵
  PID:8612
- C:\Windows\System\rkpSAan.exe
  C:\Windows\System\rkpSAan.exe
  2⤵
  PID:4436
- C:\Windows\System\pVTCuFH.exe
  C:\Windows\System\pVTCuFH.exe
  2⤵
  PID:9308
- C:\Windows\System\Kfehqtg.exe
  C:\Windows\System\Kfehqtg.exe
  2⤵
  PID:11936
- C:\Windows\System\NvRCItK.exe
  C:\Windows\System\NvRCItK.exe
  2⤵
  PID:13184
- C:\Windows\System\ixOrPxe.exe
  C:\Windows\System\ixOrPxe.exe
  2⤵
  PID:11520
- C:\Windows\System\ceqBijr.exe
  C:\Windows\System\ceqBijr.exe
  2⤵
  PID:11340
- C:\Windows\System\XSXhOBU.exe
  C:\Windows\System\XSXhOBU.exe
  2⤵
  PID:10088
- C:\Windows\System\SWOejTt.exe
  C:\Windows\System\SWOejTt.exe
  2⤵
  PID:10576
- C:\Windows\System\LVmHukx.exe
  C:\Windows\System\LVmHukx.exe
  2⤵
  PID:11772
- C:\Windows\System\methCWr.exe
  C:\Windows\System\methCWr.exe
  2⤵
  PID:11864
- C:\Windows\System\IwWwrdT.exe
  C:\Windows\System\IwWwrdT.exe
  2⤵
  PID:12196
- C:\Windows\System\wayCqOm.exe
  C:\Windows\System\wayCqOm.exe
  2⤵
  PID:372
- C:\Windows\System\nVmtjkV.exe
  C:\Windows\System\nVmtjkV.exe
  2⤵
  PID:11828
- C:\Windows\System\rksCenV.exe
  C:\Windows\System\rksCenV.exe
  2⤵
  PID:9636
- C:\Windows\System\CgtncFj.exe
  C:\Windows\System\CgtncFj.exe
  2⤵
  PID:11408
- C:\Windows\System\nHEBpCk.exe
  C:\Windows\System\nHEBpCk.exe
  2⤵
  PID:11584
- C:\Windows\System\OttxASk.exe
  C:\Windows\System\OttxASk.exe
  2⤵
  PID:11952
- C:\Windows\System\EhYLNOr.exe
  C:\Windows\System\EhYLNOr.exe
  2⤵
  PID:13004
- C:\Windows\System\oYSCgIW.exe
  C:\Windows\System\oYSCgIW.exe
  2⤵
  PID:12084
- C:\Windows\System\gNPalco.exe
  C:\Windows\System\gNPalco.exe
  2⤵
  PID:9868
- C:\Windows\System\huRCwJD.exe
  C:\Windows\System\huRCwJD.exe
  2⤵
  PID:11376
- C:\Windows\System\NYHTNYg.exe
  C:\Windows\System\NYHTNYg.exe
  2⤵
  PID:11272
- C:\Windows\System\hKSJfMN.exe
  C:\Windows\System\hKSJfMN.exe
  2⤵
  PID:8852
- C:\Windows\System\QRxQcnX.exe
  C:\Windows\System\QRxQcnX.exe
  2⤵
  PID:9236
- C:\Windows\System\ZjZGMWf.exe
  C:\Windows\System\ZjZGMWf.exe
  2⤵
  PID:1228
- C:\Windows\System\RyUHsmo.exe
  C:\Windows\System\RyUHsmo.exe
  2⤵
  PID:12460
- C:\Windows\System\AOsEiAV.exe
  C:\Windows\System\AOsEiAV.exe
  2⤵
  PID:11684
- C:\Windows\System\XiQUXvv.exe
  C:\Windows\System\XiQUXvv.exe
  2⤵
  PID:12608
- C:\Windows\System\gkhAgxX.exe
  C:\Windows\System\gkhAgxX.exe
  2⤵
  PID:10984
- C:\Windows\System\gmLmZvF.exe
  C:\Windows\System\gmLmZvF.exe
  2⤵
  PID:12336
- C:\Windows\System\POwenMg.exe
  C:\Windows\System\POwenMg.exe
  2⤵
  PID:12384
- C:\Windows\System\jhihLTX.exe
  C:\Windows\System\jhihLTX.exe
  2⤵
  PID:12428
- C:\Windows\System\GfWgEhH.exe
  C:\Windows\System\GfWgEhH.exe
  2⤵
  PID:12868
- C:\Windows\System\bQxAkRH.exe
  C:\Windows\System\bQxAkRH.exe
  2⤵
  PID:12692
- C:\Windows\System\CZdMNJC.exe
  C:\Windows\System\CZdMNJC.exe
  2⤵
  PID:12804
- C:\Windows\System\pVJjmMO.exe
  C:\Windows\System\pVJjmMO.exe
  2⤵
  PID:12044
- C:\Windows\System\hOSAbwQ.exe
  C:\Windows\System\hOSAbwQ.exe
  2⤵
  PID:10932
- C:\Windows\System\PAShFNd.exe
  C:\Windows\System\PAShFNd.exe
  2⤵
  PID:10636
- C:\Windows\System\rLdnBkL.exe
  C:\Windows\System\rLdnBkL.exe
  2⤵
  PID:13300
- C:\Windows\System\PnqLCPz.exe
  C:\Windows\System\PnqLCPz.exe
  2⤵
  PID:11212
- C:\Windows\System\aWDmWCC.exe
  C:\Windows\System\aWDmWCC.exe
  2⤵
  PID:11268
- C:\Windows\System\jJeFwpd.exe
  C:\Windows\System\jJeFwpd.exe
  2⤵
  PID:12216
- C:\Windows\System\CqNzybP.exe
  C:\Windows\System\CqNzybP.exe
  2⤵
  PID:10084
- C:\Windows\System\ViTmQwC.exe
  C:\Windows\System\ViTmQwC.exe
  2⤵
  PID:10488
- C:\Windows\System\oiVpfaI.exe
  C:\Windows\System\oiVpfaI.exe
  2⤵
  PID:11068
- C:\Windows\System\eKSwqIY.exe
  C:\Windows\System\eKSwqIY.exe
  2⤵
  PID:12960
- C:\Windows\System\wwIUpWa.exe
  C:\Windows\System\wwIUpWa.exe
  2⤵
  PID:1460
- C:\Windows\System\paPXXZr.exe
  C:\Windows\System\paPXXZr.exe
  2⤵
  PID:12476
- C:\Windows\System\bkleFYs.exe
  C:\Windows\System\bkleFYs.exe
  2⤵
  PID:9192
- C:\Windows\System\fITAAtL.exe
  C:\Windows\System\fITAAtL.exe
  2⤵
  PID:3916
- C:\Windows\System\ECqNvtm.exe
  C:\Windows\System\ECqNvtm.exe
  2⤵
  PID:12720
- C:\Windows\System\rqHGZUz.exe
  C:\Windows\System\rqHGZUz.exe
  2⤵
  PID:6816
- C:\Windows\System\ttoOZcv.exe
  C:\Windows\System\ttoOZcv.exe
  2⤵
  PID:12660
- C:\Windows\System\TUtJDBg.exe
  C:\Windows\System\TUtJDBg.exe
  2⤵
  PID:12912
- C:\Windows\System\vwhEVTw.exe
  C:\Windows\System\vwhEVTw.exe
  2⤵
  PID:7916
- C:\Windows\System\DQjpdPI.exe
  C:\Windows\System\DQjpdPI.exe
  2⤵
  PID:12424
- C:\Windows\System\EqgrqgP.exe
  C:\Windows\System\EqgrqgP.exe
  2⤵
  PID:12512
- C:\Windows\System\BfyWgJH.exe
  C:\Windows\System\BfyWgJH.exe
  2⤵
  PID:2880
- C:\Windows\System\XOJNaPO.exe
  C:\Windows\System\XOJNaPO.exe
  2⤵
  PID:9716
- C:\Windows\System\xQiYRMY.exe
  C:\Windows\System\xQiYRMY.exe
  2⤵
  PID:6196
- C:\Windows\System\BRqaHXy.exe
  C:\Windows\System\BRqaHXy.exe
  2⤵
  PID:1240
- C:\Windows\System\UmgZOgy.exe
  C:\Windows\System\UmgZOgy.exe
  2⤵
  PID:11636
- C:\Windows\System\MQowjDn.exe
  C:\Windows\System\MQowjDn.exe
  2⤵
  PID:12832
- C:\Windows\System\uGuarlN.exe
  C:\Windows\System\uGuarlN.exe
  2⤵
  PID:12716
- C:\Windows\System\yUegYyV.exe
  C:\Windows\System\yUegYyV.exe
  2⤵
  PID:11108
- C:\Windows\System\ROJpRoc.exe
  C:\Windows\System\ROJpRoc.exe
  2⤵
  PID:2516
- C:\Windows\System\eDUhQCe.exe
  C:\Windows\System\eDUhQCe.exe
  2⤵
  PID:6676
- C:\Windows\System\crsRiln.exe
  C:\Windows\System\crsRiln.exe
  2⤵
  PID:13348
- C:\Windows\System\heWyMQw.exe
  C:\Windows\System\heWyMQw.exe
  2⤵
  PID:13364
- C:\Windows\System\YHGUzdZ.exe
  C:\Windows\System\YHGUzdZ.exe
  2⤵
  PID:13412
- C:\Windows\System\uFYgNNw.exe
  C:\Windows\System\uFYgNNw.exe
  2⤵
  PID:13508
- C:\Windows\System\mVQqvHk.exe
  C:\Windows\System\mVQqvHk.exe
  2⤵
  PID:13684
- C:\Windows\System\kGZQsOd.exe
  C:\Windows\System\kGZQsOd.exe
  2⤵
  PID:13824
- C:\Windows\System\WzxjXVa.exe
  C:\Windows\System\WzxjXVa.exe
  2⤵
  PID:13980
- C:\Windows\System\UJozVNV.exe
  C:\Windows\System\UJozVNV.exe
  2⤵
  PID:9448
- C:\Windows\System\XBqZSmB.exe
  C:\Windows\System\XBqZSmB.exe
  2⤵
  PID:13328
- C:\Windows\System\tdotHEo.exe
  C:\Windows\System\tdotHEo.exe
  2⤵
  PID:9744
- C:\Windows\System\BQMCjDx.exe
  C:\Windows\System\BQMCjDx.exe
  2⤵
  PID:5484
- C:\Windows\System\ZJNKHSh.exe
  C:\Windows\System\ZJNKHSh.exe
  2⤵
  PID:9620
- C:\Windows\System\FWfLLSW.exe
  C:\Windows\System\FWfLLSW.exe
  2⤵
  PID:13528
- C:\Windows\System\VCJAxgN.exe
  C:\Windows\System\VCJAxgN.exe
  2⤵
  PID:13544
- C:\Windows\System\uvCkamw.exe
  C:\Windows\System\uvCkamw.exe
  2⤵
  PID:13572
- C:\Windows\System\YzOQGTP.exe
  C:\Windows\System\YzOQGTP.exe
  2⤵
  PID:13592
- C:\Windows\System\iGFHyYw.exe
  C:\Windows\System\iGFHyYw.exe
  2⤵
  PID:10712
- C:\Windows\System\fBjlJaV.exe
  C:\Windows\System\fBjlJaV.exe
  2⤵
  PID:13712
- C:\Windows\System\bNXisiw.exe
  C:\Windows\System\bNXisiw.exe
  2⤵
  PID:13732
- C:\Windows\System\pyhQzwC.exe
  C:\Windows\System\pyhQzwC.exe
  2⤵
  PID:13500
- C:\Windows\System\IoXAOws.exe
  C:\Windows\System\IoXAOws.exe
  2⤵
  PID:13520
- C:\Windows\System\WHokDHr.exe
  C:\Windows\System\WHokDHr.exe
  2⤵
  PID:13856
- C:\Windows\System\XJDYBrU.exe
  C:\Windows\System\XJDYBrU.exe
  2⤵
  PID:13884
- C:\Windows\System\uRwDJwV.exe
  C:\Windows\System\uRwDJwV.exe
  2⤵
  PID:13932
- C:\Windows\System\jcaXaQT.exe
  C:\Windows\System\jcaXaQT.exe
  2⤵
  PID:13876
- C:\Windows\System\XdCZOcw.exe
  C:\Windows\System\XdCZOcw.exe
  2⤵
  PID:14020
- C:\Windows\System\SyiJiRb.exe
  C:\Windows\System\SyiJiRb.exe
  2⤵
  PID:14208
- C:\Windows\System\HMjWncT.exe
  C:\Windows\System\HMjWncT.exe
  2⤵
  PID:14316
- C:\Windows\System\hFDdrPS.exe
  C:\Windows\System\hFDdrPS.exe
  2⤵
  PID:13324
- C:\Windows\System\CDuiFYR.exe
  C:\Windows\System\CDuiFYR.exe
  2⤵
  PID:11200
- C:\Windows\System\UIjPUWi.exe
  C:\Windows\System\UIjPUWi.exe
  2⤵
  PID:776
- C:\Windows\System\YsPWZQl.exe
  C:\Windows\System\YsPWZQl.exe
  2⤵
  PID:13316
- C:\Windows\System\jHKHdfL.exe
  C:\Windows\System\jHKHdfL.exe
  2⤵
  PID:6176
- C:\Windows\System\afDvkzX.exe
  C:\Windows\System\afDvkzX.exe
  2⤵
  PID:13484
- C:\Windows\System\PKAEsja.exe
  C:\Windows\System\PKAEsja.exe
  2⤵
  PID:10156
- C:\Windows\System\KSnBoqf.exe
  C:\Windows\System\KSnBoqf.exe
  2⤵
  PID:13616
- C:\Windows\System\UrjeaVM.exe
  C:\Windows\System\UrjeaVM.exe
  2⤵
  PID:13740
- C:\Windows\System\yRpMAKS.exe
  C:\Windows\System\yRpMAKS.exe
  2⤵
  PID:14188
- C:\Windows\System\fQbMpDP.exe
  C:\Windows\System\fQbMpDP.exe
  2⤵
  PID:1332
- C:\Windows\System\CjglbnR.exe
  C:\Windows\System\CjglbnR.exe
  2⤵
  PID:316
- C:\Windows\System\ybxbRyE.exe
  C:\Windows\System\ybxbRyE.exe
  2⤵
  PID:13460
- C:\Windows\System\twXploE.exe
  C:\Windows\System\twXploE.exe
  2⤵
  PID:10880
- C:\Windows\System\XJwSPRY.exe
  C:\Windows\System\XJwSPRY.exe
  2⤵
  PID:14256
- C:\Windows\System\pstUVLa.exe
  C:\Windows\System\pstUVLa.exe
  2⤵
  PID:13320
- C:\Windows\System\dNaihaF.exe
  C:\Windows\System\dNaihaF.exe
  2⤵
  PID:13584
- C:\Windows\System\qMCnIdx.exe
  C:\Windows\System\qMCnIdx.exe
  2⤵
  PID:13556
- C:\Windows\System\HiGnxpQ.exe
  C:\Windows\System\HiGnxpQ.exe
  2⤵
  PID:11676
- C:\Windows\System\DGweaOE.exe
  C:\Windows\System\DGweaOE.exe
  2⤵
  PID:12680
- C:\Windows\System\nCxETME.exe
  C:\Windows\System\nCxETME.exe
  2⤵
  PID:4852
- C:\Windows\System\ZQwTJfF.exe
  C:\Windows\System\ZQwTJfF.exe
  2⤵
  PID:832
- C:\Windows\System\yeKQFKy.exe
  C:\Windows\System\yeKQFKy.exe
  2⤵
  PID:3840
- C:\Windows\System\TJPCnZG.exe
  C:\Windows\System\TJPCnZG.exe
  2⤵
  PID:13860
- C:\Windows\System\IjoczTa.exe
  C:\Windows\System\IjoczTa.exe
  2⤵
  PID:13864
- C:\Windows\System\xoIxQAB.exe
  C:\Windows\System\xoIxQAB.exe
  2⤵
  PID:3724
- C:\Windows\System\ZNmuYML.exe
  C:\Windows\System\ZNmuYML.exe
  2⤵
  PID:13908
- C:\Windows\System\oeXYNUl.exe
  C:\Windows\System\oeXYNUl.exe
  2⤵
  PID:13912
- C:\Windows\System\wCRoukG.exe
  C:\Windows\System\wCRoukG.exe
  2⤵
  PID:13888
- C:\Windows\System\oTKgFqn.exe
  C:\Windows\System\oTKgFqn.exe
  2⤵
  PID:14136
- C:\Windows\System\zbjXyBI.exe
  C:\Windows\System\zbjXyBI.exe
  2⤵
  PID:4476
- C:\Windows\System\FJxwzWZ.exe
  C:\Windows\System\FJxwzWZ.exe
  2⤵
  PID:13900
- C:\Windows\System\uhuYjvt.exe
  C:\Windows\System\uhuYjvt.exe
  2⤵
  PID:14264
- C:\Windows\System\mRRpknq.exe
  C:\Windows\System\mRRpknq.exe
  2⤵
  PID:6688
- C:\Windows\System\DZOjPio.exe
  C:\Windows\System\DZOjPio.exe
  2⤵
  PID:4196
- C:\Windows\System\smCrYfj.exe
  C:\Windows\System\smCrYfj.exe
  2⤵
  PID:4264
- C:\Windows\System\cWIXNNV.exe
  C:\Windows\System\cWIXNNV.exe
  2⤵
  PID:11868
- C:\Windows\System\IjGNyBC.exe
  C:\Windows\System\IjGNyBC.exe
  2⤵
  PID:12020
- C:\Windows\System\vTQvBgT.exe
  C:\Windows\System\vTQvBgT.exe
  2⤵
  PID:6592

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:4560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pjumb0up.1ga.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BwshHJh.exe

Filesize
1.7MB

MD5
e3693dcfb3dd82cc5dca2d7956d641d2

SHA1
76eca6e6ee2c44d0ae3d3805915febdbbbd506a9

SHA256
a5efc69d649ab3ccfcac4ff8c141ae38aa811175b19fc111fec12aaa45b78b1e

SHA512
39a42fd2927ed9f5ac8374e1b5d7014bc31267d7c01625b161211f114c81cbe2ad507d7093c8ce148be8ae7e87734d6e1488b378b3bdc1d7bb8102771b15f74b

Download Submit
C:\Windows\System\CWxbBqY.exe

Filesize
1.7MB

MD5
f57d2cefe9f0f8aca05ff2e6ddcd7676

SHA1
0c1afa54345d4877020ad1a5a700639e58779d9c

SHA256
409cfb3dd4053fe778c99332d393915f25363d1abbfc0783b6c6f0260d5cc169

SHA512
524c670a0638f5669586b9f10c706699dcd65e199b836226437c6ec6206bfb13f297b48afd2d7be1dfe43662b0a3f7889f31fcfbe8b8b1a430485626eb23ad2e

Download Submit
C:\Windows\System\DWVxQTv.exe

Filesize
1.7MB

MD5
e8a3be939ec6ca0dc44ebc09f56d3430

SHA1
1fe085f71e8b65706eccfd14f6135aae78f7ffb0

SHA256
157c6c8bf8bb5d21ffdd73490bb3b523610db8887acbbc16f26d8e994612566e

SHA512
6512eed04b9cd4bb3f44f99a212b54e666c4cd9a25a5a834a5838eda45b9bd877c0c598967d714f2f02f0fc0b8e88e6d0ae78501e63072eb76038da5ed6c9b79

Download Submit
C:\Windows\System\DYlwYDu.exe

Filesize
1.7MB

MD5
b824761c6f355b31022302060305b52b

SHA1
8b52b0bff1aa63539ae6b4cef00260163c0012b5

SHA256
3a6ff1ae9e4cbe650cc9fda8accfe67608911ff858ef0caf2bde3a84a7d3cc57

SHA512
7f9bb819480830b71b1a5a58b806d51799622367a10c52bdfb00263ee5ae0a20e36a036a4c330f837e9913e5b08ad86e069c185c65242ff0ee4842c03905b1b7

Download Submit
C:\Windows\System\ERiyzBn.exe

Filesize
1.7MB

MD5
1d6a62d6f606b6e5aa4d41ecaffdf8eb

SHA1
30064e87c3edb56e747882fa9c734be56c3d3174

SHA256
71080d2c1c33cf658d7e6b21c8d965abc11ca87a023f1c703ab6e8018ce1454e

SHA512
546e88d9315da240b91b132294a12212346a1bf7c768360df6cd330f76f02f097a25c7ccddd3cedb31aa4ddb21c4bf6172bb8a9badab56520d52176f08d0bf71

Download Submit
C:\Windows\System\EqpRuuy.exe

Filesize
1.7MB

MD5
06fc60e26e63a337bc268e6f3d0c0c84

SHA1
6f3d57e67815436c47e7280af30be360d1b4ca7c

SHA256
615a15f5f37fd0b5a2566c9127665e5ccff45022af5004f098a3b9ac703b062d

SHA512
e1ab22a7cfde9bbb0251882195a14000d5a494a9480a0eaef50b2169df5d29836a26b7504c63f68b33f4f5d11fc19ff1c765ce7329c01cf4f969154b34736290

Download Submit
C:\Windows\System\GRWYcYk.exe

Filesize
1.7MB

MD5
50367020bfd6739bc9c33f91d2f99d13

SHA1
24c346649373c5e3ebcb10c49fbcfa2d81753e6f

SHA256
e0838406d6b5c42615168cdc5b56cd23f22b89498a182f60a971601fab66495f

SHA512
47226db213757f685fe7d410eccec177f2e1f80ca3cd1030f6b0e91e763ac987270d8efbf0784c6a5a9110777a6a9075e9b15d4b7f9b48889c717928fd6fc963

Download Submit
C:\Windows\System\HQdsWeM.exe

Filesize
1.7MB

MD5
ece5c535a1a03304a2a4e66e43f35b37

SHA1
3f6c8a26c6d3e44507b9cb2df29e6708e9fda8d9

SHA256
600b8720b287d748f29aa43996055383f4209cc4ed709a0982dfab8641021020

SHA512
473d0cbc974309507791f63bd1810a66585f4f9ccedd86190c5a2cc5520ee23c0db20872892cca3b1de523c38fdab3242ed0050b490e142bebbfd4125b1f73ad

Download Submit
C:\Windows\System\HRQfXUp.exe

Filesize
1.7MB

MD5
aeba78be2fd09986f2be9dab480c48f8

SHA1
2382b1163edd9602090f28059a6cd8ea0b6575be

SHA256
886a276327c13af65513dbc9e8db2cb98a00f880bf3c648256ecd4c7903c4570

SHA512
81f27078a7537139a14e7a5dd5553fa05ff3bf94972f9e05a9d848f1cf4226c7feb3d0ba3d0f423ca3ed663767cfee7bc941c070f9e153c8af216117aa86dea9

Download Submit
C:\Windows\System\KfhIwXv.exe

Filesize
1.7MB

MD5
fe2b9834b7a931d0ca63926799d3e71c

SHA1
97e3e77af877c99ea23fdff037e345e79bb8c493

SHA256
e6415820a3922ae7d57741f6b9f4b389498fd4357049cee203779b8a4797fc3d

SHA512
3bd42817e8246fcfa0f51792ed53af235bed1e15d88615bf2af32f4495ff0b22b99b3b8ab3f4ea328f17187877510f745dbe96ac01463d961c3747ebf72f9118

Download Submit
C:\Windows\System\MPLqPUg.exe

Filesize
1.7MB

MD5
c2e56c367d7b99b3a782fcf3a4267e36

SHA1
4383039b61d07332ee14d1da4b4fb529182a4831

SHA256
92dbe4acbf3d6ffa28c7d6790f2dfbfa2520e15bf814d99769a40c4d823373de

SHA512
d1c8d74452b12bc4061861453055ff9a02ced9c6f17cbd05295e16efb5c2f3d40bd469c25bf8a316d5eafacc3484c033e0c41393ac037878577f7295e1fcd861

Download Submit
C:\Windows\System\McSpWSG.exe

Filesize
1.7MB

MD5
05fec04cddc52b8045027b924cd4174e

SHA1
b21c19388372318f2fc7e7d50b4deb125c4fc290

SHA256
356d3fea2fcbc635fd360f10fba74b09b1e916e61436373eb7733d6981c79d15

SHA512
b9766f0cf9102403f1963bc6939a5feb0accd847b93dca2eaa9084b0424f3b645c0fb944640ea1beab35ba939910a11ac9051d38303f8c8129181b270d0936cc

Download Submit
C:\Windows\System\MqHNYTE.exe

Filesize
1.7MB

MD5
92fc580356c9e401c833c630ce4df077

SHA1
858c10dd6dcf252f5745867c58ce91cafe4c9af7

SHA256
a45e0a5635c408fc4f02a3b4dce039af5736fec559ebf61247d334833a970da6

SHA512
c79d1b252599df1b24f32bc01c27a7a9263ba3f42e0dfabdc355f9115f387a215e9b7c5f9863b519aac08280a344fc63604652491bcadbc93e7609e2d35cfe03

Download Submit
C:\Windows\System\NRMqXVT.exe

Filesize
1.7MB

MD5
396abaae411fd8ee2676b2109d2bc447

SHA1
7185b61667a23b769b357138145528455a564612

SHA256
6d705de256c271c78a4f7f43f8556a7e8729a1b6d9b879e8bd0bb282d01a93a4

SHA512
5e30255330c49f0523396d505986ecb037f0e129c55e799b531f86cddec0a6fa444c1c1431892fd2aebb275c5e9fd3b705f2572a44daf464aa5cca2fa6687aad

Download Submit
C:\Windows\System\NSymPyU.exe

Filesize
1.7MB

MD5
12305329d14643d76970deae5afaac96

SHA1
6c77ef8507b2b454ce2eb8ab72f50ffbd2361c74

SHA256
bd370667a63c6aca568d30907cadff498c40796d70dc05c583f56d93cefb9e36

SHA512
50e06ccfad93cb9612ff82b8796079493c3fa208059d3432fc307165f96e51f8d724b8da1f76398ba04d558998201d83544ac1311c3d6f09df9bbe9f55b90586

Download Submit
C:\Windows\System\OoBpDiD.exe

Filesize
1.7MB

MD5
bc44c76931d8f9ed900437fefa8bb132

SHA1
642327f8db3ac2696d71a1fc1f82bbea9c582403

SHA256
6f19d9d494771d75400b3806ce764dfc70cfb4cac1a34ff3c022510f4117ce56

SHA512
e19a48e548581b13637bc47ac1ff556871c2f9cf2017e03c476c66a65f1e5fd6e8dd9d5595da15aa98c5124c8a8551e5129e253036436d68b4b7f95d25f13d1b

Download Submit
C:\Windows\System\QuzCKMr.exe

Filesize
1.7MB

MD5
ba9f96bbd0bd3ddf2719d4352f8f847f

SHA1
b5616f30651735bbd50af517e02c29e41f8fce0d

SHA256
5df3843a03abe8b9535928472a450e4fa2dfb50770a689c7ee657f3d3be081ea

SHA512
b973b4af6564e1dfeca808300ed268bca2653711fca10f03360dd57328e756cec98017496b513716506ae369afe33c53ad3cdd178f0012bfc9036a7085906825

Download Submit
C:\Windows\System\RJhEAPx.exe

Filesize
1.7MB

MD5
454608238112ddcc3d30b8395f5d3bd2

SHA1
2c453edbf8fbbb6fd603080722240f9e7a86918d

SHA256
78fa3424e5bc6ed2a959fdc6be5c1e6e502fc38d020e26bc29ad15df8e80cbdf

SHA512
5c32f6b17b1e2c5ea2d0ca437bea513490fe96c38aff3cf683e90fd8f2f6c4a8db950ebfe1e5609d50eeb324236d18061d004e5936cce8e45644be98ec784506

Download Submit
C:\Windows\System\RNAuZyI.exe

Filesize
1.7MB

MD5
9002ee30f46230ab273a80328b02753a

SHA1
be47b699d18c017e7ce27d39dd39d08061e99311

SHA256
613edb9ebb7dd9395d2f2ef9b82c4f73c4ddf9063862544e9c1d42506dad81b5

SHA512
056e2d12be22b093c41565fa4d003fc43b31a8c093d9fc1450d77a25c6fc2357431a177be1dcf6730a8575b962014fdb604a2cfe9f83ebef359cfdc257604c0f

Download Submit
C:\Windows\System\RimfYSf.exe

Filesize
1.7MB

MD5
82bb9f6e55a72f27df99c9820dc8ceb4

SHA1
081436af43f3a0f959ee8a759f279ba4300abc03

SHA256
d85da7dd93f63d330f10cf5a9337e6816e0aaf3011ef77281622e2d2b800c374

SHA512
60980d6464a59998eba719f483de567577cafba4fc1a7c2bca38fec9d78fc4ba707f0bb196ee5e9ebd3106c46c2c1578c7a83e587725691ca7638c65d4beff65

Download Submit
C:\Windows\System\SaHhVIK.exe

Filesize
1.7MB

MD5
435e5c20af057103a01562e78cbefb05

SHA1
e06d8f7f64e29cdb93908498b772121e47eb5786

SHA256
bb3e57ecbd2659af9326ce8166f902f3415c414f35d6a79154714bd1a5499a89

SHA512
724304fb58c7bd921bd03879b69b598508bd86ba0b9a565fa46e683ff5084eb6aac573eb29ed539bec6cda98d8a482550309f51f6e08e9d2154f2a0cb0621df1

Download Submit
C:\Windows\System\UKtrZId.exe

Filesize
1.7MB

MD5
247ad808ceaa913d022ad406510e68c9

SHA1
fbc1f87ac051b0971bff5e55dc497d71b6b9de27

SHA256
e5901970f8360b3629edb9575b2a6d0e3705c6f548a1992a6032f2b115590742

SHA512
fcd6b47b3991db0c96617566de77deb060e4660d99fbce42f39e5a8659a921448615bfa249910dfb1f5c2e307302200979a6c509f3e86db9353c9d7fa865c891

Download Submit
C:\Windows\System\UmOKriU.exe

Filesize
1.7MB

MD5
466d37e13446602f095e57aba4adb8bc

SHA1
9fe80201eac014fc731a99c9952e69d50a89efce

SHA256
dfb02611ce63979fe278ed3d09d45f17ef4a30ce327a569b08065f84c8e736e3

SHA512
dddfb064bfcbcf84f7a80a88668b01571a536cb875754a81184ccfcf2c04a6275196e8db56c62eacd81a29fc8f622f64b112307853e753b276140dd1d3995c46

Download Submit
C:\Windows\System\VNMOtoL.exe

Filesize
1.7MB

MD5
95bd929274c2bb40600b8d4303b42ad1

SHA1
41cf66509dadfb9cb495c02087d61f083715f8ea

SHA256
194f6e3e5d92d53117bfb43e5bf214b625d7c832e7b056b3e7a775ebd83e6db7

SHA512
19071df37c68cf427dfb53f8990850c68870651da00e5708bbb487b4a05ca3776d6b591590576f90dab10ce2ada38be26465d7c3e1a0a47a2fc84b172e61249d

Download Submit
C:\Windows\System\VqfAxiM.exe

Filesize
1.7MB

MD5
bcc57bb345b0e96b37d6577e8f9bd70c

SHA1
f800e4552aa005e0da1172867df74dd10362d982

SHA256
560efb5a51049fbbd7c69f162e403f4553146e0c0472dd9f3535c79ff2da2e6b

SHA512
423538935c011516d6f5cd0f1a1847f6acae745a00dbf80f4118c8503ecc9474c4d751afa2b75c60401a55f3a4082db5b8e81c8b38d32ef6a6a5cf15a1c96559

Download Submit
C:\Windows\System\ZDeDMub.exe

Filesize
1.7MB

MD5
429b4bdd9a25b2962b5a0e09d841ffc8

SHA1
0c6389ff7bbb9a35c691b551936585f7d32d81ea

SHA256
182fbb45326bc6dd37c3a2aabeb9b8fc3b1f20d993fb4135cf9d6f3865681910

SHA512
622d62720b793d5b9c4416da21c172e835b9d8c6e610af7b419671a507bfa13f378b270d73373f8e903b795beff863008fcb42b9820c7d342f8a420dd950622f

Download Submit
C:\Windows\System\ZSFgbEW.exe

Filesize
1.7MB

MD5
4c208dc8901cba894d41c41a7e692143

SHA1
3fbee5a804bdd5c20d2ef37b3fa9007d7a151458

SHA256
9459ac7b066478dfd5e016bdcac8be6a114066b446f6336864d87c52df743fa6

SHA512
80b0a13547ebee61e9723f2fa01c58db86b13621d54857c73d713a2c56bd7e01baa90c933a7dddd5d868c4c7a83f996535c0940b6925a79072d6e5263b03deb0

Download Submit
C:\Windows\System\annSMgU.exe

Filesize
1.7MB

MD5
1865fffe09125480972cf58910825a33

SHA1
35511527239adc56210c24d59b31c53fab729804

SHA256
b35a8933099d43f23541d79abd33bce648406bcb543a5202b16d48fe03249a86

SHA512
da2935d53c5a01611bfc462cabf92996a147710ab9f4d624c84caf88957b832c5c3ebfdae1d91dcd54d1229fb8b642fecc28f25dde4f29e7a718b78267a63192

Download Submit
C:\Windows\System\bGjAHxS.exe

Filesize
1.7MB

MD5
895ff8782eceee34499997c438814379

SHA1
b2235e9c3465e6ec80bfdb7f7e408683909162ae

SHA256
0fcaa2dfd56ccf4660d89ebb1cd55bbb7afe588ae23eaeaef24441a57b938cac

SHA512
5981c0e79c2dd2951ca4ae62c1903e9130182691c6912f6af7d6cec28ddd8d32b41a1da44ca676a612ba7c39c53c0af642a426506decae2e581a1a935c3b4f4d

Download Submit
C:\Windows\System\bcZmpDY.exe

Filesize
1.7MB

MD5
be8fa14431057a96ed16afb468e1d9bb

SHA1
202ef295029b7d1d6c3d93e346b53b0834c1471d

SHA256
ab56fbf5e167524931d71a0ab01a1163a981bfc2c4a589a8e3f3ae8e30a8429a

SHA512
f70f32ba31179f6c832d505840b471da5423c2f2cb45ce4fafdec241aadbcab7a0b9f13bfec56cd4ee5acda1f85d3d41b202ec7224ecf6fa8e665afee01dd23d

Download Submit
C:\Windows\System\gZekuJa.exe

Filesize
1.7MB

MD5
f03e297f3b20d5879359b1a1f787f1e0

SHA1
872bfb6e323dfdde74a0acd272ced8d86da3657d

SHA256
db9b21a0d48ef4e479b3f624955e8b262c7d4611f6436ecdb5f8495b2866e906

SHA512
eea3d59c0d9056c242a87a116c7079adc65930a955323b20bb76afda3cc541a96dc872ed5f4ea7ab86486fc17b574825a2ad235ad8d7b0ed01d8c0041f409b3a

Download Submit
C:\Windows\System\lSMyTzO.exe

Filesize
1.7MB

MD5
d2d76ebecee42af11af7ba322ae01970

SHA1
dd0b3747e0e71ae551c412633c22627f1f9bbf9e

SHA256
2228df1ef803d272953697999056a9c8565e98dcb75026951a48558a8d492aec

SHA512
9feafb91533123886363efb602ea70c8ed8a6e20010e9c38af88ffc8ed20d5fce2f547202156fc900a8e94d1ac59871bcaebaf3af9442cb151bc03300e66b3ca

Download Submit
C:\Windows\System\ohzxHyD.exe

Filesize
1.7MB

MD5
277fcb63ccdfc970a4e728cf27968f9a

SHA1
8e2144f662c136fe3b88011d3fb61c99fde3bce5

SHA256
51b06062907215382e4486dce9fa42b1cc41f8d1522fdbc3b196cebfbdd4e2b6

SHA512
5ee051d399f1de9d728954b37287f7a01f11145a8143deccce84cd84729f55ee2d36f4371a570759b9a61d84d9cc21a030311da2916ed962c980e14d81ee7599

Download Submit
C:\Windows\System\rsydPuJ.exe

Filesize
1.7MB

MD5
d640b6bc83c0da2332c41485527db9f8

SHA1
643f8b5e5958c2702dbdd6c2c745fab520c6185e

SHA256
6f01cf461af7c7ade20807e6d245e7a8754cb29c3de9909142f663d6f2243114

SHA512
efe968895a8e7072eebc04c095d1c153b86dff15bc58d4cc185aec8df94408dac0e7bede0f7a01089cf5bbccf9f68811258acb97b9288fc13bd5f71e174db881

Download Submit
C:\Windows\System\rywodNp.exe

Filesize
1.7MB

MD5
d3ee2e0c5efb687fc0e9be758d929470

SHA1
fdc80a6a535d07aae5902d0dd974a6a3e582cf2a

SHA256
0d26d22b2c47591c521d6824e793a19e408f792bde17cbbad804dbd62673f10f

SHA512
2e9e08009e216782e8845ea6ec98d792a4b60d9cbb64e108f98a8ba98207b2a2f74962f3d34096501b5455273344bf3803d0d0c9a6a044c25bd2759844cf7b1d

Download Submit
C:\Windows\System\sRCsKUA.exe

Filesize
1.7MB

MD5
7cffc2ba47d34e1e24d5592f72b94272

SHA1
3f9f2ac93808f22fa57d87b676a31b3a769c69b9

SHA256
9b472f1a2e7dfaa7764a18fe36faa91bcc404569816df2368744c344d65821c1

SHA512
fb24c02069f903d63ebafe6472db089b8874997746dc3296bacd31e1c4490cb242372536706a3ccd729f21fe5a63f630653f4dc4f7b8e3e70e33b01df8b9a9cf

Download Submit
C:\Windows\System\srqcZRq.exe

Filesize
8B

MD5
99de9fff1c384289fd83d6dc064e3eb0

SHA1
fa84ee172bcad31d12f63f68f75302eced3eb04f

SHA256
537073a623a98b420b130d9402dd47b4473cacc54bdf99b0af6e70cdc060b0c4

SHA512
32b02fb241ee8ccb51a930c94c4606bc8e22fc37808a558b3fe991d8b07928c47bc9164b507cba81eba02f3d4eb5f05322ac8cae374b09a2de26d954326f3d48

Download Submit
C:\Windows\System\sznryNj.exe

Filesize
1.7MB

MD5
3e635f4178b218910efe02ae4e70aa85

SHA1
ed8de7394f4baac94668eac049a0523ce15d933c

SHA256
72e2a8d7be04d8b9dff656acae01d30cfb3254676b4f6f383edc0fdc6953475f

SHA512
67aee066f43b5749e18c3919090b3a16ffa15b6cc5aa56826469057773b54b4c9aa333ebd9156d44a0f15dc73440da86960d49f1d1a46e4147b316a4291c4a23

Download Submit
C:\Windows\System\uHJXYjd.exe

Filesize
1.7MB

MD5
da91e799b8ef61c7ceb4ab85730e1c62

SHA1
3c2c8e1a7aee29bdfd3d3e97e29d39423794909b

SHA256
41b68e6e97ecc64358b3c981e63e868eab5c1559ddc8236e09d0bf30b20bf001

SHA512
7ac6e00517f79dd90237ef3a15414b1ba3fa721df84be2d6307d81f13d39676214a4e903f59458d8862ebca78b60afa6dda65263c3c56e2f9ad95bf94cc30875

Download Submit
C:\Windows\System\vCRpWpq.exe

Filesize
1.7MB

MD5
1fa1308b4d5059a5ff09c649b97ffa35

SHA1
624d567119dc49b3e82dda36467c56ed38fc6a00

SHA256
2e17bad52dda8d3deac486e015cc572a65170bcb885f8126f4ff2128440b0966

SHA512
48a84f8178774f51177fcf2e38157653fd141c75915b4f54997999c30b137c7fcf81517482f62daddd5ad2e214639cab0951fc5a4333fd0334e20d2bc93b0645

Download Submit
C:\Windows\System\xfdJJOk.exe

Filesize
1.7MB

MD5
f37815a9a50cb517bedd3812eaa38a97

SHA1
79c69e15747cec59796fdc5e5ddac14d937cc9d0

SHA256
310ffec74e01d4085ad6bd8805e8670e77793d1c85358eee21f7b10ad606c717

SHA512
f4dd6300838605062506ea5dfbd411814e5284c7d1caa65adaa2f4b5fa6cd8b8b25eeaf5d2a02e387c378b73dfd13de5ca2e91a471e28753af3e2ef83f8d05dc

Download Submit
C:\Windows\System\xpeJCug.exe

Filesize
1.7MB

MD5
ab07fa34a3431b8401da4484d65cc697

SHA1
0f31b50284f64d64477fc3d1785fc5ee0432d6c7

SHA256
bda46be6392605ccdf3957d7aeb17f2dcdb62f330bafdff2b190f346bf441687

SHA512
bb38bab834d5f2a502eb9efec7794a2ad94688476e1dee9b98c039ecbd315f9559af1205e5ccdb3b9e1ffd687c948e8a7d85ea5d69d2ee7fd8adf7eef79e04e3

Download Submit
memory/32-512-0x00007FF6223F0000-0x00007FF6227E2000-memory.dmp

Filesize
3.9MB

Download
memory/232-510-0x00007FF7994F0000-0x00007FF7998E2000-memory.dmp

Filesize
3.9MB

Download
memory/364-522-0x00007FF6E4000000-0x00007FF6E43F2000-memory.dmp

Filesize
3.9MB

Download
memory/388-8-0x00007FFA568D3000-0x00007FFA568D5000-memory.dmp

Filesize
8KB

Download
memory/388-596-0x0000020EA6060000-0x0000020EA6082000-memory.dmp

Filesize
136KB

Download
memory/388-138-0x00007FFA568D0000-0x00007FFA57391000-memory.dmp

Filesize
10.8MB

Download
memory/388-2000-0x00007FFA568D0000-0x00007FFA57391000-memory.dmp

Filesize
10.8MB

Download
memory/388-523-0x00007FFA568D0000-0x00007FFA57391000-memory.dmp

Filesize
10.8MB

Download
memory/872-3609-0x00007FF7009F0000-0x00007FF700DE2000-memory.dmp

Filesize
3.9MB

Download
memory/872-18-0x00007FF7009F0000-0x00007FF700DE2000-memory.dmp

Filesize
3.9MB

Download
memory/1156-509-0x00007FF7B7840000-0x00007FF7B7C32000-memory.dmp

Filesize
3.9MB

Download
memory/1320-524-0x00007FF73C690000-0x00007FF73CA82000-memory.dmp

Filesize
3.9MB

Download
memory/1980-517-0x00007FF7A2FC0000-0x00007FF7A33B2000-memory.dmp

Filesize
3.9MB

Download
memory/2064-489-0x00007FF7EB670000-0x00007FF7EBA62000-memory.dmp

Filesize
3.9MB

Download
memory/2212-521-0x00007FF6A93C0000-0x00007FF6A97B2000-memory.dmp

Filesize
3.9MB

Download
memory/2476-516-0x00007FF7EA4E0000-0x00007FF7EA8D2000-memory.dmp

Filesize
3.9MB

Download
memory/2844-511-0x00007FF6E1FC0000-0x00007FF6E23B2000-memory.dmp

Filesize
3.9MB

Download
memory/3060-508-0x00007FF75FFF0000-0x00007FF7603E2000-memory.dmp

Filesize
3.9MB

Download
memory/3132-513-0x00007FF683540000-0x00007FF683932000-memory.dmp

Filesize
3.9MB

Download
memory/3940-217-0x00007FF7D7530000-0x00007FF7D7922000-memory.dmp

Filesize
3.9MB

Download
memory/4180-518-0x00007FF6B76F0000-0x00007FF6B7AE2000-memory.dmp

Filesize
3.9MB

Download
memory/4188-515-0x00007FF696690000-0x00007FF696A82000-memory.dmp

Filesize
3.9MB

Download
memory/4312-343-0x00007FF7E7DB0000-0x00007FF7E81A2000-memory.dmp

Filesize
3.9MB

Download
memory/4420-519-0x00007FF774270000-0x00007FF774662000-memory.dmp

Filesize
3.9MB

Download
memory/4528-369-0x00007FF647510000-0x00007FF647902000-memory.dmp

Filesize
3.9MB

Download
memory/4536-180-0x00007FF7BBE90000-0x00007FF7BC282000-memory.dmp

Filesize
3.9MB

Download
memory/4812-0-0x00007FF693970000-0x00007FF693D62000-memory.dmp

Filesize
3.9MB

Download
memory/4812-1-0x000001C09B6E0000-0x000001C09B6F0000-memory.dmp

Filesize
64KB

Download
memory/4812-3607-0x00007FF693970000-0x00007FF693D62000-memory.dmp

Filesize
3.9MB

Download
memory/4928-520-0x00007FF6B76A0000-0x00007FF6B7A92000-memory.dmp

Filesize
3.9MB

Download
memory/4984-328-0x00007FF767B80000-0x00007FF767F72000-memory.dmp

Filesize
3.9MB

Download
memory/5004-252-0x00007FF7DE050000-0x00007FF7DE442000-memory.dmp

Filesize
3.9MB

Download
memory/5100-514-0x00007FF6BDA00000-0x00007FF6BDDF2000-memory.dmp

Filesize
3.9MB

Download