xmrig | be8f36c37ce2d5dd3500d9fc79367fa4cbdc259cb816de78d010359db525d2d2

Analysis

max time kernel
120s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43818f356317a3fdaf9c4740c25fe070N.exe
Size

1.6MB
MD5

43818f356317a3fdaf9c4740c25fe070
SHA1

9297178a00b4475dbbd153e0980852487a36d68e
SHA256

be8f36c37ce2d5dd3500d9fc79367fa4cbdc259cb816de78d010359db525d2d2
SHA512

70dfbe26c21603dd48a513eb03dd7678a5e0713544b69e0fa483df8a78620c27e3cf8c7f05daf2fa3544d5b9321807836ae28097dceee4478cf3a8b0655dc501
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMGvGr1t4oAirbNIjTnHzlyPGkd+TKqxxLV:Lz071uv4BPMkFfdk2auTlGGxZ

Score

10^/10

xmrig discovery execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral2/memory/208-204-0x00007FF7CB150000-0x00007FF7CB542000-memory.dmp	xmrig
behavioral2/memory/4432-209-0x00007FF652010000-0x00007FF652402000-memory.dmp	xmrig
behavioral2/memory/2228-214-0x00007FF6B68E0000-0x00007FF6B6CD2000-memory.dmp	xmrig
behavioral2/memory/1924-243-0x00007FF77A400000-0x00007FF77A7F2000-memory.dmp	xmrig
behavioral2/memory/3932-252-0x00007FF6B5CC0000-0x00007FF6B60B2000-memory.dmp	xmrig
behavioral2/memory/4364-259-0x00007FF7D0980000-0x00007FF7D0D72000-memory.dmp	xmrig
behavioral2/memory/488-258-0x00007FF605200000-0x00007FF6055F2000-memory.dmp	xmrig
behavioral2/memory/4516-256-0x00007FF69EB20000-0x00007FF69EF12000-memory.dmp	xmrig
behavioral2/memory/4612-255-0x00007FF695470000-0x00007FF695862000-memory.dmp	xmrig
behavioral2/memory/3360-254-0x00007FF78E450000-0x00007FF78E842000-memory.dmp	xmrig
behavioral2/memory/2684-253-0x00007FF6F2D20000-0x00007FF6F3112000-memory.dmp	xmrig
behavioral2/memory/4972-251-0x00007FF728B50000-0x00007FF728F42000-memory.dmp	xmrig
behavioral2/memory/1832-250-0x00007FF604CB0000-0x00007FF6050A2000-memory.dmp	xmrig
behavioral2/memory/4720-249-0x00007FF6A6050000-0x00007FF6A6442000-memory.dmp	xmrig
behavioral2/memory/2948-248-0x00007FF61F7E0000-0x00007FF61FBD2000-memory.dmp	xmrig
behavioral2/memory/4004-247-0x00007FF648CD0000-0x00007FF6490C2000-memory.dmp	xmrig
behavioral2/memory/1136-242-0x00007FF76FFC0000-0x00007FF7703B2000-memory.dmp	xmrig
behavioral2/memory/3204-239-0x00007FF686EA0000-0x00007FF687292000-memory.dmp	xmrig
behavioral2/memory/1628-236-0x00007FF6E8140000-0x00007FF6E8532000-memory.dmp	xmrig
behavioral2/memory/876-203-0x00007FF7FAC70000-0x00007FF7FB062000-memory.dmp	xmrig
behavioral2/memory/1160-165-0x00007FF7AB960000-0x00007FF7ABD52000-memory.dmp	xmrig
behavioral2/memory/488-3498-0x00007FF605200000-0x00007FF6055F2000-memory.dmp	xmrig
behavioral2/memory/4432-3553-0x00007FF652010000-0x00007FF652402000-memory.dmp	xmrig
behavioral2/memory/3932-3561-0x00007FF6B5CC0000-0x00007FF6B60B2000-memory.dmp	xmrig
behavioral2/memory/1628-3644-0x00007FF6E8140000-0x00007FF6E8532000-memory.dmp	xmrig
behavioral2/memory/4516-3656-0x00007FF69EB20000-0x00007FF69EF12000-memory.dmp	xmrig
behavioral2/memory/2684-3621-0x00007FF6F2D20000-0x00007FF6F3112000-memory.dmp	xmrig
behavioral2/memory/4720-3598-0x00007FF6A6050000-0x00007FF6A6442000-memory.dmp	xmrig
behavioral2/memory/1136-3574-0x00007FF76FFC0000-0x00007FF7703B2000-memory.dmp	xmrig
behavioral2/memory/4364-3565-0x00007FF7D0980000-0x00007FF7D0D72000-memory.dmp	xmrig
behavioral2/memory/4972-3524-0x00007FF728B50000-0x00007FF728F42000-memory.dmp	xmrig
behavioral2/memory/1832-3536-0x00007FF604CB0000-0x00007FF6050A2000-memory.dmp	xmrig
behavioral2/memory/208-3503-0x00007FF7CB150000-0x00007FF7CB542000-memory.dmp	xmrig
behavioral2/memory/1064-3499-0x00007FF6ECDB0000-0x00007FF6ED1A2000-memory.dmp	xmrig
behavioral2/memory/1160-3495-0x00007FF7AB960000-0x00007FF7ABD52000-memory.dmp	xmrig
behavioral2/memory/4704-5360-0x00007FF6EA950000-0x00007FF6EAD42000-memory.dmp	xmrig

Blocklisted process makes network request 5 IoCs

flow	pid	Process
8	4672	powershell.exe
10	4672	powershell.exe
12	4672	powershell.exe
13	4672	powershell.exe
15	4672	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4672	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4772	zEeEmsX.exe
3296	fJXvAWg.exe
1064	izVsRHz.exe
1160	rEXXbOD.exe
488	bdFuQdg.exe
876	hdVbBiD.exe
208	FvCLBwX.exe
4432	AXrteGc.exe
2228	RWOkRGW.exe
1628	fomzdUt.exe
3204	JBbjHXo.exe
1136	ofLfOHS.exe
1924	HGKDTvM.exe
4004	YFBTxlF.exe
2948	dEkoIdL.exe
4720	YEzrPDe.exe
1832	kQLMRAa.exe
4972	mIHmVvq.exe
4364	vbqAlEt.exe
3932	kWtMCku.exe
2684	AXNsoZF.exe
3360	OrGRITQ.exe
4612	GgnTGQM.exe
4516	zPpCBEK.exe
1920	LlxGMgP.exe
2964	QdtKtxg.exe
3456	gHNuCRC.exe
4148	MgnJxbZ.exe
1140	UgJUfLj.exe
2340	HEVpAIw.exe
2168	skcCYTi.exe
4292	CFUEpEZ.exe
1444	oIkeNjN.exe
2560	zUEKKcl.exe
4824	VswMJBo.exe
4836	YkaCBiK.exe
4804	tXKGBcP.exe
2408	xPEkfTs.exe
4496	aHUoKcI.exe
4464	eLwYUwW.exe
2688	MArzOKi.exe
5056	fUWtpZs.exe
5020	nUhROYS.exe
4568	iDsuBEc.exe
396	uTnknuW.exe
3492	dfAaNZn.exe
2224	qhvHmrj.exe
1816	RBvwrSb.exe
2176	WWBvwqI.exe
4800	OMlPyHv.exe
4868	lmwOPOr.exe
1008	OHjeBIE.exe
1332	RxCLEeM.exe
4828	hQgVBCk.exe
2132	VtJbzpU.exe
2832	xCNjNxm.exe
1880	FileQjo.exe
3508	xqmTSXd.exe
4528	SGqbSxt.exe
4596	OZasVAj.exe
1776	ELAjEJO.exe
2712	yTceoKa.exe
1800	LTzmtAM.exe
4680	VnnhoJo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4704-0-0x00007FF6EA950000-0x00007FF6EAD42000-memory.dmp	upx
behavioral2/files/0x00090000000226f6-5.dat	upx
behavioral2/memory/3296-29-0x00007FF6FC910000-0x00007FF6FCD02000-memory.dmp	upx
behavioral2/files/0x000700000002343e-32.dat	upx
behavioral2/files/0x0007000000023448-66.dat	upx
behavioral2/files/0x0007000000023444-65.dat	upx
behavioral2/files/0x0007000000023446-60.dat	upx
behavioral2/memory/1064-57-0x00007FF6ECDB0000-0x00007FF6ED1A2000-memory.dmp	upx
behavioral2/files/0x000700000002343f-53.dat	upx
behavioral2/files/0x0007000000023445-50.dat	upx
behavioral2/files/0x0007000000023447-62.dat	upx
behavioral2/files/0x0007000000023443-41.dat	upx
behavioral2/files/0x000700000002344e-91.dat	upx
behavioral2/files/0x000700000002345c-149.dat	upx
behavioral2/files/0x0007000000023457-175.dat	upx
behavioral2/memory/208-204-0x00007FF7CB150000-0x00007FF7CB542000-memory.dmp	upx
behavioral2/memory/4432-209-0x00007FF652010000-0x00007FF652402000-memory.dmp	upx
behavioral2/memory/2228-214-0x00007FF6B68E0000-0x00007FF6B6CD2000-memory.dmp	upx
behavioral2/memory/1924-243-0x00007FF77A400000-0x00007FF77A7F2000-memory.dmp	upx
behavioral2/memory/3932-252-0x00007FF6B5CC0000-0x00007FF6B60B2000-memory.dmp	upx
behavioral2/memory/4364-259-0x00007FF7D0980000-0x00007FF7D0D72000-memory.dmp	upx
behavioral2/memory/488-258-0x00007FF605200000-0x00007FF6055F2000-memory.dmp	upx
behavioral2/memory/4516-256-0x00007FF69EB20000-0x00007FF69EF12000-memory.dmp	upx
behavioral2/memory/4612-255-0x00007FF695470000-0x00007FF695862000-memory.dmp	upx
behavioral2/memory/3360-254-0x00007FF78E450000-0x00007FF78E842000-memory.dmp	upx
behavioral2/memory/2684-253-0x00007FF6F2D20000-0x00007FF6F3112000-memory.dmp	upx
behavioral2/memory/4972-251-0x00007FF728B50000-0x00007FF728F42000-memory.dmp	upx
behavioral2/memory/1832-250-0x00007FF604CB0000-0x00007FF6050A2000-memory.dmp	upx
behavioral2/memory/4720-249-0x00007FF6A6050000-0x00007FF6A6442000-memory.dmp	upx
behavioral2/memory/2948-248-0x00007FF61F7E0000-0x00007FF61FBD2000-memory.dmp	upx
behavioral2/memory/4004-247-0x00007FF648CD0000-0x00007FF6490C2000-memory.dmp	upx
behavioral2/memory/1136-242-0x00007FF76FFC0000-0x00007FF7703B2000-memory.dmp	upx
behavioral2/memory/3204-239-0x00007FF686EA0000-0x00007FF687292000-memory.dmp	upx
behavioral2/memory/1628-236-0x00007FF6E8140000-0x00007FF6E8532000-memory.dmp	upx
behavioral2/memory/876-203-0x00007FF7FAC70000-0x00007FF7FB062000-memory.dmp	upx
behavioral2/files/0x000700000002345e-195.dat	upx
behavioral2/files/0x0007000000023458-192.dat	upx
behavioral2/files/0x000700000002345d-191.dat	upx
behavioral2/files/0x0007000000023452-185.dat	upx
behavioral2/files/0x0007000000023456-177.dat	upx
behavioral2/files/0x0007000000023454-171.dat	upx
behavioral2/files/0x0007000000023453-169.dat	upx
behavioral2/memory/1160-165-0x00007FF7AB960000-0x00007FF7ABD52000-memory.dmp	upx
behavioral2/files/0x0007000000023451-154.dat	upx
behavioral2/files/0x000700000002344d-152.dat	upx
behavioral2/files/0x0007000000023450-150.dat	upx
behavioral2/files/0x000700000002344a-147.dat	upx
behavioral2/files/0x0007000000023459-145.dat	upx
behavioral2/files/0x0008000000023439-144.dat	upx
behavioral2/files/0x000700000002344f-138.dat	upx
behavioral2/files/0x0007000000023455-136.dat	upx
behavioral2/files/0x0007000000023449-118.dat	upx
behavioral2/files/0x000700000002344c-81.dat	upx
behavioral2/files/0x000700000002344b-80.dat	upx
behavioral2/files/0x0007000000023442-77.dat	upx
behavioral2/files/0x0007000000023441-73.dat	upx
behavioral2/files/0x000700000002343c-70.dat	upx
behavioral2/files/0x000700000002343d-38.dat	upx
behavioral2/files/0x0007000000023440-33.dat	upx
behavioral2/memory/4772-14-0x00007FF68A380000-0x00007FF68A772000-memory.dmp	upx
behavioral2/memory/488-3498-0x00007FF605200000-0x00007FF6055F2000-memory.dmp	upx
behavioral2/memory/4432-3553-0x00007FF652010000-0x00007FF652402000-memory.dmp	upx
behavioral2/memory/3932-3561-0x00007FF6B5CC0000-0x00007FF6B60B2000-memory.dmp	upx
behavioral2/memory/1628-3644-0x00007FF6E8140000-0x00007FF6E8532000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UIEfURI.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\lQnoXDM.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\EFDZmQP.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\VobjjHi.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\IcBeXJw.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\nkrbFWi.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\nxeTqbY.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\zPhTHXN.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\vthXZZR.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\QVUruKm.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\JAOSvak.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\dmnyOya.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\vEVAYFE.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\KXamaGx.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\tXKGBcP.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\ZIYyyXL.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\bBpADaU.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\tEqQLEy.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\iLHMSch.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\TzYHJpz.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\vFFJvEn.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\JdQqSHX.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\oLcyvTh.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\svQPcmB.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\UjYCIBJ.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\JsXOnbq.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\dIGJgWx.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\xVgJXQl.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\RVnSobB.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\vuJeMLD.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\uLcJxXv.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\EvaheXO.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\rEXXbOD.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\TRxfrlc.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\mtcRuYm.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\TBheRBs.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\sTvwNqU.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\wwDJgtx.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\mwfpTfX.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\eSpEnxY.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\ESsXGdm.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\ZVMfSTh.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\HmyvOVL.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\NbiBBGT.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\bprtVaz.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\TBismiW.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\KRcFBXL.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\eNxPLab.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\cbpMChW.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\cYPGshk.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\tNFuoIV.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\CcBIqmL.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\XhHqVfe.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\eqVTlgr.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\iIscFVP.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\omxxhQk.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\UUGkvBF.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\GYNHoGk.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\PinGehh.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\HNReLxa.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\TCRcJuw.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\qGpBJkN.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\IAxrJgG.exe	43818f356317a3fdaf9c4740c25fe070N.exe
File created	C:\Windows\System\zwpJCMA.exe	43818f356317a3fdaf9c4740c25fe070N.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
11316	PinGehh.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4672	powershell.exe
4672	powershell.exe
4672	powershell.exe
4672	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
10904	Process not Found
7548	Process not Found
2112	Process not Found
3696	Process not Found
7620	Process not Found
6076	Process not Found
10572	Process not Found
6124	Process not Found
15324	Process not Found
15340	Process not Found
12644	Process not Found
6868	Process not Found
8240	Process not Found
4404	Process not Found
6792	Process not Found
1032	Process not Found
7644	Process not Found
1492	Process not Found
6148	Process not Found
7728	Process not Found
6608	Process not Found
6640	Process not Found
12000	Process not Found
14792	Process not Found
3620	Process not Found
8148	Process not Found
12152	Process not Found
12232	Process not Found
14460	Process not Found
728	Process not Found
6864	Process not Found
9776	Process not Found
7672	Process not Found
5484	Process not Found
12196	Process not Found
7840	Process not Found
13684	Process not Found
10040	Process not Found
5684	Process not Found
11152	Process not Found
7684	Process not Found
12100	Process not Found
13848	Process not Found
12128	Process not Found
7716	Process not Found
14736	Process not Found
9592	Process not Found
10748	Process not Found
6988	Process not Found
8624	Process not Found
12224	Process not Found
8220	Process not Found
7900	Process not Found
6588	Process not Found
6416	Process not Found
7776	Process not Found
11364	Process not Found
9368	Process not Found
3076	Process not Found
7240	Process not Found
696	Process not Found
4888	Process not Found
11420	Process not Found
64	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4704	43818f356317a3fdaf9c4740c25fe070N.exe
Token: SeDebugPrivilege	4672	powershell.exe
Token: SeLockMemoryPrivilege	4704	43818f356317a3fdaf9c4740c25fe070N.exe
Token: SeCreateGlobalPrivilege	14196	dwm.exe
Token: SeChangeNotifyPrivilege	14196	dwm.exe
Token: 33	14196	dwm.exe
Token: SeIncBasePriorityPrivilege	14196	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 4672	4704	43818f356317a3fdaf9c4740c25fe070N.exe	85
PID 4704 wrote to memory of 4672	4704	43818f356317a3fdaf9c4740c25fe070N.exe	85
PID 4704 wrote to memory of 4772	4704	43818f356317a3fdaf9c4740c25fe070N.exe	86
PID 4704 wrote to memory of 4772	4704	43818f356317a3fdaf9c4740c25fe070N.exe	86
PID 4704 wrote to memory of 1064	4704	43818f356317a3fdaf9c4740c25fe070N.exe	87
PID 4704 wrote to memory of 1064	4704	43818f356317a3fdaf9c4740c25fe070N.exe	87
PID 4704 wrote to memory of 3296	4704	43818f356317a3fdaf9c4740c25fe070N.exe	88
PID 4704 wrote to memory of 3296	4704	43818f356317a3fdaf9c4740c25fe070N.exe	88
PID 4704 wrote to memory of 488	4704	43818f356317a3fdaf9c4740c25fe070N.exe	89
PID 4704 wrote to memory of 488	4704	43818f356317a3fdaf9c4740c25fe070N.exe	89
PID 4704 wrote to memory of 1160	4704	43818f356317a3fdaf9c4740c25fe070N.exe	90
PID 4704 wrote to memory of 1160	4704	43818f356317a3fdaf9c4740c25fe070N.exe	90
PID 4704 wrote to memory of 876	4704	43818f356317a3fdaf9c4740c25fe070N.exe	91
PID 4704 wrote to memory of 876	4704	43818f356317a3fdaf9c4740c25fe070N.exe	91
PID 4704 wrote to memory of 208	4704	43818f356317a3fdaf9c4740c25fe070N.exe	92
PID 4704 wrote to memory of 208	4704	43818f356317a3fdaf9c4740c25fe070N.exe	92
PID 4704 wrote to memory of 4432	4704	43818f356317a3fdaf9c4740c25fe070N.exe	93
PID 4704 wrote to memory of 4432	4704	43818f356317a3fdaf9c4740c25fe070N.exe	93
PID 4704 wrote to memory of 2228	4704	43818f356317a3fdaf9c4740c25fe070N.exe	94
PID 4704 wrote to memory of 2228	4704	43818f356317a3fdaf9c4740c25fe070N.exe	94
PID 4704 wrote to memory of 1924	4704	43818f356317a3fdaf9c4740c25fe070N.exe	95
PID 4704 wrote to memory of 1924	4704	43818f356317a3fdaf9c4740c25fe070N.exe	95
PID 4704 wrote to memory of 1628	4704	43818f356317a3fdaf9c4740c25fe070N.exe	96
PID 4704 wrote to memory of 1628	4704	43818f356317a3fdaf9c4740c25fe070N.exe	96
PID 4704 wrote to memory of 3204	4704	43818f356317a3fdaf9c4740c25fe070N.exe	97
PID 4704 wrote to memory of 3204	4704	43818f356317a3fdaf9c4740c25fe070N.exe	97
PID 4704 wrote to memory of 1136	4704	43818f356317a3fdaf9c4740c25fe070N.exe	98
PID 4704 wrote to memory of 1136	4704	43818f356317a3fdaf9c4740c25fe070N.exe	98
PID 4704 wrote to memory of 4004	4704	43818f356317a3fdaf9c4740c25fe070N.exe	99
PID 4704 wrote to memory of 4004	4704	43818f356317a3fdaf9c4740c25fe070N.exe	99
PID 4704 wrote to memory of 2948	4704	43818f356317a3fdaf9c4740c25fe070N.exe	100
PID 4704 wrote to memory of 2948	4704	43818f356317a3fdaf9c4740c25fe070N.exe	100
PID 4704 wrote to memory of 4720	4704	43818f356317a3fdaf9c4740c25fe070N.exe	101
PID 4704 wrote to memory of 4720	4704	43818f356317a3fdaf9c4740c25fe070N.exe	101
PID 4704 wrote to memory of 1832	4704	43818f356317a3fdaf9c4740c25fe070N.exe	102
PID 4704 wrote to memory of 1832	4704	43818f356317a3fdaf9c4740c25fe070N.exe	102
PID 4704 wrote to memory of 4972	4704	43818f356317a3fdaf9c4740c25fe070N.exe	103
PID 4704 wrote to memory of 4972	4704	43818f356317a3fdaf9c4740c25fe070N.exe	103
PID 4704 wrote to memory of 3360	4704	43818f356317a3fdaf9c4740c25fe070N.exe	104
PID 4704 wrote to memory of 3360	4704	43818f356317a3fdaf9c4740c25fe070N.exe	104
PID 4704 wrote to memory of 4364	4704	43818f356317a3fdaf9c4740c25fe070N.exe	105
PID 4704 wrote to memory of 4364	4704	43818f356317a3fdaf9c4740c25fe070N.exe	105
PID 4704 wrote to memory of 3932	4704	43818f356317a3fdaf9c4740c25fe070N.exe	106
PID 4704 wrote to memory of 3932	4704	43818f356317a3fdaf9c4740c25fe070N.exe	106
PID 4704 wrote to memory of 2684	4704	43818f356317a3fdaf9c4740c25fe070N.exe	107
PID 4704 wrote to memory of 2684	4704	43818f356317a3fdaf9c4740c25fe070N.exe	107
PID 4704 wrote to memory of 4612	4704	43818f356317a3fdaf9c4740c25fe070N.exe	108
PID 4704 wrote to memory of 4612	4704	43818f356317a3fdaf9c4740c25fe070N.exe	108
PID 4704 wrote to memory of 4516	4704	43818f356317a3fdaf9c4740c25fe070N.exe	109
PID 4704 wrote to memory of 4516	4704	43818f356317a3fdaf9c4740c25fe070N.exe	109
PID 4704 wrote to memory of 1920	4704	43818f356317a3fdaf9c4740c25fe070N.exe	110
PID 4704 wrote to memory of 1920	4704	43818f356317a3fdaf9c4740c25fe070N.exe	110
PID 4704 wrote to memory of 2964	4704	43818f356317a3fdaf9c4740c25fe070N.exe	111
PID 4704 wrote to memory of 2964	4704	43818f356317a3fdaf9c4740c25fe070N.exe	111
PID 4704 wrote to memory of 3456	4704	43818f356317a3fdaf9c4740c25fe070N.exe	112
PID 4704 wrote to memory of 3456	4704	43818f356317a3fdaf9c4740c25fe070N.exe	112
PID 4704 wrote to memory of 4148	4704	43818f356317a3fdaf9c4740c25fe070N.exe	113
PID 4704 wrote to memory of 4148	4704	43818f356317a3fdaf9c4740c25fe070N.exe	113
PID 4704 wrote to memory of 1140	4704	43818f356317a3fdaf9c4740c25fe070N.exe	114
PID 4704 wrote to memory of 1140	4704	43818f356317a3fdaf9c4740c25fe070N.exe	114
PID 4704 wrote to memory of 2340	4704	43818f356317a3fdaf9c4740c25fe070N.exe	115
PID 4704 wrote to memory of 2340	4704	43818f356317a3fdaf9c4740c25fe070N.exe	115
PID 4704 wrote to memory of 2168	4704	43818f356317a3fdaf9c4740c25fe070N.exe	116
PID 4704 wrote to memory of 2168	4704	43818f356317a3fdaf9c4740c25fe070N.exe	116

C:\Users\Admin\AppData\Local\Temp\43818f356317a3fdaf9c4740c25fe070N.exe
"C:\Users\Admin\AppData\Local\Temp\43818f356317a3fdaf9c4740c25fe070N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4672
- C:\Windows\System\zEeEmsX.exe
  C:\Windows\System\zEeEmsX.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\izVsRHz.exe
  C:\Windows\System\izVsRHz.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\fJXvAWg.exe
  C:\Windows\System\fJXvAWg.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\bdFuQdg.exe
  C:\Windows\System\bdFuQdg.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\rEXXbOD.exe
  C:\Windows\System\rEXXbOD.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\hdVbBiD.exe
  C:\Windows\System\hdVbBiD.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\FvCLBwX.exe
  C:\Windows\System\FvCLBwX.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\AXrteGc.exe
  C:\Windows\System\AXrteGc.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\RWOkRGW.exe
  C:\Windows\System\RWOkRGW.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\HGKDTvM.exe
  C:\Windows\System\HGKDTvM.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\fomzdUt.exe
  C:\Windows\System\fomzdUt.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\JBbjHXo.exe
  C:\Windows\System\JBbjHXo.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\ofLfOHS.exe
  C:\Windows\System\ofLfOHS.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\YFBTxlF.exe
  C:\Windows\System\YFBTxlF.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\dEkoIdL.exe
  C:\Windows\System\dEkoIdL.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\YEzrPDe.exe
  C:\Windows\System\YEzrPDe.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\kQLMRAa.exe
  C:\Windows\System\kQLMRAa.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\mIHmVvq.exe
  C:\Windows\System\mIHmVvq.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\OrGRITQ.exe
  C:\Windows\System\OrGRITQ.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\vbqAlEt.exe
  C:\Windows\System\vbqAlEt.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\kWtMCku.exe
  C:\Windows\System\kWtMCku.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\AXNsoZF.exe
  C:\Windows\System\AXNsoZF.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\GgnTGQM.exe
  C:\Windows\System\GgnTGQM.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\zPpCBEK.exe
  C:\Windows\System\zPpCBEK.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\LlxGMgP.exe
  C:\Windows\System\LlxGMgP.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\QdtKtxg.exe
  C:\Windows\System\QdtKtxg.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\gHNuCRC.exe
  C:\Windows\System\gHNuCRC.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\MgnJxbZ.exe
  C:\Windows\System\MgnJxbZ.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\UgJUfLj.exe
  C:\Windows\System\UgJUfLj.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\HEVpAIw.exe
  C:\Windows\System\HEVpAIw.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\skcCYTi.exe
  C:\Windows\System\skcCYTi.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\CFUEpEZ.exe
  C:\Windows\System\CFUEpEZ.exe
  2⤵
  - Executes dropped EXE
  PID:4292
- C:\Windows\System\oIkeNjN.exe
  C:\Windows\System\oIkeNjN.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\zUEKKcl.exe
  C:\Windows\System\zUEKKcl.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\VswMJBo.exe
  C:\Windows\System\VswMJBo.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\YkaCBiK.exe
  C:\Windows\System\YkaCBiK.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\tXKGBcP.exe
  C:\Windows\System\tXKGBcP.exe
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Windows\System\xPEkfTs.exe
  C:\Windows\System\xPEkfTs.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\aHUoKcI.exe
  C:\Windows\System\aHUoKcI.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\eLwYUwW.exe
  C:\Windows\System\eLwYUwW.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\MArzOKi.exe
  C:\Windows\System\MArzOKi.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\fUWtpZs.exe
  C:\Windows\System\fUWtpZs.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\nUhROYS.exe
  C:\Windows\System\nUhROYS.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\iDsuBEc.exe
  C:\Windows\System\iDsuBEc.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\uTnknuW.exe
  C:\Windows\System\uTnknuW.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\dfAaNZn.exe
  C:\Windows\System\dfAaNZn.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\qhvHmrj.exe
  C:\Windows\System\qhvHmrj.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\RBvwrSb.exe
  C:\Windows\System\RBvwrSb.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\WWBvwqI.exe
  C:\Windows\System\WWBvwqI.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\OMlPyHv.exe
  C:\Windows\System\OMlPyHv.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\lmwOPOr.exe
  C:\Windows\System\lmwOPOr.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\OHjeBIE.exe
  C:\Windows\System\OHjeBIE.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\RxCLEeM.exe
  C:\Windows\System\RxCLEeM.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\hQgVBCk.exe
  C:\Windows\System\hQgVBCk.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\VtJbzpU.exe
  C:\Windows\System\VtJbzpU.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\xCNjNxm.exe
  C:\Windows\System\xCNjNxm.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\FileQjo.exe
  C:\Windows\System\FileQjo.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\xqmTSXd.exe
  C:\Windows\System\xqmTSXd.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\SGqbSxt.exe
  C:\Windows\System\SGqbSxt.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\OZasVAj.exe
  C:\Windows\System\OZasVAj.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\ELAjEJO.exe
  C:\Windows\System\ELAjEJO.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\yTceoKa.exe
  C:\Windows\System\yTceoKa.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\LTzmtAM.exe
  C:\Windows\System\LTzmtAM.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\VnnhoJo.exe
  C:\Windows\System\VnnhoJo.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\BWSScuC.exe
  C:\Windows\System\BWSScuC.exe
  2⤵
  PID:2564
- C:\Windows\System\cQCndRe.exe
  C:\Windows\System\cQCndRe.exe
  2⤵
  PID:4456
- C:\Windows\System\vixHQoi.exe
  C:\Windows\System\vixHQoi.exe
  2⤵
  PID:460
- C:\Windows\System\RPeEFZz.exe
  C:\Windows\System\RPeEFZz.exe
  2⤵
  PID:1948
- C:\Windows\System\pEjRJgj.exe
  C:\Windows\System\pEjRJgj.exe
  2⤵
  PID:3132
- C:\Windows\System\xIwWRcM.exe
  C:\Windows\System\xIwWRcM.exe
  2⤵
  PID:4952
- C:\Windows\System\DhpCCNW.exe
  C:\Windows\System\DhpCCNW.exe
  2⤵
  PID:4976
- C:\Windows\System\NUeiLHw.exe
  C:\Windows\System\NUeiLHw.exe
  2⤵
  PID:3640
- C:\Windows\System\QpKkIqu.exe
  C:\Windows\System\QpKkIqu.exe
  2⤵
  PID:3716
- C:\Windows\System\bmbCusD.exe
  C:\Windows\System\bmbCusD.exe
  2⤵
  PID:212
- C:\Windows\System\JJzJbvJ.exe
  C:\Windows\System\JJzJbvJ.exe
  2⤵
  PID:1472
- C:\Windows\System\vrdtVXb.exe
  C:\Windows\System\vrdtVXb.exe
  2⤵
  PID:4040
- C:\Windows\System\ueKXdYY.exe
  C:\Windows\System\ueKXdYY.exe
  2⤵
  PID:3136
- C:\Windows\System\vhFDWhh.exe
  C:\Windows\System\vhFDWhh.exe
  2⤵
  PID:4472
- C:\Windows\System\lShXYmI.exe
  C:\Windows\System\lShXYmI.exe
  2⤵
  PID:2028
- C:\Windows\System\NeLIZme.exe
  C:\Windows\System\NeLIZme.exe
  2⤵
  PID:3280
- C:\Windows\System\rptprBC.exe
  C:\Windows\System\rptprBC.exe
  2⤵
  PID:3584
- C:\Windows\System\wAwMrRA.exe
  C:\Windows\System\wAwMrRA.exe
  2⤵
  PID:2768
- C:\Windows\System\VWvqNrm.exe
  C:\Windows\System\VWvqNrm.exe
  2⤵
  PID:3448
- C:\Windows\System\ljnTPSv.exe
  C:\Windows\System\ljnTPSv.exe
  2⤵
  PID:3032
- C:\Windows\System\BlgdVhw.exe
  C:\Windows\System\BlgdVhw.exe
  2⤵
  PID:1760
- C:\Windows\System\FpiBknt.exe
  C:\Windows\System\FpiBknt.exe
  2⤵
  PID:4304
- C:\Windows\System\GCRtwmc.exe
  C:\Windows\System\GCRtwmc.exe
  2⤵
  PID:2400
- C:\Windows\System\NPtOVmV.exe
  C:\Windows\System\NPtOVmV.exe
  2⤵
  PID:3452
- C:\Windows\System\HhQeFdX.exe
  C:\Windows\System\HhQeFdX.exe
  2⤵
  PID:4288
- C:\Windows\System\ASPhTnK.exe
  C:\Windows\System\ASPhTnK.exe
  2⤵
  PID:3292
- C:\Windows\System\DFgMQhy.exe
  C:\Windows\System\DFgMQhy.exe
  2⤵
  PID:1336
- C:\Windows\System\lKzmkUl.exe
  C:\Windows\System\lKzmkUl.exe
  2⤵
  PID:3496
- C:\Windows\System\WAciNcg.exe
  C:\Windows\System\WAciNcg.exe
  2⤵
  PID:2996
- C:\Windows\System\IsXUulR.exe
  C:\Windows\System\IsXUulR.exe
  2⤵
  PID:2192
- C:\Windows\System\SVfIlYP.exe
  C:\Windows\System\SVfIlYP.exe
  2⤵
  PID:3680
- C:\Windows\System\ieEPYXw.exe
  C:\Windows\System\ieEPYXw.exe
  2⤵
  PID:3804
- C:\Windows\System\SOxoVrr.exe
  C:\Windows\System\SOxoVrr.exe
  2⤵
  PID:2844
- C:\Windows\System\rfTlpFc.exe
  C:\Windows\System\rfTlpFc.exe
  2⤵
  PID:4848
- C:\Windows\System\MzRFVmN.exe
  C:\Windows\System\MzRFVmN.exe
  2⤵
  PID:5116
- C:\Windows\System\PnwkccU.exe
  C:\Windows\System\PnwkccU.exe
  2⤵
  PID:2064
- C:\Windows\System\LHXCQuo.exe
  C:\Windows\System\LHXCQuo.exe
  2⤵
  PID:2172
- C:\Windows\System\VzJWVrL.exe
  C:\Windows\System\VzJWVrL.exe
  2⤵
  PID:892
- C:\Windows\System\bYeUHIb.exe
  C:\Windows\System\bYeUHIb.exe
  2⤵
  PID:2880
- C:\Windows\System\WFetNkC.exe
  C:\Windows\System\WFetNkC.exe
  2⤵
  PID:5136
- C:\Windows\System\lDrdaOG.exe
  C:\Windows\System\lDrdaOG.exe
  2⤵
  PID:5164
- C:\Windows\System\OQrSBes.exe
  C:\Windows\System\OQrSBes.exe
  2⤵
  PID:5180
- C:\Windows\System\NhfadMs.exe
  C:\Windows\System\NhfadMs.exe
  2⤵
  PID:5200
- C:\Windows\System\UoxVKYr.exe
  C:\Windows\System\UoxVKYr.exe
  2⤵
  PID:5220
- C:\Windows\System\iUIbxRs.exe
  C:\Windows\System\iUIbxRs.exe
  2⤵
  PID:5244
- C:\Windows\System\vOLLCkn.exe
  C:\Windows\System\vOLLCkn.exe
  2⤵
  PID:5260
- C:\Windows\System\XgqlEiC.exe
  C:\Windows\System\XgqlEiC.exe
  2⤵
  PID:5280
- C:\Windows\System\GvkbCvR.exe
  C:\Windows\System\GvkbCvR.exe
  2⤵
  PID:5296
- C:\Windows\System\XUEDHtC.exe
  C:\Windows\System\XUEDHtC.exe
  2⤵
  PID:5336
- C:\Windows\System\iKBpQIl.exe
  C:\Windows\System\iKBpQIl.exe
  2⤵
  PID:5352
- C:\Windows\System\FfDjPyR.exe
  C:\Windows\System\FfDjPyR.exe
  2⤵
  PID:5380
- C:\Windows\System\tjqUSQY.exe
  C:\Windows\System\tjqUSQY.exe
  2⤵
  PID:5400
- C:\Windows\System\GMyWxYz.exe
  C:\Windows\System\GMyWxYz.exe
  2⤵
  PID:5424
- C:\Windows\System\gvDVHKU.exe
  C:\Windows\System\gvDVHKU.exe
  2⤵
  PID:5444
- C:\Windows\System\wqqKpex.exe
  C:\Windows\System\wqqKpex.exe
  2⤵
  PID:5468
- C:\Windows\System\BgvfgKV.exe
  C:\Windows\System\BgvfgKV.exe
  2⤵
  PID:5492
- C:\Windows\System\NFYnAUJ.exe
  C:\Windows\System\NFYnAUJ.exe
  2⤵
  PID:5516
- C:\Windows\System\CvRkBVd.exe
  C:\Windows\System\CvRkBVd.exe
  2⤵
  PID:5532
- C:\Windows\System\FkuUpyT.exe
  C:\Windows\System\FkuUpyT.exe
  2⤵
  PID:5560
- C:\Windows\System\ermTjxA.exe
  C:\Windows\System\ermTjxA.exe
  2⤵
  PID:5576
- C:\Windows\System\ldxKdVi.exe
  C:\Windows\System\ldxKdVi.exe
  2⤵
  PID:5596
- C:\Windows\System\qPuvxfT.exe
  C:\Windows\System\qPuvxfT.exe
  2⤵
  PID:5616
- C:\Windows\System\VGcnEns.exe
  C:\Windows\System\VGcnEns.exe
  2⤵
  PID:5632
- C:\Windows\System\eQfuxkA.exe
  C:\Windows\System\eQfuxkA.exe
  2⤵
  PID:5668
- C:\Windows\System\gtdjmfn.exe
  C:\Windows\System\gtdjmfn.exe
  2⤵
  PID:5688
- C:\Windows\System\NlEKjkR.exe
  C:\Windows\System\NlEKjkR.exe
  2⤵
  PID:5704
- C:\Windows\System\oHYcyIy.exe
  C:\Windows\System\oHYcyIy.exe
  2⤵
  PID:5728
- C:\Windows\System\aSzdiBM.exe
  C:\Windows\System\aSzdiBM.exe
  2⤵
  PID:5752
- C:\Windows\System\LglEYby.exe
  C:\Windows\System\LglEYby.exe
  2⤵
  PID:5772
- C:\Windows\System\nkrbFWi.exe
  C:\Windows\System\nkrbFWi.exe
  2⤵
  PID:5796
- C:\Windows\System\SlLLDJq.exe
  C:\Windows\System\SlLLDJq.exe
  2⤵
  PID:5824
- C:\Windows\System\zDKXLKP.exe
  C:\Windows\System\zDKXLKP.exe
  2⤵
  PID:5844
- C:\Windows\System\EfeXMya.exe
  C:\Windows\System\EfeXMya.exe
  2⤵
  PID:5864
- C:\Windows\System\yNBNHiB.exe
  C:\Windows\System\yNBNHiB.exe
  2⤵
  PID:5884
- C:\Windows\System\TiiMYnE.exe
  C:\Windows\System\TiiMYnE.exe
  2⤵
  PID:5904
- C:\Windows\System\UfluyXH.exe
  C:\Windows\System\UfluyXH.exe
  2⤵
  PID:5924
- C:\Windows\System\RJVSTSp.exe
  C:\Windows\System\RJVSTSp.exe
  2⤵
  PID:5944
- C:\Windows\System\UnPFOMl.exe
  C:\Windows\System\UnPFOMl.exe
  2⤵
  PID:5964
- C:\Windows\System\HeCwtPq.exe
  C:\Windows\System\HeCwtPq.exe
  2⤵
  PID:5988
- C:\Windows\System\LsBFhkK.exe
  C:\Windows\System\LsBFhkK.exe
  2⤵
  PID:6004
- C:\Windows\System\NbiBBGT.exe
  C:\Windows\System\NbiBBGT.exe
  2⤵
  PID:6028
- C:\Windows\System\pVKmgQV.exe
  C:\Windows\System\pVKmgQV.exe
  2⤵
  PID:6044
- C:\Windows\System\vUgQMSw.exe
  C:\Windows\System\vUgQMSw.exe
  2⤵
  PID:6068
- C:\Windows\System\lMTcWLu.exe
  C:\Windows\System\lMTcWLu.exe
  2⤵
  PID:6092
- C:\Windows\System\XThqaDh.exe
  C:\Windows\System\XThqaDh.exe
  2⤵
  PID:6116
- C:\Windows\System\BlntIRc.exe
  C:\Windows\System\BlntIRc.exe
  2⤵
  PID:6132
- C:\Windows\System\UelaaTB.exe
  C:\Windows\System\UelaaTB.exe
  2⤵
  PID:2240
- C:\Windows\System\fbdODpP.exe
  C:\Windows\System\fbdODpP.exe
  2⤵
  PID:4368
- C:\Windows\System\ePfptWZ.exe
  C:\Windows\System\ePfptWZ.exe
  2⤵
  PID:4168
- C:\Windows\System\dmSosWQ.exe
  C:\Windows\System\dmSosWQ.exe
  2⤵
  PID:5144
- C:\Windows\System\avwfNHe.exe
  C:\Windows\System\avwfNHe.exe
  2⤵
  PID:2632
- C:\Windows\System\UiqGDRX.exe
  C:\Windows\System\UiqGDRX.exe
  2⤵
  PID:5064
- C:\Windows\System\JuDxRDI.exe
  C:\Windows\System\JuDxRDI.exe
  2⤵
  PID:5328
- C:\Windows\System\svomTqH.exe
  C:\Windows\System\svomTqH.exe
  2⤵
  PID:5372
- C:\Windows\System\ttxMhtR.exe
  C:\Windows\System\ttxMhtR.exe
  2⤵
  PID:5440
- C:\Windows\System\HvtqScJ.exe
  C:\Windows\System\HvtqScJ.exe
  2⤵
  PID:5252
- C:\Windows\System\bymMJiO.exe
  C:\Windows\System\bymMJiO.exe
  2⤵
  PID:5316
- C:\Windows\System\bpUNOOf.exe
  C:\Windows\System\bpUNOOf.exe
  2⤵
  PID:5612
- C:\Windows\System\XRPmadm.exe
  C:\Windows\System\XRPmadm.exe
  2⤵
  PID:5392
- C:\Windows\System\FsWwmBP.exe
  C:\Windows\System\FsWwmBP.exe
  2⤵
  PID:5700
- C:\Windows\System\izVHtuJ.exe
  C:\Windows\System\izVHtuJ.exe
  2⤵
  PID:5464
- C:\Windows\System\QEyKvjw.exe
  C:\Windows\System\QEyKvjw.exe
  2⤵
  PID:5896
- C:\Windows\System\FiTPUko.exe
  C:\Windows\System\FiTPUko.exe
  2⤵
  PID:2184
- C:\Windows\System\mjwaYON.exe
  C:\Windows\System\mjwaYON.exe
  2⤵
  PID:5996
- C:\Windows\System\EnbNZyz.exe
  C:\Windows\System\EnbNZyz.exe
  2⤵
  PID:388
- C:\Windows\System\uryUwJg.exe
  C:\Windows\System\uryUwJg.exe
  2⤵
  PID:6012
- C:\Windows\System\fdzLjJx.exe
  C:\Windows\System\fdzLjJx.exe
  2⤵
  PID:5720
- C:\Windows\System\XTZDYYY.exe
  C:\Windows\System\XTZDYYY.exe
  2⤵
  PID:6160
- C:\Windows\System\nxeTqbY.exe
  C:\Windows\System\nxeTqbY.exe
  2⤵
  PID:6188
- C:\Windows\System\DTZaXYQ.exe
  C:\Windows\System\DTZaXYQ.exe
  2⤵
  PID:6216
- C:\Windows\System\CBkazlz.exe
  C:\Windows\System\CBkazlz.exe
  2⤵
  PID:6236
- C:\Windows\System\HVWKnRy.exe
  C:\Windows\System\HVWKnRy.exe
  2⤵
  PID:6264
- C:\Windows\System\VHHWfwt.exe
  C:\Windows\System\VHHWfwt.exe
  2⤵
  PID:6284
- C:\Windows\System\acaYECB.exe
  C:\Windows\System\acaYECB.exe
  2⤵
  PID:6304
- C:\Windows\System\WPbeonP.exe
  C:\Windows\System\WPbeonP.exe
  2⤵
  PID:6328
- C:\Windows\System\TFfhPTO.exe
  C:\Windows\System\TFfhPTO.exe
  2⤵
  PID:6360
- C:\Windows\System\nbntXnO.exe
  C:\Windows\System\nbntXnO.exe
  2⤵
  PID:6400
- C:\Windows\System\IPdIdlp.exe
  C:\Windows\System\IPdIdlp.exe
  2⤵
  PID:6420
- C:\Windows\System\dxCsPvG.exe
  C:\Windows\System\dxCsPvG.exe
  2⤵
  PID:6452
- C:\Windows\System\xJiTpQm.exe
  C:\Windows\System\xJiTpQm.exe
  2⤵
  PID:6472
- C:\Windows\System\PWevNFA.exe
  C:\Windows\System\PWevNFA.exe
  2⤵
  PID:6500
- C:\Windows\System\qjteXtI.exe
  C:\Windows\System\qjteXtI.exe
  2⤵
  PID:6520
- C:\Windows\System\chSxfcz.exe
  C:\Windows\System\chSxfcz.exe
  2⤵
  PID:6540
- C:\Windows\System\ItwIWRG.exe
  C:\Windows\System\ItwIWRG.exe
  2⤵
  PID:6564
- C:\Windows\System\xBfxAiR.exe
  C:\Windows\System\xBfxAiR.exe
  2⤵
  PID:6580
- C:\Windows\System\JsXOnbq.exe
  C:\Windows\System\JsXOnbq.exe
  2⤵
  PID:6616
- C:\Windows\System\uWkKaSh.exe
  C:\Windows\System\uWkKaSh.exe
  2⤵
  PID:6632
- C:\Windows\System\ichcnWT.exe
  C:\Windows\System\ichcnWT.exe
  2⤵
  PID:6656
- C:\Windows\System\maAPvcN.exe
  C:\Windows\System\maAPvcN.exe
  2⤵
  PID:6680
- C:\Windows\System\fBbOzIO.exe
  C:\Windows\System\fBbOzIO.exe
  2⤵
  PID:6712
- C:\Windows\System\ZTIRvVK.exe
  C:\Windows\System\ZTIRvVK.exe
  2⤵
  PID:6736
- C:\Windows\System\tsetyMu.exe
  C:\Windows\System\tsetyMu.exe
  2⤵
  PID:6764
- C:\Windows\System\CfvQecl.exe
  C:\Windows\System\CfvQecl.exe
  2⤵
  PID:6780
- C:\Windows\System\uWZrJDZ.exe
  C:\Windows\System\uWZrJDZ.exe
  2⤵
  PID:6800
- C:\Windows\System\ACrPXtv.exe
  C:\Windows\System\ACrPXtv.exe
  2⤵
  PID:6828
- C:\Windows\System\JTUJEby.exe
  C:\Windows\System\JTUJEby.exe
  2⤵
  PID:6856
- C:\Windows\System\OiBNXGY.exe
  C:\Windows\System\OiBNXGY.exe
  2⤵
  PID:6884
- C:\Windows\System\GIwhHBd.exe
  C:\Windows\System\GIwhHBd.exe
  2⤵
  PID:6900
- C:\Windows\System\NOSvnlD.exe
  C:\Windows\System\NOSvnlD.exe
  2⤵
  PID:6920
- C:\Windows\System\CYsFAjI.exe
  C:\Windows\System\CYsFAjI.exe
  2⤵
  PID:6940
- C:\Windows\System\HAKTWmF.exe
  C:\Windows\System\HAKTWmF.exe
  2⤵
  PID:6960
- C:\Windows\System\MaFmrbH.exe
  C:\Windows\System\MaFmrbH.exe
  2⤵
  PID:6980
- C:\Windows\System\rUJcOjx.exe
  C:\Windows\System\rUJcOjx.exe
  2⤵
  PID:7012
- C:\Windows\System\wKXzsyB.exe
  C:\Windows\System\wKXzsyB.exe
  2⤵
  PID:7028
- C:\Windows\System\QkaHvXt.exe
  C:\Windows\System\QkaHvXt.exe
  2⤵
  PID:7060
- C:\Windows\System\nVqZrxa.exe
  C:\Windows\System\nVqZrxa.exe
  2⤵
  PID:7080
- C:\Windows\System\GubPdqN.exe
  C:\Windows\System\GubPdqN.exe
  2⤵
  PID:7100
- C:\Windows\System\ruKpJQy.exe
  C:\Windows\System\ruKpJQy.exe
  2⤵
  PID:7120
- C:\Windows\System\gWeIaPF.exe
  C:\Windows\System\gWeIaPF.exe
  2⤵
  PID:7140
- C:\Windows\System\mCzfkOj.exe
  C:\Windows\System\mCzfkOj.exe
  2⤵
  PID:7164
- C:\Windows\System\EsBlUAM.exe
  C:\Windows\System\EsBlUAM.exe
  2⤵
  PID:5812
- C:\Windows\System\ZmevcyI.exe
  C:\Windows\System\ZmevcyI.exe
  2⤵
  PID:2244
- C:\Windows\System\rWpumSw.exe
  C:\Windows\System\rWpumSw.exe
  2⤵
  PID:5312
- C:\Windows\System\xNesbPV.exe
  C:\Windows\System\xNesbPV.exe
  2⤵
  PID:5920
- C:\Windows\System\dwpyHKQ.exe
  C:\Windows\System\dwpyHKQ.exe
  2⤵
  PID:5640
- C:\Windows\System\moAVmZF.exe
  C:\Windows\System\moAVmZF.exe
  2⤵
  PID:6040
- C:\Windows\System\fdMZXrn.exe
  C:\Windows\System\fdMZXrn.exe
  2⤵
  PID:6000
- C:\Windows\System\yqNPFaK.exe
  C:\Windows\System\yqNPFaK.exe
  2⤵
  PID:6152
- C:\Windows\System\PujCuZQ.exe
  C:\Windows\System\PujCuZQ.exe
  2⤵
  PID:2264
- C:\Windows\System\PQnqFuS.exe
  C:\Windows\System\PQnqFuS.exe
  2⤵
  PID:6272
- C:\Windows\System\mQCfBZX.exe
  C:\Windows\System\mQCfBZX.exe
  2⤵
  PID:2416
- C:\Windows\System\vHmVGew.exe
  C:\Windows\System\vHmVGew.exe
  2⤵
  PID:6480
- C:\Windows\System\mrmDVlx.exe
  C:\Windows\System\mrmDVlx.exe
  2⤵
  PID:5228
- C:\Windows\System\pmTHdSX.exe
  C:\Windows\System\pmTHdSX.exe
  2⤵
  PID:5524
- C:\Windows\System\QOoZsbZ.exe
  C:\Windows\System\QOoZsbZ.exe
  2⤵
  PID:6604
- C:\Windows\System\BPJZlTN.exe
  C:\Windows\System\BPJZlTN.exe
  2⤵
  PID:5584
- C:\Windows\System\miIcBEN.exe
  C:\Windows\System\miIcBEN.exe
  2⤵
  PID:6652
- C:\Windows\System\aMUkgxG.exe
  C:\Windows\System\aMUkgxG.exe
  2⤵
  PID:6748
- C:\Windows\System\mdZUVNh.exe
  C:\Windows\System\mdZUVNh.exe
  2⤵
  PID:6796
- C:\Windows\System\CxuSkmC.exe
  C:\Windows\System\CxuSkmC.exe
  2⤵
  PID:6824
- C:\Windows\System\ZJnYLEB.exe
  C:\Windows\System\ZJnYLEB.exe
  2⤵
  PID:6896
- C:\Windows\System\pnIDSXu.exe
  C:\Windows\System\pnIDSXu.exe
  2⤵
  PID:6196
- C:\Windows\System\ThdwAus.exe
  C:\Windows\System\ThdwAus.exe
  2⤵
  PID:7172
- C:\Windows\System\GNqQPTe.exe
  C:\Windows\System\GNqQPTe.exe
  2⤵
  PID:7192
- C:\Windows\System\zbZVxPE.exe
  C:\Windows\System\zbZVxPE.exe
  2⤵
  PID:7212
- C:\Windows\System\xCpCmkD.exe
  C:\Windows\System\xCpCmkD.exe
  2⤵
  PID:7228
- C:\Windows\System\NskwPnC.exe
  C:\Windows\System\NskwPnC.exe
  2⤵
  PID:7248
- C:\Windows\System\mqgDRWK.exe
  C:\Windows\System\mqgDRWK.exe
  2⤵
  PID:7268
- C:\Windows\System\LfIsUGn.exe
  C:\Windows\System\LfIsUGn.exe
  2⤵
  PID:7288
- C:\Windows\System\mZsoMOo.exe
  C:\Windows\System\mZsoMOo.exe
  2⤵
  PID:7308
- C:\Windows\System\BBdxbUU.exe
  C:\Windows\System\BBdxbUU.exe
  2⤵
  PID:7332
- C:\Windows\System\yNruXcq.exe
  C:\Windows\System\yNruXcq.exe
  2⤵
  PID:7356
- C:\Windows\System\kGNplYl.exe
  C:\Windows\System\kGNplYl.exe
  2⤵
  PID:7380
- C:\Windows\System\BaClMvb.exe
  C:\Windows\System\BaClMvb.exe
  2⤵
  PID:7400
- C:\Windows\System\PALadpb.exe
  C:\Windows\System\PALadpb.exe
  2⤵
  PID:7424
- C:\Windows\System\numgDvO.exe
  C:\Windows\System\numgDvO.exe
  2⤵
  PID:7444
- C:\Windows\System\nucPWcz.exe
  C:\Windows\System\nucPWcz.exe
  2⤵
  PID:7464
- C:\Windows\System\pCKZeJV.exe
  C:\Windows\System\pCKZeJV.exe
  2⤵
  PID:7480
- C:\Windows\System\SCTdNOw.exe
  C:\Windows\System\SCTdNOw.exe
  2⤵
  PID:7500
- C:\Windows\System\miDkBLt.exe
  C:\Windows\System\miDkBLt.exe
  2⤵
  PID:7520
- C:\Windows\System\JwWIBUq.exe
  C:\Windows\System\JwWIBUq.exe
  2⤵
  PID:7540
- C:\Windows\System\OxfKYlJ.exe
  C:\Windows\System\OxfKYlJ.exe
  2⤵
  PID:7872
- C:\Windows\System\SglttQM.exe
  C:\Windows\System\SglttQM.exe
  2⤵
  PID:7904
- C:\Windows\System\ZIYyyXL.exe
  C:\Windows\System\ZIYyyXL.exe
  2⤵
  PID:7924
- C:\Windows\System\GeCQJJh.exe
  C:\Windows\System\GeCQJJh.exe
  2⤵
  PID:7952
- C:\Windows\System\lTYPnPp.exe
  C:\Windows\System\lTYPnPp.exe
  2⤵
  PID:7968
- C:\Windows\System\IWqIiim.exe
  C:\Windows\System\IWqIiim.exe
  2⤵
  PID:7984
- C:\Windows\System\QyeOphJ.exe
  C:\Windows\System\QyeOphJ.exe
  2⤵
  PID:8004
- C:\Windows\System\wVjlJkZ.exe
  C:\Windows\System\wVjlJkZ.exe
  2⤵
  PID:8024
- C:\Windows\System\juuAchf.exe
  C:\Windows\System\juuAchf.exe
  2⤵
  PID:8044
- C:\Windows\System\fDrJLxn.exe
  C:\Windows\System\fDrJLxn.exe
  2⤵
  PID:8064
- C:\Windows\System\tSkagmN.exe
  C:\Windows\System\tSkagmN.exe
  2⤵
  PID:8084
- C:\Windows\System\LynPolN.exe
  C:\Windows\System\LynPolN.exe
  2⤵
  PID:8104
- C:\Windows\System\fzDKfKi.exe
  C:\Windows\System\fzDKfKi.exe
  2⤵
  PID:8128
- C:\Windows\System\eGQUcIg.exe
  C:\Windows\System\eGQUcIg.exe
  2⤵
  PID:8152
- C:\Windows\System\xHxNYuG.exe
  C:\Windows\System\xHxNYuG.exe
  2⤵
  PID:8184
- C:\Windows\System\CTMSOEJ.exe
  C:\Windows\System\CTMSOEJ.exe
  2⤵
  PID:6344
- C:\Windows\System\tTjhkzv.exe
  C:\Windows\System\tTjhkzv.exe
  2⤵
  PID:5936
- C:\Windows\System\CxJsFkg.exe
  C:\Windows\System\CxJsFkg.exe
  2⤵
  PID:6464
- C:\Windows\System\xcjFkcd.exe
  C:\Windows\System\xcjFkcd.exe
  2⤵
  PID:7148
- C:\Windows\System\NADCALR.exe
  C:\Windows\System\NADCALR.exe
  2⤵
  PID:5788
- C:\Windows\System\nXEIcZQ.exe
  C:\Windows\System\nXEIcZQ.exe
  2⤵
  PID:5628
- C:\Windows\System\tQFmQFh.exe
  C:\Windows\System\tQFmQFh.exe
  2⤵
  PID:3956
- C:\Windows\System\yZxYkjb.exe
  C:\Windows\System\yZxYkjb.exe
  2⤵
  PID:6228
- C:\Windows\System\SrYMycH.exe
  C:\Windows\System\SrYMycH.exe
  2⤵
  PID:6844
- C:\Windows\System\LBBtSYE.exe
  C:\Windows\System\LBBtSYE.exe
  2⤵
  PID:6172
- C:\Windows\System\OwuuHCc.exe
  C:\Windows\System\OwuuHCc.exe
  2⤵
  PID:6372
- C:\Windows\System\qNgdwCs.exe
  C:\Windows\System\qNgdwCs.exe
  2⤵
  PID:7260
- C:\Windows\System\QFbKfbB.exe
  C:\Windows\System\QFbKfbB.exe
  2⤵
  PID:5860
- C:\Windows\System\pzirdxl.exe
  C:\Windows\System\pzirdxl.exe
  2⤵
  PID:7488
- C:\Windows\System\qTHdjeh.exe
  C:\Windows\System\qTHdjeh.exe
  2⤵
  PID:7596
- C:\Windows\System\WUAmnGz.exe
  C:\Windows\System\WUAmnGz.exe
  2⤵
  PID:6104
- C:\Windows\System\XBrYDxY.exe
  C:\Windows\System\XBrYDxY.exe
  2⤵
  PID:7200
- C:\Windows\System\LoSzzaW.exe
  C:\Windows\System\LoSzzaW.exe
  2⤵
  PID:7300
- C:\Windows\System\TzdgpbA.exe
  C:\Windows\System\TzdgpbA.exe
  2⤵
  PID:7408
- C:\Windows\System\PRFZTLs.exe
  C:\Windows\System\PRFZTLs.exe
  2⤵
  PID:7532
- C:\Windows\System\NgqKLTo.exe
  C:\Windows\System\NgqKLTo.exe
  2⤵
  PID:7328
- C:\Windows\System\beXUkXl.exe
  C:\Windows\System\beXUkXl.exe
  2⤵
  PID:7376
- C:\Windows\System\vZAsNHM.exe
  C:\Windows\System\vZAsNHM.exe
  2⤵
  PID:6352
- C:\Windows\System\YXYjbRs.exe
  C:\Windows\System\YXYjbRs.exe
  2⤵
  PID:7584
- C:\Windows\System\NwLkanA.exe
  C:\Windows\System\NwLkanA.exe
  2⤵
  PID:6624
- C:\Windows\System\eNxPLab.exe
  C:\Windows\System\eNxPLab.exe
  2⤵
  PID:6708
- C:\Windows\System\ZZvBRwB.exe
  C:\Windows\System\ZZvBRwB.exe
  2⤵
  PID:7492
- C:\Windows\System\FznxmQf.exe
  C:\Windows\System\FznxmQf.exe
  2⤵
  PID:7868
- C:\Windows\System\XVIihot.exe
  C:\Windows\System\XVIihot.exe
  2⤵
  PID:7556
- C:\Windows\System\lxKWRuF.exe
  C:\Windows\System\lxKWRuF.exe
  2⤵
  PID:6312
- C:\Windows\System\Ylepdmb.exe
  C:\Windows\System\Ylepdmb.exe
  2⤵
  PID:7636
- C:\Windows\System\SJOBcCu.exe
  C:\Windows\System\SJOBcCu.exe
  2⤵
  PID:8036
- C:\Windows\System\DsdzMdf.exe
  C:\Windows\System\DsdzMdf.exe
  2⤵
  PID:8076
- C:\Windows\System\ujVbwmi.exe
  C:\Windows\System\ujVbwmi.exe
  2⤵
  PID:7664
- C:\Windows\System\UvhInhg.exe
  C:\Windows\System\UvhInhg.exe
  2⤵
  PID:8144
- C:\Windows\System\urDjhbB.exe
  C:\Windows\System\urDjhbB.exe
  2⤵
  PID:7696
- C:\Windows\System\guKcCOC.exe
  C:\Windows\System\guKcCOC.exe
  2⤵
  PID:7136
- C:\Windows\System\bOsHZxI.exe
  C:\Windows\System\bOsHZxI.exe
  2⤵
  PID:7416
- C:\Windows\System\iexyKrA.exe
  C:\Windows\System\iexyKrA.exe
  2⤵
  PID:7760
- C:\Windows\System\zVbeinl.exe
  C:\Windows\System\zVbeinl.exe
  2⤵
  PID:7888
- C:\Windows\System\qgIxHwh.exe
  C:\Windows\System\qgIxHwh.exe
  2⤵
  PID:8212
- C:\Windows\System\lHLrdhf.exe
  C:\Windows\System\lHLrdhf.exe
  2⤵
  PID:8228
- C:\Windows\System\xgEzqtQ.exe
  C:\Windows\System\xgEzqtQ.exe
  2⤵
  PID:8248
- C:\Windows\System\YNEHRLD.exe
  C:\Windows\System\YNEHRLD.exe
  2⤵
  PID:8268
- C:\Windows\System\qfOBAWy.exe
  C:\Windows\System\qfOBAWy.exe
  2⤵
  PID:8288
- C:\Windows\System\HUHbpFF.exe
  C:\Windows\System\HUHbpFF.exe
  2⤵
  PID:8308
- C:\Windows\System\XNzRQzV.exe
  C:\Windows\System\XNzRQzV.exe
  2⤵
  PID:8328
- C:\Windows\System\dSSMfaG.exe
  C:\Windows\System\dSSMfaG.exe
  2⤵
  PID:8348
- C:\Windows\System\awMxcqN.exe
  C:\Windows\System\awMxcqN.exe
  2⤵
  PID:8368
- C:\Windows\System\ndfRfCz.exe
  C:\Windows\System\ndfRfCz.exe
  2⤵
  PID:8396
- C:\Windows\System\xESVoFc.exe
  C:\Windows\System\xESVoFc.exe
  2⤵
  PID:8416
- C:\Windows\System\PIRnGOP.exe
  C:\Windows\System\PIRnGOP.exe
  2⤵
  PID:8436
- C:\Windows\System\vOtaSxs.exe
  C:\Windows\System\vOtaSxs.exe
  2⤵
  PID:8456
- C:\Windows\System\ggqgANZ.exe
  C:\Windows\System\ggqgANZ.exe
  2⤵
  PID:8472
- C:\Windows\System\bprtVaz.exe
  C:\Windows\System\bprtVaz.exe
  2⤵
  PID:8492
- C:\Windows\System\ZvGbVli.exe
  C:\Windows\System\ZvGbVli.exe
  2⤵
  PID:8520
- C:\Windows\System\mVvmCbx.exe
  C:\Windows\System\mVvmCbx.exe
  2⤵
  PID:8540
- C:\Windows\System\SVFXaMk.exe
  C:\Windows\System\SVFXaMk.exe
  2⤵
  PID:8568
- C:\Windows\System\KVQIzwj.exe
  C:\Windows\System\KVQIzwj.exe
  2⤵
  PID:8612
- C:\Windows\System\hsBXERQ.exe
  C:\Windows\System\hsBXERQ.exe
  2⤵
  PID:8636
- C:\Windows\System\NRxjbSC.exe
  C:\Windows\System\NRxjbSC.exe
  2⤵
  PID:8660
- C:\Windows\System\KEBDlQm.exe
  C:\Windows\System\KEBDlQm.exe
  2⤵
  PID:8676
- C:\Windows\System\FwntfgH.exe
  C:\Windows\System\FwntfgH.exe
  2⤵
  PID:8700
- C:\Windows\System\ZexgxBK.exe
  C:\Windows\System\ZexgxBK.exe
  2⤵
  PID:8720
- C:\Windows\System\usqcvDC.exe
  C:\Windows\System\usqcvDC.exe
  2⤵
  PID:8740
- C:\Windows\System\LQgAOlY.exe
  C:\Windows\System\LQgAOlY.exe
  2⤵
  PID:8760
- C:\Windows\System\ZlIPXYt.exe
  C:\Windows\System\ZlIPXYt.exe
  2⤵
  PID:8784
- C:\Windows\System\zYEhLkk.exe
  C:\Windows\System\zYEhLkk.exe
  2⤵
  PID:8812
- C:\Windows\System\UtDCZCs.exe
  C:\Windows\System\UtDCZCs.exe
  2⤵
  PID:8828
- C:\Windows\System\ytOZXOm.exe
  C:\Windows\System\ytOZXOm.exe
  2⤵
  PID:8852
- C:\Windows\System\fhtZnUr.exe
  C:\Windows\System\fhtZnUr.exe
  2⤵
  PID:8876
- C:\Windows\System\PtvUIIh.exe
  C:\Windows\System\PtvUIIh.exe
  2⤵
  PID:8900
- C:\Windows\System\fkBgUYo.exe
  C:\Windows\System\fkBgUYo.exe
  2⤵
  PID:8928
- C:\Windows\System\ygVDuYb.exe
  C:\Windows\System\ygVDuYb.exe
  2⤵
  PID:8956
- C:\Windows\System\LOeswWe.exe
  C:\Windows\System\LOeswWe.exe
  2⤵
  PID:8996
- C:\Windows\System\DEDPnyf.exe
  C:\Windows\System\DEDPnyf.exe
  2⤵
  PID:9012
- C:\Windows\System\QxSrmSG.exe
  C:\Windows\System\QxSrmSG.exe
  2⤵
  PID:9036
- C:\Windows\System\vASnwRW.exe
  C:\Windows\System\vASnwRW.exe
  2⤵
  PID:9056
- C:\Windows\System\RhmCZNG.exe
  C:\Windows\System\RhmCZNG.exe
  2⤵
  PID:9076
- C:\Windows\System\gDjwdFw.exe
  C:\Windows\System\gDjwdFw.exe
  2⤵
  PID:9096
- C:\Windows\System\xhPLsJy.exe
  C:\Windows\System\xhPLsJy.exe
  2⤵
  PID:9120
- C:\Windows\System\gAaMLrR.exe
  C:\Windows\System\gAaMLrR.exe
  2⤵
  PID:9140
- C:\Windows\System\fsrkplb.exe
  C:\Windows\System\fsrkplb.exe
  2⤵
  PID:9160
- C:\Windows\System\PatrXSE.exe
  C:\Windows\System\PatrXSE.exe
  2⤵
  PID:9196
- C:\Windows\System\QKjtmHV.exe
  C:\Windows\System\QKjtmHV.exe
  2⤵
  PID:7892
- C:\Windows\System\vnucfXQ.exe
  C:\Windows\System\vnucfXQ.exe
  2⤵
  PID:6516
- C:\Windows\System\NTRTZzX.exe
  C:\Windows\System\NTRTZzX.exe
  2⤵
  PID:8000
- C:\Windows\System\ZFJEmwo.exe
  C:\Windows\System\ZFJEmwo.exe
  2⤵
  PID:7256
- C:\Windows\System\uvuibaY.exe
  C:\Windows\System\uvuibaY.exe
  2⤵
  PID:5880
- C:\Windows\System\SpjbUAU.exe
  C:\Windows\System\SpjbUAU.exe
  2⤵
  PID:9236
- C:\Windows\System\PmEeFXB.exe
  C:\Windows\System\PmEeFXB.exe
  2⤵
  PID:9256
- C:\Windows\System\RhpVDDA.exe
  C:\Windows\System\RhpVDDA.exe
  2⤵
  PID:9280
- C:\Windows\System\ZwPpJmX.exe
  C:\Windows\System\ZwPpJmX.exe
  2⤵
  PID:9300
- C:\Windows\System\jgzYnxF.exe
  C:\Windows\System\jgzYnxF.exe
  2⤵
  PID:9324
- C:\Windows\System\htrzAYt.exe
  C:\Windows\System\htrzAYt.exe
  2⤵
  PID:9344
- C:\Windows\System\ZmqVGgz.exe
  C:\Windows\System\ZmqVGgz.exe
  2⤵
  PID:9372
- C:\Windows\System\cBFcnrC.exe
  C:\Windows\System\cBFcnrC.exe
  2⤵
  PID:9388
- C:\Windows\System\EYaQDNp.exe
  C:\Windows\System\EYaQDNp.exe
  2⤵
  PID:9408
- C:\Windows\System\NDhjrPb.exe
  C:\Windows\System\NDhjrPb.exe
  2⤵
  PID:9428
- C:\Windows\System\Sdnvsyf.exe
  C:\Windows\System\Sdnvsyf.exe
  2⤵
  PID:9452
- C:\Windows\System\NpOEycd.exe
  C:\Windows\System\NpOEycd.exe
  2⤵
  PID:9476
- C:\Windows\System\XhKfmLx.exe
  C:\Windows\System\XhKfmLx.exe
  2⤵
  PID:9496
- C:\Windows\System\gwdDvXh.exe
  C:\Windows\System\gwdDvXh.exe
  2⤵
  PID:9516
- C:\Windows\System\qaWKMyJ.exe
  C:\Windows\System\qaWKMyJ.exe
  2⤵
  PID:9532
- C:\Windows\System\CflPVkX.exe
  C:\Windows\System\CflPVkX.exe
  2⤵
  PID:9556
- C:\Windows\System\tYNKpjO.exe
  C:\Windows\System\tYNKpjO.exe
  2⤵
  PID:9576
- C:\Windows\System\BOjXbxq.exe
  C:\Windows\System\BOjXbxq.exe
  2⤵
  PID:9604
- C:\Windows\System\IkDfZsE.exe
  C:\Windows\System\IkDfZsE.exe
  2⤵
  PID:9620
- C:\Windows\System\drionWo.exe
  C:\Windows\System\drionWo.exe
  2⤵
  PID:9644
- C:\Windows\System\kcbRclG.exe
  C:\Windows\System\kcbRclG.exe
  2⤵
  PID:9664
- C:\Windows\System\YtJadtW.exe
  C:\Windows\System\YtJadtW.exe
  2⤵
  PID:9684
- C:\Windows\System\XUwXFaM.exe
  C:\Windows\System\XUwXFaM.exe
  2⤵
  PID:9700
- C:\Windows\System\RlJwjLx.exe
  C:\Windows\System\RlJwjLx.exe
  2⤵
  PID:9724
- C:\Windows\System\bYnYwsL.exe
  C:\Windows\System\bYnYwsL.exe
  2⤵
  PID:9744
- C:\Windows\System\RGJVKUV.exe
  C:\Windows\System\RGJVKUV.exe
  2⤵
  PID:9768
- C:\Windows\System\tXQhdMm.exe
  C:\Windows\System\tXQhdMm.exe
  2⤵
  PID:9784
- C:\Windows\System\MYEdEwl.exe
  C:\Windows\System\MYEdEwl.exe
  2⤵
  PID:9812
- C:\Windows\System\myDfpbC.exe
  C:\Windows\System\myDfpbC.exe
  2⤵
  PID:9836
- C:\Windows\System\erRSZbr.exe
  C:\Windows\System\erRSZbr.exe
  2⤵
  PID:9856
- C:\Windows\System\DllaBiQ.exe
  C:\Windows\System\DllaBiQ.exe
  2⤵
  PID:9876
- C:\Windows\System\yTxavuR.exe
  C:\Windows\System\yTxavuR.exe
  2⤵
  PID:9896
- C:\Windows\System\cHSXiiX.exe
  C:\Windows\System\cHSXiiX.exe
  2⤵
  PID:9920
- C:\Windows\System\mmZCHCo.exe
  C:\Windows\System\mmZCHCo.exe
  2⤵
  PID:9940
- C:\Windows\System\FuYZleL.exe
  C:\Windows\System\FuYZleL.exe
  2⤵
  PID:9964
- C:\Windows\System\kRMAYVB.exe
  C:\Windows\System\kRMAYVB.exe
  2⤵
  PID:9980
- C:\Windows\System\LupWrve.exe
  C:\Windows\System\LupWrve.exe
  2⤵
  PID:9996
- C:\Windows\System\oFHbFNs.exe
  C:\Windows\System\oFHbFNs.exe
  2⤵
  PID:10012
- C:\Windows\System\PmYoezT.exe
  C:\Windows\System\PmYoezT.exe
  2⤵
  PID:10028
- C:\Windows\System\dXyjcTM.exe
  C:\Windows\System\dXyjcTM.exe
  2⤵
  PID:10048
- C:\Windows\System\UUGkvBF.exe
  C:\Windows\System\UUGkvBF.exe
  2⤵
  PID:10072
- C:\Windows\System\LGByVbi.exe
  C:\Windows\System\LGByVbi.exe
  2⤵
  PID:10092
- C:\Windows\System\pSDWEOq.exe
  C:\Windows\System\pSDWEOq.exe
  2⤵
  PID:10112
- C:\Windows\System\TWxWkzK.exe
  C:\Windows\System\TWxWkzK.exe
  2⤵
  PID:10132
- C:\Windows\System\GBypeWF.exe
  C:\Windows\System\GBypeWF.exe
  2⤵
  PID:10156
- C:\Windows\System\ZqKQZdt.exe
  C:\Windows\System\ZqKQZdt.exe
  2⤵
  PID:10180
- C:\Windows\System\vXUfFYr.exe
  C:\Windows\System\vXUfFYr.exe
  2⤵
  PID:10204
- C:\Windows\System\WWuQiMu.exe
  C:\Windows\System\WWuQiMu.exe
  2⤵
  PID:10220
- C:\Windows\System\ASaiVGO.exe
  C:\Windows\System\ASaiVGO.exe
  2⤵
  PID:8052
- C:\Windows\System\XPdtlxY.exe
  C:\Windows\System\XPdtlxY.exe
  2⤵
  PID:7780
- C:\Windows\System\wmGNQQx.exe
  C:\Windows\System\wmGNQQx.exe
  2⤵
  PID:6912
- C:\Windows\System\bpLUnSu.exe
  C:\Windows\System\bpLUnSu.exe
  2⤵
  PID:8264
- C:\Windows\System\iDuZkoL.exe
  C:\Windows\System\iDuZkoL.exe
  2⤵
  PID:8320
- C:\Windows\System\MiOrhDG.exe
  C:\Windows\System\MiOrhDG.exe
  2⤵
  PID:8360
- C:\Windows\System\MHQUzoH.exe
  C:\Windows\System\MHQUzoH.exe
  2⤵
  PID:8452
- C:\Windows\System\xHJCZgw.exe
  C:\Windows\System\xHJCZgw.exe
  2⤵
  PID:7472
- C:\Windows\System\Vvjmtbn.exe
  C:\Windows\System\Vvjmtbn.exe
  2⤵
  PID:8536
- C:\Windows\System\YacDFLT.exe
  C:\Windows\System\YacDFLT.exe
  2⤵
  PID:8688
- C:\Windows\System\jmiNluq.exe
  C:\Windows\System\jmiNluq.exe
  2⤵
  PID:8776
- C:\Windows\System\jSNkIsa.exe
  C:\Windows\System\jSNkIsa.exe
  2⤵
  PID:8836
- C:\Windows\System\pTMDrDf.exe
  C:\Windows\System\pTMDrDf.exe
  2⤵
  PID:8912
- C:\Windows\System\oRDWiaQ.exe
  C:\Windows\System\oRDWiaQ.exe
  2⤵
  PID:8976
- C:\Windows\System\xgCfoOc.exe
  C:\Windows\System\xgCfoOc.exe
  2⤵
  PID:9028
- C:\Windows\System\GMwHZYN.exe
  C:\Windows\System\GMwHZYN.exe
  2⤵
  PID:9044
- C:\Windows\System\bNGHfsL.exe
  C:\Windows\System\bNGHfsL.exe
  2⤵
  PID:9136
- C:\Windows\System\rpIkZRf.exe
  C:\Windows\System\rpIkZRf.exe
  2⤵
  PID:7344
- C:\Windows\System\lLMxOwY.exe
  C:\Windows\System\lLMxOwY.exe
  2⤵
  PID:6628
- C:\Windows\System\MTHFLiJ.exe
  C:\Windows\System\MTHFLiJ.exe
  2⤵
  PID:7936
- C:\Windows\System\blfYxrC.exe
  C:\Windows\System\blfYxrC.exe
  2⤵
  PID:10256
- C:\Windows\System\ioiKsQO.exe
  C:\Windows\System\ioiKsQO.exe
  2⤵
  PID:10276
- C:\Windows\System\etMTbew.exe
  C:\Windows\System\etMTbew.exe
  2⤵
  PID:10296
- C:\Windows\System\AhDfKEP.exe
  C:\Windows\System\AhDfKEP.exe
  2⤵
  PID:10316
- C:\Windows\System\tAVahtb.exe
  C:\Windows\System\tAVahtb.exe
  2⤵
  PID:10332
- C:\Windows\System\EZoAopz.exe
  C:\Windows\System\EZoAopz.exe
  2⤵
  PID:10356
- C:\Windows\System\WxZEMbE.exe
  C:\Windows\System\WxZEMbE.exe
  2⤵
  PID:10376
- C:\Windows\System\vkSZBcK.exe
  C:\Windows\System\vkSZBcK.exe
  2⤵
  PID:10396
- C:\Windows\System\kZwfrpH.exe
  C:\Windows\System\kZwfrpH.exe
  2⤵
  PID:10412
- C:\Windows\System\KZTRqxQ.exe
  C:\Windows\System\KZTRqxQ.exe
  2⤵
  PID:10436
- C:\Windows\System\XltjiwS.exe
  C:\Windows\System\XltjiwS.exe
  2⤵
  PID:10456
- C:\Windows\System\fhWfLHp.exe
  C:\Windows\System\fhWfLHp.exe
  2⤵
  PID:10480
- C:\Windows\System\qYRFTYM.exe
  C:\Windows\System\qYRFTYM.exe
  2⤵
  PID:10500
- C:\Windows\System\oRuFUIN.exe
  C:\Windows\System\oRuFUIN.exe
  2⤵
  PID:10520
- C:\Windows\System\WeoAvKb.exe
  C:\Windows\System\WeoAvKb.exe
  2⤵
  PID:10540
- C:\Windows\System\tPXrtrq.exe
  C:\Windows\System\tPXrtrq.exe
  2⤵
  PID:10564
- C:\Windows\System\yJytUcN.exe
  C:\Windows\System\yJytUcN.exe
  2⤵
  PID:10584
- C:\Windows\System\ZYEsVaK.exe
  C:\Windows\System\ZYEsVaK.exe
  2⤵
  PID:10604
- C:\Windows\System\CwBprkj.exe
  C:\Windows\System\CwBprkj.exe
  2⤵
  PID:10628
- C:\Windows\System\qnayGEb.exe
  C:\Windows\System\qnayGEb.exe
  2⤵
  PID:10652
- C:\Windows\System\QkJcrEr.exe
  C:\Windows\System\QkJcrEr.exe
  2⤵
  PID:10668
- C:\Windows\System\rJkXIIT.exe
  C:\Windows\System\rJkXIIT.exe
  2⤵
  PID:10688
- C:\Windows\System\MtgDWXY.exe
  C:\Windows\System\MtgDWXY.exe
  2⤵
  PID:10716
- C:\Windows\System\NTlxtYl.exe
  C:\Windows\System\NTlxtYl.exe
  2⤵
  PID:10736
- C:\Windows\System\NmSpzxA.exe
  C:\Windows\System\NmSpzxA.exe
  2⤵
  PID:10764
- C:\Windows\System\pBMYnOm.exe
  C:\Windows\System\pBMYnOm.exe
  2⤵
  PID:10784
- C:\Windows\System\fCAhuOc.exe
  C:\Windows\System\fCAhuOc.exe
  2⤵
  PID:10800
- C:\Windows\System\InCxMAz.exe
  C:\Windows\System\InCxMAz.exe
  2⤵
  PID:10820
- C:\Windows\System\rhAPEYu.exe
  C:\Windows\System\rhAPEYu.exe
  2⤵
  PID:10836
- C:\Windows\System\VTgSrsC.exe
  C:\Windows\System\VTgSrsC.exe
  2⤵
  PID:10852
- C:\Windows\System\NzQwNsg.exe
  C:\Windows\System\NzQwNsg.exe
  2⤵
  PID:10872
- C:\Windows\System\OLgWDBV.exe
  C:\Windows\System\OLgWDBV.exe
  2⤵
  PID:10888
- C:\Windows\System\rGRoqls.exe
  C:\Windows\System\rGRoqls.exe
  2⤵
  PID:10908
- C:\Windows\System\LqQeZbx.exe
  C:\Windows\System\LqQeZbx.exe
  2⤵
  PID:10924
- C:\Windows\System\DUCkDRq.exe
  C:\Windows\System\DUCkDRq.exe
  2⤵
  PID:10944
- C:\Windows\System\WzHqZOo.exe
  C:\Windows\System\WzHqZOo.exe
  2⤵
  PID:10972
- C:\Windows\System\WQxcKiU.exe
  C:\Windows\System\WQxcKiU.exe
  2⤵
  PID:10988
- C:\Windows\System\PQGmbPh.exe
  C:\Windows\System\PQGmbPh.exe
  2⤵
  PID:11008
- C:\Windows\System\QljDvlD.exe
  C:\Windows\System\QljDvlD.exe
  2⤵
  PID:11028
- C:\Windows\System\LSJDRaH.exe
  C:\Windows\System\LSJDRaH.exe
  2⤵
  PID:11052
- C:\Windows\System\dieclpO.exe
  C:\Windows\System\dieclpO.exe
  2⤵
  PID:11076
- C:\Windows\System\DLoFRQB.exe
  C:\Windows\System\DLoFRQB.exe
  2⤵
  PID:11100
- C:\Windows\System\RfVUlUX.exe
  C:\Windows\System\RfVUlUX.exe
  2⤵
  PID:11116
- C:\Windows\System\qejWtHU.exe
  C:\Windows\System\qejWtHU.exe
  2⤵
  PID:11144
- C:\Windows\System\vcjSqRH.exe
  C:\Windows\System\vcjSqRH.exe
  2⤵
  PID:11164
- C:\Windows\System\EFDZmQP.exe
  C:\Windows\System\EFDZmQP.exe
  2⤵
  PID:11188
- C:\Windows\System\FQDcLDe.exe
  C:\Windows\System\FQDcLDe.exe
  2⤵
  PID:11212
- C:\Windows\System\ztUOiIZ.exe
  C:\Windows\System\ztUOiIZ.exe
  2⤵
  PID:11236
- C:\Windows\System\MXkTvbq.exe
  C:\Windows\System\MXkTvbq.exe
  2⤵
  PID:11252
- C:\Windows\System\nvQlYmh.exe
  C:\Windows\System\nvQlYmh.exe
  2⤵
  PID:7156
- C:\Windows\System\XxtzJXy.exe
  C:\Windows\System\XxtzJXy.exe
  2⤵
  PID:8060
- C:\Windows\System\QWHTWnA.exe
  C:\Windows\System\QWHTWnA.exe
  2⤵
  PID:9292
- C:\Windows\System\hGVQuvQ.exe
  C:\Windows\System\hGVQuvQ.exe
  2⤵
  PID:7412
- C:\Windows\System\rGxsCcE.exe
  C:\Windows\System\rGxsCcE.exe
  2⤵
  PID:6180
- C:\Windows\System\zDQDZkU.exe
  C:\Windows\System\zDQDZkU.exe
  2⤵
  PID:9436
- C:\Windows\System\fXAAoXC.exe
  C:\Windows\System\fXAAoXC.exe
  2⤵
  PID:9492
- C:\Windows\System\hjOFqKk.exe
  C:\Windows\System\hjOFqKk.exe
  2⤵
  PID:9572
- C:\Windows\System\HvGrBed.exe
  C:\Windows\System\HvGrBed.exe
  2⤵
  PID:8280
- C:\Windows\System\WWmcrcC.exe
  C:\Windows\System\WWmcrcC.exe
  2⤵
  PID:9676
- C:\Windows\System\nDlXiGX.exe
  C:\Windows\System\nDlXiGX.exe
  2⤵
  PID:9720
- C:\Windows\System\XhCAdmp.exe
  C:\Windows\System\XhCAdmp.exe
  2⤵
  PID:8408
- C:\Windows\System\BpzmBzK.exe
  C:\Windows\System\BpzmBzK.exe
  2⤵
  PID:9792
- C:\Windows\System\VoUirff.exe
  C:\Windows\System\VoUirff.exe
  2⤵
  PID:8468
- C:\Windows\System\XFMFwrx.exe
  C:\Windows\System\XFMFwrx.exe
  2⤵
  PID:9988
- C:\Windows\System\mcHbkYg.exe
  C:\Windows\System\mcHbkYg.exe
  2⤵
  PID:10044
- C:\Windows\System\PDqJcyi.exe
  C:\Windows\System\PDqJcyi.exe
  2⤵
  PID:10100
- C:\Windows\System\FSWkQDX.exe
  C:\Windows\System\FSWkQDX.exe
  2⤵
  PID:10188
- C:\Windows\System\SeFRGJZ.exe
  C:\Windows\System\SeFRGJZ.exe
  2⤵
  PID:10216
- C:\Windows\System\TERtFDU.exe
  C:\Windows\System\TERtFDU.exe
  2⤵
  PID:11276
- C:\Windows\System\tAmIUWY.exe
  C:\Windows\System\tAmIUWY.exe
  2⤵
  PID:11296
- C:\Windows\System\PinGehh.exe
  C:\Windows\System\PinGehh.exe
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:11316
- C:\Windows\System\wecmJVn.exe
  C:\Windows\System\wecmJVn.exe
  2⤵
  PID:11340
- C:\Windows\System\sfShAGO.exe
  C:\Windows\System\sfShAGO.exe
  2⤵
  PID:11356
- C:\Windows\System\sBJbvAS.exe
  C:\Windows\System\sBJbvAS.exe
  2⤵
  PID:11376
- C:\Windows\System\qSLshGl.exe
  C:\Windows\System\qSLshGl.exe
  2⤵
  PID:11396
- C:\Windows\System\XklfSqA.exe
  C:\Windows\System\XklfSqA.exe
  2⤵
  PID:11412
- C:\Windows\System\KfRZGGh.exe
  C:\Windows\System\KfRZGGh.exe
  2⤵
  PID:11432
- C:\Windows\System\ouEqavp.exe
  C:\Windows\System\ouEqavp.exe
  2⤵
  PID:11456
- C:\Windows\System\ncFhQDW.exe
  C:\Windows\System\ncFhQDW.exe
  2⤵
  PID:11472
- C:\Windows\System\ZnBklli.exe
  C:\Windows\System\ZnBklli.exe
  2⤵
  PID:11492
- C:\Windows\System\HdEvXic.exe
  C:\Windows\System\HdEvXic.exe
  2⤵
  PID:11520
- C:\Windows\System\ezMyajR.exe
  C:\Windows\System\ezMyajR.exe
  2⤵
  PID:11540
- C:\Windows\System\fFBGSDv.exe
  C:\Windows\System\fFBGSDv.exe
  2⤵
  PID:11560
- C:\Windows\System\CEBGFll.exe
  C:\Windows\System\CEBGFll.exe
  2⤵
  PID:11576
- C:\Windows\System\ducBxFq.exe
  C:\Windows\System\ducBxFq.exe
  2⤵
  PID:11604
- C:\Windows\System\AOaoHbj.exe
  C:\Windows\System\AOaoHbj.exe
  2⤵
  PID:11624
- C:\Windows\System\Gftetgi.exe
  C:\Windows\System\Gftetgi.exe
  2⤵
  PID:11644
- C:\Windows\System\PtrGQld.exe
  C:\Windows\System\PtrGQld.exe
  2⤵
  PID:11660
- C:\Windows\System\KDtuQTX.exe
  C:\Windows\System\KDtuQTX.exe
  2⤵
  PID:11684
- C:\Windows\System\gznvYHM.exe
  C:\Windows\System\gznvYHM.exe
  2⤵
  PID:11704
- C:\Windows\System\WAJSftg.exe
  C:\Windows\System\WAJSftg.exe
  2⤵
  PID:11720
- C:\Windows\System\xsXKiGu.exe
  C:\Windows\System\xsXKiGu.exe
  2⤵
  PID:11740
- C:\Windows\System\VuukdpE.exe
  C:\Windows\System\VuukdpE.exe
  2⤵
  PID:11756
- C:\Windows\System\GyXtPyB.exe
  C:\Windows\System\GyXtPyB.exe
  2⤵
  PID:11772
- C:\Windows\System\dwkvTHw.exe
  C:\Windows\System\dwkvTHw.exe
  2⤵
  PID:11788
- C:\Windows\System\pqZcdsr.exe
  C:\Windows\System\pqZcdsr.exe
  2⤵
  PID:11804
- C:\Windows\System\ojkQMKP.exe
  C:\Windows\System\ojkQMKP.exe
  2⤵
  PID:11824
- C:\Windows\System\nbWqDTh.exe
  C:\Windows\System\nbWqDTh.exe
  2⤵
  PID:11840
- C:\Windows\System\tHzmBqV.exe
  C:\Windows\System\tHzmBqV.exe
  2⤵
  PID:11864
- C:\Windows\System\ppGbLYE.exe
  C:\Windows\System\ppGbLYE.exe
  2⤵
  PID:11892
- C:\Windows\System\IMhhWdX.exe
  C:\Windows\System\IMhhWdX.exe
  2⤵
  PID:11916
- C:\Windows\System\FVtmGyd.exe
  C:\Windows\System\FVtmGyd.exe
  2⤵
  PID:11936
- C:\Windows\System\aXVBhmr.exe
  C:\Windows\System\aXVBhmr.exe
  2⤵
  PID:11968
- C:\Windows\System\aWBFdqr.exe
  C:\Windows\System\aWBFdqr.exe
  2⤵
  PID:11988
- C:\Windows\System\axAhNwg.exe
  C:\Windows\System\axAhNwg.exe
  2⤵
  PID:9404
- C:\Windows\System\lzXBXEJ.exe
  C:\Windows\System\lzXBXEJ.exe
  2⤵
  PID:10528
- C:\Windows\System\hlErKMw.exe
  C:\Windows\System\hlErKMw.exe
  2⤵
  PID:9464
- C:\Windows\System\JAOSvak.exe
  C:\Windows\System\JAOSvak.exe
  2⤵
  PID:10660
- C:\Windows\System\piPCJCE.exe
  C:\Windows\System\piPCJCE.exe
  2⤵
  PID:9636
- C:\Windows\System\wNocXnc.exe
  C:\Windows\System\wNocXnc.exe
  2⤵
  PID:10984
- C:\Windows\System\eqtDdYe.exe
  C:\Windows\System\eqtDdYe.exe
  2⤵
  PID:8392
- C:\Windows\System\XQPAXXH.exe
  C:\Windows\System\XQPAXXH.exe
  2⤵
  PID:11060
- C:\Windows\System\EBWzzRv.exe
  C:\Windows\System\EBWzzRv.exe
  2⤵
  PID:8484
- C:\Windows\System\qoecVSY.exe
  C:\Windows\System\qoecVSY.exe
  2⤵
  PID:6200
- C:\Windows\System\bZZhMFX.exe
  C:\Windows\System\bZZhMFX.exe
  2⤵
  PID:8576
- C:\Windows\System\wwwfbuN.exe
  C:\Windows\System\wwwfbuN.exe
  2⤵
  PID:10148
- C:\Windows\System\WltvAWU.exe
  C:\Windows\System\WltvAWU.exe
  2⤵
  PID:8696
- C:\Windows\System\hcMUaZe.exe
  C:\Windows\System\hcMUaZe.exe
  2⤵
  PID:8672
- C:\Windows\System\oLcyvTh.exe
  C:\Windows\System\oLcyvTh.exe
  2⤵
  PID:7744
- C:\Windows\System\ezpVaHd.exe
  C:\Windows\System\ezpVaHd.exe
  2⤵
  PID:7992
- C:\Windows\System\AOStpCq.exe
  C:\Windows\System\AOStpCq.exe
  2⤵
  PID:11384
- C:\Windows\System\WUTsHTE.exe
  C:\Windows\System\WUTsHTE.exe
  2⤵
  PID:11528
- C:\Windows\System\WsBlFee.exe
  C:\Windows\System\WsBlFee.exe
  2⤵
  PID:9088
- C:\Windows\System\KbZFMoe.exe
  C:\Windows\System\KbZFMoe.exe
  2⤵
  PID:9024
- C:\Windows\System\coARcFb.exe
  C:\Windows\System\coARcFb.exe
  2⤵
  PID:9156
- C:\Windows\System\FHdyadd.exe
  C:\Windows\System\FHdyadd.exe
  2⤵
  PID:11872
- C:\Windows\System\ShhXqIx.exe
  C:\Windows\System\ShhXqIx.exe
  2⤵
  PID:6512
- C:\Windows\System\RghBOap.exe
  C:\Windows\System\RghBOap.exe
  2⤵
  PID:10312
- C:\Windows\System\qoSJPmT.exe
  C:\Windows\System\qoSJPmT.exe
  2⤵
  PID:10384
- C:\Windows\System\lSWFVtN.exe
  C:\Windows\System\lSWFVtN.exe
  2⤵
  PID:12048
- C:\Windows\System\moazxEL.exe
  C:\Windows\System\moazxEL.exe
  2⤵
  PID:9424
- C:\Windows\System\CwFhFFN.exe
  C:\Windows\System\CwFhFFN.exe
  2⤵
  PID:12300
- C:\Windows\System\JMNEfDY.exe
  C:\Windows\System\JMNEfDY.exe
  2⤵
  PID:12324
- C:\Windows\System\sNXnRCm.exe
  C:\Windows\System\sNXnRCm.exe
  2⤵
  PID:12340
- C:\Windows\System\rRHArFJ.exe
  C:\Windows\System\rRHArFJ.exe
  2⤵
  PID:12364
- C:\Windows\System\msvsgwf.exe
  C:\Windows\System\msvsgwf.exe
  2⤵
  PID:12388
- C:\Windows\System\izOlGjC.exe
  C:\Windows\System\izOlGjC.exe
  2⤵
  PID:12420
- C:\Windows\System\CqpiCFb.exe
  C:\Windows\System\CqpiCFb.exe
  2⤵
  PID:12436
- C:\Windows\System\jskCUrs.exe
  C:\Windows\System\jskCUrs.exe
  2⤵
  PID:12464
- C:\Windows\System\VIIBNhd.exe
  C:\Windows\System\VIIBNhd.exe
  2⤵
  PID:12484
- C:\Windows\System\njzVEid.exe
  C:\Windows\System\njzVEid.exe
  2⤵
  PID:12500
- C:\Windows\System\HNReLxa.exe
  C:\Windows\System\HNReLxa.exe
  2⤵
  PID:12516
- C:\Windows\System\oyoKGgo.exe
  C:\Windows\System\oyoKGgo.exe
  2⤵
  PID:12532
- C:\Windows\System\tmFgTGS.exe
  C:\Windows\System\tmFgTGS.exe
  2⤵
  PID:12548
- C:\Windows\System\WFKNHdR.exe
  C:\Windows\System\WFKNHdR.exe
  2⤵
  PID:12564
- C:\Windows\System\chZxyvv.exe
  C:\Windows\System\chZxyvv.exe
  2⤵
  PID:12580
- C:\Windows\System\DDxNspt.exe
  C:\Windows\System\DDxNspt.exe
  2⤵
  PID:12596
- C:\Windows\System\nagFNmo.exe
  C:\Windows\System\nagFNmo.exe
  2⤵
  PID:12612
- C:\Windows\System\qlgnIpU.exe
  C:\Windows\System\qlgnIpU.exe
  2⤵
  PID:12628
- C:\Windows\System\zYPvZBc.exe
  C:\Windows\System\zYPvZBc.exe
  2⤵
  PID:12648
- C:\Windows\System\JBTBaei.exe
  C:\Windows\System\JBTBaei.exe
  2⤵
  PID:12672
- C:\Windows\System\wjCbZZI.exe
  C:\Windows\System\wjCbZZI.exe
  2⤵
  PID:12700
- C:\Windows\System\RaXtasI.exe
  C:\Windows\System\RaXtasI.exe
  2⤵
  PID:12724
- C:\Windows\System\bEVezGR.exe
  C:\Windows\System\bEVezGR.exe
  2⤵
  PID:12740
- C:\Windows\System\inqBXBu.exe
  C:\Windows\System\inqBXBu.exe
  2⤵
  PID:12760
- C:\Windows\System\XFcIvbk.exe
  C:\Windows\System\XFcIvbk.exe
  2⤵
  PID:9764
- C:\Windows\System\dzugcEm.exe
  C:\Windows\System\dzugcEm.exe
  2⤵
  PID:8136
- C:\Windows\System\xssPdmw.exe
  C:\Windows\System\xssPdmw.exe
  2⤵
  PID:8600
- C:\Windows\System\olotkWy.exe
  C:\Windows\System\olotkWy.exe
  2⤵
  PID:11324
- C:\Windows\System\dlXEnQC.exe
  C:\Windows\System\dlXEnQC.exe
  2⤵
  PID:11800
- C:\Windows\System\JqrsSfH.exe
  C:\Windows\System\JqrsSfH.exe
  2⤵
  PID:8712
- C:\Windows\System\LzKSsfn.exe
  C:\Windows\System\LzKSsfn.exe
  2⤵
  PID:8892
- C:\Windows\System\THJQOQF.exe
  C:\Windows\System\THJQOQF.exe
  2⤵
  PID:12140
- C:\Windows\System\izVedNd.exe
  C:\Windows\System\izVedNd.exe
  2⤵
  PID:13144
- C:\Windows\System\NAusFNO.exe
  C:\Windows\System\NAusFNO.exe
  2⤵
  PID:12668
- C:\Windows\System\BFIsmeF.exe
  C:\Windows\System\BFIsmeF.exe
  2⤵
  PID:13064
- C:\Windows\System\YPpbQEW.exe
  C:\Windows\System\YPpbQEW.exe
  2⤵
  PID:12852
- C:\Windows\System\sBoHbxu.exe
  C:\Windows\System\sBoHbxu.exe
  2⤵
  PID:12620
- C:\Windows\System\xclLDIW.exe
  C:\Windows\System\xclLDIW.exe
  2⤵
  PID:10268
- C:\Windows\System\yHqfBQf.exe
  C:\Windows\System\yHqfBQf.exe
  2⤵
  PID:11652
- C:\Windows\System\bQEvKls.exe
  C:\Windows\System\bQEvKls.exe
  2⤵
  PID:9872
- C:\Windows\System\aKTXoVD.exe
  C:\Windows\System\aKTXoVD.exe
  2⤵
  PID:11204
- C:\Windows\System\ERNTVGR.exe
  C:\Windows\System\ERNTVGR.exe
  2⤵
  PID:9444
- C:\Windows\System\DWkeYkE.exe
  C:\Windows\System\DWkeYkE.exe
  2⤵
  PID:8820
- C:\Windows\System\FnRABVF.exe
  C:\Windows\System\FnRABVF.exe
  2⤵
  PID:11548
- C:\Windows\System\UjUkxXk.exe
  C:\Windows\System\UjUkxXk.exe
  2⤵
  PID:9380
- C:\Windows\System\dRosxDz.exe
  C:\Windows\System\dRosxDz.exe
  2⤵
  PID:11004
- C:\Windows\System\SThdcgm.exe
  C:\Windows\System\SThdcgm.exe
  2⤵
  PID:9740
- C:\Windows\System\ShJYSyV.exe
  C:\Windows\System\ShJYSyV.exe
  2⤵
  PID:3812
- C:\Windows\System\QHfFqTi.exe
  C:\Windows\System\QHfFqTi.exe
  2⤵
  PID:10420
- C:\Windows\System\OqNQCuM.exe
  C:\Windows\System\OqNQCuM.exe
  2⤵
  PID:10884
- C:\Windows\System\GwKJfCE.exe
  C:\Windows\System\GwKJfCE.exe
  2⤵
  PID:11228
- C:\Windows\System\unmGkCM.exe
  C:\Windows\System\unmGkCM.exe
  2⤵
  PID:11140
- C:\Windows\System\REWklgv.exe
  C:\Windows\System\REWklgv.exe
  2⤵
  PID:13240
- C:\Windows\System\uWatvDb.exe
  C:\Windows\System\uWatvDb.exe
  2⤵
  PID:11244
- C:\Windows\System\JQXyRAJ.exe
  C:\Windows\System\JQXyRAJ.exe
  2⤵
  PID:9252
- C:\Windows\System\UAggRmf.exe
  C:\Windows\System\UAggRmf.exe
  2⤵
  PID:9332
- C:\Windows\System\eSpEnxY.exe
  C:\Windows\System\eSpEnxY.exe
  2⤵
  PID:9468
- C:\Windows\System\ispuFhy.exe
  C:\Windows\System\ispuFhy.exe
  2⤵
  PID:11732
- C:\Windows\System\vSupcxw.exe
  C:\Windows\System\vSupcxw.exe
  2⤵
  PID:11268
- C:\Windows\System\yicLnzP.exe
  C:\Windows\System\yicLnzP.exe
  2⤵
  PID:11464
- C:\Windows\System\JfhoCWy.exe
  C:\Windows\System\JfhoCWy.exe
  2⤵
  PID:11020
- C:\Windows\System\nJBWtpd.exe
  C:\Windows\System\nJBWtpd.exe
  2⤵
  PID:12144
- C:\Windows\System\tRnrpet.exe
  C:\Windows\System\tRnrpet.exe
  2⤵
  PID:11784
- C:\Windows\System\CZqDTkt.exe
  C:\Windows\System\CZqDTkt.exe
  2⤵
  PID:11304
- C:\Windows\System\JqpOzhr.exe
  C:\Windows\System\JqpOzhr.exe
  2⤵
  PID:11832
- C:\Windows\System\QQgNoUF.exe
  C:\Windows\System\QQgNoUF.exe
  2⤵
  PID:12272
- C:\Windows\System\zajXNjR.exe
  C:\Windows\System\zajXNjR.exe
  2⤵
  PID:12876
- C:\Windows\System\WBMkuCm.exe
  C:\Windows\System\WBMkuCm.exe
  2⤵
  PID:13176
- C:\Windows\System\nMKRxth.exe
  C:\Windows\System\nMKRxth.exe
  2⤵
  PID:11796
- C:\Windows\System\FMCuHpR.exe
  C:\Windows\System\FMCuHpR.exe
  2⤵
  PID:11952
- C:\Windows\System\gFcSgOU.exe
  C:\Windows\System\gFcSgOU.exe
  2⤵
  PID:12944
- C:\Windows\System\TBheRBs.exe
  C:\Windows\System\TBheRBs.exe
  2⤵
  PID:11752
- C:\Windows\System\nYpSOpM.exe
  C:\Windows\System\nYpSOpM.exe
  2⤵
  PID:12948
- C:\Windows\System\OoBIuTd.exe
  C:\Windows\System\OoBIuTd.exe
  2⤵
  PID:10452
- C:\Windows\System\Tccjtjt.exe
  C:\Windows\System\Tccjtjt.exe
  2⤵
  PID:12828
- C:\Windows\System\pJgnwfq.exe
  C:\Windows\System\pJgnwfq.exe
  2⤵
  PID:12908
- C:\Windows\System\icNYGoX.exe
  C:\Windows\System\icNYGoX.exe
  2⤵
  PID:9340
- C:\Windows\System\JDipOSg.exe
  C:\Windows\System\JDipOSg.exe
  2⤵
  PID:1852
- C:\Windows\System\WuYgtEn.exe
  C:\Windows\System\WuYgtEn.exe
  2⤵
  PID:1684
- C:\Windows\System\rUaQZMq.exe
  C:\Windows\System\rUaQZMq.exe
  2⤵
  PID:8304
- C:\Windows\System\isIRBaE.exe
  C:\Windows\System\isIRBaE.exe
  2⤵
  PID:12900
- C:\Windows\System\gwVuYOG.exe
  C:\Windows\System\gwVuYOG.exe
  2⤵
  PID:12736
- C:\Windows\System\vbLYwKS.exe
  C:\Windows\System\vbLYwKS.exe
  2⤵
  PID:9864
- C:\Windows\System\CZRriPI.exe
  C:\Windows\System\CZRriPI.exe
  2⤵
  PID:10288
- C:\Windows\System\oKpOSPu.exe
  C:\Windows\System\oKpOSPu.exe
  2⤵
  PID:9932
- C:\Windows\System\xXbamiS.exe
  C:\Windows\System\xXbamiS.exe
  2⤵
  PID:556
- C:\Windows\System\ncTngRV.exe
  C:\Windows\System\ncTngRV.exe
  2⤵
  PID:10560
- C:\Windows\System\qjIhCfP.exe
  C:\Windows\System\qjIhCfP.exe
  2⤵
  PID:8908
- C:\Windows\System\VhmlzsI.exe
  C:\Windows\System\VhmlzsI.exe
  2⤵
  PID:2208
- C:\Windows\System\LkHXgKI.exe
  C:\Windows\System\LkHXgKI.exe
  2⤵
  PID:11676
- C:\Windows\System\RKMRdjM.exe
  C:\Windows\System\RKMRdjM.exe
  2⤵
  PID:10728
- C:\Windows\System\XqgEZsf.exe
  C:\Windows\System\XqgEZsf.exe
  2⤵
  PID:10916
- C:\Windows\System\dmnyOya.exe
  C:\Windows\System\dmnyOya.exe
  2⤵
  PID:10864
- C:\Windows\System\UQFJmZO.exe
  C:\Windows\System\UQFJmZO.exe
  2⤵
  PID:13028
- C:\Windows\System\ASHBLBg.exe
  C:\Windows\System\ASHBLBg.exe
  2⤵
  PID:11408
- C:\Windows\System\jcBgXqb.exe
  C:\Windows\System\jcBgXqb.exe
  2⤵
  PID:8888
- C:\Windows\System\nuNKuDe.exe
  C:\Windows\System\nuNKuDe.exe
  2⤵
  PID:12868
- C:\Windows\System\gVMzBxX.exe
  C:\Windows\System\gVMzBxX.exe
  2⤵
  PID:5940
- C:\Windows\System\RcVjBWy.exe
  C:\Windows\System\RcVjBWy.exe
  2⤵
  PID:11712
- C:\Windows\System\mjOKZTt.exe
  C:\Windows\System\mjOKZTt.exe
  2⤵
  PID:12792
- C:\Windows\System\LcVNXBJ.exe
  C:\Windows\System\LcVNXBJ.exe
  2⤵
  PID:11512
- C:\Windows\System\cVGlhDE.exe
  C:\Windows\System\cVGlhDE.exe
  2⤵
  PID:10940
- C:\Windows\System\ezpRWUe.exe
  C:\Windows\System\ezpRWUe.exe
  2⤵
  PID:8208
- C:\Windows\System\dsAMiex.exe
  C:\Windows\System\dsAMiex.exe
  2⤵
  PID:11852
- C:\Windows\System\rQZrLYJ.exe
  C:\Windows\System\rQZrLYJ.exe
  2⤵
  PID:10128
- C:\Windows\System\huBweVu.exe
  C:\Windows\System\huBweVu.exe
  2⤵
  PID:12936
- C:\Windows\System\hdGvfcG.exe
  C:\Windows\System\hdGvfcG.exe
  2⤵
  PID:12812
- C:\Windows\System\TjRyfrN.exe
  C:\Windows\System\TjRyfrN.exe
  2⤵
  PID:13288
- C:\Windows\System\mYiRFhN.exe
  C:\Windows\System\mYiRFhN.exe
  2⤵
  PID:8668
- C:\Windows\System\omxxhQk.exe
  C:\Windows\System\omxxhQk.exe
  2⤵
  PID:2748
- C:\Windows\System\Ogmocfy.exe
  C:\Windows\System\Ogmocfy.exe
  2⤵
  PID:11424
- C:\Windows\System\ZNphoiX.exe
  C:\Windows\System\ZNphoiX.exe
  2⤵
  PID:12244
- C:\Windows\System\JpMUOwP.exe
  C:\Windows\System\JpMUOwP.exe
  2⤵
  PID:10404
- C:\Windows\System\yYUCDqp.exe
  C:\Windows\System\yYUCDqp.exe
  2⤵
  PID:12756
- C:\Windows\System\AToXIph.exe
  C:\Windows\System\AToXIph.exe
  2⤵
  PID:5212
- C:\Windows\System\QQpbHuB.exe
  C:\Windows\System\QQpbHuB.exe
  2⤵
  PID:12380
- C:\Windows\System\zfDaNra.exe
  C:\Windows\System\zfDaNra.exe
  2⤵
  PID:1432
- C:\Windows\System\FljvbZW.exe
  C:\Windows\System\FljvbZW.exe
  2⤵
  PID:9540
- C:\Windows\System\JrPRpdD.exe
  C:\Windows\System\JrPRpdD.exe
  2⤵
  PID:12896
- C:\Windows\System\ltifNjQ.exe
  C:\Windows\System\ltifNjQ.exe
  2⤵
  PID:13276
- C:\Windows\System\suTChvS.exe
  C:\Windows\System\suTChvS.exe
  2⤵
  PID:11136
- C:\Windows\System\SGxGagS.exe
  C:\Windows\System\SGxGagS.exe
  2⤵
  PID:11572
- C:\Windows\System\UVlrVXg.exe
  C:\Windows\System\UVlrVXg.exe
  2⤵
  PID:12892
- C:\Windows\System\YGrcilv.exe
  C:\Windows\System\YGrcilv.exe
  2⤵
  PID:9616
- C:\Windows\System\DkqGtXa.exe
  C:\Windows\System\DkqGtXa.exe
  2⤵
  PID:11208
- C:\Windows\System\DghlIqd.exe
  C:\Windows\System\DghlIqd.exe
  2⤵
  PID:11508
- C:\Windows\System\NFPLWZY.exe
  C:\Windows\System\NFPLWZY.exe
  2⤵
  PID:11568
- C:\Windows\System\AucgXbq.exe
  C:\Windows\System\AucgXbq.exe
  2⤵
  PID:4716
- C:\Windows\System\sbWXDcf.exe
  C:\Windows\System\sbWXDcf.exe
  2⤵
  PID:1992
- C:\Windows\System\fXRveyf.exe
  C:\Windows\System\fXRveyf.exe
  2⤵
  PID:5008
- C:\Windows\System\JgQkltC.exe
  C:\Windows\System\JgQkltC.exe
  2⤵
  PID:2872
- C:\Windows\System\iLHMSch.exe
  C:\Windows\System\iLHMSch.exe
  2⤵
  PID:12168
- C:\Windows\System\rRvKDjs.exe
  C:\Windows\System\rRvKDjs.exe
  2⤵
  PID:12924
- C:\Windows\System\IPRgRMK.exe
  C:\Windows\System\IPRgRMK.exe
  2⤵
  PID:8968
- C:\Windows\System\JFRtMBY.exe
  C:\Windows\System\JFRtMBY.exe
  2⤵
  PID:6320
- C:\Windows\System\miGgPax.exe
  C:\Windows\System\miGgPax.exe
  2⤵
  PID:11096
- C:\Windows\System\rHmltXr.exe
  C:\Windows\System\rHmltXr.exe
  2⤵
  PID:2816
- C:\Windows\System\NYNdYbz.exe
  C:\Windows\System\NYNdYbz.exe
  2⤵
  PID:1052
- C:\Windows\System\PKHpqna.exe
  C:\Windows\System\PKHpqna.exe
  2⤵
  PID:2468
- C:\Windows\System\EzvSJsk.exe
  C:\Windows\System\EzvSJsk.exe
  2⤵
  PID:11820
- C:\Windows\System\QHQQYBa.exe
  C:\Windows\System\QHQQYBa.exe
  2⤵
  PID:12332
- C:\Windows\System\NzSloqK.exe
  C:\Windows\System\NzSloqK.exe
  2⤵
  PID:12404
- C:\Windows\System\DJTIlIO.exe
  C:\Windows\System\DJTIlIO.exe
  2⤵
  PID:1952
- C:\Windows\System\fCIfeZA.exe
  C:\Windows\System\fCIfeZA.exe
  2⤵
  PID:13328
- C:\Windows\System\TnsKwnT.exe
  C:\Windows\System\TnsKwnT.exe
  2⤵
  PID:13360
- C:\Windows\System\DkycSbv.exe
  C:\Windows\System\DkycSbv.exe
  2⤵
  PID:13408
- C:\Windows\System\oeHBifT.exe
  C:\Windows\System\oeHBifT.exe
  2⤵
  PID:13436
- C:\Windows\System\UbhmqPz.exe
  C:\Windows\System\UbhmqPz.exe
  2⤵
  PID:13456
- C:\Windows\System\ucyzrir.exe
  C:\Windows\System\ucyzrir.exe
  2⤵
  PID:13480
- C:\Windows\System\fVdBgQC.exe
  C:\Windows\System\fVdBgQC.exe
  2⤵
  PID:13520
- C:\Windows\System\seJVFqK.exe
  C:\Windows\System\seJVFqK.exe
  2⤵
  PID:13560
- C:\Windows\System\USUfxlC.exe
  C:\Windows\System\USUfxlC.exe
  2⤵
  PID:13584
- C:\Windows\System\HzXmPQI.exe
  C:\Windows\System\HzXmPQI.exe
  2⤵
  PID:13636
- C:\Windows\System\wmgwPNR.exe
  C:\Windows\System\wmgwPNR.exe
  2⤵
  PID:13656
- C:\Windows\System\lQlvYQX.exe
  C:\Windows\System\lQlvYQX.exe
  2⤵
  PID:13744
- C:\Windows\System\vCeQUra.exe
  C:\Windows\System\vCeQUra.exe
  2⤵
  PID:13768
- C:\Windows\System\nPNdioB.exe
  C:\Windows\System\nPNdioB.exe
  2⤵
  PID:13784
- C:\Windows\System\KfjCsVp.exe
  C:\Windows\System\KfjCsVp.exe
  2⤵
  PID:13800
- C:\Windows\System\PhicpPs.exe
  C:\Windows\System\PhicpPs.exe
  2⤵
  PID:13828
- C:\Windows\System\GTenKSj.exe
  C:\Windows\System\GTenKSj.exe
  2⤵
  PID:13860
- C:\Windows\System\UQGkzNZ.exe
  C:\Windows\System\UQGkzNZ.exe
  2⤵
  PID:13928
- C:\Windows\System\LamIUhY.exe
  C:\Windows\System\LamIUhY.exe
  2⤵
  PID:13944
- C:\Windows\System\vthXZZR.exe
  C:\Windows\System\vthXZZR.exe
  2⤵
  PID:13964
- C:\Windows\System\XhHqVfe.exe
  C:\Windows\System\XhHqVfe.exe
  2⤵
  PID:13992
- C:\Windows\System\zrrjqEN.exe
  C:\Windows\System\zrrjqEN.exe
  2⤵
  PID:14020
- C:\Windows\System\jbwLAnG.exe
  C:\Windows\System\jbwLAnG.exe
  2⤵
  PID:14056
- C:\Windows\System\CeXoJyJ.exe
  C:\Windows\System\CeXoJyJ.exe
  2⤵
  PID:14100
- C:\Windows\System\GCeusgV.exe
  C:\Windows\System\GCeusgV.exe
  2⤵
  PID:14132
- C:\Windows\System\UAbBFYI.exe
  C:\Windows\System\UAbBFYI.exe
  2⤵
  PID:14152
- C:\Windows\System\RWIcicj.exe
  C:\Windows\System\RWIcicj.exe
  2⤵
  PID:14168
- C:\Windows\System\UDIAXQi.exe
  C:\Windows\System\UDIAXQi.exe
  2⤵
  PID:14188
- C:\Windows\System\ZATuHfO.exe
  C:\Windows\System\ZATuHfO.exe
  2⤵
  PID:14228
- C:\Windows\System\yUhOfyG.exe
  C:\Windows\System\yUhOfyG.exe
  2⤵
  PID:14276
- C:\Windows\System\hgTUNih.exe
  C:\Windows\System\hgTUNih.exe
  2⤵
  PID:628
- C:\Windows\System\tNFuoIV.exe
  C:\Windows\System\tNFuoIV.exe
  2⤵
  PID:5044
- C:\Windows\System\wWjxtNq.exe
  C:\Windows\System\wWjxtNq.exe
  2⤵
  PID:4240
- C:\Windows\System\xoLNxwa.exe
  C:\Windows\System\xoLNxwa.exe
  2⤵
  PID:4492
- C:\Windows\System\MQkfItr.exe
  C:\Windows\System\MQkfItr.exe
  2⤵
  PID:13468
- C:\Windows\System\dtkcNdD.exe
  C:\Windows\System\dtkcNdD.exe
  2⤵
  PID:2032
- C:\Windows\System\CXLkRUD.exe
  C:\Windows\System\CXLkRUD.exe
  2⤵
  PID:13540
- C:\Windows\System\AnyUQXU.exe
  C:\Windows\System\AnyUQXU.exe
  2⤵
  PID:13348
- C:\Windows\System\NNnPasV.exe
  C:\Windows\System\NNnPasV.exe
  2⤵
  PID:13632
- C:\Windows\System\aDQfFGH.exe
  C:\Windows\System\aDQfFGH.exe
  2⤵
  PID:13404
- C:\Windows\System\YHcNVtP.exe
  C:\Windows\System\YHcNVtP.exe
  2⤵
  PID:13888
- C:\Windows\System\wLtqhra.exe
  C:\Windows\System\wLtqhra.exe
  2⤵
  PID:13752
- C:\Windows\System\FRaifCd.exe
  C:\Windows\System\FRaifCd.exe
  2⤵
  PID:13940
- C:\Windows\System\RdKQHBv.exe
  C:\Windows\System\RdKQHBv.exe
  2⤵
  PID:14176
- C:\Windows\System\MbgOQxF.exe
  C:\Windows\System\MbgOQxF.exe
  2⤵
  PID:10124
- C:\Windows\System\gYTzzDQ.exe
  C:\Windows\System\gYTzzDQ.exe
  2⤵
  PID:14260
- C:\Windows\System\CJkeiAZ.exe
  C:\Windows\System\CJkeiAZ.exe
  2⤵
  PID:4580
- C:\Windows\System\fBbYaze.exe
  C:\Windows\System\fBbYaze.exe
  2⤵
  PID:13488
- C:\Windows\System\VPUaMTL.exe
  C:\Windows\System\VPUaMTL.exe
  2⤵
  PID:14124
- C:\Windows\System\njpTSNo.exe
  C:\Windows\System\njpTSNo.exe
  2⤵
  PID:14220
- C:\Windows\System\mKAGvva.exe
  C:\Windows\System\mKAGvva.exe
  2⤵
  PID:14284
- C:\Windows\System\uWXKNEh.exe
  C:\Windows\System\uWXKNEh.exe
  2⤵
  PID:14300
- C:\Windows\System\yvAlkZD.exe
  C:\Windows\System\yvAlkZD.exe
  2⤵
  PID:4348
- C:\Windows\System\VKIMoNX.exe
  C:\Windows\System\VKIMoNX.exe
  2⤵
  PID:4724
- C:\Windows\System\FvQKdps.exe
  C:\Windows\System\FvQKdps.exe
  2⤵
  PID:932
- C:\Windows\System\ULCWxLh.exe
  C:\Windows\System\ULCWxLh.exe
  2⤵
  PID:2524
- C:\Windows\System\EDqAogG.exe
  C:\Windows\System\EDqAogG.exe
  2⤵
  PID:13352
- C:\Windows\System\ejvHdyn.exe
  C:\Windows\System\ejvHdyn.exe
  2⤵
  PID:3636
- C:\Windows\System\ZQNynPu.exe
  C:\Windows\System\ZQNynPu.exe
  2⤵
  PID:13416
- C:\Windows\System\puvmXaP.exe
  C:\Windows\System\puvmXaP.exe
  2⤵
  PID:14112
- C:\Windows\System\zCgKbWM.exe
  C:\Windows\System\zCgKbWM.exe
  2⤵
  PID:6776
- C:\Windows\System\QYDXFzu.exe
  C:\Windows\System\QYDXFzu.exe
  2⤵
  PID:1320
- C:\Windows\System\lXhTsJw.exe
  C:\Windows\System\lXhTsJw.exe
  2⤵
  PID:2180
- C:\Windows\System\kHVYpwu.exe
  C:\Windows\System\kHVYpwu.exe
  2⤵
  PID:568
- C:\Windows\System\aIqLQgt.exe
  C:\Windows\System\aIqLQgt.exe
  2⤵
  PID:13060
- C:\Windows\System\eXZaemg.exe
  C:\Windows\System\eXZaemg.exe
  2⤵
  PID:1216
- C:\Windows\System\FSFijlc.exe
  C:\Windows\System\FSFijlc.exe
  2⤵
  PID:1276
- C:\Windows\System\KjrbVoh.exe
  C:\Windows\System\KjrbVoh.exe
  2⤵
  PID:1636
- C:\Windows\System\UjYCIBJ.exe
  C:\Windows\System\UjYCIBJ.exe
  2⤵
  PID:14116
- C:\Windows\System\nDxsVkM.exe
  C:\Windows\System\nDxsVkM.exe
  2⤵
  PID:3988
- C:\Windows\System\MQafdEm.exe
  C:\Windows\System\MQafdEm.exe
  2⤵
  PID:13320
- C:\Windows\System\OevcWSZ.exe
  C:\Windows\System\OevcWSZ.exe
  2⤵
  PID:14248
- C:\Windows\System\zDbULfj.exe
  C:\Windows\System\zDbULfj.exe
  2⤵
  PID:13648
- C:\Windows\System\CnIdkTV.exe
  C:\Windows\System\CnIdkTV.exe
  2⤵
  PID:13580
- C:\Windows\System\tBsHFAA.exe
  C:\Windows\System\tBsHFAA.exe
  2⤵
  PID:13820
- C:\Windows\System\kHptxZf.exe
  C:\Windows\System\kHptxZf.exe
  2⤵
  PID:13868
- C:\Windows\System\NozqFrZ.exe
  C:\Windows\System\NozqFrZ.exe
  2⤵
  PID:1644
- C:\Windows\System\QHSldwJ.exe
  C:\Windows\System\QHSldwJ.exe
  2⤵
  PID:14140
- C:\Windows\System\gsHxlBC.exe
  C:\Windows\System\gsHxlBC.exe
  2⤵
  PID:13316
- C:\Windows\System\TZOZFpO.exe
  C:\Windows\System\TZOZFpO.exe
  2⤵
  PID:13572
- C:\Windows\System\xbnYWde.exe
  C:\Windows\System\xbnYWde.exe
  2⤵
  PID:860
- C:\Windows\System\SwtQKeL.exe
  C:\Windows\System\SwtQKeL.exe
  2⤵
  PID:14028
- C:\Windows\System\ukcIqwd.exe
  C:\Windows\System\ukcIqwd.exe
  2⤵
  PID:2920
- C:\Windows\System\lDsIDLe.exe
  C:\Windows\System\lDsIDLe.exe
  2⤵
  PID:3352
- C:\Windows\System\qFMegDk.exe
  C:\Windows\System\qFMegDk.exe
  2⤵
  PID:2144
- C:\Windows\System\ZuNnXEL.exe
  C:\Windows\System\ZuNnXEL.exe
  2⤵
  PID:5072
- C:\Windows\System\lrulGzM.exe
  C:\Windows\System\lrulGzM.exe
  2⤵
  PID:14108
- C:\Windows\System\GtISlSy.exe
  C:\Windows\System\GtISlSy.exe
  2⤵
  PID:13988
- C:\Windows\System\YYOEStM.exe
  C:\Windows\System\YYOEStM.exe
  2⤵
  PID:12544
- C:\Windows\System\fOfKtYx.exe
  C:\Windows\System\fOfKtYx.exe
  2⤵
  PID:3656
- C:\Windows\System\EzlsKCp.exe
  C:\Windows\System\EzlsKCp.exe
  2⤵
  PID:13908
- C:\Windows\System\qgSVFbe.exe
  C:\Windows\System\qgSVFbe.exe
  2⤵
  PID:2412
- C:\Windows\System\salPJja.exe
  C:\Windows\System\salPJja.exe
  2⤵
  PID:5100
- C:\Windows\System\NIlnOPp.exe
  C:\Windows\System\NIlnOPp.exe
  2⤵
  PID:428
- C:\Windows\System\YhZHteu.exe
  C:\Windows\System\YhZHteu.exe
  2⤵
  PID:3260
- C:\Windows\System\gfDvFPO.exe
  C:\Windows\System\gfDvFPO.exe
  2⤵
  PID:632
- C:\Windows\System\mNLvWgO.exe
  C:\Windows\System\mNLvWgO.exe
  2⤵
  PID:5104
- C:\Windows\System\WtVcgRx.exe
  C:\Windows\System\WtVcgRx.exe
  2⤵
  PID:4896
- C:\Windows\System\vGXrkGR.exe
  C:\Windows\System\vGXrkGR.exe
  2⤵
  PID:1912
- C:\Windows\System\gHxSIRV.exe
  C:\Windows\System\gHxSIRV.exe
  2⤵
  PID:2200
- C:\Windows\System\MtTcYRK.exe
  C:\Windows\System\MtTcYRK.exe
  2⤵
  PID:4180
- C:\Windows\System\KFhsRIL.exe
  C:\Windows\System\KFhsRIL.exe
  2⤵
  PID:4532
- C:\Windows\System\HaKjvZY.exe
  C:\Windows\System\HaKjvZY.exe
  2⤵
  PID:2108
- C:\Windows\System\ytquriw.exe
  C:\Windows\System\ytquriw.exe
  2⤵
  PID:432
- C:\Windows\System\PMpxvvd.exe
  C:\Windows\System\PMpxvvd.exe
  2⤵
  PID:5000
- C:\Windows\System\YTgokbb.exe
  C:\Windows\System\YTgokbb.exe
  2⤵
  PID:4084
- C:\Windows\System\KlbSxPf.exe
  C:\Windows\System\KlbSxPf.exe
  2⤵
  PID:3968
- C:\Windows\System\rNhGkvR.exe
  C:\Windows\System\rNhGkvR.exe
  2⤵
  PID:2152
- C:\Windows\System\EvaheXO.exe
  C:\Windows\System\EvaheXO.exe
  2⤵
  PID:1028
- C:\Windows\System\ScGCYXA.exe
  C:\Windows\System\ScGCYXA.exe
  2⤵
  PID:3644
- C:\Windows\System\wkuxbPn.exe
  C:\Windows\System\wkuxbPn.exe
  2⤵
  PID:12524
- C:\Windows\System\PDjYCrx.exe
  C:\Windows\System\PDjYCrx.exe
  2⤵
  PID:3992
- C:\Windows\System\XzybrkM.exe
  C:\Windows\System\XzybrkM.exe
  2⤵
  PID:4208
- C:\Windows\System\PQAdiHu.exe
  C:\Windows\System\PQAdiHu.exe
  2⤵
  PID:4024
- C:\Windows\System\PmWMGqp.exe
  C:\Windows\System\PmWMGqp.exe
  2⤵
  PID:4156
- C:\Windows\System\inVuLkg.exe
  C:\Windows\System\inVuLkg.exe
  2⤵
  PID:4884
- C:\Windows\System\PbqOTcn.exe
  C:\Windows\System\PbqOTcn.exe
  2⤵
  PID:2036
- C:\Windows\System\ClkbXEs.exe
  C:\Windows\System\ClkbXEs.exe
  2⤵
  PID:4536
- C:\Windows\System\kvtlpBN.exe
  C:\Windows\System\kvtlpBN.exe
  2⤵
  PID:620
- C:\Windows\System\UenyJcZ.exe
  C:\Windows\System\UenyJcZ.exe
  2⤵
  PID:14148
- C:\Windows\System\GnSmCOL.exe
  C:\Windows\System\GnSmCOL.exe
  2⤵
  PID:792
- C:\Windows\System\uXbXYIS.exe
  C:\Windows\System\uXbXYIS.exe
  2⤵
  PID:1716
- C:\Windows\System\nqzDJfn.exe
  C:\Windows\System\nqzDJfn.exe
  2⤵
  PID:3284
- C:\Windows\System\keBWMSZ.exe
  C:\Windows\System\keBWMSZ.exe
  2⤵
  PID:4488
- C:\Windows\System\jWuBToN.exe
  C:\Windows\System\jWuBToN.exe
  2⤵
  PID:13808
- C:\Windows\System\YDzkcgF.exe
  C:\Windows\System\YDzkcgF.exe
  2⤵
  PID:14196
- C:\Windows\System\RGCDttA.exe
  C:\Windows\System\RGCDttA.exe
  2⤵
  PID:5052
- C:\Windows\System\HSSswWW.exe
  C:\Windows\System\HSSswWW.exe
  2⤵
  PID:2664
- C:\Windows\System\yicHHEG.exe
  C:\Windows\System\yicHHEG.exe
  2⤵
  PID:4696
- C:\Windows\System\EfkWfxg.exe
  C:\Windows\System\EfkWfxg.exe
  2⤵
  PID:1480
- C:\Windows\System\JQAlvMr.exe
  C:\Windows\System\JQAlvMr.exe
  2⤵
  PID:2616
- C:\Windows\System\fpQOXks.exe
  C:\Windows\System\fpQOXks.exe
  2⤵
  PID:5108
- C:\Windows\System\woaGLbM.exe
  C:\Windows\System\woaGLbM.exe
  2⤵
  PID:4080
- C:\Windows\System\eFjtaCj.exe
  C:\Windows\System\eFjtaCj.exe
  2⤵
  PID:5420
- C:\Windows\System\IbbjOHG.exe
  C:\Windows\System\IbbjOHG.exe
  2⤵
  PID:4236
- C:\Windows\System\CtEoOgk.exe
  C:\Windows\System\CtEoOgk.exe
  2⤵
  PID:3868
- C:\Windows\System\IWYlLYL.exe
  C:\Windows\System\IWYlLYL.exe
  2⤵
  PID:1268
- C:\Windows\System\QRUXvcQ.exe
  C:\Windows\System\QRUXvcQ.exe
  2⤵
  PID:1220
- C:\Windows\System\WJAknan.exe
  C:\Windows\System\WJAknan.exe
  2⤵
  PID:13492
- C:\Windows\System\aOhaKCJ.exe
  C:\Windows\System\aOhaKCJ.exe
  2⤵
  PID:13596
- C:\Windows\System\oRleeFH.exe
  C:\Windows\System\oRleeFH.exe
  2⤵
  PID:6016
- C:\Windows\System\XNnwpOe.exe
  C:\Windows\System\XNnwpOe.exe
  2⤵
  PID:13668
- C:\Windows\System\lVXQEuw.exe
  C:\Windows\System\lVXQEuw.exe
  2⤵
  PID:1680
- C:\Windows\System\ZeeShuE.exe
  C:\Windows\System\ZeeShuE.exe
  2⤵
  PID:5912
- C:\Windows\System\bqvbMab.exe
  C:\Windows\System\bqvbMab.exe
  2⤵
  PID:5556
- C:\Windows\System\QyAAdDN.exe
  C:\Windows\System\QyAAdDN.exe
  2⤵
  PID:5724
- C:\Windows\System\RTKiPoF.exe
  C:\Windows\System\RTKiPoF.exe
  2⤵
  PID:14052
- C:\Windows\System\SJZywAL.exe
  C:\Windows\System\SJZywAL.exe
  2⤵
  PID:14144
- C:\Windows\System\OgPEWsm.exe
  C:\Windows\System\OgPEWsm.exe
  2⤵
  PID:5932
- C:\Windows\System\CrumSJv.exe
  C:\Windows\System\CrumSJv.exe
  2⤵
  PID:6108
- C:\Windows\System\vTAVOgo.exe
  C:\Windows\System\vTAVOgo.exe
  2⤵
  PID:5432
- C:\Windows\System\sNAKVmf.exe
  C:\Windows\System\sNAKVmf.exe
  2⤵
  PID:4880
- C:\Windows\System\bhCGrTs.exe
  C:\Windows\System\bhCGrTs.exe
  2⤵
  PID:5156
- C:\Windows\System\uLcSvYc.exe
  C:\Windows\System\uLcSvYc.exe
  2⤵
  PID:1384
- C:\Windows\System\ejSsjXJ.exe
  C:\Windows\System\ejSsjXJ.exe
  2⤵
  PID:1464
- C:\Windows\System\vFtZjrF.exe
  C:\Windows\System\vFtZjrF.exe
  2⤵
  PID:13980
- C:\Windows\System\ROlWGtp.exe
  C:\Windows\System\ROlWGtp.exe
  2⤵
  PID:13720
- C:\Windows\System\VCuNNSY.exe
  C:\Windows\System\VCuNNSY.exe
  2⤵
  PID:1164
- C:\Windows\System\FyJZLbX.exe
  C:\Windows\System\FyJZLbX.exe
  2⤵
  PID:6612
- C:\Windows\System\IoFjNkk.exe
  C:\Windows\System\IoFjNkk.exe
  2⤵
  PID:4036
- C:\Windows\System\OLmdBwV.exe
  C:\Windows\System\OLmdBwV.exe
  2⤵
  PID:856
- C:\Windows\System\dJiDXun.exe
  C:\Windows\System\dJiDXun.exe
  2⤵
  PID:13504
- C:\Windows\System\PrdXAhk.exe
  C:\Windows\System\PrdXAhk.exe
  2⤵
  PID:752
- C:\Windows\System\nLIWpcf.exe
  C:\Windows\System\nLIWpcf.exe
  2⤵
  PID:13652
- C:\Windows\System\rZhKDal.exe
  C:\Windows\System\rZhKDal.exe
  2⤵
  PID:6596
- C:\Windows\System\kLjngDD.exe
  C:\Windows\System\kLjngDD.exe
  2⤵
  PID:4732
- C:\Windows\System\jhXdRkC.exe
  C:\Windows\System\jhXdRkC.exe
  2⤵
  PID:3832
- C:\Windows\System\dbiDTJg.exe
  C:\Windows\System\dbiDTJg.exe
  2⤵
  PID:13692
- C:\Windows\System\SItuXqp.exe
  C:\Windows\System\SItuXqp.exe
  2⤵
  PID:988
- C:\Windows\System\VVwfnwP.exe
  C:\Windows\System\VVwfnwP.exe
  2⤵
  PID:13844
- C:\Windows\System\wWzCNaR.exe
  C:\Windows\System\wWzCNaR.exe
  2⤵
  PID:5308
- C:\Windows\System\dvipmNs.exe
  C:\Windows\System\dvipmNs.exe
  2⤵
  PID:4856
- C:\Windows\System\VBlYMKL.exe
  C:\Windows\System\VBlYMKL.exe
  2⤵
  PID:3892
- C:\Windows\System\gsekrsJ.exe
  C:\Windows\System\gsekrsJ.exe
  2⤵
  PID:13760
- C:\Windows\System\zyVQlbR.exe
  C:\Windows\System\zyVQlbR.exe
  2⤵
  PID:1448
- C:\Windows\System\XdVcVFV.exe
  C:\Windows\System\XdVcVFV.exe
  2⤵
  PID:5456
- C:\Windows\System\MWmJKKy.exe
  C:\Windows\System\MWmJKKy.exe
  2⤵
  PID:3596
- C:\Windows\System\RGxUfGS.exe
  C:\Windows\System\RGxUfGS.exe
  2⤵
  PID:1548
- C:\Windows\System\kbnYzCm.exe
  C:\Windows\System\kbnYzCm.exe
  2⤵
  PID:7160
- C:\Windows\System\mPoguDl.exe
  C:\Windows\System\mPoguDl.exe
  2⤵
  PID:4184
- C:\Windows\System\uFRlVUi.exe
  C:\Windows\System\uFRlVUi.exe
  2⤵
  PID:216
- C:\Windows\System\XRFgfeO.exe
  C:\Windows\System\XRFgfeO.exe
  2⤵
  PID:5364
- C:\Windows\System\FeIYPKG.exe
  C:\Windows\System\FeIYPKG.exe
  2⤵
  PID:3532
- C:\Windows\System\ZEObGLi.exe
  C:\Windows\System\ZEObGLi.exe
  2⤵
  PID:6204
- C:\Windows\System\wZBRmoT.exe
  C:\Windows\System\wZBRmoT.exe
  2⤵
  PID:6908
- C:\Windows\System\cezbeMh.exe
  C:\Windows\System\cezbeMh.exe
  2⤵
  PID:4216
- C:\Windows\System\qCZuxTh.exe
  C:\Windows\System\qCZuxTh.exe
  2⤵
  PID:3808
- C:\Windows\System\Zfxsnze.exe
  C:\Windows\System\Zfxsnze.exe
  2⤵
  PID:5368
- C:\Windows\System\hPfHlTm.exe
  C:\Windows\System\hPfHlTm.exe
  2⤵
  PID:2944
- C:\Windows\System\myDSVtY.exe
  C:\Windows\System\myDSVtY.exe
  2⤵
  PID:3488
- C:\Windows\System\zYQaOJI.exe
  C:\Windows\System\zYQaOJI.exe
  2⤵
  PID:6668
- C:\Windows\System\ZshPqIL.exe
  C:\Windows\System\ZshPqIL.exe
  2⤵
  PID:2256
- C:\Windows\System\PTYrHxy.exe
  C:\Windows\System\PTYrHxy.exe
  2⤵
  PID:5416
- C:\Windows\System\EgXsgPI.exe
  C:\Windows\System\EgXsgPI.exe
  2⤵
  PID:1340
- C:\Windows\System\HDFXHzg.exe
  C:\Windows\System\HDFXHzg.exe
  2⤵
  PID:5016
- C:\Windows\System\EPaCraa.exe
  C:\Windows\System\EPaCraa.exe
  2⤵
  PID:2432
- C:\Windows\System\VnriqcB.exe
  C:\Windows\System\VnriqcB.exe
  2⤵
  PID:5808
- C:\Windows\System\kCFimKM.exe
  C:\Windows\System\kCFimKM.exe
  2⤵
  PID:6056
- C:\Windows\System\sNVXpzO.exe
  C:\Windows\System\sNVXpzO.exe
  2⤵
  PID:3096
- C:\Windows\System\jznLqLZ.exe
  C:\Windows\System\jznLqLZ.exe
  2⤵
  PID:6496
- C:\Windows\System\OAHreae.exe
  C:\Windows\System\OAHreae.exe
  2⤵
  PID:2552
- C:\Windows\System\dBPPOSh.exe
  C:\Windows\System\dBPPOSh.exe
  2⤵
  PID:3244
- C:\Windows\System\NzScQUo.exe
  C:\Windows\System\NzScQUo.exe
  2⤵
  PID:5460
- C:\Windows\System\tIjYIsZ.exe
  C:\Windows\System\tIjYIsZ.exe
  2⤵
  PID:7008
- C:\Windows\System\ivaRWfr.exe
  C:\Windows\System\ivaRWfr.exe
  2⤵
  PID:7656
- C:\Windows\System\fLdXTue.exe
  C:\Windows\System\fLdXTue.exe
  2⤵
  PID:7508
- C:\Windows\System\CxYcqQt.exe
  C:\Windows\System\CxYcqQt.exe
  2⤵
  PID:6300
- C:\Windows\System\ihCOdqw.exe
  C:\Windows\System\ihCOdqw.exe
  2⤵
  PID:6384
- C:\Windows\System\ksYngdv.exe
  C:\Windows\System\ksYngdv.exe
  2⤵
  PID:14364
- C:\Windows\System\PFinsvT.exe
  C:\Windows\System\PFinsvT.exe
  2⤵
  PID:14380
- C:\Windows\System\tfuAIAb.exe
  C:\Windows\System\tfuAIAb.exe
  2⤵
  PID:14396
- C:\Windows\System\wjzdOSc.exe
  C:\Windows\System\wjzdOSc.exe
  2⤵
  PID:14416
- C:\Windows\System\ghJFUcm.exe
  C:\Windows\System\ghJFUcm.exe
  2⤵
  PID:14452
- C:\Windows\System\IkMtHIb.exe
  C:\Windows\System\IkMtHIb.exe
  2⤵
  PID:14476
- C:\Windows\System\IWYSFhT.exe
  C:\Windows\System\IWYSFhT.exe
  2⤵
  PID:14496
- C:\Windows\System\XfuYOVd.exe
  C:\Windows\System\XfuYOVd.exe
  2⤵
  PID:14528
- C:\Windows\System\TADNGog.exe
  C:\Windows\System\TADNGog.exe
  2⤵
  PID:14552
- C:\Windows\System\ztIDpwj.exe
  C:\Windows\System\ztIDpwj.exe
  2⤵
  PID:14572
- C:\Windows\System\mgOudRJ.exe
  C:\Windows\System\mgOudRJ.exe
  2⤵
  PID:14596
- C:\Windows\System\BWuUflw.exe
  C:\Windows\System\BWuUflw.exe
  2⤵
  PID:14612
- C:\Windows\System\rMwYiPt.exe
  C:\Windows\System\rMwYiPt.exe
  2⤵
  PID:14640
- C:\Windows\System\YosDtOT.exe
  C:\Windows\System\YosDtOT.exe
  2⤵
  PID:14660
- C:\Windows\System\RJqwPiz.exe
  C:\Windows\System\RJqwPiz.exe
  2⤵
  PID:14680
- C:\Windows\System\GimBiEs.exe
  C:\Windows\System\GimBiEs.exe
  2⤵
  PID:14712
- C:\Windows\System\TQCDruW.exe
  C:\Windows\System\TQCDruW.exe
  2⤵
  PID:14740
- C:\Windows\System\yMSuakT.exe
  C:\Windows\System\yMSuakT.exe
  2⤵
  PID:14812
- C:\Windows\System\ZODurdh.exe
  C:\Windows\System\ZODurdh.exe
  2⤵
  PID:14828
- C:\Windows\System\tbEEXee.exe
  C:\Windows\System\tbEEXee.exe
  2⤵
  PID:14844
- C:\Windows\System\JeVtyKL.exe
  C:\Windows\System\JeVtyKL.exe
  2⤵
  PID:14864
- C:\Windows\System\xYJIASN.exe
  C:\Windows\System\xYJIASN.exe
  2⤵
  PID:14880
- C:\Windows\System\EBwrQLC.exe
  C:\Windows\System\EBwrQLC.exe
  2⤵
  PID:14896
- C:\Windows\System\raWZTDT.exe
  C:\Windows\System\raWZTDT.exe
  2⤵
  PID:14916
- C:\Windows\System\RckbMsC.exe
  C:\Windows\System\RckbMsC.exe
  2⤵
  PID:14936
- C:\Windows\System\dEOrgQQ.exe
  C:\Windows\System\dEOrgQQ.exe
  2⤵
  PID:14968
- C:\Windows\System\OsbslJp.exe
  C:\Windows\System\OsbslJp.exe
  2⤵
  PID:14984
- C:\Windows\System\iQvmGek.exe
  C:\Windows\System\iQvmGek.exe
  2⤵
  PID:15004
- C:\Windows\System\naZkyjU.exe
  C:\Windows\System\naZkyjU.exe
  2⤵
  PID:15020
- C:\Windows\System\rAGemVo.exe
  C:\Windows\System\rAGemVo.exe
  2⤵
  PID:15036
- C:\Windows\System\HvhjAyI.exe
  C:\Windows\System\HvhjAyI.exe
  2⤵
  PID:15060
- C:\Windows\System\TRMydRT.exe
  C:\Windows\System\TRMydRT.exe
  2⤵
  PID:15076
- C:\Windows\System\HnAnRbB.exe
  C:\Windows\System\HnAnRbB.exe
  2⤵
  PID:15128
- C:\Windows\System\BRQVccH.exe
  C:\Windows\System\BRQVccH.exe
  2⤵
  PID:15300
- C:\Windows\System\egvkjSd.exe
  C:\Windows\System\egvkjSd.exe
  2⤵
  PID:15316
- C:\Windows\System\JkqsIKs.exe
  C:\Windows\System\JkqsIKs.exe
  2⤵
  PID:15332
- C:\Windows\System\VNnykwq.exe
  C:\Windows\System\VNnykwq.exe
  2⤵
  PID:15348
- C:\Windows\System\WKxoWMr.exe
  C:\Windows\System\WKxoWMr.exe
  2⤵
  PID:7824
- C:\Windows\System\hKrVyqi.exe
  C:\Windows\System\hKrVyqi.exe
  2⤵
  PID:14516
- C:\Windows\System\OORqcGA.exe
  C:\Windows\System\OORqcGA.exe
  2⤵
  PID:14692
- C:\Windows\System\VBqyIdg.exe
  C:\Windows\System\VBqyIdg.exe
  2⤵
  PID:7960
- C:\Windows\System\shxbGKZ.exe
  C:\Windows\System\shxbGKZ.exe
  2⤵
  PID:7708
- C:\Windows\System\LwDKPFf.exe
  C:\Windows\System\LwDKPFf.exe
  2⤵
  PID:14784
- C:\Windows\System\rxKJtrE.exe
  C:\Windows\System\rxKJtrE.exe
  2⤵
  PID:4380
- C:\Windows\System\yQhRYkv.exe
  C:\Windows\System\yQhRYkv.exe
  2⤵
  PID:1540
- C:\Windows\System\LoYAnJt.exe
  C:\Windows\System\LoYAnJt.exe
  2⤵
  PID:9396
- C:\Windows\System\cmziayq.exe
  C:\Windows\System\cmziayq.exe
  2⤵
  PID:7552
- C:\Windows\System\eqVTlgr.exe
  C:\Windows\System\eqVTlgr.exe
  2⤵
  PID:14860
- C:\Windows\System\OlHvqjI.exe
  C:\Windows\System\OlHvqjI.exe
  2⤵
  PID:7128
- C:\Windows\System\CiOrlLB.exe
  C:\Windows\System\CiOrlLB.exe
  2⤵
  PID:6316
- C:\Windows\System\NCZCRlK.exe
  C:\Windows\System\NCZCRlK.exe
  2⤵
  PID:4340
- C:\Windows\System\wYTHMSM.exe
  C:\Windows\System\wYTHMSM.exe
  2⤵
  PID:8424
- C:\Windows\System\kUdSaSf.exe
  C:\Windows\System\kUdSaSf.exe
  2⤵
  PID:5664
- C:\Windows\System\faRNpFP.exe
  C:\Windows\System\faRNpFP.exe
  2⤵
  PID:4360
- C:\Windows\System\WrARpQE.exe
  C:\Windows\System\WrARpQE.exe
  2⤵
  PID:14536
- C:\Windows\System\CJTQTKq.exe
  C:\Windows\System\CJTQTKq.exe
  2⤵
  PID:8116
- C:\Windows\System\OgfmiyR.exe
  C:\Windows\System\OgfmiyR.exe
  2⤵
  PID:3724
- C:\Windows\System\fPyIYVJ.exe
  C:\Windows\System\fPyIYVJ.exe
  2⤵
  PID:5676
- C:\Windows\System\iSZZMzE.exe
  C:\Windows\System\iSZZMzE.exe
  2⤵
  PID:7616
- C:\Windows\System\RKytUMZ.exe
  C:\Windows\System\RKytUMZ.exe
  2⤵
  PID:14668
- C:\Windows\System\TuptgOn.exe
  C:\Windows\System\TuptgOn.exe
  2⤵
  PID:14696
- C:\Windows\System\eKuLhQA.exe
  C:\Windows\System\eKuLhQA.exe
  2⤵
  PID:13796

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:14196

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:7808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:6176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ynjdhvua.t44.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AXNsoZF.exe

Filesize
1.6MB

MD5
17fd2c2edc329e3bd47ee885d9ad92c3

SHA1
280abd849756ac476850416511e20bcd75b8cadf

SHA256
49dcf42d4b06c42fd2b586dc1f46a843a468a0b0fafc5994b70b95a29a3d6fa8

SHA512
18c5f3fbda0f216da87aeee1ebd2ba44daf553a97cef14e52d6988835d0be01afcc886418b924bb1f362fa8a0a82c5566673b7cc6f08798b2424650d084d4a06

Download Submit
C:\Windows\System\AXrteGc.exe

Filesize
1.6MB

MD5
2918391f8974fcf50aed26a0502386cd

SHA1
d572d22f782c27f33cbe7ea2ec31d05ee12fddf5

SHA256
42a95eb9716b7c66c9d483e7877e60eecc0ed4aa66c1383af72812976f87d15e

SHA512
759706e28a3ab598e27a7ea5d7cc7ef84d493277ce571cd8791ef4e7f1fc972a49673a7ddccaf26384b47391bed231444755b3ec200d238a021f45bf16ad4b65

Download Submit
C:\Windows\System\CFUEpEZ.exe

Filesize
1.6MB

MD5
0cb1bfeda8779cf02f9a2b5a70a60e63

SHA1
73170bfedc9ce309e08dc503f93bf42ac0c7c6bf

SHA256
d1672cd7ceea86e56e8d29fccdbef28e60937fe4ef630fdf0156651a84d1443f

SHA512
1c445d8e4c80fd4838901471d992dafb6736e6988b139851f474fff4d9e09fb88e2290144a36c18dc2f02beef9453e57ff4ffd0217b698f583ed289dc7749abe

Download Submit
C:\Windows\System\EpCxlMt.exe

Filesize
8B

MD5
fbef424b1922acb531e69f596a8b8921

SHA1
584ada3a02d95facb3db59252be930cc2019a07e

SHA256
9ba99dfe86f586665444906d4d6c065235a1faa079a57e34597feec2870450c4

SHA512
b7c856eeb52f1f5b978a86cc276964a598136109586a3999d60402c0885755b7f0a6e5ca90b5856e8f2e8d74fc885b0d7e257ea62c297369572d765724b94880

Download Submit
C:\Windows\System\FvCLBwX.exe

Filesize
1.6MB

MD5
b3a471a57df6bf5c972e1e54f42fae47

SHA1
8d199f1dbd51e5cfd3fbe53ba2e124298a88b3a5

SHA256
2522aea9989ab0fd7c67dce2baa0215eefbcd3db875aac834de63a2dc3db831f

SHA512
79b3a1f6434a9192d56ddd94dfaa41d46ff4797119c74be00b56d613f7745f120e4715e51808731bc1bd4d04d002bf3eb7097d5cf7d32af43510554bb21dd9f8

Download Submit
C:\Windows\System\GgnTGQM.exe

Filesize
1.6MB

MD5
fba116251841f7ec850d74f2f410567c

SHA1
516e7dde598e656b5e68b3b474fdb2337da7e686

SHA256
ce96eb523a4b7997d72503362c680c899b8cc7172eab6d458d4a1aef42330ba1

SHA512
e111afd54783c91504516937439e7f820e61c8646384f4279129dfbfe620fffb149369f1ca056283124ecd00c634b867010c388791dfd2839e2815b7452423a9

Download Submit
C:\Windows\System\HEVpAIw.exe

Filesize
1.6MB

MD5
dd8ab1dd1cdef9c474d5f52635fd372b

SHA1
e0cc7ac268c547e461b9112abe225561f27c92de

SHA256
7f90dee8518b71b68fa73c668a51965d7cd8854a53616e4221a4f9b88bb94652

SHA512
5d049626be9a81953df5a0ad50b976ad668fb66a387c8c4edcbefb4ed2f44eac6182e100104b8bec18757cef45b8ebb0ae0729e0372c8f9f0bdf040ecd7fe46d

Download Submit
C:\Windows\System\HGKDTvM.exe

Filesize
1.6MB

MD5
fb3ca2826ae584603b97691fe143ee63

SHA1
e0e9334aba8ee975e040335cb4f2f0b43c9595d7

SHA256
68ad919478337ad0f8b648f8239d87dca8d960a3aefeb73e2f590ad5f1c7b618

SHA512
ec591d9936a0e2deae25074d4fe15ddc388db04f8837b9111b7d83ba95f82ce87750912eda4c2f51a3e395e3de3b4fd0774767801f45bf0bb49ee3467eaa472d

Download Submit
C:\Windows\System\JBbjHXo.exe

Filesize
1.6MB

MD5
579b76edfe1e5f0df736293462712274

SHA1
b825d0fba1db4e260614ba3d0d4dc7481fff66d5

SHA256
3ba5e1a6c44fd8afe1170297657885353709fe28087f7996aa97fc1993875533

SHA512
f14756a78ac5ab9e6338fdc670065530ab3cd61e1389f0209f2c7b4f2521a2784f4014ce0c606fdeb96ae1e1ff4fa08c8b62dcf7402ce93e8c3729baffbfb42e

Download Submit
C:\Windows\System\LlxGMgP.exe

Filesize
1.6MB

MD5
b8ca9de53e60cded9afd3b86781a26c1

SHA1
737736823fc879ccf131b5d5f1ed3ab404fbe399

SHA256
c50c14e71786b6e5f5fbb1342d8fecaad15a176634833115cd82efa896dc8a80

SHA512
4fdcd811ceb866d680481752b4c189e727e0c379ea017e2bb65017fba30fd61aca9c6213bd5e01a3cacee7dde7ecd437436f25c817180fed3bb59597815abe1c

Download Submit
C:\Windows\System\MgnJxbZ.exe

Filesize
1.6MB

MD5
3810a675b942c51ecccb2a4dfaa12387

SHA1
193f62a45cddb02785d41d13fe2c69710d646d22

SHA256
84f992bc628ae8d5dd5aab3c2bdd62bff4f10e05f75a31a4503efe776bc8d28f

SHA512
8d672cdbaea2900a778c5faf44e7fcd3ef0971a1676e95cf670789ad0b1715f9152824f56a2bd45f6c0566a22f2101716d8bfcc8ffcd7af24b1288de1cc6a612

Download Submit
C:\Windows\System\OrGRITQ.exe

Filesize
1.6MB

MD5
3cb264826ded260416da0629dfc10038

SHA1
0525fa67ae9dd9c8a954e532ac56e2fc377fce0d

SHA256
359b7e4a0e729018a1f5836727120bdb8ed0809f0caf7221b8c9771c737045d2

SHA512
6fe714643b6faedf050789aded14a358e3726f260d5a94b6d89e03c275e2392db275830932a46589e0e4ded68f670aee00e320be096a2d5c7d0822b9a09bee0e

Download Submit
C:\Windows\System\QdtKtxg.exe

Filesize
1.6MB

MD5
66494bade9b8cfa3f91b6e18701511e0

SHA1
7587379fc9a728c00c4ce826aa337409bc0cf83a

SHA256
7447852925e6c3f583ebdd499d424d708c52b7da5e6edeb9adee95ec4b3a783d

SHA512
10eade16d325ef58cef457ddb31eb7af4e2684e3e4b0c143dbae6451275d44993c13d5d5706ca1ac6ffad6a455cf6bb29c943e4f6b38fb5b0484de742157ed17

Download Submit
C:\Windows\System\RWOkRGW.exe

Filesize
1.6MB

MD5
6521914f483c7052085ef72e8e471691

SHA1
3359370e551b4920ecf59d3a07446c82d4790f8f

SHA256
6b2a9f1f1beca1d876a0465d21830f47b58a80eb1538f5d5a237362e0549d19e

SHA512
6e65757a74720f5da236281e778befc8c1b0c3a417d3c8fec01cde54cfa164fd119c8f3cb38ac48666755d73b384738d7983fb0858287a515c68a99f94b76a9a

Download Submit
C:\Windows\System\UgJUfLj.exe

Filesize
1.6MB

MD5
e40ffbb49215f0e2f1a1661ae4a004c6

SHA1
d6158c89583357c17cdc05126bff128e0a12e32a

SHA256
84e48c9328a978497516140601bb553c1b97495c422351072f8e91b1194b9904

SHA512
35b889e5d8308acb1e481a129d3eaf4e0b2a751e8031e417d87f51c78093a59da3c7a471b07691743699f7f615bc16649615758c04d60ae4fbbc1d632008ba45

Download Submit
C:\Windows\System\VswMJBo.exe

Filesize
1.6MB

MD5
95b457f10f45d3f5c008e57c23d631e0

SHA1
dfa946787b717274d96e7cc1795cf3187a4dd9e9

SHA256
6d35ccfe483d8f44ebe3d5d8845fefd014f7562d63cb1f84f48e742428e3c2ec

SHA512
a577d53d1c21e68de0a0b614cd47696eb0336bf17f4fb5c5041606ded809c561cdb27b3de8d4ce69c16489e0f768fbade20260ae3c1ac77f76bff7f05b3dd41e

Download Submit
C:\Windows\System\YEzrPDe.exe

Filesize
1.6MB

MD5
09d453869b923242419ac6b32473e9ba

SHA1
1dc429a2c806a5b1419ff0053ae754dd52e32e02

SHA256
5b3269f435e73b210d4fab5c33a89e36d311f9ace66eafe44eab29bc017f6490

SHA512
10b98975e01393acc2df0b5409411f55403ea85b770dc08e07bec3d01e001e423cfbe942bd6875e303c95e195b9fc21824a62004b4294ad0935267698f5d0334

Download Submit
C:\Windows\System\YFBTxlF.exe

Filesize
1.6MB

MD5
d6aeb6c04ffe1103a5ae4643ec0419b7

SHA1
dbc5ec4a085cdfd071f9b122b17d1a8d61ffa650

SHA256
485bc3f5e4a81b3ee37dee595c50fdd38914c848707a396d2b82b11c2cfae2cc

SHA512
c736d763cf01ee63248e31eb7c2aaf8b53deb4cbe051bb60b1092e1eeb12f4d331e892bea72b228110d58e60c5855170232645805f0cba5bacbc0fb5106505cd

Download Submit
C:\Windows\System\bdFuQdg.exe

Filesize
1.6MB

MD5
3e366b25c1b361e4fc1ab2543f377030

SHA1
e73ab557bc837a7c1cb9ea3bccea64aae17cb85e

SHA256
70b03c336d2c93e14706dd2802302490ee58a905e833e7fb386000e375290d1c

SHA512
fac3ad840baeebaad472959501cf683d0185b42b082f8884f75e50670f6d20e8aa7ebaee8dfd81ec5a80375021d40718eb9ce7da2317ebe6139f4b5ac8ef48d1

Download Submit
C:\Windows\System\dEkoIdL.exe

Filesize
1.6MB

MD5
378694ee28f83d5ca264b083e4795ec4

SHA1
2ff09660a03095dbac0b7b01037ce5cfd42cba37

SHA256
95a19e35a61b333a0e2016e9a64fa89aeb218b912d88bb21ef9cda49755fb6ce

SHA512
18f65f0aa24cb4b37b0e22538712717b3a2b792ce22a488c6700ed2f64add91a435f97c8f7052f6de3fcd2eb54a0d79a57b2303b244e8e8f5e96fcce8d4198eb

Download Submit
C:\Windows\System\fJXvAWg.exe

Filesize
1.6MB

MD5
3b1a4ca7c3022ce3cd59d754814a7f78

SHA1
8cac0a10d8508f6492b1a3f03328bb87f1634201

SHA256
0a5cd1df3f34164442f2b755f32d7bf3c749ab8c6fbc48c764e93102966d8ee8

SHA512
b8a5472a36a8df5d3d36cc76ad35481be3c2c36c7bd2e556d98a1adf4eea4e876fdf05c36f6239c212a4e972df6b826060199242aba1ec210650ad37a12065f2

Download Submit
C:\Windows\System\fomzdUt.exe

Filesize
1.6MB

MD5
a344da9161606bb1a7786e0a6692572e

SHA1
f9aa9c9ada1d0c85d352e458b6321c99d7dcccf1

SHA256
66912d9b377c999c00d4a886b6faacdec854d991f95a97afd696745df498a940

SHA512
186ac83697a0340c60b7e4e4c33ca41164918529f22c8f360c162bf769e2edf94dd5b8c180c303c015bce8dc0967fb89b5ff66819a1a3755eb5ad39c9663fc15

Download Submit
C:\Windows\System\gHNuCRC.exe

Filesize
1.6MB

MD5
d4ff5f596cb809509aa896d573b957c5

SHA1
0ec59d1bb939592a5414d9d5984bdec87c3d23a7

SHA256
02d7e7f96036375ff2139b5d0f59efa9973064c7088450a03c6a27c9e5c7abe3

SHA512
71ab162f20b1116a80acaf7676cf83752dfb241d0e6ddaf4076cbd7da42c7c02ccca2975e491c4e766364f948f31f39f562d2c834aa34e539be1929d00cf36ed

Download Submit
C:\Windows\System\hdVbBiD.exe

Filesize
1.6MB

MD5
e329ed09b98a0568c8ca5618da294b87

SHA1
fd9c8673187c8da97f9195f872b59b1ec4d8af06

SHA256
dd2254be96bd59a4ce8b63b40192fccac6f238a7f3f3dd137e65614c5e3578fb

SHA512
feb5163f8d14ff65f6d0b44a43153185879c52ece54ec0afd5a96ceaccbd7be5e2c69687538b817d7b9fc74a5e3ad2ec5811bf41a6a45789e6372e7dea14eccb

Download Submit
C:\Windows\System\izVsRHz.exe

Filesize
1.6MB

MD5
54ae1548e9d7afa4f018cda0cc2cb519

SHA1
9ad2da07a14ea62025f0fb97b7b921dba233669c

SHA256
8a7200b4f71669ac6372249051d1e44c82e573e95483ad0423757566d8dab75e

SHA512
aea9d762417b6403e66f0142c2d358f2ce17f729cc511515828abde7f94d01fe5dffdaedd6da403c1745af66fb7765d3659372aa586ced7bd0963b5efcdbb0fe

Download Submit
C:\Windows\System\kQLMRAa.exe

Filesize
1.6MB

MD5
7921a0e7ae1c70b6661b6801c13e1f6a

SHA1
461a3b187548afa95070d62da4339fce618c463a

SHA256
07456e0f30b7295d92631d39ed5c63d3b9bbab840e60aa1be882501f10e0538c

SHA512
c3eb1faa6a21c675375b50fa81edb4a941460c792a4c88b408d76683177be961317ed2df1fbac726e701a8ffe15117e836c7f74c69d836ef05e3d38ecfcdb7c4

Download Submit
C:\Windows\System\kWtMCku.exe

Filesize
1.6MB

MD5
ec9283a43dd2d085ad8eb94017ce5396

SHA1
26fb6c2d9a0576bc576713aa7514f9ed84bbd479

SHA256
80e3bedd1ec9a5f57df7789c90b479cc8923be70e6fdffa4e3b4eca36d1e8ccd

SHA512
dad25b418d7db86b81bf1d7920a89440712cedacf66ae09b16b65b5cca235943914c71d332cdd5f8b93b60ffb46fa5ce3d91a8f504c57ed77e1d77ed20a47a3b

Download Submit
C:\Windows\System\mIHmVvq.exe

Filesize
1.6MB

MD5
fabce5e7e35e9448d358e0b416161867

SHA1
3139c8aea9ecece711264f394f2b70864466f049

SHA256
d53c59b11b8b332cf956420e4d59c9855e3c5ea3578e755105ae6057b07940fc

SHA512
87af6761e16ae647c97bfa78bf1145c98ffce5a88f0406db28f11af7d80a9aaa145fefb9a1154c7b665a95624f274e0a8ef66a263afcdfaecdd36dced8c2b449

Download Submit
C:\Windows\System\oIkeNjN.exe

Filesize
1.6MB

MD5
1b5d6eab9974eeb292070cb65302d35d

SHA1
fc2dd95c286c02565ccc2336d80ffae60619b8ea

SHA256
45b1aae4af7ef72b4219ef771fb396f6c4ec68b275e056e11e794d979982ed80

SHA512
93f516453b557f664e7978c8b297d0bfeda019e5961c9502921081db622ba44b108ab85ff922c1a38f5e051db2b739b76ff899c65242a696531e18ba9f6650e0

Download Submit
C:\Windows\System\ofLfOHS.exe

Filesize
1.6MB

MD5
26a0902146b9420d60c881244807af54

SHA1
28ecd92d5952abbbab8fc6c3de3ce9dc967e47f5

SHA256
862985a0092e15f2ce796571842848214645a7315927ea5bd8b984294aa08c84

SHA512
8be91580833b7ca29ab101ba4cee7982a7b05eb3307a89ec1b481269769b26295cfc39c854b219fd1eaf449523990c1124d6a7556a53daf5a04b13de8a73674b

Download Submit
C:\Windows\System\rEXXbOD.exe

Filesize
1.6MB

MD5
4f3b68e4cacd913adb4944cf0c591e74

SHA1
63bdd2a77f1158186c9acb1899b50bdd4fefd279

SHA256
c73f3522deb780700ff13e88e4d3e7d71e0d33d971be79423993937dcd88f4bb

SHA512
41f34be783ae1fcc0f69bc261cba406ad7613b25815cac1c7db303c730e30507e94d00687657723fed49439c55c777965383cfb31eb27596d89bc0890560bdb2

Download Submit
C:\Windows\System\skcCYTi.exe

Filesize
1.6MB

MD5
ca4b64a387b73fbe55b5755bb588770e

SHA1
53df0373ff79f4c9a188b327f57de710f396dfca

SHA256
00116238198512e4ba06c4c2875c241920fa34300dd174d521a183f9392e83af

SHA512
e133ad5e06071861f024a092f735c90e47b637f5df8f5060ed0294b1329927ba64a7982597e6c22b620fbddb4c647d8d3e4e1daede0e69ab7e334db2c192a932

Download Submit
C:\Windows\System\vbqAlEt.exe

Filesize
1.6MB

MD5
c03196e63eca4d23eedaac13cd5f0f93

SHA1
e76380c48e95efe98953c4a04a9a9fb1e1879a83

SHA256
0efcc4070e2c332a83e8ed012fa5ad80f8c1d65e84c97b2ec8e60b20d5854f37

SHA512
7a0a6ba8902a183ffdf0a0048715614bb048c1326f05d94aca8e7044c57038a10869ac8e27ee3cbfb3b36055bbe409a6bbd4535cce13c599894d13176097517b

Download Submit
C:\Windows\System\zEeEmsX.exe

Filesize
1.6MB

MD5
ca31284013628ae64f0b9e7e8fbcd9ef

SHA1
50213c6c4318acb396b9fff4604aa07d56615484

SHA256
09b2faf4a879febf3e783f8b19c5e46450229d2366ca2e0c118aba631781583e

SHA512
9cffb71f929ab84f04a2ac300683fc2cf6e66a515f9bdbcb298fae71b658cd5e0eff4d486f031d4c67d3408b76298829aa26abeb209a2670d491383917c38b6f

Download Submit
C:\Windows\System\zPpCBEK.exe

Filesize
1.6MB

MD5
6640a785fd81c640be31893435547909

SHA1
572084f562edd9459c8f9b0a4980cbec0ade5beb

SHA256
6714e83a508a51dd06f6f38c9841eecdcaa1d738d040c82d0748fe374218b96a

SHA512
6149bb1c4dee0df45f7d67af3a8b51f71f834fe600b68a25a1871f56c6447d85b331a1f125987fc06190f0382f6895e6c975037bb027483410260d0d767fd6f0

Download Submit
C:\Windows\System\zUEKKcl.exe

Filesize
1.6MB

MD5
107ab3a016c9e779c22edd61cb528145

SHA1
ad94c97f4aebfd6d03aabd89e48d243333bf5394

SHA256
0797cc12841335c553b8e2b22027cf2e2bb7b88ba499555a99d3bad1a8ca6e67

SHA512
d7edc4e68ea3c759a9336036e924274dd022bdb2cb92aa453f39fcb8e9a9bbad071603746a1bf33b4f1b8e8914569417c840317fa4ba050c0a10b5b5fe5c9e38

Download Submit
memory/208-204-0x00007FF7CB150000-0x00007FF7CB542000-memory.dmp

Filesize
3.9MB

Download
memory/208-3503-0x00007FF7CB150000-0x00007FF7CB542000-memory.dmp

Filesize
3.9MB

Download
memory/488-258-0x00007FF605200000-0x00007FF6055F2000-memory.dmp

Filesize
3.9MB

Download
memory/488-3498-0x00007FF605200000-0x00007FF6055F2000-memory.dmp

Filesize
3.9MB

Download
memory/876-203-0x00007FF7FAC70000-0x00007FF7FB062000-memory.dmp

Filesize
3.9MB

Download
memory/1064-3499-0x00007FF6ECDB0000-0x00007FF6ED1A2000-memory.dmp

Filesize
3.9MB

Download
memory/1064-57-0x00007FF6ECDB0000-0x00007FF6ED1A2000-memory.dmp

Filesize
3.9MB

Download
memory/1136-3574-0x00007FF76FFC0000-0x00007FF7703B2000-memory.dmp

Filesize
3.9MB

Download
memory/1136-242-0x00007FF76FFC0000-0x00007FF7703B2000-memory.dmp

Filesize
3.9MB

Download
memory/1160-165-0x00007FF7AB960000-0x00007FF7ABD52000-memory.dmp

Filesize
3.9MB

Download
memory/1160-3495-0x00007FF7AB960000-0x00007FF7ABD52000-memory.dmp

Filesize
3.9MB

Download
memory/1628-3644-0x00007FF6E8140000-0x00007FF6E8532000-memory.dmp

Filesize
3.9MB

Download
memory/1628-236-0x00007FF6E8140000-0x00007FF6E8532000-memory.dmp

Filesize
3.9MB

Download
memory/1832-3536-0x00007FF604CB0000-0x00007FF6050A2000-memory.dmp

Filesize
3.9MB

Download
memory/1832-250-0x00007FF604CB0000-0x00007FF6050A2000-memory.dmp

Filesize
3.9MB

Download
memory/1924-243-0x00007FF77A400000-0x00007FF77A7F2000-memory.dmp

Filesize
3.9MB

Download
memory/2228-214-0x00007FF6B68E0000-0x00007FF6B6CD2000-memory.dmp

Filesize
3.9MB

Download
memory/2684-3621-0x00007FF6F2D20000-0x00007FF6F3112000-memory.dmp

Filesize
3.9MB

Download
memory/2684-253-0x00007FF6F2D20000-0x00007FF6F3112000-memory.dmp

Filesize
3.9MB

Download
memory/2948-248-0x00007FF61F7E0000-0x00007FF61FBD2000-memory.dmp

Filesize
3.9MB

Download
memory/3204-239-0x00007FF686EA0000-0x00007FF687292000-memory.dmp

Filesize
3.9MB

Download
memory/3296-29-0x00007FF6FC910000-0x00007FF6FCD02000-memory.dmp

Filesize
3.9MB

Download
memory/3360-254-0x00007FF78E450000-0x00007FF78E842000-memory.dmp

Filesize
3.9MB

Download
memory/3932-3561-0x00007FF6B5CC0000-0x00007FF6B60B2000-memory.dmp

Filesize
3.9MB

Download
memory/3932-252-0x00007FF6B5CC0000-0x00007FF6B60B2000-memory.dmp

Filesize
3.9MB

Download
memory/4004-247-0x00007FF648CD0000-0x00007FF6490C2000-memory.dmp

Filesize
3.9MB

Download
memory/4364-259-0x00007FF7D0980000-0x00007FF7D0D72000-memory.dmp

Filesize
3.9MB

Download
memory/4364-3565-0x00007FF7D0980000-0x00007FF7D0D72000-memory.dmp

Filesize
3.9MB

Download
memory/4432-209-0x00007FF652010000-0x00007FF652402000-memory.dmp

Filesize
3.9MB

Download
memory/4432-3553-0x00007FF652010000-0x00007FF652402000-memory.dmp

Filesize
3.9MB

Download
memory/4516-3656-0x00007FF69EB20000-0x00007FF69EF12000-memory.dmp

Filesize
3.9MB

Download
memory/4516-256-0x00007FF69EB20000-0x00007FF69EF12000-memory.dmp

Filesize
3.9MB

Download
memory/4612-255-0x00007FF695470000-0x00007FF695862000-memory.dmp

Filesize
3.9MB

Download
memory/4672-26-0x00007FF8820D3000-0x00007FF8820D5000-memory.dmp

Filesize
8KB

Download
memory/4672-5614-0x00007FF8820D0000-0x00007FF882B91000-memory.dmp

Filesize
10.8MB

Download
memory/4672-146-0x00007FF8820D0000-0x00007FF882B91000-memory.dmp

Filesize
10.8MB

Download
memory/4672-257-0x00007FF8820D0000-0x00007FF882B91000-memory.dmp

Filesize
10.8MB

Download
memory/4672-238-0x00000264E6650000-0x00000264E6672000-memory.dmp

Filesize
136KB

Download
memory/4672-260-0x00000264E7D00000-0x00000264E84A6000-memory.dmp

Filesize
7.6MB

Download
memory/4704-0-0x00007FF6EA950000-0x00007FF6EAD42000-memory.dmp

Filesize
3.9MB

Download
memory/4704-5360-0x00007FF6EA950000-0x00007FF6EAD42000-memory.dmp

Filesize
3.9MB

Download
memory/4704-1-0x00000145387F0000-0x0000014538800000-memory.dmp

Filesize
64KB

Download
memory/4720-3598-0x00007FF6A6050000-0x00007FF6A6442000-memory.dmp

Filesize
3.9MB

Download
memory/4720-249-0x00007FF6A6050000-0x00007FF6A6442000-memory.dmp

Filesize
3.9MB

Download
memory/4772-14-0x00007FF68A380000-0x00007FF68A772000-memory.dmp

Filesize
3.9MB

Download
memory/4972-3524-0x00007FF728B50000-0x00007FF728F42000-memory.dmp

Filesize
3.9MB

Download
memory/4972-251-0x00007FF728B50000-0x00007FF728F42000-memory.dmp

Filesize
3.9MB

Download